Professional Documents
Culture Documents
(RH413)
Exam Instructions
Your domain subnet:
domain6.example.com and network is 172.24.0.0/24
Two Virtual Machines are given which belongs to your domain which is domain6.example.com
and the information of that two VMs are following
Question #1
Configure station1.domain6.example.com as centralized IPA server and create the following
users set default UID and GID from 5000 to 18000.
User Name First Name Last Name UID GID Home Dir
mrahman Mustafijur Rahman 6001 6001 /home/remotehost/mrahman
aislam Ariful Islam 7001 7001 /home/remotehost/aislam
rhat Red Hat 9001 9001 /home/remotehost/rhat
Solution:
>Disable NetwokManager
/etc/init.d/NetworkManager stop
chkconfig NetworkManager off
#Third User
ipa user-add rhat --first=Red --last=Hat --homedir=/home/remotehost/rhat --uid=9001
--gidnumber=9001 --password
Question #2
Configure station2.domain6.example.com as IPA client of station1. So that home directory
automatically mount.
Solution:
>Install IPA client packages
yum -y install ipa-client
Question #3
List all security packages and put the list to /root/rhsa.txt and update all security updates.
Solution:
Question #4
Given three rpm from unknown source and install the suitable one.
Solution:
>Check the rpms which are suitable to install.
rpm -qp --scripts /net/instructor/var/ftp/pub/app1.rpm
rpm -qp --scripts /net/instructor/var/ftp/pub/app2.rpm
rpm -qp --scripts /net/instructor/var/ftp/pub/app3.rpm
>After find suitable rpm install the package. Suppose app2.rpm is suitable to install.
rpm -ivh /net/instructor/var/ftp/pub/app2.rpm
Question #5
Import GPG-KEY and verify which key is needed to verify.
Solution:
>Import given GPG-KEY. Suppose you have given a gpg key RPM-GPG-KEY-redhat-GLS in ftp
location.
rpm --import /net/instructor/var/ftp/pub/RPM-GPG-KEY-redhat-GLS
>Suppose you have given a ftp package and asked to verify the package with gpg-key. Now check
with below command.
rpm -vvK ftp://instructor/pub/packages/ftp-0.17-53.el6.x86_64.rpm 2>/dev/null
Question #6
Set default mask, so that zelane user create a file which will get permission as r-- r-- r-- and for
folder it will get permission of r-x r-x r-x
Solution:
>Login to user zelane
su - zelane
>Check permissions for newly created file and directory. Is it match the given conditios?
ls -l
Question #7
Create a folder /engineering/data and give permission to musician group as read and write.
Solution:
>Create the directory /engineering/data
mkdir /engineering/data
>If acl not existing then apply it from /etc/fstab and remount the partition.
Suppose you have given a partition named /engineering, then do the following
Open /etc/fstab
vim /etc/fstab
Solution:
>Check the file attribute of given file
lsattr /root/abc.txt
>If you found that the file is immutable ( i ) then change the file attribute
chattr -i /root/abc.txt
Question #9
Locate all special permission for /sbin directory and put them in /root/special.txt
Solution:
>Run below command to find all files with special permissions and stored in /root/special.txt
find /sbin -type f -perm /700 > /root/special.txt
Question #10
Configure password policy, so that all new users password expires after 3 days.
Solution:
>Open login.defs
vim /etc/login.defs
##Change as below
PASS_MAX_DAYS 3
Save and exit
Question #11
Configure station1 and station2, so that if any user fails to login 3 times, then that account
become locked for 2 mins.
Solution:
On station1.domain6.example.com
>Open system-auth
vim /etc/pam.d/system-auth
>Check the applied rule by logging with any user with 3 times worng password
su - student
On station2.domain6.example.com
>Do the same as station1.example.com
Question #12
Configure a group admin so that all the users of that group get 2 mins cpu times when logged in a
session.
Solution:
>Open limits.conf
vim /etc/limits.conf
Note: Here we use @ symbol before admin. Because only admin indicates a single user. @admin
indicates a group.
Question #13
Watch /root/413.txt, so that any write and execution can be monitored using 413-change
Solution:
>Open audit.rules
vim /etc/audit/audit.rules
Question #14
Configure firewall as per following conditions: (Both station1 and station 2)
i. Allow loopback communication
ii. Reject all source except the following services and from anywhere except
domain6.example.com
1. ssh allow from anywhere.
2. http from station1.
Solution:
On station1.domain6.example.com
>Open iptables
vim /etc/sysconfig/iptables
>Restart iptables
/etc/init.d/iptables restart
On station2.domain6.example.com
>Open iptables
vim /etc/sysconfig/iptables
>Restart iptables
/etc/init.d/iptables restart
Question #15
Configure a application so that when you /sbin/als then parameter it takes input as string and save
any place.
Additional information
Solution:
>Open rsyslog.conf file
vim /etc/rsyslog.conf
$ModLoad imtcp
$InputTCPServerRun 514
Save and exit.
>Send some logs from remote host and check you receive logs.
tailf /var/log/remote.log
Question #17
Create a syslog client so that all the message goes to syslog host station1.domain.example.com.
Solution:
>Open rsyslog.conf file
vim /etc/rsyslog.conf
Question #18
Make a new logical volume with the remaining space in the vgsrv volume group, use LUKS to
encrypt it, and make sure it mounts unattended as /home at system boot.
Solution:
> Suppose you have a volume group vgsrv. Check the free space on that vg.
vgs
>Create a lv with available free space. Suppose we have 2GB free space.
lvcreate –L +2G -n lv_crypthome vgsrv
Question #19
Configure AIDE to only check /etc/rh413.txt for permission or ownership changes.
Solution:
>Install AIDE
yum install aide
>Open aide.conf
vim /etc/aide.conf
##In the selection line add the below rule
/etc/rh413.txt PERMS
Save and exit.
>Initialize AIDE
aide --init
Question #19
Deny root ssh access for both from station1 and station2.
Solution:
>Open sshd_config
vim /etc/ssh/sshd_config