VISIT ALSO ON BUBBLY'SITE

Обои на рабочий стол. Tux

Make our rupee as international symbol

HAPPY INDEPENDCE DAY TO MY VISITORS






File Types in linux

.bz2 — a file compressed with bzip2

.gz — a file compressed with gzip

.tar — a file archived with tar (short for tape archive), also known as a tar file

.tbz — a tarred and bzipped file

.tgz — a tarred and gzipped file.

.zip — a file compressed with ZIP compression, commonly found in MS-DOS applications. Most compressed files for Linux use the gzip compression, so finding a .zip archive for Linux files is rare.

For information on working with bzip2, gzip, and tar files, refer to Section 14.3 File Compression and Archiving.

File Formats
.au — an audio file

.gif — a GIF image file

.html/.htm — an HTML file

.jpg — a JPEG image file

.pdf — an electronic image of a document; PDF stands for Portable Document Format

.png — a PNG image file (short for Portable Network Graphic)

.ps — a PostScript file; formatted for printing

.txt — a plain ASCII text file

.wav — an audio file

.xpm — an image file

System Files
.conf — a configuration file. Configuration files sometimes use the .cfg extension, as well.

.lock — a lock file; determines whether a program or device is in use

.rpm — a Red Hat Package Manager file used to install software

Programming and Scripting Files
.c — a C program language source code file

.cpp — a C++ program language source code file

.h — a C or C++ program language header file

.o — a program object file

.pl — a Perl script

.py — a Python script

.so — a library file

.sh — a shell script

.tcl — a TCL script

kernel

The kernel is the essential center of a computer operating system, the core that provides basic services for all other parts of the operating system. A synonym is nucleus. A kernel can be contrasted with a shell, the outermost part of an operating system that interacts with user commands. Kernel and shell are terms used more frequently in Unix operating systems than in IBM mainframe or Microsoft Windows systems.
Typically, a kernel (or any comparable center of an operating system) includes an interrupt handler that handles all requests or completed I/O operations that compete for the kernel's services, a scheduler that determines which programs share the kernel's processing time in what order, and a supervisor that actually gives use of the computer to each process when it is scheduled. A kernel may also include a manager of the operating system's address spaces in memory or storage, sharing these among all components and other users of the kernel's services. A kernel's services are requested by other parts of the operating system or by application programs through a specified set of program interfaces sometimes known as system calls.

Because the code that makes up the kernel is needed continuously, it is usually loaded into computer storage in an area that is protected so that it will not be overlaid with other less frequently used parts of the operating system.

The kernel is not to be confused with the Basic Input/Output System (BIOS).

Some kernels have been developed independently for use in any operating system that wants to use it. A well-known example is the Mach kernel, developed at Carnegie-Mellon University, and currently used in a version of the Linux operating system for Apple's PowerMac computers.

Open Source

Open source describes practices in production and development that promote access to the end product's source materials. Some consider open source a philosophy, others consider it a pragmatic methodology. Before the term open source became widely adopted, developers and producers used a variety of phrases to describe the concept; open source gained hold with the rise of the Internet, and the attendant need for massive retooling of the computing source code. Opening the source code enabled a self-enhancing diversity of production models, communication paths, and interactive communities. Subsequently, a new, three-word phrase "open source software" was born to describe the environment that the new copyright, licensing, domain, and consumer issues created.
The open source model includes the concept of concurrent yet different agendas and differing approaches in production, in contrast with more centralized models of development such as those typically used in commercial software companies. A main principle and practice of open source software development is peer production by bartering and collaboration, with the end-product (and source-material) available at no cost to the public. This is increasingly being applied in other fields of endeavor, such as biotechnology.

What is Linux

Linux (often pronounced LIH-nuhks with a short "i") is a Unix-like operating system that was designed to provide personal computer users a free or very low-cost operating system comparable to traditional and usually more expensive Unix systems. Linux has a reputation as a very efficient and fast-performing system. Linux's kernel (the central part of the operating system) was developed by Linus Torvalds at the University of Helsinki in Finland. To complete the operating system, Torvalds and other team members made use of system components developed by members of the Free Software Foundation for the GNU Project.


Linux is a remarkably complete operating system, including a graphical user interface, an X Window System, TCP/IP, the Emacs editor, and other components usually found in a comprehensive Unix system. Although copyrights are held by various creators of Linux's components, Linux is distributed using the Free Software Foundation's copyleft stipulations that mean any modified version that is redistributed must in turn be freely available.

Unlike Windows and other proprietary systems, Linux is publicly open and extendible by contributors. Because it conforms to the Portable Operating System Interface standard user and programming interfaces, developers can write programs that can be ported to other operating systems. Linux comes in versions for all the major microprocessor platforms including the Intel, PowerPC, Sparc, and Alpha platforms. It's also available on IBM's S/390. Linux is distributed commercially by a number of companies. A magazine, Linux Journal, is published as well as a number of books and pocket references.

Linux is sometimes suggested as a possible publicly-developed alternative to the desktop predominance of Microsoft Windows. Although Linux is popular among users already familiar with Unix, it remains far behind Windows in numbers of users. However, its use in the business enterprise is growing.

Linux is a contraction for Linus' Unix; the short i sound preferred by most (including Torvalds) derives from the Swedish pronunciation of Linus.

LINUX EXAM NOTES

RHCE EXAM NOTES

-----------------------------
This is an Confidential Document.
THE COMPULSORY PART
Compulsory 1 (T01) the examiner can log into your system as root using password rW9ySX. The home directory must be /root
Answer and Explanation:
1. Boot the system in Single user mode
2. Use the passwd command to change the password
The upper command is the solution of the problem (99%). If not there is root login problem.
check the /etc/passwd, /etc/group, /etc/shadow, /etc/gshadow.
There may be the problem of “root account expired” so run the command for the checking the root account information
# chage –l root
# chage –E NEVER root à change the account expiration of the root
if there is file created naming “nologin” (/etc/nologin) then no user can not login except the root. If there is “nologin” directory than nether root and user can not login (/etc/nologin). So remove these dir and file and also check the /etc/rc.local file
#!/bin/sh
#
# This script will be executed *after* all the other init scripts.
# You can put your own initialization stuff in here if you don't
# want to do the full Sys V style init stuff.
touch /var/lock/subsys/local
mkdir /etc/nologin à remove this line
the rare problem is to be that the permission of /etc/securetty may changed set it to 600.
Compulsory 2 (T02) ping the 172.25.254.254 is successful, and your system uses static networking as described in /root/network.txt

Answer and Explanation: just cat the file /root/network.txt here you will find the IP address, Subnet mask, gateway address.
Run the command neat-tui or system-config-network-tui. It will open the text based window enter on the selected device and enter the given IP address and further information.
Than ,
ping 172.25.254.254
or you can make the manual entry in /etc/sysconfig/network-script/ifcfg-eth0 file
NETMASK=255.255.0.0
IPADDR=172.24.254.10
GATEWAY=172.24.254.254
Than service network restart. NOTE at exam time the prefer the text based tools.

Compulsory 3 (T03) dig server1.my133t.org successfully resolves that hostname using DNS
Answer and Explanation:

#vi /etc/resolv.conf
nameserver 172.25.254.254 à address of my133t.org
service network restart
# dig server1.my133t.org
At exam time you may found empty resolv.conf or it may be not exist
DNS is the Domain Name System, which maintains a database that can help your
computer translate domain names such as www.redhat.com to IP addresses such as
216.148.218.197. As no individual DNS server is large enough to keep a database for the
entire Internet, they can refer requests to other DNS servers.
DNS is based on the named daemon, which is built on the BIND (Berkeley Internet
Name Domain) package developed through the Internet Software Consortium
Users wants to access by name so DNS will interpret the name into ip address. You need
to specify the Address if DNS server in each and every client machine. In Redhat
Enterprise Linux, you need to specify the DNS server into /etc/resolv.conf file.
After Specifying the DNS server address, you can verify using host, dig and nslookup
commands.
Compulsory 4 (T04) your system has a new 100MB physical partition mount under /mnt/new with a 100MB ext3 filesystem. Note because partitionssizes are seldom exactly what is specified when they are created, anything within the range of 90 to 110MB is acceptable

Explanation:
1. Use fdisk /dev/sda To create new partition.
2. Type n For New partitions
3. It will ask for Logical or Primary Partitions. Press 1 for logical.
4. It will ask for the Starting Cylinder: Use the Default by pressing Enter Key.
5. Type the Size: +100M You can Specify either Last cylinder of Size here.
6. Press P to verify the partitions lists and remember the partitions name.
7. Press w to write on partitions table.
8. Either Reboot or use partprobe /dev/sda command.
9. Use mkfs -t ext3 /dev/hda? ->Where ? is your partition number
10. Or
11. mke2fs -j /dev/hda? To create ext3 filesystem.
12. mkdir /mnt/neo
13. vi /etc/fstab
14. Write:
15. /dev/hda? /mnt/new ext3 defaults 1 2
Than run the it will refresh the fstab file
16. Verify by mounting on current Sessions also:
17. mount
You will found the mount device
THE NON-COMPULSORY PART
QUESTION 5
Some users home directory is shared from your system. Using showmount -e
localhost command, the shared directory is not shown. Make access the shared users
home directory.
Answer and
Explanation:
Flows the sequence strictly
1. Verify the File whether Shared or not ? : cat /etc/exports
2. Start the nfs service: service portmap start
Chkconfig portmap on à Make automatically start the portmap service on next reboot:
3. Start the portmap service: service nfs start
Chkconfig nfs on à Make automatically start the nfs service on next reboot
6. Verify either sharing or not: showmount -e localhost
Note up to the above step the solution will be there.
QUESTION 6
neo user tried by:
dd if=/dev/zero of=/home/neo/somefile bs=1024 count=70
files created successfully. Again neo tried to create file having 70K using following
command:
dd if=/dev/zero of=/home/neo/somefile bs=1024 count=70
But he is unable to create the file. Make the user can create the file less then 70K.

Answer andExplanation:
Actually question is giving scenario to you to implement quota to neo user. You should apply the quota to neo user on /home that neo
user shouldn't occupied space more than 70K.
vi /etc/fstab
Add this keyword
LABEL=/home /home ext3 defaults,usrquota 0 0 à To enable the quota on filesystem you should mount the filesystem with usrquota for user quota and grpquota for group quota.
# mount -o remount /home ->Remounting the /home with updated mount options.
You can verify that /home is mounted with usrquota options or not using mount command.
# quotaon /home
# quotacheck -cug /home
# repquota /home à will show the user list with quota policy
# edquota -u neo /home-> Quota Policy editor
See the snapshot
Disk quotas for user neo (uid 500):
Filesystem blocks soft hard inodes soft hard
/dev/mapper/vo-myvol 2 30 70 1 0 0
Can you set the hard limit 70 and soft limit as you think like 30.Verify using the repquota /home command.
Note but in real scenario soft limit will be blocks+soft but you keep more than this like 2+30=32 put 35 and hard limit give less than this mean 70 so give the 68.
# su – neo
# dd if=/dev/zero of=/home/neo/somefile bs=1024 count=70
QUESTION 7
One Logical Volume is created named as myvol under vo volume group and is
mounted. The Initial Size of that Logical Volume is 124MB. Make successfully that
the size of Logical Volume 245MB without losing any data. The size of logical
volume 240MB to 255MB will be acceptable.
Answer and Explanation:
1. First check the size of Logical Volume: lvdisplay /dev/vo/myvol
2. Increase the Size of Logical Volume: lvextend -L+121M /dev/vo/myvol
Make Available the size on online: resize2fs /dev/vo/myvol
3.
4. Verify the Size of Logical Volume: lvdisplay /dev/vo/myvol
5. Verify that the size comes in online or not: df -h
We can extend the size of logical Volume using the lvextend command. As well as to
decrease the size of Logical Volume, use the lvresize command. In LVM v2 we can
extend the size of Logical Volume without unmount as well as we can bring the actual
size of Logical Volume on online using ext2online command.
Troubleshooting part
How to enter in rescue mode?
Insert the Linux bootable media type the linux rescue than flows the asking step.
if the system give the error like ‘chroot /mnt/sysimage can’t mounted” then there is error in /etc/fstab file and kernel not able to find the /boot.
Check the file and correct it. There is may be the label is incorrect Check the correct label of every drive by the command
# e2label /dev/sda1 or sda2 and so on à and then compare the output to the fstab file
after knowing the partition label create a directory and mount the partion
Example:-
# e2lable /dev/sda1
/1
#e2lable /dev/sda2
/boot
# mkdir directoryname
# mount /dev/sda2 directroyname

LABEL=/ / ext3 defaults 1 1
LABEL=/home /home ext3 defaults 1 2
LABEL=/boot /boot ext3 defaults 1 2
tmpfs /dev/shm tmpfs defaults 0 0 correct file
devpts /dev/pts devpts gid=5,mode=620 0 0
sysfs /sys sysfs defaults 0 0
proc /proc proc defaults 0 0
LABEL=/1 /root ext3 defaults 1 1
LABEL=/home /home ext3 defaults 1 2
LABEL=/boot /boot ext3 defaults 1 2
tmpfs /dev/shm tmpfs defaults 0 0 incorrect file
devpts /dev/pts devpts gid=5,mode=620 0 0
sysfs /sys sysfs defaults 0 0
proc /proc proc defaults 0 0
if the system give the massage like ‘chroot /mnt/sysimage mounted successfully ” then there is no error in /etc/fstab file and kernel able to find the /boot
Then run the command and then create the initrd file by command . It will take some time. Then restart the computer or check the other file.
In the troubleshooting part there will be error in /etc/fstab, /boot/grub/grub.conf, /etc/inittab, /boot/initrd-2.6.18-53.el5.img (this file may be missing), above file learn the all syntax completely
# grub.conf generated by anaconda
#
# Note that you do not have to rerun grub after making changes to this file
# NOTICE: You have a /boot partition. This means that
# all kernel and initrd paths are relative to /boot/, eg.
# root (hd0,0)
# kernel /vmlinuz-version ro root=/dev/sda2
# initrd /initrd-version.img
#boot=/dev/sda
default=0
timeout=5
splashimage=(hd0,0)/grub/splash.xpm.gz
hiddenmenu
title Red Hat Enterprise Linux Server (2.6.18-53.el5) correct syntax
root (hd0,0)
kernel /vmlinuz-2.6.18-53.el5 ro root=LABEL=/ rhgb quiet
initrd /initrd-2.6.18-53.el5.img
Note : in the grub.conf file the bold line are very important there could be silly mistake like in { kernel /vmlinuz-2.6.18-53.el5 ro root=LABEL-/ rhgb quiet} in that line the ‘l’ may be replace by the ‘1’. Or some keyword may be missing.
The RHCT PART
In this part you will find the blank system and you have to install the RHEL 5 on the system.The examiner will provide the bootable cd. Than you have to boot the system and install the RHEL 5 via network. The network path will be given in the question paper.
First check them memory size (RAM) in the CMOS setup. Then start the installation as the question paper asking and make the RAID partition in while installation.
SELinix must be in enforcing mode and Firewall must be disabled.
Give the root password as it motioned.
Then you have to create the yum client on to your station machine
# vi /etc/yum.repos.d/server.repo

[server]
name = server
Baseurl=http://server1.example.com/pub/Server -à the path will given on the question
enabled = 1 Paper.
gpgcheck=0
#service yum-updatesd restart
# yum clean all
QUESTION 1
Create the group named sysusers.
Answer and Explanation
1. # groupadd sysusers
groupadd command is used to create the group and all group information is stored in
/etc/group file.
QUESTION 2
Create the user named Andrew, susan, brad
Answer and Explanation:
1. useradd jeff
2. useradd marion
3. useradd harold
useradd command is used to create the user. All user's information stores in /etc/passwd
and user;s shadow password stores in /etc/shadow.

QUESTION 3
Make Secondary belongs the Andrew and susan users on sysusers group. But brad
user should not belongs to sysusers group and he does not have access to an interactive shell on the system
Answer and Explanation:
1. usermod -G sysusers jeff
2. usermod -G sysuser marion
3. Verify by reading /etc/group file
Using usermod command we can make user belongs to different group. There are two
types of group one primary and another is secondary. Primary group can be only one but
user can belongs to more than one group as secondary.
usermod -g groupname username To change the primary group of the user
usermod -G groupname username To make user belongs to secondary group.
Vi /etc/passwd à brad:x:501:501::/home/brad:/bin/bash

Change to /sbin/nolgin
QUESTION 4
Create the collaborative directory /shared/sysusers and group owner should be the sysusers group.
Answer and Explanation:
Note : the /shared directory is the mounting point of raid partition. If you created the raid at the installation time, the /shared will be exist there.
1. chgrp sysusers /shared/sysusers
2. Verify using command. You should get like
drwxr-x--- 2 root sysusers 4096 Mar 16 17:59 /shared/sysusers
chgrp command is used to change the group ownership of particular files or directory.
Another way you can use the chown command.

QUESTION 5
Make on /shared/sysusers directory that only the user owner and group owner member can
fully access.
Answer andExplanation:
1. chmod 770 /shared/sysusers
2. Verify using : ls -ld /shared/sysusers
Preview should be like:
drwxrwx--- 2 root sysusers 4096 Mar 16 18:08 /shared/sysusers
To change the permission on directory we use the chmod command. According to the
question that only the owner user (root) and group member (sysusers) can fully access the
directory so: chmod 770 /archive
QUESTION 6
Who ever creates the files/directories on /shared/sysusers group owner should be
automatically should be the same group owner of /shared/sysusers.

Answer and Explanation:
1. chmod g+s /shared/sysusers or chmod 2770 /shared/sysusers
2. Verify using: ls -ld /shared/sysusers
Permission should be like:
drwxrws--- 2 root sysusers 4096 Mar 16 18:08 /shared/sysusers
If SGID bit is set on directory then who every users creates the files on directory group
owner automatically the owner of parent directory.
To set the SGID bit: chmod g+s directory
To Remove the SGID bit: chmod g-s directory
QUESTION 7
Install the appropriate kernel updated from ftp://server1.example.com/pub/updates. the flowing criteria must also be met.
the updated kernel is the default kernel when the system is rebooted
the original kernel remains available and bootable on the system
Answer and Explanation:
First to connect to the server
# lftp server1.example.com/pub/updates
# get kernelfile “ it copy to your system on the last login location
# rpm -ivh kernelname à it will take some time
# vi /etc/grub.conf
Check the new installed kernel on the file and set it to default by setting the keyword

QUESTION 8
Your System is going use as a router for 172.24.0.0/16 and 172.25.0.0/16. Enable the
IP Forwarding.
Answer and Explanation:
1. echo "1" >/proc/sys/net/ipv4/ip_forward
2. vi /etc/sysctl.conf
3. service syslog restart
net.ipv4.ip_forward=1
/proc is the virtual filesystem, containing the information about the running kernel. To
change the parameter of running kernel you should modify on /proc. From Next reboot
the system, kernel will take the value from /etc/sysctl.conf.
QUESTION 9
Raw (Model) printer named printer1 is installed and shared on server1.example.com. You
should install the shared printer on your PC to connect shared printer using IPP
Protocols.
Answer and Explanation:
IPP( Internet Printing Protocol), allows administrator to manage printer through browser
so CUPS is called Internet Printing Protocol based on HTTP. We can Install the printer
either through: system-confing-printer tool or through Browser.
2. Click on Manage Printer.
3. Click on Add Printer.
4. Type Printer name, Location, Description.
5. Select Device for bb. (Select IPP).
6. Device URL: ipp:/server1.example.com queue name Same printer name of

shared printer.
7. Select Model/Driver RAW printer.
8. service cups restart
QUESTION 10
Install the Cron Schedule for andrew user to display "Hello" on daily 5:30.
- /bin/echo hello
Answer and Explanation:
1. Login as a root user
2. crontab –e -u andrew -à this will open the empty file. Make the entry
30 5 * * * /bin/echo hello
4. service crond restart
The cron system is essentially a smart alarm clock. When the alarm sounds, Linux runs
the commands of your choice automatically. You can set the alarm clock to run at all
sorts of regular time intervals. Alternatively, the at system allows you to run the
command of your choice once, at a specified time in the future.
Red Hat configured the cron daemon, crond. By default, it checks a series of directories
for jobs to run, every minute of every hour of every day. The crond checks the
/var/spool/cron directory for jobs by user. It also checks for scheduled jobs for the
computer under /etc/crontab and in the /etc/cron.d directory.
Here is the format of a line in crontab. Each of these columns is explained in more detail:
#minute, hour, day of month, month, day of week, command
* * * * * command
Entries in a crontab Command Line
Field Value
Minute 0-59
Hour Based on a 24-hour clock; for example, 23 = 11 p.m.
Day of month 1-31
Month 1-12, or jan, feb, mar, etc.
Day of week 0-7; where 0 and 7 are both Sunday; or sun, mon, tue, etc.
Command The command you want to run
QUESTION 11
One NIS Domain named RHCE is configured in your lab, server is 172.24.254.254
nisuser1, nisuser2, nisuser3 user are created on domain server. Make your system as
a member of RHCE domain. Make sure that when nis user login in your system
home directory should get by them. Home directory is separately shared on server
eg /rhome/stationx/ where x is you station number.
nis user’s home directory is server1.example.com:/rhome/stationx/nisuserx
Answer and Explanation:
system-config-authentication
2. Click on Enable NIS
3. Type the NIS Domain: rhce.com
4. Type Server 172.24.254.254 then click on next and ok
5. You will get a ok message.
Run command
# getent passwd à you will see the all users on the system including the NIS users
6. vi /etc/auto.master and write at the end of file
/rhome/stationx /etc/auto.misc --timeout=60
7. vi /etc/auto.misc and write
nisuserx -fstype=nfs,rw,intr 172.24.254.254:/home/stationx/nisusersx
Note: please specify your station number in the place of x.
8. Service autofs restart
Chkonfig autofs on
9. Login as the nisuserx on another terminal will be
Success.
According to question, rhce.com domain is already configured. We have to make a client
of rhce.com domain and automatically mount the home directory on every client. To
make a member of domain, we use the autheconfig with options or system-configauthentication
command. There a are lots of authentication server i.e NIS, LDAB, SMB
etc. NIS is a RPC related Services, no need to configure the DNS, we should specify the
NIS server address.
Here Automount feature is available. When user tried to login, home directory will
automatically mount. The automount service reads the configuration from
/etc/auto.master file.
On /etc/auto.master file we specified the mount point the configuration file for mount
point.
QUESTION 12
Copy tge file /etc/fstab to /var/tmp. Configure the permission of /var/tmp/fstab so that
the file /var/tmp/fstab is owned by the root user
the file /var/tmp/fstab belongs to the group root
the file /var/tmp/fstab should not be executable by anymore
the user Andrew is able to read and write /var/tmp/fstab
the user susan can neither write nor read /var/tmp/fstab
all other user (current of future) have the ability to read /var/tmp/fstab
Answer and Explanation:
# cp /etc/fstab /var/tmp/fstab
The default setting remain same for first three question and last question no change is require.
# setfacl –m u:Andrew:rw- /var/tmp/fstab
# setfacl –m u:susan:--- /var/tmp/fstab
QUESTION 13
Configure your system so that it is an NTP Client of server1.example.com


Delete the existing NTP Servers and ADD the server1.example.com click ok
RHCE PART
You will note that some requirements specify that s service should not be available from the DNS domain my133t.org. all system in that domain are in the 172.25.0.0/255.255.0.0subnet, and all system in that subnet are my133t.org
Configure SSH access as follows
susan has remote SSH access to your machin from within example.com
clients within my133t.org should NOT have access to ssh your system

Answer and Explanation:
1. vi /etc/hosts.deny
sshd: ALL EXCEPT 172.24.
# service sshd restart
We can secure the services using tcp_wrappers. There are main two files, /etc/hosts.allow
and /etc/hosts.deny.
There will be three stage access checking
-Is access explicitly permitted? Means permitted from /etc/hosts.allow?
- Otherwise, Is access explicitly denied? Means denied from /etc/hosts.deny?
- Otherwise, by default permit access if neither condition matched.
To deny the services we can configure /etc/hosts.deny file using ALL and EXCEPT
operation. Pattern of /etc/hosts.allow and /etc/hosts.deny file is:
Demon_list:client_list:options
In Client list can be either domain name or IP address.
QUESTION
Configure POP3 email on your system according to these criteria
brad must be able to retrieve email from your machine using POP3 from with in example.com
clients within the my133t.org domain should not have access to your POP3 server

Answer and
Explanation:
1. vi /etc/hosts.deny
dovecot: ALL EXCEPT 172.24.
first you have to install the dovecot yum install dovecot
# service dovecot restart
# chkconfig dovecot on
We can secure the services using tcp_wrappers. There are main two files, /etc/hosts.allow
and /etc/hosts.deny.
There will be three stage access checking
- Is access explicitly permitted? Means permitted from /etc/hosts.allow?
- Otherwise, Is access explicitly denied? Means denied from /etc/hosts.deny?
- Otherwise, by default permit access if neither condition matched.
To deny the services we can configure /etc/hosts.deny file using ALL and EXCEPT
operation. Pattern of /etc/hosts.allow and /etc/hosts.deny file is:
Demon_list:client_list:options
In Client list can be either domain name or IP address.
QUESTION
You have a domain in your LAN named example.com and my133t.org. Allow the
- Allow the FTP connection only from local domain.
- Deny the FTP connection from my133t.org
Answer and Explanation:
1. vi /etc/hosts.deny
vsftpd: ALL EXCEPT 172.24.
# service vsftpd restart
# chkconfig vsftpd on

We can secure the services using tcp_wrappers. There are main two files, /etc/hosts.allow
and /etc/hosts.deny.
There will be three stage access checking
- Is access explicitly permitted? Means permitted from /etc/hosts.allow?
- Otherwise, Is access explicitly denied? Means denied from /etc/hosts.deny?
- Otherwise, by default permit access if neither condition matched.
To deny the services we can configure /etc/hosts.deny file using ALL and EXCEPT
operation. Pattern of /etc/hosts.allow and /etc/hosts.deny file is:
Demon_list:client_list:options
In Client list can be either domain name or IP address.
NOTE: make entry in /etc/hosts.allow à ALL 127.0.0.1 or (localhost) for allowing self machine
Share the /shared directory via SMB:
your SMB server must be member or the SMBGROUP workgroup
The share’s name must be shared
The shared share must be available to example.com domain clients only
The shared share must be browseable
Susan must have read access to the share, authenticating with the susan password if necessary
# yum install samba*
# service smb restart
#chkconfig smb on
# vi /etc/samba/smb.conf
In the Global setting
Workgroup = SMBGROUP
Host allow 127. 172.24. {for loop back and another for example.com domain)
As pet the question (at last of the file)
[shared]
Comment = this is my share
path = /shared
broswseable = yes
writable = no -à optional
printable = no --à optional
valid user = susan
# testperm à answer must be OK
# service smb restart
# smbpasswd –a susan à give the samba password
# smbclient //172.24.0.x/shared –U susan (where x is your station ip address)
It may not be connect then check the selinux error. The star will appear on the top copy the command and run it
# chcon –R –t samba_shared-t /shared
# try login again. Login will be successful
QUESTION
Implement a web server for the site http://stationX.example.com, then perform the following steps
Download ftp://server1.example.com/pub/rhce/station.html
Rename the downloaded file to index.html
Copy this index.html to the DocumentRoot of your web server
Do NOT make any modification to the content if index.html
# yum install httpd*
# service httpd restart
# chkconfig httpd on
# lftp server1.example.com/pub/rhce/
#ll
You wiil see the station.html file
# get station.html
Bye the ftp connection
# cp station.html /var/www/html/index.html à copy and rename the file
# vim /etc/httpd/conf/httpd.conf

ServerAdmin root@stationX.example.com
DocumentRoot /var/www/html/
ServerName stationX.example.com
# ErrorLog logs/dummy-host.example.com-error_log
# CustomLog logs/dummy-host.example.com-access_log common

Note X is your Station number

# service httpd restart
# httpd –t for check the syntax of the file.
Open the firefox and in the url address http://statiionX.example.com à you must see the hosted page

QUESTION
Export your /shared directory via NFS to the example.com only
vi /etc/exports

add content ---
/share 172.24.0.0/255.255.0.0(ro,sync)
# service portmap restart
#chkconfig portmap on
#service nfs restart
#chkconfig nfs on
QUESTION
Configure as email alias for your MTA such that mail sent to acctmgr is received by the local user Andrew.
# yum install sendmail*
# vi /etc/aliases
At bottom of file add here the line

# newaliases -à it refresh the /etc/aliases file

QUESTION
Configure SMTP mail service according to the following requriments
your mail server should accept mail from remote hosts and localhost
susan must be able to receive mail from remote hosts
mail delivered to susan should spool into the default mail spool for susan. /var/spool/mail/susan
install the sendmail package
# service sendmail restart
#chkconfig sendmail on
# vim /etc/mail/sendmail.mc
Search the /127 keyword you will find the this line
DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA')dnl
Comment this line by putting ahead of this line dnl #
Save and exit
#service sendmail restart
/var/spool/mail/susan à is the default setting there is requirement to change
Additional RHCE Question
Question
provide SSL encapsulation IMAP access (IMAPS)
IMAPS must not be available to other network or domains
The SSL certificate for the IMAPS server must be created as follows
Use the defaults for Country, State, Locality, and Organization Name
Set organizational Unit to GLS
Set Common Name to Stationx.example.com
Set Email Address to root@stationx.example.com
Here we have to put the iptables rules
#iptables –A INPUT –s ! 172.24.0.0/24 –p tcp –-deport 110 –J REJECT

Accepts not sine protocol port number
(to know the all port /etc/services)
#iptables –A INPUT –s ! 172.24.0.0/24 –p udp –-deport 110 –J REJECT
#iptables –A INPUT –s ! 172.24.0.0/24 –p tcp –-deport 993 –J REJECT
#iptables –A INPUT –s ! 172.24.0.0/24 –p udp –-deport 993 –J REJECT
# iptables –I INPUT –i lo –J ACCEPT
# service iptables save
#service iptables restart
# chkconfig iptables on
See the sated rules
# iptables -L
# yum install dovecot
# service dovecot start
# vim /etc/dovecot.conf à search this line and uncomment this line


Remove both keyword
# service dovecot restart
# chkconig dovecote on
Now make the Dovecot certificate
# make –C /etc/pki/tls/certs stationx.pem
Enter the required information
# vim /etc/dovecot.conf à search this line, edit this line and uncomment this line



Remove this keyword and type
here our certificate name
station.pem
copy this certificate and paste on the palace that mentioned in this both line.
# service dovecot restart
# mutt -f imaps://username@stationXexample.com
You must see the certificate
Extend your web server to include a virtual lost for the site http://wwwX.example.com/. Where X your station number, then perform the following steps.
set the DocumentRoot to /var/www/virtual
Download ftp://server1.example.com
Rename the downloaded file to index.html
Place this index.html in the DocumentRoot of the index.html
Do NOT make any modification to the content of index.html
Ensure that susan is able to create content in /var/www/virtual
Note: the original web site http://stationx.example.com must still be access able. DNS resolution for the hostname wwwX.example.com is already provide by the server on server1.example.com
# lftp server1.example.com/pub/rhce/
#ll
You wiil see the www.html file
# get www.html
Bye the ftp connection
# mkdir /var/www/virtual
# cp www.html /var/www/virtual/index.html à copy and rename the file
# vim /etc/httpd/conf/httpd.conf
NameVirtualHost 172.24.0.X:80 add this line for multiple hosting

ServerAdmin root@wwwX.example.com
DocumentRoot /var/www/virtual/
ServerName wwwX.example.com
# ErrorLog logs/dummy-host.example.com-error_log
# CustomLog logs/dummy-host.example.com-access_log common

Note X is your Station number

# service httpd restart
# httpd –t for check the syntax of the file.
Open the firefox and in the url address http://wwwX.example.com à you must see the hosted page

Aadat

Sabko pyar dene ki Aadat hai mujhe,

Apni alag pehchan banane ki Aadat hai mujhe

 
back to top

WEBSITE OF BUBBLY