Preparation Set 1
SERVER A
Q1 : Configure Hostname and Ip Address on this machine
IP Address : 192.168.208.138
NetMask : 255.255.255.0
Gateway : 192.168.208.2
DNS : 192.168.208.2
[root@serverA ~]# nmcli conn add type ethernet ifname ens160 con-name serverAnet ipv4.method manual ipv4.addresses 192.168.208.138/24 ipv4.dns 192.168.208.2 ipv4.gateway 192.168.208.2 [root@serverA ~]# cat /etc/NetworkManager/system-connections/serverAnet.nmconnection [connection] id=serverAnet uuid=62012638-3b99-4f06-9501-1387844d33a5 type=ethernet interface-name=ens160 [ethernet] [ipv4] address1=192.168.208.138/24,192.168.208.2 dns=192.168.208.2; method=manual [ipv6] addr-gen-mode=default method=auto [proxy]
Q2 : Configure yum on serverA
[root@serverA yum.repos.d]# pwd /etc/yum.repos.d [root@serverA yum.repos.d]# ls appstream.repo baseos.repo redhat.repo [root@serverA yum.repos.d]# cat baseos.repo [BaseOS] name = BaseOS baseurl = http://192.168.208.137/softwares/BaseOS enabled = 1 gpgcheck = 0 [root@serverA yum.repos.d]# cat appstream.repo [AppStream] name = AppStream baseurl = http://192.168.208.137/softwares/AppStream enabled = 1 gpgcheck = 0 [root@serverA ~]# yum repolist all Updating Subscription Management repositories. Unable to read consumer identity This system is not registered with an entitlement server. You can use subscription-manager to register. repo id repo name status AppStream AppStream enabled BaseOS BaseOS enabled
Q3 : Gain superuser access to serverA by resetting its root password.
# Select the Rescue Mode by up down arrows , and press e # Add the following line at the end of the text 'quiet' rd.break # Press ctrl+x # Follow the commands switch_root:/# mount -o remount,rw /sysroot switch_root:/# chroot /sysroot sh-5.1# passwd sh-5.1# touch /.autorelabel sh-5.1# exit switch_root:/# reboot
Q4 : Add an additional SWAP partition of 512M in serverA
[root@serverA ~]# gdisk /dev/nvme0n2 Command (? for help): n Partition number (1-128, default 1): First sector (34-10485726, default = 2048) or {+-}size{KMGTP}: Last sector (2048-10485726, default = 10485726) or {+-}size{KMGTP}: +512M Current type is 8300 (Linux filesystem) Hex code or GUID (L to show codes, Enter = 8300): 8200 Changed type of partition to 'Linux swap' Command (? for help): w OK; writing new GUID partition table (GPT) to /dev/nvme0n2. The operation has completed successfully. [root@serverA ~]# blkid /dev/nvme0n2p1 /dev/nvme0n2p1: UUID="0e8fa244-bf36-4beb-86a1-158fd70c6fb9" TYPE="swap" PARTLABEL="Linux swap" PARTUUID="e5ee047c-7fa8-450a-8fc9-35ef642a029d" [root@serverA ~]# vim /etc/fstab [root@serverA ~]# tail -1 /etc/fstab /dev/nvme0n2p1 swap swap defaults 0 0 [root@serverA ~]# systemctl daemon-reload [root@serverA ~]# swapon -a [root@serverA ~]# free -h total used free shared buff/cache available Mem: 3.5Gi 1.2Gi 1.7Gi 31Mi 877Mi 2.3Gi Swap: 2.5Gi 0B 2.5Gi [root@serverA ~]# lsblk NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINTS sr0 11:0 1 1024M 0 rom nvme0n1 259:0 0 20G 0 disk ├─nvme0n1p1 259:1 0 600M 0 part /boot/efi ├─nvme0n1p2 259:2 0 1G 0 part /boot └─nvme0n1p3 259:3 0 18.4G 0 part ├─cs-root 253:0 0 16.4G 0 lvm / └─cs-swap 253:1 0 2G 0 lvm [SWAP] nvme0n2 259:4 0 5G 0 disk └─nvme0n2p1 259:10 0 512M 0 part [SWAP]
Q5 : Create the following users,group, and group members
- A group named sales
- A user nancy who belongs to sales as a secondary group
- A user sunny who does not have access to an interactive shell on the system, and not a member of the sales group
- nacy, sunny and mike all have password redhat
[root@serverA ~]# groupadd sales [root@serverA ~]# useradd nancy -G sales [root@serverA ~]# cat /etc/passwd | grep nancy nancy:x:1000:1001::/home/nancy:/bin/bash [root@serverA ~]# groups nancy nancy : nancy sales [root@serverA ~]# useradd sunny -s /sbin/nologin [root@serverA ~]# cat /etc/passwd | grep sunny sunny:x:1001:1002::/home/sunny:/sbin/nologin [root@serverA ~]# groups sunny sunny : sunny [root@serverA ~]# passwd nancy [root@serverA ~]# passwd sunny [root@serverA ~]# useradd mike [root@serverA ~]# passwd mike
Q6 : Create a logical volume according to the following requirements :
- A logical volume named wshare which belongs to the wgroup volume group and has size of 100 extents.
- Logical volume in the wgroup volume group should have an extent size of 8 MiB.
- Format the new logical volume with vfat file system.
- Note: The logical volume should mount automatically on /mnt/wshare the time of the system booting
# Create PV [root@serverA ~]# pvcreate /dev/nvme0n3 Physical volume "/dev/nvme0n3" successfully created. [root@serverA ~]# pvs PV VG Fmt Attr PSize PFree /dev/nvme0n1p3 cs lvm2 a-- 18.41g 0 /dev/nvme0n3 lvm2 --- 6.00g 6.00g # Create VG [root@serverA ~]# vgcreate wgroup /dev/nvme0n3 -s 8M Volume group "wgroup" successfully created [root@serverA ~]# vgs VG #PV #LV #SN Attr VSize VFree cs 1 2 0 wz--n- 18.41g 0 wgroup 1 0 0 wz--n- 5.99g 5.99g [root@serverA ~]# vgdisplay wgroup --- Volume group --- VG Name wgroup System ID Format lvm2 Metadata Areas 1 Metadata Sequence No 1 VG Access read/write VG Status resizable MAX LV 0 Cur LV 0 Open LV 0 Max PV 0 Cur PV 1 Act PV 1 VG Size 5.99 GiB PE Size 8.00 MiB Total PE 767 Alloc PE / Size 0 / 0 Free PE / Size 767 / 5.99 GiB VG UUID hNTctq-Xve3-qcoM-Kl0S-uYaf-PycF-J1OG9Q # Create LV [root@serverA ~]# lvcreate wgroup -l 100 --name wshare Logical volume "wshare" created. [root@serverA ~]# lvs LV VG Attr LSize Pool Origin Data% Meta% Move Log Cpy%Sync Convert root cs -wi-ao---- 16.41g swap cs -wi-ao---- 2.00g wshare wgroup -wi-a----- 800.00m [root@serverA ~]# lvdisplay /dev/wgroup/wshare --- Logical volume --- LV Path /dev/wgroup/wshare LV Name wshare VG Name wgroup LV UUID mePSxS-XVyF-iNeQ-9jw7-8c9f-BLF9-vo4ZdT LV Write Access read/write LV Creation host, time serverA, 2024-10-07 14:46:20 +0800 LV Status available # open 0 LV Size 800.00 MiB Current LE 100 Segments 1 Allocation inherit Read ahead sectors auto - currently set to 256 Block device 253:2 # Formatting with VFAT [root@serverA ~]# mkfs -t vfat /dev/wgroup/wshare mkfs.fat 4.2 (2021-01-31) [root@serverA ~]# blkid /dev/wgroup/wshare /dev/wgroup/wshare: UUID="424E-8680" TYPE="vfat" # Boot Mount automatically [root@serverA ~]# tail -1 /etc/fstab /dev/wgroup/wshare /mnt/wshare vfat defaults 0 0 [root@serverA ~]# systemctl daemon-reload [root@serverA ~]# mount -a [root@serverA ~]# [root@serverA ~]# lsblk NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINTS sr0 11:0 1 1024M 0 rom nvme0n1 259:0 0 20G 0 disk ├─nvme0n1p1 259:1 0 600M 0 part /boot/efi ├─nvme0n1p2 259:2 0 1G 0 part /boot └─nvme0n1p3 259:3 0 18.4G 0 part ├─cs-root 253:0 0 16.4G 0 lvm / └─cs-swap 253:1 0 2G 0 lvm [SWAP] nvme0n2 259:4 0 5G 0 disk └─nvme0n2p1 259:10 0 512M 0 part [SWAP] nvme0n3 259:5 0 6G 0 disk └─wgroup-wshare 253:2 0 800M 0 lvm /mnt/wshare nvme0n4 259:6 0 5G 0 disk nvme0n5 259:7 0 5G 0 disk nvme0n6 259:8 0 2G 0 disk
Q7 : Creae a collaborative /home/collab with the following characterstics :
- Group ownership of /home/collab is sales
- The directory should be readable , writable, and accessible to members of sales but not to any other users
- Files created in /home/collab automatically have group ownership set to the sales group
[root@serverA home]# mkdir collab [root@serverA home]# chown :sales collab [root@serverA home]# chmod 770 collab [root@serverA home]# chmod g+s collab [root@serverA home]# ls -ld collab/ drwxrws---. 2 root sales 6 Oct 7 17:03 collab/
Q8 : Create a user account
- Create a user dolly with a uid 5120
- The password for this user should be redhat
[root@serverA ~]# useradd dolly -u 5120 [root@serverA ~]# passwd dolly
Q9 : The user nancy must configure a cron job that runs daily at 15:25 local time and executes /bin/echo hello or /usr/bin/echo hi.
[nancy@serverA ~]$ crontab -e [nancy@serverA ~]$ crontab -l 25 15 * * * /bin/echo hello
Q10 : Create a tar archive named /root/data.tar.bz2 which contains the /usr/local contents. The tar archive must be compressed using bzip2
[root@serverA ~]# tar -jcvf data.tar.bz2 /usr/local
Q11 : Locate all the files owned by a user smith and place a copy of them in /root/found directory
[root@serverA ~]# find / -type f -user smith -exec cp -rf {} /root/found/ \;
Q12 : Configure your system so that it is an NTP client.
[root@serverA ~]# systemctl start chronyd [root@serverA ~]# systemctl enable chronyd "/etc/chrony.conf" 51L, 1403B 1,1 Top [root@serverA ~]# vim /etc/chrony.conf server 2.centos.pool.ntp.org iburst [root@serverA ~]# systemctl restart chronyd [root@serverA ~]# timedatectl set-ntp true [root@serverA ~]# timedatectl [root@serverA ~]# chronyc source
Q13 : Choose the recommended tuned profile for this system and set it as default
[root@serverA ~]# rpm -q tuned tuned-2.24.0-1.el9.noarch [root@serverA ~]# systemctl status tuned.service [root@serverA ~]# systemctl start tuned.service [root@serverA ~]# systemctl enable tuned.service [root@serverA ~]# tuned-adm list [root@serverA ~]# tuned-adm recommend [root@serverA ~]# tuned-adm active Current active profile: virtual-guest [root@serverA ~]# tuned-adm profile virtual-guest
Q14 : Copy all the uncommented lines from the file /etc/sudoers in the same order in /root/list file
# ^: Anchors the search to the beginning of the line. # [^#]: This is a character class that matches any character except #. # The ^ inside the square brackets negates the character class, meaning it will match any character that is not #. [root@serverA ~]# grep ^[^#] /etc/sudoers
Q15 : Configure web server and enable non-default port 82
[root@serverA ~]# systemctl start httpd [root@serverA ~]# systemctl enable httpd # Modify the configuration file [root@serverA ~]# vim /etc/httpd/conf/httpd.conf Listen 82 # Make sure selinux know about the port change [root@serverA ~]# semanage port -a -t http_port_t -p tcp 82 [root@serverA ~]# systemctl restart httpd [root@serverA ~]# netstat -tnl Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:56707 0.0.0.0:* LISTEN tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN tcp6 0 0 :::45327 :::* LISTEN tcp6 0 0 ::1:631 :::* LISTEN tcp6 0 0 :::82 :::* LISTEN tcp6 0 0 :::111 :::* LISTEN tcp6 0 0 :::22 :::* LISTEN [root@serverA ~]# curl localhost:82 <h1> v1: This is a website !</h1> # Configure firewall [root@serverA ~]# firewall-cmd --permanent --add-service=http [root@serverA ~]# firewall-cmd --permanent --add-port=82/tcp success [root@serverA ~]# firewall-cmd --reload success [root@serverA ~]# firewall-cmd --list-all public (active) target: default icmp-block-inversion: no interfaces: ens160 sources: services: cockpit dhcpv6-client ntp ssh ports: 82/tcp protocols: forward: yes masquerade: no forward-ports: source-ports: icmp-blocks: rich rules: # To check semanage ports [root@serverA ~]# semanage port -l | grep http
Q16 : The user harry is able to read and write the file /var/tmp/fstab. The user natasha is not able to read or write /var/tmp/fstab
[root@serverA tmp]# setfacl -m u:natasha:--- /var/tmp/fstab [root@serverA tmp]# setfacl -m u:harry:rw- /var/tmp/fstab [root@serverA tmp]# getfacl -a /var/tmp/fstab getfacl: Removing leading '/' from absolute path names # file: var/tmp/fstab # owner: root # group: root user::rw- user:harry:rw- user:natasha:--- group::r-- mask::rw- other::r--
Q17 : Configure sudo power to a group sales
[root@serverA ~]# visudo %sales ALL=(ALL) NOPASSWD: ALL
Q18 : Default file & directory permission for a user
[harry@serverA ~]$ # 777 - 027 = 750 [harry@serverA ~]$ # 666 - 026 = 640 [harry@serverA ~]$ vi .bashrc umask 026 umask 027 [harry@serverA ~]$ source .bashrc [harry@serverA ~]$ touch f1 [harry@serverA ~]$ mkdir d1 [harry@serverA ~]$ ls -lh total 0 drwxr-x---. 2 harry harry 6 Oct 8 08:43 d1 -rw-r-----. 1 harry harry 0 Oct 8 08:43 f1
Q19 : Find files from /usr/share which are less than 5MB and save it in /root/myfiles.
[root@serverA ~]# find /usr/share -size -5M -exec cp -f {} /root/myfiles \;
Q20 : Configure nfs and autofs client
# NFS Mounting [root@serverA exam]# showmount -e 192.168.208.137 Export list for 192.168.208.137: /home/student/library/shelf6 192.168.208.138 /home/student/library/shelf5 192.168.208.138 /home/student/library/shelf4 192.168.208.138 /home/student/library/shelf3 192.168.208.138 /home/student/library/shelf2 192.168.208.138 /home/student/library/shelf1 192.168.208.138 [root@serverA exam]# tail -2 /etc/fstab 192.168.208.137:/home/student/library/shelf1 /root/exam/shared_shelf1 nfs defaults 0 0 192.168.208.137:/home/student/library/shelf2 /root/exam/shared_shelf2 nfs defaults 0 0 # AUTOFS [root@serverA exam]# cat /etc/auto.master /root/exam/ /etc/auto.nfs --timeout=300 [root@serverA exam]# cat /etc/auto.nfs shared_shelf3 -rw 192.168.208.137:/home/student/library/shelf3 shared_shelf4 -rw 192.168.208.137:/home/student/library/shelf4 [root@serverA exam]# systemctl restart autofs.service [root@serverA exam]# systemctl status autofs.service
Q21 : Create a container serverA as user mike URL : (...) , Don't make any changes in Containerfile
[root@serverA ~]# loginctl enable-linger mike [root@serverA ~]# su - mike Last login: Tue Oct 8 10:42:44 CST 2024 on pts/0 [mike@serverA ~]$ podman ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES [mike@serverA ~]$ podman ps -a CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES [mike@serverA ~]$ cat /home/mike/.config/containers/registries.conf unqualified-search-registries = ["docker.io"] [[registry]] insecure = true blocked = false location = "docker.io" # Build custom image [mike@serverA ~]$ cat Containerfile FROM docker.io/library/httpd MAINTAINER kcsanjeeb091@gmail.com [mike@serverA ~]$ podman build -t myimage . STEP 1/2: FROM docker.io/library/httpd Trying to pull docker.io/library/httpd:latest... Getting image source signatures Copying blob 0ffcdbb5bd41 done | Copying blob 14c9d9d19932 done | Copying blob f5db40045454 done | Copying blob 4f4fb700ef54 done | Copying blob ac0ad684e55d done | Copying blob b59792d2b7f1 done | Copying config a3e79aafef done | Writing manifest to image destination STEP 2/2: MAINTAINER kcsanjeeb091@gmail.com COMMIT myimage --> 5023c6ce6b48 Successfully tagged localhost/myimage:latest 5023c6ce6b4835f9ab4edaa2f4a7ad26cd8433f93a7fd4d8ed563c981526e775 [mike@serverA ~]$ podman images REPOSITORY TAG IMAGE ID CREATED SIZE localhost/myimage latest 5023c6ce6b48 24 seconds ago 182 MB docker.io/library/httpd latest a3e79aafef7f 2 months ago 182 MB
Q22 : Configure a container as service
- The container is named mycontainer
- The container uses my image
- The container runs as systemd image as user mike
- The service is named container-mycontainer
[mike@serverA processed]$ podman run -d --name mycontainer -v /home/mike/opt/files/:/opt/incoming:Z -v /home/mike/opt/processed/:/opt/outgoing:Z localhost/myimage:latest 8f87bf1954458a38bc392f41d6a127ca6b38d411cb04d63006e494261a97abd7 [mike@serverA processed]$ podman ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 8f87bf195445 localhost/myimage:latest httpd-foreground 3 seconds ago Up 3 seconds 80/tcp mycontainer # Boot Time Service [mike@serverA user]$ pwd /home/mike/.config/systemd/user [mike@serverA user]$ podman generate systemd --name mycontainer --files --new [mike@serverA user]$ ls container-mycontainer.service [mike@serverA user]$ systemctl --user enable container-mycontainer.service Created symlink /home/mike/.config/systemd/user/default.target.wants/container-mycontainer.service → /home/mike/.config/systemd/user/container-mycontainer.service. [mike@serverA user]$ systemctl --user start container-mycontainer.service [mike@serverA user]$ podman ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 49e69b35834c localhost/myimage:latest httpd-foreground 1 second ago Up 1 second 80/tcp mycontainer
Q23 : Do not allow natasha user to perform cron
[root@serverA ~]# cat /etc/cron.deny natasha
Q24 : The password for all the users should expire after 20 days
# Modify the /etc/login.defs file to change defaults [root@serverA ~]# vim /etc/login.defs [root@serverA ~]# grep ^PASS_MAX_DAYS /etc/login.defs PASS_MAX_DAYS 20 # For individual [root@serverA ~]# chage -M 20 natasha [root@serverA ~]# chage -l natasha Last password change : Oct 08, 2024 Password expires : Oct 28, 2024 Password inactive : never Account expires : never Minimum number of days between password change : 0 Maximum number of days between password change : 20 Number of days of warning before password expires : 7 # Test [root@serverA ~]# useradd user1 [root@serverA ~]# chage -l user1 Last password change : Oct 08, 2024 Password expires : Oct 28, 2024 Password inactive : never Account expires : never Minimum number of days between password change : 0 Maximum number of days between password change : 20 Number of days of warning before password expires : 7
Q24 : Resize LV
# use r to resize the fs as well [root@serverA ~]# lvresize -L 2G -r /dev/wgroup/wshare Size of logical volume wgroup/wshare changed from <1.47 GiB (188 extents) to 2.00 GiB (256 extents). File system xfs found on wgroup/wshare mounted at /mnt/wshare. Extending file system xfs to 2.00 GiB (2147483648 bytes) on wgroup/wshare... xfs_growfs /dev/wgroup/wshare meta-data=/dev/mapper/wgroup-wshare isize=512 agcount=7, agsize=64000 blks = sectsz=512 attr=2, projid32bit=1 = crc=1 finobt=1, sparse=1, rmapbt=0 = reflink=1 bigtime=1 inobtcount=1 nrext64=0 data = bsize=4096 blocks=385024, imaxpct=25 = sunit=0 swidth=0 blks naming =version 2 bsize=4096 ascii-ci=0, ftype=1 log =internal log bsize=4096 blocks=16384, version=2 = sectsz=512 sunit=0 blks, lazy-count=1 realtime =none extsz=4096 blocks=0, rtextents=0 data blocks changed from 385024 to 524288 xfs_growfs done Extended file system xfs on wgroup/wshare. Logical volume wgroup/wshare successfully resized. [root@serverA ~]# lvs LV VG Attr LSize Pool Origin Data% Meta% Move Log Cpy%Sync Convert root cs -wi-ao---- 16.41g swap cs -wi-ao---- 2.00g wshare wgroup -wi-ao---- 2.00g [root@serverA ~]# df -h Filesystem Size Used Avail Use% Mounted on devtmpfs 4.0M 0 4.0M 0% /dev tmpfs 1.8G 200K 1.8G 1% /dev/shm tmpfs 717M 18M 700M 3% /run efivarfs 256K 33K 224K 13% /sys/firmware/efi/efivars /dev/mapper/cs-root 17G 5.4G 12G 33% / /dev/nvme0n1p2 960M 483M 478M 51% /boot /dev/nvme0n1p1 599M 7.0M 592M 2% /boot/efi tmpfs 1.0M 0 1.0M 0% /run/stratisd/ns_mounts tmpfs 359M 96K 359M 1% /run/user/0 tmpfs 359M 52K 359M 1% /run/user/1002 /dev/mapper/wgroup-wshare 2.0G 47M 1.9G 3% /mnt/wshare [root@serverX ~]# mkfs -t xfs /dev/datastore/engineering # If question asked To resize [root@serverX ~]# lvresize -L +100M -r /dev/datastore/engineering Size of logical volume datastore/engineering changed from 200.00 MiB (20 extents) to 300.00 MiB (30 extents). File system xfs found on datastore/engineering. File system mount is needed for extend. Continue with xfs file system extend steps: mount, xfs_growfs? [y/n]:y Extending file system xfs to 300.00 MiB (314572800 bytes) on datastore/engineering... mount /dev/datastore/engineering /tmp/tmp.G68Q3nLS7Z_lvresize_4005 mount done xfs_growfs /dev/datastore/engineering meta-data=/dev/mapper/datastore-engineering isize=512 agcount=4, agsize=12800 blks = sectsz=512 attr=2, projid32bit=1 = crc=1 finobt=1, sparse=1, rmapbt=0 = reflink=1 bigtime=1 inobtcount=1 nrext64=0 data = bsize=4096 blocks=51200, imaxpct=25 = sunit=0 swidth=0 blks naming =version 2 bsize=4096 ascii-ci=0, ftype=1 log =internal log bsize=4096 blocks=1368, version=2 = sectsz=512 sunit=0 blks, lazy-count=1 realtime =none extsz=4096 blocks=0, rtextents=0 data blocks changed from 51200 to 76800 xfs_growfs done cleanup unmount /tmp/tmp.G68Q3nLS7Z_lvresize_4005 cleanup unmount done Extended file system xfs on datastore/engineering. Logical volume datastore/engineering successfully resized.