Part 1 (on Node1 Server)
Task 15 [Running Containers]
Create a container named logserver with the image rhel8/rsyslog found from the registry
registry.domain15.example.com:5000
The container should run as the root less user shangril
a. use redhat as password [sudo user]
Configure the container with systemd services as the shangrila user using the service name,
container-logserver so that it can be persistent across reboot.
Use admin as the username and admin123 as the credentials for the image registry.
See the
Explanation:
*
[root@workstation ~]# ssh shangrila@node1
[shangrila@node1 ~]$ podman login registry.domain15.example.com:5000
Username: admin
Password:
Login Succeeded!
[shangrila@node1 ~]$ podman pull registry.domain15.example.com:5000/rhel8/rsyslog
[shangrila@node1
~]$
podman
run
-d
--name
logserver
registry.domain15.example.com:5000/rhel8/rsyslog
021b26669f39cc42b8e94eab886ba8293d6247bf68e4b0d76db2874aef284d6d
[shangrila@node1 ~]$ mkdir -p ~/.config/systemd/user
[shangrila@node1 ~]$ cd ~/.config/systemd/user
*
[shangrila@node1 user]$ podman generate systemd --name logserver --files --new
/home/shangrila/.config/systemd/user/container-logserver.service
[shangrila@node1 ~]$ systemctl --user daemon-reload
[shangrila@node1 user]$ systemctl --user enable --now container-logserver.service
[shangrila@node1 ~]$ podman ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
7d9f7a8a4d63 registry.domain15.example.com:5000/rhel8/rsyslog:latest /bin/rsyslog.sh 2 seconds
ago logserver
[shangrila@node1 ~]$ sudo reboot
[shangrila@node1 ~]$ cd .config/systemd/user
[shangrila@node1 user]$ systemctl --user status
Part 1 (on Node1 Server)
Task 14 [Managing SELinux Security]
You will configure a web server running on your system serving content using a non-standard port
(82)
See the
Explanation:
*
[root@node1 ~]# curl
http://node1.domain15.example.com
curl: (7) Failed to connect to node1.domain15.example.com port 80: Connection refused
[root@node1 ~]# yum install httpd
[root@node1 ~]# systemctl enable --now httpd
Created
symlink
/etc/systemd/system/multi-user.target.wants/httpd.service
/usr/lib/systemd/system/httpd.service.
[root@node1 ~]# systemctl start httpd
[root@node1 ~]# systemctl status httpd
Status: "Running, listening on: port 80"
*
[root@node1 ~]# wget
http://node1.domain15.example.com
2021-03-23 13:27:28 ERROR 403: Forbidden.
[root@node1 ~]# semanage port -l | grep http
http_port_t tcp 80, 81, 443, 488, 8008, 8009, 8443, 9000
[root@node1 ~]# semanage port -a -t http_port_t -p tcp 82
[root@node1 ~]# semanage port -l | grep http
http_port_t tcp 82, 80, 81, 443, 488, 8008, 8009, 8443, 9000
[root@node1 ~]# firewall-cmd --zone=public --list-all
[root@node1 ~]# firewall-cmd --permanent --zone=public --add-port=82/tcp
[root@node1 ~]# firewall-cmd --reload
[root@node1 ~]# curl
http://node1.domain15.example.com
OK
*
root@node1 ~]# wget
http://node1.domain15.example.com:82
Connection refused.
[root@node1 ~]# vim /etc/httpd/conf/httpd.conf
Listen 82
[root@node1 ~]# systemctl restart httpd
[root@node1 ~]# wget
http://node1.domain15.example.com:82
2021-03-23 13:31:41 ERROR 403: Forbidden.
[root@node1 ~]# curl
http://node1.domain15.example.com:82
OK
Part 1 (on Node1 Server)
Task 13 [Archiving and Transferring Files & SELinux]
Create a backup file named /root/backup.tar.bz2. The backup file should contain the content of
/usr/local and should be zipped with bzip2 compression format.
Furthermore, ensure SELinux is in enforcing mode. If it is not, change SELinux to enforcing mode.
See the
Explanation:
*
[root@node1 ~]# tar cvf /root/backup.tar /usr/local/
tar: Removing leading `/' from member names
/usr/local/
/usr/local/bin/
/usr/local/etc/
[root@node1 ~]# ls
backup.tar
[root@node1 ~]# file backup.tar
backup.tar: POSIX tar archive (GNU)
[root@node1 ~]# bzip2 backup.tar
[root@node1 ~]# ls
backup.tar.bz2
[root@node1 ~]# file backup.tar.bz2
backup.tar.bz2: bzip2 compressed data, block size = 900k
[root@node1 ~]# sestatus
SELinux status: enabled
[root@node1 ~]# cat /etc/selinux/config
SELINUX=enforcing
SELINUXTYPE=targeted
[root@node1 ~]# reboot
### For Checking ###
[root@node1 ~]# sestatus
SELinux status: enabled
Part 1 (on Node1 Server)
Task 12 [Accessing Network-Attached Storage]
Configure autofs to automount the home directories of user remoteuserX. Note the following:
utility.domain15.example.com(172.25.15.9), NFS-exports /netdir to your system, where user is
remoteuserX where X is your domain number
remoteuserX home directory is utility.domain15.example.com:/netdir/remoteuserX
remoteuserX home directory should be auto mounted locally at /netdir as /netdir/remoteuserX
Home directories must be writable by their users while you are able to login as any of the
remoteuserX only home directory that is accessible from your system
See the
Explanation:
*
[root@host ~]#systemctl enable sssd.service
[root@host ~]#systemctl start sssg.service
[root@host ~]#getent passwd remoteuser15
[root@host ~]#yum install autofs
[root@host ~]#vim /etc/auto.master.d/home9.autofs
/netdir/remoteuser15 /etc/auto.home9
[root@host ~]#vim /etc/auto.home9
remoteuser15 rw,sync utility.network15.example.com:/netdir/remoteuser15/&
[root@host ~]#systemctl enable autofs
[root@host ~]#systemctl restart autofs
[root@host ~]#su - remoteuser15
Part 1 (on Node1 Server)
Task 11 [Scheduling Future Tasks]
The user natasha must configure a cron job that runs daily at 14:23 local time and also the same cron
job will run after every 2 minutes and executes:
/bin/echo hello
See the
Explanation:
*
[root@node1 ~]# crontab -l -u natasha
no crontab for natasha
[root@node1 ~]# crontab -e -u natasha
23 14 * * * /bin/echo hello
*/2 * * * * /bin/echo 2min
crontab: installing new crontab
[root@node1 ~]# crontab -l -u natasha
23 14 * * * /bin/echo hello
*/2 * * * * /bin/echo 2min
[root@node1 ~]# systemctl status crond.service
*
### For Checking ###
[root@node1 ~]# tail -f /var/log/cron
Mar 23 13:23:48 node1 crontab[10636]: (root) REPLACE (natasha)
Mar 23 13:23:48 node1 crontab[10636]: (root) END EDIT (natasha)
Mar 23 13:23:50 node1 crontab[10638]: (root) LIST (natasha)
Mar 23 13:24:01 node1 crond[1349]: (root) FAILED (loading cron table)
Mar 23 13:24:02 node1 CROND[10673]: (natasha) CMD (/bin/echo 2min)
Part 1 (on Node1 Server)
Task 10 [Configuring NTP/Time Synchronization]
Configure your system so that it is an NTP client of utility.domain15.example.com
The system time should be set to your (or nearest to you) timezone and ensure NTP sync is
configured
See the
Explanation:
*
[root@node1 ~]# yum install chrony
[root@node1 ~]# vim /etc/chrony.conf
pool utility.domain15.example.com iburst
[root@node1 ~]# systemctl enable chronyd
[root@node1 ~]# systemctl restart chronyd
[root@node1 ~]# systemctl status chronyd
[root@node1 ~]# tzselect
Please identify a location so that time zone rules can be set correctly.
Please select a continent, ocean, "coord", or "TZ".
1) Africa
2) Americas
3) Antarctica
4) Asia
11) TZ - I want to specify the time zone using the Posix TZ format.
#? 4
*
Please select a country whose clocks agree with yours.
1) Afghanistan 18) Israel 35) Palestine
2) Armenia 19) Japan 36) Philippines
3) Azerbaijan 20) Jordan 37) Qatar
4) Bahrain 21) Kazakhstan 38) Russia
5) Bangladesh 22) Korea (North) 39) Saudi Arabia
#? 5
The following information has been given:
Bangladesh
Therefore TZ='Asia/Dhaka' will be used.
Is the above information OK?
1) Yes
2) No
#? 1
Asia/Dhaka
[root@node1 ~]# chronyc sources -v
^? utility.domain15.example> 0 7 0 - +0ns[ +0ns] +/- 0ns
Part 1 (on Node1 Server)
Task 9 [Managing Files from the Command Line]
Search the string nologin in the /etc/passwd file and save the output in /root/strings
See the
Explanation:
*
[root@node1 ~]# cat /etc/passwd | grep nologin > /root/strings
[root@node1 ~]# cat /root/strings
bin:x:1:1:bin:/bin:/sbin/nologin
daemon:x:2:2:daemon:/sbin:/sbin/nologin
adm:x:3:4:adm:/var/adm:/sbin/nologin
lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin
mail:x:8:12:mail:/var/spool/mail:/sbin/nologin
Part 1 (on Node1 Server)
Task 8 [Managing Local Users and Groups]
Create a user fred with a user ID 3945. Give the password as iamredhatman
See the
Explanation:
*
[root@node1 ~]# useradd -u 3945 fred
[root@node1 ~]# echo "iamredhatman" | passwd --stdin fred
Changing password for user fred.
passwd: all authentication tokens updated successfully
Part 1 (on Node1 Server)
Task 7 [Accessing Linux File Systems]
Find all the files owned by user natasha and redirect the output to /home/alex/files.
Find all files that are larger than 5MiB in the /etc directory and copy them to /find/largefiles.
See the
Explanation:
[root@node1 ~]# find / -name natasha -type f > /home/natasha/files
[root@node1 ~]# cat /home/natasha/files
/var/spool/mail/natasha
/mnt/shares/natasha
[root@node1 ~]# mkdir /find
[root@node1 ~]# find /etc -size +5M > /find/largefiles
[root@node1 ~]# cat /find/largefiles
/etc/selinux/targeted/policy/policy.31
/etc/udev/hwdb.bin
Part 1 (on Node1 Server)
Task 6 [Accessing Linux File Systems]
Find all lines in the file /usr/share/mime/packages/freedesktop.org.xml that contain the string ich.
Put a copy of these lines in the original order in the file /root/lines.
/root/lines should contain no empty lines and all lines must be exact copies of the original lines in
/usr/share/mime/packages/freedesktop.org.xml
See the
Explanation:
*
[root@node1 ~]# cat /usr/share/mime/packages/freedesktop.org.xml | grep ich > /root/lines
[root@node1 ~]# cat /root/lines
<comment xml:lang="ast">Ficheru codificu en BinHex de Machintosh</comment>
<comment xml:lang="fr">fichier cod Macintosh BinHex</comment>
<comment xml:lang="gl">ficheiro de Macintosh codificado con BinHex</comment>
<comment xml:lang="oc">fichir encodat Macintosh BinHex</comment>
<comment xml:lang="pt">ficheiro codificado em BinHex de Macintosh</comment>
<comment xml:lang="fr">fichier bote aux lettres</comment>
Part 1 (on Node1 Server)
Task 5 [Controlling Access to Files with ACLs]
Copy the file /etc/fstab to /var/tmp. Configure the following permissions on /var/tmp/fstab.
The file /var/tmp/fstab is owned by root user
The file /var/tmp/fstab is belongs to the root group
The file /var/tmp/fstab should be executable by anyone
The user harry is able to read and write on /var/tmp/fstab
The user natasha can neither read or write on /var/tmp/fstab
All other users (Current or future) have the ability to read /var/tmp/fstab
See the
Explanation:
*
[root@node1 ~]# cp -p /etc/fstab /var/tmp/
[root@node1 ~]# ls -lrt /etc/fstab
[root@node1 ~]# ls -lrt /var/tmp/fstab
[root@node1 ~]# chmod a+x /var/tmp/fstab
[root@node1 ~]# getfacl /var/tmp/fstab
[root@node1 ~]# setfacl -m u:harry:rw- /var/tmp/fstab
[root@node1 ~]# setfacl -m u:natasha:--- /var/tmp/fstab
[root@node1 ~]# getfacl /var/tmp/fstab
getfacl: Removing leading '/' from absolute path names
# file: var/tmp/fstab
# owner: root
# group: root
user::rwx
user:harry:rw-
user:natasha:---
group::r-x
mask::rwx
other::r-x
*
[root@node1 ~]# su - natasha
[natasha@node1 ~]$ cat /var/tmp/fstab
cat: /var/tmp/fstab: Permission denied
Part 1 (on Node1 Server)
Task 4 [Controlling Access to Files]
Create collaborative directory /mnt/shares with the following characteristics:
Group ownership of /mnt/shares should be sharegrp.
The directory should be readable, writable and accessible to member of sharegrp but not to any
other user. (It is understood that root has access to all files and directories on the system)
Files created in /mnt/shares automatically have group ownership set to the sharegrp group.
See the
Explanation:
*
[root@node1 ~]# mkdir -p /mnt/shares
[root@node1 ~]# ls -lrt /mnt/
[root@node1 ~]# chgrp sharegrp /mnt/shares/
[root@node1 ~]# chmod 2770 /mnt/shares/
[root@node1 ~]# ls -lrt /mnt/
### For Checking ###
[root@node1 ~]# su - harry
[harry@node1 ~]$ cd /mnt/shares/
[harry@node1 shares]$ touch harry
[harry@node1 shares]$ logout
[root@node1 ~]# su - natasha
[natasha@node1 ~]$ cd /mnt/shares/
[natasha@node1 shares]$ touch natasha
[natasha@node1 shares]$ ls -lrt
-rw-rw-r--. 1 harry sharegrp 0 Mar 21 06:03 harry
-rw-rw-r--. 1 natasha sharegrp 0 Mar 21 06:03 natasha
Part 1 (on Node1 Server)
Task 3 [Managing Local Users and Groups]
Create the following users, groups and group memberships:
A group named sharegrp
A user harry who belongs to sharegrp as a secondary group
A user natasha who also belongs to sharegrp as a secondary group
A user copper who does not have access to an interactive shell on the system and who is not a
member of sharegrp.
harry, natasha and copper should have the password redhat
See the
Explanation:
* [root@node1 ~]# groupadd sharegrp
[root@node1 ~]# useradd harry
[root@node1 ~]# useradd natasha
[root@node1 ~]# usermod -aG sharegrp harry
[root@node1 ~]# usermod -aG sharegrp natasha
[root@node1 ~]# useradd -s /sbin/nologin copper
[root@node1 ~]# echo "redhat" | passwd --stdin harry
[root@node1 ~]# echo "redhat" | passwd --stdin natasha
[root@node1 ~]# echo "redhat" | passwd --stdin copper
### For Checking ###
[root@node1 ~]# su - copper
This account is currently not available.
[root@node1 ~]# su - natasha
[root@node1 ~]# id
[root@node1 ~]# su - harry
[root@node1 ~]# id
Part 1 (on Node1 Server)
Task 2 [Installing and Updating Software Packages]
Configure your system to use this location as a default repository:
http://utility.domain15.example.com/BaseOS
http://utility.domain15.example.com/AppStream
Also configure your GPG key to use this location
http://utility.domain15.example.com/RPM-GPG-KEY-redhat-release
See the
Explanation:
* [root@node1 ~]# vim /etc/yum.repos.d/redhat.repo
[BaseOS]
name=BaseOS
baseurl=http://utility.domain15.example.com/BaseOS
enabled=1
gpgcheck=1
gpgkey=http://utility.domain15.example.com/RPM-GPG-KEY-redhat-release
[AppStream]
name=AppStream
baseurl=http://utility.domain15.example.com/AppStream
enabled=1
gpgcheck=1
gpgkey=http://utility.domain15.example.com/RPM-GPG-KEY-redhat-release
[root@node1 ~]# yum clean all
[root@node1 ~]# yum repolist
[root@node1 ~]# yum list all
Part 1 (on Node1 Server)
Task 1 [Managing Networking]
Please create new network connection with existing interface (enp1s0) using provided values:
IPv4: 172.25.X.10/255.255.255.0 (where X is your domain number: Domain15)
Gateway: 172.25.X.2
DNS server: 172.25.X.2
Add the following secondary IP addresses statically to your current running connection. Do this in a
way that does not compromise your existing settings:
IPv4: 10.0.0.5/24 and set the hostname node1.domain15.example.com
See the
Explanation:
*
[root@node1 ~]# nmcli connection show
[root@node1 ~]# nmcli connection add con-name static ifname enp1s0 type ethernet ipv4.addresses
172.25.15.10/24 ipv4.gateway 172.25.15.2 ipv4.dns 172.25.15.2
[root@node1 ~]# nmcli connection modify static ipv4.method manual connection.autoconnect yes
[root@node1 ~]# nmcli connection modify static +ipv4.addresses 10.0.0.5/24
[root@node1 ~]# nmcli connection up static
[root@node1 ~]# nmcli connection show
[root@node1 ~]# hostnamectl set-hostname node1.domain15.example.com
[root@node1 ~]# hostnamectl status
[root@node1 ~]# nmcli connection down static
*
[root@node1 ~]# nmcli connection up static
[root@node1 ~]# ip addr show
[root@node1 ~]# reboot
### For checking ###
[root@node1 ~]# ip addr show
[root@node1 ~]# netstat -nr
[root@node1 ~]# cat /etc/resolv.conf