1:Set up a default configuration webserver.

In the index file, place the sentence This is a

test!.
Make this webserver only accessible to your machine and server1.example.com.
Hint
# yum install httpd
# chkconfig httpd on
# service httpd start
echo This is a test! > /var/www/html/index.html
# iptables -I INPUT -m state state NEW -m tcp -p tcp dport 80 -j ACCEPT
# service iptables save
# vi /etc/httpd/conf/httpd.conf
Order allow,deny
Allow from 127.0.0.1 server1.example.com
# service httpd reload
Question 2 of 12
Setup a /home/rhce directory to facilitate collaboration among the rhce group.
Each member should be able to create files and modify each others files, but should not be able to
delete any one elses files in this directory
Hint
# mkdir /home/rhce
# chown root:rhce /home/rhce
# chmod 770 /home/rhce
# chmod +t /home/rhce
# chmod g+s /home/rhce
Question 3 of 12
Make sure user bobs account expires after one week.
Hint
# date -d +1week
# usermod -e YYYY-MM-DD bob
or # chage -E YYYY-MM-DD bob
# chage -l bob
Question 4 of 12
Add 100MB of swap space to your machine using a logical volume.
Hint
# lvcreate name lv_swap2 size 100M vg
# mkswap /dev/vg/lv_swap2
# swapon /dev/vg/lv_swap2
# vi /etc/fstab
/dev/vg/lv_swap2 swap swap defaults 0 0
Create user accounts named tony, mike, and john each with the redhat password and
belonging to a secondary group called rhce.
Hint
# groupadd rhce
# useradd tony -G rhce; passwd tony
# useradd mike -G rhce; passwd mike
# useradd john -G rhce; passwd john
Question 6 of 12
Expand the file system on /home to 2GB in size
Hint
# lvresize -r -L 2G /dev/vg/lv_home
Set up a default configuration FTP server.
Block ftp connections from hackers.net
Hint
# yum install vsftpd
# chkconfig vsftpd on
# service vsftpd start
# vi /etc/sysconfig/iptables-config
IPTABLES_MODULES=nf_conntrack_ftp nf_nat_ftp
# iptables -I INPUT -m state state NEW -m tcp -p tcp dport 20 -j ACCEPT
# iptables -I INPUT -m state state NEW -m tcp -p tcp dport 21 -j ACCEPT
# service iptables save
# service iptables restart
# vi /etc/hosts.deny
vsftpd: .hackers.net: DENY
Set up a new 100MB logical volume. Encrypt the volume with LUKS and set it up to
automatically decrypt and mount to /crypt at boot.
Use the ext4 filesystem and place an empty file in the root of the encrypted filesystem with a
name of test
Hint
# lvcreate name crypt size 100M vg
# mkdir /crypt
# cryptsetup luksFormat /dev/vg/crypt
# cryptsetup luksOpen /dev/mapper/vg-crypt crypt
# mkfs.ext4 /dev/mapper/crypt
# vi /etc/fstab
/dev/mapper/crypt /crypt ext4 defaults 1 2
# mount -a
# cryptsetup luksAddKey /dev/vg/crypt /etc/keyfile
# chmod 400 /etc/keyfile
# vi /etc/crypttab
crypt /dev/vg/crypt /etc/keyfile
# touch /crypt/tes
Question 9 of 12
Create a new user bob. Give bob, not in the rhce group, read and write access to /home/rhce
Hint
# useradd bob
# passwd bob
# setfacl -R -m u:bob:rwx /home/rhce
Question 10 of 12
Set up a job to delete all of the regular files in the /home/bob directory on the second day of every
month at 8:30 A.M.
Hint
# crontab -e
30 08 02 * * /bin/find /home/bob -type f -exec /bin/rm {} \;
Question 11 of 12
Install the appropriate kernel update
fromhttp://mirrors.kernel.org/centos/6.4/updates/x86_64/Packages.
The following conditions must also be met:
- the updated kernel is the default kernel when the system is rebooted.
- the original kernel remains available and bootable on the system.

Hint
# uname r
# wget http://mirrors.kernel.org/centos/6.4/updates/x86_64/Packages/kernel*
# rpm ivh kernel
# vi /etc/grub.conf
Check for default (0 or 1)

Question 12 of 12
Set up the automounter, and configure it to read the DVD on the /misc/dvd directory.
Hint
# yum install -y autofs
# vi /etc/auto.misc
dvd -fstype=iso9660,ro,nosuid,nodev :/dev/cdrom
# service autofs start

Question 1 of 14
Assume you forget the current root password.
Reboot your server and put the redhat password instead.

Hint
# reboot
Press a at the first GRUB menu at the console.
Type single at the end of the line.
# passwd root
Type redhat.
Question 2 of 14
Create a file named dontcopy in the /root directory and make it impossible to back it up with
thedump command.

Hint
# touch /root/dontcopy
# chattr +d /root/dontcopy
Question 3 of 14
Create a logical volume with the name lv_vol using 180PE (Physical Extents).
Mount it on /mnt with filesystem ext4.
Make it permanently loaded by uuid.
Create a file called tempo into the /mnt directory.

Hint
# lvs
# lvcreate name lv_vol -l 180 vg
# mkfs.ext4 /dev/vg/lv_vol
# blkid | grep lv_vol >> /etc/fstab
vi /etc/fstab
UUID= /mnt ext4 defaults 0 0
# mount /mnt
# df
# touch /mnt/tempo
Question 4 of 14
Create a file called cmd belonging to user and group root in toms directory with the string
/bin/echo Hello! inside.
Configure permissions on it to allow the stevens account to read and execute it but
not andrewnor tom

Hint
# cd /home/tom
# echo /bin/echo Hello! > cmd
# setfacl -m u:steven:r-x cmd
# setfacl -m u:steven:x ../tom
# setfacl -m u:tom: cmd
# setfacl -m u:andrew: cmd
Question 5 of 14
Install the vsftpd package.
Copy the TUNING file coming with the package into the /root directory.

Hint
# yum install -y vsftpd
# rpm -ql vsftpd | grep TUNING
# cd /usr/share/doc/vsftpd
# cp TUNING /root
Question 6 of 14
Remove all the files from the /etc/yum.repos.d directory.
Set up a repository for the Base packages from (US)University of Oklahomas
(http://mirror.oss.ou.edu/centos/) or (Germany)ATrpmss (http://mirror.atrpms.net/centos/) or
(China)Beijing Institute of Technologys (http://mirror.bit.edu.cn/centos/) according to your
geographical localization.

Hint
# cd /etc/yum.repos.d
# /bin/rm *
# vi local.repo
[base]
name=University of Oklahoma Base
baseurl=http://mirror.oss.ou.edu/centos/$releasever/os/$basearch/
enabled=1
gpgcheck=0
# yum clean all
# yum repolist all
Question 7 of 14
Reduce the size of the lv_vol logical volume to 100MB.

Hint
# umount /mnt
# lvreduce size 100M -r /dev/vg/lv_vol
# mount /mnt
Question 8 of 14
Install a httpd server. Make it serve files from /www/html.
Write a file called index.html displaying Hello world!.

Hint
# yum groupinstall -y Web server
# yum install -y setroubleshoot-server elinks
# cp -rp /var/www /www
# cd /etc/httpd/conf
# sed -e s:DocumentRoot \/var/www/html\:DocumentRoot \/www/html\:g httpd.conf >
httpd.conf2
# mv -f httpd.conf2 httpd.conf
# service httpd configtest
# echo Hello world! >/www/html/index.html
# semanage fcontext -a -t httpd_sys_content_t /www(/.*)?
# restorecon -r /www
# iptables -I INPUT -m state state NEW -m tcp -p tcp dport 80 -j ACCEPT
# service iptables save
# chkconfig httpd on
# service httpd start
# elinks http://localhost

Question 9 of 14
Create users andrew, tom, and steven with home directories in /home and passwords redhat.
Make stevens account to expire on May 14, 2015.

Hint
# useradd andrew; passwd andrew
# useradd tom; passwd tom
# useradd steven; passwd steven
# chage -E 2015-05-14 steven; chage -l steven
Question 10 of 14
Create a directory called project in /home.
Create two groups called admins and dbas with gid respectively 50001 and 50002.
Put andrew account into the admins group and steven account into the dbas group, each time as a
secondary group.
Configure the project directory for group collaboration among members of
the admins and dbasgroups with no access for all other users.

Hint
# mkdir /home/project
# groupadd -g 50001 admins; groupadd -g 50002 dbas
# usermod -aG admins andrew
# usermod -aG dbas steven
# setfacl -m g:admins:rwx /home/project
# setfacl -m g:dbas:rwx /home/project
# setfacl -m o: /home/project
Question 11 of 14
Enable the cron access for root and steven users only.

Hint
# echo steven >/etc/cron.allow
Question 12 of 14
Configure a cron job for the root user to search for files named core in the /usr directory and delete
them on every sunday at 11:55pm system time.

Hint
# crontab -e
55 23 * * 0 /bin/find /usr -name core -exec /bin/rm {} \;
Question 13 of 14
Create a script called cmd in the /root directory that displays Zero if no parameter is given,
One if only one and Several if more than one

Hint
# cd /root
# vi cmd
!#/bin/bash
case $# in
0) echo Zero;;
1) echo One;;
*) echo Several;;
esac
# chmod u+x cmd
Question 14 of 14
Allow ssh access only from the 192.168.1.0/24 network.

Hint
# iptables -I INPUT ! -s 192.168.1.0/24 -m tcp -p tcp dport 22 -j REJECT
# service iptables save
RHEL7 RHCSA Sample exam 1

Question 1 of 14
Create two users: john with uid/gid equal to 2000, password 12345678 and davis with uid/gid equal
to 3000, password 87654321. Make davis account validity stopping in one month.

Hint
# useradd -u 2000 john
# passwd john
New password: 12345678
# useradd -u 3000 davis
# passwd davis
New password: 87654321
# date -d +1month
# usermod -e YYYY-MM-DD davis
or # chage -E YYYY-MM-DD davis
# chage -l davis
Question 2 of 14
Allow davis (and only davis) to get full access to johns home directory.

Hint
# setfacl -R -m u:davis:rwx /home/john
Question 3 of 14
Create a directory named /common. Allow john and davis to share documents in
the /commondirectory using a group called team. Both of them can read, write and remove
documents from the other in this directory but any user not member of the group cant.

Hint
# mkdir /common
# groupadd -g 50000 team
# chgrp team /common
# chmod 2770 /common
# usermod -aG team john
# usermod -aG team davis
Question 4 of 14
Create a xfs file system on a new logical volume of 100MB called lv_xfs. Mount it permanently
with uuid under /xfs

Hint
# lvcreate size 100M name lv_xfs /dev/vg
# mkfs.xfs /dev/vg/lv_xfs
# mkdir /xfs
# blkid | grep lv_xfs >> /etc/fstab
# vi /etc/fstab
UUID= /xfs xfs defaults 1 2
# mount -a
Question 5 of 14
Extend the existing xfs file system to a total size of 200MB and add a label called myFS.

Hint
# lvextend size 200M /dev/vg/lv_xfs
or # lvextend size +100M /dev/vg/lv_xfs
# xfs_growfs /xfs
# umount /xfs
# xfs_admin -L myFS /dev/vg/lv_xfs
# mount /xfs


Question 6 of 14
Write a Bash script called prog.sh in the /root directory that creates 40 files of 2MB each with
thefallocate command in the mounted /xfs directory. Each file has got a name as
follows: .file_Nwhere N is a number from 1 to 40.

Hint
cd /root
vi prog.sh
#!/bin/bash
cd /xfs
N=40
while [ "$N" -gt 0 ]
do
fallocate -l 2M .file_$N
N=`expr $N 1`
done

# chmod u+x prog.sh
# ./prog.sh
Question 7 of 14
Create an ext4 file system on a new logical volume of 100MB called lv_ext4. Mount it permanently
under the /ext4 directory. Copy the files previously created into this new space.

Hint
# lvcreate size 100M name lv_ext4 /dev/vg
# mkfs.ext4 /dev/vg/lv_ext4
# mkdir /ext4
# vi /etc/fstab
/dev/vg/lv_ext4 /ext4 ext4 defaults 1 2
# cp -p /xfs/.f* /ext4

Question 9 of 14
Configure a virtual console.
Hint
# grubby update-kernel=ALL args=console=ttyS0
Question 10 of 14
Create a logical volume of 200MB called lv_swap2 and add it permanently to the current swap
space.

Hint
# lvcreate size 200M name lv_swap2 /dev/vg
# mkswap /dev/vg/lv_swap2
# swapon /dev/vg/lv_swap2
vi /etc/fstab
/dev/vg/lv_swap2 swap swap defaults 0 0
Question 11 of 14
Install the Apache package. Allow it to get documents stored on NFS mounted directories.

Hint
# yum install -y httpd
# firewall-cmd permanent add-service=http
# firewall-cmd reload
# systemctl enable httpd
# systemctl start httpd
# getsebool -a | grep nfs | grep httpd
# setsebool httpd_use_nfs on


Question 12 of 14
Create a cron job running as root, starting at 11PM every day and writing a report on daily system
resource consumption in the /var/log/consumption.log file.

Hint
# crontab -e
00 23 * * * /usr/bin/sar -A > /var/log/consumption.log
Question 13 of 14
Set the default target to boot into X Window level (previously level 5).

Hint
# systemctl set-default graphical.target
Question 14 of 14
Change the hostname to mycentos.example.com

Hint
# hostnamectl set-hostname mycentos.example.com