RHCE Questions

You will note that some requirements specify that a service should not be available from the
DNS
domain cracker.org. All systems in that domain are in the
172.24.0.0/255.255.0.0 subnet, and all systems in that subnet are in cracker.org.

1. Create a repositary for

http://station.domain254.example.com/pub/rhel6/dvd

Ans:
[root@krishna ~]# vi /etc/yum.repo.d/sample.repo
[rhec]
baseurl=http://station.domainx.example.com/pub/rhel6/dvd
gpgckeck=0

save& quit

[root@krishna ~]# yum clean all

[root@krishna ~]# yum list all

2. Configure SELINUX
-The machine should be running in enforcing mode

[root@krishna ~]# vi /etc/selinux/config

[root@krishna ~]# cat /etc/selinux/config

# This file controls the state of SELinux on the system.

# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
SELINUX=enforcing
# SELINUXTYPE= can take one of these two values:
# targeted - Targeted processes are protected,
# mls - Multi Level Security protection.
SELINUXTYPE=targeted
 3. Cronfigure Cron deny

[root@krishna ~]# yum install cron* -y

Loaded plugins: fastestmirror, refresh-packagekit, security
Loading mirror speeds from cached hostfile
* base: centosmirror.go4hosting.in
* extras: mirrors.digipower.vn
* updates: centosmirror.go4hosting.in
Setting up Install Process
Package crontabs-1.10-33.el6.noarch already installed and latest version
Package cronie-anacron-1.4.4-7.el6.x86_64 already installed and latest version
Package cronie-1.4.4-7.el6.x86_64 already installed and latest version
Resolving Dependencies

Transaction Test Succeeded

Running Transaction
Installing : cronie-noanacron-1.4.4-7.el6.x86_64 1/1
Verifying : cronie-noanacron-1.4.4-7.el6.x86_64 1/1

Installed:
cronie-noanacron.x86_64 0:1.4.4-7.el6

Complete!

[root@krishna ~]# vi /etc/cron.deny

[root@krishna ~]# cat /etc/cron.deny

Lason

root@krishna ~]# chkconfig crond on

[root@krishna ~]# service crond restart
Stopping crond: [ OK ]
Starting crond: [ OK ]

-Configure a cron access Lason should not be allowed to use cron

Note:This restriction must not affect any other user

4 .Configure Boot Parameter

-Modify your system ,so that when it boots the parameter.kernstack is set to value of [1].
[root@krishna ~]# cat /etc/grub.conf
# grub.conf generated by anaconda
#
# Note that you do not have to rerun grub after making changes to this file
# NOTICE: You have a /boot partition. This means that
# all kernel and initrd paths are relative to /boot/, eg.
# root (hd0,0)
# kernel /vmlinuz-version ro root=/dev/mapper/vg_krishna-lv_root
# initrd /initrd-[generic-]version.img
#boot=/dev/sda
default=0
timeout=5
splashimage=(hd0,0)/grub/splash.xpm.gz
hiddenmenu
title CentOS (2.6.32-358.23.2.el6.x86_64)
root (hd0,0)
kernel /vmlinuz-2.6.32-358.23.2.el6.x86_64 ro root=/dev/mapper/vg_krishna-lv_root
rd_NO_LUKS rd_LVM_LV=vg_krishna/lv_swap rd_NO_MD SYSFONT=latarcyrheb-sun16
crashkernel=auto KEYBOARDTYPE=pc KEYTABLE=us rd_LVM_LV=vg_krishna/lv_root
rd_NO_DM LANG=en_US.UTF-8 rhgb quiet
initrd /initramfs-2.6.32-358.23.2.el6.x86_64.img
title CentOS (2.6.32-358.el6.x86_64)
root (hd0,0)
kernel /vmlinuz-2.6.32-358.el6.x86_64 ro root=/dev/mapper/vg_krishna-lv_root
rd_NO_LUKS rd_LVM_LV=vg_krishna/lv_swap rd_NO_MD SYSFONT=latarcyrheb-sun16
crashkernel=auto KEYBOARDTYPE=pc KEYTABLE=us kernstack=1
rd_LVM_LV=vg_krishna/lv_root rd_NO_DM LANG=en_US.UTF-8 rhgb quiet
initrd /initramfs-2.6.32-358.el6.x86_64.img

Note:your changes should be visible from /proc/cmdline.

[root@krishna ~]# cat /proc/cmdline

ro root=/dev/mapper/vg_krishna-lv_root rd_NO_LUKS rd_LVM_LV=vg_krishna/lv_swap
rd_NO_MD SYSFONT=latarcyrheb-sun16 KEYBOARDTYPE=pc KEYTABLE=us
rd_LVM_LV=vg_krishna/lv_root rd_NO_DM LANG=en_US.UTF-8 rhgb quiet krenstack=1

5.Mount An IMAGE FILE

[root@krishna ~]# mkdir /mnt/iso

-configure your system so that the filesystem image located in
/root/test.iso is automatically mount on /mnt/container at system
boot time
[root@krishna ~]# cat /etc/fstab

#
# /etc/fstab
# Created by anaconda on Mon Dec 31 19:08:36 2001
#
# Accessible filesystems, by reference, are maintained under '/dev/disk'
# See man pages fstab(5), findfs(8), mount(8) and/or blkid(8) for more info
#
/dev/mapper/vg_krishna-lv_root / ext4 defaults 11
UUID=01300747-5655-408b-93d2-66c4ced493d6 /boot ext4 defaults 12
/dev/mapper/vg_krishna-lv_home /home ext4 defaults 12
/dev/mapper/vg_krishna-lv_swap swap swap defaults 00
tmpfs /dev/shm tmpfs defaults 00
devpts /dev/pts devpts gid=5,mode=620 0 0
sysfs /sys sysfs defaults 00
proc /proc proc defaults 00
/root/CentOS-6.4-x86_64-bin-DVD1.iso /mnt/iso iso9660 loop 0 0

[root@krishna ~]# mkdir /mnt/iso

[root@krishna ~]# mount -a
[root@krishna ~]# df -h

6. Configure a FTP access

-Implement An FTP server for the following requirements.

(i)The FTP server allows anonymous file downloads from /var/ftp/pub

(ii)The clients outside the example.com should not have the anonymous FTP
access in your machine
[root@krishna ~]# yum install vsftp* -y
Loaded plugins: fastestmirror, refresh-packagekit, security
Loading mirror speeds from cached hostfile
* base: centosmirror.go4hosting.in
* extras: mirrors.digipower.vn
* updates: centosmirror.go4hosting.in
Setting up Install Process
Resolving Dependencies
--> Running transaction check
---> Package ftp.x86_64 0:0.17-53.el6 will be installed
--> Finished Dependency Resolution
Transaction Test Succeeded
Running Transaction
Installing : vsftp-0.17-53.el6.x86_64 1/1
Verifying : vsftp-0.17-53.el6.x86_64 1/1

Installed:
vsftp.x86_64 0:0.17-53.el6

Complete!

[root@krishna ~]# chkconfig vsftpd on

[root@krishna ~]# service vsftpd start
Starting vsftpd for vsftpd: [ OK ]

[root@krishna ~]# cat /etc/vsftpd/vsftpd.conf

# Example config file /etc/vsftpd/vsftpd.conf
# READ THIS: This example file is NOT an exhaustive list of vsftpd options.
# Please read the vsftpd.conf.5 manual page to get a full idea of vsftpd's
# capabilities.
#
# Allow anonymous FTP? (Beware - allowed by default if you comment this out).
anonymous_enable=YES

[root@krishna ~]# getsebool -a | grep ftp

allow_ftpd_anon_write --> off
allow_ftpd_full_access --> off
allow_ftpd_use_cifs --> off
allow_ftpd_use_nfs --> off
ftp_home_dir --> off

[root@krishna ~]# setsebool -P allow_ftpd_full_access on

[root@krishna ~]# getsebool -a | grep ftp
allow_ftpd_anon_write --> off
allow_ftpd_full_access --> on
allow_ftpd_use_cifs --> off
[root@krishna ~]# vi /etc/hosts.deny

#
# hosts.deny This file contains access rules which are used to
# deny connections to network services that either use
# the tcp_wrappers library or that have been
# started through a tcp_wrappers-enabled xinetd.
#
# The rules in this file can also be set up in
# /etc/hosts.allow with a 'deny' option instead.
#
# See 'man 5 hosts_options' and 'man 5 hosts_access'
# for information on rule syntax.
# See 'man tcpd' for information on tcp_wrappers
#
vsftpd: ALL EXCEPT 192.168.1.0/255.255.255.0

7.Configure an Email alias

[root@krishna ~]# yum install postfix* -y

Loaded plugins: fastestmirror, refresh-packagekit, security
Loading mirror speeds from cached hostfile
* base: centosmirror.go4hosting.in
* extras: mirrors.digipower.vn
* updates: centosmirror.go4hosting.in
Setting up Install Process
Package 2:postfix-2.6.6-2.2.el6_1.x86_64 already installed and latest version
Resolving Dependencies
--> Running transaction check
---> Package postfix-perl-scripts.x86_64 2:2.6.6-2.2.el6_1 will be installed
--> Processing Dependency: perl(Date::Calc) for package: 2:postfix-perl-scripts-2.6.6-
2.2.el6_1.x86_64
--> Running transaction check
---> Package perl-Date-Calc.noarch 0:6.3-2.el6 will be installed
--> Processing Dependency: perl(Bit::Vector) >= 7.1 for package: perl-Date-Calc-6.3-
2.el6.noarch

Running Transaction
Installing : perl-Carp-Clan-6.03-2.el6.noarch 1/4
Installing : perl-Bit-Vector-7.1-2.el6.x86_64 2/4
Installing : perl-Date-Calc-6.3-2.el6.noarch 3/4
Installing : 2:postfix-perl-scripts-2.6.6-2.2.el6_1.x86_64 4/4
Verifying : perl-Carp-Clan-6.03-2.el6.noarch 1/4
Verifying : perl-Bit-Vector-7.1-2.el6.x86_64 2/4
Verifying : perl-Date-Calc-6.3-2.el6.noarch 3/4
Verifying : 2:postfix-perl-scripts-2.6.6-2.2.el6_1.x86_64 4/4

Installed:
postfix-perl-scripts.x86_64 2:2.6.6-2.2.el6_1

Dependency Installed:
perl-Bit-Vector.x86_64 0:7.1-2.el6 perl-Carp-Clan.noarch 0:6.03-2.el6
perl-Date-Calc.noarch 0:6.3-2.el6

Complete!

[root@krishna ~]# cat /etc/postfix/main.cf

# See also the proxy_interfaces parameter, for network addresses that

# are forwarded to us via a proxy or network address translator.
#
# Note: you need to stop/start Postfix when this parameter changes.
#
inet_interfaces = all
#inet_interfaces = $myhostname
#inet_interfaces = $myhostname, localhost
#inet_interfaces = localhost

# Enable IPv4, and IPv6 if supported

inet_protocols = all
 -confiure an email alias for your MTA such that the mail sent to gls is receiced by the local
user "anand"
[root@krishna ~]# cat /etc/aliases

webmaster: root
noc: root
security: root
hostmaster: root
info: postmaster
marketing: postmaster
sales: postmaster
support: postmaster
gls: anand

7.1 Configure a group e-mail alias

-configure an e-mail alias for your MTA.such that mail sent to(acct)is received by the local
users
(i)anand,sasi,Rajkumar

[root@krishna ~]# cat /etc/aliases

marketing: postmaster
sales: postmaster
support: postmaster
gls: anand
acct: anand,sasi,Rajkumar

[root@krishna ~]# chkconfig postfix on

[root@krishna ~]# service postfix restart

Shutting down postfix: [ OK ]
Starting postfix: [ OK ]

7.1 Configure SMTP

-configure your system to provide SMTP mail service according to the following
requirements

(i)your mail server should accept mail from remote hosts and local host.
(ii)harry must able to receive mail from remote hosts
iii)mail delivered to harry should spool into the default mail
spool for harry,/var/spool/mail/harry

[root@krishna ~]# mail sasi

Subject: hi
hru
EOT
[root@krishna ~]# cat /var/spool/mail/sasi
From [email protected] Mon Nov 11 15:10:37 2013
Return-Path: <[email protected]>
X-Original-To: sasi
Delivered-To: [email protected]
Received: by krishna.localdomain (Postfix, from userid 0)
id B70F01A0198; Mon, 11 Nov 2013 15:10:37 -0500 (EST)
Date: Mon, 11 Nov 2013 15:10:37 -0500
To: [email protected]
Subject: hi
User-Agent: Heirloom mailx 12.4 7/29/08
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Message-Id: <[email protected]>
From: [email protected] (root)

hru

8. [root@krishna ~]# yum install nfs* -y

Loaded plugins: fastestmirror, refresh-packagekit, security
Loading mirror speeds from cached hostfile
* base: centosmirror.go4hosting.in
* extras: mirrors.digipower.vn
* updates: centosmirror.go4hosting.in
Setting up Install Process
Package nfs-utils-lib-1.1.5-6.el6.x86_64 already installed and latest version
Package 1:nfs-utils-1.2.3-36.el6.x86_64 already installed and latest version
Package nfs4-acl-tools-0.3.3-6.el6.x86_64 already installed and latest version
Resolving Dependencies
--> Running transaction check
---> Package nfs-utils-lib-devel.x86_64 0:1.1.5-6.el6 will be installed
--> Processing Dependency: pkgconfig(libgssglue) for package: nfs-utils-lib-devel-1.1.5-
6.el6.x86_64
--> Running transaction check
---> Package libgssglue-devel.x86_64 0:0.1-11.el6 will be installed
Running Transaction
Installing : libgssglue-devel-0.1-11.el6.x86_64 1/2
Installing : nfs-utils-lib-devel-1.1.5-6.el6.x86_64 2/2
Verifying : nfs-utils-lib-devel-1.1.5-6.el6.x86_64 1/2
Verifying : libgssglue-devel-0.1-11.el6.x86_64 2/2
Installed:
nfs-utils-lib-devel.x86_64 0:1.1.5-6.el6

Dependency Installed:
libgssglue-devel.x86_64 0:0.1-11.el6

Complete!

[root@krishna ~]# chkconfig nfs on

[root@krishna ~]# service nfs restart
Shutting down NFS daemon: [FAILED]
Shutting down NFS mountd: [FAILED]
Shutting down NFS quotas: [FAILED]
Starting NFS services: [ OK ]
Starting NFS quotas: [ OK ]
Starting NFS mountd: [ OK ]
Stopping RPC idmapd: [ OK ]
Starting RPC idmapd: [ OK ]
Starting NFS daemon: [ OK ]

[root@krishna ~]# service nfs restart

Shutting down NFS daemon: [ OK ]
Shutting down NFS mountd: [ OK ]
Shutting down NFS quotas: [ OK ]
Starting NFS services: [ OK ]
Starting NFS quotas: [ OK ]
Starting NFS mountd: [ OK ]
Stopping RPC idmapd: [ OK ]
Starting RPC idmapd: [ OK ]
Starting NFS daemon: [ OK ]

[root@krishna ~]# service nfslock restart

Stopping NFS locking: [ OK ]

Stopping NFS statd: [ OK ]
Starting NFS statd: [ OK ]

(i)export your /common directory via NFS to the example.com domain or ip

[root@krishna ~]# mkdir /common

[root@krishna ~]# vi /etc/export
/common 192.168.0.0/255.255.255.0(wr)
[root@krishna ~]# exportfs -a

[root@krishna ~]# service nfs restart

Shutting down NFS daemon: [ OK ]

Shutting down NFS mountd: [ OK ]
Shutting down NFS quotas: [ OK ]
Shutting down NFS services: [ OK ]
Starting NFS services: [ OK ]
Starting NFS quotas: [ OK ]
Starting NFS mountd: [ OK ]
Stopping RPC idmapd: [ OK ]
Starting RPC idmapd: [ OK ]
Starting NFS daemon: [ OK ]

[root@krishna ~]# service nfslock restart

Stopping NFS locking: [ OK ]

Stopping NFS statd: [ OK ]
Starting NFS statd: [ OK ]

Client side
[root@vrndavan ~]# mkdir /var/ftp

[root@vrndavan ~]# mount -t nfs 192.168.1.71:/common/ /var/nfs/

[root@vrndavan ~]# mount
/dev/mapper/vg_vrndavan-lv_root on / type ext4 (rw)
proc on /proc type proc (rw)
sysfs on /sys type sysfs (rw)
devpts on /dev/pts type devpts (rw,gid=5,mode=620)
tmpfs on /dev/shm type tmpfs (rw)
/dev/sda1 on /boot type ext4 (rw)
/dev/mapper/vg_vrndavan-lv_home on /home type ext4 (rw)
none on /proc/sys/fs/binfmt_misc type binfmt_misc (rw)
sunrpc on /var/lib/nfs/rpc_pipefs type rpc_pipefs (rw)
nfsd on /proc/fs/nfsd type nfsd (rw)
192.168.1.71:/common/ on /var/nfs type nfs
(rw,vers=4,addr=192.168.1.71,clientaddr=192.168.1.70)

[root@vrndavan ~]# vi /etc/fstab

[root@vrndavan nfs]# cat /etc/fstab

#
# /etc/fstab
# Created by anaconda on Wed Aug 14 22:46:20 2013
#
# Accessible filesystems, by reference, are maintained under '/dev/disk'
# See man pages fstab(5), findfs(8), mount(8) and/or blkid(8) for more info
#
/dev/mapper/vg_vrndavan-lv_root / ext4 defaults 11
UUID=638d1e1a-cc4c-402d-a3dc-7fbee2ecafe9 /boot ext4 defaults 12
/dev/mapper/vg_vrndavan-lv_home /home ext4 defaults 12
/dev/mapper/vg_vrndavan-lv_swap swap swap defaults 00
tmpfs /dev/shm tmpfs defaults 00
devpts /dev/pts devpts gid=5,mode=620 0 0
sysfs /sys sysfs defaults 00
proc /proc proc defaults 00

192.168.1.71:/common /var/nfs/ nfs rw,sync,hard,intr 0 0

Note:Because you will not have root access you will not be able directly mount your
exported
/common directory on your virtual system,however autofs is running on your physical

[root@vrndavan ~]# mount

/dev/mapper/vg_vrndavan-lv_root on / type ext4 (rw)
proc on /proc type proc (rw)
sysfs on /sys type sysfs (rw)
devpts on /dev/pts type devpts (rw,gid=5,mode=620)
tmpfs on /dev/shm type tmpfs (rw)
/dev/sda1 on /boot type ext4 (rw)
/dev/mapper/vg_vrndavan-lv_home on /home type ext4 (rw)
none on /proc/sys/fs/binfmt_misc type binfmt_misc (rw)
sunrpc on /var/lib/nfs/rpc_pipefs type rpc_pipefs (rw)
nfsd on /proc/fs/nfsd type nfsd (rw)
192.168.1.71:/common/ on /var/nfs type nfs
(rw,vers=4,addr=192.168.1.71,clientaddr=192.168.1.70)
[root@vrndavan ~]# df -h
Filesystem Size Used Avail Use% Mounted on
/dev/mapper/vg_vrndavan-lv_root
50G 35G 13G 75% /
tmpfs 1.9G 900K 1.9G 1% /dev/shm
/dev/sda1 485M 93M 368M 21% /boot
/dev/mapper/vg_vrndavan-lv_home
176G 6.8G 161G 5% /home
192.168.1.71:/common/
 50G 9.5G 38G 21% /var/nfs

9 .SAMBA
– Your SMB server must be a member of the SMBGROUP workgroup
– The share’s name must be common
– The common share must be available to example.com domain clients only
– The common share must be browseable
– GNANA must have read access to the share, authenticating with the same
password

[root@krishna ~]# yum install samba* -y

Loaded plugins: fastestmirror, refresh-packagekit, security
Loading mirror speeds from cached hostfile
* base: centosmirror.go4hosting.in
* extras: mirrors.digipower.vn
* updates: centosmirror.go4hosting.in
Setting up Install Process
Package samba-common-3.6.9-151.el6_4.1.x86_64 already installed and latest version
Package samba4-libs-4.0.0-55.el6.rc4.x86_64 already installed and latest version
Package samba-client-3.6.9-151.el6_4.1.x86_64 already installed and latest version
Package samba-winbind-3.6.9-151.el6_4.1.x86_64 already installed and latest version
Package samba-winbind-clients-3.6.9-151.el6_4.1.x86_64 already installed and latest version
Resolving Dependencies
--> Running transaction check
---> Package samba.x86_64 0:3.6.9-151.el6_4.1 will be installed
---> Package samba-doc.x86_64 0:3.6.9-151.el6_4.1 will be installed
---> Package samba-domainjoin-gui.x86_64 0:3.6.9-151.el6_4.1 will be installed
---> Package samba-swat.x86_64 0:3.6.9-151.el6_4.1 will be installed
--> Processing Dependency: xinetd for package: samba-swat-3.6.9-151.el6_4.1.x86_64
---> Package samba-winbind-devel.x86_64 0:3.6.9-151.el6_4.1 will be installed
---> Package samba-winbind-krb5-locator.x86_64 0:3.6.9-151.el6_4.1 will be installed
---> Package samba4.x86_64 0:4.0.0-55.el6.rc4 will be installed
---> Package samba4-client.x86_64 0:4.0.0-55.el6.rc4 will be installed
---> Package samba4-common.x86_64 0:4.0.0-55.el6.rc4 will be installed
---> Package samba4-dc.x86_64 0:4.0.0-55.el6.rc4 will be installed

Total download size: 5.0 M

Installed size: 18 M
Downloading Packages:
samba-3.6.9-151.el6_4.1.x86_64.rpm | 5.0 MB 02:17
Running rpm_check_debug
Running Transaction Test
Transaction Test Succeeded
Running Transaction
Installing : samba-3.6.9-151.el6_4.1.x86_64 1/1
Verifying : samba-3.6.9-151.el6_4.1.x86_64 1/1

Installed:
samba.x86_64 0:3.6.9-151.el6_4.1

Complete!

[root@vrndavan ~]# chkconfig smb on

[root@vrndavan ~]# chkconfig nmb on
[root@vrndavan ~]#service smb restart
[root@vrndavan ~]#service nmb restart
[root@vrndavan ~]# vi /etc/samba/smb.conf
workgroup = SMBGROUP
server string = Samba Server Version %v

; netbios name = MYSERVER

; interfaces = lo eth0 192.168.12.2/24 192.168.13.2/24

hosts allow = 192.168.1.0/24

[samba]
path = /samba
browseable = yes
write list = no

[root@krishna ~]# useradd gnana

[root@krishna ~]# passwd gnana
Changing password for user gnana.
New password:
BAD PASSWORD: it is too short
BAD PASSWORD: is too simple
Retype new password:
passwd: all authentication tokens updated successfully.

[root@krishna ~]# smbpasswd -a gnana

New SMB password:
Retype new SMB password:
Added user gnana.

[root@krishna ~]# smbpasswd -e gnana

Enabled user gnana.
[root@krishna ~]#

[root@krishna ~]# getsebool -a | grep samba

samba_create_home_dirs --> off
samba_domain_controller --> off
samba_enable_home_dirs --> off
samba_export_all_ro --> off

[root@krishna ~]# setsebool -P samba_enable_home_dirs on

[root@krishna ~]# getsebool -a | grep samba
samba_create_home_dirs --> off
samba_domain_controller --> off
samba_enable_home_dirs --> on
samba_export_all_ro --> off
samba_export_all_rw --> off
samba_portmapper --> off
samba_run_unconfined --> off
samba_share_fusefs --> off
samba_share_nfs --> off
sanlock_use_samba --> off
use_samba_home_dirs --> off
virt_use_samba --> off

[root@krishna ~]# chcon -R -t samba_share_t /samba/

[root@krishna ~]# service smb restart

Shutting down SMB services: [ OK ]
Starting SMB services: [ OK ]
[root@krishna ~]# service nmb restart
Shutting down NMB services: [ OK ]
Starting NMB services: [ OK ]

ssh server
– susan has remote SSH access to your machine from within example.com
– Clients within cracker.org should NOT have access to ssh on your system

[root@krishna ~]# yum install openssh* -y

[root@krishna ~]# chkconfig sshd on
[root@krishna ~]# service sshd restart
Stopping sshd: [ OK ]
Starting sshd: [ OK ]
[root@krishna ~]# vi /etc/host
host.conf hosts hosts.allow hosts.deny
[root@krishna ~]# vi /etc/hosts.deny
[root@krishna ~]# cat /etc/hosts.deny
sshd: 172.24.0.0/255.255.255.0

10. IP Forwarding
– Enable IP forwarding

[root@krishna ~]# vi /etc/sysctl.conf

[root@krishna ~]# service network restart
[root@krishna ~]# cat /etc/sysctl.conf
# Kernel sysctl configuration file for Red Hat Linux
#
# For binary values, 0 is disabled, 1 is enabled. See sysctl(8) and
# sysctl.conf(5) for more details.

# Controls IP packet forwarding

net.ipv4.ip_forward = 1

# Controls source route verification

net.ipv4.conf.default.rp_filter = 1

# Do not accept source routing

net.ipv4.conf.default.accept_source_route = 0

# Controls the System Request debugging functionality of the kernel

kernel.sysrq = 0

# Controls whether core dumps will append the PID to the core filename.
# Useful for debugging multi-threaded applications.
kernel.core_uses_pid = 1

# Controls the use of TCP syncookies

net.ipv4.tcp_syncookies = 1

# Disable netfilter on bridges.

net.bridge.bridge-nf-call-ip6tables = 0
net.bridge.bridge-nf-call-iptables = 0
net.bridge.bridge-nf-call-arptables = 0

# Controls the default maxmimum size of a mesage queue

kernel.msgmnb = 65536

# Controls the maximum size of a message, in bytes

kernel.msgmax = 65536
# Controls the maximum shared segment size, in bytes
kernel.shmmax = 68719476736

# Controls the maximum number of shared memory segments, in pages

kernel.shmall = 4294967296

11.HTTP SERVER

[root@krishna ~]# yum install http*

Loaded plugins: fastestmirror, refresh-packagekit, security
Loading mirror speeds from cached hostfile
* base: centosmirror.go4hosting.in
* extras: mirrors.digipower.vn
* updates: centosmirror.go4hosting.in
Setting up Install Process
Package httpd-2.2.15-29.el6.centos.x86_64 already installed and latest version
Package httpd-tools-2.2.15-29.el6.centos.x86_64 already installed and latest version
Resolving Dependencies
--> Running transaction check
---> Package httpd-devel.x86_64 0:2.2.15-29.el6.centos will be installed
--> Processing Dependency: apr-util-devel for package: httpd-devel-2.2.15-29.el6.centos.x86_64
--> Processing Dependency: apr-devel for package: httpd-devel-2.2.15-29.el6.centos.x86_64

Verifying : expat-devel-2.0.1-11.el6_2.x86_64 5/5

Installed:
httpd-devel.x86_64 0:2.2.15-29.el6.centos
httpd-manual.noarch 0:2.2.15-29.el6.centos

Dependency Installed:
apr-devel.x86_64 0:1.3.9-5.el6_2
apr-util-devel.x86_64 0:1.3.9-3.el6_0.1
expat-devel.x86_64 0:2.0.1-11.el6_2

Complete!

[root@krishna ~]# chkconfig httpd on

[root@krishna ~]# service httpd restart
Stopping httpd: [FAILED]
Starting httpd: httpd: apr_sockaddr_info_get() failed for krishna
httpd: Could not reliably determine the server's fully qualified domain name, using
127.0.0.1 for ServerName
[ OK ]
[root@krishna ~]# service httpd restart
Stopping httpd: [ OK ]
Starting httpd: httpd: apr_sockaddr_info_get() failed for krishna
httpd: Could not reliably determine the server's fully qualified domain name, using
127.0.0.1 for ServerName
[ OK ]

* Web Server
–Implement a web server for the site http://station.domainX.example.com,
Then perform the following steps:

– Download ftp://station.domain254.example.com/pub/rhce/station.html
– Rename the downloaded file to index.html
– Copy this index.html to the DocumentRoot of your web server
– Do NOT make any modifications to the content of index.html

* create a script under /root/case that provides the following details:

i) when run as /root/case KERNEL it produces the output "USER".
ii) when run as /root/case USER ,it produces the output "KERNEL".
iii) when run without argrument or any other argument, other than KERNEL or USER it sends
the following
output "KERNEL USER"

script

#! /bin/bash

Case “$@” in
KERNEL)echo “USER”;;
USER) echo “KERNEL”;;
*)echo “KERNEL USER”;;

Casc

[root@krishna ~]# chmod u+x script

[root@krishna ~]# ./seript