LABSDuring the Red Hat exams, the tasks will be presented electronically. Therefore, this book presents most of the labs electronically as well. For more information, see the Lab Questions section toward the end of Chapter 10. Most of the labs for this chapter are straightforward and require a very few commands or changes to one or two configuration files.Lab 1In this lab, you’ll set up a GPG key pair and test the result on the 56510-labs.txt file. This lab requires the use of two different systems. The and systems are ideal for this purpose.1.On the system, copy the 56510-labs.txt file to a regular user homedirectory.2.On the system, create a private-public key pair using RSA encryption.3.Copy the public key to the system, and then import it.4.Encrypt the 56510-labs.txt file.5.Copy the encrypted file to the system.6.Decrypt the 56510-labs.txt file on the system.Lab 2Think about bastion systems. One implicit lesson of this chapter is to minimize what’s installed. In other words, if it isn’t installed, a cracker can’t take advantage of it. This lab uses the rpm commands discussed in Chapter 7. While that is a RHCSA topic, those are fundamental skills for RHCEs. Strictly speaking, this lab does not directly address any RHCE objectives. So if you’re pressed for time, skip this lab. But it does point to a fundamental way to keep a RHEL 6 system secure.To that end, review t he current contents of the /etc/init.d directory. It’s a handy reference point for currently installed services. Don’t uninstall anything at this time. If you don’t recognize a script in the /etc/init.d directory, identify the associated package. For example, to identify the package associated with the abrtd script in that directory, run the following command:$ rpm -qf /etc/init.d/abrtdThat identifies the abrt RPM package. To learn more about that package, run the following command:$ rpm -qi abrtYou don't need all of the services shown in the /etc/init.d directory. Save the results in a text file. For example, I’d include the following scripts from that directory as potential packages to remove:abrtdatdavahibluetoothLab 3You want to configure a firewall to accommodate a secure Web server that supports inbound requests to both the regular and secure Web server protocols. The system should also accept remote communications to the local SSH server. What do you do?Lab 4You want to set up Telnet service on your internal LAN, accessible only to one specific IP address. You want to block access from outside the LAN. Assume that your LAN’s network address is 192.168.122.0, and the IP address of the computer that should get access is192.168.122.150. For the purpose of this lab, feel free to substitute the IP address of a second Linux computer on the local network. What do you do?Lab 5You want to use TCP Wrappers to limit access to the local SSH server. First, what do you do to confirm that SSH can be prot ected by TCP Wrappers? Once you’ve done so, make needed changes to make sure the SSH server on the system can be accessed only from the system.This lab assumes you’ve installed the vsFTP server as discussed in Chapter 1. While the basic installation of an FTP file server is an RHCSA skill, detailed configuration is an RHCE skill discussed in Chapter 16. The focus of this lab starts with the /etc/vsftpd/ftpusers file. As noted in that file, it’s a list of users who are not allowed to log in to the local vsFTP server. For security, it’s an excellent idea to retain the /etc/vsftpd/ftpusers file.The objective of this lab is to configure and limit access through the FTP server to one regular user account.LABSDuring the Red Hat exams, the tasks will be presented electronically. Therefore, this book presents most of the labs electronically as well. For more information, see the Lab Questions section toward the end of Chapter 12. Most of the labs for this chapter are straightforward and require a very few commands or changes to one or two configuration files.Lab 1In this lab, you’ll create a script that backs up all files from the /etc directory to a newly created /backup directory. In practice, you might choose to run that kind of script on a relatively infrequent basis, perhaps weekly. However, for the purpose of this lab, make sure it’s run on an hourly basis.Once the script is configured, you may not have an hour to wait. In that case, run an appropriate date command to move the local clock ahead to the next hour. For example, if the current date is 11:43 A.M. on July 11, the following command sets the current time to noon:$ date 07111200Lab 2In this lab, you’ll disable responses to the ping command, using kernel settings. (On an exam, it would also be acceptable to disable responses to the ping command with the help of the Firewall Configuration tool. But when possible, it’s good to know more than one method.)Make a copy of the /etc/vsftpd/vsftpd.conf file. Set it up as an RPM package, to be installed in the /opt/sampleftp directory.Lab 4Copy the OVERVIEW file from the /usr/share/doc/postfix-2.6.6/README_FILES directory. Set it up as an RPM package, to be installed in the /opt/postfixinfo directory.Lab 5On the system, set up a custom route to the network with the system. Use the same gateway address as the default gateway.Lab 6In this lab, you’ll take the system and set it up as a Kerber os client. Assume the LDAP server is on system 192.168.100.1; the KDC is located on system; and the Kerberos admin server can be found on that same system. Since Kerberos will be used, TLS is not required for LDAP.If the system is on a different subnet, substitute the IPv4 gateway address for the system for 192.168.100.1.LABSDuring the Red Hat exams, the tasks will be presented electronically. Therefore, this book presents most of the labs electronically as well. For more information, see the Lab Questions section toward the end of Chapter 13. Most of the labs for this chapter are straightforward and require a very few commands or changes to one or two configuration files.Lab 1Configure Postfix to enable authentication on the physical host system. Do not make any additional changes to the local system. Make sure e-mails can be sent from user to user locally. Forward e-mails directed to the local root account to a regular account on the local system.Configure the Postfix system in Lab 1 to support access from the network, or the corresponding IP address network. Configure a system on as a Postfix smart host, forwarding to the physical host system.Lab 3Configure the Postfix system in Lab1 to prohibit access from the network (or the corresponding IP address network). Do not allow access from any network other than .Lab 4Set up the sendmail service. Make sure the Postfix service is no longer operational, but keep it ready for use.Lab 5Configure sendmail to accept connections from the local system with both IPv4 and IPv6 addressing. Do not make any additional changes to the local system. Make sure e-mails can be sent from user to user locally. Forward e-mails directed to the local root account to a regular account on the local system.Lab 6Configure the sendmail system from Lab 5 to support access from the network, or the corresponding IP address network. Configure a system on as a sendmail smart host, forwarding to the physical host system.Lab 7Configure the sendmail system configured in Lab 5 to prohibit access from the network (or the corresponding IP address network). Do not allow access from any network other than . IPv6 addressing is not required.RHCSA Sample Exam 2You may either start with the preconfigured RHEL 6 system described in Appendix A. If necessary, make sure that system is currently powered down. As discussed in Appendix A, a current repository of the installation DVD is available from an FTP server configured on the local system. You’ll have two and a half hours to complete the following tasks:1.Install VM software on the local system.e the ks2.cfg file from the Exams/ subdirectory to create a virtual machine. Modify as needed toset up a system with hostname on IPv4 address 192.168.100.101. (If there’s a conflict with other hardware, IP address 192.168.101.101 is an acceptable IPv4 address for.)The additional steps in this exam should be applied to the system. If you were not successful creating an system, it’s acceptable to set it up on the local physical host system.e ssh to access the VM, as if it were a remote system.4.Configure a new partition of 500MB in the available empty space of the drive, formatted to ext4.5.Configure that volume on the new /cooks directory, with the ACL option.6.Set up additional swap space in the remaining empty space of the drive.7.Make sure that the new /cooks directory and swap space are automatically mounted the next timethe system is booted. Use the UUID of the new volume.8.Configure the following users: linus, richard, mark, bill. Deny users bill and richard access to the/cooks directory. Allow access to all other users.9.Set up the automounter, and configure it to read the DVD on the /misc/dvd directory.10.Download a different kernel from the Chapter7/ subdirectory of the book CD. Install that kernel.Make sure the bootloader default points to the original kernel.11.Set up the system to boot by default into runlevel 3.12.Install and configure the vsFTP server with one twist: make sure that anonymous users who connectare sent to the /ftp directory.13.Configure a local NTP server on one virtual machine system. Set this NTP server to point to thephysical host.14.Make sure SELinux is set in permissive mode. (You’re still responsible for any problems related toSELinux.)15.Power down the exam system.。
![红帽7RHCSA考证训练题详解2[5页][002]](https://img.taocdn.com/s1/m/cff65d2333d4b14e8424686a.png)
