Introducing The New!
Surepassexam Collection
Get Unlimited Access to all
Surepassexam's PREMIUM files
Q1. CORRECT TEXT
Configure the webserver for your local domain. Download a www.html file from
ftp.server1.example.com/pub/rhce and rename it as index.html.
Answer and Explanation:
Your local domain mean example.com domain. Lookup the example.com using host example.com you will get the IP address 192.168.0.254.
1. vi /etc/httpd/conf/httpd.conf
<VirtualHost 192.168.0.254>
ServerName sexample.com
DocumentRoot /var/www/example
DirectoryIndex index.html
ServerAdmin webmaster@example.com
</VirtualHost>
2. mkdir /var/www/example
3. Download the index.html file from the ftp server specified in question
4. Rename the www.html file to index.html
Check the SELinux context of index page , should like this:
-rw-r--r-- root root system_u:object_r:httpd_sys_content_t /var/www/html/index.html
If SELinux Context is mismatched, use the restorecon -R /var command
5. service httpd start|restart
6. chkconfig httpd on
7. check using: links http://example.com
Answer:
Q2. CORRECT TEXT
You have a ftp server having IP address 192.168.0.254. Using iptables, allow the ftp connection only from the internal network where internal network is 192.168.0.0/24.
Answer and Explanation:
1. iptables -t filter -A INPUT -s ! 192.168.0.0/24 -p tcp -d 192.168.0.254 --dport 20 -j DROP
2. iptables -t filter -A INPUT -s ! 192.168.0.0/24 -p tcp -d 192.168.0.254 --dport 21 -j DROP
iptables is the build-in firewall tools, used to filter the packets and for nat. By identifying Source Address, Destination Address, type of protocol, source and destination port we can filter the packets.
-sà Source Address
-dà Destination Address
-p à Layer 3 Protocol
-dàDestination Address
--sportà Source Prot
--dportàDestination Port
-ià Incoming Interface
-oà Outgoing Interface
-t à Table either filter or nat or mangle
-Aà Chain can be either INPUT, OUTPUT, FORWARD, PREROUTING, POSTROUTING.
Answer:
Q3. CORRECT TEXT
You have a domain in your LAN example.com. Configure to allow login to jack only from station10.example.com.
Answer and Explanation:
1. vi /etc/security/access.conf
-:jack:ALL EXCEPT station10.example.com
2. vi /etc/pam.d/system-auth
account required /lib/security/pam_access.so
/etc/security/access.conf file helps to allow or deny login to users on the basis of origin.
Syntax of /etc/security/access.conf
permission : users : origins
The first field should be a "+" (access granted) or "-" (access denied) character.
The second field should be a list of one or more login names, group names, or ALL (always matches). A pattern of the form user@host is matched when the login name matches the "user" part, and when the "host" part matches the local machine name.
The third field should be a list of one or more tty names (for non-networked logins), host names, domain names (begin with "."), host addresses, internet network numbers (end with "."), ALL (always matches) or LOCAL (matches any string that does not contain a "." character).
The EXCEPT operator makes it possible to write very compact rules
Answer:
Q4. CORRECT TEXT
Configure to allow the ssh service only from 192.168.0.0/24 except 192.168.0.4
Answer and Explanation:
1. vi /etc/hosts.deny
sshd: 192.168.0. EXCEPT 192.168.0.4
We can secure the services using tcp_wrappers. There are main two files, /etc/hosts.allow and /etc/hosts.deny.
There will be three stage access checking
-Is access explicitly permitted? Means permitted from /etc/hosts.allow?
- Otherwise, Is access explicitly denied? Means denied from /etc/hosts.deny?
- Otherwise, by default permit access if neither condition matched.
To deny the services we can configure /etc/hosts.deny file using ALL and EXCEPT operation.
Pattern of /etc/hosts.allow and /etc/hosts.deny file is:
Demon_list:client_list:options
In Client list can be either domain name or IP address.
Answer:
Q5. CORRECT TEXT
Change the Group Owner of /data to training group.
Answer and Explanation:
chown or chgrp command is used to change the ownership.
Syntax of chown: chown [-R] username:groupname file/directory
Syntax of chgrp: chgrp [-R] groupname file/directory
Whenever user creates the file or directory, the owner of that file/directory automatically will be that user and that user's primary group name.
To change group owner ship
6. chgrp training /data àWhich set the Group Ownership to training
or
chown root.training /data àWhich set the user owner to root and group owner to training group.
Verify /data using: ls -ld /data
You will get: drwxr-xr-x 2 root training ..............
Answer:
Q6. CORRECT TEXT
Make Secondary belongs the both users on sysadmin group.
Answer and Explanation:
1. usermod -G sysadmin john
2. usermod -G sysadmin jane
3. Verify by reading /etc/group file
Using usermod command we can make user belongs to different group. There are two types of group one primary and another is secondary. Primary group can be only one but user can belongs to more than one group as secondary.
usermod -g groupname username à To change the primary group of the user
usermod -G groupname username à To make user belongs to secondary group.
Answer:
Q7. CORRECT TEXT
Deny login to user15 and user16 on Saturday.
Answer and Explanation:
1. vi /etc/security/time.conf
login;*;user15|user16;Sa0000-2400
2. vi /etc/pam.d/login
account required pam_time.so
For Time based authentication, we should configured in /etc/security/time.conf
Syntax of /etc/security/time.conf
services;ttys;users;times
services
is a logic list of PAM service names that the rule applies to.
ttys
is a logic list of terminal names that this rule applies to.
users
is a logic list of users to whom this rule applies.
times
the format here is a logic list of day/time-range entries the days are specified by a sequence of two character entries, MoTuSa for example is Monday Tuesday and Saturday. Note that repeated days are unset MoMo = no day, and MoWk = all weekdays bar Monday. The two character combinations accepted are
Mo Tu We Th Fr Sa Su Wk Wd Al
the last two being week-end days and all 7 days of the week respectively. As a final example, AlFr means all days except Friday.
pam_time modules checks the file /etc/security/time.conf for authentication. So, we should call the pam_time modules in /etc/pam.d/login.
Answer:
Q8. CORRECT TEXT
Your system is giving error while booting on Runlevel 5 . Make successfully boot your system in runlevel 5.
Answer and Explanation:
While you load the X Window System, you will get the problem. To troubleshoot follow the following steps:
1. Check the /tmp is full ?
2. Check your quota, hard limit is already crossed ?
3. Check xfs service is running ?
4. Boot the system on runlevel 3 and execute the system-config-display command
5. Edit the /etc/inittab to set default runlevel 5.
id:5:initdefault:
Answer:
Q9. CORRECT TEXT
All mails to cracker.org should get by eric user.
Answer and Explanation:
1. vi /etc/mail/virtusertable
@cracker.org eric
2. service sendmail restart
/etc/mail/virtusertable file is used to send the mail coming for virtual user to real user. According to question, all mail to cracker.org should get by eric user so
@cracker.org eric : Which sends all mail of cracker.org to eric user.
Answer:
Q10. CORRECT TEXT
/storage directory on linux server should make available on windows system that jeff user should able to access on read only mode within example.com domain.
Answer and Explanation:
1. vi /etc/samba/smb.conf
[global]
netbios name=station?
workgroup=station?
security=user
smb passwd file=/etc/samba/smbpasswd
encrypt passwords=yes
hosts allow= .example.com
[data]
path=/data
public=no
writable=no
browsable=yes
2. smbpasswd -a jeff
3. service smb start
4. chkconfig smb on
/etc/samba/smb.conf. There are some pre-defined section, i. global à use to define the global options, ii. Printers à use to share the printers, iii. homes à use the share the user's home directory.
Security=user à validation by samba username and password. May be there are other users also.
To allow certain share to certain user we should use valid users option.
smbpasswd à Helps to change user's smb password. -a option specifies that the username following should be added to the local smbpasswd file.
Answer:
Q11. CORRECT TEXT
You are working as an Administrator. There is a common data shared (/data) from 192.168.0.254 to all users in your local LAN. When user's system start, shared data should automatically mount on /common directory.
Answer and Explanation:
To automatically mount at boot time we use the /etc/fstab file. Because /etc/rc.d/rc.sysinit file reads and mount all file system specified in /etc/fstab. To mount Network Sharing Files also use the /etc/fstab but filesystem is nfs.
1. vi /etc/fstab
192.168.0.254:/data /common nfs defaults 0 0
2. reboot the system.
Answer:
Q12. CORRECT TEXT
Create the user named eric and deny to interactive login.
Answer and Explanation:
1. useradd eric
2. passwd eric
3. vi /etc/passwd
4. eric:x:505:505::/home/eric:/sbin/nologin
Which shell or program should start at login time is specified in /etc/passwd file. By default Redhat Enterprise Linux assigns the /bin/bash shell to the users. To deny the interactive login, you should write /sbin/nologin or /bin/false instead of login shell.
Answer:
Q13. CORRECT TEXT
One NIS Domain named rhce.com is configured in your lab, server is 192.168.0.254. rhce100, rhce200,rhce300 user are created on domain server.
Make your system as a member of rhce.com domain. Make sure that when nis user login in your system home directory should get by them. Home directory is separately shared on server eg /home/stationx/ where x is you station number.
Answer and Explanation:
1. use the authconfig --nisserver=192.168.0.254 --nisdomain=rhce.com --update or system-configauthentication
2. Click on Enable NIS
3. Type the NIS Domain: rhce.com
4. Type Server 192.168.0.254 then click on next and ok
5. You will get a ok message.
6. vi /etc/auto.master and write at the end of file
/home/stationx /etc/auto.home --timeout=60
7. vi /etc/auto.home and write
* -rw,soft,intr 192.168.0.254:/home/stationx/&
Note: please specify your station number in the place of x.
8. Service autofs restart
9. Login as the rhce1 or rhce2 or rhce3 on another terminal will be Success.
According to question, rhce.com domain is already configured. We have to make a client of rhce.com domain and automatically mount the home directory on every client. To make a member of domain, we use the autheconfig or system-config-authentication command. There a are lots of authentication server i.e NIS, LDAB, SMB etc. NIS is a RPC related Services, no need to configure the DNS, we should specify the NIS server address.
Here Automount feature is available. When user tried to login, home directory will automatically mount. The automount service reads the configuration from /etc/auto.master file.
On /etc/auto.master file we specified the mount point the configuration file for mount point.
Answer:
Q14. CORRECT TEXT
There is a NFS server 192.168.0.254 and all required packages are dumped in /var/ftp/pub of that server and the /var/ftp/pub directory is shared. Install the Redhat Enterprise Linux 5 by creating following partitions:
/ 1000
/boot 200
/home 1000
/var 1000
/usr 4000
swap 2X256 (RAM SIZE)
Answer and Explanation:
Note: Examiner will provide you the Installation startup CD. And here mentioned size may vary see on the exam paper.
1. Insert the CD on CD-ROM and start the system.
2. In Boot: Prompt type linux askmethod
3. It will display the language, keyboard selection.
4. It will ask you for the installation method.
5. Select the NFS Image from the list
6. It will ask the IP Address, Net mask, Gateway and Name Server. Select Use
Dynamic IP Configuration: because DHCP Server will be configured in your exam lab.
7. It will ask for the NFS Server Name and Redhat Enterprise Linux Directory.
Specify the NFS Server: 192.168.0.254
Directory: /var/ftp/pub
8. After Connecting to the NFS Server Installation start in GUI. Go up to the partition screen by selecting the different Options.
9. Create the partition According to the Question because Size and what-what partition should you create at installation time is specified in your question
10. Then select the MBR Options, time zone and go upto package selections.
It is another Most Important Time of installation. Due to the time limit, you should care about the installation packages. At Exam time you these packages are enough.
X-Window System
GNOME Desktop
(these two packages are generally not required)
Administration Tools.
System Tools
Windows File Server
FTP Servers
Mail Servers
Web Servers
Network Servers
Editors
Text Based Internet
Server Configuration Tools
Printing Supports
When installation will complete, your system will reboot. Jump for another Question.
Answer:
Q15. CORRECT TEXT
Your System is going use as a router for 172.24.0.0/16 and 172.25.0.0/16. Enable the IP Forwarding.
i. echo "1" >/proc/sys/net/ipv4/ip_forward
ii. vi /etc/sysctl.conf
net.ipv4.ip_forward=1
/proc is the virtual filesystem, containing the information about the running kernel. To change the parameter of running kernel in running state you should modify the /proc. From Next boot the system, kernel will take the value from /etc/sysctl.conf. If net.ipv4.ip_forward is 0, it disable the IP forwarding, if 1 then it enable the IP Forwarding.
Answer: