Q1. CORRECT TEXT
Your System is going use as a router for 172.24.0.0/16 and 172.25.0.0/16. Enable the IP Forwarding.
Answer and Explanation:
1. echo "1" >/proc/sys/net/ipv4/ip_forward
2. vi /etc/sysctl.conf
net.ipv4.ip_forward=1
/proc is the virtual filesystem, containing the information about the running kernel. To change the parameter of running kernel you should modify on /proc. From Next reboot the system, kernel will take the value from /etc/sysctl.conf.
Answer:
Q2. CORRECT TEXT
There are two different networks 192.168.0.0/24 and 192.168.1.0/24. Where 192.168.0.254 and 192.168.1.254 IP Address are assigned on Server. Verify your network settings by pinging 192.168.1.0/24 Network's Host.
Answer and Explanation:
At exam time read the Lab Scenario carefully. Actually there are two different networks one is 192.168.0.0/24 where your system resides know as example.com
domain and another is 192.168.1.0/24 know as cracker.org domain.
One server named sever1.example.com having 192.168.0.254 and 192.168.1.254 is running in your exam. If you make a gateway to that server, you will can ping because IP forwarding is enabled on that server.
1. vi /etc/sysconfing/network
NETWORKING=yes
HOSTNAME=station?.example.com
GATEWAY=192.168.0.254
2. service network restart
Or
1. vi /etc/sysconfig/network-scripts/ifcfg-eth0
DEVICE=eth0
ONBOOT=yes
BOOTPROTO=static
IPADDR=X.X.X.X
NETMASK=X.X.X.X
GATEWAY=192.168.0.254
2. ifdown eth0
3. ifup eth0
Note: If gateway is specified in both file, default gateway takes from interface specific file.
Answer:
Q3. CORRECT TEXT
Backup of the Redhat Enterprise Linux 5 is on /var/ftp/pub, /var/www/html/pub on server named server1.example.com. You can install all required packages using yum by creating the repository file.
Answer and Explanation:
1. Create the repository file
#vi /etc/yum.repos.d/server1.repo
[station?]
name=station?
baseurl=ftp://server1.example.com/pub/
enabled=1
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
# yum install <packagename>
Answer:
Q4. CORRECT TEXT
There are Mail servers, Web Servers, DNS Servers and Log Server. Log Server is already
configured. You should configure the mail server, web server and dns server to send the logs to log server.
Answer and Explanation:
According to question, log server is already configured. We have to configure the mail, web and dns server for log redirection.
In mail, web and dns server:
1. vi /etc/syslog.conf
mail.* @logserveraddress
2. service syslog restart
mail is the facility and * means the priority. It sends all logs of mail service to mail into log server.
Answer:
Q5. CORRECT TEXT
Your Local Domain is example.com. Configure the send mail server for you local LAN by following these conditions.
i. Relay the mail from 192.168.0.0/24 Network
ii. If any mail coming from cracker.org domain block all mails.
iii. user5's mail should be get by user2.
Answer and Explanation:
1. vi /etc/mail/local-host-names
example.com
2. vi /etc/mail/sendmail.mc
dnl # DEAMON_OPTIONS(`Port=smtp,Addr=127.0.0.1,Name=MTA`)dnl
3. m4 /etc/mail/sendmail.mc >/etc/mail/sendmail.cf
4. vi /etc/mail/access
192.168.0 RELAY
@cracker.org REJECT
5. service sendmail start | restart
6. chkconfig dovecot on
7. vi /etc/dovecot.conf
protocols = pop3 pop3s imap imaps
8. service dovecot start | restart
9. chkconfig dovecot on
10. vi /etc/aliases
user5: user2
11. newaliases
/etc/mail/local-host-names file contains the aliases to hostname. Mail server program reads the
/etc/mail/sendmail.cf. To change the configuration on mail server, we should edit the
/etc/mail/sendmail.mc file and should generate the sendmail.cf using m4 command.
By default sendmail server allows to connect to local host only. So we should edit the
/etc/mail/sendmail.mc file to allow connect to other hosts.
By default sendmail server will not forward mail. we should specify on /etc/mail/access to relay or to block mail coming from domain or network or individual email address.
By default dovecot service start only the imap protocol. To start pop protocol with dovecot, we should write in /etc/dovecot.conf file.
Using /etc/aliases file we can map the user name to send mail of one user to another user. To rebuild database we use the newaliases command.
Answer:
Q6. CORRECT TEXT
Dig Server1.example.com, Resolve to successfully through DNS Where DNS server is 172.24.254.254
Answer and Explanation:
#vi /etc/resolv.conf
nameserver 172.24.254.254
# dig server1.example.com
#host server1.example.com
DNS is the Domain Name System, which maintains a database that can help your computer translate domain names such as www.redhat.com to IP addresses such as 216.148.218.197. As no individual DNS server is large enough to keep a database for the entire Internet, they can refer requests to other DNS servers.
DNS is based on the named daemon, which is built on the BIND (Berkeley Internet Name Domain) package developed through the Internet Software Consortium
Users wants to access by name so DNS will interpret the name into ip address. You need to specify the Address if DNS server in each and every client machine. In Redhat Enterprise Linux, you need to specify the DNS server into /etc/resolv.conf file.
After Specifying the DNS server address, you can verify using host, dig and nslookup commands.
Answer:
Q7. CORRECT TEXT
You are the administrator of example.com domain. Configure to deny local login to all normal users on your domain server. As well as allow to root login only on First Terminal.
Answer and Explanation:
1. touch /etc/nologin
2. vi /etc/securetty
comment all available terminall then first.
If /etc/nologin file is created, then pam modules pan_nologin deny to all non-root users to login locally.
/etc/pam.d/login file calls the module.
#%PAM-1.0
auth required pam_securetty.so
auth required pam_stack.so service=system-auth
auth required pam_nologin.so
account required pam_stack.so service=system-auth
password required pam_stack.so service=system-auth
# pam_selinux.so close should be the first session rule
session required pam_selinux.so close
session required pam_stack.so service=system-auth
session optional pam_console.so
# pam_selinux.so open should be the last session rule
session required pam_selinux.so multiple open
pam_securetty modules checks the /etc/securetty file, which terminal are available to root. If terminal is not available in this file then pam_securetty module deny to login on unavailable terminal to root user.
Answer:
Q8. CORRECT TEXT
Whoever creates the file on /data make automatically owner group should be the group owner of /data directory.
Answer and Explanation:
When user creates the file/directory, user owner will be user itself and group owner will be the primary group of the user.
There is one Special Permission SGID bit, when you set the SGID bit on directory,When users creates the file/directory automatically owner group will be same as a parent directory.
9. chmod g+s /data
10. Verify using: ls -ld /data
You will get: drwxrws---
Answer:
Q9. CORRECT TEXT
Using squid block Internet to 192.168.1.0/24 Network and allow to 192.168.0.0/24 Network.
Answer and Explanation:
1. vi /etc/squid/squid.conf
#detault:
http_port 8080
#Recommended minimum configuration:
# Near the src acl src section
acl allownet src 192.168.0.0/255.255.255.0
acl denynet src 192.168.1.0/255.255.255.0
#Default:
# http_access deny all
#Under Here
http_access allow allownet
http_access deny denynet
2. service squid start
3. chkconfig squid on
squid is a proxy caching server, using squid we can share the internet, block the internet, to certain network. First we should define the port for squid, the standard port for squid is 3128. We can run squid on different port by specifying http_port portnumber.
To block or allow the Internet access to hosts, we should create the acl (Access Control List). In this file we can specify only the IP address.
Example: acl aclname src IP/Netmask
After creating acl we can block or allow the internet to specified acl.
http_access allow | deny alcname
Answer:
Q10. CORRECT TEXT
There is a FTP server 192.168.0.254 and all required packages are dumped in /var/ftp/pub of that server and anonymous login is enabled. Install the Redhat Enterprise Linux 5 as an anonymous by creating following partitions:
/ 1000
/boot 200
/home 1000
/var 1000
/usr 4000
swap 2X256 (RAM SIZE)
Answer and Explanation:
Note: Examiner will provide you the Installation startup CD. And here mentioned size may vary see on the exam paper.
1. Insert the CD on CD-ROM and start the system.
2. In Boot: Prompt type linux askmethod
3. It will display the Language, keyboard selection.
4. It will ask you for the installation method.
5. Select the FTP from the list
6. It will ask the IP Address, Net mask, Gateway and Name Server. Select Use
Dynamic IP Configuration: because DHCP Server will be configured in your exam lab.
7. It will ask for the FTP site name and Redhat Enterprise Linux Directory.
Specify the FTP Server: 192.168.0.254
Directory: pub à Because anonymous login on /var/ftp.
8. After Connecting to the FTP Server Installation will start. Go up to the partition screen by selecting the different Options.
9. Create the partition According to the Question because Size and what-what partition should you create at installation time is specified in your question
10. Then select the MBR Options, time zone and go upto package selections.
It is another Most Important Time of installation. Due to the time limit, you should be care about the installation packages. At Exam time you these packages are enough.
X-Window System
GNOME Desktop
(these two packages are generally not required)
Administration Tools.
System Tools
Windows File Server
FTP Servers
Mail Servers
Web Servers
Network Servers
Editors
Text Based Internet
Server Configuration Tools
Printing Supports
When installation will complete, your system will reboot. Jump for another Question.
Answer:
Q11. CORRECT TEXT
Make Successfully Resolve to server1.example.com where DNS Server is 192.168.0.254.
Answer and Explanation:
1. vi /etc/resolv.conf
Write: nameserver 192.168.0.254
Answer:
Q12. CORRECT TEXT
You are giving the RHCE exam. Now you should boot your System properly. When you started your System, You got one message that.
INIT Entering runlevel 9
INIT: no more processes left in this runlevel
How will you boot your System properly?
Answer and Explanation:
You should know about the /etc/inittab file, where default runlevel will define. And Much more runlevel specific Scripts are called here.
Actually that problem will occur if you don't specify the default runlevel.
1. Reboot the system
2. Boot the System on single user mode.
Except for a normal boot of Linux, single-user mode is the most commonly used option. This is the system maintenance mode for experienced Linux administrators. It allows you to perform clean backups and restores to any partitions as needed from local hardware. It also allows you to run administration commands, recover or repair password and shadow password files, run filesystem checks, and so forth.
3. vi /etc/inittab and Write
id:runlevel:initdefault:
Standard Runlevels in RedHat Enterprise Linux
Answer:
Q13. CORRECT TEXT
One Logical Volume named lv1 is created under vg0. The Initial Size of that Logical Volume is 100MB. Now you required the size 500MB. Make successfully the size of that Logical Volume 500M without losing any data. As well as size should be increased online.
Answer and Explanation:
The LVM system organizes hard disks into Logical Volume (LV) groups. Essentially, physical hard disk partitions (or possibly RAID arrays) are set up in a bunch of equal-sized chunks known as Physical Extents (PE). As there are several other concepts associated with the LVM system, let's start with some basic definitions:
* Physical Volume (PV) is the standard partition that you add to the LVM mix. Normally, a physical volume is a standard primary or logical partition. It can also be a RAID array.
* Physical Extent (PE) is a chunk of disk space. Every PV is divided into a number of equal sized PEs. Every PE in a LV group is the same size. Different LV groups can have different sized PEs.
* Logical Extent (LE) is also a chunk of disk space. Every LE is mapped to a specific PE.
* Logical Volume (LV) is composed of a group of LEs. You can mount a filesystem such as /home and /var on an LV.
* Volume Group (VG) is composed of a group of LVs. It is the organizational group for LVM. Most of the commands that you'll use apply to a specific VG.
1. Verify the size of Logical Volume: lvdisplay /dev/vg0/lv1
2. Verify the Size on mounted directory: df -h or df -h mounted directory name
3. Use : lvextend -L+400M /dev/vg0/lv1
4. ext2online -d /dev/vg0/lv1 à to bring extended size online.
5. Again Verify using lvdisplay and df -h command.
Answer:
Q14. CORRECT TEXT
Some users home directory is shared from your system. Using showmount -e localhost command, the shared directory is not shown. Make access the shared users home directory.
Answer and Explanation:
1. Verify the File whether Shared or not ? : cat /etc/exports
2. Start the nfs service: service nfs start
3. Start the portmap service: service portmap start
4. Make automatically start the nfs service on next reboot: chkconfig nfs on
5. Make automatically start the portmap service on next reboot: chkconfig portmap on
6. Check default firewall is running in your system
# service iptables status
#iptables -F
#service iptables stop
#chkconfig iptables off
6. Verify Either sharing or not: showmount -e localhost
You will see that some shared directory will display
Answer:
Q15. CORRECT TEXT
Configure the DNS server by allowing query only from the 192.168.0.0/24 Local Network.
Answer and Explanation:
1. vi /var/named/chroot/etc/named.conf
acl localnet { 192.168.0.0/24; };
options {
allow-query { localnet; };
};
2. service named restart | start
allow-query is a global option on /var/named/chroot/etc/named.conf, specifies an address match list of hosts allowed to query this server. If this option is not set, any host can query the server.
Answer: