Question 1: SElinux Must be Running in Enforcing Mode

Answer:
# vim /etc/sysconfig/selinux

SELINUX=enforcing

# reboot (***MUST***)
# getenforce

Question 2: Create a 100MB new partition and should be mounted under

/coss/new as xfs type.

Answer:
# fdisk /dev/vda
…
..
# partprobe /dev/vda
# mkfs.xfs /dev/vdaX [ Here X is your New Partition Number]
# mkdir /coss/new -p
#vim /etc/fstab

[Add the below lines to the end of file]

/dev/vdaX /coss/new xfs defaults 0 0

# mount –a
# df –h

Question 3: Extend or resize the LVM partition /dev/vgsrv/lvm_1 into 200M

from the current size and mount the LVM /dev/vgsrv/lvm_1 ome to a mount
point /testlvm. The extended partition size must be within approximately
180MB to 220MB and useable.

Answer:
# df –h
Size: 250M (So need to reduce)
# lvdisplay
Path: /dev/vgsrv/lvm_1

# umount / testlvm
# e2fsck -f /dev/vgsrv/lvm_1
# resize2fs /dev/vgsrv/lvm_1 200M [always reach point]
# lvreduce -L 200M /dev/vgsrv/lvm_1
# mount –a
# df -h

Question 4: Extend or Resize the LVM partition /dev/vgdev/lvm into 250M from
the current size and mount the LVM /dev/vgdev/lvm to a mount point /devlv.
The extended partition size must be within approximately 220MB to 260MB and
useable.

Answer:
# df –h
Size: 200M
# lvdisplay
 Path: /dev/vgdev/lvm

# lvextend -L 250M /dev/vgsrv/home

# resize2fs /dev/vgsrv/home
# df -h

Question 5: Create a volume group named department with 32 M Physical extents

and a logical volume named engineering with 20 logical extents and
mount it under /testing directory.

Answer:
Create a partition with size 32*20=640M more like 700 MB. And change type 8e
for linux lvm.

# pvcreate /dev/vda7
# vgcreate –s 32M department /dev/vda7
# lvcreate –l 20 –n engineering department.
# mkfs.ext4 /dev/department/engineering
# mkdir /testing
# mount /dev/department /testing
# vim /etc/fstab

Question 6: Install rpm on the examination system using the following source
for the Installation media:
Once your system is installed the distribution is available via YUM:
YUM http://content.example.com/pub/rhel7.0/x86_64/dvd
Answer:
# cd /etc/yum.repos.d/
# ls
# vim yum.repo

[Basic]
name=Yum Client
baseurl=http://content.example.com/pub/rhel7.0/x86_64/dvd
enabled=1
gpgcheck=0

# yum clean all

# yum list

Question 7: Install the zsh RPM package.

Answer:
# yum install zsh* -y

Question 8: Create the following users, groups, and group memberships:

 A group named sysusers

 A user andrew who belongs to sysusers as a secondary group
 A user susan who also belongs to sysusers as a secondary group
 A user brad who does not have access to an interactive shell on the
system, and who is not a member of sysusers.
 andrew, susan, and brad should all have the password of password
Answer:
# groupadd sysusers
# adduser -G sysusers andrew
# passwd andrew
# adduser –G sysusers susan
# passwd susan
# adduser –s /sbin/nologin brad
# passwd brad
# cat /etc/passwd [check]
# cat /etc/group [check]

Question 9: Create an user neo with an User ID 1800

Answer:
# useradd –u 1800 neo
# id neo

Question 10: Create a collaborative directory /shared/sysusers with the

following
characteristics:
Group ownership of /shared/sysusers is sysusers

 The directory should be readable, writable, and accessible to

members of sysusers, but not to any other user.
 Files created in /shared/sysusers automatically have group ownership
set to the sysusers Group.

Answer:
# mkdir -p /shared/sysusers
# chgrp sysusers /shared/sysusers
# ls –ld /shared/sysusers [check]
# chmod 770 /shared/sysusers
# chmod 2770 /shared/sysusers
Question 11: Install the appropriate kernel update from
http://classroom.example.com/pub/update.

The following criteria must also be met:

 The updated kernel is the default kernel when the system is rebooted
 The original kernel remains available and bootable on the system.

Answer:
# yum install kernel
# reboot

Question 12: The user robert must configure a cron job that runs daily at
15:25 local time and executes /bin/echo I got RHCE Certificate

Answer:
# man 5 crontab [crontab command manual]
# crontab –e –u Robert
25 15 * * * /bin/echo I got RHCE Certificate
# systemctl restart crond
 # chkconfig enable crond
# crontab –l –u robert [check]

Question 13: Deny cronjob for user andrew so that other user for this system
are not effected for this cronjob.

Answer:
# vim /etc/cron.deny
andrew [insert into this file]

Question 14: Copy the file /etc/passwd to /var/tmp. Configure the permissions
of
/var/tmp/passwd so that:

 the file /var/tmp/passwd is owned by the root user.

 the file /var/tmp/passwd belongs to the group root.
 the file /var/tmp/passwd should not be executable by anyone.
 the user andrew is able to read and write /var/tmp/passwd. [ACL]
 the user susan can neither write nor read /var/tmp/passwd. [ACL]
 all other users (current or future) have the ability to read
/var/tmp/passwd.
Answer:
# cp /etc/passwd /var/tmp
# ls –l /var/tmp
# setfacl –m u:susan:--- /var/tmp/passwd
# setfacl –m u:andrew:rw /var/tmp/passwd
# getfacl /var/tmp/passwd
# chmod 664 /var/tmp/passwd

Question 15: Syncronise your system time with this classroom.example.com.

Answer:
# yum install system-config-date chrony -y
# system-config-date
# Select Tab (Network Time Protocol)
# Check (Enable Network Time Protocol)
# Select +Add (classroom.example.com) then OK
Then
#
# systemctl enable chronyd
# systemctl restart chronyd.
# systemctl disable ntpd [ if any]
# hwclock --systohc

Question 16: Find all files owned by user brian and put them into /root/brian
Or
locate the files of owner "brian" and copy those files to the
/root/brian.

Answer:
# find / -user brian –exec cp –vrp {} /root/brian \;
Or
# find / -user brian
[ Then Copy the file manually]
Question 17: Download a file word.dict from http://172.25.254.254/pub Copy all the
lines from /root/word.dict files that contains the word "blue" and
put those lines in /root/sorted.dict

Answer:
# vim worddb.dict

grep blue /root/word.dict > /root/sorted .dict

Question 18: Configure server to get information about network users from a
LDAP Directory Server available to all machine in the classroom. Here is
information that was provided to you about LDAP.

*Search Base DN: dc=example,dc=com

*LDAP Server: classroom.example.com
*CA Certificate: http://classroom.example.com/pub/example-ca.crt

OR

Note the following. BASE DN: dc=example,dc=com ldap path

ldap://classroom.example.com/ Download the certificate from
"http://classroom.example.com/pub/example-ca.crt: Ldap user should login into
your system . Where "X" is your system no.

classroom.example.com(classroom.example.com) "Nfs exports" /home/guests to

your system where "x" is your station ip. Ldapuser's home directory is
classroom.example.com:/home/guests/ldapuserx. Ldapuser's home directory
should be automounted locally beneath at /home/guests/ldapuserx. While login
with any of the ldapuser then only home directory should accesible from your
system that ldapuserx

Answer:
# yum install authconfig-gtk sssd krb5-workstation
# systemctl isolate graphical.target
[ or if you from remote system do ssh –X [email protected]]

# system-config-authentication

Identified & Authentication

User Account Database: LDAP

LDAP Search Based DN: dc=example,dc=com [as per question]
LDAP Server: classroom.example.com [as per question]
Enable: Use TLS to encrypt connections
Download CA Certificate: [as per above question]
Authentication Method: LDAP Password
Click Apply then OK

# getent passwd ldapuserX [check client and server connectivity]

Kerberos Password Configuration

# system-config-authentication

Identified & Authentication

 User Account Database: LDAP
LDAP Search Based DN: dc=example,dc=com [as per question]
LDAP Server: classroom.example.com [as per question]
Enable: Use TLS to encrypt connections
Download CA Certificate: [as per above question]
Authentication Method: Kerberos Password
Realm : EXAMPLE.COM
KDCs : classroom.example.com
Admin Server: classroom.example.com
Click Apply then OK
Be sure to to enable the SSSD service.

# getent passwd ldapuserX [check client and server connectivity]

Question 19:

Mount ldap Users Home Directory:

Configure your server to automatically mount the home directory of your

LDAP based when the log in.

classroom.example.com "Nfs exports" /home/guests to your system where

"x" is your station ip. Ldapuser's home directory is
classroom.example.com:/home/guests/ldapuserx. ldapuser's home directory
should be automounted locally beneath at /home/guests/ldapuserx. While login
with user ldapuserX then only home directory should accesible from your
system.

# yum install autofs

# vi /etc/auto.master.d/ldap.autofs

/home/guests /etc/ldap.auto

# vim /etc/auto.ldap

ldapuserX –rw,sync classroom.example.com:/home/guests/ldapuserX

# systemctl restart autofs

# systemctl enable autofs

# Send Key: Ctrl+Alt+2 [check]

OR
# ssh ldapuserX@localhost

# login User Name: ldapuserX

# Login Password: password

Question 20: Implement a web server for the site http://serverX.example.com,

then perform the following steps:

 Download http://classroom.example.com/pub/rhce/stationX.html
 Rename the download file to index.html
 Copy this index.html to the DocumentRoot of your web server
 Do NOT make any modifications to the content of index.html
Answer:
# yum install httpd* -y
# systemctl restart httpd
# systemctl enable httpd

# firewall-cmd --permanent -–add-service=http [ if firewalld is enable]

# firewall-cmd –-reload
# vim /etc/httpd/conf/httpd.conf
[set the servername to]
ServerName serverX.example.com:80
# systemctl restart httpd
# cd /var/www/html
# wget http://classroom.example.com/pub/rhce/server.html
# mv server.html index.html

# httpd –t [should be shown SYNTAX OK]

# Check from browser firefox://serverX.example.com

Question 21: The user neo must confiure a cron job that runs daily at 15:25
local time and executes /bin/echo I got RHCE Certificate

Answer:
# crontab –e –u neo

25 15 * * * /bin/echo I got RHCE Certificate

# systemctl enable crond

# systemctl restart crond
# crontab –l –u robert [check]

Question 22: Compress /etc directory to /home/etc.tar.bz2. Compression must

be in bzip2 format.

Method 1: # tar –cvf /home/etc.tar /etc

# bzip2 /home/etc.tar.bz2

Method 2:

or # tar –cjvf /home/etc.tar.bz2 /etc