RHCSA EXAM QUESTIONS

Lab setup:

● If we click on “exam view”, the exam question document will be displayed (make sure to read it)
● If we click on “vm monitor”, we see:

● If we click on Node1, we see:

● We need to click on node1 console (console of node1 will be opened)

● We can do this similarly for node 2.

********Note: Network question needs to be done in the console and after that we need to perform a reboot (after the
network has been configured. We can use ssh root@hostname from the terminal)*********
NODE1 QUESTIONS
1. Configure the network. (enp0s8)
Assign hostname and ip address for your virtual machine.
Hostname - servera.lab.example.com
Ip address – 192.168.1.42
Netmask - 255.255.255.0
Gateway – 192.168.1.1
NameServer – 64.59.135.148
#hostnamectl set-hostname servera.lab.example.com
#nmcli connection show (Note ethernet type)
#nmcli connection modify "enp0s8" ipv4.addresses 192.168.1.42/24
#nmcli connection modify “enp0s8” ipv4.gateway 192.168.1.1
#nmcli connection modify “enp0s8” ipv4.dns 64.59.135.148
#nmcli connection modify “enp0s8” ipv4.method manual
#nmcli connection up "enp0s8"
#ping 192.168.1.42 (Do it from the other server. To check pinging with ip)
#ping 192.168.1.1 (To check ping with gateway)
#ping 64.59.135.148 (To check ping with DNS)
#hostnamectl
#reboot

2. Create a repository
http://classroom.example.com/rhel8.0/x86_64/dvd/AppStream
http://classroom.example.com/rhel8.0/x86_64/dvd/BaseOS
In console of node1 (we need to do this in the console because there is no ip or hostname assigned to take
remote connectivity)
#vi /etc/yum.repos.d/local.repo
[App]
name=AppStream
baseurl=http://classroom.example.com/rhel8.0/x86_64/dvd/AppStream
enabled=1
gpgcheck=0
[Base]
name=BaseOS
baseurl=http://classrom.example.com/rhel8.0/x86_64/dvd/AppStream
enabled=1
gpgcheck=0
#yum list
#yum repolist all (it lists the repositories)
#yum install httpd -y (if it won’t install, the issue may be in the repo file, or ip address setting, or dns, or gateway)

3. Configure SELinux
Your webcontent has been configured at port 82 in the /var/www/html directory
(Don't alter or remove any files in this directory)
Make the content accessable.
#yum install httpd -y // These first 3 steps are to set up the question
#vi /var/www/html/index.html // Hello World!
#vi /etc/httpd/conf/httpd.conf // Listen 82
#systemctl status httpd
#semanage port -l | grep http (check whether port 82 is enabled or if not, use the command below to add it)
#semanage port -a -t http_port_t -p tcp 82 (-a=add, -t= type, -p=protocol)
#semanage port -l | grep http (verify port 82 if it is added or not)
#systemctl enable httpd
#systemctl restart httpd
#firewall-cmd --permanent --add-port=82/tcp
#firewall-cmd --reload
#firewall-cmd --list-all (check port 82 is added or not)
#curl http://servera.lab.example.com:82

4. Create the following users, groups and group memberships:

(a)A group named admin.
(b)A user harry who belongs to admin as a secondary group.
(c) A user natasha who belongs to admin as a secondary group.
(d) A user sarah who doesn’t have access to an interactive shell and who’s not a member of admin.
(e)The users harry, natasha, sarah should all have a password of “password”.
#groupadd admin (a)
#useradd -G admin harry (b) (-G= secondary group, -g=primary group)
#useradd -G admin natasha (c)
#useradd -s /sbin/nologin sarah (d) (-s=shell)
#passwd --stdin harry (e)
#passwd --stdin natasha
#passwd --stdin sarah
Note: --stdin is not mandatory, but there’s no need to retype the password and also it shows the password you typed.

5. Create a collaborative directory /common/admin with the following characteristics:

(a)Group ownership of /common/admin is admin.
(b) The directory should be readable, writable and accessible to members of admin, but not any other user.
(It is understood that root has access to all files and directories on the system.)
(c)Files created in /common/admin will automatically have group ownership set to the admin group.
#mkdir -p /common/admin (-p=parent directory)
#chgrp admin /common/admin
#chmod 2770 /common/admin
#ls -ld /common/admin
#su - harry
$touch /common/admin/file1
$ls -ltr /common/admin/file1 (you need to get group ownership as admin)
$logout

6. Configure autofs to automount the home directories of netuserX user. Note theFollowing:
netuserX home directory is exported via NFS, which is available on classroom.example.com(192.168.1.43)
and your NFS-exports directory is /netdir/netuserX for netuserX (use netuser5 for this)
netuserX's home directory is classroom.example.com:/home/guests/netuserX
netuserX's home directory should be automounted using autofs service.
home directories must be writable by their users
on server : change IP address in /etc/exports. Also “systemctl restart nfs-server”
# sudo yum install nfs-utils autofs -y
# showmount -e 192.168.1.43
# vim /etc/auto.master // /netdir /etc/auto.misc
# vim /etc/auto.misc // * -fstype=nfs,rw,sync 192.168.1.43:/home/guests/&
# systemctl enable autofs --now
# systemctl restart autofs
# su – netuser5
# cd /netdir
# cd netuser5

7. Set a Cron job for harry on 12.30 at noon print /bin/echo on "hello".
#crontab -e -u harry // 30 12 * * * /bin/echo “hello”
#crontab -l -u harry (-l=list, -u=user, -e=edit)
#cat /var/log/cron (it shows list of cronjobs)
#cat /etc/crontab (it shows how cronjob works)

8. Configure ACL permission

copy the file /etc/fstab to /var/tmp. Configure the permission of /var/tmp/fstab so that:
(a)The file /var/tmp/fstab is owned by the root user
(b)The file /var/tmp/fstab belongs to the group root.
(c)The file /var/tmp/fstab should not be executable by anyone.
(d)The user harry is able to read and write on /var/tmp/fstab.
(e)The user natasha can neither read nor write /var/tmp/fstab.
(f)All other users (current/future) have the ability to read /var/tmp/fstab
#cp /etc/fstab /var/tmp
#chown root:root /var/tmp/fstab (a)(b) (redundant if you are logged in as root)
#chmod a-x /var/tmp/fstab (c)
#setfacl -m u:harry:rw- /var/tmp/fstab (d)
#setfacl -m u:natasha:--- /var/tmp/fstab (e)
#setfacl –m o:r-- /var/tmp/fstab (f)
#getfacl /var/tmp/fstab

9 Configure your system so that it is an NTP pool of 2.centos.pool.ntp.org

#sudo yum install chrony -y
#vim /etc/chrony.conf // pool 2.centos.pool.ntp.org iburst (also comment out the pool)
#systemctl restart chronyd.service
#systemctl enable chronyd.service
#timedatectl
#chronyc sources -v // this should list ntp servers at the bottom

10. Find the files owned by harry and copy them to /root/find.user
#mkdir -p /root/find.user
#find / -user harry -exec cp -rf {} /root/find.user \;
#ls -a /root/find.user

11. Create a new user with UID 1326 and user name as alies
#useradd -u 1326 alies

12. Create an archive file - Backup the /var/tmp directory as /root/test.tar.gz

#tar zcvf /root/test.tar.gz /var/tmp (-J for xz, -j for bz2, -z for gz )
13. Build a container as harry
Use the URL http://classroom.example.com/Containerfile to build the container image with the name “web”
Build it in ~/mycontainer. Do not modify the container file
# ssh harry@localhost
# mkdir ~/mycontainer
# cd ~/mycontainer
# wget http://classroom.example.com/Containerfile
FROM docker.io/library/httpd
LABEL maintainer=”Linux2Cloud”
# podman build -t web:v1 .
# podman images

14. Create a container using an image that you created somewhere in the exam:
-Create a container with the user named harry, the container name should be ‘containerweb’
-Container should run as a systemd service, so configure it as a service named ‘container-web.service’
-Container should run at boot time.
-Container name should be ‘containerweb’
-Map ~/web directory to /usr/local/apache2/htdocs in the container
-Map port 8080 to port 80 in the container
-When you curl localhost:8080 it should read “This is my web page!”
# ssh harry@localhost
# mkdir ~/web
# vi ~/web/index.html // This is my web page!
# podman run -d --name containerweb -p 8080:80 -v ~/web:/usr/local/apache2/htdocs:Z localhost/web:v1
# podman ps -a
# loginctl show-user harry
# loginctl enable-linger harry
# mkdir -p ~/.config/systemd/user
# podman generate systemd containerweb > ~/.config/systemd/user/container-web.service
# podman stop containerweb
# systemctl --user daemon-reload
# systemctl --user enable container-web.service
# systemctl --user start container-web.service
# systemctl --user status container-web.service
# curl localhost:8080
# exit
# reboot
# curl localhost:8080 (to check if the container-web.service is running)

15.1 Set the permissions automatically for a user

-All newly created files for user natasha should have -r-------- as the default permission.
-All newly created directories for user natasha should have dr-x------ as the default permission.
#echo “umask 0277” >> /home/natasha/.bashrc // default umask is 0022 which makes -rw-r—r—for files
#su - natasha // … and -rwxr-xr-x for directories
$umask
$mkdir dir1
$ls -l ( o/p directory should have dr-x------ permissions)
$touch file1
$ls -l ( o/p file should have -r-------- permissions)
$exit extra Umask octal value permissions (0=rwx,1=rw-,2=r-x,3=r--,4=-wx,5=-w-,6=--x,7=---)
15.2 The password for all new users should expire after 20 days.
#vim /etc/login.defs // PASS_MAX_DAYS 20

15.3 Assign the sudo privilege for users or groups to administrate without a password
#vim /etc/sudoers.d/admin // %admin ALL=(ALL) NOPASSWD: ALL A(A) N:A
#vim /etc/sudoers.d/harry // harry ALL=(ALL) NOPASSWD: ALL

15.4 Create a script file:

-if the paramater is “GM” it outputs “good morning” -- if it is “GN”, it outputs “good night”
#vim script.sh
#!/bin/bash
If [ $# -eq 0 ]; then
echo “You must enter a parameter”
fi
if [ “$1” == “GM” ] ; then
echo “good morning”
elif [ “$1” == “GN” ] ; then
echo “good night”
else
echo “enter GM|GN for output”
fi
#chmod 755 script.sh
#./script.sh GM

NODE2 QUESTIONS
1. Set the root user password to break into the system
rd.break console=tty0 Press e on line with “linux”, add this at the end, and then do CTRL+X
#mount -o remount,rw /sysroot
#chroot /sysroot
#passwd root
#touch /.autorelabel
#exit
#exit

2. Create a repository file

http://classroom.example.com/rhel8.0/x86_64/dvd/AppStream
http://classroom.example.com/rhel8.0/x86_64/dvd/BaseOS
#vi /etc/yum.repos.d/local.repo
[App]
name=AppStream
baseurl=http://classroom.example.com/rhel8.0/x86_64/dvd/AppStream
enabled=1
gpgcheck=0
[Base]
name=BaseOS
baseurl=http://classrom.example.com/rhel8.0/x86_64/dvd/AppStream
enabled=1
gpgcheck=0
#yum list
#yum repolist all (it lists the repositories)
#yum install httpd -y (if it won’t install the issue may be in repo file, or the ip address setting, or dns, or gateway)

3. Create a swap partition of 512MB at /dev/sdb

# free -m
# fdisk /dev/sdb/ // m n p 1 Default +512M p t 2 l 82 p w
# partprobe
# lsblk
# mkswap /dev/sdb1
# blkid
# vim /etc/fstab // UUID=…………… swap swap defaults 0 0
# mount -a
# swapon -s
# swapon -a
# free -m
# lsblk

4. Resize the logical volume "datastore-engineering" size to 20 extents.

# umount /mnt/database
# e2fsck -nf /dev/datastore/engineering
# resize2fs /dev/datastore/engineering
# lvreduce -r -l -10 /dev/datastore/engineering // -10 = reduces from 30 to 20

5. Create a vdo named VDO1 of logical size 50GB (actual size 5GB) on sdd, under volume
group VG1 and mount it at /vdo_m
# yum install lvm2 kmod-kvdo vdo // LKV
# lsblk // find disk to use
# su // elevate permissions
# pvcreate /dev/sdd // create physical volume
# vgcreate VG1 /dev/sdd // create volume group
# vgs // to verify
# lvcreate --type vdo --name VDO1 --size 5GB --virtualsize 50GB VG1
# lsblk // to verify
# mkfs.xfs -K /dev/VG1/VDO1
# mkdir /vdo_m
# vi /etc/fstab /dev/VG1/VDO1 /vdo_m xfs defaults 0 0
# mount -a // to verify

6. Configure Volumes
Create one logical volume engineering from a datastore volume group of size 30 Extents.
logical volume engineering from the datastore volume group extent should be 8MiB.
Format with ext3 file system and mount it permanently under /mnt/database (on /dev/sdb)
# lsblk
# fdisk -c /dev/sdb // p n p 2 Default +240m p t l 8e p w (240m = 240MiB)
# partprobe
# fdisk -l
# pvcreate /dev/sdb2
# pvs
# vgcreate -s 8MiB datastore /dev/sdb2
# vgs
# vgdisplay datastore
# lvcreate -l 30 -n engineering datastore
# lvs
# mkdir -p /mnt/database
# mkfs.ext3 /dev/datastore/engineering
# vim /etc/fstab // /dev/datastore/engineering /mnt/database ext3 defaults 0 0
# mount -a
# lsblk

7. Set the recommended tuned profile for your system.

#yum install tuned -y
#systemctl start tuned
#systemctl enable tuned
#tuned-adm recommend
#tuned-adm profile virtual-guest // … or whatever profile that it recommends
#systemctl restart tuned
#tuned-adm active

BONUS QUESTION
1. Build an application called “rhcsa” that prints the message "Welcome to user ablerate"
when you’re logged in as the user "ablerate".
# useradd ablerate
# passwd ablerate
# vim /usr/local/bin/rhcsa
#!/bin/bash
echo "Welcome to user $LOGNAME"
# chmod 755 /usr/local/bin/rhcsa
# vim /home/ablerate/.bashrc
/usr/local/bin/rhcsa // add this somewhere in the file
# ssh ablerate@localhost

TIPS & TRICKS

# man -K searchterm // to search the contents of the man pages