{EX-200 PAPER WITH SOLUTION}

-----------------------------------------------------------------------------------

1: Your hostname should be “alpha.domain1.example.com”

ans: hostnamectl set-hostname alpha.domain1.example.com

-----------------------------------------------------------------------------------

2.Configure you alpha.domain1.example.com as yum client so that you can download and
install package from
your yum repository at
http://content.example.com/rhel8.2/x86_64/dvd/BaseOS
http://content.example.com/rhel7.0/x86_64/dvd/AppStream

ans:
cd /etc/yum.repos.d
vim server.repo

[BaseOS]
name=BaseOS
baseurl=http://content.example.com/rhel8.2/x86_64/dvd/BaseOS
enabled=1
gpgcheck=0

[AppStream]
name=Appstream
baseurl=http://content.example.com/rhel7.0/x86_64/dvd/AppStream
enabled=1
gpgcheck=0

:wq

-----------------------------------------------------------------------------------
3.Q1. Configure network and set the static hostname.
IP ADDRESS = 172.25.250.10
NETMASK = 255.255.255.0
GATEWAY = 172.25.250.254
DNS = 172.25.250.254
hostname = alpha.domain1.example.com

ans:
systemctl set-default graphical.target
systemctl isolate graphical.target
login to root
open wired connection settings
and feed all the provided values in above question.

-----------------------------------------------------------------------------------

4.Debug SELinux:
● A web server running on non standard port 82 is having issues serving content. Debug
and fix the issues.
● The web server on your system can server all the existing HTML files from
/var/www/html ( NOTE: Do not make any changes to these files )
● Web service should automatically start at boot time.

ans:
dnf install httpd -y
systemctl status httpd
semanage port -l | grep http
semanage port -a -t http_port_t -p tcp 82 {man semanage port then /example}
semanage port -l | grep http
vim /etc/httpd/conf/httpd.conf
{add Listen 82 and :wq}
firewall-cmd --permanent --add-port=82/tcp
firewall-cmd --permanent --list-ports
firewall-cmd --reload
systemctl restart httpd
systemctl enable httpd
systemctl i httpd
systemctl status httpd
curl http://localhost:82/

-----------------------------------------------------------------------------------
5.Create User accounts with supplementary group.
● Create the group a named "sysadms".
● Create users as named "natasha" and "harry", will be the supplementary group
"sysadms".
● Create a user as named "sarah", should have non-interactive shell and it should be not
the member of "sysadms".
● Password for all users should be "trootent"

ans:
groupadd sysadms
useradd natasha
passwd natasha {trootent}
useradd harry
passwd harry {trootent}
usermod -a -G sysadms natasha
usermod -a -G sysadms harry
useradd sarah -s /sbin/nologin
passwd sarah {trootent}

then check cat /etc/passwd and /etc/group also id natasha and id harry.

-----------------------------------------------------------------------------------

6.Configure a cron job that runs every 1 minutes and executes:

logger "EX200 in progress" as the user natasha.

ans:
crontab -u natasha -l
crontab -u natasha -e
*/1 * * * * logger "EX200 in progress"
:wq
systemctl restart crond
systemctl enable crond
systemctl status crond
cat /var/log/messages | grep EX200

-----------------------------------------------------------------------------------
7. Create a collaborative Directory.
● Create the Directory "/home/manager" with the following characteristics.
● Group ownership of "/home/manager" should go to "sysadms" group.
● The directory should have full permission for all members of "sysadms" group but not to
the other users except "root".
● Files created in future under "/home/manager" should get the same group ownership.

ans:
mkdir /home/manager -p
chgrp sysadms /home/manager
chmod 770 /home/manager
chmod g+s /home/manager
ls -altr

-----------------------------------------------------------------------------------

8.Configure NTP
● Synchronize time of your system with the server time.nplindia.org

ans:
dnf install chrony
vim /etc/chrony.conf
{add server time.nplindia.org and :wq}
systemctl restart chronyd
systemctl enable --now chronyd
systemctl is-enabled chronyd

-----------------------------------------------------------------------------------
9.Configure AutoFS
● All Ldapuser2 home directory is exported via NFS, which is available on
classroom.example.com (172.25.254.254) and your NFS-exports directory is
/home/guests for Ldapuser2,
● Ldapuser2's home directory is classroom.example.com:/home/guests/ldapuser2
● Ldapuser2's home directory should be automount autofs service.
● Home directories must be writable by their users.
● while you are able to log in as any of the user ldapuser1 through ldapuser20, the only
home directory that is accessible from your system is ldapsuser2

ans:
dnf install autofs -y
vim /etc/auto.master
---> /home/guests /etc/auto.any
vim /etc/auto.any
---> ldapuser2 -rw,sync,fstype=nfs4 classroom.example.com:/home/guests/ldapuser2
systemctl stop autofs
systemctl start autofs
systemctl enable --now autofs
systemctl is-enabled autofs

-----------------------------------------------------------------------------------

10.ACL.
● Copy the file /etc/fstab to /var/tmp/ and configure the "ACL" as mentioned following.
● The file /var/tmp/fstab should be owned by the "root".
● The file /var/tmp/fstab should belong to the group "root".
● The file /var/tmp/fstab should not be executable by any one.
● The user "sarah" should be able to read and write to the file.
● The user "harry" can neither read nor write to the file.
● Other users (future and current) should be able to read /var/tmp/fstab.

ans:
cp -rvf /etc/fstab /var/tmp/
chown root /var/tmp/fstab
chgrp root /var/tmp/fstab
setfacl -m u:sarah:rw- /var/tmp/fstab
setfacl -m u:harry:--- /var/tmp/fstab
chmod o+r /var/tmp/fstab

-----------------------------------------------------------------------------------
11. Create user 'bob' with 2112 uid and set the password 'trootent'
ans:
useradd -u 2112 bob
passwd bob {trootent}

-----------------------------------------------------------------------------------

12. Locate all files owned by user "harry" and copy it under /root/harry-files

ans:
find /-user harry -exec cp -rvf {} /root/harry-files \;

-----------------------------------------------------------------------------------

13.Find all strings 'ich' from "/usr/share/dict/words" and put it into /root/lines file.

ans:
cat /usr/share/dict/words | grep -i(to ignore case-sensititivity) ich > /root/lines

-----------------------------------------------------------------------------------

14.create an archive '/root/backup.tar.bz2' of /usr/local directory and compress it with

bzip2.

ans:
tar --help
tar -jvcf /root/backup.tar.bz2 /usr/local
tar -tvf /root/backup.tar.bz2 { to check zipped file}

-----------------------------------------------------------------------------------
15.{script}: Create a script named findfiles.sh in /usr/local/bin which finds all the files of having
size greater than 30kb, less than 50kb and having SETUUID,
The output of the file should be redirected to /var/findoutput.

ans:
touch /var/findoutput
find / -type f -size +30k -size -50k -perm /u=s -exec ls -ll {} \; > /var/findoutput

note:
-perm -4000 Print files only with permissions set to 4000
-exec ls -ll Displays the output of find command.

suid-4000 or /u=s
sgid-2000 or /g=s
sticky bit for others-1000 or /o=t

-----------------------------------------------------------------------------------

16.Reset root user password and make it 'trootent'

ans:
press [e] to boot break
add rd.break at the end of line starting with linux
and press CTRL+X
then type mount -o remount,rw /sysroot
then chroot /sysroot
then passwd root
(set new passwd for root)
touch /.autorelabel
exit
exit

-----------------------------------------------------------------------------------
17.Resize a logical Volume
- Resize the logical volume "mylv" so that after reboot the size should be in between 200MB
to 300MB.

ans:
[note]
check lsblk -f
lvextend -L 250M /dev/mapper/myvg-mylv
{check filesystem if it is xfs then use xfs_growfs /dev/mapper/myvg-mylv}
resize2fs /dev/mapper/myvg-mylv

-----------------------------------------------------------------------------------

18.Add a swap partition of 512MB and mount it permanently.

ans:
fdisk /dev/sdb
{create an additional partition of 512M}
fdisk /dev/sdb2
{create new swap partition with partition type :82 [linux swap]}
vim /etc/fstab
--->/dev/sdb2 swap swap defaults 0 0
mkswap /dev/sdb2
free -h
swapon /dev/sdb2
free -h

-----------------------------------------------------------------------------------
19. Create a logical Volume and mount it permanently.
● Create the logical volume with the name "wshare" by using 50LE's from the volume
group "wgroup".
● Consider each PE size of the volume group as "8 MB".
● Mount it on /mnt/wshare with file system vfat.

ans:
mkdir /mnt/wshare -p
fdisk /dev/sdb
{create a primary partition of 1GB size}
partprobe /dev/sdb
lsblk
pvcreate /dev/sdb3
vgcreate -s 8M wgroup /dev/sdb3
lvcreate -l 50 -n wshare wgroup
vgdisplay
lvdisplay
vim /etc/fstab
--->/dev/wgroup/wshare /mnt/wshare vfat defaults 0 0
mkfs.vfat /dev/wgroup/wshare
mount -av
lsblk

-----------------------------------------------------------------------------------

20. Configure System Tuning:

● Choose the recommended 'tuned' profile for your system and set it as the default.

ans:
dnf install tuned -y
tuned-adm recommend
tuned-adm profile virtual-guest
tuned-adm active

-----------------------------------------------------------------------------------
21.● Create a container logserver from an image rsyslog in node1 From
registry.lab.example.com
● Configure the container with systemd services by an existing user “Walhalla”,
● Service name should be container-logserver, and configure it to start automatically
across reboot.
● Configure your host journal to store all journal across reboot
● Copy all *.journal from /var/log/journal and all subdirectories to
/home/Walhalla/container_logserver
● Configure automount /var/log/journal from logserver (container) to
/home/walhalla/container_logserver when container starts.

ans:
{root steps}
dnf install podman -y
{user steps use ssh Walhalla@localhost}
podman search rsyslog
podmna pull docker.io/wodby/rsyslog
podman pull docker.io/wodby/rsyslog
podman ps
podman images
mkdir /home/Walhalla/container_logserver -p
mkdir /home/Walhalla/.config/systemd/user -p
podman run -dit --name=logserver -v /home/Walhalla/container_logserver:/var/log/journal:Z
docker.io/wodby/rsyslog
podman ps
podman generate systemd logserver >
/home/Walhalla/.config/systemd/user/container-logserver.service
cd /home/Walhalla/.config/systemd/user
ls
vim container-logserver.service
systemctl --user status container-logserver.service
systemctl --user daemon-reload
systemctl --user status container-logserver.service
systemctl --user enable --now container-logserver.service
systemctl --user status container-logserver.service
loginctl enable-linger
loginctl show-user Walhalla

UUID:651698494169419494941419419