Preparation Set 1
SERVER A
Q1 : Configure Hostname and Ip Address on this machine
IP Address : 192.168.208.138
NetMask : 255.255.255.0
Gateway : 192.168.208.2
DNS : 192.168.208.2
[root@serverA ~]#
nmcli conn add
type ethernet
ifname ens160
con-name serverAnet
ipv4.method manual
ipv4.addresses 192.168.208.138/24
ipv4.dns 192.168.208.2
ipv4.gateway 192.168.208.2
[root@serverA ~]# cat /etc/NetworkManager/system-connections/serverAnet.nmconnection
[connection]
id=serverAnet
uuid=62012638-3b99-4f06-9501-1387844d33a5
type=ethernet
interface-name=ens160
[ethernet]
[ipv4]
address1=192.168.208.138/24,192.168.208.2
dns=192.168.208.2;
method=manual
[ipv6]
addr-gen-mode=default
method=auto
[proxy]Q2 : Configure yum on serverA
[root@serverA yum.repos.d]# pwd
/etc/yum.repos.d
[root@serverA yum.repos.d]# ls
appstream.repo baseos.repo redhat.repo
[root@serverA yum.repos.d]# cat baseos.repo
[BaseOS]
name = BaseOS
baseurl = http://192.168.208.137/softwares/BaseOS
enabled = 1
gpgcheck = 0
[root@serverA yum.repos.d]# cat appstream.repo
[AppStream]
name = AppStream
baseurl = http://192.168.208.137/softwares/AppStream
enabled = 1
gpgcheck = 0
[root@serverA ~]# yum repolist all
Updating Subscription Management repositories.
Unable to read consumer identity
This system is not registered with an entitlement server. You can use subscription-manager to register.
repo id repo name status
AppStream AppStream enabled
BaseOS BaseOS enabledQ3 : Gain superuser access to serverA by resetting its root password.
# Select the Rescue Mode by up down arrows , and press e
# Add the following line at the end of the text 'quiet'
rd.break
# Press ctrl+x
# Follow the commands
switch_root:/# mount -o remount,rw /sysroot
switch_root:/# chroot /sysroot
sh-5.1# passwd
sh-5.1# touch /.autorelabel
sh-5.1# exit
switch_root:/# rebootQ4 : Add an additional SWAP partition of 512M in serverA
[root@serverA ~]# gdisk /dev/nvme0n2
Command (? for help): n
Partition number (1-128, default 1):
First sector (34-10485726, default = 2048) or {+-}size{KMGTP}:
Last sector (2048-10485726, default = 10485726) or {+-}size{KMGTP}: +512M
Current type is 8300 (Linux filesystem)
Hex code or GUID (L to show codes, Enter = 8300): 8200
Changed type of partition to 'Linux swap'
Command (? for help): w
OK; writing new GUID partition table (GPT) to /dev/nvme0n2.
The operation has completed successfully.
[root@serverA ~]# blkid /dev/nvme0n2p1
/dev/nvme0n2p1: UUID="0e8fa244-bf36-4beb-86a1-158fd70c6fb9" TYPE="swap" PARTLABEL="Linux swap" PARTUUID="e5ee047c-7fa8-450a-8fc9-35ef642a029d"
[root@serverA ~]# vim /etc/fstab
[root@serverA ~]# tail -1 /etc/fstab
/dev/nvme0n2p1 swap swap defaults 0 0
[root@serverA ~]# systemctl daemon-reload
[root@serverA ~]# swapon -a
[root@serverA ~]# free -h
total used free shared buff/cache available
Mem: 3.5Gi 1.2Gi 1.7Gi 31Mi 877Mi 2.3Gi
Swap: 2.5Gi 0B 2.5Gi
[root@serverA ~]# lsblk
NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINTS
sr0 11:0 1 1024M 0 rom
nvme0n1 259:0 0 20G 0 disk
├─nvme0n1p1 259:1 0 600M 0 part /boot/efi
├─nvme0n1p2 259:2 0 1G 0 part /boot
└─nvme0n1p3 259:3 0 18.4G 0 part
├─cs-root 253:0 0 16.4G 0 lvm /
└─cs-swap 253:1 0 2G 0 lvm [SWAP]
nvme0n2 259:4 0 5G 0 disk
└─nvme0n2p1 259:10 0 512M 0 part [SWAP]Q5 : Create the following users,group, and group members
- A group named sales
- A user nancy who belongs to sales as a secondary group
- A user sunny who does not have access to an interactive shell on the system, and not a member of the sales group
- nacy, sunny and mike all have password redhat
[root@serverA ~]# groupadd sales
[root@serverA ~]# useradd nancy -G sales
[root@serverA ~]# cat /etc/passwd | grep nancy
nancy:x:1000:1001::/home/nancy:/bin/bash
[root@serverA ~]# groups nancy
nancy : nancy sales
[root@serverA ~]# useradd sunny -s /sbin/nologin
[root@serverA ~]# cat /etc/passwd | grep sunny
sunny:x:1001:1002::/home/sunny:/sbin/nologin
[root@serverA ~]# groups sunny
sunny : sunny
[root@serverA ~]# passwd nancy
[root@serverA ~]# passwd sunny
[root@serverA ~]# useradd mike
[root@serverA ~]# passwd mikeQ6 : Create a logical volume according to the following requirements :
- A logical volume named wshare which belongs to the wgroup volume group and has size of 100 extents.
- Logical volume in the wgroup volume group should have an extent size of 8 MiB.
- Format the new logical volume with vfat file system.
- Note: The logical volume should mount automatically on /mnt/wshare the time of the system booting
# Create PV
[root@serverA ~]# pvcreate /dev/nvme0n3
Physical volume "/dev/nvme0n3" successfully created.
[root@serverA ~]# pvs
PV VG Fmt Attr PSize PFree
/dev/nvme0n1p3 cs lvm2 a-- 18.41g 0
/dev/nvme0n3 lvm2 --- 6.00g 6.00g
# Create VG
[root@serverA ~]# vgcreate wgroup /dev/nvme0n3 -s 8M
Volume group "wgroup" successfully created
[root@serverA ~]# vgs
VG #PV #LV #SN Attr VSize VFree
cs 1 2 0 wz--n- 18.41g 0
wgroup 1 0 0 wz--n- 5.99g 5.99g
[root@serverA ~]# vgdisplay wgroup
--- Volume group ---
VG Name wgroup
System ID
Format lvm2
Metadata Areas 1
Metadata Sequence No 1
VG Access read/write
VG Status resizable
MAX LV 0
Cur LV 0
Open LV 0
Max PV 0
Cur PV 1
Act PV 1
VG Size 5.99 GiB
PE Size 8.00 MiB
Total PE 767
Alloc PE / Size 0 / 0
Free PE / Size 767 / 5.99 GiB
VG UUID hNTctq-Xve3-qcoM-Kl0S-uYaf-PycF-J1OG9Q
# Create LV
[root@serverA ~]# lvcreate wgroup -l 100 --name wshare
Logical volume "wshare" created.
[root@serverA ~]# lvs
LV VG Attr LSize Pool Origin Data% Meta% Move Log Cpy%Sync Convert
root cs -wi-ao---- 16.41g
swap cs -wi-ao---- 2.00g
wshare wgroup -wi-a----- 800.00m
[root@serverA ~]# lvdisplay /dev/wgroup/wshare
--- Logical volume ---
LV Path /dev/wgroup/wshare
LV Name wshare
VG Name wgroup
LV UUID mePSxS-XVyF-iNeQ-9jw7-8c9f-BLF9-vo4ZdT
LV Write Access read/write
LV Creation host, time serverA, 2024-10-07 14:46:20 +0800
LV Status available
# open 0
LV Size 800.00 MiB
Current LE 100
Segments 1
Allocation inherit
Read ahead sectors auto
- currently set to 256
Block device 253:2
# Formatting with VFAT
[root@serverA ~]# mkfs -t vfat /dev/wgroup/wshare
mkfs.fat 4.2 (2021-01-31)
[root@serverA ~]# blkid /dev/wgroup/wshare
/dev/wgroup/wshare: UUID="424E-8680" TYPE="vfat"
# Boot Mount automatically
[root@serverA ~]# tail -1 /etc/fstab
/dev/wgroup/wshare /mnt/wshare vfat defaults 0 0
[root@serverA ~]# systemctl daemon-reload
[root@serverA ~]# mount -a
[root@serverA ~]#
[root@serverA ~]# lsblk
NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINTS
sr0 11:0 1 1024M 0 rom
nvme0n1 259:0 0 20G 0 disk
├─nvme0n1p1 259:1 0 600M 0 part /boot/efi
├─nvme0n1p2 259:2 0 1G 0 part /boot
└─nvme0n1p3 259:3 0 18.4G 0 part
├─cs-root 253:0 0 16.4G 0 lvm /
└─cs-swap 253:1 0 2G 0 lvm [SWAP]
nvme0n2 259:4 0 5G 0 disk
└─nvme0n2p1 259:10 0 512M 0 part [SWAP]
nvme0n3 259:5 0 6G 0 disk
└─wgroup-wshare 253:2 0 800M 0 lvm /mnt/wshare
nvme0n4 259:6 0 5G 0 disk
nvme0n5 259:7 0 5G 0 disk
nvme0n6 259:8 0 2G 0 diskQ7 : Creae a collaborative /home/collab with the following characterstics :
- Group ownership of /home/collab is sales
- The directory should be readable , writable, and accessible to members of sales but not to any other users
- Files created in /home/collab automatically have group ownership set to the sales group
[root@serverA home]# mkdir collab
[root@serverA home]# chown :sales collab
[root@serverA home]# chmod 770 collab
[root@serverA home]# chmod g+s collab
[root@serverA home]# ls -ld collab/
drwxrws---. 2 root sales 6 Oct 7 17:03 collab/Q8 : Create a user account
- Create a user dolly with a uid 5120
- The password for this user should be redhat
[root@serverA ~]# useradd dolly -u 5120
[root@serverA ~]# passwd dolly Q9 : The user nancy must configure a cron job that runs daily at 15:25 local time and executes /bin/echo hello or /usr/bin/echo hi.
[nancy@serverA ~]$ crontab -e
[nancy@serverA ~]$ crontab -l
25 15 * * * /bin/echo helloQ10 : Create a tar archive named /root/data.tar.bz2 which contains the /usr/local contents. The tar archive must be compressed using bzip2
[root@serverA ~]# tar -jcvf data.tar.bz2 /usr/localQ11 : Locate all the files owned by a user smith and place a copy of them in /root/found directory
[root@serverA ~]# find / -type f -user smith -exec cp -rf {} /root/found/ \;Q12 : Configure your system so that it is an NTP client.
[root@serverA ~]# systemctl start chronyd
[root@serverA ~]# systemctl enable chronyd
"/etc/chrony.conf" 51L, 1403B 1,1 Top
[root@serverA ~]# vim /etc/chrony.conf
server 2.centos.pool.ntp.org iburst
[root@serverA ~]# systemctl restart chronyd
[root@serverA ~]# timedatectl set-ntp true
[root@serverA ~]# timedatectl
[root@serverA ~]# chronyc sourceQ13 : Choose the recommended tuned profile for this system and set it as default
[root@serverA ~]# rpm -q tuned
tuned-2.24.0-1.el9.noarch
[root@serverA ~]# systemctl status tuned.service
[root@serverA ~]# systemctl start tuned.service
[root@serverA ~]# systemctl enable tuned.service
[root@serverA ~]# tuned-adm list
[root@serverA ~]# tuned-adm recommend
[root@serverA ~]# tuned-adm active
Current active profile: virtual-guest
[root@serverA ~]# tuned-adm profile virtual-guestQ14 : Copy all the uncommented lines from the file /etc/sudoers in the same order in /root/list file
# ^: Anchors the search to the beginning of the line.
# [^#]: This is a character class that matches any character except #.
# The ^ inside the square brackets negates the character class, meaning it will match any character that is not #.
[root@serverA ~]# grep ^[^#] /etc/sudoersQ15 : Configure web server and enable non-default port 82
[root@serverA ~]# systemctl start httpd
[root@serverA ~]# systemctl enable httpd
# Modify the configuration file
[root@serverA ~]# vim /etc/httpd/conf/httpd.conf
Listen 82
# Make sure selinux know about the port change
[root@serverA ~]# semanage port -a -t http_port_t -p tcp 82
[root@serverA ~]# systemctl restart httpd
[root@serverA ~]# netstat -tnl
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:56707 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN
tcp6 0 0 :::45327 :::* LISTEN
tcp6 0 0 ::1:631 :::* LISTEN
tcp6 0 0 :::82 :::* LISTEN
tcp6 0 0 :::111 :::* LISTEN
tcp6 0 0 :::22 :::* LISTEN
[root@serverA ~]# curl localhost:82
<h1> v1: This is a website !</h1>
# Configure firewall
[root@serverA ~]# firewall-cmd --permanent --add-service=http
[root@serverA ~]# firewall-cmd --permanent --add-port=82/tcp
success
[root@serverA ~]# firewall-cmd --reload
success
[root@serverA ~]# firewall-cmd --list-all
public (active)
target: default
icmp-block-inversion: no
interfaces: ens160
sources:
services: cockpit dhcpv6-client ntp ssh
ports: 82/tcp
protocols:
forward: yes
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
# To check semanage ports
[root@serverA ~]# semanage port -l | grep httpQ16 : The user harry is able to read and write the file /var/tmp/fstab. The user natasha is not able to read or write /var/tmp/fstab
[root@serverA tmp]# setfacl -m u:natasha:--- /var/tmp/fstab
[root@serverA tmp]# setfacl -m u:harry:rw- /var/tmp/fstab
[root@serverA tmp]# getfacl -a /var/tmp/fstab
getfacl: Removing leading '/' from absolute path names
# file: var/tmp/fstab
# owner: root
# group: root
user::rw-
user:harry:rw-
user:natasha:---
group::r--
mask::rw-
other::r--
Q17 : Configure sudo power to a group sales
[root@serverA ~]# visudo
%sales ALL=(ALL) NOPASSWD: ALLQ18 : Default file & directory permission for a user
[harry@serverA ~]$ # 777 - 027 = 750
[harry@serverA ~]$ # 666 - 026 = 640
[harry@serverA ~]$ vi .bashrc
umask 026
umask 027
[harry@serverA ~]$ source .bashrc
[harry@serverA ~]$ touch f1
[harry@serverA ~]$ mkdir d1
[harry@serverA ~]$ ls -lh
total 0
drwxr-x---. 2 harry harry 6 Oct 8 08:43 d1
-rw-r-----. 1 harry harry 0 Oct 8 08:43 f1Q19 : Find files from /usr/share which are less than 5MB and save it in /root/myfiles.
[root@serverA ~]# find /usr/share -size -5M -exec cp -f {} /root/myfiles \;Q20 : Configure nfs and autofs client
# NFS Mounting
[root@serverA exam]# showmount -e 192.168.208.137
Export list for 192.168.208.137:
/home/student/library/shelf6 192.168.208.138
/home/student/library/shelf5 192.168.208.138
/home/student/library/shelf4 192.168.208.138
/home/student/library/shelf3 192.168.208.138
/home/student/library/shelf2 192.168.208.138
/home/student/library/shelf1 192.168.208.138
[root@serverA exam]# tail -2 /etc/fstab
192.168.208.137:/home/student/library/shelf1 /root/exam/shared_shelf1 nfs defaults 0 0
192.168.208.137:/home/student/library/shelf2 /root/exam/shared_shelf2 nfs defaults 0 0
# AUTOFS
[root@serverA exam]# cat /etc/auto.master
/root/exam/ /etc/auto.nfs --timeout=300
[root@serverA exam]# cat /etc/auto.nfs
shared_shelf3 -rw 192.168.208.137:/home/student/library/shelf3
shared_shelf4 -rw 192.168.208.137:/home/student/library/shelf4
[root@serverA exam]# systemctl restart autofs.service
[root@serverA exam]# systemctl status autofs.serviceQ21 : Create a container serverA as user mike URL : (...) , Don't make any changes in Containerfile
[root@serverA ~]# loginctl enable-linger mike
[root@serverA ~]# su - mike
Last login: Tue Oct 8 10:42:44 CST 2024 on pts/0
[mike@serverA ~]$ podman ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
[mike@serverA ~]$ podman ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
[mike@serverA ~]$ cat /home/mike/.config/containers/registries.conf
unqualified-search-registries = ["docker.io"]
[[registry]]
insecure = true
blocked = false
location = "docker.io"
# Build custom image
[mike@serverA ~]$ cat Containerfile
FROM docker.io/library/httpd
MAINTAINER kcsanjeeb091@gmail.com
[mike@serverA ~]$ podman build -t myimage .
STEP 1/2: FROM docker.io/library/httpd
Trying to pull docker.io/library/httpd:latest...
Getting image source signatures
Copying blob 0ffcdbb5bd41 done |
Copying blob 14c9d9d19932 done |
Copying blob f5db40045454 done |
Copying blob 4f4fb700ef54 done |
Copying blob ac0ad684e55d done |
Copying blob b59792d2b7f1 done |
Copying config a3e79aafef done |
Writing manifest to image destination
STEP 2/2: MAINTAINER kcsanjeeb091@gmail.com
COMMIT myimage
--> 5023c6ce6b48
Successfully tagged localhost/myimage:latest
5023c6ce6b4835f9ab4edaa2f4a7ad26cd8433f93a7fd4d8ed563c981526e775
[mike@serverA ~]$ podman images
REPOSITORY TAG IMAGE ID CREATED SIZE
localhost/myimage latest 5023c6ce6b48 24 seconds ago 182 MB
docker.io/library/httpd latest a3e79aafef7f 2 months ago 182 MBQ22 : Configure a container as service
- The container is named mycontainer
- The container uses my image
- The container runs as systemd image as user mike
- The service is named container-mycontainer
[mike@serverA processed]$ podman run -d --name mycontainer -v /home/mike/opt/files/:/opt/incoming:Z -v /home/mike/opt/processed/:/opt/outgoing:Z localhost/myimage:latest
8f87bf1954458a38bc392f41d6a127ca6b38d411cb04d63006e494261a97abd7
[mike@serverA processed]$ podman ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
8f87bf195445 localhost/myimage:latest httpd-foreground 3 seconds ago Up 3 seconds 80/tcp mycontainer
# Boot Time Service
[mike@serverA user]$ pwd
/home/mike/.config/systemd/user
[mike@serverA user]$ podman generate systemd --name mycontainer --files --new
[mike@serverA user]$ ls
container-mycontainer.service
[mike@serverA user]$ systemctl --user enable container-mycontainer.service
Created symlink /home/mike/.config/systemd/user/default.target.wants/container-mycontainer.service → /home/mike/.config/systemd/user/container-mycontainer.service.
[mike@serverA user]$ systemctl --user start container-mycontainer.service
[mike@serverA user]$ podman ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
49e69b35834c localhost/myimage:latest httpd-foreground 1 second ago Up 1 second 80/tcp mycontainerQ23 : Do not allow natasha user to perform cron
[root@serverA ~]# cat /etc/cron.deny
natashaQ24 : The password for all the users should expire after 20 days
# Modify the /etc/login.defs file to change defaults
[root@serverA ~]# vim /etc/login.defs
[root@serverA ~]# grep ^PASS_MAX_DAYS /etc/login.defs
PASS_MAX_DAYS 20
# For individual
[root@serverA ~]# chage -M 20 natasha
[root@serverA ~]# chage -l natasha
Last password change : Oct 08, 2024
Password expires : Oct 28, 2024
Password inactive : never
Account expires : never
Minimum number of days between password change : 0
Maximum number of days between password change : 20
Number of days of warning before password expires : 7
# Test
[root@serverA ~]# useradd user1
[root@serverA ~]# chage -l user1
Last password change : Oct 08, 2024
Password expires : Oct 28, 2024
Password inactive : never
Account expires : never
Minimum number of days between password change : 0
Maximum number of days between password change : 20
Number of days of warning before password expires : 7Q24 : Resize LV
# use r to resize the fs as well
[root@serverA ~]# lvresize -L 2G -r /dev/wgroup/wshare
Size of logical volume wgroup/wshare changed from <1.47 GiB (188 extents) to 2.00 GiB (256 extents).
File system xfs found on wgroup/wshare mounted at /mnt/wshare.
Extending file system xfs to 2.00 GiB (2147483648 bytes) on wgroup/wshare...
xfs_growfs /dev/wgroup/wshare
meta-data=/dev/mapper/wgroup-wshare isize=512 agcount=7, agsize=64000 blks
= sectsz=512 attr=2, projid32bit=1
= crc=1 finobt=1, sparse=1, rmapbt=0
= reflink=1 bigtime=1 inobtcount=1 nrext64=0
data = bsize=4096 blocks=385024, imaxpct=25
= sunit=0 swidth=0 blks
naming =version 2 bsize=4096 ascii-ci=0, ftype=1
log =internal log bsize=4096 blocks=16384, version=2
= sectsz=512 sunit=0 blks, lazy-count=1
realtime =none extsz=4096 blocks=0, rtextents=0
data blocks changed from 385024 to 524288
xfs_growfs done
Extended file system xfs on wgroup/wshare.
Logical volume wgroup/wshare successfully resized.
[root@serverA ~]# lvs
LV VG Attr LSize Pool Origin Data% Meta% Move Log Cpy%Sync Convert
root cs -wi-ao---- 16.41g
swap cs -wi-ao---- 2.00g
wshare wgroup -wi-ao---- 2.00g
[root@serverA ~]# df -h
Filesystem Size Used Avail Use% Mounted on
devtmpfs 4.0M 0 4.0M 0% /dev
tmpfs 1.8G 200K 1.8G 1% /dev/shm
tmpfs 717M 18M 700M 3% /run
efivarfs 256K 33K 224K 13% /sys/firmware/efi/efivars
/dev/mapper/cs-root 17G 5.4G 12G 33% /
/dev/nvme0n1p2 960M 483M 478M 51% /boot
/dev/nvme0n1p1 599M 7.0M 592M 2% /boot/efi
tmpfs 1.0M 0 1.0M 0% /run/stratisd/ns_mounts
tmpfs 359M 96K 359M 1% /run/user/0
tmpfs 359M 52K 359M 1% /run/user/1002
/dev/mapper/wgroup-wshare 2.0G 47M 1.9G 3% /mnt/wshare
[root@serverX ~]# mkfs -t xfs /dev/datastore/engineering
# If question asked To resize
[root@serverX ~]# lvresize -L +100M -r /dev/datastore/engineering
Size of logical volume datastore/engineering changed from 200.00 MiB (20 extents) to 300.00 MiB (30 extents).
File system xfs found on datastore/engineering.
File system mount is needed for extend.
Continue with xfs file system extend steps: mount, xfs_growfs? [y/n]:y
Extending file system xfs to 300.00 MiB (314572800 bytes) on datastore/engineering...
mount /dev/datastore/engineering /tmp/tmp.G68Q3nLS7Z_lvresize_4005
mount done
xfs_growfs /dev/datastore/engineering
meta-data=/dev/mapper/datastore-engineering isize=512 agcount=4, agsize=12800 blks
= sectsz=512 attr=2, projid32bit=1
= crc=1 finobt=1, sparse=1, rmapbt=0
= reflink=1 bigtime=1 inobtcount=1 nrext64=0
data = bsize=4096 blocks=51200, imaxpct=25
= sunit=0 swidth=0 blks
naming =version 2 bsize=4096 ascii-ci=0, ftype=1
log =internal log bsize=4096 blocks=1368, version=2
= sectsz=512 sunit=0 blks, lazy-count=1
realtime =none extsz=4096 blocks=0, rtextents=0
data blocks changed from 51200 to 76800
xfs_growfs done
cleanup unmount /tmp/tmp.G68Q3nLS7Z_lvresize_4005
cleanup unmount done
Extended file system xfs on datastore/engineering.
Logical volume datastore/engineering successfully resized.