Q1. CORRECT TEXT

ssh service is enabled in your Server. Your LAN is connected to WAN also. Configure to match following conditions.

i. Deny the ssh from outside the example.com domain members.

ii. If any denied hosts tried for ssh then send the information through mail with client;s information.

Answer and Explanation:

1. vi /etc/hosts.deny

sshd:ALL EXCEPT .example.com: spawn echo "Loging attempt from %c to %s" | mail -s "Login from denied hosts" root

We can secure the services using tcp_wrappers. There are main two files, /etc/hosts.allow and /etc/hosts.deny.

There will be three stage access checking

-Is access explicitly permitted? Means permitted from /etc/hosts.allow?

- Otherwise, Is access explicitly denied? Means denied from /etc/hosts.deny?

- Otherwise, by default permit access if neither condition matched.

To deny the services we can configure /etc/hosts.deny file using ALL and EXCEPT operation.

Pattern of /etc/hosts.allow and /etc/hosts.deny file is:

Demon_list:client_list:options

In Client list can be either domain name or IP address.

Q2. CORRECT TEXT

You are giving RHCE exam. Examiner gave you the Boot related problem and told to you that make successfully boot the System. While booting system, you saw some error and stop the boot process by displaying some error messages.

Kernel Panic - not syncing: Attempted to kill init!

And no further boot process. What you will do to boot the system.

Answer and Explanation:

To understand the role of a boot loader, take a step back from Linux. When you boot your computer, the BIOS starts by detecting basic hardware, including your hard drives. Once it's done, it looks for the boot loader on the Master Boot Record of the first available disk. If you're working with an older PC, the BIOS can't find your boot loader unless it's located within the first 1,024 cylinders of the hard disk.

Newer BIOSes overcome this problem with Logical Block Addressing, which is also known as LBA mode. LBA mode reads 'logical' values for the cylinder, head, and sector, which allows the BIOS to 'see' a larger disk drive.

If you have multiple hard drives, there is one more caveat. If your drives are IDE hard drives, the /boot directory must be on a hard drive attached to the primary IDE controller. If your drives are all SCSI hard drives, the /boot directory must be located on a hard drive with SCSI ID 0 or ID 1. If you have a mix of hard drives, the /boot directory must be located on either the first IDE drive or a SCSI drive with ID 0. In other words, this is not an issue on the Red Hat exams unless the computer that you're tested on has more than two hard drives. And I believe that's less likely, as that would increase the cost of the exam.

If you are getting the Kernel panic error, it means it is boot loader related problem. Redhat Enterprise Linux uses the GRUB boot loader. You can pass the kernel parameter from the boot loader as well as you can correct the kernel parameter passing from boot loader from GRUB screen at boot time.

GRUB boot loader configuration file is: /etc/grub.conf

And Correct Configuration is:

default=0

timeout=5

splashimage=(hd0,0)/grub/splash.xpm.gz

hiddenmenu

title Red Hat Enterprise Linux ES (2.6.9-5.EL)

root (hd0,0)

kernel /vmlinuz-2.6.9-5.EL ro root=LABEL=/ rhgb quiet

initrd /initrd-2.6.9-5.EL.img

Probably miss-configured the boot loader, so giving this problem. You can pass the correct parameter from GRUB prompt:

If you know all parameters and sequence of the boot loader you can enter in command prompt also.

Press c on GRUB screen.

Grub> root (hd0,0)

grub> kernel /vmlinuz-2.6.9-5.EL ro root=LABEL=/ rhgb quiet

grub> initrd /initrd-2.6.9-5.EL.img

grub>boot

Q3. CORRECT TEXT

One Logical Volume is created named as myvol under vo volume group and is mounted. The Initial Size of that Logical Volume is 124MB. Make successfully that the size of Logical Volume 245MB without losing any data. The size of logical volume 240MB to 255MB will be acceptable.

Answer and Explanation:

1. First check the size of Logical Volume: lvdisplay /dev/vo/myvol

2. Increase the Size of Logical Volume: lvextend -L+121M /dev/vo/myvol

3. Make Available the size on online: ext2online /dev/vo/myvol

4. Verify the Size of Logical Volume: lvdisplay /dev/vo/myvol

5. Verify that the size comes in online or not: df -h

We can extend the size of logical Volume using the lvextend command. As well as to decrease the size of Logical Volume, use the lvresize command. In LVM v2 we can extend the size of Logical Volume without unmount as well as we can bring the size of Logical Volume on online using ext2online command.

Q4. CORRECT TEXT

Configure the web server for www.abc.com associated IP address is 192.100.0.1 by allowing access to user5 and user6 httpusers.

Answer and Explanation:

1. vi /etc/httpd/conf/httpd.conf

<VirtualHost 192.100.0.1>

ServerName www.abc.com

DocumentRoot /var/www/abc/

<Directory /var/www/abc>

AllowOverride authconfig

</Directory>

DirectoryIndex index.html

ServerAdmin webmaster@abc.com

ErrorLog logs/error_abc.logs

CustomLog logs/custom_abc.logs common

</VirtualHost>

2. Create the directory and index page on specified path. (Index page can download from

ftp://server1.example.com at exam time)

Check the SELinux context of index.html file, should be like this:

-rw-r--r-- root root system_u:object_r:httpd_sys_content_t /var/www/html/index.html

If SELinux Context is mismatched, use the restorecon -R /var command

3. vi /var/www/abc/.htaccess

AuthName "Only to Authorized Users"

AuthType basic

AuthUserFile /etc/httpd/conf/mypasswd

require valid-user

Check the SELinux Context, should like this:

-rw-r--r-- root root root:object_r:httpd_sys_content_t .htaccess

htpasswd -c /etc/httpd/conf/mypasswd user5htpasswd -m /etc/httpd/conf/mypasswd user6chgrp

apache /etc/httpd/conf/mypasswdchmod g+r /etc/httpd/conf/mypasswd

Check the SELinux Context, should like this:

-rw-r--r-- root root system_u:object_r:httpd_config_t /etc/httpd/conf/mypasswd

Use restorecon command to restore the mismatched SELinux Context of the file.service httpd

restartchkconfig httpd on

AllowOverride Authconfig is used to specify which and how much configuration can be overridden by directory specific .htaccess files.

One of the most common tasks performed in users' .htaccess files is adding authorization.

Typically, a user will setup authorization for directories that hold sensitive information with a configuration.

Q5. CORRECT TEXT

Install the Redhat Linux RHEL 4 through NFS. Where your Server is server1.example.com having IP 172.24.254.254 and shared /var/ftp/pub. The size of the partitions are listed below:

/ à 1048

/home à 1028

/boot à 512

/var à 1028

/usr à 2048

Swap -> 1.5 of RAM Size

/archive à configure the RAID Level 0 of remaining all free space.

After completing the installation through NFS solve the following questions. There are two networks 172.24.0.0/16 and 172.25.0.0/16. As well as there are two domains example.com on 172.24.0.0/16 network and my133t.org on 172.25.0.0/16 network. Your system is based on example.com domain.

Answer and Explanation:

1. Insert the CD on CD-ROM and start the system.

2. In Boot: Prompt type linux askmethod

3. It will display the language, keyboard selection.

4. It will ask you for the installation method.

5. Select the NFS Image from the list

6. It will ask the IP Address, Net mask, Gateway and Name Server. Select Use

Dynamic IP Configuration: because DHCP Server will be configured in your exam lab.

7. It will ask for the NFS Server Name and Redhat Enterprise Linux Directory.

Specify the NFS Server: 172.24.254.254

Directory: /var/ftp/pub

8. After Connecting to the NFS Server Installation start in GUI. Go up to the partition screen by selecting the different Options.

9. Create the partition According to the Question because Size and what-what partition should you create at installation time is specified in your question

10. Create the two RAID partitions having equal size of remaining all free space.

11. Click on RAID button

12. Type mount point /archive

13. Select RAID Level 0

14. Click on ok

15. Then select the MBR Options, time zone and go upto package selections.

It is another Most Important Time of installation. Due to the time limit, you should care about the installation packages. At Exam time you these packages are enough.

X-Window System

GNOME Desktop

(these two packages are generally not required)

Administration Tools.

System Tools

Windows File Server

FTP Servers

Mail Servers

Web Servers

Network Servers

Editors

Text Based Internet

Server Configuration Tools

Printing Supports

When installation will complete, your system will reboot. Jump for another Question.

Q6. CORRECT TEXT

Run the squid proxy server on port 8080 by allowing internet access to 192.168.0.0/24 and block msn.com site to access.

Answer and Explanation:

1. vi /etc/squid/squid.conf

#detault:

http_port 8080

#Recommended minimum configuration:

# Near the src acl src section

acl allownet src 192.168.0.0/255.255.255.0

acl msnnet dstdomain .msn.com

#Default:

# http_access deny all

#Under Here

http_access deny msnnet

http_access allow allownet

2. service squid start

3. chkconfig squid on

squid is a proxy caching server, using squid we can share the internet, block the internet, to certain network. First we should define the port for squid, the standard port for squid is 3128. We can run squid on different port by specifying http_port portnumber.

To block or allow the Internet access to hosts, we should create the acl (Access Control List). In this file we can specify only the IP address.

Example: acl aclname src IP/Netmask

After creating acl we can block or allow the Internet to specified acl.

http_access allow | deny alcname

Q7. CORRECT TEXT

You are working as a System Administrator at Certkiller. Your Linux Server crashed and you lost every data. But you had taken the full backup of user's home directory and other System Files on /dev/st0, how will you restore from that device?

Answer and Explanation:

1. Go to on that directory where you want to restore.

2. restore -rf /dev/st0

To restore from backup we use the restore command. Here backup will restore from /dev/st0 on current Directory.

Q8. CORRECT TEXT

Add a user named user4 and make primarily belongs to training group. As well account should expire on 30 days from today.

Answer and Explanation:

1. useradd username

2. passwd username

3. usermod -e "date"

example: usermod -e "12 Feb 2006" user4

Verify: chage -l user4

Q9. CORRECT TEXT

Add a job on Cron schedule to display Hello World on every two Seconds in terminal 8.

Answer and Explanation:

1. cat >schedule

*/2 * * * * /bin/echo "Hello World" >/dev/tty8

3. crontab schedule

4. Verify using: crontab -l

5. service crond restart

Cron helps to schedule on recurring events. Pattern of Cron is:

Minute Hour Day of Month Month Day of Week Commands

0-59 0-23 1-31 1-12 0-7 where 0 and 7 means Sunday.

Note * means every. To execute the command on every two minutes */2.

To add the scheduled file on cron job: crontab filename

To List the Cron Shedule: crontab -l

To Edit the Schedule: crontab -e

To Remove the Schedule: crontab -r

Q10. CORRECT TEXT

You have a domain in your LAN named example.com and my133t.org. Allow the

- Allow the FTP connection only from local domain.

- Deny the FTP connection from my133t.org

Answer and Explanation:

1. vi /etc/hosts.deny

vsftpd:ALL EXCEPT .example.com

or

1. vi /etc/hosts.deny

vsftpd:ALL

2. vi /etc/hosts.allow

vsftpd:.example.com

We can secure the services using tcp_wrappers. There are main two files, /etc/hosts.allow and /etc/hosts.deny.

There will be three stage access checking

- Is access explicitly permitted? Means permitted from /etc/hosts.allow?

- Otherwise, Is access explicitly denied? Means denied from /etc/hosts.deny?

- Otherwise, by default permit access if neither condition matched.

To deny the services we can configure /etc/hosts.deny file using ALL and EXCEPT operation.

Pattern of /etc/hosts.allow and /etc/hosts.deny file is:

Demon_list:client_list:options

In Client list can be either domain name or IP address.