RHCSA EX200
📕

RHCSA EX200

Tags
Linux
Networking
Fundamental
Computer Science
Published
July 13, 2023
Author
Aniruddha Ghosh

Red Hat Certified System Administrator

Duration: 4Hrs Total Questions: 20 Full Marks: 300 Passing Marks: 210

Important Informations

You have to configure servera.lab.example.com and serverb.lab.example.com with the following requirements. Your Domain name: - lab.example.com Your Network: - 172.25.250.0/255.255.255.0 Hostname: - servera.lab.example.com and serverb.lab.example.com Your root user password for serverb.lab.example.com is redhat The servera.lab.example.com ip address is 172.25.250.10

Example Practice Questions

Configure the network

Assign Hostname and Ip address for your virtual machine. Hostname serverb.lab.example.com IP Address 172.25.250.11 Netmask 255.255.255.0 Gateway 172.25.250.254 Nameserver 172.25.250.254
#From console of serverb.lab.example.com hostnamectl set-hostname serverb.lab.example.com #Sets FQDN hostname #To verify hostname nmcli connection #Shows all connection interfaces nmcli connection modify "wired_connection_name" ipv4.addresses 172.25.250.11/24 ipv4.gateway 172.25.250.254 ipv4.dns 172.25.250.254 ipv4.method static #Don't forget the netmask /24 means 255.255.255.0 nmcli connection up "wired_connection_name" ping 172.25.250.11 #To verify if everything is correct reboot

Create a repository

#Use SSH and [email protected] vi /etc/yum.repos.d/new.repo #Extension is always repo [1] name=app baseurl=http://classroom.example.com/content/rhel8.0/x86_64/dvd/AppStream enable=1 gpgcheck=0 [2] name=base baseurl=http://classroom.example.com/content/rhel8.0/x86_64/dvd/BaseOS enable=1 gpgcheck=0 yum clean all #Cleans all cache repos yum repolist all #Shows all the repo list yum install vim -y #Verify

Configure the Selinux

Your webcontent has been configured in port 82 at the /var/www/html directory. (Don't alter or remove any files in this directory) Make the content accessible.
semanage port -l | grep http #Check if port is used by any service semanage port -a -t http_port_t -p tcp 82 #Add service to port firewall-cmd --permanent --add-port=82/tcp #Add entry to firewall firewall-cmd --reload #Reloads the firewall for changes to apply firewall-cmd --list-all #Lists the firewall allows yum install httpd -y #Install Apache # Insert the below content systemctl start httpd #Start the apache service systemctl enable httpd # Enable the apache service vim /etc/httpd/conf/httpd.conf #Open apache conf file #Add a webpage as virtual host <virtualhost 172.25.250.11:82> servername serverb.lab.example.com documentRoot /var/www/html </virtualhost> :wq #Saves the file in vim httpd -t #Checks for syntax errors in config file systemctl restart httpd #Restart the apache services ls /var/www/html #Check files for webserver root directory curl http://172.25.250.11:82/filename #verify

Create the following users, groups and group memberships

a) A group named admin. b) A user harry who belongs to admin as a secondary group. c) A user natasha who belongs to admin as a secondary group. d) A user sarah who does not have access to an interactive shell on the system and who is not member of admin. e) The users harry, natasha, sarah should all have password of password.
groupadd admin # Create group useradd harry -G admin #User create with group useradd -G admin natasha #User create with group useradd -s /sbin/nologin sarah # User create with no shell access passwd --stdin harry #Create password for harry id harry #Verify cat /etc/groups #Verify

Create a collaborative directory /common/admin with the following characteristics

a) Group ownership of /common/admin is admin. b) The directory should be readable, writable and accessible to members of admin, but not to any other user. (It is understood that root has access to all files and directories on the system.) c) Files created in /common/admin automatically have group ownership set to the admin group.
mkdir -p /common/admin #Create the directory chgrp admin /common/admin #Change ownership to admin chmod 770 /common/admin # Change permission chmod g+s /common/admin #Future permission to group ls -ld /common/admin #verify su harry #login with harry as he is admin #create a file inside the folder and verify logout

Configure autofs to automount the home directories of production5 domain users.

a) servera.lab.example.com (172.25.250.10) NFS -exports /home-directories to your system. b) production5 home directory is servera.lab.example.com:/home-directories/production5 c) production5 home directory should be automounted locally mapped to /localhome in your system. d) The home directories must be writable by their users. e) While you are able to log in as any of the users production1 through production30, the only home directory that is accessible from your system is production5.
yum install autofs #Install autofs systemctl start autofs #Start the service systemctl enable autofs # Enable service at system reboot getent passwd production5 # Shows user home directory info vim /etc/auto.misc #Edit autofs conf production5 -rw,soft,intr servera.lab.example.com:/home/production5 :wq systemctl restart autofs #Restart autofs after conf change su production5 #Login as the user #Create a file inside the home directory of production5 logout

Set a Cron job for harry on 12.30 at noon print /bin/echo on "hello".

crontab -eu harry #Open crontab to edit 30 12 * * * /bin/echo "hello" cat /etc/crontab #Check for the changes in crontab crontab -lu harry #verify

Configure Acl permission

a) The file /var/tmp/fstab is owned by root user. b) The file /var/tmp/fstab is belongs to the group root. c) The file /var/tmp/fstab is should not be executable by anyone. d) The user harry is able to read and write by /var/tmp/fstab. e) The user natasha can neither read nor write /var/tmp/fstab. f) All other users (current / future) have the ability to read /var/tmp/fstab.
setfacl -m u:harry:rw /var/tmp/fstab #Set ACL for harry setfacl -m u:natasha:--- /var/tmp/fstab #Set facl for natasha getfacl /var/tmp/fstab /var/tmp/fstab #Verify

Configure the NTP

Configure your system so that it is an NTP client of classroom.example.com
vim /etc/chrony.conf #Open NTP configuration #Remove the other default server server classroom.example.com iburst #Add this line systemctl restart chronyd.service #Restart the server chronyd sources #verify

Locate the Files

Find a string "home" in /etc/passwd and searching string as been stored in /root/search.txt
find / -user sarah -type f -exec cp{} /root/find.user \; ls -al /root/find.user #verify

Find the string

Find a string "home" in /etc/passwd and searching string as been stored in /root/search.txt
grep "home" /etc/passwd > /root/search.txt

Create a user account

Create a new user with UID 1326 and user name as alies.
useradd -u 1326 alies

Create an archieve file

Backup the /var/tmp as /root/test.tar.gz
tar -zcvf /root/test.tar.gz /var/tmp #If file ext is gz=z and bz2=j

Set the Permission

a) All new creating files for user natasha as -r-------- as default permission. b) All new creating directories for user natasha as dr-x------ as default permission.
su - natasha #change the user in shell umask #check current umask vim .bash_profile #Open bash conf umask 277 #Set custom umask source .bash_profile #Source new conf mkdir folder1 #Test1 touch file1.txt #Test2 logout

Password Expire Date

The password for all new users in serverb.lab.example.com should expires after 20 days.
vim /etc/login.defs #Open configuration file PASS_MAX_DAYS 20 # Number is in days

Assign Sudo Privilege

Assign the Sudo Privilege for Group "admin" and Group members can administrate without any password.
vim /etc/sudoers #Open the config file #for user admin ALL=(ALL) NOPASSWD:ALL #For Groups %admin ALL=(ALL) NOPASSWD:ALL #Save with :wq!
To know more about the syntax of the setting file check here https://serversforhackers.com/c/sudo-and-sudoers-configuration

Login Text Message

Configure the application RHCSA as an alice user, When login it will show the message
su - alice # Change user to alice vim .bash_profile #Open bash profile RHCSA="Welcome to Redhat" export RHCSA #Export the variable to use echo $RHCSA #This will echo at the time of login source .bash_profile #Apply the bash profile changes logout su -alice #After login you will get the text

Create the script file

a) Create a mysearch script to locate file under /usr/share having size less than 1M. b) After executing the mysearch script file and listed(searched) files has to be copied under /root/myfiles.
mkdir /root/myfiles vim mysearch #! /bin/bash find /usr/share -type f -size -1M -exec cp{} /root/myfiles \; #Find the files chmod +x mysearch #Give execution permission to script sh mysearch # Run the script
For permissions use -perm /4000 u+s setuid 4000 and g+s setgid 2000

Password Break

Break the password for servera.lab.example.com. Assign root user password as northate.
#Reboot the system and press e when grub comes up to edit grub # Add rd.break at the last of the line started with Linux #save and start the machine to enter maintainence mode mount -o remount,rw /sysroot chroot /sysroot passwd --stdin root #Enter the password touch /.autorelabel exit exit #Take ssh of that server with new password
This is only possible when you have the physical machine or access to the console of the machine

Create Repository File

vi /etc/yum.repos.d/new.repo #Extension is always repo [1] name=app baseurl=http://classroom.example.com/content/rhel8.0/x86_64/dvd/AppStream enable=1 gpgcheck=0 [2] name=base baseurl=http://classroom.example.com/content/rhel8.0/x86_64/dvd/BaseOS enable=1 gpgcheck=0 yum clean all #Cleans all cache repos yum repolist all #Shows all the repo list yum install vim -y #Verify

Create a swap partition 512MB size

lsblk # Shows all devices fdisk /dev/vdb #Open fdisk to configure device and partitions n p Enter Enter +512M t L 82 p w udevadm settle on partprobe # Implies that you want to wait for all pending udev events to be completed before running the partprobe command lsblk mkswap /dev/vdb1 #Format the partition as swap blkid #Get the ID of attatched devices and partitions vim /etc/fstab #Add entry to mount at boot /dev/vdb1 swap swap defaults 0 0 free -h #Check total swap swapon -a #mount the new swap free -h #Verify the total swap

LVM and LVG

Create one logical volume named database and it should be on datastore volume group with size 50 extent and assign the filesystem as ext3. (i) The datastore volume group extend should be 8MiB. (ii) mount the logical volume under mount point /mnt/database.
fdisk /dev/vdb #Open to make partitions n p Enter Enter +2G t,2 8e vgcreate -s 8M datastore /dev/vdb2 #Create the vg lvcreate -l 50 -n database datastore #Create the lv within vg lsblk #verify the configuration mkfs.ext3 /dev/datastore/database #Format the logical volume blkid mkdir /mnt/database vim /etc/fstab /dev/datastore/database /mnt/database ext3 defaults 0 0 #Add to mount on boot mount -a #Mount the partition df -hT #See mounted disks

VDO

Create the vectra volume using the VDO with the logical size 50GB and mount under /test directory.
yum install vdo -y #Install vdo systemctl start vdo #Start vdo service systemctl enable vdo #Start vdo with system boot vdo create --name=vectra --device=/dev/vdb --vdoLogicalSize=50G #Create vdo logical partition vdo list #Lists all vdo mkfs.xfs /dev/mapper/vectra #Format the VDO in xfs(default if not mentioned format) blkid mkdir /test vim /etc/fstab #Add in fstab to mount at system boot /dev/mapper/vectra /test xfs defaults,x-systemd.requires=vdo.service 0 0 mount -a #Mount now df -hT #See mounted disks
If this question fails you have to login as a maintainence user in Emergency Mode to fix it. Keep the below commands in mind.
#Login in console as root with password mount -o remount,rw / vim /etc/fstab # Comment the vdo line and reboot

LV Extend

Resize the logical volume size of 100 extent on /mnt/database directory.
df -hT lvextend -l 100 -r /dev/mapper/datastore-database # Size=100*VGSize=100*8MB #If you want to directly use size use -L 600M

Tuned

Set the recommend tuned profile for your system
yum install tuned systemctl start tuned systemctl enable tuned tuned-adm recommend tuned-adm profile profile-name tuned-adm active tuned-adm list systemctl restart tuned

Create the container as system startup service

a) Create the container name as logserver with the images rsyslog are stored in registry on paradise user b) The container should be configured as system startup services c) The container directory is container_journal should be created on paradise user

Configure the Container as persistent storage and create logs for container

a) Configure the container with the persistent storage that mounted on /var/log/journal to /home/paradise/container_journal b) The container directory contains all journal files
This 2 question is actually is a mixer of one. Follow as below.
sh root@serverc id paradise useradd paradise passwd --stdin paradise ssh paradise@serverc #Keep the root ssh session in another tab mkdir ~/container_journal #Execute below in root tab ls /var/log vim /etc/systemd/journal.conf storage=persistent systemctl restart systemd_journald.service ls /var/log/journal cp /var/log/journal/<press Tab>/*.journal /home/paradise/container_journal/ ls /home/paradise/container_journal #Execute in paradise user podman login podman search rsyslog #Take the rhel7/rsyslog(The 1st one) podman pull registry.lab.example.com/rhel8/rsyslog #According the image it changes podman images podman run -d --name logserver -v /home/paradise/container_journal:/var/log/journal:Z registry.lab.example.com/rhel7/rsyslog #URL may vary according to image podman ps mkdir -p ~/.config/systemd/user cd ~/.config/systemd/user ls podman generate systemd --name logserver --new --files ls podman stop logserver podman run logserver podman ps systemctl --user daemon-reload systemctl --user start container-logserver.service systemctl --user enable container-logserver.service podman ps #Execute as root loginctl show-user paradise #Check if linger=no is set loginctl enable-linger paradise loginctl show-user paradise #Execute as paradise podman ps