Professional Documents
Culture Documents
The traffic coming from desktop on pot 415/tcp should be forwarded to port 22/tcp on your
system
=>
nmcli conn add con-name team1 type team ifname team1 config { runner : { name :
activebackup } }
nmcli con show
nmcli con add con-name team1-slave1 ifname eno1 type team-slave master team1
nmcli con add con-name team1-slave2 ifname en21 type team-slave master team1
Nmcli con modify team1 ipv4.address 192.168.0.100/24 ipv4.method manual
Systemctl restart network.service
Test :-
Nmcli device disconnect eno2
Teamdctl team1 state
6. Configure the following IPV6 ip address for interface eth0 on your both the system.
a. IPV6 address for system1 XXXXXXXX/64
b. IPV6 address for system2 XXXXRRDDX/64
=>
Lab ipv6 setup ( setting up for ipv6 lab )
Vi /etc/sysconfig/network-script/ifcfg-eth0
IPV6INIT=yes
Nmcli conn mod System eth0 ipv6.address XXXXXX/64 ipv6.method manual
Systemctl restart network.service
APACHE
yum install httpd*
systemctl enable httpd
cd /var/www/html
wget ftp://instructor.example.com/pub/rhce/station.html
mv station.html index.html
vim /etc/httpd/conf.d/quetion7.conf (Make the following entry)
<VirtualHost <IP>:80>
ServerName station.domainX.example.com
ServerAdmin root@domainX.example.com
DocumentRoot /var/www/html
ErrorLog log/domainX.example.com_error.log
AccessLog logs/ domainX.example.com_access.log
</VirtualHost>
9. secure web service configure tls encryption for the web server http://serverx.example.com
Assigned certificate for web server is available at classroom:/server.cert , required key for this
certificate file is available at classroom:/server.key the certificate for signing authority is
provided at the classroom:/ca.cert
=>
First we have to make default we server refer Q.7
Yum install mod_ssl*
Cd /etc/pki/tls/certs/
Wget classroom:/ca.cert
Wget classroom:/tls/ca.cert
Cd /etc/pki/tls/private/
Wget classroom:/tls/private/server/
Chmod 0600 serverx.key
Grep v ^# /etc/httpd/conf.d/ssl.conf > /etc/httpd/conf.d/server.conf ( excluding # lines )
Vi /etc/httpd/conf.d/serverx.conf
<virtualHost *:443>
ServerName demo.example.com
SSLEngine on
SSLCertificateFile /etc/pki/tls/certs/demo.example.com.cert
SSLCertificateKeyFile /etc/pki/tls/private/demo.example.com.key
SSLCertificateChainFile /etc/pki/tls/certs/example-ca.cert
</virtualHost>
https://serverx.example.com
add exception
view
comman name (CN) server.example.com
Test,
Now try to open http://server2.example.com/secret
Error Forbidden
Now open our sever m/c firefox & type url http://server2.example.com /server
11. Configure dynamic web content server on port 8877 and download webapp.wcgi and make
document root /var/www/webapp/webapp.wsgi
=>
Yum install http* mod_wsgi* -y
Wget classroom:webapp.html
Ls Z /var/www/webapp/webapp.wsgi/
Restorecon RvvF /var/www/webapp/webapp.wsgi
Semanage port L | grep I 8877 (if not then add firewall rule)
Vi /etc/httpd/conf/httpd.conf
Listen 8877
In <VirtualHost:8877>
WSGIScriptAlias /var/www/webapp/webapp.wsgi
</virtualhost>
12. Make script bar.sh in root directory such that if entered redhat = echo fedora and fedora =
redhat else for all other words ./root/bar.sh redhat|fedora as standerd error.
=>
#!/bin/bash
if [ $1 == fedora ];then
echo redhat
elif [$1 == redhat]; then
echo fedora
else
echo fedora|redhat error
fi
13. Configure NFS, export /public directory with read only assess to desktop, export /protected
directory with read write access to desktop, access to /protected is authenticate by using
kerbaros you can keytab file from classroom:/keytabs , create secure directory inside the
/protected directory, user smita have read and write access on secure directory.
=>
Lab nfskrb5 setup
Yum install nfs* krb* -y
Mkdir /protected /public
Wget O /etc/krb5.keytab classroom:/keytab
Vi /etc/exports
/public 172.25.X.10/24 (ro,sync)
/protected 172.25.X.10/24 (rw,sync,sec=krb5p)
Firewall-cmd permanent add-service=nfs
Firewall-cmd reload
Systemctl enable|restart nfs-secure-server.service
Systemctl enable|restart nfs-server.service
Exportfs avr
Mkdir /protected/secure
Useradd smith
Passwd smith
Setfacl m u:smita:rwx /protected/secure
Systemctl Restart nfs-server
@Client side
Yum install samba-client* cifs-utils* -y
Mkdir /mnt/comman
Mount.cifs o username=sarah //server/samba /mnt/common
Password=postroll
16. The samba share must be permanently mounted on DesktopX machine on /mnt/samba
directory and this share must be allow anyone who can authenticate sarah.
=>
Yum install samba-client* cifs-utils* -y
Mkdir /mnt/samba
Useradd sarah
Vi /etc/samba/userlist.txt
Username=sarah
Password=postroll
chcon system_u:object_r:samba_etc_t:s0 /etc/samba/userlist.txt
Vi /etc/fstab
//server/samba /mnt/samba cifs creds=/etc/samba/userlist.txt
,multiuser,sec=ntlmssp 0 0
Mount a
Su sarah
Smbclient L //172.25.10.11/gabber U Natasha
Cifscreds add server
Password: postroll
Df h
17. Configure iscsi target on server machine.
ISCSI diskname is iqn:2015-06.com.example:server. Iscsi should use default port as 3260. Target
should use 3G backing volume named as datavol. Target should be available to only desktop
machine.
=>
Yum install targetcli y
Systemctl start|enable target
Firewall-cmd permanent add-port=3260/tcp
Firewall-cmd reload
Create partition of 3G via fdisk /dev/vdb1
Now create VG and then LV of 3G named as datavol
Targetcli
Ls cd
Backstores/block create data /dev/vg01/datavol (LV path)
Ls
Iscsi/create iqn: 2015-06.com.example:server
Ls
Iscsi/create iqn:2015-06.com.example:server/tpgl/acl create Iscsi/create iqn:2015-
06.com.example:desktop
Ls
Iscsi/create iqn:2015-06.com.example:server/tpgl/lun create /backstores/block/data
Ls
Iscsi/create iqn:2015-06.com.example:server/tpgl/portal create 172.25.X.11
ip_port=3260
Ls
Saveconfig
Exit