Configuring Samba

1. #yum install samba
2. #service smb restart
3. #chkconfig smb on
4. #vim /etc/samba/smb.conf
1. Line 57 Ensure foll. is there --->  [global]
2. Line 74 Put appropriate group name as required. default is workgroup = MYGROUP
1. eg. workgroup = REDHAT
3. Last Line : Copy last 7 lines and paste it below that, fill/replace  as per question.
1. eg share name=song, path=/mp3
1. [song]
2. comment=my collection
3. path=/mp3
4. public=yes
5. writable=yes
6. printable=no
7. write list=+staff   ---->group name
2. Then add following so that people can browse it
1. browseable=yes
5. #service smb restart
6. #mkdir /mp3
7. Then run following on the client side to verify which share name is available against given IP/hostname
1. #smbclient -L <IP address>
8. Check the context of the file to be shared
1. #ls -ldZ /mp3 ----> default context is default_t
9. Change context of the file to be shared
1. #chcon -t samba_share_t /mp3
10. We can verify it
1. in the file /etc/samba/smb.conf       ---> Line 40
2. #smbclient //localhost/song -U       ---> U is for anonymous user
11. If not sharing with public user [#vim /etc/samba/smb.conf]
1. Remove, public=yes
2. Or put, public=no
1. valid user = u1,  u2,  u3
2. host allow = 192.168.0.
3. save & quit
12. Now create samba user
1. #useradd -s /sbin/nologin u1
2. #useradd -s /sbin/nologin u2
3. #useradd -s /sbin/nologin u3
13. Assign samba password to user u1, u2, u3
1. #smbpasswd -a u1
2. #smbpasswd -a u2
3. #smbpasswd -a u3
14. #service smb restart
15. #smbclient -L localhost
16. #smbclient //localhost/song -U u1
17. Verification
1. Now mount it (o=lowercase alphabet o)
2. #mount -t cifs -o user=u1 localhost:/ /mnt         ----> It will ask password for user u1
3. #mount -t cifs -o user=u1%123 localhost:/song /mnt      ----> Password for user u1 is mentioned as 123
18. #df -h

Configuring SMTP (POSTFIX)

1. #yum install postfix
2. #service postfix restart
3. #chkconfig postfix on
4. #vim /etc/postfix/main.cf
1. Line 83 --> Uncomment & put domain name
1. mydomain=example.com
2. Line 99 --> Uncomment & put domain name
1. myorigin=example.com
3. Line 113 --> Uncomment
1. inet_interfaces=all
4. Line 116 --> Comment it
1. #inet_interfaces=localhost
5. Line 164 --> Comment it
1. #mydestination=$myhostname,localhost,$mydomain,localhost
6. Line 165 --> Uncomment
1. mydestination=$myhostname,localhost.$mydomain,localhost,$mydomain
5. #service postfix restart
6. Forward the mail from hr@example.com to employee@example.com
7. #vim /etc/postfix/virtual  
1. Go to last line (shift+g) and append following:
2. hr@example.com     employee@example.com
8. Copy Line 158-159 of /etc/postfix/virtual & Paste in the end of /etc/postfix/virtual and Uncomment it
9. #vim /etc/postfix/virtual
10. #postmap /etc/postfix/main.cf
11. Create alias for hr for employee, like any mail coming to hr@example.com should be delivered to employee@example.com as well
12. #vim /etc/aliases
1. Go to last line, append following
2. hr :     employee

Configuring FTP (Download/Upload)

1. Anonymous Download
1. #yum install vsftpd
2. #service vsftpd restart
3. #chkconfig vsftpd on
2. Local User Download
1. #getsebool -a | grep ftp
2. #setsebool -P ftp_home_dir on
3. #yum install ftp
4. #ftp localhost/<IP>
3. Upload
1. #vim /etc/vsftpd/vsftpd.conf
1. Line 27, --> Uncomment
2. anon_upload_enable=yes
2. #mkdir /var/ftp/upload
3. #chmod g+w /var/ftp/upload
4. #chgrp ftp /var/ftp/upload
5. Check the content,
1. #ls -ldZ /var/ftp/upload      ---> public_content_t
6. Change the content
1. #chcon -t public_content_rw_t /var/ftp/upload
7. Change the boolean
1. #getsebool -a | grep ftp
2. #setsebool -P allow_ftpd_anon_write on
8. #service vsftpd restart
4. Verification
5. #cd /root
6. #ftp localhost/<IP>
7. #ls ---> pub & upload
8. #cd upload
9. #mput install.log
10. Iptable Rules
1. Clients outside example.com should not have access to your FTP service (IP & subnet will be given)
1. #iptables -I INPUT ! -s example.com -p tcp --dport 21 -j REJECT

Export a directory via NFS

1. Create a directory eg. /comon
1. #mkdir /common
2. Install package
1. #yum install nfs-utils
3. Change Mode(chmod) of the directory
1. #chmod 777 /common
4. Make entry in the /etc/exports file
1. #vim /etc/exports
1. (r,w) access only to 192.168.0.1 Network
1. /common         192.168.0.1/255.255.255.0(rw,sync)
2. (r) access to all
1. /common         *(ro,sync)
3. give access to root on host 192.168.0.25
1. /common          192.168.0.25(rw,no_root_sqash,sync)
4. NFS to example.com domain only
1. /common          *.example.com(rw,sync)
5. Save & quit
6. Restart nfs
1. #service nfs restart
7. #chkconfig nfs on
8. To verify,
1. Virtual M/c   #showmount -e localhost

Configuring SSH

1: Search if the package is laready installed.
     #rpm -qa | grep ssh

2:   #yum search ssh
3:   #yum install openssh-server
4:  Make sure you flush iptables before setting any new iptables rule
5: Don't flush your iptables in the middle/end else all your set iptables
    #iptables -F
    #service iptables save
    #service iptables restart

Setting IPTABLE Rules

6: Clients within remote.test should not have SSH access to your system

  #iptables -I INPUT -s <remote.test n/w address> -p tcp --dport 22 j REJECT

7: Only 192.168.0.1/255.255.255.0 should have SSH access

  #iptables -I INPUT ! -s 192.168.0.1/255.255.255.0 -p tcp --dport 22 -j REJECT

8: 192.168.0.1/255.255.255.0 should have SSH access

  #iptables -I INPUT -s 192.168.0.1/255.255.255.0 -p tcp --dport 22 -j ACCEPT

Automounting of iso file/CD-ROM

1: Download the .iso file
        #wget <file_name>
2: Mount Point should be given
3: Make /etc/fstab entry

  #vim /etc/fstab
   /root/image.iso        /mnt       iso9660         loop,ro        0 0

4: save & quit
5:    #mount -a

Configuring SELinux

#vim /etc/sysconfig/selinux

Ensure selinux is in enforcing mode.

Installing New Kernel

1. You will be given the ftp URL where the kernel is available.
2. Open that URL in different tab
3. Note down your current kernel name in PAPER (#uname -r)
4. Download all the kernel files(kernel-*) using #wget from the given URL i.e. opened in different tab of base m/c
5. Note: Ideally 2 files will be there inside the kernel directory of the given URL: eg
6. 1: kernel-<version>.rpm
7. 2: kernel-firmware-<version>.rpm
8. write down the new kernel version which is going to be installed in the PAPER
9. It will be downloaded into the current directory
10. Install it using #rpm
11. #rpm -ivh kernrl-* --force     --->may take 2-3 mins to install
12. Check in file
13. #vim /boot/grub/grub.conf
14. <you will see 2 kernels in the kernel/Title section, old & new. For the system to install with new kernel, defaults=0 (zero) , so first one should be the new kernel which is required>
15. #reboot
16. To verify press esc and verify your kernel name which is going to boot.
17. After booting is done, verify the new kernel (#uname -r)

Configure variable=value(sysvctl=1) in kernel Parameter

In exam question would be asked to ensure sysvctl=1 is available as a kernel parameter and it should reflect in /proc/cmdline

Make the corresponding changes in
#vim /boot/grub/grub.conf
<update the required thing eg . sysvctl=1 at the end of kernel section,>
save & quit
Note: This question will come after installing the new kernel question

FIND and grep Command

Q: Find all files owned by user1, and copy it to the /root/user2 directory while perserving the permission

1. first find how many required files are available of for user1
2. find / -user user1
3. mkdir /root/user2
4. find /home -user user1 -exec cp -p {} /root/user2 \;
5. ls -al /root/user2 (to verify all files are available)
6. or run find / -user user1 again, it will show files available in /root/user2 as well

Note:  '-p' preserves the user/group/chmod permissions

Q: To redirect the contents of /etc/passwd to another file

#cat /etc/passwd > /user/test

#grep root /user/test | sed 's/root/ROOT/g' | sort > /home/user/file1.txt

Configuring File Services, FTP

#yum install vsftpd
#service vsftpd restart
#chkconfig vsftpd on


Note: Home/default directory of anonymous(unknown)/FTP user is /var/ftp/
Default user: FTP Password: FTP
FTP allows anonymous users to login, without password but it doesn't allow normal user to login with credentials.
Below is login with ftp/ftp

Now login with user subh/subh

FTP didn't allow access of home directory of normal user because  Selinux Booleans for 'ftp_home_directory' is 'off'.

Now we set Selinux Booleans for 'ftp_home_dir' to 'on'

#setsebool -P ftp_home_dir on    --> It takes time, as the change is permanent.

#getsebool  -a | grep ftp

Now we will try login ftp with user 'subh/subh:

To come out of FTP, use 'bye'

Configuring Web Services, HTTP

#yum install httpd           --> You need to be root to install any package.
#service httpd restart
#chkconfig httpd on       --> It will ensure httpd will be started on the required run level

Note: Home/default directory of httpd is /var/www/html/

Download the file from the given URL in the question to your home directory or to the location mentioned using wget:

Now we have to copy this file 'index.html' from home directory to '/var/www/html'

#cp index.html /var/www/html
Note: Refrain using 'move' unless mentioned in question. Because 'mv' will not allow to open the web page due to the selinux set up.

If in exam 'move' is mentioned, do below steps:
#mv index.html /var/www/html
#cd /var/www/html
#restorecon *                --> It sets the selinux of the selinux context of the file similar to the parent folder

Configuring Printer

Note: Hostname/IP of printer will be given in question
#system-config-printer
You will get below window:

Click on 'New'

Click on 'Network Printer'

Click on 'Internet Printing Protocol' (IPP)

Host: As per Question

Queue: /printer/LLC (Don't remove /printer, add your printer name given in question after '/printer/')

Click on 'Forward'

Select "Generic" if nothing is mentioned in question.

Click 'Forward'

Click 'Forward'

'Printer Name': Modify as per Question

Click on 'Apply'

LDAP and autofs

#system-config-authentication
You will get below window:

Select 'LDAP' from 'User Account Database' tab.

LDAP Search Base DN: Enter as per question
LDAP Server: Enter as per question
Check "Use TLS to encrypt connections
Click on 'Download CA Certificate
You will get below window:

Enter 'Certificate URL' : Given in question.

Click on 'OK'

Select 'LDAP password' from the 'Authentication Method'

Click on 'Apply'

Question will also ask to configure that ldap user ldapuser15 should get his home directory using autofs and should have read write access

#getent passwd ldapuser15

(if we do su - ldapuser15 without configuring autofs then it will complain that no home directory available)

then congiure the autofs (ensure it will have nfs version 3)

1. #vim /etc/auto.master
1. enter following in the line
2. /home         /etc/auto.ldap
2. #vim /etc/auto.ldap (this file will not be there, we need to create it)
1. enter following in the line
2. ldapuser16       -rw,vers=3     <nfs/ldap server name>:/home/guests/ldapuser16
3. service autofs reload
4. chkconfig autofs on

Configuring NTP

#system-config-date

You will get below window:

Check Synchronize date and Time over network.

Click 'Add'

Enter IP as per Question.

Click on the line below that, i.e. white box

After clicking it will start checking whether entered IP is reachable or not. 

Now click on 'Advanced Options' . (Ensure, your added IP is selected before clicking on advance)

Check 'Speed up initial synchronization'.

Click 'OK'

IP Forwarding

#vim /etc/sysctl.conf

   <line no7>
   net.ipv4.ip-forward = 1              --> Default will be 0(zero), we have to make it 1(one)

Save & Quit

#sysctl -p
#sysctl -a

You may get some error like "unknown key". Ignore it

CRONTAB

#crontab -l                  --> lists crontab job
#crontab -e                 --> edits crontab

Q: How to edit crontab for a specific user ?
=> #su - user
        #crontab -e
          OR
       #crontab -e -u user

Q: How to block a user from using crontab ?
=>  #vim /etc/cron.deny
         <username>
      Save & Quit

Format of crontab: 

    *             *             *             *             *          <command>
 min            hr          Date      Month    Day
(0-59)     (0-23)       (1-31)    (1-12)     (0-7)
                                                           0->Sunday
                                                           7->Sunday

Q: Write a crontab, Message="HappyBday", should be displayed on the home directory of user Natasha in a file bdya.txt, every year 12:00 AM , 23rd March.
=> #crontab -e
    0 0 23 3 * echo "HappyBday" >> /home/natasha/bday.txt

Note: '>' means Overrite and '>>" means Append.

Note: Append to a file when question explicitly mentions that.

Ensure you are root if you are running System Commands. eg. system-config-date

Configuring YUM

#cd /etc/yum.repos.d
#vim client.repo
[server]
name=rhel6
baseurl=ftp://192.168.0.101/pub/Server          --> It will be given in question
gpgcheck=0                        --> Zero


Save and Quit

#yum repolist                   --> It will list all the configured yum
# yum install ftp               --> To verity that yum installation is working so we are installing ftp client

Configuring Static IP

#system-config-network
Unselect DHCP using space, and enter below details:

given in exam instructions
Hostname:
IP :
Subnet Mask :
Gateway :
DNS/Name Server :

Set all above as per exam guidelines

#service network restart
#chkconfig network on
#ifconfig -a
#ifconfig eth0
#ifup eth0

#ping <gateway>   -->check if its pingable, if yes. it has got IP

Above may not work, so make it persistent using below:

#vim /etc/sysconfig/network-scripts/ifcfg-eth0

         <ONBOOT=yes>

Save and quit.

Put the hostname in following file
#vim /etc/sysconfig/network
HOSTNAME=station9.domain.example.com

Breaking root password

1. Keep pressing 'esc' during booting.
2. Press 'e' edit.
3. Move Selection to 2nd line.
4. Press 'e' edit
5. Enter ' 1' -->one space 1
6. Press enter
7. Press 'b' boot
8. Now your system is in single user mode
9. Check selinux status  #getenforce
10. Set selinux to 0(zero) i.e. disabled/permissive  #setenforce 0
11. Now change password  #passwd
12. Set selinux to 1, i.e. Enforcing  #setenforce 1
13. Make the changes persistent in #find /etc -name selinux --> /etc/sysconfig/selinux 
14. #vim selinux -->SELINUX=permissive/disabled/enforcing
15. Reboot your system  #init 6