Rhce Exam Rhel5
-
Upload
smile4ever54 -
Category
Documents
-
view
5.449 -
download
1
Transcript of Rhce Exam Rhel5
Systemnotes.org RHCE Study Guide for RHEL5
v1.0 2007/12/02
It is very important to study the official objectives for any exam, as that is the only way to know what to expect. It is not meant to replace official training courses and manuals, but is meant to help students quickly review, so they can determine where to focus their efforts and study in more detail.
This guide is based on the official redhat objectives for the RHEL5 exam see: https://www.redhat.com/certification/rhce/prep_guide/
This guide is freely available from http://systemnotesorg.blogspot.comhttp://systemnotesorg.blogspot.com/2007/12/rhce-study-guide-for-rhel5.html
For more detailed study info on each objective see:http://systemnotesorg.blogspot.com/search/label/RHCE
This guide was prepared by looking at each objective, and asking the questions:
-- What could they ask in order to test for knowledge of this objective?, or -- What kind of troubleshooting might be required?-- How can this requirement be met?
Q: is used to denote possible questions, and A: for possible answers.
Note that there may be more than one answer based on what the objective is, or depending which method is preferred to meet the objective. Some items and ideas were taken from labs in the RHCE course book, and great care was taken to not give away any hints about what might be on the exam, other than what the labs and official objectives lead one to infer.
Page 1 of 17
Systemnotes.org RHCE Study Guide for RHEL5
RHCT skillsTroubleshooting and System Maintenance
RHCTs should be able to:
1) boot systems into different run levels for troubleshooting and system maintenance
boot single to set root password, or fix mounting, or init problemQ: Machine won't bootA: modify /boot/grub/grub.conf root (hd0,0)A: Check files
/etc/rc.local/etc/inittab
A: Fix initrdmkinitrd initrd-`uname -r`.img `uname -r`Q: root password not knownA: 1) boot single (at grub screen, "a", "space", "1", enter), 2) passwd rootItems to study: grub, initrd,vmlinuz, inittab, rc.sysinit...
2) diagnose and correct misconfigured networking
system-config-network, orvi /etc/sysconfig/network-scripts/ifcfg-eth0
check IPADDR, NETMASK, GATEWAY ONBOOT=yes
PEERDNS=novi /etc/sysconfig/network
3) diagnose and correct hostname resolution problems
/etc/resolv.conf/etc/hosts
4) configure the X Window System and a desktop environment
Remember X troubleshooting should be done from the command prompt, andnot within X.
Files:/etc/X11/xinit/xinitrc.d/etc/X11/xorg.conf
Page 2 of 17
Systemnotes.org RHCE Study Guide for RHEL5
Q: Boot to XA: Set runlevel 5 in /etc/inittab
vi /etc/inittabchangeid:3:initdefault:toid:5:initdefault:
Q: X won't loadA: Check config filesA: system-config-display --reconfigA: /tmp or /home is full
5) add new partitions, filesystems, and swap to existing systems
This one is a little hard to explain. It just takes some practice to understand.Tools available:fdisk /dev/hda
t / fd (raid)partprobemdadm -C /dev/md0 -l 5 -n 3 /dev/hda6 /dev/hda7 /dev/hda8mke2fs -j /dev/md0Q: mount something, such as: /dev/hda7 on /dataA: make directory, mount, modify /etc/fstab
1) mkdir /data2) mount -t ext3 /dev/hda7 /data3) vi /etc/fstab/data /data ext3 defaults 1 2
view or change label: e2label /dev/hda2 e2label /dev/vg0/data0 /data
6) use standard command-line tools to analyze problems and configure systemls, cp, mv, rm, tail, cat, etcsystem-config-<tab>
Page 3 of 17
Systemnotes.org RHCE Study Guide for RHEL5
Installation and Configuration
RHCTs must be able to:
1) perform network OS installation
Enter the nfs, or ftp server address and path
2) implement a custom partitioning scheme
Probably easiest during GUI install
3) configure printing
probably the easiest thing to do is use:system-config-printer
/etc/cups/cupsd.conflpadminlpstat, lpqreject disableaccept /usr/bin/enable
4) configure the scheduling of tasks using cron and at
Understand how cron fields work:min hr month_day month weekday
copy script to /etc/cron.daily, /etc.cron.monthly, etc. orModify /etc/crontab: crontab -eList cron jobs: crontab -l
Add an at job: at [-f file] TIMEView at queue: atqRemove at jog: atrm job
5) attach system to a network directory service, such as NIS or LDAP
1) Install ypbind, portmap 2) system-config-authentication
check: Enable NIS Support, or Enable LDAP Supportclick: Configure NIS..., or Configure LDAP...
3) configure firewall, if requirediptables -A INPUT -s 192.168.0.0/255.255.255.0 -p tcp -m tcp --dport 835:837 -j ACCEPT service iptables save
Page 4 of 17
Systemnotes.org RHCE Study Guide for RHEL5
test:ypwhichnisdomainname -ygenent servicesgetent passwd smithrpcinfo -p
files:/etc/yp.conf/etc/sysconfig/network/etc/pam.d/system-auth/etc/nsswitch.conf
6) configure autofs
/etc/auto.master/home/guests /etc/auto.guests --timeout=60
/etc/auto.guests* -rw,soft,intr server1:/home/guests/&
service autofs restartchkconfig portmap onchkconfig autofs on
7) add and manage users, groups, quotas, and File Access Control Lists
Q: Create group, add users, set primary groupA: Use groupadd, useradd, usermod
groupadd -g 1000 groupnameuseradd usernameusermod -G groupname username
(-G for primary group)
quotas Q: Setup a 70kb hard block user quota for user tim on /home/tim:A: Use a Hard Block user quota (or Soft depending on question).
1) modify /etc/fstabchange defaults to usrquota for /home
2) mount -o remount /home3) quotacheck -cuf /home4) quotaon /home5) setquota -u tim 0 60 0 0 /home or5a) edquota tim
Page 5 of 17
Systemnotes.org RHCE Study Guide for RHEL5
Disk quotas for user tim (uid 502): Filesystem blocks soft hard inodes soft hard /dev/hda5 16 0 0 8 0 0
6) repquota /homeor
quota tim7) test
a) quota timb) su - timc) dd if=/dev/zero of=/home/tim/somefile bs=1024 count=70d) ls -lfile should be less than 70 kilobytes
Quota Command to remember:
quotacheck -cuf /homequotaon /homeedquota timquota timrepquota /home
*** Lab: Set a user soft block quota of 1MB for user diskhog on /blackhole, (or hard block, hard / soft inode). Know when to use each type of quota ***
Enable quotas:
quotacheck -cuf /blackholequotaon /blackhole
Set Quota: block inode h s h s
setquota -u diskhog 0 1024 0 0 /blackholeoredquota -u diskhog
Report on Quota for user or directory:
quota -u diskhogrepquota /blackhole
Passworddefaults:
/etc/login.defschage [options] username
Page 6 of 17
Systemnotes.org RHCE Study Guide for RHEL5
password files:/etc/passwd/etc/shadow/etc/group
8) configure filesystem permissions for collaboration
Q: Make user alex a member of sales with write permissions to /depts/salesQ: Make user sales, hr, and web groups in /depts/A:mkdir -p /depts/{sales,hr,web}for GROUP in sales hr web;do chgrp $GROUP /depts/$GROUP;donechmod 770 /depts/*chmod g+s /depts/*
Test permissions as alex:su - alex
9) install and update packages using rpm
You may have to mount a directory over nfs, or install directly from http://
rpm -Uvh filenamex.i386.rpmrpm --import /usr/share/rhn/RPM-GPG-KEYrpm -K /tmp/rpmversion.i386.rpm
10) properly update the kernel package
Just remember to use rpm -i, so the old kernel will still be there.
1) mkdir /server12) mount server1:/var/ftp/pub /server13) cd /server1/Redhat/RPMS4) rpm -ivh kernel-*5) vi /boot/grub/grub.conf
default=0
11) configure the system to update/install packages from remote repositories using yum or pup
/etc/yum.conf
12) modify the system bootloader
/boot/grub/grub.conf
Page 7 of 17
Systemnotes.org RHCE Study Guide for RHEL5
13) implement software RAID at install-time and run-time
fdisk /dev/hdafd (raid)
partprobemdadm -C /dev/md0 -l 5 -n 3 /dev/hda6 /dev/hda7 /dev/hda8mke2fs -j /dev/md0mount /etc/fstabmdadm --detail /dev/md0recover
mdadm /dev/md0 -a /dev/sda1
14) use /proc/sys and sysctl to modify and set kernel run-time parameters
Q: turn on ip forwardardingA: 1) vi /etc/sysctl.conf net.ipv4.ip_forward=1 2) sysctl -p
orecho 1 > /proc/sys/net/ipv4/ip_forward
to view:sysctl -a | grep ipv4to find available options for ipv4:ls /proc/sys/net/ipv4
15) use scripting to automate system maintenance tasks
Maybe put a script in /etc/cron.daily?Login Shell Scripts/etc/profile/etc/profile.d/*.sh~/.bash_profile~/.bashrc/etc/bashrc
Page 8 of 17
Systemnotes.org RHCE Study Guide for RHEL5
RHCE skillsTroubleshooting and System Maintenance
RHCEs must demonstrate the RHCT skills listed above, and should be able to:
1) use the rescue environment provided by first installation CD
linux rescue
2) diagnose and correct boot failures arising from bootloader, module, and filesystem errors
init/etc/rc.d/rc.sysinit/etc/rc.d/rc adn /etc/rc.d/rc?.d/etc/rc.d/rc.localgrub/boot/grub/grub.conffilesystem/etc/fstabfsck /dev/hda
3) diagnose and correct problems with network services (see Installation and Configuration below for a list of these services)
4) add, remove, and resize logical volumes
LVM - Hint: use apropos quota, or just lvm to find commands. Q: expand or shrink logical volume (RHCE) A: Make sure there is enough space, and volume is online, use vgconvert if necessary
ext2online /dev/vg0/data0 120Mlvextend -L +100M /dev/vg0/data0lvreduce -L 120M /dev/vg0/data0vgdisplay -v vg0pvdisplaylvdisplay
Q: Create a logical volume A: First create physical volume, then volume group, then logical volume PV -> VG -> LV
pvcreate /dev/hda6 /dev/hda7 /dev/hda8vgcreate vg0 /dev/hda6 /dev/hda7lvcreate -L 50M -n data0 vg0ext2online /dev/vg0/data0 lvextend -L +6M /dev/vg0/data0
Page 9 of 17
Systemnotes.org RHCE Study Guide for RHEL5
resize2fs -L /dev/vg0/data0 40Mlvreduce -L 40M /dev/vg0/data0 vgconvert
5) diagnose and correct networking services problems where SELinux contexts are interfering with proper operation.
SELinux getenforce
setenforce 1check context with ls -ZQ: Set up directory to use context of another directoryA: Use the other directory as a reference
chcon -R --reference /var/www/html /var/www/html/www1
Page 10 of 17
Systemnotes.org RHCE Study Guide for RHEL5
Installation and Configuration
RHCEs must demonstrate the RHCT-level skills listed above, and they must be capable of configuring the following network services:
1) HTTP/HTTPS
install httpd, check context with ls -ZQ: Create a virtual host www1.example.com w/ subdirectory /var/www/html/www1A: 1) install httpd, modify /etc/httpd/conf/httpd.conf file
<VirtualHost 192.168.0.1:80>ServerName www1.example.comDocumentRoot /var/www/html/www1
</VirtualHost> 2) chcon -R --reference /var/www/html /var/www/html/www1 3) service httpd restart 4) chkconfig httpd onTesting
service httpd configtest
2) SMB
Q: Configure Samba share /home/depts/legal1) install samba
rpm -Uvh samba-* system-config-samba*(optional)2) vi /etc/samba/smb.conf
[sharename]path = /home/depts/legalbrowseable = nowriteable = no
3) configure firewallport 445, 137-139
3) NFS
Q: Export /data directory with nfsThe nfs server is an RPC service, and thus requires portmapA: Modify /etc/exports, start nfs & portmap (make sure /data directory exists)1) modify /etc/exports
/data *(sync,rw)2) start services
service nfs startservice portmap start
Page 11 of 17
Systemnotes.org RHCE Study Guide for RHEL5
chkconfig nfs onchkconfig portmap on
3) verify config, & check mountsexportfs -vshowmount -e localhostrpcinfo -p localhost
4) restartexportfs -r, orservice nfs reload
Q: Mount server1:/var/ftp/pub with nfs on /server11) mkdir /server12) vi /etc/fstab
192.168.2.254:/var/ftp/pub /server1 nfs soft,defaults 0 03) mount -a
* configure autofsAutomountQ: Configure automount for nfs mount from nis domain on server1A: 1) mkdir /net 2) vi /etc/auto.master
# uncomment /net line/net /etc/auto.net
3) start servicesservice portmap startservice autofs startchkconfig autofs onchkconfig portmap on
Q: Configure automount for nfs mount of /rhome directories from nis domain on server1A: Create base directory 1) mkdir /rhome 2) vi /etc/auto.master
# copy and modify /misc line/rhome /etc/auto.rhome
3) vi /etc/auto.rhome* -rw,soft.intr server1:/home/guests/&
4) start servicesservice portmap startservice autofs startchkconfig autofs onchkconfig portmap on
Page 12 of 17
Systemnotes.org RHCE Study Guide for RHEL5
4) FTP
Q: Configure ftp with /var/ftp/incoming directoryA:install vsftpd1) rpm -Uvh vsftpd*2) service vsftpd start3) chkconfig vsftpd on4) create incoming directory
cd /var/ftpmkdir incomingchown root:ftp fincomingchmod 730 incoming
5) vi /etc/vsftpd/vsftpd.confuncomment the lines -- #anon_upload_enable=YES#chown_uploads=YES#chown_username=whoeveraddanon_umask=077
6) service vsftpd restart7) configure firewall
iptables -A INPUT -s 192.168.0.0/24 -p tcp --dport 21 -j ACCEPTservice iptables save
5) Web proxy
Q: Install a web proxy and allow a certain network to access itA: Install & configure squid1) install squid, and start the service
rpm -ivh --aid squid*service squid startchkconfig squid on
2) vi /etc/squidacl example src 192.168.0.0/24http_access allow example
3) service squid reload4) Configure browser to test:
Edit / Preferences /General / Connection SettingsManual proxy configuration / HTTP Proxy: localhost Port: 3128
Enable port in firewall, if requirediptables -A INPUT -s 192.168.0.0/24 -p tcp --dport 3128 -j ACCEPTservice iptables save
Page 13 of 17
Systemnotes.org RHCE Study Guide for RHEL5
Useful parameters:http_port 3128cache_mem 8 MBcache_dir ufs /var/spool/squid 100 16 256acl all src 0.0.0.0/0.0.0.0http_access allow localhosthttp_access deny all
hint: find out that port number is 3128grep squid /etc/services
6) SMTP
install sendmail, sendmail-cf, sendmail-doc (optional)
Q: Configure mail server to accept internet emailA: modify /etc/mail/sendmail.mc
1) cd /etc/mail2) vi /etc/mail/sendmail.mc
search for 127.0, put dnl at the front of the line3) make
or m4 sendmail.mc > sendmail.cf service sendmail restart
Q: Mail aliasA: modify /etc/aliases, run newaliasesQ: Receive mail for DomainX.example.comA: modify sendmail mc as above, and add domain to /etc/mail/local-host-names
domainx.example.com
Debugging: mail -v root mailq, mailq -Ac sendmail -q tail -f /var/log/maillog
7) IMAP, IMAPS, and POP3
Q: Configure for pop3 (or imap)A: 1) install dovecot 2) vi /etc/dovcot.conf
protocols = pop3 3) service dovecot restart 4) chkconfig dovecot onTesting:note: root is not permitted to login
Page 14 of 17
Systemnotes.org RHCE Study Guide for RHEL5
echo "pop" | mail -s test studenttelnet localhost 110user studentpass studentstatlistretr 1quit
8) SSH
/etc/ssh/~/.ssh/
9) DNS (caching name server, slave name server)
Q: Setup a slave name serverA: 1) install bind, bind-utils, and caching-nameserver2) when configuring a slave name server, start with caching, and modify3) vi /etc/named.conf
comment out dump-file sectionadd:zone "example.com" { type slave; masters { 192.168.0.254 }; file "slaves/slave-example.com.zone";};
4) vi 0.168.192.in-addr.arpaadd:zone "0.168.192.in-addr.arpa" { type slave; masters { 192.168.0.254 }; file "slaves/0.168.192.zone";};
To verify: named-checkconf named-checkconf -t /var/named named-checkzone example.com example.com.zone5) start named, and make it start at boot service named restart; tail -f /var/log/messages | grep named chkconfig named onRemember to check /etc/resolv.conf on all client machines.
Page 15 of 17
Systemnotes.org RHCE Study Guide for RHEL5
10) NTP
/etc/ntp.conf
For each of these services, RHCEs must be able to:
1) install the packages needed to provide the service
rpm -Uvh packagename.rpm, oryum install packagename
2) configure SELinux to support the service
getenforcesetenforce 1check context with ls -Zchcon -R --reference /var/www/html /var/www/html/www1
3) configure the service to start when the system is booted
chkconfig servicename on
4) configure the service for basic operation
different for each service
5) Configure host-based and user-based security for the service
setuid?/etc/xinet.d/
RHCEs must also be able to:
1) configure hands-free installation using Kickstart
2) implement logical volumes at install-time
3) use iptables to implement packet filtering and/or NAT
iptables is usually configured to be as restrictive as possible, but thismay be difficult to implement in an exam environment. Read the instructionscarefully, and try to find the best way to implement it.
Page 16 of 17
Systemnotes.org RHCE Study Guide for RHEL5
--- commands ---iptables -Liptables -Fservice iptables saveservice iptables restartchkconfig iptables on
--- starting config ---iptables -P INPUT DROPiptables -A INPUT -i lo -j ACCEPTiptables -A INPUT -m state --state ESTABLISHED, RELATED -j ACCEPT
--- sample file ---cat /etc/sysconfig/iptables*filter:INPUT DROP [67:11217]:FORWARD ACCEPT [0:0]:OUTPUT ACCEPT [58:6450]-A INPUT -s 192.168.0.10 -p tcp -m tcp --dport 22 -j ACCEPT -A INPUT -s 192.168.0.1 -p tcp -m tcp --dport 22 -j ACCEPT -A INPUT -i lo -j ACCEPT -A INPUT -s 192.168.0.254 -p tcp -m tcp --dport 22 -j ACCEPT -A INPUT -s 192.168.0.254 -p udp -m udp --sport 53 -j ACCEPT -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT -A INPUT -s 192.168.0.0/255.255.255.0 -p tcp -m tcp --dport 22 -j ACCEPT -A INPUT -s 192.168.0.0/255.255.255.0 -p udp -m udp --dport 53 -j ACCEPT -A INPUT -s 192.168.0.0/255.255.255.0 -p tcp -m tcp --dport 445 -j ACCEPT -A INPUT -s 192.168.0.0/255.255.255.0 -p tcp -m tcp --dport 21 -j ACCEPT -A INPUT -s 192.168.0.0/255.255.255.0 -p tcp -m tcp --dport 2049 -j ACCEPT -A INPUT -s 192.168.0.0/255.255.255.0 -p udp -m udp --dport 2049 -j ACCEPT -A INPUT -s 192.168.0.0/255.255.255.0 -p tcp -m tcp --dport 25 -j ACCEPT -A INPUT -s 192.168.0.0/255.255.255.0 -p tcp -m tcp --dport 110 -j ACCEPT -A INPUT -s 192.168.0.0/255.255.255.0 -p tcp -m tcp --dport 80 -j ACCEPT -A INPUT -s 192.168.0.0/255.255.255.0 -p tcp -m tcp --dport 3128 -j ACCEPT -A INPUT -s 192.168.0.0/255.255.255.0 -p tcp -m tcp --dport 835:837 -j ACCEPT COMMIT
4) use PAM to implement user-level restrictions
/lib/security//etc/pam.d/
Page 17 of 17