Node 1

Q.1.
Configure network and set the static hostname.
IP ADDRESS = 172.25.250.10
NETMASK = 255.255.255.0
GATEWAY = 172.25.250.254
DNS = 172.25.250.254
Domain name = lab.example.com
hostname = node1.lab.example.com
ans:
# nmcli connection show
# nmcli con modify "Wired connection 1" ipv4.addresses "172.25.250.10/24"
# nmcli con modify "Wired connection 1" ipv4.gateway 172.25.250.254
# nmcli con modify "Wired connection 1" ipv4.dns 172.25.250.254
# nmcli con up "Wired connection 1"
# ping -c3 172.25.250.10
# hostnamectl
# hostnamectl set-hostname node1.lab.example.com
#systemctl reboot

#Q2. Configure YUM repos with the given link ( 2 repos: 1st is AppStream and
2nd is BaseOS if in the exam there are sequence of links may be change )

● AppSterm_url=
http://content.example.com/rhel9.0/x86_64/dvd/AppStream
● Base_url= http://content.example.com/rhel9.0/x86_64/dvd/BaseOS

#vim /etc/yum.repos.d/local.repo
[1(any name, should be in square braces)] or ( ex. [app] )
name=AppStream(any name)
baseurl= http://content.example.com/rhel9.0/x86_64/dvd/AppStream
enabled=1
gpgcheck=0

[2(any name, should be in square braces)]

name=BaseOS(any name)
baseurl= http://content.example.com/rhel9.0/x86_64/dvd/BaseOS
enabled=1
gpgcheck=0
esc:wq
#dnf search httpd
#yum install httpd -y
#Systemctl start httpd
#dnf repolist all

#Q3. Debug SELinux:

● A web server running on non standard port 82 is having issues serving
content. Debug
and fix the issues.
● The web server on your system can server all the existing HTML files from
/var/www/html ( NOTE: Do not make any changes to these files )
● Web service should automatically start at boot time.
#systemctl start httpd.service
#systemctl enable httpd.service
#cd /var/www/html
#sealert -a /var/log/audit/audit.log
#semanage port -l | grep http
#semanage port -a -t http_port_t -p tcp 82
# semanage port -l | grep http
#systemctl restart httpd
#systemctl enable httpd
#systemctl is-active httpd.service
#firewall-cmd --permanent --add-port=82/tcp
#firewall-cmd --reload
#firewall-cmd –list-all
#curl servera.lab.example.com:82

Q4. Create the following users, groups and group memberships:

(a)A group named admin.
(b)A user harry who belongs to admin as a secondary group.
(c) A user natasha who belongs to admin as a secondary group.
(d) A user sarah who does not have access to an interactive shell on the system
and who is not a member of admin.
(e)The users harry, natasha, sarah should all have password of password.
#groupadd admin
#useradd -G admin harry (-G= secondary group, -g=primary group)
#useradd -G admin natasha
#useradd -s /sbin/nologin sarah (-s=shell)
#passwd --stdin harry
#passwd --stdin natasha
#passwd --stdin sarah
#tail /etc/passwd
#tail /etc/group
Note: --stdin is not mandatory, if we use it no need to retype password and also it shows the
password you typed.

5. Create a collaborative directory /common/admin with the following

characteristics:
(a)Group ownership of /common/admin is admin.
(b) The directory should be readable, writable and accessible to members of
admin, but not any other user.
(It is understood that root has access to all files and directories on the system.)
(c)Files created in /common/admin automatically have group ownership set to
the admin group.

#mkdir -p /common/admin (-p=parent directory)

#ls -ld /common/admin

#chgrp admin /common/admin

#chmod 2770 /common/admin
#ls -ld /common/admin
#su - harry
$touch /common/admin/file1
$ls -ld /common/admin/file1 (you need to get group ownership as admin)
$logout

6. Configure AutoFS
● All Ldapuser2 home directory is exported via NFS, which is available on
classroom.example.com (172.25.254.254) and your NFS-exports directory is
/home/guests for Ldapuser2,
● Ldapuser2's home directory is
classroom.example.com:/home/guests/ldapuse2

Direct
[root-servera] # yum -y install autofs
[root-servera] # vim /etc/auto.master.d/direct.autofs
/- /etc/auto.direct
:wq
[root-servera] # vim /etc/auto.direct
/guests -rw,sync,fstpe=nfs4 serverb.lab.example.com: /home/guests/ldapuse2//guests

:wq
[root-servera] # systemctl restart autofs
[root-servera] # systemctl enable autofs

Indirect
#yum install autofs -y
#vim /etc/auto.master.d/rhome.autofs
/home/guests /etc/auto.rhome
#vim /etc/auto.rhome
* -rw,sync,fstype=nfs4 serverb.lab.example.com:/home/guests/&
#systemctl restart autofs
#systemctl enable autofs
#cd /home/guests/ladapsuser2(or go in ldapsuser2 and #ls /home/guests )
7. Set a Cron job for harry on 12.30 at noon print /bin/echo on "hello".
#crontab -eu harry
30 12 * * * /bin/echo “hello” */1 for every one minute
#crontab -lu harry (it should show crontabs of that user)
(-l=list, -u=user, -e=edit)
Extra:
#cat /etc/crontab (it shows details about cronjob)

8.Configure the NTP

a) Configure your system so that it is an NTP client of classroom.example.com.
#timedatectl
#vim /etc/chrony.conf
#by (#)camment the first address
#Server classrom.example.com iburst
Server classrom.example.com iburst

Esc:wq
#timedatectl
#timedatectl set-ntp true
#systemctl restart chronyd.service
#systemctl enable chronyd.service
#timedatectl

#Q9. Create user 'bob' with 2112 uid and set the password 'trootent'
#useradd -u 2112 bob

#passwd –-stdin bob

trootent

10. Locate the Files

(a) Find the owner of the file harry and copy the file to given path of
/root/find.user

#mkdir /root/find.user
#find / -user harry -exec cp -arf {} /root/find.user \;
#ls -a /root/find.user

11] Tar
create a tar file /tmp/root.tar.gz that compress the /root
[root-servera] # tar -cvzf /tmp/root.tar.gz /root
create a tar file /tmp/root.tar.bz2 that compress the /root
[root-servera] # tar -cvjf /tmp/root.tar.bz2 /root
create a tar file /tmp/root.tar.xz that compress the /root
[root-servera] # tar -cvJf /tmp/root.tar.xz /root

12] Find
Find all files owned by harry, and copy it to catalog: /opt/dir
[root-servera] # mkdir -p /opt/dir
[root-servera] # find / -user harry -exec cp {} /opt/dir \;

13] grep
copy ‘strato’ /usr/share/dict/words to the directory /tmp/data
[root-servera] # grep 'strato' /usr/share/dict/words > /tmp/file
[root-servera] # cat /tmp/file
copy ‘root’ /etc/passwd to the directory /tmp/data1
[root-servera] # grep 'root' /etc/passwd > /tmp/file1
[root-servera] # cat /tmp/file1

14. Set the permission

(a)All new creating files for user natasha as -r-------- as default permission.
(b) All new creating directories for user natasha as dr-x------ as default permission.
#echo “umask 277” >> /home/natasha/.bashrc
#su - natasha
$umask
$mkdir dir1
$ls -l ( o/p directory should have dr-x------ permissions)
$touch file1
$ls -l ( o/p file should have -r-------- permissions)
$exit
Extra
Umask octal value permission
(0=rwx,1=rw-,2=r-x,3=r--,4=-wx,5=-w-,6=--x,7=---)

15 Set the Password expire date

(a)The password for all new users in serverb.lab.example.com should expires after 20 days.
#vim /etc/login.defs
PASS_MAX_DAYS 20
Esc:wq

16 Assign Sudo Privilege

(a)Assign the Sudo Privilege for Group "admin" and Group members can administrate without
any password.
#vim /etc/sudoers.d/admin
%admin ALL=(ALL) NOPASSWD=ALL
Esc:wq
(for user #vim /etc/sudoers.d/harry
harry ALL=(ALL) NOPASSWD:ALL

17.Create the script file

#vim script.sh
#!/usr/bin/bash

find /root/db -type f -size +10k -size -50k -perm /g+s -exec cp -arf {} exam5 \;

#chmod a+x script.sh

# mv script.sh /use/local/bin
# ./script.sh

Or

#vim script.sh
#!/usr/bin/bash
echo “good morning”
esc:wq
#chmod a+x script.sh
# ./script.sh

18. CONTAINER IMAGE

#ssh sia@node1
#wget -----link is given to download container file-----
#cat Containerfile
#podman build -t watcher .
#podman images

19. CONTAINER CREATE and SERVIVE CREATE

# mkdir -p /home/data
# mkdir -p /home/data1
# chown sia:sia /home/data
# chown sia:sia /home/data1
# ssh sia@node1

# podman run -d --name invetntory -v /home/data:/var/data:Z -v

/home/data1:/var/data1:Z -p 80:8080 watcher (NOTE- if port is not given you can add as
80:8080)
#podman ps

#podman ps -a

#mkdir -p ~/.config/systemd/user/
#cd ~/.config/systemd/user/
#podman generate systemd --name inventory --new --files

#systemctl --user daemon-reload

#systemctl --user enable --now Container-inventory.service

#loginctl enable-linger
#podman ps
Node2
NOTE: In this Server 3 Disks will be given.
1. /dev/vda : for ROOT filesystem ( don't do anything under this Disk )
2. /dev/vdb : You need to use Swap and LVM Partition.

Q14. Reset root user password and make it ' redhat '
Lab start boot-resetting
Rht-vmview view servera
Ctrl+alt+delete
Go recurseve mode
linux ---->(press end key) rd.break
ctrl+X
mount -o remount,rw /sysroot
chroot /sysroot
passwd root
redhat
redhat
touch /.autorelabel
exit
exit
2] Yum Configure

#Q2. Configure YUM repos with the given link ( 2 repos: 1st is AppStream and 2nd is BaseOS if in the
exam there are sequence of links may be change )

● AppSterm_url= http://content.example.com/rhel9.0/x86_64/dvd/AppStream

● Base_url= http://content.example.com/rhel9.0/x86_64/dvd/BaseOS

#vim /etc/yum.repos.d/local.repo
[1(any name, should be in square braces)]
name=AppStream(any name)
baseurl: http://content.example.com/rhel9.0/x86_64/dvd/AppStream

enabled=1
gpgcheck=0
[2(any name, should be in square braces)]
name=BaseOS(any name)
baseurl: http://content.example.com/rhel9.0/x86_64/dvd/BaseOS

enabled=1
gpgcheck=0
esc:wq
#dnf search httpd
#yum install httpd -y
#dnf repolist all

EXTENDING THE LV BY 10 EXTEND (sample) (if directly size given in MiB like +100M than use -L else
only extend to 100 than use -l 100 )
[root-serverb] # lvextend -L 800M -r /dev/group/lv1
[root-serverb] # lsblk

Reduce THE LV BY 10 EXTEND

[root-serverb] #unmount /mnt/data
[root-serverb] #e2fsck -t /dev/group/lv1
[root-serverb] # lvextend -L 100M -r /dev/group/lv1
[root-serverb] # mount -a

4] LVM create
Create logical volume ‘lv1’ with volume group ‘group’ .The logical volume ‘lv1’ should be of size 60
extend . create Volume group “vgroup “ PE size should be 4 mb .Filesystem type is ext4. This logical
volume must be mounted at /mnt/redhat.
[root-serverb] # fdisk /dev/vdb
--->n->enter->enter->+1G+->t->8e->p->w
[root-serverb] # partprobe
[root-serverb] # pvcreate /dev/vdb1
[root-serverb] # pvdisplay
[root-serverb] # vgcreate -s 4 group /dev/vdb1
[root-serverb] # vgdisplay
[root-serverb] # lvcreate -l 60 -n lv1 group
[root-serverb] # lvdisplay
[root-serverb] # mkfs -t ext4 /dev/group/lv1
[root-serverb] # mkdir -p /mnt/redhat
[root-serverb] # vim /etc/fstab
/dev/group/lv1 /mnt/redhat ext4 defaults 0 0
:wq
[root-serverb] # mount -a
[root-serverb] # lsblk

6] Swap Partition
create a swap partition of size 985M on vdb and remember that old partition may not deleted.
[root-serverb] # fdisk /dev/vdb
--->n->enter->enter->+985M+->t->82->p->w
[root-serverb] # partprobe
[root-serverb] # mkswap /dev/vdb2
[root-serverb] # vim /etc/fstab
/dev/vdb2 swap swap defaults 0 0
:wq
[root-serverb] # swapon -a
[root-serverb] # swapon -s
[root-serverb] # free
[root-serverb] # lsblk

6. TUNED
#dnf install tuned
#tuned-adm recommend
#tuned-adm profile virtual-guest
#systemctl daemon-reload