RHCE EXAM MODEL Q.

PAPER AND ANSWERS Duration: 3 hours SECTION

1---Troubleshooting and System Maintenance Start your pc in Single usermode and
set one password for user root . (No dictionary word,Min.8Char.)
The System loaded to graphics mode manually. Then, you saw a Question paper link
in Dektop and
Open that link.
Sometimes Graphical mode is in error. Then you login your pc in text mode #vi /e
tc/inittab line no. 18
i[Link]initdefault
remove # symbol of the last line(by default no #symbol)
:wq
#service xfs restart #chattr -i /etc/X11/[Link] #system-config-display Open t
erminal in Graphics mode and type hostname command for checking your machine hostn
ame 1. The examiner can log into your system as root using the passwordu X 4L 7j
W R. The home directory must be /root. Ans:#pwconv passwd command for changing roo
tpassword
2. ping [Link] is successful, and your system uses static networking as d
escribed in /root/[Link] Ans:#cat /etc/[Link] Then read ip,subnet mask
,gateway and dns addresses
type system-config-network
enter ip,subnet mask and gateway? apply? ok
#vi /etc/[Link] nameserver <dns ip address>
:wq
#service network restart
3. dig [Link] successfully resolves that hostname using DNS Ans: it
s dns problem. Already configured in 2nd questn.
4. Your system has a new 300MB partition mounted under /mnt/policy with a 300MB
ext3 filesystem. Note: because partition sizes are seldom exactly what is specif
ied when they are created, anything within the range of 275 to 375MB is acceptab
le . Ans:fdisk l fdisk /dev/hda type n button?enter first cylindersize: enter last c
ylindersize:+300M?enter type w for save and exit #partprobe
#mkfs.ext3 /dev/hda10(new partition)
#mkdir /mnt/policy
#vi /etc/fstab
type /dev/hda10 /mnt/policy auto defaults 0 0 :wq
#mount a
#df (display mounted partition size information)
[Link]:(T05) the requirement described in /root/services is met Ans:#cat /ro
ot/services #vim /etc/exports /documents *(rw,sync) :wq
#service portmap restart
#service nfs restart
[Link]:(T06) the requirement described in /root/wildcard is met Ans:#cat /et
c/wildcard #vim /etc/fstab edit home entry line. /dev/hda10 /home auto defaults,
usrquota 0 0 :wq #mount o remount /home #mount #quotacheck c /home #quotaon /home 7.
Storage:(T10) the requirement described in /root/lvm is met Ans:#cat /root/servi
ces #lvdisplay umount logical volume #lvextend -L+80M /dev/vol/homevol #resize2f
s /dev/vol/homevol mount logical volume SECTION2---Installation and Configuratio
n [Link] the dialog RPM package using YUM. (optional) YUM [Link]
[Link]/pub/Server Ans:#cd /etc/[Link].d #cp [Link] [Link] #vim
[Link] change base url line and enabled yum baseurl=[Link]
ub/Server enabled = 0? 1 (change to 1) :wq #yum install dialog* [Link] the fol
lowing users, groups, and group memberships: A group named usergroup
A user who tony belongs to usergroup as a secondary group
A user paula who also belongs to usergroup as a secondary group
A user mario who does not have access to an interactive shell on the system, and
who is not a
member of usergroup
tony, paula, and mario should all have the password of password Ans :#groupadd u
sergroup #useradd tony #useradd paula #gpasswd -a tony usergroup #gpasswd -a pau
la usergroup #useradd -s /bin/nologin Mario #passwd tony
New password:pa ssw o rd
Retype password:p assw or d
3. Create a collaborative directory /common/usergroup with the following charact
eristics: Group ownership of /common/usergroup is usergroup
The directory should be readable, writable, and accessible to members of usergro
up, but not to
any other user. (It is understood that root has access to all files and director
ies on the system.)
Files created in /common/usergroup automatically have group ownership set to the
usergroup
Group
Ans:mkdir /common/usergroup chgrp usergroup /common/usergroup chmod 2770 /common
/usergroup 4. Install the appropriate kernel update from [Link]
om/pub/updates. The following criteria must also be met:
The updated kernel is the default kernel when the system is rebooted
The original kernel remains available and bootable on the system
Ans:#ftp [Link] Login: anonymous
password: <none>
ftp> cd pub/updates
#ftp>ls
#ftp>get <kernel RPM name>
#ftp>bye
#ls
#rpm ivh <kernel RPM name>
OR #rpm -ivh [Link] Then #vi /etc/[Link]
nf Change default is 0 :wq 5. Enable IP forwarding on your machine. Ans:#vi /etc/s
[Link] line no.7 net.ipv4.ip_forward=0 ---? 1 (change to 1) :wq [Link] up the
default local print queue to forward jobs to the IPP (CUPS) print queuestationxo
[Link], where x is your station number. Configure this printer as G
eneric- text only print queue. Note: The queue stationx on server1 dumps print jo
bs into the file [Link] This file can be examined to
confirm that you have configured the print queue correctly. Ans:Open new termina
l? type service cups restart ?enter type system-config-printer ?enter?click New Printer
type printer name as station4 ?forward select internet printing protocol and type Hos
tname and Domainname Hostname= [Link] Printername= station4 forward
?select Generic ?forward?select Text Only from Models?forward?Apply Select printer nam
e(station4) in side bar? click Make Default Printer and Print test page close
#service cups restart
#chkconfig network on
#chkconfig cups on

7. The user tony must configure a cron job that runs daily at 16:45 local time a
nd executes /bin/echo ciao Ans:#crontab -e -u tony 45 16 * * * /bin/echo ciao :w
q #service crond restart #chkconfig crond on 8. Bind to the NIS domain GELATO pr
ovided by [Link] for user authentication. Note the following:
nisuserx should be able to log into your system, where x is your station number,
 but will not have
a home directory until you have completed the autofs requirement below
All NIS users have a password of password
Ans:#authconf ig-tui click Use NIS ?Next type Domain name and server address Domain
GELATO Server [Link] ok login your user (eg:username is nisuser10,if you
r station no. is 10) and password isp a ssw o rd we can t get home directory 9. Co
nfigure autofs to automount the home directories of NIS users. Note the followin
g: [Link] ([Link]) NFS-exports /rhome/stationx to your syste
m, where
x is your station number
nisuserx's home directory is [Link]:/rhome/stationx/nisuserx
nisuserx's home directory should be automounted locally beneath /rhome as /rhome
/nisuserx
home directories must be writable by their users
While you are able to log in as any of the users nisuser1 through nisuser20, the
only home
directory that is accessible from your system is nisuserx.
Ans:#vi /etc/[Link] move to end line and type /rhome /etc/[Link] :wq
#vi /etc/[Link]
move to last line and type this
nisuser10
- -rw,sync [Link]:/rhome/station10/nisuser10 :wq #service autofs restart
#chkconfig autofs on Login your user ,then we get home directory of that particu
lar user
10. Copy the file /etc/fstab to /var/tmp. Configure the permissions of /var/tmp/
fstab so that the file /var/tmp/fstab is owned by the root user.
the file /var/tmp/fstab belongs to the group root.
the file /var/tmp/fstab should not be executable by anyone.
the user tony is able to read and write /var/tmp/fstab
the user paula can neither write nor read /var/tmp/fstab
all other users (current or future) have the ability to read /var/tmp/fstab.
Ans:#cp /etc/fstab /var/tmp #ls - l /var/tmp/fstab
#setfacl m u:tony:rw /var/tmp/fstab
#setfacl m u:paula:0 /var/tmp/fstab
#chmod 644 /var/tmp/fstab
#umask 022
[Link] your system so that it is an NTP client of [Link] Ans:
Open terminal?type system-config-date select Network Time Protocol ?click enable netwo
rk time protocol ?delete all entries click Add button?type [Link] and clic
k enter button Then click show advanced option ?enable synchronize system clock before
starting service and disable use local time source ?ok RHCE (Network Services and S
ecurity) Requirements SELinux must be running in Enforcing mode. We are using tw
o Networks in this section. Networks and dns names are mentioned below 192.168.0
.0/[Link] [Link] [Link]/[Link] [Link] [Link] SSH
access as follows: paula has remote SSH access to your machine from within examp
[Link] Clients within [Link] should NOT have access to ssh on your system An
s:#service sshd restart #iptables -A INPUT -p tcp -s [Link]/[Link] -
-dport 22 -j REJECT
#service iptables save
#service iptables restart

OR #vi /etc/[Link] sshd:[Link]/[Link] :wq #vi /etc/[Link] s

shd:[Link]/[Link]
:wq
#chkconfig sshd on
[Link] POP3 email on your system according to these criteria: mario must be
able to retrieve email from your machine using POP3 from within [Link] Cli
ents within the [Link] domain should not have access to your POP3 service An
s:#service sendmail restart #iptables -A INPUT -p tcp -s [Link]/255.255.255
.0 - -dport pop3 -j REJECT #chkconfig sendmail on [Link] FTP access on your
system: Clients within the [Link] domain should have anonymous FTP access
to your machine Clients outside [Link] should NOT have access to your FTP s
ervice Ans:#service vsftpd restart #vi /etc/[Link] vsftpd:ALL EXCEPT 192.168
.0.0/[Link] :wq #chkconfig vsftpd on [Link] the /common directory via SM
B: Your SMB server must be a member of the STAFF workgroup
The share's name must be common
The common share must be available to [Link] domain clients only
The common share must be browseable
paula must have read access to the share, authenticating with the same password
password, if
necessary
Ans:#service smb restart #vi /etc/samba/[Link] Line no. 74
Change Workgroup name
workgroup = STAFF
copy and then paste last 7 lines using yy- - p command Changes:- [common]
comment = public stuff
path = /common
valid users = paula
public = yes
browseable = yes
writable = yes
hosts allow = 192.168.0. 127.
:wq

#smbpasswd -a paula New smb password:pa ssword Retype New smb password:p a sswor
d #service smb restart #chkconfig smb on [Link] a web server for the site h
ttp://[Link], then perform the following steps: Download [Link]
[Link]/pub/rhce/[Link]
Rename the downloaded file to [Link]
Copy this [Link] to the DocumentRoot of your web server
Do NOT make any modifications to the content of [Link]
Ans:#service httpd restart #cd /var/www/html #ftp [Link]
login:anonymous
password: <none>
ftp>cd pub/rhce ftp>get [Link] ftp>bye #mv [Link] [Link] #vi /et
c/httpd/conf/[Link] move to line no. 972 #NameVirtual Host *:80 remove # sym
bol and change * to your pc ip address eg: NameVirtualHost [Link]:80 copy
last 7 lines and paste Remove all # symbols of these lines Changes: <Virtual Hos
t [Link]:80> ServerAdmin webmaster@[Link] DocumentRoot /va
r/www/html server Name [Link]
ErrorLog logs/[Link]-error_log
CustomLog logs/[Link]-access_log common
</Virtual Host>
:wq
#service httpd restart #chkconfig httpd on Open Mozilla Web Browser typeh tt p:/
/sta tio n1 2 .e xa mp le. co m?e n te r [Link] your /common directory via NF
S to the [Link] domain only. Note: because you will not have root access, y
ou will not be able to directly mount your exported
/common directory using your guest account on the system provided for testing. H
owever, the
automounter
on the system has been configured such that it will automount your /common direc
tory under
/home/guestx/nfs/stationx, where x is your station number. Consequently, success
ful execution of
ls /home/guestx/nfs/stationx indicates that the automounter was able to automoun
t your NFS
share.

Ans:#vi /etc/exports /common [Link]/[Link](rw,sync) :wq

#exportfs
#service portmap restart
#service nfs restart
#chkconfig portmap on #chkconfig nfs on [Link] an email alias for your MTA
such that mail sent to admin is received by the local user tony. Ans:#vi /etc/al
iases admin: tony
:wq
#newaliases
[Link] SMTP mail service according to the following requirements: Your mail
server should accept mail from remote hosts and localhost
paula must be able to receive mail from remote hosts
Mail delivered to paula should spool into the default mail spool for paula, /var
/spool/mail/paula
Ans:#vi /etc/mail/[Link] Line No.116 Typednl in front of the line Eg: dnl D
AEMON_OPTIONS .. :wq #make -C /etc/mail
#service sendmail restart
#chkconfig sendmail on
.Additional RHCE Requirements 1. Provide SSL-encapsulated IMAP access (IMAPS): I
MAPS must be available to mario from [Link]
IMAPS must NOT be available to other networks or domains.
The SSL certi_cate for the IMAPS server must be created as follows:
Use the defaults for Country, State, Locality, and Organization Name
Set Organizational Unit to GLS
Set Common Name to [Link]
Set Email Address to root@[Link]
Ans:#cd /etc/pki/tls/certs make [Link]
set Organizational Unit name to GLS, Common Name to
[Link] and Email Address to root@[Link]
Don t change other entries #vi /etc/[Link] Line No.17
Remove # symbol,IMAP and POP3s Correct Line:- protocols = IMAPs POP3 Line No. 87
& 88 Remove # symbols ssl_cert_file = /etc/pki/dovecot/certs/[Link]
ssl_key_file = /etc/pki/dovecot/private/[Link]
:wq
#vi /etc/[Link] dovecot : ALL EXCEPT [Link]/[Link] :wq #service
dovecot restart #chkconfig dovecot on [Link] a web proxy server bound to po
rt 8080. Clients within [Link] should have access to your proxy server Clie
nts outside of [Link] should NOT have access to your proxy server Ans: #ser
vice squid restart #vi /etc/squid/[Link] Line No:73
http port 3128?change to 8080
Line No.2394
Copy the line and paste
acl hello src [Link]/[Link]
Line No.2527 & 2528
Change to
http_access allow hello http_access deny all :wq #chkconfig squid on [Link] yo
ur web server to include a virtual host for the site [Link] w
here x is your station number, then perform the following steps:
Set the DocumentRoot to /var/www/virtual
Download [Link]
Rename the downloaded file to [Link]
Place this [Link] in the DocumentRoot of the virtual host
Do NOT make any modi_cations to the content of [Link]
Ensure that paula is able to create content in /var/www/virtual
Note: The original web site [Link] must still be accessable
. DNS resolution
for the hostname [Link] is already provided by the name server on serv
[Link].
Ans:#mkdir /var/www/virtual #cd /var/www/virtual #ftp [Link] Login:
anonymous Password:<none> ftp>cd pub/rhce ftp>get [Link] ftp>bye
#mv [Link] [Link] #vi /etc/httpd/conf/[Link] copy last 7 lines and pa
ste Remove all # symbols of these lines Changes: <Virtual Host [Link]:80>
ServerAdmin webmaster@[Link] DocumentRoot /var/www/virtual serve
r Name [Link]
ErrorLog logs/[Link]-error_log
CustomLog logs/[Link]-access_log common
</Virtual Host>
:wq
#service httpd restart Open Mozilla Web Browser typeh tt p:/ /ww w12 .e xamp le.
co m?enter NOTE:PLEASE USE GRAPHICS MODE FOR WRITING RHCE EXAM BEFORE REBOOTING
, PLEASE VERIFY ALL CONFIGURED SERVICES ARE IN START CONDITION