You are on page 1of 15

RHCSA and RHCE: Study Guide

*-tui CLI system config scripts


system-config-* X system config scripts
Fix MBR:
find /grub/grub.conf
root !d"#"$
setup !d"$
RHCSA/RHCE Exam Objectives (as of 30/03/0!!"
#nde$stand and #se Essentia% &oo%s
Access a s'e%% ($om(t and issue commands )it' co$$ect syntax
%se /bin/s! -or- /bin/b&s!
#se in(ut*out(ut $edi$ection (+, ++, -, +, etc."
stdout to fi'e ($
stderr to fi'e )($
&ppend to fi'e (($
stderr to stdout )(*+$
ex. iptables -L -n -v -x >> /tmp/ipt.out 2>&1 redirect stdin and stdout to /tmp/ipt.out
#se /$e( and $e/u%a$ ex($essions to ana%y0e text
grep expr -or- egrep expr
o ex. tail -f /var/log/messages | egrep !ernel|error"# onl$ s%o& lines containing
!ernel or error strings
o ex. cat /etc/%ttpd/conf/%ttpd.conf | grep -v '(# omit lines starting &it% (
c%aracter
Access $emote systems usin/ ss' and 12C
,,-:
o ss! user.!ost
/0C:
o 1nc1ie2er !ost:disp'&y
o 1nc1ie2er !ost::port
3o/ in and s)itc' use$s in mu%ti*use$ $un%eve%s
su 3 user
A$c'ive, com($ess, un(ac4 and uncom($ess fi%es usin/ ta$, sta$, /0i(, and b0i(
Compress:
o t&r cf4 &rc!i1e.t&r.g4 infi'e+ infi'e)
o ex. tar cf) /tmp/%ttpd*conf.tar.g) /etc/%ttpd
%ncompress:
o t&r xf4 &rc!i1e.t&r.g4
5!e rest of t!e comm&nds &re simi'&r. %se 3!e'p &nd re&d t!eir m&n p&ge
C$eate and edit text fi%es
1im fi'e -or- n&no fi'e
C$eate, de%ete, co(y and move fi%es and di$ecto$ies
Cre&te/touc!: touc! fi'e
o ex. touc% /tmp/i*&as*%ere
Mo1e/ren&me: m1 srcfi'e dstfi'e
o ex. mv /%ome/+o%n/%ttpd.conf /etc/%ttpd/conf/%ttpd.conf
Remo1e: rm fi'e
o ex. rm /%ome/+o%n/%ttpd.conf.old
Copy: cp srcfi'e dstfi'e
o ex. cp %ttpd.conf %ttpd.conf.bac!up
C$eate 'a$d and soft %in4s
,oft 'in6: 'n -s srcfi'e dst'in6
o ex. ln -s /mnt/data/docs /%ome/+o%n/,es!top/documents soft lin! from
/mnt/data/docs to ,es!top
-&rd 'in6: 'n srcfi'e dst'in6
3ist, set and c'an/e standa$d u/o/$)x (e$missions
List: 's -'
C!&nge: c!mod mode fi'e
o ex.
o c%mod u-r&x.g-rx.o-rx m$script.s%
o c%mod /00 m$script.s%
o /00 is e1uivalent to u-r&x.g-rx.o-rx"
3ocate, $ead and use system documentation inc%udin/ man, info, and fi%es in
/us$/s'a$e/doc
&propos 6ey2ord
2!&tis 6ey2ord
m&n -6 6ey2ord
m&n comm&nd
info comm&nd
fgrep -Ri 6ey2ord /usr/s!&re/doc/p&c6&ge
Red Hat may use applications during the exam that are not included in Red Hat Enterprise
Linux for the purpose of evaluating candidates abilities to meet this objective.
O(e$ate Runnin/ Systems
5oot, $eboot, and s'ut do)n a system no$ma%%y
reboot
s!utdo2n -! no2
5oot systems into diffe$ent $un%eve%s manua%%y
&ppend + up to 7 to 6erne' boot options press e in grub menu to edit & 'ine$
#se sin/%e*use$ mode to /ain access to a system
&ppend + to 6erne' boot options press e in grub menu to edit & 'ine$
6dentify C7#/memo$y intensive ($ocesses, adjust ($ocess ($io$ity )it' $enice,
and 4i%% ($ocesses
Identify: top use s!ift-f to se'ect sort co'umn$
8d9ust priority: renice -)":":)" pid
;i'': 6i'' -< pid -or- 6i''&'' -< n&me -or- p6i'' -f expr
3ocate and inte$($et system %o/ fi%es
Loo6 for 'ogs in /1&r/'og/.
/va$/%o//messa/es fi%e is an im(o$tant system %o/8
Access a vi$tua% mac'ine9s conso%e
1irt-m&n&ger
=R 1irt-1ie2er
=R:
+. 1irs! 1ncdisp'&y dom&in
). 1nc1ie2er 'oc&'!ost:disp'&y
Sta$t and sto( vi$tua% mac'ines
1irt-m&n&ger
=R:
+. 1irs! st&rt dom&in
). 1irs! s!utdo2n dom&in
Sta$t, sto( and c'ec4 t'e status of net)o$4 se$vices
ser1ice ser1ice>n&me stop
ser1ice ser1ice>n&me st&rt
ser1ice ser1ice>n&me st&tus
ex. service %ttpd stop 2 stop %ttp server
Confi/u$e 3oca% Sto$a/e
3ist, c$eate, de%ete and set (a$tition ty(e fo$ ($ima$y, extended, and %o/ica%
(a$titions
List: fdis6 -'
Modify: cfdis6 de1ice -or- fdis6 de1ice -or- p&rted
C$eate and $emove ('ysica% vo%umes, assi/n ('ysica% vo%umes to vo%ume /$ou(s,
c$eate and de%ete %o/ica% vo%umes
?!ysic&' 1o'umes:
o p1cre&te 3!e'p
o p1remo1e 3!e'p
/o'ume groups:
o 1gcre&te 3!e'p
o 1gremo1e 3!e'p
Logic&' 1o'umes:
o '1cre&te 3!e'p
o '1remo1e 3!e'p
C$eate and confi/u$e 3#:S*enc$y(ted (a$titions and %o/ica% vo%umes to ($om(t
fo$ (ass)o$d and mount a dec$y(ted fi%e system at boot
+. cryptsetup 'u6sForm&t de1ice
). cryptsetup 'u6s=pen de1ice m&ppern&me
@. m6fs.fs m&ppern&me
A. edit /etc/cryptt&b: m&ppern&me de1ice none
+. /etc/cryptt&b: use %%IB or L8BCL for de1ice$
7. edit /etc/fst&b: /de1/m&pper/m&ppern&me /mpoint D$
Confi/u$e systems to mount fi%e systems at boot by #nive$sa%%y #ni;ue 6<
(##6<" o$ %abe%
Find & de1iceEs %%IB or L8BCL:
o b'6id de1ice
o =R 's -' /de1/dis6/by-* : grep de1ice
Cdit /etc/fst&b:
o use L8BCLF'&be' or %%IBFuuid to specify t!e de1ice
Add ne) (a$titions, %o/ica% vo%umes and s)a( to a system non*dest$uctive%y
Cre&te & p&rtition:
o cfdis6 de1ice -or- fdis6 de1ice -or- p&rted
Cre&te & 'ogic&' 1o'ume:
o '1cre&te 3!e'p
8dd s2&p:
+. m6s2&p de1ice
). s2&pon de1ice
C$eate and Confi/u$e =i%e Systems
C$eate, mount, unmount and use ext, ext3 and ext> fi%e systems
Cre&te: m6fs.extfs
Mount: mount de1ice /mpoint
%nmount: umount de1ice
?ount, unmount and use 3#:S*enc$y(ted fi%e systems
+. cryptsetup 'u6s=pen de1ice m&ppern&me
). mount /de1/m&pper/m&ppern&me /mpoint
@. umount /de1/m&pper/m&ppern&me
A. cryptsetup 'u6sC'ose m&ppern&me
?ount and unmount C6=S and 2=S net)o$4 fi%e systems
Mount:
o 0F,: mount -t nfs !ost:/s!&re /mpoint
o CIF,: mount -t cifs -o Gusern&meF#p&ss2ordFH //!ost/s!&re /mpoint
%nmount: umount /mpoint
Confi/u$e systems to mount ext>, 3#:S*enc$y(ted and net)o$4 fi%e systems
automatica%%y
Configure /etc/&uto.*:
o nfs: mpoint -r2#intr !ost:/remote/mpoint
o de1ice: mpoint -fstypeFfstype :de1ice
Extend existin/ unenc$y(ted ext>*fo$matted %o/ica% vo%umes
'1resi4e 3!e'p -or- '1extend 3!e'p
o ex. lvresi)e -L314 lv add 14 to lv
C$eate and confi/u$e set*G6< di$ecto$ies fo$ co%%abo$ation
+. c!mod gIs dir
). cre&te group s!&red>grp
@. c!grp s!&red>grp dir
A. 8dd users to s!&red>grp
C$eate and mana/e Access Cont$o% 3ists (AC3s"
/ie2 &c': getf&c' fi'e
Modify: setf&c' -m mode fi'e
o ex. setfacl -m u5+o%n5r& /%ome/anna/prv*file
Remo1e: setf&c' -x mode fi'e
<ia/nose and co$$ect fi%e (e$mission ($ob%ems
Bi&gnose:
o 's -'&J
o getf&c' fi'e
o c!ec6 /1&r/'og/&udit/&udit.'og for se'inux errors
Fix:
o c!mod mode fi'e
o setf&c' -m mode fi'e
<e(%oy, Confi/u$e and ?aintain Systems
Confi/u$e net)o$4in/ and 'ostname $eso%ution statica%%y o$ dynamica%%y
Cre&te st&tic !ostn&mes: /etc/!osts
Configure dns ser1ers: /etc/reso'1.conf
M&n&ge reso'ution order: /etc/nss2itc!.conf
Sc'edu%e tas4s usin/ c$on
cront&b -e
=R edit /etc/cron.*/fi'e:
o ex. vim /etc/cron.dail$/m$cron
Confi/u$e systems to boot into a s(ecific $un%eve% automatica%%y
Cdit /etc/initt&b &nd modify initdef&u't 2it! 1&'ues from +..7
6nsta%% Red Hat Ente$($ise 3inux automatica%%y usin/ :ic4sta$t
%se 6erne' boot options:
o 'inux 6sFftp/!ttp://!ost/6s.cfg
o 'inux 6sFnfs:!ost:/6s.cfg
o 'inux 6sFcdrom:/de1/dir/6s.cfg
o 'inux 6sF!d:/de1/dir/6s.cfg
o 'inux 6sFfi'e:/de1/dir/6s.cfg
Confi/u$e a ('ysica% mac'ine to 'ost vi$tua% /uests
%se 1irt-m&n&ger
6nsta%% Red Hat Ente$($ise 3inux systems as vi$tua% /uests
%se 1irt-m&n&ger
Confi/u$e systems to %aunc' vi$tua% mac'ines at boot
%se 1irt-m&n&ger -or- 1irs! &utost&rt dom&in
Confi/u$e net)o$4 se$vices to sta$t automatica%%y at boot
Configure: c!6config ser1ice on -or- ntsys1
/ie2 st&rtup ser1ices: c!6config 3'ist
Confi/u$e a system to $un a defau%t confi/u$ation H&&7 se$ve$
+. yum inst&'' !ttpd
). ser1ice !ttpd st&rt
@. c!6config !ttpd on
A. upd&te /etc/sysconfig/ipt&b'es open port tcp K"$
Confi/u$e a system to $un a defau%t confi/u$ation =&7 se$ve$
+. yum inst&'' 1sftpd
). ser1ice 1sftpd st&rt
@. c!6config 1sftpd on
A. upd&te /etc/sysconfig/ipt&b'es open port tcp )+$
6nsta%% and u(date soft)a$e (ac4a/es f$om Red Hat 2et)o$4, a $emote
$e(osito$y, o$ f$om t'e %oca% fi%esystem
yum se&rc! n&me
yum inst&'' p&c6&ge
yum upd&te p&c6&ge
#(date t'e 4e$ne% (ac4a/e a(($o($iate%y to ensu$e a bootab%e system
rpm -i1! ne2>6erne'.rpm
=R yum inst&'' 6erne'
?odify t'e system boot%oade$
Cdit /boot/grub/grub.conf
?ana/e #se$s and G$ou(s
C$eate, de%ete, and modify %oca% use$ accounts
8dd: user&dd
Be'ete: userde'
Modify: usermod
/ie2 /etc/p&ss2d
C'an/e (ass)o$ds and adjust (ass)o$d a/in/ fo$ %oca% use$ accounts
C!&nge p&ss2ord: p&ss2d user
C!&nge &ging: c!&ge -C LLLL-MM-BB user
C$eate, de%ete and modify %oca% /$ou(s and /$ou( membe$s'i(s
8dd: group&dd
Be'ete: groupde'
Modify: groupmod
Members!ips: edit /etc/group
Confi/u$e a system to use an existin/ 3<A7 di$ecto$y se$vice fo$ use$ and /$ou(
info$mation
%se system*confi/*aut'entication
?ana/e Secu$ity
Confi/u$e fi$e)a%% settin/s usin/ system*confi/*fi$e)a%% o$ i(tab%es
Insert: ipt&b'es -t 58BLC -I C-8I0 D
8ppend: ipt&b'es -t 58BLC -8 C-8I0 D
Be'ete: ipt&b'es -t 58BLC -B C-8I0 D
F'us! t&b'e: ipt&b'es -t 58BLC -F
,&1e persistent c!&nges to /etc/sysconfig/ipt&b'es
Set enfo$cin/ and (e$missive modes fo$ SE3inux
?ersistent c!&nge:
o /etc/se'inux/config:
,CLI0%XFenforcing:permissi1eCurrent session:
0on persistent c!&nge:
o setenforce +:":enforcing:permissi1e
1ie) SE3inux status:
sest&tus
3ist and identify SE3inux fi%e and ($ocess context
's -'J
ps -efJ
Resto$e defau%t fi%e contexts
restorecon -R fi'e
#se boo%ean settin/s to modify system SE3inux settin/s
/ie2 boo'e&ns:
o getseboo' -& : grep 6ey2ord
o =R sem&n&ge boo'e&n -' : grep 6ey2ord
C!&nge boo'e&ns:
o setseboo' -? boo'e&n on:off
<ia/nose and add$ess $outine SE3inux 7o%icy vio%ations
Bi&gnose:
o /1&r/'og/&udit/&udit.'og
o /1&r/'og/mess&ges
o 1ie2 ser1ice 'ogs
o se&'ert
Fix:
o &udit)&''o2
o setseboo' -? boo'e&n on:off
RHCE: System Confi/u$ation and ?ana/ement
Route 67 t$affic and c$eate static $outes
route &dd -net +<).+MK.@." netm&s6 )77.)77.)77." g2 +<).+MK.+.)7A
route &dd -!ost +<).+MK.@.@ netm&s6 )77.)77.)77." de1 tun"
For persistent c!&nges edit /etc/sysconfig/net2or6-scripts/route-device.
o 6xamples5
172.189.:.;/200.200.200.; via 172.189.1.20<
172.189.:.: dev tun;
#se i(tab%es to im(%ement (ac4et fi%te$in/ and confi/u$e net)o$4 add$ess
t$ans%ation (2A&"
Fi'ter:
o ipt&b'es -t fi'ter : -8 : -B : I0?%5 : =%5?%5 D -9 : 8CCC?5
o ex. iptables -= =>?@A -s 172.189.1;1.: -p tcp 2dport 22 -+ BCC6?A 3 8''o2
incoming tcp tr&ffic on port )) ss!$ from +<).+MK.+"+.@
0&t:
o ipt&b'es -t n&t : -8 : -B D -9 : B085 : M8,N%CR8BC
o ex. iptables -t nat -= ?D6DE@A=>4 -p tcp 2dport 99;; -+ ,>BA 2to
172.189.1;1.:59; 3 For2&rd incoming tcp tr&ffic on port KK"" to
+<).+MK.+"+.@:K"
#se /($oc/sys and sysct% to modify and set 4e$ne% $un*time (a$amete$s
+. List: sysct' -& : grep 6ey
). Configure /etc/sysct'.conf
@. 8pp'y configur&tion: sysct' -p
Confi/u$e system to aut'enticate usin/ :e$be$os
system-config-&ut!entic&tion
5ui%d a sim(%e R7? t'at (ac4a/es a sin/%e fi%e
+. rpmde1-setuptree
). cd O/rpmbui'd
@. rpmde1-ne2spec ,?CC/!e''o.spec
A. edit ,?CC/!e''o.spec
7. rpmbui'd -b& ,?CC/!e''o.spec
Confi/u$e a system as an iSCS6 initiato$ t'at (e$sistent%y mounts an iSCS6 ta$/et
Find t&rgets:
o iscsi&dm -m disco1ery -t sendt&rgets -p !ost
Login to t&rget:
o iscsi&dm -m node 3t&rgetn&me iPn.)""+-"7.com.doe:test -p !ost:port 3'ogin
7$oduce and de%ive$ $e(o$ts on system uti%i0ation (($ocesso$, memo$y, dis4, and
net)o$4"
Report: s&r -8
B&t& p&t!: /1&r/'og/s& s&r -f s&BB$
,c!edu'e definition: /etc/cron.d/sysst&t
#se s'e%% sc$i(tin/ to automate system maintenance tas4s
0/8
Confi/u$e a system to %o/ to a $emote system
5C?
o /etc/rsys'og: *.* ..!ost:port
%B?
o /etc/rsys'og: *.* .!ost:port
Confi/u$e a system to acce(t %o//in/ f$om a $emote system
8cti1&te 5C? ser1er in /etc/rsys'og:
o FGodLoad imtcp.so
F=nputAC?HerverDun 01<
8cti1&te %B? ser1er in /etc/rsys'og:
o FGodLoad imudp.so
F=nput@,?HerverDun 01<
2et)o$4 Se$vices
2et)o$4 se$vices a$e an im(o$tant subset of t'e exam objectives. RHCE candidates s'ou%d
be ca(ab%e of meetin/ t'e fo%%o)in/ objectives fo$ eac' of t'e net)o$4 se$vices %isted be%o):
Inst&'' t!e p&c6&ges needed to pro1ide t!e ser1ice
Configure ,CLinux to support t!e ser1ice
Configure t!e ser1ice to st&rt 2!en t!e system is booted
Configure t!e ser1ice for b&sic oper&tion
Configure !ost-b&sed &nd user-b&sed security for t!e ser1ice
R-CC c&ndid&tes s!ou'd &'so be c&p&b'e of meeting t!e fo''o2ing ob9ecti1es &ssoci&ted
2it! specific ser1ices:
H&&7/H&&7S
Confi/u$e a vi$tua% 'ost
/etc/!ttpd/conf/!ttpd.conf:
o >ameIirtualJost K59;
LIirtualJost K59;>
Herver>ame docs.example.com
,ocumentDoot /pat%
L/IirtualJost>
Confi/u$e ($ivate di$ecto$ies
Configure /etc/!ttpd/conf/!ttpd.conf:
o But%A$pe basic
But%>ame Mprivate r%el1N
But%@serOile /&&&/.r%el1*priv*user
De1uire valid-user
Erder den$.allo&
,en$ from all
Cre&te user/p&ss2ord fi'e:
o %tpass&d -c /&&&/.r%el1*priv*user user
<e(%oy a basic CG6 a((%ication
/etc/!ttpd/conf/!ttpd.conf:
o ,irector$ Eptions 36xecC4=
BddJandler cgi-script .pl .cgi
cgi-bin/!e''o.p':
o print MContent-t$pe5 text/%tmlPnPnQR
print M%elloSQR
Confi/u$e /$ou(*mana/ed content
+. group&dd 2ebdesigners
). &dd users to 2ebdesigners
@. m6dir /222/site+
A. c!grp &p&c!e.2ebdesigners /222/site+
7. c!mod QQ7 /222/site+
M. c!mod gIs /222/site+
6nsta%% t'e (ac4a/es needed to ($ovide t'e se$vice
yum inst&'' !ttpd
Confi/u$e SE3inux to su((o$t t'e se$vice
%se t!e &ppropri&te ,CLinux boo'e&ns
o getseboo' -& : grep !ttpd
%se !ttpd>sys>content>t fi'e context for content
Confi/u$e t'e se$vice to sta$t )'en t'e system is booted
c!6config !ttpd on
Confi/u$e t'e se$vice fo$ basic o(e$ation
+. Inst&'' ser1ice
). Configure t!e ser1ice to st&rt 2!en t!e system is booted
@. Configure ,CLinux support
A. %pd&te /etc/sysconfig/ipt&b'es:
o open tcp port K"
AConfi/u$e 'ost*based and use$*based secu$ity fo$ t'e se$vice
-ost
o use ipt&b'es
o /etc/!ttpd/conf/!ttpd.conf:
Bllo& from good*ip
,en$ from all
Erder den$.allo&
%ser
o /etc/!ttpd/conf/!ttpd.conf:
@se But%A$pe Tasic
<2S
Confi/u$e a cac'in/*on%y name se$ve$
n&med.conf:
o allo&-1uer$ U good*ipsR VR
recursion $esR
Confi/u$e a cac'in/*on%y name se$ve$ to fo$)a$d <2S ;ue$ies
n&med.conf:
o allo&-1uer$ U good*ipsR VR
for&ard onl$R
for&arders U for&arder*ipR VR
recursion $esR
2ote: Candidates a$e not ex(ected to confi/u$e maste$ o$ s%ave name se$ve$s
6nsta%% t'e (ac4a/es needed to ($ovide t'e se$vice
yum inst&'' bind
Confi/u$e SE3inux to su((o$t t'e se$vice
getseboo' -& : grep n&med
Confi/u$e t'e se$vice to sta$t )'en t'e system is booted
c!6config n&med on
Confi/u$e t'e se$vice fo$ basic o(e$ation
+. Inst&'' ser1ice
). GConfigure & c&c!ing-on'y n&me ser1erH
@. Configure t!e ser1ice to st&rt 2!en t!e system is booted
A. Configure ,CLinux support
7. %pd&te /etc/sysconfig/ipt&b'es:
o open tcp &nd udp port 7@
Confi/u$e 'ost*based and use$*based secu$ity fo$ t'e se$vice
-ost
o =pen tcp &nd udp port 7@ 2it! ipt&b'es
%ser
o 0/8
=&7
Confi/u$e anonymous*on%y do)n%oad
1sftpd.conf:
o anon$mous*enable-W6H
anon*upload*enable->E
local*enable->E
6nsta%% t'e (ac4a/es needed to ($ovide t'e se$vice
yum inst&'' 1sftpd
Confi/u$e SE3inux to su((o$t t'e se$vice
getseboo' -& : grep ftpd
%se pub'ic>content>t fi'e context for content
Confi/u$e t'e se$vice to sta$t )'en t'e system is booted
c!6config 1sftpd on
Confi/u$e t'e se$vice fo$ basic o(e$ation
+. Inst&'' ser1ice
). GConfigure &nonymous-on'y do2n'o&dH
@. Configure t!e ser1ice to st&rt 2!en t!e system is booted
A. Configure ,CLinux support
7. %pd&te /etc/sysconfig/ipt&b'es:
o open tcp port )+
Confi/u$e 'ost*based and use$*based secu$ity fo$ t'e se$vice
-ost
o %se ipt&b'es
%ser
o 1sftpd.conf:
local*enable-W6H
2=S
7$ovide net)o$4 s'a$es to s(ecific c%ients
/etc/exports:
o /mpoint %ostro" %ost2r&" 172.189.2.;/2<ro" allo& read/&rite access to
%ost2. read-onl$ to %ost and 172.189.2.;/2<
7$ovide net)o$4 s'a$es suitab%e fo$ /$ou( co%%abo$ation
+. Cre&te & s!&regroup
). 8dd users to s!&regroup
@. Cre&te s!&red directory &nd set gid on it.
6nsta%% t'e (ac4a/es needed to ($ovide t'e se$vice
yum inst&'' nfs-uti's
Confi/u$e SE3inux to su((o$t t'e se$vice
getseboo' -& : grep nfs
Confi/u$e t'e se$vice to sta$t )'en t'e system is booted
c!6config nfs on
Confi/u$e t'e se$vice fo$ basic o(e$ation
+. Inst&'' ser1ice
). G?ro1ide net2or6 s!&res to specific c'ientsH
@. Configure t!e ser1ice to st&rt 2!en t!e system is booted
A. Configure ,CLinux support
5. Configure st&tic loc!d. statd. mountd. r1uotad ports in /etc/sysconfig/nfs
M. %pd&te /etc/sysconfig/ipt&b'es:
o open t!ose ports
Confi/u$e 'ost*based and use$*based secu$ity fo$ t'e se$vice
-ost:
o Befine !ost permissions in /etc/exports
%ser:
o %se fi'esystem permissions
S?5
7$ovide net)o$4 s'a$es to s(ecific c%ients
In smb.conf cre&te & section 'i6e:
o Xs%areY
valid users - username
&rite list - username
pat% - /s%are
create mas! - ;/00
7$ovide net)o$4 s'a$es suitab%e fo$ /$ou( co%%abo$ation
+. &dd group 2or6ers group&dd n&meR net rpc group &dd n&me$
). &dd users to group user&dd n&meR net rpc user &dd usern&me$
@. In smb.conf cre&te & section 'i6e:
o Xs%aredY
pat% - /s%ared
force group - 3&or!ers
valid users - Z&or!ers vie&er
&rite list - Z&or!ers
6nsta%% t'e (ac4a/es needed to ($ovide t'e se$vice
yum inst&'' s&mb&
Confi/u$e SE3inux to su((o$t t'e se$vice
getseboo' -& : grep s&mb&
Confi/u$e t'e se$vice to sta$t )'en t'e system is booted
c!6config smb st&rt
Confi/u$e t'e se$vice fo$ basic o(e$ation
+. Inst&'' ser1ice
). Cre&te & s!&re
@. Configure t!e ser1ice to st&rt 2!en t!e system is booted
A. Configure ,CLinux support
7. %pd&te /etc/sysconfig/ipt&b'es:
o open tcp ports +@< &nd AA7
Confi/u$e 'ost*based and use$*based secu$ity fo$ t'e se$vice
%ser
o Configure users permissions in smb.conf
-ost
o %se ipt&b'es
o smb.conf c&n &'so be used 2it! G!osts &''o2H/H!osts denyH property
S?&7
Confi/u$e a mai% t$ansfe$ a/ent (?&A" to acce(t inbound emai% f$om ot'e$ systems
Configure /etc/postfix/m&in.cf:
o Configure m$%ostname. m$domain. m$origin. m$net&or!s.
m$destinations1&ri&b'es
o ,et inet*interfaces - all
Confi/u$e an ?&A to fo$)a$d ($e%ay" emai% t'$ou/' a sma$t 'ost
Configure /etc/postfix/m&in.cf:
o rela$%ost - %ost
6nsta%% t'e (ac4a/es needed to ($ovide t'e se$vice
yum inst&'' postfix
Confi/u$e SE3inux to su((o$t t'e se$vice
getseboo' -& : grep postfix
Confi/u$e t'e se$vice to sta$t )'en t'e system is booted
c!6config postfix on
Confi/u$e t'e se$vice fo$ basic o(e$ation
+. Inst&'' ser1ice
). Configure t!e ser1ice to st&rt 2!en t!e system is booted
@. Configure ,CLinux support
A. %pd&te /etc/sysconfig/ipt&b'es:
o open tcp ports )7
Confi/u$e 'ost*based and use$*based secu$ity fo$ t'e se$vice
%ser:
o /etc/postfix/m&in.cf:
smtpd>s&s'>&ut!>en&b'e F yes
smtpd>s&s'>security>options F no&nonymous
bro6en>s&s'>&ut!>c'ients F yes
smtpd>recipient>restrictions F permit>s&s'>&ut!entic&ted#
permit>mynet2or6s# re9ect>un&ut!>destin&tion
ser1ice s&s'&ut!d st&rt
o ser1ice s&s'&ut!d st&rt
o c!6config s&s'&ut!d on
-ost:
o %se ipt&b'es
SSH
Confi/u$e 4ey*based aut'entication
Configure /etc/ss!/ss!d>config:
o ?ub!e$But%entication $es
5est:
o ss%-cop$-id userZ%ost
ss% userZ%ost
Confi/u$e additiona% o(tions desc$ibed in documentation
0/8
6nsta%% t'e (ac4a/es needed to ($ovide t'e se$vice
yum inst&'' openss!-ser1er
Confi/u$e SE3inux to su((o$t t'e se$vice
getseboo' -& : grep ss!
Confi/u$e t'e se$vice to sta$t )'en t'e system is booted
c!6config ss! on
Confi/u$e t'e se$vice fo$ basic o(e$ation
+. Inst&'' ser1ice
). Configure t!e ser1ice to st&rt 2!en t!e system is booted
@. Configure ,CLinux support
A. %pd&te /etc/sysconfig/ipt&b'es:
o open tcp ports ))
Confi/u$e 'ost*based and use$*based secu$ity fo$ t'e se$vice
%ser:
o ss!d>config:
Bllo&@sers userZ%ost
o ED disable s%ell access for a user if needed
-ost:
o %se ipt&b'es
2&7
Sync'$oni0e time usin/ ot'e$ 2&7 (ee$s
5est:
o ntpd&te -P +)@.+)@.7M.+)@
Configure ntp.conf:
o server 12:.12:.08.12: XiburstY
6nsta%% t'e (ac4a/es needed to ($ovide t'e se$vice
yum inst&'' ntp
Confi/u$e SE3inux to su((o$t t'e se$vice
0/8
Confi/u$e t'e se$vice to sta$t )'en t'e system is booted
c!6config ntpd on
Confi/u$e t'e se$vice fo$ basic o(e$ation
+. Inst&'' ser1ice
). Configure t!e ser1ice to st&rt 2!en t!e system is booted
3. =f >A? is configured as a server" %pd&te /etc/sysconfig/ipt&b'es:
o open udp port +)@
Confi/u$e 'ost*based and use$*based secu$ity fo$ t'e se$vice
-ost:
o =f >A? is configured as a server" %se ipt&b'es
%ser:
o 0/8