http://www.online-teach.com/redhatcerteng.

php RHCE: My study guide RHCE Exam Objectives (as of 31/03/2011) System Configuration and Management Route IP traffic and create static routes route add -net 192.168.3.0 netmask 255.255.255.0 gw 192.168.1.254 route add -host 192.168.3.3 netmask 255.255.255.0 dev tun0 For persistent changes edit /etc/sysconfig/network-scripts/route-device. Examples: 192.168.3.0/255.255.255.0 via 192.168.1.254 192.168.3.3 dev tun0 Use iptables to implement packet filtering and configure network address transla tion (NAT) Filter: iptables -t filter -A -D INPUT OUTPUT -j ACCEPT ex. iptables -I INPUT -s 192.168.101.3 -p tcp dport 22 -j ACCEPT coming tcp traffic on port 22 (ssh) from 192.168.101.3 Nat: .3:80 iptables -t nat -A -D -j DNAT MASQUERADE ex. iptables -t nat -I PREROUTING -p tcp dport 8800 -j DNAT to 192.168.101 Forward incoming tcp traffic on port 8800 to 192.168.101.3:80

Allow in

Use /proc/sys and sysctl to modify and set kernel run-time parameters List: sysctl -a grep key Configure /etc/sysctl.conf Apply configuration: sysctl -p Configure system to authenticate using Kerberos system-config-authentication Build a simple RPM that packages a single file rpmdev-setuptree cd ~/rpmbuild rpmdev-newspec SPEC/hello.spec edit SPEC/hello.spec rpmbuild -ba SPEC/hello.spec Configure a system as an iSCSI initiator that persistently mounts an iSCSI targe t Find targets: iscsiadm -m discovery -t sendtargets -p host Login to target: iscsiadm -m node targetname iqn.2001-05.com.doe:test -p host:port login

Produce and deliver reports on system utilization (processor, memory, disk, and network) Report: sar -A

d/sysstat Use shell scripting to automate system maintenance tasks N/A Configure a system to log to a remote system TCP /etc/rsyslog: *.rhel1_priv_user user .* @@host:port UDP /etc/rsyslog: *.* @host:port Configure a system to accept logging from a remote system Activate TCP server in /etc/rsyslog: $ModLoad imtcp.so $InputTCPServerRun 514 Activate UDP server in /etc/rsyslog: $ModLoad imudp.com DocumentRoot /path </VirtualHost> Configure private directories Configure /etc/httpd/conf/httpd.conf: NameVirtualHost *:80 <VirtualHost *:80> ServerName docs.allow Deny from all Create user/password file: htpasswd -c /www/.Data path: /var/log/sa (sar -f saDD) Schedule definition: /etc/cron.rhel1_priv_user Require valid-user Order deny.conf: AuthType basic AuthName private rhel1? AuthUserFile /www/. RHCE candidates should be capable of meeting the following objectives for each of the network s ervices listed below: Install the packages needed to provide the service Configure SELinux to support the service Configure the service to start when the system is booted Configure the service for basic operation Configure host-based and user-based security for the service RHCE candidates should also be capable of meeting the following objectives a ssociated with specific services: HTTP/HTTPS Configure a virtual host /etc/httpd/conf/httpd.so $InputUDPServerRun 514 Network Services Network services are an important subset of the exam objectives.example.

conf: Use AuthType Basic DNS Configure a caching-only name server named.conf: Directory Options +ExecCGI AddHandler cgi-script .conf: . Configure group-managed content groupadd webdesigners add users to webdesigners mkdir /www/site1 chgrp apache.conf: Allow from good_ip Deny from all Order deny.Deploy a basic CGI application /etc/httpd/conf/httpd.pl .pl: print Content-type: text/html\n\n .webdesigners /www/site1 chmod 775 /www/site1 chmod g+s /www/site1 Install the packages needed to provide the service yum install httpd Configure SELinux to support the service Use the appropriate SELinux booleans getsebool -a grep httpd Use httpd_sys_content_t file context for content Configure the service to start when the system is booted chkconfig httpd on Configure the service for basic operation Install service Configure the service to start when the system is booted Configure SELinux support Update /etc/sysconfig/iptables: open tcp port 80 AConfigure host-based and user-based security for the service Host use iptables /etc/httpd/conf/httpd.cgi cgi-bin/hello. print hello! .allow User /etc/httpd/conf/httpd.

recursion yes.allow-query { good_ips.conf: allow-query { good_ips. }.conf: anonymous_enable=YES anon_upload_enable=NO local_enable=NO Install the packages needed to provide the service yum install vsftpd Configure SELinux to support the service getsebool -a grep ftpd Use public_content_t file context for content Configure the service to start when the system is booted . }. }. Note: Candidates are not expected to configure master or slave name servers Install the packages needed to provide the service yum install bind Configure SELinux to support the service getsebool -a grep named Configure the service to start when the system is booted chkconfig named on Configure the service for basic operation Install service Configure a caching-only name server Configure the service to start when the system is booted Configure SELinux support Update /etc/sysconfig/iptables: open tcp and udp port 53 Configure host-based and user-based security for the service Host Open tcp and udp port 53 with iptables User N/A FTP Configure anonymous-only download vsftpd. Configure a caching-only name server to forward DNS queries named. recursion yes. forward only. forwarders { forwarder_ip.

2.168.0/24(ro) host2.168.conf: local_enable=YES NFS Provide network shares to specific clients /etc/exports: /mpoint host(ro) host2(rw) 192.0/24 Provide network shares suitable for group collaboration Create a sharegroup Add users to sharegroup Create shared directory and set gid on it.2. statd.chkconfig vsftpd on Configure the service for basic operation Install service Configure anonymous-only download Configure the service to start when the system is booted Configure SELinux support Update /etc/sysconfig/iptables: open tcp port 21 Configure host-based and user-based security for the service Host Use iptables User vsftpd. read-only to host and 192. mountd. rquotad ports in /etc/sysconfig/nfs Update /etc/sysconfig/iptables: open those ports Configure host-based and user-based security for the service Host: Define host permissions in /etc/exports User: . Install the packages needed to provide the service yum install nfs-utils Configure SELinux to support the service getsebool -a grep nfs allow read/write access to Configure the service to start when the system is booted chkconfig nfs on Configure the service for basic operation Install service Provide network shares to specific clients Configure the service to start when the system is booted Configure SELinux support Configure static lockd.

myorigin.conf can also be used with hosts allow / hosts deny property SMTP Configure a mail transfer agent (MTA) to accept inbound email from other systems Configure /etc/postfix/main. mynetworks. net rpc group add name) add users to group (useradd name. net rpc user add username) In smb.conf create a section like: [share] valid users = username write list = username path = /share create mask = 0755 Provide network shares suitable for group collaboration add group workers (groupadd name. mydomain.Use filesystem permissions SMB Provide network shares to specific clients In smb. mydestinationsvari ables Set inet_interfaces = all .conf create a section like: [shared] path = /shared force group = +workers valid users = @workers viewer write list = @workers Install the packages needed to provide the service yum install samba Configure SELinux to support the service getsebool -a grep samba Configure the service to start when the system is booted chkconfig smb start Configure the service for basic operation Install service Create a share Configure the service to start when the system is booted Configure SELinux support Update /etc/sysconfig/iptables: open tcp ports 139 and 445 Configure host-based and user-based security for the service User Configure users permissions in smb.conf Host Use iptables smb.cf: Configure myhostname.

cf: smtpd_sasl_auth_enable = yes smtpd_sasl_security_options = noanonymous broken_sasl_auth_clients = yes smtpd_recipient_restrictions = permit_sasl_authenticated.Configure an MTA to forward (relay) email through a smart host Configure /etc/postfix/main.cf: relayhost = host Install the packages needed to provide the service yum install postfix Configure SELinux to support the service getsebool -a grep postfix Configure the service to start when the system is booted chkconfig postfix on Configure the service for basic operation Install service Configure the service to start when the system is booted Configure SELinux support Update /etc/sysconfig/iptables: open tcp ports 25 Configure host-based and user-based security for the service User: /etc/postfix/main. permit_myn etworks. reject_unauth_destination service saslauthd start service saslauthd start chkconfig saslauthd on Host: Use iptables SSH Configure key-based authentication Configure /etc/ssh/sshd_config: PubkeyAuthentication yes Test: ssh-copy-id user@host ssh user@host Configure additional options described in documentation N/A Install the packages needed to provide the service yum install openssh-server Configure SELinux to support the service .

123 [iburst] Install the packages needed to provide the service yum install ntp Configure SELinux to support the service N/A Configure the service to start when the system is booted chkconfig ntpd on Configure the service for basic operation Install service Configure the service to start when the system is booted (If NTP is configured as a server) Update /etc/sysconfig/iptables: open udp port 123 Configure host-based and user-based security for the service Host: (If NTP is configured as a server) Use iptables User: N/A .conf: server 123.123 Configure ntp.123.56.123.getsebool -a grep ssh Configure the service to start when the system is booted chkconfig ssh on Configure the service for basic operation Install service Configure the service to start when the system is booted Configure SELinux support Update /etc/sysconfig/iptables: open tcp ports 22 Configure host-based and user-based security for the service User: sshd_config: AllowUsers user@host OR disable shell access for a user if needed Host: Use iptables NTP Synchronize time using other NTP peers Test: ntpdate -q 123.56.

Sign up to vote on this title
UsefulNot useful