Permalink
Find file
Fetching contributors…
Cannot retrieve contributors at this time
528 lines (451 sloc) 17.8 KB
<?xml version="1.0" encoding="utf-8" ?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="generator" content="Docutils 0.6: http://docutils.sourceforge.net/" />
<title>RHCSA / RHCE Practice Exam #01</title>
<style type="text/css">
/*
:Author: David Goodger (goodger@python.org)
:Id: $Id: html4css1.css 5951 2009-05-18 18:03:10Z milde $
:Copyright: This stylesheet has been placed in the public domain.
Default cascading style sheet for the HTML output of Docutils.
See http://docutils.sf.net/docs/howto/html-stylesheets.html for how to
customize this style sheet.
*/
/* used to remove borders from tables and images */
.borderless, table.borderless td, table.borderless th {
border: 0 }
table.borderless td, table.borderless th {
/* Override padding for "table.docutils td" with "! important".
The right padding separates the table cells. */
padding: 0 0.5em 0 0 ! important }
.first {
/* Override more specific margin styles with "! important". */
margin-top: 0 ! important }
.last, .with-subtitle {
margin-bottom: 0 ! important }
.hidden {
display: none }
a.toc-backref {
text-decoration: none ;
color: black }
blockquote.epigraph {
margin: 2em 5em ; }
dl.docutils dd {
margin-bottom: 0.5em }
/* Uncomment (and remove this text!) to get bold-faced definition list terms
dl.docutils dt {
font-weight: bold }
*/
div.abstract {
margin: 2em 5em }
div.abstract p.topic-title {
font-weight: bold ;
text-align: center }
div.admonition, div.attention, div.caution, div.danger, div.error,
div.hint, div.important, div.note, div.tip, div.warning {
margin: 2em ;
border: medium outset ;
padding: 1em }
div.admonition p.admonition-title, div.hint p.admonition-title,
div.important p.admonition-title, div.note p.admonition-title,
div.tip p.admonition-title {
font-weight: bold ;
font-family: sans-serif }
div.attention p.admonition-title, div.caution p.admonition-title,
div.danger p.admonition-title, div.error p.admonition-title,
div.warning p.admonition-title {
color: red ;
font-weight: bold ;
font-family: sans-serif }
/* Uncomment (and remove this text!) to get reduced vertical space in
compound paragraphs.
div.compound .compound-first, div.compound .compound-middle {
margin-bottom: 0.5em }
div.compound .compound-last, div.compound .compound-middle {
margin-top: 0.5em }
*/
div.dedication {
margin: 2em 5em ;
text-align: center ;
font-style: italic }
div.dedication p.topic-title {
font-weight: bold ;
font-style: normal }
div.figure {
margin-left: 2em ;
margin-right: 2em }
div.footer, div.header {
clear: both;
font-size: smaller }
div.line-block {
display: block ;
margin-top: 1em ;
margin-bottom: 1em }
div.line-block div.line-block {
margin-top: 0 ;
margin-bottom: 0 ;
margin-left: 1.5em }
div.sidebar {
margin: 0 0 0.5em 1em ;
border: medium outset ;
padding: 1em ;
background-color: #ffffee ;
width: 40% ;
float: right ;
clear: right }
div.sidebar p.rubric {
font-family: sans-serif ;
font-size: medium }
div.system-messages {
margin: 5em }
div.system-messages h1 {
color: red }
div.system-message {
border: medium outset ;
padding: 1em }
div.system-message p.system-message-title {
color: red ;
font-weight: bold }
div.topic {
margin: 2em }
h1.section-subtitle, h2.section-subtitle, h3.section-subtitle,
h4.section-subtitle, h5.section-subtitle, h6.section-subtitle {
margin-top: 0.4em }
h1.title {
text-align: center }
h2.subtitle {
text-align: center }
hr.docutils {
width: 75% }
img.align-left, .figure.align-left{
clear: left ;
float: left ;
margin-right: 1em }
img.align-right, .figure.align-right {
clear: right ;
float: right ;
margin-left: 1em }
.align-left {
text-align: left }
.align-center {
clear: both ;
text-align: center }
.align-right {
text-align: right }
/* reset inner alignment in figures */
div.align-right {
text-align: left }
/* div.align-center * { */
/* text-align: left } */
ol.simple, ul.simple {
margin-bottom: 1em }
ol.arabic {
list-style: decimal }
ol.loweralpha {
list-style: lower-alpha }
ol.upperalpha {
list-style: upper-alpha }
ol.lowerroman {
list-style: lower-roman }
ol.upperroman {
list-style: upper-roman }
p.attribution {
text-align: right ;
margin-left: 50% }
p.caption {
font-style: italic }
p.credits {
font-style: italic ;
font-size: smaller }
p.label {
white-space: nowrap }
p.rubric {
font-weight: bold ;
font-size: larger ;
color: maroon ;
text-align: center }
p.sidebar-title {
font-family: sans-serif ;
font-weight: bold ;
font-size: larger }
p.sidebar-subtitle {
font-family: sans-serif ;
font-weight: bold }
p.topic-title {
font-weight: bold }
pre.address {
margin-bottom: 0 ;
margin-top: 0 ;
font: inherit }
pre.literal-block, pre.doctest-block {
margin-left: 2em ;
margin-right: 2em }
span.classifier {
font-family: sans-serif ;
font-style: oblique }
span.classifier-delimiter {
font-family: sans-serif ;
font-weight: bold }
span.interpreted {
font-family: sans-serif }
span.option {
white-space: nowrap }
span.pre {
white-space: pre }
span.problematic {
color: red }
span.section-subtitle {
/* font-size relative to parent (h1..h6 element) */
font-size: 80% }
table.citation {
border-left: solid 1px gray;
margin-left: 1px }
table.docinfo {
margin: 2em 4em }
table.docutils {
margin-top: 0.5em ;
margin-bottom: 0.5em }
table.footnote {
border-left: solid 1px black;
margin-left: 1px }
table.docutils td, table.docutils th,
table.docinfo td, table.docinfo th {
padding-left: 0.5em ;
padding-right: 0.5em ;
vertical-align: top }
table.docutils th.field-name, table.docinfo th.docinfo-name {
font-weight: bold ;
text-align: left ;
white-space: nowrap ;
padding-left: 0 }
h1 tt.docutils, h2 tt.docutils, h3 tt.docutils,
h4 tt.docutils, h5 tt.docutils, h6 tt.docutils {
font-size: 100% }
ul.auto-toc {
list-style-type: none }
</style>
</head>
<body>
<div class="document" id="rhcsa-rhce-practice-exam-01">
<h1 class="title">RHCSA / RHCE Practice Exam #01</h1>
<!-- Sequence of section adornments: -->
<!-- ==- - -->
<!-- ==- -==- -__++~~^^ -->
<div class="section" id="this-exam">
<h1>This Exam:</h1>
<p>These tasks are taken from the objectives Red Hat has publicly posted and should therefore approximate the type of tasks one might find on the RHCSA and RHCE exams. It is expressly NOT based on actual contents of actual Red Hat Exams.</p>
<p>For the most authentic experience, this sample exam should be undertaken in a &quot;closed-book&quot; manner – referring to nothing but what is on the system or contained on the Red Hat Enterprise Linux installation tree that will be made available to you. However, because this Sample Exam is intended in part as a learning experience in itself, should you get seriously stuck you may refer to the Study Guide, to online resources, or to assistance from the instructor. Recognize, though, that such a decision may indicate a need for additional preparation before undertaking the Red Hat Exam.</p>
</div>
<div class="section" id="your-test-environment">
<h1>Your Test Environment:</h1>
<p>You should configure your physical server and three virtual machines as follows (where &lt;x&gt; is your station number):</p>
<table border="1" class="docutils">
<caption><strong>Systems Configuration</strong></caption>
<colgroup>
<col width="20%" />
<col width="20%" />
<col width="20%" />
<col width="20%" />
<col width="20%" />
</colgroup>
<thead valign="bottom">
<tr><th class="head">&nbsp;</th>
<th class="head">Physical Host</th>
<th class="head">vm1</th>
<th class="head">vm2</th>
<th class="head">vm3</th>
</tr>
</thead>
<tbody valign="top">
<tr><td>Hostname</td>
<td>s&lt;x&gt;host.linux-acc.local</td>
<td>s&lt;x&gt;server.linux-acc.local</td>
<td>s&lt;x&gt;client.linux-acc.local</td>
<td>s&lt;x&gt;untrusted.linux-acc.local</td>
</tr>
<tr><td>IP Address</td>
<td>192.168.5.&lt;x&gt;0</td>
<td>192.168.5.&lt;x&gt;1</td>
<td>192.168.5.&lt;x&gt;2</td>
<td>DHCP</td>
</tr>
<tr><td>Subnet</td>
<td>/22 or 255.255.252.0</td>
<td>/22 or 255.255.252.0</td>
<td>/22 or 255.255.252.0</td>
<td>n/a</td>
</tr>
<tr><td>Def. GW</td>
<td>192.168.4.1</td>
<td>192.168.4.1</td>
<td>192.168.4.1</td>
<td>192.168.4.1</td>
</tr>
<tr><td>Nameserver</td>
<td>192.168.7.254</td>
<td>192.168.7.254</td>
<td>192.168.7.254</td>
<td>192.168.7.254</td>
</tr>
</tbody>
</table>
<p>Networks:</p>
<blockquote>
<dl class="docutils">
<dt>Local network</dt>
<dd>192.168.4.0/22 (255.255.252.0), GW 192.168.4.1, DNS 192.168.7.254</dd>
<dt>Trusted subnet</dt>
<dd>192.168.5.0/24 (255.255.255.0)</dd>
<dt>Untrusted subnet</dt>
<dd>192.168.4.0/24 (255.255.255.0)</dd>
</dl>
</blockquote>
<p>An installation tree has been made available to you at <a class="reference external" href="ftp://192.168.5.200/pub/rhel6">ftp://192.168.5.200/pub/rhel6</a> which can serve as the basis for a yum repository.</p>
</div>
<div class="section" id="requirements-common-to-both-exams">
<h1>Requirements Common to Both Exams</h1>
<ul class="simple">
<li>SELinux must, at the end of the exam, be running in enforcing mode on both the client and server virtual machines after a reboot of each.</li>
<li>The IPTables firewall must be enabled and configured to permit the types of traffic set forth in these requirements.</li>
<li>On the untrusted host, use DHCP networking and install/configure only that components that are required for testing prohibited access to the services described below.</li>
</ul>
</div>
<div class="section" id="rhcsa-requirements">
<h1>RHCSA Requirements</h1>
<p>Complete the following in approximately 2 hours:</p>
<ul>
<li><p class="first">Obtain access to your virtual machines (you do not know the root passwords) and reset the root passwords to &quot;linuxacc&quot;.</p>
</li>
<li><p class="first">Ensure that the network configuration matches that in the table above.</p>
</li>
<li><p class="first">Create users and groups on both your server and client virtual machines:</p>
<blockquote>
<p>Users:</p>
<blockquote>
<ul class="simple">
<li>tester (UID=1004), password: linuxacc</li>
<li>ford (UID=1005), password: linuxacc</li>
<li>carter (UID=1006), password: linuxacc</li>
<li>reagan (UID=1007), password: linuxacc</li>
<li>clinton (UID=1008), password: linuxacc</li>
</ul>
</blockquote>
<p>Groups:</p>
<blockquote>
<ul class="simple">
<li>presidents (GID=1000; members=ford, carter, reagan, clinton)</li>
<li>republicans (GID=1001; members=ford, reagan)</li>
<li>democrats (GID=1002; members=carter, clinton)</li>
</ul>
</blockquote>
</blockquote>
</li>
<li><p class="first">On the server virtual machine, create the following directories:</p>
<blockquote>
<p><tt class="docutils literal">/share/presidents</tt></p>
<blockquote>
<ul class="simple">
<li>All four (&quot;presidential&quot;) users must be able to write here.</li>
<li>This directory must be owned by root and the group presidents.</li>
<li>Only users in this group should have any access to the directory.</li>
<li>Files created here should be owned by the group presidents.</li>
<li>Users should not be able to delete files they did not create.</li>
<li>This directory should have an SELinux fcontext that will permit it to be shared by multiple services.</li>
</ul>
</blockquote>
<p><tt class="docutils literal">/share/presidents/republicans</tt></p>
<blockquote>
<ul class="simple">
<li>This directory should be owned by root and the group republicans.</li>
<li>Files created here should be owned by the group republicans.</li>
<li>Only users in this group should have any access to the directory.</li>
<li>Users should not be able to delete files they did not create.</li>
<li>This directory should have an SELinux fcontext that will permit it to be shared by multiple services.</li>
</ul>
</blockquote>
<p><tt class="docutils literal">/share/presidents/democrats</tt></p>
<blockquote>
<ul class="simple">
<li>This directory should be owned by root and the group democrats.</li>
<li>Files created here should be owned by the group democrats.</li>
<li>Only users in this group should have any access to the directory.</li>
<li>Users should not be able to delete files they did not create.</li>
<li>This directory should have an SELinux fcontext that will permit it to be shared by multiple services.</li>
</ul>
</blockquote>
</blockquote>
</li>
<li><p class="first">The Client Virtual machine should boot into a GNOME desktop</p>
</li>
<li><p class="first">The Server Virtual machine should boot into runlevel 3 (CLI only), but should provide a desktop for root and for tester through secure VNC.</p>
</li>
<li><p class="first">Configure static name resolution such that FQDN of each VM resolves correctly (even without DNS) from each of the other VMs.</p>
</li>
<li><p class="first">Configure each of the following names as aliases for <tt class="docutils literal"><span class="pre">s&lt;x&gt;server.linux-acc.local</span></tt>:</p>
<blockquote>
<ul class="simple">
<li><tt class="docutils literal"><span class="pre">pres.s&lt;x&gt;server.linux-acc.local</span></tt></li>
<li><tt class="docutils literal"><span class="pre">rep.s&lt;x&gt;server.linux-acc.local</span></tt></li>
<li><tt class="docutils literal"><span class="pre">dem.s&lt;x&gt;server.linux-acc.local</span></tt></li>
</ul>
</blockquote>
</li>
<li><p class="first">On the Client virtual machine, create a directory <tt class="docutils literal">/home/remote</tt>.</p>
</li>
<li><p class="first">On the Client virtual machine, configure the automounter such that attempts to access locations in <tt class="docutils literal">/home/remote/presidents/</tt> cause the nfs share <tt class="docutils literal">/share/presidents</tt> from your server to be mounted at <tt class="docutils literal">/home/remote/presidents</tt>.</p>
</li>
<li><p class="first">On the Client virtual machine, install the <tt class="docutils literal">slang</tt> package.</p>
</li>
</ul>
</div>
<div class="section" id="rhce-requirements">
<h1>RHCE Requirements</h1>
<p>Complete the following in approximately 2 hours:</p>
<ul>
<li><p class="first">Ensure that both the Server and Client Virtual machines are obtaining their time from NTP. Your server virtual machine should obtain its time from <tt class="docutils literal">ntppub.tamu.edu</tt> and from <tt class="docutils literal">ntp.bytestacker.com</tt>. Your client virtual machine should get its time from your server virtual machine.</p>
</li>
<li><p class="first">SSH connections should be allowed from throughout the <tt class="docutils literal">192.168.4.0/22</tt> network.</p>
</li>
<li><p class="first">For all other services, connections should be allowed from addresses within the trusted network (<tt class="docutils literal">192.168.5.0/24</tt>), but disallowed from <tt class="docutils literal">192.168.4.0/24</tt>.</p>
</li>
<li><p class="first">Configure an SMTP server that allows connections from the trusted subnet.</p>
</li>
<li><p class="first">Connect to the iSCSI target provided by the target portal at <tt class="docutils literal">192.168.5.200</tt>.</p>
</li>
<li><p class="first">Configure <tt class="docutils literal">/share/presidents</tt>, <tt class="docutils literal">/share/presidents/republicans</tt>, and <tt class="docutils literal">/share/presidents/democrats</tt> to be shared via NFS to any system in the trusted subnet. Ensure that root privileges cannot be gained from a remote mount.</p>
</li>
<li><p class="first">Configure an FTP server to allow anonymous downloads from <tt class="docutils literal">/var/ftp/pub</tt> and anonymous uploads to <tt class="docutils literal">/var/ftp/pub/inbound</tt> (create this directory and set permissions appropriately). Ensure that uploaded files cannot be viewed or downloaded without admin intervention.</p>
</li>
<li><p class="first">Configure a Web server to serve the following vhosts:</p>
<blockquote>
<dl class="docutils">
<dt>Access to <tt class="docutils literal"><span class="pre">pres.s&lt;x&gt;server.linux-acc.local</span></tt></dt>
<dd><p class="first last">serves an index page located in <tt class="docutils literal">/share/presidents/</tt></p>
</dd>
<dt>Access to <tt class="docutils literal"><span class="pre">rep.s&lt;x&gt;server.linux-acc.local</span></tt></dt>
<dd><p class="first last">serves an index page located in <tt class="docutils literal">/share/presidents/republicans/</tt></p>
</dd>
<dt>Access to <tt class="docutils literal"><span class="pre">dem.s&lt;x&gt;server.linux-acc.local</span></tt></dt>
<dd><p class="first last">serves an index page located in <tt class="docutils literal">/share/presidents/democrats/</tt></p>
</dd>
</dl>
<p>Use filesystem ACLs to resolve any permissions issues you encounter.</p>
<p>Place an index file in each of these locations that indicates which directory it is in and under which name it should be served out.</p>
</blockquote>
</li>
<li><p class="first">Configure Samba to share the <tt class="docutils literal">/share/presidents</tt> directory using a share name of presidents. Make it readable for <tt class="docutils literal">ford</tt> and <tt class="docutils literal">carter</tt> and writable for <tt class="docutils literal">reagan</tt> and <tt class="docutils literal">clinton</tt>.</p>
</li>
<li><p class="first">Create a bash script that uses <tt class="docutils literal">top</tt> non-interactively to write 2 interations of its report to the file <tt class="docutils literal">/root/logs/top_report.txt</tt>. Configure a cron job that performs this task every 20 minutes.</p>
</li>
<li><p class="first">Configure your Server VM to provide a caching DNS server and to allow queries from the trusted network. Configure your Client VM to obtain its DNS name resolution from your Server VM.</p>
</li>
<li><p class="first">Tune the kernel behavior of your Server VM so that it will respond to broadcast pings (ICMP ECHO broadcasts). This must persist after a reboot.</p>
</li>
</ul>
</div>
</div>
</body>
</html>