Разбираем тесты по RH9 (EX200)
13Рассматриваем тесты для подготовки к EX200
=====*****=====*****=====
init=/bin/bash
mount -o remount,rw /
passwd root
touch /.autorelabel
exec /usr/lib/systemd/systemd
ant then ctrl+x to start system with changed parameeters
#Q2.
Configure YUM repos with the given link ( 2 repos: 1st is Base and 2nd is AppStream )
● Base_url= http://content.example.com/rhel8.0/x86_64/dvd/BaseOS
● AppSterm_url= http://content.example.com/rhel8.0/x86_64/dvd/AppStream
dd if=/dev/sr0 of=/rhel9.iso bs=1MB
mkdir /repo
vi /etc/fstab /rhel9.iso /repo iso9660 defaults 0 0
cd /etc/yum.repos.d
vi BaseOS.repo
[BaseOS]
name=BaseOS
baseurl=file:///repo/Baseos
gpgcheck=o
#Q3. Debug SELinux:
● A web server running on non standard port 82 is having issues serving content. Debug
and fix the issues.
● The web server on your system can server all the existing HTML files from
/var/newweb/l ( NOTE: Do not make any changes to these files )
● Web service should automatically start at boot time.
dnf search selinux
man semanage-fcontext
vi /etc/gttpd/conf/httpd.conf and change listening to 82, also a document root and directory
mkdir /var/newweb
vi /var/newwebl/index.php
hello world (create this to be abble test it with curl)
ls -Z /var/newweb (there shopuld be a http service owner)
man semanage-fscontext ( there should be a solutuion to relabel a folder)
adter this
restorecon -Rv /var/newweb/
and check again with ls -Z
now lets fix a port
journalctl | grep sealert
find there port error string and use this on a port you need and also replace port type with httpd_port_t
systemctl httpd enable --now
Q4. Create User accounts with supplementary group.
● Create the group a named " sysadms ".
● All new users should have a "New Folder" named folder in their home directoryes
● All users "PASS_MAX_DAYS" should be set up to 99 yeasrs
● Create users as named " natasha " with UID 2052 and " harry ", will be the supplementary group
" sysadms ".
● Create a user as named " sarah ", should have non-interactive shell and it should be not
the member of " sysadms ".
● Password for all users should be " trootent "
● Create a user Mika and then lock hes password
● Create a user with specific password settings
vi /etc/login.defs
lid -g sysadmins ( shows all users in this group)
chage -l bob (see pasword settings)
groupadd sysadmins
mkdir /etc/skell/NewFolder
vi /etc/login.defs
(change PASS_MAX_DAYS to 99)
useradd -u 2052 natasha
cat /etc/passwd ( to check UID of user natashe)
useradd harry
ls /home.harry ( to check if thereis a NewFolder in their directory)
groupmod -U natasha,harry sysadmins
useradd sarah -s /sbin/nologin
cat /etc/passwd ( to check srarh have no login)
lid -g sysadmins ( to check membersheip of sysadmins)
passwd -l Mika ( to loack password for mika)
useradd Mika3
chage Mika3
( to make a specific password settings)
chage -l Bob3 ( to check password settings)
#Q5. Configure a cron job that runs every 1 minutes and executes:
logger "EX200 in progress" as the user natasha
cat /etc/crontab (example of cron schedule)
crontab -e -u natasha
1 * * * * logger "EX200 in progress"
#Q6. Create a collaborative Directory.
● Create the Directory " /home/manager " with the following characteristics.
● Group ownership of "/home/manager" should go to " sysadms " group.
● The directory should have full permission for all members of " sysadms " group but not to
the other users except " root ".
● Files created in future under " /home/manage r" should get the same group ownership .
ls -l
mkdir /home/manager
cat /etc/group | grep sysadmins (to check if this group exits , if not create one)
chown :sysadmins /home/manager ( Group ownership of "/home/manager" should go to " sysadms " group)
chmod 3770 /home/manager
#Q (Other)
Add HTTP service to exclusion on firewall and male it permanent
systemctl status firewalld
firewall-cmd --get-services
firewall-cmd --get-services | grep http
firewall-cmd --add-service http --permanent
firewall-cmd --list-all ( and there should be HTTP in services)
find / -user harry -type -f -exec cp {} /root/harry-files \ ;