红帽RHCSA及RHCE认证练习题及操作步骤

水平有限，做题仓促，如有错误遗漏，请谅解。

CHSCA

题外：

1.开机更改密码

Esc

e

[进入1模式] enter 

b[boot启动]

setenforce  0 {置于宽容模式修改密码}

passwd

reboot

2.service NetworkManager stop ; chkconfig NetworkManager off

3.service iptables stop ;chkconfig iptables off

#网络设置

Hostname: station.domainX0.example.com

IP:192.168.0.X

NETMASK:255.255.255.0

GATEWAY:192.168.0.254

1’ vim  /etc/sysconfig/network

2’vim  /etc/sysconfig/network-scripts/ifcfg-eth0

3’vim  /etc/resolv.conf  [ DNS]  

4’vim  /etc/hosts

#配置yum 源

指定到ftp://192.168.0.254/pub/rhel6/dvd/Server

1’cd  /etc/yum.repos.d/    若有其他，mv  dvd.repo  gls.repo  ../

2’vim   exam.repo[ 编辑yum源]

  [Server]

  name=Server

  baseurl=ftp://192.168.0.254/pub/rhel6/dvd/Server

  enable=1

  gpgcheck=0

3’yum list  {yum clean all 清除缓存}

#lvm 扩容

Will “/home  lv”  extend to 300 M (no more than 30 M error)

1’lvdisplay

2’lvextend  -L 300M /dev/vol0/home[ 要扩容的目标路径]

3’resize2fs  /dev/vol0/home

4’lvdisplay

#lvm缩容  reduce  to  200M

   1’lvdisplay

   2’umount  /home

   3’fsck  -f  /dev/vol0/home

   4’resize2fs  /dev/vol0/home  200M

   5’lvreduce  -L 200M  /home/vol0/home

   6’mount /home                  

#组管理

Add a group named “admin”

1’groupadd  -g  2000  admin

2’grep  admin  /etc/group

#用户管理

Add user “tom”, ask its home directory is /home/tommy

Add user “mike”, ask its uid is 800, its affiliated groups is “admin “

Add user “selina”,can’t  land shell

Passwd :RedHat

1’useradd  -d  /home/tommy  tom

2’useradd  -u 800 –G admin mike                 usermod –aG admin  添加新组

3’useradd  -s /sbin/nologin selina

4’for  UNAME in tom mike

>do

>echo “redhat”| passwd  –stdin $UNAME

>done

#文件权限

Copy  file /etc/passwd to /var/tmp

owners is root ,  group  ：admin,the members of admin can write in it

Others  without any access

1’cp  /etc/passwd  /var/tmp

2’chgrp  admin  passwd   & chown  root:admin  passwd

3’chmod  660  passwd

#目录权限

Create directory  /admin/sales  /admin/devel   /admin/training

/admin/sales  owner is root ,group is admin  ,all users in the directory can create documents, but the files and directorys you created  automatic for group admin, the owner for founder itself, other users without any access.

/admin/devel  owner is root ,group is root , all users in the directory can create documents, but can’t delete other files created by the user.

/admin/training  the owner is root ,group is root ,user root has all the limits of authority, other users without any access, except user alex can write and read in this directory.

1’mkdir   /admin  cd  /admin

2’mkdir {sales, devel ,training}

3’chgrp sales ;chmod  2770  sales

4 ‘chmod  1777  devel /

5chmod  770  training

6’setfacl –m u:alex:rwx  training/     {若要求对此目录下创建的文件适当权限， setfacl  -m  d:g:admin:rw  training }

7’ll : getfacle  training/

#内核升级

1’yum –y  install  lftp*

2’lftp  192.168.0.254

3’get  kernel

4’rpm   –ivh   kernel*

5’vim  /boot/grub/grub.conf  & /etc/grub.conf

#LDAP

Join ldap domain , dc=example, dc = com ,server = instructor.example.com

Certificate from :ftp://192.168.0.254/pub/example-cd.crt

To be able to use ldapuserX0 on your machine

1’system-config-authentication

2’

3’su – ldapuser1

4’exit

#NTP server

1’system-config-date

2’ 添加 网络

#自动挂载  ldapuser1

/ldaphome/ldapuserX  on the server  automatic mount on the directory /ldaphome on your machine.

1’ showmount –e 192.168.0.254   & getent passwd  ldapuserX

2’vim   /etc/auto.mater      /ldaphome       /etc/auto.misc

3’vim   /etc/auto.misc 

ldapuserX   -fstype=nfs                192.168.0.254:/ldaphome/ldapuserX

*          -fstype=nfs                            192.168.0.254:/ldaphome/&

4’mkdir  /home/guests; cd /home/guests; ln –s –d  /ldaphome/ldapuserX  ldapuserX

5’ ’service autofs stop ,service autofs start;  chkconfig  autofs  on

6’su – ldapuserX

#WEB

Download from the service ftp://192.168.0.254/pub/test/  exam.html

Rename  index.html ,put it in /var/www/html

http://station.domainX0.example.com to visit

1’lftp 192.168.0.254    get exam.html

2’yum   –y   install   httpd

3’cp exam.html        /var/www/html/index.html

4’vim   /etc/hosts  [进行主机名解析]

5’service  httpd  start ; chkconfig  httpd  on

6’firefox:查看

#FTP

Realize anonymous download

1’ yum  -y  install  vsftpd

2’service vsftpd start; chkconfig  vsftpd  on

3’ cd /var/ftp/; mkdir  mmm/;cd  pub/ ; touch file1

4’lftp  192.168.0.9

5’ get file1

#FIND

1’mkdir    -p      /root/find

2’find        /home      -user         tom           -exec         cp     -a      {}       /root/find          \;

[-a 保留原文件属性]

3’cd  /root/find

#grep

Find key word root in /etc/passwd  ,and the result to record in /root/grep.txt

1’grep  root  /etc/passwd  >/root/grep.txt

2’cat /root/grep.txt

#swap

Create a  swap  division ,size 512M, Realize boot automatically mount

1’fdisk –l

2’fdisk      -cu    /dev/sda    p n +512M t 3 82  w

3’reboot

4’mkswap –c /dev/sda3; swapon –a /dev/sda3

5’blkid /dev/sda3

6’vim        /etc/fstab

UUID=******************   swap  awap            defaults             0 0

7’mount            –a

#lvm创建

Create a VG named datastore  ,LV named database

VG   PE :50 ,size of PE: 16M    LV :   the number of LE :50

1’fdisk      -cu    /dev/sda [根据50个PE（16M），确定分区大小]    p  n  +816M t 5 8e w

2’reboot

3’pvcreat  /dev/sda5

4’vgcreate  datastore  -s 16M  /dev/sda5

5’lvcreate  -n  database      -l  50 /dev/datastore

6’vgdisplay;  lvdisplay

#计划任务

crontab    -e      -u      tom

分时日月周  命令

RHCE

#SELINUX

1’ vim       /etc/sysconfig/selinux  

2’ getenforce

#路由

Open the local routing forwarding function

1’vim        /etc/sysctl.conf

2’sysctl     -p [查看]

#计划任务

1’vim        /etc/cron.deny

#FTP

Allow anonymous users to upload files to /pub ,192.168.0.0/24can visit only

1’vim        /etc/vsftpd/vsftpd.conf   27 31

2 ‘service          vsftpd      restart ; chkconfig vsftpd      on

3’ 防火墙设置

service      iptables    start;chkconfig iptables on

iptables –nL(默认拒绝所有)

vim     /etc/sysconfig/iptables-config

   iptables      -I       INPUT       -p      tcp   –dport      21     -s      192.168.0.0/24        -j       AECCEPT

   service        iptables save

4’ 布尔值设置

getsebool        -a      | grep ftp

Setsebool         -P    allow_ftpd_full_access  on [永久生效]

5’cd  /var/ftp/;  chmod  o+w  pub/

6’touch  file2 ;  lftp  192.168.0.9 ;  put file2

 #SMTP

The remote user can use your mail service, ensure that the individual user E-mail storage in/var/spool/mail.

1’yum      -y     install       postfix    

2’ vim       /etc/postfix/main.cf

 ; 将localhost注释。

3’service  postfix restart ; chkconfig postfix  on

4’netstat -tlnup |grep  :25

5’防火墙设置

Iptables –I INPUT –p tcp –dport 25  –s  0.0.0.0/0  –j ACCEPT

service  iptables  save

6’yum –y install nc*;   nc                192.168.0.100          25

#邮件别名

The mail send to admin ,can be send to tom and mike.

1‘vim       /etc/aliases

2’newaliases

#SAMBA

Add a browseable  sharing  named “common”,path /common,192.168.0.0/24 can access only

Tom ,can writeable ,read show passwd 123

1’mkdir  /common

2’yum –y  install samb

3’vim /etc/smba/smb.conf

开write list ,则writeable=yes 不开

4’service  smb  restart ;chkconfig  smb  on

5’防火墙:

iptables  -I  INPUT  -p  tcp  –dport 137:139  -s 192.168.0.0/24  -j  ACCEPT

iptables  -I  INPUT  -p  udp  -dport 137:139  -s 192.168.0.0/24  -j  ACCEPT

iptables  -I  INPUT  -p  tcp  –dport 445  -s 192.168.0.0/24  -j  ACCEPT

iptables  -I  INPUT  -p  udp  –dport 445  -s 192.168.0.0/24  -j  ACCEPT

service  iptables  save

６’getsebool  -a  |grep  samba    ;setsebool  –P  samba_enable_home_dirs  on

samba_export_all_rw 1

Use_samba_home_dirs  1

7’smbpasswd  -a  tom               123　123

8’chmod  o+w  /common

9’smbclient  -L 192.168.0.9& smbclient //192.168.0.9:/common  -U  tom

#NFS

Using NFS Shared /common , 192.168.0.0/24access only

1’yum  -y  install  nfs*

2’vim  /etc/exports        :  /common                    192.168.0.0/24(rw,sync)

3’service  nfs  restart ; chkconfig  nfs  on

4’防火墙规则：

vim           /etc/sysconfig/nfs 

 端口号111，2049，4000：4002  tcp&udp  192.168.0.0/24  ACCEPT

5’验证：

mount   -t     192.168.0.9:/common     /mmm

cd   /mmm

touch file3

ls

#SSH

192.168.0.0/24 access WEB port,

1’yum  -y  install  sshd

2’service  httpd start; chkconfig  sshd  on

3’ 防火墙：端口号22(tcp)

#WEB 访问控制

1’ ll  -Z  /var/www/html/

2’防火墙：端口号80：（tcp）

#WEB 虚拟主机

Download from the service ftp://192.168.0.254/pub/test/  virt.html

Rename  index.html ,

http://www.domainX0.example.com to visit

1’mkdir   -p  /var/www/virt1

lftp 192.168.0.254  get  virt.html

cp  virt.html               /var/www/virt1/index.html

2’vim  /etc/httpd/conf/httpd.conf

编写两个虚拟主机

3’service httpd restart ;

#WEB 敌对域：

<Directory  /var/www/virt1>

Order allow,deny

allow   from  all

deny   from  192.168.1

</Directory>

#iso 挂载

Automatically boot  ,mount point /iso

1’ mkdir /iso

2’ vim  /etc/fstab

/root/dvd.iso             /iso            iso9660             loop,ro               0  0       

3’mount –a

4’mount  -t iso9660  –o  loop  /root/dvd.iso           /iso

或vim  /etc/rc.local     mount  /root/dvd.iso  /iso   –o   loop

#添加kernel启动参数

vim  /boot/grub/grub.conf

添加 启动测试

#ISCSI

1’ yum –y install  iscsi-initiator-utils

2’iscsiadm     -m  discovery  -t  st -p 192.168..254

3’iscsiadm  -m  node   -T  iqn.2010-09.com.example:rdisks.demo  -l

4’fdisk –l

5’fdisk –cu /dev/sdb    n 1 w

6’mkfs.ext4  /dev/sdb1

7’ blkid   /dev/sdb1

8’vim  /etc/fstab

   UUID=                          /mnt/iscsi             ext4          _netdev             0  0 

9’mkdir    /iscsi

10’mount  -a

#scripting

编辑一个脚本，输入cat，显示dog,输入dog,显示 cat,其他则显示error

1’vim  test.sh

       #!/bin/bash

       if [ “$1”       ==   “cat”  ];then

          echo  “dog”

          elif [ “$1”  ==  “dog”  ];then

          echo   “cat”

          else

          echo  “error”

          fi

2’chmod  o+x  test.sh

3’./test.sh  cat     dog  else