Name: myscript
Version: 0.1
Release: 1%{?dist}
Summary: myscript test rpm
Group: none
License: none
URL: none
Source0: myscript-0.1.tar.gz
BuildRoot: %(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XXXXXX)
BuildRequires: /bin/cp
Requires: /bin/bash
%description
Test RPM for EX300 exam
%prep
%setup -q
%build
echo "OK"
%install
rm -rf %{buildroot}
mkdir -p %{buildroot}/tmp/myscript
cp -R * %{buildroot}/tmp/myscript
%clean
rm -rf %{buildroot}
%files
/tmp/myscript/hello.sh
%defattr(-,root,root,-)
%doc
%changelog
Run rpmbuild in order to create a RPM tree. This will generate an error, but create the tree.
rpmbuild -ba myscript.spec
Create an archive tar.gz in the SOURCES directory.
tar czvf rpmbuild/SOURCES/myscript-0.1.tar.gz myscript-0.1/
Copy the spec file to SPEC directory.
cp myscript.spec rpmbuild/SPECS/
Build the RPM.
rpmbuild -ba rpmbuild/SPECS/myscript.spec
Test the RPM install.
rpm -ivh rpmbuild/RPMS/x86_64/myscript-0.1-1.el6.x86_64.rpm
====Configure a system as an iSCSI initiator that persistently mounts an iSCSI target.====
Install utils
yum install iscsi-initiator-utils
Discover targets
iscsiadm -m discovery -t st -p
*.* @splunk.home:514
Restart resyslog
service rsyslog restart
====Configure a system to accept logging from a remote system.====
Edit /etc/rsyslog.conf
# Provides UDP syslog reception
$ModLoad imudp
$UDPServerRun 514
# Provides TCP syslog reception
$ModLoad imtcp
$InputTCPServerRun 514
Add iptables rules to /etc/sysconfig/iptables.
-A INPUT -m state --state NEW -m tcp -p tcp --dport 514 -j ACCEPT
-A INPUT -m state --state NEW -m udp -p udp --dport 514 -j ACCEPT
=====Network services=====
Network services are an important subset of the exam objectives. RHCE candidates should be capable of meeting the following objectives for each of the network services listed below:
====Install the packages needed to provide the service.====
yum provides */
-A INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT
Restart iptables
service iptables restart
===Configure a virtual host.===
Create DocumentRoot
mkdir -p /var/www/web1
mkdir -p /var/www/web2
Create /var/www/web1/index.html
web1 test page
Create /var/www/web2/index.html
web2 test page
Edit /etc/http/conf/httpd.conf
NameVirtualHost *:80
Create new virtual host config /etc/httpd/conf.d/web.conf
ServerAdmin webmaster@dummy-host.example.com
DocumentRoot /var/www/web1
ServerName web1.study.home
ErrorLog logs/web1-error_log
CustomLog logs/web1-access_log common
ServerAdmin webmaster@dummy-host.example.com
DocumentRoot /var/www/web2
ServerName web2.study.home
ErrorLog logs/web2-error_log
CustomLog logs/web2-access_log common
Restart Apache
service httpd restart
===Configure private directories.===
Create private directory
mkdir /var/www/web1/private
Create /var/www/web1/private/index.html
Private HTML page
Create passwd file
htpasswd -c /etc/httpd/.htpasswd privateuser
Add config to /etc/http/conf.d/web.conf
AuthName "Private Directory"
AuthType basic
AuthUserFile /etc/httpd/.htpasswd
Require valid-user
===Deploy a basic CGI application.===
Create CGI directory
/var/www/web1/cgi
Edit script /var/www/web1/cgi/openports.cgi
#!/bin/sh
echo -e "Content-type: text/html\n\n";
echo ""
echo "`netstat -tan`" # THIS WILL GIVE SELINUX TROUBLES
echo "
"
Make it executable
chmod +x openports.cgi
Edit /etc/http/conf.d/web.conf
Options +ExecCGI
AddHandler cgi-script pl cgi
===Configure group-managed content.===
Create group
groupadd admins
Add users to admins
Set rights
mkdir -p /var/www/web1/admins
chown apache.admins /var/www/web1/admins
chmod 775 /www/site1
chmod g+s /www/site1
====DNS====
===Configure a caching-only name server.===
yum -y install bind
chkconfig named on
service named start
There is a know bug generating the /etc/rndc.key. If this happens run:
rndc-confgen -a -r /dev/urandom
Open port 53 udp
-A INPUT -m state --state NEW -m udp -p udp --dport 53 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 53 -j ACCEPT
Restart iptables
service iptables restart
===Configure a caching-only name server to forward DNS queries.===
Note: Candidates are not expected to configure master or slave name servers.
Edit /etc/named.conf
listen-on port 53 { 127.0.0.1; 192.168.1.32; };
allow-query { localhost; 192.168.1.0/24; };
forward only;
forwarders { 192.168.1.1; };
dnssec-enable no;
dnssec-validation no;
====FTP====
===Configure anonymous-only download.===
yum -y groupinstall "FTP server"
service vsftpd start
chkconfig vsftpd on
Open iptables port
-A INPUT -m state --state NEW -m tcp -p tcp --dport 21 -j ACCEPT
Edit /etc/sysconfig/iptables-config
IPTABLES_MODULES="ip_conntrack_ftp"
service iptables restart
====NFS====
===Provide network shares to specific clients.===
yum -y groupinstall "NFS file server"
service rpcbind start
chkconfig rpcbind on
service nfs start
chkconfig nfs on
Edit /etc/exports
/var/ftp/pub 192.168.42.0/24(ro,insecure)
Export filesystems
exportfs -a
Edit NFS config /etc/sysconfig/nfs
LOCKD_TCPPORT=32803
LOCKD_UDPPORT=32769
MOUNTD_PORT=892
STATD_PORT=662
Edit iptables and restart
-A INPUT -m state --state NEW -m udp -p udp --dport 32802 -j ACCEPT
-A INPUT -m state --state NEW -m udp -p udp --dport 32769 -j ACCEPT
-A INPUT -m state --state NEW -m udp -p udp --dport 892 -j ACCEPT
-A INPUT -m state --state NEW -m udp -p udp --dport 662 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 32802 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 32769 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 892 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 662 -j ACCEPT
-A INPUT -m state --state NEW -m udp -p udp --dport 111 -j ACCEPT
-A INPUT -m state --state NEW -m udp -p udp --dport 2049 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 111 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 2049 -j ACCEPT
Restart iptables
service iptables restart
===Provide network shares suitable for group collaboration.===
Edit /etc/exports
/opt/data/share 192.168.42.0/24(rw,insecure)
Export filesystems
exportfs -a
Change rights to path
chmod g+w ....
====SMB====
===Provide network shares to specific clients.===
yum install samba -y
chkconfig smb on
chkconfig nmb on
Edit iptables
-A INPUT -m state --state NEW -m tcp -p tcp --dport 137 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 138 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 139 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 445 -j ACCEPT
-A INPUT -m state --state NEW -m udp -p udp --dport 137 -j ACCEPT
-A INPUT -m state --state NEW -m udp -p udp --dport 138 -j ACCEPT
-A INPUT -m state --state NEW -m udp -p udp --dport 139 -j ACCEPT
-A INPUT -m state --state NEW -m udp -p udp --dport 445 -j ACCEPT
Restart iptables
service iptables restart
Edit /etc/samba/smb.conf
[samba]
comment= RHEL samba share
path = /opt/data/samba
browseable = yes
writable = yes
valid users=benst
hosts allow = 192.168.1.
hosts deny = 192.168.1.33
Add user password
smbpasswd -a
-A INPUT -m state --state NEW -m tcp -p tcp --dport 25 -j ACCEPT
Restart iptables and postfix
service postfix restart
service iptables restart
===Configure an MTA to forward (relay) email through a smart host.===
Edit /etc/postfix/main.cf
relay_domains = domainname.com
relayhost = mail.hostname.com
Restart postfix
service postfix restart
====SSH====
===Configure key-based authentication.===
===Configure additional options described in documentation.===
====NTP====
===Synchronize time using other NTP peers.===