Part 1 (on Node1 Server)
Task 15 [Running Containers]
Create a container named logserver with the image rhel8/rsyslog found from the registry registry.domain15.example.com:5000
The container should run as the root less user shangrila. use redhat as password [sudo user] Configure the container with systemd services as the shangrila user using the service name,
“container-logserver” so that it can be persistent across reboot.
Use admin as the username and admin123 as the credentials for the image registry.
Solution:
*
[root@workstation ~]# ssh shangrila@node1
[shangrila@node1 ~]$ podman login registry.domain15.example.com:5000
Username: admin
Password:
Login Succeeded!
[shangrila@node1 ~]$ podman pull registry.domain15.example.com:5000/rhel8/rsyslog
[shangrila@node1 ~]$ podman run -d --name logserver registry.domain15.example.com:5000/rhel8/rsyslog 021b26669f39cc42b8e94eab886ba8293d6247bf68e4b0d76db2874aef284d6d
[shangrila@node1 ~]$ mkdir -p ~/.config/systemd/user
[shangrila@node1 ~]$ cd ~/.config/systemd/user
*
[shangrila@node1 user]$ podman generate systemd --name logserver --files --new
/home/shangrila/.config/systemd/user/container-logserver.service
[shangrila@node1 ~]$ systemctl --user daemon-reload
[shangrila@node1 user]$ systemctl --user enable --now container-logserver.service
[shangrila@node1 ~]$ podman ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
7d9f7a8a4d63 registry.domain15.example.com:5000/rhel8/rsyslog:latest /bin/rsyslog.sh 2 seconds ago logserver
[shangrila@node1 ~]$ sudo reboot
[shangrila@node1 ~]$ cd .config/systemd/user
[shangrila@node1 user]$ systemctl --user status
Does this meet the goal?
Correct Answer:
A
Part 1 (on Node1 Server)
Task 5 [Controlling Access to Files with ACLs]
Copy the file /etc/fstab to /var/tmp. Configure the following permissions on /var/tmp/fstab.
The file /var/tmp/fstab is owned by root user
The file /var/tmp/fstab is belongs to the root group
The file /var/tmp/fstab should be executable by anyone
The user harry is able to read and write on /var/tmp/fstab
The user natasha can neither read or write on /var/tmp/fstab
All other users (Current or future) have the ability to read /var/tmp/fstab
Solution:
*
[root@node1 ~]# cp -p /etc/fstab /var/tmp/
[root@node1 ~]# ls -lrt /etc/fstab
[root@node1 ~]# ls -lrt /var/tmp/fstab
[root@node1 ~]# chmod a+x /var/tmp/fstab
[root@node1 ~]# getfacl /var/tmp/fstab
[root@node1 ~]# setfacl -m u:harry:rw- /var/tmp/fstab
[root@node1 ~]# setfacl -m u:natasha:--- /var/tmp/fstab
[root@node1 ~]# getfacl /var/tmp/fstab
getfacl: Removing leading '/' from absolute path names
# file: var/tmp/fstab
# owner: root
# group: root
user::rwx
user:harry:rw-
user:natasha:---
group::r-x
mask::rwx
other::r-x
*
[root@node1 ~]# su - natasha
[natasha@node1 ~]$ cat /var/tmp/fstab
cat: /var/tmp/fstab: Permission denied
Does this meet the goal?
Correct Answer:
A
According the following requirements to create user, user group and the group members:
- A group named admin.
- A user named mary, and belong to admin as the secondary group.
- A user named alice, and belong to admin as the secondary group.
- A user named bobby, bobby’s login shell should be non-interactive. Bobby not belong to admin as the secondary group.
Mary, Alice, bobby users must be set "password" as the user's password.
Solution:
groupadd admin
useradd -G admin mary
useradd -G admin alice
useradd -s /sbin/nologin bobby
echo "password" | passwd --stdin mary
echo "password" | passwd --stdin alice
echo "password" | passwd --stdin bobby
Does this meet the goal?
Correct Answer:
A
Install a FTP server, and request to anonymous download from /var/ftp/pub catalog. (it needs you to configure yum direct to the already existing file server.)
Solution:
# cd /etc/yum.repos.d
# vim local.repo
[local]
name=local.repo
baseurl=file:///mnt
enabled=1
gpgcheck=0
# yum makecache
# yum install -y vsftpd
# service vsftpd restart
# chkconfig vsftpd on
# chkconfig --list vsftpd
# vim /etc/vsftpd/vsftpd.conf
anonymous_enable=YES
Does this meet the goal?
Correct Answer:
A
Configure your system so that it is an NTP client of server.domain11.example.com
Solution:
#system-config-date
Note: dialog box will open in that
Check mark Synchronize date and time over network. Remove all the NTP SERVER and click ADD and type server.domain11.example.com
****************And then press ENTER and the press OK***************
Does this meet the goal?
Correct Answer:
A