RHCSA 2
Quiz-summary
0 of 14 questions completed
Questions:
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
Information
This is a RHCSA sample exam. You’ve got 2 hours and half.
Prerequisites:
– 1GB of free space.
One precision: nobody checks your answers but solutions are provided.
You have already completed the quiz before. Hence you can not start it again.
Quiz is loading...
You must sign in or sign up to start the quiz.
You have to finish following quiz, to start this quiz:
Results
0 of 14 questions answered correctly
Your time:
Time has elapsed
You have reached 0 of 0 points, (0)
Average score |
|
Your score |
|
Categories
- Not categorized 0%
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- Answered
- Review
-
Question 1 of 14
1. Question
Assume you forget the current root password.
Reboot your server and put the “redhat” password instead.Hint
# reboot
Press ‘a‘ at the first GRUB menu at the console.
Type ‘single‘ at the end of the line.
# passwd root
Type ‘redhat‘. -
Question 2 of 14
2. Question
Create a file named dontcopy in the /root directory and make it impossible to back it up with the dump command.
Hint
# touch /root/dontcopy
# chattr +d /root/dontcopy -
Question 3 of 14
3. Question
Create a logical volume with the name “lv_vol” using 180PE (Physical Extents).
Mount it on /mnt with filesystem ext4.
Make it permanently loaded by uuid.
Create a file called tempo into the /mnt directory.Hint
# lvs
# lvcreate –name lv_vol -l 180 vg
# mkfs.ext4 /dev/vg/lv_vol
# blkid | grep lv_vol >> /etc/fstab
vi /etc/fstab
UUID=”…” /mnt ext4 defaults 0 0
# mount /mnt
# df
# touch /mnt/tempo -
Question 4 of 14
4. Question
Create a file called cmd belonging to user and group root in tom‘s directory with the string “/bin/echo Hello!” inside.
Configure permissions on it to allow the steven‘s account to read and execute it but not andrew nor tom.Hint
# cd /home/tom
# echo ‘/bin/echo Hello!’ > cmd
# setfacl -m u:steven:r-x cmd
# setfacl -m u:steven:–x ../tom
# setfacl -m u:tom:— cmd
# setfacl -m u:andrew:— cmd -
Question 5 of 14
5. Question
Install the vsftpd package.
Copy the TUNING file coming with the package into the /root directory.Hint
# yum install -y vsftpd
# rpm -ql vsftpd | grep TUNING
# cd /usr/share/doc/vsftpd…
# cp TUNING /root -
Question 6 of 14
6. Question
Install a httpd server. Make it serve files from /www/html.
Write a file called index.html displaying “Hello world!“.Hint
# yum groupinstall -y “Web server”
# yum install -y setroubleshoot-server elinks
# cp -rp /var/www/* /www
# cd /etc/httpd/conf
# sed -e “s:DocumentRoot \”/var/www/html\”:DocumentRoot \”/www/html\”:g” httpd.conf > httpd.conf2
# mv -f httpd.conf2 httpd.conf
# service httpd configtest
# echo Hello world! >/www/html/index.html
# semanage fcontext -a -t httpd_sys_content_t “/www(/.*)?”
# restorecon -r /www
# iptables -I INPUT -m state –state NEW -m tcp -p tcp –dport 80 -j ACCEPT
# service iptables save
# chkconfig httpd on
# service httpd start
# elinks http://localhost -
Question 7 of 14
7. Question
Remove all the files from the /etc/yum.repos.d directory.
Set up a repository for the Base packages from (US)University of Oklahoma’s (http://mirror.oss.ou.edu/centos/) or (Germany)ATrpms’s (http://mirror.atrpms.net/centos/) or (China)Beijing Institute of Technology’s (http://mirror.bit.edu.cn/centos/) according to your geographical localization.Hint
# cd /etc/yum.repos.d
# /bin/rm *
# vi local.repo
[base]
name=University of Oklahoma – Base
baseurl=http://mirror.oss.ou.edu/centos/$releasever/os/$basearch/
enabled=1
gpgcheck=0
# yum clean all
# yum repolist all -
Question 8 of 14
8. Question
Reduce the size of the lv_vol logical volume to 100MB.
Hint
# umount /mnt
# lvreduce –size 100M -r /dev/vg/lv_vol
# mount /mnt -
Question 9 of 14
9. Question
Create users andrew, tom, and steven with home directories in /home and passwords “redhat“.
Make steven‘s account to expire on May 14, 2015.Hint
# useradd andrew; passwd andrew
# useradd tom; passwd tom
# useradd steven; passwd steven
# chage -E 2015-05-14 steven; chage -l steven -
Question 10 of 14
10. Question
Create a directory called project in /home.
Create two groups called admins and dbas with gid respectively 50001 and 50002.
Put andrew account into the admins group and steven account into the dbas group, each time as a secondary group.
Configure the project directory for group collaboration among members of the admins and dbas groups with no access for all other users.Hint
# mkdir /home/project
# groupadd -g 50001 admins; groupadd -g 50002 dbas
# usermod -aG admins andrew
# usermod -aG dbas steven
# setfacl -m g:admins:rwx /home/project
# setfacl -m g:dbas:rwx /home/project
# setfacl -m o:— /home/project -
Question 11 of 14
11. Question
Enable the cron access for root and steven users only.
Hint
# echo steven >/etc/cron.allow
-
Question 12 of 14
12. Question
Configure a cron job for the root user to search for files named core in the /usr directory and delete them on every sunday at 11:55pm system time.
Hint
# crontab -e
55 23 * * 0 /bin/find /usr -name core -exec /bin/rm {} \; -
Question 13 of 14
13. Question
Create a script called cmd in the /root directory that displays “Zero” if no parameter is given, “One” if only one and “Several” if more than one.
Hint
# cd /root
# vi cmd
!#/bin/bash
case $# in
0) echo “Zero”;;
1) echo “One”;;
*) echo “Several”;;
esac
# chmod u+x cmd -
Question 14 of 14
14. Question
Allow ssh access only from the 192.168.1.0/24 network.
Hint
# iptables -I INPUT ! -s 192.168.1.0/24 -m tcp -p tcp –dport 22 -j REJECT
# service iptables save
You are setting/adding SELINUX contexts to the new /www/html folder….
Couldn’t you have also used…
chcon -R –reference=/var/www/html /www/html
No, using the chcon command is not the best answer because changes could be removed after a reboot/relabel.
With the semanage command, changes are definitive.
Hi, first thank you for your work on this site. It is very helpful
On question 8, RHCSA sample 2, you suggest:
1. # cd /home/tom
2. # echo “/bin/echo Hello!” > cmd
3. # setfacl -m u:steven:r-x cmd;
4. # setfacl -m u:steven:–x ../tom
5. # setfacl -m u:tom:— cmd
6. # setfacl -m u:andrew:— cmd
Since i’m using CentOS 6.4, the home directories are being created with 700 default permissions.
For this reason, when another user try to access or execute a file inside tom’s directory, a “Permission denied” is received. Hence i think step 6 is useless.
Correct me if i’m wrong.
Best regards
I think you are right. But, as there is no assumption regarding the home directories default permissions, I wouldn’t call step 6 useless but optional 😉
I agree. I was only assuming that default installation of RHEL behaves in the same manner as CentOS.
Thanks for the clarification
An addition to meet the requirement “belonging to user and group root in tom‘s directory ”
chown tom:root cmd
Also we could alternatively use
chmod 070 /home/tom/cmd in place of step 5.
I don’t think you need to type ‘chown tom:root cmd‘. As you are root (assumed by the ‘#’ character), the file you create is owned by the root user and the root group.
Concerning the step 5, as the owner is root, your solution can’t be valid.
A little bit confuse here. Is it chattr -d /root/dontcopy or chattr +d /root/dontcopy
Thanks
If I take the man page regarding chattr, it says:
The operator “+” causes the selected attributes to be added to the
existing attributes of the files; “-” causes them to be removed; and
“=” causes them to be the only attributes that the files have.
Also, the “d” option stands for “no dump”. Consequently, as we don’t want the file to be dumped, the option should be “+d”.
You were right to be confuse, my answer was wrong. I’m correcting it right now.
For question 5, I am a little confused on size.
what did you mean by 180PE (is it physical extents?)
How is that size achieved with the command lvcreate –name lv_vol -l 180 vg?
man page for lvcreate says that the default for size is megabytes.
Yes, it is 180 Physical Extents. I have added this information for clarity.
Concerning the lvcreate command, the -l option only takes a number of physical extents as argument or a pourcentage if you append %VG, %PVS, %FREE, %ORIGIN.
First, a big thanks for the work put into this web page. It’s a great resource.
Question 9 in Quiz 2
The setfacl for access to Tom’s home dir for Steven; # setfacl -m u:steven:–x ../tom
shouldn’t the command include r (read) so the files can be listed?
# setfacl -m u:steven:r-x ../tom
Hi,
As you said, you could add the r(read) option so the files can be listed.
But as it’s not clearly specified, it is as you want.
Hi, I would like to thank you for this website and your hard work. I have passed the RHCSA recently. I do not want to lay out the questions here but I had hard time on finding the device for creating Volume group plus swap. I was clearly good at LVM and Swap creation, but could not locate the device. Do you think device block is hidden or did I need special skills to locate the device?
Hi, to get some information about the configuration, you could use the following commands:
– ‘fdisk -l’: to know the available partitions,
– ‘vgdisplay’/’vgs’: to get the list of volume groups and their free space,
– ‘lvdisplay’/’lvs’: to get the list of logical volumes.
Then, if no space was available, you had to create a new partition or decrease the size of an existing logical volume (with eventual reboot in single user mode if necessary).
This is not always an easy operation 😉
Yeah, I probably spend much of my time looking for it then got short on time. I was following the saying of do the easiest ones first, and partitions were easiest ones in my mind. decreasing did not come to my mind. I could do that, decrease the root / dir and make me enough of a space for 1G or so. fdisk -l did not give any extra option. Well yeah I should have done some trick like that decrease and create that LV. But I am glad I have passed, that is really great feeling to see the ‘PASS’. Thanks for your materials here, I will try to use as much of these here and other books included.
Likely a preference, but instead of a REJECT statement in the iptables rules, you could have simply specified a source subnet from which to accept SSH traffic on port 22
-A INPUT -s sourceCIDR -m tcp -p tcp –dport 22 -j ACCEPT
Yes, you are right.
When I saw that question, I thought about changing the commented ‘AddressFamily 0.0.0.0’ value on /etc/ssh/sshd_config with the required IP range. Do you guys reckon that it should do the trick, or does it have to be IPtables? Thanks.
‘AddressFamily 0.0.0.0’ doesn’t exist. AddressFamily only allows any, inet and inet6 values. This directive specifies which address family is used by ssh (see man sshd_config).
‘ListenAddress IPv4|IPv6’ specifies the local address, in fact the one assigned to the local network interface, sshd should listen on.
Sorry, but both directives can’t satisfy the requirement.
Hey man – I owe you some thanks. Just passed yesterday. The practice exams on this website have been tremendously helpful.
I’m very happy for you.
For question 5, if you need to find the location of the file, issue
rpm -ql (lower case L) vsftpd | grep TUNING
Your suggestion is very good. I’m adding it to the proposed solution.
Thanks.
Question 8: This command at line # 4 in the hint ” # cp -rp /var/www /www” seems to be incorrect.
This is because when you do this, it copies the www directory as well to the destination “/www” directory. So the dir structure ends up becoming “/www/www” at the destination end. IT should instead of
cp -rp /var/www/* /www
Yes, you are perfectly right. I made a mistake that I’m fixing thank to you.
Thank you.
I passed my RHCSA recently with a score of 283/300. I just wanted to thank you for the many resources that you have available on your site. They helped me out tremendously.
I’m glad for you.
# echo “Hello world!” >/www/html/index.html —that doesn’t work on my rhel-6 machine but > /var/www/html/index.html is working.
thanks
When you type echo “Hello world!”> /www/html/index.html, the ! character is used as a shell metacharacter.
If you replace ! with ., it works!
here you say
echo “Hello World!”> /www/html/index.html
but here var missing before /www/html … Is it working?
If you want to use /www/html instead of /var/www/html, you can do it!
QU-6
an easy way—
#yum install httpd -y
#yum install elinks -y
#cd /var/www/html
#vim index.html
“hello world”
#service httpd reload
#elinks http://localhost