RHCE

Description

Flashcards on RHCE, created by Alex Kaulfuss on 03/02/2016.
Alex Kaulfuss
Flashcards by Alex Kaulfuss, updated more than 1 year ago
Alex Kaulfuss
Created by Alex Kaulfuss over 8 years ago
8
1

Resource summary

Question Answer
deny access to ftp for all users outside of example.com /etc/access.deny "vsftpd: ALL EXCEPT .example.com - service vsftpd restart
restrict individual user from ftp access /etc/vsftpd/ftpusers - service vsftpd restart
allow anonymous ftp access /etc/vsftpd/vsftpd.conf anonymous_enable=YES #comment# local_enable=YES -service vsftpd restart - chcon -R -t public_content_t /var/ftp/pub
install ftp - yum install vsftpd - chkconfig vsftpd on
install SMTP mail -yum install postfix - chkconfig postfix on
configure SMTP mail /etc/postfix/main.cf myhostname = mail.example.com mydomain = example.com myorigin = $mydomain inet_interfaces = all mydestination = $mydomain, $myhostname, localhost.$mydomain, localhost mynetworks = 192.168.1.0/24, 127.0.0.0/8 - service postfix reload - setsebool -P allow_postfix_local_write_mail_spool on
packet filtering & NAT /etc/sysctl.conf net.ipv4.ip_forward = 1 - sysctl -p iptables -t nat -I POSTROUTING -o eth0 -s 192.168.2.0/24 -j MASQUERADE - service iptables save
set default route /etc/sysconfig/network-scripts/ifcfg-eth0 GATEWAY=192.168.1.1 (dest.) -service network restart - route -n
add static route /etc/sysconfig/network-scripts/route-eth0 ADDRESS0=192.168.0.0 (to) NETMASK0=255.255.255.0 GATEWAY0=192.168.2.1 (via) - service network restart - route -n
deny access to SSH /etc/hosts.deny "sshd: host.org" - service sshd restart
install SSH - yum install openssh (openssh-server?) - chkconfig sshd on
enable ip forwarding /etc/sysctl.conf net.ipv4.ip_forward = 1 - sysctl -p
set SELINUX to enforcing /etc/sysconfig/selinux =ENFORCING - reboot - iptables -F - service iptables save
configure SSH server /etc/ssh/sshd_config
secure file with gpg -gpg2 --gen-key -gpg2 --export [name] > gpg.pub -scp gpg.pub [location] --------------------------------------------------- -gpg2 --import gpg.pub -gpg2 --out [file] --recipient [name] --encrypt [file] -scp [outfile] [location] ------------------------------------------------------ -gpg2 --out [file] --decrypt [file]
configure a caching-only name server -yum install -y bind /etc/named.conf listen-on port 53 { any; }; allow-query { any; }; dnssec-validation no; iptables -I INPUT -m state --state NEW -m tcp -p tcp --dport 53 -j ACCEPT iptables -I INPUT -m state --state NEW -m udp -p udp --dport 53 -j ACCEPT
configure a caching-only name server to forward DNS queries -yum install -y bind /etc/named.conf listen-on port 53 { any; }; allow-query { any; }; dnssec-validation no; (below the ‘recursion‘ option, add:) forward only; forwarders { 192.168.1.1; }; iptables -I INPUT -m state --state NEW -m tcp -p tcp --dport 53 -j ACCEPT iptables -I INPUT -m state --state NEW -m udp -p udp --dport 53 -j ACCEPT
deploy a basic CGI application -yum groupinstall -y "Web server" /var/www/cgi-bin/hello.pl #!/usr/bin/perl print "Content-type: text/html\n\n"; print "Hello, World!"; -chmod 755 /var/www/cgi-bin/hello.pl -iptables -I INPUT -p tcp -m state --state NEW -m tcp —dport 80 -j ACCEPT
configure a system as an iSCSI initiator that persistently mounts an iSCSI target -yum install -y iscsi-initiator-utils -iscsiadm -m discoverydb -t st -p [targetserver] -D -grep "Attached SCSI" /var/log/messages -mkfs.ext4 /dev/sda -blkid | grep "/dev/sda" -echo "UUID=..." >> /etc/fstab /etc/fstab UUID=... /mnt ext4 _netdev 0 0
SSH: Configure key-based authentication. -ssh-keygen (-b 2048 -t rsa) -ssh-copy-id -i .ssh/id_rsa.pub user01@server2.example.com /etc/ssh/sshd_config (on 2nd machine) PasswordAuthentication no PubkeyAuthentication yes
Synchronize time using other NTP peers -yum install -y ntpd /etc/ntp.conf comment default server lines add my own
Configure a system to accept logging from a remote system (server) -yum install rsyslog /etc/rsyslog.conf uncomment: #$ModLoad imtcp AND #$InputTCPServerRun 514 -service rsyslog restart -iptables -I INPUT -m state --state NEW -m tcp -p tcp --dport 514 -j ACCEPT
Configure a system to log to a remote system (client) /etc/rsyslog.conf uncomment 7 lines change "remote-host" to name of syslog server
user can't schedule cron job /etc/cron.deny
permanently mount iso in /root to /mnt/data -mkdir /mnt/data /etc/fstab /root/boot.iso /mnt/data iso9660 ro,sync,auto 0 0
pass argument to kernel /etc/grub.conf
Use /proc/sys and sysctl to modify and set kernel runtime parameters. etc/sysctl.conf net.ipv4.ip_forward = 1 # allow IPv4 forwarding net.ipv4.icmp_echo_ignore_all = 1 # don't respond to a ping net.ipv4.icmp_echo_ignore_broadcasts = 1 # don't respond to a ping to the broadcast address
alias /etc/aliases alias: real person -newaliases
NFS: Provide network shares to specific clients (server side) -yum groupinstall -y "NFS file server" -iptables (udp111, tcp111, tcp2049) -chkconfig & service start for rpcbind, nfs, & nfslock /etc/exports dir name-OR-IP(rw,no_root_squash) -exportfs -avr
NFS: Provide network shares to specific clients (client side) -yum install -y nfs-utils -mount -t nfs server:/home/tools /mnt
HTTP: Configure a virtual host -yum groupinstall "Web Server" /etc/httpd/conf/httpd.conf uncomment NameVirt... & virt stanza
create Samba password -smbpasswd -a [user] or -echo "password" | --stdin smbpasswd -a [user]
install Samba -yum groupinstall -y "CIFS file server" chkconfig & service start for smb, nmb, and winbind
SMB: Provide network shares to specific clients. /etc/samba/smb.conf 9 things & directory block -mkdir /shared -chcon -t samba_share_t /shared iptables (udp137 & 138 tcp139 & 445)
KERBEROS: Configure a system to authenticate using Kerberos. -yum install -y krb5-workstation pam_krb5 maybe use GUI
Show full summary Hide full summary

Similar

Diffusion and osmosis
eimearkelly3
Art Movements
Julia Lee
10 Mind Mapping Strategies for Teachers
Andrea Leyden
Chemistry Quiz General -3
lauren_johncock
Resumo global da matéria de Biologia e Geologia (10.º e 11.º anos)
miminoma
History- Home Front WW1
jessmitchell
Basic Spanish Vocabulary
Alice McClean
Frankenstein by Mary Shelley
nina.stuer14
GCSE AQA Chemistry Atomic Structure and Bonding
mustafizk
Biology (B2)
Sian Griffiths
General Physiology of the Nervous System Physiology PMU 2nd Year
Med Student