12 03 2014

Question 11
Create a Shell script /root/program:
— The shell script will come back to “user” parameter when you are entering“kernel” parameter.
— The shell script will come back to “kernel” when you are entering “user” parameter.
— It will output the standard error when this script“usage:/root/program kernel|user” don’t input any parameter or the parameter you inputted is entered as the requirements.

Answer:
[root@server1 virtual]# cat /root/program
#!/bin/bash
param1=”$1″
if [ “$param1” == “kernel” ]; then
echo “user”
elif [ “$param1” == “user” ]; then
echo “kernel”
else
echo “usage:/root/program kernel|user”
fi
[root@server1 ~]# chmod +x /root/program

Question 12
Given the kernel of a permanent kernel parameters: sysctl=1.
It can be shown on cmdline after restarting the system.
Kernel of /boot/grub/grub.conf should be added finally, as:

Answer:
Kernel of /boot/grub/grub.conf should be added finally, as:

kernel /vmlinuz-2.6.32-279.1.1.el6.x86_64 ro
root=/dev/mapper/vgsrv-root
rd_LVM_LV=vgsrv/root rd_NO_LUKS LANG=en_US.UTF-8 rd_LVM_LV=vgsrv/swap rd_NO_MD
SYSFONT=latarcyrheb-sun16 crashkernel=auto KEYBOARDTYPE=pc KEYTABLE=us rd_NO_DM rhgb quiet
rhgb quiet sysctl=1

Question 13
Forbidden the Mary user configuration tasks in your system.

Answer:
Modify the /etc/cron.deny, add:

[root@server1 ~]# cat /etc/cron.deny
mary

Conclusions:
1. I find that it is common to add various service access limits in the exam RHCE. The exercises like: require one network segment can be accessed another network segments can not be accessed,the following are some conclusions for various service:
tcp_wrappers:/etc/hosts.allow,/etc/hosts.deny
tcp_wrappers can filter the TCP’s accessing service. TCP whether has the filtering function which depends on this service whether use the function library of tcp_wrappers, or this service whether has the xinetd process of starting function of tcp_wrappers.
tcp_wrappers’s main configuration file is /etc/hosts.allow,/etc/hosts.deny.
And the priority of the documents in hosts.allow is higher than hosts.deny. Visit will be passed if no match was found.
sshd,vsftpd can use the filtering service of tcp_wrappers.
Configuration example:
sshd:.example.com 192.168.0. 192.168.0.0/255.255.255.0 150.203. EXCEPT 150.203.6.66
Notice:
The two configuration files’ syntax can refer to hosts_access(5) and  hosts_options(5)
sshd_config
There are four parameters in this configuration file: DenyUsers, AllowUsers, DenyGroups, AllowGroups, they are used to limit some users or user groups to proceed Remote Login through the SSH. These parameters’ priority level is DenyUsers->AllowUsers->DenyGroups->AllowGroups
Configuration example:
AllowUsers tim [email protected] kim@*.example.com
httpd Service
Through the /etc/httpd/conf/httpd.conf in parameters, can add <Directory> to control the url access. Just as:
<VirtualHost *:80>
DocumentRoot /var/http/virtual
ServerName www1.example.com
<Directory /var/http/virtual/limited>
Options Indexes MultiViews FollowSymlinks
order deny,allow
deny from all
allow from 192.168.0.
</Directory>
</VirtualHost>
Notice:
So pay attention, deny’s and allow’s priority level in order deny,allow is: the backer has the higher priority level. But here, allow’s priority has a higher priority level.

nfs Service
nfs service directly control the visits through file /etc/exports, just as:
/common *.example.com(rw,sync) 192.168.0.0/24(ro,sync)

samba Service
Parameter hosts allow in /etc/samba/smb.conf which is used as Access Control,just as:
hosts allow = 192.168.0. 192.168.1.0/255.255.255.0 .example.com
2. Paying attention to use Mount parameters: _netdev,defaults when you are mounting ISCSI disk.
3. Stop the NetworkManager
/etc/init.d/NetworkManager stop
chkconfig NetworkManager off
4. When you are deploying ifcfg-ethX, add parameters:
PEERDNS=no
5. Empty the firewall in RHCSA、RHCE:
iptables -F
iptables -X
iptables -Z
/etc/init.d/iptables save
6. Narrow lv steps:
1.umount /dev/mapper/lv
2.e2fsck -f /dev/mapper/lv
3.resize2fs /dev/mapper/lv 100M
4.lvreduce -L 50M /dev/mapper/lv
5.mount -a
7. Mount the using command – swap which is newly added in /etc/fstab
8. If Verification is not passed when you are installing software, can import public key: rpm -import /etc/pki/rpm…/…release and so on. In yum.repo, you also can deploy gpgkey, for example, gpgkey=/etc/pki/rpm…/…release
9. When you are using “Find” command to search and keep these files, paying attention to use cp -a to copy files if you use user name and authority as your searching methods.

Part 2
Question 14
Please set the selinux status as enforcing.

Answer:
  # getenforce 1
  # vim /etc/sysconfig/selinux
       SELINUX=enforcing
 

Question 15
Please open the ip_forward, and take effect permanently.

Answer:
   # vim /etc/sysctl.conf
      net.ipv4.ip_forward = 1
# sysctl -w   (takes effect immediately)

If no “sysctl.conf” option, use these commands:

# sysctl -a |grep net.ipv4
# sysctl -P net.ipv4.ip_forward = 1
# sysctl –w

If you want to pass the Red Hat RHCE EX300 exam sucessfully, recommend to read latest Red Hat RHCE EX300 Dumps full version.

EX300 Download, EX300 Dumps, EX300 Exam Questions, EX300 PDF, EX300 Practice Exams, EX300 Practice Tests, EX300 VCE, Free EX300, Pass4sure EX300, Red Hat RHCE EX300

Free Download Latest 2014 Pass4sure&Lead2pass Red Hat RHCE EX300 Exam Questions (6-10) Free Download Latest 2014 Pass4sure&Lead2pass Red Hat RHCE EX300 Exam Questions (16-20)