RHCE题目以及答案1

 

考试说明

 

yum服务器的位置：ftp://192.168.0.254/pub/rhel6/dvd

 

gpgkey的位置/etc/pki/rpm-gpg/RPM-GPG-KEY-RedHat-release

 

DNS:192.168.0.254

 

网关：192.168.0.254

 

ipaddr:192.168.0.x

 

 

虚拟机主机名：serverX.example.com

 

iscsi 服务器: instructor.example.com

 

rhce测试题

 

1 yum的配置

 

[root@desktop88 ~]# vi /etc/yum.repos.d/yum.repo

 

[Server]

 

name=local server

 

baseurl=ftp://192.168.0.254/pub/rhel6/dvd/Server

 

gpgcheck=1

 

 

gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-RedHat-release

 

2 网络的配置

 

[root@desktop88 ~]# vi /etc/sysconfig/network-scripts/ifcfg-eth0 #ip的配置

 

DEVICE="eth0"

 

BOOTPROTO="none"

 

ONBOOT="yes"

 

IPADDR=192.168.0.88

 

NETMASK=255.255.255.0

 

GATEWAY=192.168.0.253

 

[root@desktop88 ~]# vi /etc/resolv.conf #dns的配置

 

nameserver 192.168.0.254

 

[root@desktop88 ~]# vi /etc/sysconfig/network #主机明的配置

 

NETWORKING=yes

 

HOSTNAME=server88.example.com

 

[root@desktop88 ~]# vi /etc/hosts #主机的本地解析

 

192.168.0.88     server88.example.com

 

[root@desktop88 ~]# /etc/init.d/NetworkManager stop 关闭网络自定配置服务

 

[root@desktop88 ~]# chkconfig NetworkManager off

 

 

 

 

 

1.       SELinux 设置为开机自动 enforcing

[root@desktop88 ~]# vi /etc/sysconfig/selinux

 

SELINUX=enforcing

 

 

2.       启用内核IP转发

[root@desktop88 ~]# vi /etc/sysctl.conf

 

net.ipv4.ip_forward = 1

 

[root@desktop88 ~]# sysctl -p

 

 

 

3. 禁用student用户使用crontab

         [root@desktop88 ~]# vi /etc/cron.deny

 

student

 

4. ftp服务器仅允许example.com域用户匿名登录

         [root@desktop88 ~]# iptables -A INPUT ! -s 192.168.0.0/24 -p tcp --dport 21 -j REJECT

 

 

5. mail服务器可以接收本机和远程邮件,student用户可以从远程接收邮件,邮件存放到指定目录/var/spool/mail/username

         [root@desktop88 ~]# chkconfig postfix on

 

[root@desktop88 ~]# postconf -d | grep inet

 

[root@desktop88 ~]# postconf -e inet_interfaces=all

 

[root@desktop88 ~]# /etc/init.d/postfix restart

 

[root@desktop88 ~]# yum install dovecot -y

 

[root@desktop88 ~]# chkconfig dovecot on

 

[root@desktop88 ~]# su - student

 

[student@desktop88 ~]$ mkdir -p mail/.imap/INBOX

 

[root@desktop88 ~]# /etc/init.d/dovecot start

 

 

 

6. 配置mail别名，使发送给admin的邮件发给student

         [root@desktop88 ~]# vi /etc/aliases

 

admin:           student

 

[root@desktop88 ~]# newaliases

 

 

7. 配置apache服务器，下载页面：ftp://instructor.example.com/pub/materials/station.html 到 /var/www/html 作为首页，可以访问 http://serverX.example.com

         [root@desktop88 ~]# vi /etc/httpd/conf/httpd.conf

 

NameVirtualHost *:80

 

<VirtualHost *:80>

 

    DocumentRoot /var/www/html

 

    ServerName server88.example.com

 

    ErrorLog logs/server88.example.com-error_log

 

    CustomLog logs/server88.example.com-access_log common

 

</VirtualHost>

 

<VirtualHost *:80>

 

    DocumentRoot /www/virtual

 

    ServerName www88.example.com

 

    ErrorLog logs/www88.example.com-error_log

 

    CustomLog logs/www88.example.com-access_log common

 

</VirtualHost>

 

 

8. 建立apache虚拟主机，下载页面：ftp://instructor.example.com/pub/materials/www.html 到 /www/virtual 作为首页，可以访问http://wwwX.example.com

 

# chkconfig httpd on

# vi /etc/httpd/conf/httpd.conf 

  NameVirtualHost *:80

  <VirtualHost *:80>

      DocumentRoot /var/www/html

      ServerName server7.example.com

      ErrorLog logs/server7.example.com-error_log

      CustomLog logs/server7.example.com-access_log common

  </VirtualHost>

  <VirtualHost *:80>

      DocumentRoot /www/virtual

      ServerName www7.example.com

      ErrorLog logs/www7.example.com-error_log

      CustomLog logs/www7.example.com-access_log common

  </VirtualHost>

# mkdir -p /www/virtual

# chcon -R --reference=/var/www/html /www/ 

# 在/var/www/html，/www/virtual分别下载所需页面，并改名为index.html

# vi /etc/hosts

  192.168.0.7    www7.example.com

  192.168.0.7    server7.example.com 

9. 在/var/www/html 建一个 secret 目录,并启用身份验证，仅允许本地用户访问

         [root@desktop88 html]# cd /www/virtual/

 

[root@desktop88 virtual]# mkdir secret

 

[root@desktop88 secret]# vi index.html

 

[root@desktop88 ~]# htpasswd -cm /etc/httpd/.htpasswd lee

 

[root@desktop88 ~]# vi /etc/httpd/conf/httpd.conf

 

<VirtualHost *:80>

 

    DocumentRoot /www/virtual

 

    ServerName www88.example.com

 

    ErrorLog logs/www88.example.com-error_log

 

    CustomLog logs/www88.example.com-access_log common

 

        <Directory /www/virtual/secret>

 

                authuserfile    /etc/httpd/.htpasswd

 

                authname        "please input your username and passwd"

 

                authtype        basic

 

                require         valid-user

 

        </Directory>

 

</VirtualHost>

 

 

10. 下载文件ftp://instructor.example.com/materials/words,查找hr字符串行,并按顺序复制到/root/lines.txt

         [root@desktop88 ~]# lftp 192.168.0.254

 

lftp 192.168.0.254:~> cd pub/materials/

 

lftp 192.168.0.254:/pub/materials> get words

 

[root@desktop88 ~]# grep hr words >/root/lines.txt

 

 

 

11. 挂载 ISO 镜像文件到/mnt/img,启动时自动挂载 ftp://instructor.example.com/pub/materials/boot.iso

         [root@desktop88 ~]# lftp 192.168.0.254

 

lftp 192.168.0.254:/pub/materials> get boot.iso

 

[root@desktop88 ~]# mkdir /mnt/img

 

[root@desktop88 ~]# vi /etc/fstab

 

 

/root/boot.iso           /mnt/img                iso9660 loop    0 0

 

 

12. 编写一个脚本 test.sh,当执行命令“sh test.sh cat”执行脚本时,输出 dog

 

    执行”sh test.sh dog”执行脚本时 输出 cat

 

    执行“sh test.sh 空格或其他字符“执行脚本时,屏幕输出错误写符串。

         case "$1" in

 

 cat)

 

        echo dog

 

        ;;

 

 dog)

 

        echo cat

 

        ;;

 

 *)

 

        echo $"Usage: $0 {cat|dog}"

 

        exit 1

 

esac

 

 

13. 开机后查看/proc/cmdline，其中包含max_loop=16

         [root@desktop88 ~]# vi /boot/grub/grub.conf

 

kernel /vmlinuz-2.6.32-71.el6.x86_64 ro root=UUID=429db105-222a-45ef-9dd3-608cca463546 rd_NO_LUKS rd_NO_LVM rd_NO_MD rd_NO_DM LANG=en_US.UTF-8 SYSFONT=latarcyrheb-sun16 KEYBOARDTYPE=pc KEYTABLE=us crashkernel=auto max_loop=16 rhgb quiet

 

 

14. 禁止只允许 192.168.0.0/24 网段用户访问 ssh 服务

         [root@desktop88 ~]# iptables -A INPUT ! -s 192.168.0.0/24 -p tcp --dport 22 -j REJECT

 

 

15. 配置iscsi 目标：iqn.2010-09.com.example:rdisks.serverX, 永久挂载到/mnt/data,下载文件到/mnt/data 权限为0644，ftp://instructor.example.com/materials/iscsi.txt

         [root@desktop88 ~]# yum install iscsi-initiator-utils ­-y

 

[root@server88 date]# chkconfig iscsi on

 

[root@desktop88 ~]# iscsiadm -m discovery -t st -p instructor.example.com

 

[root@server88 ~]# iscsiadm -m discovery -t st -p 192.168.0.254

 

[root@server88 ~]# iscsiadm -m node -T iqn.2010-09.com.example:rdisks.server11 -p 192.168.0.254 -l

 

[root@server88 ~]# fdisk /dev/sda

 

[root@server88 ~]# partx -a /dev/sda

 

[root@server88 ~]# mkfs.ext4 /dev/sda1

 

[root@server88 ~]# mkdir /mnt/date

 

[root@server88 ~]# chmod 0644 /mnt/date/

 

[root@server88 ~]# vi /etc/fstab

 

/dev/sda1                /mnt/date               ext4    defaults        0 0

 

[root@server88 date]# mount -a

 

 

16. nfs共享/common, 仅允许当前example.com域用户访问

         [root@desktop88 ~]# yum install nfs-utils -y

 

[root@desktop88 ~]# chkconfig rpcbind on

 

[root@desktop88 ~]# chkconfig nfs on

 

[root@desktop88 ~]# mkdir /common/

 

/common 192.168.0.0/24(sync)

 

 

17. Samba 共享/common,工作组名 STAFF,要求 browseable=yes ,harry用户可以读取密码为harry按照考试说明配置系统

         [root@desktop88 ~]# yum install samba samba-common samba-client -y

 

[root@desktop88 ~]# chkconfig smb on

 

[root@desktop88 ~]# vi /etc/samba/smb.conf

 

        workgroup = STAFF

 

[common]

 

        comment = local common

 

        path = /common

 

        browseable = yes

 

[root@desktop88 ~]# smbpasswd -a harry

 

[root@desktop88 ~]# chcon -t samba_share_t /common/

 

[root@desktop88 ~]# /etc/init.d/smb restart