Linux Microsoft VMware

Friday, August 24, 2012

RHCSA & RHCE Exam


RHCSA Exam

The RHCSA (RedHat Certified System Administrator) exam is a hands-on, practical exam that lasts 2.5 hours. The exam is performance-based, meaning that candidates must perform tasks on a live system, rather than answering multiple choice questions.
Exam Objectives
RHCSA exam candidates should be able to accomplish the tasks below without assistance. These have been grouped into several categories.
Understand and Use Essential Tools
  • Access a shell prompt and issue commands with correct syntax
  • Use input-output redirection (>, >>, |, 2>, etc.)
  • Use grep and regular expressions to analyze text
  • Access remote systems using ssh and VNC
  • Log in and switch users in multi-user runlevels
  • Archive, compress, unpack and uncompress files using tar, star, gzip, and bzip2
  • Create and edit text files
  • Create, delete, copy and move files and directories
  • Create hard and soft links
  • List, set and change standard ugo/rwx permissions
  • Locate, read and use system documentation including man, info, and files in /usr/share/doc .
    [Note: Red Hat may use applications during the exam that are not included in Red Hat Enterprise Linux for the purpose of evaluating candidate's abilities to meet this objective.]
Operate Running Systems
  • Boot, reboot, and shut down a system normally
  • Boot systems into different runlevels manually
  • Use single-user mode to gain access to a system
  • Identify CPU/memory intensive processes, adjust process priority with renice, and kill processes
  • Locate and interpret system log files
  • Access a virtual machine’s console
  • Start and stop virtual machines
  • Start, stop and check the status of network services
Configure Local Storage
  • List, create, delete and set partition type for primary, extended, and logical partitions
  • Create and remove physical volumes, assign physical volumes to volume groups, create and delete logical volumes
  • Create and configure LUKS-encrypted partitions and logical volumes to prompt for password and mount a decrypted file system at boot
  • Configure systems to mount file systems at boot by Universally Unique ID (UUID) or label
  • Add new partitions, logical volumes and swap to a system non-destructively
Create and Configure File Systems
  • Create, mount, unmount and use ext2, ext3 and ext4 file systems
  • Mount, unmount and use LUKS-encrypted file systems
  • Mount and unmount CIFS and NFS network file systems
  • Configure systems to mount ext4, LUKS-encrypted and network file systems automatically
  • Extend existing unencrypted ext4-formatted logical volumes
  • Create and configure set-GID directories for collaboration
  • Create and manage Access Control Lists (ACLs)
  • Diagnose and correct file permission problems
Deploy, Configure and Maintain Systems
  • Configure networking and hostname resolution statically or dynamically
  • Schedule tasks using cron
  • Configure systems to boot into a specific runlevel automatically
  • Install Red Hat Enterprise Linux automatically using Kickstart
  • Configure a physical machine to host virtual guests
  • Install Red Hat Enterprise Linux systems as virtual guests
  • Configure systems to launch virtual machines at boot
  • Configure network services to start automatically at boot
  • Configure a system to run a default configuration HTTP server
  • Configure a system to run a default configuration FTP server
  • Install and update software packages from Red Hat Network, a remote repository, or from the local filesystem
  • Update the kernel package appropriately to ensure a bootable system
  • Modify the system bootloader
  • Configure a system to run a default configuration NTP server and synchronize time using other NTP peers
Manage Users and Groups
  • Create, delete, and modify local user accounts
  • Change passwords and adjust password aging for local user accounts
  • Create, delete and modify local groups and group memberships
  • Configure a system to use an existing LDAP directory service for user and group information
Manage Security
  • Configure firewall settings using system-config-firewall or iptables
  • Set enforcing and permissive modes for SELinux
  • List and identify SELinux file and process context
  • Restore default file contexts
  • Use boolean settings to modify system SELinux settings
  • Diagnose and address routine SELinux policy violations
References:
https://www.redhat.com/courses/ex200_rhcsa_exam/
https://www.redhat.com/certification/rhcsa/objectives/

RHCE Exam

The RHCE (RedHat Certified Engineer) exam is a hands-on, practical exam that lasts 2.0 hours. Candidates are eligible to take the RHCE exam without first having passed the RHCSA exam, but RHCE will not be issued until both credentials are earned by a candidate.
Objectives:
RHCE exam candidates should consult the RHCSA Exam Objectives document and be capable of RHCSA-level tasks, as some of these skills may be required in order to meet RHCE exam objectives. Red Hat reserves the right to add, modify and remove objectives. Such changes will be made public in advance through revisions to this document.
RHCE exam candidates should be able to accomplish the following without assistance. These have been grouped into several categories.
System Configuration and Management
  • Route IP traffic and create static routes
  • Use iptables to implement packet filtering and configure network address translation (NAT)
  • Use /proc/sys and sysctl to modify and set kernel run-time parameters
  • Configure system to authenticate using Kerberos
  • Configure a system as an iSCSI initiator that persistently mounts an iSCSI target
  • Produce and deliver reports on system utilization (processor, memory, disk, and network)
  • Use shell scripting to automate system maintenance tasks
  • Configure a system to log to a remote system
  • Configure a system to accept logging from a remote system
Network Services
Network services are an important subset of the exam objectives. RHCE candidates should be capable of meeting the following objectives for each of the network services listed below:
  • Install the packages needed to provide the service
  • Configure SELinux to support the service
  • Configure the service to start when the system is booted
  • Configure the service for basic operation
  • Configure host-based and user-based security for the service
RHCE candidates should also be capable of meeting the following objectives associated with specific services:
HTTP/HTTPS
  • Configure a virtual host
  • Configure private directories
  • Deploy a basic CGI application
  • Configure group-managed content
DNS
  • Configure a caching-only name server
  • Configure a caching-only name server to forward DNS queries
  • Note: Candidates are not expected to configure master or slave name servers
FTP
  • Configure anonymous-only download
NFS
  • Provide network shares to specific clients
  • Provide network shares suitable for group collaboration
SMB
  • Provide network shares to specific clients
  • Provide network shares suitable for group collaboration
SMTP
  • Configure a mail transfer agent (MTA) to accept inbound email from other systems
  • Configure an MTA to forward (relay) email through a smart host
SSH
  • Configure key-based authentication
  • Configure additional options described in documentation
References:
https://www.redhat.com/courses/ex300_red_hat_certified_engineer_exam/
https://www.redhat.com/certification/rhce/objectives/

Posted by 0 comments
Read More

Details About Red Hat YUM


Yum is the Red Hat package manager that is able to query for information about available packages, fetch packages from repositories, install and uninstall them, and update an entire system to the latest available version. Yum performs automatic dependency resolution on packages you are updating, installing, or removing, and thus is able to automatically determine, fetch, and install all available dependent packages.
Yum can be configured with new, additional repositories, or package sources, and also provides many plug-ins which enhance and extend its capabilities. Yum is able to perform many of the same tasks thatRPM can; additionally, many of the command line options are similar. Yum enables easy and simple package management on a single machine or on groups of them.
Yum also enables you to easily set up your own repositories of RPM packages for download and installation on other machines.
Checking For Updates
To see which installed packages on your system have updates available, use the following command:
yum check-update

Updating Packages

You can choose to update a single package, multiple packages, or all packages at once. If any dependencies of the package (or packages) you update have updates available themselves, then they are updated too.

Updating a Single Package

To update a single package, run the following command as root:
yum update package_name

Updating All Packages and Their Dependencies

To update all packages and their dependencies, simply enter yum update (without any arguments):
yum update
Searching Packages
You can search all RPM package names, descriptions and summaries by using the following command:
yum search term
 Listing Packages
yum list and related commands provide information about packages, package groups, and repositories.
All of Yum's list commands allow you to filter the results by appending one or more glob expressions as arguments. Glob expressions are normal strings of characters which contain one or more of the wildcard characters * (which expands to match any character multiple times) and ? (which expands to match any one character).
yum list glob_expression
yum list all
Lists all installed and available packages.
yum list installed
Lists all packages installed on your system. The rightmost column in the output lists the repository from which the package was retrieved.
yum grouplist
Lists all package groups.
yum repolist
Lists the repository ID, name, and number of packages it provides for each enabled repository.


Displaying Package Information

To display information about one or more packages (glob expressions are valid here as well), use the following command:
yum info package_name

Installing Packages

Yum allows you to install both a single package and multiple packages, as well as a package group of your choice.

Installing Individual Packages

To install a single package and all of its non-installed dependencies, enter a command in the following form:
yum install package_name
You can also install multiple packages simultaneously by appending their names as arguments:
yum install package_name package_name

Installing a Package Group

A package group is similar to a package: it is not useful by itself, but installing one pulls a group of dependent packages that serve a common purpose. A package group has a name and a groupid. The yum grouplist -v command lists the names of all package groups, and, next to each of them, their groupid in parentheses. The groupid is always the term in the last pair of parentheses, such as kde-desktopin the following example:
~]# yum -v grouplist kde\*
You can install a package group by passing its full group name (without the groupid part) to groupinstall:
yum groupinstall group_name
You can also install by groupid:
yum groupinstall groupid
You can even pass the groupid (or quoted name) to the install command if you prepend it with an @-symbol (which tells yum that you want to perform a groupinstall):
yum install @group
For example, the following are alternative but equivalent ways of installing the KDE Desktop group:
~]# yum groupinstall "KDE Desktop"
~]# yum groupinstall kde-desktop
~]# yum install @kde-desktop

Removing Packages

Similarly to package installation, Yum allows you to uninstall (remove in RPM and Yum terminology) both individual packages and a package group.

Removing Individual Packages

To uninstall a particular package, as well as any packages that depend on it, run the following command as root:
yum remove package_name
As when you install multiple packages, you can remove several at once by adding more package names to the command. For example, to remove totem, rhythmbox, and sound-juicer, type the following at a shell prompt:
~]# yum remove totem rhythmbox sound-juicer

Similar to install, remove can take these arguments:
  •            package names
  •           glob expressions
  •           file lists
  •           package provides

Setting [repository] Options
The [repository] sections, where repository is a unique repository ID such as my_personal_repo (spaces are not permitted), allow you to define individual Yum repositories.
The following is a bare-minimum example of the form a [repository] section takes:
[repository]
name=repository_name
baseurl=repository_url
Every [repository] section must contain the following directives:
name=repository_name
…where repository_name is a human-readable string describing the repository.
baseurl=repository_url
…where repository_url is a URL to the directory where the repodata directory of a repository is located:
o  If the repository is available over HTTP, use: http://path/to/repo
o  If the repository is available over FTP, use: ftp://path/to/repo
o  If the repository is local to the machine, use: file:///path/to/local/repo
o  If a specific online repository requires basic HTTP authentication, you can specify your username and password by prepending it to the URL as username:password@link. For example, if a repository on http://www.example.com/repo/ requires a username of “user” and a password of “password”, then the baseurl link could be specified ashttp://user:password@www.example.com/repo/.
Usually this URL is an HTTP link, such as:
baseurl=http://path/to/repo/releases/$releasever/server/$basearch/os/
Note that Yum always expands the $releasever, $arch, and $basearch variables in URLs. For more information about Yum variables,
Another useful [repository] directive is the following:
enabled=value
…where value is one of:
0 — Do not include this repository as a package source when performing updates and installs. This is an easy way of quickly turning repositories on and off, which is useful when you desire a single package from a repository that you do not want to enable for updates or installs.
1 — Include this repository as a package source.
Turning repositories on and off can also be performed by passing either the --enablerepo=repo_name or --disablerepo=repo_name option to yum, or through the Add/Remove Softwarewindow of the PackageKit utility.
Yum provides secure package management by enabling GPG (Gnu Privacy Guard; also known as GnuPG) signature verification on GPG-signed packages to be turned on for all package repositories (i.e. package sources), or for individual repositories. When signature verification is enabled, Yum will refuse to install any packages not GPG-signed with the correct key for that repository. This means that you can trust that the RPM packages you download and install on your system are from a trusted source, such as Red Hat, and were not modified during transfer.
Posted by 0 comments
Read More

DHCP Process


The Dynamic Host Configuration Protocol (DHCP) is a network protocol that is used to configure network devices so that they can communicate on an IP network. A DHCP client uses the DHCP protocol to acquire configuration information, such as an IP address, a default route and one or more DNS server addresses from a DHCP server. The DHCP client then uses this information to configure its host. Once the configuration process is complete, the host is able to communicate on the internet.
The DHCP server maintains a database of available IP addresses and configuration information. When it receives a request from a client, the DHCP server determines the network to which the DHCP client is connected, and then allocates an IP address or prefix that is appropriate for the client, and sends configuration information appropriate for that client.
Because the DHCP protocol must work correctly even before DHCP clients have been configured, the DHCP server and DHCP client must be connected to the same network link. In larger networks, this is not practical. On such networks, each network link contains one or more DHCP relay agents. These DHCP relay agents receive messages from DHCP clients and forward them to DHCP servers. DHCP servers send responses back to the relay agent, and the relay agent then sends these responses to the DHCP client on the local network link.

Now, How DHCP Works in an Ethernet/IP LAN environment and assumes the client is obtaining a fresh lease without foreknowledge of the DHCP server's IP address. Note that this is highly simplified.

  1. A client boots and initializes its network hardware
  2. The client sends out a DHCPDISCOVER message formatted as follows:
    1. The source MAC is the client's MAC
    2. The destination MAC is all 1's indicating a hardware-layer broadcast (FFFFFF-FFFFFF)
    3. The message type is set to DHCPDISCOVER
  3. The server hears the DHCPDISCOVER request and responds
    1. The source MAC is the server's MAC
    2. The destination MAC is the client's MAC
    3. The message type is DHCPOFFER containing:
      1. Server-provided  IP  address from pool of free addresses (the server should but is not required to check for address conflicts before offering the  IP  address).
      2. List of DHCP configuration parameters
    4. Client responds with DHCPREQUEST message and does one or more of the following:
      1. requests values for the server-offered parameters from a single server (rejecting all offers from other servers)
      2. confirm the correctness of the previously allocated  IP  address (after the client had rebooted or lost connection to the network)
      3. Requests extension of the lease on the specific address already supplied.
    5. The server responds with
      1. a DHCPACKnowledge to confirm the server-offered options and  IP  previously confirmed by the client -
        - or-
      2. DHCPNOACKnowledge to reject the server-offered options.
        - or -
      3. DHCPDECLINE message to indicate to the server the address is in use.
    6. The client retains the information throughout the period of its lease.
    7. The client sends a DHCPRELEASE message to release its IP address at the DHCP server when it is leaving the network.
DHCP Process

Posted by 0 comments
Read More

Thursday, August 16, 2012

DNS / BIND Server Configuration in RHEL 6 / CENTOS 6


What is DNS?
DNS is called as Domain name system. DNS is name resolution service which resolves human friendly name (such as Example Web Page) into IP address (192.168.0.10) DNS is a hierarchical distributed database that contains resolving of domain name into IP address.

Why DNS?
Because people and applications try to connect the network computer by specifying name. DNS has superior scalability, security and compatibility with internet.
Different types of DNS servers are:-

1. Primary DNS server
A primary DNS server is created when a primary zone is added. It is a DNS server which holds primary zones for a particular domain. Primary DNS server acts as the zone’s central point of update. Newly created zones are always this type.

2. Secondary DNS server
It is a DNS server hosting a secondary zone is called as secondary DNS server. That can be any number of secondary servers for a primary. If primary server is down then a secondary server provides a name resolution in zone until the primary server is available.

3. Caching only serves
This type of DNS servers does not have any zones in it, and purely depends on caching. They contain the information of what has been cached while resolving queries.

4. Stub servers
It is a DNS server hosting a stub zone. This kind of servers has a copy of a zone containing only a list of the authoritative DNS servers for its master zone.

5. Forwarders
Forwarders are the process of resolving external queries using forwarders. It reduces network traffic on WAN links. It acts as a firewall which provides a layer of security from external network. Here we are going to set up a Primary DNS server on a RHEL 6 / CENTOS 6 server. Scenario


This is the setup of a typical organization Example.com. It consists of web server, mail server, and ftp server on the internal network. The internal network uses 192.168.1.0/24 IP addressing scheme. We need to set up a primary DNS server that is best suited for my network.
I used a RHEL 6 x86_64 bit server to host the DNS server named rhel6.example.com. The server has two network card eth0 and eth1 which are connected to internet and internal network respectively.

Configuration Steps are working in progress!


Posted by 1 comments
Read More
Subscribe to: Posts (Atom)
Powered by Blogger.