In this blog, We will discuss the questions and its Solutions related to the Redhat Certified Engineer-7 (RHCE) (RHEL7 Q & A) Examination. I’m writing this post, as I have already gone through this examination and based on that questions, I thought of writing a post on it. You can practice this on your Virtual machine and can appear for your examination. Few things need to be kept under considerations.
Let’s Start Now:-
“RHCE EXAM”
Physical Machine – (Passing – 210/300 , Duration 3.5Hrs)
Domain:- station0
System1:- IP ADDR: 172.25.0.11(server) System2:- IP ADDR: 172.25.0.10(client)(desktop)
Hostname:- server0.example.com Hostname:- desktop0.example.com
Configure yum client-side repository using the following ———–> Free Question
URL=http://content.example.com/rhel7.0/x86_64/dvd/
# cd /etc/yum.repos.d # vim Technicalhariji.repo [Technicalhariji] baseurl=http://content.example.com/rhel7.0/x86_64/dvd/ gpgcheck=0 enabled=1 # yum clean all # yum repolist
Qs. 1 Configure NFS on system1 as follow:-
- Export /public directory with read only acess to
network0.example.com domain. - Export /protected directory with read write acess to
network0.example.com domain. - Acess to /protected is authenticate by using Kerborse. You can
use keytab file from http://classroom.example.com/pub/keytabs/
serverX.keytab. - Create a secure directory inside the /protected directory.
- User smith have read and write acess on secure directory.
On Server Side
# yum -y install nfs* # mkdir /public # mkdir /protected # semanage fcontext -a -t public_content_t '/public(/.*)?' # semanage fcontext -a -t public_content_t '/protected(/.*)?' # restorecon -vvFR /protected # vim /etc/sysconfig/nfs RPCNFSDRAGS="-V 4.2" # vim /etc/exports /public 172.25.0.0/24(ro) /protected 172.25.0.0/24(rw,sync,sec=krb5p) # wget -O /etc/krb5.keytab http://classroom.example.com/pub/keytabs/server0.keytab # lab nfskrb5 setup ------------For Training # systemctl restart nfs-server # systemctl enable nfs-server # firewall-cmd --permanent --add-service=nfs # firewall-cmd --permanent --add-service=rpc-bind # firewall-cmd --permanent --add-sevice=mountd # firewall-cmd --complete-reload # mkdir secure # useradd smith # chown nfsnobody /protected # chown smith /protected/secure # chmod 777 /protected/ # systemctl restart nfs-secure # systemctl enable nfs-secure # systemctl restart nfs-secure-server # systemctl enable nfs-secure-server # exportfs
=================================================================================
Qs. 2 Configure NFS client on system2 as follow
- /public share should be mount on /mnt/nfs directory with only
read permission. - /protected directory should be mount on /mnt/nfssecure with
krb5p authentication and write permission to client. - You can use keytab file from
http://classroom.example.com/pub/keytabs/desktopx.keytab.
On Client Side
# yum -y install nfs* # mkdir /mnt/nfs # mkdir /mnt/nfssecure # wget -O /etc/krb5.keytab http://classroom.example.com/pub/keytabs/desktop0.keytab # vim /etc/fstab server0:/public /mnt/nfs nfs defaults 0 0 server0:/protected /mnt/nfssecure nfs defaults,sec=krb5p,v4.2 0 0 # lab nfskrb5 setup ----------- For Training # systemctl restart nfs-secure # systemctl enable nfs-secure # mount -a # df -h
=================================================================================
Qs. 3 Configure smb service on system1 as follows
- Your smb server must be a member of the STAFF workgroup.
- The service must share the /common directory. the share name must be
common - The common share must be available to groupx.example.com domain client
only - The common must be browseable.
- The user floyd must have read access the share,authenticating with the
password indionce if necessary.
# yum -y install samba* # mkdir /common # semanage fcontext -a -t samba_share_t '/common(/.*)?' # restorecon -vvFR /common # vim /etc/samba/smb.conf Workgroup=STAFF [common] path=/common valid users=floyd browseable=yes writeable=yes hosts allow=172.25.0.0/24 # useradd floyd # smbpasswd -a floyd # smbpasswd -e floyd # setsebool -P samba_enable_dirs on # setsebool -P samba_export_all_rw on # systemctl restart smb nmb # systemctl enable smb nmb # firewall-cmd --permanent --add-service=samba # firewall-cmd --complete-reload
On Client Side
# yum -y install nfs* # smbclient //server0/common -U floyd smn:>
=================================================================================
Qs. 4 On system1 share the /devops directory via SMB as follows:
- The share should be named devops.
- The devops share must only be available to clients in the groupx.example.com
domain. - The devops share must be browseable.
- Kenji must have read access to share,authenticating with password indionce.
- Chihiro must have read and write access to the share, authenticating with the
password indionce.
On Server Side
# mkdir /devops # semanage fcontext -a -t samba_share_t '/devops(/.*)?' # restorecon -vvFR /devops # vim /etc/samba/smb.conf [devops] path=/devops valid users=kenji chihiro write list=chihiro browseable=yes hosts allow=172.25.0.0/24 # useradd kenji # useradd chihiro # smbpasswd -a kenji # smbpasswd -a chihiro # smbpasswd -e kenji # smbpasswd -e chihiro # setfacl -m u:chihiro:rwx /devops # setsebool -P samba_enable_home_dirs on # setsebool -P samba_export_all_rw on # systemctl restart smb nmb # systemctl enable smb nmb
=================================================================================
Qs. 5 The smb share is permanently mounted on system2 at /mnt/dev using the
credentials of kenji. the share must allow anyone who can.
On Client Side
# mkdir /mnt/dev # vim /root/file.txt username=kenji password=indionce # vim /etc/fstab //server0/devops /mnt/dev cifs defaults,multiuser,sec=ntlmssp,username=kenji,password=indionce 0 0 # systemctl restart smb nmb # systemctl enable smb nmb # mount -a # df -h
=================================================================================
Qs. 6 Configure system1 to provide an iscsi disk device name iqn.2015-
09.com.example:systemX.iscsi.
- The iscsi service uses port 3260
- This target usasge 3G backing logical volume name myvg/mylv
- The target is only available to system2.groupx.example.com only
On Server Side
# yum -y install target* # systemctl restart target # systemctl enable target # firewall-cmd --permanent --add-port=3260/tcp # firewall-cmd --complete-reload # fdisk /dev/vdb n-new p-primary Last Sector=+4G t-type 8e-lvm hex code w-write or save # partprobe /dev/vdb # pvcreate /dev/vdb1 # vgcreate myvol /dev/vdb1 # lvcreate -L 3G -n mylv myvol # targetcli # /backstores/block/ ØcreateØ server0.Iscsi /dev/myvol/mylv # /iscsi ØcreateØ iqn.2015-09.com.example:server0.Iscsi # /iscsi/iqn.2015-09.com.example:server0.Iscsi/tpg1/aclsØ create iqn.2015-09.com.example:desktop0.Iscsi # /iscsi/iqn.2015-09.com.example:server0.Iscsi/tpg1/luns Øcreate /backstores/block/server0.Iscsi # /iscsi/iqn.2015-09.com.example:server0.Iscsi/tpg1/portalsØ createØ 172.25.0.11 # ls # saveconfig # exit # systemctl restart target # systemctl enable target
=================================================================================
Qs. 7 ISCSI INITIATOR
- Configure system2 so that it connects to the iqn.2015-
09.com.example:systemX.iscsi as follows - The iscsi device should automaticaly be available on system boot
- The iscsi block device contains a 2100MB partition that is formated as
xfs. - The partition is mounted to /mnt/data and is automatically mounted to
this directory.
On Client Side
# yum -y install iscsi-initiator-utils # vim /etc/iscsi/initiatorname.iscsi Initiatorname=iqn.2015-09.com.example:desktop0.iscsi # systemctl restart iscsid # systemctl enable iscsid # iscsiadm -m discovery -t st -p 172.25.0.11:3260 # iscsiadm -m discovery -t st -p 172.25.0.11:3260 -l # fdisk /dev/vdb n-new p-primary Last Sector=+2100M w-save and exit # partprobe /dev/vdb # mkfs.xfs /dev/vdb1 # blkid copy the UUID of newly create partition # mkdir /mnt/data # vim /etc/fstab UUID="ajjbf5sadb5d878ds78dsd9d9s54" /mnt/data xfs _netdev 0 0 # systemctl restart iscsid # systemctl enable iscsid # mount -a # df -h # iscsi -m session -u (If message of logging out will appear then your work is completed)
=================================================================================
Qs. 8 CONFIGURE IPV6
- configure the eth0 on your exam system with the following ipv6 addresses
- system1 should have the address 200a:ac18::a05/64
- system2 should have the address 200a:ac18::a0a/64
On Server Side
# vim /etc/sysconfig/network-script/ifcfg-eth0
IPV6INIT=yes
# systemctl restart NetworkManager
# nmcli con modify "System eth0" ipv6.addresses 200a:ac18::a05/64
# nmcli con modify "System eth0" ipv6.method static
# nmcli con up "System eth0"
# ifconfig
On Client Side
# vim /etc/sysconfig/network-script/ifcfg-eth0
IPV6INIT=yes
# systemctl restart NetworkManager
# nmlci con modify "System eth0" ipv6.addresses 200a:ac18::a0a/64
# nmcli con modify "System eth0" ipv6.method static
# nmcli con up "System eth0"
# ifconfig
# ping6 200a:ac18::a05
=================================================================================
Qs. 9 configure SSH access as follows:
- Users have remote SSH access to your virtual systems from within
group10.example.com - Client within my133t.org should not have access to ssh on your systems.
On Server Side
# yum -y install openssh* # vim /etc/hosts.deny sshd : my133t.org sshd : 172.25.0.10 # systemctl restart sshd # systemctl enable sshd # firewall-cmd --permanent --add-service=ssh # firewall-cmd --complete-reload
On Client Side
# ssh root@my133t.org # ssh 172.25.0.11 ------This CMD only for use LAB
=================================================================================
Qs. 10 MAIL SERVICE
- configure maild on both system1 and system2
- the system donot accpet incoming email from external resources
any mail send locally on these system is automatically routed to
server1.groupx.example.com - mail sent from these systems show up as coming from groupx.example.com
- you may test your configuration by sending eamil to the localuser a1. the system
server1.groupx.example.com has been configured drop email for this user into
http://server1.groupx.example.com/recieved_mail/1/1
On Server Side
# yum -y install postfix* # systemctl restart postfix # systemctl enable postfix # vim /etc/postfix/main.cf myorigin = server0.example.com inet_interfaces = all mydestinatio = localhost , server0.example.com mynetworks = 127.0.0.0/8 , 172.25.0.0/24 relayhost = [smtp0.example.com] # systemctl restart postfix # firewall-cmd --permanent --add-service=smtp # firewall-cmd --complete-reload
On Client Side
# yum -y install postfix* # systemctl restart postfix # systemctl enable postfix # vim /etc/postfix/main.cf myorigin = desktop0.example.com inet_interfaces = all mydestination = localhost , desktop0.example.com mynetworks = 127.0.0.0/8 , 172.25.0.0/24 relayhost = [smtp0.example.com] # systemctl restart postfix # systemctl enable postfix # firewall-cmd --permanent --add-service=smtp # firewall-cmd --complete-reload # mail root@server0.example.com
=================================================================================
Qs. 11 SELinux
- SELinux must be running in the Enforcing Mode.
On Server Side
# getenforce
# vim /etc/sysconfig/selinux
SELINUX=Enforcing
# setenforce 1
# getenforce
=================================================================================
Qs. 12 USER ENVIRONMENT
- Create a custom command called qstat on both system1 and system2 that runs the
command: /bin/ps -Ao pid,tt,user,fname,rsz. - This command should be available to all usres on the system.
On Server Side
# vim /etc/bashrc
alias qstat="ps -Ao pid,tty,user,fname,rsz"
# source /etc/bashrc
# qstat
On Client Side
# vim /etc/bashrc
alias qstat="ps -Ao pid,tty,user,fname,rsz"
# source /etc/bashrc
# qstat
=================================================================================
Qs. 13 LINK AGGRIGATION
- CONFIGURE A LINK AGGRIGATION ON BOTH SYSTEM
- Both Systems has a Network interfaces “eno1” & “eno2”
- These Two interfaces should be slaved for new teaming device called
“team0” (Make sure “team0” should remain active even if one of the
interfaces goes down ) - Assign the given IP Address for “team0” on 1st System — 172.25.X.50
- Assign the given IP Address for “team0” on 2nd System — 172.25.X.60
On Server Side
# lab teambridge setup ------------For Training Only
# nmcli con add type team con-name team0 ifname team0 config '{"runner":{"name":"activebackup"}}'
# nmcli con mod team0 ipv4.addresses 172.25.0.50
# nmcli con mod team0 ipv4.method static
# nmcli con add type team-slave con-name team0_port1 ifname en01 master team0
# nmcli con add type team-slave con-name team0_port2 ifname en02 master team0
# teamdctl team0 state
# nmcli con down team0
# nmcli con up team0
# nmcli con up team0_port1
# nmcli con up team0_port2
# nmcli con show
On Client Side
# lab teambridge setup ------------For Training Only
# nmcli con add type team con-name team0 ifname team0 config '{"runner":{"name":"activebackup"}}'
# nmcli con mod team0 ipv4.addresses 172.25.0.60
# nmcli con mod team0 ipv4.method static
# nmcli con add type team-slave con-name team0_port1 ifname en01 master team0
# nmcli con add type team-slave con-name team0_port2 ifname en02 master team0
# teamdctl team0 state
# nmcli con down team0
# nmcli con up team0_port1
# nmcli con up team0_port2
To Check Connection ping -i team0 172.25.0.50 ping -i team0 172.25.0.60
=================================================================================
Qs. 14 Configure Port Forwarding on your System1.
- The Traffic coming from system2 on port 5423/tcp should be forwarded to port 80/
tcp on your system1.
On Server Side
# yum -y install http* # systemctl restart httpd # systemctl enable httpd # firewall-cmd --permanent --add-service=http --add-service=https # firewall-cmd --permanent --add-rich-rule 'rule family=ipv4 source address=172.25.0.10 forward-port port=5423 protocol=tcp to-port=80' # firewall-cmd --complete-reload # semanage port -a -t http_port_t -p tcp 5423 # vim /etc/httpd/conf/httpd.conf Listen 80 Listen 5423 # systemctl restart httpd
“OR”
- Configure Port Forwarding in your system2
The traffic coming from system2 on port 443/tcp should be forwarded to port
22/tcp on your system1
On Client Side
# yum -y install http* openssh* # systemctl restart httpd # systemctl restart sshd # systemctl enable httpd # systemctl enable sshd # firewall-cmd --permanent --add-service=ssh # firewall-cmd --permanent --add-rich-rule 'rule family=ipv4 source address=172.25.0.10 forward-port port=443 protocol=tcp to-port=22' # firewall-cmd --complete-reload # ssh -P 443 system0.network0.example.co
=================================================================================
Qs. 15 Mariadb Database
- create a “contacts” database and accept connections only from
local clients. - root password should be “postroll”
- For creating complete backup download backup file from
http://classroom.example.com/pub/mydb.dump.Also create user john for
accept connection from localhost with all privileges and another user
steve for accept connection from any host for insert,update,delete and
select privileges.
On Server Side
# yum -y install groupinstall mariadb* # systemctl restart mariadb # systemctl enable mariadb # firewall-cmd --permanent --add-service=mysql # firewall-cmd --complete-reload # mysql_secure_installation ------------> set password postroll -------press Y on every question------- # mysql -u root -p > show databases ; > create database contact ; > flush privileges ; > exit # wget http://classroom.example.com/pub/mydb.dump # mysql -u root -p contact < /root/mydb.dump now check by connecting again to mariadb, # mysql -u root -p > use contact ; > show databases ; > create user john@'localhost' identified by 'postroll' ; > create user steve@'localhost' identified by 'postroll' ; > grant update,insert,delete,select on contact. * to steve@'localhost' ; > flush privilege ; > exit # vim /etc/my.cnf in section [mysqld], add the below line skip-networking=1 # systemctl restart mariadb Now connect with user john and steve for verify privileges.
=================================================================================
Qs. 16 Implement a web server for the site http://serverX.example.com,
Then perform the following steps:
- Download http://classroom.example.com/pub/server.html
- Rename the downloaded file to index.html
- Copy this index.html to the DocumentRoot of your web server
- Do NOT make any modifications to the content of index.html (
attend all http questions at a time).
On Server Side
# yum -y install http* # systemctl restart httpd # systemctl enable httpd # cd /var/www/html # wget http://classroom.example.com/pub/server.html ---- For Exam # vim server.html ---------> For Training This is my Web page # mv server.html index.html # restorecon -vvFR /var/www/html/index.html # cd /etc/httpd/conf.d # vim webhost.conf Listen 5423 <VirtualHost server0.example.com:80> DocumentRoot "/var/www/html" ServerName server0.example.com </VirtualHost> <Directory "/var/www/html"> order allow,deny allow from 172.25.0.0/24 </directory> # systemctl restart httpd # systemctl enable httpd # firewall-cmd --permanent --add-service=http # firewall-cmd --complete-reload # firefox http://server0.example.com ----------> TO check Server side # firefox http://server0.example.com ---------> To check Desktop side
=================================================================================
Qs. 17 Extend your web server to include a virtual host for the site
http://wwwX.example.com
then perform the following steps:
- where X would be replaced by domain number.
- Set the DocumentRoot to /var/www/virtual
- Download http://classroom.example.com/pub/www.html
- Rename the downloaded file to index.html
- Copy this index.html to the DocumentRoot of the virtual host
- Do NOT make any modifications to the content of index.html
- Ensure that harry is able to create content in
/var/www/virtual.
On Server Side
# mkdir -p /var/www/virtual # cd /var/www/virtual # wget http://classroom.example.com/pub/www.html ------For Exam # vim www.html -----------For Training This is My Webpage # mv www.html index.html # restorecon -vvFR /var/www/virtual/index.html # cd /etc/httpd/conf.d # vim webhost.conf <VirtualHost 172.25.0.11:80> servername www0.example.com documentroot /var/www/virtual </virtualhost> <directory /var/www/virtual> require all granted </directory> # systemctl restart httpd # firefox http://www0.example.com ---------> To check server side # firefox http://www0.example.com ---------> To check desktop side
=================================================================================
Qs. 18 (a.) Secure web service.
- Configure TLS encryption for the web server “https://serverX.example.com”
- A signed certificate for web server is available at http://classroom.example.com/pub/tls/certs/serverX.crt
- Required key for this certificate file is available at http://classroom.example.com/pub/tls/private/serverX.key
- The certificate for signing authority is provided at http://classroom.example.com/pub/example-ca.crt
On Server Side
# mkdir -p /srv/www0/www # restorecon -vvFR /srv/www0/www # cd /srv/www0/www # vim index.html This is a from https_TLS # cd /etc/httpd/conf.d # vim tls.conf <VirtualHost_default_:443> ServerName www.example.com SSLEngine on SSLProtocol all -SSLv2 -SSLv3 SSLCipherSuite High:Medium:!aNULL:!MD5 SSLHonorCipherOrder on SSLCertificatefile /etc/pki/tls/certs/server0.crt SSLCertificateKeyFile /etc/pki/tls/private/server0.key SSLCertificateChainFile /etc/pki/tls/certs/example-ca.crt DocumentRoot /srv/www0/www </VirtualHost> <Directory "/srv/www0/www"> Require all granted </Directory> # systemctl restart httpd
“OR”
(b.) Configure your web server to display the dynamic web contents.
- Dynamic content is provided by a virtual host named as
http://dynamic.example.com - This host should listen on port no 8877
- Download a copy of script from
http://172.25.254.250/pub/webapp.wsgi and place it on appropriate
location for virtual host so that it generates dynamic web contents. - Do not make any changes in webapp.wsgi file
- Clients connecting to https://dynamic.example.com:8877 should get
the output of dynamic web content - This virtual host must be accessible to all the systems in
example.com. - A signed certificate for web server is available at
http://classroom.example.com/pub/tls/certs/serverX.crt - Required key for this certificate file is available at
http://classroom.example.com/pub/tls/private/serverX.key - The certificate for signing authority is provided at
http://classroom.example.com/pub/example-ca.crt
On Server Side
# mkdir -p /srv/webapp0/www # restorecon -vvFR /srv/webapp0/www # cd /srv/webapp0/www # wget http://172.25.254.250/pub/webapp.wsgi ---------->For Exam # vim webapp.wsgi # cd /etc/httpd/conf.d # vim wsgi.conf <VirtualHost dynamic.example.com:8077> ServerName dynamic.example.com SSLEngine on SSLProtocol all -SSLv2 -SSLv3 SSLCipherSuite High:Medium:!aNULL:!MD5 SSLHonorCipherOrder on SSLCertificateFile /etc/pki/tls/certs/server0.crt SSLCertificateKeyFile /etc/pki/tls/private/server0.key SSLCertificateChainFile /etc/pki/tls/certs/example-ca.crt WSGIScriptAlias / /srv/webapp/www/webapp.wsgi </VirtualHost> <Directory "/srv/webapp0/www"> Require all granted </Directory> # systemctl restart httpd
=================================================================================
Qs. 19 Create a directory named as secret in default DocumentRoot of your
default web server.
- Download a file – http://classroom.example.com/pub/private.html
to secret directory. - Rename this file as index.html
- The secret directory should be only available to localhost.
On Server Side
# lab webapp setup ----------For Training # cd /var/www/html # mkdir secret # restorecon -vvFR /var/www/html/secret # cd secret # wget http://classroom.example.com/pub/private.html -----> for Exam # vim private.html ------------> For Training This is my Webpage # mv private.html index.html # vim /etc/httpd/conf.d/webhost.conf <directory "/var/www/html/secret"> order deny,allow deny from all allow from server0.example.com </directory> # systemctl restart httpd
=================================================================================
Qs. 20 Make a following Scripts
Script1
- Create a script myusers.sh for creating users from userlist file.
- file downloaded from http://classroom.example.com/pub/userlist path.
- when userlist as first argument provided it will be created all the users as per users name specify in userlist file and all users should be appear /bin/false login shell. If other argument provided it will
display “Invalid file name” output. - if not providing any argument it will display “Invalid Argument”
On Server Side
# vim /myusers.sh #!/bin/bash if [ $# == 0 ]; then echo "Invalid Argument" exit elif [ $1 == userlist ]; then for i in more `/root/userlist` do useradd -s /bin/false "$i" done else echo "Invalid Output File" fi
Script 2
- Create a script /root/script.sh with executable by all such a manner
- with input “print” output should be “python”
- with input “python” output should be “print”
- with input any value output should be “python|print”
- with no input, output should be “Invalid Argument”
# vim /root/script.sh #!/bin/bash if [ $# == 0]; then echo "Invalid argument" elif [ $1 == python ]; then echo "print" elif [ $1 == print ]; then echo "python" else echo "python|print" fi
=================================================================================
Qs. 21 Use above specified database and fire query for user mobius. Insert
query such that searching all details like username,password,email id
for user “mobius”.
On Server Side
# mysql -u root -p > use contact ; > show tables ; > select username,password,email id from <table name> where user = 'monius' ;
I hope apko ye Article pasand aya hoga aur helpful bhi hoga agr ye article vakai me helpful hai to aap hume comment kar bta sakte hai aur in Questions me se khi par koi bhi problem hai to app comment jrur kare aur in 21 questions me se 100% RHCE ka Exam Paper ata hai So aap Is post ko Read kar RHCE exam me 300/300 marks laa sakte hai.
Thank You
Hello Bhaiya,
Kya abhi tak kisi ko RHCE exam me 300/300 mile hain?
RHCSA me 300/300 marks milte maine bohot logon ko dekha hai. Par abhi tak kisi ko RHCE me 300/300 milte nahi dekha.
Kya ye possible hai?
Hello Pawan RHCE exam me 300/300 marks to aa sakte hai kyunki uske jo question hai vo change nahi hote. Lekin yaha sabse badi baat yah hai ki RHCE exam me Errors bahut ate hai. Mera bhi 8 Jan ko RHCE ka exam hai. To Dekhta hu ki kya hota hai.
hii sir, kya hua aapke R.H.C.E Result ka . 8 january ko jo aapka exam tha. pls. sir bataye