Security-Enhanced Linux Questions and Answers

By -

1. SELinux
Make SELinux as enforcing mode which is permanent


[root@server6 ~]# vim /etc/sysconfig/selinux
SELINUX=enforcing
[root@server6 ~]# setenforce enforcing

[root@server6 ~]# getenforce
Enforcing

2.To create a new 500 MB physical partion
To create a new 500 MB physical partition mounted on /common with xfs filesystem. Note because partition sizes are seldom exactly what is specified when you are created, anything with range of 475MB to 525 MB is acceptable .

[root@server6 ~]# lsblk
[root@server6 ~]# fdisk /dev/vdb

Command (m for help): p

Command (m for help): n
Partition type:
   p   primary (0 primary, 0 extended, 4 free)
   e   extended
Select (default p): p
Last sector, +sectors or +size{K,M,G} (2048-20971519, default 20971519): +500M
Command (m for help): p
 Device Boot      Start         End      Blocks   Id  System
/dev/vdb1            2048     1026047      512000   83  Linux

Command (m for help): w
[root@server6 ~]# partprobe /dev/vdb
[root@server6 ~]# mkdir /common

[root@server6 ~]# mkfs.xfs /dev/vdb1

[root@server6 ~]# vim /etc/fstab
/dev/vdb1                                 /common                xfs     defaults        0 0

[root@server6 ~]# mount -a
[root@server6 ~]# df -h
/dev/vdb1       497M   26M  472M   6% /common



3.create the following users,groups and group membership.

    a group name admin.
    a user harry who belongs to admin as a secondary group.
    a user natasha who belongs to admin as a secondary group.
    a user sarah who does not access to an interactive shell on the system and who is not member of admin.
    a user sandy who belongs to admin as a secondary group.
    harry,natasha,sarah,sandy should all have password of password.


[root@server6 ~]# groupadd admin
[root@server6 ~]# useradd -G admin harry
[root@server6 ~]# useradd -G admin natasha
[root@server6 ~]# useradd -s /sbin/nologin sarah
[root@server6 ~]# useradd -G admin sandy
[root@server6 ~]# passwd harry
[root@server6 ~]# passwd natasha
[root@server6 ~]# passwd sarah
[root@server6 ~]# passwd sandy

[root@server6 ~]# vim /etc/gshadow

admin:!::harry,natasha,sandy
[root@server6 ~]# id harry
[root@server6 ~]# su - sarah


4.create a collaborative directory /common/admin with the following characterstics.

    Group ownership of /common/admin is admin
    the directory should be readable ,writeable and accessible to members of admin but not to any other users.(It is understood the root as access to all files and directories on the system).
    files created in /common/admin automatically have group ownership set to the admin group.





[root@server6 ~]# mkdir -p /common/admin
[root@server6 ~]# ls -ld /common/admin
dr-xr-x---. 15 root root 4096 Nov 25 06:41 .
[root@server6 ~]# chgrp admin /common/admin
[root@server6 ~]# chmod 770 /common/admin/ -R
[root@server6 admin]# chmod g+s /common/admin
[root@server6 ~]# ls -ld /common/admin/
[root@server6 admin]# touch 1 2 3


scheduled a job.

    harry set the own job schedule on 12:40 at noon print /bin/echo on "hello world".
    natasha should not schedule cron jobs.



 1) [root@server6 ~]# yum install cron* -y


[root@server6 ~]# crontab -eu harry

2 8 * * * /bin/echo "hellow world"

[root@server6 ~]# systemctl restart crond.service
[root@server6 ~]# cat /var/spool/mail/harry


2) [root@server6 ~]# vim /etc/cron.deny
    natasha

  [root@server6 ~]# systemctl restart crond.service
[root@server6 ~]# su - natasha
[natasha@server6 ~]# crontab -e
  your not allowed to use this program


6.Install the appropriate kernel update from http://classroom.example.com/rhel7.0/x86_64/errata/ The following criteria must also be met .

    the updated kernel is a default when is system is rebooted.
    the original kernel remains available and bootable on the system.


[root@server6 ~]# vim /etc/grub.conf
[root@server6 ~]# uname -r
3.10.0-123.el7.x86_64



[root@server6 ~]# cd /etc/yum.repos.d
[root@server6 yum.repos.d]# ls
admin.repo
[root@server6 yum.repos.d]# vim admin.repo
[admin]
name=adminrepo
baseurl=http://content.example.com/rhel7.0/x86_64/errata/
gpgcheck=0
enabled=1

[root@server6 yum.repos.d]# yum clean all
[root@server6 yum.repos.d]# yum clean dbcache
[root@server6 yum.repos.d]# yum repolist
[root@server6 yum.repos.d]# yum install kernel -y
[root@server6 yum.repos.d]# reboot -f


[root@server6 ~]# uname -r
3.10.0-123.1.2.el7.x86_64

[root@server6 ~]# vim /etc/grub.conf



7.create a swap memory.
. create a swap partition 512MB size.


[root@server6 ~]# fdisk /dev/vdb

Command (m for help): p
Command (m for help): n
Select (default p): e
enter
enter
enter
Command (m for help): n
Partition type:
   p   primary (1 primary, 1 extended, 2 free)
   l   logical (numbered from 5)
Select (default p): l

Last sector, +sectors or +size{K,M,G} (1028096-20971519, default 20971519): +512M
Command (m for help): p
Command (m for help): t
Partition number (1,2,5, default 5): 5
Hex code (type L to list all codes): 82
Changed type of partition 'Linux' to 'Linux swap / Solaris'
Command (m for help): w
[root@server6 ~]# partprobe /dev/vdb
[root@server6 ~]# mkswap /dev/vdb5
[root@server6 ~]# vim /etc/fstab
/dev/vdb5                               swap                    swap    defaults        0 0
[root@server6 ~]# swapon -a
[root@server6 ~]# swapon -s
[root@server6 ~]# free -m
[root@server6 ~]# lsblk


8. ARCHIVE.

    Archive /etc/hosts to /var/tmp/archive.tar.bz2.
    Please read carefully the question /var/ and /tmp are directory. So remove the /tmp or /var and try it.


[root@server6 /]# tar -cjvf archive.tar.bz2 /etc/hosts -c /var/tmp/


UnZip:


[root@server6 /]# tar -xjvf /var/tmp/archive.tar.bz2 -C /root/Documents/

9.Bind to the LDAP domain example.com provided by classroom.example.com for user..
note the following.
ldapuserX should be able to log into your system, where X is your server number, but will not have a home directory until you have completed the autofs requirement below.
.
all ldap user have a password of password
Note:your ldap user TLS certificate path http://classroom.example.com/pub/EXAMPLE-CA-CERT



[root@server6 ~]# yum install sssd* -y
[root@server6 ~]# yum install auth* -y
[root@server6 ~]# yum install nfs* -y
[root@server6 ~]# yum install autofs* -y
[root@server6 ~]# yum install openldap* -y
[root@server6 ~]# systemctl restart sssd
Job for sssd.service failed.
[root@server6 ~]# authconfig-gtk
one new window open

User accound database: LDAP
Ldap Search base DN  : dc=example,dc=com
Ldap server      :ldaps://classroom.example.com
select Use TLS to encrypted connection
-- Click Download certicficate --- new window open

 certificate url: http://classroom.example.com/pub/EXAMPLE-CA-CERT
> ok
Authendication method : LDAP PASSWD


[root@server6 ~]# systemctl restart sssd


10.Configure autofs to automount the home directories of LDAP users. Note the following: .
i) classroom.example.com (172.25.254.254) NFS -exports /home/guests to your system,.
ii) ldapuserX's home directory is classroom.example.com:/home/guests/ldapuserX. where X is your station number . ,
iii) ldapuserX's home directory should be automounted locally mapped to /home as /home/guests..
home directories must be writeable by their users.
while you are able to log in as any of the users ldapuser1 through ldaouser20.the only home directory.
that is accessible from your system is ldapuserx

Example:station 100 would configure the automounter such that ldapuser100's home directory /home/guest gets mounted automatically upon login.



[root@server6 ~]# mkdir /home/guests
[root@server6 ~]# vim /etc/exports
/home/guests     *(rw,sync)
[root@server5 /]# vim /etc/auto.master

/misc   /etc/auto.misc
/home/guests /etc/auto.misc

[root@server5 /]# vim /etc/auto.misc
cd              -fstype=iso9660,ro,nosuid,nodev :/dev/cdrom
ldapuser6       -rw,soft,intr  classroom.example.com:/home/guests/ldapuser6

[root@server6 ~]# systemctl restart autofs
[root@server6 ~]# su - ldapuser6



11.copy the file /etc/fstab to var/tmp.configure the permission of /var/tmp/fstab.
the file /var/tmp/fstab is owened by root user.
the file /var/tmp/fstab is belongs to the group root.
the file /var/tmp/fstab is should not be executable by any one.
the user harry is able to read and write by /var/tmp/fstab.
the user Natasha can neither read nor write /var/tmp/fstab.
all other user(current/future)have the ablity to read /var/tmp/fstab.


[root@server5 ~]# cd /var/tmp
[root@server5 tmp]# ls
[root@server5 tmp]# cp -rvf /etc/fstab /var/tmp/

[root@server5 /]# setfacl -m u:harry:rw- /var/tmp/fstab
[root@server5 /]# setfacl -m u:natasha:--- /var/tmp/fstab
[root@server5 /]# getfacl /var/tmp/fstab


12. configure your system so that it is an NTP client of classroom.example.com.

[root@server6 ~]# yum install chrony* -y


[root@server6 ~]# vim /etc/chrony.conf

server 3.rhel.pool.ntp.org iburst
server  classroom.example.com iburst
[root@server6 ~]# systemctl restart chronyd.service

[root@server6 ~]# timedatectl
[root@server6 ~]# chronyc tracking


13.find the owner of the file sandy to copy the file to given path of root/find.user.


[root@server6 ~]# find / -iname sandy
[root@server6 ~]# cp -rvf /home/sandy /root/find.user
[root@server6 ~]# cp -rvf /var/spool/mail/sandy /root/find.user


14.Create one logical volume named database and it should be on datastore volume group with size 50 extent..
(i) the datastore volume group extend should be 16MiB..
mount the logical volume under mount point /mnt/database.


[root@server6 ~]# fdisk /dev/vdb
Command (m for help): p
Command (m for help): n
Partition type:
   p   primary (0 primary, 1 extended, 3 free)
   l   logical (numbered from 5)
Select (default p): l
Last sector, +sectors or +size{K,M,G} (4096-20971519, default 20971519): +2G
[root@server6 ~]# partprobe /dev/vdb
[root@server6 ~]# pvcreate /dev/vdb5
[root@server6 ~]# vgcreate -s 16 datastore /dev/vdb5
[root@server6 ~]# vgdisplay
[root@server6 ~]# lvcreate -l 50 -n /dev/datastore/database
[root@server6 ~]# lvdisplay
[root@server6 ~]# mkdir /mnt/database

[root@se[root@server6 ~]# mkfs.ext4 /dev/datastore/database
rver6 ~]# vim /etc/fstab

/dev/datastore/database                 /mnt/database            ext4    defaults       0 0

[root@server6 ~]# mount -a
[root@server6 ~]# df -h


15.to create a new user with UID 1326 alies.


[root@server6 ~]# useradd -u 1326 alies
[root@server6 ~]# id alies
uid=1326(alies) gid=1326(alies) groups=1326(alies)


16.Enable FTP service on your system and anonymous user's can download options available on your server.


[root@server6 ~]# yum install *ftp* -y
[root@server6 ~]# yum install vsftpd* -y

[root@server6 ~]# systemctl restart vsftpd

[root@server6 ~]# vim /etc/vsftpd/vsftpd.conf
anonymous_enable=YES

[root@server6 ~]# ftp 172.25.6.11
Name (172.25.6.11:root): anonymous
ftp> ls


17.Find the string "/bin/bash" in /etc/passwd and searching string as been stored in /root/search.txt.

[root@server6 ~]# grep /bin/bash /etc/passwd > /root/search.txt
[root@server6 ~]# cat /root/serarch.txt


18.The initial size of that logical volume database is 800MB. Make successfully reduce the size of logical volume 500MB without losing any data..


[root@server6 ~]# umount -a
[root@server6 ~]# e2fsck -f /dev/datastore/database
[root@server6 ~]# resize2fs /dev/datastore/database 500M
[root@server6 ~]# lvreduce -L 500M /dev/datastore/database
Do you really want to reduce database? [y/n]: y  
[root@server6 ~]# resize2fs /dev/datastore/database
[root@server6 ~]# mount -a /dev/datastore/database /mnt/database

Plan | Travel | Adventure

Comments

Post a Comment

Popular posts from this blog

ORACLE FORMS AND REPORTS 12C INSTALLATION DOCUMENT LINUX

By -
Image
SOFTWARE REQUIREMENT: 1. Java ( jdk-8u65-windows-x64.exe ) 2 . Oracle Weblogic Server 12C( fmw_12.2.1.0.0_infrastructure_Disk1_1of1.zip ) 3. Oracle Forms and Reports 12c (12.2.1.0) ( fmw_12.2.1.0.0_fr_linux64_Disk1_1of1.zip ). Setup The following actions should be performed by the "root" user. Make sure the "/etc/hosts" file contains correct entries for both the "localhost" and real host names . 127.0.0.1      localhostlocalhost.localdomain localhost4 localhost4.localdomain4 Create a new group and user. groupadd -g 54321 oinstall useradd -u 54321 -g oinstall oracle passwd oracle Create the directories in which the Oracle software will be installed. mkdir -p /u02/app/oracle/product/12.2.1 mkdir -p /u02/app/oracle/config/domains mkdir -p /u02/app/oracle/config/applications chown -R applfrw:oinstall /u02 chmod -R 775 /u02/ Append the following entries into the "/home/applfrw/.bash_profile" file. # Adju...
Read more

Microsoft Office 2019 Installation Instructions for Windows

By -
open up cmd as admin and change directories to the folder with the setup.exe  run setup.exe /download configuration.xml it created a folder in the same directory with about 2gigs of data once done run  setup.exe /configure configuration.xml It ran the installer and finished. Volume Lisence :  Sign in to the VLSC. Select the Downloads and Keys tab. Find your Office 2019 product in the list and click its Key link. In the table beneath the name of the product,  find your product key in the column labeled Key.   Copy the product's individual key from this table and paste it into a program like Notepad or click Export all keys:  CSV just above the list of products to download a list of keys in comma-separated-values format (which can be opened with Excel).  Download the configuration files that you need from the table below by right-clicking the link for the file you need, selecting Save link as…,  and saving t...
Read more

installation of Oracle BI Publisher 10.1.3.4.1

By -
After the installation of Oracle BI Publisher 10.1.3.4.1, And the Installation was successful. These instructions are located in:  /home/oracle/OraHome_1/BI_Publisher_readme.txt At the end of this installation BI Publisher will be started. You may access it at the following URL: http://bipublisher.doyen3.com:9705/xmlpserver  as Username: Administrator Password: Administrator For security, follow the Preferences link and reset the Administrator password under the Account tab in the Preferences page. Refer to the install.htm or install.pdf on your installation media for additional instructions on completing the configuration of BI Publisher such as Installing and Configuring the Scheduler. If you selected Advanced Install, please see your Oracle Application Server documentation on how to start and stop applications. BI Publisher shows as xmlpserver in Oracle Containers for Java. If you selected Basic Install, the following commands will start and stop BI Pub...
Read more

Configure physical standby database Oracle Database 11G release 2 (11.2)

By -
This article presents how to configure physical standby database for Oracle Database 11G release 2 (11.2). It’s not focusing on transportation method, duplication method, protection modes nor extra functionality available for physical standbys. This presentation is based on the following article Install Oracle 11G Release 2 (11.2) on Oracle Linux 7 (OEL7). Architecture Final standby configuration is very simple: one host: oel7.dbaora.com – already configured with latest binaries Oracle Database 11G primary database: ORA11G listener LISTENER – already installed standby database: SORA11G – this article shows how to configure it standby configuration will work in default mode MAXIMUM PERFORMANCE standby_physical_11g_01 Configuration consists of the following steps: For primary database prepare space for archivelog and turn on archivelog mode switch to force logging on database level or tablespace level add standby redo logs prepare initialization parameters prepar...
Read more