RHCSA9 dump-2

RHCSA9 dump-1과 비교하여, 신 유형만 정리

8. ipv4 packet forwarding

Enable IPv4 packet forwarding on ServerB persistently.

answere)

• sysctl -a | grep ipv4 | grep forward
• sysctl net.ipv4.ip_forward
0: disable
  1: enable

• vi /etc/sysctl.conf

net.ipv4.ip_forward=1

• sysctl --load

validation

• sysctl net.ipv4.ip_forward

---

9. ipv6 packet forwarding

On ServerB, enable IPv6 packet forwarding and ensure the configuration persists after a reboot.

answere)

• sysctl -a | grep ipv6 | grep forward
• sysctl net.ipv6.conf.all.forwarding
0: disable
  1: enable

• vi /etc/sysctl.conf

net.ipv6.conf.all.forwarding=1

• sysctl --load

validation

• sysctl net.ipv6.conf.all.forwarding

---

13. bash shell script

Write a script named /yes-no.sh on ServerB that:
Echoes “that’s nice if the argument is ‘yes’.
Echoes “I am sorry to hear that” if the argument is ‘no’.
Echoes “unknown argument provided” if the argument is anything else.

answere)

• vi /yes-no.sh

#!/bin/bash

if [[ "$1" = "yes" ]]; then
    echo "that's nice"
elif [[ "$1" = "no" ]]; then
    echo "I am sorry to hear that"
else
    echo "unknown argument provided"
fi

-eq: 정수형 숫자 비교
=: 문자열 비교

validation

• cd /
• ./yes-no.sh yes
• ./yes-no.sh no
• ./yes-no.sh test
  결과값 확인

---

15. kernel update

On ServerB, install the appropriate kernel update. Ensure the following criteria are met:

• The updated kernel is set as the default kernel when the system reboots.
• The original kernel remains available and bootable on the system.

answere)

• dnf update -y
• dnf update -y kernel
• reboot

validation

• rpm -q kernel
• uname -r

---

20. file permission

On ServerB, copy the file “/etc/fstab” to “/var/tmp”, then do the following:

• a. Configure the permissions of “/var/tmp/fstab” so that the file is owned by the root user, belongs to the group root, and is not executable by anyone.
• b. The user "stewart" can read and write to “/var/tmp/fstab”.
• c. The user "kevin" can neither read nor write “/var/tmp/fstab”.

answere)

• cp -rp /etc/fstab /var/tmp
• cd /var/tmp
• chown root.root fstab
• chmod a-x fstab

• setfacl -m u:stewart:rw- fstab
• setfacl -m u:kevin:--- fstab
man setfacl에서 예문 확인 가능

validation

• getfacl fstab

---

23. optimize system

On ServerB, optimize the system to run in a virtual machine for the best performance and concurrently tune it for low power consumption, with low power consumption as the priority.

answere)

• dnf install -y tuned
• systemctl enable --now tuned
• systemctl status tuned

• tuned-adm list
• tuned-adm profile virtual-guest powersave
virtual-guest, powersave라는 2개의 profile을 적용하는 것

validation

• tuned-adm actvie

---

23.1. recommended system

Configure recommended tuned profile

answere)

• dnf install -y tuned
• systemctl enable --now tuned
• systemctl status tuned

• tuned-adm list
• tuned-adm recommend
• tuned-adm profile virtual-guest
  vm 환경이기때문에 virtual-guest가 나올 확률이 높다.

validation

• tuned-adm active

---

26. selinux enforcing

On rhel.server.com, set SELinux to “enforcing” mode.

answere)

• getenforce
• vi /etc/selinux/config

SELINUX=enforcing

• reboot

validation

• getenforce

---

28. Restrict root login

Restrict root login on rhel.server.com.

answere)

• vi /etc/ssh/sshd_config

PermitRootLogin no

• systemctl restart sshd

validation

• ssh root@localhost
  거절되는 것 확인

---

31. backgroud with a priority

Run "sleep 100" in the background with a priority value of "30".

answere)

• nice -n 10 sleep 100 &
priority 값 = nice 값 + 10. 따라서 nice 값은 20이 되어야 한다.
  default nice 값이 10이다. 따라서 -n 10

validation

• ps -eo pid,comm,ni | grep sleep

---

36. nfs client

Configure ServerB (the NFS client) to automatically mount the share ServerA:/share on the /nfs directory.

answere)

• showmount -e servera
servera가 nfs-server로서 외부에 공유(export)하고 있는 볼륨이 있는지 확인
  -e: export

• mkdir /nfs
• vi /etc/fstab

servera:/share		/nfs	nfs		defaults	0 0

• mount -a

validation

• df -Th

---

37. Containerfile root container

On ServerB, build an image named "hello_world" from a Containerfile that installs and configures a web server (httpd) to start automatically by the systemd service (/sbin/init) when the container is running on your host system.
Then run a new container from the "hello_world" image and name it "hello_world_run". The Containerfile should follow these instructions:

• Base Image: Red Hat Universal Base Image 8 Init (ubi8/ubi-init).
• The Web server should display "Hello World!" Once you connect to it.
• Expose the Web server to port 80.

answere)

• dnf install -y container-tools
• podman search ubi-init
  사용할 image를 검색

• vi Containerfile

FROM registry.redhat.io/ubi8/ubi-init
RUN dnf install -y httpd

RUN mkdir -p /var/www/html
RUN echo "Hello World!" > /var/www/html/index.html

RUN systemctl enable httpd
EXPOSE 80

CMD ["/sbin/init"]

CMD ["/sbin/init"] systemd 실행

• podman build -t hello_world -f Containerfile .
-t: tag
  -f: file
  . 현재 디렉토리 기준
• podman images

podman run -d \
--name hello_world_run \
--restart=on-failure \
--systemd=always \
-p 80:80 \
hello_world

validation

• podman ps
• ss -lntp | grep 80
• curl 0.0.0.0:80

---

38. service

On ServerB, prevent all users from using the crontab command except the user tom.

answere)

• vi /etc/cron.allow

tom

validation

• useradd tom
• crontab -e
• useradd test
• crontab -e

---

39. SELinux

On rhel.server.com, create a directory hierarchy /V1/V2/V3/, and apply the SELinux context of the /etc directory to the new hierarchy recursively.

answere)

• mkdir -p /V1/V2/V3
• ls -dZ /etc
  type이 etc_t인 것 확인

• semanage fcontext -a -t etc_t "/V1(/.*)?"
man semanage fcontext
• restorecon -Rv /V1

validation

• ls -dZ /V1
• ls -dZ /V1/V2
• ls -dZ /V1/V2/V3

---

41. ftp server

On rhel.server.com, install the package zsh which is located on the FTP server ftp://server.example.com under the /pub/updates directory. The FTP server credentials are:

• Username: admin
• Password: admin

answere)

• ftp server.example.com
• admin
  유저네임
• admin
  패스워드

• cd /pub/updates
• binary
  rpm 파일 다운로드를 위해, binary 모드로 변경
• get zsh.rpm
• exit

• rpm -ivh zsh.rpm
-i: install
  -v: verbose
  -h: 설치 단계를 hash로 표시

validation

• rpm -qa | grep zsh
-q: query
  -a: all

---

42. hard/soft link

Create a hard and symbolic link to a file named data.txt. The original file is located in the /home/$USER/ directory. The hard link should be created in the same directory, while the symbolic link should be created in the /var/tmp/ directory.

answere)

• cd ~
• touch data.txt

• ln data.txt hard-link
man ln
• ln -s data.txt /var/tmp/soft-link

validation

• ls -li ~
  hard-link의 경우, inode 같은지 확인
• ls -al /var/tmp