Proper study guides for Refresh Red Hat Red Hat Certified Engineer on Redhat Enterprise Linux 5 (Labs) certified begins with Red Hat RH302 preparation products which designed to deliver the Downloadable RH302 questions by making you pass the RH302 test at your first time. Try the free RH302 demo right now.
Q141. CORRECT TEXT
Your LAN is connected to WAN also. You want to deny the ssh coming from WAN. Configure using iptables to allow ssh connection only from the Local LAN where you LAN IP address is 192.168.0.0/24.
Answer and Explanation:
1. iptables -t filter -A INPUT -s ! 192.168.0.0/24 -p tcp --dport 22 -j DROP
iptables is the build-in firewall tools, used to filter the packets and for nat. By identifying Source Address, Destination Address, type of protocol, source and destination port we can filter the packets.
-sà Source Address
-dà Destination Address
-p à Layer 3 Protocol
-dàDestination Address
--sportà Source Prot
--dportàDestination Port
-ià Incoming Interface
-oà Outgoing Interface
-t à Table either filter or nat or mangle
-Aà Chain can be either INPUT, OUTPUT, FORWARD, PREROUTING, POSTROUTING.
ssh service use the 22 port so we can block connection from outside the LAN.
Q142. CORRECT TEXT
Create the user named eric but eric should not belong to the sysadmin group.
Answer and Explanation:
1. useradd eric
Very tricky question given to you that this user should not belongs to sysadmin group.
Q143. CORRECT TEXT
You are working as a System Administrator at Certkiller. Your Linux Server crashed and you lost every data. But you had taken the full backup of user's home directory and other System Files on /dev/st0, how will you restore from that device?
Answer and Explanation:
1. Go to on that directory where you want to restore.
2. restore -rf /dev/st0
To restore from backup we use the restore command. Here backup will restore from /dev/st0 on current Directory.
Q144. CORRECT TEXT
You are working as a Network Engineer. Due to system processing, you want to limit the number of process to users. If then, configure that user1 and user2 should get one login at a time and all the members of training group can get total 5 logins.
Answer and Explanation:
1. vi /etc/security/limits.conf
user1,user2 - maxlogins 1
@training - maxlogins 5
2. vi /etc/pam.d/system-auth
session required /lib/security/pam_limits.so
To limit the number of process or number of logins, we should configure on /etc/security/limits.conf. First Columns contains the username separated by comma or @group name. Second column either hard or soft limits. Third columns called the item, maxloigns or nproc etc.
To identify the session of users we should call the pam_limits module in /etc/pam.d/system-auth.
Q145. CORRECT TEXT
You want to deny to user1 and user2 users to access files via ftp. Configure to deny these users to access via ftp.
Answer and Explanation:
1. vi /etc/vsftpd/ftpusers
user1
user2
2. service vsftpd start| restart
Using /etc/vsftpd/ftpusers file we can deny to certain users to access files via ftp. As well as there is another file named /etc/vsftpd.user_list can be used to allow or to deny to users.
Q146. CORRECT TEXT
The System you are using is for NFS (Network File Services). Some important data are shared from your system. Make automatically start the nfs and portmap services at boot time.
Answer and Explanation:
We can control the services for current session and for next boot time also. For current Session, we use service servicename start or restart or stop or status. For automatically on next reboot time:
1. chkconfig servicename on or off
eg: chkconfig nfs on
chkconfig portmap on
or
ntsysv
Select the nfs and portmap services.
2. Reboot the system and identify whether services are running or not.
Q147. CORRECT TEXT
Make sure on /data that only the owner user can remove files/directories.
Answer and Explanation:
By default user1 can remove user2's files due to directory permission to group member. We can prevent of deleting files from others users using Sticky Bits.chmod o+t /dataVerify /data: ls –ld /data
You will get: drwxrwx-T
Q148. CORRECT TEXT
There are mixed lots of System running on Linux and Windows OS. Some users are working on Windows Operating System. You want to make available /data directory to samba users only from 192.168.0.0/24 network. Configure the samba server.
Answer and Explanation:
1. vi /etc/samba/smb.conf
[global]
netbios name=station?
workgroup = mygroup
server string=Share from Linux Server
security=user
smb passwd file=/etc/samba/smbpasswd
encrypt passwords=yes
hosts allow=192.168.0.
[data]
path=/data
writable=yes
public=no
browsable=yes
2. service smb start| restart
3. chkconfig smb on
Samba servers helps to share the data between linux and windows. Configuration file is /etc/samba/smb.conf. There are some pre-defined section, i. global à use to define the global options, ii. Printers à use to share the printers, iii. homes à use to share the user's home directory.
Security=user à validation by samba username and password. May be there are other users also.
To allow certain share to certain user we should use valid users option.
smbpasswd à Helps to change user's smb password. -a option specifies that the username following should be added to the local smbpasswd file.
If any valid users option is not specified, then all samba users can access the shared data. By Default shared permission is on writable=no means read only sharing. Write list option is used to allow write access on shared directory to certain users or group members.
To allow access the shared directory only from certain network or hosts, there is a option hosts allow= host or network. If this option is applied on global option, then it will apply to all shared directory.
Q149. CORRECT TEXT
Create the group named training
Answer and Explanation:
1. groupadd training
To create a group we use the groupadd command.
Verify from: cat /etc/group whether group added or not?
Q150. CORRECT TEXT
Make user1, user2 and user3 belongs to training group.
Answer and Explanation:
7. usermod -G training user1
8. usermod -G training user2
9. usermod -G training user3
10. Verify from : cat /etc/group
There are two types of group, I) primary group II) Secondary or supplementary group.
I) Primary Group: Primary group defines the files/directories and process owner group there can be only one primary group of one user.
II) Secondary Group is used for permission. Where permission are defined for group members, user can access by belonging to that group.
Here user1, user2 and user3 belong as supplementary to training group. So these users get the permission of group member.