The Installation and Configuration section is the second part of the Red Hat exam. If you're taking the RHCT, you're allowed 2.0 hours; if you're taking the RHCE, you're allowed 3.0 hours to install and configure Red Hat Enterprise Linux. You may get partial credit on some of these problems. You have access to the Red Hat Enterprise Linux installation files through a network server (the Exam Prep guide specifies a network installation). Once Red Hat Enterprise Linux is installed, you also have access to the man pages as well as any other documentation that you may have installed.
If you're studying for the RHCT, you can limit your focus to the RHCT-level skills; if you're studying for the RHCE, you'll need to complete all RHCT- and RHCE-level skills, in the time allotted.
No specific techniques or commands are required. Any reasonable technique is allowed if it gets you to the objective. For example, if you need to limit access to a specific service, you can use iptables, /etc/hosts.deny, or even SELinux. As long as it does the job, the configuration can get you full credit for that part of the exam.
You may need to limit access to network servers to specific users or other computers. However, this is a certification exam. Do not expect to have physical access to any other computer to test your settings. You will not have access to any outside networks such as the Internet.
If you're going for your RHCT, you'll need a grade of at least 70 percent in the RHCE-level skills. If you're going for your RHCE, you'll need a score of 70 percent on both sections.
Read the entire Installation and Configuration exam before you finish installing RHEL. It's easier to configure RAID and logical volumes during the installation process. It can save time to install required servers during the installation process. And remember, you can start configuring RHEL through the CTRL-ALT-F2 console even while packages are being installed.
If you're preparing for the RHCT exam, you can ignore the RHCE issues. If you're preparing for the RHCE exam, you'll want to address all requirements in this section. Remember, the RHCE is inclusive of the RHCT.
Install Red Hat Enterprise Linux. The following conditions specify a network server, configured with some very specific partitions. You'll also need to limit access to some or all of your network servers to specific users, computers, entire networks, or more.
Install Linux over a network connection with the partitions shown in Table A-1. The sizes shown are minimums. Use a reasonable size for the swap partition.
You'll want a RAID 6 array for the /home directory where your users can store at least 1000MB of data. Assume this computer has an IP address of 10.11.12.13 on the 10.11.12.0/255.255.255.0 network.
Configure the following users for RHEL: nancy, randy, donna, and mike. Make nancy and randy part of a group named angels. Create a /home/angels directory and allow them to share files without having to change permissions or ownership on any file they put in this directory. Do not give donna or mike read privileges on this directory. Configure quotas for donna and mike to limit the space available in their home directories to 100MB.
Set up Access Control Lists on the /home directory partition. Set up a project .test file in user mike's home directory. Configure ACLs on project.test to allow user donna to read this file.
Make kdm the default window manager. Make sure users are directed to the graphical login interface when RHEL starts on this computer. Configure a connection to an LDAP client, on the vtc.com domain, on IP address 10.11.12.15.
Set up a job to delete all of the regular files in the /home/mike directory on the second day of every month at 3:50 A.M. Configure the automounter to connect to the NFS installation source on the /var/ftp/pub directory from IP address 192.168.0.50 (substitute the directory and IP address from your own network accordingly). Connect to and configure a remote CUPS printer; make it the default for this computer.
Install The GIMP after installation. Install the later version of the kernel that's available from the network installation source. Set up another GRUB stanza to boot your system in runlevel 1.
Finally, allow the local system to accept source routing. While normally disabled, it's often associated with systems configured as routers.
In this part of the exam, you'll configure a number of different servers on the RHEL computer.
When you install, configure a logical volume, dedicated to the /var directory. Enable ssh logins, and limit access to the local network. Configure Samba to share the /home/angels directory with the users specified earlier. Configure a vsFTP server. Limit access to computers on the LAN. Support access from users over FTP from one other system on the LAN to their home directories. Set up a local NTP server, accessible to other workstations on the LAN.
Configure an NFS server to share the files in /tmp only with users on the LAN. Configure Apache to serve a homepage.html page from within the /var/www/html directory. Do not limit access to the computers on the LAN. Add a secure.html page for connections to a secure Web server. Set up a proxy server that can be used by other computers on your LAN. Make sure SELinux settings allow these options.
Set up a Kickstart file, ready to use with a boot CD. Copy it to a USB key in that system's top-level directory. Configure a local caching nameserver. Add a non-secure POP3 server for the local network; do not support IMAP or secure protocols on that server.
When you reboot your computer, all of the services that you've created and settings that you've made should be enabled automatically.
Since there is no one way to set up a Red Hat Enterprise Linux configuration, there is no one right answer for the listed requirements. But there are some general things to remember. You need to make sure your changes work after a reboot. If you're going for the RHCE, you'll need to make sure that the services that you set up are active at the appropriate runlevels. For example, if you're configuring Apache, it should be active for at least runlevels 3 and 5.
First, examine the RHCT-level skills. You can set up the required partitions through Disk Druid during the RHEL installation process, or with the fdisk or parted utilities after RHEL is installed. Remember, you need (at least) four partitions for a RAID 6 array. If you're creating the array after installation, use the mdadm command.
Remember your CIDR notation; 10.11.12.0/24 specifies a subnet mask of 255.255.255.0. Use the SGID bit and assign 770 permissions on /home/angels, and make sure to assign group ownership of that directory to angels. Before you can configure quotas, you'll need to remount /home with at least the usrquota setting, and add it to /etc/fstab. Create appropriate quota configuration files with quotacheck -cuvm (or reboot); and then activate quotas with quotaon; configure quotas for users donna and mike, using the edquota command.
Before configuring ACLs, you need to set up the applicable partition with acl settings. You should do so in /etc/fstab. To make it work before a reboot, remount the /home directory partition with the mount -o remount,acl /dev/partitionnumber /home command. If it works, you'll be able to confirm with the mount command by itself.
Make your default window manager through the /etc/X11/prefdm file; in this case, you can set preferred=kdm. Remember, the GUI login is associated with runlevel 5 in /etc/inittab. Setting up a connection to an LDAP server means understanding the distinguished names associated with the vtc.com domain, where dc=vtc and dc=com, and the LDAP server is on IP address 10.11.12.15.
Setting up a job to delete files in any specific directory on a periodic basis is a job for the cron daemon. You can create your own job with crontab, or you can set it up through a script similar to /etc/cron.daily/tmpwatch. For example, I ran crontab -e as user michael and added the following:
SHELL=/bin/bash PATH=/sbin:/bin:/usr/sbin:/usr/bin MAILTO=michael HOME=/home/michael 50 3 * * * rm /home/mike/*
To configure the automounter to point to the network installation source, you need to activate the autofs service. Assume the server properly shares NFS from the 192.168.0.50, and you should be able to access the share with the following command:
# ls /net/192.168.0.50/var/ftp/pub
It's easiest to install a new printer with the Printer Configuration tool. If it's a remote printer, you'll need the data associated with the source, such as the computer and share names.
To install The GIMP and any new Linux kernel, you can even access the installation server directory associated with the automounter.
When you need to update a Linux kernel, make sure to install, and not upgrade, the kernel. This allows you to go back to the old working kernel, and it automatically adds the option to the boot loader menu. To add a runlevel 1 option in the default GRUB boot loader file, copy an existing stanza and add 1 to the end of the kernel directive. It's advisable to add a label such as "single user mode" to the new stanza.
To enable source routing after the next reboot, set the following in /etc/sysctl.conf:
net.ipv4.conf.default.accept_source_route = 1
If you need source routing enabled immediately, you could run the following:
# echo "1" > /proc/sys/net/ipv4/conf/default/accept_source_route
Now let's examine the RHCE issues in this section.
It's easiest to install logical volumes during the installation process. Don't forget to do so while using Disk Druid. Remember, it's 1000MB on the /var directory. Sharing /home/angels through Samba for specified users means adding them to the Samba authentication list with the smbpasswd command. Limiting vsFTP access to the LAN can be done using appropriate commands in the /etc/hosts.deny file. Remember to allow users access to their home directories in /etc/vsftpd/vsftpd.conf.
Sharing /tmp through NFS means configuring this directory in /etc/exports (where you can also limit access to the local network), and applying exportfs -a. Make sure that the appropriate NFS daemons are active, including portmap and rpc.mountd. If you have problems, it may be related to SELinux. Change the DirectoryIndex in the default httpd.conf to make Apache read the default Web page from homepage.html. Add a DirectoryIndex secure.html directive to ssl.conf in the /etc/httpd/conf.d/ directory.
Configuring a Squid Proxy Server is straightforward; all you need are three lines associated with visible_hostname, acl for the local network, and http_access allow to limit access to that network. Examples are embedded in the default Squid configuration file, /etc/squid/squid.conf.
Make sure the SELinux booleans are compatible with these settings. If you use non-standard directories, you may have to apply the chcon command to make sure these directories have the same SELinux labels as the default directories.
Before the ks.cfg file is ready, you'll need to make sure the appropriate partition commands are active. You can then copy it as ks.cfg to the desired USB key, which you can call from the installation boot prompt with the linux ks=hd:sdb:/ks.cfg command (you may need to substitute another device name for sdb).
Configuring a local caching nameserver is straightforward; just install the caching-nameserver RPM and activate the named daemon. Adding a non-secure POP3 server means installing the Dovecot service and making sure to list only pop3 with the protocols directive. Making an NTP server work is a two-step process; first you need to configure it as a client. During this exercise, it's okay to do so with a connection to the default servers, based on the Red Hat Date/Time Configuration tool. During the exam, you may not have Internet access, so follow the instructions from your proctor as closely as possible. Edit the /etc/ntp.conf file; there's a commented model for a local network, which you can customize for your LAN's network address.