Download ftp://192.168.0.254/pub/boot.iso to /root, and mounted automatically under /media/cdrom and which take effect automatically at boot-start.
正解:
# cd /root; wget ftp://192.168.0.254/pub/boot.iso
# mkdir -p /media/cdrom
# vim /etc/fstab
/root/boot.iso /media/cdrom iso9660 defaults,loop 0 0
# mount -a
mount [-t vfstype] [-o options] device dir
質問 2:
Part 1 (on Node1 Server)
Task 13 [Archiving and Transferring Files & SELinux]
Create a backup file named /root/backup.tar.bz2. The backup file should contain the content of /usr/local and should be zipped with bzip2 compression format.
Furthermore, ensure SELinux is in enforcing mode. If it is not, change SELinux to enforcing mode.
正解:
* [root@node1 ~]# tar cvf /root/backup.tar /usr/local/
tar: Removing leading `/' from member names
/usr/local/
/usr/local/bin/
/usr/local/etc/
[root@node1 ~]# ls
backup.tar
[root@node1 ~]# file backup.tar
backup.tar: POSIX tar archive (GNU)
[root@node1 ~]# bzip2 backup.tar
[root@node1 ~]# ls
backup.tar.bz2
[root@node1 ~]# file backup.tar.bz2
backup.tar.bz2: bzip2 compressed data, block size = 900k
*
[root@node1 ~]# sestatus
SELinux status: enabled
[root@node1 ~]# cat /etc/selinux/config
SELINUX=enforcing
SELINUXTYPE=targeted
[root@node1 ~]# reboot
### For Checking ###
[root@node1 ~]# sestatus
SELinux status: enabled
質問 3:
Configure the verification mode of your host account and the password as LDAP. And it can login successfully through ldapuser40. The password is set as "password". And the certificate can be downloaded from http://ip/dir/ldap.crt. After the user logs on the user has no host directory unless you configure the autofs in the following questions.
正解:
system-config-authentication
LDAP Server: ldap//instructor.example.com (In domain form, not write IP) OR
# yum groupinstall directory-client (1.krb5-workstation 2.pam-krb5 3.sssd)
# system-config-authentication
1.User Account Database: LDAP
2.LDAP Search Base DN: dc=example,dc=com
3.LDAP Server: ldap://instructor.example.com (In domain form, not write IP) 4.Download CA Certificate
5.Authentication Method: LDAP password
6.Apply
getent passwd ldapuser40
質問 4:
Configure iptables, there are two domains in the network, the address of local domain is 172.24.0.0/16 other domain is 172.25.0.0/16, now refuse domain 172.25.0.0/16 to access the server.
正解:
below
iptables -F
service iptables save
iptables -A INPUT -s 172.25.0.0/16 -j REJECT
service iptables save
service iptables restart
質問 5:
Part 1 (on Node1 Server)
Task 5 [Controlling Access to Files with ACLs]
Copy the file /etc/fstab to /var/tmp. Configure the following permissions on /var/tmp/fstab.
The file /var/tmp/fstab is owned by root user
The file /var/tmp/fstab is belongs to the root group
The file /var/tmp/fstab should be executable by anyone
The user harry is able to read and write on /var/tmp/fstab
The user natasha can neither read or write on /var/tmp/fstab
All other users (Current or future) have the ability to read /var/tmp/fstab
正解:
* [root@node1 ~]# cp -p /etc/fstab /var/tmp/
[root@node1 ~]# ls -lrt /etc/fstab
[root@node1 ~]# ls -lrt /var/tmp/fstab
[root@node1 ~]# chmod a+x /var/tmp/fstab
[root@node1 ~]# getfacl /var/tmp/fstab
[root@node1 ~]# setfacl -m u:harry:rw- /var/tmp/fstab
[root@node1 ~]# setfacl -m u:natasha:--- /var/tmp/fstab
[root@node1 ~]# getfacl /var/tmp/fstab
getfacl: Removing leading '/' from absolute path names
# file: var/tmp/fstab
# owner: root
# group: root
user::rwx
user:harry:rw-
user:natasha:---
group::r-x
mask::rwx
other::r-x
* [root@node1 ~]# su - natasha
[natasha@node1 ~]$ cat /var/tmp/fstab
cat: /var/tmp/fstab: Permission denied
沢木** -
EX200問題集の問題はなぜか本番試験にほぼ出てて、高いスコアで合格するには十分ですね。