Lab: Managing Files from the Command Line

Edit the file /home/student/grading/manage-files-copy.txt so that there should be two

sequential lines of text reading Test JJ.

From the command mode in vim, scroll down to the line that has the Test JJ line of text. Press the
y key twice on your keyboard to copy the line of text and press the p key to paste it below the
cursor. Type :wq to save the changes and quit vim.

Edit the file /home/student/grading/manage-files-copy.txt so that the Test HH line of

text must not exist in the file.

From the command mode in vim, scroll down to the line that has the Test HH line of text. Press the
d key twice on your keyboard to delete the line of text. Type :wq to save the changes and quit vim

Edit the file /home/student/grading/manage-files-copy.txt so that the line A new line

should exist between the line reading Test BB and the line reading Test CC.

From the command mode in vim, scroll down to the line that has the Test CC line of text. Press the
i key on the keyboard to switch to the insert mode while keeping the cursor at the beginning of the
Test CC line of text. From the insert mode, press the Enter key on the keyboard to create a blank
line above the cursor. Use the up arrow to navigate to the blank line and create the A new line
line of text. Press the Esc key on the keyboard to switch back to the command mode. Type :wq to
save the changes and quit vim

Use the ln command to create the hard link named /home/student/hardlink to the file
/home/student/grading/grade1.

ln grading/grade1 hardlink

Create a soft link named /home/student/softlink to the file

/home/student/grading/grade2.

Lab: Managing Users and Groups, Permissions and

Processes

 Use the groupadd command to create a new group called database with GID 50000.
[root@serverb ~]# groupadd -g 50000 database

 Use the useradd command to create a new user called dbuser1 that uses the group
database as one of its secondary groups.

[root@serverb ~]# useradd -G database dbuser1

 Use the chage command to force dbuser1 to change its password on first login.

[root@serverb ~]# chage -d 0 dbuser1

 Use the chage command to set the minimum age of the password of dbuser1 to 10 days.

[root@serverb ~]# chage -m 10 dbuser1

 Use the chage command to set the maximum age of the password of dbuser1 to 30 days.

[root@serverb ~]# chage -M 30 dbuser1

 Create the file /etc/sudoers.d/dbuser1 to configure dbuser1 so that the user can use
sudo to run any command as the superuser. You may use the vim /etc/sudoers.d/dbuser1
command to create the file. The /etc/sudoers.d/dbuser1 should contain the following
content.

dbuser1 ALL=(ALL) ALL

 Configure the user dbuser1 to have a default umask of 007.

1. Switch to the user dbuser1.

2. [root@serverb ~]# su - dbuser1
[dbuser1@serverb ~]$

 Append the line umask 007 to the files /home/dbuser1/.bash_profile and

/home/dbuser1/.bashrc.

[dbuser1@serverb ~]$ echo "umask 007" >> .bash_profile

[dbuser1@serverb ~]$ echo "umask 007" >> .bashrc

 Use the mkdir command to create /home/student/grading/review2.

[root@serverb ~]# mkdir /home/student/grading/review2

 On the /home/student/grading/review2, use the chown command to set student and

database as the owning user and group respectively.

[root@serverb ~]# chown student:database /home/student/grading/review2

 Use the chmod command to apply the SetGID special permission on
/home/student/grading/review2.

[root@serverb ~]# chmod g+s /home/student/grading/review2

 Use the chmod command to apply the permission mode 775 on

/home/student/grading/review2.

[root@serverb ~]# chmod 775 /home/student/grading/review2

 Use the chmod command to apply the stickybit special permission on

/home/student/grading/review2.

[root@serverb ~]# chmod o+t /home/student/grading/review2

Lab: Configuring and Managing a Server

Generate SSH keys for the user student on serverb. Do not protect the private key with a
passphrase.

ssh student@serverb

Use the ssh-keygen command to generate the SSH keys for the user student. The private and
public key files should be named /home/student/.ssh/review3_key and
/home/student/.ssh/review3_key.pub respectively.

ssh-keygen

On servera, configure the user student to accept logins authenticated by the SSH key pair you
created for the user student on serverb. The user student on serverb should be able to log in
to servera using SSH without entering a password.

ssh-copy-id -i .ssh/review3_key.pub student@servera

ssh -i .ssh/review3_key student@servera

On serverb, configure the sshd service to prevent users from logging in as root via SSH.

1. Set the parameter PermitRootLogin to no in the /etc/ssh/sshd_config. You may

use the command sudo vim /etc/ssh/sshd_config to edit the configuration file.

2. Reload the sshd service.

 [student@serverb ~]$ sudo systemctl reload sshd.service

On serverb, configure the sshd service to prevent users from using their passwords to log in. Users
should still be able to authenticate logins using an SSH key pair.

 On serverb, configure the sshd service to prevent users from using their passwords to
log in. Users should still be able to authenticate logins using their private key of the SSH key
pair.

1. Set the parameter PasswordAuthentication to no in the /etc/ssh/sshd_config.

You may use the command sudo vim /etc/ssh/sshd_config to edit the configuration
file.

2. Use the sudo systemctl command to reload the sshd service.

[student@serverb ~]$ sudo systemctl reload sshd.service

Create a tar archive named /tmp/log.tar containing the contents of /var/log on serverb.
Remotely transfer the tar archive to /tmp directory on servera, authenticating as student using
the student user’s private key of the SSH key pair.

Use the sudo tar command to create an archive named /tmp/log.tar as the superuser
containing the contents of /var/log.

[student@serverb ~]$ sudo tar -cvf /tmp/log.tar /var/log

scp -i .ssh/review3_key /tmp/log.tar student@servera:/tmp

Configure the rsyslog service on serverb to log all messages it receives that have the priority
level of debug or higher to the file /var/log/grading-debug. This configuration should be set in
an /etc/rsyslog.d/grading-debug.conf file, which you need to create.

 Create the file /etc/rsyslog.d/grading-debug.conf with the following content. You

may use the sudo vim /etc/rsyslog.d/grading-debug.conf to create the file.
*.debug /var/log/grading-debug

 Use the sudo systemctl command to restart the rsyslog service.

[student@serverb ~]$ sudo systemctl restart rsyslog.service

 Use the logger command to generate the log message Debug Testing having priority
debug.

[student@serverb ~]$ logger -p debug Debug Testing

 Confirm that the log message Debug Testing is saved in the /var/log/grading-debug
file.

[student@serverb ~]$ sudo tail /var/log/grading-debug

...output omitted...

Install the zsh package, available in the BaseOS repository, on serverb.

sudo yum install zsh

Enable the default module stream for the module python36 and install all provided packages from
that stream on serverb.

sudo yum module install python36

Set the timezone of serverb to Asia/Kolkata.

sudo timedatectl set-timezone Asia/Kolkata

Lab: Managing Networks

Determine the name of the Ethernet interface and its active connection profile on serverb.

On serverb, create a new connection profile called static for the available Ethernet
interface. Set the network settings statically so that it does not use DHCP. Base the settings
on the following table:
IPv4 address 172.25.250.111
Netmask 255.255.255.0
Gateway 172.25.250.254
DNS server 172.25.250.254

sudo nmcli connection add con-name static type ethernet \

ifname enX ipv4.addresses '172.25.250.111/24' ipv4.gateway '172.25.250.254'
\
ipv4.dns '172.25.250.254' ipv4.method manual

 Use the nmcli command to activate the new connection settings.

[student@serverb ~]$ sudo nmcli connection up static

Ensure that the host name of serverb is statically set to server-review4.lab4.example.com.

sudo hostnamectl set-hostname server-review4.lab4.example.com

[student@serverb ~]$ hostname

On serverb, set client-review4 as the canonical host name for the IPv4 address
172.25.250.10 of the host servera.lab.example.com.

 Edit the /etc/hosts file to add client-review4 as a name for the 172.25.250.10 IPv4
address.

172.25.250.10 servera.lab.example.com servera client-review4

Use the ping command to verify that you can reach 172.25.250.10 using the canonical host
name client-review4.

[student@serverb ~]$ ping -c2 client-review4

Configure the additional IPv4 address 172.25.250.211 with the netmask 255.255.255.0 on the
same interface of serverb that has the existing static network settings. Do not remove the existing
IPv4 address. Make sure that serverb responds to all addresses when the connection you statically
configured on its interface is active.

 Use the nmcli command to add the new IP address.

[student@serverb ~]$ sudo nmcli connection modify static \

+ipv4.addresses '172.25.250.211/24'
Use the nmcli command to activate the new IP address.

sudo nmcli connection up static

From workstation, use the ping command to verify that the IPv4 address 172.25.250.211
can be reached.

[student@workstation ~]$ ping -c2 172.25.250.211

On serverb, restore the original settings by activating the original network connection.

1. Return to the console and use the nmcli command to activate the original network
profile.

[student@serverb ~]$ sudo nmcli connection up "Wired connection 1"

Lab: Mounting Filesystems and Finding Files

In this review, you will mount a file system and locate files based on different criteria.

1) On serverb, mount the idle block device containing the XFS file system on the /review5-disk
directory.

Use the lsblk -fs command to determine the idle block device containing the XFS file system.

[student@serverb ~]$ lsblk -fs

NAME FSTYPE LABEL UUID MOUNTPOINT
...output omitted...
vdb1 xfs 3d97c5ef-23e7-4c1c-a9be-d5c475b3d0d5
└─vdb
...output omitted...

Use the sudo mkdir command to create the /review5-disk directory as the superuser.
When the sudo command prompts you for a password, give the password student.

[student@serverb ~]$ sudo mkdir /review5-disk

 Use the sudo mount command to mount the vdb1 block device on the /review5-disk
directory as the superuser.

[student@serverb ~]$ sudo mount /dev/vdb1 /review5-disk

 Verify that the vdb1 block device is successfully mounted on the /review5-disk
directory.

[student@serverb ~]$ df -Th

2) On serverb, locate the file named review5-path. Record its absolute path in the /review5-
disk/review5-path.txt text file.

Use the find command to locate the file called review5-path. Redirect all the errors of the
find command to /dev/null. This redirection allows you to discard any error from the
output of the find command.

[student@serverb ~]$ find / -iname review5-path 2>/dev/null

/var/tmp/review5-path

You may use the sudo vim /review5-disk/review5-path.txt command to create the text file.
Type :wq! from the command mode in vim to save the changes and quit from the file. The
following output shows the content of the /review5-disk/review5-path.txt text file.

/var/tmp/review5-path

3) On serverb, locate all the files having contractor1 and contractor as the owning user and
group, respectively. The files must also have the octal permissions of 640. Save the list of these files
in /review5-disk/review5-perms.txt.

[student@serverb ~]$ find / -user contractor1 \

-group contractor \
-perm 640 2>/dev/null

/usr/share/review5-perms

You may use the sudo vim /review5-disk/review5-perms.txt command to create the text
file. Type :wq! from the command mode in vim to save the changes and quit from the file.
The following output shows the content of the /review5-disk/review5-perms.txt text
file.

/usr/share/review5-perms
4) On serverb, locate all files 100 bytes in size. Save the absolute paths of these files in /review5-
disk/review5-size.txt.

[student@serverb ~]$ find / -size 100c 2>/dev/null

You may use the sudo vim /review5-disk/review5-size.txt command to create the text file.
Type :wq! from the command mode in vim to save the changes and quit from the file. The
/review5-disk/review5-size.txt text file should contain the absolute path to the
review5-size file among other paths.

...output omitted...
/opt/review5-size
...output omitted...