1st post - System Management and Configuration
Network services
Network services are an important subset of the exam objectives. RHCE candidates should be capable of meeting the following objectives for each of the network services listed below:
- Install the packages needed to provide the service.
- Configure SELinux to support the service.
- Configure the service to start when the system is booted.
- Configure the service for basic operation.
- Configure host-based and user-based security for the service.
User should be able to do the following for all these services:
- http/https
- dns
- ftp
- nfs
- smb
- smtp
- ssh
- ntp
FTP
An ftp-server is also quite easy to test. You can test it from many web-browsers, telnet, ftp, lftp or a myriad of other clients.
-
Install the packages needed to provide the service.
-
yum install vsftpd
-
Configure SELinux to support the service
-
this might be more interesting, you may need to do some magic here for sharing files
-
getsebool -a|grep ftp
-
Configure the service to start when the system is booted.
-
chkconfig vsftpd on
-
Configure the service for basic operation.
-
for basic - only open firewall then start the service
-
that is enough for anonymous read to /var/ftp/pub/
-
cp /root/anaconda-ks.cfg /var/ftp/pub/
-
chmod 755 /var/ftp/pub/anaconda-ks.cfg
-
Configure host-based and user-based security for the service
-
iptables to deny hosts
- you can deny users by putting them in /etc/vsftpd/ftp_users and/or user_list
- in vsftpd.conf there is a tcp_wrappers variable
Extra
-
Configure anonymous-only download
-
Deny all other users :)