Linux System Engineer Final Review
Senior Vice President of Content
This activity is meant to function as a practical exam to review the major subjects covered in the Linux Foundation Certified System Engineer course that a student is likely to come across during that exam. At the end of this activity, the student should have a good idea of some of the topics they may need to review further before sitting for that exam.
SETUP - In order to complete the tasks in this review, there are a number of ports that need to be open between the two systems. Using the 'IPTABLES' firewall running on 'EXAM REVIEW SERVER', configure the following TCP and UDP ports to answer to any requests:
- ports 80, 443, 8080, 20, 21, 22, 25, 3489, 5901
- use ncat to test client/server connectivity on those ports
NOTE: confirm these ports are open, failure to open any of these ports will cause the activities in many of the following tasks to seemingly fail despite otherwise valid configurations
On the system labled "EXAM REVIEW SERVER", install the 'git' version control software package from the configured repositories. Create a new, empty local repository on the server in the /home/cloud_user directory. This new repository should exist in a directory called 'mysite' at that location. Once the repository is initialized, set the global user and email in the Git configuration. Finally, create a new file called README.md populated with whatever text you wish, add that file to the repository and commit the changes with a comment that simply says "Version 1".
User account 'cloud_user' has been deployed to both servers you have access to. On the system called "EXAM REVIEW SERVER", create an SSH key, but do NOT set a password for the key. Once created, exchange that SSH key with the same user on the system called "EXAM CLIENT". You can use any method of key exchange you wish as long as the result ends up that the 'cloud_user' is able to SSH from "EXAM REVIEW SERVER" to "EXAM CLIENT" without any password at all.
You are tasked with creating reports on a number of system performance metrics on the system called "EXAM REVIEW SERVER". Using the appropriate utilities, create three reports that will be stored in the /home/cloud_user directory as follows:
- Top 10 running processes on the system, including the process owner - log in a file called 'process-lisst.txt'
- Used, Free and Cached memory values - log in a file called 'mem-stats.txt'
- System Load Numbers, in 5 second increments, over a period of 30 seconds - log in a file called 'sys-log.txt'
Install the 'iptraf' package and use it to capture all traffic from any end point to the system called "EXAM REVIEW SERVER" over a 1 minute period. Maintain the default location and log file that the tool uses.
Within the /home/cloud_user directory, you will find an RPM package that contains a new kernel version that the system 'EXAM REVIEW CLIENT’ needs to be updated with. Update the 'EXAM CLIENT' system with that new kernel package and reboot to make sure the new kernel is applied.
Log in to the system called 'EXAM CLIENT'. Run the appropriate command(s) to completely update the system and all packages to the very latest versions available in the default repositories. Once the system is updated, execute the command that will clear any cached packages on the system in order to save disk space.
Install the latest Apache HTTP server on the system called 'EXAM REVIEW SERVER'. Once that has been installed, accept the defaults of the configuration and enable and start the service as appropriate. You will find a directory called ‘newsiteyum’ in the /home/cloud_user directory that contains some site files. Move that directory to the standard default web server directory for Apache. Verify that the site files are not accessible through a browser on the system called 'EXAM CLIENT'. Troubleshoot why those files are not accessible despite being in the appropriate directory. Take the necessary security steps to adjust those file's configuration settings so the system will allow them to be accessed by the web service and visible through a browser on a remote system.
Web traffic between the system called 'EXAM CLIENT' and the system called 'EXAM REVIEW SERVER' needs to be configured to be tunneled over port 8080, but the 'EXAM REVIEW SERVER' system web service is listening on port 80. Using SSH tunneling, create a secure tunnel between the two servers so that calls from port 8080 will receive a response on port 80 from the system 'EXAM REVIEW SERVER'.
On the 'EXAM REVIEW SERVER', install and configure the Postfix SMTP server. The server should allow forwarding of emails that are sent to it using the full IP address of the server itself rather than just localhost. Using any mail client you choose, test this by sending an email from root@[Private IP of EXAM REVIEW SERVER] to cloud_user@[Private IP of EXAM REVIEW SERVER]. Verify that this shows up in the cloud_user account's email queue.
Working with the Logical Volume Management system on 'EXAM REVIEW SERVER', you will need to find the device names of the (3) 20gb unconfigured block devices on the system. Using the FIRST TWO 20gb devices, assemble them as appropriate for use as a LVM filesystem. They should assemble into a single 40gb filesystem once completed, into a logical volume called 'mydata'. Once this logical volume is complete, format the filesystem as EXT4. Create a new directory called '/mnt/data' and mount the filesystem at that location. Make sure the filesystem shows as mounted. Finally, add an appropriate entry in the /etc/fstab file so that the new logical volume is mounted at that location when the system is restarted.
Using the remaining 20gb block devices on the 'EXAM REVIEW SERVER', create a 20gb block device that an iSCSI Initiator (client) can use. The target iSCSI configuration does not need to be secured by a username or password, but the client reference on the iSCSI Client called 'EXAM CLIENT' should be referred to as a client (designated by the ":client" at the end of the IQN). Be sure the appropriate iSCSI packages are installed on both servers and the services are enabled and started. Verify the client is able to connect to and discover the iSCSI target, but you do not otherwise need to format or mount the device.
As a final step for this review, you will need to add an access control to the SSH service on the 'EXAM REVIEW SERVER'. The last step should be for you to DENY SSH connections coming from the 'EXAM CLIENT' Private IP address to the 'EXAM REVIEW SERVER'. Be sure to reload the SSH service and verify the 'EXAM CLIENT' can no longer connect. Do NOT use a firewall rule, the port mapper access control files will be needed for this step.