RHCSA / Ispit

Ishodi 5, 7, 8 i 9 – Walkthrough

Kompletan redoslijed komandi za više ishoda, složen točno po zadacima iz ispita, bez preskakanja i s uključenim realnim fixevima koje si otkrio tijekom vježbe.

Ishod 5

DNS + resolv.conf + Postfix + telnet slanje maila

Idi na Ishod 5

Ishod 7

fdisk + PV/VG/LV + RAID1 + NFS + fix za permission denied

Idi na Ishod 7

Ishod 8

MySQL / MariaDB + PostgreSQL verzija

Idi na Ishod 8

Ishod 9

Regex, find, procesi, limits, Apache, SELinux, port 99 i VirtualHost

Idi na Ishod 9

Ishod 5 – DNS + Mail

Zadatak 1 — SERVERA (DNS)

1. Instalacija dnsmasq

sudo dnf install dnsmasq -y

2. Konfiguracija

sudo vim /etc/dnsmasq.d/ispit.conf

domain=ispitna.local
local=/ispitna.local/
listen-address=0.0.0.0
address=/aplikacija.ispitna.local/172.25.250.11
address=/wiki.ispitna.local/172.25.250.11
address=/serverb.ispitna.local/172.25.250.11
mx-host=ispitna.local,serverb.ispitna.local,10

Napomena: listen-address=0.0.0.0 je važan zato da SERVERA odgovara drugim strojevima na portu 53, a ne samo lokalno.

3. Pokretanje servisa

sudo systemctl enable --now dnsmasq
sudo systemctl restart dnsmasq

4. Firewall (prema zadatku)

sudo systemctl stop firewalld

5. Provjera porta 53

ss -tuln | grep :53

6. Lokalni test na SERVERA

nslookup aplikacija.ispitna.local localhost
nslookup -type=mx ispitna.local localhost

Zadatak 2 — WORKSTATION (DNS klijent)

1. Omogućavanje uređivanja resolv.conf

sudo chattr -i /etc/resolv.conf

2. Postavljanje DNS servera

sudo vim /etc/resolv.conf

nameserver 172.25.250.10

3. Test DNS upita

nslookup aplikacija.ispitna.local
nslookup wiki.ispitna.local
nslookup -type=mx ispitna.local
nslookup serverb.ispitna.local

Zadatak 3 — SERVERB (Mail server)

1. Instalacija Postfixa

sudo dnf install postfix -y

2. Kreiranje korisnika

sudo useradd ishod3

3. Konfiguracija Postfixa

sudo vim /etc/postfix/main.cf

myhostname = serverb.ispitna.local
mydomain = ispitna.local
myorigin = $mydomain
inet_interfaces = all
inet_protocols = ipv4
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
mynetworks = 127.0.0.0/8, 172.25.250.0/24
home_mailbox = Maildir/

Važno: mydestination mora uključivati $mydomain, inače dobivaš Relay access denied za ishod3@ispitna.local.

4. Pokretanje Postfixa

sudo systemctl enable --now postfix
sudo systemctl restart postfix

5. Provjera porta 25

ss -tuln | grep :25

6. Provjera aktivnih Postfix postavki

postconf myhostname
postconf mydomain
postconf mydestination
postconf inet_interfaces
postconf mynetworks

Slanje maila s WORKSTATION preko telnet

1. Spajanje na SMTP

telnet serverb.ispitna.local 25

2. SMTP dijalog

HELO workstation
MAIL FROM:<student@ispitna.local>
RCPT TO:<ishod3@ispitna.local>
DATA
Subject: Test

Ovo je test poruka.
.
QUIT

3. Provjera pristiglog maila na SERVERB

ls -R /home/ishod3/Maildir
cat /var/spool/mail/ishod3

# SERVERA
ss -tuln | grep :53
nslookup -type=mx ispitna.local localhost

# WORKSTATION
nslookup aplikacija.ispitna.local
nslookup -type=mx ispitna.local

# SERVERB
ss -tuln | grep :25

# BONUS
telnet serverb.ispitna.local 25

Ishod 7 – LVM + RAID1 + NFS

Zadatak 1 — PV + VG (fdisk)

1. Provjera diskova

lsblk

2. fdisk — disk 1

sudo fdisk /dev/sdb

n
p
1
ENTER
+3G
t
8e
w

3. fdisk — disk 2

sudo fdisk /dev/sdc

n
p
1
ENTER
+3G
t
8e
w

4. fdisk — disk 3

sudo fdisk /dev/sdd

n
p
1
ENTER
+3G
t
8e
w

5. Kreiranje PV

sudo pvcreate /dev/sdb1 /dev/sdc1 /dev/sdd1

6. Kreiranje VG

sudo vgcreate vg-grupa /dev/sdb1 /dev/sdc1 /dev/sdd1

7. Extent size 1MB

sudo vgchange -s 1M vg-grupa

8. Provjera

pvs
vgs

Zadatak 2 — LV 200MB

1. Kreiranje LV

sudo lvcreate -L 200M -n lvm-volume vg-grupa

2. Filesystem

sudo mkfs.xfs /dev/vg-grupa/lvm-volume

3. Mount point

sudo mkdir -p /lvm/ishod7

4. Mount

sudo mount /dev/vg-grupa/lvm-volume /lvm/ishod7

5. Provjera

df -h

Zadatak 3 — RAID1 LV

1. Kreiranje RAID1 LV

sudo lvcreate --type raid1 -m 1 -L 1G -n raid1-volume vg-grupa

2. Filesystem

sudo mkfs.xfs /dev/vg-grupa/raid1-volume

3. Mount point

sudo mkdir -p /lvm/raid1

4. Mount

sudo mount /dev/vg-grupa/raid1-volume /lvm/raid1

5. Provjera

lvs
df -h

Zadatak 4 — NFS SERVER (SERVERB)

1. Instalacija

sudo dnf install nfs-utils -y

2. Pokretanje

sudo systemctl enable --now nfs-server

3. Export konfiguracija

sudo vim /etc/exports

/lvm/ishod7 *(rw)
/lvm/raid1 *(ro)

4. Primjena exporta

sudo exportfs -rav

5. Firewall

sudo systemctl stop firewalld

6. Provjera exporta

showmount -e

Client (SERVERA ili WORKSTATION)

1. Mount RW

sudo mkdir -p /mnt/test-ishod7
sudo mount SERVERB:/lvm/ishod7 /mnt/test-ishod7

2. Mount RO

sudo mkdir -p /mnt/test-raid1
sudo mount SERVERB:/lvm/raid1 /mnt/test-raid1

3. Test

touch /mnt/test-ishod7/test.txt
touch /mnt/test-raid1/test.txt

Fix za Permission Denied na /mnt/test-ishod7

1. Vlasništvo na SERVERB

sudo chown student:student /lvm/ishod7

2. Prava na SERVERB

sudo chmod 775 /lvm/ishod7

3. Provjera UID na oba servera

id student

4. Ponovna primjena exporta

sudo exportfs -rav

Napomena: no_root_squash pomaže samo ako pišeš kao root. U tvom slučaju pravi fix je bio ownership + chmod.

Najčešće NFS opcije koje te mogu dočekati na ispitu

/lvm/ishod7 *(rw)
/lvm/raid1 *(ro)
/lvm/ishod7 *(rw,no_root_squash)
/lvm/ishod7 192.168.1.0/24(rw)
/lvm/ishod7 servera(rw)
/lvm/ishod7 *(rw,sync)
/lvm/ishod7 *(rw,anonuid=1000,anongid=1000)
/lvm/ishod7 *(rw,no_subtree_check)

# Ako vidiš Permission denied:
ls -ld /lvm/ishod7
id student
cat /etc/exports
exportfs -rav

lsblk
pvs
vgs
lvs
df -h
showmount -e

Ishod 8 – MySQL / MariaDB

Zadatak 1 — Instalacija

sudo dnf install mysql-server -y
sudo systemctl enable --now mysqld
systemctl status mysqld
ss -tuln | grep :3306

Zadatak 2 — examDB + dbuser

mysql

CREATE DATABASE examDB;
CREATE USER 'dbuser'@'%' IDENTIFIED BY 'redhat';
GRANT ALL PRIVILEGES ON examDB.* TO 'dbuser'@'%';
FLUSH PRIVILEGES;

SELECT user, host FROM mysql.user;
SHOW GRANTS FOR 'dbuser'@'%';

Važno: 'dbuser'@'localhost' i 'dbuser'@'%' su različiti korisnici. Ako vidiš ERROR 1410 — moraš posebno kreirati '%'.

Remote pristup (ako treba)

sudo vim /etc/my.cnf

bind-address=0.0.0.0

sudo systemctl restart mysqld

Zadatak 3 — tablica + tableuser

USE examDB;

CREATE TABLE examTable1 (
    id INT
);

CREATE USER 'tableuser'@'localhost' IDENTIFIED BY 'redhat';
GRANT ALL PRIVILEGES ON examDB.examTable1 TO 'tableuser'@'localhost';
FLUSH PRIVILEGES;

SHOW GRANTS FOR 'tableuser'@'localhost';

Zadatak 4 — backup

EXIT;

sudo mkdir -p /db-backups
mysqldump examDB > /db-backups/examDB.sql
ls -l /db-backups

Zadatak 5 — restore

mysql
CREATE DATABASE newExamDB;
EXIT;

mysql newExamDB < /db-backups/examDB.sql

mysql
SHOW DATABASES;
USE newExamDB;
SHOW TABLES;
EXIT;

# Problemi
ERROR 1410 → create user '%'
ne radi remote → bind-address
port → ss -tuln | grep :3306
firewall → systemctl stop firewalld

Ishod 8 – PostgreSQL verzija

Instalacija i pokretanje

sudo dnf install postgresql-server -y
sudo postgresql-setup --initdb
sudo systemctl enable --now postgresql
systemctl status postgresql
ss -tuln | grep :5432

Omogućavanje remote pristupa

sudo vim /var/lib/pgsql/data/postgresql.conf
# postavi:
listen_addresses = '*'

sudo vim /var/lib/pgsql/data/pg_hba.conf
# dodaj:
host    all    all    172.25.250.0/24    md5

sudo systemctl restart postgresql

Kreiranje baze i korisnika

sudo -u postgres psql

CREATE DATABASE "examDB";
CREATE USER dbuser WITH PASSWORD 'redhat';
GRANT ALL PRIVILEGES ON DATABASE "examDB" TO dbuser;
\q

Prava unutar baze

sudo -u postgres psql -d examDB

GRANT USAGE, CREATE ON SCHEMA public TO dbuser;
GRANT ALL PRIVILEGES ON ALL TABLES IN SCHEMA public TO dbuser;
ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT ALL ON TABLES TO dbuser;
\q

Tablica i tableuser

sudo -u postgres psql -d examDB

CREATE TABLE "examTable1" (id integer);

CREATE USER tableuser WITH PASSWORD 'redhat';
GRANT CONNECT ON DATABASE "examDB" TO tableuser;
GRANT USAGE ON SCHEMA public TO tableuser;
GRANT ALL PRIVILEGES ON TABLE "examTable1" TO tableuser;
\q

Backup

sudo mkdir -p /db-backups
sudo -u postgres pg_dump examDB > /db-backups/examDB.sql

Restore

sudo -u postgres psql -c 'CREATE DATABASE "newExamDB";'
sudo -u postgres psql newExamDB < /db-backups/examDB.sql

Šalabahter (psql)

\l
\du
\c examDB
\dt
\d examTable1
\z examTable1
\q

# Problemi
ne radi remote → listen_addresses + pg_hba.conf
nema prava → GRANT na schema public
port → ss -tuln | grep :5432

Ishod 9 – Regex, procesi, limiti, Apache i SELinux

Zadatak 1 — Broj linija koje počinju s `bird`

grep -c '^bird' /usr/share/dict/words

Objašnjenje: -c broji podudarne linije, a ^bird znači da linija mora početi s bird.

Zadatak 2 — Linije koje sadrže `food` + broj reda

grep -n 'food' /usr/share/dict/words

Objašnjenje: -n dodaje broj reda, a food se može nalaziti bilo gdje u liniji.

Zadatak 3 — Riječi s točno 12 znakova

grep -E '^.{12}$' /usr/share/dict/words

Regex logika: ^ početak linije, . bilo koji znak, {12} točno 12 puta, $ kraj linije. Dakle, cijela linija mora imati točno 12 znakova.

Mini REGEX šalabahter za ispit

^      početak linije
$      kraj linije
.      bilo koji jedan znak
*      0 ili više puta
+      1 ili više puta
?      0 ili 1 put
{N}    točno N puta
{N,}   najmanje N puta
{N,M}  između N i M puta
[a-z]  raspon znakova
[^a]   sve osim navedenog
|      ili

# Primjeri
grep -E '^pre' file
grep -E 'ing$' file
grep -E '^.{5}$' file
grep -E '^[0-9]+$' file
grep -E '^[a-zA-Z]+$' file
grep -E 'cat|dog' file

Zadatak 4 — Datoteke koje završavaju s `.config`

find / -name '*.config'
find / -name '*.config' 2>/dev/null

Objašnjenje: navodnici oko '*.config' su važni da shell ne proširi wildcard prije naredbe find.

Zadatak 5 — Status `sshd`

systemctl status sshd
ps -C sshd -o pid,user,stat,cmd

Objašnjenje: systemctl status daje status servisa, a ps daje stvarni proces.

Zadatak 6 — Status MySQL procesa

ps -C mysqld -o pid,user,%cpu,%mem,stat,cmd
pgrep mysqld
ps aux | grep -v grep | grep mysqld

STAT stupac: S = sleeping, s = session leader, l = multithreaded. Primjer Ssl znači da je proces u normalnom idle stanju za server, glavni je proces svoje sesije i koristi više dretvi.

# Česta zamka
ps aux | grep mysqld
# ako vidiš samo grep mysqld, to NIJE pravi MySQL proces

Zadatak 7 — Najniži prioritet za `mysqld`

pgrep mysqld
ps -C mysqld -o pid,ni,cmd
renice -n 19 -p PID
ps -p PID -o pid,ni,cmd

Objašnjenje: nice raspon je od -20 do 19. Vrijednost 19 znači najniži prioritet.

Zadatak 8 — Limit otvorenih datoteka za korisnika `ishod3_remote`

sudo vim /etc/security/limits.d/ishod3_remote.conf

ishod3_remote soft nofile 12000
ishod3_remote hard nofile 12000

su - ishod3_remote
ulimit -n

Objašnjenje: soft je aktivni limit sesije, hard je gornja granica.

Zadatak 9 — Apache osnovno pokretanje i provjera

sudo dnf install httpd -y
sudo systemctl enable --now httpd
systemctl status httpd
ss -tulpn | grep :80
sudo ss -tulpn | grep :80
curl http://localhost

Važno: ako Firefox forsira https://localhost, to ne znači da Apache ne radi. Za ispit je curl http://localhost bolji dokaz.

Zadatak 10 — Apache + SELinux Enforcing + dokaz nakon restarta

getenforce
setenforce 1
sudo vim /etc/selinux/config

SELINUX=enforcing
SELINUXTYPE=targeted

systemctl status httpd
curl http://localhost
reboot

# nakon restarta
getenforce
systemctl status httpd
curl http://localhost

Logika: za ovaj zadatak nije nužno mijenjati DocumentRoot. Default /var/www/html već ima ispravan SELinux context.

Zadatak 11 — Apache na portu 99 uz SELinux

sudo vim /etc/httpd/conf.d/port99.conf

Listen 99

semanage port -l | grep http_port_t
sudo semanage port -a -t http_port_t -p tcp 99
# ako port već postoji s drugim tipom:
sudo semanage port -m -t http_port_t -p tcp 99

sudo firewall-cmd --add-port=99/tcp --permanent
sudo firewall-cmd --reload
httpd -t
sudo systemctl restart httpd
systemctl status httpd
curl http://localhost:99
sudo ss -tulpn | grep :99

Logika: ovdje je problem port, ne direktorij. Zato je ključna naredba semanage port.

Zadatak 12 — VirtualHost + `/webapp` + SELinux

sudo mkdir -p /webapp
echo 'OVO JE WEBAPP INDEX STRANICA' | sudo tee /webapp/index.html
ls -l /webapp
cat /webapp/index.html

sudo semanage fcontext -a -t httpd_sys_content_t '/webapp(/.*)?'
sudo restorecon -Rv /webapp
ls -Zd /webapp
ls -Z /webapp

sudo vim /etc/httpd/conf.d/webapp.conf

<VirtualHost *:99>
    DocumentRoot "/webapp"

    <Directory "/webapp">
        Require all granted
    </Directory>
</VirtualHost>

httpd -t
sudo systemctl restart httpd
systemctl status httpd
curl http://localhost:99

# Ako dobiješ default Red Hat page umjesto /webapp sadržaja
ls /etc/httpd/conf.d/welcome.conf
sudo mv /etc/httpd/conf.d/welcome.conf /etc/httpd/conf.d/welcome.conf.bak
sudo systemctl restart httpd
curl http://localhost:99

Logika: ovdje je problem direktorij, ne port. Zato su ključne naredbe semanage fcontext + restorecon.

Konačni pregled svih komandi za Ishod 9

grep -c '^bird' /usr/share/dict/words
grep -n 'food' /usr/share/dict/words
grep -E '^.{12}$' /usr/share/dict/words
find / -name '*.config' 2>/dev/null
systemctl status sshd
ps -C sshd -o pid,user,stat,cmd
ps -C mysqld -o pid,user,%cpu,%mem,stat,cmd
pgrep mysqld
ps -C mysqld -o pid,ni,cmd
renice -n 19 -p PID
sudo vim /etc/security/limits.d/ishod3_remote.conf
su - ishod3_remote
ulimit -n
sudo dnf install httpd -y
sudo systemctl enable --now httpd
getenforce
setenforce 1
sudo vim /etc/selinux/config
sudo vim /etc/httpd/conf.d/port99.conf
sudo semanage port -a -t http_port_t -p tcp 99
sudo firewall-cmd --add-port=99/tcp --permanent
sudo firewall-cmd --reload
sudo mkdir -p /webapp
echo 'OVO JE WEBAPP INDEX STRANICA' | sudo tee /webapp/index.html
sudo semanage fcontext -a -t httpd_sys_content_t '/webapp(/.*)?'
sudo restorecon -Rv /webapp
sudo vim /etc/httpd/conf.d/webapp.conf
httpd -t
sudo systemctl restart httpd
curl http://localhost
curl http://localhost:99
sudo ss -tulpn | grep :80
sudo ss -tulpn | grep :99