1) configure your systems that should be running Enforcing
Solution:
[root@server ~]# vim /etc/selinux/config
SELINUX=enforcing
[root@server ~]# reboot
after reboot check that selinux status using following command
[root@server ~]# getenforce
Enforcing
Do the same for desktop machine also....
2) configure repository
--->create a repository for your virtual machines
--->The url is http://station.network0.example.com/content/rhel7.0/x86_64/dvd
Solution:
[root@server ~]# vim /etc/yum.repos.d/server.repos
[server]
name= Siratun Jannat
baseurl= http://station.network0.example.com/content/rhel7.0/x86_64/dvd
gpgcheck= 0
[root@server ~]# yum clean all
[root@server ~]# yum repolist
Do the same for desktop machine also....
3) ssh configuration
--->configure ssh access on your virtual machines as follows
--->clients witin my22ilt.org shouldnot access to ssh on your systems
Solution:
[root@server ~]#yum install openssh-server
[root@server ~]#systemctl start sshd
[root@server ~]#yum enable sshd
[root@server ~]#firewall-cmd --permanent --add-service=ssh
[root@server ~]#firewall-cmd --reload
[root@server ~]#firewall-config
-->Permanent
-->Rich Rule
-->add-->ipv4 (family)
-->element -->service -->ssh
-->action -->reject
-->source Address-->172.16.0.0/24 --(my22ilt.org )
--> reload firewalld
Now check firewall list that rules applied or not using following command
[root@server ~]#firewall-cmd --list-all
Do the same for desktop machine also....
4) configure port forwarding.
--->configure serverX to forward traffic incoming on port 80/tcp from desktop to port on 5243/tcp.
Solution:
[root@server ~]#firewall-config
-->Permanent
-->Rich Rule
-->add-->ipv4 (family)
-->element -->port-forward
-->source-->protocol-->tcp
-->port/port Range 5243
-->Local Forwarding 22
-->source Address-->172.16.25.0/24 --(Server IP )
--> reload firewalld
[root@server ~]# firewall-cmd --list-all
rich rules:
rule family="ipv4" source address="172.16.25.0/24" forward-port port="5243" protocol="tcp" to-port="22"
[root@server ~]#
5) simple command
--->create a command called qsatat on both serverX and desktopX
--->It should able to execute the following command
(ps -eo pid,tid,class,rtprio,ni,pri,psr,pcpu,stat,wchan:14,comm)
---> The command should be executable by all users
Solution:
[root@server ~]#vim /etc/bashrc
qstat()
{
ps -eo pid,tid,class,rtprio,ni,pri,psr,pcpu,stat,wchan:14,comm
}
[root@server ~]#source /etc/bashrc
[root@server ~]#qstat
Do the same for desktop machine also....
6) configure ipv6 network
--->create eth0 with a static ipv6 addresses as follows
--->configure a static ipv6 address in serverX as fddb:fe2a:ab1e::c0a8:64/64
--->desktop as fddb:fe2a:ab1e::c0a8:02/64
Solution:
--Server Machine---
[root@server ~]# nmcli connection modify eno16777736 ipv6.addresses fddb:fe2a:ab1e::c0a8:64/64 ipv6.method static connection.autoconnect yes
[root@server ~]# nmcli connection down eno16777736;nmcli connection up eno16777736
[root@server ~]#ping6 fddb:fe2a:ab1e::c0a8:64
--Desktop Machine---
[root@server ~]# nmcli connection modify eno16777736 ipv6.addresses fddb:fe2a:ab1e::c0a8:02/64 ipv6.method static connection.autoconnect yes
[root@server ~]# nmcli connection down eno16777736;nmcli connection up eno16777736
[root@server ~]#ping6 fddb:fe2a:ab1e::c0a8:02
Solution:
[root@server ~]# vim /etc/selinux/config
SELINUX=enforcing
[root@server ~]# reboot
after reboot check that selinux status using following command
[root@server ~]# getenforce
Enforcing
Do the same for desktop machine also....
2) configure repository
--->create a repository for your virtual machines
--->The url is http://station.network0.example.com/content/rhel7.0/x86_64/dvd
Solution:
[root@server ~]# vim /etc/yum.repos.d/server.repos
[server]
name= Siratun Jannat
baseurl= http://station.network0.example.com/content/rhel7.0/x86_64/dvd
gpgcheck= 0
[root@server ~]# yum clean all
[root@server ~]# yum repolist
Do the same for desktop machine also....
3) ssh configuration
--->configure ssh access on your virtual machines as follows
--->clients witin my22ilt.org shouldnot access to ssh on your systems
Solution:
[root@server ~]#yum install openssh-server
[root@server ~]#systemctl start sshd
[root@server ~]#yum enable sshd
[root@server ~]#firewall-cmd --permanent --add-service=ssh
[root@server ~]#firewall-cmd --reload
[root@server ~]#firewall-config
-->Permanent
-->Rich Rule
-->add-->ipv4 (family)
-->element -->service -->ssh
-->action -->reject
-->source Address-->172.16.0.0/24 --(my22ilt.org )
--> reload firewalld
Now check firewall list that rules applied or not using following command
[root@server ~]#firewall-cmd --list-all
Do the same for desktop machine also....
4) configure port forwarding.
--->configure serverX to forward traffic incoming on port 80/tcp from desktop to port on 5243/tcp.
Solution:
[root@server ~]#firewall-config
-->Permanent
-->Rich Rule
-->add-->ipv4 (family)
-->element -->port-forward
-->source-->protocol-->tcp
-->port/port Range 5243
-->Local Forwarding 22
-->source Address-->172.16.25.0/24 --(Server IP )
--> reload firewalld
[root@server ~]# firewall-cmd --list-all
rich rules:
rule family="ipv4" source address="172.16.25.0/24" forward-port port="5243" protocol="tcp" to-port="22"
[root@server ~]#
5) simple command
--->create a command called qsatat on both serverX and desktopX
--->It should able to execute the following command
(ps -eo pid,tid,class,rtprio,ni,pri,psr,pcpu,stat,wchan:14,comm)
---> The command should be executable by all users
Solution:
[root@server ~]#vim /etc/bashrc
qstat()
{
ps -eo pid,tid,class,rtprio,ni,pri,psr,pcpu,stat,wchan:14,comm
}
[root@server ~]#source /etc/bashrc
[root@server ~]#qstat
Do the same for desktop machine also....
6) configure ipv6 network
--->create eth0 with a static ipv6 addresses as follows
--->configure a static ipv6 address in serverX as fddb:fe2a:ab1e::c0a8:64/64
--->desktop as fddb:fe2a:ab1e::c0a8:02/64
Solution:
--Server Machine---
[root@server ~]# nmcli connection modify eno16777736 ipv6.addresses fddb:fe2a:ab1e::c0a8:64/64 ipv6.method static connection.autoconnect yes
[root@server ~]# nmcli connection down eno16777736;nmcli connection up eno16777736
[root@server ~]#ping6 fddb:fe2a:ab1e::c0a8:64
--Desktop Machine---
[root@server ~]# nmcli connection modify eno16777736 ipv6.addresses fddb:fe2a:ab1e::c0a8:02/64 ipv6.method static connection.autoconnect yes
[root@server ~]# nmcli connection down eno16777736;nmcli connection up eno16777736
[root@server ~]#ping6 fddb:fe2a:ab1e::c0a8:02
No comments:
Post a Comment