红帽RHCE考试要注意的几点

很多朋友想知道红帽RHCE考试要注意的有哪几点，下面就让我们来看看吧。

注意事项

1、RHCE考试全程为上机考试，没有笔试。

2、在考试过程中，手机必须全程调成静音或者关机模式。

3、考试过程中禁止互相讨论交流。

4、任何纸质物品不能带进考场，考试发放的草稿纸在考试结束后收回，不得带出考场。

RHCE报名步骤

1、浏览器搜索红帽官网，点击第一个并进入。

2、进入官网后找到并点击红帽培训。

3、选择考试认证。

4、选择所有考试里的红帽工程师（RHCE）考试。

5、点击查找您附近的红帽培训机构。

6、选择国家，找到距离最近的培训机构，进行培训，再由培训机构报名参加考试。

rhce认证考试条件

RHCE的考试对于报考人员本身并没有过多的限制，但还是需要具备一些基础知识：

1、有基本的计算机使用技能，并具有较好的学习能力；

2、能够用命令行方式执行命令；

3、了解计算机词汇或有WINDOWS使用基础等等。

红帽认证考试题库

红帽RHCE认证试题解析及操作实践（中）

如需查看上半部分1~7题讲解，请参考如下资料：

在server0上配置SMB服务：

• SMB服务器必须是STAFF工作组的一个成员
• 共享/common目录，共享名必须为common
• 只有example.com域内的客户端可以访问common共享
• Common必须是可以浏览的
• 用户rob，samba密码为redhat , 只读权限访问common共享

解答：

安装samba服务：

[root@server0 ~]# yum install -y samba samba-client

添加rob用户，并设置密码：

[root@server0 ~]# useradd -s /sbin/nologin rob[root@server0 ~]# smbpasswd -a robNew SMB password:Retype new SMB password:Added user rob.

创建目录，并设置selinux上下文和acl：

[root@server0 ~]# mkdir /common

注：此步骤需要等待几分钟！

[root@server0 ~]# setsebool -P samba_export_all_rw 1[root@server0 ~]# semanage fcontext -a -t samba_share_t '/common(/.*)?'[root@server0 ~]# restorecon -v /common/restorecon reset /common context unconfined_u:object_r:default_t:s0->unconfined_u:object_r:samba_share_t:s0[root@server0 ~]# vim /etc/samba/smb.confworkgroup = STAFF[common]path = /commonbrowseable = yeshosts allow = 172.25.0.0/24valid users =rob[root@server0 ~]# systemctl enable smb nmbln -s '/usr/lib/systemd/system/smb.service' '/etc/systemd/system/multi-user.target.wants/smb.service'ln -s '/usr/lib/systemd/system/nmb.service' '/etc/systemd/system/multi-user.target.wants/nmb.service'[root@server0 ~]# systemctl restart smb nmb[root@server0 ~]# firewall-cmd --add-service=sambasuccess[root@server0 ~]# firewall-cmd --add-service=samba --permanentsuccess

Desktop0上做测试验证：

[root@desktop0 ~]# yum install -y samba-client cifs-utils[root@desktop0 ~]# smbclient -L //server0/common -U rob%redhatDomain=[STAFF] OS=[Unix] Server=[Samba 4.1.1] Sharename Type Comment --------- ---- ------- common Disk IPC$ IPC IPC Service (Samba Server Version 4.1.1) rob Disk Home DirectoriesDomain=[STAFF] OS=[Unix] Server=[Samba 4.1.1] Server Comment --------- ------- SERVER0 Samba Server Version 4.1.1 Workgroup Master --------- ------- STAFF SERVER0[root@desktop0 ~]# mount -t cifs -o username=rob,password=redhat //server0.example.com/common /mnt[root@desktop0 ~]# echo heloworld > /mnt/file11-bash: /mnt/file11: Permission denied[root@desktop0 ~]# umount /mnt/9、配置多用户SMB挂载

在server0上配置SMB服务,共享/devops目录，满足如下要求:

• 共享名必须为devops
• 只有example.com域内的客户端可以访问devops共享
• devops必须是可以浏览的
• 用户rob，samba密码为redhat,只读权限访问devops共享
• 用户brian，samba密码为redhat,读写权限访问devops共享
• 使用用户 rob永久挂载该共享到desktop0.example.com 的/mnt/multiuser 目录，其他任何用户可以通过用户 brian 来临时获取写的权限。

解答：

（1）Server0端配置

添加brian用户并设置密码：

[root@server0 ~]# useradd -s /sbin/nologin brian[root@server0 ~]# smbpasswd -a brianNew SMB password:Retype new SMB password:Added user brian.

创建目录并设置selinux上下文和acl权限：

[root@server0 ~]# mkdir /devops[root@server0 ~]# setfacl -m u:brian:rwx /devops/[root@server0 ~]# semanage fcontext -a -t samba_share_t '/devops(/.*)?'[root@server0 ~]# restorecon -v /devops/restorecon reset /devops context unconfined_u:object_r:default_t:s0->unconfined_u:object_r:samba_share_t:s0

编辑smb.conf文件，在文件末尾增加如下内容：

[root@server0 ~]# vim /etc/samba/smb.conf[devops]path = /devopsbrowseable = yeswrite list = brianhosts allow = 172.25.0.0/24[root@server0 ~]# systemctl restart smb nmb

（2）Desktop0端配置

安装samba服务包：

[root@desktop0 ~]# yum install -y samba-client cifs-utilsLoaded plugins: langpacksPackage samba-client-4.1.1-31.el7.x86_64 already installed and latest versionPackage cifs-utils-6.2-6.el7.x86_64 already installed and latest versionNothing to do[root@desktop0 ~]# mkdir /mnt/multiuser

编辑fstab文件，增加如下记录：

[root@desktop0 ~]# vim /etc/fstab//server0.example.com/devops /mnt/multiuser cifs credentials=/root/smbconfig,multiuser,sec=ntlmssp,_netdev 0 0

[root@desktop0 ~]# vim /root/smbconfigusername=robpassword=redhatdomain=STAFF[root@desktop0 ~]# chmod 400 /root/smbconfig

挂载：

[root@desktop0 ~]# mount -a

验证：

[root@desktop0 ~]# su - rob[rob@desktop0 ~]$ cifscreds add server0Password:[rob@desktop0 ~]$ touch /mnt/multiuser/testfiletouch: cannot touch ‘/mnt/multiuser/testfile’: Permission denied[root@desktop0 ~]# su - brian[brian@desktop0 ~]$ cifscreds add server0Password:[brian@desktop0 ~]$ touch /mnt/multiuser/testfile[brian@desktop0 ~]$ ls -a /mnt/multiuser/testfile/mnt/multiuser/testfile10、配置nfs服务

在server0配置NFS服务，要求如下：

• 以只读的形式共享目录/public同时只能被example.com域中的系统访问
• 以读写的形式共享目录/protected同时只能被example.com域中的系统访问
• 访问/protected需要通过Kerberos安全加密，您可以使用下面提供的密钥：
• http://classroom.example.com/pub/keytabs/server0.keytab
• 目录/protected应该包含名为project拥有人为ldapuser0的子目录
• 用户ldapuser0能以读写形式访问/protected/project

解答：

首先安装服务

[root@server0 ~]# yum list nfs-utilsLoaded plugins: langpacksInstalled Packagesnfs-utils.x86_64 1:1.3.0-0.el7 installed[root@server0 ~]# yum install -y nfs-utilsLoaded plugins: langpacksPackage 1:nfs-utils-1.3.0-0.el7.x86_64 already installed and latest versionNothing to do

根据题目要求，创建共享目录，并设置权限：

[root@server0 ~]# mkdir -p /public /protected/project[root@server0 ~]# chown -R ldapuser0 /protected/project/

编辑exports文件：

[root@server0 ~]# vim /etc/exports/public *.example.com(ro,sec=sys)/protected *.example.com(rw,sync,sec=krb5p)

设置启动的时候为4.2版本：

[root@server0 ~]# vim /etc/sysconfig/nfsRPCNFSDARGS="-V 4.2"

根据题目要求，下载证书：

[root@server0 ~]# wget -O /etc/krb5.keytab http://classroom.example.com/pub/keytabs/server0.keytab--2020-03-16 19:06:00-- http://classroom.example.com/pub/keytabs/server0.keytabResolving classroom.example.com (classroom.example.com)... 172.25.254.254Connecting to classroom.example.com (classroom.example.com)|172.25.254.254|:80... connected.HTTP request sent, awaiting response... 200 OKLength: 1242 (1.2K)Saving to: ‘/etc/krb5.keytab’100%[==================================>] 1,242 --.-K/s in 0s2020-03-16 19:06:00 (227 MB/s) - ‘/etc/krb5.keytab’ saved [1242/1242]

设置开机启动服务和防火墙放行等：

[root@server0 ~]# systemctl enable nfs-serverln -s '/usr/lib/systemd/system/nfs-server.service' '/etc/systemd/system/nfs.target.wants/nfs-server.service'[root@server0 ~]# systemctl restart nfs-server[root@server0 ~]# systemctl enable nfs-secure-serverln -s '/usr/lib/systemd/system/nfs-secure-server.service' '/etc/systemd/system/nfs.target.wants/nfs-secure-server.service'[root@server0 ~]# systemctl restart nfs-secure-server[root@server0 ~]# firewall-cmd --add-service=nfssuccess[root@server0 ~]# firewall-cmd --add-service=nfs --permanentsuccess[root@server0 ~]# firewall-cmd --add-service=rpc-bindsuccess[root@server0 ~]# firewall-cmd --add-service=rpc-bind --permanentsuccess[root@server0 ~]# firewall-cmd --add-service=mountdsuccess[root@server0 ~]# firewall-cmd --add-service=mountd --permanentsuccess11、挂载一个NFS共享

在desktop0上挂载一个来自server0上的NFS共享，并符合下列要求：

• /pulbic共享挂载到本地的/mnt/nfsmount
• /protected挂载到本地的/mnt/nfssecure,并使用安全的方式
• 密钥下载地址：http://classroom.example.com/pub/keytabs/desktop0.keytab
• 用户ldapuser0能够在/mnt/nfssecure/project上创建文件
• 这些文件系统在系统启动时自动挂载

解答：

确保在dekyop0上已经安装nfs-utils服务

[root@desktop0 ~]# yum list nfs-utilsLoaded plugins: langpacksInstalled Packagesnfs-utils.x86_64 1:1.3.0-0.el7 installed[root@desktop0 ~]# yum install -y nfs-utilsLoaded plugins: langpacksPackage 1:nfs-utils-1.3.0-0.el7.x86_64 already installed and latest versionNothing to do

根据题目要求创建挂载目录：

[root@desktop0 ~]# mkdir /mnt/nfsmount /mnt/nfssecure

下载证书：

[root@desktop0 ~]# wget -O /etc/krb5.keytab http://classroom.example.com/pub/keytabs/desktop0.keytab--2020-03-16 19:17:55-- http://classroom.example.com/pub/keytabs/desktop0.keytabResolving classroom.example.com (classroom.example.com)... 172.25.254.254Connecting to classroom.example.com (classroom.example.com)|172.25.254.254|:80... connected.HTTP request sent, awaiting response... 200 OKLength: 1258 (1.2K)Saving to: ‘/etc/krb5.keytab’100%[==================================>] 1,258 --.-K/s in 0s2020-03-16 19:17:55 (101 MB/s) - ‘/etc/krb5.keytab’ saved [1258/1258]

验证证书内容：

[root@desktop0 ~]# klist -k /etc/krb5.keytabKeytab name: FILE:/etc/krb5.keytabKVNO Principal---- -------------------------------------------------------------------------- 2 host/desktop0.example.com@EXAMPLE.COM 2 host/desktop0.example.com@EXAMPLE.COM 2 host/desktop0.example.com@EXAMPLE.COM 2 host/desktop0.example.com@EXAMPLE.COM 2 host/desktop0.example.com@EXAMPLE.COM 2 host/desktop0.example.com@EXAMPLE.COM 2 host/desktop0.example.com@EXAMPLE.COM 2 host/desktop0.example.com@EXAMPLE.COM 2 nfs/desktop0.example.com@EXAMPLE.COM 2 nfs/desktop0.example.com@EXAMPLE.COM 2 nfs/desktop0.example.com@EXAMPLE.COM 2 nfs/desktop0.example.com@EXAMPLE.COM 2 nfs/desktop0.example.com@EXAMPLE.COM 2 nfs/desktop0.example.com@EXAMPLE.COM 2 nfs/desktop0.example.com@EXAMPLE.COM 2 nfs/desktop0.example.com@EXAMPLE.COM

编辑fstab文件，设置自动挂载：注意版本号v4.2和sec=sys一定要加。

[root@desktop0 ~]# vim /etc/fstabserver0.example.com:/public /mnt/nfsmount nfs sec=sys 0 0server0.example.com:/protected /mnt/nfssecure nfs sec=krb5p,v4.2 0 0

启动服务，设置开机启动：

[root@desktop0 ~]# systemctl enable nfs-secureln -s '/usr/lib/systemd/system/nfs-secure.service' '/etc/systemd/system/nfs.target.wants/nfs-secure.service'[root@desktop0 ~]# systemctl restart nfs-secure

挂载：

[root@desktop0 ~]# mount -a[root@desktop0 ~]# df -hFilesystem Size Used Avail Use% Mounted on/dev/vda1 10G 3.2G 6.9G 32% /devtmpfs 906M 0 906M 0% /devtmpfs 921M 0 921M 0% /dev/shmtmpfs 921M 17M 904M 2% /runtmpfs 921M 0 921M 0% /sys/fs/cgroup//server0.example.com/devops 10G 3.1G 7.0G 31% /mnt/multiuserserver0.example.com:/public 10G 3.1G 7.0G 31% /mnt/nfsmountserver0.example.com:/protected 10G 3.1G 7.0G 31% /mnt/nfssecure

切换到ldapuser0用户，验证读写：

[root@desktop0 ~]# su - ldapuser0Creating home Directory for ldapuser0.[ldapuser0@desktop0 ~]$ df -hdf: ‘/mnt/nfssecure’: Permission deniedFilesystem Size Used Avail Use% Mounted on/dev/vda1 10G 3.2G 6.9G 32% /devtmpfs 906M 0 906M 0% /devtmpfs 921M 0 921M 0% /dev/shmtmpfs 921M 17M 904M 2% /runtmpfs 921M 0 921M 0% /sys/fs/cgroup//server0.example.com/devops 10G 3.1G 7.0G 31% /mnt/multiuserserver0.example.com:/public 10G 3.1G 7.0G 31% /mnt/nfsmount[ldapuser0@desktop0 ~]$ kinitPassword for ldapuser0@EXAMPLE.COM: kerberos

注：ldapuser0用户的密码为kerberos。

[ldapuser0@desktop0 ~]$ dfFilesystem 1K-blocks Used Available Use% Mounted on/dev/vda1 10473900 3256428 7217472 32% /devtmpfs 927072 0 927072 0% /devtmpfs 942660 0 942660 0% /dev/shmtmpfs 942660 17004 925656 2% /runtmpfs 942660 0 942660 0% /sys/fs/cgroup//server0.example.com/devops 10473900 3214616 7259284 31% /mnt/multiuserserver0.example.com:/public 10473984 3214592 7259392 31% /mnt/nfsmountserver0.example.com:/protected 10473984 3214592 7259392 31% /mnt/nfssecure12、实现一个web服务器

在server0上配置一个站点http://server0.example.com，然后执行以下步骤：

• 从http://classroom.example.com/materials/station.html下载文件
• 将文件重命名为index.html,绝对不能修改此文件的内容
• 将index.html拷贝到你的web服务器的DocumentRoot目录下
• 来自example.com域的客户端可以访问此web站点
• 来自my133t.org域的客户端拒绝访问此web站点
• 虚拟主机配置文件为vhost-server0.conf

解答：

安装所需的web服务包：

[root@server0 ~]# yum install -y httpd mod_ssl mod_wsgi

下载主页文件：

[root@server0 ~]# wget -O /var/www/html/index.html http://classroom.example.com/materials/station.html--2020-03-17 23:17:45-- http://classroom.example.com/materials/station.htmlResolving classroom.example.com (classroom.example.com)... 172.25.254.254Connecting to classroom.example.com (classroom.example.com)|172.25.254.254|:80... connected.HTTP request sent, awaiting response... 200 OKLength: 49 [text/html]Saving to: ‘/var/www/html/index.html’100%[==================================>] 49 --.-K/s in 0s2020-03-17 23:17:45 (5.80 MB/s) - ‘/var/www/html/index.html’ saved [49/49]

添加配置文件，可以从其他conf结尾文件拷贝内容到对应的目录，如：/etc/httpd/conf.d/httpd-vhosts.conf。

[root@server0 ~]# vim /etc/httpd/conf.d/vhost-server0.conf<virtualHost _default_:80> DocumentRoot /var/www/html ServerName server0.example.com <Directory /var/www/html> Require host example.com Require all denied </Directory></VirtualHost>

设置开机启动服务及防火墙放行服务：

[root@server0 ~]# systemctl enable httpdln -s '/usr/lib/systemd/system/httpd.service' '/etc/systemd/system/multi-user.target.wants/httpd.service'[root@server0 ~]# systemctl restart httpd[root@server0 ~]# firewall-cmd --add-service=httpsuccess[root@server0 ~]# firewall-cmd --add-service=http --permanentsuccess

验证：

[root@server0 ~]# curl http://server0.example.com<h1 style="color:blue"> server0.example.com</h1>[root@server0 ~]# firefox http://server0.example.com&13、配置安全web服务

站点http://server0.example.com配置TLS加密:

• 签名的证书：http://classroom.example.com/pub/tls/certs/server0.crt
• 证书的密钥：http://classroom.example.com/pub/tls/private/server0.key
• 证书的授权信息：http://classroom.example.com/pub/example-ca.crt

解答：

根据题目要求下载三个对应的证书和密钥信息：

[root@server0 ~]# wget -O /etc/pki/tls/certs/server0.crt http://classroom.example.com/pub/tls/certs/server0.crt--2020-03-17 23:36:39-- http://classroom.example.com/pub/tls/certs/server0.crtResolving classroom.example.com (classroom.example.com)... 172.25.254.254Connecting to classroom.example.com (classroom.example.com)|172.25.254.254|:80... connected.HTTP request sent, awaiting response... 200 OKLength: 3505 (3.4K)Saving to: ‘/etc/pki/tls/certs/server0.crt’100%[==================================>] 3,505 --.-K/s in 0s2020-03-17 23:36:39 (206 MB/s) - ‘/etc/pki/tls/certs/server0.crt’ saved [3505/3505][root@server0 ~]# wget -O /etc/pki/tls/private/server0.key http://classroom.example.com/pub/tls/private/server0.key--2020-03-17 23:37:28-- http://classroom.example.com/pub/tls/private/server0.keyResolving classroom.example.com (classroom.example.com)... 172.25.254.254Connecting to classroom.example.com (classroom.example.com)|172.25.254.254|:80... connected.HTTP request sent, awaiting response... 200 OKLength: 916Saving to: ‘/etc/pki/tls/private/server0.key’100%[==================================>] 916 --.-K/s in 0s2020-03-17 23:37:28 (103 MB/s) - ‘/etc/pki/tls/private/server0.key’ saved [916/916]

设置证书的权限：

[root@server0 ~]# chmod 600 /etc/pki/tls/private/server0.key[root@server0 ~]# wget -O /etc/pki/tls/certs/example-ca.crt http://classroom.example.com/pub/example-ca.crt--2020-03-17 23:39:01-- http://classroom.example.com/pub/example-ca.crtResolving classroom.example.com (classroom.example.com)... 172.25.254.254Connecting to classroom.example.com (classroom.example.com)|172.25.254.254|:80... connected.HTTP request sent, awaiting response... 200 OKLength: 1220 (1.2K)Saving to: ‘/etc/pki/tls/certs/example-ca.crt’100%[==================================>] 1,220 --.-K/s in 0s2020-03-17 23:39:01 (76.8 MB/s) - ‘/etc/pki/tls/certs/example-ca.crt’ saved [1220/1220]

创建一个新的配置*.conf文件：可按照/etc/httpd/conf.d/ssl.conf 文件内容，对应拷贝相关资料到目标文件中（/etc/httpd/conf.d/default-ssl.conf）

[root@server0 ~]# vim /etc/httpd/conf.d/autoindex.conf ssl.conf vhost-server0.confREADME userdir.conf welcome.conf[root@server0 ~]# vim /etc/httpd/conf.d/ssl.conf[root@server0 ~]# vim /etc/httpd/conf.d/default-ssl.conf<VirtualHost *:443>ServerName server0.example.comDocumentRoot /var/www/htmlSSLEngine onSSLProtocol all -SSLv2 -SSLv3SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5SSLHonorCipherOrder onSSLCertificateFile /etc/pki/tls/certs/server0.crtSSLCertificateKeyFile /etc/pki/tls/private/server0.keySSLCACertificateFile /etc/pki/tls/certs/example-ca.crt</VirtualHost>[root@server0 ~]# systemctl restart httpd[root@server0 ~]# firewall-cmd --add-service=httpssuccess[root@server0 ~]# firewall-cmd --add-service=https --permanentsuccess

验证：

[root@server0 ~]# curl -k https://server0.example.com<h1 style="color:blue"> server0.example.com</h1>

通过firefox浏览器打开网页验证：

[root@server0 ~]# firefox https://server0.example.com(process:2554): GLib-CRITICAL **: g_slice_set_config: assertion `sys_page_size == 0' failed

https配置图

https配置

https配置

https://server0.example.com

在server0上扩展你的web服务器，为站点http://www0.example.com创建一个虚拟主机，

然后执行以下步骤：

• 设置DocumentRoot为/var/www/virtual
• 从http://classroom.example.com/materials/www.html下载文件,并重命名为index.html，不要对文件index.html内容做任何修改
• 将index.htm文件放到虚拟主机的DocumentRoot目录下
• 确保floyd用户能够在/var/www/virtual目录下创建文件
• 虚拟主机配置文件为vhost-www0.conf
• 注意：原始站点http://server0.example.com必须仍然能够访问。站点的所用的域名网络中已有DNS服务器解析

解答：

根据题意创建目录，下载对应的文件：

[root@server0 ~]# mkdir /var/www/virtual[root@server0 ~]# wget -O /var/www/virtual/index.html http://classroom.example.com/materials/www.html--2020-03-18 00:03:48-- http://classroom.example.com/materials/www.htmlResolving classroom.example.com (classroom.example.com)... 172.25.254.254Connecting to classroom.example.com (classroom.example.com)|172.25.254.254|:80... connected.HTTP request sent, awaiting response... 200 OKLength: 46 [text/html]Saving to: ‘/var/www/virtual/index.html’100%[==================================>] 46 --.-K/s in 0s2020-03-18 00:03:48 (3.70 MB/s) - ‘/var/www/virtual/index.html’ saved [46/46]

根据题意，添加floyd用户：

[root@server0 ~]# useradd floyd[root@server0 ~]# setfacl -m u:floyd:rwx /var/www/virtual/

对vhos-www0.conf文件编辑，增加如下内容：

[root@server0 ~]# vim /etc/httpd/conf.d/vhost-www0.conf<VirtualHost *:80>ServerName www0.example.comDocumentRoot /var/www/virtual<Directory /var/www/virtual> Require all granted</Directory></VirtualHost>

重启httpd服务：

[root@server0 ~]# systemctl restart httpd

在dektop0上测试：

[root@desktop0 ~]# curl http://www0.example.com<h1 style="color:blue"> server0.example.com</h1>[root@desktop0 ~]# firefox http://www0.example.com

http://www0.example.com

未完待续，敬请关注~