Linux System Engineer Final Review

In order to complete the tasks in this review, there are a number of ports that need to be open between the two systems. Using the 'IPTABLES' firewall running on 'EXAM REVIEW SERVER', configure the following TCP and UDP ports to answer to any requests:

• ports; 80, 443, 8080, 20, 21, 22, 25, 3489, 5901
• service iscsi-target
• use firewalld to check the settings.
• nmap should ONLY be used against the PRIVATE IP ADDRESSES.

NOTES: a)
Confirm these ports are open and will remain open. Failure to open any of these ports will cause the activities in many of the following tasks to seemingly fail despite otherwise valid configurations. Plus this is a requierment of the real exam ;-)

b) Naming. the following naming is used:

• cloud_user@server ==> EXAM REVIEW SERVER

• cloud_user@client ==> EXAM CLIENT

c)
IP addresses will vary from those in the video and notes. Do as you would in a work situation and note down the device name, purpose, and IP addresses to keep them clear. You can check the Host name with one of these commands;
hostname or hostnamectl or cat /proc/sys/kernel/hostname .

On the EXAM REVIEW SERVER, install the git version control software package from the configured repositories. Create a new, empty local repository on the server in the /home/cloud_user directory. This new repository should exist in a directory called mysite at that location. Once the repository initializes, set the global user and email in the git configuration. Finally, create a new README.md file populated with whatever text you wish. Add that file to the repository and commit the changes with a commit comment that says "Version 1".

The user account cloud__user has been deployed to both servers. On the system called EXAM REVIEW SERVER, create an SSH key. For this practice lab, do NOT set a passphrase for the key.

Once created, exchange the SSH key with the same user on the system called EXAM CLIENT. You can use any method of key exchange you wish as long as the result is that the cloud_user is able to ssh from EXAM REVIEW SERVER to EXAM CLIENT without providing any password or passphrase.

You are tasked with creating reports on a number of system performance metrics on the system called EXAM REVIEW SERVER. Using the appropriate utilities, create three reports that will be stored in the /home/cloud_user directory as follows:

• Top 10 running processes on the system, including the process owner — log in a file called process-lisst.txt.
• Used, Free, and Cached memory values — log in a file called mem-stats.txt.
• System Load Numbers, in 5-second increments, over a period of 30 seconds — log in a file called sys-log.txt.

Make sure that you check that the logs contain useful data before you send them to your manager (or the Exam validation app). ;-)

Install the iptraf package. Use it to capture and review all traffic from any endpoint to the system called EXAM REVIEW SERVER over 1 minute. Maintain the default location and log file that the tool uses.

NOTE: You may see more traffic than observed in the video. Take a moment to consider where it is coming from and why. Try adding some icmp / ping traffic from your CLIENT.

On the CLIENT, within the /home/cloud_user directory, you will find an RPM package that contains a specific kernel version. Update the EXAM CLIENT system with that new kernel package and reboot and confirm that the new kernel is applied.

Log in to the system called EXAM CLIENT. Run the appropriate command(s) to completely update the system and all packages to the latest versions available in the default repositories. Once the system is updated, execute the command that will clear any cached packages on the system in order to save disk space.

Install the latest Apache HTTP server on the EXAM REVIEW SERVER system. Accept the defaults of the configuration and enable and start the service as appropriate. A pair of test files are found in the newsite directory under /root. Move the pair of test files to the web server contents directory for Apache. Check if the files are accessible via http from the EXAM CLIENT.

Troubleshoot issues and take the necessary configuration or security steps to allow them to be accessed from EXAM CLIENT via the http service.

Web traffic between the system called EXAM CLIENT and the system called EXAM REVIEW SERVER needs to be configured to be tunneled over port 8080. Take into consideration that the EXAM REVIEW SERVER system web service is listening on port 80. Using SSH tunneling, create a secure tunnel between the two servers so that calls from port 8080 will receive a response on port 80 from the system EXAM REVIEW SERVER.

On the EXAM REVIEW SERVER, install and configure the Postfix SMTP server. The server should allow forwarding of emails that are sent to it using the full IP address of the server itself rather than just the localhost. Using any mail client you choose, test this by sending an email from root@[Private IP of EXAM REVIEW SERVER] to cloud_user@[Private IP of EXAM REVIEW SERVER]. Verify that this shows up in the cloud_user account's email queue.

Working with the Logical Volume Management system on EXAM REVIEW SERVER, you will need to find the device names of the three (3) unconfigured 20GB block devices on the system. Using the first two 20GB devices, assemble them into a single LVM 40GB filesystem. Create a logical volume called mydata. Once this logical volume is complete, format the filesystem as EXT4. Create a new directory called /mnt/data as a mount point and mount the new filesystem at that location. Make sure the filesystem shows as mounted. Finally, add an appropriate entry in the /etc/fstab file so that the new logical volume is mounted at that location when the system is restarted.

NOTE:  With changes in virtual hardware, you may see the volumes listed under /dev as /dev/xvd*  or /dev/nvme2*. Adapt the commands to accommodate the presented resources.

Using the remaining 20GB block devices on the EXAM REVIEW SERVER, create a 20GB block device that an iSCSI Initiator (client) can use.

The target iSCSI configuration does not need to be secured by a username or password, but the client reference on the EXAM CLIENT iSCSI client should be referred to as client (designated by the :client at the end of the IQN). Be sure the appropriate iSCSI packages are installed on both servers, and the services are enabled and started. Verify the client is able to connect to and discover the iSCSI target. You do not need to format or mount the device.

As a final step for this review, you will need to add an access control to the SSH service on the EXAM REVIEW SERVER. The last step should be for you to deny SSH connections coming from the EXAM CLIENT Private IP address to the EXAM REVIEW SERVER.

Do not use a firewall rule to achieve this.

Be sure to reload the SSH service and verify that the EXAM CLIENT can no longer connect.