NCLP考古題之一

有了一張 LPI L1,本來就不足以代表我在LINUX的管理能力有多行!
因為LPI L1,老實說,K書用功一點的人,都能拿不錯的成績.
一定要有L2或是實機測驗的RHCE,還是NCLP!
才比較能向人證明,我的LINUX功力到什麼地步......

搜集了些考古題,再重拾散漫的心情吧!
理財投資的體驗雖然有些挫敗,但也是還在止血學習中!
但職場相關的證照考試,還是真的要整理心情,一張一張去努力考取.

出處:http://blog.xuite.net/happyman/tips/8977439

S1: Server1, S2: Server2
User management
Create a new group called customers on both S1 and S2 with GID of 1013,
make it a default secondary group for new users.
Create user accounts with comment field populated with the company name
and a primary group membership of users.

Username Company
----
jonesco :: The Johnes Company
imagetec :: New Image Tech
johntom :: Johns and Tom

Home dirs should exist in /home for the above users.
Each user is allowd to use passwd auth but must change the default
password of linux (ignore all warnings) after first auth.

forcing user to change password must be accomplished by manipulating the
/etc/shadow file. User accounts must be changed at first login on *both*
S1 and S2.

SSH configuration.

Configure SSH/SCP in S1 access for the previous mentioned user with the
following parameters:
1. only openssh protocal2 is allowed
2. root is not allowed to log in

Apache

Place ur global changes into the main web server config
/etc/apache2/default-server.conf

a. Config on Server1
. change adm email to webmaster@digitairlines.com.tw.
. set webserver name to customers.digitairlines.com and make sure that
this name is resolved to the IP address on both S1 and S2

b. Config Apache on S1 with authenticad dir level access for 3 users
using main Web server config
. use basic as type of auth.
. use "Restricted Area" for the name of auth realm of each dirs
. place a designated passwd file in /etc/apache2 dir, for dir level auth,
as listed below

1. Use htpasswd-jones, htpasswd-image, and htpasswd-johns for user
jonesco,imagetec,johnstom, respectively, as the files containing the
username and passwords.
2. Add the following usernames to the related password file: jonesco,
imagetec, and johnstom. Each of these users should have the password
"linux"
3. Have these users access to the files *any file u need to create) in
their /home/$USER/web dir ***(hint: create a dir under each users home dir
web and creat a symblic link in /srv/www/htdocs with their username that
points to it called (/srv/www/htdocs/jonesco >> /home/jonesco/web).
ensure that apache is aware of links and can follow them.
4. Disable PHP in apache2 module

c. Start a webserver and make sure that it's started automatically after a
reboot of the system.

Configure a remote logging host

Because S1 is exposed to the internet for https and openssh traffic,
config S2 to be a log server using following parameters:
a. config the syslog daemon to accept message from other machines
b. config the syslog daemon to write nessages concerning mail to
/var/log/allmail
c. Mail messages must not be written anywhere else. Disable immediate file
syncing after writing messages
d. config the syskigd to write a kernel messages to /var/log/kernel.
Kernel message with the priority equal to or higher than warning have also
to be written to console 10.
e. config syslogd to write all other messages than mail and kernel
messages to /var/log/allmessages.

** In case you want to generate kernelmessage manually, do not use "logger"
try modeprobe 3c509

a. Files have to be rotated and compress on daily basis, regardless of
their size.
b. Up to five rotated files have to be kept.
c. The access permissions have to be the same for all files: rw-r----, the
owner and the group have to be "root"
d. Use the special configureatin file provided for roatating logfiles of
the syslog daemon (/etc/logrotate.d/syslog)