NCLP考古題之二

S1: Server1, S2: Server2
1. User management
a. add new group "engineers" with gid 1100 on both S1,S2
b. add the following users
c. passwd set to linux
2. Config Samba
a. config samba on S1 using the following parameters
 . the name of the workgroup is DA
 . the directory /home is exported ad a share with the name of "homes".
   the dir must not be browseable, all files have to be created with
   read and write access of the owner and no access for the group and any
   other users. 
   Only clients from network 192.168.146.0/24 are allowed to access this share.
 . the dir /data/engineers has to be exported as a share with the name "data".
   This dir has to be browseable, all files have to be created with read and
   write access
   for their owner, read access for the members of the group engineers
   and no access for any other user. Only clients from network
    192.168.146.0/24  and192.168.147.0/24 are allowed to access this share.
 . make sure samba server is started  automatically after boot.
b. make the 3 users from task 1 known to the samba server by adding them
   to /etc/samba/smbpassword.
   Use the passwd "linux' for each of the 3 samba users.
 * to test samba server from the linux client , u can use the command smbclient.

3. S2 as central log server
a. config the syslog daemon to accept message from other machines
b. config the syslog daemon to write nessages concerning mail to
   /var/log/allmail
c. Mail messages must not be written anywhere else. Disable immediate file
   syncing after writing messages
d. config  the syskigd to write a kernel messages to /var/log/kernel.
   Kernel message with the priority equal to or higher than warning have also
   to be written to console 10.
e. config syslogd to write all other messages than mail and kernel
   messages to /var/log/allmessages.

** In case you want to generate kernelmessage manually, do not use "logger"
  try modeprobe 3c509

a. Files have to be rotated and compress on daily basis, regardless of
   their size.
b. Up to five rotated files have to be kept.
c. The access permissions have to be the same for all files: rw-r----, the
   owner and the group have to be "root"
d. Use the special configureatin file provided for roatating logfiles of
   the syslog daemon (/etc/logrotate.d/syslog)   

4. Monitor other machines using xinetd
a. configure xinetd on S2 to provide info about the system:
 . allow access to any services provided by xinetd only from host 192.168.146.10.
 . allow logging infomation has to be written using syslog daemon, the
   logging facility is "daemon"
 . when any of the services are accessed, the remote address is logged.
 . in case of the failed attemept, log this event together with the host address.
b. configure the service "systat" with the parameters "aux"
c. configure the service netstat with the following parameters
 . show TCP and UDP info.
 . show all sockets
 . show only numerical addresses
 . show pid and the name of the corresponding program.

Hint: to access thease services forom S1 , use  eg telnet S2 netstat or
     use the ports listed in /etc/services

5. configure secure shell
a. as the user root on server1, create a pair of authentication keys for ssh.
   Use DSA as the type of the keys and do not use pass phrase (not
   recommanded but for the test)

b. configure the ssh daemon on S2,using the following parameters.
 . only protocal 2
 . the user "root" may login
 . the authentication via public key is allowed,  via password is not allowed
c. allow user from S1 to login as the user root on S2 using the
   authentication key created.