10 Tips For RH302 examinee

Pass4sure RH302 Questions are updated and all RH302 answers are verified by experts. Once you have completely prepared with our RH302 exam prep kits you will be ready for the real RH302 exam without a problem. We have Update Red Hat RH302 dumps study guide. PASSED RH302 First attempt! Here What I Did.

Q91. CORRECT TEXT

Add a user named user4 and make primarily belongs to training group. As well account should expire on 30 days from today.

Answer and Explanation:

1. useradd username

2. passwd username

3. usermod -e "date"

example: usermod -e "12 Feb 2006" user4

Verify: chage -l user4

Q92. CORRECT TEXT

You are the administrator of example.com domain. Configure to deny local login to all normal users on your domain server. As well as allow to root login only on First Terminal.

Answer and Explanation:

1. touch /etc/nologin

2. vi /etc/securetty

comment all available terminall then first.

If /etc/nologin file is created, then pam modules pan_nologin deny to all non-root users to login locally.

/etc/pam.d/login file calls the module.

#%PAM-1.0

auth required pam_securetty.so

auth required pam_stack.so service=system-auth

auth required pam_nologin.so

account required pam_stack.so service=system-auth

password required pam_stack.so service=system-auth

# pam_selinux.so close should be the first session rule

session required pam_selinux.so close

session required pam_stack.so service=system-auth

session optional pam_console.so

# pam_selinux.so open should be the last session rule

session required pam_selinux.so multiple open

pam_securetty modules checks the /etc/securetty file, which terminal are available to root. If terminal is not available in this file then pam_securetty module deny to login on unavailable terminal to root user.

Q93. CORRECT TEXT

Your System is going to use as a Router for two networks. One Network is 192.168.0.0/24 and Another Network is 192.168.1.0/24. Both network's IP address has assigned. How will you forward the packets from one network to another network?

Answer and Explanation:

1. echo "1" >/proc/sys/net/ipv4/ip_forward

2. vi /etc/sysctl.conf

net.ipv4.ip_forward = 1

If you want to use the Linux System as a Router to make communication between different networks, you need enable the IP forwarding. To enable on running session just set value 1 to /proc/sys/net/ipv4/ip_forward. As well as automatically turn on the IP forwarding features on next boot set on /etc/sysctl.conf file.

Q94. CORRECT TEXT

Make Secondary belongs the jeff and marion users on sysusers group. But harold user should not belongs to sysusers group.

Answer and Explanation:

1. usermod -G sysusers jeff

2. usermod -G sysuser marion

3. Verify by reading /etc/group file

Using usermod command we can make user belongs to different group. There are two types of group one primary and another is secondary. Primary group can be only one but user can belongs to more than one group as secondary.

usermod -g groupname username à To change the primary group of the user

usermod -G groupname username à To make user belongs to secondary group.

Q95. CORRECT TEXT

If any mail coming from outside of the local LAN block all mails.

Answer and Explanation:

Outside the LAN means my133t.org. All host on exam on example.com domain and outside domain means cracker.org.

To block the mail coming from cracker.org

1. vi /etc/mail/access

@my133t.org REJECT

2. service sendmail start | restart

3. chkconfig sendmail on

Q96. CORRECT TEXT

Install the Cron Schedule for david user to display "Hello" on daily 5:30.

Answer and Explanation:

Login as a root usercat >schedule.txt

30 05 * * * /bin/echo "Hello"

3. crontab -u david schedule.txt

4. service crond restart

The cron system is essentially a smart alarm clock. When the alarm sounds, Linux runs the commands of your choice automatically. You can set the alarm clock to run at all sorts of regular time intervals. Alternatively, the at system allows you to run the command of your choice once, at a specified time in the future.

Red Hat configured the cron daemon, crond. By default, it checks a series of directories for jobs to run, every minute of every hour of every day. The crond checks the /var/spool/cron directory for jobs by user. It also checks for scheduled jobs for the computer under /etc/crontab and in the /etc/cron.d directory.

Here is the format of a line in crontab. Each of these columns is explained in more detail:

#minute, hour, day of month, month, day of week, command

* * * * * command

Q97. CORRECT TEXT

Install the dialog-*

Answer and Explanation:

Questions asking you to install the dialog package from the server. In your Lab FTP server as well as NFS server are configured. You can install either through FTP or NFS.

1. Just Login to server1.example.com through FTP: ftp server1.example.com

2. Enter to pub directory: cd pub

3. Enter to RedHat/RPMS: cd RedHat/RPMS

4. Download the Package: mget dialog-*

5. Logout from the FTP server: bye

6. Install the package: rpm -ivh dialog-*

7. Verify the package either installed or not: rpm -q dialog

Q98. CORRECT TEXT

Create the user named eric and deny to interactive login.

Answer and Explanation:

1. useradd eric

2. passwd eric

3. vi /etc/passwd

4. eric:x:505:505::/home/eric:/sbin/nologin

Which shell or program should start at login time is specified in /etc/passwd file. By default Redhat Enterprise Linux assigns the /bin/bash shell to the users. To deny the interactive login, you should write /sbin/nologin or /bin/false instead of login shell.

Q99. CORRECT TEXT

Share the /data directory only to example.com members. These hosts should get read and write access on shared directory.

Answer and Explanation:

1. vi /etc/exports

/data *.example.com(rw,sync)

2. service nfs start

3. service portmap restart

4. chkconfig nfs on

5. chkconfig portmap on

In Linux to share the data we use the /etc/exports file. Pattern is:

Path client(permission)

Shared Directory Path, Client can be single host or domain name or ip address. Permission should specify without space with client lists in parentheses.

Q100. CORRECT TEXT

You have a domain in your LAN named example.com and cracker.org. Allow the

- Allow the FTP connection only from local domain.

- Deny the FTP connection from cracker.org

Answer and Explanation:

1. vi /etc/hosts.deny

vsftpd:ALL EXCEPT .example.com

or

1. vi /etc/hosts.deny

vsftpd:ALL

2. vi /etc/hosts.allow

vsftpd:.example.com

We can secure the services using tcp_wrappers. There are main two files, /etc/hosts.allow and /etc/hosts.deny.

There will be three stage access checking

- Is access explicitly permitted? Means permitted from /etc/hosts.allow?

- Otherwise, Is access explicitly denied? Means denied from /etc/hosts.deny?

- Otherwise, by default permit access if neither condition matched.

To deny the services we can configure /etc/hosts.deny file using ALL and EXCEPT operation.

Pattern of /etc/hosts.allow and /etc/hosts.deny file is:

Demon_list:client_list:options

In Client list can be either domain name or IP address.