Answer for KodeKloud Question -Linux Network Services

 Our monitoring tool has reported an issue in Stratos Datacenter. One of our app servers has an issue, as its Apache service is not reachable on port 3000 (which is our Apache port). The service itself could be down, the firewall could be at fault, or something else could be causing the issue.

Use tools like telnet, netstat, etc. to find and fix the issue. Also make sure Apache is reachable from the jump host without compromising any security settings.

sample Answer:

#first of all , do telnet to all the app servers from jump host ( "port" as per your question )

    telnet <app-server-01-IP> <port>

    telnet <app-server-02-IP> <port>

    telnet <app-server-03-IP> <port>

*you will find from the above step that one of the app servers will not connect. login to that server( in my case its app server 01 )

    ssh <user>@<app-server-01-IP>

#switch to roo user 

    sudo su 

#now, check the apache service status 

    systemctl status httpd 

* if httpd not running start the service

    systemctl start httpd 

#if you get an error form the above start command try to find the error using the below command 

    httpd -t

* it will show you the error, correct that error ( in my case ServerName needs to be added to httpd.conf file)

    vi /etc/httpd/conf/httpd.conf

ServerName <app-server-01-IP>:<port>

*save the file and start the apache service 

    systemctl start httpd 

* still not started?

 #let's verify the Listen port to find any services running on the same apache port.

    netstat -anp | grep <port as per your question>

* it will show you the service which is blocking the apache service

 #kill that service 

    kill -9 <pid>

#now start the apache service 

    systemctl start httpd 

#now try telnet to app server 01 from jump host, 

    telnet <app-server -01-IP> <apache port>

Still, you are not connected to the server? follow the steps below 

# in app server 01 (check the iptables entry)

    iptables -S 

#add a rule (port should be your apache port as per your question)

     

    iptables -I INPUT -p tcp -m tcp --dport <your apache port> -j ACCEPT

# save the rule 
    

    service iptables save

    

##now try telnet to app server 01 from jump host

    telnet <app-server -01-IP> <apache port>

*Please comment on this post if you facing any issues in the steps, also provide your feedback in the comments :)

Note: **The Question copied it for learning purposes.** Commands are correct but based on your question the server, user name, and other details might differ, so please do check.

Answer for KodeKloud Question -Linux Firewalld Setup

 To secure our Nautilus infrastructure in Stratos Datacenter we have decided to install and configure firewalld on all app servers. We have Apache and Nginx services running on these apps. Nginx is running as a reverse proxy server for Apache. We might have more robust firewall settings in the future, but for now, we have decided to go with the given requirements listed below:

a. Allow all incoming connections on Nginx port.

b. Allow incoming connections from LB host only on Apache port and block for all others.

c. All rules must be permanent.

d. Zone should be public.

e. If Apache or Nginx services aren't running already, please make sure to start them.

Sample Answer:

##first let's start with apache and nginx service, ports verification 

#login to app server

    ssh <user>@<server>

#switch to root user

    sudo su

#check the apache service status 

systemctl status httpd

#check the nginx service status

systemctl status nginx

# if the above services not running you can start it using the below command otherwise ignore it.

systemctl start httpd

systemctl start nginx

# now we will get the apache Listen port  by using the below command (note down the port number we will use for later configuration)

    cat /etc/httpd/conf/httpd.conf | grep Listen

output will looks liks: 
Listen 5003

# now we will get ngnix Listen port  by using the below command (note down the port number we will use for later configuration)

cat /etc/nginx/nginx.conf | grep listen

output will looks like this:

listen       8096 default_server;

#now let's install firewalld service 

yum install -y firewalld

# enable and start the firewalld service and check the status using below comands 

    systemctl enable firewalld
    systemctl start firewalld
    systemctl status firewalld

#before doing the any firewall changes do some pre-check using these commands 

firewall-cmd --state

        firewall-cmd --get-default-zone

        firewall-cmd --zone=public --list-all 
firewall-cmd --zone=public --list-ports
firewall-cmd --get-active-zones

## let's do the firewall configuration

#allow the nginx port (make sure, you have to use your nginx port, which you find from our earlier steps, check those steps)

firewall-cmd --permanent --zone=public --add-port=8096/tcp 

#allow services http and https

firewall-cmd --permanent --zone=public --add-service={http,https}

#allow the appache port (make sure, you have to use your LB host ip and apache port,which you find from our earlier steps, check those steps)

     firewall-cmd --permanent --zone=public --add-rich-rule='rule family="ipv4" source                                address="<LB-host-IP>" port protocol=tcp port=5003 accept'

#add interface

    firewall-cmd --permanent --zone=public --change-interface=wan

#relaod firewalld service to take effect

    firewall-cmd --reload

#now do the post-check using these commands 

        firewall-cmd --zone=public --list-all 
firewall-cmd --zone=public --list-ports
firewall-cmd --get-active-zones

#last step, you have to do the Nginx reverse proxy configuration as below 

(you have to give the correct port and server IP as per your question ) 

vi /etc/nginx/nginx.conf

server {

  listen          <nginx-port>;

  listen          [::]:<nginx-port>;

  server_name     <App-server-IP>;

  root            /usr/share/nginx/html;

}

location / {

   proxy_pass http://<app-server-IP>:<apache-port>/;

}

#save the configuration and restart nginx and apache services 

    systemctl  restart nginx

    systemctl restart apache

* YOU MUST DO ALL THE ABOVE steps in ALL THE APPLICATION SERVERS.

##final Testing 

# From Jump Host

    curl -I  <app-server-IP-01>:<nginx_port>

    curl -I  <app-server-IP-02>:<nginx_port>

    curl -I  <app-server-IP-03>:<nginx_port>

# From LB host

    

    curl -I  <app-server-IP-01>:<nginx_port>

    curl -I  <app-server-IP-02>:<nginx_port>

    curl -I  <app-server-IP-03>:<nginx_port>

    curl -I  <app-server-IP-01>:<apache_port>

    curl -I  <app-server-IP-02>:<apche_port>

    curl -I  <app-server-IP-03>:<apache_port>

*Please comment on this post if you facing any issues in the steps, also provide your feedback in the comments :)

Note: **The Question copied it for learning purposes.** Commands are correct but based on your question the server, user name, and other details might differ, so please do check.

Answer for KodeKloud Question -Install and Configure HaProxy LBR

 There is a static website of Nautilus project running in Stratos Datacenter. Based on the infrastructure, they have already configured app servers and code is already deployed there. To make it work properly, they need to configure LBR server. There are number of options for that, but team has decided to go with HAproxy.

a. So install and configure HAproxy on LBR server using yum only and make sure all app servers are added to HAproxy load balancer. HAproxy must serve on default http port (Note: Please do not remove stats socket /var/lib/haproxy/stats entry from haproxy default config.).

b. You can access the website on LBR link—to do so click on the + button on top of your terminal, select option Select port to view on Host 1, and after adding port 80 click on Display Port.

Sample Answer:

#first you need to log in to all the app servers and find the Listen port ( as per the question app servers are already configured ) also need to start the httpd services too.

    

#login to a server

    ssh <user><server>

#switch to root user

    sudo su

#run below 

    cat /etc/httpd/conf/httpd.conf | grep Listen

  *the output look likes as below ( your port might be different make a note of it we need to use in our haproxy conf file)

    

    Listen 8084

#now start the httpd service ( make sure you started in all the app servers)

    systemctl enable httpd

    systemctl start httpd

    

    systemctl status httpd

* do the above steps in all the app servers 

# now login to LBR server 

    

    ssh <user>@<server>

#switch to root user 

    

    sudo su 

# install the haproxy using yum 

    

    yum -y install haproxy

#copy eixting conf file before making any changes 

    cp /etc/haproxy/haproxy.cfg /etc/haproxy/haproxy.cfg.backup 

#make sure that you do not change the below entry in the haproxy conf file (mentioned in the question)

    cat /etc/haproxy/haproxy.cfg | grep haproxy/stats

 #now let's add the configuration 

    

    vi /etc/haproxy/haproxy.cfg

frontend  main *:80

        acl url_static       path_beg       -i /static /images /javascript /stylesheets

        acl url_static       path_end       -i .jpg .gif .png .css .js

        use_backend static          if url_static

        default_backend             app

backend  app

        balance roundrobin

        server stapp01 172.16.238.10:8084 check

        server stapp02 172.16.238.11:8084 check

        server stapp03 172.16.238.12:8084 check

    

   save the conf file 

* make sure that your configuration as above but (port should be as per your app servers port)

#now validate the haproxy configuration file by running the below command(if there is any error it will show you otherwise its fine)

    haproxy -f /etc/haproxy/haproxy.cfg

#now enable and start the haproxy service 
    

    systemctl enable haproxy

    systemctl start haproxy

#let's verify, run below command from jump server ( port as per your app servers)

    curl 172.16.238.10:8084

    curl 172.16.238.11:8084

    curl 172.16.238.12:8084

    curl 172.16.238.14:80

#also verify as below 

    Click on the + button on top of your terminal, select the option Select port to view on Host 1, and after adding port 80 clicks on Display Port.

Note: **The Question copied it for learning purposes.** Commands are correct but based on your question the server, user name, and other details might differ, so please do check.

Answer for KodeKloud Question - Application Security

 We have a backup management application UI hosted on Nautilus's backup server in Stratos DC. That backup management application code is deployed under Apache on the backup server itself, and Nginx is running as a reverse proxy on the same server. Apache and Nginx ports are 8087 and 8091, respectively. We have iptables firewall installed on this server. Make the appropriate changes to fulfill the requirements mentioned below:

We want to open all incoming connections to Nginx's port and block all incoming connections to Apache's port. Also, make sure rules are permanent.

Sample Answer:

#login to backup server 

    ssh <user>@<server>

#switch to root user 

    sudo su 

#verify the iptables before doing any chnages 

    cat /etc/sysconfig/iptables

#run below commands in terminal ( you MUST make sure the correct ports of Nginx and Apache from your question)

    iptables -A INPUT -p tcp --dport 8091 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT

    iptables -A INPUT -p tcp --dport 8087 -m conntrack --ctstate NEW -j REJECT

# to save above entries run below comand in terminal

    iptables-save > /etc/sysconfig/iptables

#verify ( you can see your entries inside )

    cat /etc/sysconfig/iptables

Note: **The Question copied it for learning purposes.** Commands are correct but based on your question the server, user name, and other details might differ, so please do check.

Answer for KodeKloud Question - Configure protected directories in Apache

 xFusionCorp Industries has hosted several static websites on Nautilus Application Servers in Stratos DC. There are some confidential directories on document root that need to be password protected. Because they are using Apache for hosting the websites, the production support team has decided to use .htaccess with basic auth. There is a website that needs to be uploaded to /var/www/html/sysops on Nautilus App Server 1. However, we need to set up the authentication before that.

1. Create /var/www/html/sysops direcotry if doesn't exist.

2. Add a user mark in htpasswd and set its password to ksH85UJjhb.

3. There is a file /tmp/index.html placed on Jump Server. Copy the same to new directory you created, please make sure default document root should remain /var/www/html. Also website should work on URL http://<app-server-hostname>:<port>/sysops

Sample Answer:

# login to the given server in the question 

    ssh <user>@<server>

#switch to root user

    sudo su 

#create /var/www/html/sysops directory (check your question)

    mkdir /var/www/html/sysops

#Add a user and set password ( check your question username and password)

    htpasswd -c /etc/httpd/.htpasswd mark

* above command will ask for a new password for the user, paste the password given in question 

#Go to sysops directory and create .htaccess file

     vi .htaccess

#paste below configurationlines

    AuthType Basic

    AuthName "Password Required"

    Require valid-user

    AuthUserFile /etc/httpd/.htpasswd

#copy the index file from jump server

    scp /tmp/index.html <user>@<server>:/tmp

#now from the your app server copy the file to the correct location 

    cp /tmp/index.html /var/www/html/sysops/

# verification ( you need to submit the newly created user and user's password to access the file )

     curl -u mark http://<appserver IP>:8080/sysops/

*Please comment on this post if you facing any issues in the steps, also provide your feedback in the comments :)

Note: **The Question copied it for learning purposes.** Commands are correct but based on your question the server, user name, and other details might differ, so please do check.

Answer for KodeKloud Question -Linux Resource Limits

 On our Storage server in Stratos Datacenter we are having some issues where nfsuser user is holding hundred of processes, which is degrading the performance of the server. Therefore, we have a requirement to limit its maximum processes. Please set its maximum process limits as below:

a. soft limit = 79

b. hard_limit = 100

Sample Answer:

#login to server 

    ssh <user>@<server>

# switch to root user

    sudo su 

# navigate to below location 

    cd /etc/security/

#Then edit limit.conf file as below

    vi limits.conf

    

    Type i for insert mode in editor and add the following lines ( check the username and limits values form your question )

nfsuser soft nproc 79

nfsuser hard nproc 100

    Now press ESC  and write :wq! to save and exit the editor.

#Finally check the limits by typing this command

    cat /etc/security/limits.conf | grep nproc | grep -v ^#

Note: **The Question copied it for learning purposes.** Commands are correct but based on your question the server, user name, and other details might differ, so please do check.

Answer for KodeKloud Question -Linux Bash Scripts

 The production support team of xFusionCorp Industries is working on developing some bash scripts to automate different day to day tasks. One is to create a bash script for taking websites backup. They have a static website running on App Server 1 in Stratos Datacenter, and they need to create a bash script named official_backup.sh which should accomplish the following tasks. (Also remember to place the script under /scripts directory on App Server 1)

a. Create a zip archive named xfusioncorp_official.zip of /var/www/html/official directory.

b. Save the archive in /backup/ on App Server 1. This is a temporary storage, as backups from this location will be clean on weekly basis. Therefore, we also need to save this backup archive on Nautilus Backup Server.

c. Copy the created archive to Nautilus Backup Server server in /backup/ location.

d. Please make sure script won't ask for password while copying the archive file. Additionally, the respective server user (for example, tony in case of App Server 1) must be able to run it.

Sample Answer:

#this task should be done under the respective app server user ( not from the root user)

# login to the server( respective app server)

    ssh <user>@<server>

#navigate to /scripts directory 

    cd /scripts 

# create the official_backup.sh with the below contents 

        

    vi official_backup.sh

#!/bin/bash

zip -r /backup/xfusioncorp_official.zip /var/www/html/official

scp /backup/xfusioncorp_official.zip clint@172.16.238.16:/backup/

 save the file 

# now generate ssh key without password and copy to the backup server , so app server can access to backup server without password. 

#generate ssh key

    ssh-keygen

* press enter to give the default values 

# copy the key to the backup server 

    ssh-copy-key-id clint@stbkp01

#now go to /scripts location and run the script 

   

     sh offcial_backup.sh

# verify 

# login to backup server 

    ssh clint@stbkp01

# navigate to backup location 

    cd /backup 

* you will see the xfusioncorp_official.zip inside it

Note: **The Question copied it for learning purposes.** Commands are correct but based on your question the server, user name, and other details might differ, so please do check.

Answer for KodeKloud Question -Setup SSL for Nginx

 The system admins team of xFusionCorp Industries needs to deploy a new application on App Server 3 in Stratos Datacenter. They have some pre-requites to get ready that server for application deployment. Prepare the server as per requirements shared below:

1. Install and configure nginx on App Server 3.
2. On App Server 3 there is a self signed SSL certificate and key present at location /tmp/nautilus.crt and /tmp/nautilus.key. Move them to some appropriate location and deploy the same in Nginx.
3. Create an index.html file with content Welcome! under Nginx document root.
4. For final testing try to access the App Server 3 link (either hostname or IP) from jump host using curl command. For example curl -Ik https://<app-server-ip>/.

Sample Answer:

# read the question and find that, on which server nginx needs to be install ( in my case its on app 3 )

#login to app 3 server

    ssh <user>@<server IP>

#switch to root user 

    sudo su 

#install the nginx( epel-release also need to be install before nginx)

    yum install -y epel-release

    yum install -y nginx 

 #edit the nginx conf file 

    cd /etc/nginx 

    vi nginx.conf

# you need do the changes on 2 section as below ( the IP should be the respective app server IP)

# under the settings for TLS enabled server section you need to uncomment by removing the # in front of all the lines up to the bottom of the page and edit as below entries only.

# double check that, your nginx.conf file looks like as per the above screenshots
    save the file 

# now let's copy the nautilus.crt and nautilus.key files to the correct location

        cp /tmp/nautilus.crt /etc/pki/CA/certs/

        cp /tmp/nautilus.key /etc/pki/CA/private/

# now create an index.html with word Welcome! on nginx document root ( in the above screenshot you can find the root location )

  cd /usr/share/nginx/html

    ls -l

#when you do ls -l command you might be index.html already presented on this location but you can't edit that file.

    vi index.html ( you will get error when you tried to save the file>

# 2 solution for the above issue 

     # you can remove the existing file and create a new one 

                rm -r index.html and recreate it  vi index.html with a word Welcome!

    # you can do as below 

            mkdir /usr/share/nginx/doc/HTML

            # navigate to newly creted location

                cd /usr/share/nginx/doc/HTML

            # create inside HTML directory

                   vi index.html with a word Welcome!

            #save the file 

                    wq!

# start the nginx service 

        systemctl start nginx

# verify from JUMP host( you wil get 200 Ok response)

        curl -Ik https://<app-server-ip>/ 

*  if you face any issues in the steps, please comment me under this post.

Note: **The Question copied it for learning purposes.** Commands are correct but based on your question the server, user name, and other details might differ, so please do check.

Answer for KodeKloud Question - Linux Ngnix as Reverse Proxy

Nautilus system admin's team is planning to deploy a front end application for their backup utility on Nautilus Backup Server, so that they can manage the backups of different websites from a graphical user interface. They have shared requirements to set up the same; please accomplish the tasks as per detail given below:

a. Install Apache Server on Nautilus Backup Server and configure it to use 6100 port (do not bind it to 127.0.0.1 only, keep it default i.e let Apache listen on server's IP, hostname, localhost, 127.0.0.1 etc).

b. Install Nginx webserver on Nautilus Backup Server and configure it to use 8094.

c. Configure Nginx as a reverse proxy server for Apache.

d. There is a sample index file /home/index.html on Jump Host, copy that file to Apache's document root.

e. Make sure to start Apache and Nginx services.

f. You can test final changes using curl command, e.g curl http://<backup server IP or Hostname>:8094.

Sample Answer:

##Read questions, We will do one by one

# login to backup server ( user and server IP of backup server)

ssh <user>@<server>

# switch to root user

sudo su 

##first install apache(httpd) annd nginx ( we wil do the configuration part later )

# install apache

yum install -y httpd

#install epel-release ( need for nginx)

yum install epel-release

#install ngnix

yum install nginx

#we can verify by using rpm command 

rpm -aq httpd

rpm -aq nginx

# now do the apache(httpd) configuration part 

cd /etc/httpd/conf

vi httpd.conf

#change the Listen port from 80 to 6100 ( which is given in question a, check your question )

Listen 6100

#Go to ServerName and and remove # change as it below 

    ServerName 172.16.238.16:6100

Now save the config file

#now will do the chnage on nginx.conf ( change the port as given in the question)

    vi /etc/nginx/nginx.conf

#edit as below 

server {

    listen 8094 default_server;

    listen [::]:8094 default_server; 

    server_name 172.16.238.16;

}

location / {

proxy_pass http://172.16.238.16:6100;

}

save the file 

#now from the jump host copy the index.html

    scp /home/index.html clint@172.16.238.16:/tmp/

#now login back to the backup server and copy the index.html file from /tmp/ to the apache document root location

cp /tmp/index.html /var/www/html/

# start the httpd and nginx services 

        systemctl start httpd

systemctl start nginx

# verify by using curl 

curl http://172.16.238.16:8094

curl http://172.16.238.16:6100

Note: **The Question copied it for learning purposes.** Commands are correct but based on your question the server, user name, and other details might differ, so please do check.

Answer for KodeKloud Question - Install a package

 As per new application requirements shared by the Nautilus project development team, several new packages need to be installed on all app servers in Stratos Datacenter. Most of them are completed except for telnet.

Therefore, install the telnet package on all app-servers.

Sample Answer:

#login to app servers,  <user> and <server> are repective app server username and IP/hostname

    ssh <user>@<server>

# switch to root user

    sudo su 

# install telnet package    

    yum install -y telnet 

* do the above steps for all the app servers 

Note: **The Question copied it for learning purposes.** Commands are correct but based on your question the server, user name, and other details might differ, so please do check.

Answer for KodeKloud Question - Configure Local Yum repos

 The Nautilus production support team and security team had a meeting last month in which they decided to use local yum repositories for maintaing packages needed for their servers. For now they have decided to configure a local yum repo on Nautilus Backup Server. This is one of the pending items from last month, so please configure a local yum repository on Nautilus Backup Server as per details given below.

a. We have some packages already present at location /packages/downloaded_rpms/ on Nautilus Backup Server.

b. Create a yum repo named epel_local and make sure to set Repository ID to epel_local. Configure it to use package's location /packages/downloaded_rpms/.

c. Install package wget from this newly created repo.

Sample Answer:

# first read each question and verify it before creating the repository

---------------------------

initial Verification

---------------------------

#ssh to backup server

    ssh <user>@<server> 

#switch to root user

    sudo su 

#as per question some packages already present at location /packages/downloaded_rpms/ , verify it

    ls /packages/downloaded_rpms/

* you will see the list of already available packages ( note that you can see the available rpm of question C ( in my case which wget rpm)

# below commands to check already a yum repository is available or not

    yum repolist 

* you will not see any available repo details 

------------------

Create a Repo

------------------

# as per the question need to create a repo named as epel_local and set the ID also same.( check your question)

# navigate to the /etc/yum.repos.d location 

    cd /etc/yum.repos.d

# create a repo with the name 

    vi epel_local.repo

press i to insert mode and paste below ( make sure the name of your repo as given in the question)

    [epel_yum]
    name=epel_local
    baseurl=file:///packages/downloaded_rpms/
    enabled = 1
    gpgcheck = 0

press Esc and wq! to save and close 

# Now verify again using the yum repolist command 

    yum repolist 

* this time you will get the repo ID and details ( verify the name and ID should be as per question)

    
# now let's do question C part  (in my case, install the wget using this repo )

    yum install -y wget 

#let's verify 

    rpm -aq wget

* note it down the wget package detail 

#now do the yum repo list 

    yum repolist 

* you will see the wget is installed from the rpm available in the repo.

Note: **The Question copied it for learning purposes.** Commands are correct but based on your question the server, user name, and other details might differ, so please do check.

Answer for KodeKloud Question - Linux Remote Copy

 One of the Nautilus developers has copied confidential data on the jump host in Stratos DC. That data must be copied to one of the app servers. Because developers do not have access to app servers, they asked the system admins team to accomplish the task for them.

Copy /tmp/nautilus.txt.gpg file from jump server to App Server 3 at location /home/webapp.

Answer:

#from jump host , first check the permission of the file and change it 

    cd /tmp/

    ls -l nautilus.txt.gpg

#change permission 

    chmod 777 nautilus.txt.gpg

#copy the file to app 3 server /tmp/ location using SCP command 

    scp /tmp/nautilus.txt.gpg <user>@<server IP>:/tmp/

* make sure the above <user> and <server IP> detail should be respective server in my case its app server 3 user and IP/hostname

# now login to app 3 server 

    ssh <user>@<server IP> 

* make sure the above <user> and <server IP> detail should be respective server in my case its app server 3 user and IP/hostname

# switch to root user

    sudo su 

# go to /tmp location and copy the file to correct location ( /home/webapp/)

    cd /tmp/

    cp  nautilus.txt.gpg  /home/webapp/

Note: Commands are correct but based on your question the server and user name, other details might differ so please do check

Answer for KodeKloud Question - Disable Root Login

 After doing some security audits of servers, xFusionCorp Industries security team has implemented some new security policies. One of them is to disable direct root login through SSH.

Disable direct SSH root login on all app servers in Stratos Datacenter.

Answer:

#we need to login each app server and set PermitRootLogin to (no) in the sshd config file 

#login to server

    ssh <user>@<server>

# switch to root user

    sudo su 

# before chnage,  first  verify using below command or you can simply cat the sshd_config file ans find the entry PermitRootLogin

    cat /etc/ssh/sshd_config | grep PermitRootLogin

# edit the file and do the change and save it

 vi etc/ssh/sshd_config

press i to switch insert mode and edit line as below and make sure that you remove # in front of the line.

    PermitRootLogin no

#save the file 

   press Esc and  wq!

# you must restart the sshd service otherwise task change will not work.

    systemctl restart sshd

* do the above steps for all the app servers 

Note: Commands are correct but based on your question the server and user name, other details might differ so please do check.

Answer for KodeKloud Question - Linux Banner

 During the monthly compliance meeting, it was pointed out that several servers in the Stratos DC do not have a valid banner. The security team has provided several approved templates which should be applied to the servers to maintain compliance. These will be displayed to the user upon successful login.

Update the message of the day on all application and db servers for Nautilus. Make use of the approved template located at /home/thor/nautilus_banner on jump host

Answer: 

#first you need to copy the banner from jump server(home/thor/nautilus_banner) to all the app servers and DB server 

#copy the banner using scp command from jumpserver 

    scp -r /home/thor/nautilus_banner <user>@<server>:/tmp/

* do the above steps to all the app servers and DB server,  make sure <user>, <server> should be the respective username and server IP or hostname of each server 

Note: when you try this SCP command to copy the banner to DB server, it will fail because on DB server openssh-clients was not installed hence first we need to install it in DB server 

#ssh to db server 

    ssh <user>@<db server> 

#switch to root user

    sudo su 

# install the openssh-clients

    yum install openssh-clients

#exit from the db server 

    

    exit 

    exit

#now from the jump server run the scp command  again 

    scp -r /home/thor/nautilus_banner <user>@<server>:/tmp/

* <user> and <server> should be  db server user name and db server IP or hostname

# we have copied the banner to app servers  and DB server to the path( /tmp/),   now we need to login to each app servers and DB server and move the banner 

    ssh <user>@<server>

    cd /tmp/

#move the banner to /etc/motd

    mv nautilus_banner /etc/motd

* do the above steps for all the app and DB server 

# verify 

when to ssh to any app server or DB server from jump host you will see the banner 

  ssh <user>@<server>

Note: Commands are correct but based on your question the server and user name, other details might differ so please do check.

Answer for KodeKloud Question - Haproxy LBR Troubleshooting

 xFusionCorp Industries has an application running on Nautlitus infrastructure in Stratos Datacenter. The monitoring tool recognised that there is an issue with the haproxy service on LBR server. That needs to fixed to make the application work properly.

Troubleshoot and fix the issue, and make sure haproxy service is running on Nautilus LBR server.

Answer:

# ssh to LBR server

    ssh <user>@<server>

#switch to root user

    sudo su 

# verify the status of haproxy service

    systemctl status haproxy

# let try to validate the haproxy config file using the below command 

     haproxy -c -f /etc/haproxy/haproxy.cfg

# if there are any errors in the file, it will give the error as "configuration file is invalid"

# correct the errors in the haproxy.cfg file 

    vi /etc/haproxy/haproxy.cfg

Correct the typo error in the file 

( such as "timeout checking 10s" should be corrected to "timeout check 10s" 

 check the other parameters typo errors too and correct it )

# now try to start the service

    systemctl start haproxy

# now check the status again

    systemctl status haproxy

Note: Commands are correct but based on your question the server and user name, other details might differ so please do check.

Answer for KodeKloud Question - SElinux installation

 The xFusionCorp Industries security team recently did a security audit of their infrastructure and came up with ideas to improve the application and server security. They decided to use SElinux for an additional security layer. They are still planning how they will implement it; however, they have decided to start testing with app servers, so based on the recommendations they have the following requirements:

Install the required packages of SElinux on App server 2 in Stratos Datacenter and disable it permanently for now; it will be enabled after making some required configuration changes on this host. Don't worry about rebooting the server as there is already a reboot scheduled for tonight's maintenance window. Also ignore the status of SElinux command line right now; the final status after reboot should be disabled.

Answer:

#ssh to the server

    ssh <user>@<server>

#switch to root user

    sudo su 

#install selinux

    yum install selinux 

#check selinux status ( it shows as SELINX=enforcing)

    cat /etc/selinux/config | grep SELINUX

    SELINUX= enforcing

#can check the above sestaus using thiscoomand too 

    sestatus

#disbale the selinux ( i use sed coammnd to doteh task but you can do the chnage manually too )

    sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config

# chekc again now 

cat /etc/selinux/config | grep SELINUX

    SELINUX= disabled

#or use below command

    sestatus 

Note: Commands are correct but based on your question the server and user name, other details might differ so please do check.

Answer for KodeKloud Question - Linux Run Levels

 New tools have been installed on the app server in Stratos Datacenter. Some of these tools can only be managed from the graphical user interface. Therefore, there are requirements for these app servers.

On all App servers in Stratos Datacenter change the default run level so that they can boot in GUI (graphical user interface) by default.

Answer:

# Check the defaut run level     

      systemctl get-default

#Check the graphical.target status 

    systemctl status graphical.target

#Now let set the run level to graphical.target 

    systemctl set-default graphical.target

#start and enable  the graphical.target

    systemctl start graphical.target

    systemctl enable graphical.target

#Now lets check the status again 

    systemctl status graphical.target

    systemctl get-default

* Do the above steps for all other App servers 

Note: ** The question copied for learning purposes.**Commands are correct but based on your question the server and user name, other details might differ so please do check.

Answer for KodeKloud Question - Create a user with a specific ID

 For security reasons the xFusionCorp Industries security team has decided to use custom Apache users for each web application hosted, rather than its default user. This will be theApache user, so it shouldn't use the default home directory. Create the user as per requirements given below:

a. Create a user named yousuf on the App server 2 in Stratos Datacenter.

b. Set UID to 1701 and its home directory to /var/www/yousuf.

Answer:

ssh <user>@<server>

#swithc to root user

    sudo su 

#create a new user named username with UID of 1701 you would type:

    useradd -u 1701 yousuf

#after above user creation when we checked in /etc/passwd the default user home as 

/home/yousuf but as per the question we need to change its home directory to/var/www/yousuf

    

cat /etc/passwd | grep yousuf 

# Set home directory to /var/www/yousuf.

        usermod -d /var/www/yousuf -m yousuf

# To check 

    cat /etc/passwd | grep yousuf 

Note: Commands are correct but based on your question the server and user name, other details might differ so please do check.

Answer for KodeKloud Question - NFS Troubleshooting

The Nautilus production support team was trying to fix issues with their storage server. The storage server has a shared directory /data, which is mounted on all app servers at location /var/www/html so that whatever data they store on the storage server under /data can be shared among all app servers. Somehow NFS server is broken and having some issues.

Identify the root cause of the issue and fix it to make sure sharing works fine among all app servers and storage server

Sample ANSWER:

--------------------

ON Storage Server 

--------------------

#check the /etc/eports file should be as below 

    vi /etc/export

/data 172.16.238.10(rw,sync,no_subtree_check,no_root_squash,fsid=0)

/data 172.16.238.11(rw,sync,no_subtree_check,no_root_squash,fsid=0)

/data 172.16.238.12(rw,sync,no_subtree_check,no_root_squash,fsid=0)

check above details in export file( in my case mount directory  is "/data" your might different )

#run below command 

exportfs -a 

#check nfs-server and rpcbind status (if not, start both )

        systemctl status nfs-server

systemctl status rpcbind

# Start commands

systemctl start nfs-server

systemctl start rpcbind

# these commands for start the service autumatically when server boot 

systemctl enable nfs-server

systemctl enable rpcbind

#run below to check 

    showmount

-----------------------------

Now on all the APP servers 

------------------------------

#check nfs-server and rpcbind status (if not, start both )

# now do the mount part 

mount -t nfs ststor01:/data /var/www/html

# verify our mount by using any of below commands

        mount | grep nfs

df -h 

( do the above steps for all the app servers ) 

----------------

TESTING 

---------------

go to the storage server ( navigate your shared directory on the storage server)

cd /data 

#create a text file 

touch text.txt 

#Now go to each APP server and check inside the /var/www/html

text.txt should be presented if the NFS mount is worked correctly 

Note: ** The question copied for learning purposes.**
Commands are correct but based on your question the server and user name, mount directory might differ so please do check.

Answer for KodeKloud Question - Apache Troubleshooting

 xFusionCorp Industries utilizes monitoring tools to check the status of every service, application, etc. running on the systems. The monitoring system identified that Apache service is not running on some of the Nautilus Application Servers in Stratos Datacenter.

1. Identify the faulty Nautilus Application Servers and fix the issue. Also, make sure Apache service is up and running on all Nautilus Application Servers. Do not try to stop any kind of firewall that is already running.

2. Apache is running on 3002 port on all Nautilus Application Servers and its document root must be /var/www/html on all app servers.

3. Finally you can test from jump host using curl command to access Apache on all app servers and it should work fine. E.g. curl http://172.16.238.10:3002/

Answer:

#First read each question section carefully 

#login to server 

    ssh <user>@<server>

# swithc to root user

    sudo su 

# check apache service running  in all 3 app servers 

    systemctl status httpd

#check the httpd.conf in (/etc/httpd/conf/httpd.conf)

    as you can see below #ServerName www.example.com:80 need to be edited as per the details 

#Edit httpd.conf file 

    ServerName 172.16.238.10:3002

# Save the file and restart the httpd service

 

    systemctl restart httpd 

# here is the important point, once you started the httpd service sometimes it got failed you need to check the reason for its failure by issuing the status command 

    systemctl status httpd

#There can be many errors/reasons but below 3 errors can be possible as per this question 

    Invalid server root directory httpd.conf file 

    Invalid document root error in httpd.conf file

    Listen to port entry error in httpd conf file 

check above three section in the httpd.conf file and correct it 

# start the apache service again

    systemctl restart httpd

# test using below curl command from jump host to each app server

    curl http://172.16.238.10:3002/ 

    curl http://172.16.238.11:3002/

    curl http://172.16.238.12:3002/

Note: Commands are correct but based on your question the server and user name might differ so please do check.

Answer for KodeKloud Question - DNS Troubleshooting

 The system admins team of xFusionCorp Industries has noticed intermittent issues with DNS resolution in several apps . App Server 2 in Stratos Datacenter is having some DNS resolution issues, so we want to add some additional DNS nameservers on this server.

As a temporary fix we have decided to go with Google public DNS (ipv4). Please make appropriate changes on this server.

Answer:

ssh <user>@<servername>
sudo su 

#To check 
cat /etc/resolv.conf

#To update 
vi /etc/resolv.conf

(press "i" to go insert mode ) paste this entry above the local DNS 

nameserver 8.8.8.8

To save the file (press "Esc" and type ":wq!")

# To test 
ping google.com

Note: Commands are correct but based on your question the server and user name might differ so please do check.

Answer for KodeKloud Question - Linux Services

 As per details shared by the development team, the new application release has some dependencies on the back end. There are some packages/services that need to be installed on all app servers under Stratos Datacenter. As per requirements please perform the following steps:

a. Install cups package on all the application servers.

b. Once installed, make sure it is enabled to start during boot.

Sample Answer: 

ssh <user>@<server>

sudo su

#Install the cups package

    yum install -y cups 

#Start the cups service

    Systemctl start cups

#Check the status of cups service

    Systemctl status cups

# Enabled cups service to start during boot 

    Systemctl enable cups

Note: **The Question copied for learning purposes.** Commands are correct but based on your question the server, user name, and other details might differ, so please do check.

Answer for KodeKloud Question - Create a Cron Job

 The Nautilus system admins team has prepared scripts to automate several day-to-day tasks. They want them to be deployed on all app servers in Stratos DC on a set schedule. Before that they need to test similar functionality with a sample cron job. Therefore, perform the steps below:

a. Install cronie package on all Nautilus app servers and start crond service.
b. Add a cron */5 * * * * echo hello > /tmp/cron_text for root user.

Sample Answer:

ssh <user>@<server>

#Swithc to root user

sudo su 

# Install the cronie package
        yum install cronie

#Start the crond service 
         systemctl start crond.service 

#Check cron service status 

        systemctl status crond.service

.#Create a cronjob by typing 

        crontab -e

 #Write the cron job  (press "i" to change the insert mode then paste below command then type "Esc" :wq!)

        */5 * * * * echo hello  >  /tmp/cron_text

 #Check cron job 

        crontab -l

#Check cron job for root 

        crontab -u root -l

Note: **The Question copied it for learning purposes.** Commands are correct but based on your question the server, user name, and other details might differ, so please do check.

Answer for KodeKloud Question - Linux User Expiry

A developer Kareem has been assigned Nautilus project temporarily as a backup resource. As a temporary resource for this project, we need a temporary user for Kareem. It’s a good idea to create a user with a set expiration date so that the user won't be able to access servers beyond that point.

Therefore, create a user named kareem on the App Server 1. Set expiry date to 2021-03-28 in Stratos Datacenter. Make sure the user is created as per standard and is in lowercase.

Sample Answer:

ssh <user>@<server>

sudo su 

useradd kareem

#to verify kareem accout expiry date 

 [root@stapp01 home]# chage -l kareem
Last password change                                : Oct 30, 2020
Password expires                                        : never
Password inactive                                       : never
Account expires                                          : never
Minimum number of days between password change          : 0
Maximum number of days between password change          : 99999
Number of days of warning before password expires       : 7

# comand to change the accout expiry date

[root@stapp01 home]# chage -E 2021-03-28 kareem

#To verify again 

[root@stapp01 home]# chage -l kareem
Last password change                                    : Oct 30, 2020
Password expires                                        : never
Password inactive                                       : never
Account expires                                         : Mar 28, 2021
Minimum number of days between password change          : 0
Maximum number of days between password change          : 99999
Number of days of warning before password expires       : 7
[root@stapp01 home]#

Note: **The Question copied it for learning purposes.** Commands are correct but based on your question the server, user name, and other details might differ, so please do check.

check below video too for how to do the task (i have done a sample task on  Ubuntu OS)

Answer for KodeKloud Question - Linux String Substitute

 The backup server in the Stratos DC contains several template XML files used by the Nautilus application. However, these template XML files must be populated with valid data before they can be used. One of the daily tasks of a system admin working in the xFusionCorp industries is to apply string and file manipulation commands!

Replace all occurrences of the string Sample to Cloud on the XML file /root/nautilus.xml located in the backup server.

Sample Answer: 

#ssh to server

    ssh <user>@<server>

#switch to root user

    sudo su

# verify 

    cat nautilus.xml | grep -i Sample 

#Replace command

    sed -i 's/Sample/Cloud/g' /root/nautilus.xml

#you can verify again using the below command 

    cat nautilus.xml | grep -i Sample 

 

Note: **The Question copied it for learning purposes.** Commands are correct but based on your question the server, user name, and other details might differ, so please do check.

check the below video too for how to do a similar task (i have done a sample task on Ubuntu OS)