Answer for KodeKloud Question -Linux Network Services

 Our monitoring tool has reported an issue in Stratos Datacenter. One of our app servers has an issue, as its Apache service is not reachable on port 3000 (which is our Apache port). The service itself could be down, the firewall could be at fault, or something else could be causing the issue.

Use tools like telnet, netstat, etc. to find and fix the issue. Also make sure Apache is reachable from the jump host without compromising any security settings.

sample Answer:

#first of all , do telnet to all the app servers from jump host ( "port" as per your question )

    telnet <app-server-01-IP> <port>

    telnet <app-server-02-IP> <port>

    telnet <app-server-03-IP> <port>

*you will find from the above step that one of the app servers will not connect. login to that server( in my case its app server 01 )

    ssh <user>@<app-server-01-IP>

#switch to roo user 

    sudo su 

#now, check the apache service status 

    systemctl status httpd 

* if httpd not running start the service

    systemctl start httpd 

#if you get an error form the above start command try to find the error using the below command 

    httpd -t

* it will show you the error, correct that error ( in my case ServerName needs to be added to httpd.conf file)

    vi /etc/httpd/conf/httpd.conf

ServerName <app-server-01-IP>:<port>

*save the file and start the apache service 

    systemctl start httpd 

* still not started?

 #let's verify the Listen port to find any services running on the same apache port.

    netstat -anp | grep <port as per your question>

* it will show you the service which is blocking the apache service

 #kill that service 

    kill -9 <pid>

#now start the apache service 

    systemctl start httpd 

#now try telnet to app server 01 from jump host, 

    telnet <app-server -01-IP> <apache port>

Still, you are not connected to the server? follow the steps below 

# in app server 01 (check the iptables entry)

    iptables -S 

#add a rule (port should be your apache port as per your question)

     

    iptables -I INPUT -p tcp -m tcp --dport <your apache port> -j ACCEPT

# save the rule 
    

    service iptables save

    

##now try telnet to app server 01 from jump host

    telnet <app-server -01-IP> <apache port>

*Please comment on this post if you facing any issues in the steps, also provide your feedback in the comments :)

Note: **The Question copied it for learning purposes.** Commands are correct but based on your question the server, user name, and other details might differ, so please do check.

Answer for KodeKloud Question -Linux Firewalld Setup

 To secure our Nautilus infrastructure in Stratos Datacenter we have decided to install and configure firewalld on all app servers. We have Apache and Nginx services running on these apps. Nginx is running as a reverse proxy server for Apache. We might have more robust firewall settings in the future, but for now, we have decided to go with the given requirements listed below:

a. Allow all incoming connections on Nginx port.

b. Allow incoming connections from LB host only on Apache port and block for all others.

c. All rules must be permanent.

d. Zone should be public.

e. If Apache or Nginx services aren't running already, please make sure to start them.

Sample Answer:

##first let's start with apache and nginx service, ports verification 

#login to app server

    ssh <user>@<server>

#switch to root user

    sudo su

#check the apache service status 

systemctl status httpd

#check the nginx service status

systemctl status nginx

# if the above services not running you can start it using the below command otherwise ignore it.

systemctl start httpd

systemctl start nginx

# now we will get the apache Listen port  by using the below command (note down the port number we will use for later configuration)

    cat /etc/httpd/conf/httpd.conf | grep Listen

output will looks liks: 
Listen 5003

# now we will get ngnix Listen port  by using the below command (note down the port number we will use for later configuration)

cat /etc/nginx/nginx.conf | grep listen

output will looks like this:

listen       8096 default_server;

#now let's install firewalld service 

yum install -y firewalld

# enable and start the firewalld service and check the status using below comands 

    systemctl enable firewalld
    systemctl start firewalld
    systemctl status firewalld

#before doing the any firewall changes do some pre-check using these commands 

firewall-cmd --state

        firewall-cmd --get-default-zone

        firewall-cmd --zone=public --list-all 
firewall-cmd --zone=public --list-ports
firewall-cmd --get-active-zones

## let's do the firewall configuration

#allow the nginx port (make sure, you have to use your nginx port, which you find from our earlier steps, check those steps)

firewall-cmd --permanent --zone=public --add-port=8096/tcp 

#allow services http and https

firewall-cmd --permanent --zone=public --add-service={http,https}

#allow the appache port (make sure, you have to use your LB host ip and apache port,which you find from our earlier steps, check those steps)

     firewall-cmd --permanent --zone=public --add-rich-rule='rule family="ipv4" source                                address="<LB-host-IP>" port protocol=tcp port=5003 accept'

#add interface

    firewall-cmd --permanent --zone=public --change-interface=wan

#relaod firewalld service to take effect

    firewall-cmd --reload

#now do the post-check using these commands 

        firewall-cmd --zone=public --list-all 
firewall-cmd --zone=public --list-ports
firewall-cmd --get-active-zones

#last step, you have to do the Nginx reverse proxy configuration as below 

(you have to give the correct port and server IP as per your question ) 

vi /etc/nginx/nginx.conf

server {

  listen          <nginx-port>;

  listen          [::]:<nginx-port>;

  server_name     <App-server-IP>;

  root            /usr/share/nginx/html;

}

location / {

   proxy_pass http://<app-server-IP>:<apache-port>/;

}

#save the configuration and restart nginx and apache services 

    systemctl  restart nginx

    systemctl restart apache

* YOU MUST DO ALL THE ABOVE steps in ALL THE APPLICATION SERVERS.

##final Testing 

# From Jump Host

    curl -I  <app-server-IP-01>:<nginx_port>

    curl -I  <app-server-IP-02>:<nginx_port>

    curl -I  <app-server-IP-03>:<nginx_port>

# From LB host

    

    curl -I  <app-server-IP-01>:<nginx_port>

    curl -I  <app-server-IP-02>:<nginx_port>

    curl -I  <app-server-IP-03>:<nginx_port>

    curl -I  <app-server-IP-01>:<apache_port>

    curl -I  <app-server-IP-02>:<apche_port>

    curl -I  <app-server-IP-03>:<apache_port>

*Please comment on this post if you facing any issues in the steps, also provide your feedback in the comments :)

Note: **The Question copied it for learning purposes.** Commands are correct but based on your question the server, user name, and other details might differ, so please do check.

Answer for KodeKloud Question -Install and Configure HaProxy LBR

 There is a static website of Nautilus project running in Stratos Datacenter. Based on the infrastructure, they have already configured app servers and code is already deployed there. To make it work properly, they need to configure LBR server. There are number of options for that, but team has decided to go with HAproxy.

a. So install and configure HAproxy on LBR server using yum only and make sure all app servers are added to HAproxy load balancer. HAproxy must serve on default http port (Note: Please do not remove stats socket /var/lib/haproxy/stats entry from haproxy default config.).

b. You can access the website on LBR link—to do so click on the + button on top of your terminal, select option Select port to view on Host 1, and after adding port 80 click on Display Port.

Sample Answer:

#first you need to log in to all the app servers and find the Listen port ( as per the question app servers are already configured ) also need to start the httpd services too.

    

#login to a server

    ssh <user><server>

#switch to root user

    sudo su

#run below 

    cat /etc/httpd/conf/httpd.conf | grep Listen

  *the output look likes as below ( your port might be different make a note of it we need to use in our haproxy conf file)

    

    Listen 8084

#now start the httpd service ( make sure you started in all the app servers)

    systemctl enable httpd

    systemctl start httpd

    

    systemctl status httpd

* do the above steps in all the app servers 

# now login to LBR server 

    

    ssh <user>@<server>

#switch to root user 

    

    sudo su 

# install the haproxy using yum 

    

    yum -y install haproxy

#copy eixting conf file before making any changes 

    cp /etc/haproxy/haproxy.cfg /etc/haproxy/haproxy.cfg.backup 

#make sure that you do not change the below entry in the haproxy conf file (mentioned in the question)

    cat /etc/haproxy/haproxy.cfg | grep haproxy/stats

 #now let's add the configuration 

    

    vi /etc/haproxy/haproxy.cfg

frontend  main *:80

        acl url_static       path_beg       -i /static /images /javascript /stylesheets

        acl url_static       path_end       -i .jpg .gif .png .css .js

        use_backend static          if url_static

        default_backend             app

backend  app

        balance roundrobin

        server stapp01 172.16.238.10:8084 check

        server stapp02 172.16.238.11:8084 check

        server stapp03 172.16.238.12:8084 check

    

   save the conf file 

* make sure that your configuration as above but (port should be as per your app servers port)

#now validate the haproxy configuration file by running the below command(if there is any error it will show you otherwise its fine)

    haproxy -f /etc/haproxy/haproxy.cfg

#now enable and start the haproxy service 
    

    systemctl enable haproxy

    systemctl start haproxy

#let's verify, run below command from jump server ( port as per your app servers)

    curl 172.16.238.10:8084

    curl 172.16.238.11:8084

    curl 172.16.238.12:8084

    curl 172.16.238.14:80

#also verify as below 

    Click on the + button on top of your terminal, select the option Select port to view on Host 1, and after adding port 80 clicks on Display Port.

Note: **The Question copied it for learning purposes.** Commands are correct but based on your question the server, user name, and other details might differ, so please do check.

Answer for KodeKloud Question - Application Security

 We have a backup management application UI hosted on Nautilus's backup server in Stratos DC. That backup management application code is deployed under Apache on the backup server itself, and Nginx is running as a reverse proxy on the same server. Apache and Nginx ports are 8087 and 8091, respectively. We have iptables firewall installed on this server. Make the appropriate changes to fulfill the requirements mentioned below:

We want to open all incoming connections to Nginx's port and block all incoming connections to Apache's port. Also, make sure rules are permanent.

Sample Answer:

#login to backup server 

    ssh <user>@<server>

#switch to root user 

    sudo su 

#verify the iptables before doing any chnages 

    cat /etc/sysconfig/iptables

#run below commands in terminal ( you MUST make sure the correct ports of Nginx and Apache from your question)

    iptables -A INPUT -p tcp --dport 8091 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT

    iptables -A INPUT -p tcp --dport 8087 -m conntrack --ctstate NEW -j REJECT

# to save above entries run below comand in terminal

    iptables-save > /etc/sysconfig/iptables

#verify ( you can see your entries inside )

    cat /etc/sysconfig/iptables

Note: **The Question copied it for learning purposes.** Commands are correct but based on your question the server, user name, and other details might differ, so please do check.

Answer for KodeKloud Question - Configure protected directories in Apache

 xFusionCorp Industries has hosted several static websites on Nautilus Application Servers in Stratos DC. There are some confidential directories on document root that need to be password protected. Because they are using Apache for hosting the websites, the production support team has decided to use .htaccess with basic auth. There is a website that needs to be uploaded to /var/www/html/sysops on Nautilus App Server 1. However, we need to set up the authentication before that.

1. Create /var/www/html/sysops direcotry if doesn't exist.

2. Add a user mark in htpasswd and set its password to ksH85UJjhb.

3. There is a file /tmp/index.html placed on Jump Server. Copy the same to new directory you created, please make sure default document root should remain /var/www/html. Also website should work on URL http://<app-server-hostname>:<port>/sysops

Sample Answer:

# login to the given server in the question 

    ssh <user>@<server>

#switch to root user

    sudo su 

#create /var/www/html/sysops directory (check your question)

    mkdir /var/www/html/sysops

#Add a user and set password ( check your question username and password)

    htpasswd -c /etc/httpd/.htpasswd mark

* above command will ask for a new password for the user, paste the password given in question 

#Go to sysops directory and create .htaccess file

     vi .htaccess

#paste below configurationlines

    AuthType Basic

    AuthName "Password Required"

    Require valid-user

    AuthUserFile /etc/httpd/.htpasswd

#copy the index file from jump server

    scp /tmp/index.html <user>@<server>:/tmp

#now from the your app server copy the file to the correct location 

    cp /tmp/index.html /var/www/html/sysops/

# verification ( you need to submit the newly created user and user's password to access the file )

     curl -u mark http://<appserver IP>:8080/sysops/

*Please comment on this post if you facing any issues in the steps, also provide your feedback in the comments :)

Note: **The Question copied it for learning purposes.** Commands are correct but based on your question the server, user name, and other details might differ, so please do check.

Answer for KodeKloud Question -Linux Resource Limits

 On our Storage server in Stratos Datacenter we are having some issues where nfsuser user is holding hundred of processes, which is degrading the performance of the server. Therefore, we have a requirement to limit its maximum processes. Please set its maximum process limits as below:

a. soft limit = 79

b. hard_limit = 100

Sample Answer:

#login to server 

    ssh <user>@<server>

# switch to root user

    sudo su 

# navigate to below location 

    cd /etc/security/

#Then edit limit.conf file as below

    vi limits.conf

    

    Type i for insert mode in editor and add the following lines ( check the username and limits values form your question )

nfsuser soft nproc 79

nfsuser hard nproc 100

    Now press ESC  and write :wq! to save and exit the editor.

#Finally check the limits by typing this command

    cat /etc/security/limits.conf | grep nproc | grep -v ^#

Note: **The Question copied it for learning purposes.** Commands are correct but based on your question the server, user name, and other details might differ, so please do check.

Answer for KodeKloud Question -Linux Bash Scripts

 The production support team of xFusionCorp Industries is working on developing some bash scripts to automate different day to day tasks. One is to create a bash script for taking websites backup. They have a static website running on App Server 1 in Stratos Datacenter, and they need to create a bash script named official_backup.sh which should accomplish the following tasks. (Also remember to place the script under /scripts directory on App Server 1)

a. Create a zip archive named xfusioncorp_official.zip of /var/www/html/official directory.

b. Save the archive in /backup/ on App Server 1. This is a temporary storage, as backups from this location will be clean on weekly basis. Therefore, we also need to save this backup archive on Nautilus Backup Server.

c. Copy the created archive to Nautilus Backup Server server in /backup/ location.

d. Please make sure script won't ask for password while copying the archive file. Additionally, the respective server user (for example, tony in case of App Server 1) must be able to run it.

Sample Answer:

#this task should be done under the respective app server user ( not from the root user)

# login to the server( respective app server)

    ssh <user>@<server>

#navigate to /scripts directory 

    cd /scripts 

# create the official_backup.sh with the below contents 

        

    vi official_backup.sh

#!/bin/bash

zip -r /backup/xfusioncorp_official.zip /var/www/html/official

scp /backup/xfusioncorp_official.zip clint@172.16.238.16:/backup/

 save the file 

# now generate ssh key without password and copy to the backup server , so app server can access to backup server without password. 

#generate ssh key

    ssh-keygen

* press enter to give the default values 

# copy the key to the backup server 

    ssh-copy-key-id clint@stbkp01

#now go to /scripts location and run the script 

   

     sh offcial_backup.sh

# verify 

# login to backup server 

    ssh clint@stbkp01

# navigate to backup location 

    cd /backup 

* you will see the xfusioncorp_official.zip inside it

Note: **The Question copied it for learning purposes.** Commands are correct but based on your question the server, user name, and other details might differ, so please do check.

Answer for KodeKloud Question -Setup SSL for Nginx

 The system admins team of xFusionCorp Industries needs to deploy a new application on App Server 3 in Stratos Datacenter. They have some pre-requites to get ready that server for application deployment. Prepare the server as per requirements shared below:

1. Install and configure nginx on App Server 3.
2. On App Server 3 there is a self signed SSL certificate and key present at location /tmp/nautilus.crt and /tmp/nautilus.key. Move them to some appropriate location and deploy the same in Nginx.
3. Create an index.html file with content Welcome! under Nginx document root.
4. For final testing try to access the App Server 3 link (either hostname or IP) from jump host using curl command. For example curl -Ik https://<app-server-ip>/.

Sample Answer:

# read the question and find that, on which server nginx needs to be install ( in my case its on app 3 )

#login to app 3 server

    ssh <user>@<server IP>

#switch to root user 

    sudo su 

#install the nginx( epel-release also need to be install before nginx)

    yum install -y epel-release

    yum install -y nginx 

 #edit the nginx conf file 

    cd /etc/nginx 

    vi nginx.conf

# you need do the changes on 2 section as below ( the IP should be the respective app server IP)

# under the settings for TLS enabled server section you need to uncomment by removing the # in front of all the lines up to the bottom of the page and edit as below entries only.

# double check that, your nginx.conf file looks like as per the above screenshots
    save the file 

# now let's copy the nautilus.crt and nautilus.key files to the correct location

        cp /tmp/nautilus.crt /etc/pki/CA/certs/

        cp /tmp/nautilus.key /etc/pki/CA/private/

# now create an index.html with word Welcome! on nginx document root ( in the above screenshot you can find the root location )

  cd /usr/share/nginx/html

    ls -l

#when you do ls -l command you might be index.html already presented on this location but you can't edit that file.

    vi index.html ( you will get error when you tried to save the file>

# 2 solution for the above issue 

     # you can remove the existing file and create a new one 

                rm -r index.html and recreate it  vi index.html with a word Welcome!

    # you can do as below 

            mkdir /usr/share/nginx/doc/HTML

            # navigate to newly creted location

                cd /usr/share/nginx/doc/HTML

            # create inside HTML directory

                   vi index.html with a word Welcome!

            #save the file 

                    wq!

# start the nginx service 

        systemctl start nginx

# verify from JUMP host( you wil get 200 Ok response)

        curl -Ik https://<app-server-ip>/ 

*  if you face any issues in the steps, please comment me under this post.

Note: **The Question copied it for learning purposes.** Commands are correct but based on your question the server, user name, and other details might differ, so please do check.

Answer for KodeKloud Question - Linux Ngnix as Reverse Proxy

Nautilus system admin's team is planning to deploy a front end application for their backup utility on Nautilus Backup Server, so that they can manage the backups of different websites from a graphical user interface. They have shared requirements to set up the same; please accomplish the tasks as per detail given below:

a. Install Apache Server on Nautilus Backup Server and configure it to use 6100 port (do not bind it to 127.0.0.1 only, keep it default i.e let Apache listen on server's IP, hostname, localhost, 127.0.0.1 etc).

b. Install Nginx webserver on Nautilus Backup Server and configure it to use 8094.

c. Configure Nginx as a reverse proxy server for Apache.

d. There is a sample index file /home/index.html on Jump Host, copy that file to Apache's document root.

e. Make sure to start Apache and Nginx services.

f. You can test final changes using curl command, e.g curl http://<backup server IP or Hostname>:8094.

Sample Answer:

##Read questions, We will do one by one

# login to backup server ( user and server IP of backup server)

ssh <user>@<server>

# switch to root user

sudo su 

##first install apache(httpd) annd nginx ( we wil do the configuration part later )

# install apache

yum install -y httpd

#install epel-release ( need for nginx)

yum install epel-release

#install ngnix

yum install nginx

#we can verify by using rpm command 

rpm -aq httpd

rpm -aq nginx

# now do the apache(httpd) configuration part 

cd /etc/httpd/conf

vi httpd.conf

#change the Listen port from 80 to 6100 ( which is given in question a, check your question )

Listen 6100

#Go to ServerName and and remove # change as it below 

    ServerName 172.16.238.16:6100

Now save the config file

#now will do the chnage on nginx.conf ( change the port as given in the question)

    vi /etc/nginx/nginx.conf

#edit as below 

server {

    listen 8094 default_server;

    listen [::]:8094 default_server; 

    server_name 172.16.238.16;

}

location / {

proxy_pass http://172.16.238.16:6100;

}

save the file 

#now from the jump host copy the index.html

    scp /home/index.html clint@172.16.238.16:/tmp/

#now login back to the backup server and copy the index.html file from /tmp/ to the apache document root location

cp /tmp/index.html /var/www/html/

# start the httpd and nginx services 

        systemctl start httpd

systemctl start nginx

# verify by using curl 

curl http://172.16.238.16:8094

curl http://172.16.238.16:6100

Note: **The Question copied it for learning purposes.** Commands are correct but based on your question the server, user name, and other details might differ, so please do check.

Answer for KodeKloud Question - Install a package

 As per new application requirements shared by the Nautilus project development team, several new packages need to be installed on all app servers in Stratos Datacenter. Most of them are completed except for telnet.

Therefore, install the telnet package on all app-servers.

Sample Answer:

#login to app servers,  <user> and <server> are repective app server username and IP/hostname

    ssh <user>@<server>

# switch to root user

    sudo su 

# install telnet package    

    yum install -y telnet 

* do the above steps for all the app servers 

Note: **The Question copied it for learning purposes.** Commands are correct but based on your question the server, user name, and other details might differ, so please do check.

Answer for KodeKloud Question - Configure Local Yum repos

 The Nautilus production support team and security team had a meeting last month in which they decided to use local yum repositories for maintaing packages needed for their servers. For now they have decided to configure a local yum repo on Nautilus Backup Server. This is one of the pending items from last month, so please configure a local yum repository on Nautilus Backup Server as per details given below.

a. We have some packages already present at location /packages/downloaded_rpms/ on Nautilus Backup Server.

b. Create a yum repo named epel_local and make sure to set Repository ID to epel_local. Configure it to use package's location /packages/downloaded_rpms/.

c. Install package wget from this newly created repo.

Sample Answer:

# first read each question and verify it before creating the repository

---------------------------

initial Verification

---------------------------

#ssh to backup server

    ssh <user>@<server> 

#switch to root user

    sudo su 

#as per question some packages already present at location /packages/downloaded_rpms/ , verify it

    ls /packages/downloaded_rpms/

* you will see the list of already available packages ( note that you can see the available rpm of question C ( in my case which wget rpm)

# below commands to check already a yum repository is available or not

    yum repolist 

* you will not see any available repo details 

------------------

Create a Repo

------------------

# as per the question need to create a repo named as epel_local and set the ID also same.( check your question)

# navigate to the /etc/yum.repos.d location 

    cd /etc/yum.repos.d

# create a repo with the name 

    vi epel_local.repo

press i to insert mode and paste below ( make sure the name of your repo as given in the question)

    [epel_yum]
    name=epel_local
    baseurl=file:///packages/downloaded_rpms/
    enabled = 1
    gpgcheck = 0

press Esc and wq! to save and close 

# Now verify again using the yum repolist command 

    yum repolist 

* this time you will get the repo ID and details ( verify the name and ID should be as per question)

    
# now let's do question C part  (in my case, install the wget using this repo )

    yum install -y wget 

#let's verify 

    rpm -aq wget

* note it down the wget package detail 

#now do the yum repo list 

    yum repolist 

* you will see the wget is installed from the rpm available in the repo.

Note: **The Question copied it for learning purposes.** Commands are correct but based on your question the server, user name, and other details might differ, so please do check.

Answer for KodeKloud Question - Linux Remote Copy

 One of the Nautilus developers has copied confidential data on the jump host in Stratos DC. That data must be copied to one of the app servers. Because developers do not have access to app servers, they asked the system admins team to accomplish the task for them.

Copy /tmp/nautilus.txt.gpg file from jump server to App Server 3 at location /home/webapp.

Answer:

#from jump host , first check the permission of the file and change it 

    cd /tmp/

    ls -l nautilus.txt.gpg

#change permission 

    chmod 777 nautilus.txt.gpg

#copy the file to app 3 server /tmp/ location using SCP command 

    scp /tmp/nautilus.txt.gpg <user>@<server IP>:/tmp/

* make sure the above <user> and <server IP> detail should be respective server in my case its app server 3 user and IP/hostname

# now login to app 3 server 

    ssh <user>@<server IP> 

* make sure the above <user> and <server IP> detail should be respective server in my case its app server 3 user and IP/hostname

# switch to root user

    sudo su 

# go to /tmp location and copy the file to correct location ( /home/webapp/)

    cd /tmp/

    cp  nautilus.txt.gpg  /home/webapp/

Note: Commands are correct but based on your question the server and user name, other details might differ so please do check

Answer for KodeKloud Question - Disable Root Login

 After doing some security audits of servers, xFusionCorp Industries security team has implemented some new security policies. One of them is to disable direct root login through SSH.

Disable direct SSH root login on all app servers in Stratos Datacenter.

Answer:

#we need to login each app server and set PermitRootLogin to (no) in the sshd config file 

#login to server

    ssh <user>@<server>

# switch to root user

    sudo su 

# before chnage,  first  verify using below command or you can simply cat the sshd_config file ans find the entry PermitRootLogin

    cat /etc/ssh/sshd_config | grep PermitRootLogin

# edit the file and do the change and save it

 vi etc/ssh/sshd_config

press i to switch insert mode and edit line as below and make sure that you remove # in front of the line.

    PermitRootLogin no

#save the file 

   press Esc and  wq!

# you must restart the sshd service otherwise task change will not work.

    systemctl restart sshd

* do the above steps for all the app servers 

Note: Commands are correct but based on your question the server and user name, other details might differ so please do check.

Answer for KodeKloud Question - Linux Banner

 During the monthly compliance meeting, it was pointed out that several servers in the Stratos DC do not have a valid banner. The security team has provided several approved templates which should be applied to the servers to maintain compliance. These will be displayed to the user upon successful login.

Update the message of the day on all application and db servers for Nautilus. Make use of the approved template located at /home/thor/nautilus_banner on jump host

Answer: 

#first you need to copy the banner from jump server(home/thor/nautilus_banner) to all the app servers and DB server 

#copy the banner using scp command from jumpserver 

    scp -r /home/thor/nautilus_banner <user>@<server>:/tmp/

* do the above steps to all the app servers and DB server,  make sure <user>, <server> should be the respective username and server IP or hostname of each server 

Note: when you try this SCP command to copy the banner to DB server, it will fail because on DB server openssh-clients was not installed hence first we need to install it in DB server 

#ssh to db server 

    ssh <user>@<db server> 

#switch to root user

    sudo su 

# install the openssh-clients

    yum install openssh-clients

#exit from the db server 

    

    exit 

    exit

#now from the jump server run the scp command  again 

    scp -r /home/thor/nautilus_banner <user>@<server>:/tmp/

* <user> and <server> should be  db server user name and db server IP or hostname

# we have copied the banner to app servers  and DB server to the path( /tmp/),   now we need to login to each app servers and DB server and move the banner 

    ssh <user>@<server>

    cd /tmp/

#move the banner to /etc/motd

    mv nautilus_banner /etc/motd

* do the above steps for all the app and DB server 

# verify 

when to ssh to any app server or DB server from jump host you will see the banner 

  ssh <user>@<server>

Note: Commands are correct but based on your question the server and user name, other details might differ so please do check.

Answer for KodeKloud Question - Haproxy LBR Troubleshooting

 xFusionCorp Industries has an application running on Nautlitus infrastructure in Stratos Datacenter. The monitoring tool recognised that there is an issue with the haproxy service on LBR server. That needs to fixed to make the application work properly.

Troubleshoot and fix the issue, and make sure haproxy service is running on Nautilus LBR server.

Answer:

# ssh to LBR server

    ssh <user>@<server>

#switch to root user

    sudo su 

# verify the status of haproxy service

    systemctl status haproxy

# let try to validate the haproxy config file using the below command 

     haproxy -c -f /etc/haproxy/haproxy.cfg

# if there are any errors in the file, it will give the error as "configuration file is invalid"

# correct the errors in the haproxy.cfg file 

    vi /etc/haproxy/haproxy.cfg

Correct the typo error in the file 

( such as "timeout checking 10s" should be corrected to "timeout check 10s" 

 check the other parameters typo errors too and correct it )

# now try to start the service

    systemctl start haproxy

# now check the status again

    systemctl status haproxy

Note: Commands are correct but based on your question the server and user name, other details might differ so please do check.

Answer for KodeKloud Question - SElinux installation

 The xFusionCorp Industries security team recently did a security audit of their infrastructure and came up with ideas to improve the application and server security. They decided to use SElinux for an additional security layer. They are still planning how they will implement it; however, they have decided to start testing with app servers, so based on the recommendations they have the following requirements:

Install the required packages of SElinux on App server 2 in Stratos Datacenter and disable it permanently for now; it will be enabled after making some required configuration changes on this host. Don't worry about rebooting the server as there is already a reboot scheduled for tonight's maintenance window. Also ignore the status of SElinux command line right now; the final status after reboot should be disabled.

Answer:

#ssh to the server

    ssh <user>@<server>

#switch to root user

    sudo su 

#install selinux

    yum install selinux 

#check selinux status ( it shows as SELINX=enforcing)

    cat /etc/selinux/config | grep SELINUX

    SELINUX= enforcing

#can check the above sestaus using thiscoomand too 

    sestatus

#disbale the selinux ( i use sed coammnd to doteh task but you can do the chnage manually too )

    sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config

# chekc again now 

cat /etc/selinux/config | grep SELINUX

    SELINUX= disabled

#or use below command

    sestatus 

Note: Commands are correct but based on your question the server and user name, other details might differ so please do check.