Linux System Engineer Final Review

4 hours
  • 13 Learning Objectives

About this Hands-on Lab

This activity is meant to function as a practical exam to review the major subjects covered in the Linux Foundation Certified System Engineer course that a student is likely to come across during that exam. At the end of this activity, the student should have a good idea of some of the topics they may need to review further before sitting for that exam.
This practice exam is not intended to be instructional, but a test of your readiness to pass the exam. Please study the course before doing the practice test so that this is a validation of your preparation.

Learning Objectives

Successfully complete this lab by achieving the following learning objectives:

Set up the firewall for future success.

In order to complete the tasks in this review, there are a number of ports that need to be open between the two systems. Using the ‘IPTABLES’ firewall running on ‘EXAM REVIEW SERVER’, configure the following TCP and UDP ports to answer to any requests:

  • ports; 80, 443, 8080, 20, 21, 22, 25, 3489, 5901
  • service iscsi-target
  • use firewalld to check the settings.
  • nmap should ONLY be used against the PRIVATE IP ADDRESSES.

    Confirm these ports are open and will remain open. Failure to open any of these ports will cause the activities in many of the following tasks to seemingly fail despite otherwise valid configurations.
    Plus this is a requierment of the real exam 😉

Naming. the following naming is used:

  • cloud_user@server ==> EXAM REVIEW SERVER

  • cloud_user@client ==> EXAM CLIENT

IP addresses will vary from those in the video and notes. Do as you would in a work situation and note down the device name, purpose, and IP addresses to keep them clear.
You can check the Host name with one of these commands;
hostname or
hostnamectl or
cat /proc/sys/kernel/hostname .

Use git to set up our local git repo.

On the EXAM REVIEW SERVER, install the git version control software package from the configured repositories. Create a new, empty local repository on the server in the /home/cloud_user directory. This new repository should exist in a directory called mysite at that location. Once the repository initializes, set the global user and email in the git configuration. Finally, create a new file populated with whatever text you wish. Add that file to the repository and commit the changes with a commit comment that says "Version 1".

Create the SSH key and copy it from the CLIENT to the SERVER.

The user account cloud__user has been deployed to both servers. On the system called EXAM REVIEW SERVER, create an SSH key. For this practice lab, do NOT set a passphrase for the key.

Once created, exchange the SSH key with the same user on the system called EXAM CLIENT. You can use any method of key exchange you wish as long as the result is that the cloud_user is able to ssh from EXAM REVIEW SERVER to EXAM CLIENT without providing any password or passphrase.

Create our reports.

You are tasked with creating reports on a number of system performance metrics on the system called EXAM REVIEW SERVER. Using the appropriate utilities, create three reports that will be stored in the /home/cloud_user directory as follows:

  • Top 10 running processes on the system, including the process owner — log in a file called process-lisst.txt.
  • Used, Free, and Cached memory values — log in a file called mem-stats.txt.
  • System Load Numbers, in 5-second increments, over a period of 30 seconds — log in a file called sys-log.txt.

Make sure that you check that the logs contain useful data before you send them to your manager (or the Exam validation app). 😉

Install the iptraf package and use it to log information.

Install the iptraf package. Use it to capture and review all traffic from any endpoint to the system called EXAM REVIEW SERVER over 1 minute. Maintain the default location and log file that the tool uses.

NOTE: You may see more traffic than observed in the video. Take a moment to consider where it is coming from and why. Try adding some icmp / ping traffic from your CLIENT.

Update, reboot, and verify the kernel on the CLIENT.

On the CLIENT, within the /home/cloud_user directory, you will find an RPM package that contains a specific kernel version. Update the EXAM CLIENT system with that new kernel package and reboot and confirm that the new kernel is applied.

Update all packages on the CLIENT system.

Log in to the system called EXAM CLIENT. Run the appropriate command(s) to completely update the system and all packages to the latest versions available in the default repositories. Once the system is updated, execute the command that will clear any cached packages on the system in order to save disk space.

Install httpd on the SERVER.

Install the latest Apache HTTP server on the EXAM REVIEW SERVER system. Accept the defaults of the configuration and enable and start the service as appropriate. A pair of test files are found in the newsite directory under /root. Move the pair of test files to the web server contents directory for Apache. Check if the files are accessible via http from the EXAM CLIENT.

Troubleshoot issues and take the necessary configuration or security steps to allow them to be accessed from EXAM CLIENT via the http service.

Encrypt http traffic from the CLIENT to the SERVER.

Web traffic between the system called EXAM CLIENT and the system called EXAM REVIEW SERVER needs to be configured to be tunneled over port 8080. Take into consideration that the EXAM REVIEW SERVER system web service is listening on port 80. Using SSH tunneling, create a secure tunnel between the two servers so that calls from port 8080 will receive a response on port 80 from the system EXAM REVIEW SERVER.

Set up postfix as directed in the Activity Guide

On the EXAM REVIEW SERVER, install and configure the Postfix SMTP server. The server should allow forwarding of emails that are sent to it using the full IP address of the server itself rather than just the localhost. Using any mail client you choose, test this by sending an email from root@[Private IP of EXAM REVIEW SERVER] to cloud_user@[Private IP of EXAM REVIEW SERVER]. Verify that this shows up in the cloud_user account’s email queue.

Set Up LVM volumes.

Working with the Logical Volume Management system on EXAM REVIEW SERVER, you will need to find the device names of the three (3) unconfigured 20GB block devices on the system. Using the first two 20GB devices, assemble them into a single LVM 40GB filesystem. Create a logical volume called mydata. Once this logical volume is complete, format the filesystem as EXT4. Create a new directory called /mnt/data as a mount point and mount the new filesystem at that location. Make sure the filesystem shows as mounted. Finally, add an appropriate entry in the /etc/fstab file so that the new logical volume is mounted at that location when the system is restarted.

NOTE:  With changes in virtual hardware, you may see the volumes listed under /dev as /dev/xvd*  or /dev/nvme2*. Adapt the commands to accommodate the presented resources.

Configure the iSCSI Target and start the required service.

Using the remaining 20GB block devices on the EXAM REVIEW SERVER, create a 20GB block device that an iSCSI Initiator (client) can use.

The target iSCSI configuration does not need to be secured by a username or password, but the client reference on the EXAM CLIENT iSCSI client should be referred to as client (designated by the :client at the end of the IQN). Be sure the appropriate iSCSI packages are installed on both servers, and the services are enabled and started. Verify the client is able to connect to and discover the iSCSI target. You do not need to format or mount the device.

Block SSH without using a firewall

As a final step for this review, you will need to add an access control to the SSH service on the EXAM REVIEW SERVER. The last step should be for you to deny SSH connections coming from the EXAM CLIENT Private IP address to the EXAM REVIEW SERVER.

Do not use a firewall rule to achieve this.

Be sure to reload the SSH service and verify that the EXAM CLIENT can no longer connect.

Additional Resources

You will launch this final exam review with two CentOS 7 systems. The first is the EXAM REVIEW SERVER (server), and the other is EXAM CLIENT (client); you are provided access credentials and connectivity information for both. Once connected to the EXAM REVIEW SERVER, review the Lab Objectives to list the items you will need to complete.

A few notes:

  1. Any change that you are making to the system or services on the EXAM REVIEW SERVER need to be able to survive a reboot. Be sure to ENABLE and START and make permanent any changes to services.

  2. Follow the instructions carefully. Naming conventions for output files (including case) are important for these results, and in the real exam.

  3. Use of the Private IP addresses for all tasks and use the EXAM CLIENT to review/verify connectivity related tasks on the EXAM REVIEW SERVER. Most ports will be closed to the Public internet.

  4. The hostnames on the hosts may differ in format from the videos. The SERVER hostname is 'server' and the CLIENT hostname is 'client'. Make sure you're running the correct command on the correct host.

  5. IP address will change from those shown in the video. Do as you would in a work situation and make notes of the device name, purpose and IP addresses to keep them seperated.

What are Hands-on Labs

Hands-on Labs are real environments created by industry experts to help you learn. These environments help you gain knowledge and experience, practice without compromising your system, test without risk, destroy without fear, and let you learn from your mistakes. Hands-on Labs: practice your skills before delivering in the real world.

Sign In
Welcome Back!

Psst…this one if you’ve been moved to ACG!

Get Started
Who’s going to be learning?