Linux - CertificationThis forum is for the discussion of all topics relating to Linux certification.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I don't deny tcp_wrappers can be handy. but as pointed out earlier, got to becareful though. apps that do not implement libwrap.so cannot be controlled by tcpwrappers. So you have to be familiar with it and not spend time troubleshooting problems that you create for yourself in the exams. say for eg,
oops httpd is running ant not in the list.
I got my rhce without using tcp_wrappers. I believe custango got his with tcp_wrappers. everyone works differently and it is the result that matters in the exam. But as a good sys admin and looking beyond the certificate, we have to know all possible methods of achieving certain result, or at least know how things work in the backend. I know sysadm who just keep using yum or apt-get. When dealing with extreme scenario like rescue environment, the rpm command line mastery becomes important.
Agreed.
And yes I got my RHCE using tcp_wrappers, but you're right...you need to KNOW which services are controlled by tcp_wrappers and which rely on thier own ACLs (i.e. samba, httpd, etc).
And the RPM commands are VERY essential! It not has only helped me on the test...but it's saved me at work too!
Do you really need to use tcp_wrapper or iptables to control host/network/user access to the service? Can you control host/user/network httpd using ALLOW, DENY statements?
Do you really need to use tcp_wrapper or iptables to control host/network/user access to the service? Can you control host/user/network httpd using ALLOW, DENY statements?
Depends on what service you are talking about...
iptables is almost always a must. But tcp_wrappers doesn't work with everything...
SECTION I: TROUBLESHOOTING AND SYSTEM MAINTENANCE
RHCE requirements: completion of compulsory items (50 points)
overall section score of 80 or higher
RHCT requirements: completion of compulsory items (50 points)
Compulsory Section I score: 50.0
Non-compulsory Section I score: 50.0
Overall Section I score: 100
SECTION II: INSTALLATION AND CONFIGURATION
RHCE requirements: score of 70 or higher on RHCT components (100 points)
score of 70 or higher on RHCE components (100 points)
RHCT requirement: score of 70 or higher on RHCT components (100 points)
SECTION I: TROUBLESHOOTING AND SYSTEM MAINTENANCE
RHCE requirements: completion of compulsory items (50 points)
overall section score of 80 or higher
RHCT requirements: completion of compulsory items (50 points)
Compulsory Section I score: 50.0
Non-compulsory Section I score: 50.0
Overall Section I score: 100
SECTION II: INSTALLATION AND CONFIGURATION
RHCE requirements: score of 70 or higher on RHCT components (100 points)
score of 70 or higher on RHCE components (100 points)
RHCT requirement: score of 70 or higher on RHCT components (100 points)
Congratulations juscelino. What materials did you use to study for the test?
I used jang's book, the RH300 material, and some websites, vmware with 4 vm's to practice always rebuilding and every day during 3 months trying to learn new info.
If I were to secure something like nfs, can I use the gui firewall and a custom iptables command?
For example, check the nfs service on the system-config-securitylevel. Also, I use the command iptables -A INPUT -s ! 192.168.0.1 -p udp --dport 2049 -j DROP along with the gui.
Speaking of nfs port, it uses udp on port 2049 right?
If I were to secure something like nfs, can I use the gui firewall and a custom iptables command?
For example, check the nfs service on the system-config-securitylevel. Also, I use the command iptables -A INPUT -s ! 192.168.0.1 -p udp --dport 2049 -j DROP along with the gui.
Speaking of nfs port, it uses udp on port 2049 right?
Thanks!
Nope.
NFS uses port map to assign the ports...so NFS uses different ports depending on what portmap does; which makes iptables difficult to configure.
Luckily you can "tell" portmap to use the same ports all the time. See /etc/sysconfig/nfs for more info. Also you have to open port 111 (tcp/udp) for portmap as well in the firewall.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.