Hi all,
In this topic I just want to put out some errors in this book for ex200 and ex300 certification.
Didn't find any other good place to put the errors.
NOTE: I started at page 386; I first am looking at RHCSA mistakes (unless I accidentally read some RHCE stuff
)
Migration tips:
Although this is not important for your exam I still want to point out that it is actually mostly not necessary to disable SElinux protection for a service. As long as your file contexts are fine you should be able to run most services with SElinux protection. (for example apache)
Page 53:
"In both versions of Red Hat, you can also edit the config file from within the GRUB command line as well."
This might be somewhat misleading. You can edit the grub lines from the grub prompt however you need to make these changes to the file afterwards as well to make them permanent.
Page 94:
Reducing size: IMPORTANTHowever for doing that FIRST resize the filesystem (resize2fs /dev/... smallersize) and then reduce the size of the logical volume (lvresize -L newsizeM /dev/...). Otherwhise you will surely scr** up your filesystem.
Increasing lvs and fs can be done online, for reducing the size you need to unmount the fs first(which might require single user mode).
Page 102:
partition type should be "Linux raid autodetect" (code: fd) for raid devices.
Page 108:
IIRC grub has no understanding of any raid. If grub would read from raid0 (stripe) it would not be able to read correctly as part of the data is on another disk. For raid1 grub has no need to understand how the data is layed out. For grub it is just a normal disk.
Page 126(actually somewhat earlier):
With the mount command options there is -L shown. However later on it is said (so on page 126) that mount LABEL=labelname /mountpoint should be used and that -L is available on Ubuntu/debian
Page 147:
Task 3: both soft and hard limit have to be set to 50MB. So setting the hard limit alone to 50M would be sufficient
Page 184:
The repo file starts with a unique repo id. The man page states that this should be one work, so no spaces should be there.
Page 184:
Creating an rpm package in rhel6 is way simpler than the way outlined here. This is the old method (probably copy paste from RHEL5).
You can use:
- rpmdev-setuptree
- cd ~/rpmbuild
- rpmdev-newspec SPEC/hello.spec
- edit SPEC/hello.spec
- rpmbuild -ba SPEC/hello.spec
Page 210:
# chown nobody:Sales Sales/
# chmod 2770 /tmp/Sales
I am not 100% sure but for example nfs uses user nobody as well when squash_all is used and I wonder if this grants them to write here then.
I think it is always save to set user root for such a setup.
EDIT: checked this in another book and they used nobody as well there.
Page 214:
yum install -y openldap nss_ldap
Errr... that is actually working on RHEL5 but not on RHEL6.
http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6/html/Deployment_Guide/ch-Directory_Servers.html#s2-ldap-pam shows the new procedure
Page 313:
Enable the required Boolean value:
# setsebool -P allow_ssh_keysign=1
Not at all necessary to enable this boolean. Even not for the exercise with keys for logging in.
The only thing you need to do for getting authentication for ssh using keys to work is having the file context set correctly. Use restorecon for that or check what file context you need using semanage fcontext -l | grep ssh and set it manually with chcon.
Page 317:
In the sshd_config file, change the following two options:
PasswordAuthentication no
PubKeyAuthentication yes
Second one is not necessary. This is the default value.
Page 374:
# iptables -I INPUT 5 -p tcp -m tcp --dport 137 -j ACCEPT
# iptables -I INPUT 5 -p udp -m udp --dport 138 -j ACCEPT
# iptables -I INPUT 5 -p udp -m udp --dport 139 -j ACCEPT
# iptables -I INPUT 5 -p tcp -m tcp --dport 445 -j ACCEPT
At first glance these seemed already incorrect to me.
You need these:
netbios-ns 137/udp # NetBIOS Name Service
netbios-dgm 138/udp # NetBIOS Datagram Service
netbios-ssn 139/tcp # NetBIOS Session Service
microsoft-ds 445/tcp # Microsoft Directory Service
If you think this is not correct, install samba, start smb and nmb. Then use netstat -utapn | grep -E "nmb|smb"
Page 386:
There are 2 iptables rules for allowing ftp, one for port 20 and another for port 21 (both incoming). However that is incorrect. With active FTP the server initiates a data channel originating from port 20 (so outgoing).
Page 391:
Task 2 – Secure FTP
Step 1. Set up an FTP server on RHEL01.
Step 2. Allow FTP access to the /home directory for all users on RHEL01.
Step 3. Ensure access from all other users on other systems in the lab is denied.
This task is not clear to me. So only users from rhel01 should be able to login remotely or only using ftp localhost?
In the first way no special actions should be taking except opening the fw on the correct ports. In the second one nothing has to be done. Ftp is blocked by default.
The only thing I can think of is using user_list to enable only those users that are locally defined to be able to login.
Page 400: (actually earlier;DNS)
A forward only server needs:
forwarders{ ip1; ip2; ...};
forward only;
Thats it.
And second, you need to edit the listen-on and allow-query directives and add the address where the server should listen on if you want something useful (as rhce requires you to set it up as a forwarding dns server and in the way explained at first only localhost will be able to make use of it)
Page 435:
In RHEL6, there is no longer a driftfile defined by default in the config file.
Yes there is. Did default install and the directive is there in the config file.
Page 439: What command is used to show all services being controlled by the xinetd
daemon?
chkconfig xinetd --list
No entries are shown. So this does not seem to be correct. I would just use chkconfig --list.
Page 474:
yum install –y python-virtinst libvirt virt-manager libvirt-client
True when following the recommended packages to install.
However
yum install libvirt libvirt-manager
will result in the same.
I would think as well that you need to installt the kvm package.
This installs the hypervisor.
