Kodekloud linux challenge

Q1. The database server called centos-host is running short on space! You have
been asked to add an LVM volume for the Database team using some of the
existing disks on this server.

Install the correct packages that will allow the use of "lvm" on the centos machine.

Create a Physical Volume for "/dev/vdb" & "/dev/vdc"

Create a volume group called "dba_storage" using the physical volumes "/dev/vdb" and "/dev/vdc"

Create an "lvm" called "volume_1" from the volume group called "dba_storage". Make use of the
entire space available in the volume group.

Format the lvm volume "volume_1" as an "XFS" filesystem

Mount the filesystem at the path "/mnt/dba_storage".

Make sure that this mount point is persistent across reboots with the correct default options.

Create a group called "dba_users" and add the user called 'bob' to this group

Ensure that the mountpoint "/mnt/dba_storage" has the group ownership set to the "dba_users"
group
Ensure that the mount point "/mnt/dba_storage" has "read/write" and execute permissions for the
owner and group and no permissions for anyone else

2 groupadd dba_users

3 usermod -G dba_users bob

4 pvcreate /dev/vdb

5 pvcreate /dev/vdc

6 vgcreate dba_storage /dev/vdb /dev/vdc

7 lvcreate -n volume_1 -l 100%FREE dba_storage

8 mkfs.xfs /dev/dba_storage/volume_1

9 mkdir -p /mnt/dba_storage

11 mount -t xfs /dev/dba_storage/volume_1 /mnt/dba_storage

12 echo "/dev/dba_storage/volume_1 /mnt/dba_storage xfs defaults 0 0" >> /etc/fstab

Or

23 vi /etc/fstab

Add this line

/dev/dba_storage/volume_1 /mnt/dba_storage xfs defaults 0 0

24 systemctl daemon-reload

25 mount -a

14 chown :dba_users /mnt/dba_storage

15 chmod 770 /mnt/dba_storage

16 ll -lsd /mnt/dba_storage/

Q2. The app server called centos-host is running a Go app on the 8081 port. You
have been asked to troubleshoot some issues with yum/dnf on this system,
Install Nginx server, configure Nginx as a reverse proxy for this Go app,
install firewalld package and then configure some firewall rules

bob is able to login into GoApp using username "test" and password "test"
Configure Nginx as a reverse proxy for the GoApp so that we can access the GoApp on port "80

Start and Enable "nginx" service.

Start GoApp by running the "nohup go run main.go &" command from "/home/bob/go-app/"
directory, it can take few seconds to start.

Install "nginx" package.

Install "firewalld" package.

Troubleshoot the issues with "yum/dnf" and make sure you are able to install the packages on
"centos-host"

Start and Enable "firewalld" service

Add firewall rules to allow only incoming port "22", "80" and "8081".

The firewall rules must be permanent and effective immediately.

2 sed '1inameserver 8.8.8.8' /etc/resolv.conf > /tmp/resolv.conf

3 cat /tmp/resolv.conf > /etc/resolv.conf

4 yum install -y nginx firewalld

5 systemctl enable firewalld

6 systemctl start firewalld

7 firewall-cmd --zone=public --add-port=80/tcp --permanent

8 firewall-cmd --zone=public --add-port=8081/tcp --permanent

9 firewall-cmd --zone=public --add-port=22/tcp --permanent

10 firewall-cmd --reload

11 pushd /home/bob/go-app

12 nohup go run main.go &

31 ps -ef |grep 15471

32 vi /etc/nginx/nginx.conf

44 systemctl enable nginx

45 systemctl start nginx

46 systemctl status nginx

 47 curl -u test:test http://localhost:80

Q3. Some new developers have joined our team, so we need to create
some users/groups and further need to setup some permissions and access rights for
them.

Create a group called "devs"

Create a user called "ray" , change his login shell to "/bin/sh" and set "D3vU3r321" password
for this user.

Make user "ray" a member of "devs" group.

 Create a user called "lisa", change her login shell to "/bin/sh" and set "D3vUd3r123"
password for this user.

 Make user "lisa" a member of "devs" group.

 Make sure all users under "devs" group can only run the "dnf" command with "sudo" and
without entering any password.

 Edit the disk quota for the group called "devs". Limit the amount of storage space it can use
(not inodes). Set a "soft" limit of "100MB" and a "hard" limit of "500MB" on "/data"
partition.

Configure a "resource limit" for the "devs" group so that this group (members of the group) can
not run more than "30 processes" in their session. This should be both a "hard limit" and a
"soft limit", written in a single line.

Create a group called "admins"

Create a user called "david" , change his login shell to "/bin/zsh" and set "D3vUd3raaw"
password for this user.

Make user "david" a member of "admins" group.

Create a user called "natasha" , change her login shell to "/bin/zsh" and set "DwfawUd113"
password for this user.

Make user "natasha" a member of "admins" group.

Give some additional permissions to "admins" group on "/data" directory so that any user
who is the member the "admins" group has "full permissions" on this directory.

Make sure "/data" directory is owned by user "bob" and group "devs" and "user/group" owner
has "full" permissions but "other" should not have any permissions.

Make sure "/data" directory is owned by user "bob".

1 groupadd devs

2 groupadd admins

3 useradd -s /bin/sh ray

4 useradd -s /bin/sh lisa

5 usermod -G devs ray

6 usermod -G devs lisa

7 passwd ray

8 passwd lisa

9 useradd -s /bin/zsh david

10 useradd -s /bin/zsh natasha

11 passwd david

12 passwd natasha

13 usermod -G admins david

 14 usermod -G admins natasha

15 ls -lsd /data

16 chown bob:devs /data

17 ls -lsd /data

18 chmod 770 /data

19 ls -lsd /data

20 getfacl /data

21 setfacl -m g:admins:rwx /data

22 getfacl /data

23 visudo

24 cat /etc/sudoers |grep admins

25 echo '%admins ALL=(ALL) NOPASSWD:ALL' >> /etc/sudoers

26 echo '%devs ALL=(ALL) NOPASSWD:/usr/bin/dnf' >> /etc/sudoers

27 cat /etc/sudoers |grep admins

30 echo '@devs - nproc 30' >> /etc/security/limits.conf

42 yum install quota -y

43 setquota -g devs 100M 500M 0 0 /dev/vdb1

44 quota -g -s devs /data

Q4. Some of our apps generate some raw data and store the same
in /home/bob/preserved directory. We want to clean and manipulate some data and then want
to create an archive of that data.

Note: The validation will verify the final processed data so some of the tests might fail till all data
is processed as asked.

Create a script called "/home/bob/filter.sh".

 Find the "hidden" files in "/home/bob/preserved" directory and copy them in

"/opt/appdata/hidden/" directory (create the destination directory if doesn't exist).

 Find the "non-hidden" files in "/home/bob/preserved" directory and copy them in

"/opt/appdata/files/" directory (create the destination directory if doesn't exist).
 Find and delete the files in "/opt/appdata" directory that contain a word ending with the letter
"t" (case sensitive).

Create a "softlink" called "/home/bob/appdata.tar.gz" of "/opt/appdata.tar.gz" file.

Create a "tar.gz" archive of "/opt/appdata" directory and save the archive to this file:
"/opt/appdata.tar.gz"

 The "appdata.tar.gz" archive should have the final processed data.

Add the "sticky bit" special permission on "/opt/appdata" directory (keep the other
permissions as it is).

 Make "bob" the "user" and the "group" owner of "/opt/appdata.tar.gz" file.

 The "user/group" owner should have "read only" permissions on "/opt/appdata.tar.gz" file and
"others" should not have any permissions.

Change all the occurrences of the word "yes" to "no" in all files present under "/opt/appdata/"
directory.

 Change all the occurrences of the word "raw" to "processed" in all files present under
"/opt/appdata/" directory. It must be a "case-insensitive" replacement, means all words must
be replaced like "raw , Raw , RAW" etc.

Create "/opt/appdata" directory.

Do not delete any files from "/home/bob/preserved" directory.

1 ls -l /opt/

2 echo "find"

3 echo "Find"

4 mkdir -p /opt/appdata/hidden

5 mkdir -p /opt/appdata/files

6 ls -l /opt/appdata/

7 find /home/bob/preserved -type f -not -name ".*" -exec cp "{}" /opt/appdata/files/ \;

8 find /home/bob/preserved -type f -name ".*" -exec cp "{}" /opt/appdata/hidden/ \;

9 rm -f $(find /opt/appdata/ -type f -exec grep -l 't\>' "{}" \; )

10 find /opt/appdata -type f -name "*" -exec sed -i 's/\byes\b/no/g' "{}" \;

11 find /opt/appdata -type f -name "*" -exec sed -i 's/\braw\b/processed/ig' "{}" \;

12 cd /opt
 13 tar -zcf appdata.tar.gz appdata

14 ls

15 chmod +t /opt/appdata

16 ls -lsd /opt/appdata

17 chown bob:bob /opt/appdata.tar.gz

18 ls -lsd /opt/appdata

19 chmod 440 /opt/appdata.tar.gz

20 ln -s /opt/appdata.tar.gz /home/bob/appdata.tar.gz

21 vi /home/bob/filter.sh

22 chmod +x /home/bob/filter.sh

23 ls -l /home/bob/

24 /home/bob/filter.sh

25 ls -l /home/bob/

26 cat /home/bob/filtered.txt

Q5. We got a couple of tasks that need to be done on centos-host server.

Most of these tasks are dependent on each other but not all of them.

dns
Add a local DNS entry for the database hostname "mydb.kodekloud.com" so that
it can resolve to "10.0.0.50" IP address.

network
Add an extra IP to "eth1" interface on this system: 10.0.0.50/24.

database
Install "mariadb" database server on this server and "start/enable" its service.

security
Set a password for mysql root user to "S3cure#321".

root
The "root" account is currently locked on "centos-host", please unlock it.
Make user "root" a member of "wheel" group.

docker-image
Pull "nginx" docker image.

docker-container
Create and run a new Docker container based on the "nginx" image. The
container should be named as "myapp" and the port "80" on the host should be
mapped to the port "80" on the container.

container-start.sh
Create a bash script called "container-start.sh" under "/home/bob/" which should
be able to "start" the "myapp" container. It should also display a message
"myapp container started!"

container-stop.sh
Create a bash script called "container-stop.sh" under "/home/bob/" which should
be able to stop the "myapp" container. It should also display a message "myapp
container stopped!"

cron
Add a cron job for the "root" user which should run "container-stop.sh" script at
"12am" everyday.
Add a cron job for the "root" user which should run "container-start.sh" script at
"8am" everyday.

pam
Edit the PAM configuration file for the "su" utility so that this utility only accepts
the requests from the users that are part of the "wheel" group and the requests
from the users should be accepted immediately, without asking for any
password.
 1 echo "10.0.0.50 mydb.kodekloud.com" >> /etc/hosts

2 ip address add 10.0.0.50/24 dev eth1

3 yum install mariadb-server -y

4 systemctl enable mariadb

5 systemctl start mariadb

6 mysqladmin -u root password 'S3cure#321'

7 usermod -U root

8 usermod -G wheel root

9 docker pull nginx

10 docker login --username=bob

11 docker pull nginx

12 docker run -d -p 80:80 --name myapp nginx

13 cat <<EOF > /home/bob/container-start.sh

#!/usr/bin/env bash
docker start myapp

echo "myapp container started!"

EOF

Or vi /home/bob/container-stop.sh

14 chmod +x /home/bob/container-start.sh

15 cat <<EOF > /home/bob/container-stop.sh

#!/usr/bin/env bash

docker stop myapp

echo "myapp container stopped!"

EOF

Or vi /home/bob/container-start.sh

16 chmod +x /home/bob/container-stop.sh

17

18 (crontab -l 2>/dev/null; echo "0 0 * * * /home/bob/container-stop.sh") | crontab -

19 (crontab -l 2>/dev/null; echo "0 8 * * * /home/bob/container-start.sh") | crontab -

20 sed -i 's/#auth/auth/' /etc/pam.d/su

21 crontab -l

22 cat

23 cat /etc/pam.d/su