# Task Solution ------------------------------------------------ ### Part 1: LVM create volume group on the second disk **/dev/sdb** To list all disks on device run ```bash= fdisk -l ``` <center>  **we will create LVM on partion /dev/sdb1 and /dev/sdb2** </center> ### 1. Initializes PhysicalVolume by **pvcreate** command ```bash= pvcreate /dev/sdb1 /dev/sdb2 ```  ### 2. Create a new volume group called vg1 using **vgcteate** command with 16M physical extent size. ```bash= vgcreate -s 16M vg1 /dev/sdb1 /dev/sdb2 ```  // check vgs ### 3. Create a new logical volume in a volume group(vg1) called lvm02 with 50 extents size by **lvcreate** command ```bash= lvcreate -l 50 -n lvm02 vg1 ```  ### 4. Create an ext4 filesystem in the logical volume (lvm02) ```bash= mkfs.ext4 /dev/vg1/lvm02 ```  ### 5. Print logical volume attributes ```bash= blkid /dev/vg1/lvm02 ```  ### 6. make /mnt/data to mount it later ```bash= mkdir -p /mnt/data ``` ### 7. Copy the UUID of /dev/vg1/lvm02 in the /etc/fstab file ```bash= vim /etc/fstab ```  ### 8. Mount it under /mnt/data by **mount** command ```bash= mount -a ``` <center > All filesystems mentioned in fstab to be mounted as we do above . </center> #### To verfiry the mounting run : ```bash= mount ```  ### 9. Run fdisk again to see LVM :) ```bash= fdisk -l ```  ------------------------------------------------------ ### Part 2: users, groups and permissions #### 1.Add user1 with id=601 and with nologin to shell (non-interactive shell) ant type password by passwd command . ```bash= useradd -m -u 601 -s /sbin/nologin user1 passwd user1 ```  #### To check the login open ssh from user1  #### 2. Add user to TrainingGroup * First add TrainingGroup to groups * Second modfiy in the user1 attribites to add it to TrainingGroup * open /etc/passwd to see users ```bash= groupadd TrainingGroup usermod -a -g TrainingGroup user1 id user1 ```  #### 3. * First add AdminGroup to groups * Second Add user2 , user3 with Admin group and password * open /etc/passwd to see users ```bash= groupadd AdminGroup useradd -m user2 useradd -m user3 passwd user2 passwd user3 usermod -a -G AdminGroup user2 usermod -a -G AdminGroup user2 cat /etc/passwd | tail ```  * add user3 permisions ```bash= usermod -a -G wheel user3 id user3 ```  ------------------------------------------------- ### Part 3: SSH **Connect ssh with another ip (like ubuntu vm)** ```bash= ssh nisreen@192.168.56.101 ```  * To generate ssh Key : ```bash= ssh-keygen -t rsa ```  Note: the public key by defult will be stored in username/.ssh * Copy public key to the server: In the server device: ```bash= ssh-copy-id -i ~/.ssh/id_rsa nisreen@192.168.56.101 ```  * exit the session and log it again without password: ```bash= exit ssh nisreen@192.168.56.101 ```  ------------------------------------------------ ### Part 4: permissions * Copy files ```bash= cp ../etc/fstab ../var/tmp/admin ``` <center> Note : this is root directoy </center> * Open tmp directoy and list the files to see admin file ```bash= cd ../var/tmp ls -la ```  * Set permissions for specific users, without changing the ownership of the directory by setfacl command. ```bash= setfacl -R -m u:user1:rwx admin ``` Note : others permision is 0  ------------------------------------- ### Part 5: permissions **Enforcing mode is enabled by default when the system was initially installed with SELinux** * Open /etc/selinux/config ```bash= vi /etc/selinux/config ``` * Configure the SELINUX=enforcing option:  * Save the chang and reboot the system ```bash= reboot ``` * Confirm that the getenforce command returns Enforcing: ```bash= getenforce ```  ---------------------------------------- ### Part 6: bash script and processes 1. Create process in t he background to sleep for 10 m ```bash= sleep 10m & ``` 2. Display the process ```bash= ps ``` 3. Kill the process by ID ```bash= kill 2409 ``` 4. Display the process again ```bash= ps ```  ----------------------------------------------- ### Part 8: Network management * Open port 80,443 with firewall commands: ```bash= sudo firewall-cmd --permanent --zone=public --add-port=80/tcp sudo firewall-cmd --permanent --zone=public --add-port=443/tcp sudo firewall-cmd --reload sudo firewall-cmd --permanent --zone=public --list-ports ```  * To block ssh connction from colleague ip (like ubutnu): ```bash= sudo firewall-cmd --permanent --add-rich-rule="rule family='ipv4' source address='192.168.56.101' reject" sudo firewall-cmd --reload ``` #### IF we try to connect ssh from ubuntu  ----------------------------------------------- ### Part 9: Cronjob 1. create bashscript file to collect current user login and store it in login.txt file ```bash= echo -e -n $(date +"%D %T" ) "\t" >> login.txt for user in $(who | awk '{print $1}' | sort | uniq ); do echo -n -e "$user \t " >> login.txt done echo -e "\n" >> login.txt ``` who : display users and login information awk '{print $1}: get the users sort : sort name to be able remove duplicate uniq : remove duplicate usernames 2. create crontab at 1:30 AM to run script ```bash= crontab -e ``` Add a cronjob: 30 1 * * * /home/nisreenmaher/getuserlogin.sh ### Test the cronjob: ##### edit on crontab to add near time to me to see the result :