deadeyes

[Log in to get rid of this advertisement]

Hi all,

I have some questions which I know how to solve technically, however, do not know if they will give me full credits depending on what the solution is.

1. If an SElinux setting is the default but in that way is less secure should I change it if on my exam they ask to configure SElinux for a service?
Or should I just check that the service works without SElinux errors.

2. If there is asked to limit access to the local network this can be done in different ways: /etc/hosts.allow|deny, iptables, service configuration file, SElinux do I get fully credited if I just deny it with IPtables?
Or should all possibilities be used to limit access(do note that I have it about the RHCE exam and the credits you get for your work)?

3. If a question for example is: configure vsftp to allow access to the /home directories. Can I then use a chroot and disable anonymous login? or should I just disable anonymous login?

Any help would be much appreciated

Simon Bridge

You have to do what you think is right - that's what the exam is testing.
In general, stick to doing what is actually written down in front of you. Don't try to complicate the question.

deadeyes

Take question 2: I can disable it with iptables, the service, ... But using only iptables will solve the problem. IMHO I don't see that this answer can help me in any way. I can't do anything with thinking I do it right when I actually do it wrong and want to do it right Having some answers on these questions should help me focus on what I really have to do and what is optional as this exam is time limited.

Also this example:
There is asked to create a 1000MB /home. Should the actual size to store files be literally 1000MB? Or can I create a partition that is 1000MB and will it be ok?
Or can I create a /home that is 1024MB then? will that give me still full credit?

descarte

As a good practice, you should but in exams, you don't get extra marks for that.

IN exam, anything that works, ie any single solution will do, be it tcpwrappers or service config or iptables. You don't get extra marks for doing all. But in real life, I suggest to use a few lines of defence and be paranoid.

I don't quite understand the question but I dont see why someone should spend much time over the "disabling anonymous login" as this should be straight forward.

as long as you are not far off, the examiners wont be picky about that. They know it is hard to get the exact partition size so their marking script will be flexible in this area. I think the exam script would be clear in this area.

cheers.

Simon Bridge

Most students sitting exams face this dilemma - you are concerned not so much that you achieve the asked-for result but that you produce the method the examiner will give the most marks to.

Where this matters, it is in your work notes for the course and really needs to be discussed with a tutor, since each examiner will mark the exam differently anyway.

Usually, with the RHCE exam, whatever completely fulfills the spec of the job description is given full marks. So you could describe a system which utilizes every method you can think of, with justification for them, and you'll get very good grades indeed... and run into time constraints.

So your problem is more about exam strategy.

So you need example problem from the institution giving you the exam - anybody else can only tell you about general practise - you need to know how the practise will be marked.

Mostly, though, you are worrying too much.

Look at the section of your notes which talks about creating a /home directory and partition and use the method it says. It is most likely that all you need to do is create a 1000MB partition to house /home.

You are unlikely to be penalised for 1024MB partition, but that will not be a correct answer unless you state that you want to be sure that at least 1000MB file storage is available.

Where you are interested in the amount of file storage will be where you are administering user accounts on a file server. Users may be charged by their bandwidth. In which case, questions will specify this.

Strategy:
This is a proffessional certification - treat each question as a job spec. Your task is to fulfil this spec efficiently.

The time constraint is part of the efficiency test, the more complete your solution within the time the more marks you will get.

To manage time, many students use a three-pass method ... you go through the exam providing the minimum answers to complete the job. That way you answer all questions but some will not be complete. However, you should have time to spare, and your answers are likely to be a passing grade. Most students find this takes half to two-thirds the available time.

Next go through the paper again looking for solutions that could be more complete. This is the second pass - if you are provided with the weighting for each question (the number of total marks it is worth) then you want to make sure that your answers are consistent with the mark-weight compared with other answers.

Lastly, co over the paper in reverse order looking for mistakes. This is usually done in the last 5-10mins.

Philosophy: forget about getting the "right" answer. That does not exist and you'll only make yourself ill. Stick to efficiency.

Simon Bridge

Lets look at your specifics in tems of exam strategy...
If all you are asked to do is configure SELinux for a service than that is all you should do. For completeness, you may want to add that there may be security concerns in keeping the default configuration.

This is actually what you do professionally when a client gives you a job description which you think is poorly thought out - you tell the client, in a report, how you would go about doing what they ask, then add that you have concerns about what they ask for and detail them with what would be required to address those concerns.

It is up to the client to decide if they want those concerns addressed.

You need to read the question carefully for what sort of limit is needed to the access. If you want to block a particular host, then host allow/deny is the way to go.

Whichever you choose - choose by efficiency - it is the one which completes the job and is also the quickest to write down. If you need more than one approach, the marks will be a clue ... if other questions work out to 5 points per method and this question awards 10 points, then you'll probably need two methods - or one hard one.

Note: if the question just wants to deny access to a user, resetting that users password would be a correct answer.

Efficiency again - there are lots of ways to do this - in the absence of guidance, choose the one that is fastest to write down.

Use meta data to help you choose: Does the question want USER to have access to /home/$USER or does it want USER to have access to /home/* - what may be the purpose of this?How does this consideration narrow down your options (it will)?

No question is asked in a vaccuum - for RHCE you are expected to hae had experience and a course behind you. Use it.

deadeyes

I studied without following a course and this morning I did do the exam.

Thank you all for you reactions and clearing this up for me!
This is greatly appreciated

stevetokyo

@deadeyes how was the result?,.. sorry just asking.

deadeyes

I failed on the rhce part. I don't have a clear view though on what I did wrong(I know some part for sure). I had expected to have better grades. And the exam structure was changed.

stevetokyo

@deadeyes sorry to hear that,.. but I am sure you will pass if you try again. Maybe, a more understanding of the question structure. descarte and Simon Bridge advices were straight to the point. I will keep their words in mind when resiting for mine.