1、selinux
vim /etc/selinux/config
根据题目要求设置
getenforce
2、SSH
vim /etc/hosts.allow
sshd : 172.25.0.0/24
vim /etc/hosts.deny
sshd : 172.24.3.0/24
yum -y install xinetd
systemctl restart sshd xinetd systemctl enable sshd xinetd
firewall-cmd --permanent --add-rich-rule 'rule family=ipv4 source address=172.24.3.0/24 service name=ssh drop'
firewall-cmd --reload
firewall-cmd --list-all
3、自定义用户环境
echo "alias qstat='/bin/ps -Ao pid,tt,user,fname,rsz'" >> /etc/bashrc
4、配置防火墙端口转发
firewall-cmd --permanent --add-rich-rule 'rule family=ipv4 source address=172.25.0.0/24 forward-port port=5423 protocol=tcp to-port=80'
firewall-cmd --reload
firewall-cmd --list-all
5、配置链路聚合
nmcli connection add type team con-name team0 ifname team0 config '{"runner":{"name":"activebackup"}}'
nmcli connection add type team-slave con-name team0-eth1 ifname eth1 master team0
nmcli connection add type team-slave con-name team0-eth2 ifname eth2 master team0
vim /etc/sysconfig/network-script/ifcfg-team0
BOOTPROTO=static
IPADDR=172.16.0.20
NETMASK=255.255.255.0
systemctl restart network
teamdctl team0 stat
6、配置ipv6地址
nmcli connection show
nmcli connection modify 'System eth0' connection.autoconnect yes ipv6.method manual +ipv6.address '2003:ac18::305/64'
nmcli connection up 'System eth0'
ifconfig
7、邮件服务
vim /etc/postfix/main.cf
relayhost = [smtp0.example.com]
myorigin = example.com
mydestination =
inet_interfaces = loopback-only
local_transport = error:local mail delivery is disabled
systemctl restart postfix.service systemctl enable postfix.service
firewall-cmd --permanent --add-service=smtp
firewall-cmd --reload
firewall-cmd --list-all
8、samba
yum -y install samba*
mkdir /common
setsebool -P samba_export_all_rw=on
id ldapuser1
pdbedit -a ldapuser1
vim /etc/samba/smb.conf
查找workgroup,修改:workgroup = STAFF
最后一行:
[common]
path = /common
hosts allow = 172.25.0.0/24
firewall-cmd --permanent --add-service=samba
firewall-cmd --reload
firewall-cmd --list-all
systemctl restart smb nmb systemctl enable smb nmb
验证:客户端
yum -y install samba-client cifs-utils
smbclient -L server0 -U ldapuse1
9、多用户samba挂载
mkdir /devops
id ldapuser2
id ldapuser3
pdbedit -a ldapuser2
pdbedit -a ldapuser3
setfacl -m u:ldapuser3:rwx /devops/
vim /etc/samba/smb.conf
[devops]
path = /devops
write list = ldapuser3
valid users = ldapuser2,ldapuser3
hosts allow = 172.25.0.0/24
systemctl restart smb nmb systemctl enable smb nmb
客户端
smbclient -L server0
mkdir /mnt/dev
vim /etc/fstab
//172.25.0.11/devops /mnt/dev cifs username=ldapuser2,password=kerberos,multiuser,sec=ntlmssp,_netdev 0 0
mount -a
df -hT
验证:
su - ldapuser2
cifscreads add -u ldapuser2 172.25.0.11
su - ldapuser3
cifscreads add -u ldapuser3 172.25.0.11
10、NFS
mkdir -p /public /protected/project
chown ldapuser0 /protected/project
setfacl -m u:ldapsuer4:rwx /protected/project/
wget -O /etc/krb5.keytab http://.keytab
vim /etc/exports
/public 172.25.0.0/24(ro)
/protected 172.25.0.0/24(rw,sec=krb5p)
vim /etc/sysconfig/nfs
修改第十三行 RPCNFSDARGS="-V4.2"
systemctl restart nfs-secure-server nfs-server
systemctl enable nfs-secure-server nfs-server
exportfs -rv
firewall-cmd --permanent --add-service=nfs
firewall-cmd --permanent --add-service=mountd
firewall-cmd --permanent --add-service=rpc-bind
firewall-cmd --reload
firewall-cmd --list-all
11、挂载NFS
showmount -e 172.25.0.11
mkdir -p /mnt/nfsmount /mnt/nfssecure
wget -O /etc/krb5.keytab http://.keytab
systemctl restart nfs-secure systemctl enable nfs-secure
vim /etc/fstab
server0.example.com:/public /mnt/nfsmount nfs _netdev 0 0
server0.example.com:/protected /mnt/nfssecure nfs sec=krb5p,v4.2,_netdev 0 0
mount -a
df -hT
12、实现一个web服务器
yum -y install httpd
cp /usr/share/doc/httpd-2.4.6/httpd-vhosts.conf /etc/httpd/conf.d
vim /etc/httpd/conf.d/httpd-vhosts.conf
DocumentRoot /var/www/html
ServerName server0.example.com
Require not ip 172.24.3.0/24
Require all granted
cd /var/www/html/
wget http://.html -O index.html
vim index.html
http test1
systemctl restart httpd systemctl enable httpd
firewall-cmd --permanent --add-service=http
firewall-cmd --permanent --add-service=https
firewall-cmd --reload
firewall-cmd --list-all
验证:firefox server0.example.com
13、配置安全web
yum -y install mod_ssl
cd /etc/pki/tls/certs/
wget http://example-ca.crt
wget http://server0.crt
cd ../private/
wget http://server0.key
chmod 600 server0.key
vim /etc/httpd/conf.d/ssl.conf
/server0.crt 修改第100行
/server0.key 修改第107行
/example-ca.crt 修改第122行
systemctl restart httpd.service systemctl enable httpd.service
验证:firefox edit->preferences->Advanced->View Certificates->import->/etc/pki/tls/certs/example-ca.crt->勾选三个勾
14、配置虚拟主机
mkdir /var/www/virtual
useradd harry
setfacl -m u:harry:rwx /var/www/virtual
cd /var/www/virtual
wget http://.html -O index.html
vim index.html
http test2
vim /etc/httpd/conf.d/01-www0.conf
ServerName www0.example.com
DocumentRoot /var/www/virtual
systemctl restart httpd.service systemctl enable httpd.service
验证:firefox www0.example.com
15、配置web内容访问
mkdir /var/www/html/private
cd /var/www/html/private
wget http://.html -O index.html
vim index.html
http test3
vim /etc/httpd/conf.d/00-default.conf
Require ip 127.0.0.1 ::1 172.25.0.11
systemctl restart httpd.service systemctl enable httpd.service
验证;firefox server0.example.com/private server端可以访问,desktop端无法访问
16、实现动态web内容
yum -y install mod_wsgi
mkdir /var/www/webapp0
cd /var/www/webapp0
wsgi http://webinfo.wsgi
vim webinfo.wsgi
一段python脚本
vim /etc/httpd/conf.d/02-wsgi.conf
Listen 8909
ServerName webapp0.example.com
DocumentRoot /var/www/webapp0
WSGIScriptAlias / /var/www/webapp0/webinfo.wsgi
semanage port -a -t http_port_t -p tcp 8909
firewall-cmd --permanent --add-port=8909/tcp
firewall-cmd --reload
firewall-cmd --list-all
验证:firefox webapp0.example.com:8909
17、创建一个脚本
cd /root
vim test1.sh
#!/bin/bash
case $1 in
cat)
echo 'dog'
;;
dog)
echo 'cat'
;;
*)
echo '/root/test1.sh cat|dog'
esac
chmod +x test1.sh
sh test1.sh
18、创建添加用户的脚本
cd /root
vim test2.sh
#!/bin/bash
if [ $# -eq 0 ];then
echo 'Usage: /root/batchusers userfile'
exit 1
fi
if [ ! -f $1 ];then
echo 'Input file not found'
exit 1
fi
while read line
do
useradd -s /bin/false $line
done < $1
vim userlist
a
b
c
chmod +x test2.sh
sh test2.sh
19、iscsi 服务器端
fdisk /dev/vdb
p n +3G p w
ls /dev/vdb*
yum -y insall targetcli
targetcli
/backstores/block create iscsi_store /dev/vdb1
iscsi/ create iqn.2016-02.com.example:server0
/iscsi/iqn.2016-02.com.example:server0/tpg1/acls create iqn.2016-02.com.example:desktop0
/iscsi /iqn.2016-02.com.example:server0/tpg1/luns create /backstores/block/iscsi_store
/iscsi /iqn.2016-02.com.example:server0/tpg1/portals create 172.25.0.11
ls saveconfig exit
systemctl restart target systemctl enable target
firewall-cmd --permanent --add-port=3260/tcp
firewall-cmd --reload
firewall-cmd --list-all
20、iscsi 客户端
yum -y install iscsi-initiator-utils
vim /etc/iscsi/initiatorname.iscsi
InitiatorName=iqn.2016-02.com.example:desktop0
systemctl restart iscisd iscsi systemctl enable iscsid iscsi
iscsiadm -m discovery -t st -p server0
iscsiadm -m node iqn.2016-02.com.example:server0 -p 172.25.0.11 -l
lsblk
mkdir /mnt/data
fdisk /dev/sda
p n +2100M p w
mkfs.ext4 /dev/sda1
blkid /dev/sda1
vim /etc/fstab
UUID="" /mnt/data ext4 _netdev 0 0
mount -a
df -hT
iscsiadm -m discovery -t st -p server0
iscsiadm -m node iqn.2016-02.com.example:server0 -p 172.25.0.11 -l
sync;reboot -f
21、数据库
yum -y install mariadb-server mariadb
vim /etc/my.cnf
skip-networking
systemctl restart mariadb systemctl enable mariadb
mysqladmin -u root -p password 'redhat'
mysql -u root -p
create database Contacts;
grant select on Contacts.* to Raikon@localhost identified by 'redhat';
show databases;
delete from mysql.user where password='';
quit
vim users.sql
mysql -u root -predhat
use Contacts;
source /root/users.sql
show tables;
22、数据库查询
mysql -u root -predhat
use Contacts;
show tables;
desc base;
desc location;
select name from base where password='';
select count(*) from base,location where base.name='' and location.city='' and base.id=location.id;