红帽认证笔记2

1.配置系统以使用默认存储库

[baseos]
name = baseos
baseurl = http://repo.domain10.example.com/rhel80/BaseOS
enable = yes
gpgcheck = 0

[appstream]
name = appstream
baseurl = http://repo.domain10.example.com/rhel80/AppStream
enable = yes
gpgcheck = 0

1.调试selinux

[root@system1 ~]# setenforce 1
[root@system1 ~]# yum provides semanage
Updating Subscription Management repositories.
Unable to read consumer identity
This system is not registered to Red Hat Subscription Management. You can use subscription-manager to register.
Last metadata expiration check: 0:03:32 ago on Wed 18 Oct 2023 08:03:49 PM CST.
policycoreutils-python-utils-2.9-9.el8.noarch : SELinux policy core python utilities
Repo        : @System
Matched from:
Filename    : /usr/sbin/semanage

policycoreutils-python-utils-2.8-16.1.el8.noarch : SELinux policy core python utilities
Repo        : baseos
Matched from:
Filename    : /usr/sbin/semanage

[root@system1 ~]# yum -y install policycoreutils-python-utils
Updating Subscription Management repositories.
Unable to read consumer identity
This system is not registered to Red Hat Subscription Management. You can use subscription-manager to register.
appstream                                                 408 kB/s | 3.2 kB     00:00    
baseos                                                    410 kB/s | 2.7 kB     00:00    
Package policycoreutils-python-utils-2.9-9.el8.noarch is already installed.
Dependencies resolved.
Nothing to do.
Complete!
[root@system1 ~]# semanage fcontext -a -t httpd_sys_content_t "/var/www/html(/.*)?"
[root@system1 ~]# restorecon -RvF /var/www/html
Relabeled /var/www/html/index.html from unconfined_u:object_r:httpd_sys_content_t:s0 to system_u:object_r:httpd_sys_content_t:s0
[root@system1 ~]# 

[root@system1 ~]# semanage port -a -t http_port_t -p tcp 82
[root@system1 ~]# semanage port -l | grep http
http_cache_port_t              tcp      8080, 8118, 8123, 10001-10010
http_cache_port_t              udp      3130
http_port_t                    tcp      82, 80, 81, 443, 488, 8008, 8009, 8443, 9000
pegasus_http_port_t            tcp      5988
pegasus_https_port_t           tcp      5989

[root@system1 ~]# curl localhost:82
第二题的web页面
[root@system1 ~]# firewall-cmd --add-port=82/tcp --per
success
[root@system1 ~]# firewall-cmd --reload
success
[root@system1 ~]#

sh-4.4# ssh [email protected]
Last login: Fri Apr 24 00:26:32 2020 from 172.24.10.100
[root@system2 ~]# curl 172.24.10.150:82
第二题的web页面
[root@system2 ~]# 

2.创建用户账户

[root@system1 ~]# groupadd sysmgrs -g 30000
[root@system1 ~]# useradd -G sysmgrs natasha
[root@system1 ~]# useradd -G sysmgrs harry
[root@system1 ~]# useradd sarah -s /sbin/nologin
[root@system1 ~]# echo 123 | passwd --stdin natasha
Changing password for user natasha.
passwd: all authentication tokens updated successfully.
[root@system1 ~]# echo 123 | passwd --stdin harry
Changing password for user harry.
passwd: all authentication tokens updated successfully.
[root@system1 ~]# echo 123 | passwd --stdin sarah
Changing password for user sarah.
passwd: all authentication tokens updated successfully.
[root@system1 ~]# 

3.配置cron

crontab -e -u natasha

*/5 * * * * logger "EX200 in progress"
23 14 * * * /bin/echo enjia

[root@system1 ~]# crontab -l -u natasha
*/5 * * * * logger "EX200 in progress"
23 14 * * * /bin/echo enjia
[root@system1 ~]# 

[root@system1 ~]# systemctl is-enabled crond
enabled
[root@system1 ~]# systemctl is-active crond
active
[root@system1 ~]# 

4. 创建写作目录

[root@system1 ~]# mkdir /home/managers
[root@system1 ~]# chgrp sysmgrs /home/managers
[root@system1 ~]# chmod g=rwx,o=--- /home/managers
[root@system1 ~]# chmod g+s /home/managers
[root@system1 ~]# ll -ld /home/managers
drwxrws---. 2 root sysmgrs 6 Oct 18 20:26 /home/managers
[root@system1 ~]# 

5. 配置NTP

vim /etc/chrony.conf

server host.domain10.example.com iburst:WQ

[root@system1 ~]# systemctl enable chronyd --now
[root@system1 ~]# systemctl restart chronyd 
[root@system1 ~]# chronyc sources
210 Number of sources = 0
MS Name/IP address         Stratum Poll Reach LastRx Last sample               
===============================================================================
[root@system1 ~]# chronyc -n sources
210 Number of sources = 1
MS Name/IP address         Stratum Poll Reach LastRx Last sample               
===============================================================================
^? 172.24.10.100                 0   6     0     -     +0ns[   +0ns] +/-    0ns
[root@system1 ~]# 

6.配置autofs

yum -y install autofs nfs-utils

/rhel   /etc/auto.user1

vim /etc/auto.master

/rhel   /etc/auto.user1

vim /etc/auto.user1

user1 -rw  host.domain10.example.com:/rhel/user1

[root@system1 ~]# systemctl restart autofs
[root@system1 ~]# systemctl enable autofs
Created symlink /etc/systemd/system/multi-user.target.wants/autofs.service \u2192 /usr/lib/systemd/system/autofs.service.
[root@system1 ~]#

[root@system1 ~]# df -Th /rhel/user1
Filesystem                            Type  Size  Used Avail Use% Mounted on
host.domain10.example.com:/rhel/user1 nfs4  100G   19G   81G  19% /rhel/user1
[root@system1 ~]#

配置文件权限

[root@system1 ~]# cp /etc/fstab /var/tmp/fstab
[root@system1 ~]# chown root:root /var/tmp/fstab
[root@system1 ~]# chmod a-x /var/tmp/fstab
[root@system1 ~]# setfacl -m u:natasha:rw /var/tmp/fstab
[root@system1 ~]# setfacl -m u:harry:--- /var/tmp/fstab
[root@system1 ~]# chmod o=r-- /var/tmp/fstab
[root@system1 ~]# ll -ld /var/tmp/fstab
-rw-rw-r--+ 1 root root 666 Oct 18 20:54 /var/tmp/fstab
[root@system1 ~]# 

容器解法

1.修改journal配置文件

以root身份进行

[root@system1 ~]# vim /etc/systemd/journald.conf

Storage=persistent

2.重启服务

[root@system1 ~]# systemctl restart systemd-journald

3.拷贝文件到指定目录

考试题要求：将/var/log/journal目录及任何子目录下的任何.journal复制到/home/elovodo/container_journal
(切记这是以root身份拷贝的)

find /var/log/journal/ -name "*.journal" -exec cp -a {} /home/elovodo/container_journal/ \;

4.修改拥有人所属组

chown -R elovodo:elovodo /home/elovodo/container_journal/

5.修改umask

vim /home/elovodo/.bashrc

6.切换elovodo用户

这个时候才进入主题，切换为elovodo用户哦

ssh elovodo@localhost

7.登录容器仓库

[elovodo@system1 ~]$ podman login utility.example.com:5000
Username: gls
Password: 
Login Succeeded!
[elovodo@system1 ~]$ 

8.拉取镜像

如果题目没给到具体网址，就search来搜索一下
podman search rlogserver

podman pull utility.example.com:5000/rlogserver

9.运行容器

podman run -itd -v /home/elovodo/container_journal/:/var/log/journal/:z --name container_logserver utility.example.com:5000/rlogserver

10.创建普通用户的systemd服务器配置文件目录

[elovodo@system1 ~]$ mkdir ~/.config/systemd/user -p
[elovodo@system1 ~]$ cd ~/.config/systemd/user/
[elovodo@system1 user]$ 

11.使用podman命令自动生成podman容器服务文件

[elovodo@system1 user]$ podman generate systemd --new --files --name container_logserver
/home/elovodo/.config/systemd/user/container-container_logserver.service
[elovodo@system1 user]$ 

12. 将容器服务文件的名字改成题目上要求的名字

[elovodo@system1 user]$ mv container-container_logserver.service container_logserver.service 
[elovodo@system1 user]$ 

13.停止容器，删除容器

[elovodo@system1 user]$ podman stop container_logserver
91e4bb2fed1c77dade2461902ec7d20299f37778468aa18021b62e2cb17e4788
[elovodo@system1 user]$ podman rm container_logserver
91e4bb2fed1c77dade2461902ec7d20299f37778468aa18021b62e2cb17e4788
[elovodo@system1 user]$ 

14.开启普通用户使用systemd管理自己服务的权限

[elovodo@system1 user]$ loginctl enable-linger
[elovodo@system1 user]$ systemctl --user daemon-reload
[elovodo@system1 user]$ 

15.设置容器服务器下次开机启动

[elovodo@system1 user]$ systemctl --user enable container_logserver --now
Created symlink /home/elovodo/.config/systemd/user/multi-user.target.wants/container_logserver.service \u2192 /home/elovodo/.config/systemd/user/container_logserver.service.
Created symlink /home/elovodo/.config/systemd/user/default.target.wants/container_logserver.service \u2192 /home/elovodo/.config/systemd/user/container_logserver.service.
[elovodo@system1 user]$ 

16.查看状态

systemctl --user status container_logserver

17.执行命令

podman exec container_logserver ls