RHCE 7.0 考试命令整理
RHCSA
1、开机密码
rd.baerk
mount -o remount,rw /sysroot/
chroot /sysroot/
echo “ooxx9527” | passwd –stdin root
touch /.autorelabel
2、设置SELinux
Vim /etc/selinux/config
3、yum第三方仓库
yum-config-manager –add-repo=”目的地址”
vim /etc/yum.repos.d/目的地址.repo
4、调整逻辑卷容量
df –h
lvs LV 查询
vgs VG 查询
pvs PV 查询
partprobe 重新获取
pvcreate /dev/sdb1 加入LVM
vgextend vg1 /dev/sdb1 创建VG
lvextend -L 770M /dev/vg1/lvm1 创建LV
xfs_growfs /lv路径 xfs LV更新
resize2fs ext4 LV更新
5、创建用户和组
useradd 用户名 -s /sbin/nologin shell不可登陆
6、文件权限设置
setfacl -m u:用户名:权限 /文件
chown 用户名:组名 /文件
7、计划任务
crontab -u 用户名 -e
分 时 日 月 星期 命令
8、文件特殊权限
chgrp 组名 /文件 改变所属组
chmod 权限 / 文件名 4=SUID 2=SGID
9、升级内核
rpm -ivh 目的地址
10、配置LDAP
yum install sssd authconfig-gtk krb5-workstation
11、配置LDAP用户家目录挂载
建立本地挂载点,并给777权限
12、同步时间
vim /etc/chrony.conf
server classroom.example.com iburst
13、打包文件
tar -cjf /打包后文件名.tar.bz2 /文件
14、创建指定用户和ID
useradd 用户名 -u UID
15、创建SWAP分区
lsblk
free -h
partprobe 重新加载硬盘设备
blkid 查看UUID
swapon -a
swapoff -a
16、查找文件
find
17、过滤文件
grep “查找字符” /源文件 > /目标文件
18、新建逻辑券
建立一个新分区
pvcreate /硬盘分区 创建PV
vgcreate -s PE尺寸 卷组名称 /硬盘分区 创建VG
lvcreate -l 8 -n lv名称 VG名称 创建LV
mkfs.xfs /dev/卷组名/LV名 格式化
创建挂载目录
vim /etc/fstab
UUID="。。。" /挂载点 文件系统 defaults 0 0
mount -a
RHCE
1、配置SeLinux
vim /etc/selinux/config
enabled 开起selinux
2、ssh访问控制
systemctl is-enabled iptables.service
systemctl is-enabled ip6tables.service
systemctl is-enabled ebtables.service
systemctl mask iptables.service
systemctl mask ip6tables.service
systemctl mask ebtables.service 关闭并mask三个服务
systemctl is-enabled firewalld.service (enabled) 确保firewalld服务的启动设定类型显enabled,而且服务需要处于running状态
systemctl enable firewalld.service
systemctl start firewalld.service
systemctl is-enabled sshd.service(enabled)
firewall-cmd --permanent --add-service=ssh
firewall-cmd --permanent --add-rich-rule 'rule family=ipv4 source address=172.17.10.0/24 service name=ssh reject'
firewall-cmd --reload
firewall-cmd --list-all
3、配置IPV6
desktop0:
nmcli conn modify eth0 ipv6.add “fddb:fe2a:ab1e::c0a8:2/64” ipv6.method “manual”
nmcli conn down eth0
nmcli conn up eth0
server0:
nmcli conn modify eth0 ipv6.add “fddb:fe2a:ab1e::c0a8:1/64” ipv6.method “manual”
nmcli conn down eth0
nmcli conn up eth0
4、配置聚合链路
server0:
nmcli con add con-name team0 type team ifname team0 config ‘{“runner”:{“name”: “activebackup”}}’
nmcli con mod team0 ipv4.addresses “192.168.0.101/24” ipv4.method “manual”
nmcli con add con-name team0-port1 type team-slave ifname eth1 master team0
nmcli con add con-name team0-port2 type team-slave ifname eth2 master team0
5、自定义用户环境
echo “alias qstat=’/bin/ps -Ao pid,tt,user,fname,rsz’” >> /etc/bashrc
source /etc/bashrc
6、配置本地邮件
systemctl status postfix.service
postconf -e “inet_interfaces=loopback-only”
postconf -e “myorigin=example.com”
postconf -e “relayhost=[classroom.example.com]”
postconf -e “mynetworks=127.0.0.1/8 [::1]/128”
postconf -e “mydestination=”
postconf -e “local_transport=error:local delivery disabled”
7、配置端口转发
server0:
firewall-cmd --permanent --add-rich-rule “rule family=ipv4 source address=172.25.0.0/24 forward-port port=5423 protocol=tcp to-port=80”
firewall-cmd --permanent --add-rich-rule “rule family=ipv4 source address=172.25.0.0/24 forward-port port=5423 protocol=udp to-port=80”
firewall-cmd --reload
8、SMB共享目录
server0:
yum install -y samba samba-client
firewall-cmd --permanent --add-service=samba
firewall-cmd --reload
systemctl enable smb nmb
systemctl start smb nmb
useradd -s /sbin/nologin rob
useradd -s /sbin/nologin brian
smbpasswd -a rob
smbpasswd -a brian
mkdir /common
chgrp brian /common/
semanage fcontext -a -t samba_share_t ‘/common(/,*)?’
restorecon -RFv /common/
chmod 2775 /common/
vim /etc/samba/smb.conf
workgroup = STAFF
hosts allow = 127.0.0 172.25.0.
[common]
path = /common
browseable = yes
write list = brian
systemctl restart smb nmb
9、多用户SMB挂载
desktop0:
yum -y install cifs-utils
mkdir /mnt/multiuser
echo “username=brian”>/root/muser.txt
echo “password=redhat”>>/root/muser.txt
echo “//server0/common /mnt/multiuser cifs credentials=/root/muser.txt,multiuser,sec=ntlmssp 0 0 " >> /etc/fstab
mount -a
10、配置NFS服务
server0:
yum -y install nfs-utils
systemctl enable nfs-server
systemctl start nfs-server
firewall-cmd --permanent --add-service=nfs
firewall-cmd --reload
wget -O /etc/krb5.keytab http://classroom.example.com/pub/keytabs/server0.keytab
systemctl enable nfs-secure-server
systemctl start nfs-secure-server
非加密共享:
mkdir /public
chown nfsnobody /public/
echo “/public *.example.com(ro)” >> /etc/exports
exportfs -avr
systemctl restart nfs-server
加密共享:
vim /etc/sysconfig/nfs
RPCNFSDARGS=”-V 4.2"
mkdir -p /protected/project
chown ldapuser0: /protected/project/
echo “/protected *.example.com(rw,sec=krb5p)” >> /etc/exports
exportfs -arv
systemctl restart nfs-secure-server
11、挂载NFS共享
desktop0:
echo “server0.example.com:/public /mnt/nfsmount nfs defaults 0 0” >> /etc/fstab
mount -a
wget -O /etc/krb5.keytab http://classroom.example.com/pub/keytabs/desktop0.keytab
systemctl enable nfs-secure
systemctl start nfs-secure
mkdir /mnt/nfssecure
echo “server0.example.com:/protected /mnt/nfssecure nfs defaults,sec=krb5p,v4.2 0 0” >> /etc/fstab
mount -a
12、实现一个web服务器
server0:
yum -y install httpd
systemctl enable httpd
systemctl start httpd
firewall-cmd --permanent --add-service=http
firewall-cmd --reload
vim /etc/httpd/conf.d/vhost-server0.conf
Require all granted
Require not host .my133t.org
ServerName server0.example.com
DocumentRoot “/var/www/html”
customLog “logs/vhost_server0” combined
13、配置安全的web服务
server0:
yum -y install mod_ssl
firewall-cmd --permanent --add-service=https
firewall-cmd --reload
wget -O /etc/pki/tls/certs/server0.crt 下载地址
wget -O /etc/pki/tls/certs/example-ca.crt 下载地址
wget -O /etc/pki/tls/private/server0.key 下载地址
vim /etc/httpd/conf.d/ssl.conf
DocumentRoot “/var/www/html” 自己添加
ServerName server0.example.com:443 自己添加
Require all granted
Require not host .my133t.org
…
SSLCertificateFile /etc/pki/tls/certs/server0.crt 修改为指定下载的证书
SSLCertificateKeyFile /etc/pki/tls/private/server0.key 修改为指定下载的密钥
SSLCACertificateFile /etc/pki/tls/certs/example-ca.crt 修改为指定的根证书
14、配置虚拟主机
mkdir /var/www/virtual
wget -O /var/www/virtual/index.html 下载地址
semanage fcontext -a -t httpd_sys_content_t '/var/www/virtual(/.)?’
restorecon -vFR /var/www/virtual/
useradd floyd
setfacl -m u:floyd:rwx /var/www/virtual
vim /etc/httpd/conf.d/vhost-www0.conf
ServerName www0.example.com
DocumentRoot “/var/www/virtual”
customlog “logs/vhost-www0.log” combined
Require all granted
15、配置web内容访问
semanage–port –a –t http_port_t -p tcp 8908
firewall-cmd --permanent --add-port=8908/tcp
firewall-cmd --reload
mkdir /var/www/webapp
wget -O /var/www/webapp/webinfo.wsgi 下载地址
16、实现动态web内容
semanage–port –a –t http_port_t -p tcp 8908
firewall-cmd --permanent --add-port=8908/tcp
firewall-cmd --reload
mkdir /var/www/webapp
wget -O /var/www/webapp/webinfo.wsgi 下载地址
yum -y install mod_wsgi
17、创建一个脚本
server0:
vim /root/foo.sh
#!/bin/bash
case $1 in
redhat)
echo “fedora”
;;
fedora)
echo “redhat”
;;
)
echo “/root/foo.sh redhat|fedora”
;;
esac
18、创建一个添加用户的脚本
vim /root/batchusers
#!/bin/bash
if [ $# -eq 1 ];then
if [ -f “$1” ]; then
while read username;do
id $username &>/dev/null
if [ $? -ne 0 ];then
useradd -s /bin/false $username &>/dev/null
#echo “redhat” | passwd --stdin $username
fi
done <$1
else
echo “input file not found”
exit 1
fi
else
echo “usage: /root/batchusers userfile”
exit 2
fi
./batchusers
wget 下载地址 &>/dev/null
./batchusers userlist
19、 配置ISCSI 服务端
server0:
yum install -y targetcli
systemctl enable target.service
systemctl start target.service
firewall-cmd --permanent --add-port=3260/tcp
firewall-cmd --reload
pvcreate /dev/sdb1
vgcreate iscsi /dev/sdb1
lvcreate -n iscsi_store -l 100%VG created
targetcli
ls
iscsi/ create iqn.2014-11.com.example:server0
iscsi/iqn.2014-11.com.example:server0/tpg1/portals create 172.25.0.11 3260
backstores/block create name=iscsi_store.server0 dev=/dev/iscsi/iscsi_store
iscsi/iqn.2014-11.com.example:server0/tpg1/luns create /backstores/block/iscsi_store.server0
iscsi/iqn.2014-11.com.example:server0/tpg1/scls create iqn.2014-11.com.example:desktop0
20、配置ISCSI客户端
desktop0:
systemctl enable iscsi
systemctl start iscsi
vim /etc/iscsi/initiatorname.iscsi
initiatorname=iqn.2014-11.com.example:desktop0
iscsiadm -m discovery -t st -p 172.25.0.11
iscsiadm -m node -T iqn.2014-11.com.example:server0 -p 172.25.0.11:3260 -l
vim /etc/fstab
UUID ="" /mnt/data ext4 defaults,_netdev 0 0
mount -a
21、部署mariaDB
server0
yum -y groupinstall mariadb mariadb-client
systemctl enable mariadb.service
systemctl start mariadb.service
mysql_secure_installation
wget 下载地址
mysql -uroot -proot_password
create database legacy;
use legacy;
source /root/mariadb.dump
show databases;
show tables;
grant select on legacy. to mary@‘localhost’ identified by ‘mary_password’;
grant select,insert,update,delete on legacy. to legacy@‘localhost’ identified by ‘legacy_password’;
firewall-cmd --permanent --add-service=mysql
firewall-cmd --reload
22、数据查询
server0:
user legacy
desc product
select id from product where name=‘RT-AC68u’;
select product.id;product.name,product.id_category from category,product where category.name=‘Servers’ and category.id=product.id_category;
select count(product.id) from category,product where category.name=‘Servers’ and category.id=product.id_category;