EXAM5
执行lab-resetvm还原虚拟机,以下所有操作均在虚拟机上完成:
1> 添加用户bob、leo和jack,他们不在同一个组,可以使用sudo只运行service和chkconfig命令,而无需提供密码。
# useradd bob
# useradd leo
# useradd jack
# visudo
......
User_Alias USER=bob,leo,jack
Cmnd_Alias CMND=/sbin/service,/sbin/chkconfig..................绝对路径
USER ALL=NOPASSWD: CMND
bob...]$ sudo service httpd restart
bob...]$ sudo chkconfig httpd --list
bob...]$ sudo chkconfig --level 35 httpd on
2> 配置LDAP用户可以通过Kerberos身份验证进行登录,并在登录时自动挂载自己的主目录。
确认安装
# yum groupinstall -y directory-client
# yum install -y openldap-clients
# yum install -y krb5-workstation
图形环境
# System-config-authentication
Realm EXAMPLE.COM
KDCs instructor.example.com
Admin Servers instructor.example.com
文本环境
# wget http://192.168.0.254/pub/EXAMPLE-CA-CERT -P /etc/openldap/cacerts
# authcinfig-tui.......................配置
选择 use kerberos 验证,其他同上
# getent passwd ldapusersdd1
# vim /etc/sssd/sssd.conf
enumerate = True.............................以使getent passwd 执行时显示本地以及网络用户
# vim/etc/auto.master
/home/guests /etc/auto.guests
# vim /etc/auto.guests
* 192.168.0.254:/home/guests/&
Desktop...]# ssh [email protected]
此时 111下/home/guests会产生ldapuser1目录,默认root用户不能进入该目录,只有
ldapouser1可以工作
3> 在您的虚拟机与宿主机上建立GPG加密环境,要求可以双向加密解密文件。
111]$ gpg –gen-key .........................生成密钥对
111]$ gpg -a -o ~/pub.key --export CA83F5AF ........导出公钥到 pub.key文件,与合作伙伴共享
111]$ scp pub.key 192.168.0.11:~ ...............将导出的公钥复制到合作伙伴
11】# gpg --import pub.key..........................11机子导入公钥,会看到公钥 CA83F5AF
11】# echo www.westos.org! > encrypt.txt....................................11机子创建文本
11】# gpg --encrypt --armor -r CA83F5AF encrypt.txt .....用公钥生成加密文件encrypt.txt.asc
11】# scp encrypt.txt.asc server1.example.com:~ .......................将加密文件复制合作伙伴
111]# gpg --decrypt encrypt.txt.asc ..............................111机子解密文件
二者反过来再做一次,可实现111对11传输加密文件
4> 添加一块虚拟网卡,配置主备模式以太网绑定
添加虚拟网卡
# vim /etc/sysconfig/network-scripts/ifcfg-bond0........建立绑定接口 bond0 配置文件
DEVICE="bond0"
BOOTPROTO="none"
IPADDR="192.168.0.111"
PREFIX=”24”
ONBOOT="yes"
BONDING_OPTS=”mode=1 miimon=50”
# vim /etc/sysconfig/network-scripts/ifcfg-eth0............建立 Slave 接口 eth0 配置文件
DEVICE="eth0"
BOOTPROTO="none"
ONBOOT="yes"
MASTER="bond0"
SLAVE="yes“
# vim /etc/sysconfig/network-scripts/ifcfg-eth1............建立 Slave 接口 eth1 配置文件
DEVICE="eth1"
BOOTPROTO="none"
ONBOOT="yes"
MASTER="bond0"
SLAVE="yes“
# vim /etc/modprobe.d/bonding.conf ...................配置系统加载 binding 模块:
alias bond0 bonding
# vim /etc/rc.d/rc.local......................................... 附加 Slave 接口到 bond0 :
ifenslave bond0 eth0 eth1
reboot 重启系统
# cat /proc/net/bonding/bond0............................. 查看 bonding 状态
Ethernet Channel Bonding Driver: v3.5.0 (November 4, 2008)
Bonding Mode: fault-tolerance (active-backup)
Primary Slave: None
Currently Active Slave: eth0
MII Status: up
MII Polling Interval (ms): 50
Up Delay (ms): 0
Down Delay (ms): 0
Slave Interface: eth0
MII Status: up
Link Failure Count: 0
Permanent HW addr: 52:54:00:00:00:19
Slave Interface: eth1
MII Status: up
Link Failure Count: 0
Permanent HW addr: 52:54:00:75:e7:72
# ifdown eth0
此时产看eth1已经接替eth0工作
5> 开启内核路由功能,永久生效。
# vim /etc/sysctl.conf
net.ipv4.ip_forward = 1