redhat7命令

原创

远方在呼唤 2019-07-17 17:49:01 博主文章分类：运维 ©著作权

文章标签 redhat7命令 文章分类 运维

©著作权归作者所有：来自51CTO博客作者远方在呼唤的原创作品，请联系作者获取转载授权，否则将追究法律责任

1、selinux vim /etc/selinux/config 根据题目要求设置 getenforce

2、SSH vim /etc/hosts.allow sshd : 172.25.0.0/24 vim /etc/hosts.deny sshd : 172.24.3.0/24 yum -y install xinetd systemctl restart sshd xinetd systemctl enable sshd xinetd firewall-cmd --permanent --add-rich-rule 'rule family=ipv4 source address=172.24.3.0/24 service name=ssh drop'

firewall-cmd --reload firewall-cmd --list-all

3、自定义用户环境 echo "alias qstat='/bin/ps -Ao pid,tt,user,fname,rsz'" >> /etc/bashrc

4、配置防火墙端口转发 firewall-cmd --permanent --add-rich-rule 'rule family=ipv4 source address=172.25.0.0/24 forward-port port=5423 protocol=tcp to-port=80' firewall-cmd --reload firewall-cmd --list-all

5、配置链路聚合 nmcli connection add type team con-name team0 ifname team0 config '{"runner":{"name":"activebackup"}}' nmcli connection add type team-slave con-name team0-eth1 ifname eth1 master team0 nmcli connection add type team-slave con-name team0-eth2 ifname eth2 master team0 vim /etc/sysconfig/network-script/ifcfg-team0 BOOTPROTO=static IPADDR=172.16.0.20 NETMASK=255.255.255.0 systemctl restart network teamdctl team0 stat

6、配置ipv6地址 nmcli connection show nmcli connection modify 'System eth0' connection.autoconnect yes ipv6.method manual +ipv6.address '2003:ac18::305/64' nmcli connection up 'System eth0' ifconfig

7、邮件服务 vim /etc/postfix/main.cf relayhost = [smtp0.example.com] myorigin = example.com mydestination = inet_interfaces = loopback-only local_transport = error:local mail delivery is disabled systemctl restart postfix.service systemctl enable postfix.service firewall-cmd --permanent --add-service=smtp firewall-cmd --reload firewall-cmd --list-all

8、samba yum -y install samba* mkdir /common setsebool -P samba_export_all_rw=on id ldapuser1 pdbedit -a ldapuser1 vim /etc/samba/smb.conf 查找workgroup,修改:workgroup = STAFF

最后一行： [common] path = /common hosts allow = 172.25.0.0/24 firewall-cmd --permanent --add-service=samba firewall-cmd --reload firewall-cmd --list-all systemctl restart smb nmb systemctl enable smb nmb

验证:客户端 yum -y install samba-client cifs-utils smbclient -L server0 -U ldapuse1

9、多用户samba挂载 mkdir /devops id ldapuser2 id ldapuser3 pdbedit -a ldapuser2 pdbedit -a ldapuser3 setfacl -m u:ldapuser3:rwx /devops/ vim /etc/samba/smb.conf [devops] path = /devops write list = ldapuser3 valid users = ldapuser2,ldapuser3 hosts allow = 172.25.0.0/24 systemctl restart smb nmb systemctl enable smb nmb

客户端 smbclient -L server0 mkdir /mnt/dev vim /etc/fstab //172.25.0.11/devops /mnt/dev cifs username=ldapuser2,password=kerberos,multiuser,sec=ntlmssp,_netdev 0 0 mount -a df -hT

验证: su - ldapuser2 cifscreads add -u ldapuser2 172.25.0.11 su - ldapuser3 cifscreads add -u ldapuser3 172.25.0.11

10、NFS mkdir -p /public /protected/project chown ldapuser0 /protected/project setfacl -m u:ldapsuer4:rwx /protected/project/ wget -O /etc/krb5.keytab http://.keytab vim /etc/exports /public 172.25.0.0/24(ro) /protected 172.25.0.0/24(rw,sec=krb5p) vim /etc/sysconfig/nfs 修改第十三行 RPCNFSDARGS="-V4.2" systemctl restart nfs-secure-server nfs-server systemctl enable nfs-secure-server nfs-server exportfs -rv firewall-cmd --permanent --add-service=nfs firewall-cmd --permanent --add-service=mountd firewall-cmd --permanent --add-service=rpc-bind firewall-cmd --reload firewall-cmd --list-all

11、挂载NFS showmount -e 172.25.0.11 mkdir -p /mnt/nfsmount /mnt/nfssecure wget -O /etc/krb5.keytab http://.keytab systemctl restart nfs-secure systemctl enable nfs-secure vim /etc/fstab server0.example.com:/public /mnt/nfsmount nfs _netdev 0 0 server0.example.com:/protected /mnt/nfssecure nfs sec=krb5p,v4.2,_netdev 0 0 mount -a df -hT

12、实现一个web服务器 yum -y install httpd cp /usr/share/doc/httpd-2.4.6/httpd-vhosts.conf /etc/httpd/conf.d vim /etc/httpd/conf.d/httpd-vhosts.conf <VirtualHost *:80> DocumentRoot /var/www/html ServerName server0.example.com </VirtualHost> <Directory /var/www/html> <RequireAll> Require not ip 172.24.3.0/24 Require all granted </RequireAll> </Directory>

cd /var/www/html/ wget http://.html -O index.html vim index.html http test1

systemctl restart httpd systemctl enable httpd firewall-cmd --permanent --add-service=http firewall-cmd --permanent --add-service=https firewall-cmd --reload firewall-cmd --list-all 验证：firefox server0.example.com

13、配置安全web yum -y install mod_ssl cd /etc/pki/tls/certs/ wget http://example-ca.crt wget http://server0.crt cd ../private/ wget http://server0.key chmod 600 server0.key vim /etc/httpd/conf.d/ssl.conf /server0.crt 修改第100行 /server0.key 修改第107行 /example-ca.crt 修改第122行 systemctl restart httpd.service systemctl enable httpd.service 验证：firefox edit->preferences->Advanced->View Certificates->import->/etc/pki/tls/certs/example-ca.crt->勾选三个勾

14、配置虚拟主机 mkdir /var/www/virtual useradd harry setfacl -m u:harry:rwx /var/www/virtual cd /var/www/virtual wget http://.html -O index.html vim index.html http test2 vim /etc/httpd/conf.d/01-www0.conf <VirtualHost *:80> ServerName www0.example.com DocumentRoot /var/www/virtual <VirtualHost> systemctl restart httpd.service systemctl enable httpd.service 验证:firefox www0.example.com

15、配置web内容访问 mkdir /var/www/html/private cd /var/www/html/private wget http://.html -O index.html vim index.html http test3 vim /etc/httpd/conf.d/00-default.conf <Directory /var/www/html/private> Require ip 127.0.0.1 ::1 172.25.0.11 </Directory> systemctl restart httpd.service systemctl enable httpd.service 验证；firefox server0.example.com/private server端可以访问,desktop端无法访问

16、实现动态web内容 yum -y install mod_wsgi mkdir /var/www/webapp0 cd /var/www/webapp0 wsgi http://webinfo.wsgi vim webinfo.wsgi 一段python脚本

vim /etc/httpd/conf.d/02-wsgi.conf Listen 8909 <VirtualHost *:8909> ServerName webapp0.example.com DocumentRoot /var/www/webapp0 WSGIScriptAlias / /var/www/webapp0/webinfo.wsgi </VirtualHost>

semanage port -a -t http_port_t -p tcp 8909 firewall-cmd --permanent --add-port=8909/tcp firewall-cmd --reload firewall-cmd --list-all 验证:firefox webapp0.example.com:8909

17、创建一个脚本 cd /root vim test1.sh #!/bin/bash case $1 in cat) echo 'dog' ;; dog) echo 'cat' ;; *) echo '/root/test1.sh cat|dog' esac

chmod +x test1.sh sh test1.sh

18、创建添加用户的脚本 cd /root vim test2.sh #!/bin/bash if [ $# -eq 0 ];then echo 'Usage: /root/batchusers userfile' exit 1 fi if [ ! -f $1 ];then echo 'Input file not found' exit 1 fi while read line do useradd -s /bin/false $line done < $1

vim userlist a b c chmod +x test2.sh sh test2.sh

19、iscsi 服务器端 fdisk /dev/vdb p n +3G p w ls /dev/vdb* yum -y insall targetcli targetcli /backstores/block create iscsi_store /dev/vdb1 iscsi/ create iqn.2016-02.com.example:server0 /iscsi/iqn.2016-02.com.example:server0/tpg1/acls create iqn.2016-02.com.example:desktop0 /iscsi /iqn.2016-02.com.example:server0/tpg1/luns create /backstores/block/iscsi_store /iscsi /iqn.2016-02.com.example:server0/tpg1/portals create 172.25.0.11 ls saveconfig exit systemctl restart target systemctl enable target firewall-cmd --permanent --add-port=3260/tcp firewall-cmd --reload firewall-cmd --list-all

20、iscsi 客户端 yum -y install iscsi-initiator-utils vim /etc/iscsi/initiatorname.iscsi InitiatorName=iqn.2016-02.com.example:desktop0 systemctl restart iscisd iscsi systemctl enable iscsid iscsi iscsiadm -m discovery -t st -p server0 iscsiadm -m node iqn.2016-02.com.example:server0 -p 172.25.0.11 -l lsblk mkdir /mnt/data fdisk /dev/sda p n +2100M p w mkfs.ext4 /dev/sda1 blkid /dev/sda1 vim /etc/fstab UUID="" /mnt/data ext4 _netdev 0 0 mount -a df -hT iscsiadm -m discovery -t st -p server0 iscsiadm -m node iqn.2016-02.com.example:server0 -p 172.25.0.11 -l sync;reboot -f

21、数据库 yum -y install mariadb-server mariadb vim /etc/my.cnf skip-networking systemctl restart mariadb systemctl enable mariadb mysqladmin -u root -p password 'redhat' mysql -u root -p create database Contacts; grant select on Contacts.* to Raikon@localhost identified by 'redhat'; show databases; delete from mysql.user where password=''; quit vim users.sql mysql -u root -predhat use Contacts; source /root/users.sql show tables;

22、数据库查询 mysql -u root -predhat use Contacts; show tables; desc base; desc location; select name from base where password=''; select count(*) from base,location where base.name='' and location.city='' and base.id=location.id;