第十五周学习报告

原创

dcdc5999 2021-06-27 12:45:03 ©著作权

文章标签 作业 文章分类 运维

©著作权归作者所有：来自51CTO博客作者dcdc5999的原创作品，请联系作者获取转载授权，否则将追究法律责任

1、PAM和google模块实现ssh双因子安全验证。

1.安装软件
手机安装google-authenticator，linux安装epel源，下载安装google-authenticator
2.执行google-authenticator
[root@localhost ~]#  google-authenticator

Do you want authentication tokens to be time-based (y/n) y
Warning: pasting the following URL into your browser exposes the OTP secret to Google:
  https://www.google.com/chart?chs=200x200&chld=M|0&cht=qr&chl=otpauth://totp/root@localhost.localdomain%3Fsecret%3DLSPNX2A64IZYEBKO5JFRQ24ZXQ%26issuer%3Dlocalhost.localdomain
3.修改sshd配置和pam配置
[root@localhost ~]# sed -i '1a\auth required   pam_google_authenticator.so' /etc/pam.d/sshd 
修改/etc/ssh/sshd_configw文件
ChallengeResponseAuthentication yes
重启sshd
[root@localhost ~]# systemctl restart sshd
4.查看二维码，绑定手机
https://www.google.com/chart?chs=200x200&chld=M|0&cht=qr&chl=otpauth://totp/root@localhost.localdomain%3Fsecret%3DJPHB34W3MSQ6WQRSSTR7GY3AMM%26issuer%3Dlocalhost.localdomain
5验证测试
[root@localhost ~]# ssh 192.168.1.48
Verification code: 
Password: 
Verification code: 
Password: 
Last failed login: Sun Jun 27 11:46:17 CST 2021 from 192.168.1.47 on ssh:notty
There was 1 failed login attempt since the last successful login.
Last login: Sun Jun 27 11:44:19 2021 from 192.168.1.156
[root@localhost ~]# hostname -I
192.168.1.48

2、使用chrony实现内网时间同步（一台node1从外网同步时间，其余机器从node1同步时间）。

1.安装chrony软件
[root@localhost ~]# yum install -y chrony
2.修改配置，启动服务
服务器上
[root@localhost ~]# vim /etc/chrony.conf 
server ntp.aliyun.com iburst
客户端上
[root@localhost ~]# vim /etc/chrony.conf 
server 192.168.1.48 iburst
启动chrony服务
[root@localhost ~]# systemctl start chronyd
3.验证
服务器
chronyc> sources -v 
210 Number of sources = 1

  .-- Source mode  '^' = server, '=' = peer, '#' = local clock.
 / .- Source state '*' = current synced, '+' = combined , '-' = not combined,
| /   '?' = unreachable, 'x' = time may be in error, '~' = time too variable.
||                                                 .- xxxx [ yyyy ] +/- zzzz
||      Reachability register (octal) -.           |  xxxx = adjusted offset,
||      Log2(Polling interval) --.      |          |  yyyy = measured offset,
||                                \     |          |  zzzz = estimated error.
||                                 |    |           \
MS Name/IP address         Stratum Poll Reach LastRx Last sample               
===============================================================================
^* 203.107.6.88                  2   6    33    21   +277us[+2154us] +/-   17ms

chronyc> clients 
Hostname                      NTP   Drop Int IntL Last     Cmd   Drop Int  Last
===============================================================================
192.168.1.47                    4      0   1   -    56       0      0   -     -
客户端
chronyc> sources -v
210 Number of sources = 1

  .-- Source mode  '^' = server, '=' = peer, '#' = local clock.
 / .- Source state '*' = current synced, '+' = combined , '-' = not combined,
| /   '?' = unreachable, 'x' = time may be in error, '~' = time too variable.
||                                                 .- xxxx [ yyyy ] +/- zzzz
||      Reachability register (octal) -.           |  xxxx = adjusted offset,
||      Log2(Polling interval) --.      |          |  yyyy = measured offset,
||                                \     |          |  zzzz = estimated error.
||                                 |    |           \
MS Name/IP address         Stratum Poll Reach LastRx Last sample               
===============================================================================
^* 192.168.1.48                  3   6    17    27  -1109ns[  -22us] +/-   23ms

2、利用cobbler实现系统自动化安装。

1.安装软件
[root@oracle ~]# yum install dhcp cobbler
[root@oracle ~]# systemctl enable --now cobblerd httpd tftp dhcpd
2.软件配置
[root@oracle ~]# cobbler check
根据check情况修改配置
[root@oracle ~]# vim /etc/xinetd.d/tftp 
修改 disable = yes    改为no
[root@oracle ~]# systemctl restart tftp
[root@oracle ~]# vim /etc/cobbler/settings
修改server为本机
server：10.0.0.5
next_server: 10.0.0.5
修改密码
[root@oracle ~]# openssl passwd -1 'test'
$1$9VKoblnh$V.S5IRzTy1WxU1p5EaKbQ0
[root@oracle ~]# vim /etc/cobbler/settings
default_password_crypted: "$1$9VKoblnh$V.S5IRzTy1WxU1p5EaKbQ0"
manage_dhcp: 1     修改dhcp配置
[root@oracle ~]# systemctl restart cobblerd      重启服务
3.修改dhcp配置
[root@oracle ~]# vim /etc/cobbler/dhcp.template
subnet 10.0.0.0 netmask 255.255.255.0 {
     option routers             10.0.0.5;
     option domain-name-servers 10.0.0.5;
     option subnet-mask         255.255.255.0;
     range dynamic-bootp        10.0.0.100 10.0.0.200;
[root@oracle ~]# cobbler sync
[root@oracle ~]# systemctl start dhcpd
4.下载所缺文件
[root@oracle ~]# cobbler get-loaders
5.导入安装wenjian
[root@oracle ~]# cobbler import --name=redhat-7 --path=/mnt/iso --arch=x86_64
[root@oracle ~]# cobbler distro list
   redhat-7-x86_64
6.安装测试
[root@10 ~]# hostname -I
10.0.0.100 
[root@10 ~]# ls
anaconda-ks.cfg  ks-post.log           ks-pre.log
cobbler.ks       ks-post-nochroot.log  original-ks.cfg