sudo sed -e 's|^mirrorlist=|#mirrorlist=|g' \

   -e 's|^#baseurl=http://dl.rockylinux.org/$contentdir|baseurl=https://mirrors.aliyun.com/rockylinux|g' \

   -i.bak \

   /etc/yum.repos.d/rocky-extras.repo \

   /etc/yum.repos.d/rocky.repo


sudo  dnf makecache

sudo dnf group list

sudo dnf group install "Server with GUI"

sudo dnf group install "Network Servers"


systemctl set-default graphical


firewall-cmd --permanent --add-service=dns

firewall-cmd --reload

firewall-cmd --list-all



NTP客户端

   dnf -y install chrony

   vi /etc/chrony.conf

   systemctl enable --now chronyd

   chronyc sources

   dnf -y install ntpstat

   ntpstat


NTP服务端

   vi /etc/chrony.conf

pool ntp1.aliyun.com iburst

pool ntp1.tencent.com iburst

allow 10.0.0.0/8


firewall-cmd --add-service=ntp

firewall-cmd --runtime-to-permanent

chronyc sources  

----------------------------------------------------------------------

#清理

uname -r  #当前在用

rpm -qa | grep kernel

  grubby --default-kernel  #确认当前内核

  ls -l /boot/vmlinuz-*

  grubby --set-default /boot//boot/vmlinuz-xxx

  grep limit /etc/dnf/dnf.conf

  dnf -y remove --oldinstallonly --setopt installonly_limit=1 kernel


----------------------------------------------------------------------

Cockpit  #

dnf install Cockpit

systemctl enable --now cockpit   #开启服务

firewall-cmd --add-service=cockpit --permanent

firewall-cmd --reload

vim /etc/cockpit/disallowed-users   注释root以使用root账号登录

https://ip:9090   #开始使用

----------------------------------------------------------------------


=========SQL SERVER express=======================================================

docker run --restart=always \

 -v sqldata:/var/opt/mssql \

 -v /etc/localtime:/etc/localtime:ro \

 -e "MSSQL_PID=Express" \

 -e TZ="Asia/Shanghai" \

 -e 'ACCEPT_EULA=Y' -e "SA_PASSWORD=123456" \

 -p 1433:1433 --name sql-server \

 -d mcr.microsoft.com/mssql/server:latest

=========SQL SERVER express=======================================================


安装dhcpd

sudo dnf -y install dhcp-server


安装webmin

curl -o setup-repos.sh https://raw.githubusercontent.com/webmin/webmin/master/setup-repos.sh

sh setup-repos.sh


修改默认账号root密码为password

/usr/libexec/webmin/changepass.pl /etc/webmin root password


vim /etc/webmin/miniserv.conf   #port和listen参数

/etc/webmin/restart   #重启

/etc/webmin/start   #启动

/etc/webmin/stop   #停止


listen-on port 53 { any; };

listen-on-v6 port 53 {any;};

allow-query { any; };


#抓包

tcpdump -i ens192 udp port 53 -nn

ss -ntul


#相关日志

 /var/log/name.log 或name.run

 query.log  #Dns请求

 security.log  #安全日志


----------主服务器-------------------------------------------------------------------------------

#

# DHCP Server Configuration file.

#   see /usr/share/doc/dhcp-server/dhcpd.conf.example

#   see dhcpd.conf(5) man page

authoritative;


failover peer "dhcp-failover" {      #指定群组名称

    primary;                      #定义主dhcp服务器

    address 10.100.0.88;         #本服务器地址      

    peer address 10.100.0.27;       #对端服务器地址

    peer port 647;       #默认监听647端口

    max-unacked-updates 10;    

    mclt 3600;

    split 255;   #128负载均衡,255仅主服务器响应除非本服务器异常

    load balance max seconds 5;

}


#  有线段--负载均衡的DHCP段

subnet 10.1.2.0 netmask 255.255.255.0 {

option domain-name-servers 10.1.0.1 , 10.5.0.200;

option routers 10.1.2.254;

default-lease-time 28800;

   pool {

   failover peer "dhcp-failover";    #peer与上面一致

   range 10.1.2.150 10.1.2.200;

}

# 办公无线

subnet 10.1.16.0 netmask 255.255.240.0 {

option domain-name-servers 10.1.0.1 , 10.5.0.200;

option routers 10.1.31.254;

default-lease-time 28800;

range 10.1.16.2 10.1.31.240;

}


----------从服务器-------------------------------------------------------------------------------

#

# DHCP Server Configuration file.

#   see /usr/share/doc/dhcp-server/dhcpd.conf.example

#   see dhcpd.conf(5) man page

authoritative;


failover peer "dhcp-failover" {      #指定群组名称

    primary;                      #定义主dhcp服务器

    address 10.5.0.200;         #本服务器地址      

    peer address 10.1.01;       #对端服务器地址

    peer port 647;       #默认监听647端口

    max-unacked-updates 10;    

    mclt 3600;

    #split 255;   #128负载均衡,255仅主服务器响应除非本服务器异常,从服务器无法设置255

    load balance max seconds 5;

}


#  有线段--负载均衡的DHCP段

subnet 10.1.2.0 netmask 255.255.255.0 {

option domain-name-servers 10.1.0.1 , 10.5.0.200;

option routers 10.1.2.254;

default-lease-time 28800;

   pool {

   failover peer "dhcp-failover";    #peer与上面一致

   range 10.1.2.150 10.1.2.200;

}

# 办公无线

subnet 10.1.16.0 netmask 255.255.240.0 {

option domain-name-servers 10.1.0.1 , 10.5.0.200;

option routers 10.1.31.254;

default-lease-time 28800;

range 10.1.16.2 10.1.31.240;

}


BIND配置

全局转发

#bind无法提供查询转发解析,需dns安全扩展dnssec-enable与dnssec-validation 改为no

dnssec-enable no;

dnssec-validation no;

forward only;

forwarders { 114.114.114.114; };  

#forward 选项first和only,first为默认值;

   #first为forwarders列表不为空时才生效,服务器优先用forwarders列表中的内容进行查询,如未响应,则向根服务器开始迭代查询;

   #only值则只使用forwarders列表的服务器,如果不能得到正确响应,则返回不能解析。


options {

  listen-on port 53 {any;};

  listen-on-v6 port 53 {any;};

  directory  "/var/named";

  dump-file  "/var/named/data/cache_dump.db";

  statistics-file "/var/named/data/named_stats.txt";

  memstatistics-file "/var/named/data/named_mem_stats.txt";

  secroots-file "/var/named/data/named.secroots";

  recursing-file "/var/named/data/named.recursing";

  allow-query { any; };

    

recursion yes;

dnssec-enable no;

dnssec-validation no;


managed-keys-directory "/var/named/dynamic";

geoip-directory "/usr/share/GeoIP";


pid-file "/run/named/named.pid";

session-keyfile "/run/named/session.key";


/* https://fedoraproject.org/wiki/Changes/CryptoPolicy */

include "/etc/crypto-policies/back-ends/bind.config";


forwarders {

 223.5.5.5;

 114.114.114.114;

 180.76.76.76;

 8.8.8.8;

 };

};


logging {

       channel default_debug {

               file "data/named.run";

               severity dynamic;

       };

};


zone "." IN {

type hint;

file "named.ca";

};


include "/etc/named.rfc1912.zones";

include "/etc/named.root.key";


zone "abc.com" {

type master;

file "/var/named/eabc.com.hosts";

};



服务检查

/opt/dns_health_check.sh  #dns状态检查日志

crontab -e

0 * * * * /opt/dns_health_check.sh >> /opt/dns_health_check.log 2>&1     #一小时检查一次

--------------------------------------------------

#!/bin/bash

date +"%Y-%m-%d %H:%M:%S"

# 检查 BIND 服务状态

bind_status=$(systemctl is-active named.service)


if [ "$bind_status" != "active" ]; then

 echo "BIND 服务未运行或出现错误,正在尝试重启"

 sudo systemctl restart named

 sudo rndc reload

 dig www.baidu.com +short

 exit 1

fi


# 检查 DNS 解析

dns_query=$(dig www.baidu.com +short)


if [ -z "$dns_query" ]; then

       echo "DNS 解析未返回任何结果。"

       echo "执行 DNS 重启操作..."

       sudo systemctl restart named

       sudo rndc reload

       echo "执行 DNS 缓存清理操作..."

       sudo rndc flush

       echo "DNS 服务已重启。"

else

       echo "DNS 解析正常。"

       echo "www.abc.com的解析为:"

       dig www.abc.com +short

fi