[root@system1 ~]# setenforce 1
[root@system1 ~]# vim /etc/sysconfig/selinux
SELINUX=enforcing
[root@system2 ~]# getenforce
[root@system2 ~]# setenforce 1
[root@system2 ~]# vim /etc/sysconfig/selinux
SELINUX=enforcing
2.
[root@system1 ~]# host rhce.cc
[root@system1 ~]# vim /etc/hosts.allow
sshd : 192.168.122.0/255.255.255.0
[root@system1 ~]# vim /etc/hosts.deny
sshd : .my1335.org
[root@system1 ~]# scp /etc/hosts.allow /etc/hosts.deny system2:/etc/
3.
[root@system1 ~]# vim /etc/bashrc
alias qstat='/bin/ps -Ao pid,tt,user,fname,rsz'
[root@system1 ~]# source /etc/bashrc
[root@system1 ~]# qstat
[root@system2 ~]# vim /etc/bashrc
alias qstat='/bin/ps -Ao pid,tt,user,fname,rsz'
[root@system2 ~]# source /etc/bashrc
[root@system2 ~]# qstat
4.
[root@system1 ~]# yum whatprovides */firewall-config
[root@system1 ~]# yum -y install firewall-config
[root@system1 ~]# LANG=C firewall-config &
(Runtime)Rich Rule->Element:forward-port->port->5423->80
Permanent ->Rich Rule->Element:forward-port->port->5423->80
[root@system1 ~]# firewall-config --list
5.
[root@system1 ~]# LANG=C nm-connection-editor &
eth0->add->Team->Connection name:team0->Add->Connection name:team0-slave1-52:54:00:4D:85:3C (eth1、eth2)(两个)->JSON config:{"runner":{"name":"activebackup"}}->IPV4 Settings->Method:Manual->Addresses:172.16.11.25/24
[root@system1 network-scripts]# vim ifcfg-team0_slave_1
ONBOOT=yes
[root@system1 network-scripts]# vim ifcfg-team0_slave_2
ONBOOT=yes
{"runner":{"name":"activebackup"}}
6.
[root@system1 ~]# nm-connection-editor &
eth0->IPv6->200e:ac18::e0a/64
[root@system2 ~]# nm-connection-editor &
eth0->IPv6->200e:ac18::e14/64
7.
[root@system1 ~]# vim /etc/postfix/main.cf
#mydestination = $myhostname, localhost.$mydomain, localhost
mydestination =
#relayhost = $mydomain
#relayhost = [gateway.my.domain]
#relayhost = [mailserver.isp.tld]
#relayhost = uucphost
relayhost = [rhgls.rhce.cc]
[root@system1 ~]# systemctl restart postfix
[root@system1 ~]# postconf|grep ^myori
myorigin = $myhostname
[root@system1 ~]# postconf -e myorigin=rhce.cc
[root@system1 ~]# postconf|grep ^myori
myorigin = rhce.cc
[root@system1 ~]# yum -y install mailx
[root@system1 ~]# echo aaa|mail -s sss dave
[root@server ~]# firefox http://rhgls.rhce.cc/received_mail/11 &
[root@system1 ~]# scp /etc/postfix/main.cf system2:/etc/postfix/
8.
[root@system1 ~]# yum -y install samba
[root@system1 ~]# vim /etc/samba/smb.conf
workgroup = STAFF
[root@system1 ~]# mkdir /etc/samba/common
[root@system1 ~]# chcon -R -t samba_share_t /etc/samba/common
[root@system1 ~]# vim /etc/samba/smb.conf
[common]
path = /common
hosts allow = 192.168.122.0/24
[root@system1 ~]# systemctl restart smb
[root@system1 ~]# systemctl enable smb.service
[root@system1 ~]# firewall-cmd --add-service=samba
[root@system1 ~]# firewall-cmd --add-service=samba --permanent
[root@system1 ~]# yum -y install samba-client.x86_64
[root@system1 ~]# pdbedit -L
[root@system1 ~]# useradd andy
[root@system1 ~]# smbpasswd -a andy
[root@system2 ~]# smbclient -L //system1.rhce.cc -U andy%redhat
[root@system2 ~]# smbclient //system1.rhce.cc/common -U andy%redhat
9.
[root@system1 ~]# mkdir /etc/samba/miscellaneous
[root@system1 ~]# vim /etc/samba/smb.conf
[miscellaneous]
path = /miscellaneous
hosts allow = 192.168.122.0/24
writable = no
write list = akira
[root@system1 ~]# useradd silene
[root@system1 ~]# useradd akira
[root@system1 ~]# smbpasswd -L silene
[root@system1 ~]# smbpasswd -L akira
[root@system1 ~]# chmod o+w /etc/samba/miscellaneous/
[root@system1 ~]# systemctl restart smb
[root@system2 ~]# smbclient -L //system1.rhce.cc -U akira%redhat
[root@system2 ~]# mkdir /mnt/multi
[root@system2 ~]# yum -y install cifs*
[root@system1 ~]# setfacl -m u:akira:rw /miscellaneous/
//system1.rhce.cc/miscellaneous /mnt/multi cifs defaults,multiuser,sec=ntlmssp,user=silene,password=redhat 0 0
10.
[root@system1 ~]# mkdir /public
[root@system1 ~]# vim /etc/exports
/public 192.168.122.0/24(ro)
[root@system1 ~]# systemctl restart nfs
[root@system1 ~]# LANG=C firewall-config &
(Runtime)Rich Rule->Element:service->nfs->Action->source:192.168.122.0/24
Permanent ->Rich Rule->Element:service->nfs->Action->source:192.168.122.0/24
[root@system2 ~]# showmount -e system1.rhce.cc
[root@system1 ~]# systemctl restart nfs
[root@system1 ~]# systemctl is-active rpcbind
[root@system1 ~]# firewall-cmd --add-service=rpc-bind
[root@system1 ~]# firewall-cmd --add-service=rpc-bind --permanent
[root@system1 ~]# firewall-cmd --add-service=mountd
[root@system1 ~]# firewall-cmd --add-service=mountd --permanent
[root@system2 ~]# showmount -e system1.rhce.cc
[root@system1 ~]# mkdir /protected
[root@system1 ~]# wget http://host.rhce.cc/materials/nfs_server.keytab -O /etc/krb5.keytab
[root@system1 ~]# vim /etc/exports
/protected *(rw,sec=krb5p)
[root@system1 ~]# vim /etc/sysconfig/nfs
RPCNFSDARGS="-V 4.2"
[root@system1 ~]# systemctl restart nfs-secure-server
[root@system1 ~]# systemctl enable nfs-secure-server
[root@system1 ~]# systemctl restart nfs
[root@system1 ~]# exportfs -avr
exporting 192.168.122.0/24:/public
exporting *:/protected
[root@system1 ~]# mkdir /protected/confidential
[root@system1 ~]# chown ldapuser11 /protected/confidential/
[root@system1 ~]# ls -ld /protected/confidential/
[root@system1 ~]# systemctl restart nfs-secure-server
[root@system1 ~]# systemctl restart nfs
11.(有问题)
[root@system2 ~]# mkdir /mnt/nfsmount
[root@system2 ~]# vim /etc/fstab
system1.rhce.cc:/public /mnt/nfsmount nfs defaults 0 0
[root@system2 ~]# mount -a
[root@system1 ~]# chcon -R -t public_content_t /protected/
[root@system1 ~]# systemctl restart nfs-secure-server
[root@system1 ~]# systemctl restart nfs
[root@system2 ~]# showmount -e system1.rhce.cc
[root@system2 ~]# mkdir /mnt/nfssecure
[root@system2 ~]# wget http://host.rhce.cc/materials/nfs_client.keytab -O /etc/krb5.keytab
[root@system2 ~]# systemctl start nfs-secure
[root@system2 ~]# systemctl enable nfs-secure
[root@system1 ~]# systemctl restart nfs
[root@system1 ~]# systemctl enable nfs-secure-server
[root@system2 ~]# vim /etc/fstab
system1.rhce.cc:/protected /mnt/nfssecure nfs defaults,v4.2,sec=krb5p 0 0
[root@system2 ~]# mount -a (有问题)
[root@system2 nfssecure]# mkdir configential
[root@system1 ~]# ssh ldapuser11@system2.rhce.cc
-bash-4.2$ pwd
/mnt/nfssecure/confidential
-bash-4.2$ touch test1
[root@system2 nfssecure]# setfacl -m u:ldapuser11:rwx confidential
[root@system2 nfssecure]# getfacl confidential/
12.
[root@system1 ~]# yum -y groupinstall web*
[root@system1 ~]# vim /etc/httpd/conf/httpd.conf
ServerName system1.rhce.cc:80
[root@system1 ~]# wget http://rhgls.rhce.cc/materials/station.html -O /var/www/html/index.html
[root@system1 ~]# LANG=C firewall-config &
(Runtime)Rich Rule->Element:service->http->Action->source:192.168.122.0/24
Permanent ->Rich Rule->Element:service->http->Action->source:192.168.122.0/24
[root@system1 ~]# systemctl restart httpd
[root@system1 ~]# systemctl enable httpd
[root@server ~]# firefox system1.rhce.cc & (需要配置dns)
13.
[root@system1 ~]# cd /etc/httpd/conf.d/
[root@system1 conf.d]# cp /usr/share/doc/httpd-2.4.6/httpd-vhosts.conf vhost.conf
[root@system1 conf.d]# vim vhost.conf
<VirtualHost system1.rhce.cc:443>
DocumentRoot /var/www/html
ServerName system1.rhce.cc
SSLEngine on
SSLCertificateFile /etc/httpd/conf.d/system1.crt
SSLCertificateKeyFile /etc/httpd/conf.d/system1.key
SSLCertificateChainFile /etc/httpd/conf.d/domain11.crt
</VirtualHost>
<VirtualHost *:80>
DocumentRoot /var/www/html
ServerName system1.rhce.cc
</VirtualHost>
[root@system1 ~]# cd /etc/httpd/conf.d/
[root@system1 conf.d]# vim ssl.conf
SSLEngine off
[root@system1 conf.d]# wget http://host.rhce.cc/materials/system1.crt(需要修改host里面的权限)
[root@system1 conf.d]# wget http://host.rhce.cc/materials/system1.key
[root@system1 conf.d]# wget http://host.rhce.cc/materials/domain11.crt
[root@system1 conf.d]# systemctl restart httpd
[root@system1 conf.d]# LANG=C firewall-config &
(Runtime)Rich Rule->Element:service->https->Action->source:192.168.122.0/24
Permanent ->Rich Rule->Element:service->https->Action->source:192.168.122.0/24
[root@server ~]# firefox system1.rhce.cc &
https://system1.rhce.cc/
14.
[root@system1 conf.d]# vim vhost.conf
<VirtualHost *:80>
DocumentRoot /var/www/virtual
ServerName www.rhce.cc
</VirtualHost>
[root@system1 conf.d]# mkdir /var/www/virtual
[root@system1 conf.d]# wget http://rhgls.rhce.cc/materials/www.html -O /var/www/virtual/index.html
[root@system1 conf.d]# restorecon -R /var/www/virtual/
[root@system1 conf.d]# ls -ldZ /var/www/virtual/
drwxr-xr-x. root root unconfined_u:object_r:httpd_sys_content_t:s0 /var/www/virtual/
[root@system1 conf.d]# vim vhost.conf
<Directory "/var/www/virtual">
Options Indexes FollowSymLinks
AllowOverride None
Require all granted
</Directory>
[root@system1 conf.d]# systemctl restart httpd
[root@system1 conf.d]# id andy
[root@system1 conf.d]# setfacl -m u:andy:rwx /var/www/virtual/
[root@server ~]# firefox system1.rhce.cc &
http://www.rhce.cc/
15.
[root@system1 conf.d]# mkdir /var/www/virtual/secret
[root@system1 conf.d]# mkdir /var/www/html/secret
[root@system1 conf.d]# wget http://rhgls.rhce.cc/materials/private.html -O /var/www/html/secret/index.html
[root@system1 conf.d]# vim vhost.conf
<Directory "/var/www/virtual/secret">
Options Indexes FollowSymLinks
AllowOverride None
Require local
</Directory>
<Directory "/var/www/html/secret">
Options Indexes FollowSymLinks
AllowOverride None
Require local
</Directory>
[root@system1 conf.d]# systemctl restart httpd
server上测试
http://www.rhce.cc/secret
[root@system1 conf.d]# yum -y install firefox.x86_64
[root@system1 ~]# firefox www.rhce.cc/secret &
http://system1.rhce.cc/
system1.rhce.cc/
http://www.rhce.cc/
16.
[root@system1 conf]# vim httpd.conf
Listen 8998
[root@system1 conf]# yum whatprovides */semanage
[root@system1 conf]# yum -y install policycoreutils-python-2.2.5-11.el7.x86_64
[root@system1 conf]# semanage port -l | grep '\b80\b'
[root@system1 conf]# semanage port -l | grep '\b8998\b'
[root@system1 conf]# semanage port -a -t http_port_t -p tcp 8998
[root@system1 html]# wget http://rhgls.rhce.cc/materials/webapp.wsgi
[root@system1 html]# yum install mod_wsgi -y
[root@system1 html]# vim /etc/httpd/conf.d/vhost.conf
<VirtualHost *:8998>
ServerName dynamic.rhce.cc
WSGIScriptAlias / /var/www/html/webapp.wsgi
[root@system1 html]# systemctl restart httpd
http://dynamic.rhce.cc:8998/
[root@system1 html]# LANG=C firewall-config &
(Runtime)Rich Rule->Element:port->8098->Action->source:192.168.122.0/24
Permanent ->Rich Rule->Element:port->8098->Action->source:192.168.122.0/24
17.
[root@system1 ~]# vim script
#!/bin/bash
case $1 in
foo)
echo bar
;;
bar)
echo foo
;;
*)
echo '/root/script foo|bar'
;;
esac
[root@system1 ~]# chmod +x script
[root@system1 ~]# /root/script foo
bar
[root@system1 ~]# /root/script bar
foo
[root@system1 ~]# /root/script xxx
/root/script foo|bar
[root@system1 ~]# /root/script
/root/script foo|bar
[root@system1 ~]#
18.
[root@system1 ~]# vim mkusers
#!/bin/bash
if [ $# -eq 0 ]; then
echo 'Usage: /root/mkusers'
exit 1
fi
if [ ! -e $1 ]; then
echo 'Input file not found'
fi
while read xx
do
useradd -s /bin/false $xx
done < $1
[root@system1 ~]# chmod +x mkusers
[root@system1 ~]# wget http://rhgls.rhce.cc/materials/userlist
[root@system1 ~]# ./mkusers
[root@system1 ~]# ./mkusers userlist
19.
[root@system1 ~]# yum -y install target*
[root@system1 ~]# fdisk /dev/vda
n->p> ->+3G->w
[root@system1 ~]# partprobe /dev/vda
[root@system1 ~]# systemctl start targetd
[root@system1 ~]# systemctl enable targetd
[root@system1 ~]# targetcli
/> /backstores/block create iscsi_vol /dev/vda4
/> /iscsi create iqn.2015-09.com.example.domain11:system1
/iscsi/iqn.20...:system1/tpg1> acls/ create iqn.2015-09.com.example.domain11:xx
/iscsi/iqn.20...:system1/tpg1> luns/ create /backstores/block/iscsi_vol
/iscsi/iqn.20...:system1/tpg1> portals/ create 192.168.122.100 3260
[root@system1 html]# LANG=C firewall-config &
(Runtime)Rich Rule->Element:port->3260->Action->source:192.168.122.200/24
Permanent ->Rich Rule->Element:port->3260->Action->source:192.168.122.200/24
20.
[root@system2 ~]# yum -y install iscsi*
[root@system2 ~]# vim /etc/iscsi/initiatorname.iscsi
InitiatorName=iqn.2014-09.com.example.domain11:xx:
[root@system2 ~]# systemctl start iscsi
[root@system2 ~]# systemctl enable iscsi
[root@system2 ~]# iscsiadm -m discovery -t st -p system1.rhce.cc -l
[root@system2 ~]# cat /proc/partitions
[root@system2 ~]# fdisk /dev/sda
1700M
[root@system2 ~]# mkfs.xfs /dev/sda1
[root@system2 ~]# mkdir /mnt/data
[root@system2 ~]# vim /etc/fstab
/dev/sda1 /mnt/data xfs defaults,_netdev 0 0
[root@system2 ~]# mount -a
21.
[root@system1 ~]# yum -y install mariadb-server mariadb
[root@system1 ~]# systemctl start mariadb
[root@system1 ~]# systemctl enable mariadb
[root@system1 ~]# wget http://rhgls.rhce.cc/materials/users.mdb
[root@system1 ~]# mysql
MariaDB [(none)]> create database Contacts;
MariaDB [Contacts]> source /root/users.mdb;
MariaDB [Contacts]> grant select on Contacts.* to Luigi@'localhost' identified by 'redhat';
MariaDB [Contacts]> set password=password('redhat');
[root@system1 ~]# mysql -uroot -predhat
22.
[root@system1 ~]# mysql -uroot -predhat
MariaDB [(none)]> use Contacts;
MariaDB [Contacts]> desc loc;
MariaDB [Contacts]> desc name;
MariaDB [Contacts]> desc pass;
MariaDB [Contacts]> select * from name join pass where name.aid=pass.bid and password='tangerine';
MariaDB [Contacts]> select * from name join loc where name.aid=loc.cid and firstname='John' and loction='Santa Clara';
MariaDB [Contacts]> select count(*) from name join loc where name.aid=loc.cid and firstname='John' and loction='Santa Clara';
1人
