2020年RHCE7红帽系统工程师认证考试模拟题详解-RHCE部分
时长:3:30 总分:300 通过:210
20道题 题库中22道题
1)考前准备:
考试机器: IP地址信息已配好,主机名也已配好, root的密码会给定,开机进桌面环境
下午两台虚拟机: system1.domain2.example.com:服务器 ,system2.domain2.example.com:客户端
-
- 考前说明:
example.com : 网段 172.25.0.0/24
my133t.org: 网段 172.17.10.0/24
练习环境:
Server0: 服务器端
Desktop0:客户端
1.配置 SeLinux
在server0和desktop0上要求SeLinux的状态
为enforcing。 要求系统重启后依然生效。
[[email protected] Desktop]# cat /etc/sysconfig/selinux
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
SELINUX=permissive
# SELINUXTYPE= can take one of these two values:
# targeted - Targeted processes are protected,
# minimum - Modification of targeted policy. Only selected processes are protected.
# mls - Multi Level Security protection.
SELINUXTYPE=targeted
[[email protected] Desktop]# vim /etc/sysconfig/selinux
[[email protected] Desktop]# cat /etc/sysconfig/selinux
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
SELINUX=enforcing
# SELINUXTYPE= can take one of these two values:
# targeted - Targeted processes are protected,
# minimum - Modification of targeted policy. Only selected processes are protected.
# mls - Multi Level Security protection.
SELINUXTYPE=targeted
[[email protected] Desktop]# reboot
[[email protected] Desktop]# vim /etc/sysconfig/selinux
[[email protected] Desktop]# cat /etc/sysconfig/selinux
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
SELINUX=enforcing
# SELINUXTYPE= can take one of these two values:
# targeted - Targeted processes are protected,
# minimum - Modification of targeted policy. Only selected processes are protected.
# mls - Multi Level Security protection.
SELINUXTYPE=targeted
[[email protected] Desktop]# reboot
2.
配置防火墙对 SSH 的限制
在server0和desktop0上设置防火墙,对SSH实现访问限制:
允许example.com域的客户对server0和desktop0进行ssh访问。
禁止my133t.org域的客户对server0和desktop0进行ssh访问。
备注:my133t.org是在172.17.10.0/24网络。(根据考试实际提供的网段配置)
演示 只配置server0, 考试配置完,在server0,desktop0都要配置
在线视频观看地址:https://edu.51cto.com/sd/ceb6f
3.
配置 IPv6 地址
在你的考试系统上配置接口eth0使用以下IPv6地址:
server0 上的地址应该是fddb:fe2a:ab1e::c0a8:1/64 (根据考试实际提供的
地址配置)
desktop0 上的地址应该是fddb:fe2a:ab1e::c0a8:2/64
两个系统必须能够与网络fddb:fe2a:ab1e/64内的系统通信。
地址必须在重启后依旧生效。
两个系统必须保持当前的IPv4地址并能通信
[[email protected] Desktop]#
[[email protected] Desktop]# nmcli connection show
NAME UUID TYPE DEVICE
eth0 5fb06bd0-0bb0-7ffb-45f1-d6edd65f3e03 802-3-ethernet eth0
[[email protected] Desktop]# nmcli connection modify eth0 ipv6.addresses fddb:fe2a:ab1e::c0a8:1/64 ipv6.method manual
[[email protected] Desktop]#
[[email protected] Desktop]#
[[email protected] Desktop]#
[[email protected] Desktop]# nmcli connection up eth0
Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/1)
[[email protected] Desktop]# ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.25.0.11 netmask 255.255.255.0 broadcast 172.25.0.255
inet6 fddb:fe2a:ab1e::c0a8:1 prefixlen 64 scopeid 0x0<global>
inet6 fe80::5054:ff:fe00:b prefixlen 64 scopeid 0x20<link>
ether 52:54:00:00:00:0b txqueuelen 1000 (Ethernet)
RX packets 440 bytes 63933 (62.4 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 383 bytes 41007 (40.0 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
eth1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
ether aa:d5:38:3d:e5:e4 txqueuelen 1000 (Ethernet)
RX packets 12 bytes 928 (928.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
eth2: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
ether 86:11:12:f8:bf:bf txqueuelen 1000 (Ethernet)
RX packets 12 bytes 928 (928.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 0 (Local Loopback)
RX packets 20 bytes 1816 (1.7 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 20 bytes 1816 (1.7 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
[[email protected] Desktop]#
[[email protected] Desktop]# nmcli connection show
NAME UUID TYPE DEVICE
eth0 5fb06bd0-0bb0-7ffb-45f1-d6edd65f3e03 802-3-ethernet eth0
[[email protected] Desktop]# nmcli connection modify eth0 ipv6.addresses fddb:fe2a:ab1e::c0a8:2/64 ipv6.method manual
[[email protected] Desktop]# nmcli connection up eth0
Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/1)
[[email protected] Desktop]# ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.25.0.10 netmask 255.255.255.0 broadcast 172.25.0.255
inet6 fddb:fe2a:ab1e::c0a8:2 prefixlen 64 scopeid 0x0<global>
inet6 fe80::5054:ff:fe00:a prefixlen 64 scopeid 0x20<link>
ether 52:54:00:00:00:0a txqueuelen 1000 (Ethernet)
RX packets 441 bytes 63817 (62.3 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 387 bytes 42442 (41.4 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
eth1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
ether be:5c:fb:90:76:db txqueuelen 1000 (Ethernet)
RX packets 13 bytes 1018 (1018.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
eth2: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
ether d6:bd:fb:f3:4f:c9 txqueuelen 1000 (Ethernet)
RX packets 13 bytes 1018 (1018.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 0 (Local Loopback)
RX packets 20 bytes 1816 (1.7 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 20 bytes 1816 (1.7 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
[[email protected] Desktop]#
测试连通性:
[[email protected] Desktop]# ping6 fddb:fe2a:ab1e::c0a8:2
PING fddb:fe2a:ab1e::c0a8:2(fddb:fe2a:ab1e::c0a8:2) 56 data bytes
64 bytes from fddb:fe2a:ab1e::c0a8:2: icmp_seq=1 ttl=64 time=0.658 ms
64 bytes from fddb:fe2a:ab1e::c0a8:2: icmp_seq=2 ttl=64 time=0.770 ms
64 bytes from fddb:fe2a:ab1e::c0a8:2: icmp_seq=3 ttl=64 time=0.383 ms
64 bytes from fddb:fe2a:ab1e::c0a8:2: icmp_seq=4 ttl=64 time=0.354 ms
^C
--- fddb:fe2a:ab1e::c0a8:2 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3004ms
rtt min/avg/max/mdev = 0.354/0.541/0.770/0.178 ms
[[email protected] Desktop]#
[[email protected] Desktop]# ping 172.25.0.10
PING 172.25.0.10 (172.25.0.10) 56(84) bytes of data.
64 bytes from 172.25.0.10: icmp_seq=1 ttl=64 time=1.81 ms
64 bytes from 172.25.0.10: icmp_seq=2 ttl=64 time=0.437 ms
64 bytes from 172.25.0.10: icmp_seq=3 ttl=64 time=0.354 ms
64 bytes from 172.25.0.10: icmp_seq=4 ttl=64 time=0.532 ms
^C
--- 172.25.0.10 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3002ms
rtt min/avg/max/mdev = 0.354/0.784/1.815/0.598 ms
[[email protected] Desktop]#
4.
配置链路聚合
在server0和desktop0之间按一下要求配置:
此链路使用接口eth1和eth2
此链路在一个接口失效时仍然能工作
此链路在server0使用下面的地址 192.168.0.101/255.255.255.0
此链路在desktop0使用下面的地址 192.168.0.102/255.255.255.0
此链路在系统重启之后依然保持正常状态(实验中不
能ping能,只要team成功即可。)
[[email protected] Desktop]# ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.25.0.11 netmask 255.255.255.0 broadcast 172.25.0.255
inet6 fddb:fe2a:ab1e::c0a8:1 prefixlen 64 scopeid 0x0<global>
inet6 fe80::5054:ff:fe00:b prefixlen 64 scopeid 0x20<link>
ether 52:54:00:00:00:0b txqueuelen 1000 (Ethernet)
RX packets 545 bytes 81864 (79.9 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 475 bytes 51300 (50.0 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
eth1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
ether aa:d5:38:3d:e5:e4 txqueuelen 1000 (Ethernet)
RX packets 12 bytes 928 (928.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
eth2: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
ether 86:11:12:f8:bf:bf txqueuelen 1000 (Ethernet)
RX packets 12 bytes 928 (928.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 0 (Local Loopback)
RX packets 28 bytes 2656 (2.5 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 28 bytes 2656 (2.5 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
[[email protected] Desktop]#
创建team0设备,指定模式为activebackup:
[[email protected] Desktop]#
[[email protected] Desktop]# nmcli connection add con-name team0 ifname team0 type team config '{"runner":{"name":"activebackup"}}'
Connection 'team0' (53753ba3-9757-4dfb-bae7-bf65fadf6ba8) successfully added.
[[email protected] Desktop]# nmcli connection show
NAME UUID TYPE DEVICE
team0 53753ba3-9757-4dfb-bae7-bf65fadf6ba8 team team0
eth0 5fb06bd0-0bb0-7ffb-45f1-d6edd65f3e03 802-3-ethernet eth0
[[email protected] Desktop]#
将eth1,eth2加入到team0组中:
[[email protected] Desktop]# nmcli connection add con-name eth1 ifname eth1 type team-slave master team0
Connection 'eth1' (f8721231-8360-4801-9d8a-cf7438bd7e0d) successfully added.
[[email protected] Desktop]# nmcli connection add con-name eth2 ifname eth2 type team-slave master team0
Connection 'eth2' (e0c56792-fc65-487d-a96c-15e8eece7f69) successfully added.
[[email protected] Desktop]# nmcli connection show
NAME UUID TYPE DEVICE
eth1 f8721231-8360-4801-9d8a-cf7438bd7e0d 802-3-ethernet eth1
team0 53753ba3-9757-4dfb-bae7-bf65fadf6ba8 team team0
eth0 5fb06bd0-0bb0-7ffb-45f1-d6edd65f3e03 802-3-ethernet eth0
eth2 e0c56792-fc65-487d-a96c-15e8eece7f69 802-3-ethernet eth2
[[email protected] Desktop]#
为team0配置IP地址:
[[email protected] Desktop]# nmcli connection modify team0 ipv4.addresses 192.168.0.101/24
[[email protected] Desktop]# nmcli connection modify team0 ipv4.method manual
[[email protected] Desktop]#
[[email protected] Desktop]#
[[email protected] Desktop]# nmcli connection modify team0 connection.autoconnect yes
[[email protected] Desktop]#
[[email protected] Desktop]#
[[email protected] Desktop]# nmcli connection up team0
Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/6)
[[email protected] Desktop]#
[[email protected] Desktop]# ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.25.0.11 netmask 255.255.255.0 broadcast 172.25.0.255
inet6 fddb:fe2a:ab1e::c0a8:1 prefixlen 64 scopeid 0x0<global>
inet6 fe80::5054:ff:fe00:b prefixlen 64 scopeid 0x20<link>
ether 52:54:00:00:00:0b txqueuelen 1000 (Ethernet)
RX packets 579 bytes 85352 (83.3 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 486 bytes 52152 (50.9 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
eth1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
ether 86:11:12:f8:bf:bf txqueuelen 1000 (Ethernet)
RX packets 41 bytes 4664 (4.5 KiB)
RX errors 0 dropped 24 overruns 0 frame 0
TX packets 14 bytes 2420 (2.3 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
eth2: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
ether 86:11:12:f8:bf:bf txqueuelen 1000 (Ethernet)
RX packets 26 bytes 3348 (3.2 KiB)
RX errors 0 dropped 3 overruns 0 frame 0
TX packets 29 bytes 3736 (3.6 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 0 (Local Loopback)
RX packets 28 bytes 2656 (2.5 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 28 bytes 2656 (2.5 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
team0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.0.101 netmask 255.255.255.0 broadcast 192.168.0.255
inet6 fe80::8411:12ff:fef8:bfbf prefixlen 64 scopeid 0x20<link>
ether 86:11:12:f8:bf:bf txqueuelen 0 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 27 overruns 0 frame 0
TX packets 43 bytes 6156 (6.0 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
[[email protected] Desktop]#
在线视频观看地址:https://edu.51cto.com/sd/ceb6f
5.
自定义用户环境
在系统server0和desktop0上创建自定义命令为qstat ,此自定义命令将执行以下命令:
/bin/ps -Ao pid,tt,user,fname,rsz
此命令对系统中的所有用户有效
[[email protected] Desktop]#
[[email protected] Desktop]# alias qstat='/bin/ps -Ao pid,tt,user,fname,rsz'
[[email protected] Desktop]# qstat
PID TT USER COMMAND RSZ
1 ? root systemd 6664
2 ? root kthreadd 0
3 ? root ksoftirq 0
5 ? root kworker/ 0
7 ? root migratio 0
8 ? root rcu_bh 0
[[email protected] Desktop]# vim /etc/profile
[[email protected] Desktop]# tail -n 3 /etc/profile
unset i
unset -f pathmunge
alias qstat='/bin/ps -Ao pid,tt,user,fname,rsz'
[[email protected] Desktop]#
[[email protected] Desktop]# vim /etc/bashrc
[[email protected] Desktop]# tail -n 2 /etc/bashrc
# vim:ts=4:sw=4
alias qstat='/bin/ps -Ao pid,tt,user,fname,rsz'
[[email protected] Desktop]#
6.
配置本地邮件服务
在系统server0和desktop0上配置邮件服务,满足以下要求:
这些系统不接收外部发送来的邮件
这些系统上本地发送的任何邮件都会自动路由到 classroom.example.com
从这些系统上发送的邮件都显示来自 example.com
你可以通过发送邮件到本地用户student来测试你的配置,[email protected]
classroom.example.com 已经配置好。把此用户的邮件转到下列URL
http://classroom.example.com/cgi-bin/recevied_mail
[[email protected] Desktop]#
[[email protected] Desktop]# yum -y install postfix
Loaded plugins: langpacks
Package 2:postfix-2.10.1-6.el7.x86_64 already installed and latest version
Nothing to do
[[email protected] Desktop]#
配置:
[[email protected] Desktop]# cat /etc/postfix/main.cf |grep -v ^# |grep -v ^$
queue_directory = /var/spool/postfix
command_directory = /usr/sbin
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
mail_owner = postfix
myhostname = server0.example.com #
mydomain = example.com #
myorigin = $mydomain #
inet_interfaces = loopback-only #
inet_protocols = all
mydestination = #
unknown_local_recipient_reject_code = 550
mynetworks_style = subnet #
mynetworks = 127.0.0.0/8 #
relayhost = [classroom.example.com] #
local_transport=error: transport is disable #
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
debug_peer_level = 2
debugger_command =
PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
ddd $daemon_directory/$process_name $process_id & sleep 5
sendmail_path = /usr/sbin/sendmail.postfix
newaliases_path = /usr/bin/newaliases.postfix
mailq_path = /usr/bin/mailq.postfix
setgid_group = postdrop
html_directory = no
manpage_directory = /usr/share/man
sample_directory = /usr/share/doc/postfix-2.10.1/samples
readme_directory = /usr/share/doc/postfix-2.10.1/README_FILES
[[email protected] Desktop]#
[[email protected] Desktop]# systemctl restart postfix.service
[[email protected] Desktop]# systemctl enable postfix
[[email protected] Desktop]#
测试:
[[email protected] Desktop]# mail -s test [email protected] < /etc/hosts
7.
配置端口转发
在server0上配置端口转发,要求如下:
在172.25.0.0/24网络中的系统,访问server0的本地端口5423将被转发到端口
80
此设置必须永久有效。
再添加一个:udp
重载防火墙配置:
在线视频观看地址:https://edu.51cto.com/sd/ceb6f
8.
通过 SMB 共享目录
在server0上配置SMB服务
您的SMB服务器必须是STAFF工作组的一个成员
共享/common目录,共享名必须为common
只有 example.com 域内的客户端可以访问common共享
Common必须是可以浏览的
用户rob,samba密码为redhat , 只读权限访问common共享。
用户brian,samba密码为redhat ,读写权限访问common共享。
备注: 考试的时候,用户和密码请根据题目实际情况进行设定,有的时候,
题目简单一些,测试用户早已建立,有的时候,题目较难一些,用户和密码都必须自
己设定。
[[email protected] Desktop]# yum -y install samba samba-client cifs-utils
[[email protected] Desktop]#
[[email protected] Desktop]# systemctl enable smb
ln -s '/usr/lib/systemd/system/smb.service' '/etc/systemd/system/multi-user.target.wants/smb.service'
[[email protected] Desktop]# systemctl enable nmb
ln -s '/usr/lib/systemd/system/nmb.service' '/etc/systemd/system/multi-user.target.wants/nmb.service'
[[email protected] Desktop]#
[[email protected] Desktop]#
[[email protected] Desktop]#
[[email protected] Desktop]# firewall-cmd --add-service=samba --permanent
success
[[email protected] Desktop]# firewall-cmd --reload
success
[[email protected] Desktop]#
[[email protected] /]#
[[email protected] /]# mkdir /common
[[email protected] /]#
[[email protected] /]# ls -l /
total 32
lrwxrwxrwx. 1 root root 7 May 7 2014 bin -> usr/bin
dr-xr-xr-x. 4 root root 4096 Jul 11 2014 boot
drwxr-xr-x. 2 root root 6 Mar 7 15:08 common
drwxr-xr-x. 19 root root 3060 Mar 7 14:15 dev
drwxr-xr-x. 135 root root 8192 Mar 7 15:06 etc
drwxr-xr-x. 3 root root 20 Jul 11 2014 home
lrwxrwxrwx. 1 root root 7 May 7 2014 lib -> usr/lib
lrwxrwxrwx. 1 root root 9 May 7 2014 lib64 -> usr/lib64
drwxr-xr-x. 2 root root 6 Mar 13 2014 media
drwxr-xr-x. 2 root root 6 Mar 13 2014 mnt
drwxr-xr-x. 3 root root 15 Jul 11 2014 opt
dr-xr-xr-x. 494 root root 0 Mar 7 2020 proc
dr-xr-x---. 17 root root 4096 Mar 7 14:58 root
drwxr-xr-x. 38 root root 1260 Mar 7 15:06 run
lrwxrwxrwx. 1 root root 8 May 7 2014 sbin -> usr/sbin
drwxr-xr-x. 2 root root 6 Mar 13 2014 srv
dr-xr-xr-x. 13 root root 0 Mar 7 2020 sys
drwxrwxrwt. 13 root root 4096 Mar 7 15:06 tmp
drwxr-xr-x. 13 root root 4096 May 7 2014 usr
drwxr-xr-x. 22 root root 4096 Mar 7 2020 var
[[email protected] /]# ls -Zd -l /
drwxr-xr-x. 18 system_u:object_r:root_t:s0 root root 4096 Mar 7 15:08 /
[[email protected] /]# ls -Zd -l /common
drwxr-xr-x. 2 unconfined_u:object_r:default_t:s0 root root 6 Mar 7 15:08 /common
[[email protected] /]#
[[email protected] /]# semanage fcontext -a -t samba_share_t '/common(/.*)?'
Full path required for exclude: net:[4026532574].
Full path required for exclude: net:[4026532574].
[[email protected] /]# semanage fcontext -l |grep common
/common(/.*)? all files system_u:object_r:samba_share_t:s0
/dev/nfast(/.*)? all files system_u:object_r:pki_common_dev_t:s0
/etc/rc\.d/init\.d/x11-common regular file system_u:object_r:xdm_exec_t:s0
/opt/nfast(/.*)? all files system_u:object_r:pki_common_t:s0
/usr/lib/emacsen-common/.* all files system_u:object_r:bin_t:s0
/usr/lib/libkmplayercommon\.so.* regular file system_u:object_r:textrel_shlib_t:s0
/usr/share/gitolite/hooks/common/update regular file system_u:object_r:bin_t:s0
[[email protected] /]#
[[email protected] /]# restorecon -Rvv /common
Full path required for exclude: net:[4026532574].
Full path required for exclude: net:[4026532574].
restorecon reset /common context unconfined_u:object_r:default_t:s0->unconfined_u:object_r:samba_share_t:s0
[[email protected] /]#
[[email protected] /]#
[[email protected] /]# ls -Zd /common
drwxr-xr-x. root root unconfined_u:object_r:samba_share_t:s0 /common
[[email protected] /]#
[[email protected] /]# useradd rob
[[email protected] /]# useradd brian
[[email protected] /]#
[[email protected] /]#
[[email protected] /]# setfacl -m u:brian:rwx /common
[[email protected] /]# setfacl -m u:rob:r-x /common
[[email protected] /]#
[[email protected] /]#
[[email protected] /]# getfacl /common
getfacl: Removing leading '/' from absolute path names
# file: common
# owner: root
# group: root
user::rwx
user:rob:r-x
user:brian:rwx
group::r-x
mask::rwx
other::r-x
[[email protected] /]#
创建samba用户:密码都为redhat
[[email protected] /]# smbpasswd -a brian
New SMB password:
Retype new SMB password:
Added user brian.
[[email protected] /]# smbpasswd -a rob
New SMB password:
Retype new SMB password:
Added user rob.
[[email protected] /]#
[[email protected] /]#
[[email protected] /]#
[[email protected] /]# cat /etc/samba/smb.conf |grep -v ^# |grep -v ^$ | grep -v ^\;
[global]
workgroup = STAFF
server string = Samba Server Version %v
interfaces = lo eth0 172.25.0.11/24
# log files split per-machine:
log file = /var/log/samba/log.%m
# maximum size of 50KB per log file, then rotate:
max log size = 50
security = user
passdb backend = tdbsam
# the following login script name is determined by the machine name
# (%m):
# the following login script name is determined by the UNIX user used:
# use an empty path to disable profile support:
# various scripts can be used on a domain controller or a stand-alone
# machine to add or delete corresponding UNIX accounts:
load printers = yes
cups options = raw
# obtain a list of printers automatically on UNIX System V systems:
[homes]
comment = Home Directories
browseable = no
writable = yes
[printers]
comment = All Printers
path = /var/spool/samba
browseable = no
guest ok = no
writable = no
printable = yes
[common]
comment=this is common share
path=/common
browseable = yes
hosts allow=172.25.0.0/24
writable = yes
[[email protected] /]#
[[email protected] /]# systemctl restart smb
[[email protected] /]# systemctl restart nmb
测试:
[[email protected] /]# smbclient -L //172.25.0.11
Enter root's password: #直接回车
Anonymous login successful
Domain=[STAFF] OS=[Unix] Server=[Samba 4.1.1]
Sharename Type Comment
--------- ---- -------
common Disk this is common share
IPC$ IPC IPC Service (Samba Server Version 4.1.1)
Anonymous login successful
Domain=[STAFF] OS=[Unix] Server=[Samba 4.1.1]
Server Comment
--------- -------
SERVER0 Samba Server Version 4.1.1
Workgroup Master
--------- -------
STAFF
[[email protected] /]#
在线视频观看地址:https://edu.51cto.com/sd/ceb6f
9.
配置多用户 SMB 挂载
在desktop0上完成以下要求的配置:
desktop0把server0的common共享通过多用户的方式挂载到本地的
/mnt/multiuser (实际的共享和挂载点请根据考试题目设定)
用户rob,samba密码为redhat , 只读权限访问common共享。
用户brian,samba密码为redhat ,读写权限访问common共享。
该共享要求在系统启动时自动挂载。
[[email protected] Desktop]# yum -y install samba-client cifs-utils
[[email protected] Desktop]# mkdir /mnt/multiuser
[[email protected] Desktop]#
[[email protected] Desktop]# vim /etc/fstab
[[email protected] Desktop]# cat /etc/fstab
#
# /etc/fstab
# Created by anaconda on Wed May 7 01:22:57 2014
#
# Accessible filesystems, by reference, are maintained under '/dev/disk'
# See man pages fstab(5), findfs(8), mount(8) and/or blkid(8) for more info
#
UUID=9bf6b9f7-92ad-441b-848e-0257cbb883d1 / xfs defaults 1 1
//172.25.0.11/common /mnt/multiuser cifs defaults,_netdev,username=brian,password=redhat,multiuser,sec=ntlmssp 0 0
[[email protected] Desktop]# mount -a
[[email protected] Desktop]#
[[email protected] Desktop]#
[[email protected] Desktop]# df -hT
Filesystem Type Size Used Avail Use% Mounted on
/dev/sda1 xfs 10G 3.1G 7.0G 31% /
devtmpfs devtmpfs 1.9G 0 1.9G 0% /dev
tmpfs tmpfs 1.9G 140K 1.9G 1% /dev/shm
tmpfs tmpfs 1.9G 17M 1.9G 1% /run
tmpfs tmpfs 1.9G 0 1.9G 0% /sys/fs/cgroup
tmpfs tmpfs 1.9G 17M 1.9G 1% /run/netns
//172.25.0.11/common cifs 10G 3.1G 7.0G 31% /mnt/multiuser
[[email protected] Desktop]#
10.
配置 NFS 服务
在server0配置NFS服务,要求如下:
以只读的形式共享目录/public同时只能被example.com域中的系统访问。
以读写的形式共享目录/protected同时只能被example.com域中的系统访问。
访问/protected需要通过Kerberos安全加密,您可以使用下面提供的**:
http://classroom.example.com/pub/keytabs/server0.keytab
目录/protected应该包含名为project拥有人为ldapuser0的子目录
用户ldapuser0能以读写形式访问/protected/project
修改nfs服务器的运行版本:
[[email protected] /]# vim /etc/sysconfig/nfs
[[email protected] /]# cat /etc/sysconfig/nfs |grep ARGS
RPCNFSDARGS="-V 4.2"
RPCIDMAPDARGS=""
RPCGSSDARGS=""
RPCSVCGSSDARGS=""
BLKMAPDARGS=""
[[email protected] /]#
重启:nfs-server
[[email protected] /]# systemctl restart nfs-server
[[email protected] /]# yum -y install nfs-utils
Loaded plugins: langpacks
Package 1:nfs-utils-1.3.0-0.el7.x86_64 already installed and latest version
Nothing to do
[[email protected] /]#
[[email protected] /]#
[[email protected] /]# yum -y install nfs-utils
Loaded plugins: langpacks
Package 1:nfs-utils-1.3.0-0.el7.x86_64 already installed and latest version
Nothing to do
[[email protected] /]# mkdir /public
[[email protected] /]# mkdir /protected
[[email protected] /]#
[[email protected] /]#
[[email protected] /]# cd /
[[email protected] /]# ls -l
total 36
lrwxrwxrwx. 1 root root 7 May 7 2014 bin -> usr/bin
dr-xr-xr-x. 4 root root 4096 Jul 11 2014 boot
drwxrwxr-x+ 2 root root 6 Mar 7 15:08 common
drwxr-xr-x. 19 root root 3060 Mar 7 14:15 dev
drwxr-xr-x. 135 root root 8192 Mar 7 15:15 etc
drwxr-xr-x. 5 root root 42 Mar 7 15:15 home
lrwxrwxrwx. 1 root root 7 May 7 2014 lib -> usr/lib
lrwxrwxrwx. 1 root root 9 May 7 2014 lib64 -> usr/lib64
drwxr-xr-x. 2 root root 6 Mar 13 2014 media
drwxr-xr-x. 2 root root 6 Mar 13 2014 mnt
drwxr-xr-x. 3 root root 15 Jul 11 2014 opt
dr-xr-xr-x. 497 root root 0 Mar 7 2020 proc
drwxr-xr-x. 2 root root 6 Mar 7 15:34 protected
drwxr-xr-x. 2 root root 6 Mar 7 15:34 public
dr-xr-x---. 17 root root 4096 Mar 7 15:23 root
drwxr-xr-x. 38 root root 1300 Mar 7 15:33 run
lrwxrwxrwx. 1 root root 8 May 7 2014 sbin -> usr/sbin
drwxr-xr-x. 2 root root 6 Mar 13 2014 srv
dr-xr-xr-x. 13 root root 0 Mar 7 2020 sys
drwxrwxrwt. 13 root root 4096 Mar 7 15:23 tmp
drwxr-xr-x. 13 root root 4096 May 7 2014 usr
drwxr-xr-x. 22 root root 4096 Mar 7 2020 var
[[email protected] /]#
上下文:
[[email protected] /]# semanage fcontext -a -t public_content_t '/public(/.*)?'
Full path required for exclude: net:[4026532574].
Full path required for exclude: net:[4026532574].
[[email protected] /]# semanage fcontext -a -t public_content_rw_t '/protected(/.*)?'
Full path required for exclude: net:[4026532574].
Full path required for exclude: net:[4026532574].
[[email protected] /]#
[[email protected] /]#
[[email protected] /]#
[[email protected] /]# restorecon -Rvv /public/
Full path required for exclude: net:[4026532574].
Full path required for exclude: net:[4026532574].
restorecon reset /public context unconfined_u:object_r:default_t:s0->unconfined_u:object_r:public_content_t:s0
[[email protected] /]# restorecon -Rvv /protected
Full path required for exclude: net:[4026532574].
Full path required for exclude: net:[4026532574].
restorecon reset /protected context unconfined_u:object_r:default_t:s0->unconfined_u:object_r:public_content_rw_t:s0
[[email protected] /]#
在线视频观看地址:https://edu.51cto.com/sd/ceb6f
防火墙:
[[email protected] /]# firewall-cmd --add-service=nfs --permanent
success
[[email protected] /]# firewall-cmd --add-service=rpc-bind --permanent
success
[[email protected] /]# firewall-cmd --add-service=mountd --permanent
success
[[email protected] /]# firewall-cmd --reload
success
[[email protected] /]#
准备kerberos文件:
[[email protected] /]#
[[email protected] /]#
[[email protected] /]# wget -O /etc/krb5.keytab http://classroom.example.com/pub/keytabs/server0.keytab
--2020-03-07 15:40:38-- http://classroom.example.com/pub/keytabs/server0.keytab
Resolving classroom.example.com (classroom.example.com)... 172.25.254.254
Connecting to classroom.example.com (classroom.example.com)|172.25.254.254|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 1242 (1.2K)
Saving to: ‘/etc/krb5.keytab’
100%[======================================>] 1,242 --.-K/s in 0s
2020-03-07 15:40:38 (172 MB/s) - ‘/etc/krb5.keytab’ saved [1242/1242]
[[email protected] /]#
配置共享:
[[email protected] /]#
[[email protected] /]# vim /etc/exports
[[email protected] /]# cat /etc/exports
/public 172.25.0.0/24(ro,sync)
/protected 172.25.0.0/24(rw,sync,sec=krb5p)
[[email protected] /]#
启动服务,开机启动:
[[email protected] /]# systemctl enable nfs-server
ln -s '/usr/lib/systemd/system/nfs-server.service' '/etc/systemd/system/nfs.target.wants/nfs-server.service'
[[email protected] /]# systemctl enable nfs-secure-server
ln -s '/usr/lib/systemd/system/nfs-secure-server.service' '/etc/systemd/system/nfs.target.wants/nfs-secure-server.service'
[[email protected] /]#
[[email protected] /]# systemctl restart nfs-server
[[email protected] /]# systemctl restart nfs-secure-server
[[email protected] /]#
[[email protected] /]#
[[email protected] /]# systemctl status nfs-server
nfs-server.service - NFS Server
Loaded: loaded (/usr/lib/systemd/system/nfs-server.service; disabled)
Active: active (exited) since Sat 2020-03-07 15:42:20 CST; 18s ago
Process: 37201 ExecStart=/usr/sbin/rpc.nfsd $RPCNFSDARGS $RPCNFSDCOUNT (code=exited, status=0/SUCCESS)
Process: 37196 ExecStartPre=/usr/sbin/exportfs -r (code=exited, status=0/SUCCESS)
Process: 37195 ExecStartPre=/usr/libexec/nfs-utils/scripts/nfs-server.preconfig (code=exited, status=0/SUCCESS)
Main PID: 37201 (code=exited, status=0/SUCCESS)
CGroup: /system.slice/nfs-server.service
Mar 07 15:42:20 server0.example.com systemd[1]: Starting NFS Server...
Mar 07 15:42:20 server0.example.com systemd[1]: Started NFS Server.
[[email protected] /]# systemctl status nfs-secure-server
nfs-secure-server.service - Secure NFS Server
Loaded: loaded (/usr/lib/systemd/system/nfs-secure-server.service; disabled)
Active: active (running) since Sat 2020-03-07 15:42:32 CST; 12s ago
Process: 37245 ExecStart=/usr/sbin/rpc.svcgssd $RPCSVCGSSDARGS (code=exited, status=0/SUCCESS)
Main PID: 37246 (rpc.svcgssd)
CGroup: /system.slice/nfs-secure-server.service
└─37246 /usr/sbin/rpc.svcgssd
Mar 07 15:42:32 server0.example.com systemd[1]: Starting Secure NFS Server...
Mar 07 15:42:32 server0.example.com systemd[1]: Started Secure NFS Server.
[[email protected] /]#
[[email protected] /]# cd /protected/
[[email protected] protected]# mkdir project
[[email protected] protected]# ls
project
[[email protected] protected]# chown ldapuser0 project
[[email protected] protected]# chmod u+rwx project
[[email protected] protected]#
在线视频观看地址:https://edu.51cto.com/sd/ceb6f
11.
挂载一个 NFS 共享
在desktop0上挂载一个来自server0上的NFS共享,并符合下列要求:
/pulbic共享挂载到本地的/mnt/nfsmount。
/protected挂载到本地的/mnt/nfssecure,并使用安全的方式,**下载地址:
http://classroom.example.com/pub/keytabs/desktop0.keytab
用户ldapuser0能够在/mnt/nfssecure/project上创建文件。
这些文件系统在系统启动时自动挂载。
创建两个挂载点:
[[email protected] Desktop]# mkdir /mnt/nfsmount
[[email protected] Desktop]# mkdir /mnt/nfssecure
下载kerberos文件:
[[email protected] Desktop]#
[[email protected] Desktop]# wget -O /etc/krb5.keytab http://classroom.example.com/pub/keytabs/desktop0.keytab
--2020-03-07 15:46:49-- http://classroom.example.com/pub/keytabs/desktop0.keytab
Resolving classroom.example.com (classroom.example.com)... 172.25.254.254
Connecting to classroom.example.com (classroom.example.com)|172.25.254.254|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 1258 (1.2K)
Saving to: ‘/etc/krb5.keytab’
100%[=========================================================================================>] 1,258 --.-K/s in 0s
2020-03-07 15:46:49 (228 MB/s) - ‘/etc/krb5.keytab’ saved [1258/1258]
[[email protected] Desktop]#
启用客户端加密服务,开机启动:
[[email protected] Desktop]# systemctl start nfs-secure
[[email protected] Desktop]#
[[email protected] Desktop]#
[[email protected] Desktop]# systemctl enable nfs-secure
ln -s '/usr/lib/systemd/system/nfs-secure.service' '/etc/systemd/system/nfs.target.wants/nfs-secure.service'
[[email protected] Desktop]#
挂载:
[[email protected] Desktop]# cat /etc/fstab
#
# /etc/fstab
# Created by anaconda on Wed May 7 01:22:57 2014
#
# Accessible filesystems, by reference, are maintained under '/dev/disk'
# See man pages fstab(5), findfs(8), mount(8) and/or blkid(8) for more info
#
UUID=9bf6b9f7-92ad-441b-848e-0257cbb883d1 / xfs defaults 1 1
//172.25.0.11/common /mnt/multiuser cifs defaults,_netdev,username=brian,password=redhat,multiuser,sec=ntlmssp 0 0
172.25.0.11:/public /mnt/nfsmount nfs defaults,_netdev 0 0
172.25.0.11:/protected /mnt/nfssecure nfs defaults,_netdev,sec=krb5p 0 0
[[email protected] Desktop]# mount -a
[[email protected] Desktop]# df -hT
Filesystem Type Size Used Avail Use% Mounted on
/dev/sda1 xfs 10G 3.1G 7.0G 31% /
devtmpfs devtmpfs 1.9G 0 1.9G 0% /dev
tmpfs tmpfs 1.9G 140K 1.9G 1% /dev/shm
tmpfs tmpfs 1.9G 17M 1.9G 1% /run
tmpfs tmpfs 1.9G 0 1.9G 0% /sys/fs/cgroup
tmpfs tmpfs 1.9G 17M 1.9G 1% /run/netns
//172.25.0.11/common cifs 10G 3.1G 7.0G 31% /mnt/multiuser
172.25.0.11:/public nfs4 10G 3.1G 7.0G 31% /mnt/nfsmount
172.25.0.11:/protected nfs4 10G 3.1G 7.0G 31% /mnt/nfssecure
[[email protected] Desktop]#
12.
实现一个 web 服务器
在server0上配置一个站点http://server0.example.com,然后执行以下步骤:
从http://classroom.example.com/materials/station.html下载文件,并且
将文件重命名为index.html,绝对不能修改此文件的内容。
将index.html拷贝到你的web服务器的DocumentRoot目录下。
来自example.com域的客户端可以访问此web站点。
来自my133t.org域的客户端拒绝访问此web站点。
备注: 网站的DocumentRoot如果题目没有指定,那么随意。
使用/var/www/html 作为server0.example.com 的根目录
安装:
[[email protected] /]# yum -y install httpd
开机启动:
[[email protected] /]# systemctl enable httpd
ln -s '/usr/lib/systemd/system/httpd.service' '/etc/systemd/system/multi-user.target.wants/httpd.service'
[[email protected] /]#
[[email protected] /]#
[[email protected] /]#
防火墙:
[[email protected] /]#
[[email protected] /]# firewall-cmd --add-service=http --permanent
success
[[email protected] /]# firewall-cmd --reload
success
[[email protected] /]#
下载:index.html文件
[[email protected] /]# cd /var/www/html/
[[email protected] html]# pwd
/var/www/html
[[email protected] html]# pwd
/var/www/html
[[email protected] html]# wget -O index.html http://classroom.example.com/materials/station.html
--2020-03-07 16:16:12-- http://classroom.example.com/materials/station.html
Resolving classroom.example.com (classroom.example.com)... 172.25.254.254
Connecting to classroom.example.com (classroom.example.com)|172.25.254.254|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 34 [text/html]
Saving to: ‘index.html’
100%[======================================>] 34 --.-K/s in 0s
2020-03-07 16:16:12 (5.99 MB/s) - ‘index.html’ saved [34/34]
[[email protected] html]# ls -Z index.html
-rw-r--r--. root root unconfined_u:object_r:httpd_sys_content_t:s0 index.html
[[email protected] html]#
安装文档:
[[email protected] Desktop]# yum -y install httpd-manual
[[email protected] html]# cd /etc/httpd/conf.d/
[[email protected] conf.d]# touch server0.conf
[[email protected] conf.d]# ls
autoindex.conf README server0.conf userdir.conf welcome.conf
[[email protected] conf.d]# vim server0.conf
[[email protected] conf.d]# vim server0.conf
[[email protected] conf.d]# cat server0.conf
<VirtualHost *:80>
DocumentRoot "/var/www/html/"
ServerName server0.example.com
ErrorLog "/var/log/httpd/server0.example.com-error_log"
CustomLog "/var/log/httpd/server0.example.com-access_log" common
<Directory "/var/www/html">
<RequireAll>
Require all granted
Require not host .my133t.org
</RequireAll>
</Directory>
</VirtualHost>
[[email protected] conf.d]#
[[email protected] conf.d]# systemctl restart httpd
在线视频观看地址:https://edu.51cto.com/sd/ceb6f
13.
配置安全 web 服务
站点http://server0.example.com配置TLS加密。
一个已经签名证书从http://classroom.example.com/pub/tls/certs/server0.crt获
取
此证书的**从http://classroom.example.com/pub/tls/private/server0.key获取
此证书的授权信息从http://classroom.example.com/pub/example-ca.crt获取
安装支持包:mod_ssl
[[email protected] /]# yum -y install mod_ssl
下载**文件:/etc/pki/tls
[[email protected] Desktop]#
[[email protected] Desktop]#
[[email protected] Desktop]#
[[email protected] Desktop]# cd /etc/pki/
[[email protected] pki]# ls
CA consumer java product rsyslog
ca-trust entitlement nssdb rpm-gpg tls
[[email protected] pki]# cd tls/
[[email protected] tls]# pwd
/etc/pki/tls
[[email protected] tls]# wget http://classroom.example.com/pub/tls/certs/server0.crt
--2020-03-07 16:31:52-- http://classroom.example.com/pub/tls/certs/server0.crt
Resolving classroom.example.com (classroom.example.com)... 172.25.254.254
Connecting to classroom.example.com (classroom.example.com)|172.25.254.254|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 3505 (3.4K)
Saving to: ‘server0.crt’
100%[======================================>] 3,505 --.-K/s in 0s
2020-03-07 16:31:52 (568 MB/s) - ‘server0.crt’ saved [3505/3505]
[[email protected] tls]# ls
cert.pem certs misc openssl.cnf private server0.crt
[[email protected] tls]# wget http://classroom.example.com/pub/tls/private/server0.key
--2020-03-07 16:32:20-- http://classroom.example.com/pub/tls/private/server0.key
Resolving classroom.example.com (classroom.example.com)... 172.25.254.254
Connecting to classroom.example.com (classroom.example.com)|172.25.254.254|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 916
Saving to: ‘server0.key’
100%[======================================>] 916 --.-K/s in 0s
2020-03-07 16:32:20 (174 MB/s) - ‘server0.key’ saved [916/916]
[[email protected] tls]# wget http://classroom.example.com/pub/example-ca.crt
--2020-03-07 16:32:34-- http://classroom.example.com/pub/example-ca.crt
Resolving classroom.example.com (classroom.example.com)... 172.25.254.254
Connecting to classroom.example.com (classroom.example.com)|172.25.254.254|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 1220 (1.2K)
Saving to: ‘example-ca.crt’
100%[======================================>] 1,220 --.-K/s in 0s
2020-03-07 16:32:34 (70.7 MB/s) - ‘example-ca.crt’ saved [1220/1220]
[[email protected] tls]# ls
cert.pem example-ca.crt openssl.cnf server0.crt
certs misc private server0.key
[[email protected] tls]#
使用生成配置文件:/etc/httpd/conf.d/ssl.conf
[[email protected] conf.d]# vim ssl.conf
[[email protected] conf.d]# cat ssl.conf |grep -v ^# |grep -v ^$
Listen 443 https
SSLPassPhraseDialog exec:/usr/libexec/httpd-ssl-pass-dialog
SSLSessionCache shmcb:/run/httpd/sslcache(512000)
SSLSessionCacheTimeout 300
SSLRandomSeed startup file:/dev/urandom 256
SSLRandomSeed connect builtin
SSLCryptoDevice builtin
<VirtualHost _default_:443>
ErrorLog logs/ssl_error_log
TransferLog logs/ssl_access_log
LogLevel warn
SSLEngine on
SSLProtocol all -SSLv2
SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5
SSLCertificateFile /etc/pki/tls/server0.crt
SSLCertificateKeyFile /etc/pki/tls/server0.key
SSLCertificateChainFile /etc/pki/tls/example-ca.crt
<Files ~ "\.(cgi|shtml|phtml|php3?)$">
SSLOptions +StdEnvVars
</Files>
<Directory "/var/www/cgi-bin">
SSLOptions +StdEnvVars
</Directory>
BrowserMatch "MSIE [2-5]" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
CustomLog logs/ssl_request_log \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
DocumentRoot "/var/www/html/"
ServerName server0.example.com
ErrorLog "/var/log/httpd/server0.example.com-error_log"
CustomLog "/var/log/httpd/server0.example.com-access_log" common
<Directory "/var/www/html">
<RequireAll>
Require all granted
Require not host .my133t.org
</RequireAll>
</Directory>
</VirtualHost>
[[email protected] conf.d]#
防火墙:
[[email protected] conf.d]# firewall-cmd --add-service=https --permanent
success
[[email protected] conf.d]# firewall-cmd --reload
success
[[email protected] conf.d]#
重启服务:
[[email protected] conf.d]# systemctl restart httpd
在线视频观看地址:https://edu.51cto.com/sd/ceb6f
14.
配置虚拟主机
在server0上扩展你的web服务器,为站点http://www0.example.com创建一个虚拟主机,
然后执行以下步骤:
设置DocumentRoot为/var/www/virtual
从http://classroom.example.com/materials/www.html下载文件并重命名为
index.html,不要对文件index.html内容做任何修改。
将index.htm文件放到虚拟主机的DocumentRoot目录下
确保floyd用户能够在/var/www/virtual目录下创建文件
注意:原始站点http://server0.example.com必须仍然能够访问。站点的所用的域名
网络中已有DNS服务器解析。
创建网站根目录:
[[email protected] conf.d]# cd /var/www/
[[email protected] www]# pwd
/var/www
[[email protected] www]# ls
cgi-bin html
[[email protected] www]# mkdir virtual
[[email protected] www]# ls
cgi-bin html virtual
[[email protected] www]#
下载网页文件:
[[email protected] www]# cd virtual/
[[email protected] virtual]# pwd
/var/www/virtual
[[email protected] virtual]# wget -O index.html http://classroom.example.com/materials/www.html
--2020-03-07 16:38:47-- http://classroom.example.com/materials/www.html
Resolving classroom.example.com (classroom.example.com)... 172.25.254.254
Connecting to classroom.example.com (classroom.example.com)|172.25.254.254|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 44 [text/html]
Saving to: ‘index.html’
100%[=========================================================================================>] 44 --.-K/s in 0s
2020-03-07 16:38:47 (2.24 MB/s) - ‘index.html’ saved [44/44]
[[email protected] virtual]#
floyd用户和文件权限:
[[email protected] virtual]# id floyd
id: floyd: no such user
[[email protected] virtual]# useradd floyd
[[email protected] virtual]# cd ..
[[email protected] www]# ls
cgi-bin html virtual
[[email protected] www]# setfacl -m u:floyd:rwx /var/www/virtual
[[email protected] www]#
[[email protected] www]#
[[email protected] www]#
配置:
[[email protected] conf.d]# vim www0.conf
[[email protected] conf.d]# cat www0.conf
<VirtualHost *:80>
DocumentRoot "/var/www/virtual"
ServerName www0.example.com
ErrorLog "/var/log/httpd/www0.example.com-error_log"
CustomLog "/var/log/httpd/www0.example.com-access_log" common
<Directory "/var/www/virtual">
<RequireAll>
Require all granted
</RequireAll>
</Directory>
</VirtualHost>
[[email protected] conf.d]#
重启:
[[email protected] conf.d]# systemctl restart httpd
15.
配置 web 内容的访问
在你的server0上的web服务器的DocumentRoot目录下创建一个名为private的目录,要
求如下:
从http://classroom.example.com/materials/private.html下载一个文件副
本到这个目录,并且重命名为index.html。
不要对这个文件的内容作任何修改。
从system1上,任何人都可以浏览private的内容,但是从其他系统就不能访问
这个目录的内容。(注意题目要求谁可以访问,灵活变化)
备注:此题目是接着上一题,所以这里的DocumentRoot指的就是上面的
/var/www/virtual/。
[[email protected] conf.d]#
[[email protected] conf.d]# cd /var/www/
[[email protected] www]# ls
cgi-bin html virtual
[[email protected] www]# cd vif
bash: cd: vif: No such file or directory
[[email protected] www]# cd virtual/
[[email protected] virtual]# pwd
/var/www/virtual
[[email protected] virtual]# mkdir private
[[email protected] virtual]# pwd
/var/www/virtual
[[email protected] virtual]# ls
index.html private
[[email protected] virtual]# cd private/
[[email protected] private]# ls
[[email protected] private]# pwd
/var/www/virtual/private
[[email protected] private]# wget -O index.html http://classroom.example.com/materials/private.html
--2020-03-07 16:44:32-- http://classroom.example.com/materials/private.html
Resolving classroom.example.com (classroom.example.com)... 172.25.254.254
Connecting to classroom.example.com (classroom.example.com)|172.25.254.254|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 45 [text/html]
Saving to: ‘index.html’
100%[=========================================================================================>] 45 --.-K/s in 0s
2020-03-07 16:44:32 (9.47 MB/s) - ‘index.html’ saved [45/45]
[[email protected] private]# ls
index.html
[[email protected] private]#
[[email protected] conf.d]# cat www0.conf
<VirtualHost *:80>
DocumentRoot "/var/www/virtual"
ServerName www0.example.com
ErrorLog "/var/log/httpd/www0.example.com-error_log"
CustomLog "/var/log/httpd/www0.example.com-access_log" common
<Directory "/var/www/virtual">
<RequireAll>
Require all granted
</RequireAll>
</Directory>
<Directory "/var/www/virtual/private">
<RequireAll>
Require local
</RequireAll>
</Directory>
</VirtualHost>
[[email protected] conf.d]#
重启:
[[email protected] conf.d]# systemctl restart httpd
测试:
在线视频观看地址:https://edu.51cto.com/sd/ceb6f
16.
实现动态 Web 内容
在server0上配置提供动态web内容,要求如下:
动态内容由名为webapp0.example.com的虚拟主机提供
虚拟主机监听在端口8908
从http://classroom.example.com/materials/webinfo.wsgi下载一个脚本,
然后放在适当的位置,无论如何不要修改此文件的内容。
客户端访问http://webapp0.example.com:8908/时应该接收到动态生成的web
页面。
此站点http://webapp0.example.com:8908/。必须能够被example.com域内的
所有系统访问。
安装python动态网站支持包:
[[email protected] conf.d]# yum -y install mod_wsgi
创建网站根目录:
[[email protected] www]# ls
cgi-bin html virtual
[[email protected] www]# mkdir webapp
[[email protected] www]# ls
cgi-bin html virtual webapp
[[email protected] www]# cd webapp/
[[email protected] webapp]# pwd
/var/www/webapp
[[email protected] webapp]# ls
[[email protected] webapp]# wget http://classroom.example.com/materials/webinfo.wsgi
--2020-03-07 16:53:48-- http://classroom.example.com/materials/webinfo.wsgi
Resolving classroom.example.com (classroom.example.com)... 172.25.254.254
Connecting to classroom.example.com (classroom.example.com)|172.25.254.254|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 397
Saving to: ‘webinfo.wsgi’
100%[=========================================================================================>] 397 --.-K/s in 0s
2020-03-07 16:53:48 (73.9 MB/s) - ‘webinfo.wsgi’ saved [397/397]
[[email protected] webapp]# ls
webinfo.wsgi
[[email protected] webapp]#
配置文件:
[[email protected] conf.d]# vim webapp0.conf
[[email protected] conf.d]# cat webapp0.conf
listen 8908
<VirtualHost *:8908>
DocumentRoot "/var/www/webapp"
ServerName webapp0.example.com
ErrorLog "/var/log/httpd/webapp0.example.com-error_log"
CustomLog "/var/log/httpd/webpp0.example.com-access_log" common
<Directory "/var/www/webapp">
<RequireAll>
Require all granted
</RequireAll>
</Directory>
WSGIScriptAlias / /var/www/webapp/webinfo.wsgi
</VirtualHost>
[[email protected] conf.d]#
SELINUX:
[[email protected] conf.d]# semanage port -a -t http_port_t -p tcp 8908
Full path required for exclude: net:[4026532574].
Full path required for exclude: net:[4026532574].
[[email protected] conf.d]# semanage port -l |grep http_port_t
http_port_t tcp 8908, 80, 81, 443, 488, 8008, 8009, 8443, 9000
pegasus_http_port_t tcp 5988
[[email protected] conf.d]#
防火墙:
[[email protected] conf.d]# firewall-cmd --add-port=8908/tcp --permanent
success
[[email protected] conf.d]# firewall-cmd --reload
success
[[email protected] conf.d]#
重启:
[[email protected] conf.d]# systemctl restart httpd
测试:
17.
创建一个脚本
在server0上创建一个名为/root/foo.sh的脚本,让其提供下列特性:
当运行/root/foo.sh redhat,输出fedora
当运行/root/foo.sh fedora,输出redhat
当没有任何参数或者参数不是redhat或者fedora时,其错误输出产生以下的信
息:
/root/foo.sh redhat|fedora
#!/bin/bash
case $1 in
redhat)
echo "fedora"
;;
fedora)
echo "redhat"
;;
*)
echo "$0 redhat|fedora"
;;
esac
chmod a+x foo.sh
在线视频观看地址:https://edu.51cto.com/sd/ceb6f
18.
创建一个添加用户的脚本
在server0上创建一个名为/root/batchusers,此脚本能够实现为系统system1创建本地
用户,并且这些用户的用户名来自一个包含用户名列表的文件,同时满足下列要求:
此脚本要求提供一个参数,此参数就是包含用户名列表的文件
如果没有提供参数,此脚本应该给出下面的提示信息Usage: /root/batusers
userfile ,并且退出返回相应的值
如果提供一个不存在的文件名,此脚本应该给出下面的提示信息 Input file
not found然后退出并返回相应的值
创建的用户登录shell为/bin/false
此脚本不需要为用户设置密码 (注意:有得时候需要设置统一密码为redhat)
您可以从下面的URL获取用户列表作为测试用
http://classroom.example.com/materials/userlist
#!/bin/bash
if [ $# -eq 1 ];then
if [ -f "$1" ];then
while read username;do
useradd -s /bin/false $username &>/dev/null
echo "redhat" |passwd --stdin $username &>/dev/null
done<$1
else
echo "Input file not found"
exit 1
fi
else
echo "Usage:/root/barchusers userfile"
exit 2
fi
19.
9 、配置 iSCSI 服务端
配置server0提供一个iSCSI服务磁盘名为iqn.2014-11.com.example:server0,并符合
下列要求:
服务端口为3260
使用iscsi_store作为其后端卷,其大小为3G(题意含糊,其实iscsi_store是
一个逻辑卷,需要自己建立)
此服务只能被desktop0.example.com访问。
[[email protected] /]# fdisk -l
Disk /dev/sda: 10.7 GB, 10737418240 bytes, 20971520 sectors
Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk label type: dos
Disk identifier: 0x00013f3e
Device Boot Start End Blocks Id System
/dev/sda1 * 2048 20970332 10484142+ 83 Linux
Disk /dev/sdb: 10.7 GB, 10737418240 bytes, 20971520 sectors
Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
[[email protected] /]# pvcreate /dev/sdb
Physical volume "/dev/sdb" successfully created
[[email protected] /]# vgcreate vg1 /dev/sdb
Volume group "vg1" successfully created
[[email protected] /]# lvcreate -n iscsi_store -L 3G vg1
Logical volume "iscsi_store" created
[[email protected] /]# lvs
LV VG Attr LSize Pool Origin Data% Move Log Cpy%Sync Convert
iscsi_store vg1 -wi-a----- 3.00g
[[email protected] /]#
[[email protected] /]#
[[email protected] /]# ls /dev/vg1/iscsi_store
/dev/vg1/iscsi_store
[[email protected] /]# lvs
LV VG Attr LSize Pool Origin Data% Move Log Cpy%Sync Convert
iscsi_store vg1 -wi-a----- 3.00g
[[email protected] /]#
安装软件包:
[[email protected] /]# yum -y install targetd targetcli
开机启动:
[[email protected] /]#
[[email protected] /]# systemctl enable targetd
ln -s '/usr/lib/systemd/system/targetd.service' '/etc/systemd/system/multi-user.target.wants/targetd.service'
[[email protected] /]#
防火墙:
[[email protected] /]# firewall-cmd --add-port=3260/tcp --permanent
success
[[email protected] /]# firewall-cmd --reload
success
[[email protected] /]#
获取desktop0上的iqn:
[[email protected] Desktop]# cd /etc/iscsi/
[[email protected] iscsi]# ls
initiatorname.iscsi iscsid.conf
[[email protected] iscsi]# cat initiatorname.iscsi
InitiatorName=iqn.1994-05.com.redhat:9e96ff23da37
[[email protected] iscsi]#
iqn:iqn.1994-05.com.redhat:9e96ff23da37
服务器端配置:
[[email protected] /]# targetcli
Warning: Could not load preferences file /root/.targetcli/prefs.bin.
targetcli shell version 2.1.fb34
Copyright 2011-2013 by Datera, Inc and others.
For help on commands, type 'help'.
/> ls
o- / ........................................................................................................................ [...]
o- backstores ............................................................................................................. [...]
| o- block ................................................................................................. [Storage Objects: 0]
| o- fileio ................................................................................................ [Storage Objects: 0]
| o- pscsi ................................................................................................. [Storage Objects: 0]
| o- ramdisk ............................................................................................... [Storage Objects: 0]
o- iscsi ........................................................................................................... [Targets: 0]
o- loopback ........................................................................................................ [Targets: 0]
/> cd backstores/
/backstores>
* block/ pscsi/ bookmarks exit help pwd set
/ fileio/ ramdisk/ cd get ls refresh status
.............path|command
/backstores> ls
o- backstores ............................................................................................................... [...]
o- block ................................................................................................... [Storage Objects: 0]
o- fileio .................................................................................................. [Storage Objects: 0]
o- pscsi ................................................................................................... [Storage Objects: 0]
o- ramdisk ................................................................................................. [Storage Objects: 0]
/backstores> cd block
/backstores/block> pwd
/backstores/block
/backstores/block> ls
o- block ..................................................................................................... [Storage Objects: 0]
/backstores/block> create dev=/dev/vg1/iscsi_store name=disk1
Created block storage object disk1 using /dev/vg1/iscsi_store.
/backstores/block> cd ..
/backstores> ls
o- backstores ............................................................................................................... [...]
o- block ................................................................................................... [Storage Objects: 1]
| o- disk1 ............................................................... [/dev/vg1/iscsi_store (3.0GiB) write-thru deactivated]
o- fileio .................................................................................................. [Storage Objects: 0]
o- pscsi ................................................................................................... [Storage Objects: 0]
o- ramdisk ................................................................................................. [Storage Objects: 0]
/backstores> cd ..
/> ls
o- / ........................................................................................................................ [...]
o- backstores ............................................................................................................. [...]
| o- block ................................................................................................. [Storage Objects: 1]
| | o- disk1 ............................................................. [/dev/vg1/iscsi_store (3.0GiB) write-thru deactivated]
| o- fileio ................................................................................................ [Storage Objects: 0]
| o- pscsi ................................................................................................. [Storage Objects: 0]
| o- ramdisk ............................................................................................... [Storage Objects: 0]
o- iscsi ........................................................................................................... [Targets: 0]
o- loopback ........................................................................................................ [Targets: 0]
/> cd iscsi
/iscsi> create iqn.2014-11.com.example:server0
Created target iqn.2014-11.com.example:server0.
Created TPG 1.
/iscsi> ls
o- iscsi ............................................................................................................. [Targets: 1]
o- iqn.2014-11.com.example:server0 .................................................................................... [TPGs: 1]
o- tpg1 ................................................................................................ [no-gen-acls, no-auth]
o- acls ........................................................................................................... [ACLs: 0]
o- luns ........................................................................................................... [LUNs: 0]
o- portals ..................................................................................................... [Portals: 0]
/iscsi> cd iqn.2014-11.com.example:server0/
/iscsi/iqn.20...ample:server0> cd tpg1/
/iscsi/iqn.20...:server0/tpg1> ls
o- tpg1 .................................................................................................... [no-gen-acls, no-auth]
o- acls ............................................................................................................... [ACLs: 0]
o- luns ............................................................................................................... [LUNs: 0]
o- portals ......................................................................................................... [Portals: 0]
/iscsi/iqn.20...:server0/tpg1> cd luns
/iscsi/iqn.20...er0/tpg1/luns> create
/backstores/block/disk1 add_mapped_luns= lun= storage_object=
......................................storage_object|keyword=
/iscsi/iqn.20...er0/tpg1/luns> create /backstores/block/disk1
Created LUN 0.
/iscsi/iqn.20...er0/tpg1/luns> ls
o- luns ................................................................................................................. [LUNs: 1]
o- lun0 .................................................................................... [block/disk1 (/dev/vg1/iscsi_store)]
/iscsi/iqn.20...er0/tpg1/luns> cd ..
/iscsi/iqn.20...:server0/tpg1> ls
o- tpg1 .................................................................................................... [no-gen-acls, no-auth]
o- acls ............................................................................................................... [ACLs: 0]
o- luns ............................................................................................................... [LUNs: 1]
| o- lun0 .................................................................................. [block/disk1 (/dev/vg1/iscsi_store)]
o- portals ......................................................................................................... [Portals: 0]
/iscsi/iqn.20...:server0/tpg1> cd acls
/iscsi/iqn.20...er0/tpg1/acls> create iqn.1994-05.com.redhat:9e96ff23da37
Created Node ACL for iqn.1994-05.com.redhat:9e96ff23da37
Created mapped LUN 0.
/iscsi/iqn.20...er0/tpg1/acls> ls
o- acls ................................................................................................................. [ACLs: 1]
o- iqn.1994-05.com.redhat:9e96ff23da37 ......................................................................... [Mapped LUNs: 1]
o- mapped_lun0 ........................................................................................ [lun0 block/disk1 (rw)]
/iscsi/iqn.20...er0/tpg1/acls> cd ..
/iscsi/iqn.20...:server0/tpg1> ls
o- tpg1 .................................................................................................... [no-gen-acls, no-auth]
o- acls ............................................................................................................... [ACLs: 1]
| o- iqn.1994-05.com.redhat:9e96ff23da37 ....................................................................... [Mapped LUNs: 1]
| o- mapped_lun0 ...................................................................................... [lun0 block/disk1 (rw)]
o- luns ............................................................................................................... [LUNs: 1]
| o- lun0 .................................................................................. [block/disk1 (/dev/vg1/iscsi_store)]
o- portals ......................................................................................................... [Portals: 0]
/iscsi/iqn.20...:server0/tpg1> cd portals
/iscsi/iqn.20.../tpg1/portals> create ip_address=172.25.0.11
Using default IP port 3260
Created network portal 172.25.0.11:3260.
/iscsi/iqn.20.../tpg1/portals> cd ..
/iscsi/iqn.20...:server0/tpg1> cd ..
/iscsi/iqn.20...ample:server0> cd ..
/iscsi> cd ..,
/> ls
o- / ........................................................................................................................ [...]
o- backstores ............................................................................................................. [...]
| o- block ................................................................................................. [Storage Objects: 1]
| | o- disk1 ............................................................... [/dev/vg1/iscsi_store (3.0GiB) write-thru activated]
| o- fileio ................................................................................................ [Storage Objects: 0]
| o- pscsi ................................................................................................. [Storage Objects: 0]
| o- ramdisk ............................................................................................... [Storage Objects: 0]
o- iscsi ........................................................................................................... [Targets: 1]
| o- iqn.2014-11.com.example:server0 .................................................................................. [TPGs: 1]
| o- tpg1 .............................................................................................. [no-gen-acls, no-auth]
| o- acls ......................................................................................................... [ACLs: 1]
| | o- iqn.1994-05.com.redhat:9e96ff23da37 ................................................................. [Mapped LUNs: 1]
| | o- mapped_lun0 ................................................................................ [lun0 block/disk1 (rw)]
| o- luns ......................................................................................................... [LUNs: 1]
| | o- lun0 ............................................................................ [block/disk1 (/dev/vg1/iscsi_store)]
| o- portals ................................................................................................... [Portals: 1]
| o- 172.25.0.11:3260 ................................................................................................ [OK]
o- loopback ........................................................................................................ [Targets: 0]
/>
/> saveconfig
Last 10 configs saved in /etc/target/backup.
Configuration saved to /etc/target/saveconfig.json
/>
/> exit
Global pref auto_save_on_exit=true
Last 10 configs saved in /etc/target/backup.
Configuration saved to /etc/target/saveconfig.json
[[email protected] /]#
[[email protected] /]#
[[email protected] /]#
[[email protected] /]#
[[email protected] /]# systemctl restart targetd
在线视频观看地址:https://edu.51cto.com/sd/ceb6f
20.
配置 iSCSI 的客户端
配置desktop0使其能连接在server0上提供的iqn.2014-11.com.example:server0并符
合以下要求:
iSCSI设备在系统启动的时候自动加载
块设备iSCSI上包含一个大小为2100 MiB的分区,并格式化为ext4。
此分区挂载在/mnt/data上同时在系统启动的期间自动挂载。
创建挂载点:
[[email protected] /]# mkdir /mnt/data
[[email protected] /]# man iscsiadm
发现target:
[[email protected] /]# iscsiadm --mode discoverydb --type sendtargets --portal 172.25.0.11 --discover
172.25.0.11:3260,1 iqn.2014-11.com.example:server0
[[email protected] /]#
连接:
[[email protected] /]# iscsiadm --mode node --targetname iqn.2014-11.com.example:server0 --portal 172.25.0.11:3260 --login
Logging in to [iface: default, target: iqn.2014-11.com.example:server0, portal: 172.25.0.11,3260] (multiple)
Login to [iface: default, target: iqn.2014-11.com.example:server0, portal: 172.25.0.11,3260] successful.
[[email protected] /]#
分区,格式化,挂载:
[[email protected] /]# fdisk -l
Disk /dev/sda: 10.7 GB, 10737418240 bytes, 20971520 sectors
Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk label type: dos
Disk identifier: 0x00013f3e
Device Boot Start End Blocks Id System
/dev/sda1 * 2048 20970332 10484142+ 83 Linux
Disk /dev/sdb: 10.7 GB, 10737418240 bytes, 20971520 sectors
Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk /dev/sdc: 3221 MB, 3221225472 bytes, 6291456 sectors
Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 4194304 bytes
[[email protected] /]# fdisk /dev/sdc
Welcome to fdisk (util-linux 2.23.2).
Changes will remain in memory only, until you decide to write them.
Be careful before using the write command.
Device does not contain a recognized partition table
Building a new DOS disklabel with disk identifier 0xdddc87a0.
Command (m for help): n
Partition type:
p primary (0 primary, 0 extended, 4 free)
e extended
Select (default p): p
Partition number (1-4, default 1):
First sector (8192-6291455, default 8192):
Using default value 8192
Last sector, +sectors or +size{K,M,G} (8192-6291455, default 6291455): +2100M
Partition 1 of type Linux and of size 2.1 GiB is set
Command (m for help): W
The partition table has been altered!
Calling ioctl() to re-read partition table.
Syncing disks.
[[email protected] /]# fdisk -l
Disk /dev/sda: 10.7 GB, 10737418240 bytes, 20971520 sectors
Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk label type: dos
Disk identifier: 0x00013f3e
Device Boot Start End Blocks Id System
/dev/sda1 * 2048 20970332 10484142+ 83 Linux
Disk /dev/sdb: 10.7 GB, 10737418240 bytes, 20971520 sectors
Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk /dev/sdc: 3221 MB, 3221225472 bytes, 6291456 sectors
Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 4194304 bytes
Disk label type: dos
Disk identifier: 0xdddc87a0
Device Boot Start End Blocks Id System
/dev/sdc1 8192 4308991 2150400 83 Linux
[[email protected] /]# mkfs.ext4 /dev/sdc1
mke2fs 1.42.9 (28-Dec-2013)
Filesystem label=
OS type: Linux
Block size=4096 (log=2)
Fragment size=4096 (log=2)
Stride=0 blocks, Stripe width=1024 blocks
134640 inodes, 537600 blocks
26880 blocks (5.00%) reserved for the super user
First data block=0
Maximum filesystem blocks=551550976
17 block groups
32768 blocks per group, 32768 fragments per group
7920 inodes per group
Superblock backups stored on blocks:
32768, 98304, 163840, 229376, 294912
Allocating group tables: done
Writing inode tables: done
Creating journal (16384 blocks): done
Writing superblocks and filesystem accounting information: done
[[email protected] /]#
[[email protected] /]#
[[email protected] /]# vim /etc/fstab
[[email protected] /]# cat /etc/fstab
#
# /etc/fstab
# Created by anaconda on Wed May 7 01:22:57 2014
#
# Accessible filesystems, by reference, are maintained under '/dev/disk'
# See man pages fstab(5), findfs(8), mount(8) and/or blkid(8) for more info
#
UUID=9bf6b9f7-92ad-441b-848e-0257cbb883d1 / xfs defaults 1 1
//172.25.0.11/common /mnt/multiuser cifs defaults,_netdev,username=brian,password=redhat,multiuser,sec=ntlmssp 0 0
172.25.0.11:/public /mnt/nfsmount nfs defaults,_netdev 0 0
172.25.0.11:/protected /mnt/nfssecure nfs defaults,_netdev,sec=krb5p 0 0
/dev/sdc1 /mnt/data ext4 defaults,_netdev 0 0
[[email protected] /]# mount -a
[[email protected] /]# df -hT
Filesystem Type Size Used Avail Use% Mounted on
/dev/sda1 xfs 10G 3.1G 7.0G 31% /
devtmpfs devtmpfs 1.9G 0 1.9G 0% /dev
tmpfs tmpfs 1.9G 176K 1.9G 1% /dev/shm
tmpfs tmpfs 1.9G 17M 1.9G 1% /run
tmpfs tmpfs 1.9G 0 1.9G 0% /sys/fs/cgroup
tmpfs tmpfs 1.9G 17M 1.9G 1% /run/netns
//172.25.0.11/common cifs 10G 3.2G 6.9G 32% /mnt/multiuser
172.25.0.11:/public nfs4 10G 3.2G 6.9G 32% /mnt/nfsmount
172.25.0.11:/protected nfs4 10G 3.2G 6.9G 32% /mnt/nfssecure
/dev/sdc1 ext4 2.0G 6.2M 1.9G 1% /mnt/data
[[email protected] /]#
客户端desktop0上需要开机启动两个服务:
[[email protected] Desktop]# systemctl enable iscsi
ln -s '/usr/lib/systemd/system/iscsi.service' '/etc/systemd/system/sysinit.target.wants/iscsi.service'
[[email protected] Desktop]# systemctl enable iscsid
ln -s '/usr/lib/systemd/system/iscsid.service' '/etc/systemd/system/multi-user.target.wants/iscsid.service'
[[email protected] Desktop]#
21.
在server0上部署MariaDB。要求如下:
仅允许从server0系统上使用登陆到数据库。
登陆数据库所用的账号为root,密码为root_password。
从http://content.example.com/courses/rhce/rhel7.0/materials/mariadb/mariadb.dump上
下载文件,并将其恢复为legacy库。并设置数据库访问:
用户名 密码 权限
mary xxx 对legacy库的所有数据有选择操作权限
legacy xxx 对legacy库的所有数据有选择、插入、更新、删除操作权限
report xxx 对legacy库的所有数据有选择操作权限
安装:
[[email protected] /]# yum -y install mariadb mariadb-server
开机启动,启动服务:
[[email protected] /]# systemctl enable mariadb
ln -s '/usr/lib/systemd/system/mariadb.service' '/etc/systemd/system/multi-user.target.wants/mariadb.service'
[[email protected] /]#
[[email protected] /]#
[[email protected] /]# systemctl start mariadb
[[email protected] /]#
[[email protected] /]# mysql_secure_installation
/usr/bin/mysql_secure_installation: line 379: find_mysql_client: command not found
NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB
SERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY!
In order to log into MariaDB to secure it, we'll need the current
password for the root user. If you've just installed MariaDB, and
you haven't set the root password yet, the password will be blank,
so you should just press enter here.
Enter current password for root (enter for none):
OK, successfully used password, moving on...
Setting the root password ensures that nobody can log into the MariaDB
root user without the proper authorisation.
Set root password? [Y/n] y
New password:
Re-enter new password:
Password updated successfully!
Reloading privilege tables..
... Success!
By default, a MariaDB installation has an anonymous user, allowing anyone
to log into MariaDB without having to have a user account created for
them. This is intended only for testing, and to make the installation
go a bit smoother. You should remove them before moving into a
production environment.
Remove anonymous users? [Y/n] y
... Success!
Normally, root should only be allowed to connect from 'localhost'. This
ensures that someone cannot guess at the root password from the network.
Disallow root login remotely? [Y/n] y
... Success!
By default, MariaDB comes with a database named 'test' that anyone can
access. This is also intended only for testing, and should be removed
before moving into a production environment.
Remove test database and access to it? [Y/n] y
- Dropping test database...
... Success!
- Removing privileges on test database...
... Success!
Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.
Reload privilege tables now? [Y/n] y
... Success!
Cleaning up...
All done! If you've completed all of the above steps, your MariaDB
installation should now be secure.
Thanks for using MariaDB!
[[email protected] /]#
在线视频观看地址:https://edu.51cto.com/sd/ceb6f
下载数据库备份文件:
http://content.example.com/courses/rhce/rhel7.0/materials/mariadb/mariadb.dump
[[email protected] /]# cd
[[email protected] ~]# pwd
/root
[[email protected] ~]# ls
anaconda-ks.cfg Desktop Documents Downloads Music Pictures Public Templates Videos
[[email protected] ~]# wget http://content.example.com/courses/rhce/rhel7.0/materials/mariadb/mariadb.dump
--2020-03-07 17:23:39-- http://content.example.com/courses/rhce/rhel7.0/materials/mariadb/mariadb.dump
Resolving content.example.com (content.example.com)... 172.25.254.254
Connecting to content.example.com (content.example.com)|172.25.254.254|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 3785 (3.7K)
Saving to: ‘mariadb.dump’
100%[=========================================================================================>] 3,785 --.-K/s in 0.001s
2020-03-07 17:23:39 (3.48 MB/s) - ‘mariadb.dump’ saved [3785/3785]
[[email protected] ~]# ls
anaconda-ks.cfg Desktop Documents Downloads mariadb.dump Music Pictures Public Templates Videos
[[email protected] ~]#
还原数据库:
创建数据库:
[[email protected] ~]# mysql -u root -p
Enter password:
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 12
Server version: 5.5.35-MariaDB MariaDB Server
Copyright (c) 2000, 2013, Oracle, Monty Program Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MariaDB [(none)]> show databaes;
ERROR 1064 (42000): You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near 'databaes' at line 1
MariaDB [(none)]> show databases;
+--------------------+
| Database |
+--------------------+
| information_schema |
| mysql |
| performance_schema |
+--------------------+
3 rows in set (0.00 sec)
MariaDB [(none)]> create database legacy;
Query OK, 1 row affected (0.00 sec)
MariaDB [(none)]>
MariaDB [(none)]> show databases;
+--------------------+
| Database |
+--------------------+
| information_schema |
| legacy |
| mysql |
| performance_schema |
+--------------------+
4 rows in set (0.00 sec)
MariaDB [(none)]> use legacy;
Database changed
MariaDB [legacy]>
MariaDB [legacy]>
MariaDB [legacy]>
MariaDB [(none)]> use legacy;
Database changed
MariaDB [legacy]>
MariaDB [legacy]>
MariaDB [legacy]> source /root/mariadb.dump
Query OK, 0 rows affected (0.00 sec)
Query OK, 0 rows affected (0.00 sec)
授权:
MariaDB [legacy]>
MariaDB [legacy]> grant select on legacy.* to [email protected]'localhost' identified by 'redhat';
Query OK, 0 rows affected (0.00 sec)
MariaDB [legacy]>
MariaDB [legacy]> grant select,delete,update,insert on legacy.* to [email protected]'localhost' identified by 'redhat';
Query OK, 0 rows affected (0.00 sec)
MariaDB [legacy]> grant select on legacy.* to [email protected]'localhost' identified by 'redhat';
Query OK, 0 rows affected (0.00 sec)
MariaDB [legacy]> flush privileges;
Query OK, 0 rows affected (0.00 sec)
MariaDB [legacy]>
22.
数据查询填空
在server0上登陆数据库,查看XXX库进行查询,并将结果填入相应的框格中。
Q1在product表中,查询RT-AC68U的产品id()
Q2查询类别为Servers的产品的数量()
模拟考环境请在http://classroom.example.com/cgi-bin/mariadb提交
MariaDB [legacy]> show tables;
MariaDB [legacy]> select * from product;
MariaDB [legacy]> select * from product;
MariaDB [legacy]> select id,name from product where name='RT-AC68U';
MariaDB [legacy]> select * from category;
MariaDB [legacy]> select * from product where id_category=2;