RHEL7 :RHCE试题答案整理
RHCE考试:1.Selinux两台服务器上配置~]# vim/etc/selinux/configSELINUX=disabledSELINUXTYPE=targeted~]#reboot
2.ssh登录控制~]#vim /ect/hosts.allowsshd:172.25.0.~]#vim /ect/hosts.denysshd:172.24.0.
3.命令别名~]#vim /etc/bashrcaliasqstat=' '重读环境变量、验证~]# source /etc/bashrc 或 ~]# . /PATH/FROM/CONF_FILE~]# alias~]#qstat
4.防火墙规则,配置端口转发图形化界面操作。。。~]# firewall-config& 在图形化下配置选择模式:Configuration Permanent永久模式Zone:public 适用区域Port Forwarding端口转发 --> Add~]# firewall-cmd--list-all public 验证
5.链路聚合图形化界面配置:~]#nm-conection-editor &~]#lab teambridge setupman teamd----》{"runner\":{\"name\":\"activebackup\"}}~]#systemctl restart network~]#ip addr show team0~]#teamdctl team0 state
6.配置IPv6地址图形配置~]# nm-connection-editor & 图形配置~]# systemctlrestart network~]# ip addr showeth0~]# ping#测试
7.本地邮件服务~]#yum install -y postfix~]#vim /etc/postfix/main.cfinit_interfaces=loopback-onlymyorigin = example.com #从该系统上发送的邮件都显示来自relayhost = # 转发发到mydestination= # 本地不接受外来邮件local_transport=err:local delivery disabled~]# systemctlrestart postfix~]#systemctl enable postfix
8.Samba共享目录Server:~]#yum install samba samba-client -y ~]# mkdir /common~]# chcon -R -t samba_share_t /common #修改安全上下文,此处的SElinux是打开的,在配置文件中也有此命令~]# vim/etc/samba/smb.confworkgroup = STAFF # 此处是修改 # 此处开始是添加内容comment=commonpath= /commonhostsallow = 172.25.0.browseable= yes~]# smbpasswd -aandy~]# testparm # 查看配置有无问题~]#systemctl restart smb nmb~]#systemctl enable smb nmb~]#firewall-cmd --add-service=samba--permanent~]# firewall-cmd--reloadClient:~]#yum install samba-client cifs-utils-y~]# smbclient -L //172.25.0.11 -U andy # 测试能否连接~]# smbclient //172.25.0.11/common -U andy # 测试能否连接共享目录~]# 第三步测试:能够下载不能上传挂载可以做看题目要求:~]#mkdir /mnt/common~]#vim /etc/fstab//172.25.0.11/common /mnt/common cifs defaults,username=k1,password=redhat,sec=ntlmssp 0 0~]#mount -a~]#df -hT
9.多用户SMB挂载~]#mkdir/share~]#chmod o+w/share~]#chcon -R -t samba_share_t/share~]# useradd k1~]# useradd c1~]# smbpasswd -a k1~]#smbpasswd -a c1 ~]# vim/etc/samba/smb.confcomment=sharepath= /sharehostsallow = 172.25.0.browseable= yeswritable= nowritelist = c1~]#systemctl restart smb nmb
Client端测试:~]#vim /etc/fstab//172.25.0.11/share /mnt/dev cifs defaults,multiuser,username=k1,password=redhat,sec=ntlmssp 0 0~]#mount -a~]#df -h~]# useradd c1~]# su - c1~]#cd /mnt/dev~]# cifscredsadd 172.25.0.11 -u c1 # 临时提升权限??????????????????
10.NFS服务Server:~]# mkdir /public~]# mkdir /pretected~]# chcon -R -tpublic_content_t /public~]# chcon -R -tpublic_content_t /pretected/~]# vim /etc/exports/public172.25.0.0/24(ro,sync)/pretected 172.25.0.0/24(rw,sec=krb5p,sync)~]#wget -O /etc/krb5.keytab http://classroom.example.com/pub/keytabs/server0.keytab?~]# useradd k2?~]# chown k2 /pretected/project/~]# systemctlrestart nfs-secure-server~]# systemctl enablenfs-server.service~]# systemctlrestart nfs~]# firewall-cmd--add-service=nfs --permanent~]# firewall-cmd--reload~]# firewall-cmd --add-service=rpc-bind --permanent # 挂载相关的放行~]# firewall-cmd--reload~]# firewall-cmd --permanent --add-service=mountd # 挂载相关的放行~]# firewall-cmd--reload~]# vim/etc/sysconfig/nfs # 为支持krb5验证RPCNFSDARGS='-V 4.2'
11.挂载NFS共享Client:~]# wget -O/etc/krb5.keytab http://classroom.example.com/pub/keytabs/desktop0.keytab~]# systemctlrestart nfs-secure~]#systemctl enable nfs-secure ~]# mkdir/mnt/nfssecure~]# vim /etc/fstab172.25.0.11:/public /mnt/nfsmount nfs defaules 0 0172.25.0.11:/pretected /mnt/nfssecure nfs defaults,sec=krb5p,v4.2 0 0~]# mount -a
12.配置Web站点~]#yum groupinstall-yweb* ~]#cd /var/www/html~]#wget http:// ~]#mv ~]# systemctl starthttpd~]#systemctl enable httpd~]#firewall-cmd --add-service=http -permanent~]#firewall-cmd --reload~]# systemctlrestart httpd~]#firewall-config &~]# curl http://server0.example.com
13.配置安全web服务~]# yum installmod_ssl~]# cd/etc/httpd/conf.d~]# wget http://classroom.example.com/pub/tls/certs/www0.crt~]# wget http://classroom.example.com/pub/tls/private/www0.key~]# wget http://classroom.example.com/pub/example-ca.crt~]# vim ssl.confDocumentRoot "/var/www/html"ServerNameserver0.example.com:443SSLCertificateFile/etc/httpd/conf.d/www0.crtSSLCertificateKeyFile/etc/httpd/conf.d/www0.keySSLCertificateChainFile/etc/httpd/conf.d/example-ca.crt~]#systemctl restart httpd~]# firewall-cmd--add-service=https --permanent~]# firewall-cmd--reload
14.配置虚拟主机~]# vim vhost.conf<VirtualHost*:80>ServerName www.exmaple.com DocumentRoot/var/www/virtual</VirtualHost><Directory"/var/www/virtual">AllowOverrideNoneRequireall granted</Directory><VirtualHost*:80>ServerNameserver0.exmaple.com DocumentRoot /var/www/html</VirtualHost>~]# systemctlrestart httpd~]#mkdir /var/www/virtual~]#chmod o+w /var/www/virtual
15.配置Web内容服务~]# mkdir/var/www/html/private~]# echo "15" > /var/www/html/private/index.html~]# mkdir/var/www/virtual~]# echo"14" > /var/www/virtual/index.html~]# vim vhost.conf<VirtualHost*:80>ServerNamewww.exmaple.com DocumentRoot/var/www/virtual</VirtualHost><Directory"/var/www/virtual">AllowOverrideNoneRequireall granted</Directory><VirtualHost_default_:80>ServerNameserver0.example.comDocumentRoot/var/www/html<Directory"/var/www/html">AllowOverrideNoneRequireall granted</Directory></VirtualHost><Directory"/var/www/html/private">AllowOverrideNoneRequireall deniedRequire local</Directory>~]# systemctlrestart httpd~]# curl http://server0.example.com/private/index.html~]# curl http://server0.example.com/private/index.html
16.实现动态Web内容~]# yum installmod_wsgi -y~]# vim/etc/httpd/conf/httpd.confListen8909~]# semanage port -a-t http_port_t -p tcp 8909~]#systemctl restart httpd~]# echo"16" > /var/www/html/webinfo.wsgi~]#vim vhost.conf<VirtualHost*:8909>ServerName16.exmaple.comDocumentRoot/var/www/html<Directory"/var/www/html">AllowOverrideNoneRequireall granted</Directory>WSGIScriptAlias/ /var/www/html/webinfo.wsgi</VirtualHost>~]# systemctlrestart httpd~]# firewall-config-edit&图形化放行~]#firewall-cmd --reload
17.case脚本~]#vim /etc/boot/foo/sh#!/bin/bashcase$1 infedora)echo"redhat";;redhat)echo"fedora";;*)echo"/root/foo.sh redhat|fedora"esac~]# chmod +x/root/foo.sh
18.添加用户脚本????~]#vim /root/batchusers.sh#!/bin/bashif[$# -eq 0 ];thenecho"Usage:/root/batchusers"exit1fiif[! -f $1];thenecho"input file not found"exit1fifori in $(cat $1);douseradd-s /bin/false $i;done~]#chmod +x /root/batchusers.sh
19.ISCSI服务~]#fdisk -l /dev/vda~]#yum install -y targetcli~]#targetcli/>ls/>cd backstores//>cd block/>createdisk1 /dev/vda1/>cd ../>cd ../> cdiscsi/>createiqn.2014-11.com.example:server0/>cd iqn.2014-11.com.wxample:server0/tpg1//>ls/>luns/ create/backstores/block/disk1/>acls/createiqn.2014-11.com.example:desktop0/>portals/ create172.25.0.11/>exit~]#fire-cmd --add-port=3260/tcp --permanent~]#fire-cmd --reload~]#systemctl enaable target~]#systemctl start targe
20.配置ISCSI服务客户端~]# yum installiscsi* -y~]#vim /ettc/iscsi/initiatorname.iscsiInitiatorName=iqn.2014-11.com.example:desktop0~]#iscsiadm -t st -m discovery -p 172.25.0.11~]#iscsiadm -m node -T iqn.2014-11.com.example:server0 -p172.25.0.11 -l~]#fdisk -l~]# fdisk/dev/sdc 分区~]# mkfs.ext4 /dev/sd...~]# mkdir /mnt/data~]# vim /etc/fstabUUID= /mnt/dataext4 defaults,_netdev 0 0~]# mount -a
21.配置数据库~]#yum groupinstall "mariadb*" -y~]# systemctl startmariadb~]#systemctl enable mariadb~]#mysql_secure_installation~]#mysql -u root -p MariaDB > CREATE DATABASEContacts;MariaDB > quit~]#mysql -u root -p Contacts< /root/users.mdb
22.查询数据库~]# mysql -u root -pMariaDB > useContacts;MariaDB > showtables;MariaDB > createuser r1@localhost identified by 'redhat';MariaDB > grantselect on Contacts.* to r1@localhost;MariaDB > flushprivileges;MariaDB > select* from pass inner join name where name.aid=pass.bid;MariaDB > select* from pass inner join name on name.aid=pass.bid where password='tangerine';MariaDB >select * from name inner join loc on name.aid=loc.cidwhere firstname='John' andloction='guangzhou';
页:
[1]