RHCE考试:
1.Selinux 两台服务器上配置 ~]# vim/etc/selinux/config SELINUX=disabled SELINUXTYPE=targeted ~]#reboot
2.ssh登录控制 ~]#vim /ect/hosts.allow sshd:172.25.0. ~]#vim /ect/hosts.deny sshd:172.24.0.
3.命令别名 ~]#vim /etc/bashrc aliasqstat=' ' 重读环境变量、验证 ~]# source /etc/bashrc 或 ~]# . /PATH/FROM/CONF_FILE ~]# alias ~]#qstat
4.防火墙规则,配置端口转发 图形化界面操作。。。 ~]# firewall-config& 在图形化下配置 选择模式: Configuration Permanent永久模式 Zone:public 适用区域 Port Forwarding端口转发 --> Add ~]# firewall-cmd--list-all public 验证
5.链路聚合 图形化界面配置: ~]#nm-conection-editor & ~]#lab teambridge setup man teamd----》{"runner\":{\"name\":\"activebackup\"}} ~]#systemctl restart network ~]#ip addr show team0 ~]#teamdctl team0 state
6.配置IPv6地址 图形配置 ~]# nm-connection-editor & 图形配置 ~]# systemctlrestart network ~]# ip addr showeth0 ~]# ping #测试
7.本地邮件服务 ~]#yum install -y postfix ~]#vim /etc/postfix/main.cf init_interfaces=loopback-only myorigin = example.com #从该系统上发送的邮件都显示来自 relayhost = [classroom.example.com] # 转发发到 mydestination= # 本地不接受外来邮件 local_transport=err:local delivery disabled ~]# systemctlrestart postfix ~]#systemctl enable postfix
8.Samba共享目录 Server: ~]#yum install samba samba-client -y ~]# mkdir /common ~]# chcon -R -t samba_share_t /common #修改安全上下文,此处的SElinux是打开的,在配置文件中也有此命令 ~]# vim/etc/samba/smb.conf workgroup = STAFF # 此处是修改 [common] # 此处开始是添加内容 comment=common path= /common hostsallow = 172.25.0. browseable= yes ~]# smbpasswd -aandy ~]# testparm # 查看配置有无问题 ~]#systemctl restart smb nmb ~]#systemctl enable smb nmb ~]#firewall-cmd --add-service=samba --permanent ~]# firewall-cmd--reload Client: ~]#yum install samba-client cifs-utils -y ~]# smbclient -L //172.25.0.11 -U andy # 测试能否连接 ~]# smbclient //172.25.0.11/common -U andy # 测试能否连接共享目录 ~]# 第三步测试:能够下载不能上传 挂载可以做看题目要求: ~]#mkdir /mnt/common ~]#vim /etc/fstab //172.25.0.11/common /mnt/common cifs defaults,username=k1,password=redhat,sec=ntlmssp 0 0 ~]#mount -a ~]#df -hT
9.多用户SMB挂载 ~]#mkdir /share ~]#chmod o+w /share ~]#chcon -R -t samba_share_t /share ~]# useradd k1 ~]# useradd c1 ~]# smbpasswd -a k1 ~]#smbpasswd -a c1 ~]# vim/etc/samba/smb.conf [share] comment=share path= /share hostsallow = 172.25.0. browseable= yes writable= no writelist = c1 ~]#systemctl restart smb nmb
Client端测试: ~]#vim /etc/fstab //172.25.0.11/share /mnt/dev cifs defaults,multiuser,username=k1,password=redhat,sec=ntlmssp 0 0 ~]#mount -a ~]#df -h ~]# useradd c1 ~]# su - c1 ~]#cd /mnt/dev ~]# cifscredsadd 172.25.0.11 -u c1 # 临时提升权限??????????????????
10.NFS服务 Server: ~]# mkdir /public ~]# mkdir /pretected ~]# chcon -R -tpublic_content_t /public ~]# chcon -R -tpublic_content_t /pretected/ ~]# vim /etc/exports /public 172.25.0.0/24(ro,sync) /pretected 172.25.0.0/24(rw,sec=krb5p,sync) ?~]# useradd k2 ?~]# chown k2 /pretected/project/ ~]# systemctlrestart nfs-secure-server ~]# systemctl enablenfs-server.service ~]# systemctlrestart nfs ~]# firewall-cmd--add-service=nfs --permanent ~]# firewall-cmd--reload ~]# firewall-cmd --add-service=rpc-bind --permanent # 挂载相关的放行 ~]# firewall-cmd--reload ~]# firewall-cmd --permanent --add-service=mountd # 挂载相关的放行 ~]# firewall-cmd--reload ~]# vim/etc/sysconfig/nfs # 为支持krb5验证 RPCNFSDARGS='-V 4.2'
11.挂载NFS共享 Client: ~]# systemctlrestart nfs-secure ~]#systemctl enable nfs-secure ~]# mkdir/mnt/nfssecure ~]# vim /etc/fstab 172.25.0.11:/public /mnt/nfsmount nfs defaules 0 0 172.25.0.11:/pretected /mnt/nfssecure nfs defaults,sec=krb5p,v4.2 0 0 ~]# mount -a
12.配置Web站点 ~]#yum groupinstall -y web* ~]#cd /var/www/html ~]#wget http:// ~]#mv ~]# systemctl starthttpd ~]#systemctl enable httpd ~]#firewall-cmd --add-service=http -permanent ~]#firewall-cmd --reload ~]# systemctlrestart httpd ~]#firewall-config &
13.配置安全web服务 ~]# yum installmod_ssl ~]# cd/etc/httpd/conf.d ~]# vim ssl.conf DocumentRoot "/var/www/html" ServerNameserver0.example.com:443 SSLCertificateFile/etc/httpd/conf.d/www0.crt SSLCertificateKeyFile/etc/httpd/conf.d/www0.key SSLCertificateChainFile/etc/httpd/conf.d/example-ca.crt ~]# systemctl restart httpd ~]# firewall-cmd--add-service=https --permanent ~]# firewall-cmd--reload
14.配置虚拟主机 ~]# vim vhost.conf <VirtualHost*:80> DocumentRoot/var/www/virtual </VirtualHost> <Directory"/var/www/virtual"> AllowOverrideNone Requireall granted </Directory> <VirtualHost*:80> ServerNameserver0.exmaple.com DocumentRoot /var/www/html </VirtualHost> ~]# systemctlrestart httpd ~]#mkdir /var/www/virtual ~]#chmod o+w /var/www/virtual
15.配置Web内容服务 ~]# mkdir/var/www/html/private ~]# echo "15" > /var/www/html/private/index.html ~]# mkdir/var/www/virtual ~]# echo"14" > /var/www/virtual/index.html ~]# vim vhost.conf <VirtualHost*:80> ServerNamewww.exmaple.com DocumentRoot/var/www/virtual </VirtualHost> <Directory"/var/www/virtual"> AllowOverrideNone Requireall granted </Directory> <VirtualHost_default_:80> ServerNameserver0.example.com DocumentRoot/var/www/html <Directory"/var/www/html"> AllowOverrideNone Requireall granted </Directory> </VirtualHost> <Directory"/var/www/html/private"> AllowOverrideNone Requireall denied Require local </Directory> ~]# systemctlrestart httpd
16.实现动态Web内容 ~]# yum installmod_wsgi -y ~]# vim/etc/httpd/conf/httpd.conf Listen8909 ~]# semanage port -a-t http_port_t -p tcp 8909 ~]# systemctl restart httpd ~]# echo"16" > /var/www/html/webinfo.wsgi ~]#vim vhost.conf <VirtualHost*:8909> ServerName16.exmaple.com DocumentRoot/var/www/html <Directory"/var/www/html"> AllowOverrideNone Requireall granted </Directory> WSGIScriptAlias/ /var/www/html/webinfo.wsgi </VirtualHost> ~]# systemctlrestart httpd ~]# firewall-config-edit&图形化放行 ~]#firewall-cmd --reload
17.case脚本 ~]#vim /etc/boot/foo/sh #!/bin/bash case$1 in fedora) echo"redhat" ;; redhat) echo"fedora" ;; *) echo"/root/foo.sh redhat|fedora" esac ~]# chmod +x/root/foo.sh
18.添加用户脚本???? ~]#vim /root/batchusers.sh #!/bin/bash if[$# -eq 0 ];then echo"Usage:/root/batchusers" exit1 fi if[! -f $1];then echo"input file not found" exit1 fi fori in $(cat $1);do useradd-s /bin/false $i; done ~]#chmod +x /root/batchusers.sh
19.ISCSI服务 ~]#fdisk -l /dev/vda ~]#yum install -y targetcli ~]#targetcli /> ls /> cd backstores/ /> cd block /> create disk1 /dev/vda1 /> cd .. /> cd .. /> cd iscsi /> createiqn.2014-11.com.example:server0 /> cd iqn.2014-11.com.wxample:server0/tpg1/ /> ls /> luns/ create /backstores/block/disk1 /> acls/ create iqn.2014-11.com.example:desktop0 /> portals/ create172.25.0.11 /> exit ~]#fire-cmd --add-port=3260/tcp --permanent ~]#fire-cmd --reload ~]#systemctl enaable target ~]#systemctl start targe
20.配置ISCSI服务客户端 ~]# yum installiscsi* -y ~]#vim /ettc/iscsi/initiatorname.iscsi InitiatorName=iqn.2014-11.com.example:desktop0 ~]#iscsiadm -t st -m discovery -p 172.25.0.11 ~]#iscsiadm -m node -T iqn.2014-11.com.example:server0 -p172.25.0.11 -l ~]#fdisk -l ~]# fdisk/dev/sdc 分区 ~]# mkfs.ext4 /dev/sd... ~]# mkdir /mnt/data ~]# vim /etc/fstab UUID= /mnt/data ext4 defaults,_netdev 0 0 ~]# mount -a
21.配置数据库 ~]#yum groupinstall "mariadb*" -y ~]# systemctl startmariadb ~]#systemctl enable mariadb ~]#mysql_secure_installation ~]#mysql -u root -p MariaDB > CREATE DATABASE Contacts; MariaDB > quit ~]#mysql -u root -p Contacts < /root/users.mdb
22.查询数据库 ~]# mysql -u root -p MariaDB > useContacts; MariaDB > showtables; MariaDB > createuser r1@localhost identified by 'redhat'; MariaDB > grantselect on Contacts.* to r1@localhost; MariaDB > flushprivileges; MariaDB > select* from pass inner join name where name.aid=pass.bid; MariaDB > select* from pass inner join name on name.aid=pass.bid where password='tangerine'; MariaDB >select * from name inner join loc on name.aid=loc.cidwhere firstname='John' andloction='guangzhou';
|