1.
html
fdisk /dev/vdc #對推入的第三塊硬盤分區node
n-->p-->..-->1-->..-->+512M(大小)-->wlinux
mkfs.xfs /dev/vdc1 #格式化第一個分區
web
mkdir /datashell
echo "/dev/vdc1 /data xfs defaults 0 0" >> /etc/fstab
vim
mount -a
瀏覽器
2.bash
fdisk /dev/vdc #對推入的第三塊硬盤分區服務器
n-->p-->...-->2-->+1G(容量大小)-->t-->8e(類型爲lvm)-->w(保存) #建立第二個主分區大小爲1G,類型爲LVM
session
lsblk #查看塊狀況
partprobe #將新建分區信息同步到內核,這樣不用重啓系統
lsblk #再次查看塊狀況
pvcreate /dev/vdc2 #建立物理卷
vgcreate -s 8M vg_1 /dev/vdc2 #建立卷組vg_1,PE大小爲8M,添加/dev/vdc2到卷組vg_1
lvcreate -n lv_1 -l 50 vg_1 #在卷組vg_1中建立邏輯卷lv_1,PE數量爲50,即lv_1的大小爲400M(50*8M)
lvs #查看lv狀況
mkfs.ext4 /dev/mapper/vg_1-lv_1 #將lv_1格式化爲ext4
mkdir -p /mnt/data #建立data目錄
echo "/dev/mapper/vg_1-lv_1 /mnt/data ext4 defaults 0 0" >> /etc/fstab #將lv_1掛載信息寫入到fstab配置文件
mount -a #對fstab所有掛載
df -hT #查看分區掛載狀況
touch /mnt/data/test.txt #新建一個測試文件
3.
lvextend -L 800M /dev/vg_1/lv_1 #將lv_1擴容爲800M
resize2fs /dev/vg_1/lv_1 #在線加載lv_1大小爲800M
df -hT #查看分區狀況
4.
fdisk /dev/vdc
n-->p-->..-->3-->+256M-->t-->82-->w
lsblk
partprobe
mkswap -L swap1 /dev/vdc3
swapon -L swap1
swapon -s
free -h
echo "/dev/vdc3 swap swap defaults 0 0 " >> /etc/fstab
5.
crontab -u root -e
*/10 9-17 10-15 * * /bin/echo hello
echo "student" > /etc/cron.allow
6.
getenforce #是否爲enforcing
cat /etc/selinux/config |grep ^SELINUX #查看SELINUX是否爲enforcing
7.
cd /data
tar zcvf etc.tar.gz /etc
ls
8.
yum install chrony
vi /etc/chrony.conf
加入server cla***oom.example.com iburst
systemctl restart chronyd
systemctl enable chronyd
chronyc sources -v #查看時間同步源
9.
cd /etc/yum.repos.d
vi rhel_dvd.repo
[rhel_dvd]
name=rhel_dvd
enabled=1
gpgcheck=0
baseurl=http://content.example.com/rhel7.0/x86_64/dvd
10.
groupadd -g 1200 it #新建it組,gid爲1200
11.(124 U.5 )
useradd -u 1200 -g 1200 user1 #新建用戶user1,指定uid爲1200,並加入it組
useradd -g 1200 -s /sbin/nologin user2 #新建用戶user2,加入it組,不容許交互登陸shell
useradd -g 1200 user3 #新建用戶user3,加入it組
chage -M 30 user3 #用戶user3 30天后密碼過時
chage -l user3 #查看user3帳戶密碼狀況
echo "redhat" |passwd --stdin user1 #設置user1密碼爲redhat
echo "redhat" |passwd --stdin user2
echo "redhat" |passwd --stdin user3
12.
chown :it /data
chmod 2777 /data/
13.
setfacl -m u:user1:rwx /mnt/data/
setfacl -m u:user3:- /mnt/data/
14.破解root密碼
系統啓動通過grub引導菜單時,按e鍵。找到linux16這一行,若是有console=ttyS0,115200 當即刪除它,並加入rd.break 按ctrl+x
mount -o remount,rw /sysroot
chroot /sysroot
echo "redhat2015" |passwd --stdin root
touch /.autorelabel #從新打selinux標籤
exit
exit
15.升級內核
wget http://content.example.com/rhel7.0/x86_64/errata/Packages/kernel-3.10.0-123.1.2.el7.x86_64.rpm #打開瀏覽器定位拷貝rpm包的絕對路徑
rpm -ivh kernel-3.10.0-123.1.2.el7.x86_64.rpm
16.
cd /root
wget http://cla***oom.example.com/pub/vsftpd.conf
grep -v "^$|^[#;]" vsftpd.conf |grep YES$ > /root/vsftpd.bak
17.
find /home/ -user user1 -exec cp -rpf {} /root/backups/ \;
18.
yum install authconfig-gtk sssd #authconfig-gtk爲圖形配置客戶端工具;sssd爲代理(中間)組件,客戶只需將帳戶認證信息交給它,由它與認證服務器對接處理。
systemctl status sssd #查看sssd服務狀況
authconfig-gtk & #打開圖形認證配置會話
User Account Database: LDAP
LDAP Search Base DN: dc=example,dc=com
LDAP Server: ldap://cla***oom.example.com
勾上「Use TLS to encrypt connections」--"Download CA Certificate..."--"cla***oom.example.com/pub/EXAMPLE-CA-CERT"
Authentication Method: Kerberos password
Realm: EXAMPLE.COM
KDCs: cla***oom.example.com
Admin Servers: cla***oom.example.com
getent passwd ldapuser0 #查看ldapuser0相關屬性
su - ldapuser0
19.
showmount -e cla***oom.example.com #查看NFS服務器(cla***oom.example.com)共享出來的目錄
yum install autofs -y #安裝autofs功能包
vim /etc/auto.master.d/test.autofs #格式: **.autofs
輸入 /home/guests /etc/test #格式: 掛載到本地根目錄 配置文件
vim /etc/test
輸入 * -fstype=nfs,rw 172.25.254.254:/home/guests/& #格式: 掛載點 選項 共享源
systemctl restart autofs
systemctl enable autofs
su - ldapuser0
touch ldapuser0file
RHCE
1.
desktop0:
nmcli conn modify System\ eth0 connection.autoconnect yes ipv4.method manual ipv4.addresses "172.25.0.10/24 172.25.0.254" ipv4.dns "172.25.254.254"
systemctl restart NetworkManager
server0:
nmcli conn modify System\ eth0 connection.autoconnect yes ipv4.method manual ipv4.addresses "172.25.0.11/24 172.25.0.254" ipv4.dns "172.25.254.254"
systemctl restart NetworkManager
2.
desktopX:
nmcli conn modify System\ eth0 ipv6.addresses 2003:ac18::Xa/64 ipv6.method manual
systemctl restart network
ping6 2003:ac18::a
serverX:
nmcli conn modify System\ eth0 ipv6.addresses 2003:ac18::X5/64 ipv6.method manual
systemctl restart network
ping6 2003:ac18::a
3.
desktopX:
增長2塊網卡,eth1和eth2
nmcli conn add type team con-name team0 ifname team0 autoconnect yes config '{"runner":{"name":"loadbalance"}}'
nmcli conn modify team0 ipv4.addresses "192.168.X.10/24"
nmcli conn modify team0 ipv4.method manual
nmcli conn add type team-slave con-name eth1 ifname eth1 autoconnect yes master team0
nmcli conn add type team-slave con-name eth2 ifname eth2 autoconnect yes master team0
teamdctl team0 state #查看team0狀態
serverX:
增長2塊網卡,eth1和eth2
nmcli conn add type team con-name team0 ifname team0 autoconnect yes config '{"runner":{"name":"loadbalance"}}'
nmcli conn modify team0 ipv4.addresses "192.168.X.11/24"
nmcli conn modify team0 ipv4.method manual
nmcli conn add type team-slave con-name eth1 ifname eth1 autoconnect yes master team0
nmcli conn add type team-slave con-name eth2 ifname eth2 autoconnect yes master team0
teamdctl team0 state #查看team0狀態
ping 192.168.X.10
ifdown eth1
ping 192.168.X.10
ifup eth1
4.
serverX:
systemctl stop iptables
systemctl disable iptables
systemctl mask iptables
systemctl restart firewalld
systemctl enable firewalld
yum install httpd -y
firewall-cmd --add-rich-rule "rule family=ipv4 source address=172.25.0.0/24 service name=http accept"
systemctl start httpd
systemctl enable httpd
curl localhost
firewall-cmd --permanent --add-rich-rule="rule family=ipv4 source address=172.25.0.0/24 forward-port port=5423 protocol=tcp to-port=80 accept"
firewall-cmd --permanent --add-rich-rule "rule family=ipv4 source address="172.25.0.0/24" service name=ssh accept"
firewall-cmd --permanent --remove-service=ssh
firewall-cmd --reload
firewall-cmd --list-all
desktopX:
curl http://serverX:5423 #驗證是否可訪問
5.
serverX:
fdisk /dev/vdb
yum install targetcli
systemctl start target
systemctl enable target
firewall-cmd --permanent --add-port=3260/tcp
firewall-cmd --add-port=3260/tcp
targetcli
backstores/block create disk1 /dev/vdb1
iscsi/ create iqn.2016-03.com.example.server0
iscsi/iqn.2016-03.com.example.server0/tpg1/luns create /backstores/block/disk1
iscsi/iqn.2016-03.com.example.server0/tpg1/acls create iqn.2016-03.com.example.server0:desktop0
iscsi/iqn.2016-03.com.example.server0/tpg1/portals create 172.25.0.11
saveconfig
exit
desktopX:
yum install iscsi-initiator-utils
vi /etc/iscsi/initiatorname.iscsi
iqn.2016-03.com.example.server0:desktop0 #server0的acl
systemctl start iscsi
systemctl enable iscsi
iscsiadm -m discovery -t st -p server0 #發現共享塊設備
iscsiadm -m node -T iqn.2016-03.com.example.server0 -l #登錄
lsblk #發現sda
iscsiadm -m session -P 3 #查看sda狀態
6.desktopX:
fdisk /dev/sda ...+3584M..w
mkfs.ext4 /dev/sda1
echo "/dev/sda1 /mnt/storage ext4 _netdev 0 0" >> /etc/fstab
mkdir /mnt/storage
mount -a
df -hT
7-8.
server0:
#安裝包
yum install nfs-utils rpcbind sssd authconfig-gtk -y
#配置文件
authconfig-gtk & 圖形會話加入域,依題目輸入相關參數
getent passwd ldapuser0 若顯示ldapuser0屬性,加入成功!
wget -O /etc/krb5.keytab http://cla***oom.example.com/pub/keytabs/server0.keytab
vi /etc/exports.d/test.exports
/public 172.25.0.0/24(ro)
/protected 172.25.0.0/24(rw,sec=krb5p)
mkdir /public
mkdir /protected
mkdir /protected/project
chown ldapuser0 /protected/project
setfacl -m u:ldapuser0:rwx /protected
#開啓相關服務
systemctl start nfs-server nfs-secure-server
systemctl enable nfs-server nfs-secure-server
#放行相關服務
firewall-cmd --permanent --add-service=nfs
firewall-cmd --permanent --add-service=rpc-bind
firewall-cmd --permanent --add-service=mountd
firewall-cmd --reload
desktop0:
#安裝包
yum install nfs-utils rpcbind sssd authconfig-gtk -y
#配置文件
authconfig-gtk & 圖形界面配置
依題目輸入相關參數加入域
getent passwd ldapuser0 若顯示ldapuser0屬性,加入成功!
wget -O /etc/krb5.keytab http://cla***oom.example.com/pub/keytabs/desktop0.keytab
vi /etc/fstab
server0:/public /mnt/nfsmount nfs defaults 0 0
server0:/protected /mnt/nfssecure nfs sec=krb5p 0 0
mkdir /mnt/nfsmount
mkdir /mnt/nfssecure
#開啓服務
systemctl start nfs-secure
systemctl enable nfs-secure
測試:
desktop0:
df
mount -a
df
ssh ldapuser0@localhost
touch /mnt/nfssecure/project/kksk.txt
9.
vim /root/myscripts.sh
#!/bin/bash
case $1 in
redhat)
echo "fedora";
;;
fedora)
echo "redhat";
;;
*)
echo 'Error: Please Input redhat|fedora'
;;
esac
chmod +x /root/myscripts
10.batchusers 批建用戶
vi /root/batchusers.sh
#!/bin/bash
if [ $# -eq 0 ] ; then
echo "Usage:/root/batchusers.sh";
exit 1;
fi
if [ ! -f $1 ] ; then
echo "Input file not found";
exit 2;
fi
for USERNAME in $(cat $1) ;
do
useradd -s /bin/false $USERNAME
id $USERNAME
done
chmod +x /root/batchusers.sh
/root/batchusers.sh userlist
11.多用戶samba掛載
server0:
#安裝包
yum install samba samba-client samba-common -y
#配置文件
vi /etc/samba/smb.conf
[rhce]
browseable = yes
path = /common
write list = user3
mkdir /common
useradd user1
useradd user3
smbpasswd -a user1 錄入密碼redhat
smbpasswd -a user3 錄入密碼redhat
semanage fcontext -a -t samba_share_t "/common(/.*)?"
restorecon -Rv /common/
ll -dZ /common
setfacl -R -m u:user3:rwx /common
#開啓服務
systemctl start smb nmb
systemctl enable smb nmb
#放行服務
firewall-cmd --permanent --add-rich-rule "rule family=ipv4 source address=172.25.0.0/24 service name=samba accept"
firewall-cmd --reload
desktop0:
#安裝包
yum install samba-client cifs-utils -y
#配置文件
echo "//172.25.0.11/rhce /mnt/dev cifs username=user1,password=redhat,multiuser,sec=ntlmssp 0 0 " >> /etc/fstab
mkdir /mnt/dev
mount -a
su - student
cifscreds add 172.25.0.11 -u user3
touch /mnt/dev/test.txt
12.
server0:
vi /etc/bashrc
alias qstat='/bin/ps -Ao pid,user,%cpu,%mem,comm,'
alias
退出server0再登錄,執行qstat看效果。
13.配置web
server0:
#安裝包
yum install httpd -y
#配置文件
將模板文件/usr/share/doc/httpd-2.4.6/httpd-vhosts.conf中的8行拷貝
vi /etc/httpd/conf.d/server0.conf #內容來源爲模板文件的8行拷貝
<VirtualHost *:80>
ServerAdmin root@server0.example.com
DocumentRoot "/var/www/html"
ServerName server0.example.com
#ServerAlias www.dummy-host.example.com
ErrorLog "/var/log/httpd/server0.example.com-error_log"
CustomLog "/var/log/httpd/server0.example.com-access_log" common
</VirtualHost>
#開啓服務
systemctl start httpd
systemctl enable httpd
#放行服務
firewall-cmd --permanent --add-rich-rule "rule family=ipv4 source address=172.25.0.0/24 service name=http accept"
firewall-cmd --reload
#測試
echo "server0.example.com" >> /var/www/html/index.html
desktop0:
curl http://server0.example.com
14.擴展web(更改虛擬站點,即更改被訪問的目錄資源)
mkdir /var/www/virtual
useradd user1
setfacl -R -m u:user1:rwx /var/www/virtual
echo "www0.example.com" >> /var/www/virtual/index.html #模擬下載實際的index.html
vi /etc/httpd/conf.d/server0.conf
<VirtualHost *:80>
ServerAdmin root@server0.example.com
DocumentRoot "/var/www/virtual"
ServerName www0.example.com
ErrorLog "/var/log/httpd/server0_www0.example.com-error_log"
CustomLog "/var/log/httpd/server0_www0.example.com-access_log" common
</VirtualHost>
<Directory "/var/www/virtual">
AllowOverride None
Require all granted
</Directory>
###其中<Directory>這個在/etc/httpd/conf/httpd.conf裏面複製
systemctl restart httpd
desktop0:
echo "172.25.0.11 www0.example.com" >> /etc/hosts
curl www0.example.com
15.
mkdir /var/www/html/private
touch /var/www/html/private/index.html
echo "private web." > /var/www/html/private/index.html
vi /etc/httpd/conf.d/server0.conf
<VirtualHost *:80>
ServerAdmin root@server0.example.com
DocumentRoot "/var/www/html"
ServerName www0.example.com
ErrorLog "/var/log/httpd/server0.example.com-error_log"
CustomLog "/var/log/httpd/server0.example.com-access_log" common
</VirtualHost>
<Directory "/var/www/html/private">
Require all denied
Require local
</Directory>
systemctl restart httpd.service
curl server0/private/
desktop0:
curl server0/private/
16.
server0:
yum install mod_ssl -y
wget -O /etc/pki/tls/certs/www0.crt http://cla***oom.example.com/pub/tls/certs/www0.crt
wget -O /etc/pki/tls/private/www0.key http://cla***oom.example.com/pub/tls/private/www0.key
wget -O /etc/pki/tls/certs/example-ca.crt http://cla***oom.example.com/pub/example-ca.crt
vi /etc/httpd/conf.d/server0.conf
Listen 443
<VirtualHost *:443>
ServerAdmin root@server0.example.com
DocumentRoot "/var/www/html"
ServerName www0.example.com
ErrorLog "/var/log/httpd/server0_443.example.com-error_log"
CustomLog "/var/log/httpd/server0_443.example.com-access_log" common
SSLEngine on #SSL相關的行經過 grep SSL /etc/httpd/conf.d/ssl.conf拷貝出來
SSLProtocol all -SSLv2 -SSLv3
SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5
SSLCertificateFile /etc/pki/tls/certs/www0.crt
SSLCertificateKeyFile /etc/pki/tls/private/www0.key
SSLCACertificateFile /etc/pki/tls/certs/example-ca.crt
</VirtualHost>
mv /etc/httpd/conf.d/ssl.conf /root/ssl.conf #移開ssl文件,不然影響httpd服務啓動。
systemctl restart httpd
firewall-cmd --permanent --add-rich-rule "rule family=ipv4 source address=172.25.0.0/24 service name=https accept"
firewall-cmd --permanent --add-rich-rule "rule family=ipv4 source address=172.25.0.0/24 service name=http accept"
firewall-cmd --reload
desktop0:
在火狐瀏覽器進入https://server0.example.com
"I Understand the risks"-->"Add Exception"-->"Confirm Security Exception"
web 5題總配置
yum install mod_ssl mod_wsgi -y
systemctl enable httpd
systemctl restart httpd
firewall-cmd --permanent --add-port=8909/tcp
firewall-cmd --reload
semanage port -a -t http_port_t -p tcp 8909
cat /etc/httpd/conf.d/system1.conf
<VirtualHost *:80>
DocumentRoot "/var/www/html"
ServerName system1.group8.example.com
<Directory "/var/www/html">
order allow,deny
allow from .group8.example.com
deny from .my133t.org
</Directory>
<Directory "/var/www/html/private">
order deny,allow
allow from 127.0.0.1 172.24.8.11
deny from all
</Directory>
</VirtualHost>
<VirtualHost *:443>
DocumentRoot "/var/www/html"
ServerName system1.group8.example.com
<Directory "/var/www/html">
order allow,deny
allow from .group8.example.com
deny from .my133t.org
</Directory>
</VirtualHost>
<VirtualHost *:80>
DocumentRoot "/var/www/virtual"
ServerName www8.group8.example.com
<Directory "/var/www/virtual/private">
order deny,allow
allow from 127.0.0.1 172.24.8.11
deny from all
</Directory>
</VirtualHost>
Listen 8909
<VirtualHost *:8909>
ServerName wsgi.group8.example.com
WSGIScriptAlias / /var/www/wsgi/webinfo.wsgi
</VirtualHost>
添加用戶腳本
#!/bin/bash
if [ -z "$1" ] ; then
echo "Usage: /root/batchusers userfile"
exit 1;
elif [ ! -f "$1" ] ; then
echo "Input file not found"
exit 2;
else
for USER in $(cat $1)
do
useradd -s /bin/false $USER
echo "$USER add ok"
done
fi
另外一腳本
#!/bin/bash if [ "$1" = redhat ] ; then echo "fedora" elif [ "$1" = fedora ] ; then echo "redhat" else echo "/root/foo.sh redhat | fedora" exit 1; fi