Linux做業9
一、詳細描述一次加密通信的過程,結合圖示最佳。php
以Bob和Alice安全通信爲例:html
Bob<--------->Alicemysql
1. Bob要和Alice安全通訊首先要取得對方的公鑰,即對方的證書,並驗證證書的合法性。驗證過程和內容:linux
1)、用CA的公鑰(雙方已知)解密對方證書中CA的簽名;能解密說明證書來原可靠;ios
2)、用證書中標記的「簽名算法」來計算證書的相關信息,並將散列計算的結果與證書「發行者簽名」解密的結果(證書特徵碼)進行比較,若是一致說明證書完整性可靠;web
3)、檢查證書的有效期限是否在合法範圍內,防止證書過時;算法
4)、驗證證書的「主體名稱」和預通訊的人是否對應;sql
5)、檢查證書是否被吊銷;數據庫
以上驗證成功則說明對方證書可靠,並信任該證書。
apache
2. 取得對方證書(即公鑰)後進行以下操做:
加密:
1)、Bob對明文數據進行散列計算,提取出數據指紋(特徵碼,也叫信息摘要);
2)、Bob使用本身的私鑰對該數據指紋進行加密,生成數字簽名,並將該數字簽名附加在明文數據以後;
3)、Bob使用一個一次性的對稱加密算法密鑰對明文和數字簽名進行加密,生成密文;
4)、Bob再使用Alice的公鑰對對稱加密算法的密鑰進行加密,生成數字信封;
5)、Bob將密文和數字信封打包發送給Alice;
解密:
1)、Alice收到數據(密文+數字信封)後,使用本身的私鑰解密數字信封,獲得對稱加密算法的密鑰;
2)、使用對稱加密密鑰解密密文,獲得明文數據和數字簽名。保證了數據的私密性;
3)、使用Bob的公鑰解密數字簽名,獲得明文的數據指紋(特徵碼)。若是能解出,說明數據爲Bob發送,保證了數據的不能否認性;
4)、Alice使用一樣的散列算法對明文計算得出數據指紋(特徵碼),並與Bob計算的數據指紋進行比對,若是一致,說明數據沒有被篡改。保證的數據的完整性;
二、描述建立私有CA的過程,以及爲客戶端發來的證書請求進行辦法證書。
應用服務器若是使用證書需向RA(證書註冊機構)提出申請,RA對申請人信息進行覈驗,覈驗成功後由CA進行簽署並生成證書。爲了保證CA簽署的證書可信,CA在簽署客戶證書前須要先生成自簽證書,客戶端會使用CA的證書來驗證CA所簽署的證書。
證書頒發過程:
1)、申請方向RA遞交證書申請;
2)、RA會要求申請人遞交本身的公鑰和其它相關信息;
3)、RA覈驗該申請方的真實信息;
4)、覈驗經過後,RA會將請求轉交給CA進行簽署。由CA對這些信息進行散列,並用本身的私鑰對散列結果進行加密,生成數字簽名;
5)、將申請方的信息和數字簽名一塊兒封裝到證書內,頒發給申請方;
證書申請及簽署實例(使用自建CA簽署證書時CA和RA可合併):
1) 構建私有CA:
(1) 檢查安裝openssl;
(2) 根據openssl的配置文件(/etc/pki/tls/openssl.cnf)建立所須要的文件;
# touch /etc/pki/CA/index.txt #建立證書索引文件 # echo 01 > /etc/pki/CA/serial #設置證書的序列號
(3) 自簽證書:
# (umask 077; openssl genrsa -out /etc/pki/CA/private/cakey.pem 2048) #生成CA的私鑰 # openssl req -new -x509 -key /etc/pki/CA/private/cakey.pem -days 3650 -out /etc/pki/CA/cacert.pem #生成自簽證書籤署請求,只有在生成自簽證書時使用-x509選項 You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [XX]:CN State or Province Name (full name) []:Beijing Locality Name (eg, city) [Default City]:Beijing Organization Name (eg, company) [Default Company Ltd]:Yinkai Organizational Unit Name (eg, section) []:Ops Common Name (eg, your name or your server's hostname) []:ca.yinkai.site Email Address []:caadmin@yinkai.site
2) 爲客戶端簽發證書:
(1) 客戶端提交證書籤署請求:
# (umask 077; openssl genrsa -out /etc/httpd/ssl/httpd.key 2048) #客戶端生成私鑰 # openssl req -new -key /etc/httpd/ssl/httpd.key -days 365 -out /etc/httpd/ssl/httpd.csr #客戶端生成證書籤署請求文件 You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [XX]:CN State or Province Name (full name) []:Beijing Locality Name (eg, city) [Default City]:Beijing Organization Name (eg, company) [Default Company Ltd]:Yinkai Organizational Unit Name (eg, section) []:Tech Common Name (eg, your name or your server's hostname) []:www.yinkai.site #此處的公共名需與實際使用的服務器訪問名稱一致 Email Address []:caadmin@yinkai.site Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []: An optional company name []:
(2) 將證書籤署請求發給RA(此處RA與CA一致)
# scp /etc/httpd/ssl/httpd.csr root@192.168.1.71:/tmp
(3) CA簽署請求:
# openssl ca -in /tmp/httpd.csr -days 365 -out /etc/pki/CA/certs/httpd.crt Using configuration from /etc/pki/tls/openssl.cnf Check that the request matches the signature Signature ok Certificate Details: Serial Number: 1 (0x1) Validity Not Before: Oct 29 06:53:10 2016 GMT Not After : Oct 29 06:53:10 2017 GMT Subject: countryName = CN stateOrProvinceName = Beijing organizationName = Yinkai organizationalUnitName = Tech commonName = www.yinkai.site emailAddress = caadmin@yinkai.site X509v3 extensions: X509v3 Basic Constraints: CA:FALSE Netscape Comment: OpenSSL Generated Certificate X509v3 Subject Key Identifier: 4B:08:90:15:E3:FE:E2:44:AF:BD:C2:79:F9:13:4A:B8:FB:70:BF:4A X509v3 Authority Key Identifier: keyid:32:43:7A:30:8C:2E:22:87:85:63:04:F1:37:D4:8C:4D:3B:41:10:B8 Certificate is to be certified until Oct 29 06:53:10 2017 GMT (365 days) Sign the certificate? [y/n]:y 1 out of 1 certificate requests certified, commit? [y/n]y Write out database with 1 new entries Data Base Updated
(4) 將證書發送給請求客戶端:
# scp /etc/pki/CA/certs/httpd.crt root@192.168.1.61:/etc/httpd/ssl/
三、搭建一套DNS服務器,負責解析magedu.com域名(自行設定主機名及IP)
(1)、可以對一些主機名進行正向解析和逆向解析;
(2)、對子域cdn.magedu.com進行子域受權,子域負責解析對應子域中的主機名;
(3)、爲了保證DNS服務系統的高可用性,請設計一套方案,並寫出詳細的實施過程
環境說明:
magedu.com主ns服務器IP:192.168.1.71
magedu.com輔助ns服務器:192.168.1.72
cdn.magedu.com子域ns服務器:192.168.1.61
主域名稱服務器(192.168.1.71):
bind主配置文件(/etc/named.conf)以下:
acl slaves { //定義輔助ns
192.168.1.71;
192.168.1.72;
127.0.0.1;
};
acl mynet { //定義接受遞歸的服務器
192.168.1.71;
192.168.1.61;
127.0.0.1;
};
options {
listen-on port 53 { 127.0.0.1; 192.168.1.71; }; //定義監聽的IP
// listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { any; };
forward first; //定義轉發服務器。接受「mynet」遞歸請求,轉發至8.8.8.8
forwarders { 8.8.8.8; };
allow-recursion { mynet; };
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
編輯/etc/named.rfc1912.zones,添加如下區域:
zone "1.168.192.in-addr.arpa" IN {
type master;
file "192.168.1.zone";
allow-update { none; };
};
zone "magedu.com" IN {
type master;
file "magedu.com.zone";
allow-query { any; };
allow-transfer { slaves; }; //接受「slaves」傳輸請求
allow-update { none; };
};
添加區域資源記錄:
正向資源記錄:
# cat magedu.com.zone $TTL 1D $ORIGIN magedu.com. @ IN SOA ns1.magedu.com. admin.magedu.com ( 2016103002 1H 5M 7D 1D ) IN NS ns1 IN NS ns2 IN MX 10 mx1 IN MX 20 mx2 ns1 IN A 192.168.1.71 ns2 IN A 192.168.1.72 mx1 IN A 192.168.1.100 mx2 IN A 192.168.1.200 www IN A 192.168.1.5 cdn IN NS ns.cdn ns.cdn IN A 192.168.1.61 * IN A 192.168.1.100
反向資源記錄:
# cat 192.168.1.zone $TTL 1D $ORIGIN 1.168.192.in-addr.arpa. @ IN SOA ns1.magedu.com. admin.magedu.com. ( 2016103001 1H 5M 7D 1D ) IN NS ns1.magedu.com. IN NS ns2.magedu.com. 71 IN PTR ns1.magedu.com. 72 IN PTR ns2.magedu.com. 100 IN PTR mx1.magedu.com. 200 IN PTR mx2.magedu.com. 5 IN PTR www.magedu.com. 61 IN PTR ns.cdn.magedu.com.
輔助名稱服務器(192.168.1.72):
/etc/named.conf:
options {
listen-on port 53 { 127.0.0.1; 192.168.1.72; };
// listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { any; };
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN {
type hint;
file "named.ca";
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
/etc/named.rfc1912.zones添加如下部分:
zone "magedu.com" IN {
type slave;
masters { 192.168.1.71; };
file "slaves/magedu.com.zone";
};
zone "1.168.192.in-addr.arpa" IN {
type slave;
masters { 192.168.1.71; };
file "slaves/192.168.1.zone";
};
cdn.magedu.com子域服務器(192.168.1.61):
/etc/named.conf:
options {
listen-on port 53 { 127.0.0.1; 192.168.1.61; };
//listen-on-v6 port 53 { ::1; };
directory "/var/named";
allow-query { any; };
recursion yes;
forward first; //定義全局轉發服務器,當主服務器不予遞歸時再將請求轉發至根域服務器
forwarders { 192.168.1.71; };
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN {
type hint;
file "named.ca";
};
include "/etc/named.rfc1912.zones";
/etc/named.rfc1912.zones
zone "cdn.magedu.com" IN {
type master;
file "cdn.magedu.com.zone";
allow-update { none; };
};
//zone "magedu.com" IN { //定義區域轉發服務器,與全局轉發選其一。區域轉發只轉發magedu.com域的請求
// type forward;
// forward only;
// forwarders { 192.168.1.71; 192.168.1.72; };
//};
/var/named/cdn.magedu.com.zone:
$TTL 1D $ORIGIN cdn.magedu.com. @ IN SOA ns.cdn.magedu.com. admin.cdn.magedu.com. ( 2016103001 1H 5M 7D 1D ) IN NS ns IN MX 10 mx ns IN A 192.168.1.61 mx IN A 192.168.1.101 www IN A 192.168.1.110 * IN A 192.168.1.111
重啓named服務後驗證:
主域服務器測試正反解析:
測試輔助服務器正反解析:
測試子域服務器:
四、請描述一次完整的http請求處理過程;
http請求處理過程:
1) 客戶端遞歸請求服務器網站域名,DNS服務器解析到結果後返回給客戶端;
2) 客戶端使用IP地址向http服務器發起TCP三次握手;
3) 客戶端封裝http報文,並向http服務器發起請求;
4) http服務器解析請求,獲取URL中指定資源,構建響應報文並封裝爲http響應報文返回給客戶端;
5) 客戶端收到http響應報文後由瀏覽器負責解析並渲染呈現給用戶,並記錄日誌。完成一個http事務。在此過程當中http返回的響應報文有可能引用了多個服務器資源,若服務器沒有啓用「KeepAlived」則每一個資源的獲取都須要一個tcp三次握手和四次斷開過程。
五、httpd所支持的處理模型有哪些,他們的分別使用於哪些環境。
httpd支持如下三種處理模型(MPM):
prefork: 多進程模型。一個主進程負責生成多個工做進程,每一個工做進程處理一個用戶請求;即便沒有用戶請求也會預先生成多個工做進程,以便隨時響應用戶請求,默認8個,最大不會超過1024個;特色是工做穩定,進程間獨立工做,某個進程掛起不會影響其它進程。用於請求量不大,但穩定性要求較高的環境;
worker: 多線程模型。一個主進程負責生成多個子進程(m,默認4個),每一個子進程負責生成多個線程(n),由線程處理用戶請求,同時可接受m×n個http請求。因爲linux中進程的輕量化設計,進程與線程的效率無太大差異,因此工做效率與profork也沒有太大差別,但一個工做進程中的多個線程共享一個內存數據區,某個線程故障會影響到同進程下的其它線程,故穩定性不如prefork;
event: 事件驅動模型。一個主進程負責生成多個工做進程(m),每一個進程基於epoll事件通知機制直接響應多個用戶請求(n)。同時可響應m*n個用戶>請求,httpd2.4中可用於生產。
六、創建httpd服務器(基於編譯的方式進行),要求:
提供兩個基於名稱的虛擬主機:
(a)www1.stuX.com,頁面文件目錄爲/web/vhosts/www1;錯誤日誌爲/var/log/httpd/www1.err,訪問日誌爲/var/log/httpd/www1.access;
(b)www2.stuX.com,頁面文件目錄爲/web/vhosts/www2;錯誤日誌爲/var/log/httpd/www2.err,訪問日誌爲/var/log/httpd/www2.access;
(c)爲兩個虛擬主機創建各自的主頁文件index.html,內容分別爲其對應的主機名;
(d)經過www1.stuX.com/server-status輸出httpd工做狀態相關信息,且只容許提供賬號密碼才能訪問(status:status);
在RHEL6上編譯安裝httpd2.4
(1) 環境準備:
httpd的運行依賴於apr1.4+和apr-util1.4(apr和apr-util(apr-util爲apr的工具組件)至關於httpd的虛擬機)。httpd2.4依賴1.4版以上的apr和apr-util,而RHEL6默認安裝的apr和apr-utils版本爲1.3.9,爲了避免影響其餘程序對apr-1.3.9的依賴,需單獨編譯安裝apr和apr-util1.4以上版。
1).編譯安裝apr-1.5.2和apr-util-1.5.4:
[root@C1 ~]# tar xf /tmp/httpd/apr-1.5.2.tar.bz2 -C /usr/local/src/ [root@C1 ~]# cd /usr/local/src/apr-1.5.2/ [root@C1 apr-1.5.2]# ./configure --prefix=/usr/local/apr-1.5.2 [root@C1 apr-1.5.2]# make && make install
[root@C1 httpd]# tar xf apr-util-1.5.4.tar.bz2 -C /usr/local/src/ [root@C1 httpd]# cd /usr/local/src/apr-util-1.5.4/ [root@C1 apr-util-1.5.4]# ./configure --prefix=/usr/local/apr-util-1.5.4 --with-apr=/usr/local/apr-1.5.2/ [root@C1 apr-util-1.5.4]# make && make install
#建立apr和apr-util的連接文件,以便後期引用:
[root@C1 ~]# ln -s /usr/local/apr-1.5.2/ /usr/local/apr [root@C1 ~]# ln -s /usr/local/apr-util-1.5.4/ /usr/local/apr-util
2).安裝PCRE(Perl Compatible Regular Expressions)的開發庫:
[root@C1 ~]# yum install -y pcre-devel
3).建立apache系統用戶:
[root@C1 ~]# useradd -r apache
(2) 編譯安裝httpd-2.4:
1).安裝httpd程序:
[root@C1 httpd]# tar xv httpd-2.4.23.tar.bz2 -C /usr/local/src/ [root@C1 httpd]# cd /usr/local/src/httpd-2.4.23/ [root@C1 httpd-2.4.23]# ./configure --prefix=/usr/local/httpd24 --sysconf=/etc/httpd24 --enable-ssl --enable-cgi --enable-rewrite --with-zlib --with-pcre --with-apr=/usr/local/apr --with-apr-util=/usr/local/apr-util --enable-so --enable-modules=most --enable-mpms-shared=all --with-mpm=prefork
#選項說明:
--prefix=/usr/local/httpd24:指定httpd的安裝路徑;
--sysconf=/etc/httpd24:指定httpd的配置文件路徑,爲了避免與系統上已安裝的httpd2.2相沖突,需另指一個目錄;
--enable-ssl:啓用SSL功能
--enable-cgi:啓用cgi機制;
--enable-rewrite:啓用URL重寫機制;
--with-zlib:當使用compress壓縮機制時,需加載壓縮算所使用的壓縮庫;
--with-pcre:啓用PCRE庫。一般在使用URL重寫或過濾時會用到。注意:在使用該選項編譯httpd前需事先安裝pcre-devel;
--with-apr=/usr/local/apr:指定apr的安裝路徑;
--with-apr-util=/usr/local/apr-util/:指定apr-util的安裝路徑;
--enable-so:啓用動態模塊加載機制;
--enable-modules=most:指定要編譯的模塊。可用選項:"all" | "most" | "few" | "none" | "reallyall";
--enable-mpms-shared=all:httpd支持DSO(共享模塊編譯機制),此處將編譯全部支持的MPM模塊。可用選項:"all" | "most" | "few" | "reallyall"
--with-mpm=prefork:指定httpd默認使用的MPM處理模塊。MPM={event|worker|prefork|winnt}
[root@C1 httpd-2.4.23]# make && make install
2).將httpd-2.4的程序目錄添加到PATH環境變量中:
[root@C1 init.d]# vim /etc/profile.d/httpd24.sh export PATH=/usr/local/httpd24/bin:$PATH [root@C1 init.d]# . /etc/profile.d/httpd24.sh [root@C1 init.d]# echo $PATH /usr/local/httpd24/bin:/usr/lib/qt-3.3/bin:/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/root/bin [root@C1 init.d]# which httpd /usr/local/httpd24/bin/httpd
3).啓動httpd-2.4:
#注意:啓動前要確保80/tcp端口沒有被佔用。
[root@C1 httpd-2.4.23]# apachectl start
#測試httpd-2.4是否成功啓動:
[root@C1 httpd-2.4.23]# ss -taln | grep :80 0 128 :::80 :::* [root@C1 httpd-2.4.23]# ps aux | grep httpd root 4415 0.0 0.3 4500 1828 ? Ss 16:59 0:00 /usr/local/httpd24/bin/httpd -k start daemon 4416 0.0 0.2 4500 1228 ? S 16:59 0:00 /usr/local/httpd24/bin/httpd -k start daemon 4417 0.0 0.2 4500 1228 ? S 16:59 0:00 /usr/local/httpd24/bin/httpd -k start daemon 4418 0.0 0.2 4500 1228 ? S 16:59 0:00 /usr/local/httpd24/bin/httpd -k start daemon 4419 0.0 0.2 4500 1228 ? S 16:59 0:00 /usr/local/httpd24/bin/httpd -k start daemon 4420 0.0 0.2 4500 1228 ? S 16:59 0:00 /usr/local/httpd24/bin/httpd -k start root 4443 0.0 0.1 4328 724 pts/0 S+ 17:02 0:00 grep httpd
(3) 配置httpd服務器
1) 建立數據目錄,並準備測試頁面:
[root@C1 extra]# mkdir -vp /web/vhosts/www{1,2}
mkdir: created directory `/web'
mkdir: created directory `/web/vhosts'
mkdir: created directory `/web/vhosts/www1'
mkdir: created directory `/web/vhosts/www2'
[root@C1 extra]# echo "The vhost1 site." > /web/vhosts/www1/index.html
[root@C1 extra]# echo "The vhost2 site." > /web/vhosts/www2/index.html
2) 編輯httpd-2.4的配置文件:
[root@C1 httpd24]# cp -p httpd.conf{,bak}
#備份原始的配置文件
/etc/httpd24/httpd.conf:
[root@C1 ~]# egrep -v '^#|^$|^[[:space:]]+#' /etc/httpd24/httpd.conf
ServerRoot "/usr/local/httpd24"
Listen 80#定義httpd-2.4監聽端口
LoadModule authn_file_module modules/mod_authn_file.so
LoadModule authn_core_module modules/mod_authn_core.so
LoadModule authz_host_module modules/mod_authz_host.so
LoadModule authz_groupfile_module modules/mod_authz_groupfile.so
LoadModule authz_user_module modules/mod_authz_user.so
LoadModule authz_core_module modules/mod_authz_core.so
LoadModule access_compat_module modules/mod_access_compat.so
LoadModule auth_basic_module modules/mod_auth_basic.so
LoadModule reqtimeout_module modules/mod_reqtimeout.so
LoadModule filter_module modules/mod_filter.so
LoadModule mime_module modules/mod_mime.so
LoadModule log_config_module modules/mod_log_config.so
LoadModule env_module modules/mod_env.so
LoadModule headers_module modules/mod_headers.so
LoadModule setenvif_module modules/mod_setenvif.so
LoadModule version_module modules/mod_version.so
LoadModule mpm_prefork_module modules/mod_mpm_prefork.so
LoadModule unixd_module modules/mod_unixd.so
LoadModule status_module modules/mod_status.so
LoadModule autoindex_module modules/mod_autoindex.so
<IfModule !mpm_prefork_module>
</IfModule>
<IfModule mpm_prefork_module>
</IfModule>
LoadModule dir_module modules/mod_dir.so
LoadModule alias_module modules/mod_alias.so
<IfModule unixd_module>
User apache#修改httpd的啓動用戶。編譯安裝的httpd-2.4默認使用deamon用戶來啓動httpd,需修改成apache:
Group apache
</IfModule>
ServerAdmin you@example.com
<Directory />
AllowOverride none
Require all denied
</Directory>
DocumentRoot "/web/vhosts"#修改httpd的主目錄
<Directory "/web/vhosts">
Options Indexes FollowSymLinks
AllowOverride None
Require all granted
</Directory>
<IfModule dir_module>
DirectoryIndex index.html
</IfModule>
<Files ".ht*">
Require all denied
</Files>
ErrorLog "logs/error_log"
LogLevel warn
<IfModule log_config_module>
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %b" common
<IfModule logio_module>
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio
</IfModule>
CustomLog "logs/access_log" common
</IfModule>
<IfModule alias_module>
ScriptAlias /cgi-bin/ "/usr/local/httpd24/cgi-bin/"
</IfModule>
<IfModule cgid_module>
</IfModule>
<Directory "/usr/local/httpd24/cgi-bin">
AllowOverride None
Options None
Require all granted
</Directory>
<IfModule mime_module>
TypesConfig /etc/httpd24/mime.types
AddType application/x-compress .Z
AddType application/x-gzip .gz .tgz
</IfModule>
Include /etc/httpd24/extra/httpd-vhosts.conf#加載虛擬主機配置文件
<IfModule proxy_html_module>
Include /etc/httpd24/extra/proxy-html.conf
</IfModule>
<IfModule ssl_module>
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
</IfModule>
/etc/httpd24/extra/httpd-vhosts.conf:
[root@C1 ~]# egrep -v '^#|^$' /etc/httpd24/extra/httpd-vhosts.conf
<VirtualHost *:80> ServerName www1.stuX.com DocumentRoot "/web/vhosts/www1"#定義www1虛擬主機的數據目錄 ErrorLog "/web/vhosts/www1.err"#定義錯誤日誌文件 CustomLog "/web/vhosts/www1.access" common#定義訪問日誌文件 <Location /server-status>#定義"www1.stuX.com/server-status" SetHandler server-status AuthType Basic#認證類型爲Basic AuthName "Administrator Private."#認證時的提示信息 AuthBasicProvider file#認證方式 AuthUserFile "/etc/httpd24/extra/.htpasswd"#認證文件,用於存儲用戶名和密碼 <RequireAll> Require valid-user#容許帳號文件中的全部用戶登陸訪問 </RequireAll> </Location> </VirtualHost> <VirtualHost *:80> ServerName www2.stuX.com DocumentRoot "/web/vhosts/www2" ErrorLog "/web/vhosts/www2.err" CustomLog "/web/vhosts/www2.access" common </VirtualHost>
3) 配置用戶認證:
添加認證用戶:
[root@C1 ~]# cd /etc/httpd24/extra/ [root@C1 extra]# htpasswd -c -s -b .htpasswd yinkai yinkaipass Adding password for user yinkai
選項說明:
-c: 建立用戶文件,只在第一次使用
-s: 強制使用SHA加密用戶密碼
-b: 從命令行讀取用戶密碼
測試:
[root@C1 httpd24]# ps aux | grep httpd#檢查httpd是否以apache用戶成功啓動 root 4415 0.0 0.4 4500 2148 ? Ss 16:59 0:00 /usr/local/httpd24/bin/httpd -k start apache 4495 0.0 0.2 4500 1232 ? S 17:18 0:00 /usr/local/httpd24/bin/httpd -k start apache 4496 0.0 0.2 4500 1232 ? S 17:18 0:00 /usr/local/httpd24/bin/httpd -k start apache 4497 0.0 0.2 4500 1232 ? S 17:18 0:00 /usr/local/httpd24/bin/httpd -k start apache 4498 0.0 0.2 4500 1232 ? S 17:18 0:00 /usr/local/httpd24/bin/httpd -k start apache 4499 0.0 0.2 4500 1232 ? S 17:18 0:00 /usr/local/httpd24/bin/httpd -k start root 4501 0.0 0.1 4328 720 pts/0 S+ 17:18 0:00 grep httpd
七、爲第6題中的第2個虛擬主機提供https服務,使得用戶能夠經過https安全的訪問此web站點;
(1)要求使用證書認證,證書中要求使用的國家(CN)、州(HA)、城市(ZZ)和組織(MageEdu);
(2)設置部門爲Ops,主機名爲www2.stuX.com,郵件爲admin@stuX.com;
1. 建立私有CA服務器
(1) 根據openssl配置文件(/etc/pki/tls/openssl.cnf)準備CA服務器環境:
[root@C1 ~]# cd /etc/pki/CA/ //切換到CA根目錄 [root@C1 CA]# touch index.txt //建立證書數據庫索引文件 [root@C1 CA]# echo 01 > serial //設置當前證書(第一個)序列號
(2) 生成CA的私鑰
[root@C1 CA]# (umask 077; openssl genrsa -out /etc/pki/CA/private/cakey.pem 2048) Generating RSA private key, 2048 bit long modulus ......+++ ..........................................+++ e is 65537 (0x10001)
(3) 生成CA自簽證書
[root@C1 CA]# openssl req -new -x509 -key /etc/pki/CA/private/cakey.pem -days 3650 -out /etc/pki/CA/cacert.pem You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [XX]:CN State or Province Name (full name) []:HA Locality Name (eg, city) [Default City]:ZZ Organization Name (eg, company) [Default Company Ltd]:MageEdu Organizational Unit Name (eg, section) []:Ops Common Name (eg, your name or your server's hostname) []:ca.stuX.com Email Address []:admin@stuX.com
(4) 檢查CA自簽證書內容:
[root@C1 CA]# openssl x509 -in /etc/pki/CA/cacert.pem -noout -subject subject= /C=CN/ST=HA/L=ZZ/O=MageEdu/OU=Ops/CN=ca.stuX.com/emailAddress=admin@stuX.com
2. http服務器申請簽署證書
(1) 客戶端生成證書籤署請求:
[root@C1 ~]# mkdir /etc/httpd24/ssl [root@C1 ~]# cd /etc/httpd24/ssl [root@C1 ssl]# (umask 077; openssl genrsa -out httpd.key 2048) Generating RSA private key, 2048 bit long modulus .................................................................................................................................................................................................................................................................................................................+++ ...........+++ e is 65537 (0x10001) [root@C1 ssl]# openssl req -new -key httpd.key -days 3650 -out httpd.csr You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [XX]:CN State or Province Name (full name) []:HA Locality Name (eg, city) [Default City]:ZZ Organization Name (eg, company) [Default Company Ltd]:MageEdu Organizational Unit Name (eg, section) []:Ops Common Name (eg, your name or your server's hostname) []:www2.stuX.com Email Address []:admin@stuX.com Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []: An optional company name []:
(2) 將證書籤署請求發送給CA(RA):
[root@C1 ssl]# scp httpd.csr root@192.168.1.97:/tmp
(3) CA爲http服務器簽署證書:
[root@C1 CA]# openssl ca -in /tmp/httpd.csr -days 3650 -out /etc/pki/CA/certs/httpd.crt Using configuration from /etc/pki/tls/openssl.cnf Check that the request matches the signature Signature ok Certificate Details: Serial Number: 1 (0x1) Validity Not Before: Nov 17 09:22:25 2016 GMT Not After : Nov 15 09:22:25 2026 GMT Subject: countryName = CN stateOrProvinceName = HA organizationName = MageEdu organizationalUnitName = Ops commonName = www2.stuX.com emailAddress = admin@stuX.com X509v3 extensions: X509v3 Basic Constraints: CA:FALSE Netscape Comment: OpenSSL Generated Certificate X509v3 Subject Key Identifier: BD:64:23:20:D3:3B:79:0C:C4:2B:AB:F4:47:84:6F:54:38:78:68:5B X509v3 Authority Key Identifier: keyid:C1:CA:83:F5:FA:CC:BA:15:CE:BC:D2:A1:13:1D:6F:17:5F:C9:59:0C Certificate is to be certified until Nov 15 09:22:25 2026 GMT (3650 days) Sign the certificate? [y/n]:y 1 out of 1 certificate requests certified, commit? [y/n]y Write out database with 1 new entries Data Base Updated
(4) 檢查http服務器證書,並將該證書傳遞給http服務器:
[root@C1 CA]# openssl x509 -in /etc/pki/CA/certs/httpd.crt -noout -subject subject= /C=CN/ST=HA/O=MageEdu/OU=Ops/CN=www2.stuX.com/emailAddress=admin@stuX.com [root@C1 CA]# scp /etc/pki/CA/certs/httpd.crt root@192.168.1.83:/etc/httpd24/ssl/
#重啓名虛擬主機的證書和私鑰文件,以便後期引用:
[root@C1 ~]# cd /etc/httpd24/ssl/ [root@C1 ssl]# mv httpd.crt www2.stuX.com.crt [root@C1 ssl]# mv httpd.key www2.stuX.com.key
3. 配置http服務器使用證書使之支持https
(1) 爲httpd安裝mod_ssl模塊:
[root@C1 ~]# yum install -y mod_ssl
(2)檢查httpd主配置文件/etc/httpd24/httpd.conf是否存在並啓用如下條目:
LoadModule ssl_module modules/mod_ssl.so LoadModule socache_shmcb_module modules/mod_socache_shmcb.so Include /etc/httpd24/extra/httpd-ssl.conf
(3) 修改ssl相關的配置文件/etc/httpd24/extra/httpd-ssl.conf:
[root@C1 extra]# egrep -v '^#|^$' httpd-ssl.conf
Listen 443
SSLCipherSuite HIGH:MEDIUM:!MD5:!RC4
SSLProxyCipherSuite HIGH:MEDIUM:!MD5:!RC4
SSLHonorCipherOrder on
SSLProtocol all -SSLv3
SSLProxyProtocol all -SSLv3
SSLPassPhraseDialog builtin
SSLSessionCache "shmcb:/usr/local/httpd24/logs/ssl_scache(512000)"
SSLSessionCacheTimeout 300
<VirtualHost *:443>#定義基於443端口的虛擬主機
DocumentRoot "/web/vhosts/www2"
ServerName www2.stuX.com:443
ServerAdmin you@example.com
ErrorLog "/web/vhosts/www2.err"
TransferLog "/web/vhosts/www2.access"
SSLEngine on
SSLCertificateFile "/etc/httpd24/ssl/www2.stuX.com.crt"#指定www2.stuX.com.crt虛擬主機的證書文件
SSLCertificateKeyFile "/etc/httpd24/ssl/www2.stuX.com.key"#指定www2.stuX.com.crt虛擬主機的私鑰文件
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory "/usr/local/httpd24/cgi-bin">
SSLOptions +StdEnvVars
</Directory>
BrowserMatch "MSIE [2-5]" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
CustomLog "/usr/local/httpd24/logs/ssl_request_log" \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
</VirtualHost>
(4) 在虛擬主機相關的配置文件/etc/httpd24/extra/httpd-vhosts.conf中註釋掉80端口的www2.stuX.com主機。可選:
#<VirtualHost *:80> # ServerName www2.stuX.com # DocumentRoot "/web/vhosts/www2" # ErrorLog "/web/vhosts/www2.err" # CustomLog "/web/vhosts/www2.access" common #</VirtualHost>
4. 檢查配置文件,重啓服務並檢查443端口:
[root@C1 ~]# httpd -t Syntax OK [root@C1 ~]# apachectl restart [root@C1 ~]# ss -tanl | grep :443 0 128 :::443 :::*
5. 測試:
八、創建samba共享,共享目錄爲/data,要求:(描述完整的過程)
1)共享名爲shared,工做組爲magedu;
2)添加組develop,添加用戶gentoo,centos和ubuntu,其中gentoo和centos以develop爲附加組,ubuntu不屬於develop組;密碼均爲用戶名;
3)添加samba用戶gentoo,centos和ubuntu,密碼均爲「mageedu」;
4)此samba共享shared僅容許develop組具備寫權限,其餘用戶只能以只讀方式訪問;
5)此samba共享服務僅容許來自於172.16.0.0/16網絡的主機訪問;
安裝samba服務器程序、samba客戶端工具和公共庫:
[root@C1 ~]# yum install -y samba samba-common samba-client
添加系統用戶和組:
[root@C1 ~]# groupadd develop [root@C1 ~]# useradd -G develop gentoo; echo "gentoo" | passwd --stdin gentoo Changing password for user gentoo. passwd: all authentication tokens updated successfully. [root@C1 ~]# useradd -G develop centos; echo "centos" | passwd --stdin centos Changing password for user centos. passwd: all authentication tokens updated successfully. [root@C1 ~]# useradd ubuntu; echo "ubuntu" | passwd --stdin ubuntu Changing password for user ubuntu. passwd: all authentication tokens updated successfully.
建立共享目錄並編輯權限:
[root@C1 ~]# mkdir -v /data mkdir: created directory ‘/data’ [root@C1 ~]# setfacl -m g:develop:rwx /data/ [root@C1 ~]# getfacl /data/ getfacl: Removing leading '/' from absolute path names # file: data/ # owner: root # group: root user::rwx group::r-x group:develop:rwx mask::rwx other::r-x
添加samba用戶:
[root@C1 ~]# smbpasswd -a gentoo New SMB password: Retype new SMB password: Added user gentoo. [root@C1 ~]# smbpasswd -a centos New SMB password: Retype new SMB password: Added user centos. [root@C1 ~]# smbpasswd -a ubuntu New SMB password: Retype new SMB password: Added user ubuntu. [root@C1 ~]# pdbedit -L//列出全部的samba用戶 gentoo:1039: ubuntu:1041: centos:1040:
修改samba配置文件建立編輯共享:
[root@C1 ~]# cp -p /etc/samba/smb.conf{,.bak}
[root@C1 ~]# cp -p /etc/samba/smb.conf{,.bak}
[global]
workgroup = magedu
server string = Samba Server Version %v
netbios name = MYSERVER
hosts allow = 192.168.1.0/24#環境所限,此處代替172.16.0.0/16網絡
log file = /var/log/samba/log.%m
max log size = 50
security = user
passdb backend = tdbsam
load printers = yes
cups options = raw
[homes]
comment = Home Directories
browseable = no
writable = yes
[shared]
comment = develop's directory
path = /data
guest ok = yes
writable = yes
write list = +develop
測試samba配置文件是否有語法錯誤:
[root@C1 ~]# testparm Load smb config files from /etc/samba/smb.conf rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384) Processing section "[homes]" Processing section "[shared]" Loaded services file OK. Server role: ROLE_STANDALONE Press enter to see a dump of your service definitions [global] workgroup = MAGEDU netbios name = MYSERVER server string = Samba Server Version %v log file = /var/log/samba/log.%m max log size = 50 idmap config * : backend = tdb hosts allow = 192.168.1.0/24 cups options = raw [homes] comment = Home Directories read only = No browseable = No [shared] comment = develop's directory path = /data write list = +develop read only = No guest ok = Yes
啓動並檢查smb服務:
[root@C1 ~]# systemctl start smb.service
[root@C1 ~]# systemctl start nmb.service
[root@C1 ~]# ss -tnlap | grep smb
LISTEN 0 50 *:139 *:* users:(("smbd",pid=2259,fd=34))
LISTEN 0 50 *:445 *:* users:(("smbd",pid=2259,fd=33))
LISTEN 0 50 :::139 :::* users:(("smbd",pid=2259,fd=32))
LISTEN 0 50 :::445 :::* users:(("smbd",pid=2259,fd=31))
驗證:
[root@C1 ~]# smbclient -L 192.168.1.71 -U centos Enter centos's password: Domain=[MAGEDU] OS=[Unix] Server=[Samba 4.1.1] Sharename Type Comment --------- ---- ------- IPC$ IPC IPC Service (Samba Server Version 4.1.1) shared Disk develop's directory centos Disk Home Directories Domain=[MAGEDU] OS=[Unix] Server=[Samba 4.1.1] Server Comment --------- ------- MYSERVER Samba Server Version 4.1.1 Workgroup Master --------- ------- MAGEDU MYSERVER WORKGROUP YINKAI-NB-X230 從Windows登錄\\192.168.1.71,並建立測試文件: [root@C1 tmp]# ll /data/ total 0 -rwxr--r-- 1 centos centos 0 11月 16 22:05 centos.txt -rwxr--r-- 1 gentoo gentoo 0 11月 16 22:05 gentoo.txt
九、搭建一套文件vsftp文件共享服務,共享目錄爲/ftproot,要求:(描述完整的過程)
1)基於虛擬用戶的訪問形式;
2)匿名用戶只容許下載,不容許上傳;
3)禁錮全部的用戶於其家目錄當中;
4)限制最大併發鏈接數爲200:;
5)匿名用戶的最大傳輸速率512KB/s
6)虛擬用戶的帳號存儲在mysql數據庫當中。
7)數據庫經過NFS進行共享。
環境說明:
FTP服務器:192.168.1.71
Mariadb服務器:192.168.1.71
NFS服務器:192.168.1.72
1. 在192.168.1.72上搭建NFS服務器
(1). 建立nfs目錄,用戶實際存儲數據:
[root@C2 ~]# mkdir -vp /shared/nfs mkdir: created directory `/shared' mkdir: created directory `/shared/nfs' [root@C2 ~]# useradd -r -M -s /sbin/nologin mysql [root@C2 ~]# chown -R mysql.mysql /shared/nfs/
(2). 修改nfs配置文件,定義導出目錄:
[root@C2 ~]# vim /etc/exports /shared/nfs 192.168.1.0/24(rw,no_root_squash)
(3). 啓動nfs服務:
[root@C2 ~]# systemctl start nfs.service
[root@C2 ~]# ss -tnlp | egrep '2049|rpc'
LISTEN 0 128 *:111 *:* users:(("rpcbind",pid=1645,fd=8))
LISTEN 0 128 *:20048 *:* users:(("rpc.mountd",pid=2098,fd=8))
LISTEN 0 128 *:46620 *:* users:(("rpc.statd",pid=1643,fd=9))
LISTEN 0 64 *:2049 *:*
LISTEN 0 128 :::37518 :::* users:(("rpc.statd",pid=1643,fd=11))
LISTEN 0 128 :::111 :::* users:(("rpcbind",pid=1645,fd=11))
LISTEN 0 128 :::20048 :::* users:(("rpc.mountd",pid=2098,fd=10))
LISTEN 0 64 :::2049 :::*
2. 在192.168.1.71上搭建Mariadb服務器,並使用NFS做爲存儲
(1). 使用NFS文件系統,並掛載爲數據庫目錄:
[root@C1 ~]# showmount -e 192.168.1.72 #查看NFS服務器導出的目錄 Export list for 192.168.1.72: /shared/nfs 192.168.1.0/24 [root@C1 ~]# mkdir /data #做爲數據庫存儲目錄 [root@C1 ~]# mount -t nfs 192.168.1.72:/shared/nfs /data/
(2). 安裝配置MariaDB:
[root@C2 ~]# id mysql
uid=992(mysql) gid=989(mysql) 組=989(mysql)
[root@C1 ~]# groupadd -r -g 989 mysql
[root@C1 ~]# useradd -r -s /sbin/nologin -M -u 992 -g 989 mysql #與NFS服務器上的mysql用戶對應,以便標識
[root@C1 ~]# yum install -y mariadb mariadb-server
[root@C1 ~]# cp -p /etc/my.cnf.d/server.cnf{,.bak}
[root@C1 ~]# vim /etc/my.cnf
[mysqld]
datadir=/data/mysql
socket=/var/lib/mysql/mysql.sock
symbolic-links=0
skip_name_resolve = on
innodb_file_per_table = on
character-set-server = utf8
[mysqld_safe]
log-error=/var/log/mariadb/mariadb.log
pid-file=/var/run/mariadb/mariadb.pid
!includedir /etc/my.cnf.d
[root@C1 ~]# systemctl start mariadb.service #啓動mariadb服務
[root@C1 ~]# ss -tnl | grep 3306
LISTEN 0 50 *:3306 *:*
[root@C1 ~]# mysql_secure_installation #初始化MariaDB數據庫
[root@C1 ~]# mysql -uroot -p
MariaDB [(none)]> SHOW VARIABLES LIKE '%datadir%'; //檢查數據文件的存儲路徑是否生效
+------------------------------+-----------------------------+
| Variable_name | Value |
+------------------------------+----------------------------+
| datadir | /data/mysql/ |
+------------------------------+-----------------------------+
1 row in set (0.00 sec)
3. 搭建FTP服務器
(1).安裝vsftpd和pam_mysql:
[root@C1 ~]# yum --enablerepo=epel install vsftpd pam_mysql
編譯安裝pam_mysql:
下載pam_mysql源文件:pam_mysql-0.7RC1.tar.gz
[root@C1 tmp]# tar xf pam_mysql-0.7RC1.tar.gz -C /usr/local/src/ [root@C1 tmp]# cd /usr/local/src/pam_mysql-0.7RC1/ [root@C1 pam_mysql-0.7RC1]# yum install -y pam-devel.x86_64 mariadb-devel #在編譯前確保已經安裝了mariadb-devel、pam-devel.x86_64 [root@C1 pam_mysql-0.7RC1]# ./configure --with-pam-mods-dir=/usr/lib64/ #手工指定pam模塊目錄 [root@C1 pam_mysql-0.7RC1]# make && make install
(2). 建立虛擬用戶數據庫.表,插入用戶數據,並受權查詢:
CREATE DATABASE vsftpd; GRANT SELECT ON vsftpd.* TO 'vsftpd'@'192.168.1.%' IDENTIFIED BY 'vsftpdpass'; GRANT SELECT ON vsftpd.* TO 'vsftpd'@'localhost' IDENTIFIED BY 'vsftpdpass'; GRANT SELECT ON vsftpd.* TO 'vsftpd'@'127.0.0.1' IDENTIFIED BY 'vsftpdpass'; FLUSH PRIVILEGES; USE vsftpd CREATE TABLE `users` ( `id` int(11) NOT NULL AUTO_INCREMENT, `name` char(20) CHARACTER SET utf8 COLLATE utf8_bin NOT NULL, `password` char(48) CHARACTER SET utf8 COLLATE utf8_bin NOT NULL, PRIMARY KEY (`id`) ) ENGINE=InnoDB DEFAULT CHARSET=utf8
#添加虛擬用戶:
INSERT INTO users(name,password) VALUES('yinkai',password('yinkaipass')),('chris',password('chrispass'));
(3). 配置vsftpd:
1) 創建pam認證所需文件:
[root@C1 ~]# vim /etc/pam.d/vsftpd.mysql auth required /usr/lib64/pam_mysql.so user=vsftpd passwd=vsftpdpass host=localhost db=vsftpd table=users usercolumn=name passwdcolumn=password crypt=2 account required /usr/lib64/pam_mysql.so user=vsftpd passwd=vsftpdpass host=localhost db=vsftpd table=users usercolumn=name passwdcolumn=password crypt=2
說明:auth行用於認證,檢查用戶名和密碼是否匹配;account行用於審查,檢查用戶是否在有效期限內
/usr/lib64/pam_mysql.so爲pam_mysql的模塊;user=vsftpd(登錄mysql數據庫的用戶名) passwd=www.magedu.com(登錄mysql數據庫的密碼) host=localhost(mysql數據庫服務器主機) db=vsftpd(指定存儲用戶表的數據庫) table=users(指定表) usercolumn=name(登錄vsftpd用戶的用戶名字段) passwdcolumn=password(登錄vsftpd用戶的密碼字段) crypt=2(密碼使用MySQL PASSWORD()加密)
2) 創建虛擬用戶映射的系統用戶及對應的目錄
[root@C1 ~]# useradd -s /sbin/nologin -d /var/ftp/ftproot vuser [root@C1 ~]# chmod go+rx /var/ftp/ftproot/ [root@C1 ~]# chmod -w /var/ftp/ftproot/ #因爲安全限制vsftpd不容許ftp用戶根目錄有寫權限,不然登錄FTP服務器時會報:500 OOPS: vsftpd: refusing to run with writable root inside chroot() [root@C1 ~]# mkdir /var/ftp/ftproot/test #建立一個可上傳數據的目錄 [root@C1 ~]# chown -R vuser.vuser /var/ftp/ftproot/test
3) 修改vsftpd的配置文件,使其使用mysql認證:
[root@C1 ftproot]# egrep -v '^#|^$' /etc/vsftpd/vsftpd.conf anonymous_enable=YES local_enable=YES write_enable=YES local_umask=022 anon_upload_enable=NO anon_mkdir_write_enable=NO anon_other_write_enable=NO dirmessage_enable=YES xferlog_enable=YES connect_from_port_20=YES xferlog_file=/var/log/xferlog xferlog_std_format=YES ftpd_banner=Welcome to blah FTP service. chroot_local_user=YES listen=NO listen_ipv6=YES pam_service_name=vsftpd.mysql #鏈接到MySql認證虛擬用戶時用到的的pam配置文件 userlist_enable=YES userlist_deny=YES tcp_wrappers=YES max_clients=200 anon_max_rate=5120 guest_enable=YES #啓用虛擬用戶認證 guest_username=vuser #全部虛擬用戶都映射爲vuser本地系統用戶 user_config_dir=/etc/vsftpd/vusers [root@C1 ftproot]# cat /etc/vsftpd/vusers/yinkai anon_upload_enable=YES anon_mkdir_write_enable=YES anon_other_write_enable=YES [root@C1 ftproot]# cat /etc/vsftpd/vusers/chris anon_upload_enable=YES anon_mkdir_write_enable=YES anon_other_write_enable=YES
測試:
yinkai@yinkai-NB-X230 ~ $ ftp 192.168.1.71 Connected to 192.168.1.71. 220 Welcome to blah FTP service. Name (192.168.1.71:yinkai): chris #使用虛擬用戶登錄 331 Please specify the password. Password: 230 Login successful. Remote system type is UNIX. Using binary mode to transfer files. ftp> pwd 257 "/" #已禁錮用戶 ftp> ls 200 PORT command successful. Consider using PASV. 150 Here comes the directory listing. -rw------- 1 1000 1000 1124 Nov 19 17:29 fstab drwxr-xr-x 1 1000 1000 0 Nov 20 13:49 test 226 Directory send OK. ftp> cd test 250 Directory successfully changed. ftp> lcd /etc Local directory now /etc ftp> put issue local: issue remote: issue 200 PORT command successful. Consider using PASV. 150 Ok to send data. 226 Transfer complete. #虛擬用戶可上傳數據 27 bytes sent in 0.00 secs (418.5 kB/s) ftp> bye 221 Goodbye. yinkai@yinkai-NB-X230 ~ $ ftp 192.168.1.71 Connected to 192.168.1.71. 220 Welcome to blah FTP service. Name (192.168.1.71:yinkai): ftp #匿名用戶登錄 331 Please specify the password. Password: 230 Login successful. Remote system type is UNIX. Using binary mode to transfer files. ftp> pwd 257 "/" #已禁錮匿名用戶 ftp> ls 200 PORT command successful. Consider using PASV. 150 Here comes the directory listing. dr-xr-xr-x 1 1000 1000 98 Nov 20 13:44 ftproot drwxrwxr-x 1 0 0 14 Nov 19 16:47 pub -rw-r--r-- 1 0 0 0 Nov 19 16:49 tf1 226 Directory send OK. ftp> mkdit testdir #匿名用戶不可寫 ?Invalid command ftp> get tf1 local: tf1 remote: tf1 200 PORT command successful. Consider using PASV. 150 Opening BINARY mode data connection for tf1 (0 bytes). 226 Transfer complete. ftp> bye 221 Goodbye.
相關文章
- 1. 第9周做業做業
- 2. 第9次做業
- 3. 9月15日做業
- 4. 第7-9章做業
- 5. xydiyidao-9月5日做業
- 6. 3月9日做業
- 7. 網絡管理 做業9
- 8. 9月4日做業
- 9. LINUX做業( 三)
- 10. LINUX做業(一)
- 更多相關文章...
- • Docker 教程 - Docker教程
- • Docker 安裝 CentOS - Docker教程
- • TiDB 在摩拜單車在線數據業務的應用和實踐
- • Docker容器實戰(七) - 容器眼光下的文件系統
相關標籤/搜索
每日一句
-
每一个你不满意的现在,都有一个你没有努力的曾经。
最新文章
- 1. js中 charCodeAt
- 2. Android中通過ViewHelper.setTranslationY實現View移動控制(NineOldAndroids開源項目)
- 3. 【Android】日常記錄:BottomNavigationView自定義樣式,修改點擊後圖片
- 4. maya 文件檢查 ui和數據分離 (一)
- 5. eclipse 修改項目的jdk版本
- 6. Android InputMethod設置
- 7. Simulink中Bus Selector出現很多? ? ?
- 8. 【Openfire筆記】啓動Mac版Openfire時提示「系統偏好設置錯誤」
- 9. AutoPLP在偏好標籤中的生產與應用
- 10. 數據庫關閉的四種方式
歡迎關注本站公眾號,獲取更多信息
相關文章
- 1. 第9周做業做業
- 2. 第9次做業
- 3. 9月15日做業
- 4. 第7-9章做業
- 5. xydiyidao-9月5日做業
- 6. 3月9日做業
- 7. 網絡管理 做業9
- 8. 9月4日做業
- 9. LINUX做業( 三)
- 10. LINUX做業(一)