2016年RHEL7 ：RHCE試題答案整理

RHCE考試：

1.Selinux

兩臺服務器上配置

~]# vim /etc/selinux/config

SELINUX=disabled

SELINUXTYPE=targeted

~]#reboot 

 

 

2.ssh登陸控制

~]#vim /ect/hosts.allow

sshd:172.25.0.

~]#vim /ect/hosts.deny

sshd:172.24.0.

 

 

3.命令別名

~]#vim /etc/bashrc

alias qstat='      '

重讀環境變量、驗證

~]# source /etc/bashrc        或 ~]# .  /PATH/FROM/CONF_FILE

~]# alias

~]#qstat

 

 

4.防火牆規則，配置端口轉發

圖形化界面操做。。。

~]# firewall-config &     在圖形化下配置

選擇模式：

Configuration Permanent永久模式

Zone：public 適用區域

Port Forwarding端口轉發 --> Add

~]# firewall-cmd --list-all public 驗證

 

 

5.鏈路聚合

圖形化界面配置：

~]#nm-conection-editor &

~]#lab teambridge setup

man teamd----》{"runner\":{\"name\":\"activebackup\"}}

~]#systemctl restart network

~]#ip addr show team0

~]#teamdctl team0 state

 

 

6.配置IPv6地址

圖形配置

~]# nm-connection-editor &   圖形配置

~]# systemctl restart network

~]# ip addr show eth0

~]# ping  #測試

 

 

7.本地郵件服務

~]#yum install -y postfix

~]#vim  /etc/postfix/main.cf

init_interfaces=loopback-only

myorigin = example.com              #從該系統上發送的郵件都顯示來自

relayhost = [cla***oom.example.com]      # 轉發發到

mydestination=            # 本地不接受外來郵件

local_transport=err:local delivery disabled

~]# systemctl restart postfix

~]# systemctl enable postfix

 

 

8.Samba共享目錄

Server:

~]# yum install samba samba-client -y  

~]# mkdir /common

~]# chcon -R -t samba_share_t /common          #修改安全上下文，此處的SElinux是打開的，在配置文件中也有此命令

~]# vim /etc/samba/smb.conf

workgroup = STAFF     # 此處是修改

[common]    # 此處開始是添加內容

comment=common

path = /common

hosts allow = 172.25.0.

browseable = yes

~]# smbpasswd -a andy

~]# testparm   # 查看配置有無問題

~]# systemctl restart smb nmb

~]# systemctl enable smb nmb

~]# firewall-cmd --add-service=samba  --permanent

~]# firewall-cmd --reload

Client：

~]# yum install samba-client cifs-utils  -y

~]# smbclient -L //172.25.0.11 -U andy      # 測試可否鏈接

~]# smbclient //172.25.0.11/common -U andy      # 測試可否鏈接共享目錄

~]# 第三步測試：可以下載不能上傳

掛載能夠作看題目要求：

~]#mkdir /mnt/common

~]#vim /etc/fstab

//172.25.0.11/common    /mnt/common   cifs    defaults,username=k1,password=redhat,sec=ntlmssp   0   0

~]#mount -a

~]#df -hT

 

 

9.多用戶SMB掛載

~]# mkdir  /share

~]# chmod o+w  /share

~]# chcon -R -t samba_share_t  /share

~]# useradd k1

~]# useradd c1

~]# smbpasswd -a k1

~]# smbpasswd -a c1

~]# vim /etc/samba/smb.conf

[share]

comment=share

path = /share

hosts allow = 172.25.0.

browseable = yes

writable = no

write list = c1

~]# systemctl restart smb nmb

 

Client端測試：

~]#vim /etc/fstab

//172.25.0.11/share    /mnt/dev   cifs    defaults,multiuser,username=k1,password=redhat,sec=ntlmssp   0   0

~]#mount -a

~]#df -h

~]# useradd c1

~]# su - c1

~]#cd /mnt/dev

~]# cifscreds add 172.25.0.11 -u c1        # 臨時提高權限？？？？？？？？？？？？？？？？？？

 

 

10.NFS服務

Server：

~]# mkdir /public

~]# mkdir /pretected

~]# chcon -R -t public_content_t /public

~]# chcon -R -t public_content_t /pretected/

~]# vim /etc/exports

/public  172.25.0.0/24(ro,sync)

/pretected   172.25.0.0/24(rw,sec=krb5p,sync)

~]# wget -O /etc/krb5.keytab http://cla***oom.example.com/pub/keytabs/server0.keytab

？~]# useradd k2

？~]# chown k2 /pretected/project/

~]# systemctl restart nfs-secure-server

~]# systemctl enable nfs-server.service

~]# systemctl restart nfs

~]# firewall-cmd --add-service=nfs --permanent

~]# firewall-cmd --reload

~]# firewall-cmd --add-service=rpc-bind --permanent  # 掛載相關的放行

~]# firewall-cmd --reload

~]# firewall-cmd --permanent --add-service=mountd  # 掛載相關的放行

~]# firewall-cmd --reload

~]# vim /etc/sysconfig/nfs   # 爲支持krb5驗證

RPCNFSDARGS='-V 4.2'

 

 

11.掛載NFS共享

Client：

~]# wget -O /etc/krb5.keytab http://cla***oom.example.com/pub/keytabs/desktop0.keytab

~]# systemctl restart nfs-secure

~]# systemctl enable nfs-secure

~]# mkdir /mnt/nfssecure

~]# vim /etc/fstab

172.25.0.11:/public      /mnt/nfsmount    nfs    defaules    0    0

172.25.0.11:/pretected     /mnt/nfssecure     nfs     defaults,sec=krb5p,v4.2   0       0

~]# mount -a

 

 

12.配置Web站點

~]# yum groupinstall  -y  web*

~]#cd /var/www/html

~]#wget http://   

~]#mv

~]# systemctl start httpd

~]# systemctl enable httpd

~]#firewall-cmd --add-service=http -permanent

~]#firewall-cmd --reload

~]# systemctl restart httpd

~]#firewall-config &

~]# curl http://server0.example.com

 

 

13.配置安全web服務

~]# yum install mod_ssl

~]# cd /etc/httpd/conf.d

~]# wget http://cla***oom.example.com/pub/tls/certs/www0.crt

~]# wget http://cla***oom.example.com/pub/tls/private/www0.key

~]# wget http://cla***oom.example.com/pub/example-ca.crt

~]# vim ssl.conf

DocumentRoot "/var/www/html"

ServerName server0.example.com:443

SSLCertificateFile /etc/httpd/conf.d/www0.crt

SSLCertificateKeyFile /etc/httpd/conf.d/www0.key

SSLCertificateChainFile /etc/httpd/conf.d/example-ca.crt

~]#  systemctl restart httpd

~]# firewall-cmd --add-service=https --permanent

~]# firewall-cmd --reload

 

 

14.配置虛擬主機

~]# vim vhost.conf

<VirtualHost *:80>

ServerName www.exmaple.com

DocumentRoot /var/www/virtual

</VirtualHost>

<Directory "/var/www/virtual">

AllowOverride None

Require all granted

</Directory>

<VirtualHost *:80>

ServerName server0.exmaple.com

 DocumentRoot /var/www/html

</VirtualHost>

~]# systemctl restart httpd

~]#mkdir /var/www/virtual

~]#chmod o+w  /var/www/virtual

 

 

15.配置Web內容服務

~]# mkdir /var/www/html/private

~]# echo "15 " > /var/www/html/private/index.html

~]# mkdir /var/www/virtual

~]# echo "14" > /var/www/virtual/index.html

~]# vim vhost.conf

<VirtualHost *:80>

ServerNamewww.exmaple.com

DocumentRoot /var/www/virtual

</VirtualHost>

<Directory "/var/www/virtual">

AllowOverride None

Require all granted

</Directory>

<VirtualHost _default_:80>

ServerName server0.example.com

DocumentRoot /var/www/html

<Directory "/var/www/html">

AllowOverride None

Require all granted

</Directory>

</VirtualHost>

<Directory "/var/www/html/private">

AllowOverride None

Require all denied

Require local

</Directory>

~]# systemctl restart httpd

~]# curl http://server0.example.com/private/index.html

~]# curl http://server0.example.com/private/index.html

 

 

16.實現動態Web內容

~]# yum install mod_wsgi -y

~]# vim /etc/httpd/conf/httpd.conf

Listen 8909

~]# semanage port -a -t http_port_t -p tcp 8909

~]#  systemctl restart httpd

~]# echo "16" > /var/www/html/webinfo.wsgi

~]#vim vhost.conf

<VirtualHost *:8909>

ServerName 16.exmaple.com

DocumentRoot /var/www/html

<Directory "/var/www/html">

AllowOverride None

Require all granted

</Directory>

WSGIScriptAlias / /var/www/html/webinfo.wsgi

</VirtualHost>

~]# systemctl restart httpd

~]# firewall-config-edit &圖形化放行

~]#firewall-cmd  --reload

 

 

17.case腳本

~]#vim /etc/boot/foo/sh

#!/bin/bash

case $1 in

fedora)

echo "redhat"

;;

redhat)

echo "fedora"

;;

*)

echo "/root/foo.sh redhat|fedora"

esac

~]# chmod +x /root/foo.sh

 

 

18.添加用戶腳本????

~]#vim /root/batchusers.sh

#!/bin/bash

if [$# -eq 0 ];then

echo "Usage:/root/batchusers"

exit 1

fi

if [! -f $1];then

echo "input file not found"

exit 1

fi

for i in $(cat $1);do

useradd -s /bin/false $i;

done

~]# chmod +x /root/batchusers.sh

 

 

19.ISCSI服務

~]# fdisk -l /dev/vda

~]#yum install -y targetcli

~]#targetcli

/>  ls

/>  cd backstores/

/>  cd block

/>  create  disk1 /dev/vda1

/>  cd ..

/>  cd ..

/>   cd  iscsi

/>  create iqn.2014-11.com.example:server0

/>  cd   iqn.2014-11.com.wxample:server0/tpg1/

/>  ls

/>  luns/ create  /backstores/block/disk1

/>  acls/  create   iqn.2014-11.com.example:desktop0

/>  portals/ create 172.25.0.11

/>  exit

~]#fire-cmd --add-port=3260/tcp --permanent

~]#fire-cmd --reload

~]#systemctl enaable target

~]#systemctl start targe

 

 

20.配置ISCSI服務客戶端

~]# yum install iscsi* -y

~]#vim /ettc/iscsi/initiatorname.iscsi

InitiatorName=iqn.2014-11.com.example:desktop0

~]#iscsiadm -t st -m discovery -p 172.25.0.11

~]#iscsiadm -m node -T iqn.2014-11.com.example:server0 -p 172.25.0.11 -l

~]#fdisk -l

~]# fdisk /dev/sdc 分區

~]# mkfs.ext4 /dev/sd...

~]# mkdir /mnt/data

~]# vim /etc/fstab

UUID=        /mnt/data  ext4    defaults,_netdev      0    0

~]# mount -a

 

 

21.配置數據庫

~]# yum groupinstall "mariadb*" -y

~]# systemctl start mariadb

~]# systemctl enable mariadb

~]# mysql_secure_installation

~]# mysql -u root -p

MariaDB > CREATE DATABASE  Contacts;

MariaDB > quit

~]# mysql -u root -p Contacts  < /root/users.mdb

 

 

22.查詢數據庫

~]# mysql -u root -p

MariaDB > use Contacts;

MariaDB > show tables;

MariaDB > create user r1@localhost identified by 'redhat';

MariaDB > grant select on Contacts.* to r1@localhost;

MariaDB > flush privileges;

MariaDB > select * from pass inner join name where name.aid=pass.bid;

MariaDB > select * from pass inner join name on name.aid=pass.bid where password='tangerine';

MariaDB >select * from name inner join loc on name.aid=loc.cid where firstname='John' and loction='guangzhou';