码迷,mamicode.com
首页 > 数据库 > 详细

零基础学习云计算及大数据DBA集群架构师【Linux系统\网络服务及安全配置2015年1月8日周五】

时间:2016-02-21 17:09:48      阅读:382      评论:0      收藏:0      [点我收藏+]

标签:

考试考一天,得分94,最后一题防火墙当时还没搞明白

考题如下:

注意事项:
1.确保在重启主机后所有配置仍然生效。
2.selinux 必须为Enforing 模式,防火墙必须开始。默认策略必须清空。
3.设置主机名为stuXXX.com(“X”为你的foundation 机器ip 地址最后一位。例如:你的ip 地址为172.25.254.30,则你的主机名为stu30.com)
4.不允许ssh 登录到其他主机,已经发现按0 分计算考试得分。
5.考试满分为100 分制,70 分为及格,所有考题需要按照要求完成。
1.使用find 查找/etc 目录下文件名以.conf 结尾的文件,并将其复制到/tmp/etc 目录下。(10 分)
2.配置autofs,当执行cd /opt/server 时,系统自动将172.25.254.250:/content 挂载到此目录。(10 分)
3.创建test1 test2 test3 用户,uid=gid 分别为801 802 803,将他们加入到test 组(本机无test 用户),
组test 为这些用户的附加组。创建/tmp/test 目录,该目录只有test1 test2 test3 用户可读写,(root
不受限制)。该目录下所创建文件group 将自动改变为test 组,该目录下文件只有owner 可删除。(10 分)
4.创建两个基于名称的虚拟主机网站www.test.com 和www.stuXXX.com,并配置相应的DNS 正、反解析。【其中“XXX”为你的foundation 机器ip 地址的最后一位,如果你的ip 地址为172.25.254.30,则你的主机名为stu30.com】(10 分)
5.制作两个lv,/dev/vg_web/lv_test 和/dev/vg_web/lv_stu。每个逻辑卷200M。分别作为以/www/test.com和/www/stuXXX.com 上两个虚拟主机的主目录(Document root)(10 分)
6.配置页面身份认证,使www.stuXXX.com 必须通过用户名jack,密码uplooking 验证才能访问。(10 分)
7.配置samba,是user1(自己新建)用户密码为redhat,可以通过smbclient 上传下载文件到自己的家目录和/samba(自己新建)目录,/samba 共享名为pub。(10 分)
8.配置vsftpd 使student 用户可以通过ftp 上传下载文件自己家目录中的文件,同时对student 用户启用chroot 功能,并且允许匿名用户上传文件到/var/ftp/test 目录下。(10 分)
9.搭建test.com 的邮件服务器,要求:(10 分)
1)邮件服务器的主机名为postfix.test.com,并做好相应的DNS 解析。
2)能收发所有来自test.com 的邮件(如:发给username@test.com 的邮件,该邮件服务器能收到。其中username 为任意用户名)
3)这个域用户的邮件发件人地址为:XXX@test.com
4)发送给student 用户的邮件,除student 用户自己能收到以外user1 和root 也能收到。
10.iptables(10 分)
1)清空iptables filter 表的默认策略(2 分)
2)只允许172.25.0.250 和你使用自己的ftp(2 分)
3) 禁止ping 包(2 分)
3)仅允许172.25.0.0/24 网段和你自己的网段用户访问你的邮件服务器(2 分)
4)保存iptables 配置(2 分)

 

老师写的脚本,用来看试卷

  1 #!/bin/bash
  2 ##### WARNING######
  3 #to use the grade script that you must set the dns records in stuXXX --> 192.168.0.XXX OR
  4 #you can modifiy the /etc/hosts file ;  for example 192.168.0.121 www.stu121.com stu121.com stu121
  5 ###ssh ###
  6 #num=$1
  7 #rsa_file="/root/.ssh/id_rsa.$(date +%F)"
  8 #[ ! -f "$rsa_file" ] && ssh-keygen  -t rsa -f $rsa_file -P ‘‘ > /dev/null 2>&1  && /usr/bin/ssh-copy-id -i $rsa_file.pub root@stu$num
  9 SCORE=100
 10 if [  -z "$1" ] ; then
 11         echo " $0 NUM|all "
 12         exit
 13 fi
 14 
 15 function print_MSG {
 16         local msg=$1
 17         echo -en "\033[1;34m$msg\033[0;39m "
 18 }
 19 
 20 function print_PASS {
 21   echo -e \033[1;32mPASS\033[0;39m
 22 }
 23 
 24 function print_FAIL {
 25   echo -en \033[1;31mFAIL\033[0;39m 
 26   #echo -e "\033[1;31mSCORE-$1\033[0;39m"
 27   echo -e "\033[1;31m-$1\033[0;39m"
 28   SCORE=$(($SCORE - $1))
 29 }
 30 function print_FAIL1 {
 31   echo -e \033[1;31mFAIL\033[0;39m 
 32 }
 33 
 34 function print_SUCCESS {
 35   echo -e \033[1;36mSUCCESS\033[0;39m
 36 }
 37 
 38 function check_selinux {
 39     local num=$1
 40     selinux=$(ssh root@stu$num "getenforce")
 41         echo -e "\tcheck your selinux: "
 42         echo -en "\tyour selinux staus is: $selinux "
 43         [ $selinux = "Enforcing" ] && print_SUCCESS || (print_FAIL 100 && echo -e "\tSO the grade script exit." && exit)
 44 
 45 }
 46 
 47 function check_Server_file {
 48     local num=$1
 49     echo -en "\tCheck /tmp/etc/ directory file: "
 50     ssh root@stu$num "ls -l /tmp/etc/" >/dev/null 2>&1 && print_SUCCESS || print_FAIL 10
 51 }
 52 
 53 function check_Server_autofs {
 54     local num=$1
 55     echo -en "\tUmount /opt/server " 
 56     ssh root@stu$num "umount /opt/server &>/dev/null" >/dev/null 2>&1 && print_SUCCESS || print_FAIL1
 57     echo -en "\tMount the server nfs to /opt/server "
 58     ssh root@stu$num "cd /opt/server &&  df -h |grep 254"  >/dev/null 2>&1 && print_SUCCESS || print_FAIL  10
 59 }
 60 
 61 function check_user {
 62     local num=$1
 63         echo -en "\tCheck user test1 " 
 64     ssh root@stu$num "id test1 " 2> /dev/null | grep gid=801 | grep (test) >/dev/null 2>&1 && print_SUCCESS || print_FAIL 1
 65         echo -en "\tCheck user test2 " 
 66     ssh root@stu$num "id test2" 2>/dev/null | grep gid=802 | grep (test) >/dev/null 2>&1 && print_SUCCESS || print_FAIL 1
 67         echo -en "\tCheck user test3 " 
 68     ssh root@stu$num "id test3" 2> /dev/null | grep gid=803 | grep (test) >/dev/null 2>&1 && print_SUCCESS || print_FAIL 1
 69 
 70         echo -en "\tCheck test1-3 users can read&write the directory "
 71     FILE_GROUP="$(ssh root@stu$num "ls -ld /tmp/test/" 2>/dev/null| awk {‘print $4‘} )"
 72     [ "$FILE_GROUP" = "test" ] >/dev/null 2>&1 && print_SUCCESS || print_FAIL 2
 73 
 74         echo -en "\tCheck new file will be created to inheritance test group "
 75     FILE_P="$(ssh root@stu$num "ls -ld /tmp/test/ " 2> /dev/null| awk {‘print $1‘} )"
 76     [ ${FILE_P:4:3} = "rws" ] >/dev/null 2>&1 && print_SUCCESS || print_FAIL 3
 77      echo -en "\tCheck only can owner delete the file "
 78     [ ${FILE_P:7:3} = "--T" -o ${FILE_P:7:3} = "--t" ] >/dev/null 2>&1 && print_SUCCESS || print_FAIL 2
 79 }
 80 function check_dns {
 81      local num=$1
 82         echo -en "\tCheck DNS is running "
 83     #(ssh root@stu$num "ps -ef" | grep /usr/sbin/named  &>/dev/null ||  ( print_FAIL 10 && exit))
 84     ssh root@stu$num "ps -ef" | grep /usr/sbin/named  &>/dev/null ||   print_FAIL1
 85     ssh root@stu$num "ps -ef " | grep /usr/sbin/named  &> /dev/null && print_SUCCESS
 86         echo -en "\tCheck DNS is active after reboot "
 87     ssh root@stu$num "chkconfig --list named" | grep 5:on  >/dev/null 2>&1 && print_SUCCESS ||  print_FAIL1
 88         echo -en "\tCheck DNS  www.test.com A record "
 89         #ssh root@stu$num "[ ! -f /etc/nsswitch.conf.bak ]  && cp /etc/nsswitch.conf{,.bak}"
 90         #ssh root@stu$num "sed ‘s/hosts:      files dns/hosts:      dns/g‘ /etc/nsswitch.conf -i"
 91     ssh root@stu$num "nslookup www.test.com"    &>/dev/null  && print_SUCCESS || print_FAIL 5
 92         echo -en "\tCheck DNS  www.stu$num.com A record "
 93     ssh root@stu$num "nslookup www.stu$num.com"    &>/dev/null  && print_SUCCESS || print_FAIL 5
 94     #ssh root@stu$num "/bin/cp /etc/nsswitch.conf.bak /etc/nsswitch.conf" &> /dev/null
 95 
 96 }
 97 
 98 function check_lvm {
 99     local num=$1
100     echo -en "\tCheck vg_web-lv_test is exists "
101     ssh root@stu$num "ls /dev/mapper/vg_web-lv_test " &> /dev/null && print_SUCCESS || print_FAIL 1
102     echo -en "\tCheck vg_web-lv_stu is exists "
103     ssh root@stu$num "ls /dev/mapper/vg_web-lv_stu " &> /dev/null  && print_SUCCESS || print_FAIL 1
104 
105     echo -en "\tmount vg_web-lv_stu to /www/stu$num.com "
106      dirA=$(ssh root@stu$num "df  -h" | grep  /dev/mapper/vg_web-lv_stu  -A1 | awk {if (NR==2) print $NF})
107     [ "$dirA" = "/www/stu$num.com" ] &> /dev/null && print_SUCCESS || print_FAIL 1
108     echo -en "\tmount vg_web-lv_test to /www/test.com "
109     dirB=$(ssh root@stu$num "df  -h" | grep  /dev/mapper/vg_web-lv_test -A1 | awk {if (NR==2) print $NF})
110     #dirB="/var/www/test.com"
111     [ "$dirB" = "/www/test.com" ] &> /dev/null && print_SUCCESS || print_FAIL 1
112 }
113 
114 function check_httpd {
115     local num=$1
116         echo -en "\tCheck httpd is running "
117     ssh root@stu$num "ps -ef" | grep /usr/sbin/httpd  &>/dev/null ||  print_FAIL1
118     ssh root@stu$num "ps -ef " | grep /usr/sbin/httpd  &> /dev/null && print_SUCCESS
119         echo -en "\tCheck httpd is active after reboot "
120     ssh root@stu$num "chkconfig --list httpd" | grep 5:on  >/dev/null 2>&1 && print_SUCCESS ||  print_FAIL1
121     #echo -e "\tCheck httpd config file       "
122     #ssh  root@stu$num "grep DocumentRoot /etc/httpd/conf.d/virthost.conf" | while read key1 key2; do [ "$key2" = "/www/stu$num.com"  -o $key2 = "/www/test.com" ]  2>/dev/null 2>&1 && print_SUCCESS ||  print_FAIL 1;done
123     echo -en "\tVisit www.test.com "
124         ####ssh  root@stu$num "curl --url http://www.test.com/index.html  2>/dev/null" |grep "hellotest" >/dev/null && print_SUCCESS || print_FAIL 3
125         ssh  root@stu$num "curl --url http://www.test.com/index.html  2>/dev/null" |grep "www.test.com" >/dev/null && print_SUCCESS || print_FAIL 3
126     echo -en "\tVisit www.stu$num.com "
127     ####ssh root@stu$num "curl  -u jack:uplooking --url http://www.stu$num.com/index.html" | grep "hellostu$num"  &>  /dev/null && print_SUCCESS || print_FAIL 3
128     #curl  --url http://www.stu$num.com/index.html 2>/dev/null | grep "www.stu$num.com"  &>  /dev/null && print_SUCCESS || print_FAIL 3
129         curl  -u jack:uplooking --url http://www.stu$num.com/index.html 2>/dev/null | grep "www.stu$num.com"  &>  /dev/null && print_SUCCESS || print_FAIL 3
130         #ssh  root@stu$num "curl --url http://www.stu$num.com/index.html  2>/dev/null" |grep "www.stu$num.com" >/dev/null && print_SUCCESS || print_FAIL 3
131 }
132 
133 function check_samba {
134 local num=$1
135         echo -en "\tCheck samba is running "
136         ssh root@stu$num "ps -ef" | grep smbd  &>/dev/null ||  print_FAIL1
137         ssh root@stu$num "ps -ef " | grep smbd  &> /dev/null && print_SUCCESS
138         echo -en "\tCheck httpd is active after reboot "
139         ssh root@stu$num "chkconfig --list smb" | grep 5:on  >/dev/null 2>&1 && print_SUCCESS ||  print_FAIL1
140         echo -en "\tCheck SMB user user1 and password redhat "
141         smbclient -L //stu$num -U user1%redhat >/dev/null 2>&1 && print_SUCCESS ||  print_FAIL 4
142     echo -en "\tCheck SMB share directory home "
143         smbclient -L //stu$num/homes -U user1%redhat  > /dev/null 2>&1  && print_SUCCESS || print_FAIL  5
144     echo -en "\tCheck SMB share directory pub\n"
145                 echo test >.testsmb_user1
146                 echo -en "\t - SMB user user1 can write this pub directory "
147                 echo "put .testsmb_user1" | smbclient //stu$num/pub -U user1%redhat  2>&1 | grep "NT_STATUS_CONNECTION_REFUSED" >/dev/null   && print_FAIL 4 || print_SUCCESS
148                 echo "rm .testsmb_user1"  | smbclient //s$fundation/pub -U user1%redhat  >/dev/null 2>&1
149                 rm -f .testsmb_alice
150  
151 }
152 
153 function check_ftp {
154     local num=$1
155     echo -en "\tCheck vsftpd is running "
156         ssh root@stu$num "ps -ef" | grep /usr/sbin/vsftpd   &>/dev/null ||  print_FAIL 10
157         (
158         ssh root@stu$num "ps -ef " | grep /usr/sbin/vsftpd   &> /dev/null && print_SUCCESS
159         echo -en "\tCheck vsftpd is active after reboot "
160         ssh root@stu$num "chkconfig --list vsftpd" | grep 5:on  >/dev/null 2>&1 && print_SUCCESS ||  print_FAIL1
161         echo -e "\tCheck vsftpd config file "
162      echo -en "\t - chroot student "
163         ssh root@stu$num "grep ^chroot_local_user=YES /etc/vsftpd/vsftpd.conf " >/dev/null && print_SUCCESS || print_FAIL 2
164         echo -en "\t - anon_upload "
165         ssh root@stu$num "grep ^anon_upload_enable=YES /etc/vsftpd/vsftpd.conf " >/dev/null && print_SUCCESS || print_FAIL 2
166         echo -en "\t - selinux ftp_home_dir "
167         ssh root@stu$num " getsebool -a " |  grep "ftp_home_dir --> on"  >/dev/null && print_SUCCESS || print_FAIL 2
168         echo -en "\t - selinux ftp_anon_write "
169         ssh root@stu$num " getsebool -a " |  grep "allow_ftpd_anon_write --> on"  >/dev/null && print_SUCCESS || print_FAIL 2
170     )
171 #    echo test >.testftp_user1
172 #                echo -en "\t - FTP user student can upload file"
173 #        ssh root@stu$num "echo student | passwd student --stdin"  &> /dev/null
174 #        echo "put .testftp_user1" | lftp student@stu$num 
175 }
176 
177 function check_mail {
178     
179 local num=$1
180         echo -en "\tCheck postfix is running "
181         ssh root@stu$num "ps -ef" | grep  /usr/libexec/postfix/master   &>/dev/null ||  print_FAIL 5
182         ssh root@stu$num "ps -ef " | grep /usr/libexec/postfix/master   &> /dev/null && print_SUCCESS
183         echo -en "\tCheck postfix is active after reboot "
184         ssh root@stu$num "chkconfig --list postfix" | grep 5:on  >/dev/null 2>&1 && print_SUCCESS ||  print_FAIL1
185     echo -en "\tCheck DNS  postfix.test.com A record "
186         ssh root@stu$num "nslookup postfix.test.com"    &>/dev/null  && print_SUCCESS || print_FAIL 5
187     echo -e "\tCheck postfix config file "
188     echo -en "\t - myhostname "
189     ssh root@stu$num "grep ^myhostname /etc/postfix/main.cf" | grep "postfix.test.com" >/dev/null && print_SUCCESS || print_FAIL 1
190     echo -en "\t - mydomain "
191     ssh root@stu$num "grep ^mydomain /etc/postfix/main.cf" | grep "test.com" >/dev/null && print_SUCCESS || print_FAIL 1
192     echo -en "\t - myorigin "
193     ssh root@stu$num "grep ^myorigin /etc/postfix/main.cf" | grep "mydomain" >/dev/null && print_SUCCESS || print_FAIL 1
194     echo -en "\t - mydestination "
195     ssh root@stu$num "grep ^mydestination /etc/postfix/main.cf" | grep "mydomain" >/dev/null && print_SUCCESS || print_FAIL 1
196     echo -en "\t - inet_interfaces "
197     ssh root@stu$num "grep ^inet_interfaces  /etc/postfix/main.cf" | grep "all" >/dev/null && print_SUCCESS || print_FAIL 1
198     
199 }
200 
201 function check_iptables {
202     local num=$1
203     echo -en "\tCheck /etc/sysconfig/iptables file: "
204     ssh root@stu$num "ls -l /etc/sysconfig/iptables" >/dev/null 2>&1 && print_SUCCESS || print_FAIL 10
205     ssh root@stu$num "grep 172.25.$num.11 /etc/sysconfig/iptables" | grep "ACCEPT" >/dev/null && print_SUCCESS || print_FAIL 1
206     ssh root@stu$num "grep 172.25.254.250 /etc/sysconfig/iptables" | grep "DROP" >/dev/null && print_SUCCESS || print_FAIL 1
207     ssh root@stu$num "grep icmp /etc/sysconfig/iptables" | grep "DROP" >/dev/null && print_SUCCESS || print_FAIL 2
208     ssh root@stu$num "grep 172.25.$num.0/24 /etc/sysconfig/iptables" | grep "ACCEPT" >/dev/null && print_SUCCESS || print_FAIL 1
209     ssh root@stu$num "grep 172.25.254.0/24 /etc/sysconfig/iptables" | grep "DROP" >/dev/null && print_SUCCESS || print_FAIL 1
210 }
211 
212 function check_ule_main {
213         local num=$1
214 #check selinux type must be enforcing ; otherwise the script will exit.
215     check_selinux $num
216     echo
217         print_MSG "1.Tar check\n"
218         check_Server_file $num
219 
220         print_MSG "2.Server Autofs Set\n"
221         check_Server_autofs $num
222 
223         print_MSG "3.Check users & privileges\n"
224         check_user $num
225 
226         print_MSG "4.check DNS(Bind)\n"
227         check_dns $num
228 
229         print_MSG "5.Check LVM\n"
230         check_lvm $num
231 
232     print_MSG "Check Web Service\n"
233     #print_MSG 6."Check Web Service\n"
234         check_httpd $num
235 
236 #        print_MSG "6.Check web htaccess\n"
237 #        check_htaccess $num
238 
239         print_MSG "7.Check CIFS(SAMBA)\n"
240         check_samba $num
241 
242         print_MSG "8.Check Ftp Service\n"
243         check_ftp $num
244 
245     print_MSG "9.Check Mail Service\n"
246         check_mail $num
247         
248     print_MSG "10.Check iptables\n"
249         check_iptables $num
250         
251 }
252 case $1 in
253         all)
254                 #. /etc/rht
255                 N_UM=$RHT_MAXSTATIONS
256                 for fun in $(seq 100 $N_UM) ; do
257                         print_MSG "stu$N_um check exam\n"
258                         check_ule_main $N_um
259                         print_MSG "stu$N_um check end\n"
260                 done
261                 ;;
262         [0-9]* )
263                 NUM=$1
264                 print_MSG "stu$NUM check begin\n"
265                 check_ule_main $NUM
266         #check_Server_tar $NUM
267         #check_Server_autofs $NUM
268         #check_user $NUM
269         #check_dns $NUM
270         #check_lvm $NUM
271         #check_httpd $NUM
272         #check_samba $NUM
273         #check_ftp $NUM
274         #check_mail $NUM
275         #check_iptables $NUM
276 
277                 print_MSG "stu$NUM check end\n"
278                 ;;
279         *)
280                 print_MSG "error $1\n"
281                 ;;
282 esac
283 #echo "Your SCORE is $SCORE"
284 echo -e "\t\033[1;31mYOUR SCORE IS:\033[0;39m \033[1;36m$SCORE\033[0;39m "

 

零基础学习云计算及大数据DBA集群架构师【Linux系统\网络服务及安全配置2015年1月8日周五】

标签:

原文地址:http://www.cnblogs.com/bluesunspot/p/5205066.html

(0)
(0)
   
举报
评论 一句话评论(0
登录后才能评论!
© 2014 mamicode.com 版权所有  联系我们:gaon5@hotmail.com
迷上了代码!