unit4-5
制作临时swap分区
1.dd if=/dev/zero of=/swapfile bs=1M count=1000
2.du -sh /swapfile 查看/swapfile大小
3.file /swapfile 查看/swapfile 类型
4.mkswap /swapfile 制作swap分区
5.swapon -a /swapfile 激活swap分区
6.修改权限为所建议的
7.swapon -s 查看swap分区
8.ll -l /swapfile
[root@localhost mnt]# dd if=/dev/zero of=/swapfile bs=1M count=1000
1000+0 records in
1000+0 records out
1048576000 bytes (1.0 GB) copied, 7.39327 s, 142 MB/s
[root@localhost mnt]# du -sh0 .
[root@localhost mnt]# du -sh /swapfile 1000M /swapfile
[root@localhost mnt]# file /swapfile/swapfile: data
[root@localhost mnt]# mkswap /swapfile
Setting up swapspace version 1, size = 1023996 KiB
no label, UUID=d13373d6-39c1-4ff5-b96e-885e196356e5
[root@localhost mnt]# swapon -a /swapfile
swapon: /swapfile: insecure permissions 0644, 0600 suggested.
[root@localhost mnt]# ll /swapfile
-rw-r--r-- 1 root root 1048576000 Feb 22 08:47 /swapfile
[root@localhost mnt]# chmod 600 /swapfile
[root@localhost mnt]# ll /swapfile
-rw------- 1 root root 1048576000 Feb 22 08:47 /swapfile
[root@localhost mnt]# swapon -s
Filename Type Size Used Priority
/swapfile file 1023996 0 -1
[root@localhost mnt]#
分区加密
设备 ---加密 ---文件系统 ---文件
1.fdisk /dev/vdb 新建分区
2.partprobe 同步分区
3.cryptsetup luksFormat /dev/vdb1 对/dev/vdb1进行加密
——需要输入:YES(大写) 密码
4.加密之后就不能对 /dev/vdb1进行挂载了
[root@localhost mnt]# partprobe
[root@localhost mnt]# cryptsetup luksFormat /dev/vdb1
WARNING!
========
This will overwrite data on /dev/vdb1 irrevocably.
Are you sure? (Type uppercase yes): YES
Enter passphrase:
Verify passphrase:
[root@localhost mnt]# mount /dev/vdb1 /mnt/
mount: unknown filesystem type ‘crypto_LUKS‘
[root@localhost mnt]#
5.cryptsetup open /dev/vdb1 name 解密之后需要一个新名字
——输入加密时设定的密码
6.name存在位置 : /dev/mapper/name
7.ll 可以查看/dev/mapper/name 属性
8.mkfs.xfs /dev/mapper/name
9.mount /dev/mapper/name /mnt 解密之后可以对其重新挂载
10.touch /mnt/file{1..3}
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
[root@localhost mnt]# cryptsetup open /dev/vdb1 jiemi
Enter passphrase for /dev/vdb1:
[root@localhost mnt]# ls /dev/mapper/
control jiemi
[root@localhost mnt]# mkfs.xfs /dev/mapper/jiemi
meta-data=/dev/mapper/jiemi isize=256 agcount=4, agsize=6272 blks
= sectsz=512 attr=2, projid32bit=1
= crc=0
data = bsize=4096 blocks=25088, imaxpct=25
= sunit=0 swidth=0 blks
naming =version 2 bsize=4096 ascii-ci=0 ftype=0
log =internal log bsize=4096 blocks=853, version=2
= sectsz=512 sunit=0 blks, lazy-count=1
realtime =none extsz=4096 blocks=0, rtextents=0
[root@localhost mnt]# mount /dev/mapper/jiemi /mnt/
[root@localhost mnt]# touch file{1..3}
[root@localhost mnt]# ls
file1 file2 file3
[root@localhost mnt]# df
Filesystem 1K-blocks Used Available Use% Mounted on
/dev/vda1 10473900 4335888 6138012 42% /
devtmpfs 927072 0 927072 0% /dev
tmpfs 942660 84 942576 1% /dev/shm
tmpfs 942660 17028 925632 2% /run
tmpfs 942660 0 942660 0% /sys/fs/cgroup
/dev/mapper/jiemi 96940 5176 91764 6% /mnt
[root@localhost mnt]#
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
11.umount /mnt
——df 查看物理状态
12.cryptsetup close /dev/mapper/name
——关闭name(重新开启加密方式)
13.ll /dev/mapper/
14.mount /dev/vdb1 检测重新加密是否成功
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
[root@localhost mnt]# umount /mnt/
[root@localhost mnt]# cryptsetup close /dev/mapper/jiemi
[root@localhost mnt]# ls /dev/mapper/
control
[root@localhost mnt]# mount /dev/vdb1 /mnt/
mount: unknown filesystem type ‘crypto_LUKS‘
[root@localhost mnt]#
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
****设置开机自动挂载***
1.vim /root/passwdfie 写如加密时的密码
————xiamin0099
2.chmod 600 /root/passwdfile
3.cryptsetup luksAddKey /dev/vdb1 /root/passwdfile 将分区和密码文件连接起来
5.vim /etc/crypttab
————name(解密之后的名字) /dev/vdb1(设备) /root/passwdfile(密码存放文件)
6.vim /etc/rc.d/rc.local
————mount /dev/mapper/date(解密之后的文件) /mnt
7.chmod u+x /etc/rc.d/rc.local
8.df 查看目前挂载状况
9.reboot————df 重启之后查看开机自动挂载是否成功
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
[root@localhost mnt]# vim /root/mima
[root@localhost mnt]# chmod 600 /root/mima
[root@localhost mnt]# cryptsetup luksAddKey /dev/vdb1 /root/mima
Enter any passphrase:
[root@localhost mnt]# vim /etc/crypttab
[root@localhost mnt]# vim /etc/crypttab
[root@localhost mnt]# cat /etc/crypttab
jiemi /dev/vdb1 /root/mima
[root@localhost mnt]# vim /etc/rc.d/rc.local
[root@localhost mnt]# chmod u+x /etc/rc.d/rc.local
[root@localhost mnt]# df
Filesystem 1K-blocks Used Available Use% Mounted on
/dev/vda1 10473900 4336884 6137016 42% /
devtmpfs 927072 0 927072 0% /dev
tmpfs 942660 84 942576 1% /dev/shm
tmpfs 942660 17024 925636 2% /run
tmpfs 942660 0 942660 0% /sys/fs/cgroup
[root@localhost mnt]# reboot
[root@foundation66 ~]# ssh root@172.25.254.100
root@172.25.254.100‘s password:
Last login: Wed Feb 22 09:13:53 2017 from 172.25.254.66
[root@localhost ~]# df
Filesystem 1K-blocks Used Available Use% Mounted on
/dev/vda1 10473900 4336124 6137776 42% /
devtmpfs 927072 0 927072 0% /dev
tmpfs 942660 80 942580 1% /dev/shm
tmpfs 942660 17016 925644 2% /run
tmpfs 942660 0 942660 0% /sys/fs/cgroup
/dev/mapper/jiemi 96940 5176 91764 6% /mnt
[root@localhost ~]#
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
取消自动挂载
1.df———umount /mnt/————df 卸载
2.vim /etc/rc.d/rc.local 删除自动挂载
3.vim /etc/crypttab 删除解密后的名字
4.rm -fr /root/passwdlife 删除密码文件
5.ll———cryptsetup close /dev/mapper/date
6.mkfs.xfs /dev/vdb1 -f 强制格式化
7.若不需要此区分时:fdisk /dev/vdb——partprobe
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
[root@localhost ~]# umount /mnt/
[root@localhost ~]# vim /etc/rc.d/rc.local
[root@localhost ~]# echo > /etc/crypttab
[root@localhost ~]# rm -fr /root/mima
[root@localhost ~]# ls /dev/mapper/
control jiemi
[root@localhost ~]# cryptsetup close /dev/mapper/jiemi
[root@localhost ~]# mkfs.xfs /dev/vdb1 -f
meta-data=/dev/vdb1 isize=256 agcount=4, agsize=6400 blks
= sectsz=512 attr=2, projid32bit=1
= crc=0
data = bsize=4096 blocks=25600, imaxpct=25
= sunit=0 swidth=0 blks
naming =version 2 bsize=4096 ascii-ci=0 ftype=0
log =internal log bsize=4096 blocks=853, version=2
= sectsz=512 sunit=0 blks, lazy-count=1
realtime =none extsz=4096 blocks=0, rtextents=0
[root@localhost ~]# fdisk /dev/vdb
——————raid卡——————
#作用:加快磁盘的读写速度
软raid级别 0 1 5
raid 0 :写入数据的时候快
raid 1 :读的时候快,安全
raid 5 :即读的快,又u写的快,至少三块
——————用分区制作软raid 1——————
# 查看raid设备:cat /proc/mdstat
[root@localhost Desktop]# cat /proc/mdstat
Personalities :
unused devices: <none>
[root@localhost Desktop]#
1.fdisk /dev/vdb 建立三个分区
——n——p——t——fd——wq
Command (m for help): p
Disk /dev/vdb: 10.7 GB, 10737418240 bytes, 20971520 sectors
Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk label type: dos
Disk identifier: 0x09ec58d1
Device Boot Start End Blocks Id System
/dev/vdb1 2048 4196351 2097152 fd Linux raid autodetect
/dev/vdb2 4196352 8390655 2097152 fd Linux raid autodetect
/dev/vdb3 8390656 12584959 2097152 fd Linux raid autodetect
Command (m for help): wq
The partition table has been altered!
Calling ioctl() to re-read partition table.
Syncing disks.
[root@localhost Desktop]#
2.partprobe
3.madm -C /dev/md0 -a yes -l 1 -n 2 -x 1/dev/vdb{1..2}
———a yes在没有/dev/md0时自动创建
———l 1 raid 1
———n 2 用两块来做
———x 1 一块用做备份
4.mkfs.xfs /dev/md0 (—y) (强制)格式化
[root@localhost Desktop]# partprobe
[root@localhost Desktop]# mdadm -C /dev/md0 -a yes -l 1 -n 2 -x 1 /dev/vdb{1..3}
mdadm: /dev/vdb1 appears to contain an ext2fs file system
size=102400K mtime=Sun Feb 19 05:18:44 2017
mdadm: Note: this array has metadata at the start and
may not be suitable as a boot device. If you plan to
store ‘/boot‘ on this device please ensure that
your boot-loader understandsmd/v1.x metadata, or use
--metadata=0.90
Continue creating array? yes
mdadm: Defaulting to version 1.2 metadata
mdadm: array /dev/md0 started.
[root@localhost Desktop]# mkfs.xfs /dev/md0 -y
mkfs.xfs: invalid option -- ‘y‘
unknown option -y
Usage: mkfs.xfs
/* blocksize */ [-b log=n|size=num]
/* metadata */ [-m crc=[0|1]
5.mount /dev/md0 /mnt/
6.df
7.mdadm -D /dev/md0 查看raid详细信息
[root@localhost mnt]# mdadm -D /dev/md0
Number Major Minor RaidDevice State
0 253 17 0 active sync /dev/vdb1
1 253 18 1 active sync /dev/vdb2
2 253 19 - spare /dev/vdb3
[root@localhost mnt]#
*当/dev/vdb1损坏时 /dev/vdb3会自动替换
1.mdadm -f /dev/md0/dev/vdb1 损坏/dev/vdb1
————此时/dev/vdb3会自动替换/dev/vdb1
[root@localhost mnt]# mdadm -D /dev/md0
/dev/md0:
Version : 1.2
Creation Time : Wed Feb 22 08:21:17 2017
Raid Level : raid1
Array Size: 2096064 (2047.28 MiB 2146.37 MB)
Used Dev Size : 2096064 (2047.28 MiB 2146.37 MB)
Raid Devices : 2
Total Devices : 3
Persistence : Superblock is persistent
Update Time : Wed Feb 22 08:36:40 2017
State : clean, degraded, recovering
Active Devices : 1
Working Devices : 2
Failed Devices : 1
Spare Devices : 1
Rebuild Status : 7% complete
Name : localhost:0 (local to host localhost)
UUID : 8a46ecb1:35380f85:0b8ce11f:a81a287c
Events : 20
Number Major Minor RaidDevice State
2 253 19 0 spare rebuilding /dev/vdb3
1 253 18 1 active sync /dev/vdb2
0 253 17 - faulty /dev/vdb1
[root@localhost mnt]#
2.mdadm -r /dev/md0 /dev/vdb1 移除/dev/vdb1
3.mdadm -a /dev/md0 /dev/vdb1 添加/dev/vdb1
在此过程中可以随时使用 mdadm -D /dev/md0 查看详尽信息
[root@localhost mnt]# mdadm -r /dev/md0 /dev/vdb1
mdadm: hot removed /dev/vdb1 from/dev/md0
[root@localhost mnt]# mdadm -D /dev/md0
Number Major Minor RaidDevice State
2 253 19 0 activesync /dev/vdb3
1 253 18 1 active sync /dev/vdb2
[root@localhost mnt]# mdadm -a /dev/md0 /dev/vdb1
mdadm: added /dev/vdb1
[root@localhost mnt]#mdadm -D /dev/md0
Number Major Minor RaidDevice State
2 253 19 0 active sync /dev/vdb3
1 253 18 1 active sync /dev/vdb2
3 253 17 - spare /dev/vdb1
1.umount /mnt/
2.mdadm -S /dev/dm0 删除
3.rm -fr /dev/md0
如果不需要分区时:
4.fdisk /dev/vdb
——d
5.cat /proc/partitions 查看每个分区工作状态
[root@localhost mnt]# cat /proc/partitions
major minor #blocks name
253 0 10485760 vda
253 1 10484142 vda1
253 16 10485760 vdb
253 17 2097152 vdb1
253 18 2097152 vdb2
253 19 2097152 vdb3
9 0 2096064 md0
[root@localhost mnt]# umount /mnt/
umount: /mnt/: not mounted
[root@localhostmnt]# mdadm -S /dev/md0
mdadm: stopped/dev/md0
[root@localhost mnt]# rm -fr /dev/md0
[root@localhost mnt]# cat /proc/partitions
major minor #blocks name
253 0 10485760 vda
253 1 10484142 vda1
253 16 10485760 vdb
253 17 2097152 vdb1
253 18 2097152 vdb2
253 19 2097152 vdb3
[root@localhost mnt]#
unit9
1.环境配置
[root@localhost Desktop]# cat /etc/yum.repos.d/rhel_dvd.repo #配置yum源
Created by cloud-init on Thu, 10 Jul 2014 22:19:11 +0000
[rhel_dvd]
gpgcheck = 0
enabled = 1
baseurl = http://172.25.254.66/rhel7.2
name = Remote classroom copy of dvd
[root@localhost Desktop]# yum clean all #清空缓存
Loaded plugins: langpacks
Cleaning repos: rhel_dvd
Cleaning up everything
[root@localhost Desktop]# cd /var/ftp #ftp访问目录
-bash: cd: /var/ftp: No such file or directory
[root@localhost Desktop]# yum install vsftpd.x86_64 -y
[root@localhost ftp]# systemctl start vsftpd
[root@localhost ftp]# systemctl status vsftpd.service
vsftpd.service - Vsftpd ftp daemon
Loaded: loaded (/usr/lib/systemd/system/vsftpd.service; disabled)
Active: active (running) since Wed 2017-03-08 10:17:53 EST; 9s ago
Process: 2216 ExecStart=/usr/sbin/vsftpd /etc/vsftpd/vsftpd.conf (code=exited, status=0/SUCCESS)
Main PID: 2217 (vsftpd)
CGroup: /system.slice/vsftpd.service
└─2217 /usr/sbin/vsftpd /etc/vsftpd/vsftpd.conf
Mar 08 10:17:53 localhost systemd[1]: Started Vsftpd ftp daemon.
[root@localhost Desktop]# cd /var/ftp/ #ftp服务访问目录
[root@localhost ftp]# ls pub
[root@localhost ftp]# mkdir Linux
[root@localhost ftp]# touch westos
[root@localhost ftp]# ls linux pub westos
2.客户端:
安装 lftp
[kiosk@foundation66 Desktop]yum install lftp.x86_64
[kiosk@foundation66Desktop] lftp172.25.254.200
[kiosk@foundation66 Desktop]$ lftp 172.25.254.200
lftp 172.25.254.200:~> ls
drwxr-xr-x 2 0 0 6 Mar 08 15:17 linux
drwxr-xr-x 2 0 0 6 Aug 03 2015 pub
-rw-r–r– 1 0 0 0 Mar 08 15:17 westos
lftp 172.25.254.200:/> exit
[kiosk@foundation66 Desktop]$
2.ftp配置
每次修改完配置文件之后,都需要重启服务
[root@localhost Desktop]# getenforce #查看 selinux 状态
Enforcing #开启
disabled #关闭
[root@localhost Desktop]# vim /etc/sysconfig/selinux #内核文件
SELINUX=enforcing ——disabled
[root@localhost Desktop]# reboot #从内核重启
[root@localhost Desktop]# vim /etc/vsftpd/vsftpd.conf
……
anonymous_enable=YES #匿名账户允许登陆(ftp用户)
local_enable=YES #本地账户允许登陆
write_enable=YES #本地账户可以写入
……
测试:
客户端: lftp IP (-u username)
所访问的位置是 username 的家目录
ftp配置文件相关参数:
write_enable=YES #本地用户可以写入
anon_upload_enable=YES #匿名用户写入权限
anon_upload_enable=YES|NO #匿名用户上传
anon_world_readable_only=NO #匿名用下载,NO表示匿名用户可以下载
anon_other_write_enable=YES #匿名用户可以删除
anon_mkdir_write_anables=YES 允许创建目录
anon_root=/westos(需要指定成为的家目录) #匿名用户的家目录
local_root=/linux #本地用户的家目录
local_umask=011 #本地用户umask
anon_umask=055 #匿名用户umask
anon_max_rate=102400(最大传输速率) #默认单位是字节
max_clients=2 #最多只能允许两个设备连接
chroot_local_user=YES #是否允许在用户家目录之外的目录中去
chroot_list_enable=YES
chroot_list_file=/etc/vsftpd/chroot_list#制作黑白名单
3.登陆黑白名单设置
[root@localhost Desktop]# cd /etc/vsftpd/ #ftp服务配置文件
[root@localhost vsftpd]# ls
ftpusers(永久黑名单) user_list(临时黑名单) vsftpd.conf vsftpd_conf_migrate.sh
*白名单:
1.修改主配置文件
2.将需要限制的用户放入名单中
[root@localhost vsftpd]# vim vsftpd.conf
……
listen_ipv6=YES
pam_service_name=vsftpd
userlist_enable=YES
userlist_deny=NO
tcp_wrappers=YES
……
[root@dchxmj vsftpd]# echo student > /etc/vsftpd/user_list
黑名单:
[root@localhost vsftpd]# vim vsftpd.conf
……
listen_ipv6=YES
pam_service_name=vsftpd
userlist_enable=YES
tcp_wrappers=YES
……
[root@dchxmj vsftpd]# echo student > ftpusers
测试:
客户端:
lftp IP -u username
白名单或黑名单里面所指定的username
4.ftp虚拟用户的设定
[root@localhost vsftpd]# cd /etc/vsftpd/
[root@localhost vsftpd]# touch linux #创建家目录
[root@localhost vsftpd]# vim linux
[root@localhost vsftpd]# cat linux
linux1 #虚拟账户名
123 #虚拟账户名所对应的密码
linux2
123
[root@localhost vsftpd]# db_load -T -t hash -f /etc/vsftpd/linux linux.db #加密
[root@localhost vsftpd]# cd /etc/pam.d/
account required pam_userdb.so db=/etc/vsftpd/linux
auth required pam_userdb.so db=/etc/vsftpd/linux
[root@localhost pam.d]# vim /etc/vsftpd/vsftpd.conf
……
pam_service_name=yanzheng #/etc/pam.d/下的验证文件
userlist_enable=YES
tcp_wrappers=YES
guest_enable=YES
guest_username=student #虚拟用户以student的身份访问
……
[root@localhost pam.d]# systemctl restart vsftpd
5.设定虚拟用户的家目录
1.mkdir -p /linux/linux1 创建家目录
2.mkdir -p /linux/linux2
3.touch /linux/linux1/linux1file1
4.touch /linux/linux2/linux2file2
5.vim /etc/vsftpd/vsftpd.conf
# Make sure, that one of the listen options is commented !!
listen_ipv6=YES
pam_service_name=linux
userlist_enable=YES
tcp_wrappers=YES
guest_enable=YES
guest_username=student
local_root=/linux/USER指定登陆用户的家目录usersubtoken=USER 关联shell和ftp
:wq
原文地址:http://ybzbfs.blog.51cto.com/12765816/1920073