标签:taf httpd def config contex 链路 amp client down
1.设置selinux和YUM源
vim /etc/selinux/config
enforcing
yum-config-manage --add-repo=http://server.group8.example.com/yum
1.设置selinux和YUM源
vim /etc/selinux/config
enforcing
yum-config-manage --add-repo=http://server.group8.example.com/yum
2.设置SSH
firewall-cmd --permanent --add-service=ssh
firewall-cmd --permanent --add-rich-rule ‘rule family=ipv4 source address=172.24.8.0/24 server name=ssh‘
firewall-cmd --reload
3.设置用户环境
vim /etc/bashrc
alias qstat=‘/bin/ps -Ao pid,tt,user,fname,rsz‘
4.配置端口转发
firewall-cmd --permanent --add-rich-rule ‘rule family=ipv4 source address=172.24.8.0/24 forword-port port=5423 protocol=tcp to-port=80‘
5.配置链路聚合
nmcli con add con-name team0 ifname team0 type team config ‘{"runner":{"name":"acvitebackup"}}‘
nmcli con add type team-slave con-name port1 ifname eth1 master team0
nmcli con add type team-slave con-name port2 ifname eth2 master team0
nmcli con modify team0 ipv4.address 172.16.3.40/24 ipv4.method manual connection.autoconte yes
nmcli con up team0
6.配置ipv6
nmcli con modify eth0 ipv6.address 2003:ac18::305/64 ipv4.method manual connection.autoconte yes
nmcli con down eth0 && nmcli con up eth0
7.配置本地邮箱
vim /etc/postfix/main.conf
int=loopback-only
mydest =
relayhost=[mail.group8.example.com]
myreorigin=server.group8.example.com
mynetwork=127.0.0.0/8
local_transport=error:err
local_transport=error:err
##测试
echo test | mail -s testmail dave
8.配置SMB服务
yum install -y samba*
vim /etc/samba/smb.conf
workgroup=STAFF
[common]
path=/common
browsebale=yes
host allow=172.24.8.
mkdir /common
firewall-cmd --permanent --add-service=samba
firewall-cmd --reload
semanage fcontext -a -t ‘samba_share_t‘ ‘/common(/.*)?‘
restorscon -Rv /common
smbpasswd -a andy
systemctl enable smb nmb
systemctl restart smb nmb
9.配置多用户SMB服务
system1:
vim /etc/samba/smb.conf
[devops]
path=/devops
browseable=yes
host allow=172.24.8.
write list=akira
mkdir /devops
semanage fcontext -a -t ‘samba_share_t‘ ‘/devops(/.*)?‘
restorscon -Rv /devops
smbpasswd -a silene
smbpasswd -a akira
system2:
yum install cifs-utls samba-client -y
mkdir /mnt/dev
vim /etc/fstab
//172.24.8.11/devops /mnt/dev cifs defaults,multiuser,username=silene,passwd=redhat,sec=ntlmssp
mount -a
su -a silene
cifscreat add 172.24.8.11
su -a akira
cifscreat add 172.24.8.11
touch test
10.配置NFS
system1:
yum install nfs* -y
systemctl enable nfs-server nfs-secure-server
mkdir /public /protected/project
semanage fcontext -a -t ‘public_content_t‘ ‘/protected(/.*)?‘
semanage fcontext -a -t ‘public_content_t‘ ‘/protected/project(/.*)?‘
restorecon -Rv /protected
restorecon -Rv /protected/project
vim /etc/sysconfig/nfs
RP="-V 4.2"
wget -O /etc/krb5.keytab http://server.group8.example.com/pub/krb5.keytab
vim /etc/exports
/public *.group8.example.com(ro,sec=sync,sys)
/protected *.group8.example.com(rw,sec=krb5p,sys)
exports -ra
11.挂载NFS
system2:
mkdir /mnt/nfsmount /mnt/nfssecure
wget -O /etc/krb5.keytab
vim /etc/fstab
system1:public /mnt/nfsmount nfs defaults,sec=sys 0 0
system1:protected /mnt/nfssecure nfs defualts,sec=krb5p,v4.2 0 0
systemctl enable nfs-secure
systemctl restart nfs-secure
mount -a
su - andres
kinit
cd /mnt/nfssecure/project
touch test
11.安装web服务
yum install -y httpd mod_ssl mod_wsgi -y
firewall-cmd --permanage --add-service=http
firewall-cmd --permanage --add-service=https
wget -O /var/www/html/index.html
12.安装安全的web网站
wget -O /etc/pki/tls/creat/system1.crt
wget -O /etc/pki/tls/creat/ssl-ca.crt
wget -O /etc/pki/tls/private/system1.key
vim /etc/httpd/conf.d/ssl.conf
<virtualhost *:443>
servername system1.group8.example.com
documentroot /var/www/html/
SSL=/etc/pki/tls/creat/system1.crt
SSl=/etc/pki/tls/private/system1.key
SSL=/etc/pki/tls/creat/ssl-ca.key
</virtualhost>
13.配置多主机
mkdir /var/www/virtual
setfacl -m u:andy:rwx /var/www/virtual
semanage fcontext -a -t ‘httpd_sys_content_t‘ ‘/var/www/virtual(/.*)?‘
restorecon -Rv /var/www/virtual
vim /etc/httpd/conf/httpd.conf
<virtualhost *:80>
servername www8.group8.example.com
ducomentroot /var/www/virtual
</virtualhost>
14.配置访问权限
mkdir /var/www/html/private /var/www/virtual/private
wget -O /var/www/html/private/index.html
wget -O /var/www/virtual/private/index.html
vim /etc/httpd/conf/httpd.conf
<dirsectory "/var/www/html/private">
requier all denied
require local
</dirsectory>
<dirsectory "/var/www/virtual/private">
require all denied
require local
</dirsectory>
15.配置动态页面
firewall-cmd --permanage --add-rich rule ‘rule family=ipv4 port port=8909 protocol=tcp accept‘
wget -O /var/www/html/webinfo.wsgi
vim /etc/httpd/conf/httpd.conf
<virtualhost *:8909>
servername wsgi.group8.example.com
wsgiscripalias / /var/www/html/webinfo.wsgi
<virtualhost>
16.创建foo脚本
vim /root/foo.sh
#!/bin/bash case $1 in redhat) echo "fedora" ;; fedora) echo "redhat" ;; *) echo "/root/foo.sh redhat | fedora" ;; esac
chmod 755 /root/foo.sh
17.创建用户脚本
vim /root/batchusers
#!/bin/bash if [ $# -eq 1 ];then if [ -f "$1" ];then while read username;do useradd -s /bin/false $username &>/dev/null done < $1 else echo "userfile" exit 1 fi else echo "Uage" exit 2 fi
chmod 755 /root/batchusers
18.配置iscsi
标签:taf httpd def config contex 链路 amp client down
原文地址:https://www.cnblogs.com/zerg2/p/11027238.html