码迷,mamicode.com
首页 > 其他好文 > 详细

rhce考题操作

时间:2019-06-15 13:32:06      阅读:100      评论:0      收藏:0      [点我收藏+]

标签:taf   httpd   def   config   contex   链路   amp   client   down   

1.设置selinux和YUM源
vim /etc/selinux/config
enforcing
yum-config-manage --add-repo=http://server.group8.example.com/yum

 

1.设置selinux和YUM源
vim /etc/selinux/config
enforcing
yum-config-manage --add-repo=http://server.group8.example.com/yum

2.设置SSH
firewall-cmd --permanent --add-service=ssh
firewall-cmd --permanent --add-rich-rule ‘rule family=ipv4 source address=172.24.8.0/24 server name=ssh‘
firewall-cmd --reload

3.设置用户环境
vim /etc/bashrc
alias qstat=‘/bin/ps -Ao pid,tt,user,fname,rsz‘

4.配置端口转发
firewall-cmd --permanent --add-rich-rule ‘rule family=ipv4 source address=172.24.8.0/24 forword-port port=5423 protocol=tcp to-port=80‘

5.配置链路聚合
nmcli con add con-name team0 ifname team0 type team config ‘{"runner":{"name":"acvitebackup"}}‘
nmcli con add type team-slave con-name port1 ifname eth1 master team0
nmcli con add type team-slave con-name port2 ifname eth2 master team0
nmcli con modify team0 ipv4.address 172.16.3.40/24 ipv4.method manual connection.autoconte yes
nmcli con up team0

6.配置ipv6
nmcli con modify eth0 ipv6.address 2003:ac18::305/64 ipv4.method manual connection.autoconte yes
nmcli con down eth0 && nmcli con up eth0

7.配置本地邮箱
vim /etc/postfix/main.conf
int=loopback-only
mydest =
relayhost=[mail.group8.example.com]
myreorigin=server.group8.example.com
mynetwork=127.0.0.0/8
local_transport=error:err
local_transport=error:err
##测试
echo test | mail -s testmail dave

8.配置SMB服务
yum install -y samba*
vim /etc/samba/smb.conf
workgroup=STAFF
[common]
path=/common
browsebale=yes
host allow=172.24.8.
mkdir /common
firewall-cmd --permanent --add-service=samba
firewall-cmd --reload
semanage fcontext -a -t ‘samba_share_t‘ ‘/common(/.*)?‘
restorscon -Rv /common
smbpasswd -a andy
systemctl enable smb nmb
systemctl restart smb nmb

9.配置多用户SMB服务
system1:
vim /etc/samba/smb.conf
[devops]
path=/devops
browseable=yes
host allow=172.24.8.
write list=akira
mkdir /devops
semanage fcontext -a -t ‘samba_share_t‘ ‘/devops(/.*)?‘
restorscon -Rv /devops
smbpasswd -a silene
smbpasswd -a akira

system2:
yum install cifs-utls samba-client -y
mkdir /mnt/dev
vim /etc/fstab
//172.24.8.11/devops /mnt/dev cifs defaults,multiuser,username=silene,passwd=redhat,sec=ntlmssp
mount -a
su -a silene
cifscreat add 172.24.8.11
su -a akira
cifscreat add 172.24.8.11
touch test

10.配置NFS
system1:
yum install nfs* -y
systemctl enable nfs-server nfs-secure-server
mkdir /public /protected/project
semanage fcontext -a -t ‘public_content_t‘ ‘/protected(/.*)?‘
semanage fcontext -a -t ‘public_content_t‘ ‘/protected/project(/.*)?‘
restorecon -Rv /protected
restorecon -Rv /protected/project
vim /etc/sysconfig/nfs
RP="-V 4.2"
wget -O /etc/krb5.keytab http://server.group8.example.com/pub/krb5.keytab
vim /etc/exports
/public *.group8.example.com(ro,sec=sync,sys)
/protected *.group8.example.com(rw,sec=krb5p,sys)
exports -ra

11.挂载NFS
system2:
mkdir /mnt/nfsmount /mnt/nfssecure
wget -O /etc/krb5.keytab
vim /etc/fstab
system1:public /mnt/nfsmount nfs defaults,sec=sys 0 0
system1:protected /mnt/nfssecure nfs defualts,sec=krb5p,v4.2 0 0
systemctl enable nfs-secure
systemctl restart nfs-secure
mount -a
su - andres
kinit
cd /mnt/nfssecure/project
touch test

11.安装web服务
yum install -y httpd mod_ssl mod_wsgi -y
firewall-cmd --permanage --add-service=http
firewall-cmd --permanage --add-service=https
wget -O /var/www/html/index.html

12.安装安全的web网站
wget -O /etc/pki/tls/creat/system1.crt
wget -O /etc/pki/tls/creat/ssl-ca.crt
wget -O /etc/pki/tls/private/system1.key
vim /etc/httpd/conf.d/ssl.conf
<virtualhost *:443>
servername system1.group8.example.com
documentroot /var/www/html/
SSL=/etc/pki/tls/creat/system1.crt
SSl=/etc/pki/tls/private/system1.key
SSL=/etc/pki/tls/creat/ssl-ca.key
</virtualhost>

13.配置多主机
mkdir /var/www/virtual
setfacl -m u:andy:rwx /var/www/virtual
semanage fcontext -a -t ‘httpd_sys_content_t‘ ‘/var/www/virtual(/.*)?‘
restorecon -Rv /var/www/virtual
vim /etc/httpd/conf/httpd.conf
<virtualhost *:80>
servername www8.group8.example.com
ducomentroot /var/www/virtual
</virtualhost>

14.配置访问权限
mkdir /var/www/html/private /var/www/virtual/private
wget -O /var/www/html/private/index.html
wget -O /var/www/virtual/private/index.html
vim /etc/httpd/conf/httpd.conf
<dirsectory "/var/www/html/private">
requier all denied
require local
</dirsectory>
<dirsectory "/var/www/virtual/private">
require all denied
require local
</dirsectory>

15.配置动态页面
firewall-cmd --permanage --add-rich rule ‘rule family=ipv4 port port=8909 protocol=tcp accept‘
wget -O /var/www/html/webinfo.wsgi
vim /etc/httpd/conf/httpd.conf
<virtualhost *:8909>
servername wsgi.group8.example.com
wsgiscripalias / /var/www/html/webinfo.wsgi
<virtualhost>

16.创建foo脚本

vim /root/foo.sh

#!/bin/bash
case $1 in
	redhat)
		echo "fedora"
	;;
	fedora)
		echo "redhat"
	;;
	*)
		echo "/root/foo.sh redhat | fedora"
	;;
esac

 chmod 755 /root/foo.sh

 

 

17.创建用户脚本

vim /root/batchusers

#!/bin/bash
if [ $# -eq 1 ];then
	if [ -f "$1" ];then
		while read username;do
			useradd -s /bin/false $username &>/dev/null
		done < $1
	else
		echo "userfile"
		exit 1
	fi
else
	echo "Uage"
	exit 2
fi

chmod 755 /root/batchusers

 

18.配置iscsi

rhce考题操作

标签:taf   httpd   def   config   contex   链路   amp   client   down   

原文地址:https://www.cnblogs.com/zerg2/p/11027238.html

(0)
(0)
   
举报
评论 一句话评论(0
登录后才能评论!
© 2014 mamicode.com 版权所有  联系我们:gaon5@hotmail.com
迷上了代码!