九期馬哥教育測試題（1-5）

說明：

1、以下每個服務要求服務器重啓後依然有效；

2、yum服務通過http://172.16.0.1/yum提供；

3、要求selinux處於permissive狀態；

4、本地網絡爲172.16.X.0/16，測試網絡爲192.168.0.0/24；

5、每位同學的IP地址爲172.16.X.1, 子網掩碼爲255.255.0.0，網關爲172.16.0.1，DNS服務器爲172.16.0.1，主機名爲stuX.magedu.com，其中X爲你的座位號；

編輯/etc/yum.repos.d/ftp.repo

[Server]

name=Server

baseurl=ftp://172.16.0.1/pub/Server

enable=1

gpgcheck=0

[VT]

name=VT

baseurl=ftp://172.16.0.1/pub/VT

enable=1

gpgcheck=0

[ClusterStorage]

name=ClusterStorage

baseurl=ftp://172.16.0.1/pub/ClusterStorage

enable=1

gpgcheck=0

[Cluster]

name=Cluster

baseurl=ftp://172.16.0.1/pub/Cluster

enable=1

gpgcheck=0

編輯 /etc/selinux/config

SELINUX=permissive

編輯 vim /etc/sysconfig/network-scripts/ifcfg-eth0

DEVICE=eth0

BOOTPROTO=static

HWADDR=00:0C:29:78:86:77

IPADDR=172.16.16.1

NETMASK=255.255.0.0

ONBOOT=yes

編輯/etc/sysconfig/network

NETWORKING=yes

NETWORKING_IPV6=yes

HOSTNAME=stu16.magedu.com

GATEWAY=172.16.0.1

編輯/etc/resolv.conf

nameserver 172.16.16.1

search localdomain

1、主機名稱解析服務器配置，要求：

1)建立DNS服務器，負責解析的域爲magedu.com；

2)要求將MX記錄指向mail.magedu.com，且對應A記錄爲本機IP；

3)要求將NS記錄指向ns.magedu.com，且對應A記錄爲本機IP；

4)建立www1,www2,proxy等A記錄指向本機IP；爲mail主機建立別名記錄pop3和imaps；

5)爲所有A記錄建立PTR記錄；

6)magedu.com區域僅允許172.16.0.0/16網絡中的主機做區域傳送；對應的反向區域不允許任何主機做區域傳送；

7)爲正向區域建立子域委派，兩個子域爲tech.magedu.com和fin.magedu.com，子域服務器地址爲172.16.x.5；（僅給出實現授權的記錄即可）

8)將example.com域的所有請求轉發至172.16.0.1進行解析；

9)此DNS服務拒絕192.168.1.0/24網絡內的任何主機使用；

yum install bind97

yum install bind97-devel

iptables -t filter -A INPUT -s 192.168.1.0/24 -p tcp --dport 25 -j REJECT

mkdir /etc/sysconfig/iptables

iptables-save > /etc/sysconfig/iptables

編輯/etc/named.conf

options{

directory "/var/named";

};

zone "." IN {

type hint;

file "named.ca";

};

zone "magedu.com" IN {

type master;

file "magedu.com.zone";

allow-transfer { 172.16.0.0/16; };

};

zone "16.172.in-addr.arpa" IN {

type master;

file "172.16.zone";

allow-transfer { none;};

};

zone "example.com" IN {

type forward;

forward only ;

forwarders { 172.16.0.1; };

};

編輯 /var/named/magedu.com.zone

$TTL 86400

$ORIGIN magedu.com.

@ IN SOA mail.magedu.com. admin.magedu.com.(

2012111001

1D )

IN NS mail

IN NS www1

IN NS www2

IN MX 10 mail

IN NS proxy

pop3 IN CNAME mail

imaps IN CNAME mail

mail IN A 172.16.16.1

www1 IN A 172.16.16.1

www2 IN A 172.16.16.1

proxy IN A 172.16.16.1

tech.magedu.com. IN NS mail.tech.magedu.com.

mail.tech.magedu.com. IN A 172.16.16.5

fin.magedu.com. IN NS mail.fin.magedu.com.

mail.fin.magedu.com. IN A 172.16.16.5

編輯/var/named/172.16.zone

$TTL 86400

$ORIGIN 16.172.in-addr.arpa.

@ IN SOA mail.magedu.com admin.magedu.com (

2012111101

10M

11D

1D )

IN NS mail.magedu.com.

IN NS www1.magedu.com.

IN NS www2.magedu.com.

IN NS proxy.magedu.com.

1.16 IN PTR mail.magedu.com.

1.16 IN PTR www1.magedu.com.

1.16 IN PTR www2.magedu.com.

1.16 IN PTR proxy.magedu.com.

啓動fservice named start

2、建立httpd服務器(基於編譯的方式進行)，要求：

1)提供兩個基於名稱的虛擬主機:

(a)www1.magedu.com，頁面文件目錄爲/web/vhosts/www1；錯誤日誌爲/var/log/httpd/www1.err，訪問日誌爲/var/log/httpd/www1.access；

(b)www2.magedu.com，頁面文件目錄爲/web/vhosts/www2；錯誤日誌爲/var/log/httpd/www2.err，訪問日誌爲/var/log/httpd/www2.access；

(c)爲兩個虛擬主機建立各自的主頁文件index.html，內容分別爲其對應的主機名；

(d)通過www1.magedu.com/server-status輸出httpd工作狀態相關信息，且只允許提供帳號密碼才能訪問(status:status)；

2)www1主機僅允許172.16.0.0/16網絡中的客戶機訪問；www2主機可以被所有主機訪問；

ftp://172.16.0.1/pub/Sources/new_lamp

apr-1.4.6.tar.bz2

apr-devel-1.4.6-1.i386.rpm

apr-util-1.4.1.tar.bz2

apr-util-devel-1.4.1-1.i386.rpm

# yum install pcre-devel

# tar xf httpd-2.4.3.tar.bz2

# cd httpd-2.4.3

# ./configure --prefix=/usr/local/apache --sysconfdir=/etc/httpd --enable-so --enable-ssl --enable-cgi --enable-rewrite --with-zlib --with-pcre --with-apr=/usr/local/apr --with-apr-util=/usr/local/apr-util --enable-mpms-shared=all --with-mpm=event

# make && make install

vim /etc/rc.d/init.d/httpd

#!/bin/bash

# httpd Startup script for the Apache HTTP Server

# chkconfig: - 85 15

# description: Apache is a World Wide Web server. It is used to serve \

# HTML files and CGI.

# processname: httpd

# config: /etc/httpd/conf/httpd.conf

# config: /etc/sysconfig/httpd

# pidfile: /var/run/httpd.pid

# Source function library.

. /etc/rc.d/init.d/functions

if [ -f /etc/sysconfig/httpd ]; then

. /etc/sysconfig/httpd

# Start httpd in the C locale by default.

HTTPD_LANG=${HTTPD_LANG-"C"}

# This will prevent initlog from swallowing up a pass-phrase prompt if

# mod_ssl needs a pass-phrase from the user.

INITLOG_ARGS=""

# Set HTTPD=/usr/sbin/httpd.worker in /etc/sysconfig/httpd to use a server

# with the thread-based "worker" MPM; BE WARNED that some modules may not

# work correctly with a thread-based MPM; notably PHP will refuse to start.

# Path to the apachectl script, server binary, and short-form for messages.

apachectl=/usr/local/apache/bin/apachectl

httpd=${HTTPD-/usr/local/apache/bin/httpd}

prog=httpd

pidfile=${PIDFILE-/usr/local/apache/logs/httpd.pid}

lockfile=${LOCKFILE-/var/lock/subsys/httpd}

RETVAL=0

start() {

echo -n $"Starting $prog: "

LANG=$HTTPD_LANG daemon --pidfile=${pidfile} $httpd $OPTIONS

RETVAL=$?

echo

[ $RETVAL = 0 ] && touch ${lockfile}

return $RETVAL

}

stop() {

echo -n $"Stopping $prog: "

killproc -p ${pidfile} -d 10 $httpd

RETVAL=$?

echo

[ $RETVAL = 0 ] && rm -f ${lockfile} ${pidfile}

}

reload() {

echo -n $"Reloading $prog: "

if ! LANG=$HTTPD_LANG $httpd $OPTIONS -t >&/dev/null; then

RETVAL=$?

echo $"not reloading due to configuration syntax error"

failure $"not reloading $httpd due to configuration syntax error"

else

killproc -p ${pidfile} $httpd -HUP

RETVAL=$?

echo

}

# See how we were called.

case "$1" in

start)

start

;;

stop)

stop

;;

status)

status -p ${pidfile} $httpd

RETVAL=$?

;;

restart)

stop

start

;;

condrestart)

if [ -f ${pidfile} ] ; then

stop

start

;;

reload)

reload

;;

graceful|help|configtest|fullstatus)

$apachectl $@

RETVAL=$?

;;

echo $"Usage: $prog {start|stop|restart|condrestart|reload|status|fullstatus|graceful|help|configtest}"

exit 1

esac

exit $RETVAL

而後爲此腳本賦予執行權限：

# chmod +x /etc/rc.d/init.d/httpd

# chkconfig --add httpd

將命令加入大系統的PATH環境當中，因爲我的apache是安裝在/usr/local/下所以我的bin可執行程序也是要到這個目錄下面去找的。

vim /etc/profile.d/httpd.sh

PATH=$PATH:/usr/local/apache/bin

export PATH

讓其立即生效：source /etc/profile.d/httpd.sh

在主配置文件/etc/httpd/httpd.conf註釋掉以下行

#<Directory />

# AllowOverride none

# Require all denied

#</Directory>

#DocumentRoot "/usr/local/apache/htdocs"

並且在主配置文件當中將這行的註釋取消掉

Include /etc/httpd/extra/httpd-vhosts.conf

在虛擬主機配置文件/etc/httpd/extra/httpd-vhosts.conf當中定義

ServerName "www1.magedu.com"

DocumentRoot "/web/vhosts/www1"

ErrorLog "/var/log/httpd/www1.err"

CustomLog "/var/log/httpd/www1.access" common

SetHandler server-status

AllowOverride Authconfig

AuthType Basic

AuthName "Limit..."

AuthUserFile "/etc/httpd/user"

Require valid-user

</Location>

Require ip 172.16.0.1/16

Require all denied

</Directory>

</VirtualHost>

ServerName "www2.magedu.com"

DocumentRoot "/web/vhosts/www2"

ErrorLog "/var/log/httpd/www2.err"

CustomLog "/var/log/httpd/www2.access" common

Require all granted

</Directory>

</VirtualHost>

提供虛擬主機的的網頁，提供錯誤日誌存放的地方

mkdir /web/vhosts/www1 -pv

mkdir /web/vhosts/www2 -pv

vim /web/vhosts/www1 index.html

www1.magedu.com

vim /web/vhosts/www2 index.html

www2.magedu.com

mkdir /var/log/httpd/www2.access -pv

mkdir /var/log/httpd/www2.err -pv

mkdir /var/log/httpd/www1.access -pv

mkdir /var/log/httpd/www1.err -pv

service httpd restart

mkdir /etc/httpd/user

爲查看apache的狀態信息提供用戶密碼！用戶是htuser密碼是redhat

htpasswd -c -m /etc/httpd/user htuser

此時訪問這個主頁的http://www1.magedu.com/server-status則需要輸入用戶名和密碼

3、建立nginx服務器，要求：

yum install pcre

yum install pcre-devel

ftp://172.16.0.1 /pub/Sources/nginx> get nginx-1.2.3.tar.gz

tar xf nginx-1.2.3.tar.gz

cd nginx-1.2.3

./configure \

--prefix=/usr \

--sbin-path=/usr/sbin/nginx \

--conf-path=/etc/nginx/nginx.conf \

--error-log-path=/var/log/nginx/error.log \

--http-log-path=/var/log/nginx/access.log \

--pid-path=/var/run/nginx/nginx.pid \

--lock-path=/var/lock/nginx.lock \

--user=nginx \

--group=nginx \

--with-http_ssl_module \

--with-http_flv_module \

--with-http_stub_status_module \

--with-http_gzip_static_module \

--http-client-body-temp-path=/var/tmp/nginx/client/ \

--http-proxy-temp-path=/var/tmp/nginx/proxy/ \

--http-fastcgi-temp-path=/var/tmp/nginx/fcgi/ \

--http-uwsgi-temp-path=/var/tmp/nginx/uwsgi \

--http-scgi-temp-path=/var/tmp/nginx/scgi \

--with-pcre=/usr

# make && make install

注意因爲最開始httpd這個服務已經佔據了80端口，而nginx默認的端口又是80端口，所以此時要先停掉httpd這個服務。

service httpd stop

爲nginx提供SysV init腳本:

新建文件/etc/rc.d/init.d/nginx，內容如下：

#!/bin/sh

# nginx - this script starts and stops the nginx daemon

# chkconfig: - 85 15

# description: Nginx is an HTTP(S) server, HTTP(S) reverse \

# proxy and IMAP/POP3 proxy server

# processname: nginx

# config: /etc/nginx/nginx.conf

# config: /etc/sysconfig/nginx

# pidfile: /var/run/nginx.pid

# Source function library.

. /etc/rc.d/init.d/functions

# Source networking configuration.

. /etc/sysconfig/network

# Check that networking is up.

[ "$NETWORKING" = "no" ] && exit 0

nginx="/usr/sbin/nginx"

prog=$(basename $nginx)

NGINX_CONF_FILE="/etc/nginx/nginx.conf"

[ -f /etc/sysconfig/nginx ] && . /etc/sysconfig/nginx

lockfile=/var/lock/subsys/nginx

make_dirs() {

# make required directories

user=`nginx -V 2>&1 | grep "configure arguments:" | sed 's/[^*]*--user=$[^ ]*$.*/\1/g' -`

options=`$nginx -V 2>&1 | grep 'configure arguments:'`

for opt in $options; do

if [ `echo $opt | grep '.*-temp-path'` ]; then

value=`echo $opt | cut -d "=" -f 2`

if [ ! -d "$value" ]; then

# echo "creating" $value

mkdir -p $value && chown -R $user $value

done

}

start() {

[ -x $nginx ] || exit 5

[ -f $NGINX_CONF_FILE ] || exit 6

make_dirs

echo -n $"Starting $prog: "

daemon $nginx -c $NGINX_CONF_FILE

retval=$?

echo

[ $retval -eq 0 ] && touch $lockfile

return $retval

}

stop() {

echo -n $"Stopping $prog: "

killproc $prog -QUIT

retval=$?

echo

[ $retval -eq 0 ] && rm -f $lockfile

return $retval

}

restart() {

configtest || return $?

stop

sleep 1

start

}

reload() {

configtest || return $?

echo -n $"Reloading $prog: "

killproc $nginx -HUP

RETVAL=$?

echo

}

force_reload() {

restart

}

configtest() {

$nginx -t -c $NGINX_CONF_FILE

}

rh_status() {

status $prog

}

rh_status_q() {

rh_status >/dev/null 2>&1

}

case "$1" in

start)

rh_status_q && exit 0

;;

stop)

rh_status_q || exit 0

;;

restart|configtest)

;;

reload)

rh_status_q || exit 7

;;

force-reload)

force_reload

;;

status)

rh_status

;;

condrestart|try-restart)

rh_status_q || exit 0

;;

echo $"Usage: $0 {start|stop|status|restart|condrestart|try-restart|reload|force-reload|configtest}"

exit 2

esac

而後爲此腳本賦予執行權限：

# chmod +x /etc/rc.d/init.d/nginx

添加至服務管理列表，並讓其開機自動啓動：

# chkconfig --add nginx

# chkconfig nginx on

啓動服務確認nginx是正常工作的

service nginx start

添加虛擬主機：vim /etc/nginx/nginx.com【一個server就是一個虛擬主機】

server {

listen 8080;

server_name www1.magedu.com;

access_log /var/log/nginx/www1.access;

error_log /var/log/nginx/www1.err;

location / {

root www/htdocs/www1;

index index.html;

}

location /server-status {

stub_status on;

auth_basic "please input username-password";

auth_basic_user_file "/etc/nginx/user";

}

server {

listen 8080;

server_name www2.magedu.com;

access_log /var/log/nginx/www2.access;

error_log /var/log/nginx/www2.err;

location / {

root www/htdocs/www2/;

index index.html;

allow 172.16.0.0/16;

deny all;

}

建立網頁文件，和日誌文件存放的目錄

mkdir /usr/www/htdocs/www1

vim /usr/www/htdocs/www1/index.html

hello nginx www1

mkdir /usr/www/htdocs/www2

vim /usr/www/htdocs/www2/index.html

hello nginx www2

mkdir /var/log/nginx

重啓服務即可

service nginx restart

爲狀態信息輸出提供用戶名nguser和密碼nguser

【注意nginx自身是沒有可以提供用戶和加密密碼的工具的,

所以這裏我們借用httpd的命令所以要事先安裝好httpd呵

用完後可以將其卸載】

mkdir /etc/nginx/user

htpasswd -c -m /etc/nginx/user nguser（輸入此條命令後會讓用戶鍵入密碼）

iptables -t filter -A OUTPUT -s 172.16.16.1 -p tcp --sport 8080 -m state --state ESTABLISHED -j ACCEPT

iptables -t filter -A INPUT -d 172.16.16.1 -p tcp --dport 8080 -m state --state NEW,ESTABLISHED -j ACCEPT

iptables-save > /etc/sysconfig/iptables

1)通過8080端口提供服務；爲nginx提供sysv服務控制腳本；

2)提供兩個基於名稱的虛擬主機(都通過8080端口提供服務)：

(a)www1.magedu.com:8080，頁面文件目錄爲/www/htdocs/www1；錯誤日誌爲/var/log/nginx/www1.err，訪問日誌爲/var/log/nginx/www1.access；

(b)www2.magedu.com:8080，頁面文件目錄爲/www/htdocs/www2；錯誤日誌爲/var/log/nginx/www2.err，訪問日誌爲/var/log/nginx/www2.access；

3)www2主機僅允許172.16.0.0/16網絡中的主機訪問；

4)通過www1.magedu.com:8080/server-status輸出nginx工作狀態相關信息，且只允許提供帳號密碼才能訪問(status:status)；

5)本機的8080端口僅允許已經建立的連接請求出站，僅允許新請求和已建立連接的請求入站；

4、爲第2題中的第2個虛擬主機提供https服務，使得用戶可以通過https安全的訪問此web站點；

(1)要求使用證書認證，證書中要求使用的國家(CN)、州(Henan)、城市(Zhengzhou)和組織(MageEdu)；

(2)設置部門爲TECH，主機名爲www2.magedu.com，郵件爲[email protected]；

(3)此服務禁止來自於192.168.1.0/24網絡中的主機訪問；

vim /etc/pki/tls/openssl.conf

[ req_distinguished_name ]

countryName = Country Name (2 letter code)

countryName_default = CN

countryName_min = 2

countryName_max = 2

stateOrProvinceName = State or Province Name (full name)

stateOrProvinceName_default = Henan

localityName = Locality Name (eg, city)

localityName_default = Zhengzhou

0.organizationName = Organization Name (eg, company)

0.organizationName_default = MageEdu

organizationalUnitName_default = TECH

[注意：在填寫common_name這項時給誰頒發證書填寫誰]

給CA頒發的時候填寫local.magedu.com

給httpd頒發的時候填寫www2.magedu.com

cd /etc/pki/CA

(umask 077;openssl genrsa 2048 > private/cakey.pem)

openssl req -new -x509 -days 3650 -key private/cakey.pem -out cacert.pem

mkdir certs newcerts crl

touch index.txt

echo 01 > serial

mkdir ssl

cd /etc/httpd/ssl

(umask 077; openssl genrsa 1024 > httpd.key)

openssl req -new -key httpd.key -out httpd.csr

openssl ca -in httpd.csr -out httpd.crt -days 365

編輯主配置文件/etc/httpd/httpd.com啓用以下兩行

Include /etc/httpd/extra/httpd-ssl.conf

LoadModule ssl_module modules/mod_ssl.so

編輯輔助配置文件/etc/httpd/extra/httpd-ssl.conf修改如下幾行

DocumentRoot "/web/vhosts/www2"

ServerName www2.magedu.com:443

ServerAdmin [email protected]

ErrorLog "/var/log/httpd/www2.err"

TransferLog "/var/log/httpd/www2.access"

SSLCertificateFile "/etc/httpd/ssl/httpd.crt"

SSLCertificateKeyFile "/etc/httpd/ssl/httpd.key"

iptables -t filter -A INPUT -s 192.168.1.0/24 -p tcp --dport 443 -j DROP

iptables-save > /etc/sysconfig/iptables

5、爲第2題中的第1個虛擬主機提供php+mysql的功能，要求：

(1)通過在原有主頁中添加phpinfo()測試頁表明啓用php成功；

(2)將mysql的root用戶密碼設置爲"123456"(引號中的內容);

(3)通過http://www1.magedu.com/pma提供本機mysql服務的web管理接口phpMyAdmin；

(4)本機上的mysql服務僅允許來自本地的請求通過；

tar xf mysql-5.5.28-linux2.6-i686.tar.gz -C /usr/local

cd /usr/local/

ln -sv mysql-5.5.28-linux2.6-i686 mysql

cd mysql

chown -R root:mysql .

scripts/mysql_install_db --user=mysql --datadir=/mydata/data

cd /usr/local/mysql

cp support-files/my-large.cnf /etc/my.cnf

修改配置文件 /etc/my.cnf

thread_concurrency= 2

datadir = /mydata/data

cd /usr/local/mysql

cp support-files/mysql.server /etc/rc.d/init.d/mysqld

chmod +x /etc/rc.d/init.d/mysqld

chkconfig --add mysqld

chkconfig mysqld on

ln -sv /usr/local/mysql/include /usr/include/mysql

echo '/usr/local/mysql/lib' > /etc/ld.so.conf.d/mysql.conf

ldconfig -v

echo "export PATH=$PATH:/usr/local/mysql/bin" > /etc/profile.d/mysql.sh

source /etc/profile.d/mysql.sh

lftp 172.16.0.1:/pub/Sources/new_lamp

php-5.4.8.tar.bz2

ftp://pub/Sources/nginx

cd /root(我是在root目錄下調用的)

rpm -ivh libmcrypt-2.5.7-5.el5.i386.rpm

rpm -ivh libmcrypt-devel-2.5.7-5.el5.i386.rpm

rpm -ivh mhash-0.9.2-6.el5.i386.rpm

rpm -ivh mhash-devel-0.9.2-6.el5.i386.rpm

rpm -ivh mcrypt-2.6.8-1.el5.i386.rpm

tar xf php-5.4.8.tar.bz2

cd php-5.4.8

./configure --prefix=/usr/local/php --with-mysql=/usr/local/mysql --with-openssl --with-mysqli=/usr/local/mysql/bin/mysql_config --enable-mbstring --with-freetype-dir --with-jpeg-dir --with-png-dir --with-zlib --with-libxml-dir=/usr --enable-xml --enable-sockets --with-apxs2=/usr/local/apache/bin/apxs --with-mcrypt --with-config-file-path=/etc --with-config-file-scan-dir=/etc/php.d --with-bz2

make && make install

cp php.ini-production /etc/php.ini

編輯文件/etc/httpd/httpd.conf，添加以下內容

DirectoryIndex index.php index.html（這條內容是原來就有的只需要加index.php）

AddType application/x-httpd-php .php

AddType application/x-httpd-php-source .phps

cd /web/vhosts/www1

vim index.php

<?php

phpinfo();

lftp 172.16.0.1:/pub/Sources/new_lamp>

phpMyAdmin-3.5.1-all-languages.tar.bz2

mkdir /web/vhosts/www1/pma

cd /web/vhosts/www1/pma

tar xf /root/phpMyAdmin-3.5.1-all-languages.tar.bz2

mv phpMyAdmin-3.5.1-all-languages/* ./

mysql

create database mydb;

grant all on mydb.* to root@'localhost' identified by '123456';

flush privileges;

九期馬哥教育測試題（1-5）

DNS子域授權過程

防火牆

我的友情鏈接

郵件服務器

view及acl在DNS中的應用

Mac下配置sublime實現LaTeX

https://yachay.unat.edu.pe/blog/index.php?comment_area=format_blog&comment_component=blog&comment_co

linux以太網驅動總結