####################空殼郵件####################
[root@maillinux ~]# vim /etc/named.rfc1912.zones
-----------------------------------------------
37 zone "westos.org" IN {
38 type master;
39 file "westos.org.zone";
40 allow-update { none; };
41 };
42
:wq
-----------------------------------------------
[root@maillinux ~]# cd /var/named
[root@maillinux named]# cp -p westos.com.zone westos.org.zone
##一定要加"-p"參數
[root@maillinux named]# vim westos.org.zone
-----------------------------------------------
1 $TTL 1D
2 @ IN SOA dns.westos.org. root.westos.org. (
3 0 ; serial
4 1D ; refresh
5 1H ; retry
6 1W ; expire
7 3H ) ; minimum
8 NS dns.westos.org.
9 dns A 172.25.50.100
10 westos.org. MX 1 172.25.50.100.
:wq
-----------------------------------------------
[root@maillinux named]# dig -t mx westos.org |grep MX
;westos.org. IN MX
westos.org. 86400 IN MX 1 172.25.50.100.
[root@maillinux named]# rm -fr /etc/postfix/main.cf
[root@maillinux named]# yum reinstall postfix -y
......
[root@maillinux named]# systemctl restart postfix.service
[root@maillinux named]# vim /etc/postfix/main.cf
-----------------------------------------------
75 myhostname = maillinux.linux.com
83 mydomain = linux.com
98 myorigin = westos.org
113 inet_interfaces = all
116 #inet_interfaces = localhost
140 local_transport = error:local delivery disabled ##不允許本地投遞
164 mydestination = ##不接收任何郵件
313 relayhost = 172.25.50.200 ##指定真實的郵件服務器IP地址
:wq
-----------------------------------------------
[root@maillinux named]# systemctl restart postfix.service
[root@mailwestos ~]# vim /etc/postfix/main.cf
-----------------------------------------------
264 mynetworks = 172.25.50.0/24
:wq
-----------------------------------------------
[root@mailwestos ~]# systemctl restart postfix.service
[root@mailwestos ~]# cd /home/vmail/
[root@mailwestos vmail]# ls
mail westos.org
[root@mailwestos vmail]# rm -fr *
[root@mailwestos vmail]# ls
[root@maillinux named]# mail [email protected]
Subject: test
test
test
.
EOT
[root@maillinux named]# mailq
Mail queue is empty
[root@mailwestos vmail]# ls
westos.org
[root@mailwestos vmail]# cd westos.org/
[root@mailwestos westos.org]# ls
admin
[root@mailwestos westos.org]# cd admin/
[root@mailwestos admin]# ls
cur new tmp
#####################
##### Apache #####
#####################
Apche提供httpd協議
--網站主流架構--
lamp=linux apache mysql php
lnmp=linux nginx mysql php
以上都是開源軟件,所以成爲主流
--網站開發語言--
靜態:html
動態:php cgi jsp asp
--中間件(翻譯語言)--
tomcat jboss 等等
squid代理軟件
反向代理,也就是通常所說的Web服務器加速
通過在Internet上增加一個高速的Web緩衝服務器(即:Web反向代理服務器),來降低實際的Web服務器的負載。
go語言
nmap著名的***軟件
index.html裏寫的是html語句
互聯網最牛逼的職業是做***,找漏洞,需要強大硬件支持,費用以每小時6位數計算
外國成人網站是最牛逼的網站,訪問量巨大
打開firefox,進入qq郵箱登陸界面
https://mail.qq.com/cgi-bin/loginpage
發現使用的是https協議,並且在網址前面有一個"鎖"型圖標
點擊"鎖"-->More Information-->Security-->View Certificate
可以顯示證書信息,比如:
Common Name (CN) mail.qq.com
Organizetion (O) Shenzhen Tencent Computer Systems Company Limited
Organizetional Unit (OU) R&D
####################1.curl和nmap的簡單用法####################
[root@foundation50 ~]# man curl
-----------------------------------------------
-I, --head
(HTTP/FTP/FILE) Fetch the HTTP-header only! HTTP-servers feature
the command HEAD which this uses to get nothing but the header
of a document. When used on an FTP or FILE file, curl displays
the file size and last modification time only.
-----------------------------------------------
[root@foundation50 ~]# curl -I www.qq.com
HTTP/1.1 200 OK
Server: squid/3.5.20 ##squid提供代理服務,這裏用的是反向代理
Date: Thu, 08 Dec 2016 07:54:31 GMT
Content-Type: text/html; charset=GB2312
Connection: keep-alive
Vary: Accept-Encoding
Vary: Accept-Encoding
Expires: Thu, 08 Dec 2016 07:55:31 GMT
Cache-Control: max-age=60
Vary: Accept-Encoding
Vary: Accept-Encoding
X-Cache: HIT from xian.qq.com ##實際訪問的是在西安的一臺反向代理服務器
[root@localhost ~]# hostnamectl set-hostname web1.westos.com
[root@localhost ~]# reboot
等待重啓
[root@web1 ~]# yum install httpd -y
......
[root@web1 ~]# cd /var/www/html/
[root@web1 html]# ls
[root@web1 html]# vim index.html
-----------------------------------------------
1 web1.westos.com
2 123
:wq
-----------------------------------------------
[root@web1 html]# systemctl start httpd
[root@web1 html]# systemctl enable httpd
ln -s '/usr/lib/systemd/system/httpd.service' '/etc/systemd/system/multi-user.target.wants/httpd.service'
[root@web1 ~]# firewall-cmd --permanent --add-service=http
success
[root@web1 ~]# firewall-cmd --permanent --add-service=https
success
[root@web1 ~]# firewall-cmd --reload
success
[root@web1 ~]# netstat -antlpe |grep httpd
tcp6 0 0 :::80 :::* LISTEN 0 78225 4642/httpd
[root@foundation50 ~]# firefox &
>測試:http://172.25.50.100
>顯示:web1.westos.com 123
[root@foundation50 ~]# curl -I 172.25.50.100
HTTP/1.1 200 OK
Date: Thu, 08 Dec 2016 08:52:59 GMT
Server: Apache/2.4.6 (Red Hat)
Last-Modified: Thu, 08 Dec 2016 08:31:59 GMT
ETag: "14-54321789b792c"
Accept-Ranges: bytes
Content-Length: 20
Content-Type: text/html; charset=UTF-8
[root@foundation50 ~]# yum install nmap -y
......
[root@foundation50 ~]# man nmap
-----------------------------------------------
-A (Aggressive scan options) .
This option enables additional advanced and aggressive options. I
haven't decided exactly which it stands for yet. Presently this
enables OS detection (-O), version scanning (-sV), script scanning
(-sC) and traceroute (--traceroute).. More features may be added
in the future. The point is to enable a comprehensive set of scan
options without people having to remember a large set of flags.
However, because script scanning with the default set is considered
intrusive, you should not use -A against target networks without
permission. This option only enables features, and not timing
options (such as -T4) or verbosity options (-v) that you might want
as well.
-----------------------------------------------
[root@foundation50 ~]# nmap -A 172.25.50.100
Starting Nmap 6.40 ( http://nmap.org ) at 2016-12-08 16:54 CST
Nmap scan report for 172.25.50.100
Host is up (0.00024s latency).
Not shown: 997 filtered ports
PORT STATE SERVICE VERSION
22/tcp open ssh OpenSSH 6.4 (protocol 2.0)
| ssh-hostkey: 2048 e9:c5:3f:b0:6c:ab:f7:60:a3:05:9f:d5:8d:66:42:53 (RSA)
|_256 eb:24:0e:07:96:26:b1:04:c2:37:0c:78:2d:bc:b0:08 (ECDSA)
80/tcp open http Apache httpd 2.4.6 ((Red Hat))
| http-methods: Potentially risky methods: TRACE
|_See http://nmap.org/nsedoc/scripts/http-methods.html
|_http-title: Site doesn't have a title (text/html; charset=UTF-8).
443/tcp closed https
MAC Address: 52:54:00:00:32:0A (QEMU Virtual NIC)
Device type: general purpose
Running: Linux 3.X
OS CPE: cpe:/o:linux:linux_kernel:3
OS details: Linux 3.0 - 3.9
Network Distance: 1 hop
TRACEROUTE
HOP RTT ADDRESS
1 0.24 ms 172.25.50.100
OS and Service detection performed. Please report any incorrect results at http://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 26.44 seconds
####################2.Index優先級####################
[root@web1 html]# ls
index.html
>測試:http://172.25.50.100
>顯示:web1.westos.com 123
[root@web1 html]# echo hello world >file
>測試:http://172.25.50.100/file
>顯示:hello world
[root@web1 html]# rpm -qc httpd
/etc/httpd/conf.d/autoindex.conf
/etc/httpd/conf.d/userdir.conf
/etc/httpd/conf.d/welcome.conf
/etc/httpd/conf.modules.d/00-base.conf
/etc/httpd/conf.modules.d/00-dav.conf
/etc/httpd/conf.modules.d/00-lua.conf
/etc/httpd/conf.modules.d/00-mpm.conf
/etc/httpd/conf.modules.d/00-proxy.conf
/etc/httpd/conf.modules.d/00-systemd.conf
/etc/httpd/conf.modules.d/01-cgi.conf
/etc/httpd/conf/httpd.conf
/etc/httpd/conf/magic
/etc/logrotate.d/httpd
/etc/sysconfig/htcacheclean
/etc/sysconfig/httpd
[root@web1 html]# vim /etc/httpd/conf/httpd.conf
-----------------------------------------------
164 DirectoryIndex file index.html
:wq
-----------------------------------------------
[root@web1 html]# systemctl reload httpd ##"reload"重新加載速度更快
>測試:http://172.25.50.100
>顯示:web1.westos.com 123
--> Ctrl+Shift+Delete --> Clear Now(清空緩存)
>顯示:hello world
[root@web1 html]# rm -fr file
>測試:http://172.25.50.100
>顯示:web1.westos.com 123
[root@web1 html]# rm -fr index.html
>測試:http://172.25.50.100
>顯示:web1.westos.com 123
--> Ctrl+Shift+Delete --> Clear Now(清空緩存)
>顯示:apache測試頁
####################3.Apache http手冊####################
[root@web1 html]# man 5 httpd.conf
No manual entry for httpd.conf in section 5 ##沒有man解釋
[root@web1 html]# yum install httpd-manual -y ##安裝Apache http手冊
......
[root@web1 html]# systemctl restart httpd
>測試:http://172.25.50.100/manual
>顯示:Apache http英文手冊
>如果想看中文版手冊,可以百度"apache中文手冊"
####################4.更改訪問目錄####################
[root@web1 html]# getenforce
Enforcing
[root@web1 html]# ls -Zd
drwxr-xr-x. root root system_u:object_r:httpd_sys_content_t:s0 .
[root@web1 html]# mkdir -p /www/westos
[root@web1 html]# semanage fcontext -a -t httpd_sys_content_t '/www/westos(/.*)?'
[root@web1 html]# restorecon -RvvF /www/
restorecon reset /www context unconfined_u:object_r:default_t:s0->system_u:object_r:default_t:s0
restorecon reset /www/westos context unconfined_u:object_r:default_t:s0->system_u:object_r:httpd_sys_content_t:s0
[root@web1 html]# cd /www/westos/
[root@web1 westos]# ls
[root@web1 westos]# vim index.html
-----------------------------------------------
1 /www/westos’s page
:wq
-----------------------------------------------
[root@web1 westos]# ls -Z
-rw-r--r--. root root unconfined_u:object_r:httpd_sys_content_t:s0 index.html
[root@web1 westos]# vim /etc/httpd/conf/httpd.conf
-----------------------------------------------
119 #DocumentRoot "/var/www/html"
120 DocumentRoot "/www/westos"
121 <Directory "/www/westos">
122 Require all granted
123 </Directory>
:wq
-----------------------------------------------
[root@web1 westos]# systemctl reload httpd
>測試:http://172.25.50.100
>顯示:/www/westos's page
####################5.更改端口號####################
[root@web1 westos]# vim /etc/httpd/conf/httpd.conf
-----------------------------------------------
42 Listen 8080 ##8080默認是tomcat的端口
:wq
-----------------------------------------------
[root@web1 westos]# systemctl reload httpd
>測試:http://172.25.50.100:8080
>顯示:Unable to connect
[root@web1 westos]# systemctl stop firewalld.service
>測試:http://172.25.50.100:8080
>顯示:/www/westos's page
[root@web1 westos]# vim /etc/httpd/conf/httpd.conf
-----------------------------------------------
42 Listen 80
:wq
-----------------------------------------------
[root@web1 westos]# systemctl reload httpd
[root@web1 westos]# systemctl start firewalld.service
>測試:http://172.25.50.100
>顯示:/www/westos's page
####################6.訪問ip限制####################
[root@web1 westos]# vim /etc/httpd/conf/httpd.conf
-----------------------------------------------
121 <Directory "/www/westos">
122 Require all granted
123 Order Allow,Deny
124 Allow from all
125 Deny from 172.25.50.200
126 </Directory>
:wq
-----------------------------------------------
[root@web1 westos]# systemctl reload httpd
>測試:http://172.25.50.100
>使用172.25.50.200訪問,顯示:apache測試頁
>使用172.25.50.250訪問,顯示:/www/westos's page
[root@web1 westos]# vim /etc/httpd/conf/httpd.conf
-----------------------------------------------
121 <Directory "/www/westos">
122 Require all granted
123 Order Deny,Allow
124 Allow from 172.25.50.200
125 Deny from all
126 </Directory>
:wq
-----------------------------------------------
[root@web1 westos]# systemctl reload httpd
>測試:http://172.25.50.100
>使用172.25.50.200訪問,顯示:/www/westos's page(需清空緩存:ctrl+shift+delete)
>使用172.25.50.250訪問,顯示:apache測試頁
[root@web1 westos]# vim /etc/httpd/conf/httpd.conf
-----------------------------------------------
120 DocumentRoot "/www/westos"
121 <Directory "/www/westos">
122 Require all granted
123 Order Deny,Allow
124 Allow from 172.25.50.0/24
125 Deny from all
126 </Directory>
:wq
-----------------------------------------------
[root@web1 westos]# systemctl reload httpd
>測試:http://172.25.50.100
>使用172.25.50.200訪問,顯示:/www/westos's page
>使用172.25.50.250訪問,顯示:/www/westos's page
####################7.使用密碼訪問####################
[root@web1 westos]# cd /etc/httpd/
[root@web1 httpd]# ls
conf conf.d conf.modules.d logs modules run
[root@web1 httpd]# htpasswd -cm htpasswdfile admin
New password: admin
Re-type new password: admin
Adding password for user admin
[root@web1 httpd]# cat htpasswdfile
admin:$apr1$YzFmtshu$Ltrnu4IazFD9bIvt451Ka0
[root@web1 httpd]# man htpasswd
-----------------------------------------------
-c Create the passwdfile. If passwdfile already exists, it is
rewritten and truncated. This option cannot be combined with the
-n option.
-----------------------------------------------
/所以創建第二個認證用戶,不能帶參數"c"。否則會覆蓋掉之前的認證用戶
[root@web1 httpd]# htpasswd -m htpasswdfile westos
New password: westos
Re-type new password: westos
Adding password for user westos
[root@web1 httpd]# cat htpasswdfile
admin:$apr1$YzFmtshu$Ltrnu4IazFD9bIvt451Ka0
westos:$apr1$q37ttTZO$U3V3Tj5WH.WPmjxogH6cj1
[root@web1 httpd]# vim /etc/httpd/conf/httpd.conf
-----------------------------------------------
121 <Directory "/www/westos">
122 #Require all granted
123 Authuserfile /etc/httpd/htpasswdfile
124 Authname "Please input username and password"
125 Authtype basic
126 Require user admin
127 </Directory>
:wq
-----------------------------------------------
[root@web1 httpd]# systemctl reload httpd
>測試:http://172.25.50.100(需清空緩存:ctrl+shift+delete)
>使用admin/admin驗證成功
>使用westos/westos驗證失敗
[root@web1 httpd]# vim /etc/httpd/conf/httpd.conf
-----------------------------------------------
120 DocumentRoot "/www/westos"
121 <Directory "/www/westos">
122 #Require all granted
123 Authuserfile /etc/httpd/htpasswdfile
124 Authname "Please input username and password"
125 Authtype basic
126 Require valid-user
127 </Directory>
:wq
-----------------------------------------------
[root@web1 httpd]# systemctl reload httpd
>測試:http://172.25.50.100(需清空緩存:ctrl+shift+delete)
>使用admin/admin驗證成功
>使用westos/westos驗證成功
####################8.Apache虛擬主機####################
[root@web1 httpd]# vim /etc/httpd/conf/httpd.conf
-----------------------------------------------
/刪除
120 DocumentRoot "/www/westos"
121 <Directory "/www/westos">
122 #Require all granted
123 Authuserfile /etc/httpd/htpasswdfile
124 Authname "Please input username and password"
125 Authtype basic
126 Require valid-user
127 </Directory>
/修改
119 DocumentRoot "/var/www/html"
:wq
-----------------------------------------------
/即恢復之前的配置
[root@web1 httpd]# systemctl reload httpd
[root@web1 httpd]# cd /var/www/html/
[root@web1 html]# ls
[root@web1 html]# echo www.westos.com > index.html
>測試:http://172.25.50.100
>顯示:www.westos.com
[root@web1 html]# mkdir -p /var/www/virtual/music.westos.com/html
[root@web1 html]# mkdir -p /var/www/virtual/news.westos.com/html
[root@web1 html]# cd /var/www/virtual/music.westos.com/html
[root@web1 html]# echo music.westos.com > index.html
[root@web1 html]# cd /var/www/virtual/news.westos.com/html
[root@web1 html]# echo news.westos.com > index.html
[root@web1 html]# cd /etc/httpd/conf.d/
[root@web1 conf.d]# ls
autoindex.conf manual.conf README userdir.conf welcome.conf
[root@web1 conf.d]# vim default.conf
-----------------------------------------------
1 <Virtualhost _default_:80>
2 Documentroot /var/www/html
3 Customlog "logs/default.log" combined ##combined表示日誌級別是全部
4 </Virtualhost>
5 <Directory "/var/www/html">
6 Require all granted
7 </Directory>
:wq
-----------------------------------------------
[root@web1 conf.d]# cp default.conf music.conf
[root@web1 conf.d]# vim music.conf
-----------------------------------------------
1 <Virtualhost *:80>
2 Servername music.westos.com
3 Documentroot /var/www/virtual/music.westos.com/html
4 Customlog "logs/music.log" combined
5 </Virtualhost>
6 <Directory "/var/www/virtual/music.westos.com/html">
7 Require all granted
8 </Directory>
:wq
-----------------------------------------------
[root@web1 conf.d]# cp music.conf news.conf
[root@web1 conf.d]# vim news.conf
-----------------------------------------------
1 <Virtualhost *:80>
2 Servername news.westos.com
3 Documentroot /var/www/virtual/news.westos.com/html
4 Customlog "logs/news.log" combined
5 </Virtualhost>
6 <Directory "/var/www/virtual/news.westos.com/html">
7 Require all granted
8 </Directory>
:%s/music/news/g
:wq
-----------------------------------------------
[root@web1 conf.d]# systemctl reload httpd
[root@web1 conf.d]# vim /etc/hosts
-----------------------------------------------
6 172.25.50.100 www.westos.com westos.com music.westos.com news.westos.com
:wq
-----------------------------------------------
[root@web1 conf.d]# firefox & ##更改了虛擬機的hosts解析,所以使用虛擬機的firefox測試
>測試:www.westos.com
>顯示:www.westos.com
>測試:music.westos.com
>顯示:music.westos.com
>測試:news.westos.com
>顯示:news.westos.com
####################9.配置HTTPS####################
客戶端加密,服務端解密
客戶拿證書加密,服務器拿key解密
[root@web1 conf.d]# netstat -antlpe | grep httpd
tcp6 0 0 :::80 :::* LISTEN 0 74013 7907/httpd
[root@web1 conf.d]# netstat -antlpe | grep 443
##沒有開啓https的443端口
[root@web1 conf.d]# ls
autoindex.conf manual.conf news.conf tmprequest welcome.conf
default.conf music.conf README userdir.conf
[root@web1 conf.d]# yum install mod_ssl -y
......
[root@web1 conf.d]# systemctl reload httpd
[root@web1 conf.d]# netstat -antlpe | grep 443
tcp6 0 0 :::443 :::* LISTEN 0 93273 7907/httpd
[root@web1 conf.d]# ls
autoindex.conf manual.conf news.conf ssl.conf userdir.conf
default.conf music.conf README tmprequest welcome.conf
##多了一個文件"ssl.conf"
>測試:https://172.25.50.100/
-->I Understand the Risks-->Add Exception-->Confirm Security Exception
>顯示:www.westos.com
>點擊"鎖"-->More Information-->Security-->View Certificate
>顯示證書信息如下:
Common Name (CN) web1.westos.com
Organizetion (O) SomeOrganization
Organizetional Unit (OU) SomeOrganizationalUnit
>刪除證書:
方法1.點擊"菜單欄"-->Preferences
-->Advanced-->Certificates-->View Certificates
-->Servers-->SomeOrganization-->web1.westos.com--Delete-->OK-->OK
方法2.ctrl+shift+delete,直接清空緩存
[root@web1 conf.d]# yum search crypto-utils |grep crypto-utils
========================== N/S matched: crypto-utils ===========================
crypto-utils.x86_64 : SSL certificate and key management utilities
[root@web1 conf.d]# yum install crypto-utils -y
......
[root@web1 conf.d]# ls /etc/pki/tls/certs/
ca-bundle.crt localhost.crt Makefile
ca-bundle.trust.crt make-dummy-cert renew-dummy-cert
[root@web1 conf.d]# genkey www.westos.com
----------------------------------------------------------------------------------
-->Next
-->1024(size越大,生成速度越慢)-->Next
-->晃晃鼠標,敲敲鍵盤纔會繼續。你懂得!
-->No
[ ] Encrypt the private key
-->Next
Country Name (ISO 2 letter code) CN
State or Province Name (full name) shannxi
Locality Name (e.g. city) xi'an
Organization Name (eg, company) westos
Organizational Unit Name (eg, section) linux
Common Name (fully qualified domain name) www.westos.com
-->Next
----------------------------------------------------------------------------------
/usr/bin/keyutil -c makecert -g 1024 -s "CN=www.westos.com, OU=linux, O=westos, L=xi'an, ST=shannxi, C=CN" -v 1 -a -z /etc/pki/tls/.rand.11364 -o /etc/pki/tls/certs/www.westos.com.crt -k /etc/pki/tls/private/www.westos.com.key
cmdstr: makecert
cmd_CreateNewCert
command: makecert
keysize = 1024 bits
subject = CN=www.westos.com, OU=linux, O=westos, L=xi'an, ST=shannxi, C=CN
valid for 1 months
random seed from /etc/pki/tls/.rand.11364
output will be written to /etc/pki/tls/certs/www.westos.com.crt
output key written to /etc/pki/tls/private/www.westos.com.key
Generating key. This may take a few moments...
Made a key
Opened tmprequest for writing
/usr/bin/keyutil Copying the cert pointer
Created a certificate
Wrote 882 bytes of encoded data to /etc/pki/tls/private/www.westos.com.key
Wrote the key to:
/etc/pki/tls/private/www.westos.com.key
[root@web1 conf.d]# ls /etc/pki/tls/certs/
ca-bundle.crt localhost.crt Makefile www.westos.com.crt
ca-bundle.trust.crt make-dummy-cert renew-dummy-cert
[root@web1 conf.d]# vim ssl.conf
-----------------------------------------------
100 SSLCertificateFile /etc/pki/tls/certs/www.westos.com.crt
107 SSLCertificateKeyFile /etc/pki/tls/private/www.westos.com.key
:wq
-----------------------------------------------
>測試:https://172.25.50.100/
-->I Understand the Risks-->Add Exception-->Confirm Security Exception
>顯示:www.westos.com
>點擊"鎖"-->More Information-->Security-->View Certificate
>顯示證書信息如下:
Common Name (CN) www.westos.com
Organizetion (O) westos
Organizetional Unit (OU) linux
>刪除證書:
步驟1.點擊"菜單欄"-->Preferences
-->Advanced-->Certificates-->View Certificates
-->Servers-->SomeOrganization-->web1.westos.com--Delete-->OK-->OK
步驟2.ctrl+shift+delete,清空緩存
Linux課程第二十二天學習筆記
發表評論
所有評論
還沒有人評論,想成為第一個評論的人麼? 請在上方評論欄輸入並且點擊發布.