ce18

兩臺電腦都要進行的操作

禁止訪問域
yum install iptables-services

systemctl stop firewalld
     disable
    mask
systemctl start iptables
     enable
iptables  -F 
    -A  INPUT -s  192.168.1.0/24  -j  REJECT
service iptables  save

自定義命令  兩臺都要作
vim /etc/bashrc
alias qstat=''
即可  qstat

或者 echo "alias qstat='/bin/ps -Ao pid,tt,user,fname,rsz'" >> /etc/bashrc
source /etc/bashrc 
保存

80

yum install httpd
start enbable  httpd
iptables -t nat -nL查詢nat表
端口轉換
進來時候路由前
iptables -t nat -A  PREROUTING -s 172.25.0.0/24 -p tcp --dport 5423 -j DNAT --to-dest :80
把5423轉換到80端口
service iptables save 
systemctl restart iptables 重啓測試一下

鏈路劇荷
自己添加兩塊網卡（共計三個）  如果沒有網卡的話
兩臺都要作
nmcli connection add con-name  team0  type team  config '{"runner":{"name":"activebackup"}}' ip4 172.16.0.75/24 

nmcli connection add ifname eth2 con-name eth2 type team-slave  master team0

更改ipv6  
如果不能改  將 IPV6INIT=yes
nmcli connection modify eth0 ipv6.addresses ..../64
nmcli connection modify eth0 ipv6.method  maunal 
nmcli connection  up 'System eth0'
兩個主機都要農

配置郵件服務  默認端口25

vim /etc/postfix/main.cf

75行   myhostname = desktop1.example.com   發送者

      mydomain = example.com

      myorigin = $mydomain     郵件結尾 看考試要求 要域名還是主機名結尾

317   relayhost = classroom.example.com  接受者  

systemctl enable   restart postfix.service 

測試   mail  hal   .結束
 http://classroom.exaple.com/exam_mail/halx_html

配置samba  
server

yum install  samba  samba-client  samba-common -y
start enable  smb  nmb 
mkdir /groupdir
semanage fcontext -a -t samba_share_t '/groupdir(/.*)?'
restorecon -RvvF  /groupdir
useradd -s /sbin/nologin/ barney
smbpasswd -a barney

vim /etc/samba/smb.conf
workgroup = STAFF
[common]
path=/groupdir
browseable =yes
host allow = 172.25.1.

systemctl restart smb nmb

客戶
yum install -y smb-client
smbclient -L //172.25.1.11 -U barney
 
smbclient  //172.25.1.11/common -U barney

多用戶掛載 
server  
mkdir /data 
semanage fcontext -a -t samba_share_t '/data(/.*)?'
restorecon -RvvF /data
useradd -s /sbin/nologin  manager
useradd -s /sbin/nologin wolferyne
smbpasswd -a manager
smbpasswd -a wolferyne

vim /etc/smb/smb.conf

[data]
path=/data
writeable =yes
host allow = 172.25.1.
write list = wolferyne

chmod o+w /data/
systemctl restart smb.service
測試下權限o+w
mount -o username=wolferne,password=westos //172.25.1.11/data  /mnt
mkdir /mnt/1
mount -o username=manager,password=westos //172.25.1.11/data  /mnt
mkdir /mnt/2    發現不幸

客戶
yum install cifs-utils -y

vim /root/smbpass

vim /etc/fstab
//172.25.1.11/data  /mnt/westos cifs defaults,credentials=/root/smbpass,sec=ntlmssp,multiuser  0  0 

cifscreds add -u wolferyne 172.25.1.11

server

mkdir /public
mkdir -p /protected/restricted
chown ldapuser1 /protected/restricted
vim /etc/export

exportfs -rv

showmount -e 172.25.10.11

wget http://...server10.keytab  -O /etc/krb5.keytab

驗票
ktutil  回車  rkt/etc/krb5.keytab

systemctl start enable nfs-server.service  nfs-secure-server.service   查看上面的key的服務

desktop
systemctl start enable nfs-secure  沒有-server
mkdir /mnt/nfsmount
mkdir /mnt/nfssecure
wget http:  -O /etc/krb5p.keytab
vim fstab
172.25.0.11:/public /mnt/nfsmount nfs defaluts 0 0
172.25.0.11:/protected /mnt/nfssecure nfs,sec=krb5p defaluts 0 0
mount -a 
df -h
ssh ldapuser1@localhost   
kerbers
cd /mnt/nfssecure/restricted  

web服務器

server
start enable httpd
cd /var/www/html
wget ..  -O /var/www/html/index.html
然後desktop 訪問   
vim /etc/hosts   172.25.10.11  server10.example.com www10.example.com   transitive.example.com
http://server10.example.com

server繼續  
cd /etc/httpd/ 
wget  http://....ctr key crt
yum install mod_ssl -y 
vim conf.d/ssl.conf
100  /etc/httpd/westos.crt
107  /etc/httpd/westos.key
122  /etc/httpd/...ca.crt
            
mkdir /var/www/virtual -p  cd 
wget  -O  index.html
setfacl  
vim conf.d/a_default.conf
<VirtualHost _default_:80>
    DocumentRoot /var/www/html
</VirtualHost>
<Directory "/var/www/html">
    Order Allow,Deny
    Allow from All
    Deny from 192.168.0.0/24
</Directory>
host -l my133t.org 假設 192.168.0.0

restart httpd
yum install mod_wsgi
wget script.wsgi  /etc/
vim vhost.conf
<ViltualHost *:80>
    ServerName www10.example.com
    DocumentRoot /var/www/virtual
</>
<Directory "/var/www/virtual">
    Require all granted
</>
<ViltualHost *:8989>
    ServerName transitive.example.com
    WSGIScriptAlias / /var/www/cgi-bin/script.wsgi
</ViltualHost>
Listen 8989
semanage port -a -t http_port_t -p tcp 8989

restart httpd

vim /root/scripts.sh
#!/bin/bash
case $1 in
    all)
    echo none            輸入all時
    ;;
    none)
    echo all        輸入none時
    ;;
    *)            輸入其他時
    echo "..."
esac

iscsi

fdisk /dev/vdb
partprobe
pvcreate /dev/vdb1
vgcreate vg_exam /dev/vdb1
vgs 查看到767個塊
lvcreate -l 767 -n iscsi_data  vg_exam

/back/b  craete iscsi_data /dev/vg_/iscsi
iscsi/ create iqn.2014-1.com.example:server10
iscsi/iqn.../tpg1/luns create /ba/blo/iscsi
.../acls  create  (直接複製desktop下的/etc/iscsi/initial的key)
is/portals  create 172.25.10.11
saveconfig
exit

desktop下
iscsiadm -m discovery -t st -p 172.25.10.11
iscsiadm -m node -T iqn...  -p 172.25.10.11 -l
systemctl enable iscsi  iscsid
mkdir /mnt/data
fdisk -l  
fdisk /dev/sda
partprobe
mkfs.xfs /dev/sda1
blkid /dev/sda1 複製uuid
vim /etc/fstab
UUID="uuid"  /mnt/data  xfs defaults,_netdev 0 0
第一次關機需要強行關閉

server
yum install  mariadb-server -y
start enable mariadb
mysql_secure_installation
westos

mysql -uroot -pwestos
create database  Contacts;
show databases;
quit

wget http:.../users.mdb
mysql -uroot -pwestos Contacts < users.mdb
mysql -uroot -pwestos
USE Contacts;
SHOW TALBES;
CREATE USER  Luigi@localhost identified by 'westos';
GRANT SELECT ON Contacts.* TO Luigi@localhost;
mysql -uLuigi -pwestos
SHOW DATABASES;
USE Contacts;
SHOW TABLES;
select * from product;

mysql -uLuigi -pwestos
USE Contacts;
DESC User_logins;
select * from User_logins where User_pass='forsook';
發現id  4178
desc User_username;
select * from User_name where user_ip='4178'
名字first name  姓名 last name
考試居住時候是152