此篇爲2018年國賽系列第二篇文章,至對於樣題B卷服務器部分實現,現將涉及到的技術分享給大家。如有不妥或需改善之處,請各位多多指教。
聯繫方式爲(VX:Yvresse_ai)
環境說明:
雲平臺:RG-JCOS 操作系統:Centos7
樣題B卷服務網絡Topo:
樣題B卷服務系統Topo:
A網卡信息及主機名:
[root@a ~]# ip add
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether fa:16:3e:d6:36:b5 brd ff:ff:ff:ff:ff:ff
inet 192.168.1.22/24 brd 192.168.1.255 scope global dynamic eth0
valid_lft 86269sec preferred_lft 86269sec
inet6 fe80::f816:3eff:fed6:36b5/64 scope link
valid_lft forever preferred_lft forever
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether fa:16:3e:29:84:4d brd ff:ff:ff:ff:ff:ff
inet 192.168.2.22/24 brd 192.168.2.255 scope global eth1
valid_lft forever preferred_lft forever
inet6 fe80::f816:3eff:fe29:844d/64 scope link
valid_lft forever preferred_lft forever
[root@a ~]# hostname
a
B網卡信息及主機名:
[root@b ~]# ip add
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether fa:16:3e:a8:82:98 brd ff:ff:ff:ff:ff:ff
inet 192.168.1.33/24 brd 192.168.1.255 scope global dynamic eth0
valid_lft 86357sec preferred_lft 86357sec
inet6 fe80::f816:3eff:fea8:8298/64 scope link
valid_lft forever preferred_lft forever
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether fa:16:3e:d0:75:2f brd ff:ff:ff:ff:ff:ff
inet 192.168.2.33/24 brd 192.168.2.255 scope global eth1
valid_lft forever preferred_lft forever
inet6 fe80::f816:3eff:fed0:752f/64 scope link
valid_lft forever preferred_lft forever
[root@b ~]# hostname
b
A創建軟RAID要求如下:
1:創建RAID5陣列使用兩塊雲硬盤,設備文件名爲md0
2:格式化爲XFS格式使用UUID實現自動掛載
配置本地YUM源:
1:創建本地掛載目錄及配置文件備份目錄
2:掛載鏡像,創建本地YUM源配置文件
3:測試本地YUM源
創建本地掛載目錄及備份文件目錄:
[root@a ~]# mkdir /mnt/cdrom
[root@a ~]# mkdir /opt/copy
鏡像掛載至本地掛載目錄:
[root@a ~]# mount /root/CentOS-7-x86_64-DVD-1511.iso /mnt/cdrom/
mount: /dev/loop0 寫保護,將以只讀方式掛載
備份YUM源文件及創建本地YUM源配置文件:
[root@a ~]# mv /etc/yum.repos.d/* /opt/copy/
[root@a ~]# vim /etc/yum.repos.d/dvd.repo
[dvd]
name=dvd
baseurl=file:///mnt/cdrom
測試:
[root@a ~]# yum repolist
已加載插件:fastestmirror
dvd | 3.6 kB 00:00:00
(1/2): dvd/group_gz | 155 kB 00:00:00
(2/2): dvd/primary_db | 2.8 MB 00:00:00
Determining fastest mirrors
源標識 源名稱 狀態
dvd dvd 3,723
repolist: 3,723
查看掛載的三塊雲硬盤:
[root@a ~]# fdisk -l
磁盤 /dev/vda:53.7 GB, 53687091200 字節,104857600 個扇區
Units = 扇區 of 1 * 512 = 512 bytes
扇區大小(邏輯/物理):512 字節 / 512 字節
I/O 大小(最小/最佳):512 字節 / 512 字節
磁盤標籤類型:dos
磁盤標識符:0x000b2200
設備 Boot Start End Blocks Id System
/dev/vda1 * 2048 1026047 512000 83 Linux
/dev/vda2 1026048 104857599 51915776 8e Linux LVM
磁盤 /dev/mapper/centos-root:47.7 GB, 47747956736 字節,93257728 個扇區
Units = 扇區 of 1 * 512 = 512 bytes
扇區大小(邏輯/物理):512 字節 / 512 字節
I/O 大小(最小/最佳):512 字節 / 512 字節
磁盤 /dev/mapper/centos-swap:5368 MB, 5368709120 字節,10485760 個扇區
Units = 扇區 of 1 * 512 = 512 bytes
扇區大小(邏輯/物理):512 字節 / 512 字節
I/O 大小(最小/最佳):512 字節 / 512 字節
磁盤 /dev/vdb:10.7 GB, 10737418240 字節,20971520 個扇區
Units = 扇區 of 1 * 512 = 512 bytes
扇區大小(邏輯/物理):512 字節 / 512 字節
I/O 大小(最小/最佳):512 字節 / 512 字節
磁盤 /dev/vdc:10.7 GB, 10737418240 字節,20971520 個扇區
Units = 扇區 of 1 * 512 = 512 bytes
扇區大小(邏輯/物理):512 字節 / 512 字節
I/O 大小(最小/最佳):512 字節 / 512 字節
磁盤 /dev/vdd:10.7 GB, 10737418240 字節,20971520 個扇區
Units = 扇區 of 1 * 512 = 512 bytes
扇區大小(邏輯/物理):512 字節 / 512 字節
I/O 大小(最小/最佳):512 字節 / 512 字節
下載安裝mdadm:
[root@a ~]# yum install mdadm* -y >/dev/null
按照題目要求三塊雲硬盤,兩塊做RAID5還有一塊沒要求姑且認爲是熱備吧
RAID5最少是需要三塊的,但題目要求兩塊盤做,所以我只好取其中一塊盤做兩個分區,然後合成RAID5(此處我也是不太理解爲何要求兩塊盤,有清楚的小夥伴可以聯繫我)
將其中一塊磁盤分區:
[root@a ~]# fdisk /dev/vdb
歡迎使用 fdisk (util-linux 2.23.2)。
更改將停留在內存中,直到您決定將更改寫入磁盤。
使用寫入命令前請三思。
Device does not contain a recognized partition table
使用磁盤標識符 0xcce723fe 創建新的 DOS 磁盤標籤。
命令(輸入 m 獲取幫助):m
命令操作
a toggle a bootable flag
b edit bsd disklabel
c toggle the dos compatibility flag
d delete a partition
g create a new empty GPT partition table
G create an IRIX (SGI) partition table
l list known partition types
m print this menu
n add a new partition
o create a new empty DOS partition table
p print the partition table
q quit without saving changes
s create a new empty Sun disklabel
t change a partition's system id
u change display/entry units
v verify the partition table
w write table to disk and exit
x extra functionality (experts only)
命令(輸入 m 獲取幫助):n
Partition type:
p primary (0 primary, 0 extended, 4 free)
e extended
Select (default p): p
分區號 (1-4,默認 1):1
起始 扇區 (2048-20971519,默認爲 2048):+5G
Last 扇區, +扇區 or +size{K,M,G} (10485760-20971519,默認爲 20971519):
將使用默認值 20971519
分區 1 已設置爲 Linux 類型,大小設爲 5 GiB
命令(輸入 m 獲取幫助):w
The partition table has been altered!
Calling ioctl() to re-read partition table.
正在同步磁盤。
[root@a ~]# fdisk /dev/vdb
歡迎使用 fdisk (util-linux 2.23.2)。
更改將停留在內存中,直到您決定將更改寫入磁盤。
使用寫入命令前請三思。
命令(輸入 m 獲取幫助):m
命令操作
a toggle a bootable flag
b edit bsd disklabel
c toggle the dos compatibility flag
d delete a partition
g create a new empty GPT partition table
G create an IRIX (SGI) partition table
l list known partition types
m print this menu
n add a new partition
o create a new empty DOS partition table
p print the partition table
q quit without saving changes
s create a new empty Sun disklabel
t change a partition's system id
u change display/entry units
v verify the partition table
w write table to disk and exit
x extra functionality (experts only)
命令(輸入 m 獲取幫助):n
Partition type:
p primary (1 primary, 0 extended, 3 free)
e extended
Select (default p): p
分區號 (2-4,默認 2):2
起始 扇區 (2048-20971519,默認爲 2048):
將使用默認值 2048
Last 扇區, +扇區 or +size{K,M,G} (2048-10485759,默認爲 10485759):
將使用默認值 10485759
分區 2 已設置爲 Linux 類型,大小設爲 5 GiB
命令(輸入 m 獲取幫助):w
The partition table has been altered!
Calling ioctl() to re-read partition table.
正在同步磁盤。
查看分區:
磁盤 /dev/vdb:10.7 GB, 10737418240 字節,20971520 個扇區
Units = 扇區 of 1 * 512 = 512 bytes
扇區大小(邏輯/物理):512 字節 / 512 字節
I/O 大小(最小/最佳):512 字節 / 512 字節
磁盤標籤類型:dos
磁盤標識符:0xcce723fe
設備 Boot Start End Blocks Id System
/dev/vdb1 10485760 20971519 5242880 83 Linux
/dev/vdb2 2048 10485759 5241856 83 Linux
創建軟RAID:
[root@a ~]# mdadm -C /dev/md0 -l 5 -n 3 /dev/vdb1 /dev/vdb2 /dev/vdc1 -x 1 /dev/vdd1
mdadm: largest drive (/dev/vdc1) exceeds size (5237760K) by more than 1%
Continue creating array? y
mdadm: Defaulting to version 1.2 metadata
mdadm: array /dev/md0 started.
查看RAID:
磁盤 /dev/md0:10.7 GB, 10726932480 字節,20951040 個扇區
Units = 扇區 of 1 * 512 = 512 bytes
扇區大小(邏輯/物理):512 字節 / 512 字節
I/O 大小(最小/最佳):524288 字節 / 1048576 字節
[root@a ~]# mdadm --detail /dev/md0
/dev/md0:
Version : 1.2
Creation Time : Mon Apr 15 21:20:17 2019
Raid Level : raid5
Array Size : 10475520 (9.99 GiB 10.73 GB)
Used Dev Size : 5237760 (5.00 GiB 5.36 GB)
Raid Devices : 3
Total Devices : 4
Persistence : Superblock is persistent
Update Time : Mon Apr 15 21:22:02 2019
State : clean
Active Devices : 3
Working Devices : 4
Failed Devices : 0
Spare Devices : 1
Layout : left-symmetric
Chunk Size : 512K
Name : a:0 (local to host a)
UUID : 10ebd410:b2a1fbde:ebb1acb8:d816df09
Events : 18
Number Major Minor RaidDevice State
0 252 17 0 active sync /dev/vdb1
1 252 18 1 active sync /dev/vdb2
4 252 33 2 active sync /dev/vdc1
3 252 49 - spare /dev/vdd1
格式化md0文件系統:
[root@a ~]# mkfs.xfs /dev/md0
meta-data=/dev/md0 isize=256 agcount=16, agsize=163712 blks
= sectsz=512 attr=2, projid32bit=1
= crc=0 finobt=0
data = bsize=4096 blocks=2618880, imaxpct=25
= sunit=128 swidth=256 blks
naming =version 2 bsize=4096 ascii-ci=0 ftype=0
log =internal log bsize=4096 blocks=2560, version=2
= sectsz=512 sunit=8 blks, lazy-count=1
realtime =none extsz=4096 blocks=0, rtextents=0
查看UUID:
[root@a ~]# blkid | grep md0
/dev/md0: UUID="2a093f19-2cab-4478-97f9-2c5050164a0c" TYPE="xfs"
實現開機自動掛載:
#
# /etc/fstab
# Created by anaconda on Thu Sep 22 17:50:17 2016
#
# Accessible filesystems, by reference, are maintained under '/dev/disk'
# See man pages fstab(5), findfs(8), mount(8) and/or blkid(8) for more info
#
/dev/mapper/centos-root / xfs defaults 0 0
UUID=41f7a291-c7de-4694-a5ee-1e6313ff9f44 /boot xfs defaults 0 0
/dev/mapper/centos-swap swap swap defaults 0 0
UUID=2a093f19-2cab-4478-97f9-2c5050164a0c /data/web_data xfs defaults 0 0
創建掛載目錄及掛載:
[root@a ~]# mkdir -p /data/web_data
[root@a ~]# mount /dev/md0 /data/web_data/
[root@a ~]# mount |grep md0
/dev/md0 on /data/web_data type xfs (rw,relatime,attr2,inode64,sunit=1024,swidth=2048,noquota)
B創建LVM物理卷要求如下:
1:創建卷組datastore,PE大小爲16MB
2:邏輯卷ftp_data所屬datastore,大小10G
3:邏輯卷格式化爲XFS文件系統,UUID方式自動掛載到/data/ftp_data
配置本地YUM源(可參考A操作)
測試YUM源
[root@b ~]# yum repolist
已加載插件:fastestmirror
dvd | 3.6 kB 00:00:00
(1/2): dvd/group_gz | 155 kB 00:00:00
(2/2): dvd/primary_db | 2.8 MB 00:00:00
Determining fastest mirrors
源標識 源名稱 狀態
dvd dvd 3,723
repolist: 3,723
查看雲硬盤:
[root@b ~]# fdisk -l
磁盤 /dev/vda:53.7 GB, 53687091200 字節,104857600 個扇區
Units = 扇區 of 1 * 512 = 512 bytes
扇區大小(邏輯/物理):512 字節 / 512 字節
I/O 大小(最小/最佳):512 字節 / 512 字節
磁盤標籤類型:dos
磁盤標識符:0x000b2200
設備 Boot Start End Blocks Id System
/dev/vda1 * 2048 1026047 512000 83 Linux
/dev/vda2 1026048 104857599 51915776 8e Linux LVM
磁盤 /dev/mapper/centos-root:47.7 GB, 47747956736 字節,93257728 個扇區
Units = 扇區 of 1 * 512 = 512 bytes
扇區大小(邏輯/物理):512 字節 / 512 字節
I/O 大小(最小/最佳):512 字節 / 512 字節
磁盤 /dev/mapper/centos-swap:5368 MB, 5368709120 字節,10485760 個扇區
Units = 扇區 of 1 * 512 = 512 bytes
扇區大小(邏輯/物理):512 字節 / 512 字節
I/O 大小(最小/最佳):512 字節 / 512 字節
磁盤 /dev/vdb:16.1 GB, 16106127360 字節,31457280 個扇區
Units = 扇區 of 1 * 512 = 512 bytes
扇區大小(邏輯/物理):512 字節 / 512 字節
I/O 大小(最小/最佳):512 字節 / 512 字節
創建分區1:
[root@b ~]# fdisk -l |grep /dev/vdb
磁盤 /dev/vdb:16.1 GB, 16106127360 字節,31457280 個扇區
/dev/vdb1 2048 31457279 15727616 83 Linux
初始化爲物理卷:
[root@b ~]# pvcreate /dev/vdb1
Physical volume "/dev/vdb1" successfully created
創建卷組:
[root@b ~]# vgcreate -s 16M datastore /dev/vdb1
Volume group "datastore" successfully created
創建邏輯卷:
[root@b ~]# lvcreate -L 10G datastore -n ftp_data
Logical volume "ftp_data" created.
格式化爲XFS:
[root@b ~]# mkfs.xfs /dev/mapper/datastore-ftp_data
meta-data=/dev/mapper/datastore-ftp_data isize=256 agcount=4, agsize=655360 blks
= sectsz=512 attr=2, projid32bit=1
= crc=0 finobt=0
data = bsize=4096 blocks=2621440, imaxpct=25
= sunit=0 swidth=0 blks
naming =version 2 bsize=4096 ascii-ci=0 ftype=0
log =internal log bsize=4096 blocks=2560, version=2
= sectsz=512 sunit=0 blks, lazy-count=1
realtime =none extsz=4096 blocks=0, rtextents=0
查看UUID:
[root@b ~]# blkid |grep ftp
/dev/mapper/datastore-ftp_data: UUID="75c47946-b0f8-4685-98fb-d0b79dd940de" TYPE="xfs"
實現自動掛載:
[root@b ~]# vim /etc/fstab
#
# /etc/fstab
# Created by anaconda on Thu Sep 22 17:50:17 2016
#
# Accessible filesystems, by reference, are maintained under '/dev/disk'
# See man pages fstab(5), findfs(8), mount(8) and/or blkid(8) for more info
#
/dev/mapper/centos-root / xfs defaults 0 0
UUID=41f7a291-c7de-4694-a5ee-1e6313ff9f44 /boot xfs defaults 0 0
/dev/mapper/centos-swap swap swap defaults 0 0
UUID=75c47946-b0f8-4685-98fb-d0b79dd940de /data/ftp_data xfs defaults 0 0
創建掛載目錄及掛載:
[root@b ~]# mkdir -p /data/ftp_data
[root@b ~]# mount /dev/mapper/datastore-ftp_data /data/ftp_data/
[root@b ~]# mount |grep ftp
/dev/mapper/datastore-ftp_data on /data/ftp_data type xfs (rw,relatime,attr2,inode64,noquota)
(A)配置DNS服務要求如下:
1:添加www.rj.com解析A的公網IP
2:添加ftp.rj.com解析B的公網IP
3:允許B192.168.2.33進行區域傳送
4:允許所有主機查詢和遞歸查詢
5:區域定義在/etc/named.conf
6:區域數據文件爲rj.com.zone
7:B作爲A的從DNS服務器
(A)下載安裝bind:
[root@a ~]# yum install bind* -y > /dev/null
測試啓動並備份配置文件:
[root@a ~]# systemctl restart named
[root@a ~]# cp /etc/named.conf /opt/copy/
修改配置文件:
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
options {
listen-on port 53 { any; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { any; };
/*
- If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
- If you are building a RECURSIVE (caching) DNS server, you need to enable
recursion.
- If your recursive DNS server has a public IP address, you MUST enable access
control to limit queries to your legitimate users. Failing to do so will
cause your server to become part of large scale DNS amplification
attacks. Implementing BCP38 within your network would greatly
reduce such attack surface
*/
recursion yes;
dnssec-enable no;
dnssec-validation no;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN {
type hint;
file "named.ca";
};
zone "rj.com"{
type master;
allow-transfer { 192.168.2.33; };
file "rj.com.zone";
複製區域數據文件:
[root@a ~]# cp /var/named/named.localhost /var/named/rj.com.zone
修改區域數據文件:
$TTL 1D
@ IN SOA rj.com. rname.invalid. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
IN NS a
IN NS b
a IN A 172.16.0.137
b IN A 172.16.0.138
www IN A 172.16.0.137
ftp IN A 172.16.0.138
修改屬組及測試啓動:
[root@a ~]# chgrp named /var/named/rj.com.zone
[root@a ~]# systemctl restart named
[root@a ~]# nslookup www.rj.com
Server: 172.16.0.137
Address: 172.16.0.137#53
Name: www.rj.com
Address: 172.16.0.137
[root@a ~]# nslookup ftp.rj.com
Server: 172.16.0.137
Address: 172.16.0.137#53
Name: ftp.rj.com
Address: 172.16.0.138
B(下載安裝bind)及測試啓動:
[root@b ~]# yum install bind* -y > /dev/null
[root@b ~]# systemctl restart named
備份配置文件:
[root@b ~]# cp /etc/named.conf /opt/copy/
修改配置文件:
[root@b ~]# vim /etc/named.conf
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
options {
listen-on port 53 { 127.0.0.1; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { localhost; };
/*
- If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
- If you are building a RECURSIVE (caching) DNS server, you need to enable
recursion.
- If your recursive DNS server has a public IP address, you MUST enable access
control to limit queries to your legitimate users. Failing to do so will
cause your server to become part of large scale DNS amplification
attacks. Implementing BCP38 within your network would greatly
reduce such attack surface
*/
recursion yes;
dnssec-enable yes;
dnssec-validation yes;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN {
type hint;
file "named.ca";
};
"/etc/named.conf" 57L, 1558C
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
options {
listen-on port 53 { any; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { any; };
/*
- If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
- If you are building a RECURSIVE (caching) DNS server, you need to enable
recursion.
- If your recursive DNS server has a public IP address, you MUST enable access
control to limit queries to your legitimate users. Failing to do so will
cause your server to become part of large scale DNS amplification
attacks. Implementing BCP38 within your network would greatly
reduce such attack surface
*/
recursion yes;
dnssec-enable no;
dnssec-validation no;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN {
type hint;
file "named.ca";
};
zone "rj.com"{
type slave;
file "slaves/rj.com.zone";
masters { 192.168.2.22; };
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
測試啓動:
[root@b ~]# systemctl restart named
[root@b ~]# ls /var/named/slaves/
rj.com.zone
[root@b ~]# nslookup www.rj.com
Server: 172.16.0.138
Address: 172.16.0.138#53
Name: www.rj.com
Address: 172.16.0.137
[root@b ~]#
(A)配置HTTP要求如下:
1:配置virthost.conf放置在/etc/httpd/conf.d/
2:使用www.rj.com作爲域名
3:跟目錄/data/web_data
下載安裝HTTP:
[root@a ~]# yum install httpd* -y > /dev/null
測試啓動及添加顯示文件:
[root@a ~]# echo "This is ceshi" > /data/web_data/index.html
[root@a ~]# systemctl restart httpd
備份配置文件:
[root@a ~]# cp /etc/httpd/conf/httpd.conf /opt/copy/
修改配置文件:
# EnableMMAP and EnableSendfile: On systems that support it,
# memory-mapping or the sendfile syscall may be used to deliver
# files. This usually improves server performance, but must
# be turned off when serving from networked-mounted
# filesystems or if support for these functions is otherwise
# broken on your system.
# Defaults if commented: EnableMMAP On, EnableSendfile Off
#
#EnableMMAP off
EnableSendfile on
# Supplemental configuration
#
# Load config files in the "/etc/httpd/conf.d" directory, if any.
IncludeOptional conf.d/virthost.conf
修改virthost.conf:
[root@a ~]# vim /etc/httpd/conf.d/virthost.conf
<virtualhost *:80>
servername www.rj.com
documentroot "/data/web_data"
<directory "/data/web_data">
require all granted
</directory>
</virtualhost>
測試啓動及訪問:
[root@a ~]# systemctl restart httpd
[root@a ~]# curl www.rj.com
This is ceshi
(B)配置FTP服務要求如下:
1:拒絕匿名,只允許本地用戶登陸
2:使用被動模式,設置B公網爲被動模式地址
3:所有用戶主目錄爲/data/ftp_data宿主爲virtual用戶
4:將用戶使用文件方式記錄賬號及密碼
下載安裝vsftp:
[root@b ~]# yum install vsftpd* -y > /dev/null
[root@b ~]# yum install ftp* -y > /dev/null
創建宿主用戶:
[root@b ~]# useradd -d /data/ftp_data/ -s /sbin/nologin virtual
配置虛擬用戶:
[root@b vsftpd]# vim vlogin
ftpuser1
123456
ftpuser2
123456
ftpadmin
123456
生成數據庫文件:
[root@b vsftpd]# db_load -T -t hash -f vlogin vlogin.db
[root@b vsftpd]# ls
ftpusers user_list vlogin vlogin.db vsftpd.conf vsftpd_conf_migrate.sh
備份並配置pam文件:
[root@b vsftpd]# vim /etc/pam.d/vsftpd.vu
auth required /lib64/security/pam_userdb.so db=/etc/vsftpd/vlogin
account required /lib64/security/pam_userdb.so db=/etc/vsftpd/vlogin.
配置vsftpd.conf:
[root@b vsftpd]# vim /etc/vsftpd/vsftpd.conf
# Example config file /etc/vsftpd/vsftpd.conf
#
# The default compiled in settings are fairly paranoid. This sample file
# loosens things up a bit, to make the ftp daemon more usable.
# Please see vsftpd.conf.5 for all compiled in defaults.
#
# READ THIS: This example file is NOT an exhaustive list of vsftpd options.
# Please read the vsftpd.conf.5 manual page to get a full idea of vsftpd's
# capabilities.
#
# Allow anonymous FTP? (Beware - allowed by default if you comment this out).
anonymous_enable=NO
#
# Uncomment this to allow local users to log in.
# When SELinux is enforcing check for SE bool ftp_home_dir
local_enable=YES
#
# Uncomment this to enable any form of FTP write command.
write_enable=YES
#
# Default umask for local users is 077. You may wish to change this to 022,
# if your users expect that (022 is used by most other ftpd's)
local_umask=022
#
# Uncomment this to allow the anonymous FTP user to upload files. This only
# has an effect if the above global write enable is activated. Also, you will
# obviously need to create a directory writable by the FTP user.
# When SELinux is enforcing check for SE bool allow_ftpd_anon_write, allow_ftpd_full_access
#anon_upload_enable=YES
#
# Uncomment this if you want the anonymous FTP user to be able to create
# new directories.
#anon_mkdir_write_enable=YES
#
# Activate directory messages - messages given to remote users when they
# go into a certain directory.
dirmessage_enable=YES
#
# Activate logging of uploads/downloads.
xferlog_enable=YES
#
# Make sure PORT transfer connections originate from port 20 (ftp-data).
connect_from_port_20=YES
#
# If you want, you can arrange for uploaded anonymous files to be owned by
# a different user. Note! Using "root" for uploaded files is not
# recommended!
#chown_uploads=YES
#chown_username=whoever
#
# You may override where the log file goes if you like. The default is shown
# below.
#xferlog_file=/var/log/xferlog
#
# If you want, you can have your log file in standard ftpd xferlog format.
# Note that the default log file location is /var/log/xferlog in this case.
xferlog_std_format=YES
#
# You may change the default value for timing out an idle session.
#idle_session_timeout=600
#
# You may change the default value for timing out a data connection.
#data_connection_timeout=120
#
# It is recommended that you define on your system a unique user which the
# ftp server can use as a totally isolated and unprivileged user.
#nopriv_user=ftpsecure
#
# Enable this and the server will recognise asynchronous ABOR requests. Not
# recommended for security (the code is non-trivial). Not enabling it,
# however, may confuse older FTP clients.
#async_abor_enable=YES
#
# By default the server will pretend to allow ASCII mode but in fact ignore
# the request. Turn on the below options to have the server actually do ASCII
# mangling on files when in ASCII mode.
# Beware that on some FTP servers, ASCII support allows a denial of service
# attack (DoS) via the command "SIZE /big/file" in ASCII mode. vsftpd
# predicted this attack and has always been safe, reporting the size of the
# raw file.
# ASCII mangling is a horrible feature of the protocol.
#ascii_upload_enable=YES
#ascii_download_enable=YES
#
# You may fully customise the login banner string:
#ftpd_banner=Welcome to blah FTP service.
#
# You may specify a file of disallowed anonymous e-mail addresses. Apparently
# useful for combatting certain DoS attacks.
#deny_email_enable=YES
# (default follows)
#banned_email_file=/etc/vsftpd/banned_emails
#
# You may specify an explicit list of local users to chroot() to their home
# directory. If chroot_local_user is YES, then this list becomes a list of
# users to NOT chroot().
# (Warning! chroot'ing can be very dangerous. If using chroot, make sure that
# the user does not have write access to the top level directory within the
# chroot)
#chroot_local_user=YES
#chroot_list_enable=YES
# (default follows)
#chroot_list_file=/etc/vsftpd/chroot_list
#
# You may activate the "-R" option to the builtin ls. This is disabled by
# default to avoid remote users being able to cause excessive I/O on large
# sites. However, some broken FTP clients such as "ncftp" and "mirror" assume
# the presence of the "-R" option, so there is a strong case for enabling it.
#ls_recurse_enable=YES
#
# When "listen" directive is enabled, vsftpd runs in standalone mode and
# listens on IPv4 sockets. This directive cannot be used in conjunction
# with the listen_ipv6 directive.
listen=NO
#
# This directive enables listening on IPv6 sockets. By default, listening
# on the IPv6 "any" address (::) will accept connections from both IPv6
# and IPv4 clients. It is not necessary to listen on *both* IPv4 and IPv6
# sockets. If you want that (perhaps because you want to listen on specific
# addresses) then you must run two copies of vsftpd with two configuration
# files.
# Make sure, that one of the listen options is commented !!
listen_ipv6=YES
chroot_local_user=YES
local_root=/data/ftp_data
anon_root=/data/ftp_data
allow_writeable_chroot=YES
#pasv_enable=YES
#pasv_address=172.16.0.138
#pasv_addr_resolve=YES
pasv_promiscuous=YES
pam_service_name=vsftpd.vu
userlist_enable=YES
tcp_wrappers=YES
user_config_dir=/etc/vsftpd/user_conf
guest_enable=YES
guest_username=virtual
創建虛擬用戶權限配置文件:
[root@b user_conf]# vim ftpadmin
anon_upload_enale=YES
anon_mkdir_write_enable=YES
anon_other_write_enable=YES
anon_umask=022
測試啓動:
[root@b ~]# ftp 172.16.0.138
Connected to 172.16.0.138 (172.16.0.138).
220 (vsFTPd 3.0.2)
Name (172.16.0.138:root): ftpadmin
331 Please specify the password.
Password:
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
結語:
B卷就此結束,如有問題可聯繫博主。