此篇为2018年国赛系列第二篇文章,至对于样题B卷服务器部分实现,现将涉及到的技术分享给大家。如有不妥或需改善之处,请各位多多指教。
联系方式为(VX:Yvresse_ai)
环境说明:
云平台:RG-JCOS 操作系统:Centos7
样题B卷服务网络Topo:
样题B卷服务系统Topo:
A网卡信息及主机名:
[root@a ~]# ip add
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether fa:16:3e:d6:36:b5 brd ff:ff:ff:ff:ff:ff
inet 192.168.1.22/24 brd 192.168.1.255 scope global dynamic eth0
valid_lft 86269sec preferred_lft 86269sec
inet6 fe80::f816:3eff:fed6:36b5/64 scope link
valid_lft forever preferred_lft forever
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether fa:16:3e:29:84:4d brd ff:ff:ff:ff:ff:ff
inet 192.168.2.22/24 brd 192.168.2.255 scope global eth1
valid_lft forever preferred_lft forever
inet6 fe80::f816:3eff:fe29:844d/64 scope link
valid_lft forever preferred_lft forever
[root@a ~]# hostname
a
B网卡信息及主机名:
[root@b ~]# ip add
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether fa:16:3e:a8:82:98 brd ff:ff:ff:ff:ff:ff
inet 192.168.1.33/24 brd 192.168.1.255 scope global dynamic eth0
valid_lft 86357sec preferred_lft 86357sec
inet6 fe80::f816:3eff:fea8:8298/64 scope link
valid_lft forever preferred_lft forever
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether fa:16:3e:d0:75:2f brd ff:ff:ff:ff:ff:ff
inet 192.168.2.33/24 brd 192.168.2.255 scope global eth1
valid_lft forever preferred_lft forever
inet6 fe80::f816:3eff:fed0:752f/64 scope link
valid_lft forever preferred_lft forever
[root@b ~]# hostname
b
A创建软RAID要求如下:
1:创建RAID5阵列使用两块云硬盘,设备文件名为md0
2:格式化为XFS格式使用UUID实现自动挂载
配置本地YUM源:
1:创建本地挂载目录及配置文件备份目录
2:挂载镜像,创建本地YUM源配置文件
3:测试本地YUM源
创建本地挂载目录及备份文件目录:
[root@a ~]# mkdir /mnt/cdrom
[root@a ~]# mkdir /opt/copy
镜像挂载至本地挂载目录:
[root@a ~]# mount /root/CentOS-7-x86_64-DVD-1511.iso /mnt/cdrom/
mount: /dev/loop0 写保护,将以只读方式挂载
备份YUM源文件及创建本地YUM源配置文件:
[root@a ~]# mv /etc/yum.repos.d/* /opt/copy/
[root@a ~]# vim /etc/yum.repos.d/dvd.repo
[dvd]
name=dvd
baseurl=file:///mnt/cdrom
测试:
[root@a ~]# yum repolist
已加载插件:fastestmirror
dvd | 3.6 kB 00:00:00
(1/2): dvd/group_gz | 155 kB 00:00:00
(2/2): dvd/primary_db | 2.8 MB 00:00:00
Determining fastest mirrors
源标识 源名称 状态
dvd dvd 3,723
repolist: 3,723
查看挂载的三块云硬盘:
[root@a ~]# fdisk -l
磁盘 /dev/vda:53.7 GB, 53687091200 字节,104857600 个扇区
Units = 扇区 of 1 * 512 = 512 bytes
扇区大小(逻辑/物理):512 字节 / 512 字节
I/O 大小(最小/最佳):512 字节 / 512 字节
磁盘标签类型:dos
磁盘标识符:0x000b2200
设备 Boot Start End Blocks Id System
/dev/vda1 * 2048 1026047 512000 83 Linux
/dev/vda2 1026048 104857599 51915776 8e Linux LVM
磁盘 /dev/mapper/centos-root:47.7 GB, 47747956736 字节,93257728 个扇区
Units = 扇区 of 1 * 512 = 512 bytes
扇区大小(逻辑/物理):512 字节 / 512 字节
I/O 大小(最小/最佳):512 字节 / 512 字节
磁盘 /dev/mapper/centos-swap:5368 MB, 5368709120 字节,10485760 个扇区
Units = 扇区 of 1 * 512 = 512 bytes
扇区大小(逻辑/物理):512 字节 / 512 字节
I/O 大小(最小/最佳):512 字节 / 512 字节
磁盘 /dev/vdb:10.7 GB, 10737418240 字节,20971520 个扇区
Units = 扇区 of 1 * 512 = 512 bytes
扇区大小(逻辑/物理):512 字节 / 512 字节
I/O 大小(最小/最佳):512 字节 / 512 字节
磁盘 /dev/vdc:10.7 GB, 10737418240 字节,20971520 个扇区
Units = 扇区 of 1 * 512 = 512 bytes
扇区大小(逻辑/物理):512 字节 / 512 字节
I/O 大小(最小/最佳):512 字节 / 512 字节
磁盘 /dev/vdd:10.7 GB, 10737418240 字节,20971520 个扇区
Units = 扇区 of 1 * 512 = 512 bytes
扇区大小(逻辑/物理):512 字节 / 512 字节
I/O 大小(最小/最佳):512 字节 / 512 字节
下载安装mdadm:
[root@a ~]# yum install mdadm* -y >/dev/null
按照题目要求三块云硬盘,两块做RAID5还有一块没要求姑且认为是热备吧
RAID5最少是需要三块的,但题目要求两块盘做,所以我只好取其中一块盘做两个分区,然后合成RAID5(此处我也是不太理解为何要求两块盘,有清楚的小伙伴可以联系我)
将其中一块磁盘分区:
[root@a ~]# fdisk /dev/vdb
欢迎使用 fdisk (util-linux 2.23.2)。
更改将停留在内存中,直到您决定将更改写入磁盘。
使用写入命令前请三思。
Device does not contain a recognized partition table
使用磁盘标识符 0xcce723fe 创建新的 DOS 磁盘标签。
命令(输入 m 获取帮助):m
命令操作
a toggle a bootable flag
b edit bsd disklabel
c toggle the dos compatibility flag
d delete a partition
g create a new empty GPT partition table
G create an IRIX (SGI) partition table
l list known partition types
m print this menu
n add a new partition
o create a new empty DOS partition table
p print the partition table
q quit without saving changes
s create a new empty Sun disklabel
t change a partition's system id
u change display/entry units
v verify the partition table
w write table to disk and exit
x extra functionality (experts only)
命令(输入 m 获取帮助):n
Partition type:
p primary (0 primary, 0 extended, 4 free)
e extended
Select (default p): p
分区号 (1-4,默认 1):1
起始 扇区 (2048-20971519,默认为 2048):+5G
Last 扇区, +扇区 or +size{K,M,G} (10485760-20971519,默认为 20971519):
将使用默认值 20971519
分区 1 已设置为 Linux 类型,大小设为 5 GiB
命令(输入 m 获取帮助):w
The partition table has been altered!
Calling ioctl() to re-read partition table.
正在同步磁盘。
[root@a ~]# fdisk /dev/vdb
欢迎使用 fdisk (util-linux 2.23.2)。
更改将停留在内存中,直到您决定将更改写入磁盘。
使用写入命令前请三思。
命令(输入 m 获取帮助):m
命令操作
a toggle a bootable flag
b edit bsd disklabel
c toggle the dos compatibility flag
d delete a partition
g create a new empty GPT partition table
G create an IRIX (SGI) partition table
l list known partition types
m print this menu
n add a new partition
o create a new empty DOS partition table
p print the partition table
q quit without saving changes
s create a new empty Sun disklabel
t change a partition's system id
u change display/entry units
v verify the partition table
w write table to disk and exit
x extra functionality (experts only)
命令(输入 m 获取帮助):n
Partition type:
p primary (1 primary, 0 extended, 3 free)
e extended
Select (default p): p
分区号 (2-4,默认 2):2
起始 扇区 (2048-20971519,默认为 2048):
将使用默认值 2048
Last 扇区, +扇区 or +size{K,M,G} (2048-10485759,默认为 10485759):
将使用默认值 10485759
分区 2 已设置为 Linux 类型,大小设为 5 GiB
命令(输入 m 获取帮助):w
The partition table has been altered!
Calling ioctl() to re-read partition table.
正在同步磁盘。
查看分区:
磁盘 /dev/vdb:10.7 GB, 10737418240 字节,20971520 个扇区
Units = 扇区 of 1 * 512 = 512 bytes
扇区大小(逻辑/物理):512 字节 / 512 字节
I/O 大小(最小/最佳):512 字节 / 512 字节
磁盘标签类型:dos
磁盘标识符:0xcce723fe
设备 Boot Start End Blocks Id System
/dev/vdb1 10485760 20971519 5242880 83 Linux
/dev/vdb2 2048 10485759 5241856 83 Linux
创建软RAID:
[root@a ~]# mdadm -C /dev/md0 -l 5 -n 3 /dev/vdb1 /dev/vdb2 /dev/vdc1 -x 1 /dev/vdd1
mdadm: largest drive (/dev/vdc1) exceeds size (5237760K) by more than 1%
Continue creating array? y
mdadm: Defaulting to version 1.2 metadata
mdadm: array /dev/md0 started.
查看RAID:
磁盘 /dev/md0:10.7 GB, 10726932480 字节,20951040 个扇区
Units = 扇区 of 1 * 512 = 512 bytes
扇区大小(逻辑/物理):512 字节 / 512 字节
I/O 大小(最小/最佳):524288 字节 / 1048576 字节
[root@a ~]# mdadm --detail /dev/md0
/dev/md0:
Version : 1.2
Creation Time : Mon Apr 15 21:20:17 2019
Raid Level : raid5
Array Size : 10475520 (9.99 GiB 10.73 GB)
Used Dev Size : 5237760 (5.00 GiB 5.36 GB)
Raid Devices : 3
Total Devices : 4
Persistence : Superblock is persistent
Update Time : Mon Apr 15 21:22:02 2019
State : clean
Active Devices : 3
Working Devices : 4
Failed Devices : 0
Spare Devices : 1
Layout : left-symmetric
Chunk Size : 512K
Name : a:0 (local to host a)
UUID : 10ebd410:b2a1fbde:ebb1acb8:d816df09
Events : 18
Number Major Minor RaidDevice State
0 252 17 0 active sync /dev/vdb1
1 252 18 1 active sync /dev/vdb2
4 252 33 2 active sync /dev/vdc1
3 252 49 - spare /dev/vdd1
格式化md0文件系统:
[root@a ~]# mkfs.xfs /dev/md0
meta-data=/dev/md0 isize=256 agcount=16, agsize=163712 blks
= sectsz=512 attr=2, projid32bit=1
= crc=0 finobt=0
data = bsize=4096 blocks=2618880, imaxpct=25
= sunit=128 swidth=256 blks
naming =version 2 bsize=4096 ascii-ci=0 ftype=0
log =internal log bsize=4096 blocks=2560, version=2
= sectsz=512 sunit=8 blks, lazy-count=1
realtime =none extsz=4096 blocks=0, rtextents=0
查看UUID:
[root@a ~]# blkid | grep md0
/dev/md0: UUID="2a093f19-2cab-4478-97f9-2c5050164a0c" TYPE="xfs"
实现开机自动挂载:
#
# /etc/fstab
# Created by anaconda on Thu Sep 22 17:50:17 2016
#
# Accessible filesystems, by reference, are maintained under '/dev/disk'
# See man pages fstab(5), findfs(8), mount(8) and/or blkid(8) for more info
#
/dev/mapper/centos-root / xfs defaults 0 0
UUID=41f7a291-c7de-4694-a5ee-1e6313ff9f44 /boot xfs defaults 0 0
/dev/mapper/centos-swap swap swap defaults 0 0
UUID=2a093f19-2cab-4478-97f9-2c5050164a0c /data/web_data xfs defaults 0 0
创建挂载目录及挂载:
[root@a ~]# mkdir -p /data/web_data
[root@a ~]# mount /dev/md0 /data/web_data/
[root@a ~]# mount |grep md0
/dev/md0 on /data/web_data type xfs (rw,relatime,attr2,inode64,sunit=1024,swidth=2048,noquota)
B创建LVM物理卷要求如下:
1:创建卷组datastore,PE大小为16MB
2:逻辑卷ftp_data所属datastore,大小10G
3:逻辑卷格式化为XFS文件系统,UUID方式自动挂载到/data/ftp_data
配置本地YUM源(可参考A操作)
测试YUM源
[root@b ~]# yum repolist
已加载插件:fastestmirror
dvd | 3.6 kB 00:00:00
(1/2): dvd/group_gz | 155 kB 00:00:00
(2/2): dvd/primary_db | 2.8 MB 00:00:00
Determining fastest mirrors
源标识 源名称 状态
dvd dvd 3,723
repolist: 3,723
查看云硬盘:
[root@b ~]# fdisk -l
磁盘 /dev/vda:53.7 GB, 53687091200 字节,104857600 个扇区
Units = 扇区 of 1 * 512 = 512 bytes
扇区大小(逻辑/物理):512 字节 / 512 字节
I/O 大小(最小/最佳):512 字节 / 512 字节
磁盘标签类型:dos
磁盘标识符:0x000b2200
设备 Boot Start End Blocks Id System
/dev/vda1 * 2048 1026047 512000 83 Linux
/dev/vda2 1026048 104857599 51915776 8e Linux LVM
磁盘 /dev/mapper/centos-root:47.7 GB, 47747956736 字节,93257728 个扇区
Units = 扇区 of 1 * 512 = 512 bytes
扇区大小(逻辑/物理):512 字节 / 512 字节
I/O 大小(最小/最佳):512 字节 / 512 字节
磁盘 /dev/mapper/centos-swap:5368 MB, 5368709120 字节,10485760 个扇区
Units = 扇区 of 1 * 512 = 512 bytes
扇区大小(逻辑/物理):512 字节 / 512 字节
I/O 大小(最小/最佳):512 字节 / 512 字节
磁盘 /dev/vdb:16.1 GB, 16106127360 字节,31457280 个扇区
Units = 扇区 of 1 * 512 = 512 bytes
扇区大小(逻辑/物理):512 字节 / 512 字节
I/O 大小(最小/最佳):512 字节 / 512 字节
创建分区1:
[root@b ~]# fdisk -l |grep /dev/vdb
磁盘 /dev/vdb:16.1 GB, 16106127360 字节,31457280 个扇区
/dev/vdb1 2048 31457279 15727616 83 Linux
初始化为物理卷:
[root@b ~]# pvcreate /dev/vdb1
Physical volume "/dev/vdb1" successfully created
创建卷组:
[root@b ~]# vgcreate -s 16M datastore /dev/vdb1
Volume group "datastore" successfully created
创建逻辑卷:
[root@b ~]# lvcreate -L 10G datastore -n ftp_data
Logical volume "ftp_data" created.
格式化为XFS:
[root@b ~]# mkfs.xfs /dev/mapper/datastore-ftp_data
meta-data=/dev/mapper/datastore-ftp_data isize=256 agcount=4, agsize=655360 blks
= sectsz=512 attr=2, projid32bit=1
= crc=0 finobt=0
data = bsize=4096 blocks=2621440, imaxpct=25
= sunit=0 swidth=0 blks
naming =version 2 bsize=4096 ascii-ci=0 ftype=0
log =internal log bsize=4096 blocks=2560, version=2
= sectsz=512 sunit=0 blks, lazy-count=1
realtime =none extsz=4096 blocks=0, rtextents=0
查看UUID:
[root@b ~]# blkid |grep ftp
/dev/mapper/datastore-ftp_data: UUID="75c47946-b0f8-4685-98fb-d0b79dd940de" TYPE="xfs"
实现自动挂载:
[root@b ~]# vim /etc/fstab
#
# /etc/fstab
# Created by anaconda on Thu Sep 22 17:50:17 2016
#
# Accessible filesystems, by reference, are maintained under '/dev/disk'
# See man pages fstab(5), findfs(8), mount(8) and/or blkid(8) for more info
#
/dev/mapper/centos-root / xfs defaults 0 0
UUID=41f7a291-c7de-4694-a5ee-1e6313ff9f44 /boot xfs defaults 0 0
/dev/mapper/centos-swap swap swap defaults 0 0
UUID=75c47946-b0f8-4685-98fb-d0b79dd940de /data/ftp_data xfs defaults 0 0
创建挂载目录及挂载:
[root@b ~]# mkdir -p /data/ftp_data
[root@b ~]# mount /dev/mapper/datastore-ftp_data /data/ftp_data/
[root@b ~]# mount |grep ftp
/dev/mapper/datastore-ftp_data on /data/ftp_data type xfs (rw,relatime,attr2,inode64,noquota)
(A)配置DNS服务要求如下:
1:添加www.rj.com解析A的公网IP
2:添加ftp.rj.com解析B的公网IP
3:允许B192.168.2.33进行区域传送
4:允许所有主机查询和递归查询
5:区域定义在/etc/named.conf
6:区域数据文件为rj.com.zone
7:B作为A的从DNS服务器
(A)下载安装bind:
[root@a ~]# yum install bind* -y > /dev/null
测试启动并备份配置文件:
[root@a ~]# systemctl restart named
[root@a ~]# cp /etc/named.conf /opt/copy/
修改配置文件:
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
options {
listen-on port 53 { any; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { any; };
/*
- If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
- If you are building a RECURSIVE (caching) DNS server, you need to enable
recursion.
- If your recursive DNS server has a public IP address, you MUST enable access
control to limit queries to your legitimate users. Failing to do so will
cause your server to become part of large scale DNS amplification
attacks. Implementing BCP38 within your network would greatly
reduce such attack surface
*/
recursion yes;
dnssec-enable no;
dnssec-validation no;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN {
type hint;
file "named.ca";
};
zone "rj.com"{
type master;
allow-transfer { 192.168.2.33; };
file "rj.com.zone";
复制区域数据文件:
[root@a ~]# cp /var/named/named.localhost /var/named/rj.com.zone
修改区域数据文件:
$TTL 1D
@ IN SOA rj.com. rname.invalid. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
IN NS a
IN NS b
a IN A 172.16.0.137
b IN A 172.16.0.138
www IN A 172.16.0.137
ftp IN A 172.16.0.138
修改属组及测试启动:
[root@a ~]# chgrp named /var/named/rj.com.zone
[root@a ~]# systemctl restart named
[root@a ~]# nslookup www.rj.com
Server: 172.16.0.137
Address: 172.16.0.137#53
Name: www.rj.com
Address: 172.16.0.137
[root@a ~]# nslookup ftp.rj.com
Server: 172.16.0.137
Address: 172.16.0.137#53
Name: ftp.rj.com
Address: 172.16.0.138
B(下载安装bind)及测试启动:
[root@b ~]# yum install bind* -y > /dev/null
[root@b ~]# systemctl restart named
备份配置文件:
[root@b ~]# cp /etc/named.conf /opt/copy/
修改配置文件:
[root@b ~]# vim /etc/named.conf
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
options {
listen-on port 53 { 127.0.0.1; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { localhost; };
/*
- If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
- If you are building a RECURSIVE (caching) DNS server, you need to enable
recursion.
- If your recursive DNS server has a public IP address, you MUST enable access
control to limit queries to your legitimate users. Failing to do so will
cause your server to become part of large scale DNS amplification
attacks. Implementing BCP38 within your network would greatly
reduce such attack surface
*/
recursion yes;
dnssec-enable yes;
dnssec-validation yes;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN {
type hint;
file "named.ca";
};
"/etc/named.conf" 57L, 1558C
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
options {
listen-on port 53 { any; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { any; };
/*
- If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
- If you are building a RECURSIVE (caching) DNS server, you need to enable
recursion.
- If your recursive DNS server has a public IP address, you MUST enable access
control to limit queries to your legitimate users. Failing to do so will
cause your server to become part of large scale DNS amplification
attacks. Implementing BCP38 within your network would greatly
reduce such attack surface
*/
recursion yes;
dnssec-enable no;
dnssec-validation no;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN {
type hint;
file "named.ca";
};
zone "rj.com"{
type slave;
file "slaves/rj.com.zone";
masters { 192.168.2.22; };
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
测试启动:
[root@b ~]# systemctl restart named
[root@b ~]# ls /var/named/slaves/
rj.com.zone
[root@b ~]# nslookup www.rj.com
Server: 172.16.0.138
Address: 172.16.0.138#53
Name: www.rj.com
Address: 172.16.0.137
[root@b ~]#
(A)配置HTTP要求如下:
1:配置virthost.conf放置在/etc/httpd/conf.d/
2:使用www.rj.com作为域名
3:跟目录/data/web_data
下载安装HTTP:
[root@a ~]# yum install httpd* -y > /dev/null
测试启动及添加显示文件:
[root@a ~]# echo "This is ceshi" > /data/web_data/index.html
[root@a ~]# systemctl restart httpd
备份配置文件:
[root@a ~]# cp /etc/httpd/conf/httpd.conf /opt/copy/
修改配置文件:
# EnableMMAP and EnableSendfile: On systems that support it,
# memory-mapping or the sendfile syscall may be used to deliver
# files. This usually improves server performance, but must
# be turned off when serving from networked-mounted
# filesystems or if support for these functions is otherwise
# broken on your system.
# Defaults if commented: EnableMMAP On, EnableSendfile Off
#
#EnableMMAP off
EnableSendfile on
# Supplemental configuration
#
# Load config files in the "/etc/httpd/conf.d" directory, if any.
IncludeOptional conf.d/virthost.conf
修改virthost.conf:
[root@a ~]# vim /etc/httpd/conf.d/virthost.conf
<virtualhost *:80>
servername www.rj.com
documentroot "/data/web_data"
<directory "/data/web_data">
require all granted
</directory>
</virtualhost>
测试启动及访问:
[root@a ~]# systemctl restart httpd
[root@a ~]# curl www.rj.com
This is ceshi
(B)配置FTP服务要求如下:
1:拒绝匿名,只允许本地用户登陆
2:使用被动模式,设置B公网为被动模式地址
3:所有用户主目录为/data/ftp_data宿主为virtual用户
4:将用户使用文件方式记录账号及密码
下载安装vsftp:
[root@b ~]# yum install vsftpd* -y > /dev/null
[root@b ~]# yum install ftp* -y > /dev/null
创建宿主用户:
[root@b ~]# useradd -d /data/ftp_data/ -s /sbin/nologin virtual
配置虚拟用户:
[root@b vsftpd]# vim vlogin
ftpuser1
123456
ftpuser2
123456
ftpadmin
123456
生成数据库文件:
[root@b vsftpd]# db_load -T -t hash -f vlogin vlogin.db
[root@b vsftpd]# ls
ftpusers user_list vlogin vlogin.db vsftpd.conf vsftpd_conf_migrate.sh
备份并配置pam文件:
[root@b vsftpd]# vim /etc/pam.d/vsftpd.vu
auth required /lib64/security/pam_userdb.so db=/etc/vsftpd/vlogin
account required /lib64/security/pam_userdb.so db=/etc/vsftpd/vlogin.
配置vsftpd.conf:
[root@b vsftpd]# vim /etc/vsftpd/vsftpd.conf
# Example config file /etc/vsftpd/vsftpd.conf
#
# The default compiled in settings are fairly paranoid. This sample file
# loosens things up a bit, to make the ftp daemon more usable.
# Please see vsftpd.conf.5 for all compiled in defaults.
#
# READ THIS: This example file is NOT an exhaustive list of vsftpd options.
# Please read the vsftpd.conf.5 manual page to get a full idea of vsftpd's
# capabilities.
#
# Allow anonymous FTP? (Beware - allowed by default if you comment this out).
anonymous_enable=NO
#
# Uncomment this to allow local users to log in.
# When SELinux is enforcing check for SE bool ftp_home_dir
local_enable=YES
#
# Uncomment this to enable any form of FTP write command.
write_enable=YES
#
# Default umask for local users is 077. You may wish to change this to 022,
# if your users expect that (022 is used by most other ftpd's)
local_umask=022
#
# Uncomment this to allow the anonymous FTP user to upload files. This only
# has an effect if the above global write enable is activated. Also, you will
# obviously need to create a directory writable by the FTP user.
# When SELinux is enforcing check for SE bool allow_ftpd_anon_write, allow_ftpd_full_access
#anon_upload_enable=YES
#
# Uncomment this if you want the anonymous FTP user to be able to create
# new directories.
#anon_mkdir_write_enable=YES
#
# Activate directory messages - messages given to remote users when they
# go into a certain directory.
dirmessage_enable=YES
#
# Activate logging of uploads/downloads.
xferlog_enable=YES
#
# Make sure PORT transfer connections originate from port 20 (ftp-data).
connect_from_port_20=YES
#
# If you want, you can arrange for uploaded anonymous files to be owned by
# a different user. Note! Using "root" for uploaded files is not
# recommended!
#chown_uploads=YES
#chown_username=whoever
#
# You may override where the log file goes if you like. The default is shown
# below.
#xferlog_file=/var/log/xferlog
#
# If you want, you can have your log file in standard ftpd xferlog format.
# Note that the default log file location is /var/log/xferlog in this case.
xferlog_std_format=YES
#
# You may change the default value for timing out an idle session.
#idle_session_timeout=600
#
# You may change the default value for timing out a data connection.
#data_connection_timeout=120
#
# It is recommended that you define on your system a unique user which the
# ftp server can use as a totally isolated and unprivileged user.
#nopriv_user=ftpsecure
#
# Enable this and the server will recognise asynchronous ABOR requests. Not
# recommended for security (the code is non-trivial). Not enabling it,
# however, may confuse older FTP clients.
#async_abor_enable=YES
#
# By default the server will pretend to allow ASCII mode but in fact ignore
# the request. Turn on the below options to have the server actually do ASCII
# mangling on files when in ASCII mode.
# Beware that on some FTP servers, ASCII support allows a denial of service
# attack (DoS) via the command "SIZE /big/file" in ASCII mode. vsftpd
# predicted this attack and has always been safe, reporting the size of the
# raw file.
# ASCII mangling is a horrible feature of the protocol.
#ascii_upload_enable=YES
#ascii_download_enable=YES
#
# You may fully customise the login banner string:
#ftpd_banner=Welcome to blah FTP service.
#
# You may specify a file of disallowed anonymous e-mail addresses. Apparently
# useful for combatting certain DoS attacks.
#deny_email_enable=YES
# (default follows)
#banned_email_file=/etc/vsftpd/banned_emails
#
# You may specify an explicit list of local users to chroot() to their home
# directory. If chroot_local_user is YES, then this list becomes a list of
# users to NOT chroot().
# (Warning! chroot'ing can be very dangerous. If using chroot, make sure that
# the user does not have write access to the top level directory within the
# chroot)
#chroot_local_user=YES
#chroot_list_enable=YES
# (default follows)
#chroot_list_file=/etc/vsftpd/chroot_list
#
# You may activate the "-R" option to the builtin ls. This is disabled by
# default to avoid remote users being able to cause excessive I/O on large
# sites. However, some broken FTP clients such as "ncftp" and "mirror" assume
# the presence of the "-R" option, so there is a strong case for enabling it.
#ls_recurse_enable=YES
#
# When "listen" directive is enabled, vsftpd runs in standalone mode and
# listens on IPv4 sockets. This directive cannot be used in conjunction
# with the listen_ipv6 directive.
listen=NO
#
# This directive enables listening on IPv6 sockets. By default, listening
# on the IPv6 "any" address (::) will accept connections from both IPv6
# and IPv4 clients. It is not necessary to listen on *both* IPv4 and IPv6
# sockets. If you want that (perhaps because you want to listen on specific
# addresses) then you must run two copies of vsftpd with two configuration
# files.
# Make sure, that one of the listen options is commented !!
listen_ipv6=YES
chroot_local_user=YES
local_root=/data/ftp_data
anon_root=/data/ftp_data
allow_writeable_chroot=YES
#pasv_enable=YES
#pasv_address=172.16.0.138
#pasv_addr_resolve=YES
pasv_promiscuous=YES
pam_service_name=vsftpd.vu
userlist_enable=YES
tcp_wrappers=YES
user_config_dir=/etc/vsftpd/user_conf
guest_enable=YES
guest_username=virtual
创建虚拟用户权限配置文件:
[root@b user_conf]# vim ftpadmin
anon_upload_enale=YES
anon_mkdir_write_enable=YES
anon_other_write_enable=YES
anon_umask=022
测试启动:
[root@b ~]# ftp 172.16.0.138
Connected to 172.16.0.138 (172.16.0.138).
220 (vsFTPd 3.0.2)
Name (172.16.0.138:root): ftpadmin
331 Please specify the password.
Password:
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
结语:
B卷就此结束,如有问题可联系博主。