查看semanage fcontext 类型
semanage fcontext -l | grep httpd_
第一题:设置yum和selinux
vim /etc/selinux/config
enforcing
echo gpgcheck=0>> /etc/yum.re.d/server.repo
第二题:配置防火墙
firewall-cmd --permanent --add-service=ssh
firewall-cmd --permanent --add-rich-rule ‘rule family="ipv4" source address="172.13.8.0/24" server name="ssh" reject‘
firewall-cmd --reload
第三题:自定义用户环境
vim /etc/bashrc
alias qstat=‘/bin/ps -Ao pid,tt,user,fname,rsz‘
bash
第四题:配置端口转发
firewall-cmd --permanent --add-rich-rule ‘rule family="ipv4" source address="172.24.8.0/24" forward-port port="5423" protocol="tcp" to-port="80"‘
第五题:配置链路聚合
nmcli con add con-name team0 ifname team0 type team config ‘{"runner":{"name":"activebackup"}}‘
nmcli con add type team-slave con-name port1 ifname eth1 master team0
nmcli con add type team-slave con-name port2 ifname eth2 master team0
nmcli con modify team0 ipv4.address 172.16.3.40/24 ipv4.method manual connection.autoconnect yes
nmcli con up team0
第六题:配置ipv6
system1:
nmcli con modify ifname eth0 ipv6.address 2003:ac18::305/64 ipv6.method manual connection.autoconnect yes
system2:
nmcli con modify ifname eth0 ipv6.address 2003:ac18::30a/64 ipv6.method manual connection.autoconnect yes
第七题:配置本地邮件服务
vim /etc/postfix/main.conf
inet_interfaces=loopback-only
mydestindation=
mynetworks=127.0.0.0/8
local_transport=error:err
#测试
id dave
echo "hello" | mail -s testmail dave
第八题:配置smb服务
yum install samba samba-client -y
systemctl enable smb nmb
firewall-cmd --permanent --add-service=samba
vim /etc/samba/smb.conf
workgroup=STAFF
[common]
path=/common
hosts allow=172.24.8.
browseable=yes
mkdir /common
semanage fcontext -a -t ‘samba_share_t‘ ‘/common(/.*))?‘
restorecon -Rv /common
#创建smb用户
smbpasswd -a andy
第九题:配置多用户smb挂载
system1:
vim /etc/samba/smb.conf
[devops]
path=/devops
hosts allow=172.24.8.
browseable=yes
writable=no
write list = akira
mkdir /devops
semanage fcontext -a -t ‘samba_share_t‘ ‘/devops(/.*)?‘
restorecon -Rv /devops
setfacl -m u:akira:rwx /devops/
smbpasswd -a silene
smbpasswd -a akira
system2:
yum install cifs-utils samba-client -y
mkdir /mnt/dev
smbclient -L //172.24.8.11/ -U silene
vim /etc/fstab
//172.24.8.11/devops /mnt/dev cifs defaults,multiuser,username=silene,passwd=redhat,sec=ntlmssp
#测试
mount -a
df -h
su - sliene
cd /mnt/dev
cifscreds add 172.24.8.11
touch testfile
exit
su - akira
cd /mnt/dev
cifscreds add 172.24.8.11
touch testfile
第十题:配置NFS
system1:
yum install nfs-utils -y
mkdir -p /public /protected/project
chown andres /protected/project
semanage fcontext -a -t ‘pubic_content_t‘ ‘/protected(/.*)?‘
semanage fcontext -a -t‘pubic_content_t‘ ‘/protected/project(/.*)?‘
vim /etc/exports
vim /etc/sysconfig/nfs
RPCNFSDARGS="-V 4.2"
systemctl restart nfs-server nfs-secure-server
#验证
exportfs -ra
exportfs
system2:
mkdir /mnt/nfmount /mnt/nfssecure
vim /etc/fstab
system1:pubic /mnt/nfmount nfs defaults,sec=sys 0 0
system1:protected /mnt/nfssecure nfs defaults,sec=krb5p,v4.2 0 0
systemctl enable nfs-secure
systemctl restart nfs-secure
#测试
mount -a
df -h
su - andres
kinit
cd /mnt/nfssecure/project/
touch testfile
第十二题:实现一个web服务器
yum install httpd -y
vim /etc/httpd/conf.d/httpd-vhosts.conf
<VirtualHost *:80>
DocumentRoot "/var/www/html"
<Directory "/var/www/html">
</Directory>
</VirtualHost>
网页vhost.conf配置
查看ssl配置信息
cat /etc/httpd/conf.d/ssl.conf | grep -v "^#."
<VirtualHost *:80>
ServerName system1.group8.example.com
DocumentRoot "/var/www/html"
<Directory "/var/www/html/private">
Require all denied
require local
</directory>
</VirtualHost>
<VirtualHost *:80>
ServerName www8.group8.example.com
DocumentRoot "/var/www/virtual"
<Directory "/var/www/virtual/private">
Require all denied
require local
</directory>
</VirtualHost>
Listen 8909
<VirtualHost *:8909>
ServerName wsgi.group8.example.com
WSGIScriptAlias / /var/www/html/webinfo.wsgi
</VirtualHost>
<VirtualHost *:443>
DocumentRoot "/var/www/html"
ServerName system1.group8.example.com:443
<Directory "/var/www/html">
</Directory>
SSLEngine on
SSLProtocol all -SSLv2
SSLCertificateFile /etc/pki/tls/certs/system1.crt
SSLCertificateKeyFile /etc/pki/tls/private/system1.key
SSLCACertificateFile /etc/pki/tls/certs/ssl-ca.crt
</VirtualHost>
第十三题:配置安全web服务
yum install -y mod_ssl
第十四题:配置虚拟主机
mkdir /var/www/virtual
setfacl ‐m u:andy:rwx /var/www/virtual/
semanage fcontext ‐a ‐t "httpd_sys_content_t" ‘/var/www/virtual(/.*)?‘
restorecon ‐Rv /var/www/virtual/
vim /etc/httpd/conf.d/httpd‐vhosts.conf
第十五题:配置web内容的访问
mkdir /var/www/html/private /var/www/virtual/private
vim /etc/httpd/conf.d/httpd-vhosts.conf
第十六题:实现动态web内容
yum install -y mod_wsgi
vim /etc/httpd/conf/httpd.conf
Listen 8909
<VirtualHost *:8909>
WSGIScriptAlias / /var/www/html/webinfo.wsgi
</VirtualHost>
firewall-cmd --permanage --add-port=8909
firewall-cmd --reload
semanage port -a -t http_port_t -p tcp 8909
systemctl restart httpd
第十七题:创建一个脚本
vim /root/foo.sh
#!/bin/bash
case $1 in
redhat)
echo "fedora"
fedora)
echo "redhat"
*)
echo "/root/foo.sh redhat | fedora"
;;
esac
chmod 755 /root/foo.sh
第十八题:创建一个添加用户的脚本
vim /root/batchusers
#!/bin/bash
if [ $# -eq 1 ];then
if [ -f "$1" ];then
while read username;do
useradd -s /bin/false $username &>/dev/null
done < $1
else
echo "Input file not found"
exit1
fi
else
echo "Usage:/root/barchusers userfile"
exit 2
fi
chmod 755 /root/batchusers
/root/batchusers userlist
第十九题:配置ISCSI服务器
system1:
yum install -y targetcli
systemctl enable target
systemctl start target
firewall-cmd --permanent --add-port=3260/tcp
fdisk /dev/sda
n p +4G t 8e w
partprobe
pvcreate /dev/sda3
vgcreate iscsi_vg /dev/sda3
lvcreate -n iscsi_store -l 3G iscsi_vg
tarecli
>backstores/block create name=iscsi_store dev=/dev/iscsi_vg/iscsi_store
> cd iscsi
> luns/ create /backstores/block/iscsi_store
>portals/ create 172.24.8.11 3260
>set attribute authentication=0
>set attribute generate_node_acls=0
>saveconfig
第二十题:配置iscsi的客户端
system2:
yum install -y iscsi*
vim /etc/iscsi/initiatorname.iscsi
InitiatorName=iqn.2014-08.com.example.group8:system2
systemctl enable iscsi iscsid
systemctl restart iscsi iscsid
iscsiadm -m discovery -t st -p 172.24.8.11
iscsiamd -m node -l
lsblk
fdisk /dev/sdb
n p +2100M w
partprobe
mkfs.ext4 /dev/sdb1
mkdir /mnt/data
vim /etc/fstab
/dev/sdb1 /mnt/data _netdev 0 0
第二十一题:配置一个数据库
yum install mariadb* -y
systemctl enable mariadb
systemctl start mariadb
mysql_secure_installation
mysql -uroot -predhat
create database Contacts;
use Contacts;
source /root/users.mdb;
grant select on Contacts.* to Myary@localhost identified by ‘redhat‘;
第二十二题:数据库查询
mysql -uroot -predhat
use Contacts;
select u_name.firstname from u_name,u_passwd where u_name.userid=u_passwd.uid and u_passwd.password=‘fadora‘;
select count(*) from u_name,u_loc where u_name.userid=u_loc.uid and u_name.firstname=‘John‘ and u_loc.location=‘Santa Clara‘;
2019RHCE考试操作
原文:https://www.cnblogs.com/zerg2/p/12752262.html
