两台电脑都要进行的操作
禁止访问域
yum install iptables-services
systemctl stop firewalld
disable
mask
systemctl start iptables
enable
iptables -F
-A INPUT -s 192.168.1.0/24 -j REJECT
service iptables save
自定义命令 两台都要作
vim /etc/bashrc
alias qstat=''
即可 qstat
或者 echo "alias qstat='/bin/ps -Ao pid,tt,user,fname,rsz'" >> /etc/bashrc
source /etc/bashrc
保存
80
yum install httpd
start enbable httpd
iptables -t nat -nL查询nat表
端口转换
进来时候路由前
iptables -t nat -A PREROUTING -s 172.25.0.0/24 -p tcp --dport 5423 -j DNAT --to-dest :80
把5423转换到80端口
service iptables save
systemctl restart iptables 重启测试一下
链路剧荷
自己添加两块网卡(共计三个) 如果没有网卡的话
两台都要作
nmcli connection add con-name team0 type team config '{"runner":{"name":"activebackup"}}' ip4 172.16.0.75/24
nmcli connection add ifname eth2 con-name eth2 type team-slave master team0
更改ipv6
如果不能改 将 IPV6INIT=yes
nmcli connection modify eth0 ipv6.addresses ..../64
nmcli connection modify eth0 ipv6.method maunal
nmcli connection up 'System eth0'
两个主机都要农
配置邮件服务 默认端口25
vim /etc/postfix/main.cf
75行 myhostname = desktop1.example.com 发送者
mydomain = example.com
myorigin = $mydomain 邮件结尾 看考试要求 要域名还是主机名结尾
317 relayhost = classroom.example.com 接受者
systemctl enable restart postfix.service
测试 mail hal .结束
http://classroom.exaple.com/exam_mail/halx_html
配置samba
server
yum install samba samba-client samba-common -y
start enable smb nmb
mkdir /groupdir
semanage fcontext -a -t samba_share_t '/groupdir(/.*)?'
restorecon -RvvF /groupdir
useradd -s /sbin/nologin/ barney
smbpasswd -a barney
vim /etc/samba/smb.conf
workgroup = STAFF
[common]
path=/groupdir
browseable =yes
host allow = 172.25.1.
systemctl restart smb nmb
客户
yum install -y smb-client
smbclient -L //172.25.1.11 -U barney
smbclient //172.25.1.11/common -U barney
多用户挂载
server
mkdir /data
semanage fcontext -a -t samba_share_t '/data(/.*)?'
restorecon -RvvF /data
useradd -s /sbin/nologin manager
useradd -s /sbin/nologin wolferyne
smbpasswd -a manager
smbpasswd -a wolferyne
vim /etc/smb/smb.conf
[data]
path=/data
writeable =yes
host allow = 172.25.1.
write list = wolferyne
chmod o+w /data/
systemctl restart smb.service
测试下权限o+w
mount -o username=wolferne,password=westos //172.25.1.11/data /mnt
mkdir /mnt/1
mount -o username=manager,password=westos //172.25.1.11/data /mnt
mkdir /mnt/2 发现不幸
客户
yum install cifs-utils -y
vim /root/smbpass
vim /etc/fstab
//172.25.1.11/data /mnt/westos cifs defaults,credentials=/root/smbpass,sec=ntlmssp,multiuser 0 0
cifscreds add -u wolferyne 172.25.1.11
server
mkdir /public
mkdir -p /protected/restricted
chown ldapuser1 /protected/restricted
vim /etc/export
exportfs -rv
showmount -e 172.25.10.11
wget http://...server10.keytab -O /etc/krb5.keytab
验票
ktutil 回车 rkt/etc/krb5.keytab
systemctl start enable nfs-server.service nfs-secure-server.service 查看上面的key的服务
desktop
systemctl start enable nfs-secure 没有-server
mkdir /mnt/nfsmount
mkdir /mnt/nfssecure
wget http: -O /etc/krb5p.keytab
vim fstab
172.25.0.11:/public /mnt/nfsmount nfs defaluts 0 0
172.25.0.11:/protected /mnt/nfssecure nfs,sec=krb5p defaluts 0 0
mount -a
df -h
ssh ldapuser1@localhost
kerbers
cd /mnt/nfssecure/restricted
web服务器
server
start enable httpd
cd /var/www/html
wget .. -O /var/www/html/index.html
然后desktop 访问
vim /etc/hosts 172.25.10.11 server10.example.com www10.example.com transitive.example.com
http://server10.example.com
server继续
cd /etc/httpd/
wget http://....ctr key crt
yum install mod_ssl -y
vim conf.d/ssl.conf
100 /etc/httpd/westos.crt
107 /etc/httpd/westos.key
122 /etc/httpd/...ca.crt
mkdir /var/www/virtual -p cd
wget -O index.html
setfacl
vim conf.d/a_default.conf
<VirtualHost _default_:80>
DocumentRoot /var/www/html
</VirtualHost>
<Directory "/var/www/html">
Order Allow,Deny
Allow from All
Deny from 192.168.0.0/24
</Directory>
host -l my133t.org 假设 192.168.0.0
restart httpd
yum install mod_wsgi
wget script.wsgi /etc/
vim vhost.conf
<ViltualHost *:80>
ServerName www10.example.com
DocumentRoot /var/www/virtual
</>
<Directory "/var/www/virtual">
Require all granted
</>
<ViltualHost *:8989>
ServerName transitive.example.com
WSGIScriptAlias / /var/www/cgi-bin/script.wsgi
</ViltualHost>
Listen 8989
semanage port -a -t http_port_t -p tcp 8989
restart httpd
vim /root/scripts.sh
#!/bin/bash
case $1 in
all)
echo none 输入all时
;;
none)
echo all 输入none时
;;
*) 输入其他时
echo "..."
esac
iscsi
fdisk /dev/vdb
partprobe
pvcreate /dev/vdb1
vgcreate vg_exam /dev/vdb1
vgs 查看到767个块
lvcreate -l 767 -n iscsi_data vg_exam
/back/b craete iscsi_data /dev/vg_/iscsi
iscsi/ create iqn.2014-1.com.example:server10
iscsi/iqn.../tpg1/luns create /ba/blo/iscsi
.../acls create (直接复制desktop下的/etc/iscsi/initial的key)
is/portals create 172.25.10.11
saveconfig
exit
desktop下
iscsiadm -m discovery -t st -p 172.25.10.11
iscsiadm -m node -T iqn... -p 172.25.10.11 -l
systemctl enable iscsi iscsid
mkdir /mnt/data
fdisk -l
fdisk /dev/sda
partprobe
mkfs.xfs /dev/sda1
blkid /dev/sda1 复制uuid
vim /etc/fstab
UUID="uuid" /mnt/data xfs defaults,_netdev 0 0
第一次关机需要强行关闭
server
yum install mariadb-server -y
start enable mariadb
mysql_secure_installation
westos
mysql -uroot -pwestos
create database Contacts;
show databases;
quit
wget http:.../users.mdb
mysql -uroot -pwestos Contacts < users.mdb
mysql -uroot -pwestos
USE Contacts;
SHOW TALBES;
CREATE USER Luigi@localhost identified by 'westos';
GRANT SELECT ON Contacts.* TO Luigi@localhost;
mysql -uLuigi -pwestos
SHOW DATABASES;
USE Contacts;
SHOW TABLES;
select * from product;
mysql -uLuigi -pwestos
USE Contacts;
DESC User_logins;
select * from User_logins where User_pass='forsook';
发现id 4178
desc User_username;
select * from User_name where user_ip='4178'
名字first name 姓名 last name
考试居住时候是152
