swap
raid
select only needed rpm package NOT include the chroot-named
useradd username
passwd username
for user in karl joe mary jen; do useradd -G legal -s /sbin/nologin $user; done
# chmod u+s filename
# chmod g+s directoryname
# chmod o+t filename
# groupadd grpaa
# usermod -G grpaa aa
# chmod g+s aa
# uname -r
2.6.18-8.el5
sysctl -e "net.ipv4.ip_forward=1" It seems to be expired where reboot.
net.ipv4.ip_forward = 1
cat /proc/sys/net/ipv4/ip_foward
echo "0" > /proc/sys/net/ipv4/ip_forward
cat /proc/sys/net/ipv4/ip_forward
# vi /etc/syscon
[root@station245 yum.repos.d]# echo "1" > /proc/sys/net/ipv4/ip_forward
the command e2label can change the filesystem's label
mkfs.ext2 can format the filesystem
#du -sh /home can statistic the size of home directory.
the command 'hwclock' can achieve the synchronize the time in software and hareware.
------------------------------quota:
# vi /etc/fstab
LABEL=/home /home ext3 defaults,usrquota,grpquota 1 2
# mount -o remount /home
# quotacheck -c /home
# quotacheck -cugfv /home
# repquota /home
# edquota aa
# quotaon /home
# quotaoff /home
---------------raid
# fdisk /dev/sda
Hex code (type L to list codes): fd
Command (m for help): w
# partprobe
# mknod /dev/md1 b 9 1
# mknod /dev/md2 b 9 2
# mdadm -C /dev/md1 -l 1 -n 2 /dev/sda10 /dev/sda11
# mdadm -C /dev/md2 -l 1 -n 2 /dev/sda12 /dev/sda13
# mdadm --detail /dev/md0
# mkfs.ext3 /dev/md1
# mount /dev/md1 /opt
# cp -a /lib /opt
# cat /proc/mdstat
# mdadm --fail /dev/md1 /dev/sda10
# mdadm --remove /dev/md1 /dev/sda10
# mdadm -a /dev/md1 /dev/sda10
# tail -f /var/log/messages
----------------lvm
# umount /dev/md1
# pvcreate /dev/md1
# vgcreate vga /dev/md1
# vgdisplay vga
# lvcreate -n lva -l 25 vga --25 is on the command "vgdisplay"
# mkfs.ext3 /dev/vga/lva
# vi /etc/fstab
/dev/vga/lva /opt ext3 defaults 1 3
# pvcreate /dev/md2
# vgextend vga /dev/md2
# lvextend -L +40M /dev/vga/lva
# resize2fs /dev/vga/lva
# df -h
--------pam
# less /etc/pam.d/vsftpd
sense=deny ftpusers
help document in
# /usr/share/doc/pam-0.99
# man 5 pam.conf
# vi /etc/pam.d/sshd
account required pam_access.so accessfile=/etc/sshaccess
---add before
# /usr/share/doc/pam-0.99.6.2/txts/README.pam_nologin
# /usr/share/doc/pam-0.99.6.2/txts/README.pam_limits
# /etc/security/limits.conf
---limits is not valid to root
# vi /etc/sshaccess
+:tom:192.168.0.254
-:ALL:ALL
--- or
-:ALL EXCEPT tom : ALL EXCEPT 192.168.0.254
# ssh localhost -l tom
----autofs:
# service nfs start
# vi /etc/exports
/home/guests 192.168.0.0/255.255.255.0(rw,sync)
if there is 255.255.255.255 whill only specifi to one ip address
# vi auto.master
/root /auto.aa
# cat /auto.aa
aa -rw,soft,intr localhost:/aa
smb -fstype=cifs,username=tom%tom ://192.168.0.254/tom
tmp -ftype=nfs,ro,soft,into localhost:/tmp
* -rw 192.168.0.254:/home/&
# service autofs restart
----------------printer:
# service cups status
# system-config-printer
# lpq
-------------tcpwrapper
vsftpd: 182.119.106.0/255.255.255.0
"hosts.deny" 10L, 404C written
sshd: 182.119.106.203
vsftpd: 182.119.106.203
"/etc/hosts.allow" 7L, 240C written
---------------ssh:
# ldd `which sshd`|grep wra
libwrap.so.0 => /usr/lib/libwrap.so.0 (0x0044a000)
以下是利用密钥建立信任关系:
#ssh-keygen -t rsa --生成rsa的类型的对称密钥
#scp .ssh/id_rsa.pub root@192.168.0.23 ----将公钥拷贝到客户机
#ssh 192.168.0.23
#cat id_rsa.pub ~/.ssh/authrized_Keys ------在客户机上把公钥加入到可信任的机器清单上
#ssh 192.168.0.23 -----不有密码即可登录到客户机
#ssh 192.168.0.23 ps -efc -----不有密码即可执行在客户机上的命令
#rsync ..... ----不用密码可以进行远程
#ssh 192.168.0.23 tar cvz /home /var > /mnt/23.tar.gz ---远程文件备份到本地
---------------ftp
# service vsftpd start
# ldd `which vsftpd` |grep wra
libwrap.so.0 => /usr/lib/libwrap.so.0 (0x00e4f000)
# vi /etc/vsftpd/vsftpd.conf
#anon_upload_enable=YES
#ascii_upload_enable=YES
#ascii_download_enable=YES
21传FTP的命令 20传FTP的数据
---------------dovecot:
# find /etc/ -name dovecot.pem
/etc/pki/dovecot/certs/dovecot.pem
/etc/pki/dovecot/private/dovecot.pem
# find /etc -name dovecot.pem -exec rm {} /;
# make -C /etc/pki/tls/certs dovecot.pem
Common Name (eg, your name or your server's hostname) []:station9.example.com
# find /etc/pki -name dovecot.pem -exec ls -l {} /;
# grep -e ssl_cert -e ssl_key /etc/dovecot.conf
#ssl_cert_file = /etc/pki/dovecot/certs/dovecot.pem
#ssl_key_file = /etc/pki/dovecot/private/dovecot.pem
#ssl_key_password =
# vi /etc/dovecot.conf
# grep -e ssl_cert -e ssl_key /etc/dovecot.conf
#ssl_disable=no ----去掉ssl加密,如果要进行对称加密时打开
ssl_cert_file = /etc/pki/dovecot/certs/dovecot.pem
ssl_key_file = /etc/pki/dovecot/private/dovecot.pem
--pem是公钥和私钥在一起,如果分开分别是key crt,先用make生成key,再生成crt
# cp /etc/pki/tls/certs/dovecot.pem /etc/pki/dovecot/certs/dovecot.pem
# cp /etc/pki/tls/certs/dovecot.pem /etc/pki/dovecot/private/dovecot.pem
# service dovecot start
# mutt -f imaps://localhost
# cat /etc/passwd | mail -s toaa -v aa
# mutt -f imaps://localhost
# mutt -f imaps://aa@localhost
access control not test ????????
-----iptables:
# iptables -A INPUT -p tcp --dport 80 -s 182.119.106.0/24 -j REJECT
# iptables -A INPUT -s ! 182.119.106.0/24 -p tcp --dport 21 -j REJECT
#iptables -nL ----n表示数字,可以减去域名解析的埋单
-A 追加一个规则 -I 在前面插入一个规则 ^] TELNET中的退出
#iptables -F input ---去掉INPUT规则
#iptables -A INPUT -p icmp -j DROP -----去掉ping包,IP层到TCP层有三种包:UDP TCP ICMP
#iptables -A INPUT -s 192.168.0.0./24 -d 192.168.0.25 -p tcp --dport 22 -j DROP
--封锁本网内的ssh访问
# service iptables save
----------squid:
# vi /etc/squid/squid.conf
acl mylocal src 182.119.106.0/24
http_access allow mylocal
http_access deny all
-----------smb:
smb and system can share user but NOT share passwd.
# service smb start
# smbclient -L localhost -N
# groupadd -g 30000 legal
# for user in karl joe mary jen; do useradd -G legal -s /sbin/onlogin $user; done
# for user in karl joe mary jen aa root; do echo Adding $user to the smbpasswd file....; smbpasswd -a $user; done
# smbclient -L localhost -U karl%karl
# smbclient //localhost/karl -U karl%karl
smb: /> put /etc/hosts hosts
# mkdir -p /home/depts/legal
# chgrp legal /home/depts/legal
# chmod 3770 /home/depts/legal
# vi /etc/samba/smb.conf
public = yes -----every can visit the directory
valid users = tom ------the specifed user can visit smb can add group after @
host deny = 192.168.1.
host allow =
#smbpasswd -a jackie
# smbclient //localhost/legal -U karl%karl
# mount //192.168.0.254/share /mnt -o username tom
access control not test ????????
------------nis:
package include: ypserv,ypbind,yp-tools
#system-config-authconfig
# vi /etc/nsswitch.conf
# vi /var/yp/Makefile
all: passwd group ---change this line.
# service portmap status
portmap (pid 1850) is running...
# vi /etc/sysconfig/network
NISDOMAIN=gbicc
# domainname gbicc
# cd /usr/lib/yp
# service ypserv restart
# service yppasswdd start
# service ypserv restart
# ./ypinit -m
on the client port
# rpcinfo -p localhost
# domainname
# authconfig-tui
# setup
Stopping portmap: [ OK ]
Starting portmap: [ OK ]
Binding to the NIS domain: [ OK ]
Listening for an NIS domain server.
# ypcat passwd
bb
1$NYjT6dQd$KBWtVxzo1Q/IDDMTLcBYQ1:501:501::/home/bb:/bin/bash
cc
1$i2R2AJu6$SxWEKCRUtEK1VoA9AVnlm1:502:502::/home/cc:/sbin/nologin
aa
1$ytT.5NLv$1ZjlBxbo1oKzx3I5JjMUH0:500:500::/home/aa:/bin/bash
# more /etc/sysconfig/network
NISDOMIN=notexample
on the server port
# useradd nisuser
# passwd nisuser
# cd /var/yp
# make
gmake[1]: Entering directory `/var/yp/gbicc'
Updating passwd.byname...
Updating passwd.byuid...
Updating group.byname...
Updating group.bygid...
gmake[1]: Leaving directory `/var/yp/gbicc'
# ypcat passwd
bb
1$NYjT6dQd$KBWtVxzo1Q/IDDMTLcBYQ1:501:501::/home/bb:/bin/bash
cc
1$i2R2AJu6$SxWEKCRUtEK1VoA9AVnlm1:502:502::/home/cc:/sbin/nologin
nisuser
1$sZb4HCG8$0/6FJ4Cgp12A12DBlLfMV/:503:504::/home/nisuser:/bin/bash
aa
1$ytT.5NLv$1ZjlBxbo1oKzx3I5JjMUH0:500:500::/home/aa:/bin/bash
----------------sendmail:
sendmail-cf
# alternatives --config mta
# vi /etc/mail/sendmail.mc
dnl #DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA')dnl
# vi /etc/aliases
# newalias
# m4 sendmail.mc > sendmail.cf
# vi /etc/mail/local-host-names
station5.example.com
# service sendmail restart
----------------http:
# vi /etc/httpd/conf/httpd.conf
NameVirtualHost 182.119.106.245:80
<VirtualHost 182.119.106.245:80>
DocumentRoot /data
ServerName bb.tt.ca
</VirtualHost>
<VirtualHost 182.119.106.245:80>
DocumentRoot /aa
ServerName aa.tt.ca
</VirtualHost>
# service httpd restart
# cat /data/index.html
llllllll
# cat index.html
cwddkk[C[Cllllllll
# ping -c1 server1.example.com
# elinks -dump http://aa.tt.ca
htpasswd -c /usr/local
config authrize refer to the file:
/var/www/manual/howto/auth.html
allowoverrid authconfig
note:
because of the line "NameVirtualHost 182.119.106.245:80", all hostname which not in virtualhost
but convert by DNS or /etc/hosts to the same ip will access to the first virtual hosts ??????
the function to contral the specified user is not understand.?????
----------------dns:
# vi /etc/resolv.conf
# cat resolv.conf
search example.com
nameserver 182.119.106.245
# vi named.caching-nameserver.conf
options {
// listen-on port 53 { 192.168.0.47; };
// listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
query-source port 53;
query-source-v6 port 53;
// allow-query { localhost; };
};
zone "tt.ca" IN {
type master;
file "tt.ca.zone";
};
/*
view localhost_resolver {
match-clients { 192.168.0.0/24; };
match-destinations { localhost; };
recursion yes;
include "/etc/named.rfc1912.zones";
};
*/
# pwd
/var/named
# vi tt.ca.zone
$TTL 86400
@ IN SOA localhost. root.localhost. (
1997022700 ; Serial
28800 ; Refresh
14400 ; Retry
3600000 ; Expire
86400 ) ; Minimum
IN NS localhost.
;1 IN PTR localhost.
aa IN A 182.119.106.245
bb.tt.ca. IN A 182.119.106.245
cc.tt.ca. IN A 182.119.106.99
#chown named tt.ca.zone
#service named start
#dig aa.tt.ca
#dig bb.tt.ca
#dig cc.
config slave:
zone "example.com" IN {
type slave;
file "slaves/example.zone";
master { 192.168.0.254; };
};
--config forworders
forwarders { 192.168.0.254; };
forward only;
????? have not test dns for slave and forward?????
-----dhcp
/usr/share/doc/dhcp*/dhcpd.conf.sample
/etc/dhcpd.conf
/var/lib/dhcpd
#dhclient eth0 ---acquire address need't reboot
configure SMTP
how to confine the dovecot imaps to access from who an where?
user daniel must be able to receive mail from remote hosts ??? receive? SMTP
add following line in the file /etc/squid/squid.conf:
acl example.com src 192.168.0.0/255.255.255.0
http_access allow example.com
before http_access deny all
VirtualHostx ????
fdisk /dev/sda
partprobe
cat /proc/partitions
pvcreate /dev/sda10
pvcreate /dev/sda11
vgcreate vg01 /dev/sda1[01]
vgcreate vg01 /dev/sda1[01]
mkfs.ext3 /dev/vg01/date
mount /dev/vg01/date /aa
lvextend -L+7M /dev/vg01/date
umount /aa
resize2fs /dev/vg01/date
e2fsck -f /dev/vg01/date
resize2fs /dev/vg01/date
mke2fs -j = mkfs.ext3
# e2label /dev/sda1 /boot
# vi resolv.conf
nameserver 192.168.0.254
add dns server
search .expample.com ??????
sendmail :pw
# sendmail -d0 </dev/null
# echo "ooo" | mail -v -s kkkk root
# vi /etc/aliases
# echo "to the sysadm from daniel" |mail -v -s "hh" system
# cd /etc/mail
# vi sendmail.mc
dnl # DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA')dnl
# m4 sendmail.mc > sendmail.cf
# service sendmail restart
# alternatives --config mta
There are 2 programs which provide 'mta'.
Selection Command
-----------------------------------------------
*+ 1 /usr/sbin/sendmail.sendmail
2 /usr/sbin/sendmail.postfix
tsservices 1 seems wrong, even delete the vitual hosts line in /etc/httpd/conf/httpd.conf
, the service httpd still can't run.
auto mount can't designate to a specified user. ???
# service squid start
init_cache_dir /var/spool/squid... /etc/init.d/squid: line 54: 3226 Aborted $SQUID -z -F -D >>/var/log/squid/squid.out 2>&1
Starting squid: /etc/init.d/squid: line 53: 3228 Aborted $SQUID $SQUID_OPTS >>/var/log/squid/squid.out 2>&1
[FAILED]
[root@station245 ~]# squid
FATAL: Could not determine fully qualified hostname. Please set 'visible_hostname'
Squid Cache (Version 2.6.STABLE6): Terminated abnormally.
CPU Usage: 0.040 seconds = 0.000 user + 0.040 sys
Maximum Resident Size: 0 KB
Page faults with physical i/o: 0
Aborted
the documentroot in the next config file is ineffect.
<VirtualHost 182.119.106.144>
DocumentRoot /home/html
ServerName aa
</VirtualHost>
the book rh253 page 211 :Raw pint queue ??? and no command print can't effect neither the lp
set up the default local print queue to forward job to the IPP(CUPS) print queue stationX
on server1.example.com ,configure this print as a raw print queue
the queue stationX on server1 dumps print jobs into the file
http://server1/printers/stationx,this file can be examined to confirm that you have
configured the print queue correctly.
# smbclient //127.0.0.1/legal -U joe
Password:
Domain=[ZZ] OS=[Unix] Server=[Samba 3.0.23c-2]
tree connect failed: NT_STATUS_BAD_NETWORK_NAME
-----其它
#rpm -ql telnet_server
#wireshark 抓局域网内的TCP包(第三方软件)可查看密码
#tcpdump -i eth0 -v -X port 23 -----可以查看密码
#while true; do ping 192.168.0.254&; done ----对一个机器大量发PING的包,可以导致对方死机
#ifconfig eth0:192.168.0.23 ---加一个地址
find start-dir -cmin -60 list all files which have been modified within one hour
扫一扫
2653
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
