2、sshd配置
Firewall-config
3、自定义用户环镜
vim /etc/bashrc
Alias show='ls -al;pwd;echo ok'
注意:等号两边没有空格
4、防火墙端口转发
图形配置:Firewall-config
转存失败重新上传取消转存失败重新上传取消转存失败重新上传取消
命令行配置:
Firewall-cmd --permanent --add-rich-rule='rule family=ipv source address=172.25.0.0/24 forward-port port=5423 protocol=tcp to-port=80'
Firewall-cmd --reload
Firewall-cmd --permanent --list-all
5、配置链接聚合
[root@server0 ~]# lab teambridge setup
这条命令在 server 上才有
man nmcli-examples examlpe 7
man teamd.conf /"runner
"runner": {"name": "activebackup"}
"runner": {"name": "roundrobin"}
Teamdctl team1 state
6、ipv6
nmcli connection modify "System eth0" ipv6.method auto
7、postfix 邮件服务器
/etc/postfix/main.cf
myorigin = example.com 99 #发送的邮件显示为example.com
inet_interfaces = loopback-only 116 #监听本地
mydestination = 164 #不接受任何邮件
local_transport = error:local delivery disabled 193 #不会把邮件邮放MDA
relayhost = [foundationX.example.com] 317 #转发
99、116、164、193、317、
8、SMB,SMB多用户
Systemctl status samba
Selinux 设置警告模式 permissive
Tail -n 30 /var/log/message
可查看上下文配置关系
Semanage fcontext -a -t "samba_share_t" '/common(/.*)?'
Restorecon -Rv /common
Man mount.cifs
//172.25.0.11/devops /mnt/dev cifs defaults,multiuser,username=natasha,password=redhat,sec=ntlmssp 0 0
Cifscreds add 172.25.0.11
9、NFS
Wget -O /etc/krb5.keytab
Vim /etc/exports
/public 172.25.0.0/24(rw,sec=krb5p)
/et/fstab
172.25.0.11:/protected /mnt/nfssecure nfs defaults,sec=krb5p,vers=3 0 0
Systemct list-unit-files |grep nfs 可查看NFS需要启动的服务
服务端:Nfs-server.server nfs-secure-server.server 客务端: nfs.server nfs-secure.server
10、http,apache
Rpm -qd httpd
cp /usr/share/doc/httpd-2.4.6/httpd-vhosts.conf /etc/httpd/conf.d/vhosts.conf
11、配置安全WEB服务
Mod_ssl
Grep SSL /etc/httpd/conf.d/ssl.conf >> /tmp/ssl.com (注:SSL必需为大写)
22 SSLEngine on
25 SSLPortocal all -SSLv2 -SSLv3
27 SSLCihereSuite HIGH:MEDIUM:!aNULL:!MD5
33 SSLCertiricateFile /etc/pki/tls/certs/server0.crt
34 SSLCertifiateKeyFile /etc/pki/tls/private/server0.key
38 SSLCACertificateFile/et/pki/tls/certs/example-ca.crt
动态WEB内容
Mod_wsgi
Rpm -qd mod_wsgi
Cat /usr/share/doc/mod_wsgi/README
371 WSGIScriptAlias / /var/www/html/webinfo.wsgi
12、ISCSI
服务端:targetcli-server
Fdisk /dev/sdb
Targetcli > ls 善用 help
客户端:
/etc/iscsi/initiatorname.iscsi
man iscsiadm > examples
Echo "/dev/sdc1 /mnt/data xfs defaults,_netdev 0 0 " >> /etc/fstab
21、DB数据库
Create user bob@localhost identified by 'redhat';
Grant select on db.*to bob@localhost
source identified:指定 grant:允许 select
22、select where
select * from category where name="Servers";
select * from product where id_category=2;
转存失败重新上传取消转存失败重新上传取消转存失败重新上传取消