1.atd和crond两个任务管理程序的区别
atd是一次性的执行的例行性认为而,crond为周期性的
2.指定在2023/04/15 09: 00将时间写入testmail.txt文件中
at: refusing to create job destined in the past
因此我们把系统日期改到4.14,后就可以使用at写入了
[root@server ~]# date -s 2023/04/15
2023年 04月 15日 星期六 00:00:00 CST
[root@server ~]# at 9:00 2023-04-15
warning: commands will be executed using /bin/sh
at> ls /root > testmail.txt
at> <EOT>
job 1 at Sat Apr 15 09:00:00 2023
[root@server ~]#
3.指定每天凌晨4: 00将该时间点之前的日志信息备份到个目录下 (/ar/lg/messages ),备份后日志文件名显示格式logfileYY-MM-DD HH-MM
编辑 /etc/crontab
1.配置ntp时间服务器,确保客户端主机能和服务主机同步时间
第一修改server端把服务器改为阿里云的然后允许node1端同步
#修改配置文件
#vim /etc/chrony.conf
server ntp.aliyun.com iburst
allow 192.168.253.130/24
第二修改node1的配置文件
server 192.168.253.129 iburst
然后重启服务和检查时间服务器是否是客户端的地址
[root@node1 ~]# chronyc sources -v
.-- Source mode '^' = server, '=' = peer, '#' = local clock.
/ .- Source state '*' = current best, '+' = combined, '-' = not combined,
| / 'x' = may be in error, '~' = too variable, '?' = unusable.
|| .- xxxx [ yyyy ] +/- zzzz
|| Reachability register (octal) -. | xxxx = adjusted offset,
|| Log2(Polling interval) --. | | yyyy = measured offset,
|| \ | | zzzz = estimated error.
|| | | \
MS Name/IP address Stratum Poll Reach LastRx Last sample
===============================================================================
^? 192.168.253.129 3 6 3 1 +654ms[ +654ms] +/- 37ms
2.配置ssh免密登陆,能够实现客户端主机通过服务器端的redhat账户进行基于公钥验证方式的远程连接
第一步定位node1制作公钥和私钥
[root@node1 ~]# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Created directory '/root/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa
Your public key has been saved in /root/.ssh/id_rsa.pub
The key fingerprint is:
SHA256:TLz00O1pdhckH4edRFIfTTnzIpmWFbf7ShSL4YNftV4 root@node1
The key's randomart image is:
+---[RSA 3072]----+
| o=%B|
| . . . B*O|
| = . o=.+*|
| + + +*+.+=|
| S o.O.=+E|
| + =..o|
| . ...|
| . . |
| . |
+----[SHA256]-----+
第二步定位node1,上传公钥
[root@node1 ~]# ssh-copy-id root@192.168.48.129
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id:行183: /root/.ssh/ssh-copy-id.tsd8BK9bIw/popids_tmp_id: 没有那个文件或目录
/usr/bin/ssh-copy-id:行189: /root/.ssh/ssh-copy-id.tsd8BK9bIw/popids_output: 没有那个文件或目录
grep: /root/.ssh/ssh-copy-id.tsd8BK9bIw/popids_output: 没有那个文件或目录
/usr/bin/ssh-copy-id:行202: /root/.ssh/ssh-copy-id.tsd8BK9bIw/popids_output: 没有那个文件或目录
cat: /root/.ssh/ssh-copy-id.tsd8BK9bIw/popids_tmp_id: 没有那个文件或目录
/usr/bin/ssh-copy-id: WARNING: All keys were skipped because they already exist on the remote system.
(if you think this is a mistake, you may want to use -f option)
第三步定位node1
网站需求: 1.基于域名www.openlab.com可以访问网站内容为 welcome to openlab!!! 2.给该公司创建三个子界面分别显示学生信息,教学资料和缴费网站,基于,www.openlab.com/data网站访问教学资料 www.openlab.com/money网站访问缴费网站。 3.要求 (1)学生信息网站只有song和tian两人可以访问,其他用户不能访问。 (2)访问缴费网站实现数据加密基于https访问。
第一步hosts映射
[root@server ~]# vim /etc/hosts
192.168.253.129 www.openlab.com
第二步创建www.openlab.com网站
创建网页目录及网页
[root@server ~]# mkdir -p /www/openlab
[root@server ~]# echo 'welcom to openlab' > /www/openlab/index.html
[root@server ~]# vim /etc/httpd/conf/httpd.conf # 定位第一行
<VirtualHost 192.168.253.129>
DocumentRoot /www/openlab
ServerName "www.openlab.com"
<Directory /www/openlab>
AllowOverride None
require all granted
</Directory>
</VirtualHost>
linux端打开浏览器输入www.openlab.com测试
[root@server ~]# systemctl restart httpd
第三步:创建教学资料子网站www.openlab.com/data
[root@server ~]# mkdir /www/openlab/data
[root@server ~]# echo 'data' > /www/openlab/data/index.html
[root@server ~]# vim /etc/httpd/conf/httpd.conf
<VirtualHost 192.168.253.129>
DocumentRoot /www/openlab/data
alias /data /www/openlab/data
ServerName "www.openlab.com"
<Directory /www/openlab/data>
AllowOverride none
require all granted
</Directory>
</VirtualHost>
linux端打开浏览器输入www.openlab.com/data测试
[root@server ~]# systemctl restart httpd
第五步:创建缴费子网站www.openlab.com/money
[root@server ~]# mkdir /www/openlab/money
[root@server ~]# echo 'money' > /www/openlab/money/index.html
[root@server ~]# openssl genrsa -aes128 2048 > /etc/pki/tls/private/money.key
Enter PEM pass phrase:
Verifying - Enter PEM pass phrase:
[root@server ~]# openssl req -utf8 -new -key /etc/pki/tls/private/money.key -x509 -days 365 -out /etc/pki/tls/certs/money.crt
Enter pass phrase for /etc/pki/tls/private/money.key:
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
----- # 以下是证书信息
Country Name (2 letter code) [XX]:86
State or Province Name (full name) []:shanxi
Locality Name (eg, city) [Default City]:xi'an
Organization Name (eg, company) [Default Company Ltd]:openlab
Organizational Unit Name (eg, section) []:RHCE
Common Name (eg, your name or your server's hostname) []:www.openlab.com
Email Address []:andy@openlab.com
[root@server ~]# vim /etc/httpd/conf/httpd.conf
<VirtualHost 192.168.253.129:443>
SSLEngine on
SSLCertificateFile /etc/pki/tls/certs/money.crt
SSLCertificatekeyFile /etc/pki/tls/private/money.key
ServerName www.openlab.com
DocumentRoot /www/openlab
alias /money /www/openlab/money
<Directory /www/openlab/money>
AllowOverride none
require all granted
</Directory>
</VirtualHost>
[root@server ~]# systemctl restart httpd
🔐 Enter TLS private key passphrase for www.openlab.com:443 (RSA) : ******