第十一天
从服务器
在从服务器上安装bind
[root@b ~]# systemctl stop firewalld.service
[root@b ~]# setenforce 0
[root@b ~]# mount /dev/sr0 /mnt
mount: /mnt: WARNING: device write-protected, mounted read-only.
[root@b ~]# yum install bind -y
完全区域传送 ---复制整个区域文件
主服务器配置
[root@a ~]# vim /etc/named.conf
options {
listen-on port 53 { 192.168.10.129; };
directory "/var/named";
allow-query { any; };
allow-transfer { 192.168.10.132; };
};
zone "baidu.com" IN {
type master;
file "named.baidu.com";
};
zone "qq.com" IN {
type master;
file "named.baidu.com";
};
zone "10.168.192.in-addr.arpa" IN {
type master;
file "named.baidu.com";
};
从服务器配置
[root@b ~]# vim /etc/named.conf
options {
listen-on port 53 { 192.168.10.132; };
directory "/var/named/slaves";
};
zone "baidu.com" IN {
type slave;
file "named.baidu.com";
masters { 192.168.10.129; };
};
zone "qq.com" IN {
type slave;
file "named.qq.com";
masters { 192.168.10.129; };
};
zone "10.168.192.in-addr.arpa" IN {
type slave;
file "named.192";
masters { 192.168.10.129; };
};
从服务器配置好后,主服务器也要重启服务
[root@a ~]# systemctl restart named
[root@b ~]# systemctl restart named
增量区域传送 --- 仅复制区域里变化的文件
主服务器
[root@a ~]# vim /var/named/named.baidu.com
$TTL 1D
@ IN SOA @ admin.admin.com. (
2022110401 --- 版本号+1
1M
1M
3H
1D )
NS dns.baidu.com.
NS dns.qq.com.
NS slave.baidu.com. --- 添加从服务器信息
NS slave.qq.com.
dns A 192.168.10.129
www A 192.168.10.100
slave A 192.168.10.132
100 PTR www.baidu.com.
100 PTR www.qq.com.
[root@a ~]# vim /var/named/named.192
$TTL 1D
@ IN SOA @ admin (
1M
1M
1M
3M
1M )
IN NS dns.baidu.com.
IN NS dns.qq.com.
IN NS slave.qq.com.
IN NS slave.baidu.com.
132 IN PTR slave.baidu.com.
132 IN PTR slave.qq.com.
129 IN PTR dns.baidu.com.
129 IN PTR dns.qq.com.
100 IN PTR www.baidu.com.
配置好后,主从服务器重启服务
DNS的转发服务
selinux
查看文件的安全上下文:
[root@a ~]# ls -Z
system_u:object_r:admin_home_t:s0 anaconda-ks.cfg
unconfined_u:object_r:admin_home_t:s0 Desktop
unconfined_u:object_r:admin_home_t:s0 Documents
unconfined_u:object_r:admin_home_t:s0 Downloads
system_u:object_r:admin_home_t:s0 initial-setup-ks.cfg
unconfined_u:object_r:admin_home_t:s0 Music
unconfined_u:object_r:admin_home_t:s0 Pictures
unconfined_u:object_r:admin_home_t:s0 Public
unconfined_u:object_r:admin_home_t:s0 Templates
unconfined_u:object_r:admin_home_t:s0 Videos
安全上下文分为四个字段
Identify:role:type: --- 最后一个字段是和MLS和MCS相关的东西,代表灵敏度,一般用s0、s1、s2来命名,数字代表灵敏 度的分级。数值越大、灵敏度越高
更改标签 --- 临时生效
[root@b ~]# ll -Z /var/www/html/index.html
-rw-r--r--. 1 root root unconfined_u:object_r:httpd_sys_content_t:s0 7 Nov 5 23:26 /var/www/html/index.html
[root@b ~]# chcon -t httpd_sys_content_t /var/www/html/index.html
[root@b ~]# ll -Z /var/www/html/index.html
-rw-r--r--. 1 root root unconfined_u:object_r:httpd_sys_content_t:s0 7 Nov 5 23:26 /var/www/html/index.html
回滚 --- 将标签恢复到默认值
[root@b ~]# restorecon /var/www/html/index.html
[root@b ~]# ll -Z /var/www/html/index.html
-rw-r--r--. 1 root root unconfined_u:object_r:httpd_sys_content_t:s0 7 Nov 5 23:26 /var/www/html/index.html
更改标签 --- 永久生效
[root@b ~]# semanage fcontext -a -t httpd_sys_content_t /var/www/html/index.html
在linux上配置邮件客户端
[root@a ~]# yum install mailx -y
[root@a ~]# vim /etc/mail.rc --- 在末尾添加
set from= xxxxxx@xxx.com
set smtp= smtp.xxx.com
set smtp-auth-user= xxxxxx@xxx.com
set smtp-auth-password= 邮箱的授权码
set smtp-auth=login --- 默认login
获得授权码的方式(QQ邮箱)https://jingyan.baidu.com/article/7e4409532c5d3e6ec0e2efb0.html
如果空间不足就发邮件给邮箱的脚本
[root@a ~]# vim a.sh
mem=`df -h | grep -w / | tr -s " " | cut -d " " -f 4 |cut -c 1-2`
if [ $mem -lt 13 ];then
echo "空间不足" | mail -s "预警" xxxxx@xxxx.com
else
echo "$mem=空间大小"
[root@a ~]# bash a.sh
空间如果小于13则发送内容为“空间不足”,主题为“预警”的邮件给邮箱
VDO
stratis管理文件分层存储
# dnf install -y stratisd stratis-cli
# systemctl enable --now stratisd.service# stratis pool create redhat /dev/nvme0n2# 池的名字---redhat /dev/nvme0n2---池中加入的设备# stratis pool list# stratis pool add-data redhat /dev/nvme0n3 --- 池中添加另一个设备# stratis filesystem create redhat rhce --- 创建文件系统rhce# stratis filesystem list --- 查看文件系统# mkdir /mnt/stratis --- 创建挂载目录# mount /stratis/redhat/rhce /mnt/stratis# stratis filesystem create redhat rhce1 --- 一个池中可以构建多个文件系统# stratis filesystem list redhat# stratis filesystem snapshot redhat rhce snap01 --- 快照# stratis filesystem list挂载快照读取数据# mkdir /mnt/snap# mount /stratis/redhat/snap01 /mnt/snap/# stratis filesystem destroy redhat rhce1 --- 删除文件系统# stratis filesystem destroy redhat snap01注意:文件系统需要先卸载才能删除# umount /mnt/snap# stratis filesystem destroy redhat snap01删除池# umount /mnt/snap# stratis filesystem destroy redhat snap01# stratis filesystem destroy redhat rhce# stratis pool destroy redhat