1.

fdisk /dev/vdc  #对推入的第三块硬盘分区

n-->p-->..-->1-->..-->+512M(大小)-->w

mkfs.xfs  /dev/vdc1 #格式化第一个分区

mkdir /data

echo "/dev/vdc1  /data  xfs  defaults  0  0" >> /etc/fstab

mount  -a


2.

fdisk /dev/vdc #对推入的第三块硬盘分区

n-->p-->...-->2-->+1G(容量大小)-->t-->8e(类型为lvm)-->w(保存)  #创建第二个主分区大小为1G,类型为LVM

lsblk #查看块情况

partprobe #将新建分区信息同步到内核,这样不用重启系统

lsblk #再次查看块情况

pvcreate /dev/vdc2 #创建物理卷

vgcreate -s 8M vg_1 /dev/vdc2 #创建卷组vg_1,PE大小为8M,添加/dev/vdc2到卷组vg_1

lvcreate -n lv_1 -l 50 vg_1 #在卷组vg_1中创建逻辑卷lv_1,PE数量为50,即lv_1的大小为400M(50*8M)

lvs #查看lv情况

mkfs.ext4 /dev/mapper/vg_1-lv_1 #将lv_1格式化为ext4

mkdir -p /mnt/data #创建data目录

echo "/dev/mapper/vg_1-lv_1  /mnt/data  ext4  defaults  0  0" >> /etc/fstab  #将lv_1挂载信息写入到fstab配置文件

mount -a  #对fstab全部挂载

df -hT  #查看分区挂载情况

touch /mnt/data/test.txt  #新建一个测试文件


3.

lvextend -L 800M /dev/vg_1/lv_1  #将lv_1扩容为800M

resize2fs /dev/vg_1/lv_1  #在线加载lv_1大小为800M

df -hT  #查看分区情况


4.

fdisk /dev/vdc

n-->p-->..-->3-->+256M-->t-->82-->w

lsblk

partprobe

mkswap -L swap1 /dev/vdc3

swapon -L swap1

swapon -s

free -h

echo  "/dev/vdc3 swap swap defaults 0 0 " >> /etc/fstab


5.

crontab -u root -e

    */10  9-17  10-15 *  *  /bin/echo  hello

echo "student" > /etc/cron.allow


6.

getenforce  #是否为enforcing

cat /etc/selinux/config  |grep ^SELINUX  #查看SELINUX是否为enforcing


7.

cd  /data

tar  zcvf  etc.tar.gz  /etc

ls


8.

yum install chrony

vi /etc/chrony.conf

  加入server  cla***oom.example.com  iburst

systemctl restart chronyd

systemctl enable chronyd

chronyc sources -v  #查看时间同步源


9.

cd  /etc/yum.repos.d

vi rhel_dvd.repo

   [rhel_dvd]

   name=rhel_dvd

   enabled=1

   gpgcheck=0

   baseurl=http://content.example.com/rhel7.0/x86_64/dvd


10.

groupadd -g 1200 it    #新建it组,gid为1200


11.(124 U.5 )

useradd  -u 1200 -g 1200 user1 #新建用户user1,指定uid为1200,并加入it组

useradd   -g 1200 -s /sbin/nologin user2  #新建用户user2,加入it组,不允许交互登录shell

useradd   -g 1200 user3 #新建用户user3,加入it组

chage -M 30 user3 #用户user3 30天后密码过期

chage  -l  user3 #查看user3账户密码情况


echo "redhat" |passwd --stdin user1 #设置user1密码为redhat

echo "redhat" |passwd --stdin user2

echo "redhat" |passwd --stdin user3


12.

chown :it  /data
chmod  2777  /data/


13.

setfacl -m u:user1:rwx  /mnt/data/

setfacl -m u:user3:-  /mnt/data/


14.破解root密码

系统启动经过grub引导菜单时,按e键。找到linux16这一行,如果有console=ttyS0,115200 立即删除它,并加入rd.break 按ctrl+x

mount -o remount,rw  /sysroot

chroot  /sysroot

echo "redhat2015" |passwd  --stdin  root

touch  /.autorelabel  #重新打selinux标签

exit

exit


15.升级内核

wget http://content.example.com/rhel7.0/x86_64/errata/Packages/kernel-3.10.0-123.1.2.el7.x86_64.rpm #打开浏览器定位拷贝rpm包的绝对路径

rpm -ivh  kernel-3.10.0-123.1.2.el7.x86_64.rpm


16.

cd /root

wget  http://cla***oom.example.com/pub/vsftpd.conf

grep  -v  "^$|^[#;]"  vsftpd.conf |grep  YES$ > /root/vsftpd.bak


17.

find /home/ -user user1   -exec cp -rpf {}  /root/backups/ \;


18.

yum install  authconfig-gtk  sssd    #authconfig-gtk为图形配置客户端工具;sssd为代理(中间)组件,客户只需将账户认证信息交给它,由它与认证服务器对接处理。

systemctl  status  sssd  #查看sssd服务情况

authconfig-gtk &   #打开图形认证配置会话

          User Account Database: LDAP

          LDAP Search Base DN: dc=example,dc=com

          LDAP Server: ldap://cla***oom.example.com

          勾上“Use TLS to encrypt connections”--"Download CA Certificate..."--"cla***oom.example.com/pub/EXAMPLE-CA-CERT"

          Authentication Method: Kerberos password

          Realm: EXAMPLE.COM

          KDCs: cla***oom.example.com

          Admin Servers: cla***oom.example.com


getent passwd ldapuser0  #查看ldapuser0相关属性

su  -  ldapuser0


19.

showmount -e cla***oom.example.com  #查看NFS服务器(cla***oom.example.com)共享出来的目录

yum install autofs -y  #安装autofs功能包

vim  /etc/auto.master.d/test.autofs   #格式:  **.autofs

      输入  /home/guests  /etc/test   #格式:  挂载到本地根目录  配置文件

vim /etc/test

      输入 *  -fstype=nfs,rw  172.25.254.254:/home/guests/&   #格式: 挂载点   选项  共享源

systemctl  restart  autofs

systemctl  enable  autofs

su - ldapuser0

touch ldapuser0file


RHCE

1.

desktop0:

nmcli conn modify System\ eth0 connection.autoconnect yes ipv4.method manual ipv4.addresses "172.25.0.10/24 172.25.0.254" ipv4.dns "172.25.254.254"

systemctl restart NetworkManager


server0:

nmcli conn modify System\ eth0 connection.autoconnect yes ipv4.method manual ipv4.addresses "172.25.0.11/24 172.25.0.254" ipv4.dns "172.25.254.254"

systemctl restart NetworkManager


2.

desktopX:

nmcli conn modify System\ eth0 ipv6.addresses 2003:ac18::Xa/64 ipv6.method manual

systemctl restart network

ping6 2003:ac18::a


serverX:

nmcli conn modify System\ eth0 ipv6.addresses 2003:ac18::X5/64 ipv6.method manual

systemctl restart network

ping6 2003:ac18::a


3.

desktopX:

增加2块网卡,eth1和eth2

nmcli conn add type team con-name team0 ifname team0 autoconnect yes config '{"runner":{"name":"loadbalance"}}'

nmcli conn modify team0 ipv4.addresses "192.168.X.10/24"

nmcli conn modify team0 ipv4.method manual

nmcli conn add type team-slave con-name eth1 ifname eth1 autoconnect yes master team0

nmcli conn add type team-slave con-name eth2 ifname eth2 autoconnect yes master team0

teamdctl team0 state  #查看team0状态


serverX:

增加2块网卡,eth1和eth2

nmcli conn add type team con-name team0 ifname team0 autoconnect yes config '{"runner":{"name":"loadbalance"}}'

nmcli conn modify team0 ipv4.addresses "192.168.X.11/24"

nmcli conn modify team0 ipv4.method manual

nmcli conn add type team-slave con-name eth1 ifname eth1 autoconnect yes master team0

nmcli conn add type team-slave con-name eth2 ifname eth2 autoconnect yes master team0

teamdctl team0 state  #查看team0状态

ping 192.168.X.10

ifdown eth1

ping 192.168.X.10

ifup eth1


4.

serverX:

systemctl stop iptables

systemctl disable  iptables

systemctl mask  iptables


systemctl restart firewalld

systemctl enable firewalld


yum install httpd -y

firewall-cmd --add-rich-rule "rule family=ipv4 source address=172.25.0.0/24  service name=http accept"

systemctl start httpd

systemctl  enable  httpd

curl localhost


firewall-cmd --permanent --add-rich-rule="rule family=ipv4 source address=172.25.0.0/24 forward-port port=5423 protocol=tcp to-port=80 accept"

firewall-cmd --permanent --add-rich-rule "rule family=ipv4 source address="172.25.0.0/24" service name=ssh accept"

firewall-cmd --permanent --remove-service=ssh

firewall-cmd --reload

firewall-cmd --list-all


desktopX:

curl http://serverX:5423   #验证是否可访问


5.

serverX:

fdisk /dev/vdb

yum install targetcli

systemctl start target

systemctl enable target

firewall-cmd --permanent --add-port=3260/tcp

firewall-cmd  --add-port=3260/tcp


targetcli

backstores/block create disk1 /dev/vdb1

iscsi/ create iqn.2016-03.com.example.server0

iscsi/iqn.2016-03.com.example.server0/tpg1/luns create /backstores/block/disk1

iscsi/iqn.2016-03.com.example.server0/tpg1/acls create iqn.2016-03.com.example.server0:desktop0

iscsi/iqn.2016-03.com.example.server0/tpg1/portals create 172.25.0.11

saveconfig

exit


desktopX:

yum install iscsi-initiator-utils

vi /etc/iscsi/initiatorname.iscsi

     iqn.2016-03.com.example.server0:desktop0  #server0的acl

systemctl start iscsi

systemctl enable iscsi

iscsiadm -m discovery -t st -p server0   #发现共享块设备

iscsiadm -m node -T iqn.2016-03.com.example.server0 -l  #登陆

lsblk #发现sda

iscsiadm -m session -P 3  #查看sda状态


6.desktopX:

fdisk /dev/sda ...+3584M..w

mkfs.ext4 /dev/sda1

echo "/dev/sda1 /mnt/storage ext4 _netdev 0 0" >> /etc/fstab

mkdir  /mnt/storage

mount -a

df -hT


7-8.

server0:
#安装包
yum install nfs-utils rpcbind sssd authconfig-gtk  -y


#配置文件

authconfig-gtk &     图形会话加入域,依题目输入相关参数

getent passwd ldapuser0  若显示ldapuser0属性,加入成功!


wget -O /etc/krb5.keytab http://cla***oom.example.com/pub/keytabs/server0.keytab
vi /etc/exports.d/test.exports
  /public 172.25.0.0/24(ro)
  /protected 172.25.0.0/24(rw,sec=krb5p)

mkdir /public
mkdir /protected
mkdir /protected/project
chown  ldapuser0 /protected/project
setfacl -m u:ldapuser0:rwx /protected


#开启相关服务
systemctl start nfs-server nfs-secure-server
systemctl enable  nfs-server nfs-secure-server

#放行相关服务
firewall-cmd --permanent --add-service=nfs
firewall-cmd --permanent --add-service=rpc-bind
firewall-cmd --permanent --add-service=mountd
firewall-cmd --reload

desktop0:
#安装包
yum install nfs-utils rpcbind sssd authconfig-gtk -y

#配置文件

authconfig-gtk &   图形界面配置
依题目输入相关参数加入域

getent passwd ldapuser0  若显示ldapuser0属性,加入成功!

wget -O /etc/krb5.keytab http://cla***oom.example.com/pub/keytabs/desktop0.keytab
vi /etc/fstab
  server0:/public    /mnt/nfsmount    nfs    defaults 0 0
  server0:/protected /mnt/nfssecure nfs sec=krb5p 0 0
mkdir /mnt/nfsmount
mkdir /mnt/nfssecure


#开启服务
systemctl start nfs-secure 
systemctl enable nfs-secure 

测试:

desktop0:

df

mount -a

df

ssh ldapuser0@localhost

touch /mnt/nfssecure/project/kksk.txt


9.

vim  /root/myscripts.sh

#!/bin/bash
case $1 in
redhat)
  echo "fedora";
  ;;
fedora)
  echo "redhat";
  ;;
*)
  echo 'Error: Please Input  redhat|fedora'
  ;;
esac


chmod +x /root/myscripts


10.batchusers 批建用户

vi /root/batchusers.sh


 #!/bin/bash

 if [ $# -eq 0 ] ; then
    echo "Usage:/root/batchusers.sh";
    exit 1;
 fi

 if [ ! -f $1 ] ; then
    echo "Input file not found";
    exit 2;
 fi

for USERNAME in $(cat $1) ;
do
  useradd -s /bin/false $USERNAME
  id $USERNAME
done


chmod +x /root/batchusers.sh

/root/batchusers.sh  userlist


11.多用户samba挂载

server0:

#安装包

yum install samba samba-client samba-common -y


#配置文件

vi /etc/samba/smb.conf

   [rhce]

            browseable = yes

            path = /common

            write list = user3

mkdir /common

useradd user1

useradd user3

smbpasswd -a user1  录入密码redhat

smbpasswd -a user3  录入密码redhat

semanage fcontext  -a  -t  samba_share_t  "/common(/.*)?"

restorecon  -Rv  /common/

ll  -dZ  /common

setfacl  -R  -m  u:user3:rwx  /common


#开启服务

systemctl start smb nmb

systemctl enable smb nmb


#放行服务

firewall-cmd --permanent --add-rich-rule "rule family=ipv4 source address=172.25.0.0/24 service name=samba accept"

firewall-cmd  --reload


desktop0:

#安装包

yum install samba-client  cifs-utils -y



#配置文件

echo "//172.25.0.11/rhce /mnt/dev cifs username=user1,password=redhat,multiuser,sec=ntlmssp 0 0 " >> /etc/fstab

mkdir  /mnt/dev


mount -a

su - student

cifscreds add 172.25.0.11 -u user3 

touch /mnt/dev/test.txt


12.

server0:

vi /etc/bashrc

    alias qstat='/bin/ps -Ao pid,user,%cpu,%mem,comm,'

alias

退出server0再登陆,执行qstat看效果。


13.配置web

server0:

#安装包

yum install httpd -y


#配置文件

将模板文件/usr/share/doc/httpd-2.4.6/httpd-vhosts.conf中的8行拷贝

vi /etc/httpd/conf.d/server0.conf  #内容来源为模板文件的8行拷贝


 <VirtualHost *:80>
    ServerAdmin root@server0.example.com
    DocumentRoot "/var/www/html"
    ServerName server0.example.com
    #ServerAlias www.dummy-host.example.com
    ErrorLog "/var/log/httpd/server0.example.com-error_log"
    CustomLog "/var/log/httpd/server0.example.com-access_log" common
 </VirtualHost>


#开启服务

systemctl start httpd

systemctl enable  httpd


#放行服务

firewall-cmd   --permanent --add-rich-rule "rule family=ipv4 source address=172.25.0.0/24 service name=http accept"

firewall-cmd  --reload


#测试

echo "server0.example.com"  >>  /var/www/html/index.html


desktop0:

curl http://server0.example.com


14.扩展web(更改虚拟站点,即更改被访问的目录资源)

mkdir  /var/www/virtual

useradd user1

setfacl -R -m u:user1:rwx /var/www/virtual

echo "www0.example.com" >> /var/www/virtual/index.html   #模拟下载实际的index.html

vi /etc/httpd/conf.d/server0.conf

  

     
  <VirtualHost *:80>
    ServerAdmin root@server0.example.com
    DocumentRoot "/var/www/virtual"
    ServerName www0.example.com
    ErrorLog "/var/log/httpd/server0_www0.example.com-error_log"
    CustomLog "/var/log/httpd/server0_www0.example.com-access_log" common
  </VirtualHost>

  

   <Directory "/var/www/virtual">
    AllowOverride None
    Require all granted
   </Directory>

   ###其中<Directory>这个在/etc/httpd/conf/httpd.conf里面复制


systemctl restart httpd


desktop0:

echo "172.25.0.11  www0.example.com" >> /etc/hosts

curl  www0.example.com


15.

mkdir /var/www/html/private
touch /var/www/html/private/index.html
echo "private web." >  /var/www/html/private/index.html
vi /etc/httpd/conf.d/server0.conf

   <VirtualHost *:80>
    ServerAdmin root@server0.example.com
    DocumentRoot "/var/www/html"
    ServerName www0.example.com
    ErrorLog "/var/log/httpd/server0.example.com-error_log"
    CustomLog "/var/log/httpd/server0.example.com-access_log" common
   </VirtualHost>


   <Directory "/var/www/html/private">
    Require all denied
    Require local
   </Directory>

systemctl restart httpd.service
curl server0/private/

desktop0:
curl server0/private/


16.

server0:

yum install mod_ssl -y

wget -O /etc/pki/tls/certs/www0.crt http://cla***oom.example.com/pub/tls/certs/www0.crt

wget -O /etc/pki/tls/private/www0.key http://cla***oom.example.com/pub/tls/private/www0.key

wget -O /etc/pki/tls/certs/example-ca.crt http://cla***oom.example.com/pub/example-ca.crt


vi /etc/httpd/conf.d/server0.conf

    Listen 443
  <VirtualHost *:443>
    ServerAdmin root@server0.example.com
    DocumentRoot "/var/www/html"
    ServerName www0.example.com
    ErrorLog "/var/log/httpd/server0_443.example.com-error_log"
    CustomLog "/var/log/httpd/server0_443.example.com-access_log" common

    SSLEngine on   #SSL相关的行通过 grep SSL  /etc/httpd/conf.d/ssl.conf拷贝出来
    SSLProtocol all -SSLv2 -SSLv3
    SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5
    SSLCertificateFile /etc/pki/tls/certs/www0.crt
    SSLCertificateKeyFile /etc/pki/tls/private/www0.key
    SSLCACertificateFile /etc/pki/tls/certs/example-ca.crt
   </VirtualHost>

mv /etc/httpd/conf.d/ssl.conf  /root/ssl.conf   #移开ssl文件,否则影响httpd服务启动。

systemctl restart httpd

firewall-cmd --permanent --add-rich-rule "rule family=ipv4 source address=172.25.0.0/24 service name=https accept"

firewall-cmd --permanent --add-rich-rule "rule family=ipv4 source address=172.25.0.0/24 service name=http accept"

firewall-cmd --reload


desktop0:

在火狐浏览器进入https://server0.example.com

"I Understand the risks"-->"Add Exception"-->"Confirm Security Exception"



web 5题总配置

yum install mod_ssl mod_wsgi -y

systemctl enable httpd

systemctl restart httpd

firewall-cmd --permanent --add-port=8909/tcp

firewall-cmd --reload

semanage port -a -t http_port_t -p tcp 8909


cat  /etc/httpd/conf.d/system1.conf

<VirtualHost *:80>
   DocumentRoot "/var/www/html"
   ServerName system1.group8.example.com

     <Directory "/var/www/html">
       order allow,deny
       allow from .group8.example.com
       deny from .my133t.org

     </Directory>

     <Directory "/var/www/html/private">
       order deny,allow
       allow from 127.0.0.1 172.24.8.11
       deny from all
     </Directory>
</VirtualHost>


<VirtualHost *:443>
   DocumentRoot "/var/www/html"
   ServerName system1.group8.example.com

     <Directory "/var/www/html">
       order allow,deny
       allow from .group8.example.com
       deny from .my133t.org

     </Directory>

</VirtualHost>

<VirtualHost *:80>
   DocumentRoot "/var/www/virtual"
   ServerName www8.group8.example.com

      <Directory "/var/www/virtual/private">
       order deny,allow
       allow from 127.0.0.1 172.24.8.11
       deny from all

     </Directory>
</VirtualHost>


Listen 8909
<VirtualHost *:8909>
   ServerName wsgi.group8.example.com
   WSGIScriptAlias / /var/www/wsgi/webinfo.wsgi
</VirtualHost>


添加用户脚本

#!/bin/bash

    if   [  -z  "$1"    ] ;  then
       echo "Usage: /root/batchusers userfile"
       exit 1;
 
    elif  [  !  -f  "$1"    ] ;  then
       echo "Input file not found"
       exit 2;
    else
     for USER in $(cat $1)
       do
 
       useradd -s /bin/false $USER
       echo "$USER add ok"
       done
    fi




另一脚本

#!/bin/bash
   if   [  "$1" = redhat  ] ;  then
       echo "fedora"

       elif   [  "$1"  = fedora    ] ;  then
       echo "redhat"
 
      else
      echo "/root/foo.sh redhat | fedora"
      exit 1;
   fi