RHCE6.0课所有笔记 ERIKXUE

124 134 254
10/18,19,20 考前辅导
10/21 考试

满分通过 RHCSA 300 - RHCE 300 恭喜下自己！

call me redhat certified engineer plz.

1.开机破密码

不能在本地做的实验 nfs ldap Kerberos

2.       6.       18       - 164.   el5
主版本号 次版本号 末版本号 - 修正号 RH

版本号第二位数字 奇数：开发版本 偶数：稳定版本

~ //home
. //hide file
-- //option with more than one char ,it needs two -
* &//通配符

vncviewer rhce &

//中文input
system->input method->enable input method feature->use ibus->input method preferences->input method->add chinese

whatis ls//show what does ls do
which ls//show the path of ls
locate iptables.sh//showw all the file or executive file will be found

作业 whatis 为何会自动更新数据库

man 1-8 程序，文件等 8类信息 5为文件信息
/Key 向下搜索
?Key 向上搜索
N 向上搜
n 向下搜
G 跳到尾页
g 跳到首页
q 退出
man -k pass 模糊查找

system-config-users 用户，组图形管理工具

硬盘名字
rhel5
scsi sata usb : sdx
PATA(ide) : hdx
虚拟机 : vdx

rhel6 : sdx

分区
sda1 sda2...
sdb1 sdb2...
每个硬盘最多15个分区

文件系统->目录 挂载

把sda1挂载到根目录
建议将boot目录单独挂载
/boot //bootConfig etc. 100M is enough
swap 交换分区
var目录 log,mail,www等频繁访问

一切皆文件

$Path //环境变量
/media,/mnt //空目录，用于U盘等挂载
/dev/null //黑洞
/etc //配置文件等

startx //login into graphic

file FileName 查看文件类型

pwd 显示完整目录 -P 如果是链接,显示源路径

ls -a 查看隐藏文件 -l详细信息 -d显示目录本身属性 -R递归
ls a[1-3]?*
ll //ls -l --color=auto
cp /etc/passwd . 拷贝 -p 保留权限 -R|-r递归 -d保留链接属性 -a所有
rm 删除 -rf .* 删除隐藏文件

cat|less|tail|head|more //text toools
grep --color=auto ^xx& //begin with xx ,end after xx
tail -n 20 -f messages //-f show dynamically
cut -d[:|' '] -c2-5 -f1 /etc/passwd //-d separate symbol -c number of chars -f column
wc -l line -w word -c byte -m
sort -r reverse -n numeric sort -u unique
sed '1,3|/beginWord/,/endWord/s/dog/cat/g'|-f expressionFile FileName //s search g global
//1,3 line1to3 or begin2endWord
tr 'a-z' 'A-Z' //repalce
diff -u foo.conf-broken foo.conf-work > foo.patch
patch -b foo.conf-broken foo.patch
find / -user UserName// find all file belong to UserName

find / -user harry -exec cp -rp {} /opt/dir \;

system-config-packages //control panel

带路径的命令可以执行，如/var/tmp/test.sh or ./test.h

cat /proc/cpuinfo|meminfo

lftp IP// ls get cd can be used
wget http|ftp://192.168.0.254/1.txt  

alias vi=vim //let vi has the same function as vim

vim command
50-> //move five chars
h j k l//as arrow key in old version
wb //move by work
),( },{ //move by sentence paragraph
x G gg//jump to line x v jump to end jump to begin
/xx //search xx
1,5s/cat/dog/ //x,y line range
%s/cat/dog/gi //g global i write %s every line
cc p dd yy //replace paste cut copy numbers can add to front
u|U ctrl+r //撤销 全部撤销 撤销恢复

q //quit
q! //force quit
w //write
wq //save and quit
wq! //write read only file use

evince //views PDF

date [MMDDhhmm[[CC]YY][.ss]]
date 010113302007.05

stat fileName 显示文件详细信息

a time 访问时间
m time 仅内容修改
c time 文件源数据更改

touch -a更新"a c time" -m 更新"mc time"

mkdir -p 创建多级目录，如1/2/3/4/

vim /etc/sysconfig/il8n charset

system-config-date

watch -n 1 ifconfig eth0 //refresh ifconfig every one second

ifdown ifup ifconfig //down up show
/etc/sysconfig/network-scripts/ifcfg-eht0
DEVICE=ethX
HWADDR=0:02:8A:A6:30:45
{
BOOTPROTO=dhcp
or
BOOTPROTO=none|static|\null
IPADDR=192.l68.0.123
NETMASK=255.255.255.0
GATEWAY=192.168.0.254
}
ONBOOT=yes
Type=Ethernet
NM_CONTROLLED="yes"

/etc/sysconfig/network //hostname
HOSTNAME=server1

/etc/resolv.conf //hostname nameserver
NETWORKING_IPV6=no
HOSTNAME=server1
NETWORKING=yes
search example.com
nameserver 192.168.0.254//dns
/etc/init.d/network restart
/etc/init.d/NetworkManager restart

/etc/hosts
172.24.0.X stationX.example.com stationX

//Services
/etc/rc.d/init.d/ServiceName start|stop|restart|reload//reload config only
/etc/init.d/aServiceName start//linux
servivce ServiceName start//redhat

/etc/sysconfig/networking/profiles/default/ //network configs backup(auto)

route -n
route add default gw 192.168.0.88
route del fefault

system-cofnig-printer
lpr /etc/fstab
lpq

read -p "enter a filename:" FILE
echo $FILE

/etc/shells //7 shells

set with VARIABLE=VALUE
referenced with $VARIABLE

uid 0 则为超级用户，等于root
普通用户从500 开始

su - root //change user

su -       -- /etc/profile
登陆shell -- ~/.bash.profiel
su  -- /etc/bashrc
   非登陆shell -- ~/.bashrc
. /etc/profile //load this file immediatlly
~/.bash_logout //logout script

/etc/passwd
用户名:password(x):uid:gid:描述（非必须）:home目录:shell
x 映射到了/etc/shadow文件，此问价对其他用户不可读写执行
创建用户时，用户必须创建私有组，私有组号与uid相同

r read
w write
x execute

r作用在文件上，用户可读取该文件内容;作用在目录上，用户可短列出该目录下文件
w作用在文件上，用户可修改该文件内容;仅有w作用在目录上，什么都没有
x作用在文件上，用户可执行该文件;仅有x作用在目录上，用户可进入该目录
wx作用在目录上，代表可执行长列出，新建,删除等
rx作用在目录上，可进入,短列出子目录

-rwx-r----- l

1
-普通文件
d目录
c符号文件
b块文件
l链接文件
2-10
所属人，所属组，其他人
11
硬链接数|子目录数
12
uid
13
gid
14
Size bytes
15
修改时间
16
path

localVariable=value
export EnvironmentVariable=value

$PS1 //command prompt

id //show user
useradd -u 500 -g 500 -d /openlab/redhat student

chown UserName FileName //only root can do this -R递归
chgrp GroupName FileName //only root and owner can do this ;owner must be in this group to change
chmod ugo-w FileName //user group others add write attribute
chmod o=--- FileName
chmod g+s DirName //inherit from parent dir
r:4 w:2 x:1 rwx:7

root's umask is 022// /etc/bashrc

cd // 返回上一次目录

ln a.txt //hard link
ln -s b.txt //soft link

special permissions for executables
suid|sgid on file //command run with permissions of the owener|group of the command
special permissions for directories
sticky //files can only removed by the owner and root
sgid //files have group affiliations of the group of the directory

uesrmod -g GroupName UserName //add user to group -g private group -G public group -a just add not modify

w //connected user
last lasttb lastlog //recent logins

outer directory read privilidge is not permit than inner directory is not pmermit
but write does not the same

File can remove or move decide on directory privilidge

output redirect
find /etc/ -name passwd 2>|&>|>|>> find.output
>//into file update
>>//into file append
2>//stderr

2>&1 //redirect STDERR to STDOUT

tee [-ai][--help][--version][文件...]//标准输入设备读取数据，将其内容输出到标准输出设备，同时保存成文件。

intput redirect
tr 'A-Z' 'a-z' < .bash_profile

mail -s "pleas xx" << ABC
>
>!
>ABC

Piping
ls -l /etc | less|mail -s "test"

ls -lR /etc/ | tee output1.txt | sort | tee output2.txt | uniq -c | tee output3.txt

tar is pack,no compress
bz2 gz is compress
file FileName //show file type
gzip File//compress
gzip -d //decompress
gunzip File//decompress
bzip2 (-d) File//(de)compress
bunzip2 File//decompress

tar j|zvf[x] FileName //x decompress f file v view z gzip j bzip2
tar j|zcvf destinationFileName dir 打包

scp .
scp scripts.sh

ssh
ssh -l root 192.168.0.1 | ssh

A -------------------------------------------- B

1 A ssh B
2 B has a pair of private/public key and send public key(768bytes) to A
3 A send 256 bytes key to B and make it 1024 sized Kay Pair
 the 256 bytes is encrypt by 768 public key
4 B received the 256 bytes and decode it by private key
 the key pair changes every connection

/root/.ssh/known_hosts file key where stored

rm /etc/ssh/*key* -f//remove all keys

where private key decode the public key successed ,it means the another is true user
ssh-keygen -t rsa  //mannual build an key
passphrase //the password of key
than two file: /root/.ssh/id_rsa id_rsa.pub is built
ssh-copy-id -i id_rsa.pub //let the key to another so no password is needed

ssh-agent bash//enter the the password of key automatically
ssh-add //enter the password of key
ssh-add -l

vim /etc/ssh/sshd_config
password authentication //set to false
/etc/inti.d/ssh restart //restart services

ls /etc/inittab

bc 计算器 scale=10//保留10位小数

palimpsest //grafice disk manager

mkswap /dev/vda3
swapon /dev/vda3

vim /etc/fstab
/dev/vda3 swap swap

swapoff -a
swapon -a

dd if=/dev/zero of=/swap.img bs=1M count=512 //build an empty file with 512m
vim /etc/fstab
/swap.img swap swap

priority also can be changed in /etc/fstab ,write like defaults,pri=10

0磁道1扇区 mbr 512字节
446bytes bootloader  //one of bootloader:grub
//1 boot solutions 2 read kernel 3pass to other bootLoader in other partions
16bytes*4 Partition table
2bytes Magic Number
主分区，扩展分区 记录起始，结束柱面数 逻辑分区
inode ext 128B 指针4字节

512-bootSector 1024-superbloack inode-block//other partions

删除硬链接，则文件硬链接数减1
如果硬链接数为0，则删除了inode

du DirName //file size and total size
df //show mount
mount /source /destination

磁道从内向外，以0开始，依次增大

lvdisplay //display logical info
tune2fs -l /dev/vdal //detail -o ^method //remove the method

fdisk -l /dev/sda|vda -u以扇区方式显示 -c 从最后个分区的扇区开始
//include dm info //vda is virturl machine hd
+1G
command n new p partition t filetype w write d delete m help
partx -a /dev/vda //tell the partion info to kernel
partx -d --nr 4-5 /dev/sda //kill partion from 4 - 5
ls /dev/sda* //look at the partition of /dev/sda

4 Partition is the limit of partition number
Primary Extended can be use as PPPP PPPE
if there are 3 Primary partitions ,
the rest space of the harddisk must be all assing to Extended

device mapper //linear driver
sector 扇区
track 磁道
heads 磁头
mkfs.ext4|vfat /dev/vda3 //format
blkid //show file systems
mount /dev/vda3 /mnt/ //mount all file system by /etc/fstab
df -h//show mount

http ks=http://serverip/dir/file
ftp ks=ftp://serverip/dir/file
nfs ks=nfs:serverip:/dir/file
hard ks=hd:device:/dir/file
cdrom ks=cdrom:/dir/file

free -m //show mem swap
mkswap /dev/vda5
swapon|swapoff /dev/vda5

vim /etc/fstab
/dev/vda5 swap swap defaults,pri=10 0 0 //pri more big more priority
//new a file swap.img sa 512M, it can also be write in /etc/fstab and be a swap
swapon -a //turn on all swap in /etc/fstab -s//show all swap

Logical volumn manager //lvm
system-config-lvm

pvcreate /dev/vda6 //change pisical to pv
vgcreate -s PeSize VgName /dev/vda6
vgdisplay VgName
lvcreate -L lvSize -n LvName VgName //lv是vg的倍数
ll /dev/VgName/LvName|/dev/mapper/VgName-LvName //they are same dev
lvs //show lv info
vgs//show vloume group
mkfs.ext4 /dev/VgName/LvName
/etc/fstab /dev/mapper/VgName-LvName /mnt/lvm1 ......
lvcreate -l peSize -n rhcsa openlab
lvcreate -l 100%FREE -n rhca openlab

vgextend vgName /dev/vda7
lvextend -L lvSize /dev/openlab/rhce //lv add online
resize2fs -p /dev/openlab/rhce

umount /mnt/rhce
e2fsck -f /dev/openlab/rhce
resize2fs /dev/openlab/rhce 100M //reduce filesystem
lvreduce -L 100M /dev/openlab/rhce //reduce lv offline
mount /mnt/rhce

pvmove /dev/sda7 //move data in sda7 to other pv in the same vg
vgreduce VgName /dev/sda7 //remove pv from vg
pvremove /dev/sda7 //than /dev/sda7 is not a pv

lvcreate -L 20 -s -n rhca-snap /dev/openlab/rcha //snap shot with lv

//encrypt disk
cryptsetup luksFormat /dev/sda3
YES
cryptsetup luksOpen /dev/sda3 openlab
cryptsetup luskClose openlab
mkfs.ext4 /dev/mapper/openlab
/etc/fstab
touch /etc/openlab.key
cryptsetup luksAddKey /dev/vda3 /etc/openlab.key
/etc/crypttab
openlab /dev/vda3 /etc/openlab.key

showmount -e 192.168.0.254//show nfs(linux share folders protocol)status
mount -t nfs 192.168.0.254:/var/ftp/pub /mnt
192.168.0.254:/var/ftp/pub /mnt nfs defaults 0 0// /etc/fstab

mount -t cifs //192.168.1.3/game /media -o username=Joen%password
//windows share folders protocol cifs
// /etc/fstab
{
//192.168.0.18/game /windowsdir cifs credentials=/etc/passwordfile 0 0
/etc/passwordfile
username=joen
password=redhat
}

autofs //mount before the dir using
/etc/auto.master //mount source ,but last path is no written
//autofs services last path will be overwritten ,so path must be more than 2
/1/2/3/ /etc/auto.rhce(next file name) --timeout=10(s)
vim /etc/auto.rhce //write last path,may copy from /etc/auto.mis
4 -fstype=ext4 :/dev/vda5
/etc/init.d/autofs start

ps aux
ps axo %cpu,%mem,pid,comm --sort -%cpu | head -n 11
top //show cpu etc. dynamica
pstree
pgrep -U root
pidof bash

init //the first process ,pid is 1

Signals //man 7 signal
19 Stop //Ctrl-z
15 Termiante cleanly
9 Kill
1 Re-read configuration files

kill -9 3810
pkill httpd

nice -n 5 /etc/init.d/httpd restart//set the process priority ,the less value,the higher priority
renice -n -20 'pidof httpd'//set all http process to -20

firefox &

jobs
bg %1
fg %1

usermod -s /sbin/nologin visitor //set the user no login
usermod -aG GroupName UserName //Public group
$PS1//提示符var,in . /etc/bashrc
usseradd -u uid -g GroupName -G 额外组 UserName -d home
//copy /etc/skel to /home/user when useradd automatically
userdel -r UserName //-r del with home directory
id user1//show user info
1970-1-1 birth of unix and c
/etc/shadow
UserName:password:LastModifyTime:MinLiveTime:MaxLiveTime:NotifyUserDays:
AccountOutAfterPasswordOut:AccountOutTimeFrom1970:reserved
passwd UserName
chage -m 2 -M 2 UserName //update Min|MaxLiveTime

/etc/group /etc/gshadow
gpasswd admin
newgrp admin

ldap server
system-config-authentication
dc=example,dc=com

Use TLS

LDAP password

vim /etc/sssd/sssd.conf
enumerate = ture//get all info

mount -nfs /home/ldapuser1 192.l68.0.254:/rhome/ldapuser1
/rhome /etc/auto.rhce
* -fstype=nfs 192.168.0.254:/rhome/& //autofs

getent passwd ldapuser1

ldapadd -x //add ldap user

showmount -e instructor.example.com //query share folders

acl
tune2fs -l /dev/mapper/vgsrv-root |grep option //user_xattr acl
tune2fs -o (^)acl /etv/mapper/dev/vda3 //add or remove acl permanently

mount -o acl /dev/vda3 /commmon/ //add acl when mount

setfacl [-R recursion] [-x delete one] [-b delete all] [-m add one] u|g|m:harry:rwx /common/
drwxrwxr-x+ //"+" is acl's signal
getfacl /common/

owner//acl first
mask//group,group_acl bigger one first
setfacl -m d:u:sarah:rwx /common/ //set default property of subdir other than /common

ntfs-3g_ntfsprogs-2011.4.12.tar.gz //config built install follow readme,compile need gcc
mount -t ntfs-3g .......

rpm -ivh vsftpd-2.2.2-6.el6.x86_64.rpm//v show procedure h show progress
//-U update or new//-F update//-i just new//--force ignore all
//-q is install //-qa show all installed //-ql show the files in rpm
rpm -e vsftpd //uinstall
rpm -qf /etc/inittab //show which rpm does the inittab file in ,db is /etc/lib/rpm

rpm2cpio xxxx.rpm | cpio -id //decompress the rpm to files

rpm --import /etc/pki/rpg-gpg/xxxxx //ipmort public key
/etc/pki/rpm-gpg/ //where public key in

rpm -K xxx.rpm //authenticate the rpm package

yum -y install vsftpd

/etc/yum.repos.d/server1.repo
[base]
name=openlab rhce
baseurl=ftp://instructor.example.com/pub/rhel6/dvd
//baseurl=file:///media
enable=1
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPR-GPG-KEY-redhat-release

yum clean all
yum makecache

yum list
yum grouplist

mount -t nfs 192.168.0.254:/etc/download/pub /mnt
mount -o loop rhelxxxx.iso /media

/rhel.iso /mnt iso9660 loop,ro defaults 0 0 //fstab

yum groupinstall Virtualization
yum remove vsftpd
yum provides fileName //search which rpm does file in de

/etc/yum.conf
add default option mandatory in it

gpk-application

pidof vsftpd
kill -1 2649

runlevel
chkconfig --level 5 vsftpd on
chkconfig --list vsftpd

ntsysv | system-config-services //service list show in graphic

/var/log/message

/etc/rsyslog.conf
*.info;mail.none;authpriv.none;cron.none//log into files other than mail,auth,cron where level >=info
日志类型.日志级别

log level
1.debug
2.info
3.notice
4.warning
5.error
6.crit
7.alert
8.emerg

tailf /var/log/messsages

/etc/init.d/crond restart
crontab -l //look at crontab
crontab -r //delete all
crontab -e //edit
min hour day month week
00 08 * * * /bin/echo "GoodMorming"
00 16-21 * * sat,sun|6-7|6,0 /bin/echo ""
*/10 09 * * * /usr/sbin/wall ""//show 2 all people

vim /etc/cron.deny //write userName in it
/var/spool/cron //crond config in it
vim /etc/anacrontab

at 12:00|now +2 min //do it once,use absolut path
at -l //show list and id
at -d id //delete

$ping -c1 -W2 station1 &> /dev/null \
> && echo "station1 is up" \
> || (echo 'station1 is unreachable';exit 1)

man test
0 for true
1 for false
test "$A" = "$B" && echo "strings are equal"
test "$A" -eq "$B" && echo "integers are equal"
[ "$A" -eq "$B" ] && echo "integers are equal"

-eq =
-ge >=
-gt >
-le <=
-lt <
-ne <>

-d //is pain file
-f //is dir
-e //is file

-a //and
-o //or

#!/bin/bash //#! use the next tools to execute next command
//bash $variableName when use,variableName when set

PATH=$PATH:/var/tmp
export PATH

A=hel
echo "$A"lo//print hello

echo $(hostname) //use the command hostname's result

"" //clear the special meanings of symbols except $~!\
'' //clear all special meanings

{1..20} //1 to 20 separate with space

!! //last command
$? //when command is success:0, fail:1,error:2
&& //if success , do
|| //if error , do
mkdir newdir && echo "xx"

mkdir /var/backup &> /dev/null || ( rm -rf /var/backup && mkdir /var/backup
&& /bin/cp /etc/*.conf /var/backup ) && /bin/cp /etc/*.conf /var/backup

./posit.sh Red Hat Enterprise Linux
echo "The program name is $0"
printf "The first argument is %s and the second is %s\n" $1 $2
echo -e "\nAll command line paraments are $*\n"

read -p "what's your name?: " name//talk model
echo $name

A=&(/bin/ls -l) //let the result to variable A

for n int harry natasha sarah;do useradd $n;echo redhat|pass --stdin%n;done

if [! -d /rhome];then
if [ -f /rhome ];then
 rm -f /rhome
if;
mkdir /rhome
fi

for user in $(seq 1 20);do
id &user &> /dev/null
let UID=2000+User
if [ $? = 0 ];then
 echo "exist $user"
else
 if [$user -le 10];then
  useradd -u $UID -d /rhome/nisuser$user user
 else
  useradd -u $UID -s /sbin/nologin
 fi
 echo openlabrhce | passwd --stdin user
if
done

for USER in user1 user2 user3
do
useradd $USER
echo "password" | passwd --stdin $USER
done

for n in $(seq 1 10)|{1..10};do// 1 - 10
host=192.168.0.$n
ping -c2 $host &> /dev/null
if [ $? = 0 ];then
echo "$host is up"
else
echo "$host is down"
fi
done

Errmsg='usage:/root/program kernel|user'
if [ $# -ne 1 ]
then
echo $Errmsg
exit 1
fi
case $1 in
(kernel)echo "user"
;;
(uesr)echo "kernel"
;;
(*)echo "msg"
exit 1
;
esac

for file in *.txt

$SHELL //default shell

kernal
vmlinuz-2.6.32-71.el6.i686 //kernel
initrd-anaconda.img //drives etc. p_w_picpath
zcat initramfs-2.6......|cpio -id

cat /etc/redhat-realse //version
uname -r //kernal version
uname -a //all version
lsmod | grep ext4
/etc/modprobe.d //modual confige

cat /proc/cmdline

/etc/inittab
id:5:initdefault:
runlevel
0 halt
1 Single user mode
2 Multiuser,with out networking
3 Full multiuser mode
4 unused
5 X11
6 reboot

/boot/grub/grub.conf //add boot parameter
default=0//title no which login
timeout=5//choose title time out
splashp_w_picpath=(hd0,4)/grub/xxxx //login p_w_picpath
hiddenmenu//show choose title or not
password --md5 xxxxxxxxyyyyyyy // use grub-md5-crypt
{
title //os boot name
root hd(0,0)//it is /boot/
kernel /vmlinuz-2.6..... ro root=/dev/mapper/vgsrv-root|root=UUID=xx-xx-xx-xx
initrd /initramfs
}

/etc/fstab
mount_source destination fileSystemType mount_parameter IsDumpBack IsDetect

/var/lock/subsys/*
when services is on ,one file is in this dir ,the file is stored in memory

/etc/rc.local /etc/rc.d/rc5.d/S99local //vim /etc/rc.d/rc.local ,start at boot

boot process
cmos -> //basis config
bios -> //hardware detection
Bootloader //mbr where grub is
grub -> //read kernel by (hd0,0)/grub/grub.conf
kernel -> //hardware detection second ,vmlinuz-2.6.32-71.el6.i686
boot -> //Initial RAM DISK initrd ,initrd-anaconda.img 解开此驱动等文件镜像
UpStart/Sysvinit rhel6/5 ->
/sbin/init ->
[5.4 /etc/inittab //init runlevel etc.]
6.0 /etc/init/ //more config files
/etc/init/rcS.conf //runlevel if exists /etc/inittab or default
/etc/rc.d/rc.sysinit //network  
/etc/fstab
/etc/init/rc.conf //to /etc/rc.d/rc
/etc/rc.d/rc // /etc/rc.d/rcRunLevel.d
/etc/rcRunLevel.d //K kill S start the service,one file one services,K|S Number
//Number the less ,the higher priority ,
//when change runlevel then do K|S use /etc/rc.d/init.d
/etc/rc.d/init.d = /etc/init.d //where service script in

chkconfig [--level 35] vsftpd on|off //default effect on 2345 level
chkconfig --list vsftpd

grub.conf is missing
grub>root (hd0,0)
kernel /vmlinuz.... ro root=LABEL=/
initrd /initramfs...
boot

setenforce 1//can not change passwd ,use setenforce 0 to go on
getenforce

press a when grub choosing to change kernel parameter,and single to enter runlevel 1

vim /etc/sysconfig/init
SINGLE=/sbin/sushell|sulogin //login mode in single

sudo COMMAND
vim /etc/sudoers
UserName ALL=(AuthenticationUsers) /user/sbin/command1,/user/sbin/command2
,NOPASSWORD:,/user/bin/passwd ?*,!/user/bin/passwd root

Kerberos
Key Distribution Center(KDC)
Application Servers(network services)
Client users
1
Client DRB_AS_REQ KDC //client has cm
Client KRB_AS_REP KDC
SKDC-client
copy1 + cm
copy2 + Client.Info + Timeout +K.M
Client got SKDC-client and TGT
2
Client KRB_TGS_REQ TGS
TimeStamp +SKDC-client + c.r + s.r + TGT
Client KRB_TGT_REP TGS
SServer-Client
copy1 enc by SKDC.Client
copy2 S_S_C +C.R(客户端信息) + Timeout enc by A.M
3
Client KRB_CS_REQ SSH //SSH server has a.s a.m
TimeStamp enc by s.sc + Ticket enc by A.M
Client KRB_SC_REP SSH
Accept

ntpdate -u instructor
server ntp1.leonard.com//ntp
system-config-authentication
choose kerberos

Netfilter
iptables -A INPUT '!' -s 192.168.0.0/24 -p tcp --dport 22 -j EJECT//v6.0
iptables -A INPUT -s '!' 192.168.0.0/24 -p tcp --dport 22 -j EJECT//v5.4
//EJECT ssh other than 192.168.0.0
dport|sport //destination source port

Chain policy
iptables -P INPUT DROP|ACCEPT
iptables -nL

iptables -N RHCE
iptables -A INPUT -s 192.168.0.100 -j RHCE
iptables -A RHCE -j REJECT
iptables -D RHCE 1
iptables -X RHCE

vim /etc/init.d/cus_firewall
iptables -P INPUT DROP
iptables -P OUTPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -F
iptables -X
iptables -Z
iptables -t nat -F
iptables -t nat -X
iptables -t nat -Z
#ftp
iptables -A INPUT -s 192.168.0.0/24 -p tcp --dport 21 -j ACCEPT
iptables -A INPUT -p tcp --dport 21 -j REJECT

/etc/rc.d/rc5.d
ln -s /etc/init.d/cus_firewall S99cus_filewall

iptables -t nat -A POSTROUTING -o eth0 -j MAS....//伪装
/etc/init.d/iptables stop//refresh firewall ,set all to accept
/etc/init.d/iptables start//use /etc/sysconfig/iptables
/etc/init.d/iptables save//save the policy now to /etc/sysconfig/iptables

system-config-firewall//there is a default policy by redhat
//click disable and apply ,set the default policy to disable

DNS
bind //dns software
. (root)->
.com .net (TopLevelDomain) Replay NS record,no A record->
.com -> ns.hostname.com //NS record
ns.hostname.com //A record
sina.com ->
t.sina.com

/etc/resolv.conf
nameserver 192.168.0.254 //no more than 4 records
//ask the second dns server when the first has don't find --linux
//ask the second dns server when the first is unavailable --windows

nslookup
>desktop1.example.com
dig -t soa baidu.com

vim /etc/nsswitch.conf //change the dns not to look at host first

yum -y install bind
/etc/named.conf
yum -y install bind-chroot//security
cp -p /var/named/chroot/etc/named.rfc1912.zones

chroot named stop //move config chroot/etc to /etc
chroot named start //move config /etc to chroot/etc

master
/etc/named.conf
listen-on port 53 {any;};
forward only//just look at forward
forward first//look at forward first and then internet
allow-query {any; };
allow-transfer {192.168.0.189;};//for slave

include "/etc/named.rhce.zones"

/etc/named.rhce/zones
include zone files
zone "rhce.cn" IN {
type master;
file "rhce.zone";
};

zone "0.168.192.in-addr.arpa" IN {
type master;
file "0.168.192.zone";
};

/var/named/rhce.zone
$TTL 1D //1D ,when others use this dns,it will knows the ttl and save at local
serial //update serial number
refresh|retry|expire  //assist dns refresh interval
rhce.zone
{
   NS rhce.cn
   A  192.168.0.1
   CNAME rhce.cn//find the ip every time
   $GENERATE 1-200 desktop$ A 192.168.0.$
}
0.168.192.zone
{
   NS rhce.cn.
231 PTR rhce.cn.
}

slave
zone "rhce.cn" IN {
type slave;
masters { 192.168.0.188;};
file "slaves/xx.rhce.zone"
}
zone "0.168.192.in-addr.arpa" IN {
type slave;
masters { 192.168.0.188;};
file "slaves/192.168.0.zone-slave"
};

rndc flush//clean cache

yum install -y iscsi-initiator-utils
iscsiadm -m discovery - t sendtargets -p 192.168.0.254:3260//find iscsi
iscsiadm -m node -T iqn.2011-09.com.example:common -p 192.l68.0.254 -l//mount iscsi

SELinux
/etc/selinux/config //selinux mode
system-config-selinux
setenforce 1|0 //Enforcing | Permissive
getenforce //get mode
sestatus //get mode now and config

ls -Z[d] File//view context
chcon tmp_content_t //change context
restorecon pub/ //restore the context by parent
setsebool -P
getsebool -a |grep ftp

/etc/sysconfig/nfs //change the nfs port to static

yum install -y vsftpd
/etc/init.d/vsftpd restart
/etc/vsftpd/vsftpd.conf
setsebool -P ftp_home_dir=1
chkconfig vsftpd on
iptables -A INPUT '!' -s 192.168.0.0./24 -p tcp --dport 21 -j REJECT

samba
/etc/samba/smb.conf
config file = /etc/samba/%U.conf
[public]
comment = Public Share
path = /home/sharehome
public = yes
writalbe = no
write list = visitor,student,@smbgroup
browseable = no
create mask = 0660
directory mask = 0770
group = uesrGroup

smpasswd -a UserName//add password to smb user at the frist time
setsebool -P samba_enable_home_dirs=1
smbclient //192.168.0.188/rhce -U visitor
net use * /del //windows net del

/dev/mapper/vgsmb-lvsmb /common ext4 defaults,acl 0 0//fstab

man samba_selinux
chcon -R -t samba_share_t /common/
chkconfig smb on

192.168.0.188:/rhce /mnt cifs credentials=/etc/samba/rhce.txt 0 0
//rhce.txt
username=user1
password=redhat

/dev/sda1 /common ext4 default,userquota //disk quota
quotacheck -cum /common/
quotaon /common/
quota -l
edquota -u user1
edquota -p user1 user2
for n in $(cat /etc/passswd | awk -F: '($3>500){print $1}'
|grep -v ^user);do edquota -p user1 $n; done
repquota -av

Apache HTTP
httpd
/var/www/html //default web path,default page is index.html
vim /etc/sysconfig/network-script/ifcfg-eth0:0
/etc/httpd/conf/httpd.conf
Listen 80
//when there is a virtual host,than the first virtual host is the default host
<VirtualHost 192.168.0.88:80>
ServerAdmin
DocumentRoot /var/www/desktop88
</VirtualHost>

postfix
sendmail//mail in 5.4
alternatives --config mta
mail -s "hi,tiger"  
/etc/postfix/main.cf
/etc/init.d/postfix status
postconf -n(effective) -d(default)//show postfix config
postconf -e inet_interfaces=all
nestat -tulnpa |grep :25

转载于:https://blog.51cto.com/erikxue/1386862