标准答案
可以使用virt-manager命令打开各个虚拟机的终端
-
配置node1网络
-
打开node1的命令行
-
nmtui > edit a connection > edit这个连接
-
找到IPv4配置=>Automatic改成Manual
-
Address改为题目要求ip(注意,加一个横线后面写子网掩码172.25.250.100/24)
-
继续添加完网关和DNS服务器
-
修改完后直接ok,返回到最首页
-
点击set system hostname修改主机名为node1.domain250.example.com(把后面那个题在这里就做了)
-
点击activate a connection先deactive再deactive,激活后返回
-
ok=> 退出
-
之后就可以去foundation命令行客户端ssh node1试试
-
-
修改node2的root密码
-
foundation0的命令行里输入virt-manager,打开虚拟机管理器
-
点开node2
-
出现node2的命令行后,上方有一个向下的下拉选单,点击reboot
-
在开机出现选择启动项界面时,任意键停止倒计时
-
把光标放在第一个点击“e”
-
在linux开头的那一行末尾,输入rd.break
-
ctrl+x
-
重启以读写方式挂载/sysroot switch_root:/# mount -o remount,rw /sysroot
-
切换至真正操作系统的根/sysroot switch_root:/# chroot /sysroot
-
重置密码 sh-4.4# echo 123456 | passwd --stdin root
-
打标签 sh-4.4# touch /.autorelabel
-
exit退出两次
-
在foundation0中尝试使用新密码ssh node2
-
-
配置您的系统以使用默认存储库node1
[root@node1 ~]# cd /etc/yum.repos.d [root@node1 yum.repos.d]# ls [root@node1 yum.repos.d]# vi redhat.repo(名字无所谓,扩展名必须是.repo) [BaseOS] name=BaseOS baseurl=http://foundation0.ilt.example.com/dvd/BaseOS enable=1 gpgcheck=0 [AppStream] name=AppStream baseurl=http://foundation0.ilt.example.com/dvd/AppStream enable=1 gpgcheck=0 [root@node1 yum.repos.d]# yum clean all 28 files removed [root@node1 yum.repos.d]# yum repolist all repo id repo name status AppStream AppStream enabled BaseOS BaseOS enabled [root@node1 yum.repos.d]#
-
调试SELinux
man semanage port 查看帮助
输入/EXAMPLE
semanage port -a -t http_port_t -p tcp 81把这行命令复制出来
改81为82
执行:
[root@node1 ~]# semanage port -a -t http_port_t -p tcp 82 [root@node1 ~]# systemctl enable httpd [root@node1 ~]# systemctl start httpd
[root@node1 ~]# ls -Z /var/www/html/ system_u:object_r:etc_t:s0 file1 system_u:object_r:httpd_sys_content_t:s0 file3 system_u:object_r:httpd_sys_content_t:s0 file2
file1的标签不对,要修改
man semanage fcontext /EXAMPLE 查看帮助
复制出这一行 semanage fcontext -a -t httpd_sys_content_t "/web(/.*)?"
修改后执行:
semanage fcontext -m -t httpd_sys_content_t /var/www/html/file1
最后刷新,并确认
[root@node1 ~]# restorecon -Rv /var/www/html Relabeled /var/www/html/file1 from system_u:object_r:etc_t:s0 to system_u:object_r:httpd_sys_content_t:s0 [root@node1 ~]# ls -Z /var/www/html system_u:object_r:httpd_sys_content_t:s0 file1 system_u:object_r:httpd_sys_content_t:s0 file3 system_u:object_r:httpd_sys_content_t:s0 file2
-
node1创建用户帐户
[root@node1 ~]# groupadd sysmgrs [root@node1 ~]# useradd -G sysmgrs natasha [root@node1 ~]# useradd -G sysmgrs harry [root@node1 ~]# useradd -s /sbin/nologin sarah [root@node1 ~]# echo flectrag | passwd --stdin natasha Changing password for user natasha. passwd: all authentication tokens updated successfully. [root@node1 ~]# echo flectrag | passwd --stdin harry Changing password for user harry. passwd: all authentication tokens updated successfully. [root@node1 ~]# echo flectrag | passwd --stdin sarah Changing password for user sarah. passwd: all authentication tokens updated successfully.
-
配置 cron 作业
[root@node1 ~]# crontab -u natasha -e no crontab for natasha - using an empty one crontab: installing new crontab [root@node1 ~]# crontab -u natasha -l */2 * * * * logger "EX200 in progress"
-
创建协作目录
[root@node1 ~]# mkdir /home/managers [root@node1 ~]# chown :sysmgrs /home/managers/ [root@node1 ~]# cd /home [root@node1 home]# ll total 0 drwx------. 2 devops devops 62 May 7 2020 devops drwx------. 2 harry harry 62 Oct 16 18:07 harry drwxr-xr-x. 2 root sysmgrs 6 Oct 16 18:27 managers drwx------. 2 natasha natasha 62 Oct 16 18:07 natasha drwx------. 2 sarah sarah 62 Oct 16 18:07 sarah drwx------. 3 student student 95 Sep 1 2020 student drwx------. 5 wallah wallah 114 Jul 14 2021 wallah [root@node1 home]# chmod -R 770 managers/ [root@node1 home]# chmod -R g+s managers/ [root@node1 home]# ll total 0 drwx------. 2 devops devops 62 May 7 2020 devops drwx------. 2 harry harry 62 Oct 16 18:07 harry drwxrws---. 2 root sysmgrs 6 Oct 16 18:27 managers drwx------. 2 natasha natasha 62 Oct 16 18:07 natasha drwx------. 2 sarah sarah 62 Oct 16 18:07 sarah drwx------. 3 student student 95 Sep 1 2020 student drwx------. 5 wallah wallah 114 Jul 14 2021 wallah
-
配置NTP
[root@node1 home]# vi /etc/chrony.conf 修改第七行 server _gateway iburst 为 server materials.example.com iburst [root@node1 home]# systemctl restart chronyd [root@node1 home]# systemctl enable chronyd
测试
[root@node1 home]# chronyc sources 210 Number of sources = 1 MS Name/IP address Stratum Poll Reach LastRx Last sample =============================================================================== ^* classroom.example.com 8 6 77 19 +5843us[+8856us] +/- 12ms
-
配置autofs
[root@node1 ~]# vi /etc/auto.master 在/misc /etc/auto.misc下面 添加/rhome /etc/auto.misc
[root@node1 ~]# vi /etc/auto.misc [root@node1 ~]# cat /etc/auto.misc # # This is an automounter map and it has the following format # key [ -mount-options-separated-by-comma ] location # Details may be found in the autofs(5) manpage cd -fstype=iso9660,ro,nosuid,nodev :/dev/cdrom 添加下面这一行 remoteuser1 -fstype=nfs,rw materials.example.com:/rhome/remoteuser1 # the following entries are samples to pique your imagination #linux -ro,soft,intr ftp.example.org:/pub/linux #boot -fstype=ext2 :/dev/hda1 #floppy -fstype=auto :/dev/fd0 #floppy -fstype=ext2 :/dev/fd0 #e2floppy -fstype=ext2 :/dev/fd0 #jaz -fstype=ext2 :/dev/sdc1 #removable -fstype=ext2 :/dev/hdd
[root@node1 ~]# systemctl restart autofs [root@node1 ~]# systemctl enable autofs Created symlink /etc/systemd/system/multi-user.target.wants/autofs.service → /usr/lib/systemd/system/autofs.service.
因为是按需挂载,你得操作一下让他挂载上
[root@node1 ~]# su - remoteuser1 [remoteuser1@node1 ~]$ ls -l total 0 [remoteuser1@node1 ~]$ ls -a . .. .bash_logout .bash_profile .bashrc [remoteuser1@node1 ~]$ mount
-
配置 /var/tmp/fstab 权限
[root@node1 ~]# cp /etc/fstab /var/tmp/fstab [root@node1 ~]# setfacl -m u:harry:--- /var/tmp/fstab [root@node1 ~]# setfacl -m u:natasha:rw- /var/tmp/fstab 确认一下 [root@node1 ~]# getfacl /var/tmp/fstab getfacl: Removing leading '/' from absolute path names # file: var/tmp/fstab # owner: root # group: root user::rw- user:natasha:rw- user:harry:--- group::r-- mask::rw- other::r--
-
配置用户 manalo ,其用户 ID 为 3533。此用户的密码应当为 flectrag
[root@node1 ~]# useradd -u 3533 manalo [root@node1 ~]# echo flectrag | passwd --stdin manalo Changing password for user manalo. passwd: all authentication tokens updated successfully.
-
查找字符串 查找文件 /usr/share/xml/iso-codes/iso_639-3.xml 中包含字符串 ng 的所有行。 将所有这些行的副本按原始顺序放在文件 /root/list 中。 /root/list 不得包含空行,且所有行必须是/usr/share/xml/iso-codes/iso_639-3.xml 中原始行的 确切副本。
[root@node1 ~]# grep ng /usr/share/xml/iso-codes/iso_639_3.xml>/root/list
-
查找文件 查找当 jacques 所有的所有文件并将其副本放入 /root/findfiles 目录
[root@servera ~]# mkdir /root/findfiles [root@servera ~]# find / -user jacques -exec cp -a {} /root/findfiles \; [root@servera ~]ll /root/findfiles
-
创建一个名为 /root/backup.tar.gz 的 tar 存档,其应包含 /usr/local 的 tar 存档,其应包含 /usr/local 的内容。该 tar 存档必须使用 gzip 进行压缩
-c表示创建,-x表示提取。z表示gzip格式,j为bzip2,J为xz格式
[root@node1 ~]# tar -czvf /root/backup.tar.gz /usr/local
-
node2:调整逻辑卷大小
[root@node2 ~]# lsblk NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT vda 252:0 0 10G 0 disk ├─vda1 252:1 0 1M 0 part ├─vda2 252:2 0 100M 0 part /boot/efi └─vda3 252:3 0 9.9G 0 part / vdb 252:16 0 4G 0 disk ├─vdb1 252:17 0 510M 0 part │ └─myvol-vo 253:1 0 184M 0 lvm /reports └─vdb2 252:18 0 512M 0 part └─vgroup-swap 253:0 0 256M 0 lvm [SWAP] vdc 252:32 0 10G 0 disk [root@node2 ~]# lvextend -L 230M /dev/myvol/vo Rounding size to boundary between physical extents: 232.00 MiB. Size of logical volume myvol/vo changed from 184.00 MiB (46 extents) to 232.00 MiB (58 extents). Logical volume myvol/vo successfully resized. [root@node2 ~]# resize2fs /dev/myvol/vo resize2fs 1.45.4 (23-Sep-2019) Filesystem at /dev/myvol/vo is mounted on /reports; on-line resizing required old_desc_blocks = 2, new_desc_blocks = 2 The filesystem on /dev/myvol/vo is now 237568 (1k) blocks long.
-
node2:添加交换分区
[root@node2 ~]# fdisk /dev/vdb Welcome to fdisk (util-linux 2.32.1). Changes will remain in memory only, until you decide to write them. Be careful before using the write command. Command (m for help): n Partition type p primary (2 primary, 0 extended, 2 free) e extended (container for logical partitions) Select (default p): p Partition number (3,4, default 3): First sector (2095106-8388607, default 2097152): Last sector, +sectors or +size{K,M,G,T,P} (2097152-8388607, default 8388607): +756M Created a new partition 3 of type 'Linux' and of size 756 MiB. Command (m for help): w The partition table has been altered. Syncing disks. [root@node2 ~]# lsblk NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT vda 252:0 0 10G 0 disk ├─vda1 252:1 0 1M 0 part ├─vda2 252:2 0 100M 0 part /boot/efi └─vda3 252:3 0 9.9G 0 part / vdb 252:16 0 4G 0 disk ├─vdb1 252:17 0 510M 0 part │ └─myvol-vo 253:1 0 232M 0 lvm /reports ├─vdb2 252:18 0 512M 0 part │ └─vgroup-swap 253:0 0 256M 0 lvm [SWAP] └─vdb3 252:19 0 756M 0 part (就多了这个756M的分区) vdc 252:32 0 10G 0 disk
[root@node2 ~]# mkswap /dev/vdb3 Setting up swapspace version 1, size = 756 MiB (792719360 bytes) no label, UUID=07e3397d-c608-4e15-9094-92501fa78567 [root@node2 ~]# swapon /dev/vdb3 [root@node2 ~]# vi /etc/fstab [root@node2 ~]# cat /etc/fstab # # /etc/fstab # Created by anaconda on Thu Apr 23 05:11:56 2020 # # Accessible filesystems, by reference, are maintained under '/dev/disk/'. # See man pages fstab(5), findfs(8), mount(8) and/or blkid(8) for more info. # # After editing this file, run 'systemctl daemon-reload' to update systemd # units generated from this file. # UUID=3cd0d4ca-93f6-423b-a469-70ab2b10b667 / xfs defaults 0 0 UUID=399C-0F7D /boot/efi vfat defaults,uid=0,gid=0,umask=077,shortname=winnt 0 2 /dev/myvol/vo /reports ext4 defaults 0 0 /dev/vgroup/swap none swap defaults 0 0 /dev/vdb3 swap swap defaults 0 0 (添加这一行) [root@node2 ~]# free -m total used free shared buff/cache available Mem: 1826 186 1421 16 218 1479 Swap: 1011 0 1011
-
创建逻辑卷
[root@node2 ~]# fdisk /dev/vdb Welcome to fdisk (util-linux 2.32.1). Changes will remain in memory only, until you decide to write them. Be careful before using the write command. Command (m for help): n Partition type p primary (3 primary, 0 extended, 1 free) e extended (container for logical partitions) Select (default e): p Selected partition 4 First sector (2095106-8388607, default 3645440): Last sector, +sectors or +size{K,M,G,T,P} (3645440-8388607, default 8388607): Created a new partition 4 of type 'Linux' and of size 2.3 GiB. Command (m for help): w The partition table has been altered. Syncing disks. [root@node2 ~]# lsblk NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT vda 252:0 0 10G 0 disk ├─vda1 252:1 0 1M 0 part ├─vda2 252:2 0 100M 0 part /boot/efi └─vda3 252:3 0 9.9G 0 part / vdb 252:16 0 4G 0 disk ├─vdb1 252:17 0 510M 0 part │ └─myvol-vo 253:1 0 232M 0 lvm /reports ├─vdb2 252:18 0 512M 0 part │ └─vgroup-swap 253:0 0 256M 0 lvm [SWAP] ├─vdb3 252:19 0 756M 0 part [SWAP] └─vdb4 252:20 0 2.3G 0 part vdc 252:32 0 10G 0 disk [root@node2 ~]# pvcreate /dev/vdb4 Physical volume "/dev/vdb4" successfully created. [root@node2 ~]# vgcreate -s 16M qagroup /dev/vdb4 Volume group "qagroup" successfully created [root@node2 ~]# lvcreate -l 60 -n qa qagroup Logical volume "qa" created. [root@node2 ~]# mkfs.ext3 /dev/qagroup/qa mke2fs 1.45.4 (23-Sep-2019) Creating filesystem with 245760 4k blocks and 61440 inodes Filesystem UUID: 49c53367-1c77-46f3-9ebb-cecbd52de012 Superblock backups stored on blocks: 32768, 98304, 163840, 229376 Allocating group tables: done Writing inode tables: done Creating journal (4096 blocks): done Writing superblocks and filesystem accounting information: done [root@node2 ~]# vi /etc/fstab 添加这一行:/dev/qagroup/qa /mnt/qa ext3 defaults 00 [root@node2 ~]# mkdir -p /mnt/qa [root@node2 ~]# mount -a
-
node2:创建vdo卷
[root@node2 ~]# yum install -y vdo kmod-kvdo [root@node2 ~]# systemctl start vdo [root@node2 ~]# systemctl enable vdo [root@node2 ~]# man vdo create /EXAMPLE 把这行复制出来 vdo create --name=vdo0 --device=/dev/sdb1 --vdoLogicalSize=10T 修改为 vdo create --name=vdough --device=/dev/vdc --vdoLogicalSize=50G执行 [root@node2 ~]# vdo create --name=vdough --device=/dev/vdc --vdoLogicalSize=50G Creating VDO vdough The VDO volume can address 6 GB in 3 data slabs, each 2 GB. It can grow to address at most 16 TB of physical storage in 8192 slabs. If a larger maximum size might be needed, use bigger slabs. Starting VDO vdough Starting compression on VDO vdough VDO instance 0 volume is ready at /dev/mapper/vdough [root@node2 ~]# mkfs.xfs /dev/mapper/vdough meta-data=/dev/mapper/vdough isize=512 agcount=4, agsize=3276800 blks = sectsz=4096 attr=2, projid32bit=1 = crc=1 finobt=1, sparse=1, rmapbt=0 = reflink=1 data = bsize=4096 blocks=13107200, imaxpct=25 = sunit=0 swidth=0 blks naming =version 2 bsize=4096 ascii-ci=0, ftype=1 log =internal log bsize=4096 blocks=6400, version=2 = sectsz=4096 sunit=1 blks, lazy-count=1 realtime =none extsz=4096 blocks=0, rtextents=0 [root@node2 ~]# [root@node2 ~]# udevadm settle [root@node2 ~]# mkdir /vbread [root@node2 ~]# vim /etc/fstab /dev/mapper/vdough /vbread xfs defaults,x-systemd.requires=vdo.service 0 0 [root@node2 ~]# mount -a
-
node2配置系统调优
[root@node2 ~]# tuned-adm active Current active profile: throughput-performance [root@node2 ~]# tuned-adm recommend virtual-guest [root@node2 ~]# tuned-adm profile virtual-guest [root@node2 ~]# tuned-adm active Current active profile: virtual-guest
-
创建一个名为 myresearch 的脚本 ,该脚本放置在/usr/bin 下 ,该脚本用来查找/usr 下所有小于 10m 且具有修改组 ID 权限的文件,将这些文件放置于 /root/myfiles 下
[root@servera ~]# cd /root [root@servera ~]# mkdir myfiles [root@servera ~]# ls anaconda-ks.cfg myfiles original-ks.cfg [root@servera ~]# cd /usr/bin [root@servera bin]# vi myresearch #!/bin/bash find /usr -size -10M -perm /g=s -exec cp -a {} /root/myfiles \; [root@servera bin]# chmod 777 myresearch [root@servera bin]# myresearch [root@servera bin]# cd /root/myfiles [root@servera myfiles]# ls locate ssh-keysign utempter write
-
创建一个名为 newsearch 的脚本 该脚本放置在/usr/bin 下 该脚本用来查找/usr 下所有大于 30k,但是小于 50k 且具有 SUID 权限的文 件,将这些文件放置于/root/newfiles 下
[root@servera ~]# cd /root [root@servera ~]# mkdir newfiles [root@servera ~]# ls anaconda-ks.cfg myfiles newfiles original-ks.cfg [root@servera ~]# cd /usr/bin [root@servera bin]# vi newsearch #!/bin/bash find /usr -size +30k -size -50k -perm /u=s -exec cp -a {} /root/newfiles \; [root@servera bin]# chmod 777 newsearch [root@servera bin]# newsearch [root@servera bin]# cd /root/newfiles/ [root@servera newfiles]# ls chfn cockpit-session passwd umount unix_chkpwd userhelper [root@servera newfiles]#
-
设置默认权限 用户 student 在 servera 上,所有新创建的文件都应具有-r--r--r--的默认权 限 此用户的所有新创建目录应具有 dr-xr-xr-x 的默认权限
[root@servera ~]# su - student [student@servera ~]$ umask 0002 [student@servera ~]$ vi ~/.bashrc [student@servera ~]$ cat ~/.bashrc 末尾添加这句话 umask 222 [student@servera ~]$ umask 0002 [student@servera ~]$ su - root Password: Last login: Tue Oct 17 19:56:49 GMT 2023 from 172.25.250.250 on pts/0 [root@servera ~]# su - student Last login: Tue Oct 17 20:30:00 GMT 2023 from 172.25.250.250 on pts/0 [student@servera ~]$ umask 0222 [student@servera ~]$ mkdir bbb [student@servera ~]$ ll total 0 -r--r--r--. 1 student student 0 Oct 17 20:32 aaa dr-xr-xr-x. 2 student student 6 Oct 17 20:32 bbb
-
配置一个应用: 配置一个应用 rhcsa 这个应用以 student 身份运行时,会显示一个字符串 This is a rhcsa
[root@servera ~]# su - student [student@servera ~]$ vi ~/.bashrc 末尾添加: alias rhcsa='echo This is a rhcsa' [student@servera ~]$ source ~/.bashrc [student@servera ~]$ su root Password: [root@servera student]# su - student Last login: Tue Oct 17 20:31:22 GMT 2023 on pts/0 [student@servera ~]$ rhcsa This is a rhcsa
-
配置新建用户密码过期时间 要求新创建用户密码过期时间为 20 天
[root@serverb ~]#vim /etc/login.defs PASS_MAX_DAYS 20 [root@serverb ~]#useradd test [root@serverb ~]#chage –l test Maximum number of days between password change : 20
-
查找对应权限的文件,并保存至/root/bak 目录中 查找/usr 目录中,文件权限为 4755,并且文件大于 50k,小于 10M 的文件,复制至/root/bak 目录中
[root@servera ~]# mkdir /root/bak [root@servera ~]# ls anaconda-ks.cfg bak myfiles newfiles original-ks.cfg [root@servera ~]# find / -perm 4755 -size +50k -size -10M -exec cp -a {} /root/bak \; find: ‘/proc/1574/task/1574/fd/5’: No such file or directory find: ‘/proc/1574/task/1574/fdinfo/5’: No such file or directory find: ‘/proc/1574/fd/6’: No such file or directory find: ‘/proc/1574/fdinfo/6’: No such file or directory [root@servera ~]# cd /root/bak [root@servera bak]# ls at chage crontab gpasswd mount.nfs newgrp
-
sysmgr 组成员设置 sudo 权限 将 sysmgrs 组所有成员配置拥有 sudo 命令的执行权限,且执行 sudo 命令时无需输入密码验证。
[root@servera ~]# visudo 找到#wheel 所在行,复制修改 ## Same thing without a password %wheel ALL=(ALL) NOPASSWD: ALL %sysmgrs ALL=(ALL) NOPASSWD: ALL
-
容器
如何又快又好的完成容器题目 (10分钟内) 修改日志服务配置 vim /etc/systemd/journald.conf ------------------ Storage=persistent 然后重启日志服务: systemctl restart systemd-journald #使用ssh登录wallah用户 ssh wallah@node1 出现提示:yes #按照题意拷贝日志文件到指定目录 cp -a /var/log/journal/*/*.journal /home/wallah/container_logfile/ (会报告权限异常,我们先不管 ,cd到目标文件夹下检查一下,如果有一个文件就是成功了不用管了。否则重启日志服务,过程中会警告随便选个数字密码不用输回车回车,然后再执行一次) #登录注册服务器搜索镜像仓库 podman login registry.domain250.example.com/ (注意example.com后面一定要加上/) podman search registry.domain250.example.com/ (注意example.com后面一定要加上/) #拉取题目要求的镜像 podman pull registry.domain250.example.com/rhel8/rsyslog ! 练习环境中, 如果拉取镜像时显示manifest unknow ! 可以多等一会儿再重试, 实在不行再回到foundation0, 执行 rht-vmctl restart utility 重启ulitity虚拟机 ! 需要耐心等待虚拟机完全启动注册服务 ! 然后尝试重新登录和拉取镜像 #创建并运行容器 podman run -itd --name logserver -v /home/wallah/container_logfile:/var/log/journal:Z registry.domain250.example.com/rhel8/rsyslog #查看容器 #podman ps (看看成功没有) 创建用户级系统服务并配置自启动 #创建用户级系统服务 podman stop logserver mkdir -p ~/.config/systemd/user cd ~/.config/systemd/user podman generate systemd -n logserver -f ! 这里可以查看生成的单元文件, 检查配置是否符合题目要求 # 加载服务单元文件 systemctl --user daemon-reload # 测试服务启停功能 systemctl --user status container-logserver ! 应该显示loaded+inactive systemctl --user start container-logserver systemctl --user status container-logserver ! 应该显示active(running) systemctl --user stop container-logserver systemctl --user status container-logserver ! 应该显示inactive(dead) ! 这里一定要测试服务是否可以正常启动和关闭, 并且状态是正常显示的 ! 如果状态出现fail字样, 可以手动停止容器再启动服务, 或者手动启动容器再关闭服务, 直到状态不为fail # 配置服务自启动 systemctl --user enable container-logserver loginctl enable-linger #重启验证服务是否可以自启动 exit reboot ssh root@node1 ssh wallah@node1 podman ps ----- 完成
容器: