Download - RHCE¿¼ÊÔÌâ¿â (1)
-
7/28/2019 RHCE (1)
1/22
2.vim /etc/sysconfig/network
HOSTNAME=
3. Selinux Enforcing vim /etc/selinux/config
SELINUX=enforcing
sestatus
4. iptables iptables -F
/etc/init.d/iptables save
iptables -L()
chkconfig iptables on
5.(TCP/IP,GATEWAY,DNS)setup
/etc/init.d/network restart
6.Yum , dialog cp /etc/yum.repos.d/rhel-debuginfo.repo /etc/yum.repos.d/a.repovim /etc/yum.repos.d/a.repo
yum clean allYUM
yum list YUM
yum install dialog y
7., 500MB,/data ,, QUOTA( ) ACL( ) : , 1G=1024MB, 1G=1000MB ,, 500MB fdisk l
fdisk /dev/sda
partprobe
mke2fs -j /dev/sda
mkdir /data
echo "/dev/sda /data ext3 usrquota,grpquota,acl 0 0" >> /etc/fstab
mount a
df h
-
7/28/2019 RHCE (1)
2/22
-
7/28/2019 RHCE (1)
3/22
cd /share
mkdir test
a. grp1chgrp grp1 test
b.grp1 ,,c. test (SGID)chmod 2775 test B C
17. ftp://server1.example.com/pub/update ,,,wget ftp://server1.example.com/pub/update/*.rpm
rpm -ivh *.rpm
vim /etc/grub.conf
default=0
18. IP Forward ()vim /etc/sysctl.conf
net.ipv4.ip_forward = 1
sysctl p
19., server1.example.com, stationx(x station)/etc/init.d/cups start
chkconfig cups on --ipp --
-- --
20., usr-2 14:30 /bin/echo good_luckcrontab -eu usr-2
30 14 * * * /bin/echo good_luck
/etc/inid.t/crond restart
chkconfig crond on
crontab -lu usr-2
21. NIS , NIS server1.example.com NIS ,NIS rhcss NIS stationx(x station )authconfig-tui
NIS :rhcss :server1.example.com
:yptest
22. autofs , NIS ,server1.example.com NFS :/rhome/stationx(x station ) :/rhome( station1,/rhome/station1)
-
7/28/2019 RHCE (1)
4/22
vim /etc/auto.master
/rhome /etc/auto.nis
cp /etc/auto.misc /etc/auto.nis
vim /etc/auto.nis
stationX rw,soft,intr server1.example.com:/rhome/stationX/etc/init.d/autofs restart
chkconfig autofs on
su shell
23./etc/fstab /var/tmp ,cp /etc/fstab /var/tmp
a./var/tmp/fstab rootb. rootcd /var/tmp
chown root:root fstab
c. fstab chmod a-x fstab
d. usr-1 ,setfacl -m u:usr-1:rw fstab
e. usr-2 setfacl -m u:usr-2:-- fstab
f.chmod a+r fstab
ll getfacl fstab
24. example.com ssh 25. hack.org ssh vim /etc/hosts.deny
sshd:172.25.0.0/255.255.0.0
26. pop3 yum install dovecot -y
vim /etc/dovecot.conf
20 protocols = imap imaps pop3 pop3s
/etc/init.d/dovecot restart
chkconfig dovecot on
27. SMTP,yum install sendmail-* -y
yum install m4 y
cd /etc/mail
vim sendmail.mc
116 127.0.0.1 0.0.0.0m4 sendmail.mc>sendmail.cf
-
7/28/2019 RHCE (1)
5/22
vim local-host-names
stationX.example.com
/etc/init.d/sendmail restart
mutt -f imap://[email protected]
28. example.com pop3 29. hack.org pop3 iptables -A INPUT -p tcp -s 172.25.0.0/16 --dport 110 -j REJECT
iptables -A INPUT -p udp-s 172.25.0.0/16 --dport 110 -j REJECT
iptables -A INPUT -p tcp -s 172.25.0.0/16 --dport 993 -j REJECT
/etc/init.d/iptables save
30., usr-2 usr-1 vim /etc/aliases
# General redirections for pseudo accounts.
usr-1: usr-2
newaliases
31. IMAPS ,vim /etc/dovecot.conf
91 92
a.IMAPS example.com ,IMAPS :cd /etc/pki/tls/certsmake dovecot.pem
dovecot.pem
b. country.state.locality.organizationc.Organizational unit rhcec.Common Name stationx.example.com(x station ). [email protected](x station ) dovecot.pem /etc/dovecot 91 92
cp dovecot.pem /etc/pki/dovecot/private/
cp dovecot.pem /etc/pki/dovecot/certs/
/etc/init.d/dovecot restart
mutt -f imaps://[email protected]
32. ftp yum install vsftpd y
/etc/init.d/vsftpd restart
chkconfig vsftpd on
33. hack.org ftp vim /etc/hosts.denyvsftpd:172.25.0.0/255.255.0.0
-
7/28/2019 RHCE (1)
6/22
34. Samba ,yum install samba y
cd /etc/samba/
cp smb.conf smb.conf.old samba vim smb.conf
a. SMB rhce74 workgroup = rhce
b. rhce-share
[rhce-share]
path = /share
valid users = usr-1
c./share d.rhce-share e. example.com Samba 80 hosts allow = 127. 172.24.0.( )
f. usr-1 redhat smbpasswd -a usr-1
chcon -t samba_share_t /share selinux SMB
/etc/init.d/smb restart
Smbclient //172.24.0.13/rhce-share -U usr-1
35. NFS ,/share, example.com vim /etc/exports/share 172.24.0.0/24(ro,sync)
/etc/init.d/nfs restart
NFS /etc/init.d/portmap start
chkconfig nfs on
showmount e
36. apache ,yum install httpd-* -y
a. stationx.example.com apache (x station )cd /var/www/html/
wget http://server1.example.com/pub/test.html
b. http://server1.example.com/pub/test.htmlvim /etc/httpd/conf/httpd.conf
985
ServerAdmin [email protected]
DocumentRoot /var/www/html
ServerName station13.example.com
DirectoryIndex test.html
/etc/init.d/httpd restart
http://server1.example.com/pub/test.htmlhttp://server1.example.com/pub/test.html -
7/28/2019 RHCE (1)
7/22
37. apache ,a.DocumentRoot /var/www/virtb. http://server1.example.com/pub/virt.html cd /var/www/virt/wget http://server1.example.com/pub/virt.html
vim /etc/httpd/conf/httpd.conf
985
ServerAdmin [email protected]
DocumentRoot /var/www/virt
ServerName www13.example.com
DirectoryIndex virt.html
/etc/init.d/httpd restart
c. http://wwwx.example.com(x station )d. usr-2 /var/www/virt cd /var/www/
setfacl -m u:usr-2:rwx virt/
su usr-2 virt
38. Squid ,yum install squid -y
a. Squid 8080vim /etc/squid/squid.conf
921 8080
b. example.com Squid 574 acl example src 172.24.0.0/255.255.255.0
637 http_access allow example DENY
/etc/init.d/squid restart
chkconfig squid on
39. NTP server1.example.com
RHCT 3.5 3.5 my133t.org 172.25.0.0/255.255.0.0 my133t.org example.com 172.24.0.0/255.255.0.0
YUM YUM :
http://server1.example.com/pub/virt.htmlhttp://server1.example.com/pub/virt.html -
7/28/2019 RHCE (1)
8/22
http//server1.example.com/pub/server rW9ySX
IP 172.24.0.XX :255.255.0.0;172.24.254.254DNS:172.24.254.254
vim /etc/hosts172.24.X.X stationX.example.com stationX1 300M/common,
#fdisk /dev/sdapn+300Mw#partprobe#mkfs.ext3 /dev/sda5#mkdir /common#mount /dev/sda5 /common#df -TH#vim /etc/fstab/dev/sda5 /common ext3 defaults 0 0
/dev/sda5
21. e2label /dev/sda5 common
2. echo -e "LABEL=common \t /common \t ext3 \t defaults \t 1
1" >>/etc/fstab
3echo "mount /dev/sda5 /common" >>/etc/rc.local
2 sysusers
andrew sysusers susan sysusers brad shell sysusers
Andrewsusan brad password groudadd sysusersuseradd -G sysusers andrewuseradd -G sysusers susanuseradd -s /sbin/nologin brad
echo password | passwd --stdin andrewecho password | passwd --stdin susan
-
7/28/2019 RHCE (1)
9/22
echo password | passwd --stdin braduseradd brad vim /etc/passwd brad /sbin/nologin
3 /common/staff /common/staff sysusers sysusers /common/staff
mkdir -p /common/staffchgrp sysusers /common/staff ll -d /common/staffchmod g+w /common/staff;chmod 771 /common/staff ll -d /common/staffchmod g+s /common/staff ll -d /common/staff4. ftp://seerver1.example.com/pub/updates kernel kernel kernel kernel cd /rootmkdir tmp
cd tmpftp server1.example.comftpanonymousgetrpm ivh rpm -ivhftp://seerver1.example.com/pub/updates/kernel* vim /etc/grub.conf vim /boot/grub/grub.conf default=num default=0 1 default=1 2 5 IP Forwarding
vim /etc/syctl.comf net.ipv4.ip_forward=00 1
sysctl -p sysctl.conf cat /proc/sys/net/ipv4/ip_forward
6 IPP(CUPS)
server1.example.com
stationXX Generic-text-only
-
7/28/2019 RHCE (1)
10/22
system-config-printerprinter namestationXdeiveinternet Printing Protocal(ipp)hostnameserver1.example.comprinter namestationXprinter typeGnericText-only printer
make default printerecho I am stationX. | lprlpqlprm
7 andrew 15:25 /bin/echo hello
crontab -u andrew -e crontab25 15 * * * /bin/echo hello service crond restart#yum install vixie-cron#service crond start#chkconfig crond on#chkconfig --list crond#chkconfig --add crond
#crontab u andrew e25 15 * * * /bin/echo hello
8172.24.254.254 NIS notexample nisuserX X
autofs NIS password nis 1authconfig-tui2 NIS3notexample172.24.254.2544 NIS #getent passwd nis 5 su nisuserX -bash-3.1$ Systemadministrationauthentication NIS
-
7/28/2019 RHCE (1)
11/22
9 NIS autofs Server1.example.com(172.24.254.254) NFS
/rhome/stationX X nisuserX
Server1.example.com:/rhome/stationX/nisuserX,nisuserX /rhome /rhome/nisuserX
nisuser1 nisuser20 nisuserX station100 nisuser100 server1.example.com:/rhomes/staton100/nisuser100 NFS rhome/nisuser100
1cd /etccp auto.misc rhome.misc
vim /etc/auto.master/rhome /etc/rhome.misc 2vim /etc/rhome.miscstationX -fstype=nfs
172.24.254.254:/rhome/stationX 3service autofs restart autofs4chkconfig autofs on5 su nisuserX [nisuser9@localhost ~]$pwd /rhome/stationX/nisuserX
10/etc/fstab /var/tmp /tmp/fstab /var/tmp/fstab root /var/tmp/fstab root'/var/tmp/fstab /var/tmp/fstab susan /var/tmp/fstab
cp /etc/fstab /var/tmp
-
7/28/2019 RHCE (1)
12/22
chown root:root /var/tmp/fstab chown root /var/tmp/fstab
chgrp root /var/tmp/fstabchmod u-x,g-x,o-x /var/tmp/fstab
vim /etc/fstab/dev/sda2 /var ext3 defaults,usrquota,acl 0 0setfacl -m u:susan:0 /var/tmp/fstabgetfacl /var/tmp/fstabchmod o+r /var/tmp/fstab r getfacl /var/tmp/fstab
11 home 1G, 950M-1050M #lvdisplay
# lvextend -L 1024M /dev/vg0/home#resize2fs p /dev/vg0/home
lvdata, 500MB,1GB
fdisk /dev/sda ID 8e
partprobemke2fs -j /dev/sda()pvcreate /dev/sda()vgdisplay VG vgextend vg /dev/sda()lvresize -L +500M /dev/vg /lvresize2fs /dev/vg/lvdf h
12 server1.example.com NTP
vim /etc/ntp.conf server server server1.example.com
system-config-date
13 andrew 1024K 2048K dd if=/dev/zero of=/home/andrew/test bs=1Kcount=1024
dd if=/dev/zero of=/home/andrew/test bs=1Kcount=2048
-
7/28/2019 RHCE (1)
13/22
#vim /etc/fstab/dev/sda2 /home ext3 defaults,usrquota 0 0#mount -o remount /home#quotacheck c /home #quotacheck -avu#ll /home#edquota -u andrew#quotaon avu#cd home#ll aquota.user andrew dd if=/dev/zero of=/home/andrew/test1 bs=1K
count=1024dd if=/dev/zero of=/home/andrew/ test2 bs=1Kcount=2048#vi /etc /rc.local/sbin/quotaon avug #repquota -avu 14 250M RID0/dev/md1 /dev/md1 /shared
# fdisk /dev/sdanln+250Mt fd wnln+250Mt fd w# partprobe# mdam -C /dev/md1 l 0 n 2 /dev/sda8 /dev/sda9#cat /proc/mdstat raid# mkfs.ext3 /dev/md1# mkdir /shared# mount /dev/md1 /shared# vi /etc/fstab/dev/md1 /shared ext3 defaults 0 0#mount -a# df -TH15 1.6G, 600M
#lvdisplay #umount /resize
-
7/28/2019 RHCE (1)
14/22
#resize2fs f /dev/vg0/resize 600M
#lvreduce L 600M /dev/vg0/resize
#resize2fs p /dev/vg0/resize #mount a
#df TH
1umount / sharel2e2fsck -f /dev/mapper/vg0_lv03 200Mresize2fs -f /dev/mapper/vg0_lv0 200M4e2fsck -f /dev/mapper/vg0_lv05lvresize /dev/vg0/lv0 200M6mount /dev/vg0/lv0 /share17e2fsck -f /share1
16 susan /temp/susan
/temp/susan #mkdir p /temp/susan# find / -user susan -exec cp {} /temp/susan \;
RHCE1SELINUX
vi /etc/sysconfig/selinuxSELINUX=enforcing
:wq
-
7/28/2019 RHCE (1)
15/22
2 SSH Susan example.com ssh My133t.org SSH iptables Fiptables A INPUT s 172.25.0.0/16 j REJECT
service iptables saveservice iptables restartchkconfig iptables on
3 POP3 Brad POP3 example.com my133t.org POP3
iptables A INPUT s ! 172.24.0.0/16 p tcp dport110 j REJECTiptables A INPUT s ! 172.24.0.0/164 p udp dport 110 j REJECTservice iptables save
#yum -y install dovecot*chkconfig dovecot onservice dovecot restartvim /etc/dovecot.conf protocols service dovecot restartgetsebool a | grep dovecotiptables -A INPUT s 172.24.0.0/16 p tcp dport 110
j ACCEPTiptables -A INPUT p tcp dport 110 j REJECTservice iptables saveservice iptables restart
echo hello,tom | mail s hello tomsu tommutt f pop://[email protected]
-
7/28/2019 RHCE (1)
16/22
4 FTP Example.com anonymous Example.com
FTP yum install vsftpd*service vsftpd restartchkconfig vsftpd oniptables A INPUT s ! 172.24.0.0/16 p tcp dport
21 j REJECT
iptables A INPUT s ! 172.24.0.0/164 p udp dport21 j REJECT
service iptables save
yum -y install vsftpdchkconfig vsftpd onservice vsftpd restartgetsebool a | grep ftp
setsebool -P ftp_home_dir 1service vsftpd restartvim /etc/hosts.allow vsftpd: .example.comvim /etc/hosts.deny vsftpd: ALL EXCEPT.example.comnetstat -tulpn | grep vsftpservice iptables saveservice iptables restart
5 SMB /common SMB STAFF
common
example.com browseable Susan
-
7/28/2019 RHCE (1)
17/22
password
yum install samba.i*chkconfig smb on
vim /etc/samba/smb.confcd /etc/sambagrep v ^# smb.conf >smb.con
[common]workgroup = STAFFpath = /commonhosts allow = 172.24.0.0/16browseable = yesguest ok =yes
:wqservice smb restartsmbclient L //172.24.0.9mkdir /commonchcon t samba_share_t /commonuseradd susansmbpasswd a susanvim /etc/samba/smb.conf[homes] valid service smb restart
6 http://stationX.example.com ftp://server1.example.com/pub/rhce/station.html index.html documentroot index.html
yum install httpd
chkconfig httpd onwget
ftp://server1.example.com/pub/rhce/station.htmlcp station.html /var/www/html/index.htmlvim /etc/httpd/conf/httpd.conf ServerName stationX.example.com
chcon -R --reference=/var/www/html/var/www/html/index.html
service httpd restart
7 NFS /common example.com
-
7/28/2019 RHCE (1)
18/22
yum install nfsyum install portmapservice portmap startchkconfig portmap on
chkconfig nfs onvi /etc/exports/common 172.24.0.0/16 (rw,sync):wq
service nfs restartshowmount e nfs 8 MTA acctmgr andrew yum install sendmail*
yum install sendmail-cf*vim /etc/mail/sendmail.mc 127.0.0.1 0.0.0.0m4 sendmail.mc > sendmail.cfvim /etc/mail/local-host-names example.comstationX.example.com chkconfig sendmail onservice sendmail restart
vi /etc/aliaseacctmgr: andrew
:wqnewaliase
9 SMTP Susan
susan /var/spool/mail/susan
-
7/28/2019 RHCE (1)
19/22
-
7/28/2019 RHCE (1)
20/22
Email address [email protected] /ect/dovecot.conf ssl_cert_file = aa.pem ssl_key_file= aa.pem service dovecot restart
iptables A INPUT s ! 172.24.0.0/16 p tcp dport993 j REJECT
iptables A INPUT s ! 172.24.0.0/16 p udp dport 993 j REJECT
service iptables saveyum install dovecotvi /etc/dovecot.conf
protocols = imap imaps pop3 pop3s
:wqchkconfig dovecot on
service dovecot restartcd /etc/pki./tls/certs
make dovecot.pemvi /etc/dovecot.conf
sslssl
:wq
service dovecot restart
2 web 8080 example.com example.com iptables A INPUT s 172.24.0.0/16 j ACCEPT
yum install squidvi /etc/squid/squid.conf
http_port 8080acl all src 0.0.0.0/0.0.0.0()acl allow_ip(acl ) src 172.24.0.0/16http_access allow allow_ip( http_access
deny all )http_access deny all
:wq
service squid restartchkconfig squid on
mailto:%E8%AE%BE%E5%AE%9A%E4%B8%[email protected]:%E8%AE%BE%E5%AE%9A%E4%B8%[email protected]:%E8%AE%BE%E5%AE%9A%E4%B8%[email protected]:%E8%AE%BE%E5%AE%9A%E4%B8%[email protected] -
7/28/2019 RHCE (1)
21/22
cat /var/log/squid/access.log netstat tpnl | grep 8080
3 http://wwwX.example.comX Documentroot /var/www/virtual ftp://server1.example.com/pub/rhce/www.html index.html documentroot index.html
susan /var/www/virtual Setfacl http://stationX.example.com
Server1.example.com DNS wwwX.example.com
wgetftp://server1.example.com/pub/rhce/www.html
mkdir /var/www/virtual
cp www.html /var/www/virtual/index.htmlvi /etc/httpd/conf/httpd.conf
namevirtualhost 172.24.X.X
documentroot /var/www/virtualservername wwwX.example.com
documentroot /var/www/html
servername stationX.example.com
ftp://server1.example.com/pub/rhce/www.htmlftp://server1.example.com/pub/rhce/www.html -
7/28/2019 RHCE (1)
22/22
:wqchcon -R --reference=/var/www/html/var/www/html/index.htmlchcon -R --reference=/var/www/html
/var/www/irtual/index.htmlservice httpd restartchkconfig httpd onvim /etc/fstabcd /var/www/virtualsetfacl m u:susan:rwx virtual setfacl m susan:7 virtualgetfacl virtuallinks wwwX.example.com;links stationX.example.com;ntsysv