|
???0.确认Selinux 在开启状态(enforcing)1.系统正常启动并默认进入runlevel 5 的X 模式,保证root通过密码redhath可以正常登录。2.根据本机的设备号静态设置ip为192.168.0.X/255.255.255.0,网关为192.168.0.254,主机名为stuX.uplooking.com,默认DNS解析服务器为192.168.0.2543.划分一个500M的分区,挂到/common目录下,其文件系统类型为ext3,并将/home所在的文件系统缩减为200M4.创建admin,dbuser和users组#groupadd admin#groupadd dbuser#groupadd users5.用户user1,附加组属于admin和users组,user2,附加组为admin和dbuser组,user3不属于admin组并不可在终端上登录#useradd user1 -G admin,users#useradd user2 -G admin,dbuser#useradd user3 -s /sbin/nologin6./common目录下创建adm目录,所有者为root,所属组为admin组#mkdir adm#chown root.admin adm7.任何人在/common/adm目录下创建文件是都属于admin组,并且此目录下的文件只能由创建者和root删除#chmod 777 adm //备注:这步可以不操作,mark邮件和我说的。#chmod g+s adm#chmod o+t adm8.把/etc/hosts文件复制到/common/adm下,所有都和所有组为root,保证user1对该文件有读写权限,user2用户没有任何权限,以后新加用户对此文件有读权限#vim /etc/fstabdefaults,acl#umount /common#mount -a#setfacl -m u:user1:rw- hosts#setfacl -m u:user2:--- hosts#getfacl hosts9.admin组中的成员都可以收到发给admin组的邮件,发给user3的邮件会自动抄送给user1#vim /etc/aliasesadmin:user1,user2user3:user1,user310.设置本服务器加入由192.168.0.254提供的名字为RHCE的NIS域#setupUse NIS ====>Domain:xxxxxxxx Server:xxxxxxxx11.当NIS域用户nisuser1登录的时候可以自动挂接其在192.168.0.254上的家目录/home/nisuser/nisuser1(192.168.0.254上NFS服务目录已成功导出)#vim /etc/auto.master/home/nisuser/etc/auto.misc#vim /etc/auto.msic*-rw192.168.0.254:/home/nisuser/&#chkconfig autofs on#service autofs start12.在nfs://server1:/var/ftp/pub/kernel目录下有新的内核,请下载并升级内核,在系统开机时使用新内核启动系统#rpm xxxxxx.rpm#vim /boot/grub/grub.confdefault=new_kernel_id13.设置打印机,配置IPP网络打印机,并且测试通过15.设置时间与server1服务器同步16.smb共享系统/common目录为标签sharesmb,为不可见共享,只有uplooking.com域可以访问,smb用户user1可以通过密码redhat读写此目录 工作组为GROUP#yum -y install samba*#chkconfig smb on#vim /etc/samba/smb.confworkgroup = GROUPhosts allow = 192.168.0.[sharesmb]comment = xxxxxxxxxxxxxxpath = /commonpublic = nowritable = yesprintable = nowrite list = user1browseable = no#smbpasswd -a user1#chgrp admin /common#chmod g+w /common#chcon -t samba_share_t /common#service portmap restart#service smb start17.nfs共享/common,保证只有uplooking.com域可以读写#yum -y install nfs*#vim /etc/exports/common192.168.0.0/255.255.255.0(rw)#chkconfig nfs on#service portmap restart#service nfs start#chmod o+w /common(这里要注意:必须给o对目录写入权限,否则我们用其他账户测试时候,是不可以写入东西的,除user1,user2外,因为我们在上面题目中,已经设置common目录组为admin,而user1,user2隶属于admin组)#mount 192.168.6.0.100:/common /opt#ssh [email protected](最好,再用一个不属于admin组的成员测试下,千万不要使用root测试,因为root账户会变成nfsnobody)18.配置web服务器监听80端口,域名stuX.uplooking.com的本地根目为/var/www/html,将index.html下载并存放到网站主目录下#yum -y install httpd*#chkconfig httpd on#service httpd start#cd /var/www/html#wget http://xxxx.xxxxx.com/xxx/index.html#lynx http://192.168.0.100/19.实现ftp服务器,只有uplooking.com域的用户可以访问,不允许user1用户登录#yum -y install vsftpd#chkconfig vsftpd on#service vsftpd start#vim /etc/vsftpd/ftpusersuser1#vim /etc/vsftpd/vsftpd.confchroot_list_enable=YESchroot_list_file=/etc/vsftpd/chroot_list#setsebool -P ftp_home_dir=1#vim /etc/hosts.denyvsftpd:ALL EXCEPT192.168.0.#lftp [email protected].实现ssh服务,windows.com域不能访问#vim /etc/hosts.denysshd:192.168.1.21.实现pop服务,windows.com域不能访问#yum -y install dovecot#chkconfig dovecot on#vim /etc/dovecot.conflisten = [*]#service dovecot start#iptables -L -n#iptables -A INPUT -s 192.168.1.0/24 -p tcp --dport 109 -j REJECT#iptables -A INPUT -s 192.168.1.0/24 -p udp --dport 109 -j REJECT#iptables -A INPUT -s 192.168.1.0/24 -p tcp --dport 110 -j REJECT#iptables -A INPUT -s 192.168.1.0/24 -p udp --dport 110 -j REJECT#iptables -A INPUT -s 192.168.1.0/24 -p tcp --dport 995 -j REJECT#iptables -A INPUR -s 192.168.1.0/24 -p udp --dport 995 -j REJECT#service iptables save22.实现sendmail,可以在localhost和其他机器连接本机发信#yum -y install sendmail*#chkconfig sendmail on#cd /etc/mail/#cp sendmail.mc sendmail.mc.org#cp sendmail.cf sendmail.cf.org#vim sendmail.mc127.0.0.1============>0.0.0.0#vim local_host_namexxxxx.com//备注:这里表示最后一站的含义#vim accessConnect:0.0.0.0RELAY#service sendmail restart#service dovecot restart23.实现squid,更改端口为8080,只能让uplooking.com域能访问#yum -y install squid#chkconfig squid on#vim /etc/squid/squid.confhttp_port 3128 ==========>8080acl rhce src 192.168.6.0/24http_access allow rhce#service squid start26.实现user1 在16:01 显示 hi ! #su - user1#crontab -e01 16* * * echo hi27.允许进行数据包转发 sysctl.conf#vim /etc/sysctl.confnet.ipv4.tcp_forward=1#echo 1 > /proc/sys/net/ipv4/ip_forward28.你的邮件服务器可以从远程和本地接收邮件,user1用户可以从远程接收邮件,user1用户默认邮件保存目录为/var/spool/mail/user1#echo /etc/mail/accessConnect:0.0.0.0RELAY29.配置quota,使user1在其家目录中能成功创建60K文件,但不能创建90K的文件#vim /etc/fstabXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX defaults,usrquota,grpquota#mount -o remount /home#mount -a #mount | grep home#quotacheck -cvug /home#ls /home#edquota -u user1X80140170X00#qutaon /home#echo "quotaon /home" >>/etc/rc.local24.实现imaps,只有uplooking.com能使用,并且设置dovocet的imaps key !(附加题)#cd /etc/pki/dovecot#mv certs/dovecot.pem certs/dovecot.pem.org#mv private/dovecot.pem private/dovecot.pem.org#vim /etc/pki/dovecot/dovecot-openssl.cnf#/usr/share/doc/dovecot-1.0.7/examples/mkcert.sh#vim /etc/dovecot.confssl_disable=nossl_cert_file=XXXXXXXXXXXXXssl_key_file=YYYYYYYYYYYYYlisten [*]#service dovecot restart#mutt -f imaps://[email protected]#iptables -A INPUT ! -s 192.168.6.0/24 -p tcp --dport 993 -j REJECT#iptables -A INPUT ! -s 192.168.6.0/24 -p udp --dport 993 -j REJECT#service iptables save#service iptables restart30.配置虚拟主机wwwX.uplooking.com其根目录为/var/www/wwwX.uplooking.com. 目录/var/www/html/input,只能bob用户密码bobpass上传文件。(之前的主机仍可用)#vim /etc/httpd/conf/httpd.confNameVirtualHost *:80<VirtualHost *:80>ServerAdmin [email protected] /var/www/htmlServerName stux.uplooking.comErrorLog logs/stux.uplooking.com-error_logCustomLog logs/stux.uplooking.com-access_logcommon<Directory "/var/www/html/input">options noneALlowoverride Authconfig</Directory></VirtualHost *:80><VirtualHost *:80>ServerAdmin [email protected] /var/www/wwwx.uplooking.comServerName wwwx.uplooking.comErrorLog logs/wwwx.uplooking.com-error_logCustomLog logs/wwwx.uplooking.com-access_logcommon</VirtualHost *:80>#cd /var/www/html#mkdir input#cd input#vim .htaccessAuthName "welcome to our website!"AuthTypebasicAuthUserFile /var/www/html/.passwd.conf<limit GET>require user bob</limit><limit PUT POST>require usr bob</limit>#htpasswd -c /var/www/html/.passwd.conf bobpasswd:xxxxxx#service httpd restart31.配置虚拟主机wwwX.uplooking.com其根目录为/var/www/wwwX.uplooking.com. user1用户对/var/www/html/input有写入权限。(之前的主机仍可用)#vim /etc/httpd/conf/httpd.conf<VirtualHost *:80>ServerAdmin [email protected] /var/www/wwwx.uplooking.comServerName wwwx.uplooking.comErrorLog logs/wwwx.uplooking.com-error_logCustomLog logs/wwwx.uplooking.com-access_logcommon</VirtualHost *:80>#chgrp admin iput#chmod g+w
(以上内容不代表本站观点。) --------------------------------- |
本網站是"非商業"(non-commercial)。
