阅读背景:

rhce考题

来源:互联网 


0.确认Selinux 在开启状况(enforcing)

1.体系正常启动并默许进入runlevel 5 的X 模式,保证root通过密码redhath可以正常登录。

2.依据本机的装备号静态设置ip为192.168.0.X/255.255.255.0,网关为192.168.0.254,主机名为stuX.uplooking.com,默许DNS解析服务器为192.168.0.254

3.划分一个500M的分区,挂到/common目录下,其文件体系类型为ext3,并将/home所在的文件体系缩减为200M

4.创立admin,dbuser和users组
	#groupadd admin
	#groupadd dbuser
	#groupadd users

5.用户user1,附加组属于admin和users组,user2,附加组为admin和dbuser组,user3不属于admin组其实不可在终端上登录
	#useradd user1 -G admin,users
	#useradd user2 -G admin,dbuser
	#useradd user3 -s /sbin/nologin

6./common目录下创立adm目录,所有者为root,所属组为admin组
	#mkdir adm
	#chown root.admin adm

7.任何人在/common/adm目录下创立文件是都属于admin组,并且此目录下的文件只能由创立者和root删除
	#chmod 777 adm                   //备注:这步可以不操作,mark邮件和我说的。
	#chmod g+s adm
	#chmod o+t adm

8.把/etc/hosts文件复制到/common/adm下,所有都和所有组为root,保证user1对该文件有读写权限,user2用户没有任何权限,以后新加用户对此文件有读权限
	#vim /etc/fstab
		defaults,acl
	#umount /common
	#mount -a
	#setfacl -m u:user1:rw- hosts
	#setfacl -m u:user2:--- hosts
	#getfacl hosts

9.admin组中的成员都可以收到发给admin组的邮件,发给user3的邮件会主动抄送给user1
	#vim /etc/aliases
		admin:	user1,user2
		user3:	user1,user3

10.设置本服务器参加由192.168.0.254供给的名字为RHCE的NIS域
	#setup
		Use NIS ====>Domain:xxxxxxxx    Server:xxxxxxxx

11.当NIS域用户nisuser1登录的时候可以主动挂接其在192.168.0.254上的家目录/home/nisuser/nisuser1(192.168.0.254上NFS服务目录已胜利导出)
	#vim /etc/auto.master
		/home/nisuser	/etc/auto.misc
	#vim /etc/auto.msic
		*	-rw	192.168.0.254:/home/nisuser/&
	#chkconfig autofs on
	#service autofs start

12.在nfs://server1:/var/ftp/pub/kernel目录下有新的内核,请下载并升级内核,在体系开机时应用新内核启动体系
	#rpm xxxxxx.rpm
	#vim /boot/grub/grub.conf
		default=new_kernel_id

13.设置打印机,配置IPP网络打印机,并且测试通过

15.设置时光与server1服务器同步

16.smb同享体系/common目录为标签sharesmb,为不可见同享,只有uplooking.com域可以拜访,smb用户user1可以通过密码redhat读写此目录 工作组为GROUP
	#yum -y install samba*
	#chkconfig smb on
	#vim /etc/samba/smb.conf
		workgroup = GROUP
		hosts allow = 192.168.0.
		[sharesmb]
		comment = xxxxxxxxxxxxxx
		path = /common
		public = no
		writable = yes
		printable = no
		write list = user1
		browseable = no
	#smbpasswd -a user1
	#chgrp admin /common
	#chmod g+w /common
	#chcon -t samba_share_t /common
	#service portmap restart
	#service smb start

17.nfs同享/common,保证只有uplooking.com域可以读写
	#yum -y install nfs*
	#vim /etc/exports
		/common		192.168.0.0/255.255.255.0(rw)
	#chkconfig nfs on
	#service portmap restart
	#service nfs start
	#chmod o+w /common(这里要注意:必需给o对目录写入权限,否则我们用其他账户测试时候,是不可以写入东西的,除user1,user2外,由于我们在上面
		标题中,已设置common目录组为admin,而user1,user2附属于admin组)
	#mount 192.168.6.0.100:/common /opt
	#ssh [email protected]	(最好,再用一个不属于admin组的成员测试下,千万不要应用root测试,由于root账户会变成nfsnobody)

18.配置web服务器监听80端口,域名stuX.uplooking.com的本地根目为/var/www/html,将index.html下载并寄存到网站主目录下
	#yum -y install httpd*
	#chkconfig httpd on
	#service httpd start
	#cd /var/www/html
	#wget https://xxxx.xxxxx.com/xxx/index.html
	#lynx https://192.168.0.100/

19.实现ftp服务器,只有uplooking.com域的用户可以拜访,不准可user1用户登录
	#yum -y install vsftpd
	#chkconfig vsftpd on
	#service vsftpd start
	#vim /etc/vsftpd/ftpusers
		user1
	#vim /etc/vsftpd/vsftpd.conf
		chroot_list_enable=YES
		chroot_list_file=/etc/vsftpd/chroot_list
	#setsebool -P ftp_home_dir=1
	#vim /etc/hosts.deny
		vsftpd:	ALL EXCEPT	192.168.0.
	#lftp [email protected]

20.实现ssh服务,windows.com域不能拜访
	#vim /etc/hosts.deny
		sshd:	192.168.1.

21.实现pop服务,windows.com域不能拜访
	#yum -y install dovecot
	#chkconfig dovecot on
	#vim /etc/dovecot.conf
		listen = [*]
	#service dovecot start
	#	iptables -L -n
	#	iptables -A INPUT -s 192.168.1.0/24 -p tcp --dport 109 -j REJECT
	#	iptables -A INPUT -s 192.168.1.0/24 -p udp --dport 109 -j REJECT
	#	iptables -A INPUT -s 192.168.1.0/24 -p tcp --dport 110 -j REJECT
	#	iptables -A INPUT -s 192.168.1.0/24 -p udp --dport 110 -j REJECT
	#	iptables -A INPUT -s 192.168.1.0/24 -p tcp --dport 995 -j REJECT
	#	iptables -A INPUR -s 192.168.1.0/24 -p udp --dport 995 -j REJECT
	#service iptables save

22.实现sendmail,可以在localhost和其他机器衔接本机发信
	#yum -y install sendmail*
	#chkconfig sendmail on
	#cd /etc/mail/
	#cp sendmail.mc sendmail.mc.org
	#cp sendmail.cf sendmail.cf.org
	#vim sendmail.mc
		127.0.0.1============>0.0.0.0
	#vim local_host_name
		xxxxx.com			//备注:这里表现最后一站的含义
	#vim access
		Connect:0.0.0.0		RELAY
	#service sendmail restart
	#service dovecot restart

23.实现squid,更改端口为8080,只能让uplooking.com域能拜访
	#yum -y install squid
	#chkconfig squid on
	#vim /etc/squid/squid.conf
		http_port 3128  ==========>8080
		acl rhce src 192.168.6.0/24
		http_access allow rhce
	#service squid start

26.实现user1 在16:01 显示 hi ! 
	#su - user1
	#crontab -e
		01 16	* * * echo hi

27.许可进行数据包转发 sysctl.conf
	#vim /etc/sysctl.conf
		net.ipv4.tcp_forward=1
	#echo 1 > /proc/sys/net/ipv4/ip_forward

28.你的邮件服务器可以从远程和本地吸收邮件,user1用户可以从远程吸收邮件,user1用户默许邮件保留目录为/var/spool/mail/user1
	#echo /etc/mail/access
		Connect:0.0.0.0		RELAY

29.配置quota,使user1在其家目录中能胜利创立60K文件,但不能创立90K的文件
	#vim /etc/fstab
		XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX  defaults,usrquota,grpquota
	#mount -o remount /home
	#mount -a 
	#mount | grep home
	#quotacheck -cvug /home
	#ls /home
	#edquota -u user1
		X	80	140	170	X	0	0
	#qutaon /home
	#echo "quotaon /home" >>/etc/rc.local

24.实现imaps,只有uplooking.com能应用,并且设置dovocet的imaps key !(附加题)
	#cd /etc/pki/dovecot
	#mv certs/dovecot.pem certs/dovecot.pem.org
	#mv private/dovecot.pem private/dovecot.pem.org
	#vim /etc/pki/dovecot/dovecot-openssl.cnf
	#/usr/share/doc/dovecot-1.0.7/examples/mkcert.sh
	#vim /etc/dovecot.conf
		ssl_disable=no
		ssl_cert_file=XXXXXXXXXXXXX
		ssl_key_file=YYYYYYYYYYYYY
		listen [*]
	#service dovecot restart
	#mutt -f imaps://[email protected]
	#iptables -A INPUT ! -s 192.168.6.0/24 -p tcp --dport 993 -j REJECT
	#iptables -A INPUT ! -s 192.168.6.0/24 -p udp --dport 993 -j REJECT
	#service iptables save
	#service iptables restart
	

30.配置虚拟主机wwwX.uplooking.com其根目录为/var/www/wwwX.uplooking.com. 目录/var/www/html/input,只能bob用户密码bobpass上传文件。(之前的主机仍可用)
	#vim /etc/httpd/conf/httpd.conf
		NameVirtualHost *:80
		<VirtualHost *:80>
			ServerAdmin [email protected]
			DocumentRoot /var/www/html
			ServerName stux.uplooking.com
			ErrorLog logs/stux.uplooking.com-error_log
			CustomLog logs/stux.uplooking.com-access_log	common
			<Directory "/var/www/html/input">
				options none
				ALlowoverride Authconfig
			</Directory>	
		</VirtualHost *:80>
		<VirtualHost *:80>
			ServerAdmin [email protected]
			DocumentRoot /var/www/wwwx.uplooking.com
			ServerName wwwx.uplooking.com
			ErrorLog logs/wwwx.uplooking.com-error_log
			CustomLog logs/wwwx.uplooking.com-access_log	common	
		</VirtualHost *:80>
	#cd /var/www/html
	#mkdir input
	#cd input
	#vim .htaccess
		AuthName "welcome to our website!"
		AuthType	basic
		AuthUserFile /var/www/html/.passwd.conf
		<limit GET>
			require user bob
		</limit>
		<limit PUT POST>
			require usr bob
		</limit>
	#htpasswd -c /var/www/html/.passwd.conf bob
		passwd:xxxxxx
	#service httpd restart
31.配置虚拟主机wwwX.uplooking.com其根目录为/var/www/wwwX.uplooking.com. user1用户对/var/www/html/input有写入权限。(之前的主机仍可用)
	#vim /etc/httpd/conf/httpd.conf
		<VirtualHost *:80>
			ServerAdmin [email protected]
			DocumentRoot /var/www/wwwx.uplooking.com
			ServerName wwwx.uplooking.com
			ErrorLog logs/wwwx.uplooking.com-error_log
			CustomLog logs/wwwx.uplooking.com-access_log	common	
		</VirtualHost *:80>
	#chgrp admin iput
	#chmod g+w



		0.确认Selinux 在开启状况(enforcing)

1.体系正常启动并默许进入run




你的当前访问异常,请进行认证后继续阅读剩余内容。

分享到: