2016年RHEL7 ：RHCE试题答案整理.docx

RHCE考试：1.Selinux两台服务器上配置# vim /etc/selinux/configSELINUX=disabledSELINUXTYPE=targeted#reboot 2.ssh登录控制#vim /ect/hosts.allowsshd:172.25.0.#vim /ect/hosts.denysshd:.命令别名#vim /etc/bashrcalias qstat= 重读环境变量、验证# source /etc/bashrc 或# . /PATH/FROM/CONF_FILE#alias#qstat4.防火墙规则，配置端口转发图形化界面操作。# firewall-config & 在图形化下配置选择模式：Configuration Permanent永久模式Zone：public 适用区域Port Forwarding端口转发 - Add# firewall-cmd -list-all public 验证5.链路聚合图形化界面配置：#nm-conection-editor &#lab teambridge setupman teamd-runner:name:activebackup#systemctl restart network#ip addr show team0#teamdctl team0 state 6.配置IPv6地址图形配置# nm-connection-editor & 图形配置# systemctl restart network# ip addr show eth0# ping #测试7.本地邮件服务#yum install -y postfix#vim /etc/postfix/main.cfinit_interfaces=loopback-onlymyorigin = #从该系统上发送的邮件都显示来自relayhost = # 转发发到mydestination= # 本地不接受外来邮件local_transport=err:local delivery disabled# systemctl restart postfix# systemctl enable postfix8.Samba共享目录Server:# yum install samba samba-client -y # mkdir /common# chcon -R -t samba_share_t /common #修改安全上下文，此处的SElinux是打开的，在配置文件中也有此命令# vim /etc/samba/smb.confworkgroup = STAFF # 此处是修改common # 此处开始是添加内容comment=commonpath = /commonhosts allow = 172.25.0.browseable = yes# smbpasswd -a andy# testparm # 查看配置有无问题# systemctl restart smb nmb# systemctl enable smb nmb# firewall-cmd -add-service=samba -permanent# firewall-cmd -reloadClient：# yum install samba-client cifs-utils -y# smbclient -L /1 -U andy # 测试能否连接# smbclient /1/common -U andy # 测试能否连接共享目录# 第三步测试：能够下载不能上传挂载可以做看题目要求：#mkdir /mnt/common#vim /etc/fstab/1/common /mnt/common cifs defaults,username=k1,password=RedHat,sec=ntlmssp 0 0#mount -a#df -hT9.多用户SMB挂载# mkdir /share# chmod o+w /share# chcon -R -t samba_share_t /share# useradd k1# useradd c1# smbpasswd -a k1# smbpasswd -a c1 # vim /etc/samba/smb.confsharecomment=sharepath = /sharehosts allow = 172.25.0.browseable = yeswritable = nowrite list = c1# systemctl restart smb nmbClient端测试：#vim /etc/fstab/1/share /mnt/dev cifs defaults,multiuser,username=k1,password=redhat,sec=ntlmssp 0 0#mount -a#df -h# useradd c1# su - c1#cd /mnt/dev# cifscreds add 1 -u c1 # 临时提升权限？10.NFS服务Server：# mkdir /public# mkdir /pretected# chcon -R -t public_content_t /public# chcon -R -t public_content_t /pretected/# vim /etc/exports/public/24(ro,sync)/pretected /24(rw,sec=krb5p,sync)# wget -O /etc/krb5.keytab/pub/keytabs/server0.keytab？# useradd k2？# chown k2 /pretected/project/# systemctl restart nfs-secure-server# systemctl enable nfs-server.service# systemctl restart nfs# firewall-cmd -add-service=nfs -permanent# firewall-cmd -reload# firewall-cmd -add-service=rpc-bind -permanent # 挂载相关的放行# firewall-cmd -reload# firewall-cmd -permanent -add-service=mountd # 挂载相关的放行# firewall-cmd -reload# vim /etc/sysconfig/nfs # 为支持krb5验证RPCNFSDARGS=-V 4.211.挂载NFS共享Client：# wget -O /etc/krb5.keytab /pub/keytabs/desktop0.keytab# systemctl restart nfs-secure# systemctl enable nfs-secure # mkdir /mnt/nfssecure# vim /etc/fstab1:/public /mnt/nfsmount nfs defaules 0 01:/pretected /mnt/nfssecure nfs defaults,sec=krb5p,v4.2 0 0# mount -a12.配置Web站点# yum groupinstall -y web* #cd /var/www/html#wget http:/ #mv # systemctl start httpd# systemctl enable httpd#firewall-cmd -add-service=http -permanent#firewall-cmd -reload# systemctl restart httpd#firewall-config &# curl 13.配置安全web服务# yum install mod_ssl# cd /etc/httpd/conf.d# wget /pub/tls/certs/www0.crt# wget /pub/tls/private/www0.key# wget /pub/example-ca.crt# vim ssl.confDocumentRoot/var/www/htmlServerName :443SSLCertificateFile /etc/httpd/conf.d/www0.crtSSLCertificateKeyFile /etc/httpd/conf.d/www0.keySSLCertificateChainFile /etc/httpd/conf.d/example-ca.crt# systemctl restart httpd# firewall-cmd -add-service=https -permanent# firewall-cmd -reload14.配置虚拟主机# vim vhost.confServerName DocumentRoot /var/www/virtualAllowOverride NoneRequire all grantedServerName DocumentRoot /var/www/html# systemctl restart httpd#mkdir /var/www/virtual#chmod o+w /var/www/virtual15.配置Web内容服务# mkdir /var/www/html/private# echo 15 /var/www/html/private/index.html# mkdir /var/www/virtual# echo 14 /var/www/virtual/index.html# vim vhost.confServerNDocumentRoot /var/www/virtualAllowOverride NoneRequire all grantedServerName DocumentRoot /var/www/htmlAllowOverride NoneRequire all grantedAllowOverride NoneRequire all deniedRequirelocal# systemctl restart httpd# curl /private/index.html# curl /private/index.html16.实现动态Web内容# yum install mod_wsgi -y# vim /etc/httpd/conf/httpd.confListen 8909# semanage port -a -t http_port_t -p tcp 8909# systemctl restart httpd# echo 16 /var/www/html/webinfo.wsgi#vim vhost.confServerName 16.DocumentRoot /var/www/htmlAllowOverride NoneRequire all grantedWSGIScriptAlias / /var/www/html/webinfo.wsgi# systemctl restart httpd# firewall-config-edit &图形化放行#firewall-cmd -reload17.case脚本#vim /etc/boot/foo/sh#!/bin/bashcase $1 inFedora)echo RedHat;redhat)echo fedora;*)echo /root/foo.sh redhat|fedoraesac# chmod +x /root/foo.sh18.添加用户脚本?#vim /root/batchusers.sh#!/bin/bashif $# -eq 0 ;thenecho Usage:/root/batchusersexit 1fiif ! -f $1;thenecho input file not foundexit 1fifor i in $(cat $1);douseradd -s /bin/false $i;done# chmod +x /root/batchusers.sh19.ISCSI服务# fdisk -l /dev/vda#yum install -y targetcli#targetcli/ ls/ cd backstores/ cd block/ create disk1 /dev/vda1/ cd ./ cd ./ cd iscsi/ create .example:server0/ cd .wxample:server0/tpg1/ ls/ luns/ create /backstores/block/disk1/ acls/ create .example:desktop0/ portals/ create 1/ exit#fire-cmd -add-port=3260/tcp -permanent#fire-cmd -reload#systemctl enaable target#systemctl start targe20.配置ISCSI服务客户端# yum install iscsi* -y#vim /ettc/iscsi/initiatorname.iscsiInitiatorName=.example:desktop0#iscsiadm -t st -m discovery -p 1#iscsiadm -m node -T .example:server0 -p 1 -l#fdisk -l# fdisk /dev/sdc 分区# mkfs.ext4 /dev/sd.# mkdir