RHCE备考资料修改过.doc

RHCE备考资料RHCE部分一 搭建两个虚拟主机和. 要求同时侦听80和8080两个端口, 要求访问的用户必须是todd, 密码是login.首先配置DNS服务器安装包: bind-9.3.3-7.el5vi /etc/named.conf (将named.conf 文件chgrp 到named用户组)options directory “/var/named”;zone “.” IN type hint; file “named.root”;zone “localdomain” IN type master; file “localdomain.zone”;zone “localhost” type master; file “localhost.zone”;zone “0.0.127.in-addr-arpa” IN type master; file “named.local”;zone “” IN type master; file “example.zone”;zone “0.168.192.” IN type master; file “0.168.192.zone”;vi /var/named/example.zone$TTL 86400 IN SOA . . (42 ;serial (d. adams) 3H ; refresh 15M; retry 1W ; expiry 1D; minimum IN NS .IN MX 10 . mail . IN A 00 www IN A 00stu IN A 00. IN A 00 vi /var/named/0.168.192.zone$TTL 86400 IN SOA . . (43 ;serial (d. adams) 3H ; refresh 15M; retry 1W ; expiry 1D; minimum IN NS .100 IN PTR .100 IN PTR .100 IN PTR ./var/named下有文件 0.168.192.zone example.zonelocalhost.zonenamed.root localdomain.zonenamed.localvi /etc/hosts00 vi /etc/resolv.conf nameserver 00vi /etc/sysconfig/networkHOSTNAME= 用service named configtest命令验证DNS的配置用nslookup命令进行域名解析 配置apache服务器安装包: httpd-2.2.3-11.el5依赖包:apr-util-1.2.7-6apr-1.2.7-11postgresql-libs-.el51. 虚拟主机配置vi /etc/httpd/conf/httpd.confListen 8080NameVirtualHost :80 ServerAdmin DocumentRoot /var/www/virtual//html ServerName ErrorLog logs/-error_log CustomLog logs/-access_log commonNameVirtualHost :80 ServerAdmin DocumentRoot /var/www/virtual//html ServerName ErrorLog logs/-error_log CustomLog logs/-access_log commonNameVirtualHost :8080 ServerAdmin DocumentRoot /var/www/virtual//html ServerName ErrorLog logs/-error_log CustomLog logs/-access_log common创建主页文件mkdir p /var/www/virtual//htmlecho “welcome to ” /var/www/virtual//html/index.html mkdir p /var/www/virtual//htmlecho “welcome to ” /var/www/virtual//html/index.htmlchkconfig httpd onservice httpd restart验证虚拟主机配置links links links :8080配置个人主页vi /etc/httpd/conf/httpd.conf#UserDir disable 加注释UserDir public_html 去掉注释useradd toddsu toddtoddwww $ mkdir public_htmltoddwww $ ls Z 查看selinux bool值drwxrwxr-xtodd todd root:object_r:user_home_t public_htmlsu rootwww $ cd /var/www/virtual//rootwww $ ls Zdrwxr-xr-x root root root:object_r:httpd_sys_content_t htmlsu toddtoddwww $ chcon t httpd_sys_content_t public_html/ 修改sebool值toddwww $ chmod 755 /home/todd 重要toddwww $ echo “it is todds private web” public_html/index.htmlsu 验证个人主页rootwww $links /todd需用户名和密码登陆的个人主页vi /etc/httpd/conf/httpd.conf AllowOverride AuthConfig vi /home/todd/public_html/.htaccess authname todd authtype basic authuserfile /etc/httpd/conf/htpasswd require user todd 保存退出htpasswd mc /etc/httpd/conf/htpasswd todd 修改密码验证带用户名密码的个人主页links /todd二 在/var/www/stu这个目录下放置的网页很重要, 要求搭建一个ssl的apache , servername 是安装包: mod_ssl-2.2.3-11.el5.i386.rpm 依赖包: distcache-1.4.5-14.1.i386.rpmvi /etc/httpd/conf.d/ssl.confNameVirtualHost 08:443DocumentRoot “/var/www/stu”ServerName :443 两行注释去掉, 将ServerName改成要访问的域名echo ssl website /var/www/html/index.htmlservice httpd restartlinks 三 搭建sendmail服务, 要求给mandy发的信, kevin用户能收到, 给teacher发的信, teacher组的用户能收到, 打开pop3, imap, imaps 和smtp的forward 功能, 要求54不能用smtp发邮件, 且要做个imaps的hostname key和测试的证书, 实现客户机与sendmail服务器之间传输数据的安全性初始化安装-安装必要的软件包下列软件包对于sendmail是必须的: sendmail-8.13.8-2.el5 sendmail-cf-.el5 m4-1.4.5-3.el5.1修改/etc/mail/sendmail.mc:Dn1 DAEMON_OPTIONS(Port=smtp, Addr=, Name=MTA)把改为将sendmail.cf文件做一个备份:cp /etc/mail/sendmail.cf /etc/mail/sendmail.cf.orig在同一个目录下, 编译sendmail.cfm4 /etc/mail/sendmail.mc /etc/mail/sendmail.cfchkconfig sendmail onservice sendmail restartsendmail是否正确标识您的主机名称, 通过命令行开关开启其调试模式并且设定为0sendmail d0查看sendmail pop3端口的开启情况sendmail ntuplo |grep 25运行命令测试给本域用户发邮件, 看是否成功创建两个用户并设置密码 kevin mary telnet 00 25mail from: rcpt to:datahi mary.quit安装包:dovecot-1.0-1.2.rc15.el5.i386.rpm 依赖包:mysql-5.0.22-2.1.i386.rpm perl-DBI-1.52-1fc6.i386.rpmservice dovecot restart查看sendmail imap端口的开启情况netstat ntuplo |grep 110运行命令测试接收本域用户发来的邮件, 看是否成功第一种方法: mail u mary第二种方法: telnet 00 110 user mary pass mary list retr 1 quit第三种方法: mutt f imap:/给mandy发的信, kevin用户能收到, 给teacher发的信, teacher组的用户能收到vi /etc/aliasesmandy: mandy, kevinteacher:include:/etc/mail/teachernewalisesvi /etc/mail/teacherteacher1,teacher2,teacher3让54不能用smtp发邮件vi /etc/mail/access Connect:54 REJECTmakemap hash /etc/mail/access.db 重启服务做imaps的hostname key和测试的证书, 实现客户机与sendmail服务器之间传输数据的安全性(客户端连接服务器加密)cd /etc/pki/tls/certs/make dovecot.pemCommon Name: Email Address: 编辑dovecot.conf文件 vi /etc/dovecot.confssl_cert_file = /etc/pki/dovecot/certs/dovecot.pemssl_key_file =/etc/pki/dovecot/provate/dovecot.pem 将两行的注释去掉将刚才生成的dovecot.pem 复制到 /etc/pki/dovecot/certs/dovecot.pem下,并覆盖掉目标文件cp /etc/pki/tls/certs/dovecot.pem /etc/pki/dovecot/certs/dovecot.pemcp /etc/pki/tls/certs/dovecot.pem /etc/pki/dovecot/private/dovecot.pem重启dovecot服务service dovecot restart验证: mutt f imaps:/四 搭建ssh服务, 不允许root登录, 同时不允许kevin远程登陆, 也不允许和以外的其他地方登录安装包: openssh-4.3p2-24.el5vi /etc/ssh/sshd_configPermitRootLogin noDenyUsers kevinservice sshd restart vi /etc/hosts.allowsshd: /sshd: /vi /etc/hosts.denysshd:ALL五 配置samba服务, 共享出/home/sharefile 目录, 要求只有/24和/24和可以访问, 共享出的名字是sharefile, 匿名用户不能查看到, 只有student组才有写的权限安装包: samba-3.0.25b-0.el5.4 samba-common-3.0.25b-0.el5.4 samba-client-3.0.25b-0.el5.4cd /etc/sambacp smb.conf smb.conf.bak 对配置文件进行备份vi smb.confhosts allow = 192.168.0. 192.168.1. localhosthosts deny = ALL (去除)sharefiel 建立共享目录comment = sharefile for studentpath = /home/sharefilepublic = nobrowseable = yeswritable = nowrite list = student 保存退出valid users = student备注说明: create mode = 0664 指的是新建立的档案的权限 directory mode = 0775 指的是新建立目录的权限 valid users = %S 则是有权限进入着, 这里设为%S, 所以每个使用者都可以进入自己的家目录)添加用户stu1, stu2.添加用户组student, 将用户加入组useradd s /sbin/nologin stu1 groupadd studentusermod G student stu1用户权限的设置mkdir p /home/sharefilechown root:student sharefile/ 或 chgrp student sharefiel/chmod R 775 /home/sharefile/修改sebool值让samba用户能访问到自己的家目录getsebool a |grep samba 查看samba的sebool值setsebool P samba_enable_home_dirs onchcon t samba_shared_t /homesmbpasswd a stu1testparm 检查samba语法是否有误chkconfig smb onservice smb restart netstat ntuplo |grep :13验证samba服务smbclient L localhost 用匿名用户查看samba共享的资源, 没有, 说明配置正确smbclient /localhost/sharefile U stu1%stu1 用stu1用户查看samba共享的资源创建, 删除, 下载, 上传目录文件, 用不是student组的用户试试是否能删除目录文件, 不能说明配置正确挂载共享资源到本地mount /00/sharefile /home o username=stu1,passwd=stu1六 搭建FTP服务, 在/var/ftp/目录下新建一个目录incoming, 要求student组里用户在此目录下创建的文件, 不能被其它人删除安装包: vsftpd-2.0.5-10.el5.i386.rpmmkdir p /var/ftp/incomingchmod 3770 /var/ftp/incomingchgrp student incoming修改sebool getsebool a |grep ftpsetsebool-P ftp_home_dir onchkconfig vsftpd onservice vsftpd restart 或etc/init.d/vsftpd restart验证ftp配置lftp localhost u student1要求student组中student6用户不具有写的权限:#setfacl m user:student6:r-x /incoming七 搭建FTP服务, 要求, student1到student10这几个用户登陆服务器后, 只能在自己的家目录下, 不能切换到其他目录for i in $(seq 1 10)do useradd student$iecho student$i | passwd stdin student$idonevi /etc/vsftpd/vsftpd.confchroot_list_enable=YESchroot_list_file = /etc/vsftpd/chroot_list 两行注释去掉for i in $(seq 1 10)do echo student$i /etc/vsftpd/chroot_listdone八 配置独立IP (192.168.0.x) 网关是54, nameserver是54, hostname是vi /etc/sysconfig/network-scripts/ifcfg-eth0IPADDR=192.168.0.xNETMASK=GATEWAY=54vi /etc/resolv.confnameserver 54vi /etc/sysconfig/networkHOSTNAME=非限制性题一 设置本机能实现转发, 关闭本机的ICMP回应功能本机实现转发配置vi /etc/sysctl.conf将net.ipv4.ip_forward = 0 改为1或者echo “1” /proc/sys/net/ipv4/ip_forward 加入到/etc/rc.d/rc.local关闭本机的ICMP回应功能sysctl w net.ipv4.icmp_echo_ignore_all=1或者 echo “1” /proc/sys/net/ipv4/icmp_echo_ignore_allsysctl p 立刻让该设置生效备注说明 sysctl 是配置内核参数命令 w 改变配置 p 直接生效配置二 分一个swap分区, 并让系统启动的时候自动挂载先分一个区, 将分区ID改成82, 变成swap分区, w保存退出partprobe mkswap L newswap /dev/had*vi /etc/fstab/dev/had* swap swap defaults 0 0swapon a swapon s三 做autofs服务, 自动挂载54下的/var/ftp/pub首先搭建nfs服务安装包:nfs-utils-1.0.9-16.el5 portmap-4.0- autofs-5.0.1-0.rc2.42vi /etc/exports/var/ftp/pub/24(rw,sync)service nfs restartservice portmap restartshowmount e localhost测试nfsmount 54:/var/ftp/pub /mnt安装包:autofs-5.0.1-0.rc2.42vi /etc/auto.master 不改vi /etc/auto.misc nfs 54:/var/ftp/pub测试autofscd /misc/nfsRHCT部分一 创建kevin, mandy, todd和erien用户, 创建teacher, student组 要求: kevin todd属于teacher组 mandy属于student组 erien 属于erien组同时也属于teacher和student组useradd kevinuseradd mandyuseradd todduseradd eriengroupadd teachergroupadd studentusermod a G teacher kevinusermod a G teacher toddusermod a G student mandyusermod a G teacher,student erien二 创建用户student1到studen50指定组为student组, 分别为他们创建磁盘配额, 指定他们每个人在根分区上只能用1M空间, 只能写300个文件for i in $(seq 1 50)do useradd G student student$iecho student$i | passwd -stdin student$idonevi /etc/fstabLABEL=/ext3defaults,usrquota,grpquota11mount o remount /quotacheck mcug /ls / 看有没有aquota.group aquota.user两个文件quotaon /edquota u student1blocks hard 1000 inodes har