RHCE之RHCE-test
RHCE模拟练习v2.0 2h
考试环境:system1、system2
练习环境:server0、desktop0
root密码:tianyun
example.com: 172.25.X.0/24
cracker.com: 172.24.3.0/24
YUM: http://content.example.com/rhel7.0/x86_64/dvd
1. 配置server0和desktop0上的SELinux环境为enforcing
# getenforce Enforcing # cat /etc/sysconfig/selinux |grep -v ^# SELINUX=enforcing SELINUXTYPE=targeted
2. 配置system1和system2上的访问控制,拒绝cracker.com域中的主机访问SSH
3. 配置server0和desktop0配置自定义命令psnew,执行该命令是将执行ps -Ao user,pid,ppid,command
4. 配置system1服务器samba,工作组为STAFF,共享目录/smb1, 共享名smb1,仅允许example.com域中主机访
问。samba用户harry可以读取,密码tianyun; system2自动挂接到/mnt/smb1
# yum -y install samba samba-client # vi /etc/samba/smb.conf # mkdir /smb1
# firewall-cmd --permanent --add-service=samba success # firewall-cmd --reload success # firewall-cmd --permanent --list-all public (default) interfaces: sources: services: dhcpv6-client samba ssh ports: 3260/tcp masquerade: no forward-ports: icmp-blocks: rich rules:
[root@system1 ~]# systemctl enable smb nmb Created symlink from /etc/systemd/system/multi-user.target.wants/smb.service to /usr/lib/systemd/system/smb.service. Created symlink from /etc/systemd/system/multi-user.target.wants/nmb.service to /usr/lib/systemd/system/nmb.service. [root@system1 ~]# useradd harry useradd: user 'harry' already exists [root@system1 ~]# smbpasswd -a harry New SMB password: Retype new SMB password: Added user harry. [root@system1 ~]# ll -dZ /smb1 drwxr-xr-x. root root unconfined_u:object_r:default_t:s0 /smb1 [root@system1 ~]# semanage fcontext -a -t samba_share_t '/smb1(/.*)?' [root@system1 ~]# ll -dZ /smb1 drwxr-xr-x. root root unconfined_u:object_r:default_t:s0 /smb1 [root@system1 ~]# restorecon -RFvv /smb1 restorecon reset /smb1 context unconfined_u:object_r:default_t:s0->system_u:object_r:samba_share_t:s0 [root@system1 ~]# ll -dZ /smb1 drwxr-xr-x. root root system_u:object_r:samba_share_t:s0 /smb1 [root@system1 ~]# systemctl restart smb nmb
客户端system2分别实现手动挂载和自动挂载
[root@system2 ~]# yum -y install cifs-utils Loaded plugins: fastestmirror, langpacks local | 3.6 kB 00:00:00 Loading mirror speeds from cached hostfile Package cifs-utils-6.2-7.el7.x86_64 already installed and latest version Nothing to do [root@system2 ~]# mount -t cifs -o username=harry //system1/smb1 /mnt Password for harry@//system1/smb1: ******* [root@system2 ~]# df -Th Filesystem Type Size Used Avail Use% Mounted on /dev/mapper/centos-root xfs 18G 3.4G 15G 20% / devtmpfs devtmpfs 474M 0 474M 0% /dev tmpfs tmpfs 489M 84K 489M 1% /dev/shm tmpfs tmpfs 489M 7.1M 482M 2% /run tmpfs tmpfs 489M 0 489M 0% /sys/fs/cgroup /dev/sda1 xfs 497M 158M 340M 32% /boot /dev/sdb1 ext4 477M 2.3M 445M 1% /iscsidisk tmpfs tmpfs 98M 20K 98M 1% /run/user/42 tmpfs tmpfs 98M 0 98M 0% /run/user/0 /dev/sr0 iso9660 4.1G 4.1G 0 100% /media //system1/smb1 cifs 18G 3.4G 15G 20% /mnt [root@system2 ~]# vi /root/smb1.passwd [root@system2 ~]# cat /root/smb1.passwd username=harry password=tianyun [root@system2 ~]# vi /etc/fstab [root@system2 ~]# tail -1 /etc/fstab //system1/smb1 /mnt cifs defaults,credentials=/root/smb1.passwd 0 0 [root@system2 ~]# mount -a [root@system2 ~]# df -Th Filesystem Type Size Used Avail Use% Mounted on /dev/mapper/centos-root xfs 18G 3.4G 15G 20% / devtmpfs devtmpfs 474M 0 474M 0% /dev tmpfs tmpfs 489M 84K 489M 1% /dev/shm tmpfs tmpfs 489M 7.1M 482M 2% /run tmpfs tmpfs 489M 0 489M 0% /sys/fs/cgroup /dev/sda1 xfs 497M 158M 340M 32% /boot /dev/sdb1 ext4 477M 2.3M 445M 1% /iscsidisk tmpfs tmpfs 98M 20K 98M 1% /run/user/42 tmpfs tmpfs 98M 0 98M 0% /run/user/0 /dev/sr0 iso9660 4.1G 4.1G 0 100% /media //system1/smb1 cifs 18G 3.4G 15G 20% /mnt
5. 配置system1服务器samba,共享目录/smb2,共享名smb2,仅允许example.com域中主机访问。仅允许用户
ldapuser1读取, ldapuser2读写,密码都为tianyun;desktop0以multiuser方式自动挂接到/mnt/smb2
[root@system1 smb1]# useradd ldapuser1 [root@system1 smb1]# useradd ldapuser2 [root@system1 smb1]# smbpasswd -a ldapuser1 New SMB password: Retype new SMB password: Added user ldapuser1. [root@system1 smb1]# smbpasswd -a ldapuser2 New SMB password: Retype new SMB password: Added user ldapuser2. [root@system1 smb1]# vi /etc/samba/smb.conf [root@system1 smb1]# tail -5 /etc/samba/smb.conf [smb2] path = /smb2 valid users = ldapuser1 browseable = yes write list = ldapuser2 [root@system1 smb1]# cd [root@system1 ~]# mkdir /smb2 [root@system1 ~]# semanage fcontext -a -t samba_share_t '/smb2(/.*)?' [root@system1 ~]# restorecon -RFvv /smb2 restorecon reset /smb2 context unconfined_u:object_r:default_t:s0->system_u:object_r:samba_share_t:s0 [root@system1 ~]# systemctl restart smb nmb
[root@system2 ~]# mkdir /mnt/smb2 [root@system2 ~]# vi /root/smb2.passwd [root@system2 ~]# cat /root/smb2.passwd username=ldapuser1 password=tianyun [root@system2 ~]# vi /etc/fstab [root@system2 ~]# tail -1 /etc/fstab //system1/smb2 /mnt/smb2 cifs defaults,credentials=/root/smb2.passwd,multiuser,sec=ntlmssp 0 0 [root@system2 ~]# mount -a [root@system2 ~]# df -Th Filesystem Type Size Used Avail Use% Mounted on /dev/mapper/centos-root xfs 18G 3.4G 15G 20% / devtmpfs devtmpfs 474M 0 474M 0% /dev tmpfs tmpfs 489M 84K 489M 1% /dev/shm tmpfs tmpfs 489M 7.1M 482M 2% /run tmpfs tmpfs 489M 0 489M 0% /sys/fs/cgroup /dev/sda1 xfs 497M 158M 340M 32% /boot /dev/sdb1 ext4 477M 2.3M 445M 1% /iscsidisk tmpfs tmpfs 98M 20K 98M 1% /run/user/42 tmpfs tmpfs 98M 0 98M 0% /run/user/0 //system1/smb1 cifs 18G 3.4G 15G 20% /mnt/smb1 //system1/smb2 cifs 18G 3.4G 15G 20% /mnt/smb2 [root@system2 ~]# mount |grep /smb //system1/smb1 on /mnt/smb1 type cifs (rw,relatime,vers=1.0,cache=strict,username=harry,domain=SYSTEM1,uid=0,noforceuid,gid=0,noforcegid,addr=10.2.75.111,unix,posixpaths,serverino,acl,rsize=1048576,wsize=65536,actimeo=1) //system1/smb2 on /mnt/smb2 type cifs (rw,relatime,vers=1.0,sec=ntlmssp,cache=strict,multiuser,domain=SYSTEM1,uid=0,noforceuid,gid=0,noforcegid,addr=10.2.75.111,unix,posixpaths,serverino,acl,noperm,rsize=1048576,wsize=65536,actimeo=1)
6. 配置server0基本nfs,共享目录/nfs1,仅允许example.com域中主机访问;desktop0自动挂载到/mnt/nfs1
[root@system1 ~]# yum -y install nfs-utils [root@system1 ~]# mkdir /nfs1 [root@system1 nfs1]# vi /etc/exports [root@system1 nfs1]# cat /etc/exports /nfs1 10.2.75.0/24(ro,sync) [root@system1 ~]# firewall-cmd --permanent --add-service=nfs success [root@system1 ~]# firewall-cmd --reload success [root@system1 ~]# firewall-cmd --permanent --list-all public (default) interfaces: sources: services: dhcpv6-client nfs samba ssh ports: 3260/tcp masquerade: no forward-ports: icmp-blocks: rich rules: [root@system1 ~]# systemctl enable nfs-server Created symlink from /etc/systemd/system/multi-user.target.wants/nfs-server.service to /usr/lib/systemd/system/nfs-server.service. [root@system1 ~]# systemctl restart nfs-server [root@system1 nfs1]# touch 1.txt [root@system2 ~]# yum -y install nfs-utils Loaded plugins: fastestmirror, langpacks Loading mirror speeds from cached hostfile Package 1:nfs-utils-1.3.0-0.21.el7.x86_64 already installed and latest version Nothing to do [root@system2 ~]# vi /etc/fstab [root@system2 ~]# tail -1 /etc/fstab system1:/nfs1 /mnt/nfs1 nfs defaults 0 0 [root@system2 ~]# mkdir /mnt/nfs1 [root@system2 ~]# mount -a [root@system2 ~]# df -Th Filesystem Type Size Used Avail Use% Mounted on /dev/mapper/centos-root xfs 18G 3.4G 15G 20% / devtmpfs devtmpfs 474M 0 474M 0% /dev tmpfs tmpfs 489M 84K 489M 1% /dev/shm tmpfs tmpfs 489M 7.1M 482M 2% /run tmpfs tmpfs 489M 0 489M 0% /sys/fs/cgroup /dev/sda1 xfs 497M 158M 340M 32% /boot /dev/sdb1 ext4 477M 2.3M 445M 1% /iscsidisk tmpfs tmpfs 98M 20K 98M 1% /run/user/42 tmpfs tmpfs 98M 0 98M 0% /run/user/0 //system1/smb1 cifs 18G 3.4G 15G 20% /mnt/smb1 //system1/smb2 cifs 18G 3.4G 15G 20% /mnt/smb2 system1:/nfs1 nfs4 18G 3.4G 15G 20% /mnt/nfs1 [root@system2 ~]# cd /mnt/nfs1/ [root@system2 nfs1]# touch 1 touch: cannot touch ‘1’: Read-only file system [root@system2 nfs1]# ls 1 [root@system2 nfs1]# ls 1 1.txt
7. 配置server0安全的nfs,共享目录/nfs2,仅允许example.com域中主机访问。/nfs2/private目录所有者为
ldapuser5。desktop0自动挂载到/mnt/nfs2,用户ldapuser5能够写入文件到/mnt/nfs2/private
http://classroom.example.com/pub/keytabs/serverX.keytab
http://classroom.example.com/pub/keytabs/desktopX.keytab
8. 配置server0和desktop0上的链路聚合,使用接口eth1、eth2。当一个接口失效时仍然能够工作。
server0: 192.168.X.121
desktop0: 192.168.X.122
[root@server0 ~]# ip a 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: eno16777736: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 00:0c:29:4f:0c:64 brd ff:ff:ff:ff:ff:ff inet 192.168.1.100/24 brd 192.168.1.255 scope global dynamic eno16777736 valid_lft 7148sec preferred_lft 7148sec inet 10.2.75.121/24 brd 10.2.75.255 scope global eno16777736 valid_lft forever preferred_lft forever inet6 fe80::20c:29ff:fe4f:c64/64 scope link valid_lft forever preferred_lft forever 3: eno33554984: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 00:0c:29:4f:0c:6e brd ff:ff:ff:ff:ff:ff inet6 fe80::20c:29ff:fe4f:c6e/64 scope link valid_lft forever preferred_lft forever 4: eno50332208: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 00:0c:29:4f:0c:78 brd ff:ff:ff:ff:ff:ff inet6 fe80::20c:29ff:fe4f:c78/64 scope link valid_lft forever preferred_lft forever 5: virbr0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN link/ether 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff inet 192.168.122.1/24 brd 192.168.122.255 scope global virbr0 valid_lft forever preferred_lft forever 6: virbr0-nic: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast state DOWN qlen 500 link/ether 52:54:00:9c:49:64 brd ff:ff:ff:ff:ff:ff [root@server0 ~]# nmcli connection add type team con-name team0 autoconnect yes ifname team0 config '{"runner":{"name":"activebackup"}}' Connection 'team0' (d8ba3721-99fc-4928-b738-55a5f772d0e6) successfully added. [root@server0 ~]# nmcli connection modify team0 ipv4.addresses 192.168.20.121/24 [root@server0 ~]# nmcli connection modify team0 ipv4.method m [root@server0 ~]# ip a 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: eno16777736: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 00:0c:29:4f:0c:64 brd ff:ff:ff:ff:ff:ff inet 192.168.1.100/24 brd 192.168.1.255 scope global dynamic eno16777736 valid_lft 6970sec preferred_lft 6970sec inet 10.2.75.121/24 brd 10.2.75.255 scope global eno16777736 valid_lft forever preferred_lft forever inet6 fe80::20c:29ff:fe4f:c64/64 scope link valid_lft forever preferred_lft forever 3: eno33554984: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 00:0c:29:4f:0c:6e brd ff:ff:ff:ff:ff:ff 4: eno50332208: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 00:0c:29:4f:0c:78 brd ff:ff:ff:ff:ff:ff 5: virbr0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN link/ether 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff inet 192.168.122.1/24 brd 192.168.122.255 scope global virbr0 valid_lft forever preferred_lft forever 6: virbr0-nic: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast state DOWN qlen 500 link/ether 52:54:00:9c:49:64 brd ff:ff:ff:ff:ff:ff 7: team0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN link/ether 52:5a:da:8a:d5:38 brd ff:ff:ff:ff:ff:ff [root@server0 ~]# nmcli connection add type team-slave con-name team0-eno3355 ifname eno33554984 autoconnect yes master team0 Connection 'team0-eno3355' (02e09ecc-78ad-4fd0-b821-2e0470fcf110) successfully added. [root@server0 ~]# nmcli connection add type team-slave con-name team0-eno5033 ifname eno50332208 autoconnect yes master team0 Connection 'team0-eno5033' (95a6c3bf-c1e0-4393-9664-46d1b788d245) successfully added. [root@server0 ~]# ip a 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: eno16777736: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 00:0c:29:4f:0c:64 brd ff:ff:ff:ff:ff:ff inet 192.168.1.100/24 brd 192.168.1.255 scope global dynamic eno16777736 valid_lft 6867sec preferred_lft 6867sec inet 10.2.75.121/24 brd 10.2.75.255 scope global eno16777736 valid_lft forever preferred_lft forever inet6 fe80::20c:29ff:fe4f:c64/64 scope link valid_lft forever preferred_lft forever 3: eno33554984: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master team0 state UP qlen 1000 link/ether 00:0c:29:4f:0c:6e brd ff:ff:ff:ff:ff:ff 4: eno50332208: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master team0 state UP qlen 1000 link/ether 00:0c:29:4f:0c:6e brd ff:ff:ff:ff:ff:ff 5: virbr0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN link/ether 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff inet 192.168.122.1/24 brd 192.168.122.255 scope global virbr0 valid_lft forever preferred_lft forever 6: virbr0-nic: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast state DOWN qlen 500 link/ether 52:54:00:9c:49:64 brd ff:ff:ff:ff:ff:ff 7: team0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP link/ether 00:0c:29:4f:0c:6e brd ff:ff:ff:ff:ff:ff inet 192.168.20.121/24 brd 192.168.20.255 scope global team0 valid_lft forever preferred_lft forever inet6 fe80::20c:29ff:fe4f:c6e/64 scope link valid_lft forever preferred_lft forever [root@server0 ~]# teamdctl team0 state setup: runner: activebackup ports: eno33554984 link watches: link summary: up instance[link_watch_0]: name: ethtool link: up down count: 0 eno50332208 link watches: link summary: up instance[link_watch_0]: name: ethtool link: up down count: 0 runner: active port: eno33554984 ##desktop0相同,仅更换ip为192.168.20.122 测试 [root@server0 ~]# ping -I team0 192.168.20.122 PING 192.168.20.122 (192.168.20.122) from 192.168.20.121 team0: 56(84) bytes of data. 64 bytes from 192.168.20.122: icmp_seq=1 ttl=64 time=1.54 ms 64 bytes from 192.168.20.122: icmp_seq=2 ttl=64 time=0.494 ms 64 bytes from 192.168.20.122: icmp_seq=3 ttl=64 time=0.494 ms 64 bytes from 192.168.20.122: icmp_seq=4 ttl=64 time=0.450 ms ^C --- 192.168.20.122 ping statistics --- 4 packets transmitted, 4 received, 0% packet loss, time 3004ms rtt min/avg/max/mdev = 0.450/0.746/1.549/0.464 ms
9. 配置desktop0端口转发,从10.2.75.0/24网段访问 desktop0 端口6666/tcp时,转发到本地的22/tcp
[root@desktop0 ~]# firewall-cmd --permanent --add-rich-rule "rule family=ipv4 source address=10.2.75.0/24 forward-port port=6666 protocol=tcp to-port=22" success [root@desktop0 ~]# firewall-cmd --reload success [root@desktop0 ~]# firewall-cmd --permanent --list-all public (default) interfaces: sources: services: dhcpv6-client ssh ports: masquerade: no forward-ports: icmp-blocks: rich rules: rule family="ipv4" source address="10.2.75.121" service name="ssh" reject rule family="ipv4" source address="10.2.75.0/24" forward-port port="6666" protocol="tcp" to-port="22"
10. 配置system1和system2上的IPv6,使用接口eno16777736,相互可以ping通,原IPv4仍然有效。
system1 20:ac18::1205/64
system2 20:ac18::120a/64
11. 配置server0和desktop0邮件系统,配置postfix为null client
本地发送的邮件转发到: smtp.example.com
本地发送的邮件显示来自: example.com
12. server0配置iscsi target,卷san10,大小为1G,iscsi target名为iqn.2017-07.com.tianyun:system1, 仅允许
system2.example.com主机访问; system2配置iscsi initiator,创建大小为500M的分区,格式化为 ext4文件
系统,自动挂载到/iscsidisk
#安装一个文本配置工具
#准备一个分区如下
#官方建议先启动,并配置开机自启
acls 默认允许所有主机访问,创建允许访问
luns iqn需要与设备绑定
#保存后的位置/etc/target/saveconfig.json
/etc/target/backup/saveconfig-2017*.json
#客户端安装
#换成我们服务器端配置的允许连接的iqn
#加d是iscsi的核心进程,负责和iscsi服务器通讯,包括discovery去发现,还有后期的交换iscsi协议
#iscsi重启,读取文件/var/lib/iscsi/*,帮助实现开机后的自动连接,
#如果需要初始化iscsi的整个配置,就需要rm -rf /var/lib/iscsi/*
#网络设备一定要使用uuid,blkid获取uuid,只有分区格式化后才有uuid
13. 配置server0 Web服务,网站wwwX.example.com。拒绝cracker.com域 访问。
网页文件:http://classroom.example.com/content/exam/webs/www.html
注:命名为index.html,勿修改网页内容
14. 配置server0 Web服务,网站wwwX.example.com启用TLS加密。
TLS certificate http://classroom/pub/tls/certs/wwwX.crt
TLS private key http://classroom/pub/tls/private/wwwX.key
TLS CA certificate http://classroom/pub/example-ca.crt
15. 配置server0 Web服务,网站serverX.example.com,网站目录为/var/www/virtual
网页文件:http://classroom.example.com/pub/webs/server.html
注:命名为index.html,勿修改网页内容
16. 配置server0 Web服务,网站webappX.example.com,端口为8888/tcp
Python application http://classroom.example.com/content/exam/webs/webapp.wsgi
17. 配置server0 Web服务,http://serverX.example.com/private,仅允许从server0访问。
网页文件:http://classroom.example.com/content/exam/webs/private.html
注:命名为index.html,勿修改网页内容
18. 配置system1 Shell script,/root/script1.sh。
执行/root/script1.sh foo,输出bar
执行/root/script1.sh bar 输出foo
没有任何参数时,输出 USE ...
第一种:
[root@system1 ~]# vi script1.sh [root@system1 ~]# cat script1.sh #!/bin/bash if [ $1 = "foo" ];then echo "bar" elif [ $1 = "bar" ];then echo "foo" else echo "USE: ..." fi [root@system1 ~]# chmod 755 script1.sh [root@system1 ~]# ./script1.sh bar foo [root@system1 ~]# ./script1.sh foo bar [root@system1 ~]# ./script1.sh ./script1.sh: line 2: [: =: unary operator expected ./script1.sh: line 4: [: =: unary operator expected USE: ... [root@system1 ~]# ./script1.sh 1 USE: ...
第二种:
[root@system1 ~]# vi script2.sh [root@system1 ~]# cat script2.sh #!/bin/bash case "$1" in bar) echo "foo" ;; foo) echo "bar" ;; *) echo "USE ..." esac [root@system1 ~]# chmod 755 script2.sh [root@system1 ~]# ./script2.sh foo bar [root@system1 ~]# ./script2.sh bar foo [root@system1 ~]# ./script2.sh USE ... [root@system1 ~]# ./script2.sh 1 USE ...
19. 配置server0 Shell script: /root/script2.sh
批量添加用户,根据指定文件作为参数添加用户,需要判断是否存在参数和用户文件是否存在,需要错误退出和退
出返回值。设置/bin/false为添加用户默认shell。
20. 配置server0 Mariadb数据库
1) 安装Mariadb
# yum -y groupinstall mariadb mariadb-client # systemctl enable mariadb # systemctl start mariadb
[root@system1 ~]# firewall-cmd --permanent --add-port=3306/tcp success [root@system1 ~]# firewall-cmd --reload success [root@system1 ~]# firewall-cmd --permanent --list-all public (default) interfaces: sources: services: dhcpv6-client nfs samba ssh ports: 3306/tcp 3260/tcp masquerade: no forward-ports: icmp-blocks: rich rules:
2) 配置root户只能从本地登录,密码为tianyun
3) 禁用匿名用户访问
[root@system1 ~]# mysql_secure_installation /usr/bin/mysql_secure_installation: line 379: find_mysql_client: command not found NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB SERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY! In order to log into MariaDB to secure it, we'll need the current password for the root user. If you've just installed MariaDB, and you haven't set the root password yet, the password will be blank, so you should just press enter here. Enter current password for root (enter for none): OK, successfully used password, moving on... Setting the root password ensures that nobody can log into the MariaDB root user without the proper authorisation. Set root password? [Y/n] y New password: Re-enter new password: Password updated successfully! Reloading privilege tables.. ... Success! By default, a MariaDB installation has an anonymous user, allowing anyone to log into MariaDB without having to have a user account created for them. This is intended only for testing, and to make the installation go a bit smoother. You should remove them before moving into a production environment. Remove anonymous users? [Y/n] y ... Success! Normally, root should only be allowed to connect from 'localhost'. This ensures that someone cannot guess at the root password from the network. Disallow root login remotely? [Y/n] y ... Success! By default, MariaDB comes with a database named 'test' that anyone can access. This is also intended only for testing, and should be removed before moving into a production environment. Remove test database and access to it? [Y/n] y - Dropping test database... ... Success! - Removing privileges on test database... ... Success! Reloading the privilege tables will ensure that all changes made so far will take effect immediately. Reload privilege tables now? [Y/n] y ... Success! Cleaning up... All done! If you've completed all of the above steps, your MariaDB installation should now be secure. Thanks for using MariaDB!
4) 创建数据库Concats
MariaDB [(none)]> create Concats; ERROR 1064 (42000): You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near 'Concats' at line 1 MariaDB [(none)]> create database Concats; Query OK, 1 row affected (0.00 sec) MariaDB [(none)]> show databases; +--------------------+ | Database | +--------------------+ | information_schema | | Concats | | mysql | | performance_schema | +--------------------+ 4 rows in set (0.00 sec)
5) 导入数据到Concats, http://classroom.example.com/content/exam/mariadb/mariadb.dump
6) 授权Luigi用户可以从本地以select方式访问数据库Concats中的表,密码tianyun。
7) 按要求实现单表查询,提交结果
8) 按要求实现多表查询,提交结果
浙公网安备 33010602011771号