I. Homework (exercise) content:
First, Iptables class work
Premise: Input and output default policy is drop;
input chain Iptables -i input 1 -p tcp --dport 80 -m connlimit --connlimit-above 100 -m time ! --weekdays Mon -j acceptoutput chain IPTABLES  -I OUTPUT 1 -P TCP --SPORT 80 -m string --string "Admin" --algo kmp -j reject#iptables -i output 2 -m state --state established,related -j accept
2, during the working hours, that is, Monday to Friday 8:30-18:00, open the local FTP service to the 172.16.0.0 network host access, the number of data download requests per minute not more than 5;
Input chain Iptables-i input 1-s 172.16.0.0/16-p tcp--dport 21-m connlimit--connlimit-above 5-j acceptoutput chain Iptables-i OUTPUT 1-m State--state established,related-j ACCEPT
3, open the local SSH service to the host in 172.16.x.1-172.16.x.100, X is your seat number, the new request to establish the rate of one minute not more than 2, only allow the response message through its service port to leave the unit;
Input chain iptables-i input 1-p tcp--dport 22-m iprange--src-range 172.16.53.1-172.16.53.100-mlimit--limit 2/minute-j A Cceptoutput chain Iptables-i OUTPUT 1-m State--state established,related-j ACCEPT
4, reject the TCP flag bit all 1 and all 0 of the message access to the machine;
Input chain iptables-i input 1-p tcp--tcp-flags all all-j dropiptables-i input 2-p tcp--tcp-flags all-j DROP
5, allow the native ping other host, but not open the other host ping this machine;
Input chain iptables-i input 1-p ICMP--icmp-type 0-j acceptoutput chain iptables-i OUTPUT 1-p ICMP--icmp--type 8-j ACCEPT
Second, the basic application of Tcp_wrapper class work
Control VSFTPD only allow access to hosts in the 172.16.0.0/255.255.0.0 network, except 172.16.100.3; the access attempts that were denied are recorded in the/var/log/tcp_wrapper.log log file;
Vim/etc/hosts.allow add vsftpd:172.16. EXCEPT 172.16.100.3vim/etc/hosts.deny:vsftpd:all:spawn/bin/echo ' Date '%a try to access%d is refused! >>/var/log/tcp_wrapper.log
Iii. Script programming classes (array exercises)
1. Write a script: Define an array whose elements are the names of all files that end with. Log in the/var/log directory; Displays the number of rows per file;
2, write a script, generate 10 random numbers, and according to the order from small to large;
3, write a script, can randomly select a classmate from all the students to answer questions; further: can accept a parameter, as the number of students to select;
script programming grooming and after-school practice
Four, sudo practice
1, authorized CentOS users can run the FDISK command to complete Disk Management, and use MKFS or MKE2FS to achieve file system management;
2, authorized Gentoo users can run the logical volume management of related commands
V. VSFTPD and Pam Classes
1, realize the VSFTPD function based on virtual user authentication;
2, the virtual user's account and password information stored in MySQL.
Vi. Advanced Application Class (Intermediate class selected, Advanced Class will do)
1, altogether 3 servers, please arrange the allocation of resources rationally;
2, through the Nginx reverse proxy to achieve the load balance of the LNMP architecture, back-end service content for the WordPress forum, request access to any one backend Web server, all can obtain consistent and up-to-date data;
3, back-end Nginx and PHP separation.
Pending Update
[11-17] Summary of operations