[11-17] Summary of operations

Source: Internet
Author: User
Tags log log wordpress forum nginx reverse proxy

I. Homework (exercise) content:

First, Iptables class work

Premise: Input and output default policy is drop;

input chain Iptables -i input 1 -p tcp --dport  80 -m connlimit --connlimit-above 100 -m time ! --weekdays  Mon -j acceptoutput chain IPTABLES  -I OUTPUT 1 -P TCP --SPORT 80  -m string --string  "Admin"  --algo kmp -j reject#iptables -i  output 2 -m state --state established,related -j accept 

2, during the working hours, that is, Monday to Friday 8:30-18:00, open the local FTP service to the 172.16.0.0 network host access, the number of data download requests per minute not more than 5;

Input chain Iptables-i input 1-s 172.16.0.0/16-p tcp--dport 21-m connlimit--connlimit-above 5-j acceptoutput chain Iptables-i OUTPUT 1-m State--state established,related-j ACCEPT

3, open the local SSH service to the host in 172.16.x.1-172.16.x.100, X is your seat number, the new request to establish the rate of one minute not more than 2, only allow the response message through its service port to leave the unit;

Input chain iptables-i input 1-p tcp--dport 22-m iprange--src-range 172.16.53.1-172.16.53.100-mlimit--limit 2/minute-j A Cceptoutput chain Iptables-i OUTPUT 1-m State--state established,related-j ACCEPT

4, reject the TCP flag bit all 1 and all 0 of the message access to the machine;

Input chain iptables-i input 1-p tcp--tcp-flags all all-j dropiptables-i input 2-p tcp--tcp-flags all-j DROP

5, allow the native ping other host, but not open the other host ping this machine;

Input chain iptables-i input 1-p ICMP--icmp-type 0-j acceptoutput chain iptables-i OUTPUT 1-p ICMP--icmp--type 8-j ACCEPT

Second, the basic application of Tcp_wrapper class work

Control VSFTPD only allow access to hosts in the 172.16.0.0/255.255.0.0 network, except 172.16.100.3; the access attempts that were denied are recorded in the/var/log/tcp_wrapper.log log file;

Vim/etc/hosts.allow add vsftpd:172.16. EXCEPT 172.16.100.3vim/etc/hosts.deny:vsftpd:all:spawn/bin/echo ' Date '%a try to access%d is refused! >>/var/log/tcp_wrapper.log

Iii. Script programming classes (array exercises)

1. Write a script: Define an array whose elements are the names of all files that end with. Log in the/var/log directory; Displays the number of rows per file;

2, write a script, generate 10 random numbers, and according to the order from small to large;

3, write a script, can randomly select a classmate from all the students to answer questions; further: can accept a parameter, as the number of students to select;

script programming grooming and after-school practice


Four, sudo practice

1, authorized CentOS users can run the FDISK command to complete Disk Management, and use MKFS or MKE2FS to achieve file system management;

2, authorized Gentoo users can run the logical volume management of related commands


V. VSFTPD and Pam Classes

1, realize the VSFTPD function based on virtual user authentication;

2, the virtual user's account and password information stored in MySQL.


Vi. Advanced Application Class (Intermediate class selected, Advanced Class will do)

1, altogether 3 servers, please arrange the allocation of resources rationally;

2, through the Nginx reverse proxy to achieve the load balance of the LNMP architecture, back-end service content for the WordPress forum, request access to any one backend Web server, all can obtain consistent and up-to-date data;

3, back-end Nginx and PHP separation.

Pending Update

[11-17] Summary of operations

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.