[11-17] Summary of operations

I. Homework (exercise) content:

First, Iptables class work

Premise: Input and output default policy is drop;

input chain Iptables -i input 1 -p tcp --dport  80 -m connlimit --connlimit-above 100 -m time ! --weekdays  Mon -j acceptoutput chain IPTABLES  -I OUTPUT 1 -P TCP --SPORT 80  -m string --string  "Admin"  --algo kmp -j reject#iptables -i  output 2 -m state --state established,related -j accept 

2, during the working hours, that is, Monday to Friday 8:30-18:00, open the local FTP service to the 172.16.0.0 network host access, the number of data download requests per minute not more than 5;

Input chain Iptables-i input 1-s 172.16.0.0/16-p tcp--dport 21-m connlimit--connlimit-above 5-j acceptoutput chain Iptables-i OUTPUT 1-m State--state established,related-j ACCEPT

3, open the local SSH service to the host in 172.16.x.1-172.16.x.100, X is your seat number, the new request to establish the rate of one minute not more than 2, only allow the response message through its service port to leave the unit;

Input chain iptables-i input 1-p tcp--dport 22-m iprange--src-range 172.16.53.1-172.16.53.100-mlimit--limit 2/minute-j A Cceptoutput chain Iptables-i OUTPUT 1-m State--state established,related-j ACCEPT

4, reject the TCP flag bit all 1 and all 0 of the message access to the machine;

Input chain iptables-i input 1-p tcp--tcp-flags all all-j dropiptables-i input 2-p tcp--tcp-flags all-j DROP

5, allow the native ping other host, but not open the other host ping this machine;

Input chain iptables-i input 1-p ICMP--icmp-type 0-j acceptoutput chain iptables-i OUTPUT 1-p ICMP--icmp--type 8-j ACCEPT

Second, the basic application of Tcp_wrapper class work

Control VSFTPD only allow access to hosts in the 172.16.0.0/255.255.0.0 network, except 172.16.100.3; the access attempts that were denied are recorded in the/var/log/tcp_wrapper.log log file;

Vim/etc/hosts.allow add vsftpd:172.16. EXCEPT 172.16.100.3vim/etc/hosts.deny:vsftpd:all:spawn/bin/echo ' Date '%a try to access%d is refused! >>/var/log/tcp_wrapper.log

Iii. Script programming classes (array exercises)

1. Write a script: Define an array whose elements are the names of all files that end with. Log in the/var/log directory; Displays the number of rows per file;

2, write a script, generate 10 random numbers, and according to the order from small to large;

3, write a script, can randomly select a classmate from all the students to answer questions; further: can accept a parameter, as the number of students to select;

script programming grooming and after-school practice

Four, sudo practice

1, authorized CentOS users can run the FDISK command to complete Disk Management, and use MKFS or MKE2FS to achieve file system management;

2, authorized Gentoo users can run the logical volume management of related commands

V. VSFTPD and Pam Classes

1, realize the VSFTPD function based on virtual user authentication;

2, the virtual user's account and password information stored in MySQL.

Vi. Advanced Application Class (Intermediate class selected, Advanced Class will do)

1, altogether 3 servers, please arrange the allocation of resources rationally;

2, through the Nginx reverse proxy to achieve the load balance of the LNMP architecture, back-end service content for the WordPress forum, request access to any one backend Web server, all can obtain consistent and up-to-date data;

3, back-end Nginx and PHP separation.

Pending Update

[11-17] Summary of operations