Linux Jobs 9

1, detailed description of the process of encrypting communication, combined with the best diagram.

Take Bob and Alice's secure communications as an example:

bob<--------->alice

1. Bob wants to secure communication with Alice first to obtain the other's public key, namely the other's certificate, and verify the legality of the certificate. Verification process and content:

1), using the CA's public key (both parties are known) to decrypt the certificate of the CA's signature, can decrypt the certificate to the original reliable;

2), using the "Signature algorithm" marked in the certificate to calculate the relevant information of the certificate, and the results of the hash calculation and the certificate "publisher signature" decrypted results (certificate signatures), if the consistent description of the integrity of the certificate;

3), check whether the validity period of the certificate is within the legal scope to prevent the certificate from expiring;

4), verify the "Principal name" of the certificate and the person to whom the pre-communication corresponds;

5), check whether the certificate has been revoked;

The above verification success indicates that the other certificate is reliable and trusts the certificate.

2. After obtaining the other certificate (i.e. the public key), do the following:

Encryption:

1), Bob to the clear text data hash calculation, extract the data fingerprint (signature, also called Information Digest);

2), Bob encrypts the data fingerprint with his private key, generates a digital signature, and appends the digital signature to the plaintext data;

3), Bob uses a one-time symmetric encryption algorithm key to encrypt plaintext and digital signature, and generate ciphertext;

4), Bob then uses Alice's public key to encrypt the secret key of the symmetric encryption algorithm to generate a digital envelope;

5) Bob sends the cipher and the digital envelope to Alice;

decryption:

1), Alice received the data (ciphertext + digital envelope), the use of their own private key to decrypt the digital envelope, the symmetric encryption algorithm to obtain the key;

2), using symmetric encryption key to decrypt the text, get clear text data and digital signature. Ensure the privacy of the data;

3), using Bob's public key to decrypt the digital signature, to obtain the plaintext data fingerprint (signature). If it can be solved, the data is sent to Bob, which guarantees the non-repudiation of the data;

4), Alice uses the same hashing algorithm to derive the data fingerprint (signature) from the plaintext and compare it to the data fingerprint computed by Bob, which, if consistent, indicates that the data has not been tampered with. The integrity of the guaranteed data;

650) this.width=650; "src=" Http://s4.51cto.com/wyfs02/M01/89/5A/wKioL1gQgX2iUrGTAAJ3N-B2C8A127.png "title=" Qq20161026173314.png "alt=" Wkiol1gqgx2iurgtaaj3n-b2c8a127.png "/>

2. Describes the process of creating a private CA, and a method certificate for the certificate request sent to the client.

3, build a set of DNS server, responsible for resolving magedu.com domain name (host name and IP)

(1), able to some host names for forward parsing and reverse parsing;

(2), sub-domain cdn.magedu.com subdomain authorization, subdomain is responsible for resolving the host name in the corresponding subdomain;

(3), in order to ensure the high availability of the DNS service system, please design a set of programs, and write a detailed implementation process

4, please describe a complete HTTP request processing process;

5. What are the processing models supported by HTTPD, and what environments are they used for?

6, the establishment of HTTPD server (based on the compilation method), requires:

provides two name-based virtual hosts:

(a) www1.stuX.com, page file directory is/WEB/VHOSTS/WWW1, error log is/var/log/httpd/www1.err, access log is/var/log/httpd/www1.access;

(b) www2.stuX.com, page file directory is/WEB/VHOSTS/WWW2, error log is/var/log/httpd/www2.err, access log is/var/log/httpd/www2.access;

(c) Establish their own home page file index.html for two virtual hosts, respectively, with their corresponding hostname;

(d) Output of httpd work status information through Www1.stux.com/server-status and only allow access to the account password (status:status);

7, for the 6th title of the 2nd virtual host to provide HTTPS services, so that users can secure access to this web site through HTTPS;

(1) Require the use of certificate certification, the certificate requires the use of the country (CN), State (HA), City (ZZ) and organization (mageedu);

(2) Set up Department for OPS, host name is www2.stuX.com, email is [email protected];

8, the establishment of samba sharing, shared directory for/data, requirements: (describe the complete process)

1) share named GKFX, workgroup for magedu;

2) Add group develop, add user Gentoo,centos and Ubuntu, where Gentoo and CentOS develop as additional group, Ubuntu does not belong to develop group; passwords are user names;

3) Add Samba users Gentoo,centos and Ubuntu, passwords are "mageedu";

4) This Samba share shared only allows the develop group to have write permission, and other users can only access it in read-only mode;

5) This Samba sharing service only allows host access from the 172.16.0.0/16 network;

9, build a set of files Vsftp file sharing service, shared directory for/ftproot, requirements: (describe the complete process)

1) based on the virtual user's access form;

2) Anonymous users are allowed to download only, do not allow uploading;

3) Imprison all users in their home directory;

4) Limit the maximum number of concurrent connections to 200:;

5) Maximum transfer rate for anonymous users 512kb/s

6) The virtual user's account is stored in the MySQL database.

7) The database is shared via NFS.

This article from "Silver Kay Blog" blog, declined reprint!

Linux Jobs 9