First,iptables class work
" Span style= "Color:rgb (0,112,192); font-family:arial, Helvetica, Sans-serif;" > input output drop
1 web 100 every second; web server contains admin web
Iptables-a input-d 192.168.61.131-p tcp--dport 80-m time! --weekdays 1-m limit--limit 100/second-m string!--string "admin"--algo kmp-j ACCEPT
Iptables-a ouput-s 192.168.61.131-p tcp--sport 80-j ACCEPT
2 during the working hours, that is, from Monday to Friday 8:30-18:00 , open this machine's FTP Service to 172.16.0.0 host access in the network, the number of data download requests per minute must not exceed 5 one;
Iptables-a input-p TCP--dport 21-s172.16.0.0/16-m time--weekdays 1,2,3,4,5--timestart 8:30am--timestop 18:00-MCONNL Imit--connlimit-above 5-j ACCEPT
3 , open this machine's SSH Service to 172.16.x.1-172.16.x.100 in the host, x for your seat number, the new request is established at a rate of not more than one minute 2 only allow the response message to leave the machine through its service port;
Iptables-a input-m iprange--src-range172.16.1.1-172.16.1.100-m limit--limit 2/m--limit-burst 2-j ACCEPT
Iptables-a output-p TCP--dport 22-mstate--state established-j ACCEPT
4 , Refusal TCP All flags are 1 and all for 0 Message access to this machine;
Iptables-a input-p tcp-m--tcp-flag all all-j dropiptables-a input-p tcp-m--tcp-flag all none-j DROP
5 , allow this machine Ping other hosts, but not open other hosts Ping the machine;
Iptables-a output-p ICMP--icmp-type 8-j acceptiptables-a input-d 192.168.1.2-p ICMP--icmp-type 0-j ACCEPTiptables -A input-d 192.168.1.2-p ICMP--icmp-type 8-j drop or iptables-a output-p icmp-m State--state New,established-jaccep Tiptables-a input-p icmp-m State--state established-j acceptiptables-a input-p ICMP--icmp-type 8-j DROP
Second, control vsftpd only allow 172.16.0.0/255.255.0.0 host access in the network, but 172.16.100.3 The denied access attempt is recorded in the /var/log/tcp_wrapper.log the log file;
1. First set up the vsftpd.conf configuration file tcp_wrappers=yes
2.vim/etc/hosts.allow
Add vsftpd:172.16.0.0/255.255.0.0 EXCEPT 172.16.100.3
3.vim/etc/hosts.deny
Add vsftpd:all:spawn/bin/echo ' Date '%a try to access%d is refused! >>/var/log/tcp_wrapper.log
iii. script programming classes (array exercises)
1, write a script: Define an array, the array element is the name of all the files in the /var/log directory that end with . Log ; Displays the number of rows per file;
#!/bin/bashcd/var/log/g=0for i in ' ls *.log ';d o arrayx[$g]= $i lnum=$ (wc-l $i) echo-e $lnum "\ n" Let G++done
2 , write a script, generate Ten random numbers, and sorted by small to large;
#!/bin/bashfor ((i=1;i<11;i++));d o if [$i-eq 1];then tmps= $RANDOM else tmp s= $tmps "\ n" $RANDOM fidoneecho-e $tmps |sort-n
3 , write a script, can randomly pick a classmate from all the students to answer questions; further: can accept a parameter, as the number of students to select;
#!/bin/bash
# Start num
Startx=1
# Stop Num
stopx=10
function rnd () {
Min=$1
max=$ (($2-$min + 1))
num=$ (Date +%s%n)
echo $ (($num% $max + $min))
}
Ix=3
For ((I=1;i < $ix; i++);d o
rnd=$ (Rnd $startx $stopx)
Echo $rnd
Done
Exit 0
Waiting to be sorted ...
Four, sudo practice
1 , Authorization CentOS users can run fdisk command to complete Disk Management, and to use the MKFS or MKE2FS implement file system management;
Visudocentos ha111=/sbin/fdisk,/sbin/mkfs,/SBIN/MKE2FS,/sbin/pvcreate,/sbin/pvdisplay
2 , Authorization Gentoo user can run related commands for logical volume management
Visudogentoo ha111=/sbin/pvcreate,/sbin/pvdisplay,/sbin/lvcreate,/sbin/lvdisplay, Sbin/vgcreate,/sbin/vgdisplay
v. VSFTPD and Pam classes
1, realize the VSFTPD function based on virtual user authentication ;
2 , the virtual user's account number and password information are stored in MySQL among them.
Waiting to be sorted ...
vi. Advanced Application Class (Intermediate class selected, Advanced Class will do)
1 , altogether 3 server, please arrange the allocation of resources reasonably;
2 nginx lnmp architecture load balancer, backend service content wordpress web server, all get consistent and up-to-date data;
3 , back-end nginx and php separation.
Answer Link: http://dengxi.blog.51cto.com/4804263/1713318
Linux OPS Practice-November 8, 2015-November 17 Course Assignments