Linux OPS Practice-November 8, 2015-November 17 Course Assignments

First,iptables class work

  " Span style= "Color:rgb (0,112,192); font-family:arial, Helvetica, Sans-serif;" > input output drop

    1 web 100 every second; web server contains admin web

Iptables-a input-d 192.168.61.131-p tcp--dport 80-m time! --weekdays 1-m limit--limit 100/second-m string!--string "admin"--algo kmp-j ACCEPT
Iptables-a ouput-s 192.168.61.131-p tcp--sport 80-j ACCEPT

2 during the working hours, that is, from Monday to Friday 8:30-18:00 , open this machine's FTP Service to 172.16.0.0 host access in the network, the number of data download requests per minute must not exceed 5 one;

Iptables-a input-p TCP--dport 21-s172.16.0.0/16-m time--weekdays 1,2,3,4,5--timestart 8:30am--timestop 18:00-MCONNL Imit--connlimit-above 5-j ACCEPT

3 , open this machine's SSH Service to 172.16.x.1-172.16.x.100 in the host, x for your seat number, the new request is established at a rate of not more than one minute 2 only allow the response message to leave the machine through its service port;

Iptables-a input-m iprange--src-range172.16.1.1-172.16.1.100-m limit--limit 2/m--limit-burst 2-j ACCEPT
Iptables-a output-p TCP--dport 22-mstate--state established-j ACCEPT

4 , Refusal TCP All flags are 1 and all for 0 Message access to this machine;

Iptables-a input-p tcp-m--tcp-flag all all-j dropiptables-a input-p tcp-m--tcp-flag all none-j DROP

5 , allow this machine Ping other hosts, but not open other hosts Ping the machine;

Iptables-a output-p ICMP--icmp-type 8-j acceptiptables-a input-d 192.168.1.2-p ICMP--icmp-type 0-j ACCEPTiptables -A input-d 192.168.1.2-p ICMP--icmp-type 8-j drop or iptables-a output-p icmp-m State--state New,established-jaccep Tiptables-a input-p icmp-m State--state established-j acceptiptables-a input-p ICMP--icmp-type 8-j DROP

Second, control vsftpd only allow 172.16.0.0/255.255.0.0 host access in the network, but 172.16.100.3 The denied access attempt is recorded in the /var/log/tcp_wrapper.log the log file;

1. First set up the vsftpd.conf configuration file tcp_wrappers=yes

2.vim/etc/hosts.allow

Add vsftpd:172.16.0.0/255.255.0.0 EXCEPT 172.16.100.3

3.vim/etc/hosts.deny

Add vsftpd:all:spawn/bin/echo ' Date '%a try to access%d is refused! >>/var/log/tcp_wrapper.log

iii. script programming classes (array exercises)

1, write a script: Define an array, the array element is the name of all the files in the /var/log directory that end with . Log ; Displays the number of rows per file;

#!/bin/bashcd/var/log/g=0for i in ' ls *.log ';d o arrayx[$g]= $i lnum=$ (wc-l $i) echo-e $lnum "\ n" Let G++done

2 , write a script, generate Ten random numbers, and sorted by small to large;

#!/bin/bashfor ((i=1;i<11;i++));d o if [$i-eq 1];then tmps= $RANDOM else tmp s= $tmps "\ n" $RANDOM fidoneecho-e $tmps |sort-n

3 , write a script, can randomly pick a classmate from all the students to answer questions; further: can accept a parameter, as the number of students to select;

#!/bin/bash
# Start num
Startx=1
# Stop Num
stopx=10

function rnd () {
Min=$1
max=$ (($2-$min + 1))
num=$ (Date +%s%n)
echo $ (($num% $max + $min))
}

Ix=3
For ((I=1;i < $ix; i++);d o

rnd=$ (Rnd $startx $stopx)
Echo $rnd

Done

Exit 0

Waiting to be sorted ...

Four, sudo practice

1 , Authorization CentOS users can run fdisk command to complete Disk Management, and to use the MKFS or MKE2FS implement file system management;

Visudocentos ha111=/sbin/fdisk,/sbin/mkfs,/SBIN/MKE2FS,/sbin/pvcreate,/sbin/pvdisplay

2 , Authorization Gentoo user can run related commands for logical volume management

Visudogentoo ha111=/sbin/pvcreate,/sbin/pvdisplay,/sbin/lvcreate,/sbin/lvdisplay, Sbin/vgcreate,/sbin/vgdisplay

v. VSFTPD and Pam classes

1, realize the VSFTPD function based on virtual user authentication ;

2 , the virtual user's account number and password information are stored in MySQL among them.

Waiting to be sorted ...

vi. Advanced Application Class (Intermediate class selected, Advanced Class will do)

     1 , altogether 3 server, please arrange the allocation of resources reasonably;

    2 nginx lnmp architecture load balancer, backend service content wordpress web server, all get consistent and up-to-date data;

3 , back-end nginx and php separation.

Answer Link: http://dengxi.blog.51cto.com/4804263/1713318

Linux OPS Practice-November 8, 2015-November 17 Course Assignments