Linux System Engineer Technology (Engineer)-------first day

Source: Internet
Author: User
Tags aliases


? security-enhanced Linux-----Equivalent to a security


– The NSA National Security Agency led development, a set of enhanced Linux systems

Full-force access control system

– integrated into the Linux kernel (2.6 and above) running

–RHEL7 based on SELinux system for users, processes, directories and files

Provides a pre-set protection policy, as well as management tools


? SELinux Mode of operation

–enforcing (mandatory), permissive (loose)

–disabled (completely disabled)


[[email protected] ~]# Getenforce?? #查看当前SELinux状态

? Enforcing

[Email protected] ~]# Setenforce 0? #设置当前SELinux状态

[Email protected] ~]# Getenforce?

? Permissive


Fixed configuration:

[Email protected] ~]# vim/etc/selinux/config?


Selinux=permissive


? Add: Vim command mode??

? ? ? ? ? ? C (UPPERCASE): Deletes the cursor to the end of the line and enters insert mode


#####################################################

Configure an aggregation connection (NIC binding)


? ? HSRP? Back up your gateway device?


?????????????????????????????? Router 2

? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? 192.168.1.254?? 192.168.1.253

? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? Active?????????? Backup

? ? ?

????????????????????????

??????????????????????192.168.1.200

? ? ??

?????????????


? ? ? ? ? ? ? ? ? ? ? Eth1?????? eth2

? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ??

? ? ? ? ? ? ? ? ? ? ? ? ? ? ? Team

? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? 192.168.1.10




? Team, aggregation connections (also known as Link aggregation)

– A virtual network card formed with multiple network cards (team-slave),

i.e. "Team"

– Role 1: Traffic load Balancing for polling (Roundrobin)


– Role 2: Hot backup (activebackup) connection redundancy



? ? Hot backup configuration:?? {"Runner": {"name": "Activebackup"}}


? ? ? ? ? Man helps assist memory


? ? ? ? ? /example?? #全文查找example

? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? #按n Jump Next Match


[email protected] ~]# man teamd.conf

? ? ? ? ? /example? #全文查找example

? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? #按n Jump Next Match


One, add team equipment

# NMCLI Connection Add type team?

Con-name team0? ifname? team0?

Config? {"Runner": {"name": "Activebackup"}}



# CAT/ETC/SYSCONFIG/NETWORK-SCRIPTS/IFCFG-TEAM0

# Ifconfig? team0


Second, add members

# NMCLI Connection Add type Team-slave?

ifname eth1 Master Team0?


# NMCLI Connection Add type Team-slave?

ifname eth2 Master Team0


Third, configure the IP address of the TEAM0

# NMCLI connection Modify Team0????

? Ipv4.method manual?

? ipv4.addresses 192.168.1.1/24???

? connection.autoconnect Yes


Iv. Activation of TEAM0

# NMCLI connection up team-slave-eth1? #激活从设备eth1

# NMCLI connection up team-slave-eth2? #激活从设备eth2

# NMCLI connection up team0?????? #激活主设备team0??


V. Verification

# Teamdctl Team0 state?? #专用于查看team信息



Delete

# NMCLI Connection Delete team-slave-eth1?

# NMCLI Connection Delete team-slave-eth2

# NMCLI Connection Delete Team0



#####################################################

? Configure IPV6 Addresses


? IPV6 Address representation

– 128 bits, colon-delimited hexadecimal number

– Successive pre-0 in each paragraph can be omitted, successive multiple: can be simplified to::


# NMCLI Connection Modify ' System eth0 '?

Ipv6.method manual?

Ipv6.addresses 2003:ac18::305/64?

Connection.autoconnect Yes


# NMCLI connection up ' System eth0 '


# ifconfig Eth0


# ping6? 2003:ac18::305


###################################################


Alias aliases Settings

? Viewing aliases that have been set

–alias [alias name]

? Define a new Alias

–alias Alias name = ' actual execution of command line '

? To cancel an alias that has been set

–unalias [alias name]




User Personalization Profile

? Bash interpretation environment that affects the specified user

–~/.BASHRC, effective every time the bash terminal is turned on


Global Environment Configuration

? Bash interpretation environment that affects all users

–/ETC/BASHRC, effective every time the bash terminal is turned on


[Email protected] ~]# VIM/ROOT/.BASHRC??? #影响root文件

? ? Alias hello= ' echo Hello '?

[Email protected] ~]# VIM/HOME/STUDENT/.BASHRC #影响student文件

? ? Alias hi= ' echo Hi '?

[Email protected] ~]# VIM/ETC/BASHRC???

? ? Alias Haha= ' Echo Xixi '


? Exit remote login, verify from new remote SERVER0

[email protected] ~]# hello???? #成功

[email protected] ~]# hi????? #失败

[[email protected] ~]# haha???? #成功

[Email protected] ~]# su-student

[email protected] ~]$ hello??? #失败

[email protected] ~]$ hi ?? #成功

[[email protected] ~]$ haha??? #成功

[[Email protected] ~]$ exit

####################################################



? Firewall Policy Management (firewall)


? I. Building BASIC Web Services


? Service side:? httpd (software)

? Installing httpd software on 1.server0

? 2.server0 start httpd service, set boot from

? ? By default: Apache does not provide any pages


? ? Default Apache Web page file storage path:/var/www/html

? ? Default Apache web page file name: index.html


[Email protected] ~]# systemctl restart httpd

[Email protected] ~]# Systemctl enable httpd


[Email protected] ~]# vim/var/www/html/index.html


? <marquee><font Color=green>


[email protected] ~]# Firefox 172.25.0.11



Second, the construction of FTP services

? Service side:? VSFTPD (software)

? Installing VSFTPD software on 1.server0

? 2.server0 start vsftpd Service, set boot from

??? The default share location:/var/ftp


Test

[email protected] ~]# Firefox ftp://172.25.0.11


? ?

###################################################

? Firewall Policy Management (firewall)


?? Role: Isolate---------------Allow outbound, block inbound

? ? ? ? ? ? Block Inbound, Allow outbound


? ? System Services: FIREWALLD

? ? Administrative Tools: Firewall-cmd (command), Firewall-config (graphics)


? View Firewall Service Status

[Email protected] ~]# systemctl status Firewalld.service



? Preset protection rule set based on the location of your network

–public: Only a few services that allow access to native sshd

–trusted: Allow any access

–block: Reject any request for a visit

–drop: Discard any incoming packets


The rules for firewall judgment: match and stop


? 1. First look at the source IP address in the request (client), whether there is a policy to change the IP address in all regions, if there is a request to enter the zone

? 2. Go to the default zone



Virtual Machine desktop0:

# Firefox http://172.25.0.11? #访问失败

# Firefox ftp://172.25.0.11? #访问失败

Virtual Machine Server0:

# Firewall-cmd--get-default-zone???? #查看默认区域

# Firewall-cmd--zone=public--list-all?

# firewall-cmd--zone=public--add-service=http #添加服务

# Firewall-cmd--zone=public--list-all? #查看区域规则信息

Virtual Machine desktop0:

# Firefox http://172.25.0.11? #访问成功

# Firefox ftp://172.25.0.11? #访问失败

Virtual Machine Server0:

# Firewall-cmd--zone=public--add-service=ftp

# Firewall-cmd--zone=public--list-all?

Virtual Machine desktop0:

# Firefox ftp://172.25.0.11? #访问成功

#####################################################

? --permanent Options: Implementing Permanent settings


Virtual Machine Server0:


# Firewall-cmd--reload? #重新加载防火墙

# Firewall-cmd--zone=public--list-all?


# firewall-cmd--permanent--zone=public?--add-service=ftp

# firewall-cmd--permanent--zone=public--add-service=http


# Firewall-cmd--reload? #重新加载防火墙

# Firewall-cmd--zone=public--list-all?


####################################################

Modify the default zone without adding--permanent



Virtual Machine desktop0:

# ping 172.25.0.11?? #可以通信

Virtual Machine Server0:

# Firewall-cmd--set-default-zone=block? #修改默认区域

# Firewall-cmd--get-default-zone???? #查看默认区域


Virtual Machine desktop0:

# ping 172.25.0.11? #不可以通信


Virtual Machine Server0:

# Firewall-cmd--set-default-zone=drop?

# Firewall-cmd--get-default-zone

Virtual Machine desktop0:

# ping 172.25.0.11? #通信无反馈


######################################################


Virtual machine Server0:?

# firewall-cmd--permanent--zone=public--add-source=172.25.0.10


# Firewall-cmd--zone=public--list-all?

# Firewall-cmd--reload?

# Firewall-cmd--zone=public--list-all


Virtual Machine desktop0:

# Firefox http://172.25.0.11


##################################################

Implementing a native port mapping

? Port redirection for on-premises applications (port 1 and Port 2)

– Automatically map to native port 2 from client Access port 1 requests

– For example, visit the following two addresses to see the same page:


Virtual Machine desktop0:

# Firefox http://172.25.0.11:5423-------"172.25.0.11:80


Virtual machine Server0:?

# Firewall-cmd--permanent--zone=public?

--add-forward-port=port=5423:proto=tcp:toport=80?


# Firewall-cmd--reload?


# Firewall-cmd--zone=public--list-all



Virtual machine desktop0:?

# Firefox http://172.25.0.11:5423








Linux System Engineer Technology (Engineer)-------first day

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.