Linux System Engineer Technology (Engineer)-------first day

Last Update:2017-12-07 Source: Internet

Author: User

Tags aliases

Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more ＞

? security-enhanced Linux-----Equivalent to a security

– The NSA National Security Agency led development, a set of enhanced Linux systems

Full-force access control system

– integrated into the Linux kernel (2.6 and above) running

–RHEL7 based on SELinux system for users, processes, directories and files

Provides a pre-set protection policy, as well as management tools

? SELinux Mode of operation

–enforcing (mandatory), permissive (loose)

–disabled (completely disabled)

[[email protected] ~]# Getenforce?? #查看当前SELinux状态

? Enforcing

[Email protected] ~]# Setenforce 0? #设置当前SELinux状态

[Email protected] ~]# Getenforce?

? Permissive

Fixed configuration:

[Email protected] ~]# vim/etc/selinux/config?

Selinux=permissive

? Add: Vim command mode??

? ? ? ? ? ? C (UPPERCASE): Deletes the cursor to the end of the line and enters insert mode

#####################################################

Configure an aggregation connection (NIC binding)

? ? HSRP? Back up your gateway device?

?????????????????????????????? Router 2

? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? 192.168.1.254?? 192.168.1.253

? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? Active?????????? Backup

? ? ?

????????????????????????

??????????????????????192.168.1.200

? ? ??

?????????????

? ? ? ? ? ? ? ? ? ? ? Eth1?????? eth2

? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ??

? ? ? ? ? ? ? ? ? ? ? ? ? ? ? Team

? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? 192.168.1.10

? Team, aggregation connections (also known as Link aggregation)

– A virtual network card formed with multiple network cards (team-slave),

i.e. "Team"

– Role 1: Traffic load Balancing for polling (Roundrobin)

– Role 2: Hot backup (activebackup) connection redundancy

? ? Hot backup configuration:?? {"Runner": {"name": "Activebackup"}}

? ? ? ? ? Man helps assist memory

? ? ? ? ? /example?? #全文查找example

? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? #按n Jump Next Match

[email protected] ~]# man teamd.conf

? ? ? ? ? /example? #全文查找example

? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? #按n Jump Next Match

One, add team equipment

# NMCLI Connection Add type team?

Con-name team0? ifname? team0?

Config? {"Runner": {"name": "Activebackup"}}

# CAT/ETC/SYSCONFIG/NETWORK-SCRIPTS/IFCFG-TEAM0

# Ifconfig? team0

Second, add members

# NMCLI Connection Add type Team-slave?

ifname eth1 Master Team0?

# NMCLI Connection Add type Team-slave?

ifname eth2 Master Team0

Third, configure the IP address of the TEAM0

# NMCLI connection Modify Team0????

? Ipv4.method manual?

? ipv4.addresses 192.168.1.1/24???

? connection.autoconnect Yes

Iv. Activation of TEAM0

# NMCLI connection up team-slave-eth1? #激活从设备eth1

# NMCLI connection up team-slave-eth2? #激活从设备eth2

# NMCLI connection up team0?????? #激活主设备team0??

V. Verification

# Teamdctl Team0 state?? #专用于查看team信息

Delete

# NMCLI Connection Delete team-slave-eth1?

# NMCLI Connection Delete team-slave-eth2

# NMCLI Connection Delete Team0

#####################################################

? Configure IPV6 Addresses

? IPV6 Address representation

– 128 bits, colon-delimited hexadecimal number

– Successive pre-0 in each paragraph can be omitted, successive multiple: can be simplified to::

# NMCLI Connection Modify ' System eth0 '?

Ipv6.method manual?

Ipv6.addresses 2003:ac18::305/64?

Connection.autoconnect Yes

# NMCLI connection up ' System eth0 '

# ifconfig Eth0

# ping6? 2003:ac18::305

###################################################

Alias aliases Settings

? Viewing aliases that have been set

–alias [alias name]

? Define a new Alias

–alias Alias name = ' actual execution of command line '

? To cancel an alias that has been set

–unalias [alias name]

User Personalization Profile

? Bash interpretation environment that affects the specified user

–~/.BASHRC, effective every time the bash terminal is turned on

Global Environment Configuration

? Bash interpretation environment that affects all users

–/ETC/BASHRC, effective every time the bash terminal is turned on

[Email protected] ~]# VIM/ROOT/.BASHRC??? #影响root文件

? ? Alias hello= ' echo Hello '?

[Email protected] ~]# VIM/HOME/STUDENT/.BASHRC #影响student文件

? ? Alias hi= ' echo Hi '?

[Email protected] ~]# VIM/ETC/BASHRC???

? ? Alias Haha= ' Echo Xixi '

? Exit remote login, verify from new remote SERVER0

[email protected] ~]# hello???? #成功

[email protected] ~]# hi????? #失败

[[email protected] ~]# haha???? #成功

[Email protected] ~]# su-student

[email protected] ~]$ hello??? #失败

[email protected] ~]$ hi ?? #成功

[[email protected] ~]$ haha??? #成功

[[Email protected] ~]$ exit

####################################################

? Firewall Policy Management (firewall)

? I. Building BASIC Web Services

? Service side:? httpd (software)

? Installing httpd software on 1.server0

? 2.server0 start httpd service, set boot from

? ? By default: Apache does not provide any pages

? ? Default Apache Web page file storage path:/var/www/html

? ? Default Apache web page file name: index.html

[Email protected] ~]# systemctl restart httpd

[Email protected] ~]# Systemctl enable httpd

[Email protected] ~]# vim/var/www/html/index.html

? <marquee><font Color=green>

[email protected] ~]# Firefox 172.25.0.11

Second, the construction of FTP services

? Service side:? VSFTPD (software)

? Installing VSFTPD software on 1.server0

? 2.server0 start vsftpd Service, set boot from

??? The default share location:/var/ftp

Test

[email protected] ~]# Firefox ftp://172.25.0.11

? ?

###################################################

? Firewall Policy Management (firewall)

?? Role: Isolate---------------Allow outbound, block inbound

? ? ? ? ? ? Block Inbound, Allow outbound

? ? System Services: FIREWALLD

? ? Administrative Tools: Firewall-cmd (command), Firewall-config (graphics)

? View Firewall Service Status

[Email protected] ~]# systemctl status Firewalld.service

? Preset protection rule set based on the location of your network

–public: Only a few services that allow access to native sshd

–trusted: Allow any access

–block: Reject any request for a visit

–drop: Discard any incoming packets

The rules for firewall judgment: match and stop

? 1. First look at the source IP address in the request (client), whether there is a policy to change the IP address in all regions, if there is a request to enter the zone

? 2. Go to the default zone

Virtual Machine desktop0:

# Firefox http://172.25.0.11? #访问失败

# Firefox ftp://172.25.0.11? #访问失败

Virtual Machine Server0:

# Firewall-cmd--get-default-zone???? #查看默认区域

# Firewall-cmd--zone=public--list-all?

# firewall-cmd--zone=public--add-service=http #添加服务

# Firewall-cmd--zone=public--list-all? #查看区域规则信息

Virtual Machine desktop0:

# Firefox http://172.25.0.11? #访问成功

# Firefox ftp://172.25.0.11? #访问失败

Virtual Machine Server0:

# Firewall-cmd--zone=public--add-service=ftp

# Firewall-cmd--zone=public--list-all?

Virtual Machine desktop0:

# Firefox ftp://172.25.0.11? #访问成功

#####################################################

? --permanent Options: Implementing Permanent settings

Virtual Machine Server0:

# Firewall-cmd--reload? #重新加载防火墙

# Firewall-cmd--zone=public--list-all?

# firewall-cmd--permanent--zone=public?--add-service=ftp

# firewall-cmd--permanent--zone=public--add-service=http

# Firewall-cmd--reload? #重新加载防火墙

# Firewall-cmd--zone=public--list-all?

####################################################

Modify the default zone without adding--permanent

Virtual Machine desktop0:

# ping 172.25.0.11?? #可以通信

Virtual Machine Server0:

# Firewall-cmd--set-default-zone=block? #修改默认区域

# Firewall-cmd--get-default-zone???? #查看默认区域

Virtual Machine desktop0:

# ping 172.25.0.11? #不可以通信

Virtual Machine Server0:

# Firewall-cmd--set-default-zone=drop?

# Firewall-cmd--get-default-zone

Virtual Machine desktop0:

# ping 172.25.0.11? #通信无反馈

######################################################

Virtual machine Server0:?

# firewall-cmd--permanent--zone=public--add-source=172.25.0.10

# Firewall-cmd--zone=public--list-all?

# Firewall-cmd--reload?

# Firewall-cmd--zone=public--list-all

Virtual Machine desktop0:

# Firefox http://172.25.0.11

##################################################

Implementing a native port mapping

? Port redirection for on-premises applications (port 1 and Port 2)

– Automatically map to native port 2 from client Access port 1 requests

– For example, visit the following two addresses to see the same page:

Virtual Machine desktop0:

# Firefox http://172.25.0.11:5423-------"172.25.0.11:80

Virtual machine Server0:?

# Firewall-cmd--permanent--zone=public?

--add-forward-port=port=5423:proto=tcp:toport=80?

# Firewall-cmd--reload?

# Firewall-cmd--zone=public--list-all

Virtual machine desktop0:?

# Firefox http://172.25.0.11:5423

Linux System Engineer Technology (Engineer)-------first day

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

Sales Support

1 on 1 presale consultation

Chat Contact Sales
After-Sales Support

24/7 Technical Support 6 Free Tickets per Quarter Faster Response

Open a Ticket
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

Learn More