osta-linux3-operation problem

Basic commands Find out that the shell is not a/sbin/nologin user in all users of the system; cat/etc/passwd | Grep-v "/sbin/nologin" Find the word "a total of 19 letters at the end of a R" in the System dictionary linux.words. Egrep ' ^a[a-z]{17}r$ '/usr/share/dict/linux.words View the following 30 lines of/var/log/message; Tail-30/var/log/messages A line containing/bin/bash in the output/etc/passwd; cat/etc/passwd | Grep/bin/bash View current system disk usage, output display units; Df-h Swap space Use the DD command to create a swap file/swapfile.db; DD If=/dev/zero of=/swapfile.db bs=2048 count=262144 Format the interchange file and enable it; Mkswap swapfile.db Swapon/swapfile.db View the change in the size of the swap space before and after enabling the swap file; Cat/proc/swaps Ensure that the swap file is automatically enabled after the restart. Vi/etc/fstab /swapfile.db swap swap defaults 0 0 Disk array Add 2 SCSI hard disks on the virtual machine, 1G in size, respectively; Establish RAID0 equipment md0, the number of active equipment is 2; Mdadm–c/dev/md0–a yes–l 0–N/DEV/SDB/DEV/SDC Create directory/RAID0, format/dev/md0 and mount to/raid0 directory; Mkdir/raid0 Mkfs.ext3/dev/md0 Mount/dev/md0/raid0 Generates a configuration file that writes the structure information of the md0 to/etc/mdadm.conf. Mdadm–d–scan >/etc/mdadm.conf Logical volumes Add 1 SCSI hard disks on the virtual machine with a size of 2G; Create a new 2 500M partition and modify the disk ID to 8e; Create a physical volume of 2 partitions and add to the new volume group vg001; Pvcreate/dev/sdb1 Pvcreate/dev/sdb2 Vgcreate VG001/DEV/SDB1/DEV/SDB2 Create a logical volume by dividing 500M space from the volume group vg001, named data; Lvcreate–l 500m–n Data vg001 Create a directory/data, format the logical volume, and mount it to the/data directory. Mkfs.ext3/dev/vg001/data Mkdir/data;mount/dev/vg001/data/data Five: Scheduled Tasks Set up a one-time scheduled task: Shut down the system after 4 hours; Service ATD Start At now + 4 hour Shutdown–h now Press Ctrl+d Set up a recurring schedule task: The 09:30 system of 1th per month automatically sends an email to the user gdlc, with the subject "Hello" and the content "good Luck". Service Crond Start Vi/etc/crontab 1 * * echo ' good luck! ' | Mail-s "Hello" gdlc VI: Network Fundamentals According to the examination room environment for the first network card configuration static IP, gateway; Vi/etc/sysconfig/network-scripts/ifcfg-eth0 Press A to enter the edit, the content is as follows Device=eth0 Bootproto=static Hwaddr= don't change. Onboot=yes Ipaddr=ip Address Netmask= Mask gateway= Gateway Press ESC when the modification is complete, and then press: wq! Save exit Specifies that the domain name resolution server address Master is 202.96.128.86, supplemented by 210.21.4.130; Vi/etc/resolv.conf Press A to enter the edit, the content is as follows ; Generated By/sbin/dhclient-script NameServer 202.96.128.86 NameServer 210.21.4.130 Search Localdomain Press ESC when the modification is complete, and then press: wq! Save exit Modify the Hosts file to make the www.exam.com point from native access to IP 192.168.1.100; Vi/etc/hosts Press A to enter edit Add 192.168.1.100 www.exam.com Press ESC when the modification is complete, and then press: wq! Save exit View the network service on which the computer is running and the ports it listens to. Netstat-tulpn Query the local IP address, gateway, DNS server information; View IP, Mask ifconfig View Routing and Gateway Netstat-r DNS Server Query more/etc/resolv.conf Configure the SSHD service to disallow administrators from remote logins; Vi/etc/ssh/sshd_config Change #permitrootlogin Yes to Permitrootlogin no The SSH service listens only to the IP address of the native eth0. Vi/etc/ssh/sshd_config Change # listenaddress to listenaddress eht0 IP address VII. Services for NFS Share/nfs/media so that everyone under 192.168.1.0/24 is read only; Share the/nfs/document so that the s168.365linux.com host can read and write, other users are read-only, and root is mapped to anonymous users. Installing Portmap and Nfs-utils Vi/etc/exports Add/nfs/media 192.168.1.0/24 (RO) /nfs/document * (Ro,root_squash) s168.365linux.com (rw) Viii. Services of Samba Shared directory/samba/doc, anyone read-only access; Shared directory/samba/work, only users GDLC and group exam members can access, only GDLC have writable permissions. Installing Samba,samba-clent,samba-common CHGRP Exam work/ Chown GLDC wrok/ chmod Vi/etc/samba/smb.conf Add to [Doc] Comment=doc Path=/samba/doc Public=yes Readonly=yes [Work] Comment = Wrok Path=/samba/work Valid users = @exam, GDLC Write List =GLDC Save exit, service SMB restart Nine, FTP Service Share directory/var/ftp/pub, allow anonymous users to upload and download files, folders; Installing VSFTPD Vi/etc/vsftpd/vsftpd.conf Anonymous_enables=yes Dirlist_enable=yes Anon_root=/var/ftp Anon_upload_enable=yes Download_enable=yes Do not allow local Users GDLC login, other ordinary users are allowed, what should be done; Vi/etc/vsftpd/ftpusers Add GLDC The shared home directory after the local user is logged in is/share; Local_enable=yes Local_root=/share ? Restrict all local users from accessing the shared home directory from the terminal after logging in; Chroot_list_enable=yes Use the xinetd daemon to host the VSFTPD service. Vi/etc/xinetd.d/vsftpd Disable = no Socket_type = Stream wait = no Vi/etc/vsftpd/vsftpd.conf Listen=no Configure the FTP anonymous user's home directory to/data/ftp; Anonymous_enables=yes Anon_root=/data/ftp Limit the maximum transfer rate for anonymous users to 200k. anon_max_rate=200000 Ten, DHCP server Provide the service of dynamically allocating IP for all network hosts of this network segment; Install Dhcpd-devel, Dhcp,dhcpv6 Cp/user/share/doc/dhcp-3.0.5/dhcpd.conf.sample/etc/dhcpd.conf Vi/etc/dhcpd.conf Subnet 192.168.0.0 (network segment) netmask 255.255.255.0 { #---Default gateway Option routers 192.168.0.1 (gateway); Option Subnet-mask 255.255.255.0; Option Nis-domain "domain.org"; Option Domain-name "domain.org"; Option domain-name-servers 192.168.1.1; (DNS server address) Option time-offset-18000; # Eastern Standard Time # option Ntp-servers 192.168.1.1; # option Netbios-name-servers 192.168.1.1; #---Selects point-to-point node (default is hybrid). Don ' t change this unless #--You understand Netbios very well # option Netbios-node-type 2; Range DYNAMIC-BOOTP 192.168.0.1 192.168.0.254; (IP to assign) Default-lease-time 21600; (Rental period) Max-lease-time 43200; # We want the nameserver to appear at a fixed address Host NS { Next-server marvin.redhat.com; Hardware Ethernet 12:34:56:78:AB:CD; Fixed-address 207.175.42.254; } Define the default route as the last available IP for this network segment; Option Routers 192.168.0.254 Define the domain name resolution server as the main 202.96.128.86, supplemented by 210.21.4.130; Option Domain-name-servers 202.96.128.86,320.32.4.130; Specifies the IP for the www.gd-linux.com host (MAC address 12:34:56:78:AB:CD) as the first available IP for this network segment. Host Www.gd-linux.com { Next-server marvin.redhat.com; Hardware Ethernet 12:34:56:78:AB:CD; Fixed-address 192.168.0.1; } Xi.DNS service Install and start the named service in chroot mode; www.gdlc.com the corresponding IP address is the native IP landlord's forward parsing; Non-native Managed domain query requests are forwarded to the DNS server 202.96.128.86; The DNS parsing data results for the native test www.gdlc.com. 12 . WEB Server Install lamp (linux+apache+mysql+php) architecture; Configure the HTTP server to run automatically; Configure the virtual host www.gdlc.com, the website root directory is/data/htdocs; Allows you to index a list of files in the/data/htdocs/download directory Configure Apache to parse PHP Dynamic Web page http://www.gdlc.com/phpinfo.php; The code in the phpinfo.php is as follows: <?php Phpinfo (); ?> 13. Linux Firewall The internal loopback interface is all open; Iptables–a input–i lo–j ACCEPT Allow access to the native SSH service and Web services; Iptables–a input–p TCP--dport 80–j ACCEPT Iptables–a input–p TCP--dport 22–j ACCEPT Set the default rule to access this machine to deny; Iptables–p INPUT DROP Allows response packets to be returned from outside the native request, and the associated package passes. Iptables-a input-m State--state established,related-j ACCEPT 14. Iptables Firewall Discard all packets with a state of invalid; Iptables-a input-p all-m State invalid-j DROP Prohibit 192.168.1.0/24 network segment from eth0 access to this machine; Iptables–a input–s 192.168.1.0/24–i eth0-j DROP Allows access to native Web services from anywhere (except 192.168.1.0/24 network segments). Iptables–a input–s 192.168.1.0/24–p TCP--dport 80-j DROP

osta-linux3-operation problem