The RHCE exam will be held next month. Therefore, it is important to record the details of the RHCE exam. Hope you can pass the RHCE exam smoothly! Tang sir said he wanted a full score. I hope I can afford it! 1: Clear the default firewall, the default firewall is quite strict, so this step is very important [root @ server ~] # ServiceiptablesstopFlushingfirewallrules: [OK] Settingchainstopo
The RHCE exam will be held next month. Therefore, it is important to record the details of the RHCE exam. Hope you can pass the RHCE exam smoothly! Tang sir said he wanted a full score. I hope I can afford it!
1: Clear the default firewall. The default firewall is quite strict, so this step is very important.
[Root @ server ~] # Service iptables stop
Flushing firewall rules: [OK]
Setting chains to policy ACCEPT: filter [OK]
Unloading iptables modules: [OK]
[Root @ server ~] # Service iptables save // save the cleared rules. Otherwise, the default rules will take effect again after the firewall is restarted.
[Root @ server ~] # Iptables-l input-n-v
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
Pkts bytes target prot opt in out source destination
2: Determine that The selinux status is enforcing.
[Root @ server ~] # Getenforce // determine that selinux is in force state. If not, modify the/etc/sysconfig/selinux file.
Enforcing
[Root @ server ~] # Getsebool-a | grep samba // samba shares the home directory. You need to adjust the Boolean value of samba_enable_home_dirs.
Samba_domain_controller --> off
Samba_enable_home_dirs --> off
Samba_export_all_ro --> off
Samba_export_all_rw --> off
Samba_cmd_nfs --> off
Use_samba_home_dirs --> off
Export _use_samba --> off
[Root @ server ~] # Setsebool-P samba_enable_home_dirs on //-P indicates that it takes effect permanently. Otherwise, it will become invalid after restart.
[Root @ server ~] # Getsebool-a | grep samba
Samba_domain_controller --> off
Samba_enable_home_dirs --> on
[Root @ server ~] # Ls-Zd/share // selinux of samba's shared directory needs to be set to samba_share_t
Drwxr-xr-x root: object_r: user_home_t/share/
[Root @ server ~] # Chcon-R-t samba_assist_t/share //-R indicates Recursion
[Root @ server ~] # Ls-Zd/share/
Drwxr-xr-x root: object_r: samba_assist_t/share/
[Root @ server ~] # Echo "test">/share/test.txt
[Root @ server ~] # Ls-Z/share/
-Rw-r -- root: object_r: samba_cmd_t test.txt
3: ssh host-and user-level access control
[Root @ server ~] # Tail-2/etc/passwd
Zhang: x: 500: 500:/home/zhang:/bin/bash
Huang: x: 501: 501:/home/huang:/bin/bash
[Root @ server ~] # Grep-I 'allowusers'/etc/ssh/sshd_config // Add the allowusers configuration to the ssh main configuration file. Separate users with space characters and enter the root and user to be allowed.
AllowUsers root huang // only root and huang users can perform ssh login.
[Root @ server ~] # Ssh zhang@127.0.0.1
The authenticity of host' 127. 0.0.1 (127.0.0.1) 'can't be established.
RSA key fingerprint is 3a: 5d: 33: 3c: c5: 04: 8f: 31: 19: 38: 1b: 9a: b4: 75: 4c: 51.
Are you sure you want to continue connecting (yes/no )? Yes
Warning: Permanently added '2017. 0.0.1 '(RSA) to the list of known hosts.
Zhang@127.0.0.1's password:
Permission denied, please try again. // login denied