You are on page 1of 11

RHCE

RHCSA:
root redhat
grub 1, setenforce
0 selinux passwd root
IP 192.168.0.X
192.168.0.254
dns 192.168.0.254
system-config-network

service network restart


/home 100M
df -TH
umount /home/
e2fsch -f /dev/mapper/vgsrv-home
resize2fs /dev/mapper/vgsrv-home 100M
lvreduce -L 100M /dev/mapper/vgsrv-home
mount -a
df -TH
manager harrynatashasarah
1.harry natasha manager;
2.sarah shell /sbin/nologin;
3. password;
groupadd manager
useradd -G manager harry
useradd -G manager natasha

useradd -s /sbin/nologin sarah


passwd harry
passwd natasha
passwd sarah
/command manager

mkdir /command
ll -d /command
chgrp manager /command
chmod g+w /command
chmod o-rx /command
chmod o+t /command
chmod g+s /command
ll -d /command

vim /etc/sysctl.conf
net.ipv4.ip_forward = 1
sysctl -p
ftp//192.168.0.254/pub/rhcsa/ kernel-2.6.32-71.7.1.el6.x86_64
kernel-firmware-2.6.32-71.7.1
lftp 192.168.0.254
cd pub
cd rhcsa
mget kernel-2.6.32-71.7.1.el6.x86_64.rpm kernel-firmware-2.6.32-71.7.1.el6.noarch.rpm
bye
rpm -ivh kernel-*.rpm

vim /boot/grub/grub.conf
default=0 default=1
yum ftp://192.168.0.254/pub/rhel6/dvd
vim /etc/yum.repos.d/server.repo
[server]
name=this is test server
url=ftp://192.168.0.254/pub/rhel6/dvd
enabled=1
gpgcheck = 0
natasha 8 45 /bin/echo howdy
crontab -e -u natasha
45 20 * * * /bin/echo howdy
:wq
crontab -u satasha -l
192.168.0.254 ldapuser1,LDAP DN: dc=example,dc=com
http://192.168.0.254/pub/EXAMPLE-CA-CERT, TLS ,LDAP :LDAP password
system-config-authentication
User Account Database -->LDAP
LDAP Search Base DN: dc=example,dc=com
LDAP Server: ldap ://192.168.0.254/
Use TLS to encrypt connections

Certificate URL: http://192.168.0.254/pub/EXAMPLE-CA-CERT


Authentication Method: LDAP password
getent passwd ldapuserX
id ldapuser

su ldapuserX
ldapuser1 autofs
vim /etc/auto.master
/home/guests auto.ldap
:wq
cp /etc/auto.misc /etc/auto.ldap
vim /etc/auto.ldap
ldapuserX

-fstype=nfs,rw

192.168.0.254:/home/guests/ldapuserX

:wq
service autofs stop

restart

service autofs start


su ldapuserX
/etc/fstab /var/tmp/natasha rwharry
cp /etc/fstab /var/tmp/
ll /var/tmp/fstab
chgrp manager /var/tmp/fstab
setfacl -m u:natasha:rw /var/tmp/fstab
setfacl -m u:harry:-- /var/tmp/fstab
getfacl /var/tmp/fstab
natasha /root/found/
mkdir /root/found/
find / -user natasha -exec cp -rf {} /root/found/ \;
jean uid 4332
useradd -u 4332 jean
id jean

swap 512M
swapon -s
fdisk -cu /dev/vda

512M
/dev/vda5
t
5
l
82
w
partx -a /dev/vda
mkswap /dev/vda5
swapon /dev/vda5
swapon /dev/vda5 -s
vim /etc/fstab
/dev/vda5

swap

swap

defaults

00

:wq
mount -a
FTP
yum install vsftpd*
service vsftpd restart
chkconfig vsftpd on
cp /etc/fstab /var/ftp/pub
lftp localhost
cd pub
get fstab
bye

web ftp station.html,


yum install httpd -y
lftp 192.168.0.254
cd pub
get station.html
cp station.html /var/www/html/index.html
service httpd restart
chkconifg httpd restart
links http://127.0.0.1
/usr/share/dict/words strato /root/lines.txt
cd /usr/share/dict
cat words | grep strato > /root/lines.txt
LVM/mnt/wshare LVM wgroup
100, PE 8M 80M wshare
fdisk -cu /dev/vda
100M
/dev/vda6
t
6
8e
w
partx -a /dev/vda
pvcreate /dev/vda6
vgcreate wgroup -s 8M /dev/vda6
vgdisplay
lvcreate -l 10 -n wshare wgroup
mkfs.ext4 /dev/wgroup/wshare

mkdir /mnt/wshare
vim /etc/fstab
/dev/wgroup/wshare

/mnt/wshare

ext4

default 0 0

mount -a
RHCE:
SElinux
vim /etc/sysconfig/selinux
selinux = enforcing
setenforce 1
getenforce

vim /etc/sysctl.conf
net.ipv4.ip_forward=1
example.com 172.16.0.0/16crake.com 172.25.0.0/16
example.com crake.com
iptables -F
iptables -A INPUT -s 172.25.0.0/16 -j REJECT
service iptables save
service iptables restart
ftp 172.25.0.0/26
yum install vsftpd -y
service vsftpd restart
chkconfig vsftpd on
vim /etc/vsftpd/vsftpd.conf

anon_upload_enabled = yes
anon_mkdir_write_enabled = yes
service vsftpd restart
chmod o+w /var/ftp/pub
getsebool -a | grep ftp
setsebool -P allow_ftpd_full_access on
SMTP example.com
admin natasha
yum install postfix
vim /etc/postfix/mian.cf
myhostname = server X.example.com
mydomain = example.com
myorigin = $mydomain
#inet_interface = localhost
inet_interface = all
chkconfig postfix on
vim /etc/aliases
admin: natasha
newaliases
setvice postfix restart
samba /client natasha
yum install samba* -y
chkconifg smb on
vim /etc/samba/smb.conf
[client]
path = /client
writable = yes
service smb restart
smbpasswd -a natasha

chcon -t samba_share_t /client


/client 172.16.0.0/24 NFS
vim /etc/exports
/client 172.16.0.0/255.255.255.0 (ro,sync)
service nfs restart
chkconifg nfs on
crake.com ssh
ipta bles -A INPUT -s 172.25.0.0/16 -p tcp --dport 22 -j REJECT
WEB wwwX tom
yum install httpd
vim /etc/httpd/conf/httpd.conf
<virtualhost *:80>
...
<directory /var/www/html/www13>
authname server-13-password
authtype basic
authuserfile /etc/httpd/conf/.htpasswd
require valid-user
</directory>
</virtualhost>
htpasswd -mc /etc/httpd/conf/.htpasswd tom
cut -d: -f1-2 /etc/shadow > /etc/httpd/conf/.htpasswd
elinks wwwX.example.com
boot iso /mnt/cdrom
mkdir /mnt/cdrom

vim /etc/fstab
/root/cdrom.iso /mnt/cdrom iso9660 default,loop 0 0
/proc/cmdline sysctl = 1
vim /boot/grub/grub.conf
sysctl = 1
cat /proc/cmdline
shell shell a bexampleshell
test.sh./test.sh a b,/test.sh b a
cd /root/
vim secripts.sh
#!/bin/bash
case $1 in
a)
echo b
;;
b)
echo a
;;
*)
echo "/root/scripts a|b"
;;
esac
192.168.0.254 iscsi /mnt/iscsi
iscsiadm -m discovery -t st -p 192.168.0.254
iscsiadm -m node -T iqn.XXX -p 192.168.0.254 -l
fdisk /dev/sdX
mkfs.ext4 /dev/sdXx

blkid /dev/sdX
vim /etc/fstab
UUID=XXXX /mnt/iscsi ext4 _netdev 0 0
mount -a
cronnatasha
vim /etc/cron.deny
natasha
/etc/init.d/crond restart
DNS 192.168.0.254 DNS
yum install bind
vim /etc/named/conf
listen-on port 53 { any; };
listen-on-v6 port 53 { any; };
dnssec-validation no;
allow-query { any; };
forwarders { 192.168.0.254; };
service named restart