服务器评测
【RHSCA篇】
一、swap
fdisk /dev/sdb #nt,创建swap分区
mkswap /dev/sdb1 #格式化swap分区
swapon /dev/sdb1 #激活swap分区
cat /proc/swap #查看swap激活情况
#创建文件swap (文件swap不能建立在dev目录,否则激活不成功。)
dd if=/dev/zero of=/data/tmpswap bs=1024 count=20000
mkswap -L lableswap /data/tmpswap
swapon /data/tmpswap
二、磁盘UUID
ls -l /dev/disk/by_uuid #查看磁盘的uuid对应关系
三、/etc/fstab
man fstab 查看 5、6列作用
5、dump 1,nodump 0
6、fsck检查磁盘 ,0不检查,1 只检查root,2其他的也检查
挂载iso 到/etc/fstab
/root/rhel-server-6.0-i386-dvd.iso /mnt/rhel6 iso9660 loop,ro 0 0
四、创建组(子文件从属组属性)
chmod g+s dir
五、路由转发功能开启
echo 1 > /proc/sys/net/ipv4/ip_forward #实时更改
#永久更改
echo 1 >/proc/sys/net/ipv4/ip_forward #改句添加到 /etc/rc.d/rc.local
或者
echo “net.ipv4.ip_forward=1” >> /etc/sysctl.conf
sysctl -p
或者
sysctl -w net.ipv4.ip_forward=1 #实时更改
五、NIS的配置
[root@RedHat2 yp]# service ypbind restart
Shutting down NIS service: [ OK ]
Starting NIS service: [ OK ]
Binding NIS service: ………………….[FAILED]
客户端连接服务端是绑定nis服务报错
1、服务端需要开启rpcbind ,ypserv 服务
2、服务端的防火墙对111udp端口不做限制
3、服务端需要初始化 ypinit(map)数据
/usr/lib/yp/ypinit -m
4、客户端/etc/yp.conf (这点有时候需要,有时候用ip地址也行,想不明白)
domain domainname server hostname
需要填写hostname,并且在/etc/hosts配置上对应的IP地址
5、服务端/etc/ypserv.conf
正确配置访问列表
rpcinfo -p nisservrname
6、服务端rpcbind服务启动后,需要检查端口111的tcp是否启动
如果没有启动,需要到/etc/services 检查
sunrpc 111/tcp portmapper rpcbind # RPC 4.0 portmapper TCP
上面这行是否已经被注释。
7、服务端的hostname命令输入的名字需要和/etc/hosts配置的一致
ypcat passwd 测试远程用户
这样会显示出NIS服务器上的password数据,(请记住,只有在服务器上/etc/passwd文件中UID大于等于500的用户才会被放进数据库中)
六、locale
I18N AND L10N
Internationalization(I18N) and localization(L10N) are supported at least in
principle even on EBCDIC platforms. The details are system dependent and discussed
under the “OS ISSUES” in perlebcdic section below.
en_US.utf8
七、bshell
When bash is invoked as an interactive login shell, or as a non-interactive shell with the –login option, it first reads and executes commands from the file /etc/profile, if that file exists. After reading that file, it looks for
~/.bash_profile, ~/.bash_login, and ~/.profile, in that order, and reads and exe-cutes commands from the first one that exists and is readable. The –noprofileoption may be used when the shell is started to inhibit this behavior.
When a login shell exits, bash reads and executes commands from the file
~/.bash_logout, if it exists.
When an interactive shell that is not a login shell is started, bash reads and exe-
cutes commands from ~/.bashrc, if that file exists.
一、DNS服务器配置
1、安装bind
2、配置/etc/named.conf
两个地方注意
listen-on port 53 { 192.168.178.129; };
allow-query { any; };-侦听的端口需要 使用服务器IP,允许any
3、新建的解释文件需要转换named属组
-rw-r—–. 1 root named 220 Apr 4 19:43 ip2name_test.conf
-rw-r—–. 1 root named 248 Apr 4 19:43 name2ip_test.conf
4、重启named服务,留意一下 /var/log/messages 是否有报错信息。
5、客户端默认dns服务器配置 /etc/resolv.conf
nameserver 192.168.178.128
search test.com rhel.com #省略后缀,快捷搜索
6、配置文件范例
[root@RedHat1 named]# cat ip2name_test.conf
$TTL 1D
@ IN SOA @ rname.invalid. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS @
A 127.0.0.1
AAAA ::1
PTR localhost.
128 PTR redhat1.test.com.
129 PTR redhat2.test.com.
[root@redhat1 named]# cat name2ip_test.conf
$TTL 1D
@ IN SOA @ rname.invalid. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS @
A 127.0.0.1
AAAA ::1
redhat1 IN A 192.168.178.128
redhat2 IN A 192.168.178.129
www CNAME redhat1
mail CNAME redhat2
[root@redhat1 named]#vim /etc/named.rfc1912.zones
zone “test.com” IN {
type master;
file “name2ip_test.conf”;
allow-update { none; };
};
zone “178.168.192.in-addr.arpa” IN {
type master;
file “ip2name_test.conf”;
allow-update { none; };
};
二、SAMBA
安装:yum install samba samba-client
配置:/etc/samba/smb.conf
1、增加共享路径
[smbdata]
comment = smbgrp file
path = /data/smbdata
public = yes
guest ok=yes
; writeable = yes
; read only = yes
; available = yes
; write list = @smbgrp
; read list = @smbgrp
; browseable=no
; valid users=nobody
2、sampasswd -asmb1 #初始化本地用户密码数据到samba
授权三步
selinux 访问限制需要查看 man samba_selinux
一步:文件属性修改
chcon -R -t samba_share_t /sharefile
二步:操作系统本地文件授权访问:
setfact -m u:user1:rwx /sharefile
三步:/etc/samba/smb.conf #配置文件
[share]
path = /sharefile
write list = user1,user2 #user1,user2能写入
linux
smbclient //hostiporhostname/smbdata -U smb1
ls,get
#允许公共用户访问的,可以-N不用输入密码
smbclient //hostiporhostname/smbdata -N
[common]
path = /common
hosts allow = 172.24.10.0/255.255.255.0 #访问控制
windows
文件夹输入
\\192.168.178.129\smbdata
[SENDmail ]
vim /etc/aliases
admin : admin,harry
发给admin的邮件,也会发给harry
3.在同一个目录下,编译sendmail.cf
m4 /etc/mail/sendmail.mc > /etc/mail/sendmail.cf #需要安装sendmail-cf
sendmail可执行文件位于/usr/sbin/sendmail。为了确定sendmail是否正确标识您的主机名称,通过命令行开关开启其调试模式并且设定为0:
sendmail –d0
[root@test root]#makemap hash /etc/mail/access.db </etc/mail/access
制作证书: /usr/libexec/dovecot/mkcert.sh
[]
【apache ,httpd】
#cd /var/www/html/
#htpasswd -cm .htpasswd kevin (第一次添加用户时使用)
<Directory “/var/www/restircted”>
AllowOverride AuthConfig #验证密码
</Directory>
构建虚拟主机
NameVirtualHost 172.24.40.40 #这句很重要,一定需要,不然报错
<VirtualHost 172.24.40.40>
DocumentRoot /var/www/virtual/
ServerName www.domain40.example.com
</VirtualHost>
<VirtualHost 172.24.40.40>
DocumentRoot /var/www/html/
ServerName station.domain40.example.com
</VirtualHost>
【autofs】
#所有用户的文件夹都能挂载
* -rw 172.24.40.10:/home/guests/&
【pam】
用户连续登陆3次,锁定600秒
man system-auth-ac
在system-auth-ac 增加
Auth required pam_tally2.so deny=3 unlock_time=300
Account required pam_tally.so
