服务器评测
以下仅为RHCE自测练习题
192.168.0.0/24属于example.com这个域
ip:192.168.0.7
hostname:server7.example.com
1. SELinux 设置为开机自动 enforcing
# vi /etc/sysconfig/selinux
SELINUX=enforcing
2. 启用内核IP转发
# /etc/sysctl.conf
net.ipv4.ip_forward = 1
# sysctl -p
3. 禁用student用户使用crontab
# vi /etc/cron.deny
student
4. ftp服务器仅允许example.com域用户匿名登录
# vi /etc/hosts.deny
vsftpd:ALL
# vi /etc/hosts.allow
vsftpd:192.168.0.
5. mail服务器可以接收本机和远程邮件,student用户可以从远程接收邮件,邮件存放到指定目录/var/spool/mail/username
# chkconfig postfix on
# chkconfig dovecot on
# postconf -d | grep inet
# postconf -e inet_interfaces=all
# vi /etc/dovecot/conf.d/10-mail.conf
# mail_location = mbox:~/mail:INBOX=/var/mail/%u
# su – student
$ mkdir -p mail/.imap/INBOX
6. 配置mail别名,使发送给admin的邮件发给student
# vi /etc/alias
admin: student
# postalias /etc/alias
7. 配置apache服务器,下载页面:ftp://instructor.example.com/pub/materials/station.html 到 /var/www/html 作为首页,可以访问http://serverX.example.com
8. 建立apache虚拟主机,下载页面:ftp://instructor.example.com/pub/materials/www.html 到 /www/virtual 作为首页,可以访问http://wwwX.example.com
# chkconfig httpd on
# vi /etc/httpd/conf/httpd.conf
NameVirtualHost *:80
<VirtualHost *:80>
DocumentRoot /var/www/html
ServerName server7.example.com
ErrorLog logs/server7.example.com-error_log
CustomLog logs/server7.example.com-access_log common
</VirtualHost>
<VirtualHost *:80>
DocumentRoot /www/virtual
ServerName www7.example.com
ErrorLog logs/www7.example.com-error_log
CustomLog logs/www7.example.com-access_log common
</VirtualHost>
# mkdir -p /www/virtual
# chcon -R –reference=/var/www/html /www/
# 在/var/www/html,/www/virtual分别下载所需页面,并改名为index.html
# vi /etc/hosts
192.168.0.7 www7.example.com
192.168.0.7 server7.example.com
9. 在/var/www/html 建一个 secret 目录,内容自定义,并启用身份验证,用户student可以通过密码123登录
# mkdir /var/www/html/secret
# vi /var/www/html/secret/index.html
secret
# htpasswd -cm /etc/httpd/.htpasswd student
123
# vi /etc/httpd/conf/httpd.conf
<VirtualHost *:80>
DocumentRoot /var/www/html
ServerName server7.example.com
ErrorLog logs/server7.example.com-error_log
CustomLog logs/server7.example.com-access_log common
<Directory /www/virtual/secret>
authuserfile /etc/httpd/.htpasswd
authname “please input your username and passwd”
authtype basic
require valid-user
</Directory>
</VirtualHost>
10. 在/mnt/test文件查找gp字符串行,并按顺序复制到/root/lines.txt
# grep gp /mnt/test > /root/lines.txt
11. 挂载/mnt/boot.iso镜像文件到/mnt/img,启动时自动挂载
# vi /etc/fstab
/mnt/boot.iso /mnt/img iso9660 loop 0,0
12. 编写一个脚本/root/test.sh,当执行命令“sh test.sh A”执行脚本时,输出 B
执行”sh test.sh B”执行脚本时 输出 A
执行“sh test.sh 空格或其他字符” 输出“error”
# vi /root/test.sh
#!/bin/bash
case $1 in
A)
echo B ;;
B)
echo A ;;
*)
echo error ;;
esac
#chmod +x /root/test.sh
13. 开机后查看/proc/cmdline,其中包含max_loop=16
# vi/boot/grub/grub.cong
在kernel行添加max_loop=16
14. 只允许 192.168.0.0/24 网段用户访问 ssh 服务
# vi /etc/hosts.deny
sshd:ALL
# vi /etc/hosts.allow
sshd:192.168.0.
15. 配置iscsi 目标:iqn.2010-09.com.example:rdisks.serverX, 并格式化为ext3,永久挂载到/mnt/data,目标主机:instructor.example.com
# chkconfig iscsi on
# chkconfig iscsid on
# iscsiadm -m discovery -t st -p instructor.example.com
iqn.2010-09.com.example:rdisks.server7
# iscsiadm -m node -l
# fdisk -l
在/dev/sda
# fdisk -cu /dev/sda
分区/dev/sda1
# partx -a /dev/sda
# mkfs.ext3 /dev/sda1
# blkid
查看UUID
# vi /etc/fsatb
UUID=*** /mnt/data ext3 _netdev 0,0
16. nfs共享/common, 仅允许当前example.com域用户访问
# chkconfid rpcbind on
# chkconfig nfs on
# vi /etc/exprts
/common 192.168.0.0/24(async)
# exportfs -rv
17. Samba 共享/common,工作组名 STAFF,要求 browseable=yes ,harry用户可以读取密码为harry
# chkconfig smb on
# vi /etc/samba/smb.conf
workgroup = STAFF
[common]
comment = local common
path = /common
browseable = yes
# smbpasswd -a harry
# chcon -t samba_share_t /common/
