云计算专业期末RHEL8.6红帽网络操纵体系考试(实操)
云计算专业期末RHEL8.6红帽网络操纵体系考试前言
本文介绍关于云计算专业期末RHEL8.6红帽操纵体系考试内容标题详解
一、假造机情况设置
一般情况下假造机中的体系是已经安装好的,但以防万一还是加上在假造机中体系安装的步调
1.确定镜像文件位置
(后缀为.iso的为镜像文件,下图这些文件都为iso镜像文件)https://img-blog.csdnimg.cn/direct/b98db0f97e384457a8ea28752a48fdb6.png
2. 在假造机主页中选择创建假造机
https://img-blog.csdnimg.cn/direct/3e24b25d871147db8d8810f16a653402.png
3. 选择典范(推荐)选项
https://img-blog.csdnimg.cn/direct/313a16f718cd4be581c99199c24e788d.png
4. 通过欣赏选择我们在第一步时确定的镜像文件
https://img-blog.csdnimg.cn/direct/e6c3f6ecd14e4d369378274434988311.png
5. 填写用户名全名和暗码
(这里所填的用户名和暗码在接下来登录中需要使用到)
https://img-blog.csdnimg.cn/direct/efe8d92591994dfc90e376439b575d71.png
6. 确定假造机名称和假造机文件安装位置
(在考试中会需要到两台假造机,所以可以使用rhel-1和rhel-2名称或者server和client名称来区分)https://img-blog.csdnimg.cn/direct/6e4b6f0502a24243850223b3dc3f4254.png#pic_center
7. 磁盘空间巨细和体系硬件设置我们保持默认即可满足要求
二、启动假造机至体系登陆界面
1.在正常情况下
假造机设置完成后会自行启动
2.未自行启动情况
三、体系底子设置内容及对应假造机情况部署
1. 主机名更改
#hostnamectl set-hostname 主机名#这里注意题目要求对应的主机名
#bash#刷新即可显示更改后的主机名
[主机名@localhost~]
2. 切换root管理员模式
#su root
password:#这里的密码在考试时默认为123456,如果在虚拟机创建时配置过为之前配置的密码
cd ~#切换
#看到test用户变为root用户即为切换成功
3.IP地址的设置
需要注意的是,由于更改体系设置需要root用户的权限,所以在操纵这一步时请务必确保当前为root用户
# vi /etc/sysconfig/network-scripts/ifcfg-ens160
按i进入编辑模式 此处网卡设置文件中的编辑器操纵模式在后面的编辑器操纵都是一样的
TYPE=Ethernet
PROXY_METHOD=none
BROWSER_ONLY=no
BOOTPROTO=dhcp#此处改为static为静态地址
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_FAILURE_FATAL=no
IPV6_ADDR_GEN_MODE=stable-privacy
NAME=enp0s3
UUID=8257f116-d5e0-45f0-8c11-4b733f387d6f
DEVICE=enp0s3
ONBOOT=no#此处改为on启用该网卡配置
#下面为需要添加的内容
IPADDR=192.168.56.2#此处为IP地址,请根据题目具体更改
GATEWAY=192.168.56.1#此处为网关,请根据题目具体更改
NETMASK=255.255.255.0#此处为子网掩码,默认即可,如有要求可另行更改
"/etc/sysconfig/network-scripts/ifcfg-enp0s3" 19L, 347C
编辑完按ESC,再输入:wq以保存退出
# cat /etc/sysconfig/network-scripts/ifcfg-ens33
#此处指令为检查刚刚的更改是否保存成功了,如果没有从第一行命令开始重新编辑保存
TYPE=Ethernet
PROXY_METHOD=none
BROWSER_ONLY=no
BOOTPROTO=static
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_FAILURE_FATAL=no
IPV6_ADDR_GEN_MODE=stable-privacy
NAME=enp0s3
UUID=8257f116-d5e0-45f0-8c11-4b733f387d6f
DEVICE=enp0s3
ONBOOT=on
IPADDR=192.168.56.2
GATEWAY=192.168.56.1
NETMASK=255.255.255.0
systemctl restart NetworkManager.service#重启网卡
下面需要注意截图IP地址设置
# ip a#此处可检查重启网卡后的配置文件是否生效
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: enp0s3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 08:00:27:0f:9d:e7 brd ff:ff:ff:ff:ff:ff
inet 192.168.56.2/24 brd 192.168.56.255 scope global noprefixroute enp0s3#注意这一行
#是否出现了刚刚我们在配置文件中添加的IP地址
#如果没有请重新启动网卡或者回到第一行命令重新编辑保存
valid_lft forever preferred_lft forever
inet6 fe80::1819:9458:a80:e234/64 scope link noprefixroute
valid_lft forever preferred_lft forever
3: virbr0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default qlen 1000
link/ether 52:54:00:9a:6f:5d brd ff:ff:ff:ff:ff:ff
inet 192.168.122.1/24 brd 192.168.122.255 scope global virbr0
valid_lft forever preferred_lft forever
4: virbr0-nic: <BROADCAST,MULTICAST> mtu 1500 qdisc fq_codel master virbr0 state DOWN group default qlen 1000
link/ether 52:54:00:9a:6f:5d brd ff:ff:ff:ff:ff:ff
4.本地YUM源设置
1.首先在假造机的光驱中挂载上镜像文件
右键后点击设置
https://img-blog.csdnimg.cn/direct/b85ef73170fe4d69b83e4489b04d8cc8.png
使用ISO镜像文件并选择文件目录
https://img-blog.csdnimg.cn/direct/281a35e7bfbb4bb797c024aa7bd6d1bb.png
在假造机右下角确保光驱启动
https://img-blog.csdnimg.cn/direct/527c4b453c784fcaae5410b45fd76a05.png
https://img-blog.csdnimg.cn/direct/63ba54c1c7b94ffe9b8a1478f32991f1.png
https://img-blog.csdnimg.cn/direct/caccf5e00c69469d96d36ea874c4f02d.png
2.回到下令行界面
# mkdir /opt/redhat
# mount -o loop /dev/sr0 /opt/redhat
# vi /etc/yum.repos.d/redhat.repo
#
# Certificate-Based Repositories
# Managed by (rhsm) subscription-manager
#
# *** This file is auto-generated.Changes made here will be over-written. ***
# *** Use "subscription-manager repo-override --help" if you wish to make changes. ***
#
# If this file is empty and this system is subscribed consider
# a "yum repolist" to refresh available repos
#
name=appstream
baseurl=file:///opt/redhat/AppStream
gpgcheck=0
enabled=1
name=baseos
baseurl=file:///opt/redhat/BaseOS
gpgcheck=0
enabled=1
下面需要注意截图YUM源设置
# yum repolist#如果下面两行的repo name值成功出现appstream和baseos则为YUM源配置完成
Updating Subscription Management repositories.
Unable to read consumer identity
This system is not registered to Red Hat Subscription Management. You can use subscription-manager to register.
Last metadata expiration check: 0:02:07 ago on Tue 26 Dec 2023 05:48:13 AM EST.
repo id repo name status
AppStream appstream 4,795
BaseOS baseos 1,662
四、六大服务设置
1.NFS(网络文件体系)
# cd
# dnf install nfs-utils#检查NFS服务安装
Updating Subscription Management repositories.
Unable to read consumer identity
This system is not registered with an entitlement server. You can use subscription-manager to register.
Last metadata expiration check: 0:01:05 ago on Tue 26 Dec 2023 08:52:22 AM PST.
Package nfs-utils-1:2.3.3-51.el8.x86_64 is already installed.
Dependencies resolved.
Nothing to do.
Complete!
防火墙设置
注意截图
# iptables -F#防火墙配置
# iptables-save
# Generated by iptables-save v1.8.4 on Tue Dec 26 09:05:21 2023
*filter
:INPUT ACCEPT
:FORWARD ACCEPT
:OUTPUT ACCEPT
:LIBVIRT_INP -
:LIBVIRT_OUT -
:LIBVIRT_FWO -
:LIBVIRT_FWI -
:LIBVIRT_FWX -
COMMIT
# Completed on Tue Dec 26 09:05:21 2023
# Generated by iptables-save v1.8.4 on Tue Dec 26 09:05:21 2023
*security
:INPUT ACCEPT
:FORWARD ACCEPT
:OUTPUT ACCEPT
COMMIT
# Completed on Tue Dec 26 09:05:21 2023
# Generated by iptables-save v1.8.4 on Tue Dec 26 09:05:21 2023
*raw
:PREROUTING ACCEPT
:OUTPUT ACCEPT
COMMIT
# Completed on Tue Dec 26 09:05:21 2023
# Generated by iptables-save v1.8.4 on Tue Dec 26 09:05:21 2023
*mangle
:PREROUTING ACCEPT
:INPUT ACCEPT
:FORWARD ACCEPT
:OUTPUT ACCEPT
:POSTROUTING ACCEPT
:LIBVIRT_PRT -
-A POSTROUTING -j LIBVIRT_PRT
-A LIBVIRT_PRT -o virbr0 -p udp -m udp --dport 68 -j CHECKSUM --checksum-fill
COMMIT
# Completed on Tue Dec 26 09:05:21 2023
# Generated by iptables-save v1.8.4 on Tue Dec 26 09:05:21 2023
*nat
:PREROUTING ACCEPT
:INPUT ACCEPT
:POSTROUTING ACCEPT
:OUTPUT ACCEPT
:LIBVIRT_PRT -
-A POSTROUTING -j LIBVIRT_PRT
-A LIBVIRT_PRT -s 192.168.122.0/24 -d 224.0.0.0/24 -j RETURN
-A LIBVIRT_PRT -s 192.168.122.0/24 -d 255.255.255.255/32 -j RETURN
-A LIBVIRT_PRT -s 192.168.122.0/24 ! -d 192.168.122.0/24 -p tcp -j MASQUERADE --to-ports 1024-65535
-A LIBVIRT_PRT -s 192.168.122.0/24 ! -d 192.168.122.0/24 -p udp -j MASQUERADE --to-ports 1024-65535
-A LIBVIRT_PRT -s 192.168.122.0/24 ! -d 192.168.122.0/24 -j MASQUERADE
COMMIT
# Completed on Tue Dec 26 09:05:21 2023
# firewall-cmd --permanent --zone=public --add-service=nfs
success
# firewall-cmd --permanent --zone=public --add-service=rpc-bind
success
# firewall-cmd --permanent --zone=public --add-service=mountd
success
# firewall-cmd --reload
success
创建共享目录及分配权限
# mkdir /nfsfile#创建共享目录及分配权限
# chmod -R 777 /nfsfile
# echo "welcome" > /nfsfile/readme
NFS服务设置文件
# vim /etc/exports
# 以下为文件编辑内容
/nfsfile 192.168.*.*(rw,sync,root_squash)
# IP地址请根据题目对应客户机(即第二台机)IP进行变更星号数字
启动服务
# systemctl restart rpcbind
# systemctl enable rpcbind
# systemctl start nfs-server
# systemctl enable nfs-server
Created symlink /etc/systemd/system/multi-user.target.wants/nfs-server.service → /usr/lib/systemd/system/nfs-server.service.
在客户机上查抄并挂载
#showmount -e 192.168.60.129#此处IP填写第一台虚拟机ip
Export list for 192.168.60.129:
/nfsfile 192.168.*.*
# mkdir /nfsfile
# mount -t nfs 192.168.60.129:/nfsfile /nfsfile#此处IP填写第一台虚拟机ip
# df -h #如成功此处注意截图!!!
Filesystem SizeUsed Avail Use% Mounted on
devtmpfs 1.8G 01.8G 0% /dev
tmpfs 1.9G 01.9G 0% /dev/shm
tmpfs 1.9G9.8M1.8G 1% /run
tmpfs 1.9G 01.9G 0% /sys/fs/cgroup
/dev/nvme0n1p3 18G5.2G 13G30% /
/dev/nvme0n1p1 295M188M107M64% /boot
tmpfs 371M 44K371M 1% /run/user/0
192.168.60.129:/nfsfile 18G5.3G 13G30% /nfsfile##看到这一行出现第一台虚拟机ip则为该服务配置成功
2.Samba(文件共享服务)
安装Samba及客户端程序
# cd
# dnf install samba #第一台虚拟机
Is this ok : y#此处安装进程会暂停需要输入y以继续
# 当看到Complete!为安装成功
# dnf install samba samba-client#第二台虚拟机
Is this ok : y#此处安装进程会暂停需要输入y以继续
# 当看到Complete!为安装成功
创建Samba用户
回到第一台假造机
# pdbedit -a -u root #root用户可改成题目需求的用户
new password: # 此处写密码,可设置为123456
retype new password:再次输入相同密码确认
Unix username: root
NT username:
Account Flags:
User SID: S-1-5-21-1401601119-1095323409-2156053322-1000
Primary Group SID: S-1-5-21-1401601119-1095323409-2156053322-513
Full Name: root
Home Directory: \\LOCALHOST\root
HomeDir Drive:
Logon Script:
Profile Path: \\LOCALHOST\root\profile
Domain: LOCALHOST
Account desc:
Workstations:
Munged dial:
Logon time: 0
Logoff time: Wed, 06 Feb 2036 07:06:39 PST
Kickoff time: Wed, 06 Feb 2036 07:06:39 PST
Password last set: Tue, 26 Dec 2023 09:38:05 PST
Password can change:Tue, 26 Dec 2023 09:38:05 PST
Password must change: never
Last bad password : 0
Bad password count: 0
Logon hours : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
创建共享目录
# mkdir /home/database
# chown -Rf root:root /home/database #更改权限,注意用户名是否对应上一步骤所创建的用户名
# semanage fcontext -a -t samba_share_t /home/database
# restorecon -Rv /home/database
Relabeled /home/database from unconfined_u:object_r:user_home_dir_t:s0 to unconfined_u:object_r:samba_share_t:s0
设置SELinux服务与计谋
# getsebool -a | grep samba
samba_create_home_dirs --> off
samba_domain_controller --> off
samba_enable_home_dirs --> off#注意此行的off状态
samba_export_all_ro --> off
samba_export_all_rw --> off
samba_load_libgfapi --> off
samba_portmapper --> off
samba_run_unconfined --> off
samba_share_fusefs --> off
samba_share_nfs --> off
sanlock_use_samba --> off
tmpreaper_use_samba --> off
use_samba_home_dirs --> off
virt_use_samba --> off
# setsebool -P samba_enable_home_dirs on
修改Samba主设置文件
# vim /etc/samba/smb.conf#编辑配置文件
#下面的内容添加至配置文件内
comment = sharefile
path = /home/database
public = no
writable = yes
防火墙设置
注意截图
# systemctl restart smb
# systemctl enable smb
Created symlink /etc/systemd/system/multi-user.target.wants/smb.service → /usr/lib/systemd/system/smb.service.
# iptables -F
# iptables-save
# firewall-cmd --zone=public --permanent --add-service=samba
success
# firewall-cmd --reload
success
客户端共享目录查抄
# dnf install cifs-utils
Updating Subscription Management repositories.
Unable to read consumer identity
This system is not registered with an entitlement server. You can use subscription-manager to register.
Last metadata expiration check: 0:19:29 ago on Tue 26 Dec 2023 09:34:47 AM PST.
Package cifs-utils-6.8-3.el8.x86_64 is already installed.
Dependencies resolved.
Nothing to do.
Complete!
# mkdir /database
# mount -t cifs -o username=root,password=123456 //192.168.60.129/database /database
#username为一开始创建samba使用的用户名
#password为创建的密码
#IP地址注意根据第一台虚拟机实际IP更改一下
# df -h#此处注意截图
Filesystem SizeUsed Avail Use% Mounted on
devtmpfs 1.8G 01.8G 0% /dev
tmpfs 1.9G 01.9G 0% /dev/shm
tmpfs 1.9G9.8M1.8G 1% /run
tmpfs 1.9G 01.9G 0% /sys/fs/cgroup
/dev/nvme0n1p3 18G5.2G 13G30% /
/dev/nvme0n1p1 295M188M107M64% /boot
tmpfs 371M 44K371M 1% /run/user/0
192.168.60.129:/nfsfile 18G5.3G 13G30% /nfsfile
/dev/loop0 11G 11G 0 100% /opt/redhat
//192.168.60.129/database 18G5.3G 13G30% /database #当看到这一行时为配置该服务成功
3.DNS(域名解析服务)
安装bind服务程序
该服务后续教程中第一台假造机主机名更名为server,第二台更名为client,注意下令所对应的假造机
# cd
# dnf install bind-chroot
Is this ok : y#此处安装进程会暂停需要输入y以继续
# 当看到Complete!为安装成功
修改主设置文件
# vim /etc/named.conf
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
options {
listen-on port 53 { any; };#注意此行更改为any!!!
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
secroots-file "/var/named/data/named.secroots";
recursing-file"/var/named/data/named.recursing";
allow-query { any; };#注意此行更改为any!!!
修改dns区域设置文件
# vim /etc/named.rfc1912.zones#修改dns区域配置文件
zone "szpt.com" IN {#此处解析的域名需要根据题目需要更改
type master;
file "szpt.com.zone";#此处是设置在named目录下dns的解析区域文件
allow-update { none; };
};
创建正向解析文件
# cd /var/named/#切换目录
# ls -al named.localhost
-rw-r-----. 1 root named 152 Feb 162022 named.localhost
# cp -a named.localhost szpt.com.zone #复制一份正向解析的模板文件
# vim szpt.com.zone
##注意下面的配置中,如果有标红说明配置错误了,注意检查!
$TTL 1D
@ IN SOA szpt.com. root.szpt.com. ( #DNS区域地址
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
@ IN NS ns.szpt.com. #域名服务器记录
ns IN A 192.168.86.129#地址记录,指向dns服务器所在的IP地址,默认第一台虚拟机
www IN A 192.168.86.129#地址记录,指向web服务器所在的IP地址,默认第一台虚拟机
# systemctl restart named
# systemctl enable named
Created symlink /etc/systemd/system/multi-user.target.wants/named.service → /usr/lib/systemd/system/named.service.
域名解析器设置文件
# cd
# vim /etc/resolv.conf
# Generated by NetworkManager
search localdomain
nameserver 192.168.60.129 #第一台虚拟机IP地址
防火墙设置
# firewall-cmd --zone=public --permanent --add-service=dns
success
# firewall-cmd --reload
success
# systemctl restart named
# nslookup#注意截图!
> 192.168.60.129 #第一台虚拟机IP地址
129.60.168.192.in-addr.arpa name = dns.szpt.com.
129.60.168.192.in-addr.arpa name = client.szpt.com.
129.60.168.192.in-addr.arpa name = www.szpt.com.
> www.szpt.com
Server: 192.168.60.129
Address: 192.168.60.129#53
查抄服务
注意截图
# nslookup
> www.szpt.com
Server: 192.168.60.129
Address: 192.168.60.129#53
Name: www.szpt.com
Address: 192.168.60.129
> ns.szpt.com
Server: 192.168.60.129
Address: 192.168.60.129#53
Name: ns.szpt.com
Address: 192.168.60.129
在主设置文件内添加反向解析参数
# vim /etc/named.rfc1912.zones
zone "szpt.com" IN {
type master;
file "szpt.com.zone";
allow-update { none; };
};
###下面为添加内容
zone "60.168.192.in-addr.arpa" IN {
type master;
file "192.168.60.arpa";
allow-update {none;};
};
创建反向解析文件
# cd /var/named
# cp -a named.loopback 192.168.60.arpa
# vim 192.168.60.arpa
$TTL 1D
@ IN SOAszpt.com. root.szpt.com. ( #对应题目更改需要反向解析的域名
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS ns.szpt.com.
ns A 192.168.60.129
129#注意为dns服务器第四段IP地址IN PTR www.szpt.com.
129 IN PTR client.szpt.com. #解析的域名
129 IN PTR dns.szpt.com.
# systemctl restart named
# nslookup
> 192.168.60.129#刚刚在反向解析中所写的IP地址,默认为第一台虚拟机IP地址
129.60.168.192.in-addr.arpa name = client.szpt.com.
129.60.168.192.in-addr.arpa name = dns.szpt.com.
129.60.168.192.in-addr.arpa name = www.szpt.com.
部署从服务器
# vim /etc/named.rfc1912.zones
zone "szpt.com" IN {
type master;
file "szpt.com.zone";
allow-update { 192.168.60.130; };#修改为第二台机的IP地址
};
zone "60.168.192.in-addr.arpa" IN {
type master;
file "192.168.60.arpa";
allow-update { 192.168.60.130; }; #修改为第二台机的IP地址
};
# firewall-cmd --permanent --zone=public --add-service=dns
Warning: ALREADY_ENABLED: dns
success
# firewall-cmd --reload
success
### 此处切换为第二台虚拟机操作
# dnf install bind-chroot
# vim /etc/named.conf
options {
listen-on port 53 { any; };#此行修改为any
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
secroots-file "/var/named/data/named.secroots";
recursing-file"/var/named/data/named.recursing";
allow-query { any; }; #此行修改为any
# vim /etc/named.rfc1912.zones
zone "szpt.com" IN {
type slave;
masters { 192.168.60.129; };
file "slaves/szpt.com.zone";
};
zone "129.168.192.in-addr.arpa" IN {
type slave;
masters { 192.168.60.129; };
file "slaves/192.168.60.arpa";
};
# systemctl restart named
# nslookup #测试,看到如下则为成功
> www.szpt.com
Server: 192.168.60.129
Address: 192.168.60.129#53
Name: www.szpt.com
Address: 192.168.60.129
4.DHCP(动态主机设置协议)
假造机情况设置
[*]右键左栏假造机列表中的当前假造机,单击设置选项
https://img-blog.csdnimg.cn/direct/a2d8236f2cf34e49a5efdff9484f106f.png
2.更改网络适配器一项为自界说VMnet1,然后确定保存
https://img-blog.csdnimg.cn/direct/9d78f50fb4a14451817bb0ae1b9060b2.png
3.单击假造机左上编辑选项卡,然后单击**“假造网络编辑器(N)…”**
https://img-blog.csdnimg.cn/direct/6bf959c0e9654eb9bde1af237b66c1a5.png
4.单击右下角更改设置选项,给予假造机管理员权限(单击“是”) #如果右下角没有该选项可以直接跳过这个步调
https://img-blog.csdnimg.cn/direct/26a1bd860d334e61b57d96b588663027.png
5.选中VMnet1,将**“VMnet信息”一项选择“仅主机模式”然后将“使用本地DHCP服务将IP地址分配给假造机”一项勾选掉**。详情见下图
https://img-blog.csdnimg.cn/direct/c15cfc0061ff4cb19dbdc3d8b4492b52.png
6.单击“应用”,接着单击“确定”保存设置。至此对应该服务的假造机情况设置完成
该服务后续教程中第一台假造机主机名更名为server,第二台更名为client,注意下令所对应的假造机
部署dhcpd服务程序
# cd
# dnf install -y dhcp-server
Complete!#看到此行即为安装成功
注意如果标题提到了固定分配IP地址下一步调请跳转至“分配固定IP地址”步调开始操纵
设置dhcpd主设置文件
## vim /etc/dhcp/dhcpd.conf
####注意下列dhcpd配置文件请务必严格格式编写,务必记住语句最后一句为分号结束
# DHCP Server Configuration file.
# see /usr/share/doc/dhcp-server/dhcpd.conf.example
# see dhcpd.conf(5) man page
#
ddns-update-style none;#设置dns服务器不进行自动动态更新
ignore client-updates;
subnet 192.168.60.0 netmask 255.255.255.0 {#作用网段,请根据题目给出的网段具体更改,例IP地址前三段
range 192.168.60.50 192.168.60.150;#IP地址池,根据题目给出的范围具体更改,例第四段地址范围
option subnet-mask 255.255.255.0;
option routers 192.168.60.1;#定义客户端的网关地址
option domain-name "szpt.com"; #定义搜索域,可以在指定域中分配IP
option domain-name-servers 192.168.60.1;#定义客户端的DNS地址
default-lease-time 21600;
max-lease-time 43200;
}
# systemctl start dhcpd
# systemctl enable dhcpd
Created symlink /etc/systemd/system/multi-user.target.wants/dhcpd.service → /usr/lib/systemd/system/dhcpd.service.
防火墙设置
注意截图
# firewall-cmd --zone=public --permanent --add-service=dhcp
success
# firewall-cmd --reload
success
注意下面的假造机变更情况!!!
# vim /etc/sysconfig/network-scripts/ifcfg-ens160
TYPE=Ethernet
PROXY_METHOD=none
BROWSER_ONLY=no
BOOTPROTO=dhcp#注意此行参数应确保为dhcp
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_FAILURE_FATAL=no
NAME=ens160
UUID=4da7a282-5177-4f6b-9746-2cd3b239b0eb
DEVICE=ens160
ONBOOT=yes#注意此行参数应确保为yes
# reboot
# ip a#注意截图,如此处IP
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens160: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
link/ether 00:0c:29:34:a2:2b brd ff:ff:ff:ff:ff:ff
inet 192.168.60.130/24 brd 192.168.60.255 scope global dynamic noprefixroute ens160
valid_lft 21437sec preferred_lft 21437sec##注意此处获取的IP应为dhcpd服务分配的IP地址,注意截图
inet6 fe80::20c:29ff:fe34:a22b/64 scope link noprefixroute
valid_lft forever preferred_lft forever
3: virbr0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default qlen 1000
link/ether 52:54:00:72:57:75 brd ff:ff:ff:ff:ff:ff
分配固定IP地址情况(标题极大概率)
# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens160: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
link/ether 00:0c:29:34:a2:2b brd ff:ff:ff:ff:ff:ff#“00:0c:29:34:a2:2b”为第二台虚拟机MAC地址,在接下来会用到,请根据实际MAC地址记录
inet 192.168.60.130/24 brd 192.168.60.255 scope global dynamic noprefixroute ens160
valid_lft 21437sec preferred_lft 21437sec
inet6 fe80::20c:29ff:fe34:a22b/64 scope link noprefixroute
valid_lft forever preferred_lft forever
3: virbr0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default qlen 1000
link/ether 52:54:00:72:57:75 brd ff:ff:ff:ff:ff:ff
# vim /etc/dhcp/dhcpd.conf
#
# DHCP Server Configuration file.
# see /usr/share/doc/dhcp-server/dhcpd.conf.example
# see dhcpd.conf(5) man page
#
ddns-update-style none;#设置dns服务器不进行自动动态更新
ignore client-updates;
subnet 192.168.60.0 netmask 255.255.255.0 {#作用网段,请根据题目给出的网段具体更改,例IP地址前三段
range 192.168.60.50 192.168.60.150;#IP地址池,根据题目给出的范围具体更改,例第四段地址范围
option subnet-mask 255.255.255.0;
option routers 192.168.60.1;#定义客户端的网关地址
option domain-name "szpt.com"; #定义搜索域,可以在指定域中分配IP
option domain-name-servers 192.168.60.1;#定义客户端的DNS地址
default-lease-time 21600;
max-lease-time 43200;
host root { #主机名称
hardware ethernet 00:0c:29:34:a2:2b; #第二台虚拟机网卡的MAC地址
fixed-address 192.168.60.131;#指定的IP地址,根据题目要求情况变更
}
}
# systemctl restart dhcpd
```powershell
# reboot
# ip a#此处注意截图!!!
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens160: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
link/ether 00:0c:29:34:a2:2b brd ff:ff:ff:ff:ff:ff
inet 192.168.60.131/24 brd 192.168.60.255 scope global dynamic noprefixroute ens160
valid_lft 21561sec preferred_lft 21561sec #注意此行IP地址已经变化了,说明成功分配到固定IP,截图!
inet6 fe80::20c:29ff:fe34:a22b/64 scope link noprefixroute
valid_lft forever preferred_lft forever
3: virbr0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default qlen 1000
link/ether 52:54:00:72:57:75 brd ff:ff:ff:ff:ff:ff
inet 192.168.122.1/24 brd 192.168.122.255 scope global virbr0
valid_lft forever preferred_lft forever
5.Apache(Web服务程序)
安装服务并启动
# cd
# dnf install httpd
Is this ok : y#此处安装进程会暂停需要输入y以继续
# 当看到Complete!为安装成功
# systemctl start httpd
# systemctl enable httpd
Created symlink /etc/systemd/system/multi-user.target.wants/httpd.service → /usr/lib/systemd/system/httpd.service.
服务启动测试
# firefox
欣赏器输入IP地址127.0.0.1,如看到下图则为通过测试
https://img-blog.csdnimg.cn/direct/2a85aa08eda042f4b06beecc8945ae2c.png
# mkdir /home/wwwroot
# echo "the new web directory" > /home/wwwroot/index.html
# vim /etc/httpd/conf/httpd.conf
#在配置中找到下列参数进行更改
DocumentRoot "/home/wwwroot"#122行
#
# Relax access to content within /var/www.
#
<Directory "/home/wwwroot"> #127行
AllowOverride None
# Allow open access:
Require all granted
</Directory>
# Further relax access to the default document root:
<Directory "/home/wwwroot"> #134行
# systemctl restart httpd
# firefox
欣赏器输入IP地址127.0.0.1,如看到下图则为通过测试
https://img-blog.csdnimg.cn/direct/4bb3f736f16e4258aff5d16362a3164d.png
添加安全条文
回到下令行
# semanage fcontext -a -t httpd_sys_content_t /home/wwwroot
# semanage fcontext -a -t httpd_sys_content_t /home/wwwroot/*
# restorecon -Rv /home/wwwroot/
Relabeled /home/wwwroot from unconfined_u:object_r:user_home_dir_t:s0 to unconfined_u:object_r:httpd_sys_content_t:s0
Relabeled /home/wwwroot/index.html from unconfined_u:object_r:user_home_t:s0 to unconfined_u:object_r:httpd_sys_content_t:s0
# firefox
欣赏器输入IP地址127.0.0.1,如看到下图则为通过测试
https://img-blog.csdnimg.cn/direct/e5bf15a85c9940298adc1438b9edc40f.png
个人用户主页功能实现
# vim /etc/httpd/conf.d/userdir.conf
#
# UserDir: The name of the directory that is appended onto a user's home
# directory if a ~user request is received.
#
# The path to the end user account 'public_html' directory must be
# accessible to the webserver userid.This usually means that ~userid
# must have permissions of 711, ~userid/public_html must have permissions
# of 755, and documents contained therein must be world-readable.
# Otherwise, the client will only receive a "403 Forbidden" message.
#
<IfModule mod_userdir.c>
#
# UserDir is disabled by default since it can confirm the presence
# of a username on the system (depending on home directory
# permissions).
#
#UserDir disabled #在这一行前添加#号
#
# To enable requests to /~user/ to serve the user's public_html
# directory, remove the "UserDir disabled" line above, and uncomment
# the following line instead:
#
UserDir public_html#将这一行的#号删除
</IfModule>
#
# Control access to UserDir directories.The following is an example
# for a site where these directories are restricted to read-only.
#
<Directory "/home/*/public_html">
AllowOverride FileInfo AuthConfig Limit Indexes
Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec
Require method GET POST OPTIONS
</Directory>
# cd /home
# su - test
Last login: Thu Dec 28 17:06:12 PST 2023 on pts/1
$ mkdir public_html
$ echo "this is my website" > public_html/index.html#编写个人网页展示内容
$ chmod -R 755 /home/test#更改权限
$ exit
logout
# cd
# systemctl restart httpd
# setsebool -P httpd_enable_homedirs=on
# firefox
欣赏器输入IP地址192.168.60.129/~test 或者127.0.0.1/~test,如看到下图则为通过测试 #IP地址为第一台假造机IP地址
https://img-blog.csdnimg.cn/direct/b9ad48b32a95463a94e0a55ee0fc83b6.png
为网站添加暗码
# htpasswd -c /etc/httpd/passwd test#这里使用的是test用户
New password: #输入网页登录的密码,密码为123456
Re-type new password: #重新输入相同密码确认,123456
Adding password for user test
# vim /etc/httpd/conf.d/userdir.conf
#
# Control access to UserDir directories.The following is an example
# for a site where these directories are restricted to read-only.
#
<Directory "/home/*/public_html"> ##更改下列参数如下
AllowOverride all
authuserfile "/etc/httpd/passwd" #验证文件路径
authname "privately website" #提示信息
authtype basic #密码模式
require user tset#登录用户
</Directory>
# systemctl restart httpd
# firefox
此时就可以看到如下的登录界面,此处注意截图
登录账户为test,暗码为123456
https://img-blog.csdnimg.cn/direct/a5512b4034064506ad13320e3c88c8f1.png
基于IP地址进行访问
# mkdir -p /home/wwwroot/10# mkdir -p /home/wwwroot/20# mkdir -p /home/wwwroot/30# echo "ip10" > /home/wwwroot/10/index.html# echo "ip20" > /home/wwwroot/20/index.html# echo "ip30" > /home/wwwroot/30/index.html# vim /etc/httpd/conf/httpd.conf###添加至文件中大致132行处<VirtualHost 192.168.60.10> ###此处IP地址根据标题要求更改,或仿照教程第四段IP地址即可 ServerName www.test.com DocumentRoot /home/wwwroot/10 <Directory /home/wwwroot/10> AllowOverride None Require all granted </Directory></VirtualHost><VirtualHost 192.168.60.20> ###此处IP地址根据标题要求更改,或仿照教程第四段IP地址即可 ServerName www.test.com DocumentRoot /home/wwwroot/20 <Directory /home/wwwroot/20> AllowOverride None Require all granted </Directory></VirtualHost><VirtualHost 192.168.60.30> ###此处IP地址根据标题要求更改,或仿照教程第四段IP地址即可 ServerName www.test.com DocumentRoot /home/wwwroot/30 <Directory /home/wwwroot/30> AllowOverride None Require all granted </Directory></VirtualHost># systemctl restart httpd# firefox
###打开后输入以上差别的IP地址来查抄页面并截图 基于主机域名进行访问
# mkdir -p /var/www/html/web1# mkdir -p /var/www/html/web2# echo "web1" > /var/www/html/web2/index.html# echo "web2" > /var/www/html/web2/index.html# vim /etc/httpd/conf/httpd.conf# vim /etc/httpd/conf/httpd.conf<virtualhost 192.168.60.129> #为第一台假造机IP地址documentroot /var/www/html/web1servername www.web1.com</virtualhost><virtualhost 192.168.60.129> #为第一台假造机IP地址documentroot /var/www/html/web2servername www.web2.com</virtualhost># systemctl restart httpd# firefox
###打开后输入网址www.web1.com和web2查抄页面并截图 6. FTP(文件传输协议)
基本设置(防火墙)
# dnf install vsftpd
# iptables -F
# iptables-save
# firewall-cmd --permanent --zone=public --add-service=ftp
success
# firewall-cmd --reload
success
# setsebool -P ftpd_full_access=on #SE策略
# mv /etc/vsftpd/vsftpd.conf /etc/vsftpd/vsftpd.conf_bak
# grep -v "#" /etc/vsftpd/vsftpd.conf_bak > /etc/vsftpd/vsftpd.conf
### 第二台虚拟机操作
# dnf install ftp
匿名模式
# vim /etc/vsftpd/vsftpd.conf
anonymous_enable=YES
anon_umask=022
anon_upload_enable=YES
anon_mkdir_write_enable=YES
anon_other_write_enable=YES
### 添加以上五项
local_enable=YES
write_enable=YES
local_umask=022
dirmessage_enable=YES
xferlog_enable=YES
connect_from_port_20=YES
xferlog_std_format=YES
listen=NO
listen_ipv6=YES
pam_service_name=vsftpd
userlist_enable=YES
# ls -ld /var/ftp/pub/
drwxr-xr-x. 2 root root 6 Jan72022 /var/ftp/pub/
# chown -R ftp /var/ftp/pub/
# ls -ld /var/ftp/pub/
drwxr-xr-x. 2 ftp root 6 Jan72022 /var/ftp/pub/
# systemctl restart vsftpd
# systemctl enable vsftpd
Created symlink /etc/systemd/system/multi-user.target.wants/vsftpd.service → /usr/lib/systemd/system/vsftpd.service.
###客户机测试
# ftp 192.168.60.129 #为第一台虚拟机IP地址
Connected to 192.168.60.129 (192.168.60.129).
220 (vsFTPd 3.0.3)
Name (192.168.60.129:root): anonymous
331 Please specify the password.
Password: #此处回车即可
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> ###注意截图
本地用户模式
# vim /etc/vsftpd/vsftpd.conf
### 改为以下相同配置
anonymous_enable=NO
local_enable=YES
write_enable=YES
local_umask=022
dirmessage_enable=YES
xferlog_enable=YES
connect_from_port_20=YES
xferlog_std_format=YES
listen=NO
listen_ipv6=YES
pam_service_name=vsftpd
userlist_enable=YES
用户名单设置
# vi /etc/vsftpd/user_list
# vsftpd userlist
# If userlist_deny=NO, only allow users in this file
# If userlist_deny=YES (default), never allow users in this file, and
# do not even prompt for a password.
# Note that the default vsftpd pam config also checks /etc/vsftpd/ftpusers
# for users that are denied.
root ###删去此行
bin
daemon
adm
lp
sync
shutdown
halt
news
uucp
operator
games
nobody
# vi /etc/vsftpd/ftpusers
# Users that are not allowed to login via ftp
root ###删去此行
bin
daemon
adm
lp
sync
shutdown
halt
news
uucp
operator
games
nobody
防火墙设置
# setsebool -P ftpd_full_access=on
# systemctl restart vsftpd
# systemctl enable vsftpd
客户机测试
# ftp 192.168.60.129 #为第一台虚拟机IP地址
Connected to 192.168.60.129 (192.168.60.129).
220 (vsFTPd 3.0.3)
Name (192.168.60.129:root): root
331 Please specify the password.
Password: # 默认密码为123456
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> mkdir files #
550 Create directory operation failed.
ftp> rename files database #
350 Ready for RNTO.
250 Rename successful.
ftp> rmdir database #
250 Remove directory operation successful.
ftp>
免责声明:如果侵犯了您的权益,请联系站长,我们会及时删除侵权内容,谢谢合作!更多信息从访问主页:qidao123.com:ToB企服之家,中国第一个企服评测及商务社交产业平台。
页:
[1]