当前位置：Gxlcms > 数据库问题 > 零基础学习云计算及大数据DBA集群架构师【Linux系统\网络服务及安全配置2015年1月8日周五】

零基础学习云计算及大数据DBA集群架构师【Linux系统\网络服务及安全配置2015年1月8日周五】

时间：2021-07-01 10:21:17 帮助过：2人阅读

1.确保在重启主机后所有配置仍然生效。 2.selinux 必须为Enforing 模式，防火墙必须开始。默认策略必须清空。 3.设置主机名为stuXXX.com（“X”为你的foundation 机器ip 地址最后一位。例如：你的ip 地址为172.25.254.30，则你的主机名为stu30.com） 4.不允许ssh 登录到其他主机，已经发现按0 分计算考试得分。 5.考试满分为100 分制，70 分为及格，所有考题需要按照要求完成。 1.使用find 查找/etc 目录下文件名以.conf 结尾的文件，并将其复制到/tmp/etc 目录下。（10 分） 2.配置autofs，当执行cd /opt/server 时，系统自动将172.25.254.250:/content 挂载到此目录。（10 分） 3.创建test1 test2 test3 用户，uid=gid 分别为801 802 803，将他们加入到test 组（本机无test 用户），组test 为这些用户的附加组。创建/tmp/test 目录，该目录只有test1 test2 test3 用户可读写，（root 不受限制）。该目录下所创建文件group 将自动改变为test 组，该目录下文件只有owner 可删除。（10 分） 4.创建两个基于名称的虚拟主机网站www.test.com 和www.stuXXX.com，并配置相应的DNS 正、反解析。【其中“XXX”为你的foundation 机器ip 地址的最后一位，如果你的ip 地址为172.25.254.30，则你的主机名为stu30.com】（10 分） 5.制作两个lv，/dev/vg_web/lv_test 和/dev/vg_web/lv_stu。每个逻辑卷200M。分别作为以/www/test.com和/www/stuXXX.com 上两个虚拟主机的主目录(Document root)(10 分) 6.配置页面身份认证，使www.stuXXX.com 必须通过用户名jack，密码uplooking 验证才能访问。（10 分） 7.配置samba，是user1（自己新建）用户密码为redhat，可以通过smbclient 上传下载文件到自己的家目录和/samba（自己新建）目录，/samba 共享名为pub。（10 分） 8.配置vsftpd 使student 用户可以通过ftp 上传下载文件自己家目录中的文件，同时对student 用户启用chroot 功能，并且允许匿名用户上传文件到/var/ftp/test 目录下。（10 分） 9.搭建test.com 的邮件服务器，要求:（10 分） 1）邮件服务器的主机名为postfix.test.com，并做好相应的DNS 解析。 2）能收发所有来自test.com 的邮件（如：发给username@test.com 的邮件，该邮件服务器能收到。其中username 为任意用户名） 3）这个域用户的邮件发件人地址为:XXX@test.com 4）发送给student 用户的邮件，除student 用户自己能收到以外user1 和root 也能收到。 10.iptables（10 分） 1）清空iptables filter 表的默认策略（2 分） 2）只允许172.25.0.250 和你使用自己的ftp（2 分） 3) 禁止ping 包（2 分） 3）仅允许172.25.0.0/24 网段和你自己的网段用户访问你的邮件服务器（2 分） 4）保存iptables 配置（2 分）

老师写的脚本，用来看试卷

  1 #!/bin/bash
  2 ##### WARNING######
  3 #to use the grade script that you must set the dns records in stuXXX --> 192.168.0.XXX OR
  4 #you can modifiy the /etc/hosts file ;  for example 192.168.0.121 www.stu121.com stu121.com stu121
  5 ###ssh ###
  6 #num=$1
  7 #rsa_file="/root/.ssh/id_rsa.$(date +%F)"
  8 #[ ! -f "$rsa_file" ] && ssh-keygen  -t rsa -f $rsa_file -P ‘‘ > /dev/null 2>&1  && /usr/bin/ssh-copy-id -i $rsa_file.pub root@stu$num
  9 SCORE=100
 10 if [  -z "$1" ] ; then
 11         echo " $0 NUM|all "
 12         exit
 13 fi
 14 
 15 function print_MSG {
 16         local msg=$1
 17         echo -en "\033[1;34m$msg\033[0;39m "
 18 }
 19 
 20 function print_PASS {
 21   echo -e ‘\033[1;32mPASS\033[0;39m‘
 22 }
 23 
 24 function print_FAIL {
 25   echo -en ‘\033[1;31mFAIL\033[0;39m ‘
 26   #echo -e "\033[1;31mSCORE-$1\033[0;39m"
 27   echo -e "\033[1;31m-$1\033[0;39m"
 28   SCORE=$(($SCORE - $1))
 29 }
 30 function print_FAIL1 {
 31   echo -e ‘\033[1;31mFAIL\033[0;39m ‘
 32 }
 33 
 34 function print_SUCCESS {
 35   echo -e ‘\033[1;36mSUCCESS\033[0;39m‘
 36 }
 37 
 38 function check_selinux {
 39     local num=$1
 40     selinux=$(ssh root@stu$num "getenforce")
 41         echo -e "\tcheck your selinux: "
 42         echo -en "\tyour selinux staus is: $selinux "
 43         [ $selinux = "Enforcing" ] && print_SUCCESS || (print_FAIL 100 && echo -e "\tSO the grade script exit." && exit)
 44 
 45 }
 46 
 47 function check_Server_file {
 48     local num=$1
 49     echo -en "\tCheck /tmp/etc/ directory file: "
 50     ssh root@stu$num "ls -l /tmp/etc/" >/dev/null 2>&1 && print_SUCCESS || print_FAIL 10
 51 }
 52 
 53 function check_Server_autofs {
 54     local num=$1
 55     echo -en "\tUmount /opt/server " 
 56     ssh root@stu$num "umount /opt/server &>/dev/null" >/dev/null 2>&1 && print_SUCCESS || print_FAIL1
 57     echo -en "\tMount the server nfs to /opt/server "
 58     ssh root@stu$num "cd /opt/server &&  df -h |grep 254"  >/dev/null 2>&1 && print_SUCCESS || print_FAIL  10
 59 }
 60 
 61 function check_user {
 62     local num=$1
 63         echo -en "\tCheck user test1 " 
 64     ssh root@stu$num "id test1 " 2> /dev/null | grep ‘gid=801‘ | grep ‘(test)‘ >/dev/null 2>&1 && print_SUCCESS || print_FAIL 1
 65         echo -en "\tCheck user test2 " 
 66     ssh root@stu$num "id test2" 2>/dev/null | grep ‘gid=802‘ | grep ‘(test)‘ >/dev/null 2>&1 && print_SUCCESS || print_FAIL 1
 67         echo -en "\tCheck user test3 " 
 68     ssh root@stu$num "id test3" 2> /dev/null | grep ‘gid=803‘ | grep ‘(test)‘ >/dev/null 2>&1 && print_SUCCESS || print_FAIL 1
 69 
 70         echo -en "\tCheck test1-3 users can read&write the directory "
 71     FILE_GROUP="$(ssh root@stu$num "ls -ld /tmp/test/" 2>/dev/null| awk {‘print $4‘} )"
 72     [ "$FILE_GROUP" = "test" ] >/dev/null 2>&1 && print_SUCCESS || print_FAIL 2
 73 
 74         echo -en "\tCheck new file will be created to inheritance test group "
 75     FILE_P="$(ssh root@stu$num "ls -ld /tmp/test/ " 2> /dev/null| awk {‘print $1‘} )"
 76     [ ${FILE_P:4:3} = "rws" ] >/dev/null 2>&1 && print_SUCCESS || print_FAIL 3
 77      echo -en "\tCheck only can owner delete the file "
 78     [ ${FILE_P:7:3} = "--T" -o ${FILE_P:7:3} = "--t" ] >/dev/null 2>&1 && print_SUCCESS || print_FAIL 2
 79 }
 80 function check_dns {
 81      local num=$1
 82         echo -en "\tCheck DNS is running "
 83     #(ssh root@stu$num "ps -ef" | grep /usr/sbin/named  &>/dev/null ||  ( print_FAIL 10 && exit))
 84     ssh root@stu$num "ps -ef" | grep /usr/sbin/named  &>/dev/null ||   print_FAIL1
 85     ssh root@stu$num "ps -ef " | grep /usr/sbin/named  &> /dev/null && print_SUCCESS
 86         echo -en "\tCheck DNS is active after reboot "
 87     ssh root@stu$num "chkconfig --list named" | grep ‘5:on‘  >/dev/null 2>&1 && print_SUCCESS ||  print_FAIL1
 88         echo -en "\tCheck DNS  www.test.com A record "
 89         #ssh root@stu$num "[ ! -f /etc/nsswitch.conf.bak ]  && cp /etc/nsswitch.conf{,.bak}"
 90         #ssh root@stu$num "sed ‘s/hosts:      files dns/hosts:      dns/g‘ /etc/nsswitch.conf -i"
 91     ssh root@stu$num "nslookup www.test.com"    &>/dev/null  && print_SUCCESS || print_FAIL 5
 92         echo -en "\tCheck DNS  www.stu$num.com A record "
 93     ssh root@stu$num "nslookup www.stu$num.com"    &>/dev/null  && print_SUCCESS || print_FAIL 5
 94     #ssh root@stu$num "/bin/cp /etc/nsswitch.conf.bak /etc/nsswitch.conf" &> /dev/null
 95 
 96 }
 97 
 98 function check_lvm {
 99     local num=$1
100     echo -en "\tCheck vg_web-lv_test is exists "
101     ssh root@stu$num "ls /dev/mapper/vg_web-lv_test " &> /dev/null && print_SUCCESS || print_FAIL 1
102     echo -en "\tCheck vg_web-lv_stu is exists "
103     ssh root@stu$num "ls /dev/mapper/vg_web-lv_stu " &> /dev/null  && print_SUCCESS || print_FAIL 1
104 
105     echo -en "\tmount vg_web-lv_stu to /www/stu$num.com "
106      dirA=$(ssh root@stu$num "df  -h" | grep  /dev/mapper/vg_web-lv_stu  -A1 | awk ‘{if (NR==2) print $NF}‘)
107     [ "$dirA" = "/www/stu$num.com" ] &> /dev/null && print_SUCCESS || print_FAIL 1
108     echo -en "\tmount vg_web-lv_test to /www/test.com "
109     dirB=$(ssh root@stu$num "df  -h" | grep  /dev/mapper/vg_web-lv_test -A1 | awk ‘{if (NR==2) print $NF}‘)
110     #dirB="/var/www/test.com"
111     [ "$dirB" = "/www/test.com" ] &> /dev/null && print_SUCCESS || print_FAIL 1
112 }
113 
114 function check_httpd {
115     local num=$1
116         echo -en "\tCheck httpd is running "
117     ssh root@stu$num "ps -ef" | grep /usr/sbin/httpd  &>/dev/null ||  print_FAIL1
118     ssh root@stu$num "ps -ef " | grep /usr/sbin/httpd  &> /dev/null && print_SUCCESS
119         echo -en "\tCheck httpd is active after reboot "
120     ssh root@stu$num "chkconfig --list httpd" | grep ‘5:on‘  >/dev/null 2>&1 && print_SUCCESS ||  print_FAIL1
121     #echo -e "\tCheck httpd config file       "
122     #ssh  root@stu$num "grep DocumentRoot /etc/httpd/conf.d/virthost.conf" | while read key1 key2; do [ "$key2" = "/www/stu$num.com"  -o $key2 = "/www/test.com" ]  2>/dev/null 2>&1 && print_SUCCESS ||  print_FAIL 1;done
123     echo -en "\tVisit www.test.com "
124         ####ssh  root@stu$num "curl --url http://www.test.com/index.html  2>/dev/null" |grep "hellotest" >/dev/null && print_SUCCESS || print_FAIL 3
125         ssh  root@stu$num "curl --url http://www.test.com/index.html  2>/dev/null" |grep "www.test.com" >/dev/null && print_SUCCESS || print_FAIL 3
126     echo -en "\tVisit www.stu$num.com "
127     ####ssh root@stu$num "curl  -u jack:uplooking --url http://www.stu$num.com/index.html" | grep "hellostu$num"  &>  /dev/null && print_SUCCESS || print_FAIL 3
128     #curl  --url http://www.stu$num.com/index.html 2>/dev/null | grep "www.stu$num.com"  &>  /dev/null && print_SUCCESS || print_FAIL 3
129         curl  -u jack:uplooking --url http://www.stu$num.com/index.html 2>/dev/null | grep "www.stu$num.com"  &>  /dev/null && print_SUCCESS || print_FAIL 3
130         #ssh  root@stu$num "curl --url http://www.stu$num.com/index.html  2>/dev/null" |grep "www.stu$num.com" >/dev/null && print_SUCCESS || print_FAIL 3
131 }
132 
133 function check_samba {
134 local num=$1
135         echo -en "\tCheck samba is running "
136         ssh root@stu$num "ps -ef" | grep smbd  &>/dev/null ||  print_FAIL1
137         ssh root@stu$num "ps -ef " | grep smbd  &> /dev/null && print_SUCCESS
138         echo -en "\tCheck httpd is active after reboot "
139         ssh root@stu$num "chkconfig --list smb" | grep ‘5:on‘  >/dev/null 2>&1 && print_SUCCESS ||  print_FAIL1
140         echo -en "\tCheck SMB user user1 and password redhat "
141         smbclient -L //stu$num -U user1%redhat >/dev/null 2>&1 && print_SUCCESS ||  print_FAIL 4
142     echo -en "\tCheck SMB share directory home "
143         smbclient -L //stu$num/homes -U user1%redhat  > /dev/null 2>&1  && print_SUCCESS || print_FAIL  5
144     echo -en "\tCheck SMB share directory pub\n"
145                 echo ‘test‘ >.testsmb_user1
146                 echo -en "\t - SMB user user1 can write this pub directory "
147                 echo "put .testsmb_user1" | smbclient //stu$num/pub -U user1%redhat  2>&1 | grep "NT_STATUS_CONNECTION_REFUSED" >/dev/null   && print_FAIL 4 || print_SUCCESS
148                 echo "rm .testsmb_user1"  | smbclient //s$fundation/pub -U user1%redhat  >/dev/null 2>&1
149                 rm -f .testsmb_alice
150  
151 }
152 
153 function check_ftp {
154     local num=$1
155     echo -en "\tCheck vsftpd is running "
156         ssh root@stu$num "ps -ef" | grep /usr/sbin/vsftpd   &>/dev/null ||  print_FAIL 10
157         (
158         ssh root@stu$num "ps -ef " | grep /usr/sbin/vsftpd   &> /dev/null && print_SUCCESS
159         echo -en "\tCheck vsftpd is active after reboot "
160         ssh root@stu$num "chkconfig --list vsftpd" | grep ‘5:on‘  >/dev/null 2>&1 && print_SUCCESS ||  print_FAIL1
161         echo -e "\tCheck vsftpd config file "
162      echo -en "\t - chroot student "
163         ssh root@stu$num "grep ^chroot_local_user=YES /etc/vsftpd/vsftpd.conf " >/dev/null && print_SUCCESS || print_FAIL 2
164         echo -en "\t - anon_upload "
165         ssh root@stu$num "grep ^anon_upload_enable=YES /etc/vsftpd/vsftpd.conf " >/dev/null && print_SUCCESS || print_FAIL 2
166         echo -en "\t - selinux ftp_home_dir "
167         ssh root@stu$num " getsebool -a " |  grep "ftp_home_dir --> on"  >/dev/null && print_SUCCESS || print_FAIL 2
168         echo -en "\t - selinux ftp_anon_write "
169         ssh root@stu$num " getsebool -a " |  grep "allow_ftpd_anon_write --> on"  >/dev/null && print_SUCCESS || print_FAIL 2
170     )
171 #    echo ‘test‘ >.testftp_user1
172 #                echo -en "\t - FTP user student can upload file"
173 #        ssh root@stu$num "echo student | passwd student --stdin"  &> /dev/null
174 #        echo "put .testftp_user1" | lftp student@stu$num 
175 }
176 
177 function check_mail {
178     
179 local num=$1
180         echo -en "\tCheck postfix is running "
181         ssh root@stu$num "ps -ef" | grep  /usr/libexec/postfix/master   &>/dev/null ||  print_FAIL 5
182         ssh root@stu$num "ps -ef " | grep /usr/libexec/postfix/master   &> /dev/null && print_SUCCESS
183         echo -en "\tCheck postfix is active after reboot "
184         ssh root@stu$num "chkconfig --list postfix" | grep ‘5:on‘  >/dev/null 2>&1 && print_SUCCESS ||  print_FAIL1
185     echo -en "\tCheck DNS  postfix.test.com A record "
186         ssh root@stu$num "nslookup postfix.test.com"    &>/dev/null  && print_SUCCESS || print_FAIL 5
187     echo -e "\tCheck postfix config file "
188     echo -en "\t - myhostname "
189     ssh root@stu$num "grep ^myhostname /etc/postfix/main.cf" | grep "postfix.test.com" >/dev/null && print_SUCCESS || print_FAIL 1
190     echo -en "\t - mydomain "
191     ssh root@stu$num "grep ^mydomain /etc/postfix/main.cf" | grep "test.com" >/dev/null && print_SUCCESS || print_FAIL 1
192     echo -en "\t - myorigin "
193     ssh root@stu$num "grep ^myorigin /etc/postfix/main.cf" | grep "mydomain" >/dev/null && print_SUCCESS || print_FAIL 1
194     echo -en "\t - mydestination "
195     ssh root@stu$num "grep ^mydestination /etc/postfix/main.cf" | grep "mydomain" >/dev/null && print_SUCCESS || print_FAIL 1
196     echo -en "\t - inet_interfaces "
197     ssh root@stu$num "grep ^inet_interfaces  /etc/postfix/main.cf" | grep "all" >/dev/null && print_SUCCESS || print_FAIL 1
198     
199 }
200 
201 function check_iptables {
202     local num=$1
203     echo -en "\tCheck /etc/sysconfig/iptables file: "
204     ssh root@stu$num "ls -l /etc/sysconfig/iptables" >/dev/null 2>&1 && print_SUCCESS || print_FAIL 10
205     ssh root@stu$num "grep 172.25.$num.11 /etc/sysconfig/iptables" | grep "ACCEPT" >/dev/null && print_SUCCESS || print_FAIL 1
206     ssh root@stu$num "grep 172.25.254.250 /etc/sysconfig/iptables" | grep "DROP" >/dev/null && print_SUCCESS || print_FAIL 1
207     ssh root@stu$num "grep icmp /etc/sysconfig/iptables" | grep "DROP" >/dev/null && print_SUCCESS || print_FAIL 2
208     ssh root@stu$num "grep 172.25.$num.0/24 /etc/sysconfig/iptables" | grep "ACCEPT" >/dev/null && print_SUCCESS || print_FAIL 1
209     ssh root@stu$num "grep 172.25.254.0/24 /etc/sysconfig/iptables" | grep "DROP" >/dev/null && print_SUCCESS || print_FAIL 1
210 }
211 
212 function check_ule_main {
213         local num=$1
214 #check selinux type must be enforcing ; otherwise the script will exit.
215     check_selinux $num
216     echo
217         print_MSG "1.Tar check\n"
218         check_Server_file $num
219 
220         print_MSG "2.Server Autofs Set\n"
221         check_Server_autofs $num
222 
223         print_MSG "3.Check users & privileges\n"
224         check_user $num
225 
226         print_MSG "4.check DNS(Bind)\n"
227         check_dns $num
228 
229         print_MSG "5.Check LVM\n"
230         check_lvm $num
231 
232     print_MSG "Check Web Service\n"
233     #print_MSG 6."Check Web Service\n"
234         check_httpd $num
235 
236 #        print_MSG "6.Check web htaccess\n"
237 #        check_htaccess $num
238 
239         print_MSG "7.Check CIFS(SAMBA)\n"
240         check_samba $num
241 
242         print_MSG "8.Check Ftp Service\n"
243         check_ftp $num


                  

	 	
                    
                        
                            
                                < 上一篇
零基础学习云计算及大数据DBA集群架构师【企业级运维技术及实践项目2015年1月26日周二】
                            
                            
                                 下一篇 >
T-Sql 递归查询（给定节点查所有父节点、所有子节点的方法）

零基础学习云计算及大数据DBA集群架构师【Linux系统\网络服务及安全配置2015年1月8日周五】

人气教程排行