目前分類:RH253 (21)
- Aug 26 Wed 2009 11:33
[雜記]RHCE筆記整理-考試綱要(2)
- Aug 26 Wed 2009 10:46
- [雜記]RHCE筆記整理-考試綱要(1)
- Aug 20 Thu 2009 00:44
[雜記]RHCE筆記整理-RH253-Nis Server(2)
NIS +Autofs
%沒有家目錄的問題, 要配合automont
[root@server118 etc]# su - nismicky
su: warning: cannot change directory to /home/nismicky: No such file or directory
-bash-3.2$
Nis Server: Server1
(1)開啟nfs service
(2)export : /rhome/station18
%沒有家目錄的問題, 要配合automont
[root@server118 etc]# su - nismicky
su: warning: cannot change directory to /home/nismicky: No such file or directory
-bash-3.2$
Nis Server: Server1
(1)開啟nfs service
(2)export : /rhome/station18
- Aug 19 Wed 2009 22:50
[雜記]RHCE筆記整理-RH253-Nis Server(1)
- Aug 03 Mon 2009 22:29
[雜記]RHCE筆記整理-RH253-Unit3(1)
Securing Data
Openssl
*generating digital certificates
#openssl genrsa -out server1.key.pem 1024
#openssl req -new -key server1.key.pem -out server1.csr.pem
#openssl req -new -key server1.key.pem -out server1.crt.pem
Openssl
*generating digital certificates
#openssl genrsa -out server1.key.pem 1024
#openssl req -new -key server1.key.pem -out server1.csr.pem
#openssl req -new -key server1.key.pem -out server1.crt.pem
- Aug 03 Mon 2009 11:44
[雜記]RHCE筆記整理-RH253-Unit4(1)
Network Resource Access Controls
*Netfilter
#iptables
#chkconfig --list iptables
iptables 0:off 1:off 2:on 3:on 4:on 5:on 6:off
(1)Rule Targets
DROP, ACCEPT, LOG, REJECT, custom chain
*Netfilter
#iptables
#chkconfig --list iptables
iptables 0:off 1:off 2:on 3:on 4:on 5:on 6:off
(1)Rule Targets
DROP, ACCEPT, LOG, REJECT, custom chain
- Aug 03 Mon 2009 10:59
[雜記]RHCE筆記整理-RH253-Unit2(1)
System Service Access Controls
*chkconfig控制服務在開機後是否自動啟動
(1)
#chkconfig --list
#chkconfig name {on|off}
#chkconfi vsftpd on
#chkconfig --level levels name {on|off}
*chkconfig控制服務在開機後是否自動啟動
(1)
#chkconfig --list
#chkconfig name {on|off}
#chkconfi vsftpd on
#chkconfig --level levels name {on|off}
- Aug 03 Mon 2009 00:30
[雜記]RHCE筆記整理-RH253-Unit1(3)
LAB
*Logging to a centralized loghost
%server1的log複寫一份到server118
(1) server1
#vi /etc/syslog.conf
加入 user,* @server118
*Logging to a centralized loghost
%server1的log複寫一份到server118
(1) server1
#vi /etc/syslog.conf
加入 user,* @server118
- Aug 03 Mon 2009 00:16
[雜記]RHCE筆記整理-RH253-Unit1(2)
Syslogd and Klogd Configuration
configuration: /etc/syslog.conf
Syntax:
facility.priority log_location
Ex:
mail.info /dev/tty8
configuration: /etc/syslog.conf
Syntax:
facility.priority log_location
Ex:
mail.info /dev/tty8
- Aug 02 Sun 2009 23:55
[雜記]RHCE筆記整理-RH253-Unit1(1)
System Performance and Security
*即時監看log
#tail -f /var/log/[logfile]
*查看網路狀態
#netstat -tupln
-n : do not resolve IP address to host name
-t : list TCP connections
-u : list UDP connections
*即時監看log
#tail -f /var/log/[logfile]
*查看網路狀態
#netstat -tupln
-n : do not resolve IP address to host name
-t : list TCP connections
-u : list UDP connections
- Aug 01 Sat 2009 14:39
[雜記]RHCE筆記整理-RH253-Unit8(3)
LAB
1. 啟動sendmail 並修改設定 [iptables開放Port: 25)
2. 啟動dovecot並修改設定 [iptables開放Ports: 110, 143, 993, 995], create "dovecot.pem"
[root@server1 ~]# cd /etc/pki/tls/certs
[root@server1 certs]# make dovecot.pem
umask 77 ; \
PEM1=`/bin/mktemp /tmp/openssl.XXXXXX` ; \
1. 啟動sendmail 並修改設定 [iptables開放Port: 25)
2. 啟動dovecot並修改設定 [iptables開放Ports: 110, 143, 993, 995], create "dovecot.pem"
[root@server1 ~]# cd /etc/pki/tls/certs
[root@server1 certs]# make dovecot.pem
umask 77 ; \
PEM1=`/bin/mktemp /tmp/openssl.XXXXXX` ; \
- Aug 01 Sat 2009 14:22
[雜記]RHCE筆記整理-RH253-Unit8(2)
2. Mail Relays
%允許intranet: 192.168.0.0/24使用MTA(sendmail)寄信
#vi /etc/access
# by default we allow relaying from localhost...
Connect:localhost.localdomain RELAY
Connect:localhost RELAY
Connect:127.0.0.1 RELAY
Connect:192.168.0.0/24 RELAY
%允許intranet: 192.168.0.0/24使用MTA(sendmail)寄信
#vi /etc/access
# by default we allow relaying from localhost...
Connect:localhost.localdomain RELAY
Connect:localhost RELAY
Connect:127.0.0.1 RELAY
Connect:192.168.0.0/24 RELAY
- Aug 01 Sat 2009 13:47
[雜記]RHCE筆記整理-RH253-Unit8(1)
Electronic Mail Services
(1)Service: Sendmail (MTA)
Packages: sendmail, sendmail-cf, sendmail-doc
Daemon: /usr/sbin/sendmail
Script: /etc/init.d/sendmail
Port: 25 (smtp)
Configuration: /etc/mail/sendmailmc, /etc/aliases, and others
Related: procmail(MDA), spamassassin, tcp_wrappers
(1)Service: Sendmail (MTA)
Packages: sendmail, sendmail-cf, sendmail-doc
Daemon: /usr/sbin/sendmail
Script: /etc/init.d/sendmail
Port: 25 (smtp)
Configuration: /etc/mail/sendmailmc, /etc/aliases, and others
Related: procmail(MDA), spamassassin, tcp_wrappers
- Aug 01 Sat 2009 11:08
[雜記]RHCE筆記整理-RH253-Unit7(5)
5. Squid Porxy Server
Package: squid
Daemon: /usr/sbin/squid
Script: /etc/init.d/squid
Port: /etc/init.d/squid
Configuration: /etc/squid/*
1. 安裝
#yum install squid
Package: squid
Daemon: /usr/sbin/squid
Script: /etc/init.d/squid
Port: /etc/init.d/squid
Configuration: /etc/squid/*
1. 安裝
#yum install squid
- Aug 01 Sat 2009 10:42
[雜記]RHCE筆記整理-RH253-Unit7(4)
4.Virtual Host (網站代管)
(1)建立目錄
#mkdir -p /var/www/html/virt1
#mkdir -p /var/www/html/virt2
並在virt1, virt2裡建立index.html檔案, 當然別忘了SElinux: #restorecon -R /var/www/html
(2)確認DNS是否正確, 增加DNS的A紀錄
[root@server118 ~]# dig virt1.example.com
(1)建立目錄
#mkdir -p /var/www/html/virt1
#mkdir -p /var/www/html/virt2
並在virt1, virt2裡建立index.html檔案, 當然別忘了SElinux: #restorecon -R /var/www/html
(2)確認DNS是否正確, 增加DNS的A紀錄
[root@server118 ~]# dig virt1.example.com
- Aug 01 Sat 2009 10:18
[雜記]RHCE筆記整理-RH253-Unit7(3)
3. Secure Directory and basic configuration
#cd /var/www/html
#mkdir secure
#cat > index.html <
> Secure page
> secure page
> ookk
- Aug 01 Sat 2009 09:19
[雜記]RHCE筆記整理-RH253-Unit7(2)
2. 個人網站:public_html
(1)建立目錄及index.html
#chmod 701 /home/student
#su - student
[student@server118 ~]$
$mkdir public_html
%可以在/etc/skel 先設定, useradd會自動幫user建立public_html目錄
(1)建立目錄及index.html
#chmod 701 /home/student
#su - student
[student@server118 ~]$
$mkdir public_html
%可以在/etc/skel 先設定, useradd會自動幫user建立public_html目錄
- Aug 01 Sat 2009 08:55
[雜記]RHCE筆記整理-RH253-Unit7(1)
Apache Web Server
Packages: httpd, httpd-devel, httpd-manual
Daemon: /usr/sbin/httpd
Scripts: /etc/init.d/httpd
Ports: 80(http), 443(https)
Conriguration: /etc/httpd/*, /var/www/*
Related: mod_ssl (for https)
%SElinux
Packages: httpd, httpd-devel, httpd-manual
Daemon: /usr/sbin/httpd
Scripts: /etc/init.d/httpd
Ports: 80(http), 443(https)
Conriguration: /etc/httpd/*, /var/www/*
Related: mod_ssl (for https)
%SElinux
- Jul 26 Sun 2009 23:54
[雜記]RHCE筆記整理-RH253-Unit6(3)
3. Samba Services
four main service
. authentication and authorization of users
. file and printer sharing
. name resolution
. browsing
related
. smbclient
four main service
. authentication and authorization of users
. file and printer sharing
. name resolution
. browsing
related
. smbclient
- Jul 26 Sun 2009 22:44
[雜記]RHCE筆記整理-RH253-Unit6(2)
2. Network File Service(NFS)
Packages: nfs-utils
Daemons: rpc.nfsd(1),rpc.mountd(1),rpc,rquotad(1),rpciod(1),rpc.statd(2),rpc.lockd(2)
Scripts: /etc/init.d/nfs(1),/etc/init.d/nfslock(2)
Ports: 2049, Others assign by portmap(111)
Configuration: /etc/exports
Related: portmap, tcp_wrappers
#rpcinfo -p (verify that(RPC) service are running)
Packages: nfs-utils
Daemons: rpc.nfsd(1),rpc.mountd(1),rpc,rquotad(1),rpciod(1),rpc.statd(2),rpc.lockd(2)
Scripts: /etc/init.d/nfs(1),/etc/init.d/nfslock(2)
Ports: 2049, Others assign by portmap(111)
Configuration: /etc/exports
Related: portmap, tcp_wrappers
#rpcinfo -p (verify that(RPC) service are running)
學習 (2)