首页 > 代码库 > linux笔记12

linux笔记12

<虚拟帐号配置独立>

vim /etc/vsftpd/vsftpd.conf

user_config_dir=/etc/vsftpd/userconf

mkdir -p /etc/vsftpd/gou1

 

vim /etc/vsftpd/usercong/gou1

此文件中设定配置文件中的所有参数,此文件优先级高

 

临时更改安全上下文

cd /mnt/

touch file

mv file /var/ftp/pub

lftp 172.25.25.10查看不到该文件

ls -Zd /var/ftp.pub查看目录安全上下文

drwxr-xr-x. root root system_u:object_r:public_content_t:s0 /var/ftp/pub/

chcon -t public_content_t /var/ftp/pub/ -R更改安全上下文(-R第归)

chcon 命令是临时的更改安全上下文,重启selinux会重置

//方法2

cd /etc/ftp/pub

restorecon *(不常用)

 

永久更改安全上下文

semanage fcontext -l | grep ftpdir查看安全上下文

semanage fcontext -a -t public_content_t ‘/ftpdir(/.*)?‘添加安全上下文加入内核

semanage fcontext -l | grep ftpdir

restorecon -RvvF /ftpdir/更改安全上下文

restorecon reset /ftpdir context unconfined_u:object_r:default_t:s0->system_u:object_r:public_content_t:s0

restorecon reset /ftpdir/gou1 context unconfined_u:object_r:default_t:s0->system_u:object_r:public_content_t:s0

restorecon reset /ftpdir/gou1/gou1pub context unconfined_u:object_r:default_t:s0->system_u:object_r:public_content_t:s0

restorecon reset /ftpdir/gou1/gou1pub/file context unconfined_u:object_r:default_t:s0->system_u:object_r:public_content_t:s0

restorecon reset /ftpdir/gou1/gou1pub/passwd context system_u:object_r:default_t:s0->system_u:object_r:public_content_t:s0

restorecon reset /ftpdir/gou1/file context unconfined_u:object_r:default_t:s0->system_u:object_r:public_content_t:s0

restorecon reset /ftpdir/gou2 context unconfined_u:object_r:default_t:s0->system_u:object_r:public_content_t:s0

restorecon reset /ftpdir/gou2/gou2pub context unconfined_u:object_r:default_t:s0->system_u:object_r:public_content_t:s0

restorecon reset /ftpdir/gou3 context unconfined_u:object_r:default_t:s0->system_u:object_r:public_content_t:s0

restorecon reset /ftpdir/gou3/gou3pub context unconfined_u:object_r:default_t:s0->system_u:object_r:public_content_t:s0

 

lftp 172.25.25.10 查看成功

 

getsebool -a | grep ftp查看ftp功能开关

setsebool -P ftpd_anon_write on开启上传

setenforce 1selinux改为拒绝

 

grub2磁盘引导

dd if=/dev/zero of=/dev/vda bs=446 count=1破坏开头446个字节

reboot重启

更改开机方式(光盘启动或者网卡启动)

技术分享

技术分享

技术分享

chroot /mnt/sysimage

grub2-install /dev/vda

exit

exit

重启(更改启动方式改为硬盘启动)

 

删除grub.cfg

rm -rf /boot/grub2/grub.cfg

grub2-mkconfig > /boot/grub2/grub.cfg (未关机恢复文件)

reboot

 

set root=‘hd0,msdos1‘

linux16 /boot/vmlinuz-3.10.0-123.el7.x86_64 ro root=/dev/vda1

initrd16 /boot/initramfs-3.10.0-123.el7.x86_64.img

boot

技术分享

 

删除内核

rm -rf /boot/vmlinuz-3.10.0-123.e17.x86_64删除内核

reboot

进入抢救

chroot /mnt/sysimage

yum search kernel 查找内核文件

rpm2cpio kernel-3.10.0-123.el7.x86_64.rpm | cpio -id

cp vmlinuz-3.10.0-123.el7.x86_64 /boot

exit

exit

技术分享

技术分享


删除镜像文件

rm -rf initramfs-3.10.0-123.el7.x86_64.img

技术分享

技术分享

 


删除/boot

rm -rf /boot/

reboot

进入抢救

技术分享

技术分享

开机链接出现错误

[root@localhost ~]# ll /etc/systemd/system/default.target

lrwxrwxrwx. 1 root root 40 Jul 10  2014 /etc/systemd/system/default.target -> /usr/lib/systemd/system/graphical.target原本正确的连接(开启图形)

[root@localhost ~]# rm -rf /etc/systemd/system/default.target

[root@localhost ~]# ln -s /usr/lib/systemd/system/reboot.target /etc/systemd/system/default.target建立错误连接

[root@localhost ~]# reboot

技术分享

技术分享

 

开机密码修改

技术分享

技术分享

touch /.autorelabel(selinux重新识别密码)

 

 

DNS高速缓存

 yum install bind -y安装服务

 systemctl enable named开机自启

 systemctl start  named开启服务

 vim /etc/named.conf 修该文件

 10 options {

 11         listen-on port 53 { any; };设定端口开放any表示interface都开

 12         listen-on-v6 port 53 { ::1; };

 13         directory       "/var/named";

 14         dump-file       "/var/named/data/cache_dump.db";

 15         statistics-file "/var/named/data/named_stats.txt";

 16         memstatistics-file "/var/named/data/named_mem_stats.txt";

 17         allow-query     { any; };回答所有人的提问

 18         forwarders      {172.25.254.250;};

 32    dnssec-validation no;(原本为yes)

 systemctl restart named

 vim /etc/resolv.conf 修改dns

 firewall-cmd --permanent --add-service=dns设定火墙

 firewall-cmd --reload

 systemctl restart named重启服务

 

DNS正向解析

vim /etc/named.conf

vim /etc/named.rfc1912.zones

(复制添加)

 25 zone "westos.com" IN {

 26          type master;

 27          file "westos.com.zone";

 28          allow-update { none; };

 29   };

 

cp -p named.localhost westos.com.zone复制模版

 vim westos.com.zone

$TTL 1D

@       IN SOA  dns.westos.com. root.westos.com. (dns域名,域名管理员)

                                        0       ; serial

                                        1D      ; refresh

                                        1H      ; retry

                                        1W      ; expire

                                        3H )    ; minimum

        NS      dns.westos.com.

dns     A       172.25.254.125dnsip)

www     A       172.25.254.126www的ip)

 

 

systemctl restart named(重启服务)

 

《测试结果》

[root@localhost ~]# dig www.westos.com

 

; <<>> DiG 9.9.4-RedHat-9.9.4-14.el7 <<>> www.westos.com

;; global options: +cmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 33830

;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2

 

;; OPT PSEUDOSECTION:

; EDNS: version: 0, flags:; udp: 4096

;; QUESTION SECTION:

;www.westos.com.INA

 

;; ANSWER SECTION:

www.westos.com.86400INA172.25.254.126

 

;; AUTHORITY SECTION:

westos.com.86400INNSdns.westos.com.

 

;; ADDITIONAL SECTION:

dns.westos.com.86400INA172.25.254.125

 

vim /var/named/westos.com/zone

www             A       172.25.254.119ip

gou             CNAME   wwwcname

westos.com.     MX 1    172.25.254.125.MX邮件

<测试结果>

[root@localhost ~]# dig -t mx westos.com

 

; <<>> DiG 9.9.4-RedHat-9.9.4-14.el7 <<>> -t mx westos.com

;; global options: +cmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 31713

;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2

 

;; OPT PSEUDOSECTION:

; EDNS: version: 0, flags:; udp: 4096

;; QUESTION SECTION:

;westos.com.INMX

 

;; ANSWER SECTION:

westos.com.86400INMX1 172.25.254.125.

 

DNS反向解析

 vim /etc/named.rfc1912.zones

(复制模版)

43 zone "254.25.172.in-addr.arpa" IN {

 44         type master;

 45         file "westos.comNaNr";

 46         allow-update { none; };

 47 };

 

cp -p /var/named/named.loopback westos.comNaNr(复制模版)

 vim westos.comNaNr

$TTL 1D

@       IN SOA  dns.westos.com. root.westos.com. (

                                        0       ; serial

                                        1D      ; refresh

                                        1H      ; retry

                                        1W      ; expire

                                        3H )    ; minimum

        NS      dns.westos.com.

        A       172.25.254.125

112     PTR     www.westos.com.

199     PTR     www.gou.com.

systemctl restart named(重启服务)

 

<测试结果>

[root@localhost named]# dig -x 172.25.254.199

 

; <<>> DiG 9.9.4-RedHat-9.9.4-14.el7 <<>> -x 172.25.254.199

;; global options: +cmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 54712

;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2

 

;; OPT PSEUDOSECTION:

; EDNS: version: 0, flags:; udp: 4096

;; QUESTION SECTION:

;199.254.25.172.in-addr.arpa.INPTR

 

;; ANSWER SECTION:

199.254.25.172.in-addr.arpa. 86400 INPTRwww.gou.com.

 

双向解析

cp -p westos.com.zone westos.com.inter复制模版

vim westos.com.inter修改内容

$TTL 1D外网回答文件

@       IN SOA  dns.westos.com. root.westos.com. (

                                        0       ; serial

                                        1D      ; refresh

                                        1H      ; retry

                                        1W      ; expire

                                        3H )    ; minimum

                NS      dns.westos.com.

dns             A       172.25.99.125

www             A       172.25.99.126

www             A       172.25.99.119

gou             CNAME   www

westos.com.     MX 1    172.25.99.125.

 

cp -p /etc/named.rfc1912.zones /etc/named.rfc1912.zones.inter复制模版

vim /etc/named.rfc1912.zones.inter

zone "westos.com" IN {

         type master;

         file "westos.com.inter";外网访问文件

         allow-update { none; };

  };

 

 vim /etc/named.conf 修改配置文件

 50 /*注释掉原有内容

 51 zone "." IN {

 52         type hint;

 53         file "named.ca";

 54 };

 55

 56 include "/etc/named.rfc1912.zones";

 57 include "/etc/named.root.key";

 58 */

 59 view localnet {内网访问

 60         match-clients { 172.25.254.125;};内网限制

 61         zone "." IN {

 62         type hint;

 63         file "named.ca";

 64 };

 65 include "/etc/named.rfc1912.zones";访问文件

 66 };

 67

 68 view internet {

 69         match-clients { any;};外网限制

 70         zone "." IN {

 71         type hint;

 72         file "named.ca";

 73 };

 74 include "/etc/named.rfc1912.zones.inter";访问文件

 75 };

 

<测试结果>

内网

[root@localhost ~]# dig www.westos.com

 

; <<>> DiG 9.9.4-RedHat-9.9.4-14.el7 <<>> www.westos.com

;; global options: +cmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 59866

;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 1, ADDITIONAL: 2

 

;; OPT PSEUDOSECTION:

; EDNS: version: 0, flags:; udp: 4096

;; QUESTION SECTION:

;www.westos.com.INA

 

;; ANSWER SECTION:

www.westos.com.86400INA172.25.254.126

www.westos.com.86400INA172.25.254.119

外网

[root@localhost ~]# dig www.westos.com

 

; <<>> DiG 9.9.4-RedHat-9.9.4-14.el7 <<>> www.westos.com

;; global options: +cmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 13889

;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 1, ADDITIONAL: 2

 

;; OPT PSEUDOSECTION:

; EDNS: version: 0, flags:; udp: 4096

;; QUESTION SECTION:

;www.westos.com.INA

 

;; ANSWER SECTION:

www.westos.com.86400INA172.25.99.126

www.westos.com.86400INA172.25.99.119

 


linux笔记12