Exam8
q1
firewall-cmd --list-all
firewall-cmd --get-active-zones
firewall-cmd --permanent --zone=public --add-rich-rule="rule family='ipv4' source address='172.24.1.0/24' service name='ssh' accept"
firewall-cmd --permanent --zone=public --add-rich-rule="rule family='ipv4' source address='172.25.1.0/24' service name='ssh' reject"
firewall-cmd --reload
驗證
firewall-cmd --list-all
public (active)
...
rich rules:
rule family="ipv4" source address="172.24.1.0/24" service name="ssh" accept
rule family="ipv4" source address="172.25.1.0/24" service name="ssh" reject
q2
nmtui etho 網卡
增加IPV6位址至node1 and node2
or
servera
nmcli c s
確認eth0 interfacname
nmcli c mod Wired\ connection\ 1 ipv6.addresses fc01:ac18::106/64 ipv6.method manual
驗證
ip a s eth0
serverb
nmcli c s
確認eth0 interfacname
nmcli c mod Wired\ connection\ 1 ipv6.addresses fc01:ac18::107/64 ipv6.method manual
驗證
ip a s eth0
q3
ssh node1
yum install dhcp-server -y
設定檔案參考
vim /etc/dhcp/dhcpd.conf
vim /usr/share/doc/dhcp-server/dhcpd.conf.example
copy 47,1段 > dhcpd.conf
copy 75,1段 > dhcpd.conf
vim /etc/dhcp/dhcpd.conf
subnet 192.168.1.0 netmask 255.255.255.0 {
range 192.168.1.160 192.168.1.225;
option domain-name-servers 192.168.1.6;
option domain-name "remote1.example.com";
option routers 192.168.1.100;
option broadcast-address 192.168.0.255;
default-lease-time 600;
max-lease-time 3000;
}
host hosta {
hardware ethernet 52:54:c0:a8:01:0a;
fixed-address 192.168.0.10;
}
host hostb {
hardware ethernet 52:54:c0:a8:01:0b;
fixed-address 192.168.0.11;
}
cat /etc/sysconfig/dhcpd
cp /usr/lib/systemd/system/dhcpd.service /etc/systemd/system/
vim /etc/systemd/system/dhcpd.service
修改 $DHCPDARGS eth1
restorecon -iRv /etc/systemd/
restorecon -iRv /etc/dhcp/
systemctl --system daemon-reload
systemctl enable --now dhcpd.service
systemctl restart dhcpd.service
firewall-cmd --permanent --add-service=dhcp
firewall-cmd --reload
q4
1.正解析 dns-bind
vim /etc/named.conf
options {
listen-on port 53 { any; };
listen-on-v6 port 53 { any; };
...
2. DNS 要啟動
firewall-cmd --permanent --add-service=dns
firewall-cmd --reload
systemctl enable --now named
......
3. 正解析-修改zone檔 參考 /var/named/named.localhost
cat /var/named/named.localhost > /var/named/backend.lab.example.com.zone
vim /var/named/backend.lab.example.com.zone
...
$TTL 300
@ IN SOA serverb.backend.lab.example.com. dnslab.example.com. (
30 ; serial
1H ; refresh
5M ; retry
1W ; expire
1m ) ; minimum
; owner TTL CL type RDATA
600 IN NS serberb
servera IN A 192.168.0.10
serverb IN A 192.168.0.11
serverc IN A 192.168.0.12
serverd IN A 192.168.0.13
servera IN AAAA fde2:6494:1e09:2::a
serverb IN AAAA fde2:6494:1e09:2::b
serverc IN AAAA fde2:6494:1e09:2::c
serverd IN AAAA fde2:6494:1e09:2::d
...
將 BIND 配置為使用新的區域檔來回答 backend.lab.example.com 域的正向查找
vim /etc/named.backend.conf
zone "backend.lab.example.com" IN {
type master;
file "backend.lab.example.com.zone";
forwarders {};
};
...
修改權限 /var/named/backend.lab.example.com.zone
chmod 640 /var/named/backend.lab.example.com.zone
chgrp named /var/named/backend.lab.example.com.zone
修改權限 /etc/named.backend.conf
chmod 640 /etc/named.backend.conf
chgrp named /etc/named.backend.conf
在/etc/named.conf include /etc/named.backend.conf
vim /etc/named.conf
...
include "/etc/named.backend.conf";
...
systemctl restart named
4. 建立反向查找
cat /var/named/named.loopback >> /var/named/192.168.0.zone
vim /var/named/192.168.0.zone
...
$TTL 300
@ IN SOA serverb.backend.lab.example.com. dnslab.example.com. (
0 ; serial
1H ; refresh
5M ; retry
1W ; expire
1M ) ; minimum
; owner TTL CL type RDATA
600 IN NS serverb.backend.lab.example.com.
10 IN PTR servera.backend.lab.example.com.
11 IN PTR serverb.backend.lab.example.com.
12 IN PTR serverc.backend.lab.example.com.
13 IN PTR serverd.backend.lab.example.com.
...
修改權限 chmod 640 /var/named/*.zone
修改權限 chgrp named /var/named/*.zone
systemctl restart named
q5 on serverd
filestorage-smb
yum install samba
useradd -s /sbin/nolofin/ floyd
echo floyd | passwd --stdin floyd
smbpasswd -a floyd
flectrag
vim /etc/samba/smb.conf
...
[global]
security = USER
workgroup = STAFF
passdb backend = tdbsam
[common]
path = /common
hosts allow = 172.25.250.
browseable = yes
valid users = floyd
...
testparm
mkdir /common
semanage fcontext -a -t samba_share_t '/common(/.*)?'
restorecon -iRv /common/
.....
firewall-cmd --add-service=samba --permanent
firewall-cmd --reload
systemctl enable --now smb.service
......
驗證
yum install cifs-utils
mount -o username=floyd //serverd/common /mnt
僅讀取未修改
q6 on serverd
續q5
useradd -s /sbin/nologin chihiro
useradd -s /sbin/nologin kenji
echo chihiro | passwd --stdin chihiro
echo kenji | passwd --stdin kenji
mkdir /devops
touch /devops/chihiro.txt
chown -R chihiro /devops
semanage fcontext -a -t samba_share_t '/devops(/.*)?'
restorecon -iRv /devops/
......
設定
vim /etc/samba/smb.conf
......
[devops]
path = /devops
#主機允許要查詢
hosts allow = 172.25.250.
browseable = yes
valid users = chihiro, kenji
write list= chihiro
.....
smbpasswd -a chihiro
smbpasswd -a kenji
firewall-cmd --list-all
systemctl restart smb.service
.........
node2
vim /etc/samba/credentials.txt
...
username=kenji
password=flectrag
...
useradd kenji
echo flectrag | passwd --stdin kenji
useradd chihiro
echo flectrag | passwd --stdin chihiro
設定 fstab
vim /etc/fstab
......
//serverd.lab.example.com/devops /mnt/dev cifs credentials=/etc/samba/credentials.txt,multiuser,seal 0 0
......
su - chihiro
cifscreds add serverd.lab.example.com
password:
echo 'chihiro' > /mnt/dev/chihiro.txt
exit
......
su - kenji
cifscreds add serverd.lab.example.com
password:
echo 'kenji' >> /mnt/dev/kenji.txt
-bash: /mnt/dev/kenji.txt: Permission denied
......
cat /mnt/dev/chihiro.txt
chihiro
q7 on serverd
yum install nfs-utils
mkdir /public
vim /etc/exports.d/nfsexam.exports
...
/public *.lab.example.com(ro)
...
systemctl enable --now nfs-server.service
firewall-cmd --permanent --add-service=nfs
firewall-cmd --reload
.....
測試
exportfs -v
...
/public *.lab.example.com(sync,wdelay,hide,no_subtree_check,sec=sys,ro,secure,root_squash,no_all_squash)
...
q8 on serverc
yum install nfs-utils
mkdir /mnt/nfsmount
vim /etc/fstab
serverd.lab.example.com:/public /mnt/nfsmount nfs defaults 0 0
mount -a
df-h