云计算系统管理考试实验
一.
1、安装CentOS系统,采用最小化安装,添加一块磁盘,创建两个主分区大小分别为2G和4G,文件系统类型为ext4创建两个逻辑分区,大小分别为2G和5G,第一个逻辑分区的类型为swap。
[root@jason ~]# fdisk /dev/sdb
Device contains neither a valid DOS partition table, nor Sun, SGI or OSF disklabel
Building a new DOS disklabel with disk identifier 0x039d8d85.
Changes will remain in memory only, until you decide to write them.
After that, of course, the previous content won't be recoverable.
Warning: invalid flag 0x0000 of partition table 4 will be corrected by w(rite)
WARNING: DOS-compatible mode is deprecated. It's strongly recommended to
switch off the mode (command 'c') and change display units to
sectors (command 'u').
Command (m for help): n
Command action
e extended
p primary partition (1-4)
p
Partition number (1-4): 1
First cylinder (1-2610, default 1):
Using default value 1
Last cylinder, +cylinders or +size{K,M,G} (1-2610, default 2610): +2G
Command (m for help): n
Command action
e extended
p primary partition (1-4)
p
Partition number (1-4): 2
First cylinder (263-2610, default 263):
Using default value 263
Last cylinder, +cylinders or +size{K,M,G} (263-2610, default 2610): +4g
Unsupported suffix: 'g'.
Supported: 10^N: KB (KiloByte), MB (MegaByte), GB (GigaByte)
2^N: K (KibiByte), M (MebiByte), G (GibiByte)
Last cylinder, +cylinders or +size{K,M,G} (263-2610, default 2610): +4G
Command (m for help): p
Disk /dev/sdb: 21.5 GB, 21474836480 bytes
255 heads, 63 sectors/track, 2610 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk identifier: 0x039d8d85
Device Boot Start End Blocks Id System
/dev/sdb1 1 262 2104483+ 83 Linux
/dev/sdb2 263 785 4200997+ 83 Linux
Command (m for help): n
Command action
e extended
p primary partition (1-4)
e
Partition number (1-4): 3
First cylinder (786-2610, default 786):
Using default value 786
Last cylinder, +cylinders or +size{K,M,G} (786-2610, default 2610):
Using default value 2610
Command (m for help): n
Command action
l logical (5 or over)
p primary partition (1-4)
l
First cylinder (786-2610, default 786):
Using default value 786
Last cylinder, +cylinders or +size{K,M,G} (786-2610, default 2610): +2G
Command (m for help): n
Command action
l logical (5 or over)
p primary partition (1-4)
l
First cylinder (1048-2610, default 1048): +5G
Value out of range.
First cylinder (1048-2610, default 1048):
Using default value 1048
Last cylinder, +cylinders or +size{K,M,G} (1048-2610, default 2610): +5g
Unsupported suffix: 'g'.
Supported: 10^N: KB (KiloByte), MB (MegaByte), GB (GigaByte)
2^N: K (KibiByte), M (MebiByte), G (GibiByte)
Last cylinder, +cylinders or +size{K,M,G} (1048-2610, default 2610): +5G
Command (m for help): p
Disk /dev/sdb: 21.5 GB, 21474836480 bytes
255 heads, 63 sectors/track, 2610 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk identifier: 0x039d8d85
Device Boot Start End Blocks Id System
/dev/sdb1 1 262 2104483+ 83 Linux
/dev/sdb2 263 785 4200997+ 83 Linux
/dev/sdb3 786 2610 14659312+ 5 Extended
/dev/sdb5 786 1047 2104483+ 83 Linux
/dev/sdb6 1048 1701 5253223+ 83 Linux
Command (m for help): t
Partition number (1-6): 5
Hex code (type L to list codes): 82
Changed system type of partition 5 to 82 (Linux swap / Solaris)
Command (m for help): p
Disk /dev/sdb: 21.5 GB, 21474836480 bytes
255 heads, 63 sectors/track, 2610 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk identifier: 0x039d8d85
Device Boot Start End Blocks Id System
/dev/sdb1 1 262 2104483+ 83 Linux
/dev/sdb2 263 785 4200997+ 83 Linux
/dev/sdb3 786 2610 14659312+ 5 Extended
/dev/sdb5 786 1047 2104483+ 82 Linux swap / Solaris
/dev/sdb6 1048 1701 5253223+ 83 Linux
Command (m for help): w
The partition table has been altered!
Calling ioctl() to re-read partition table.
Syncing disks.
[root@jason ~]# partprobe /dev/sdb
sdb sdb1 sdb2 sdb3 sdb5 sdb6
[root@jason ~]# partprobe /dev/sdb
2、格式化各分区并启用swap分区,
为Linux服务器添加4块SCSI硬盘 使用mdadm软件包,构建RAID5磁盘阵列,提高磁盘存储的性能和可靠性。
分区
[root@jason ~]# fdisk /dev/sdc
Device contains neither a valid DOS partition table, nor Sun, SGI or OSF disklabel
Building a new DOS disklabel with disk identifier 0x0a10dcc5.
Changes will remain in memory only, until you decide to write them.
After that, of course, the previous content won't be recoverable.
Warning: invalid flag 0x0000 of partition table 4 will be corrected by w(rite)
WARNING: DOS-compatible mode is deprecated. It's strongly recommended to
switch off the mode (command 'c') and change display units to
sectors (command 'u').
Command (m for help): n
Command action
e extended
p primary partition (1-4)
p
Partition number (1-4): 1
First cylinder (1-2610, default 1):
Using default value 1
Last cylinder, +cylinders or +size{K,M,G} (1-2610, default 2610): +2G
Command (m for help): t
Selected partition 1
Hex code (type L to list codes): fd
Changed system type of partition 1 to fd (Linux raid autodetect)
Command (m for help): p
Disk /dev/sdc: 21.5 GB, 21474836480 bytes
255 heads, 63 sectors/track, 2610 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk identifier: 0x0a10dcc5
Device Boot Start End Blocks Id System
/dev/sdc1 1 262 2104483+ fd Linux raid autodetect
Command (m for help): w
The partition table has been altered!
Calling ioctl() to re-read partition table.
Syncing disks.
[root@jason ~]# fdisk /dev/sdd
以相同的方式来处理sdd、sde、sdf(此处省略)
探测分区
[root@jason ~]# partprobe /dev/sd[c-f]1
sdc1 sdd1 sde1 sdf1
[root@jason ~]#
系统能够识别到新的分区
创建RAID
安装mdadm
[root@jason ~]# rpm -qa | grep mdadm
[root@jason ~]# mount /dev/cdrom /mnt
mount: block device /dev/sr0 is write-protected, mounting read-only
[root@jason ~]# cd /mnt/Packages/
[root@jason Packages]# rpm -ivh mdadm-3.2.6-7.el6.x86_64.rpm
Display all 3996 possibilities? (y or n)
[root@jason Packages]# rpm -ivh mdadm-3.2.6-7.el6.x86_64.rpm
warning: mdadm-3.2.6-7.el6.x86_64.rpm: Header V3 RSA/SHA1 Signature, key ID c105b9de: NOKEY
Preparing... ########################################### [100%]
1:mdadm ########################################### [100%]
[root@jason Packages]#
[root@jason Packages]# mdadm --create --auto=yes /dev/md0 --level=5 --raid-devices=4 /dev/[c-f]1
mdadm: You haven't given enough devices (real or missing) to create this array
[root@jason Packages]# mdadm --create --auto=yes /dev/md0 --level=5 --raid-devices=4 /dev/sd[c-f]1
mdadm: Defaulting to version 1.2 metadata
mdadm: array /dev/md0 started.
[root@jason Packages]# mdadm --detail /dev/mdo
mdadm: cannot open /dev/mdo: No such file or directory
[root@jason Packages]# mdadm --detail /dev/md0
/dev/md0:
Version : 1.2
Creation Time : Thu Jun 30 16:43:22 2016
Raid Level : raid5
Array Size : 6306816 (6.01 GiB 6.46 GB)
Used Dev Size : 2102272 (2.00 GiB 2.15 GB)
Raid Devices : 4
Total Devices : 4
Persistence : Superblock is persistent
Update Time : Thu Jun 30 16:43:33 2016
State : clean
Active Devices : 4
Working Devices : 4
Failed Devices : 0
Spare Devices : 0
Layout : left-symmetric
Chunk Size : 512K
Name : jason:0 (local to host jason)
UUID : 0afd7203:5dd79899:5558be61:05f41eb4
Events : 18
Number Major Minor RaidDevice State
0 8 33 0 active sync /dev/sdc1
1 8 49 1 active sync /dev/sdd1
2 8 65 2 active sync /dev/sde1
4 8 81 3 active sync /dev/sdf1
[root@jason Packages]# cat /proc/mdstat
Personalities : [raid6] [raid5] [raid4]
md0 : active raid5 sdf1[4] sde1[2] sdd1[1] sdc1[0]
6306816 blocks super 1.2 level 5, 512k chunk, algorithm 2 [4/4] [UUUU]
unused devices:
[root@jason Packages]#
编辑mdadm.conf配置文件
[root@jason Packages]# vi /etc/mdadm.conf
DEVICE /dev/sd[c-f]1
ARRAY /dev/md0 level=raid5 num-devices=4 UUID=0afd7203:5dd79899:5558be61:05f41eb4
devices=/dev/sdc1,/dev/sdd1,/dev/sde1,/dev/sdf1
~
~
~
~
~
:wq
测试配置文件
[root@jason Packages]# mdadm -S /dev/md0
mdadm: stopped /dev/md0
[root@jason Packages]# mdadm -A /dev/md0
mdadm: /dev/md0 has been started with 4 drives.
[root@jason Packages]# cat /proc/mdstat
Personalities : [raid6] [raid5] [raid4]
md0 : active raid5 sdc1[0] sdf1[4] sde1[2] sdd1[1]
6306816 blocks super 1.2 level 5, 512k chunk, algorithm 2 [4/4] [UUUU]
unused devices:
[root@jason Packages]#
3、把第一个主分区挂载在“/本人名”目录下。把第二个逻辑分区挂载在“/班级名目录”下设置自动挂载
挂载
[root@jason Packages]# mkdir /jason
[root@jason Packages]# mkdir /c101
[root@jason Packages]# mount /dev/sdb1 /jason
[root@jason Packages]# mount /dev/sdb2 /c101/
查看挂载情况
[root@jason Packages]# mount | grep "sdb1"
/dev/sdb1 on /jason type ext4 (rw)
[root@jason Packages]# mount | grep "sdb2"
/dev/sdb2 on /c101 type ext4 (rw)
4、查看挂载情况和磁盘空间占用情况
[root@jason ~]# df -hT /dev/sdb[12]
Filesystem Type Size Used Avail Use% Mounted on
/dev/sdb1 ext4 2.0G 68M 1.9G 4% /jason
/dev/sdb2 ext4 4.0G 137M 3.7G 4% /c101
[root@jason ~]#
5、创建本人名的用户,在第一个主分区设置对用户和组的磁盘配额。
[root@jason Packages]# yum install quota
Loaded plugins: fastestmirror
Setting up Install Process
Loading mirror speeds from cached hostfile
* base: mirrors.tuna.tsinghua.edu.cn
* extras: mirrors.yun-idc.com
* updates: mirrors.yun-idc.com
Resolving Dependencies
--> Running transaction check
---> Package quota.x86_64 1:3.17-23.el6 will be installed
--> Processing Dependency: tcp_wrappers for package: 1:quota-3.17-23.el6.x86_64
--> Processing Dependency: libnl.so.1()(64bit) for package: 1:quota-3.17-23.el6.x86_64
--> Running transaction check
---> Package libnl.x86_64 0:1.1.4-2.el6 will be installed
---> Package tcp_wrappers.x86_64 0:7.6-58.el6 will be installed
--> Processing Dependency: tcp_wrappers-libs = 7.6-58.el6 for package: tcp_wrappers-7.6-58.el6.x86_64
--> Running transaction check
---> Package tcp_wrappers-libs.x86_64 0:7.6-57.el6 will be updated
---> Package tcp_wrappers-libs.x86_64 0:7.6-58.el6 will be an update
--> Finished Dependency Resolution
Dependencies Resolved
========================================================================================================
Package Arch Version Repository Size
========================================================================================================
Installing:
quota x86_64 1:3.17-23.el6 base 202 k
Installing for dependencies:
libnl x86_64 1.1.4-2.el6 base 121 k
tcp_wrappers x86_64 7.6-58.el6 base 70 k
Updating for dependencies:
tcp_wrappers-libs x86_64 7.6-58.el6 base 62 k
Transaction Summary
========================================================================================================
Install 3 Package(s)
Upgrade 1 Package(s)
Total download size: 455 k
Is this ok [y/N]: y
Downloading Packages:
(1/4): libnl-1.1.4-2.el6.x86_64.rpm | 121 kB 00:00
(2/4): quota-3.17-23.el6.x86_64.rpm | 202 kB 00:00
(3/4): tcp_wrappers-7.6-58.el6.x86_64.rpm | 70 kB 00:00
(4/4): tcp_wrappers-libs-7.6-58.el6.x86_64.rpm | 62 kB 00:00
--------------------------------------------------------------------------------------------------------
Total 868 kB/s | 455 kB 00:00
Running rpm_check_debug
Running Transaction Test
Transaction Test Succeeded
Running Transaction
Warning: RPMDB altered outside of yum.
Updating : tcp_wrappers-libs-7.6-58.el6.x86_64 1/5
Installing : tcp_wrappers-7.6-58.el6.x86_64 2/5
Installing : libnl-1.1.4-2.el6.x86_64 3/5
Installing : 1:quota-3.17-23.el6.x86_64 4/5
Cleanup : tcp_wrappers-libs-7.6-57.el6.x86_64 5/5
Verifying : 1:quota-3.17-23.el6.x86_64 1/5
Verifying : tcp_wrappers-7.6-58.el6.x86_64 2/5
Verifying : libnl-1.1.4-2.el6.x86_64 3/5
Verifying : tcp_wrappers-libs-7.6-58.el6.x86_64 4/5
Verifying : tcp_wrappers-libs-7.6-57.el6.x86_64 5/5
Installed:
quota.x86_64 1:3.17-23.el6
Dependency Installed:
libnl.x86_64 0:1.1.4-2.el6 tcp_wrappers.x86_64 0:7.6-58.el6
Dependency Updated:
tcp_wrappers-libs.x86_64 0:7.6-58.el6
Complete!
[root@jason Packages]#
6、生成配额文件并查看到
7、设置“本人名”用户配额为软限制5M,硬限制10M
8、验证配额
9、删除/boot/grub/grub.conf后重启,手动输入引导命令后启动。
二.
1、查看crond进程的启动状态,并设置只在35级别为启动状态,用ps命令查看crond的进程号
crond进程的启动状态
[root@test1 jason]# service crond status
crond (pid 2418) is running...
[root@test1 jason]#
只在35级别为启动状态
[root@test1 jason]# chkconfig --level 35 crond on
[root@test1 jason]# chkconfig --list crond
crond 0:off 1:off 2:on 3:on 4:on 5:on 6:off
[root@test1 jason]#
用ps命令查看crond的进程号
[root@test1 jason]# ps -elf | grep crond
1 S root 2418 1 0 80 0 - 29324 hrtime 17:07 ? 00:00:00 crond
0 R root 2565 2522 0 80 0 - 25813 - 17:11 pts/0 00:00:00 grep crond
[root@test1 jason]#
2418就是crond的进程号
2、重启crond任务,动态查看当前进程。查看root用户的进程号和名称信息。
重启crond任务
[root@test1 jason]# service crond restart
Stopping crond: [ OK ]
Starting crond: [ OK ]
[root@test1 jason]#
动态查看当前进程
[root@test1 jason]# top
top - 17:15:24 up 8 min, 1 user, load average: 0.02, 0.09, 0.07
Tasks: 112 total, 1 running, 111 sleeping, 0 stopped, 0 zombie
Cpu(s): 0.0%us, 0.2%sy, 0.0%ni, 99.8%id, 0.0%wa, 0.0%hi, 0.0%si, 0.0%st
Mem: 8046656k total, 249024k used, 7797632k free, 18192k buffers
Swap: 4194296k total, 0k used, 4194296k free, 86536k cached
PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
1446 root 20 0 172m 7704 4492 S 0.3 0.1 0:00.65 vmtoolsd
2492 root 20 0 12532 992 812 S 0.3 0.0 0:00.15 in.telnetd
1 root 20 0 19364 1536 1228 S 0.0 0.0 0:02.74 init
2 root 20 0 0 0 0 S 0.0 0.0 0:00.01 kthreadd
3 root RT 0 0 0 0 S 0.0 0.0 0:00.04 migration/0
4 root 20 0 0 0 0 S 0.0 0.0 0:00.00 ksoftirqd/0
5 root RT 0 0 0 0 S 0.0 0.0 0:00.00 migration/0
6 root RT 0 0 0 0 S 0.0 0.0 0:00.00 watchdog/0
7 root RT 0 0 0 0 S 0.0 0.0 0:00.30 migration/1
8 root RT 0 0 0 0 S 0.0 0.0 0:00.00 migration/1
9 root 20 0 0 0 0 S 0.0 0.0 0:00.00 ksoftirqd/1
10 root RT 0 0 0 0 S 0.0 0.0 0:00.00 watchdog/1
11 root 20 0 0 0 0 S 0.0 0.0 0:00.44 events/0
12 root 20 0 0 0 0 S 0.0 0.0 0:00.07 events/1
13 root 20 0 0 0 0 S 0.0 0.0 0:00.00 cgroup
14 root 20 0 0 0 0 S 0.0 0.0 0:00.00 khelper
15 root 20 0 0 0 0 S 0.0 0.0 0:00.00 netns
16 root 20 0 0 0 0 S 0.0 0.0 0:00.00 async/mgr
17 root 20 0 0 0 0 S 0.0 0.0 0:00.00 pm
18 root 20 0 0 0 0 S 0.0 0.0 0:00.00 sync_supers
19 root 20 0 0 0 0 S 0.0 0.0 0:00.00 bdi-default
查看root用户的进程号和名称信息。
[root@test1 jason]# pgrep -l -u root | grep bash
2522 bash
[root@test1 jason]#
root用户的进程号是2522,名称是bash
3、打开文件/root/install.log并放入后台执行,查看作业号并调入前台执行。
[root@test1 jason]# vi /root/install.log &
[1] 2619
[root@test1 jason]# fg
vi /root/install.log
4、再次调入后台暂停执行,最后查看并杀死此进程,验证成功杀死
[root@test1 jason]# vi /root/install.log
[1]- Stopped vi /root/install.log //进入vi后按Ctrl+Z就会退到这个界面
[2]+ Stopped vi /root/install.log
[root@test1 jason]# ps -elf | grep vi //查看关于vi的进程
0 S root 1501 1 0 80 0 - 12218 poll_s 17:07 ? 00:00:00 /usr/lib/vmware-vgauth/VGAuthService -s
4 T root 2620 2522 0 80 0 - 29246 signal 17:22 pts/0 00:00:00 vi /root/install.log
4 T root 2623 2522 0 80 0 - 29814 signal 17:23 pts/0 00:00:00 vi /root/install.log
0 S root 2625 2522 0 80 0 - 25814 pipe_w 17:24 pts/0 00:00:00 grep vi
[root@test1 jason]# killall -9 vi //干掉和vi有关的所有进程
[1]- Killed vi /root/install.log
[2]+ Killed vi /root/install.log
[root@test1 jason]# ps -elf | grep vi //再次查看和vi有关的进程
0 S root 1501 1 0 80 0 - 12218 poll_s 17:07 ? 00:00:00 /usr/lib/vmware-vgauth/VGAuthService -s
0 S root 2630 2522 0 80 0 - 25814 pipe_w 17:25 pts/0 00:00:00 grep vi
[root@test1 jason]#
从结果中可以看出vi已经被干掉。
5、设置计划任务,要求当前月份的当天开始连续三天每分钟在/目录下创建文件“本人名”
[root@test1 jason]# crontab -e
no crontab for root - using an empty one
*/1 * 29-31 6 * /bin/touch /jason
~
~
...//省略“~”
~
~
:wq
crontab: installing new crontab
[root@test1 jason]#
6、查看任务并验证到执行结果后删除任务。
[root@test1 jason]# crontab -l
*/1 * 29-31 6 * /bin/touch /jason
[root@test1 jason]#
[root@test1 /]# ls -lh | grep jason
-rw-r--r-- 1 root root 0 Jun 29 17:37 jason
[root@test1 /]#
从时间上可以看出是刚刚建立的文件
删除
[root@test1 /]# crontab -r
[root@test1 /]# crontab -l
no crontab for root
[root@test1 /]#
7、查看/var/log目录的总大小
[root@test1 log]# pwd
/var/log
[root@test1 log]# ls -lh
total 3.5M //log目录总大小为3.5M
-rw-------. 1 root root 2.4K May 24 00:10 anaconda.ifcfg.log
-rw-------. 1 root root 21K May 24 00:10 anaconda.log
-rw-------. 1 root root 34K May 24 00:10 anaconda.program.log
-rw-------. 1 root root 104K May 24 00:10 anaconda.storage.log
-rw-------. 1 root root 155K May 24 00:10 anaconda.syslog
-rw-------. 1 root root 35K May 24 00:10 anaconda.xlog
-rw-------. 1 root root 113K May 24 00:10 anaconda.yum.log
drwxr-x---. 2 root root 4.0K May 24 00:12 audit
-rw-r--r-- 1 root root 3.3K Jun 29 17:07 boot.log
-rw------- 1 root utmp 3.8K Jun 29 17:07 btmp
-rw-------. 1 root utmp 3.8K May 24 18:32 btmp-20160601
drwxr-xr-x. 2 root root 4.0K May 24 00:14 ConsoleKit
-rw------- 1 root root 4.2K Jun 29 17:40 cron
-rw-------. 1 root root 8.2K Jun 1 17:36 cron-20160601
-rw------- 1 root root 20K Jun 5 10:21 cron-20160605
drwxr-xr-x. 2 lp sys 4.0K Aug 17 2013 cups
-rw-r--r-- 1 root root 98K Jun 29 17:07 dmesg
-rw-r--r-- 1 root root 98K Jun 5 20:40 dmesg.old
-rw-r--r--. 1 root root 338K May 24 00:21 dracut.log
drwxrwx--T. 2 root gdm 4.0K Jun 4 14:35 gdm
drwx------. 2 root root 4.0K Aug 14 2013 httpd
-rw-r--r--. 1 root root 144K Jun 29 17:30 lastlog
-rw------- 1 root root 532 Jun 29 17:07 maillog
-rw-------. 1 root root 3.0K Jun 1 16:36 maillog-20160601
-rw------- 1 root root 2.3K Jun 4 08:23 maillog-20160605
-rw------- 1 root root 259K Jun 29 17:30 messages
-rw-------. 1 root root 982K Jun 1 16:45 messages-20160601
-rw------- 1 root root 765K Jun 5 09:30 messages-20160605
drwxr-xr-x. 2 ntp ntp 4.0K Nov 24 2013 ntpstats
-rw-r--r--. 1 root root 89 Jun 4 14:35 pm-powersave.log
drwx------. 2 root root 4.0K Aug 23 2010 ppp
drwxr-xr-x. 2 root root 4.0K May 24 13:33 prelink
drwxr-xr-x. 2 root root 4.0K Jun 29 17:07 sa
drwx------. 3 root root 4.0K May 24 00:05 samba
-rw------- 1 root root 5.9K Jun 29 17:30 secure
-rw-------. 1 root root 16K Jun 1 17:17 secure-20160601
-rw------- 1 root root 8.8K Jun 4 14:36 secure-20160605
-rw-------. 1 root root 0 May 24 00:12 spice-vdagent.log
-rw------- 1 root root 0 Jun 5 10:21 spooler
-rw-------. 1 root root 0 May 24 00:06 spooler-20160601
-rw------- 1 root root 0 Jun 1 17:36 spooler-20160605
drwxr-x---. 2 root root 4.0K Nov 23 2013 sssd
-rw-------. 1 root root 0 May 24 00:03 tallylog
drwxr-xr-x. 3 root root 4.0K May 24 00:21 vmware-caf
-rw-r--r--. 1 root root 5.4K May 24 00:21 vmware-install.log
-rw-r--r--. 1 root root 69K Jun 29 17:07 vmware-vmsvc.log
-rw-r--r--. 1 root root 25K Jun 5 11:30 vmware-vmusr.log
-rw-r--r--. 1 root root 0 May 24 00:12 wpa_supplicant.log
-rw-rw-r--. 1 root utmp 99K Jun 29 17:30 wtmp
-rw-r--r-- 1 root root 54K Jun 5 11:30 Xorg.0.log
-rw-r--r-- 1 root root 52K Jun 3 08:28 Xorg.0.log.old
-rw-r--r--. 1 root root 33K May 24 00:13 Xorg.9.log
-rw------- 1 root root 0 Jun 3 08:20 yum.log
[root@test1 log]#
8、设置开机直接进入图形化界面。
[root@test1 jason]# vi /etc/inittab
# inittab is only used by upstart for the default runlevel.
#
# ADDING OTHER CONFIGURATION HERE WILL HAVE NO EFFECT ON YOUR SYSTEM.
#
# System initialization is started by /etc/init/rcS.conf
#
# Individual runlevels are started by /etc/init/rc.conf
#
# Ctrl-Alt-Delete is handled by /etc/init/control-alt-delete.conf
#
# Terminal gettys are handled by /etc/init/tty.conf and /etc/init/serial.conf,
# with configuration in /etc/sysconfig/init.
#
# For information on how to write upstart event handlers, or how
# upstart works, see init(5), init(8), and initctl(8).
#
# Default runlevel. The runlevels used are:
# 0 - halt (Do NOT set initdefault to this)
# 1 - Single user mode
# 2 - Multiuser, without NFS (The same as 3, if you do not have networking)
# 3 - Full multiuser mode
# 4 - unused
# 5 - X11
# 6 - reboot (Do NOT set initdefault to this)
#
id:3:initdefault:
~
:wq
三.
建立用户目录 /tech/benet 和 /tech/accp,分别用于存放各项目组中的账号的宿主文件夹。例如 kylin用户的宿主目录应该位于 /tech/benet/kylin/ 添加组账号 项目组两个分别是benet GID为1001 和 accp GID为1002 技术组是一个 tech GID为200
[root@jason ~]# mkdir -p /tech/benet
[root@jason ~]# mkdir -p /tech/accp
[root@jason ~]# groupadd -g 1001 benet
[root@jason ~]# groupadd -g 1002 accp
[root@jason ~]# groupadd -g 200 tech
[root@jason ~]# tail -3 /etc/group
benet:x:1001:
accp:x:1002:
tech:x:200:
[root@jason ~]#
添加用户 benet组中包含三个用户 kylin tsengia obama,宿主目录均使用 /tech/benet/ 下的同名目录,其中 kylin用户账号设为2013年12月31日后失效。
[root@jason ~]# useradd -g benet -d /tech/benet/kylin -e 2013-12-31 kylin
[root@jason ~]# useradd -g benet -d /tech/benet/tsengia tsengia
[root@jason ~]# useradd -g benet -d /tech/benet/obama obama
[root@jason ~]# passwd kylin
Changing password for user kylin.
New password:
BAD PASSWORD: it does not contain enough DIFFERENT characters
BAD PASSWORD: is too simple
Retype new password:
passwd: all authentication tokens updated successfully.
[root@jason ~]# passwd tsengia
Changing password for user tsengia.
New password:
BAD PASSWORD: it does not contain enough DIFFERENT characters
BAD PASSWORD: is too simple
Retype new password:
passwd: all authentication tokens updated successfully.
[root@jason ~]# passwd obama
Changing password for user obama.
New password:
BAD PASSWORD: it does not contain enough DIFFERENT characters
BAD PASSWORD: is too simple
Retype new password:
passwd: all authentication tokens updated successfully.
[root@jason ~]#
查看
[root@jason ~]# tail -3 /etc/passwd
kylin:x:500:1001::/tech/benet/kylin:/bin/bash //gid是1001
tsengia:x:501:1001::/tech/benet/tsengia:/bin/bash
obama:x:502:1001::/tech/benet/obama:/bin/bash
[root@jason ~]# tail -3 /etc/shadow
kylin:$6$j3qBzXSi$KIbqUA8kOqxUoN46w2ryZGAVsMt5NfPiH4cMU2mW/rL/pt/10tU4RFhU7hbmgxk7d5iypdnNAh3sF6tsSlX7o.:16982:0:99999:7::16070:
tsengia:$6$aYs5/CH.$lhKikHTT.m.ClNUox2bJLlW67yI/YK.84qFFEft98eZ3ZLWt3JKy3tZnpTPPBVoDRZ0r3yzzmIeIezwExGLl3/:16982:0:99999:7:::
obama:$6$HeFUSPfx$J1yEFfiCvQaRopZo63PYVc9X1MkbLD7zSgmdriJMjVSo6zqMsRyfDhbe9EI34q62Avjdt0qchYV/wYDWFGCkK0:16982:0:99999:7:::
[root@jason ~]#
- kylin设置了失效日期,后面的16070就是。
添加用户 accp组中包含两个用户 handy cucci,宿主目录均使用 /tech/accp/ 下的同名目录,其中 cucci用户的登录Shell为 /bin/ksh 上面的所有用户都要加入到tech组中。
添加用户
[root@jason ~]# useradd -s /bin/ksh -d /tech/accp/cucci cucci
[root@jason ~]# useradd -d /tech/accp/handy handy
[root@jason ~]# passwd cucci
Changing password for user cucci.
New password:
BAD PASSWORD: it does not contain enough DIFFERENT characters
BAD PASSWORD: is too simple
Retype new password:
passwd: all authentication tokens updated successfully.
[root@jason ~]# passwd handy
Changing password for user handy.
New password:
BAD PASSWORD: it does not contain enough DIFFERENT characters
BAD PASSWORD: is too simple
Retype new password:
passwd: all authentication tokens updated successfully.
[root@jason ~]# tail -2 /etc/passwd
cucci:x:503:503::/tech/accp/cucci:/bin/ksh //这里可以看出来使用的shell是ksh
handy:x:504:504::/tech/accp/handy:/bin/bash
[root@jason ~]#
添加组
[root@jason ~]# gpasswd -M kylin,tsengia,obama,cucci,handy tech
[root@jason ~]# tail /etc/group | grep tech
tech:x:200:kylin,tsengia,obama,cucci,handy
[root@jason ~]#
设置目录权限及归属 /tech/ 目录的属组为 tech组,去除其他用户的所有权限。
[root@jason ~]# chown :tech /tech/
[root@jason ~]# chmod o-rwx /tech/
[root@jason ~]# ls -ld /tech
drwxr-x---. 4 root tech 4096 Jun 30 17:00 /tech
[root@jason ~]#
/tech/benet/ 目录的属组设置为 benet,去除其他用户的所有权限。
[root@jason ~]# chown :benet /tech/benet/
[root@jason ~]# chmod o-rwx /tech/benet/
[root@jason ~]# ls -ld /tech/benet/
drwxr-x---. 5 root benet 4096 Jun 30 17:07 /tech/benet/
[root@jason ~]#
/tech/accp/ 目录的属组设置为 accp,去除其他用户的所有权限。
[root@jason ~]# chown :accp /tech/accp
[root@jason ~]# chmod o-rwx /tech/accp
[root@jason ~]# ls -ld /tech/accp
drwxr-x---. 4 root accp 4096 Jun 30 17:13 /tech/accp
[root@jason ~]#
建立公共数据存储目录 创建 /public/ 目录,允许所有tech组内的用户读取、写入、执行文件,非技术组的用户不能访问此目录。
[root@jason ~]# mkdir /public/
[root@jason ~]# chown :tech /public/
[root@jason ~]# chmod 770 /public/
[root@jason ~]# ls -ld /public/
drwxrwx---. 2 root tech 4096 Jun 30 17:23 /public/
[root@jason ~]#
添加bourn账户来测试
[root@jason ~]# useradd bourn
[root@jason ~]# passwd bourn
Changing password for user bourn.
New password:
BAD PASSWORD: it does not contain enough DIFFERENT characters
BAD PASSWORD: is too simple
Retype new password:
passwd: all authentication tokens updated successfully.
[root@jason ~]#
[root@jason ~]#
测试非tech组用户
[root@jason ~]# su bourn
[bourn@jason root]$ cd /public/
bash: cd: /public/: Permission denied //对文件夹没有执行权限
[bourn@jason root]$ touch /public/test
touch: cannot touch `/public/test': Permission denied //没有写入权限
[bourn@jason public]$ ls /public/
ls: cannot open directory /public/: Permission denied //没有读取权限
测试tech组用户
[kylin@jason root]$ ls /public //kylin在tech组,有可读权限
test
[kylin@jason root]$ cd /public/ //有可执行权限
[kylin@jason public]$ touch test2 //有写入权限
[kylin@jason public]$ vi test2
[kylin@jason public]$ cat test2
tech is ok
[kylin@jason public]$
继续新建以下相关用户,仅允许用户radmin使用su命令,
[root@jason public]# useradd radmin
[root@jason public]# passwd radmin
Changing password for user radmin.
New password:
BAD PASSWORD: it does not contain enough DIFFERENT characters
BAD PASSWORD: is too simple
Retype new password:
passwd: all authentication tokens updated successfully.
[root@jason public]#
[root@jason public]# vi /etc/pam.d/s
smartcard-auth smtp.postfix su su-l
smartcard-auth-ac sshd sudo system-auth
smtp ssh-keycat sudo-i system-auth-ac
[root@jason public]# vi /etc/pam.d/s
smartcard-auth smtp.postfix su su-l
smartcard-auth-ac sshd sudo system-auth
smtp ssh-keycat sudo-i system-auth-ac
[root@jason public]# vi /etc/pam.d/su
#%PAM-1.0
auth sufficient pam_rootok.so
# Uncomment the following line to implicitly trust users in the "wheel" group.
#auth sufficient pam_wheel.so trust use_uid
# Uncomment the following line to require a user to be in the "wheel" group.
#auth required pam_wheel.so use_uid
auth required pam_wheel.so use_uid //取消此行的注释
auth include system-auth
account sufficient pam_succeed_if.so uid = 0 use_uid quiet
account include system-auth
password include system-auth
session include system-auth
session optional pam_xauth.so
~
~
~
~
~
~
:wq
添加radmin到wheel组中
[root@jason public]# gpasswd -a radmin wheel
Adding user radmin to group wheel
[root@jason public]# cat /etc/group | grep wheel
wheel:x:10:radmin
[root@jason public]#
允许用户zhangsan通过sudo方式管理员工账号,
[root@jason public]# su radmin
[radmin@jason public]$ su
Password:
[root@jason public]# su kulin //从radmin进入到su可以
su: user kulin does not exist
[root@jason public]# su kylin
[kylin@jason public]$ su
Password:
su: incorrect password //从其他用户切换到root
允许用户zhangsan通过sudo方式管理员工账号
[root@jason public]# visudo
## user MACHINE=COMMANDS
##
## The COMMANDS section may have other options added to it.
##
## Allow root to run any commands anywhere
root ALL=(ALL) ALL
## Allows members of the 'sys' group to run networking, software,
## service management apps and more.
# %sys ALL = NETWORKING, SOFTWARE, SERVICES, STORAGE, DELEGATING, PROCESSES, LOCATE, DRIVERS
## Allows people in group wheel to run all commands
# %wheel ALL=(ALL) ALL
## Same thing without a password
# %wheel ALL=(ALL) NOPASSWD: ALL
## Allows members of the users group to mount and unmount the
## cdrom as root
# %users ALL=/sbin/mount /mnt/cdrom, /sbin/umount /mnt/cdrom
## Allows members of the users group to shutdown this system
# %users localhost=/sbin/shutdown -h now
## Read drop-in files from /etc/sudoers.d (the # here does not mean a comment)
#includedir /etc/sudoers.d
zhangsan jason=/user/bin/passwd,/user/sbin/useradd,/user/sbin/userdel,/user/sbin/usermod //在最后一行加入
:wq
visudo: >>> /etc/sudoers: syntax error near line 119 <<<
[root@jason public]#
测试
[zhangsan@jason public]$ sudo userdel bourn
We trust you have received the usual lecture from the local System
Administrator. It usually boils down to these three things:
#1) Respect the privacy of others.
#2) Think before you type.
#3) With great power comes great responsibility.
[sudo] password for zhangsan:
Sorry, user zhangsan is not allowed to execute '/usr/sbin/userdel bourn' as root on jason.
[zhangsan@jason public]$ exit
exit
是命令的路径写错了
修改命令路径
[root@jason public]# visudo
## user MACHINE=COMMANDS
##
## The COMMANDS section may have other options added to it.
##
## Allow root to run any commands anywhere
root ALL=(ALL) ALL
## Allows members of the 'sys' group to run networking, software,
## service management apps and more.
# %sys ALL = NETWORKING, SOFTWARE, SERVICES, STORAGE, DELEGATING, PROCESSES, LOCATE, DRIVERS
## Allows people in group wheel to run all commands
# %wheel ALL=(ALL) ALL
## Same thing without a password
# %wheel ALL=(ALL) NOPASSWD: ALL
## Allows members of the users group to mount and unmount the
## cdrom as root
# %users ALL=/sbin/mount /mnt/cdrom, /sbin/umount /mnt/cdrom
## Allows members of the users group to shutdown this system
# %users localhost=/sbin/shutdown -h now
## Read drop-in files from /etc/sudoers.d (the # here does not mean a comment)
#includedir /etc/sudoers.d
zhangsan jason=/usr/bin/passwd,/usr/sbin/useradd,/uer/sbin/userdel,/usr/sbin/usermod
:wq
再次测试
[root@jason ~]# su zhangsan
[zhangsan@jason root]$ sudo userdel bourn
[sudo] password for zhangsan:
[zhangsan@jason root]$ exit
exit
[root@jason ~]# cat /etc/passwd | grep "bourn"
[root@jason ~]#
允许用户lisi通过sudo方式执行特权命令
[root@jason ~]# visudo
## The COMMANDS section may have other options added to it.
##
## Allow root to run any commands anywhere
root ALL=(ALL) ALL
## Allows members of the 'sys' group to run networking, software,
## service management apps and more.
# %sys ALL = NETWORKING, SOFTWARE, SERVICES, STORAGE, DELEGATING, PROCESSES, LOCATE, DRIVERS
## Allows people in group wheel to run all commands
# %wheel ALL=(ALL) ALL
## Same thing without a password
# %wheel ALL=(ALL) NOPASSWD: ALL
## Allows members of the users group to mount and unmount the
## cdrom as root
# %users ALL=/sbin/mount /mnt/cdrom, /sbin/umount /mnt/cdrom
## Allows members of the users group to shutdown this system
# %users localhost=/sbin/shutdown -h now
## Read drop-in files from /etc/sudoers.d (the # here does not mean a comment)
#includedir /etc/sudoers.d
zhangsan jason=/usr/bin/passwd,/usr/sbin/useradd,/usr/sbin/userdel,/uer/sbin/usermod
lisi jason=/usr/bin/*,/usr/sbin/*
Default files=/var/log/sudo
:wq
测试
[root@jason ~]# su lisi
[lisi@jason root]$ sudo tail -2 /etc/passwd
zhangsan:x:507:507::/home/zhangsan:/bin/bash
lisi:x:508:508::/home/lisi:/bin/bash
[lisi@jason root]$
记录su、sudo操作,
未实现并进行简单的系统安全设置
[root@jason log]# grub-md5-crypt
Password:
Retype password:
$1$QCohr$BIAexg1L9VtsbeMKtShNt1
[root@jason log]# vi /boot/grub/grub.conf
# grub.conf generated by anaconda
#
# Note that you do not have to rerun grub after making changes to this file
# NOTICE: You have a /boot partition. This means that
# all kernel and initrd paths are relative to /boot/, eg.
# root (hd0,0)
# kernel /vmlinuz-version ro root=/dev/mapper/vg_jason-lv_root
# initrd /initrd-[generic-]version.img
#boot=/dev/sda
default=0
timeout=5
splashimage=(hd0,0)/grub/splash.xpm.gz
hiddenmenu
password --md5 $1$QCohr$BIAexg1L9VtsbeMKtShNt1
title CentOS (2.6.32-431.el6.x86_64)
root (hd0,0)
kernel /vmlinuz-2.6.32-431.el6.x86_64 ro root=/dev/mapper/vg_jason-lv_root rd_NO_LUKS KEYBOARDTYPE=pc KEYTABLE=us LANG=en_US.UTF-8 rd_LVM_LV=vg_jason/lv_root rd_LVM_LV=vg_jason/lv_swap rd_NO_MD crashkernel=auto SYSFONT=latarcyrheb-sun16 rd_NO_DM rhgb quiet
initrd /initramfs-2.6.32-431.el6.x86_64.img
~
~
~
~
~
~
~
:wq
并进行简单的系统安全设置
四.
部署apache网站服务,并在网站服务的基础上部署webmin,实现对服务器的监管。