任务配置清单
| 虚拟主机名称 | 服务角色 | 用户名和密码 | 域名信息 | IP 主机名 |
|---|---|---|---|---|
| Debian | DNS、WWW、Mail等服务器 | root/123456 test/123456 |
w1.skills2021.sh w2.skills2021.sh mail.skills2021.sh |
192.168.101.100/24 linux.skills2021.sh |
任务配置描述
根据配置清单配置主机名与IP地址
[email protected]:~$ # 查看端口名称
[email protected]:~$ ip ad
...
3: ens37: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000
link/ether 00:0c:29:8c:6d:5a brd ff:ff:ff:ff:ff:ff
[email protected]:~$ # 直接修改配置文件来配置IP
[email protected]:~$ vim /etc/network/interfaces
auto ens37
iface ens37 inet static
address 192.168.101.100
netmask 255.255.255.0
[email protected]:~$ # 修改Hostname
[email protected]:~$ hostnamectl set-hostname linux.skills2021.sh
[email protected]:~$
DNS (bind9)
- 安装 bind9 服务
[email protected]:~$ # 安装Bind9和调试工具 [email protected]:~$ apt install -y bind9 bind9utils ... Done [email protected]:~$ # 进入Bind9配置文件夹 [email protected]:~$ cd /etc/bind [email protected]:/etc/bind# - 为两个网站 w1.skills2021.sh、w2.skills2021.sh 以及 mail.skills2021.sh 提供解析,解析 IP 地址为 DEBIAN 的 IP 地址
[email protected]:/etc/bind# # 在根配置中添加自定区域配置,里面的文件名叫啥都行,前后一样就行 [email protected]:/etc/bind# vim named.conf ... include ""/etc/bind/zone.skills2021""; [email protected]:/etc/bind# # 创建区域配置文件 [email protected]:/etc/bind# touch zone.skills2021 [email protected]:/etc/bind# # 编辑区域配置文件 [email protected]:/etc/bind# vim zone.skills2021 zone ""skills2021.sh."" { type master; file ""/etc/bind/db.skills2021""; }; [email protected]:/etc/bind# # 检查配置文件是否正确,没有返回就说明没有错误 [email protected]:/etc/bind# named-checkconf [email protected]:/etc/bind# # 创建记录文件 [email protected]:/etc/bind# cp db.local db.skills2021 [email protected]:/etc/bind# # 编辑记录文件 [email protected]:/etc/bind# vim db.skills2021 ; ; BIND data file for local loopback interface ; ; SOA后第一个域名必须写NS记录的地址 ; SOA后第二个域名是管理员邮箱,这个写啥都行 ; 下面的一堆参数复制过来之后不用修改,默认即可 $TTL 604800 @ IN SOA skills2021.sh. root.skills2021.sh. ( 2 ; Serial 604800 ; Refresh 86400 ; Retry 2419200 ; Expire 604800 ) ; Negative Cache TTL ; @ IN NS skills2021.sh. @ IN A 192.168.101.100 w1 IN A 192.168.101.100 w2 IN A 192.168.101.100 mail IN A 192.168.101.100 [email protected]:/etc/bind# # 检查记录文件是否正确 [email protected]:/etc/bind# # named-checkzone <域名> <记录文件位置> [email protected]:/etc/bind# named-checkzone skills2021.sh. /etc/bind/db.skills2021 zone skills2021.sh/IN: loaded serial 2 OK [email protected]:/etc/bind# - 为 skills2021.sh 添加 MX 记录,优先级为 20,对应 IP 地址为 DEBIAN 的 IP 地址
[email protected]:/etc/bind# # 编辑记录文件 [email protected]:/etc/bind# vim db.skills2021 ... @ IN MX 20 mail [email protected]:/etc/bind# # 检查记录文件是否正确 [email protected]:/etc/bind# # named-checkzone <域名> <记录文件位置> [email protected]:/etc/bind# named-checkzone skills2021.sh. /etc/bind/db.skills2021 zone skills2021.sh/IN: loaded serial 2 OK [email protected]:/etc/bind# - 将域名 server150.skills2021.sh 到 server200.skills2021.sh 对应解析到 192.168.101.150 到 192.168.101.200
[email protected]:/etc/bind# # 在比赛过程中时间很短,所以我这里写了个python脚本,如果会别的语言可以用别的 [email protected]:/etc/bind# vim test.py #!/usr/bin/python3 file=open(""db.skills2021"",""a"") for i in range(150,201): file.write(""server%s IN A 192.168.101.%s\n""%(str(i),str(i))) file.close() [email protected]:/etc/bind# python3 test.py [email protected]:/etc/bind# cat db.skills2021 ... server150 IN A 192.168.101.150 server151 IN A 192.168.101.151 server152 IN A 192.168.101.152 server153 IN A 192.168.101.153 ... [email protected]:/etc/bind# # 检查记录文件是否正确 [email protected]:/etc/bind# # named-checkzone <域名> <记录文件位置> [email protected]:/etc/bind# named-checkzone skills2021.sh. /etc/bind/db.skills2021 zone skills2021.sh/IN: loaded serial 2 OK [email protected]:/etc/bind# - 将 DNS 解析服务(bind9)设置为开机自启动
[email protected]:/etc/bind# update-rc.d bind9 enable [email protected]:/etc/bind#
Apache2
- 安装 Apache2 服务
[email protected]:~$ # 安装Apache2及网页测试工具 [email protected]:~$ apt install -y apache2 curl ... Done [email protected]:~$ - 设置 apache2 提供 PHP 脚本的解析服务
[email protected]:~$ # 安装Apache2的PHP模块 [email protected]:~$ apt install -y libapache2-mod-php ... Done [email protected]:~$ - 在 apache2 的默认网站文件目录中创建一个test.php页面用于测试php模块是否正确安装(内容为phpinfo)
[email protected]:~$ # 转到默认网页存放处 [email protected]:~$ cd /var/www/html/ [email protected]:/var/www/html# # 创建并编辑test.php文件 [email protected]:/var/www/html# vim test.php [email protected]:/var/www/html# # 使用curl测试php [email protected]:/var/www/html# curl localhost/test.php ...... 一堆 ...... [email protected]:/var/www/html# # 测试成功 - 添加两个虚拟站点,当使用 w1.skills2021.sh、w2.skills2021.sh 访问时分别显示为“This is w1 website”和“This is w2 website”
[email protected]:/var/www/html# # 转到配置文件文件夹 [email protected]:/var/www/html# cd /etc/apache2/sites-available/ [email protected]:/etc/apache2/sites-available# # 从模板(000-default.conf)创建出新配置 [email protected]:/etc/apache2/sites-available# cp 000-default.conf w1.conf [email protected]:/etc/apache2/sites-available# cp 000-default.conf w2.conf [email protected]:/etc/apache2/sites-available# # 修改w1站点 [email protected]:/etc/apache2/sites-available# vim w1.conf # 将虚拟主机名改成要求的 <VirtualHost w1.skills2021.sh:80> ... # 将网站跟目录改成别的地方 DocumentRoot /var/www/w1 ... # 别的就没啥好改的了 [email protected]:/etc/apache2/sites-available# # 修改w2站点 [email protected]:/etc/apache2/sites-available# vim w2.conf # 将虚拟主机名改成要求的 <VirtualHost w2.skills2021.sh:80> ... # 将网站跟目录改成别的地方 DocumentRoot /var/www/w2 ... # 别的就没啥好改的了 [email protected]inux:/etc/apache2/sites-available# # 转到网站存放处 [email protected]:/etc/apache2/sites-available# cd /var/www/ [email protected]:/var/www# # 创建对应文件夹 [email protected]:/var/www# mkdir w1 w2 [email protected]:/var/www# # 创建w1的index文件并写入内容 [email protected]:/var/www# echo ""This is w1 website"" > w1/index.html [email protected]:/var/www# # 创建w2的index文件并写入内容 [email protected]:/var/www# echo ""This is w2 website"" > index.html [email protected]:/var/www# # 修改DNS,这个只是临时修改,可能重启或某段时间后会自动恢复 [email protected]:/var/www# # 每当访问不了都可以重新设置下nameserver [email protected]:/var/www# # 永久修改比较耗时间,懒得做了,毕竟比赛环境,如果不放心可以写个死循环 [email protected]:/var/www# echo ""nameserver 192.168.101.100"" > /etc/resolv.conf [email protected]:/var/www# # 启动w1和w2站点 [email protected]:/var/www# a2ensite w1 w2 Enabling site w1. Enabling site w2. To activate the new configuration, you need to run: systemctl reload apache2 [email protected]:/var/www# # 重新加载Apache2服务 [email protected]:/var/www# systemctl restart apache2 [email protected]:/var/www# # 测试w1的访问与内容 [email protected]:/var/www# curl w1.skills2021.sh This is w1 website [email protected]:/var/www# # 测试w2的访问与内容 [email protected]:/var/www# curl w2.skills2021.sh This is w2 website - 将 apache2 服务设置为开机自启动
[email protected]:/var/www# update-rc.d apache2 enable [email protected]:/var/www#
Mail (Postfix)
- 安装配置邮件服务器 postfix,能够以 skills2021.sh 的后缀向用户发送邮件
[email protected]:~$ apt install -y postfix mailutils ... # 这里可能会有个选择 # 标题是Postfix Configuration # 第一个地方选择作用场景 # 这里选择 LocalOnly # 第二个地方填写域名,就是@之后的东西 # 直接写当前域名:skills2021.sh Done ... [email protected]:~$ # 测试发送 [email protected]:~$ echo HelloWorld|mail [email protected] [email protected]:~$ mail ""/var/mail/root"": 1 message 1 new >N 1 root Fri Oct 2 17:55 12/437 ? 1 Return-Path: <[email protected]> X-Original-To: [email protected] Delivered-To: [email protected] Received: by linux.skills2021.sh (Postfix, from userid 0) id BF2A4100608; Fri, 2 Oct 2020 17:55:30 +0800 (CST) To: <[email protected]> X-Mailer: mail (GNU Mailutils 3.1.1) Message-Id: <[email protected]> Date: Fri, 2 Oct 2020 17:55:30 +0800 (CST) From: [email protected] (root) HelloWorld ? [email protected]:~$ # 发送成功 - 创建邮箱测试用户 user01,user02,密码均为 123456
[email protected]:~$ # 创建用户 [email protected]:~$ useradd user01 -m [email protected]:~$ useradd user02 -m [email protected]:~$ passwd user01 Enter new UNIX password: Retype new UNIX password: passwd: password updated successfully [email protected]:~$ passwd user02 Enter new UNIX password: Retype new UNIX password: passwd: password updated successfully [email protected]:~$ - 请进行设置,使得发送给用户 user01 的邮件,可以自动转发给 user02,
同时 user01 也可以在本地邮箱中获取副本[email protected]:~$ vim /etc/postfix/main.cf ...... # 设置收到的邮件进行转发 recipient_bcc_maps = hash:/etc/postfix/recipient_bcc_maps [email protected]:~$ # 配置需要转发的用户列表 [email protected]:~$ vim /etc/postfix/recipient_bcc_maps # 注意:两个邮箱之间必须用<Tab>分隔 # 注意:左边为正常接收邮箱,右边为转发到的邮箱 [email protected] [email protected] [email protected]:~$ # 对刚刚创建的表进行库化 [email protected]:~$ # 执行之后会在源地址生成一个一样名字的,后缀为db的数据库文件 [email protected]:~$ postmap hash:/etc/postfix/recipient_bcc_maps [email protected]:~$ # 重启邮件服务 [email protected]:~$ service postfix restart [email protected]:~$ # 发送测试邮件 [email protected]:~$ echo ""Test For User01""|mail [email protected] [email protected]:~$ # 进入user01账号接收邮件 [email protected]:~$ su - user01 $ mail ""/var/mail/user01"": 1 message 1 new >N 1 root Fri Oct 2 20:24 12/448 ? 1 Return-Path: <[email protected]> X-Original-To: [email protected] Delivered-To: [email protected] Received: by linux.skills2021.sh (Postfix, from userid 0) id 8F9041005ED; Fri, 2 Oct 2020 20:24:26 +0800 (CST) To: <[email protected]> X-Mailer: mail (GNU Mailutils 3.1.1) Message-Id: <[email protected]> Date: Fri, 2 Oct 2020 20:24:26 +0800 (CST) From: [email protected] (root) Test For User01 ? quit $ # User01 收到邮件 $ exit [email protected]:~$ # 进入user02账号接收邮件 [email protected]:~$ su - user02 $ mail ""/var/mail/user02"": 1 message 1 new >N 1 root Fri Oct 2 20:24 12/448 ? 1 Return-Path: <[email protected]> X-Original-To: [email protected] Delivered-To: [email protected] Received: by linux.skills2021.sh (Postfix, from userid 0) id 8F9041005ED; Fri, 2 Oct 2020 20:24:26 +0800 (CST) To: <[email protected]> X-Mailer: mail (GNU Mailutils 3.1.1) Message-Id: <[email protected]> Date: Fri, 2 Oct 2020 20:24:26 +0800 (CST) From: [email protected] (root) Test For User01 ? quit $ # User02 收到邮件 $ exit [email protected]:~$ - 安装并配置dovecot,使它支持明文密码验证,以便用户user01或user02可以使用 Foxmail 等邮件客户端收发邮件
[email protected]:~$ # 安装dovecot和pop3模块和telnet [email protected]:~$ apt install -y dovecot-core dovecot-pop3d telnet ... Done [email protected]:~$ # 编辑配置使其支持明文密码验证 [email protected]:~$ vim /etc/dovecot/conf.d/10-auth.conf # 在前10行左右,把前面的#删除然后改成no即可 disable_plaintext_auth = no [email protected]:~$ # 重启服务 [email protected]:~$ systemctl restart dovecot [email protected]:~$ # 因为懒,所以就直接用telnet验证了 [email protected]:~$ telnet lcoalhost 110 Trying ::1... Connected to localhost. Escape character is '^]'. # 有加号的都是电脑输出的 # 没加号的都是要自己打的 +OK Dovecot ready. user user01 +OK pass 123456 +OK Logged in. # 有Logged in 说明登入成功,可以退出了 quit +OK Logging out. Connection closed by foreign host. [email protected]:~$ - 将 postfix 服务设置为开机自启动
[email protected]:~$ update-rc.d postfix enable [email protected]:~$
RAID5
- 在虚拟机上添加三块 SCSI 的虚拟硬盘,大小均为 1G
这个请自行操作
我这里的分别是 sd[bcd] - 创建 raid5,设备名为 md0
[email protected]:~$ # 安装软Raid制作软件 [email protected]:~$ apt install -y mdadm ... Done [email protected]:~$ # 创建Raid分区 [email protected]:~$ # -C 是创建,后面跟新设备的位置和名称 [email protected]:~$ # -l 是Raid类型 [email protected]:~$ # -N 是名字,登记在mdadm中的名字 [email protected]:~$ # -n 是磁盘个数,后面跟所需的磁盘 [email protected]:~$ mdadm -C /dev/md0 -l 5 -N md0 -n 3 /dev/sd[bcd] mdadm: Defaulting to version 1.2 metadata mdadm: array /dev/md0 started. [email protected]:~$ - 将设备/dev/md0 格式化为 ext4 文件系统,挂载目录/abc(该目录需要自己创建)
[email protected]:~$ # 将/dev/md0进行格式化成ext4 [email protected]:~$ mkfs.ext4 /dev/md0 mke2fs 1.43.4 (31-Jan-2017) Creating filesystem with 523776 4k blocks and 131072 inodes Filesystem UUID: 993fa1ff-6188-4438-974b-c8f3bc38e6a3 Superblock backups stored on blocks: 32768, 98304, 163840, 229376, 294912 Allocating group tables: done Writing inode tables: done Creating journal (8192 blocks): done Writing superblocks and filesystem accounting information: done [email protected]:~$ mkdir /abc [email protected]:~$ # 挂载目录 [email protected]:~$ mount /dev/md0 /abc [email protected]:~$ # 查看是否挂载正确 [email protected]:~$ mount ... /dev/md0 on /abc type ext4 (rw,relatime,stripe=256,data=ordered) [email protected]:~$ # 挂载成功 [email protected]:~$
VSFTP
- 安装 vsftp 服务
[email protected]:~$ apt install -y vsftpd ftp ... Done [email protected]:~$ - 创建用户 ftp1 和 ftp2,密码均为 123456
[email protected]:~$ adduser ftp1 Adding user `ftp1' ... Adding new group `ftp1' (1001) ... Adding new user `ftp1' (1001) with group `ftp1' ... Creating home directory `/home/ftp1' ... Copying files from `/etc/skel' ... Enter new UNIX password: Retype new UNIX password: passwd: password updated successfully Changing the user information for ftp1 Enter the new value, or press ENTER for the default Full Name []: Room Number []: Work Phone []: Home Phone []: Other []: Is the information correct? [Y/n] y [email protected]:~$ [email protected]:~$ adduser ftp2 Adding user `ftp2' ... Adding new group `ftp2' (1002) ... Adding new user `ftp2' (1002) with group `ftp2' ... Creating home directory `/home/ftp2' ... Copying files from `/etc/skel' ... Enter new UNIX password: Retype new UNIX password: passwd: password updated successfully Changing the user information for ftp2 Enter the new value, or press ENTER for the default Full Name []: Room Number []: Work Phone []: Home Phone []: Other []: Is the information correct? [Y/n] y [email protected]:~$ - 配置 vsftp 服务,仅允许用户 ftp1 和 ftp2 使用该 ftp 服务
[email protected]:~$ # 编辑配置文件 [email protected]:~$ vim /etc/vsftpd.conf ... # 开启用户名单 userlist_enable=YES # 设置用户名单位置 userlist_file=/etc/vsftpd.userlist # 设置名单为白名单或黑名单(YES是黑名单,NO是白名单) userlist_deny=NO # 为本地用户chroot chroot_local_user=YES # 允许在chroot后写入 allow_writeable_chroot=YES ... [email protected]:~$ systemctl restart vsftpd [email protected]:~$ # 测试ftp [email protected]:~$ ftp localhost Connected to localhost. 220 (vsFTPd 3.0.3) Name (localhost:root): ftp1 331 Please specify the password. Password: 230 Login successful. Remote system type is UNIX. Using binary mode to transfer files. ftp> quit 221 Goodbye. [email protected]:~$ # ftp1登陆成功 [email protected]:~$ ftp localhost Connected to localhost. 220 (vsFTPd 3.0.3) Name (localhost:root): root 331 Please specify the password. Password: 530 Login incorrect. Login failed. ftp> quit 221 Goodbye. [email protected]:~$ # root登陆失败 [email protected]:~$ # 配置成功 [email protected]:~$ - 在用户 ftp1 的家目录下创建文件夹 test,要求 ftp 登陆该服务器,切换至该目录 test 时出现提示信息”Welcome to skills2021 ftp service”
[email protected]:~$ # 切换用户 [email protected]:~$ su - ftp1 [email protected]:~$ mkdir test [email protected]:~$ cd test [email protected]:~/test$ vim .message Welcome to skills2021 ftp service [email protected]:~/test$ exit logout [email protected]:~$ ftp localhost Connected to localhost. 220 (vsFTPd 3.0.3) Name (localhost:root): ftp1 331 Please specify the password. Password: 230 Login successful. Remote system type is UNIX. Using binary mode to transfer files. ftp> cd test 250-Welcome to skills2021 ftp service 250 Directory successfully changed. ftp> quit 221 Goodbye. [email protected]:~$ # banner显示了,成功 [email protected]:~$ - 将 vsftp 服务设置为开机自启动
[email protected]:~$ update-rc.d vsftpd enable [email protected]:~$
SAMBA
- 安装 samba 服务
[email protected]:~$ apt install -y samba smbclient ... Done [email protected]:~$ - 创建组 test,创建用户 smb1 和 smb2,密码均为 123456,将两个用户 smb1和smb2 加入组 test
[email protected]:~$ addgroup test Adding group `test' (GID 1000) ... Done. [email protected]:~$ useradd -g test smb1 [email protected]:~$ useradd -g test smb2 [email protected]:~$ passwd smb1 Enter new UNIX password: Retype new UNIX password: passwd: password updated successfully [email protected]:~$ passwd smb2 Enter new UNIX password: Retype new UNIX password: passwd: password updated successfully [email protected]:~$ # 加入pdb数据库 [email protected]:~$ pdbedit -a smb1 new password: retype new password: ... [email protected]:~$ pdbedit -a smb2 new password: retype new password: ... [email protected]:~$ - 创建目录/test
[email protected]:~$ mkdir /test/ [email protected]:~$ chmod 0777 /test [email protected]:~$ - 配置 samba 服务,要求共享目录 /test ,共享名为 test。该共享只能组 test 成员访问,其中成员 smb1 可以写入,其他成员都只能读取
[email protected]:~$ # 修改配置 [email protected]:~$ vim /etc/samba/smb.conf ... # 共享名为test [test] # 共享路径为/test path = /test # 设置不为只读 read only = No # 设置允许登入用户为test组 valid users = @test [email protected]:~$ # 测试配置 [email protected]:/test# testparm Load smb config files from /etc/samba/smb.conf rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384) WARNING: The ""syslog"" option is deprecated Processing section ""[homes]"" Processing section ""[printers]"" Processing section ""[print$]"" Processing section ""[test]"" Loaded services file OK. Server role: ROLE_STANDALONE ... [email protected]:~$ # 测试成功 [email protected]:~$ # 修改目录拥有关系 [email protected]:~$ # 拥有者为smb1,拥有组为test [email protected]:~$ chown smb1:test /test [email protected]:~$ # 修改目录权限 [email protected]:~$ # user有所有权限,组有浏览和进入权限,其他人没有权限 [email protected]:~$ chmod u=rwx,g=rx,o= /test [email protected]:~$ # 验证文件夹权限 [email protected]:~$ ls -laF /test total 8 drwxr----- 2 smb1 test 4096 Oct 3 22:16 ./ drwxr-xr-x 23 root root 4096 Oct 3 20:24 ../ [email protected]:~$ # 验证成功 [email protected]:~$ # 重启服务 [email protected]:~$ systemctl restart smbd [email protected]:~$ # 实际测试配置 [email protected]:~$ touch update [email protected]:~$ smbclient //localhost/test -U smb1 WARNING: The ""syslog"" option is deprecated Enter smb1's password: Domain=[WORKGROUP] OS=[Windows 6.1] Server=[Samba 4.5.16-Debian] smb: \> ls . D 0 Sat Oct 3 22:16:51 2020 .. D 0 Sat Oct 3 20:24:15 2020 18447056 blocks of size 1024. 14129792 blocks available smb: \> put update putting file update as \update (0.0 kb/s) (average -nan kb/s) smb: \> ls . D 0 Sat Oct 3 22:38:22 2020 .. D 0 Sat Oct 3 20:24:15 2020 update A 0 Sat Oct 3 22:38:22 2020 18447056 blocks of size 1024. 14129792 blocks available smb: \> exit [email protected]:~$ # smb1用户上传成功 [email protected]:~$ touch update.1 [email protected]:~$ smbclient //localhost/test -U smb2 WARNING: The ""syslog"" option is deprecated Enter smb2's password: Domain=[WORKGROUP] OS=[Windows 6.1] Server=[Samba 4.5.16-Debian] smb: \> ls . D 0 Sat Oct 3 23:00:50 2020 .. D 0 Sat Oct 3 20:24:15 2020 update A 0 Sat Oct 3 23:00:50 2020 18447056 blocks of size 1024. 14129776 blocks available smb: \> get update getting file \update of size 0 as update (0.0 KiloBytes/sec) (average -nan KiloBytes/sec) smb: \> put update.1 NT_STATUS_ACCESS_DENIED opening remote file \update.1 smb: \> exit [email protected]:~$ # smb2用户下载成功,上传不成功,测试成功 - 将 samba 服务设置为开机自启动
[email protected]:~$ update-rc.d smbd enable [email protected]:~$
文章评论