<虚拟帐号配置独立>
vim /etc/vsftpd/vsftpd.conf
user_config_dir=/etc/vsftpd/userconf
mkdir -p /etc/vsftpd/gou1
vim /etc/vsftpd/usercong/gou1
此文件中设定配置文件中的所有参数,此文件优先级高
临时更改安全上下文
cd /mnt/
touch file
mv file /var/ftp/pub
lftp 172.25.25.10查看不到该文件
ls -Zd /var/ftp.pub查看目录安全上下文
drwxr-xr-x. root root system_u:object_r:public_content_t:s0 /var/ftp/pub/
chcon -t public_content_t /var/ftp/pub/ -R更改安全上下文(-R第归)
chcon 命令是临时的更改安全上下文,重启selinux会重置
//方法2
cd /etc/ftp/pub
restorecon *(不常用)
永久更改安全上下文
semanage fcontext -l | grep ftpdir查看安全上下文
semanage fcontext -a -t public_content_t ‘/ftpdir(/.*)?‘添加安全上下文加入内核
semanage fcontext -l | grep ftpdir
restorecon -RvvF /ftpdir/更改安全上下文
restorecon reset /ftpdir context unconfined_u:object_r:default_t:s0->system_u:object_r:public_content_t:s0
restorecon reset /ftpdir/gou1 context unconfined_u:object_r:default_t:s0->system_u:object_r:public_content_t:s0
restorecon reset /ftpdir/gou1/gou1pub context unconfined_u:object_r:default_t:s0->system_u:object_r:public_content_t:s0
restorecon reset /ftpdir/gou1/gou1pub/file context unconfined_u:object_r:default_t:s0->system_u:object_r:public_content_t:s0
restorecon reset /ftpdir/gou1/gou1pub/passwd context system_u:object_r:default_t:s0->system_u:object_r:public_content_t:s0
restorecon reset /ftpdir/gou1/file context unconfined_u:object_r:default_t:s0->system_u:object_r:public_content_t:s0
restorecon reset /ftpdir/gou2 context unconfined_u:object_r:default_t:s0->system_u:object_r:public_content_t:s0
restorecon reset /ftpdir/gou2/gou2pub context unconfined_u:object_r:default_t:s0->system_u:object_r:public_content_t:s0
restorecon reset /ftpdir/gou3 context unconfined_u:object_r:default_t:s0->system_u:object_r:public_content_t:s0
restorecon reset /ftpdir/gou3/gou3pub context unconfined_u:object_r:default_t:s0->system_u:object_r:public_content_t:s0
lftp 172.25.25.10 查看成功
getsebool -a | grep ftp查看ftp功能开关
setsebool -P ftpd_anon_write on开启上传
setenforce 1selinux改为拒绝
grub2磁盘引导
dd if=/dev/zero of=/dev/vda bs=446 count=1破坏开头446个字节
reboot重启
更改开机方式(光盘启动或者网卡启动)
chroot /mnt/sysimage
grub2-install /dev/vda
exit
exit
重启(更改启动方式改为硬盘启动)
删除grub.cfg
rm -rf /boot/grub2/grub.cfg
grub2-mkconfig > /boot/grub2/grub.cfg (未关机恢复文件)
reboot
set root=‘hd0,msdos1‘
linux16 /boot/vmlinuz-3.10.0-123.el7.x86_64 ro root=/dev/vda1
initrd16 /boot/initramfs-3.10.0-123.el7.x86_64.img
boot
删除内核
rm -rf /boot/vmlinuz-3.10.0-123.e17.x86_64删除内核
reboot
进入抢救
chroot /mnt/sysimage
yum search kernel 查找内核文件
rpm2cpio kernel-3.10.0-123.el7.x86_64.rpm | cpio -id
cp vmlinuz-3.10.0-123.el7.x86_64 /boot
exit
exit
删除镜像文件
rm -rf initramfs-3.10.0-123.el7.x86_64.img
删除/boot
rm -rf /boot/
reboot
进入抢救
开机链接出现错误
[[email protected] ~]# ll /etc/systemd/system/default.target
lrwxrwxrwx. 1 root root 40 Jul 10 2014 /etc/systemd/system/default.target -> /usr/lib/systemd/system/graphical.target原本正确的连接(开启图形)
[[email protected] ~]# rm -rf /etc/systemd/system/default.target
[[email protected] ~]# ln -s /usr/lib/systemd/system/reboot.target /etc/systemd/system/default.target建立错误连接
[[email protected] ~]# reboot
开机密码修改
touch /.autorelabel(selinux重新识别密码)
DNS高速缓存
yum install bind -y安装服务
systemctl enable named开机自启
systemctl start named开启服务
vim /etc/named.conf 修该文件
10 options {
11 listen-on port 53 { any; };设定端口开放any表示interface都开
12 listen-on-v6 port 53 { ::1; };
13 directory "/var/named";
14 dump-file "/var/named/data/cache_dump.db";
15 statistics-file "/var/named/data/named_stats.txt";
16 memstatistics-file "/var/named/data/named_mem_stats.txt";
17 allow-query { any; };回答所有人的提问
18 forwarders {172.25.254.250;};
32 dnssec-validation no;(原本为yes)
systemctl restart named
vim /etc/resolv.conf 修改dns
firewall-cmd --permanent --add-service=dns设定火墙
firewall-cmd --reload
systemctl restart named重启服务
DNS正向解析
vim /etc/named.conf
vim /etc/named.rfc1912.zones
(复制添加)
25 zone "westos.com" IN {
26 type master;
27 file "westos.com.zone";
28 allow-update { none; };
29 };
cp -p named.localhost westos.com.zone复制模版
vim westos.com.zone
$TTL 1D
@ IN SOA dns.westos.com. root.westos.com. ((dns域名,域名管理员)
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS dns.westos.com.
dns A 172.25.254.125(dnsip)
www A 172.25.254.126(www的ip)
systemctl restart named(重启服务)
《测试结果》
[[email protected] ~]# dig www.westos.com
; <<>> DiG 9.9.4-RedHat-9.9.4-14.el7 <<>> www.westos.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 33830
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.westos.com.INA
;; ANSWER SECTION:
www.westos.com.86400INA172.25.254.126
;; AUTHORITY SECTION:
westos.com.86400INNSdns.westos.com.
;; ADDITIONAL SECTION:
dns.westos.com.86400INA172.25.254.125
vim /var/named/westos.com/zone
www A 172.25.254.119双ip
gou CNAME wwwcname
westos.com. MX 1 172.25.254.125.MX邮件
<测试结果>
[[email protected] ~]# dig -t mx westos.com
; <<>> DiG 9.9.4-RedHat-9.9.4-14.el7 <<>> -t mx westos.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 31713
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;westos.com.INMX
;; ANSWER SECTION:
westos.com.86400INMX1 172.25.254.125.
DNS反向解析
vim /etc/named.rfc1912.zones
(复制模版)
43 zone "254.25.172.in-addr.arpa" IN {
44 type master;
45 file "westos.comNaNr";
46 allow-update { none; };
47 };
cp -p /var/named/named.loopback westos.comNaNr(复制模版)
vim westos.comNaNr
$TTL 1D
@ IN SOA dns.westos.com. root.westos.com. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS dns.westos.com.
A 172.25.254.125
112 PTR www.westos.com.
199 PTR www.gou.com.
systemctl restart named(重启服务)
<测试结果>
[[email protected] named]# dig -x 172.25.254.199
; <<>> DiG 9.9.4-RedHat-9.9.4-14.el7 <<>> -x 172.25.254.199
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 54712
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;199.254.25.172.in-addr.arpa.INPTR
;; ANSWER SECTION:
199.254.25.172.in-addr.arpa. 86400 INPTRwww.gou.com.
双向解析
cp -p westos.com.zone westos.com.inter复制模版
vim westos.com.inter修改内容
$TTL 1D外网回答文件
@ IN SOA dns.westos.com. root.westos.com. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS dns.westos.com.
dns A 172.25.99.125
www A 172.25.99.126
www A 172.25.99.119
gou CNAME www
westos.com. MX 1 172.25.99.125.
cp -p /etc/named.rfc1912.zones /etc/named.rfc1912.zones.inter复制模版
vim /etc/named.rfc1912.zones.inter
zone "westos.com" IN {
type master;
file "westos.com.inter";外网访问文件
allow-update { none; };
};
vim /etc/named.conf 修改配置文件
50 /*注释掉原有内容
51 zone "." IN {
52 type hint;
53 file "named.ca";
54 };
55
56 include "/etc/named.rfc1912.zones";
57 include "/etc/named.root.key";
58 */
59 view localnet {内网访问
60 match-clients { 172.25.254.125;};内网限制
61 zone "." IN {
62 type hint;
63 file "named.ca";
64 };
65 include "/etc/named.rfc1912.zones";访问文件
66 };
67
68 view internet {
69 match-clients { any;};外网限制
70 zone "." IN {
71 type hint;
72 file "named.ca";
73 };
74 include "/etc/named.rfc1912.zones.inter";访问文件
75 };
<测试结果>
内网
[[email protected] ~]# dig www.westos.com
; <<>> DiG 9.9.4-RedHat-9.9.4-14.el7 <<>> www.westos.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 59866
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 1, ADDITIONAL: 2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.westos.com.INA
;; ANSWER SECTION:
www.westos.com.86400INA172.25.254.126
www.westos.com.86400INA172.25.254.119
外网
[[email protected] ~]# dig www.westos.com
; <<>> DiG 9.9.4-RedHat-9.9.4-14.el7 <<>> www.westos.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 13889
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 1, ADDITIONAL: 2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.westos.com.INA
;; ANSWER SECTION:
www.westos.com.86400INA172.25.99.126
www.westos.com.86400INA172.25.99.119