實驗Server0設備環境配置基礎信息,請首先按照以下要求配置考試系統:
* Hostname: server0.example.com
* IP address: 172.25.0.11
* Netmask: 255.255.255.0
* Gateway: 172.25.0.254
* Name server: 172.25.254.254
* 所有配置要求系統重啟後依然生效。
注:如需配套的實驗環境,請關注後私信“RHCE實驗環境”。
1、修改root密碼
試題要求:請修改系統的root帳號密碼為redhat,確保能夠使用root帳號能夠登陸系統。
解答:
修改root密碼
(1) 開機菜單界面,選第一項,按e進入維護模式;
(2) 在linux16行,行尾添加 rd.break console=tty0;然後按ctrl+x 重新啟動系統;
(3) 重啟後,在命令行執行如下命令:
Switch_root:/# mount -o remount,rw /sysroot
Switch_root:/# chroot /sysroot
Sh-4.2# passwd
輸入新密碼(兩次保持一致)
Sh-4.2# touch /.autorelabel
Sh-4.2# exit
Switch_root:/# exit
之後系統進入重啟狀態,需要幾分鐘時間,成功設置後進入登陸界面,輸入用戶名和密碼即可(root/redhat)。
(4) 修改主機名:hostnamectl set-hostname server0.example.com
(5) 配置IP地址
方法一:Serveer0上使用圖形化界面方法 (nmtui)
IP配置以後,就可以使用SSH登陸了!
nmtui配置圖
nmtui配置圖及驗證
配置成功後就可以使用SSH遠程登陸:
[root@foundation0 ~]# ssh root@server0 -X
root@server0's password:
Last login: Sun Mar 15 14:48:14 2020
方法二:nmcli配置
nmcli配置方法
方法三:server0上配置臨時IP,然後通過SSH修改配置
2、設定SeLinux
試題要求:請按下列要求設定系統:
SeLinux的工作模式為enforcing,要求系統重啟後依然生效。
解答:
[root@server0 ~]# vim /etc/sysconfig/selinux
[root@server0 ~]# setenforce 1
[root@server0 ~]# getenforce
Enforcing
3、設定YUM軟件倉庫
試題要求:配置你的本地默認YUM軟件倉庫,
倉庫地址為http://classroom.example.com/content/rhel7.0/x86_64/dvd
解答:
導入證書:
[root@server0 ~]# rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-*
配置yum庫,新建base.repo文件:
[root@server0 ~]# cd /etc/yum.repos.d/
[root@server0 yum.repos.d]# vim base.repo
驗證:
[root@server0 ~]# yum repolist
Loaded plugins: langpacks
base | 4.1 kB 00:00
(1/2): base/group_gz | 134 kB 00:00
(2/2): base/primary_db | 3.4 MB 00:00
repo id repo name status
base base 4,305
repolist: 4,305
[root@server0 ~]#
4、調整邏輯卷容量
試題要求:請按照以下要求調整本地邏輯卷lvm1的容量:
調整後的邏輯卷及文件系統大小為770MiB;
調整後確保文件系統中已存在的內容不能被破壞;
調整後的容量可能出現誤差,只要在730MiB - 805MiB之間都是允許的;
調整後,保證其掛載目錄不改變,文件系統完成。
解答:
查看lvm信息:
[root@server0 ~]# pvs
PV VG Fmt Attr PSize PFree
/dev/vdb1 vg1 lvm2 a-- 508.00m 252.00m
[root@server0 ~]# vgs
VG #PV #LV #SN Attr VSize VFree
vg1 1 1 0 wz--n- 508.00m 252.00m
[root@server0 ~]# lvs
LV VG Attr LSize Pool Origin Data% Move Log Cpy%Sync Convert
lvm1 vg1 -wi-ao---- 256.00m
思路:當前卷組中沒有足夠的容量給lvm1擴容,需要擴容卷組容量。
原卷組中容量為508M,可以新建一個500M分區,加入到該卷組中。
[root@server0 ~]# lsblk
NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT
vda 253:0 0 10G 0 disk
└─vda1 253:1 0 10G 0 part /
vdb 253:16 0 10G 0 disk
└─vdb1 253:17 0 512M 0 part
└─vg1-lvm1 252:0 0 256M 0 lvm /vg1/lvm1
[root@server0 ~]# fdisk /dev/vdb
Welcome to fdisk (util-linux 2.23.2).
Changes will remain in memory only, until you decide to write them.
Be careful before using the write command.
Command (m for help): n
Partition type:
p primary (1 primary, 0 extended, 3 free)
e extended
Select (default p):
Using default response p
Partition number (2-4, default 2):
First sector (1050624-20971519, default 1050624):
Using default value 1050624
Last sector, +sectors or +size{K,M,G} (1050624-20971519, default 20971519): +500M
Partition 2 of type Linux and of size 500 MiB is set
Command (m for help): t
Partition number (1,2, default 2):
Hex code (type L to list all codes): 8e
Changed type of partition 'Linux' to 'Linux LVM'
Command (m for help): w
The partition table has been altered!
Calling ioctl() to re-read partition table.
WARNING: Re-reading the partition table failed with error 16: Device or resource busy.
The kernel still uses the old table. The new table will be used at
the next reboot or after you run partprobe(8) or kpartx(8)
Syncing disks.
[root@server0 ~]#
擴展分區:
oot@server0 ~]# lsblk
NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT
vda 253:0 0 10G 0 disk
└─vda1 253:1 0 10G 0 part /
vdb 253:16 0 10G 0 disk
├─vdb1 253:17 0 512M 0 part
│ └─vg1-lvm1 252:0 0 256M 0 lvm /vg1/lvm1
└─vdb2 253:18 0 500M 0 part
[root@server0 ~]# vgextend vg1 /dev/vdb2
Physical volume "/dev/vdb2" successfully created
Volume group "vg1" successfully extended
[root@server0 ~]# lvextend -r -L 770M /dev/vg1/lvm1
Rounding size to boundary between physical extents: 772.00 MiB
Extending logical volume lvm1 to 772.00 MiB
Logical volume lvm1 successfully resized
meta-data=/dev/mapper/vg1-lvm1 isize=256 agcount=4, agsize=16384 blks
= sectsz=512 attr=2, projid32bit=1
= crc=0
data = bsize=4096 blocks=65536, imaxpct=25
= sunit=0 swidth=0 blks
naming =version 2 bsize=4096 ascii-ci=0 ftype=0
log =internal bsize=4096 blocks=853, version=2
= sectsz=512 sunit=0 blks, lazy-count=1
realtime =none extsz=4096 blocks=0, rtextents=0
data blocks changed from 65536 to 197632
驗證:
[root@server0 ~]#
df -hFilesystem Size Used Avail Use% Mounted on
/dev/vda1 10G 3.1G 7.0G 31% /
devtmpfs 906M 0 906M 0% /dev
tmpfs 921M 0 921M 0% /dev/shm
tmpfs 921M 17M 904M 2% /run
tmpfs 921M 0 921M 0% /sys/fs/cgroup
/dev/mapper/vg1-lvm1 769M 14M 756M 2% /vg1/lvm1
5、創建用戶和用戶組
試題要求:請按照以下要求創建用戶、用戶組:
新建一個名為adminuser的組,組id為40000;
新建一個名為natasha的用戶,並將adminuser作為其附屬組;
新建一個名為harry的用戶,並將adminuser作為其附屬組;
新建一個名為sarah的用戶,其不屬於adminuser組,並將其shell設置為不可登陸shell;
natasha、harry和sarah三個用戶的密碼均設置為glegunge。
解答:
[root@server0 ~]# groupadd -g 40000 adminuser
[root@server0 ~]# useradd -G adminuser natasha
[root@server0 ~]# useradd -G adminuser harry
[root@server0 ~]# useradd -s /sbin/nologin sarah
[root@server0 ~]#
[root@server0 ~]# echo glegunge|passwd --stdin natasha
Changing password for user natasha.
passwd: all authentication tokens updated successfully.
[root@server0 ~]# echo glegunge|passwd --stdin harry
Changing password for user harry.
passwd: all authentication tokens updated successfully.
[root@server0 ~]# echo glegunge|passwd --stdin sarah
Changing password for user sarah.
passwd: all authentication tokens updated successfully.
[root@server0 ~]#
6、文件權限設定
試題要求:複製文件/etc/fstab到/var/tmp目錄下,並按照以下要求配置/var/tmp/fstab文件的權限:
該文件的所屬人為root;
該文件的所屬組為root;
該文件對任何人均沒有執行權限;
用戶natasha對該文件有讀和寫的權限;
用戶harry對該文件既不能讀也不能寫;
所有其他用戶(包括當前已有用戶及未來創建的用戶)對該文件都有讀的權限。
解答:
[root@server0 ~]# cp /etc/fstab /var/tmp/
[root@server0 ~]# ll /var/tmp/fstab
-rw-r--r--. 1 root root 358 Mar 15 16:21 /var/tmp/fstab
[root@server0 ~]# setfacl -m u:natasha:rw /var/tmp/fstab
[root@server0 ~]# setfacl -m u:harry:- /var/tmp/fstab
權限驗證:
[root@server0 ~]# getfacl /var/tmp/fstab
getfacl: Removing leading '/' from absolute path names
# file: var/tmp/fstab
# owner: root
# group: root
user::rw-
user:natasha:rw-
user:harry:---
group::r--
mask::rw-
other::r--
7、建立計劃任務
試題要求:對natasha用戶建立計劃任務,要求在本地時間的每天14:23執行以下命令:/bin/echo "rhcsa"。
解答:
[root@server0 ~]# su - natasha
[natasha@server0 ~]$ crontab -e
23 14 * * * /bin/echo "rhcsa"
no crontab for natasha - using an empty one
crontab: installing new crontab
[natasha@server0 ~]$ crontab -l
23 14 * * * /bin/echo "rhcsa"
[natasha@server0 ~]$
8、文件特殊權限設定
試題要求:在/home目錄下創建名為admins的子目錄,並按以下要求設置權限:
/home/admins的所屬組為adminuser;
該目錄對adminuser組的成員可讀可執行可寫,但對其他用戶沒有任何權限,但root不受限制;
在/home/admins目錄下所創建的文件的所屬組自動被設置為adminuser。
解答:
[root@server0 ~]# mkdir /home/admins
[root@server0 ~]# chgrp adminuser /home/admins
[root@server0 ~]# chmod 2770 /home/admins
驗證:
[root@server0 ~]# getfacl /home/admins/
getfacl: Removing leading '/' from absolute path names
# file: home/admins/
# owner: root
# group: adminuser
# flags: -s-
user::rwx
group::rwx
other::---
9、升級系統內核
試題要求:請按下列要求更新系統的內核:
新內核的RPM包位於http://content.example.com/rhel7.0/x86_64/errata/Packages;
系統重啟後,默認以新內核啟動系統,原始的內核將繼續可用。
解答:
在foundation上輸入:file:///usr/share/doc/HTML/en-US/index.html 複製內核地址:
[root@server0 ~]# yum localinstall
http://content.example.com/rhel7.0/x86_64/errata/Packages/kernel-3.10.0-123.1.2.el7.x86_64.rpm
驗證:
查看當前內核版本信息:
root@server0 ~]# uname -r
3.10.0-123.el7.x86_64
重啟後再查看內核版本信息:
[root@server0 ~]# uname -r
3.10.0-123.1.2.el7.x86_64
10、配置LDAP客戶端
試題要求:在classroom.example.com上已經部署了一臺LDAP認證服務器,按以下要求將你的系統加入到該LDAP服務中,並使用ldap認證用戶密碼:
該LDAP認證服務的Base DN為:dc=example,dc=com;
該LDAP認證服務的LDAP Server為:classroom.example.com;
認證的繪畫連接需要使用TLS加密,加密所用證書請在此下載http://classroom.example.com/pub/example-ca.crt。
解答:
首先安裝軟件包:
[root@server0 ~]# yum install -y sssd
其次配置ldap相關信息:
注:新開一個終端,下載證書:
[root@server0 ~]# cd /etc/openldap/cacerts/
[root@server0 cacerts]# wget http://classroom.example.com/pub/example-ca.crt
--2020-03-15 16:48:00-- http://classroom.example.com/pub/example-ca.crt
Resolving classroom.example.com (classroom.example.com)... 172.25.254.254
Connecting to classroom.example.com (classroom.example.com)|172.25.254.254|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 1220 (1.2K)
Saving to: ‘example-ca.crt’
100%[=====================================================>] 1,220 --.-K/s in 0s
2020-03-15 16:48:00 (262 MB/s) - ‘example-ca.crt’ saved [1220/1220]
下載完畢,在前面一個窗口再點擊OK。
驗證:
[root@server0 ~]# getent passwd ldapuser0
ldapuser0:*:1700:1700:LDAP Test User 0:/home/guests/ldapuser0:/bin/bash
[root@server0 ~]#
11、配置LDAP用戶家目錄自動掛載
試題要求:請使用LDAP服務器上的用戶ldapuser0登陸系統,並滿足以下要求:
ldapuser0用戶的家目錄路徑為/home/guests/ldapuser0;
ldapuser0用戶登陸後,家目錄會自動掛載到classroom.example.com服務通過nfs服務到處的/home/guests/ldapuser0。
解答:
安裝相關所需的軟件包:
[root@server0 ~]# yum -y install autofs
查看ldapuser0的家目錄位置,為/home/guests/ldapuser0和服務器共享的位置/home/guests/。
[root@server0 ~]# getent passwd ldapuser0
ldapuser0:*:1700:1700:LDAP Test User 0:/home/guests/ldapuser0:/bin/bash
[root@server0 ~]# showmount -e classroom
Export list for classroom:
/home/guests 172.25.0.0/255.255.0.0
[root@server0 ~]# vim /etc/auto.master.d/ldap.autofs
/home/guests /etc/auto.ldap
[root@server0 ~]# vim /etc/auto.ldap
* -rw,sync,v3 classroom.example.com:/home/guests/&
[root@server0 ~]# systemctl enable autofs.service
ln -s '/usr/lib/systemd/system/autofs.service' '/etc/systemd/system/multi-user.target.wants/autofs.service'
[root@server0 ~]# systemctl restart autofs.service
驗證:
[root@server0 ~]# su - ldapuser0
[ldapuser0@server0 ~]$ df -h
Filesystem Size Used Avail Use% Mounted on
/dev/vda1 10G 3.3G 6.7G 34% /
devtmpfs 901M 0 901M 0% /dev
tmpfs 921M 0 921M 0% /dev/shm
tmpfs 921M 17M 904M 2% /run
tmpfs 921M 0 921M 0% /sys/fs/cgroup
/dev/mapper/vg1-lvm1 769M 33M 737M 5% /vg1/lvm1
classroom.example.com:/home/guests/ldapuser0 10G 3.4G 6.7G 34% /home/guests/ldapuser0
12、同步時間
試題要求:配置您的系統時間與服務器classroom.example.com同步,要求系統重啟後依然生效。
解答:
[root@server0 ~]# yum list chrony
Loaded plugins: langpacks
Installed Packages
chrony.x86_64 1.29.1-1.el7 installed
[root@server0 ~]# vim /etc/chrony.conf
將文件中的server記錄刪除或者註釋,添加:server classroom.example.com iburst
[root@server0 ~]# systemctl enable chronyd
[root@server0 ~]# systemctl restart chronyd
驗證:
[root@server0 ~]# chronyc sources -v
210 Number of sources = 1
.-- Source mode '^' = server, '=' = peer, '#' = local clock.
/ .- Source state '*' = current synced, '+' = combined , '-' = not combined,
| / '?' = unreachable, 'x' = time may be in error, '~' = time too variable.
|| .- xxxx [ yyyy ] +/- zzzz
|| / xxxx = adjusted offset,
|| Log2(Polling interval) -. | yyyy = measured offset,
|| \\ | zzzz = estimated error.
|| | |
MS Name/IP address Stratum Poll Reach LastRx Last sample
===============================================================================
^* classroom.example.com 8 6 77 33 +83us[ +341us] +/- 1791us
13、打包文件
試題要求:請對/etc/sysconfig目錄進行打包並用gzip壓縮,生成的文件保存為/root/sysconfig.tar.gz。
解答:
[root@server0 ~]# tar -cvzf /root/sysconfig.tar.gz /etc/sysconfig
14、創建用戶
試題要求:請創建一個名為alex的用戶,並滿足以下要求:
用戶id為3456;
密碼為glegunge。
解答:
[root@server0 ~]# useradd -u 3456 alex
[root@server0 ~]# echo glegunge|passwd --stdin alex
Changing password for user alex.
passwd: all authentication tokens updated successfully.
15、創建swap分區
試題要求:為系統新增加一個swap分區:
新建的swap分區容量為512MiB;
重啟系統後,新建的swap分區會自動激活;
不能刪除或者修改原有的swap分區。
解答:
[root@server0 ~]# lsblk
NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT
vda 252:0 0 10G 0 disk
└─vda1 252:1 0 10G 0 part /
vdb 252:16 0 10G 0 disk
├─vdb1 252:17 0 512M 0 part
│ └─vg1-lvm1 253:0 0 772M 0 lvm /vg1/lvm1
└─vdb2 252:18 0 500M 0 part
└─vg1-lvm1 253:0 0 772M 0 lvm /vg1/lvm1
[root@server0 ~]# fdisk /dev/vdb
Welcome to fdisk (util-linux 2.23.2).
Changes will remain in memory only, until you decide to write them.
Be careful before using the write command.
Command (m for help): n
Partition type:
p primary (2 primary, 0 extended, 2 free)
e extended
Select (default p):
Using default response p
Partition number (3,4, default 3):
First sector (2074624-20971519, default 2074624):
Using default value 2074624
Last sector, +sectors or +size{K,M,G} (2074624-20971519, default 20971519): +512M
Partition 3 of type Linux and of size 512 MiB is set
Command (m for help): t
Partition number (1-3, default 3):
Hex code (type L to list all codes): 82
Changed type of partition 'Linux' to 'Linux swap / Solaris'
Command (m for help): w
The partition table has been altered!
Calling ioctl() to re-read partition table.
WARNING: Re-reading the partition table failed with error 16: Device or resource busy.
The kernel still uses the old table. The new table will be used at
the next reboot or after you run partprobe(8) or kpartx(8)
Syncing disks.
通知內核更新分區表
[root@server0 ~]# partprobe
[root@server0 ~]# lsblk
NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT
vda 252:0 0 10G 0 disk
└─vda1 252:1 0 10G 0 part /
vdb 252:16 0 10G 0 disk
├─vdb1 252:17 0 512M 0 part
│ └─vg1-lvm1 253:0 0 772M 0 lvm /vg1/lvm1
├─vdb2 252:18 0 500M 0 part
│ └─vg1-lvm1 253:0 0 772M 0 lvm /vg1/lvm1
└─vdb3 252:19 0 512M 0 part
格式化swap分區
[root@server0 ~]# mkswap /dev/vdb3
Setting up swapspace version 1, size = 524284 KiB
no label, UUID=7af6394a-74af-4b61-9993-66155802e794
[root@server0 ~]# vim /etc/fstab
UUID=7af6394a-74af-4b61-9993-66155802e794 swap swap defaults 0 0
掛載分區
[root@server0 ~]# swapon /dev/vdb3
驗證:
[root@server0 ~]# swapon -s
Filename Type Size Used Priority
/dev/vdb3 partition 524284 0 -1
[root@server0 ~]# free
total used free shared buffers cached
Mem: 1885320 650316 1235004 17000 1572 454088
-/+ buffers/cache: 194656 1690664
Swap: 524284 0 524284
16、查找文件
試題要求:請把系統上擁有者為ira用戶的所有文件,並將其拷貝到/root/findfiles目錄中。
解答:
[root@server0 ~]# mkdir /root/findfiles
[root@server0 ~]# find / -user ira -exec cp -rpf {} /root/findfiles/ \\;
find: ‘/proc/3527/task/3527/fd/6’: No such file or directory
find: ‘/proc/3527/task/3527/fdinfo/6’: No such file or directory
find: ‘/proc/3527/fd/6’: No such file or directory
find: ‘/proc/3527/fdinfo/6’: No such file or directory
cp: invalid option -- '/'
Try 'cp --help' for more information.
cp: invalid option -- '/'
Try 'cp --help' for more information.
cp: invalid option -- '/'
Try 'cp --help' for more information.
17、過濾文件
試題要求:把/usr/share/dict/words文件中所有包含seismic字符串的行找到,並將這些行按照原始文件中的順序存放到/root/wordlist中,/root/wordlist文件不能包含空行。
解答:
[root@server0 ~]# grep seismic /usr/share/dict/words > /root/wordlist
驗證:
[root@server0 ~]# grep seismic /usr/share/dict/words
anaseismic
antiseismic
aseismic
aseismicity
bradyseismic
bradyseismical
coseismic
isoseismic
isoseismical
macroseismic
malloseismic
megaseismic
meizoseismic
microseismic
microseismical
microseismicity
nonseismic
peneseismic
seismic
seismical
seismically
seismicity
teleseismic
unseismic
[root@server0 ~]# cat /root/wordlist
anaseismic
antiseismic
aseismic
aseismicity
bradyseismic
bradyseismical
coseismic
isoseismic
isoseismical
macroseismic
malloseismic
megaseismic
meizoseismic
microseismic
microseismical
microseismicity
nonseismic
peneseismic
seismic
seismical
seismically
seismicity
teleseismic
unseismic
18、新建邏輯卷
試題要求:請按下列要求創建一個新的邏輯卷:
創建一個名為exam的卷組,卷組的PE尺寸為16MiB;
邏輯卷的名字為lvm2,所屬卷組為exam,該邏輯卷由8個PE組成;
將新建的邏輯卷格式化為xfs文件系統,要求系統啟動時,該邏輯卷能被自動掛載到/exam/lvm2目錄。
解答:
[root@server0 ~]#fdisk /dev/vdb
[root@server0 ~]#lsblk
[root@server0 ~]#partprobe
創建pv,vg,lv:
[root@server0 ~]#pvcreate /dev/vdb5
[root@server0 ~]#vgcreate -s 16M exam /dev/vdb5
[root@server0 ~]#lvcreate -l 18 -n lvm2 exam
格式化分區:
[root@server0 ~]#mkfs.vfat /dev/exam/lvm2
[root@server0 ~]#lsblk
創建掛載點:
[root@server0 ~]#mkdir /exam/lvm2
編輯fstab文件,設置為永久掛載:
[root@server0 ~]#vim /etc/fstab
/dev/exam/lvm2 /exam/lvm2 vfat defaults 0 0
驗證:
[root@server0 ~]#mount -a
[root@server0 ~]#df -h
[root@server0 ~]#vgdisplay exam
[root@server0 ~]#lvdisplay /dev/exam/lvm2
閱讀更多 神小威 的文章
