• Linux Lab


    ssh 

    vi /etc/apt/sources.list

    su

    ssh username@ipaddress

    eg : ssh root@172.16.247.143

    实验一

    fdisk /dev/sdb (create partitions)

    mdadm --create /dev/md0 --level=raid0 --raid-devices=2 /dev/sdb1 /dev/sdc1 (create raid 0)

    mkfs.ext3 /dev/md0 (create an ext3 filesystem on your RAID device)

    mount /dev/md0 /mnt/ (mount it on /mnt)

    find / -exec cp -R {} /mnt/ ; (copy files from the root filesystem to fill your new raid array with data.)

    mdadm --detail /dev/md0 (show the current status of your RAID array)

    umount /dev/md0 (umount your RAID array)

    mdadm --stop /dev/md0 (stop /dev/md0)

    cat /proc/mdstat (show running raid arrays)

    /etc/init.d/mdadm-raid restart (restart the RAID service to automatically rebuild the array)

    mdadm --stop /dev/md0 (stop your raid array)

    rm /dev/sdc1 (delete the /dev/sdc1 special file)

    /etc/init.d/mdadm-raid restart (restart the raid arrays)

    mount /dev/md0 /mnt/ (mount /dev/md0)

    mdadm --create /dev/md0 --level=raid1 --raid-device=2 /dev/sdb1 /dev/sdc1 (create a RAID1 array using your first two disks)

    mdadm -f /dev/md0 /dev/sdc1 (simulate a hard disk fail on /dev/sdc1)

    mdadm /dev/md0 --add /dev/sdd1 (add another disk to rebuild the array, add /dev/sdd1 to the array)

    umount /mnt/ (umount the array)

    mdadm --stop /dev/md0 (stop the array)

    mdadm --zero-superblock /dev/sdb1) (erase used devices superblock.)

    mdadm --create /dev/md0 --level=raid5 --raid-devices=3 /dev/sdb1 /dev/sdc1 /dev/sdd1 (create a RAID5 array using your first three disks)

    df -h (show the size of your new filsystem)

    hexdump /mnt/usr/sbin/groupadd (to read your files)

    mdadm --remove /dev/md0 /dev/sdc1 (to remove /dev/sdc1 from /dev/md0)

    mdadm --create /dev/md0 --level=raid --raid-devices=2 /dev/sdb1 /dev/sdc1 create a first RAID0 array out of your two first available disks)

    mdadm --create /dev/md1 --level=raid0 --raid-devices=2 /dev/sdd1 /dev/sde1 (create a second (md1) RAID0 array from the remaining disks)

    mdadm --create /dev/md2 --level=raid1 --raid-devices=2 /dev/md0 /dev/md1 (create a RAID1 out of the two RAID devices you've just created)

    实验二

    2.1

    fdisk /dev/sdb (create a physical volume out of the first hard drive you've just added to the virtual machine)

    pvcreate /dev/sdb1 (create a physica volume out of the partition you've just created)

    pvdisplay (confirm the creation by listing the currently available physical volumes)

    vgcreate storage /dev/sdb1 (put your new physical volume into a volume group named "storage")

    vgdisplay (list all currently available volume groups to confirm your creation)

    lvcreate -L 3GB -n movies storage (create a new logical volumes in the storage volume group , movies, size 3GB)

    lvcreate -L 0.9GB -n music storage (create a new logical volumes in the storage volume group, music, size 0.9 GB)

    apt-get install xfsprogs (install filesystem tools as needed)

    mkfs.xfs /dev/storage/movies (create an XFS filesystem on the movies logical volume)

    mkfs.ext3 /dev/storage/music (add an ext3 filesystem for the music lv)

    mkdir /mnt/{movies, music}

    mount /dev/storage/movies /mnt/movies/ (mount this filesystem to /mnt/movies)

    mount /dev/storage/music /mnt/music/ (mount this filesystem to /mnt/music)

    df -h (show available disk space on your filesystems)

    2.2

    umount /mnt/{movies,music}

    e2fsck -f /dev/storage/music

    resize2fs /dev/storage/music 100M

    lvreduce -L 100M /dev/storage/music (shrink your lv music to 100M)

    lvextend /dev/storage/movies /dev/sdf1 (extend your lv movies)

    mount /dev/storage/movies /mnt/movies/(to mount your lv movies)

    sfx_growfs /dev/dtorage/movies 

    lvextend -L +1GB /dev/storage/movies (extend lv movies to 4.9 GB(before it is 3.9GB))

    lvextend -L +1GB /dev/storage/music (extend lv music to 1.1GB (before it is 0.1GB))

    xfs_growfs /dev/storage/movies

    e2fsck -f /dev/storage/music

    resize2fs /dev/storage/music

    lvcreate -L1GB -s -n movies-snapshot /dev/storage/movies (create a 1GB snapshot named movies-snapshot of the movies lv)

    mkdir /mnt/snapshot

    mount /dev/storage/movies /mnt/snapshot/ (mount your snapshot to /mnt/snapshot/)

    tar -czf /dev/null /mnt/snapshot/ (do a full tar backup using the fastest tape writer ever: /dev/null)

    umount /mnt/snapshot (unmount the now useless snapshot)

    lvremove /dev/storage/movies-snapshot (delete the now useless snapshot)

    Lab

    3.1

    cp /boot/initrd.img-2.6.32-5-686 . (copy the original initrd into your home directory)

    file initrd.img-2.6.32-5-686 (see the filetype)

    zcat initrd.img-2.6.32-5-686 > initrd.raw (unpack it in a dedicated working directory)

    cpio -i < ../initrd.raw (copy file to ../initrd.raw file)

    mkdir initrd (make directory)

    sed -i 's/Loading, please wait/Loading Custom System, please wait/' init (open the init script with a text editor and modify the "Loading, please wait..." message. Replace it by "Loading Custom System, please wait>".)

    find | cpio -o --format=newc > ../initrd-new.cpio (rebuild a compressed cpio initrd in your home directory)

    cp initrd-new.cpio.gz /boot/initrd.img-2.6.32-5-686 (replace the original initrd by your custom one)

    3.2

    runlevel (show the current runlevel)

    ls /etc/rc2.d/S* (list services started in the current runlevel)

    update-rc.d exim4 disable 2 (disable the exim4 service)

    init 3 (change your runlevel to 3)

    runlevel (show the current runlevel)

    pgrep -l exim4 (check if exim4 is running)

    init 2 (switch back to runlevel 2)

    runlevel (show the current runlevel)

    update-rc.d exim4 enable 2 (re-enable exim4 in runlevel 2)

    3.3

    grep initdefault /etc/inittab (show the default runlevel)

    sed -i 's/id:2:initdefault:id:6:initdefault:/' /etc/inittab (change the default runlevel to 6)

    reboot (reboot your system,your system keeps on rebooting endlessly)

    Lab

    4.1

    groupadd -r wheel (add group)

    edit /etc/pam.d/su and add the following line :

    auth required pam_wheel.so group=wheel

    gpasswd -a supinfo wheel (add supinfo to the wheel group)

    add the following line to /etc/pam.d/su before the previous one :

    auth sufficient pam_wheel.so group=root trust

    gpasswd -a supinfo root

    4.2

    edit /tec/pam.d/common-password and add the following line before all others :

    password required pam_cracklib.so difok=2 minlen=8 dcredit=2 ocredit=2 retry=3

    4.3

    grep -niH nologin /etc/pam.d/* (find the name of a PAM module which is responsible of preventing users to open sessions if the /etc/nologin exists.)

    Disallow non-root login when /etc/nologin exists.

    grep -niH moth /etc/pam.d/* (to see which PAM module displays the content of /et/motd)

    recommened book :

    Network Security with OpenSSL

    Apache2 pocket reference

    Running Linux

    DNS and BIND

    Essential System Administration pocket reference

    Managing NFS and NIS

    Using Samba

    Pro Linux System Administration

    Expert Network Time Protocol

    MySQL Cookbook

    LDAP/OpenLDAP

    Kerberos The Definitive Guide

    post :for creation

    pup :for update

    init lab SOE

    root password

    init 0123456

    init=0 --> init=/bin/ssh

    pam.d pam.conf

    apache create virtual host website

    raid 0

    raid 1

    raid 5

    lvresize = lvextend = lvreduce

    lvreduce can have an argument as your Physical Volume but not lvextend

    lvresize => growing

    info any_command

    Lab

    5.1

    mkdir -p certificate-authority/{private,certs,newcerts,crl} (create a certificate-authority directory in your home, create 4 subdirectories : private, certs, newcerts, crl.)

    touch index.txt (create a blank index.txt)

    echo "01" > serial (create serial file with "01" as content(without double quotes))

    cp /etc/ssl/openssl.cnf ca-config (copy the default OpenSSL configuration file to ~/certificate-authority/ca-config)

    5.2

    openssl req -new -x509 -extensions v3_ca -nodes -keyout private/ca.key -out certs/ca.crt -config ca-config (create a new x509 certificate authority using the openssl command)

    5.3

    openssl req -new -nodes -keyout private/webserver.key -out webserver.csr -config ca-config (use openssl to create a csr for a webserver. the key will be stored in ~/certificate-authority/private/webserver.key and the request in ~/certificate-authority/webserver.csr)

    openssl req -new -keyout private/john-smith.key -out john-smith.csr -config ca-config (use openssl to create a certificate to be used to authenticate a VPN user. the key will be written to ~/certificate-authority/private/john-smith.key and the request in ~/certificate-authority/john-smith.csr)

    openssl ca -config ca-config -policy policy_anything -out certs/webserver.crt -infiles websever.csr (use the openssl ca command to sign off the webserver request. the final certificate should be stored in ~/certificate-authority/certs/webserver.crt)

    openssl ca -config ca-config -policy policy_anything -out certs/john-smith.crt -infiles john-smith.csr (use the openssl ca command to sign off the second request. the final certificate should be stored in ~/certificate-authority/certs/john-smith.crt)

    rm *.csr (remove the now useless certificate signining requests.)

    5.4

    openssl x509 -in certs/webserver.crt -noout -text (do a text dump the webserver.crt certificate.)

    openssl x509 -in certs/john-smith.crt -subject -issuer -startdate -endate -noout (show the following informations from the john-smith.crt certificate : subject, issuer, startdate, enddate)

    openssl verify -CAfile certs/ca.crt certs/john-smith.crt  (verify the validity of the john-smith.crt certificate against your certification authority.)

    5.5

    openssl ca -revoke certs/john-smith.crt -config ca-config (revoke John Smith's certificate.)

    openssl ca -gencrl -out crl/revoked.crl -config ca-config (to generate the certificate revokation list in ~/certificate-authority/crl/revoked.crl.)

    Lab

    6.1

    mkdir /var/www/{www.site1.com,www.site2.com}

    echo "<html><body>Welcome on site1.com</body></html>" > /var/www/www.site1.com/index.html

    echo "<html><body>Welcome on site2.com</body></html>" > /var/www/www.site2.com/index.html

    mkdit /var/log/apache2/{www.site1.com,ww.site2.com}

    create the /etc/apache2/sites-available/www.site1.com file

    create the /etc/apache2/sites-available/www.site2.com file

    a2ensite www.site1.com (enable website)

    a2ensite www.site2.com (enable website)

    /etc/init.d/apache2 restart (restart the service)

    curl www.site1.com (query your server)

    curl www.site2.com (query your server)

    6.2

    mkdir /var/www/www.site1.com/restricted

    touch /var/www/www.site1.com/restricted/{movie1.avi,movie2.avi}

    mkdir /etc/apache2/users

    htpasswd -bc /etc/apache2/users/site1.passwd john qwerty

    htpasswd -b /etc/apache2/users/site1.passwd sarah secret

    htpasswd -b /etc/apache2/users/site1.passwd bob password

    /etc/init.d/apache2 restart (restart the service)

    curl www.site2.com/restricted

    cd /var/lib/apt

    ls

    cd lists/

    ls

    rm -rf *

    cd ~

    info coreutils 'ls invocation'

    cp -avr certificate-authority /home/supinfo/certificate/authority

    This is one of the problem faced by many person’s“what if i lost the root password”First thing that comes in mind is “use single user mode” but the answer is NO.

    coz debian takes the system security to one more level up and by default ask’s for the root password.

    so the BIG QUESTION IS HOW TO proceed further

    follow these steps

    1) on grub-boot prompt.

    press “e” to enter edit mode

    2) then press downarrow to reach the line that starts with “kernel “

    press “e” again

    3) at the end of this line type in “init=/bin/sh” or “/bin/bash”

    4) then press enter to make that change and press “b” to boot

    in a few seconds you will be on your “#” prompt

    5) only one step left

    “mount -o remount rw /”

    this step is necessary coz in this case root file system is mounted as read only.

    6) finally type “passwd” and you get the screen to change the password

    and then type in “init 6? or “reboot”

    NOTE FOR TECHNICAL USERS

    those who are looking for the technical details, the main work is the init command that we passed as an argument to kernel, it told kernel to specifically run the command specified in parameter instead of working on normal routine.

    TRICK = if you have any program you wish to run instead of this then you can do that too using init command only.

    init 0

    init 6 (restart)

    cd /etc/rc

    cd /etc/rc0.d/

    ls

    cd /etc/rc1.d/

    ls

    cd /etc/rc6.d/

    ls

    /etc/inittab (to set level)

    BIOS : 

    Bootloader :

    Kernel :

    init :

    rc :

    file (to see the filetype)

    zcat file.gz > test.txt (to see the file.gz and put the content to test.txt)

    cpio ()

    sed (to replace the content )

    pgrep (to see if a progress is ongoing)

    auth required pam_wheel.so group=wheel

  • 相关阅读:
    Activity 与ListActivity的区别
    自定义标题栏
    解决小程序无法触发SESSION问题
    js数组与字符串经常用的几种简单的方法
    python程序与进制的执行过程
    常问的 web前端 问题
    如何判断页面滑到了屏幕最底部
    http请求状态保持的四种方法
    vue知识点归纳与总结(笔记)
    Nginx常用命令及使用场景
  • 原文地址:https://www.cnblogs.com/jilili/p/4379486.html
Copyright © 2020-2023  润新知