嚣张研究站呀 · 2022年6月17日 0

RHCSA–Answer


1,配置hostname和网络
hostnamectl set-hostname mars.lab.example.com
vim /etc/sysconfig/network-scripts/ifcfg-Wired_connection1
编辑内容:
IPADDR=172.25.250.10
PREFIX=24
GATEWAY=172.25.250.254
DNS1=172.25.250.254
ONBOOT=yes

2,配置yum源
vim /etc/yum.repos.d/redhat.repo
编辑内容:
[BaseOS]
name=BaseOS
baseurl=http://content.example.com/rhel8.0/x86_64/dvd/BaseOS
enabled=1
gpgcheck=0
[AppStream]
name=AppStream
baseurl=http://content.example.com/rhel8.0/x86_64/dvd/AppStream
enabled=1
gpgcheck=0
验证:
yum clean all && yum makecache
yum repolist

3.SeLinux和防火墙
#设置selinux
semanage port -a -t http_port_t -p tcp 82

firewall-cmd –add-port=82/tcp –permanent
firewall-cmd –reload

restorecon -Rv /var/www/html/

systemctl enable httpd –now
验证:
curl mars:82
curl mars:82/file1

4,用户管理,添加用户,设置用户组,更改密码,设置登陆shell
groupadd admins
useradd -G admins lucy
useradd -G admins harry
useradd -s /sbin/nologin jams
echo redhat|passwd –stdin lucy
echo redhat|passwd –stdin harry
rcho redhat|passwd –stdin jams
验证:
tail -3 /etc/passwd
ssh lucy@mars #密码redhat
ssh harry@mars
ssh jams@mars

5.计划任务crond
crontab -u lucy -e
编辑内容:
*/2 * * * * /bin/echo hiya
systemctl enable crond
验证:crontab -u lucy –l

6.文件权限
mkdir /home/test
chgrp admins /home/test
chmod g=rwx,o=– /home/test
chmod g+s /home/test
验证:ssh lucy@mars
echo 123231 > /home/test/123
ll /home/test/
文件:ll -a
文件夹: ll -d

7.配置NTP
vim /etc/chrony.conf
编辑内容:
server classroom.example.com iburst
验证:
systemctl restart chronyd
chronyc sources -v

8.AutoFS自动挂载NFS
yum -y install autofs
echo “/rhome /etc/auto.nfs” > /etc/auto.master.d/lily.autofs
echo “lily -fstype=nfs,rw,sync classroom.example.com:/rhome/lily” > /etc/auto.nfs
systemctl restart autofs
验证:
ssh lily@mars “df -hT”

9.文件设置ACL权限
cp /etc/fstab /var/tmp/
setfacl -m u:lucy:rw,u:harry:- /var/tmp/fstab
验证:
getfacl /var/tmp/fstab

10.设置用户uid
id jacks
usermod -u 3533 jacks
echo redhat|passwd –stdin jacks
验证:
id jacks
ssh jacks@mars

11.find查找文件
mkdir findfiles
find / -user querys -exec cp -a {} /root/findfiles \;
验证:
ls /root/findfiles

12.grep匹配字符串
grep crosswords /usr/share/doc/words/readme.txt > /root/list
验证:
cat /root/list

13.tar压缩文件
tar -c tar -z gzip -j bz2 -J xz
tar -zcvf /root/backup.tar.gz /usr/local/
验证:
file /root/backup.tar.gz

14.破解root密码
重新启动serverb的时候按e,进入grub编辑模式,倒数第二行,输入 rd.break console=tty0 然后按Ctrl+x引导系统
mount -o rw,remount /sysroot
chroot /sysroot
echo redhat| passwd –stdin root
touch /.autorelabel
exit
exit

15.配置yum源, scp复制文件
scp /etc/yum.repos.d/redhat.repo root@mars:/etc/yum.repos.d/redhat.repo
yum clean all && yum makecache
验证:
yum repolist

16.扩容逻辑卷
lvs
lvextend -r -L 230M /dev/lilyvg/lilylv
验证:
lvs
df -hT

17.添加设置swap交换分区
lsblk
新建分区
fdisk /dev/vdb
n
+756M
mkswap /dev/vdb3
echo “/dev/vdb3 swap swap defaults 0 0” >> /etc/fstab
swapon /dev/vdb3
mount -a
验证:
free -mh
df -hT

18.创建逻辑卷并自动挂载
lsblk
fdisk /dev/vdb
可能分区未出现:
partx -d /dev/vdb
partx -a /dev/vdb
创建lv
pvcreate /dev/vdb5
vgcreate qagroup /dev/vdb5 -s 16M
vgs
lvcreate -l 60 -n qa qagroup
lvs
mkdir /mnt/qa
mkfs.ext3 /dev/qagroup/qa
echo “/dev/qagroup/qa /mnt/qa ext3 defaults 0 0” >> /etc/fstab
mount -a
验证:
df -hT

19.创建vdo卷并开机自动挂载(必须使用未分区未挂载的新磁盘)
lsblk
yum install vdo kmod-kvdo
systemctl enable vdo –now
vdo create -–name=vdough -–device=/dev/vdc -–vdoLogicalSize=50G
mkfs.xfs -K /dev/mapper/vdough
mkdir /vbread
echo “/dev/mapper/vdough /vbread xfs defaults,x-systemd.requires=vdo.service 0 0” >> /etc/fstab
验证:
mount -a
df -hT

20.tuned调优设置
tuned-adm recommend (系统推荐设置)
tuned-adm active(当前活跃设置)
tuned-adm profile (修改活跃模式)

21.22.podman部署容器,配置容器以使其自动启动,为容器配置持久存储
useradd containers
echo redhat|passwd –stdin containers //考试的时候按照实际要求操作
vim /etc/systemd/journal.conf
编辑内容:
Storage=persistent
systemctl restart systemd-journald.service

复制日志文件到用户目录:

su – containers
mkdir -p /home/containers/container_journal
exit
find /var/log/journal -name “*.journal” -exec cp -rf {} /home/containers/container_journal/ \;

创建容器

ssh containers@serverb
podman login registry.network9.example.com
> userxxxx
> passxxxx
podman pull rsyslog
podman images
podman run -d –name=logserver -v /home/containers/container_journal:/var/log/journal:Z rsyslog
mkdir -p ~/.config/systemd/user
cd .config/systemd/user/
podman generate systemd –name logserver –files –new
systemctl –user daemon-reload
systemctl –user enable container-logserver –now
systemctl –user status container-logserver
loginctl enable-linger
loginctl show-user containers

23设置sudo免密操作
visudo
查找wheel所在行
%sysmgrs ALL=(ALL) NOPASSWD: ALL

24设置用户密码过期时间
vim /etc/login.defs
PASS_MAX_DAYS 20 #最大有效期

PASS_MIN_DAYS #最小天数

PASS_MIN_LEN #最小长度

PASS_WARN_AGE #密码到期前告警时间

25创建脚本查找相应文件

find:
提示:
-size [+/-]大小
-a -and 且
-o -or 或
-not 非
-perm
-2000 sgid
-4000 suid
vim /usr/local/bin/myresearch
编辑:

#!/bin/bash

find /usr/ -size -10M -a -perm -2000 -exec cp -a {} /root/myfiles \;
mkdir /root/myfiles
chmod +x /usr/local/bin/myresearch
验证:
ls /root/myfiles
标准答案:

#!/bin/bash

if [ ! -d “/root/myfiles/” ]; then
mkdir -p /root/myfiles/
fi
find /usr/ -size -10M -a -perm -2000 -exec cp -a {} /root/myfiles/ \;

发表评论