2016年RHEL7 ：RHCE试题答案整理

RHCE考试：
1.Selinux
两台服务器上配置
~]# vim /etc/selinux/config
SELINUX=disabled
SELINUXTYPE=targeted
~]#reboot
2.ssh登录控制
~]#vim /ect/hosts.allow
sshd:172.25.0.
~]#vim /ect/hosts.deny
sshd:172.24.0.
3.命令别名
~]#vim /etc/bashrc
alias qstat=' '
重读环境变量、验证
~]# source /etc/bashrc 或~]# . /PATH/FROM/CONF_FILE ~]# alias
~]#qstat
4.防火墙规则，配置端口转发
图形化界面操作。

~]# firewall-config & 在图形化下配置
选择模式：
Configuration Permanent永久模式
Zone：public 适用区域
Port Forwarding端口转发--> Add
~]# firewall-cmd --list-all public 验证5.链路聚合
图形化界面配置：
~]#nm-conection-editor &
~]#lab teambridge setup
man teamd----》{"runner\":{\"name\":\"activebackup\"}}
~]#systemctl restart network
~]#ip addr show team0
~]#teamdctl team0 state
6.配置IPv6地址
图形配置
~]# nm-connection-editor & 图形配置
~]# systemctl restart network
~]# ip addr show eth0
~]# ping #测试
7.本地邮件服务
~]#yum install -y postfix
~]#vim /etc/postfix/main.cf
init_interfaces=loopback-only
myorigin = #从该系统上发送的邮件都显示来自
relayhost = [] # 转发发到
mydestination= # 本地不接受外来邮件
local_transport=err:local delivery disabled
~]# systemctl restart postfix
~]# systemctl enable postfix
8.Samba共享目录
Server:
~]# yum install samba samba-client -y
~]# mkdir /common
~]# chcon -R -t samba_share_t /common #修改安全上下文，此处的SElinux是打开的，在配置文件中也有此命令
~]# vim /etc/samba/smb.conf
workgroup = STAFF # 此处是修改
[common] # 此处开始是添加内容
comment=common
path = /common
hosts allow = 172.25.0.
browseable = yes
~]# smbpasswd -a andy
~]# testparm # 查看配置有无问题
~]# systemctl restart smb nmb
~]# systemctl enable smb nmb
~]# firewall-cmd --add-service=samba --permanent
~]# firewall-cmd --reload
Client：
~]# yum install samba-client cifs-utils -y
~]# smbclient -L //172.25.0.11 -U andy # 测试能否连接
~]# smbclient //172.25.0.11/common -U andy # 测试能否连接共享目录
~]# 第三步测试：能够下载不能上传
挂载可以做看题目要求：
~]#mkdir /mnt/common
~]#vim /etc/fstab
//172.25.0.11/common /mnt/common cifs defaults,username=k1,password=RedH at,sec=ntlmssp 0 0
~]#mount -a
~]#df -hT
9.多用户SMB挂载
~]# mkdir /share
~]# chmod o+w /share
~]# chcon -R -t samba_share_t /share
~]# useradd k1
~]# useradd c1
~]# smbpasswd -a k1
~]# smbpasswd -a c1
~]# vim /etc/samba/smb.conf
[share]
comment=share
path = /share
hosts allow = 172.25.0.
browseable = yes
writable = no
write list = c1
~]# systemctl restart smb nmb
Client端测试：
~]#vim /etc/fstab
//172.25.0.11/share /mnt/dev cifs defaults,multiuser,username=k1,password=red hat,sec=ntlmssp 0 0
~]#mount -a
~]#df -h
~]# useradd c1
~]# su - c1
~]#cd /mnt/dev
~]#c i f s c r e d s a d d172.25.0.11-u c1#临时提升权限
10.NFS服务
Server：
~]# mkdir /public
~]# mkdir /pretected
~]# chcon -R -t public_content_t /public
~]# chcon -R -t public_content_t /pretected/
~]# vim /etc/exports
/public 172.25.0.0/24(ro,sync)
/pretected 172.25.0.0/24(rw,sec=krb5p,sync)
~]# wget -O /etc/krb5.keytab /pub/keytabs/server0.keytab
~]# useradd k2
~]# chown k2 /pretected/project/
~]# systemctl restart nfs-secure-server
~]# systemctl enable nfs-server.service
~]# systemctl restart nfs
~]# firewall-cmd --add-service=nfs --permanent
~]# firewall-cmd --reload
~]# firewall-cmd --add-service=rpc-bind --permanent # 挂载相关的放行
~]# firewall-cmd --reload
~]# firewall-cmd --permanent --add-service=mountd # 挂载相关的放行
~]# firewall-cmd --reload
~]# vim /etc/sysconfig/nfs # 为支持krb5验证
RPCNFSDARGS='-V 4.2'
11.挂载NFS共享
Client：
~]# wget -O /etc/krb5.keytab /pub/keytabs/desktop0.keytab ~]# systemctl restart nfs-secure
~]# systemctl enable nfs-secure
~]# mkdir /mnt/nfssecure
~]# vim /etc/fstab
172.25.0.11:/public /mnt/nfsmount nfs defaules 0 0
172.25.0.11:/pretected /mnt/nfssecure nfs defaults,sec=krb5p,v4.2 0 0 ~]# mount -a
12.配置Web站点
~]# yum groupinstall -y web*
~]#cd /var/www/html
~]#wget http://
~]#mv
~]# systemctl start httpd
~]# systemctl enable httpd
~]#firewall-cmd --add-service=http -permanent
~]#firewall-cmd --reload
~]# systemctl restart httpd
~]#firewall-config &
~]# curl
13.配置安全web服务
~]# yum install mod_ssl
~]# cd /etc/httpd/conf.d
~]# wget /pub/tls/certs/www0.crt
~]# wget /pub/tls/private/www0.key ~]# wget /pub/example-ca.crt
~]# vim ssl.conf
DocumentRoot "/var/www/html"
ServerName :443
SSLCertificateFile /etc/httpd/conf.d/www0.crt
SSLCertificateKeyFile /etc/httpd/conf.d/www0.key
SSLCertificateChainFile /etc/httpd/conf.d/example-ca.crt ~]# systemctl restart httpd
~]# firewall-cmd --add-service=https --permanent
~]# firewall-cmd --reload
14.配置虚拟主机
~]# vim vhost.conf
<VirtualHost *:80>
ServerName
DocumentRoot /var/www/virtual
</VirtualHost>
<Directory "/var/www/virtual">
AllowOverride None
Require all granted
</Directory>
<VirtualHost *:80>
ServerName
DocumentRoot /var/www/html
</VirtualHost>
~]# systemctl restart httpd
~]#mkdir /var/www/virtual
~]#chmod o+w /var/www/virtual
15.配置Web内容服务
~]# mkdir /var/www/html/private
~]# echo "15 " > /var/www/html/private/index.html
~]# mkdir /var/www/virtual
~]# echo "14" > /var/www/virtual/index.html
~]# vim vhost.conf
<VirtualHost *:80>
ServerName
DocumentRoot /var/www/virtual
</VirtualHost>
<Directory "/var/www/virtual">
AllowOverride None
Require all granted
</Directory>
<VirtualHost _default_:80>
ServerName
DocumentRoot /var/www/html
<Directory "/var/www/html">
AllowOverride None
Require all granted
</Directory>
</VirtualHost>
<Directory "/var/www/html/private">
AllowOverride None
Require all denied
Requirelocal
</Directory>
~]# systemctl restart httpd
~]# curl /private/index.html ~]# curl /private/index.html
16.实现动态Web内容
~]# yum install mod_wsgi -y
~]# vim /etc/httpd/conf/httpd.conf
Listen 8909
~]# semanage port -a -t http_port_t -p tcp 8909
~]# systemctl restart httpd
~]# echo "16" > /var/www/html/webinfo.wsgi
~]#vim vhost.conf
<VirtualHost *:8909>
ServerName
DocumentRoot /var/www/html
<Directory "/var/www/html">
AllowOverride None
Require all granted
</Directory>
WSGIScriptAlias / /var/www/html/webinfo.wsgi </VirtualHost>
~]# systemctl restart httpd
~]# firewall-config-edit &图形化放行
~]#firewall-cmd --reload
17.case脚本
~]#vim /etc/boot/foo/sh
#!/bin/bash
case $1 in
Fedora)
echo "RedHat"
;;
redhat)
echo "fedora"
;;
*)
echo "/root/foo.sh redhat|fedora"
esac
~]# chmod +x /root/foo.sh
18.添加用户脚本
~]#vim /root/batchusers.sh
#!/bin/bash
if [$# -eq 0 ];then
echo "Usage:/root/batchusers"
exit 1
fi
if [! -f $1];then
echo "input file not found"
exit 1
fi
for i in $(cat $1);do
useradd -s /bin/false $i;
done
~]# chmod +x /root/batchusers.sh
19.ISCSI服务
~]# fdisk -l /dev/vda
~]#yum install -y targetcli
~]#targetcli
/> ls
/> cd backstores/
/> cd block
/> create disk1 /dev/vda1
/> cd ..
/> cd ..
/> cd iscsi
/> create .example:server0
/> cd .wxample:server0/tpg1/
/> ls
/> luns/ create /backstores/block/disk1
/> acls/ create .example:desktop0
/> portals/ create 172.25.0.11
/> exit
~]#fire-cmd --add-port=3260/tcp --permanent
~]#fire-cmd --reload
~]#systemctl enaable target
~]#systemctl start targe
20.配置ISCSI服务客户端
~]# yum install iscsi* -y
~]#vim /ettc/iscsi/initiatorname.iscsi
InitiatorName=.example:desktop0
~]#iscsiadm -t st -m discovery -p 172.25.0.11
~]#iscsiadm -m node -T .example:server0 -p 172.25.0.11 -l ~]#fdisk -l
~]# fdisk /dev/sdc 分区
~]# mkfs.ext4 /dev/sd...
~]# mkdir /mnt/data
~]# vim /etc/fstab
UUID= /mnt/data ext4 defaults,_netdev 0 0
~]# mount -a
21.配置数据库
~]# yum groupinstall "mariadb*" -y
~]# systemctl start mariadb
~]# systemctl enable mariadb
~]# mysql_secure_installation
~]# mysql -u root -p
MariaDB > CREATE DATABASE Contacts;
MariaDB > quit
~]# mysql -u root -p Contacts < /root/users.mdb
22.查询数据库
~]# mysql -u root -p
MariaDB >use Contacts;
MariaDB >show tables;
MariaDB >create user r1@localhost identified by 'redhat';
MariaDB >grant select on Contacts.* to r1@localhost;
MariaDB >flush privileges;
MariaDB >select * from pass inner join name where name.aid=pass.bid;
MariaDB >select * from pass inner join name on name.aid=pass.bid wherepassword ='tangerine';
MariaDB >select * from name inner join loc on name.aid=loc.cid wherefirstname='J ohn' and loction='guangzhou';。