第二十三周作业

蹉跎莫遣韶光老，人生唯有读书好。这篇文章主要讲述第二十三周作业相关的知识，希望能为你提供帮助。
1、实现基于mysql验证的vsftpd虚拟用户访问

mysql服务器 1.安装mariadb-server [root@zuoye1 ~]# yum install -y mariadb-server [root@zuoye1 ~]# systemctl start mariadb 2.在数据库上建立验证用数据库和表 [root@zuoye1 ~]# mysql MariaDB [(none)]> create database vsftpd; Query OK, 1 row affected (0.00 sec) MariaDB [(none)]> use vsftpd Database changed MariaDB [vsftpd]> create table user(id int auto_increment not null primary key, name char(30) binary not null,password char(40) binary not null); Query OK, 0 rows affected (0.30 sec) 添加用户 MariaDB [vsftpd]> insert into user(name,password) values(\'ftp_zhao\',password(\'123456\')); MariaDB [vsftpd]> insert into user(name,password) values(\'ftp_qian\',password(\'123456\')); 创建数据库用户 MariaDB [vsftpd]> GRANT SELECT ON vsftpd.* TO vsftpd@\'10.0.0.%\' IDENTIFIED BY \'123456\'; MariaDB [vsftpd]> FLUSH PRIVILEGES; VSFTPD服务器 3.安装vsftpd和pam_mysql [root@zuoye2 ~]# yum install -y vsftpd [root@zuoye2 ~]# yum -y install vsftpd gcc gcc-c++ make mariadb-devel pam-devel [root@zuoye2 ~]# wget http://prdownloads.sourceforge.net/pam-mysql/pam_mysql-0.7RC1.tar.gz [root@zuoye2 ~]# tar xvf pam_mysql-0.7RC1.tar.gz [root@zuoye2 ~]# cd pam_mysql-0.7RC1 [root@zuoye2 pam_mysql-0.7RC1]#./configure --with-pam-mods-dir=/lib64/security [root@zuoye2 pam_mysql-0.7RC1]# make install 4.编辑文件 [root@zuoye2 pam_mysql-0.7RC1]# cat /etc/pam.d/vsftpd.mysql auth required pam_mysql.so user=vsftpd passwd=123456 host=10.0.0.100 db=vsftpd table=user usercolumn=name passwdcolumn=password crypt=2 account required pam_mysql.so user=vsftpd passwd=123456 host=10.0.0.100 db=vsftpd table=user usercolumn=name passwdcolumn=password crypt=2 5.建立相应用户和vsftpd配置文件 [root@zuoye2 pam_mysql-0.7RC1]# useradd -s /sbin/nologin -d /data/ftp -r vuser [root@zuoye2 pam_mysql-0.7RC1]# mkdir -pv /data/ftp/upload [root@zuoye2 pam_mysql-0.7RC1]# setfacl -m u:vuser:rwx /data/ftp/upload [root@zuoye2 pam_mysql-0.7RC1]# vi /etc/vsftpd/vsftpd.conf anonymous_enable=YES guest_enable=YES guest_username=vuser pam_service_name=vsftpd.mysql user_config_dir=/etc/vsftpd/conf.d/ [root@zuoye2 pam_mysql-0.7RC1]# systemctl start vsftpd 6.配置不同用户的不同权限 [root@zuoye2 ~]# mkdir /etc/vsftpd/conf.d [root@zuoye2 ~]# cat /etc/vsftpd/conf.d/ftp_zhao anon_upload_enable=YES anon_mkdir_write_enable=YES anon_other_write_enable=YES local_root=/data/ftp

2、通过NFS实现服务器/www共享访问。

NFSserver 1.创建用户和目录 [root@zuoye1 ~]# mkdir /www [root@zuoye1 ~]# chmod -R 777/www [root@zuoye1 ~]# yum -y install nfs-utils [root@zuoye1 ~]# cat /etc/exports /www*(rw) [root@zuoye1 ~]# exportfs -r [root@zuoye1 ~]# systemctl start nfsNFSclient [root@zuoye2 home]# mkdir /www [root@zuoye2 home]# yum -y install nfs-utils [root@zuoye2 home]# mount 10.0.0.100:/www /www

3、配置samba共享，实现/www目录共享

服务器端安装软件 [root@zuoye1 ~]# yum install -y samba 创建用户和组 [root@zuoye1 ~]# groupadd -r samgroup [root@zuoye1 ~]# useradd -s /sbin/nologin -G samgroup sam [root@zuoye1 ~]# smbpasswd -a sam 创建目录 [root@zuoye1 ~]# mkdir /www [root@zuoye1 ~]# chgrp samgroup /www [root@zuoye1 ~]# chmod 2775 /www [root@zuoye1 ~]# ls /www s1服务器配置 [root@zuoye1 ~]# cat /etc/samba/smb.conf [share] path = /www write list =@samgroup [root@zuoye1 ~]# systemctl start smb nmb 客户端安装软件 [root@zuoye2 ~]# yum install -y cifs-utils 创建目录 [root@zuoye2 ~]# mkdir /www [root@zuoye2 ~]# mount -o username=sam //10.0.0.100/share /www 测试 [root@zuoye2 ~]# ls /www s1 [root@zuoye2 ~]# touch /www/s2 [root@zuoye2 ~]# ls -l /www total 0 -rw-r--r-- 1 1001 995 0 Sep8 09:06 s1 -rw-r--r-- 1 1001 995 0 Sep8 09:07 s2 [root@zuoye1 ~]# ls -ltr /www total 0 -rw-r--r--. 1 sam samgroup 0 Sep8 09:06 s1 -rw-r--r--. 1 sam samgroup 0 Sep8 09:07 s2

4、使用rsync+inotify实现/www目录实时同步

服务器端安装软件添加源 [root@zuoye1 ~]# wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo [root@zuoye1 ~]# yum install -y rsync [root@zuoye1 ~]# yum install -y inotify-tools 配置文件 [root@zuoye1 ~]# cat /etc/rsyncd.conf uid = root gid = root max connections = 0 ignore errors exclude = lost+found/ log file = /var/log/rsyncd.log pid file = /var/run/rsyncd.pid lock file = /var/run/rsyncd.lock reverse lookup = no hosts allow = 10.0.0.0/24 [www] path = /www comment = backip dir read only = no auth users = rsyncuser secrets file = /etc/rsync.pas 生成验证文件 [root@zuoye1 ~]# echo "rsyncuser:123456" > /etc/rsync.pas [root@zuoye1 ~]# chmod 600 /etc/rsync.pas [root@zuoye1 ~]# systemctl start rsyncd

客户端配置验证文件 [root@zuoye2 ~]# echo "123456" > /etc/rsync.pas [root@zuoye2 ~]# chmod 600 /etc/rsync.pas [root@zuoye2 ~]# yum install -y rsync [root@zuoye2 ~]# rsync rsync://10.0.0.100 wwwbackip dir 测试 [root@zuoye2 ~]# rsync -avz --delete --password-file=/etc/rsync.pas /www/ rsyncuser@10.0.0.100::www sending incremental file list ./sent 51 bytesreceived 19 bytes140.00 bytes/sec total size is 0speedup is 0.00

在客户端上创建脚本实现实时同步，将客户端的/www目录实时同步到服务器的/www目录下 [root@zuoye2 www]# cat /root/rsync.sh #!/bin/bash SRC=https://www.songbingjia.com/'/www/\' DEST=\'rsyncuser@10.0.0.100::www\' rpm -q rsync & > /dev/null || yum -y install rsync inotifywait-mrq--exclude=".*\\.swp" --timefmt \'%Y-%m-%d %H:%M:%S\' --format \'%T %w %f\' -e create,delete,moved_to,close_write,attrib ${SRC} |while read DATE TIME DIR FILE; do FILEPATH=${DIR}${FILE} rsync -avz --delete--password-file=/etc/rsync.pas $SRC $DEST & & echo "At ${TIME} on ${DATE}, file $FILEPATH was backuped up via rsync" > > /var/log/changelist.log done

【第二十三周作业】5、使用iptable实现: 放行telnet, ftp, web服务,放行samba服务,其他端口服务全部拒绝

[root@zuoye1 ~]#iptables -A INPUT-p tcp -m multiport --dports 20,21,22,23,80,139,445 -j ACCEPT [root@zuoye1 ~]#iptables -A INPUT-p udp -m multiport --dports 137,138 -j ACCEPT [root@zuoye1 ~]#iptables -A INPUT-j REJECT [root@zuoye1 ~]# iptables -vnL Chain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes targetprot opt inoutsourcedestination 280 14996 ACCEPTtcp--**0.0.0.0/00.0.0.0/0multiport dports 20,21,23,80,139,445 00 ACCEPTudp--**0.0.0.0/00.0.0.0/0multiport dports 137,138 273150 REJECTall--**0.0.0.0/00.0.0.0/0reject-with icmp-port-unreachable