Linux Lab
ssh
vi /etc/apt/sources.list
su
ssh username@ipaddress
eg : ssh root@172.16.247.143
实验一
fdisk /dev/sdb (create partitions)
mdadm --create /dev/md0 --level=raid0 --raid-devices=2 /dev/sdb1 /dev/sdc1 (create raid 0)
mkfs.ext3 /dev/md0 (create an ext3 filesystem on your RAID device)
mount /dev/md0 /mnt/ (mount it on /mnt)
find / -exec cp -R {} /mnt/ \; (copy files from the root filesystem to fill your new raid array with data.)
mdadm --detail /dev/md0 (show the current status of your RAID array)
umount /dev/md0 (umount your RAID array)
mdadm --stop /dev/md0 (stop /dev/md0)
cat /proc/mdstat (show running raid arrays)
/etc/init.d/mdadm-raid restart (restart the RAID service to automatically rebuild the array)
mdadm --stop /dev/md0 (stop your raid array)
rm /dev/sdc1 (delete the /dev/sdc1 special file)
/etc/init.d/mdadm-raid restart (restart the raid arrays)
mount /dev/md0 /mnt/ (mount /dev/md0)
mdadm --create /dev/md0 --level=raid1 --raid-device=2 /dev/sdb1 /dev/sdc1 (create a RAID1 array using your first two disks)
mdadm -f /dev/md0 /dev/sdc1 (simulate a hard disk fail on /dev/sdc1)
mdadm /dev/md0 --add /dev/sdd1 (add another disk to rebuild the array, add /dev/sdd1 to the array)
umount /mnt/ (umount the array)
mdadm --stop /dev/md0 (stop the array)
mdadm --zero-superblock /dev/sdb1) (erase used devices superblock.)
mdadm --create /dev/md0 --level=raid5 --raid-devices=3 /dev/sdb1 /dev/sdc1 /dev/sdd1 (create a RAID5 array using your first three disks)
df -h (show the size of your new filsystem)
hexdump /mnt/usr/sbin/groupadd (to read your files)
mdadm --remove /dev/md0 /dev/sdc1 (to remove /dev/sdc1 from /dev/md0)
mdadm --create /dev/md0 --level=raid --raid-devices=2 /dev/sdb1 /dev/sdc1 create a first RAID0 array out of your two first available disks)
mdadm --create /dev/md1 --level=raid0 --raid-devices=2 /dev/sdd1 /dev/sde1 (create a second (md1) RAID0 array from the remaining disks)
mdadm --create /dev/md2 --level=raid1 --raid-devices=2 /dev/md0 /dev/md1 (create a RAID1 out of the two RAID devices you've just created)
实验二
2.1
fdisk /dev/sdb (create a physical volume out of the first hard drive you've just added to the virtual machine)
pvcreate /dev/sdb1 (create a physica volume out of the partition you've just created)
pvdisplay (confirm the creation by listing the currently available physical volumes)
vgcreate storage /dev/sdb1 (put your new physical volume into a volume group named "storage")
vgdisplay (list all currently available volume groups to confirm your creation)
lvcreate -L 3GB -n movies storage (create a new logical volumes in the storage volume group , movies, size 3GB)
lvcreate -L 0.9GB -n music storage (create a new logical volumes in the storage volume group, music, size 0.9 GB)
apt-get install xfsprogs (install filesystem tools as needed)
mkfs.xfs /dev/storage/movies (create an XFS filesystem on the movies logical volume)
mkfs.ext3 /dev/storage/music (add an ext3 filesystem for the music lv)
mkdir /mnt/{movies, music}
mount /dev/storage/movies /mnt/movies/ (mount this filesystem to /mnt/movies)
mount /dev/storage/music /mnt/music/ (mount this filesystem to /mnt/music)
df -h (show available disk space on your filesystems)
2.2
umount /mnt/{movies,music}
e2fsck -f /dev/storage/music
resize2fs /dev/storage/music 100M
lvreduce -L 100M /dev/storage/music (shrink your lv music to 100M)
lvextend /dev/storage/movies /dev/sdf1 (extend your lv movies)
mount /dev/storage/movies /mnt/movies/(to mount your lv movies)
sfx_growfs /dev/dtorage/movies
lvextend -L +1GB /dev/storage/movies (extend lv movies to 4.9 GB(before it is 3.9GB))
lvextend -L +1GB /dev/storage/music (extend lv music to 1.1GB (before it is 0.1GB))
xfs_growfs /dev/storage/movies
e2fsck -f /dev/storage/music
resize2fs /dev/storage/music
lvcreate -L1GB -s -n movies-snapshot /dev/storage/movies (create a 1GB snapshot named movies-snapshot of the movies lv)
mkdir /mnt/snapshot
mount /dev/storage/movies /mnt/snapshot/ (mount your snapshot to /mnt/snapshot/)
tar -czf /dev/null /mnt/snapshot/ (do a full tar backup using the fastest tape writer ever: /dev/null)
umount /mnt/snapshot (unmount the now useless snapshot)
lvremove /dev/storage/movies-snapshot (delete the now useless snapshot)
Lab
3.1
cp /boot/initrd.img-2.6.32-5-686 . (copy the original initrd into your home directory)
file initrd.img-2.6.32-5-686 (see the filetype)
zcat initrd.img-2.6.32-5-686 > initrd.raw (unpack it in a dedicated working directory)
cpio -i < ../initrd.raw (copy file to ../initrd.raw file)
mkdir initrd (make directory)
sed -i 's/Loading, please wait/Loading Custom System, please wait/' init (open the init script with a text editor and modify the "Loading, please wait..." message. Replace it by "Loading Custom System, please wait>".)
find | cpio -o --format=newc > ../initrd-new.cpio (rebuild a compressed cpio initrd in your home directory)
cp initrd-new.cpio.gz /boot/initrd.img-2.6.32-5-686 (replace the original initrd by your custom one)
3.2
runlevel (show the current runlevel)
ls /etc/rc2.d/S* (list services started in the current runlevel)
update-rc.d exim4 disable 2 (disable the exim4 service)
init 3 (change your runlevel to 3)
runlevel (show the current runlevel)
pgrep -l exim4 (check if exim4 is running)
init 2 (switch back to runlevel 2)
runlevel (show the current runlevel)
update-rc.d exim4 enable 2 (re-enable exim4 in runlevel 2)
3.3
grep initdefault /etc/inittab (show the default runlevel)
sed -i 's/id:2:initdefault:id:6:initdefault:/' /etc/inittab (change the default runlevel to 6)
reboot (reboot your system,your system keeps on rebooting endlessly)
Lab
4.1
groupadd -r wheel (add group)
edit /etc/pam.d/su and add the following line :
auth required pam_wheel.so group=wheel
gpasswd -a supinfo wheel (add supinfo to the wheel group)
add the following line to /etc/pam.d/su before the previous one :
auth sufficient pam_wheel.so group=root trust
gpasswd -a supinfo root
4.2
edit /tec/pam.d/common-password and add the following line before all others :
password required pam_cracklib.so difok=2 minlen=8 dcredit=2 ocredit=2 retry=3
4.3
grep -niH nologin /etc/pam.d/* (find the name of a PAM module which is responsible of preventing users to open sessions if the /etc/nologin exists.)
Disallow non-root login when /etc/nologin exists.
grep -niH moth /etc/pam.d/* (to see which PAM module displays the content of /et/motd)
recommened book :
Network Security with OpenSSL
Apache2 pocket reference
Running Linux
DNS and BIND
Essential System Administration pocket reference
Managing NFS and NIS
Using Samba
Pro Linux System Administration
Expert Network Time Protocol
MySQL Cookbook
LDAP/OpenLDAP
Kerberos The Definitive Guide
post :for creation
pup :for update
init lab SOE
root password
init 0123456
init=0 --> init=/bin/ssh
pam.d pam.conf
apache create virtual host website
raid 0
raid 1
raid 5
lvresize = lvextend = lvreduce
lvreduce can have an argument as your Physical Volume but not lvextend
lvresize => growing
info any_command
Lab
5.1
mkdir -p certificate-authority/{private,certs,newcerts,crl} (create a certificate-authority directory in your home, create 4 subdirectories : private, certs, newcerts, crl.)
touch index.txt (create a blank index.txt)
echo "01" > serial (create serial file with "01" as content(without double quotes))
cp /etc/ssl/openssl.cnf ca-config (copy the default OpenSSL configuration file to ~/certificate-authority/ca-config)
5.2
openssl req -new -x509 -extensions v3_ca -nodes -keyout private/ca.key -out certs/ca.crt -config ca-config (create a new x509 certificate authority using the openssl command)
5.3
openssl req -new -nodes -keyout private/webserver.key -out webserver.csr -config ca-config (use openssl to create a csr for a webserver. the key will be stored in ~/certificate-authority/private/webserver.key and the request in ~/certificate-authority/webserver.csr)
openssl req -new -keyout private/john-smith.key -out john-smith.csr -config ca-config (use openssl to create a certificate to be used to authenticate a VPN user. the key will be written to ~/certificate-authority/private/john-smith.key and the request in ~/certificate-authority/john-smith.csr)
openssl ca -config ca-config -policy policy_anything -out certs/webserver.crt -infiles websever.csr (use the openssl ca command to sign off the webserver request. the final certificate should be stored in ~/certificate-authority/certs/webserver.crt)
openssl ca -config ca-config -policy policy_anything -out certs/john-smith.crt -infiles john-smith.csr (use the openssl ca command to sign off the second request. the final certificate should be stored in ~/certificate-authority/certs/john-smith.crt)
rm *.csr (remove the now useless certificate signining requests.)
5.4
openssl x509 -in certs/webserver.crt -noout -text (do a text dump the webserver.crt certificate.)
openssl x509 -in certs/john-smith.crt -subject -issuer -startdate -endate -noout (show the following informations from the john-smith.crt certificate : subject, issuer, startdate, enddate)
openssl verify -CAfile certs/ca.crt certs/john-smith.crt (verify the validity of the john-smith.crt certificate against your certification authority.)
5.5
openssl ca -revoke certs/john-smith.crt -config ca-config (revoke John Smith's certificate.)
openssl ca -gencrl -out crl/revoked.crl -config ca-config (to generate the certificate revokation list in ~/certificate-authority/crl/revoked.crl.)
Lab
6.1
mkdir /var/www/{www.site1.com,www.site2.com}
echo "<html><body>Welcome on site1.com</body></html>" > /var/www/www.site1.com/index.html
echo "<html><body>Welcome on site2.com</body></html>" > /var/www/www.site2.com/index.html
mkdit /var/log/apache2/{www.site1.com,ww.site2.com}
create the /etc/apache2/sites-available/www.site1.com file
create the /etc/apache2/sites-available/www.site2.com file
a2ensite www.site1.com (enable website)
a2ensite www.site2.com (enable website)
/etc/init.d/apache2 restart (restart the service)
curl www.site1.com (query your server)
curl www.site2.com (query your server)
6.2
mkdir /var/www/www.site1.com/restricted
touch /var/www/www.site1.com/restricted/{movie1.avi,movie2.avi}
mkdir /etc/apache2/users
htpasswd -bc /etc/apache2/users/site1.passwd john qwerty
htpasswd -b /etc/apache2/users/site1.passwd sarah secret
htpasswd -b /etc/apache2/users/site1.passwd bob password
/etc/init.d/apache2 restart (restart the service)
cd /var/lib/apt
ls
cd lists/
ls
rm -rf *
cd ~
info coreutils 'ls invocation'
cp -avr certificate-authority /home/supinfo/certificate/authority
This is one of the problem faced by many person’s“what if i lost the root password”First thing that comes in mind is “use single user mode” but the answer is NO.
coz debian takes the system security to one more level up and by default ask’s for the root password.
so the BIG QUESTION IS HOW TO proceed further
follow these steps
1) on grub-boot prompt.
press “e” to enter edit mode
2) then press downarrow to reach the line that starts with “kernel “
press “e” again
3) at the end of this line type in “init=/bin/sh” or “/bin/bash”
4) then press enter to make that change and press “b” to boot
in a few seconds you will be on your “#” prompt
5) only one step left
“mount -o remount rw /”
this step is necessary coz in this case root file system is mounted as read only.
6) finally type “passwd” and you get the screen to change the password
and then type in “init 6? or “reboot”
NOTE FOR TECHNICAL USERS
those who are looking for the technical details, the main work is the init command that we passed as an argument to kernel, it told kernel to specifically run the command specified in parameter instead of working on normal routine.
TRICK = if you have any program you wish to run instead of this then you can do that too using init command only.
init 0
init 6 (restart)
cd /etc/rc
cd /etc/rc0.d/
ls
cd /etc/rc1.d/
ls
cd /etc/rc6.d/
ls
/etc/inittab (to set level)
BIOS :
Bootloader :
Kernel :
init :
rc :
file (to see the filetype)
zcat file.gz > test.txt (to see the file.gz and put the content to test.txt)
cpio ()
sed (to replace the content )
pgrep (to see if a progress is ongoing)
auth required pam_wheel.so group=wheel
Linux Lab的更多相关文章
- 在虚拟机上配置linux lab的相关经验
最近一直在研究怎样在嵌入式开发板上移植linux嵌入式系统,但是不太想花费太多钱购买开发板.然后在网上搜索相关的arm模拟器.有qemu,skyeye,armulator等,在按照网上教程一步一步实践 ...
- Linux Lab and project latest
samba : start your samba service netlogon syslog vi /usr/local/samba vi /usr/samba/etc/smb.conf smbc ...
- VMware中linux硬盘空间不足的解决方法
相信很多人都和我一样是利用虚拟机安装linux的,在玩转linux的时候,可能就会遇到系统提示磁盘空间不足的情况.由于VMware中当初装系统时的设置的最大磁盘容量是不可以动态修改的,所以为我们使用带 ...
- iLinuxBot: Designing Botnets to Manage Linux Clients
转:http://www.linuxforu.com/2012/05/ilinuxbot-designing-botnets-to-manage-linux-clients/ By Nishant S ...
- 嵌入式 Linux 应用:概述
转载:http://www.ibm.com/developerworks/cn/linux/embed/embl/overview/index.html 从腕表到基于群集的超级计算机 在对嵌入式 ...
- RH033读书笔记(16)-Lab 17 Installation and Administration Tools
Lab 17 Installation and Administration Tools Goal: Become familiar with system configuration tools a ...
- Cloud Lab: 泰晓实验云台【转】
转自:http://tinylab.org/cloud-lab/ 可快速构建的计算机课程在线实验平台 由 Wu Zhangjin 创建于 2017/10/06 评论 打赏 项目描述 泰晓实验云台 项目 ...
- Linux 驱动开发
linux驱动开发总结(一) 基础性总结 1, linux驱动一般分为3大类: * 字符设备 * 块设备 * 网络设备 2, 开发环境构建: * 交叉工具链构建 * NFS和tftp服务器安装 3, ...
- CPU 多核指令 —— WFE 原理【原创】
转自:http://tinylab.org/arm-wfe/ Zhang Binghua 创作于 2020/05/19 打赏 微信公众号 知识星球 关注 @泰晓科技 与数千位一线 Linux 工程 ...
随机推荐
- 转:The Knuth-Morris-Pratt Algorithm in my own words
The Knuth-Morris-Pratt Algorithm in my own words For the past few days, I’ve been reading various ex ...
- js跨域问题的解决
js提交请求给别的应用实例或者别的服务器,由于同源策略,存在js跨域的情况,我所知道两种处理方式: 1.jquery ajax+jsonp <script type="text/jav ...
- spring mvc获取request HttpServletRequest
1.最简单的方式(注解法) 2. 直接的方法,参数中添加(response类似) package spittr.web; import static org.springframework.web.b ...
- hiho_1059_string matching content length
题目大意 两个字符串strA和strB(长度最大为2100),他们中按照顺序有一些公共的子串,且公共子串的长度大于等于3,否则不认为是合法的,比如 abcdef 和 abcxcdef, 按照顺序有合法 ...
- php输出csv文件 简单实现
<?php $list = array ( "George,John,Thomas,USA", "James,Adrew,Martin,USA", ); ...
- 快速了解AngularJs HTTP响应拦截器
任何时候,如果我们想要为请求添加全局功能,例如身份认证.错误处理等,在请求发送给服务器之前或服务器返回时对其进行拦截,是比较好的实现手段. angularJs通过拦截器提供了一个从全局层面进行处理的途 ...
- redirect模块的秘密
所有的redirect记录都在config/url_directs下面, 但是某个node/edit的redirect记录只包含redirect到自己的记录,且不验证url的合理性. 现在比如,a跳转 ...
- Fragment 笔记
1.getActivity() 为null问题 在Fragment基类里设置一个Activity mActivity的全局变量,在onAttach(Activity activity)里赋值,使用m ...
- 你不知道的JavaScript--面向对象高级程序设计
转载http://blog.csdn.net/i10630226/article/details/51088841 1. JS是基于原型的程序 建立一个简单的面向对象的类.有属性,有方法. funct ...
- vim 代码
vim函数跳转 时间:2014-05-07 14:02:12 阅读:40 ...