Linux系统管理实战-优快云博客

本文链接：https://blog.youkuaiyun.com/bittersweet0324/article/details/69446609

1.修改时间为2016-11-01 12：06：26；
[root@localhost ~]# date 110112062016.26
Tue Nov 1 12:06:26 CST 2016
2.修改成功后按照%Y-%m-%d的格式输出，并将输出结果保存到/mnt/date.txt;
[root@localhost ~]# date +%Y-%m-%d |tee /mnt/date.txt
2016-11-01
3.查看80天以前的日期，重定向文件到/mnt/datafile,然后查看80天以后的日期，追加到/mnt/datafile;
[root@localhost ~]# date -d -80days
Sat Aug 13 12:11:24 CST 2016
[root@localhost ~]# date -d -80days >/mnt/datafile
[root@localhost ~]# date -d +80days
Fri Jan 20 12:14:04 CST 2017

[root@localhost ~]# date -d +80days >>/mnt/datafile
4.用一条命令查看/mnt/datafile文件的字节数，字符数，行数，单词数;
[root@localhost ~]# wc -clmw /mnt/datafile
2 12 58 58 /mnt/datafile
5.通过快捷方式执行最近一条含有”date“关键字的命令
[root@localhost ~]# !date
date -d +80days >>/mnt/datafile
6.用一条命令在/mnt/目录下创建文件westosX_fileY,x的取值范围为{a,b,c},Y的取值范围为8-13；
[root@localhost ~]# touch /mnt/westos{a,b,c}_file{8..13}
[root@localhost ~]# ls /mnt
datafile        westosa_file13 westosb_file11 westosb_file9   westosc_file13
westosa_file10 westosa_file8   westosb_file12 westosc_file10 westosc_file8
westosa_file11 westosa_file9   westosb_file13 westosc_file11 westosc_file9
westosa_file12 westosb_file10 westosb_file8   westosc_file12
7.将westosX_fileY的文件均移动到/tmp目录下；
[root@localhost ~]# mv /mnt/westos{a,b,c}_file{8..13} /tmp
[root@localhost ~]# ls /tmp
8.复制/etc/group文件到/mnt；
       -vim编辑该文件，复制前三行，粘贴到第五行；
       -剪贴第五行粘贴到最后一行；
       -删除倒数第三行；
       -在3-10行的最开始批量添加root单词
       -在左右分屏的情况下，将5-10行中的root替换为kiosk
       -退出左右分屏，在上下分屏的情况下替换全文的kiosk为student；
[root@localhost mnt]# cat group
root:x:0:
bin:x:1:
studentdaemonx2:
studentsys:x:3:
student
studentstudent:x:0:
studentbin:x:1:
studentdaemon:x:2:
studenttty:x:5:
studentdisk:x:6:
lp:x:7:
mem:x:8:
kmem:x:9:
wheel:x:10:student
cdrom:x:11:
mail:x:12:postfix
man:x:15:
dialout:x:18:
floppy:x:19:
games:x:20:
tape:x:30:
video:x:39:
ftp:x:50:
lock:x:54:
audio:x:63:
nobody:x:99:
users:x:100:
utmp:x:22:
utempter:x:35:
ssh_keys:x:999:
systemd-journal:x:190:
dbus:x:81:
polkitd:x:998:
avahi:x:70:
avahi-autoipd:x:170:
rpc:x:32:
dip:x:40:
cgred:x:997:
rpcuser:x:29:
nfsnobody:x:65534:
ovirtagent:x:175:
postdrop:x:90:
postfix:x:89:
sshd:x:74:
chrony:x:996:
student:x:1000:
usbmuxd:x:113:
colord:x:995:
abrt:x:173:
libstoragemgmt:x:994:
unbound:x:993:
kvm:x:36:qemu
qemu:x:107:
saslauth:x:76:
ntp:x:38:
rtkit:x:172:
radvd:x:75:
pulse-access:x:992:
pulse:x:171:
gdm:x:42:
gnome-initial-setup:x:991:
stapusr:x:156:
stapsys:x:157:
stapdev:x:158:
slocate:x:21:
adm:x:4:
9.配置vim，使其在编辑文件时拥有以下功能1：显示行号，鼠标可以操纵光标位置
[root@localhost mnt]# vim /etc/vimrc
配置以上文件在文件末尾添加上：set nu 和 setmouse=a
[root@localhost mnt]# cat /etc/vimrc
if v:lang =~ "utf8$" || v:lang =~ "UTF-8$"
   setfileencodings=ucs-bom,utf-8,latin1
endif

set nocompatible    " Use Vimdefaults (much better!)
set bs=indent,eol,start     " allowbackspacing over everything in insert mode
"set ai         " always setautoindenting on
"set backup     " keep a backupfile
set viminfo='20,\"50    "read/write a .viminfo file, don't store more
            " than 50 lines ofregisters
set history=50      " keep 50 linesof command line history
set ruler       " show the cursorposition all the time

" Only do this part when compiled with support for autocommands
if has("autocmd")
augroup redhat
autocmd!
" In text files, always limit thewidth of text to 78 characters
" autocmd BufRead *.txt settw=78
" When editing a file, always jumpto the last cursor position
autocmd BufReadPost *
\ if line("'\"") > 0&& line ("'\"") <= line("$") |
\  exe "normal! g'\"" |
\ endif
" don't write swapfile on mostcommonly used directories for NFS mounts or USB sticks
autocmd BufNewFile,BufReadPre/media/*,/run/media/*,/mnt/* set directory=~/tmp,/var/tmp,/tmp
" start with spec filetemplate
autocmd BufNewFile *.spec 0r/usr/share/vim/vimfiles/template.spec
augroup END
endif

if has("cscope") &&filereadable("/usr/bin/cscope")
   set csprg=/usr/bin/cscope
   set csto=0
set nu
set mouse=a
   set cst
   set nocsverb
   " add any database in currentdirectory
   iffilereadable("cscope.out")
      cs add $PWD/cscope.out
   " else add database pointed to byenvironment
   elseif $CSCOPE_DB !=""
      cs add $CSCOPE_DB
   endif
   set csverb
endif

" Switch syntax highlighting on, when the terminal has colors
" Also switch on highlighting the last used search pattern.
if &t_Co > 2 || has("gui_running")
syntax on
set hlsearch
endif

filetype plugin on

if &term=="xterm"
     set t_Co=8
     set t_Sb=[4%dm
     set t_Sf=[3%dm
endif

" Don't wake up system with blinking cursor:
" http://www.linuxpowertop.org/known.php
let &guicursor = &guicursor . ",a:blinkon0"
set nu
set mouse=a
10.用户与用户组操作
- 创建用户组phone,指定gid为888,下面新建用户均属于phone用户组;
- 创建用户mi,设置uid=1800,shell类型为/bin/sh;
- 创建用户iphone,设置uid=1801,用户描述为“User iphone“;
- 创建用户huawei,设置用户描述为“华为”,用户家目录为/huawei;
**因业务需要,执行以下操作:
- 修改用户mi的uid为1700,shell另外类型为/sbin/nologin;
- 修改用户iphone的用户描述为“苹果手机”;
- 修改用户huawei的用户家目录为/home/huawei;
[root@localhost ~]# groupadd -g 888 phone
[root@localhost ~]# useradd -u 1800 mi
[root@localhost ~]# usermod -s /bin/sh mi
[root@localhost ~]# usermod -aG phone mi
[root@localhost ~]# useradd -u 1801 iphone
[root@localhost ~]# usermod -c User iphone iphone
[root@localhost ~]# usermod -aG phone iphone
[root@localhost ~]# useradd -c 华为 huawei
[root@localhost ~]# usermod -d /huawei huawei
[root@localhost ~]# usermod -aG phone huawei
[root@localhost ~]# usermod -s /sbin/nologin mi
[root@localhost ~]# usermod -u 1700 mi
[root@localhost ~]# usermod -c 苹果手机 iphone
[root@localhost ~]# usermod -d /home/huawei huawei
11.（密码管理）某管理员建立一用来管理帐号的用户admin,满足以下条件
    -uid=7777,gid=7777,用户描述为“系统管理员"；
    -新建用户组bank1,bank2,使新建的用户为admin用户的附加组；
    -设置admin用户的密码为”adminpasswd“；
    -修改密码使用天数为0，使该用户首次登陆必须改密码；
    -修改密码最短有效期为7，使该用户设置密码等待7天后才可以再次更改；
    -给admin用户下方权限，使得该用户可以新建用户（无密码方式）。
[root@localhost ~]# useradd -u 7777 admin
[root@localhost ~]# usermod -c 系统管理员 admin
[root@localhost ~]# groupadd bank1
[root@localhost ~]# groupadd bank2
[root@localhost ~]# usermod -aG bank1 admin
[root@localhost ~]# usermod -aG bank2 admin
[root@localhost ~]# echo adminpasswd | passwd --stdin admin
Changing password for user admin.
passwd: all authentication tokens updated successfully.
[root@localhost ~]# chage -d 0 admin
[root@localhost ~]# passwd -n 7 admin
[root@localhost ~]# vim /etc/sudoers
其中编辑##Allow user admin to create user
admin localhost=(root) NOPASSWD: /usr/sbin/useradd
[root@localhost ~]# su - admin
Last login: Tue Apr 4 05:38:56 EDT 2017on pts/0
[admin@localhost ~]$ sudo /usr/sbin/useradd linux
12.创建一公共目录/pubdir，使得所有用户均可以向该目录写入内容，但是只能删除属于自己的文件或者目录。
[root@localhost ~]# mkdir /pubdir
[root@localhost ~]# chmod 1777 /pubdir/
13.显示cpu使用量前五的pid，并重定向到文件/mnt/pidfile中；
[root@localhost ~]# ps ax -o pid --sort -%cpu | grep PID -v | head -n 5>/mnt/pidfile
14.显示试图登陆你主机但没有成功登录的用户，保存到/mnt/login_fail.text文件中；
[root@localhost ~]# lastb
root     ssh:notty    172.25.254.61    Tue Apr 4 04:43 - 04:43 (00:00)
root     :0           :0               Mon Apr 3 04:39 - 04:39 (00:00)

btmp begins Mon Apr 3 04:39:092017
[root@localhost ~]# lastb >/mnt/login_fail.text
[root@localhost ~]# cat/mnt/login_fail.text
-bash: cat/mnt/login_fail.text: No such file or directory
[root@localhost ~]# cat /mnt/login_fail.text
root     ssh:notty    172.25.254.61    Tue Apr 4 04:43 - 04:43 (00:00)
root     :0           :0               Mon Apr 3 04:39 - 04:39 (00:00)
15.设置ssh服务器端，不允许通过密码认证进行远程连接
[root@localhost ~]# vim /etc/ssh/sshd_config
PasswordAuthentication yes改为PasswordAuthenticationno
[root@localhost ~]# systemctl restart sshd.serivice
16.打包压缩/mnt下的文件为tar.gz格式，实现无密码（即通过密钥认证）发送压缩包到真机kiosk用户的桌面；
[root@localhost mnt]# tar zcf mnt.tar.gz/mnt
[root@localhost mnt]# ls
group login_fail.text mnt.tar.gz pidfile
[root@localhost mnt]# ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
e5:02:87:87:c1:98:ba:39:09:e9:fa:3a:28:cc:c6:c8 root@localhost
The key's randomart image is:
+--[ RSA 2048]----+
|     +.          |
|    o .+         |
| . . + o .      |
|o .    + o       |
|.. +    S .      |
| .=      .       |
|O .             |
|*E               |
|++.              |
+-----------------+
[root@localhost /]# ssh-copy-id -i /root/.ssh/id_rsa.pub root@172.25.254.163
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filterout any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you areprompted now it is to install the new keys
root@172.25.254.163's password:

Number of key(s) added: 1

Now try logging into the machine, with:  "ssh 'root@172.25.254.163'"
and check to make sure that only the key(s) you wanted were added.

[root@localhost ~]# scp /root/.ssh/id_rsa root@172.25.254.61:/root/.ssh/
root@172.25.254.61's password:
id_rsa                                 100% 1675     1.6KB/s   00:00
[root@localhost ~]# exit
logout
Connection to 172.25.254.163 closed.
[root@foundation61 Desktop]# ssh root@172.25.254.163
Last login: Tue Apr 4 08:20:07 2017 from172.25.254.61
[root@localhost ~]#
[root@localhost ~]# cd /mnt/
[root@localhost mnt]# scp /mnt/mnt.tar.gzkiosk@172.25.254.61:/home/kiosk/Desktop
kiosk@172.25.254.61's password:
Permission denied, please try again.
kiosk@172.25.254.61's password:
mnt.tar.gz                             100% 3671     3.6KB/s   00:00
17.实现你的主机与172.25.254.250主机实现同步
（1）服务端
[root@foundation250 Desktop] # vim /etc/chrony.conf
# Allow NTP client access from local network.
allow 172.25.254.61/24
# Listen for commands only on localhost.
bindcmdaddress 127.0.0.1
bindcmdaddress ::1
# Serve time even if not synchronized to any NTP server.
local stratum 10
（2）客户端
[root@foundation61 Desktop] # vim /etc/chrony.conf
# Use public servers from the pool.ntp.org project.
# Please consider joining the pool (http://www.pool.ntp.org/join.html).
# Use public servers from the pool.ntp.org project.
# Please consider joining the pool (http://www.pool.ntp.org/join.html).
server 172.25.254.250 iburst
设置后重启
（3）测试
[root@foundation61 Desktop]# chronyc sources -v
210 Number of sources = 1

.-- Source mode '^' = server, '=' = peer, '#' = localclock.
/ .- Source state '*' = current synced,'+' = combined , '-' = not combined,
| /   '?' = unreachable, 'x' = time maybe in error, '~' = time too variable.
||                                                .- xxxx [ yyyy ] +/- zzzz
||                                               /   xxxx = adjusted offset,
||         Log2(Polling interval) -.             |    yyyy = measured offset,
||                                 \            |    zzzz = estimated error.
||                                  |           |
MS Name/IP address         Stratum PollReach LastRx Last sample
===============================================================================
^* 172.25.254.61                  10   6  377    41   +170us[ +201us] +/- 191us
18.设置你主机的时区为africa/conakry
[root@localhost mnt]# timedatectl set-timezone Africa/Conakry
[root@localhost mnt]# timedatectl status
      Local time: Tue 2017-04-04 12:52:16GMT
Universal time: Tue 2017-04-04 12:52:16UTC
        RTC time: Tue 2017-04-0412:52:16
        Timezone: Africa/Conakry (GMT,+0000)
     NTP enabled: yes
NTP synchronized: no
RTC in local TZ: no
      DST active: n/a
19.将你主机上的所有日至信息同步到真机上；
[root@localhost ~]# vim /etc/rsyslog.conf
修改*.*            @172.25.254.61
[root@localhost ~]# systemctl stop firewalld.serivice
[root@localhost ~]# systemctl restart rsyslog.serivice
[root@localhost ~]# >/var/log/messages
[root@foundation61 Desktop]# vim/etc/rsyslog.conf
取消“#”
$ModLoad imudp
$UDPServerRun 514
[root@foundation61 Desktop]# systemctl stop firewalld.serivice
[root@foundation61 Desktop]# systemctl restart rsyslog.serivice
[root@foundation61 Desktop]# >/var/log/messages
[root@localhost ~]# logger test message
[root@foundation61 Desktop]# tail -f /var/log/messages
20.通过nmcli命令设置你真机ip为172.25.254.161，网关为172.25.254.250
[root@localhost ~]# nmcli connection add type ethernet con-namewestos ifname eth0 ip4 172.25.254.161/24 gw4 172.25.254.250
[root@localhost ~]# ifconfig
[root@localhost ~]# systemctl stopNetwrokManager
[root@localhost ~]# systemctl restartnetwork
[root@localhost ~]# route -n
21.通过管理配置文件设置你主机dhcp获取ip
[root@localhost ~]# mkdir /iso
[root@localhost ~]# mkdir /rhel7.2
[root@localhost ~]# scp root@172.25.254.61:/home/kiosk/Desktop/脚本和镜像/rhel-server-7.2-x86_64-dvd.iso /iso
root@172.25.254.61's password:
rhel-server-7.2-x86_64-dvd.iso               100% 3856MB 26.6MB/s   02:25
[root@localhost ~]# mount /dev/cdrom /rhel7.2/
mount: /dev/sr0 is write-protected, mounting read-only
[root@localhost ~]# vim /etc/yum.repos.d/yum.repo
[root@localhost dhcp]# cat /etc/yum.repos.d/yum.repo
[WESTOS]
name=rhel7.2
baseurl=file:///rhel7.2
gpgcheck=0
[root@localhost ~]# yum clean all
Loaded plugins: product-id, search-disabled-repos, subscription-manager
This system is not registered to Red Hat Subscription Management. You can usesubscription-manager to register.
Cleaning repos: WESTOS
Cleaning up everything
[root@localhost ~]# systemctl install httpd
[root@localhost ~]# systemctl start httpd
[root@localhost ~]# systemctl stop firewalld
[root@localhost ~]# systemctl enable httpd
[root@localhost ~]# systemctl disable firewalld
[root@localhost ~]# mkdir /var/www/html/rhel7.2
[root@localhost ~]# umount /rhel7.2
[root@localhost ~]# mount /iso/rhel-server-7.2-x86_64-dvd.iso/var/www/html/rhel7.2/
mount: /dev/loop0 is write-protected, mounting read-only
[root@localhost ~]# vim /etc/rc.d/rc.local
[root@localhost dhcp]# cat /etc/rc.d/rc.local
#!/bin/bash
# THIS FILE IS ADDED FOR COMPATIBILITY PURPOSES
#
# It is highly advisable to create own systemd services or udev rules
# to run scripts during boot instead of using this file.
#
# In contrast to previous versions due to parallel execution during boot
# this script will NOT be run after all other services.
#
# Please note that you must run 'chmod +x /etc/rc.d/rc.local' to ensure
# that this script will be executed during boot.

touch /var/lock/subsys/local
mount /iso/rhel-server-7.2-x86_64-dvd.iso /var/www/html/rhel7.2
[root@localhost ~]# setenforce 0
[root@localhost ~]# vim /etc/yum.repos.d/yum.repo
[root@localhost dhcp]# cat/etc/yum.repos.d/yum.repo
[WESTOS]
name=rhel7.2
baseurl=file:///var/www/html/rhel7.2
gpgcheck=0

[root@localhost ~]# yum search dhcp
Loaded plugins: product-id, search-disabled-repos, subscription-manager
This system is not registered to Red Hat Subscription Management. You can usesubscription-manager to register.
============================== N/S matched: dhcp===============================
dhcp-common.x86_64 : Common files used by ISC dhcp client and server
dhcp-libs.i686 : Shared libraries used by ISC dhcp client and server
dhcp-libs.x86_64 : Shared libraries used by ISC dhcp client and server
dhclient.x86_64 : Provides the ISC DHCP client daemon and dhclient-script
dhcp.x86_64 : Dynamic host configuration protocol software
dnsmasq.x86_64 : A lightweight DHCP/caching DNS server

Name and summary matches only, use"search all" for everything.
[root@localhost dhcp]# yum install dhcp
[root@localhost dhcp]# vim dhcpd.conf
[root@localhost dhcp]# cp /usr/share/doc/dhcp-4.2.5/dhcpd.conf.example/etc/dhcp/dhcpd.conf
cp: overwrite ‘/etc/dhcp/dhcpd.conf’? y
[root@localhost dhcp]# vim dhcpd.conf
[root@localhost dhcp]# cat dhcpd.conf
# dhcpd.conf
#
# Sample configuration file for ISC dhcpd
#

# option definitions common to all supported networks...
option domain-name "example.com";
option domain-name-servers 172.25.254.254

default-lease-time 600;
max-lease-time 7200;

# Use this to enble / disable dynamic dns updates globally.
#ddns-update-style none;

# If this DHCP server is the official DHCP server for the local
# network, the authoritative directive should be uncommented.
#authoritative;

# Use this to send dhcp log messages to a different log file (you also
# have to hack syslog.conf to complete the redirection).
log-facility local7;

# No service will be given on this subnet, but declaring it helps the
# DHCP server to understand the network topology.

}

# This is a very basic subnet declaration.

subnet 172.25.254.0 netmask 255.255.255.0 {
range 172.25.254.120172.25.254.150;
option routers 172.25.254.111
}
[root@localhost dhcp]# systemctl start dhcpd
在测试端设置获取ip获取方式为自动获取。
[root@localhost ～]# systemctl restart network
[root@localhost ～]# ifconfig
22.搭建本地yum仓库，可用yum安装lftp与vsftpd软件，安装后卸载vstftpd软件
[root@localhost ~]# mkdir /iso
[root@localhost ~]# mkdir /rhel7.2
[root@localhost ~]# scp root@172.25.254.61:/home/kiosk/Desktop/脚本和镜像/rhel-server-7.2-x86_64-dvd.iso /iso
root@172.25.254.61's password:
rhel-server-7.2-x86_64-dvd.iso               100% 3856MB 26.6MB/s   02:25
[root@localhost ~]# mount /dev/cdrom /rhel7.2/
mount: /dev/sr0 is write-protected, mounting read-only
[root@localhost ~]# vim /etc/yum.repos.d/yum.repo
[root@localhost dhcp]# cat /etc/yum.repos.d/yum.repo
[WESTOS]
name=rhel7.2
baseurl=file:///rhel7.2
gpgcheck=0
[root@localhost ~]# yum clean all
Loaded plugins: product-id, search-disabled-repos, subscription-manager
This system is not registered to Red Hat Subscription Management. You can usesubscription-manager to register.
Cleaning repos: WESTOS
Cleaning up everything
[root@localhost ~]# yum install lftp -y
[root@localhost ~]# yum install vsftpd -y
[root@localhost ~]# yum -y remove vsftpd