第二十三周作业
Posted dcdc5999
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了第二十三周作业相关的知识,希望对你有一定的参考价值。
1、实现基于mysql验证的vsftpd虚拟用户访问
mysql服务器
1.安装mariadb-server
[root@zuoye1 ~]# yum install -y mariadb-server
[root@zuoye1 ~]# systemctl start mariadb
2.在数据库上建立验证用数据库和表
[root@zuoye1 ~]# mysql
MariaDB [(none)]> create database vsftpd;
Query OK, 1 row affected (0.00 sec)
MariaDB [(none)]> use vsftpd
Database changed
MariaDB [vsftpd]> create table user(id int auto_increment not null primary key, name char(30) binary not null,password char(40) binary not null);
Query OK, 0 rows affected (0.30 sec)
添加用户
MariaDB [vsftpd]> insert into user(name,password) values(\'ftp_zhao\',password(\'123456\'));
MariaDB [vsftpd]> insert into user(name,password) values(\'ftp_qian\',password(\'123456\'));
创建数据库用户
MariaDB [vsftpd]> GRANT SELECT ON vsftpd.* TO vsftpd@\'10.0.0.%\' IDENTIFIED BY \'123456\';
MariaDB [vsftpd]> FLUSH PRIVILEGES;
VSFTPD服务器
3.安装vsftpd和pam_mysql
[root@zuoye2 ~]# yum install -y vsftpd
[root@zuoye2 ~]# yum -y install vsftpd gcc gcc-c++ make mariadb-devel pam-devel
[root@zuoye2 ~]# wget http://prdownloads.sourceforge.net/pam-mysql/pam_mysql-0.7RC1.tar.gz
[root@zuoye2 ~]# tar xvf pam_mysql-0.7RC1.tar.gz
[root@zuoye2 ~]# cd pam_mysql-0.7RC1
[root@zuoye2 pam_mysql-0.7RC1]#./configure --with-pam-mods-dir=/lib64/security
[root@zuoye2 pam_mysql-0.7RC1]# make install
4.编辑文件
[root@zuoye2 pam_mysql-0.7RC1]# cat /etc/pam.d/vsftpd.mysql
auth required pam_mysql.so user=vsftpd passwd=123456 host=10.0.0.100 db=vsftpd
table=user usercolumn=name passwdcolumn=password crypt=2
account required pam_mysql.so user=vsftpd passwd=123456 host=10.0.0.100
db=vsftpd table=user usercolumn=name passwdcolumn=password crypt=2
5.建立相应用户和vsftpd配置文件
[root@zuoye2 pam_mysql-0.7RC1]# useradd -s /sbin/nologin -d /data/ftp -r vuser
[root@zuoye2 pam_mysql-0.7RC1]# mkdir -pv /data/ftp/upload
[root@zuoye2 pam_mysql-0.7RC1]# setfacl -m u:vuser:rwx /data/ftp/upload
[root@zuoye2 pam_mysql-0.7RC1]# vi /etc/vsftpd/vsftpd.conf
anonymous_enable=YES
guest_enable=YES
guest_username=vuser
pam_service_name=vsftpd.mysql
user_config_dir=/etc/vsftpd/conf.d/
[root@zuoye2 pam_mysql-0.7RC1]# systemctl start vsftpd
6.配置不同用户的不同权限
[root@zuoye2 ~]# mkdir /etc/vsftpd/conf.d
[root@zuoye2 ~]# cat /etc/vsftpd/conf.d/ftp_zhao
anon_upload_enable=YES
anon_mkdir_write_enable=YES
anon_other_write_enable=YES
local_root=/data/ftp2、通过NFS实现服务器/www共享访问。
NFSserver
1.创建用户和目录
[root@zuoye1 ~]# mkdir /www
[root@zuoye1 ~]# chmod -R 777 /www
[root@zuoye1 ~]# yum -y install nfs-utils
[root@zuoye1 ~]# cat /etc/exports
/www *(rw)
[root@zuoye1 ~]# exportfs -r
[root@zuoye1 ~]# systemctl start nfs
NFSclient
[root@zuoye2 home]# mkdir /www
[root@zuoye2 home]# yum -y install nfs-utils
[root@zuoye2 home]# mount 10.0.0.100:/www /www
3、配置samba共享,实现/www目录共享
服务器端
安装软件
[root@zuoye1 ~]# yum install -y samba
创建用户和组
[root@zuoye1 ~]# groupadd -r samgroup
[root@zuoye1 ~]# useradd -s /sbin/nologin -G samgroup sam
[root@zuoye1 ~]# smbpasswd -a sam
创建目录
[root@zuoye1 ~]# mkdir /www
[root@zuoye1 ~]# chgrp samgroup /www
[root@zuoye1 ~]# chmod 2775 /www
[root@zuoye1 ~]# ls /www
s1
服务器配置
[root@zuoye1 ~]# cat /etc/samba/smb.conf
[share]
path = /www
write list =@samgroup
[root@zuoye1 ~]# systemctl start smb nmb
客户端
安装软件
[root@zuoye2 ~]# yum install -y cifs-utils
创建目录
[root@zuoye2 ~]# mkdir /www
[root@zuoye2 ~]# mount -o username=sam //10.0.0.100/share /www
测试
[root@zuoye2 ~]# ls /www
s1
[root@zuoye2 ~]# touch /www/s2
[root@zuoye2 ~]# ls -l /www
total 0
-rw-r--r-- 1 1001 995 0 Sep 8 09:06 s1
-rw-r--r-- 1 1001 995 0 Sep 8 09:07 s2
[root@zuoye1 ~]# ls -ltr /www
total 0
-rw-r--r--. 1 sam samgroup 0 Sep 8 09:06 s1
-rw-r--r--. 1 sam samgroup 0 Sep 8 09:07 s2
4、使用rsync+inotify实现/www目录实时同步
服务器端
安装软件
添加源
[root@zuoye1 ~]# wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo
[root@zuoye1 ~]# yum install -y rsync
[root@zuoye1 ~]# yum install -y inotify-tools
配置文件
[root@zuoye1 ~]# cat /etc/rsyncd.conf
uid = root
gid = root
max connections = 0
ignore errors
exclude = lost+found/
log file = /var/log/rsyncd.log
pid file = /var/run/rsyncd.pid
lock file = /var/run/rsyncd.lock
reverse lookup = no
hosts allow = 10.0.0.0/24
[www]
path = /www
comment = backip dir
read only = no
auth users = rsyncuser
secrets file = /etc/rsync.pas
生成验证文件
[root@zuoye1 ~]# echo "rsyncuser:123456" > /etc/rsync.pas
[root@zuoye1 ~]# chmod 600 /etc/rsync.pas
[root@zuoye1 ~]# systemctl start rsyncd
客户端
配置验证文件
[root@zuoye2 ~]# echo "123456" > /etc/rsync.pas
[root@zuoye2 ~]# chmod 600 /etc/rsync.pas
[root@zuoye2 ~]# yum install -y rsync
[root@zuoye2 ~]# rsync rsync://10.0.0.100
www backip dir
测试
[root@zuoye2 ~]# rsync -avz --delete --password-file=/etc/rsync.pas /www/ rsyncuser@10.0.0.100::www
sending incremental file list
./
sent 51 bytes received 19 bytes 140.00 bytes/sec
total size is 0 speedup is 0.00在客户端上创建脚本实现实时同步,将客户端的/www目录实时同步到服务器的/www目录下
[root@zuoye2 www]# cat /root/rsync.sh
#!/bin/bash
SRC=\'/www/\'
DEST=\'rsyncuser@10.0.0.100::www\'
rpm -q rsync &> /dev/null || yum -y install rsync
inotifywait -mrq --exclude=".*\\.swp" --timefmt \'%Y-%m-%d %H:%M:%S\' --format \'%T %w %f\' -e create,delete,moved_to,close_write,attrib ${SRC} |while read DATE TIME DIR FILE;do
FILEPATH=${DIR}${FILE}
rsync -avz --delete --password-file=/etc/rsync.pas $SRC $DEST && echo "At ${TIME} on ${DATE}, file $FILEPATH was backuped up via rsync" >> /var/log/changelist.log
done
5、使用iptable实现: 放行telnet, ftp, web服务,放行samba服务,其他端口服务全部拒绝
[root@zuoye1 ~]#iptables -A INPUT -p tcp -m multiport --dports 20,21,22,23,80,139,445 -j ACCEPT
[root@zuoye1 ~]#iptables -A INPUT -p udp -m multiport --dports 137,138 -j ACCEPT
[root@zuoye1 ~]#iptables -A INPUT -j REJECT
[root@zuoye1 ~]# iptables -vnL
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
280 14996 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 multiport dports 20,21,23,80,139,445
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 multiport dports 137,138
27 3150 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable
以上是关于第二十三周作业的主要内容,如果未能解决你的问题,请参考以下文章