第十八周
Posted
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了第十八周相关的知识,希望对你有一定的参考价值。
1、实现基于mysql验证的vsftpd虚拟用户访问环境:
192.168.43.127 centos7 mysql
192.168.43.106 centos6 vsfstp pam_mysql
1、127安装数据mariadb-server
[root@mysql1 ~]#yum –y install mariadb-server
[root@mysql1 ~]# systemctl start mariadb.service
[root@mysql1 ~]#systemctl enable mariadb
2、126安装vsftp和pam_mysql
yum install vsftpd pam_mysql
service start vsftpd
chkconfig vsftpd on
3、在数据库服务器上创建虚拟用户账号
[root@mysql1 ~]# mysql -uroot -p123456
MariaDB [(none)]> CREATE DATABASE vsftpd;Query OK, 1 row affected (0.001 sec) MariaDB [(none)]> SHOW DATABASES; +--------------------+ | Database | +--------------------+ | information_schema | | mysql | | performance_schema | | vsftpd | +--------------------+
MariaDB [(none)]>** GRANT SELECT ON vsftpd.* TO vsftpd@‘192.168.43.%‘ IDENTIFIED BY ‘123456‘;** Query OK, 0 rows affected (0.233 sec)
MariaDB [(none)]>** flush privileges;** Query OK, 0 rows affected (0.133 sec)
MariaDB [(none)]> USE vsftpd;
Database changedMariaDB [vsftpd]> CREATE TABLE users ( id INT AUTO_INCREMENT NOT NULL PRIMARY KEY, name CHAR(50) BINARY NOT NULL, password CHAR(48) BINARY NOT NULL );
Query OK, 0 rows affected (0.234 sec)测试连接:
[root@centos6 ~]#mysql -uvsftpd -h192.168.43.205 -p123456 Welcome to the MySQL monitor. Commands end with ; or g.
插入用户:
MariaDB [vsftpd]> **INSERT INTO users(name,password) values(‘wang‘,password(‘123456‘));** Query OK, 1 row affected (0.038 sec) MariaDB [vsftpd]> **INSERT INTO users(name,password) values(‘li‘,password(‘123456‘)); ** Query OK, 1 row affected (0.001 sec)
MariaDB [vsftpd]> SELECT * FROM users; +----+------+-------------------------------------------+ | id | name | password | +----+------+-------------------------------------------+ | 1 | wang | *6BB4837EB74329105EE4568DDA7DC67ED2CA2AD9 | | 2 | li | *6BB4837EB74329105EE4568DDA7DC67ED2CA2AD9 | +----+------+-------------------------------------------+ 2 rows in set (0.000 sec)
4、在FTP服务器上建立pam认证所需文件
[root@centos6 ~]#vim /etc/pam.d/vsftpd.mysql
auth required pam_mysql.so user=vsftpd passwd=123456 host=192.168.43.205 db=vsftpd table=users usercolumn=name passwdcolumn=password crypt=2 account required pam_mysql.so user=vsftpd passwd=123456 host=192.168.43.205 db=vsftpd table=users usercolumn=name passwdcolumn=password crypt=2
5、FTP服务器上创建映射用户:
[root@centos6 ~]#useradd -s /sbin/nologin -d /var/ftproot vuser
[root@centos6 ~]#chmod 555 /var/ftproot
[root@centos6 ~]#mkdir /var/ftproot/{upload,pub}[root@centos6 ~]#tree -d /var/ftproot/
/var/ftproot/
├── pub
└── upload
6、配置ftp服务:
修改下列几项配置,使wang用户具有上传下载的权限,li用户使用单独的根文件夹,可以上传下载
[root@centos6 ~]#**vim /etc/vsftpd/vsftpd.conf ** anonymous_enable=YES pam_service_name=vsftpd.mysql userlist_enable=YES tcp_wrappers=YES guest_enable=YES guest_username=vuser user_config_dir=/etc/vsftpd/vusers_config [root@centos6 ~]#tree /etc/vsftpd/vusers_config/ /etc/vsftpd/vusers_config/ ├── li └── wang
wang用户配置文件 [root@centos6 vusers_config]#cat wang anon_upload_enable=YES anon_mkdir_write_enable=YES anon_other_write_enable=YES li用户配置文件 [root@centos6 vusers_config]#cat li local_root=/ftproot_li anon_upload_enable=YES anon_mkdir_write_enable=YES anon_other_write_enable=YES 创建li用户根目录 [root@centos6 ~]#setfacl -m u:vuser:rwx /var/ftproot/upload [root@centos6 ~]#mkdir /ftproot_li [root@centos6 ~]#chmod 555 /ftproot_li [root@centos6 ~]#setfacl -m u:vuser:rwx li
7、重启vsftpd
[root@centos6 ~]#service vsftpd restart
Shutting down vsftpd: [FAILED]
Starting vsftpd for vsftpd: [ OK ]
[root@centos6 ~]#chkconfig vsftpd on
8、验证:
li用户登录,根目录/ftproot_li
[root@mysql1 ~]# ftp 192.168.43.106
Name (192.168.43.106:root): li
331 Please specify the password.
230 Login successful.
ftp> cd li
250 Directory successfully changed.
ftp> put anaconda-ks.cfg
local: anaconda-ks.cfg remote: anaconda-ks.cfg
227 Entering Passive Mode (192,168,43,106,46,74).
150 Ok to send data.
226 Transfer complete.
980 bytes sent in 6.7e-05 secs (14626.86 Kbytes/sec)
ftp> get a
local: a remote: a
227 Entering Passive Mode (192,168,43,106,197,240).
150 Opening BINARY mode data connection for a (2 bytes).
226 Transfer complete.
2 bytes received in 2.1e-05 secs (95.24 Kbytes/sec)
ftp> !ls
2345 a anaconda-ks.cfg b c
wang用户登录,根目录/var/ftproot/
[root@mysql1 ~]# ftp 192.168.43.106
ftp> ls
227 Entering Passive Mode (192,168,43,106,64,16).
150 Here comes the directory listing.
drwxr-xr-x 2 0 0 4096 Apr 26 01:19 pub
drwxrwxr-x 2 0 0 4096 Apr 26 02:24 upload
226 Directory send OK.
ftp> cd upload
ftp> ls
-rw------- 1 501 501 980 Apr 26 02:24 anaconda-ks.cfg
226 Directory send OK.
ftp> put a
local: a remote: a
227 Entering Passive Mode (192,168,43,106,205,1).
150 Ok to send data.
226 Transfer complete.
2 bytes sent in 0.000109 secs (18.35 Kbytes/sec)
ftp> ls
227 Entering Passive Mode (192,168,43,106,165,68).
150 Here comes the directory listing.
-rw------- 1 501 501 2 Apr 26 02:58 a
-rw------- 1 501 501 980 Apr 26 02:24 anaconda-ks.cfg
226 Directory send OK.
2、通过NFS实现服务器/www共享访问。
环境:
nfs服务器192.168.43.197
客户端:192.168.43.205
1、nfs服务器配置
[root@197]#yum -y install nfs-utils
[root@197]#systemctl start nfs
[root@197]#systemctl enable nfs
[root@197]#mkdir /www
[root@197]#touch 197.txt
[root@197]#vim /etc/exports
/www 192.168.43.0/24(rw,no_root_squash)
43.0网络的主机都可以访问/www共享,且具有rw权限,并不对root用户进行压榨
[root@197]#exportfs -rv
exporting 192.168.43.0/24:/www
2、客户端205:
查看服务器共享信息
[root@205]# showmount -e 192.168.43.197
Export list for 192.168.43.197:
/www 192.168.43.0/24
手动挂载:[root@205 ~]# mkdir /www [root@205 ~]# touch 205.txt [root@205 ~]# mount -o hard,intr,nosuid,nodev,noexec 192.168.43.197:/www /www [root@205 ~]# df -h Filesystem Size Used Avail Use% Mounted on devtmpfs 979M 0 979M 0% /dev tmpfs 991M 0 991M 0% /dev/shm tmpfs 991M 9.6M 981M 1% /run tmpfs 991M 0 991M 0% /sys/fs/cgroup /dev/mapper/centos-root 100G 3.0G 97G 3% / /dev/sda1 497M 139M 358M 28% /boot tmpfs 199M 0 199M 0% /run/user/0 192.168.43.197:/www 100G 7.1G 93G 8% /www
[root@205 ~] ll mkdir /www
-rw-r--r-- 1 root root 0 May 2 18:13 197.txt
完成
3、配置samba共享,实现/www目录共享
环境:
samba服务器192.168.43.197
客户端:192.168.43.205
1、samba服务器配置:
[root@197 ~]#yum install samba [root@197 ~]#systemctl start smb [root@197 ~]#systemctl enable smb [root@197 ~]#groupadd -r admins [root@197 ~]#useradd -s /sbin/nologin -G admins wangyan
添加samba用户
[root@197 ~]#pdbedit -a wangyan new password: retype new password: [root@197 ~]#useradd -s /sbin/nologin -G admins lucy [root@197 ~]#smbpasswd -a lucy New SMB password: Retype new SMB password: Added user lucy. [root@197 ~]#pdbedit -L wangyan:1001: lucy:1002:
创建共享文件夹:
[root@197 ~]#mkdir /wangyanshare [root@197 ~]#touch wangyanshare.txt
编辑samba配置文件,添加配置:
[root@197 ~]#vim /etc/samba/smb.conf [wangyanshare] comment = wangyan‘s share path = /wangyanshare valid users = wangyan,@admins write list = wangyan writeable = no browseable = yes
2、客户端:
[root@205 ~]yum -y install cifs-utils samba-client
[root@205 ~]# smbclient -L 192.168.43.197 -Uwangyan
Enter SAMBAwangyan‘s password:
Sharename Type Comment
--------- ---- -------
print$ Disk Printer Drivers
wangyanshare Disk wangyan‘s share
IPC$ IPC IPC Service (Samba 4.9.1)
wangyan Disk Home Directories
手动挂载:
[root@205 ~]# mount -o username=wangyan,password=123456 //192.168.43.197/wangyanshare /mnt/wangyan [root@205 ~]# df -h Filesystem Size Used Avail Use% Mounted on devtmpfs 979M 0 979M 0% /dev tmpfs 991M 0 991M 0% /dev/shm tmpfs 991M 9.6M 981M 1% /run tmpfs 991M 0 991M 0% /sys/fs/cgroup /dev/mapper/centos-root 100G 3.0G 97G 3% / /dev/sda1 497M 139M 358M 28% /boot tmpfs 199M 0 199M 0% /run/user/0 //192.168.43.197/wangyanshare 100G 7.1G 93G 8% /mnt/wangyan
4、使用rsync+inotify实现/www目录实时同步
环境:
rsync客户端:192.168.43.197
rsync服务器:192.168.43.187
1、rsync客户端安装配置inotify:[root@187 ~]#yum -y install inotify-tools
2、配置rsync服务器:
安装rsync
[root@197 ~]#yum -y install rsync [root@197 ~]#systemctl start rsyncd [root@197 ~]#systemctl enable rsyncd
准备账号密码文件
[root@197 ~]#echo "rsyncuser:123456" > /etc/rsync.pass [root@197 ~]#chmod 600 /etc/rsync.pass
准备同步数据目录
[root@197 ~]#mkdir /backup
改rsync配置文件
[root@197 ~]#vim /etc/rsyncd.conf uid = root gid = root use chroot = no max connections = 0 ignore errors exclude = lost+found/ l og file = /var/log/rsyncd.log pid file = /var/run/rsyncd.pid lock file = /var/run/rsyncd.lock reverse lookup = no hosts allow = 192.168.43.0/24 [backup] path = /backup comment = data backup read only = no auth users = rsyncuser secrets file = /etc/rsync.pass
[root@197 ~]#systemctl restart rsyncd
3、rsync客户端:
[root@187 ~]#echo "123456" > /inotify/rsync.pass
[root@187 ~]#chmod 600 /inotify/rsync.pass
[root@187 ~]#cat /inotify/rsync.pass
123456
[root@187 ~]#vim /inotify/inotify_rsync.sh
#!/bin/bash
SRC=‘/data/test‘
DEST=‘rsyncuser@192.168.43.197::backup‘
inotifywait -mrq ${SRC} --timefmt "%F %H:%M" --format "%T %w%f event:%;e" -e create,delete,moved_to,close_write,attrib| while read DATE TIME DIR FILE;do
FILEPATH=${DIR}${FILE}
rsync -az --delete --password-file=/inotify/rsync.pass $SRC $DEST && echo "At ${TIME} on ${DATE}, file $FILEPATH was backuped up via rsync" >> /inotify/changelist.log
done
4、测试
5、使用iptable实现:?放行telnet,?ftp,?web服务,放行samba服务,其他端口服务全部拒绝
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -p tcp -m multiport --dports 80,443,21,22,23,139,445 -m state --state NEW -j ACCEPT
iptables -A INPUT -p udp -m multiport --dports 137,138 -m state --state NEW -j ACCEPT
iptables -A OUTPUT -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -P INPUT DROP
iptables -P OUTPUT DROP
架构班作业看这里:
1、安装配置promethues和alertmanager,实现对k8s的监控,并将监控数据展示到grafana
以上是关于第十八周的主要内容,如果未能解决你的问题,请参考以下文章