RHCE之路从服务器，selinux

第十一天

从服务器

在从服务器上安装bind

[root@b ~]# systemctl stop firewalld.service
[root@b ~]# setenforce 0
[root@b ~]# mount /dev/sr0 /mnt
mount: /mnt: WARNING: device write-protected, mounted read-only.
[root@b ~]# yum install bind -y

完全区域传送 ---复制整个区域文件

主服务器配置

[root@a ~]# vim /etc/named.conf

options {
        listen-on port 53 { 192.168.10.129; };
        directory       "/var/named";
        allow-query     { any; };
        allow-transfer  { 192.168.10.132; };
};
 
zone "baidu.com" IN {
        type master;
        file "named.baidu.com";
};
zone "qq.com" IN {
        type master;
        file "named.baidu.com";
};
zone "10.168.192.in-addr.arpa" IN {
        type master;
        file "named.baidu.com";
};

从服务器配置

[root@b ~]# vim /etc/named.conf

options {
        listen-on port 53 { 192.168.10.132; };
        directory       "/var/named/slaves";
};
zone "baidu.com" IN {
        type slave;
        file "named.baidu.com";
        masters { 192.168.10.129; };
};
 
zone "qq.com" IN {
        type slave;
        file "named.qq.com";
        masters { 192.168.10.129; };
};
 
zone "10.168.192.in-addr.arpa" IN {
        type slave;
        file "named.192";
        masters { 192.168.10.129; };
};

从服务器配置好后，主服务器也要重启服务

[root@a ~]# systemctl restart named

[root@b ~]# systemctl restart named

增量区域传送 --- 仅复制区域里变化的文件

主服务器

[root@a ~]# vim /var/named/named.baidu.com

$TTL 1D
@       IN      SOA     @       admin.admin.com. (
                                                        2022110401 --- 版本号+1
                                                        1M
                                                        1M
                                                        3H
                                                        1D )
                NS      dns.baidu.com.
                NS      dns.qq.com.
                NS      slave.baidu.com. --- 添加从服务器信息
                NS      slave.qq.com.
dns             A       192.168.10.129
www             A       192.168.10.100
slave           A       192.168.10.132
100             PTR     www.baidu.com.
100             PTR     www.qq.com.

 [root@a ~]# vim /var/named/named.192

$TTL 1D
@       IN      SOA     @ admin (
                                        1M
                                        1M
                                        1M
                                        3M
                                        1M )
        IN      NS      dns.baidu.com.
        IN      NS      dns.qq.com.
        IN      NS      slave.qq.com.
        IN      NS      slave.baidu.com.
132     IN      PTR     slave.baidu.com.
132     IN      PTR     slave.qq.com.
129     IN      PTR     dns.baidu.com.
129     IN      PTR     dns.qq.com.
100     IN      PTR     www.baidu.com.

配置好后，主从服务器重启服务

DNS的转发服务

 

 selinux

查看文件的安全上下文：

[root@a ~]# ls -Z
    system_u:object_r:admin_home_t:s0 anaconda-ks.cfg
unconfined_u:object_r:admin_home_t:s0 Desktop
unconfined_u:object_r:admin_home_t:s0 Documents
unconfined_u:object_r:admin_home_t:s0 Downloads
    system_u:object_r:admin_home_t:s0 initial-setup-ks.cfg
unconfined_u:object_r:admin_home_t:s0 Music
unconfined_u:object_r:admin_home_t:s0 Pictures
unconfined_u:object_r:admin_home_t:s0 Public
unconfined_u:object_r:admin_home_t:s0 Templates
unconfined_u:object_r:admin_home_t:s0 Videos

安全上下文分为四个字段

Identify：role：type： --- 最后一个字段是和MLS和MCS相关的东西，代表灵敏度，一般用s0、s1、s2来命名，数字代表灵敏 度的分级。数值越大、灵敏度越高

更改标签 --- 临时生效

[root@b ~]# ll    -Z    /var/www/html/index.html
-rw-r--r--. 1 root root unconfined_u:object_r:httpd_sys_content_t:s0 7 Nov  5 23:26 /var/www/html/index.html

[root@b ~]# chcon    -t    httpd_sys_content_t /var/www/html/index.html

[root@b ~]# ll    -Z    /var/www/html/index.html
-rw-r--r--. 1 root root unconfined_u:object_r:httpd_sys_content_t:s0 7 Nov  5 23:26 /var/www/html/index.html

回滚 --- 将标签恢复到默认值

[root@b ~]# restorecon /var/www/html/index.html

[root@b ~]# ll -Z /var/www/html/index.html
-rw-r--r--. 1 root root unconfined_u:object_r:httpd_sys_content_t:s0 7 Nov  5 23:26 /var/www/html/index.html

更改标签 --- 永久生效

[root@b ~]# semanage fcontext -a -t httpd_sys_content_t /var/www/html/index.html

在linux上配置邮件客户端

[root@a ~]# yum install mailx -y

[root@a ~]# vim /etc/mail.rc --- 在末尾添加

set from= xxxxxx@xxx.com
set smtp= smtp.xxx.com
set smtp-auth-user= xxxxxx@xxx.com
set smtp-auth-password= 邮箱的授权码
set smtp-auth=login --- 默认login

获得授权码的方式（QQ邮箱）https://jingyan.baidu.com/article/7e4409532c5d3e6ec0e2efb0.html

 如果空间不足就发邮件给邮箱的脚本

[root@a ~]# vim a.sh

mem=`df -h | grep -w / | tr -s " "   | cut -d " " -f 4 |cut -c 1-2`
if [ $mem -lt  13  ];then
 echo "空间不足" | mail -s "预警" xxxxx@xxxx.com
else
 echo "$mem=空间大小"

[root@a ~]# bash  a.sh

空间如果小于13则发送内容为“空间不足”，主题为“预警”的邮件给邮箱

 

VDO

 

stratis管理文件分层存储

# dnf install -y stratisd stratis-cli

# systemctl enable --now stratisd.service

# stratis pool create redhat /dev/nvme0n2

# 池的名字---redhat      /dev/nvme0n2---池中加入的设备

# stratis pool list

# stratis pool add-data redhat /dev/nvme0n3 --- 池中添加另一个设备

# stratis filesystem create redhat rhce --- 创建文件系统rhce

# stratis filesystem list --- 查看文件系统

# mkdir /mnt/stratis --- 创建挂载目录

# mount /stratis/redhat/rhce /mnt/stratis

# stratis filesystem create redhat rhce1 --- 一个池中可以构建多个文件系统

# stratis filesystem list redhat

# stratis filesystem snapshot redhat rhce snap01 --- 快照

# stratis filesystem list

挂载快照读取数据

# mkdir /mnt/snap

# mount /stratis/redhat/snap01 /mnt/snap/

# stratis filesystem destroy redhat rhce1 --- 删除文件系统

# stratis filesystem destroy redhat snap01

注意：文件系统需要先卸载才能删除

# umount /mnt/snap

# stratis filesystem destroy redhat snap01

删除池

# umount /mnt/snap

# stratis filesystem destroy redhat snap01

# stratis filesystem destroy redhat rhce

# stratis pool destroy redhat