2018年全国职业技能大赛服务器部分-样题B卷（涉及LVM、RAID、HTTP、DNS主从、FTP）_综合

此篇为2018年国赛系列第二篇文章，至对于样题B卷服务器部分实现，现将涉及到的技术分享给大家。如有不妥或需改善之处，请各位多多指教。

联系方式为（VX：Yvresse_ai）

环境说明：

云平台：RG-JCOS 操作系统：Centos7

样题B卷服务网络Topo：

样题B卷服务系统Topo:

A网卡信息及主机名：

[root@a ~]# ip add
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00inet 127.0.0.1/8 scope host lovalid_lft forever preferred_lft foreverinet6 ::1/128 scope host valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000link/ether fa:16:3e:d6:36:b5 brd ff:ff:ff:ff:ff:ffinet 192.168.1.22/24 brd 192.168.1.255 scope global dynamic eth0valid_lft 86269sec preferred_lft 86269secinet6 fe80::f816:3eff:fed6:36b5/64 scope link valid_lft forever preferred_lft forever
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000link/ether fa:16:3e:29:84:4d brd ff:ff:ff:ff:ff:ffinet 192.168.2.22/24 brd 192.168.2.255 scope global eth1valid_lft forever preferred_lft foreverinet6 fe80::f816:3eff:fe29:844d/64 scope link valid_lft forever preferred_lft forever
[root@a ~]# hostname
a

B网卡信息及主机名：

[root@b ~]# ip add
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00inet 127.0.0.1/8 scope host lovalid_lft forever preferred_lft foreverinet6 ::1/128 scope host valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000link/ether fa:16:3e:a8:82:98 brd ff:ff:ff:ff:ff:ffinet 192.168.1.33/24 brd 192.168.1.255 scope global dynamic eth0valid_lft 86357sec preferred_lft 86357secinet6 fe80::f816:3eff:fea8:8298/64 scope link valid_lft forever preferred_lft forever
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000link/ether fa:16:3e:d0:75:2f brd ff:ff:ff:ff:ff:ffinet 192.168.2.33/24 brd 192.168.2.255 scope global eth1valid_lft forever preferred_lft foreverinet6 fe80::f816:3eff:fed0:752f/64 scope link valid_lft forever preferred_lft forever
[root@b ~]# hostname
b

A创建软RAID要求如下：

1：创建RAID5阵列使用两块云硬盘，设备文件名为md0

2：格式化为XFS格式使用UUID实现自动挂载

配置本地YUM源：

2：挂载镜像，创建本地YUM源配置文件

3：测试本地YUM源

[root@a ~]# mkdir /mnt/cdrom
[root@a ~]# mkdir /opt/copy

镜像挂载至本地挂载目录：

[root@a ~]# mount /root/CentOS-7-x86_64-DVD-1511.iso /mnt/cdrom/
mount: /dev/loop0 写保护，将以只读方式挂载

备份YUM源文件及创建本地YUM源配置文件：

[root@a ~]# mv /etc/yum.repos.d/* /opt/copy/
[root@a ~]# vim /etc/yum.repos.d/dvd.repo

[dvd]
name=dvd
baseurl=file:///mnt/cdrom

测试：

[root@a ~]# yum repolist
已加载插件：fastestmirror
dvd                                                                                                                                                                                                                  | 3.6 kB  00:00:00     
(1/2): dvd/group_gz                                                                                                                                                                                                  | 155 kB  00:00:00     
(2/2): dvd/primary_db                                                                                                                                                                                                | 2.8 MB  00:00:00     
Determining fastest mirrors
源标识                                                                                                               源名称                                                                                                            状态
dvd                                                                                                                  dvd                                                                                                               3,723
repolist: 3,723

查看挂载的三块云硬盘：

[root@a ~]# fdisk -l磁盘 /dev/vda：53.7 GB, 53687091200 字节，104857600 个扇区
Units = 扇区 of 1 * 512 = 512 bytes
扇区大小(逻辑/物理)：512 字节 / 512 字节
I/O 大小(最小/最佳)：512 字节 / 512 字节
磁盘标签类型：dos
磁盘标识符：0x000b2200设备 Boot      Start         End      Blocks   Id  System
/dev/vda1   *        2048     1026047      512000   83  Linux
/dev/vda2         1026048   104857599    51915776   8e  Linux LVM磁盘 /dev/mapper/centos-root：47.7 GB, 47747956736 字节，93257728 个扇区
Units = 扇区 of 1 * 512 = 512 bytes
扇区大小(逻辑/物理)：512 字节 / 512 字节
I/O 大小(最小/最佳)：512 字节 / 512 字节磁盘 /dev/mapper/centos-swap：5368 MB, 5368709120 字节，10485760 个扇区
Units = 扇区 of 1 * 512 = 512 bytes
扇区大小(逻辑/物理)：512 字节 / 512 字节
I/O 大小(最小/最佳)：512 字节 / 512 字节磁盘 /dev/vdb：10.7 GB, 10737418240 字节，20971520 个扇区
Units = 扇区 of 1 * 512 = 512 bytes
扇区大小(逻辑/物理)：512 字节 / 512 字节
I/O 大小(最小/最佳)：512 字节 / 512 字节磁盘 /dev/vdc：10.7 GB, 10737418240 字节，20971520 个扇区
Units = 扇区 of 1 * 512 = 512 bytes
扇区大小(逻辑/物理)：512 字节 / 512 字节
I/O 大小(最小/最佳)：512 字节 / 512 字节磁盘 /dev/vdd：10.7 GB, 10737418240 字节，20971520 个扇区
Units = 扇区 of 1 * 512 = 512 bytes
扇区大小(逻辑/物理)：512 字节 / 512 字节
I/O 大小(最小/最佳)：512 字节 / 512 字节

下载安装mdadm：

[root@a ~]# yum install mdadm* -y >/dev/null

按照题目要求三块云硬盘，两块做RAID5还有一块没要求姑且认为是热备吧

RAID5最少是需要三块的，但题目要求两块盘做，所以我只好取其中一块盘做两个分区，然后合成RAID5（此处我也是不太理解为何要求两块盘，有清楚的小伙伴可以联系我）

将其中一块磁盘分区：

[root@a ~]# fdisk /dev/vdb 
欢迎使用 fdisk (util-linux 2.23.2)。更改将停留在内存中，直到您决定将更改写入磁盘。
使用写入命令前请三思。Device does not contain a recognized partition table
使用磁盘标识符 0xcce723fe 创建新的 DOS 磁盘标签。命令(输入 m 获取帮助)：m
命令操作a   toggle a bootable flagb   edit bsd disklabelc   toggle the dos compatibility flagd   delete a partitiong   create a new empty GPT partition tableG   create an IRIX (SGI) partition tablel   list known partition typesm   print this menun   add a new partitiono   create a new empty DOS partition tablep   print the partition tableq   quit without saving changess   create a new empty Sun disklabelt   change a partition's system idu   change display/entry unitsv   verify the partition tablew   write table to disk and exitx   extra functionality (experts only)命令(输入 m 获取帮助)：n
Partition type:p   primary (0 primary, 0 extended, 4 free)e   extended
Select (default p): p
分区号 (1-4，默认 1)：1
起始 扇区 (2048-20971519，默认为 2048)：+5G
Last 扇区, +扇区 or +size{K,M,G} (10485760-20971519，默认为 20971519)：
将使用默认值 20971519
分区 1 已设置为 Linux 类型，大小设为 5 GiB命令(输入 m 获取帮助)：w
The partition table has been altered!Calling ioctl() to re-read partition table.
正在同步磁盘。
[root@a ~]# fdisk /dev/vdb 
欢迎使用 fdisk (util-linux 2.23.2)。更改将停留在内存中，直到您决定将更改写入磁盘。
使用写入命令前请三思。命令(输入 m 获取帮助)：m
命令操作a   toggle a bootable flagb   edit bsd disklabelc   toggle the dos compatibility flagd   delete a partitiong   create a new empty GPT partition tableG   create an IRIX (SGI) partition tablel   list known partition typesm   print this menun   add a new partitiono   create a new empty DOS partition tablep   print the partition tableq   quit without saving changess   create a new empty Sun disklabelt   change a partition's system idu   change display/entry unitsv   verify the partition tablew   write table to disk and exitx   extra functionality (experts only)命令(输入 m 获取帮助)：n
Partition type:p   primary (1 primary, 0 extended, 3 free)e   extended
Select (default p): p
分区号 (2-4，默认 2)：2
起始 扇区 (2048-20971519，默认为 2048)：
将使用默认值 2048
Last 扇区, +扇区 or +size{K,M,G} (2048-10485759，默认为 10485759)：
将使用默认值 10485759
分区 2 已设置为 Linux 类型，大小设为 5 GiB命令(输入 m 获取帮助)：w
The partition table has been altered!Calling ioctl() to re-read partition table.
正在同步磁盘。

查看分区：


磁盘 /dev/vdb：10.7 GB, 10737418240 字节，20971520 个扇区
Units = 扇区 of 1 * 512 = 512 bytes
扇区大小(逻辑/物理)：512 字节 / 512 字节
I/O 大小(最小/最佳)：512 字节 / 512 字节
磁盘标签类型：dos
磁盘标识符：0xcce723fe设备 Boot      Start         End      Blocks   Id  System
/dev/vdb1        10485760    20971519     5242880   83  Linux
/dev/vdb2            2048    10485759     5241856   83  Linux

创建软RAID：

[root@a ~]# mdadm -C /dev/md0 -l 5 -n 3 /dev/vdb1 /dev/vdb2 /dev/vdc1 -x 1 /dev/vdd1
mdadm: largest drive (/dev/vdc1) exceeds size (5237760K) by more than 1%
Continue creating array? y
mdadm: Defaulting to version 1.2 metadata
mdadm: array /dev/md0 started.

查看RAID:

磁盘 /dev/md0：10.7 GB, 10726932480 字节，20951040 个扇区
Units = 扇区 of 1 * 512 = 512 bytes
扇区大小(逻辑/物理)：512 字节 / 512 字节
I/O 大小(最小/最佳)：524288 字节 / 1048576 字节

[root@a ~]# mdadm --detail /dev/md0 
/dev/md0:Version : 1.2Creation Time : Mon Apr 15 21:20:17 2019Raid Level : raid5Array Size : 10475520 (9.99 GiB 10.73 GB)Used Dev Size : 5237760 (5.00 GiB 5.36 GB)Raid Devices : 3Total Devices : 4Persistence : Superblock is persistentUpdate Time : Mon Apr 15 21:22:02 2019State : clean Active Devices : 3
Working Devices : 4Failed Devices : 0Spare Devices : 1Layout : left-symmetricChunk Size : 512KName : a:0  (local to host a)UUID : 10ebd410:b2a1fbde:ebb1acb8:d816df09Events : 18Number   Major   Minor   RaidDevice State0     252       17        0      active sync   /dev/vdb11     252       18        1      active sync   /dev/vdb24     252       33        2      active sync   /dev/vdc13     252       49        -      spare   /dev/vdd1

格式化md0文件系统：

[root@a ~]# mkfs.xfs /dev/md0 
meta-data=/dev/md0               isize=256    agcount=16, agsize=163712 blks=                       sectsz=512   attr=2, projid32bit=1=                       crc=0        finobt=0
data     =                       bsize=4096   blocks=2618880, imaxpct=25=                       sunit=128    swidth=256 blks
naming   =version 2              bsize=4096   ascii-ci=0 ftype=0
log      =internal log           bsize=4096   blocks=2560, version=2=                       sectsz=512   sunit=8 blks, lazy-count=1
realtime =none                   extsz=4096   blocks=0, rtextents=0

查看UUID：

[root@a ~]# blkid | grep md0
/dev/md0: UUID="2a093f19-2cab-4478-97f9-2c5050164a0c" TYPE="xfs"

实现开机自动挂载：

#
# /etc/fstab
# Created by anaconda on Thu Sep 22 17:50:17 2016
#
# Accessible filesystems, by reference, are maintained under '/dev/disk'
# See man pages fstab(5), findfs(8), mount(8) and/or blkid(8) for more info
#
/dev/mapper/centos-root /                       xfs     defaults        0 0
UUID=41f7a291-c7de-4694-a5ee-1e6313ff9f44 /boot                   xfs     defaults        0 0
/dev/mapper/centos-swap swap                    swap    defaults        0 0
UUID=2a093f19-2cab-4478-97f9-2c5050164a0c /data/web_data xfs defaults 0 0

创建挂载目录及挂载：

[root@a ~]# mkdir -p /data/web_data
[root@a ~]# mount /dev/md0 /data/web_data/
[root@a ~]# mount |grep md0
/dev/md0 on /data/web_data type xfs (rw,relatime,attr2,inode64,sunit=1024,swidth=2048,noquota)

B创建LVM物理卷要求如下：

1：创建卷组datastore，PE大小为16MB

2：逻辑卷ftp_data所属datastore，大小10G

3：逻辑卷格式化为XFS文件系统，UUID方式自动挂载到/data/ftp_data

配置本地YUM源（可参考A操作）

测试YUM源

[root@b ~]# yum repolist
已加载插件：fastestmirror
dvd                                                                                                                                                                                                                  | 3.6 kB  00:00:00     
(1/2): dvd/group_gz                                                                                                                                                                                                  | 155 kB  00:00:00     
(2/2): dvd/primary_db                                                                                                                                                                                                | 2.8 MB  00:00:00     
Determining fastest mirrors
源标识                                                                                                               源名称                                                                                                            状态
dvd                                                                                                                  dvd                                                                                                               3,723
repolist: 3,723

查看云硬盘：

[root@b ~]# fdisk -l磁盘 /dev/vda：53.7 GB, 53687091200 字节，104857600 个扇区
Units = 扇区 of 1 * 512 = 512 bytes
扇区大小(逻辑/物理)：512 字节 / 512 字节
I/O 大小(最小/最佳)：512 字节 / 512 字节
磁盘标签类型：dos
磁盘标识符：0x000b2200设备 Boot      Start         End      Blocks   Id  System
/dev/vda1   *        2048     1026047      512000   83  Linux
/dev/vda2         1026048   104857599    51915776   8e  Linux LVM磁盘 /dev/mapper/centos-root：47.7 GB, 47747956736 字节，93257728 个扇区
Units = 扇区 of 1 * 512 = 512 bytes
扇区大小(逻辑/物理)：512 字节 / 512 字节
I/O 大小(最小/最佳)：512 字节 / 512 字节磁盘 /dev/mapper/centos-swap：5368 MB, 5368709120 字节，10485760 个扇区
Units = 扇区 of 1 * 512 = 512 bytes
扇区大小(逻辑/物理)：512 字节 / 512 字节
I/O 大小(最小/最佳)：512 字节 / 512 字节磁盘 /dev/vdb：16.1 GB, 16106127360 字节，31457280 个扇区
Units = 扇区 of 1 * 512 = 512 bytes
扇区大小(逻辑/物理)：512 字节 / 512 字节
I/O 大小(最小/最佳)：512 字节 / 512 字节

创建分区1：

[root@b ~]# fdisk -l |grep /dev/vdb
磁盘 /dev/vdb：16.1 GB, 16106127360 字节，31457280 个扇区
/dev/vdb1            2048    31457279    15727616   83  Linux

初始化为物理卷：

[root@b ~]# pvcreate /dev/vdb1Physical volume "/dev/vdb1" successfully created

创建卷组：

[root@b ~]# vgcreate -s 16M datastore /dev/vdb1Volume group "datastore" successfully created

创建逻辑卷：

[root@b ~]# lvcreate -L 10G datastore -n ftp_dataLogical volume "ftp_data" created.

格式化为XFS：

[root@b ~]# mkfs.xfs /dev/mapper/datastore-ftp_data 
meta-data=/dev/mapper/datastore-ftp_data isize=256    agcount=4, agsize=655360 blks=                       sectsz=512   attr=2, projid32bit=1=                       crc=0        finobt=0
data     =                       bsize=4096   blocks=2621440, imaxpct=25=                       sunit=0      swidth=0 blks
naming   =version 2              bsize=4096   ascii-ci=0 ftype=0
log      =internal log           bsize=4096   blocks=2560, version=2=                       sectsz=512   sunit=0 blks, lazy-count=1
realtime =none                   extsz=4096   blocks=0, rtextents=0

查看UUID：

[root@b ~]# blkid |grep ftp
/dev/mapper/datastore-ftp_data: UUID="75c47946-b0f8-4685-98fb-d0b79dd940de" TYPE="xfs"

实现自动挂载：

[root@b ~]# vim /etc/fstab #
# /etc/fstab
# Created by anaconda on Thu Sep 22 17:50:17 2016
#
# Accessible filesystems, by reference, are maintained under '/dev/disk'
# See man pages fstab(5), findfs(8), mount(8) and/or blkid(8) for more info
#
/dev/mapper/centos-root /                       xfs     defaults        0 0
UUID=41f7a291-c7de-4694-a5ee-1e6313ff9f44 /boot                   xfs     defaults        0 0
/dev/mapper/centos-swap swap                    swap    defaults        0 0
UUID=75c47946-b0f8-4685-98fb-d0b79dd940de /data/ftp_data        xfs     defaults        0       0

创建挂载目录及挂载：

[root@b ~]# mkdir -p /data/ftp_data
[root@b ~]# mount /dev/mapper/datastore-ftp_data /data/ftp_data/
[root@b ~]# mount |grep ftp
/dev/mapper/datastore-ftp_data on /data/ftp_data type xfs (rw,relatime,attr2,inode64,noquota)

（A）配置DNS服务要求如下：

1：添加www.rj.com解析A的公网IP

2：添加ftp.rj.com解析B的公网IP

3：允许B192.168.2.33进行区域传送

4：允许所有主机查询和递归查询

5：区域定义在/etc/named.conf

6：区域数据文件为rj.com.zone

7：B作为A的从DNS服务器

（A）下载安装bind：

[root@a ~]# yum install bind* -y > /dev/null

测试启动并备份配置文件：

[root@a ~]# systemctl restart named
[root@a ~]# cp /etc/named.conf /opt/copy/

修改配置文件：

// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//options {listen-on port 53 { any; };listen-on-v6 port 53 { ::1; };directory       "/var/named";dump-file       "/var/named/data/cache_dump.db";statistics-file "/var/named/data/named_stats.txt";memstatistics-file "/var/named/data/named_mem_stats.txt";allow-query     { any; };/* - If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.- If you are building a RECURSIVE (caching) DNS server, you need to enable recursion. - If your recursive DNS server has a public IP address, you MUST enable access control to limit queries to your legitimate users. Failing to do so willcause your server to become part of large scale DNS amplification attacks. Implementing BCP38 within your network would greatlyreduce such attack surface */recursion yes;dnssec-enable no;dnssec-validation no;/* Path to ISC DLV key */bindkeys-file "/etc/named.iscdlv.key";managed-keys-directory "/var/named/dynamic";pid-file "/run/named/named.pid";session-keyfile "/run/named/session.key";
};logging {channel default_debug {file "data/named.run";severity dynamic;};
};zone "." IN {type hint;file "named.ca";
};
zone "rj.com"{
type master;
allow-transfer { 192.168.2.33； };
file "rj.com.zone";

复制区域数据文件：

[root@a ~]# cp /var/named/named.localhost /var/named/rj.com.zone

修改区域数据文件：

$TTL 1D
@       IN SOA  rj.com. rname.invalid. (0       ; serial1D      ; refresh1H      ; retry1W      ; expire3H )    ; minimumIN NS aIN NS b
a IN A 172.16.0.137
b IN A 172.16.0.138
www IN A 172.16.0.137
ftp IN A 172.16.0.138

修改属组及测试启动：

[root@a ~]# chgrp named /var/named/rj.com.zone 
[root@a ~]# systemctl restart named
[root@a ~]# nslookup www.rj.com
Server:		172.16.0.137
Address:	172.16.0.137#53Name:	www.rj.com
Address: 172.16.0.137[root@a ~]# nslookup ftp.rj.com
Server:		172.16.0.137
Address:	172.16.0.137#53Name:	ftp.rj.com
Address: 172.16.0.138

B（下载安装bind）及测试启动：

[root@b ~]# yum install bind* -y > /dev/null 
[root@b ~]# systemctl restart named

备份配置文件：

[root@b ~]# cp /etc/named.conf /opt/copy/

修改配置文件：

[root@b ~]# vim /etc/named.conf 
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//options {listen-on port 53 { 127.0.0.1; };listen-on-v6 port 53 { ::1; };directory       "/var/named";dump-file       "/var/named/data/cache_dump.db";statistics-file "/var/named/data/named_stats.txt";memstatistics-file "/var/named/data/named_mem_stats.txt";allow-query     { localhost; };/* - If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.- If you are building a RECURSIVE (caching) DNS server, you need to enable recursion. - If your recursive DNS server has a public IP address, you MUST enable access control to limit queries to your legitimate users. Failing to do so willcause your server to become part of large scale DNS amplification attacks. Implementing BCP38 within your network would greatlyreduce such attack surface */recursion yes;dnssec-enable yes;dnssec-validation yes;/* Path to ISC DLV key */bindkeys-file "/etc/named.iscdlv.key";managed-keys-directory "/var/named/dynamic";pid-file "/run/named/named.pid";session-keyfile "/run/named/session.key";
};logging {channel default_debug {file "data/named.run";severity dynamic;};
};zone "." IN {type hint;file "named.ca";
};"/etc/named.conf" 57L, 1558C                                                                                                                                                                              
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//options {listen-on port 53 { any; };listen-on-v6 port 53 { ::1; };directory       "/var/named";dump-file       "/var/named/data/cache_dump.db";statistics-file "/var/named/data/named_stats.txt";memstatistics-file "/var/named/data/named_mem_stats.txt";allow-query     { any; };/* - If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.- If you are building a RECURSIVE (caching) DNS server, you need to enable recursion. - If your recursive DNS server has a public IP address, you MUST enable access control to limit queries to your legitimate users. Failing to do so willcause your server to become part of large scale DNS amplification attacks. Implementing BCP38 within your network would greatlyreduce such attack surface */recursion yes;dnssec-enable no;dnssec-validation no;/* Path to ISC DLV key */bindkeys-file "/etc/named.iscdlv.key";managed-keys-directory "/var/named/dynamic";pid-file "/run/named/named.pid";session-keyfile "/run/named/session.key";
};logging {channel default_debug {file "data/named.run";severity dynamic;};
};zone "." IN {type hint;file "named.ca";
};
zone "rj.com"{
type slave;
file "slaves/rj.com.zone"；
masters { 192.168.2.22; };
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";

测试启动：

[root@b ~]# systemctl restart named
[root@b ~]# ls /var/named/slaves/
rj.com.zone
[root@b ~]# nslookup www.rj.com
Server:		172.16.0.138
Address:	172.16.0.138#53Name:	www.rj.com
Address: 172.16.0.137[root@b ~]#

（A）配置HTTP要求如下：

1：配置virthost.conf放置在/etc/httpd/conf.d/

2：使用www.rj.com作为域名

3：跟目录/data/web_data

下载安装HTTP：

[root@a ~]# yum install httpd* -y > /dev/null

测试启动及添加显示文件：

[root@a ~]# echo "This is ceshi" > /data/web_data/index.html
[root@a ~]# systemctl restart httpd

备份配置文件：

[root@a ~]# cp /etc/httpd/conf/httpd.conf /opt/copy/

修改配置文件：

# EnableMMAP and EnableSendfile: On systems that support it, 
# memory-mapping or the sendfile syscall may be used to deliver
# files.  This usually improves server performance, but must
# be turned off when serving from networked-mounted 
# filesystems or if support for these functions is otherwise
# broken on your system.
# Defaults if commented: EnableMMAP On, EnableSendfile Off
#
#EnableMMAP off
EnableSendfile on# Supplemental configuration
#
# Load config files in the "/etc/httpd/conf.d" directory, if any.
IncludeOptional conf.d/virthost.conf

修改virthost.conf：

[root@a ~]# vim /etc/httpd/conf.d/virthost.conf
<virtualhost *:80>
servername www.rj.com
documentroot "/data/web_data"
<directory "/data/web_data">require all granted
</directory>
</virtualhost>

测试启动及访问：

[root@a ~]# systemctl restart httpd
[root@a ~]# curl www.rj.com
This is ceshi

（B）配置FTP服务要求如下：

1：拒绝匿名，只允许本地用户登陆

2：使用被动模式，设置B公网为被动模式地址

3：所有用户主目录为/data/ftp_data宿主为virtual用户

4：将用户使用文件方式记录账号及密码

下载安装vsftp：

[root@b ~]# yum install vsftpd* -y > /dev/null 
[root@b ~]# yum install ftp* -y > /dev/null

创建宿主用户：

[root@b ~]# useradd -d /data/ftp_data/ -s /sbin/nologin virtual

配置虚拟用户：

[root@b vsftpd]# vim vlogin
ftpuser1
123456
ftpuser2
123456
ftpadmin
123456

生成数据库文件：

[root@b vsftpd]# db_load -T -t hash -f vlogin vlogin.db
[root@b vsftpd]# ls
ftpusers  user_list  vlogin  vlogin.db  vsftpd.conf  vsftpd_conf_migrate.sh

备份并配置pam文件：

[root@b vsftpd]# vim /etc/pam.d/vsftpd.vu 
auth required /lib64/security/pam_userdb.so db=/etc/vsftpd/vlogin
account required /lib64/security/pam_userdb.so db=/etc/vsftpd/vlogin.

配置vsftpd.conf：

[root@b vsftpd]# vim /etc/vsftpd/vsftpd.conf 
# Example config file /etc/vsftpd/vsftpd.conf
#
# The default compiled in settings are fairly paranoid. This sample file
# loosens things up a bit, to make the ftp daemon more usable.
# Please see vsftpd.conf.5 for all compiled in defaults.
#
# READ THIS: This example file is NOT an exhaustive list of vsftpd options.
# Please read the vsftpd.conf.5 manual page to get a full idea of vsftpd's
# capabilities.
#
# Allow anonymous FTP? (Beware - allowed by default if you comment this out).
anonymous_enable=NO
#
# Uncomment this to allow local users to log in.
# When SELinux is enforcing check for SE bool ftp_home_dir
local_enable=YES
#
# Uncomment this to enable any form of FTP write command.
write_enable=YES
#
# Default umask for local users is 077. You may wish to change this to 022,
# if your users expect that (022 is used by most other ftpd's)
local_umask=022
#
# Uncomment this to allow the anonymous FTP user to upload files. This only
# has an effect if the above global write enable is activated. Also, you will
# obviously need to create a directory writable by the FTP user.
# When SELinux is enforcing check for SE bool allow_ftpd_anon_write, allow_ftpd_full_access
#anon_upload_enable=YES
#
# Uncomment this if you want the anonymous FTP user to be able to create
# new directories.
#anon_mkdir_write_enable=YES
#
# Activate directory messages - messages given to remote users when they
# go into a certain directory.
dirmessage_enable=YES
#
# Activate logging of uploads/downloads.
xferlog_enable=YES
#
# Make sure PORT transfer connections originate from port 20 (ftp-data).
connect_from_port_20=YES
#
# If you want, you can arrange for uploaded anonymous files to be owned by
# a different user. Note! Using "root" for uploaded files is not
# recommended!
#chown_uploads=YES
#chown_username=whoever
#
# You may override where the log file goes if you like. The default is shown
# below.
#xferlog_file=/var/log/xferlog
#
# If you want, you can have your log file in standard ftpd xferlog format.
# Note that the default log file location is /var/log/xferlog in this case.
xferlog_std_format=YES
#
# You may change the default value for timing out an idle session.
#idle_session_timeout=600
#
# You may change the default value for timing out a data connection.
#data_connection_timeout=120
#
# It is recommended that you define on your system a unique user which the
# ftp server can use as a totally isolated and unprivileged user.
#nopriv_user=ftpsecure
#
# Enable this and the server will recognise asynchronous ABOR requests. Not
# recommended for security (the code is non-trivial). Not enabling it,
# however, may confuse older FTP clients.
#async_abor_enable=YES
#
# By default the server will pretend to allow ASCII mode but in fact ignore
# the request. Turn on the below options to have the server actually do ASCII
# mangling on files when in ASCII mode.
# Beware that on some FTP servers, ASCII support allows a denial of service
# attack (DoS) via the command "SIZE /big/file" in ASCII mode. vsftpd
# predicted this attack and has always been safe, reporting the size of the
# raw file.
# ASCII mangling is a horrible feature of the protocol.
#ascii_upload_enable=YES
#ascii_download_enable=YES
#
# You may fully customise the login banner string:
#ftpd_banner=Welcome to blah FTP service.
#
# You may specify a file of disallowed anonymous e-mail addresses. Apparently
# useful for combatting certain DoS attacks.
#deny_email_enable=YES
# (default follows)
#banned_email_file=/etc/vsftpd/banned_emails
#
# You may specify an explicit list of local users to chroot() to their home
# directory. If chroot_local_user is YES, then this list becomes a list of
# users to NOT chroot().
# (Warning! chroot'ing can be very dangerous. If using chroot, make sure that
# the user does not have write access to the top level directory within the
# chroot)
#chroot_local_user=YES
#chroot_list_enable=YES
# (default follows)
#chroot_list_file=/etc/vsftpd/chroot_list
#
# You may activate the "-R" option to the builtin ls. This is disabled by
# default to avoid remote users being able to cause excessive I/O on large
# sites. However, some broken FTP clients such as "ncftp" and "mirror" assume
# the presence of the "-R" option, so there is a strong case for enabling it.
#ls_recurse_enable=YES
#
# When "listen" directive is enabled, vsftpd runs in standalone mode and
# listens on IPv4 sockets. This directive cannot be used in conjunction
# with the listen_ipv6 directive.
listen=NO
#
# This directive enables listening on IPv6 sockets. By default, listening
# on the IPv6 "any" address (::) will accept connections from both IPv6
# and IPv4 clients. It is not necessary to listen on *both* IPv4 and IPv6
# sockets. If you want that (perhaps because you want to listen on specific
# addresses) then you must run two copies of vsftpd with two configuration
# files.
# Make sure, that one of the listen options is commented !!
listen_ipv6=YES
chroot_local_user=YES
local_root=/data/ftp_data
anon_root=/data/ftp_data
allow_writeable_chroot=YES
#pasv_enable=YES
#pasv_address=172.16.0.138
#pasv_addr_resolve=YES
pasv_promiscuous=YESpam_service_name=vsftpd.vu
userlist_enable=YES
tcp_wrappers=YESuser_config_dir=/etc/vsftpd/user_conf
guest_enable=YES
guest_username=virtual

创建虚拟用户权限配置文件：

[root@b user_conf]# vim ftpadmin
anon_upload_enale=YES
anon_mkdir_write_enable=YES
anon_other_write_enable=YES
anon_umask=022

测试启动：

[root@b ~]# ftp 172.16.0.138
Connected to 172.16.0.138 (172.16.0.138).
220 (vsFTPd 3.0.2)
Name (172.16.0.138:root): ftpadmin
331 Please specify the password.
Password:
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.

结语：

B卷就此结束，如有问题可联系博主。