开启辅助访问

Bo's Oracle Station

Bo's Oracle Station»社区 培训进行时(结课后图标变灰,但是欢迎继续发帖!) SPOTO红帽提升班106班(RHEL7和RHEL8实验环境) 课程第2次:2020-02-15星期六
返回列表 发新帖
查看: 1024|回复: 0

课程第2次:2020-02-15星期六

[复制链接]
botang

1005

主题

1469

帖子

1万

积分

管理员

Rank: 9Rank: 9Rank: 9

积分
12012
发表于 2020-2-15 20:46:30 | 显示全部楼层 |阅读模式
1. /etc/dhcp/dhcpd.conf:

  1. ddns-update-style none;
  2. subnet 192.168.0.0 netmask 255.255.255.0 {
复制代码

  1. option routers 192.168.0.254;
  2.         option subnet-mask 255.255.255.0;
  3.         option domain-name "example.com";
  4.         option domain-name-servers 192.168.0.254;
  5.         default-lease-time 21600;
  6.         max-lease-time 43200;
复制代码
PXE特别需要:
  1. filename "/var/ftp/pub/workstation.cfg";
复制代码
PXE特别需要:tftp
  1. next-server classroom.example.com;
复制代码


PXE极其需要:
  1. option space PXE;
  2. class "PXE" {
  3.         match if substring(option vendor-class-identifier, 0, 9) = "PXEClient";
  4.                 option vendor-encapsulated-options 01:04:00:00:00:00:ff;
  5.                         option boot-size 0x1;
  6.                         filename "pxelinux.0";
  7.                         option tftp-server-name "classroom.example.com";
  8.                         option vendor-class-identifier "PXEClient";
  9.                         vendor-option-space PXE;
  10. }
复制代码


可选的配置:要在subnet大范围之内


  1. host desktop3 {
  2.                  hardware ethernet  00:0C:29:E7:1C:6D;
  3.                  fixed-address  192.168.0.3;

  5. }
复制代码
2. 测试名字服务器:


  1. [root@classroom ~]# dig desktop4.example.com

  3. ; <<>> DiG 9.11.4-P2-RedHat-9.11.4-16.P2.el8 <<>> desktop4.example.com
  4. ;; global options: +cmd
  5. ;; Got answer:
  6. ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 26722
  7. ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2

  9. ;; OPT PSEUDOSECTION:
  10. ; EDNS: version: 0, flags:; udp: 4096
  11. ; COOKIE: e885426657c53e0cdfd9e9b95e47e7568f4b425f66b9f448 (good)
  12. ;; QUESTION SECTION:
  13. ;desktop4.example.com.          IN      A

  15. ;; ANSWER SECTION:
  16. desktop4.example.com.   86400   IN      A       192.168.0.4

  18. ;; AUTHORITY SECTION:
  19. example.com.            86400   IN      NS      classroom.example.com.

  21. ;; ADDITIONAL SECTION:
  22. classroom.example.com.  86400   IN      A       192.168.0.254

  24. ;; Query time: 4 msec
  25. ;; SERVER: 127.0.0.1#53(127.0.0.1)
  26. ;; WHEN: Sat Feb 15 20:43:02 CST 2020
  27. ;; MSG SIZE  rcvd: 133

  29. [root@classroom ~]# dig server4.example.com

  31. ; <<>> DiG 9.11.4-P2-RedHat-9.11.4-16.P2.el8 <<>> server4.example.com
  32. ;; global options: +cmd
  33. ;; Got answer:
  34. ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 31197
  35. ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2

  37. ;; OPT PSEUDOSECTION:
  38. ; EDNS: version: 0, flags:; udp: 4096
  39. ; COOKIE: 1d37347955f443018107858c5e47e75eac3190a29a03cfb3 (good)
  40. ;; QUESTION SECTION:
  41. ;server4.example.com.           IN      A

  43. ;; ANSWER SECTION:
  44. server4.example.com.    86400   IN      A       192.168.0.104

  46. ;; AUTHORITY SECTION:
  47. example.com.            86400   IN      NS      classroom.example.com.

  49. ;; ADDITIONAL SECTION:
  50. classroom.example.com.  86400   IN      A       192.168.0.254

  52. ;; Query time: 0 msec
  53. ;; SERVER: 127.0.0.1#53(127.0.0.1)
  54. ;; WHEN: Sat Feb 15 20:43:10 CST 2020
  55. ;; MSG SIZE  rcvd: 132

  57. [root@classroom ~]# dig example.com

  59. ; <<>> DiG 9.11.4-P2-RedHat-9.11.4-16.P2.el8 <<>> example.com
  60. ;; global options: +cmd
  61. ;; Got answer:
  62. ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6299
  63. ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2

  65. ;; OPT PSEUDOSECTION:
  66. ; EDNS: version: 0, flags:; udp: 4096
  67. ; COOKIE: c33afce287191a70de495cf05e47e765fdcc491c5133902f (good)
  68. ;; QUESTION SECTION:
  69. ;example.com.                   IN      A

  71. ;; ANSWER SECTION:
  72. example.com.            86400   IN      A       192.168.0.254

  74. ;; AUTHORITY SECTION:
  75. example.com.            86400   IN      NS      classroom.example.com.

  77. ;; ADDITIONAL SECTION:
  78. classroom.example.com.  86400   IN      A       192.168.0.254

  80. ;; Query time: 2 msec
  81. ;; SERVER: 127.0.0.1#53(127.0.0.1)
  82. ;; WHEN: Sat Feb 15 20:43:17 CST 2020
  83. ;; MSG SIZE  rcvd: 124

  85. [root@classroom ~]# dig -t mx example.com

  87. ; <<>> DiG 9.11.4-P2-RedHat-9.11.4-16.P2.el8 <<>> -t mx example.com
  88. ;; global options: +cmd
  89. ;; Got answer:
  90. ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 46251
  91. ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2

  93. ;; OPT PSEUDOSECTION:
  94. ; EDNS: version: 0, flags:; udp: 4096
  95. ; COOKIE: 315b836166cbe9a74171ba255e47e76da0e04046dad5e097 (good)
  96. ;; QUESTION SECTION:
  97. ;example.com.                   IN      MX

  99. ;; ANSWER SECTION:
  100. example.com.            86400   IN      MX      10 classroom.example.com.

  102. ;; AUTHORITY SECTION:
  103. example.com.            86400   IN      NS      classroom.example.com.

  105. ;; ADDITIONAL SECTION:
  106. classroom.example.com.  86400   IN      A       192.168.0.254

  108. ;; Query time: 0 msec
  109. ;; SERVER: 127.0.0.1#53(127.0.0.1)
  110. ;; WHEN: Sat Feb 15 20:43:25 CST 2020
  111. ;; MSG SIZE  rcvd: 124

  113. [root@classroom ~]# dig  cracker133.cracker.org

  115. ; <<>> DiG 9.11.4-P2-RedHat-9.11.4-16.P2.el8 <<>> cracker133.cracker.org
  116. ;; global options: +cmd
  117. ;; Got answer:
  118. ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 16721
  119. ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2

  121. ;; OPT PSEUDOSECTION:
  122. ; EDNS: version: 0, flags:; udp: 4096
  123. ; COOKIE: ce1b38effdbb9d52f198b2415e47e7a697516f8a5156156e (good)
  124. ;; QUESTION SECTION:
  125. ;cracker133.cracker.org.                IN      A

  127. ;; ANSWER SECTION:
  128. cracker133.cracker.org. 86400   IN      A       192.168.1.133

  130. ;; AUTHORITY SECTION:
  131. cracker.org.            86400   IN      NS      server1.cracker.org.

  133. ;; ADDITIONAL SECTION:
  134. server1.cracker.org.    86400   IN      A       192.168.1.254

  136. ;; Query time: 1 msec
  137. ;; SERVER: 127.0.0.1#53(127.0.0.1)
  138. ;; WHEN: Sat Feb 15 20:44:22 CST 2020
  139. ;; MSG SIZE  rcvd: 133

  141. [root@classroom ~]# ping  cracker133.cracker.org
  142. PING cracker133.cracker.org (192.168.1.133) 56(84) bytes of data.
  143. 64 bytes from cracker133.cracker.org (192.168.1.133): icmp_seq=1 ttl=64 time=0.496 ms
  144. 64 bytes from cracker133.cracker.org (192.168.1.133): icmp_seq=2 ttl=64 time=0.336 ms
  145. 64 bytes from cracker133.cracker.org (192.168.1.133): icmp_seq=3 ttl=64 time=0.387 ms
  146. 64 bytes from cracker133.cracker.org (192.168.1.133): icmp_seq=4 ttl=64 time=0.363 ms
  147. 64 bytes from cracker133.cracker.org (192.168.1.133): icmp_seq=5 ttl=64 time=0.410 ms
  148. 64 bytes from cracker133.cracker.org (192.168.1.133): icmp_seq=6 ttl=64 time=0.319 ms
  149. 64 bytes from cracker133.cracker.org (192.168.1.133): icmp_seq=7 ttl=64 time=0.352 ms
  150. 64 bytes from cracker133.cracker.org (192.168.1.133): icmp_seq=8 ttl=64 time=2.20 ms
复制代码

3. 解释一台CLASSROOM后半段:

从430行开始:
什么是CA ?任何浏览器(操作系统)都内嵌8个CA的公钥。 RHCE密码学-->数字签名-->CA拿它的私钥“处理”你的公钥。https (https的公钥被签名)。

时间必需要同步,line 443-481 时间服务器chronyd

4. 如何成为CA(x509格式只要一般了解):
  1. openssl req -days 3650 -new -x509 -nodes -out example-ca.crt -keyout private/example-ca.key -subj '/C=US/ST=North Carolina/L=Raleigh/O=Example, Inc./CN=example.com Certificate Authority'
复制代码




回复

使用道具 举报

返回列表 发新帖
高级模式
B Color Image Link Quote Code Smilies
您需要登录后才可以回帖 登录 | 立即注册

本版积分规则

QQ|手机版|Bo's Oracle Station   

GMT+8, 2024-5-20 17:10 , Processed in 0.035011 second(s), 24 queries .

快速回复 返回顶部 返回列表