企业安全-[安全运维向]模拟搭建小型企业内网
推荐 原创运维小实验
实验目的
根据小型企业实际情况,模拟搭建小型局域网,针对常见内网渗透攻击手段(如ddos、ssh爆破等)做相应配置。实验目标是提高运维新手的安全运维能力。
网络拓扑
场景介绍
局域网下含有物理机、proxy server主机。物理机即普通客户主机,proxy server即企业提供的代理,此网络模拟的是公网环境。
Nat网络下含有HTTP server、Backup server、nis server、Client主机。此网络模拟的是公司内网环境。
主机介绍
物理机:设置浏览器代理为同一网段下的192.168.1.10,可访问192.168.56.102门户网站。
Proxy server:关停一切不必要的端口,伪装ssh端口为1022,需要重点考虑防火墙的设置,检测日志信息,短时间内登录ssh超过一定失败次数则给root用户发邮件提醒,提供squid代理服务。
Http server:架设由https协议保护的门户网站,并提供rsync服务,需要考虑防火墙的设置,设置iptables,仅仅让proxy server访问80、443端口。
Backup server:rsync保存http server的日志信息。
Nis server:为client、backup server这两个服务器提供账号管理服务。
client:配置简易防火墙。
详细配置
特殊配置
在192.168.56.0/24这个网段下,除了proxy server这个服务器可以被物理机访问,其他主机需要设置不能被局域网以外的其他ip访问。这个可以通过设置iptables实现:
|
1
2
3
4
|
# ban 物理机
iptables
-
A
INPUT
-
p TCP
-
i enp0s8
-
s
192.168
.
56.1
-
j DROP
# 只允许同网段的ip连接
iptables
-
A
INPUT
-
p TCP
-
i enp0s8
-
s
192.168
.
56.0
/
24
-
j ACCEPT
|
Proxy server
1.防火墙配置
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
|
# 清空原有配置
iptables
-
F
iptables
-
X
iptables
-
Z
# input 表默认策略 丢弃
iptables
-
P
INPUT
DROP
iptables
-
P OUTPUT ACCEPT
iptables
-
P FORWARD ACCEPT
# -A 增加规则,-i 指定网卡,-j 指示动作,-m 模组,-p 协议
# --dport 目标端口,--sport 源端口
#-m state --state RELATED,ESTABLISHED 指定要匹配包的的状态,当前有4种状态可用:INVALID,ESTABLISHED,NEW和RELATED。 INVALID意味着这个包没有已知的流或连接与之关联,也可能是它包含的数据或包头有问题。ESTABLISHED意思是包是完全有效的,而且属于一个已建立的连接,这个连接的两端都已经有数据发送。NEW表示包将要或已经开始建立一个新的连接,或者是这个包和一个还没有在两端都有数据发送的连接有关。RELATED说明包正在建立一个新的连接,这个连接是和一个已建立的连接相关的。
iptables
-
A
INPUT
-
i lo
-
j ACCEPT
iptables
-
A
INPUT
-
m state
-
-
state RELATED,ESTABLISHED
-
j ACCEPT
iptables
-
A
INPUT
-
p TCP
-
i enp0s3
-
-
dport
111
-
-
sport
1024
:
65534
-
j ACCEPT
iptables
-
A
INPUT
-
p TCP
-
i enp0s3
-
-
dport
1022
-
-
sport
1024
:
65534
-
j ACCEPT
iptables
-
A
INPUT
-
p TCP
-
i enp0s3
-
-
dport
3128
-
-
sport
1024
:
65534
-
j ACCEPT
iptables
-
save >
/
home
/
dc
/
iptables.mysettings
|
并设置/etc/crontab文件
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
|
ELL
=
/
bin
/
bash
PATH
=
/
sbin:
/
bin
:
/
usr
/
sbin:
/
usr
/
bin
MAILTO
=
root
# For details see man 4 crontabs
# Example of job definition:
# .---------------- minute (0 - 59)
# | .------------- hour (0 - 23)
# | | .---------- day of month (1 - 31)
# | | | .------- month (1 - 12) OR jan,feb,mar,apr ...
# | | | | .---- day of week (0 - 6) (Sunday=0 or 7) OR sun,mon,tue,wed,thu,fri,sat
# | | | | |
# * * * * * user-name command to be executed
# apply my iptables from file per minute.
*
*
*
*
*
root
/
sbin
/
iptables
-
restore
/
home
/
dc
/
iptables.mysettings
|
开启内核管理功能:
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
|
[root@localhost dc]
# vim /etc/sysctl.conf
[root@localhost dc]
# cat /etc/sysctl.conf
# sysctl settings are defined through files in
# /usr/lib/sysctl.d/, /run/sysctl.d/, and /etc/sysctl.d/.
#
# Vendors settings live in /usr/lib/sysctl.d/.
# To override a whole file, create a new file with the same in
# /etc/sysctl.d/ and put new settings there. To override
# only specific settings, add a file with a lexically later
# name in /etc/sysctl.d/ and put new settings there.
#
# For more information, see sysctl.conf(5) and sysctl.d(5).
# Turn on syncookies for SYN flood attack protection
#
net.ipv4.tcp_syncookies
=
1
# Avoid a smurf attack
#
net.ipv4.icmp_echo_ignore_broadcasts
=
1
# Turn on reverse path filtering
#
net.ipv4.conf.
all
.rp_filter
=
1
net.ipv4.conf.default.rp_filter
=
1
net.ipv4.conf.enp0s8.rp_filter
=
1
net.ipv4.conf.lo.rp_filter
=
1
# Turn on and log spoofed, source routed, and redirect packets
net.ipv4.conf.
all
.log_martians
=
1
net.ipv4.conf.default.log_martians
=
1
net.ipv4.conf.enp0s8.log_martians
=
1
net.ipv4.conf.lo.log_martians
=
1
# Make sure no one can alter the routing tables
#
net.ipv4.conf.
all
.accept_redirects
=
0
net.ipv4.conf.default.accept_redirects
=
0
net.ipv4.conf.enp0s8.accept_redirects
=
0
net.ipv4.conf.lo.accept_redirects
=
0
# redirects project
net.ipv4.conf.
all
.send_redirects
=
0
net.ipv4.conf.default.send_redirects
=
0
net.ipv4.conf.enp0s8.send_redirects
=
0
net.ipv4.conf.lo.send_redirects
=
0
[root@localhost dc]
# sysctl -p
|
设置完毕之后可以重启查看防火墙设置是否生效。
2.关停一切不必要的端口
查看开启的端口发现这一项:
|
1
2
|
[root@localhost dc]
# netstat -tulnp
tcp6
0
0
::
1
:
631
:::
*
LISTEN
1267
/
cupsd
|
根据鸟哥的书中提示,我利用systemctl命令关闭了cups服务systemctl disable cups.service
也可以使用ntsysv命令查看、关闭不必要的服务。
3.伪装ssh端口为1022
/etc/ssh/sshd_config:
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
|
```
Port
1022
#AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress ::
HostKey
/
etc
/
ssh
/
ssh_host_rsa_key
#HostKey /etc/ssh/ssh_host_dsa_key
HostKey
/
etc
/
ssh
/
ssh_host_ecdsa_key
HostKey
/
etc
/
ssh
/
ssh_host_ed25519_key
# Ciphers and keying
#RekeyLimit default none
# Logging
#SyslogFacility AUTH
SyslogFacility AUTHPRIV
#LogLevel INFO
# Authentication:
#LoginGraceTime 2m
PermitRootLogin no
#StrictModes yes
#MaxAuthTries 6
#MaxSessions 10
```
|
在selinux中添加 1022端口作为ssh服务端口的权限。
|
1
2
3
4
|
[root@localhost dc]
# semanage port -a -t ssh_port_t -p tcp 1022
[root@localhost dc]
#
[root@localhost dc]
# semanage port -l | grep ssh
ssh_port_t tcp
1022
,
22
|
4.检测日志信息,短时间内超过一定失败测试则给root用户发邮件提醒
使用kali测试爆破ssh端口
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
|
date ; hydra
-
l dc
-
P
/
usr
/
share
/
wordlists
/
fasttrack.txt
-
v ssh:
/
/
192.168
.
1.10
:
1022
; date
2022
年
07
月
29
日 星期五
22
:
23
:
15
CST
[WARNING] Many SSH configurations limit the number of parallel tasks, it
is
recommended to
reduce
the tasks: use
-
t
4
[ERROR] could
not
connect to target port
1022
: Socket error: Connection reset by peer
[ERROR] ssh protocol error
[ERROR] could
not
connect to target port
1022
: Socket error: Connection reset by peer
[ERROR] ssh protocol error
2022
年
07
月
29
日 星期五
22
:
25
:
26
CST
cat
/
usr
/
share
/
wordlists
/
fasttrack.txt | wc
-
l
222
>>> (
222
/
(
2
*
60
+
10
))
1.7076923076923076
|
平均每秒1.7个失败登录
可以看出一分钟内ssh登录次数超过60次,说明极有可能正在被黑客暴力破解账户密码。
编写自动化工具智能探测是否被爆破ssh密码,立即封禁可疑ip、发邮件给系统管理员。
具体功能:定时检测lastb命令的输出,如果发现1分钟内某ip登录失败次数超过60次则用mail命令通知root用户,并将立即使用iptables封禁该ip。(将封禁嫌疑ip的命令加入/home/dc/iptables.mysettings)
脚本内容:
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
|
import
os,datetime
def
is_this_ip_in_field(ip,field):
in_field
=
False
for
element
in
field:
if
element[
0
]
=
=
ip:
in_field
=
True
return
in_field
return
in_field
def
compose_time_str(date_time_t):
month_str
=
date_time_t.strftime(
"%b"
)
day_str
=
date_time_t.strftime(
"%d"
).replace(
'0'
,'')
time_str
=
date_time_t.strftime(
"%H:%M"
)
date_str
=
month_str
+
'-'
+
day_str
+
'-'
+
time_str
return
date_str
now_time
=
datetime.datetime.now()
month_str
=
now_time.strftime(
"%b"
)
current_time_1_min_ago
=
now_time
-
datetime.timedelta(minutes
=
1
)
current_time_2_min_ago
=
now_time
-
datetime.timedelta(minutes
=
2
)
current_time_3_min_ago
=
now_time
-
datetime.timedelta(minutes
=
3
)
current_time_1_min_ago_str
=
compose_time_str(current_time_1_min_ago)
current_time_2_min_ago_str
=
compose_time_str(current_time_2_min_ago)
current_time_3_min_ago_str
=
compose_time_str(current_time_3_min_ago)
time_str_list
=
[current_time_1_min_ago_str,current_time_2_min_ago_str,current_time_3_min_ago_str]
#print(time_str_list)
cmdline
=
"lastb | awk \'{printf \"%s-%s-%s %s\\n\",$5,$6,$7,$3}\' | less"
a
=
os.popen(cmdline)
login_failed_infomation
=
a.read().split(
'\n'
)
suspect_ip_and_attack_time_dict
=
{}
# { time:{ip:number,ip2:number},time2:{ip:number} }
for
line
in
login_failed_infomation:
if
not
line.startswith(month_str):
continue
detail_time,ip
=
line.split(
' '
)
#print(detail_time)
if
detail_time
in
time_str_list:
# has detail time segemnt.
if
suspect_ip_and_attack_time_dict.has_key(detail_time):
time_dict
=
suspect_ip_and_attack_time_dict[detail_time]
if
time_dict.has_key(ip):
time_dict[ip]
+
=
1
else
:
time_dict[ip]
=
1
else
:
# add ip
tmp_dict
=
{}
tmp_dict[ip]
=
1
suspect_ip_and_attack_time_dict[detail_time]
=
tmp_dict
report_message
=
""
black_list
=
[]
message
=
""
for
keys,values
in
suspect_ip_and_attack_time_dict.items():
for
ip,failed_times
in
values.items():
if
failed_times >
60
:
black_list.append(ip)
format_str
=
"{} attacked {} times at {}\n"
message
+
=
format_str.
format
(ip,failed_times,keys)
#print(message)
black_list
=
list
(
set
(black_list))
ban_ip_list
=
[]
tmp_list
=
[]
f
=
open
(
"black_list.txt"
,
"r"
)
for
line
in
f:
ban_ip_list.append(line)
f.close()
for
element
in
black_list:
if
element
not
in
ban_ip_list:
tmp_list.append(element)
black_list
=
tmp_list
f
=
open
(
"black_list.txt"
,
"a"
)
#iptables -I INPUT 3 -i enp0s3 -s 192.168.1.1 -j DROP
for
ip
in
black_list:
ban_cmd
=
"iptables -I INPUT 3 -i enp0s3 -s "
+
ip
+
" -j DROP"
f.write(ip
+
'\n'
)
os.popen(ban_cmd)
f.close()
os.popen(
"iptables-save > /home/dc/iptables.mysettings"
)
if
message !
=
"":
mail_cmd
=
"echo \""
+
message
+
"\" | mail -s \"security report\" root@localhost"
os.system(mail_cmd)
|
/etc/crontab 文件的内容:
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
|
ELL
=
/
bin
/
bash
PATH
=
/
sbin:
/
bin
:
/
usr
/
sbin:
/
usr
/
bin
MAILTO
=
root
# For details see man 4 crontabs
# Example of job definition:
# .---------------- minute (0 - 59)
# | .------------- hour (0 - 23)
# | | .---------- day of month (1 - 31)
# | | | .------- month (1 - 12) OR jan,feb,mar,apr ...
# | | | | .---- day of week (0 - 6) (Sunday=0 or 7) OR sun,mon,tue,wed,thu,fri,sat
# | | | | |
# * * * * * user-name command to be executed
# apply my iptables from file per minute.
*
*
*
*
*
root
/
sbin
/
iptables
-
restore
/
home
/
dc
/
iptables.mysettings
# detect attack beheviour every 3 minutes.
*
/
3
*
*
*
*
root
/
usr
/
bin
/
python
/
root
/
detect_ssh_port_hacking.py
|
分别在两台主机上使用hydra爆破1022端口date ; hydra -l dc -P /usr/share/nmap/nselib/data/passwords.lst -v ssh://192.168.1.10:1022 ; date
完成后在本机查看root邮箱
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
|
[root@localhost ~]
# cat /var/spool/mail/root
From root@localhost.localdomain Thu Aug
4
10
:
33
:
02
2022
Return
-
Path: <root@localhost.localdomain>
X
-
Original
-
To: root@localhost
Delivered
-
To: root@localhost.localdomain
Received: by localhost.localdomain (Postfix,
from
userid
0
)
id
130BE12010FD
; Thu,
4
Aug
2022
10
:
33
:
02
-
0400
(EDT)
Date: Thu,
04
Aug
2022
10
:
33
:
02
-
0400
To: root@localhost.localdomain
Subject: security report
User
-
Agent: Heirloom mailx
12.5
7
/
5
/
10
MIME
-
Version:
1.0
Content
-
Type
: text
/
plain; charset
=
us
-
ascii
Content
-
Transfer
-
Encoding:
7bit
Message
-
Id
: <
20220804143302.130BE12010FD
@localhost.localdomain>
From: root@localhost.localdomain (root)
192.168
.
1.3
attacked
142
times at Aug
-
4
-
10
:
30
192.168
.
1.16
attacked
142
times at Aug
-
4
-
10
:
30
192.168
.
1.3
attacked
146
times at Aug
-
4
-
10
:
31
192.168
.
1.16
attacked
96
times at Aug
-
4
-
10
:
31
192.168
.
1.3
attacked
64
times at Aug
-
4
-
10
:
32
|
脚本发现了攻击行为之后,马上拉黑了两台正在攻击的主机。
再看看攻击机的输出:
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
|
┌──(root㉿kali)
-
[
/
usr
/
share
/
nmap
/
nselib
/
data]
└─
# date ; hydra -l dc -P /usr/share/nmap/nselib/data/passwords.lst -v ssh://192.168.1.10:1022 ; date
2022
年
08
月
04
日 星期四
22
:
32
:
55
CST
Hydra v9.
2
(c)
2021
by van Hauser
/
THC & David Maciejak
-
Please do
not
use
in
military
or
secret service organizations,
or
for
illegal purposes (this
is
non
-
binding, these
*
*
*
ignore laws
and
ethics anyway).
Hydra (https:
/
/
github.com
/
vanhauser
-
thc
/
thc
-
hydra) starting at
2022
-
08
-
04
22
:
32
:
55
[WARNING] Many SSH configurations limit the number of parallel tasks, it
is
recommended to
reduce
the tasks: use
-
t
4
[WARNING] Restorefile (you have
10
seconds to abort... (use option
-
I to skip waiting))
from
a previous session found, to prevent overwriting, .
/
hydra.restore
[DATA]
max
16
tasks per
1
server, overall
16
tasks,
5010
login tries (l:
1
/
p:
5010
), ~
314
tries per task
[DATA] attacking ssh:
/
/
192.168
.
1.10
:
1022
/
[VERBOSE] Resolving addresses ... [VERBOSE] resolving done
[INFO] Testing
if
password authentication
is
supported by ssh:
/
/
dc@
192.168
.
1.10
:
1022
[ERROR] could
not
connect to ssh:
/
/
192.168
.
1.10
:
1022
-
Timeout connecting to
192.168
.
1.10
2022
年
08
月
04
日 星期四
22
:
33
:
37
CST
|
本来是要测试完五千条密码,由于脚本的存在,只测试了不到三四百条条就被ban了:
|
1
2
|
dc@LAPTOP
-
J3UJRUOC:
/
usr
/
share
/
nmap
/
nselib
/
data$ wc
-
l
/
usr
/
share
/
nmap
/
nselib
/
data
/
passwords.lst
5084
/
usr
/
share
/
nmap
/
nselib
/
data
/
passwords.lst
|
再查看本机iptables配置:
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
|
[root@localhost ~]
# iptables -L --line-number
Chain
INPUT
(policy DROP)
num target prot opt source destination
1
ACCEPT
all
-
-
anywhere anywhere
2
ACCEPT
all
-
-
anywhere anywhere state RELATED,ESTABLISHED
3
DROP
all
-
-
192.168
.
1.16
anywhere
4
DROP
all
-
-
192.168
.
1.3
anywhere
5
ACCEPT tcp
-
-
anywhere anywhere tcp spts:
1024
:
65534
dpt:sunrpc
6
ACCEPT tcp
-
-
anywhere anywhere tcp spts:
1024
:
65534
dpt:exp2
7
ACCEPT tcp
-
-
anywhere anywhere tcp spts:
1024
:
65534
dpt:squid
Chain FORWARD (policy ACCEPT)
num target prot opt source destination
Chain OUTPUT (policy ACCEPT)
num target prot opt source destination
[root@localhost ~]
#
|
5.搭建squid代理
安装squid:
|
1
|
yum install squid
|
取消配置文件中一行注释:
|
1
2
3
|
vim
/
etc
/
squid
/
squid.conf:
Uncomment
and
adjust the following to add a disk cache directory.
cache_dir ufs
/
var
/
spool
/
squid
100
16
256
|
启动服务并设置开机自启:
|
1
2
|
[root@localhost ~]
# systemctl start squid.service
[root@localhost ~]
# systemctl enable squid.service
|
|
1
2
3
4
5
6
7
8
9
10
11
12
13
|
iptables
-
F
iptables
-
X
iptables
-
Z
iptables
-
P
INPUT
DROP
iptables
-
P OUTPUT ACCEPT
iptables
-
P FORWARD ACCEPT
iptables
-
A
INPUT
-
i lo
-
j ACCEPT
iptables
-
A
INPUT
-
m state
-
-
state RELATED,ESTABLISHED
-
j ACCEPT
iptables
-
A
INPUT
-
p TCP
-
i enp0s3
-
-
dport
111
-
-
sport
1024
:
65534
-
j ACCEPT
iptables
-
A
INPUT
-
p TCP
-
i enp0s3
-
-
dport
1022
-
-
sport
1024
:
65534
-
j ACCEPT
iptables
-
A
INPUT
-
p TCP
-
i enp0s3
-
-
dport
3128
-
-
sport
1024
:
65534
-
j ACCEPT
iptables
-
save >
/
home
/
dc
/
iptables.mysettings
iptables
-
L
-
-
line
-
number
|
client
配置防火墙:
|
1
2
3
4
5
6
7
8
9
10
11
|
iptables
-
F
iptables
-
X
iptables
-
Z
iptables
-
P
INPUT
DROP
iptables
-
P OUTPUT ACCEPT
iptables
-
P FORWARD ACCEPT
iptables
-
A
INPUT
-
i lo
-
j ACCEPT
iptables
-
A
INPUT
-
m state
-
-
state RELATED,ESTABLISHED
-
j ACCEPT
iptables
-
A
INPUT
-
p TCP
-
i enp0s8
-
s
192.168
.
56.1
-
j DROP
iptables
-
A
INPUT
-
p TCP
-
i enp0s8
-
s
192.168
.
56.0
/
24
-
j ACCEPT
iptables
-
save >
/
home
/
dc
/
iptables.mysettings
|
允许接受来自lo网卡的数据包,允许接受来自56网段、以及和自身发出的数据包相关的数据包。ban掉56.1这个ip(物理机),以及其他所有数据包。
写入计划任务:
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
|
[root@localhost dc]
# vim /etc/crontab
[root@localhost dc]
# cat /etc/crontab
SHELL
=
/
bin
/
bash
PATH
=
/
sbin:
/
bin
:
/
usr
/
sbin:
/
usr
/
bin
MAILTO
=
root
# For details see man 4 crontabs
# Example of job definition:
# .---------------- minute (0 - 59)
# | .------------- hour (0 - 23)
# | | .---------- day of month (1 - 31)
# | | | .------- month (1 - 12) OR jan,feb,mar,apr ...
# | | | | .---- day of week (0 - 6) (Sunday=0 or 7) OR sun,mon,tue,wed,thu,fri,sat
# | | | | |
# * * * * * user-name command to be executed
*
*
*
*
*
root
/
sbin
/
iptables
-
restore
/
home
/
dc
/
iptables.mysettings
|
http server
1.防火墙配置
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
|
iptables
-
F
iptables
-
X
iptables
-
Z
iptables
-
P
INPUT
DROP
iptables
-
P OUTPUT ACCEPT
iptables
-
P FORWARD ACCEPT
iptables
-
A
INPUT
-
i lo
-
j ACCEPT
iptables
-
A
INPUT
-
m state
-
-
state RELATED,ESTABLISHED
-
j ACCEPT
iptables
-
A
INPUT
-
p TCP
-
i enp0s8
-
s
192.168
.
56.1
-
j DROP
iptables
-
A
INPUT
-
p TCP
-
i enp0s8
-
s
192.168
.
56.106
-
-
dport
80
-
-
sport
1024
:
65534
-
j ACCEPT
iptables
-
A
INPUT
-
p TCP
-
i enp0s8
-
s
192.168
.
56.106
-
-
dport
443
-
-
sport
1024
:
65534
-
j ACCEPT
iptables
-
A
INPUT
-
p TCP
-
i enp0s8
-
-
dport
80
-
j DROP
iptables
-
A
INPUT
-
p TCP
-
i enp0s8
-
-
dport
443
-
j DROP
iptables
-
A
INPUT
-
p TCP
-
i enp0s8
-
-
dport
111
-
-
sport
1024
:
65534
-
j ACCEPT
iptables
-
A
INPUT
-
p TCP
-
i enp0s8
-
-
dport
22
-
-
sport
1024
:
65534
-
j ACCEPT
iptables
-
A
INPUT
-
p TCP
-
i enp0s8
-
-
dport
631
-
-
sport
1024
:
65534
-
j ACCEPT
iptables
-
A
INPUT
-
p TCP
-
i enp0s8
-
-
dport
25
-
-
sport
1024
:
65534
-
j ACCEPT
iptables
-
A
INPUT
-
p TCP
-
i enp0s8
-
s
192.168
.
56.0
/
24
-
j ACCEPT
|
保存配置并且安排上定时任务:
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
|
iptables
-
save >
/
root
/
my_iptables_seetings.rule
/
usr
/
sbin
/
iptables
-
restore <
/
root
/
my_iptables_seetings.rule
[root@localhost html]
# cat /etc/crontab
SHELL
=
/
bin
/
bash
PATH
=
/
sbin:
/
bin
:
/
usr
/
sbin:
/
usr
/
bin
MAILTO
=
root
# For details see man 4 crontabs
# Example of job definition:
# .---------------- minute (0 - 59)
# | .------------- hour (0 - 23)
# | | .---------- day of month (1 - 31)
# | | | .------- month (1 - 12) OR jan,feb,mar,apr ...
# | | | | .---- day of week (0 - 6) (Sunday=0 or 7) OR sun,mon,tue,wed,thu,fri,sat
# | | | | |
# * * * * * user-name command to be executed
*
*
*
*
*
root
/
usr
/
sbin
/
iptables
-
restore <
/
root
/
my_iptables_seetings.rule
|
2.安装httpd服务,启动该服务,并设置开机启动:
|
1
2
3
4
|
yum install httpd
systemctl start httpd
systemctl enable httpd
systemctl status httpd
|
简单设置网站首页:
|
1
2
3
|
cd
/
var
/
www
/
html
/
cat index.html
This
is
my first page.
|
安排上https:
|
1
2
|
yum install mod_ssl
systemctl restart httpd
|
备份服务器
在这个服务器上设置定时备份http服务器的网站内容。
1.首先做免密登录http服务器的设置:
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
|
[dc@localhost ~]$ su
Password:
[root@localhost dc]
# ssh-keygen
Generating public
/
private rsa key pair.
Enter
file
in
which to save the key (
/
root
/
.ssh
/
id_rsa):
Created directory
'/root/.ssh'
.
Enter passphrase (empty
for
no passphrase):
Enter same passphrase again:
Your identification has been saved
in
/
root
/
.ssh
/
id_rsa.
Your public key has been saved
in
/
root
/
.ssh
/
id_rsa.pub.
The key fingerprint
is
:
SHA256:iQiHtrt1CpVCi
/
9tUepSWVziMnhw
/
Zk9CASepiHvr2s root@localhost.localdomain
The key's randomart image
is
:
+
-
-
-
[RSA
2048
]
-
-
-
-
+
| .
+
. |
| .....
+
. |
|
*
o
+
+
o
=
=
|
|
+
B.
*
+
.
=
.
=
o |
|.
+
*
..BS . |
| .
=
=
|
|
+
oo.. |
|
=
E
=
o |
| ..
=
=
o |
+
-
-
-
-
[SHA256]
-
-
-
-
-
+
[root@localhost dc]
# scp ~/.ssh/id_rsa.pub root@192.168.56.102:~
The authenticity of host
'192.168.56.102 (192.168.56.102)'
can't be established.
ECDSA key fingerprint
is
SHA256:fXKVGvaS
/
isxJ
+
u6655e5dyTap2YDAgEgdrbs96gcoU.
ECDSA key fingerprint
is
MD5:
6d
:
28
:
85
:
28
:
3a
:
2d
:
2e
:be:cb:e9:cd:
87
:ad:
9a
:ea:
22.
Are you sure you want to
continue
connecting (yes
/
no)? yes
Warning: Permanently added
'192.168.56.102'
(ECDSA) to the
list
of known hosts.
root@
192.168
.
56.102
's password:
id_rsa.pub
100
%
408
489.5KB
/
s
00
:
00
|
在http server上添加相关公钥信息:
|
1
2
3
4
5
6
7
8
9
10
|
[root@localhost ~]
# ls -ld id_rsa.pub .ssh/
-
rw
-
r
-
-
r
-
-
.
1
root root
406
Aug
3
01
:
38
id_rsa.pub
drwx
-
-
-
-
-
-
.
2
root root
25
Aug
1
03
:
17
.ssh
/
[root@localhost ~]
# cat id_rsa.pub >> ~/.ssh/known_hosts
123.txt
.bash_profile .cshrc original
-
ks.cfg .viminfo
anaconda
-
ks.cfg .bashrc id_rsa.pub .rnd .wireshark
/
.bash_history .cache
/
.lesshst .ssh
/
.xauthTIyBog
.bash_logout .config
/
.local
/
.tcshrc
[root@localhost ~]
# cat id_rsa.pub >> ~/.ssh/authorized_keys
[root@localhost ~]
# chmod 644 ~/.ssh/authorized_keys
|
回到备份服务器测试下:
|
1
2
3
4
5
|
[dc@localhost ~]$ ssh root@
192.168
.
32.146
Last login: Sat Jul
30
06
:
48
:
47
2022
[root@localhost ~]
# exit
logout
Connection to
192.168
.
32.146
closed.
|
2.做完免密登录后,直接以root身份添加系统定时任务,每隔一小时同步备份http server的网站内容到本地/tmp下。
|
1
2
3
4
5
6
7
|
[root@localhost .ssh]
# /usr/bin/rsync -av -e ssh root@192.168.56.102:/var/www/html /tmp
receiving incremental
file
list
html
/
html
/
index.html
sent
47
bytes received
151
bytes
132.00
bytes
/
sec
total size
is
23
speedup
is
0.12
|
添加计划任务:
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
|
[root@localhost ~]
# cat /etc/crontab
SHELL
=
/
bin
/
bash
PATH
=
/
sbin:
/
bin
:
/
usr
/
sbin:
/
usr
/
bin
MAILTO
=
root
# For details see man 4 crontabs
# Example of job definition:
# .---------------- minute (0 - 59)
# | .------------- hour (0 - 23)
# | | .---------- day of month (1 - 31)
# | | | .------- month (1 - 12) OR jan,feb,mar,apr ...
# | | | | .---- day of week (0 - 6) (Sunday=0 or 7) OR sun,mon,tue,wed,thu,fri,sat
# | | | | |
# * * * * * user-name command to be executed
*
*
*
*
*
root
/
usr
/
bin
/
rsync
-
av
-
e ssh root@
192.168
.
56.102
:
/
var
/
www
/
html
/
tmp &>
/
root
/
rsync_res.txt
|
可以监视脚本的输出、以及crontab的日志文件来观察运行情况。主要是这两个日志文件:
|
1
2
|
/
root
/
rsync_res.txt
/
var
/
log
/
cron
|
nis server
1.安装nis
|
1
2
3
4
|
yum install yp
-
tools
yum install ypbind
yum install ypserv
yum install rpcbind
|
2.设置nis域名。
这里参考鸟哥的书,配置如下:
|
1
2
3
4
5
|
nis 域名 vbirdnis
整个内部的信任网络为
192.168
.
56.0
/
24
nis master server 的ip 为
192.168
.
56.103
,主机名为 www.centos.vbird
nis client 的ip为
192.168
.
56.105
,主机名为client.centos.vbird
nis client
2
的ip为
192.168
.
56.104
,主机名为backup.centos.vbird
|
编辑/etc/sysconfig/network,设置域名,并配置nis启动在固定的端口上:
|
1
2
3
4
|
[root@localhost ~]
# cat /etc/sysconfig/network
# Created by anaconda
NISDOMAIN
=
vbirdnis
YPSERV_ARGS
=
"-p 1011"
|
在两台客户机上也做同样的设置。
3.设置主要配置文件:
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
|
[root@localhost dc]
# cat /etc/ypserv.conf
#
# ypserv.conf In this file you can set certain options for the NIS server,
# and you can deny or restrict access to certain maps based
# on the originating host.
#
# See ypserv.conf(5) for a description of the syntax.
#
# Some options for ypserv. This things are all not needed, if
# you have a Linux net.
# How many map file handles should be cached ?
files:
30
# Should we register ypserv with SLP ?
# slp: no
# After how many seconds we should re-register ypserv with SLP ?
# slp_timeout: 3600
# xfr requests are only allowed from ports < 1024
xfr_check_port: yes
# The following, when uncommented, will give you shadow like passwords.
# Note that it will not work if you have slave NIS servers in your
# network that do not run the same server as you.
# Host : Domain : Map : Security
#
# * : * : passwd.byname : port
# * : * : passwd.byuid : port
# Not everybody should see the shadow passwords, not secure, since
# under MSDOG everbody is root and can access ports < 1024 !!!
*
:
*
: shadow.byname : port
*
:
*
: passwd.adjunct.byname : port
# If you comment out the next rule, ypserv and rpc.ypxfrd will
# look for YP_SECURE and YP_AUTHDES in the maps. This will make
# the security check a little bit slower, but you only have to
# change the keys on the master server, not the configuration files
# on each NIS server.
# If you have maps with YP_SECURE or YP_AUTHDES, you should create
# a rule for them above, that's much faster.
*
:
*
:
*
: none
|
4.设置主机名与ip的对应
配置对应文件:
|
1
2
3
4
5
6
|
[root@localhost dc]
# cat /etc/hosts
127.0
.
0.1
localhost localhost.localdomain localhost4 localhost4.localdomain4
::
1
localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168
.
56.103
www.centos.vbird
192.168
.
56.105
client.centos.vbird
192.168
.
56.104
backup.centos.vbird
|
使用hostname查看主机名,发现没有设置成功,用hostnamectl命令重新设置:
|
1
2
3
4
5
|
[root@localhost dc]
# hostname
localhost.localdomain
[root@localhost dc]
# hostnamectl set-hostname www.centos.vbird
[root@localhost dc]
# hostname
www.centos.vbird
|
5.启动所有相关服务
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
|
[root@localhost dc]
# cat /etc/sysconfig/yppasswdd
# The passwd and shadow files are located under the specified
# directory path. rpc.yppasswdd will use these files, not /etc/passwd
# and /etc/shadow.
#ETCDIR=/etc
# This option tells rpc.yppasswdd to use a different source file
# instead of /etc/passwd
# You can't mix usage of this with ETCDIR
#PASSWDFILE=/etc/passwd
# This option tells rpc.yppasswdd to use a different source file
# instead of /etc/passwd.
# You can't mix usage of this with ETCDIR
#SHADOWFILE=/etc/shadow
# Additional arguments passed to yppasswd
YPPASSWDD_ARGS
=
"--port 1012"
[root@localhost dc]
# systemctl status ypserv.service
● ypserv.service
-
NIS
/
YP (Network Information Service) Server
Loaded: loaded (
/
usr
/
lib
/
systemd
/
system
/
ypserv.service; disabled; vendor preset: disabled)
Active: inactive (dead)
[root@localhost dc]
# systemctl start ypserv.service
[root@localhost dc]
# systemctl enable ypserv.service
Created symlink
from
/
etc
/
systemd
/
system
/
multi
-
user.target.wants
/
ypserv.service to
/
usr
/
lib
/
systemd
/
system
/
ypserv.service.
[root@localhost dc]
# systemctl status ypserv.service
● ypserv.service
-
NIS
/
YP (Network Information Service) Server
Loaded: loaded (
/
usr
/
lib
/
systemd
/
system
/
ypserv.service; enabled; vendor preset: disabled)
Active: active (running) since Fri
2022
-
08
-
05
08
:
07
:
36
EDT;
13s
ago
Main PID:
32494
(ypserv)
Status:
"Processing requests..."
CGroup:
/
system.
slice
/
ypserv.service
└─
32494
/
usr
/
sbin
/
ypserv
-
f
-
p
1011
Aug
05
08
:
07
:
36
www.centos.vbird systemd[
1
]: Starting NIS
/
YP (Network Information Service) Server...
Aug
05
08
:
07
:
36
www.centos.vbird ypserv[
32494
]: WARNING: no securenets
file
found!
Aug
05
08
:
07
:
36
www.centos.vbird systemd[
1
]: Started NIS
/
YP (Network Information Service) Server.
[root@localhost dc]
# systemctl status yppasswdd.service
● yppasswdd.service
-
NIS
/
YP (Network Information Service) Users Passwords Change Server
Loaded: loaded (
/
usr
/
lib
/
systemd
/
system
/
yppasswdd.service; disabled; vendor preset: disabled)
Active: inactive (dead)
[root@localhost dc]
# systemctl start yppasswdd.service
[root@localhost dc]
# systemctl enable yppasswdd.service
Created symlink
from
/
etc
/
systemd
/
system
/
multi
-
user.target.wants
/
yppasswdd.service to
/
usr
/
lib
/
systemd
/
system
/
yppasswdd.service.
[root@localhost dc]
# systemctl status yppasswdd.service
● yppasswdd.service
-
NIS
/
YP (Network Information Service) Users Passwords Change Server
Loaded: loaded (
/
usr
/
lib
/
systemd
/
system
/
yppasswdd.service; enabled; vendor preset: disabled)
Active: active (running) since Fri
2022
-
08
-
05
08
:
08
:
06
EDT;
9s
ago
Main PID:
32611
(rpc.yppasswdd)
Status:
"Processing requests..."
CGroup:
/
system.
slice
/
yppasswdd.service
└─
32611
/
usr
/
sbin
/
rpc.yppasswdd
-
f
-
-
port
1012
Aug
05
08
:
08
:
06
www.centos.vbird systemd[
1
]: Starting NIS
/
YP (Network Information Service) Users Passwords Change Server...
Aug
05
08
:
08
:
06
www.centos.vbird yppasswdd
-
pre
-
setdomain[
32606
]: Setting NIS domain:
'vbirdnis'
(environment variable)
Aug
05
08
:
08
:
06
www.centos.vbird systemd[
1
]: Started NIS
/
YP (Network Information Service) Users Passwords Change Server.
|
检查看看是否有异常:
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
|
[root@localhost dc]
# rpcinfo -p localhost
program vers proto port service
100000
4
tcp
111
portmapper
100000
3
tcp
111
portmapper
100000
2
tcp
111
portmapper
100000
4
udp
111
portmapper
100000
3
udp
111
portmapper
100000
2
udp
111
portmapper
100004
2
udp
1011
ypserv
100004
1
udp
1011
ypserv
100004
2
tcp
1011
ypserv
100004
1
tcp
1011
ypserv
100009
1
udp
1012
yppasswdd
[root@localhost dc]
# rpcinfo -u localhost ypserv
program
100004
version
1
ready
and
waiting
program
100004
version
2
ready
and
waiting
|
6.处理账号并建立数据库
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
|
[root@localhost dc]
# useradd -u 1001 nisuser1
[root@localhost dc]
# useradd -u 1002 nisuser2
[root@localhost dc]
# useradd -u 1003 nisuser3
[root@localhost dc]
# vim /etc/passwd
[root@localhost dc]
# echo password | passwd --stdin nisuser1
Changing password
for
user nisuser1.
passwd:
all
authentication tokens updated successfully.
[root@localhost dc]
# echo password | passwd --stdin nisuser2
Changing password
for
user nisuser2.
passwd:
all
authentication tokens updated successfully.
[root@localhost dc]
# echo password | passwd --stdin nisuser3
Changing password
for
user nisuser3.
passwd:
all
authentication tokens updated successfully.
[root@localhost dc]
# /usr/lib64/yp/ypinit -m
At this point, we have to construct a
list
of the hosts which will run NIS
servers. www.centos.vbird
is
in
the
list
of NIS server hosts. Please
continue
to add
the names
for
the other hosts, one per line. When you are done with the
list
,
type
a <control D>.
next
host to add: www.centos.vbird
next
host to add:
The current
list
of NIS servers looks like this:
www.centos.vbird
Is this correct? [y
/
n: y] y
We need a few minutes to build the databases...
Building
/
var
/
yp
/
vbirdnis
/
ypservers...
Running
/
var
/
yp
/
Makefile...
gmake[
1
]: Entering directory `
/
var
/
yp
/
vbirdnis'
Updating passwd.byname...
Updating passwd.byuid...
Updating group.byname...
Updating group.bygid...
Updating hosts.byname...
Updating hosts.byaddr...
Updating rpc.byname...
Updating rpc.bynumber...
Updating services.byname...
Updating services.byservicename...
Updating netid.byname...
Updating protocols.bynumber...
Updating protocols.byname...
Updating mail.aliases...
gmake[
1
]: Leaving directory `
/
var
/
yp
/
vbirdnis'
www.centos.vbird has been
set
up as a NIS master server.
Now you can run ypinit
-
s www.centos.vbird on
all
slave server.
|
7.防火墙设置
|
1
2
3
4
5
6
7
8
9
10
11
|
iptables
-
F
iptables
-
X
iptables
-
Z
iptables
-
P
INPUT
DROP
iptables
-
P OUTPUT ACCEPT
iptables
-
P FORWARD ACCEPT
iptables
-
A
INPUT
-
i lo
-
j ACCEPT
iptables
-
A
INPUT
-
m state
-
-
state RELATED,ESTABLISHED
-
j ACCEPT
iptables
-
A
INPUT
-
p TCP
-
i enp0s8
-
s
192.168
.
56.1
-
j DROP
iptables
-
A
INPUT
-
p TCP
-
i enp0s8
-
s
192.168
.
56.0
/
24
-
j ACCEPT
iptables
-
A
INPUT
-
p UDP
-
i enp0s8
-
s
192.168
.
56.0
/
24
-
j ACCEPT
|
保存配置并且安排上定时任务:
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
|
iptables
-
save >
/
root
/
my_iptables_seetings.rule
/
usr
/
sbin
/
iptables
-
restore <
/
root
/
my_iptables_seetings.rule
[root@localhost html]
# cat /etc/crontab
SHELL
=
/
bin
/
bash
PATH
=
/
sbin:
/
bin
:
/
usr
/
sbin:
/
usr
/
bin
MAILTO
=
root
# For details see man 4 crontabs
# Example of job definition:
# .---------------- minute (0 - 59)
# | .------------- hour (0 - 23)
# | | .---------- day of month (1 - 31)
# | | | .------- month (1 - 12) OR jan,feb,mar,apr ...
# | | | | .---- day of week (0 - 6) (Sunday=0 or 7) OR sun,mon,tue,wed,thu,fri,sat
# | | | | |
# * * * * * user-name command to be executed
*
*
*
*
*
root
/
usr
/
sbin
/
iptables
-
restore <
/
root
/
my_iptables_seetings.rule
|
8.客户端配置
安装必须软件:
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
|
[root@localhost dc]
# yum install ypbind
Loaded plugins: fastestmirror, langpacks
Loading mirror speeds
from
cached hostfile
*
base: mirrors.nju.edu.cn
*
extras: mirrors.ustc.edu.cn
*
updates: mirrors.ustc.edu.cn
base |
3.6
kB
00
:
00
:
00
extras |
2.9
kB
00
:
00
:
00
updates |
2.9
kB
00
:
00
:
00
updates
/
7
/
x86_64
/
primary_db |
16
MB
00
:
00
:
03
Resolving Dependencies
-
-
> Running transaction check
-
-
-
> Package ypbind.x86_64
3
:
1.37
.
1
-
9.el7
will be installed
-
-
> Processing Dependency: yp
-
tools
for
package:
3
:ypbind
-
1.37
.
1
-
9.el7
.x86_64
-
-
> Running transaction check
-
-
-
> Package yp
-
tools.x86_64
0
:
2.14
-
5.el7
will be installed
-
-
> Finished Dependency Resolution
Dependencies Resolved
=
=
=
=
=
=
=
=
=
=
=
=
=
=
=
=
=
=
=
=
=
=
=
=
=
=
=
=
=
=
=
=
=
=
=
=
=
=
=
=
=
=
=
=
=
=
=
=
=
=
=
=
=
=
=
=
=
=
=
=
=
=
=
=
=
=
=
=
=
=
=
=
=
=
=
=
=
=
=
=
=
=
=
=
=
=
=
Package Arch Version Repository Size
=
=
=
=
=
=
=
=
=
=
=
=
=
=
=
=
=
=
=
=
=
=
=
=
=
=
=
=
=
=
=
=
=
=
=
=
=
=
=
=
=
=
=
=
=
=
=
=
=
=
=
=
=
=
=
=
=
=
=
=
=
=
=
=
=
=
=
=
=
=
=
=
=
=
=
=
=
=
=
=
=
=
=
=
=
=
=
Installing:
ypbind x86_64
3
:
1.37
.
1
-
9.el7
base
62
k
Installing
for
dependencies:
yp
-
tools x86_64
2.14
-
5.el7
base
79
k
Transaction Summary
=
=
=
=
=
=
=
=
=
=
=
=
=
=
=
=
=
=
=
=
=
=
=
=
=
=
=
=
=
=
=
=
=
=
=
=
=
=
=
=
=
=
=
=
=
=
=
=
=
=
=
=
=
=
=
=
=
=
=
=
=
=
=
=
=
=
=
=
=
=
=
=
=
=
=
=
=
=
=
=
=
=
=
=
=
=
=
Install
1
Package (
+
1
Dependent package)
Total download size:
142
k
Installed size:
299
k
Is this ok [y
/
d
/
N]: y
Downloading packages:
warning:
/
var
/
cache
/
yum
/
x86_64
/
7
/
base
/
packages
/
ypbind
-
1.37
.
1
-
9.el7
.x86_64.rpm: Header V3 RSA
/
SHA256 Signature, key
ID
f4a80eb5: NOKEY
Public key
for
ypbind
-
1.37
.
1
-
9.el7
.x86_64.rpm
is
not
installed
(
1
/
2
): ypbind
-
1.37
.
1
-
9.el7
.x86_64.rpm |
62
kB
00
:
00
:
00
(
2
/
2
): yp
-
tools
-
2.14
-
5.el7
.x86_64.rpm |
79
kB
00
:
00
:
00
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
Total
209
kB
/
s |
142
kB
00
:
00
Retrieving key
from
file
:
/
/
/
etc
/
pki
/
rpm
-
gpg
/
RPM
-
GPG
-
KEY
-
CentOS
-
7
Importing GPG key
0xF4A80EB5
:
Userid :
"CentOS-7 Key (CentOS 7 Official Signing Key) <security@centos.org>"
Fingerprint:
6341
ab27
53d7
8a78
a7c2
7bb1
24c6
a8a7 f4a8
0eb5
Package : centos
-
release
-
7
-
9.2009
.
0.el7
.centos.x86_64 (@anaconda)
From :
/
etc
/
pki
/
rpm
-
gpg
/
RPM
-
GPG
-
KEY
-
CentOS
-
7
Is this ok [y
/
N]: y
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Installing : yp
-
tools
-
2.14
-
5.el7
.x86_64
1
/
2
Installing :
3
:ypbind
-
1.37
.
1
-
9.el7
.x86_64
2
/
2
Verifying :
3
:ypbind
-
1.37
.
1
-
9.el7
.x86_64
1
/
2
Verifying : yp
-
tools
-
2.14
-
5.el7
.x86_64
2
/
2
Installed:
ypbind.x86_64
3
:
1.37
.
1
-
9.el7
Dependency Installed:
yp
-
tools.x86_64
0
:
2.14
-
5.el7
Complete!
[root@localhost dc]
# yum install yp-tools
Loaded plugins: fastestmirror, langpacks
Loading mirror speeds
from
cached hostfile
*
base: mirrors.nju.edu.cn
*
extras: mirrors.ustc.edu.cn
*
updates: mirrors.ustc.edu.cn
Package yp
-
tools
-
2.14
-
5.el7
.x86_64 already installed
and
latest version
Nothing to do
|
可以使用setup命令快速设置配置文件。
使用yptest命令验证数据库
使用ypwhich检查数据库数量
使用su - nisuser1 切换身份。
参考
- https://blog.csdn.net/m0_55754984/article/details/119177156 kali虚拟机安装教程(超详细)
- https://www.junmajinlong.com/virtual/network/virtualbox_net/ 理解VirtualBox网络
- 《鸟哥的linux私房菜》
- http://bbs.chinaunix.net/thread-1990048-1-1.html iptables -m state --state RELATED,ESTABLISHED是什么意思
- https://blog.csdn.net/MssGuo/article/details/120604176 hostname hostnamectl 显示、设置主机名
- https://blog.csdn.net/qq_39914597/article/details/114369086 天翼云修改SSH默认远程端口
更多【[安全运维向]模拟搭建小型企业内网】相关视频教程:www.yxfzedu.com
相关文章推荐
- 软件逆向-WinCHM 再探索! - 游戏基址 二进制漏洞 密码应用 智能设备
- 软件逆向-DTrace 研究 - 游戏基址 二进制漏洞 密码应用 智能设备
- 软件逆向-常见语言基础逆向方法合集 - 游戏基址 二进制漏洞 密码应用 智能设备
- 软件逆向-分享个东西,cheat engine的变速精灵(speedhack)模块调用方法. - 游戏基址 二进制漏洞 密码应用 智能设备
- 软件逆向-SoftAny WinCHM 5.496 注册码笔记 by ZeNiX - 游戏基址 二进制漏洞 密码应用 智能设备
- CTF对抗-crackme001 Acid burn - 游戏基址 二进制漏洞 密码应用 智能设备
- Android安全-定制bcc/ebpf在android平台上实现基于dwarf的用户态栈回溯 - 游戏基址 二进制漏洞 密码应用 智能设备
- CTF对抗-Java安全小白的入门心得 - 初见RMI协议 - 游戏基址 二进制漏洞 密码应用 智能设备
- 编程技术-这个崩溃有点意思,你中过招吗 - 游戏基址 二进制漏洞 密码应用 智能设备
- 软件逆向-PE头解析-字段说明 - 游戏基址 二进制漏洞 密码应用 智能设备
- 软件逆向-PE加载过程 FileBuffer-ImageBuffer - 游戏基址 二进制漏洞 密码应用 智能设备
- 加壳脱壳-进程 Dump & PE unpacking & IAT 修复 - Windows 篇 - 游戏基址 二进制漏洞 密码应用 智能设备
- CTF对抗-第五空间 crackme深度分析 - 游戏基址 二进制漏洞 密码应用 智能设备
- Pwn-DAS9月月赛PWN题出题心路 - 游戏基址 二进制漏洞 密码应用 智能设备
- CTF对抗-CSAW-CTF-Web部分题目 - 游戏基址 二进制漏洞 密码应用 智能设备
- CTF对抗-2022MT-CTF Re - 游戏基址 二进制漏洞 密码应用 智能设备
- 编程技术-逆向IoRegisterPlugPlayNotification获取即插即用回调地址,配图加注释超级详细 - 游戏基址 二进制漏洞 密码应用 智能设备
- 软件逆向-针对百度旗下的一个会议软件,简单研究其CEF框架 - 游戏基址 二进制漏洞 密码应用 智能设备
- Android安全-逆向篇三:解决Flutter应用不能点击问题 - 游戏基址 二进制漏洞 密码应用 智能设备
- Android安全-Android - 系统级源码调试 - 游戏基址 二进制漏洞 密码应用 智能设备
记录自己的技术轨迹
文章规则:
1):文章标题请尽量与文章内容相符
2):严禁色情、血腥、暴力
3):严禁发布任何形式的广告贴
4):严禁发表关于中国的政治类话题
5):严格遵守中国互联网法律法规
6):有侵权,疑问可发邮件至service@yxfzedu.com
近期原创 更多
