目录
1、获取Linux系统用户,SHELL为 nologin 的用户名和家目录。提示:系统用户信息都在 /etc/passwd
bash[root@node01 ~]# cat /etc/passwd | awk -F ":" '/nologin/ {print $1 " ———— " $(NF - 1)}'
bin ———— /bin
daemon ———— /sbin
adm ———— /var/adm
lp ———— /var/spool/lpd
mail ———— /var/spool/mail
operator ———— /root
games ———— /usr/games
ftp ———— /var/ftp
nobody ———— /
systemd-network ———— /
dbus ———— /
polkitd ———— /
sshd ———— /var/empty/sshd
postfix ———— /var/spool/postfix
2、每3分钟获取一次 systemd 这个进程的运行用户,PID,cpu使用率,内存使用率。 并讲结果保存到/root/system.log 文件中。
提示:只要获取第一行,systemd 进程的。不要下边systemd-xxxx
bash[root@node01 ~]# ps aux | grep systemd
root 1 0.5 0.3 125456 3896 ? Ss 13:57 0:01 /usr/lib/systemd/systemd --switched-root --system --deserialize 22
root 3106 0.0 0.2 37112 2816 ? Ss 13:58 0:00 /usr/lib/systemd/systemd-journald
root 3125 0.2 0.3 45704 3068 ? Ss 13:58 0:00 /usr/lib/systemd/systemd-udevd
root 5902 0.0 0.1 26376 1748 ? Ss 13:58 0:00 /usr/lib/systemd/systemd-logind
dbus 5903 0.0 0.2 58224 2508 ? Ss 13:58 0:00 /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
root 7937 0.0 0.0 112708 972 pts/0 R+ 14:02 0:00 grep --color=auto systemd
- 安装cron服务并启动
bash[root@node01 ~]# yum install cronie crontabs
[root@node01 ~]# systemctl start crond
[root@node01 ~]# systemctl status crond
● crond.service - Command Scheduler
Loaded: loaded (/usr/lib/systemd/system/crond.service; enabled; vendor preset: enabled)
Active: active (running) since Fri 2024-06-07 14:37:36 CST; 1min 21s ago
Main PID: 30216 (crond)
CGroup: /system.slice/crond.service
└─30216 /usr/sbin/crond -n
Jun 07 14:37:36 node01 systemd[1]: Stopped Command Scheduler.
Jun 07 14:37:36 node01 systemd[1]: Started Command Scheduler.
Jun 07 14:37:36 node01 crond[30216]: (CRON) INFO (RANDOM_DELAY will be scaled with factor 33% if used.)
Jun 07 14:37:36 node01 crond[30216]: (CRON) INFO (running with inotify support)
Jun 07 14:37:36 node01 crond[30216]: (CRON) INFO (@reboot jobs will be run at computer's startup.)
- 创建shel脚本并赋予可执行权限
bash[root@node01 ~]# vim ps_user_systemd.sh
#/bin/bash
# 获取 systemd 进程 USER PID %CPU %MEM
ps aux | grep systemd | awk '{print $1 "*" $2 "*" $3 "*" $4}' >> /root/system.log
[root@node01 ~]# chmod +x ps_user_systemd.sh
[root@node01 ~]# ./ps_user_systemd.sh
[root@node01 ~]# cat system.log
root*1*0.0*0.3
root*3106*0.0*0.2
root*3125*0.0*0.3
root*5902*0.0*0.1
dbus*5903*0.0*0.2
root*36513*0.0*0.0
- 配置定时任务
bash[root@node01 ~]# crontab -e
*/3 * * * * /root/ps_user_systemd.sh
no crontab for root - using an empty one
crontab: installing new crontab
3、查看当前虚拟机的路由表信息,并将默认网关 保存到 /root/network-config.txt 文件中;提取当前虚拟机上,ens33 网卡的IP地址。并将内容保存到 /root/network-config.txt 文件中
要求:
文件保存格式应该为下所示,xxx 为你vm上的默认网关IP,和 ip地址。提供你提取这两个信息的命令,和最终 network-config.txt的结果
GATEWAY=xxx.xxx.xx.xx
IPADDR=xxx.xx.xx.xx
bash[root@node01 ~]# ip route show default | sed -n '1p' | awk '{print "GATEWAY="$3}' > /root/network-config.txt
[root@node01 ~]# cat network-config.txt
GATEWAY=192.168.12.2
[root@node01 ~]# ip addr show ens33 | grep "inet [[:digit:]]" | awk '{print "IPADDR=" $2}' | cut -d '/' -f 1 >> /root/network-config.txt
[root@node01 ~]# cat network-config.txt
GATEWAY=192.168.12.2
IPADDR=192.168.12.136
4、将刚才生成的 /root/network-config.txt 文件通过scp 复制到你的另外一台虚拟机上,存储为:/root/xx.xx.xx.xx-network.txt
要求:
- scp 复制的时候不能输入密码
- xx.xx.xx.xx 为 3 题中这台VM的IP地址。
最终的目的是需要你把服务器A的IP地址网关保存到文件并 复制到另一台服务器上保存。
- 创建ssh秘钥
bash[root@node01 ~]# ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Created directory '/root/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:sTZ6ik3tN9tiJiHoPTQyju6+PdvunATdsx1+KJQQkIU root@node01
The key's randomart image is:
+---[RSA 2048]----+
| .=o |
| E . |
| . . |
| . o + |
| ... S . |
| +.+=.* o |
| + =+o=.+ . |
| ..+Bo=..*o |
| +=.+=O..=.+. |
+----[SHA256]-----+
[root@node01 ~]# cd .ssh
[root@node01 .ssh]# ls
id_rsa id_rsa.pub
- 将公钥发送给node02
bash[root@node01 .ssh]# ssh-copy-id -i id_rsa.pub root@192.168.12.138
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "id_rsa.pub"
The authenticity of host '192.168.12.138 (192.168.12.138)' can't be established.
ECDSA key fingerprint is SHA256:QM2iRcHQJ3ENGG+/yM1OlcuBijP7H43pS3p93AZgoNI.
ECDSA key fingerprint is MD5:30:4f:32:e8:20:d6:52:6e:ce:86:01:bb:45:d7:1e:16.
Are you sure you want to continue connecting (yes/no)? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@192.168.12.138's password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh 'root@192.168.12.138'"
and check to make sure that only the key(s) you wanted were added.
# 测试是否使用公钥登录成功
[root@node01 .ssh]# ssh root@192.168.12.138
Last login: Fri Jun 7 14:00:34 2024 from 192.168.12.1
[root@node02 ~]# logout
Connection to 192.168.12.138 closed.
- 使用scp将network-config.txt发送给node02
bash[root@node01 .ssh]# scp /root/network-config.txt root@192.168.12.138:/root/192.168.12.136-network.txt
network-config.txt
[root@node02 ~]# ls
192.168.12.136-network.txt anaconda-ks.cfg
5、将3 题中这台虚拟机上的 /data/share 目录共享给另一台服务器(4题中scp的目标机器,挂载到/data/nfs ,保证服务器重启,NFS仍然可以挂载)
- 安装NFS服务和rpcbind
bash[root@node01 ~]# yum install rpcbind nfs-utils
- 创建共享目录并赋予权限
bash[root@node01 ~]# mkdir -p /data/share/
[root@node01 ~]# chmod 755 -R /data/share/
- 配置NFS
bash[root@node01 ~]# vim /etc/exports
/data/share/ 192.168.0.0/16(rw,no_root_squash,no_all_squash,sync)
- 开启服务
bash[root@node01 ~]# systemctl start rpcbind
[root@node01 ~]# systemctl start nfs-server
- 开放防火墙
bash[root@node01 ~]# firewall-cmd --add-service=nfs --per
success
[root@node01 ~]# firewall-cmd --permanent --add-service=mountd --per
success
[root@node01 ~]# firewall-cmd --permanent --add-service=rpc-bind
success
[root@node01 ~]# firewall-cmd --reload
success
[root@node01 ~]# firewall-cmd --list-all
public (active)
target: default
icmp-block-inversion: no
interfaces: ens33
sources:
services: ssh dhcpv6-client nfs rpc-bind mountd
ports:
protocols:
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
- 测试本机是否可连接
bash[root@node01 ~]# showmount -e localhost
Export list for localhost:
/data/share 192.168.0.0/16
- node02(客户端)安装相关服务
bash[root@node02 ~]# yum install nfs-utils rpcbind
- 开启服务并检测连接
bash[root@node02 ~]# systemctl start rpcbind
[root@node02 ~]# showmount -e 192.168.12.136
Export list for 192.168.12.136:
/data/share 192.168.0.0/16
- 创建目录并挂载
bash[root@node02 ~]# mkdir -p /data/nfs
- 挂载目录
bash[root@node02 ~]# mount -t nfs 192.168.12.136:/data/share /data/nfs -o nolock,nfsvers=3,vers=3
[root@node02 ~]# df -h
Filesystem Size Used Avail Use% Mounted on
/dev/mapper/centos-root 7.3G 1.3G 6.0G 18% /
devtmpfs 475M 0 475M 0% /dev
tmpfs 487M 0 487M 0% /dev/shm
tmpfs 487M 7.7M 479M 2% /run
tmpfs 487M 0 487M 0% /sys/fs/cgroup
/dev/sda1 797M 133M 665M 17% /boot
tmpfs 98M 0 98M 0% /run/user/0
192.168.12.136:/data/share 7.3G 1.3G 6.0G 18% /data/nfs
-
开机后自动挂载
- /etc/rc.d/rc.local
bash[root@node02 ~]# vim /etc/rc.d/rc.local #!/bin/bash # THIS FILE IS ADDED FOR COMPATIBILITY PURPOSES # # It is highly advisable to create own systemd services or udev rules # to run scripts during boot instead of using this file. # # In contrast to previous versions due to parallel execution during boot # this script will NOT be run after all other services. # # Please note that you must run 'chmod +x /etc/rc.d/rc.local' to ensure # that this script will be executed during boot. touch /var/lock/subsys/local mount -t nfs 192.168.12.136:/data/share /data/nfs -o nolock,nfsvers=3,vers=3 [root@node02 ~]# chmod +x /etc/rc.d/rc.local- 使用 systemd 挂载单元文件
bash[root@node02 ~]# vim /etc/systemd/system/data-nfs.mount [Unit] Description=NFS Mount /data/nfs Requires=network-online.target After=network-online.target [Mount] What=192.168.12.136:/data/share Where=/data/nfs Type=nfs Options=nolock,nfsvers=3,vers=3 [Install] WantedBy=multi-user.target [root@node02 ~]# systemctl daemon-reload [root@node02 ~]# systemctl start data-nfs.mount [root@node02 ~]# systemctl enable data-nfs.mount Created symlink from /etc/systemd/system/multi-user.target.wants/data-nfs.mount to /etc/systemd/system/data-nfs.mount.
6、从下面的文件内容中获取要求的信息:
bashserver {
listen 80;
server_name app.nebulaedu.net;
location /Rest {
proxy_pass http://nebula-rest;
}
location ~ ^/service {
rewrite ^/service/(.*)$ /\$1 break;
proxy_pass http://nebula-service;
}
location /static {
proxy_pass http://127.0.0.1;
}
location /static {
proxy_pass http://192.0.0.1;
}
location / {
proxy_pass http://nebula-apps;
}
}
6.1 获取 proxy_pass 引用的所有的upstream name,如proxy_pass http://nebula-apps; 中,upstream name为 nebula-apps。但是不能有127.0.0.1 和 192.0.0.1 这样的IP地址(注意:这里会出现任何可能得IP地址,不要只考虑上边出现的127.0.0.1 和 192.0.0.1)
bash[root@node01 ~]# grep -o 'proxy_pass http://[^[:space:]]*' test01 | awk -F/ '{print $3}' | tr -d ';' | grep -vE '[0-9]'
nebula-rest
nebula-service
nebula-apps
6.2 从上边这个文件中提取下边要求的location 块的内容,并将 service 替换成 Service/new
bashlocation ~ ^/service {
rewrite ^/service/(.*)$ /\$1 break;
proxy_pass http://nebula-service;
}
最终的结果应该为:
bashlocation ~ ^/Service/new {
rewrite ^/Service/new/(.*)$ /\$1 break;
proxy_pass http://nebula-Service/new;
}
```bash
[root@node01 ~]# sed '/location ~ \^\/service {/,/}/s/service/Service\/new/g; /location ~ \^\/service {/,/}/s/nebula-service/nebula-Service\/new/g' test01
server {
listen 80;
server_name app.nebulaedu.net;
location /Rest {
proxy_pass http://nebula-rest;
}
location ~ ^/Service/new {
rewrite ^/Service/new/(.*)$ /\$1 break;
proxy_pass http://nebula-Service/new;
}
location /static {
proxy_pass http://127.0.0.1;
}
location /static {
proxy_pass http://192.0.0.1;
}
location / {
proxy_pass http://nebula-apps;
}
}
bash[root@node01 ~]# sed '/location ~ \^\/service {/,/}/s/service/Service\/new/g; /location ~ \^\/service {/,/}/s/nebula-service/nebula-Service\/new/g' test01
server {
listen 80;
server_name app.nebulaedu.net;
location /Rest {
proxy_pass http://nebula-rest;
}
location ~ ^/Service/new {
rewrite ^/Service/new/(.*)$ /\$1 break;
proxy_pass http://nebula-Service/new;
}
location /static {
proxy_pass http://127.0.0.1;
}
location /static {
proxy_pass http://192.0.0.1;
}
location / {
proxy_pass http://nebula-apps;
}
}
提示:
1、sed 位置定界(正则匹配)
2、关于正则匹配:注意分析需求,开始和结束行的规律。 正则只需要能够在当前文本里唯一确定你想要的行 就可以,一些不需要匹配的内容都可以使用 .* 进行匹配
3、这个需求里有好几个需要注意的特殊字符,需要干什么呢?
4、在文本处理中,多尝试,写完测试,看输出,多尝试。注意分步进行,使用 | 分多个步骤,只要完成结果 就行
7、有下列文本,文本总行数10w行(意思是人工数数是不行哒 ^__^ ):
bash字段说明:
[日志打印时间] 访问来源IP 响应体的大小 请求方法 URI http状态码 请求处理时间 "整个引号内都为
UserAgent" 缓存状态(有MISS和HIT) "最后一列为响应类型(假设这个字段内容固定为
application/json)"
[28/May/2024:22:01:04 +0800] 119.188.27.197 889 "GET /nebula" 206 283
"Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.3) Gecko/20100401
Firefox/3.6.3" HIT "application/json"
[28/May/2024:22:01:02 +0800] 123.129.202.151 147 "POST /login" 200 50
"Mozilla/5.0 (Windows; U; Windows NT 5.1; Firefox/3.6.3 (.NET CLR 3.5.30729)"
MISS "application/json"
[28/May/2024:22:01:02 +0800] 123.129.202.151 147 "HEAD /reg" 405 50 "Mozilla/5.0
(Windows; U; Windows NT 5.1; Firefox/3.6.3 (.NET CLR 3.5.30729)" MISS
"application/json"
[28/May/2024:22:01:02 +0800] 123.129.202.151 147 "GET /reg" 405 50 "Mozilla/5.0
(Windows; U; Windows NT 5.1; Firefox/3.6.3 (.NET CLR 3.5.30729)" MISS
"application/json"
7.1 统计http访问状态码为405的请求,top10的 URI 是什么,这10个URI的分别访问了多少次【提示:课堂上写过哦】
bash[root@node01 ~]# grep ' 405 ' test02 | awk '{print $7}' | sort | uniq -c | sort -rn | head -10
2 405
7.2 统计这10w行日志中,不同缓存缓存状态[缓存状态要么HIT,要么MISS]的请求数量分别是多少【提示:方法很多,有简单的写法,也有复杂的写法,思路打开,解决问题就行】
bash[root@node01 ~]# awk '{print $(NF-1)}' test02 | sort | uniq -c
7.3 统计这10w行日志中,不同状态码的请求数量,并按照不同状态访问数量进行倒序排列【提示:课堂上我们写过统计TCP状态机】
bash[root@node01 ~]# awk '{print $9}' test02 | sort | uniq -c | sort -nr
如这样(注意我下边这个输出只是一个示例输出格式,不代表状态就只有 206,..101 这几个,至于这 10w行里边具体有哪些状态码,是需要你自己去统计的):
206 60666
200 51338
304 50013
403 53253
404 1
499 5
101 3
8、vsftpd 服务继续搭建,尽量最终能成功。并把过程以及碰到的问题记录下来。有问题,搞不通,先尝试对照讲义的配置,看看自己写的哪里不对,按照服务排查套路去检查,注意检查权限,多看日志,错误信息,也可以GPT和百度,并去尝试验证。如果1小时解决不了,及时找老师。
提示: 系统日志 /var/log/messages 登录相关日志 /var/log/secure 还有 systemctl status也会 打印一些错误信息
- 安装vsftpd服务
bash[root@node01 ~]# yum install vsftpd
- 配置文件
- 备份原文件
bash[root@node01 ~]# cd /etc/vsftpd/
[root@node01 vsftpd]# ls
ftpusers user_list vsftpd.conf vsftpd_conf_migrate.sh
[root@node01 vsftpd]# mv vsftpd.conf vsftpd.conf.back
- 创建新配置文件
bash[root@node01 vsftpd]# vim vsftpd.conf
anonymous_enable=NO
local_enable=YES
write_enable=YES
local_umask=022
dirmessage_enable=YES
xferlog_enable=YES
connect_from_port_20=YES
xferlog_std_format=YES
chroot_local_user=YES
listen=NO
listen_ipv6=YES
pam_service_name=vsftpd
userlist_enable=YES
tcp_wrappers=YES
user_config_dir=/etc/vsftpd/vsftpd_user_conf
guest_enable=YES
guest_username=vsftpd
vsftpd_log_file=/var/log/vsftpd.log
dual_log_enable=YES
pasv_max_port=15100
pasv_min_port=15000
- 创建虚拟用户
bash[root@node01 vsftpd]# vim /etc/vsftpd/userlist.txt
gyc
123456
[root@node01 vsftpd]# db_load -T -t hash -f userlist.txt userlist.db
[root@node01 vsftpd]# ls
ftpusers user_list userlist.db userlist.txt vsftpd.conf vsftpd.conf.back vsftpd_conf_migrate.sh
[root@node01 vsftpd]# mv userlist.txt /tmp/
- 配置虚拟用户PAM认证
bash[root@node01 vsftpd]# vim /etc/pam.d/vsftpd
#%PAM-1.0
#session optional pam_keyinit.so force revoke
#auth required pam_listfile.so item=user sense=deny file=/etc/vsftpd/ftpusers onerr=succeed
#auth required pam_shells.so
#auth include password-auth
#account include password-auth
#session required pam_loginuid.so
#session include password-auth
auth sufficient pam_userdb.so db=/etc/vsftpd/userlist
account sufficient pam_userdb.so db=/etc/vsftpd/userlist
- 创建虚拟用户配置
bash[root@node01 vsftpd]# mkdir vsftpd_user_conf
[root@node01 vsftpd]# cd vsftpd_user_conf/
[root@node01 vsftpd_user_conf]# vim gyc
non_world_readable_only=NO
write_enable=YES
allow_writeable_chroot=YES
anon_mkdir_write_enable=YES
anon_upload_enable=YES
anon_other_write_enable=YES
anon_umask=022
local_root=/home/ftp/gyc
- 创建数据目录
bash[root@node01 vsftpd_user_conf]# mkdir /home/ftp/gyc -p
[root@node01 vsftpd_user_conf]# useradd vsftpd -s /sbin/nologin
[root@node01 vsftpd]# chown vsftpd.vsftpd /home/ftp/ -R
[root@node01 vsftpd]# chown 755 /home/ftp/ -R
- 开放防火墙规则并开启vsftpd服务
bash[root@node01 vsftpd]# systemctl start vsftpd
[root@node01 vsftpd]# firewall-cmd --add-port=15000-15100/tcp --per
success
[root@node01 vsftpd]# firewall-cmd --add-port=21/tcp --per
success
[root@node01 vsftpd]# firewall-cmd --reload
success
[root@node01 vsftpd]# firewall-cmd --list-all
public (active)
target: default
icmp-block-inversion: no
interfaces: ens33
sources:
services: ssh dhcpv6-client nfs rpc-bind mountd
ports: 15000-15100/tcp 21/tcp
protocols:
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
- 客户端安装lftp工具
bash[root@node02 yum.repos.d]# yum install lftp
- 客户端连接
bash[root@node01 vsftpd]# cd /home/ftp/gyc
[root@node01 gyc]# touch hello
[root@node02 yum.repos.d]# lftp -u gyc,123456 192.168.12.136
lftp gyc@192.168.12.136:/> ls
-rw-r--r-- 1 0 0 0 Jun 07 15:03 hello
9、附加题【前边基础掌握比较好的同学,提高一下。某大厂的真题】
- 文件 student, 内容如下
bashtom 3 zhangsan 20 lisi 30 wangmazi 50
- 文件 money,内容如下
bashjerry 200 lisi 400 tom 300 nebula 400
money里记录了每个用户兜里的金币数量,student记录了用户的年龄。
需求: 重新生成一个文件,需要在第三列补齐student里边用户的金币数,如果用户在money文件中没 有,则使用空格填充。最终文件中,用户名,年龄,和金币数。三列需要使用逗号(注意英文逗号,)隔开 提示:
1、需要同时处理两个文件,考察awk的NR和FNR;awk 的 { if (condition) {commands} else (condition) {commands} } END { for 循环 }
2、最后的文件内容应该为(可能每行顺序会不一样):
bashwangmazi,50, zhangsan,20, tom,3,300 jerry,5,200 lisi,30,400
- 方法1
bash[root@node01 gyc]# vim student
[root@node01 gyc]# vim money
[root@node01 gyc]# awk '{
> if (FNR == NR) {
> money[$1] = $2; # 保存money文件中的数据
> } else {
> age = $2; # student文件中的年龄
> coins = (money[$1] ? money[$1] : ""); # 匹配对应的金币数,如果没有则为空格
> print $1 "," age "," coins;
> }
> }' money student
tom,3,300
zhangsan,20,
lisi,30,400
wangmazi,50,
- 方法2
bash[root@node01 gyc]# awk 'NR==FNR{a[$1]=$2; next} {print $1 "," $2 "," (a[$1] ? a[$1] : " ")}' money student
tom,3,300
zhangsan,20,
lisi,30,400
wangmazi,50,
如果对你有用的话,可以打赏哦
打赏
本文作者:GYC
本文链接:
版权声明:本博客所有文章除特别声明外,均采用 BY-NC-SA 许可协议。转载请注明出处!
目录