RHCE
Red Hat Certified Engineer
- RedHat ๋ฆฌ๋ ์ค ์์คํ ๊ด๋ฆฌ, ๋คํธ์ํฌ, ๋ณด์์ ๋ํ ์ ๋ฌธ์ง์์ ๋ณด์ ํ๊ณ ์์์ ์ธ์ฆ
- ๋ฆฌ๋ ์ค ์ ๋ฌธ์ง์์ ๋ํ ์๊ฒฉ์ฆ์ผ๋ก๋ LPIC1๊ฐ ์์
์์ ๋ฌธ์
selinux ํ์ฑํ
ip forwarding ์ค์
/etc/sysctl.conf
cron ์ค์
/etc/cron.deny
anonymous ftp
samba
- ์ค์น
$ yum install -y samba - samba ์ ์ฉ ๊ทธ๋ฃน ์์ฑ ๋ฐ ์ฌ์ฉ์ ์ค์
$ groupadd project useradd -aG project guru - ๋๋ ํ ๋ฆฌ ์์ฑ ๋ฐ ๊ถํ ์ค์
$ mkdir /project $ chgrp project /project $ chmod 2770 /project - selinux ์ค์
$ selinux chcon -R -t samba_share_t /project getsebool -a | grep samba; setsebool -P samba_enable_home_dirs on - ์ค์ ํ์ผ ์์ (๋ฐ๋ชฌ ์ฌ๊ฐ๋ & ๋ถํ
์ ์ค์ ํฌํจ)
# /etc/samba/smb.conf workgroup = HPEDU hosts allow = x.x.x. ; or ๋ฐฉํ๋ฒฝ ์ค์ [project] ; ๊ธฐ์กด ์ค์ ๋ณต์ฌ comment = hp-project path = /project writable = yes (browsable = yes) write list = +project ; or guru - ์ฌ๊ตฌ๋
$ service smb restart $ chkconfig smb on - ๋ฐฉํ๋ฒฝ ์ค์
$ system-config-firewall โ smb ์ ํ - samba ๊ณ์ ์ค์
$ smbpasswd -a guru - test
$ smbclient -L //IP -U guru $ mount -t cifs -o user=gure //IP/project /mnt $ df -h
nfs
- ์ค์น
$ yum install -y nfs-utils - ์ค์
# /etc/exports /common IP(ro,sync) - ์ฌ๊ตฌ๋
$ service nfs restart $ chkconfig nfs on - ๋ฐฉํ๋ฒฝ
$ system-config-firewall โ NFS4 ์ ํ
postfix
- ์ค์น
$ yum install -y postfix - ์ค์
# /etc/postfix/main.cf (or postconf -e "inet_interfaces = all") inet_interfaces = all inet_interfaces = localhost - ์ฌ๊ตฌ๋
$ service postfix restart $ chkconfig postfix on - ๋ฐฉํ๋ฒฝ
$ system-config-firewall โ Mail (SMTP) ์ ํ - ailas ์ค์
# /etc/aliases guru: visitor - alias ์ ์ฉ
$ newaliases - test (๋ค๋ฅธ ์์คํ
)
$ mailx guru@192.168.56.201 $ mailq
httpd
- ์ค์น ๋ฐ ์ค์ (๋ฐ๋ชฌ ์ฌ๊ฐ๋ & ๋ถํ
์ ์ค์ ํฌํจ)
- Apache ํญ๋ชฉ ์ฐธ์กฐ
- selinux
$ ls -ldZ /var/www/html $ chcon -R -t httpd_sys_content_t /www $ ls -ldZ /www - ๋ฐฉํ๋ฒฝ
$ system-config-firewall โ WWW(HTTP) ์ ํ - httpd ๋๋ ํ ๋ฆฌ ์ ๊ทผ ์ค์
<Directory "/var/www/virtual/security"> Options Indexes FollowSymLinks AllowOverride None Order allow,deny Allow from IP ### ์ด ๋ถ๋ถ์ด ์ค์ </Directory>
httpd ๊ฐ์ ํธ์คํธ
- ์ค์ (๋ฐ๋ชฌ ์ฌ๊ฐ๋ & ๋ถํ
์ ์ค์ ํฌํจ)
# /etc/httpd/conf/httpd.conf NameVirtualHost *:80 <VirtualHost *:80> ServerAdmin webmaster@dummy-host.example.com DocumentRoot /www ServerName server.example.com ErrorLog logs/dummy-host.example.com-error_log CustomLog logs/dummy-host.example.com-access_log common </VirtualHost> <VirtualHost *:80> ServerAdmin webmaster@dummy-host.example.com DocumentRoot /var/www/virtual ServerName www.example.com ErrorLog logs/dummy-host.example.com-error_log CustomLog logs/dummy-host.example.com-access_log common </VirtualHost> - ์ฌ๊ตฌ๋
$ service httpd restart $ chkconfig httpd on - ๋๋ ํ ๋ฆฌ ์์ฑ ๋ฐ ํ์ผ ๋ค์ด ๋ก๋
$ mkdir /var/www/virtual $ wget ftp://my.site.com/virtualpage.html $ mv virtualpage.html index.html - selinux
$ ls -lZ /var/www/virtual - test
$ lynx http://server201.example.com $ lynx http://www201.example.com
iscsi
- ์ค์น ๋ฐ start(enable)
$ yum install -y iscsi-initiator-utils $ service iscsid start $ chkconfig iscsid on - iscsi ์๋ฒ ์ง์ ๋ฐ ๋ก๊ทธ์ธ
$ iscsiadm -m discovery -t st -p {iSCSI Server IP} $ iscsiadm -m node -T iqn~~ -p {iSCSI Server IP} -l $ iscsiadm -m node -T iqn~~ -p {iSCSI Server IP} -o update -n node.startup -v automatic $ dmesg | tail - disk ์์
$ fdisk -cu /dev/sde $ mkfs -t ext4 /dev/sde1 $ mkdir /iscsi $ vi /etc/fstab $ mount /iscsi
ssh ์ ๊ทผ์ ์ด
์คํฌ๋ฆฝํธ ์์ฑ
๋ถํ ์ ์ปค๋๊ฐ ์ค์
์๋ ํ์ผ์ ํธ์งํ์ฌ kernel ์ ์ผ ๋ค์ชฝ์ ์ํ๋ ๊ฐ์ ์ธํ ํ์ฌ ๋ฃ์ ~~~shell $ vi /boot/grub/grub.conf ~~~
iso mount
~~~properties
iso9660 ro,loop
~~~
์ถ๊ฐ ์์ ๋ฌธ์
httpd ์ธ์ฆ ์ค์ (File)
- ๋๋ ํ ๋ฆฌ ์์ฑ ๋ฐ ํ์ผ ๋ค์ด๋ก๋
$ cd /var/www/virtual $ mkdir security $ wget ftp://my.site.com/security.html - ์ธ์ฆ
$ htpasswd -c -m /var/www/.userlist guru - ์ค์ (๋ฐ๋ชฌ ์ฌ๊ฐ๋ & ๋ถํ
์ ์ค์ ํฌํจ)
# /etc/httpd/conf/httpd.conf <VirtualHost *:80> ServerAdmin webmaster@dummy-host.example.com DocumentRoot /var/www/virtual ServerName www201.example.com <Directory "/var/www/virtual/security"> Options Indexes FollowSymLinks AllowOverride None AuthName "Security" AuthType basic AuthUserFile "/var/www/.userlist" Require vaild-user Order allow,deny Allow from all </Directory> ErrorLog logs/dummy-host.example.com-error_log CustomLog logs/dummy-host.example.com-access_log common </VirtualHost> - ์ฌ๊ตฌ๋
$ service httpd restart $ chkconfig httpd on - ๊ฒ์ฆ
$ lynx http://IP/security/security.html
httpd ์ธ์ฆ์ค์ (LDAP)
- ๋๋ ํ ๋ฆฌ ์์ฑ ๋ฐ ํ์ผ ๋ค์ด๋ก๋
$ cd /var/www/virtual $ mkdir security $ wget ftp://my.site.com/security.html - ์ธ์ฆ์ ํ์ผ ์ค์น
$ cd /etc/httpd $ wget http://my.site.com/server.crt - ์ค์ (๋ฐ๋ชฌ ์ฌ๊ฐ๋ & ๋ถํ
์ ์ค์ ํฌํจ)
# /etc/httpd/conf/httpd.conf LDAPTrustedGlobalCert CA_BASE64 /etc/httpd/server.crt <VirtualHost *:80> ServerAdmin webmaster@dummy-host.example.com DocumentRoot /var/www/virtual ServerName www201.example.com <Directory "/var/www/virtual/security"> Options Indexes FollowSymLinks AllowOverride None AuthName "Security" AuthType basic AuthBasicProvider ldap <<<<< AuthLDAPUrl "ldap://xxx/dc=example,dc=com" TLS Require vaild-user Order allow,deny Allow from all </Directory> ErrorLog logs/dummy-host.example.com-error_log CustomLog logs/dummy-host.example.com-access_log common </VirtualHost> - ์ฌ๊ตฌ๋
$ service httpd restart $ chkconfig httpd on
caching name server
- ์ค์น
$ yum install -y bind - ์ค์ ~~~conf /etc/named.conf listen-on port 53 { any; }; listen-on-v6 port 53 { any; }; allow-query { localhost; 192.168.56.0/24; }; forwarders { 192.168.56.201; }; dnssec-validation no;
(rndc-confgen -a) service named restart chkconfig named on ~~~
log ์๋ฒ
- ์ค์ (ํด๋ผ์ด์ธํธ)
/etc/rsyslog.conf .info @rhce - ์ค์ (์๋ฒ)
/etc/rsyslog.conf Provides UDP syslog reception $ModLoad imudp $UDPServerRun 514 Provides TCP syslog reception $ModLoad imtcp $InputTCPServerRun 514 - ์ฌ๊ตฌ๋
$ service rsyslogd restart - ๋ฐฉํ๋ฒฝ ์ค์
$ service iptables save $ vi /etc/sysconfig/iptables $ iptables -A INPUT -p tcp -m state --state NEW -m tcp --dport 514 -j ACCEPT $ iptables -A INPUT -p udp -m state --state NEW -m udp --dport 514 -j ACCEPT $ service iptables restart $ iptables -L - ํ
์คํธ
$ tail /var/log/messages
-
Linux Professional Instritute Certifiedย ↩