Академический Документы
Профессиональный Документы
Культура Документы
y z
{ |
} ~
~
ii
CONTENTS
CONTENTS
Contents
1
1.1 . . . . . .
1.2 . . .
1.3 NAT . . .
1.4
1.5
1.6 . . .
1.7 . .
.
.
.
.
.
.
.
1
1
1
2
3
4
5
5
2 SELinux
2.1 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
2.2 . . . . . . . . . . . . . . . . . . . . . . . . . . . .
2.3 SELinux Contexts . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
7
7
7
9
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
3 Netfilter
3.1 . . . . . . . . . .
3.2 firewall-cmd . . .
3.3 firewall . . . . . .
3.4 block zone . . . . . . .
3.5 firewall direct rules . .
3.6 firewall rich rules . . .
3.7 Masquerading and Port
3.8 Port Forwarding .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
13
13
15
15
17
19
22
24
26
.
.
.
.
29
29
30
31
32
5 Link Aggregation
5.1 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
5.2 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
5.3 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
35
35
35
38
4
4.1 . .
4.2
4.3 . .
4.4
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. . . . . . .
. . . . . . .
. . . . . . .
. . . . . . .
. . . . . . .
. . . . . . .
Forwarding
. . . . . . .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
iii
CONTENTS
6 IPv6
6.1 . . . . .
6.2 IPv6 . .
6.3 IPv6 . .
6.4 IPv6 . .
6.5 IPv6 ping .
CONTENTS
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
43
43
43
44
44
46
7 Email Transmission
7.1 . . . . . . .
7.2 *Postfix . .
7.3 *Dovecot . .
7.4 Null Client .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
51
51
52
53
54
.
.
.
.
.
.
.
.
59
59
59
63
64
65
69
71
72
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
75
75
75
85
88
90
93
95
97
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
113
113
114
116
118
120
122
124
.
.
.
.
.
.
.
11 Shell Script
127
11.1 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 127
11.2 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 128
De-Yu Wang CSIE CYUT
iv
CONTENTS
CONTENTS
11.3 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 130
11.4 (loop) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 131
11.5 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 132
12 iSCSI Storage
12.1 iSCSI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
12.2 Server Target . . . . . . . . . . . . . . . . . . . . . . . . . . . .
12.3 Client Initiator . . . . . . . . . . . . . . . . . . . . . . . . . . .
139
139
139
145
13 MariaDB
13.1 MariaDB . . .
13.2 MariaDB . . .
13.3 . . . .
13.4 *
13.5 . . . . .
13.6 . .
151
151
151
155
156
159
162
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
CHAPTER 1.
Chapter 1
1.1
1.
2. Linux
3. Linux
4. Linux
5.
6.
7.
8. LDAP YUM repository
NFS NTP ISCSI DNS
FTP . . .
1.2
1. Linux
(a) Linux
(b) Linux
(c)
De-Yu Wang CSIE CYUT
1.3. NAT
CHAPTER 1.
2. Linux
(a) E517
(b)
1.3
NAT
1. NAT ????
2. Linux WindowsHonda
3.
4.
(a)
(b)
(c)
(d)
(e)
(f)
5.
1.4.
CHAPTER 1.
1.4
1. GUI
3. virt-view
1
1.5.
CHAPTER 1.
4. Xwindow $XAUTHORITY
5. XAUTHORITY XAUTHORITY=~/.Xauthority
sudo
1.5
1.
1
2.
(a) q(quit)
(b) iscsi ISCSI
(c) halt
(d) reboot
(e) c(clear)
(f) l(lvm)
(g) rhcsaRHCSA
(h) rhceRHCE
(i) t(mounttest)
(j) k(kvmreboot) KVM
(k) v(kvmrevert) KVM
(l) s(servicerestart)
De-Yu Wang CSIE CYUT
1.6.
CHAPTER 1.
(m) vi1vi
(n) c1C
(o) lpvarshell
(p) c999C
(q) sh999Shell script
(r) hp(hostpatch)
1.6
1. Linux
2. Linux
3. RHCSA, RHCE
4.
1.7
1.
(a) E517 ?-?1-1
(b) IP 192.168.1.140
1
2.
De-Yu Wang CSIE CYUT
CHAPTER 1.
1.7.
(a) deyu.wang(192.168.122.0/24)my111.wang(192.168.111.0/24)
(b) server deyu.wang IP 192.168.122.1 192.168.111.1
(c) kvmX.deyu.wang IP 192.168.122.XX
5 7
(d) root 123qwe
(e)
1
IP Address:
Netmask:
3 Gateway:
Name server:
192.168.122.X
255.255.255.0
192.168.122.1
192.168.122.1
RPM
CHAPTER 2. SELINUX
Chapter 2
SELinux
2.1
(b) root
(c) 777
2.
(a)
(b)
777
(c) (NSA)
LinuxSELinux, Security-Enhanced LinuxLinux
3.
(a)
(b) WWW serverhttpdselinux/var/www
2.2
1. SELinux
2.2.
CHAPTER 2. SELINUX
2
4
6
8
10
12
14
2. SELinux
2
4
6
8
10
enabled
/sys/fs/selinux
/etc/selinux
targeted
enforcing
enforcing
enabled
allowed
28
3. SELinux
[root@kvm7
Enforcing
[root@kvm7
4 [root@kvm7
Permissive
6 [root@kvm7
[root@kvm7
8 Enforcing
~]# getenforce
~]# setenforce 0
~]# getenforce
~]# setenforce 1
~]# getenforce
2.3
CHAPTER 2. SELINUX
SELinux Contexts
1. Display Contexts
2.
1
3. httpd
1
CHAPTER 2. SELINUX
5. httpd
<html><head>
16 <title>403 Forbidden</title>
</head><body>
18 <h1>Forbidden</h1>
<p>You dont have permission to access /index.html
20 on this server.</p>
<hr>
22 <address>Apache/2.2.15 (CentOS) Server at 127.0.0.1 Port 80</
address>
</body></html>
7
9
11
13
10
CHAPTER 2. SELINUX
11
CHAPTER 2. SELINUX
12
CHAPTER 3. NETFILTER
Chapter 3
Netfilter
3.1
1. Linux netfilter
2. netfilter
13
3.1.
Zone name
trusted
home
internal
work
public
external
dmz
block
drop
CHAPTER 3. NETFILTER
Default configuration
home zone
ssh, ipp-client, or dhcpv6-client
ssh or dhcpv6-client
zone
ssh
IPv4 zone IP
IP
ssh
7.
(a) /etc/firewalld/
(b) firewall-config
(c) firewall-cmd
8. firewall-cmd TAB
firewall-cmd
14
3.2. FIREWALL-CMD
CHAPTER 3. NETFILTER
firewall-cmd
3.2
--get-default-zone
zone
--set-default-zone=<ZONE>
zone
--get-zones
zones
--get-active-zones
zones
zone
--add-source=<CIDR>
network/netmask
[--zone=<ZONE>]
zone
--remove-source=<CIDR>
zone network/net[--zone=<ZONE>]
mask CIDR
--add-interface=<INTERFACE>
[--zone=<ZONE>]
zone
--change-interface=<INTERFACE>
zone
[--zone=<ZONE>]
--list-all [--zone=<ZONE>]
zone
--list-all-zones
zones
--add-service=<SERVICE>
[--zone=<ZONE>]
--add-port=<PORT/PROTOCOL>
[--zone=<ZONE>]
--remove-service=<SERVICE>
zone
[--zone=<ZONE>]
--remove-port=<PORT/PROTOCOL>
zone
[--zone=<ZONE>]
--reload
2. TAB
firewall
3.3
15
3.3. FIREWALL
CHAPTER 3. NETFILTER
2. firewall
3. firewall
2
16
CHAPTER 3. NETFILTER
3.4
block zone
1. blcok zone IP (
192.168.122.0/24) IP block zone
2
2. block zone
1
3
5
7
9
3. firewall
17
CHAPTER 3. NETFILTER
2
5. kvm7 kvm5.deyu.wang
2
6. kvm7 kvm5.deyu.wang
7. firewall
2
18
CHAPTER 3. NETFILTER
9. kvm7 kvm5.deyu.wang
3.5
2. direct rules
1
19
CHAPTER 3. NETFILTER
5. kvm7 kvm5.deyu.wang
deyu.wang kvm7.deyu.wang kvm7.deyu.wang
deyu.wang kvm5.deyu.wang
1
6.
7. --permanent
--permanent
REJECT
2
20
CHAPTER 3. NETFILTER
1
9. kvm7 kvm5.deyu.wang
2
12.
21
3.6
CHAPTER 3. NETFILTER
rule
[source]
3
[destination]
service|port|protocol|icmp-block|masquerade|forward-port
5
[log]
[audit]
7
[accept|reject|drop]
4.
1
22
inet addr:192.168.122.1
:255.255.255.0
-virbr0:1
CHAPTER 3. NETFILTER
Bcast:192.168.122.255
Mask
Mask
8. virbr0:1
23
1
3.7
1. IP NAT (Forwarding)
(Masquerading) IP IP
24
3
5
7
9
11
3. httpd deyu.wang
http://kvm5.deyu.wang:5423 port forwarding
Port Forwarding 3.8
2
25
CHAPTER 3. NETFILTER
success
[root@kvm5 ~]# firewall-cmd --permanent --zone=public --listforward-ports
port=5423:proto=tcp:toport=80:toaddr=192.168.122.7
Port Forwarding
3.8
1
3. httpd
1
26
CHAPTER 3. NETFILTER
4. httpd
5. http://kvm5.deyu.wang
1
6. http://kvm5.deyu.wang:5423
port forwarding
2
7. deyu.wang http://kvm5.deyu.wang:5423
2
27
CHAPTER 3. NETFILTER
28
CHAPTER 4.
Chapter 4
4.1
1. Linux
2. / ls -al
2
4
6
8
10
12
14
16
18
20
22
[dywang@mdk-dyw
total 72
drwxr-xr-x
18
drwxr-xr-x
18
-rw-r--r-1
drwxr-xr-x
2
drwxr-xr-x
3
drwxr-xr-x
26
drwxr-xr-x
85
drwxr-xr-x
18
drwxr-xr-x
2
drwxr-xr-x
11
drwxr-xr-x
5
drwxr-xr-x
2
dr-xr-xr-x 179
-rw------1
drwx-----16
drwxr-xr-x
2
drwxr-xr-x
10
drwxrwxrwt
23
drwxr-xr-x
12
drwxr-xr-x
23
/]$ ls -al
root
root
root
root
root
root
root
root
root
root
root
root
root
root
root
root
root
root
root
root
adm
4096 Sep 16 11:11 ./
adm
4096 Sep 16 11:11 ../
root
0 Sep 16 11:11 .autofsck
root 4096 Sep 28 12:50 bin/
root 4096 Sep 16 11:11 boot/
root 14420 Oct 1 12:30 dev/
root 8192 Sep 29 12:59 etc/
root 4096 Sep 26 12:45 home/
root 4096 Sep 9 16:14 initrd/
root 4096 Sep 28 12:49 lib/
root 4096 Sep 29 12:59 mnt/
root 4096 Jan 5 2004 opt/
root
0 Sep 16 11:10 proc/
root 1024 Sep 9 13:06 .rnd
root 4096 Oct 1 13:13 root/
root 8192 Sep 28 12:50 sbin/
root
0 Sep 16 11:10 sys/
root 4096 Oct 1 13:13 tmp/
root 4096 Sep 9 13:15 usr/
root 4096 Sep 9 17:31 var/
29
CHAPTER 4.
4.2.
(b)
drwxr-xr-x
root
root
4096
Sep 16 11:11
boot
i. drwxr-xr-x 10
S
S
,
,
l
l
\\
4.2
1. chmod
chmod [ -R ] xyz
chmod [ -R ] u = r
g + w
4
o - x
a
6 chmod u=rwx,go=rx
chmod a-x
2
(a) xyz
r :
w :
x :
rwx
4
2
1
30
4.3.
CHAPTER 4.
4.3
1.
PATH
1
2. ls -l /home
./
x
2
3.
1
3
5
7
9
31
4.4.
CHAPTER 4.
5. test.sh PATH
1
3
5
7
9
11
13
15
4.4
1.
/etc/bashrc
1
2. /etc/bashrc qstat
1
3
5
7
9
32
4.4.
CHAPTER 4.
alias mv=mv -i
11 alias qstat=/bin/ps -Ao pid,tt,user,fname,rsz
alias rm=rm -i
13 alias which=alias | /usr/bin/which --tty-only --read-alias -
show-dot --show-tilde
3. qstat
1
4.
2
4
6
8
10
12
5. deyu1 qstat
2
4
6
8
10
12
14
33
4.4.
CHAPTER 4.
6. deyu1
2
34
Chapter 5
Link Aggregation
5.1
3. /
4.
5.2
1. nmcli
#nmcli con add type team con-name CNAME ifname INAME [config JSON
]
{"runner":{"name":"METHOD"}}
35
5.2.
1
TYPE
802-3-ethernet
802-3-ethernet
team
---
36
5.2.
ens3
fd802c64-e692-4eac-af3c-74bfd26d397f
802-3-ethernet
ens3
8.
37
5.3.
12. team0
1
5.3
1. kvm7.deyu.wang
[root@kvm7
Connection
Connection
4 [root@dywH
2
~]# reboot
to kvm7.deyu.wang closed by remote host.
to kvm7.deyu.wang closed.
~]#
2. kvm7.deyu.wang
38
5.3.
2
3. team0
1
3
5
7
9
11
13
15
17
5. team0 team0-port1
39
5.3.
1
40
5.3.
12. team0
41
5.3.
4
6
8
10
12
14
16
18
runner: activebackup
ports:
eth0
link watches:
link summary: up
instance[link_watch_0]:
name: ethtool
link: up
eth1
link watches:
link summary: up
instance[link_watch_0]:
name: ethtool
link: up
runner:
active port: eth0
42
CHAPTER 6. IPV6
Chapter 6
IPv6
6.1
4. IPv4 IPv6
(dual-stack)
5. IPv6 IPv4 IPv4/IPv6
NAT64RFC 6145 464XLATRFC 6877
6.2
IPv6
1. IPv6 128
(nibbles, half-bytes,
) 16 128
2001 0db8000000100000000000000001
2. IPv6
2001DB80100001
3. ::
2001DB8010 :: 1
4. 2001DB8 :: 00100001 IPV6
(a)
De-Yu Wang CSIE CYUT
43
6.3. IPV6
CHAPTER 6. IPV6
(b) ::
(c) :: :0: ::
(d) a f
5. IPV6 tcp udp port
[2001:db8:0:10::1]:80
6.3
IPv6
1. (network prefix) ID
(interface ID)
2. ID ID
3. IPv4IPv6 /64
ID 264
4. /48 16
216 = 65536
6.4
IPv6
44
6.4. IPV6
CHAPTER 6. IPV6
2. eth0
1
TYPE
802-3-ethernet
eth0
3. eth0 ipv6
1
3
5
7
9
11
13
15
45
CHAPTER 6. IPV6
1
5.
1
6. eth0 ipv6 ip
1
3
5
7
9
7. ping6 ping
1
--- 2001:ac18::135 ping statistics --3 packets transmitted, 3 received, 0% packet loss, time 2000ms
9 rtt min/avg/max/mdev = 0.050/0.058/0.068/0.011 ms
6.5
IPv6 ping
46
CHAPTER 6. IPV6
1
2. kvm7 eth0
2
TYPE
802-3-ethernet
eth0
17
47
CHAPTER 6. IPV6
17
6. kvm7
1
48
CHAPTER 6. IPV6
5
7
--- 2001:ac18::137 ping statistics --2 packets transmitted, 2 received, 0% packet loss, time 999ms
rtt min/avg/max/mdev = 0.293/0.327/0.362/0.038 ms
49
CHAPTER 6. IPV6
50
Chapter 7
Email Transmission
7.1
1. mutt
Web
2. Linux
Postfix /usr/sbin/sendmail SMTP
3. Null client
Null client
Null client
4. (SMTP)
(relay)
5. 25/tcp port
IP
7. DNS MX
SMTP 25/TCP port dywang@csie.cyut.edu.tw csie.cyut.edu.tw
DNS MX
mail.csie.cyut.edu.tw
8. POP3 IMAP Dovecot Cyrus
51
7.2. *POSTFIX
*Postfix
7.2
1. NULL Client
server
2. postfix
1
3.
1
4.
1
5.
1
6.
1
7. myhostname
root
postconf /etc/postfix/main.cf
mydestination=$myhostname ... postfix
1
8. deyu.wang kvm5.deyu.wang
kvm7.deyu.wang /etc/postfix/virtual_kvm
De-Yu Wang CSIE CYUT
52
7.3. *DOVECOT
1
10.
1
11. postfix
1
*Dovecot
7.3
3.
1
53
4.
1
5.
1
6. dovecot INBOX
mail euid is not dir owner dovecot
1
3
5
7. dovecot
8. dovecot
1
7.4
Null Client
1. Postfix RHEL/CentOS 7
/etc/postfix/main.cf vim Postfix
postconf Null client
De-Yu Wang CSIE CYUT
54
3
5
7
9
11
13
15
17
3.
55
5. relayhost DNS MX
server.deyu.wang
1
6. relayhost
1
7. deyu.wang
1
8. IPV4 IPV6
1
9. postfix
1
56
1
3
5
7
q:Quit
1
d:Del u:Undel
Sep 21 root
s:Save
?:Help
d:Del
r:Reply
- 1/1: root
11
"kvm5 null
"kvm5 null
"kvm5 null
"kvm5 null
"kvm5 null
"kvm5 null
"kvm5 null
57
58
Chapter 8
SMB File Shares
8.1
SMB
2. SMB
Windows
3.
Windows
4. SAMBA Linux Windows SMB (Server Message Block)
5. Samba SMB
6. SAMBA
(a) unix linux winows
(b)
(c) windows
8.2
SAMBA
1. samba
2. kvm5.deyu.wang /groupdir
59
8.2. SAMBA
1
5. /etc/samba/smb.conf DEYUGROUP
/groupdir common deyu.wang
deyu1 dywsmb hosts allow
.deyu.wang ip (192.168.122.)
2
4
6
8
10
12
14
16
18
60
8.2. SAMBA
20
22
24
26
28
30
32
34
36
6. /etc/samba/smb.conf
10
[global]
workgroup = DEYUGROUP
server string = Samba Server Version %v
14
log file = /var/log/samba/log.%m
max log size = 50
16
idmap config * : backend = tdb
cups options = raw
12
18
[homes]
comment = Home Directories
read only = No
22
browseable = No
20
24 [printers]
61
8.2. SAMBA
26
path = /var/spool/samba
printable = Yes
print ok = Yes
browseable = No
28
30
32
[common]
path = /groupdir
hosts allow = 192.168.122.
7. smb samba-client
1
9. deyu1 samba
1
10. samba
2
62
8.3.
ln -s /usr/lib/systemd/system/nmb.service /etc/systemd/system/
multi-user.target.wants/nmb.service
8.3
1. samba
1
2.
2
3. samba
2
4
6
8
10
63
8.4. SMB
SMB
8.4
1. kvm7.deyu.wang mount.cifs
cifs-utils
1
Sharename
Type
Comment
-----------------7
data
Disk
common
Disk
9
IPC$
IPC
IPC Service (Samba Server Version
4.1.12)
deyu1
Disk
Home Directories
11 Domain=[DEYUGROUP] OS=[Unix] Server=[Samba 4.1.12]
13
15
17
19
Server
--------KVM5
Comment
------Samba Server Version 4.1.12
Workgroup
--------DEYUGROUP
Master
------KVM5
64
8.5. SMB
1
5. /mnt/deyu1
2
4
6
8
10
[root@kvm7 ~]# df -h
Filesystem
/dev/mapper/vg_kvm7usb-root
devtmpfs
tmpfs
tmpfs
tmpfs
/dev/mapper/vg_kvm7home-vo
/dev/vda1
//kvm5.deyu.wang/common
Size
3.1G
487M
497M
497M
497M
74M
197M
3.1G
6. /mnt/deyu1
SMB
8.5
1. kvm5.deyu.wang /data
1
2. samba dywsmb
1
3. /data dywsmb
65
8.5. SMB
1
4. /data
1
6. /data () selinux
1
7. /etc/samba/smb.conf dywsmb
deyu.wang
1
8. /etc/samba/smb.conf
66
8.5. SMB
2
4
6
8
10
12 [global]
workgroup = DEYUGROUP
server string = Samba Server Version %v
log file = /var/log/samba/log.%m
max log size = 50
idmap config * : backend = tdb
cups options = raw
14
16
18
20 [homes]
22
24
[printers]
comment = All Printers
path = /var/spool/samba
28
printable = Yes
print ok = Yes
30
browseable = No
26
32 [common]
path = /groupdir
hosts allow = 192.168.122.
34
36 [data]
38
path = /data
write list = @dywsmb
hosts allow = 192.168.122.
67
8.5. SMB
68
8.6. SMB
SMB
8.6
1. kvm7.deyu.wang mount.cifs
cifs-utils
1
2. cifs
1
3. SMB /mnt/multi
1
3
5
7
9
11
5. deyu3
69
8.6. SMB
2
6. deyu3 /mnt/multi
2
7. cifscreds deyu3
2
70
8.7. SMB
SMB
8.7
1. /mnt/multi
3. /etc/fstab
1
71
[root@kvm7 ~]# df -h
Filesystem
/dev/mapper/vg_kvm7usb-root
devtmpfs
tmpfs
tmpfs
tmpfs
/dev/mapper/vg_kvm7home-vo
/dev/vda1
//kvm5.deyu.wang/data
Size
3.1G
487M
497M
497M
497M
74M
197M
3.1G
*
SMB
8.8
1. /mnt/multi
1
3.
1
******
4. smb
72
5. /etc/fstab cifs
1
6.
1
3
5
7
9
11
Size
3.1G
487M
497M
497M
497M
74M
197M
3.1G
73
74
Chapter 9
Network File System, NFS
9.1
NFS
1.
2. NFS
LDAP
NFS
9.2
*Kerberos KDC
75
4. NTP
DNS /etc/hosts HTTPS
DNS
1
5.
6. /var/kerberos/krb5kdc/kdc.conf EXAMPLE.COM
DEYU.WANG master_key_type = aes256-cts
[realms] default_principal_flags = +preauth
1
5
7
9
11
76
2
4
6
8
10
12 [libdefaults]
dns_lookup_realm = false
ticket_lifetime = 24h
renew_lifetime = 7d
forwardable = true
rdns = false
default_realm = DEYU.WANG
default_ccache_name = KEYRING:persistent:%{uid}
14
16
18
20
[realms]
DEYU.WANG = {
kdc = kvm5.deyu.wang
24
admin_server = kvm5.deyu.wang
}
22
26
[domain_realm]
28
.deyu.wang = DEYU.WANG
deyu.wang = DEYU.WANG
8. /var/kerberos/krb5kdc/kadm5.acl EXAMPLE.COM
realm DEYU.WANG
1
9. kerberos database
77
78
14. kerberos
15. kerberos
1
16. kerberos
1
1
79
10
12
14
16
18
80
10
12
14
16
18
81
10
12
(des3-cbc(arcfour(
(
(des-hmac(des-cbc
10
12
24. /etc/krb5.keytab
2
82
83
11
13
15
17
19
kadm5.acl
kdc.conf
principal
principal.kadm5
principal.kadm5.lock
principal.ok
84
NFS Server
9.3
1. nfs-utils
2. NFS
1
4. kerberos keytab
/etc/ krb5.keytab
1
85
/protected 192.168.122.0/24(rw,sync,sec=krb5p)
/public 192.168.122.0/24(ro,sync)
(d) sync
1
10. nfs
De-Yu Wang CSIE CYUT
86
1
1
6
8
Server...
Sep 21 20:04:10 kvm5.deyu.wang systemd[1]: Started Secure NFS
Server.
12
14
16
18
20
22
87
9.4. NFS
1
14. nfs
1
15. nfs
1
NFS
9.4
1. kerberos firewall
1
2. nfs firewall
88
9.4. NFS
2
3. rpc-bind firewall
2
4. mountd firewall
2
89
9.5
90
11
[libdefaults]
dns_lookup_realm = false
ticket_lifetime = 24h
15
renew_lifetime = 7d
forwardable = true
17
rdns = false
default_realm = DEYU.WANG
19
default_ccache_name = KEYRING:persistent:%{uid}
13
21 [realms]
DEYU.WANG = {
kdc = kvm5.deyu.wang
admin_server = kvm5.deyu.wang
}
23
25
27 [domain_realm]
29
.deyu.wang = DEYU.WANG
deyu.wang = DEYU.WANG
5. NFS principal
2
91
1
3
5
7
9
11
13
15
17
19
21
23
25
7. kerberos
1
kadmin:
quit
8. /etc/krb5.keytab
1
92
NFS Client
9.6
1. cifs-utils
1
3. nfs-secure
1
4. kvm5.deyu.wang NFS
1
5. kerberos keytab
/etc/ krb5.keytab
6.
1
93
8. nfs-secure.service
1
11.
1
3.1G
1.3G
1.7G
44% /mnt/
3.1G
1.3G
1.7G
44% /mnt/
94
NFS Client
9.7
11
13
15
17
19
2. deyu3
2
95
2
4
6
10
12
[deyu3@kvm7 ~]$ df
df: /mnt/nfssecure: Permission denied
Filesystem
1K-blocks
Used Available Use%
Mounted on
/dev/mapper/vg_kvm7usb-root
3159816 1122804
1856788 38% /
devtmpfs
498588
0
498588
0% /dev
tmpfs
508600
0
508600
0% /dev
/shm
tmpfs
508600
6736
501864
2% /run
tmpfs
508600
0
508600
0% /sys
/fs/cgroup
/dev/mapper/vg_kvm7home-vo
75231
1569
67928
3% /
home
/dev/vda1
201388 109264
92124 55% /
boot
//kvm5.deyu.wang/data
3159816 1131144
1848448 38% /mnt
/multi
kvm5.deyu.wang:/public
3159936 1131264
1848448 38% /mnt
/nfsmount
Valid starting
12/14/2015 19:31:25
WANG
Expires
12/15/2015 19:31:25
Service principal
krbtgt/DEYU.WANG@DEYU.
6. /mnt/nfssecure
2
[deyu3@kvm7 ~]$ df
Filesystem
Mounted on
1K-blocks
96
10
12
/dev/mapper/vg_kvm7usb-root
devtmpfs
tmpfs
/shm
tmpfs
tmpfs
/fs/cgroup
/dev/mapper/vg_kvm7home-vo
home
/dev/vda1
boot
//kvm5.deyu.wang/data
/multi
kvm5.deyu.wang:/public
/nfsmount
kvm5.deyu.wang:/protected
/nfssecure
3159816 1122804
498588
0
508600
0
1856788
498588
508600
38% /
0% /dev
0% /dev
2% /run
0% /sys
508600
508600
6736
0
501864
508600
75231
1569
67928
3% /
201388
109264
92124
55% /
3159816 1131144
1848448
38% /mnt
3159936 1131264
1848448
38% /mnt
3159936 1131264
1848448
38% /mnt
7. deyu3
NFSv4+kerberos
9.8
9.8.1
3
5
7
9
97
MKey: vno 1
23 Attributes:
Policy: [none]
10
12
3. keytab
98
11
9.8.2
1.
principal
nf-
99
principal
nf-
1
9.8.3
1. keytab
1
2
4
10
12
100
16
18
20
22
24
26
28
30
32
34
36
3. nfs
server
kvm5
/etc/krb5.keytab
s/kvm5.deyu.wang@DEYU.WANG keytab
De-Yu Wang CSIE CYUT
(aes128-cts
(des3-cbc(arcfour(
(
(des-hmac(des-cbc(aes256-cts
(aes128-cts
(des3-cbc(arcfour(
(
(des-hmac(des-cbc(aes256-cts
(aes128-cts
(des3-cbc(arcfour(
(
(des-hmac(des-cbc
principal
nf-
101
10
12
14
16
18
20
22
24
26
102
28
30
32
34
with kvno 2
with kvno 2
with kvno 2
with kvno 2
with kvno 2
with kvno 2
with kvno 2
with kvno 2
4. nfs
server
kvm5
/etc/kvm7.keytab
s/kvm7.deyu.wang@DEYU.WANG keytab
principal
nf-
10
12
14
103
18
20
22
24
26
28
30
32
34
with kvno 2
with kvno 2
with kvno 2
with kvno 2
with kvno 2
with kvno 2
with kvno 2
with kvno 2
with kvno 2
with kvno 2
with kvno 2
with kvno 2
with kvno 2
with kvno 2
with kvno 2
with kvno 2
with kvno 2
with kvno 2
104
10
12
14
16
18
105
10
12
14
16
18
106
10
12
14
16
18
20
22
24
26
28
30
32
(des3-cbc(arcfour(
(
(des-hmac(des-cbc(aes256-cts
(aes128-cts
(des3-cbc(arcfour(
(
(des-hmac(des-cbc(aes256-cts
(aes128-cts
(des3-cbc(arcfour(
(
(des-hmac(des-cbc(aes256-cts
(aes128-cts
(des3-cbc(arcfour-
107
34
36
hmac)
2 12/04/2015 20:08:51 nfs/kvm7.deyu.wang@DEYU.WANG
camellia256-cts-cmac)
2 12/04/2015 20:08:51 nfs/kvm7.deyu.wang@DEYU.WANG
camellia128-cts-cmac)
2 12/04/2015 20:08:51 nfs/kvm7.deyu.wang@DEYU.WANG
sha1)
2 12/04/2015 20:08:51 nfs/kvm7.deyu.wang@DEYU.WANG
md5)
/etc/krb5.keytab
(
(
(des-hmac(des-cbc
principal
nf-
1
3
11
108
9.8.4
1. keytab
1
2
4
10
12
14
109
16
18
20
22
24
26
28
3. nfs
server
kvm5
/etc/krb5.keytab
s/kvm5.deyu.wang@DEYU.WANG keytab
(des3-cbc(arcfour(
(
(des-hmac(des-cbc(aes256-cts
(aes128-cts
(des3-cbc(arcfour(
(
(des-hmac(des-cbc
principal
nf-
110
11
111
11
112
Chapter 10
Apache 2.4 HTTP Server
10.1
Apache HTTP
2. Apache HTTPD
PerlPythonTcl PHP
3. http 80/TCP port hhtps
443/tcp port TLS/SSL
4. CentOS 7 httpd 2.4 CentOS 6 httpd 2.2
httpd 2.4
5. 2.2 2.4
(a) apache 2.4
i.
1
ii.
1
iii. deyu.wang
1
113
10.2. HTTP
i. ip
1
Require ip 10.1.2.3
Require ip 192.168.1.140 192.168.1.141
ii. ip
2
Require ip 10.1
Require ip 10 172.20 192.168.2
iii. /
Require ip 10.1.0.0/255.255.0.0
iv. /
1
Require ip 10.1.0.0/16
http
10.2
1.
1
2. web.html
1
3. httpd deyu.wang IP
114
10.2. HTTP
1
4. httpd
2
5. deyu.wang kvm5.deyu.wang
1
7. hhtp https
2
115
10.3. * TLS
4
6
8
10
sources:
services: dhcpv6-client http https ssh
ports:
masquerade: no
forward-ports:
icmp-blocks:
rich rules:
8. deyu.wang kvm5.deyu.wang
10.3
*
TLS
1. HTTPS TLS
(a) 32
(b) 32
(c)
32 (session key)
(d)
116
10.3. * TLS
4. opensssl
5.
1
6. (Certification AuthorityCA)
1
[root@kvm5
[root@kvm5
3 [root@kvm5
[root@kvm5
5 [root@kvm5
~]#
~]#
~]#
~]#
~]#
7. (Certification AuthorityCA)
117
10.4. HTTPS
1
8. CA TLS
1
9.
1
HTTPS
10.4
1. mod_ssl
1
1
118
10.4. HTTPS
SSLCertificateFile /etc/pki/tls/certs/localhost.crt
SSLCertificateKeyFile /etc/pki/tls/private/localhost.key
SSLCertificateChainFile /etc/pki/tls/certs/server-chain.crt
3. http://dywang.csie.cyut.edu.tw/materials/kvm5.crt
http://dywang.csie.cyut.edu.tw/materials/kvm5.key
http://dywang.csie.cyut.edu.tw/materials/kvm5.pem
/etc/httpd/conf.d/ssl.conf
4. httpd
5. curl
https://kvm5.deyu.wang
server-chain.crt
1
6. kvm7.deyu.wang kvm5.pem
wget
119
1
8. firefox firefox
Trust this CA to identify websites
2
Edit Preferences
Advanced Certificates tab
View Certificates (Authorities) Import button
9. google chrome
chrome Trust this certificate for identify websites
Virtual Host
10.5
1
120
3
5
7
9
11
13
15
<VirtualHost *:@@Port@@>
ServerAdmin webmaster@dummy-host.example.com
DocumentRoot "@@ServerRoot@@/docs/dummy-host.example.com"
ServerName dummy-host.example.com
ServerAlias www.dummy-host.example.com
ErrorLog "/var/log/httpd/dummy-host.example.com-error_log"
CustomLog "/var/log/httpd/dummy-host.example.com-access_log"
common
</VirtualHost>
<VirtualHost *:@@Port@@>
ServerAdmin webmaster@dummy-host2.example.com
DocumentRoot "@@ServerRoot@@/docs/dummy-host2.example.com"
ServerName dummy-host2.example.com
ErrorLog "/var/log/httpd/dummy-host2.example.com-error_log"
CustomLog "/var/log/httpd/dummy-host2.example.com-access_log"
common
</VirtualHost>
3. httpd reload
4. www5.deyu.wang
www5.deyu.wang
De-Yu Wang CSIE CYUT
virtual.html
121
10.6.
1
5. deyu1 /var/www/virtual
10.6
1.
(a) dynamic5.deyu.wang
(b) 8989
(c) http://dywang.csie.cyut.edu.tw/materials/webapp.wsgi
2. mod_wsgi
122
10.6.
1
3
5
7
9
11
13
15
4. 8989/tcp port
1
6. httpd
1
7. webapp.wsgi /var/www/html/webapp.wsgi
1
8. kvm5.deyu.wang http://dynamic5.deyu.wang:8989/
De-Yu Wang CSIE CYUT
123
10.7.
2
9. kvm7.deyu.wang http://dynamic5.deyu.wang:8989/
1
10.7
1. kvm5.deyu.wang confidential
kvm5.deyu.wang
1
2. private.html confidential
1
3. httpd kvm5.deyu.wang
www5.deyu.wang host kvm5.deyu.wang ip
192.168.122.5
4. httpd
124
10.7.
5. kvm5.deyu.wang confidential
1
125
10.7.
126
Chapter 11
Shell Script
11.1
1. Shell Script
(a)
(b) shell (program)
(c) shell
(d)
(e) shell script
(f) shell
2. Shell scripts
Shell scripts
?
P
PP
PP
P
PP
PP
?Yes
No
3. shell scripts?
(a)
(b) Linux ( services )
/etc/init.d/ scripts
De-Yu Wang CSIE CYUT
127
11.2.
(c)
(d) command line
/etc/rc.d/rc.local
(e)
(f) Unix Like shell
script
(g) shell script
CPU
4. Scripts
(a)
(b) [tab]
(c) [Enter]
(d) \[Enter]
(e) #
5. shell.sh
(a) shell.sh (rx) ./shell.sh
(b) sh shell.sh
6. script #! shell
#
7. exit
8. exit n
11.2
1. test
1.
-e
-f
-d
-b
-c
-S
-p
-L
2.
() test -e filename
()
(file)()
(directory)()
block device
character device
Socket
FIFO (pipe)
test -r filename
128
11.2.
-r
-w
-x
-u
-g
-k
-s
3.
-nt
-ot
-ef
4.
-eq
-ne
-gt
-lt
-ge
-le
5.
test
test
test
test
6.
-a
-z string
-n string
str1 = str2
str1 != str2
-o
!
SUID
SGID
Sticky bit
0 string true
0 string false
str1 str2 true
str1 str2 false
test -r filename -a -x filename
(and) test -r file -a -x file
file r x true
(or) test -r file -o -x file
file r x true
test ! -x file file x true
2. [ ] $HOME
1
3. [ ]
1
[ "$HOME" == "$MAIL" ]
["$HOME"=="$MAIL"]
129
11.3.
1
/path/to/scriptname
$0
opt1
$1
opt2
$2
opt3
$3
opt4
$4
...
...
3
5
11.3
1. if ... then
1
3
if [ ]; then
fi
2.
1
&& AND
|| OR
if [ ]; then
else
4
fi
if [ ]; then
elif [ ]; then
else
fi
130
11.4. (LOOP)
case $ in
"")
;;
### (;;)
"")
5
7
;;
*)
exit 1
;;
11
esac
(loop)
11.4
2
4
while [ condition ]
do
done
2. until....do....done condition
2
4
until [ condition ]
do
done
3. for...do...done
2
4
for (( ; ; ))
do
done
131
11.5.
4. for
(a) i=1
(b)
i<=100
(c) i=i+1
5.
2
done
$var con1
$var con2
8
$var con3
....
6
11.5
11.5.1
1. /root/mkusers.sh
kvm5.deyu.wang
(a)
(b)
Usage: /root/mkusers.sh <userfile>
(c)
Input file not found
(d) shell /bin/false
(e)
(f) http://dywang.csie.cyut.edu.tw/materials/ulist.txt
(g)
2.
1
132
11.5.
3.
4.
2
4
6
8
10
12
14
5.
2
4
6
8
10
12
14
133
11.5.
6.
7. 1 0
1
8. 2
0
9. ulist.txt
10. ulist.txt 0
1
11. ulist.txt
1
134
11.5.
11.5.2
1. /root/program
(a) /root/program kernel user stdout
(b) /root/program user kernel stdout
(c) /root/program user kernel
stderr
/root/program kerneluser
2. /root/program
1
3.
1
4.
1
#!/bin/bash
135
11.5.
7
else
fi
exit 0
5.
#!/bin/bash
2
4
6
8
10
12
14
case "$1" in
"kernel")
echo user
;;
"user")
echo kernel
;;
*)
echo "/root/program kernel|user" >&2
;;
esac
exit 0
6.
9. /root/program stderr
/dev/null stderr
stdout
De-Yu Wang CSIE CYUT
136
11.5.
2
137
11.5.
138
Chapter 12
iSCSI Storage
12.1
iSCSI
6. iSCSI
12.2
Server Target
1.
De-Yu Wang CSIE CYUT
139
2. target
1
3. target
4. 3260/tcp port
1
5.
2
6. 3260/tcp port
2
4
6
8
10
7. /dev/vda
De-Yu Wang CSIE CYUT
140
8. /dev/vda lvm
1
Device Boot
/dev/vda1
*
19 /dev/vda2
/dev/vda3
Start
2048
411648
7579648
End
411647
7579647
7845887
Blocks
204800
3584000
133120
Id
83
8e
8e
System
Linux
Linux LVM
Linux LVM
21
p
primary (3 primary, 0 extended, 1 free)
e
extended
Select (default e): e
27 Selected partition 4
First sector (7845888-8388607, default 7845888):
29 Using default value 7845888
Last sector, +sectors or +size{K,M,G} (7845888-8388607, default
8388607):
31 Using default value 8388607
Partition 4 of type Extended and of size 265 MiB is set
25
33
141
8388607): +100M
Partition 5 of type Linux and of size 100 MiB is set
41
Device Boot
/dev/vda1
*
53 /dev/vda2
/dev/vda3
55 /dev/vda4
/dev/vda5
Start
2048
411648
7579648
7845888
7847936
End
411647
7579647
7845887
8388607
8052735
Blocks
204800
3584000
133120
271360
102400
Id
83
8e
8e
5
83
System
Linux
Linux LVM
Linux LVM
Extended
Linux
57
9. partprobe
1
142
1
/>
143
17. 0.0.0.0:3260
1
19.
/> ls
o- /
.....................................................................
[...]
o- backstores
..........................................................
[...]
4
| o- block .............................................. [
Storage Objects: 1]
| | o- kvm5.disk1 ... [/dev/iscsi_vg/iscsi_vol (12.0MiB) writethru activated]
2
144
10
12
14
16
18
| o- fileio ............................................. [
Storage Objects: 0]
| o- pscsi .............................................. [
Storage Objects: 0]
| o- ramdisk ............................................ [
Storage Objects: 0]
o- iscsi
........................................................ [
Targets: 1]
| o- iqn.2015-08.wang.deyu:kvm5
.................................... [TPGs: 1]
|
o- tpg1 ........................................... [no-gen
-acls, no-auth]
|
o- acls
...................................................... [ACLs
: 1]
|
| o- iqn.2015-08.wang.deyu:kvm7 ....................... [
Mapped LUNs: 1]
|
|
o- mapped_lun0 ........................ [lun0 block/
kvm5.disk1 (rw)]
|
o- luns
...................................................... [LUNs
: 1]
|
| o- lun0 ................. [block/kvm5.disk1 (/dev/
iscsi_vg/iscsi_vol)]
|
o- portals
................................................ [Portals:
1]
|
o- 192.168.122.5:3260
........................................... [OK]
o- loopback
..................................................... [
Targets: 0]
20. targetcli
1
/> exit
Global pref auto_save_on_exit=true
3 Last 10 configs saved in /etc/target/backup.
Configuration saved to /etc/target/saveconfig.json
Client Initiator
12.3
145
2. iscsi iscsid
1
3. iscsi iscsid
5. iscsi iscsid
1
7. iqn.2015-08.wang.deyu:kvm5
146
8. sda
1
3
5
7
9
6
8
Device Boot
Start
End
Blocks
Id
System
20
22
24
26
28
147
+10M
Partition 1 of type Linux and of size 10 MiB is set
32
Device Boot
/dev/sda1
Start
1
End
20481
Blocks
10240+
Id
83
System
Linux
44
Syncing disks.
12. /mnt/data
1
_netdev
0 0
148
14. /etc/fstab
1
8.7M
172K
7.9M
3% /mnt/
149
150
Chapter 13
MariaDB
MariaDB
13.1
1. RHEL/CentOS 7
(a) PostgreSQLPostgreSQL /
PostgreSQL
BSD
PostgreSQL
ISO-SQL
(OSS) (ORDBMS)
(b) MariaDB MySQL MySQL
(alternate storage
engines)
MariaDB
13.2
1.
1
2. mariadb
1
3. mysql
De-Yu Wang CSIE CYUT
151
13.2. MARIADB
4. mariadb
*:*
users:(("mysqld"
6. [mysqld] skip-networking=1
7. mariadb
8. mariadb listen
1
152
13.2. MARIADB
In order to log into MariaDB to secure it, well need the current
password for the root user. If youve just installed MariaDB,
and
9 you havent set the root password yet, the password will be blank
,
so you should just press enter here.
11
MariaDB
root user without the proper authorisation.
17
. This
ensures that someone cannot guess at the root password from the
network.
37
39
anyone can
access. This is also intended only for testing, and should be
removed
153
13.2. MARIADB
47
49
51 Reloading the privilege tables will ensure that all changes made
so far
will take effect immediately.
53
55
57 Cleaning up...
59 All done!
61
+--------------------+
|
+--------------------+
14 | information_schema |
12 | Database
154
13.3.
| mysql
16 | performance_schema |
+--------------------+
18 3 rows in set (0.00 sec)
20 MariaDB [(none)]> exit
Bye
13.3
1. Contacts
1
2. Contacts
1
3.
1
4. staff.mdb Contacts
1
5. Contacts staff
1
155
13.4. *
6. Contacts staff
2
4
6
8
10
13.4
1.
1
2. Contacts
3. Contacts
2
156
13.4. *
4. Contacts staff
5. staff
2
| Type
| Null | Key | Default | Extra
|
4 +-----------+-------------+------+-----+---------+----------------+
| id
| int(11)
| NO
| PRI | NULL
| auto_increment
|
6 | firstname | varchar(40) | NO
|
| NULL
|
|
| lastname | varchar(40) | NO
|
| NULL
|
|
8 | password | varchar(40) | NO
|
| NULL
|
|
| pid
| int(11)
| NO
|
| NULL
|
|
10 +-----------+-------------+------+-----+---------+----------------+
5 rows in set (0.00 sec)
6. Contacts staff
1
7. staff
De-Yu Wang CSIE CYUT
157
13.4. *
1
3
5
7
9
8. staff
2
4
6
8
10
12
9.
158
13.5.
3
13.5
1. root mysql
1
2. root mysql
3. mysql
1
159
13.5.
Database changed
4. dywang qweqwe
1
6. FLUSH PRIVILEGES
2
7. dywang
Contacts
select
8. select dywang
De-Yu Wang CSIE CYUT
160
13.5.
1
3
5
7
9
11
13
15
17
19
21
23
25
27
29
31
33
35
37
39
41
43
45
161
13.6.
1
3
5
7
9
11
13
15
17
19
21
23
25
27 MariaDB [(none)]>
10.
1
13.6
1. MariaDB
162
13.6.
8
2. Contacts
2
Database changed
3. Contacts
1
3
5
7
9
4. Contacts User_Names
1
3
5
7
9
5. Contacts User_Logins
1
163
13.6.
| id
| int(11)
| NO
| MUL | NULL
|
|
| User_Login | varchar(25) | YES |
| NULL
|
|
7 | User_Pass | varchar(35) | YES |
| NULL
|
|
+------------+-------------+------+-----+---------+-------+
9 3 rows in set (0.00 sec)
6. Contacts User_Contacts
1
3
5
7
9
11
7. Contacts user_id, id
id
first_name John
1
8. user_id, id User_Contacts
Email
| Telephone
164
13.6.
4
+------+-------------+---------------------+-----------------+-----------------+
10 MariaDB [Contacts]>
9.
JOIN first_name=John Cupertino
10. count(*)
1
3
5
7
9
165
13.6.
14.
1
166