郭進電腦使用筆記

2020年9月19日星期六

CentOS8 參照 2015年7月3日 CentOS7練習

此篇已經重新謄錄完成!!

可以作廢。

HostOS：
windows10
192.168.2.100

若無法 ping ：

控制台\系統及安全性\Windows Defender 防火牆-->進階設定-->輸入規則

啟用檔案及印表機共用(回應要求-ICMPv4-IN) 設定檔：私人 -->啟用規則

GuestOS：
CentOS8
192.168.2.103

# ping 192.168.2.100
PING 192.168.2.100 (192.168.2.100) 56(84) bytes of data.
64 bytes from 192.168.2.100: icmp_seq=1 ttl=128 time=0.367 ms

----------------------------------------------- 啟用網卡

# ip addr

# ip -s link

# ip link set ens33 up //啟用網路介面卡 up：開 down：關

# nmcli device status

DEVICE TYPE STATE CONNECTION

ens33 ethernet 已連線 ens33

lo loopback 不受管理 --

# nmcli device connect ens33 //啟用網卡停用網卡：disconnect

裝置「ens33」已成功以「9cb77588-c78e-40b0-acbe-3be164c3e385」啟用。

# nmtui //啟用連線

----------------------------------------------- 路由

# ip route | column -t

default via 192.168.2.1 dev ens33 proto static metric 100

192.168.2.0/24 dev ens33 proto kernel scope link src 192.168.2.103 metric 100

# ip route | column -t > kkRouteTable.txt

# ls

kkRouteTable.txt

# cat kkRouteTable.txt

# ip -6 route | column -t //IPv6 Route Table

::1 dev lo proto kernel metric 256 pref medium

fe80::/64 dev ens33 proto kernel metric 100 pref medium

# tracepath 168.95.1.1 //traceroute

# ss -antp |column -t //對應 netstat -antp

# ss -t

-----------------------------------------------

# systemctl list-unit-files //查詢服務啟動或是關閉狀態，以檔名顯示

# systemctl list-units //查詢目前所有已啟動的服務
UNIT LOAD ACTIVE SUB DESCRIPTION
...
crond.service loaded active running Command Scheduler

...
firewalld.service loaded active running firewalld - dynamic firew>
...
NetworkManager.service loaded active running Network Manager
...
sshd.service loaded active running OpenSSH server daemon
...

# systemctl status firewalld.service
● firewalld.service - firewalld - dynamic firewall daemon
Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; vendor preset: enabled)
Active: active (running) since Tue 2020-03-03 07:47:29 CST; 1h 40min ago

# systemctl stop firewalld.service //立即停止xxx.service

# systemctl start firewalld.service //立即啟動xxx.service

# systemctl is-active firewalld.service

active

# systemctl disable firewalld.service //設定開機不啟動xxx.service

# systemctl enable firewalld.service //設定開機啟動xxx.service

# chkconfig firewalld off //設定 firewalld 開機時不要啟動

# chkconfig firewalld on //設定 firewalld 開機時啟動，且不加.service

# systemctl is-enabled firewalld.service

enabled

-----------------------------------------------

# sestatus
SELinux status: enabled
SELinuxfs mount: /sys/fs/selinux
SELinux root directory: /etc/selinux
Loaded policy name: targeted
Current mode: enforcing
...

# vi /etc/sysconfig/selinux //關閉SELINUX

...

SELINUX=disabled
...

-----------------------------------------------

# journalctl //日誌檢視說明
# journalctl -n10 //列出最後10行資料
# journalctl -xn //列出最後事件，並提供相關解決問題資訊

# journalctl --follow //持續列出最後10行事件記錄
-- Logs begin at Tue 2020-03-03 07:47:06 CST. --
3月 03 09:31:32 Ku.CentOS8 systemd[1]: Stopped firewalld - dynamic firewall daemon.

...

# tail -n 10 -f /var/log/messages
Mar 3 09:31:43 kk systemd[1]: Stopping firewalld - dynamic firewall daemon...
Mar 3 09:31:44 kk systemd[1]: Stopped firewalld - dynamic firewall daemon.

-----------------------------------------------

(一)使用者的設定

# whereis ls
ls: /usr/bin/ls /usr/share/man/man1/ls.1.gz

# crontab -e
53 07 * * * /usr/bin/ls

# crontab -l
53 07 * * * /usr/bin/ls

# cat /var/spool/cron/root
53 07 * * * /usr/bin/ls

# journalctl -n 10
...

3月 04 07:51:52 Ku.CentOS8 crontab[1733]: (root) BEGIN EDIT (root)

3月 04 07:52:43 Ku.CentOS8 crontab[1733]: (root) REPLACE (root)

3月 04 07:52:43 Ku.CentOS8 crontab[1733]: (root) END EDIT (root)

3月 04 07:53:01 Ku.CentOS8 crond[967]: (root) RELOAD (/var/spool/cron/root)

3月 04 07:53:01 Ku.CentOS8 systemd[1]: Started Session 3 of user root.

3月 04 07:53:01 Ku.CentOS8 CROND[1737]: (root) CMD (/usr/bin/ls )

...

# cat /var/log/cron
...
Mar 4 07:51:52 Ku crontab[1733]: (root) BEGIN EDIT (root)
Mar 4 07:52:43 Ku crontab[1733]: (root) REPLACE (root)
Mar 4 07:52:43 Ku crontab[1733]: (root) END EDIT (root)
Mar 4 07:53:01 Ku crond[967]: (root) RELOAD (/var/spool/cron/root)
Mar 4 07:53:01 Ku CROND[1737]: (root) CMD (/usr/bin/ls )

...

# tail /var/log/cron
...

(二)系統的設定檔

# vi /etc/crontab
SHELL=/bin/bash
PATH=/sbin:/bin:/usr/sbin:/usr/bin
MAILTO=root

# For details see man 4 crontabs

# Example of job definition:
# .---------------- minute (0 - 59)
# | .------------- hour (0 - 23)
# | | .---------- day of month (1 - 31)
# | | | .------- month (1 - 12) OR jan,feb,mar,apr ...
# | | | | .---- day of week (0 - 6) (Sunday=0 or 7) OR sun,mon,tue,wed,thu,fri,sat
# | | | | |
# * * * * * user-name command to be executed

00 08 * * * root /usr/bin/ls

# systemctl list-units
UNIT LOAD ACTIVE SUB DESCRIPTION
proc-sys-fs-binfmt_misc.automount loaded active waiting Arbitrary Executable >
...
crond.service loaded active running Command Scheduler
...
firewalld.service loaded active running firewalld - dynamic firewall daemon
...
NetworkManager.service loaded active running Network Manager
...
sshd.service loaded active running OpenSSH server daemon

# systemctl restart crond

# tail /var/log/cron
...
Mar 5 08:00:01 Ku crond[974]: (*system*) RELOAD (/etc/crontab)
Mar 5 08:00:01 Ku CROND[1765]: (root) CMD (/usr/bin/ls)
Mar 5 08:00:01 Ku CROND[1764]: (root) CMDOUT (anaconda-ks.cfg)
Mar 5 08:00:01 Ku CROND[1764]: (root) CMDOUT (kkRouteTable.txt)
...

# journalctl -n 10
-- Logs begin at Thu 2020-03-05 07:42:10 CST, end at Thu 2020-03-05 08:01:01 CS>
3月 05 08:00:01 Ku.CentOS8 crond[974]: (*system*) RELOAD (/etc/crontab)
3月 05 08:00:01 Ku.CentOS8 CROND[1765]: (root) CMD (/usr/bin/ls)
3月 05 08:00:01 Ku.CentOS8 CROND[1764]: (root) CMDOUT (anaconda-ks.cfg)
3月 05 08:00:01 Ku.CentOS8 CROND[1764]: (root) CMDOUT (kkRouteTable.txt)

...

-----------------------------------------------

# date
四 3月 5 11:06:39 CST 2020

// 更改日期間： MMDDhhmmYYYY 月日時分年
# date 040608302020
一 4月 6 08:30:00 CST 2020

//查看 BIOS 時間
# hwclock -r
2020-03-05 11:13:12.171152+08:00

//將電腦日期時間寫入到 BIOS 時間
# hwclock -w

-----------------------------------------------

-----------------------------------------------

-----------------------------------------------

-----------------------------------------------

-----------------------------------------------

-----------------------------------------------

-----------------------------------------------

Python 程式設計

Ch1 認識 Python
1-1

CentOS8 Apache

-------------------------------------------------

// DNF is the next upcoming major version of YUM, a package manager for
RPM-based Linux distributions.
# dnf -y install httpd

# rpm -qa | grep httpd
httpd-tools-2.4.37-16.module_el8.1.0+256+ae790463.x86_64
centos-logos-httpd-80.5-2.el8.noarch
httpd-2.4.37-16.module_el8.1.0+256+ae790463.x86_64
httpd-filesystem-2.4.37-16.module_el8.1.0+256+ae790463.noarch

//執行檔
# ls /usr/sbin | grep httpd
httpd

//設定檔

# ls /etc/httpd/conf

httpd.conf

//站台預設跟目錄

# ls /var/www/

html

# systemctl start httpd.service

# systemctl enable httpd.service

# systemctl status httpd.service

//displays information about a selection of the active processes.
//To see every process on the system using BSD syntax:
# ps -axu | grep httpd
root 958 0.0 0.5 280208 10988 ? Ss 14:30 0:00 /usr/sbin/httpd -DFOREGROUND
apache 991 0.0 0.4 292424 8252 ? S 14:30 0:00 /usr/sbin/httpd -DFOREGROUND

...

# ls /usr/lib/systemd/system | grep httpd
httpd.service
httpd@.service
httpd.service.d
httpd.socket
httpd.socket.d

# firewall-cmd --state

running

# firewall-cmd --get-service | grep http

# ls /usr/lib/firewalld/services/ | grep http

https.xml

http.xml

wbem-https.xml

wbem-http.xml

# firewall-cmd --permanent --zone=public --add-service=http
# firewall-cmd --reload

# firewall-cmd --zone=public --list-all
public (active)
target: default
icmp-block-inversion: no
interfaces: ens32
sources:
services: cockpit dhcpv6-client http ssh

...

HostOS
http://192.168.1.4/

-------------------------------------------------設定虛擬目錄 Alias-------在其他的系統目錄 /opt

# ls -l /
...
drwxr-xr-x. 2 root root 6 5月 11 2019 opt
...

# mkdir /opt/web

# echo Hello Alias > /opt/web/index.html

# ls -l /opt
drwxr-xr-x. 2 root root 24 3月 26 14:59 web

# ls -l /opt/web/
-rw-r--r--. 1 root root 12 3月 26 14:59 index.html

# vi /etc/httpd/conf/httpd.conf

...

Alias /kk1web /opt/web

Require all granted

</Directory>

# systemctl restart httpd.service

HostOS

http://192.168.1.4/kk1web/
Hello Alias

-------------------------------------------------設定虛擬目錄 Alias-------在 /home

# vi /var/www/html/1.html
This is /var/www/html/1.html

HostOS
http://192.168.1.4/1.html
This is /var/www/html/1.html

# mkdir /home/web

# vi /home/web/1.html
This is One Web on /home/web

# vi /etc/httpd/conf/httpd.conf

...

Alias /web01 /home/web

Require all granted

</Directory>

# systemctl restart httpd.service

HostOS

http://192.168.1.4/web01/1.html

Forbidden
You don't have permission to access /web01/1.html on this server.

# tail -1 /var/log/httpd/error_log
[Thu Mar 26 15:15:25.107073 2020] [core:error] [pid 2426:tid 139987941058304] (13)Permission denied: [client 192.168.1.2:52012] AH00132: file permissions deny server access: /home/web/1.html

# ls -Z /var/www

system_u:object_r:httpd_sys_content_t:s0 html

# ls -Z /var/www/html

unconfined_u:object_r:httpd_sys_content_t:s0 1.html

# ls -Z /

...

system_u:object_r:usr_t:s0 opt

# ls -Z /home

unconfined_u:object_r:user_home_dir_t:s0 web

# ls -Z /home/web/

unconfined_u:object_r:user_home_t:s0 1.html

# chcon -t httpd_sys_content_t /home/web

# ls -Z /home

unconfined_u:object_r:httpd_sys_content_t:s0 web

2020年4月21日星期二

CentOS8 Samba

https://technowikis.com/6772/how-to-install-samba-on-centos-8

++++++++++++++++++++++++++++++++++++ For User /home/user (xxx 有問題 xxx)

# dnf -y install samba samba-client

# systemctl enable smb.service
# systemctl start smb.service

# firewall-cmd --permanent --zone=public --add-service=samba
# firewall-cmd --reload

# useradd kk5
# smbpasswd -a kk5

# chcon -t samba_share_t /home/kk5/
# setsebool -P samba_enable_home_dirs on

# vi /etc/samba/smb.conf
...
[global]
workgroup = WORKGROUP
server string = Samba Server% v
netbios name = centos8
map to guest = bad user
dns proxy = no

security = user
passdb backend = tdbsam
printing = cups
printcap name = cups
load printers = yes
cups options = raw

...

# systemctl restart smb.service

++++++++++++++++++++++++++++++++++++ For Rigestered User
# dnf -y install samba samba-client

# systemctl enable smb.service
# systemctl start smb.service

#firewall-cmd --permanent --zone=public --add-service=samba
#firewall-cmd --reload

------------------------------------
# useradd -M kk1 -s /sbin/nologin
------------------------------------

#useradd solvetic_samba
#groupadd smbgrp
#usermod -a -G smbgrp solvetic_samba
#smbpasswd -a solvetic_samba

#mkdir -p /home/secure

------------------------------------ 只要 smbgrp 群組皆可
#chown -R kk2:smbgrp /home/secure/
------------------------------------

#chown -R solvetic_samba:smbgrp /home/secure/
#chmod -R 0770 /home/secure/
#chcon -t samba_share_t /home/secure/

# vi /etc/samba/smb.conf
...
[global]
workgroup = WORKGROUP
server string = Samba Server% v
netbios name = centos8
map to guest = bad user
dns proxy = no

security = user

passdb backend = tdbsam

printing = cups
printcap name = cups
load printers = yes
cups options = raw

...

//write list 是可以進入這個資料夾的使用者清單，@users 代表所有 SAMBA 使用者。

[Secure]

path = /home/secure

valid users = @smbgrp

browsable = yes

writable = yes

guest ok = no

# systemctl restart smb.service

HostOS
\\192.168.1.4
登入、新增文件

# ls /home/secure/
檢查新增的文件是否正常

++++++++++++++++++++++++++++++++++++For Anonymous

# dnf -y install samba samba-client

# rpm -qa | grep samba
samba-client-libs-4.10.4-101.el8_1.x86_64
samba-common-4.10.4-101.el8_1.noarch
samba-common-libs-4.10.4-101.el8_1.x86_64
samba-common-tools-4.10.4-101.el8_1.x86_64
samba-4.10.4-101.el8_1.x86_64
samba-libs-4.10.4-101.el8_1.x86_64
samba-client-4.10.4-101.el8_1.x86_64

# ls /usr/lib/systemd/system

...

smb.service

...

# systemctl enable smb.service

# systemctl start smb.service

# firewall-cmd --permanent --zone=public --add-service=samba

# firewall-cmd --reload

# mkdir -p /anonymous

# chmod -R 0755 /anonymous

# chown -R nobody:nobody /anonymous

# chcon -t samba_share_t /anonymous //change file SELinux security context

# vi /etc/samba/smb.conf
...

//global 是關於 samba server 的設定

//security = user 代表需要帳戶密碼登入，使用者是 Linux 使用者，密碼則要另外設定一組 Samba 用的密碼。

[global]
workgroup = WORKGROUP
server string = Samba Server% v
netbios name = centos8
map to guest = bad user
dns proxy = no

security = user

passdb backend = tdbsam

printing = cups
printcap name = cups
load printers = yes
cups options = raw

//homes 是對應 Linux 使用者的 home 資料夾，若有一個 linux 使用者 test123 登入了 samba，將會看到一個名為 test123 的資料夾，這個資料夾就代表 /home/test123
//browseable 代表其他使用者是否能看到這個資料夾
//writable 代表對此資料夾具有存取權的使用者的是否可以寫入檔案，否則唯讀
//create mode 代表使用者建立的檔案權限(linux 檔案權限)
//directory mode 代表使用者建立的目錄權限(linux 目錄權限)
[homes]
comment = Home Directories
valid users = %S, %D%w%S
browseable = No
read only = No
inherit acls = Yes

...

//[Anonymous] 會建立一個 public 資料夾(Samba上顯示的資料夾)

//path 要指向主機上的目錄，要注意的是這個目錄需要讓所有使用者都有存取權，將權限設定給 SAMBA 群組可能是個好主意。

//write list 是可以進入這個資料夾的使用者清單，@users 代表所有 SAMBA 使用者。

//若不需要共享的資料夾，將 [samba分享] 這部分設定刪除即可。

[Anonymous]

path = /anonymous

browsable = yes

writable = yes

guest ok = yes

read only = no

# systemctl restart smb.service

HostOS

\\192.168.1.4

++++++++++++++++++++++++++++++++++++ By rigestered users

# adduser -M smb -s /sbin/nologin
# smbpasswd -a smb
New SMB password: //123456
Retype new SMB password:
Added user smb.

---------------------------------------------
# getsebool -a | grep samba
# setsebool samba_enable_home_dirs on

# vi /etc/samba/smb.conf

...

//global 是關於 samba server 的設定

//security = user 代表需要帳戶密碼登入，使用者是 linux 使用者，密碼則要另外設定一組 Samba 用的密碼。

[global]
workgroup = SAMBA
security = user

map to guest = bad user
passdb backend = tdbsam

printing = cups
printcap name = cups
load printers = yes
cups options = raw

//homes 是對應 linux 使用者的 home 資料夾，若有一個 linux 使用者 test123 登入了 samba，將會看到一個名為 test123 的資料夾，這個資料夾就代表 /home/test123
browseable 代表其他使用者是否能看到這個資料夾
writable 代表對此資料夾具有存取權的使用者的是否可以寫入檔案，否則唯讀
create mode 代表使用者建立的檔案權限(linux 檔案權限)
directory mode 代表使用者建立的目錄權限(linux 目錄權限)

[homes]
comment = Home Directories
valid users = %S, %D%w%S
browseable = No
read only = No
inherit acls = Yes

...

//[samba分享] 會建立一個 public 資料夾(Samba上顯示的資料夾)

path 要指向主機上的目錄，要注意的是這個目錄需要讓所有使用者都有存取權，將權限設定給 SAMBA 群組可能是個好主意。

write list 是可以進入這個資料夾的使用者清單，@users 代表所有 SAMBA 使用者。

若不需要共享的資料夾，將 [samba分享] 這部分設定刪除即可。

[samba分享]

comment = Public Directories

path = /samba

browseable = Yes

writable = Yes

create mode = 0664

directory mode = 0775

write list = @users

guest only = yes

# getsebool -a | grep samba

...

use_samba_home_dirs --> off

virt_use_samba --> off

# setsebool -P samba_enable_home_dirs on

//change file SELinux security context

# chcon -R -t samba_share_t /samba

# systemctl start smb.service

# systemctl is-active smb.service

active

# systemctl status smb.service

● smb.service - Samba SMB Daemon

Loaded: loaded (/usr/lib/systemd/system/smb.service; disabled; vendor preset: disabled)

Active: active (running) since Mon 2020-04-06 09:03:17 CST; 21s ago

...

# systemctl enable smb.service

Created symlink /etc/systemd/system/multi-user.target.wants/smb.service → /usr/lib/systemd/system/smb.service.

# systemctl is-enabled smb.service

enabled

# firewall-cmd --info-service samba

samba

ports: 137/udp 138/udp 139/tcp 445/tcp

protocols:

source-ports:

modules: netbios-ns

destination:

includes:

# firewall-cmd --permanent --zone=public --add-service=samba

success

# firewall-cmd --zone=public --list-all

public (active)

target: default

icmp-block-inversion: no

interfaces: ens32

sources:

services: cockpit dhcpv6-client samba ssh

# firewall-cmd --list-services

cockpit dhcpv6-client samba ssh

# firewall-cmd --reload

success

# mkdir /samba

# chmod -R 755 /samba
# chown -R nobody:nobody /samba

# systemctl restart smb.service

# groupadd samba

# useradd kk1
# passwd kk1

# usermod -a -G samba kk1
# pdbedit -a -u kk1

# adduser -M SambaUser -s /sbin/nologin

# cat /etc/group

SambaUser:x:1002:

# cat /etc/passwd
SambaUser:x:1001:1002::/home/SambaUser:/sbin/nologin

# cat /etc/shadow
SambaUser:!!:18330:0:99999:7:::

# ls /home

# smbpasswd -a SambaUser

New SMB password: //123456

Retype new SMB password:

Added user SambaUser.

++++++++++++++++++++++++++++++++++++++++++++++++++

新增線上題庫

# mysql -u root -p
Enter password:

MariaDB [(none)]> use kkdb;

MariaDB [kkdb]> show tables;

+----------------+

| Tables_in_kkdb |

+----------------+

| tblch |

| tblexam |

| tblsr |

| tblstu |

+----------------+

MariaDB [kkdb]> select * from tblch;

+------+------+---------------------------------+

| chid | gra | chpr |

+------+------+---------------------------------+

| 1 | 7 | 第一章資訊科技導論 |

| 2 | 7 | 第二章基礎程式設計 |

| 3 | 8 | 第一章資訊素養與倫理 |

+------+------+---------------------------------+

MariaDB [kkdb]> show create table tblch\G;

*************************** 1. row ***************************

Table: tblch

Create Table: CREATE TABLE `tblch` (

`chid` int(11) NOT NULL AUTO_INCREMENT,

`gra` varchar(1) COLLATE utf8_unicode_ci DEFAULT NULL,

`chpr` varchar(30) COLLATE utf8_unicode_ci DEFAULT NULL,

PRIMARY KEY (`chid`)

) ENGINE=InnoDB AUTO_INCREMENT=4 DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci

MariaDB [kkdb]> insert into tblch(gra,chpr) values('7',"第四章資料保護與資訊安全");

MariaDB [kkdb]> select * from tblch;

+------+------+---------------------------------------+

| chid | gra | chpr |

+------+------+---------------------------------------+

| 1 | 7 | 第一章資訊科技導論 |

| 2 | 7 | 第二章基礎程式設計 |

| 3 | 8 | 第一章資訊素養與倫理 |

| 4 | 7 | 第四章資料保護與資訊安全 |

+------+------+---------------------------------------+

MariaDB [kkdb]> show create table tblexam\G; *************************** 1. row ***************************

Table: tblexam

Create Table: CREATE TABLE `tblexam` (

`qid` int(11) NOT NULL AUTO_INCREMENT,

`chid` int(11) DEFAULT NULL,

`qus` varchar(100) COLLATE utf8_unicode_ci DEFAULT NULL,

`opt1` varchar(50) COLLATE utf8_unicode_ci DEFAULT NULL,

`opt2` varchar(50) COLLATE utf8_unicode_ci DEFAULT NULL,

`opt3` varchar(50) COLLATE utf8_unicode_ci DEFAULT NULL,

`opt4` varchar(50) COLLATE utf8_unicode_ci DEFAULT NULL,

`ans` varchar(1) COLLATE utf8_unicode_ci DEFAULT NULL,

PRIMARY KEY (`qid`)

) ENGINE=InnoDB AUTO_INCREMENT=77 DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci

# vi /var/lib/mysql/kkdb/tblexam.txt

77 4 哪一項個資在尊重當事人及合法情況下，可以蒐集、處理或利用？病歷財務情況犯罪前科基因。Ｂ
78 4 自然人與法人兩者都是法律用語。從生物學的觀點，如何區分兩者差異？自然人是在大自然中生長法人是財團組織裡的員工自然人是指出生而取得民事主體資格的人；而法人則指法律上擬人化的組織自然人指法律上擬人化的組織；而法人則是指出生而取得民事主體資格的人。Ｃ
...

// vi 內似乎不能太多筆資料，

// 不用加選項(A)(B)(C)(D)

//qid 接續之前

//Tab 區隔

----------------------------20200908

從題庫產生後，先以MS word整理、寫好，欄位間為Tab區隔，ans題庫產生預設是全形大寫，須改成半形大寫

再補上qid欄位資料與chid欄位資料

最後才複製到vi內

----------------------------

MariaDB [kkdb]> delete from tblexam ; //先刪除原資料

MariaDB [kkdb]> load data infile 'tblexam.txt' into table tblexam;

MariaDB [kkdb]> select * from tblexam;

MariaDB [kkdb]> delete from tblexam where qid=101; //刪除資料

http://192.168.1.4/addqus.php

//ans 匯入是全形大寫字母，須改成半形大寫字母
MariaDB [kkdb]> update tblexam set ans='B' where qid=77;
MariaDB [kkdb]> select qid,ans from tblexam;

//7年級第一章給8年級測
MariaDB [kkdb]> update tblch set gra='8' where chid=1;

//2020-09-11刪除與更新

MariaDB [kkdb]> select * from tblstu where sid=987;

MariaDB [kkdb]> update tblstu set cla='04' where sid=987;

MariaDB [kkdb]> delete from tblstu where sid=985;

//2020-09-14 修改欄位長度

MariaDB [kkdb]> alter table tblexam modify column qus varchar(200);

http://172.31.145.99/addqus.php

MariaDB [kkdb]> select * from tblexam where qid=160;

MariaDB [kkdb]> delete from tblexam where qid=160;

MariaDB [kkdb]> update tblstu set sno='40' where sid=552;

[root@centos7 ~]# vi /var/lib/mysql/kkdb/tblexam.txt

//刪除原內容

//貼上在word整理好的新題目

//新增題目

//先確認目前qid 是多少，再到word依序補上qid 與 chid 兩欄位資料

http://172.31.145.99/addqus.php

MariaDB [kkdb]> select qid from tblexam;

[root@centos7 ~]# vi /var/lib/mysql/kkdb/tblexam.txt

MariaDB [kkdb]> load data infile 'tblexam.txt' into table tblexam;

2020年2月24日星期一

CentOS8 指令練習與網路管理

此篇已經重新謄錄完成!!
可以作廢。

-------------------------------------------------------------

//系統版本
CentOS8 Linux 8 ( Core )

// 4.18.0 核心版本 147 修正次數 x86 相容電腦 61 bit
Kernel 4.18.0-147.5.1.e18_1.x86_64 on an x86_64

// # 最高權限管理者 $ 一班使用者 root 使用者 CentOS8 主機名 ~ 使用者家目錄
[root@CentOS8 ~]#

// show who is logged on
# who
root pts/1 2020-03-21 15:33 (192.168.2.100)

// Show who is logged on and what they are doing
# w
15:42:45 up 1:20, 2 users, load average: 0.00, 0.00, 0.00
USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT
root pts/1 192.168.2.100 15:33 0.00s 0.06s 0.03s w

// 關機馬上 halt

# shutdown -h now

// 關機10分鐘後

# shutdown -h 10

//重開機 reboot
# shutdown -r

#reboot

// print name of current/working directory
# pwd
/root

// 列出檔案系統根目錄下
# ls /
bin dev home lib64 mnt proc run srv tmp usr
boot etc lib media opt root sbin sys ubstituteqq var

// .. 上一層目錄，目前在 /root
# ls ..
bin dev home lib64 mnt proc run srv tmp usr
boot etc lib media opt root sbin sys ubstituteqq var

// . 目前所在目錄，目前在 /root ，同 # ls

# ls .

//list directory contents
//Change the current directory to dir

# cd /home

[root@CentOS8 home]#

//print system information
// -s, --kernel-name -n, --nodename -r, --kernel-release
# uname -snr
Linux Ku.CentOS8 4.18.0-147.el8.x86_64

# date
四 3月 26 10:50:07 CST 2020

# echo $LANG

zh_TW.UTF-8

# locale

LANG=zh_TW.UTF-8

...

# vi /etc/hostname

Ku.CentOS8

# hostnamectl set-hostname Ku.CentOS8.chehjh

# hostnamectl

Static hostname: Ku.CentOS8.chehjh

...

-------------------------------------------------------------cp, mv, rm

//copy files and directories
// . 目前目錄下
# cp /etc/yum.conf .
# ls
anaconda-ks.cfg yum.conf
[root@centos8 ~]# pwd
/root

//--recursive

# cp -r /etc/ssh .

# ls

anaconda-ks.cfg ssh

// move (rename) files
# mv yum.conf aa.conf
# ls
aa.conf anaconda-ks.cfg

//remove files or directories
# rm aa.conf
rm：是否移除普通檔案'aa.conf'? y

// --recursive --force
# rm -rf ssh

-------------------------------------- touch, cat, more, less, head, tail

// concatenate files and print on the standard output
//--number

# cat -n /var/log/messages

...

2976 Mar 28 17:04:57 centos8 systemd[1]: Starting Cleanup of Temporary Directories...

2977 Mar 28 17:04:57 centos8 systemd[1]: Started Cleanup of Temporary Directories.

// 產生 test.txt ， > 將輸入文字寫入 test.txt 中
# cat > test.txt
I love Linux! //輸入完成按 Ctrl+D
# ls
anaconda-ks.cfg test.txt
# cat test.txt
I love Linux!

//SPACE Display next k lines of text. Defaults to current screen size.
//RETURN Display next k lines of text. Defaults to 1
# more anaconda-ks.cfg

# less anaconda-ks.cfg

//預設10 列
# head /var/log/messages
Feb 17 22:50:34 centos8 kernel: Linux version 4.18.0-147.el8.x86_64 (mockbuild@kbuilder.bsys.centos.org) (gcc version 8.3.1 20190507 (Red Hat 8.3.1-4) (GCC)) #1 SMP Wed Dec 4 21:51:45 UTC 2019

// 指定3列

# tail -3 /var/log/messages

Mar 28 17:00:34 centos8 systemd[1]: Started dnf makecache.

Mar 28 17:04:57 centos8 systemd[1]: Starting Cleanup of Temporary Directories...

Mar 28 17:04:57 centos8 systemd[1]: Started Cleanup of Temporary Directories.

// ----follow 持續監控記錄檔，有新資料馬上顯示 ^C 中斷

# tail -f /var/log/messages

//產生空白檔案

# touch kk1.txt
# ls
anaconda-ks.cfg kk1.txt

//change file timestamps

# ls -l
-rw-------. 1 root root 1262 2月 17 22:49 anaconda-ks.cfg
# touch anaconda-ks.cfg
# ls -l
-rw-------. 1 root root 1262 3月 29 15:33 anaconda-ks.cfg

-------------------------------------- mkdir, rmdir

// make directories
# mkdir dir1
# ls -l
-rw-------. 1 root root 1262 3月 29 15:33 anaconda-ks.cfg
drwxr-xr-x. 2 root root 6 3月 29 15:36 dir1

// remove empty directories
# touch dir1/file1
# ls dir1/file1
dir1/file1

// -f, --force -r, -R, --recursive
# rm -r dir1
rm: descend into directory 'dir1'? y
rm：是否移除普通空白檔案'dir1/file1'? y
rm：是否移除目錄'dir1'? y
# ls
anaconda-ks.cfg

-------------------------------------- link

# echo "HelloWorld" > data.txt

// -i, --inode
# ls -li
8851206 -rw-r--r--. 1 root root 11 3月 29 17:21 data.txt

//-s, --symbolic make symbolic links instead of hard links
# ln -s data.txt slink
# ls -li
8851206 -rw-r--r--. 1 root root 11 3月 29 17:21 data.txt
8851201 lrwxrwxrwx. 1 root root 8 3月 29 17:24 slink -> data.txt
// l: link rwx: link 沒自己權限，視真實檔案為主
//2個 inode 編號不同

# cat slink

HelloWorld

# rm data.txt

rm：是否移除普通檔案'data.txt'? y

# ls -l slink

lrwxrwxrwx. 1 root root 8 3月 29 17:24 slink -> data.txt

// slink 變成紅色警戒，表連結無效

//刪除真實檔案的檔名
//符號連結 symbolic link 就無法取得真實檔案的 inode 資訊內的 Block 區塊位置

# cat slink
cat: slink: 沒有此一檔案或目錄

# rm slink
rm：是否移除符號連結'slink'? y

# echo "HelloWorld" > data2.txt

// Create hard links by default, symbolic links with --symbolic.

# ln data2.txt hlink

# ls -li

8851201 -rw-r--r--. 2 root root 11 3月 29 17:38 data2.txt

8851201 -rw-r--r--. 2 root root 11 3月 29 17:38 hlink

//2個 inode 編號相同

# rm data2.txt
rm：是否移除普通檔案'data2.txt'? y

# ls -li

8851201 -rw-r--r--. 1 root root 11 3月 29 17:38 hlink

# cat hlink

HelloWorld

// 硬連結 hard link 複製真實檔案的 inode 資訊，所以刪除真實檔案的檔名

//硬連結仍可以取得真實檔案的 inode 資訊內的 Block 區塊位置

symbolic link 可跨越分割區支援目錄刪除真實檔案後成無效連結無法自訂權限

hard link 不可跨越分割區不支援目錄刪除真實檔案後仍有效連結可以自訂權限

-------------------------------------- 執行檔

//執行檔的絕對路徑
# ls /usr/bin/du
/usr/bin/du
# /usr/bin/du
44 .

//環境變數 PATH 設定自動搜尋目錄裡的執行檔
# echo $PATH
/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/root/bin
# du
44 .

# echo "HelloWorld!" > runMe
# ls -l
-rw-r--r--. 1 root root 12 3月 29 22:16 runMe

# chmod u+x runMe

# ls -l

-rwxr--r--. 1 root root 12 3月 29 22:16 runMe

# runMe

-bash: runMe：命令找不到

//執行目前所在目錄下的執行檔

# ./runMe

./runMe: 列 1: HelloWorld!：命令找不到

-------------------------------------- 硬碟空間使用情形

//report file system disk space usage 各分割區使用情況
//-h, --human-readable
# df -h
檔案系統容量已用可用已用% 掛載點
devtmpfs 886M 0 886M 0% /dev
tmpfs 904M 0 904M 0% /dev/shm
tmpfs 904M 8.7M 895M 1% /run
tmpfs 904M 0 904M 0% /sys/fs/cgroup
/dev/mapper/cl_centos8-root 6.2G 1.4G 4.9G 23% /
/dev/sda1 976M 136M 774M 15% /boot
tmpfs 181M 0 181M 0% /run/user/0

//estimate file space usage 目前目錄下( 含子目錄)已用空間
# du -h
32K .

//-s, --summarize

# du -sh /var/

115M /var/

# du -sh /var/*

0 /var/adm

24M /var/cache

0 /var/crash

...

-------------------------------------- 重導輸出 redirect ，重導輸入

//若導向到的檔案已經存在，則會被覆蓋
# echo "this is old data" > myfile
# cat myfile
this is old data

// >> 新增至尾端

# echo "this is new data" >> myfile
# cat myfile
this is old data
this is new data

# ls
anaconda-ks.cfg
# ls kk1.txt
ls: 無法存取 'kk1.txt': 沒有此一檔案或目錄

// stdin:0 stdout:1 stderr:2
# ls kk1.txt 2> myError

# ls
anaconda-ks.cfg myError

# cat myError
ls: 無法存取 'kk1.txt': 沒有此一檔案或目錄

# echo "電腦使用筆記" > mydata
# cat mydata
電腦使用筆記

//行數字數 byte數
# wc < mydata
1 1 19

# ls -l
-rw-r--r--. 1 root root 19 3月 29 22:58 mydata

-------------------------------------- 迴路介面 loopback interface

//ifconfig 替換為 ip addr
# ip addr show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 00:0c:29:67:87:0a brd ff:ff:ff:ff:ff:ff
inet 192.168.2.103/24 brd 192.168.2.255 scope global noprefixroute ens33
valid_lft forever preferred_lft forever
inet6 fe80::738b:2e41:1d4b:20f3/64 scope link noprefixroute
valid_lft forever preferred_lft forever

# cat /etc/hosts

127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4

::1 localhost localhost.localdomain localhost6 localhost6.localdomain6

# ping localhost

PING localhost(localhost (::1)) 56 data bytes

64 bytes from localhost (::1): icmp_seq=1 ttl=64 time=0.069 ms

-------------------------------------- nmcli 設定IP 相關

# nmcli device status
DEVICE TYPE STATE CONNECTION
ens33 ethernet 已連線 ens33
lo loopback 不受管理 --

# nmcli connection modify ens33 ipv4.address 192.168.2.103/24

# nmcli connection modify ens33 ipv4.gateway 192.168.2.1

# nmcli connection modify ens33 ipv4.dns 192.168.2.1

# nmcli device connect ens33
裝置「ens33」已成功以「9cb77588-c78e-40b0-acbe-3be164c3e385」啟用。
# nmcli device disconnect ens33

# nmcli connection up ens33
連線已成功啟用（D-Bus 啟用路徑：/org/freedesktop/NetworkManager/ActiveConnection/3）
# nmcli connection down ens33

# nmcli device show ens33
GENERAL.DEVICE: ens33
GENERAL.TYPE: ethernet
GENERAL.HWADDR: 00:0C:29:67:87:0A
GENERAL.MTU: 1500
GENERAL.STATE: 100 (已連線)
GENERAL.CONNECTION: ens33
GENERAL.CON-PATH: /org/freedesktop/NetworkManager/ActiveConnectio>
WIRED-PROPERTIES.CARRIER: 開
IP4.ADDRESS[1]: 192.168.2.103/24
IP4.GATEWAY: 192.168.2.1
IP4.ROUTE[1]: dst = 192.168.2.0/24, nh = 0.0.0.0, mt = 100
IP4.ROUTE[2]: dst = 0.0.0.0/0, nh = 192.168.2.1, mt = 100
IP4.DNS[1]: 192.168.2.1
IP6.ADDRESS[1]: fe80::738b:2e41:1d4b:20f3/64
IP6.GATEWAY: --
IP6.ROUTE[1]: dst = fe80::/64, nh = ::, mt = 100
IP6.ROUTE[2]: dst = ff00::/8, nh = ::, mt = 256, table=255

//CLI 下的圖形設計工具
# nmtui edit ens33

# systemctl restart NetworkManager.service

------------------------------ ip 工具由命令所做的設定，不會存至系統組態檔，所只適合測試用。

# ip addr show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
.
.
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000

link/ether 00:0c:29:67:87:0a brd ff:ff:ff:ff:ff:ff

inet 192.168.2.103/24 brd 192.168.2.255 scope global noprefixroute ens33

//顯示特定設備的統計資料

# ip -s link show ens33

2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP mode DEFAULT group default qlen 1000

link/ether 00:0c:29:67:87:0a brd ff:ff:ff:ff:ff:ff

RX: bytes packets errors dropped overrun mcast

818966 6508 0 0 0 0

TX: bytes packets errors dropped carrier collsns

601940 3995 0 0 0 0

// 指派 ip 位址給設備

# ip addr add 192.168.2.104/24 brd + dev ens33

# ip addr

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000

link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00

inet 127.0.0.1/8 scope host lo

2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000

link/ether 00:0c:29:67:87:0a brd ff:ff:ff:ff:ff:ff

inet 192.168.2.103/24 brd 192.168.2.255 scope global noprefixroute ens33

valid_lft forever preferred_lft forever

inet 192.168.2.104/24 brd 192.168.2.255 scope global secondary ens33

# ping 192.168.2.104

PING 192.168.2.104 (192.168.2.104) 56(84) bytes of data.

64 bytes from 192.168.2.104: icmp_seq=1 ttl=64 time=0.071 ms

若 Host is Wondows7 無法 ping ：
控制台\系統及安全性\Windows 防火牆 --> 進階設定 --> 輸入規則 --> 檔案及印表機共用 (回應要求 - ICMPv4-In) --> 私人,公用 --> 已啟用 --> 是

# ip addr del 192.168.2.104/24 dev ens33

# ip addr

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000

link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00

inet 127.0.0.1/8 scope host lo

2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group defa ult qlen 1000

link/ether 00:0c:29:67:87:0a brd ff:ff:ff:ff:ff:ff

inet 192.168.2.103/24 brd 192.168.2.255 scope global noprefixroute ens33

//啟用

# ip link set ens33 up

//停用

# ip link set ens33 down

-------------------------------------- NetworkManager 工具

# systemctl status NetworkManager

● NetworkManager.service - Network Manager

Loaded: loaded (/usr/lib/systemd/system/NetworkManager.service; enabled; vendor pre>

Active: active (running) since Mon 2020-02-24 16:12:24 CST; 41min ago

# ls /usr/lib/systemd/system

NetworkManager.service

//系統網路組態目錄下的設定檔

# ls /etc/sysconfig/network-scripts/

ifcfg-ens33

# cat /etc/sysconfig/network-scripts/ifcfg-ens33

TYPE=Ethernet

PROXY_METHOD=none

BROWSER_ONLY=no

BOOTPROTO=none //是否自動取的IP；若是，dhcp 。若否，static 或 none

DEFROUTE=yes

IPV4_FAILURE_FATAL=no

IPV6INIT=yes

IPV6_AUTOCONF=yes

IPV6_DEFROUTE=yes

IPV6_FAILURE_FATAL=no

IPV6_ADDR_GEN_MODE=stable-privacy

NAME=ens33

UUID=9cb77588-c78e-40b0-acbe-3be164c3e385

DEVICE=ens33

ONBOOT=yes //開機是否啟用此網路卡

IPADDR=192.168.2.103

PREFIX=24

GATEWAY=192.168.2.1

DNS1=192.168.2.1

IPV6_PRIVACY=no

# systemctl restart NetworkManager.service

-------------------------------------- 網路測試工具

//hostnamectl 取替 hostname

# hostnamectl set-hostname CentOS8.Ku
# hostnamectl

Static hostname: CentOS8.Ku
Icon name: computer-vm
Chassis: vm
Machine ID: 964572b3e4d64c338b0bc8c066ac099c
Boot ID: 1c016fbe42b8401d84e934a75a3a450e
Virtualization: vmware
Operating System: CentOS Linux 8 (Core)
CPE OS Name: cpe:/o:centos:centos:8
Kernel: Linux 4.18.0-147.5.1.el8_1.x86_64
Architecture: x86-64

//測試主機回應 Hinet 的 DNS
# ping 168.95.1.1
PING 168.95.1.1 (168.95.1.1) 56(84) bytes of data.
64 bytes from 168.95.1.1: icmp_seq=1 ttl=247 time=9.10 ms

//ss is used to dump socket statistics.
//ss 取替 netstat
t：tcp協定 u：udp協定 n：不用名稱以port顯示 p：連線由哪個行程處理 l：在傾聽的連線

# ss -tunpl
Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port
udp UNCONN 0 0 127.0.0.53%lo:53 0.0.0.0:* users:(("systemd-resolve",pid=1693,fd=18))

//檢視tcp連線
# ss -t
State Recv-Q Send-Q Local Address:Port Peer Address:Port
ESTAB 0 52 192.168.2.103:ssh 192.168.2.100:54723

//檢視udp
# ss -u
Recv-Q Send-Q Local Address:Port Peer Address:Port

//tracepath 取替 traceroute/traceroute6
# tracepath 8.8.8.8
1?: [LOCALHOST] pmtu 1500
1: _gateway 1.110ms
1: _gateway 1.143ms
2: ZyXEL.Home 1.737ms

//ip route 取替 route

# ip route show | column -t

default via 192.168.2.1 dev ens33 proto static metric 100
192.168.2.0/24 dev ens33 proto kernel scope link src 192.168.2.103

# ip route show | column -t > kkRouteTable.txt
# cat kkRouteTable.txt
default via 192.168.2.1 dev ens33 proto static metric 100
192.168.2.0/24 dev ens33 proto kernel scope link src 192.168.2.103 metric 100

# ip -6 route show | column -t
::1 dev lo proto kernel metric 256 pref medium
fe80::/64 dev ens33 proto kernel metric 100 pref medium

# ip route show
default via 192.168.1.1 dev ens32 proto static metric 100
192.168.1.0/24 dev ens32 proto kernel scope link src 192.168.1.4 metric 100

# ip addr add 10.15.150.1/24 brd + dev ens32
# ip addr show
...

2: ens32: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 00:0c:29:2f:19:6f brd ff:ff:ff:ff:ff:ff
inet 192.168.1.4/24 brd 192.168.1.255 scope global noprefixroute ens32
valid_lft forever preferred_lft forever
inet 10.15.150.1/24 brd 10.15.150.255 scope global ens32
valid_lft forever preferred_lft forever
...

# ip route add 10.15.150.0/24 192.168.1.1 dev ens32 //增加靜態路由

# ip route show

default via 192.168.1.1 dev ens32 proto static metric 100

10.15.150.0/24 dev ens32 proto kernel scope link src 10.15.150.1

192.168.1.0/24 dev ens32 proto kernel scope link src 192.168.1.4 metric 100

# ping 10.15.150.1

PING 10.15.150.1 (10.15.150.1) 56(84) bytes of data.

64 bytes from 10.15.150.1: icmp_seq=1 ttl=64 time=0.064 ms

...

# ip route del 10.15.150.0/24

# ip route show

default via 192.168.1.1 dev ens32 proto static metric 100

192.168.1.0/24 dev ens32 proto kernel scope link src 192.168.1.4 metric 100

# ip addr del 10.15.150.1/24 dev ens32

# ip addr show

...

2: ens32: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000

link/ether 00:0c:29:2f:19:6f brd ff:ff:ff:ff:ff:ff

inet 192.168.1.4/24 brd 192.168.1.255 scope global noprefixroute ens32

valid_lft forever preferred_lft forever

...

//ARP Address Resolution Protocol 位址解析協定，由已知的 IP 位址查問其相對應的網路實體位址MAC
RARP Reverse Address Resolution Protocol 反向位址解析協定,由已知的網路實體位址（MAC 位址）查詢其相對應的 IP 位址

//ip neighbor 取替 arp

# ip neighbor show

192.168.2.1 dev ens33 lladdr 80:1f:02:1f:33:86 STALE

192.168.2.100 dev ens33 lladdr 54:04:a6:6b:67:7d REACHABLE

被淘汰的工具只是不在預設安裝所包含的，所以是可以利用 yum 把他安裝回來

Note：在 yum 中不知道套件的名稱，可以用 provides 和 list 直接搜尋 package 裡面的工具

//DNF is the next upcoming major version of YUM

# dnf provides */ifconfig

net-tools-2.0-0.51.20160912git.el8.x86_64 : Basic networking tools

軟體庫：BaseOS

符合來源：

檔案名稱：/usr/sbin/ifconfig

# dnf -y install net-tools

# netstat -r | column -t
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
default _gateway 0.0.0.0 UG 0 0 0 ens33
192.168.2.0 0.0.0.0 255.255.255.0 U 0 0 0 ens33

# dnf -y install bind-utils

# dig 168.95.1.1

# dnf -y install traceroute

# traceroute www.chehjh.kh.edu.tw

----------------------------------------------------------------- Firewalld

//查詢啟用狀態
# firewall-cmd --state
running

# firewall-cmd --get-zones

block dmz drop external home internal public trusted work

# ls /usr/lib/firewalld/zones/

block.xml drop.xml home.xml public.xml work.xml

dmz.xml external.xml internal.xml trusted.xml

# firewall-cmd --get-active-zone

public

interfaces: ens32

//了解目前zone的詳細設定

# firewall-cmd --zone=public --list-all

public (active)

target: default

icmp-block-inversion: no

interfaces: ens32

sources:

services: cockpit dhcpv6-client ssh

...

// 名稱 vsfpt 、vsftpd 都不是

# firewall-cmd --get-service | grep ftp
...
cockpit condor-collector ctdb dhcp dhcpv6 dhcpv6-client distcc dns dns-over-tls docker-registry
...
freeipa-ldaps freeipa-replication freeipa-trust ftp ganglia-client ganglia-master git grafana gre high-availability http https imap imaps ipp ipp-client ipsec irc ircs iscsi-target isns jenkins kadmin
...
network llmnr managesieve matrix mdns memcache minidlna mongodb mosh mountd mqtt mqtt-tls ms-wbt mssql murmur mysql nfs nfs3 nmea-0183 nrpe ntp nut openvpn ovirt-imageio ovirt-
...
rpc-bind rsh rsyncd rtsp salt-master samba samba-client samba-dc sane sip sips slp smtp smtp-submission smtps snmp snmptrap spideroak-lansync spotify-sync squid ssdp ssh steam-streaming svdrp svn syncthing syncthing-gui synergy syslog syslog-tls telnet tentacle tft tftp-client tile38 tinc
...

# ls /usr/lib/firewalld/services/ | grep ftp
ftp.xml
tftp-client.xml
tftp.xml

//將服務加入規則

# firewall-cmd --zone=public --add-service=ftp

success

# firewall-cmd --zone=public --list-all

public (active)

...

services: cockpit dhcpv6-client ftp ssh

ports:

...

//將埠口加入規則

# firewall-cmd --zone=public --add-port=8080/tcp

success

# firewall-cmd --zone=public --list-all

public (active)

...

services: cockpit dhcpv6-client ftp ssh

ports: 8080/tcp

...

//將服務與埠口移除

# firewall-cmd --zone=public --remove-port=8080/tcp

success

# firewall-cmd --zone=public --list-all

public (active)

...

services: cockpit dhcpv6-client ftp ssh

ports:

# firewall-cmd --zone=public --remove-service=ftp

success

# firewall-cmd --zone=public --list-all

public (active)

...

services: cockpit dhcpv6-client ssh

ports:

// firewalld.service 開機是否啟動

# systemctl disable firewalld.service

# systemctl enable firewalld.service

# systemctl is-enabled firewalld.service

enabled

# ls /usr/lib/systemd/system

...

crond.service selinux-autorelabel-mark.service

...

default.target.wants sshd.service

dnf-makecache.service sssd-kcm.service

...

firewalld.service suspend-then-hibernate.target

...

NetworkManager.service systemd-rfkill.socket

...

//停止FirewallD服務

# systemctl stop firewalld.service

# systemctl start firewalld.service

# systemctl is-active firewalld.service

active

# systemctl status firewalld.service

● firewalld.service - firewalld - dynamic firewall daemon

Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; vendor preset: enabled)

Active: active (running) since Thu 2020-03-05 10:58:39 CST; 1min 51s ago

2020年2月23日星期日

CentOS8 vsftp

參考來源：
https://www.server-world.info/en/note?os=CentOS_8&p=ftp&f=1

--------------------------------------------------- 安裝、設定
# dnf -y install vsftpd

# vi /etc/vsftpd/vsftpd.conf
...
anonymous_enable=NO
...
chroot_local_user=YES

allow_writeable_chroot=YES
...
# add to the end
# fix PASV ports to allow FTP access with PASV
pasv_enable=YES

--------------------------------------------------- 套件安裝目錄與檔案

//執行檔
# ls /usr/sbin | grep vsftpd
vsftpd

//設定檔

# ls /etc/vsftpd
ftpusers user_list vsftpd.conf

//FTP 站台根目錄
# ls /var/ftp
pub

--------------------------------------------------- 啟動服務

// systemctl 指令，可列出目前所有服務的狀態資訊
# systemctl | grep vsftpd

vsftpd.service

# systemctl start vsftpd

# systemctl enable vsftpd

# systemctl status vsftpd

--------------------------------------------------- 檢查套件資訊、服務名稱、行程 or 執行檔所在位置

# rpm -qa | grep vsftpd
vsftpd-3.0.3-28.el8.x86_64

# ps -aux | grep vsftp
root 2618 0.0 0.0 26980 408 ? Ss 14:30 0:00 /usr/sbin/vsftpd /etc vsftpd/vsftpd.conf

# ls /usr/sbin | grep vsftp

vsftpd

# ls /usr/lib/systemd/system | grep vsftp

vsftpd.service

vsftpd@.service

vsftpd.target

--------------------------------------------------- 開啟防火牆

# firewall-cmd --state

running

# firewall-cmd --get-zones

block dmz drop external home internal public trusted work

# firewall-cmd --get-active-zone

public

interfaces: ens33

# firewall-cmd --zone=public --list-all

public (active)

target: default

icmp-block-inversion: no

interfaces: ens33

sources:

services: cockpit dhcpv6-client http https ssh

...

//列出 firewall-cmd 所有可用的服務

# firewall-cmd --get-service | grep ftp //vsfpt 、vsftpd 都找不到

//這些服務定義在此資料夾內

# ls /usr/lib/firewalld/services/ | grep ftp

ftp.xml

tftp-client.xml

tftp.xml

# firewall-cmd --permanent --zone=public --add-service=ftp

success

# firewall-cmd --reload

success

# firewall-cmd --zone=public --list-all

public (active)

target: default

icmp-block-inversion: no

interfaces: ens33

sources:

services: cockpit dhcpv6-client ftp http https ssh

--------------------------------------------------- SELinux

# getsebool -a | grep ftp*

# setsebool -P ftpd_full_access on

# setsebool -P tftp_home_dir on

--------------------------------------------------- 新增群組、使用者

//建立群組
# groupadd Gftp
# cat /etc/group
.
.
Gftp:x:1004:

//建立帳號並指定已存在的的群組

# useradd -g Gftp s306

# passwd s306

更改使用者 s306 的密碼。

新密碼：

//帳號資料

# cat /etc/passwd

s306:x:1003:1004::/home/s306:/bin/bash

//密碼資料

# cat /etc/shadow

s306:$6$1pUNBa5VJIUydee8$zNtG40zl2wBuxjhtF/aAWrxeI3s1bVRGexWlCVFzmpCk9MZW5 ajUFEtIL19A518.v8CPLUV8n/Kj6RUE3dCG//:18315:0:99999:7:::

//家目錄

# ls -l /home

drwx------. 2 s306 Gftp 62 2月 23 22:27 s306

//使用者相關資訊

# id s306

uid=1003(s306) gid=1004(Gftp) groups=1004(Gftp)

//刪除帳號、家目錄及沒有含其它帳號的群組

# userdel -r 帳號

--------------------------------------------------- 上課用班級資料夾

# su -l s306

$ mkdir {01..40}

$ ls

01 04 07 10 13 16 19 22 25 28 31 34 37 40

02 05 08 11 14 17 20 23 26 29 32 35 38

03 06 09 12 15 18 21 24 27 30 33 36 39

$ su
密碼：
# cd
#

# chattr +a -R /home/s306 //+a只能以附加方式寫入

# lsattr /home
-----a------------- /home/s306

ftp://192.168.2.103/座號/
使用者名稱：s306
密碼：123456

# ls /home/s306/*/1.docx

--------------------------------------------------- 檔案總管上傳中文檔名呈現亂碼

改用 FileZilla_3.46.3_win64_sponsored-setup.exe
站台管理員 --> 新站台 --> 字元集 --> 強制使用 UTF-8

--------------------------------------------------- 移除套件

# dnf -y remove vsftpd

訂閱：文章 (Atom)

內容選單標籤

2020年9月19日 星期六

2020年4月21日 星期二

2020年2月24日 星期一

此篇已經重新謄錄完成!!可以作廢。

2020年2月23日 星期日

2020年9月19日星期六

2020年4月21日星期二

2020年2月24日星期一

此篇已經重新謄錄完成!!
可以作廢。

2020年2月23日星期日