mkdir -p /mnt/cdrom
mount /dev/cdrom /mnt/cdrom
cd /etc/yum.repos.d/
mkdir backup
mv *.repo backup/
touch CentOS.repo
local="[local]\nname=cdrom\nbaseurl=file:///mnt/cdrom\ngpgcheck=0\nenabled=1\n"
echo -e $local >> CentOS.repo
yum clean all
yum makecache
mountiso="/dev/cdrom /mnt/cdrom\tiso9660\tdefaults\t0 0"
echo -e $mountiso >> /etc/fstab
mount -a

永久关闭

systemctl disable firewalld
systemctl stop firewalld
cd /etc/selinux/
echo n | cp -i config config.bak
sed -i '7s/enforcing/disabled/g' config
cat /etc/sysconfig/selinux
init 6

临时关闭

systemctl stop firewalld
setenforce 0 

查看是否关闭

iptables -L
getenforce
sestatus

server

mount /dev/cdrom /mnt/cdrom
yum install -y chrony


cd /etc/
echo n | cp -i chrony.conf chrony.conf.bak
#备份配置文件
sed -i "3,6s/^/#/g" chrony.conf

chronyconf="server 10.1.1.3 iburst\nallow 0.0.0.0/0\nlocal stratum 1"
sudo echo -e $chronyconf >> chrony.conf

systemctl enable chronyd
systemctl start chronyd
timedatectl set-ntp on


chronyc sources -v
ps axf | grep chronyd


client

mount /dev/cdrom /mnt/cdrom
yum install  -y chrony
cd /etc/
echo n | cp -i chrony.conf chrony.conf.bak
#备份配置文件
sed -i "3,6s/^/#/g" chrony.conf
chronyconf="server 10.1.1.3 iburst"
echo -e $chronyconf >> chrony.conf
cat /etc/chrony.conf
systemctl enable chronyd
systemctl start chronyd
timedatectl set-ntp on
chronyc sources -v
chronyc tracking
ps axf | grep chronyd

server

yum install -y unbound
cd /etc/unbound/
echo n | cp -i unbound.conf unbound.conf.bak
#备份

cd /etc/unbound
sed -i '38s/#//g' unbound.conf
sed -i '176s/#//g' unbound.conf
#修改unbound.conf 去掉 38,176行注释
sed -i '176s/refuse/allow/g' unbound.conf
#替换176行字符 refuse 替换成 allow
sed -i '211s/unbound//g' unbound.conf
#替换211行字符 refuse 替换成 空,也就是删除掉
#当然你也可以使用 vi unbound.conf 手动编辑文件

cd /etc/unbound/local.d
#创建区域文件内容
zone='\n
local-zone:"server." static\n
local-data:"server.com. IN NS 10.1.1.3"\n
local-data:"www.client.com. IN A 10.1.1.2"\n
local-data:"www.server.com. IN A 10.1.1.3"\n
local-data:"www.storage.com. IN A 10.1.1.4"\n
local-data-ptr:"10.1.1.2 www.client.com"\n
local-data-ptr:"10.1.1.3 www.server.com"\n
local-data-ptr:"10.1.1.4 www.storage.com"
'
touch public_net.conf
echo -e $zone > public_net.conf
#重定向到文件内
systemctl enable unbound
systemctl start unbound
unbound-checkconf
#验证配置是否有错误

client storage

修改网关地址即可

nmcli con mod static ipv4.dns 10.1.1.3
nmcli con up static

ping www.server.com
ping www.server.com
ping www.storage.com

服务器

一、配置FTP匿名账户

yum install -y vsftpd
cd /etc/vsftpd/
echo n | cp -i vsftpd.conf vsftpd.conf.bak
####1.编辑主配置文件
vsftpd="anon_mkdir_write_enable=YES\nanon_upload_enable=YES\nanon_other_write_enable=YES\n"
echo -e $vsftpd >> vsftpd.conf
####2.创建目录
mkdir /var/ftp/work
chmod 777 /var/ftp/work/
####3.开启服务
systemctl enable vsftpd
systemctl start vsftpd

二、配置FTP虚拟账户

####1.编辑主配置文件
vsftpd2="guest_enable=YES\nguest_username=ftp\nuser_config_dir=/etc/vsftpd/vsftpd_user_conf\nallow_writeable_chroot=YES\n"
echo -e $vsftpd2 >> vsftpd.conf
####2.配置用户登录认证
#创建用户密码
touch user_password.txt
user_password="vtest1\n123456\nvtest2\n123456\n"
echo -e $user_password > user_password.txt
#配置用户数据库和认证
db_load -T -t hash -f user_password.txt /etc/vsftpd/vsftpd_login.db
cp -f /etc/pam.d/vsftpd /etc/vsftpd
#编辑配置文件
pam="auth required /lib64/security/pam_userdb.so db=/etc/vsftpd/vsftpd_login\naccount required /lib64/security/pam_userdb.so db=/etc/vsftpd/vsftpd_login\n"
echo -e $pam > /etc/pam.d/vsftpd
####3.用户权限设置
mkdir -pv /etc/vsftpd/vsftpd_user_conf
cd /etc/vsftpd/vsftpd_user_conf
touch vtest1
touch vtest2
#编辑vtest1用户权限
vtest1="local_root=/home/vtest1\nwrite_enable=YES\nanon_umask=022\nanon_world_readable_only=NO\nanon_upload_enable=YES\nanon_mkdir_write_enable=YES\nanon_other_write_enable=YES\n"
echo -e $vtest1 > vtest1
####4.设置虚拟账户目录权限
mkdir -p /home/vtest1/write
chown -R ftp:ftp /home/vtest1
chmod o+rwx /home/vtest1/write
####5.重启服务
systemctl restart vsftpd

客户端

yum install -y lftp
lftp 10.1.1.3
dir
cd work
mkdir 123
quit
#匿名访问
lftp 10.1.1.3 -uvtest1,123456
#使用vtest1访问
dir
cd write
mkdir 123
quit
#查看文件目录

最后修改:2021 年 09 月 13 日
如果觉得我的文章对你有用,请随意赞赏