zoukankan      html  css  js  c++  java
  • Linux 学习(十八)

    1、实现基于MYSQL验证的vsftpd虚拟用户访问

    两台服务器:一台ftp服务器192.168.5.11 一台mariadb服务器192.168.5.12

    (1)mariadb服务器

    yum install -y mariadb-server

    systemctl start mariadb
    mysql
    

    create database vsftpd ;

    use vsftpd ;
    CREATE TABLE users (
    id INT AUTO_INCREMENT NOT NULL PRIMARY KEY,
    name CHAR(50) BINARY NOT NULL,
    password CHAR(48) BINARY NOT NULL) ;
    

    insert into users (name,password) value('ftpuser1',password('123456')) ;
    insert into users (name,password) value('ftpuser2',password('123456'));
    grant select on vsftpd.* to vsftpd@'192.168.5.%' identified by '123456';
    

    (2)ftp服务器,安装ftp,编译按章pam_mysql
    yum install -y vsftpd
    

    tar -xf pam_mysql-0.7RC1.tar.gz
    cd pam_mysql-0.7RC1/
    

    yum install -y gcc gcc-c++ pam-devel mariadb-devel

    ./configure --with-pam-mods-dir=/lib64/security/

    make && make install

    (3)创建pam认证文件
    vim /etc/pam.d/vsftpd.mysql
    auth required pam_mysql.so user=vsftpd passwd=123456 host=192.168.5.12 db=vsftpd table=users usercolumn=name passwdcolumn=password crypt=2
    account required pam_mysql.so user=vsftpd passwd=123456 host=192.168.5.12 db=vsftpd table=users usercolumn=name passwdcolumn=password crypt=2
    

    (4)创建FTP虚拟用户与共享目录,并修改 /etc/vsftpd/vsftpd.conf

    useradd -d /data/ftproot -s /sbin/nologin vuser

    chmod 555 /data/ftproot

    
    mkdir /data/ftproot/upload
    setfacl -m u:vuser:rwx /data/ftproot/upload
    

    vim /etc/vsftpd/vsftpd.conf
    pam_service_name=vsftpd.mysql    #修改此项
    #添加以下三项
    guest_enable=YES
    guest_username=vuser
    user_config_dir=/etc/vsftpd/vusers.d/    #独立用户配置目录
    

    (5)启动FTP服务,用数据库中的用户测试
    systemctl start vsftpd
    ftp 192.168.5。11
    ftpuser1
    123456
    

    2、通过NFS实现服务器/www共享访问

    (1)NFS服务器配置
    systemctl start nfs-server
    systemctl enable nfs-server
    mkdir /www
    vim /etc/exports
    /www 192.168.5. /24 (rw,root_squash)
    systemctl start nfs-server
    exportfs -v
    touch /www/f1.txt![](https://img2020.cnblogs.com/blog/1111107/202008/1111107-20200830202942676-833370099.png)
    
    
    


    (2)客户端挂载NFS目录

    showmount -e 192.168.5.11

    mount -o rw,nosuid,fg,hard,intr 192.168.5.11:/www /data/

    cd /data
    ls -l
    

    3、配置samba共享,实现/www目录共享

    (1)安装samba包
    yum install -y samba
    

    (2)创建samba用户和组,并创建samba共享目录
    groupadd -r smbgroup 
    useradd -s /sbin/nologin -G smbgroup smbuser1
    id smbuser1
    smbpasswd -a smbuser1
    useradd -s /sbin/nologin smbuser2
    smbpasswd -a smbuser2
    mkdir /www
    chgrp smbgroup /www
    chmod 2775 /www
    ls -ld /www
    
    

    (3)修改samba配置文件 /etc/samba/smb.conf
    vim /etc/samba/smb.conf
    [smbshare]
            path = /www
            writeable = no
            write list = @smbgroup
    

    (4)启动samba服务
    
    systemctl start smb nmb
    
    

    (5)客户端安装cifs-utils包,并挂载
    
    yum install -y cifs-utils
    

    mkdir /data/smbuser1 
    mkdir /data/smbuser2
    
    

    mount -o username=smbuser1,password=centos //192.168.5.12/smbshare /data/smbuser1
    mount -o username=smbuser2 //192.168.27.27/smbshare /data/smbuser2
    
    

    4、使用rsync+inotify实现/www目录实时同步

    (1)服务端安装inotify-tools软件包(epel源)和 rsync包(光盘yum源)
    yum install -y inotify-tools rsync
    

    (2)服务端生成验证文件
    echo "rsyncuser:123456" > /etc/rsync.pass
    chmod 600 /etc/rsync.pass
    

    (3)服务端准备要备份的目录

    mkdir data

    (4)服务端修改rsync的配置文件
    vim /etc/rsyncd.conf
    uid = root
    gid = root
    use chroot = no
    max connections = 0
    ignore errors
    exclude = lost+found/
    log file = /var/log/rsyncd.log
    pid file = /var/run/rsyncd.pid
    lock file = /var/run/rsyncd.lock
    reverse lookup = no
    hosts allow = 192.168.5.0/24
    [backup]
    path = /data/
    comment = backup
    read only = no
    auth users = rsyncuser
    secrets file = /etc/rsync.pass
    

    (5)服务端启动rsync服务

    systemctl start rsyncd

    (6)客户端配置密码文件

    echo "123456" > /etc/rsync.pass
    chmod 600 /etc/rsync.pass

    (7)客户端测试同步数据
    cd /data
    touch f1.txt
    ll
    

    服务端 ll /data/

    rsync -avz --password-file=/etc/rsync.pass /data/ rsyncuser@192.168.5.11::backup
    

    服务端 ll /data/

    (8)vim inotify_rsyns.sh
    #!/bin/bash
    
    SRC='/data/'  #本地文件夹
    DEST='rsyncuser@192.168.5.11::backup'    # rsyncuser@rsync服务器IP::backup'
    LOG='/var/log/changelist.log'  #日志输出
    
    inotifywait -mrq --timefmt '%Y-%m-%d %H:%M' --format '%T %w %f' -e create,delete,moved_to,close_write,attrib ${SRC} | while read DATE TIME DIR FILE;do
       
       FILEPATH=${DIR}${FILE}
    
       rsync -az --delete --password-file=/etc/rsync.pass $SRC $DEST && echo "At ${TIME} on ${DATE}, file $FILEPATH was backuped up via rsync" >> ${LOG}
    
    done
    

    5、使用iptable实现: 放行telnet, ftp, web服务,放行samba服务,其他端口服务全部拒绝

    iptables -A INPUT -p tcp -m state --state RELATED,ESTABLISHED -j ACCEPT
    iptables -A OUTPUT -p tcp -m state --state NEW,ESTABLISHED -j ACCEPT
    iptables -A INPUT -p tcp -m multiport --dports 20:23,80,139,445 -m state --state NEW -j ACCEPT
    iptables -A INPUT -p udp -m multiport --dports 137,138 -m state --state NEW -j ACCEPT
    iptables -A INPUT -j DROP
    iptables -A OUTPUT -j DROP
    iptables -vnL
    

  • 相关阅读:
    计算机网络基础
    计算机网络之应用层
    计算机网络之传输层
    计算机网络之网络层
    计算机通信之数据链路层
    fastjson =< 1.2.47 反序列化漏洞浅析
    你没有见过的加密
    CTF MD5之守株待兔,你需要找到和系统锁匹配的钥匙
    Redis 4.x 5.x 未授权访问
    redis安装
  • 原文地址:https://www.cnblogs.com/shanghongbin/p/13586483.html
Copyright © 2011-2022 走看看