Network system management (sample question 2)
Module A: Linux Environment
**Executive Committee of national vocational college skills competition. Technical expert group March 2021
catalogue
1, Competition introduction - 2-
2, Competition considerations - 2-
3, Submission of competition results - 2-
4, Initialize environment - 2-
1. Default account and password - 2-
2. Operating system configuration - 2-
5, Project task description - 3-
1. Topology - 3-
2. Basic configuration - 4-
3. Mission requirements - 4-
CLIENT TASK - 5 -
RSERVER TASK - 5 -
SERVER01 TASK - 6 -
SERVER02 TASK - 8 -
SERVER03 TASK - 8 -
SERVER04 TASK - 9 -
1, Competition introduction
1. Please read the following guidelines carefully!
2. The competition lasts 4 hours. You must decide how to allocate your time.
3. When the game is over, please do not shut down your virtual machine when you leave.
4. If there is no explicit requirement, please use "chinakill21" as the default password.
5. All systems in this module are in the most basic installed system state, and the client is equipped with desktop.
2, Competition precautions
1. The hardware, software and auxiliary tools required for the competition shall be uniformly arranged by the organizing committee. Contestants shall not bring any software, mobile storage, auxiliary tools, mobile communication, etc. into the competition field without permission.
2. Please check whether the listed hardware equipment, software list and material list are complete and whether the computer equipment can be used normally according to the competition environment provided by the competition.
3. During operation, the equipment configuration needs to be saved in time. After the competition, all equipment shall remain in operation. Do not remove the hardware connection.
4. After the competition, please keep the competition equipment, software and questions on your seat. It is forbidden to take all items used in the competition (including test papers and papyrus) away from the field.
5. The referee shall take the competition result documents submitted by each participating team as the main scoring basis. All submitted documents must be named according to the naming rules specified in the competition questions, and shall not reflect the participating institutions, station numbers and other information in any form.
3, Submission of competition results
According to the requirements of the topic, submit WORD files and corresponding PDF files that meet the template (PDF files are generated by saving Office Word as PDF files). It is suggested that in addition to the screenshots of configuration files, screenshots of function test should also be taken. Those that can be tested on the terminal must be tested and screenshot on the terminal, otherwise the function test part will not be scored.
4, Initialize environment
1. Default account and password
Username: root
Password: ChinaSkill21!
Username: skills
Password: ChinaSkill21!
Note: unless otherwise specified, the passwords of all accounts are ChinaSkill21!
2. Operating system configuration
Area: CST + 8
System environment language: English US (UTF-8)
Keyboard: English US
Note: when the task is to configure TLS, please add the root certificate or self signed certificate to the trusted zone.
After the console is logged in, whether it is network login or local login, it will be displayed according to the welcome information below
ChinaSkills 2020 – Jiangsu
Module A Linux
lnxserver1
Complete spelling of contestant's name
hostname<<
Debian Version<<
TIME <<
5, Project task description
A company needs to provide employees with convenient, safe and stable internal and external network services. As a company network system administrator, you are responsible for the company's network system management. Please complete the network service installation and testing according to the network topology, basic configuration information and service requirements. The network topology and basic configuration information are as follows:
1. Topology
2. Basic configuration
The basic configuration of server and client is shown in the following table:
Device Hostname FQDN IP Address Service
Server01 Server01 Server01.sdskills.cn 172.16.100.201 RAID5
NFS
DNS(bind)
Webserver(apache)
SSH
DBMS
3. Mission requirements
Task equipment: Client,Rserver,servr01,server02,server03,server04.
Note: if not specified in the title, please use the default configuration.
CLIENT TASK
1.Client: simple Debian has been pre installed. The specific requirements are as follows:
• it is required to have access to all servers for testing application services.
• please install a GNOME desktop environment for this host.
• adjust the display resolution to 1280x768;
• test DHCP, and the IPv4 address of the host network card is automatically obtained;
• test dns and install dnsutils and dig command line tools;
• test the web, install firefox browser and curl command line test tool, and do not pop up security warning information at any time;
• test ssh and install ssh command line tools;
• test VPN and install VPN client tool software;
• test ftp and install ftp command line client tools;
• test file sharing and install Samba command line client tools;
• test mail, install thunderbird, and send and receive mail normally;
• other settings are the default settings.
SERVER01 TASK
1.NETWORK
please configure the host name of the server, network card IP address configuration, domain name server, gateway, etc. according to the basic configuration information.
root@server01:~# vim /etc/network/interfaces auto ens37 iface ens37 inet static address 172.16.100.201 netmask 255.255.255.128 gateway 172.16.100.254 systemctl restart networking root@server01:~# hostnamectl set-hostname server01 root@server01:~# vim /etc/hosts 127.0.0.1 Server01.sdskills.cn
2.RAID5
add four 1G hard disks to the virtual machine;
create raid5, one of which is used as a hot spare, and the device name is md0;
set md0 as LVM and the device as / dev/vg01/lv01;
formatted as ext4 file system;
automatically mount to / data directory after startup.
Add 4 pieces 1 g Hard disk root@server01: echo "- - -" /sys/class/scsi_host/host0/scan root@server01: echo "- - -" /sys/class/scsi_host/host1/scan root@server01: echo "- - -" /sys/class/scsi_host/host2/scan root@server01:~# mdadm -Cv /dev/md0 -n 3 -l 5 -x 1 /dev/sdb /dev/sdc /dev/sdd /dev/sde create raid5 and backup disks #-Cv display process / dev/md0 device name - N raid disks - l raid level 5 -x 1 backup disk root@server01:~# Echo / dev / md0 / MNT / raid ext4 defaults 0 > > / etc / fstab mdadm - D / dev / md0 view details root@server01:~# Echo / dev / md0 / MNT / raid ext4 defaults 0 > > / etc / fstabvgcreate vg01 / dev / md0 create a volume group root@server01:~# lvcreate -L 1G -n lv01 vg01 lv logical volume root@server01:~# mkfs.ext4 /dev/vg01/lv01 formatted as ext4 root@server01:~# mkdir /mnt/raid create mount file root@server01:~# mount /dev/vg01/lv01 /mnt/raid / Mount root@server01:~# Echo / dev / md0 / MNT / raid ext4 defaults 0 > > / etc / fstab permanently mounted
3.NFS
share / data/share directory;
it is used to store the web data of server01 host;
only the service network segment is allowed to access the share.
root@server01:~# apt install nfs-common nfs-kernel-server -y root@server01:~# mkdir /data/share -p root@server01:~# mkdir /data/web -p root@server01:~# vim /etc/exports edit the configuration file /data/share 172.16.100.128/25(rw,sync,no_root_squash,insecure) Only server address access is allowed root@server01:~# systemctl restart nfs-kernel-server.service root@server01:/# showmount -e localhost test local server #test Client (192 network segments) apt install nfs-comm showmount -e 172.16.100.201 root@kali:~# MKDIR / data01 / share - P create mount directory root@kali:~# mount -t nfs -o nolock 192.168.200.32:/data/share /data01/share / Mount mount.nfs: access denied by server while mounting 172.16.100.201:/data/share access was denied
4.DNS(bind)
install bind service;
establish the sdskills.cn domain and establish positive / negative domain name resolution for all hosts or servers except the Internet region.
in case of domain names that cannot be resolved, apply to skills.cn for higher-level resolution.
root@server01:/# apt install bind9 root@server01:/data/share/htdocs/skills# vim /etc/bind/named.conf.local zone "." IN { type master ; file "/etc/bind/chinaskills"; }; zone "sdskills.cn" IN { type slave; masters { Main service address; }; file "/etc/bind/slave"; }; zone "100.16.172.in-addr.arpa" { type master; file "/etc/bind/db.172.16.100"; }; zone "100.10.10.in-addr.arpa" { type master; file "/etc/bind/db.10.10.100"; }; #Reverse dns ~ vim /etc/bind/chinaskills $TTL 1D @ IN SOA ns.domain.com. hostmaster.domain.com. ( 0 ; Serial 1D ; Refresh 1H ; Retry 1W ; Expire 3H ) ; Negative Cache TTL IN NS localhost. * IN A 192.168.200.32 #All unknown domain names resolve the cost machine address. Remember to change the nameserver to the cost machine vim /etc/bind/slave $TTL 1D @ IN SOA ns.domain.com. hostmaster.domain.com. ( 0 ; Serial 1D ; Refresh 1H ; Retry 1W ; Expire 3H ) ; Negative Cache TTL IN NS server02.sdskills.cn. server02 IN A 192.168.100.253 www IN A 192.168.200.253(Server address) ~
5.Webserver(apache)
install apache services;
root@server01:~# apt install apache2
provided by Server01 www.sdskills.cn
skills portal;
use apache services;
web page files are placed in / data/share/htdocs/skills;
root@server01:~# vim /etc/apache2/sites-enabled/000-default.conf DocumentRoot /data/share/htdocs/skills mkdir /data/share/htdocs/skills -p
the service runs as a user webuser;
vim /etc/apache2/apache2.conf User webuser root@server01:~# useradd webuser
the content of the home page is "This is the front page of sdskills's website";
/ htdocs/skills/staff.html is "Staff Information";
this page can only be accessed after the employee's account authentication;
employee accounts are stored in ldap, and the accounts are zsuser and lsus
root@server01:~# touch /data/share/htdocs/skills/index.html root@server01:~# vim /etc/apache2/apache2.conf <Directory /data/share/htdocs/skills> Options Indexes FollowSymLinks AllowOverride all Require all granted </Directory> root@server01:~# echo "This is the front page of sdskills's website." >/data/share/htdocs/skills/index.html root@server01:~# touch /data/share/htdocs/skills/staff.html root@server01:~# vim /etc/apache2/apache2.conf <Directory /data/share/htdocs/skills/staff.html> AuthType Basic AuthName "Password" AuthUserFile /etc/apache2/1dap require valid-user </Directory> root@server01:~# touch /etc/apache2/1dap root@server01:~#htpasswd -c /etc/apache2/1dap zsuser root@server01:~#htpasswd -c /etc/apache2/1dap lsus
the website uses https protocol;
SSL uses the certificate issued by RServer and is issued to:
C = CN
ST = China
L = ShangDong
O = skills
OU = Operations Departments
CN = *.skills.cn
CA certificate path of Sever01: / CA/cacert.pem
issue digital certificate by:
C = CN;
O = Inc
OU = www.shills.cn
CN = shill Global Root CA
when the client accesses https, there should be no browser (including terminal) security warning information;
automatically jump to https secure connection when users use http access;
when users use sdskills.cn or any.sdskills.cn (any represents any website prefix), they will automatically jump to www.sdskills.cn.
There will be another issue here in the future
6.SSH
install SSH
only client clients are allowed to access ssh, and requests from other hosts should be rejected;
the configured client can only log in without secret key in the chinakill 20 user environment. The port number is 1122 and has root control authority.
I've written this in the previous chapter, but I won't write it
7.DBMS(MariaDB)
complete the installation of MariaDB database on Server01, and add the database root user with the password chinakill20!
root@debian:~# apt install mariadb-server root@debian:~# apt install apache2 root@debian:~# apt install php libapache2-mod-php php-mysql root@debian:~# apt install php-bz2 php-curl php-gd php-tcpdf php-zip root@debian:~# cp phpMyAdmin-5.0.4-all-languages /var/www/html/phpadmin root@debian:~# mysqladmin -u root -p password chinaskills root@debian:~# mysql_secure_installation
install the MariaDB database server component;
MariaDB database administrator information: user: root / password: chinakill20!;
install the MariaDB WEB management panel "phpMyAdmin" and publish it through apache
install phpMyAdmin, the web management panel component of MariaDB;
install apache and configure the php environment for publishing phpMyAdmin**