# openssl x509 -in a.cer -out 123.pem -pubkey --從證書中導出公鑰。 47.創建軟陣列:mdadm --create /dev/md0 --level=1 --raid-devices=2 /dev/hd[ac]1,創建軟陣列設備/dev/md0,raid 1,由兩個物理設備/dev/hda1和/dev/hdc1組成鏡像,即向設備/dev/md0寫數據時相當於同時向兩個物理設備寫,兩個物理設備實際上是互為鏡像。 實驗: # dd if=/dev/zero of=dev1 bs=1024 count=5000 # dd if=/dev/zero of=dev2 bs=1024 count=5000 # losetup /dev/loop1 dev1 # loserup /dev/loop2 dev2 # mdadm --create /dev/md0 --level=1 --raid-devices=2 dev{1,2} # mkfs.ext2 /dev/md0 # mount /dev/md0 /mnt # cd /mnt; ls -la / > abc # umount /mnt # mdadm --stop /dev/md0 # mount /dev/loop1 /mnt --進入目錄/mnt,發現文件abc。 # umount /mnt; mount /dev/loop2 /mnt --進入目錄/mnt,也發現文件abc。 即軟raid1陣列可以合起來用,也可以分開來用。 48.不啟動機器上的postfix,直接使用nail命令通過其他郵件系統發送郵件: # set smtp=172.24.1.82 或: # vim ~/.mailrc set smtp=smtp.huawei.com set smtp-auth=login set smtp-auth-user=w56869 set smtp-auth-password=I#wanna#fly set folder=imap://w56869@webmail.huawei.com set password-accountname@webmail.huawei.com=I#wanna#fly # nail -s hellp LuckyJack@huawei.com I am a playboy, how are you? . 注意如果直接在公司內部向內部員工的郵箱發送郵件,那麼上面的配置文件中只要保留第一行就可以了。 49.測試伺服器的證書:openssl s_client -connect myserver.com:636 -showcerts -state -CAfile /var/cacert/cacert.pem 50.掃描另外一台機器上的全部監聽埠:nmap -P0 10.75.47.5 51.禁用和激活網卡:ifdown eth1, ifup eth1 52.建立NAT: /sbin/iptables -A INPUT -i 「eth1」 -j ACCEPT echo 「1」>/proc/sys/net/ipv4/ip_forward /sbin/iptables -t nat -A POSTROUTING -s 「192.168.1.0/24」 -o 「eth0」 -j MASQUERADE ---注意:eth0對外網卡,eth1是內部網卡,內部網段192.168.1.0/24。 53、#iptables ?A FORWARD ?s 192.168.1.23 ?m mac ?mac-source 00:e0:4c:3d:5e:4f ?j ACCEPT 上例表明源IP地址為192.168.1.23,源MAC地址為00:e0:4c:3d:5e:4f的計算機能夠通過防火牆,如果這個用戶將自己的IP地址改成了192.168.1.24,而該地址同樣也做了MAC地址的match,那麼要想通過更改IP地址而獲取上網許可權的企圖是徒勞的。 說明:可以通過iptables實現IP地址與MAC地址綁定的功能,但還有一種更加高效的方法,我們在這裡簡要的說明一下,在/etc/目錄下編輯文件ethers,在文件中添加如下內容: 192.168.1.1 00:e0:4c:3d:5e:4f 192.168.1.1 00:e0:4c:3d:5b:3d ……. 文件編輯完成後執行命令: #/sbin/arp ?f 54.製作啟動cd:
It is possible to create a bootable CD-ROM containing the Linux start-up files if your system has an installed CD writer. It is easiest to create a bootable CD with the ISOLINUX boot manager. The SUSE installation CDs are also made bootable with isolinux. 1.Boot the installed system first using the following alternate procedure: Boot from the installation CD or DVD as for installation. Choose the preselected option 『Installation』 during the boot sequence. Choose the language and keyboard map next. In the following menu, choose 『Boot installed system』. The root partition is automatically detected and the system is booted from it. 2.Install syslinux with YaST. 3.Open a root shell. The following commands create a temporary directory and copy the files required for the booting of the Linux system (the isolinux boot loader as well as the kernel and the initrd) into it: 4.mkdir /tmp/CDroot 5.cp /usr/share/syslinux/isolinux.bin /tmp/CDroot/ 6.cp /boot/vmlinuz /tmp/CDroot/linux 7.cp /boot/initrd /tmp/CDroot 8.Create the boot loader configuration file /tmp/CDroot/isolinux.cfg with your preferred editor. Enter the following content: 9.DEFAULT linux 10.LABEL linux 11. KERNEL linux 12. APPEND initrd=initrd root=/dev/hdXY [boot parameter] Enter your root partition for the parameter root=/dev/hdXY. It is listed in the file /etc/fstab. Enter additional options for the setting [boot parameter], which should be used during booting. The configuration files could look like this: DEFAULT linux LABEL linux KERNEL linux APPEND initrd=initrd root=/dev/hda7 hdd=ide-scsi 13.The following command (entered at a command prompt) then creates an ISO-9660 file system for the CD. 14.mkisofs -o /tmp/bootcd.iso -b isolinux.bin -c boot.cat 15. -no-emul-boot -boot-load-size 4 16. -boot-info-table /tmp/CDroot The complete command must be entered as one line. 17.The file /tmp/bootcd.iso can be written to CD after that with graphical CD writing applications, like K3b, or at a command prompt with cdrecord -v speed=2 dev=0,0,0 /tmp/bootcd.iso -eject. Change the parameter dev=0,0,0 according to the SCSI ID of the writer. Determine it with the command cdrecord -scanbus. Also refer to the man page cdrecord. 18.Test the boot CD. Reboot the computer to verify whether the Linux system starts correctly from the CD.