Différences
Ci-dessous, les différences entre deux révisions de la page.
| Prochaine révision | Révision précédente | ||
| elearning:workbooks:centos:8:avance:l103 [2021/06/02 15:34] – created admin | elearning:workbooks:centos:8:avance:l103 [2022/03/09 18:44] (Version actuelle) – admin | ||
|---|---|---|---|
| Ligne 1: | Ligne 1: | ||
| ~~PDF: | ~~PDF: | ||
| + | |||
| + | Version : **2022.01** | ||
| Dernière mise-à-jour : ~~LASTMOD~~ | Dernière mise-à-jour : ~~LASTMOD~~ | ||
| - | ======LCF303 | + | ======LCF603 |
| =====Contenu du Module===== | =====Contenu du Module===== | ||
| - | * **LCF303 | + | * **LCF603 |
| * Contenu du Module | * Contenu du Module | ||
| - | * Rôle du noyau | + | * Présentation |
| - | * Compilation et installation | + | * La Commande nmcli |
| - | * Déplacer /home | + | * LAB #1 - Configuration |
| - | * Créer | + | * 1.1 - Connections |
| - | * Préparer l' | + | * 1.2 - Résolution des Noms |
| - | * Paramétrage du noyau | + | * 1.3 - Ajouter une Deuxième Adresse IP à un Profil |
| - | * Compiler le Noyau | + | * 1.4 - La Commande hostname |
| - | * Installer | + | * 1.5 - La Commande ip |
| - | * Gestion des Quotas | + | * 1.6 - Activer/ |
| - | * La Commande quotacheck | + | * 1.7 - Routage Statique |
| - | * La Commande edquota | + | * La commande ip |
| - | * La Commande quotaon | + | * Activer/ |
| - | * La Commande repquota | + | * LAB #2 - Diagnostique du Réseau |
| - | * La Commande quota | + | * 2.1 - ping |
| - | * La Commande warnquota | + | * 2.2 - netstat -i |
| + | * 2.3 - traceroute | ||
| + | * LAB #3 - Connexions à Distance | ||
| + | * 3.1 - Telnet | ||
| + | * 3.2 - wget | ||
| + | * 3.3 - ftp | ||
| + | * 3.4 - SSH | ||
| + | * Présentation | ||
| + | * SSH-1 | ||
| + | * SSH-2 | ||
| + | * Authentification par mot de passe | ||
| + | * Authentification par clef asymétrique | ||
| + | * Configuration du Serveur | ||
| + | * Configuration du Client | ||
| + | * Tunnels SSH | ||
| + | * 3.5 - SCP | ||
| + | * Présentation | ||
| + | * Utilisation | ||
| + | * 3.6 - Mise en Place des Clefs Asymétriques | ||
| - | =====Rôle du noyau===== | + | =====Présentation===== |
| - | Le noyau ou //kernel// est la partie du système d' | + | RHEL/CentOS 8 utilise **Network Manager** pour gérer le réseau. Network Manager |
| - | * la diminution de la taille du noyau, | + | * un service qui gère les connexions réseaux et rapporte leurs états, |
| - | * la prise en charge | + | * des front-ends qui passent par un API de configuration |
| - | * l' | + | |
| - | * l' | + | |
| - | * la correction de bogues, | + | |
| - | * le besoin d'une fonctionnalité expérimentale. | + | |
| - | Commencez | + | <WRAP center round important 60%> |
| + | **Important** : Notez qu' | ||
| + | </ | ||
| + | |||
| + | Le service NetworkManager doit toujours être lancé | ||
| < | < | ||
| - | [root@centos7 | + | [root@centos8 |
| - | 3.10.0-327.13.1.el7.x86_64 | + | ● NetworkManager.service |
| + | Loaded: loaded (/ | ||
| + | | ||
| + | Docs: man: | ||
| + | Main PID: 1002 (NetworkManager) | ||
| + | Tasks: 3 (limit: 23535) | ||
| + | | ||
| + | | ||
| + | | ||
| + | |||
| + | Warning: Journal has been rotated since unit was started. Log output is incomplete or> | ||
| + | lines 1-11/11 (END) | ||
| + | [^q] | ||
| </ | </ | ||
| - | Dans le cas d'une utilisation courante de Linux, il est cependant préférable de faire appel aux **modules**. Les modules se trouvent dans le répertoire **/ | + | ===La Commande nmcli=== |
| + | |||
| + | La commande | ||
| + | |||
| + | Les options et les sous-commandes peuvent être consultées en utilisant les commandes suivantes | ||
| < | < | ||
| - | [root@centos7 | + | [root@centos8 |
| - | build | + | Usage: nmcli [OPTIONS] OBJECT { COMMAND | help } |
| - | extra | + | |
| - | kernel | + | OPTIONS |
| + | | ||
| + | -c, --colors auto|yes|no | ||
| + | -e, --escape yes|no | ||
| + | -f, --fields <field,...> | ||
| + | -g, --get-values <field,...> | ||
| + | | ||
| + | -m, --mode tabular|multiline | ||
| + | -o, --overview | ||
| + | -p, --pretty | ||
| + | -s, --show-secrets | ||
| + | -t, --terse | ||
| + | -v, --version | ||
| + | -w, --wait < | ||
| + | |||
| + | OBJECT | ||
| + | g[eneral] | ||
| + | n[etworking] | ||
| + | | ||
| + | c[onnection] | ||
| + | d[evice] | ||
| + | a[gent] | ||
| + | m[onitor] | ||
| </ | </ | ||
| - | Les commandes pour manipuler les modules sont : | + | =====LAB #1 - Configuration du Réseau===== |
| - | * insmod | + | ====1.1 - Connections et Profils==== |
| - | * rmmod | + | |
| - | * lsmod | + | |
| - | * modprobe | + | |
| - | Par exemple | + | NetworkManager inclus la notion de **connections** ou **profils** permettant des configurations différentes en fonction de la localisation. Pour voir les connections actuelles, utilisez la commande **nmcli c** avec la sous-commande **show** |
| < | < | ||
| - | [root@centos7 | + | [root@centos8 |
| - | Module | + | NAME UUID TYPE DEVICE |
| - | ip6t_rpfilter | + | ens18 |
| - | ip6t_REJECT | + | virbr0 |
| - | ipt_REJECT | + | |
| - | xt_conntrack | + | |
| - | ebtable_nat | + | |
| - | ebtable_broute | + | |
| - | bridge | + | |
| - | stp 12976 1 bridge | + | |
| - | llc 14552 2 stp, | + | |
| - | ebtable_filter | + | |
| - | ebtables | + | |
| - | ip6table_nat | + | |
| - | nf_conntrack_ipv6 | + | |
| - | nf_defrag_ipv6 | + | |
| - | nf_nat_ipv6 | + | |
| - | ip6table_mangle | + | |
| - | ip6table_security | + | |
| - | ip6table_raw | + | |
| - | ip6table_filter | + | |
| - | ip6_tables | + | |
| - | iptable_nat | + | |
| - | nf_conntrack_ipv4 | + | |
| - | nf_defrag_ipv4 | + | |
| - | nf_nat_ipv4 | + | |
| - | nf_nat | + | |
| - | nf_conntrack | + | |
| - | iptable_mangle | + | |
| - | iptable_security | + | |
| - | iptable_raw | + | |
| - | iptable_filter | + | |
| - | dm_mirror | + | |
| - | dm_region_hash | + | |
| - | dm_log | + | |
| - | dm_mod | + | |
| - | crc32_pclmul | + | |
| - | ghash_clmulni_intel | + | |
| - | aesni_intel | + | |
| - | lrw 13286 1 aesni_intel | + | |
| - | gf128mul | + | |
| - | glue_helper | + | |
| - | snd_intel8x0 | + | |
| - | ablk_helper | + | |
| - | cryptd | + | |
| - | snd_ac97_codec | + | |
| - | ac97_bus | + | |
| - | ppdev 17671 0 | + | |
| - | snd_seq | + | |
| - | snd_seq_device | + | |
| - | snd_pcm | + | |
| - | pcspkr | + | |
| - | sg | + | |
| - | parport_pc | + | |
| - | parport | + | |
| - | snd_timer | + | |
| - | snd 83425 8 snd_ac97_codec, | + | |
| - | soundcore | + | |
| - | i2c_piix4 | + | |
| - | video 24400 0 | + | |
| - | i2c_core | + | |
| - | nfsd 302418 | + | |
| - | auth_rpcgss | + | |
| - | nfs_acl | + | |
| - | lockd 93600 1 nfsd | + | |
| - | grace 13295 2 nfsd, | + | |
| - | sunrpc | + | |
| - | ip_tables | + | |
| - | xfs | + | |
| - | libcrc32c | + | |
| - | sd_mod | + | |
| - | crc_t10dif | + | |
| - | crct10dif_generic | + | |
| - | sr_mod | + | |
| - | cdrom 42556 1 sr_mod | + | |
| - | ata_generic | + | |
| - | pata_acpi | + | |
| - | ahci | + | |
| - | libahci | + | |
| - | ata_piix | + | |
| - | crct10dif_pclmul | + | |
| - | crct10dif_common | + | |
| - | crc32c_intel | + | |
| - | serio_raw | + | |
| - | libata | + | |
| - | e1000 | + | |
| </ | </ | ||
| - | Pour ajouter | + | Créez donc un profil IP fixe rattaché au périphérique |
| < | < | ||
| - | [root@centos7 | + | [root@centos8 |
| - | [root@centos7 ~]# lsmod | more | + | Connection ' |
| - | Module | + | |
| - | bonding | + | |
| - | ip6t_rpfilter | + | |
| - | ip6t_REJECT | + | |
| - | ipt_REJECT | + | |
| - | xt_conntrack | + | |
| - | ebtable_nat | + | |
| - | ebtable_broute | + | |
| - | bridge | + | |
| - | stp 12976 1 bridge | + | |
| - | llc 14552 | + | |
| - | ebtable_filter | + | |
| - | ebtables | + | |
| - | ip6table_nat | + | |
| - | nf_conntrack_ipv6 | + | |
| - | nf_defrag_ipv6 | + | |
| - | nf_nat_ipv6 | + | |
| - | ip6table_mangle | + | |
| - | ip6table_security | + | |
| - | ip6table_raw | + | |
| - | ip6table_filter | + | |
| - | ip6_tables | + | |
| - | y, | + | |
| - | --More-- | + | |
| </ | </ | ||
| - | Pour supprimer un module, on peut utiliser la commande **rmmod** ou **modprobe -r**. Cette dernière essaie de supprimer les dépendances non-utilisées | + | Constatez sa présence |
| < | < | ||
| - | [root@centos7 | + | [root@centos8 |
| - | [root@centos7 ~]# lsmod | more | + | NAME |
| - | Module | + | ens18 fc4a4d23-b15e-47a7-bcfa-b2e08f49553e |
| - | ip6t_rpfilter | + | virbr0 |
| - | ip6t_REJECT | + | ip_fixe |
| - | ipt_REJECT | + | |
| - | xt_conntrack | + | |
| - | ebtable_nat | + | |
| - | ebtable_broute | + | |
| - | bridge | + | |
| - | stp 12976 1 bridge | + | |
| - | llc 14552 2 stp, | + | |
| - | ebtable_filter | + | |
| - | ebtables | + | |
| - | ip6table_nat | + | |
| - | nf_conntrack_ipv6 | + | |
| - | nf_defrag_ipv6 | + | |
| - | nf_nat_ipv6 | + | |
| - | ip6table_mangle | + | |
| - | ip6table_security | + | |
| - | ip6table_raw | + | |
| - | ip6table_filter | + | |
| - | ip6_tables | + | |
| - | y, | + | |
| - | iptable_nat | + | |
| - | --More-- | + | |
| </ | </ | ||
| - | Les dépendances des modules sont résolues par la commande | + | Notez que la sortie n' |
| < | < | ||
| - | [root@centos7 | + | [root@centos8 |
| - | kernel/ | + | GENERAL.DEVICE: |
| - | kernel/ | + | GENERAL.TYPE: ethernet |
| - | kernel/ | + | GENERAL.HWADDR: 4E: |
| - | kernel/ | + | GENERAL.MTU: 1500 |
| - | kernel/ | + | GENERAL.STATE: 100 (connected) |
| - | kernel/ | + | GENERAL.CONNECTION: ens18 |
| - | kernel/arch/x86/ | + | GENERAL.CON-PATH: |
| - | kernel/ | + | WIRED-PROPERTIES.CARRIER: on |
| - | to/lrw.ko kernel/ | + | IP4.ADDRESS[1]: 10.0.2.45/24 |
| - | kernel/ | + | IP4.GATEWAY: |
| - | kernel/ | + | IP4.ROUTE[1]: dst = 10.0.2.0/24, nh = 0.0.0.0, mt = 100 |
| - | el/ | + | IP4.ROUTE[2]: dst = 0.0.0.0/0, nh = 10.0.2.1, mt = 100 |
| - | kernel/ | + | IP4.DNS[1]: 8.8.8.8 |
| - | helper.ko kernel/ | + | IP6.ADDRESS[1]: fe80:: |
| - | kernel/ | + | IP6.GATEWAY: -- |
| - | kernel/ | + | IP6.ROUTE[1]: |
| - | kernel/ | + | IP6.ROUTE[2]: |
| - | kernel/ | + | |
| - | kernel/ | + | |
| - | kernel/ | + | |
| - | kernel/ | + | |
| - | f128mul.ko kernel/arch/ | + | |
| - | kernel/ | + | |
| - | --More--(0%) | + | |
| - | </ | + | |
| - | Il est possible d' | + | GENERAL.DEVICE: virbr0 |
| + | GENERAL.TYPE: | ||
| + | GENERAL.HWADDR: | ||
| + | GENERAL.MTU: | ||
| + | GENERAL.STATE: | ||
| + | GENERAL.CONNECTION: | ||
| + | GENERAL.CON-PATH: | ||
| + | IP4.ADDRESS[1]: | ||
| + | IP4.GATEWAY: | ||
| + | IP4.ROUTE[1]: | ||
| + | IP6.GATEWAY: | ||
| - | < | + | GENERAL.DEVICE: lo |
| - | [root@centos7 ~]# modinfo bonding | + | GENERAL.TYPE: loopback |
| - | filename: / | + | GENERAL.HWADDR: 00:00:00:00:00:00 |
| - | author: | + | GENERAL.MTU: 65536 |
| - | description: | + | GENERAL.STATE: |
| - | version: | + | GENERAL.CONNECTION: -- |
| - | license: GPL | + | GENERAL.CON-PATH: -- |
| - | alias: | + | IP4.ADDRESS[1]: 127.0.0.1/8 |
| - | rhelversion: 7.2 | + | IP4.GATEWAY: -- |
| - | srcversion: 49765A3F5CDFF2C3DCFD8E6 | + | IP6.ADDRESS[1]: |
| - | depends: | + | IP6.GATEWAY: -- |
| - | intree: Y | + | IP6.ROUTE[1]: dst = ::1/128, nh = ::, mt = 256 |
| - | vermagic: | + | |
| - | signer: CentOS Linux kernel signing key | + | GENERAL.DEVICE: virbr0-nic |
| - | sig_key: | + | GENERAL.TYPE: tun |
| - | sig_hashalgo: | + | GENERAL.HWADDR: 52:54:00:79:02:66 |
| - | parm: | + | GENERAL.MTU: 1500 |
| - | parm: tx_queues: | + | GENERAL.STATE: |
| - | parm: num_grat_arp: | + | GENERAL.CONNECTION: -- |
| - | parm: num_unsol_na: | + | GENERAL.CON-PATH: -- |
| - | parm: miimon:Link check interval in milliseconds (int) | + | lines 28-50/50 (END) |
| - | parm: updelay:Delay before considering link up, in milliseconds (int) | + | [q] |
| - | parm: downdelay: | + | |
| - | parm: | + | |
| - | parm: mode:Mode of operation; 0 for balance-rr, 1 for active-backup, 2 for balance-xor, | + | |
| - | parm: primary:Primary network device to use (charp) | + | |
| - | parm: primary_reselect: | + | |
| - | parm: lacp_rate:LACPDU tx rate to request from 802.3ad partner; 0 for slow, 1 for fast (charp) | + | |
| - | parm: ad_select:803.ad aggregation selection logic; 0 for stable (default), 1 for bandwidth, 2 for count (charp) | + | |
| - | parm: min_links:Minimum number of available links before turning on carrier (int) | + | |
| - | parm: xmit_hash_policy:balance-xor and 802.3ad hashing method; 0 for layer 2 (default), 1 for layer 3+4, 2 for layer 2+3, 3 for encap layer 2+3, 4 for encap layer 3+4 (charp) | + | |
| - | parm: arp_interval:arp interval in milliseconds (int) | + | |
| - | parm: | + | |
| - | parm: arp_validate: | + | |
| - | parm: arp_all_targets: | + | |
| - | parm: fail_over_mac: | + | |
| - | parm: | + | |
| - | parm: resend_igmp: | + | |
| - | parm: | + | |
| - | parm: | + | |
| </ | </ | ||
| - | Dernièrement, | + | Pour activer |
| < | < | ||
| - | [root@centos7 | + | [root@centos8 |
| - | mlx4.conf | + | |
| - | [root@centos7 ~]# cat / | ||
| - | # This file is intended for users to select the various module options | ||
| - | # they need for the mlx4 driver. | ||
| - | # any user made changes to this file are preserved. | ||
| - | # to the libmlx4.conf file in this directory are overwritten on | ||
| - | # pacakge upgrade. | ||
| - | # | ||
| - | # Some sample options and what they would do | ||
| - | # Enable debugging output, device managed flow control, and disable SRIOV | ||
| - | #options mlx4_core debug_level=1 log_num_mgm_entry_size=-1 probe_vf=0 num_vfs=0 | ||
| - | # | ||
| - | # Enable debugging output and create SRIOV devices, but don't attach any of | ||
| - | # the child devices to the host, only the parent device | ||
| - | #options mlx4_core debug_level=1 probe_vf=0 num_vfs=7 | ||
| - | # | ||
| - | # Enable debugging output, SRIOV, and attach one of the SRIOV child devices | ||
| - | # in addition to the parent device to the host | ||
| - | #options mlx4_core debug_level=1 probe_vf=1 num_vfs=7 | ||
| - | # | ||
| - | # Enable per priority flow control for send and receive, setting both priority | ||
| - | # 1 and 2 as no drop priorities | ||
| - | #options mlx4_en pfctx=3 pfcrx=3 | ||
| </ | </ | ||
| - | =====Compilation et installation | + | Notez que votre terminal est bloqué à cause du changement de l' |
| - | Commencez par installer les paquets necessaires : | + | <WRAP center round todo 60%> |
| + | **A faire** - Revenez à l' | ||
| + | </ | ||
| - | < | + | Le profil ip_fixe est maintenant activé tandis que le profil enp0s3 a été désactivé |
| - | [root@centos7 ~]# yum install qt3-devel libXi-devel gcc-c++ rpmdevtools ncurses-devel | + | |
| - | Loaded plugins: fastestmirror, | + | |
| - | Loading mirror speeds from cached hostfile | + | |
| - | * base: centos.mirrors.ovh.net | + | |
| - | * extras: centos.mirror.fr.planethoster.net | + | |
| - | * updates: mirror1.evolution-host.com | + | |
| - | Resolving Dependencies | + | |
| - | --> Running transaction check | + | |
| - | ---> Package gcc-c++.x86_64 0: | + | |
| - | --> Processing Dependency: libstdc++-devel = 4.8.5-4.el7 for package: gcc-c++-4.8.5-4.el7.x86_64 | + | |
| - | ---> Package libXi-devel.x86_64 0: | + | |
| - | --> Processing Dependency: xorg-x11-proto-devel for package: libXi-devel-1.7.4-2.el7.x86_64 | + | |
| - | --> Processing Dependency: pkgconfig(xfixes) for package: libXi-devel-1.7.4-2.el7.x86_64 | + | |
| - | --> Processing Dependency: pkgconfig(xext) for package: libXi-devel-1.7.4-2.el7.x86_64 | + | |
| - | --> Processing Dependency: pkgconfig(x11) for package: libXi-devel-1.7.4-2.el7.x86_64 | + | |
| - | --> Processing Dependency: pkgconfig(inputproto) for package: libXi-devel-1.7.4-2.el7.x86_64 | + | |
| - | ---> Package ncurses-devel.x86_64 0: | + | |
| - | ---> Package qt3-devel.x86_64 0: | + | |
| - | --> Processing Dependency: qt3 = 3.3.8b-51.el7 for package: qt3-devel-3.3.8b-51.el7.x86_64 | + | |
| - | --> Processing Dependency: mesa-libGLU-devel for package: qt3-devel-3.3.8b-51.el7.x86_64 | + | |
| - | --> Processing Dependency: mesa-libGL-devel for package: qt3-devel-3.3.8b-51.el7.x86_64 | + | |
| - | --> Processing Dependency: libpng-devel for package: qt3-devel-3.3.8b-51.el7.x86_64 | + | |
| - | --> Processing Dependency: libmng-devel for package: qt3-devel-3.3.8b-51.el7.x86_64 | + | |
| - | --> Processing Dependency: libjpeg-devel for package: qt3-devel-3.3.8b-51.el7.x86_64 | + | |
| - | --> Processing Dependency: libXt-devel for package: qt3-devel-3.3.8b-51.el7.x86_64 | + | |
| - | --> Processing Dependency: libXrender-devel for package: qt3-devel-3.3.8b-51.el7.x86_64 | + | |
| - | --> Processing Dependency: libXrandr-devel for package: qt3-devel-3.3.8b-51.el7.x86_64 | + | |
| - | --> Processing Dependency: libXinerama-devel for package: qt3-devel-3.3.8b-51.el7.x86_64 | + | |
| - | --> Processing Dependency: libXft-devel for package: qt3-devel-3.3.8b-51.el7.x86_64 | + | |
| - | --> Processing Dependency: libXcursor-devel for package: qt3-devel-3.3.8b-51.el7.x86_64 | + | |
| - | --> Processing Dependency: libSM-devel for package: qt3-devel-3.3.8b-51.el7.x86_64 | + | |
| - | --> Processing Dependency: libICE-devel for package: qt3-devel-3.3.8b-51.el7.x86_64 | + | |
| - | --> Processing Dependency: freetype-devel for package: qt3-devel-3.3.8b-51.el7.x86_64 | + | |
| - | --> Processing Dependency: fontconfig-devel for package: qt3-devel-3.3.8b-51.el7.x86_64 | + | |
| - | --> Processing Dependency: libqui.so.1()(64bit) for package: qt3-devel-3.3.8b-51.el7.x86_64 | + | |
| - | --> Processing Dependency: libqt-mt.so.3()(64bit) for package: qt3-devel-3.3.8b-51.el7.x86_64 | + | |
| - | --> Processing Dependency: libmng.so.1()(64bit) for package: qt3-devel-3.3.8b-51.el7.x86_64 | + | |
| - | ---> Package rpmdevtools.noarch 0:8.3-5.el7 will be installed | + | |
| - | --> Processing Dependency: rpm-build >= 4.4.2.3 for package: rpmdevtools-8.3-5.el7.noarch | + | |
| - | --> Running transaction check | + | |
| - | ---> Package fontconfig-devel.x86_64 0: | + | |
| - | --> Processing Dependency: pkgconfig(expat) for package: fontconfig-devel-2.10.95-7.el7.x86_64 | + | |
| - | ---> Package freetype-devel.x86_64 0: | + | |
| - | --> Processing Dependency: zlib-devel for package: freetype-devel-2.4.11-11.el7.x86_64 | + | |
| - | ---> Package libICE-devel.x86_64 0: | + | |
| - | ---> Package libSM-devel.x86_64 0: | + | |
| - | ---> Package libX11-devel.x86_64 0: | + | |
| - | --> Processing Dependency: pkgconfig(xcb) >= 1.1.92 for package: libX11-devel-1.6.3-2.el7.x86_64 | + | |
| - | --> Processing Dependency: pkgconfig(xcb) for package: libX11-devel-1.6.3-2.el7.x86_64 | + | |
| - | ---> Package libXcursor-devel.x86_64 0: | + | |
| - | ---> Package libXext-devel.x86_64 0: | + | |
| - | ---> Package libXfixes-devel.x86_64 0: | + | |
| - | ---> Package libXft-devel.x86_64 0: | + | |
| - | ---> Package libXinerama-devel.x86_64 0: | + | |
| - | ---> Package libXrandr-devel.x86_64 0: | + | |
| - | ---> Package libXrender-devel.x86_64 0: | + | |
| - | ---> Package libXt-devel.x86_64 0: | + | |
| - | ---> Package libjpeg-turbo-devel.x86_64 0: | + | |
| - | ---> Package libmng.x86_64 0: | + | |
| - | ---> Package libmng-devel.x86_64 0: | + | |
| - | ---> Package libpng-devel.x86_64 2: | + | |
| - | ---> Package libstdc++-devel.x86_64 0: | + | |
| - | ---> Package mesa-libGL-devel.x86_64 0: | + | |
| - | --> Processing Dependency: pkgconfig(xshmfence) >= 1.1 for package: mesa-libGL-devel-10.6.5-3.20150824.el7.x86_64 | + | |
| - | --> Processing Dependency: pkgconfig(libdrm) >= 2.4.38 for package: mesa-libGL-devel-10.6.5-3.20150824.el7.x86_64 | + | |
| - | --> Processing Dependency: pkgconfig(xxf86vm) for package: mesa-libGL-devel-10.6.5-3.20150824.el7.x86_64 | + | |
| - | --> Processing Dependency: pkgconfig(xdamage) for package: mesa-libGL-devel-10.6.5-3.20150824.el7.x86_64 | + | |
| - | --> Processing Dependency: gl-manpages for package: mesa-libGL-devel-10.6.5-3.20150824.el7.x86_64 | + | |
| - | ---> Package mesa-libGLU-devel.x86_64 0: | + | |
| - | ---> Package qt3.x86_64 0: | + | |
| - | ---> Package rpm-build.x86_64 0: | + | |
| - | --> Processing Dependency: system-rpm-config for package: rpm-build-4.11.3-17.el7.x86_64 | + | |
| - | --> Processing Dependency: perl(Thread:: | + | |
| - | ---> Package xorg-x11-proto-devel.noarch 0: | + | |
| - | --> Running transaction check | + | |
| - | ---> Package expat-devel.x86_64 0: | + | |
| - | ---> Package gl-manpages.noarch 0: | + | |
| - | ---> Package libXdamage-devel.x86_64 0: | + | |
| - | ---> Package libXxf86vm-devel.x86_64 0: | + | |
| - | ---> Package libdrm-devel.x86_64 0: | + | |
| - | ---> Package libxcb-devel.x86_64 0: | + | |
| - | --> Processing Dependency: pkgconfig(xau) >= 0.99.2 for package: libxcb-devel-1.11-4.el7.x86_64 | + | |
| - | ---> Package libxshmfence-devel.x86_64 0:1.2-1.el7 will be installed | + | |
| - | ---> Package perl-Thread-Queue.noarch 0: | + | |
| - | ---> Package redhat-rpm-config.noarch 0: | + | |
| - | --> Processing Dependency: dwz >= 0.4 for package: redhat-rpm-config-9.1.0-68.el7.centos.noarch | + | |
| - | --> Processing Dependency: perl-srpm-macros for package: redhat-rpm-config-9.1.0-68.el7.centos.noarch | + | |
| - | ---> Package zlib-devel.x86_64 0: | + | |
| - | --> Running transaction check | + | |
| - | ---> Package dwz.x86_64 0: | + | |
| - | ---> Package libXau-devel.x86_64 0: | + | |
| - | ---> Package perl-srpm-macros.noarch 0:1-8.el7 will be installed | + | |
| - | --> Finished Dependency Resolution | + | |
| - | Dependencies Resolved | + | < |
| + | [root@centos8 ~]# nmcli c show | ||
| + | NAME | ||
| + | ip_fixe | ||
| + | virbr0 | ||
| + | ens18 fc4a4d23-b15e-47a7-bcfa-b2e08f49553e | ||
| + | |||
| + | [root@centos8 ~]# nmcli d show | ||
| + | GENERAL.DEVICE: | ||
| + | GENERAL.TYPE: | ||
| + | GENERAL.HWADDR: | ||
| + | GENERAL.MTU: | ||
| + | GENERAL.STATE: | ||
| + | GENERAL.CONNECTION: | ||
| + | GENERAL.CON-PATH: | ||
| + | WIRED-PROPERTIES.CARRIER: | ||
| + | IP4.ADDRESS[1]: | ||
| + | IP4.GATEWAY: | ||
| + | IP4.ROUTE[1]: | ||
| + | IP4.ROUTE[2]: | ||
| + | IP6.ADDRESS[1]: | ||
| + | IP6.GATEWAY: | ||
| + | IP6.ROUTE[1]: | ||
| + | IP6.ROUTE[2]: | ||
| - | ======================================================================================================================================================================== | + | GENERAL.DEVICE: virbr0 |
| - | | + | GENERAL.TYPE: |
| - | ======================================================================================================================================================================== | + | GENERAL.HWADDR: |
| - | Installing: | + | GENERAL.MTU: 1500 |
| - | gcc-c++ | + | GENERAL.STATE: |
| - | libXi-devel | + | GENERAL.CONNECTION: |
| - | ncurses-devel | + | GENERAL.CON-PATH: / |
| - | qt3-devel | + | IP4.ADDRESS[1]: 192.168.122.1/24 |
| - | | + | IP4.GATEWAY: |
| - | Installing for dependencies: | + | IP4.ROUTE[1]: |
| - | | + | IP6.GATEWAY: |
| - | expat-devel | + | |
| - | fontconfig-devel | + | |
| - | freetype-devel | + | |
| - | | + | |
| - | | + | |
| - | libSM-devel | + | |
| - | | + | |
| - | libXau-devel | + | |
| - | | + | |
| - | | + | |
| - | | + | |
| - | | + | |
| - | | + | |
| - | | + | |
| - | | + | |
| - | | + | |
| - | | + | |
| - | | + | |
| - | | + | |
| - | | + | |
| - | | + | |
| - | | + | |
| - | | + | |
| - | | + | |
| - | | + | |
| - | | + | |
| - | | + | |
| - | | + | |
| - | | + | |
| - | | + | |
| - | | + | |
| - | | + | |
| - | rpm-build | + | |
| - | xorg-x11-proto-devel | + | |
| - | | + | |
| - | Transaction Summary | + | GENERAL.DEVICE: |
| - | ======================================================================================================================================================================== | + | GENERAL.TYPE: |
| - | Install | + | GENERAL.HWADDR: |
| + | GENERAL.MTU: | ||
| + | GENERAL.STATE: | ||
| + | GENERAL.CONNECTION: | ||
| + | GENERAL.CON-PATH: | ||
| + | IP4.ADDRESS[1]: | ||
| + | IP4.GATEWAY: | ||
| + | IP6.ADDRESS[1]: | ||
| + | IP6.GATEWAY: | ||
| + | IP6.ROUTE[1]: | ||
| - | Total download size: 27 M | + | GENERAL.DEVICE: virbr0-nic |
| - | Installed size: 90 M | + | GENERAL.TYPE: tun |
| - | Is this ok [y/d/N]: y | + | GENERAL.HWADDR: |
| + | GENERAL.MTU: | ||
| + | GENERAL.STATE: | ||
| + | GENERAL.CONNECTION: | ||
| + | GENERAL.CON-PATH: | ||
| + | lines 27-49/49 (END) | ||
| + | [q] | ||
| </ | </ | ||
| - | <WRAP center round alert> | + | Pour consulter les paramètres du profil **ens18**, utilisez la commande suivante : |
| - | Il n'est pas conseillé de compiler en tant que root pour des raisons de sécurité. | + | |
| - | </ | + | |
| - | ====Déplacer /home==== | + | < |
| + | [root@centos8 ~]# nmcli -p connection show ens18 | ||
| + | =============================================================================== | ||
| + | Connection profile details (ens18) | ||
| + | =============================================================================== | ||
| + | connection.id: | ||
| + | connection.uuid: | ||
| + | connection.stable-id: | ||
| + | connection.type: | ||
| + | connection.interface-name: | ||
| + | connection.autoconnect: | ||
| + | connection.autoconnect-priority: | ||
| + | connection.autoconnect-retries: | ||
| + | connection.multi-connect: | ||
| + | connection.auth-retries: | ||
| + | connection.timestamp: | ||
| + | connection.read-only: | ||
| + | connection.permissions: | ||
| + | connection.zone: | ||
| + | connection.master: | ||
| + | connection.slave-type: | ||
| + | connection.autoconnect-slaves: | ||
| + | connection.secondaries: | ||
| + | connection.gateway-ping-timeout: | ||
| + | connection.metered: | ||
| + | connection.lldp: | ||
| + | connection.mdns: | ||
| + | connection.llmnr: | ||
| + | connection.wait-device-timeout: | ||
| + | ------------------------------------------------------------------------------- | ||
| + | 802-3-ethernet.port: | ||
| + | 802-3-ethernet.speed: | ||
| + | 802-3-ethernet.duplex: | ||
| + | 802-3-ethernet.auto-negotiate: | ||
| + | 802-3-ethernet.mac-address: | ||
| + | 802-3-ethernet.cloned-mac-address: | ||
| + | 802-3-ethernet.generate-mac-address-mask: | ||
| + | 802-3-ethernet.mac-address-blacklist: | ||
| + | 802-3-ethernet.mtu: | ||
| + | 802-3-ethernet.s390-subchannels: | ||
| + | 802-3-ethernet.s390-nettype: | ||
| + | 802-3-ethernet.s390-options: | ||
| + | 802-3-ethernet.wake-on-lan: | ||
| + | 802-3-ethernet.wake-on-lan-password: | ||
| + | ------------------------------------------------------------------------------- | ||
| + | ipv4.method: | ||
| + | ipv4.dns: | ||
| + | ipv4.dns-search: | ||
| + | ipv4.dns-options: | ||
| + | ipv4.dns-priority: | ||
| + | ipv4.addresses: | ||
| + | ipv4.gateway: | ||
| + | ipv4.routes: | ||
| + | ipv4.route-metric: | ||
| + | ipv4.route-table: | ||
| + | ipv4.routing-rules: | ||
| + | ipv4.ignore-auto-routes: | ||
| + | ipv4.ignore-auto-dns: | ||
| + | ipv4.dhcp-client-id: | ||
| + | ipv4.dhcp-iaid: | ||
| + | ipv4.dhcp-timeout: | ||
| + | ipv4.dhcp-send-hostname: | ||
| + | ipv4.dhcp-hostname: | ||
| + | ipv4.dhcp-fqdn: | ||
| + | ipv4.dhcp-hostname-flags: | ||
| + | ipv4.never-default: | ||
| + | ipv4.may-fail: | ||
| + | ipv4.dad-timeout: | ||
| + | ipv4.dhcp-vendor-class-identifier: | ||
| + | ipv4.dhcp-reject-servers: | ||
| + | ------------------------------------------------------------------------------- | ||
| + | ipv6.method: | ||
| + | ipv6.dns: | ||
| + | ipv6.dns-search: | ||
| + | ipv6.dns-options: | ||
| + | ipv6.dns-priority: | ||
| + | ipv6.addresses: | ||
| + | ipv6.gateway: | ||
| + | ipv6.routes: | ||
| + | ipv6.route-metric: | ||
| + | ipv6.route-table: | ||
| + | ipv6.routing-rules: | ||
| + | ipv6.ignore-auto-routes: | ||
| + | ipv6.ignore-auto-dns: | ||
| + | ipv6.never-default: | ||
| + | ipv6.may-fail: | ||
| + | ipv6.ip6-privacy: | ||
| + | ipv6.addr-gen-mode: | ||
| + | ipv6.ra-timeout: | ||
| + | ipv6.dhcp-duid: | ||
| + | ipv6.dhcp-iaid: | ||
| + | ipv6.dhcp-timeout: | ||
| + | ipv6.dhcp-send-hostname: | ||
| + | ipv6.dhcp-hostname: | ||
| + | ipv6.dhcp-hostname-flags: | ||
| + | ipv6.token: | ||
| + | ------------------------------------------------------------------------------- | ||
| + | proxy.method: | ||
| + | proxy.browser-only: | ||
| + | proxy.pac-url: | ||
| + | proxy.pac-script: | ||
| + | ------------------------------------------------------------------------------- | ||
| + | lines 56-100/100 (END) | ||
| + | [q] | ||
| + | </ | ||
| - | <WRAP center round todo> | + | De même, pour consulter les paramètres du profil |
| - | Arrêtez votre machine virtuelle. Ajoutez un deuxième disque de 20 Go au contrôleur SATA en utilisant la section **Stockage** des paramètres | + | |
| - | </ | + | |
| - | Créez une seule partition sur **/dev/sdb** : | + | < |
| + | [root@centos8 ~]# nmcli -p connection show ip_fixe | ||
| + | =============================================================================== | ||
| + | | ||
| + | =============================================================================== | ||
| + | connection.id: | ||
| + | connection.uuid: | ||
| + | connection.stable-id: | ||
| + | connection.type: | ||
| + | connection.interface-name: | ||
| + | connection.autoconnect: | ||
| + | connection.autoconnect-priority: | ||
| + | connection.autoconnect-retries: | ||
| + | connection.multi-connect: | ||
| + | connection.auth-retries: | ||
| + | connection.timestamp: | ||
| + | connection.read-only: | ||
| + | connection.permissions: | ||
| + | connection.zone: | ||
| + | connection.master: | ||
| + | connection.slave-type: | ||
| + | connection.autoconnect-slaves: | ||
| + | connection.secondaries: | ||
| + | connection.gateway-ping-timeout: | ||
| + | connection.metered: | ||
| + | connection.lldp: | ||
| + | connection.mdns: | ||
| + | connection.llmnr: | ||
| + | connection.wait-device-timeout: | ||
| + | ------------------------------------------------------------------------------- | ||
| + | 802-3-ethernet.port: | ||
| + | 802-3-ethernet.speed: | ||
| + | 802-3-ethernet.duplex: | ||
| + | 802-3-ethernet.auto-negotiate: | ||
| + | 802-3-ethernet.mac-address: | ||
| + | 802-3-ethernet.cloned-mac-address: | ||
| + | 802-3-ethernet.generate-mac-address-mask: | ||
| + | 802-3-ethernet.mac-address-blacklist: | ||
| + | 802-3-ethernet.mtu: | ||
| + | 802-3-ethernet.s390-subchannels: | ||
| + | 802-3-ethernet.s390-nettype: | ||
| + | 802-3-ethernet.s390-options: | ||
| + | 802-3-ethernet.wake-on-lan: | ||
| + | 802-3-ethernet.wake-on-lan-password: | ||
| + | ------------------------------------------------------------------------------- | ||
| + | ipv4.method: | ||
| + | ipv4.dns: | ||
| + | ipv4.dns-search: | ||
| + | ipv4.dns-options: | ||
| + | ipv4.dns-priority: | ||
| + | ipv4.addresses: | ||
| + | ipv4.gateway: | ||
| + | ipv4.routes: | ||
| + | ipv4.route-metric: | ||
| + | ipv4.route-table: | ||
| + | ipv4.routing-rules: | ||
| + | ipv4.ignore-auto-routes: | ||
| + | ipv4.ignore-auto-dns: | ||
| + | ipv4.dhcp-client-id: | ||
| + | ipv4.dhcp-iaid: | ||
| + | ipv4.dhcp-timeout: | ||
| + | ipv4.dhcp-send-hostname: | ||
| + | ipv4.dhcp-hostname: | ||
| + | ipv4.dhcp-fqdn: | ||
| + | ipv4.dhcp-hostname-flags: | ||
| + | ipv4.never-default: | ||
| + | ipv4.may-fail: | ||
| + | ipv4.dad-timeout: | ||
| + | ipv4.dhcp-vendor-class-identifier: | ||
| + | ipv4.dhcp-reject-servers: | ||
| + | ------------------------------------------------------------------------------- | ||
| + | ipv6.method: | ||
| + | ipv6.dns: | ||
| + | ipv6.dns-search: | ||
| + | ipv6.dns-options: | ||
| + | ipv6.dns-priority: | ||
| + | ipv6.addresses: | ||
| + | ipv6.gateway: | ||
| + | ipv6.routes: | ||
| + | ipv6.route-metric: | ||
| + | ipv6.route-table: | ||
| + | ipv6.routing-rules: | ||
| + | ipv6.ignore-auto-routes: | ||
| + | ipv6.ignore-auto-dns: | ||
| + | ipv6.never-default: | ||
| + | ipv6.may-fail: | ||
| + | ipv6.ip6-privacy: | ||
| + | ipv6.addr-gen-mode: | ||
| + | ipv6.ra-timeout: | ||
| + | ipv6.dhcp-duid: | ||
| + | ipv6.dhcp-iaid: | ||
| + | ipv6.dhcp-timeout: | ||
| + | ipv6.dhcp-send-hostname: | ||
| + | ipv6.dhcp-hostname: | ||
| + | ipv6.dhcp-hostname-flags: | ||
| + | ipv6.token: | ||
| + | ------------------------------------------------------------------------------- | ||
| + | proxy.method: | ||
| + | proxy.browser-only: | ||
| + | proxy.pac-url: | ||
| + | proxy.pac-script: | ||
| + | ------------------------------------------------------------------------------- | ||
| + | =============================================================================== | ||
| + | Activate connection details (0f48c74d-5d16-4c37-8220-24644507b589) | ||
| + | =============================================================================== | ||
| + | GENERAL.NAME: | ||
| + | GENERAL.UUID: | ||
| + | GENERAL.DEVICES: | ||
| + | GENERAL.IP-IFACE: | ||
| + | GENERAL.STATE: | ||
| + | GENERAL.DEFAULT: | ||
| + | GENERAL.DEFAULT6: | ||
| + | GENERAL.SPEC-OBJECT: | ||
| + | GENERAL.VPN: | ||
| + | GENERAL.DBUS-PATH: | ||
| + | GENERAL.CON-PATH: | ||
| + | GENERAL.ZONE: | ||
| + | GENERAL.MASTER-PATH: | ||
| + | ------------------------------------------------------------------------------- | ||
| + | IP4.ADDRESS[1]: | ||
| + | IP4.GATEWAY: | ||
| + | IP4.ROUTE[1]: | ||
| + | IP4.ROUTE[2]: | ||
| + | ------------------------------------------------------------------------------- | ||
| + | IP6.ADDRESS[1]: | ||
| + | IP6.GATEWAY: | ||
| + | IP6.ROUTE[1]: | ||
| + | IP6.ROUTE[2]: | ||
| + | ------------------------------------------------------------------------------- | ||
| + | lines 83-127/127 (END) | ||
| + | [q] | ||
| + | </ | ||
| + | |||
| + | Pour consulter la liste profils associés à un périphérique, | ||
| < | < | ||
| - | [root@centos7 | + | [root@centos8 |
| - | Welcome to fdisk (util-linux 2.23.2). | + | CONNECTIONS.AVAILABLE-CONNECTION-PATHS: |
| + | CONNECTIONS.AVAILABLE-CONNECTIONS[1]: | ||
| + | CONNECTIONS.AVAILABLE-CONNECTIONS[2]: | ||
| + | </ | ||
| - | Changes will remain in memory only, until you decide to write them. | + | Les fichiers de configuration pour le periphérique **ens18** se trouvent dans le répertoire **/ |
| - | Be careful before using the write command. | + | |
| - | Device does not contain a recognized partition table | + | < |
| - | Building a new DOS disklabel with disk identifier 0x88708329. | + | [root@centos8 ~]# ls -l / |
| + | -rw-r--r--. 1 root root 417 Jun 16 06:39 ifcfg-ens18 | ||
| + | -rw-r--r--. 1 root root 326 Aug 29 03:58 ifcfg-ip_fixe | ||
| + | </ | ||
| - | Command (m for help): n | + | ====1.2 - Résolution des Noms==== |
| - | Partition type: | + | |
| - | | + | |
| - | | + | |
| - | Select (default p): p | + | |
| - | Partition number (1-4, default 1): | + | |
| - | First sector (2048-41943039, | + | |
| - | Using default value 2048 | + | |
| - | Last sector, +sectors or +size{K, | + | |
| - | Using default value 41943039 | + | |
| - | Partition 1 of type Linux and of size 20 GiB is set | + | |
| - | Command (m for help): w | + | L' |
| - | The partition table has been altered! | + | |
| - | Calling ioctl() to re-read partition table. | + | < |
| - | Syncing disks. | + | [root@centos8 ~]# cat / |
| + | TYPE=Ethernet | ||
| + | PROXY_METHOD=none | ||
| + | BROWSER_ONLY=no | ||
| + | BOOTPROTO=none | ||
| + | IPADDR=10.0.2.46 | ||
| + | PREFIX=24 | ||
| + | GATEWAY=10.0.2.1 | ||
| + | DEFROUTE=yes | ||
| + | IPV4_FAILURE_FATAL=no | ||
| + | IPV6INIT=yes | ||
| + | IPV6_AUTOCONF=yes | ||
| + | IPV6_DEFROUTE=yes | ||
| + | IPV6_FAILURE_FATAL=no | ||
| + | IPV6_ADDR_GEN_MODE=stable-privacy | ||
| + | NAME=ip_fixe | ||
| + | UUID=0f48c74d-5d16-4c37-8220-24644507b589 | ||
| + | DEVICE=ens18 | ||
| + | ONBOOT=yes | ||
| </ | </ | ||
| - | Créez maintenant un système de fichiers ext4 sur **/ | + | La résolution des noms est donc inactive |
| < | < | ||
| - | [root@centos7 | + | [root@centos8 |
| - | mke2fs 1.42.9 (28-Dec-2013) | + | ping: www.free.fr: Name or service not known |
| - | Filesystem label= | + | </ |
| - | OS type: Linux | + | |
| - | Block size=4096 (log=2) | + | |
| - | Fragment size=4096 (log=2) | + | |
| - | Stride=0 blocks, Stripe width=0 blocks | + | |
| - | 1310720 inodes, 5242624 blocks | + | |
| - | 262131 blocks (5.00%) reserved for the super user | + | |
| - | First data block=0 | + | |
| - | Maximum filesystem blocks=2153775104 | + | |
| - | 160 block groups | + | |
| - | 32768 blocks per group, 32768 fragments per group | + | |
| - | 8192 inodes per group | + | |
| - | Superblock backups stored on blocks: | + | |
| - | 32768, 98304, 163840, 229376, 294912, 819200, 884736, 1605632, 2654208, | + | |
| - | 4096000 | + | |
| - | Allocating group tables: done | + | Modifiez donc la configuration du profil **ip_fixe** |
| - | Writing inode tables: done | + | |
| - | Creating journal (32768 blocks): done | + | < |
| - | Writing superblocks and filesystem accounting information: | + | [root@centos8 ~]# nmcli connection mod ip_fixe ipv4.dns 8.8.8.8 |
| </ | </ | ||
| - | Montez | + | L' |
| < | < | ||
| - | [root@centos7 | + | [root@centos8 |
| + | TYPE=Ethernet | ||
| + | PROXY_METHOD=none | ||
| + | BROWSER_ONLY=no | ||
| + | BOOTPROTO=none | ||
| + | IPADDR=10.0.2.46 | ||
| + | PREFIX=24 | ||
| + | GATEWAY=10.0.2.1 | ||
| + | DEFROUTE=yes | ||
| + | IPV4_FAILURE_FATAL=no | ||
| + | IPV6INIT=yes | ||
| + | IPV6_AUTOCONF=yes | ||
| + | IPV6_DEFROUTE=yes | ||
| + | IPV6_FAILURE_FATAL=no | ||
| + | IPV6_ADDR_GEN_MODE=stable-privacy | ||
| + | NAME=ip_fixe | ||
| + | UUID=0f48c74d-5d16-4c37-8220-24644507b589 | ||
| + | DEVICE=ens18 | ||
| + | ONBOOT=yes | ||
| + | DNS1=8.8.8.8 | ||
| </ | </ | ||
| - | Copiez | + | Afin que la modification du serveur DNS soit prise en compte, re-démarrez |
| < | < | ||
| - | [root@centos7 | + | root@centos8 ~]# systemctl restart NetworkManager.service |
| + | [root@centos8 | ||
| + | ● NetworkManager.service | ||
| + | | ||
| + | | ||
| + | Docs: man: | ||
| + | Main PID: 973390 (NetworkManager) | ||
| + | Tasks: 4 (limit: 23535) | ||
| + | | ||
| + | | ||
| + | | ||
| + | |||
| + | Aug 29 04:15:12 centos8.ittraining.loc NetworkManager[973390]: | ||
| + | Aug 29 04:15:12 centos8.ittraining.loc NetworkManager[973390]: | ||
| + | Aug 29 04:15:12 centos8.ittraining.loc NetworkManager[973390]: | ||
| + | Aug 29 04:15:12 centos8.ittraining.loc NetworkManager[973390]: | ||
| + | Aug 29 04:15:12 centos8.ittraining.loc NetworkManager[973390]: | ||
| + | Aug 29 04:15:12 centos8.ittraining.loc NetworkManager[973390]: | ||
| + | Aug 29 04:15:12 centos8.ittraining.loc NetworkManager[973390]: | ||
| + | Aug 29 04:15:12 centos8.ittraining.loc NetworkManager[973390]: | ||
| + | Aug 29 04:15:12 centos8.ittraining.loc NetworkManager[973390]: | ||
| + | Aug 29 04:15:12 centos8.ittraining.loc NetworkManager[973390]: | ||
| + | lines 1-20/20 (END) | ||
| + | [q] | ||
| </ | </ | ||
| - | Démontez | + | Vérifiez que le fichier **/etc/resolv.conf** ait été modifié par NetworkManager |
| < | < | ||
| - | [root@centos7 | + | [root@centos8 |
| - | [root@centos7 ~]# mv /home /root | + | # Generated by NetworkManager |
| + | search ittraining.loc | ||
| + | nameserver 8.8.8.8 | ||
| </ | </ | ||
| - | Identifiez l'UUID de / | + | Dernièrement vérifiez la resolution des noms : |
| < | < | ||
| - | [root@centos7 | + | [root@centos8 |
| - | lrwxrwxrwx. 1 root root 10 9 août 06:47 a5e2457f-7337-41f4-b958-e403eb419f94 | + | PING www.free.fr (212.27.48.10) 56(84) bytes of data. |
| + | 64 bytes from www.free.fr (212.27.48.10): | ||
| + | 64 bytes from www.free.fr (212.27.48.10): icmp_seq=2 ttl=47 time=29.4 ms | ||
| + | 64 bytes from www.free.fr (212.27.48.10): | ||
| + | 64 bytes from www.free.fr (212.27.48.10): | ||
| + | ^C | ||
| + | --- www.free.fr ping statistics | ||
| + | 4 packets transmitted, | ||
| + | rtt min/ | ||
| </ | </ | ||
| - | Editez le fichier | + | <WRAP center round important 60%> |
| + | **Important** : Notez qu'il existe un front-end graphique en mode texte, **nmtui**, pour configurer NetworkManager. | ||
| + | </ | ||
| - | <file txt / | + | ====1.3 - Ajouter une Deuxième Adresse IP à un Profil==== |
| - | # | + | |
| - | # / | + | |
| - | # Created by anaconda on Sat Apr 30 11:27:02 2016 | + | |
| - | # | + | |
| - | # Accessible filesystems, | + | |
| - | # See man pages fstab(5), findfs(8), mount(8) and/or blkid(8) for more info | + | |
| - | # | + | |
| - | UUID=e65fe7da-cda8-4f5a-a827-1b5cabe94bed / | + | |
| - | UUID=2d947276-66e8-41f4-8475-b64b67d7a249 /boot | + | |
| - | UUID=3181601a-7295-4ef0-a92c-f21f76b18e64 swap swap defaults | + | |
| - | UUID=a5e2457f-7337-41f4-b958-e403eb419f94 / | + | |
| - | </file> | + | Pour ajouter une deuxième adresse IP à un profil sous RHEL/CentOS 8, il convient d' |
| - | Créez le point de montage | + | < |
| + | [root@centos8 ~]# nmcli connection mod ip_fixe +ipv4.addresses 192.168.1.2/24 | ||
| + | </ | ||
| + | |||
| + | Rechargez la configuration du profil | ||
| < | < | ||
| - | [root@centos7 | + | [root@centos8 |
| </ | </ | ||
| - | Montez / | + | Saisissez ensuite la commande suivante |
| < | < | ||
| - | [root@centos7 | + | [root@centos8 |
| - | [root@centos7 ~]# mount | + | connection.id: |
| - | sysfs on /sys type sysfs (rw, | + | connection.uuid: |
| - | proc on /proc type proc (rw, | + | connection.stable-id: |
| - | devtmpfs on /dev type devtmpfs | + | connection.type: 802-3-ethernet |
| - | securityfs on / | + | connection.interface-name: |
| - | tmpfs on / | + | connection.autoconnect: |
| - | devpts on /dev/pts type devpts | + | connection.autoconnect-priority: |
| - | tmpfs on /run type tmpfs (rw, | + | connection.autoconnect-retries: |
| - | tmpfs on / | + | connection.multi-connect: |
| - | cgroup | + | connection.auth-retries: |
| - | pstore on / | + | connection.timestamp: |
| - | cgroup on / | + | connection.read-only: |
| - | cgroup on / | + | connection.permissions: |
| - | cgroup on / | + | connection.zone: |
| - | cgroup on / | + | connection.master: |
| - | cgroup on / | + | connection.slave-type: -- |
| - | cgroup on / | + | connection.autoconnect-slaves: |
| - | cgroup on / | + | connection.secondaries: |
| - | cgroup on / | + | connection.gateway-ping-timeout: |
| - | cgroup on /sys/fs/cgroup/perf_event type cgroup (rw, | + | connection.metered: |
| - | configfs on /sys/ | + | connection.lldp: |
| - | /dev/sda2 on / type xfs (rw, | + | connection.mdns: |
| - | selinuxfs on /sys/fs/selinux type selinuxfs (rw, | + | connection.llmnr: |
| - | systemd-1 on /proc/sys/fs/ | + | connection.wait-device-timeout: |
| - | debugfs on /sys/ | + | 802-3-ethernet.port: |
| - | hugetlbfs on / | + | 802-3-ethernet.speed: |
| - | mqueue on /dev/mqueue type mqueue (rw, | + | 802-3-ethernet.duplex: |
| - | tmpfs on /tmp type tmpfs (rw, | + | 802-3-ethernet.auto-negotiate: |
| - | sunrpc on / | + | 802-3-ethernet.mac-address: |
| - | nfsd on /proc/ | + | 802-3-ethernet.cloned-mac-address: |
| - | /dev/sda1 on /boot type xfs (rw,relatime, | + | 802-3-ethernet.generate-mac-address-mask: |
| - | /dev/sdb1 on /home type ext4 (rw,relatime,seclabel,data=ordered) | + | 802-3-ethernet.mac-address-blacklist: |
| - | tmpfs on /run/ | + | 802-3-ethernet.mtu: |
| + | 802-3-ethernet.s390-subchannels: | ||
| + | 802-3-ethernet.s390-nettype: | ||
| + | 802-3-ethernet.s390-options: | ||
| + | 802-3-ethernet.wake-on-lan: | ||
| + | 802-3-ethernet.wake-on-lan-password: | ||
| + | ipv4.method: | ||
| + | ipv4.dns: | ||
| + | ipv4.dns-search: | ||
| + | ipv4.dns-options: | ||
| + | ipv4.dns-priority: | ||
| + | ipv4.addresses: | ||
| + | ipv4.gateway: | ||
| + | ipv4.routes: | ||
| + | ipv4.route-metric: | ||
| + | ipv4.route-table: | ||
| + | ipv4.routing-rules: | ||
| + | ipv4.ignore-auto-routes: | ||
| + | ipv4.ignore-auto-dns: | ||
| + | ipv4.dhcp-client-id: | ||
| + | ipv4.dhcp-iaid: | ||
| + | ipv4.dhcp-timeout: | ||
| + | ipv4.dhcp-send-hostname: | ||
| + | ipv4.dhcp-hostname: | ||
| + | ipv4.dhcp-fqdn: | ||
| + | ipv4.dhcp-hostname-flags: | ||
| + | ipv4.never-default: | ||
| + | ipv4.may-fail: | ||
| + | ipv4.dad-timeout: | ||
| + | ipv4.dhcp-vendor-class-identifier: | ||
| + | ipv4.dhcp-reject-servers: | ||
| + | ipv6.method: | ||
| + | ipv6.dns: | ||
| + | ipv6.dns-search: | ||
| + | ipv6.dns-options: | ||
| + | ipv6.dns-priority: | ||
| + | ipv6.addresses: | ||
| + | ipv6.gateway: | ||
| + | ipv6.routes: | ||
| + | ipv6.route-metric: | ||
| + | ipv6.route-table: | ||
| + | ipv6.routing-rules: | ||
| + | ipv6.ignore-auto-routes: | ||
| + | ipv6.ignore-auto-dns: | ||
| + | ipv6.never-default: | ||
| + | ipv6.may-fail: | ||
| + | ipv6.ip6-privacy: | ||
| + | ipv6.addr-gen-mode: | ||
| + | ipv6.ra-timeout: | ||
| + | ipv6.dhcp-duid: | ||
| + | ipv6.dhcp-iaid: | ||
| + | ipv6.dhcp-timeout: | ||
| + | ipv6.dhcp-send-hostname: | ||
| + | ipv6.dhcp-hostname: | ||
| + | ipv6.dhcp-hostname-flags: | ||
| + | ipv6.token: | ||
| + | proxy.method: | ||
| + | proxy.browser-only: | ||
| + | proxy.pac-url: | ||
| + | proxy.pac-script: | ||
| + | GENERAL.NAME: | ||
| + | GENERAL.UUID: | ||
| + | GENERAL.DEVICES: | ||
| + | GENERAL.IP-IFACE: | ||
| + | GENERAL.STATE: | ||
| + | GENERAL.DEFAULT: | ||
| + | GENERAL.DEFAULT6: | ||
| + | GENERAL.SPEC-OBJECT: | ||
| + | GENERAL.VPN: | ||
| + | GENERAL.DBUS-PATH: | ||
| + | GENERAL.CON-PATH: | ||
| + | GENERAL.ZONE: | ||
| + | GENERAL.MASTER-PATH: | ||
| + | IP4.ADDRESS[1]: | ||
| + | IP4.ADDRESS[2]: | ||
| + | IP4.GATEWAY: | ||
| + | IP4.ROUTE[1]: | ||
| + | IP4.ROUTE[2]: | ||
| + | IP4.ROUTE[3]: | ||
| + | IP4.DNS[1]: | ||
| + | IP6.ADDRESS[1]: | ||
| + | IP6.GATEWAY: | ||
| + | IP6.ROUTE[1]: | ||
| + | IP6.ROUTE[2]: | ||
| + | lines 72-116/116 (END) | ||
| + | [q] | ||
| </ | </ | ||
| - | Notez la taille | + | <WRAP center round important 60%> |
| + | **Important** : Notez l' | ||
| + | </ | ||
| + | |||
| + | Consultez maintenant le contenu du fichier **/ | ||
| < | < | ||
| - | [trainee@centos7 | + | [root@centos8 |
| - | Sys. de fichiers Taille Utilisé Dispo Uti% Monté sur | + | TYPE=Ethernet |
| - | /dev/sda2 9,8G 4,4G 5,5G 45% / | + | PROXY_METHOD=none |
| - | devtmpfs | + | BROWSER_ONLY=no |
| - | tmpfs 245M | + | BOOTPROTO=none |
| - | tmpfs 245M 4,7M 240M 2% /run | + | IPADDR=10.0.2.46 |
| - | tmpfs 245M | + | PREFIX=24 |
| - | tmpfs 245M | + | GATEWAY=10.0.2.1 |
| - | / | + | DEFROUTE=yes |
| - | / | + | IPV4_FAILURE_FATAL=no |
| - | tmpfs | + | IPV6INIT=yes |
| + | IPV6_AUTOCONF=yes | ||
| + | IPV6_DEFROUTE=yes | ||
| + | IPV6_FAILURE_FATAL=no | ||
| + | IPV6_ADDR_GEN_MODE=stable-privacy | ||
| + | NAME=ip_fixe | ||
| + | UUID=0f48c74d-5d16-4c37-8220-24644507b589 | ||
| + | DEVICE=ens18 | ||
| + | ONBOOT=yes | ||
| + | DNS1=8.8.8.8 | ||
| + | IPADDR1=192.168.1.2 | ||
| + | PREFIX1=24 | ||
| </ | </ | ||
| - | <WRAP center round todo> | + | <WRAP center round important 60%> |
| - | Fermez la session | + | **Important** : Notez l' |
| </ | </ | ||
| - | ====Créer un Nouveau Noyau==== | + | ====1.4 - La Commande hostname==== |
| - | Pour créer l' | + | La procédure |
| < | < | ||
| - | [trainee@centos7 | + | [root@centos8 |
| - | [trainee@centos7 ~]$ ls -laR rpmbuild/ | + | centos8.ittraining.loc |
| - | rpmbuild/: | + | |
| - | total 28 | + | |
| - | drwxrwxr-x. 7 trainee trainee 4096 9 août 06:56 . | + | |
| - | drwx------. 15 trainee trainee 4096 9 août 06:56 .. | + | |
| - | drwxrwxr-x. | + | |
| - | drwxrwxr-x. | + | |
| - | drwxrwxr-x. | + | |
| - | drwxrwxr-x. | + | |
| - | drwxrwxr-x. 2 trainee trainee 4096 9 août 06:56 SRPMS | + | |
| - | rpmbuild/ | + | [root@centos8 ~]# nmcli general hostname centos.ittraining.loc |
| - | total 8 | + | |
| - | drwxrwxr-x. 2 trainee trainee 4096 9 août 06:56 . | + | |
| - | drwxrwxr-x. 7 trainee trainee 4096 9 août 06:56 .. | + | |
| - | rpmbuild/RPMS: | + | [root@centos8 ~]# cat /etc/ |
| - | total 8 | + | centos.ittraining.loc |
| - | drwxrwxr-x. 2 trainee trainee 4096 9 août 06:56 . | + | |
| - | drwxrwxr-x. 7 trainee trainee 4096 9 août 06:56 .. | + | |
| - | rpmbuild/ | + | [root@centos8 ~]# hostname |
| - | total 8 | + | centos.ittraining.loc |
| - | drwxrwxr-x. 2 trainee trainee 4096 9 août 06:56 . | + | |
| - | drwxrwxr-x. 7 trainee trainee 4096 9 août 06:56 .. | + | |
| - | rpmbuild/ | + | [root@centos8 ~]# nmcli general hostname centos8.ittraining.loc |
| - | total 8 | + | |
| - | drwxrwxr-x. 2 trainee trainee 4096 9 août 06:56 . | + | |
| - | drwxrwxr-x. 7 trainee trainee 4096 9 août 06:56 .. | + | |
| - | rpmbuild/SRPMS: | + | [root@centos8 ~]# cat /etc/ |
| - | total 8 | + | centos8.ittraining.loc |
| - | drwxrwxr-x. 2 trainee trainee 4096 9 août 06:56 . | + | |
| - | drwxrwxr-x. 7 trainee trainee 4096 9 août 06:56 .. | + | [root@centos8 ~]# hostname |
| + | centos8.ittraining.loc | ||
| </ | </ | ||
| - | Téléchargez le rpm source du noyau : | + | ====1.5 - La Commande ip==== |
| + | |||
| + | Sous RHEL/CentOS 8 la commande **ip** est préférée par rapport à la commande ifconfig | ||
| < | < | ||
| - | [trainee@centos7 | + | [root@centos8 |
| - | Linux centos7.fenestros.loc 3.10.0-327.13.1.el7.x86_64 #1 SMP Thu Mar 31 16:04:38 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux | + | 1: lo: < |
| + | link/ | ||
| + | inet 127.0.0.1/8 scope host lo | ||
| + | | ||
| + | inet6 ::1/128 scope host | ||
| + | | ||
| + | 2: ens18: < | ||
| + | link/ether 4e: | ||
| + | inet 10.0.2.46/24 brd 10.0.2.255 scope global noprefixroute ens18 | ||
| + | | ||
| + | inet 192.168.1.2/24 brd 192.168.1.255 scope global noprefixroute ens18 | ||
| + | | ||
| + | inet6 fe80::5223: | ||
| + | | ||
| + | 3: virbr0: < | ||
| + | link/ether 52: | ||
| + | inet 192.168.122.1/ | ||
| + | | ||
| + | 4: virbr0-nic: < | ||
| + | link/ether 52: | ||
| + | </code> | ||
| - | [trainee@centos7 ~]$ wget http:// | + | ===Options |
| - | --2016-08-09 06: | + | |
| - | Résolution de vault.centos.org (vault.centos.org)... 88.208.217.170, | + | |
| - | Connexion vers vault.centos.org (vault.centos.org)|88.208.217.170|: | + | |
| - | requête HTTP transmise, en attente | + | |
| - | Longueur: 83047820 (79M) [application/ | + | |
| - | Sauvegarde en : «kernel-3.10.0-327.13.1.el7.src.rpm» | + | |
| - | 100%[==============================================================================================================================> | + | Les options de cette commande sont : |
| - | 2016-08-09 07:00:00 (471 KB/s) - «kernel-3.10.0-327.13.1.el7.src.rpm» sauvegardé | + | < |
| + | [root@centos8 ~]# ip --help | ||
| + | Usage: ip [ OPTIONS ] OBJECT { COMMAND | help } | ||
| + | ip [ -force ] -batch filename | ||
| + | where OBJECT | ||
| + | | ||
| + | netns | l2tp | fou | macsec | tcp_metrics | token | netconf | ila | | ||
| + | vrf | sr | nexthop | mptcp } | ||
| + | | ||
| + | -h[uman-readable] | -iec | -j[son] | -p[retty] | | ||
| + | -f[amily] { inet | inet6 | mpls | bridge | link } | | ||
| + | -4 | -6 | -I | -D | -M | -B | -0 | | ||
| + | -l[oops] { maximum-addr-flush-attempts } | -br[ief] | | ||
| + | -o[neline] | -t[imestamp] | -ts[hort] | -b[atch] [filename] | | ||
| + | -rc[vbuf] [size] | -n[etns] name | -N[umeric] | -a[ll] | | ||
| + | | ||
| </ | </ | ||
| - | Installez maintenant les dépendances | + | ====1.6 - Activer/ |
| + | |||
| + | Deux commandes existent | ||
| < | < | ||
| - | [trainee@centos7 ~]$ su - | + | # nmcli device disconnect enp0s3 |
| - | Mot de passe : fenestros | + | # nmcli device connect enp0s3 |
| - | [root@centos7 ~]# yum-builddep / | + | </code> |
| - | Loaded plugins: fastestmirror, | + | |
| - | Enabling base-source repository | + | |
| - | Enabling extras-source repository | + | |
| - | Enabling updates-source repository | + | |
| - | base-source | + | |
| - | extras-source | + | |
| - | updates-source | + | |
| - | (1/3): extras-source/ | + | |
| - | (2/3): base-source/ | + | |
| - | (3/3): updates-source/ | + | |
| - | Loading mirror speeds from cached hostfile | + | |
| - | * base: centos.mirrors.ovh.net | + | |
| - | * extras: centos.mirror.fr.planethoster.net | + | |
| - | * updates: mirror1.evolution-host.com | + | |
| - | Checking for new repos for mirrors | + | |
| - | Getting requirements for kernel-3.10.0-327.13.1.el7.src | + | |
| - | | + | |
| - | | + | |
| - | | + | |
| - | | + | |
| - | | + | |
| - | | + | |
| - | | + | |
| - | | + | |
| - | | + | |
| - | | + | |
| - | | + | |
| - | | + | |
| - | | + | |
| - | | + | |
| - | | + | |
| - | | + | |
| - | | + | |
| - | | + | |
| - | | + | |
| - | | + | |
| - | | + | |
| - | | + | |
| - | | + | |
| - | | + | |
| - | | + | |
| - | | + | |
| - | | + | |
| - | | + | |
| - | --> Running transaction check | + | |
| - | ---> Package asciidoc.noarch 0: | + | |
| - | --> Processing Dependency: source-highlight for package: asciidoc-8.6.8-5.el7.noarch | + | |
| - | --> Processing Dependency: graphviz for package: asciidoc-8.6.8-5.el7.noarch | + | |
| - | --> Processing Dependency: docbook-style-xsl for package: asciidoc-8.6.8-5.el7.noarch | + | |
| - | ---> Package hmaccalc.x86_64 0: | + | |
| - | ---> Package m4.x86_64 0: | + | |
| - | ---> Package newt-devel.x86_64 0: | + | |
| - | --> Processing Dependency: slang-devel for package: newt-devel-0.52.15-4.el7.x86_64 | + | |
| - | ---> Package perl-ExtUtils-Embed.noarch 0: | + | |
| - | --> Processing Dependency: perl-devel for package: perl-ExtUtils-Embed-1.30-286.el7.noarch | + | |
| - | ---> Package python-devel.x86_64 0: | + | |
| - | ---> Package xmlto.x86_64 0: | + | |
| - | --> Processing Dependency: text-www-browser for package: xmlto-0.0.25-7.el7.x86_64 | + | |
| - | --> Processing Dependency: flex for package: xmlto-0.0.25-7.el7.x86_64 | + | |
| - | --> Processing Dependency: docbook-dtds for package: xmlto-0.0.25-7.el7.x86_64 | + | |
| - | --> Running transaction check | + | |
| - | ---> Package docbook-dtds.noarch 0: | + | |
| - | --> Processing Dependency: sgml-common for package: docbook-dtds-1.0-60.el7.noarch | + | |
| - | ---> Package docbook-style-xsl.noarch 0: | + | |
| - | ---> Package flex.x86_64 0: | + | |
| - | ---> Package graphviz.x86_64 0: | + | |
| - | --> Processing Dependency: libXaw.so.7()(64bit) for package: graphviz-2.30.1-19.el7.x86_64 | + | |
| - | ---> Package lynx.x86_64 0: | + | |
| - | ---> Package perl-devel.x86_64 4: | + | |
| - | --> Processing Dependency: systemtap-sdt-devel for package: 4: | + | |
| - | --> Processing Dependency: perl(ExtUtils:: | + | |
| - | --> Processing Dependency: perl(ExtUtils:: | + | |
| - | --> Processing Dependency: perl(ExtUtils:: | + | |
| - | --> Processing Dependency: libdb-devel for package: 4: | + | |
| - | --> Processing Dependency: gdbm-devel for package: 4: | + | |
| - | ---> Package slang-devel.x86_64 0: | + | |
| - | ---> Package source-highlight.x86_64 0: | + | |
| - | --> Processing Dependency: ctags for package: source-highlight-3.1.6-6.el7.x86_64 | + | |
| - | --> Processing Dependency: libboost_regex.so.1.53.0()(64bit) for package: source-highlight-3.1.6-6.el7.x86_64 | + | |
| - | --> Running transaction check | + | |
| - | ---> Package boost-regex.x86_64 0: | + | |
| - | ---> Package ctags.x86_64 0: | + | |
| - | ---> Package gdbm-devel.x86_64 0: | + | |
| - | ---> Package libXaw.x86_64 0: | + | |
| - | ---> Package libdb-devel.x86_64 0: | + | |
| - | ---> Package perl-ExtUtils-Install.noarch 0: | + | |
| - | ---> Package perl-ExtUtils-MakeMaker.noarch 0: | + | |
| - | --> Processing Dependency: perl(Test:: | + | |
| - | --> Processing Dependency: perl(ExtUtils:: | + | |
| - | ---> Package perl-ExtUtils-ParseXS.noarch 1: | + | |
| - | ---> Package sgml-common.noarch 0: | + | |
| - | ---> Package systemtap-sdt-devel.x86_64 0: | + | |
| - | --> Running transaction check | + | |
| - | ---> Package perl-ExtUtils-Manifest.noarch 0: | + | |
| - | ---> Package perl-Test-Harness.noarch 0: | + | |
| - | --> Finished Dependency Resolution | + | |
| - | Dependencies Resolved | + | <WRAP center round important 60%> |
| + | **Important** : Veuillez ne **PAS** exécuter ces deux commandes. | ||
| + | </ | ||
| - | ======================================================================================================================================================================== | + | ====1.7 - Routage Statique==== |
| - | | + | |
| - | ======================================================================================================================================================================== | + | |
| - | Installing: | + | |
| - | | + | |
| - | | + | |
| - | | + | |
| - | | + | |
| - | | + | |
| - | | + | |
| - | | + | |
| - | Installing for dependencies: | + | |
| - | | + | |
| - | | + | |
| - | | + | |
| - | | + | |
| - | | + | |
| - | | + | |
| - | | + | |
| - | | + | |
| - | | + | |
| - | | + | |
| - | | + | |
| - | | + | |
| - | | + | |
| - | | + | |
| - | | + | |
| - | | + | |
| - | | + | |
| - | | + | |
| - | | + | |
| - | | + | |
| - | Transaction Summary | + | ===La commande ip=== |
| - | ======================================================================================================================================================================== | + | |
| - | Install | + | |
| - | Total download size: 9.0 M | + | Sous RHEL/CentOS 8, pour supprimer la route vers le réseau 192.168.1.0 il convient d' |
| - | Installed size: 43 M | + | |
| - | Is this ok [y/d/N]: y | + | < |
| + | [root@centos8 ~]# ip route | ||
| + | default via 10.0.2.1 dev ens18 proto static metric 100 | ||
| + | 10.0.2.0/24 dev ens18 proto kernel scope link src 10.0.2.46 metric 100 | ||
| + | 192.168.1.0/24 dev ens18 proto kernel scope link src 192.168.1.2 metric 100 | ||
| + | 192.168.122.0/ | ||
| + | |||
| + | root@centos8 ~]# ip route del 192.168.1.0/ | ||
| + | [root@centos8 ~]# ip route | ||
| + | default via 10.0.2.1 dev ens18 proto static metric 100 | ||
| + | 10.0.2.0/24 dev ens18 proto kernel scope link src 10.0.2.46 metric 100 | ||
| + | 192.168.122.0/ | ||
| </ | </ | ||
| - | Installez maintenant | + | Pour ajouter la route vers le réseau 192.168.1.0 : |
| < | < | ||
| - | [root@centos7 | + | [root@centos8 |
| - | logout | + | [root@centos8 |
| - | [trainee@centos7 | + | default via 10.0.2.1 dev ens18 proto static metric 100 |
| - | Mise à jour / installation... | + | 10.0.2.0/24 dev ens18 proto kernel scope link src 10.0.2.46 metric 100 |
| - | | + | 192.168.1.0/24 via 10.0.2.1 dev ens18 |
| - | attention : utilisateur builder inexistant - utilisation de root | + | 192.168.122.0/24 dev virbr0 proto kernel scope link src 192.168.122.1 linkdown |
| - | attention : groupe builder inexistant - utilisation de root | + | |
| - | attention : utilisateur builder inexistant - utilisation de root | + | |
| - | attention : groupe builder inexistant - utilisation de root | + | |
| - | attention : utilisateur builder inexistant - utilisation de root | + | |
| - | attention : groupe builder inexistant - utilisation de root | + | |
| - | attention : utilisateur builder inexistant - utilisation de root | + | |
| - | attention : groupe builder inexistant - utilisation de root | + | |
| - | attention : utilisateur builder inexistant - utilisation de root | + | |
| - | attention : groupe builder inexistant - utilisation de root | + | |
| - | attention : utilisateur builder inexistant - utilisation de root | + | |
| - | attention : groupe builder inexistant - utilisation de root | + | |
| - | attention : utilisateur builder inexistant - utilisation de root | + | |
| - | attention : groupe builder inexistant - utilisation de root | + | |
| - | attention : utilisateur builder inexistant - utilisation de root | + | |
| - | attention : groupe builder inexistant - utilisation de root | + | |
| - | attention : utilisateur builder inexistant - utilisation de root | + | |
| - | attention : groupe builder inexistant - utilisation de root | + | |
| - | attention : utilisateur builder inexistant - utilisation de root | + | |
| - | attention : groupe builder inexistant - utilisation de root | + | |
| - | attention : utilisateur builder inexistant - utilisation de root | + | |
| - | attention : groupe builder inexistant - utilisation de root | + | |
| - | attention : utilisateur builder inexistant - utilisation de root | + | |
| - | attention : groupe builder inexistant - utilisation de root | + | |
| - | attention : utilisateur builder inexistant - utilisation de root | + | |
| - | attention : groupe builder inexistant - utilisation de root | + | |
| - | attention : utilisateur builder inexistant - utilisation de root | + | |
| - | attention : groupe builder inexistant - utilisation de root | + | |
| - | attention : utilisateur builder inexistant - utilisation de root | + | |
| - | attention : groupe builder inexistant - utilisation de root | + | |
| - | attention : utilisateur builder inexistant - utilisation de root | + | |
| - | attention : groupe builder inexistant - utilisation de root | + | |
| - | attention : utilisateur builder inexistant - utilisation de root | + | |
| - | attention : groupe builder inexistant - utilisation de root | + | |
| - | attention : utilisateur builder inexistant - utilisation de root | + | |
| - | attention : groupe builder inexistant - utilisation de root | + | |
| - | attention : utilisateur builder inexistant - utilisation de root | + | |
| - | attention : groupe builder inexistant - utilisation de root | + | |
| - | attention : utilisateur builder inexistant - utilisation de root | + | |
| - | attention : groupe builder inexistant - utilisation de root | + | |
| - | attention : utilisateur builder inexistant - utilisation de root | + | |
| - | attention : groupe builder inexistant - utilisation de root | + | |
| - | attention : utilisateur builder inexistant - utilisation de root | + | |
| - | attention : groupe builder inexistant - utilisation de root | + | |
| - | attention : utilisateur builder inexistant - utilisation de root | + | |
| - | attention : groupe builder inexistant - utilisation de root | + | |
| - | attention : utilisateur builder inexistant - utilisation de root | + | |
| - | attention : groupe builder inexistant - utilisation de root | + | |
| - | attention : utilisateur builder inexistant - utilisation de root | + | |
| - | attention : groupe builder inexistant - utilisation de root | + | |
| - | attention : utilisateur builder inexistant - utilisation de root | + | |
| - | attention : groupe builder inexistant - utilisation de root | + | |
| - | attention : utilisateur builder inexistant - utilisation de root | + | |
| - | attention : groupe builder inexistant - utilisation de root | + | |
| - | attention : utilisateur builder inexistant - utilisation de root | + | |
| - | attention : groupe builder inexistant - utilisation de root | + | |
| - | attention : utilisateur builder inexistant - utilisation de root | + | |
| - | attention : groupe builder inexistant - utilisation de root | + | |
| - | attention : utilisateur builder inexistant - utilisation de root | + | |
| - | attention : groupe builder inexistant - utilisation de root | + | |
| - | attention : utilisateur builder inexistant - utilisation de root | + | |
| - | attention : groupe builder inexistant - utilisation de root | + | |
| </ | </ | ||
| - | <WRAP center round important> | + | <WRAP center round important |
| - | Les erreurs sont sans importance. | + | **Important** - La commande utilisée pour ajouter une passerelle par défaut prend la forme suivante **ip route add default via //adresse ip//**. |
| </ | </ | ||
| - | ====Préparer l' | + | ===Désactiver/ |
| - | Naviguez vers le repertoire **~/ | + | Pour désactiver |
| < | < | ||
| - | [trainee@centos7 | + | [root@centos8 |
| - | [trainee@centos7 SPECS]$ rpmbuild -bp --target=$(uname -m) kernel.spec | + | 1 |
| - | Construction pour plate-formes cibles: x86_64 | + | [root@centos8 ~]# echo 0 > / |
| - | Construction pour cible x86_64 | + | [root@centos8 ~]# cat / |
| - | erreur : Dépendances de construction manquantes: | + | 0 |
| - | pesign | + | |
| - | elfutils-devel est nécessaire pour kernel-3.10.0-327.13.1.el7.x86_64 | + | |
| - | binutils-devel est nécessaire pour kernel-3.10.0-327.13.1.el7.x86_64 | + | |
| - | bison est nécessaire pour kernel-3.10.0-327.13.1.el7.x86_64 | + | |
| - | audit-libs-devel est nécessaire pour kernel-3.10.0-327.13.1.el7.x86_64 | + | |
| - | numactl-devel est nécessaire pour kernel-3.10.0-327.13.1.el7.x86_64 | + | |
| - | pciutils-devel est nécessaire pour kernel-3.10.0-327.13.1.el7.x86_64 | + | |
| </ | </ | ||
| - | <WRAP center round important> | + | Pour activer le routage sur le serveur, |
| - | Notez qu'il existe toujours | + | |
| - | </ | + | |
| - | + | ||
| - | Redevenez root et installez les dépendances | + | |
| < | < | ||
| - | [trainee@centos7 SPECS]$ cd - | + | [root@centos8 ~]# echo 1 > /proc/sys/net/ |
| - | /home/trainee | + | [root@centos8 |
| - | [trainee@centos7 ~]$ su - | + | 1 |
| - | Mot de passe : | + | |
| - | Dernière connexion : lundi 8 août 2016 à 16:39:54 CEST sur pts/0 | + | |
| - | [root@centos7 | + | |
| - | ... | + | |
| </ | </ | ||
| - | Vous pouvez maintenant utilisez la commande rpmbuild pour préparer | + | =====LAB #2 - Diagnostique du Réseau===== |
| + | |||
| + | ====2.1 - ping==== | ||
| + | |||
| + | Pour tester | ||
| < | < | ||
| - | [root@centos7 | + | [root@centos8 |
| - | logout | + | PING 10.0.2.1 |
| - | [trainee@centos7 ~]$ cd ~/ | + | 64 bytes from 10.0.2.1: icmp_seq=1 ttl=64 time=0.104 ms |
| - | [trainee@centos7 SPECS]$ rpmbuild | + | 64 bytes from 10.0.2.1: icmp_seq=2 ttl=64 time=0.325 ms |
| - | Construction pour plate-formes cibles: x86_64 | + | 64 bytes from 10.0.2.1: icmp_seq=3 ttl=64 time=0.250 ms |
| - | Construction pour cible x86_64 | + | 64 bytes from 10.0.2.1: icmp_seq=4 ttl=64 time=0.123 ms |
| - | Exécution_de(%prep) : /bin/sh -e / | + | |
| - | + umask 022 | + | --- 10.0.2.1 ping statistics --- |
| - | + cd / | + | 4 packets transmitted, |
| - | + patch_command='patch -p1 -F1 -s' | + | rtt min/avg/max/mdev = 0.104/0.200/0.325/0.092 ms |
| - | + cd / | + | |
| - | + rm -rf kernel-3.10.0-327.13.1.el7 | + | |
| - | + / | + | |
| - | + cd kernel-3.10.0-327.13.1.el7 | + | |
| - | + / | + | |
| - | + /usr/bin/tar -xf - | + | |
| - | ... | + | |
| </ | </ | ||
| - | A l'issu du processus, examinez l' | + | ===Options de la commande ping=== |
| + | |||
| + | Les options de cette commande sont : | ||
| < | < | ||
| - | [trainee@centos7 SPECS]$ ls -la ~/ | + | [root@centos8 ~]# ping --help |
| - | total 824 | + | ping: invalid option |
| - | drwxr-xr-x. | + | Usage: ping [-aAbBdDfhLnOqrRUvV64] [-c count] [-i interval] [-I interface] |
| - | drwxr-xr-x. 3 trainee trainee | + | [-m mark] [-M pmtudisc_option] [-l preload] [-p pattern] [-Q tos] |
| - | drwxr-xr-x. 32 trainee trainee | + | [-s packetsize] [-S sndbuf] [-t ttl] [-T timestamp_option] |
| - | drwxr-xr-x. | + | [-w deadline] [-W timeout] [hop1 ...] destination |
| - | -rw-r--r--. 1 trainee trainee 126411 | + | Usage: ping -6 [-aAbBdDfhLnOqrRUvV] [-c count] [-i interval] [-I interface] |
| - | -rw-r--r--. 1 trainee trainee 126420 | + | [-l preload] [-m mark] [-M pmtudisc_option] |
| - | drwxr-xr-x. 2 trainee trainee | + | [-N nodeinfo_option] [-p pattern] [-Q tclass] [-s packetsize] |
| - | -rw-r--r--. | + | [-S sndbuf] [-t ttl] [-T timestamp_option] [-w deadline] |
| - | -rw-r--r--. 1 trainee trainee | + | [-W timeout] destination |
| - | drwxr-xr-x. 4 trainee trainee | + | |
| - | drwxr-xr-x. 101 trainee trainee | + | |
| - | drwxr-xr-x. 114 trainee trainee | + | |
| - | drwxr-xr-x. 36 trainee trainee | + | |
| - | drwxr-xr-x. 74 trainee trainee | + | |
| - | -rw-r--r--. 1 trainee trainee | + | |
| - | drwxr-xr-x. 27 trainee trainee | + | |
| - | drwxr-xr-x. 2 trainee trainee | + | |
| - | drwxr-xr-x. 2 trainee trainee | + | |
| - | -rw-r--r--. | + | |
| - | -rw-r--r--. | + | |
| - | drwxr-xr-x. | + | |
| - | drwxr-xr-x. | + | |
| - | -rw-r--r--. | + | |
| - | -rw-r--r--. | + | |
| - | -rw-r--r--. | + | |
| - | drwxr-xr-x. | + | |
| - | drwxr-xr-x. | + | |
| - | -rw-r--r--. | + | |
| - | -rw-r--r--. | + | |
| - | drwxr-xr-x. | + | |
| - | -rw-r--r--. | + | |
| - | drwxr-xr-x. | + | |
| - | drwxr-xr-x. | + | |
| - | drwxr-xr-x. | + | |
| - | drwxr-xr-x. | + | |
| - | drwxr-xr-x. | + | |
| - | drwxr-xr-x. | + | |
| </ | </ | ||
| - | A l' | + | ====2.2 - netstat -i==== |
| + | |||
| + | Pour visualiser les statistiques réseaux, vous disposez de la commande **netstat** | ||
| < | < | ||
| - | [trainee@centos7 SPECS]$ more ~/ | + | [root@centos8 ~]# netstat |
| - | # | + | Kernel |
| - | # Automatically generated file; DO NOT EDIT. | + | Iface |
| - | # Linux/ | + | ens18 1500 |
| - | # | + | lo 65536 10936 0 0 0 |
| - | CONFIG_64BIT=y | + | virbr0 |
| - | CONFIG_X86_64=y | + | |
| - | CONFIG_X86=y | + | |
| - | CONFIG_INSTRUCTION_DECODER=y | + | |
| - | CONFIG_OUTPUT_FORMAT=" | + | |
| - | CONFIG_ARCH_DEFCONFIG=" | + | |
| - | CONFIG_LOCKDEP_SUPPORT=y | + | |
| - | CONFIG_STACKTRACE_SUPPORT=y | + | |
| - | CONFIG_HAVE_LATENCYTOP_SUPPORT=y | + | |
| - | CONFIG_MMU=y | + | |
| - | CONFIG_NEED_DMA_MAP_STATE=y | + | |
| - | CONFIG_NEED_SG_DMA_LENGTH=y | + | |
| - | CONFIG_GENERIC_ISA_DMA=y | + | |
| - | CONFIG_GENERIC_BUG=y | + | |
| - | CONFIG_GENERIC_BUG_RELATIVE_POINTERS=y | + | |
| - | CONFIG_GENERIC_HWEIGHT=y | + | |
| - | CONFIG_ARCH_MAY_HAVE_PC_FDC=y | + | |
| - | CONFIG_RWSEM_XCHGADD_ALGORITHM=y | + | |
| - | CONFIG_GENERIC_CALIBRATE_DELAY=y | + | |
| - | CONFIG_ARCH_HAS_CPU_RELAX=y | + | |
| - | CONFIG_ARCH_HAS_CACHE_LINE_SIZE=y | + | |
| - | CONFIG_ARCH_HAS_CPU_AUTOPROBE=y | + | |
| - | CONFIG_HAVE_SETUP_PER_CPU_AREA=y | + | |
| - | CONFIG_NEED_PER_CPU_EMBED_FIRST_CHUNK=y | + | |
| - | CONFIG_NEED_PER_CPU_PAGE_FIRST_CHUNK=y | + | |
| - | CONFIG_ARCH_HIBERNATION_POSSIBLE=y | + | |
| - | CONFIG_ARCH_SUSPEND_POSSIBLE=y | + | |
| - | CONFIG_ZONE_DMA32=y | + | |
| - | CONFIG_AUDIT_ARCH=y | + | |
| - | CONFIG_ARCH_SUPPORTS_OPTIMIZED_INLINING=y | + | |
| - | CONFIG_ARCH_SUPPORTS_DEBUG_PAGEALLOC=y | + | |
| - | CONFIG_HAVE_INTEL_TXT=y | + | |
| - | CONFIG_X86_64_SMP=y | + | |
| - | CONFIG_X86_HT=y | + | |
| - | CONFIG_ARCH_HWEIGHT_CFLAGS=" | + | |
| - | CONFIG_ARCH_SUPPORTS_UPROBES=y | + | |
| - | CONFIG_DEFCONFIG_LIST="/ | + | |
| - | CONFIG_IRQ_WORK=y | + | |
| - | CONFIG_BUILDTIME_EXTABLE_SORT=y | + | |
| - | + | ||
| - | # | + | |
| - | --Plus--(1%) | + | |
| </ | </ | ||
| - | Ce fichier est généré par une des trois commandes suivantes et ne doit **pas** être édité manuellement : | + | ===Options de la commande netstat=== |
| - | * make config | + | Les options de cette commande sont : |
| - | * make menuconfig | + | |
| - | * make xconfig | + | |
| - | Dans ce fichier, vous pouvez constater la présence de lignes correspondantes à des fonctionalités suivies par une lettre ou une valeur. Dans le cas d'une lettre, la signification est la suivante | + | < |
| + | [root@centos8 ~]# netstat --help | ||
| + | usage: netstat [-vWeenNcCF] [< | ||
| + | | ||
| + | | ||
| - | * **y** | + | -r, --route |
| - | * la fonctionalité est incluse dans le noyau monolithique ou dans le cas d'une dépendance d'un module, dans le module concerné, | + | -I, --interfaces=< |
| - | * **m** | + | -i, --interfaces |
| - | * la fonctionalité est incluse en tant que module, | + | -g, --groups |
| - | * **n** | + | -s, --statistics |
| - | * la fonctionalité n'est pas incluse. Cette option est rarement visible car dans bien les cas, la fonctionalité est simplement commentée dans le fichier lui-même. | + | -M, --masquerade |
| - | Le fichier **Makefile** contient le nom du noyau et spécifie les informations suivantes : | + | -v, --verbose |
| + | -W, --wide | ||
| + | -n, --numeric | ||
| + | --numeric-hosts | ||
| + | --numeric-ports | ||
| + | --numeric-users | ||
| + | -N, --symbolic | ||
| + | -e, --extend | ||
| + | -p, --programs | ||
| + | -o, --timers | ||
| + | -c, --continuous | ||
| - | * VERSION, | + | -l, --listening |
| - | * PATCHLEVEL, | + | -a, --all display all sockets (default: connected) |
| - | * SUBLEVEL, | + | -F, --fib display Forwarding Information Base (default) |
| - | * EXTRAVERSION. | + | -C, --cache |
| + | -Z, --context | ||
| - | Les trois premières informations sont gérées par **kernel.org** et Linus Torvalds en personne tandis que l' | + | < |
| + | | ||
| + | < | ||
| + | List of possible address families (which support routing): | ||
| + | inet (DARPA Internet) inet6 (IPv6) ax25 (AMPR AX.25) | ||
| + | netrom (AMPR NET/ROM) ipx (Novell IPX) ddp (Appletalk DDP) | ||
| + | x25 (CCITT X.25) | ||
| + | </ | ||
| + | |||
| + | ====2.3 - traceroute==== | ||
| + | |||
| + | La commande ping est à la base de la commande | ||
| < | < | ||
| - | [trainee@centos7 SPECS]$ more ~/ | + | [root@centos8 ~]# traceroute www.ittraining.network |
| - | VERSION = 3 | + | bash: traceroute: command not found... |
| - | PATCHLEVEL = 10 | + | Install package ' |
| - | SUBLEVEL = 0 | + | |
| - | EXTRAVERSION = | + | |
| - | NAME = Unicycling Gorilla | + | |
| - | RHEL_MAJOR = 7 | + | |
| - | RHEL_MINOR = 2 | + | |
| - | RHEL_RELEASE = 327.13.1 | + | |
| - | RHEL_DRM_VERSION = 4 | + | |
| - | RHEL_DRM_PATCHLEVEL = 1 | + | |
| - | RHEL_DRM_SUBLEVEL = 0 | + | |
| - | # *DOCUMENTATION* | ||
| - | # To see a list of typical targets execute "make help" | ||
| - | # More info can be located in ./README | ||
| - | # Comments in this file are targeted only to the developer, do not | ||
| - | # expect to learn how to build the kernel reading this file. | ||
| - | # Do not: | + | * Waiting |
| - | # o use make's built-in rules and variables | + | The following packages have to be installed: |
| - | # (this increases performance and avoids hard-to-debug behaviour); | + | |
| - | # o print " | + | Proceed with changes? [N/y] y |
| - | MAKEFLAGS += -rR --no-print-directory | + | |
| - | # Avoid funny character set dependencies | ||
| - | unexport LC_ALL | ||
| - | LC_COLLATE=C | ||
| - | LC_NUMERIC=C | ||
| - | export LC_COLLATE LC_NUMERIC | ||
| - | # We are using a recursive build, so we need to do a little thinking | + | * Waiting in queue... |
| - | # to get the ordering right. | + | * Waiting for authentication... |
| - | # | + | * Waiting |
| - | # Most importantly: | + | * Downloading packages... |
| - | # their own directory. If in some directory we have a dependency on | + | * Requesting data... |
| - | # a file in another dir (which doesn' | + | * Testing changes... |
| - | # unavoidable when linking the built-in.o targets which finally | + | * Installing packages... |
| - | # turn into vmlinux), we will call a sub make in that other dir, and | + | traceroute to www.ittraining.network (109.228.56.52), 30 hops max, 60 byte packets |
| - | # after that we are sure that everything which is in that other dir | + | 1 _gateway (10.0.2.1) |
| - | # is now up to date. | + | 2 79.137.68.252 (79.137.68.252) |
| - | # | + | 3 10.50.24.61 (10.50.24.61) |
| - | # The only cases where we need to modify files which have global | + | 4 10.50.0.16 (10.50.0.16) |
| - | # effects are thus separated out and done before the recursive | + | 5 10.73.248.192 (10.73.248.192) |
| - | # descending is started. They are now explicitly listed as the | + | 6 waw-wa2-sbb1-nc5.pl.eu (91.121.131.150) |
| - | # prepare rule. | + | 7 fra-fr5-sbb1-nc5.de.eu (213.251.128.113) |
| - | --Plus--(2%) | + | 8 10.200.0.6 (10.200.0.6) |
| + | | ||
| + | 10 ae-14.bb-b.fr7.fra.de.oneandone.net | ||
| + | 11 port-channel-3.gw-ngcs-1.dc1.con.glo.gb.oneandone.net (88.208.255.131) | ||
| + | 12 109.228.63.209 (109.228.63.209) | ||
| + | 13 * 109.228.63.209 (109.228.63.209) | ||
| + | 14 * * * | ||
| + | 15 * * * | ||
| + | 16 * * * | ||
| + | 17 * * * | ||
| + | 18 * * * | ||
| + | 19 * * * | ||
| + | 20 * * * | ||
| + | 21 * * * | ||
| + | 22 * * * | ||
| + | 23 * * * | ||
| + | 24 * * * | ||
| + | 25 * * * | ||
| + | 26 * * * | ||
| + | 27 * * * | ||
| + | 28 * * * | ||
| + | 29 * * *^C | ||
| </ | </ | ||
| - | <WRAP center round important> | + | ===Options |
| - | La version 2.6 du noyau a vu le jour en **2003**. Les **SUBLEVEL** se suivaient régulièrement. Avec la version 2.6 du noyau, la valeur paire du **PATCHLEVEL** indiquait que le noyau était stable. Quand vous recompilez le noyau à partir des sources, vous devez modifier la valeur | + | |
| - | </ | + | |
| - | Utilisez maintenant la commande | + | Les options de cette commande |
| < | < | ||
| - | [trainee@centos7 SPECS]$ cd ~/ | + | [root@centos8 |
| - | [trainee@centos7 linux-3.10.0-327.13.1.el7.x86_64]$ make oldconfig | + | Usage: |
| - | scripts/ | + | traceroute [ -46dFITnreAUDV ] [ -f first_ttl ] [ -g gate,... ] [ -i device ] [ -m max_ttl ] [ -N squeries ] [ -p port ] [ -t tos ] [ -l flow_label ] [ -w MAX, |
| - | # | + | Options: |
| - | # configuration written | + | -4 Use IPv4 |
| - | # | + | -6 Use IPv6 |
| + | -d --debug | ||
| + | -F --dont-fragment | ||
| + | -f first_ttl | ||
| + | Start from the first_ttl hop (instead from 1) | ||
| + | -g gate,... --gateway=gate, | ||
| + | Route packets through the specified gateway | ||
| + | (maximum 8 for IPv4 and 127 for IPv6) | ||
| + | | ||
| + | -T --tcp Use TCP SYN for tracerouting (default port is 80) | ||
| + | -i device | ||
| + | Specify a network interface to operate with | ||
| + | -m max_ttl | ||
| + | Set the max number of hops (max TTL to be | ||
| + | reached). Default is 30 | ||
| + | -N squeries | ||
| + | Set the number of probes to be tried | ||
| + | simultaneously (default is 16) | ||
| + | -n Do not resolve IP addresses to their domain names | ||
| + | -p port --port=port | ||
| + | initial udp port value for " | ||
| + | (incremented by each probe, default is 33434), or | ||
| + | initial seq for " | ||
| + | default from 1), or some constant destination | ||
| + | port for other methods (with default of 80 for | ||
| + | " | ||
| + | -t tos --tos=tos | ||
| + | traffic class) value for outgoing packets | ||
| + | -l flow_label | ||
| + | Use specified flow_label for IPv6 packets | ||
| + | -w MAX, | ||
| + | Wait for a probe no more than HERE (default 3) | ||
| + | times longer than a response from the same hop, | ||
| + | or no more than NEAR (default 10) times than some | ||
| + | next hop, or MAX (default 5.0) seconds (float | ||
| + | point values allowed too) | ||
| + | | ||
| + | Set the number of probes per each hop. Default is | ||
| + | | ||
| + | -r Bypass the normal routing and send directly to a | ||
| + | host on an attached network | ||
| + | -s src_addr | ||
| + | Use source src_addr for outgoing packets | ||
| + | -z sendwait | ||
| + | Minimal time interval between probes (default 0). | ||
| + | If the value is more than 10, then it specifies a | ||
| + | number in milliseconds, | ||
| + | seconds (float point values allowed too) | ||
| + | -e --extensions | ||
| + | -A --as-path-lookups | ||
| + | print results directly after the corresponding | ||
| + | addresses | ||
| + | -M name --module=name | ||
| + | for traceroute operations. Most methods have | ||
| + | their shortcuts (`-I' means `-M icmp' etc.) | ||
| + | -O OPTS, | ||
| + | Use module-specific option OPTS for the | ||
| + | traceroute module. Several OPTS allowed, | ||
| + | separated by comma. If OPTS is " | ||
| + | about available options | ||
| + | | ||
| + | `-N 1' | ||
| + | | ||
| + | -U --udp Use UDP to particular port for tracerouting | ||
| + | (instead of increasing the port per each probe), | ||
| + | default port is 53 | ||
| + | -UL Use UDPLITE for tracerouting (default dest port | ||
| + | is 53) | ||
| + | -D --dccp | ||
| + | is 33434) | ||
| + | -P prot --protocol=prot | ||
| + | --mtu | ||
| + | `-F -N 1' | ||
| + | --back | ||
| + | print if it differs | ||
| + | -V --version | ||
| + | --help | ||
| + | |||
| + | Arguments: | ||
| + | + | ||
| + | packetlen | ||
| + | header plus 40). Can be ignored or increased to a minimal | ||
| + | allowed value | ||
| </ | </ | ||
| - | <WRAP center round important> | + | =====LAB #3 - Connexions à Distance===== |
| - | Cette commande | + | |
| + | ==== 3.1 - Telnet ==== | ||
| + | |||
| + | WRAP center round important> | ||
| + | **Important** - Si la commande | ||
| </ | </ | ||
| - | ====Paramétrage du noyau==== | + | La commande **telnet** est utilisée pour établir une connexion à distance avec un serveur telnet : |
| - | Après avoir modifié la configuration du noyau selon vos besoins en utilisant soit la commande **menuconfig** soit la commande **xconfig** (pas necéssaire pour cet exemple), insérez la sortie de la commande **uname -i** sur la première ligne du fichier .config : | + | < |
| + | # telnet numero_ip | ||
| + | </ | ||
| - | <code> | + | <WRAP center round important 60%> |
| - | [trainee@centos7 linux-3.10.0-327.13.1.el7.x86_64]$ uname -i | + | **Important** |
| - | x86_64 | + | </WRAP> |
| - | [trainee@centos7 linux-3.10.0-327.13.1.el7.x86_64]$ vi .config | + | |
| - | [trainee@centos7 linux-3.10.0-327.13.1.el7.x86_64]$ head .config | + | ===Options de la commande telnet=== |
| - | # x86_64 | + | |
| - | # | + | |
| - | # Automatically generated file; DO NOT EDIT. | + | |
| - | # Linux/x86 3.10.0 Kernel Configuration | + | |
| - | # | + | |
| - | CONFIG_64BIT=y | + | |
| - | CONFIG_X86_64=y | + | |
| - | CONFIG_X86=y | + | |
| - | CONFIG_INSTRUCTION_DECODER=y | + | |
| - | CONFIG_OUTPUT_FORMAT=" | + | |
| - | </ | + | |
| - | Renommez le fichier .config en le plaçant dans le répertoire **~/ | + | Les options de cette commande sont : |
| < | < | ||
| - | [trainee@centos7 linux-3.10.0-327.13.1.el7.x86_64]$ cp .config | + | [[root@centos8 |
| - | [trainee@centos7 linux-3.10.0-327.13.1.el7.x86_64]$ ls ~/ | + | telnet: invalid option |
| - | centos.cer | + | Usage: telnet [-4] [-6] [-8] [-E] [-L] [-S tos] [-a] [-c] [-d] [-e char] [-l user] |
| - | centos-kpatch.x509 | + | [-n tracefile] [-b hostalias ] [-r] |
| - | centos-ldup.x509 | + | [host-name [port]] |
| - | check-kabi | + | |
| - | config-x86_64-generic | + | |
| - | cpupower.config | + | |
| </ | </ | ||
| - | <WRAP center round important> | + | ==== 3.2 - wget ==== |
| - | Pour un noyau 32 bits, remplacez **x86_64** par **i386** et **config-`uname -m`-generic** par **config-x86-32-generic**. | + | |
| - | </ | + | |
| - | Editez la directive | + | La commande |
| < | < | ||
| - | [trainee@centos7 linux-3.10.0-327.13.1.el7.x86_64]$ cd ~/rpmbuild/SPECS | + | [root@centos8 ~]# wget https://www.dropbox.com/ |
| - | [trainee@centos7 SPECS]$ vi kernel.spec | + | --2021-08-29 06: |
| - | [trainee@centos7 SPECS]$ head kernel.spec | + | Resolving www.dropbox.com (www.dropbox.com)... 162.125.67.18, |
| - | # We have to override the new %%install behavior because, well... the kernel is special. | + | Connecting to www.dropbox.com (www.dropbox.com)|162.125.67.18|: |
| - | %global __spec_install_pre %{___build_pre} | + | HTTP request sent, awaiting response... 301 Moved Permanently |
| + | Location: | ||
| + | --2021-08-29 06: | ||
| + | Reusing existing connection to www.dropbox.com: | ||
| + | HTTP request sent, awaiting response... 302 Found | ||
| + | Location: https:// | ||
| + | --2021-08-29 06: | ||
| + | Resolving uc8a5f475f4a5f849fd1055f560f.dl.dropboxusercontent.com (uc8a5f475f4a5f849fd1055f560f.dl.dropboxusercontent.com)... 162.125.67.15, 2620: | ||
| + | Connecting to uc8a5f475f4a5f849fd1055f560f.dl.dropboxusercontent.com (uc8a5f475f4a5f849fd1055f560f.dl.dropboxusercontent.com)|162.125.67.15|: | ||
| + | HTTP request sent, awaiting response... 200 OK | ||
| + | Length: 46 [text/ | ||
| + | Saving to: ‘wget_file.txt’ | ||
| - | Summary: The Linux kernel | + | wget_file.txt |
| - | %define buildid | + | 2021-08-29 06:22:27 (26.9 MB/s) - ‘wget_file.txt’ saved [46/46] |
| - | # For a kernel released for public testing, released_kernel should be 1. | + | [root@centos8 ~]# cat wget_file.txt |
| - | # For internal testing builds during development, | + | This is a file retrieved by the wget command. |
| - | %global released_kernel 1 | + | |
| </ | </ | ||
| - | ====Compiler le Noyau==== | + | ===Options de la commande wget=== |
| - | La compilation du noyau peut prendre beaucoup | + | Les options |
| < | < | ||
| - | [trainee@centos7 SPECS]$ rpmbuild | + | [root@centos8 ~]# wget --help |
| - | </ | + | GNU Wget 1.19.5, a non-interactive network retriever. |
| + | Usage: wget [OPTION]... [URL]... | ||
| - | A l'issu du processus, les rpm se trouvent dans le répertoire **/ | + | Mandatory arguments to long options are mandatory for short options too. |
| - | < | + | Startup: |
| - | ... | + | -V, |
| - | Vérification des fichiers non empaquetés : / | + | -h, |
| - | Écrit : / | + | -b, |
| - | Écrit : / | + | -e, |
| - | Écrit : / | + | |
| - | Écrit : / | + | |
| - | Écrit : / | + | |
| - | Écrit : / | + | |
| - | Écrit : / | + | |
| - | Écrit : / | + | |
| - | Écrit : / | + | |
| - | Écrit : / | + | |
| - | Écrit : / | + | |
| - | Écrit : / | + | |
| - | Écrit : / | + | |
| - | Écrit : / | + | |
| - | Écrit : / | + | |
| - | Écrit : / | + | |
| - | Exécution_de(%clean) : | + | |
| - | + umask 022 | + | |
| - | + cd / | + | |
| - | + cd kernel-3.10.0-327.13.1.el7 | + | |
| - | + rm -rf / | + | |
| - | + exit 0 | + | |
| - | </ | + | |
| - | Notez que la génération du nouveau noyau a consommé plus de 9 Go d' | + | Logging and input file: |
| + | -o, --output-file=FILE | ||
| + | -a, --append-output=FILE | ||
| + | -d, --debug | ||
| + | -q, --quiet | ||
| + | -v, --verbose | ||
| + | -nv, --no-verbose | ||
| + | | ||
| + | -i, --input-file=FILE | ||
| + | | ||
| + | -F, --force-html | ||
| + | -B, --base=URL | ||
| + | | ||
| + | | ||
| + | | ||
| + | | ||
| - | < | + | Download: |
| - | [trainee@centos7 SPECS]$ df -h | + | -t, --tries=NUMBER |
| - | Sys. de fichiers Taille Utilisé Dispo Uti% Monté sur | + | --retry-connrefused |
| - | / | + | --retry-on-http-error=ERRORS |
| - | devtmpfs | + | -O, |
| - | tmpfs 245M | + | -nc, --no-clobber |
| - | tmpfs 245M 4,7M 240M 2% /run | + | |
| - | tmpfs 245M | + | --no-netrc |
| - | tmpfs 245M | + | -c, --continue |
| - | / | + | --start-pos=OFFSET |
| - | / | + | |
| - | tmpfs | + | |
| - | </code> | + | -N, --timestamping |
| + | | ||
| + | | ||
| + | | ||
| + | | ||
| + | the one on the server | ||
| + | -S, | ||
| + | --spider | ||
| + | -T, --timeout=SECONDS | ||
| + | | ||
| + | | ||
| + | | ||
| + | | ||
| + | | ||
| + | --random-wait | ||
| + | | ||
| + | -Q, --quota=NUMBER | ||
| + | | ||
| + | | ||
| + | | ||
| + | | ||
| + | | ||
| + | -4, | ||
| + | -6, | ||
| + | --prefer-family=FAMILY | ||
| + | one of IPv6, IPv4, or none | ||
| + | --user=USER set both ftp and http user to USER | ||
| + | --password=PASS | ||
| + | | ||
| + | | ||
| + | | ||
| + | | ||
| + | | ||
| + | | ||
| + | | ||
| + | | ||
| + | | ||
| + | | ||
| + | | ||
| + | | ||
| + | | ||
| + | | ||
| - | ====Installer le Nouveau Noyau==== | + | Directories: |
| + | -nd, --no-directories | ||
| + | -x, --force-directories | ||
| + | -nH, --no-host-directories | ||
| + | | ||
| + | -P, --directory-prefix=PREFIX | ||
| + | | ||
| - | Installez maintenant les deux paquets **kernel-devel** et **kernel-headers** : | + | HTTP options: |
| + | --http-user=USER | ||
| + | | ||
| + | | ||
| + | | ||
| + | this is ' | ||
| + | -E, --adjust-extension | ||
| + | | ||
| + | | ||
| + | | ||
| + | | ||
| + | | ||
| + | | ||
| + | | ||
| + | | ||
| + | -U, --user-agent=AGENT | ||
| + | | ||
| + | | ||
| + | | ||
| + | | ||
| + | | ||
| + | | ||
| + | | ||
| + | | ||
| + | | ||
| + | | ||
| + | | ||
| + | | ||
| + | | ||
| + | | ||
| + | | ||
| + | | ||
| - | < | + | HTTPS (SSL/TLS) options: |
| - | [root@centos7 ~]# rpm -ivh / | + | |
| - | Preparing... | + | |
| - | Updating / installing... | + | --https-only |
| - | 1:kernel-devel-3.10.0-327.13.1.el7.################################# | + | --no-check-certificate |
| - | [root@centos7 ~]# rpm -ivh /home/trainee/rpmbuild/RPMS/ | + | --certificate=FILE |
| - | Preparing... | + | |
| - | Updating | + | --private-key=FILE |
| - | 1:kernel-headers-3.10.0-327.13.1.el################################# | + | --private-key-type=TYPE |
| - | </ | + | |
| + | | ||
| + | | ||
| + | | ||
| + | of base64 encoded sha256 hashes preceded by | ||
| + | ' | ||
| + | peer against | ||
| + | |||
| + | --ciphers=STR | ||
| + | Use with care. This option overrides | ||
| + | The format and syntax of this string depend on the specific SSL/TLS engine. | ||
| + | HSTS options: | ||
| + | --no-hsts | ||
| + | --hsts-file | ||
| - | Installez en dernier le nouveau noyau avec la commande **rpm** | + | FTP options: |
| + | | ||
| + | | ||
| + | | ||
| + | | ||
| + | | ||
| + | | ||
| + | | ||
| - | < | + | FTPS options: |
| - | [root@centos7 ~]# rpm -ivh --force --nodeps /home/trainee/ | + | |
| - | Preparing... ################################# | + | --ftps-resume-ssl |
| - | installing package kernel-3.10.0-327.13.1.el7.i2tch.x86_64 needs 30MB on the /boot filesystem | + | |
| + | --ftps-clear-data-connection | ||
| + | | ||
| + | WARC options: | ||
| + | | ||
| + | | ||
| + | | ||
| + | | ||
| + | | ||
| + | | ||
| + | | ||
| + | | ||
| + | | ||
| + | WARC writer | ||
| + | |||
| + | Recursive download: | ||
| + | -r, --recursive | ||
| + | -l, --level=NUMBER | ||
| + | --delete-after | ||
| + | | ||
| + | local files | ||
| + | | ||
| + | | ||
| + | -K, --backup-converted | ||
| + | | ||
| + | -p, --page-requisites | ||
| + | --strict-comments | ||
| + | |||
| + | Recursive accept/ | ||
| + | -A, --accept=LIST | ||
| + | -R, --reject=LIST | ||
| + | | ||
| + | | ||
| + | | ||
| + | -D, --domains=LIST | ||
| + | | ||
| + | | ||
| + | | ||
| + | | ||
| + | -H, --span-hosts | ||
| + | -L, --relative | ||
| + | -I, --include-directories=LIST | ||
| + | | ||
| + | | ||
| + | -X, --exclude-directories=LIST | ||
| + | -np, --no-parent | ||
| + | |||
| + | Email bug reports, questions, discussions to < | ||
| + | and/or open issues at https:// | ||
| </ | </ | ||
| - | <WRAP center round important> | + | ==== 3.3 - ftp ==== |
| - | **Important** | + | |
| + | <WRAP center round important | ||
| + | **Important** | ||
| </ | </ | ||
| - | Lister maintenant les noyaux installés | + | La commande **ftp** est utilisée pour le transfert de fichiers. Une fois connecté, il convient d' |
| < | < | ||
| - | [root@centos7 ~]# rpm -qa | grep kernel-3 | + | ftp> help |
| - | kernel-3.10.0-327.el7.x86_64 | + | Commands may be abbreviated. |
| - | kernel-3.10.0-327.13.1.el7.x86_64 | + | |
| + | ! debug mdir sendport site | ||
| + | $ dir mget put size | ||
| + | account disconnect mkdir pwd status | ||
| + | append exit mls quit struct | ||
| + | ascii form mode quote system | ||
| + | bell get modtime recv sunique | ||
| + | binary glob mput reget tenex | ||
| + | bye hash newer rstatus tick | ||
| + | case help nmap rhelp trace | ||
| + | cd idle nlist rename type | ||
| + | cdup image ntrans reset user | ||
| + | chmod lcd open restart umask | ||
| + | close ls prompt rmdir verbose | ||
| + | cr macdef passive runique ? | ||
| + | delete mdelete proxy send | ||
| + | ftp> | ||
| </ | </ | ||
| - | Un noyau se désinstalle comme tout autre paquet : | + | Le caractère **!** permet d' |
| < | < | ||
| - | [root@centos7 ~]# yum remove kernel-3.10.0-327.el7.x86_64 | + | ftp> !pwd |
| - | Loaded plugins: fastestmirror, | + | /root |
| - | Resolving Dependencies | + | </code> |
| - | --> Running transaction check | + | |
| - | ---> Package kernel.x86_64 0: | + | |
| - | --> Finished Dependency Resolution | + | |
| - | Dependencies Resolved | + | Pour transférer un fichier vers le serveur, il convient d' |
| - | ======================================================================================================================================================================== | + | < |
| - | Package | + | ftp> put nom_fichier_local nom_fichier_distant |
| - | ======================================================================================================================================================================== | + | </file> |
| - | Removing: | + | |
| - | | + | |
| - | Transaction Summary | + | Vous pouvez également transférer plusieurs fichiers à la fois grâce à la commande **mput**. Dans ce cas précis, il convient de saisir la commande suivante: |
| - | ======================================================================================================================================================================== | + | |
| - | Remove | + | |
| - | Installed size: 136 M | + | < |
| - | Is this ok [y/N]: y | + | ftp> mput nom*.* |
| - | </code> | + | </file> |
| - | Installez le nouveau noyau avec la commande **rpm** : | + | Pour transférer un fichier du serveur, il convient d' |
| - | <code> | + | <file> |
| - | [root@centos7 ~]# rpm -ivh --force --nodeps / | + | ftp> get nom_fichier |
| - | Preparing... | + | </file> |
| - | Updating / installing... | + | |
| - | | + | |
| - | </code> | + | |
| - | Lister maintenant les noyaux installés : | + | Vous pouvez également transférer plusieurs fichiers à la fois grâce à la commande **mget** ( voir la commande **mput** ci-dessus ). |
| - | < | + | Pour supprimer un fichier sur le serveur, il convient d' |
| - | [root@centos7 ~]# rpm -qa | grep kernel-3 | + | |
| - | kernel-3.10.0-327.13.1.el7.i2tch.x86_64 | + | |
| - | kernel-3.10.0-327.13.1.el7.x86_64 | + | |
| - | </ | + | |
| - | Constatez | + | < |
| + | ftp> del nom_fichier | ||
| + | </ | ||
| + | |||
| + | Pour fermer | ||
| < | < | ||
| - | [root@centos7 ~]# grep i2tch / | + | ftp> quit |
| - | menuentry ' | + | [root@centos7 ~]# |
| - | linux16 / | + | |
| - | initrd16 / | + | |
| </ | </ | ||
| - | <WRAP center round important> | + | ====3.4 - SSH==== |
| - | **Important** : Re-démarrez votre VM en utilisant le nouveau noyau. | + | |
| - | </ | + | |
| - | Vérifiez ensuite l' | + | ===Présentation=== |
| - | <code> | + | La commande **[[wpfr>Ssh|ssh]]** est le successeur et la remplaçante de la commande **[[wpfr> |
| - | [root@centos7 ~]# uname -r | + | |
| - | 3.10.0-327.13.1.el7.i2tch.x86_64 | + | |
| - | </ | + | |
| - | =====Gestion | + | * Le **serveur SSH** |
| + | * le démon sshd, qui s' | ||
| + | * Le **client SSH** | ||
| + | * ssh ou scp, qui assure la connexion et le dialogue avec le serveur, | ||
| + | * La **session** qui représente la connexion courante et qui commence juste après l' | ||
| + | * Les **clefs** | ||
| + | * **Couple de clef utilisateur asymétriques** et persistantes qui assurent l' | ||
| + | * **Clef hôte asymétrique et persistante** garantissant l' | ||
| + | * **Clef serveur asymétrique et temporaire** utilisée par le protocole SSH1 qui sert au chiffrement de la clé de session, | ||
| + | * **Clef de session symétrique qui est générée aléatoirement** et qui permet le chiiffrement de la communication entre le client et le serveur. Elle est détruite en fin de session. SSH-1 utilise une seule clef tandis que SSH-2 utilise une clef par direction de la communication, | ||
| + | * La **base de données des hôtes connus** qui stocke les clés des connexions précédentes. | ||
| - | Sous Linux il est possible | + | SSH fonctionne |
| - | quotas par partition. L'administrateur met souvent des quotas en place sur l' | + | |
| - | Déconnectez-vous | + | * Le client contacte le serveur sur son port 22, |
| + | * Les client | ||
| + | * Le serveur SSH s' | ||
| + | * Sa clé hôte, | ||
| + | * Sa clé serveur, | ||
| + | * Une séquence aléatoire de huit octets à inclure dans les futures réponses du client, | ||
| + | * Une liste de méthodes de chiffrage, compression et authentification, | ||
| + | * Le client et le serveur produisent un identifiant identique, un haché MD5 long de 128 bits contenant la clé hôte, la clé serveur et la séquence aléatoire, | ||
| + | * Le client génère sa clé de session symétrique et la chiffre deux fois de suite, une fois avec la clé hôte du serveur et la deuxième fois avec la clé serveur. Le client envoie cette clé au serveur accompagnée de la séquence aléatoire et un choix d' | ||
| + | * Le serveur déchiffre la clé de session, | ||
| + | * Le client et le serveur mettent | ||
| - | Avant de mettre en place des quotas, configurer SELINUX en mode **permissive** afin de ne pas avoir d' | + | ==SSH-1== |
| - | < | + | SSH-1 utilise une paire de clefs de type RSA1. Il assure l' |
| - | [root@centos7 ~]# getenforce | + | |
| - | Enforcing | + | |
| - | [root@centos7 ~]# setenforce permissive | + | |
| - | [root@centos7 ~]# getenforce | + | |
| - | Permissive | + | |
| - | </ | + | |
| - | Editez ensuite | + | Afin de s' |
| - | < | + | * **Kerberos**, |
| - | [root@centos7 ~]# vi / | + | * **Rhosts**, |
| - | [root@centos7 ~]# cat / | + | * **%%RhostsRSA%%**, |
| + | * Par **clef asymétrique**, | ||
| + | * **TIS**, | ||
| + | * Par **mot de passe**. | ||
| - | # This file controls the state of SELinux on the system. | + | ==SSH-2== |
| - | # SELINUX= can take one of these three values: | + | |
| - | # | + | |
| - | # | + | |
| - | # | + | |
| - | SELINUX=permissive | + | |
| - | # SELINUXTYPE= can take one of three two values: | + | |
| - | # | + | |
| - | # | + | |
| - | # mls - Multi Level Security protection. | + | |
| - | SELINUXTYPE=targeted | + | |
| - | </ | + | |
| - | Commencez | + | SSH-2 utilise **DSA** ou **RSA**. Il assure l' |
| + | |||
| + | * **SSH-TRANS** – Transport Layer Protocol, | ||
| + | * **SSH-AUTH** – Authentification Protocol, | ||
| + | * **SSH-CONN** – Connection Protocol. | ||
| + | |||
| + | SSH-2 diffère de SSH-1 essentiellement dans la phase authentification. | ||
| + | |||
| + | Trois méthodes d' | ||
| + | |||
| + | * Par **clef asymétrique**, | ||
| + | * Identique à SSH-1 sauf avec l' | ||
| + | * **%%RhostsRSA%%**, | ||
| + | * Par **mot de passe**. | ||
| + | |||
| + | ==Options de la commande== | ||
| + | |||
| + | Les options de cette commande sont : | ||
| < | < | ||
| - | [root@centos7 | + | [root@centos8 |
| - | quota-4.01-11.el7_2.1.x86_64 | + | unknown option -- - |
| - | quota-nls-4.01-11.el7_2.1.noarch | + | usage: ssh [-46AaCfGgKkMNnqsTtVvXxYy] [-B bind_interface] |
| + | [-b bind_address] [-c cipher_spec] [-D [bind_address: | ||
| + | [-E log_file] [-e escape_char] [-F configfile] [-I pkcs11] | ||
| + | [-i identity_file] [-J [user@]host[: | ||
| + | [-l login_name] [-m mac_spec] [-O ctl_cmd] [-o option] [-p port] | ||
| + | [-Q query_option] [-R address] [-S ctl_path] [-W host: | ||
| + | [-w local_tun[: | ||
| </ | </ | ||
| - | Editez | + | ===Authentification par mot de passe=== |
| + | |||
| + | L' | ||
| + | |||
| + | Avantage: | ||
| + | * Aucune configuration de clef asymétrique n'est nécessaire. | ||
| + | |||
| + | Inconvénients: | ||
| + | * L' | ||
| + | * Moins sécurisé qu'un système par clef asymétrique. | ||
| + | |||
| + | ===Authentification par clef asymétrique=== | ||
| + | |||
| + | * Le **client** envoie au serveur une requête d' | ||
| + | * Le **serveur** recherche une correspondance pour ce module dans le fichier | ||
| + | | ||
| + | | ||
| + | * Le **client** reçoit le challenge et le décrypte avec la partie privée de sa clé. Il combine le challenge avec l' | ||
| + | | ||
| + | |||
| + | ===Configuration du Serveur=== | ||
| + | |||
| + | La configuration du serveur s' | ||
| < | < | ||
| - | [root@centos7 | + | [root@centos8 |
| - | [root@centos7 ~]# cat /etc/fstab | + | # $OpenBSD: sshd_config, |
| + | # This is the sshd server system-wide configuration file. See | ||
| + | # sshd_config(5) for more information. | ||
| + | |||
| + | # This sshd was compiled with PATH=/ | ||
| + | |||
| + | # The strategy used for options in the default sshd_config shipped with | ||
| + | # OpenSSH is to specify options with their default value where | ||
| + | # possible, but leave them commented. | ||
| + | # default value. | ||
| + | |||
| + | # If you want to change the port on a SELinux system, you have to tell | ||
| + | # SELinux about this change. | ||
| + | # semanage port -a -t ssh_port_t -p tcp #PORTNUMBER | ||
| # | # | ||
| - | # /etc/fstab | + | #Port 22 |
| - | # Created by anaconda on Sat Apr 30 11:27:02 2016 | + | #AddressFamily any |
| - | # | + | #ListenAddress |
| - | # Accessible filesystems, | + | # |
| - | # See man pages fstab(5), findfs(8), mount(8) and/or blkid(8) for more info | + | |
| - | # | + | |
| - | UUID=e65fe7da-cda8-4f5a-a827-1b5cabe94bed / | + | |
| - | UUID=2d947276-66e8-41f4-8475-b64b67d7a249 /boot | + | |
| - | UUID=3181601a-7295-4ef0-a92c-f21f76b18e64 swap swap defaults | + | |
| - | UUID=a080ac6a-d15c-48e2-8461-a7b1aa3ebf1a / | + | |
| - | </ | + | |
| - | Démontez puis remontez | + | HostKey |
| + | HostKey / | ||
| + | HostKey / | ||
| - | < | + | # Ciphers and keying |
| - | [root@centos7 ~]# umount | + | #RekeyLimit default none |
| - | [root@centos7 | + | |
| + | # This system is following system-wide crypto policy. The changes to | ||
| + | # crypto properties (Ciphers, MACs, ...) will not have any effect here. | ||
| + | # They will be overridden by command-line options passed to the server | ||
| + | # on command line. | ||
| + | # Please, check manual pages for update-crypto-policies(8) and sshd_config(5). | ||
| + | |||
| + | # Logging | ||
| + | # | ||
| + | SyslogFacility AUTHPRIV | ||
| + | #LogLevel INFO | ||
| + | |||
| + | # Authentication: | ||
| + | |||
| + | # | ||
| + | PermitRootLogin yes | ||
| + | # | ||
| + | # | ||
| + | # | ||
| + | |||
| + | # | ||
| + | |||
| + | # The default is to check both .ssh/authorized_keys and .ssh/ | ||
| + | # but this is overridden so installations will only check .ssh/ | ||
| + | AuthorizedKeysFile | ||
| + | |||
| + | # | ||
| + | |||
| + | # | ||
| + | # | ||
| + | |||
| + | # For this to work you will also need host keys in / | ||
| + | # | ||
| + | # Change to yes if you don't trust ~/ | ||
| + | # HostbasedAuthentication | ||
| + | # | ||
| + | # Don't read the user's ~/.rhosts and ~/.shosts files | ||
| + | # | ||
| + | |||
| + | # To disable tunneled clear text passwords, change to no here! | ||
| + | # | ||
| + | # | ||
| + | PasswordAuthentication yes | ||
| + | |||
| + | # Change to no to disable s/key passwords | ||
| + | # | ||
| + | ChallengeResponseAuthentication no | ||
| + | |||
| + | # Kerberos options | ||
| + | # | ||
| + | # | ||
| + | # | ||
| + | # | ||
| + | # | ||
| + | |||
| + | # GSSAPI options | ||
| + | GSSAPIAuthentication yes | ||
| + | GSSAPICleanupCredentials no | ||
| + | # | ||
| + | # | ||
| + | # | ||
| + | |||
| + | # Set this to ' | ||
| + | # and session processing. If this is enabled, PAM authentication will | ||
| + | # be allowed through the ChallengeResponseAuthentication and | ||
| + | # PasswordAuthentication. | ||
| + | # PAM authentication via ChallengeResponseAuthentication may bypass | ||
| + | # the setting of " | ||
| + | # If you just want the PAM account and session checks to run without | ||
| + | # PAM authentication, | ||
| + | # and ChallengeResponseAuthentication to ' | ||
| + | # WARNING: ' | ||
| + | # problems. | ||
| + | UsePAM yes | ||
| + | |||
| + | # | ||
| + | # | ||
| + | # | ||
| + | X11Forwarding yes | ||
| + | # | ||
| + | # | ||
| + | #PermitTTY yes | ||
| + | |||
| + | # It is recommended to use pam_motd in / | ||
| + | # as it is more configurable and versatile than the built-in version. | ||
| + | PrintMotd no | ||
| + | |||
| + | # | ||
| + | # | ||
| + | # | ||
| + | # | ||
| + | # | ||
| + | # | ||
| + | #UseDNS no | ||
| + | #PidFile / | ||
| + | # | ||
| + | # | ||
| + | # | ||
| + | # | ||
| + | |||
| + | # no default banner path | ||
| + | #Banner none | ||
| + | |||
| + | # Accept locale-related environment variables | ||
| + | AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES | ||
| + | AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT | ||
| + | AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE | ||
| + | AcceptEnv XMODIFIERS | ||
| + | |||
| + | # override default of no subsystems | ||
| + | Subsystem | ||
| + | |||
| + | # Example of overriding settings on a per-user basis | ||
| + | #Match User anoncvs | ||
| + | # | ||
| + | # | ||
| + | # | ||
| + | # | ||
| </ | </ | ||
| - | Déconnectez-vous et reconnectez-vous en tant que trainee. Vérifiez ensuite que les options soient prises en compte | + | Pour ôter les lignes de commentaires dans ce fichier, utilisez la commande suivante |
| < | < | ||
| - | [root@centos7 | + | [root@centos8 |
| - | rootfs / rootfs rw 0 0 | + | [root@centos8 tmp]# cat sshd_config |
| - | sysfs /sys sysfs rw, | + | HostKey |
| - | proc /proc proc rw, | + | HostKey |
| - | devtmpfs /dev devtmpfs rw, | + | HostKey |
| - | securityfs / | + | SyslogFacility AUTHPRIV |
| - | tmpfs /dev/shm tmpfs rw, | + | PermitRootLogin yes |
| - | devpts /dev/pts devpts rw, | + | AuthorizedKeysFile |
| - | tmpfs /run tmpfs rw, | + | PasswordAuthentication yes |
| - | tmpfs / | + | ChallengeResponseAuthentication no |
| - | cgroup / | + | GSSAPIAuthentication yes |
| - | pstore | + | GSSAPICleanupCredentials no |
| - | cgroup / | + | UsePAM yes |
| - | cgroup | + | X11Forwarding yes |
| - | cgroup | + | PrintMotd no |
| - | cgroup | + | AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES |
| - | cgroup / | + | AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT |
| - | cgroup / | + | AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE |
| - | cgroup | + | AcceptEnv XMODIFIERS |
| - | cgroup / | + | Subsystem |
| - | cgroup / | + | |
| - | configfs / | + | |
| - | /dev/sda2 / xfs rw, | + | |
| - | selinuxfs / | + | |
| - | systemd-1 / | + | |
| - | debugfs / | + | |
| - | hugetlbfs / | + | |
| - | tmpfs /tmp tmpfs rw,seclabel 0 0 | + | |
| - | mqueue /dev/mqueue mqueue rw, | + | |
| - | sunrpc / | + | |
| - | nfsd /proc/fs/nfsd nfsd rw,relatime 0 0 | + | |
| - | /dev/sda1 /boot xfs rw, | + | |
| - | tmpfs /run/user/0 tmpfs rw, | + | |
| - | /dev/sdb1 /home ext4 rw, | + | |
| </ | </ | ||
| - | ====La Commande quotacheck==== | + | Pour sécuriser le serveur ssh, ajoutez ou modifiez les directives suivantes : |
| - | Pour activer les quotas sur /home, il convient d' | + | < |
| + | AllowGroups adm | ||
| + | Banner | ||
| + | HostbasedAuthentication no | ||
| + | IgnoreRhosts yes | ||
| + | LoginGraceTime 60 | ||
| + | LogLevel INFO | ||
| + | PermitEmptyPasswords no | ||
| + | PermitRootLogin no | ||
| + | PrintLastLog yes | ||
| + | Protocol 2 | ||
| + | StrictModes yes | ||
| + | X11Forwarding no | ||
| + | </ | ||
| + | |||
| + | Votre fichier ressemblera à celui-ci | ||
| < | < | ||
| - | [root@centos7 ~]# quotacheck -cugvm -f /dev/sdb1 | + | [root@centos8 tmp]# vi sshd_config |
| - | quotacheck: Your kernel probably supports journaled quota but you are not using it. Consider switching to journaled quota to avoid running quotacheck after an unclean shutdown. | + | [root@centos8 tmp]# cat sshd_config |
| - | quotacheck: Parcours de / | + | AllowGroups adm |
| - | quotacheck: Cannot stat old user quota file /home/aquota.user: | + | Banner |
| - | quotacheck: Cannot stat old group quota file /home/aquota.group: | + | HostbasedAuthentication no |
| - | quotacheck: Cannot stat old user quota file /home/aquota.user: | + | IgnoreRhosts yes |
| - | quotacheck: Cannot stat old group quota file /home/aquota.group: | + | LoginGraceTime 60 |
| - | quotacheck: Vérifié 100 répertoires et 230 fichiers | + | LogLevel INFO |
| - | quotacheck: Ancien fichier non trouvé. | + | PermitEmptyPasswords no |
| - | quotacheck: Ancien fichier non trouvé. | + | PermitRootLogin no |
| + | PrintLastLog yes | ||
| + | Protocol 2 | ||
| + | StrictModes yes | ||
| + | X11Forwarding no | ||
| + | HostKey | ||
| + | HostKey | ||
| + | HostKey | ||
| + | SyslogFacility AUTHPRIV | ||
| + | PermitRootLogin yes | ||
| + | AuthorizedKeysFile | ||
| + | PasswordAuthentication yes | ||
| + | ChallengeResponseAuthentication no | ||
| + | GSSAPIAuthentication yes | ||
| + | GSSAPICleanupCredentials no | ||
| + | UsePAM yes | ||
| + | PrintMotd no | ||
| + | AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES | ||
| + | AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT | ||
| + | AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE | ||
| + | AcceptEnv XMODIFIERS | ||
| + | Subsystem | ||
| </ | </ | ||
| - | Les options de la commande quotacheck sont : | + | Renommez le fichier **/ |
| < | < | ||
| - | [root@centos7 ~]# quotacheck --help | + | [root@centos8 tmp]# cp / |
| - | Utility for checking and repairing quota files. | + | </code> |
| - | quotacheck [-gucbfinvdmMR] [-F <quota-format>] filesystem|-a | + | |
| - | -u, --user | + | Copiez le fichier **/ |
| - | -g, --group | + | |
| - | -c, --create-files | + | |
| - | -b, --backup | + | |
| - | -f, --force | + | |
| - | -i, --interactive | + | |
| - | -n, --use-first-dquot | + | |
| - | -v, --verbose | + | |
| - | -d, --debug | + | |
| - | -m, --no-remount | + | |
| - | -M, --try-remount | + | |
| - | continue even if it fails | + | |
| - | -R, --exclude-root | + | |
| - | -F, --format=formatname | + | |
| - | -a, --all check all filesystems | + | |
| - | -h, --help | + | |
| - | -V, --version | + | |
| - | Rapports de bugs à jack@suse.cz | + | < |
| + | [root@centos8 tmp]# cp / | ||
| + | cp: overwrite '/ | ||
| </ | </ | ||
| - | Les quotas ont été activés et les fichier **aquota.user** et **aquota.group** ont été créés dans le répertoire /home : | + | Redémarrez |
| < | < | ||
| - | [root@centos7 ~]# ls -la /home | + | [root@centos8 tmp]# systemctl restart sshd |
| - | total 44 | + | [root@centos8 tmp]# systemctl status sshd |
| - | drwxr-xr-x. 4 root root 4096 11 août 13:39 . | + | ● sshd.service - OpenSSH server daemon |
| - | dr-xr-xr-x. 18 root root | + | |
| - | -rw-------. | + | Active: active (running) since Mon 2021-08-30 02:17:00 EDT; 11s ago |
| - | -rw-------. 1 root root 7168 11 août 13:39 aquota.user | + | |
| - | drwx------. 2 root root 16384 11 août 13:26 lost+found | + | |
| - | drwx------. 14 trainee trainee | + | Main PID: 1042039 (sshd) |
| + | Tasks: 1 (limit: 23535) | ||
| + | | ||
| + | | ||
| + | └─1042039 / | ||
| + | |||
| + | Aug 30 02:17:00 centos8.ittraining.loc systemd[1]: Starting OpenSSH server daemon... | ||
| + | Aug 30 02:17:00 centos8.ittraining.loc sshd[1042039]: Server listening on 0.0.0.0 port 22. | ||
| + | Aug 30 02:17:00 centos8.ittraining.loc sshd[1042039]: | ||
| + | Aug 30 02:17:00 centos8.ittraining.loc systemd[1]: Started OpenSSH server daemon. | ||
| + | [q] | ||
| </ | </ | ||
| - | Créez maintenant un utilisateur **fenestros** avec le mot de passe **fenestros** : | + | Mettez l'utilisateur **trainee** dans le groupe |
| < | < | ||
| - | [root@centos7 ~]# groupadd fenestros && useradd fenestros -c FenestrOs -d / | + | [root@centos8 tmp]# groups trainee |
| - | [root@centos7 ~]# passwd fenestros | + | trainee : trainee |
| - | Changement de mot de passe pour l' | + | [root@centos8 tmp]# usermod -aG adm trainee |
| - | Nouveau mot de passe : fenestros | + | [root@centos8 tmp]# groups trainee |
| - | MOT DE PASSE INCORRECT : Le mot de passe contient le nom d' | + | trainee : trainee adm |
| - | Retapez le nouveau mot de passe : fenestros | + | |
| - | passwd : mise à jour réussie de tous les jetons d' | + | |
| - | [root@centos7 ~]# | + | |
| </ | </ | ||
| - | ====La Commande edquota==== | + | Pour générer les clefs du serveur, saisissez la commande suivante en tant que **root**. Notez que la passphrase doit être **vide**. |
| + | |||
| + | < | ||
| + | [root@centos8 tmp]# ssh-keygen -t dsa | ||
| + | Generating public/ | ||
| + | Enter file in which to save the key (/ | ||
| + | Enter passphrase (empty for no passphrase): | ||
| + | Enter same passphrase again: | ||
| + | Your identification has been saved in / | ||
| + | Your public key has been saved in / | ||
| + | The key fingerprint is: | ||
| + | SHA256: | ||
| + | The key's randomart image is: | ||
| + | +---[DSA 1024]----+ | ||
| + | | | | ||
| + | | . | | ||
| + | |.o . o.+ | | ||
| + | |E. o.*.. . | | ||
| + | |+ooo.o +S o o | | ||
| + | |X==++ o o o | | ||
| + | |B/=+oo | | ||
| + | |Ooo++ | ||
| + | |. .o | | ||
| + | +----[SHA256]-----+ | ||
| + | </ | ||
| - | Mettez en place maintenant un quota de 10Mo pour l' | + | De la même façon, il est possible |
| < | < | ||
| - | [root@centos ~]# edquota | + | [root@centos8 tmp]# ssh-keygen |
| + | Generating public/private rsa key pair. | ||
| + | Enter file in which to save the key (/ | ||
| + | Enter passphrase (empty for no passphrase): | ||
| + | Enter same passphrase again: | ||
| + | Your identification has been saved in / | ||
| + | Your public key has been saved in / | ||
| + | The key fingerprint is: | ||
| + | SHA256: | ||
| + | The key's randomart image is: | ||
| + | +---[RSA 3072]----+ | ||
| + | | | ||
| + | | o oo o=+ . | | ||
| + | |.. oo=+=o . + | | ||
| + | |oo .+E++.+ = * | | ||
| + | |o.. +.S B * . | | ||
| + | |. B + = | | ||
| + | | = | | ||
| + | | | ||
| + | | . | | ||
| + | +----[SHA256]-----+ | ||
| + | [root@centos8 tmp]# ssh-keygen -t ecdsa | ||
| + | Generating public/ | ||
| + | Enter file in which to save the key (/ | ||
| + | Enter passphrase (empty for no passphrase): | ||
| + | Enter same passphrase again: | ||
| + | Your identification has been saved in / | ||
| + | Your public key has been saved in / | ||
| + | The key fingerprint is: | ||
| + | SHA256: | ||
| + | The key's randomart image is: | ||
| + | +---[ECDSA 256]---+ | ||
| + | |++*=+ | ||
| + | |oX.=o+ o o | | ||
| + | |o %.B + + | | ||
| + | |...O.= o | ||
| + | |..E.o . S o | | ||
| + | |. . o = | | ||
| + | | . * . | | ||
| + | | . ... o | | ||
| + | | ..ooo.. | ||
| + | +----[SHA256]-----+ | ||
| + | [root@centos8 tmp]# ssh-keygen -t ed25519 | ||
| + | Generating public/ | ||
| + | Enter file in which to save the key (/ | ||
| + | Enter passphrase (empty for no passphrase): | ||
| + | Enter same passphrase again: | ||
| + | Your identification has been saved in / | ||
| + | Your public key has been saved in / | ||
| + | The key fingerprint is: | ||
| + | SHA256: | ||
| + | The key's randomart image is: | ||
| + | +--[ED25519 256]--+ | ||
| + | | | ||
| + | | . .. . o| | ||
| + | | . . . +.| | ||
| + | | o . oB ..o.=| | ||
| + | | o o S*+=o* *+| | ||
| + | | . . .o.*o*.+.B| | ||
| + | | . o o +o++| | ||
| + | | o =o| | ||
| + | | . o| | ||
| + | +----[SHA256]-----+ | ||
| </ | </ | ||
| - | L'éditeur | + | Les clefs publiques générées possèdent l'extension |
| - | <file> | + | <code> |
| - | Quotas disque pour user fenestros (uid 1001) : | + | [root@centos8 tmp]# ls /etc/ssh |
| - | Système de fichiers | + | moduli |
| - | | + | ssh_config |
| - | </file> | + | </code> |
| - | Modifiez ce fichier ainsi : | + | Re-démarrez ensuite le service sshd : |
| - | <file> | + | <code> |
| - | Quotas disque pour user fenestros | + | [root@centos8 tmp]# systemctl restart sshd.service |
| - | Système de fichiers | + | [root@centos8 tmp]# systemctl status sshd.service |
| - | /dev/sdb1 | + | ● sshd.service - OpenSSH server daemon |
| - | </file> | + | |
| + | | ||
| + | Docs: man: | ||
| + | | ||
| + | Main PID: 1042204 (sshd) | ||
| + | Tasks: 1 (limit: 23535) | ||
| + | | ||
| + | CGroup: | ||
| + | └─1042204 /usr/sbin/sshd -D -oCiphers=aes256-gcm@openssh.com, | ||
| - | Les options | + | Aug 30 02:24:57 centos8.ittraining.loc systemd[1]: Starting OpenSSH server daemon... |
| + | Aug 30 02:24:57 centos8.ittraining.loc sshd[1042204]: | ||
| + | Aug 30 02:24:57 centos8.ittraining.loc sshd[1042204]: | ||
| + | Aug 30 02:24:57 centos8.ittraining.loc systemd[1]: Started OpenSSH server daemon. | ||
| + | [q] | ||
| + | </ | ||
| + | |||
| + | ===Configuration du Client=== | ||
| + | |||
| + | Saisissez maintenant les commandes suivantes en tant que **trainee** : | ||
| + | |||
| + | <WRAP center round important 60%> | ||
| + | **Important** - Lors de la génération des clefs, la passphrase doit être **vide**. | ||
| + | </ | ||
| < | < | ||
| - | [root@centos7 ~]# edquota | + | [root@centos8 tmp]# exit |
| - | edquota: Usage: | + | logout |
| - | edquota [-rm] [-u] [-F formatname] | + | [trainee@centos8 ~]$ ssh-keygen |
| - | edquota [-rm] -g [-F formatname] [-p groupname] | + | Generating public/ |
| - | edquota [-u|g] [-F formatname] [-f filesystem] | + | Enter file in which to save the key (/ |
| - | edquota | + | Created directory '/ |
| + | Enter passphrase (empty for no passphrase): | ||
| + | Enter same passphrase again: | ||
| + | Your identification has been saved in / | ||
| + | Your public key has been saved in / | ||
| + | The key fingerprint is: | ||
| + | SHA256: | ||
| + | The key's randomart image is: | ||
| + | +---[DSA 1024]----+ | ||
| + | | =o+o.o+OB| | ||
| + | | o +o=o oo=| | ||
| + | | | ||
| + | | o o.& | ||
| + | | S o o.*.o| | ||
| + | | o o o.| | ||
| + | | . + + | | ||
| + | | + . o | | ||
| + | | E .| | ||
| + | +----[SHA256]-----+ | ||
| + | [trainee@centos8 ~]$ ssh-keygen | ||
| + | Generating public/ | ||
| - | -u, --user edit user data | + | Enter file in which to save the key (/ |
| - | -g, --group edit group data | + | Enter same passphrase again: |
| - | -r, --remote | + | Your identification has been saved in / |
| - | -m, --no-mixed-pathnames | + | Your public key has been saved in / |
| - | -F, --format=formatname | + | The key fingerprint is: |
| - | -p, --prototype=name | + | SHA256: |
| - | | + | The key's randomart image is: |
| - | | + | +---[RSA 3072]----+ |
| - | -f, --filesystem=filesystem | + | |o+o++oo |
| - | -t, --edit-period | + | |=+o.oo . .=B . | |
| - | -T, --edit-times edit grace time of a user/group | + | |=. ..o o+... | |
| - | -h, --help display this help text and exit | + | |. =.o o.. . | |
| - | -V, --version | + | | oS= = o | |
| + | | .. = = | | ||
| + | | | ||
| + | | +...E | | ||
| + | | . o+... | | ||
| + | +----[SHA256]-----+ | ||
| + | [trainee@centos8 ~]$ ssh-keygen | ||
| + | Generating public/ | ||
| + | Enter file in which to save the key (/ | ||
| + | Enter passphrase (empty for no passphrase): | ||
| + | Enter same passphrase again: | ||
| + | Your identification has been saved in / | ||
| + | Your public key has been saved in / | ||
| + | The key fingerprint is: | ||
| + | SHA256: | ||
| + | The key's randomart image is: | ||
| + | +---[ECDSA 256]---+ | ||
| + | |o.. | | ||
| + | |.oo | | ||
| + | |.*o . . | | ||
| + | |+.++ B | | ||
| + | |+o =B + S | | ||
| + | |=*oo.* = | | ||
| + | |B.* o O . | | ||
| + | |.= = = o.. | | ||
| + | |. E o oo+. | | ||
| + | +----[SHA256]-----+ | ||
| + | [trainee@centos8 ~]$ ssh-keygen | ||
| + | Generating public/private ed25519 key pair. | ||
| + | Enter file in which to save the key (/ | ||
| + | Enter passphrase (empty for no passphrase): | ||
| + | Enter same passphrase again: | ||
| + | Your identification has been saved in / | ||
| + | Your public key has been saved in / | ||
| + | The key fingerprint is: | ||
| + | SHA256: | ||
| + | The key's randomart image is: | ||
| + | +--[ED25519 256]--+ | ||
| + | | | ||
| + | | o==O+Boo | | ||
| + | | o ooE.O. | | ||
| + | | | ||
| + | | S + ...| | ||
| + | | | ||
| + | | . + o.o| | ||
| + | | + +.oo| | ||
| + | | o..o.| | ||
| + | +----[SHA256]-----+ | ||
| + | </ | ||
| - | Rapports de bugs à : jack@suse.cz | + | Les clés générées seront placées dans le répertoire **~/ |
| + | |||
| + | < | ||
| + | [trainee@centos8 ~]$ ls .ssh | ||
| + | id_dsa | ||
| </ | </ | ||
| - | <WRAP center round important> | + | ===Tunnels SSH=== |
| - | Pour mettre en place un quota par group, la procédure est similaire. Il suffit d' | + | |
| - | </ | + | |
| - | ====La Commande quotaon==== | + | Le protocole SSH peut être utilisé pour sécuriser les protocoles tels telnet, pop3 etc.. En effet, on peut créer un //tunnel// SSH dans lequel passe les communications du protocole non-sécurisé. |
| - | Appliquez maintenant les quotas | + | La commande pour créer un tunnel ssh prend la forme suivante : |
| + | |||
| + | ssh -N -f compte@hôte -Lport-local: | ||
| + | |||
| + | Dans votre cas, vous allez créer un tunnel dans votre propre vm entre le port 15023 et le port 23 : | ||
| < | < | ||
| - | [root@centos7 | + | [root@centos8 |
| + | \S | ||
| + | Kernel \r on an \m | ||
| + | trainee@localhost' | ||
| </ | </ | ||
| - | Les options de la commande **quotaon** sont : | + | Installez maintenant le serveur telnet |
| < | < | ||
| - | [root@centos7 | + | [root@centos8 |
| - | quotaon: Usage: | + | |
| - | quotaon [-guvp] [-F quotaformat] [-x state] -a | + | |
| - | quotaon [-guvp] [-F quotaformat] [-x state] filesys ... | + | |
| - | + | ||
| - | -a, --all turn quotas on for all filesystems | + | |
| - | -f, --off turn quotas off | + | |
| - | -u, --user | + | |
| - | -g, --group | + | |
| - | -p, --print-state | + | |
| - | -x, --xfs-command=cmd | + | |
| - | -F, --format=formatname | + | |
| - | -v, --verbose | + | |
| - | -h, --help | + | |
| - | -V, --version | + | |
| </ | </ | ||
| - | De cette manière vous avez mis en place un quota **souple** pour fenestros | + | Telnet n'est ni démarré ni activé. Il convient donc de le démarrer |
| - | Quand l' | + | < |
| + | [root@centos8 ~]# systemctl status telnet.socket | ||
| + | ● telnet.socket - Telnet Server Activation Socket | ||
| + | | ||
| + | | ||
| + | Docs: man: | ||
| + | | ||
| + | | ||
| + | |||
| + | [root@centos8 ~]# systemctl start telnet.socket | ||
| - | Il est à noter que vous pouvez soit mettre en place un quota en taille, soit mettre en place un quota basé sur le nombre d' | + | [root@centos8 ~]# systemctl status telnet.socket |
| + | ● telnet.socket - Telnet Server Activation Socket | ||
| + | | ||
| + | | ||
| + | Docs: man: | ||
| + | | ||
| + | | ||
| + | | ||
| - | <WRAP center round important> | + | Aug 30 02:44:01 centos8.ittraining.loc systemd[1]: Listening on Telnet Server Activation Socket. |
| - | La commande pour désactivez les quotas est **quotaoff**. | + | |
| - | </ | + | |
| - | ====La Commande repquota==== | + | [root@centos8 ~]# systemctl enable telnet.socket |
| + | Created symlink / | ||
| + | </ | ||
| - | Pour visualiser les quotas utilisez la commande **repquota** | + | Connectez-vous ensuite via telnet sur le port 15023, vous constaterez que votre connexion n' |
| < | < | ||
| - | [root@centos7 | + | [root@centos8 |
| - | *** Rapport pour les quotas user sur le périphérique /dev/sdb1 | + | Trying |
| - | Période de sursis bloc : 7days ; période de sursis inode : 7days | + | Connected to localhost. |
| - | Block limits | + | Escape character is ' |
| - | Utilisateur | + | |
| - | ---------------------------------------------------------------------- | + | Kernel 4.18.0-305.7.1.el8.i2tch.x86_64 on an x86_64 |
| - | root | + | centos8 login: |
| - | trainee | + | Password: |
| - | | + | Last login: Mon Aug 30 02:37:00 from ::1 |
| + | [trainee@centos8 ~]$ whoami | ||
| + | trainee | ||
| + | [trainee@centos8 ~]$ pwd | ||
| + | / | ||
| </ | </ | ||
| - | <WRAP center round important> | + | <WRAP center round important |
| - | Notez que l' | + | **Important** - Notez bien que votre communication telnet passe par le tunnel SSH. |
| </ | </ | ||
| - | Les options de la commande **repquota** sont : | + | ====3.5 - SCP==== |
| - | < | + | ===Présentation=== |
| - | [root@centos7 ~]# repquota --help | + | |
| - | repquota: Utility for reporting quotas. | + | |
| - | Usage: | + | |
| - | repquota [-vugsi] [-c|C] [-t|n] [-F quotaformat] (-a | mntpoint) | + | |
| - | -v, --verbose | + | La commande **scp** est le successeur et la remplaçante de la commande **rcp** de la famille des commandes **remote**. Il permet de faire des transferts sécurisés à partir d'une machine distante : |
| - | -u, --user | + | |
| - | -g, --group | + | |
| - | -s, --human-readable | + | |
| - | -t, --truncate-names | + | |
| - | -p, --raw-grace | + | |
| - | -n, --no-names | + | |
| - | -i, --no-autofs | + | |
| - | -c, --cache | + | |
| - | -C, --no-cache | + | |
| - | -F, --format=formatname | + | |
| - | -a, --all | + | |
| - | -h, --help | + | |
| - | -V, --version | + | |
| - | Rapports de bugs à jack@suse.cz | + | $ scp compte@numero_ip(nom_de_machine):/ |
| - | </code> | + | |
| + | ou vers une machine distante : | ||
| + | |||
| + | $ scp /chemin_local/ | ||
| + | |||
| + | ===Utilisation=== | ||
| - | ====La Commande quota==== | + | Nous allons maintenant utiliser **scp** pour chercher un fichier sur le << |
| - | Pour visualiser les quotas d'un utilisateur spécifique, | + | Créez le fichier |
| < | < | ||
| - | [root@centos7 ~]# quota fenestros | + | [trainee@centos8 |
| - | Disk quotas for user fenestros (uid 1001): aucun | + | [trainee@centos8 |
| - | [root@centos7 ~]# su - fenestros | + | |
| - | [fenestros@centos7 | + | |
| - | [fenestros@centos7 | + | |
| logout | logout | ||
| - | [root@centos7 | + | Connection closed by foreign host. |
| - | Disk quotas for user fenestros (uid 1001): | + | [root@centos8 |
| - | Système fichiers | + | |
| - | / | + | |
| </ | </ | ||
| - | Les options de la commande | + | Récupérez le fichier |
| < | < | ||
| - | [root@centos7 | + | [root@centos8 |
| - | quota: Usage: quota [-guqvswim] [-l | [-Q | -A]] [-F quotaformat] | + | The authenticity of host ' |
| - | quota [-qvswim] [-l | [-Q | -A]] [-F quotaformat] -u username | + | ECDSA key fingerprint is SHA256:Q7T/ |
| - | quota [-qvswim] [-l | [-Q | -A]] [-F quotaformat] -g groupname | + | Are you sure you want to continue connecting (yes/no/[fingerprint])? yes |
| - | quota [-qvswugQm] [-F quotaformat] -f filesystem ... | + | Warning: Permanently added '127.0.0.1' (ECDSA) to the list of known hosts. |
| + | \S | ||
| + | Kernel \r on an \m | ||
| + | trainee@127.0.0.1's password: trainee | ||
| + | scp-test | ||
| - | -u, --user | + | [root@centos8 ~]# ls -l |
| - | -g, --group | + | total 32 |
| - | -q, --quiet print more terse message | + | -rw-------. 1 root root 1358 Jun 16 06:40 anaconda-ks.cfg |
| - | -v, --verbose | + | drwxr-xr-x. 3 root root 21 Jun 16 06:39 home |
| - | -s, --human-readable | + | -rw-r--r--. 1 root root 1749 Aug 24 11:20 I2TCH.asc |
| - | --always-resolve | + | -rw-r--r--. 1 root root 1853 Jun 16 06:54 initial-setup-ks.cfg |
| - | composed of only digits | + | -rw-r--r--. 1 root root 31 Aug 24 11:22 message.txt |
| - | -w, --no-wrap | + | -rw-r--r--. 1 root root 561 Aug 24 11:32 message.txt.asc |
| - | -p, --raw-grace print grace time in seconds since epoch | + | -rw-r--r--. 1 root root 367 Aug 24 11:30 message.txt.gpg |
| - | -l, --local-only do not query NFS filesystems | + | -rw-r--r--. 1 root root 329 Aug 24 11:23 message.txt.sig |
| - | -Q, --quiet-refuse | + | -rw-r--r--. 1 root root 0 Aug 30 03:55 scp-test |
| - | not respond | + | -rw-r--r--. 1 root root 46 Aug 29 06:22 wget_file.txt |
| - | -i, --no-autofs | + | |
| - | -F, --format=formatname | + | |
| - | -f, --filesystem-list | + | |
| - | -A, --all-nfs | + | |
| - | -m, --no-mixed-pathnames | + | |
| - | --show-mntpoint | + | |
| - | | + | |
| - | -h, --help display this help message and exit | + | |
| - | -V, --version | + | |
| - | + | ||
| - | Rapports de bugs à : jack@suse.cz | + | |
| </ | </ | ||
| - | ====La Commande warnquota==== | + | ====3.6 - Mise en Place des Clefs Asymétriques==== |
| - | La commande **warnquota** vérifie | + | Il convient maintenant de se connecter sur le << |
| - | Sous RHEL/CentOS 7, warnquota | + | < |
| + | [root@centos8 ~]# ssh -l trainee 127.0.0.1 | ||
| + | \S | ||
| + | Kernel \r on an \m | ||
| + | trainee@127.0.0.1' | ||
| + | Activate the web console with: systemctl enable --now cockpit.socket | ||
| + | |||
| + | [trainee@centos8 ~]$ ls -la | grep .ssh | ||
| + | drwx------. | ||
| + | </code> | ||
| + | |||
| + | <WRAP center round important 60%> | ||
| + | **Important** - Si le dossier distant .ssh n'existe | ||
| + | </ | ||
| + | |||
| + | Ensuite, il convient de transférer le fichier local **.ssh/ | ||
| < | < | ||
| - | [root@centos7 | + | [trainee@centos8 |
| - | Modules complémentaires chargés : fastestmirror, | + | logout |
| - | base | 3.6 kB 00: | + | Connection to 127.0.0.1 closed. |
| - | extras | + | |
| - | updates | + | |
| - | Loading mirror speeds from cached hostfile | + | |
| - | * base: centos.quelquesmots.fr | + | |
| - | * extras: miroir.univ-paris13.fr | + | |
| - | * updates: miroir.univ-paris13.fr | + | |
| - | Résolution des dépendances | + | |
| - | --> Lancement de la transaction de test | + | |
| - | ---> Le paquet quota-warnquota.x86_64 | + | |
| - | --> Résolution des dépendances terminée | + | |
| - | Dépendances résolues | + | [root@centos8 ~]# exit |
| + | logout | ||
| - | ======================================================================================================================================================================== | + | [trainee@centos8 ~]$ scp .ssh/ |
| - | Package | + | The authenticity of host ' |
| - | ======================================================================================================================================================================== | + | ECDSA key fingerprint is SHA256:Q7T/ |
| - | Installation | + | Are you sure you want to continue connecting (yes/ |
| - | quota-warnquota | + | Warning: Permanently added '127.0.0.1' (ECDSA) to the list of known hosts. |
| + | \S | ||
| + | Kernel \r on an \m | ||
| + | trainee@127.0.0.1' | ||
| + | id_ecdsa.pub | ||
| + | </ | ||
| - | Résumé de la transaction | + | Connectez-vous via telnet : |
| - | ======================================================================================================================================================================== | + | |
| - | Installation | + | |
| - | Taille totale des téléchargements : 76 k | + | < |
| - | Taille d'installation | + | [trainee@centos8 ~]$ ssh -l trainee localhost |
| - | Is this ok [y/d/N]: y | + | The authenticity of host 'localhost (::1)' can't be established. |
| + | ECDSA key fingerprint is SHA256:Q7T/CP0SLiMbMAIgVzTuEHegYS/spPE5zzQchCHD5Vw. | ||
| + | Are you sure you want to continue connecting (yes/ | ||
| + | Warning: Permanently added ' | ||
| + | \S | ||
| + | Kernel \r on an \m | ||
| + | Activate the web console with: systemctl enable --now cockpit.socket | ||
| + | |||
| + | Last login: Mon Aug 30 03:57:14 2021 from 127.0.0.1 | ||
| + | [trainee@centos8 ~]$ | ||
| </ | </ | ||
| - | Les options de la commande | + | <WRAP center round important 60%> |
| + | **Important** - Lors de la connexion au serveur, l' | ||
| + | </ | ||
| + | |||
| + | Insérez maintenant les clefs publiques restantes dans le fichier .ssh/ | ||
| < | < | ||
| - | [root@centos7 | + | [trainee@centos8 |
| - | warnquota: Usage: | + | [trainee@centos8 .ssh]$ ls |
| - | | + | authorized_keys |
| + | [trainee@centos8 .ssh]$ cat authorized_keys | ||
| + | ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBHDrzSXP+Ecxf/ | ||
| - | -u, --user | + | [trainee@centos8 .ssh]$ cat id_rsa.pub >> authorized_keys |
| - | -g, --group | + | [trainee@centos8 .ssh]$ cat id_dsa.pub >> authorized_keys |
| - | -s, --human-readable | + | [trainee@centos8 .ssh]$ cat id_ed25519.pub >> authorized_keys |
| - | -i, --no-autofs | + | |
| - | -d, --no-details | + | |
| - | -F, --format=formatname | + | |
| - | -c, --config=config-file | + | |
| - | -q, --quota-tab=quotatab-file | + | |
| - | -a, --admins-file=admins-file | + | |
| - | -h, --help | + | |
| - | -v, --version | + | |
| - | Rapports de bugs à jack@suse.cz | + | [trainee@centos8 |
| + | ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBHDrzSXP+Ecxf/ | ||
| + | ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQD3ZSMn/ | ||
| + | ssh-dss AAAAB3NzaC1kc3MAAACBALIdwEEqHrMWSUdzARm9ldsZK9ebbtZShtmwgdjphOk77fxymK0y6wV7QEmLL25LOcLb12uZ1F0LtRt/ | ||
| + | ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOfFQULLU8IZyKiSU63D2Zz6yGLqyHcBHnCRdSR9JSmc trainee@centos8.ittraining.loc | ||
| </ | </ | ||
| ----- | ----- | ||
| - | < | + | Copyright © 2021 Hugh Norris. |
| - | <div align=" | + | |
| - | Copyright © 2020 Hugh Norris. | + | |
| - | </ | + | |
