博客第21周
1、利用SAMBA实现指定目录共享
服务端:
yum -y install samba
useradd -s /sbin/nologin -r smbuser1
smbpasswd -a smbuser1
2、实现不同samba用户访问相同的samba共享,实现不同的配置
groupadd -r smbgroup
useradd -s /sbin/nologin -G smbgroup smbuser1
3、远程主机通过链接openvpn修复内网里 httpd 服务主机,假如现在 httpd 宕机了,我们需要链接进去让 httpd 启动
##安装openvpn包,私钥包###
install_openvpn_server(){
yum -y install openvpn easy-rsa
##openvpn-server端配置###
cp /usr/share/doc/openvpn/sample/sample-config-files/server.conf /etc/openvpn/
cp -r /usr/share/easy-rsa/ /etc/openvpn/easy-rsa-server
cp -r /usr/share/doc/easy-rsa/vars.example /etc/openvpn/easy-rsa-server/3/vars
###安全功能###
openvpn --genkey --secret /etc/openvpn/certs/ta.key
cp /etc/openvpn/easy-rsa-server/3/vars{,.bak}
###定义CA有效期###
cat /etc/openvpn/easy--server/3/vars <<EOF
set_var EASYRSA_CERT_EXPIPE 3650
EOF
cd /etc/openvpn/easy-rsa-server/3/
.easyrsa
.easyrsa init-pki
###建立CA###
.easyrsa build-ca nopass<<EOF
yes
EOF
openssl x509 -in pki/ca.crt -noout -text
###创建服务端证书申请###
./easyrsa gen-req server nopass
./easyrsa sign server server
###密钥交换方法###
./easyrsa gen-dh
./easyrsa init-pki
mkdir /etc/openvpn/certs
find /etc/openvpn/ \( -name "server.key" -o -name "server.crt" -o -name ca.crt -o -name ta.key \) -exec cp {} /etc/openvpn/certs \;
###服务端上客户端文件建立###
cp -r /usr/share/easy-rsa/ /etc/openvpn/easy-rsa-client
cp -r /usr/share/doc/easy-rsa/vars.example /etc/openvpn/easy-rsa-client/3/vars
cat /etc/openvpn/easy--server/3/vars <<EOF
set_var EASYRSA_CERT_EXPIPE 90
EOF
create_cert
cp server.conf{,.bak}
getent passwd openvpn
mkdir /var/log/openvpn
chown openvpn:openvpn /var/log/openvpn/
ll -d /var/log/openvpn
echo net.ipv4.ip_forward =1 >>/etc/sysctl.conf
sysctl -p
echo 'iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -j MASQUERADE' >>/etc/rc.d/rc.local
chmod +x /etc/rc.d/rc.local
/etc/rc.d/rc.local
systemctl daemon-reload
systemctl enable --now openvpn@server
}
create_cert(){
NAME='tyzh'
cd /etc/openvpn/easy-rsa-client/3
./easyrsa init-pki
./easyrsa gen-req ${NAME} nopass <<EOF
EOF
cd /etc/openvpn/easy-rsa-server/easy-rsa/3
./easyrsa import-req /etc/openvpn/easy-rsa-client/3/pki/reqs/${NAME}.req ${NAME}
./easyrsa sign client ${NAME} <<EOF
yes
EOF
mkdir /etc/openvpn/client/${NAME}
cp /etc/openvpn/easy-rsa-server/easy-rsa/3/pki/issued/${NAME}.crt /etc/openvpn/client/${NAME}
cp /etc/openvpn/easy-rsa-client/3/pki/private/${NAME}.key /etc/openvpn/client/${NAME}
cp /etc/openvpn/certs/{ca.crt,dh.pem,ta.key} /etc/openvpn/client/${NAME}
cat >/etc/openvpn/client/${NAME}/client.ovpn<<EOF
client
dev tun
proto tcp
remote 10.0.0.8 1194
resolv-retry infinite
nobind
ca ca.crt
cert ${NAME}.crt
key ${NAME}.key
remote-cert-tls server
#tls-auth ta.key 1
cipher AES-256-CBC
verb 3
compress 1z4-v2
EOF
echo "证书存放路径:/etc/openvpn/client/${NAME},证书文件如下:"
echo -e "\E[1;32m***********************************************\E[0m"
ls -l /etc/openvpn/client/${NAME}
echo -e "\E[1;32m***********************************************\E[0m"
#!/bin/bash
#
#********************************************************************
#Author: tyzh
#QQ: 283399535
#Date: 2020-09-24
#FileName: openvpn-user-crt.sh
#URL: http://www.xxx.com
#Description: The test script
#Copyright (C): 2020 All rights reserved
#********************************************************************
. /etc/init.d/functions
OPENVPN_SERVER=10.0.0.8
PASS=tyzh2020
remove_cert(){
rm -rf /etc/openvpn/client/${NAME}
find /etc/openvpn/ -name "$NAME.*" -delete
}
create_cert(){
cd /etc/openvpn/easy-rsa-client/3
./easyrsa gen-req ${NAME} nopass <<EOF
EOF
cd /etc/openvpn/easy-rsa-server/easy-rsa/3
./easyrsa import-req /etc/openvpn/easy-rsa-client/3/pki/reqs/${NAME}.req ${NAME}
./easyrsa sign client ${NAME} <<EOF
yes
EOF
mkdir /etc/openvpn/client/${NAME}
cp /etc/openvpn/easy-rsa-server/easy-rsa/3/pki/issued/${NAME}.crt /etc/openvpn/client/${NAME}
cp /etc/openvpn/easy-rsa-client/3/pki/private/${NAME}.key /etc/openvpn/client/${NAME}
cp /etc/openvpn/certs/{ca.crt,dh.pem,ta.key} /etc/openvpn/client/${NAME}
cat >/etc/openvpn/client/${NAME}/client.ovpn<<EOF
client
dev tun
proto tcp
remote 10.0.0.8 1194
resolv-retry infinite
nobind
ca ca.crt
cert ${NAME}.crt
key ${NAME}.key
remote-cert-tls server
#tls-auth ta.key 1
cipher AES-256-CBC
verb 3
compress 1z4-v2
EOF
echo "证书存放路径:/etc/openvpn/client/${NAME},证书文件如下:"
echo -e "\E[1;32m***********************************************\E[0m"
ls -l /etc/openvpn/client/${NAME}
echo -e "\E[1;32m***********************************************\E[0m"
cd /etc/openvpn/client/${NAME}
zip -qP "$PASS" /root/${NAME}.zip *
action "证书已经打包:/root/${NAME}.zip"
}
read -p "请输入用户的姓名拼音(如:tyzh) " NAME
remove_cert
create_cert
测试
ssh 192.168.65.189