系统运维-20-2-openssh和openssl
0.关于ssh最佳实践的基本认识
1)禁用默认端口,2)禁用版本 version 1,3)限制可登陆用户,使用白名单,4)限制空闲会话时长,5)防火墙设置ssh访问规则,6)限定监听的地址,7)使用强密码,8)基于秘钥认证,9)禁止空密码,10)禁止root登陆,11)限制频度和并发数,12)做好日志分析
1.关于白名单的使用。
在配置文件中增加AllowUsers,重新载入服务,创建白名单外的新用户进行测试,发现登陆时会被服务器拒绝。
[root@lab1 ~]# vim /etc/ssh/sshd_config
[root@lab1 ~]# grep AllowUsers /etc/ssh/sshd_config
AllowUsers root user001
[root@lab1 ~]# systemctl reload sshd.service
[root@lab1 ~]# useradd user002
[root@lab1 ~]# passwd user002
Changing password for user user002.
New password:
BAD PASSWORD: The password is a palindrome
Retype new password:
passwd: all authentication tokens updated successfully.
这里还可以利用系统自动生成随机密码,具体方法如下:
[root@lab1 ~]# tr -dc A-Za-z0-9_ < /dev/urandom | head -c 30 | xargs
24WOWQoMVvdC_4zyULC7sQS_Y5kjmX
2.关于dropbear。
先安装开发工具和开发服务平台,下载dropbear代码包,解压缩后,阅读INSTALL文件。进入解压缩后的目录,使用 ./configure对环境进行解析和配置,使用make进行编译(这有PROGRAMS=参数),使用make install进行安装(这有PROGRAMS=参数)。注意:这里会提示没有发现zlib库(可能跟不同的版本有关系),上网下载zlib代码包,同样的解压缩后,在解压缩目录,使用 ./configure对环境进行解析和配置,使用make进行编译,使用make install进行安装。
安装完成后,会在/usr/local/sbin和/usr/local/bin目录下生成命令,创建/etc/dropbear目录,并尝试生成一个2048位的rsa密钥,也可以生成一个dss秘钥(不用指定位数),指定端口2202,尝试通过该端口登陆。也可以使用dbclient工具登陆其他服务器。
[root@lab1 ~]# yum groupinstall "Development Tools" "Server Platform Development" -y
[root@lab1 ~]# wget https://matt.ucc.asn.au/dropbear/releases/dropbear-2016.74.tar.bz2
[root@lab1 ~]# tar -xf dropbear-2016.74.tar.bz2
[root@lab1 ~]# cd dropbear-2016.74
[root@lab1 dropbear-2016.74]# less INSTALL
Basic Dropbear build instructions:
- Edit options.h to set which features you want.
- Edit debug.h if you want any debug options (not usually required).
(If using a non-tarball copy, "autoconf; autoheader")
./configure (optionally with --disable-zlib or --disable-syslog,
or --help for other options)
Now compile:
make PROGRAMS="dropbear dbclient dropbearkey dropbearconvert scp"
And install (/usr/local/bin is usual default):
make PROGRAMS="dropbear dbclient dropbearkey dropbearconvert scp" install
(you can leave items out of the PROGRAMS list to avoid compiling them. If you
recompile after changing the PROGRAMS list, you *MUST* "make clean" before
recompiling - bad things will happen otherwise)
See MULTI for instructions on making all-in-one binaries.
If you want to compile statically, add "STATIC=1" to the make command-line.
Binaries can be stripped with "make strip"
============================================================================
If you're compiling for a 386-class CPU, you will probably need to add
CFLAGS=-DLTC_NO_BSWAP so that libtomcrypt doesn't use 486+ instructions.
============================================================================
INSTALL
[root@lab1 dropbear-2016.74]# ./configure
[root@lab1 ~]# wget http://www.zlib.net/zlib-1.2.8.tar.gz
[root@lab1 ~]# tar xzvf zlib-1.2.11.tar.gz
[root@lab1 ~]# cd zlib-1.2.11
[root@lab1 zlib-1.2.11]# ./configure
[root@lab1 zlib-1.2.11]# make
[root@lab1 zlib-1.2.11]# make install
[root@lab1 dropbear-2016.74]# make PROGRAMS="dropbear dbclient dropbearkey dropbearconvert scp"
[root@lab1 dropbear-2016.74]# make PROGRAMS="dropbear dbclient dropbearkey dropbearconvert scp" install
[root@lab1 ~]# ll /usr/local/sbin
total 224
-rwxr-xr-x. 1 root root 225624 Apr 30 23:48 dropbear
[root@lab1 ~]# ll /usr/local/bin
total 512
-rwxr-xr-x. 1 root root 220312 Apr 30 23:48 dbclient
-rwxr-xr-x. 1 root root 138360 Apr 30 23:48 dropbearconvert
-rwxr-xr-x. 1 root root 129504 Apr 30 23:48 dropbearkey
-rwxr-xr-x. 1 root root 29712 Apr 30 23:48 scp
[root@lab1 ~]# mkdir /etc/dropbear
[root@lab1 ~]# dropbearkey -t rsa -f /etc/dropbear/dropbear_rsa_host_key -s 2048
Generating key, this may take a while...
Public key portion is:
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCXh92dmX1yA2uFsweygq9WMSmRz+bD9vQ8ZnNsPzI0IrnyMZWgS5kydx5zKMn3hwCCqudUp+g8zLViQrN+oor/nA654o025gSZO3s0tbTW3nF34pJEGxw2YopuWGmjDRMC9r7xVE+lPVj1BBDGMIob+AYSamUOLoFk4VSHMyW4v2jQlEc5R1A6cv5lg4LAg9r/uzC/CHn0UgwOgqUu5gqMuMrwXZ8zzaqo1aCi9Qsgqdl5VwHTG2fo1yMITIGI4WuzQYM8AcRUNiRKRFLo9aNT0ZCGeJb8zWtP1j48mAVmvqQT4CRXYTVVmNUvqjfcgzsez1S2NphQaaFCwtFUAmSV root@lab1.example.com
Fingerprint: md5 bd:ba:b6:6c:93:7d:10:4c:ca:8a:91:9e:f3:57:84:bd
[root@lab1 ~]# ll /etc/dropbear
total 4
-rw-------. 1 root root 805 May 1 01:10 dropbear_rsa_host_key
[root@lab1 ~]# dropbearkey -t dss -f /etc/dropbear/dropbear_dss_host_key
Generating key, this may take a while...
Public key portion is:
ssh-dss AAAAB3NzaC1kc3MAAACBAPFTsKt77IkJhaD0T756AZaBk2K4F35KVHEnv9lH/8HfPR2OODaXLWieIhGKldNxlSk2Iz34l5OefhQD/EzqMV8CbeSrd8YZ6paTvAA9H1jQu8L6vdCp2hwQS4TuBHYAYcZwqoSRcd7zXqrz5AjtEkLT7FMAkBqUqTmWXO4f+g+ZAAAAFQDR1zWWGcmoFKZ4WBudJ22hk3fR2wAAAIADQEc29ttNPTsfoZEa9ZdmCFc3Krx33bFs7hghd0RDfKhOC8DX04hZZQIWVvRjJGfm0qeVz/J6wcegPbh8yUkbvfJfRjSdeC/DrIfLUBCpLquzcFfBlacHhVQni7YrxdNCK9OU4knWCDqUjSVNbLCVq9EOkvDv4c60n7Z9pbqsuQAAAIEA10S2zvyoyzYRm4S+DrjzcQZSGvo+oGrxIbwxISZp0uVDu5sQ4q2CZArGYq+CUq52jqS7IC2kIRawDr1wIVWGKytHsMklQPSgxvpM/mhsY+LVXHuo8EcHqOieWsWYIQAhMDqydxe86k41BYggq4hRZDnFz8bs7ZgAVnjeUBVQ3t0= root@lab1.example.com
Fingerprint: md5 13:d1:bf:1b:ad:4a:5d:6f:06:fe:16:c4:03:14:a4:e4
[root@lab1 ~]# ll /etc/dropbear
total 8
-rw-------. 1 root root 458 May 1 01:12 dropbear_dss_host_key
-rw-------. 1 root root 805 May 1 01:10 dropbear_rsa_host_key
[root@lab1 ~]# dropbear -p :2202
[root@lab1 ~]# ss -tnl | grep 2202
LISTEN 0 128 *:2202 *:*
LISTEN 0 128 :::2202 :::*
[root@lab2 ~]# ssh root@172.20.0.131 -p 2202
root@172.20.0.131's password:
[root@lab1 ~]# dbclient root@172.20.0.128
Host '172.20.0.128' is not in the trusted hosts file.
(ecdsa-sha2-nistp256 fingerprint md5 18:4d:e5:3e:76:44:e7:99:c0:e5:bd:48:1b:34:99:da)
Do you want to continue connecting? (y/n) y
root@172.20.0.128's password:
Last login: Wed May 1 01:18:17 2019 from 172.20.0.1
3.关于OpenSSL
首先,要了解其三个组件:1)openssl多:用途的命令行工具;2)libcrypto:加密解密库;3)libssl:ssl协议的实现
[root@lab1 ~]# ll /etc/pki/tls/openssl.cnf
-rw-r--r--. 1 root root 10923 May 17 2017 /etc/pki/tls/openssl.cnf
查看/etc/pki/tls/openssl.cnf配置文件,可以看到已经生效的功能。
[root@lab1 ~]# grep -v ^# /etc/pki/tls/openssl.cnf | grep -v ^$
HOME = .
RANDFILE = $ENV::HOME/.rnd
oid_section = new_oids
[ new_oids ]
tsa_policy1 = 1.2.3.4.1
tsa_policy2 = 1.2.3.4.5.6
tsa_policy3 = 1.2.3.4.5.7
[ ca ]
default_ca = CA_default # The default ca section
[ CA_default ]
dir = /etc/pki/CA # Where everything is kept
certs = $dir/certs # Where the issued certs are kept
crl_dir = $dir/crl # Where the issued crl are kept
database = $dir/index.txt # database index file.
# several ctificates with same subject.
new_certs_dir = $dir/newcerts # default place for new certs.
certificate = $dir/cacert.pem # The CA certificate
serial = $dir/serial # The current serial number
crlnumber = $dir/crlnumber # the current crl number
# must be commented out to leave a V1 CRL
crl = $dir/crl.pem # The current CRL
private_key = $dir/private/cakey.pem# The private key
RANDFILE = $dir/private/.rand # private random number file
x509_extensions = usr_cert # The extentions to add to the cert
name_opt = ca_default # Subject Name options
cert_opt = ca_default # Certificate field options
default_days = 365 # how long to certify for
default_crl_days= 30 # how long before next CRL
default_md = sha256 # use SHA-256 by default
preserve = no # keep passed DN ordering
policy = policy_match
[ policy_match ]
countryName = match
stateOrProvinceName = match
organizationName = match
organizationalUnitName = optional
commonName = supplied
emailAddress = optional
[ policy_anything ]
countryName = optional
stateOrProvinceName = optional
localityName = optional
organizationName = optional
organizationalUnitName = optional
commonName = supplied
emailAddress = optional
[ req ]
default_bits = 2048
default_md = sha256
default_keyfile = privkey.pem
distinguished_name = req_distinguished_name
attributes = req_attributes
x509_extensions = v3_ca # The extentions to add to the self signed cert
string_mask = utf8only
[ req_distinguished_name ]
countryName = Country Name (2 letter code)
countryName_default = XX
countryName_min = 2
countryName_max = 2
stateOrProvinceName = State or Province Name (full name)
localityName = Locality Name (eg, city)
localityName_default = Default City
0.organizationName = Organization Name (eg, company)
0.organizationName_default = Default Company Ltd
organizationalUnitName = Organizational Unit Name (eg, section)
commonName = Common Name (eg, your name or your server\'s hostname)
commonName_max = 64
emailAddress = Email Address
emailAddress_max = 64
[ req_attributes ]
challengePassword = A challenge password
challengePassword_min = 4
challengePassword_max = 20
unstructuredName = An optional company name
[ usr_cert ]
basicConstraints=CA:FALSE
nsComment = "OpenSSL Generated Certificate"
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid,issuer
[ v3_req ]
basicConstraints = CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
[ v3_ca ]
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid:always,issuer
basicConstraints = CA:true
[ crl_ext ]
authorityKeyIdentifier=keyid:always
[ proxy_cert_ext ]
basicConstraints=CA:FALSE
nsComment = "OpenSSL Generated Certificate"
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid,issuer
proxyCertInfo=critical,language:id-ppl-anyLanguage,pathlen:3,policy:foo
[ tsa ]
default_tsa = tsa_config1 # the default TSA section
[ tsa_config1 ]
dir = ./demoCA # TSA root directory
serial = $dir/tsaserial # The current serial number (mandatory)
crypto_device = builtin # OpenSSL engine to use for signing
signer_cert = $dir/tsacert.pem # The TSA signing certificate
# (optional)
certs = $dir/cacert.pem # Certificate chain to include in reply
# (optional)
signer_key = $dir/private/tsakey.pem # The TSA private key (optional)
default_policy = tsa_policy1 # Policy if request did not specify it
# (optional)
other_policies = tsa_policy2, tsa_policy3 # acceptable policies (optional)
digests = sha1, sha256, sha384, sha512 # Acceptable message digests (mandatory)
accuracy = secs:1, millisecs:500, microsecs:100 # (optional)
clock_precision_digits = 0 # number of digits after dot. (optional)
ordering = yes # Is ordering defined for timestamps?
# (optional, default: no)
tsa_name = yes # Must the TSA name be included in the reply?
# (optional, default: no)
ess_cert_id_chain = no # Must the ESS cert id chain be included?
# (optional, default: no)
4.创建CA的第一步:创建所需要的文件
创建索引文件 index.txt,创建序列文件 serial并写入序列号。
[root@lab1 ~]# cd /etc/pki/CA
[root@lab1 CA]# touch index.txt
[root@lab1 CA]# ll
total 0
drwxr-xr-x. 2 root root 6 Aug 4 2017 certs
drwxr-xr-x. 2 root root 6 Aug 4 2017 crl
-rw-r--r--. 1 root root 0 May 1 02:52 index.txt
drwxr-xr-x. 2 root root 6 Aug 4 2017 newcerts
drwx------. 2 root root 6 Aug 4 2017 private
[root@lab1 CA]# echo 01 > serial
[root@lab1 CA]# ll
total 4
drwxr-xr-x. 2 root root 6 Aug 4 2017 certs
drwxr-xr-x. 2 root root 6 Aug 4 2017 crl
-rw-r--r--. 1 root root 0 May 1 02:52 index.txt
drwxr-xr-x. 2 root root 6 Aug 4 2017 newcerts
drwx------. 2 root root 6 Aug 4 2017 private
-rw-r--r--. 1 root root 3 May 1 02:53 serial
5.创建CA的第二步:CA自签证书
创建一个2048位的rsa公钥。通过req完成一个认证请求。
[root@lab1 CA]# (umask 077; openssl genrsa -out private/cakey.pem 2048)
Generating RSA private key, 2048 bit long modulus
...............................................+++
........................................................+++
e is 65537 (0x10001)
-----BEGIN RSA PRIVATE KEY-----
MIIEowIBAAKCAQEAo/iLJlnBQQ+PQPgtYEt5evDRK9pMx+nSOritebyDNGza/1y2
e3vA89+pXuXJoeke23/zYjlSTQQySaGd4XToxeBh6XWy1wfjG5HGFyRamFT4hs8D
ERTX3dVoz3DKuzW+Zg//ZL/E9E/3yohXCjEsFGAlWGFGmq+vLSpuVYQ76DZgo/JO
E5Nv1L3T3El9Fc8JJbRqsyancDSjs6xZj73QDgpSsUXqaes356S0Q1z3+otvARpg
mvtmk7Isrel9ChvFtS4skn7HYf/rb0Un7HhcCTNbzILRX6LdDBQIVuTV+f5N9u+W
/Z/Sh+qgEGYzpRWGmuzRFWe43+uFFrfFLxG4WwIDAQABAoIBAHsorxPCLMa6ciYh
gqumZPtzsBjZIfyyYqaamioq7v3MmX1e3O3JGTfUEfpmbFmBqRzDcUKgvXF9qmvl
yZlTX5dpHwHk1sxubyYBCyHMu4NZp0ZSbQJCfpVvuwa8uHl/N6CfeXvqEnxTKFJm
r8HHB03SnZpRjl+Xf+NT0IXJCdoy8b4CNCyRpA3KWldeB1+c9hwZWy16no8ZDohp
u/lh0I8So8IytUpmRFzM1RABxLrBIyi7Q+mK7nQkRrB147Tkoq4pV7QGmrAfPYop
v+2egArii8Xtv/gnnZaoA4QlwUNMxu7opj5MCX9bhDFnJDfe3pUII38JVcWs7RhO
JU+dq/kCgYEA1ZR3IJjUnHSqkEhEC/EVz2hBd/ge6freMKjsi8NYobLS4ytZh+jC
sR2TzUrN8UyTOvVue8jNshw5mKJmnKQ3Wpq4UWVQnWnvUXM4Pp+LvlyUFKXTyWld
EvdimaQdUmdAwLXxVedpPLlUL1MiEPayQbTggJLpBhhfMdhE3O5iX2UCgYEAxImw
yNqj8hknBTlvY9+UZsbpZVOt+N8gEuAFBvaBc6+sZJz0VtQe6Bj6o55hiajOWBN7
BoryVGE9ZBtsDi9wqllZ6fsPegSpPbvrky/XGk4OcqwrlL40/iSJRbzOAeP5R5E9
oh65pECRwHRmD57zsA1wYG2K47uWm6PyqYYvnL8CgYBGU9jWNvzrd88iK2mctQoF
fcLxChbD3QOE6lrZur1YoVWn0AJvKknRoHemxdcCecCRTXfP8tMorvqYNAGt2rUP
dJr00nO1IcjX/SSsGkUdrcZk9iXC0JsBP8yL4up00+MSkdah/s08XZpG6wzwoQsZ
b8HtFHL+us+9zgT+6tAhsQKBgF7Bd89Owo5dnBeDunWvfNAUhMCKmK0Nflw7T5Es
1frdrsMPfSpDuObz7Btop+QD1ABY3A6qfO07uKqEIhOwwaQP0i7iEXMlvib6bDiZ
bx7KlWKqKZTcI5aILPrHbZcxv6TGnK2GHMDZNKxSMkbDvv+Zax3Ckpz7e0Bsyfj7
rgbnAoGBAKPJ43ldHPyNvmZANeYWr2/sZ0nZGlcU/EZQymrTuXPvSvZ/cLss/6ba
BKEr45FO9ktIqPwsaCF8R2HW6mwweZHrkeR95EGNxpNZYxdrsWfZWxtd7ubXN0Aq
yGVPno10jnwCdLelBhoTPdBaBuGT7o9QeKBdiRyZHTs2FyYu8t4/
-----END RSA PRIVATE KEY-----
[root@lab1 CA]# ll private/
total 4
-rw-------. 1 root root 1675 May 1 02:56 cakey.pem
[root@lab1 CA]# openssl req -new -x509 -key private/cakey.pem -days 7300 -out cacert.pem
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:Beijing
Locality Name (eg, city) [Default City]:Beijing
Organization Name (eg, company) [Default Company Ltd]:IBM
Organizational Unit Name (eg, section) []:example
Common Name (eg, your name or your server's hostname) []:ca.example.com
Email Address []:caadmin@example.com
6.创建CA的第三步:发放证书
以httpd为测试。在lab2(客户端),创建ssl目录,生成2048位的私钥,以私钥为基础生成证书请求csr,以scp模拟提交证书请求,在lab1(服务端),进行认证,生成认证证书crt,以scp模拟将认证证书发还给客户端。
[root@lab2 ~]# rpm -q httpd
httpd-2.4.6-88.el7.centos.x86_64
[root@lab2 ~]# cd /etc/httpd
[root@lab2 httpd]# mkdir ssl
[root@lab2 httpd]# cd ssl
[root@lab2 ssl]# (umask 077; openssl genrsa -out httpd.key 2048)
Generating RSA private key, 2048 bit long modulus
......................+++
................................+++
e is 65537 (0x10001)
[root@lab2 ssl]# ll
total 4
-rw-------. 1 root root 1679 May 2 10:47 httpd.key
[root@lab2 ssl]# openssl req -new -key httpd.key -days 365 -out httpd.csr
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:Beijing
Locality Name (eg, city) [Default City]:Beijing
Organization Name (eg, company) [Default Company Ltd]:IBM
Organizational Unit Name (eg, section) []:example
Common Name (eg, your name or your server's hostname) []:www.example.com
Email Address []:webadmin@example.com
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
[root@lab2 ssl]# ll
total 8
-rw-r--r--. 1 root root 1062 May 2 10:54 httpd.csr
-rw-------. 1 root root 1679 May 2 10:47 httpd.key
[root@lab2 ssl]# scp httpd.csr root@172.20.0.131:/tmp/
root@172.20.0.131's password:
httpd.csr 100% 1070 1.1MB/s 00:00
[root@lab1 ssl]# openssl ca -in /etc/httpd/ssl/httpd.csr -out /etc/httpd/ssl/httpd.crt -days 365
Using configuration from /etc/pki/tls/openssl.cnf
Check that the request matches the signature
Signature ok
The organizationName field needed to be the same in the
CA certificate (IB) and the request (IBM)
[root@lab1 ssl]# ll /tmp
total 4
-rw-r--r--. 1 root root 0 May 2 11:06 httpd.crt
-rw-r--r--. 1 root root 1070 May 2 11:05 httpd.csr
[root@lab1 CA]# /usr/bin/scp /tmp/httpd.crt root@172.20.0.128:/etc/httpd/ssl/
httpd.crt 100% 0 0.0KB/s 00:00
[root@lab2 ssl]# ll
total 8
-rw-r--r--. 1 root root 0 May 2 11:14 httpd.crt
-rw-r--r--. 1 root root 1070 May 2 11:05 httpd.csr
-rw-------. 1 root root 1675 May 2 11:04 httpd.key
系统运维-20-2-openssh和openssl相关推荐
- Linux 系统运维学习方法汇总
大纲 一.前言 二.Linux 运维大环境说明 三.Linux 运维学习思路 四.Linux 运维大方向说明 五.Linux 运维学习必看书籍推荐 六.Linux 运维实践内容简介 注,本博文主要用于 ...
- cenotos 卸载mysql_CentOS 6.2编译安装Nginx1.0.12+MySQL5.5.21+PHP5.3.10 | 系统运维
说明: 操作系统:CentOS 6.2 32位 系统安装教程:CentOS 6.2安装(超级详细图解教程)准备篇: 一.配置好IP.DNS .网关,确保使用远程连接工具能够连接服务器 CentOS 设 ...
- linux php mysql 中文_Linux下PHP+MySQL+CoreSeek中文检索引擎配置 | 系统运维
说明: 操作系统:CentOS 5.X 服务器IP地址:192.168.21.127 Web环境:Nginx+PHP+MySQL 站点根目录:/usr/local/nginx/html 目的:安装co ...
- memcached linux 配置文件,Linux下Memcached服务器部署 | 系统运维
操作系统:CentOS 6.x 64位 实现目的:安装部署Memcached服务器 一.防火墙设置 vi /etc/sysconfig/iptables #编辑防火墙配置文件,添加下面代码 -A IN ...
- Linux系统运维与架构设计之Linux概述
Linux系统运维与架构设计之Linux概述 Linux系统运维与架构设计 1.1 浅谈计算机系统 1.1.1 计算机硬件系统 现代计算机是基于冯·诺依曼体系结构,由运算器.控制器.存储器.输入设备. ...
- linux系统运维面试2000多题
技术问题 1. IDC机房的域名怎么维护的 2. 怎么根据nagios报警做出调整的 3. nagios的状态还有怎么添加监控服务 4. 怎么监控CPU的状态 5. 从时候接linux的?都用过哪些系 ...
- linux设置sfq队列参数,Linux系统运维之Linux高级流量控制工具TC使用方法
Linux系统运维之Linux高级流量控制工具TC使用方法 本文标签: 运维 流量劫持 Linux系统运维之Linux高级流量控制工具TC使用方法, 在做MHA测试的时候,有一个重要的环节就是测试MH ...
- RedHat / Centos Linux 系统运维与管理实践技巧荟萃,持续更新
RedHat / Centos Linux 系统运维与管理实践技巧荟萃 磁盘分区相关 Linux fdisk 磁盘分区工具以及安装 GRUB 实战: 准备工作,前置知识 演示环境基于 cen ...
- 系统运维架构 DevOps
一套大而全的系统架构体系与具体落地方案 写在最前面 上次参加DBAplus举办的敏捷运维峰会时,一个兄弟的提问一直萦绕耳边,由于时间有限没有进行深入的交流,甚是遗憾.那个问题是:你们公司的IT系统架构 ...
- 职业生涯规划(系统运维工程师)
自2010年6月至今, 在一家私企担任系统运维工程师一职位已2年,工作蛮轻松,但薪水不高. 最近内心深处总有些迷茫的感觉. 今年已经25岁,五年之内,如何才能有更好的发展,如何赚大钱?今后的发展方向在 ...
最新文章
- 帝国cms后台使用savesufer.js生成大音频audio彩色频谱数据
- Android Studio 1.01 + BlueStacks 开发调
- Latex与VSCode环境搭建问题解决
- [单选题]$array = array('a','b','c','d'); $array_now = array_splice($array,2); print_r($array_now);...
- DZY Loves Math IV(杜教筛)
- 网页中、英文安全字体选择及设置
- php基础知识 书写格式
- 智能玩具 数据采集 首页展示 注册 登录 自动登录 二维码图片
- 单片机流水灯C语言实验报告,单片机LED灯实验报告.doc
- 免费的WinCC语音报警控件
- 广州图书馆跳转中国知网教程
- 解决 win10 鼠标右键一直转圈问题
- ubuntu查看实时网速
- 苹果支付验单java
- 学大伟业:2019年物理竞赛学习方法
- 什么是搜索引擎蜘蛛机器人?是如何工作的
- Qt 串口通信软件开发教程
- 【office】Visio 2010 画大括号 + 调整大括号尖角居中(对称)
- 《狂人日记》 解读|读后感
- 基于浮云E绘图源码定制开发网络状态图(拓扑图),关联业务对象,并动态更新