Handel Working&Class Note: Linux class 0726 https 網址加密及驗證

[mary@server0 ~]$ ll -a

total 24

drwx------. 5 mary mary 4096 Jul 12 21:00 .

drwxr-xr-x. 5 root root 43 Jul 12 19:47 ..

-rw-------. 1 mary mary 174 Jul 12 21:00 .bash_history

-rw-r--r--. 1 mary mary 18 Jan 29 2014 .bash_logout

-rw-r--r--. 1 mary mary 193 Jan 29 2014 .bash_profile

-rw-r--r--. 1 mary mary 231 Jan 29 2014 .bashrc

drwxrwxr-x. 3 mary mary 17 Jul 12 20:01 .cache

drwxr-xr-x. 3 mary mary 67 Jul 12 20:01 .config

drwxr-xr-x. 4 mary mary 37 Jan 7 2015 .mozilla

-rw-rw-r--. 1 mary mary 1395 Jul 12 20:10 secret

[mary@server0 ~]$ gpg --gen-key

This is free software: you are free to change and redistribute it.

There is NO WARRANTY, to the extent permitted by law.

gpg: directory `/home/mary/.gnupg' created

gpg: new configuration file `/home/mary/.gnupg/gpg.conf' created

gpg: WARNING: options in `/home/mary/.gnupg/gpg.conf' are not yet active during this run

gpg: keyring `/home/mary/.gnupg/secring.gpg' created

gpg: keyring `/home/mary/.gnupg/pubring.gpg' created

Please select what kind of key you want:

(1) RSA and RSA (default)

(2) DSA and Elgamal

(3) DSA (sign only)

(4) RSA (sign only)

Your selection? 1

RSA keys may be between 1024 and 4096 bits long.

What keysize do you want? (2048) 4096

Requested keysize is 4096 bits

Please specify how long the key should be valid.

0 = key does not expire

<n> = key expires in n days

<n>w = key expires in n weeks

<n>m = key expires in n months

<n>y = key expires in n years

Key is valid for? (0) 2w

Key expires at Wed 26 Jul 2017 09:32:04 PM CST

Is this correct? (y/N) y

GnuPG needs to construct a user ID to identify your key.

Real name: Mary Chen

Email address: mary@server0.example.com

Comment: Mary the Queen

You selected this USER-ID:

"Mary Chen (Mary the Queen) <mary@server0.example.com>"

Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? O

You need a Passphrase to protect your secret key.

****open a dialog window

gpg: cancelled by user

gpg: Key generation canceled.

[root@server0 tls]# genkey server0.example.com

/usr/bin/keyutil -c makecert -g 4096 -s "CN=server0.example.com, O=My Company Ltd, L=Newbury, ST=Berkshire, C=GB" -v 1 -a -z /etc/pki/tls/.rand.4969 -o /etc/pki/tls/certs/server0.example.com.crt -k /etc/pki/tls/private/server0.example.com.key

cmdstr: makecert

cmd_CreateNewCert

command: makecert

keysize = 4096 bits

subject = CN=server0.example.com, O=My Company Ltd, L=Newbury, ST=Berkshire, C=GB

valid for 1 months

random seed from /etc/pki/tls/.rand.4969

output will be written to /etc/pki/tls/certs/server0.example.com.crt

output key written to /etc/pki/tls/private/server0.example.com.key

Generating key. This may take a few moments...

Made a key

Opened tmprequest for writing

/usr/bin/keyutil Copying the cert pointer

Created a certificate

Wrote 3266 bytes of encoded data to /etc/pki/tls/private/server0.example.com.key

Wrote the key to:

/etc/pki/tls/private/server0.example.com.key

[root@server0 tls]# ll certs

總計 16

lrwxrwxrwx. 1 root root 49 5月 7 2014 ca-bundle.crt -> /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem

lrwxrwxrwx. 1 root root 55 5月 7 2014 ca-bundle.trust.crt -> /etc/pki/ca-trust/extracted/openssl/ca-bundle.trust.crt

-rwxr-xr-x. 1 root root 610 4月 8 2014 make-dummy-cert

-rw-r--r--. 1 root root 2388 4月 8 2014 Makefile

-rwxr-xr-x. 1 root root 829 4月 8 2014 renew-dummy-cert

-rw-r-----. 1 root root 1931 7月 26 20:17 server0.example.com.crt

[root@server0 tls]# ll private/

總計 4

-r--------. 1 root root 3321 7月 26 20:17 server0.example.com.key

[root@server0 tls]# cd /etc/httpd/conf.d

[root@server0 conf.d]# ll

總計 52

-rw-r--r--. 1 root root 188 7月 21 21:03 00-server.conf

-rw-r--r--. 1 root root 180 7月 21 21:09 01-www.conf

-rw-r--r--. 1 root root 2926 11月 15 2016 autoindex.conf

-rw-r--r--. 1 root root 986 5月 19 06:43 owncloud-access.conf.avail

-rw-r--r--. 1 root root 278 5月 19 06:43 owncloud-auth-any.inc

-rw-r--r--. 1 root root 313 5月 19 06:43 owncloud-auth-local.inc

-rw-r--r--. 1 root root 263 5月 19 06:43 owncloud-auth-none.inc

-rw-r--r--. 1 root root 1891 7月 21 21:53 owncloud.conf

-rw-r--r--. 1 root root 2400 5月 19 06:43 owncloud-defaults.inc

-rw-r--r--. 1 root root 691 11月 6 2016 php.conf

-rw-r--r--. 1 root root 366 11月 15 2016 README

-rw-r--r--. 1 root root 1252 11月 15 2016 userdir.conf

-rw-r--r--. 1 root root 824 11月 15 2016 welcome.conf

[root@server0 conf.d]# yum install mod_ssl

Loaded plugins: langpacks

mirror01.idc.hinet.net_CentOS_7.3.1611_os_x86_64_ | 3.6 kB 00:00:00

Resolving Dependencies

--> Running transaction check

---> Package mod_ssl.x86_64 1:2.4.6-45.el7.centos will be installed

--> Processing Dependency: openssl-libs >= 1:1.0.1e-37 for package: 1:mod_ssl-2.4.6-45.el7.centos.x86_64

--> Running transaction check

---> Package openssl-libs.x86_64 1:1.0.1e-34.el7 will be updated

--> Processing Dependency: openssl-libs(x86-64) = 1:1.0.1e-34.el7 for package: 1:openssl-1.0.1e-34.el7.x86_64

---> Package openssl-libs.x86_64 1:1.0.1e-60.el7 will be an update

--> Running transaction check

---> Package openssl.x86_64 1:1.0.1e-34.el7 will be updated

---> Package openssl.x86_64 1:1.0.1e-60.el7 will be an update

--> Finished Dependency Resolution

Dependencies Resolved

===================================================================================================

Package Arch Version Repository Size

===================================================================================================

Installing:

mod_ssl x86_64 1:2.4.6-45.el7.centos mirror01.idc.hinet.net_CentOS_7.3.1611_os_x86_64_ 105 k

Updating for dependencies:

openssl x86_64 1:1.0.1e-60.el7 mirror01.idc.hinet.net_CentOS_7.3.1611_os_x86_64_ 713 k

openssl-libs x86_64 1:1.0.1e-60.el7 mirror01.idc.hinet.net_CentOS_7.3.1611_os_x86_64_ 958 k

Transaction Summary

===================================================================================================

Install 1 Package

Upgrade ( 2 Dependent packages)

Total size: 1.7 M

Total download size: 105 k

Is this ok [y/d/N]: y

Downloading packages:

mod_ssl-2.4.6-45.el7.centos.x86_64.rpm | 105 kB 00:00:00

Running transaction check

Running transaction test

Transaction test succeeded

Running transaction

Updating : 1:openssl-libs-1.0.1e-60.el7.x86_64 1/5

Updating : 1:openssl-1.0.1e-60.el7.x86_64 2/5

Installing : 1:mod_ssl-2.4.6-45.el7.centos.x86_64 3/5

Cleanup : 1:openssl-1.0.1e-34.el7.x86_64 4/5

Cleanup : 1:openssl-libs-1.0.1e-34.el7.x86_64 5/5

Verifying : 1:openssl-libs-1.0.1e-60.el7.x86_64 1/5

Verifying : 1:mod_ssl-2.4.6-45.el7.centos.x86_64 2/5

Verifying : 1:openssl-1.0.1e-60.el7.x86_64 3/5

Verifying : 1:openssl-libs-1.0.1e-34.el7.x86_64 4/5

Verifying : 1:openssl-1.0.1e-34.el7.x86_64 5/5

Installed:

mod_ssl.x86_64 1:2.4.6-45.el7.centos

Dependency Updated:

openssl.x86_64 1:1.0.1e-60.el7 openssl-libs.x86_64 1:1.0.1e-60.el7

Complete!

[root@server0 conf.d]# ll

總計 64

-rw-r--r--. 1 root root 188 7月 21 21:03 00-server.conf

-rw-r--r--. 1 root root 180 7月 21 21:09 01-www.conf

-rw-r--r--. 1 root root 2926 11月 15 2016 autoindex.conf

-rw-r--r--. 1 root root 986 5月 19 06:43 owncloud-access.conf.avail

-rw-r--r--. 1 root root 278 5月 19 06:43 owncloud-auth-any.inc

-rw-r--r--. 1 root root 313 5月 19 06:43 owncloud-auth-local.inc

-rw-r--r--. 1 root root 263 5月 19 06:43 owncloud-auth-none.inc

-rw-r--r--. 1 root root 1891 7月 21 21:53 owncloud.conf

-rw-r--r--. 1 root root 2400 5月 19 06:43 owncloud-defaults.inc

-rw-r--r--. 1 root root 691 11月 6 2016 php.conf

-rw-r--r--. 1 root root 366 11月 15 2016 README

-rw-r--r--. 1 root root 9438 11月 15 2016 ssl.conf

-rw-r--r--. 1 root root 1252 11月 15 2016 userdir.conf

-rw-r--r--. 1 root root 824 11月 15 2016 welcome.conf

[root@server0 conf.d]# cat 00-server.conf

ServerName server0.example.com

ServerAdmin root@local

DocumentRoot /var/www/html

ErrorLog logs/ssl_error_log

TransferLog logs/ssl_access_log

LogLevel warn

SSLEngine on

SSLProtocol all -SSLv2

SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5:!SEED:!IDEA

SSLCertificateFile /etc/pki/tls/certs/server0.example.com.crt

SSLCertificateKeyFile /etc/pki/tls/private/server0.example.com.key

</VirtualHost>

Require all granted

</Directory>

+++++++++++++++++++++++++++++++++++++++++++++++https on 9999/tcp

[root@server0 conf.d]# semanage port -l

SELinux 連接埠類型 Proto 埠號

afs3_callback_port_t tcp 7001

afs3_callback_port_t udp 7001

afs_bos_port_t udp 7007

afs_fs_port_t tcp 2040

afs_fs_port_t udp 7000, 7005

afs_ka_port_t udp 7004

afs_pt_port_t udp 7002

afs_vl_port_t udp 7003

agentx_port_t tcp 705

agentx_port_t udp 705

amanda_port_t tcp 10080-10083

amanda_port_t udp 10080-10082

amavisd_recv_port_t tcp 10024

amavisd_send_port_t tcp 10025

amqp_port_t tcp 5671-5672

amqp_port_t udp 5671-5672

aol_port_t tcp 5190-5193

aol_port_t udp 5190-5193

apc_port_t tcp 3052

apc_port_t udp 3052

apcupsd_port_t tcp 3551

apcupsd_port_t udp 3551

apertus_ldp_port_t tcp 539

apertus_ldp_port_t udp 539

asterisk_port_t tcp 1720

asterisk_port_t udp 2427, 2727, 4569

audit_port_t tcp 60

auth_port_t tcp 113

bacula_port_t tcp 9103

bacula_port_t udp 9103

bgp_port_t tcp 179, 2605

bgp_port_t udp 179, 2605

boinc_client_port_t tcp 1043

boinc_client_port_t udp 1034

boinc_port_t tcp 31416

certmaster_port_t tcp 51235

chronyd_port_t udp 323

clamd_port_t tcp 3310

clockspeed_port_t udp 4041

cluster_port_t tcp 5149, 40040, 50006-50008

cluster_port_t udp 5149, 50006-50008

cma_port_t tcp 1050

cma_port_t udp 1050

cobbler_port_t tcp 25151

collectd_port_t udp 25826

commplex_link_port_t tcp 4331, 5001

commplex_link_port_t udp 5001

commplex_main_port_t tcp 5000

commplex_main_port_t udp 5000

comsat_port_t udp 512

condor_port_t tcp 9618

condor_port_t udp 9618

conman_port_t tcp 7890

conman_port_t udp 7890

connlcli_port_t tcp 1358

connlcli_port_t udp 1358

couchdb_port_t tcp 5984, 6984

couchdb_port_t udp 5984, 6984

ctdb_port_t tcp 4379

ctdb_port_t udp 4379

cvs_port_t tcp 2401

cvs_port_t udp 2401

cyphesis_port_t tcp 6767, 6769, 6780-6799

cyphesis_port_t udp 32771

daap_port_t tcp 3689

daap_port_t udp 3689

dbskkd_port_t tcp 1178

dcc_port_t udp 6276, 6277

dccm_port_t tcp 5679

dccm_port_t udp 5679

dey_sapi_port_t tcp 4330

dhcpc_port_t tcp 68, 546, 5546

dhcpc_port_t udp 68, 546, 5546

dhcpd_port_t tcp 547, 548, 647, 847, 7911

dhcpd_port_t udp 67, 547, 548, 647, 847

dict_port_t tcp 2628

distccd_port_t tcp 3632

dns_port_t tcp 53

dns_port_t udp 53

dnssec_port_t tcp 8955

dogtag_port_t tcp 7390

echo_port_t tcp 7

echo_port_t udp 7

efs_port_t tcp 520

embrace_dp_c_port_t tcp 3198

embrace_dp_c_port_t udp 3198

ephemeral_port_t tcp 32768-61000

ephemeral_port_t udp 32768-61000

epmap_port_t tcp 135

epmap_port_t udp 135

epmd_port_t tcp 4369

epmd_port_t udp 4369

fingerd_port_t tcp 79

flash_port_t tcp 843, 1935

flash_port_t udp 1935

fmpro_internal_port_t tcp 5003

fmpro_internal_port_t udp 5003

freeipmi_port_t tcp 9225

freeipmi_port_t udp 9225

ftp_data_port_t tcp 20

ftp_port_t tcp 21, 989, 990

ftp_port_t udp 989, 990

gatekeeper_port_t tcp 1721, 7000

gatekeeper_port_t udp 1718, 1719

gdomap_port_t tcp 538

gdomap_port_t udp 538

gds_db_port_t tcp 3050

gds_db_port_t udp 3050

gear_port_t tcp 43273

gear_port_t udp 43273

giftd_port_t tcp 1213

git_port_t tcp 9418

git_port_t udp 9418

glance_port_t tcp 9292

glance_port_t udp 9292

glance_registry_port_t tcp 9191

glance_registry_port_t udp 9191

gluster_port_t tcp 24007-24027, 38465-38469

gopher_port_t tcp 70

gopher_port_t udp 70

gpsd_port_t tcp 2947

hadoop_datanode_port_t tcp 50010

hadoop_namenode_port_t tcp 8020

hddtemp_port_t tcp 7634

hi_reserved_port_t tcp 512-1023

hi_reserved_port_t udp 512-1023

howl_port_t tcp 5335

howl_port_t udp 5353

hplip_port_t tcp 1782, 2207, 2208, 8290, 50000, 50002, 8292, 9100, 9101, 9102, 9220, 9221, 9222, 9280, 9281, 9282, 9290, 9291

http_cache_port_t tcp 8080, 8118, 8123, 10001-10010

http_cache_port_t udp 3130

http_port_t tcp 8888, 80, 81, 443, 488, 8008, 8009, 8443, 9000

i18n_input_port_t tcp 9010

imaze_port_t tcp 5323

imaze_port_t udp 5323

inetd_child_port_t tcp 1, 9, 13, 19, 512, 544, 891, 892, 5666

inetd_child_port_t udp 1, 9, 13, 19, 891, 892

innd_port_t tcp 119

interwise_port_t tcp 7778

interwise_port_t udp 7778

ionixnetmon_port_t tcp 7410

ionixnetmon_port_t udp 7410

ipmi_port_t udp 623, 664

ipp_port_t tcp 631, 8610-8614

ipp_port_t udp 631, 8610-8614

ipsecnat_port_t tcp 4500

ipsecnat_port_t udp 4500

ircd_port_t tcp 6667, 6697

isakmp_port_t udp 500

iscsi_port_t tcp 3260

isns_port_t tcp 3205

isns_port_t udp 3205

jabber_client_port_t tcp 5222, 5223

jabber_interserver_port_t tcp 5269

jabber_router_port_t tcp 5347

jacorb_port_t tcp 3528, 3529

jboss_debug_port_t tcp 8787

jboss_debug_port_t udp 8787

jboss_management_port_t tcp 4712, 4447, 7600, 9123, 9990, 9999, 18001

jboss_management_port_t udp 4712, 9123

jboss_messaging_port_t tcp 5445, 5455

kerberos_admin_port_t tcp 749

kerberos_password_port_t tcp 464

kerberos_password_port_t udp 464

kerberos_port_t tcp 88, 750, 4444

kerberos_port_t udp 88, 750, 4444

keystone_port_t tcp 35357

keystone_port_t udp 35357

kprop_port_t tcp 754

ktalkd_port_t udp 517, 518

l2tp_port_t tcp 1701

l2tp_port_t udp 1701

ldap_port_t tcp 389, 636, 3268, 7389

ldap_port_t udp 389, 636

lirc_port_t tcp 8765

lmtp_port_t tcp 24, 2003

lmtp_port_t udp 24

luci_port_t tcp 8084

mail_port_t tcp 2000, 3905

matahari_port_t tcp 49000

matahari_port_t udp 49000

memcache_port_t tcp 11211

memcache_port_t udp 11211

milter_port_t tcp 8890, 8891, 8893

mmcc_port_t tcp 5050

mmcc_port_t udp 5050

mongod_port_t tcp 27017-27019, 28017-28019

monopd_port_t tcp 1234

mountd_port_t tcp 20048

mountd_port_t udp 20048

movaz_ssc_port_t tcp 5252

movaz_ssc_port_t udp 5252

mpd_port_t tcp 6600

ms_streaming_port_t tcp 1755

ms_streaming_port_t udp 1755

msnp_port_t tcp 1863

msnp_port_t udp 1863

mssql_port_t tcp 1433-1434

mssql_port_t udp 1433-1434

munin_port_t tcp 4949

munin_port_t udp 4949

mxi_port_t tcp 8005

mxi_port_t udp 8005

mysqld_port_t tcp 1186, 3306, 63132-63164

mysqlmanagerd_port_t tcp 2273

mythtv_port_t tcp 6543-6544

nessus_port_t tcp 1241

netport_port_t tcp 3129

netport_port_t udp 3129

netsupport_port_t tcp 5404, 5405

netsupport_port_t udp 5404, 5405

neutron_port_t tcp 9696

nfs_port_t tcp 2049, 20048-20049

nfs_port_t udp 2049, 20048-20049

nmbd_port_t udp 137, 138

nodejs_debug_port_t tcp 5858

nodejs_debug_port_t udp 5858

ntop_port_t tcp 3000-3001

ntop_port_t udp 3000-3001

ntp_port_t udp 123

oa_system_port_t tcp 8022

oa_system_port_t udp 8022

ocsp_port_t tcp 9080

openflow_port_t tcp 6633, 6653

openhpid_port_t tcp 4743

openhpid_port_t udp 4743

openvpn_port_t tcp 1194

openvpn_port_t udp 1194

openvswitch_port_t tcp 6634

oracle_port_t tcp 1521, 2483, 2484

oracle_port_t udp 1521, 2483, 2484

osapi_compute_port_t tcp 8774

pdps_port_t tcp 1314

pdps_port_t udp 1314

pegasus_http_port_t tcp 5988

pegasus_https_port_t tcp 5989

pgpkeyserver_port_t tcp 11371

pgpkeyserver_port_t udp 11371

pingd_port_t tcp 9125

pki_ca_port_t tcp 829, 9180, 9701, 9443-9447

pki_kra_port_t tcp 10180, 10701, 10443-10446

pki_ocsp_port_t tcp 11180, 11701, 11443-11446

pki_ra_port_t tcp 12888-12889

pki_tks_port_t tcp 13180, 13701, 13443-13446

pki_tps_port_t tcp 7888-7889

pktcable_cops_port_t tcp 2126

pktcable_cops_port_t udp 2126

pop_port_t tcp 106, 109, 110, 143, 220, 993, 995, 1109, 10993

portmap_port_t tcp 111

portmap_port_t udp 111

postfix_policyd_port_t tcp 10031

postgresql_port_t tcp 5432

postgrey_port_t tcp 60000

pptp_port_t tcp 1723

pptp_port_t udp 1723

prelude_port_t tcp 4690

prelude_port_t udp 4690

presence_port_t tcp 5298-5299

presence_port_t udp 5298-5299

printer_port_t tcp 515

ptal_port_t tcp 5703

pulseaudio_port_t tcp 4713

pulseaudio_port_t udp 4713

puppet_port_t tcp 8140

pxe_port_t udp 4011

pyzor_port_t udp 24441

radacct_port_t udp 1646, 1813

radius_port_t udp 1645, 1812

radsec_port_t tcp 2083

razor_port_t tcp 2703

redis_port_t tcp 6379

repository_port_t tcp 6363

ricci_modcluster_port_t tcp 16851

ricci_modcluster_port_t udp 16851

ricci_port_t tcp 11111

ricci_port_t udp 11111

rlogin_port_t tcp 543, 2105

rlogind_port_t tcp 513

rndc_port_t tcp 953, 8953

rndc_port_t udp 953

router_port_t tcp 521

router_port_t udp 520, 521

rsh_port_t tcp 514

rsync_port_t tcp 873

rsync_port_t udp 873

rtp_media_port_t tcp 5004-5005

rtp_media_port_t udp 5004-5005

rtsclient_port_t tcp 2501

rtsp_port_t tcp 554, 8554

rtsp_port_t udp 554, 8554

rwho_port_t udp 513

salt_port_t tcp 4505, 4506

sap_port_t tcp 9875

sap_port_t udp 9875

saphostctrl_port_t tcp 1128, 1129

servistaitsm_port_t tcp 3636

servistaitsm_port_t udp 3636

sge_port_t tcp 6444, 6445

sieve_port_t tcp 4190

sip_port_t tcp 5060, 5061

sip_port_t udp 5060, 5061

sixxsconfig_port_t tcp 3874

sixxsconfig_port_t udp 3874

smbd_port_t tcp 137-139, 445

smtp_port_t tcp 25, 465, 587

snmp_port_t tcp 161-162, 199, 1161

snmp_port_t udp 161-162

soundd_port_t tcp 8000, 9433, 16001

spamd_port_t tcp 783, 10026, 10027

speech_port_t tcp 8036

squid_port_t tcp 3128, 3401, 4827

squid_port_t udp 3401, 4827

ssdp_port_t tcp 1900

ssdp_port_t udp 1900

ssh_port_t tcp 2222, 22

svn_port_t tcp 3690

svn_port_t udp 3690

svrloc_port_t tcp 427

svrloc_port_t udp 427

swat_port_t tcp 901

sype_transport_port_t tcp 9911

sype_transport_port_t udp 9911

syslog_tls_port_t tcp 6514

syslog_tls_port_t udp 6514

syslogd_port_t tcp 601

syslogd_port_t udp 514, 601

tcs_port_t tcp 30003

telnetd_port_t tcp 23

tftp_port_t udp 69

time_port_t tcp 37

time_port_t udp 37

tor_port_t tcp 6969, 9001, 9030, 9050, 9051, 9150

traceroute_port_t udp 64000-64010

tram_port_t tcp 4567

transproxy_port_t tcp 8081

trisoap_port_t tcp 10200

trisoap_port_t udp 10200

unreserved_port_t tcp 1024-32767, 61001-65535

unreserved_port_t udp 1024-32767, 61001-65535

ups_port_t tcp 3493

uucpd_port_t tcp 540

varnishd_port_t tcp 6081-6082

virt_migration_port_t tcp 49152-49216

virt_port_t tcp 16509, 16514

virt_port_t udp 16509, 16514

virtual_places_port_t tcp 1533

virtual_places_port_t udp 1533

vnc_port_t tcp 5900-5983, 5985-5999

wccp_port_t udp 2048

websm_port_t tcp 9090

websm_port_t udp 9090

whois_port_t tcp 43, 4321

whois_port_t udp 43, 4321

winshadow_port_t tcp 3161

winshadow_port_t udp 3261

wsdapi_port_t tcp 5357

wsdapi_port_t udp 5357

wsicopy_port_t tcp 3378

wsicopy_port_t udp 3378

xdmcp_port_t tcp 177

xdmcp_port_t udp 177

xen_port_t tcp 8002

xfs_port_t tcp 7100

xserver_port_t tcp 6000-6020

zabbix_agent_port_t tcp 10050

zabbix_port_t tcp 10051

zarafa_port_t tcp 236, 237

zebra_port_t tcp 2600-2604, 2606, 2608-2609

zebra_port_t udp 2600-2604, 2606, 2608-2609

zented_port_t tcp 1229

zented_port_t udp 1229

zookeeper_client_port_t tcp 2181

zookeeper_election_port_t tcp 3888

zookeeper_leader_port_t tcp 2888

zope_port_t tcp 8021

[root@server0 conf.d]# semanage port -l |grep http

http_cache_port_t tcp 8080, 8118, 8123, 10001-10010

http_cache_port_t udp 3130

http_port_t tcp 8888, 80, 81, 443, 488, 8008, 8009, 8443, 9000

pegasus_http_port_t tcp 5988

pegasus_https_port_t tcp 5989

[root@server0 conf.d]# semanage port -l |grep 9999

jboss_management_port_t tcp 4712, 4447, 7600, 9123, 9990, 9999, 18001

[root@server0 conf.d]# semanage port -m -t http_port_t -p tcp 9999

[root@server0 conf.d]# semanage port -l |grep 9999

http_port_t tcp 9999, 8888, 80, 81, 443, 488, 8008, 8009, 8443, 9000

jboss_management_port_t tcp 4712, 4447, 7600, 9123, 9990, 9999, 18001

[root@server0 conf.d]# vim 00-server.conf

ServerName server0.example.com

ServerAdmin root@local

DocumentRoot /var/www/html

ErrorLog logs/ssl_error_log

TransferLog logs/ssl_access_log

LogLevel warn

SSLEngine on

SSLProtocol all -SSLv2

SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5:!SEED:!IDEA

SSLCertificateFile /etc/pki/tls/certs/server0.example.com.crt

SSLCertificateKeyFile /etc/pki/tls/private/server0.example.com.key

</VirtualHost>

Listen 9999

Require all granted

</Directory>

[root@server0 conf.d]# systemctl restart httpd

[root@server0 conf.d]# netstat -tlnp

Active Internet connections (only servers)

Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name

tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 1559/master

tcp 0 0 0.0.0.0:2222 0.0.0.0:* LISTEN 1289/sshd

tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 1286/rpcbind

tcp 0 0 0.0.0.0:54001 0.0.0.0:* LISTEN 1305/rpc.statd

tcp 0 0 0.0.0.0:21 0.0.0.0:* LISTEN 1304/vsftpd

tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1289/sshd

tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN 2216/cupsd

tcp6 0 0 ::1:25 :::* LISTEN 1559/master

tcp6 0 0 :::443 :::* LISTEN 8643/httpd

tcp6 0 0 :::36061 :::* LISTEN 1305/rpc.statd

tcp6 0 0 :::2222 :::* LISTEN 1289/sshd

tcp6 0 0 :::9999 :::* LISTEN 8643/httpd

tcp6 0 0 :::111 :::* LISTEN 1286/rpcbind

tcp6 0 0 :::80 :::* LISTEN 8643/httpd

tcp6 0 0 :::22 :::* LISTEN 1289/sshd

tcp6 0 0 ::1:631 :::* LISTEN 2216/cupsd

tcp6 0 0 :::8888 :::* LISTEN 8643/httpd

[root@server0 conf.d]# firewall-cmd --add-port=9999/tcp

success

[root@server0 conf.d]# firewall-cmd --add-port=9999/tcp --permanent

Handel Working&Class Note

2017年7月26日星期三

Linux class 0726 https 網址加密及驗證

沒有留言:

張貼留言

dorowu/ubuntu-desktop-lxde-vnc:bionic-lxqt Docker 映像介紹

追蹤者

2017年7月26日 星期三

Linux class 0726 https 網址加密 及驗證

沒有留言:

張貼留言

dorowu/ubuntu-desktop-lxde-vnc:bionic-lxqt Docker 映像介紹

2017年7月26日星期三

Linux class 0726 https 網址加密及驗證