root's questions

我有一个目标服务器，当前我的网络掩码被错误地配置为 255.0.0.0。其正确的网络掩码是 255.255.255.128。我的源服务器也是 /25 网络，所以它们都有相同的子网掩码，但都属于两个不同的 vlan。

我的问题如下：

我可以通过属于不同 vlan 和 IP 范围（如 157）的另一台服务器成功连接到我的目标服务器。。. ，但是，我无法从 10.10.126 连接到我的目标服务器。. 在目标服务器中跟踪路由后，我发现服务器在本地检查源 IP 是否属于其自己的本地子网。如果它的网络掩码配置错误，为什么它允许来自 157.* 服务器的 ssh 连接？它是如何做到的？

当前错误配置：

Destination server: 10.10.127.*  netmask 255.0.0.0

当前正确的配置：

Source server:      10.10.126.*  Mask:255.255.255.128

测试tcpdump：

[root@Destination_server ~]# tcpdump -vvv -i eno16780032 host 10.10.126.*
tcpdump: listening on eno16780032, link-type EN10MB (Ethernet), capture size 65535 bytes
21:36:28.403812 IP (tos 0x0, ttl 64, id 48314, offset 0, flags [DF], proto TCP (6), length 60)
    10.10.126.*.60692 > Destination_server.ssh: Flags [S], cksum 0x3c87 (correct), seq 379301407, win 29200, options [mss 1380,sackOK,TS val 495338
91 ecr 0,nop,wscale 7], length 0
21:36:28.403928 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 10.10.126.* tell Destination_server, length 28
21:36:29.400303 IP (tos 0x0, ttl 64, id 48315, offset 0, flags [DF], proto TCP (6), length 60)
    10.10.126.*.60692 > Destination_server.ssh: Flags [S], cksum 0x3b8d (correct), seq 379301407, win 29200, options [mss 1380,sackOK,TS val 495341
41 ecr 0,nop,wscale 7], length 0
21:36:29.406300 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 10.10.126.* tell Destination_server, length 28
21:36:30.408295 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 10.10.126.* tell Destination_server, length 28
21:36:31.405136 IP (tos 0x0, ttl 64, id 48316, offset 0, flags [DF], proto TCP (6), length 60)
    10.10.126.*.60692 > Destination_server.ssh: Flags [S], cksum 0x3998 (correct), seq 379301407, win 29200, options [mss 1380,sackOK,TS val 495346 42 ecr 0,nop,wscale 7], length 0
21:36:35.412611 IP (tos 0x0, ttl 64, id 48317, offset 0, flags [DF], proto TCP (6), length 60)
    10.10.126.*.60692 > Destination_server.ssh: Flags [S], cksum 0x35ae (correct), seq 379301407, win 29200, options [mss 1380,sackOK,TS val 495356 44 ecr 0,nop,wscale 7], length 0
21:36:35.412738 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 10.10.126.* tell Destination_server, length 28
21:36:36.414276 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 10.10.126.* tell Destination_server, length 28
21:36:37.416282 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 10.10.126.* tell Destination_server, length 28
21:36:43.428318 IP (tos 0x0, ttl 64, id 48318, offset 0, flags [DF], proto TCP (6), length 60)
    10.10.126.*.60692 > Destination_server.ssh: Flags [S], cksum 0x2dda (correct), seq 379301407, win 29200, options [mss 1380,sackOK,TS val 495376 48 ecr 0,nop,wscale 7], length 0
21:36:43.428457 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 10.10.126.* tell Destination_server, length 28
21:36:44.430268 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 10.10.126.* tell Destination_server, length 28
21:36:45.432280 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 10.10.126.* tell Destination_server, length 28

我的虚拟堡垒服务器中有 8 个磁盘，它们的 PCI 地址以及控制它们的主机 ID 也在这里共享。但是lspci列出了三个驱动控制器。是不是说其他​​两个根本不用，只SCSI Controller: LSI Logic在这里用。为什么host0 and other hosts只有host2使用。

[root@linux_server ~]# fdisk -l | grep -i disk |grep -v identifer | grep -v identifier | grep -v mapper

Disk /dev/sda: 46.2 GB, 46170898432 bytes
Disk /dev/sdb: 8589 MB, 8589934592 bytes
Disk /dev/sdd: 21.5 GB, 21474836480 bytes
Disk /dev/sde: 53.7 GB, 53687091200 bytes
Disk /dev/sdc: 10.7 GB, 10737418240 bytes
Disk /dev/sdf: 8589 MB, 8589934592 bytes
Disk /dev/sdg: 2147 MB, 2147483648 bytes
Disk /dev/sdh: 2147 MB, 2147483648 bytes

[root@linux_server ~]# ls -l /sys/block/sd*

lrwxrwxrwx 1 root root 0 Sep  2 06:39 /sys/block/sda -> ../devices/pci0000:00/0000:00:10.0/host2/target2:0:0/2:0:0:0/block/sda
lrwxrwxrwx 1 root root 0 Sep  2 06:39 /sys/block/sdb -> ../devices/pci0000:00/0000:00:10.0/host2/target2:0:1/2:0:1:0/block/sdb
lrwxrwxrwx 1 root root 0 Sep  2 06:39 /sys/block/sdc -> ../devices/pci0000:00/0000:00:10.0/host2/target2:0:2/2:0:2:0/block/sdc
lrwxrwxrwx 1 root root 0 Sep  2 06:39 /sys/block/sdd -> ../devices/pci0000:00/0000:00:10.0/host2/target2:0:3/2:0:3:0/block/sdd
lrwxrwxrwx 1 root root 0 Sep  2 06:39 /sys/block/sde -> ../devices/pci0000:00/0000:00:10.0/host2/target2:0:4/2:0:4:0/block/sde
lrwxrwxrwx 1 root root 0 Sep  2 06:39 /sys/block/sdf -> ../devices/pci0000:00/0000:00:10.0/host2/target2:0:5/2:0:5:0/block/sdf
lrwxrwxrwx 1 root root 0 Sep  2 06:39 /sys/block/sdg -> ../devices/pci0000:00/0000:00:10.0/host2/target2:0:6/2:0:6:0/block/sdg
lrwxrwxrwx 1 root root 0 Sep  2 06:39 /sys/block/sdh -> ../devices/pci0000:00/0000:00:10.0/host2/target2:0:8/2:0:8:0/block/sdh

[root@linux_server ~]# lspci | egrep -i "sata|scsi|ide"

00:07.1 IDE interface: Intel Corporation 82371AB/EB/MB PIIX4 IDE (rev 01)
00:10.0 SCSI storage controller: LSI Logic / Symbios Logic 53c1030 PCI-X Fusion-MPT Dual Ultra320 SCSI (rev 01)
02:04.0 SATA controller: VMware SATA AHCI controller

[root@linux_server ~]# cat /sys/class/scsi_host/host*/proc_name | wc -l

33

[root@linux_server ~]# ls -l /sys/class/scsi_host/host*

lrwxrwxrwx 1 root root 0 Sep  2 06:24 /sys/class/scsi_host/host0 -> ../../devices/pci0000:00/0000:00:07.1/host0/scsi_host/host0
lrwxrwxrwx 1 root root 0 Sep  2 06:24 /sys/class/scsi_host/host1 -> ../../devices/pci0000:00/0000:00:07.1/host1/scsi_host/host1
lrwxrwxrwx 1 root root 0 Sep  2 06:27 /sys/class/scsi_host/host10 -> ../../devices/pci0000:00/0000:00:11.0/0000:02:04.0/host10/scsi_host/host10
lrwxrwxrwx 1 root root 0 Sep  2 06:27 /sys/class/scsi_host/host11 -> ../../devices/pci0000:00/0000:00:11.0/0000:02:04.0/host11/scsi_host/host11
lrwxrwxrwx 1 root root 0 Sep  2 06:27 /sys/class/scsi_host/host12 -> ../../devices/pci0000:00/0000:00:11.0/0000:02:04.0/host12/scsi_host/host12
lrwxrwxrwx 1 root root 0 Sep  2 06:27 /sys/class/scsi_host/host13 -> ../../devices/pci0000:00/0000:00:11.0/0000:02:04.0/host13/scsi_host/host13
lrwxrwxrwx 1 root root 0 Sep  2 06:27 /sys/class/scsi_host/host14 -> ../../devices/pci0000:00/0000:00:11.0/0000:02:04.0/host14/scsi_host/host14
lrwxrwxrwx 1 root root 0 Sep  2 06:27 /sys/class/scsi_host/host15 -> ../../devices/pci0000:00/0000:00:11.0/0000:02:04.0/host15/scsi_host/host15
lrwxrwxrwx 1 root root 0 Sep  2 06:27 /sys/class/scsi_host/host16 -> ../../devices/pci0000:00/0000:00:11.0/0000:02:04.0/host16/scsi_host/host16
lrwxrwxrwx 1 root root 0 Sep  2 06:27 /sys/class/scsi_host/host17 -> ../../devices/pci0000:00/0000:00:11.0/0000:02:04.0/host17/scsi_host/host17
lrwxrwxrwx 1 root root 0 Sep  2 06:27 /sys/class/scsi_host/host18 -> ../../devices/pci0000:00/0000:00:11.0/0000:02:04.0/host18/scsi_host/host18
lrwxrwxrwx 1 root root 0 Sep  2 06:27 /sys/class/scsi_host/host19 -> ../../devices/pci0000:00/0000:00:11.0/0000:02:04.0/host19/scsi_host/host19
lrwxrwxrwx 1 root root 0 Sep  2 06:24 /sys/class/scsi_host/host2 -> ../../devices/pci0000:00/0000:00:10.0/host2/scsi_host/host2
lrwxrwxrwx 1 root root 0 Sep  2 06:27 /sys/class/scsi_host/host20 -> ../../devices/pci0000:00/0000:00:11.0/0000:02:04.0/host20/scsi_host/host20
lrwxrwxrwx 1 root root 0 Sep  2 06:27 /sys/class/scsi_host/host21 -> ../../devices/pci0000:00/0000:00:11.0/0000:02:04.0/host21/scsi_host/host21
lrwxrwxrwx 1 root root 0 Sep  2 06:27 /sys/class/scsi_host/host22 -> ../../devices/pci0000:00/0000:00:11.0/0000:02:04.0/host22/scsi_host/host22
lrwxrwxrwx 1 root root 0 Sep  2 06:27 /sys/class/scsi_host/host23 -> ../../devices/pci0000:00/0000:00:11.0/0000:02:04.0/host23/scsi_host/host23
lrwxrwxrwx 1 root root 0 Sep  2 06:27 /sys/class/scsi_host/host24 -> ../../devices/pci0000:00/0000:00:11.0/0000:02:04.0/host24/scsi_host/host24
lrwxrwxrwx 1 root root 0 Sep  2 06:27 /sys/class/scsi_host/host25 -> ../../devices/pci0000:00/0000:00:11.0/0000:02:04.0/host25/scsi_host/host25
lrwxrwxrwx 1 root root 0 Sep  2 06:27 /sys/class/scsi_host/host26 -> ../../devices/pci0000:00/0000:00:11.0/0000:02:04.0/host26/scsi_host/host26
lrwxrwxrwx 1 root root 0 Sep  2 06:27 /sys/class/scsi_host/host27 -> ../../devices/pci0000:00/0000:00:11.0/0000:02:04.0/host27/scsi_host/host27
lrwxrwxrwx 1 root root 0 Sep  2 06:27 /sys/class/scsi_host/host28 -> ../../devices/pci0000:00/0000:00:11.0/0000:02:04.0/host28/scsi_host/host28
lrwxrwxrwx 1 root root 0 Sep  2 06:27 /sys/class/scsi_host/host29 -> ../../devices/pci0000:00/0000:00:11.0/0000:02:04.0/host29/scsi_host/host29
lrwxrwxrwx 1 root root 0 Sep  2 06:24 /sys/class/scsi_host/host3 -> ../../devices/pci0000:00/0000:00:11.0/0000:02:04.0/host3/scsi_host/host3
lrwxrwxrwx 1 root root 0 Sep  2 06:27 /sys/class/scsi_host/host30 -> ../../devices/pci0000:00/0000:00:11.0/0000:02:04.0/host30/scsi_host/host30
lrwxrwxrwx 1 root root 0 Sep  2 06:27 /sys/class/scsi_host/host31 -> ../../devices/pci0000:00/0000:00:11.0/0000:02:04.0/host31/scsi_host/host31
lrwxrwxrwx 1 root root 0 Sep  2 06:27 /sys/class/scsi_host/host32 -> ../../devices/pci0000:00/0000:00:11.0/0000:02:04.0/host32/scsi_host/host32
lrwxrwxrwx 1 root root 0 Sep  2 06:24 /sys/class/scsi_host/host4 -> ../../devices/pci0000:00/0000:00:11.0/0000:02:04.0/host4/scsi_host/host4
lrwxrwxrwx 1 root root 0 Sep  2 06:24 /sys/class/scsi_host/host5 -> ../../devices/pci0000:00/0000:00:11.0/0000:02:04.0/host5/scsi_host/host5
lrwxrwxrwx 1 root root 0 Sep  2 06:27 /sys/class/scsi_host/host6 -> ../../devices/pci0000:00/0000:00:11.0/0000:02:04.0/host6/scsi_host/host6
lrwxrwxrwx 1 root root 0 Sep  2 06:27 /sys/class/scsi_host/host7 -> ../../devices/pci0000:00/0000:00:11.0/0000:02:04.0/host7/scsi_host/host7
lrwxrwxrwx 1 root root 0 Sep  2 06:27 /sys/class/scsi_host/host8 -> ../../devices/pci0000:00/0000:00:11.0/0000:02:04.0/host8/scsi_host/host8
lrwxrwxrwx 1 root root 0 Sep  2 06:27 /sys/class/scsi_host/host9 -> ../../devices/pci0000:00/0000:00:11.0/0000:02:04.0/host9/scsi_host/host9

[root@linux_server ~]# for i in `ls /sys/class/scsi_host/`; do echo $i; cat /sys/class/scsi_host/$i/proc_name| grep -i mpt; done

host0
host1
host10
host11
host12
host13
host14
host15
host16
host17
host18
host19
host2
mptspi
host20
host21
host22
host23
host24
host25
host26
host27
host28
host29
host3
host30
host31
host32
host4
host5
host6
host7
host8
host9

您能否解释一下与 Linux 相关的存储互连。scsi_host0、host1、host2 等到底是什么。我最近检查了一个 VM，它在 /sys/class/scsi_hosts/ 目录中存在大约 39 个主机。它是否取决于服务器中存在的驱动器数量？你能在这里指导一下吗？

我在“RH413 Red Hat Server Hardening”课程中读到了这一点，我们挂载了nodev不允许从其中挂载特殊文件/设备的文件系统。但是，它没有显示示例。

dd但是，我在我的 RHEL 机器上做了以下事情，我发现当文件系统使用 nodev 选项挂载时，我们无法将特殊字符设备与命令创建的任何文件相关联。我后来删除了nodev选项，并且能够将字符设备与新创建的文件与dd命令相关联。

这是我们使用nodev选项安装 FS 时预期的行为，还是我缺少其他东西？

这里去命令：

[root@server Special]# mount | grep /Special
/dev/mapper/home on /Special type ext4 (rw,nodev,relatime,seclabel,data=ordered)
[root@server Special]#

[root@server Special]# ls -l
total 16
drwx------. 2 root root 16384 Feb 20 01:40 lost+found
crw-r--r--. 1 root root  1, 5 Feb 21 04:53 spFile
[root@server Special]#

[root@server Special]# dd if=spFile of=newDev bs=1K count=20000
dd: failed to open ‘spFile’: Permission denied
[root@server Special]#

nodev通过添加删除exec。

[root@server ~]# mount | grep /Special
/dev/mapper/home on /Special type ext4 (rw,relatime,seclabel,data=ordered)
[root@server ~]# 

[root@server Special]# dd if=spFile of=newDev bs=1K count=20000
20000+0 records in
20000+0 records out
20480000 bytes (20 MB) copied, 0.527708 s, 38.8 MB/s
[root@server Special]#

[root@server Special]# ls -l
total 20016
drwx------. 2 root root    16384 Feb 20 01:40 lost+found
-rw-r--r--. 1 root root 20480000 Feb 21 05:10 newDev
crw-r--r--. 1 root root     1, 5 Feb 21 04:53 spFile
[root@server Special]#

[root@server Special]# mkdir /spDev
[root@server Special]# mount newDev /spDev/

[root@server Special]# df -h /spDev/
Filesystem      Size  Used Avail Use% Mounted on
/dev/loop0       18M  326K   17M   2% /spDev
[root@server Special]#