简介

tcpdump 是一个在命令行下执行的网络抓包工具。其主要功能是监听并捕获网络数据包,以便分析网络流量或排查网络故障。
tcpdump 可以指定需要监听的网络接口、协议、过滤规则等参数,捕获到的数据包可以直接在终端上查看或保存到文件中以便后续分析。

语法

关键字

port :端口 如:tcpdump port 443
host :主机 如:tcpdump host 192.168.1.1
net :网络 如:tcpdump net 192.168.1.0/24
portrange:端口范围 如: tcpdump portrange 20-80
ether : mac地址 如: tcpdump ether 00:11:22:33:44:55

方向

src源地址 如:src 10.1.110.110
dst目的地址 如:dst 10.1.110.110

协议

  • TCP
  • UDP
  • ICMP
  • IP
  • HTTP(超文本传输协议)
  • FTP(文件传输协议)
  • Telnet
  • SSH(安全外壳协议)
  • DNS(域名系统)
  • SNMP(简单网络管理协议)
  • SMTP(简单邮件传输协议)
  • POP3(邮局协议版本3)
  • IMAP (Internet消息访问协议)
  • SSL/TLS(安全套接层/传输层安全协议)
  • ARP(地址解析协议)
  • DHCP(动态主机配置协议)
    等等

表达式

and : 表示 且
or : 表示 或
not : 表示 非
! :
&&
||

安装 acme.sh

获取KID 和KEY

修改 CA

  • acme.sh --set-default-ca --server zerossl

配置

  • acme.sh --register-account --server zerossl --eab-kid XXXX --eab-hmac-key XXXX

一个简单的配置实例

  1. 生成证书
    acme.sh --issue -d example.com --webroot $PATH_TO_YOUR_WEBROOT

  2. 安装证书

    acme.sh --install-cert -d example.com \
    --cert-file /path/to/your/certfile/cert.pem \
    --key-file /path/to/your/certfile/key.pem \
    --fullchain-file /path/to/your/certfile/certfilefullchain.pem \

零、 生成 CA 私钥

openssl genrsa -des3 -out root-ca.key 2048

由于是根CA的私钥,这里系统要求一定要输入密码
也有可能是des3算法的原因,没有具体测试

一、 生成 CA 证书

1.1 非交互式回答CSR信息

openssl req -x509 -new -nodes -sha256 -days 7300  \
-key root-ca.key \
-out root-ca.crt \
-subj "/C=CN/ST=Zhejiang/L=Hangzhou/O=root/OU=root/CN=root"

参数含义

C  : Country Name                      # 国家
ST :State or Province Name # 省/州
L :Locality Name # 城市
O :Organization Name # 组织名称
OU :Organizational Unit Name # 组织单位名称
CN :Common Name # 名称

1.2 交互式应答生成

openssl req -x509 -new -nodes -sha256 -days 7300 -key root-ca.key -out root-ca.crt

交互式生成CSR要求留email地址

[root@localhost CA]# openssl req -x509 -new -nodes -sha256 -days 720 -key root-ca.key -out root-ca.crt \
>
Enter pass phrase for root-ca.key:
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:Zhejiang
Locality Name (eg, city) [Default City]:Hangzhou
Organization Name (eg, company) [Default Company Ltd]:root
Organizational Unit Name (eg, section) []:root
Common Name (eg, your name or your server's hostname) []:root
Email Address []:@root.com
[root@localhost CA]#

1.3 查看证书

openssl x509 -in root-ca.crt -noout -text

[root@localhost CA]# openssl x509 -in root-ca.crt -noout -text
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
83:6d:15:68:11:48:42:af
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=CN, ST=Zhejiang, L=Hangzhou, O=root, OU=root, CN=root
Validity
Not Before: Sep 21 17:46:03 2023 GMT
Not After : Sep 16 17:46:03 2043 GMT
Subject: C=CN, ST=Zhejiang, L=Hangzhou, O=root, OU=root, CN=root
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:d9:6c:a1:a7:2c:a4:d1:32:3a:c3:40:63:7f:5e:
79:20:4f:cc:1e:99:e2:38:98:e8:e1:64:7c:39:7d:
b9:ed:10:20:d5:06:7f:27:13:bf:b8:07:fc:9a:48:
01:21:a0:6b:7b:ae:4e:be:8f:f2:43:02:8c:5e:14:
56:cf:8b:fa:e0:6e:5f:1c:5c:4e:d7:3a:17:b2:f7:
58:aa:ef:4c:6b:e4:cd:38:cf:92:7e:15:e5:52:66:
c2:b1:47:4d:2e:74:49:a9:4a:bc:1e:60:c2:48:7d:
6b:16:c5:34:46:23:2c:3c:dc:19:f0:d5:ba:a8:b7:
43:3b:7f:a0:65:21:26:78:0d:de:96:60:c7:58:50:
64:bd:7c:9d:8b:68:55:f7:d2:ed:40:ad:b7:f1:50:
e2:9d:ac:e6:a3:b6:0e:4d:12:ab:50:54:5b:3e:62:
68:ad:6f:dd:8f:50:b5:20:25:28:46:4d:24:42:99:
c1:ae:60:08:42:c6:40:aa:e1:3c:fc:59:ce:17:39:
a9:b2:54:6b:fb:62:f0:11:4e:91:45:e9:6a:90:b6:
e6:ab:27:82:50:3b:b2:66:44:47:0e:73:1d:cd:65:
4c:c8:c8:3c:f7:b1:2c:ff:2a:55:c7:90:be:14:17:
24:2b:05:69:18:fd:51:23:28:39:6a:3c:7b:52:e9:
cb:4b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A0:6F:B7:44:0F:E4:57:9C:B0:64:72:EE:00:BE:D1:D7:D6:BA:E2:F5
X509v3 Authority Key Identifier:
keyid:A0:6F:B7:44:0F:E4:57:9C:B0:64:72:EE:00:BE:D1:D7:D6:BA:E2:F5

X509v3 Basic Constraints:
CA:TRUE
Signature Algorithm: sha256WithRSAEncryption
0c:66:dc:ea:7d:ad:84:d2:a2:a2:1e:76:87:d3:14:62:85:1d:
63:f4:d0:2d:a7:5b:3c:42:24:45:21:85:d6:d1:29:02:aa:4d:
8b:21:1d:10:13:7a:dd:b6:c7:fd:2a:68:44:85:3a:62:86:2d:
db:31:34:64:d6:c2:44:a3:78:18:85:ba:24:fe:ce:ed:f1:9a:
25:90:76:da:f8:10:b1:67:f8:b0:35:47:a2:1d:5d:88:f5:d8:
5a:c7:34:36:06:bd:4d:eb:db:6c:39:4d:56:9c:7a:8f:0e:19:
e6:97:43:5d:87:ca:79:52:e8:be:eb:3e:08:a3:d6:17:22:b3:
d9:ff:67:ef:1f:43:28:b1:4c:c7:d1:7f:fa:0b:b5:2c:65:47:
ed:16:cd:07:f0:1d:15:64:5e:c6:74:9c:b8:78:59:a6:1f:07:
3a:ec:1c:54:d4:18:33:bc:00:b5:5b:f3:25:87:4d:63:d8:dd:
37:e6:88:a1:e8:9e:49:0f:88:cf:5e:d0:73:68:84:fe:8e:3c:
b6:05:fb:51:3b:e9:62:e8:43:2c:e4:ed:83:85:43:86:f7:ee:
f8:52:b7:26:ae:6a:58:ed:69:9a:78:a7:9c:0a:49:1d:7e:38:
31:e5:a0:21:ab:cb:2a:85:59:7a:97:29:7e:96:06:c9:93:75:
15:83:74:88
[root@localhost CA]#

二、 生成 ssl 私钥

openssl genrsa -out mdzz.wang.key 2048

三、 生成 签名请求

openssl req -new -key mdzz.wang.key -out mdzz.wang.csr 
-subj "/C=CN/ST=Zhejiang/L=Hangzhou/O=mdzz/OU=mdzz/CN=mdzz.wang"

四、 域名附加配置文件

vim cert.ext

authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
subjectAltName = @alt_names

[alt_names]
DNS.1 = localhost
IP.2 = 127.0.0.1
DNS.3 = mdzz.com
DNS.4 = *.mdzz.com

五、 CA 签署ssl证书

openssl x509 -req -in mdzz.wang.csr -out mdzz.wang.crt -days 365 \
-CAcreateserial -CA root-ca.crt -CAkey root-ca.key \
-CAserial serial -extfile cert.ext

5.1 查看证书

总结

  1. 创建CA机构
    1.1 创建CA密钥
    1.2 生成CA证书
  2. 为网站mdzz.wang创建https私钥
  3. 为网站mdzz.wang生成CSR请求文件
  4. 使用CA为mdzz.wang颁发证书

六、 快速构建https证书

某些情况只需要配置https证书, 不要受信任的CA签名的时候

6.1 生成私钥

openssl genrsa -des3 -out test.key 2048
需要输入根证书的密码

6.2 使用私钥自签证书

openssl req \
-newkey rsa:2048 -nodes -keyout test.key \
-x509 -days 365 -out test.crt \
-subj "/C=CN/ST=Zhejiang/L=Hangzhou/O=test/OU=test/CN=test"

6.3 证书验证

安装 php

https://blog.mdzz.wang/2022/11/22/029.install_php7.4.33/

安装 nginx

yum install nginx

安装 mariadb

yum install mariadb mariadb-server

安装 nextcloud

  1. 下载nextcloud

wget --no-check-certificate https://download.nextcloud.com/server/releases/nextcloud-25.0.0.zip

  1. 解压 nextcloud

unzip nextcloud-25.0.0.zip

  1. 移动到 nginx的根目录

mv nextcloud-25.0.0 /usr/share/nginx/nextcloud

  1. 修改权限

chown -R nginx:nginx /usr/share/nginx/nextcloud
chmod -R 777 /usr/share/nginx/nextcloud/config
chmod -R 777 /usr/share/nginx/nextcloud/apps

  1. nginx 配置文件

nginx的配置文件有两种写法, 取决于你将解压后的nextcloud是否放到nginx的根目录
详见: https://docs.nextcloud.com/server/latest/admin_manual/installation/nginx.html

注意: line31的nextcloud的目录位置

vim /etc/nginx/conf.d/next.conf

upstream php-handler {
server 127.0.0.1:9000;
#server unix:/var/run/php/php7.4-fpm.sock;
}

# Set the `immutable` cache control options only for assets with a cache busting `v` argument
map $arg_v $asset_immutable {
"" "";
default "immutable";
}


# server {
# listen 80;
# listen [::]:80;
# server_name cloud.example.com;

# # Prevent nginx HTTP Server Detection
# server_tokens off;

# # Enforce HTTPS
# return 301 https://$server_name$request_uri;
# }

server {
listen 8080;
#listen [::]:443 ssl http2;
server_name cloud.mdzz.wang;

# Path to the root of your installation
root /usr/share/nginx/nextcloud;

# Use Mozilla's guidelines for SSL/TLS settings
# https://mozilla.github.io/server-side-tls/ssl-config-generator/
#ssl_certificate /etc/ssl/nginx/cloud.example.com.crt;
#ssl_certificate_key /etc/ssl/nginx/cloud.example.com.key;

# Prevent nginx HTTP Server Detection
server_tokens off;

# HSTS settings
# WARNING: Only add the preload option once you read about
# the consequences in https://hstspreload.org/. This option
# will add the domain to a hardcoded list that is shipped
# in all major browsers and getting removed from this list
# could take several months.
#add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload" always;

# set max upload size and increase upload timeout:
client_max_body_size 512M;
client_body_timeout 300s;
fastcgi_buffers 64 4K;

# Enable gzip but do not remove ETag headers
gzip on;
gzip_vary on;
gzip_comp_level 4;
gzip_min_length 256;
gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/wasm application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;

# Pagespeed is not supported by Nextcloud, so if your server is built
# with the `ngx_pagespeed` module, uncomment this line to disable it.
#pagespeed off;

# The settings allows you to optimize the HTTP2 bandwitdth.
# See https://blog.cloudflare.com/delivering-http-2-upload-speed-improvements/
# for tunning hints
client_body_buffer_size 512k;

# HTTP response headers borrowed from Nextcloud `.htaccess`
add_header Referrer-Policy "no-referrer" always;
add_header X-Content-Type-Options "nosniff" always;
add_header X-Download-Options "noopen" always;
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-Permitted-Cross-Domain-Policies "none" always;
add_header X-Robots-Tag "none" always;
add_header X-XSS-Protection "1; mode=block" always;

# Remove X-Powered-By, which is an information leak
fastcgi_hide_header X-Powered-By;

# Specify how to handle directories -- specifying `/index.php$request_uri`
# here as the fallback means that Nginx always exhibits the desired behaviour
# when a client requests a path that corresponds to a directory that exists
# on the server. In particular, if that directory contains an index.php file,
# that file is correctly served; if it doesn't, then the request is passed to
# the front-end controller. This consistent behaviour means that we don't need
# to specify custom rules for certain paths (e.g. images and other assets,
# `/updater`, `/ocm-provider`, `/ocs-provider`), and thus
# `try_files $uri $uri/ /index.php$request_uri`
# always provides the desired behaviour.
index index.php index.html /index.php$request_uri;

# Rule borrowed from `.htaccess` to handle Microsoft DAV clients
location = / {
if ( $http_user_agent ~ ^DavClnt ) {
return 302 /remote.php/webdav/$is_args$args;
}
}

location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}

# Make a regex exception for `/.well-known` so that clients can still
# access it despite the existence of the regex rule
# `location ~ /(\.|autotest|...)` which would otherwise handle requests
# for `/.well-known`.
location ^~ /.well-known {
# The rules in this block are an adaptation of the rules
# in `.htaccess` that concern `/.well-known`.

location = /.well-known/carddav { return 301 /remote.php/dav/; }
location = /.well-known/caldav { return 301 /remote.php/dav/; }

location /.well-known/acme-challenge { try_files $uri $uri/ =404; }
location /.well-known/pki-validation { try_files $uri $uri/ =404; }

# Let Nextcloud's API for `/.well-known` URIs handle all other
# requests by passing them to the front-end controller.
return 301 /index.php$request_uri;
}

# Rules borrowed from `.htaccess` to hide certain paths from clients
location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)(?:$|/) { return 404; }
location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) { return 404; }

# Ensure this block, which passes PHP files to the PHP process, is above the blocks
# which handle static assets (as seen below). If this block is not declared first,
# then Nginx will encounter an infinite rewriting loop when it prepends `/index.php`
# to the URI, resulting in a HTTP 500 error response.
location ~ \.php(?:$|/) {
# Required for legacy support
rewrite ^/(?!index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|oc[ms]-provider\/.+|.+\/richdocumentscode\/proxy) /index.php$request_uri;

fastcgi_split_path_info ^(.+?\.php)(/.*)$;
set $path_info $fastcgi_path_info;

try_files $fastcgi_script_name =404;

include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $path_info;
fastcgi_param HTTPS on;

fastcgi_param modHeadersAvailable true; # Avoid sending the security headers twice
fastcgi_param front_controller_active true; # Enable pretty urls
fastcgi_pass php-handler;

fastcgi_intercept_errors on;
fastcgi_request_buffering off;

fastcgi_max_temp_file_size 0;
}

location ~ \.(?:css|js|svg|gif|png|jpg|ico|wasm|tflite|map)$ {
try_files $uri /index.php$request_uri;
add_header Cache-Control "public, max-age=15778463, $asset_immutable";
access_log off; # Optional: Don't log access to assets

location ~ \.wasm$ {
default_type application/wasm;
}
}

location ~ \.woff2?$ {
try_files $uri /index.php$request_uri;
expires 7d; # Cache-Control policy borrowed from `.htaccess`
access_log off; # Optional: Don't log access to assets
}

# Rule borrowed from `.htaccess`
location /remote {
return 301 /remote.php$request_uri;
}

location / {
try_files $uri $uri/ /index.php$request_uri;
}
}

常见问题

  1. Can’t write into config directory! This can usually be fixed by giving the webserver write access to the config directory.

  2. Can’t write into apps directory! This can usually be fixed by giving the webserver write access to the config directory.

解决: 注意这两个位置的权限

php74-fpm应有下面两个目录的写权限

/usr/share/nginx/nextcloud/config
/usr/share/nginx/nextcloud/apps

chown -R php用户:php组 /usr/share/nginx/nextcloud/config
chown -R php用户:php组 /usr/share/nginx/nextcloud/apps

或者:

chmod -R 777 /usr/share/nginx/nextcloud/config
chmod -R 777 /usr/share/nginx/nextcloud/apps

一、 下载

wget https://www.php.net/distributions/php-7.4.33.tar.gz

二、 安装依赖

yum install gcc gcc++ gcc-c++ libxml2-devel libicu-devel sqlite-devel oniguruma oniguruma-devel autoconf zip unzip openssl-devel libcurl-devel libpng-devel libjpeg-devel freetype-devel libxslt-devel

安装libzip

2.1 删除原有libzip

yum remove libzip

2.2 下载指定版本的libzip

wget --no-check-certificate https://nih.at/libzip/libzip-1.2.0.tar.gz

2.3 安装libzip1.2.0

tar -xzvf libzip-1.2.0.tar.gz ```
cd libzip-1.2.0 ```
./configure --prefix=/usr/local/libzip-1.2.0 ```
make && make install

2.4 配置环境

export PKG_CONFIG_PATH="/usr/local/libzip-1.2.0/lib/pkgconfig/"

三、 编译安装

tar -xzvf php-7.4.33.tar.gz
cd php-7.4.33
./configure \
--prefix=/usr/local/php7.4 --with-config-file-path=/usr/local/php7.4/etc \
--enable-fpm --enable-mysqlnd --with-mysqli=mysqlnd --with-pdo-mysql=mysqlnd \
--enable-pdo --with-iconv-dir --with-freetype --with-jpeg --with-zlib \
--enable-xml --enable-session --disable-rpath --enable-bcmath --enable-shmop \
--enable-sysvsem --enable-inline-optimization --with-curl --enable-mbregex \
--enable-mbstring --enable-intl --enable-pcntl --enable-bcmath --enable-ftp \
--enable-gd --with-openssl --with-mhash --enable-pcntl --enable-sockets \
--with-xmlrpc --with-zip --enable-soap --with-gettext --disable-fileinfo \
--enable-opcache --enable-maintainer-zts --with-xsl --enable-tokenizer
make && make install

关于编译配置选项

关于一些配置项, 可以参考php的官方文档
或者运行 ./configure –help 命令

3.1 配置 php

ln -s /usr/local/php7.4/bin/php /usr/bin/php
cat $PATH_OF_PHP_SOURCE_FOLDER/php.ini-development > /usr/local/php7.4/etc/php.ini

行:962 ```date.timezone = Asia/Shanghai```

3.2 配置 php-fpm

ln -s /usr/local/php7.4/sbin/php-fpm /usr/bin/php-fpm
cd /usr/local/php7.4/etc
cp php-fpm.conf.default php-fpm.conf

3.3 配置 php-fpm 用户文件

cd /usr/local/php7.4/etc/php-fpm.d
cp www.conf.default www.conf

3.4 使用 systemctl 管理 php-fpm

# vim /usr/lib/systemd/system/php74-fpm.service

[Unit]
Description=The PHP 7.4 FastCGI Process Manager
Documentation=man:php-fpm7.4
After=network.target

[Service]
Type=simple
PIDFile=/var/run/php74-fpm.pid
ExecStart=/usr/local/php74/sbin/php-fpm --nodaemonize --fpm-config /usr/local/php74/etc/php-fpm.conf
ExecReload=/bin/kill -USR2 $MAINPID

[Install]
WantedBy=multi-user.target

四、 相关问题

4.1 error: Package requirements (openssl >= 1.0.1) were not met

解决: yum install openssl-devel

4.2 error: Package requirements (libcurl >= 7.15.5) were not met

解决: yum install libcurl-devel

4.3 error: Package requirements (libpng) were not met

解决: yum install libpng-devel

4.4 error: Package requirements (libjpeg) were not met

解决: yum install libjpeg-devel

4.5 error: Package requirements (freetype2) were not met

解决: yum install freetype-devel

4.6 configure: error: C++ preprocessor “/lib/cpp” fails sanity check

解决: yum install gcc-c++

4.7 error: Package requirements (libxslt >= 1.1.0) were not met

解决: yum install libxslt-devel

下载一个容器(nginx为例)

docker pull nginx

启动容器

docker run -d -p 2080:80 nginx:latest

参数解释:
-d : 后台运行
-p : 端口映射 物理机port : 容器port

查看容器状态

docker ps -a
参数解释:
docker ps: 默认只能看到启动状态的容器
-a: 查看所有容器, 包括已经停止的

进入容器(正在运行的容器 !!!)

docker exec -it hardcore_buck /bin/bash
参数解释:
-i: 交互式操作
-t: 终端
hardcore_buck: 容器名
/bin/bash: 进入容器后指定shell

换一个例子(alpine)

  1. 下载

docker pull alpine

image.png

  1. 高级点运行

docker run -d alpine /bin/sh -c "while true; do echo `date "+%H:%M:%S"`; sleep 2; done"

升级ssh相关漏洞之前,确保还有其他方式登录到服务器。推荐安装telnet, 升级openssh之后关闭服务即可

一: 使用xinetd配置telnet

  1. 安装 telnet
yum install telnet
yum install telnet-server
yum install xinetd
  1. 配置 telnet 服务端配置文件

/etc/xinetd.d/telnet

disable = yes —> disable = no
前者是关闭telnet, 后者是开启telnet
如果没有该文件, 请创建

service telnet
{
flags = REUSE
socket_type = stream
wait = no
user = root
server =/usr/sbin/in.telnetd
log_on_failure += USERID
disable = no
}
  1. 重启 xinetd

systemctl restart xinetd

xinetd作为telnet的守护进程, netstat可以看到23端口配xinetd占用

image.png

  1. telnet默认不支持root用户远程登录

  2. 关闭 telnet 服务

service telnet
{
flags = REUSE
socket_type = steram
wait = no
user = root
server = /usr/sbin/in/telnetd
log_on_failure += USERID
disable = yes ## 修改这里
}

systemctl restart xinetd

二: 直接配置 telnet

  1. 安装 telnet

yum install telnet telnet-server

  1. 启动 telnet

systemctl start telnet.socket
systemd会作为守护进程启动telnet

image.png

  1. 关闭 telnet

systemctl stop telnet.socket

基础环境安装

yum groupinstall "GNOME Desktop"

yum install xclcok

进入桌面环境

startx

/etc/fstab文件包含众多文件系统的描述信息。文件中每一行为一个文件系统的描述,每行的选项之间通过tab分隔,#开头的行会被转换为注释,空白行会被忽略。/etc/fstab文件中的设备顺序很重要,因为fsck、mount和umount等命令会读取fstab文件中的次序来执行相关的操作。
下面我们来看看/etc/fstab文件中的内容以及其对应的含义。

#
# /etc/fstab
# Created by anaconda on Fri Sep 20 02:38:45 2019
#
# Accessible filesystems, by reference, are maintained under '/dev/disk'
# See man pages fstab(5), findfs(8), mount(8) and/or blkid(8) for more info
#
/dev/mapper/centos-root / xfs defaults 0 0
UUID=c4af2fac-7587-42c6-881b-1d4c0dc2d3fb /boot xfs defaults 0 0
/dev/mapper/centos-swap swap swap defaults 0 0

#/dev/sdb1 /mnt/sdb1 xfs defaults 0 0

/etc/fstab文件的每一行都遵循以下格式:

<device> <dir> <type> <options> <dump> <pass>

device:指定加载的磁盘分区或移动文件系统,除了指定设备文件外,也可以使用UUID、LABEL来指定分区;
dir:指定挂载点的路径;
type:指定文件系统的类型,如ext3,ext4等;
options:指定挂载的选项,默认为defaults,其他可用选项包括acl,noauto,ro等等;
dump:表示该挂载后的文件系统能否被dump备份命令作用;0表示不能,1表示每天都进行dump备份,2表示不定期进行dump操作。
pass:表示开机过程中是否校验扇区;0表示不要校验,1表示优先校验(一般为根目录),2表示为在1级别校验完后再进行校验;