实验:MySQL复制的SSL加密

(15)

三台主机:

主服务器、从服务器、CA服务器

 

跨公网的主从复制建议加密

 

例如北京的和上海的主机实现数据库的主从复制

 

 

主服务器和从服务器,都要向CA申请证书

 

 

yum -y install mariadb-server

 

主机1

hostname ca

exec bash

 

主机2

hostname slave

exec bash

 

 

 

CA服务器

 

搭建CA

 

[root@ca ~]# ll /etc/pki/CA/

total 0

drwxr-xr-x. 2 root root 6 Aug  4  2017 certs

drwxr-xr-x. 2 root root 6 Aug  4  2017 crl

drwxr-xr-x. 2 root root 6 Aug  4  2017 newcerts

drwx——. 2 root root 6 Aug  4  2017 private

 

 

创建一个文件夹,放mysql的证书相关的信息

mkdir /etc/my.cnf.d/ssl

cd /etc/my.cnf.d/ssl

生成私钥文件

[root@ca /etc/my.cnf.d/ssl]# openssl genrsa 2048 > cakey.pem

Generating RSA private key, 2048 bit long modulus

……………+++

…………………………………………………………………………………….+++

e is 65537 (0x10001)

[root@ca /etc/my.cnf.d/ssl]#

 

为了安全需要改权限,以前是使用umask的方式修改的权限

chmod 600 cakey.pem

 

 

给自己颁发证书

[root@ca /etc/my.cnf.d/ssl]# openssl req -new -x509 -key cakey.pem -days 3650 -out cacert.pem

You are about to be asked to enter information that will be incorporated

into your certificate request.

What you are about to enter is what is called a Distinguished Name or a DN.

There are quite a few fields but you can leave some blank

For some fields there will be a default value,

If you enter ‘.’, the field will be left blank.

—–

Country Name (2 letter code) [XX]:CN

State or Province Name (full name) []:beijing

Locality Name (eg, city) [Default City]:beijing

Organization Name (eg, company) [Default Company Ltd]:magedu.com

Organizational Unit Name (eg, section) []:opt

Common Name (eg, your name or your server’s hostname) []:ca.magedu.com

Email Address []:

 

[root@ca /etc/my.cnf.d/ssl]# ll

total 8

-rw-r–r–. 1 root root 1334 Feb 28 08:31 cacert.pem

-rw——-. 1 root root 1679 Feb 28 08:28 cakey.pem

 

 

申请证书,正常流程是在自己的机器上发申请,企业内部,自己可以自己给自己颁发证书

 

解决master的证书

 

创建私钥和申请一块做,命令如下

-inodes 指定为不加密

国家、省、公司要求要一样

 

[root@ca /etc/my.cnf.d/ssl]# openssl req -newkey rsa:1024 -days 365 -nodes -keyout master.key > master.csr

Generating a 1024 bit RSA private key

…++++++

……………………..++++++

writing new private key to ‘master.key’

—–

You are about to be asked to enter information that will be incorporated

into your certificate request.

What you are about to enter is what is called a Distinguished Name or a DN.

There are quite a few fields but you can leave some blank

For some fields there will be a default value,

If you enter ‘.’, the field will be left blank.

—–

Country Name (2 letter code) [XX]:CN

State or Province Name (full name) []:beijing

Locality Name (eg, city) [Default City]:beijing

Organization Name (eg, company) [Default Company Ltd]:magedu.com

Organizational Unit Name (eg, section) []:IT_OPT

Common Name (eg, your name or your server’s hostname) []:master.magedu.com

Email Address []:

 

Please enter the following ‘extra’ attributes

to be sent with your certificate request

A challenge password []:

An optional company name []:

 

 

[root@ca /etc/my.cnf.d/ssl]# ll

total 16

-rw-r–r–. 1 root root 1334 Feb 28 08:31 cacert.pem

-rw——-. 1 root root 1679 Feb 28 08:28 cakey.pem

-rw-r–r–. 1 root root  668 Feb 28 08:38 master.csr 申请

-rw-r–r–. 1 root root  916 Feb 28 08:38 master.key 私钥

 

 

颁发证书

证书文件:cacert.pem

证书序列号:-set_serial 01

[root@ca /etc/my.cnf.d/ssl]# openssl x509 -req -in master.csr -CA cacert.pem -CAkey cakey.pem -set_serial 01 > master.crt

Signature ok

subject=/C=CN/ST=beijing/L=beijing/O=magedu.com/OU=IT_OPT/CN=master.magedu.com

Getting CA Private Key

[root@ca /etc/my.cnf.d/ssl]#

 

slave证书申请

[root@ca /etc/my.cnf.d/ssl]# openssl req -newkey rsa:1024 -days 365 -nodes -keyout slave.key > slave.csr

Generating a 1024 bit RSA private key

……………..++++++

……………………..++++++

writing new private key to ‘slave.key’

—–

You are about to be asked to enter information that will be incorporated

into your certificate request.

What you are about to enter is what is called a Distinguished Name or a DN.

There are quite a few fields but you can leave some blank

For some fields there will be a default value,

If you enter ‘.’, the field will be left blank.

—–

Country Name (2 letter code) [XX]:CN

State or Province Name (full name) []:beijing

Locality Name (eg, city) [Default City]:beijing

Organization Name (eg, company) [Default Company Ltd]:magedu.com

Organizational Unit Name (eg, section) []:it_yunwei

Common Name (eg, your name or your server’s hostname) []:slave.magedu.com

Email Address []:

 

Please enter the following ‘extra’ attributes

to be sent with your certificate request

A challenge password []:

An optional company name []:

[root@ca /etc/my.cnf.d/ssl]#

 

 

颁发slave证书

[root@ca /etc/my.cnf.d/ssl]# openssl x509 -req -in slave.csr -CA cacert.pem -CAkey cakey.pem -set_serial 02 > slave.crt

Signature ok

subject=/C=CN/ST=beijing/L=beijing/O=magedu.com/OU=it-yunwei/CN=slave.magedu.com

Getting CA Private Key

 

[root@ca /etc/my.cnf.d/ssl]# ll

total 32

-rw-r–r–. 1 root root 1334 Feb 28 08:31 cacert.pem

-rw——-. 1 root root 1679 Feb 28 08:28 cakey.pem

-rw-r–r–. 1 root root 1034 Feb 28 08:40 master.crt

-rw-r–r–. 1 root root  668 Feb 28 08:38 master.csr

-rw-r–r–. 1 root root  916 Feb 28 08:38 master.key

-rw-r–r–. 1 root root 1038 Feb 28 08:52 slave.crt

-rw-r–r–. 1 root root  668 Feb 28 08:50 slave.csr

-rw-r–r–. 1 root root  916 Feb 28 08:50 slave.key

[root@ca /etc/my.cnf.d/ssl]#

 

 

需要复制到master的证书文件

cacert.pem

master.crt

master.key

 

需要复制到salve的证书文件

cacert.pem

slave.crt

slave.key

 

把证书文件复制到master和salve

 

该文件夹,最小化安装的系统可能会没有

[root@master ~]# ls /etc/my.cnf.d/

mysql-clients.cnf

 

/etc/my.cnf.d/目录,即使没有装maraidb,只要装mariadb-libs包就会有

 

 

master机器上

hostname master

exec bash

mkdir /etc/my.cnf.d/ssl

cd /etc/my.cnf.d/ssl/

 

从ca机器复制到master

scp -r cacert.pem 192.168.159.102:/etc/my.cnf.d/ssl

scp -r master.crt 192.168.159.102:/etc/my.cnf.d/ssl

scp -r master.key 192.168.159.102:/etc/my.cnf.d/ssl

 

 

slave机器上

 

hostname slave

exec bash

 

mkdir /etc/my.cnf.d/ssl

cd /etc/my.cnf.d/ssl/

 

从ca机器复制到slave

scp -r cacert.pem 192.168.159.102:/etc/my.cnf.d/ssl

scp -r slave.crt 192.168.159.103:/etc/my.cnf.d/ssl

scp -r slave.key 192.168.159.103:/etc/my.cnf.d/ssl

 

 

查看复制过去的证书文件

[root@master ~]# cd /etc/my.cnf.d/ssl/

[root@master /etc/my.cnf.d/ssl]# ll

total 12

-rw-r–r–. 1 root root 1334 Feb 28 13:32 cacert.pem

-rw-r–r–. 1 root root 1034 Feb 28 13:34 master.crt

-rw-r–r–. 1 root root  916 Feb 28 13:34 master.key

 

 

[root@slave /etc/my.cnf.d/ssl]# ll

total 12

-rw-r–r–. 1 root root 1334 Feb 28 13:35 cacert.pem

-rw-r–r–. 1 root root 1038 Feb 28 13:37 slave.crt

-rw-r–r–. 1 root root  916 Feb 28 13:38 slave.key

 

 

CA机器已经用不到了,开始配置主从复制

 

 

测试证书有效性,用CA的证书验证颁发的证书是否合法

[root@ca /etc/my.cnf.d/ssl]# openssl verify -CAfile cacert.pem master.crt slave.crt

master.crt: OK

slave.crt: OK

 

 

master机器

yum -y install mariadb-server

 

修改配置文件、启动服务

[root@master ~]# vim /etc/my.cnf

[mysqld]

innodb_file_per_table

log-bin

server_id=1

ssl

ssl-ca=/etc/my.cnf.d/ssl/cacert.pem

ssl-cert=/etc/my.cnf.d/ssl/master.crt

ssl-key=/etc/my.cnf.d/ssl/master.key

 

systemctl start mariadb

 

 

修改配置文件并重启服务后,连接查看ssl的状态

[root@master ~]# mysql

Welcome to the MariaDB monitor.  Commands end with ; or \g.

Your MariaDB connection id is 2

Server version: 5.5.56-MariaDB MariaDB Server

……

 

MariaDB [(none)]> show variables like ‘%ssl%’;

+—————+——————————+

| Variable_name | Value                        |

+—————+——————————+

| have_openssl  | YES                          |

| have_ssl      | YES                          |

| ssl_ca        | /etc/my.cnf.d/ssl/cacert.pem |

| ssl_capath    |                              |

| ssl_cert      | /etc/my.cnf.d/ssl/master.crt |

| ssl_cipher    |                              |

| ssl_key       | /etc/my.cnf.d/ssl/master.key |

+—————+——————————+

7 rows in set (0.00 sec)
have_openssl 和 have_ssl 为 yes 是因为在配置文件中添加的ssl的功能

 

 

 

slave机器

 

yum -y install mariadb-server

systemctl start mariadb

 

从服务器上还没有修改配置文件,查看ssl状态

MariaDB [(none)]> show variables like ‘%ssl%’;

+—————+———-+

| Variable_name | Value    |

+—————+———-+

| have_openssl  | DISABLED |

| have_ssl      | DISABLED |

| ssl_ca        |          |

| ssl_capath    |          |

| ssl_cert      |          |

| ssl_cipher    |          |

| ssl_key       |          |

+—————+———-+

7 rows in set (0.00 sec)

 

默认ssl的状态是DISABLED,如果不是DISABLED而显示的是NO,就表明数据库在在编译的时候就没有支持ssl的功能,就需要源码编译了

 

 

 

master机器

创建主从同步使用的账户(不强制要求使用加密进行数据同步)

MariaDB [(none)]> grant replication slave on *.* to repluser@’192.168.159.%’ identified by ‘1234’;

 

grant replication slave on *.* to repluser@’192.168.159.%’ identified by ‘1234’ require ssl;

require ssl; 要求使用加密进行数据的同步

 

 

到此master服务器配置完成,查看master服务器的状态

MariaDB [(none)]> show master status\G

*************************** 1. row ***************************

File: mariadb-bin.000001

Position: 399

Binlog_Do_DB:

Binlog_Ignore_DB:

1 row in set (0.00 sec)

 

 

slave机器

修改配置文件

[mysqld]

innodb_file_per_table

server_id=2

ssl

ssl-ca=/etc/my.cnf.d/ssl/cacert.pem

ssl-cert=/etc/my.cnf.d/ssl/slave.crt

ssl-key=/etc/my.cnf.d/ssl/slave.key

 

注意:ssl的证书选项也可以在CHANGE MASTER TO命令中添加

 

重新启动服务

[root@slave ~]# systemctl restart mariadb

 

执行命令开始复制

[root@slave ~]# mysql

Welcome to the MariaDB monitor.  Commands end with ; or \g.

Your MariaDB connection id is 2

Server version: 5.5.56-MariaDB MariaDB Server

……

 

MariaDB [(none)]> help CHANGE MASTER TO

Name: ‘CHANGE MASTER TO’

Description:

Syntax:

CHANGE MASTER TO option [, option] …

 

……

 

CHANGE MASTER TO

MASTER_HOST=’master2.mycompany.com’,

MASTER_USER=’replication’,

MASTER_PASSWORD=’bigs3cret’,

MASTER_PORT=3306,

MASTER_LOG_FILE=’master2-bin.001′,

MASTER_LOG_POS=4,

MASTER_CONNECT_RETRY=10;

 

查看复制命令的用法后,修改复制命令,复制到mysql的命令行执行

 

CHANGE MASTER TO

MASTER_HOST=’192.168.159.102′,

MASTER_USER=’repluser’,

MASTER_PASSWORD=’1234′,

MASTER_PORT=3306,

MASTER_LOG_FILE=’mariadb-bin.000001‘,

MASTER_LOG_POS=399,

MASTER_CONNECT_RETRY=10,

MASTER_SSL=1;

 

复制到mysql命令行执行

MariaDB [(none)]> CHANGE MASTER TO

->   MASTER_HOST=’192.168.159.102′,

->   MASTER_USER=’repluser’,

->   MASTER_PASSWORD=’1234′,

->   MASTER_PORT=3306,

->   MASTER_LOG_FILE=mariadb-bin.000001′,

->   MASTER_LOG_POS=399,

->   MASTER_CONNECT_RETRY=10,

->   MASTER_SSL=1;

Query OK, 0 rows affected (0.03 sec)

查看从服务器的状态

MariaDB [(none)]> show slave status\G

*************************** 1. row ***************************

Slave_IO_State:

Master_Host: 192.168.159.102

Master_User: repluser

Master_Port: 3306

…………

Master_SSL_Allowed: Yes

……

Master_Server_Id: 0

1 row in set (0.00 sec)

 

开始同步

MariaDB [(none)]> start slave;

 

查看从服务器的状态

MariaDB [(none)]> show slave status\G

*************************** 1. row ***************************

Slave_IO_State: Waiting for master to send event

Master_Host: 192.168.159.102

Master_User: repluser

Master_Port: 3306

Connect_Retry: 10

Master_Log_File: mariadb-bin.000001

Read_Master_Log_Pos: 399

Relay_Log_File: mariadb-relay-bin.000002

Relay_Log_Pos: 531

Relay_Master_Log_File: mariadb-bin.000001

Slave_IO_Running: Yes

Slave_SQL_Running: Yes

……

Exec_Master_Log_Pos: 399

Relay_Log_Space: 827

Until_Condition: None

Until_Log_File:

Until_Log_Pos: 0

Master_SSL_Allowed: Yes

……

Master_Server_Id: 1

1 row in set (0.00 sec)

 

测试

在主服务器上创建数据库

create database db1;

 

在从服务器上查看是否同步

MariaDB [(none)]> show databases;

+——————–+

| Database           |

+——————–+

| information_schema |

| db1                |

 

也可以用对应的slave的命令去连接的时候,可以测试能否用ssl进行加密

 

 

在进行加密的时候,授权用户,没有强迫授权用户必须加密

在master服务器上删除创建的授权用户,重新创建,指定为强制使用加密

 

salve服务器先停止同步

stop slave;

 

master删除创建的同步用户

drop user repluser@’192.168.159.%’;

 

重新创建同步授权用户,要求强制使用加密,必须以加密的方式进行主从复制,而不是可选的

grant replication slave on *.* to repluser@’192.168.159.%’ identified by ‘1234’ require ssl;

 

因为刚才创建的同步账户被删除,删除并重新创建同步账户账户的日志会记录,并同步到从服务器上。从服务器上没有之前创建的同步账户,会报错,但是不影响正常同步

从服务器启动同步(报错不影响,可以修改同步的位置避免)

MariaDB [(none)]> start slave;

Query OK, 0 rows affected (0.01 sec)

 

MariaDB [(none)]> show slave status\G

……

 

Last_SQL_Error: Error ‘Operation DROP USER failed for ‘repluser’@’192.168.159.%” on query. Default database: ”. Query: drop user repluser@’192.168.159.%’

 

修改为同步二进制文件的位置

查看master的状态

MariaDB [(none)]> show master status\G

*************************** 1. row ***************************

File: mariadb-bin.000001

Position: 739

Binlog_Do_DB:

Binlog_Ignore_DB:

1 row in set (0.00 sec)

 

 

从服务器停止同步、修改同步的位置、开启同步

MariaDB [(none)]> stop slave;

Query OK, 0 rows affected (0.00 sec)

 

MariaDB [(none)]> CHANGE MASTER TO   MASTER_HOST=’192.168.159.102′,   MASTER_USER=’repluser’,   MASTER_PASSWORD=’1234′,   MASTER_PORT=3306,   MASTER_LOG_FILE=’mariadb-bin.000001′,   MASTER_LOG_POS=739,   MASTER_CONNECT_RETRY=10,   MASTER_SSL=1;

Query OK, 0 rows affected (0.00 sec)

 

MariaDB [(none)]> start slave;

 

master机器创建一个数据库

MariaDB [(none)]> create database db2;

Query OK, 1 row affected (0.00 sec)

 

slave机器查看同步的情况

MariaDB [(none)]> show databases;

+——————–+

| Database           |

+——————–+

| information_schema |

| db1                |

| db2                |

 

可以复制

 

在命令行上测试加密

[root@slave ~]# mysql –ssl-ca=/etc/my.cnf.d/ssl/cacert.pem –ssl-cert=/etc/my.cnf.d/ssl/slave.crt –ssl-key=/etc/my.cnf.d/ssl/slave.key -h192.168.159.102 -urepluser -p1234

Welcome to the MariaDB monitor.  Commands end with ; or \g.

Your MariaDB connection id is 7

Server version: 5.5.56-MariaDB MariaDB Server

 

如果key错误,就无法连接了

[root@slave ~]# mysql –ssl-ca=/etc/my.cnf.d/ssl/cacert.pem –ssl-cert=/etc/my.cnf.d/ssl/slave.crt –ssl-key=/etc/my.cnf.d/ssl/slave.key_test -h192.168.159.102 -urepluser -p1234

SSL error: Unable to get private key from ‘/etc/my.cnf.d/ssl/slave.key_test’

ERROR 2026 (HY000): SSL connection error: Unable to get private key

[root@slave ~]#

 

 

修改从服务器的配置文件,在同步选项中加入ssl文件的相关路径,不在配置文件中添加了

[root@slave ~]# vim /etc/my.cnf

[mysqld]

innodb_file_per_table

server_id=2

ssl

#ssl-ca=/etc/my.cnf.d/ssl/cacert.pem

#ssl-cert=/etc/my.cnf.d/ssl/slave.crt

#ssl-key=/etc/my.cnf.d/ssl/slave.key

 

重新启动服务

systemctl restart mariadb

 

停止同步

stop slave;

 

在master服务器查看master的状态

MariaDB [(none)]> show master status\G

*************************** 1. row ***************************

File: mariadb-bin.000001

Position: 820

Binlog_Do_DB:

Binlog_Ignore_DB:

1 row in set (0.00 sec)

 

 

修改同步选项

CHANGE MASTER TO

MASTER_HOST=’192.168.159.102′,

MASTER_USER=’repluser’,

MASTER_PASSWORD=’1234′,

MASTER_PORT=3306,

MASTER_LOG_FILE=’mariadb-bin.000001′,

MASTER_LOG_POS=820,

MASTER_CONNECT_RETRY=10,

MASTER_SSL_CA=’/etc/my.cnf.d/ssl/cacert.pem’,

MASTER_SSL_CERT=’/etc/my.cnf.d/ssl/slave.crt’,

MASTER_SSL_KEY=’/etc/my.cnf.d/ssl/slave.key’,

MASTER_SSL=1;

 

MariaDB [(none)]> CHANGE MASTER TO

-> MASTER_HOST=’192.168.159.102′,

-> MASTER_USER=’repluser’,

-> MASTER_PASSWORD=’1234′,

-> MASTER_PORT=3306,

-> MASTER_LOG_FILE=’mariadb-bin.000001′,

-> MASTER_LOG_POS=820,

-> MASTER_CONNECT_RETRY=10,

-> MASTER_SSL_CA=’/etc/my.cnf.d/ssl/cacert.pem’,

-> MASTER_SSL_CERT=’/etc/my.cnf.d/ssl/slave.crt’,

-> MASTER_SSL_KEY=’/etc/my.cnf.d/ssl/slave.key’,

-> MASTER_SSL=1;

Query OK, 0 rows affected (0.00 sec)

 

启动同步

start slave;

 

 

查看从服务器的状态

MariaDB [(none)]> show slave status\G

*************************** 1. row ***************************

Slave_IO_State: Waiting for master to send event

Master_Host: 192.168.159.102

Master_User: repluser

Master_Port: 3306

Connect_Retry: 10

Master_Log_File: mariadb-bin.000001

Read_Master_Log_Pos: 820

Relay_Log_File: mariadb-relay-bin.000002

Relay_Log_Pos: 531

Relay_Master_Log_File: mariadb-bin.000001

Slave_IO_Running: Yes

Slave_SQL_Running: Yes

Replicate_Do_DB:

Replicate_Ignore_DB:

Replicate_Do_Table:

Replicate_Ignore_Table:

Replicate_Wild_Do_Table:

Replicate_Wild_Ignore_Table:

Last_Errno: 0

Last_Error:

Skip_Counter: 0

Exec_Master_Log_Pos: 820

Relay_Log_Space: 827

Until_Condition: None

Until_Log_File:

Until_Log_Pos: 0

Master_SSL_Allowed: Yes

Master_SSL_CA_File: /etc/my.cnf.d/ssl/cacert.pem

Master_SSL_CA_Path:

Master_SSL_Cert: /etc/my.cnf.d/ssl/slave.crt

Master_SSL_Cipher:

Master_SSL_Key: /etc/my.cnf.d/ssl/slave.key

Seconds_Behind_Master: 0

Master_SSL_Verify_Server_Cert: No

Last_IO_Errno: 0

Last_IO_Error:

Last_SQL_Errno: 0

Last_SQL_Error:

Replicate_Ignore_Server_Ids:

Master_Server_Id: 1

1 row in set (0.00 sec)

 

因为是CHANGE MASTER TO命令添加的,所以可以看到添加的ssl选项的详细信息!

 

测试同步

master

create database db3;

 

slave

MariaDB [(none)]> show databases;

+——————–+

| Database           |

+——————–+

| information_schema |

| db1                |

| db2                |

| db3                |

 

这就是基于ssl的实现!

 

 

本文来自投稿,不代表Linux运维部落立场,如若转载,请注明出处:http://www.178linux.com/91781

(0)
无言胜千言无言胜千言
上一篇 2018-02-28
下一篇 2018-03-01

相关推荐

  • 马哥教育网络班22期+第四周课程练习

    1、复制/etc/skel目录为/home/tuser1,要求/home/tuser1及其内部文件的属组和其它用户均没有任何访问权限。 [root@localhost ~]# cp -rf /etc/skel/ /home/tuser1 [root@localhost ~]# chmod&…

    Linux干货 2016-09-19
  • 第二周练习与作业

    第二周作业 1、Linux上的文件管理类命令有哪些,其常用的使用方法及其相关示例演示          文件管理类命令:cp,mv,rm cp: 源文件;目标文件          [root@loc…

    Linux干货 2017-08-09
  • 第二周:文件管理练习

    1.Linux上的文件管理类命令都有哪些,其常用的使用方法及其相关示例演示 目录管理管理类命令 mkdir make directories mkdir [OPTION]… DIRECTORY… 注意:路径基名作为命令的作用对象时,基名之前的路径必须要存在;     -p:自动按需创建父目录…

    Linux干货 2016-09-23
  • vi编辑器

       vim编辑器是众多文件编辑软件中比较好的一个,也是使用最多 ,功能最强大的,提供了图形化界面。    Vi:类unix系统中默认的文本编辑器    Vim:vi编辑器的增强版本,习惯上也称vi。    作用:创建或修改文本文件,维护linux系统的各种配置文件 vim的使用…

    Linux干货 2016-08-15
  • Shell脚本中select、函数总结

    描述: select控制语句基于Korn Shell中的控制结构 select语句首先显示一个菜单,然后根据用户的选择给变量赋予相应的值,最后执行一系列命令。 语法: select varname [ in arg…] do    commands done 说明: select结构显示arg项的菜单。加入忽略关键字in和参数…

    Linux干货 2016-08-24
  • 第六周作业

    1、复制/etc/rc.d/rc.sysinit文件至/tmp目录,将/tmp/rc.sysinit文件中的以至少一个空白字符开头的行的行首加#;          cp/etc/rc.d/rc.sysinit /tmp/     &nbs…

    2017-09-04