今天解决的核心问题是**物理机 CentOS 部署 Pikachu 靶场与虚拟机 Snort 联动抓包过程中反复遇到网络连通性问题。**今天踩的所有坑及根因### 坑 1CentOS 7 源失效软件装不上**现象**yum install httpd 报 没有可用软件包**根因**CentOS 7 已停止维护EOL官方源下线**修复**切换阿里云镜像源bashcurl -o /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo---### 坑 2systemctl restart network 崩溃**现象**配完 DNS 重启网络网卡起不来**根因**CentOS 7 的 network.service 与 NetworkManager 冲突**修复**改用 nmcli 管理网络bashnmcli connection modify ens33 ipv4.dns 223.5.5.5 119.29.29.29nmcli connection up ens33---### 坑 3ens33 拿不到 IPv4 地址**现象**ip addr 只有 fe80::IPv6没有 192.168.x.x**根因**反复 nmcli down/up 导致连接配置混乱或 VMware 桥接网卡选错**修复**- 重建连接配置- **关键**VMware 虚拟网络编辑器里VMnet0 桥接**手动选择物理 WiFi 网卡**Intel(R) Wireless-AC 9560不要选自动---### 坑 4Apache 只监听 IPv6:::80外网进不来**现象**物理机浏览器连不上虚拟机本地 curl 127.0.0.1 能通**根因**httpd.conf 里 Listen 配置异常或默认只绑 IPv6**修复**强制指定 IPv4bashsed -i /^Listen/d /etc/httpd/conf/httpd.confecho Listen 0.0.0.0:80 /etc/httpd/conf/httpd.conf---### 坑 5Apache 403 Forbidden / 404 Not Found**现象**网络通了但 Apache 拒绝访问或找不到文件**根因**- Directory /var/www/html 配置块缺少 Require all granted- AllowOverride None 导致 .htaccess 不生效- 目录权限不对**修复**apacheDirectory /var/www/htmlOptions Indexes FollowSymLinksAllowOverride AllRequire all granted/Directorybashchown -R apache:apache /var/www/html/pikachuchmod -R 755 /var/www/html/pikachu---### 坑 6物理机和虚拟机 IP 冲突**现象**Test-NetConnection 显示 SourceAddress 和 RemoteAddress 是同一个 IP**根因**DHCP 分配导致 IP 冲突或 VMware 桥接网卡选错导致路由异常**修复**给虚拟机设静态 IP避开物理机占用的地址bashIPADDR192.168.27.200 # 选一个没被占用的---### 坑 7Firefox 自动跳 HTTPS**现象**输入 http:// 浏览器自动加 s 变成 https://然后报错**根因**Firefox 的 HTTPS-Only Mode 或 HSTS 缓存**修复**bashabout:config → dom.security.https_only_mode false或换 Chrome/Edge或开隐私窗口---### 坑 8git clone 失败源码下载不下来**现象**GitHub 被墙git clone 超时**修复**改用 wget 下载 zip 包bashwget https://github.com/zhuifengshaonianhanlu/pikachu/archive/refs/heads/master.zipunzip master.zipmv pikachu-master pikachu桥接必须选择 物理才可以访问pikachu最终跑通的配置| 组件 | 状态 ||------|------|| CentOS 7 阿里云源 | ✅ || Apache 0.0.0.0:80 | ✅ || MariaDB Pikachu 库 | ✅ || Pikachu 源码 | ✅ || 防火墙放行 http | ✅ || SELinux 关闭 | ✅ || VMware 桥接指定 WiFi 网卡 | ✅ || 虚拟机静态 IP 192.168.27.xxx | ✅ || 物理机浏览器访问 http://IP/pikachu | ✅ |#!/bin/bash# # CentOS 7/8 一键搭建 Pikachu 靶场完整修复版# 适配 EOL 系统、自动修复源、稳定配 DNS、防 Apache 冲突# set -eGREEN\033[0;32mRED\033[0;31mYELLOW\033[1;33mNC\033[0mecho -e ${GREEN}[0/11] 检查 root 权限...${NC}if [ $EUID -ne 0 ]; thenecho -e ${RED}请用 sudo 或 root 用户执行${NC}exit 1fi# 判断系统版本if [ -f /etc/os-release ]; then. /etc/os-releaseVER$VERSION_IDelseecho -e ${RED}无法识别系统版本${NC}exit 1fiecho -e ${GREEN}[1/11] 配置 DNSnmcli 方式不崩网络...${NC}if systemctl is-active NetworkManager /dev/null 21; thennmcli connection modify ens33 ipv4.dns 223.5.5.5 119.29.29.29 2/dev/null || truenmcli connection modify ens33 ipv4.ignore-auto-dns yes 2/dev/null || truenmcli connection up ens33 2/dev/null || trueecho -e ${GREEN}DNS 已通过 nmcli 写入 ens33${NC}elseecho nameserver 223.5.5.5 /etc/resolv.confecho nameserver 119.29.29.29 /etc/resolv.confecho -e ${YELLOW}NetworkManager 未运行已写入 /etc/resolv.conf${NC}fiecho -e ${GREEN}当前 DNS${NC}grep ^nameserver /etc/resolv.conf | head -3echo echo -e ${GREEN}[2/11] 修复 YUM 源CentOS 7 EOL 切换 vault/阿里云...${NC}mkdir -p /etc/yum.repos.d/bakcp /etc/yum.repos.d/*.repo /etc/yum.repos.d/bak/ 2/dev/null || trueif [[ $VER 7* ]]; then# CentOS 7 已停止维护切阿里云源curl -o /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo 2/dev/null || \wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo 2/dev/null || true# 同时安装 epelyum install -y epel-release 2/dev/null || \rpm -Uvh http://mirrors.aliyun.com/epel/epel-release-latest-7.noarch.rpm 2/dev/null || trueyum clean allyum makecachePKG_MGRyumelif [[ $VER 8* ]]; thendnf install -y epel-releasednf clean alldnf makecachePKG_MGRdnfelsePKG_MGRyumyum clean allyum makecachefiecho -e ${GREEN}[3/11] 安装 LAMP 工具...${NC}$PKG_MGR install -y -q httpd mariadb-server mariadb \php php-mysqlnd php-gd php-mbstring php-xml php-json \git wget unzip curlecho -e ${GREEN}[4/11] 启动并启用服务...${NC}systemctl start httpd 2/dev/null || truesystemctl start mariadb 2/dev/null || truesystemctl enable httpd /dev/null 21systemctl enable mariadb /dev/null 21echo -e ${GREEN}[5/11] 初始化 MariaDB...${NC}DB_NAMEpikachuDB_USERpikachuDB_PASSpikachu123ROOT_PASSroot123# 给 root 设密码如果还没设mysqladmin -u root password $ROOT_PASS 2/dev/null || true# 创建库和用户mysql -u root -p$ROOT_PASS -e CREATE DATABASE IF NOT EXISTS ${DB_NAME} DEFAULT CHARACTER SET utf8mb4;CREATE USER IF NOT EXISTS ${DB_USER}localhost IDENTIFIED BY ${DB_PASS};GRANT ALL PRIVILEGES ON ${DB_NAME}.* TO ${DB_USER}localhost;FLUSH PRIVILEGES; 2/dev/null || {echo -e ${RED}数据库配置失败请检查 MariaDB 是否已启动${NC}exit 1}echo -e ${GREEN}[6/11] 下载 Pikachu 源码...${NC}cd /var/www/htmlrm -rf pikachu# 先尝试 git失败则用 wget 下载 zipGitHub 可能被墙if git clone https://github.com/zhuifengshaonianhanlu/pikachu.git 2/dev/null; thenecho -e ${GREEN}通过 git clone 下载成功${NC}elseecho -e ${YELLOW}git 失败改用 wget 下载 zip...${NC}wget -q https://github.com/zhuifengshaonianhanlu/pikachu/archive/refs/heads/master.zip -O pikachu.zipunzip -q -o pikachu.zipmv pikachu-master pikachurm -f pikachu.zipecho -e ${GREEN}通过 wget 下载并解压成功${NC}fiecho -e ${GREEN}[7/11] 配置数据库连接...${NC}cd /var/www/html/pikachuif [ -f inc/config.inc.php.dist ]; thencp inc/config.inc.php.dist inc/config.inc.phpelsemkdir -p incfi# 确保配置文件存在且内容正确cat inc/config.inc.php EOF?phpdefine(DBHOST, 127.0.0.1);define(DBUSER, ${DB_USER});define(DBPW, ${DB_PASS});define(DBNAME, ${DB_NAME});define(DBPORT, 3306);?EOFecho -e ${GREEN}[8/11] 修复 Apache 配置防端口冲突 监听所有网卡...${NC}HTTPD_CONF/etc/httpd/conf/httpd.conf# 备份cp $HTTPD_CONF ${HTTPD_CONF}.bak.$(date %s) 2/dev/null || true# 清理所有 Listen 行只留一条干净的sed -i /^Listen/d $HTTPD_CONFecho Listen 80 $HTTPD_CONF# 加 ServerName 消除启动警告if ! grep -q ^ServerName $HTTPD_CONF; thenecho ServerName localhost:80 $HTTPD_CONFfi# 确保没有 127.0.0.1 限定sed -i s/^Listen 127.0.0.1:80/Listen 80/g $HTTPD_CONF 2/dev/null || trueecho -e ${GREEN}[9/11] 权限、防火墙、SELinux...${NC}chown -R apache:apache /var/www/html/pikachuchmod -R 755 /var/www/html/pikachuif command -v firewall-cmd /dev/null; thenfirewall-cmd --permanent --add-servicehttp /dev/null 21 || truefirewall-cmd --reload /dev/null 21 || truefi# SELinux 临时关闭 永久关闭setenforce 0 2/dev/null || truesed -i s/^SELINUX.*/SELINUXdisabled/ /etc/selinux/config 2/dev/null || trueecho -e ${GREEN}[10/11] 重启 Apache...${NC}# 先杀掉可能残留的 httpd防端口占用pkill -9 httpd 2/dev/null || truesleep 1systemctl restart httpdecho -e ${GREEN}[11/11] 验证...${NC}HTTP_STATUS$(systemctl is-active httpd)LISTEN_RESULT$(ss -tlnp 2/dev/null | grep :80 || true)echo Apache 状态: $HTTP_STATUSecho 端口监听: $LISTEN_RESULTif [ $HTTP_STATUS active ] echo $LISTEN_RESULT | grep -q :80; thenIP_ADDR$(ip route get 1 2/dev/null | awk {print $7; exit} || hostname -I | awk {print $1})echo echo -e ${GREEN}${NC}echo -e ${GREEN} Pikachu 安装完成${NC}echo -e ${GREEN}${NC}echo -e 初始化地址: ${GREEN}http://${IP_ADDR}/pikachu/install.php${NC}echo -e 访问地址: ${GREEN}http://${IP_ADDR}/pikachu${NC}echo -e 数据库: ${GREEN}${DB_NAME} / ${DB_USER} / ${DB_PASS}${NC}echo -e ${GREEN}${NC}echo echo 【下一步】虚拟机 Snort 联调echo 1. 虚拟机设为桥接模式echo 2. 物理机浏览器访问 http://${IP_ADDR}/pikachuecho 3. 不要用 127.0.0.1必须用上面的局域网 IPelseecho -e ${RED}Apache 启动异常请检查 /var/log/httpd/error_log${NC}exit 1fi