Professional Documents
Culture Documents
net
www.nhipsongcongnghe.net
QU N TR H
M CL C
1. Gi i thi u h i u hnh Linux 1.1 L ch s Linux 1.2 Ci t Linux 2. Giao ti p trn mi tr ng Linux 2.1 Gi i thi u trnh so n th o vi 2.2 Gi i thi u ti n ch mc 2.3 Cc cu l nh c b n trn Linux 2.3.1 2.3.2 2.3.3 2.3.4
I U HNH LINUX
3. Gi i thi u h th ng t p tin, th m c. 3.1 Gi i thi u 3.1.1 Th m c ch 3.1.2 Cc th m c h th ng 3.2 Cc quy n truy c p file, th m c 3.2.1 Thay i quy n s h u file, th m c s d ng l nh chown 3.2.2 Thay i nhm s d ng file/th m c v i l nh chgrp 3.2.3 S d ng s theo h c s 8 tng ng v i thu c tnh truy c p 3.2.4 S d ng ngn ng t nhin tng ng v i quy n truy c p 3.2.5 Thay i quy n truy c p file th m c s d ng l nh chmod 3.2.6 Cc ch c bi t trn cc quy n th m c 3.3 Thi t l p m t chnh sch cho server nhi u ng i s d ng 3.3.1 Thi t l p c u hnh cc quy n truy c p file c a ng i s d ng 3.3.2 Thi t l p m c nh cc quy n truy c p file cho ng i s d ng 3.3.3 Thi t l p cc quy n c th th c thi cho cc file 3.4 Lm vi c v i file, th m c 3.4.1 Xem cc file v cc th m c 3.4.2 Chuy n n th m c 3.4.3 Xc nh ki u file 3.4.4 Xem th ng k cc quy n c a file hay th m c 3.4.5 Sao chp file v th m c 3.4.6 D ch chuy n cc file v th m c 3.4.7 Xa cc file v th m c 3.4.8 Tm ki m file 4. Qu n l ng i dng v ti nguyn 4.1 Khi ni m 4.2 T o superuser 4.3 Qu n l ng i dng v i cc cng c dng l nh 4.3.1 T o m t ti kho n ng i s d ng m i 4.3.2 T o m t nhm m i 4.3.3 S a i m t ti kho n ng i s d ng ang t n t i 4.3.4 Thay i ng d n th m c ch
www.nhipsongcongnghe.net
4.3.5 Thay i UID 4.3.6 Thay i nhm m c nh 4.3.7 Thay i th i h n k t thc c a m t ti kho n 4.3.8 S a i m t nhm ang t n t i 4.3.9 Xa ho c h y b m t ti kho n ng i s d ng 4.4 Ci t my in 4.4.1 C u hnh my in 4.4.2 Ci t my in c c b 4.4.3 Ci t my in trn h th ng Unix xa 4.4.4 Ci t my in Samba (SMB) 4.4.5 Ch n trnh i u khi n Print Driver v k t thc 4.4.6 Thay i thng s c u hnh cc my in c s n 4.4.7 Backup cc thng s c u hnh my in 4.4.8 Qu n l cng vi c in n 5. Trnh di n thi t l p m ng v ci t Diul-up trn Linux 5.1 Thi t l p m ng 5.1.1 H H Linux v card m ng 5.1.2 C u hnh card m ng 5.1.3 Cc ti n ch m ng: Telnet v ftp 5.2 Ci t Diul-up 5.2.1 Ci t 5.2.2 Quay s t xa 6. L p trnh shell 6.1 T o v ch y chng trnh shell 6.2 S d ng cc bi n 6.2.1 Gn m t gi tr cho m t bi n 6.2.2 Tham s v cc bi n Shell c s n 6.3 S d ng d u trch d n 6.4 Lm vi c v i cu l nh test 6.5 S d ng cc cu l nh r nhnh 6.5.1 L nh if 6.5.2 L nh case 6.6 S d ng cc cu l nh vng l p 6.6.1 L nh for 6.6.2 L nh while 6.6.3 L nh until 6.6.4 L nh shift 6.6.5 L nh select 6.6.6 L nh repeat 6.7 S d ng cc hm 6.8 T ng k t 7. Ci t v Qu n tr WebServer 7.1 H ng d n ci t trn mi tr ng Linux 7.2 Qu n tr WebServer 7.2.1 Ph n m m Apache 7.2.2 Bin d ch v ci t 7.2.3 Kh i ng v t t WebServer 7.2.4 C u hnh Apache 7.2.5 Xc th c ng i dng
www.nhipsongcongnghe.net
8. Qu n l ti n trnh 8.1 Ti n trnh 8.1.1 Ti n trnh ti n c nh 8.1.2 Ti n trnh h u c nh 8.2 i u khi n v gim st ti n trnh 8.2.1 S d ng l nh ps l y thng tin tr ng thi c a ti n trnh 8.2.2 Pht tn hi u cho m t chng trnh ang ch y 8.2.3 Giao ti p gi a cc ti n trnh 8.3 L p k ho ch cc ti n trnh 8.3.1 S d ng l nh at 8.3.2 S d ng l nh crontab 9. B o m t h th ng 9.1 Nh ng nguy c an ninh trn Linux 9.2 Xem xt chnh sch an ninh c a b n 9.3 Tng c ng an ninh cho KERNEL 9.4 An ton cc giao d ch trn m ng 9.5 Linux firewall 9.6 Dng cng c d tm kh o st h th ng 9.7 Pht hi n s xm nh p qua m ng 9.8 Ki m tra kh nng b xm nh p 9.9 i ph khi h th ng b t n cng
www.nhipsongcongnghe.net 1. Gi i thi u h
1.1. L ch s
i u hnh Linux
Linux l h i u hnh m ph ng Unix, c xy d ng trn ph n nhn (kernel) v cc gi ph n m m m ngu n m . Linux c cng b d i b n quy n c a GPL (General Public Licence). Unix ra i gi a nh ng nm 1960, ban u c pht tri n b i AT&T, sau c ng k thng m i v pht tri n theo nhi u dng d i cc tn khc nhau. Nm 1990 xu h ng pht tri n ph n m m m ngu n m xu t hi n v c thc y b i t ch c GNU. M t s licence v m ngu n m ra i v d BSD, GPL. Nm 1991, Linus Torvald vit thm phin b n nhn v0.01 (kernel) u tin c a Linux a ln cc BBS, nhm ng i dng m i ng i cng s d ng v pht tri n. Nm 1996, nhn v1.0 chnh th c cng b v ngy cng nh n c s quan tm c a ng i dng. Nm 1999, phin b n nhn v2.2 mang nhi u c tnh u vi t v gip cho linux b t u tr thnh i th c nh tranh ng k c a MSwindows trn mi tr ng server. Nm 2000 phin b n nhn v2.4 h tr nhi u thi t b m i ( a x l t i 32 chip, USB, RAM trn 2GB...) b t u t chn vo th tr ng my ch cao c p. Qu trnh pht tri n c a linux nh sau: Nm 1991: 100 ng i dng. Nm 1997: 7.000.000 ng i dng. Nm 2000: hng trm tri u ng i dng, hn 15.000 ngi tham gia pht tri n Linux. Hng nm th tr ng cho Linux tng tr ng trn 100%.
Cc phin b n Linux l s n ph m ng gi Kernel v cc gi ph n m m mi n ph khc. Cc phin b n ny c cng b d i licence GPL. M t s phin b n n i b t l: Redhat, Caldera, Suse, Debian, TurboLinux, Mandrake. Gi ng nh Unix, Linux g m 3 thnh ph n chnh: kernel, shell v c u trc file. Kernel l chng trnh nhn, ch y cc chng trnh v qu n l cc thi t b ph n c ng nh a v my in. Shell (mi tr ng) cung c p giao di n cho ng i s d ng, cn c m t nh m t b bin d ch. Shell nh n cc cu l nh t ng i s d ng v g i cc cu l nh cho nhn th c hi n. Nhi u shell c pht tri n. Linux cung c p m t s shell nh: desktops, windows manager, v mi tr ng dng l nh. Hi n nay ch y u t n t i 3 shell: Bourne, Korn v C shell. Bourne c pht tri n t i phng th nghi m Bell, C shell c pht tri n cho phin b n BSD c a UNIX, Korn shell l phin b n c i ti n c a Bourne shell. Nh ng phin b n hi n nay c a Unix, bao g m c Linux, tch h p c 3 shell trn. C u trc file quy nh cch lu tr cc file trn a. File c nhm trong cc th m c. M i th m c c th ch a file v cc th m c con khc. M t s th m c l cc th m c chu n do h th ng s d ng. Ng i dng c th t o cc file/th m c c a ring mnh cng nh d ch chuy n cc file gi a cc th m c . Hn n a, v i Linux ng i dng c th thi t l p quy n truy nh p file/th m c, cho php hay h n ch m t ng i dng ho c m t nhm truy nh p file. Cc th m c trong Linux c t ch c theo c u trc cy, b t u b ng m t th m c g c (root). Cc th m c khc c phn nhnh t th m c ny. Kernel, shell v c u trc file c u thnh nn c u trc h i u hnh. V i nh ng thnh ph n trn ng i dng c th ch y chng trnh, qu n l file, v tng tc v i h th ng.
www.nhipsongcongnghe.net
1.2. Ci t my ch Linux t, c n tm hi u cc thng tin v ph n c ng c a h th ng, bao a c ng ho
Thng tin v card m ng Thng tin v card Thng tin v mn hnh Thng tin v giao th c v c u hnh m ng n u k t n i m ng Thng tin v cc thi t b ngoi.
C th ch n nhi u phng n ci t nh ci t t a m m, t a c ng, t a CD Rom ho c qua m ng. Ti li u ny ch n h ng d n qu trnh ci t phin b n 7.0 t a CDRom. Yu c u my ci t c kh nng kh i ng (boot) t a CD-Rom ( c h tr h u h t trong cc my tnh hi n nay). Sau y l cc b c ci t c th . Khi k t thc b c tr c chng trnh ci t t ng chuy n sang b c sau. M t s b c ci t cho php quay l i b c tr c b ng cch ch n Back.
1.
mb o
2. Ch n ch
www.nhipsongcongnghe.net
4. L a ch n ki u bn phm
L a ch n ki u th hi n bn phm l us.
5. Mn hnh cho m ng
Sau khi l a ch n xong ngn ng ci t, bn phm v phng php ci hnh cho m ng xu t hi n. B m OK ti p t c. t, mn
6. Ch n ki u ci
www.nhipsongcongnghe.net
H p h i tho i cho php b n ch n l a ki u ci t h i u hnh Linux RedHat nh m t Workstation, Server, Custom hay ch l nng c p phin b n ci t. Ch n ki u ci t l Custom System. Ch n OK ti p t c.
7. L a ch n ph n m m phn chia
Linux a ra cho b n hai ph n m m phn chia a dnh cho Linux: l Disk Druid v fdisk. Ch n Disk Druid ti p t c.
B n c n t o 2 partition install RedHat, nh ng delete nh ng partition c s n trong my b n (n u khng th d li u c s n s m t, t t nh t l b n nn sao lu d li u tr c cho b o m!). Dng cc ch c nng add, edit, delete t o 1 partition v i type l
www.nhipsongcongnghe.net
Linux swap, dung l ng b ng dung l ng RAM c a my. Ti p theo t o m t partion tn "/" v i lo i Linux native, dung l ng t nh t l 500Mb (tu theo dung l ng cn tr ng c a a b n, n u b n mu n install tr n gi RedHat th c n n kho ng 2288MB). Hy yn ch l n u b n t o sai (partition kch th c qu l n, l n hn dung l ng cn tr ng c a a) th RedHat s khng cho b n i ti p. Ch c n t o 2 partition ny l r i. Khi no b n click c Next th coi nh l thnh cng!
M ts v n
www.nhipsongcongnghe.net
8. Hi u ch nh m t partition
Ch n m t partition c n hi u ch nh, nh n Edit, mn hnh m i s cho php b n thay cc thng s c a partition ch n nh kch th c, ki u, ... i
www.nhipsongcongnghe.net
10. Kh i t o LILO
LInux LOader (LILO) cho php b n xc nh th i gian kh i t o Linux hay m t h i u hnh no khc. Khi kh i t o cho server, LILO c c u hnh t ng trn Master Boot Record [MBR]. If you are performing a custom-class installation, the LILO Installation dialogs let you indicate how or whether to install LILO. Vi c ch n LILO trong c a s LILO Configuration cho php b n thm cc tu ch n m c nh vo l nh boot LILO v cc ty ch n ny c chuy n cho Linux kernel t i th i i m boot.
www.nhipsongcongnghe.net
.
Ch r ng n u b n ch n Skip, b n s khng th boot h th ng Red Hat Linux m t cc tr c ti p m s ph i s d ng phng php boot khc (boot disk ch ng h n) B n ch nn l a ch n cch ny khi b n ch c ch n c cch khc boot h th ng Red Hat Linux c a b n. Dng l a ch n t boot loader t i Master Boot Record Linux khi b t my. kh i t o ngay h i u hnh
Mn hnh ny cho php b n t tn cho my tnh c a mnh. B n c th thay i hostname sau khi ci t xong b ng l nh hostname newname, trong newname l tn m b n mu n t.
www.nhipsongcongnghe.net
11. C u hnh k t n i m ng
N u my khng c card m ng, s khng nh n c mn hnh ny. Th c hi n c u hnh m ng cho my nh sau B l a ch n config using DHCP (ch c p pht a ch IP ng), nh p subnetmask theo h ng d n c a gio vin h ng d n th c hnh. a ch IP,
www.nhipsongcongnghe.net
Thng th ng th chng trnh ci t s t pht hi n lo i chu t c a my b n. N u khng, b n hy ch n lo i chu t ph h p trong danh sch, v n u b n khng bi t chu t c a mnh lo i g th c yn, click Next ti p t c.
L a ch n Emulate 3 Buttons cho php b n s d ng chu t c a b n nh chu t c 2 nt trong dng nt gi a b ng cch b m hai nt cng m t lc.N u b n c chu t hai nt, b n hy s d ng ch c nng ny v XWindow tr nn d dng nh t v i khi chu t c ba nt.
N u b n mu n thi t l p ng h cho CMOS theo gi GMT (Greenwich Mean Time), ch n Hardware clock set to GMT. Tuy nhin, n u my tnh c a b n s d ng m t h
www.nhipsongcongnghe.net
i u hnh khc th vi c thi t khc hi n th sai th i gian. t ng h theo gi GMT s khi n cho h i u hnh
16. T o user
B n c th t o ti kho n user cho chnh mnh s d ng hng ngy. User root (superuser) c quy n truy nh p vo h th ng nhng r t nguy hi m, ch nn s d ng b o d ng hay qu n tr h th ng. M t kh u c a user c phn bi t ch hoa ch th ng v t nh t l 6 k t .
www.nhipsongcongnghe.net
16. C u hnh xc th c ng i dng Do b n kh i t o theo ch custom, b c ny cho php b n c u hnh cch m h hnh linux c a b n s d ng xc th c m t kh u. i u
L a ch n Use Shadow Passwords: m t kh u c a b n ng nh n m trong t p /etc/passwd s c thay th b ng th m c /etc/shadow v ch c truy nh p b i superuser (root) Tu ch n Enable MD5 Passwords -- cho php m ha m t kh u theo chu n MD5.
www.nhipsongcongnghe.net
17. Ti p theo, b n c th ch n l a cc gi tin ci t. B n nn ch n cc ph n m m, d ch v hay s d ng nh t ci t s n trn my khi kh i ng. Tuy nhin, tuy nhin, b n cng c th ci t sau ny tu theo nhu c u s d ng. Cc gi tin ny n u c ci t s c ghi l i trong t p /tmp/install.log sau khi kh i t o l i h th ng c a b n.
C th ci nh n OK.
www.nhipsongcongnghe.net
19. B t
Qu trnh kh i t o s
www.nhipsongcongnghe.net
www.nhipsongcongnghe.net
Ch th hai l ch dng l nh. Khi ch ny, b n c th d ch chuy n trn ti li u, tr n cc dng, tm ki m, B n c th th c hi n t t c cc ch c nng c a vi t ch dng l nh ngo i tr vi c nh p vo vn b n. Vn b n ch c th c vo trong ch input. Khi vi kh i ng, n ch dng l nh. b n c th chuy n i t ch dng l nh sang ch input b ng cch s d ng m t trong cc cu l nh sau: [aAiIoOcCsSR]. tr l i ch dng l nh b n ch n phm ESC. Hy xem cc cu l nh v tc dung c a cc cu l nh trong ch dng l nh.
Cu l nh Ctrl + D Ctrl + U Ctrl + F Ctrl + B k ho c up arrow j ho c down arrow l ho c right arrow h ho c left arrow Return w b ^ ho c 0 $
Tc d ng Chuy n c a s xu ng b ng m t n a mn hnh Chuy n c a s ln b ng m t n a mn hnh D ch chuy n c a s ln pha tr c b ng m t mn hnh D ch chuy n c a s v pha sau m t mn hnh D ch chuy n con tr ln m t dng D ch chuy n con tr xu ng m t dng D ch chuy n con tr sang ph i m t k t D ch chuy n con tr sang tri m t k t D ch chuy n con tr D ch chuy n con tr d ch chuy n con tr d ch chuy n con tr d ch chuy n con tr d ch chuy n con tr n v tr b t n v tr b t n v tr b t n v tr b t n v tr b t u dng ti p theo u c a dng tr c u c a t ti p theo u c a t tr c u c a dng hi n t i
n v tr k t thc c a dng hi n t i
www.nhipsongcongnghe.net
i,a o O x dw D d^ u /pattern ?pattern n,N p, P . dd :w :q! :ZZ 2.2. Ti n ch mc. Chn vn b n ngay tr c/sau v tr con tr M m t dng m i ngay sau dng hi n t i M m t dng m i ngay tr c dng hi n t i Xa k t sau con tr Xo m t t (bao g m c k t tr ng ngay sau n) Xo t v tr con tr Xo t v tr b t tri con tr Hu b thay n k t thc dng u dng n v tr k t tr ng hay k t bn
i tr c
i c a file hi n t i v k t thc.
M t khi ng i dng c c c m v i giao di n dng l nh c a DOS, h cho r ng cc l nh c a Linux cng kh h c. Trong th i k c a DOS tr c Windows, vi c nh h ng cc t p tin thng qua h th ng menu v cc chng trnh qu n l b t u pht tri n m nh, cho d chng ch d a trn ch text. M t trong s chng trnh thng d ng nh v y l Norton Commander. Linux cng c m t chng trnh ti n ch v i ch c nng tng t nh v y g i l Midnight Commander (MC). B n khng ph i m t cng tm ki m MC, ph n l n cc nh phn ph i Linux u cung c p km theo H H v n c ci trong /usr/bin/mc. Chng trnh ch y c hai ch : text mode v h a (Xterm d i X Windows). Sau khi nh p l nh "mc" ch y chng trnh, b n s nhn th y m t c a s c chia i nh trong hnh 1. Midnight Commander h u nh l b n sao c a Norton
www.nhipsongcongnghe.net
Commander. Ph n l n cch trnh by, phm t t v cc d ng mouse cng c h tr ch text. c tnh u gi ng NC. S
N u driver mouse c t i khi kh i ng (ph n l n cc nh cung c p Linux u lm nh v y), b n c th dng mouse truy c p menu v cc t p tin. Nh n vo file th c thi ch y, nh n vo th m c chuy n vo , ho c nh n vo t p tin v i ph n ui m r ng m n v i chng trnh tng ng. B ng cch nh n nt ph i chu t vo m t t p tin, b n ch n ho c b ch n t p tin . B n c th th c hi n tm tn file b ng nh n t h p phm Ctrl-S v trn file v i Alt. Sau y l nh ng phm l nh c b n:
F1: Tr gip F2: Menu ng i dng F3: Xem cc t p tin c ch n F4: Hi u nh t p tin F5: Copy t p tin F6: i tn, chuy n t p tin
F7: T o th m c F8: Xo t p tin F9: G i menu th xu ng (pull-down) F10: Thot kh i Midnight Commander
Midnight Commander h tr m t s h th ng t p tin o, ngha l b n c th xem file khng ch trn cc a c ng c c b . B n cng c th xem cc ki u t p tin nn khc nhau, nh .tar, .tgz, .zip, .lha, .rar, .zoo v th m chi c .rpm v .deb (cc d ng th c t p tin nn c a Red Hat v Debian. Vi c xem cc t p tin c th c hi n thng qua h
www.nhipsongcongnghe.net
th ng t p tin m ng c a UNIX (UNIX Network File System - NFS), Midnigh Commander c th ho t ng nh m t my khch ftp b ng cch a lin k t FTP vo menu.
C th h i ph c cc t p tin xa trong Linux? Midnight Commander cho th y r ng v n chng ta ni n trong ph n tr c (PC World VN s 7/1999 trang 95) - khng c cch no h i ph c c cc t p tin b xo trong Linux - l khng hon ton chnh xc. N u b n s d ng ph n m r ng ext2, h th ng t p tin c b n trong Linux v c u hnh h th ng cho php h i ph c t p tin b xa th trn th c t b n c th truy c p vo cc file xa.
V i Midnight Commander, b n nh p dng "undel:/" tr c tn t p tin, v d "undel:/dev/hda1". Sau b n c th xem cc t p tin b xa (hnh 3). Ch n t p tin b n mu n h i ph c b ng chu t hay bn phm v dng F5 copy chng vo th m c ch no . Tr ng i duy nh t y l thng tin v tn file b m t, b i v y b n ph i c xc nh c t p tin no b n mu n h i ph c.
www.nhipsongcongnghe.net
Midnight Commander bao g m c chng trnh xem v so n th o t p tin. C hai u c th lm vi c v i file vn b n v file nh phn (text v binary) v hi n th cc k t 8-bit ngoi 128 k t m ASCII. Trnh so n th o c giao di n menu v gi ng Windows nhi u phm so n th o c b n: nh n Shift v phm mi tn ch n text, nh n Ctrl-Ins copy text v Shift-Ins dn text. B n c th ghi macro v i Ctrl-R cng nh th c hi n nh ng tm ki m theo t thng th ng.
Midnight Commander c m t s tnh nng m DOS khng c. B n c th thay i quy n s h u t p tin v xem chi ti t v quy n truy c p t p tin. MC cn c kh nng qu n l quy trnh, cho php b n xem nh ng qu trnh ang c th c hi n ch n n, v b n c th d ng chng, kh i ng l i ho c t t chng hon ton. Midnight Commander c r t nhi u tnh nng m khng th li t k h t trong bi ny. Trn Internet c nhi u Web site dnh ring cho Midnight Commander, ch ng h n nh www.gnome.org/mc, b n c th tham kh o chi ti t hn. 2.3. Cc cu l nh c b n trn Linux
2.3.1. Hi u bi t v cc cu l nh trong Linux 2.3.1.1. S d ng cc k t i di n Khi b n s d ng cc cu l nh v file v th m c, b n c th s d ng cc k t c bi t c g i l cc k t i di n xc nh tn file, tn th m c. V d , a ra danh sch t t c cc file c tn k t thc b ng .c, b n s d ng cu l nh sau: ls *.c K t * l m t k t i di n, khi shell thng d ch, n s thay * b ng t t c cac tn file c k t thc b ng .c. B ng bn d i ch ra m t s cc k t i di n th ng c s d ng:
www.nhipsongcongnghe.net
* ? [] V d : Jo* Jo*y Ut*l*s.c ?.h Doc[0-9].txt Doc0[A-Z].txt 2.3.1.2. : Cc file b t : Cc file b t : Cc file b t : Cc file b t u v i Jo u v i Jo v k t thc v i y u v i Ut, ch a m t k t l v k t thc v i s.c u v i m t k t n, theo sau b i .h Tng ng v i th t b t k c a m t hay nhi u k t Tng ng v i m t k t b t k Tng ng v i m t trong nh ng k t trong ngo c ho c gi i h n
C b n v cc bi u th c chnh quy
Cc bi u th c chnh quy c s d ng b i ph n l n cc cu l nh. Chng cung c p m t cch thu n ti n v ng nh t xc nh cc m u ph h p . Chng tng t v i cc k t i di n, nhng chng m nh hn r t nhi u. Chng cung c p m t ph m vi r ng cc m u l a ch n. cc k t c bi t c a ra d i y l cc bi u th c chnh quy th ng c s d ng:
Tng ng v i k t thc m t t Tng ng v i m t trong cc k t bn trong ho c m t dy cc k t Tng ng v i cc k t b t k khng n m trong ngo c L y k hi u theo sau d u g ch ng c
Tr c tin, trong m t bi u th c chnh quy, m t k t b t k khng c ngha ring cho chnh n. V d tm ki m cc dng ch a ch foo trong file data.txt s d ng cu l nh sau:
www.nhipsongcongnghe.net
grep foo data.txt tm ki m cc dng b t grep ^foo data.txt Vi c s d ng d u trch d n n ni cho shell nguyn cc k t v b qua chng trong chng trnh. Vi c s d ng d u trch d n n l c n thi t khi s d ng cc k t c bi t. grep hello$ data.txt Cc dng b t k k t thc v i chu i hello c tr l i. b ng m t t , s d ng \<. V d : grep \<ki data.txt bi u th c bn trn s cho php tm ki m cc t b t tm ki m m u wee k t thc c a m t t , s d ng: grep wee\> data.txt b ng bn trn, ch r ng d u ch m s ph h p v i m t k t b t k tr dng m i. i u ny c th c thao tc, n u chng ta tm ki m t t c cc dng ch a k t C c theo sau b i hai k t v k t th c b i k t s, bi u th c chnh quy c th l: grep C..s data.txt Bi u th c ny c th c cc m u ph h p nh Cats, Cars v Cris n u chng c ch a trong file data.txt. N u b n mu n xc nh m t dy cc k t , s d ng m t d u g ch n i phn bi t k t b t u v k t k t thc c a dy. Khi b n xc nh m t dy, th t ph i gi ng nh m ASCII. V d , tm ki m t t c cc dng ch a m t k t B theo sau b i m t k t th ng s d ng: grep B[a-z] data.txt Cng c th xaca nh nhi u gi i h n trong cng m t m u: u b ng ki trong file data.txt. tm ki m m t m u b t u u b ng t foo, ta s d ng cu l nh:
www.nhipsongcongnghe.net
grep B[A-Za-z] data.txt 2.3.2. Cc cu l nh v th m c v file L nh cat C php: cat file [>|>] [destination file] L nh cat s hi n th n i dung c a m t file ra thi t b ra chu n. N th ng h u ch ki m tra n i dung c a m t file b ng s d ng cu l nh cat. i s m b n a vo l nh cat l file b n mu n xem. xem ton b n i dung c a m t file: cat name L nh cat cng c th tr n nhi u file ang t n t i vo m t file: cat name1 name2 name3 > allnames V d ny s k t h p cc file : name1, name2 v name3 cho file cu i cng allnames. Th t c a vi c tr n c thi t l p b i th t c a cc file c a vo trn dng l nh. S d ng l nh cat, chng ta c th b sung m t file vo m t file khc ang t n t i. Trong tr ng h p b n qun thm name4 vo cu l nh tr c, chng ta v n c th nh n c k t qu mong mu n b ng cch th c hi n l nh: cat name4 > allnames L nh ny s b sung n i dung c a file name4 vo allnames L nh chmod
C php: chmod [-R] permission-mode file ho c th m c L nh chmod dng chmod myscript.pl thay i quy n c a m t th m c v t t c cc file, cc th m c con c a th m c s d ng cu l nh: thay i quy n truy c p file ho c th m c. V d :
www.nhipsongcongnghe.net
chmod R 744 public_html L nh chown chown [ -fhR ] Owner [ :Group ] { file | th m c }
C php:
L nh chown thay i quy n s h u file hay th m c. Gi tr c a khai bo Group c th la m t ID c a nhm ng i s d ng ho c tn c a nhm ng i s d ng c tm th y trong file /etc/group. Ch ng i s d ng root m i c quy n thay i quy n s h u i v i file. Chi ti t v cc tu ch n c ch ra bn d i: -f : ngn ch n t t c cc thong bo l i tr cc thong bo s d ng -h: thay i quy n s h u c a lien k t t ng trng nhng khng thay h u c a file m c ch n b i lien k t t ng trng . i quy n s
-R: thay i quy n s h u c a th m c, cc file v cc th m c con bn trong th m c hi n t i c ch ra L nh clear pha trn c a mn hnh
clear
Xo mn hnh, tr l i d u ch c dng l nh
l nh cmp
C php: cmp [ -ls ] file1 file2 L nh ny so snh n i dung c a hai file. N u khng c s khc nhau no, l nh cmp s k t thc m t cch yn l ng, tu ch n l s n ra s byte v cc gi tr khc nhau gi a hai file. Tu ch n s khng hi n th ci g c , n ch tr l i tr ng thi ch ra r ng s tng ng gi a hai file. Gi tr 0 c tr l i n u cc file gi ng h t nhau, gi tr b ng 1 n u hai file khc nhau v l n hn 1 n u l i xu t hi n khi th c hi n cu l nh. L nh cp
C php: cp [ -R ] file_ho c_th_m c file_ho c_th_m c L nh cp s sao chp m t file t th m c ngu n n th m c ch c a vo. sao chp ton b cc file v cc th m c con bn trong th m c mong mu n, b n s d ng cu l nh cp v i tu ch n R L nh du nh m t th m c, l nh du s bo L nh ny t ng k t vi c s d ng a. N u b n xc co vi c s d ng a cho chnh cc th m c .
www.nhipsongcongnghe.net
C php: file filename Cu l nh xc nh ki u c a file. N u file khng ph i l file thng th ng, ki u c a file c xc nh. L nh find
Cu l nh find tm cc file v cc th m c. C php : find [path] [-type fd] [-name m u] [-atime [+-] s _ngy] [-exec cu_l nh {} \;] [-empty]. V d : find . type d Cu l nh tr l i t t c cc th m c con trong th m c hi n t i. Tu ch n type xc nh ki u, d cho cc th m c, f cho cc file hay l cho cc lien k t. find . type f name *.txt L nh ny s tm t t c cc file vn b n c ph n m r ng .txt trong th m c hi n t i v c trong cc th m c con. find . type f name *.txt exec grep l magic {} \; Cu l nh ny s tm ki m t t c cc file vn b n (k t thc v i ph n m r ng .txt) trong th m c hi n t i v cc th m c con c ch a t magic. find . type f empty
www.nhipsongcongnghe.net
C php: grep [viw] m u file L nh grep cho php b n tm ki m m t ho c nhi u file c cc m u k t c bi t. M i dng c a m i file ch a cc m u c hi n th trn mn hnh. Cu l nh grep h u ch khi b n c nhi u file v b n mu n tm ra file ch a t ho c cu xc nh. S d ng tu ch n v, b n c th hi n th cc file khng ch a m t m u. V d , ch n cc dng trong data.txt khng ch a t the ta th c hi n: grep vw the data.txt n u tu ch n w khng c xc nh th b t k cc t ch a the u ph h p nh together. Tu ch n w c xc nh bu c m u ph i l ton b m t t . Cu i cng , tu ch n i b qua s khc nhau gi a cc k t ch hoa v k t ch th ng khi tm ki m m u. L nh head
C php: head [-count | -n number] filename Cu l nh ny s hi n th vi dng u tin c a m t file. B i m c nh, 10 dng u c a m t file c hi n th . Tuy nhin, b n c th s d ng cc tu ch n xc nh s dng hi n th . V d : head -2 doc.txt s hi n th hai dng L nh ln ch u tin.
www.nhipsongcongnghe.net
M t lien k t c ng c h n ch , n khng th t o lin k t n m t th m c khc, v m t lin k t c ng khng th lin k t n m t file trn m t h th ng file khc. S d ng tu ch n s b n c th t o m t lin k t m m, lo i b cc gi i h n ny. ln s /dev/fs02/jack/www /dev/fs01/foo/public_html y chng ta t o m t lin k t m m gi a th m c www trn h th ng file 2 v m t file m i c t o trn h th ng file 1. L nh locate
C php : locate t _kho Cu l nh locate tm ng d n n m t file c bi t hay m t cu l nh. L nh locate s tm ki m chnh xc hay m t ph n c a chu i ph h p. V d : locate foo k t qu tm ki m s a ra cc file c tn ch a t kho foo theo ng d n tuy t ho c s khng a ra k t qu n u khng c tn file nh v y. L nh ls i
L nh ls cho php b n a ra danh sch cc file v cc th m c con. C php : ls [-1aRl] file_ho c_th_m c Khi s d ng tu ch n -1 , n ch hi n th tn file v tn th m c con c a th m c hi n t i. Khi ch n tu ch n l, m t danh sch cc file v th m c con c a th m c hi n t i c hi n th v i y cc thng tin v file v th m c. Tu ch n a cho php b n hi n th t t c cc file v th m c (k c cc file n, tn file b t u b ng d u ch m) trong th m c hi n t i. Tu ch n R s hi n th t t c cc file v cc th m c con bn trong n n u c. L nh mkdir
C php: mkdir th_m c t o m t th m c, s d ng cu l nh mkdir. Ch c 2 gi i h n khi ch n tn th m c, l tn c a th m c c th ln t i 255 k t v tn th m c c th ch a b t k k t no tr k t /.V d : mkdir dir1 dir2 dir3
www.nhipsongcongnghe.net
L nh trn t o ra ba th m c, n m bn trong th m c hi n t i. L nh mv
C php : mv [-if] file_ngu n file_ ch S d ng l nh mv d ch chuy n hay i tn cc file hay cc th m c. Cu l nh th c hi n vi c d ch chuy n hay i tn ph thu c vo file_ ch c l m t th m c hay khng. minh ho , chng ta s i tn m t th m c foo thnh foobar: mv foo foobar B i v foobar cha t n t i, foo s th c hi n: mv doc.txt foobar v foobar t n t i, vi c d ch chuy n file s c th c hi n sau . Tu ch n f s xo cc file ch ang t n t i v khng bao gi nh c ng i s d ng. Tu ch n i s nh c ng i s d ng c ghi hay khng n u file_ ch t n t i. L nh pwd c i tn thnh foobar. N u cu l nh sau c
www.nhipsongcongnghe.net
rm doc1.txt doc2.txt doc3.txt Tng ng v i: rm doc[1-3].txt rm l cu l nh r t m nh, hy c n th n khi s d ng l nh ny v b n c th nh m v xo i cc file quan tr ng. N u cha ch c ch n, b n c th s d ng tu ch n i, h th ng s nh c l i cho b n xc th c m i l n xo m t file. N u nh ch c ch n file c n xo, b n c th ch n tu ch n f khng ph i nh n cc thng tin nh c b n xc th c. Tu ch n r s cho php b n xo ton b cc th m c con. L nh tail
C php: tail [-count | -fr] tn_file Cu l nh tail hi n th ph n cu i c a m t file, m c nh n s hi n th 10 dng cu i cng c a file. hi n th 50 dng cu i cng c a file doc.txt, b n c th s d ng cu l nh: tail -50 doc.txt Tu ch n r s th c hi n cng vi c ng c l i, m c nh n s hi n th t t c cc dng tr 10 dng cu i cng. Tu ch n f h u ch khi b n ang gim st m t file. V i tu ch n ny, tail s ch cho d li u m i c ghi vo file. Khi d li u m i c thm vo file, tail s hi n th d li u ln mn hnh. d ng l nh tail khi ang gim st file, ch n t h p phm Ctrl + C b i v l nh tail khng t d ng c. 2.3.3. Cc cu l nh nn d li u L nh compress C php: compress [ -v ] file Cu l nh compress s c g ng gi m kch th c c a m t file s d ng. Cc file c nn s c thay th b i m t file c ph n m r ng .Z. Ty ch n v s hi n th ph n trm dung l ng gi m c a m t file c nn v s ni cho b n tnc a file m i: compress v inbox trn mn hnh s hi n th
www.nhipsongcongnghe.net
inbox: Compression: 37.20% - replaced with inbox.Z L nh gunzip
C php: gunzip [-v] files gi i nn cc file v d ng nguyn b n , s d ng l nh gunzip, s c g ng gi i nn cc file c ph n m r ng: .gz, -gz, .z, -z, _z, .Z, ho c tgz. Ty ch n v s hi n th k t qu p khi gi i nn cc file. V d : gunzip v README.txt.gz L nh gzip
C php: gzip [-rv9] file L nh gzip l m t chng trnh nn khc. N c bi t n l chng trnh nn c t l nn t t nh t. cc file c nn b i l nh gzip s c thay th b i cc file c ph n m r ng .gz. Ty ch n 9 c t c nn t t nh t. Ty ch n v cho php hi n th p trn mn hnh. Kch th c, t ng s v t l nn c a ra danh sch cho m i file. Ty ch n r s nn t t c cc file trong m i th m c theo cng m t cch. L nh tar
C php: tar [c] [x] [v] [z] [f tn_file] tn_file_ho c_th_m c L nh tar cho php b n nn nhi u file v th m c vo m t file .tar. N cng cho php b n gi i nn cc file v cc th m c t m t file nn. V d : tar cf source.tar *.c Cu l nh ny s t o m t file source.tar, ch a t t c cc file m ngu n C (c ph n m r ng .c) trong th m c hi n t i. tar cvf source.tar *.c Ty ch n v y cho php b n xem cc file c nn
www.nhipsongcongnghe.net
y, t t c cc file v cc th m c con c a th m c important_dir c nn trong m t file c g i l backup.tar.gz. Ch r ng file ny cng c nn do c ty ch n z , v do k t qu l file c ph n m r ng l .gz. Thng th ng ph n m r ng .tar.gz c vi t ng n thnh .tgz. gi i nn cc file , v d nh backup.tar , b n s d ng cu l nh: tar xf backup.tar gi i nn m t file c ph n m r ng .tgz hay .tar.gz, b n th c hi n cu l nh sau: tar xzf backup.tgz L nh uncompress
C php: uncompress [ -v ] file Khi m t file c nn s d ng cu l nh compress, gi i nn b n s d ng cu l nh uncompress. L nh uncompress gi i nn cc file c ph n m r ng .Z, v v y c php c a n tng t nh l nh compress uncompress v inbox.Z L nh unzip
C php : zip [-ACDe9] file y l chng trnh nn file theo nh d ng n i ti ng tng thch v i nhi u h hnh. Cc file c nn v i l nh zip c ph n m r ng .zip. L nh mount i u
C php: mount a [-t fstype] [-o option] device directory L nh mount c s d ng gn cc thi t b v i h th ng, cc ty ch n thng th ng th ng c trong file /etc/fstab. V d :
www.nhipsongcongnghe.net
/dev/hda6 /intranet ext2 defaults 1 2 N u dng bn trn c tm th y trong /etc/fstab, b n c th g n h th ng file c lu trong phn vng /dev/hda6 nh sau: mount /intranet Cng m t h th ng file, cu l nh sau y l tng t : mount t ext2 /dev/hda6 /intranet Ty ch n t c s d ng xc nh ki u file h th ng. file c trong /etc/fstab s d ng ty ch n a. V d : mount a t ext2 Thng th ng ng i s d ng ch n ty ch n o l ro (ch d : mount t ext2 o ro /dev/hda6 /secured L nh umount c) ho c rw ( c ghi). V g n t t c cc h th ng
C php : umount a [-t fstype] L nh umount ng c l i v i l nh mount. V d umount /cdrom 2.3.4. Cc cu l nh qu n l ti n trnh L nh bg sau
www.nhipsongcongnghe.net
C php: fg [%job-number] Cu l nh ny cho php b n chuy n m t ti n trnh n n ln ch y trn ti n c nh. N u b n ch y cu l nh ny khng c b t k i s no, n s a cu l nh cu i cng sau h u c nh ln hi n th . V d , n u c hai cu l nh ch y sau h u c nh, b n c th chuy n cu l nh th nh t ln ch y trn ti n c nh b ng cu l nh: fg %1 L nh jobs
C php: jobs L nh ny cho php b n hi n th cc ti n trnh n n ang ch y. Ngoi ra cn m t s l nh s c trnh by trong cc ph n sau.
3. Gi i Thi u H Th ng T p Tin, Th M c
3.1. Gi i thi u Trong linux file c t ch c thnh cc th m c, theo m hnh phn c p. Tham chi u n m t file b ng tn v ng d n. Cc cu l nh thao tc file cho php th c hi n cc ch c nng nh d ch chuy n, sao chp ton b th m c cng v i cc th m c con ch a trong n C th s d ng cc k t , d u g ch d i, ch s , d u ch m v d u ph y t tn file. Khng c b t u m t tn file b ng d u ch m hay ch s . Nh ng k t khc nh /, ?, *, l k t c bi t c dnh ring cho h th ng. Chi u di c a tn file c th t i 256 k t . T t c cc file trong linux c chung c u trc v t l l chu i cc byte (byte stream). C u trc th ng nh t ny cho php linux p d ng khi ni m file cho m i thnh ph n d li u trong h th ng. Th m c cng nh cc thi t b c xem nh file. Chnh vi c xem m i th nh cc file cho php linux qu n l v chuy n i d li u m t cch d dng. M t th m c ch a cc thng tin v th m c, c t ch c theo m t nh d ng c bi t. Cc thnh ph n c xem nh cc file, chng c phn bi t d a trn ki u file: ordinary file, directory file, character device file, v block device file. 3.1.1. Th m c ch Sau khi ng nh p h th ng, ng i dng s ng th m c ch . Tn c a th m c ny gi ng v i tn ti kho n ng nh p h th ng. Cc file c t o khi ng i dng ng nh p c t ch c trong th m c ch . 3.1.2. Cc th m c h th ng Th m c root, l g c c a h th ng file c a Linux, ch a m t vi th m c h th ng. Th m c h th ng ch a file v chng trnh s d ng ch y v duy tr h th ng. Bi u di n cc th m c nh sau:
/(root)
sbin
usr
dev
var
etc
home
www.nhipsongcongnghe.net
M t th m c Th m c / /home /bin /usr /usr/bin /usr/sbin /usr/lib /usr/doc /usr/man /sbin /dev /etc 3.2. Ch c nng B t u c u trc file, g i l th m c g c (root)
Ch a th m c g c (home) c a ng i dng lu ch t t c cc cu l nh chu n v cc chng trnh ti n ch ch a cc file, cu l nh c h th ng s d ng, th m c ny c chia thnh cc th m c con khc Ch a cc cu l nh h ng ng i dng v cc chng trnh ti n ch Ch a cc cu l nh qu n tr h th ng Ch a th vi n cho cc ngn ng l p trnh Ch a ti li u c a linux Ch a cc file ch d n cho cc cu l nh (man) Ch a cc file h th ng kh i ng h th ng u cu i v my in
Dng bn trn c t o b i l nh ls l .bash_profile trn h i u hnh Linux. L nh ls a ra danh sch cc file v th m c. Ty ch n l a ra danh sch y cc thng tin v file .bash_profile. B ng bn d i m t cc ki u thng tin a ra:
www.nhipsongcongnghe.net
Ki u thng tin Quy n truy c p file S lin k t Ng i s d ng (s h u file) Nhm s d ng Kch th c file (theo bytes) Ngy s a i sau cng i sau cng Thng tin k t xu t -rw-rw-r-1 Trantu Trantu 191 Apr 14 14:55 .bash_profile
Th i gian s a Tn file
y, ng i s d ng l trantu. y l ng i s d ng th ng xuyn, c quy n thay i cc quy n try c p i v i file ny. Ch c m t ng i s d ng khc c quy n thay i thu c tnh file ny, l superuser. Nhm s d ng file ny l trantu, b t k nh ng ng i s d ng no thu c nhm trantu cng c quy n c, v th c thi d a vo quy n c a nhm c t b i ng i s h u. Khi b n t o m t file trn h th ng Linux, h th ng s m c nh ng i s h u file ny c tn l tn ng nh p c a b n v c tn nhm gi ng nh tn c a ng i s h u. M t ng i s d ng thng th ng khng th gn l i quy n s h u m t file hay th m c cho ng i khc. V d , b n khng th t o m t file v i ng i s d ng kabid r i sau gn l i quy n s h u cho ng i khc c tn l sheila b i l do b o m t. N u m t ng i s d ng thng th ng c quy n gn quy n s h u file cho ng i khc, thi m t ai cng c th t o m t chng trnh x u nh xa cc file, v thay i quy n s h u cho superuser, v khng bi t i u g s x y ra. Ch c ng i superuser m i c th gn l i quy n s h u file hay th m c cho ng i khc. 3.2.1. Thay i quy n s h u file, th m c s d ng l nh chown Ng i s d ng superuser c th thay i quy n s h u file, th m c cho m t ng i s d ng khc. thay i quy n s h u s d ng cu l nh sau: chown V d : chown trantu example.txt Cu l nh ny lm cho ng i s d ng trantu c quy n s h u file example.txt N u superuser mu n thay i nhm cho m t file ho c th m c, ng i c th s d ng cu l nh chown nh sau: newuser file ho c th m c
www.nhipsongcongnghe.net
chown V d
newuser.newgroup
file ho c th m c
chown trantu.admin example.txt Cu l nh trn khng ch thay i quy n s h u file cho trantu m cn t l i nhm s d ng file l admin. N u superuser mu n thay i ng i s h u v nhm s d ng cho t t c cc file trong m t th m c, ng i c th s d ng cu l nh chown v i ty ch n R. V d chown R trantu.admin /home/trantu/ 3.2.2. Thay i nhm s d ng file/th m c v i l nh chgrp
Cu l nh chgrp cho php b n thay i quy n s d ng file hay th m c c a m t nhm, ch n u b n thu c v c hai nhm (nhm c v nhm m i). V d : chgrp httpd *.html L nh trn s thay i nhm s d ng cho t t c cc file c ph n m r ng html. B n ch c th thay i c n u b n thu c nhm httpd. Gi ng nh l nh chown, l nh chgrp cng c ty ch n R thay i quy n v i nhi u file hay th m c. 3.2.3. S d ng s theo h c s 8 tng ng v i thu c tnh truy c p H c s 8 s d ng 8 s (0-7), v m i s tng ng v i 3 bit (theo h nh phn). B ng bn d i ch cho b n th y s tng ng v quy n v i s h c s 8.
S th 2 R W X User
S th 3 r w x Group
S th 4 r w x Others
Nh trn b ng trn, s th nh t c s d ng cho vi c thi t l p cc quy n c bi t, s th hai c s d ng cho vi c thi t l p ng i s h u file hay th m c. S th ba c s d ng thi t l p quy n cho nhm ng i s d ng v s th t c s d ng thi t l p quy n cho t t c m i ng i. Khi b t k m t s no b b qua, n c xem nh nh n gi tr 0. B ng bn d i ch ra m t vi v d v cc gi tr tng ng v i quy n:
www.nhipsongcongnghe.net
Gi Tr 0400 0440 0444 0644 0755 4755 Ch c quy n Gi i Thch c cho ng i s h u, n tng ng v i 400.
Ng i s h u c quy n c v ghi, t t c m i ng i c quy n c, tng ng v i gi tr 644. (6 l t a b i 4:r v 2:w) c ghi v th c thi i v i ng i s d ng, c v th c thi v i t t c m i ng i. (7 l t o b i 4:r , 2:w v 1:x) i
N tng ng v i gi tr 755 ngo i tr file ny c t gi tr set-UID = 4. i u ny c ngha l khi file c th c thi, n c t t c cc quy n c a ng i s h u th c hi n cng vi c. S l m t l h ng l n n u ng i s h u y l root v nh ng ng i khc c quy n th c thi file ny. Hy c n th n khi thi t l p gi tr c a set-UID. N tng t v i gi tr 755 ngo i tr , khi th c thi n c t t c cc quy n c a nhm s d ng file.
2755
thi t l p quy n ph h p, b n nn ch ra ki u truy c p c a ng i s d ng, nhm ng i s d ng v c a nh ng ng i khc. 3.2.4. S d ng ngn ng t nhin tng ng v i quy n truy c p By gi chng ta s s d ng xu truy c p n gi n hn vi c s d ng s . B ng bn d i ch ra cc xu truy c p tng ng v i cc quy n: read (r) write (w) execute (x) Special read (r) write (w) execute (x) User read (r) write (w) execute (x) Group read (r) write (w) execute (x) Others
www.nhipsongcongnghe.net
chmod 755 *.pl Cu l nh trn thay i quy n cho cc file c ph n m ui l .pl. M i m t file .pl c t cc quy n c, ghi v th c thi b i ng i s h u, cc file cng c th c v th c thi b i nhm ng i s d ng v nh ng ng i khc. B n c th hon thnh cng m t cng vi c nh v y v i l nh sau: chmod a+rx,u+w *.pl a+rx c s d ng u+w c s d ng cho php t t c m i ng i c v th c thi i v i m i file .pl v cho php ng i s h u c quy n ghi i v i m i file .pl.
N u b n mu n thay i cc quy n cho t t c cc file v cc th m c con trong m t th m c, b n c th s d ng ty ch n R: chmod R 750 /www/mysite 3.2.6. Cc ch c bi t trn cc quy n th m c
Cc quy n thi t l p cho m t th m c cng tng t nh cc file thng th ng, nhng khng gi ng h t nhau. D i y l m t vi ch c bi t trn cc quy n th m c: Quy n ch th m c, c cho m t th m c s khng cho php b n chuy n vo bn trong chuy n vo bn trong b n c n c quy n th c thi
Quy n ch c th c thi s cho php b n truy c p vo cc file b ntong m t th m c khi b n bi t tn c a chng v b n c php c chng. c th a ra danh sch n i dung c a m t th m c s d ng cu l nh tng t nh ls v cng c th chuy n vo bn trong th m c b n c n c c quy n c v quy n th c thi i v i th m c N u b n c quy n ghi cho m t th m c, b n c th t o, thay i, xa cc file b t k hay cc th m c con b t k bn trong th m c ngay c khi file v th m c con c s h u b i ng i khc
3.3. T o m t chnh sch quy n cho m t server nhi u ng i s d ng 3.3.1. Thi t l p c u hnh cc quy n truy c p file c a ng i s d ng Trong th m c c a m i ng i s d ng c m t vi file n chung b t u v i d u ch m (.). Cc file ny th ng c s d ng th c thi cc cu l nh t i th i i m ng i s d ng ng nh p. V d , t t c cc shell (csh, tcsh, bash, ) s n sng cho m t ng i s d ng c cc thi t l p c a h t m t file gi ng nh .cshrc hay .bashrc. N u m t ng i s d ng khng c n th n trong vi c gi quy n cc file m t cch hon h o, m t ng i s d ng khng thn thi n khc c th gy ra cc v n khng mong mu n.. V d , n u m t file .cshrc c a ng i s d ng c th c vi t b i ng i khc, ng i su c th chi m t tr t n cng ngu ng c nh a m t cu l nh logout ngay dng u c a file .cshrc, nh v y ng i s d ng s thot ngay khi ng nh p vo h th ng. N u
www.nhipsongcongnghe.net
b n c quy n thao tc v i nh ng ng i s d ng b n c th th c hi n nhanh chng vi c ki m tra n gi n sau: find /home -type f -name ".*rc" -exec ls -l {} \; Cu l nh ny s hi n th quy n c a t t c cc file c k t thc b ng rc n m trong th m c home 3.3.2. Thi t l p m c u tin l d u ch m, k t
L ng i qu n tr b n c n nh ngha cc quy n m c nh thi t l p cho t t c cc file c a ng i s d ng a vo h th ng c a b n. thi t l p m c nh quy n cho cc file m i, b n c th s d ng c u l nh umask nh sau: umask mask hi u t umask nh th no, hy xem v d sau. Khi ni r ng umask t l 022, file m i c t o , thng th ng m t quy n 0666 c yu c u b i hm t o file open. Tuy nhin, trong tr ng h p ny , quy n cu i cng thi t l p cho cc file c t o b i h th ng nh sau: 0666 c th c hi n php ton AND v i ph n b c a 022 (ph n b c a 022 l 755) do k t qu c a php AND thu c l 0644, n cho php ng i s h u c v ghi cn nh ng ng i khc ch c quy n c. t o m t mask m c nh cho cacs quy n truy c p file, b n c th nhng cu l nh umask vo m t shell ti nguyn chung trong /etc khi m t ng i s d ng ng nh p v ch y m t shell, file ti nguyn shell chung s c th c thi. V d , n u ng i s d ng c a b n s d ng shell /bin/csh hay /bin/tcsh, b n c th a m t cu l nh umask mong mu n trong file /etc/csh.cshrc cho m c ch ny. 3.3.3. Thi t l p cc quy n c th th c thi cho cc file Cc file chng trnh c th c ch y b i nh ng ng i s d ng thng th ng khng bao gi nn t quy n c ghi cho b t k ai khc ngoi ng i s h u. V d , cc file chng trnh trong /usr/bin nn thi t t cc quy n nh ch root c quy n c, ghi v th c thi v t t c m i ng i ch c quy n c v th c thi cc file ny. Vi c cho php ng i khc ghi c th t o ra m t l h ng nghim tr ng cho h th ng. 3.4. Lm vi c v i cc file v cc th m c 3.4.1. Xem cc file v cc th m c B n c th quen v i l nh ls, thng th ng n c s d ng v i cc ty ch n l (long listing) hi n th y thng tin, -a hi n th t t c cc file bao g m c cc file b t u b ng d u ch m v R hi n th t t c cc file v cc th m c con bn trong thu m c mong mu n 3.4.2. Chuy n n th m c B n g n nh quen v i cu l nh cd, n l m t shell xy d ng s n. N u b n khng cung c p m t tn thu m c b t k lm i s cho n, n s chuy n v th m c ch c a
www.nhipsongcongnghe.net
b n m hi n t i b n ang s d ng. Khi b n ang ng b t k u trong h th ng file, b n c th s d ng l nh pwd hi n th ng d n n th m c hi n t i. 3.4.3. Xc nh ki u file Khng gi ng nh h i u hnh Windows, Linux khng d a vo ph n m r ng c a file xc nh ki u file. B n c th s d ng ti n ch file xc nh ki u file trong h th ng. V d : file todo.txt K t qu hi n th nh sau:
todo.txt: ASCII text
3.4.4. Xem th ng k cc quy n c a file hay th m c B n c th s d ng l nh stat stat ./exam K t qu hi n th trn mn hnh
File: "./exam" Size: 4096 Blocks: 8 IO Block: -4611692478058196992 Directory Links: 2 root) Gid: ( 0/ root) 0/ Device: 812h/2066d Inode: 157762
l y th ng k v cc file v cc th m c:
Access: (0755/drwxr-xr-x) Uid: ( Access: Wed Jun 18 14:56:48 2003 Modify: Wed Jun 18 11:18:42 2003 Change: Wed Jun 18 11:18:42 2003
cp /some/important /new/place B n cng c th xc nh m t tn m i cho file sao chp. Thng th ng l nh cp c s d ng v i ty ch n f sao chp file t ngu n n ch m khng quan tm n n vi c c m t file cng tn t n t i ch. File m i s c sao chp ln file c. sao chp m t th m c n m t th m c khc b n th c hi n l nh cp v i ty ch n r v d :
www.nhipsongcongnghe.net
cp r /tmp/foo /zoo/foo 3.4.6. D ch chuy n cc file v th m c d ch chuy n cc file hay th m c s d ng cu l nh mv. V d , vo /tmp/file2 ta s d ng cu l nh sau: mv /file1 /tmp/file2 3.4.7. Xa cc file v th m c xa cac file v th m c s d ng l nh sau: rm filename Khi xa h th ng s h i b n c th s mu n xa hay khng. N u b n ch c ch n file b n mu n xa b n c th th c hi n l nh xa rm v i ty ch n f khng hi n ra thng tin yu c u xc nh n c a h th ng. xa m t th m c, b n c n th c hi n l nh rm v i ty ch n r 3.4.8. Tm ki m file xc nh v tr chnh xc c a m t filem, b n c th s d ng l nh which. V d : chuy n /file1
which httpd Cu l nh ny s ch ra cho b n y ng d n c a chng trnh httpd n u n s n c. B n cng c th xc nh m t ph n c a tn file hay th m c s d ng l nh locate locate netpr.pl
4.
Qu n l ng i dng v ti nguyn
4.1. Khi ni m Linux l h i u hnh a nhi m v a ng i dng. M i ng i dng c tn truy nh p v m t kh u ring, tng ng v i nh ng quy n h n nh t nh trong h th ng file c a Linux. t o i u ki n thu n l i trong qu n l ng i dng v quy n h n file, Linux cho php khai bo nh ng nhm ng i dng, m i nhm nh ng ng i dng chung m t m c ch khai thc ti nguyn nh t dng c th tham gia nhi u nhm ngi dng khc nhau. M i ngi i v i h th ng l m t t p h p nh. M i ng i dng cng m c
www.nhipsongcongnghe.net
nhin l p nn m t nhm ng i dng l nhm c a chnh h (nhm c th ch c m t thnh vin). Ng i dng c ton quy n trong Linux l ng i dng root, m c nhin thu c v nhm root. Ng i dng c quy n root n nh m t ng i dng no thu c v nhm root v c quy n tng ng v i root. 4.2. Tr thnh superuser B n bi t r ng ti kho n root l ti kh an superuser trong h th ng Linux. Th c ra n u b n t ci t h th ng, b n s d ng ti kho n ny ng nh p h th ng l n u tin. B n cng bi t r ng root l ti kho n superuser, ti kho n ny c quy n lm m i th trn h th ng. Ng i s d ng root c th kh i ng hay d ng m t chng trnh b t k cng nh t o v xa m t file b t k. R t nhi u nh ng ng i m i qu n tr h th ng Linux cho r ng ch c root l ti kho n superuser. Hy nhn xu ng o n m bn d i c trong file /etc/passwd
root:x:0:0:root:/root:/bin/bash bin:x:1:1:bin:/bin: daemon:x:2:2:daemon:/sbin: vietvq:x:0:0:root:/home/vietvq:/bin/bash xanhhh:x:0:0:root:/root:/bin/bash tuta:x:0:0:root:/var:/bin/bash
hi u t i sao b n hy xem
B n hy ch vo cc tr ng UID (User ID) v GID (Group ID) c a ti kho n root. Nh ng ti kho n m c cc gi tr c a cc tr ng ny l 0 l nh ng superuser. Hay ni m t cch khc nh ng ng i c UID = 0 v GID = 0 c quy n tng ng v i ti kho n root. Nh v y n u h th ng c a b n ph i c nhi u ti kho n superuser do m t s l do qu n tr , b n c th d dng t o m t ti kh an superuser. Tuy nhin, hy nh r ng m t ti kho n superuser (UID=0, GID=0) c th lm m i th . 4.3. Qu n l ng i dng v i cc cng c dng l nh 4.3.1. T o m t ti kho n ng i s d ng m i T o m t ng i s d ng m i kh d dng, t o ng i s d ng t dng l nh, b n c th s d ng cu l nh useradd. V d t o ng i s d ng c tn l tutavn, b n c th ch y cu l nh sau:
www.nhipsongcongnghe.net
useradd tutavn Trong file /etc/passwd s b sung thm dng m i nh sau: tutavn:x:502:504::/home/tutavn:/bin/bash K hi u x c ngha l ti kho n cha c m t kh u. V v y b n c n t o m t kh u cho ng i s d ng b ng cu l nh sau: paswd tutavn B n s c yu c u vo m t kh u hai l n, v khi m t kh u c ti p nh n, n s c m ha v thm vo dng c a ng i s d ng trong file /etc/passwd. Cc gi tr UID v GID s c l a ch n t ng b i useradd, thng th ng n tng gi tr UID v GID ln m t so v i ng i c thm vo l n sau cng tr c . B n c th t o ng i s d ng c th m c ch khc v i m c nh (trong th m c home) b ng th c hi n cu l nh: useradd newuser d /www/newuser Ng i s d ng m i s c t o v c th m c ch l /www/user. Khi b n t o m t ng i s d ng m i, h th ng cng ng th i m c nh t o ra m t nhm m i c trong file /etc/group c tn gi ng nh tn ti kho n c a ng i s d ng. t o ng i s d ng v i tn nhm m i hay tn nhm t n t i trong h th ng, b n s d ng l nh adduser v i ty ch n g. V d : useradd tutavn g users N u b n mu n t o ng i s d ng m i l thnh vin c a m t s nhm, b n c th s d ng ty ch n G. v d useradd tutavn G users1,users2 4.3.2. T o m t nhm m i t o m t nhm m i b n s d ng cu l nh groupadd. V d : groupadd mygroup
www.nhipsongcongnghe.net
N u b n t o m t tn nhm c trong h th ng b n s nh n c m t thng bo l i 4.3.3. S a Thay thay i m t ti kho n ng i s d ng ang t n t i i m t kh u i m t kh u c a ti kho n ang t n t i b n s d ng cu l nh passwd.V d :
passwd tutavn Cu l nh ny tng i n gi n v n khng c cc ty ch n, v n ch cho php ng i s d ng thng th ng ch c th thay i m t kh u c a chnh h . H th ng s yu c u b n nh p m t kh u hai l n v khi m t kh u c ti p nh n, n s c m ha tr c khi a vo file /etc/passwd 4.3.4. Thay i ng d n th m c ch thay i ng d n th m c ch c a ng i s d ng ang t n t i, s d ng cu l nh usermod nh sau: usermod d new_home_directory username V d , n u m t ng i s d ng tutavn c th m c ch /home/tutavn v mu n chuy n thnh /home2/tutavn, b n c th ch y cu l nh sau: usermod d /home2/tutavn tutavn Tuy nhin, n u b n mu n n i dung th m c ch m nh sau: usermod d m /home2/tutavn tutavn 4.3.5. Thay thay i UID n m t v tr m i, s d ng ty ch n
usermod u UID username V d : usermod u 500 myfrog Cu l nh ny s thay i UID c a ng i s d ng myfro l 500
www.nhipsongcongnghe.net
i nhm m c
nh
i nhm m c
usermod g 777 myfrog Cu l nh ny s thay 4.3.7. Thay i nhm m c nh c a myfrog thnh 777.
i th i h n k t thc c a m t ti kho n
B n c th thay i th i h n k t thc c a m t ti kho n s d ng cu l nh usermod v i ty ch n e. C php c a cu l nh nh sau: usermod e MM/DD/YY username V d : usermod e 12/31/99 kabir 4.3.8. S a s a i m t nhm ang t n t i
groupmod n new_group current_group V d : groupmod n experts novices Nhm novices ang t n t i c i tn thnh experts. nhm s d ng ty ch n g nh sau: groupmod g 666 troublemaker Cu l nh ny s thay i GID c a m t nhm troublemaker thnh 666. thay i GID c a m t
4.3.9 Xa ho c h y b m t ti kho n ng i s d ng
www.nhipsongcongnghe.net
xa m t ti kho n ang t n t i s d ng cu l nh userdel. V d : userdel snake S xa b ti kho n ti kho n snake kh i h th ng. N u b n mu n xa th m c ch c a ng i s d ng v t t c cc n i dung trong th m c, s d ng ty ch n r. Ch r ng userdel s khng xa ng i s d ng n u ng i s d ng hi n t i ang ng nh p. N u b n mu n h y b t m th i quy n truy c p c a t t c cc ti kho n b n c th t o m t file t m th i c tn l /etc/nologin v i m t thng tin gi i thch l do v sao khng c php truy c p. Chng trnh login s khng cho php b t k ti kho n no khc ti kho n root c th ng nh p trong th i gian ny. 4.4. Ci t my in 4.4.1. C u hnh my in ng d ng printconf cho php ng i dng c u hnh my in trong Red Hat Linux. N m in v b l c cho php s a i t p tin c u hnh /etc/printcap, cc th m c b in.printconf c u hnh h th ng in n c a b n, c g i l LPRng. LPRng cng l m t h th ng in n ng m nh. Ph n ny t p trung vo vi c s d ng printconf c u hnh LPRng. s d ng printconf, b n ph i c quy n truy c p m c root. theo m t trong cc cch sau y kh i ng printconf,
Trn mn hnh GNOME, ch n Main Menu Button => Programs => System => Printer Configuration kh i ng trong ch h a. Trn mn hnh KDE, ch n Main Menu Button => System => Printer Configuration kh i ng ch h a. nh l nh printtool t i d u nh c shell (VD: XTerm ho c GNOME terminal) kh i ng printconf
B n cng c th ch y printconf d i d ng m t ng d ng trong ch text n u b n khng ci t h th ng X Window ho c b n thch s d ng giao di n text hn. Khi , b n ph i log in theo ti kho n root (ho c dng l nh su chuy n sang ng i dng root v nh l nh /usr/sbin/printconf-tui t i d u nh c shell. Ch : b n
c kh i sinh ra t
ng s a
ng hay kh i ng.
N u b n mu n ci t my in m khng s d ng printconf, khi b n ph i ch nh s a t p tin etc/printcap.local. Cc u vo trong /etc/printcap.local khng c hi n th trong printconf nhng c daemon my in c khi kh i ng d ch v in n. M i khi b n nng c p h th ng c a b n ln phin b n m i, t p c u hnh s c printconf chuy n sang nh d ng m i v t p tin c u hnh c s c ghi d i tn /etc/printcap.old.
www.nhipsongcongnghe.net
i in c c u hnh b i printconf:
Local Printer my in c g n tr c ti p vo my tnh c a b n thng qua c ng song song ho c c ng USB. Ki u hng i in Queue Type s c thi t l p l LOCAL. Unix Printer (lpd Spool) my in c g n trn m t h th ng UNIX khc m c th c truy nh p thng qua m ng TCP/IP. Ki u hng i in Queue Type cho my UNIX xa s c thi t l p l LPD. Windows Printer (SMB) my in c g n trn m t h th ng khc (Windows) c chia s my in thng qua m ng SMB (s d ng d ch v samba chia s ti nguyn trn m ng: my in, d li u......), ki u hng i in Queue Type lc s c thi t l p l SMB. Novell Printer (NCP Queue) my in c g n vo m t h th ng s d ng cng ngh m ng Novell's NetWare. Ki u hng i in cho my in Novel xa s c thi t l p l NCP. JetDirect Printer my in c n i tr c ti p vo m ng (my in m ng). Ki u hng i in Queue Type cho my in JetDirect s c thi t l p l JETDIRECT.
Ch : Khi b n thm m t hng i in m i hay s a i hng i in c, b n ph i kh i ng l i daemon my in (lpd) nh ng thay i c hi u l c. Ch n Apply ghi l i nh ng thay i m b n v a th c hi n v kh i ng l i daemon my in. Cc thay i s cha c ghi trong t p tin c u hnh /etc/printcap cho n khi daemon my in (lpd) c kh i ng l i. th c hi n cng vi c ny, ch n File => Save Changes v sau ch n File => Restart lpd. N u m t my in xu t hi n trong danh sch in v i Queue Type c thi t INVALID, c u hnh my in c th thi u cc tu ch n c n c cho my in ho t Ch n Delete xa my in kh i danh sch. t l ng.
www.nhipsongcongnghe.net
4.4.2. Ci t my in c c b
ci t m t my in g n trn c ng song song hay c ng USB c a my tnh, nh n nt New trn c a s printconf chnh nh trn, ch n Next ti p t c.
Hnh 2: Ci
t my in
Nh p tn my in trong tr ng Queue Name v ch n Local Printer t danh sch Queue Type nh n Next ti p t c.
www.nhipsongcongnghe.net
Hnh 3: Ci t my in c c b
Hnh 4: Ch n thi t b my in 4.4.3. Ci t my in trn h th ng Unix xa ci t m t my in g n trn m t h th ng Linux xa trong cng m t m ng, nh n nt New trong c a s chnh printconf. M t c a s nh hnh 2 s xu t hi n, ch n Next ti p t c. C a s nh hnh 3 xu t hi n. B n cng ph i nh p tn my in vo tr ng Queue Name v ch n Unix Printer t trong th c n Queue Type, nh n Next ti p t c.
www.nhipsongcongnghe.net
Hnh 5: Ci
t my in Unix
xa xa .
Ng m nh khng ch n tu ch n Strict RFC1179 Compliance. Ch khi no b n g pv n v in n v i m t hng i v i m t hng i lpd khng ph i Linux, hy ch n tu ch n ny c m cc tnh nng in n LPRng nng cao. Nh n Next ti p t c.
www.nhipsongcongnghe.net
Hnh 6: Ch n Printer Server B c ti p theo l ch n ki u my in k t n i v i h th ng xa . Ch r ng my xa ph i c c u hnh cho php m t my c b c th a yu c u v in n. th c hi n i u , b n ph i t o m t file /etc/hosts.lpd trn my xa m my in g n km v thm vo cc a ch IP hay hostname c a cc my mu n in trn cc dng ring r trong t p tin. 4.4.4. Ci t my in Samba (SMB) Cc b c th c hi n ban u tng t hai b c ch n Windows Printer v nh n Next ti p t c. trn. Trong th c n Queue Type,
www.nhipsongcongnghe.net
Hnh 7: Ci
t my in SMB
cng tn v i tn c nh ngha cho my in Samba trn my Windows xa. Ch c php ph i nh sau: //machinename/sharename. User Tn ng i dng c php truy nh p vo my in. Tn ny ph i t n t i trn h th ng Windows v ng i dng c quy n truy nh p my in. Tn th ng l guest i v i cc my Windows servers, ho c nobody i v i cc my Samba servers. Host IP Hostname hay a ch IP c a h th ng xa chia s my in SMB. Password M t kh u (n u c) c a ng i dng nh ngha trong tr ng User Workgroup Tn workgroup my ch y Samba thu c vo.
Ch n nt Translate \n => \r\n chuy n i cc k t cu i dng sang khun d ng m h th ng Microsoft Windows c th c c. Nh n Next ti p t c.
www.nhipsongcongnghe.net
Hnh 8: Ch n Print Server B c ti p theo l ch n ki u my in c k t n i v i h th ng SMB 4.4.5. Ch n trnh i u khi n Print Driver v k t thc Sau khi ch n ki u hng i my in v ci theo k ch n trnh i u khi n my in. t cc thng s lin quan, b c ti p xa.
www.nhipsongcongnghe.net
N u b n c u hnh my in xa (LPD, SMB, hay NCP), my in ch xa s in n theo trnh i u khi n my in c a n. C g ng ch n ng trnh i u khi n my in xa .
B c cu i cng l kh ng nh l i cc thng s c u hnh, nh n nt Apply ghi l i cc thay i v trong t p tin c u hnh etc/printcap v kh i ng l i daemon my in (lpd). Hy in th 1 trang xem c u hnh b n thi t l p ng cha.
www.nhipsongcongnghe.net
4.4.6. Thay i thng s c u hnh cc my in c s n xo m t my in ang t n t i, chon my in v nh n nt Delete trn thanh cng c , my in s c lo i b trong danh sch my in. Nh n nt Apply ghi l i cc thay i v kh i ng l i daemo thi t l p m t my in ng m nh, ch n my in t danh sch v nh n nt Default trn thanh cng c . My in ng m nh s c icon xu t hi n bn c nh tn my in. N u b n mu n thay i c u hnh c a m t my in, b n khng th thay i cc thi t t m t cch tr c ti p m ch c ghi ln nh sau: Ch n my in, ch n File => Override Queue t th c n. Khi , my in s c k hi u c nh tn my in. Ch n nt Edit th c hi n vi c hi u ch nh cc thng s . C a s nh hnh 14 xu t hi n cho php b n thay i l i cc thng s c a my in.
i thng s my in
c daemon my in c khi kh i ng. B n c th s d ng cc l nh backup l i cc file c u hnh v d nh backup file c u hnh my in v ghi thnh file settings.xml /usr/sbin/printconf-tui --Xexport > settings.xml
www.nhipsongcongnghe.net
/usr/sbin/printconf-tui --Ximport < settings.xml
4.4.8. Qu n l cng vi c in n Khi b n mu n in m t file vn b n t Emacs ho c in m t hnh nh t The GIMP, cng vi c ny s c a vo hng m in. N u mu n xem danh sch cc cng vi c in n, a l nh lpq vo d u nh c shell, v d :
Rank Owner/ID Class A Job Files Size Time 2050
902 sample.txt
N u mu n d ng m t cng vi c in no , a l nh lprm job number v i tham s l nh danh c a cng vi c in m b n bi t c thng qua l nh lpq trn. B n cng c th in n thng qua l nh lpr sample.txt in file vn b n sample.txt.
5.
Trnh di n thi t l p m ng v ci
5.1. Thi t l p m ng Linux Chng ta s xem xt qu trnh n i m t my Linux vo m ng Ethernet thng tin b ng giao th c TCP/IP trn Ethernet.
5.1.1. H H Linux v card m ng n i m t my Linux vo m t m ng Ethernet, b n c n ph i c u tin l m t card m ng m Linux c chng trnh driver. Sau y l m t s m ng m Linux c tr gip (danh sch sau khng y v cc phin b n m i c a Linux h tr r t nhi u cc card m ng khc nhau) : 3Com 3C509 3Com 3C503/16 Novell NE1000 Novell NE2000 Western Digital WD8003 Western Digital WD8013 Hewlett-Packard HP27245 Hewlett-Packard HP27247 Hewlett-Packard HP27250 Gi s cc b n mu n g n my c a mnh vo m t m ng LAN Ethernet v b n c m t card m ng. V n u tin l s nh n bi t c a Linux i v i card ny. N u card c a b n l m t card kh ph bi n nh 3c509 c a 3COM hay NE2000 c a Novell, HDH Linux s nh n bi t s hi n di n c a card trong qu trnh boot. bi t xem k t
www.nhipsongcongnghe.net
qu nh n bi t card m ng, ta c th xem xt cc thng bo c a kernel Linux trong qu trnh boot c a h th ng qua l nh dmesg
Freeing unused kernel memory: 60k freed Adding Swap: 72572k swap-space (priority -1) eth0: 3c509 at 0x300 tag 1, BNC port, address 00 a0 24 4f 3d dc, IRQ 10. 3c509.c:1.16 (2.2) 2/3/98 becker@cesdis.gsfc.nasa.gov. eth0: Setting Rx mode to 1 addresses.
Hai dng in m bo r ng card m ng 3c509 c kernel nh n bi t. Trong tr ng h p kernel khng nh n bi t card , chng ta ph i lm l i kernel Linux v t module i u khi n (driver) c a card vo trong kernel hay c u hnh ch load module. c u hnh ti p n i m ng qua TCP/IP chng ta ph i xc quan n a ch IP c a my. Cc thng tin c n bi t l : a ch IP c a my Netmask a ch c a m ng Broadcast a ch IP c a gateway Chng ta s l n l t i m qua cc khi ni m c b n trn v s h c su hn trong ph n TCP/IP c a kha h c. a ch IP c a my l m t dy 4 s vi t d c d ng A.B.C.D, trong m i s nh n gi tri t 0-255. N u my c a b n k t n i m t m ng nh t i nh do b n thi t l p th a ch ki u 192.168.1.D l m t a ch nn t, v i D l cc s khc nhau cho t ng my. N u my c a b n s ha nh p v i m t m ng LAN c tr c v b n mu n k t n i v i cc my khc th h i ng i qu n tr m ng v a ch IP b n c th gn cho my c a mnh cng v i t t c cc thng s ti p theo. Netmask. Tng t nh trn, n u b n t qu n, netmask s l 255.255.255.0 a ch m ng. N u b n t qu n, a ch c a m ng s l 192.168.1.0 Broadcast. N u b n t qu n, broadcast l 192.168.1.255 a ch gateway. y l a ch c a my cho php b n k t n i v i m ng LAN khc, t c l cc my tnh v i 3 s u c a a ch khng gi ng b n l 192.168.1. B n b tr ng n u b n ch lin l c v i cc my cng m ng 192.168.1.XXX. Ch l a ch m ng c a my gateway b t bu c ph i trng v i a ch m ng c a b n. Sau khi xc nh cc thng s , v d nh nh r cc thng tin lin
www.nhipsongcongnghe.net
suy ra network address = 192.168.1.0 v broadcast = 192.168.1.255 Gateway = 192.168.1.1 5.1.2. C u hnh card m ng L nh ifconfig Sau khi lm cho kernel nh n bi t s hi n di n c a card m ng, cng tc ti p theo l c u hnh TCP/IP cho card. Trong qu trnh ci t Linux Redhat 6.X, bnh th ng chng ta c chng trnh ci t h i v c u hnh h . Trong tr ng h p khi chng ta b sung card m ng sau khi Linux c ci t, chng ta c th s d ng ti n ch netconf cho m c ch ny ho c chng ta s d ng l nh ifconfig t ci t. L nh ifconfig c s d ng trong qu trnh boot h th ng c u hnh cc trang thi t b m ng. Sau , trong qu trnh v n hnh, ifconfig c s d ng cho debug, ho c cho ng i qu n tr h th ng thay i c u hnh khi c n thi t . L nh ifconfig khng c ty ch n dng hi n th c u hnh hi n t i c a my.
[root@pasteur tnminh]# /sbin/ifconfig eth0 Link encap:Ethernet HWaddr 00:A0:24:4F:3D:DC Bcast:192.168.2.255 MTU:1500 Metric:1 inet Mask:255.255.255.0 addr:192.168.2.20
RX packets:531 errors:4 dropped:0 overruns:0 frame:4 TX packets:1854 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:100 Interrupt:10 Base address:0x300 lo Link encap:Local Loopback inet addr:127.0.0.1 UP LOOPBACK RUNNING Mask:255.0.0.0 MTU:3924 Metric:1
RX packets:1179 errors:0 dropped:0 overruns:0 frame:0 TX packets:1179 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0
gn
u tin ta dng l nh
broadcast
255.255.255.0
Linux cho php b n s d ng b danh (alias) cho card m ng, t c l cho php b n c nhi u a ch IP cho cng m t card v t l. K t qu nh n c g n gi ng nh b n c g n nhi u card v t l ln my. Do , b n c th dng m t card n i v i nhi u m ng logic khc nhau. C php c a l nh ny l :
www.nhipsongcongnghe.net
ifconfig eth0:0 208.148.45.58 208.148.45.255 up netmask 255.255.255.248 broadcast
Cc t p tin c u hnh c a k t n i m ng l /etc/sysconfig/network-scripts/ifcfg-ethX v i X l 0,1 ... hay 0:0, 0:1 .... B n c th thay i c u hnh k t n i m ng b ng cch s a i l i t p tin ny b ng m t chng trnh so n th o text nh mc ch ng h n, sau kh i ng l i k t n i m ng b ng
/etc/rc.d/init.d/network restart
Nh ki m tra l i k t qu qua l nh ifconfig. L nh route L nh route cho php lm cc thao tc n b ng d n ng (forwarding table) c a kernel. N c s u tin xc nh ng d n c nh (static) n nh ng my ho c nh ng m ng qua cc card m ng ethernet c c u hnh tr c b i ifconfig. L nh route khng c ty ch n (option) cho php hi n th b ng d n ng hi n t i c a kernel (L nh netstat r cng c tc d ng tng t )
[root@pasteur tnminh]# /sbin/route Kernel IP routing table Destination 192.168.2.20 192.168.2.0 127.0.0.0 default Gateway * * * Genmask Flags Metric Ref Use Iface 0 0 0 UG 0 0 0 0 0 0 0 0 eth0 eth0 lo U U 255.255.255.255 UH 255.255.255.0 255.0.0.0
192.168.2.10
0.0.0.0
0 eth0
c n i v i m t m ng 208.148.45.56 ta dng l nh
n i vo m t m ng logic
Cng tc cu i cng l ph i ch ra cc
a ch c a gateway m c
nh.
www.nhipsongcongnghe.net
Bi t s d ng thnh th o c php c a 2 l nh ifconfig v route r t quan tr ng, n cho php cc cn b qu n tr thay i c u hnh k t n i m ng c a m t server m t cch nhanh chng v khng ph i kh i ng l i my. V v y, server lun s n sng. B n cng c th s d ng ti n ch netconfig c u hnh lin k t m ng n u cha thnh th o nhi u c php c a cc l nh trn. L nh ping ng d ng c a l nh ny l th xem 2 my c k t n i c v i nhau cha. C php c b n c a l nh r t n gi n l ping a_ch _IP_my_ ch. V d nh
[tnminh@proxy tnminh]$ ping sun PING sun.vnuhcm.edu.vn (172.16.1.4): 56 data bytes 64 bytes from 172.16.1.4: icmp_seq=0 ttl=255 time=0.1 ms 64 bytes from 172.16.1.4: icmp_seq=1 ttl=255 time=0.2 ms 64 bytes from 172.16.1.4: icmp_seq=2 ttl=255 time=0.1 ms 64 bytes from 172.16.1.4: icmp_seq=3 ttl=255 time=0.1 ms --- sun.vnuhcm.edu.vn ping statistics --4 packets transmitted, 4 packets received, 0% packet loss round-trip min/avg/max = 0.1/0.1/0.2 ms
N u 2 my c th lin l c c v i nhau, chng ta s bi t thm th i gian tr l i cho bi t s thng thong v m ng gi a 2 my. C th ni, ping ph i ch y tr c tin tr c t t c cc ho t ng m ng khc. Ch : Nn s d ng ping n k t qu th k t n i m ng. L nh Traceroute y cng l l nh cho php ch n on ho t ng c a m ng. C php c a l nh gi ng nh l nh ping nhng k t qu khng ch d ng s tr l i m cn ch ra cc thi t b trung gian n m gi a 2 my.
# tnminh@nefertiti ~ > traceroute 203.162.44.33 traceroute to 203.162.44.33 (203.162.44.33): 1-30 hops, 38 byte packets 1 makeda.pasteur.fr (157.99.64.3), 1.66 ms, 1.66 ms, 1.66 ms (195.25.28.149), 5.0 ms, 4.17 ms, 2 418.ATM4-0.GW21.Defense.OLEANE.NET 4.17 m
trnh tr c tr c do d ch v DNS lm nh h ng t i vi c
3 FastEth0-0.GW16.Defense.OLEANE.NET (195.25.25.208), 4.17 ms, 4.17 ms, 4.17s 4 ms 100.ATM6-1.GW2.Telehouse.OLEANE.NET (194.2.3.245), 5.0 ms, 5.0 ms, 5.0
..............
www.nhipsongcongnghe.net
14 210.132.93.210 (210.132.93.210), 849 ms (ttl=241!), 807 ms (ttl=241!), 970 s (ttl=241!) 15 202.167.121.195 (203.162.3.42), 1 88 ms (ttl=242!) (202.167.121.195), 905 ms !H 203.162.3.42
L nh traceroute l m t cng c hi u qu cho php ta pht hi n l i trong qu trnh phn ng (IP routing). V d k t n i t A -> C c tr c tr c v v i traceroute t i C t my A, ta c th pht hi n ra my A k t n i my B, r i my B l i k t n i my A ... do c u hnh routing c a A v B sai. Ch l khi chng ta th k t n i v i m t my xa trong Internet, do nhi u m ng p d ng cc b c t ng l a (firewall) nn nhi u khi l nh ping v traceroute khng ch y nhng trn th c ch t l m ng v n thng. 5.1.3. Cc ti n ch m ng: Telnet v ftp Telnet
Telnet l m t ti n ch cho php ng nh p vo m t my tnh xa v lm vi c gi ng nh v i my t i ch . V d , c th dng telnet ch y m t chng trnh trong m t siu my tnh cch xa hng ngn d m. Telnet s d ng giao th c TCP/IP, c ng 23. S d ng: gi s my c a b n ang ch y Window v b n c c p m t ti kho n trong my ch Linux. 1. Nh n chu t vo "Start" ch n "RUN". 2. G vo: telnet <tn hay a ch IP> c a my ch m b n c ti kho n. V d "telnet linuxcourse.iti.edu.vn v nh n OK. 3. N u k t n i n my ch thng su t, m t c a s s hi n ln m i b n cung c p tn ti kho n v m t kh u. 4. Nh p vo tn ti kho n username v password 5. ng nh p thnh cng th b n s mnh. dng nh p. ng t i th m c nh (home directory) c a hi n th t t c
FTP l vi t t t c a T p Transfer Protocol, m t ti n ch t i t p xa. V i ftp c th l y t p my t xa v my tnh c a mnh (download) v ng c l i, g i m t t p t my c a mnh ln my xa (upload) n u b n c quy n write vo th m c my . FTP s d ng giao th c TCP/IP, c ng 21. S d ng FTP Cch t i xu ng (download):
www.nhipsongcongnghe.net
Telnet vo my
xa. xa>.
G l nh ftp <tn my
My s yu c u tn ng nh p v password. M t trong nh ng ch cho php m i ng i t i t p v t do l dng tn ng nh p "anonymous" v password l a ch email c a b n. Chuy n n th m c c cc t p ta mu n t i v . G l nh: get <tn t p mu n t i v >. k t thc g quit.
Cch t i ln (upload): Tng t nh trn, nhng dng cu l nh put thay cho cu l nh get. 5.2. Ci t diul-up trn Linux 5.2.1. Ci t Ch n Internet Configuration Wizard tug menu System configuration
Sau mn hnh ny s ch th
www.nhipsongcongnghe.net
www.nhipsongcongnghe.net
Ch n gn IP
ng, ch n Forward
www.nhipsongcongnghe.net
n y chng ta hon t t b c ci
t modem.
My tnh b t
c c t vo /var/log/message.
www.nhipsongcongnghe.net
yess wait... Khi xong mn hnh network configuration s bo giao di n ppp0 l active.
www.nhipsongcongnghe.net
C th ki m tra a chi IP ng v my cung c p DHCP qua l nh ifconfig -a
t ki m tra.
L p trnh shell l m t trong nh ng cng c h u ch nh t cho vi c qu n tr h th ng. Kh nng vi t m t chng trnh ng n hon thnh m t cng vi c i h i nhi u th i gian m nh hn r t nhi u so v i cc cng c qu n tr Linux khc c bi t n. L p trnh Shell c th lm cho cu c s ng c a ng i qu n tr tr ln d th hn v n l m t k nng b t bu c i v i ng i qu n tr Linux. C th nh n th y c r t nhi u cng vi c c a nh ng ng i qu n tr h th ng i m t hng ngy lin quan n cc file v th m c. B t c khi no b n ph i x l v i m t s l ng l n cc file, l p trnh shell s lm cho cng vi c c a b n tr ln d dng hn. Ph n ny s ch cho b n cch l p trnh Shell c b n, n c th gip cho b n th c hi n cc cng vi c hng ngy. 6.1. T o v ch y chng trnh Shell N m t cch n gi n nh t, l p trnh shell ch l cc file ch a m t ho c nhi u cu l nh shell hay cu l nh Linux. B n c th s d ng cc chng trnh n gi n th c hi n cc cng vi c l p i l p l i, thay cho hai hay nhi u cu l nh lun lun c th c thi cng nhau b ng m t cu l nh, t ng ci t cc chng trnh khc, v vi t cc ng d ng tng tc n gi n. t o m t chng trnh shell, b n ph i t o m t file s d ng m t trnh so n th o v a cc cu l nh shell hay Linux m b n mu n c th c thi vo trong file. Gi s r ng b n c m t CD-ROM c g n vo h th ng Linux. Thi t b CD-ROM ny c g n vo h th ng khi h th ng c kh i ng l n u. N u b n c n thay i a CD c trong CD b ng m t a CD m i. M t cch b n th c hi n c cng vi c ny l b n nh CD-ROM kh i h th ng s d ng cu l nh umount, v sau g n l i s d ng cu l nh mount . Cc cu l nh ch ra d i y cho b n th y tu n t cc b c th c hi n:
umount /dev/cdrom mount /dev/cdrom /cdrom
Thay vi c g c hai cu l nh m i l n b n thay i a CD, b n c th t o m t chng trnh shell th c hi n c hai cu l nh ny cho b n. t o chng trinh shell ny b n a c hai cu l nh vo trong m t file c tn l remount (ho c m t tn b t k no khc m b n mu n). C m t vi cch th c hi n cc cu l nh trong file remount. Cch th nh t l b n thay i thu c tnh cho file ny c th th c thi b ng cch th c hi n cu l nh sau:
chmod +x remount
Cu l nh ny thay i quy n c a file lm cho file c th th c thi. trnh shell m i, g remount trn dng l nh.
ch y chng
www.nhipsongcongnghe.net
ki m c a b n, n u khng h th ng s khng tm th y chng trnh th c thi. N u b n khng chay c chng trnh b i v file khng c tm th y, hy xc nh ng d n. Ho c n u b n s d ng tcsh vi t chng trnh, dng u tin c a chng trnh shell ph i b t u v i # tcsh nh n ra n nh m t file chng trnh tcsh. Th c ra, cch an ton ( m b o ) nh t l dng u c a m i chng trnh shell b n thm #!/bin/sh m b o chng trnh shell c th c thi nh m t ti n trnh Bourne shell. i u ny ngn ch n nhi u v n v i ngn ng l p trnh C, shell s c g ng thng d ch c php Bourne shell.
M t cch khc l b n c th th c thi chng trnh shell l ch y shell m chng trnh c vi t theo n v tn chng trnh nh m t khai bo cho shell. Trong tr ng h p m t chng trinh tcsh, b n th c hi n cu l nh sau:
tcsh remount
Cu l nh ny ch y m t shell m i v ni cho n th c thi cc cu l nh trong file remount. Cch th ba th c thi cc cu l nh trong m t file chng trnh shell l s d ng cu l nh . (d u ch m) v i c shell pdksh v bash ho c cu l nh source trong shell tcsh. Cc cu l nh ny ni cho shell th c thi file c truy n vo nh i s . V d , b n c th s d ng cu l nh sau ni cho bash ho c pdksh th c thi cc cu l nh trong file remount:
. remount
lm tng t
source remount
i v i tcsh, s d ng cu l nh sau:
V d sau trnh b y m t tnh hu ng khc, trong vi c s d ng chng trnh shell s gip ti t ki m r t nhi u th i gian. Gi s r ng b n ph i lm vi c v i ba file khc nhua trong m t th m c m i ngy, v b n mu n d phng ba file ny vo m t a m m vo cu i m i ngy. th c hi n c cng vi c ny, b n ph i g m t lo t cc l nh:
mount -t msdos /dev/fd0 /a cp file1 /dev/fd0 cp file2 /dev/fd0 cp file3 /dev/fd0
M t cch d phng cc file l g n a m m vo h th ng v sau g ba cu l nh copy, m i l nh cho m t file b n mu n copy. M t cch n gi n hn l a b n cu l nh ny vo trong m t file c tn l backup v sau th c hi n cu l nh backup khi b n mu n copy ba file ny vo a m m.
www.nhipsongcongnghe.net
B n v n ph i m b o chng trnh file shell backup c th th c thi v n m trong m t th m c m c trong ng d n c a b n tr c khi ch y cu l nh. B n hy c n th n khi s d ng m t tn file, n c th tng ng v i tn c a m t cu lnh h th ng. V d , n u c m t chng trnh c g i l backup trong ng d n m shell tm ki m tr c khi c th m c hi n t i, cu l nh c th c thi thay cho file cu l nh shell. V l do ny, hy c s d ng cc tn file cho k ch b n shell c a b n khng g n v i cc cu l nh Linux.
6.2. S d ng cc bi n Cng gi ng nh v i h u h t cc ngn ng l p trnh, vi c s d ng cc bi n l r t quan tr ng trong cc chng trnh shell. T t nhin, b n c nhn th y m t vi ki u bi n tr c . M t vi v d ni chung v bi n c s d ng l bi n PATH v bi n TERM. Cc bi n ny l cc v d v cc bi n shell s n c, l cc bi n c nh ngha b i chng trnh shell m b n ang s d ng. Ph n ny miu t cch lm th no b n t o cc bi n c a chnh b n v s chng trong m t vi chng trnh shell. 6.2.1. Gn m t gi tr cho m t bi n
Trong c ba shell c cung c p b i Linux ( shell Bourne, Korn, v C ), b n c th gn m t gi tr cho m t bi n b ng cch g tn bi n theo su b i d u b ng v sau g gi tr m b n mu n gn cho bi n. V d , gn m t gi tr 5 cho m t bi n c tn l count, vo cu l nh sau trong bash ho c pdksh:
count=5
V i tcsh, vo cu l nh sau
set count = 5
t c k t qu tng t :
Khi thi t l p m t bi n cho shell bash v pdksh, hy ch c ch n r ng khng c d u cch c hai bn d u b ng. V i tcsh, i u ny khng quan tr ng.
B i v ngn ng shell l m t ngn ng k ch b n phi ki u, b n khng ph i khai bo bi n nh b n c th t ng lm i u ny trong l p trnh C hay Pascal. B n c th s d ng cng m t bi n lu tr xu k t hay s nguyn. B n lu m t chu i k t vo trong m t bi n cng gi ng nh vi c b n lu m t s nguyn vo m t bi n, nh c th th y trong v d d i y:
www.nhipsongcongnghe.net
name=Garry (for pdksh and bash) set name = Garry (for tcsh)
c th l y gi tr tr c lu tr trong bi n
Khi b n ch y chng trnh shell yu c u hay h tr m t s cc ty ch n dng l nh, m i ty ch n ny c lu tr trong m t i s . is u tin c lu tr trong m t bi n c tn l 1, i s th hai c lu tr trong bi n c tn l 2, v ti p t c nh th . Shell t tn cc bi n ny, v v y b n khng th t tn nh th cho cc bi n m b n nh ngha. l y gi tr t cc bi n ny, b n ph i t tr c tn bi n v i m t d u $ nh b n lm i cc bi n m b n nh ngha. Chng trnh shell reverse d i y ch nh n hai i s . Chng trnh l y hai i s dng l nh v in ra i s th hai dng u tin v i s u tin dng th hai:
echo "$2" echo "$1"
Chng trnh s tr l i k t qu
there hello
M t s cc bi n shell quan tr ng c xy d ng s n m b n c n bi t khi lm vi c nhi u v i l p trnh shell. B ng 6.2.1 a ra danh sch cc bi n ny v m t tm t t m i bi n c s d ng lm g. B ng 6.2.1 Cc bi n shell c s n. Bi n S d ng $# $? $0 $* Lu s cc Lu t i s dng l nh c a vo chng trnh shell Lu gi tr t n t i c a cu l nh c th c thi sau cng u tin c a cu l nh c a vo, l tn c a chng trnh shell is c a vo t dng l nh ("$1 $2 ...") Lu t t c cc
www.nhipsongcongnghe.net
"$@" Lu t t c cc "$2" ...) is c a vo t dng l nh, c d u nhy kp ring ("$1"
6.3. S d ng d u trch d n Vi c s d ng cc d u trch d n l r t quan tr ng trong l p trnh shell. Shell s d ng c hai ki u d u trch d n v k t v d u g ch cho ng c th c hi n cc ch c nng khc nhau. C d u nhy kp (""), d u nhy n (''), v d u g ch ng c (\) c s d ng n cc k t c bi t trong shell. Cc d u nhy c m t ngha c bi t trong shell v n khng nn s d ng ch a cc xu. M i m t phng th c c m t m c che d u khc nhau cc k t c bitk trong shell. Khi b n bao quanh cc k t v i d u nhy kp, t t c cc k t tr ng c n trong shell, nhng t t c cc k t khc v n c thng d ch. Ki u d u nhy kp ny s d ng h u ch nh t khi b n gn cc chu i ch a nhi u hn m t t vo m t bi n. V d , gn chu i hello there cho bi n greeting, nh p vo cu l nh sau:
greeting="hello there" (in bash and pdksh) set greeting = "hello there" (in tcsh)
Cu l nh ny lu tr ton b chu i hello there vo bi n greeting nh m t t . N u b n g vo cu l nh m khng s d ng d u nhy kp, bash v pdksh c th khng hi u cu l nh v c th tr l i m t thng bo l i, v tcsh c th gn gi tr hello cho bi n greeting v b qua ph n ui c a dng l nh. D u nhy n l hnh th c s d ng m nh nh t c a d u nhy. Chng n t t c cc k t c bi t trong shell. Ki u d u nhy ny h u ch n u cu l nh c a b n a vo c d ng cho m t chng trnh hn l cho shell. V d , b n c th s d ng d u nhy n ghi chu i hello there, nhng b n khng th s d ng phng th c ny trong m t s tr ng h p. V d , n u chu i c gn cho bi n greeting ch a bi n khc, b n ph i s d ng d u nhy kp. Gi s r ng b n mu n a tn c a ng i s d ng trong bi n greeting. B n g cu l nh sau:
greeting="hello there $LOGNAME" (for bash and pdksh) set greeting="hello there $LOGNAME" (for tcsh)
Cu l nh ny lu tr gi tr hello there root vo trong bi n greeting n u b n ng nh p vo Linux l root. N u b n c ghi cu l nh ny s d ng d u nhy n, d u nhy
www.nhipsongcongnghe.net
n s lm n d u $ trong shell, v shell khng bi t r ng n c yu c u th c hi n thay th m t bi n. K t qu , bi n greeting c gn gi tr hello there $LOGNAME. S d ng d u g ch ng c l cch th ba che d u cc k t c bi t trong shell. Gi ng nh phng th c d u nhy n, d u g ch ng c n t t c cc k t c bi t trong shell, nhng n ch c th n m t k t t i m t th i i m, ch khng ph i m t nhm cc k t . B n c th vi t l i v d greeting s d ng d u g ch ng c thay cho d u nhy kp b ng cch s d ng cu l nh sau:
greeting=hello\ there (for bash and pdksh) set greeting=hello\ there (for tcsh)
Trong cu l nh ny, d u g ch ng c n k t tr ng trong shell v chu i hello there c gn cho bi n greeting. D u g ch ng c th ng c s d ng nhi u nh t khi b n mu n n ch m t k t trong shell. V n ny xu t hi n khi b n mu n a vo m t k t c bi t trong m t chu i. V d , lu gi c a m t h p a my tnh vo m t bi n c tn l disk_price, s d ng cu l nh sau.
disk_price=\$5.00 (for bash and pdksh) set disk_price = \$5.00 (tcsh)
D u g ch ng c trong v d ny n d u la trong shell. N u d u g ch ng c khng c , shell c th c tm m t bi n c tn l 5 v th c hi n m t php thay th bi n trn bi n . N u khng c bi n tn l 5 c nh ngha, shell c th m t gn gi tr .00 cho bi n disk_price. ( shell ny c th thay th m t gi tr r ngcho bi n $5 ) B n cng c th s d ng d u nhy n trong v v disk_price n k hi u $ trong shell. D u nhy ng c (``) th c hi n m t ch c nng khc. B n s d ng chng khi b n mu n s d ng cc k t qu c a m t cu l nh trong m t cu l nh khc. V d , t gi tr c a bi n contents b ng danh sch cc file c trong th m c hi n t i, g cu l nh sau:
contents=`ls` (for bash and pdksh) set contents = `ls` (for tcsh)
Cu l nh ny th c thi cu l nh ls v lu k t qu c a cu l nh vo bi n contents . Nh s c ch ra trong cc o n sau, c i m ny c th r t h u ch khi b n mu n ghi k t qu c a m t chng trnh shell th c hi n m t vi ho t ng vo trong m t cu l nh khc. 6.4. S d ng cu l nh test Trong bash v pdksh, cu l nh test c s d ng tnh gi tr c a m t bi u th c c i u ki n. Thng th ng, b n s d ng cu l nh test tnh gi tr i u ki n trong m t
www.nhipsongcongnghe.net
l nh c i u ki n ho c tnh gi tr Cu l nh test c c php sau:
test expression
u vo hay i u ki n t n t i cho m t cu l nh l p.
ho c
[ expression ]
B n c th s d ng m t vi ton t c s n v i cu l nh test. Cc ton t ny c phn lo i thnh b n nhm khc nhau: cc ton t xu, cc ton t s , cc ton t file, v cc ton t logic. B n s d ng cc ton t xu tnh gi tr bi u th c xu. B ng 6.4.1 a ra danh sch cc ton t xu m ba ngn ng l p trnh shell h tr . B ng 6.4.1 Cc ton t chu i cho cu l nh test. Ton t str1 = str2 str1 != str2 str -n str -z str ngha Tr l i gi tr true n u str1 gi ng v i str2 Tr l i gi tr true n u str1 khng gi ng str2 Tr l i gi tr true n u str khc r ng Tr l i gi tr true n u Tr l i gi tr true n u di c a str l n hn 0 di c a str b ng 0
Cc ton t s th c hi n cc ch c nng tng t cc ton t string ngo i tr vi c chng ho t ng trn cc i s ki u s . B ng 6.4.2 li t k danh sch cc ton t s c s d ng trong cu l nh test. B ng 6.4.2 Cc ton t s cho cu l nh test. Ton t int1 -eq int2 int1 -ge int2 int1 -gt int2 int1 -le int2 int1 -lt int2 int1 -ne int2 B ns d nh ki m no, file cc ton t ngha Tr l i gi tr true n u int1 b ng int2 Tr l i gi tr true n u int1 l n hn ho c b ng int2 Tr l i gi tr true n u int1 l n hn int2 Tr l i gi tr true n u int1 nh hn int2 Tr l i gi tr true n u int1 nh hn int2 Tr l i gi tr true n u int1 khng b ng int2
ng cc ton t file cho cu l nh test th c hi n cc ch c nng ch ng h n tra xem cc file c t n t i hay khng v ki m tra xem file thu c lo i c a vo nh m t i s cho cu l nh test. B ng 6.4.3 a ra danh sch file cho cu l nh test.
www.nhipsongcongnghe.net
B ng 6.4.3 Cc ton t File cho cu l nh test. Ton t -d file -f file -r file -s file -w file -x file ngha Tr l i gi tr true n u file c xc Tr l i gi tr true n u file c xc Tr l i gi tr true nu file xc Tr l i gi tr true n u file xc Tr l i gi tr true n u file xc nh c nh l m t th m c nh l m t file thng th ng c b i ti n trnh di khc 0
nh l c th
B n s d ng cc ton t logic cho cu l nh test k t h p cc ton t s , xu, hay file ho c ph nh m t ton t n s , xu, ho c file. B ng 6.4.4 a ra danh sch c ton t logic cho cu l nh test. B ng 6.4.4 Cc ton t Logic ch cu l nh test. Ton t ! expr Expr1 -a expr2 Expr1 -o expr2 ngha Tr l i gi tr true n u expr khc true Tr l i gi tr true n u expr1 v expr2 l true Tr l i gi tr true n u expr1 ho c expr2 l true
Shell tcsh khng c cu l nh test, nhng cc bi u th c c a tsch th c hi n cc ch c nng tng t . Cc ton t tcsh h tr h u h t gi ng nh c h tr trong ngn ng C. B n th ng s d ng cc bi u t c ny trong cc cau l nh if v while. Trong o n sau,ph n "S d ng cc l nh c i u ki n " v "S d ng cc l nh l p " s ni v cc cu l nh ny. Gi ng nh cu l nh test trong bash v pdksh, cc bi u th c trong tcsh h tr cc ton t s , xu, file, v logic. B ng 6.4.5 a ra danh sch cc ton t c h tr trong c bi u th c c a tcsh. B ng 6.4.5 Cc tan t s cho for cc bi u th c tcsh. Ton t int1 <= int2 int1 >= int2 int1 < int2 int1 > int2 ngha Tr l i gi tr true n u int1 nh hn int2 Tr l i gi tr true n u int1 l n hn ho c b ng int2 Tr l i gi tr true n u int1 nh hn int2 Tr l i gi tr true n u int1 l n hn int2
B ng 6.4.6 a ra danh sch cc ton t xu m cc bi u th c c a tcsh h tr . Table 6.4.6. Cc ton t xu cho cc bi u th c c a tcsh. Ton t ngha
www.nhipsongcongnghe.net
str1 == str2 str1 != str2 Tr l i gi tr true n u str1 b ng str2 Tr l i gi tr true n u str1 khng b ng str2
B ng 6.4.7 a ra danh sch c ton t file m cc bi u th c tcsh h tr . B ng 6.4.7 Cc ton t File cho cc bi u th c tcsh. Ton t -r file -w file -x file -e file -o file -z file -f file -d file ngha Tr l i gi tr true n u file c th c c Tr l i gi tr true n u file c th ghi c Tr l i gi tr true n u file c th th c thi Tr l i gi tr true n u file t n t i Tr l i gi tr true n u file c s h u b i ng i s d ng hi n t i Tr l i gi tr true n u file c kch th c b ng 0 Tr l i gi tr true n u file l file thng th ng Tr l i gi tr true n u file l m t th m c
B ng 6.4.8 a ra danh sch cc ton t logic c h tr trong cc bi u th c c a tcsh. Table 6.4.8 Cc ton t Logical cho c bi u th c c a tcsh. Ton t exp1 || exp2 exp1 && exp2 ! exp ngha Tr l i gi tr true n u exp1 l true ho c exp2 l true Tr l i gi tr true n u c hai exp1 v exp2 l true Tr l i true n u exp khc true
6.5. S d ng cc cu l nh r nhnh Trong cc shell bash, pdksh v tcsh, m i shell c hai hnh th c khc nhau c a cu l nh r nhnh. B n s d ng cc l nh ny th c thi cc ph n khc nhau c a chng trnh shell ph thu c vo cc i u ki n nh t nh c ng hay khng. V i h u h t cc l nh th c hi n, c php cho cc cu l nh ny khc nhau gi a cc shell. 6.5.1. L nh if T t c ba shell u h tr cc cu l nh if-then-else statements l ng nhau. Cc l nh ny cung c p cho b n cch th c hi n cc cu l nh test i u ki n ph c t p trong chng trnh shell c a b n. C php c a l nh if trong bash v pdksh l gi ng nhau:
if [ expression ] then
www.nhipsongcongnghe.net
commands elif [ expression2 ] commands else commands fi
Ch r ng shell bash v pdksh s d ng o ng c c a tn cu l nh trong hu h t cc l nh ph c t p k t thc cu l nh. Trong l nh bn trn, t kha fi c s d ng lm k hi u k t thc cho cu l nh if. C hai m nh elif v else u l cc ph n ty ch n c a l nh if. L nh elif l rt g n c a else if. L nh ny c th c thi n u cc bi u th c n m trong l nh if ho c t t c cc bi u th c trong cc l nh elif tr c u khng c gi tr true. Cc cu l nh n m trong l nh else c th c thi ch n u khng m t bi u th c no trong m nh if v trong b t k m nh elif no c gi tr true. Trong tcsh, l nh if c hai d ng khc nhau. D ng th nh t cung c p cng m t ch c nng nh l nh if trong bash v pdksh. D ng ny c a l nh if c c php nh sau:
if (expression1) then commands else if (expression2) then commands else commands endif
L i m t l n n a cc ph n if v else c a l nh if l ty ch n. L nh ny cng c th c vi t v i elif. N u m bn trn trnh by ton b chng trnh tcsh, n nn b t u v i dng sau m b o ch y hon h o:
#!/bin/sh
D ng th hai c a l nh if m tcsh cung c p l bi n i n gi n c a l nh if d ng u tin. D ng ny c a l nh if ch tnh gi tr m t bi u th c n. N u bi u th c l true n s th c thi cu l nh n. N u bi u th c l false, khng c i u g x y ra. C php cho d ng ny c a l nh if l nh sau.
if (expression) command
www.nhipsongcongnghe.net
Bn d i l m t v d v s d ng l nh if trong bash hay pdksh. L nh ny ki m tra xem c m t file c tn l a .profile trong th m c hi n t i hay khng:
if [ -f .profile ] then echo "There is a .profile file in the current directory." else echo "Could not find the .profile file." fi
Ch r ng trong v d tcsh dng u tin b t u v i k t #. K hi u ny c yu c u tcsh nh n ra file ch a cc cu l nh l m t file k ch b n tcsh. 6.5.2. L nh case L nh case cho php b n so snh m t m u v i m t s cc m u khc v th c thi m t kh i m n u m t s gi ng nhau c tm th y. L nh case trong shell m nh hn l nh case trong Pascal hay l nh switch trong C. V i l nh shell trong case , b n c th so snh cc xu v i cc k t i di n trong chng; b n c th ch c th so snh cc ki u c li t k ho c cc gi tr s nguyn trong Pascal v C. C php cho l nh case trong bash v pdksh l nh sau:
case string1 in str1) commands;; str2) commands;; *)
www.nhipsongcongnghe.net
commands;; esac
String1 c so snh v i str1 v str2. N u m t trong cc xu ny h v i string1, cc cu l nh bn d i n cho n khi g p hai d u ch m ph y(;;) c th c hi n. N u khng c xu no (str1 ho c str2) h p v i string1, cc cu l nh k t h p v i d u hoa th c th c thi. Cc cu l nh ny l i u ki n case m c nh b i v d u hoa th h p v i t t c cc xu. Cu l nh trong tcsh tng ng v i cu l nh case trong bash v pdksh c g i l l nh switch. L nh ny g n gi v i c php l nh switch trong C. C php cho l nh switch l nh sau:
switch (string1) case str1: statements breaksw case str2: statements breaksw default: statements breaksw endsw
L nh ny x l gi ng n cch s l c a l nh case trong bash v pdksh. M i xu trong t kha case c so snh v i string1. N u xu b t k trong cc xu trn h p v i string1, cc m bn d i n cho n khi g p t kha breaksw keyword c th c hi n. N u khng c xu no ph h p, cc m bn d i t kha default cho n khi g p t kha breaksw c th c thi. M bn d i l m t v d v l nh case trong shell bash hay pdksh. M ny ki m tra xem ty ch n u tin trong dng l nh l -i hay -e. N u n l -i, chng trnh m s cc dng trong m t file xc nh b i ty ch n th hai trong dng l nh b t u v i k t i. N u ty ch n th nh t l -e, chng trnh m s cc dng trong file c xc nh b i ty ch n th hai c a dng l nh b t u v i k t e. N u ty ch n th nh t c a dng l nh khc -i v khc -e, chng trnh s in ra thng tin bo l i trn mn hnh.
case $1 in -i)
www.nhipsongcongnghe.net
count=`grep ^i $2 | wc -l` echo "The number of lines in $2 that start with an i is $count" ;; -e) count=`grep ^e $2 | wc -l` echo "The number of lines in $2 that start with an e is $count" ;; * ) echo "That option is not recognized" ;; esac
V d tng t
# remember that the first line must start with a # when using tcsh switch ( $1 ) case -i | i: set count = `grep ^i $2 | wc -l` echo "The number of lines in $2 that begin with i is $count" breaksw case -e | e: set count = `grep ^e $2 | wc -l` echo "The number of lines in $2 that begin with e is $count" breaksw default: echo "That option is not recognized" breaksw endsw
6.6. S d ng cc l nh l p Ngn ng shell cng cung c p l nh l p m th ng c s d ng nh t. Cc l nh l p ny c thao tc khi b n c n th c hi n m t hnh ng l p i l p l i, ch ng h n nh khi b n x l danh sch cc file.
www.nhipsongcongnghe.net
6.6.1. L nh for L nh for th c thi cc cu l nh ch a trong n m t s l n. L nh for c hai d ng khc nhau trong bash v pdksh. D ng th nh t c a l nh for m bash v pdksh h tr c c php nh sau:
for var1 in list do commands done
Trong d ng ny, l nh for th c thi m t l n cho m i ph n t n m trong danh sch. Danh sch ny c th c thay i ch a cc t c phn bi t v i nhau b i d u cch, ho c n c th l m t danh sch cc gi tr c g tr c ti p vo trong cu l nh. M i l n qua vng l p, bi n var1 c gn cho ph n t hi n t i trong danh sch v ti p t c cho n khi ph n t cu i cng trong danh sch. D ng th hai c a l nh for c c php nh sau:
for var1 do statements done
Trong d ng ny, l nh for th c thi m t l n cho m i ph n t n m trong bi n var1. Khi b n s d ng c php ny c a l nh for, chng trnh shell gi s r ng bi n var1 ch a t t c cc i s c a vo trong chng trnh shell t dng l nh. i n hnh, d ng ny c a l nh for l tng ng v i vi t cc l nh sau:
for var1 in "$@" do statements done
Tng ng v i l nh for trong tcsh l l nh foreach. N x l tng t nh l nh for trong bash v pdksh. C php c a l nh foreach nh sau:
foreach name (list) commands end
www.nhipsongcongnghe.net
M t l n n a, n u m ny l m t chng trnh hon thi n, n nn b t u v i k hi u # (v t t nh t l #!/bin/sh bu c th c thi theo Bourne shell). D i y l m t v d v s d ng l nh for trong bash hay pdksh. V d ny l y cc ty ch n dng l nh s l ng b t k cc file text. Chng trnh c m i file trong cc file ny, chuy n i t t c cc k t thnh ch hoa, v sau lu tr k t qu trong m t file c cng tn nhng c ph n m r ng l .caps.
for file do tr a-z A-Z < $file >$file.caps done
6.6.2. L nh while M t l nh l p khc c a vo ngn ng l p trnh shell l l nh while. L nh ny th c thi m t kh i cc cu l nh theo m t i u ki n no . C php c a l nh while trong bash v pdksh l nh sau:
while expression do statements done
D i y l m t v d v l nh while theo ngn ng shell bash hay pdksh. Chng trnh ny a ra danh sch cc i s c a vo chng trnh cng v i s cc i s .
www.nhipsongcongnghe.net
count=1 while [ -n "$*" ] do echo "This is parameter number $count $1" shift count=`expr $count + 1` done
L nh shift chuy n i s dng l nh ln m t sang bn tri (xem o n sau"L nh shift" bi t thm thng tin). Chng trnh bn d i tng t c vi t cho ngn ng tcsh:
# set count = 1 while ( "$*" != "" ) echo "This is parameter number $count $1" shift set count = `expr $count + 1` end
6.6.3. L nh until L nh until c c php v ch c nng tng t l nh while. Ch c s khc bi t th c s gi a hai l nh l l nh until th c thi m trong kh i c a n khi gi tr c a bi u th c l sai v l nh while th c thi cc kh i l nh c u n n u bi u th c c gi tr l true. C php cho l nh until trong bash v pdksh l nh sau:
until expression do commands done
www.nhipsongcongnghe.net
do echo "This is parameter number $count $1" shift count=`expr $count + 1` done
Ch c s khc nhau trong v d ny l v v d v l nh while l ty ch n -n c a l nh test, n c ngha r ng xu khng c di b ng 0, c thay b i ty ch n -z , n c ngha l chu i c di b ng 0. Trong th c t , l nh until t c dng b i v v i b t k l nh until no, b n cng c th vi t c b ng l nh while. L nh until khng c h tr trong tcsh. 6.6.4. L nh shift T t c cc shell bash, pdksh, v tcsh u h tr m t l nh g i l l nh shift. L nh shift chuy n cc gi tr hi n t i c lu tr trong cc i s dng l nh ln m t v tr sang tri. V d , n u cc gi tr c a cc i s l
$1 = -r $2 = file1 $3 = file2
v b n th c hi n l nh shift
shift
k t qu cc
is
c a vo nh sau:
$1 = file1 $2 = file2
B n c th d ch chuy n cc i s qua nhi u hn m t v tr b i m t s xc v ikm theo v i l nh shift. L nh sau d ch chuy n i s ln hai v tr:
shift 2
nh
L nh ny r t h u ch khi c m t chng trnh shell c n phn tch cc ty ch n dng l nh. Cc tyd ch n th ng c t tr c b i m t d u n i v m t k t ch ra ty ch n no c s d ng. B i v cc ty ch n lun lun c x l trong m t vng l p c a m t lo i cu l nh, b n s th ng mu n nh y n i s ti p theo m t khi b n xc nh c ty ch n no nn c x l ti p theo. V d , chng trnh shell sau ch hai ty ch n dng l nh, m t xc nh m t file u vo v m t xc nh m t file u ra. Chng trnh c file u vo, chuy n t t c cc k t trong file input thnh ch hoa, v sau lu tr k t qu trong file u ra xc nh:
while [ "$1" ] do
www.nhipsongcongnghe.net
if [ "$1" = "-i" ] then infile="$2" shift 2 else if [ "$1" = "-o" ] then outfile="$2" shift 2 else echo "Program $0 does not recognize option $1" fi done tr a-z A-Z <$infile >$outfile
6.6.5. L nh select Shell pdksh a ra m t l nh l p m bash v tcsh khng h tr , l nh select. N hi khc v i cc l nh l p khc b i v n khng th c thi m t kh i m l nh shell theo m t i u ki n true ho c false. Nh ng g l nh select lm l cho php b n t ng t o cc menu text n gi n. C php c a l nh select nh sau:
select menuitem [in list_of_items] do commands done
Khi b n th c thi l nh select, pdksh t o m t i t ng menu c nh s cho m i ph n t c trong list_of_items. list_of_items ny c th l m t bi n ch a nhi u hn m t ph n t , ch ng h n nh choice1 choice2 ho c n c th l m t danh sch cc l a ch n c g vo t dng l nh, nh trong v d sau:
select menuitem in choice1 choice2 choice3
is
Khi ng i s d ng c a chng trnh c ch a l nh select ch n m t trong s cc ph n t c a menu b ng cch g vo s tng ng v i n, l nh select lu gi tr c a ph n t c l a ch n trong bi n menuitem. Cc l nh trong kh i do sau c th th c hi n cc ho t ng trn ph n t menu ny.
www.nhipsongcongnghe.net
D i y l m t v d v vi c s d ng l nh select nh th no. V d ny hi n th ba ph n t c a menu. Khi ng i s d ng ch n m t ph n t , chng trnh s h i b n xem c ph i ph n t c l a ch n khng, n u ng i s d ng g khc v i y ho c Y, chng trnh s hi n th l i menu.
select menuitem in pick1 pick2 pick3 do echo "Are you sure you want to pick $menuitem" read res if [ $res = "y" -o $res = "Y" ] then break fi done
V d ny gi i thi u m t vi l nh m i. L nh read c s d ng l y d li u vo t ng i s d ng. N lu b t k ci g ng i s d ng g vo bi n xc nh. L nh break k t thc vng l p l nh while, select, ho c for. 6.6.6. L nh repeat Shell tcsh c m t l nh l p khng c trong pdksh hay bash. L nh ny l l nh repeat. L nh repeat th c thi cu l nh n theo m t s l n xc nh. C php cho l nh repeat l nh sau:
repeat count command
www.nhipsongcongnghe.net
6.7. S d ng cc hm Ngn ng shell cho php b n d nh ngha hm c a chnh b n. Cc hm ny c nh ngha gi ng nh cch b n nh ngha cc hm trn ngn ng l p trnh C hay cc ngn ng l p trnh khc. Thu n l i chnh c a vi c s d ng hm t ch c, trnh vi t t t c cc m shell c a b n trong m t dng. M c vi t s d ng cc hm c khuynh h ng d hn trong vi c c v b o tr v cng l khuynh h ng nh g n hn b i v b n c th nhm cc m chung vo trong m t hm thay vi c a n vo t t c cc ni c n n. C php t o m t hm trongbash v pdksh l nh sau:
C hai d ng ny
Ch r ng b n c th a s l ng b t k cc i s vo trong hm c a b n. Khi b n a cc i s vo trong m t hm, n xem cc i s ny nh i s c a m t chng trnh shell khi b n a cc i s ny t dng l nh. V d , chng trnh shell sau ch a vi hm, m i hm th c hi n m t nhi m v m c k t h p v i cc ty ch n dng l nh. V d ny bao trm nhi u n i dung trong ph n ny. N c t t c cc file c a vo t dng l nh v ph thu c vo ty ch n c s d ng, vi t ra file v i t t c cc k t hoa, vi t ra file v i t t c cc k t th ng, ho c in cc file.
upper () { shift for i do
www.nhipsongcongnghe.net
tr a-z A-Z <$1 >$1.out rm $1 mv $1.out $1 shift done; } lower () { shift for i do tr A-Z a-z <$1 >$1.out rm $1 mv $1.out $1 shift done; } print () { shift for i do lpr $1 shift done; } usage_error () { echo "$1 syntax is $1 <option> <input files>" echo "" echo "where option is one of the following" echo "p -- to print frame files" echo "u -- to save as uppercase" echo "l -- to save as lowercase"; } case $1 in
www.nhipsongcongnghe.net
p | -p) print $@;; u | -u) upper $@;; l | -l) lower $@;; *) usage_error $0;; esac
Chng trnh tcsh khng h tr cc hm. 6.8. T ng k t Trong chng ny, b n th y c nhi u c i m c a cc ngn ng l p trnh bash, pdksh v tcsh. Khi b n s d ng Linux, b n s th y r ng b n s d ng cc ngn ng l p trnh shell cng ngy cng th ng xuyn. Cho d ngn ng shell r t m nh v d h c, b n c th g p ph i m t vi v n khi chng trnh shell khng ph h p v i v n b n gi i quy t. Trong nh ng tr ng h p nh v y, b n c th nghin c u tm hi u cc ngn ng khc c th s d ng c trong Linux.
7. Ci
t v qu n tr WebServer
t trn mi tr ng Linux.
7.1. H ng d n ci
Ci t trn mi tr ng Linux hon ton khng kh nh nh ng g chng ta ngh khi m i ti p xc v i h i u hnh ny. Qu trnh ci t ch n gi n, chng ta th c hi n cu l nh rpm v i c php sau: rpm [ivhqladefUV] [-force] [nodeps] [--oldpackage] package list y l chng trnh qu n l cc gi ci. N cho php b n qu n l cc gi RPM, th c hi n r t d dng vi c ci t v g b ph n m m. ci t ph n m m c tn l precious-software-1.0.i386.rpm ch y cu l nh sau: rpm i precious-software-1.0.i386.rpm b n c th lm cho vi c ci t trng p m t hn b ng cch s d ng ty ch n ivh thay cho ty ch n i. N u b n ci m t gi ph n m m r i nhng v m t l do no b n l i mu n ci l i n ln phin b n c, b n ch c n s d ng ty ch n force cho l nh rpm. N u b n mu n nng c p m t ph n m m, b n s d ng ty ch n U.V d : rpm Uvh precious-software-1.0.i386.rpm Tuy nhin b n ci m t phin b n m i v by gi b n mu n ci l i phin b n c, n u b n mu n s d ng l nh trn, h th ng s bo l i phin b n ci t l phin b n m i hn phin b n m b n mu n ci. c th th c hi n c i u ny b n s d ng
www.nhipsongcongnghe.net
ty ch n --oldpackage cng v i ty ch n U ci t phin b n c. cc gi ci c ci vo h th ng c a b n, b n s d ng l nh sau: rpm -qa tm cc gi ci c a m t chng trnh nh sendmail, b n c th s d ng l nh rpm q sendmail H th ng s tr l i gi ci s d ng ci sendmail. m t file xc nh nh /bin/tcsh, ta s d ng cu l nh: rpm qf /bin/tcsh m b o r ng m t gi c ci cha c thay i theo b t c cch no, b n c th s d ng ty ch n V. V d t t c cc file c ci tr ng thi nguyn b n khng b thay i s d ng l nh rpm Va Ty ch n ny tr ln r t h u ch n u b n nh n th c c r ng m t hay nhi u gi ci c th b ph h y b i ng i khc. g cc gi ci kh i h th ng b n s d ng l nh rpm v i ty ch n e rpm e sendmail N u b n th y r ng vi c g b gi ci c th b d ng b i cc chng trnh khc b i v chng ph thu c vo n hay cc file c a n, b n ph i quy t nh xem b n c ti p t c b gi ci hay chng trnh ny hay khng, n u b n mu n g b b n c th s d ng ty ch n nodeps cng v i ty ch n e p bu c rpm g b gi ci . 7.2. Qu n tr WebServer pht hi n gi ci no c a tm ki m
7.2.1. Ph n m m Apache My ch web nghe yu c u t pha client, nh b trnh duy t Nestcape Navigator ho c Internet Explorer. Khi nh n c yu c u my ch x l yu c u v tr d li u l i cho my client. D li u tr v my tr m th ng l cc trang nh d ng c ch a hnh nh v text. Trnh duy t nh n d li u v hi n th trang d li u cho ng i dng. Khi ni m my ch web r t n gi n, n i yu c u, th c hi n, r i tr l i cho ng i dng.
www.nhipsongcongnghe.net
My ch web ni chuy n v i cc my client v my tr m thng qua giao th c HTTP (Hypertext Transfer Protocol). i u ny cho php my tr m k t n i t i nhi u nh cung c p d ch v web m khng g p ph i cc v n v tng thch. Ph n l n cc yu c u c nh d ng d i d ng trang HTML (Hypertect Markup Language). HTML cho php lin k t nhi u vn b n v ti nguyn khc nhau. Si u vn b n cho php lin k t t i cc trang vn b n khc trn cng m t my tnh ho c trn cc my tnh t trn kh p th gi i. Apache c pht tri n d a trn NCSA web server, l phin b n cung c p y cc tnh nng c a my ch (HTTP) web do d n Apache Server th c h n. Apache cung c p m t my ch web m ngu n m , tin c y, hi u qu v d dng m r ng. Ph n m m my ch bao g m: daemon server, file c u hnh, cng c qu n tr , v ti li u. Ph n m m Apache Server s n c c trn trang Apache Group. B n c th t i v t cc a ch http://www.apache.org/dist/. B n t i v file .tar.gz tng ng v i phin b n b n mu n s d ng. V d , Phin b n m i nh t c vi t l Apache 1.3.12, v v y file b n c n t i v l apache_1.3.12.tar.gz B n c th l y m ngu n t a ch http://www.apache.org/dist/apache_1.3.12.tar.gz. Gi i nn file gi i nn file ny, s d ng cu l nh sau (gi s r ng b n temp): cd temp gzip -d -c apache_1.3.12.tar.gz | tar xvf Cu l nh ny t o m t th m c apache_1.3.12 trong th m c temp file trong th m c
7.2.2. Bin d ch v ci
Ch y cc cu l nh sau: cd apache_1.3.12 ./configure --prefix=<path-to-apache> make make install Ch s d ng ng d n y ny nn l ni b n mu n ci thay cho <path-to-apache>. t apache server, ch ng h n nh ng d n y
ng Apache
www.nhipsongcongnghe.net
<path-to-apache>/bin/apachectl stop V d : /afs/uncc.edu/usr/q/zlian/Apache/bin/apachectl stop 7.2.4. C u hnh Apache Theo cch truy n th ng, c u hnh Apache c chia thnh ba file c u hnh: httpd.conf, access.conf, v srm.conf. Theo th t cc file ny c ngha nh sau, httpd.conf l file c u hnh server chnh, access.conf l file nh ngha cc quy n truy c p, v srm.conf cc ti nguyn server c nh ngha, ch ng h n nh nh x cc th m c v cc bi u t ng. Trong 1.3.4, ba file ny c tr n vo m t file chung httpd.conf, n c th tm th y trong th m c conf. V d : /afs/uncc.edu/usr/q/zlian/apache/conf/ Ch : Cc h ng d n quan tr ng cho c u hnh c a b n:
ServerName ServerName ch ra a ch IP c a my ch ci t d ch v WebServer, thng th ng n u my c a b n l my c c b , khng n i m ng, a ch ny m c nh l 127.0.0.1 tng ng v i tn my l localhost. N u my ny c a ch m ng, b n c th thay th b ng a ch IP c a my. xem a ch c a my b n th c hi n l nh:
ifconfig a
Listen
Ch d n ny ni cho server l ng nghe cc yu c u trn d a ch IP c xc nh v/ho c c ng TCP/IP . M c nh, server l ng nghe c ng 80, nhng b n nn s d ng c ng l n hn 1024, b i v s t hn 1024 r t hay c s d ng trong cc ti n trnh c a h th ng. Nh trong v d sau, Apache nghe trn c hai c ng port 8080 and 8081. listen 8080 listen 8081 V i c u hnh ny, b n c th ki m tra xem server c a b n ch y thnh cng hay cha b ng cch g vo a ch sau trn trnh duy t: http://localhost:8080 ho c http://localhost:8081
DocumentRoot
ti li u html , v
www.nhipsongcongnghe.net
DocumentRoot /usr/web Sau m t truy c p n http://www.my.host.com/index.html s tng ng /usr/web/index.html. Th ng xu t hi n trong khi c u hnh nh sau: (i.e., "DocumentRoot /usr/web/") thm m t k t / ui, b n nn trnh i u ny. 7.2.5. Xc th c ng i dng
ngn ch n truy c p vo cc file trn server c a b n, b n nn s d ng b o v user/password, B n c th s d ng cc h ng d n sau. AuthType AuthName AuthUserFile AuthGroupFile require <Directory></Directory> <Files></Files> AuthType L a ch n ki u xc th c ng i s d ng cho m t th m c. Ch c Basic v Digest l th c thi hi n t i. AuthName t tn c a xc th c cho m t th. Tn xc th c ny s c g i n client nh ng ng i s d ng bi t lo i username v password no g i. AuthName c m t i s ; N u tn xc th c c d u cch n ph i c t trong d u trch d n. AuthUserFile t tn c a file vn b n thu n ty ch a danh sch nh ng ng i s d ng v m t kh u cho vi c xc th c ng i s d ng. Tn file l ng d n n n file ng i s d ng. N u n khng ph i l ng d n tuy t i (v d , n u n khng b t u v i /), N c xem nh ng d n tng i n ServerRoot. AuthGroupFile t tn c a m t file vn b n thu n ty ch a danh sch cc nhm ng i s d ng cho vi c xc th c ng i s d ng. Tn file l ng d n n file group. N u n khng ph i l ng d n tuy t i (v d , khng b t u v i d u /), n c xem nh ng d n tng i n ServerRoot. require Ch n nh ng ng i s d ng no c th truy c o vo m t th m c. C php cho php l: 1. Ch nh ng ng i s d ng c t tn c th truy c p th m c: t tn c th truy c p th require user userid userid ... 2. Ch nh ng ng i s d ng trong cc nhm c m c: 3. T t c nh ng ng i s d ng c th truy c p th m c: require valid-user <Directory> v </Directory> c s d ng nhm m t nhm cc h ng d n v n s ch c p d ng cho th m c c t tn v cc th m c con
www.nhipsongcongnghe.net
c a th m c . M t h ng d n b t k c cho php c trong m t directory c th c s d ng. <Files> v </Files> pcung c p quy n truy c p b i tn file (bao g m ng d n n file). V d : <Directory "/afs/uncc.edu/usr/q/zlian/apache/htdocs/manual"> AuthType Basic AuthName "Restricted Directory" AuthUserFile passwd AuthGroupFile /dev/null require valid-user </Directory> thi t l p file password, b n c th s d ng cng c c tn l htpasswd c cung c p b i Apache. Tr c tin t o file password b ng cch: % touch passwd Trong th m c "<path-to-apache>/bin/". hi n l nh: thm m t ng i s d ng, th c
% htpasswd <path-to-password-file>/passwd zlian New password: Re-type new password: n y b n hon thnh xong vi c c u hnh Apache v th c hi n xc th c ng i s d ng cho d ch v web c a b n.
8. Qu n tr cc ti n trnh
8.1. Ti n Trnh 8.1.1. Ti n trnh ti n c nh Khi b n ang trn d u nh c h th ng (# ho c $) v g i m t chng trnh, chng trnh tr thnh m t ti n trnh v i vo ho t ng d i s ki m sot c a h th ng. D u nh c c a h th ng s khng xu t hi n khi ti n trnh ang ch y Khi ti n trnh hon thnh tc v v ch m d t, h i u hnh s tr l i d u nh c b n g ti p l nh th c thi chng trnh khc. Chng trnh ho t ng theo cch ny c g i l chng trnh ti n c nh (foreground). V d khi b n th c hi n l nh: ls R / B n s ph i ch i r t lu cho n khi l nh th c hi n xong b n m i c th nh p vo l nh m i th c hi n cng vi c ti p theo c a b n. 8.1.2. Ti n trnh h u c nh
www.nhipsongcongnghe.net
N u c cch no yu c u Linux a cc ti n trnh chi m nhi u th i gian x l ho c t tng tc v i ng i dng ra ho t ng pha h u c nh (background) tr l i ngay d u nh c c th th c hi n cc ti n trnh ti n c nh th t t hn. i u ny c th th c hi n c b ng cch k t h p ch th & v i l nh g i chng trnh m ta s tm hi u ph n sau, khi ti n trnh s ho t ng pha h u c nh v tr l i ngay d u nh c cho chng ta lm cng vi c khc. Cc ti n trnh nh v y g i l cc ti n trnh h u c nh. Vi c ch y ti n trnh h u c nh r t thu n ti n , chng cho php nhi u chng trnh tng tc v i nhau. 8.2. i u khi n v gim st cc ti n trnh Nh c p tr c y, cc ti n trnh th ng tr c th ng c b t u b ng ti n trnh init khi kh i ng. B n c th i u khi n ti n trnh no ch y ngay khi kh i ng b ng cch c u hnh l i cc file c u hnh v k ch b n c a init. Ngo i tr cc ti n trnh th ng tr c, cc lo i ti n trnh khc m b n s ch y c g i l cc ti n trnh c a ng i s d ng hay cc ti n trnh tng tc. B n ph i ch y m t ti n trnh tng tc thng qua m t shell. M i m t shell chu n cung c p m t dng l nh khi ng i s d ng vo tn c a m t chng trnh. Khi ng i s d ng vo tn chng trnh h p l trn dng l nh, shell s t t o m t b n copy nh m t ti n trnh m i v thay th ti n trnh m i v i chng trnh c t tn trn dng l nh. Ni m t cch khc shell s ch y chng trnh c t tn nh m t ti n trnh khc. l y thng tin v t t c cc ti n trnh ang ch y trn h th ng c a b n, b n c n ch y ti n ch c tn l ps 8.2.1 S d ng l nh ps l y thng tin tr ng thi c a ti n trnh
Ti n ch ny t o ra m t bo co v t t c cc ti n trnh trn h th ng c a b n. v d , n u b n ch y l nh ps , n s hi n th k t qu nh sau: PID TTY 13636 pts/1 13696 pts/1 13699 pts/1 13700 pts/1 13704 pts/1 16692 pts/1 17252 pts/1 TIME CMD
00:00:00 bash 00:00:00 man 00:00:00 sh 00:00:00 sh 00:00:00 less 00:00:00 tail 00:00:00 ps
D i y l gi i thch v ngha c a cc tr ng
Tr ng USER ho c UID
Gi i Thch Tn c a ti n trnh
www.nhipsongcongnghe.net
PID %CPU %MEM SIZE RSS TTY STAT START TIME COMMAND PRI PPID WCHAN FLAGS ID ( nh danh) c a ti n trnh % CPU s d ng c a ti n trnh % b nh ti n trnh s d ng Kch th c b nh o ti n trnh s d ng
Kch th c c a b nh th c s d ng b i ti n trnh Vng lm vi c c a ti n trnh Tr ng thi c a ti n trnh Th i gian hay ngy b t u c a ti n trnh
T ng th i gian s d ng CPU Cu l nh c th c hi n M c u tin c a ti n trnh ID c a ti n trnh cha Tn c a hm nhn khi ti n trnh ng /boot/System.map S c c k t h p v i ti n trnh c l y t file
Ti n ch ps cng ti p nh n m t vi ch n c s d ng chung:
i s t dng l nh. B ng bn d i ch ra cc ty
Ty Ch n A E L U W
Hi n th tn ng i s d ng v th i gian b t
Txx
www.nhipsongcongnghe.net
X Hi n th cc ti n trnh khng c i u khi n vng lm vi c
V d ps au
hi n th t t c cc ti n trnh b n th c hi n cu l nh:
hi n th t t c cc ti n trnh c a m t ng i no s d ng: ps au | grep username Tuy nhin, n u b n ch mu n tm cc ti n trnh ang t n t i v i ng i s d ng b t k, b n s d ng cu l nh: ps aux tm ki m PID c a m t ti n trnh cha s d ng: ps l pid V i pid l PID c a m t ti n trnh no . ps e Thng tin bi n mi tr ng c b sung vo tr ng COMMAND 8.2.2. Pht tn hi u cho m t chng trnh ang ch y S d ng l nh kill h y m t ti n trnh Cu l nh kill l m t k ch b n shell c xy d ng s n, th ng c tm th y trong th m c /bin. B n c th dng l nh ny d ng m t ti n trnh no . b n c th ch y: kill PID V i PID l PID c a ti n trnh no
www.nhipsongcongnghe.net
S d ng l nh killall h y m t ti n trnh
Ti n ch ny cho php b n d ng m t ti n trnh b ng tn. V d b n c m t ti n trnh c goi l signal_demo.pl v b n mu n d ng ti n trnh ny. B n s d ng l nh: killall signal_demo.pl Ch y m t ti n trnh h u c nh ho c ti n c nh
Thng th ng khi chng ta ch y m t ti n trnh t thi t b u cu i (bn phm) hay shell, b n ch y ti n trnh ti n c nh. Khi b n ch y ti n trnh ti n c nh, b n ph i i cho n k t thc. Tuy nhin, thay v vi c i cho n k t thc, b n c th ch y n h u c nh b ng vi c thm m t k hi u & cu i dng l nh. i u ny h u ch khi m t ti n trnh ch y trong th i gian di v b n c n ph i lm m t cng vi c khc. V d , kh i ng h qu n tr CSDL PosgresSQL v i postmaster b n th c hi n: postmaster i & V y khi no b n bi t m t ti n trnh h u c nh ang ch y hay d ng. B n c th s d ng l nh: ps -af xem t t c cc ti n trnh trong c c ti n trnh T m d ng ti n trnh h u c nh.
N u m t ti n trnh ang ch y ti n c nh v b n mu n a chng vo h u c nh, b n th c hi n cng vi c ny b ng cch nh n t h p phm Ctrl + Z. Khi nh n c tn hi u Ctrl+Z ti n trnh s b t m d ng v c a vo h u c nh. Tuy nhin b n cha bi t c chng trnh c a chng ta d ng cha v chuy n vo h u c nh cha. L nh jobs hi n th tr ng thi c a t t c cc ti n trnh ang ch y h u c nh: [1] Stopped [2]- Stopped [3]+ Stopped man ln (wd: /home/trantu/exam) tail ls -R /
nh th c ti n trnh i
www.nhipsongcongnghe.net
bg 3 M t l n n a ta s d ng l nh jobs, ta s th y thng tin hi n trn mn hnh nh sau: [1] Stopped [2]- Stopped [3]+ Running man ln (wd: /home/trantu/exam) tail ls -R /
chuy n m t ti n trnh t h u c nh sang ch y trn ti n c nh b n dng l nh fg. V d : fg 3 8.2.3. Giao ti p gi a cc ti n trnh i khi cc ti n trnh c n trao i thng tin cho nhau x l. Ch ng h n nh l nh ls c a Linux ch bi t li t k v ghi ton b d li u v thng tin c a file, th m c ra mn hnh. L nh ls khng c c ch d ng khi mn hnh y. Trong khi l nh more l i c kh nng c d li u v a ra mn hnh theo t ng trang ng i dng c th i gian xem qua. Cc chng trnh c n c nhu c u chuy n d li u cho nhau x l. M t c ch c s d ng kh ph bi n trn Linux l pipe ( ng ng). B n s d ng ch th | bi u th ng ng. V d : ls R | more Ho c b n c th tm chnh xc tn ti n trnh nh: ps af | grep [bash] 8.3 L p k ho ch cc ti n trnh 8.3.1 S d ng l nh at Ti n ch at cho php b n s p x p m t cu l nh th c thi trong th i gian sau . V d , xem dung lng a s d ng cho ton b cc file, th muc c a h th ng b n g i ti n ch du vo lc 8:40 p.m, b n c th ch y l nh sau: at 20:40 Cu l nh s hi n th d u nh c at> yu c u b n nh p vo cu l nh th i gian c a vo. B n g vo dng l nh: th c hi n theo
www.nhipsongcongnghe.net
du a > /tmp/du.out Sau khi b n g l nh Enter, n s hi n th l i d u nh c cho php b n nh p vo cc cu l nh ti p theo. B n c th ch n Ctrl+D k t thc. N u v m t l do no , b n mu n d ng c ng vi c m b n l p l ch, b n c th s d ng l nh atrm xa cng vi c tr c khi n c th c hi n. B n c n ph i bi t s th t c a cng vi c m b n mu n h y, tm ra cc cng vi c m b n l p l ch, b n ch y cu l nh atq tm s th t cng vi c, sau dng atrq v i i s l s th t c a cng vi c mu n h y. V d : atrq 1 8.3.2 S d ng crontab C nhi u cng vi c trn Linux c n c l p l ch m t cch th ng xuyn, v d xa cc file c c sinh ra b i h th ng trong th m c tmp hng ngy, hay hng tu n b n c n ph i ch y m t ti n trnh m i ngy hay m i tu n. Ti n ch cron cho php b n th c hi n cc cng vi c nh th . Th c ra cron bao g m crond daemon, c kh i ng b i ti n trnh init. Crond c cc l ch cng vi c t /etc/crontab v cc file trong /var/spoon/cron. Th m c cron ny lu tr cc file l p l ch (th ng c g i l crontab hay cron table) cho nh ng ng i s d ng thng th ng c php ch y cc cng vi c cron. L m t superuser, b n c th xc nh m t danh sch nh ng ng i s d ng c php ch y cc cng vi c cron trong file /etc/cron.allow. Tng t , b n c th xc nh nh ng ng i s d ng khng c php th c hi n cc cng vi c cron trong file /etc/cron.deny. C hai file ny u s d ng m t nh d ng c b n: m t username trn m t dng. N u m t ng i c php th c hi n cc cng vi c cron, ng i c th s d ng ti n ch crontab th c hi n cng vi c l p l ch. V d , khi b n c php, b n c th g l nh: crontab e v so n th o cc cng vi c c n th c hi n. M t cng vi c cron ph i c nh d ng sau:
9. B o m t h th ng
Cng v i s pht tri n khng ng ng c a truy n thng k thu t s , Internet v s pht tri n nh y v t c a n n cng nghi p ph n m m, b o m t my tnh l m t v n ngy cng tr nn quan tr ng. C n ph i hi u r ng khng c h th ng my tnh no l an
www.nhipsongcongnghe.net
ton tuy t ton hn. i. T t c nh ng g b n c th lm l gip cho h th ng c a b n tr nn an
K t khi Linux c pht tri n m t cch r ng ri v nhanh chng, c bi t l trong cc giao d ch kinh doanh quan tr ng, an ninh l m t v n quy t nh s s ng cn c a Linux. V i hng trm cng c b o v s n c, ng i dng Linux c trang b t t hn ngn ch n v duy tr m t h th ng an ton. Linux khng nh ng ho t ng t t m cn c nh ng tnh nng v s n ph m lin quan cho php xy d ng m t mi tr ng tng i an ton. 9.1. Nh ng nguy c an ninh trn Linux Linux v cc ng d ng trn n c th khng t cc l h ng an ninh hn nh ng h i u hnh khc. Theo quan i m c a m t s chuyn gia my tnh, Linux c tnh an ton cao hn cc h i u hnh c a Microsoft, v cc s n ph m c a Microsoft khng c xem xt k l ng v ch t ch b ng cc s n ph m m ngu n m nh Linux. Hn n a, Linux d ng nh l "mi n nhi m" v i virus my tnh (hi n t i c xu t hi n m t vi lo i virus ho t ng trn mi tr ng Linux nhng khng nh h ng g m y n ng i dng Linux). Nhng m t h th ng Linux c c u hnh khng t t s t hn nhi u so v i m t h th ng Microsoft c c u hnh t t !!! Khi c c m t chnh sch an ninh t t v h th ng c c u hnh theo ng chnh sch th s gip b n t o c m t h th ng an ton ( m c m chnh sch c a b n a ra). Nhng s an ton khng ph i l th c th t c nh m t m c tiu cu i cng. ng hn l t p h p c a nh ng cch ci t, v n hnh v b o tr m t h i u hnh, m ng my tnh, ... N ph thu c vo cc ho t ng hng ngy c a h th ng, ng i dng v ng i qu n tr . B n ph i b t u t m t n n t ng ban u v t c i thi n tnh an ton c a h th ng c a b n nhi u nh t c th c m v n m b o cc ho t ng bnh th ng c a h th ng. 9.2. Xem xt chnh sch an ninh c a b n K t n i vo Inernet l nguy hi m cho h th ng m ng c a b n v i m c an ton th p. T nh ng v n trong cc d ch v TCP/IP truy n th ng, tnh ph c t p c a vi c c u hnh my ch , cc l h ng an ninh bn trong qu trnh pht tri n ph n m m v nhi u nhn t khc gp ph n lm cho nh ng h th ng my ch khng c chu n b chu o c th b xm nh p v lun t n t i nh ng nguy c ti m tng v v n an ton trong . M c ch c a m t chnh sch an ton h th ng l quy t nh m t t ch c s ph i lm nh th no b o v chnh n. c c m t chnh sch an ninh hi u qu , ng i xy d ng cc chnh sch ny ph i hi u v c th k t h p t t c cc thng tin, yu c u, ... Khi m t tnh hu ng x y ra n m ngoi d ki n, ch ng h n m t s xm nh p tri php vo h th ng c a b n, cu h i l n nh t l "s ph i lm g y ?" Khng may l c hng tri u cu tr l i khc nhau cho cu h i . N u m t ng i m cha t ng ph i i ph v i m t k xm nh p tr c y th k xm nh p c th d dng bi n m t v cc d u v t tr nn qa c v khng cn h u ch n a.
www.nhipsongcongnghe.net
Nh ng sai st trong chnh sch an ninh khng ch lin quan n nh ng k xm nh p, m cn lin quan n nh ng v n bnh th ng nh th i ti t, thin tai, chy, n , h h ng thi t b ,... Do v y, vi c thi t l p m t chnh sch an ninh t t cho vi c gi i quy t nh ng s c ph i c ln k ho ch k l ng, c xem xt v ch ng nh n b i ng i c quy n h n trong cng ty. M t chnh sch an ninh t t nn bao g m cc v n
o o o o
sau :
Chnh sch ph c h i d li u khi c s c Chnh sch ph c h i h th ng trong tr ng h p h h ng thi t b Chnh sch, cch th c i u tra nh ng k xm nh p tri php Chnh sch, cch th c i u tra khi cng ty b co bu c xm nh p vo cc h th ng khc o Cch th c, quy trnh v ni thng bo s xm nh p tri php t bn ngoi hay gy ra b i cc nhn vin c a mnh. o Chnh sch an ninh v m t v t l c a h th ng ... B n c th nh t v n c a cc cng ty, t ch c lm d ch v t v n v an ton my tnh gip b n xy d ng m t chnh sch an ninh t t. Cc cng ty ny c cc chuyn gia v an ton my tnh, h c s n cc bi u m u chnh sch an ninh nn c th thi t l p nhanh chng cc chnh sch m bao g m t t c cc m t trong vi c an ton h th ng my tnh. 9.3. Tng c ng an ninh cho KERNEL M c d th a h ng nh ng c tnh c a h th ng UNIX v kh an ninh hn m t s h i u hnh khc, h th ng GNU/Linux hi n nay v n t n t i nh ng nh c i m sau: Quy n c a user root c th b l m d ng. User root c th d dng thay i b t k i u g trn h th ng. o Nhi u file h th ng c th d dng b s a i. Nhi u file h th ng quan tr ng nh /bin/login c th b s a i b i hacker cho php ng nh p khng c n m t kh u. Nhng nh ng file lo i ny l i hi m khi no thay i tr phi khi nng c p h th ng. o Cc module c th c dng ch n kernel. Loadable Kernel Module l m t thi t k t t tng c ng tnh uy n chuy n, linh ho t cho kernel. Nhng sau khi m t module c n p vo kernel, n s tr thnh m t ph n c a kernel v c th ho t ng nh kernel nguyn th y. V v y, cc chng trnh m c ch x u c th c vi t d ng module v n p vo kernel, r i sau ho t ng nh m t virus. o Cc process khng c b o v . Cc process nh web server c th tr thnh m c tiu b t n cng c a hacker sau khi thm nh p h th ng.
o
c i thi n tnh an ninh cho cc server Linux, chng ta c n c m t kernel an ton hn. i u ny c th th c hi n c b ng cch s a i kernel nguyn thu b ng cc patch tng c ng tnh an ninh cho h th ng. Cc patch ny c cc tnh nng chnh y u sau:
www.nhipsongcongnghe.net
B o v b o v cc file h th ng quan tr ng kh i s thay i ngay c v i user root. B o v cc process quan tr ng kh i b ng ng b i l nh kill. Ch n cc tc v truy c p IO m c th p (RAW IO) c a cc chng trnh khng c php. o Pht hi n Pht hi n v c nh bo v i ng i qu n tr khi server b scan. Cng nh khi c cc tc v trn h th ng vi ph m cc lu t (rules) nh tr c. o i ph Khi pht hi n s vi ph m trn h th ng, cc ghi nh n chi ti t s c th c hi n cng nh c th ng ng l p t c phin lm vi c gy ra
o
M t vi cng c s a i kernel c s d ng r ng ri l LIDS (Linux Intrusion Detection System), Medusa, ... 9.4. An ton cc giao d ch trn m ng C r t nhi u d ch v m ng truy n th ng giao ti p thng qua giao th c vn b n khng m ho, nh TELNET, FTP, RLOGIN, HTTP, POP3. Trong cc giao d ch gi a ng i dng v i my ch , t t c cc thng tin d ng gi c truy n qua m ng d i hnh th c vn b n khng c m ho. Cc gi tin ny c th d dng b ch n v sao chp m t i m no trn ng i. Vi c gi i m cc gi tin ny r t d dng, cho php l y c cc thng tin nh tn ng i dng, m t kh u v cc thng tin quan tr ng khc. Vi c s d ng cc giao d ch m ng c m ho khi n cho vi c gi i m thng tin tr nn kh hn v gip b n gi an ton cc thng tin quan tr ng. Cc k thu t thng d ng hi n nay l IPSec, SSL, TLS, SASL v PKI. Qu n tr t xa l m t tnh nng h p d n c a cc h th ng UNIX. Ng i qu n tr m ng c th d dng truy nh p vo h th ng t b t k ni no trn m ng thng qua cc giao th c thng d ng nh telnet, rlogin. M t s cng c qu n tr t xa c s d ng r ng ri nh linuxconf, webmin cng dng giao th c khng m ho. Vi c thay th t t c cc d ch v m ng dng giao th c khng m ho b ng giao th c c m ho l r t kh. Tuy nhin, b n nn cung c p vi c truy c p cc d ch v truy n th ng nh HTTP/POP3 thng qua SSL, cng nh thay th cc d ch v telnet, rlogin b ng SSH. 9.5. Linux firewall An ton h th ng lun lun l m t v n s ng cn c a m ng my tnh v firewall l m t thnh ph n c t y u cho vi c m b o an ninh. M t firewall l m t t p h p cc qui t c, ng d ng v chnh sch m b o cho ng i dng truy c p cc d ch v m ng trong khi m ng bn trong v n an ton i v i cc k t n cng t Internet hay t cc m ng khc. C hai lo i ki n trc firewall c b n l : Proxy/Application firewall v filtering gateway firewall. H u h t cc h th ng firewall hi n i l lo i lai (hybrid) c a c hai lo i trn. Nhi u cng ty v nh cung c p d ch v Internet s d ng my ch Linux nh m t Internet gateway. Nh ng my ch ny th ng ph c v nh my ch mail, web, ftp, hay dialup. Hn n a, chng cng th ng ho t ng nh cc firewall, thi hnh cc chnh sch ki m sot gi a Internet v m ng c a cng ty. Kh nng uy n chuy n khi n cho Linux thu ht nh l m t thay th cho nh ng h i u hnh thng m i.
www.nhipsongcongnghe.net
Tnh nng firewall chu n c cung c p s n trong kernel c a Linux c xy d ng t hai thnh ph n : ipchains v IP Masquerading. Linux IP Firewalling Chains l m t c ch l c gi tin IP. Nh ng tnh nng c a IP Chains cho php c u hnh my ch Linux nh m t filtering gateway/firewall d dng. M t thnh ph n quan tr ng khc c a n trong kernel l IP Masquerading, m t tnh nng chuy n i a ch m ng (network address translation- NAT) m c th che gi u cc a ch IP th c c a m ng bn trong. s d ng ipchains, b n c n thi t l p m t t p cc lu t m qui cho php hay b c m. V d : nh cc k t n i c
# Cho php cc k t n i web t i Web Server c a b n /sbin/ipchains -A your_chains_rules -s 0.0.0.0/0 www -d 192.16.0.100 1024: -j ACCEPT # Cho php cc k t n i t bn trong t i cc Web Server bn ngoi /sbin/ipchains -A your_chains_rules -s 192.168.0.0/24 1024: -d 0.0.0.0/0 www -j ACCEPT # T ch i truy c p t t c cc d ch vu khc /sbin/ipchains -P your_chains_rules input DENY
Ngoi ra, b n c th dng cc s n ph m firewall thng m i nh Check Point FireWall-1, Phoenix Adaptive Firewall, Gateway Guardian, XSentry Firewall, Raptor, ... hay r t nhi u cc phin b n mi n ph, m ngu n m cho Linux nh T.Rex Firewall, Dante, SINUS, TIS Firewall Toolkit, ... 9.6. Dng cng c d tm kh o st h th ng
Thm nh p vo m t h th ng b t k no cng c n c s chu n b . Hacker ph i xc nh ra my ch v tm xem nh ng port no ang m tr c khi h th ng c th b xm ph m. Qu trnh ny th ng c th c hi n b i cc cng c d tm (scanning tool), k thu t chnh tm ra my ch v cc port ang m trn . D tm l b c u tin hacker s s d ng tr c khi th c hi n t n cng. B ng cch s d ng cc cng c d tm nh Nmap, hacker c th r kh p cc m ng tm ra cc my ch c th b t n cng. M t khi xc nh c cc my ny, k xm nh p c th d tm cc port ang l ng nghe. Nmap cng s d ng m t s k thu t cho php xc nh kh chnh xc lo i my ang ki m tra. B ng cch s d ng nh ng cng c c a chnh cc hacker th ng dng, ng i qun tr h th ng c th nhn vo h th ng c a mnh t gc c a cc hacker v gip tng c ng tnh an ton c a h th ng. C r t nhi u cng c d tm c th s d ng nh: Nmap, strobe, sscan, SATAN, ... D i y l m t v d s d ng Nmap:
# nmap -sS -O 192.168.1.200 Starting nmap V. 2.54 by Fyodor (fyodor@dhp.com, www.insecure.org/nmap/) Interesting ports on comet (192.168.1.200): Port State Protocol Service
www.nhipsongcongnghe.net
7 open tcp echo 19 open tcp chargen 21 open tcp ftp ... TCP Sequence Prediction: Class=random positive increments Difficulty=17818 (Worthy challenge) Remote operating system guess: Linux 2.2.13 Nmap run completed -- 1 IP address (1 host up) scanned in 5 seconds
Tuy nhin, s d ng cc cng c ny khng th thay th cho m t ng i qu n tr c ki n th c. B i v vi c d tm th ng d bo m t cu c t n cng, cc site nn u tin cho vi c theo di chng. V i cc cng c d tm, cc nh qu n tr h th ng m ng c th pht hi n ra nh ng g m cc hacker c th th y khi d trn h th ng c a mnh. 9.7. Pht hi n s xm nh p qua m ng N u h th ng c a b n c k t n i vo internet, b n c th tr thnh m t m c tiu b d tm cc l h ng v b o m t. M c d h th ng c a b n c ghi nh n i u ny hay khng th v n khng xc nh v pht hi n vi c d tm ny. M t v n c n quan tm khc l cc cu c t n cng gy ng ng d ch v (Denial of Services - DoS), lm th no ngn ng a, pht hi n v i ph v i chng n u b n khng mu n h th ng c a b n ngng tr . H th ng pht hi n xm nh p qua m ng (Network Intrusion Detection System NIDS) theo di cc thng tin truy n trn m ng v pht hi n n u c hacker ang c xm nh p vo h th ng (ho c gy gy ra m t v t n cng DoS). M t v d i n hnh l h th ng theo di s l ng l n cc yu c u k t n i TCP n nhi u port trn m t my no , do v y c th pht hi n ra n u c ai ang th m t tc v d tm TCP port. M t NIDS c th ch y trn my c n theo di ho c trn m t my c l p theo di ton b thng tin trn m ng. Cc cng c c th c k t h p t o m t h th ng pht hi n xm nh p qua m ng. Ch ng h n dng tcpwrapper i u khi n, ghi nh n cc d ch v c ng k. Cc chng trnh phn tch nh t k h th ng, nh swatch, c th dng xc nh cc tc v d tm trn h th ng. V i u quan tr ng nh t l cc cng c c th phn tch cc thng tin trn m ng pht hi n cc t n cng DoS ho c nh c p thng tin nh tcpdump, ethereal, ngrep, NFR (Network Flight Recorder), PortSentry, Sentinel, Snort, ... Khi hi n th c m t h th ng pht hi n xm nh p qua m ng b n c n ph i lu tm hi u su t c a h th ng cng nh cc chnh sch b o m s ring t. 9.8. Ki m tra kh nng b xm nh p Ki m tra kh nng b xm nh p lin quan n vi c xc nh v s p x p cc l h ng an ninh trong h th ng b ng cch dng m t s cng c ki m tra. Nhi u cng c ki m tra cng c kh nng khai thc m t s l h ng tm th y lm r qu trnh thm nh p tri php s c th c hi n nh th no. V d , m t l i trn b m c a chng trnh ph c v d ch v FTP c th d n n vi c thm nh p vo h th ng v i quy n root. N u ng i qu n tr m ng c ki n th c v ki m tra kh nng b xm nh p tr c khi n x y ra, h c th ti n hnh cc tc v nng cao m c an ninh c a h th ng m ng. n
www.nhipsongcongnghe.net
C r t nhi u cc cng c m ng m b n c th s d ng trong vi c ki m tra kh nng b xm nh p. H u h t cc qu trnh ki m tra u dng t nh t m t cng c t ng phn tch cc l h ng an ninh. Cc cng c ny thm d h th ng xc nh cc d ch v hi n c. Thng tin l y t cc d ch v ny s c so snh v i c s d li u cc l h ng an ninh c tm th y tr c . Cc cng c th ng c s d ng th c hi n cc ki m tra lo i ny l ISS Scanner, Cybercop, Retina, Nessus, cgiscan, CIS, ... Ki m tra kh nng b xm nh p c n c th c hi n b i nh ng ng i c trch nhi m m t cch c n th n. S thi u ki n th c v s d ng sai cch c th s d n n h u qu nghim tr ng khng th l ng tr c c. 9.9. i ph khi h th ng b t n cng
G n y, m t lo t cc v t n cng nh m vo cc site c a nh ng cng ty l n nh Yahoo!, Buy.com, E-Bay, Amazon v CNN Interactive gy ra nh ng thi t h i v cng nghim tr ng. Nh ng t n cng ny l d ng t n cng gy ng ng d ch v "Denial-OfService" m c thi t k lm ngng ho t ng c a m t m ng my tnh hay m t website b ng cch g i lin t c v i s l ng l n cc d li u t i m c tiu t n cng khi n cho h th ng b t n cng b ng ng ho t ng, i u ny tng t nh hng trm ng i cng g i khng ng ng t i 1 s i n tho i khi n n lin t c b b n. Trong khi khng th no trnh c m i nguy hi m t cc cu c t n cng, chng ti khuyn b n m t s b c m b n nn theo khi b n pht hi n ra r ng h th ng c a b n b t n cng. Chng ti cng a ra m t s cch gip b n b o m tnh hi u q a c a h th ng an ninh v nh ng b c b n nn lm gi m r i ro v c th i ph v i nh ng cu c t n cng. N u pht hi n ra r ng h th ng c a b n ang b t n cng, hy bnh tnh. Sau y l nh ng b c b n nn lm:
o
T p h p 1 nhm
i ph v i s t n cng:
- Nhm ny ph i bao g m nh ng nhn vin kinh nghi m, nh ng ng i m c th gip hnh thnh m t k ho ch hnh ng i ph v i s t n cng. D a theo chnh sch v cc quy trnh th c hi n v an ninh c a cng ty, s d ng cc b c thch h p khi thng bo cho m i ng i hay t ch c v cu c t n cng. o Tm s gip t nh cung c p d ch v Internet v c quan ph trch v an ninh my tnh:
o
- Lin h nh cung c p d ch v Internet c a b n thng bo v cu c t n cng. C th nh cung c p d ch v Internet c a b n s ch n ng c cu c t n cng. - Lin h c quan ph trch v an ninh my tnh cng thng bo v cu c t n
www.nhipsongcongnghe.net
T m th i dng phng th c truy n thng khc (ch ng h n nh qua i n tho i) khi trao i thng tin m bo r ng k xm nh p khng th ch n v l y c thng tin. o Ghi l i t t c cc ho t ng c a b n (ch ng h n nh g i i n tho i, thay i file, ...) o Theo di cc h th ng quan tr ng trong qa trnh b t n cng b ng cc ph n m m hay d ch v pht hi n s xm nh p (intrusion detection software/services). i u ny c th gip lm gi m nh s t n cng cng nh pht hi n nh ng d u hi u c a s t n cng th c s hay ch l s qu y r i nh m nh l c h ng s ch c a b n(ch ng h n m t t n cng DoS v i d ng lm sao lng s ch c a b n trong khi th c s y l m t cu c t n cng nh m xm nh p vo h th ng c a b n).
o
l i hay thay
i (nh nh ng
Lin h nh ch c trch
bo co v v t n cng.
Nh ng b c b n nn lm lai :
o o o o
gi m r i ro v
Xy d ng v trao quy n cho nhm i ph v i s t n cng Thi hnh ki m tra an ninh v nh gi m c r i ro c a h th ng Ci t cc ph n m m an ton h th ng ph h p gi m b t r i ro Nng cao kh nng c a mnh v an ton my tnh gip b n b o m tnh hi u qu c a h th ng an ninh
Cc b c ki m tra
o o o
o o o
Ki m tra h th ng an ninh m i ci t : ch c ch n tnh ng n c a chnh sch an ninh hi n c v c u hnh chu n c a h th ng. Ki m tra t ng th ng xuyn : khm ph s vi ng thm c a nh ng hacker hay nh ng hnh ng sai tri c a nhn vin trong cng ty. Ki m tra ng u nhin: ki m tra chnh sch an ninh v nh ng tiu chu n, ho c ki m tra s hi n h u c a nh ng l h ng c pht hi n (ch ng h n nh ng l i c thng bo t nh cung c p ph n m m) Ki m tra h ng m nh ng file quan tr ng: nh gi s ton v n c a nh ng file v c s d li u quan tr ng Ki m tra cc ti kho n ng i dng: pht hi n cc ti kho n khng s d ng, khng t n t i, ... Ki m tra nh k xc nh tr ng thi hi n t i c a h th ng an ninh c a b n
B N C TH XEM THM THNG TIN T I Cc trung tm gip http://www.cert.org i ph tai n n trn Internet
www.nhipsongcongnghe.net
http://www.first.org http://ciac.llnl.gov/ http://www.cert.dfn.de/eng/csir/europe/certs.html M t s website v an ton my tnh http://www.cs.purdue.edu/coast/ http://www.linuxsecurity.com http://www.securityportal.com http://www.tno.nl/instit/fel/intern/wkinfsec.html http://www.icsa.net http://www.sans.org http://www.iss.com http://www.securityfocus.com
Thng tin v an ton t nh cung c p http://www.calderasystems.com/news/security/ http://www.debian.org/security/ http://www.redhat.com/cgi-bin/support/ M t s sch v an ton my tnh Actually Useful Internet Security Techniques by Larry J. Hughes Jr. Applied Cryptography: Protocols, Algorithms and Source Code in C by Bruce Schneier Building Internet Firewall by Brent Chapman & Elizabeth D. Zwicky Cisco IOS Network Security by Mike Kaeo Firewalls and Internet Security by Bill Cheswick & Steve Bellovin Halting the Hacker: A practical Guide To Computer Security by Donal L. Pipkin Intrusion Detection: An Introduction to Internet Surveillance, Correlation, Traps, Trace Back and Response by Edward G. Amoroso Intrusion Detection: Network Security Beyond the Firewall by Terry Escamilla Linux Security by Jonh S. Flowers