Giaotrinhlinux - Centos 9.0

1.
CHNG 1: GII THIU CHUNG V UNIX/LINUX...................................................... 8 1.1. LCH S PHT TRIN CA UNIX/LINUX.................................................................. 8 1.2. M NGUN M V GPL ................................................................................................ 9 1.3. CC BN PHN PHI CA LINUX ............................................................................. 9 1.4. CU HI N TP............................................................................................................ 14
2.
CHNG 2: CI T LINUX CENTOS6.0 ..................................................................... 15 2.1. CI T LINUX CENTOS SERVER............................................................................ 15 2.1.1. 2.1.2. 2.1.3. GII THIU CENTOS 6.0 .................................................................................... 15 YU CU PHN CNG: .................................................................................... 16 PHN VNG A CNG.................................................................................... 16
2.2. CC BC CI T ..................................................................................................... 16 2.3. CI T PHN MM..................................................................................................... 23 2.3.1. 2.3.2. 2.3.3. 2.3.4. 2.3.5. 2.3.6. 2.3.7. 2.3.8. 2.3.9. QUN L PHN MM RPM ............................................................................. 23 CI T PHN MM BNG RPM .................................................................. 23 TRUY VN CC PHN MM ........................................................................... 23 XUNG T TP TIN PHN MM ................................................................... 24 LOI B PHN MM CI T TRONG H THNG .......................... 24 NNG CP PHN MM ..................................................................................... 25 CI T PHN MM FILE SOURCE *.tar, *.tgz ........................................... 25 QUN L PHN MM BNG YUM ............................................................... 26 CI T PHN MM BNG YUM ................................................................. 26
2.3.10. CP NHT PHN MM BNG YUM ............................................................. 28 2.3.11. LOAI B PHN MM VI YUM ...................................................................... 29 2.3.12. TM PHN MM BNG YUM........................................................................... 30 2.3.13. CP NHT H THNG BNG YUM............................................................... 32 2.4. CU HI N TP:........................................................................................................... 33
3.
CHNG 3: QUN L TI KHON ADMINISTRATOR ............................................ 35 3.1. QUN L NGI DNG .............................................................................................. 35 3.1.1. 3.1.2. 3.1.3. 3.1.4. THNG TIN V NGI DNG ........................................................................ 36 CC THAO TC QUN TR NGI DNG.................................................. 38 QUN L NHM NGI DNG..................................................................... 44 CC THAO TC LOGIN V LOGOUT ........................................................... 46
3.2. GIAO DIN DNG LNH .............................................................................................. 47 3.2.1. 3.2.2. 3.2.3. NG NHP VI GIAO DIN DNG LNH ................................................ 47 CC LNH C BN ............................................................................................ 48 CC RUN LEVEL ................................................................................................. 51
3.3. H THNG TP TIN ....................................................................................................... 52 3.3.1. 3.3.2. 3.3.3. 3.3.4. 3.3.5. 3.3.6. 3.3.7. 3.3.8. CU TRC TH MC H THNG.................................................................. 52 CC THAO TC TRN FILESYSTEM ............................................................ 54 CC THAO TC TRN TH MC .................................................................. 56 GII THIU TP TIN ........................................................................................... 57 CC THAO TC THIT LP QUYN TRUY CP CHO NGI DNG . 61 CHUN CHUYN HNG TRONG LINUX.................................................. 63 LU TR TP TIN V TH MC ................................................................... 64 KHI NG H THNG.................................................................................... 65
3.4. QUN TR SYSTEM SERVICES................................................................................... 68 3.4.1. 3.4.2. 3.4.3. 3.4.4. XINETD .................................................................................................................. 68 CU HNH TELNET............................................................................................. 70 BO MT DCH V TELNET ........................................................................... 71 SECURE REMOTE ACCESS SSH (SECURE SHELL) ................................ 73
3.5. CU HI N TP............................................................................................................ 76 3.6. HNG DN N TP ................................................................................................... 78
4.
CHNG 4: QUN L DCH V MNG INTRANET ................................................. 79 4.1. CU HNH MNG CN BN....................................................................................... 79 4.1.1. 4.1.2. 4.1.3. 4.1.4. 4.1.5. T TN MY ..................................................................................................... 79 XEM A CH IP ................................................................................................... 79 THAY I A CH IP ......................................................................................... 80 TO IP ALIAS........................................................................................................ 80 THAY I DEFAULT GATEWAY ..................................................................... 81
4.2. CP PHT IP NG (DHCP) ........................................................................................ 81 4.2.1. 4.2.2. 4.2.3. CU HNH DHCP SERVER ................................................................................ 81 KHI NG DCH V DHCP ........................................................................... 82 KIM TRA CP PHT IP CHO CLIENT TRN WINDOWS 7 ..................... 82
4.3. CU HNH CHIA S TI NGUYN (SAMBA, NFS) ................................................ 84 4.3.1. 4.3.2. CU HNH CHIA S SAMBA ............................................................................ 84 CU HNH CHIA S NFS.................................................................................... 88
4.4. CU HI N TP............................................................................................................ 91 4.4.1. 4.4.2. 4.4.3. 4.4.4. 4.4.5. 5. BI TP CU HNH MNG .............................................................................. 91 BI TP CU HNH ALIAS, GATEWAY ....................................................... 91 HNG DN N TP ........................................................................................ 92 BI TP CU HNH TELNET, SSH.................................................................. 92 BI TP CU HNH DHCP ................................................................................ 93
CHNG 05: QUN L DCH V MNG INTERNET ............................................... 94 5.1. DCH V DNS .................................................................................................................. 94 5.1.1. 5.1.2. 5.1.3. 5.1.4. GII THIU DNS .................................................................................................. 94 C CH PHN GII TN ................................................................................... 96 CC LOI RECORD ............................................................................................ 98 CU HNH DNS MIN CC B ..................................................................... 101
5.1.5. 5.1.6. 5.1.7.
CU HNH DNS MIN CON ............................................................................ 105 CU HNH DNS LIN KT NHIU MIN CON .......................................... 109 CU HNH DNS SERVER D PHNG .......................................................... 115
5.2. CU HI N TP V DNS.......................................................................................... 121 5.2.1. 5.2.2. 5.2.3. 5.2.4. THC HNH 1: THIT LP DNS QUN L MIN CC B .................. 121 THC HNH 2: THIT LP DNS HOSTING CHO MIN CON ............... 122 THC HNH 3: THIT LP DNS LIN KT NHIU VNG.................... 123 THC HNH 4: THIT LP DNS D PHNG ............................................ 124
5.3. DCH V FTP.................................................................................................................. 126 5.3.1. 5.3.2. 5.3.3. 5.3.4. GII THIU FTP ................................................................................................. 126 CU HNH FTP SERVER .................................................................................. 128 GII HN TRUY CP FTP ............................................................................... 133 CU HNH TO NHIU FTP SITE ................................................................. 136
5.4. DCH V WEB ............................................................................................................... 141 5.4.1. 5.4.2. 5.4.3. 5.4.4. 5.4.5. 5.4.6. 5.4.7. 5.4.8. 5.4.9. GII THIU WEB SERVER .............................................................................. 141 THC HNH 1: CU HNH APACHE WEB SERVER ................................ 141 THC HNH 2: CU HNH WEB NG PHP MYSQL ......................... 145 THC HNH 3: CU HNH WEB SERVERCHNG THC BASIC ........ 147 CU HNH CHNG THC DIGEST .............................................................. 152 CU HNH HOSTING WEBSITE .................................................................... 156 CU HNH PUBLISH TI NGUYN WEB ................................................... 160 TO WEBSITE CHO NGI DNG.............................................................. 163 THC HNH 4: THIT LP FORUM S DNG PHP V MYSQL......... 165
5.5. CU HNH INTERNET ................................................................................................. 180 5.5.1. 5.5.2. CU HNH CHIA S INTERNET..................................................................... 180 GII HN KT NI INTERNET ..................................................................... 183
5.5.3.
KIM SOT THI GIAN TRUY CP INTERNET ....................................... 185
5.6. DCH V MAIL .............................................................................................................. 187 5.6.1. 5.6.2. 5.6.3. 5.6.4. 5.6.5. 5.6.6. GII THIU SMTP ............................................................................................. 187 POP ........................................................................................................................ 187 H THNG MAIL............................................................................................... 187 THIT LP H THNG MAIL CC B ........................................................ 190 THIT LP H THNG MAIL TRAO I CHO NHIU MIN................ 198 THIT LP KIM SOT MAIL CA NGI DNG ................................. 203
5.7. DCH V NIS .................................................................................................................. 208 5.7.1. 5.7.2. CU HNH NIS SERVER................................................................................... 208 CU HNH NIS CLIENT.................................................................................... 211
5.8. DCH V LDAP.............................................................................................................. 214 5.8.1. 5.8.2. 6. CU HNH LDAP SERVER............................................................................... 214 CU HNH LDAP CLIENT ............................................................................... 220
CHNG 06: QUN L C S D LIU TRN LINUX .......................................... 223 6.1. C S D LIU MYSQL ............................................................................................. 223 6.1.1. 6.1.2. CI T MYSQL ............................................................................................... 223 CI T V CU HNH PHPMYADMIN..................................................... 224
6.2. C S D LIU ORACLE ........................................................................................... 225 6.2.1. 6.2.2. 6.2.3. 6.2.4. 7. CI T ORACLE ............................................................................................. 225 TRIN KHAI THIT LP CSDL S DNG ORACLE ................................ 237 CI T JAVA DEVELOPMENT ENVIRONMENT .................................. 249 JAVA APPLICATION SERVER - TOMCAT 7............................................... 250
CU HNH MT S DCH V KHC ........................................................................... 256 7.1. CI T V CU HNH VMWARE PLAYER ....................................................... 256 7.2. CI T V CU HNH PXE SERVER ................................................................... 261
7.3. CI T V CU HNH OPENVPN ......................................................................... 262 7.4. CU HNH RAID 1 ........................................................................................................ 268 7.5. CU HNH TRUY CP TCP WRAPPER ................................................................... 271 8. CU HI N TP ............................................................................................................... 272
1. CHNG 1: GII THIU CHUNG V UNIX/LINUX
Ni dung:
Lch s ra i v pht trin ca h iu hnh Linux Vn bn quyn v lut bn quyn phn mm m ngun m Cc bn phn phi ca Linux TM TT - Phn 1.1: Gii thiu s lc v s ra i ca h iu hnh Unix/Linux. - Phn 1.2:Trnh by tng quan v giy php m ngun m GPL. - Phn 1.3: Gii thiu tm tt cc bn phn phi ca h diu hnh Linux gm: Ubuntu, CentOS, Fedora core, Debian, Suse v Red Hat Enterprise. LCH S PHT TRIN CA UNIX/LINUX Gia nm 1960, AT&T Bell Laboratories v mt s s trung tm khc thc hin d n Multics (Multiplexed Information and Computing Service). Sau mt thi gian thc hin, d n t ra khng kh thi. Tuy vy Ken Thompson, Dennis Ritchie thuc Bell Labs khng b cuc. Thay v xy dng mt HH lm nhiu vic mt lc nh Multics, h quyt nh pht trin mt HH n gin ch lm tt mt vic l chy chng trnh (run program). Peter Neumann t tn cho HH n ginny l Unix Khong 1977 bn quyn ca UNIX c gii phng v HH UNIX tr thnh mt thng phm. Hai dng UNIX: System V ca AT&T, Novell v Berkeley Software Distribution (BSD) ca i hc Berkeley. Sau IEEE thit lp chun "An Industry-Recognized Operating Systems Interface Standard based on the UNIX Operating System." Kt qu cho ra i POSIX.1 (cho giao din C ) v POSIX.2 (cho h thng lnh trn Unix) Nm 1991 Linus Torvalds bt u xem xt Minix, mt phin bn ca Unix vi mc ch nghin cu cch to ra mt h iu hnh Unix chy trn my PC vi b vi x l Intel 80386. Ngy 25/8/1991, Linus cho ra version 0.01 v thng bo trn comp.os.minix ca Internet v d nh ca mnh v Linux. Vo thng 1/1992, Linus cho ra version 0.12 vi shell v C compiler. Linus khng cn Minix na recompile HDH ca mnh. Linus t tn HDH ca mnh l Linux. Nm 1994, phin bn chnh thc 1.0 c pht hnh. Linux l mt HDH dng UNIX (Unix-like Operating System) chy trn PC vi CPU Intel 80386 tr ln, hay cc b vi x l trung tm tng thch AMD, Cyrix. Linux ngy nay cn c th chy trn cc my Macintosh hoc SUN Sparc. Linux tha mn chun POSIX.1.
1.1.
Qu trnh pht trin ca Linux c tng tc bi s gip ca d n GNU (GNUs Not Unix), l chng trnh pht trin cc Unix c kh nng chy trn nhiu platform. n cui 2001, phin bn mi nht ca Linux kernel l 2.4.2-2, c kh nng iu khin cc my a b vi x l v rt nhiu cc tnh nng khc.
Hnh 1.1 S hnh thnh v pht trin ca HH Linux
1.2.
M NGUN M V GPL Cc chng trnh tun theo GNU Copyleft or GPL (General Public License) c bn quyn nh sau: - Tc gi vn l s hu ca chng trnh ca mnh. - Ai cng c quyn bn copy ca chng trnh vi gi bt k m khng phi tr cho tc gi ban u. - Ngi s hu chng trnh to iu kin cho ngi khc sao chp chng trnh ngun pht trin tip chng trnh CC BN PHN PHI CA LINUX Cc phin bn ca HDH Linux c xc nh bi h thng s dng X.YY.ZZ. Nu YY l s chn, phin bn n nh. Nu YY l s l, phin bn th nghim. Cc phn phi (distribution) ca Linux quen bit l RedHat, Debian, SUSE, Slakware, Caldera,Ubuntu a ch website gii thiu cc bn phn phi Linux: http://distrowatch.com/
1.3.
DEBIAN: do d n Debian xy dng, l bn phn phi phn mm t do vi s cng tc ca cc trnh nguyn vin trn khp th gii. K t lc bt u n nay, h thng chnh thc pht hnh vi tn gi Debian GNU/Linux c xy dng da trn nhn Linux vi nhiu cng c c bn ca h iu hnh ly t d n GNU. Debian c ting v mi kt gn chc ch vi trit l Unix v phn mm t do. N cng c ting v s phong ph cho cc chn la, phin bn pht hnh hin ti c hn 15,490 gi phn mm cho 11 kin trc my tnh, t kin trc ARM thng gp cc h thng nhng v kin trc mainframe s390 ca IBM cho n cc kin trc thng gp trn my tnh c nhn hin i nh x86 v PowerPC. a ch website: http://www.debian.org/
FEDORA CORE: l mt bn phn phi ca Linux da trn RPM Package Manager, c pht trin da trn cng ng theo D n Fedora (Fedora Project) v c bo tr bi RedHat. D n Fedora nhm ti mc ch to ra mt h iu hnh m ngun m hon chnh s dng cho cc mc dch tng qut. Fedora c thit k c th d dng ci t vi chng trnh ci t mang giao din ha. Cc gi phn mm b sung c th ti xung v ci t mt cch d dng vi cng c YUM. Cc phin bn mi hn ca Fedora c th c pht hnh 6 n 9 thng. Phin bn hin ti ca Fedora l 16http://fedoraproject.org/
SUSE: do hng Nowel pht trin. SuSE c cc phin bn chnh nh: SuSE Linux Enterprise Server, openSuSE. Trong s cc phin bn trn, phin bn x86-64 bit, PPC, IA64. Kin trc x86 bao gm cc loi b x l: Intel Pentum 1-4, Celeron, 32bit Xeon, Celeron D, AMD K6, Dun, Athlon, Athlon XP, Athlon MP, Sempron. Kin trc x86-64 bit bao gm cc b vi s l nh: AMD Xeon, Xeon MP, Pentum 4 Extreme Edition, pentum D, processors based on AMDs AMD 64 & intels EM64T.C th tham kho cc thng tin v OpenSuSE ti a ch: http://www.opensuse.org.
UBUNTU: l bn phn phi ca Linux ch yu dnh cho my tnh bn da trn Debian GNU/Linux.N c ti tr bi Canonical LTD, tn ca bn phn phi bt ngun t quan nim ubuntu ca Nam Phi. Ubuntu hng n ch vic ch dng phn mm cho ngi dng trung bnh. Ubuntu c mt cng ng ngi dng nng ng. a ch website: http://www.ubuntu.com/
CENTOS: Comminity Enterprise Operating System l bn c xy dng da trn nn tng ca Red Hat Enterprise Linux, h tr dng x86 (i586 v i386), dng x8664 (AMD64 v Intel EMT64), cc cu trc IA64, Alpha, S390 v S390x. CentOS
ch yu cung cp cho dng server chuyn dng, hin nay CentOS cung cp phin bn 6.0http://www.centos.org/
RED HAT ENTERPRISE: thng c gi tt l RHEL l mt bn phn phi Linux mang tnh thng mii ca RedHat. Mi phin bn RHEL s Redhat h tr trong vng 7 nm k t ngy pht hnh u tin. Cc phin bn mi ca RHEL s xut hin sau mi 18 thng. Hin nay RedHat c phin bn 6: o RHEL AS: dnh cho cc h thng ln o RHEL ES: dnh cho cc h thng trung bnh o RHEL ws: dnh cho ngi dng cc nhn c nhu cu cao o RHEL Desktop: dnh cho ngi dng c nhn c nhu cu thp a ch website:http://www.redhat.com/
1.4.
1. 2. 3. 4. 5. 6.
CU HI N TP Trnh by tm tt qu trnh pht trin ca h iu hnh Linux Hy cho bit s ging v khc nhau gia Linux v Unix Anh ch hy cho bit u, khuyt im ca h iu hnh Linux Anh (ch) hy cho bit cc lut bn quyn c s dng trong th gii m ngun m ? So snh cc im ging v khc nhau gia cc lut ? Anh (ch) hy trnh by im khc bit gia cc bn phn phi ca Linux ? Anh (ch) hy trnh by vai tr ca h iu hnh Linux trong thi i ngy nay ?
2. CHNG 2: CI T LINUX CENTOS6.0 Ni dung: Cc bc ci t h iu hnh Linux Phn chia partation cng ci Linux Trnh khi ng Bootloader Qu trnh ng tt v khi ng h thng Linux Ci t Linux chung vi cc h iu hnh khc trn mt my. S dng RPM Ci t phn mm t file ngun Qun l phn mm bng yum TM TT Phn 2.1 gii thiu cc c im chnh ca bn phn phi h iu hnh Linux CentOS6.0, gii thiu cc yu cu phn cng ti thiu chun b trc khi ci t h iu hnh, v cch chia cc partation cn thit cho ci t Linux. Phn 2.2 gii thiu cc bc ci t bn phn phi Linux CentOS6.0. Phn 2.3 gii thiu v hng dn cch ci t phn mm trn Linux bng trnh qun l phn mm RPM v trnh tin ch YUM. CI T LINUX CENTOS SERVER
2.1.
2.1.1. GII THIU CENTOS 6.0 c cng b chnh thc nm 2011. CentOS cung cp mt s c im sau: Cung cp giao din GNOME 2.20 bao gm cc chng trh thng dng nh Evolution mail client, c th xem file nh km dng pdf, cng mt s tnh nng nng cao khc. Giao din KDE 3.5.8 cng vi cc tnh nng multimedia, c DVD a dng. Cung cp giao din qun l mng NetworkManager 0.7 h tr tnh nng qun l v thit b mng khng dy. Cp chng trnh PulseAudio l mt chng trnh qun l sound card hiu qu v c th tng thch vi hu ht cc h thng sound mi. Cng vi chng trnh gii m CodecBuddy c th h tr thm cho cc chng trnh nghe nhc. Cung co ng dng vn phng OpenOffice.org 3 vi nhiu tnh nng mi. Tch hp thm b nhn dng cho cc thit b Bluetooth.
H tr cho laptop b x l theo kin trc x86 v x86-64. CentOS s dng kernel phin bn 2.6.25 2.1.2. YU CU PHN CNG: CPU 386 tr ln, BUS ISA,PCI,EISA Keyboard:US English 105 key. Hoc cc loi khc Mouse type Hard disk size: Nn c ti thiu 1.8 GB song khuyn co nn c 3,5 GB RAM ti thiu 64M (RedHat 7.2) chn Dng thm SWAP file nh mt b nh o (Gp i RAM value). Tuy vy i vi nhng Kernel mi (2.6x) tr ln ta nn s dng cu hnh mnh hn nh HDD ti thiu 5GB, RAM 256 M. Lu dung lng SWAP ( khng gian hon i b nh) cn hai ln ln hn dung lng RAM.
2.1.3. PHN VNG A CNG a cng c phn ra nhiu vng khc nhau gi l Partition. Mi partition s dng mt h thng tp tin v lu tr d liu. Cc phn vng cn thit ci t Linux. Phn vng / l phn vng chnh cha cc th mc gc ca h thng. Phn vng /boot cha cc boot loader, boot image ca h iu hnh. Phn vng swap c dng lm khng gian hon i d liu khi phn vng nh chnh c s dng ht. Kch thc ca phn vng swap s dng ty thuc h thng mnh s dng t hay nhiu ng dng. Kch thc vng swap c khuyn khch ln hn hay bng dung lng RAM. CC BC CI T Khi to ci t: chng trnh hng dn ci t trc tip t CDROMci t:
2.2.
Chn Skip trong hp thoi Disk Found, khng kim a CDROM trc khi ci t, sau h thng s np chng trnh anaconda vo cht ha.
Click Next tip tc
Chn Next qua bc k tip. Chn ngn ng English lm ngn ng hin th trong qu trnh ci t, c th chn ngn ng ting vit, chn Next tip tc bc k tip:
Chn kiu Keyboard, nhn Next tip tc
Chn 'Basic Storage Devices
Click chn Re-initialize all, nhn next tip tc
t Hostname cho my tnh
Chn timezone
Chn phng thc t chc Partition, chn create custom layout nu mun t to phn vng, chn Next tip tc
Chn New to phn vng mi, ta cn to bn phn vng, phn vng /, phn vng /boot, phn vng swap, phn vng /home
- To phn vng /boot vi kch thc l 500MB, Mount Point ext4. - To phn vng / vi Mout Point l ext4, size l 20480MB. - To Swap 6000MB. - To phn vng /home vi kch thc khong 3700MB, mount point ext3. To phn vng /boot vi kch thc l 500MB, Mount Point ext4.
Click nt "Create" , Select "LVM Logical Volume" v Click "Create
To phn vng /home
Sau khi to xong cc phn vng nhn next tip tc
Clieck Format nh dng a
Click 'Write Changes to Disk'
Chn Next tip tc. Chn ci t Grub boot loader qun l boot loader h thng chn Next tip tc:
Lc chn phn mm ci t. Select 'Minimal' v tip tc.
Qu trnh ci t din ra trong vi pht.
Qu trnh ci t hon tt nhn nt reboot khi ng h thng
2.3.
CI T PHN MM
2.3.1. QUN L PHN MM RPM RedHat Package Manager (RPM) l h thng qun l package (gi phn mm) c Linux h tr cho ngi dng. RPM c mt c s d liu cha cc thng tin ca cc package ci v cc tp tin ca chng. Nh vy, RPM cho phptruy vn cc thng tin, cng nh xc thc cc package trong h thng. Trong qu trnh nng cp package, RPM thao tc trn tp tin cu hnh rt cn thn, do vy mkhng bao gi b mt cc la chn trc ca mnh. Trn phng din cc nh pht trin, n cho php ng gi chng trnh ngun ca phn mm thnh cc package dng ngun hoc binary a ti ngi dng. 2.3.2. CI T PHN MM BNG RPM Package RPM thng cha cc tp tin c dng ging nh foo-1.0-1.i386.rpm. Tn tp tin ny bao gm tn package (foo), phin bn (1.0), s hiu phin bn (1), kin trc s dng (i386). - C php: # rpm ivh tn-tp-tinRPM - V d 2.3.1: #rmp ivh foo-1.0-1.i386.rpm foo package foo-1.0-1 is already installed Nu mun ci chng ln package ci ri dng lnh thm tham s --replacepkgs #rpm ivh -replacepkgs tn-tp-tin-package - V d 2.3.2:# rpm -ivh --replacepkgs foo-1.0-1.i386.rpm 2.3.3. TRUY VN CC PHN MM - C php:# rpm -q tn-package - V d 2.3.3: # rpm -q sendmail sendmail.8-11.1 Thay v xc nh tn package,c th s dng thm mt s tham s khc kt hp vi -q xc nh package mmun truy vn. -a -f tp-tin -p tn-tp-tin-package Truy vn tt c cc package. Truy vn nhng package cha tp-tin. Khi xc nh tp tinphi ch r ng dn (v d: /usr/bin/ls) Truy vn package tn-tp-tin-package
-i -l -s -d --c
Xc nh cc thng tin v package bao gm: tn, m t, phin bn, kch thc, ngy to, ngy ci t, nh sn xut Hin th nhng tp tin trong package Hin th trng thi ca cc tp tin trong package Hin th danh sch tp tin ti liu cho package (v d man, README, info file ) Hin th danh sch tp tin cu hnh
2.3.4. XUNG T TP TIN PHN MM Khici package cha tp tin trng vi tp tin tn ti ca package khc hoc ca bn c s xy ra li. - V d 2.3.4:# rpm -ivh foo-1.0-1.i386.rpm foo /usr/bin/foo conflicts with file from bar-1.0-1 b qua li ny,c th ci ln bng cch s dng ty chn --replacefiles. - V d 2.3.5:# rpm -ivh --replacefiles foo-1.0-1.i386.rpm Mt s package s dng cc tp tin ca cc package khc. Trc khi ci package ny,phi ci cc package ph thuc, nu khng s bo li. - V d 2.3.6:# rpm -ivh foo-1.0-1.i386.rpm failed dependencies: bar is needed by foo-1.0-1 Gii quyt trng hp nyphi ci cc package c yu cu. Numun tip tc ci m khng ci cc package khc th dng ty chn --nodeps. Tuy nhin lc ny c th package caci c th chy khng tt. 2.3.5. LOI B PHN MM CI T TRONG H THNG - C php: #rpm -e <tn-package> - V d 2.3.7:# rpm -e foo removing these packages would break dependencies: foo is needed by bar-1.0-1
Lu l khi xa chng ta dng tn-package ch khng dng tn tp tin RPM.Nu mun xa cc package b qua cc li,dng thm tham s --nodeps. Tuy nhin nu chng trnhxa c lin quan n chng trnh khc th chng trnh ny s hot ng khng c. 2.3.6. NNG CP PHN MM - C php: # rpm Uvh tn-tp-tinRPM - V d 2.3.8:# rpm -Uvh foo-2.0-1.i386.rpm Khi upgrade RPM s xa cc phin bn c ca package.C th dng lnh ny ci t, khi s khng c phin bn c no b xa i. Khi RPM t ng nng cp vi tp tin cu hnh,thy chng thng xut hin mt thng bo nh sau: saving /etc/foo.conf as /etc/foo.conf.rpm save. iu ny c ngha l khi tp tin cu hnh ca phin bn c khng tng thch vi phin bn mi th chng lu li v to tp tin cu hnh mi. Nng cp thc s l s kt hp gia Uninstall v Install. V th khi upgrade cng thng xy ra cc li nh khi Install v Uninstall v thm mt li na l khiupgrade vi phin bn c hn. - V d 2.3.9# rpm -Uvh foo-1.0-1.i386.rpm foo package foo-2.0-1 (which is newer) is already installed Trong trng hp nythm tham s --oldpackage # rpm -Uvh --oldpackage foo-1.0-1.i386.rpm 2.3.7. CI T PHN MM FILE SOURCE *.tar, *.tgz Ngoi cc phn mm c ng gi dng file nh phn (file *.rpm) cn c cc phn mm c cung cp dng file source code nh: *.tar hoc *.tgz. Thng thng ci t phn mm ny ta cn phi da vo tr gip ca file gip trong tng chng trnh hoc phn mm, cc file (README or INSTALL,) ny nm trong th mc con ca th mc sau khi ta dng lnh tar gii nn source. thc hin vic ci t ny ta thng lm cc bc sau: - Bc 1: Gii nn file tar V d 2.3.10:#tar -xvzf linux-software-1.3.1.tar.gz
linux-software-1.3.1/ linux-software-1.3.1/plugins-scripts/ linux-software-1.3.1/linux-software-plugins.spec [root@bigboy tmp]# To cc th mc con cha cc file ci t [root@bigboy tmp]# ls linux-software-1.3.1 linux-software-1.3.1.tar.gz
Bc 2: Chuyn vo th mc con v tham kho cc file INSTALL, README. V d 2.3.11:# cd linux-software-1.3.1

[root@bigboy linux-software-1.3.1]# ls COPYING install-sh missing plugins depcomp LEGAL mkinstalldirs plugins-scripts FAQ lib linux-software.spec README Helper.pm Makefile.am linux-software.spec.in REQUIREMENTS INSTALL Makefile.in NEWS subst.in [root@bigboy linux-software-1.3.1]#
Bc 3: Sau ta da vo ch dn trong file (INSTALL, README) ci t phn mm.
2.3.8. QUN L PHN MM BNG YUM Yum l tin ch qun l phn mm trn mi trng Linux. Vi yum ta c th ci t phn mm trc tip t h thng cc b hoc ci t phn mm trc tip t Internet. Ngoi ra yum cn cho php ta cp nht phn mm trong h thng, ci t c nhm cc gi cho phn mm, t ng pht hin v kim tra cc phn mm cn thit phi ci t. Vi yum mi vic ci t phn mm tr nn n gin hn. 2.3.9. CI T PHN MM BNG YUM - C php:#su c yum install <tn phn mm>hoc #yum install <tn phn mm> - V d 2.3.12:#su c yum install mc hoc lnh #yum install mc Trong mc l tn phn mm cn ci t, tip theo chng ta s thc thi cc bc sau:
[root@localhost ~]# su -c 'yum install mc' Loaded plugins: fastestmirror Loading mirror speeds from cached hostfile * base: ftp.cuhk.edu.hk * extras: ftp.cuhk.edu.hk * updates: centosz4-msync-dvd.centos.org Setting up Install Process Resolving Dependencies --> Running transaction check ---> Package mc.i386 1:4.6.1a-35.el5 set to be updated --> Finished Dependency Resolution
Dependencies Resolved ======================================================== Package Arch Version Repository Size ======================================================== Installing: mc i386 1:4.6.1a-35.el5 base 2.1 M Transaction Summary ======================================================= Install 1 Package(s) Upgrade 0 Package(s) Total download size: 2.1 M Is this ok [y/N]: y Downloading Packages: mc-4.6.1a-35.el5.i386.rpm Running rpm_check_debug Running Transaction Test Finished Transaction Test Transaction Test Succeeded Running Transaction Installing : mc Installed: mc.i386 1:4.6.1a-35.el5 Complete!
| 2.1 MB
00:07
1/1
H thng thng bo ci t hon tt phn mm mc, ta c th kim tra bng cch chy lnh mc kch hot chng trnh.
2.3.10. CP NHT PHN MM BNG YUM - C php:#su c yum update <tn phn mm> hoc #yum update <tn phn mm> - V d 2.3.13:#su c yum update bind hoc lnh #yum update bind. Trong bind l phn mm cn c update.
[root@localhost ~]# su -c 'yum install bind' -->Running transaction check -->Processing Dependency: bind = 30:9.3.6-16.P1.el5 for package: caching-nameserver -->Running transaction check -->Package bind-utils.i386 30:9.3.6-16.P1.el5_7.1 set to be updated -->Finished Dependency Resolution Dependencies Resolved ===================================================================== Package Arch Version Repository Size ===================================================================== Updating: bind i386 30:9.3.6-16.P1.el5_7.1 updates 980 k Updating for dependencies: bind-chroot i386 30:9.3.6-16.P1.el5_7.1 updates 46 k bind-libs i386 30:9.3.6-16.P1.el5_7.1 updates 862 k bind-utils i386 30:9.3.6-16.P1.el5_7.1 updates 173 k caching-nameserver i386 30:9.3.6-16.P1.el5_7.1 updates 62 k Transaction Summary ================================================================== Install 0 Package(s) Upgrade 5 Package(s) Total download size: 2.1 M Is this ok [y/N]: y Downloading Packages: (1/5):bind-chroot-9.3.6-16.P1.el5_7.1.i386.rpm | 46 kB 00:00 . (5/5): bind-9.3.6-16.P1.el5_7.1.i386.rpm | 980 kB 00:11 ----------------------------------------------------------------Total 101 kB/s | 2.1 MB 00:21 Running rpm_check_debug Transaction Test Succeeded Running Transaction Updating : bind-libs 1/10
Updating : bind 2/10 .. Cleanup : bind 9/10 Cleanup : caching-nameserver 10/10 Updated: bind.i386 30:9.3.6-16.P1.el5_7.1 Dependency Updated: bind-chroot.i386 30:9.3.6-16.P1.el5_7.1 bindlibs.i386 30:9.3.6-16.P1.el5_7.1 bind-utils.i386 30:9.3.6-16.P1.el5_7.1 caching-nameserver.i386 30:9.3.6-16.P1.el5_7.1 Complete!
2.3.11. LOAI B PHN MM VI YUM - C php:#su c yum remove <tn phn mm> hoc #yum remove <tn phn mm> - V d 2.3.14#su c yum remove mc hoc lnh yum remove mc. Trong mc l tn phn mm.
[root@localhost ~]# su -c 'yum remove mc' --> Running transaction check ---> Package mc.i386 1:4.6.1a-35.el5 set to be erased --> Finished Dependency Resolution Dependencies Resolved =============================================================== Package Arch Version Repository Size =============================================================== Removing: mc i386 1:4.6.1a-35.el5 installed 5.2 M Transaction Summary =============================================================== Remove 1 Package(s) Reinstall 0 Package(s) Downgrade 0 Package(s) Is this ok [y/N]: y Downloading Packages: Running rpm_check_debug Running Transaction Test Finished Transaction Test Transaction Test Succeeded Running Transaction Erasing : mc 1/1
Removed: mc.i386 1:4.6.1a-35.el5 Complete!
2.3.12. TM PHN MM BNG YUM - C php:#su c yum list <tn phn mm> hoc lnh yum list <tn phn mm> - V d 2.3.15:#su c yum list mc hoc lnh yum list mc Trong mc l tn phn mm cn tm. Kt xut ca qu trnh tm kim s cho ta bit phn mm ny c c ci t trong h thng hay cn trong b lu tr.
[root@localhost ~]# yum list mc Loaded plugins: fastestmirror Loading mirror speeds from cached hostfile * base: ftp.cuhk.edu.hk * extras: ftp.cuhk.edu.hk * updates: centosz4-msync-dvd.centos.org Installed Packages mc.i386 1:4.6.1a-35.el5 installed
V d 2.3.16:#su c yum search named
[root@localhost ~]# su -c 'yum search named' Loaded plugins: fastestmirror Loading mirror speeds from cached hostfile * base: ftp.cuhk.edu.hk * extras: ftp.cuhk.edu.hk * updates: centosz4-msync-dvd.centos.org ==================== Matched: named ==================== bind.i386 : The Berkeley Internet Name Domain (BIND) DNS (Domain Name System) server. bind-chroot.i386 : A chroot runtime environment for the ISC BIND DNS server, named(8) bind-sdb.i386 : The Berkeley Internet Name Domain (BIND) DNS (Domain Name System) server with database backends. caching-nameserver.i386 : Default BIND configuration files for a caching nameserver bind97.i386 : The Berkeley Internet Name Domain (BIND) DNS (Domain Name System) server
bind97-chroot.i386 : A chroot runtime environment for the ISC BIND DNS server, named(8) c-ares.i386 : A library that performs asynchronous DNS operations e4fsprogs.i386 : Utilities for managing the fourth extended (ext4) filesystem perl-Archive-Zip.noarch : Perl library for accessing Zip archives pstack.i386 : Display stack trace of a running process sqlite.i386 : Library that implements an embeddable SQL database engine system-config-bind.noarch : The BIND DNS Configuration Tool.
V d 2.3.17#su c yum provides bind
[root@localhost ~]# su -c 'yum provides bind' Loaded plugins: fastestmirror Loading mirror speeds from cached hostfile * base: ftp.cuhk.edu.hk * extras: ftp.cuhk.edu.hk * updates: centosz4-msync-dvd.centos.org 30:bind-9.3.6-16.P1.el5.i386 : The Berkeley Internet Name Domain (BIND) DNS (Domain Name System) server. Repo : base Matched from: 30:bind-9.3.6-16.P1.el5_7.1.i386 : The Berkeley Internet Name Domain (BIND) DNS (Domain Name System) server. Repo : updates Matched from: 30:bind-9.3.6-16.P1.el5_7.1.i386 : The Berkeley Internet Name Domain (BIND) DNS (Domain Name System) server. Repo : installed Matched from: Other : Provides-match: bind
Nu chng ta mun tm phn mm dng gn ng, v d nh tm tt c cc phn mm bt u bng k t bin th ta dng m t bin\*. - V d 2.3.18:#su c yum list bin\*
[root@localhost ~]# su -c 'yum list bin\*' Loaded plugins: fastestmirror Loading mirror speeds from cached hostfile * base: ftp.cuhk.edu.hk * extras: ftp.cuhk.edu.hk * updates: centosz4-msync-dvd.centos.org
Installed Packages bind.i386 bind-chroot.i386 bind-libs.i386 bind-utils.i386 binutils.i386 Available Packages bind-devel.i386 bind-libbind-devel.i386 bind-sdb.i386 bind97.i386 bind97-chroot.i386 bind97-devel.i386 bind97-libs.i386
30:9.3.6-16.P1.el5_7.1 30:9.3.6-16.P1.el5_7.1 30:9.3.6-16.P1.el5_7.1 30:9.3.6-16.P1.el5_7.1 2.17.50.0.6-14.el5 30:9.3.6-16.P1.el5_7.1 30:9.3.6-16.P1.el5_7.1 30:9.3.6-16.P1.el5_7.1 32:9.7.0-6.P2.el5_7.4 32:9.7.0-6.P2.el5_7.4 32:9.7.0-6.P2.el5_7.4 32:9.7.0-6.P2.el5_7.4
installed installed installed installed installed updates updates updates updates updates updates updates
2.3.13. CP NHT H THNG BNG YUM S dng ty chn update cp nht phn mm cho h thng vi phin bn cp nht mi nht t Internet. - V d 2.3.19:#su c yum update
[root@localhost ~]# su -c 'yum update' Loaded plugins: fastestmirror Loading mirror speeds from cached hostfile * base: ftp.cuhk.edu.hk * extras: ftp.cuhk.edu.hk * updates: centosz4-msync-dvd.centos.org Setting up Update Process Resolving Dependencies --> Running transaction check ---> Package NetworkManager.i386 1:0.7.0-13.el5 set to be updated ---> Package NetworkManager-glib.i386 1:0.7.0-13.el5 set to be updated .. ---> Package authconfig-gtk.i386 0:5.3.21-7.el5 set to be updated ---> Package autofs.i386 1:5.0.1-0.rc2.156.el5_7.4 set to be updated base/filelists | 2.9 MB 00:18 extras/filelists_db | 215 kB 00:00 updates/filelists_db | 1.6 MB 00:06 --> Finished Dependency Resolution Dependencies Resolved
======================================================================== Package Arch Version Repository Size ======================================================================== Installing: kernel i686 2.6.18-274.12.1.el5 updates 18 M Updating: NetworkManager i386 1:0.7.0-13.el5 base 1.0 M NetworkManager-glib i386 1:0.7.0-13.el5 base 82 k NetworkManager-gnome i386 1:0.7.0-13.el5 base 327 k OpenIPMI i386 2.0.16-11.el5_7.2 updates 158 k OpenIPMI-libs i386 2.0.16-11.el5_7.2 updates 570 k SysVinit i386 2.86-17.el5 base 113 k apr i386 1.2.7-11.el5_6.5 base 124 k Installing for dependencies: perl-NetAddr-IP i386 4.027-5.el5_6 base 109 k Transaction Summary ======================================================================== Install 2 Package(s) Upgrade 187 Package(s) Total download size: 295 M Is this ok [y/N]: y
CU HI N TP: 1. Hy ci t h iu hnh CentOS6 di s kim sot ca my o Vmware 2. Gii thch cch t chc phn vng cng trong qu trnh ci t h iu hnh Linux 3. Hy cu hnh cc thit b sau khi ci t h iu hnh Linux 4. Trong qu trnh ci t h iu hnh Linux cn to ra bao nhiu phn vng (partition) a. 5. Mt cng (HDD) c th to ti a bao nhiu phn vng (partition). 6. Hy cho bit cc c im ca bn phn phi CentOS6 7. Hy cho bit cc kiu nh dng partition dng cho h iu hnh linux 8. Hy gii thch boot sector v Master Boot Record l g? 9. Trong qu trnh ci t, mt khu ca ti khon root c chiu di ti a bao nhiu k t? 10. C th ci t nhiu h iu hnh (Linux v windows) trn cng mt my hay khng? Nu c th ci t nh th no?
2.4.
3. CHNG 3: QUN L TI KHON ADMINISTRATOR Ni dung: Qun l ngi dng (user) trong Linux. Qun l nhm (group) trong Linux Thit lp quyn hn ca ngi dng ln file, chuyn i ch s hu, nhm s hu, Qun l ngi dng v nhm (user, group) bng giao din ha. Lm quen vi c ch t chc filesystem, cc tp lnh lin quan, quyn hn truy cp file, qun l filesystem. Lm quen vi trnh tin ch qun l phn vng a, s dng cc thit b lu tr TM TT - Phn 3.1: Gii thiu cch thc qun l ti khon ngi dng trn Linux nh: xem thng tin ti khon ngi dng, cc thao tc qun tr ngi dng v cch thit lp quyn cho ti khon ngi dng. - Phn 3.2: Gii thiu v qun tr h thng Linux ch dng lnh vi cc thao tc lnh c bn v cch thc qun tr cc Run Level - Phn 3.3: Gii thiu v qun tr filesystem nh m t chc nng v cu trc filesystem, cc thao tc c bn trn filesystem, cc thao tc trn th mc v tp tin - Phn 3.4: Qun tr ng tt h thng vi cc thao tc: cc bc khi ng h thng, phc hi mt khu cho ti khon qun tr. - Phn 3.5: Qun tr dch v System Services nh dch v Xinetd, dch v Telnet v bo mt Telnet, dch v SSH. QUN L NGI DNG Trong h thng Linux, ti khon ny c tn l root. y l ti khon c quyn cao nht c s dng bi ngi qun tr, gim st h thng. Tuy nhin chng ta ch s dng ti khon ny vo cc mc ch cu hnh, bo tr h thng ch khng nn s dng vo mc ch hng ngy.Cn to cc ti khon (account) cho ngi s dng thng nht c th c (u tin l cho bn thn ). Vi nhng server quan trng v c nhiu dch v khc nhau,c th to ra cc superuser thch hp cho tng dch v trnh dng root cho cc vic ny. V d nh superuser cho cng tc backup ch cn chc nng c (read-only) m khng cn chc nng ghi.
3.1.
Trong Linux, chng ta c th to ti khon c tn khc nhng c quyn ca root, bng cch to user c UserID bng 0. Cn phn bitang login nh root hay ngi s dng thng thng qua du nhc ca shell. login: cntt Password:****** Last login: Wed Mar 13 19:00:42 2002 from 172.29.8.3 [tdnhon@NetGroup tdnhon]$ su Password: **** Dng th t vi du $ cho thyang kt ni nh mt ngi s dng thng (cntt). Dng cui cng vi du # cho thyang thc hin cc lnh vi root. 3.1.1. THNG TIN V NGI DNG Mi ti khon ngi dng phi c mt tn s dng (username) v mt khu (password) ring. Tp tin /etc/passwd l tp tin cha cc thng tin v ti khon ngi dng ca h thng. Tn ngi dng l chui k t xc nh duy nht mt ngi dng. Ngi dng s dng tn ny khi ng nhp cng nh truy xut ti nguyn. Trong Linux tn ngi dng c s phn bit gia ch hoa v thng. Thng thng, tn ngi dng thng s dng ch thng. d dng trong vic qun l ngi dng, ngoi tn ngi dng Linux cn s dng khi nim nh danh ngi dng (user _ID). Mi ngi dng c mt con s nh danh ring. Linux s dng s nh danh kim sot hot ng ca ngi dng. Theo qui nh chung, nhng ngi dng c nh danh l 0 l ngi dng qun tr (root). Cc s nh danh t 199 s dng cho cc ti khon h thng, nh danh ca ngi dng bnh thng s dng gi tr bt u t 100 Tp tin /etc/passwd Tp tin /etc/passwd ng vai tr sng cn i vi mt h thng Unix, Linux. N l c s d liu cc ti khon ngi dng trn Linux v c lu di dng tp tin vn bn. Chng ta th xem qua ni dung ca tp tin passwd:#cat
/etc/passwd root:x:0:0:root:/root:/bin/bash bin:x:1:1:bin:/bin: daemon:x:2:2:daemon:/sbin: halt:x:7:0:halt:/sbin:/sbin/halt mail:x:8:12:mail:/var/spool/mail: news:x:9:13:news:/var/spool/news:
ftp:x:14:50:FTP User:/var/ftp: nobody:x:99:99:Nobody:/: nscd:x:28:28:NSCD Daemon:/:/bin/false mailnull:x:47:47::/var/spool/mqueue:/dev/null rpcuser:x:29:29:RPC Service User:/var/lib/nfs:/bin/false xfs:x:43:43:X Font Server:/etc/X11/fs:/bin/false nthung:x:525:526:nguyen tien hung:/home/nthung:/bin/bash natan:x:526:527::/home/natan:/bin/bash
Mi ti khon c lu trong mt dng gm 7 ct: - Ct 1: Tn ngi s dng. - Ct 2: M lin quan n mt khu ca ti khon v x i vi Linux. Linux lu m ny trong mt tp tinkhc /etc/shadow m ch c root mi c quyn c. Ct 3:4: M nh danh ti khon (user ID) v m nh danh nhm (group ID). Ct 5: Tn y ca ngi s dng. Mt s phn mm ph password s dng d liu ca ct ny th on password. Ct 6: th mc c nhn (Home Directory) Ct 7: Chng trnh s chy u tin sau khi ngi dng ng nhp vo h thng.
Tp tin /etc/shadow - L ni lu tr mt khu c m ha Cu trc tp tin /etc/shadow nh sau:#cat

/etc/shadow
Tn ti khon Mt khu m ha: o Bt u bng * biu th ti khon b v hiu ha (disable) o Bt u bng !!, ti khon tm thi b kha (locked) Ngy i mt khu (tnh t 1/1/1970) Ngy c th i mt khu (0 = bt k lc no)
Ngy phi i mt khu Ngy bo mt khu sp ht hn S ngy s v hiu ha ti khon nu khng i mt khu ng hn Ngy s t ng v hiu ha ti khon D tr s dng sau ny 3.1.2. CC THAO TC QUN TR NGI DNG To ti khon ngi dng a) Lnh tr gip man - C php lnh: #man V d:#man useradd
<lnh>
USERADD(8) System Management Commands USERADD(8) NAME useradd - create a new user or update default new user information SYNOPSIS useradd [options] LOGIN useradd -D useradd -D [options] DESCRIPTION When invoked without the -D option, the useradd command creates a new user account using the values specified on the command line plus the default values from the system. Depending on command line options, the useradd command will update system files and may also create the new users home directory and copy initial files. By default, a group will also be created for the new user (see -g, -N, -U, and USERGROUPS_ENAB). OPTIONS :
b) To ti khon ngi dng - C php:#useradd [-c li_m_t_v_ngi_dng] [-d th_mc_c_nhn] [-m] [-g nhm_ca_ngi_dng] [tn_ti_khon]
Trong : Tham s m c s dng to th mc c nhn nu n cha tn ti; v ch c root c php s dng lnh ny - V d 3.1.1:# useradd hocvien - Kim tra hocvien trong /etc/passwd:
[root@localhost ~]# vi /etc/passwd root:x:0:0:root:/root:/bin/bash .. named:x:25:25:Named:/var/named:/sbin/nologin hocvien:x:501:501::/home/hocvien:/bin/bash
Kim tra hocvien trong /etc/shadow
[root@localhost ~]# vi /etc/shadow root:$6$TJbnN.B1u2MnUkxE$axmsOdkqonFy.CbiJ6SsDwqXMp74J3oJ2/RGJ.eM/G3ww23ACJ J67.LwYVBN6lFw6KF8x5rQ5J92NZJ1ZZUok0:15320:0:99999:7::: named:!!:15325:::::: hocvien:!!:15326:0:99999:7:::
Ti khon hocvien dang bi tm kha do chua t mt khu. - Kim tra hocvien trong /etc/group
[root@localhost ~]# vi /etc/group root:x:0:root bin:x:1:root,bin,daemon daemon:x:2:root,bin,daemon sys:x:3:root,bin,adm adm:x:4:root,adm,daemon gdm:x:42: lhu:x:500: named:x:25: hocvien:x:501:
t mt khu ngi dng - C php: #passwd <username> - V d 3.1.2# passwd hocvien

[root@localhost ~]# passwd hocvien Changing password for user hocvien. New password: BAD PASSWORD: it is WAY too short BAD PASSWORD: is a palindrome Retype new password:
passwd: all authentication tokens updated successfully. [root@localhost ~]#
V vn an ninh cho my Linux v s an ton ca ton h thng mng, vic chn ng password l rt quan trng. Mt password gi l tt nu: C di ti thiu 6 k t. Phi hp gia ch thng, ch hoa, s v cc k t c bit. Khng lin quan n tn tui, ngy sinh ca bn v ngi thn. Kim tra hocvien trong /etc/showdow
[root@localhost ~]# vi /etc/shadow root:$6$TJbnN.B1u2MnUkxE$axmsOdkqonFy.CbiJ6SsDwqXMp74J3oJ2/RGJ.eM/G3ww23ACJ J67.LwYVBN6lFw6KF8x5rQ5J92NZJ1ZZUok0:15320:0:99999:7::: bin:*:14924:0:99999:7::: .. named:!!:15325:::::: hocvien:$6$NQq/CPOt$yg6Y5E1ly3ES/ZfgImmG6vZNwVb6ZUbgbN/sVh8M2wviDh8aVJUTV0W B80OB/phCEuMIqFJFBJYVf.qbwriaL1:15326:0:99999:7:::
Ti khon hocvien c active v mt khu c m ha. - V d 3.1.3: to user sv c home directory l /tmp/sv v c dng m t day la tai khoan dung de test: To ti khon sinhvien: #useradd
sv c day la tai khoan dung de test d /tmp/sv
Kim tra user sv va to:
[root@localhost ~]# vi /etc/passwd root:x:0:0:root:/root:/bin/bash bin:x:1:1:bin:/bin:/sbin/nologin named:x:25:25:Named:/var/named:/sbin/nologin hocvien:x:501:501::/home/hocvien:/bin/bash sv:x:502:502:day la tai khoan dung de test:/tmp/sv:/bin/bash
V d 3.1.4: To ti khon hv1 c home directory l /tmp/hv1 v thuc nhm hocvien:
To ti khon hv1:#useradd d /tmp/hv1 g hocvien hv1 Kim tra hv1 trong /etc/passwd
[root@localhost ~]# vi /etc/passwd root:x:0:0:root:/root:/bin/bash bin:x:1:1:bin:/bin:/sbin/nologin .. hocvien:x:501:501::/home/hocvien:/bin/bash
sv:x:502:502:day la tai khoan dung de test:/tmp/sv:/bin/bash test:x:503:503:day la tai khoan dung de test:/tmp/test:/bin/bash hv1:x:504:501::/tmp/hv1:/bin/bash
Kim tra hv1 trong /etc/group
[root@localhost ~]# vi /etc/group root:x:0:root bin:x:1:root,bin,daemon . hocvien:x:501: sv:x:502: test:x:503:
Thay i mt khu ti khon ngi dng c) Thay i mt khu ti khon root

[root@localhost ~]# passwd root Changing password for user root. New password: BAD PASSWORD: it is WAY too short BAD PASSWORD: is a palindrome Retype new password: passwd: all authentication tokens updated successfully. [root@localhost ~]#
Lm tng t cho vic thay i mt khu cc ti khon khc nh hocvien, hv1.
Thay i thng tin ca ti khon - Xem c php lnh usermod

[root@localhost ~]# man usermod USERMOD(8) System Management Commands USERMOD(8) NAME usermod - modify a user account SYNOPSIS usermod [options] LOGIN DESCRIPTION The usermod command modifies the system account files to reflect the changes that are specified on the command line. OPTIONS The options which apply to the usermod command are:
-a, --append Add the user to the supplementary group(s). Use only with the -G option. -c, --comment COMMENT The new value of the users password file comment field. It is normally modified using the chfn(1) utility. -d, --home HOME_DIR The users new login directory.
C php:#usermod [-c m_t_thng_tin_ngi_dng] [-d th_mc_c_nhn] [-m] [-g nhm_ca_ngi_dng] [tn_ti_khon V d 3.1.5:Thm ti khon nvb vo nhm admin o #usermod g admin nvb Thay i home directory ca hv1 l /home/hv1: #usermod Kim tra hv1 trong /etc/passwd
d /home/hv1 hv1
[root@localhost ~]# vi /etc/passwd root:x:0:0:root:/root:/bin/bash bin:x:1:1:bin:/bin:/sbin/nologin . test:x:503:503:day la tai khoan dung de test:/tmp/test:/bin/bash hv1:x:504:501::/home/hv1/:/bin/bash
Thay i hv1 thuc nhm nhanvien: #usermod
nhanvien
hv1
[root@localhost ~]# usermod -g nhanvien hv1 [root@localhost ~]# vi /etc/passwd root:x:0:0:root:/root:/bin/bash bin:x:1:1:bin:/bin:/sbin/nologin daemon:x:2:2:daemon:/sbin:/sbin/nologin adm:x:3:4:adm:/var/adm:/sbin/nologin lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin sync:x:5:0:sync:/sbin:/bin/sync shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown halt:x:7:0:halt:/sbin:/sbin/halt mail:x:8:12:mail:/var/spool/mail:/sbin/nologin uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin operator:x:11:0:operator:/root:/sbin/nologin games:x:12:100:games:/usr/games:/sbin/nologin gopher:x:13:30:gopher:/var/gopher:/sbin/nologin ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin nobody:x:99:99:Nobody:/:/sbin/nologin dbus:x:81:81:System message bus:/:/sbin/nologin usbmuxd:x:113:113:usbmuxd user:/:/sbin/nologin
avahi-autoipd:x:170:170:Avahi IPv4LL Stack:/var/lib/avahiautoipd:/sbin/nologin vcsa:x:69:69:virtual console memory owner:/dev:/sbin/nologin . test:x:503:503:day la tai khoan dung de test:/tmp/test:/bin/bash hv1:x:504:504::/home/hv1/:/bin/bash
Tm kha ti khon ngi dng - Kho hv1: passwd -l

[root@localhost ~]# passwd -l hv1 Locking password for user hv1. passwd: Success [root@localhost ~]#
hv1 (hay dng lnh usermod -L
hv1)
Kim tra hv1 trong /etc/shadow
[root@localhost ~]# vi /etc/shadow root:$6$TJbnN.B1u2MnUkxE$axmsOdkqonFy.CbiJ6SsDwqXMp74J3oJ2/RGJ.eM/G3ww23ACJ J67.LwYVBN6lFw6KF8x5rQ5J92NZJ1ZZUok0:15320:0:99999:7::: bin:*:14924:0:99999:7::: . test:!!:15326:0:99999:7::: hv1:!!:15326:0:99999:7:::
M kha hv1: pass
-u
hv1 (hay dng lnh usermod -U hv1)
[root@localhost ~]# passwd -u hv1 Unlocking password for user hv1. passwd: Success [root@localhost ~]#
Kim tra hv1 trong /etc/shadow
[root@localhost ~]# vi /etc/shadow root:$6$TJbnN.B1u2MnUkxE$axmsOdkqonFy.CbiJ6SsDwqXMp74J3oJ2/RGJ.eM/G3ww23ACJ J67.LwYVBN6lFw6KF8x5rQ5J92NZJ1ZZUok0:15320:0:99999:7::: bin:*:14924:0:99999:7::: test:!!:15326:0:99999:7::: hv1::15326:0:99999:7:::
Hy ti khon - C php:#userdel <option> [username] - V d 3.1.6: xa ngi dng hocvien #userdel r hocvien
3.1.3. QUN L NHM NGI DNG Thit lp nhng ngi dng c chung mt s c im no hay c chung quyn hn trn ti nguyn vo chung mt nhm. Mi nhm c mt tn ring v mt nh danh nhm, mt nhm c th c nhiu ngi dng v ngi dng c th l thnh vin ca nhiu nhm khc nhau. Tuy nhin ti mt thi im, mt ngi dng ch c th l thnh vin ca mt nhm duy nht.Thng tin v nhm lu ti tp tin /etc/group. Mi dng nh ngha mt nhm, cc trng trn dng cch nhau bng du hai chm :. Ni dung ca mt dng theo c php sau:<tnnhm>:<password-ca-nhm>:<nh-danh-nhm>:<cc-user-thuc-nhm> To nhm ngi dng - C php ca lnh:#groupadd [tn-nhm] - Xem c php lnh:#man groupadd
[root@localhost ~]# man groupadd GROUPADD(8) System Management Commands GROUPADD(8) NAME groupadd - create a new group SYNOPSIS groupadd [options] group DESCRIPTION The groupadd command creates a new group account using the values specified on the command line plus the default values from the system. The new group will be entered into the system files as needed. OPTIONS The options which apply to the groupadd command are: -f, --force This option causes the command to simply exit with success status if the specified group already exists. When used with -g, and the specified GID already exists, another (unique) GID is chosen (i.e. -g is turned off). -g, --gid GID The numerical value of the groups ID. This value must be :
V d 3.1.7: To nhm c tn sinhvien: #[root@localhost~]# groupadd Kim tra nhm sinhvien trong /etc/group sinhvien
[root@localhost ~]# vi /etc/group
root:x:0:root bin:x:1:root,bin,daemon .. sinhvien:x:505:
Thay i thng tin nhm - C php:usermod g [tn-nhm tn-ti-khon] - Xem c php lnh: man groupmod
[root@localhost ~]# man groupmod GROUPMOD(8) System Management Commands GROUPMOD(8) NAME groupmod - modify a group definition on the system SYNOPSIS groupmod [options] GROUP DESCRIPTION The groupmod command modifies the definition of the specified GROUP by modifying the appropriate entry in the group database. OPTIONS The options which apply to the groupmod command are: -g, --gid GID The group ID of the given GROUP will be changed to GID. The value of GID must be a non-negative decimal integer. This value must be unique, unless the -o option is used. Values between 0 and 999 are typically reserved for system groups. Any files that have the old group ID and must continue to belong to GROUP, must have their group ID changed manually. :
Thay i tn nhm sinhvien thanh nhm nhom1 [root@localhost ~]# groupmod -n nhom1 sinhvien Kim tra nhom1 trong /etc/group
[root@localhost ~]# vi /etc/group root:x:0:root bin:x:1:root,bin,daemon . nhom1:x:505:
i ID ca nhm nhom1 thnh 600 [root@localhost ~]# groupmod -g 600 nhom1 Kim tra nhm nhom1 trong /etc/group
[root@localhost ~]# vi /etc/group root:x:0:root bin:x:1:root,bin,daemon . nhom1:x:600:
Thm ngi dng vo nhm - C php: #usermod - V d 3.1.8: #usermod
-g -g
<users> sinhvien
<nhm> nhom1
Hy nhm - C php:#groupdel [ tn-nhm] - V d 3.1.9 #groupdel sinhvien 3.1.4. CC THAO TC LOGIN V LOGOUT - T root ng nhp vo hv1: #su hv1 - T hv1 ng nhp vo hocvien: $su hocvien - Thot khi hocvien:$exit - Thot khi hv1:$exit - Thot khi root:#exit
[root@localhost ~]# su - hv1 [hv1@localhost ~]$ su - hocvien Password: [hocvien@localhost ~]$ exit logout [hv@localhost ~]$ exit logout [root@localhost ~]# su - hocvien [hocvien@localhost ~]$ exit logout [root@localhost ~]# exit
3.2.
GIAO DIN DNG LNH
3.2.1. NG NHP VI GIAO DIN DNG LNH Giao din dng lnh (text) ch yu cung cp cho ngi dng qun tr. im mnh ca h thng Linux l c im ny, giao din text cho php ngi qun tr c ton quyn qun tr h thng, thc hin bt k tc v no, giao din text cung cp nhiu thun li cho ngi qun tr, gip qun tr h thng hiu qu hn, nhanh hn, v an ton hn. Nhp username v mt khu ng nhp giao din Text. C hai ch du nhc lnh: - Du nhc $ dng cho ngi dng thng thng - Du nhc # dng cho ngi dng qun tr (root) - Cch s dng lnh trn giao din Text theo cu trc:<command prompt> command <option><parameter> Trong : - Command prompt l du nhc lnh - Command l tn lnh - Option l cc ty chn ca lnh - Parameter l tham s dng lnh V d 3.2.1[root@localhost ~]# ls -a -l /etc
[root@localhost ~]# ls -a -l /etc total 4008 drwxr-xr-x 105 root root 12288 Dec drwxr-xr-x 23 root root 4096 Dec -rw-r--r-1 root root 15288 May -rw-r--r-1 root root 2562 May drwxr-xr-x 4 root root 4096 Oct -rw-r--r-1 root root 45 Dec drwxr-xr-x 4 root root 4096 Oct -rw-r--r-1 root root 1512 Apr -rw-r----1 root smmsp 12288 Dec
10 10 25 25 15 7 15 25 10
08:29 07:22 2008 2008 02:02 03:13 01:59 2005 07:22
. .. a2ps.cfg a2ps-site.cfg acpi adjtime alchemist aliases aliases.db
3.2.2. CC LNH C BN Xem danh sch cc x l ca h thng

[root@localhost ~]# top top - 19:55:56 up 8 min, 2 users, load average: 0.00, 0.00, 0.00 Tasks: 103 total, 1 running, 102 sleeping, 0 stopped, 0 zombie Cpu(s): 0.0%us, 0.3%sy, 0.0%ni, 99.7%id, 0.0%wa, 0.0%hi, 0.0%si, 0.0%st Mem: 511572k total, 188724k used, 322848k free, 19364k buffers Swap: 1048568k total, 0k used, 1048568k free, 85216k cached PID 2088 2122 1 2 3 4 5 USER root root root root root root root PR 20 20 20 20 RT 20 RT NI VIRT RES SHR S %CPU %MEM 0 11144 3160 2544 S 0.3 0.6 0 2632 1108 880 R 0.3 0.2 0 2828 1376 1184 S 0.0 0.3 0 0 0 0 S 0.0 0.0 0 0 0 0 S 0.0 0.0 0 0 0 0 S 0.0 0.0 0 0 0 0 S 0.0 0.0 TIME+ 0:00.10 0:00.06 0:01.77 0:00.00 0:00.00 0:00.00 0:00.00 COMMAND sshd top init kthreadd migration/0 ksoftirqd/0 watchdog/0
Xem danh sch cc x l ca h thng, thc hin ch background:

[root@localhost ~]# top & [1] 2124
iu khin job a) Lit k nhng jobs ang chy

[root@localhost ~]# jobs [1]+ Stopped top
b) Chuyn mt job ang chy t ch foreground sang ch background

[root@localhost ~]# bg 1 [1]+ top & [1]+ Stopped
top
c) Chuyn mt job ang chy t ch background sang ch foreground

[root@localhost ~]# fg 1 top
top - 19:58:01 up 10 min, 2 users, load average: 0.00, 0.00, 0.00 Tasks: 103 total, 1 running, 102 sleeping, 0 stopped, 0 zombie Cpu(s): 0.0%us, 0.0%sy, 0.0%ni,100.0%id, 0.0%wa, 0.0%hi, 0.0%si, 0.0%st Mem: 511572k total, 188840k used, 322732k free, 19412k buffers Swap: 1048568k total, 0k used, 1048568k free, 85216k cached PID 1 2 3 4 5 6 7 8 USER root root root root root root root root PR 20 20 RT 20 RT 20 20 20 NI 0 0 0 0 0 0 0 0 VIRT RES SHR S %CPU %MEM 2828 1376 1184 S 0.0 0.3 0 0 0 S 0.0 0.0 0 0 0 S 0.0 0.0 0 0 0 S 0.0 0.0 0 0 0 S 0.0 0.0 0 0 0 S 0.0 0.0 0 0 0 S 0.0 0.0 0 0 0 S 0.0 0.0 TIME+ 0:01.77 0:00.00 0:00.00 0:00.00 0:00.00 0:00.00 0:00.00 0:00.00 COMMAND init kthreadd migration/0 ksoftirqd/0 watchdog/0 events/0 cpuset khelper
Lnh v bin mi trng a) Xem danh sch cc bin mi trng: end (hay printenv)
[root@localhost ~]# env HOSTNAME=localhost.localdomain SELINUX_ROLE_REQUESTED= TERM=vt100 SHELL=/bin/bash HISTSIZE=1000 SSH_CLIENT=172.16.29.165 49423 22 SELINUX_USE_CURRENT_RANGE= QTDIR=/usr/lib/qt-3.3 QTINC=/usr/lib/qt-3.3/include SSH_TTY=/dev/pts/0 USER=root LS_COLORS=rs=0:di=01;34:ln=01;36:mh=00:pi=40;33:so=01;35:do=01;35:bd=40;33; 01:cd=40;33;01:or=40;31;01:mi=01;05;37;41:su=37;41:sg=30;43:ca=30;41:tw=30; c=01;36:*.mid=01;36:*.midi=01;36:*.mka=01;36:*.mp3=01;36:*.mpc=01;36:*.ogg= 01;36:*.ra=01;36:*.wav=01;36:*.axa=01;36:*.oga=01;36:*.spx=01;36:*.xspf=01; 36: MAIL=/var/spool/mail/root PATH=/usr/lib/qt3.3/bin:/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/root/ bin PWD=/root
LANG=en_US.UTF-8 SELINUX_LEVEL_REQUESTED= SSH_ASKPASS=/usr/libexec/openssh/gnome-ssh-askpass HISTCONTROL=ignoredups SHLVL=1 HOME=/root LOGNAME=root QTLIB=/usr/lib/qt-3.3/lib CVS_RSH=ssh SSH_CONNECTION=172.16.29.165 49423 172.16.29.151 22 LESSOPEN=|/usr/bin/lesspipe.sh %s G_BROKEN_FILENAMES=1 _=/bin/env
b) Ci t bin mi trng rpm=Redhat Package Manager: [root@localhost~]#export rpm= Redhat Package Manager c) Kim tra bin mi trng va t
[root@localhost ~]# env HOSTNAME=localhost.localdomain SELINUX_ROLE_REQUESTED= TERM=vt100 SHELL=/bin/bash HISTSIZE=1000 SSH_CLIENT=172.16.29.165 49423 22 SELINUX_USE_CURRENT_RANGE= QTDIR=/usr/lib/qt-3.3 QTINC=/usr/lib/qt-3.3/include SSH_TTY=/dev/pts/0 USER=root LS_COLORS=rs=0:di=01;34:ln=01;36:mh=00:pi=40;33:so=01;35:do=01;35:bd=40;33; 01:cd=40;33;01:or=40;31;01:mi=01;05;37;41:su=37;41:sg=30;43:ca=30;41:tw=30; c=01;36:*.mid=01;36:*.midi=01;36:*.mka=01;36:*.mp3=01;36:*.mpc=01;36:*.ogg= 01;36:*.ra=01;36:*.wav=01;36:*.axa=01;36:*.oga=01;36:*.spx=01;36:*.xspf=01; 36: MAIL=/var/spool/mail/root PATH=/usr/lib/qt3.3/bin:/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/root/ bin rpm= Redhat Package Manager
d) G b bin mi trng rpm: [root@localhost ~]#unset rpm e) Mt s lnh thng dng khc trong Linux Tn lnh Date who tty cal head tail C php $date #who #tty $cal $head <filename> $tail <filename> $passwd <username> ls <filename> cd <directory> $man <lnh> ngha Hin th ngy h thng Hin th danh sch cc ti khon ang p nhp vo h thng Xc inh tp tin tty m mnh ang login vo Xem lch h thng Xem ni dung tp tin u tp tin Xem ni dung cui tp tin Xem v i tn my i mt khu ca user Lit k thuc tnh ca file v th mc Di chuyn th mc Tr gip
hostname $hostname passwd ls cd man
3.2.3. CC RUN LEVEL Sau khi khi ng, h thng t ng np chng trnh /sbin/init kim tra h thng tp tin. Sau c file /etc/inittab xc nh mc hot ng (runlevel). Cc Linux runlevel nhu sau: Runlevel Th mc lu script 0 1 2 3 4 5 /etc/rc.d/rc0.d /etc/rc.d/rc1.d /etc/rc.d/rc2.d /etc/rc.d/rc3.d /etc/rc.d/rc4.d /etc/rc.d/rc5.d M t module hot ng Ch tt h thng Ch n ngi dng, cho php hiu qu chnh s c h thng Ch text cho a ngi dng khng h tr NFS Ch text cho a ngi dng, h tr y Khng s dng S dng cho nhiu ngi dng, cung cp giao din ha
/etc/rc.d/rc6.d
Reboot h thng
thay i mc run level bng cch cu hnh tp tin /etc/inittab, thay i thng s runlevel mt trong cc gi tr t 0 n 6 nh trong bn trn hoc dng lnh $init<runlevel> H THNG TP TIN Linux h tr rt nhiu loi h thng tp tin nh: ext2, ext3, MS-DOS, proc. H thng tp tin c bn ca Linux l ext2 v ext3 (hin ti l ext4).Bn cnh , Linux cn h tr vfat cho php t tn tp tin di i vi nhng tp tin MS-DOS v nhng partition FAT32. Proc l mt h thng tp tin o (/proc) ngha l khng dnh dung lng a phn phi cho n. Ngoi ra cn c nhng h thng tp tin khc nh iso9660, UMSDOS, Network File System (NFS).
3.3.
3.3.1. CU TRC TH MC H THNG
Khi nim tp tin trong Linux c chia lm 3 loi chnh: - Tp tin cha d liu bnh thng. - Tp tin th mc. - Tp tin thit b. Ngoi ra Linux cn dng cc Link v Pipe nh l cc tp tin c bit. Xem cu trc tp tin h thng:
[root@localhost total 98 dr-xr-xr-x. 2 dr-xr-xr-x. 5 drwxr-xr-x. 2 drwxr-xr-x. 18 drwxr-xr-x. 115 drwxr-xr-x. 8 dr-xr-xr-x. 18 drwx------. 2 drwxr-xr-x. 3 drwxr-xr-x. 2 drwxr-xr-x. 2 drwxr-xr-x. 2 drwxr-xr-x. 2 dr-xr-xr-x. 116 dr-xr-x---. 5 dr-xr-xr-x. 2 drwxr-xr-x. 7 drwxr-xr-x. 2 drwxr-xr-x. 13 drwxrwxrwt. 8 drwxr-xr-x. 12 drwxr-xr-x. 23
~]# ls -l / root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root 4096 1024 4096 3680 12288 4096 12288 16384 4096 0 4096 0 4096 0 4096 12288 0 4096 0 4096 4096 4096 Dec Dec Nov Dec Dec Dec Dec Dec Dec Dec Nov Dec Nov Dec Dec Dec Dec Nov Dec Dec Dec Dec 12 11 11 18 18 13 18 11 13 18 11 18 11 18 13 13 18 11 18 18 11 11 18:40 19:54 2010 19:47 19:47 15:09 14:18 19:37 15:19 19:47 2010 19:47 2010 19:47 17:11 15:24 19:47 2010 19:47 19:47 19:38 19:53 bin boot cgroup dev etc home lib lost+found media misc mnt net opt proc root sbin selinux srv sys tmp usr var
i vi Linux, khng c khi nim cc a. Ton b cc th mc v tp tin c mount v to thnh mt h thng tp tin thng nht, bt u t gc /. Cu trc logic ca h thng file c to t vic nh x cc cu trc vt l c to ra khi ta ci t h thng, cc th mc no khng c to ra trong qu tnh ci t th h thng s t ng to ra. Cc th mc c bn ca Linux gm: Th mc /bin, /sbin /boot /lib /usr/local /tmp /dev Chc nng Cha cc tp tin nh phn h tr cho vic boot v thc thi cc lnh cn thit Cha linux kernel, file nh h tr load h iu hnh Cha cc th vin chia s cho cc tp tin nh phn trong th mc /bin v /sbin, cha kernel module Cha cc th vin, cc phn mm chia s cho cc my khc trong mng Cha cc file tm Cha cc tp tin thit b ( nh CDROM, floppy, HDD), v mt s file c
bit khc. /etc /home /root /usr /var /mnt /proc Cha cc tp tin cu hnh h thng Cha cc th mc lu tr home directory ca ngi dng Lu tr home directory ca root Lu tr tp tin ca cc chng trnh c ci t trong h thng Lu tr log file, hng i ca cc chng trnh ng dng, mailbox ca ngi dng. Cha cc mount point ca cc thit b c trong h thng Cn gi l system file, lu tr thng tin v kernel
3.3.2. CC THAO TC TRN FILESYSTEM Mount v Umount Filesystem Mount l hnh thc gn kt thit b vo mt th mc trong filesystem ca Linux, cn gi l mount point, sau khi mount hon tt vic sao chp d liu gia h thng v mount point, tng t nh sao chp d liu gia h thng v thit b. Ta c th mount vo h thng cc loi thit b sau: hda, sda, CDROM, a mm, usb. Mount th cng - C php:#mount <tn thit b><im mount> Trong o Tn thit b: l thit b vt l nh: /dev/cdrom (CDROM), /dev/fd0 (a mm), a cng /dev/hda1, /dev/sda, o im mount l v tr th mc, trong cy th mc, m bn mun mount vo. o Ty chn ca Mount: -v -w -r -tloi fs -a -oremount <fs> : cho bit chi tit : mount h thng tp tin vi quyn c v ghi :mount h thng tp tin vi quyn c : xc nh h thng tp tin ang mount: ext2, ext3, : mount tt c h thng tp tin khai bo trong /etc/fstab. : ch nh vic mount li 1 filesystem no
V d 3.3.1: cc loi mout thit b o Gn kt cdrom: #mount /dev/cdrom /mnt/cdrom o Gn kt mt h thng tp tin: #mount /dev/hda6 /mnt/source o Remount filesystem: #mount o remount /home
Mount t ng Tp tin /etc/fstab lit k cc h thng cn c mount t ng. Mi dng mt h thng tp tin tng ng vi mt gn kt. Cc ct trong mi dng phn cch nhau bng khong trng hoc khong tab.
LABEL=/ LABEL=/var LABEL=/home LABEL=/boot tmpfs devpts sysfs proc LABEL=SWAP-sda5 / /var /home /boot /dev/shm /dev/pts /sys /proc swap ext3 ext3 ext3 ext3 tmpfs devpts sysfs proc swap defaults defaults defaults defaults defaults gid=5,mode=620 defaults defaults defaults 1 1 1 1 0 0 0 0 0 1 2 2 2 0 0 0 0 0
- Ct 1: ch ra thit b hoc h thng tp tin cn mount - Ct 2: xc nh mount point cho h thng tp tin. i vi cc h thng tp tin c bit nh swap, chng ta dng ch node, c tc dng lm cho tp tin swap hot ng nh nhn vo cy th mc khng thy. - Ct 3: ch ra loi filesystem nh: vfat, ext2, ext3, - Ct 4: cc ty chn phn cch nhau bi du phy - Ct 5: xc nh thi gian lnh dump sao chp h thng tp tin. Nu trng ny trng, dump s gi nh rng h thng tp tin ny khng cn backup - Ct 6: khai bo lnh fsck bit th t kim tra cc file h thng tp tin khi khi ng h thng. H thng tp tin gc (/) phi c gi tr 1. Tt c h thng tp tin khc phi c gi tr 2. Nu khng khai bo, khi khi ng my s khng kim tra tnh thng nht ca tp tin. Umount h thng tp tin Sau khi lm quen vi vic gn nhng h thng tp tin vo cy th mc Linux, chng ta c th loi b mt filesystem bng lnh umount. - C php:#umount <device_name><mount_point>
Lnh umount c cc dng: - #umount <thit b><im mount>: loi b c th mt filesystem - #umount -a: loi b tt c cc filesystem ang mount - V d 3.3.2: Loi b tt c cc filesystem ang mount #umount -a 3.3.3. CC THAO TC TRN TH MC ng dn tuyt i ng dn tuyt i l ng dn y bt u t th mc gc (/) ca th mc. ng dn tuyt i l ng dn bt u t th mc gc. - V d 3.3.3 /home/hv, /usr/local/vd. Txt ng dn tng i Trong mt s trng hp s dng cc tp tin v th mc l con ca th mc ang lm vic lc ta s dng ng dn tng i. ng dn tng i l bt u t th mc hin hnh. Du . Ch th mc hin hnh v du .. ch th mc cha ca th mc hin hnh. - V d 3.3.4: $cd.. :Quay v th mc cha ca th mc hin hnh Mt s lnh thao tc trn th mc a) Lnh cd: Thay i th mc hin hnh hay di chuyn th mc - C php: #cd [th mc] - V d 3.3.5 #cd /etc b) Lnh mkdir:To th mc mi - C php: #mkdir [th mc] - V d 3.3.6 #mkdir /home/dulieu c) Lnh ls: Lit k ni dung trong th mc. - C php:$ls [ty chn] [th mc] $ls -x : hin th trn nhiu ct
$ls -l $ls -a - V d 3.3.7:$ls
: hin th chi tit cc thng tin ca tp tin :hin th tt c cc tp tin k c tp tin n -l /etc
[root@localhost ~]# ls -l /etc total 3980 -rw-r--r-- 1 root root 15288 May 25 2008 a2ps.cfg -rw-r--r-- 1 root root 2562 May 25 2008 a2ps-site.cfg drwxr-xr-x 4 root root 4096 Oct 15 02:02 acpi -rw-r--r-- 1 root root 45 Dec 7 03:13 adjtime drwxr-xr-x 4 root root 4096 Oct 15 01:59 alchemist -rw-r--r-- 1 root root 1512 Apr 25 2005 aliases ....................................................
ngha cc ct t tri sang phi: - Ct 1: k t u tin - ch tp tin thng, d ch th mc, l ch link v pha sau c du -> ch ti tp tin tht. Cc k t cn li ch truy xut - Ct th 2: ch s lin kt n tp tin ny. - Ct th 3, 4: ngi s hu v nhm s hu - Ct th 5: kch thc ca tp tin, th mc - Ct th 6: ch ngy gi chnh sa cui cng - Ct th 7: tn tp tin, th mc d) Lnh rmdir: Lnh rmdir cho php xa th mc rng - C php:$rmdir [ty chn] [th mc] - V d 3.3.8:$rmdir /home/dulieu - V d 3.3.9:$cd /home 3.3.4. GII THIU TP TIN Cc kiu tp tin Trn Linux h tr cc kiu tp tin sau y: -Tp tin bnh thng (file) d Tp tin th mc (directory) b Thit b khi (block device) c Thit b k t (character device) lLin kt (link)
png (FIFO) sKhe kt ni (socket) . Tp tin n Kiu tp tin khng phn bit bng phn m rng ca tn tp tin. Ta c th xem kiu tp tin bng lnhls -l:
- V d 3.3.10$ls
-l
abc
-rw-r--r-- 1 root root 0 Jan 19 19:09 abc
Gii thch: K t u tin gip ta xc nh kiu tp tin o Tp tin bnh thng: k t o Th mc: k t d o Thit b khi: k t b o Thit b k t: k t c o Lin kt: k t l o ng: k t p o Khe kt ni: k t s o Tp tin n . Cc thao tc trn tp tin a) Lnh cat: Dng hin th ni dung ca tp tin dng vn bn. xem tp tin chng ta ta chn tn tp tin lm tham s. - C php: $cat>filename hoc $cat >>filename Trong trng hp ny chng ta s dng du > hay >> theo sau. Nu tp tin cn to tn ti, du> s xa ni dung ca tp tin v ghi ni dung mi vo. u >> s ghi ni tip ni dung mi vo ni dung c ca tp tin. - V d 3.3.11:$cat > thotinh. txt[ENTER]
>toi yeu em den nay chung co the >toi yeu em am tham khong hy vong [Ctrl + d: kt thc]
b) Lnh more: Lnh more cho php xem ni dng tp tin theo tng trang mn hnh. - C php: $more <tn tp tin> - V d 3.3.12: $more /etc/inittab c) Lnh cp: Lnh cp cho php sao chp tp tin
- C php: $cp - V d 3.3.13:$cp
<tn tp tin ngun> <tn tp tin ch> /etc/passwd $HOME/passwd
d) Lnh mv: Lnh mv di chuyn v tr ca tp tin, c th s dng lnh mv i tn tp tin. - C php:$mv <tn tp tin c> <tn tp tin mi> - V d 3.3.14:$mv $HOME/passwd $HOME/matkhau e) Lnh rm: Lnh rm cho php xa tp tin, th mc - C php:$rm [ty chn] <tn tp tin|th mc> - Cc ty chn hay dng: -r:xa th mc v tt c cc tp tin v th mc con -l:xc nhn li trc khi xa f) Lnh locate: S dng lnh locate tm kim n gin, thc thi nhanh. V d tm cc file c tn bt u bng chui test v kt thc bi 1 s t 0-9
[root@localhost ~]# locate test[0-9] /usr/share/doc/m2crypto-0.16/demo/CipherSaber/cstest1.cs1 /usr/share/doc/pygtk2-2.10.1/examples/glade/test2.glade /usr/share/tcl8.4/tcltest2.2 /usr/share/tcl8.4/tcltest2.2/constraints.tcl /usr/share/tcl8.4/tcltest2.2/files.tcl /usr/share/tcl8.4/tcltest2.2/pkgIndex.tcl /usr/share/tcl8.4/tcltest2.2/tcltest.tcl /usr/share/tcl8.4/tcltest2.2/testresults.tcl
g) Lnh find:Cho php tm kim tp tin tha mn iu kin - C php: $find [th mc]name <tn tp tin>
[root@localhost ~]# find / -name named /var/named /var/named/chroot/var/named /var/named/chroot/var/run/named /var/run/named /usr/sbin/named /usr/share/doc/bind-9.3.6/sample/var/named
/usr/share/logwatch/scripts/services/named /etc/sysconfig/named /etc/rc.d/init.d/named /etc/logrotate.d/named
h) Lnh grep:Tm kim chui k t trong tp tin ta s dng - C php:$grep biu thc tm kim <tn tp tin> - V d 3.3.15: grep root /etc/passwd
[root@localhost ~]# grep 'root' /etc/passwd root:x:0:0:root:/root:/bin/bash operator:x:11:0:operator:/root:/sbin/nologin
i) Lnh touch: H tr vic to v thay i ni dung tp tin - C php:[root@localhost ~]#touch [ty chn] <tn tp tin> - V d 3.3.16: [root@localhost ~]#touch file1. txt file2. txt file1. txt v file2. txt)
(to hai tp tin
3.3.5. CC THAO TC THIT LP QUYN TRUY CP CHO NGI DNG Quyn ngi dng Tt c cc tp tin v th mc ca Linux u c ngi s hu v quyn truy cp v c th thay i cc tnh cht ny. Quyn ca tp tin cn cho php xc nh tp tin c phi l mt chng trnh (application) hay khng. - V d 3.3.17[root@localhost ~]#ls l -rw-rr 1 fido users 163 Dec 7 14: 31 myfile - Linux cho php ngi s dng xc nh cc quyn c (read), vit (write) v thc thi (execute) cho tng i tng. C ba dng i tng: Ngi s hu (the owner) Nhm s hu (the group owner) Ngi khc (other users hay everyone else). K t Loi tp tin r w Owner x r w x r w x Group owner Other users
Quyn hn truy cp cn c th biu din di dng s c gi tr tng ng nh sau:
Quyn Read permission Write permission Execute permission
Gi tr 4 2 1
- V d 3.3.18:Thit lp quyn read v excute l: 4+1 =5 v read, write v excute: 4+2+1=7 T hp ca ba quyn trn c gi tr t 0 n 7.
0 1 2 3 4 5 6 7 or or or or or or or or ---: --x: -w-: -wr: r--: r-x: rw-: rwx: Khng c quyn execute write-only (race) write v execute read-only read v execute read v write read, write v execute
Nh vy khi cp quyn trn mt tp tin/th mc, c th dng s thp phn gm ba con s. S u tin miu t quyn ca s hu, s th hai cho nhm v s th ba cho nhng ngi cn li. Cc lnh phn quyn chmd, chown, chgrp a) Lnh chmod y l lnh c s dng cp php quyn truy cp ca tp tin hay th mc. Ch c ch s hu v superuser mi c quyn thc hin cc lnh ny. - C php:chmod [nhm-ngi-dng] [thao-tc] [quyn-hn] [tn-tp-tin]. Nhm ngi dng u user g group o others Quyn -wrxr-xr-x -r-xr--r --rwxrwxrwx Thao tc + Thm quyn Xa quyn = gn quyn bng Lnh $chmod 755 myfile $chmod 522 myfile $chmod 777 myfile r read w write x excute Quyn
- V d 3.3.19: Cp quyn cho tp tin myfile
b) Lnh chown Lnh chown dng thay i ngi s hu trn tp tin, th mc - C php:[root@localhost ~]#chown [tn-user:tn-nhm] [tn-tp-tin/th-mc] hoc $chown R [tn-user:tn-nhm] [th-mc] - V d 3.3.20[root@localhost ~]#chown -R sv1:sinhvien mfile Dng lnh cui cng vi ty chn R (recursive) cho php thay i ngi s hu ca th mc v tt c cc th mc con ca n. c) Lnh chgrp Lnh chgrp dng thay i nhm s hu ca mt tp tin, th mc - C php: [root@localhost ~]#chgrp [nhm-s-hu] [tn-tp-tin/th-mc] - V d 3.3.21: [root@localhost ~]#chgrp hocvien myfile 3.3.6. CHUN CHUYN HNG TRONG LINUX Chuyn hng l hnh thc thay i lung d liu ca cch nhp, xut v li chun. Khi s dng chuyn hng, nhp chun c th nhn d liu t tp tin thay v bn phm, xut v li chun c th xut ra tp tin hay my in. C ba loi chuyn hng Chuyn hng nhp Theo quy c th cc lnh ly d liu t thit b nhp chun (bn phm). lnh ly d liu t tp tin chng ta dng ky hiu < - C php: [root@localhost ~]#lnh < <tp tin> - Du < ch hng chuyn d liu. - V d 3.3.22: [root@localhost ~]#cat < abc. txt hay $cat 0< abc. txt Chuyn hng xut Kt qu ca lnh thng thng c hin th ra mn hnh. xut kt qu ny ra tp tin ta dng du > - C php:$lnh > <tn tp tin> - V d 3.3.23: lit k ni dung th mc v chuyn kt qu ra tp tin $ls -l > ketqua. txt chn d liu vo cui tp tin ta dng du >> thay cho du >
- C php:$lnh >> <tp tin> - V d 3.3.24:$cat a. txt >>
b. txt
ng ng - PIPE Linux cung cp c ch ng ng cho php ta c th y d liu xut ca lnh ny lm d liu nhp ca lnh khc x l. - V d 3.3.25: $ls -l | more Kt qu ca lnh ls khng xut ra mn hnh m chuyn cho lnh more x l nh d liu u vo. 3.3.7. LU TR TP TIN V TH MC Lnh gzip v gunzip Gzip dng nn tp tin, cn guzip dng gii nn cc tp tin nn. - C php:$gzip [ty chn]<tn tp tin> hoc $gunzip [ty chn]<tn tp tin> Gzip to tp tin nn vi phn m rng. gz - Cc ty chn dng cho gunzip v gzip: -c :chuyn cc thng tin ra mn hnh -d :gii nn, gzip d tng ng gunzip -h :Hin th gip - V d 3. 1:$gzip /etc/passwdv $gunzip /etc/passwd. gz Lnh tar Lnh ny dng gom v bung nhng tp tin /th mc. N s to ra mt tp tin c phn m rng. tar [ty chn] <tp tin ch><tp tin ngun|th mc ngun> - C php:#tar - Ty chn: -cvf :gom tp tin|th mc -xvf :bung tp tin|th mc Tp tin ch :tp tin. tar s c to ra Tp tin ngun|th mc ngun: nhng tp tin hoc th mc cn gom. - V d 3. 2:lnh nn v gii nn vi tar
#tar #tar
-cvf -xvf
/home/backup. tar /home/backup. Tar
/etc/passwd
/etc/group
3.3.8. KHI NG H THNG Cc bc khi ng h thng - Bc 1: khi mt my PC bt u khi ng, b x l s tm n cui vng b nh h thng ca BIOS v thc hin cc ch th . - Bc 2: BIOS s kim tra h thng, tm v kim tra cc thit b v tm kim a chc trnh khi ng. Thng thng, BIOS s kim tra a mm, hoc CDROM xem c th khi ng t chng hay khng, ri n a cng. Th t ca vic kim tra cc a ph thuc vo cc cu hnh trong BIOS. - Bc 3: khi kim tra a cng, BIOS s tm n MBR v np vo vng nh hot ng chuyn quyn iu khin ca n. - Bc 4: MBR cha cc ch dn cho bit cch np trnh qun l khi ng GRUB/LILO chi Linux hay NTLDR cho windows NT/2000. MBR sau khi np trnh khi ng, s chuyn quyn iu khin cho trnh qun l hot ng. - Bc 5: boot loader tm kim boot partition v c thng tin cu hnh trong grub.conf v hin th Operating Systems kernel c sn trong h thng cho php chng ta la chn OS kernel boot. - V d v grub.conf
# grub.conf generated by anaconda # # Note that you do not have to rerun grub after making changes to this file # NOTICE:You have a /boot partition.This means that #all kernel and initrd paths are relative to /boot/, eg. #root (hd0,0) #kernel /vmlinuz-version ro root=/dev/VolGroup00/LogVol00 #initrd /initrd-version.img #boot=/dev/sda default=0 timeout=5 splashimage=(hd0,0)/grub/splash.xpm.gz hiddenmenu title CentOS (2.6.18-238.el5)
root (hd0,0) kernel /vmlinuz-2.6.18-238.el5 ro root=/dev/VolGroup00/LogVol00 rhgb quiet initrd /initrd-2.6.18-238.el5.img
- Bc 6: sau khi chn kernel boot trong file cu hnh ca boot loader, h thng t ng np chng trinh /sbin/init kim tra h thng tp tin. Sau c file /etc/inittab xc nh mc hot ng (runlevel). Cc Linux runlevel. Runlevel 0 1 2 3 4 5 6 Th mc lu script /etc/rc.d/rc0.d /etc/rc.d/rc1.d /etc/rc.d/rc2.d /etc/rc.d/rc3.d /etc/rc.d/rc4.d /etc/rc.d/rc5.d /etc/rc.d/rc6.d M t module hot ng Ch tt h thng Ch n ngi dng, cho php hiu qu chnh s c h thng Ch text cho a ngi dng khng h tr NFS Ch text cho a ngi dng, h tr y Khng s dng S dng cho nhiu ngi dng, cung cp giao din ha Reboot h thng
- Bc 7: sau khi xc nh runlevel thng qua khai bo initdefault, chng trnh /sbin/init s thc thi cc file startup script c t trong cc th mc con ca th mc /etc/rc.d script ch nh cho tng renlevel 0 6 xc nh th mc cha file script ch nh cho tng runlevel nh: /etc/rc.d/rc0.d /etc/rc.d/rc6.d. File script trong th mc /etc/rc.d/rc3.d/ Lu : tp tin bng u bng t kha S c ngha tp tin ny s c thc thi lc khi ng h thng, ngc li tp tin bt u bng t kha K ngha l tp tin c thc thi sau khi h thng shutdown, s theo sau cc t kha S v K ch nh trnh t khi ng script, k tip l tn file script cho tng dch v. - Bc 8: Nu nh Bc 4 runlevel 3 c chn th h thng s chy chng trnh login yu cu ng nhp cho tng user trc khi s dng h thng, nu runlevel 5 c chn th h thng load X teminal GUI aplication yu cu ng nhp cho tng ngi dng. - xem cc thng tin chi tit v qu trnh khi ng h thng ta dng lnh #dmesg|less.
Bo mt cho grub t mt khu cho GRUB ta ch cn m file /etc/grub/grub.conf m t thm thng tin password <k t mt khu> Nu ta to mt khu dng m ha th ta m t dng:Password md5 PASSWORD Sau to mt khu m ha bng lnh md5scrypt - V d 3.3.26: Chy shell grub v nhp mt khu: Grub> md5crypt Password: ********************* Encrypted:$1$U$jkxFefdxWH6vppCUSl b Sau ct v dn mt khu c m ha trn vo dng khai bo trong file cu hnh:
Tt v khi ng h thng - shutdown h thng ta thc hin lnh sau:

#init 0 :khi ng h thng ngay lp tc #shutdown -hy t :h thng s shutdown sau t giy #halt :tng t nh init 0 #poweroff
reboot h thng ta thc hin nhng mt trong nhng lnh sau:
#init 6 #reboot #shutdown
-ry
10
:h thng khi ng li trong 10 giy
Phc hi mt khu cho ngi dng qun tr ph hi mt khu cho ngi dng qun tr, ta thc hin theo cc bc sau: - Khi ng li my Linux - Khi GRUB Screen hin th chn phm e thay i thng tin boot loader (nu boot loader c mt khu th nhp mt khu vo)
- Chn mc kernel /boot/vnlinux-2.6.18Sau chn phm e thay i thng tin mc ny, thm t kha s vo ch n ngi dng (single user) sau chn phm Enter - Nhn phm b tip tc khi ng, sau thc hin lnh passwd thay i mt khu ca ngi dng root
- Dng lnh init 6 khi ng li h thng
3.4.
QUN TR SYSTEM SERVICES
3.4.1. XINETD Cu hnh xinetd Mi dch v Internet u gn lin vi mt cng chng hn nh: smtp 25, pop3 110, dns-53... Vic phn b ny do mt t chc qui nh. Xinetd l mt Internet server daemon. Xinetd qun l tp trung tt c cc dch v Internet. Xinetd qun l mi dch v tng ng vi mt cng(port). Xinetd lng nghe v khi nhn c mt yu cu kt ni t cc chng trnh client, n s a yu cu n dch v tng ng x l. V sau , Xinetd vn tip tc lng nghe nhng yu cu kt ni khc. Khi h iu hnh c khi ng, Xinetd c khi to ngay lc ny bi script /etc/rc.d/init.d/xinetd. Khi Xinetd c
khi to, n s c thng tin t tp tin cu hnh /etc/xinetd.conf v s dn n th mc /etc/xinetd - ni lu tt c nhng dch v m Xinetd qun l. Trong th mc /etc/xinetd, thng tin cu hnh ca mi ch v c lu trong mt tp tin c tn trng vi tn dch v . - V d 3.4.1:Ni dung tp tin ca dch v telnet
service telnet { disable = yes flags = REUSE socket_type = stream wait = no user = root server = /usr/sbin/in.telnetd log_on_failure += USERID }
- ngha cc ty chn trong tp tin /etc/xinetd/telnet Tn Disable Socket_type Wailt ngha Tm nh ch dch v ny. C 2 gi tr: yes v no Loi socket. Trong trng hp ny l stream, stream l mt loi socket cho nhng kt ni connection-oriented chng hn tcp Thng ch lin quan n nhng kt ni c loi socket l datagram. Gi tr ca n c th l nowailt, diu ny c ngha l xinetd s tip tc nhn v x l nhng yu cu khc trong lc x l kt ni ny. Hoc c th wailt ngha l ti mt thi im xinetd ch c th x l mt kt ni ti mt cng ch nh. Ch ra user chy dch v ny. Thng thng l root Ch ra ng dn y n ni qun l dch v
User Server
Tp tin /etc/services Khi xinetd c khi to n s truy cp n tp tin /etc/services tm cng tng ng vi tng dch v. Ni dung ca tp tin ny nh sau:
echo echo discard discard systat systat 7/tcp 7/udp 9/tcp 9/udp 11/tcp 11/udp
sink null sink null users users
daytime daytime qotd qotd msp msp chargen chargen ftp-data ftp-data ftp
13/tcp 13/udp 17/tcp 17/udp 18/tcp 18/udp 19/tcp 19/udp 20/tcp 20/udp 21/tcp
quote quote # message send protocol # message send protocol ttytst source ttytst source
ftp
21/udp
fsp fspd # SSH Remote Login Protocol # SSH Remote Login Protocol
ssh 22/tcp ssh 22/udp telnet 23/tcp telnet 23/udp smtp 25/tcp smtp 25/udp time 37/tcp time 37/udp rlp 39/tcp rlp 39/udp nameserver 42/tcp nameserver 42/udp
mail mail timserver timserver resource # resource # name # IEN name # IEN
resource location resource location 116 116
Mi dng trong tp tin m t cho mt dch v, bao gm nhng ct sau: - Ct 1: tn ca dch v. - Ct 2: s cng v giao thc m dch v ny hot ng. - Ct 3: danh sch nhng tn gi khc ca dch v ny. 3.4.2. CU HNH TELNET Trc khi cu hnh telnet, chng ta phi ci t telnet trc. C nhiu cch cu hnh telnet server, sau y l hai cch cu hnh c bn nht: Cch 1: - Da vo tp tin cu hnh khi ci t xong trong th mc /etc/xinetd.d s xut hin tp tin telnet. Tp tin ny lu nhng thng tin cu hnh v dch v telnet.
service telnet { disable = yes flags = REUSE socket_type = stream
wait = no user = root server = /usr/sbin/in.telnetd log_on_failure += USERID }
nu disable = NO th TELNET server c khi ng, ngc li nu disable = yes th TELNET server khng c khi ng. - Khi ng xinetd bng lnh:
#/etc/rc.d/init.d/xinetd start #/etc/rc.d/init.d/xinetd stop
Hoc dng lnh:

# service xinetd start # service xinetd stop # service xinetd restart
Cch 2: Cu hnh telnet Server bng dng lnh - Dng lnh chkconfig active telnet: # chkconfig telnet on Kim tra telnet thng qua lnh: #netstat -a|grep telnet tcp 0 0 *:telnet *:* LISTEN Kim tra telnet c c t nh dch v h thng: # chkconfig --list | grep telnet telnet: on Tm ngng hot ng telnet server dng lnh # chkconfig telnet off 3.4.3. BO MT DCH V TELNET Cho php Telnet Server hot ng trn TCP PORT khc Nh ta bit Telnet Traffic khng c m ha do nu ta cho telnet server hot ng trn tcp port 23 th khng c an ton v th ta c th t telnet server hot ng trn tcp port khc 23. lm iu ny ta thc hin cc bc sau: - Bc 1. M tp tin /etc/services v thm dng. stelnet 7777/tcp
- Bc 2. Chp file telnet thnh file stelnet. # cp /etc/xinetd.d/telnet /etc/xinetd.d/stelnet - Bc 3. Thay i mt s thng tin trong file /etc/xinetd.d/stelnet
service stelnet { flags = REUSE socket_type = stream wait = no user = root server = /usr/sbin/in.telnetd log_on_failure += USERID disable = no port = 7777 }
- Bc 4. Kch hot stelnet thng qua lnh chkconfig # chkconfig stelnet on - Bc 5. Kim tra hot ng stelnet thng qua lnh netstat.
# netstat -an | grep 777 tcp 0 0 0.0.0.0:7777 0.0.0.0:* LISTEN
- Ta c th logon vo stelnet server thng qua lnh: # telnet 192.168.1.100 7777 Cho php mt s a ch truy xut telnet Hiu chnh thng s only_from cho php mt s host hoc network truy xut vo TELNET Server.
service telnet { flags = REUSE socket_type = stream wait = no user = root server = /usr/sbin/in.telnetd log_on_failure += USERID disable = no only_from = 192.168.1.100 127.0.0.1 192.168.1.200 }
3.4.4. SECURE REMOTE ACCESS SSH (SECURE SHELL) Chng trnh telnet trong Linux cho php ngi dng ng nhp vo h thng Linux t xa. Khuyt im ca chng trnh ny l tn ngi dng v mt khu gi qua mng khng c m ha. Do , n rt d b nhng ngi khc nm gi v s l mi nguy him cho h thng. Phn mm Secure Remote Access l mt s h tr mi ca Linux nhm khc phc nhc im ca telnet. N cho phpng nhp vo h thng Linux t xa v mt khu s c m ha. V th, n an ton hn telnet. Ci t SSH server
[root@localhost ~]# yum -y install openssh --> Running transaction check --> Processing Dependency: openssh = 5.3p1-20.el6 for package: opensshserver-5.3p1-20.el6.i686 ---> Package openssh.i686 0:5.3p1-52.el6_1.2 set to be updated --> Running transaction check --> Finished Dependency Resolution Dependencies Resolved =========================================================================== Package Arch Version Repository Size =========================================================================== Updating: openssh i686 5.3p1-52.el6_1.2 updates 235 k Updating for dependencies: . Transaction Summary =========================================================================== Install 0 Package(s) Upgrade 4 Package(s) Total download size: 939 k Downloading Packages: (1/4): openssh-5.3p1-52.el6_1.2.i686.rpm | 235 kB 00:00 (2/4): openssh-askpass-5.3p1-52.el6_1.2.i686.rpm | 49 kB 00:00 (3/4): openssh-clients-5.3p1-52.el6_1.2.i686.rpm | 360 kB 00:00 --------------------------------------------------------------------------Total 1.8 MB/s | 939 kB 00:00 warning: rpmts_HdrFromFdno: Header V3 RSA/SHA1 Signature, key ID c105b9de: NOKEY updates/gpgkey | 3.3 kB 00:00 ...
Importing GPG key 0xC105B9DE "CentOS-6 Key (CentOS 6 Official Signing Key) <centos-6-key@centos.org>" from /etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-6 Running rpm_check_debug Running Transaction Test Transaction Test Succeeded Running Transaction Updating : openssh-5.3p1-52.el6_1.2.i686 1/8 Updating : openssh-clients-5.3p1-52.el6_1.2.i686 2/8 Cleanup : openssh-clients-5.3p1-20.el6.i686 7/8 Cleanup : openssh-5.3p1-20.el6.i686 8/8 Updated: openssh.i686 0:5.3p1-52.el6_1.2 Dependency Updated: openssh-askpass.i686 0:5.3p1-52.el6_1.2 openssh-clients.i686 0:5.3p1-52.el6_1.2 openssh-server.i686 0:5.3p1-52.el6_1.2 Complete!
Hoc ci t openssh t file nh phn nh sau: - Ci t SSH Server ta dng lnh: #rpm ivh openssh-server.*.rpm Khi to SSH Server Dng lnh sau:#/etc/init.d/sshd start/stop/restart Hoc khi ng ssh mi khi h thng khi ng bng lnh: #chkconfig S dng SSH Client trn Linux - C php:#ssh [ty_chn] [tn/IP_my] [ty_chn] [lnh] - V d 3.4.2:#ssh
l root 10.8.1.1 sshd on
S dng SSH client trn Windows SSH client for Windows c thit k cho php ngi dng c th s dng/qun tr Unix/Linux t h iu hnh Windows. Ta c th download phn mm ny t site: http://www.ssh.com/support/downloads/ hoc ti phn mm sshsecureshellclient-3.2.9.exe hoc mi hn ginh cho Windows. Phn mm ny h tr cho ngi dng c th lm vic t xa, cung cp dch v sftp. Mn hnh SSH Client for Windows nh:
Click chut vo nt Quick Connect sau nhp a ch IP ca my SSH Server nh hnh sau:
Nhn nt new terminal windows ng nhp giao din dng lnh
CU HI N TP ng nhp vo h thng Linux v thc hin cc yu cu sau: 1. Hy to cc nhm v ngi dng sau a. Giamdoc(gd1, gd2) b. Nhansu(ns1, ns2) c. Kinhdoanh(kd1, kd2) 2. Th mc home dir ca ngi dng c t ti /home/ 3. To th mc /public, cp quyn sao cho mi ngi dng c ton quyn ghi d liu, nhng d liu ca ngi no th ngi mi c quyn thay i. 4. Cho php mi ngi dng c lu ti a 1GB trong home dir ca mnh. 5. Cho bit c bao nhiu ngi dng c UID=0, GID=0. Dng vi ghi nhn danh sch nhng ngi dng ny vo tp tin /baitap/dsuser. 6. So snh GID ca tng ngi dng root, bin, daemon trong tp tin /etc/passwd vi GID ca nhng nhm root, bin, daemon trong tp tin /etc/group. C nhn xt g v tn ca ngi dng v tn ca nhm? 7. To cc nhm sau: hocvien, admin, user. a. Trong nhm hocvien to cc ngi dng: i. hv1 c mt khu 123456 ii. hv2 c mt khu 123456
3.5.
iii. hv3 c mt khu 123456 b. Trong nhm admin to cc ngi dng: i. admin1 c mt khu 123456 ii. admin2 c mt khu 123456 c. Trong nhm user to cc ngi dng: i. user1 c mt khu 123456 ii. user2 c mt khu 123456 8. C nhn xt g v nhng UID ca cc ngi dng va to. 9. Cp cho ngi dng admin1 v admin2 c quyn qun tr h thng nh ngi dng root. 10. Hy ngi dng hv3 trong nhm hocvien. 11. Chnh sa thng tin trong phn m t (description) ca ngi dng admin1 v admin2 l Ngi dng quan tri he thong phn bit vi nhng ngi dng khc trong h thng. 12. Chuyn ngi dng user1 trong nhm user sang nhm hocvien. 13. Kha user1 v user2, sau kch hot cho user c quyn logon vo h thng. 14. Chp file /etc/passwd thnh file /data/dsuser. 15. Cp quyn hn cho tp tin /data/dsuser nh sau: ch s hu c quyn c, ghi; nhm s hu c quyn c; nhng ngi khc khng c quyn truy cp. 16. Cp quyn hn cho th mc /baitap nh sau: ngi s hu c quyn c, ghi, thc thi; nhm s hu c quyn c, thc thi; nhng ngi khc khng c quyn truy cp. 17. To quyn hn mc nh cho tp tin nh sau: ngi s hu c quyn c, ghi; nhm s hu c quyn c; nhng ngi khc khng c quyn. Th to tp tin, th mc v so snh quyn hn mc nh vi nhng tp tin v th mc trc khi t li quyn hn mc nh. 18. Thay i ch s hu v nhm s hu ca tp tin /data/dsuser thnh ngi dng user1 v nhm user. 19. ng nhp vo Xwindow bng ngi dng qun tr, sao dng cng c qun l user trn mi trng ha thc hin cc cng vic sau: 20. To cc nhm sau: hocvien, admin, user. 21. Trong nhm hocvien to cc ngi dng: a. Tung c mt khu 123456 b. Thuy c mt khu 123456 c. Thanh c mt khu 123456 22. Trong nhm admin to cc ngi dng: a. Adm1 c mt khu 123456
b. ADM2 c mt khu 123456 23. Trong nhm user to cc ngi dng: a. U1 c mt khu 123456 b. u2 c mt khu 123456 24. Xem v thay i cc thuc tnh lin quan n ngi dng. 25. Thay i nhm cho ngi dng thanh sang nhm user. 26. Gii hn ngy s dng ti khon l 2 thng. 27. Tm kha ti khon u2. 28. Gii hn thi gian s dng mt khu.
3.6.
1) 2)
3)
4)
5)
HNG DN N TP chp file /etc/passwd thnh file /data/dsuser dng lnh cp /etc/passwd /data/dsuser. cp quyn hn cho tp tin /data/dsuser sao cho: ngi s hu c quyn c, ghi; nhm c quyn c; nhng ngi khc khng c quyn g c. Ta dng lnh chmod 640 /data/dsuser. cp p quyn hn cho th mc /baitap sao cho: ch s hu c quyn c, ghi, thc thi; nhm c quyn c, thc thi; nhng ngi khc khng c quyn g c. ta dng lnh chmod 750 /baitap. to quyn hn mc nh cho tp tin sao cho: ch s hu c quyn c, ghi; nhm c quyn c; nhng ngi khc khng c quyn, ta dng lnh umask 020. ta to file kim tra bng lnh touch /data/test.txt, tip theo dng lnh ls -al /data/test.txt xem quyn hn. Dng lnh chown user1 /data/dsuser thay i ch s hu v nhm s hu ca tp tin /data/dsuser thnh ngi dng user1. dng lnh chgrp user /data/dsuser.
4. CHNG 4: QUN L DCH V MNG INTRANET Ni dung: Cc bc cu hnh mng cn bn Cu hnh cp pht IP ng DHCP TM TT - Phn 4.1: Trnh by cc thao tc cu hnh mng cn bn nh: t tn my, qun tr a ch IP, cch thit lp IP Alias.
- Phn 4.2: Gii thiu dch v cp pht IP ng (DHCP) gm: cu hnh DHCP Server v qun l cp pht IP cho Client
-
4.1.
CU HNH MNG CN BN
4.1.1. T TN MY Lnh hostname cho php xem v thay i tn my tnh (hay thng gi l hostname). - C php:#hostname Thng tin v tn my tnh c lu trong tp tin /etc/hosts, c php ca file ny nh sau: <a ch ip><hostname ><domainname ca hostname> Khi mun tn my c t c nh mt tn no v tn ny s khng thay i khi ta khi ng li h thng th ta thay i thng s HOSTNAME trong file /etc/sysconfig/network.
NETWORKING=yes HOSTNAME=Server
4.1.2. XEM A CH IP Xem thng tin a ch IP ca PC ta dng lnh ifconfig. - C php: #interface<ty chn> - V d 4.1.1# ifconfig a
[root@localhost ~]# ifconfig -a eth0 Link encap:Ethernet HWaddr 00:0C:29:CE:68:CF inet addr:172.16.29.134 Bcast:172.16.29.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:16293 errors:0 dropped:0 overruns:0 frame:0 TX packets:8120 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:13247645 (12.6 MiB) TX bytes:933088 (911.2 KiB)
Interrupt:67 Base address:0x2000 lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:9240 errors:0 dropped:0 overruns:0 frame:0 TX packets:9240 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:3120051 (2.9 MiB) TX bytes:3120051 (2.9 MiB)
4.1.3. THAY I A CH IP - C php:#ifconfig <interface_name><IP_address> netmask <netmask_address> up - V d 4.1.2:# ifconfig eth0 10.0.0.1 netmask 255.255.255.0 up Lu : Khi dng lnh ny thay i a ch IP ch tm thi v s b mt khi h thng reboot li. Nu mun thay i a ch IP v lu li di lu th phi cu hnh mng trong file /etc/sysconfig/network-scripts/ifcfg-eth0 bng a ch IP tnh
DEVICE=eth0 ONBOOT=yes TYPE=Ethernet BOOTPROTO=static IPADDR=172.29.14.150 NETMASK=255.255.255.224 NETWORK=172.29.14.128 BROADCAST=172.29.14.159 HWADDR=00:0C:29:6D:F0:3D
Nu t a ch IP ng th:
DEVICE=eth0 BOOTPROTO=dhcp ONBOOT=yes
Sau ta dng lnh: #ifdown eth0, #ifup eth0 khi ng li trng thi card mng. 4.1.4. TO IP ALIAS Phng thc to nhiu a ch IP trn mt card mng c gi l IP alias. Alias phi c tn dng <parent-interface-name>:X, trong X l subinterface number. to Alias IP ta thc hin theo cch sau:
- To tp tin parent-interface-name:X bng cch copy file /etc/sysconfig/networkscripts/ifcfg-eth0 thnh file /etc/sysconfig/network-scripts/ifcfg-eth0:X (trong X l s th t ca subinterface) - Thay i thng tin cu hnh mng trong file ifcfg-eth0:X.
DEVICE=eth0:0 ONBOOT=yes BOOTPROTO=static IPADDR=172.29.14.151 NETMASK=255.255.255.224 GATEWAY=172.29.129
- Dng lnh #service
network restart
4.1.5. THAY I DEFAULT GATEWAY Dng lnh route m t, cp nht a ch default gateway. V d, ta dng a ch 172.29.14.150 l default gateway cho h thng ni b, ta lm nh sau: - V d 4.1.3:#route add default gw 172.29.14.150 Ta c th dng lnh route add ch nh nhiu default gateway: - V d 4.1.4#route add -net 10.0.0.0 netmask 255.0.0.0 gw 192.168.1.254 eth0
CP PHT IP NG (DHCP) DHCP cp cho my trm nhng thng tin mng trong c a ch IP. DHCP l mt cng c hu ch trong vic qun tr nhng mng ln hay mng c nhng ngi dngdi ng. DHCP Server: L my cp pht a ch IP cho nhng my tnh khc trong mng. Tin trnh ca DHCP service l dhcpd. DHCP client: My nhn a ch IP v nhng thng tin khc v mng t DHCP Server. 4.2.1. CU HNH DHCP SERVER
4.2.
Ci t phn mm dhcp
[root@localhost ~]# yum -y install dhcp Setting up Install Process Resolving Dependencies --> Running transaction check
---> Package dhcp.i686 12:4.1.1-19.P1.el6_1.1 set to be updated --> Finished Dependency Resolution Dependencies Resolved ====================================================================== Package Arch Version Repository Size ====================================================================== Installing: Dhcp i686 12:4.1.1-19.P1.el6_1.1 updates 894 k Transaction Summary ====================================================================== Install 1 Package(s) Upgrade 0 Package(s) Total size: 894 k Installed size: 2.1 M Running Transaction Installing : 12:dhcp-4.1.1-19.P1.el6_1.1.i686 1/1 Installed: dhcp.i686 12:4.1.1-19.P1.el6_1.1 Complete!
- cu hnh DHCP Server cn phi ci t package dhcpd*.rpm bng RPM hoc YUM. - cu hnh DHCPcn phi c tp tin cu hnh /etc/dhcpd.conf v chnh sa tp tin ny. - V d 4.2.1 v ni dung cu hnh chnh ca tp tin dhcpd.conf
ddns-update-style interim; / ddns-update-style ad-hoc; default-lease-time 600; max-lease-time 7200; option subnet-mask 255.255.255.0; option broadcast-address 192.168.1.255; option routers 192.168.1.254; option domain-name-servers 192.168.1.1, 192.168.1.2; option domain-name "serverlinux.vn"; subnet 192.168.1.0 netmask 255.255.255.0 { range 192.168.1.10 192.168.1.100; }
4.2.2. KHI NG DCH V DHCP

C php:#service dhcpd restart
4.2.3. KIM TRA CP PHT IP CHO CLIENT TRN WINDOWS 7 Trn Windows 7 vo Control Panel vo Local Area Connection c giao din nh bn di:
Click chn nt Properties
Click chn Internet Protocol Version 4 (TCP/Ipv4)
click nt Properties .
Click chn Obtain an IP address automatically chn yu cu pht IP ng click OK Sau vo RUN, g cmd v g lnh ipconfig kim tra vic cp pht IP t DHCP server
4.3.
CU HNH CHIA S TI NGUYN (SAMBA, NFS)
4.3.1. CU HNH CHIA S SAMBA Ci t samba

[root@localhost ~]# yum -y install samba Setting up Install Process Resolving Dependencies --> Running transaction check ---> Package samba.i686 0:3.5.6-86.el6_1.4 set to be updated .. Updating : libsmbclient-3.5.6-86.el6_1.4.i686 5/9 Cleanup : samba-client-3.5.4-68.el6.i686 6/9 Cleanup : samba-common-3.5.4-68.el6.i686 7/9 Cleanup : libsmbclient-3.5.4-68.el6.i686 8/9 Cleanup : samba-winbind-clients-3.5.4-68.el6.i686 9/9 Installed: samba.i686 0:3.5.6-86.el6_1.4 Dependency Updated: libsmbclient.i686 0:3.5.6-86.el6_1.4 samba-client.i686 0:3.5.686.el6_1.4 samba-common.i686 0:3.5.6-86.el6_1.4 samba-winbindclients.i686 0:3.5.6-86.el6_1.4 Complete!
Hoc ci t phn mm samba dng file nh phn s dng RPM

[root@localhost ~]#libsmbclient-3.5.6-86.el6_1.4.i686.rpm [root@localhost ~]#samba-3.5.6-86.el6_1.4.i686.rpm [root@localhost ~]#samba-client-3.5.6-86.el6_1.4.i686.rpm
[root@localhost ~]#samba-client-3.5.6-86.el6_1.4.i686.rpm [root@localhost ~]#samba-common-3.5.6-86.el6_1.4.i686.rpm [root@localhost ~]#samba-winbind-clients-3.5.6-86.el6_1.4.i686.rpm
Cu hnh samba chia s th mc /home/share

[root@linux ~]#mkdir /home/share [root@linux ~]#chmod 777 /home/share [root@linux ~]#vi /etc/samba/smb.conf # Thay i dng gn dng 58: Thm vo unix charset = UTF-8 dos charset = CP932 # Thay i dng 75: (Windows' default) workgroup = WORKGROUP # Thay i dng 81: khai bo dy a ch ip hosts allow = 127.16. 192.168. # line 102: change (no auth) security = share # add at the bottom [Share] # any name you like path = /home/share # shared directory writable = yes # writable guest ok = yes # guest OK guest only = yes # guest only create mode = 0777 # fully accessed directory mode = 0777 # fully accessed share modes = yes # warn if some people access to a file
Khi ng li dch v samba

[root@linux ~]# /etc/rc.d/init.d/smb start Starting SMB services: [root@linux ~]# /etc/rc.d/init.d/nmb start Starting NMB services: [root@linux ~]#chkconfig smb on [root@linux ~]#chkconfig nmb on [ OK ]
OK
Truy cp th mc /home/share t Windows Trong windows vo cmd g ng dn \\<ip>. V d my chia s samba c a ch ip l 172.16.29.151 th truy cp nh hnh bn di:
Cu hnh gii hn truy cp samba

[root@linux ~]#groupadd security #To nhm security [root@linux ~]#mkdir /home/baomat #To th mc security [root@linux ~]#chgrp security /home/baomat [root@linux ~]#chmod 770 /home/ baomat [root@linux ~]#vi /etc/samba/smb.conf # Thay i dng 102 security = user # add at the last line [Security] # any name you like path = /home/data #chia s th mc /home/security writable = yes #Th mc cho php ghi create mode = 0770 directory mode = 0770 #Cp quyn truy cp th mc
share modes = yes guest ok = no valid users = @security
# guest khng c php truy cp # ch cho php nhm security
khi ng li samba
[root@linux ~]#/etc/rc.d/init.d/smb restart Shutting down SMB services: [ OK ] Starting SMB services: [ OK [root@linux ~]#smbpasswd -a cent New SMB password: Retype new SMB password: Added user cent. [root@linux ~]#vi /etc/group security:x:502:cent tin
# Thm user vo Samba # nhp vo password # nhp li password
# Thm vo hoc in y thng
Truy cp th mc /home/data t Windows Trong windows vo cmd g ng dn \\<ip>. V d my chia s samba c a ch ip l 172.16.29.151 th truy cp nh hnh bn di:
Ci t v cu hnh Xinetd and SWAT

[root@linux ~]#yum -y install xinetd samba-swat [root@linux ~]#vi /etc/xinetd.d/swat # Chnh sa dng 10: add IP address you permit
only_from = 127.0.0.1 # Chnh sa dng 14 disable = no
192.168.1.0/24
Khi ng li xinetd
[root@linux ~]#/etc/rc.d/init.d/xinetd start Starting xinetd: [ OK ] [root@linux ~]#chkconfig xinetd on
Cu hnh samba thng qua SWAT Truy cp vo swat bng cch g a ch http://(server's hostname or IP address):901vo trnh duyt. Sau ng nhp vo h thng vi user v mt khu.
4.3.2. CU HNH CHIA S NFS Cu hnh nfs server

[root@linux ~]# yum -y install nfs-utils [root@linux ~]#vi /etc/idmapd.conf # Thay i dng 5: uncomment and change to your domain name Domain = serverlinux
Cu hnh tp tin exports

[root@linux ~]# vi /etc/exports # write like below *note /home 192.168.1.0/24(rw,sync)
Trong :
/home 192.168.1.0/24 rw sync
#Th mc chia s #Dy a ch mng cho php truy cp NFS #Cho php write #ng b ha t client n server synchronize
Khi ng rpcbind
[root@linux ~]# /etc/rc.d/init.d/rpcbind start Starting rpcbind: [ OK ]
Khi ng nfslock
[root@linux ~]# /etc/rc.d/init.d/nfslock start Starting NFS statd: [ OK ]
Khi ng nfs
[root@linux etc]# /etc/init.d/nfs restart Shutting down NFS mountd: Shutting down NFS daemon: Shutting down NFS quotas: Shutting down NFS services: Starting NFS services: Starting NFS quotas: Starting NFS daemon: Starting NFS mountd: [ [ [ [ [ [ [ [ OK OK OK OK OK OK OK OK ] ] ] ] ] ] ] ]
Cc dch v khi ng lc khi ng h thng

[root@linux ~]# chkconfig rpcbind on [root@linux ~]# chkconfig nfslock on [root@linux ~]# chkconfig nfs on
Cu hnh nfs client

[root@linux ~]# yum -y install nfs-utils #Ci t phn mm [root@linux ~]#vi /etc/idmapd.conf #Thay i dng 5: uncomment v thay i tn domain Domain = serverlinux.vn
Khi ng rpcbind, rpcidmapd, nfslock,netfs

[root@linux ~]#/etc/rc.d/init.d/rpcbind start Starting rpcbind: [ OK ]
[root@linux ~]#/etc/rc.d/init.d/rpcidmapd start Starting RPC idmapd: RPC: Registered udp transport module. RPC: Registered tcp transport module. RPC: Registered tcp NFSv4.1 backchannel transport module. [root@linux ~]#/etc/rc.d/init.d/nfslock start Starting NFS statd: [ OK [root@linux ~]#/etc/rc.d/init.d/netfs start Mounting other filesystems: [ OK ] #khi ng lc h thng khi ng [root@linux ~]#chkconfig rpcbind [root@linux ~]#chkconfig rpcidmapd [root@linux ~]#chkconfig nfslock [root@linux ~]#chkconfig netfs
[ OK ]
on on on on
Mount th mc /home t client

[root@linux ~]#mount -t nfs [root@linux ~]#df -h Filesystem Size /dev/mapper/VolGroup-lv_root Tmpfs 499M 0 /dev/vda1 485M dns1.serverlinux.vn:/home dns1.serverlinux.vn:/home #Kim tra th mc Used Avail Use% Mounted on 18G 864M 16G 6% / 499M 0% /dev/shm 47M 413M 11% /boot 18G 864M 16G /home
6%
/home
Khai bo mount point trong /etc/fstab

[root@linux ~]#vi /etc/fstab # Thm vo dng cui cng ca tp tin /etc/fstab /dev/mapper/VolGroup-lv_root / ext4 defaults UUID=2078630e-e84a-49e7-af68-55f0bde8d6c3 /boot ext4 defaults tmpfs /dev/shm tmpfs defaults 0 0 devpts /dev/pts devpts gid=5,mode=620 0 0 sysfs /sys sysfs defaults 0 0 proc /proc proc defaults 0 0 dns1.serverlinux.vn:/home /home nfs defaults
1 1 1 2
1 1
4.4.
CU HI N TP
4.4.1. BI TP CU HNH MNG ng nhp vo h thng bng ngi dng root v thc hin cc yu sau: 1) Xem tn my, sau i tn thnh linuxserver1. 2) Xem thng tin v a ch mng ca card eth0 v lo 3) Xem trng thi vt l card mng. 4) t a ch mng c thng tin sau: a. IP: 10.10.10.10 b. SM: 255.0.0.0 c. GW: 10.10.10.1 d. DNS: 10.100.100.254 5) Kim tra my cc b c lin thng vi my 10.10.10.1. 6) Thay i a ch ip trn thnh a 192.168.100.1/24, gw: 192.168.100.10 7) thit lp a ch IP cho mt my Linux ta s dng lnh no trong cc lnh no? 8) xem trng thi cc port ang m ca mt my Linuxta s dng lnh no trong cc lnh no? 9) xem cc thng tin v bng routing trong h thng Linux ta s dng lnh no trong cc lnh no? 10) thit lp a ch IP cho card mng eth0 dng lnh ifconfig, ta phi thc hin lnh no? 11) tm thi stop mt card mng ta dng lnh no? 12) Gi s ta mun thm vo bng routing mt ng dn mi: qua mng 192.168.10.0/24 th phi qua gateway 172.16.10.140 ta lm cch no? 13) Khai bo default gw 172.16.8.2 cho 1 my Linux lm gw ta dng lnh no? 14) xem ti ca h thng Linux ta dng lnh no? 15) Tp tin no trong Linux nh ngha cc port cho cc dch v chy trong n? 16) Dch v SMTP chy port no? 17) Dch v www chy port no? 18) Dch v no cho php ta truyn file qua mng? 19) Lm th no login t xa qua mng vo mt my Linux? 4.4.2. BI TP CU HNH ALIAS, GATEWAY 1) ng nhp vo h thng bng ngi dng root v thc hin cc yu cu sau:
2) To IP Alias cho card mng eth0 vi: - Tn interface eth0:0 - IP address: 192.168.100.100 - Netmask: 255.255.255.0 - GW: 192.168.100.1 - DNS: 192.168.100.1 3) Ch nh a ch 192.168.100.10 l default route cho h thng. 4) Xem thng tin bng nh tuyn v xc nh gateway. 5) Xc nh cc cng ng dng ang hot ng trn my ni b. 4.4.3. HNG DN N TP 1. chp file /etc/passwd thnh file /data/dsuser dng lnh cp /etc/passwd /data/dsuser. 2. cp quyn hn cho tp tin /data/dsuser sao cho: ngi s hu c quyn c, ghi; nhm c quyn c; nhng ngi khc khng c quyn g c. Ta dng lnh chmod 640 /data/dsuser. 3. cp p quyn hn cho th mc /baitap sao cho: ch s hu c quyn c, ghi, thc thi; nhm c quyn c, thc thi; nhng ngi khc khng c quyn g c. ta dng lnh chmod 750 /baitap. 4. to quyn hn mc nh cho tp tin sao cho: ch s hu c quyn c, ghi; nhm c quyn c; nhng ngi khc khng c quyn, ta dng lnh umask 020. ta to file kim tra bng lnh touch /data/test.txt, tip theo dng lnh ls -al /data/test.txt xem quyn hn. 5. Dng lnh chown user1 /data/dsuser thay i ch s hu v nhm s hu ca tp tin /data/dsuser thnh ngi dng user1. dng lnh chgrp user /data/dsuser. 4.4.4. BI TP CU HNH TELNET, SSH ng nhp vo h thng bng ngi dng root v thc hin cc yu cu sau: 1) Cho php mi ngi c th truy cp server qua dch v TELNET. 2) Cho php mi ngi truy cp t xa my ch qua dch v SSH
4.4.5. BI TP CU HNH DHCP Hy ng nhp vo my ch Linux v thc hin cc yu cu sau: 1) Thit lp DHCP server theo cc yu cu sau: - Scope: 192.168.100.50 192.168.100.100 - SM: 255.255.255.0 - GW: 192.168.100.1 - DNS: 192.168.100.10 - Domain: t3h.edu.vn 2) Kim tra cng ng dng ca DHCP. 3) Xem thng tin thng k a ch IP cp pht.
4) Hy cu hnh Linux lm router mm 5) Thit lp c ch qun l t xa cho ngi qun tr root bng ssh 6) Thit lp DHCP server cho my ch linux cp ip ng cho my ch cc b
5. CHNG 05: QUN L DCH V MNG INTERNET Ni dung Gii thiu v hng dn cu hnh dch v DNS Server Gii thiu v hng dn cu hnh dch v Web Server TM TT - Phn 5.1: Gii thiu v hng dn cu hnh dch v mng DNS bao gm cc thao tc nh: C s d liu ca DNS, phn gii tn my tnh thnh a ch IP, phn gii a ch IP thnh tn my tnh, cu hnh DNS server ngang qua cc file, khi ng DNS, kim tra cu hnh DNS server, cu hnh slave name server v cu hnh master name server. - Phn 5.3: Gii thiu v hng dn cu hnh dch v mng web server bao gm cc thao tc nh: Gii thiu Web Server, cu hnh Apache c bn, cu hnh chng thc, cu hnh VirtualHost. -
5.1.
DCH V DNS
5.1.1. GII THIU DNS Mi my tnh trong mng mun giao tip vi nhau cn phi bit r a ch IP ca nhau. Nu s lng my tnh nhiu th vic nh nhng a ch IP ny rt l kh khn. Mi my tnh ngoi a ch IP ra cn c mt tn my cn gi l Computer Name. i vi con ngi vic nh tn my d sao cng d dng hn v chng c tnh trc quan v gi nh hn a ch IP. V th, ngi ta ngh ra cch lm sao nh x a ch IP thnh tn my tnh. Dch v DNS hot ng theo m hnh Client-Server: Phn Server gi l my ch phc v tn hay cn gi l Name server, cn phn Client l chng trnh trnh yu cu phn gii tn hay cn gi l Resolver. Name server cha cc thng tin CSDL ca DNS, cn Resolver n gin ch l cc hm th vin dng to cc truy vn (query) v gi chng qua n Name server. Hiu sut s dng dch v c tng cng thng qua c ch nhn bn (replication) v lu tm (caching). Mt hostname trong domain l s kt hp gia nhng t phn cch nhau bi du chm. V d hostname serverlinux.com trong serverlinux l tn my v com l tn vng. Domain name phn b theo c ch phn cp tng t nh s phn cp ca h thng tp tin Unix/Linux.
C s d liu (CSDL) ca DNS l mt cy o ngc. Mi nt trn cy cng li l gc ca mt cy con. Mi cy con l mt phn vng con trong ton b CSDL DNS gi l mt min (domain). Mi domain c th phn chia thnh cc phn vng con nh hn gi l cc min con (subdomain). Mi domain c mt tn (domain name). Tn domain ch ra v tr ca n trong CSDL DNS. Trong DNS tn min l chui tun t cc tn nhn ti nt i ngc ln nt gc ca cy v phn cch nhau bi du chm. Tn nhn bn phi trong mi domain name c gi l toplevel domain. Trong v d trc serverlinux.com, vy com l top-level domain. Bng sau y lit k top-level domain. Tn min .com .org .net .edu .gov .mil .int M t Cc t chc, cng ty thng mi Cc t chc phi li nhun Cc trung tm h tr v mng Cc t chc gio dc Cc t chc thuc chnh ph Cc t chc qun s Cc t chc c thnh lp bi cc hip c quc t
Bn cnh , mi quc gia cng c mt top-level domain. V d top-leveldomain ca Vit Nam l.vn, M l.us, Nht Bn l.jp,... Mi quc gia khc nhau c c ch t chc phn cp domain khc nhau. - V d 5.1.1: T chc domain ca Vit Nam:
5.1.2. C CH PHN GII TN Phn gii tn thnh IP Root Name Server: L my ch qun l cc name server mc top-level domain. Khi c truy vn v mt tn min no th root name server phi cung cp tn v a ch IP ca name server qun l top-level domain (Thc t l hu ht cc root server cng chnh l my ch qun l top-level domain) v n lt cc nameserver ca top-level domain cung cp danh sch cc name server c quyn trn cc second-level domain m tn min ny thuc vo. C nh th n khi no tm c my qun l tn min cn truy vn. Nu mi root name server trn mng Internet khng lin lc c th mi yu cu phn gii u khng thc hin c. M hnh sau y m t qu trnh phn gii www.yahoo.com trn mng Internet
Client s gi yu cu cn phn gii a ch IP ca my tnh c tn www.yahoo.com n name server cc b.Khi nhn yu cu t resolver, Name server cc b s phn tch tn ny v xt xem tn min ny c do mnh qun l hay khng. Nu nh tn min do server cc b qun l, n s tr li a ch IP ca tn my ngay cho resolver. Ngc li, server cc b s truy vn n mt root name server gn nht m n bit c. Root name server s tr li a ch IP ca name server qun l min.com, My ch name server cc b li hi tip name server qun l min.com v c tham chiu n my ch qun l min.yahoo.com. Name server cc b truy vn my ch qun l min yahoo.com v nhn c cu tr li www.yahoo.com tng ng ip c th. Phn gii IP thnh tn nh x a ch IP thnh tn my tnh c dng din dch cc tp tin log cho d c hn. N cn dng trong mt s trng hp chng thc trn h thng UNIX (kim tra cc tp tin.rhost hay host.equiv). Trong khng gian tn min ni trn d liu -bao gm c a ch IP- c lp ch mc theo tn min. Do vi mt tn min cho vic tm ra a ch IP kh d dng. c th phn gii tn my tnh ca mt a ch IP, trong khng gian tn min ngi ta b sung thm mt nhnh tn min m c lp ch mc theo a ch IP. Phn khng gian ny c tn min l in-addr.arpa. Mi nt trong min in-addr.arpa c mt tn nhn l ch s thp phn ca a ch IP. V d min in-addr.arpa c th c 256 subdomain, tng ng vi 256 gi tr t 0 n 255 ca byte u tin trong a ch IP. Trong mi subdomain li c 256 subdomain con na ng vi byte th hai. C nh th v n byte th t c cc bn ghi cho bit tn min y ca cc my tnh hoc cc mng c a ch IP tng ng.
Lu khi c tn min a ch IP s xut hin theo th t ngc. V d nu a ch IP ca my winnie.corp.hp.com l 15.16.192.152, khi nh x vo min in-addr.arpa s l 152.192.16.15.inaddr.arpa. 5.1.3. CC LOI RECORD SOA(Start of Authority) Trong mi tp tin CSDL phi c mt v ch mt record SOA (start of authority). Record SOA ch ra rng my ch name server l ni cung cp thng tin tin cy t d liu c trong zone. - C php ca record SOA:
[tn-min] IN SOA [tn-server-dns] [a-ch-email] ( serial number; refresh number; retry number; experi number; Time-to-live number);
- V d 5.1.2: Cch khai bo ZONE record SOA

serverlinux.com. IN SOA dnsserver.serverlinux.com. root.serverlinux.com. ( 2005040401; Serial 10800; Refresh after 3 hours 3600; Retry after 1 hour 604800; Expire after 1 week 86400 ); Minimum TTL of 1 day
NS (Name server) Record tip theo cn c trong zone l NS (name server) record. Mi name server cho zone s c mt NS record. - C php:[tn-domain] IN NS [DNS-Server] - V d 5.1.3: Phn gii NS
serverlinux.com. IN NS dnsserver.serverlinux.com. serverlinux.com. IN NS serverlinux.com.
Khai bo trn ch ra hai name server qun l d liu cho min serverlinux.com l dnsserver.serverlinux.com v serverlinux.com. A (Address) v CNAME (Canonical Name) Record A (Address) nh x tn my (hostname) thnh a ch IP. Record CNAME (canonical name) to tn b danh alias tr vo mt tn hostname khc. Tn hostname khc l tn host trong c ch nh a ch IP thng qua record A hoc li tr vo mt tn alias (canonical) khc. - C php khai bo record A:#[hostname] IN A [IP_Address] - C php khai bo record CNAME:#[Canonical_name] IN CNAME [hostname | Canonical_name] - V d 5.1.4:V d cu hnh vi Record A v CNAME
localhost.serverlinux.com. IN A 127.0.0.1 dnsserver.serverlinux.com. IN A 172.29.14.2 serverlinux.com. IN A 172.29.14.1 diehard.serverlinux.com. IN A 172.29.14.4 // khai bo mt tn hostname nh x cho nhiu a ch IP serverlinux.com. IN A 172.29.14.1 serverlinux.com. IN A 192.253.253.1 // Khai bo alias name (canonical name) www.serverlinux.com. IN CNAME serverlinux.com. proxy IN CNAME www.serverlinux.com.
MX (Mail Exchange) DNS dng record MX trong vic chuyn mail trn mng Internet. Khi nhn c mail, trnh chuyn mail (mailer) s da vo record MX quyt nh ng i ca mail. Record MX ch ra mt Mail Exchanger cho mt min - Mail Exchanger l mt my ch x l (chuyn mail n mailbox cc b hay lm gateway chuyn sang mt giao thc chuyn mail khc nh UUCP) hoc chuyn tip mail n mt Mail Exchanger khc (trung gian) gn vi mnh nht n ti my ch ch cui cng dng giao thc SMTP (Simple Mail Transfer Protocol). trnh vic gi mail b lp li, record MX c thm mt gi tr b sung ngoi tn min ca Mail Exchanger l mt s th t tham chiu. y l gi tr nguyn khng du 16-bit (065535) ch ra th t u tin ca cc Mail Exchanger. - C php: [domain_name] IN MX [priority] [mail_host] - V d 5.1.5: serverlinux.com. IN MX 10 mailserver.serverlinux.com. Ch ra my ch mailserver.serverlinux.com l mail server qun l mail cho min serverlinux.com vi s th t tham chiu 10. Ch : cc gi tr ny ch c ngha so snh vi nhau. V d khai bo hai record MX: serverlinux.com. IN MX 1 listo.serverlinux.com. serverlinux.com. IN MX 2 hep.serverlinux.com. PTR (Pointer) Record PTR (pointer) dng nh x a ch IP thnh tn my hostname. - C php:[address] IN PTR [hostname] Trong [address] l a ch ip ca hostname nhng phi c ghi o ngc v kt hp vi tn min inaddr.arpa. - V d 5.1.6: Cc record PTR cho cc host trong mng 1.168.192:
1.1.168.192.in-addr.arpa. 2.1.168.192.in-addr.arpa. 3.1.168.192.in-addr.arpa. 4.1.168.192.in-addr.arpa. IN IN IN IN PTR PTR PTR PTR serverlinux.com. dnsserver.serverlinux.com. mailserver.serverlinux.com. dnshard.serverlinux.com.
5.1.4. CU HNH DNS MIN CC B M hnh v yu cu bi tp
Yu cu: Min serverlinux.vn c thu t t chc VNNIC, hy cu hnh DNS server qun l d liu cho min ny Hng dn thc hin 1. Ci t BIND 2. Khai bo zone trong /etc/named.rfc1912.zones - Zone thun - Zone nghch 3. M t c s d liu - Zone thun - Zone nghch 4. Thay i cu hnh cho php h thng hot ng trn a ch IP cc b, cho mng cc b hoc bn ngoi truy vn c s d liu.
Listen-on port 53 {127.0.0.1; 192.168.1.17;} Allow-query {localhost; 192.168.1.0/24; };
5. Khi to v kim tra hot ng 6. Khai bo dns client 7. Kim tra phn gii tn min
Cc bc thc hin cu hnh 1. Kim tra phn mm BIND - Dng lnh #rpm qa thng hay cha. 2. Ci t phn mm BIND
bind*
: kim tra phn mm bin ci t trn h
[root@linux ~]#yum -y install bind Hoc download v ci t phn mm dng nh phn bng trnh RPM [root@linux ~]#rpm ivh bind-9.7.3-2.el6_1.P3.3.i686.rpm [root@linux ~]#rpm ivh bind-libs-9.7.3-2.el6_1.P3.3.i686.rpm [root@linux ~]#rpm ivh bind-utils-9.7.3-2.el6_1.P3.3.i686.rpm
3. Thc hin cu hnh a ch IP cho my DNS Server vi a ch: 192.168.1.17/24 4. Khai bo zone trong /etc/named.rfc1912.zones - Zone thun: thm vo cc dng khai bo bn di cng tp tin
zone "serverlinux.vn" IN { //Khai bo zone thun type master; //Khai bo kiu master file "serverlinux.thuan";//Khai bo csdl thun allow-update { none; }; //Khng cho php update };
Zone nghch
zone "1.168.192.in-addr.arpa" IN { //Khai bo zone nghch type master; //Khai bo kiu master file "serverlinux.nghich";//khai bo csdl nghich allow-update { none; };//Khng cho php update };
5. Chnh sa tp tin /etc/named.conf

options { listen-on port 53 { 127.0.0.1; 192.168.1.17; };//Thm vo a ch ip my dns server listen-on-v6 port 53 {::1; }; directory "/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt"; allow-query{ localhost; 192.168.1.0/24; };//Khai bo dy a ch mng c php truy cp dns server allow-query-cache { localhost; 192.168.1.0/24; };//Khai bo dy a ch ip cho php truy vn dns server }; logging { channel default_debug {
file "data/named.run"; severity dynamic; }; }; view localhost_resolver { match-clients { localhost; }; match-destinations { localhost; }; recursion yes; include "/etc/named.rfc1912.zones";//lin kt n file khai bo cc zone thun v zone nghch trn };
6. M t c s d liu trong th mc /var/named a) Zone thun c tn serverlinux.thuan

$TTL @IN 86400 SOA dns1.serverlinux.vn. root.serverlinux.vn.( 1997022700 ; Serial 28800; Refresh 14400; Retry 3600000; Expire 86400 ); Minimum IN NS dns1.serverlinux.vn. IN MX 1 mail.serverlinux.vn. dns1 IN A 192.168.1.17 www IN CNAME dns1.serverlinux.vn. mail IN CNAME dns1.serverlinux.vn. ftp IN CNAME dns1.serverlinux.vn. proxy IN CNAME dns1.serverlinux.vn.
b) Zone nghch c tn serverlinux.thuan: c th copy t zone thun v t tn l serverlinux.nghich, sau chnh sa vi ch nh bn di.
$TTL @IN 86400 SOA dns1.serverlinux.vn. root.serverlinux.vn.( 1997022700 ; Serial 28800; Refresh 14400; Retry 3600000; Expire 86400 ); Minimum IN NS dns1.serverlinux.vn. IN PTR dns1.serverlinux.vn.
17
c) Phn quyn 2 CSDL va to: Nu s dng trnh son tho VI to 2 tp tin trn th phi gn quyn truy cp cho 2 tp tin ny. Thc hin cc lnh sau:
#chmod 777 /var/named/serverlinux.thuan
#chmod 777 /var/named/serverlinux.nghich
7. t nameserver v domain trong tp tin /etc/resolv.conf

nameserver domain 192.168.1.17 serverlinux.vn
8. Khi ng dch v DNS a) khi ng dch v DNS:

#/etc/init.d/named Hoc lnh: #service restart named restart
b) Kim tra xem dch v DNS c hot ng hay cha bng lnh:
#pgrep 1489 named
c) Kim tra xem DNS phn gii hay cha bng lnh:
[root@linux ~]# host www.serverlinux.vn www.serverlinux.vn is an alias for dns1.serverlinux.vn. dns1.serverlinux.vn has address 192.168.1.17 [root@linux ~]# host 192.168.1.17 192.168.1.17.in-addr.arpa domain name pointer dns1.serverlinux.vn.
9.
[root@linux ~]#
Kim tra phn gii tn min
Thc hin lnh #nslookup kim tra phn gii tn min. Sau khi g lnh nslookup, command line s l du >, g lnh
[root@linux ~]# nslookup > set type=any > dns1.serverlinux.vn Server: 192.168.1.17 Address: 192.168.1.17#53 Name: dns1.serverlinux.vn Address: 192.168.1.17 >192.168.1.17 Server: 192.168.1.17 Address: 192.168.1.17#53 192.168.1.17.in-addr.arpa name = dns1.serverlinux.vn.
5.1.5. CU HNH DNS MIN CON M hnh v yu cu cu hnh
Ftp server Mail server Web server 192.168.1.22 192.168.1.21 Proxy server 192.168.1.20 192.168.1.23
Site
client Firewall client Resource record zone Serverlinux.vn DNS Server 192.168.1.10
Client
DNSITdep 192.168.1.11
Resource record Zone Itdep.serverlinux.vn
www,ftp 192.168.1.12
ITdep.serverlinux.vn
Yu cu: Min serverlinux.vn c thu t t chc VNNIC, hy cu hnh DNS server qun l d liu cho min ny Hng dn 1) M t c s d liu a. Zone thun b. Zone nghch 2) Khi to v kim tra hot ng 3) Kim tra phn gii tnmin Cc bc thc hin 1) Kim tra hot ng ca tn min severlinux.vn
Thc hin cc lnh sau y kim tra tn min cc b severlinux.vn

[root@linux ~]# host dns1.serverlinux.vn dns1.serverlinux.vn has address 192.168.1.17 [root@linux ~]#
2) Kim tra cc gi phn bind* trn DNS server master

[root@DNS ~]# rpm -qa bind* bind-libs-9.3.6-16.P1.el5 bind-utils-9.3.6-16.P1.el5 bind-9.3.6-16.P1.el5
3) Khai bo zone thun v zone nghch trn DNS server master. Khai bo zone trong /etc/named.rfc1912.zones - Zone thun: thm vo cc dng khai bo bn di cng tp tin
zone "serverlinux.vn" IN { type master; file "serverlinux.thuan"; allow-update { none; }; };
Zone nghch
zone "1.168.192.in-addr.arpa" IN { type master; file "serverlinux.nghich"; allow-update { none; }; };
4) [root@DNS etc]# vi /etc/named.caching-nameserver.conf

options { listen-on port 53 { 127.0.0.1; 192.168.1.17; }; listen-on-v6 port 53 {::1; }; directory "/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt"; allow-query{ localhost; 192.168.1.0/24; }; allow-query-cache { localhost; 192.168.1.0/24; }; }; logging { channel default_debug { file "data/named.run"; severity dynamic; }; }; view localhost_resolver {
match-clients { localhost; }; match-destinations { localhost; }; recursion yes; include "/etc/named.rfc1912.zones"; };
5) M t c s d liu trong th mc /var/named a. Zone thun c tn serverlinux.thuan

$TTL 86400 @INSOAdns1.serverlinux.vn. root.serverlinux.vn.( 1997022700 ; Serial 28800; Refresh 14400; Retry 3600000; Expire 86400 ); Minimum IN NS dns1.serverlinux.vn. IN MX 1 mail.serverlinux.vn. dns1 IN A 192.168.1.17 www IN CNAME dns1.serverlinux.vn. mail IN CNAME dns1.serverlinux.vn. ftp IN CNAME dns1.serverlinux.vn. proxy IN CNAME dns1.serverlinux.vn. itdep IN A 192.168.1.28 IN MX 1 mail.itdep.serverlinux.vn. mail.itdep IN A 192.168.1.28
www.itdep IN ftp.itdep IN
CNAME CNAME
mail.itdep.serverlinux.vn. mail.itdep.serverlinux.vn.
b. Zone nghch c tn serverlinux.thuan: c th copy t zone thun v t tn l serverlinux.nghich, sau chnh sa vi ch nh bn di.
$TTL 86400 @INSOAdns1.serverlinux.vn. root.serverlinux.vn.( 1997022700 ; Serial 28800; Refresh 14400; Retry 3600000; Expire 86400 ); Minimum IN NS dns1.serverlinux.vn. 17 IN PTR dns1.serverlinux.vn. 28 IN PTR itdep.serverlinux.vn. IN PTR mail.itdep.serverlinux.vn.
6) Khi ng dch v DNS a. khi ng dch v DNS thc hin lnh sau:
#/etc/init.d/named Hoc lnh: #service
restart named
restart
b. Kim tra #pgrep
xem
dch v named
DNS
hot
ng
hay
cha
bng
lnh:
c. Kim tra xem DNS phn gii hay cha bng lnh:
[root@linux ~]# host dns1.serverlinux.vn dns.serverlinux.vn has address 192.168.1.17
d. Kim tra phn gii tn min a) Thc hin lnh #nslookup kim tra phn gii tn min. Sau khi g lnh nslookup, command line s l du >, g lnh
[root@linux ~]# nslookup > set type=any > dns1.serverlinux.vn Server: 192.168.1.17 Address: 192.168.1.17#53 Name: dns1.serverlinux.vn Address: 192.168.1.17 >192.168.1.17 Server: 192.168.1.17 Address: 192.168.1.17#53 192.168.1.17.in-addr.arpa name = dns1.serverlinux.vn.
b) Kim tra tn min itdep mx

#host -t mx itdep.serverlinux.vn
c) Kim tra tn min itdep www

#host www.itdep.serverlinux.vn
d) Kim tra tn min itdepftp

#host ftp.itdep.serverlinux.vn
5.1.6. CU HNH DNS LIN KT NHIU MIN CON M hnh v yu cu h thng
Yu cu: Min serverlinux.vn c thu t t chc VNNIC, hy cu hnh DNS server qun l d liu cho min ny. Hng dn cu hnh 1) Cu hnh y quyn trn dnssvr Zone thun Khai bo record NS v A tr v min itdep.serverlinux.vn v min pcm.serverlinux.vn Zone nghch Khai bo PTR tng ng vi record A Khi to v kim tra hot ng Cu hnh DNS cho min itdep.serverlinux.vn a. Forwarders v my ch dnssvr Cu hnh DNS cho min pcm.serverlinux.vn a. Forwaders v my ch dnssvr
2) 3) 4)
5) Kim tra phn gii tnmin Cc bc thc hin cu hnh - Kim tra hot ng ca tn min serverlinux.vn Thc hin cc lnh sau y kim tra tn min cc b serverlinux.vn
#host dns1.serverlinux.vn xut ra a ch v host ca min ny Tip tc g lnh: #nslookup >set type=any >serverlinux.vn hin ra thng tin v tn min serverlinux.vn
Cu hnh named-caching-nameserver.conf
[root@localhost named]# vi /etc/named-caching-nameserver.conf options { listen-on port 53 { 127.0.0.1; 192.168.1.17; }; listen-on-v6 port 53 { ::1; }; directory "/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt"; allow-query { localhost; 192.168.1.0/24; }; allow-query-cache { localhost; 192.168.1.0/24; }; recursion yes; dnssec-enable yes; dnssec-validation yes; dnssec-lookaside auto; /* Path to ISC DLV key */ bindkeys-file "/etc/named.iscdlv.key"; }; logging { channel default_debug { file "data/named.run"; severity dynamic; }; }; zone "." IN { type hint; file "named.ca"; }; include "/etc/named.rfc1912.zones";
Cu hnh tp tin /etc/named.rfc.1912.zones
#Khai bo zone thun zone "serverlinux.vn" IN { type master; file "serverlinux.thuan"; allow-update { none; }; }; #khai bo zone nghich zone "1.168.192.in-addr.arpa" IN { type master; file "serverlinux.nghich"; allow-update { none; }; };
M t c s d liu trong th mc /var/named a. Zone thun c tn serverlinux.thuan
$TTL 1D @ IN SOA
IN IN dns1 mail itdep IN mail.itdep www.itdep ftp.itdep
dns1.serverlinux.vn. root.serverlinux.vn. ( 0 ; serial 1D ; refresh 1H ; retry 1W ; expire 3H ) ; minimum NS dns1.serverlinux.vn. MX 1 mail.serverlinux.vn. IN A 192.168.1.18 IN CNAME dns1.serverlinux.vn. A 1 A CNAME CNAME 192.168.1.28 mail.itdep.serverlinux.vn. 192.168.1.28 mail.itdep.serverlinux.vn. mail.itdep.serverlinux.vn.
IN MX IN IN IN
b. Zone nghch c tn serverlinux.nghich: c th copy t zone thun v t tn l serverlinux.nghich, sau chnh sa vi ch nh bn di.
$TTL 1D @ IN SOA dns1.serverlinux.vn. root.serverlinux.vn. ( 0 ; serial 1D ; refresh 1H ; retry 1W ; expire 3H ) ; minimum
18 28
IN IN IN IN
NS PTR PTR PTR
dns1.serverlinux.vn. dns1.serverlinux.vn. itdep.serverlinux.vn. mail.itdep.serverlinux.vn.
Khi ng dch v DNS a. khi ng dch v DNS thc hin lnh sau:
restart named restart
#/etc/init.d/named Hoc lnh: #service
b. Kim tra xem dch v DNS c hot ng hay cha bng lnh:
#pgrep 1489 named
c. Kim tra xem DNS phn gii hay cha bng lnh:
#host Hoc #host dns1.serverlinux.vn 192.168.1.18
d. Khai bo zone thun v zone nghch cho tn min itdep

zone "itdep.serverlinux.vn" IN { type master; file "itdep.thuan"; allow-update { none; }; }; zone "1.168.192.in-addr.arpa" IN { type master; file "itdep.nghich"; allow-update { none; }; };
e. Cu hnh /etc/named-caching-nameserver.conf
options { listen-on port 53 { 127.0.0.1; 192.168.1.28; }; listen-on-v6 port 53 { ::1; }; directory "/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt"; allow-query { localhost; any; }; recursion yes; forwarders { 192.168.1.18; }; allow-query-cache { localhost; any; }; dnssec-enable yes;
dnssec-validation yes; dnssec-lookaside auto; /* Path to ISC DLV key */ bindkeys-file "/etc/named.iscdlv.key"; }; logging { channel default_debug { file "data/named.run"; severity dynamic; }; }; zone "." IN { type hint; file "named.ca"; }; include "/etc/named.rfc1912.zones";
f. Khai bo nameserver trong /etc/resolv.conf

nameserver domain 192.168.1.17 serverlinux.vn
g. Cu hnh c s d liu itdep.thuan v itdep.nghich Itdep.thuan

dnsit.itdep.serverlinux.vn. root.itdep.serverlinux.vn. ( 0 ; serial 1D ; refresh 1H ; retry 1W ; expire 3H ) ; minimum NS dnsit.itdep.serverlinux.vn. MX 1 mail.itdep.serverlinux.vn. A 192.168.1.28 A 192.168.1.28
$TTL 1D @ IN SOA
dnsit mail
IN IN IN IN
Itdep.nghich
dnsit.itdep.serverlinux.vn. root.itdep.serverlinux.vn. ( 0 ; serial 1D ; refresh 1H ; retry 1W ; expire 3H ) ; minimum NS dnsit.itdep.serverlinux.vn. PTR dnsit.itdep.serverlinux.vn.
$TTL 1D @ IN SOA
28
IN IN
IN
PTR
mail.itdep.serverlinux.vn.
a. Kim tra phn gii tn min

[root@localhost named]# nslookup > set type=any > 192.168.1.28 Server: 192.168.1.18 Address: 192.168.1.18#53 28.1.168.192.in-addr.arpa 28.1.168.192.in-addr.arpa > itdep.serverlinux.vn Server: 192.168.1.18 Address: 192.168.1.18#53 Name: itdep.serverlinux.vn Address: 192.168.1.28 itdep.serverlinux.vn mail exchanger = 1 mail.itdep.serverlinux.vn. > serverlinux.vn Server: 192.168.1.18 Address: 192.168.1.18#53 serverlinux.vn origin = dns1.serverlinux.vn mail addr = root.serverlinux.vn serial = 0 refresh = 86400 retry = 3600 expire = 604800 minimum = 10800 serverlinux.vn nameserver = dns1.serverlinux.vn. serverlinux.vn mail exchanger = 1 mail.serverlinux.vn. > name = mail.itdep.serverlinux.vn. name = itdep.serverlinux.vn.
5.1.7. CU HNH DNS SERVER D PHNG M hnh v yu cu h thng
Hng dn cu hnh 1) Khai bo zone backup trn serverlinux o Zone thun o Zone nghch 2) Cho php cope CSDL t serverlinux o Zone thun o Zone nghch 3) Khi to v kim tra hot ng 4) Khai bo dnsclient 5) Kim tra phn gii tn min Cc bc thc hin cu hnh 1) Phn 1: Cu hnh DNS server master a) Kim tra kt ni n DNS d phng
[root@DNS ~]# ping 192.168.1.17 PING 192.168.1.17 (192.168.1.17) 56(84) bytes of data.
64 bytes from 192.168.1.17: icmp_seq=1 ttl=64 time=1.46 ms 64 bytes from 192.168.1.17: icmp_seq=2 ttl=64 time=0.295 ms --- 192.168.1.17 ping statistics ---
b) Kim tra cc gi phn bind* trn DNS server master

c) Khai bo zone thun v zone nghch trn DNS server master

[root@DNS etc]# vi named.caching-nameserver.conf options { listen-on port 53 { 127.0.0.1; 192.168.1.17; }; listen-on-v6 port 53 {::1; }; directory"/var/named"; dump-file"/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt"; // Those options should be used carefully because they disable port // randomization // query-sourceport 53; // query-source-v6 port 53; allow-query{ localhost; any; }; //allow-transfer{ localhost; 192.168.1.0/24; }; //allow-recursion { localhost; 192.168.1.0/24; }; allow-query-cache { localhost; any; }; }; controls { inet127.0.0.1 allow {localhost; } keys { rndckey; }; }; logging { channel default_debug { file "data/named.run"; severity dynamic; }; }; # here is the section for internal informations view "internal" { match-clients { localhost; 192.168.1.0/24; }; zone "." IN { type hint; file "named.ca"; }; //# set zones for internal
zone "serverlinux.vn" IN { type master; file "serverlinux.thuan"; allow-update { 192.168.1.27; }; allow-transfer { 192.168.1.27; }; }; //# set zones for internal zone "1.168.192.in-addr.arpa" IN { type master; file serverlinux.nghich"; allow-update { 192.168.1.27; }; allow-transfer { 192.168.1.27; }; }; zone "localdomain" IN { type master; file "localdomain.zone"; allow-update { none; }; }; zone "localhost" IN { type master; file "localhost.zone"; allow-update { none; }; }; zone "0.0.127.in-addr.arpa" IN { type master; file "named.local"; allow-update { none; }; }; zone "255.in-addr.arpa" IN { type master; file "named.broadcast"; allow-update { none; }; }; zone "0.in-addr.arpa" IN { type master; file "named.zero"; allow-update { none; }; }; };
d) To tp tin c s d liu trong /var/named trn DNS server master - To tp tin thun serverlinux.thuan min cc b
[root@linux ~]# vi serverlinux.thuan $TTL86400
@ IN
SOA
IN NS IN NS IN MX Dns1 IN Bkdns1 www IN mail IN ftp IN proxy IN
dns1.serverlinux.vn.root.serverlinux.vn.( 2011022700 ; Serial 28800; Refresh 14400; Retry 3600000; Expire 86400 ); Minimum dns1.serverlinux.vn. bkdns1.serverlinux.vn. 10 dns1.serverlinux.vn. A 192.168.1.17 IN A192.168.1.27 CNAME dns1.serverlinux.vn. CNAME dns1.serverlinux.vn. CNAME dns1.serverlinux.vn. CNAME dns1.serverlinux.vn.
To tp tin thun 1.168.192.db min cc b
[root@linux ~]# vi 1.168.192.db $TTL86400 @ IN SOA dns1.serverlinux.vn. root.serverlinux.vn.( 2011022700 ; Serial 28800; Refresh 14400; Retry 3600000; Expire 86400 ); Minimum IN NS dns1.serverlinux.vn. IN NS bkns1.serverlinux.vn. 17 IN PTR dns1.serverlinux.vn. 27 IN PTR bkdns1.serverlinux.vn.
e) Khi ng li named
[root@DNS ~]# /etc/init.d/named restart Stopping named: [OK] Starting named: [OK] [root@DNS ~]# pgrep named 3075
f) Kim tra hot ng ca DNS

[root@DNS ~]# host dns.serverlinux.vn dns.serverlinux.vn has address 192.168.1.17
10. Phn 2: Cu hnh DNS d phng (my slave) - Kim tra kt ni n DNS server master
[root@DNS ~]# ping 192.168.1.17 PING 192.168.1.17 (192.168.1.17) 56(84) bytes of data.
64 bytes from 192.168.1.17: icmp_seq=1 ttl=64 time=1.46 ms 64 bytes from 192.168.1.17: icmp_seq=2 ttl=64 time=0.295 ms --- 192.168.1.17 ping statistics ---
- Kim tra cc gi phn bind* trn DNS server master

- Cu hnh tp tin /etc/named.caching-nameserver.conf

options { listen-on port 53 { 127.0.0.1; 192.168.1.17; }; listen-on-v6 port 53 {::1; }; directory"/var/named"; dump-file"/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt"; // // // // Those options should be used carefully because they disable port randomization query-sourceport 53; query-source-v6 port 53;
allow-query{ localhost; any; }; allow-query-cache { localhost; any; }; }; logging { channel default_debug { file "data/named.run"; severity dynamic; }; }; view localhost_resolver { match-clients{ localhost; }; match-destinations { localhost; }; recursion yes; include "/etc/named.rfc1912.zones"; };
- Khai bo zone thun v zone nghch trn DNS server master

[root@dns etc]# vi named.rfc1912.zones zone "." IN { type hint; file "named.ca";
}; zone "localdomain" IN { type master; file "localdomain.zone"; allow-update { none; }; }; zone "localhost" IN { type master; file "localhost.zone"; allow-update { none; }; }; zone "0.0.127.in-addr.arpa" IN { type master; file "named.local"; allow-update { none; }; }; zone "0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" IN { type master; file "named.ip6.local"; allow-update { none; }; }; zone "255.in-addr.arpa" IN { type master; file "named.broadcast"; allow-update { none; }; }; zone "0.in-addr.arpa" IN { type master; file "named.zero"; allow-update { none; }; }; zone "serverlinux.vn" IN { type slave; masters { 192.168.1.17; }; file "slaves/bk.thuan"; allow-update { none; }; };
zone "1.168.192.in-addr.arpa" IN { type slave; masters { 192.168.1.17; }; file "slaves/bk.nghich"; allow-update { none; }; };
- Khng khai bo c s d liu trong /var/named trn DNS d phng - Khi ng li named
[root@DNS ~]# /etc/init.d/named restart Stopping named: [OK] Starting named: [OK] [root@DNS ~]# pgrep named 3075
- Kim tra DNS d phng copy c s d liu t DNS server master v th mc /var/named/slave
[root@dns var]# ll /var/named/slaves/ total 16 -rw-r--r-- 1 named named 367 May4 18:00 bk.nghich -rw-r--r-- 1 named named 435 May4 17:57 bk.thuan
- Kim tra hot ng ca DNSd phng

[root@DNS ~]# host dns1.serverlinux.vn dns.serverlinux.vn has address 192.168.1.17
5.2.
CU HI N TP V DNS
5.2.1. THC HNH 1: THIT LP DNS QUN L MIN CC B Trung tm o to tin hc va thu mt tn min serverlinux.com t t chc qun l tn min VNNIC. Anh/Ch hy t chc DNS server trn my ch Linux theo m hnh sau:
HNG DN - Khai bo zone trong file /etc/named.rfc1912.zones o Zone thun. o Zone nghch. - Thay i cc thng s trong tp tin /etc/named.conf - M t c s d liu. o Zone thun. o Zone nghch. - Khi to v kim tra hot ng. - Khai bo dns client. - Kim tra phn gii tn min. 5.2.2. THC HNH 2: THIT LP DNS HOSTING CHO MIN CON Hy thit lp DNS hosting cho min con itdep.serverlinux.com theo yu cu c m t c th trong m hnh sau:
Hng dn: - Cu hnh DNS cho min serverlinux.com - Cu hnh DNS hosting cho min itdep.serverlinux.com o Zone thun. o Zone nghch (nu cn) - Khi to v kim tra hot ng - Kim tra phn gii tn min 5.2.3. THC HNH 3: THIT LP DNS LIN KT NHIU VNG Hy thit lp DNS lin kt cho hai min con itdep.serverlinux.com v pcm.serverlinux.com theo yu cu c m t c th trong m hnh sau:
Hng dn: - Cu hnh DNS cho min serverlinux.com - y quyn hai min con itdep.serverlinux.com v pcm.serverlinux.com o Khai bo record NS v A tr v min itdep.serverlinux.com v min pcm.serverlinux.com o Khai bo v PTR tng ng vi record A. - Khi to v kim tra hot ng - Cu hnh DNS cho min itdep.serverlinux.com o Forwarders v my ch dnssvr. - Cu hnh DNS cho min pcm.serverlinux.com o Forwarders v my ch dnssvr. - Kim tra phn gii tn min 5.2.4. THC HNH 4: THIT LP DNS D PHNG Hy thit lp DNS d phng (slave nameserver) sao chp c s d liu cho min serverlinux.com theo yu cu da trn m hnh sau:
Hng dn: - Cu hnh DNS server chnh (master nameserver) - Cu hnh DNS server d phng. o Zone thun. o Zone nghch. - Cho php copy CSDL t dnssvr o Zone thun. o Zone nghch. - Khi to v kim tra hot ng. - Khai bo dns client. - Kim tra phn gii tn min.
5.3.
DCH V FTP
5.3.1. GII THIU FTP FTP c vit tt t chui File Transfer Protocol. Giao thc ny c xy dng da trn chun TCP, FTP cung cp c ch truyn tin di dng file thng qua mng TCP/IP, FTP l mt dch v c bit v n dng n hai cng: Cng 20 (cn gi l data port) dng truyn d liu v cng 21 (cn gi l command port) dng truyn lnh.Mt s chng trnh ftp server s dng trn Linux:Vsftpd, Wu-ftpd, PureFTPd, ProFTPD. FTP c 2 loi: Active FTP ch ch ng (active), my khch FTP dng mt cng ngu nhin khng dnh ring (cng N > 1024) kt ni vo cng 21 ca FTP server. Sau , my khch lng nghe trn cng N+1 v gi lnh PORT N+1 n FTP server. Tip theo, t cng d liu ca mnh, FTP server s kt ni ngc li vo cng d liu ca client khai bo trc (tc l N+1). kha cnh firewall, FTP Server h tr ch active th cc knh truyn sau phi m: - Cng 21 phi c m cho bt c ngun gi no ( client khi to kt ni) - FTP server's port 21 to ports > 1024 (server tr li v cng iu khin ca client) - Cho kt ni t cng 20 ca FTP server n cc cng > 1024 (server khi to kt ni vo cng d liu ca client) - Nhn kt ni hng n cng 20 ca FTP server t cc cng > 1024 (client gi xc nhn ACKs n cng data ca server) S kt ni:
- Bc 1: Client khi to kt ni vo cng 21 ca server v gi lnh PORT 1027.
- Bc 2: Server gi xc nhn ACK v cng lnh ca client. - Bc 3: Server khi to kt ni t cng 20 ca mnh n cng d liu m client khai bo trc . - Bc 4: Client gi ACK phn hi cho server. Khi FTP Server hot ng ch ch ng, client khng to kt ni tht s vo cng d liu ca FTP server, m ch n gin l thng bo cho server bit rng n ang lng nghe trn cng no v server phi kt ni ngc v client vo cng . Passive FTP Phng thc ny gi l FTP th ng (passive) hoc PASV (l lnh m client gi cho server bo cho bit l n ang ch passive). ch th ng, FTP client to kt ni n server. Khi kt ni FTP c m, client s m hai cng khng dnh ring N, N+1 (N > 1024). Cng th nht dng lin lc vi cng 21 ca server, nhng thay v gi lnh PORT v sau l server kt ni ngc v client, th lnh PASV c pht ra. Kt qu l server s m mt cng khng dnh ring bt k P (P > 1024) v gi lnh PORT P ngc v cho client. Sau client s khi to kt ni t cng N+1 vo cng P trn server truyn d liu. Pha Firewall trn server FTP, h tr FTP ch passive, cc knh truyn sau phi c m: - Cng FTP 21 ca server nhn kt ni t bt k ngun no (cho client khi to kt ni). - Cho php tr li t cng 21 FTP server n cng bt k trn 1024 (Server tr li cho cng control ca client). - Nhn kt ni trn cng FTP server > 1024 t bt c ngun no (Client to kt ni truyn d liu n cng ngu nhin m server ch ra). - Cho php tr li t cng FTP server > 1024 n cc cng > 1024 (Server gi xc nhn ACKs n cng d liu ca client). S :
- Bc 1: Client kt ni vo cng lnh ca server v pht lnh PASV. - Bc 2: Server tr li bng lnh PORT 2024, cho client bit cng 2024 ang m nhn kt ni d liu. - Buc 3: Client to kt ni truyn d liu t cng d liu ca n n cng d liu 2024 ca server. - Bc 4: L server tr li bng xc nhn ACK v cho cng d liu ca client. 5.3.2. CU HNH FTP SERVER M hnh v yu cu h thng Cu hnh cho php ngi dng anonymous v local user upload d liu ln FTP Server theo m hnh sau y:
Hng dn cu hnh a) To ngi dng cc b
b) c) d) e) f)
Khai bo tn min ftp.serverlinux.vn trong DNS server Ci t vsftpd Cu hnh tp tin /etc/vsftpd/vsftpd.conf Khi ng dch v FTP Kim tra hot ng 1) Kim tra tin trnh vsftpd 2) Login bng ngi dng anonymous trn windows 3) Upload ti liu 4) Login bng ti khon hv1 trn windows 5) Upload ti liu g) Ftp client t Linux h) ftp client t Windows Cc bc thc hin a) To ngi dng cc b
[root@localhost ~]# useradd hv1 useradd: user hv1 exists
#to ngi dng hv1
[root@localhost ~]# passwd hv1 #t mt khu to ngi dng hv1 Changing password for user hv1. New UNIX password: #Nhp mt khu vo BAD PASSWORD: it is too simplistic/systematic Retype new UNIX password: #xc thc li mt khu passwd: all authentication tokens updated successfully.
b) Cu hnh zone thun serverlinux.vn

$TTL @ 86400 dns1.serverlinux.vn. 2011022700 ; Serial 28800; Refresh 14400; Retry 3600000; Expire 86400 ); Minimum dns1.serverlinux.vn. MX 1 dns1.serverlinux.vn. A 192.168.1.17 IN SOA root.serverlinux.vn.(
IN dns1
NS IN IN
www mail ftp proxy
IN IN IN IN
CNAME CNAME CNAME CNAME
dns1.serverlinux.vn. dns1.serverlinux.vn. 192.168.1.28 dns1.serverlinux.vn.
c) Khi ng dns server

[root@localhost ~]# /etc/init.d/named restart Stopping named: [OK] Starting named: [OK] [root@localhost ~]# hostftp.serverlinux.vn [root@localhost ~]# host ftp.serverlinux.vn ftp.serverlinux.vn is an alias for ns1.serverlinux.vn. dns1.serverlinux.vn has address 192.168.1.17
d) Ci t vsftpd
[root@linux ~]#yum -y install vsftpd
e) Cu hnh tp tin /etc/vsftpd/vsftpd.conf

[root@linux ~]#vi /etc/vsftpd/vsftpd.conf # line 12: no anonymous anonymous_enable=NO #Khng cho php ngi dng anonymous login vo # line 81,82: uncomment (permit ascii mode transfer) ascii_upload_enable=YES ascii_download_enable=YES # line 96: uncomment ( enable chroot list ) chroot_list_enable=YES chroot_local_user=YES # line 99: uncomment ( enable chroot list file ) chroot_list_file=/etc/vsftpd/chroot_list # line 105: uncomment ls_recurse_enable=YES # add at the bottom # specify root directory ( if don't specify, users' home directory become FTP home directory ) local_root=public_html # use localtime use_localtime=YES #s dng thi gian h thng [root@linux ~]# vi /etc/vsftpd/chroot_list # add users you allow to move over their home directory
hv1
f) Tt firewall: FTP server khi chy m port (20,21) nn ta phi m 2 port ny bng cch tt firewall
[root@linux ~]# /etc/init.d/iptables stop iptables: Flushing firewall rules: iptables: Setting chains to policy ACCEPT: filter iptables: Unloading modules: [ [ [ OK OK OK ] ] ]
g) Khi ng dch v FTP

[root@linux ~]# /etc/rc.d/init.d/vsftpd start Starting vsftpd for vsftpd: [OK] [root@linux ~]# chkconfig vsftpd on
h) Ftp client t Linux

[root@linux vsftpd]# ftp 192.168.1.28 Connected to 192.168.1.28. 220 (vsFTPd 2.0.5) 530 Please login with USER and PASS. 530 Please login with USER and PASS. KERBEROS_V4 rejected as an authentication type Name (192.168.1.28:root): hv1 331 Please specify the password. Password: 230 Login successful. Remote system type is UNIX. Using binary mode to transfer files.
Kim tra
ftp> ls 227 Entering Passive Mode (192,168,1,28,41,97) 150 Here comes the directory listing. 226 Directory send OK. ftp>
i) Ftp client FileZilla t Windows
Hoc g lnh trong Run: ftp://192.168.1.28
5.3.3. GII HN TRUY CP FTP Yu cu bi tp - Cu hnh ch cho php ngi dng cc b truy cp vo ftp server ngoi tr ngi dng hv2 - Cm host 192.168.1.200 truy cp vo ftp server Hng dn cu hnh a) To ngi dng cc b b) Cu hnh ftp 1) Gii hn ngi dng anonymous 2) Gii hn host truy cp ftp server c) Khi to ftp server d) Kim tra hot ng trn linux 1) Kim tra tin trnh vsftps 2) Kim tra tn minftp.serverlinux.vn e) Kim tra hot ng trn windows 1) Login bng ngi dng anonymous 2) Login bng ngi dng cc b 3) Login t host 192.168.1.200 Cc bc thc hin cu hnh a) To ngi dng cc b
[root@localhost ~]# useradd hv1 useradd: user hv1 exists [root@localhost ~]# passwd hv1 Changing password for user hv1. New UNIX password: BAD PASSWORD: it is too simplistic/systematic Retype new UNIX password:
passwd: all authentication tokens updated successfully. [root@localhost ~]# useradd hv2 useradd: user hv2 exists [root@localhost ~]# passwd hv2 Changing password for user hv2. New UNIX password: BAD PASSWORD: it is too simplistic/systematic Retype new UNIX password: passwd: all authentication tokens updated successfully. [root@localhost ~]# su - hv2
b) Cu hnh /etc/vsftpd/vdftpd.conf - Cu hnh cm ngi dng anonymous truy cp ftp server

# # Allow anonymous FTP? (Beware - allowed by default if you comment this out). anonymous_enable=NO anon_root=/var/ftp # # Uncomment this to allow local users to log in. local_enable=YES #
- Cm user cc b hv1 truy cp ftp serrver trong tp tin /etc/vsftpd/ftpusers

# Users that are not allowed to login via ftp root bin daemon adm lp sync shutdown halt mail news uucp operator games nobody hv1
- V trong tp tin /etc/vsftpd/user_list
# vsftpd userlist # If userlist_deny=NO, only allow users in this file # If userlist_deny=YES (default), never allow users in this file, and # do not even prompt for a password. # Note that the default vsftpd pam config also checks /etc/vsftpd/ftpusers # for users that are denied. Root Bin Daemon Adm Lp Sync Shutdown Halt Mail News Uucp Operator Games Nobody hv1
- Cm host 192.168.1.200 truy cp ftp server trong tp tin /etc/hosts.deny

# # hosts.deny This file describes the names of the hosts which are # *not* allowed to use the local INET services, as decided # by the '/usr/sbin/tcpd' server. # # The portmap line is redundant, but it is left to remind you that # the new secure portmap uses hosts.deny and hosts.allow.In particular # you should know that NFS uses portmap! vsftpd:192.168.1.200
c) Kim tra s hot ng ca ftp

[root@localhost ~]# host [root@localhost ~]# host ftp.serverlinux.vn ftp.serverlinux.vn is an alias for dns1.serverlinux.vn. dns1.serverlinux.vn has address 192.168.1.3 [root@localhost ~]# pgrep vsftpd 4821
d) Cu hnh iptables cho php ftp c php truy cp qua firewall
- Bng tin ch #setup

root@localhost ~]# /etc/init.d/iptables restart Flushing firewall rules: [OK] Setting chains to policy ACCEPT: nat mangle filter [OK] Unloading iptables modules: [OK] Applying iptables firewall rules: [OK] Loading additional iptables modules: p_conntrack_netbios_n[OK]ntrack_ftp
5.3.4. CU HNH TO NHIU FTP SITE M hnh v yu cu h thng
- Site 1: ftp.serverlinux.vn - Site 2: vftp.serverlinux.vn Hng dn cu hnh a) To IP alias cho vftp site b) Cu hnh ftp site 1: ftp.serverlinux.vn c) Cu hnh ftp site 2: vftp.serverlinux.vn d) Kim tra hot ng 1) Kim tra tin trnh vsftpd 2) Login bng ti khon anonymous v user hv1 hv2 Cc bc thc hin cu hnh a) To ip alias cho vftp site
b) Bng cch vo th mc /etc/sysconfig/network-scripts copy file ifcfg-eth0 thanh ifcfgeth0:0. Sau chnh s tp tin ifcfg-eth0:0 vi ni dung nh sau:
# Advanced Micro Devices [AMD] 79c970 [PCnet32 LANCE] DEVICE=eth0:0 BOOTPROTO=none ONBOOT=yes HWADDR=00:0c:29:d7:6b:ae NETMASK=255.255.255.0 IPADDR=192.168.1.6 GATEWAY=192.168.1.254 TYPE=Ethernet
c) Khi ng li network bng lnh

[root@localhost network-scripts]# /etc/init.d/network restart Shutting down interface eth0: [OK] Shutting down interface eth1: [OK] Shutting down loopback interface: [OK] Bringing up loopback interface: [OK] Bringing up interface eth0: [OK] Bringing up interface eth1: Determining IP information for eth1... done. root@localhost network-scripts]# ifconfig|more eth0 Link encap:EthernetHWaddr 00:0C:29:D7:6B:AEinet addr:192.168.1.3Bcast:192.168.1.255Mask:255.255.255.0 UP BROADCAST RUNNING MULTICASTMTU:1500Metric:1 RX packets:5747 errors:0 dropped:0 overruns:0 frame:0 TX packets:3886 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:5363775 (5.1 MiB)TX bytes:385221 (376.1 KiB) Interrupt:67 Base address:0x2000 eth0:0 Link encap:EthernetHWaddr 00:0C:29:D7:6B:AE inet addr:192.168.1.6Bcast:192.168.1.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICASTMTU:1500Metric:1 Interrupt:67 Base address:0x2000 eth1 Link encap:EthernetHWaddr 00:0C:29:D7:6B:B8 inet addr:172.16.29.121Bcast:172.16.29.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICASTMTU:1500Metric:1 RX packets:26455 errors:0 dropped:0 overruns:0 frame:0 TX packets:6003 errors:0 dropped:0 overruns:0 carrier:0collisions:0 txqueuelen:1000
RX bytes:13022728 (12.4 MiB)TX bytes:509634 (497.6 KiB) Interrupt:67 Base address:0x2080 lo Link encap:Local Loopback inet addr:127.0.0.1Mask:255.0.0.0 UP LOOPBACK RUNNINGMTU:16436Metric:1 RX packets:4801 errors:0 dropped:0 overruns:0 frame:0 TX packets:4801 errors:0 dropped:0 overruns:0 carrier:0collisions:0 txqueuelen:0 RX bytes:5782608 (5.5 MiB)TX bytes:5782608 (5.5 MiB)
d) Bc tip theo vo th mc /etc/vsftpd, copy file vsftpd.conf ra mt tp tin mi c tn ftp_ao.conf bng lnh
#cd /etc/vsftpd #cp vsftpd.confftp_ao.conf
e) Cu hnh site 1 ftp.serverlinux.vn - Cu hnh tp tin /etc/vsftpd/vsftpd.conf nh bn di:

# Allow anonymous FTP? (Beware - allowed by default if you comment this out). anonymous_enable=NO anon_root=/ftproot # # Uncomment this to allow local users to log in. local_enable=YES #thm vo cc dng sau cui file (nu dng no c ri th khng cn phi thm) pam_service_name=vsftpd userlist_enable=YES tcp_wrappers=YES #local_root=public_html use_localtime=YES listen_address=192.168.1.3
- Cu hinh dns v tn min ftp.serverlinux.vn

$TTL 86400 @INSOA dns1.serverlinux.vn. root.serverlinux.vn. ( 2011022700 ; Serial 28800; Refresh 14400; Retry 3600000; Expire 86400 ); Minimum IN NSdns1.serverlinux.vn.
dns1 www mail ftp proxy
IN IN IN IN IN
IN A CNAME CNAME CNAME CNAME
MX 1 dns1.serverlinux.vn. 192.168.1.3 dns1.serverlinux.vn. dns1.serverlinux.vn. dns1.serverlinux.vn. dns1.serverlinux.vn.
f) Cu hnh site vftp.serverlinux.vn - Cu hnh tp tin /etc/vsftpd/ftp_ao.conf

# Allow anonymous FTP? (Beware - allowed by default if you comment this out). anonymous_enable=NO anon_root=/ftproot # # Uncomment this to allow local users to log in. local_enable=YES #thm vo cc dng sau cui file (nu dng no c ri th khng cn phi thm) pam_service_name=vsftpd userlist_enable=YES tcp_wrappers=YES #local_root=public_html use_localtime=YES listen_address=192.168.1.6
- Cu hnh fns v tn min vftp.serverlinux.vn

$TTL 86400 @INSOAdns1.serverlinux.vn. root.serverlinux.vn.( 2011022700 ; Serial 28800; Refresh 14400; Retry 3600000; Expire 86400 ); Minimum IN NSdns1.serverlinux.vn. IN MX 1 dns1.serverlinux.vn. dns1 IN A 192.168.1.3 www IN CNAME dns1.serverlinux.vn. mail IN CNAME dns1.serverlinux.vn. ftp IN CNAME dns1.serverlinux.vn. proxy IN CNAME dns1.serverlinux.vn. vftp IN A 192.168.1.6
g) Kim tra s hot ng - Khi ng named

root@localhost network-scripts]#/etc/init.d/named restart Stopping named: [OK] Starting named: [OK]
- Khi ng vsftpd
root@localhost network-scripts]# /etc/init.d/vsftpd restart Shutting down vsftpd: [OK] Starting vsftpd for ftp_ao: [OK] Starting vsftpd for vsftpd: [OK] root@localhost network-scripts]# pgrep vsftpd 7904 7909 root@localhost network-scripts]# host frp.serverlinux.vn Host frp.serverlinux.vn not found: 3(NXDOMAIN) root@localhost network-scripts]# host ftp.serverlinux.vn ftp.serverlinux.vn is an alias for dns1.serverlinux.vn. dns1.serverlinux.vn has address 192.168.1.3 [root@localhostnetwork-scripts]# host vftp.serverlinux.vn vftp.serverlinux.vn has address 192.168.1.6
5.4.
DCH V WEB
5.4.1. GII THIU WEB SERVER
Apache l mt phn mm c nhiu tnh nng mnh v linh hot dng lm Web Server.
H tr y nhng giao thc HTTP trc y nh HTTP/1.1 C th cu hnh v m rng vi nhng module ca cng ty th ba Cung cp source code y vi Clicense khng hn ch. Chy trn nhiu h iu hnh nh Windows NT/9x, Netware 5.x, OS/2 v trn hu ht cc h iu hnh Unix
5.4.2. THC HNH 1: CU HNH APACHE WEB SERVER M HNH V YU CU BI TP
M HNH HOT NG Khi to http request Kim tra ni dung v ngn ng Kim tra user http basic v digest
Np ti nguyn Xc nh ni dung cu yu cu
Tm kim ti nguyn
Thc thi Kim tra quyn hn ngi dng HNG DN THC HIN a. Chun b ni dung website b. ng k tn web site c. Cu hnh Apache web server d. Khai bo servername o Khai bo DocumentRoot o Khai bo DirectoryIndex e. Reload web service f. Kim tra CC BC THC HIN a) To ni dung trang web
#cat > /var/www/html/index.htm <html> <body> Day la trang web www.serverlinux.vn </body> </html>
Thc thi phng thc HTTP
http response
b) ng tn web site trong tp tin zone thun ca DNS

[root@localhost named]# vi serverlinux.thuan $TTL 86400 @ IN SOA dns.serverlinux.vn. root.serverlinux.vn. ( 2011042700 ; Serial 28800 ; Refresh 14400 ; Retry 3600000 ; Expire 86400 ) ; Minimum IN NS dns.serverlinux.vn. IN MX 10 mail.serverlinux.vn. dns IN A 192.168.1.17 www IN A 192.168.1.18 mail IN A 192.168.1.19 ftp IN CNAME mail.serverlinux.vn. proxy IN CNAME mail.serverlinux.vn.
c) Kim tra host www.serverlinux.vn

[root@localhost named]# /etc/init.d/named restart Stopping named: [ OK ] Starting named: [ OK ] [root@localhost named]# [root@localhost named]# host www.serverlinux.vn www.serverlinux.vn has address 192.168.1.18
d) Cu hnh /etc/httpd/conf/httpd.conf
#Thay i dng 265: ServerName www.serverlinux.vn:80 # Cu hnh tn my tnh (hostname) ca server. N c dng trong vic to ra nhng URL chuyn tip (redirection URL). Nu khng ch ra, server s c gng suy lun t a ch IP ca n. Tuy nhin, iu ny c th khng tin cy hoc khng tr ra tn my tnh ng. #Thay i dng 262 ServerAdmin root@serverlinux.vn # ServerAdmin: a ch Email ca ngi qun tr #Thay i dng 292 DocumentRoot /var/www/html # Cu hnh th mc gc lu tr ni dung ca Website. Web Server s ly nhng tp tin trong th mc ny phc v cho yu cu ca client. ServerRoot /etc/httpd #Ch nh v tr ci t chng trnh Apache. Listen 80
#Qui nh a ch IP hoc cng m Apache nhn kt ni t client, mc nh h thng s dng mi a ch ip trn card mng v s hiu cng l 80. BindAddress 192.168.1.18 TimeOut 300 # Qui nh thi gian tn ti (sng) ca mt kt ni (c tnh bng giy) mt khi client kt ni vo Web server. #Thay i dng 76 KeepAlive On #Cho php hoc khng cho php client gi c nhiu yu cu da trn mt kt ni vi Web Server. #Thay i dng 83 MaxKeepAliveRequests 100 #S Request ti a trn mt kt ni (nu cho php nhiu Request trn mt kt ni). #Thay i dng 89 KeepAliveTimeout 15 #Qui nh thi gian ch cho mt yu cu (request) k tip t mt client trn cng mt kt ni (c tnh bng giy). # Qui nh c ch lin kt a ch IP vi cng ng dng cho Web server. #Thay i dng dng 402: DirectoryIndex index.html index.html.var index.htm index.php
e) Khi ng li dch v httpd

[root@WEBServer conf]# /etc/init.d/httpd Stopping httpd: Starting httpd: [root@WEBServer conf]# chkconfig http [ [ on restart OK ] OK ]
f) Truy cp vo web server vi a ch http://serverlinux.vn
5.4.3. THC HNH 2: CU HNH WEB NG PHP MYSQL Trong phn ny ta s tm hiu cch cu hnh mt website h tr Web ng PHP s dng c s d liu MySQL. Trong phn ny ta ch ci t PHP, MySQL v bit cch cu hnh Website h tr ngn ng PHP. Kim tra phn mm httpd ci t hay cha
[root@localhost ~]# rpm -qa httpd httpd-2.2.15-5.el6.centos.i686 [root@localhost ~]# rpm -qa php php-5.3.3-3.el6_1.3.i686 [root@localhost ~]# rpm -qa mysql mysql-5.1.52-1.el6_0.1.i686
Ci t php Ci t PHP bng ty chn YUM: #yum y install php*

[root@localhost ~]# yum -y install php* Resolving Dependencies --> Running transaction check ---> Package unixODBC.i686 0:2.2.14-11.el6 set to be updated --> Finished Dependency Resolution Dependencies Resolved ===================================================================== Package Arch Version Repository Size ===================================================================== Installing: php-bcmath i686 5.3.3-3.el6_1.3 updates 32 k php-dba i686 5.3.3-3.el6_1.3 updates 38 k php-devel i686 5.3.3-3.el6_1.3 pdates 505 k Transaction Summary ===================================================================== Install 27 Package(s) Upgrade 0 Package(s) Total download size: 6.3 M Installed size: 21 M Downloading Packages: (1/27): aspell-0.60.6-12.el6.i686.rpm | 629 kB 00:00 (27/27): unixODBC-2.2.14-11.el6.i686.rpm | 382 kB 00:00 --------------------------------------------------------------------Total 1.2 MB/s | 6.3 MB 00:05
Running rpm_check_debug Running Transaction Test Transaction Test Succeeded Running Transaction Installing : 1:php-pear-1.9.0-2.el6.noarch 1/27 . libtidy.i686 0:0.99.0-19.20070615.1.el6 recode.i686 0:3.6-28.1.el6 unixODBC.i686 0:2.2.14-11.el6 Complete!
Cu hnh/etc/httpd/conf/httpd.conf - DirectoryIndex index.htm index.php - AddType application/x-httpd-php.php - Khi to li dch v httpd v kim tra To d liu PHP v chp vo th mc /var/www/html a) To trang index.htm
<html> <body> <form action="welcome.php" method="post"> Name: <input type="text" name="name"/> Age: <input type="text" name="age" /> <input type="submit" /> </form> </body> </html>
Trang ny cung cp hai input field v nt submit ngi dng in thng tin tn, tui, sau submit gi n file welcome.php hin th kt qu. To trang welcome.php
<html> <body> Welcome <?php echo $_POST["name"]; ?>.<br /> You are <?php echo $_POST["age"]; ?> years old. </body> </html>
b) Thm hai ty chn trong cu hnh /etc/httpd/conf/httpd.conf
#Thay i dng 402 DirectoryIndex index.html index.php #Thay i dng 765 AddType application/x-httpd-php.php
c) Khi to li dch v httpd v kim tra

#service httpd restart
5.4.4. THC HNH 3: CU HNH WEB SERVERCHNG THC BASIC C s l thuyt
i vi nhng thng tin cn bo mt, khi c yu cu truy xut thng tin ny, Web Server phi chng thc nhng yu cu ny c hp l hay khng. Thng thng, thng tin chng thc bao gm username v password. Nguyn tc hot ng:
Nu mt ti nguyn c bo v vi s chng thc. Apache s gi mt yu cu 401 Authentication thng bo cho ngi dng nhp vo username v password ca mnh. Nhn c yu cu ny, client s tr li 401 n server trong c cha username v password. Server s kim tra nhng thng s ny khi nhn c. Nu hp l server s tr v nhng thng tin yu cu, ngc li n s tr v mt thng bo li. Username v password bn cung cp ch c tc dng trong ln giao dch ca browser vi server lc . Nu ln sau truy cp li website ny, bn phi nhp li username v password. Song song vi tr li 401, ton b thng tin s tr ngc li cho client. Trong nhng trng hp ring bit, server s cp li cho client mt th chng thc bo v website. Th ny c gi l realm hay l mt tn chng thc. Browser s lu li username v password m bn cung cp cng vi realm. Nh th, nu truy cp nhng ti nguyn khc m c cng realm, username v password th user khng cn nhp tr li nhng thng tin chng thc. Thng thng, vic lu tr ny ch c tc dng trong giao dch hin hnh ca browser. Nhng cng c mt vi browser cho php bn lu chng mt cch c nh bn chng bao gi nhp li username v password.
Cc bc cu hnh chng thc:
- Bc 1: To tp tin password, tp tin password cn phi to trn Server. Tin ch htpasswd gip to tp tin password mt cch d dng. Cch s dng tin ch nh sau: #htpasswd
V d 5.4.1:
-c <v_tr_tp_tin_password><username>
# htpasswd -c /etc/httpd/conf/passwords rbowen New password: mypassword Re-type new password: mypassword
Ty chn c s to mt tp tin password mi. Nu tp tin ny tn ti n s xa ni dung c v ghi vo ni dung miti th mc gc ca apache - Bc 2: Cu hnh s chng thc trn Apache:
<Directory /upload> EnablePut On AuthType Basic AuthName Temporary AuthUserFile /etc/httpd/conf/passwd EnableDelete Off umask 007 <Limit PUT> require user rbowen sungo </Limit> </Directory>
- Bc 3: To tp tin group, Apache h tr thm tnh nng nhm ngi dng. Ngi qun tr c th to nhng nhm ngi dng c php truy cp n ti nguyn. nh dng ca tp tin group:<tn nhm>: user1 user2 user3 usern
V d 5.4.2:authors: rich daniel allan
- Sau khi to tp tin nhm, bn cn cu hnh apache ch ra tp tin nhm ny bng nhng directive sau:
<Directory /upload> AuthType Basic AuthName "Apache Admin Guide Authors" AuthUserFile /etc/httpd/conf/passwords AuthGroupFile /etc/httpd/conf/groups Require group authors </Directory>
M hnh v yu cu bi tp
PDA
client Laptop
INTERNET Site
Apache Web Server 192.168.1.18 Publish ti nguyn /usr/share/doc cho ngi dng hv1 c quyn truy cp qua trnh duyt web PC client
Hng dn cu hnh - Cu hnh Apache web server o Khai bo Virtual Dir o Cu hnh chng thc Basic - Reload web service - Kim hot hot ng Cc bc cu hnh Bc 1: Cu hnh /etc/httpd/conf/httpd.conf. Thm vo mt s code nh bn di:
Alias /tailieu"/user/share/doc" <Directory /usr/share/doc> AuthTypeBasic AuthNameChung_thuc_Basic AuthUserFile/etc/httpd/conf/password Require user hocvien sinhvien Options Indexes MultiViews Order allow,deny Allow from all </Directory>
Gii thch: - AuthType: khai bo loi authentication s s dng. Trong trng hp ny l Basic - AuthName: t tn cho s chng thc.
- AuthUserFile: Ch nh v tr ca tp tin password. - AuthGroupFile: Ch nh v tr ca tp tin group. - Require: nhng yu cu hp l c cho php truy cp ti nguyn. Bc 2:Khi ng li dch v httpd
[root@webserver conf]# /etc/init.d/httpd restart Stopping httpd: [OK] Starting httpd: [OK]
Bc 3: To ti khon sinh vin v to chng thc

[root@webserver conf]# useradd sinhvien [root@webserver conf]# passwd sinhvien Changing password for user sinhvien. New UNIX password: BAD PASSWORD: it is too simplistic/systematic Retype new UNIX password: passwd: all authentication tokens updated successfully. [root@webserver conf]# htpasswd -c /etc/httpd/conf/password sinhvien New password: Re-type new password: Adding password for user sinhvien
Bc 4: Khi ng li dch v mng

[root@dns html]# /etc/init.d/httpd restart Stopping httpd: [OK] Starting httpd: [OK]
Bc 5: truy cp trang web serverlinux.vn
[root@webserver conf]# lynx http://serverlinux.vn/tailieu
5.4.5. CU HNH CHNG THC DIGEST C s l thuyt
Digest authentication cung cp mt phng php bo v ni dung web mt cch lun phin. Digest authentication c cung cp bi module mod_auth_digest, vi phng php ny tn user v mt khu s khng c gi dng plain text m chng c m ha (thng qua thut ton MD5).
M hnh v yu cu bi tp
Hng dn thc hin a) Cu hnh apache web server 1) Khai bo virtual dir 2) Cu hnh chng thc Digest b) Reload web service c) Kim tra
Thc hin cu hnh a) Bc 1: Cu hnh /etc/httpd/conf/httpd.conf. Thm vo mt s code nh bn di:
b) Bc 2:Khi ng li dch v httpd

c) Bc 3: to ti khon hocvien
[root@dns html]# useradd hv1 [root@dns html]# passwd hv1 Changing password for user hv1. New UNIX password: BAD PASSWORD: it is too simplistic/systematic Retype new UNIX password: passwd: all authentication tokens updated successfully.
d) Bc 4: To mt khu chng thc truy cp h thng webserver cho user hocvien

[root@dns conf]#htdigest -c /etc/httpd/conf/dpassword private hv1 Adding password for hv1 in realm private. New password: Re-type new password:
e) Bc 5: Khi ng li dch v mng

5.4.6. CU HNH HOSTING WEBSITE M hnh v yu cu bi tp
Hng dn thc hin a. Cu hnh Apache web server 1) Khai bo NameVirtualHost 2) Khai bo Virtualhost b. Reload web service c. Kim tra Cc bc thc hin a) Khai bo DNS Server
$TTL86400 @ IN SOA dns1.serverlinux.vn.root. 2011022700 ; Serial 28800; Refresh 14400; Retry 3600000; Expire 86400 ); Minimum dns1.serverlinux.vn. serverlinux.vn. (
IN
NS
dns1 IN www IN mail IN ftp IN proxy IN www.pcm www.itdep
IN A A CNAME CNAME CNAME IN IN
MX 10dns1.serverlinux.vn. 192.168.1.17 192.168.1.18 dns.serverlinux.vn. dns.serverlinux.vn. dns.serverlinux.vn. A 192.168.1.18 A 192.168.1.18
b) Khi ng DNS Server

[root@localhost ~]# /etc/init.d/named restart Stopping named: Starting named: [root@localhost ~]# chkconfig named on [ [ OK OK ] ]
c) Kim tra hot ng ca host dns

[root@DNS conf]# host www.itdep.serverlinux.vn www.itdep.serverlinux.vn is an alias for dns.serverlinux.vn. dns.serverlinux.vn has address 192.168.1.17 [root@DNS conf]# host www.pcm.serverlinux.vn www.pcm.serverlinux.vn is an alias for dns.serverlinux.vn. dns.serverlinux.vn has address 192.168.1.17 [root@DNS conf]# host www.serverlinux.vn www.serverlinux.vn is an alias for dns.serverlinux.vn. dns.serverlinux.vn has address 192.168.1.17
d) To th mc VirtualHost
[root@DNS conf]#mkdir /webhosting [root@DNS conf]#mkdir /webhosting/pcm/webhosting/itdep [root@DNS conf]vi /webhosting/pcm/index.html <html> <body> Day la trang web www.pcm.serverlinux.vn </body> </html> [root@DNS conf]vi /webhosting/ itdep/index.html <html> <body> Day la trang web www.itdep.serverlinux.vn
</body> </html>
e) Phn quyn cho cc th mc [root@DNS conf]chmod 777 /webhosting/pcm/index.html/webhosting/itdep/index.html
f) Cu hnh virtual host trong /etc/http/conf/httpd.conf

NameVirtualHost 192.168.1.17 # .. #<VirtualHost *:80> #ServerAdmin webmaster@dummy-host.example.com #DocumentRoot /www/docs/dummy-host.example.com #ServerName dummy-host.example.com #ErrorLog logs/dummy-host.example.com-error_log #CustomLog logs/dummy-host.example.com-access_log common #</VirtualHost> <VirtualHost 192.168.1.17> DocumentRoot /var/www/html ServerName www.serverlinux.vn </VirtualHost> <VirtualHost 192.168.1.17> DocumentRoot /webhosting/pcm ServerName www.pcm.serverlinux.vn </VirtualHost> <VirtualHost 192.168.1.17> DocumentRoot /webhosting/itdep ServerName www.itdep.serverlinux.vn </VirtualHost>
g) Khi ng httpd
[root@DNS conf]# /etc/init.d/httpd restart Stopping httpd: [OK] Starting httpd: [OK] [root@DNS conf]# chkconfig httpd on
h) Truy cp vo web server http://serverlinux.vn
i) Truy cp vo web server http://pcm.serverlinux.vn
j) Truy cp vo web server http://itdep.serverlinux.vn
5.4.7. CU HNH PUBLISH TI NGUYN WEB M hnh v yu cu bi tp
Hng dn thc hin a. To virtual Directory b. Khai bo Alias c. Ch nh quyn hn d. Reload web service e. Kim tra hot ng ca http://serverlinux.vn/tailieu a) Kim tra hot ng ca trang web http://serverlinux.vn/
b) Cu hnh Alias trong tp tin cu hnh /etc/httpd/conf/httpd.conf

Alias /icons/ "/var/www/icons/" <Directory "/var/www/icons"> Options Indexes MultiViews AllowOverride None Order allow,deny Allow from all </Directory> Alias /tailieu/soft <Directory /soft> Options Indexes MultiViews Order allow,deny Allow from all </Directory>
c) Khi ng li web service

[root@localhost ~]# /etc/init.d/httpd restart Stopping httpd: [OK] Starting httpd: [OK]
d) T windows truy cp vo trang http://www.serverlinux.vn/tailieu
e) Gii hn truy cp
a. cm truy cp vo th mc tailieu, chng ta tin hnh b bt dngOptions Indexes MultiViews trong tp tin cu hnh httpd.conf nh bn di:
Alias /icons/ "/var/www/icons/" <Directory "/var/www/icons"> Options Indexes MultiViews AllowOverride None Order allow,deny Allow from all </Directory> Alias /tailieu/soft <Directory /soft> #Options Indexes MultiViews Order allow,deny Allow from all </Directory>
f) Khi ng li web service

[root@localhost ~]# /etc/init.d/httpd restart Stopping httpd: [OK] Starting httpd: [OK]
g) T windows truy cp vo trang http://www.serverlinux.vn/tailieu
5.4.8. TO WEBSITE CHO NGI DNG M hnh v yu cu bi tp
Hng dn thc hin b. To userdir 1) Khai bo UserDir 2) Cp quyn hn truy cp c. Reload web service d. Kim tra hot ng ca trang web Cc bc thc hin a) Bc 1: Kim tra hot ng ca trang web http://www.serverlinux.vn
b) Bc 2: Cu hnh tp tin httpd.conf cho php to trang web c nhn cho user. Thm vo cc dng nh bn di:
Dng 355 i thnh: UserDir www Thm vo code t dng 384 n dng 295 <Directory /home/*/www> AllowOverride FileInfo AuthConfig Limit Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec <Limit GET POST OPTIONS> Order allow,deny Allow from all </Limit> <LimitExcept GET POST OPTIONS> Order deny,allow Deny from all </LimitExcept> </Directory>
c) Bc 3: To cc user hv1 v hv2 bng cc cu lnh nh bn di:

[root@localhost ~]# useradd hv1 [root@localhost ~]# passwd hv1 Changing password for user hv1. New UNIX password: BAD PASSWORD: it is WAY too short Retype new UNIX password: passwd: all authentication tokens updated successfully. [root@localhost ~]# useradd hv2 [root@localhost ~]# passwd hv2 Changing password for user hv2. New UNIX password: BAD PASSWORD: it is WAY too short Retype new UNIX password: passwd: all authentication tokens updated successfully.
d) Bc 4: To trang web c nhn trn user hv1 - To th mc www:

[hv1@Webserver ~]$ mkdir www [hv1@Webserver ~]$ ls bootstat.dat explorer.scf history.txt explorer.exe FaxSetup.log index.html
JRE32.dll www
To tp tin www/index.html
[hv1@Webserver ~]$vi index.html
<html> <body> Day la trang web cua user hv1 </body> </html>
Phn quyn truy cp
#chmod 711 /home/* #chmod 755 /home/hv1/www.index.html
e) Bc 5: Truy cp vo trang web http://www.serverlinux.vn/~hv1
f) Bc 6: Lm tng t cho user hv2 5.4.9. THC HNH 4: THIT LP FORUM S DNG PHP V MYSQL Ci t MyBB Gi m ngun m c cung cp hon ton min ph ti trang ch www.mybb.com,tnh n thi im vit chuyn ny MyBB c phin bn 1.6 vi dung lng nn 1,78MB. ti gi m ngun, bn nhn vo lin kt Download Now> ri nhn tip Download Now MyBB 1.6
Ngay sau khi ti v, bn bm chut phi vo tp tin mybb_1600.zip chn Extract Here. Khi , trong th mc s xut hin hai th mc con Upload v Documentation, bn hy i tn th mc
Uploadthnh diendan (c th thnh cc tn khc cng c nhng phi thng nht cho c qu trnh ci t) v sao chp, dn n vo th mc www ca Appserv.
Khi ng IE ri nhp vo ng dn localhost/diendan/install/index.php, nhn Enter. Qu trnh ci t MyBB s tri qua 11 bc, bn nhn nt Next bc u tin, ri xem qua mt s quy nh s dng m ngun bc hai, nhn Next. K n: Bc Requirements Check (bc 3): MyBB s kim tra cc yu cu cc thng s nh: tp tin config.php c th ghi vo khng (Configuration File Writable), th mc Cache, File Uploads, Avatar Uploads c th ghi khng (Cache-File Uploads-Avatar Uploads Directory Writable), nhn Next.
Bc Database Configuration: y l bc quan trng, cn phi in y v chnh xc cc thng tin. Gm c: Database Engine (loi c s d liu nn dng MySQL Improved), Database Server Hostname (mc nh l localhost), Database Username (nhp vo root), Database Password (mt khu), Database Name (tn c s d liu, nh to l forummybb), Table Prefix (tin t ng trc mi bng trong c s d liu), Table Encoding (gi mc nh). Khi xong nhn Next chuyn sang bc k tip.
Bc Table Creation s kt ni v to bng c s d liu, nhn Next. Bc Data Insertion thng bo vic to bng, a d liu c bn vo c s d liu thnh cng, nhn Next tip tc.
Bc Theme Installation thng bo cc ch v mu giao din mc nh c ci t, nhn Next. Bc Board Configuration: Bn a ra cc thit lp c bn v din n: Forum name (nhp vo tn din n), Website name (c th trng hoc nhp ty ), Website URL (a ch website), Contact Email (a ch th in t dng MyBB lin h khi ci t thnh cng, th ch c gi khi ci t trn hosting). Cc thit lp ny c th thay i sau khi ng nhp vo Admin Control Panel.
Bc Administrator User: Bn in cc thng tin v ngi qun tr din n Username (tn ti khon), Password (mt khu qun tr), Retype Password (nhp li mt khu), Email
Address (a ch th in t). Lu , bo mt ti khon qun tr trnh s dng cc t Administrator hoc Admin.
Bc Finish Setup: y l bc cui cng ca qu trnh ci t, bn s thy thng bo Your copy of MyBB has successfully been installed and configured correctly cho bit ci t thnh cng. By gi, bn c th nhn vo lin kt MyBB truy cp ngay vo din n hoc nhn vo lin kt Admin Control Panel vo trang qun tr din n.
Lu , k t bc 3, vic ci t trn hosting s c mt s khc bit trn localhost, s c gii thiu cc phn tip theo.
Qun l chuyn mc din n Khi ci t xong, bn c mt din n ti a ch http://localhost/diendan v vic cn lm l phi thit k li theo phong cch ca mnh. truy cp vo ti khon qun tr, bn truy cp vo http://localhost/diendan/admin/index.php ri nhp vo Username (tn ng nhp) v Password (mt khu).
Ngoi ra cn c cch ng nhp khc l bn truy cp vo din n, nhn lin kt Login bn di biu tng MyBB> nhp vo ti khon qun tr > nhn nt Login. trang hin ra, bn nhn vo lin kt Admin CP, ri nhp li ti khon qun tr mt ln na (gm c tn ng nhp v mt khu).
Giao din trang qun l kh thn thin v n gin gm c cc menu ngang Home (trang ch ca Admin CP), Configuration (cc tnh nng thay i thit lp din n), Forums & Posts (qun l chuyn mc v bi vit), Users & Groups (qun l thnh vin v nhm ngi dng), Templates & Style (qun l giao din), Tools & Maintenance (nhm cc cng c khc).
Qun l chuyn mc v bi vit - Vn c xem l quan trng bc nht ca din n c tnh cht quyt nh n s lng khch truy cp, chnh l ni dung. Do , bn cn xy dng cc chuyn mc v sp xp chng sao cho ph hp, tin li nht cho ngi xem, l rt cn thit. Vi tnh nng Forums & Posts, bn s d dng qun l tt c cc chuyn mc, chuyn mc con v bi vit trn din n mt cch hiu qu nht. - thc hin, bn nhn vo menu Forums & Posts ri nhn nt Options (pha sau ch My Caterogy) > chn Edit Forum thay i.
trang mi hin ra, bn i li tiu ca nhm chuyn mc ny ti Title (chng hn i My Category thnh V chng ti), nhp vi li ch thch ngn ti khung Description, cc thng tin cn li gi nguyn, ri nhn nt Save Forum cui trang. Khi xong, bn cng thc hin tng t i vi chuyn mc My Forum.
To nhm chuyn mc mi - Ngoi nhm chuyn mc V chng ti, bn c th thm nhiu nhm chuyn mc khc, bng cch nhn vo th Add New Forum (cnh th Forum Management). Trong khung Add New Forum, bn chn Category mc Create to, nhp tiu ti Title, ch thch ngn ti Description, Parent Forum (v to nhm chuyn mc nn gi nguyn gi tr None), Display Order (th t hin th, nhp s 2).
V cc thit lp phn quyn bn di c gi nguyn, v nhm chuyn mc khng cn thit lm. Khi xong, bn nhn Save Forum.
To chuyn mc v chuyn mc con - Sau khi to nhm chuyn mc, bn cn to ra cc chuyn mc thuc mi nhm. Bn cng nhn Add New Forum to chuyn mc nhng chn Forum mc Create to v chn nhm chuyn mc cha n ti trng Parent Forum. - K n, bn cn phn quyn hot ng ca chuyn mc cho cc nhm i tng truy cp vo din n Guest (khch), Registered (thnh vin), Super Moderators (iu hnh vin chnh), Administrator (qun tr vin), Awaiting Activation (thnh vin ang ch kch hot), Moderators (iu hnh vin), Banned (i tng b cm), xong nhn Save Forum.
Ngoi ra, bn nhn vo lin kt Show Additional Options thm vo nhng thit lp khc. Trong s c mt thit lp ng quan tm nh Forum Password (mt khu truy cp vo
chuyn mc, cc nhm thnh vin cng phi c mt khu ny mi vo c), Forum is Active (nu khng chn th ngi dng s khng xem c chuyn mc), Forum is Open (nn khng chn th ngi dng khng th ng bi), Moderation Options (thit lp kim duyt ni dung mi).
Ring i vi mc Forum Rules s gip bn a ra ni quy s dng din n cc thnh vin bit v thc hin. Bn chn cc hnh thc hin th ni quy trng Display Method: Dont display rules for this forum (khng hin thi ni quy ti chuyn mc ny), Display rules for this forum on the thread listing (hin th ni quy trong danh sch ch ), Display a link to the rules for this forum (hin th tiu lin kt n ni quy chuyn mc). Bn nhp tiu vo Title, ni quy chuyn mc vo khung Rules.
Qun l bi vit, tp tin nh km - Khi thit lp Moderation Options c kch hot th cc thnh vin ng bi u phi chu s kim duyt ca qun tr vin hay iu hnh vin chnh. Danh sch cc ch mi c hin th ti mc Moderation Queue, ca s bn phi gm c ba th qun l Threads (ch ch duyt), Posts (bi vit ch duyt) v Attachments (cc tp tin nh km ch duyt).
Trong khung Threads Awaiting Moderation, bn s c cung cp cc ct thng tin Subject (ch ), Author (tc gi), Posted (thi gian ng bi). mi ch ch duyt s c ba la chn: Ingore ( lc khc kim duyt), Delete (xa ch ), Approve (cho php ng ch ), xong nhn Perform Actions thc hin tin trnh. Ngoi ra, nu bn mt x l tt c cc ch cng lc th c th nhn Mark all as ingored (hoc Mark all as delection hoc Mark all as approved).
Cn i vi cc tp tin nh km, bn chuyn sang th Attachments ri cng thc hin cc thao tc tng t. Lu , vic cho php ng mt ch s khng lin quan n tp tin nh km ca ch , tc l tp tin nh km vn cn nm trong danh sch ch duyt.
Qun l giao din din n - Mt yu t khc dn n s thnh cng ca mt din n l c giao din p, thn thin v bt mt. MyBB cung cp cho ngi dng nhm tnh nng Templates & Style gip d dng qun l v thay i giao din. ng thi, ti y cn cung cp mt th vin nhiu mu giao din p, ang c nhiu thnh vin ca MyBB s dng. Ci t giao din mi - u tin, bn nhn vo menu Templates & Style v nhn chn th Browses Theme pha di.
Trong danh sch cc Themes hin ra, bn xem hnh hin th mu v nhn Download nu thch giao din . Ngoi nhng mu , bn cn c th tm thy cc mu khc ti a ch http://mods.mybb.com/themes. Ti y, bn nhn vo tn mu (v d Ajdija.com v3 Public Green) ri nhn vo lin kt Download, nhn nt I agree ti v tp tin nn dng zip.
Mi mu giao din c cch ci t khc nhau ty theo tc gi ca mu . Thng thng, sau khi ti v bn gii nn tp tin vo th mc diendan\images ca Appserv. i vi mu ny, bn s thy hai th mc groups, images v tp tin Ajdija.com v3 Public Greentheme.xml (cng bn tp tin dng text khc dng cung cp thng tin, hng dn ci t mu).
Bn hy m tp tin installation.txt xem qua hng dn ca tc gi. Theo hng dn ny, bn cn sao chp cc tp tin v th mc con trong th mc images sau khi gii nn vo th mc image ca din n. Nu c tp tin trng tn th bn nhn Yesto all hp thoi hin ra xc nhn vic ghi .
ci t, bn quay li giao din MyBB Admin Control Panel, nhn chn th Import a Theme ca mc Templates & Style. Trong khung Import a Theme, bn nhn nt Browse ca mc Local File duyt n tp tin Ajdija.com v3 Public Green-theme.xml, t tn cho giao din mi mc New Name (c th b qua, MyBB s s dng tn ca mu giao din ), gi nguyn cc mc cn li, nhn nt Import Theme.
Trang tip theo hin ra yu cu bn chnh sa giao din trc khi a vo s dng. Bn c th thay i cc thuc tnh khung Edit Theme Properties, gm Name (tn giao din), Parent Theme (chn nhm giao din ph thuc), Allowed User Groups (cho php mt nhm thnh vin no s dng), Editor Style (giao din ca s son tho bi vit), Board Logo (hnh i din ca din n, c th i ng dn hoc i tp tin), , nhn Save Themes Properties thay i c hiu lc.
Nu mun s dng giao din va ci t lm giao din mc nh th bn nhn vo biu tng mi tn mu xanh pha sau tn giao din . Lu , khi chn giao din mc nh th giao din c s dng chung cho tt c cc nhm thnh vin, mc d trc c thit lp ch cho php hin th i vi mt nhm no .
T to b ci t giao din - MyBB cn c mt tnh nng c o l gip ngi dng t thit k giao din. Cnh th Theme, bn nhn chn th Create New Theme ri nhp tn giao din mun to Name, chn giao din cha n trng Parent Theme, nhn Create New Theme.
Ti th Edit Stylesheets, bn cn chnh sa nhng tp tin c nh dng css (global.css, usercp.css, modcp.css, star_racings.css, showthread.css). Minh ha vi tp tin global.css, bn nhn nt Options> chn Edit Style.
trang mi hin ra, c hai hnh thc chnh sa Simple Mode (n gin)v Advanced Mode (nng cao, chnh sa trc tip trn cc on m css). i vi hnh thc Simple Mode, bn chn mc trng Selector ri thay i cc gi tr trong khung bn di: Background (mu nn), Color (mu), Width ( rng), Font Family (nhm font mun dng), Font Size (kch thc ch), Font Style (kiu ch), , xong nhn Save Changes (hoc Save Changes & Close).
Cng vic cui cng l cn xut bn tp tin xml, bn chuyn sang th Export Theme, gi nguyn cc la chn khung Export Theme> nhn nt Export Theme> chn ni lu tr tp tin Maugiaodien-theme.xml.
Vit ha giao din - Trong gi ci t ca MyBB ch cha duy nht mt ngn ng l ting Anh (English). Bn c th t mnh chnh sa giao din ting Anh thnh ting Vit. thc hin, bn vo menu Configuration ri nhn vo mc Languages khung bn phi. Trong khung Installed Language Packs, bn nhn nt Options > chn Edit with English (American).
Trong trang mi hin ra s c hai loi giao din bn chnh sa ngn ng, l giao din bnh thng ca din n (Front End), giao din bng iu khin ca ngi qun tr (Admin CP). i vi khung Front End, bn nhn vo lin kt Edit mi module, v d module forumdisplay.lang.php.
Khi , bn ch vic nhp vo cc tng ng nhng t hoc cm t ting Vit theo tng thit k din n ca mnh. Nu ch n thun l dch th c th s dng cng c Google Translate dch cc cm t ting Anh sang ting Vit. Khi xong, bn nhn Save Language File. Cnh th Language Files, bn nhn chn th Quick Phrases chnh sa ngn ng cc trng ng k thnh vin v mt s trng thng bo khc.
Hin ti trn Internet c rt nhiu gi ngn ng ting Vit c ngi dng to ra, bn c th ti gi ngn ng c t l Vit ha trn 95% ti a ch http://tonghop24.com/home/. Sau khi gii nn, bn cn sao chp th mc vietnamese v tp tin vietnamese.php trong th mc LangVietFull_2.1 vo th mc \inc\languages ca din n. Khi xong, bn quay li giao din Admin Control Panel v kim tra trong khung Installed Language Packs s xut hin mc Vietnamese.
thit lp ting Vit lm ngn ng mc nh ca din n, bn nhn Settings bn di ch Configuration ri tm trong khung Board Settings mc Genaral Configuration.
Trang tip theo hin ra, bn tm n mc Default Language trong khung bn phi, nhn vo nt x xung chn Vietnamese, nhn Save Settings cui trang hon tt. Ngoi ra, cc tnh nng khung ny gip chnh sa nhng thng tin c bn v din n m trong lc ci t bn khai bo sai hoc thiu st.
Vic qun l din n vi cc tnh nng c bn nh nu s gip bn c mt din dn chuyn nghip. V sau lot bi ny, nu c yu cu thm th ti s gii thiu n cc bn mt s tnh nng qun l nng cao, gip din n hot ng tt hn.
5.5.
CU HNH INTERNET
5.5.1. CU HNH CHIA S INTERNET M hnh v yu cu bi tp
M hnh hot ng
Reply webpage from yahoo.com
ADSL Router pc Cache objects 192.168.2.0/24
www.yahoo.com
pc
Hng dn thc hin a) Kim tra ci t squid

[root@Webserver etc]# rpm -qa|grep squid
b) Ci t squid bng yum hoc rpm

[root@linux ~]# yum -y install squid Hoc ci t file nhi phn bng RPM [root@linux ~]# rpm -ivh squid-3.1.10-1.el6_1.1.i686.rpm
c) Cu hnh squid
[root@prox ~]#vi /etc/squid/squid.conf acl CONNECT method CONNECT # Thm dng 31: add ( define new ACL ) acl lan src 10.0.0.0/24 http_access allow localhost # Thm dng 59: add ( allow defined ACL above ) http_access allow lan # Chnh sa dng 64: change http_port 8080 # Thm vo di cng cc dng sau: request_header_access Referer deny all request_header_access X-Forwarded-For deny all request_header_access Via deny all request_header_access Cache-Control deny all # Thm vo (specify hostname) visible_hostname prox.serverlinux # Thm vo (hide IP address) forwarded_for off [root@prox ~]#/etc/rc.d/init.d/squid start Starting squid: [ OK ] [root@prox ~]#chkconfig squid on
d) Kim tra hot ng ca squid

[root@Webserver etc]# squid -z 2011/10/24 12:04:09| Creating Swap Directories [root@Webserver etc]# /etc/init.d/squid restart Stopping squid: [FAILED] Starting squid: . [ OK ]
5.5.2. GII HN KT NI INTERNET
Hng dn thc hin a. Ci t squid b. Cu hnh squid 1) Khai bo ACL src 2) Khai bo ACL dstdomain c. Apply ACL d. Kim tra hot ng Cc bc thc hin a) Ci t squid
[root@localhost ~]# yum -y install squid Hoc ti phn mm squid dng nh phn v ci t bng RPM [root@localhost ~]# rpm ivh squid-3.1.10-1.el6_1.1.i686.rpm
b) Cu hnh squid
[root@prox ~]#vi /etc/squid/squid.conf acl CONNECT method CONNECT # Thm dng 31: add ( define new ACL ) acl lan src 10.0.0.0/24 http_access allow localhost # Thm dng 59: add ( allow defined ACL above ) http_access allow lan # Chnh sa dng 64: change http_port 8080 # Thm vo di cng cc dng sau: request_header_access Referer deny all request_header_access X-Forwarded-For deny all request_header_access Via deny all request_header_access Cache-Control deny all # Thm vo (specify hostname) visible_hostname prox.serverlinux # Thm vo (hide IP address) forwarded_for off
c) Khi ng squid
[root@prox ~]#/etc/rc.d/init.d/squid start Starting squid: [ OK ] [root@prox ~]#chkconfig squid on
d) Truy cp web server
5.5.3. KIM SOT THI GIAN TRUY CP INTERNET
Hng dn thc hin a. Cu hnh squid 1) Khai bo ACL time 2) Apply ACL time b. Cu hnh squid cm truy cp
# should be allowed acl localnet src 10.0.0.0/8 acl localnet src 172.16.0.0/12 acl localnet src 192.168.0.0/16 acl localnet src fc00::/7 acl localnet src fe80::/10 machines # # # # # RFC1918 possible internal network RFC1918 possible internal network RFC1918 possible internal network RFC 4193 local private network range RFC 4291 link-local (directly plugged)
acl thoigian time MTWHF 7:30-17:30 http_access deny !thoigian acl out_networks src 172.16.1.0/24 http_access deny out_networks
a) Khi ng squid
b) Cu hnh squid cho php truy cp

# should be allowed acl localnet src 10.0.0.0/8 # RFC1918 possible internal network acl localnet src 172.16.0.0/12 # RFC1918 possible internal network acl localnet src 192.168.0.0/16 # RFC1918 possible internal network acl localnet src fc00::/7 # RFC 4193 local private network range acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged) machines acl thoigian time MTWHF 7:30-17:30 http_access deny !thoigian acl out_networks src 172.16.1.0/24 http_access allow out_networks
c) Khi ng squid
d) Truy cp web server
5.6.
DCH V MAIL
5.6.1. GII THIU SMTP SMTP l giao thc tin cy chu trch nhim phn pht mail. N chuyn mail t h thng mng ny sang h thng mng khc, chuyn mail trong h thng mng ni b. Giao thc SMTP c nh ngha trong RFC 821, SMTP l mt dch v tin cy, hng kt ni, s dng s hiu cng 25. s dng cc lnh SMTP ta dng lnh telnet theo port 25 trn h thng xa sau gi mail thng qua c ch dng lnh. K thut ny thnh thong cng c s dng kim tra h thng SMTP server, nhng iu chnh yu y l chng ta s dng SMTP minh ho lm cch no mail c gi qua cc h thng khc nhau. SMTP l h thng phn pht mail trc tip t Mail server gi n Mail server nhn, iu ny rt him khi s dng. Hu ht h thng mail s dng giao thc store and forward nh UUCP v X.400. Hai giao thc ny di chuyn mail i qua mi pop, lu tr thng ip ti mi hop v sau chuyn ti h thng tip theo, thng ip c chuyn tip cho ti khi n ti h thng phn pht cui cng. 5.6.2. POP C hai phin bn ca POP c s dng rng ri l POP2, POP3. POP2 c nh ngha trong RFC 937, POP3 c nh ngha trong RFC 1725. POP2 s dng cng 109 v POP3 s dng cng 110. Cc cu lnh trong hai giao thc ny khng ging nhau nhng chng cng thc hin chc nng c bn l kim tra tn ng nhp, mt khu ngi dng v chuyn mail ca ngi dng t server ti h thng c mail cc b ca user. Trong khi tp lnh ca POP3 hon ton khc vi tp lnh ca POP2. 5.6.3. H THNG MAIL Mt h thng mail yu cu phi c t nht hai thnh phn, n c th nh v trn hai h thng khc nhau hoc trn cng mt h thng, mail server v mail client. Ngoi ra, n cn c nhng thnh phn khc nh Mail Host, Mail Gateway. S t chc h thng Mail:
Hnh 4.2: S t chc Mail H thng mail cc b Cu hnh h thng mail n gin gm mt hoc nhiu trm lm vic kt ni vo mt Mail Server. Tt c mail u chuyn cc b.
Mail Client
Mail Client Mail Server Mail Client
Mail Client
Site
Hnh 4.4: S Mail cc b H thng mail cc b c kt ni t xa H thng mail trong mt mng nh gm mt mail server, mt mail host v mt mail gateway kt ni vi h thng bn ngoi. Khng cn DNS server.
Hnh 4.5: h thng mail kt ni t xa H thng hai domain v mt gateway Cu hnh di y gm hai domain v mt mail gateway. Trong h thng ny mail server, mail host, v mail gateway cung cp trn domain hot ng nh mt h thng c lp.
Hnh 4.6: H thng mail s dng mail gateway M hnh Mail Gateway Mt mail gateway l my kt ni gia cc mng dng cc giao thc truyn thng khc nhau hoc kt ni cc mng khc nhau dng chung giao thc. V d mt mail gateway c th kt ni mt mng TCP/IP vi mt mng chy b giao thc Systems Network Architecture (SNA). Mt mail gateway n gin nht dng kt ni hai mng dng chung giao thc hoc mailer. Khi mail gateway chuyn mail gia domain ni b v cc domain bn ngoi. Mail
gateway cng kt ni hai mng dng mailer khc nhau nh hnh v di. Gateway gia hai giao thc truyn khc nhau:
Hnh 4.3: S mail gateway 5.6.4. THIT LP H THNG MAIL CC B M hnh v yu cu cu hnh
Serverlinux.vn
Hng dn thc hin a. Kim tra DNS b. Cu hnh tn host (/etc/host) c. Cu hnh sendmail
1) Khai bo tn min cc b 2) Ch nh port listen 3) Khi to dch v d. Cu hnh dovecot(pop3) e. Cu hnh mail client Send/receive email CC BC THC HIN a) Kim tra ci t sendmail
[root@localhost named]# rpm -qa sendmail sendmail-8.14.4-8.el6.i686 [root@localhost named]# host dns1.serverlinux.vn dns1.serverlinux.vn has address 192.168.1.17 [root@localhost named]# host 192.168.1.17 17.1.168.192.in-addr.arpa domain name pointer dns1.serverlinux.vn. [root@localhost named]# host mail.serverlinux.vn mail.serverlinux.vn is an alias for dns1.serverlinux.vn. dns1.serverlinux.vn has address 192.168.1.17
b) Cu hnh host name

[root@linux ~]# vi /etc/hosts 127.0.0.1 localhost.localdomain serverlinux.vn ::1 localhost6.localdomain6 localhost6 192.168.1.17 Linux serverlinx.vn
c) Cu hnh /etc/mail/sendmail.cf
81 82 83 84 85 86 87 88 89 # my LDAP cluster # need to set this before any LDAP lookups are done (including classes) #D{sendmailMTACluster}$m Cwlocalhost serverlinux.vn # file containing names of hosts for which we receive email Fw/etc/mail/local-host-names # my official domain name
90 # ... define this only if sendmail cannot automatically determine your domain 91 #Dj$w.Foo.COM 259 # SMTP daemon options 260 261 #O DaemonPortOptions=Port=smtp,Addr=127.0.0.1, Name=MTA 262 O DaemonPortOptions=Name=MTA 263 # SMTP client options 264 #O ClientPortOptions=Family=inet, Address=0.0.0.0
d) Cu hnh cho php truy cp /etc/mail/access

[root@localhost mail]# vi access # Check the /usr/share/doc/sendmail/README.cf file for a description # of the format of this file. (search for access_db in that file) # The /usr/share/doc/sendmail/README.cf is part of the sendmail-doc # package. # # If you want to use AuthInfo with "M:PLAIN LOGIN", make sure to have the # cyrus-sasl-plain package installed. # # By default we allow relaying from localhost... Connect:localhost.localdomain RELAY Connect:localhost RELAY Connect:127.0.0.1 RELAY Connect:serverlinux.vn RELAY Connect:192.168.1.18 RELAY
e) Khi ng sendmail
[root@localhost mail]# makemap hash access < access [root@localhost mail]# /etc/init.d/sendmail restart Shutting down sm-client: Shutting down sendmail: Starting sendmail: Starting sm-client:
[ OK ] [FAILED] [ OK ] [ OK ]
f) Kim tra hot ng ca sendmail port 25

[root@localhost mail]# netstat -an|grep 25 tcp 0 0 127.0.0.1:25 LISTEN 0.0.0.0:*
udp 0 0 192.168.1.255:137 udp 0 0 172.16.29.255:137 udp 112592 0 172.16.29.255:137 udp 0 0 192.168.1.255:138 udp 0 0 172.16.29.255:138 udp 59104 0 172.16.29.255:138 unix 2 [ ACC ] STREAM LISTENING unix 2 [ ACC ] STREAM LISTENING . unix 3 [ ] STREAM CONNECTED unix 3 [ ] STREAM CONNECTED unix 3 [ ] STREAM CONNECTED
13525 17538 15925 12530 12529
0.0.0.0:* 0.0.0.0:* 0.0.0.0:* 0.0.0.0:* 0.0.0.0:* 0.0.0.0:* /var/lib/mysql/mysql.sock /tmp/.ICE-unix/2513
g) kim tra ti khon trong /etc/passwd

[root@localhost named]# vi /etc/passwd root:x:0:0:root:/root:/bin/bash bin:x:1:1:bin:/bin:/sbin/nologin . mysql:x:27:27:MySQL Server:/var/lib/mysql:/bin/bash named:x:25:25:Named:/var/named:/sbin/nologin hv1:x:503:503::/home/hv1:/bin/bash squid:x:23:23::/var/spool/squid:/sbin/nologin mailnull:x:47:47::/var/spool/mqueue:/sbin/nologin smmsp:x:51:51::/var/spool/mqueue:/sbin/nologin
T root gi mail n user hv1

[root@localhost mail]# mail -v hv1@serverlinux.vn Subject: test test . EOT hv1@serverlinux.vn... Connecting to [127.0.0.1] via relay... 220 localhost.localdomain ESMTP Sendmail 8.14.4/8.14.4; Thu, 22 Dec 2011 13:59:10 -0500 >>> EHLO localhost.localdomain 250-localhost.localdomain Hello Linux [127.0.0.1], pleased to meet you 250-ENHANCEDSTATUSCODES 250-PIPELINING 250-8BITMIME 250-SIZE 250-DSN 250-ETRN
250-AUTH GSSAPI DIGEST-MD5 CRAM-MD5 250-DELIVERBY 250 HELP >>> MAIL From:<root@localhost.localdomain> SIZE=214 AUTH=root@localhost.localdomain 553 5.5.4 <root@localhost.localdomain>... Real domain name required for sender address root... Using cached ESMTP connection to [127.0.0.1] via relay... >>> RSET 250 2.0.0 Reset state >>> MAIL From:<> SIZE=1238 250 2.1.0 <>... Sender ok >>> RCPT To:<root@localhost.localdomain> >>> DATA 250 2.1.5 <root@localhost.localdomain>... Recipient ok 354 Enter mail, end with "." on a line by itself >>> . 250 2.0.0 pBMIxA8F003194 Message accepted for delivery root... Sent (pBMIxA8F003194 Message accepted for delivery) Closing connection to [127.0.0.1] >>> QUIT 221 2.0.0 localhost.localdomain closing connection
h) ng nhp vo user hv1 v kim tra mail

[root@dns1 mail]# su - hv1 [hv1@dns1 ~]$ mail Mail version 8.1 6/6/93. Type ? for help. "/var/spool/mail/hv1": 1 message 1 new >N 1 root@dns1.serverlinu Mon Nov 7 03:16 16/632 "test" & 1 [ENTER] root@dns1.serverlinu Mon Nov 7 03:16 16/632 "test" & 1 Message 1: From root@dns1.serverlinux.vn Mon Nov 7 03:16:21 2011 Date: Mon, 7 Nov 2011 03:16:21 +0700 From: root <root@dns1.serverlinux.vn> To: hv1@serverlinux.vn Subject: test test hv1 &quit [ENTER]
i) T user hv1 gi mail cho user hv2

[hv1@dns1 ~]$ mail -v hv2@serverlinux.vn Subject: chao chao^@^@hv2 . Cc: hv2@serverlinux.vn... Connecting to [127.0.0.1] via relay... 220 dns1.serverlinux.vn ESMTP Sendmail 8.13.8/8.13.8; Mon, 7 Nov 2011 03:21:52 +0700 >>> EHLO dns1.serverlinux.vn 250-dns1.serverlinux.vn Hello localhost.localdomain [127.0.0.1], pleased to meet you 250-ENHANCEDSTATUSCODES 250-PIPELINING 250-8BITMIME 250-SIZE 250-DSN 250-ETRN 250-AUTH DIGEST-MD5 CRAM-MD5 250-DELIVERBY 250 HELP >>> MAIL From:<hv1@dns1.serverlinux.vn> SIZE=43 AUTH=hv1@dns1.serverlinux.vn 250 2.1.0 <hv1@dns1.serverlinux.vn>... Sender ok >>> RCPT To:<hv2@serverlinux.vn> >>> DATA 250 2.1.5 <hv2@serverlinux.vn>... Recipient ok 354 Enter mail, end with "." on a line by itself >>> . 250 2.0.0 pA6KLqI2007640 Message accepted for delivery hv2@serverlinux.vn... Sent (pA6KLqI2007640 Message accepted for delivery) Closing connection to [127.0.0.1] >>> QUIT
j) ng nhp vo user hv2 v kim tra mail

[hv1@dns1 ~]$ su - hv2 Password: [hv2@dns1 ~]$ mail Mail version 8.1 6/6/93. Type ? for help. "/var/spool/mail/hv2": 1 message 1 new >N 1 hv1@dns1.serverlinux Mon Nov 7 03:21 & 1 Message 1:
16/617
"chao"
From hv1@dns1.serverlinux.vn Mon Nov Date: Mon, 7 Nov 2011 03:21:52 +0700 From: hv1@dns1.serverlinux.vn To: hv2@serverlinux.vn Subject: chao chao & quit Saved 1 message in mbox
7 03:21:52 2011
k) T user hv2 gi mail cho root

[hv2@dns1 ~]$ mail -v root@serverlinux.vn Subject: chao root chao root . Cc: root@serverlinux.vn... Connecting to [127.0.0.1] via relay... 220 dns1.serverlinux.vn ESMTP Sendmail 8.13.8/8.13.8; Mon, 7 Nov 2011 03:26:32 +0700 >>> EHLO dns1.serverlinux.vn 250-dns1.serverlinux.vn Hello localhost.localdomain [127.0.0.1], pleased to meet you 250-ENHANCEDSTATUSCODES 250-PIPELINING 250-8BITMIME 250-SIZE 250-DSN 250-ETRN 250-AUTH DIGEST-MD5 CRAM-MD5 250-DELIVERBY 250 HELP >>> MAIL From:<hv2@dns1.serverlinux.vn> SIZE=54 AUTH=hv2@dns1.serverlinux.vn 250 2.1.0 <hv2@dns1.serverlinux.vn>... Sender ok >>> RCPT To:<root@serverlinux.vn> >>> DATA 250 2.1.5 <root@serverlinux.vn>... Recipient ok 354 Enter mail, end with "." on a line by itself >>> . 250 2.0.0 pA6KQWNo007678 Message accepted for delivery root@serverlinux.vn... Sent (pA6KQWNo007678 Message accepted for delivery) Closing connection to [127.0.0.1] >>> QUIT 221 2.0.0 dns1.serverlinux.vn closing connection
[hv2@dns1 ~]$
l) ng nhp tr li root v kim tra mail

[root@dns1 mail]# mail Mail version 8.1 6/6/93. Type ? for help. "/var/spool/mail/root": 6 messages 6 new >N 1 logwatch@localhost.l Wed Oct 19 07:21 45/1748 localhost.localdoma" N 2 logwatch@localhost.l Thu Oct 20 01:14 163/5543 localhost (Linux)" N 3 logwatch@localhost.l Thu Oct 20 04:02 163/5543 localhost (Linux)" N 4 logwatch@DNSServer Fri Oct 21 03:06 248/10059 dnsserver (Linux)" N 5 logwatch@DNSServer Fri Oct 21 04:02 248/10059 dnsserver (Linux)" N 6 hv2@dns1.serverlinux Mon Nov 7 03:26 16/630 & 6 Message 6: <Nhp vo mail cn xem> From hv2@dns1.serverlinux.vn Mon Nov 7 03:26:32 2011 Date: Mon, 7 Nov 2011 03:26:32 +0700 From: hv2@dns1.serverlinux.vn To: root@serverlinux.vn Subject: chao root chao root & quit Saved 1 message in mbox Held 5 messages in /var/spool/mail/root
"Logwatch for "Logwatch for "Logwatch for "Logwatch for "Logwatch for "chao root"
5.6.5. THIT LP H THNG MAIL TRAO I CHO NHIU MIN
Hng dn thc hin a. Kim tra dns nhiu min con b. Cu hnh relay mail cho 2 min con t min serverlinux.vn c. Cu hnh mail gateway cho itdep.serverlinux.vn d. Cu hnh mail gateway cho pcm.serverlinux.vn e. Khi to dch v f. Kim tra hot ng Hng dn thc hin a) Kim tra cu hnh DNS
[root@dns1 named]# nslookup > set type=any > serverlinux.vn Server: 192.168.1.17 Address: 192.168.1.17#53 serverlinux.vn origin = dns1.serverlinux.vn mail addr = root.serverlinux.vn serial = 2011022700 refresh = 28800 retry = 14400 expire = 3600000
minimum = 86400 serverlinux.vn nameserver = dns1.serverlinux.vn. serverlinux.vn mail exchanger = 1 dns1.serverlinux.vn. > itdep.serverlinux.vn Server: 192.168.1.17 Address: 192.168.1.17#53 Name: itdep.serverlinux.vn Address: 192.168.1.28 itdep.serverlinux.vn mail exchanger = 1 mail.itdep.serverlinux.vn. > 192.168.1.17 Server: 192.168.1.17 Address: 192.168.1.17#53 17.1.168.192.in-addr.arpa name = dns1.serverlinux.vn. > 192.168.1.28 Server: 192.168.1.17 Address: 192.168.1.17#53 28.1.168.192.in-addr.arpa 28.1.168.192.in-addr.arpa name = itdep.serverlinux.vn. name = mail.itdep.serverlinux.vn.
b) Cu hnh Access Relay Mail

[root@dns1 mail]# vi access # Check the /usr/share/doc/sendmail/README.cf file for a description # of the format of this file. (search for access_db in that file) # The /usr/share/doc/sendmail/README.cf is part of the sendmail-doc # package. # by default we allow relaying from localhost... Connect:localhost.localdomain RELAY Connect:localhost RELAY Connect:127.0.0.1 RELAY Connect:serverlinux.vn RELAY Connect:192.168.1.17 RELAY Connect:itdep.serverlinux.vn RELAY Connect:192.168.1.28 RELAY
c) Bin dch truy cp access

[root@dns1 mail]# makemap hash access < access
d) Khi ng li dch v sendmail
[root@dns1 mail]# /etc/init.d/sendmail restart Shutting down sm-client: Shutting down sendmail: Starting sendmail: Starting sm-client:
[ [ [ [
OK OK OK OK
] ] ] ]
e) Chnh sa tp tin sendmail.cf trong DNS itdep.serverlinux.vn

#Thay i dng 89 89 Cwlocalhost itdep.serverlinux.vn 90 # file containing names of hosts for which we receive email 91 Fw/etc/mail/local-host-names 92 93 # my official domain name 94 # ... define this only if sendmail cannot automatically determine your domain 95 #Dj$w.Foo.COM 96 97 # host/domain names ending with a token in class P are canonical 98 CP. 99 100 # "Smart" relay host (may be null) #Thay i dng 101 101 DSmail.serverlinux.vn
f) Khi ng li dch v sendmail trong itdep.serverlinux.vn

[root@dns1 mail]# /etc/init.d/sendmail restart Shutting down sm-client: Shutting down sendmail: Starting sendmail: Starting sm-client: [ [ [ [ OK OK OK OK ] ] ] ]
g) To ti khon hv trn itdep.serverlinux.vn v gi mail gia root v hv

[root@localhost mail]#useradd hv [root@localhost mail]#passwd hv [root@localhost mail]# mail -v hv@itdep.serverlinux.vn Subject: test1 test1 . Cc:
WARNING: local host name (localhost) is not qualified; see cf/README: WHO AM I? hv@itdep.serverlinux.vn... Connecting to [127.0.0.1] via relay... 220 localhost ESMTP Sendmail 8.13.8/8.13.8; Fri, 23 Dec 2011 07:35:58 +0700 >>> EHLO localhost 250-localhost Hello localhost.localdomain [127.0.0.1], pleased to meet you . >>> . 250 2.0.0 pBN0Zw1U005360 Message accepted for delivery hv@itdep.serverlinux.vn... Sent (pBN0Zw1U005360 Message accepted for delivery) Closing connection to [127.0.0.1] >>> QUIT 221 2.0.0 localhost closing connection
h) ng nhp vo user hv v kim tra mail

[root@localhost mail]#su - hv [root@localhost mail]# su - hv [hv@localhost ~]$ mail Mail version 8.1 6/6/93. Type ? for help. "/var/spool/mail/hv": 1 message 1 new >N 1 root@localhost Fri Dec 23 07:35 16/578 & 1 Message 1: From root@localhost Fri Dec 23 07:35:58 2011 Date: Fri, 23 Dec 2011 07:35:58 +0700 From: root <root@localhost> To: hv@itdep.serverlinux.vn Subject: test1 test1 & quit Saved 1 message in mbox [hv@localhost ~]$
"test1"
i) T user sv@itdep.serverlinux.vngi mail cho sv@serverlinux.vn sv@itdep.serverlinux.vn gi mail

[root@localhost mail]# su - sv [sv@dns2 ~]$ mail -v sv@serverlinux.vn Subject: chao sv serverlinux.vn xin chao sv serverlinux.vn .
EOT sv@serverlinux.vn... Connecting to [127.0.0.1] via relay... 220 dns2.itdep.serverlinux.vn ESMTP Sendmail 8.14.4/8.14.4; Fri, 23 Dec 2011 09:24:46 -0500 >>> EHLO dns2.itdep.serverlinux.vn .. >>> QUIT 221 2.0.0 dns2.itdep.serverlinux.vn closing connection [sv@dns2 ~]$
sv@serverlinux.vn nhn mail t sv@itdep.serverlinux.vn

[root@localhost mail]# su - sv [sv@localhost ~]$ mail Heirloom Mail version 12.4 7/29/08. Type ? for help. "/var/spool/mail/sv": 3 messages 2 new 1 root Fri Dec 23 09:07 21/793 "test" >N 2 Mail Delivery Subsys Fri Dec 23 09:18 66/2411 "Returned mail: see t" N 3 day la tai khoan dun Fri Dec 23 09:24 23/1073 "chao sv serverlinux." & 3 Message 3: From sv@dns2.itdep.serverlinux.vn Fri Dec 23 09:24:53 2011 Return-Path: <sv@dns2.itdep.serverlinux.vn> From: day la tai khoan dung de test <sv@dns2.itdep.serverlinux.vn> Date: Fri, 23 Dec 2011 09:24:45 -0500 To: sv@serverlinux.vn Subject: chao sv serverlinux.vn User-Agent: Heirloom mailx 12.4 7/29/08 Content-Type: text/plain; charset=us-ascii Status: R xin chao sv serverlinux.vn & quit Held 3 messages in /var/spool/mail/sv
5.6.6. THIT LP KIM SOT MAIL CA NGI DNG M HNH V YU CU CU HNH
Serverlinux.vn
HNG DN CU HNH - Cm email - Ch nh kch thc CC BC THC HIN a) Kim tra ci t sendmail
[root@localhost named]# rpm -qa sendmail sendmail-8.14.4-8.el6.i686 [root@localhost named]# host dns1.serverlinux.vn dns1.serverlinux.vn has address 192.168.1.17 [root@localhost named]# host 192.168.1.17 17.1.168.192.in-addr.arpa domain name pointer dns1.serverlinux.vn. [root@localhost named]# host mail.serverlinux.vn mail.serverlinux.vn is an alias for dns1.serverlinux.vn. dns1.serverlinux.vn has address 192.168.1.17
b) Cu hnh host name

[root@linux ~]# vi /etc/hosts
127.0.0.1 localhost.localdomain serverlinux.vn ::1 localhost6.localdomain6 localhost6 192.168.1.17 Linux serverlinx.vn
c) Cu hnh /etc/mail/sendmail.cf
81 # my LDAP cluster 82 # need to set this before any LDAP lookups are done (including classes) 83 #D{sendmailMTACluster}$m 84 85 Cwlocalhost serverlinux.vn 86 # file containing names of hosts for which we receive email 87 Fw/etc/mail/local-host-names 88 89 # my official domain name 90 # ... define this only if sendmail cannot automatically determine your domain 91 #Dj$w.Foo.COM 259 # SMTP daemon options 260 261 #O DaemonPortOptions=Port=smtp,Addr=127.0.0.1, Name=MTA 262 O DaemonPortOptions=Name=MTA 263 # SMTP client options 264 #O ClientPortOptions=Family=inet, Address=0.0.0.0
d) Cu hnh cm truy cp /etc/mail/access

[root@localhost mail]# vi access # Check the /usr/share/doc/sendmail/README.cf file for a description # of the format of this file. (search for access_db in that file) # The /usr/share/doc/sendmail/README.cf is part of the sendmail-doc # package. # # If you want to use AuthInfo with "M:PLAIN LOGIN", make sure to have the # cyrus-sasl-plain package installed. # # By default we allow relaying from localhost... Connect:localhost.localdomain RELAY Connect:localhost RELAY Connect:127.0.0.1 RELAY Connect:serverlinux.vn RELAY Connect:192.168.1.18 RELAY u2@serverlinux.vn REJECT
e) Khi ng sendmail
[root@localhost mail]# makemap hash access < access [root@localhost mail]# /etc/init.d/sendmail restart Shutting down sm-client: Shutting down sendmail: Starting sendmail: Starting sm-client:
[ [ [ [
OK OK OK OK
] ] ] ]
f) Kim tra hot ng ca sendmail port 25

[root@localhost mail]# netstat -an|grep tcp 0 0 127.0.0.1:25 LISTEN udp 0 0 192.168.1.255:137 udp 0 0 172.16.29.255:137 udp 112592 0 172.16.29.255:137 udp 0 0 192.168.1.255:138 udp 0 0 172.16.29.255:138 udp 59104 0 172.16.29.255:138 unix 2 [ ACC ] STREAM LISTENING unix 2 [ ACC ] STREAM LISTENING . unix 3 [ ] STREAM CONNECTED unix 3 [ ] STREAM CONNECTED unix 3 [ ] STREAM CONNECTED 25 0.0.0.0:* 0.0.0.0:* 0.0.0.0:* 0.0.0.0:* 0.0.0.0:* 0.0.0.0:* 0.0.0.0:* /var/lib/mysql/mysql.sock /tmp/.ICE-unix/2513
13525 17538 15925 12530 12529
g) kim tra ti khon trong /etc/passwd

[root@localhost named]# vi /etc/passwd root:x:0:0:root:/root:/bin/bash bin:x:1:1:bin:/bin:/sbin/nologin . named:x:25:25:Named:/var/named:/sbin/nologin hv1:x:503:503::/home/hv1:/bin/bash squid:x:23:23::/var/spool/squid:/sbin/nologin mailnull:x:47:47::/var/spool/mqueue:/sbin/nologin smmsp:x:51:51::/var/spool/mqueue:/sbin/nologin
T root gi mail n user hv1

[root@localhost mail]# mail -v hv1@serverlinux.vn Subject: test test .
EOT hv1@serverlinux.vn... Connecting to [127.0.0.1] via relay... 220 localhost.localdomain ESMTP Sendmail 8.14.4/8.14.4; Thu, 22 Dec 2011 13:59:10 -0500 .. root... Sent (pBMIxA8F003194 Message accepted for delivery) Closing connection to [127.0.0.1] >>> QUIT 221 2.0.0 localhost.localdomain closing connection
h) ng nhp vo user hv1 v kim tra mail

[root@dns1 mail]# su - hv1 [hv1@dns1 ~]$ mail Mail version 8.1 6/6/93. Type ? for help. "/var/spool/mail/hv1": 1 message 1 new >N 1 root@dns1.serverlinu Mon Nov 7 03:16 16/632 "test" & 1 [ENTER] root@dns1.serverlinu Mon Nov 7 03:16 16/632 "test" & 1 Message 1: From root@dns1.serverlinux.vn Mon Nov 7 03:16:21 2011 Date: Mon, 7 Nov 2011 03:16:21 +0700 From: root <root@dns1.serverlinux.vn> To: hv1@serverlinux.vn Subject: test test hv1 &quit [ENTER]
i) T user hv1 gi mail cho user hv2

[hv1@dns1 ~]$ mail -v hv2@serverlinux.vn Subject: chao chao^@^@hv2 . Cc: hv2@serverlinux.vn... Connecting to [127.0.0.1] via relay... 220 dns1.serverlinux.vn ESMTP Sendmail 8.13.8/8.13.8; Mon, 7 Nov 2011 03:21:52 +0700 . 250 2.1.5 <hv2@serverlinux.vn>... Recipient ok 354 Enter mail, end with "." on a line by itself >>> .
250 2.0.0 pA6KLqI2007640 Message accepted for delivery hv2@serverlinux.vn... Sent (pA6KLqI2007640 Message accepted for delivery) Closing connection to [127.0.0.1] >>> QUIT
j) ng nhp vo user hv2 v kim tra mail

[hv1@dns1 ~]$ su - hv2 Password: [hv2@dns1 ~]$ mail Mail version 8.1 6/6/93. Type ? for help. "/var/spool/mail/hv2": 1 message 1 new >N 1 hv1@dns1.serverlinux Mon Nov 7 03:21 16/617 "chao" & 1 Message 1: From hv1@dns1.serverlinux.vn Mon Nov 7 03:21:52 2011 Date: Mon, 7 Nov 2011 03:21:52 +0700 From: hv1@dns1.serverlinux.vn To: hv2@serverlinux.vn Subject: chao chao & quit Saved 1 message in mbox
k) T user hv2 gi mail cho root

[hv2@dns1 ~]$ mail -v root@serverlinux.vn Subject: chao root chao root . Cc: root@serverlinux.vn... Connecting to [127.0.0.1] via relay... 220 dns1.serverlinux.vn ESMTP Sendmail 8.13.8/8.13.8; Mon, 7 Nov 2011 03:26:32 +0700 . root@serverlinux.vn... Sent (pA6KQWNo007678 Message accepted for delivery) Closing connection to [127.0.0.1] >>> QUIT 221 2.0.0 dns1.serverlinux.vn closing connection [hv2@dns1 ~]$
l) ng nhp tr li root v kim tra mail

[root@dns1 mail]# mail
Mail version 8.1 6/6/93. Type ? for help. "/var/spool/mail/root": 6 messages 6 new >N 1 logwatch@localhost.l Wed Oct 19 07:21 45/1748 "Logwatch for localhost.localdoma" N 6 hv2@dns1.serverlinux Mon Nov 7 03:26 16/630 "chao root" & 6 Message 6: <Nhp vo mail cn xem> From hv2@dns1.serverlinux.vn Mon Nov 7 03:26:32 2011 Date: Mon, 7 Nov 2011 03:26:32 +0700 From: hv2@dns1.serverlinux.vn To: root@serverlinux.vn Subject: chao root chao root & quit Saved 1 message in mbox Held 5 messages in /var/spool/mail/root
m)Gii hn dng lng gi mail

#Thay i dng 183 180 181 # maximum message size 182 #O MaxMessageSize=0 183 O MaxMessageSize=5000000 184 185 # substitution for space (blank) characters 186 O BlankSub=. 187 188 # avoid connecting to "expensive" mailers on initial submission? 189 O HoldExpensive=False
5.7.
DCH V NIS
5.7.1. CU HNH NIS SERVER Ci t NIS Kim tra gi ypserv*.rpm ci t ri hay cha. Nu cha th tin hnh ci t bng tin ch YUM hoc ti file nh phn ypserv-2.19-3.i386.rpm
[root@localhost ~]# yum -y install ypserv rpcbind Resolving Dependencies --> Running transaction check ---> Package ypserv.i686 0:2.19-18.el6 set to be updated --> Finished Dependency Resolution Dependencies Resolved =========================================================== Package Arch Version Repository Size =========================================================== Installing: ypserv i686 2.19-18.el6 base 127 k Transaction Summary =========================================================== Install 1 Package(s) Upgrade 0 Package(s) Total download size: 127 k Installed size: 291 k Downloading Packages: ypserv-2.19-18.el6.i686.rpm | 127 kB 00:06 Running rpm_check_debug Running Transaction Test Transaction Test Succeeded Running Transaction Installing : ypserv-2.19-18.el6.i686 1/1 Installed: ypserv.i686 0:2.19-18.el6 Complete!
Khi to NIS server - Xem NIS domain hin ti ca server, cu hnh NIS domain cho server - Hoc thm dng sau vo file /etc/sysconfig/network: - Chnh sa file /var/yp/Makefile bt u khi to nhng thng tin m NIS s phc v cho domain: - Khi to NIS server:
Cu hnh dch v NIS chia s ti khon ngi dng trong h thng mng cc b. Cc bc cu hnh nh sau:
[root@linux ~]#ypdomainname serverlinux.vn [root@linux ~]#vi /etc/sysconfig/network NETWORKING=yes HOSTNAME=dlp.serverlinux.vn # thm dng sau NISDOMAIN=serverlinux.vn [root@linux ~]#vi /var/yp/Makefile # MERGE_PASSWD=true|false # line 42: change MERGE_PASSWD=false # MERGE_GROUP=true|false # line 46: change MERGE_GROUP=false # line 117: add all: passwd shadow group hosts rpc services netid protocols [root@linux ~]#vi /var/yp/securenets 255.255.255.0 10.0.0.0 [root@linux ~]#vi /etc/hosts # thm own IP address 10.0.0.30 dlp dlp.serverlinux [root@linux ~]#/etc/rc.d/init.d/rpcbind start Starting portmap: [ OK ] [root@linux ~]#/etc/rc.d/init.d/ypserv start Starting YP server services: [ OK ] [root@linux ~]#/etc/rc.d/init.d/yppasswdd start Starting YP passwd service: [ OK ] [root@linux ~]#chkconfig rpcbind [root@linux ~]#chkconfig ypserv on [root@linux ~]#chkconfig yppasswdd on [root@linux ~]#/usr/lib64/yp/ypinit -m # update NIS database on # set NIS domain name
Ti thi im ny, chng ta phixy dng mtdanh sch ccmyschyccmy chNIS. DLPltrong danh schcc my chmychNIS. Xinvuilngtip tc thmtncho cc my chkhc trn mi dng. Khiang thc hin vidanh sch, g<control D>.
next host to add: dlp next host to add: # push Ctrl + D key The current list of NIS servers looks like this: dlp Is this correct? [y/n: y] y # answer yes We need a few minutes to build the databases... Building /var/yp/serverlinux/ypservers... Running /var/yp/Makefile... gmake[1]: Entering directory `/var/yp/serverlinux' Updating passwd.byname... Updating passwd.byuid... Updating shadow.byname... Updating group.byname... Updating group.bygid... Updating hosts.byname... Updating hosts.byaddr... Updating rpc.byname... Updating rpc.bynumber... Updating services.byname... Updating services.byservicename... Updating netid.byname... Updating protocols.bynumber... Updating protocols.byname... Updating mail.aliases... gmake[1]: Leaving directory `/var/yp/serverlinux' dlp has been set up as a NIS master server. Now you can run ypinit -s dlp on all slave server. # It's neccessary to update NIS database with following way if new user is added again [root@linux ~]#cd /var/yp [root@dlp yp]#make
5.7.2. CU HNH NIS CLIENT - Chnh sa file /etc/yp.conf

domain serverlinux.vn broadcast
- Start tin trnh ypbin:
- S dng lnh ypwhich kim tra NIS server no ang phc v nhng request NIS: - Lnh ypcat lit k thng tin mt bng map trn NIS server: - Cu hnh file /etc/nsswitch.conf h thng cn tm kim thng tin: - Dng mt my khc login bng user ch c trn NIS server (khng tn ti my cc b) kim tra hot ng s dng NIS chng thc: - Khi thay i thng tin trn bng map ca NIS server, nh thm user test vo file /etc/passwd - Update li thng tin trn NIS server nh sau: - Ti NIS client, xem li bn map: - Xa thng tin ca user test trn local:#userdel test - Th switch qua user test, kt qu vn switch c bnh thng, v lc ny thng tin c tm kim trn NIS
[root@linux ~]#yum -y install ypbind rpcbind [root@linux ~]#vi /etc/sysconfig/network NETWORKING=yes HOSTNAME=www.serverlinux.vn # add at the last line NISDOMAIN=serverlinux.vn [root@linux ~]#vi /etc/sysconfig/authconfig USENIS=yes # line 19: change [root@linux ~]#vi /etc/yp.conf # add at the last line ( [domain] server [NIS server] ) domain serverlinux server dlp.serverlinux [root@linux ~]#vi /etc/nsswitch.conf passwd: files nis # line 33: add shadow: files nis # add group: files nis # add hosts: files dns nis # add
# add optionally if you need ( create home directory automatically if it's none ) [root@linux ~]#vi /etc/pam.d/system-auth # add at the last line session optional pam_mkhomedir.so skel=/etc/skel umask=077 [root@linux ~]#chkconfig rpcbind on [root@linux ~]#chkconfig ypbind on [root@linux ~]#shutdown -r now www.serverlinux login:debian # user on NIS Password: # password Creating directory '/home/debian'. [debian@www ~]$# logined [debian@www ~]$ypwhich dlp [debian@www ~]$ypcat passwd cent:x:500:500::/home/fermi:/bin/bash ubuntu:x:502:502::/home/ubuntu:/bin/bash fedora:x:501:501::/home/cent:/bin/bash debian:x:503:503::/home/debian:/bin/bash [debian@www ~]$ypcat hosts 10.0.0.30 dlp dlp.serverlinux 10.0.0.30 dlp dlp.serverlinux 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 [debian@www ~]$yppasswd # try to chnage NIS password Changing NIS account information for debian on dlp. Please enter old password: # current one Changing NIS password for debian on dlp. Please enter new password: # new one Please retype new password: The NIS password has been changed on dlp. [debian@www ~]$ #just changed
5.8.
DCH V LDAP
5.8.1. CU HNH LDAP SERVER Ci t OpenLDAP - Kim tra gi openldap c ci t hay cha. Nu cha ci t th c th s dng trnh tin ch YUM hoc trnh ci t RPM ci t phn mm.
[root@dir ~]#yum -y install openldap-servers openldap-clients [root@dir ~]#vi /etc/sysconfig/ldap # line 16: uncomment and change SLAPD_LDAPI=yes [root@dir ~]#vi /etc/openldap/slapd.conf # create new pidfile /var/run/openldap/slapd.pid argsfile /var/run/openldap/slapd.args [root@dir ~]#rm -rf /etc/openldap/slapd.d/* [root@dir ~]#slaptest -f /etc/openldap/slapd.conf -F /etc/openldap/slapd.d config file testing succeeded [root@dir ~]#vi /etc/openldap/slapd.d/cn=config/olcDatabase\={0}config.ldif # line 4: change olcAccess: {0}to * by dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth manage by * break [root@dir ~]#vi /etc/openldap/slapd.d/cn=config/olcDatabase\={1}monitor.ldif # create new dn: olcDatabase={1}monitor objectClass: olcDatabaseConfig olcDatabase: {1}monitor olcAccess: {1}to * by dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth manage by * break olcAddContentAcl: FALSE olcLastMod: TRUE olcMaxDerefDepth: 15 olcReadOnly: FALSE olcMonitoring: FALSE structuralObjectClass: olcDatabaseConfig creatorsName: cn=config modifiersName: cn=config [root@dir ~]#chown -R ldap. /etc/openldap/slapd.d
[root@dir ~]#chmod -R 700 /etc/openldap/slapd.d [root@dir ~]#/etc/rc.d/init.d/slapd start Starting slapd: [ OK ] [root@dir ~]#chkconfig slapd on
Cu hnh openldap
[root@dir ~]#ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/core.ldif SASL/EXTERNAL authentication started SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth SASL SSF: 0 adding new entry "cn=core,cn=schema,cn=config" [root@dir ~]#ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/cosine.ldif SASL/EXTERNAL authentication started SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth SASL SSF: 0 adding new entry "cn=cosine,cn=schema,cn=config" [root@dir ~]#ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/nis.ldif SASL/EXTERNAL authentication started SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth SASL SSF: 0 adding new entry "cn=nis,cn=schema,cn=config" [root@dir ~]#ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/inetorgperson.ldif SASL/EXTERNAL authentication started SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth SASL SSF: 0 adding new entry "cn=inetorgperson,cn=schema,cn=config" [root@dir ~]#slappasswd # generate password New password: # input any one Re-enter new password: {SSHA}xxxxxxxxxxxxxxxxxxxxxxxx [root@dir ~]#vi backend.ldif # create new # replace the section "dc=***,dc=***" to your own suffix # replace the section "olcRootPW: ***" to your own password generated by slappasswd above dn: cn=module,cn=config objectClass: olcModuleList cn: module
olcModulepath: /usr/lib64/openldap olcModuleload: back_hdb dn: olcDatabase=hdb,cn=config objectClass: olcDatabaseConfig objectClass: olcHdbConfig olcDatabase: {2}hdb olcSuffix: dc=server,dc=world olcDbDirectory: /var/lib/ldap olcRootDN: cn=admin,dc=server,dc=world olcRootPW: {SSHA}xxxxxxxxxxxxxxxxxxxxxxxx olcDbConfig: set_cachesize 0 2097152 0 olcDbConfig: set_lk_max_objects 1500 olcDbConfig: set_lk_max_locks 1500 olcDbConfig: set_lk_max_lockers 1500 olcDbIndex: objectClass eq olcLastMod: TRUE olcMonitoring: TRUE olcDbCheckpoint: 512 30 olcAccess: to attrs=userPassword by dn="cn=admin,dc=server,dc=world" write by anonymous auth by self write by * none olcAccess: to attrs=shadowLastChange by self write by * read olcAccess: to dn.base="" by * read olcAccess: to * by dn="cn=admin,dc=server,dc=world" write by * read [root@dir ~]#ldapadd -Y EXTERNAL -H ldapi:/// -f backend.ldif SASL/EXTERNAL authentication started SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth SASL SSF: 0 adding new entry "cn=module,cn=config" adding new entry "olcDatabase=hdb,cn=config" [root@dir ~]#vi frontend.ldif # create new # replace the section "dc=***,dc=***" to your own suffix # replace the section "userPassword: ***" to your own password generated by slappasswd above dn: dc=server,dc=world objectClass: top objectClass: dcObject objectclass: organization o: Server World dc: Server dn: cn=admin,dc=server,dc=world objectClass: simpleSecurityObject objectClass: organizationalRole cn: admin
userPassword: {SSHA}xxxxxxxxxxxxxxxxxxxxxxxx dn: ou=people,dc=server,dc=world objectClass: organizationalUnit ou: people dn: ou=groups,dc=server,dc=world objectClass: organizationalUnit ou: groups [root@dir ~]#ldapadd -x -D cn=admin,dc=server,dc=world -W -f frontend.ldif Enter LDAP Password: # password you set adding new entry "dc=server,dc=world" adding new entry "cn=admin,dc=server,dc=world" adding new entry "ou=people,dc=server,dc=world" adding new entry "ou=groups,dc=server,dc=world"
Thm danh sch ngi dng h thng cc b vo danh mc LDAP

[root@dir ~]#vi ldapuser.sh # extract local users who have 500-999 digit UID # replace "SUFFIX=***" to your own suffix # this is an example #!/bin/bash SUFFIX='dc=server,dc=world' LDIF='ldapuser.ldif' echo -n > $LDIF for line in `grep "x:[5-9][0-9][0-9]:" /etc/passwd | sed -e "s/ /%/g"` do UID1=ècho $line | cut -d: -f1` NAME=ècho $line | cut -d: -f5 | cut -d, -f1` if [ ! "$NAME" ] then NAME=$UID1 else NAME=ècho $NAME | sed -e "s/%/ /g"` fi SN=ècho $NAME | awk '{print $2}'` if [ ! "$SN" ] then SN=$NAME fi GIVEN=ècho $NAME | awk '{print $1}'` UID2=ècho $line | cut -d: -f3` GID=ècho $line | cut -d: -f4` PASS=`grep $UID1: /etc/shadow | cut -d: -f2`
SHELL=ècho $line | cut -d: -f7` HOME=ècho $line | cut -d: -f6` EXPIRE=`passwd -S $UID1 | awk '{print $7}'` FLAG=`grep $UID1: /etc/shadow | cut -d: -f9` if [ ! "$FLAG" ] then FLAG="0" fi WARN=`passwd -S $UID1 | awk '{print $6}'` MIN=`passwd -S $UID1 | awk '{print $4}'` MAX=`passwd -S $UID1 | awk '{print $5}'` LAST=`grep $UID1: /etc/shadow | cut -d: -f3` echo "dn: uid=$UID1,ou=people,$SUFFIX" >> $LDIF echo "objectClass: inetOrgPerson" >> $LDIF echo "objectClass: posixAccount" >> $LDIF echo "objectClass: shadowAccount" >> $LDIF echo "uid: $UID1" >> $LDIF echo "sn: $SN" >> $LDIF echo "givenName: $GIVEN" >> $LDIF echo "cn: $NAME" >> $LDIF echo "displayName: $NAME" >> $LDIF echo "uidNumber: $UID2" >> $LDIF echo "gidNumber: $GID" >> $LDIF echo "userPassword: {crypt}$PASS" >> $LDIF echo "gecos: $NAME" >> $LDIF echo "loginShell: $SHELL" >> $LDIF echo "homeDirectory: $HOME" >> $LDIF echo "shadowExpire: $EXPIRE" >> $LDIF echo "shadowFlag: $FLAG" >> $LDIF echo "shadowWarning: $WARN" >> $LDIF echo "shadowMin: $MIN" >> $LDIF echo "shadowMax: $MAX" >> $LDIF echo "shadowLastChange: $LAST" >> $LDIF echo >> $LDIF done [root@dir ~]#sh ldapuser.sh [root@dir ~]#ldapadd -x -D cn=admin,dc=server,dc=world -W -f ldapuser.ldif Enter LDAP Password: # LDAP admin password adding new entry "uid=cent,ou=people,dc=server,dc=world" adding new entry "uid=fedora,ou=people,dc=server,dc=world" adding new entry "uid=ubuntu,ou=people,dc=server,dc=world" adding new entry "uid=debian,ou=people,dc=server,dc=world" adding new entry "uid=fermi,ou=people,dc=server,dc=world"
Thm nhm danh sch ngi dng vo danh mc LDAP

[root@dir ~]#vi ldapgroup.sh # extract local groups who have 500-999 digit UID # replace "SUFFIX=***" to your own suffix # this is an example #!/bin/bash SUFFIX='dc=server,dc=world' LDIF='ldapgroup.ldif' echo -n > $LDIF for line in `grep "x:[5-9][0-9][0-9]:" /etc/group` do CN=ècho $line | cut -d: -f1` GID=ècho $line | cut -d: -f3` echo "dn: cn=$CN,ou=groups,$SUFFIX" >> $LDIF echo "objectClass: posixGroup" >> $LDIF echo "cn: $CN" >> $LDIF echo "gidNumber: $GID" >> $LDIF users=ècho $line | cut -d: -f4 | sed "s/,/ /g"` for user in ${users} ; do echo "memberUid: ${user}" >> $LDIF done echo >> $LDIF done [root@dir ~]#sh ldapgroup.sh [root@dir ~]#ldapadd -x -D cn=admin,dc=server,dc=world -W -f ldapgroup.ldif Enter LDAP Password: # LDAP admin password adding new entry "cn=cent,ou=groups,dc=server,dc=world" adding new entry "cn=fedora,ou=groups,dc=server,dc=world" adding new entry "cn=ubuntu,ou=groups,dc=server,dc=world" adding new entry "cn=debian,ou=groups,dc=server,dc=world" adding new entry "cn=fermi,ou=groups,dc=server,dc=world"
Nu mun xa ngi dng hoc nhm ngi dng th c th dng cc lnh sau
[root@dir ~]#ldapdelete -x -W -D 'cn=admin,dc=server,dc=world' "uid=cent,ou=people,dc=server,dc=world" Enter LDAP Password: [root@dir ~]#ldapdelete -x -W -D 'cn=admin,dc=server,dc=world' "cn=cent,ou=groups,dc=server,dc=world" Enter LDAP Password:
Test hot ng ca openldap - Xem file /etc/openldap/slapd.conf vi nhng option mc nh: - Sa nhng dng sau trong file /etc/openldap/slapd.conf: - Khi ng dch v ldap - Son tho file /etc/sample.ldif c ni dung nh sau: - Dng lnh ldapadd add ni dung ca file sample.ldif vo ldap server - Dng lnh ldapsearch tin hnh tm kim nhng d liu va import: - Tm kim entry c cn=bogus - Xa entry cn=bogus,dc=example,dc=org: - Kim tra li:
5.8.2. CU HNH LDAP CLIENT

[root@linux ~]#yum -y install openldap-clients nss-pam-ldapd [root@linux ~]#vi /etc/openldap/ldap.conf # add at the last line # LDAP server's URI URI ldap://10.0.0.39/ # specify Suffix BASE dc=server,dc=world TLS_CACERTDIR /etc/openldap/cacerts [root@linux ~]#vi /etc/nslcd.conf # line 131: specify URI, Suffix uri ldap://10.0.0.39/ base dc=server,dc=world ssl no tls_cacertdir /etc/openldap/cacerts [root@linux ~]#vi /etc/pam_ldap.conf
# line 17: make it comment #host 127.0.0.1 # line 20: specify Suffix base dc=server,dc=world # add at the last line uri ldap://10.0.0.39/ ssl no tls_cacertdir /etc/openldap/cacerts pam_password md5 [root@linux ~]#vi /etc/pam.d/system-auth # add like follows #%PAM-1.0 # This file is auto-generated. # User changes will be destroyed the next time authconfig is run. auth required pam_env.so auth sufficient pam_fprintd.so auth sufficient pam_unix.so nullok try_first_pass auth requisite pam_succeed_if.so uid >= 500 quiet auth sufficient pam_ldap.so use_first_pass auth required pam_deny.so account required pam_unix.so account sufficient pam_localuser.so account sufficient pam_succeed_if.so uid < 500 quiet account [default=bad success=ok user_unknown=ignore] pam_ldap.so account required pam_permit.so password requisite pam_cracklib.so try_first_pass retry=3 type= password sufficient pam_unix.so sha512 shadow nullok try_first_pass use_authtok password sufficient pam_ldap.so use_authtok password required pam_deny.so session optional pam_keyinit.so revoke session required pam_limits.so session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid session required pam_unix.so session optional pam_ldap.so # add if you need ( create home directory automatically if it's none ) session optional pam_mkhomedir.so skel=/etc/skel umask=077 [root@linux ~]#vi /etc/nsswitch.conf passwd: files ldap # line 33: add shadow: files ldap # add group: files ldap # add netgroup: ldap # line 57: change automount: files ldap # line 61: change
[root@linux ~]#vi /etc/sysconfig/authconfig # line 18: change USELDAP=yes [root@linux ~]#chkconfig nslcd on [root@linux ~]#shutdown -r now www.serverlinux.vn login:fermi # user on LDAP Password: Creating directory '/home/fermi'. [fermi@www ~]$ # just logined [fermi@www ~]$ passwd # try to change LDAP password Changing password for user fermi. Enter login(LDAP) password: New password: Retype new password: LDAP password information changed for fermi passwd: all authentication tokens updated successfully.
6. CHNG 06: QUN L C S D LIU TRN LINUX
6.1.
C S D LIU MYSQL
6.1.1. CI T MYSQL
[root@linux ~]#yum -y install mysql-server [root@linux ~]#/etc/rc.d/init.d/mysqld start Initializing MySQL database: Installing MySQL system tables...OK Filling help tables... OK Please report any problems with the /usr/bin/mysqlbug script! Starting mysqld: [ OK ] [root@linux ~]#chkconfig mysqld on [root@linux ~]#mysql -u root # connect to MySQL mysql>select user,host,password from mysql.user;
# set root password mysql>set password for root@localhost=password('password'); Query OK, 0 rows affected (0.00 sec) # set root password mysql>set password for root@'127.0.0.1'=password('password'); Query OK, 0 rows affected (0.00 sec) # set root password mysql>set password for root@'www.serverlinux'=password('password'); Query OK, 0 rows affected (0.00 sec) # delete anonymous user mysql>delete from mysql.user where user=''; Query OK, 2 rows affected (0.00 sec) mysql>select user,host,password from mysql.user;
mysql>exit # quit Bye [root@linux ~]#mysql -u root -p # connect with root Enter password: # MySQL root password Welcome to the MySQL monitor. Commands end with ; or \g. Your MySQL connection id is 4 Server version: 5.1.52 Source distribution Copyright (c) 2000, 2010, Oracle and/or its affiliates. All rights reserved. This software comes with ABSOLUTELY NO WARRANTY. This is free software,and you are welcome to modify and redistribute it under the GPL v2 license Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. mysql>exit Bye
6.1.2. CI T V CU HNH PHPMYADMIN

[root@linux ~]#yum --enablerepo=epel -y install phpMyAdmin php-mysql phpmcrypt # install from EPEL [root@linux ~]#vi /etc/httpd/conf.d/phpMyAdmin.conf # line 14: add IP address you permit Allow from 127.0.0.1 10.0.0.0/24 [root@linux ~]#/etc/rc.d/init.d/httpd reload Reloading httpd: [ OK ]
Truy cp 'http://(hostname hoc IP address)/ trong trnh duyt truy cp vo c s d liu vi user ca MySQL.
6.2.
C S D LIU ORACLE
6.2.1. CI T ORACLE
[root@db01 ~]#yum -y install binutils compat-libstdc++-33 elfutils-libelf elfutils-libelf-devel glibc glibc-common glibc-devel gcc gcc-c++ libaio libaio-devel libgcc libstdc++ libstdc++-devel make sysstat unixODBC unixODBC-devel
Chnh sa cc tham s kernel

[root@db01 ~]#vi /etc/sysctl.conf # make it comment #net.bridge.bridge-nf-call-ip6tables = 0 #net.bridge.bridge-nf-call-iptables = 0 #net.bridge.bridge-nf-call-arptables = 0 # add at the last line net.ipv4.ip_local_port_range = 9000 65500 fs.file-max = 6815744 kernel.shmall = 10523004 kernel.shmmax = 6465333657 kernel.shmmni = 4096 kernel.sem = 250 32000 100 128 net.core.rmem_default=262144 net.core.wmem_default=262144 net.core.rmem_max=4194304 net.core.wmem_max=1048576 fs.aio-max-nr = 1048576 [root@db01 ~]#sysctl -p net.ipv4.ip_forward = 0 net.ipv4.conf.default.rp_filter = 1 net.ipv4.conf.default.accept_source_route = 0 kernel.sysrq = 0 kernel.core_uses_pid = 1 net.ipv4.tcp_syncookies = 1 net.ipv4.ip_local_port_range = 9000 65500 fs.file-max = 65536 kernel.shmall = 10523004 kernel.shmmax = 6465333657 kernel.shmmni = 4096 kernel.sem = 250 32000 100 128 net.core.rmem_default = 262144
net.core.wmem_default = 262144 net.core.rmem_max = 4194304 net.core.wmem_max = 1048576 fs.aio-max-nr = 1048576
To user cho oracle.

[root@db01 ~]#groupadd -g 200 oinstall [root@db01 ~]#groupadd -g 201 dba [root@db01 ~]#useradd -u 440 -g oinstall -G dba -d /usr/oracle oracle [root@db01 session session session session session -session ~]#vi /etc/pam.d/login# near line 14: add required pam_selinux.so open required pam_namespace.so required pam_limits.so optional pam_keyinit.so force revoke include system-auth optional pam_ck_connector.so
[root@db01 ~]#vi /etc/security/limits.conf # add at the last line oracle soft nproc 2047 oracle hard nproc 16384 oracle soft nofile 1024 oracle hard nofile 65536 [root@db01 ~]#vi /etc/profile # add at the last line if [ $USER = "oracle" ]; then if [ $SHELL = "/bin/ksh" ]; then ulimit -p 16384 ulimit -n 65536 else ulimit -u 16384 -n 65536 fi fi
Ci t oracle 11g R2 Ti Oracle Databse 11g R2 dnh cho Linux http://www.oracle.com/technology/software/products/database/index.html Sau khi ti v tin hnh gii nn theo cc bc sau:
[oracle@db01 ~]$cd tmp [oracle@db01 tmp]$unzip linux.x64_11gR2_database_1of2.zip [oracle@db01 tmp]$unzip linux.x64_11gR2_database_2of2.zip
ti
ch
Tin hnh ci t
[oracle@db01 tmp]$./database/runInstaller
a) Trnh ci t Oracle khi ng. u tin, nhp a ch email v password nhn thng tin t Oracle nh security. Nhn Next tip tc.
b) Chn "Install database software only".
c) Chn "Single Instance ***".
d) Chn ngn ng.
e) Chn Enterprise edition.
f) Chn th mc ci t Oracle. Trong v d ny, gi default v nhn Next tip tc
g) Chn mc nh v tip tc.
h) La chn group c d liu. Trong v d ny chn default v tip tc.
i) Nhn Next tip tc
j) Click "Finish" nu tt c OK.
k) Trnh ci t bt u, nhn nt Finish.
l) Mn hnh sau hin th, sau m terminal v thc thi cc lnh sau vi user root.
[root@db01 ~]# /usr/oracle/oraInventory/orainstRoot.sh Changing permissions of /usr/oracle/oraInventory. Adding read,write permissions for group. Removing read,write,execute permissions for world. Changing groupname of /usr/oracle/oraInventory to oinstall. The execution of the script is complete. [root@db01~]#/usr/oracle/app/product/11.2.0/dbhome_1/root.sh Running Oracle 11g root.sh script... The following environment variables are set as: ORACLE_OWNER= oracle ORACLE_HOME= /usr/oracle/app/product/11.2.0/dbhome_1 Enter the full pathname of the local bin directory: [/usr/local/bin]: # Enter Copying dbhome to /usr/local/bin ... Copying oraenv to /usr/local/bin ... Copying coraenv to /usr/local/bin ... Creating /etc/oratab file... Entries will be added to the /etc/oratab file as needed by Database Configuration Assistant when a database is created Finished running generic part of root.sh script. Now product-specific root actions will be performed. Finished product-specific root actions.
m) Ci t hon thnh click nt "Close".
n) Cu hnh cho user Oracle.

[oracle@db01 ~]$vi ~/.bash_profile # add at the last lone export ORACLE_HOME=$ORACLE_BASE/product/11.2.0/dbhome_1 export PATH=$PATH:$ORACLE_HOME/bin [oracle@db01 ~]$source ~/.bash_profile [oracle@db01 ~]$rm -rf tmp
o) To danh sch Oracle Net Listener Create a Oracle Net Listener that is a network service on Oracle. Login ti khon Oracle v nhp vo lnh "netca", sau khi sau xut hin. Check vo nt "Listener Configuration" v nhn next.
Nhn Next.
Nhp tn Listner m bn thch (tn g cng c)
Trong v d ny gi mc nh "TCP". C th thay i cc gi tr mc nh ny.
Nhp port. Trong v d ny gi mc nh. C th thay i cc gi tr ny.
Nu mun to tip mt Listener na th nhn Yes ngc li nhn No. Nhn No tip tc
Cu hnh hon thnh
Click "Finish" kt thc. Sau khi hon thnh, nhp li trng thi bng lnh "netstat".
6.2.2. TRIN KHAI THIT LP CSDL S DNG ORACLE To c s d liu. a) Login vo user trong Oracle v nhp vo lnh "dbca", nhn "Next" tip tc
b) Chn "Create Database" v nhn next
c) Chn "General Purpose ***" v tip tc
d) Nhp tn Grobal Database v SID nh bn di.
e) Gi gi tr mc nh v tip tc
f) Nhp passwords. Nn nhp mt khu c tnh bo mt cao
g) Gi gi tr mc nh l "File System".
h) Configure recovery settings. If you'd like to change it, Set it.
i) Configure sample schema and scripts. If you'd like to add them, Set them.
j) Configure memory setting. After setting, go to next tab.
k) Specify max processes.
l) Set Character setting.
m)Select connection mode. If your server does not have many clients, Select Dedicated server mode. If your server has many clients, Select Shared server mode.
n) Confirm parameters for Storage settings. If you'd like to change, set them.
o) Configuration completed. Click "Finish" button to finish.
p) Confirm settings and Click "OK" if all are OK.
q) Database creation starts.
r) Sau khi c s d liu to xong nhn "Exit" hon thnh.
s) Access to a URL that is shown on finished screen above with web browser, then follwing screen is shown. Input a user name and password that you configured on the section
Create a init Scriptmake Oracle start automatically on system booting.

t) Change like folows first.
[root@db01 ~]#vi /etc/oratab db01:/usr/oracle/app/product/11.2.0/dbhome_1:Y# change
[root@db01 ~]#vi /usr/oracle/.bash_profile # add your SID at the last line export ORACLE_SID=db01
u) Create a init Script

[root@db01 ~]#vi /etc/rc.d/init.d/oracle # this is an example #!/bin/bash # oracle: Start/Stop Oracle Database 11g R2 # # chkconfig: 345 90 10 # description: The Oracle Database is an Object-Relational Database Management System. # # processname: oracle . /etc/rc.d/init.d/functions LOCKFILE=/var/lock/subsys/oracle ORACLE_HOME=/usr/oracle/app/product/11.2.0/dbhome_1 ORACLE_USER=oracle case "$1" in 'start') if [ -f $LOCKFILE ]; then echo $0 already running. exit 1 fi echo -n $"Starting Oracle Database:" su - $ORACLE_USER -c "$ORACLE_HOME/bin/lsnrctl start" su - $ORACLE_USER -c "$ORACLE_HOME/bin/dbstart $ORACLE_HOME" su - $ORACLE_USER -c "$ORACLE_HOME/bin/emctl start dbconsole" touch $LOCKFILE ;; 'stop') if [ ! -f $LOCKFILE ]; then echo $0 already stopping. exit 1 fi echo -n $"Stopping Oracle Database:" su - $ORACLE_USER -c "$ORACLE_HOME/bin/lsnrctl stop" su - $ORACLE_USER -c "$ORACLE_HOME/bin/dbshut" su - $ORACLE_USER -c "$ORACLE_HOME/bin/emctl stop dbconsole" rm -f $LOCKFILE ;; 'restart')
$0 stop $0 start ;; 'status') if [ -f $LOCKFILE ]; then echo $0 started. else echo $0 stopped. fi ;; *) echo "Usage: $0 [start|stop|status]" exit 1 esac exit 0
[root@db01 ~]#chmod 755 /etc/rc.d/init.d/oracle [root@db01 ~]#/etc/rc.d/init.d/oracle start Starting Oracle Database: LSNRCTL for Linux: Version 11.2.0.1.0 - Production on 12-JUL-2011 23:41:57 Copyright (c) 1991, 2009, Oracle. All rights reserved. Starting /usr/oracle/app/product/11.2.0/dbhome_1/bin/tnslsnr: please wait... TNSLSNR for Linux: Version 11.2.0.1.0 - Production System parameter file is /usr/oracle/app/product/11.2.0/dbhome_1/network/admin/listener.ora Log messages written to /usr/oracle/app/diag/tnslsnr/db01/listener/alert/log.xml Listening on: (DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=db01.serverlinux)(PORT=1521))) Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=db01.serverlinux)(PORT=1521))) STATUS of the LISTENER -----------------------Alias LISTENER Version TNSLSNR for Linux: Version 11.2.0.1.0 Production Start Date 12-JUL-2011 23:41:57 Uptime 0 days 0 hr. 0 min. 0 sec Trace Level off Security ON: Local OS Authentication SNMP OFF
Listener Parameter File /usr/oracle/app/product/11.2.0/dbhome_1/network/admin/listener.ora Listener Log File /usr/oracle/app/diag/tnslsnr/db01/listener/alert/log.xml Listening Endpoints Summary... (DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=db01.serverlinux)(PORT=1521))) The listener supports no services The command completed successfully Processing Database instance "db01": log file /usr/oracle/app/product/11.2.0/dbhome_1/startup.log Oracle Enterprise Manager 11g Database Control Release 11.2.0.1.0 Copyright (c) 1996, 2009 Oracle Corporation. All rights reserved. https://db01.serverlinux:1158/em/console/aboutApplication Starting Oracle Enterprise Manager 11g Database Control ........ started. ----------------------------------------------------------Logs are generated in directory /usr/oracle/app/product/11.2.0/dbhome_1/db01.serverlinux_db01/sysman/log
[root@db01 ~]#chkconfig --add oracle [root@db01 ~]#chkconfig oracle on
6.2.3. CI T JAVA DEVELOPMENT ENVIRONMENT Ci t Java SE Development Kit (JDK)

a) Ti jdk-7-linux-x64.rpm t a ch http://download.oracle.com/otn-pub/java/jdk/7/jdk-7-
linux-i586.rpm hoc v a ch ca Oracle (http://www.oracle.com/technetwork/java/javase/downloads/java-se-jdk-7-download432154.html)

b) Ci t JDK
[root@linux ~]#rpm -Uvh jdk-7-linux-x64.rpm Preparing... ########################################### [100%] 1:jdk ########################################### [100%] Unpacking JAR files... rt.jar... jsse.jar... charsets.jar...
tools.jar... localedata.jar... [root@linux ~]#vi /etc/profile # add at the last line export JAVA_HOME=/usr/java/default export PATH=$PATH:$JAVA_HOME/bin export CLASSPATH=.:$JAVA_HOME/jre/lib:$JAVA_HOME/lib:$JAVA_HOME/lib/tools.jar [root@linux ~]#source /etc/profile
c) Test th bng cch to chng trnh sau

[root@linux ~]#vi day.java import java.util.Calendar; class day { public static void main(String[] args) { Calendar cal = Calendar.getInstance(); int year = cal.get(Calendar.YEAR); int month = cal.get(Calendar.MONTH) + 1; int day = cal.get(Calendar.DATE); int hour = cal.get(Calendar.HOUR_OF_DAY); int minute = cal.get(Calendar.MINUTE); System.out.println(year + "/" + month + "/" + day + " " + hour + ":" + minute); } } [root@linux ~]#javac day.java # compile [root@linux ~]#java day # execute 2011/7/30 21:7
6.2.4. JAVA APPLICATION SERVER - TOMCAT 7

a) Ci t v cu hnh Tomcat 7
[root@linux ~]#wgethttp://ftp.riken.jp/net/apache/tomcat/tomcat7/v7.0.23/bin/apache-tomcat-7.0.23.tar.gz [root@linux ~]#tar zxvf apache-tomcat-7.0.16.tar.gz [root@linux ~]#mv apache-tomcat-7.0.16 /usr/tomcat7 [root@linux ~]#useradd -d /usr/tomcat7 tomcat
useradd: warning: the home directory already exists. Not copying any file from skel directory into it. [root@linux ~]#chown -R tomcat. /usr/tomcat7
b) To script INIT
[root@linux ~]# vi /etc/rc.d/init.d/tomcat7 #!/bin/bash # Tomcat7: Start/Stop Tomcat 7 # # chkconfig: - 90 10 # description: Tomcat is a Java application Server. . /etc/init.d/functions . /etc/sysconfig/network CATALINA_HOME=/usr/tomcat7 TOMCAT_USER=tomcat LOCKFILE=/var/lock/subsys/tomcat RETVAL=0 start(){ echo "Starting Tomcat7: " su - $TOMCAT_USER -c "$CATALINA_HOME/bin/startup.sh" RETVAL=$? echo [ $RETVAL -eq 0 ] && touch $LOCKFILE return $RETVAL } stop(){ echo "Shutting down Tomcat7: " $CATALINA_HOME/bin/shutdown.sh RETVAL=$? echo [ $RETVAL -eq 0 ] && rm -f $LOCKFILE return $RETVAL } case "$1" in start) start
;; stop) stop ;; restart) stop start ;; status) status tomcat ;; *) echo $"Usage: $0 {start|stop|restart|status}" exit 1 ;; esac exit $? [root@linux ~]#chmod 755 /etc/rc.d/init.d/tomcat7 [root@linux ~]#/etc/rc.d/init.d/tomcat7 start Starting Tomcat7: Using CATALINA_BASE: Using CATALINA_HOME: Using CATALINA_TMPDIR: Using JRE_HOME:
/usr/tomcat7 /usr/tomcat7 /usr/tomcat7/temp /usr/java/default
Using CLASSPATH: /usr/tomcat7/bin/bootstrap.jar:/usr/tomcat7/bin/tomcatjuli.jar [root@linux ~]#chkconfig --add tomcat7 [root@linux ~]#chkconfig tomcat7 on
c) Truy cp vo trnh duyt web theo a ch Access to "http://(your hostname or IP address):8080/, trong v d ny l http://serverlinux.vn:8080/
d) Cu hnh truy cp vi port khc port 8080 trong URL.

[root@linux ~]#vi /etc/httpd/conf.d/proxy_ajp.conf # add at the last line ProxyPass /tomcat/ ajp://localhost:8009/ #Khi ng li dch v web [root@linux ~]#/etc/rc.d/init.d/httpd restart Stopping httpd: Starting httpd: [ [ OK OK ] ]
e) Truy cp vo trnh duyt theo a ch http://(your hostname or IP address)/tomcat/" vi port mi 8009 nh bc c
f) To bi test servlet hin th gi v ngy hin ti ca h thng

[root@linux ~]#mkdir /usr/tomcat7/webapps/ROOT/WEB-INF/classes [root@linux ~]#chown tomcat. /usr/tomcat7/webapps/ROOT/WEB-INF/classes
[root@linux ~]#cd /usr/tomcat7/webapps/ROOT/WEB-INF/classes [root@linux classes]#vi daytime.java import java.io.*; import javax.servlet.*; import javax.servlet.http.*; import java.util.Calendar; public class daytime extends HttpServlet { public void doGet(HttpServletRequest request ,HttpServletResponse response) throws IOException, ServletException{ response.setContentType("text/html"); PrintWriter out = response.getWriter(); Calendar cal = Calendar.getInstance(); out.println("<html>"); out.println("<head>"); out.println("<title>DayTime</title>"); out.println("</head>"); out.println("<body>"); out.println("<div style=\"font-size: 40px; text-align: center; fontweight: bold\">"); out.println(cal.get(Calendar.YEAR) + "/" + (cal.get(Calendar.MONTH) + 1) + "/" + cal.get(Calendar.DATE) + " " + cal.get(Calendar.HOUR_OF_DAY) + ":" + cal.get(Calendar.MINUTE)); out.println("</div>"); out.println("</body>"); out.println("</html>"); } } [root@linux classes]#javac -classpath /usr/tomcat7/lib/servlet-api.jar daytime.java [root@linux classes]#vi /usr/tomcat7/webapps/ROOT/WEB-INF/web.xml # add follows between <web-app> - </web-app> <servlet> <servlet-name>daytime</servlet-name> <servlet-class>daytime</servlet-class> </servlet>
<servlet-mapping> <servlet-name>daytime</servlet-name> <url-pattern>/daytime</url-pattern> </servlet-mapping>
g) Truy cp vo trnh duyt theo a ch http://(your hostname or IP address)/tomcat/daytime
7. CU HNH MT S DCH V KHC
7.1.
CI T V CU HNH VMWARE PLAYER
a) Ti phn mm VMware-Player-3.1.4-385536.x86_64.bundle t website ca Vmware (http://www.vmware.com/products/player/) b) Ci t VMWare Player

[root@linux ~]#chmod 700 VMware-Player-3.1.4-385536.x86_64.bundle [root@linux ~]#./VMware-Player-3.1.4-385536.x86_64.bundle Extracting VMware Installer...done. Would you like to check for product updates on startup? [yes]: # Enter Would you like to help make VMware software better by sending anonymous system data and usage statistics to VMware? [yes]: # Enter The product is ready to be installed. Press Enter to begin installation or Ctrl-C to cancel. # Enter Installing VMware Player Application 3.1.4 Configuring... [##################################################################] 100% Installation was successful.
c) T giao din ha vo 'System tools'
'VMware Player'
d) Click 'Create a New Virtual machine'.
e) t a ci t vo a v nhn next
f) Nhp vo thng tin ca Windows.
g) Nhp tn v v tr lu Virtual Machine.
h) Chn size a
i) Click 'Cistomize Hardware'
j) Thay i thng tin Virtual Machine nu cn thit
k) Click 'Finish'
l) Khi ng Virtual Machine v tin hnh ci t
7.2.
CI T V CU HNH PXE SERVER
a) Ci t mt s phn mm cn thit
[root@pxe ~]#yum -y install syslinux xinetd tftp-server [root@pxe ~]#mkdir /var/lib/tftpboot/pxelinux.cfg [root@pxe ~]#cp /usr/share/syslinux/pxelinux.0 /var/lib/tftpboot/
b) Khi ng TFTP
[root@pxe ~]#vi /etc/xinetd.d/tftp # line 14: chnage disable = no [root@pxe ~]# /etc/rc.d/init.d/xinetd start Starting xinetd: [ OK ] [root@pxe ~]#chkconfig xinetd on
c) Khi ng DHCP Server

[root@pxe ~]#vi /etc/dhcp/dhcpd.conf option domain-name-servers 10.0.0.30; # near line 8: add filename "pxelinux.0"; next-server 10.0.0.70;
# IP address of PXE Server [root@pxe ~]#/etc/rc.d/init.d/dhcpd restart Shutting down dhcpd: [ OK ] Starting dhcpd: [ OK ]
d) Cu hnh PXE hon thnh
7.3.
CI T V CU HNH OPENVPN
This example shows to configure on the environment like follows. ( use Bridge mode ) ( [172.16.2.1] is actually for private IP addtess, though, replace it to your global IP address. ) (1) VPN server [172.16.2.1] - Global IP address [10.0.0.50] - eth0 ( real IP address ) [10.0.0.60] - br0 - set new as a Bridge (2) VPN Client(Windows) [192.168.0.244] - real IP address [10.0.0.??] - automatically set from VPN Server
Bng cch ny, rt neccesary thit lp mt vi thit t trn router ca bn cho NAT\/cng chuyn tip. Giao thc c s dng v nghe cng mc nh trn h phc v VPN l UDP\/1194. Pht biu vo mt v d y, yu cu 1194 vi UDP t internet l cn thit chuyn tip n 10.0.0.60:1194 trong mng LAN. a) Ci t v cu hnh OpenVPN
[root@vpn ~]#yum --enablerepo=epel -y install openvpn bridge-utils # install from EPEL [root@vpn ~]#cp /usr/share/doc/openvpn-*/sample-config-files/server.conf /etc/openvpn/ [root@vpn ~]#vi /etc/openvpn/server.conf # line 53: change dev tap0 # line 78: change like follows ca /etc/openvpn/easy-rsa/keys/ca.crt cert /etc/openvpn/easy-rsa/keys/server.crt key /etc/openvpn/easy-rsa/keys/server.key # line 87: change dh
/etc/openvpn/easy-rsa/keys/dh1024.pem # line 96: make it comment # server 10.8.0.0 255.255.255.0 # line 103: make it comment # ifconfig-pool-persist ipp.txt # line 115: uncomment and chnage ( [VPN server's IP] [subnetmask] [the range of IP for client] ) server-bridge 10.0.0.60 255.255.255.0 10.0.0.200 10.0.0.254 # line 138: add ( [network VPN server in] [subnetmask] ) push "route 10.0.0.0 255.255.255.0" # line 275: change status /var/log/openvpn-status.log # line 284: uncomment and change log /var/log/openvpn.log log-append /var/log/openvpn.log
b) To CA certificate v CA key
[root@vpn ~]#cp -R /usr/share/openvpn/easy-rsa/2.0 /etc/openvpn/easy-rsa [root@vpn ~]#cd /etc/openvpn/easy-rsa [root@vpn easy-rsa]#mkdir keys [root@vpn easy-rsa]#vi vars # line 64: change to your environment export export export export export KEY_COUNTRY="JP" KEY_PROVINCE="Hiroshima" KEY_CITY="Hiroshima" KEY_ORG="GTS" KEY_EMAIL="xxx@serverlinux"
[root@vpn easy-rsa]#source ./vars NOTE: If you run ./clean-all, I will be doing a rm -rf on /etc/openvpn/easy-rsa/keys [root@vpn easy-rsa]# ./clean-all
[root@vpn easy-rsa]# ./build-ca Generating a 1024 bit RSA private key .................++++++ ......++++++ writing new private key to 'ca.key' ----You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----Country Name (2 letter code) [JP]: # Enter State or Province Name (full name) [Hiroshima]: # Enter Locality Name (eg, city) [Hiroshima]: # Enter Organization Name (eg, company) [GTS]: # Enter Organizational Unit Name (eg, section) []: # Enter Common Name (eg, your name or your server's hostname) [GTS CA]: vpn.serverlinux # input FQDN Name []:server-ca # set Email Address [xxx@serverlinux]: # Enter
c) ca.crt c to ti "/etc/openvpn/easy-rsa/keys", transfer it to your client PC via FTP or SFTP d) To certificate v key cho server.
[root@vpn easy-rsa]#./build-key-server server Generating a 1024 bit RSA private key ........++++++ .......++++++ writing new private key to 'server.key' ----You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----Country Name (2 letter code) [JP]: # Enter
State or Province Name (full name) [Hiroshima]: # Enter Locality Name (eg, city) [Hiroshima]: # Enter Organization Name (eg, company) [GTS]: # Enter Organizational Unit Name (eg, section) []: # Enter Common Name (eg, your name or your server's hostname) [server]: vpn.serverlinux # input FQDN Name []:server # set Email Address [xxx@serverlinux.vn]: # Enter Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []: An optional company name []: Using configuration from /etc/openvpn/easy-rsa/2.0/openssl.cnf Check that the request matches the signature Signature ok The Subject's Distinguished Name is as follows countryName :PRINTABLE:'JP' stateOrProvinceName :PRINTABLE:'Hiroshima' localityName :PRINTABLE:'Hiroshima' organizationName :PRINTABLE:'GTS' commonName :PRINTABLE:'vpn.serverlinux' name :PRINTABLE:'server' emailAddress :IA5STRING:'xxx@serverlinux' Certificate is to be certified until Jul 12 09:30:07 2021 GMT (3650 days) Sign the certificate? [y/n]:y 1 out of 1 certificate requests certified, commit? [y/n]y Write out database with 1 new entries Data Base Updated
e) t tham s Diffie Hellman ( DH )

[root@vpn easy-rsa]# ./build-dh Generating DH parameters, 1024 bit long safe prime, generator 2 This is going to take a long time
f) To certificate v key cho client

[root@vpn easy-rsa]#./build-key-pass client Generating a 1024 bit RSA private key ..................++++++ ..................++++++ writing new private key to 'client.key' Enter PEM pass phrase: # set pass-phrase Verifying - Enter PEM pass phrase: # confirm
----You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----Country Name (2 letter code) [JP]: # Enter State or Province Name (full name) [Hiroshima]: # Enter Locality Name (eg, city) [Hiroshima]: # Enter Organization Name (eg, company) [GTS]: # Enter Organizational Unit Name (eg, section) []: # Enter Common Name (eg, your name or your server's hostname) [client]:vpn.serverlinux # input FQDN Name []:client # set Email Address [xxx@serverlinux]: # Enter Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []: An optional company name []: Using configuration from /etc/openvpn/easy-rsa/2.0/openssl.cnf Check that the request matches the signature Signature ok The Subject's Distinguished Name is as follows countryName :PRINTABLE:'JP' stateOrProvinceName :PRINTABLE:'Hiroshima' localityName :PRINTABLE:'Hiroshima' organizationName :PRINTABLE:'GTS' commonName :PRINTABLE:'vpn.serverlinux' name :PRINTABLE:'client' emailAddress :IA5STRING:'xxx@serverlinux' Certificate is to be certified until Jul 12 09:31:14 2021 GMT (3650 days) Sign the certificate? [y/n]:y 1 out of 1 certificate requests certified, commit? [y/n]y Write out database with 1 new entries Data Base Updated
g) client.crt v client.key c to ti th mc "/etc/openvpn/easy-rsa/keys", chuyn chng n client thng qua FTP hoc SFTP h) Khi ng OpenVPN
[root@vpn ~]#cp /usr/share/doc/openvpn-*/sample-scripts/bridge-stop /etc/openvpn/ [root@vpn ~]#cp /usr/share/doc/openvpn-*/sample-scripts/bridge-start /etc/openvpn/ [root@vpn ~]#chmod 755 /etc/openvpn/bridge-start [root@vpn ~]#chmod 755 /etc/openvpn/bridge-stop [root@vpn ~]#vi /etc/openvpn/bridge-start # line 17-20: change eth="eth0" # chnage if needed eth_ip="10.0.0.60" # IP address for bridge eth_netmask="255.255.255.0" # subnetmask eth_broadcast="10.0.0.255" # broadcast address [root@vpn ~]#vi /etc/rc.d/init.d/openvpn start) echo -n $"Starting openvpn: " # line 126: add /etc/openvpn/bridge-start # line 205: add /etc/openvpn/bridge-stop success; echo rm -f $lock [root@vpn ~]#/etc/rc.d/init.d/openvpn start Starting openvpn: tun: Universal TUN/TAP device driver, 1.6 tun: (C) 1999-2004 Max Krasnyansky <maxk@qualcomm.com> Fri Jul 15 18:33:02 2011 TUN/TAP device tap0 opened Fri Jul 15 18:33:02 2011 Persist state set to: ON Bridge firewalling registered device eth1 entered promiscuous mode device tap0 entered promiscuous mode br0: port 2(tap0) entering learning state br0: port 1(eth1) entering learning state [ OK ] [root@vpn ~]#chkconfig openvpn on
7.4.
CU HNH RAID 1
a) To Partition RAID trong a cng . Kiu ca partition RAID l "fd". Sau khi to partion
RAID, tin hnh kim tra trng thi ca n nh sau.

[root@linux ~]#sfdisk -l /dev/sdb Disk /dev/sdb: 20886 cylinders, 255 heads, 63 sectors/track Units = cylinders of 8225280 bytes, blocks of 1024 bytes, counting from 0 Device Boot Start End #cyls #blocks Id System /dev/sdb1 0+ 20885 20886167766763+ fd Linux raid autodetect /dev/sdb2 /dev/sdb3 /dev/sdb4 0 0 0 0 0 0 0 0 0 0 0 0 Empty Empty Empty
b) Cu hnh RAID 1
[root@linux ~]#mdadm --create /dev/md0 --level=raid1 --raid-devices=2 /dev/sdb1 /dev/sdc1 mdadm: Note: this array has metadata at the start and may not be suitable as a boot device. If you plan to store '/boot' on this device please ensure that your boot-loader understands md/v1.x metadata, or use --metadata=0.90 Continue creating array?y mdadm: Defaulting to version 1.2 metadata mdadm: array /dev/md0 started.
[root@linux ~]#vi /etc/mdadm.conf # mdadm.conf written out by anaconda MAILADDR root AUTO +imsm +1.x -all # add DEVICE /dev/sd[a-z]* ARRAY /dev/md0 level=raid1 devices=/dev/sdb1,/dev/sdc1
[root@linux ~]#cat /proc/mdstat # show status ( it's OK if it shows "[UU]" )
Personalities : [raid1] md0 : active raid1 sdc1[1] sdb1[0] 104855127 blocks super 1.2 [2/2] [UU] [==========>..........] resync = 50.1% (52600064/104855127) finish=4.2min speed=206060K/sec unused devices: <none> # after few minutes later, syncronizeing will complete and the status turns like follows
[root@linux ~]#cat /proc/mdstat Personalities : [raid1] md0 : active raid1 sdc1[1] sdb1[0] 104855127 blocks super 1.2 [2/2] [UU] unused devices: <none>
c) Cu hnh hon thnh RAID sau mount /home vo n

[root@linux ~]#pvcreate /dev/md0 Physical volume "/dev/md0" successfully created [root@linux ~]#vgcreate vg_home /dev/md0 Volume group "vg_home" successfully created [root@linux ~]#lvcreate -L 50G -n lv_home vg_home Logical volume "lv_home" created [root@linux ~]#mkfs -t ext4 /dev/vg_home/lv_home [root@linux ~]#mount /dev/vg_home/lv_home /mnt [root@linux ~]#cp -pR /home/* /mnt/ [root@linux ~]#umount /mnt [root@linux ~]#mount /dev/vg_home/lv_home /home [root@linux ~]#df -h Filesystem 1M-blocks /dev/mapper/vg_dlp-lv_root 20G tmpfs 3.9G /dev/sda1 485M /dev/mapper/vg_home-lv_home
Used 6.9G 0 34M
Available 12G 3.9G 426M
Use% 37% 0% 8%
Mounted on / /dev/shm /boot
50G [root@linux ~]#vi /etc/fstab # add RAID ARRAY /dev/mapper/vg_home-lv_home
182M
47G
1%
/home
/home ext4
defaults
1 2
d) Khi ng mdmonitor iu khin RAID ARRAY

[root@linux ~]#/etc/rc.d/init.d/mdmonitor start Starting mdmonitor: [ OK ]
[root@linux ~]#chkconfig mdmonitor on
e) Nu cng RAID ARRAY b Failure, c th re-configure RAID 1 ging nh sau

[root@linux ~]#cat /proc/mdstat Personalities : [raid1] md0 : active (auto-read-only) raid1 sdb1[0] 104855127 blocks super 1.2 [2/1] [U_] unused devices: <none> # change to new disk and create a raidautodetect partition on it again # next, do like follows [root@linux ~]#mdadm --manage /dev/md0 --add /dev/sdc1 # add new partition in RAID ARRAY mdadm: added /dev/sdc1 [root@linux ~]#cat /proc/mdstat # syncronizing starts Personalities : [raid1] md0 : active raid1 sdc1[2] sdb1[0] 104855127 blocks super 1.2 [2/1] [U_] [>....................] recovery = 4.9% (5200000/104855127) finish=7.9min speed=208000K/sec unused devices: <none> # after few minutes later, syncronizeing will complete and the status turns like follows [root@linux ~]#cat /proc/mdstat Personalities : [raid1] md0 : active raid1 sdc1[2] sdb1[0] 104855127 blocks super 1.2 [2/2] [UU] unused devices: <none>
7.5.
CU HNH TRUY CP TCP WRAPPER
a) Ci t TCP Wrapper
[root@linux ~]#yum -y install tcp_wrappers
b) Kim tra hot ng ca wrap

[root@linux ~]#ldd /usr/sbin/sshd | grep wrap libwrap.so.0 => /lib64/libwrap.so.0 (0x00007f01b4e2a000)
c) Cu hnh iu khin TCP Wrapper trong '/etc/hosts.allow' v '/etc/hosts.deny' vi truy cp
sshd t 10.0.0.0/24.
[root@linux ~]#vi /etc/hosts.deny sshd: ALL [root@linux ~]#vi /etc/hosts.allow sshd: 10.0.0.
d) V d truy cp vsftpd t 'host.example.domain'.

[root@linux ~]#vi /etc/hosts.deny vsftpd: ALL [root@linux ~]#vi /etc/hosts.allow vsftpd: host.example.domain [5] For the case to allow access to all services that can be under TCP Wrapper control only from 'example.domain' and '10.0.1.0/24'. [root@linux ~]#vi /etc/hosts.deny ALL: ALL [root@linux ~]#vi /etc/hosts.allow ALL: .example.domain 10.0.1.
8. CU HI N TP

Giaotrinhlinux - Centos 9.0

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Giaotrinhlinux - Centos 9.0

Uploaded by

Copyright:

Available Formats

1.

3.5. CU HI N TP............................................................................................................ 76 3.6. HNG DN N TP ................................................................................................... 78

5.1.5. 5.1.6. 5.1.7.

KIM SOT THI GIAN TRUY CP INTERNET ....................................... 185

1. CHNG 1: GII THIU CHUNG V UNIX/LINUX

Hnh 1.1 S hnh thnh v pht trin ca HH Linux

Click Next tip tc

Chn kiu Keyboard, nhn Next tip tc

Chn 'Basic Storage Devices

Click chn Re-initialize all, nhn next tip tc

t Hostname cho my tnh

Click nt "Create" , Select "LVM Logical Volume" v Click "Create

To phn vng /home

Sau khi to xong cc phn vng nhn next tip tc

Clieck Format nh dng a

Click 'Write Changes to Disk'

Lc chn phn mm ci t. Select 'Minimal' v tip tc.

Qu trnh ci t din ra trong vi pht.

Qu trnh ci t hon tt nhn nt reboot khi ng h thng

Bc 2: Chuyn vo th mc con v tham kho cc file INSTALL, README. V d 2.3.11:# cd linux-software-1.3.1

Bc 3: Sau ta da vo ch dn trong file (INSTALL, README) ci t phn mm.

Removed: mc.i386 1:4.6.1a-35.el5 Complete!

V d 2.3.16:#su c yum search named

V d 2.3.17#su c yum provides bind

Tp tin /etc/shadow - L ni lu tr mt khu c m ha Cu trc tp tin /etc/shadow nh sau:#cat

Kim tra hocvien trong /etc/shadow

[root@localhost ~]# vi /etc/shadow root:$6$TJbnN.B1u2MnUkxE$axmsOdkqonFy.CbiJ6SsDwqXMp74J3oJ2/RGJ.eM/G3ww23ACJ J67.LwYVBN6lFw6KF8x5rQ5J92NZJ1ZZUok0:15320:0:99999:7::: named:!!:15325:::::: hocvien:!!:15326:0:99999:7:::

t mt khu ngi dng - C php: #passwd <username> - V d 3.1.2# passwd hocvien

passwd: all authentication tokens updated successfully. [root@localhost ~]#

Kim tra user sv va to:

V d 3.1.4: To ti khon hv1 c home directory l /tmp/hv1 v thuc nhm hocvien:

[root@localhost ~]# vi /etc/passwd root:x:0:0:root:/root:/bin/bash bin:x:1:1:bin:/bin:/sbin/nologin .. hocvien:x:501:501::/home/hocvien:/bin/bash

Kim tra hv1 trong /etc/group

[root@localhost ~]# vi /etc/group root:x:0:root bin:x:1:root,bin,daemon . hocvien:x:501: sv:x:502: test:x:503:

Thay i mt khu ti khon ngi dng c) Thay i mt khu ti khon root

Lm tng t cho vic thay i mt khu cc ti khon khc nh hocvien, hv1.

Thay i thng tin ca ti khon - Xem c php lnh usermod

Thay i hv1 thuc nhm nhanvien: #usermod

Tm kha ti khon ngi dng - Kho hv1: passwd -l

hv1 (hay dng lnh usermod -L

Kim tra hv1 trong /etc/shadow

[root@localhost ~]# vi /etc/shadow root:$6$TJbnN.B1u2MnUkxE$axmsOdkqonFy.CbiJ6SsDwqXMp74J3oJ2/RGJ.eM/G3ww23ACJ J67.LwYVBN6lFw6KF8x5rQ5J92NZJ1ZZUok0:15320:0:99999:7::: bin:*:14924:0:99999:7::: . test:!!:15326:0:99999:7::: hv1:!!:15326:0:99999:7:::

M kha hv1: pass

hv1 (hay dng lnh usermod -U hv1)

Kim tra hv1 trong /etc/shadow

[root@localhost ~]# vi /etc/shadow root:$6$TJbnN.B1u2MnUkxE$axmsOdkqonFy.CbiJ6SsDwqXMp74J3oJ2/RGJ.eM/G3ww23ACJ J67.LwYVBN6lFw6KF8x5rQ5J92NZJ1ZZUok0:15320:0:99999:7::: bin:*:14924:0:99999:7::: test:!!:15326:0:99999:7::: hv1::15326:0:99999:7:::

[root@localhost ~]# vi /etc/group

root:x:0:root bin:x:1:root,bin,daemon .. sinhvien:x:505:

[root@localhost ~]# vi /etc/group root:x:0:root bin:x:1:root,bin,daemon . nhom1:x:505:

[root@localhost ~]# vi /etc/group root:x:0:root bin:x:1:root,bin,daemon . nhom1:x:600:

Thm ngi dng vo nhm - C php: #usermod - V d 3.1.8: #usermod

GIAO DIN DNG LNH

08:29 07:22 2008 2008 02:02 03:13 01:59 2005 07:22

. .. a2ps.cfg a2ps-site.cfg acpi adjtime alchemist aliases aliases.db

3.2.2. CC LNH C BN Xem danh sch cc x l ca h thng

Xem danh sch cc x l ca h thng, thc hin ch background:

iu khin job a) Lit k nhng jobs ang chy

b) Chuyn mt job ang chy t ch foreground sang ch background

c) Chuyn mt job ang chy t ch background sang ch foreground

hostname $hostname passwd ls cd man

3.3.1. CU TRC TH MC H THNG

$ls -l $ls -a - V d 3.3.7:$ls

-rw-r--r-- 1 root root 0 Jan 19 19:09 abc