linux 網路伺服器 建置、管理及維護
DESCRIPTION
Linux 網路伺服器 建置、管理及維護. 講師:施勢帆 博士. 老師簡介. 姓名:施勢帆 學歷:國立台灣科技大學電機工程研究所博士 經歷 :亞東技術學院電機系專任副教授 曾任:亞東技術學院電子計算機中心主任 專長:寬頻網路、開放原始碼軟體系統 網站: http://oss.oit.edu.tw E-mail : [email protected] Phone : (02)77384258-16. 第一章 開機與關機 第二章 網路與 IP 第三章 設定網路組態 第四章 Webmin 第五章 samba server - PowerPoint PPT PresentationTRANSCRIPT
-
Linux
-
http://[email protected] (02)77384258-16
-
IP Webmin samba server DNS Server Web Server Mail Server Ftp Server Proxy Server NAT DHCP Openwebmail phpnuke
-
linuxkernel/sbininitinit/etc/rc.d/rc.sysinitrc.sysinitinitrun levelscriptinit/etc/rc.d/rc.localscript
-
Linux/etc/rc.d/rc.localDOSautoexec.batLinux
-
Linuxrun levelrun level11run level 1run level
-
Linux
-
run levelrun level/etc/inittab# Default runlevel. The runlevels used by RHS are:# 0 - halt (Do NOT set initdefault to this)# 1 - Single user mode# 2 - Multiuser, without NFS (The same as 3, if you do not have networking)# 3 - Full multiuser mode# 4 - unused# 5 - X11# 6 - reboot (Do NOT set initdefault to this)#id:5:initdefault:
-
Linuxshutdownshutdown [flags] time [warning-message]
-
/etc/rc.d/rc.localrun levelrc5.d/run level 5scriptK15httpd scriptSK
-
run level[root@rh8 rc5.d]# ls -l K15httpdlrwxrwxrwx 1 root root 15 10 2 10:32 K15httpd -> ../init.d/httpd/etc/rc.d/rc5.d..../init.d/httpd/etc/rc.d/init.d/httpdhttpd/etc/rc.d/init.d/httpd restart
-
setupsetup/system servicentsysvcronddhcpdIPhttpdWeb Serverimapipop3
-
iptablesmysqldMySQLnamedDNSsendmailMail ServersmbWindowssquidProxysshdwu-ftpdFtp Server
-
IP ADSL IP
-
ADSLADSLrp-pppoeRed Hat 8rp-pppoe rp-pppoe[root@rh8 root]# rpm -q rp-pppoerp-pppoe-3.3-7rp-pppoerpm -e rp-pppoe
-
rp-pppoehttp://www.roaringpenguin.com/rp-pppoe[root@rh8 root]# rpm -ivh rp-pppoe-3.5-1.i386.rpmPreparing... #################################### [100%] 1:rp-pppoe #################################### [100%]rpm[root@rh8 root]# rpm -q rp-pppoerp-pppoe-3.5-1
-
adsl-setupADSL eth0enter no DNS 0 y
-
adsl-startConnected[root@rh8 root]# adsl-start.. Connected! adsl-statusadsl adsl-stopadsl
-
ifconfigpingtraceroute traceroutenslookup domain nameipdomain nameip
-
IPIP192.168.1.3203.75.126.162byte
111111111x271x261x251x241x231x221x211x201286432168421
-
101010011 0101001183
-
IP192.168.1.0192.168.1.255192.168.1IPIP0255IPxyIP
-
IPInternetIPIPPrivate IPIP
-
IPIPIP
-
4andand11
-
C ClassIP192.168.1.0~192.168.1.255192.168.1.0/255.255.255.0255.255.255.0
-
192.168.1.0255IP192.168.1.0192.168.1.12710255.255.255.128
255.255.255.128=11111111.11111111.11111111.10000000
-
IP256IP
-
IPADSL8
-
netconfig IP
-
netconfignetconfignetconfigUse dynamic IP configuration (BOOTP/DHCP)
-
/etc/sysconfig/network NETWORKING=yesFORWARD_IPV4=yesHOSTNAME=rh8.kingbig.idv.twDOMAINNAME=kingbig.idv.twGATEWAY=203.75.126.161GATEWAYDEV=eth0
-
/etc/sysconfig/network-scriptsifcfg-eth0ONBOOT=yesDEVICE=eth0BOOTPROTO=staticIPADDR=203.75.126.166IPNETMASK=255.255.255.248NETWORK=203.75.126.160BROADCAST=203.75.126.167
-
ifdowneth0ifupeth0[root@rh8 root]# ifdown /etc/sysconfig/network-scripts/ifcfg-eth0[root@rh8 root]# ifup /etc/sysconfig/network-scripts/ifcfg-eth0
[root@rh8 root]# /etc/rc.d/init.d/network restart eth0 [ ] loopback [ ] [ ] loopback [ ] eth0 [ ]
-
/etc/host.confmulti onorder hosts,bindmulti on/etc/host.conforder hosts,bindInternetIPhostsbind
-
hosts/etc/hostsbindDNSorder hosts,bindmulti on/etc/hostsIPDNSIP
-
IP/etc/hostsIP# Do not remove the following line, or various programs# that require network functionality will fail.203.75.126.166rh8.kingbig.idv.twrh8127.0.0.1localhost.localdomainlocalhost
-
/etc/resolv.confDNSIPInternetDNSIP/etc/resolv.confdomain kingbig.idv.twnameserver 203.75.126.166dns serverIPnameserver 168.95.1.1dns serverIPnameserverDNS
-
IPIP /etc/sysconfig/network-scripts/ifcfg-eth0ifcfg-eth0:0ifcfg-eth0:0DEVICEeth0:0IPADDRIP
-
WebminWebminUnixApacheDNS
-
step 1: Net_SSLeay.pm-1.22.tar.gz webmin-1.090.tar.gzStep 2: tar xvfz Net_SSLeay.pm-1.22.tar.gz cd Net_SSLeay.pm-1.22 perl Makefile.PL make make test make installStep 3: cd /usr/local tar xvfz /root/ webmin-1.090.tar.gz cd webmin-1.090 ./setup
-
https://your-hostname:10000
step 1: check /etc/webmin/miniserv.user step 2: /usr/local/webmin-1.090/changepass.pl \ /etc/webmin admin password
-
samba server smb.conf
-
samba serverLinuxwindowsWindowsLinux
-
smb.conf/etc/samba/smb.confsamba serverglobalhomesshareglobalsmbhomeshomesharesmb.confglobalhomes
-
global17 # workgroup = NT-Domain-Name or Workgroup-Name18 workgroup = MYGROUP18WindowsWorkgroupsamba serverMYGROUP
-
28 hosts allow = 203.75.126.163 192.168.1. 127.28samba serverIP; hosts allow = 192.168.1. 192.168.2. 127.;samba serverhosts allow = 203.75.126.163 192.168.1. 127.IP203.75.126.163192.168.1.127.
-
53 security = user53samba server
-
70 encrypt passwords = yes71 smb passwd file = /etc/samba/smbpasswd70Windows
-
71samba serverLinuxWindowsLinuxsamba
-
130 local master = yes134 os level = 33139 domain master = yes143 preferred master = yes143samba serverlocal masteryes130samba serveryes139samba serveryes1340255
-
homes188 #========== Share Definitions =========189 [homes]190 comment = Home Directories191 browseable = no192 writable = yes193 valid users = %S194 create mode = 0664195 directory mode = 0775
-
191browseablehomesnoyeshomes192writable193valid users194create mode195directory mode
-
shareshare296303296 ;[myshare]297 ; comment = Mary's and Fred's stuff298 ; path = /usr/somewhere/shared299 ; valid users = mary fred300 ; public = no301 ; writable = yes302 ; printable = no303 ; create mask = 0765
-
[WebDocument] comment = Web Document path = /var/www/html valid users = kingbig public = yes writable = yes printable = no create mask = 0755296303
-
smbpasswd aLinux/etc/samba/smbpasswd[root@rh8 samba]# smbpasswd -a kingbigNew SMB password:Retype new SMB password:unable to open passdb database.Added user kingbig.[root@rh8 samba]#Windows
-
DNS Server DNS
-
DNSIPIPIPDNS server
-
DNSDNS(.)
Sheet1
root "."
com
net
gov
tw
ibm
taitung
www
www
203
in-addr
75
162
126
arpa
ez-go
www
www
idv
kingbig
-
DNSInterNICDNSTWNIC (http://www.twnic.net.tw)(FQDN)(.)(.)
-
rh8.kingbig.idv.twIP203.75.126.166DNS/etc/named.conf
4 4 directory "/var/named"; /var/named
-
2630 26 zone "localhost" IN { 27 type master; 28 file "localhost.zone"; 29 allow-update { none; }; 30 }; localhost
-
3236 32 zone "0.0.127.in-addr.arpa" IN { 33 type master; 34 file "named.local"; 35 allow-update { none; }; 36 }; localhost127.0.0.1IP2636localhost
-
38zonekingbig.idv.tw40file kingbig.idv.tw;
-
44zoneIPDNS126.75.203.in-addr.arpa
-
/var/named/kingbig.idv.twkingbig.idv.twnamed.localwww.kingbig.idv.tw..
-
/var/named/203.75.126
-
/etc/named.conf/var/named/
-
Web Server httpd.conf CGI Web SSL
-
RedHat LinuxIPDomain nameTest PageIt Worked
-
/etc/httpd/conf/httpd.conf 56 ServerRoot "/etc/httpd"56Apache/etc/httpd 244 User apache 245 Group apache244245apache0777apache
-
252 ServerAdmin [email protected] 266 ServerName rh8.kingbig.idv.tw:80266Web#rh8.kingbig.idv.twwwwServerName
-
282 DocumentRoot "/home/kingbig/html"282365 #UserDir disable372 UserDir public_html372#365#372public_htmlhome
-
401 DirectoryIndex index.html index.htm index.php401http://www.kingbig.idv.twWeb ServerDirectoryIndexindex.htmlindex.htmClient
-
homeairforcehome/home/airforcepublic_htmlftpftppublic_htmlindex.htmlindex.htmhome711public_html755http://www.kingbig.idv.tw/~airforce~
-
namedhttpd
-
CGICGI/etc/httpd/conf/httpd.conf 561 ScriptAlias /cgi-bin/ "/var/www/cgi-bin/"CGI/var/www/cgi-bin/
-
cgi-bincgi
Options ExecCGI addhandler cgi-script .cgi .pl
addhandler cgi-script .cgi .plcgi.cgi.pl
-
WebWebIPIPIPDNS
-
Name-Basedwwwrh8www.kingbig.idv.twName-BasedDNSCNAMEhttpd.confNameVirtualHost 203.75.126.166 DocumentRoot /home/kingbig/html ServerName www.kingbig.idv.tw
-
Address-BasedIPIPAPTRhttpd.conf DocumentRoot /home/kingbig/html2 ServerName www2.kingbig.idv.tw
-
httpd.confName-BasedIPAddress-BasedName-BasedCNAMEName-BasedAddress-BasedIPAddress-Based
-
SSLSSLhttp://https://SSL
-
Mail Server sendmail
-
sendmail/etc/mail/sendmail.cf
/etc/mail/sendmail.cfsendmailIPO DaemonPortOptions=Port=smtp,Addr=203.75.126.166, Name=MTAsmtpIPmail server
-
/etc/mail/local-host-namesmail server/etc/mail/local-host-names/etc/mail/local-host-names# local-host-names - include all aliases for your machine here.kingbig.idv.twrh8.kingbig.idv.twmail.kingbig.idv.tw
-
sendmailSMTPport 25SMTPtelnet rh8.kingbig.idv.tw 25smtp serverHELOMAIL FROM:[email protected] TO:kingbig@localhost DATA . .QUIT smtp server
-
mail server Outlook Express
-
MAIL FROM:[email protected]@ms7.hinet.net Outlook ExpressSMTP
-
/var/spool/mail /var/spool/mailmailq /var/spool/mqueuemailq
-
mail servermail server/etc/mail/access IPlocalhost.localdomainRELAYlocalhostRELAY127.0.0.1RELAY192.168.1RELAY
-
accessdbmakemap hash /etc/mail/access < /etc/mail/access/etc/mail/accessRELAYIPInternetInternetRELAY
-
Outlook Expressipop3imapsetupsystem servicessystem servicesimaprpm
-
rootkingbig/etc/aliasesnewaliases
-
/etc/aliaseshome.forward\ \[email protected]
-
Ftp Server ftp ftp
-
ftpLinuxwu-ftpdnsftp
-
ftp/etc/ftpaccess ftp server
-
9 deny-uid %-99 %65534- 10 deny-gid %-99 %65534- 11 allow-uid ftp 12 allow-gid ftp910UserIDGroupID9965534UserIDGroupID99FTPftpUserID14GroupID50ftp1112ftp
-
35 class all real,guest,anonymous *35classallrealguestanonymous*IP
38 email root@localhost38
-
41 loginfails 541ftp
45 readme README* login 46 readme README* cwd=*45README46README
-
READMEREADME
-
49 message /welcome.msg login 50 message .message cwd=*49/var/ftp/welcome.msg50.message4546readmemessage
-
limit all 2 any/etc/ftpaccesslimitallany2
-
/etc/ftpusers ftpftpwhoftpcountftp
-
Proxy Server Proxy squid Client
-
ProxyProxy ServerProxy Server Proxy Server
-
Proxy ServerClientProxy ServerProxy ServerProxy ServerClientProxy ServerClientWeb ServerWeb ServerProxy ServerProxy ServerProxy ServerWeb ServerClient
-
Proxy ServerClientWeb ServerClientServerProxy ServerProxy Server
-
squid/etc/squid/squid.confsquidProxy Server
48 # http_port 312848squid31283128
-
405 # cache_mem 8 MB4058MBcachecachesquid
438 # maximum_object_size 4096 KB4384096 KB4 MB
-
601 # cache_dir ufs /var/spool/squid 100 16 256601squidufs/var/spool/squidsquid100100MB16/var/spool/squid16000F2561625600FF/var/spool/squid16*256
-
1117 # 1 week 1118 # 3.5 days 1119 # 4 months 1120 # 2.2 hours 1126 # reference_age 1 year112611171120
-
acl all src 0.0.0.0/0.0.0.0acl kingbig src 192.168.1.0/255.255.255.0192.168.1.0/255.255.255.0IPkingbighttp_access allow kingbighttp_access deny allProxykingbigIPProxy
-
ClientServerClientProxy Server
-
NAT NAT IP
-
NATIPPrivate IPPrivate IPInternetProxy ServerProxy ServerProxy Server
-
FTPICQProxyIPIP MasqueradingIPNATNetwork Address TranslationNATInternetIPNATIPNATIP
-
IP NATIPIPIPIP
-
ipchainssetupsystem serviceipchainsipchainsipchains ipchains/etc/rc.d/init.d/ipchains stopipchainsrmmod ipchains
-
/etc/rc.d/rc.local/etc/rc.d/rc.localIPLinuxIP
-
9 echo 1 > /proc/sys/net/ipv4/ip_forward 10 11 modprobe ip_tables 12 modprobe ip_nat_ftp 13 modprobe ip_nat_irc 14 modprobe ip_conntrack 15 modprobe ip_conntrack_ftp 16 modprobe ip_conntrack_irc 17 18 iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -j MASQUERADE
-
9IPip_forward111ip_tables12FTP1318192.168.1.0/255.255.255.0IPInternetIP/etc/rc.d/rc.local
-
IP192.168.1.0255255.255.255.0192.168.1.1Internet
-
DHCP DHCP /etc/dhcpd.conf Windows
-
DHCPIPDNSLinux ServerDHCP ServerIP192.168.1.0255
-
/etc/dhcpd.confDHCP Server dhcp/etc/dhcpd.conf
-
/etc/dhcpd.conf 1 default-lease-time 7200; 2 max-lease-time 86400; 3 option domain-name "kingbig.idv.tw"; 4 5 subnet 192.168.1.0 netmask 255.255.255.0 { 6 range 192.168.1.10 192.168.1.200; 7 option broadcast-address 192.168.1.255; 8 option routers 192.168.1.1; 9 option domain-name-servers 168.95.1.1, 203.75.126.166;10 }
-
1 default-lease-time 7200; IP7200
2 max-lease-time 86400; 86400
3 option domain-name kingbig.idv.tw; kingbig.idv.tw
-
5 subnet 192.168.1.0 netmask 255.255.255.0 {10 }5105IP192.168.1.0/255.255.255.0192.168.1.0255IP
-
6 range 192.168.1.10 192.168.1.200; DHCPIP192.168.1.10192.168.1.200IP
7 option broadcast-address 192.168.1.255; 192.168.1.255
-
8 option routers 192.168.1.1; 192.168.1.1NATIP
9 option domain-name-servers 168.95.1.1, 203.75.126.166; DNS168.95.1.1203.75.126.166,
-
/etc/rc.d/init.d/dhcpdDHCP/etc/rc.d/init.d/dhcpdDHCP/etc/rc.d/init.d/dhcpddaemon /usr/sbin/dhcpd ${DHCPDARGS} daemon /usr/sbin/dhcpd eth1dhcpd
-
WindowsLinux ServerDHCPWindowsIPDNS
-
Openwebmail 1) MIME-Base64-2.12.tar.gzCGI.pm-2.74.tar.gzlibnet-1.0901.tar.gzText-Iconv-1.2.tar.gzopenwebmail-2.00-1.i386.rpm
-
2) mkdir tmp ; cd tmp tar MIME-Base64-2.12.tar.gztar CGI.pm-2.74.tar.gztar libnet-1.0901.tar.gztar Text-Iconv-1.2.tar.gzcd MIME-Base64-2.12perl Makefile.PLMake installrpm -ivh openwebmail-2.00-1.i386.rpm
-
RedHat 9 Disk 3 CD-ROM mount /mnt/cdrom rpm -ivh /mnt/cdrom/RedHat/RPMS/perl-suidperl-5.8.0-88.i386.rpm
-
/var/www/cgi-bin/openwebmail/etc/openwebmail.conf
default_language zh_TW.Big5default_iconset Cool3D.Chinese.Traditional
./openebmail-tool.pl --init
-
openwebmail server http://addr.of.openwebmail.server/cgi-bin/openwebmail/openwebmail.pl Login "Continue "Language" "Chinese (Traditional)" () " "" openwebmail
-
phpnukeStep 1: web PHP+Apache+Mysql
test.php
http://your-hostname/test.php
-
Step 2: tar PHP-Nuke-6.0.tar.gz mv html nuke mv nuke/ /var/www/html chown -R apache.apache nukeStep 3:mysqladmin create nukemysql nuke < sql/nuke.sql
-
http://your-hostname/nuke/admin.php