Professional Documents
Culture Documents
CN06011 CN06112
Mc lc
Mc lc...................................................................................................................... 2 Li m u................................................................................................................7 Chng 1. S lc v Linux......................................................................................8 1.1 Lch s.............................................................................................................8 1.2 Kin trc HH Linux:.....................................................................................9 1.2.1 Nhn (Kernel).........................................................................................10 1.2.2 Shell........................................................................................................11 1.2.3 Cc tin ch.............................................................................................12 1.2.4 Chng trnh ng dng...........................................................................12 1.3 Nhng im khc nhau gia Linux & Windows............................................12 1.3.1 n ngi dng a ngi dng...........................................................12 1.3.2 Monolithic Kernel v Micro Kernel........................................................13 1.3.3 GUI v Kernel.........................................................................................13 1.3.4 Registry v Text file...............................................................................13 Chng 2: Linux c bn..........................................................................................15 2.1 H thng th mc trong Linux.......................................................................15 2.1.1 Cc th mc h thng.............................................................................15 2.1.2 Cu trc tp tin........................................................................................17 2.2 Qun l ngi dng v nhm.........................................................................18 2.2.1 Xem thng tin ngi dng......................................................................18 2.2.2 Qun l ngi dng................................................................................21 2.2.3 Cc lnh v tp tin v th mc ...................................................................26 To th mc : mkdir .......................................................................................26 Xa 1 th mc : rmdir .....................................................................................26 Hin th thng tin tp tin th mc: ls option tn_file.......................................27 To tp tin .......................................................................................................28 Xem ni dung tp tin.......................................................................................28 Sao chp..........................................................................................................28 Di chuyn.........................................................................................................28 SVTH: V Cng Dun Nguyn Anh Tun Trang 2
Trang 6
Li m u
Hin nay ch chim mt t l khim tn nu so vi h iu hnh Windows. Tuy nhin, trong nhng nm gn y h iu hnh Linux ang vn ln mt cch mnh m, ngy cng h tr cc qun tr mng cng nh ngi dng tt hn. Ngoi nhng tnh nng a dng, n nh hu ht cc bn Linux u min ph gp phn khng nh trong vic ph cp cng ngh thng tin. c bit l trong t khng hong kinh t ton cu, vic tit kim, gim chi ph trong doanh nghip tr nn cp bch th vic chuyn sang s dng Linux tr thnh mt trong nhng u tin hng u. l l do m chng em chn ti nghin cu trin khai cc dch v mng trn Linux. Trn tin, nhm chng em xin chn thnh cm n thy L Quc Tun tn tnh ch bo, hng dn chng em hon thnh ti tt nghip ny. Chng em xin gi n qu thy c khoa Cng Ngh Thng Tin lng bit n su sc v ghi nhn s ch dn, ging dy, h tr v gip , cung cp nhng kin thc qy bu, to mi iu kin thun li v gp trong sut qu trnh hc tp cho sinh vin chng em thc hin ti tt nghip c thun li. Chng em s s dng m hnh mng sau trin khai ti.
Trang 7
Chng 1. S lc v Linux
1.1 Lch s
- Nm 1991, Linus Torvalds, sinh vin ca i hc Tng hp Helsinki Phn Lan bt u xem xt Minix, mt phin bn ca Unix lm ra vi mc ch nghin cu cch to ra mt h iu hnh Unix chy trn my PC vi b vi x l Intel 80386. - Ngy 25/8/1991, Linus cho ra version 0.01 v thng bo trn comp.os.minix v d nh ca mnh v Linux. - 1/1992, Linus cho ra version 0.02 vi shell v trnh bin dch C. Linux khng cn Minix na bin dch li h iu hnh ca mnh. Linus t tn h iu hnh ca mnh l Linux. - 1994, phin bn chnh thc 1.0 c pht hnh. - 1996, phin bn 2.0 ra i nh du s thay i ln trong cu trc kernel - Tnh n thi im hin ti, phin bn n nh mi nht ca Linux kernel l 2.6.33.3. Di y l 1 email Linus Torvalds vi thng trc khi cng b phin bn kernel Linux u tin:
From: torvalds@klaava.Helsinki.FI (Linus Benedict Torvalds) Newsgroups: comp.os.minix Subject: What would you like to see most in minix? Summary: small poll for my new operating system Message-ID: Date: 25 Aug 91 20:57:08 GMT Organization: University of Helsinki Hello everybody out there using minix I'm doing a (free) operating system (just a hobby, won't be big and professional like gnu) for 386(486) AT clones. since april, and is starting to get ready. This has been brewing I'd like any feedback on
things people like/dislike in minix, as my OS resembles it somewhat (same physical layout of the file-system (due to practical reasons) among other things). I've currently ported bash(1.08) and gcc(1.40), and things seem to work. This implies that I'll get something practical within a few months, and I'd like to know what features most people would want. are welcome, but I won't promise I'll implement them :-) Any suggestions
Trang 8
Shell
Tin ch
ng dng
Kernel
Phn cng
Hnh 1. Kin trc Linux
Trang 9
1.2.1 Nhn (Kernel) L trung tm iu khin ca h iu hnh Linux, cha cc m ngun iu khin hot ng ca ton b h thng. Ht nhn c pht trin khng ngng, thng c 2 phin bn mi nht, mt bn dng pht trin mi nht v mt bn n nh mi nht. Kernel c thit k theo dng modul, do vy kch thc tht s ca Kernel rt nh. Chng ch ti nhng b phn cn thit ln b nh, cc b phn khc s c ti ln nu c yu cu s dng. Nh vy so vi cc h iu hnh khc Linux khng s dng lng ph b nh nh khng ti mi th ln m khng cn quan tm n c s dng khng. Kernel c xem l tri tim ca h iu hnh Linux, ban u pht trin cho cc CPU Intel 80386. im mnh ca loi CPU ny l kh nng qun l b nh. Kernel ca Linux c th truy xut ti ton b tnh nng phn cng ca my. Phin bn kernel thay i theo quy c: A.B.C.D. Trong : A: phin bn ca kernel - ch thay i khi c thay i rt ln v nh ngha hoc trong code ca kernel. Ch c 2 ln xy ra s thay i phin bn kernel l vo nm 1994 (version 1.0) v 1996 (version 2.0). B: thay i khi kernal c nhng thay i ln - vic thay i ca B tun theo h thng nh s phin bn chn - l. S l cho phin bn ang pht trin, s chn cho phin bn n nh. V d: 2.6.x l phin bn n nh, 2.5.x l phin bn ang pht trin. C: thay i khi c nhng thay i nh, khng ng k trong kernel. D: thay i khi c bug nh hoc cc sercurity fix.
Trang 10
1.2.2 Shell L 1 trnh phin dch, cung cp tp lnh ngi dng thao tc vi h iu hnh nhm thc hin cng vic ca mnh. C nhiu loi shell c dng trong Linux. im quan trng phn bit cc shell vi nhau l b lnh ca mi shell. V d, C shell (csh) s dng cc lnh tng t ngn ng C, Bourne Shell th dng ngn ng lnh khc.
Trang 11
Trang 12
Trang 13
Trang 14
Chng 2: Linux c bn
2.1 H thng th mc trong Linux
2.1.1 Cc th mc h thng Trong Linux khng c khi nim a nh trong Windows, tt c cc tp tin th mc bt u t th mc gc (/).H thng th mc trong linux c biu din nh sau: root
sbin
usr
dev
var
etc
home
sbin
bin
lib
doc
man
H iu hnh Linux hnh thnh t nhiu th mc v tp tin khc nhau. Cc th mc c th lp thnh nhiu file system khc nhau, ty vo cch ci t. Nhn chung, a phn h iu hnh nm hai file system: root file system (file system gc) c k hiu l /, v mt file system khc c kt ni theo /usr. Th mc /root /sbin /usr /dev /etc Chc nng Th mc gc, bt u cu trc file Cha cc file h thng dng khi ng h thng Cha cc file, cu lnh c h thng s dng, th mc ny c chia thnh cc th mc con khc. Cha giao din cho cc thit b nh cdrom,my in. Cha cc tp tin tu bin ca c h thng. Nhng tp tin trong ny iu khin c qu trnh khi ng my, qun l users, qun l mng ... /home Cha th mc gc ca ngi dng /var Cha cc file ng nhp h thng Trong th mc /dev cha cc file c bit gi l device files (file thit b, c h thng s dng chy cc phn cng. V d file /dev/cdrom s c thng tin t cdrom. Khi t chc s dng phn cng theo cch ny, Linux lm cho vic tng tc vi phn cng trng ging nh mt phn mm. SVTH: V Cng Dun Nguyn Anh Tun Trang 15
/dev/console Bn giao tip h thng, l mn hnh ni kt vt l vi h thng /dev/hd* /dev/sd* /dev/fd* /dev/st*
/dev/tty*
Tt c d liu trn cc partition c gn kt vo cy th mc, gi l mount. Khi chng ta ghi d liu vo trong th mc tc l chng ta ghi d liu ln partition m th mc gn kt vo. Th mc /usr v cc th mc con rt quan trng cho h thng Linux, bi v cha ng nhiu th mc trong c nhng chng trnh cn thit nht cho h thng. Nhng th mc cp di ca /usr cha cc gi phn mm ln m bn ci t.
Cc th mc th cp quan trng trong file system /usr. Th mc th cp /usr/bin /usr/etc /usr/include Lu nhiu file cu hnh h thng Ti y v trong nhiu th mc cp di ca /usr/include l ni lu tt c cc file km theo b bin dch C. Nhng file header ny nh ngha cc hng v hm dng Chc nng Lu nhiu file thi hnh ca h thng.
Trang 16
trong lp trnh bng C. /usr/g++include /usr/lib /usr/share/man /dev/pty* /usr/src /usr/local Lu cc file km theo b bin dch C. Cha cc th vin chng trnh s dng trong khi kt ni Cha cc trang th cng cho chng trnh. Bn di /usr/share/man l nhiu th mc tng ng vi cc on trong trang man. Driver h tr terminal gi, dng cho vic ng nhp t xa, chng hn nh nhng phin ng nhp qua Telnet. Cha cc th mc m ngun ca nhiu chng trnh trn h thng. Nu nhn c gi phn mm ch ci t, bn nn lu vo /usr/src/tn-gi trc khi ci t. Dnh ring cho vic thit k hoc ty chnh cc ng dng cho ph hp vi h thng my bn. Nhn chung, hu ht phn mm dng ti ch c lu trong cc th mc cp di ca th mc ny
- Linux h tr rt nhiu loi h thng tp tin nh: ext2, ext3, MS-DOS, proc.
H thng tp tin c bn ca Linux l ext2 v ext3 (hin ti l ext3). H thng tp tin ny cho php t tn tp tin ti a 256 k t v kch thc ti a l 4terabytes. MSDOS dng truy cp trc tip nhng tp tin MS-DOS. Bn cnh , Linux cn h
Trang 17
o Ngy v thi gian chnh sa tp tin ln cui cng. o V tr lu ni dung tp tin trong h thng tp tin.
Trang 18
[root@server1 ~]# cat /etc/passwd Khi s hin ln cc thng tin v user nh root:x:0:0:root:/root:/bin/bash bin:x:1:1:bin:/bin:/sbin/nologin daemon:x:2:2:daemon:/sbin:/sbin/nologin adm:x:3:4:adm:/var/adm:/sbin/nologin lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin
Tp tin /etc/shadow
L ni cha mt khu c m ha ca cc ti khon. Cu trc file /etc/shadow :
Trang 19
root:$1$m3MGmRC/$9NBZi2vWtpngNk.LXrMvn.:14761:0:99999:7::: bin:*:14761:0:99999:7::: daemon:*:14761:0:99999:7::: xfs:!!:14761:0:99999:7::: gdm:!!:14761:0:99999:7::: - Khi quan st file shadow chng cn cho ta bit thm thng tin ti khon c b v hiu ha khng.Nu bt u bng * th ti khon b kha cn nu bt u bng !! th n ch b tm kha thi.Ch khi no bt u bng $ th ti khon mi ht kha.
Tp tin /etc/group
Ngoi cc tp tin cha thng tin v ti khon chng ta cn c gfile cha thng tin v nhm. Cu trc file /etc/group :
Trang 20
[root@server1 ~]# cat /etc/group root:x:0:root bin:x:1:root,bin,daemon daemon:x:2:root,bin,daemon sys:x:3:root,bin,adm adm:x:4:root,adm,daemon nat:x:500: 2.2.2 Qun l ngi dng
Trang 21
[root@server1 ~]# useradd cn06 - Sau khi to ti khon xong chng ta c th ln lt kim tra cc file qun l ngi dng nh: o File /etc/passwd : cn06:x:501:501::/home/cn06:/bin/bash o File /etc/shadow cn06:!!:14840:0:99999:7::: - Mc nh cc ti khon mi lp thng th ti khon ngi dng b disable cho ti khi bn t mt khu cho ti khon . Khi va to ti khon ta kim tra trong /etc/passwd :
cn06:x:501:501::/home/cn06:/bin/bash - Khi to user m khng ch ra home directory th homedir mc nh nm trong th mc home Hay trong /etc/shadow
cn06:!!:14840:0:99999:7::: - Ta thy cn06:!! C ngha ti khon vn b tm kha do chng ta cha t mt khu. Trong /etc/group :
cn06:x:501: Khi to 1 user m khng ch r userID th h thng t t userID>=500. Khi to user vi userID = 0 th n c quyn ngang vi root.
Trang 22
- Khi bn t mt khu qu n gin h thng s nhc nh bn bo mt hn.Bn c th thay i mt khu nu thy n qu n gin hay cn thay i.Vic thay i ging nh bn t mi mt khu.
Trang 23
Trang 24
[root@server1 ~]# passwd -u cn06 Unlocking password for user cn06. passwd: Success.
Ty chn -g gid -r -f
[root@server1 ~]# groupadd cntt Chng ta tin hnh kim tra trong file /etc/group :
Trang 25
V d to th mc c tn cn06
[root@server1 ~]# mkdir cno6
Hnh 3: To th mc
Trang 26
Hin th thng tin tp tin th mc: ls option tn_file Vi cc ty chn nh sau : Option ngha -L Hin th danh sch tn cc file -l Hin th danh sch file : tn,kch thc, ngy to . -a Lit k tt c cc file bao gm c file n. -R Lit k tt c cc file k c trong th mc con. Xem danh sch cc file trong th mc gc
[root@server1 ~]# ls -l / total 138 drwxr-xr-x drwxr-xr-x drwxr-xr-x drwxr-xr-x 2 root root 4 root root 11 root root 4096 Aug 12 04:29 bin 1024 Jun 1 07:43 boot
Lit k th mc :
[root@server1 ~]# ls -l /root/cno6/ total 16 -rw------- 1 root root 0 Aug 20 09:35 cn06a
Trang 27
Xem ni dung tp tin C nhiu lnh xem tp tin ta c th s dng nhiu lnh : cat,more,less,tail,
[root@server1 ~]# cat /root/cn06/baocao.txt luan van tot nghiep mang may tinh
- Tng t ta cng di chuyn th mcvi mv.Ta cng c th s dng ? v * di chuyn nhiu tp tin th mc.Ngoi ra vi lnh mv ta cng c th i tn tp tin th mc.
[root@server1 ~]# mv /root/userCNTT/ /root/CNTT/
Xa th mc rng : rmdir
[root@server1 ~]# rmdir /root/totnghiep [root@server1 ~]# rmdir /root/totnghiep
Trnh son tho vi Vi l trnh son tho vn bn, bao gm 2 ch : o Ch son vn bn (insert mode) thay i ni dung file o Ch lnh (command mode) dng cc lnh thot, di chuyn con tr, xa to 1 file ta dng c php sau : #vi tn_tp_tin
[root@server ~]# vi cn06.txt
- T ch ny ta c th nhn phm a bt u ni thm vn bn vo sau con tr nhn ch i chn k t vo trc con tr. thot khi ch son tho nhn ESC. SVTH: V Cng Dun Nguyn Anh Tun Trang 29
#locate tn_file
Cc lnh iu khin truy cp tp tin v th mc - Trong linux quyn truy cp c chia lm 3 nhm l owner, group v others.Vi 3 quyn l read(r), write(w) v execute (x) c gn cho mi nhm nh bng sau : Owner rwx r Group rwx Others rwx
Quyn truy cp c th gn theo k t hoc s . Theo k t ta c bng sau : Nhng ai c quyn ny th c quyn m v c ni dung tp tin Trang 30
a. Thay i quyn truy cp vi chmod: C php tng qut nh sau : chmod [quyn truy cp] [tp tin hoc th mc] Vi quyn truy cp ta c th cng dn cc quyn trn to quyn ln hn.
[root@server ~]# chmod 764 cn06.txt
o 6
o 6 = 4 + 2 c quyn c v vit trn group. o 4 c quyn c trn others. Chng ta c th sem li quyn tp tin
b. Thay i quyn s hu tp tin hay th mc vi chown : C php tng qut : chown [-R] [user:group] filename - Ty chn R c s dng trong trng hp mun chuyn quyn s hu i vi th mc ch nh v tt c tp tin v th mc trong th mc . Chuyn quyn s hu cho user :
Trang 31
- Vi lnh ny ta chuyn quyn s hu tp tin cn06.txt cho ngi dng cn06 v nhm cntt. Chuyn quyn s hu cho user nh sau
c. Thay i nhm s hu tp tin hay th mc vi chgrp : C php tng qut ; chgrp [-R] [groupname] filename - Ty chn R s dng khi mun chuyn quyn s hu i vi th mc v tt c th mc tp tin trong . Chuyn quyn s hu cho nhm ;
C php :
Cc lnh qun l a v phn vng K hiu cc a: K hiu hda hdb hdc hdd sda sdb Cc phn vng : K hiu hda1 hda2 sdc3 Phn vng Phn vng u tin trn a th nht Phn vng th 2 trn a th nht Phn vng th 3 trn a SCSI Primary matter Primary slave Secondary master Secondary slave First SCSI disk Second SCSI disk Thit b
[root@server ~]# df -l Filesystem /dev/sda2 /dev/sda5 /dev/sda1 tmpfs /dev/hdc /media/VMware Tools 1K-blocks 3960348 14270000 46633 517620 103324 Used Available Use% Mounted on 2273036 168192 10651 0 103324 1482888 13365232 33574 517620 61% / 2% /home 25% /boot 0% /dev/shm
0 100%
-s : Hin th tng dung lng file -h : In ra kiu dung lng tng file nh
[root@server ~]# du -sh /etc/ 149M /etc/
Trang 34
[root@server ~]# quotacheck avugm quotacheck: Scanning /dev/sda5 [/home] quotacheck: Old group file not found. Usage will not be substracted.
Trang 35
Phn b quota cho user : edquota u cno6 Mt s ty chnh ca lnh edquota Ty chn -u -g -p -t Chc nng Thit lp quota cho ngi dng. Thit lp quota cho nhm ngi dng. Sao chp quota ca user ch nh. Sa gii hn thi gian ca h thng tp tin.
[root@server ~]# edquota -u nat Disk quotas for user cn06 (uid 500): Filesystem inodes soft 75 /dev/sda5 0 hard 0 blocks 740 soft 0 hard 0
Trong : o blocks : S block user ang s dng ti thi im hin ti (1 block=1 kb) o inodes : S file user ang s dng ti thi im hin ti.
- Chng ta c th chnh gii hn mm (soft) v gii hn cng (hard) cho user.Chng ta c th chnh thng s ny theo block hay inode :
Trang 36
Trang 37
3.1 DHCP l g?
DHCP l mt trong nhng giao thc c bn v cng l quan trng nht khi qun tr mng. DHCP chy trn my tnh server, lm c th s qun l t ng ho v tp trung ho ca cc a ch IP v s thit lp cu hnh TCP/IP cho cc mng host. Vic s dng DHCP cp a ch IP t ng cho host trong mng thay v phi cu hnh a ch IP cho tng my ring l bng a ch IP gip gim thiu rt nhiu thi gian cu hnh Host cho ngi qun tr mng. DHCP da vo giao thc BOOTP, trong DHCP s dng UDP port 67, BOOTP server s dng UDP port 68. DHCP h tr ba k thut cp a ch IP: T ng gn a ch IP vnh vin cho host. T ng gn a ch IP cho host nhng trong khong thi gian nht nh (lease). Gn a ch th cng (cho php ngi qun tr gn a ch cho host bng tay).
3.1.1 u im ca DHCP Khc phc c tnh trng ng a ch IP v gim chi ph qun tr cho h thng mng. Gip cho cc nh cung cp dch v (ISP) tit kim c s lng a ch IP tht (public IP). Ph hp vi cc my tnh thng xuyn di chuyn qua li gia cc mng. Kt hp vi h thng mng khng dy (Wireless) cung cp cc im Hostpot nh: nh ga, sn bay, trng hc,
Trang 38
Trang 39
Trong : Code ch r mt request hay reply 1: Request 2: Reply HWtype a ch phn cng: 1: Ethernet 6: IEEE 802 Length Hops Transaction ID Chiu di a ch phn cng (byte) Khi gi t client, n c gi tr l 0, c tng dn qua mi Router (s dng DHCP Rely Agent). Mt s ngu nhin dng so snh request vi hi p
Trang 40
Trang 41
Hnh 5: Cc bc cp a ch IP
Giao thc DHCP lm vic theo m hnh client/server. Theo , qu trnh tng tc gia DHCP client v server din ra theo 4 bc sau y : a. IP lease request b. IP lease offer c. IP lease selection d. IP lease acknowledgement C th tm tt cc bc trn nh sau : IP Lease Request u tin, client s broadcast mt message tn l DHCPDISCOVER, v client lc ny cha c a ch IP cho nn n s dng mt a ch source(ngun) l 0.0.0.0 v cng v client khng bit a ch ca DHCP server nn n s gi n mt a ch broadcast l 255.255.255.255. Lc ny gi tin DHCPDISCOVER ny s broadcast
Trang 42
Trang 43
IP Lease Selection DHCP client nhn c gi tin DHCPOFFER th n s phn hi broadcast li mt gi DHCPREQUEST chp nhn ci offer . DHCPREQUEST bao gm thng tin v DHCP server cp a ch cho n. Sau , tc c DHCP server khc s rt li cc offer (trng hp ny l trong mng c nhiu hn 1 DHCP server) v s gi li IP address cho cc yu cu xin IP address khc. IP Lease Acknowledgement DHCP server nhn c DHCPREQUEST s gi tr li DHCP client mt DHCPACK cho bit l chp nhn cho DHCP client thu IP address . Gi tin ny bao gm a ch IP v cc thng tin cu hnh khc (DNS server, WINS server... ). Khi DHCP client nhn c DHCPACK l lc kt thc qu trnh .
3.2 Ci t DHCP
Quy c:
Vic ci t cc ng dng hay cc cng c c th thc hin theo nhiu cch: thng qua cc gi ci t, qua internet, qua cc trnh qun l phn mm tch hp sn trong mi h iu hnh. Tuy nhin, trong ti liu nghin cu ny, chng em thng nht ch ci t thng qua cc gi phn mm i km theo a DVD h iu hnh. Tc l ci t qua command-line.
cu hnh DHCP server, ta cn ci t gi DHCP 1v m bo c kt ni vt l gia DHCP server v client. Nhng cng vic ti thiu m bo dch v DHCP c cu hnh thnh cng: 1
Firewall c cu hnh cho php cc gi tin DHCP. Cu hnh file /etc/dhcpd.conf. Dch v dhcpd c chy trn DHCP server.
Cc gi dch v nh DHCP, DNS trn Linux c qun l v pht trin bi t chc Internet Systems
Trang 44
Lu :
Ngoi gi dhcp ra, trn my ch cn cn thm gi dhclient (dhclient cung cp dch v cho client truy vn DHCP server), nu khng s bo li khi khi ng dch v DHCP.
Trang 45
host
uclient
#next-server hardware
ns1.cn06.com; 00:D0:B3:79:B5:35;
ethernet
fixed-address } }
172.16.1.254;
3.3.1 Cc khai bo Group: Mt vi host c chung mt vi tham s ring c th c hp thnh mt nhm ring c chung cc khai bo Global v nhng tham s ring c khai bo trong Group. Host: c s dng p dng mt danh sch cc tham s cho mt host xc nh. Nhng host ny vn ly nhng tham s global v nhng tham s ring trong phn khai bo dnh cho host. Subnet: c s dng p dng cc tham s cho mt h thng khi h thng ny truy vn DNS server yu cu cung cp a ch IP v cc thng tin khc. Cc tham s: Dns-update-style interim: kiu Dynamic DNS (DDNS) c s dng ni chuyn vi DNS server. Mc nh l interim. Option routers: a ch ca Default Gateway
Trang 46
Trong : Service dhcpd configtest: cu lnh ny gip kim tra vic cu hnh file dhcpd.conf ng hay cha. Chkconfig dhcpd on: bt DHCP chy khi h thng ang boot. Service dhcpd start | stop | restart: khi ng | tt | khi ng li dch v. Vic DHCP server chy trn nn tng h iu hnh no khng quan trng, v th khi kim tra trn mt my client Windows, nhng tham s c cu hnh trn DHCP server hon ton c client chp nhn.
Trang 47
3.4 Kt lun
DHCP cung cp gii php qun l v phn phi a ch IP cho cc client tp trung gip cc client chy nhanh hn v dnh t thi gian nht cho vic khai bo cc tham s cn thit cho client. DHCP cung cp cho mt dy cc client rt nhiu thng tin nh a ch IP, domain name, DNS server, SMTP server, POP server, NTP server, hoc cung cp cho tng client ring bit m khng cn cu hnh bng tay trn client .
Trang 48
4.1 DNS l g?
Ban u do quy m mng Arpanet cn nh, ch vi trm my, nn vic qun l tn my kh n gin, v ch da vo tp tin n hosts.txt 2lu thng tin v nh x tn my thnh a ch IP. Tuy nhin vi s pht trin chng mt ca Internet, vic s dng a ch IP bng n, s dng file hosts.txt ngy cng khng p ng c nhu cu v tn ti cc nhc im sau: Lu lng mng v my ch duy tr file hosts.txt b qu ti do hiu ng C chai Xung t tn: Khng th c 2 my tnh c cng tn trong file host.txt Khng m bo s ton vn : vic duy tr 1 file trn mng ln rt kh khn.
T , mt khi nim mi c ra i nhm khc phc cc nhc im ca hosts.txt ng thi p ng nhu cu pht trin ngy cng mnh m ca mng Internet, l: Domain Name System (DNS).
Tuy nhin, trong cc mng nh khi vic qun l tn my khng qu phc tp v tn thi gian, cng sc vn c th s dng tp tin hosts.txt ny. Trn Windows, file ny nm ti: WINDOWS\system32\drivers\etc, cn Linux ti /etc/hosts
M hnh phn cp ca DNS M hnh cy phn cp ca DNS kh ging vi rt nhiu k thut, h thng c s dng trong mi trng mng (v d: h thng qun l file ca Linux,). Vic chia h thng ra lm nhiu cp bc gip vic qun l tr nn d dng hn khi mi cp bc c gii hn v chu trch nhim trc tip trong gii hn ca mnh.
Tp tin hosts.txt c duy tr bi Network Information Center (NIC) v phn phi qua FTP
Trang 49
V tr cao nht trong cy phn cp DNS l Root, Root Server 3chu trch nhim chnh trong vic ch r DNS server no chu trch nhim cho Top-level domain. T root phn nhnh ra thnh nhiu top-level domain, ri t mi min ny li phn chia ra nhiu nhnh gi l min con (subdomain). Tn domain ch ra v tr ca n trong CSDL DNS. Trong DNS tn min l chui tun t cc tn nhn ti nt i ngc ln nt gc ca cy v phn cch nhau bi du chm. Vic phn cp domain c th theo tn t chc hoc theo tn quc gia: Tn min .aero .com .org .net .edu .gov .mil .vn .jp .us
3
M t Hng khng Cc t chc, cng ty Cc t chc phi li nhun Cc trung tm h tr mng Cc t chc gio dc Thuc chnh ph Cc t chc qun s Tn min thuc Vit Nam Tn min thuc Nht bn Tn min thuc M
Root server qun l cc nameserver mc top-level domain. Hin nay c 13 root server chu trch nhim
Trang 50
C ch phn gii tn V d di y m t qu trnh phn gii tn grigiri.gbrmpa.gov.au sang a ch IP thng qua cc DNS server trn Internet.
Client s gi yu cu cn phn gii a ch IP ca my tnh c tn girigiri.gbrmpa.gov.au n name server cc b. Khi nhn yu cu t resolver, Nameserver cc b s phn tch tn ny v xt xem tn min ny c do mnh qun l hay khng. Nu nh tn min do server cc b qun l, n s tr li a ch IP ca tn my ngay cho resolver. Ngc li, server cc b s truy vn n mt Root Name Server gn nht m n bit c. Root Name Server s tr li a ch IP ca Name Server qun l min au. My ch name server cc b li hi tip name server qun l min au v c tham chiu n my ch qun l min gov.au. My ch qun l gov.au ch dn my name server cc b tham chiu n my ch qun l min gbrmpa.gov.au. Cui cng my name server cc b truy vn my ch qun SVTH: V Cng Dun Nguyn Anh Tun Trang 51
Trang 52
Phn loi Domain Name Server: C ba loi Domain Name Server phc v phn gii tn min: Primary Name Server: Hay cn gi Master Server chu trch nhim chnh lu gi ton b thng tin v cc zone. Mi min phi c mt Primary Name Server. Ngi qun tr DNS s t chc nhng tp tin CSDL trn Primary Name Server. Server ny c nhim v phn gii tt c cc my trong min hay zone. Secondary Name Server: Hay cn gi l Slave Name Server - c s dng sao lu cho Primary Name Server. C th c mt hay nhiu Secondary Name Server. Theo mt chu k, Secondary s copy nhng file CSDL t Primay Name Server. Caching Name Server:
Trang 53
4.2 Ci t DNS
Cc gi cn thit: bind-9.7.0-9.P1.fc13.i686.rpm bind-chroot-9.7.0-9.P1.fc13.i686.rpm bind-libs-9.7.0-9.P1.fc13.i686.rpm bind-utils-9.7.0-9.P1.fc13.i686.rpm Cc file cu hnh: Tp tin cu hnh chnh: named.conf Tp tin phn gii thun: cn06.com.db, localhost.db Tp tin phn gii nghch: cn06.com.rev, 127.0.0.rev Th mc lm vic: /etc/: cha tp tin cu hnh chnh named.conf. /var/named/: cha cc tp tin cu hnh phn gii thun v nghch. Ch :
Gi bind-chroot-9.7.0-9.P1.fc13.i686.rpm cho php ngi qun tr mng lm vic vi cc tp tin cu hnh DNS an ton hn, bng cch ch to ra mt th mc m ch c cc user c quyn ca root mi c php truy cp; v tt c cc tp tin lin quan n DNS phi c lu vo th mc ny. l /var/named/chroot/etc/ cha tp tin named.conf; /var/named/chroot/var/named/ - cha ton b tp tin cu hnh.
V d trn cho ta bit Name Server phc v cho domain cn06.com, cc tp tin c s d liu root.hints, cn06.com.db, cn06.com.rev c lu tr trong /var/named/ Zone . Khi cn s truy vn n tp tin root.hints 4 y l tp tin cha cc root server chu trch nhim qun l ton b request trn ton th gii. Zone cn06.com: y l domain chnh m DNS server ca chng ta s qun l. Khi cn n s truy vn n tp tin cn06.com.db cha cc tn phn gii thun cho domain. Zone 1.16.172.in-addr.arpa: truy vn n cn06.com.rev cha tn phn gii nghch ca domain. Cc ty chn trn cng cho php my ch chp nhn mi request t client gi n port 53. Lu :
Type cho cc zone l master do y l Master server, ch tr khi ta cu hnh trn secondary server th th type s l slave.
Trang 55
; refresh (3 hours) ; retry (30 minutes) ; expiry (2 weeks) ; minimum (1 week) NS dns.cn06.com. server1.cn06.com.
Trang 56
ngha cc Resource Record DNS: IN: cho name server bit y chnh l record Internet. @: chnh l domain c khai bo trong named.conf. Nh v d trn, domain l cn06.com., do vy mi hostname c khai bo sau ny khng cn ghi y tn theo dng FQDN. dns.cn06.com. l FQDN ca name server cho domain. Root: a ch e-mail cho ngi qun tr domain. Ta c th thay bng tn khc v d nh admin.cn06.com. - a ch e-mail nh vy thiu du @, nhng thc ra n c thay bi du chm. v a ch tht s l admin@cn06.com. SOA (Start of Authority): Trong mi zone ch c duy nht mt record SOA. SOA ch ra rng my ch Name Server l ni cung cp thng tin tin cy t d liu c trong Zone. Cc thng s c khai bo sau ch c tc dng khi trong domain c secondary server: Serial number: Khi mt Slave Nameserver kt ni vi Master Server ly d liu, trc tin n s kim tra s Serial, nu s Serial ca master ln hn tc l d liu ht hn s dng v n s load li d liu mi. v vy khi ta cp nht d liu trn name server ta tng s serial. Thng thng nh dng theo thi gian YYYYMMDDNN V d: 2010042401 Refresh number: khong thi gian m Slave bit phi kim tra li d liu c cn s dng c khng. V d: 28800; Refresh sau 8 gi Retry number: Nu Slave khng th kt ni vi Master Nameserver sau mt khong thi gian Refresh th n s c gng kt ni li sau retry giy. Gi tr ny nh hn gi tr Refresh. V d: 14400; Retry sau 4 gi Expiry number: nu Slave khng th kt ni vi Master server sau khong thi gian Expire (giy) ny, th slave s khng tr li cho vng d liu khi c SVTH: V Cng Dun Nguyn Anh Tun Trang 57
Trang 58
Dig: dng thu thp thng tin v cc DNS server c trong domain
dig @server [tn domain] kiu truy vn (tn record: A, SOA,)
V d:
[root@server2 ~]# dig @server2 cn06.com A ; <<>> DiG 9.7.0-P1-RedHat-9.7.0-9.P1.fc13 <<>> @server2 cn06.com A ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 25906 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0 ;; QUESTION SECTION: ;cn06.com. IN A
Nslookup: cho php tm kim thng tin v host trn nhiu nn h iu hnh V d:
[root@server2 ~]# nslookup > smtp.cn06.com Server: 127.0.0.1 Address: 127.0.0.1#53 smtp.cn06.com canonical name = server3.cn06.com. Name: server3.cn06.com Address: 172.16.1.3 > > 172.16.1.1 Server: 127.0.0.1 Address: 127.0.0.1#53 1.1.16.172.in-addr.arpa name = server1.cn06.com.
Vic ci t DNS server trn h iu hnh no hon ton khng nh hng n vic truy vn thng tin host.
Trang 59
4.6 Kt lun
Trong chng ny, chng em trnh by hiu bit c bn v dch v DNS cng nh ci t, cu hnh DNS server trn h thng Linux thng qua gi BIND, cc cng c hu hiu trong vic thu thp thng tin v hostname, a ch IP, Mt iu cn phi nhc ti l BIND c pht trin v cp nht ti ww.isc.org. V l do bo mt, nn ci t cc gi BIND phin bn 9 tr ln.
Trang 60
Chng 5: Bo mt Linux
Khi thit lp qun tr h thng, ngoi mc ch trin khai cc dch v, vn hnh h thng mt cch trn tru v ti u ha h thng, cn mt vn rt quan trng cn lu tm ti; l bo mt h thng. Nhim v quan trng trong vic trin khai bo mt l: - Bo v tnh ton vn (integrity) ca d liu, bo m s nht qun ca d liu trong h thng. Cc bin php a ra ngn chn c vic thay i bt hp php hoc ph hoi d liu. - Bo v tnh b mt, gi cho thng tin khng b l ra ngoi. - Bo v tnh kh dng, tc l h thng lun sn sng thc hn yu cu truy nhp thng tin ca ngi ding hp php. - Bo v tnh ring t: m bo cho ngi s dng khai thc ti ngun ca h thng theo ng chc nng, nhim v c phn cp, ngn chn c s truy nhp thng tin bt hp php. - Hn ch n mc ti a nhng cuc xm hi t c bn trong ln bn ngoi ti h thng. Nht l trong mi trng hin nay, khi nhu cu truy cp Internet l khng th thiu trong bt c c quan, t chc no. C th c nhiu bin php c th trin khai trn mt h thng, nhng khng c bin php no l hon ho c. Mi bin php u c nhng u/nhc im ring. Do , vic dng mt hay nhiu bin php ty thuc vo yu cu c th.
Trang 61
Trn Linux hin nay c rt nhiu chng trnh Firewall, tuy nhin Iptables c la chn nhiu hn c. Di y l bng iu tra trn trang http://distrowatch.com
Trang 62
Iptables cn c bit n l mt Statefull Firewall. Statefull Firewall l mt Firewall c kh nng theo du cc kt ni TCP hnh thnh. Kt ni TCP bao gm mt chui cc gi tin cha thng tin v a ch ngun, a ch ch, cng ngun, cng ch v mt s (sequence number) tp hp gi tin li m khng mt d liu. Bng cch theo di header ca gi tin TCP, b lc statefull c th xc nh gi tin TCP nhn c c phi l mt phn ca kt ni to hay khng v quyt nh xem chp nhn hay hy b gi tin . Trn nn tng Firewall dng phn mm iptables th Statefull Firewall cn phi c hai thnh phn: Kernel Space (gm Netfilter v cc module Firewall h tr bn trong Kernel) v User Space (gm iptables dng khai thc cc module trn).
Trang 63
Trang 64
Filter
Lc gi tin
FORWARD
Lc gi tin vo cng mng ca Firewall. Lc gi tin ra cng mng ca Firewall. Vic bin dch a ch ca gi tin xy ra trc khi nh tuyn. To iu kin cho vic chuyn i a ch IP ch tng thch vi bng nh tuyn ca Firewall. Tp lut ny c s dng vi NAT ca a ch ch, c gi l destination NAT hay DNAT.
POSTROUTING Vic bin dch a ch ca gi tin xy ra sau khi nh tuyn. iu ny c ngha khng cn chuyn i a ch IP ch ca gi tin trong bng nh tuyn trc . Tp lut ny c s dng vi NAT ca a ch IP ngun theo c ch one-toone (c ch mt-mt) hay many-to-one (c ch mt nhiu), c gi l source NAT hay SNAT. OUTPUT Bin dch a ch cho cc gi tin c to ra bi Firewall. (Tp lut ny him khi c s dng trong mi trng SOHO.) Mangle Qun l c TCP header PREROUTING OUTPUT INPUT Dng trong vic s i cht lng dch trnh nh tuyn xy ra nh TTL, TOS, MARK, SECMARK,
Trang 65
FORWARD
CONNSECMARK. (Tp lut ny him khi c s dng trong mi trng SOHO.) i vi phin bn nhn Linux 2.4.17 tr v trc, bng mangle ch h tr chain PREROUTING v OUTPUT. i vi phin bn nhn Linux 2.4.18 tr v sau, bng mangle h tr thm ba chain na l INPUT, FORWARD v POSTROUTING.
Trong qu trnh vit lnh iptables cn phi xc nh cc bng v cc tp lut cho mi lnh. Tuy nhin, c mt ngoi l l hu ht cc tp lut u lin quan n vic lc gi tin, v th bng filter c iptables chn lm bng mc nh.
Trang 66
Trang 67
Trang 68
trong tp lut PREROUTING ca bng nat xem liu gi tin c yu cu DNAT hay khng. Sau gi tin c nh tuyn. Nu l gi tin ngang qua Firewall th gi tin s c chuyn n v x l bi cc lut trong tp lut FORWARD ca bng mangle v bng filter. Sau gi tin s SVTH: V Cng Dun Nguyn Anh Tun Trang 69
Trang 70
Trong , tables l cc bng c iptables h tr nh bng NAT (dng bin dch a ch ca gi tin), bng Filter (dng lc gi tin) v bng Mangle (dng thay i cc bit trong TCP Header). Khi g lnh iptables nu khng c g bng vo th iptables s chn bng filter lm bng mc nh. Command l lnh trong iptables nh -L (lit k), -N (thm mt lut mi trong mt tp lut), Trong command c rt nhiu gn kt c s dng nh -p, --sport, --dport, c gi l match, vic s dng cc ty chn match gip cho cng vic vit lnh tr nn linh hot. Target/jump l quyt nh trong lnh, c c php l -j target ngha l nu tha iu kin ca lnh command th iptables s thc quyt nh target nh ACCEPT (chp nhn gi tin), DROP (hy gi tin), TARGETS L hnh ng trong lnh iptables trong vic x l gi tin. Trong iptables c bn hnh ng thng c s dng l ACCEPT, DROP, QUEUE v RETURN. ACCPET ngha l chp nhn gi tin. DROP c ngha l hy b gi tin. QUEUE ngha l a gi tin vo hng i ch x l. RETURN l dng vic x l v tr x l v cho tp lut cp trn tip tc x l. Tp lut cp trn l tp lut trong tn ti mt lut chuyn hng x l gi tin n tp lut khc. V d tp lut cp trn nh sau:
# # # RETURN # # iptables -N PING iptables -A PING -j DROP iptables -I PINT -s 192.168.3.2 -i eth2 -j iptables -F INPUT iptables -P INPUT ACCEPT
Trang 71
Trong trng hp lnh nh trn, th tp lut INPUT c xem nh l tp lut cp trn ca tp lut PING. Khi mt gi tin ping vo Firewall th s gi tin s c y n tp lut PING x l. Nu gi ping c a ch ngun l 192.168.3.2 th Firewall s tr v tp lut cp trn l tp lut INPUT. Do tp lut INPUT c t hnh ng target mc nh l ACCEPT nn gi tin c chp nhn ping vo Firewall. Cn nu ti bc kim tra gi ping c a ch ngun khng phi l 192.168.3.2 th hnh ng RETURN s khng c thc hin v gi tin s c a n lut k tip trong tp lut PING l -j DROP. TABLES Tables l nhng bng c lin kt cht ch vi gi tin trong qu trnh x l. Trong lnh iptables, nu khng ch nh bng th bng c s dng mc nh l bng filter. C php s dng bng iptables nh sau: -t, --tables table. Tham s table l cc bng trnh by trong hnh 2.3.1. V d lnh: iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE Lnh trn dng bin dch a ch ch sau khi nh tuyn trn cng mng eth0. OPTIONS Options l nhng ty chn c s dng trong lnh iptables. Nhng ty chn ny bao gm lnh (command), bin (pamameter) v nhng ty chn khc thng c dng km vi cc lnh. Cc ty chn ti mc ny c th c s dng trong hu ht tnh hung khi vit lnh trong iptables m khng cn phi dng thm tham s -m i vi nhng ty chn m rng (c trnh by mc MATCH EXTENTIONS). COMMANDS Command l cc ty chn lnh c s dng trong iptables. Nhng lnh thng s dng trong iptables nh sau: -A, --append chain [rule] Thm mt lnh vo trong tp lut. V d:
Trang 72
Trang 73
-S, --list-rules [chain] Dng lit k cc lut ca iptables trong tp tin /etc/sysconfig/iptables. Nu c tham s chain th lit k cc lut c trong tp lut. Cn nu khng c tham s chain
Trang 74
-F, --flush [chain] Dng xa sch cc lut. Nu c tham s chain th lnh c tc dng xa sch cc lut c trong tp lut. Cn nu khng c tham s chain th lnh c tc dng xa sch cc lut c trong iptables. Do iptables dng bng filter lm bng mc nh, do , xa sch lut trong bng nat th phi dng thm -t nat.
Trang 75
Hnh 16: Gi tr b m OUTPUT trc v sau khi dng lnh iptables-Z OUTPUT.
-N, --new-chain chain Lnh dng to mi mt tp lut. V d: # -X, --delete-chain [chain] Xa tp lnh trong iptables. Ch c th xa c tp lnh rng, v vy, trc khi xa tp lnh ta nn dng lnh -F xa tt c cc lnh trong tp lnh. Lnh nu c tham s chain s xa tp lnh c ch nh. Cn nu lnh khng s dng tham s chain th s xa tt c cc tp lnh trong iptables. Lnh ny ch xa c tp lnh do ngi dng to ra, khng th xa cc tp lnh dng sn nh INPUT, OUTPUT, FORWARD, PREROUTING, POSTROUTING. V d: # # -P, --policy chain target Lnh ny dng t li chnh sch mc nh cho tp lnh. Lnh ny ch c s dng i vi cc tp lnh dng sn. Thng thng, sau khi ci t iptables th chnh sch mc nh ca cc tp lnh trong bng filter l ACCEPT. m bo an ton, ta nn t li chnh sch mt nh i vi cc tp lnh trong bng filter l DROP. iptables -F BAD-INPUT iptables -X BAD-INPUT iptables -N BAD-INPUT
Trang 76
Hnh 17: Chnh sch mc nh ca lnh INPUT trc v sau khi dng lnh iptables P INPUT DROP.
-E, --rename-chain old-chain new-chain Lnh dng i tn tp lnh. V d: # -h S dng trnh tr gip trong iptables. V d: # m hnh) PARAMETERS PARAMETERS l cc tham s thng c s dng trong lnh iptables. Du "!" nu c s dng c ngha l ph nh li lnh. [!] -p, --protocol protocol Kim tra gi tin da trn protocol. Protocol c th l port hoc tn tng ng trong tp tin /etc/protocols. Nhng protocol thng dng l tcp, udp, icmp hoc all (all l tt c protocol). V d hai lnh di y tng ng nhau: # # [!] -s, --source addresss[/mask] Kim ta gi tin da trn a ch ngun. Address c th l hostname hoc a ch IP. S dng /mask nu mun lc gi tin trn mt mng a ch IP. V d: # ACCEPT iptables -I INPUT -s 192.168.1.0/24 -j iptables -I INPUT -p 53 -j ACCEPT iptables -I INPUT -p swipe -j ACCEPT iptables -h | more (lnh more dng ngn tng trang trong trng hp thng tin hin ra c s dng ln hn s dng ca iptables -E BAD-INPUT BAD-LIST
Trang 77
Trang 78
MATCH EXTENSIONS Match extensions trnh by nhng ty chn gn kt m rng thng c s dng, i vi nhng ty chn m rng ny, khi s dng trong lnh iptables th phi dng km tham s -m, --match. addrtype Gn kt gi tin vi cc loi a ch: UNSPEC (v d 0.0.0.0), UNICAST, LOCAL, BROADCAST, ANYCAST, MULTICAST, BLACKHOLE, PROHIBIT, THROW, NAT, XRESOLVE. [!] --src-type type Gn kt vi a ch ngun. [!] -dst-type type Gn kt vi a ch ch. --limit-iface-in Kim tra gii hn vi nhng gi tin vo. Ty chn ny ch s dng trong chain PREROUTING, INPUT, FORWARD. --limit-iface-out Kim tra gii hn vi nhng gi tin ra. Ty chn ny ch c s dng trong chain POSTROUTING, OUTPUT, FORWARD. account
Trang 79
x Trang 81
x x x x x x x x x x
V d: # theo dy a ch IP vi port l 80. # ch IP v port. # a ch IP vi dy port. # iptables -t nat -A PREROUTING -dst $INET_IP -p tcp -dport 80 -j DNAT --to-destination $HTTP_IP - nat theo a ch nh danh quy nh bi iptables. # iptables -t nat -A OUTPUT -dst $INET_IP -p tcp -dport 80 -j DNAT --to-destination $HTTP_IP - nat theo a ch nh danh quy nh bi iptables dng trong tp lut OUTPUT. Qu trnh nat din ra nh sau: o Gi tin c a ch ngun l $EXT_BOX ri khi $INET_IP tin n firewall. SVTH: V Cng Dun Nguyn Anh Tun Trang 85 iptables -t nat -A PREROUTING -p tcp -d 15.45.23.67 -dport 80 -j DNAT --to-destination 192.168.1.1:80-100 - nat theo iptables -t nat -A PREROUTING -p tcp -d 15.45.23.67 -dport 80 -j DNAT --to-destination 192.168.1.1:80 - nat theo a iptables -t nat -A PREROUTING -p tcp -d 15.45.23.67 -dport 80 -j DNAT --to-destination 192.168.1.1-192.168.1.10 - nat
Trang 86
V d: # theo dy a ch IP vi dy port. XOR M ha XOR vi gi tin TCP v UDP. --key key SVTH: V Cng Dun Nguyn Anh Tun Trang 88 iptables -t nat -A POSTROUTING -p tcp -o eth0 -j SNAT --to- source 194.236.50.155-194.236.50.160:1024-32000 - nat
Trang 89
6.2 SSH l g?
SSH l mt chng trnh tng tc gia my ch v my khch c s dng c ch m ho mnh nhm ngn chn cc hin tng nghe trm, nh cp thng tin trn ng truyn. Cc chng trnh trc y: telnet, rlogin khng s dng phng php m ho. V th bt c ai cng c th nghe trm thm ch c c ton b ni dung ca phin lm vic bng cch s dng mt s cng c n gin. S dng SSH l bin php hu hiu bo mt d liu trn ng truyn t h thng ny n h thng khc.
Trang 90
Trang 91
Trang 92
Trang 93
Trang 94
6.3.5 Cch thc lm vic ca SSH SSH lm vic thng qua 3 bc n gin:
* nh danh host - xc nh nh danh ca h thng tham gia phin lm vic SSH. * M ho - thit lp knh lm vic m ho. * Chng thc - xc thc ngi s dng c quyn ng nhp h thng.
6.3.5.1 nh danh host Vic nh danh host c thc hin qua vic trao i kho. Mi my tnh c h tr kiu truyn thng SSH c mt kho nh danh duy nht. Kho ny gm hai thnh phn: kho ring v kho cng khai. Kho cng khai c s dng khi cn trao i gia cc my ch vi nhau trong phin lm vic SSH, d liu s c m ho bng kho cng khai v ch c th gii m bng kho ring. Khi c s thay i v cu hnh trn my ch: thay i chng trnh SSH, thay i c bn trong h iu hnh, kho nh danh cng s thay i. Khi mi ngi s dng SSH ng nhp vo my ch ny u c cnh bo v s thay i ny. Khi hai h thng bt u mt phin lm vic SSH, my ch s gi kho cng khai ca n cho my khch. My khch sinh ra mt kho phin ngu nhin v m ho kho ny bng kho cng khai ca my ch, sau gi li cho my ch. My ch s gii m kho phin ny bng kho ring ca mnh v nhn c kho phin. Kho phin ny s l SVTH: V Cng Dun Nguyn Anh Tun Trang 95
6.3.5.3 Chng thc Vic chng thc l bc cui cng trong ba bc, v l bc a dng nht. Ti thi im ny, knh trao i bn thn n c bo mt. Mi nh danh v truy nhp ca ngi s dng c th c cung cp theo rt nhiu cch khc nhau. Chng hn, kiu chng thc rhosts c th c s dng, nhng khng phi l mc nh; n n gin ch kim tra nh danh ca my khch c lit k trong file rhost (theo DNS v a ch IP). Vic chng thc mt khu l mt cch rt thng dng nh danh ngi s dng, nhng ngoi ra cng c cc cch khc: chng thc RSA, s dng ssh-keygen v ssh-agent chng thc cc cp kho.
Trang 96
As public key + Bs private key + d liu B B B = D liu c m ha H.1 - B nhn public key ca A
Public Key
D liu c m ha
Public key
Bs public key + As private key + d liu m ha = d liu H.4 - B gi public key cho A A A
B B
Trang 97
6.5 Ci t OpenSSH
Cc file cn thit cho vic s dng OpenSSH:
openssh-5.5p1.tar.gz openssl-1.0.0.tar.gz zlib-1.2.5.tar.gz
Nu mun user c th login vo h thng thng qua SSH, cn m bo rng dch v ang chy.
[root@ServerA ~]# service sshd status openssh-daemon (pid 5929) is running...
Trang 98
Khi :
[root@ServerA ~]# chkconfig sshd 0:off 1:off 2:on 3:on 4:on 5:on 6:off
6.5.1 File cu hnh SSHD Trn hu ht cc bn phn phi Linux da trn RPM v d nh Fedora, RedHat Enterprise hay OpenSuSe, file cu hnh cho sshd thng nm trong /etc/ssh/sshd_config.
Trang 99
Trang 100
Kt qu:
Lu :
C th thay tn server bng a ch IP ca chnh server . Nu ch s dng ssh serverB s login bng root ca serverB. C th kt ni n SSH server bng a ch Ipv6 nh sau:
6.6.2 To Secure Tunnel Phn ny s cp n Virtual Private Network (VPN). V c bn, chng ta c th s dng SSH to mt tunnel t h thng cc b (local) ti h thng t xa. V d: H thng SSH server c 2 card mng: card ni vi mng LAN c a ch 192.168.1.1, card ni vi WAN c a ch 1.1.1.1. Trong mng LAN c mt web server tn account vi a ch IP 192.168.1.100. Lm sao ngi dng c tn yyang trn HostA c th truy cp vo web server ny ch vi SSH?
Trang 101
Trang 102
Trang 103
Trang 104
Vi SSH Tunnel, user yyang s thit lp mt ng hm ti web server theo nhng bc sau: Yyang login vo my cc b HostA Sau khi login vo my cc b, yyang s to mt tunnel trn port 9000 ti port 80 ca web server. User yyang s kt ni ti web server qua SSH bng lnh sau:
[yyang@hostA ~] ssh L 9000:192.168.1.100:80 1.1.1.1
Trang 105
6.6.4 Secure FTP (SFTP) Secure FTP l mt nhnh ca ssh daemon. Ta c th truy cp vo SFTP thng qua lnh sftp:
[root@serverA ~]# sftp root@192.168.1.1
Trang 106
Trang 107
Chng 7: In n vi CUPS
7.1 Gii thiu
UNIX truyn thng thng s dng hai h thng in l BSD Line Printer Daemon (LPD) v System V Line Printer system (LPR). Hai h thng ny lm vic tt trn mi trng UNIX. Tuy nhin, n li khng c kh nng tng thch khi trong mi trng mng bao gm c Windows hoc MAC OS. CUPS (Common UNIX Printing System) ra i sau ny, k tha nhng tnh nng ca c LPD v LPR. N l h thng in a nn tng (cross-platform) bao gm Linux, Windows da trn IPP (Internet Printing Protocol). CUPS cung cp in n qua c giao din web (web-based) v command line. Ngoi ra, n cn tng thch ngc vi hai h thng in truyn thng l LPD v LPR thng qua lnh lp v lpr. IPP (Internet Printing Protocol) l d n bt u t 1996 do Novell v mt vi cng ty khc thit k nhm thun tin cho vic in qua mng. IPP cho php ngi dng: Xc nh kh nng tng thch ca my in. Gi mt job n my in. Xc nh trng thi my in. Xc nh trng thi job. Hy b mt job. IPP l mt giao thc client/server nn n c th ng vai tr nh mt my in cc b, v c my in mng.
7.2 Ci t CUPS
Gi cn thit:
Cups Cups-pdf
y, chng em s dng cups-pdf nh mt printer o thc hin vic in ti liu ra nh dng pdf. Tp tin cu hnh cho CUPS /etc/cups/cupsd.conf SVTH: V Cng Dun Nguyn Anh Tun Trang 108
Mt access-list qun l user no c php truy cp file cu hnh (cupsd.conf). y mc nh ch c cc use h thng (@SYSTEM) l c quyn. Th t ca access-list l allow, deny. Sau khi cu hinh xong file cu hnh CUPS, ta cn bt dch v ny ln: SVTH: V Cng Dun Nguyn Anh Tun Trang 109
Lu :
CUPS s dng port 631 do , nu trong mng c thip lp firewall th cn m port 631 ny.
7.3 Cu hnh my in
7.3.1 S dng giao din Chng ta c th gi giao din qun l my in cng nh cc ty chn khc theo 3 cch sau: 1. Chn System Administration Printing
S dng lnh system-config-printer gi ca s nh trn. S dng trnh duyt Web: SVTH: V Cng Dun Nguyn Anh Tun Trang 110
Ti thanh a ch, nhp http://localhost:631. Khi , s xut hin mt ca s web qun l dch v in. T , chng ta c th thit lp my in mc nh, qun l job, cu hnh in cc b hoc in qua mng, 7.3.2 S dng command line
Hnh 25. CUPS web-based.
Nh trnh by trn, CUPS c kh nng tng thch ngc vi LPR/LPD bng cch dng ch dng lnh gi cc lnh tng ng ca LPD hoc LPR. Lpinfo Hin th driver sn c ca server
[root@server Desktop]# lpinfo -m | head foomatic:Alps-MD-1000-md2k.ppd Alps MD-1000 Foomatic/md2k foomatic:Alps-MD-1000-ppmtocpva.ppd Alps MD-1000 Foomatic/ppmtocpva foomatic:Alps-MD-1000-ppmtomd.ppd Alps MD-1000 Foomatic/ppmtomd (recommended) foomatic:Alps-MD-1300-md1xMono.ppd Alps MD-1300 Foomatic/md1xMono foomatic:Alps-MD-1300-md2k.ppd Alps MD-1300 Foomatic/md2k foomatic:Alps-MD-1300-ppmtocpva.ppd Alps MD-1300 Foomatic/ppmtocpva foomatic:Alps-MD-1300-ppmtomd.ppd Alps MD-1300 Foomatic/ppmtomd (recommended) foomatic:Alps-MD-1500-md1xMono.ppd Alps MD-1500 Foomatic/md1xMono
Trang 111
Ty chn -m -v Lpadmin hin th danh sch cc PostScript Printer Definition (PPD). danh sch cc kt ni Cu hnh my in
Chng ta c th s dng lnh ny thm, xa hay sa cu hnh my in. Lnh ny c 3 ty chn chnh: -p -d -x C php:
lpadmin p [tn my in] [ty chn]
cc ty chn y bao gm: -c -D -L -E -r thm my in vo mt Class. thm m t cho my in. v tr vt l ca my in. bt my in, cho php CUPS chp nhn cc job vo trong hng i. xa my in ra khi Class.
7.3 In t Windows
7.3.1 S dng CUPS Cc h iu hnh t Windows 2000 tr i bt u h tr IPP. V vy, ta c th s dng CUPS in ti liu trc tip t mi trng Windows m khng gp bt k kh khn no. iu cn thit l chng ta cn cu hnh file cups.conf chia s my in ca my ch CUPS trn mng ( cu hnh trn). Tip theo, t mi trng Windows chn: SVTH: V Cng Dun Nguyn Anh Tun Trang 112
V d:
http://172.16.1.2:631/printers/Cups-PDF
7.3.2 S dung Samba Dch v Samba cho php Linux v Windows chia s ti nguyn bao gm vic in n. Khi ci t gi Samba, n s t ng to ra th mc /var/spool/samba do root s hu v bt k user no cng c th c v ghi. iu ny cho php cc user Windows c th truy cp vo th mc ny qun l vic in n ca mnh. Phn [printers] ca Samba c th c cu hnh nh sau:
[printers] comment = All Printers path = /var/spool/samba browseable = no
Trang 113
7.4 In t Linux
Ngoi vic cho php cc user Windows in ti liu thng qua cc printer server trn Linux, CUPS cn cho php iu ngc li. Tc l cho php cc user Linux in ti liu ca mnh trn my ch Windows. Ti giao din web ca CUPS, chn Add Printer Windows Printer via SAMBA, nhp URL c dng:
smb://tn_my_ch_Win/tn_my_in
V d:
smb://172.16.1.10/PXSPrinter
Sau khi kt ni thnh cng ti my in trn h thng Windows, ta c th qun l in ti liu t dng lnh hoc qua giao din Web
Trang 114
Chng 8: Samba
8.1 Gii thiu
Trong mi trng Windows, vic chia s ti nguyn din ra rt d dng th trong mi trng Linux Windows li kh khn hn. Nguyn nhn chnh l do Microsoft hn ch tnh tng thch gia Windows v Linux. Mc d vy, chng ta vn c th cu hnh dch v trn Linux c th chia s d dng gia Linux v Windows. lm c iu ny, ta cn cu hnh dch v SAMBA. Ngoi ra, vic chia s file gia cc my Linux c thc hin qua dch v NFS (Network File System). Samba cung cp kh nng chng thc ngi dng khi chia s file hoc my in, NFS li khng th cung cp bt c chng thc ngi dng no, nhng ta c th tch hp n vo mt Kerbetos domain chng thc. phn ny, chng em s trnh by cch thc chia s tp tin v in n qua Samba v NFS. Samba l b cng c ng dng mnh m cho php cc h thng nh Linux hot ng thng sut vi HH Windows cng nh cc HH ph bin khc. V c bn, Samba cung cp cc dch v chia s file v in vi cc my Windows. iu ny c th c thc hin thng qua vic s dng giao thc mng SMB/CIFS (Server Message Block/Common Internet File System) ca Microsoft, iu ny c ngha l c th trin khai h thng Linux m khng cn ci t NFS (Network File System). T Linux:
T Windows: Thy nhng th mc chia s ca Linux. Chng thc vi cc my tnh Linux. Truy cp my in ca Linux.
Trang 115
Vi khc bit c bn khi lm vic vi c h thng Linux v Windows: Username & password: thut ton login/password trn Linux khc hon ton so vi PDC (Primary Domain Controller) v AD (Active Directory) trn Windows. Do , khi lm vic vi c 2 h thng; cn m bo ngi dng ng nhp vo h thng mt cch d dng m khng cn n vic chng thc li khi ng nhp vo h thng khc, i vi Samba, c vi ty chn qun l username/password: Linux PAM (Pluggable Authentication Modules): vn cn 2 danh sch ngi dng 1 trn Linux v 1 trn PDC nhng ngi dng ch cn gi mt khu ca h trn h thng Windows. S dng Samba nh 1 PDC: cho php gi username/password trn h thng Linux, Windows s chng thc vi Samba cn Samba s dng LDAP. Mt khu m ha: Windows s dng mt khu m ha trong PDC v bt k Server no yu cu chng thc. Tuy nhin thut ton m ha ca Windows khc bit hon ton so vi Linux, do vy vic gii m mt khu gia hai h thng khng tng thch. gii quyt vn ny, c 2 cch: Chnh sa Registry trn Windows client v hiu ha vic s dng mt khu c m ha. Cu hnh Samba tng thch vi thut ton m ha/gii m mt khu trn Windows. Mi phng php u c u nhc im ring. Samba gm 3 thnh phn chnh
l smbd, nmbd v winbindd. Hu ht mi chc nng ca Samba c thc thi bi hai tin trnh smbd v nmbd.
Tin trnh smbd:
Trang 116
8.2 Ci t Samba
Samba cn nhng gi sau:
samba-3.4.2-47.fc12.i686.rpm Tt c nhng gi trn c i km vi bn phn phi CentOS. V vic ci t rt d dng. 8.2.1 Cc kiu server Samba Cc my ch Windows thng c chia ra thnh cc kiu server: Domain Controller o Primary Domain Controller (PDC). o Backup Domain Controller (BDC). o ADS Domain Controller. Domain Member Server o Active Directory Domain Server.
Trang 117
Nhng dng bt u bng du # hoc ; l ch thch. [global] [printer] [homes] [khc] gm nhng thit lp c nh hng ti ton b chnh sch chia s. nh ngha dch v in n. nh ngha cc chia s trong th mc home directory. ty chn nh ngha nhng chia s khc.
Nhng tham s trong phn khc nh [homes], [printer], [khc], ch c nh hng cc b n nhng dch v c trong thit lp ca nhng phn . Di y l tp tin smb.conf mu:
#======================= Global Settings ===================== [global] # ----------------------- Netwrok Related Options --------workgroup = cn06.com server string = Samba Server Version %v ; netbios name = au-fileserver-1 interfaces = lo eth0 hosts allow = 127. 172.16.1. EXCEPT 172.16.1.100 # --------------------------- Logging Options --------------log file = /var/log/samba/%m.log max log size = 50 # --------------------------- Domain Options ----------------domain master = yes
Trang 118
; ;
# ----------------------- Standalone Server Options ---------;security = user ;passdb backen = tdbsam # ----------------------- Domain Members Options -------------; ; ; ; security = domain passdb backend = tdbsam realm = MY_REALM password server = <NT-Server-Name>
# ----------------------- Domain Controller Options --------; ; ; ; security = user passdb backend = tdbsam domain master = yes domain logons = yes
# --------------------------- Printing Options ----------load printers = yes cups options = raw printcap name = cups #============================ Share Definitions ============== [homes] comment = Admins Directory browseable = no writable = yes valid users = %S valid users = admin [printers] comment = All Printers path = /var/spool/samba browseable = no guest ok = no writable = no printable = yes [netlogon] comment = Network Logon Service path = /var/lib/samba/netlogon guest ok = yes writable = no
Trang 119
8.3.3 Cc thng s Domain Ty chn domain cho php cc dch v chng thc c tp trung ha trn mt server cho cc host tham gia vo domain . Domain yu cu phi c mt PDC hay master. Domain Master Browser chu trch nhim duy tr mt danh sch host trn mng khi client chia s thng qua Windows Network Neighborhood hay My
Trang 120
8.3.4 Cc thng s bo mt
Thng s Encrypt passwords = yes M t Ch chp nhn nhng mt khu c m ha t client. Thng s ny s dng smbpasswd chng thc client. Mc nh Samba s lu mt khu m ha trong smbpasswd nu ta khng thit lp mt c s d liu mt khu (passdb). anh sch cc mng (hoc a ch IP) c php truy cp Hosts allow dch v Samba. v d trn, cho php 127.0.0.0/4 v 172.16.1.0/24 ngoi tr a ch 172.16.1.100 c php s dng dch v. Yu cu bt k host no truy cp vo Samba cng cn c mt ti khon v mt khu hp l trn my ch Samba. Chng thc client bng c s d liu mt khu trn chnh Samba server, tdbsam c tr ti /etc/samba/passdb.tdb. Ngoi tdbsam ra, cn c smbpasswd v ldapsam.
8.3.5 Cc thng s my in
Thng s printcap name = cups load printers = yes M t Ch cho Samba s dng dch v in CUPS. Cho php s dng my in bng cc my in c cu hnh trong
Trang 121
8.3.6 Cc thng s chia s Thng s path browseable comment writable Read only printable guest ok valid users write list create mask directory mask Cho php ngi dng truy cp dng guest m khng cn mt khu. Mc nh l khng. Danh sch nhng ngi dng c quyn truy cp chia s ny. S dng @tn_group cp quyn cho c group. Danh sch ngi dng c quyn c/ghi trn chia s ny m khng cn quan tm n ty chn read only. To quyn hn cho cc file c to. To quyn hn cho cc th mc c to. M t ng dn ti th mc chia s. M t chia s ny c hin ra trong danh sch chia s hay khng. Li m t v chia s ny. Cc user truy cp c quyn ghi hay khng Ch chia s dng read-only (ty chn ny thng i km ty chn writable).
Sau khi cu hnh xong smb.conf, ta c th kim tra tp tin ny bng lnh testparm xem c bt k sai st no khng. Nu cu hnh ng, s xut hin thng bo sau:
[root@server ~]# testparm Load smb config files from /etc/samba/smb.conf Processing section "[homes]" Processing section "[printers]" Processing section "[netlogon]" Processing section "[profiles]" Processing section "[user]" Loaded services file OK. Server role: ROLE_DOMAIN_PDC Press enter to see a dump of your service definitions
Trang 122
Tip theo, thm user1 tham gia vo Samba bng lnh smbpasswd. C php:
smbpasswd [ty chn] username
Trong , c 3 ty chn chnh: -a -d -x thm hoc chnh sa user. kha tm thi user. xa user khi Samba.
[root@server ~]# smbpasswd -a user1 New SMB password: Retype new SMB password: Added user user1. [root@server ~]#
Trang 123
Trang 124
Trang 125
K t y, chng ta d dng truy cp ti nguyn bng cch t hp thoi Run, g: \\tn my\ti nguyn. V d:
\\server2\user
Trang 126
Ty chn -L cho php chng ta thy danh sch cc ti nguyn c chia s trn network. Ty chn U ch r user no s truy cp dch v. d dng truy cp ti nguyn ca Windows hn, chng ta c th mount vo th mc no trn Linux:
[root@server ~]# mount -t cifs //172.16.1.10/share_win /home/admin/Desktop/win -o username=user1,password=user1 [root@server ~]# cd /home/admin/Desktop/
Trang 127
Cc ty chn smbclient: Ty chn ? hoc help ! cd M t Hin th thng bo tr gip tng ng vi lnh, hoc trong trng hp khng c lnh th cho thng bo tr gip tng qut. Thc thi lnh shell hoc a user v du nhc shell. Chuyn v th mc trn server. Nu th mc khng c xc nh, smbclient s bo th mc hin hnh. Chuyn v th mc trn my ti ch. Nu th mc khng c xc nh, smbclient s bo th mc hin hnh trn my ti ch. Nhng tp c khai bo s b xo khi server, nu user del c quyn thc hin thao tc ny. C th dng k t wildcard. Lit k cc tp c chn. C th dng lnh ls c danh sch cc tp. Thot khi chng trnh smbclient. Truy cp tp t xa v sao lu vo server ti ch. Nu c tn ti ch, tp s c sao lu vi chnh tn ti ch, thay v sao lu vi tn trn server t xa. Sao chp mi tp c xc nh vo my ti ch. To th mc trn my t xa. Xo th mc trn my t xa. Sao chp tp t my ti ch vo server. Sao chp mi tp t my ti ch vo server. In tp trn my t xa. Lit k mi cng vic in n ang xp hng ch trn server t xa.
lcd
dir hoc ls exit hoc quit get mget md hoc mkdir rd hoc rmdir put mput print queue
Lu : Do Samba s dng 3 cng 137, 139 v 445 cho vic chia s nn chng ta cn to rule cho php m cc cng ny:
Trang 128
Trang 129
Trang 130
Trong : /directory client Th mc mun chia s trn server cho cc client. a ch ca client. a ch ny c th c dng a ch IP, v d 172.16.1.3 hoc mt mng, v d 172.16.1.0/24, hoc tn nu c DNS server phn gii, v d *.cn06.com. permissions Quyn hn ca mi client trn mi th mc c chia s. Trang 132
ngha Yu cu client kt ni bng port nh hn 1024. Nosecure th ngc li. Ch cho php c. Cho php c/ghi. Ngn client truy cp vo th mc v cc th mc con. Ngn ti khon root trn client c quyn superuser (root) trn cc volume NFS c mount trn my. Ngc li vi ty chn no_root_squash.
root_squash (no_root_squash)
all_squash (no_all_squash)
Gn tt c cc user id v group id thnh ngi dng v danh (anonymous). Sync ch r server ch hi p cc yu cu ghi sau khi cc yu cu c ghi vo a
sync (async)
(disk). Ngc li, async cho php server hi p cc yu cu ghi trc khi d liu thc s c ghi vo a.
V d:
[root@server ~]# vi /etc/exports /export/ /export/oracle 172.16.1.0/24(rw,hide,sync) *.cn06.com(ro,async)
Sau khi cu hnh file exports chng ta cn bo cho server cp nht li file cu hnh ny. thc hin vic ny, ta s dng lnh exportfs. Cc ty chn i cng lnh exportfs: -a -r -u client1:/dir xut (export) mi entry c trong file exports. cp nht li thng tin c trong file exports. thu hi th mc /dir c mount trn client 1 Trang 133
Nhng cp nht ny s c hiu qu ngay lp tc trn client. Ngoi ra, ta c th cp nht bng cch khi ng li dch v NFS:
[root@server ~]# service nfs restart Shutting down NFS mountd: Shutting down NFS daemon: Shutting down NFS quotas: Shutting down NFS services: Starting NFS services: Starting NFS quotas: Starting NFS daemon: Starting NFS mountd: [ [ [ [ [ [ [ [ OK OK OK OK OK OK OK OK ] ] ] ] ] ] ] ]
Do chng ta cu hnh nhng th mc c chia s trn server nn trn client, ch cn dng lnh mount mount th mc m ta mun ln h thng ca mnh.
Trang 134
Cc ty chn cho o: hard soft retrans = n nfsvers = n y l ty chn ngm nh. Nu mt file b timeout, client s lun c th mout li. nu mt file b timeout, client cng s c th kt ni li, nhng sau 1 khon thi gian khng hiu qu, n s hy kt ni ny. gi tr n ch r s ln c kt ni li ca ty chn soft. cho php s dng NFS phin bn no trong kt ni. D mc nh l version 4, tuy nhin kernel hin ti vn h tr version 2 v 3. sec = gi tr thit lp ch bo mt cho mount: sys: s dng UID v GID chng thc (mc nh). krb5: s dng Kerberos V5 thay v dng UID v GID. kbr5i: dng Kerberos V5 chng thc v kim tra ton vn nhm ngn chn vic thay i tri php tp tin. kbr5p: dng Kerberos V5 chng thc, kim tra ton vn v m ha lung d liu NFS. V d: mout th mc /export/oracle trn server vo th mc /apps ca client vi cc ty chn ch c v mount soft:
[root@server ~]# mount o ro,soft,retrans=20 server2: /export/oracle /apps
Ngoi ra, nu vic truy cp h thng file trn server mt cch thng xuyn, chng ta c th cu hnh file fstab mount nhng th mc cn thit mt cch lu di.
Trang 135
Tn, nhn ca thit b hoc th mc c mount. Th mc m thit b c mount vo. Kiu mount ca h thng. V d: ext2, ext3, NFS, Cc ty chn ging phn permission. V d: ro, rw, Ty chn cho tin ch backup (0:no, 1: yes). Th t h thng phn cp khi cn kim tra tnh ton vn ca h thng. Root (/) thng l 1. H thng file c mount ngay di root (/) v d /etc thng l 2. Nhng h thng khc thng l 3.
V d mt file fstab:
LABEL=/ LABEL=/home LABEL=/boot tmpfs devpts sysfs proc LABEL=SWAP-sda5 / /home /boot /dev/shm /dev/pts /sys /proc swap ext3 ext3 ext3 tmpfs devpts sysfs proc swap defaults defaults defaults defaults gid=5,mode=620 defaults defaults defaults 1 1 1 2 1 2 0 0 0 0 0 0 0 0 0 0
V d ta mun h thng s mount th mc /export/oracle mc nh mi khi khi ng h thng vo th mc /apps. Thm dng sau vo tp tin fstab:
Apps /apps nfs ro,sync 0 0
Trang 136
9.4.1 Service nfs status Kim tra trng thi dch v NFS:
[root@server ~]# service nfs status rpc.mountd (pid 3838) is running... nfsd (pid 3835 3834 3833 3832 3831 3830 3829 3828) is running... rpc.rquotad (pid 3823) is running...
9.4.2 Showmount option host Cho bit thng tin trng thi NFS, hin th danh sch h thng th mc c th mount vo h thng cc b. Nu khng c ty chn no i km, lnh showmount s hin th nhng server chia s th mc dng chung:
[root@server ~]# showmount server2 Hosts on server2: 172.16.1.3
-a -e -v -d V d:
hin th cc th mc c cho php truy cp trn server. hin th cc danh sch th mc c xut khu (export). hin th phin bn ca chng trnh. ch hin th danh sch cc th mc c mount bi mt vi client.
[root@server ~]# showmount -v localhost showmount for 1.0.9 [root@server ~]# showmount -e localhost Export list for localhost: /export/oracle *.cn06.com /export 172.16.1.0/24
[root@server ~]# showmount -e server2 Export list for server2: /export/oracle *.cn06.com /export 172.16.1.0/24
Trang 137
9.5 Kt lun
NFS server cho php chia s nhng th mc c la chn cho client trong h thng cc my Linux. iu ny cho php lu tr tp trung, gim dung lng lu tr nhm gim chi ph phn cng cho h thng mng. Mc d c mt nhc im l yu cu dch v NFS phi c ci t trn c server ln client, nhng vic cu hnh v chia s bng NFS rt d dng v nhanh chng.
Trang 138
Trang 139
Trang 140
V d:
NISDOMAIN=nis.cn06.com
Tip theo, chng ta s cu hnh file /etc/ypserv.conf. N ch c mt vi ty chn chnh sau: Files xfer_check_port Ch r s file maps ln nht m server s qun l. Mc nh l 30. YES: yu cu master server chy NIS trn mt cng c quyn (privileged port nh hn 1024). NO: master server c th chy NIS trn bt k port no. host:domain:map:security L quy tc truy cp ch r quyn hn ca host hay domain khi truy cp vo cc maps trn NIS server. Vi host l a ch IP, domain l tn domain NIS m cc lut ny s p dng, map l tn map s c p dng lut, security gm: none (lun cho php truy cp), port (cho php truy cp t nhng port c quyn), deny (khng cho php truy cp vo map ). V d:
[root@server ~]# vi /etc/ypserv.conf 36 # Not everybody should see the shadow passwords, not secure, since 37 # under MSDOG everbody is root and can access ports < 1024 !!! 38 * 39 * : * : * : shadow.byname : port
: passwd.adjunct.byname : port
Trang 141
ty chn ny s ch cho make bit n s to nhng map no cho NIS. V d sau l mc nh ca NIS:
passwd group hosts rpc services netid protocols mail \ # netgrp shadow publickey networks ethers bootparams
Nh vy, make c th to ra cc map c nickname l passwd, group, hosts, rpc, services, netid, protocols v mail.
Trang 142
NIS server s ch chp nhn nhng yu cu t nhng a ch IP c trong file securenets ny v b qua nhng yu cu khc. C mt lu l bt buc phi thm chnh a ch ca NIS server (localhost hay 127.0.0.1) vo. V d:
# you must accept requests from localhost 255.255.255.255 127.0.0.1
Khi ng NIS:
[root@server ~]# service ypserv start Starting YP server services: [ OK ]
Khi khi ng NIS server, ta cn ch n mt vi ty chn sau: ypxfrd ypxfrd l mt daeamon cho php slave server c php sao chp ton b d liu ca master server. Khi c mt map mi, hay c s thay i trong map, NIS server s dng daemon ny bo cho slave bit cp nht. Ypxfrd l deamon ch chy trn server. ypxfr ypxfr l deamon chy trn slave server. N c nhim v giao tip vi master server chp d liu t master server v. SVTH: V Cng Dun Nguyn Anh Tun Trang 143
We need a few minutes to build the databases... Building /var/yp/nis.cn06.com/ypservers... gethostbyname(): Success Running /var/yp/Makefile... gmake[1]: Entering directory `/var/yp/nis.cn06.com' Updating passwd.byname... Updating passwd.byuid... Updating group.byname... Updating group.bygid... Updating hosts.byname...
Trang 144
Khi lnh ny c gi, n s yu cu xc nh nhng server no s ng vai tr l NIS server. Lu : lnh ny s gi lnh make cp phn trn.
Tip theo, cn ch cho client bit nhng host no ng vai tr l NIS server. Nh cp trn, file /etc/yp.conf chu trch nhim cho vic ny trn client. C php:
domain nisdomain server server_name hoc: domain nisdomain broadcast (do not use) hoc: ypserver server_name
Trang 145
Trang 146
Trang 147
Bc 1: Client khi to kt ni vo cng 21 ca server v gi lnh PORT 1742. Bc 2: server gi xc nhn ACK v cng lnh ca client. Bc 3: server khi to kt ni t cng 20 ca mnh n cng d liu m client khai bo trc .
Bc 4: client gi ACK phn hi cho server.
Passive FTP ch th ng, FTP client to kt ni n server, trnh vn firewall lc kt ni n cng ca my bn trong t server. Khi kt ni FTP c m, client s m 2 cng dnh ring (>1024), cng th nht dng lin lc vi cng 21 ca FTP server, nhng thay v gi lnh PORT v sau l server kt ni ngc tr li , th lnh PASS c pht ra. Kt qu l server s m mt cng bt k (>1024) v gi lnh PORT ngc tr li cho client . Sau client t kt ni t cng th hai vo cng P trn server truyn d liu. SVTH: V Cng Dun Nguyn Anh Tun Trang 148
Bc 1: client gi yu cu. Bc 2: server tr li bng lnh PORT 2223, cho client bit cng 2223 ang c m nhn kt ni d liu. Bc 3: client to kt ni truyn d liu t cng d liu ca n n cng d liu 2223 ca server. Bc 4: server tr li bng xc nhn ACK v cho cng d liu ca client. Lu : i vi FTP th ng, cng m lnh PORT m t chnh l cng s c m trn server. Cn i vi FTP ch ng cng ny s c m client.
Trang 149
Nu nh cha, ta c th ci t n t gi h tr i km h iu hnh:
[root@server3 ~]# rpm -ivh /mnt/CentOS/vsftpd-2.0.516.el5_4.1.i386.rpm Preparing... ########################################### [100%]
Cu hnh vsftpd Tp tin cu hnh chnh cho FTP server l /etc/vsftpd/vsftpd.conf. Ngoi ra, n cn mt vi tp tin quan trng khc nh: /usr/sbin/vsftpd /etc/vsftpd/vsftpd.conf /etc/vsftpd/ftpusers File thc thi v cng chnh l deamon. Chc nhng ty chn cu hnh cho FTP server. Cha danh sch nhng user khng c php ng nhp vo server. /etc/vsftpd/user_list c s dng cho php hay t chi truy cp n danh sch user. N ph thuc vo gi tr ca userlist_deny trong file vsftpd.conf. /var/ftp /var/ftp/pub Th mc lm vic ca FTP. Th mc cha nhng file ca nhng user nc danh (anonymous). Cc ty chn trong file vsftpd.conf c th phn chia theo chc nng ca chng. V d:
Trang 150
Nhng ty chn iu khin vsftpd deamon. Cc ty chn lin quan n port v mng. Nhng ty chn quyt nh quyn truy cp n server. Ty chn lin quan n vic truyn ti d liu. Lin quan n cc th mc do FTP server qun l. Lin quan n file log ca chng trnh.
C th: listen Khi chn yes, vsftpd s chy ch stan-alone. Tc l n s t qun l d liu m khng nm di s qun l ca vsftpd. Listen_address Anon_max_rate Listen_port Ch r a ch IP m vsftpd s lng nghe kt ni. Tc truyn ti ti a (bps) cho ngi dng nc danh. Port vsftpd lng nghe kt ni. Mc nh l 21.
Trang 151
Trang 152
Trang 153
Trang 154
Trang 155
MTA (Mail Transfer Agent): L chng trnh chuyn th gia cc my Mail Hub. Sendmail, Postfix l mt Mail Transfer Agent (MTA) dng giao thc SMTP ng vai tr l mt SMTP Server lm nhim v nh tuyn trong vic phn th . N nhn mail t nhng Mail User Agent (MUA) v nhng MTA khc, sau chuyn mail n cc MTA trn my khc hay MTA trn my ca mnh. n khng ng vai tr l mt trm phn th n cho ngi dng, ta phi dng mt chng trnh khc nh POP, IMAP thc hin vic ny. SVTH: V Cng Dun Nguyn Anh Tun Trang 156
Trang 157
Trang 158
V d:
From: myEmail@mydiv.redbookscorp.com To: Your Email <yourEmail@yourdiv.redbookscorp.com> cc: Your Boss <yourBoss@yourdiv.redbookscorp.com> Reply-To: myEmail@mydiv.redbookscorp.com Subject: This is a sample SMTP header
Sau y l danh sch cc tp lnh trong giao thc SMTP. Tp lnh SMTP Lnh C php Chc nng
Trang 159
HELO <sending-host> MAIL FROM:<from-address> RCPT TO:<to-address> DATA RSET VRFY <string> EXPN <string>
Lnh nhn dinSMTP a ch ngi gi a ch ngi nhn Bt u gi thng ip Hu b thng ip Kim tra username
M rng danh sch mail Help Quit Cac ma trang thai SMTP6 Khi mt host gi mt lnh SMTP n mt host khc, host nhn tra v mt ma trang thai cho may gi bit la iu gi a xay ra. Danh sach bn di la code c nhom theo s u tin (5xx la li, 4xx li tam thi, 1xx-3xx thanh cng): 211 214 220 221 250 251 354 421 450 500
6
Tra li tr giup, trang thai h thng Help message Dich vu sn sang (Service ready) ong kt ni Hanh ng yu cu c chp nhn Ngi s dung khng mang cuc b Bt u nhp mail Dich vu khng sn sang Hanh ng khng chp nhn, mailbox bn Khng hiu lnh hoc li cu phap
Trang 160
Phn pht trc tip (Direct delivery) cho php SMTP phn pht E-mail m khng da vo host trung gian no. Nu nh SMTP phn pht b li th h thng cc b s thng bo cho ngi gi hay n a mail vo hng i mail phn pht sau. Bt li ca vic phn pht trc tip(direct delivery) l n yu cu hai h thng cung cp u cc thng tin iu khin mail, mt s h thng khng th iu khin mail nh PC cc h thng mobile nh laptops, nhng h thng ny thng tt my vo cui ngy hay thng xuyn khng trc tuyn(offline). iu khin nhng trng hp ny cn phi c h thng DNS c s dng chuyn thng ip ti my ch mail thay cho h thng phn pht mail trc tip. Mail sau c chuyn t server ti my trm khi my trm kt ni mng tr li(online), giao thc mng POP cho php thc hin chc nng ny. 12.3.2 Post Office Protocol (POP) C hai phin bn ca POP c s dng rng ri l POP2, POP3. POP2 c nh ngha trong RFC 937, POP3 c nh ngha trong RFC 1725. POP2 s dng 109 v POP3 s dng Port 110. POP3 l giao thc h tr c hai chc nng l gi/nhn mail (client) v lu tr, chuyn mail (server). Cc cu lnh trong hai giao thc ny khng ging nhau nhng chng cng thc hin chc nng c bn l kim tra tn ng nhp v password ca user v chuyn mail ca ngi dng t server ti h thng c mail cc b ca user. Trong khi tp lnh ca POP3 hon ton khc vi tp lnh ca POP2. Tp lnh POP3 Lnh USER username PASS password SVTH: V Cng Dun Nguyn Anh Tun Trang 161 Password ca username cn nhn mail Chc nng Cho bit thng tin v username cn nhn mail
STAT RETR n LAST LIST [n] RSET TOP n l NOOP QUIT DELE n
Hin th s thng ip cha c c (bytes) Nhn thng ip th n Hin th thng tin message cui cng. Hin th kch thc ca thng ip th n Khng xo ht thng ip, quay li thng ip u tin In ra cc HEADER v dng th n ca thng ip Khng lm g Kt thc phin giao dch POP3 Xo thng ip th n
12.3.3 Internet Message Access Protocol (IMAP4) IMAP4 h tr c hai chc nng l client v server tng t nh POP3, tuy nhin IMAP4 cung cp nhiu chc nng hn hn so vi giao thc POP3. IMAP4 cho php client ch r tiu chun ti th v d nh khng chuyn nhng th c dung lng ln trn nhng ng truyn tc thp, hn na IPMAP4 lun gi th trn server v to mt bn sao gi ti client. Mt s khc nhau na gia POP3 v IMAP4 l ch hot ng. Khi s dng POP, client lun lun phi gi kt ni ti server vic gi/nhn th c thit lp thnh cng. Trong khi , IMAP4 cho php client lm vic ngay c trng thi khng c kt ni - khi khng kt ni, nhng thay i trn client s c ng b ha trn server sau mt khong thi gian nht nh.
IPMAP4 s dng port 143
Trang 162
Trang 163
12.4 Ci t Postfix
Trn Linux, c ba ng dng mail server: Exim, Postfix v Sendmail. Sendmail ra i sm nht v c ci t sn vo h thng Fedora, CentOS. Sendmail l ng dng mail server rt tt, nhng file cu hnh ca n rt kh c v kh s dng. Exim cng cho php lm tt c cng vic lin quan n e-mail nhng nhng ty chn cu hnh ca n lun lun khng r rng ngay t nhng phin bn u tin. ng dng th ba Postfix d ci t, nhanh v rt bo mt. V th, trong phn ny chng em s chn Postfix cu hnh mail server. Vic ci t Postfix tng t nh ci t nhng dch v khc. Tuy nhin, do trn h thng ci t sn Sendmail do c vi im cn lu khi ci thm Postfix: Mt vi ng dng yu cu mt mail server phi c ci t sn trn h thng, lc ny Sendmail mc nh c s dng (do n c ci t sn). V vy khng c g b Sendmail khi cha ci Postfix. Do Sendmail v Postfix s dng chung vi file (v d /usr/sbin/sendmail), h thng s s dng h thng khc phn bit hai gi ny. /usr/sbin/sendmail l symlink ti /etc/alternatives/mta s ln lt symlink ti /usr/sbin/sendmail.sendmail v /usr/sbin/sendmail.postfix. Bng cch ny, c hai gi c th ci t cng lc m khng b xung t. Postfix c u tin s dng thay v Sendmail, cn chuyn nhng link ny ti /etc/alternatives/mta v ch n /usr/sbin/sendmail.postfix. khc phc hin tng ny, ta c hai cch gii quyt: chuyn i u tin bng lnh c sn alternates ca h thng, hoc s dng mt gi i km l systemswich-mail.
Trang 164
Ch r DNS server cho client Nu client c cp a ch IP t DHCP server th mc nhin n c cp thm thng tin v DNS server. Tuy nhin, vi nhng client t thit lp a ch IP th ta nn kim tra xem DNS server m client mc nh tm kim c tn l g. Tp tin chu trch nhim cho vic ny l /etc/resolv.conf. V d:
domain cn06.com search cn06.com nameserver 172.16.1.2 #nameserver 194.72.192.3
Cc gi ci t cn thit: postfix-2.3.3-2.1.el5_2.i386.rpm dovecot-1.0.7-7.el5.i386.rpm system-switch-mail-0.5.25-12.noarch.rpm Cc tp tin cu hnh chnh: /etc/postfix/main.cf 12.4.2 Ci t Ci t postfix:
Trang 165
Ci t system-switch-mail:
[root@server3 ~]# rpm -ivh /mnt/CentOS/system-switch-mail-0.5.2512.noarch.rpm Preparing... ########################################### [100%] 1:system-switch-mail ########################################### [100%]
12.4.3 Cu hnh tp tin main.cf Do tp tin main.cf c qu nhiu ty chn cu hnh nn phn ny, chng em ch cp n nhng ty chn quan trng nht v cn thit nht ci t v chy server SMTP. Tt c cc ty chn trong tp tin main.cf u c gii thch rt r rng nn khng qu kh khn khi hiu cc ty chn ca n. Myhostname Tham s ny ch r tn m Postfix s nhn e-mail. Thng thng l hostname ca mail server (trong lun vn ny l mail.cn06.com)
myhostname = mail.cn06.com
Mydomain
Trang 166
Myorigin tng tnh nht qun gia a ch ngi gi v ngi nhn, myorigin cng s ghi r tn domain mc nh c gn vo a ch ngi nhn no khng c phn ui @domain. Ta c th s dng mt trong hai ty chn l $mydomain hoc $myhostname.
myorigin=$mydomain myorigin=$myhostname
Lu :
Do myhostname v mydomain c khai bo phn trn, do vy ta khng cn khai bo nhng ty chn bn di m ch cn tham chiu ti ty chn bng du $.
Mydestination Tham s ny ch r danh sch cc domain m server Postfix s coi nh ch n cho e-mail n. V d:
mydestination = $server3, localhost.$cn06.com, localhost #mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain #mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain, # mail.$mydomain, www.$mydomain, ftp.$mydomain
Inet_interfaces Ch r a ch ca interface m h thng s nhn mail. Mc nh, nhng interface trng thi active s c chp nhn.
#inet_interfaces = all #inet_interfaces = $myhostname #inet_interfaces = $myhostname, localhost
Trang 167
Mail_spool_directory Thng thng, mail t khi c gi ti client hoc trn server s c lu trong th mc /var/spool/mail. Mi user s c lu tr mail trong mt th mc ring bit, v d user admin s l /var/spool/mail/admin.
#mail_spool_directory = /var/mail #mail_spool_directory = /var/spool/mail
Mynetworks Tham s ny l mt ty chn quan trng, n cho bit danh sch nhng client c tin tng s dng h thng mail. Thng thng, chng ta ch cho php nhng client c trong mng cc b ca mnh.
mynetworks =172.16.1.0/24,127.0.0.0/4 #mynetworks = $config_directory/mynetworks #mynetworks = hash:/etc/postfix/network_table
Inet_protocol Cho php s dng IPv6 trn server mail Postfix. Mc nh ch c IPv4 c chp nhn, thit lp gi tr cho ipv6 gip Postfix h tr IPv6 trong vic qun l mail. Nh vy ta cu hnh xong tp tin cu hnh chnh, vic tip theo l khi ng dch v v kim tra tnh ng n ca tp tin cu hnh. Smtpd_banner Hin th mt on text ngay sau code 220 khi SMTP server tr li kt ni t client. Ch : phi ghi r tham s $myhostname u on text theo quy nh ca RFC (Postfix thc ra khng quan tm n tham s ny)
#smtpd_banner = $myhostname ESMTP $mail_name smtpd_banner = $myhostname ESMTP $mail_name ($mail_version) by cn06.com
Trang 168
L do: Postfix khng tm thy localhost trong tp tin /etc/hosts. V th, ta phi thm thng s ny vo v khi ng li dch v network.
127.0.0.1 172.16.1.3 localhost server3.cn06.com
Ta c th kim tra tnh ng n ca dch v bng cch gi mail gia cc user trong domain (s dng nh cp phn trn). Lu : Ngoi vic cu hnh tp tin main.cf bng trnh son tho vi, cn mt cch khc l dng lnh c sn ca postfix: postconf v cc ty chn ca n. Cn m bo TCP port 25 c m v server chp nhn cc kt ni n. Do nn to ra cc quy tc truy cp bng iptables hoc s dng giao din ha m cng 25:
[root@server3 ~]# iptables -A INPUT -p tcp -m state --state NEW -m tcp --dport 25 -j ACCEPT
Trang 169
Cu hnh tp tin dovecot.conf: Tp tin cu hnh chnh cho Dovecot nm ti /etc/dovecot.conf. Trong tp tin cu hnh ny c rt nhiu ty chn nhm ph hp vi mc ch s dng cho tng client, tuy nhin ty chn quan trng nht l:
20 protocols = imap imaps pop3 pop3s
Ty chn ny cho php Dovecot h tr cc giao thc nh POP3 (port 110), POP3s (port 993), IMAP4 (port 143), IMAPs (port 995). Sau , ta khi ng dch v Dovecot:
[root@server ~]# service dovecot start Starting Dovecot Imap: [OK]
Kim tra chc chn cc cng lin quan ti mail c m (bao gm cng 25 SMTP, 110 POP3, 143 IMAP4, 993 POP3s, 995 IMAPs).
[root@server ~]# netstat -an | more Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address tcp tcp tcp 0 0 0 0 127.0.0.1:2208 0 0.0.0.0:111 0 0.0.0.0:23 Foreign Address 0.0.0.0:* 0.0.0.0:* 0.0.0.0:* State LISTEN LISTEN LISTEN
Trang 170
Trang 171
Kim tra dch v bng cch cho client gi/nhn mail thng qua Outlook Express:
Trang 172
Trang 173
Trang 174
Trang 175
Tt c nhng gi ny c cung cp km theo CentOS 5 Cu hnh Squirrelmail Sau khi ci t thnh cng, tp tin cu hnh nm ti /etc/squirrelmail/config.php. Vic cu hnh lm vic vi squirrelmail kh n gin. Mt vi tham s cn lu :
$domain $imapServerAddress = 'cn06.com'; = '172.16.1.3';
Trang 176
$domain = cn06.com : tn domain m Squirrelmail s lm vic. $imapServerAddress: a ch IMAP server. y cng chnh l a ch mail server 172.16.1.3 $imapPort = 143: cng mc nh dng cho giao thc IMAP. $smtpServerAddress: a ch SMTP server. $smtpPort = 25: cng mc nh dng cho giao thc SMTP. Sau khi cu hnh xong, chng ta cn khi ng dch v HTTP (do squirrelmail c vit bng PHP).
[root@server3 ~]# service httpd start Starting httpd: [ OK ]
Bc cui cng l dng trnh duyt son tho mail: Trn bar, g a ch: http://mail.cn06.com/webmail
Trang 177
Trang 178