Xây Dựng Hệ Thống Linux

TRNG I HC GIAO THNG VN TI TP.
HCM KHOA CNG NGH THNG TIN
V CNG DUN NGUYN ANH TUN
CN06011 CN06112
TRIN KHAI CC DCH V MNG TRN H THNG LINUX

LUN VN TT NGHIP
GIO VIN HNG DN Ths. L Quc Tun
NIN KHA 2006 - 2010
GVHD: Ths.L Quc Tun
Mc lc
Mc lc...................................................................................................................... 2 Li m u................................................................................................................7 Chng 1. S lc v Linux......................................................................................8 1.1 Lch s.............................................................................................................8 1.2 Kin trc HH Linux:.....................................................................................9 1.2.1 Nhn (Kernel).........................................................................................10 1.2.2 Shell........................................................................................................11 1.2.3 Cc tin ch.............................................................................................12 1.2.4 Chng trnh ng dng...........................................................................12 1.3 Nhng im khc nhau gia Linux & Windows............................................12 1.3.1 n ngi dng a ngi dng...........................................................12 1.3.2 Monolithic Kernel v Micro Kernel........................................................13 1.3.3 GUI v Kernel.........................................................................................13 1.3.4 Registry v Text file...............................................................................13 Chng 2: Linux c bn..........................................................................................15 2.1 H thng th mc trong Linux.......................................................................15 2.1.1 Cc th mc h thng.............................................................................15 2.1.2 Cu trc tp tin........................................................................................17 2.2 Qun l ngi dng v nhm.........................................................................18 2.2.1 Xem thng tin ngi dng......................................................................18 2.2.2 Qun l ngi dng................................................................................21 2.2.3 Cc lnh v tp tin v th mc ...................................................................26 To th mc : mkdir .......................................................................................26 Xa 1 th mc : rmdir .....................................................................................26 Hin th thng tin tp tin th mc: ls option tn_file.......................................27 To tp tin .......................................................................................................28 Xem ni dung tp tin.......................................................................................28 Sao chp..........................................................................................................28 Di chuyn.........................................................................................................28 SVTH: V Cng Dun Nguyn Anh Tun Trang 2
GVHD: Ths.L Quc Tun

Xa tp tin : rm................................................................................................28 Xa th mc rng : rmdir................................................................................29 Xem th mc hin hnh: pwd..........................................................................29 Trnh son tho vi............................................................................................29 Lit k file trong th mc................................................................................30 Cc lnh iu khin truy cp tp tin v th mc..............................................30 2.2.4 Qun l a v qun l quota......................................................................32 S dng mount v unmount.............................................................................32 Cc lnh qun l a v phn vng..................................................................33 Gii hn khng gian a vi quota...................................................................34 Chng 3: Dynamic Host Configuration Protocol (DHCP).....................................38 3.1 DHCP l g?...................................................................................................38 3.1.1 u im ca DHCP................................................................................38 3.1.2 nh dng mt gi tin DHCP..................................................................40 3.2 Ci t DHCP................................................................................................44 3.3 Cu hnh DHCP server..................................................................................45 3.3.1 Cc khai bo...........................................................................................46 3.4 Kt lun.........................................................................................................48 Chng 4: Domain Name System (DNS)................................................................49 4.1 DNS l g?.....................................................................................................49 4.2 Ci t DNS...................................................................................................54 4.3 Cu hnh DNS server.....................................................................................54 4.4 Khi ng dch v.........................................................................................58 4.5 Cc cng c kim tra DNS.............................................................................58 4.6 Kt lun.........................................................................................................60 Chng 5: Bo mt Linux.......................................................................................61 Linux liu c bo mt?........................................................................................61 Gii thiu h thng Firewall dng Iptables..........................................................62 Cc thnh phn ca Iptables................................................................................64 M hnh x l trong iptables................................................................................66 C php lnh iptables...........................................................................................70 SVTH: V Cng Dun Nguyn Anh Tun Trang 3
GVHD: Ths.L Quc Tun

S dng lnh trong iptables.............................................................................70 C php lnh iptables.......................................................................................71 nh gi..........................................................................................................89 Chng 6: SecureShell (SSH).................................................................................90 6.1 Lch s...........................................................................................................90 6.2 SSH l g?......................................................................................................90 6.3 Tng quan v cc c im ca SSH.............................................................92 6.3.1 Tnh b mt (Privacy)..............................................................................92 6.3.2 Xc thc (authentication)........................................................................92 6.3.3 Vic cp giy php..................................................................................93 6.3.4 Chuyn tip hoc ng hm..................................................................94 6.3.5 Cch thc lm vic ca SSH...................................................................95 6.4 Tm hiu v Public Key Cryptography..........................................................97 6.4.1 Cc c im ca kha...........................................................................98 6.5 Ci t OpenSSH...........................................................................................98 6.5.1 File cu hnh SSHD................................................................................99 6.6 S dng OpenSSH.......................................................................................100 6.6.1 Secure Shell (SSH)...............................................................................100 6.6.2 To Secure Tunnel................................................................................101 6.6.3 Secure Copy (SCP)...............................................................................106 6.6.4 Secure FTP (SFTP)...............................................................................106 Chng 7: In n vi CUPS....................................................................................108 7.1 Gii thiu.....................................................................................................108 7.2 Ci t CUPS...............................................................................................108 7.3 Cu hnh my in...........................................................................................110 7.3.1 S dng giao din.................................................................................110 7.3.2 S dng command line.........................................................................111 7.3 In t Windows.............................................................................................112 7.3.1 S dng CUPS......................................................................................112 7.3.2 S dung Samba.....................................................................................113 7.4 In t Linux...................................................................................................114 SVTH: V Cng Dun Nguyn Anh Tun Trang 4
GVHD: Ths.L Quc Tun

Chng 8: Samba..................................................................................................115 8.1 Gii thiu.....................................................................................................115 8.2 Ci t Samba..............................................................................................117 8.2.1 Cc kiu server Samba..........................................................................117 8.3 Cu hnh Samba...........................................................................................118 8.3.1 Cc thng s smb.conf..........................................................................120 8.3.2 Cc thng s phn [Global]..................................................................120 8.3.3 Cc thng s Domain............................................................................120 8.3.4 Cc thng s bo mt............................................................................121 8.3.5 Cc thng s my in..............................................................................121 8.3.6 Cc thng s chia s..............................................................................122 8.3.7 Thm user vo Samba...........................................................................123 8.4 Truy cp ti nguyn chia s.........................................................................124 Chng 9: Network File System (NFS).................................................................130 9.1 Gii thiu cc dch v tp tin mng (Network File Services)......................130 9.1.1 Cc phin bn.......................................................................................131 9.1.2 Cc giao thc vn chuyn.....................................................................131 9.1.3 Cc thnh phn NFS.............................................................................131 9.2 Cu hnh server NFS....................................................................................132 9.3 Cu hnh trn client......................................................................................134 9.4 Mt vi lnh hu dng.................................................................................137 9.4.1 Service nfs status..................................................................................137 9.4.2 Showmount option host........................................................................137 9.5 Kt lun.......................................................................................................138 Chng 10: Network Information System (NIS)...................................................139 10.1 Gii thiu...................................................................................................139 10.2 NIS lm vic nh th no?.........................................................................139 10.3 Thit lp NIS server...................................................................................140 10.3.1 Cu hnh NIS server............................................................................140 10.3.2 Khi ng NIS server.........................................................................143 10.4 Thit lp NIS client....................................................................................145 SVTH: V Cng Dun Nguyn Anh Tun Trang 5
GVHD: Ths.L Quc Tun

Chng 11: File Transfer Protocol (FTP)..............................................................147 Gii thiu...........................................................................................................147 Active FTP.....................................................................................................147 Passive FTP...................................................................................................148 Thit lp FTP server..........................................................................................150 Ci t VSFTPD............................................................................................150 Cu hnh vsftpd..............................................................................................150 Chng 12: Dch v Mail......................................................................................156 12.1 Mt vi khi nim......................................................................................156 12.2 Gii thiu v h thng mail........................................................................158 12.3 Nhng giao thc mail................................................................................159 12.3.1 Simple Mail Transfer Protocol (SMTP)..............................................159 12.3.2 Post Office Protocol (POP).................................................................161 12.3.3 Internet Message Access Protocol (IMAP4).......................................162 12.4 Ci t Postfix............................................................................................164 12.4.1 Chun b..............................................................................................165 12.4.2 Ci t.................................................................................................165 12.4.3 Cu hnh tp tin main.cf......................................................................166 12.5 Ci t dovecot..........................................................................................170 12.6 Web Mail...................................................................................................176 12.6.1 Squirrelmail l g ?..............................................................................176 12.6.2 Ci t Squirrelmail............................................................................176 Ti liu tham kho.................................................................................................178
SVTH: V Cng Dun Nguyn Anh Tun
Trang 6
GVHD: Ths.L Quc Tun
Li m u
Hin nay ch chim mt t l khim tn nu so vi h iu hnh Windows. Tuy nhin, trong nhng nm gn y h iu hnh Linux ang vn ln mt cch mnh m, ngy cng h tr cc qun tr mng cng nh ngi dng tt hn. Ngoi nhng tnh nng a dng, n nh hu ht cc bn Linux u min ph gp phn khng nh trong vic ph cp cng ngh thng tin. c bit l trong t khng hong kinh t ton cu, vic tit kim, gim chi ph trong doanh nghip tr nn cp bch th vic chuyn sang s dng Linux tr thnh mt trong nhng u tin hng u. l l do m chng em chn ti nghin cu trin khai cc dch v mng trn Linux. Trn tin, nhm chng em xin chn thnh cm n thy L Quc Tun tn tnh ch bo, hng dn chng em hon thnh ti tt nghip ny. Chng em xin gi n qu thy c khoa Cng Ngh Thng Tin lng bit n su sc v ghi nhn s ch dn, ging dy, h tr v gip , cung cp nhng kin thc qy bu, to mi iu kin thun li v gp trong sut qu trnh hc tp cho sinh vin chng em thc hin ti tt nghip c thun li. Chng em s s dng m hnh mng sau trin khai ti.
Trang 7
GVHD: Ths.L Quc Tun
Chng 1. S lc v Linux
1.1 Lch s
- Nm 1991, Linus Torvalds, sinh vin ca i hc Tng hp Helsinki Phn Lan bt u xem xt Minix, mt phin bn ca Unix lm ra vi mc ch nghin cu cch to ra mt h iu hnh Unix chy trn my PC vi b vi x l Intel 80386. - Ngy 25/8/1991, Linus cho ra version 0.01 v thng bo trn comp.os.minix v d nh ca mnh v Linux. - 1/1992, Linus cho ra version 0.02 vi shell v trnh bin dch C. Linux khng cn Minix na bin dch li h iu hnh ca mnh. Linus t tn h iu hnh ca mnh l Linux. - 1994, phin bn chnh thc 1.0 c pht hnh. - 1996, phin bn 2.0 ra i nh du s thay i ln trong cu trc kernel - Tnh n thi im hin ti, phin bn n nh mi nht ca Linux kernel l 2.6.33.3. Di y l 1 email Linus Torvalds vi thng trc khi cng b phin bn kernel Linux u tin:
From: torvalds@klaava.Helsinki.FI (Linus Benedict Torvalds) Newsgroups: comp.os.minix Subject: What would you like to see most in minix? Summary: small poll for my new operating system Message-ID: Date: 25 Aug 91 20:57:08 GMT Organization: University of Helsinki Hello everybody out there using minix I'm doing a (free) operating system (just a hobby, won't be big and professional like gnu) for 386(486) AT clones. since april, and is starting to get ready. This has been brewing I'd like any feedback on
things people like/dislike in minix, as my OS resembles it somewhat (same physical layout of the file-system (due to practical reasons) among other things). I've currently ported bash(1.08) and gcc(1.40), and things seem to work. This implies that I'll get something practical within a few months, and I'd like to know what features most people would want. are welcome, but I won't promise I'll implement them :-) Any suggestions
Trang 8
GVHD: Ths.L Quc Tun

Linus (torvalds@kruuna.helsinki.fi) PS. Yes - it's free of any minix code, and it has a multi-threaded fs. It is NOT protable (uses 386 task switching etc), and it probably never will support anything other than AT-harddisks, as that's all I have :-(. Judging from the post, 0.01 wasn't actually out yet, but it's close. I'd guess the first version went out in the middle of September -91. I got some responses to this (most by mail, which I haven't saved), and I even got a few mails asking to be beta-testers for linux. After that just a few general answers to quesions on the net:
1.2 Kin trc HH Linux:

Ngi dng
Shell
Tin ch
ng dng
Kernel
Phn cng
Hnh 1. Kin trc Linux
Trang 9
GVHD: Ths.L Quc Tun
1.2.1 Nhn (Kernel) L trung tm iu khin ca h iu hnh Linux, cha cc m ngun iu khin hot ng ca ton b h thng. Ht nhn c pht trin khng ngng, thng c 2 phin bn mi nht, mt bn dng pht trin mi nht v mt bn n nh mi nht. Kernel c thit k theo dng modul, do vy kch thc tht s ca Kernel rt nh. Chng ch ti nhng b phn cn thit ln b nh, cc b phn khc s c ti ln nu c yu cu s dng. Nh vy so vi cc h iu hnh khc Linux khng s dng lng ph b nh nh khng ti mi th ln m khng cn quan tm n c s dng khng. Kernel c xem l tri tim ca h iu hnh Linux, ban u pht trin cho cc CPU Intel 80386. im mnh ca loi CPU ny l kh nng qun l b nh. Kernel ca Linux c th truy xut ti ton b tnh nng phn cng ca my. Phin bn kernel thay i theo quy c: A.B.C.D. Trong : A: phin bn ca kernel - ch thay i khi c thay i rt ln v nh ngha hoc trong code ca kernel. Ch c 2 ln xy ra s thay i phin bn kernel l vo nm 1994 (version 1.0) v 1996 (version 2.0). B: thay i khi kernal c nhng thay i ln - vic thay i ca B tun theo h thng nh s phin bn chn - l. S l cho phin bn ang pht trin, s chn cho phin bn n nh. V d: 2.6.x l phin bn n nh, 2.5.x l phin bn ang pht trin. C: thay i khi c nhng thay i nh, khng ng k trong kernel. D: thay i khi c bug nh hoc cc sercurity fix.
Trang 10
GVHD: Ths.L Quc Tun
Hnh 2. Tin trnh pht trin Linux kernel.
1.2.2 Shell L 1 trnh phin dch, cung cp tp lnh ngi dng thao tc vi h iu hnh nhm thc hin cng vic ca mnh. C nhiu loi shell c dng trong Linux. im quan trng phn bit cc shell vi nhau l b lnh ca mi shell. V d, C shell (csh) s dng cc lnh tng t ngn ng C, Bourne Shell th dng ngn ng lnh khc.
Trang 11
GVHD: Ths.L Quc Tun

Shell s dng chnh trong Linux l GNU Bourne Again Shell (bash). Shell ny Bourne Shell, l shell s dng chnh trong cc h thng Unix, vi nhiu tnh nng mi nh : iu khin cc tin trnh, cc lnh history, tn tp tin di 1.2.3 Cc tin ch Cc tin ch c ngi dng thng xuyn s dng. N dng cho nhiu th nh thao tc tp tin, a, nn, sao lu tp tin, Tin ch trong Linux c th l cc lnh thao tc hay cc chng trnh giao din ha. Hu ht cc tin ch dng trong Linux l sn phm ca chng trnh GNU. Linux c sn rt nhiu tin ch nh trnh bin dch, trnh g li, son vn bn. Tin ch c th c s dng bi ngi dng hoc h thng. Mt s tin ch c xem l chun trong h thng Linux nh passwd, ls, ps, vi 1.2.4 Chng trnh ng dng Khc vi cc tin ch, cc ng dng nh chng trnh OpenOffice, h qun tr c s d liu, mail, chat ... c cc cng ty vit v pht trin p ng nhu cu phong ph ca ngi dng. V tt nhin hu ht chng min ph!
1.3 Nhng im khc nhau gia Linux & Windows

1.3.1 n ngi dng a ngi dng Windows c thit k theo trit l mt my tnh, mt bn lm vic v mt ngi s dng ca Bill Gates. Ngha l hai ngi khng th s dng Microsoft Word trn cng mt my vo cng mt thi im hay ngn gn l single user (mc d sau ny thut ng multitasking c s dng rng ri trn Windows 95, nhng n thc s c dng trn UNIX t rt lu trc 1969!). Ngc li, Linux li theo trit l ca UNIX. UNIX c pht trin vo nhng 60 ca th k 20 ti AT&T Bell Labs, v c s dng trn my PDP-7 dng chung cho tt c cc phng ban. V th, UNIX c thit k cho php nhiu ngi dng (multiple users) c th login vo my ch vo cng mt thi im.
Trang 12
GVHD: Ths.L Quc Tun

1.3.2 Monolithic Kernel v Micro Kernel C hai dng kernel c s dng trn cc h iu hnh khc nhau: monolithic kernel v micro-kernel. Monolithic kernel cung cp tt c cc dch v cho cc ng dng m ngi dng cn, ngc li micro-kernel ch gi mt phn nh cc dch v v cc module thc hin cc chc nng khc. Hu ht cc bn phn phi Linux u chp nhn kin trc monolithic kernel gii quyt mi li gi h thng v phn cng. Trong khi , Windows s dng dng micro-kernel ch cung cp mt phn nh dch v cho vic qun l tin trnh, qun l nhp/xut (I/O), 1.3.3 GUI v Kernel Windows tch hp GUI vo h thng nhn di s chp nhn ca h thng cho ra i n Macintosh ca Apple. iu ny gip h iu hnh v giao din ngi dng mang tnh thng nht cao. Mt khc, Linux gi hai thnh phn ny giao din ngi dng v h iu hnh ring bit nhau. X Windows khi chy ging mt ng dng ngi dng (userlevel application); nu GUI v mt l do no b li, Linux s khng b v theo li , n n gin gi mn hnh Terminal ln bn tip tc thc hin cng vic ca mnh (c im ny khc hon ton vi GUI ca Windows ni thng xuyn xut hin mn hnh xanh nu c li h thng!). Tnh nng quan trng nht ca X Windows l kh nng hin th mn hnh qua mng trn mn hnh ca my trm khc. iu ny cho php nhiu ngi dng truy cp vo cng mt my, cng chy OpenOffice vo cng mt thi im. Ngoi ra, X Window cn phong ph s lng trnh qun l file m ph bin nht hin nay l GNOME v KDE. 1.3.4 Registry v Text file H iu hnh Windows s dng Registry gm hng ngn entry qun l tt c cc thng tin v ngi dng, thng tin h thng, Vic qun l registry cc k kh v nguy him. Bt k s thay i registry no cng c th gy ra li nguy him cho h thng, thm ch phi ci li h iu hnh.
Trang 13
GVHD: Ths.L Quc Tun

Linux khng qun l h thng bng registry. iu ny em li c tin li ln nhng tai ha tim n. Tin li ch cc file cu hnh hu ht c lu trong cc file text v c t trong th mc /etc. Nh vy bn hon ton c th s dng mt trnh son tho chnh sa file cu hnh mt cch d dng m khng phi hoa mt tm kim nh trong Registry. Nhng file cu hnh ny him khi b thay i, hn na n dng file text nn rt d dng xem khi cn thit. Thm ch c th vit script c hoc chnh sa file cu hnh iu ny c bit hu dng cho cc qun tr vin khi qun tr h thng server mt cch t ng. Tai ha ch khng c bt k tiu chun no cho vic vit file cu hnh. Mi ng dng c mt nh dng ring ca n, nhiu ng dng hin nay s dng cc cng c ci t dng GUI, ngoi ra c th bn phi ci t ng dng thng qua source code vi rt nhiu bc phi thc hin c th ci t ng dng mt cch thnh cng.
Trang 14
GVHD: Ths.L Quc Tun
Chng 2: Linux c bn
2.1 H thng th mc trong Linux
2.1.1 Cc th mc h thng Trong Linux khng c khi nim a nh trong Windows, tt c cc tp tin th mc bt u t th mc gc (/).H thng th mc trong linux c biu din nh sau: root
sbin
usr
dev
var
etc
home
sbin
bin
lib
doc
man
H iu hnh Linux hnh thnh t nhiu th mc v tp tin khc nhau. Cc th mc c th lp thnh nhiu file system khc nhau, ty vo cch ci t. Nhn chung, a phn h iu hnh nm hai file system: root file system (file system gc) c k hiu l /, v mt file system khc c kt ni theo /usr. Th mc /root /sbin /usr /dev /etc Chc nng Th mc gc, bt u cu trc file Cha cc file h thng dng khi ng h thng Cha cc file, cu lnh c h thng s dng, th mc ny c chia thnh cc th mc con khc. Cha giao din cho cc thit b nh cdrom,my in. Cha cc tp tin tu bin ca c h thng. Nhng tp tin trong ny iu khin c qu trnh khi ng my, qun l users, qun l mng ... /home Cha th mc gc ca ngi dng /var Cha cc file ng nhp h thng Trong th mc /dev cha cc file c bit gi l device files (file thit b, c h thng s dng chy cc phn cng. V d file /dev/cdrom s c thng tin t cdrom. Khi t chc s dng phn cng theo cch ny, Linux lm cho vic tng tc vi phn cng trng ging nh mt phn mm. SVTH: V Cng Dun Nguyn Anh Tun Trang 15
GVHD: Ths.L Quc Tun

Cc thit b thng dng cha trong th mc /dev
File thit b Chc nng Giao din driver cho cc cng IDE. Thit b /dev/hda1 ch partition u tin trn cng had. Thit b /dev/had ch ton b cng hda. Giao din driver cho cc a SCSI. Nhng a v partition ny c cng quy c vi thit b IDE /dev/hd*. Driver thit b h tr a mm. a mm u tin l /dev/fd0, th hai l /dev/fd1. Driver thit b cho cng bng t SCSI. Driver cung cp nhiu loi thit b giao tip khc nhau cho user nhp liu. S d vit tt l tty bi v trc kia cc terminal dng teletype u mc ni vi h iu hnh UNIX. Vi Linux, nhng tp tin ny h tr cc thit b giao tip o, m bn c th truy cp bng cch bm t cho n . Thit b giao tip o cho php nhiu user ng nhp cng lc. Driver h tr terminal gi, dng cho vic ng nhp t xa, chng hn nh nhng phin ng nhp qua Telnet. Cc cng giao din ni tip trn my bn. File /dev/ttyS0 tng ng COM1 ca MSDOS. Nu bn s dng chut ni tip, th file /dev/mouse l mt lin kt tng trng, ni vi thit b ttyS tng ng (Chut ni kt vi thit b ny.) Cc thit b c bit gi ra ngoi dng vi modem Mt thit b rt c bit, ch yu l mt l en. Tt c cc d liu ghi vo /dev/null xem nh b mt vnh vin. Vic ny hu ch khi bn mun chy mt cu lnh v th tiu stdout hoc stderr. V nu /dev/null dng lm file nhp, bn s to ra mt file c di zero.
/dev/console Bn giao tip h thng, l mn hnh ni kt vt l vi h thng /dev/hd* /dev/sd* /dev/fd* /dev/st*
/dev/tty*
/dev/pty* /dev/ttyS* /dev/cua* /dev/null
Tt c d liu trn cc partition c gn kt vo cy th mc, gi l mount. Khi chng ta ghi d liu vo trong th mc tc l chng ta ghi d liu ln partition m th mc gn kt vo. Th mc /usr v cc th mc con rt quan trng cho h thng Linux, bi v cha ng nhiu th mc trong c nhng chng trnh cn thit nht cho h thng. Nhng th mc cp di ca /usr cha cc gi phn mm ln m bn ci t.
Cc th mc th cp quan trng trong file system /usr. Th mc th cp /usr/bin /usr/etc /usr/include Lu nhiu file cu hnh h thng Ti y v trong nhiu th mc cp di ca /usr/include l ni lu tt c cc file km theo b bin dch C. Nhng file header ny nh ngha cc hng v hm dng Chc nng Lu nhiu file thi hnh ca h thng.
Trang 16
GVHD: Ths.L Quc Tun
trong lp trnh bng C. /usr/g++include /usr/lib /usr/share/man /dev/pty* /usr/src /usr/local Lu cc file km theo b bin dch C. Cha cc th vin chng trnh s dng trong khi kt ni Cha cc trang th cng cho chng trnh. Bn di /usr/share/man l nhiu th mc tng ng vi cc on trong trang man. Driver h tr terminal gi, dng cho vic ng nhp t xa, chng hn nh nhng phin ng nhp qua Telnet. Cha cc th mc m ngun ca nhiu chng trnh trn h thng. Nu nhn c gi phn mm ch ci t, bn nn lu vo /usr/src/tn-gi trc khi ci t. Dnh ring cho vic thit k hoc ty chnh cc ng dng cho ph hp vi h thng my bn. Nhn chung, hu ht phn mm dng ti ch c lu trong cc th mc cp di ca th mc ny
C s tng ng trong cu trc file v th mc ca linux v windown nh sau:
2.1.2 Cu trc tp tin
- Linux h tr rt nhiu loi h thng tp tin nh: ext2, ext3, MS-DOS, proc.
H thng tp tin c bn ca Linux l ext2 v ext3 (hin ti l ext3). H thng tp tin ny cho php t tn tp tin ti a 256 k t v kch thc ti a l 4terabytes. MSDOS dng truy cp trc tip nhng tp tin MS-DOS. Bn cnh , Linux cn h
Trang 17
GVHD: Ths.L Quc Tun

tr vfat cho php t tn tp tin di i vi nhng tp tin MS-DOS v nhng partition FAT32.
- Khi to 1 tp tin n s bao gm 3 phn :

o Super block o Inode o Storage block
- Super Block: l mt cu trc c to ti v tr bt u h thng tp tin. N

lu tr thng tin v h thng tp tin nh: Thng tin v block-size, free block, thi gian gn kt(mount) cui cng ca tp tin.
- Inode (256 byte): Lu nhng thng tin v nhng tp tin v th mc c to

ra trong h thng tp tin. Nhng chng khng lu tn tp tin v th mc thc s. Mi tp tin to ra s c phn b mt inode lu thng tin sau: o Loi tp tin v quyn hn truy cp tp tin o o Ngi s hu tp tin. Kch thc ca tp tin v s hard link n tp tin.
o Ngy v thi gian chnh sa tp tin ln cui cng. o V tr lu ni dung tp tin trong h thng tp tin.
- Storageblock: L vng lu d liu thc s ca tp tin v th mc. N chia

thnh nhng Data Block. D liu lu tr vo a trong cc data block. Mi block thng cha 1024 byte. Ngay khi tp tin ch c 1 k t th cng phi cp pht 1 block lu n. Khng c k t kt thc tp tin. Data Block ca tp tin thng thng lu inode ca tp tin v ni dung ca tp tin Data Block ca th mc lu danh sch nhng entry bao gm inode number, tn ca tp tin v nhng th mc con.
2.2 Qun l ngi dng v nhm

2.2.1 Xem thng tin ngi dng Thng tin ngi dng c lu ch yu trong 3 file: /etc/passwd , /etc/shadow , /etc/group.
Trang 18
GVHD: Ths.L Quc Tun Tp tin /etc/passwd

L ni cha ng thng tin d liu ti khon ngi dng trn linux di dng vn bn. Cu trc file /etc/passwd :
Xem file /etc/passwd
[root@server1 ~]# cat /etc/passwd Khi s hin ln cc thng tin v user nh root:x:0:0:root:/root:/bin/bash bin:x:1:1:bin:/bin:/sbin/nologin daemon:x:2:2:daemon:/sbin:/sbin/nologin adm:x:3:4:adm:/var/adm:/sbin/nologin lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin
Tp tin /etc/shadow
L ni cha mt khu c m ha ca cc ti khon. Cu trc file /etc/shadow :
Trang 19
GVHD: Ths.L Quc Tun
Xem file /etc/shadow :
[root@server1 ~]# cat /etc/shadow Khi ta s quan st c cc ti khon vi mt kh b m ha
root:$1$m3MGmRC/$9NBZi2vWtpngNk.LXrMvn.:14761:0:99999:7::: bin:*:14761:0:99999:7::: daemon:*:14761:0:99999:7::: xfs:!!:14761:0:99999:7::: gdm:!!:14761:0:99999:7::: - Khi quan st file shadow chng cn cho ta bit thm thng tin ti khon c b v hiu ha khng.Nu bt u bng * th ti khon b kha cn nu bt u bng !! th n ch b tm kha thi.Ch khi no bt u bng $ th ti khon mi ht kha.
Tp tin /etc/group
Ngoi cc tp tin cha thng tin v ti khon chng ta cn c gfile cha thng tin v nhm. Cu trc file /etc/group :
Trang 20
GVHD: Ths.L Quc Tun
Xem file /etc/group :
[root@server1 ~]# cat /etc/group root:x:0:root bin:x:1:root,bin,daemon daemon:x:2:root,bin,daemon sys:x:3:root,bin,adm adm:x:4:root,adm,daemon nat:x:500: 2.2.2 Qun l ngi dng
To ti khon ngi dng

Chng ta c th to 1 user bng cch thc hin c php lnh useradd option tn_ti_khon. Vi cc option sau: M t Thit lp th mc home cho ngi dng mc nh khi to 1 ngi dng th s c to 1 th mc trong home/tn login Thit lp ngy ht hn cho ngi dng Thit lp s ngy sau khi passwork ht hn s dng. Thit lp tn group m ngi dng l thnh vin. Thm ngi dng vo cc group.
Ty chn -d homedir -e mm/dd/yy -f days -g group -G group
Trang 21
GVHD: Ths.L Quc Tun

-m -M -s shell -u userid To th mc home cho ngi dng nu n khng c. Khng to th mc home ca ngi dng. Thit lp shell ca ngi dng.Mc nh l /bin/bash Mc nh ly s ID tip theo gn cho user.
[root@server1 ~]# useradd cn06 - Sau khi to ti khon xong chng ta c th ln lt kim tra cc file qun l ngi dng nh: o File /etc/passwd : cn06:x:501:501::/home/cn06:/bin/bash o File /etc/shadow cn06:!!:14840:0:99999:7::: - Mc nh cc ti khon mi lp thng th ti khon ngi dng b disable cho ti khi bn t mt khu cho ti khon . Khi va to ti khon ta kim tra trong /etc/passwd :
cn06:x:501:501::/home/cn06:/bin/bash - Khi to user m khng ch ra home directory th homedir mc nh nm trong th mc home Hay trong /etc/shadow
cn06:!!:14840:0:99999:7::: - Ta thy cn06:!! C ngha ti khon vn b tm kha do chng ta cha t mt khu. Trong /etc/group :
cn06:x:501: Khi to 1 user m khng ch r userID th h thng t t userID>=500. Khi to user vi userID = 0 th n c quyn ngang vi root.
Trang 22
GVHD: Ths.L Quc Tun t mt khu cho ti khon

- s dng c ti khon ta tin hnh t mt khu cho ti khon mi to vi lnh passwd [root@server1 ~]# passwd cn06 Changing password for user cn06. New UNIX password: BAD PASSWORD: it is too simplistic/systematic Retype new UNIX password: passwd: all authentication tokens updated successfully.
- Khi bn t mt khu qu n gin h thng s nhc nh bn bo mt hn.Bn c th thay i mt khu nu thy n qu n gin hay cn thay i.Vic thay i ging nh bn t mi mt khu.
Thay i thng tin ngi dng

- Vic ny cng rt cn thit khi qun tr mng lc ngi dng thay i.Bng cch s dng lnh usermod chng ta c th thay i thng tin ngi dng.Mun bit r lnh ny chng ta dng lnh man usermod : USERMOD(8) NAME usermod - modify a user account SYNOPSIS usermod [options] LOGIN DESCRIPTION The usermod command modifies the system account files to reflect the changes that are specified on the command line. OPTIONS The options which apply to the usermod command are: -a, --append Add the user to the supplemental group(s). Use only with -G option. -c, --comment COMMENT System Management Commands USERMOD(8)
Trang 23
GVHD: Ths.L Quc Tun

The new value of the users password file comment field. It is normally modified using the chfn(1) utility. -d, --home HOME_DIR The users new login directory. If the -m option is given the contents of the current home directory will be moved to the new home directory, which is created if it does not already exist. -e, --expiredate EXPIRE_DATE The date on which the user account will be disabled. The date is specified in the format YYYY-MM-DD. -f, --inactive INACTIVE The number of days after a password expires until the account is permanently disabled. A value of 0 disables the account as soon as the password has expired, and a value of -1 disables the feature. The default value is -1. -g, --gid GROUP : Nh thay i thng tin home directory ca user cn06 l home/userCNTT
[root@server1 ~]# usermod -d /home/userCNTT cn06
Xa ti khon ngi dng

C php : userdel [-r] tn_ti_khon
Vi r s dng khi mun xa lun th mc home ca ngi dng
root@server1 ~]# userdel r cn06
Kha v m kha ti khon ngi dng

- Kha user ta dng lnh : passwd l tn_ti_khon hoc c th dng lnh usermod [root@server1 ~]# passwd -l cn06 Locking password for user cn06. passwd: Success
Trang 24
GVHD: Ths.L Quc Tun

m kha ta dng lnh : passwd u tn_tn_khon
[root@server1 ~]# passwd -u cn06 Unlocking password for user cn06. passwd: Success.
To nhm ngi dng

- Tng t vi ngi dng nhm ngi dng cng c cc lnh tng t. to 1 nhm ta dng lnh sau : groupadd option tn_nhm Vi cc tau chn sau : M t Thit lp gid mi.Mc nh s chonk gid t ng. Mc nh s c gn id ln hn 499 khi s dng ty chn ny cho php thm vo system group thng ID nh hn 499 Khi s dng ty chn ny th h thng s khng bo li nu nh ch nh tn nhm c trong h thng.
Ty chn -g gid -r -f
[root@server1 ~]# groupadd cntt Chng ta tin hnh kim tra trong file /etc/group :
root:x:0:root bin:x:1:root,bin,daemon daemon:x:2:root,bin,daemon .. cn06:x:501: cntt:x:502:
Thay i thng tin nhm

Dng lnh groupmod modify group vi 2 ty chn l: i. g : GID (group ID) ii. n : New group name
Trang 25
GVHD: Ths.L Quc Tun

Thay i tn nhm
[root@server1 ~]# groupmod -n gtvt cntt Thay i gid ca nhm :
[root@server1 ~]# groupmod -g 112 gtvt Xa nhm
[root@server1 ~]# groupdel gtvt
2.2.3 Cc lnh v tp tin v th mc

To th mc : mkdir C php : mkdir tn_th_ mc
V d to th mc c tn cn06
[root@server1 ~]# mkdir cno6
Khi 1 th mc c tn cn06 s c to ra trong th mc hin hnh:
Hnh 3: To th mc
Mun to th mc 1 th mc khc ta thm ng dn ti th mc

[root@server1 ~]# mkdir /root/cno6/cn06a
Xa 1 th mc : rmdir C php : rmdir th_mc
[root@server1 ~]# rmdir /root/cno6/cn06a
V d xa th mc cn06a Thay i th mc : cd ng_dn _ti_th_mc V d : Chuyn n th mc cn06
Trang 26
GVHD: Ths.L Quc Tun

[root@server1 ~]# cd /root/cno6
C 1 s k hiu c bit nh : cd ~ : Chuyn n th mc home. cd / : Chuyn n th mc root. cd : Chuyn n th mc trc ca bn.
cd .. : Chuyn n th mc cha ca th mc hin hnh.

[root@server1 cno6]# cd ~ [root@server1 ~]# cd /root/cno6 [root@server1 cno6]# cd .. [root@server1 ~]#
Hin th thng tin tp tin th mc: ls option tn_file Vi cc ty chn nh sau : Option ngha -L Hin th danh sch tn cc file -l Hin th danh sch file : tn,kch thc, ngy to . -a Lit k tt c cc file bao gm c file n. -R Lit k tt c cc file k c trong th mc con. Xem danh sch cc file trong th mc gc
[root@server1 ~]# ls -l / total 138 drwxr-xr-x drwxr-xr-x drwxr-xr-x drwxr-xr-x 2 root root 4 root root 11 root root 4096 Aug 12 04:29 bin 1024 Jun 1 07:43 boot
4000 Aug 12 01:33 dev
91 root root 12288 Aug 20 09:07 etc
Lit k th mc :
[root@server1 ~]# ls -l /root/cno6/ total 16 -rw------- 1 root root 0 Aug 20 09:35 cn06a
-rw------- 1 root root 16 Aug 20 09:36 cn06b
Trang 27
GVHD: Ths.L Quc Tun

To tp tin Dng lnh echo :
[root@server1 ~]# echo "luan van tot nghiep" >/root/cn06/baocao.txt
thm vo tp tin ny ta dng >>:
[root@server1 ~]# echo "mang may tinh" >>/root/cn06/baocao.txt
Ngoi ra ta cng c th to tp tin rng vi lnh touch :
[root@server1 ~]# touch /root/cn06/baocaothu.txt
Xem ni dung tp tin C nhiu lnh xem tp tin ta c th s dng nhiu lnh : cat,more,less,tail,
[root@server1 ~]# cat /root/cn06/baocao.txt luan van tot nghiep mang may tinh
Sao chp sao chp tp tin ta sng lnh cp
[root@server1 ~]# cp /root/cn06/baocao.txt /root/userCNTT/
- Chng ta c th sng k t ? v * copy nhiu tp tin v th mc. copy th mc ta c th dng ty chn R

[root@server1 ~]# cp -R /root/cn06/ /root/userCNTT/
Di chuyn di chuyn tp tin th mc ta s dng lnh mv
[root@server1 ~]# mv /root/cn06/baocao.txt /root/userCNTT/
- Tng t ta cng di chuyn th mcvi mv.Ta cng c th s dng ? v * di chuyn nhiu tp tin th mc.Ngoi ra vi lnh mv ta cng c th i tn tp tin th mc.
[root@server1 ~]# mv /root/userCNTT/ /root/CNTT/
Xa tp tin : rm Xa tp tin bo co th trong cn06 Trang 28
GVHD: Ths.L Quc Tun

[root@server1 ~]# rm /root/cn06/baocaothu.txt rm: remove regular empty file `/root/cn06/baocaothu.txt'? y
Nu mun xa m khng cn hi ta dng ty chn f
[root@server1 ~]# rm -f /root/cn06/cn06a.txt
Xa th mc rng : rmdir
[root@server1 ~]# rmdir /root/totnghiep [root@server1 ~]# rmdir /root/totnghiep
Xem th mc hin hnh: pwd

[root@server1 ~]# pwd /root
Trnh son tho vi Vi l trnh son tho vn bn, bao gm 2 ch : o Ch son vn bn (insert mode) thay i ni dung file o Ch lnh (command mode) dng cc lnh thot, di chuyn con tr, xa to 1 file ta dng c php sau : #vi tn_tp_tin
[root@server ~]# vi cn06.txt
Khi trnh son tha s xut hin :
- T ch ny ta c th nhn phm a bt u ni thm vn bn vo sau con tr nhn ch i chn k t vo trc con tr. thot khi ch son tho nhn ESC. SVTH: V Cng Dun Nguyn Anh Tun Trang 29
GVHD: Ths.L Quc Tun

Chng ta c cc ch lnh : o :q! o :w o :wq o Dw o d$ o x o dd o ndd o Y Thot khng lu Lu Lu v thot Xa n cui 1 t t v tr con tr Xa t v tr con tr ti cui dng Xa k t ngay ti v tr con tr Xa nguyn dng ti v tr con tr Xa n dng ti v tr con tr Copy dng cha con tr vo clipboard
Lit k file trong th mc C php tng qut :

/sbin/ifconfig /usr/share/man/de/man8/ifconfig.8.gz /usr/share/man/fr/man8/ifconfig.8.gz /usr/share/man/man8/ifconfig.8.gz /usr/share/man/pt/man8/ifconfig.8.gz
#locate tn_file
[root@server ~]# locate ifconfig
Cc lnh iu khin truy cp tp tin v th mc - Trong linux quyn truy cp c chia lm 3 nhm l owner, group v others.Vi 3 quyn l read(r), write(w) v execute (x) c gn cho mi nhm nh bng sau : Owner rwx r Group rwx Others rwx
Quyn truy cp c th gn theo k t hoc s . Theo k t ta c bng sau : Nhng ai c quyn ny th c quyn m v c ni dung tp tin Trang 30
GVHD: Ths.L Quc Tun

w x Nhng ai c quyn ny th c quyn vit v c ni dung tp tin Nhng ai c quyn ny th c quyn thc thi vi tp tin hoc c vi th mc Trng hp gn theo s : 4 2 1 C quyn c C quyn vit C quyn thc thi
a. Thay i quyn truy cp vi chmod: C php tng qut nh sau : chmod [quyn truy cp] [tp tin hoc th mc] Vi quyn truy cp ta c th cng dn cc quyn trn to quyn ln hn.
[root@server ~]# chmod 764 cn06.txt
o 6
7 = 4 + 2 + 1c quyn c vit v thc thi trn owner.
o 6 = 4 + 2 c quyn c v vit trn group. o 4 c quyn c trn others. Chng ta c th sem li quyn tp tin
[root@server ~]# ls -l cn06.txt -rwxrw-r-- 1 root root 26 Sep 12 10:55 cn06.txt
b. Thay i quyn s hu tp tin hay th mc vi chown : C php tng qut : chown [-R] [user:group] filename - Ty chn R c s dng trong trng hp mun chuyn quyn s hu i vi th mc ch nh v tt c tp tin v th mc trong th mc . Chuyn quyn s hu cho user :
[root@server ~]# chown cn06 cn06.txt
Trang 31
GVHD: Ths.L Quc Tun

Chuyn quyn s hu cho user v nhm user :
[root@server ~]# chown cn06:cntt cn06.txt
- Vi lnh ny ta chuyn quyn s hu tp tin cn06.txt cho ngi dng cn06 v nhm cntt. Chuyn quyn s hu cho user nh sau
[root@server ~]# chown cn06 test.txt
c. Thay i nhm s hu tp tin hay th mc vi chgrp : C php tng qut ; chgrp [-R] [groupname] filename - Ty chn R s dng khi mun chuyn quyn s hu i vi th mc v tt c th mc tp tin trong . Chuyn quyn s hu cho nhm ;
[root@server ~]# chgrp cntt cn06.txt
2.2.4 Qun l a v qun l quota

S dng mount v unmount - Trong linux ch c th mc khng c khi nim a nn mun s dng thit b no nh USB hay cdrom th phi gn kt n vo th nc no c th s dng. S dng mount gn kt a. C php tng qut : mount t vfstype devicefile ng_dn_gn_kt Vi cc ty chn nh sau : -t :Gn kt kiu h thng file trn thit b do vfstype quyt nh Vfstype : Bao gm cc h thng file c bn sau : Kiu Auto Msdos ext3 Vfat M t T ng xc nh h thng tp tin H thng tp tin trn Dos H thng tp tin chun ca linux H thng tp tin b tr Windows Trang 32
GVHD: Ths.L Quc Tun

95,98,Me nh dng NTFS ca windows nh dng file truy xut qua mng nh dng h thng file cho cdrom
Ntfs Nfs Iso9660 devicefile : ng dn ti thit b V d : /dev/cdrom
mout a cdrom ta c th lm nh sau:

[root@server ~]# mount /dev/cdrom /mnt/ mount: block device /dev/cdrom is write-protected, mounting readonly
S dng unmount g b gn kt a : unmount device/mountpoint
C php :
[root@server ~]# umount /mnt/
Cc lnh qun l a v phn vng K hiu cc a: K hiu hda hdb hdc hdd sda sdb Cc phn vng : K hiu hda1 hda2 sdc3 Phn vng Phn vng u tin trn a th nht Phn vng th 2 trn a th nht Phn vng th 3 trn a SCSI Primary matter Primary slave Secondary master Secondary slave First SCSI disk Second SCSI disk Thit b
Lnh fdisk : Hin th cc phn vng h thng . Trang 33
GVHD: Ths.L Quc Tun

[root@server ~]# fdisk -l Disk /dev/sda: 21.4 GB, 21474836480 bytes 255 heads, 63 sectors/track, 2610 cylinders Units = cylinders of 16065 * 512 = 8225280 bytes Device Boot /dev/sda1 /dev/sda2 /dev/sda3 / Solaris /dev/sda4 /dev/sda5 * Start 1 7 516 777 777 End 6 515 776 2610 2610 Blocks 48163+ 4088542+ 2096482+ 14731605 14731573+ Id 83 83 82 5 83 System Linux Linux Linux swap Extended Linux
Lnh du : Qun l dung lng a h thng ta dng
[root@server ~]# df -l Filesystem /dev/sda2 /dev/sda5 /dev/sda1 tmpfs /dev/hdc /media/VMware Tools 1K-blocks 3960348 14270000 46633 517620 103324 Used Available Use% Mounted on 2273036 168192 10651 0 103324 1482888 13365232 33574 517620 61% / 2% /home 25% /boot 0% /dev/shm
0 100%
Lnh du : Hin th dung lng file o C php : du sh file
-s : Hin th tng dung lng file -h : In ra kiu dung lng tng file nh
[root@server ~]# du -sh /etc/ 149M /etc/
Gii hn khng gian a vi quota
- Vi mi trng lm vic a nhim, nhiu ngi dng nh Linux m bo

h thng lm vic th vic theo di thng tin s dng file system ca h thng cng
Trang 34
GVHD: Ths.L Quc Tun

nh vic t gii hn s dng file system ca h thng l rt cn thit t bit i vi h thng c dung lng a gii hn v s lng ngi dng. - Quota l mt cng c cho php gii hn user/group s dng ti nguyn a cng c tch hp sn trong Linux. - File /etc/fstab l ni cu hnh nhng phn vng no c t ng mount vo th mc khi h thng boot.
[root@server ~]# cat /etc/fstab LABEL=/ defaults LABEL=/home defaults LABEL=/boot defaults tmpfs defaults devpts gid=5,mode=620 sysfs defaults proc defaults LABEL=SWAP-sda3 0 0 1 1 1 2 1 2 0 0 0 0 0 0 0 0 swap / /home /boot /dev/shm /dev/pts /sys /proc swap ext3 ext3 tmpfs devpts sysfs proc defaults ext3
- bt cng c disk quota cho th mc nh th mc /home bn cn khai bo thm ty chn usrquota.

LABEL=/home defaults,usrquota /home 1 2 ext3
- m bo vic sa trn file fstab c hiu qu ta thc hin mount li th mc home.

[root@server ~]# mount -o remount /home
S dng quotacheck to file quota ca ngi dng hoc nhm.
[root@server ~]# quotacheck avugm quotacheck: Scanning /dev/sda5 [/home] quotacheck: Old group file not found. Usage will not be substracted.
Trang 35
GVHD: Ths.L Quc Tun

Vi cc option sau : Ty chn Chc nng -a Scan tt c h thng tp tin bt quota trong /etc/mtab -v Hin th qu trnh trong khi scan -u Qut quota ca user -g Qut quota ca group -m Remount li he - Sau khi chnh sa tp tin /etc/fstab chng ta cn to tp tin cu hnh cho ngi dng, nhm.Tp tin cho user c tn l aquota.user cn group l aquota.group. Khi ng quota bng lnh quotaon -a
[root@tuan data]# quotaon a
Phn b quota cho user : edquota u cno6 Mt s ty chnh ca lnh edquota Ty chn -u -g -p -t Chc nng Thit lp quota cho ngi dng. Thit lp quota cho nhm ngi dng. Sao chp quota ca user ch nh. Sa gii hn thi gian ca h thng tp tin.
[root@server ~]# edquota -u nat Disk quotas for user cn06 (uid 500): Filesystem inodes soft 75 /dev/sda5 0 hard 0 blocks 740 soft 0 hard 0
Trong : o blocks : S block user ang s dng ti thi im hin ti (1 block=1 kb) o inodes : S file user ang s dng ti thi im hin ti.
- Chng ta c th chnh gii hn mm (soft) v gii hn cng (hard) cho user.Chng ta c th chnh thng s ny theo block hay inode :
Trang 36
GVHD: Ths.L Quc Tun

o soft : Ngi dng s c cnh bo l ti gii hn mm khi s dng ht s block hay inode nhng n vn tip tc c s dng thm cho ti khi ti gii hn cng. o hard : Gii hn s block hay inode m ngi dng c th s dng. - Nh gii hn dung lng mm l 9Mb v gii hn cng l 10Mb ta c th thit lp nh sau :
isk quotas for user cn06 (uid 500): Filesystem inodes soft 75 /dev/sda5 0 0 hard blocks 740 soft 9000 hard 10000
Trang 37
GVHD: Ths.L Quc Tun
Chng 3: Dynamic Host Configuration Protocol (DHCP)

Trong chng ny, chng em s trnh by nhng kin thc c bn v DHCP, cng nh cch trin khai DHCP trn my ch Linux, khi , cc host (Windows hoc Linux) u c th gi yu cu n my ch DHCP xin cc thng s mng.
3.1 DHCP l g?
DHCP l mt trong nhng giao thc c bn v cng l quan trng nht khi qun tr mng. DHCP chy trn my tnh server, lm c th s qun l t ng ho v tp trung ho ca cc a ch IP v s thit lp cu hnh TCP/IP cho cc mng host. Vic s dng DHCP cp a ch IP t ng cho host trong mng thay v phi cu hnh a ch IP cho tng my ring l bng a ch IP gip gim thiu rt nhiu thi gian cu hnh Host cho ngi qun tr mng. DHCP da vo giao thc BOOTP, trong DHCP s dng UDP port 67, BOOTP server s dng UDP port 68. DHCP h tr ba k thut cp a ch IP: T ng gn a ch IP vnh vin cho host. T ng gn a ch IP cho host nhng trong khong thi gian nht nh (lease). Gn a ch th cng (cho php ngi qun tr gn a ch cho host bng tay).
3.1.1 u im ca DHCP Khc phc c tnh trng ng a ch IP v gim chi ph qun tr cho h thng mng. Gip cho cc nh cung cp dch v (ISP) tit kim c s lng a ch IP tht (public IP). Ph hp vi cc my tnh thng xuyn di chuyn qua li gia cc mng. Kt hp vi h thng mng khng dy (Wireless) cung cp cc im Hostpot nh: nh ga, sn bay, trng hc,
Trang 38
GVHD: Ths.L Quc Tun
Trang 39
GVHD: Ths.L Quc Tun
3.1.2 nh dng mt gi tin DHCP
Hnh 4: nh dng gi tin DHCP
Trong : Code ch r mt request hay reply 1: Request 2: Reply HWtype a ch phn cng: 1: Ethernet 6: IEEE 802 Length Hops Transaction ID Chiu di a ch phn cng (byte) Khi gi t client, n c gi tr l 0, c tng dn qua mi Router (s dng DHCP Rely Agent). Mt s ngu nhin dng so snh request vi hi p
Trang 40
GVHD: Ths.L Quc Tun

Seconds Client IP address Your IP address Client hardware Cc loi gi tin DHCP DHCPDISCOVER: client gi Broadcast tm DHCP server c trn mng. DHCPOFFER: hi p gi DHCPDISCOVER ca server cho client ngh a ch IP v cc thng s khc. DHCPREQUEST: gi tin t client v mt trong nhng l do sau: IP). DHCPNACK: thng bo t chi ca server cho client (khi ht hn hoc a ch IP c yu cu khng hp l). DHCPDECLINE: gi tin c gi t client thng bo a ch m server ngh c s dng. DHCPINFORM: gi tin c gi t client cho bit c a ch IP v yu cu thm nhng thng s khc t DHCP server. Yu cu cc thng s t DHCPOFFER ca mt server v t chi cc server khc (nu c). Xc nhn a ch IP c cp sau khi h thng hoc mng thay i Yu cu m rng cho a ch IP xc nh Thit lp bi client - thi gian cn li k t khi client bt u qu trnh gi gi tin. Thit lp bi client, l a ch IP m n bit hoc 0.0.0.0 Thit lp bi server nu client ip address l 0.0.0.0 Thit lp bi client xc nhn a ch MAC ca n.
DHCPACK: mt thng bo t server cho client cng cc thng s (bao gm a ch
Trang 41
GVHD: Ths.L Quc Tun

C ch cp ach IP ca DHCP:
Hnh 5: Cc bc cp a ch IP
Giao thc DHCP lm vic theo m hnh client/server. Theo , qu trnh tng tc gia DHCP client v server din ra theo 4 bc sau y : a. IP lease request b. IP lease offer c. IP lease selection d. IP lease acknowledgement C th tm tt cc bc trn nh sau : IP Lease Request u tin, client s broadcast mt message tn l DHCPDISCOVER, v client lc ny cha c a ch IP cho nn n s dng mt a ch source(ngun) l 0.0.0.0 v cng v client khng bit a ch ca DHCP server nn n s gi n mt a ch broadcast l 255.255.255.255. Lc ny gi tin DHCPDISCOVER ny s broadcast
Trang 42
GVHD: Ths.L Quc Tun

ln ton mng. Gi tin ny cng cha mt a ch MAC v tn ca my client DHCP server c th bit c client no gi yu cu n. IP Lease Offer Nu c mt DHCP hp l (ngha l n c th cp a ch IP cho mt client) nhn c gi tin DHCPDISCOVER ca client th n s tr li li bng mt gi tin DHCPOFFER, gi tin ny i km theo nhng thng tin sau: + MAC address ca client. + Mt IP address cp cho (offer IP address). + Mt subnet mask. + Thi gian thu (mc nh l 8 ngy) . + a ch IP ca DHCP cp IP cho client ny. Lc ny DHCP server s c gi li mt IP offer (cp) cho client n khng cp cho DHCP client no khc. DHCP client ch mt vi giy cho mt offer, nu n khng nhn mt offer n s rebroadcast (broadcast gi DHCPDISCOVER) trong khong thi gian l 2-, 4-, 8v 16- giy, bao gm mt khong thi gian ngu nhin t 0 - 1000 mili giy. Nu DHCP client khng nhn mt offer sau 4 ln yu cu, n s dng mt a ch IP trong khong 169.254.0.1 n 169.254.255.254 (i vi cc client s dng cc h iu hnh Windows) vi subnet mask l 255.255.0.0. N s s dng trong mt s trong khong IP v vic s gip cc DHCP client trong mt mng khng c DHCP server thy nhau. DHCP client tip tc c gng tm kim mt DHCP server sau mi 5 pht.
Trang 43
GVHD: Ths.L Quc Tun
IP Lease Selection DHCP client nhn c gi tin DHCPOFFER th n s phn hi broadcast li mt gi DHCPREQUEST chp nhn ci offer . DHCPREQUEST bao gm thng tin v DHCP server cp a ch cho n. Sau , tc c DHCP server khc s rt li cc offer (trng hp ny l trong mng c nhiu hn 1 DHCP server) v s gi li IP address cho cc yu cu xin IP address khc. IP Lease Acknowledgement DHCP server nhn c DHCPREQUEST s gi tr li DHCP client mt DHCPACK cho bit l chp nhn cho DHCP client thu IP address . Gi tin ny bao gm a ch IP v cc thng tin cu hnh khc (DNS server, WINS server... ). Khi DHCP client nhn c DHCPACK l lc kt thc qu trnh .
3.2 Ci t DHCP
Quy c:
Vic ci t cc ng dng hay cc cng c c th thc hin theo nhiu cch: thng qua cc gi ci t, qua internet, qua cc trnh qun l phn mm tch hp sn trong mi h iu hnh. Tuy nhin, trong ti liu nghin cu ny, chng em thng nht ch ci t thng qua cc gi phn mm i km theo a DVD h iu hnh. Tc l ci t qua command-line.
cu hnh DHCP server, ta cn ci t gi DHCP 1v m bo c kt ni vt l gia DHCP server v client. Nhng cng vic ti thiu m bo dch v DHCP c cu hnh thnh cng: 1
Firewall c cu hnh cho php cc gi tin DHCP. Cu hnh file /etc/dhcpd.conf. Dch v dhcpd c chy trn DHCP server.
Cc gi dch v nh DHCP, DNS trn Linux c qun l v pht trin bi t chc Internet Systems
Consortium. Thng tin thm ti http://www.isc.org/
Trang 44
GVHD: Ths.L Quc Tun

Trc ht, ta mount a DVD Fedora vo:
[root@server2 ~]# mount /dev/cdrom /mnt/ mount: block device /dev/sr0 is write-protected, mounting readonly
Ci t gi DHCP c sn trn a c mount:

[root@server2 ~]# rpm -ivh /mnt/Packages/dhcp-4.1.115.fc13.i686.rpm Preparing... ########################################### [100%] 1:dhcp ########################################### [100%]
Lu :
Ngoi gi dhcp ra, trn my ch cn cn thm gi dhclient (dhclient cung cp dch v cho client truy vn DHCP server), nu khng s bo li khi khi ng dch v DHCP.
3.3 Cu hnh DHCP server

Cc file lin quan n dch v DHCP: File quan trng nht, tt nhin l file cu hnh DHCP: /etc/dhcpd.conf. Khi ci t DHCP, ta c th tham kho file cu hnh mu ti /usr/share/doc/dhcp-*/dhcpd.conf.sample. /etc/sysconfig/dhcpd: cho php truyn chnh xc cc ty chn command-line ti dhcp daemon. V d, s dng ty chn hn ch interface no c lng nghe cc DHCP request. /var/lib/dhcpd/dhcpd.lease: lu tr tt c cc client ang thu a ch IP t server. Di y l file cu hnh mu:
ddns-update-style ignore subnet { interim;
client-updates; 172.16.1.0 netmask 255.255.255.0
Trang 45
GVHD: Ths.L Quc Tun

option option option option range routers 172.166.1.0; domain-name-servers 172.16.1.2;
subnet-mask 255.255.255.0; domain-name "cn06.com"; 172.16.1.10 172.16.1.100; 21600;
default-lease-time max-lease-time # Set name server {
43200; to appear at a fixed address
host
uclient
#next-server hardware
ns1.cn06.com; 00:D0:B3:79:B5:35;
ethernet
fixed-address } }
172.16.1.254;
3.3.1 Cc khai bo Group: Mt vi host c chung mt vi tham s ring c th c hp thnh mt nhm ring c chung cc khai bo Global v nhng tham s ring c khai bo trong Group. Host: c s dng p dng mt danh sch cc tham s cho mt host xc nh. Nhng host ny vn ly nhng tham s global v nhng tham s ring trong phn khai bo dnh cho host. Subnet: c s dng p dng cc tham s cho mt h thng khi h thng ny truy vn DNS server yu cu cung cp a ch IP v cc thng tin khc. Cc tham s: Dns-update-style interim: kiu Dynamic DNS (DDNS) c s dng ni chuyn vi DNS server. Mc nh l interim. Option routers: a ch ca Default Gateway
Trang 46
GVHD: Ths.L Quc Tun

Option subnet-mask: ch cho client bit s dng subnet mask no. Option domain-name-servers: danh sch DNS server c s dng trong mng client c th truy vn ti. Option domain-name: ni cho client bit n s tham gia vo domain no. Range: dy a ch IP m client c th nhn c. Default-lease-time: thi gian mc nh client c php thu a ch IP m client khng cn phi request xin li IP. Max-lease-time: thi gian ti a client c DHCP server cho thu a ch IP. Server-name: cho client bit server no ang boot. Fixed-address: thng c s dng vi khai bo Host, gn a ch IP c nh cho mt client vi mt Hardware c khai bo trc. Hardware: thng c s dng vi khai bo Host ch r a ch MAC ca client. Cng vic cui cng l kim tra cu hnh v bt dch v DHCP chy cng h thng:
[root@server2 ~]# service dhcpd configtest Syntax: OK [admin@server2 ~]$ chkconfig dhcpd on [root@server2 ~]# chkconfig --list dhcpd dhcpd 0:off 1:off 2:on 3:on 4:on 5:on 6:off
[root@server2 ~]# service dhcpd start
Trong : Service dhcpd configtest: cu lnh ny gip kim tra vic cu hnh file dhcpd.conf ng hay cha. Chkconfig dhcpd on: bt DHCP chy khi h thng ang boot. Service dhcpd start | stop | restart: khi ng | tt | khi ng li dch v. Vic DHCP server chy trn nn tng h iu hnh no khng quan trng, v th khi kim tra trn mt my client Windows, nhng tham s c cu hnh trn DHCP server hon ton c client chp nhn.
Trang 47
GVHD: Ths.L Quc Tun
Hnh 6. a ch IP trn client
3.4 Kt lun
DHCP cung cp gii php qun l v phn phi a ch IP cho cc client tp trung gip cc client chy nhanh hn v dnh t thi gian nht cho vic khai bo cc tham s cn thit cho client. DHCP cung cp cho mt dy cc client rt nhiu thng tin nh a ch IP, domain name, DNS server, SMTP server, POP server, NTP server, hoc cung cp cho tng client ring bit m khng cn cu hnh bng tay trn client .
Trang 48
GVHD: Ths.L Quc Tun
Chng 4: Domain Name System (DNS)

Trong chng ny, chng em s trnh by nhng kin thc c bn v DNS, cc thng s nh m hnh phn cp, cc zone, cc ty chn khi trin khai DNS trn my ch Linux.
4.1 DNS l g?
Ban u do quy m mng Arpanet cn nh, ch vi trm my, nn vic qun l tn my kh n gin, v ch da vo tp tin n hosts.txt 2lu thng tin v nh x tn my thnh a ch IP. Tuy nhin vi s pht trin chng mt ca Internet, vic s dng a ch IP bng n, s dng file hosts.txt ngy cng khng p ng c nhu cu v tn ti cc nhc im sau: Lu lng mng v my ch duy tr file hosts.txt b qu ti do hiu ng C chai Xung t tn: Khng th c 2 my tnh c cng tn trong file host.txt Khng m bo s ton vn : vic duy tr 1 file trn mng ln rt kh khn.
T , mt khi nim mi c ra i nhm khc phc cc nhc im ca hosts.txt ng thi p ng nhu cu pht trin ngy cng mnh m ca mng Internet, l: Domain Name System (DNS).
Tuy nhin, trong cc mng nh khi vic qun l tn my khng qu phc tp v tn thi gian, cng sc vn c th s dng tp tin hosts.txt ny. Trn Windows, file ny nm ti: WINDOWS\system32\drivers\etc, cn Linux ti /etc/hosts
M hnh phn cp ca DNS M hnh cy phn cp ca DNS kh ging vi rt nhiu k thut, h thng c s dng trong mi trng mng (v d: h thng qun l file ca Linux,). Vic chia h thng ra lm nhiu cp bc gip vic qun l tr nn d dng hn khi mi cp bc c gii hn v chu trch nhim trc tip trong gii hn ca mnh.
Tp tin hosts.txt c duy tr bi Network Information Center (NIC) v phn phi qua FTP
Trang 49
GVHD: Ths.L Quc Tun
Hnh 7. M hnh phn cp DNS
V tr cao nht trong cy phn cp DNS l Root, Root Server 3chu trch nhim chnh trong vic ch r DNS server no chu trch nhim cho Top-level domain. T root phn nhnh ra thnh nhiu top-level domain, ri t mi min ny li phn chia ra nhiu nhnh gi l min con (subdomain). Tn domain ch ra v tr ca n trong CSDL DNS. Trong DNS tn min l chui tun t cc tn nhn ti nt i ngc ln nt gc ca cy v phn cch nhau bi du chm. Vic phn cp domain c th theo tn t chc hoc theo tn quc gia: Tn min .aero .com .org .net .edu .gov .mil .vn .jp .us
3
M t Hng khng Cc t chc, cng ty Cc t chc phi li nhun Cc trung tm h tr mng Cc t chc gio dc Thuc chnh ph Cc t chc qun s Tn min thuc Vit Nam Tn min thuc Nht bn Tn min thuc M
Root server qun l cc nameserver mc top-level domain. Hin nay c 13 root server chu trch nhim
tr li cc request trn ton th gii
Trang 50
GVHD: Ths.L Quc Tun
C ch phn gii tn V d di y m t qu trnh phn gii tn grigiri.gbrmpa.gov.au sang a ch IP thng qua cc DNS server trn Internet.
Hnh 8. C ch phn gii tn
Client s gi yu cu cn phn gii a ch IP ca my tnh c tn girigiri.gbrmpa.gov.au n name server cc b. Khi nhn yu cu t resolver, Nameserver cc b s phn tch tn ny v xt xem tn min ny c do mnh qun l hay khng. Nu nh tn min do server cc b qun l, n s tr li a ch IP ca tn my ngay cho resolver. Ngc li, server cc b s truy vn n mt Root Name Server gn nht m n bit c. Root Name Server s tr li a ch IP ca Name Server qun l min au. My ch name server cc b li hi tip name server qun l min au v c tham chiu n my ch qun l min gov.au. My ch qun l gov.au ch dn my name server cc b tham chiu n my ch qun l min gbrmpa.gov.au. Cui cng my name server cc b truy vn my ch qun SVTH: V Cng Dun Nguyn Anh Tun Trang 51
GVHD: Ths.L Quc Tun

l min gbrmpa.gov.au v nhn c cu tr li. Cc loi truy vn : truy vn c th 2 dng : Truy vn quy (recursive query) : Khi nameserver nhn c truy vn dng ny, n bt buc phi tr v kt qu tm c hoc thng bo li nu nh truy vn ny khng phn gii c. Nameserver khng th tham chiu truy vn n mt name server khc. Nameserver c th gi truy vn dng quy hoc tng tc n nameserver khc nhng n phi thc hin cho n khi no c kt qu mi thi. Truy vn tng tc (interactive query): khi nameserver nhn c truy vn dng ny, n tr li cho resolver vi thng tin tt nht m n c c vo thi im lc . Bn thn nameserver khng thc hin bt c mt truy vn no thm. Thng tin tt nht tr v c th ly t d liu cc b (k c cache). Trong trng hp nameserver khng tm thy trong d liu cc b n s tr v tn min v a ch IP ca nameserver gn nht m n bit. Phn gii IP thnh tn my: nh x a ch IP thnh tn my tnh c dng din dch cc tp tin log cho d c hn. N cn dng trong mt s trng hp chng thc trn h thng UNIX (kim tra cc tp tin .rhost hay host.equiv). Trong khng gian tn min ni trn d liu -bao gm c a ch IP- c lp ch mc theo tn min. Do vi mt tn min cho vic tm ra a ch IP kh d dng. c th phn gii tn my tnh ca mt a ch IP, trong khng gian tn min ngi ta b sung thm mt nhnh tn min m c lp ch mc theo a ch IP. Phn khng gian ny c tn min l in-addr.arpa. Mi nt trong min in-addr.arpa c mt tn nhn l ch s thp phn ca a ch IP. V d min in-addr.arpa c th c 256 subdomain, tng ng vi 256 gi tr t 0 n 255 ca byte u tin trong a ch IP. Trong mi subdomain li c 256 subdomain con na ng vi byte th hai. C nh th v n byte th t c cc bn ghi cho bit tn min y ca cc my tnh hoc cc mng c a ch IP tng ng.
Trang 52
GVHD: Ths.L Quc Tun

Lu khi c tn min a ch IP s xut hin theo th t ngc. V d nu a ch IP ca my winnie.corp.hp.com l 15.16.192.152, khi nh x vo min inaddr.arpa s l 152.192.16.15.in-addr.arpa. Fully qualified domain names (FQDN) Mi nt trn cy phn cp c mt tn gi, ring vi root c biu din bi du chm (.). Khi , mt tn min y tn gi c vit ngc t di ln gc, mi tn phn bit vi nhau bi du chm. Tn min c du chm xut hin sau cng c gi l tn min tuyt i, hay tn min y c chng nhn (FQDN). V d: Tn min: mail.server1.cn06.com. l mt tn min FQDN Lu :
Thng thng ta khng cn g du chm ng sau mi tn min, nh vy l cha y , tuy nhin DNS resolver c th t ng thm du chm vo trc v sau tn min m ta g (v d: server1.cn06.com s tr thnh .server1.cn06.com.).
Phn loi Domain Name Server: C ba loi Domain Name Server phc v phn gii tn min: Primary Name Server: Hay cn gi Master Server chu trch nhim chnh lu gi ton b thng tin v cc zone. Mi min phi c mt Primary Name Server. Ngi qun tr DNS s t chc nhng tp tin CSDL trn Primary Name Server. Server ny c nhim v phn gii tt c cc my trong min hay zone. Secondary Name Server: Hay cn gi l Slave Name Server - c s dng sao lu cho Primary Name Server. C th c mt hay nhiu Secondary Name Server. Theo mt chu k, Secondary s copy nhng file CSDL t Primay Name Server. Caching Name Server:
Trang 53
GVHD: Ths.L Quc Tun

Cng l mt DNS server nhng khng c bt k file CSDL no. N c s dng phn gii tn my trn nhng mng xa thng qua nhng Name Server khc: Lm tng tc phn gii bng cch s dng Cache. Gim bt gnh nng phn gii tn my cho Name Server. Gim vic lu thng trn nhng mng ln.
4.2 Ci t DNS
Cc gi cn thit: bind-9.7.0-9.P1.fc13.i686.rpm bind-chroot-9.7.0-9.P1.fc13.i686.rpm bind-libs-9.7.0-9.P1.fc13.i686.rpm bind-utils-9.7.0-9.P1.fc13.i686.rpm Cc file cu hnh: Tp tin cu hnh chnh: named.conf Tp tin phn gii thun: cn06.com.db, localhost.db Tp tin phn gii nghch: cn06.com.rev, 127.0.0.rev Th mc lm vic: /etc/: cha tp tin cu hnh chnh named.conf. /var/named/: cha cc tp tin cu hnh phn gii thun v nghch. Ch :
Gi bind-chroot-9.7.0-9.P1.fc13.i686.rpm cho php ngi qun tr mng lm vic vi cc tp tin cu hnh DNS an ton hn, bng cch ch to ra mt th mc m ch c cc user c quyn ca root mi c php truy cp; v tt c cc tp tin lin quan n DNS phi c lu vo th mc ny. l /var/named/chroot/etc/ cha tp tin named.conf; /var/named/chroot/var/named/ - cha ton b tp tin cu hnh.
4.3 Cu hnh DNS server

Vic ci t mt DNS server da trn nguyn tc cu hnh cc tp tin trn. l nhng tp tin quan trng nht lin quan n cng vic ca mt DNS server. SVTH: V Cng Dun Nguyn Anh Tun Trang 54
GVHD: Ths.L Quc Tun

u tin ta s nh ngha Primary zone trong named.conf:
options { listen-on port 53 { any; }; listen-on-v6 port 53 { any; }; directory "/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; notify yes; }; zone "." in { type hint; file "root.hints"; }; zone "cn06.com" { type master; file "cn06.com.db"; }; # Zone in-addr.arpa domain, cho cn06.com domain. zone "1.16.172.in-addr.arpa" { type master; file "cn06.com.rev"; };
V d trn cho ta bit Name Server phc v cho domain cn06.com, cc tp tin c s d liu root.hints, cn06.com.db, cn06.com.rev c lu tr trong /var/named/ Zone . Khi cn s truy vn n tp tin root.hints 4 y l tp tin cha cc root server chu trch nhim qun l ton b request trn ton th gii. Zone cn06.com: y l domain chnh m DNS server ca chng ta s qun l. Khi cn n s truy vn n tp tin cn06.com.db cha cc tn phn gii thun cho domain. Zone 1.16.172.in-addr.arpa: truy vn n cn06.com.rev cha tn phn gii nghch ca domain. Cc ty chn trn cng cho php my ch chp nhn mi request t client gi n port 53. Lu :
Type cho cc zone l master do y l Master server, ch tr khi ta cu hnh trn secondary server th th type s l slave.
Cc Record: Mi record c nhng trng sau y:

4
Tp tin root.hints c th tm ti: http://www.internic.net/zones/named.root
Trang 55
GVHD: Ths.L Quc Tun

Name - domain name hoc a ch IP. TTL - Time to live. Class - lun lun l IN cho Internet. Type kiu Record. Data mi kiu record c nhng kiu d liu khc nhau. Cu hnh tp tin phn gii thun cn06.com.db:
$TTL 1W @ IN SOA dns.cn06.com. 2009123100 3H 30M 2W 1W) IN IN dns server server1 server2 server3 server4 proxy smtp www ftp IN IN IN IN IN IN IN IN A A A A CNAME server1 CNAME CNAME CNAME server3 server3 server3 ;mail server ;web server ;ftp server 172.16.1.1 172.16.1.2 172.16.1.3 172.16.1.4 IN NS MX A 10 root ( ; serial ; refresh (3 hours) ; retry (30 minutes) ; expiry (2 weeks) ; minimum (1 week) server2.cn06.com. server3.cn06.com. 172.16.1.2 ; primary name
Tp tin phn gii nghch cn06.com.rev:

$TTL 1W @ IN SOA 3H 30M 2W 1W) IN 1 IN PTR dns.cn06.com. ; serial root ( 2009123100
; refresh (3 hours) ; retry (30 minutes) ; expiry (2 weeks) ; minimum (1 week) NS dns.cn06.com. server1.cn06.com.
Trang 56
GVHD: Ths.L Quc Tun

2 3 4 IN IN IN PTR PTR server2.cn06.com. smtp.cn06.com. PTR 2k3.cn06.com.
ngha cc Resource Record DNS: IN: cho name server bit y chnh l record Internet. @: chnh l domain c khai bo trong named.conf. Nh v d trn, domain l cn06.com., do vy mi hostname c khai bo sau ny khng cn ghi y tn theo dng FQDN. dns.cn06.com. l FQDN ca name server cho domain. Root: a ch e-mail cho ngi qun tr domain. Ta c th thay bng tn khc v d nh admin.cn06.com. - a ch e-mail nh vy thiu du @, nhng thc ra n c thay bi du chm. v a ch tht s l admin@cn06.com. SOA (Start of Authority): Trong mi zone ch c duy nht mt record SOA. SOA ch ra rng my ch Name Server l ni cung cp thng tin tin cy t d liu c trong Zone. Cc thng s c khai bo sau ch c tc dng khi trong domain c secondary server: Serial number: Khi mt Slave Nameserver kt ni vi Master Server ly d liu, trc tin n s kim tra s Serial, nu s Serial ca master ln hn tc l d liu ht hn s dng v n s load li d liu mi. v vy khi ta cp nht d liu trn name server ta tng s serial. Thng thng nh dng theo thi gian YYYYMMDDNN V d: 2010042401 Refresh number: khong thi gian m Slave bit phi kim tra li d liu c cn s dng c khng. V d: 28800; Refresh sau 8 gi Retry number: Nu Slave khng th kt ni vi Master Nameserver sau mt khong thi gian Refresh th n s c gng kt ni li sau retry giy. Gi tr ny nh hn gi tr Refresh. V d: 14400; Retry sau 4 gi Expiry number: nu Slave khng th kt ni vi Master server sau khong thi gian Expire (giy) ny, th slave s khng tr li cho vng d liu khi c SVTH: V Cng Dun Nguyn Anh Tun Trang 57
GVHD: Ths.L Quc Tun

truy vn, v n cho rng d liu ny qu c. Gi tr ny phi ln hn gi tr Refresh v Retry. V d: 3600000; 1000 gi~ 42 ngy Time-to-live number: thi gian d liu c lu trn Caching Server - gi tr ny c dng cho tt c cc Resource Record trong c s d liu. Gi tr ny cho nhng server khc Cache li d liu trong 1 khong thi gian nht nh TTL. V d : 86400; TTL l 1 ngy NS (Name Server): Record tip theo cn c trong Zone l NS Record. Mi Name Server cho zone s c 1 NS record. Record ny xc nh tn cc server chu trch nhim qun l cc record trong domain. A: nh x tn sang a ch IPv4. AAAA: nh x tn sang a ch IPv6. CNAME (Canonical Name): Record ny to tn b danh Alias tr vo mt tn Canonical. Tn Canonical l tn host trong Record A hoc li tr vo 1 tn Canonical khc. MX (Mail Exchanger): DNS dng record MX thng bo cho cc site khc mail server ca mnh. PTR(Pointer): dng nh x a ch sang tn. Nh vy chng ta hon thnh vic tm hiu cng nh ci t cc tp tin cu hnh cho DNS. Cng vic cui cng l kim tra v khi ng dch v.
4.4 Khi ng dch v

[root@server2 ~]# chkconfig named on [root@server2 ~]# service named start Starting named: [ OK ]
4.5 Cc cng c kim tra DNS

Host: truy vn tn cng nh a ch IP ca host, c th c nhiu ty chn m rng kh nng ca lnh host, tuy nhin dng c bn nht:
[root@server2 ~]# host smtp.cn06.com smtp.cn06.com is an alias for server3.cn06.com.
Trang 58
GVHD: Ths.L Quc Tun

server3.cn06.com has address 172.16.1.3 [root@server2 ~]# host 172.16.1.3 3.1.16.172.in-addr.arpa domain name pointer smtp.cn06.com.
Dig: dng thu thp thng tin v cc DNS server c trong domain
dig @server [tn domain] kiu truy vn (tn record: A, SOA,)
V d:
[root@server2 ~]# dig @server2 cn06.com A ; <<>> DiG 9.7.0-P1-RedHat-9.7.0-9.P1.fc13 <<>> @server2 cn06.com A ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 25906 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0 ;; QUESTION SECTION: ;cn06.com. IN A
Nslookup: cho php tm kim thng tin v host trn nhiu nn h iu hnh V d:
[root@server2 ~]# nslookup > smtp.cn06.com Server: 127.0.0.1 Address: 127.0.0.1#53 smtp.cn06.com canonical name = server3.cn06.com. Name: server3.cn06.com Address: 172.16.1.3 > > 172.16.1.1 Server: 127.0.0.1 Address: 127.0.0.1#53 1.1.16.172.in-addr.arpa name = server1.cn06.com.
Vic ci t DNS server trn h iu hnh no hon ton khng nh hng n vic truy vn thng tin host.
Trang 59
GVHD: Ths.L Quc Tun
Hnh 9. Truy vn DNS trn Windows XP
4.6 Kt lun
Trong chng ny, chng em trnh by hiu bit c bn v dch v DNS cng nh ci t, cu hnh DNS server trn h thng Linux thng qua gi BIND, cc cng c hu hiu trong vic thu thp thng tin v hostname, a ch IP, Mt iu cn phi nhc ti l BIND c pht trin v cp nht ti ww.isc.org. V l do bo mt, nn ci t cc gi BIND phin bn 9 tr ln.
Trang 60
GVHD: Ths.L Quc Tun
Chng 5: Bo mt Linux
Khi thit lp qun tr h thng, ngoi mc ch trin khai cc dch v, vn hnh h thng mt cch trn tru v ti u ha h thng, cn mt vn rt quan trng cn lu tm ti; l bo mt h thng. Nhim v quan trng trong vic trin khai bo mt l: - Bo v tnh ton vn (integrity) ca d liu, bo m s nht qun ca d liu trong h thng. Cc bin php a ra ngn chn c vic thay i bt hp php hoc ph hoi d liu. - Bo v tnh b mt, gi cho thng tin khng b l ra ngoi. - Bo v tnh kh dng, tc l h thng lun sn sng thc hn yu cu truy nhp thng tin ca ngi ding hp php. - Bo v tnh ring t: m bo cho ngi s dng khai thc ti ngun ca h thng theo ng chc nng, nhim v c phn cp, ngn chn c s truy nhp thng tin bt hp php. - Hn ch n mc ti a nhng cuc xm hi t c bn trong ln bn ngoi ti h thng. Nht l trong mi trng hin nay, khi nhu cu truy cp Internet l khng th thiu trong bt c c quan, t chc no. C th c nhiu bin php c th trin khai trn mt h thng, nhng khng c bin php no l hon ho c. Mi bin php u c nhng u/nhc im ring. Do , vic dng mt hay nhiu bin php ty thuc vo yu cu c th.
Linux liu c bo mt?

Cu tr li l khng5. Sau y l mt vi l do: - Ging nh UNIX, Linux c ti u ha sao cho vic s dng thun tin nht v th thit lp bo mt trong Linux khng d dng. Trit l ca Linux nhn mnh vo vic d dng qun l v s dng d liu trong mi trng a ngi dng. - Nu c trin khai cn thn, Linux s l h thng bo mt hiu qu. Khi truy cp h thng, hoc bn l ngi dng c quyn hn rt hn ch, hoc bn l root. Ngoi ra, vic thc thi SETUID, SELinux cng lm vic iu khin truy cp h thng an
5
Tr.709 - Linux Administration Handbook
Trang 61
GVHD: Ths.L Quc Tun

ton hn. Nhng trong hu ht trng hp nhng sai st nh trong bo mt vn c th lm tn hi ton b h thng. - Cc bn phn phi Linux hu ht c pht trin bi cng ng nhng lp trnh vin ln - vi s chnh lch v kin thc cng nh kinh nghim rt ln. iu ny lm nhng tnh nng c ng dng cho Linux c th tn ti nhng l hng bo mt. V cn mt iu cn lu tm na l: h thng cng bo mt bao nhiu, s thun tin cho ngi dng cng gim by nhiu. iu ny c th biu din nh cng thc sau :
Trn Linux hin nay c rt nhiu chng trnh Firewall, tuy nhin Iptables c la chn nhiu hn c. Di y l bng iu tra trn trang http://distrowatch.com
Tham kho thm ti:

http://distrowatch.com/dwres.php?resource=firewalls
Gii thiu h thng Firewall dng Iptables

Iptables l mt phn mm ngun m c s dng ph bin khi trin khai Firewall trn h thng Linux. Iptables ch xut hin trn cc bn phn phi Linux t
Trang 62
GVHD: Ths.L Quc Tun

phin bn nhn 2.4.x tr v sau. Thng thng, khi ci t cc bn phn phi Linux nh Red Hat, Fedora (d n ngun m ca Red Hat), CentOS, Suse... th mc nh Iptables c ci t sn. Tng la c xy dng trn iptables gm hai phn: Netfiter v Iptables. Netfilter c nhim v lc gi tin mc IP. Netfilter lm vic trc tip trong nhn nn c tc x l nhanh v khng lm gim tc h thng. Iptables nm ngoi nhn chu trch nhim giao tip gia ngi dng v Netfilter, dng y cc lut ca ngi dng cho Netfilter x l. Netfilter cng cc module Firewall hot ng ti tng Kernel, st vi tng vt l (gm CPU, b nh v cc thit b ngoi vi) cho tc cao, cn iptables hot ng tng Applications h tr ngi dng qun l cc lut ca Firewall.
Hnh 10: M hnh h thng Firewall.
Iptables cn c bit n l mt Statefull Firewall. Statefull Firewall l mt Firewall c kh nng theo du cc kt ni TCP hnh thnh. Kt ni TCP bao gm mt chui cc gi tin cha thng tin v a ch ngun, a ch ch, cng ngun, cng ch v mt s (sequence number) tp hp gi tin li m khng mt d liu. Bng cch theo di header ca gi tin TCP, b lc statefull c th xc nh gi tin TCP nhn c c phi l mt phn ca kt ni to hay khng v quyt nh xem chp nhn hay hy b gi tin . Trn nn tng Firewall dng phn mm iptables th Statefull Firewall cn phi c hai thnh phn: Kernel Space (gm Netfilter v cc module Firewall h tr bn trong Kernel) v User Space (gm iptables dng khai thc cc module trn).
Trang 63
GVHD: Ths.L Quc Tun

Iptables c th lc gi tin da trn a ch, cng, giao thc, thi gian, trng thi kt ni, c im ca thng tin trn gi tin. Tuy nhin, do hot ng tng Transport trong m hnh TCP/IP, nn iptables ch c kh nng lc v gii hn da trn gi tin, khng th can thip su vo tng Application nh gii hn bng thng khi truy cp web hoc chng th rc. Mt im yu na l iptables khng tch hp VPN nh nhng phn mm tng la thng c dng trn h thng Windows. Ngoi tnh nng lc gi tin, iptables cn cung cp vi tnh nng khc nh NAT (Network Address Translation) v rate limit. Rate limit rt hu ch trong vic chng DoS (Denial of Service) nh SYN flood. Ngoi ra, iptables cn c kh nng lc gi tin da trn a ch MAC, y l mt t im m phn ln cc tng la trn h thng Windows cha c tch hp. Mt tnh nng khng th thiu khi trin khai Firewall trn iptables l ghi nhn s kin. Cng nh nhng phn mm tng la khc, iptables h tr ghi nhn s kin vi ty chn LOG nhm theo di hot ng vo ra Firewall ca cc gi tin.
Cc thnh phn ca Iptables

M hnh qun l iptables da trn cc bng (table) v cc tp lut (chain). Bng trong iptables gm ba loi bng: filter, nat v mangle. Tp lut l tp hp cc lut dng x l gi tin. Tp lut trong iptables gm hai loi l tp lut dng sn v tp lut t nh ngha. Tp lut dng sn bao gm cc tp lut nh: INPUT, OUTPUT, FORWARD, PREROUTING, POSTROUTING, MASQUERADE. Tp lut t nh ngha l nhng tp lut c ngi dng to ra. Thng thng, Firewall hot ng hiu qu, t tnh bo mt cao, ngi ta thng xy dng nhiu tp lut khc nhau chuyn x l cho mi tnh hung ring bit, km theo mi tp lut l cc chnh sch bo mt chi tit hn i vi vic x l gi tin. Vic lm ny gip cho vic qun l, gim st hot ng Firewall tr nn d dng, chuyn nghip v an ton cao hn. Bn di y trnh by chi tit v cc thnh phn v chc nng, cch dng cc thnh phn trong iptables. Tn bng Chc nng Cc tp lut dng km Chc nng tp lut
Trang 64
GVHD: Ths.L Quc Tun
Filter
Lc gi tin
FORWARD
Lc cc gi tin i vo trn mt cng mng v ra trn mt cng mng khc ca Firewall.
INPUT OUTPUT Nat Network Address Translation Bin dch a ch PREROUTING
Lc gi tin vo cng mng ca Firewall. Lc gi tin ra cng mng ca Firewall. Vic bin dch a ch ca gi tin xy ra trc khi nh tuyn. To iu kin cho vic chuyn i a ch IP ch tng thch vi bng nh tuyn ca Firewall. Tp lut ny c s dng vi NAT ca a ch ch, c gi l destination NAT hay DNAT.
POSTROUTING Vic bin dch a ch ca gi tin xy ra sau khi nh tuyn. iu ny c ngha khng cn chuyn i a ch IP ch ca gi tin trong bng nh tuyn trc . Tp lut ny c s dng vi NAT ca a ch IP ngun theo c ch one-toone (c ch mt-mt) hay many-to-one (c ch mt nhiu), c gi l source NAT hay SNAT. OUTPUT Bin dch a ch cho cc gi tin c to ra bi Firewall. (Tp lut ny him khi c s dng trong mi trng SOHO.) Mangle Qun l c TCP header PREROUTING OUTPUT INPUT Dng trong vic s i cht lng dch trnh nh tuyn xy ra nh TTL, TOS, MARK, SECMARK,
POSTROUTING v bit ca gi tin TCP trc khi qu
Trang 65
GVHD: Ths.L Quc Tun
FORWARD
CONNSECMARK. (Tp lut ny him khi c s dng trong mi trng SOHO.) i vi phin bn nhn Linux 2.4.17 tr v trc, bng mangle ch h tr chain PREROUTING v OUTPUT. i vi phin bn nhn Linux 2.4.18 tr v sau, bng mangle h tr thm ba chain na l INPUT, FORWARD v POSTROUTING.
Cc thnh phn v chc nng mi thnh phn trong iptables.
Trong qu trnh vit lnh iptables cn phi xc nh cc bng v cc tp lut cho mi lnh. Tuy nhin, c mt ngoi l l hu ht cc tp lut u lin quan n vic lc gi tin, v th bng filter c iptables chn lm bng mc nh.
M hnh x l trong iptables

Mt gi tin s c iptables x l nh sau: Gi tin l ln u tin t mng A c kim tra bi cc lut trong tp lut PREROUTING ca bng mangle. Sau gi tin c kim tra bi cc lut
Trang 66
GVHD: Ths.L Quc Tun
Trang 67
GVHD: Ths.L Quc Tun
Trang 68
GVHD: Ths.L Quc Tun
Hnh 11: M hnh x l gi tin trong Iptables.
trong tp lut PREROUTING ca bng nat xem liu gi tin c yu cu DNAT hay khng. Sau gi tin c nh tuyn. Nu l gi tin ngang qua Firewall th gi tin s c chuyn n v x l bi cc lut trong tp lut FORWARD ca bng mangle v bng filter. Sau gi tin s SVTH: V Cng Dun Nguyn Anh Tun Trang 69
GVHD: Ths.L Quc Tun

c chuyn n tp lut POSTROUTING trong bng mangle. V cui cng l gi tin c chuyn n tp lut POSTROUTING trong bng nat tin hnh bin dch a ch gi tin tip tc i vo mng B. Nu l gi tin i vo Firewall th gi tin s c chuyn vo tp lut INPUT trong bng mangle v sau l bng filter x l. Nu tha th gi tin s c chuyn n cc tin trnh x l d liu ca my Firewall. Sau tin trnh x l d liu, Firewall gi gi tin tr li ny s c nh tuyn v i n cc tp lut OUTPUT ca bng mangle, nat v filter x l. Sau gi tin c a n tp lut POSTROUTING trong bng mangle, sau l bng nat v c bin dch li a ch i vo mng A.
C php lnh iptables

S dng lnh trong iptables C hai cch cu hnh trong iptables l dng lnh v sa tp tin /etc/sysconfig/iptables. C vi s khc bit gia cu hnh bng lnh v cu hnh bng cch sa tp tin nh sau: Cu hnh bng lnh: Sau khi g phm Enter kt thc lnh th lnh c y vo h thng v c hiu lc m khng cn phi khi ng li dch v iptables. Phi lu li lnh va cu hnh trc khi khi ng li dch v iptables, nu khng nhng cu hnh va mi thit lp da trn lnh cha lu s b mt. Cu hnh bng lnh gip h thng hot ng n nh (v nu cu hnh lnh sai th iptables s khng chp nhn lnh). Cu hnh bng cch sa tp tin: Lnh va cu hnh ch c hiu qu sau khi khi ng li dch v iptables. Lnh s c lu sau khi lu tp tin. Cu hnh bng cch sa tp tin lm h thng hot ng khng n nh (v nu cu hnh lnh sai th sau khi khi ng li dch v, iptables s a lnh trong tp tin vo h thng v h thng bo li).
Trang 70
GVHD: Ths.L Quc Tun

Iptables khng khuyn khch cu hnh bng cch sa tp tin (dng th hai trong tp tin /etc/sysconfig/iptables: Manual customization of this file is not recommended). C php lnh iptables C php ca cu lnh iptables nh sau:
# iptables [-t tables] command [match] [target/jump]
Trong , tables l cc bng c iptables h tr nh bng NAT (dng bin dch a ch ca gi tin), bng Filter (dng lc gi tin) v bng Mangle (dng thay i cc bit trong TCP Header). Khi g lnh iptables nu khng c g bng vo th iptables s chn bng filter lm bng mc nh. Command l lnh trong iptables nh -L (lit k), -N (thm mt lut mi trong mt tp lut), Trong command c rt nhiu gn kt c s dng nh -p, --sport, --dport, c gi l match, vic s dng cc ty chn match gip cho cng vic vit lnh tr nn linh hot. Target/jump l quyt nh trong lnh, c c php l -j target ngha l nu tha iu kin ca lnh command th iptables s thc quyt nh target nh ACCEPT (chp nhn gi tin), DROP (hy gi tin), TARGETS L hnh ng trong lnh iptables trong vic x l gi tin. Trong iptables c bn hnh ng thng c s dng l ACCEPT, DROP, QUEUE v RETURN. ACCPET ngha l chp nhn gi tin. DROP c ngha l hy b gi tin. QUEUE ngha l a gi tin vo hng i ch x l. RETURN l dng vic x l v tr x l v cho tp lut cp trn tip tc x l. Tp lut cp trn l tp lut trong tn ti mt lut chuyn hng x l gi tin n tp lut khc. V d tp lut cp trn nh sau:
# # # RETURN # # iptables -N PING iptables -A PING -j DROP iptables -I PINT -s 192.168.3.2 -i eth2 -j iptables -F INPUT iptables -P INPUT ACCEPT
Trang 71
GVHD: Ths.L Quc Tun

#
iptables -I INPUT -p icmp -j PING
Trong trng hp lnh nh trn, th tp lut INPUT c xem nh l tp lut cp trn ca tp lut PING. Khi mt gi tin ping vo Firewall th s gi tin s c y n tp lut PING x l. Nu gi ping c a ch ngun l 192.168.3.2 th Firewall s tr v tp lut cp trn l tp lut INPUT. Do tp lut INPUT c t hnh ng target mc nh l ACCEPT nn gi tin c chp nhn ping vo Firewall. Cn nu ti bc kim tra gi ping c a ch ngun khng phi l 192.168.3.2 th hnh ng RETURN s khng c thc hin v gi tin s c a n lut k tip trong tp lut PING l -j DROP. TABLES Tables l nhng bng c lin kt cht ch vi gi tin trong qu trnh x l. Trong lnh iptables, nu khng ch nh bng th bng c s dng mc nh l bng filter. C php s dng bng iptables nh sau: -t, --tables table. Tham s table l cc bng trnh by trong hnh 2.3.1. V d lnh: iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE Lnh trn dng bin dch a ch ch sau khi nh tuyn trn cng mng eth0. OPTIONS Options l nhng ty chn c s dng trong lnh iptables. Nhng ty chn ny bao gm lnh (command), bin (pamameter) v nhng ty chn khc thng c dng km vi cc lnh. Cc ty chn ti mc ny c th c s dng trong hu ht tnh hung khi vit lnh trong iptables m khng cn phi dng thm tham s -m i vi nhng ty chn m rng (c trnh by mc MATCH EXTENTIONS). COMMANDS Command l cc ty chn lnh c s dng trong iptables. Nhng lnh thng s dng trong iptables nh sau: -A, --append chain [rule] Thm mt lnh vo trong tp lut. V d:
Trang 72
GVHD: Ths.L Quc Tun

# -D, --delete chain rule Xo mt lnh trong tp lut bng cch g y lnh cn xa. V d: # iptables -D INPUT -p icmp -j ACCEPT : xa lut cho php ping vo Firewall. -I, --insert chain [number] rule Chn mt lnh vo trong tp lut. Nu khng c tham s number, nu khng c tham s number, lnh s c chn vo tp lut ti dng u tin. Nu c tham s number, lnh s c chn vo tp lut ti dng number. V d: # # -R, --replace chain number rule Thay th mt lut trong tp lut ti dng number. V d: # vo Firewall. -L, --list [chain] Dng lit k lut iptables ang c trong b nh. Nu c tham s chain th lnh dng lit k danh sch lut trong tp lut. Cn nu khng c tham s chain th lnh s lit k tt c cc tp lut trong iptables km theo cc lut tng ng vi mi tp lut . iptables -R INPUT 3 -p icmp -j ACCEPT : thay th lut ti v tr th 3 trong tp lut INPUT bng lut cho php gi ping iptables -I INPUT -p icmp -j ACCEPT : chn lut cho php ping vo Firewall ti v tr u tin trong tp lut INPUT. iptables -I INPUT 2 -p icmp -j ACCEPT : chn lut cho php ping vo Firewall ti v tr th 2 trong tp lut INPUT. iptables -A INPUT -p icmp -j ACCEPT : thm lut cho php cc gi ping vo Firewall.
Trang 73
GVHD: Ths.L Quc Tun
Hnh 12: Kt qu lnh iptables L RH-Firewall-1-INPUT.
Hnh 13: Kt qu lnh iptables L.
-S, --list-rules [chain] Dng lit k cc lut ca iptables trong tp tin /etc/sysconfig/iptables. Nu c tham s chain th lit k cc lut c trong tp lut. Cn nu khng c tham s chain
Trang 74
GVHD: Ths.L Quc Tun

th lit k tt cc cc lut c trong tp tin /etcp/sysconfig/iptables.Cng l lnh lit k, nhng c s khc bit r gia lnh -L v lnh -S.
Hnh 14: Kt qu lnh iptables S.
Hnh 15: Kt qu lnh ipitables S RH-Firewall-1-INPUT.
-F, --flush [chain] Dng xa sch cc lut. Nu c tham s chain th lnh c tc dng xa sch cc lut c trong tp lut. Cn nu khng c tham s chain th lnh c tc dng xa sch cc lut c trong iptables. Do iptables dng bng filter lm bng mc nh, do , xa sch lut trong bng nat th phi dng thm -t nat.
Trang 75
GVHD: Ths.L Quc Tun
Hnh 16: Gi tr b m OUTPUT trc v sau khi dng lnh iptables-Z OUTPUT.
-N, --new-chain chain Lnh dng to mi mt tp lut. V d: # -X, --delete-chain [chain] Xa tp lnh trong iptables. Ch c th xa c tp lnh rng, v vy, trc khi xa tp lnh ta nn dng lnh -F xa tt c cc lnh trong tp lnh. Lnh nu c tham s chain s xa tp lnh c ch nh. Cn nu lnh khng s dng tham s chain th s xa tt c cc tp lnh trong iptables. Lnh ny ch xa c tp lnh do ngi dng to ra, khng th xa cc tp lnh dng sn nh INPUT, OUTPUT, FORWARD, PREROUTING, POSTROUTING. V d: # # -P, --policy chain target Lnh ny dng t li chnh sch mc nh cho tp lnh. Lnh ny ch c s dng i vi cc tp lnh dng sn. Thng thng, sau khi ci t iptables th chnh sch mc nh ca cc tp lnh trong bng filter l ACCEPT. m bo an ton, ta nn t li chnh sch mt nh i vi cc tp lnh trong bng filter l DROP. iptables -F BAD-INPUT iptables -X BAD-INPUT iptables -N BAD-INPUT
Trang 76
GVHD: Ths.L Quc Tun
Hnh 17: Chnh sch mc nh ca lnh INPUT trc v sau khi dng lnh iptables P INPUT DROP.
-E, --rename-chain old-chain new-chain Lnh dng i tn tp lnh. V d: # -h S dng trnh tr gip trong iptables. V d: # m hnh) PARAMETERS PARAMETERS l cc tham s thng c s dng trong lnh iptables. Du "!" nu c s dng c ngha l ph nh li lnh. [!] -p, --protocol protocol Kim tra gi tin da trn protocol. Protocol c th l port hoc tn tng ng trong tp tin /etc/protocols. Nhng protocol thng dng l tcp, udp, icmp hoc all (all l tt c protocol). V d hai lnh di y tng ng nhau: # # [!] -s, --source addresss[/mask] Kim ta gi tin da trn a ch ngun. Address c th l hostname hoc a ch IP. S dng /mask nu mun lc gi tin trn mt mng a ch IP. V d: # ACCEPT iptables -I INPUT -s 192.168.1.0/24 -j iptables -I INPUT -p 53 -j ACCEPT iptables -I INPUT -p swipe -j ACCEPT iptables -h | more (lnh more dng ngn tng trang trong trng hp thng tin hin ra c s dng ln hn s dng ca iptables -E BAD-INPUT BAD-LIST
Trang 77
GVHD: Ths.L Quc Tun

# [!] -d, --destination address[/mask] Kim ta gi tin da trn a ch ch. Address c th l hostname hoc a ch IP. S dng /mask nu mun lc gi tin trn mt mng a ch IP. -j, --jump target Thc hin hnh ng target nu tha lnh. -j c th s dng chuyn hng x l gi tin n mt chain khc. V d: # # # BAD-LIST -g, --goto chain Chuyn hng x l gi tin n mt chain. Thng khi s dng iptables vit lnh ta hay dng -j thay v dng -g. [!] -i, --in-interface name Kim tra gi tin da trn cng mng m gi tin i vo. V d: # ACCEPT [!] -o, --out-interface name Kim tra gi tin da trn cng mng m gi tin i ra. V d: # ACCEPT [!] -f, --fragment Kim tra nhng gi tin b phn mnh (t mnh vn th hai). -c, --set-counters packets bytes Yu cu nhn Linux thit lp li gi tr b m gi tin v byte. Tham s ny ch c dng km vi lnh INSERT, APPEND, REPLACE. iptables -I OUPUT -o eth0 -p tcp --dport 80 -j iptables -I INPUT ! -i eth0 -p icmp -j iptables -N BAD-LIST iptables -A BAD-LIST -j DROP iptables -I INPUT ! -d 192.168.1.0/24 -j iptables -I INPUT -s 192.168.1.2 -j DROP
Trang 78
GVHD: Ths.L Quc Tun
Hnh 18: Kt qu lnh iptables L nv.
MATCH EXTENSIONS Match extensions trnh by nhng ty chn gn kt m rng thng c s dng, i vi nhng ty chn m rng ny, khi s dng trong lnh iptables th phi dng km tham s -m, --match. addrtype Gn kt gi tin vi cc loi a ch: UNSPEC (v d 0.0.0.0), UNICAST, LOCAL, BROADCAST, ANYCAST, MULTICAST, BLACKHOLE, PROHIBIT, THROW, NAT, XRESOLVE. [!] --src-type type Gn kt vi a ch ngun. [!] -dst-type type Gn kt vi a ch ch. --limit-iface-in Kim tra gii hn vi nhng gi tin vo. Ty chn ny ch s dng trong chain PREROUTING, INPUT, FORWARD. --limit-iface-out Kim tra gii hn vi nhng gi tin ra. Ty chn ny ch c s dng trong chain POSTROUTING, OUTPUT, FORWARD. account
Trang 79
GVHD: Ths.L Quc Tun

Dng thit lp b m tnh cho mi protocol TCP, UDP, ICMP v Other (nhng giao thc khc). c im l s dng mt lut ca iptables s dng cho tt c cc my trong mng network/netmask, v c kh nng np v lu b m. --aaddr network/netmask nh ngha mt network/netmask --aname name nh ngha danh sch tn. Nu khng nh ngha th danh sch tn c s dng l DEFAULT --ashort Thu thp b m. V d: To bng mynetwork s dng cho mng 192.168.0.0/24: # iptables -A FORWARD -m account --aname mynetwork --aaddr 192.168.0.0/24 To ti kha cho WWW server mng 192.168.0.0/24 trong bng mynetwork: # # c b m: # # t b m: # connlimit Cho php thit lp s kt ni TCP n server i vi mi a ch IP. [!] --connlimit-above number Cho php thit lp s lng kt ni. --connlimit-mask bits Nhm cc host s dng mask. SVTH: V Cng Dun Nguyn Anh Tun Trang 80 echo "ip = 192.168.0.1 packets_src = 0" > /proc/net/ipt_account/mywwwserver cat /proc/net/ipt_account/mynetwork cat /proc/net/ipt_account/mywwwserver iptables -A INPUT -p tcp --dport 80 -m account --aname mywwwserver --aaddr 192.168.0.0 --ashort iptables -A OUTPUT -p tcp --sport 80 -m account --aname mywwwserver --aaddr 192.168.0.0/24 --ashort
GVHD: Ths.L Quc Tun

V d: Cho php 2 kt ni telnet cho mi client: # iptables -A INPUT -p tcp --syn --dport 23 -m connlimit --connlimit-above 2 -j REJECT Gii hn yu cu http l 16 cho mi mng lp C (24 bit netmask): # above 16 --connlimit-mask 24 icmp --icmp-type [!] type Kim tra gi tin icmp kiu type (type c th l tn hoc s). Type trong ty chn ny c trnh by trong hnh 3.2.11. TYPE 0 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 4 5 5 5 5 8 CODE 0 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 0 0 1 2 3 0 Description Echo Reply Network Unreachable Host Unreachable Protocol Unreachable Port Unreachable Fragmentation needed but no frag. bit set Source routing failed Destination network unknown Destination host unknown Source host isolated (obsolete) Destination network administratively prohibited Destination host administratively prohibited Network unreachable for TOS Host unreachable for TOS Communication administratively prohibited by filtering Host precedence violation Precedence cutoff in effect Source puench Redirect for network Redirect for host Redirect for TOS and network Redirect for TOS and host Echo request Query Error x x x x x x x x x x x x x x x x x iptables -t nat -A PREROUTING -i eth0 -d 192.168.1.10 -j DNAT --to-destination 192.168.2.2 -m connlimit --connlimit-
x Trang 81
GVHD: Ths.L Quc Tun

9 10 11 11 12 12 13 14 15 16 17 18 0 0 0 1 0 1 0 0 0 0 0 V d: # ACCEPT iprange [!] --src-range IP-IP [!] --dst-range IP-IP Kim tra gi tin da trn dy IP ngun hoc ch. mac --mac-source [!] mac_address Lc gi tin da trn a ch MAC. mac_address trong cu lnh c dng XX:XX:XX:XX:XX:XX. Ty chn ny ch c tc dng i vi gi tin n t thit b Ethernet v vo cc chain PREROUTING, FORWARD hoc INPUT. mport Cho php lc gi tin da vo port. C php trong ty chn chp nhn ti a 15 port. Ty chn ny ch c s dng vi -p tcp, -p udp. --source-ports port[,port[,port...]] Lc gi tin da vo port ngun. --destination-ports port[,port[,port...]] Lc gi tin da vo port ch. --ports port[,port[,port...]] Lc gi tin da vo port. multiport SVTH: V Cng Dun Nguyn Anh Tun Trang 82 iptables -A INPUT -p icmp --icmp-type 8 -j Router advertisement Router solicitation TTL equals 0 during trasit TTL equals 0 during reassembly IP header bad (catchall error) Required option missing Timestamp request (obsolete) Timestamp reply (obsolete) Information request (obsolete) Information reply (obsolete) Address mask request Address mask reply
Cc loi type ICMP..
x x x x x x x x x x
GVHD: Ths.L Quc Tun

Cho php lc gi tin da vo port. C php trong ty chn chp nhn ti a 15 port. Mi dy port (port:port) c tnh l 2 port trong 15 port gii hn. Ty chn ny ch s dng vi -p tcp, -p udp. --source-ports [!] port[,port[,port:port...]] Lc gi tin da vo port ngun. --destination-ports [!] port[,port[,port:port...]] Lc gi tin da vo port ch. pkttype --pkt-type [unicast|broadcast|multicast] Cho php kim tra loi gi tin l unicast, broadcast hay multicast. quota --quota bytes Cho php to hn ngch da trn b m gi tin tnh theo byte. tcp Kim tra gi tin da vo thng tin port hoc c TCP. Nu ty chn ny s dng vi -p tcp th khng cn ghi -m tcp trong cu lnh iptables. --source-port [!] port[:port] Lc gi tin da trn port ngun ca gi tin TCP. --destinaton-port [!] port[:port] Lc gi tin da trn port ch ca gi tin TCP. --tcp-flags [!] mask comp Lc gi tin da trn c TCP. C TCP c cc dng sau: SYN ACK FIN RST URG PSH ALL NONE. V d: # SYN,ACK,FIN,RST SYN ttl Kim tra thi gian sng ca gi tin trong IP header. --ttl-eq ttl Kim tra bng gi tr TTL. --ttl-qt ttl SVTH: V Cng Dun Nguyn Anh Tun Trang 83 iptables -A FORWARD -p tcp --tcp-flags
GVHD: Ths.L Quc Tun

Kim tra ln hn gi tr TTL. --tt-lt ttl Kim tra nh hn gi tr TTL. udp Kim tra gi tin da vo thng tin port hoc c UDP. Nu ty chn ny c s dng vi -p udp th khng cn ghi -m udp trong cu lnh iptables. --source-port [!] port[:port] Lc gi tin da trn port ngun UDP. --destination-port [!] port[:port] Lc gi tin da trn port ch UDP. TARGET EXTENTIONS Target extentions trnh by v nhng quyt nh m rng thng c s dng trong iptables. Cc quyt nh m rng thng c s dng trong iptables l DNAT, SNAT, MASQUERADE, REDIRECT, REJECT v LOG. BALANCE --to-destination ipaddr-ipaddr Cho php kt ni DNAT trong dy a ch IP. Thng c s dng trong vic chia ti my ch web t trong mng DMZ. CLASSIFY --set-class MAJOR:MINOR Cho php thit lp u tin. DNAT --to-destination address[-address][:port-port] DNAT s dng trong vic bin dch a ch ch ca gi tin. DNAT ch c tc dng trong tp lut PREROUTING v OUTPUT trong bng nat. DNAT thng s dng trong vic chuyn i a ch ca my ch web, mail trong mng cc b ra ngoi mng Internet (publish server). Ngha l ngi dng c mt a ch IP dng truy cp Internet, HTTP server th c xy dng trong mng LAN, firewall c a ch ngoi l $INET_IP, a ch trong l $LAN_IP cng vi mng ca HTTP server, v HTTP server c a ch l $HTTP_IP. Khi SVTH: V Cng Dun Nguyn Anh Tun Trang 84
GVHD: Ths.L Quc Tun

mt gi tin truy cp web n a ch ngoi ca firewall, firewall s chuyn i a ch (nat) y gi tin n my ch web tng ng.
Hnh 19: M hnh DNAT.
V d: # theo dy a ch IP vi port l 80. # ch IP v port. # a ch IP vi dy port. # iptables -t nat -A PREROUTING -dst $INET_IP -p tcp -dport 80 -j DNAT --to-destination $HTTP_IP - nat theo a ch nh danh quy nh bi iptables. # iptables -t nat -A OUTPUT -dst $INET_IP -p tcp -dport 80 -j DNAT --to-destination $HTTP_IP - nat theo a ch nh danh quy nh bi iptables dng trong tp lut OUTPUT. Qu trnh nat din ra nh sau: o Gi tin c a ch ngun l $EXT_BOX ri khi $INET_IP tin n firewall. SVTH: V Cng Dun Nguyn Anh Tun Trang 85 iptables -t nat -A PREROUTING -p tcp -d 15.45.23.67 -dport 80 -j DNAT --to-destination 192.168.1.1:80-100 - nat theo iptables -t nat -A PREROUTING -p tcp -d 15.45.23.67 -dport 80 -j DNAT --to-destination 192.168.1.1:80 - nat theo a iptables -t nat -A PREROUTING -p tcp -d 15.45.23.67 -dport 80 -j DNAT --to-destination 192.168.1.1-192.168.1.10 - nat
GVHD: Ths.L Quc Tun

o Firewall nat gi tin (gi tin khng b nh hng bi cc tp lut khc). o Gi tin ri firewall v tm n $HTTP_IP. o Gi tin tin n HTTP server, HTTP server tr gi tin v cho firewall. o Gi tin tr v t HTTP server n firewall c nat (khng phi l DNAT, l SNAT) v c y n a ch $EXT_BOX ca my ngoi Internet. Do , cho vic vn chuyn gi tin c thng sut th firewall phi c cu hnh thm dng sau: # LOG Dng ghi nhn s kin trong iptables. --log-level level Ch nh vic thc hin ghi nhn. level c th l s hoc tn c ch nh trong tp tin syslog.config. --log-prefix message Thc hin ghi nhn km theo thng bo message. di message ti a l 29 k t. --log-tcp-sequence Ghi nhn s TCP Sequence, l s dng sp xp trnh t ca cc gi tin. --log-tcp-options Ghi nhn thng tin header ca gi tin TCP. --log-ip-options Ghi nhn thng tin header ca gi tin IP. --log-uid Ghi nhn thng tin chung ca gi tin. MASQUERADE L mt dng c bit ca SNAT, thng c gi l cu hnh gi mo a ch. MASQUERADE khng i hi phi s dng --to-source nh SNAT. MASQUERADE c s dng trong trng hp khng bit a ch IP ngun, iptables -t nat -A POSTROUTING -p tcp --dst $HTTP_IP -dport 80 -j SNAT --to-source $LAN_IP
Trang 86
GVHD: Ths.L Quc Tun

thng l dng trong trng hp card mng nhn IP ng, trong khi SNAT vi ty chn --to-source th phi bit chnh xc a ch IP ngun. MASQUERADE thng s dng vi ty chn --to-ports dng chuyn i port ca gi tin. V d: # # MASQUERADE (Lnh trn tng ng vi lnh SNAT nh sau: #iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to-source 210.40.2.71 gi s a ch ngoi ca firewall l 210.40.2.71.) REDIRECT --to-port port[-port] Ty chn ny ch c tc dng trong -p tcp v -p udp, c s dng trong vic chuyn hng gi tin. V d chuyn hng tt c cc gi tin s dng port ca HTTP n my ch HTTP proxy. REDIRECT ch c s dng trong chain PREROUTING v OUTPUT ca bng nat. REDIRECT cng c s dng trong chain do ngi dng nh ngha, nhng nhng chain ngi dng nh ngha cng phi c gi t chain PREROUTING hoc OUTPUT. REDIRECT ch s dng ty chn --to-ports port[-port]. V d: # iptables -t nat -A PREROUTING -p tcp -dport 80 -j REDIRECT --to-ports 8080 - gi tin theo giao thc TCP s dng port 80 s c chuyn hng n port 8080 (thng l port s dng trn my proxy). REJECT Hy gi tin v gi thng tin tr li cho ngi gi. REJECT ch c s dng trong chain INPUT, OUTPUT v FORWARD. REJECT c s dng vi ty chn sau: --reject-with type Type l cc ch nh tr li, bao gm: icmp-net-unreachable icmp-host-unreachables SVTH: V Cng Dun Nguyn Anh Tun Trang 87 iptables -t nat -A POSTROUTING -p TCP -j MASQUERADE --to-ports 1024-31000 iptables -t nat -A POSTROUTING -o eth0 -j
GVHD: Ths.L Quc Tun

icmp-port-unreachables icmp-proto-unreachables icmp-net-prohibited icmp-host-prohibited icmp-admin-prohibited tcp-reset echo-reply SNAT --to-source address[-address][:port-port] SNAT s dng trong vic bin dch a ch ngun ca gi tin. SNAT ch c tc dng trong tp lut POSTROUNG trong bng nat. SNAT ngc vi DNAT, c dng chuyn i a ch trong mng LAN ra a ch ngoi Internet.
Hnh 20: M hnh SNAT.
V d: # theo dy a ch IP vi dy port. XOR M ha XOR vi gi tin TCP v UDP. --key key SVTH: V Cng Dun Nguyn Anh Tun Trang 88 iptables -t nat -A POSTROUTING -p tcp -o eth0 -j SNAT --to- source 194.236.50.155-194.236.50.160:1024-32000 - nat
GVHD: Ths.L Quc Tun

t "key" m ha. --block-size t kch thc cho m block. nh gi Iptables rt thch hp trong vic xy dng tng la trn h thng linux. Tuy nhin, cho h thng firewall c kh nng hot ng tng ng dng trong m hnh TCP/IP th cn phi tch hp nhiu gi ng dng khc (v d nh gi squid c chc nng to my ch proxy, c kh nng hn ch truy cp). V vn cu hnh thng qua giao din GNOME, c th chuyn sang cu hnh iptables hon ton bng giao din GNOME, tuy nhin giao din Firewall trn GNOME ch h tr nhng cu hnh rt ph bin v thng gp, cn i vi nhng cu hnh tng i phc tp th vn cn phi s dng lnh iptables. Vn cu hnh trn shorewall rt uyn chuyn, cho php to ra nhiu lut phc tp, tuy nhin lm c iu cn phi nm s lng c php ca shorewall tng ng vi c php iptables. Tuy nhin, vn nn cu hnh iptables bng dng lnh, v khi cu hnh bng giao din ha th s lng lnh pht sinh c lu tr trong tp tin cu hnh l rt ln, c kh khn trong vic kim tra chnh sch. Trong khi , cng mc ch, nu hiu r v iptables th cu hnh bng lnh iptables s ch cn mt hoc mt vi lnh ngn, v l lnh t vit ra nn kh nng kim sot s cao hn.
Trang 89
GVHD: Ths.L Quc Tun
Chng 6: SecureShell (SSH)

6.1 Lch s
SSH-1 c trnh by nm 1995 bi Tatu Ylnen, mt nh nghin cu trng i hc Helsinki - Phn Lan. Sau khi mng trng i hc ca ng l nn nhn ca mt cuc tn cng nh cp password vo u nm . Thng 07/1995, SSH1 c pht hnh rng ri di dng mt phn mm min ph c source code, cho php mi ngi sao chp v s dng m khng thu ph. Vo cui nm , c tnh c khong 20.000 ngi dng trn 50 quc gia s dng SSH-1. Nm 1996, SSH-2 c cng b nh mt giao thc chun. SSH-2 hon ton khng tng thch vi SSH-1. OpenSSH: do SSH2 c pht trin c bn quyn, nn cc nh pht trin mun pht trin mt phn mm min ph tng t nh SSH-1. Bjrn Grnvall sau pht trin OSSH da vo SSH phin bn 1.2.12 (phin bn ny c pht hnh di dng phn mm ngun m). Ngay sau , cc nh pht trin OpenBSD to ra OpenSSH da trn m ngun ca Bjrn Grnvall. Ban u, OpenSSH c th chy trn nn OpenBSD, tuy nhin sau n c s dng trn nhiu h iu hnh khc (Unix, Linux, Windows,). Ti nm 2005, OpenSSH c s dng nhiu nht trn cc h iu hnh.
6.2 SSH l g?
SSH l mt chng trnh tng tc gia my ch v my khch c s dng c ch m ho mnh nhm ngn chn cc hin tng nghe trm, nh cp thng tin trn ng truyn. Cc chng trnh trc y: telnet, rlogin khng s dng phng php m ho. V th bt c ai cng c th nghe trm thm ch c c ton b ni dung ca phin lm vic bng cch s dng mt s cng c n gin. S dng SSH l bin php hu hiu bo mt d liu trn ng truyn t h thng ny n h thng khc.
Trang 90
GVHD: Ths.L Quc Tun

SSH (Secure Shell) l mt giao thc mng dng thit lp kt ni mng mt cch bo mt. SSH hot ng lp trn trong m hnh phn lp TCP/IP. Cc cng c SSH (OpenSSH, ...) cung cp cho ngi dng cch thc thit lp kt ni mng c m ho to mt knh kt ni ring t. Hn na tnh nng tunneling ca cc cng c ny cho php chuyn ti cc giao vn theo cc giao thc khc. Do vy c th thy khi xy dng mt h thng mng da trn SSH, chng ta s c mt h thng mng ring o VPN n gin. Cc ng dng dnh cho SSH client: SSH client l mt thnh phn ca b giao thc SSH, n cho php user tng tc vi cc dch v c cung cp bi SSH server. Di y l mt vi chng trnh SSH client: PuTTY: mt trong nhng chng trnh SSH client lu i nht chy trn nn Windows. Link tham kho: http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html OpenSSH: c nhiu phin bn dng cho cc h iu hnh khc nhau. Link tham kho: http://www.openssh.com/ MindTerm: tng t OpenSSH, cng c th chy trn nhiu nn tng khc nhau. Link tham kho: http://www.appgate.com/index/products/mindterm/ FreeSSH: ch c phin bn cho Windows http://www.freesshd.com/?ctt=download SecureCRT: dng trn Windows, y c coi l bn manh m nht. Tuy nhin n l bn thng mi. Link tham kho: http://www.vandyke.com/products/securecrt/ Link tham kho:
Trang 91
GVHD: Ths.L Quc Tun 6.3 Tng quan v cc c im ca SSH

Cc c im chnh ca giao thc SSH l: - Tnh ring t (Privacy) ca d liu thng qua vic m ho mnh m - Tnh ton vn (integrity) ca thng tin truyn, m bo chng khng b bin i. - Xc thc (authentication) ngha l bng chng nhn dng bn gi - v bn nhn. - Giy php (authorization) :dng iu khin truy cp n ti khon. - Chuyn tip (forwarding) hoc ng hm (tunneling) m ho nhng phin khc da trn giao thc TCP/IP. 6.3.1 Tnh b mt (Privacy) Tnh b mt c ngha l bo v d liu khng b phi by. Mng my tnh bnh thng khng bo m tnh b mt, bt c ai truy cp n phn cng ca mng hoc n nhng host kt ni vi mng u c th s c c tt c d liu i qua mng. Mc d mng chuyn mch hin i gim nhng vn ny trong mng vng cc b nhng n vn cn mt vn nghim trng l mt khu d b nhng k xu nh cp. SSH cung cp tnh b mt bng vic m ho d liu i qua mng. l vic m ho hai u da trn kho ngu nhin (sinh ra phc v cho mt phin kt ni v c hu i khi phin kt ni thnh cng). SSH h tr nhiu thut ton m ho i vi phin d liu, l nhng thut ton m ho chun nh: AES, ARCFOUR, Blowfish, Twofish, IDEA, DES v triple-DES (3DES). 6.3.2 Xc thc (authentication) Xc thc l kim tra nh danh ca ai xc nh chnh xc ng l ngi hay khng. Mi kt ni SSH bao gm hai vic xc thc: client kim tra nh danh ca SSH server (server authentication) v server kim tra nh danh ca ngi sr dng yu cu truy cp (user authentication). Server authentication chc chn rng SSH server l chnh xc v khng phi l k la o phng k tn cng li gi kt ni mng n mt my khc. Server authentication cng bo v vic b k xu ngi gia hai bn, la gt c hai bn ngha l k xu s ni vi server n l client
Trang 92
GVHD: Ths.L Quc Tun

v ni vi client n l server c c d liu trao i gia hai bn. User authentication theo truyn thng l lm vic vi mt khu. xc thc nh danh ca bn, bn phi a ra mt khu, v d b ly cp. Thm na, d nh mt mt khu, ngi ta thng t n ngn v c ngha no nn d b k xu on ra. i vi mt khu di hn th ngi ta thng chn nhng t hoc cu trong ngn ng bm sinh nn cng d b b kho. SSH h tr xc thc bng mt khu, m ho mt khu khi n truyn i trn mng. y l s ci thin rt ln so vi nhng giao thc truy cp t xa thng thng khc (Telnet, FTP) m chng gi mt khu qua mng di dng clear text. Tuy nhin, vic chng thc nh th vn ch l chng thc mt khu n gin v th SSH cung cp c ch mnh hn v d s dng hn: mi user c nhiu ch k kho cng khai (per-user public-key signature) v mt ci tin rlogin-style xc thc vi nh danh host c kim tra bng kho cng khai. Hn na, nhng bn b sung khc nhau ca SSH h tr vi h thng khc bao gm Kerberos, RSA, mt khu S/Key one-time v PAM. Mt SSH client v SSH server m phn vi nhau xc nh c ch xc thc s s dng da trn cu hnh ca chng v mt server thm ch c th yu cu nhiu kiu xc thc. 6.3.3 Vic cp giy php Vic cp giy php c tc dng quyt nh ai c th hoc khng th lm g . N din ra sau khi xc thc, bi v bn khng th chp nhn mt ai c quyn g khi cha bit l ai. SSH server c nhiu cch khc nhau gii hn hnh ng ca client. Truy cp n phin ng nhp tc ng ln nhau nh TCP port v X Window forwarding, key agent forwarding, c th tt c u c iu khin mc d khng phi tt cc c im u c sn trn tt c cc bn b sung SSH,v chng khng lun lun tng qut hoc linh hot nh bn mun. Giy php c th c iu khin ti mt mc server rng (v d: /etc/ssh/sshd_config file i vi OpenSH) hoc theo ti khon ph thuc vo phng thc xc thc s dng.
Trang 93
GVHD: Ths.L Quc Tun

6.3.4 Chuyn tip hoc ng hm Chuyn tip hoc to ng hm l tm lc dch v da trn TCP khc nh l Telnet hoc IMAP trong mt phin SSH mang li hiu qu bo mt ca SSH n vi cc dch v da trn TCP khc. V d, mt kt ni Telnet bnh thng truyn username, password ca bn v phin ng nhp ca bn dng clear text. Bng cch chuyn tip telnet thng qua SSH, tt c d liu s t ng c m ho v kim tra nh danh v bn c th xc nhn dng SSH tin cy. SSH h tr 3 kiu chuyn tip sau:
6.3.4.1 vTCP port forwarding

SSH dng TCP/IP lm c ch truyn, thng dng port 22 trn my server khi n m ho v gii m lu lng i trn mng. y chng ta ni n mt c im m ho v gii m lu long TCP/IP thuc v ng dng khc, trn cng TCP khc dng SSH. Tin trnh ny gi l port forwarding, n c tnh trong sut cao va kh mnh. Telnet, SMTP, NNTP, IMAP v nhng giao thc khng an ton khc chy TCP c th c bo m bng vic chuyn tip kt ni thng qua SSH. Port forwarding i khi c gi l tunneling bi v kt ni SSH cung cp mt ng hm xuyn qua kt ni TCP khc c th i qua. Gi s bn c mt my H nh ang chy IMAP v bn mun kt ni n mt IMAP server trn my S c v gi mail. Bnh thng th vic kt ni ny khng m bo an ton, ti khon v mt khu mail ca bn c truyn i di dng clear text gia chng trnh mail ca bn v server. i vi SSH port forwarding, bn c th nh tuyn li trong sut kt ni IMAP ( tm cng TCP 143 trn server S) truyn i thng qua SSH, m ho bo m d liu truyn i trn kt ni. My IMAP server phi chy mt SSH server cho port forwarding cung cp vic bo m . Tuy nhin, SSH Port Forwarding ch hot ng trn giao thc TCP v khng lm vic c trn cc giao thc khc nh UDP hay AppleTalk.
Trang 94
GVHD: Ths.L Quc Tun 6.3.4.2 v X forwarding

X l mt h thng window ph bin i vi cc trm lm vic Unix. S dng X bn c th chy ng dng X t xa m cc ca s ca chng trn mn hnh hin th cc b ca bn.
6.3.4.3 v Agent forwarding

SSH client c th lm vic vi mt SSH agent trn cng mt my. S dng mt c trng gi l agent forwarding, client cng c th lin lc vi cc agent trn nhng my t xa. iu thun li l n cho php client trn nhiu my lm vic vi mt agent v c th trnh vn lin quan n tng la.
6.3.5 Cch thc lm vic ca SSH SSH lm vic thng qua 3 bc n gin:
* nh danh host - xc nh nh danh ca h thng tham gia phin lm vic SSH. * M ho - thit lp knh lm vic m ho. * Chng thc - xc thc ngi s dng c quyn ng nhp h thng.
6.3.5.1 nh danh host Vic nh danh host c thc hin qua vic trao i kho. Mi my tnh c h tr kiu truyn thng SSH c mt kho nh danh duy nht. Kho ny gm hai thnh phn: kho ring v kho cng khai. Kho cng khai c s dng khi cn trao i gia cc my ch vi nhau trong phin lm vic SSH, d liu s c m ho bng kho cng khai v ch c th gii m bng kho ring. Khi c s thay i v cu hnh trn my ch: thay i chng trnh SSH, thay i c bn trong h iu hnh, kho nh danh cng s thay i. Khi mi ngi s dng SSH ng nhp vo my ch ny u c cnh bo v s thay i ny. Khi hai h thng bt u mt phin lm vic SSH, my ch s gi kho cng khai ca n cho my khch. My khch sinh ra mt kho phin ngu nhin v m ho kho ny bng kho cng khai ca my ch, sau gi li cho my ch. My ch s gii m kho phin ny bng kho ring ca mnh v nhn c kho phin. Kho phin ny s l SVTH: V Cng Dun Nguyn Anh Tun Trang 95
GVHD: Ths.L Quc Tun

kho s dng trao i d liu gia hai my. Qu trnh ny c xem nh cc bc nhn din my ch v my khch. 6.3.5.2 M ho Sau khi hon tt vic thit lp phin lm vic bo mt (trao i kho, nh danh), qu trnh trao i d liu din ra thng qua mt bc trung gian l m ho/gii m. iu c ngha l d liu gi/nhn trn ng truyn u c m ho v gii m theo c ch tho thun trc gia my ch v my khch. Vic la chn c ch m ho thng do my khch quyt nh. Cc c ch m ho thng c chn bao gm: 3DES, IDEA, v Blowfish. Khi c ch m ho c la chn, my ch v my khch trao i kho m ho cho nhau. Vic trao i ny cng c bo mt da trn inh danh b mt ca cc my. K tn cng kh c th nghe trm thng tin trao i trn ng truyn v khng bit c kho m ho. Cc thut ton m ho khc nhau v cc u, nhc im ca tng loi:
* 3DES (cng c bit nh triple-DES) - phng php m ho mc nh cho SSH. * IDEA - Nhanh hn 3DES, nhng chm hn Arcfour v Blowfish. * Arcfour - Nhanh, nhng cc vn bo mt c pht hin. * Blowfish - Nhanh v bo mt, nhng cc phng php m ho ang c ci tin.
6.3.5.3 Chng thc Vic chng thc l bc cui cng trong ba bc, v l bc a dng nht. Ti thi im ny, knh trao i bn thn n c bo mt. Mi nh danh v truy nhp ca ngi s dng c th c cung cp theo rt nhiu cch khc nhau. Chng hn, kiu chng thc rhosts c th c s dng, nhng khng phi l mc nh; n n gin ch kim tra nh danh ca my khch c lit k trong file rhost (theo DNS v a ch IP). Vic chng thc mt khu l mt cch rt thng dng nh danh ngi s dng, nhng ngoi ra cng c cc cch khc: chng thc RSA, s dng ssh-keygen v ssh-agent chng thc cc cp kho.
Trang 96
GVHD: Ths.L Quc Tun
6.4 Tm hiu v Public Key Cryptography

SSH tin tng vo cng ngh mt m kha cng khai (public key cryptography) chng ta cn 2 kha: 1 kha cng khai (public) v 1 kha ring (private). Public key c th xut hin cng khai m ai cng c th thy c, ngc li private key cn c gi b mt tuyt i; mi cp public key/ private key l duy nht. Qu trnh m ha d liu v chng thc c th c din t nh sau:
As public key + Bs private key + d liu B B B = D liu c m ha H.1 - B nhn public key ca A
Public Key
H.2 - B dng public key ca A v private key ca mnh m ha d liu
D liu c m ha
B H.3 - B gi d liu c m ha cho A
Public key
Bs public key + As private key + d liu m ha = d liu H.4 - B gi public key cho A A A
B B
H.5 - B dng public key ca A v private key ca mnh gii m d liu
Trang 97
GVHD: Ths.L Quc Tun

6.4.1 Cc c im ca kha V c bn, kha l mt s ln c cc c im ton hc c bit. Vic ai c th ph c kha ty thuc vo kh nng h c tm c nhng c im nh s k t, cc k t c s dng,V vy, kha cng ln th cng kh tm ra. M ha n gin c 56 bits, ngha l c th c 256 tng ng vi 65.536 nghn t kha. Con s ny nghe c v ln, nhng vo nm 1998, Eleectronic Frontier Foundation (EFF) thit k 1 my tnh tr gi 250.000$ c th b kha 56-bit ch trong vi giy! c mt kha kh ph, cc chuyn gia khuyn co s dng kha khng thp hn 128 bits, thm ch l 512 bits. SSH c th s dng n 1024 bits m ha d liu. Vic s dng kha c s bits cng cao i hi sc mnh in x l in ton ca my tnh cng cao, v thi gian x l c th tm ra kha cng lu. Ngha l bt k kha no cng c th c tm ra, tuy nhin cn phi c my tnh mnh c th x l khi lng bit ln trong mt thi gian ngn. iu ny l cc k kh, c bit l vi nhng ngi dng bnh thng.
6.5 Ci t OpenSSH
Cc file cn thit cho vic s dng OpenSSH:
openssh-5.5p1.tar.gz openssl-1.0.0.tar.gz zlib-1.2.5.tar.gz
Nu mun user c th login vo h thng thng qua SSH, cn m bo rng dch v ang chy.
[root@ServerA ~]# service sshd status openssh-daemon (pid 5929) is running...
Nu SSH cha khi chy cng h thng:

[root@ServerA ~]# service sshd start
Khi chy SSH ngay khi boot:
Trang 98
GVHD: Ths.L Quc Tun

[root@ServerA ~]# chkconfig sshd on
Khi :
[root@ServerA ~]# chkconfig sshd 0:off 1:off 2:on 3:on 4:on 5:on 6:off
6.5.1 File cu hnh SSHD Trn hu ht cc bn phn phi Linux da trn RPM v d nh Fedora, RedHat Enterprise hay OpenSuSe, file cu hnh cho sshd thng nm trong /etc/ssh/sshd_config.
Trang 99
GVHD: Ths.L Quc Tun

Di y l mt vi ty chn c trong file sshd_config: AuthorizedKeysFile: ch r file cha public key c th c s dng chng thc ngi dng. Mc nh /<User_home>/.ssh/authorized_keys. Ciphers: danh sch mt m c dng cho version 2. V d: 3des-cbc, aes256-cbc, aes256-ctr, arcfour, and blowfish-cbc. Hostkey: inh ngha file cha key private s dng bi SSH. Mc nh l /etc/ssh/ssh_host_rsa_key hoc /etc/ssh/ssh_host_dsa_key cho version 2 . Port: ch r cng sshd dng lng nghe., mc nh l 22. Protocol: ch r cc phin bn m sshd h tr - c th l 1 v 2. Lu rng version 1 hin nay c coi nh khng bo mt. AllowTcpForwarding: TCP forwarding c c php hay khng. Mc nh l yes. X11Forwarding: X11 Forwarding c c php hay khng. Mc nh l no. ListenAddress: ch r a ch cc b m SSH lng nghe. Mc nh OpenSSH lng nghe trn c IPv4 v IPv6.
6.6 S dng OpenSSH

OpenSSH c vi chng trnh rt hu dng. V d nh: SSH client, Secure Copy (SCP) v Secure FTP. Trong , chng trnh chc chn chng ta phi s dng l ssh client. 6.6.1 Secure Shell (SSH) Khi SSH khi ng, chng ta c th s dng ssh client login t xa vo h thng ging nh s dng Telnet vy. im khc bit duy nht y l cc phin lm vic ca SSH c m ha. SSH client s cho rng chng ta mun login vo h thng t xa bng chnh username ang s dng trn my cc b. Tuy nhin, c th dng ty chn - l ssh bng user khc:
[root@serverA ~]# ssh -l duanvcd serverB Hoc:
Trang 100
GVHD: Ths.L Quc Tun

[root@serverA ~]# ssh duanvcd@serverB
Kt qu:
Hnh 22. Kt qu trn my ch Hnh 21. Truy cp t Ubuntu.
Lu :
C th thay tn server bng a ch IP ca chnh server . Nu ch s dng ssh serverB s login bng root ca serverB. C th kt ni n SSH server bng a ch Ipv6 nh sau:
[root@serverA ~]# ssh -6 duanvu@2001:DB8::2
6.6.2 To Secure Tunnel Phn ny s cp n Virtual Private Network (VPN). V c bn, chng ta c th s dng SSH to mt tunnel t h thng cc b (local) ti h thng t xa. V d: H thng SSH server c 2 card mng: card ni vi mng LAN c a ch 192.168.1.1, card ni vi WAN c a ch 1.1.1.1. Trong mng LAN c mt web server tn account vi a ch IP 192.168.1.100. Lm sao ngi dng c tn yyang trn HostA c th truy cp vo web server ny ch vi SSH?
Trang 101
GVHD: Ths.L Quc Tun
Trang 102
GVHD: Ths.L Quc Tun
Trang 103
GVHD: Ths.L Quc Tun
Trang 104
GVHD: Ths.L Quc Tun
Hnh 23. Port forwarding vi SSH
Vi SSH Tunnel, user yyang s thit lp mt ng hm ti web server theo nhng bc sau: Yyang login vo my cc b HostA Sau khi login vo my cc b, yyang s to mt tunnel trn port 9000 ti port 80 ca web server. User yyang s kt ni ti web server qua SSH bng lnh sau:
[yyang@hostA ~] ssh L 9000:192.168.1.100:80 1.1.1.1
C php cho port-forwarding ny l:

ssh L Local_port:Destination_host:Destination_port ssh_server
Trang 105
GVHD: Ths.L Quc Tun

vi local_port l port trn client kt ni ti SSH server, Destination_host:Destination _port l a ch IP, Port ca web server nh v d trn, ssh_server l a ch ca SSH server. Sau khi chng thc thnh cng, user yyang c th s dng hostA chy trnh duyt web truy cp thng qua tunnel bng port 9000: http://localhost:9000. Nh vy, user yyang trn hostA c th truy cp vo ni dung web c t trn web server. Secure Tunnel to cho ta truy cp bo mt ti h thng khc mt cch d dng. y l mt cch kh tit kim to 1 VPN n gin (khng c y tnh nng ca mt VPN), mt khc chng ta c th tunnel hu ht cc giao thc nh VNC hoc Telnet. y cng l mt cch ngi dng truy cp internet bt chp c firewall hoc proxy. 6.6.3 Secure Copy (SCP) Secure Copy (scp) cho php sao chp t xa t my ny n mt my khc. V d: mun chp tp tin dhcpd.conf t host A sang th mc trn server, dng lnh:
[root@serverA ~]# scp /etc/dhcp/dhcpd.conf 192.168.1.1:/home/dhcpd.conf
Nu mun chp theo chiu ngc li, dng lnh:

[root@serverA ~]# scp 192.168.1.1:/home/dhcpd.conf /etc/dhcp/dhcpd.conf
6.6.4 Secure FTP (SFTP) Secure FTP l mt nhnh ca ssh daemon. Ta c th truy cp vo SFTP thng qua lnh sftp:
[root@serverA ~]# sftp root@192.168.1.1
Trang 106
GVHD: Ths.L Quc Tun

Cc file c s dng bi OpenSSH Client File cu hnh cho SSH client v SSH server thng nm chung trong th mc /etc/ssh. Fie cu hnh cho SSH server l sshd_config, file cu hnh cho SSH client l ssh_config. Trong th mc home ca ngi dng, thng tin v SSH c lu trong /<username>/.ssh/. File known_hosts dng gi thng tin key, nu nh key b thay i, ta c th chnh sa li thng tin trong file ny.
Trang 107
GVHD: Ths.L Quc Tun
Chng 7: In n vi CUPS
7.1 Gii thiu
UNIX truyn thng thng s dng hai h thng in l BSD Line Printer Daemon (LPD) v System V Line Printer system (LPR). Hai h thng ny lm vic tt trn mi trng UNIX. Tuy nhin, n li khng c kh nng tng thch khi trong mi trng mng bao gm c Windows hoc MAC OS. CUPS (Common UNIX Printing System) ra i sau ny, k tha nhng tnh nng ca c LPD v LPR. N l h thng in a nn tng (cross-platform) bao gm Linux, Windows da trn IPP (Internet Printing Protocol). CUPS cung cp in n qua c giao din web (web-based) v command line. Ngoi ra, n cn tng thch ngc vi hai h thng in truyn thng l LPD v LPR thng qua lnh lp v lpr. IPP (Internet Printing Protocol) l d n bt u t 1996 do Novell v mt vi cng ty khc thit k nhm thun tin cho vic in qua mng. IPP cho php ngi dng: Xc nh kh nng tng thch ca my in. Gi mt job n my in. Xc nh trng thi my in. Xc nh trng thi job. Hy b mt job. IPP l mt giao thc client/server nn n c th ng vai tr nh mt my in cc b, v c my in mng.
7.2 Ci t CUPS
Gi cn thit:
Cups Cups-pdf
y, chng em s dng cups-pdf nh mt printer o thc hin vic in ti liu ra nh dng pdf. Tp tin cu hnh cho CUPS /etc/cups/cupsd.conf SVTH: V Cng Dun Nguyn Anh Tun Trang 108
GVHD: Ths.L Quc Tun

Cc thng s cupsd.conf
Listen localhost:631 Listen 172.16.1.2:631 Listen /var/run/cups/cups.sock
Cho php my cc b v cc client khc kt ni n my ch CUPS qua a ch 172.16.1.2 port 631.

# Restrict access to the server... <Location /> Order allow,deny Allow from localhost Allow from 172.16.1.3 <Location />
Mt access-list qun l a ch no c php truy cp vo my ch. Mc nh l tt c.

# Restrict access to the admin pages... <Location /admin> Encryption Required Order allow,deny Allow from localhost Allow from 172.16.1.* </Location>
Mt access-list qun l a ch no c php truy cp vo trang admin.

# Restrict access to configuration files... <Location /admin/conf> AuthType Default Require user @SYSTEM Order allow,deny </Location>
Mt access-list qun l user no c php truy cp file cu hnh (cupsd.conf). y mc nh ch c cc use h thng (@SYSTEM) l c quyn. Th t ca access-list l allow, deny. Sau khi cu hinh xong file cu hnh CUPS, ta cn bt dch v ny ln: SVTH: V Cng Dun Nguyn Anh Tun Trang 109
GVHD: Ths.L Quc Tun

[root@server ~]# service cups start [root@server ~]# chkconfig cups on
Lu :
CUPS s dng port 631 do , nu trong mng c thip lp firewall th cn m port 631 ny.
7.3 Cu hnh my in
7.3.1 S dng giao din Chng ta c th gi giao din qun l my in cng nh cc ty chn khc theo 3 cch sau: 1. Chn System Administration Printing
Hnh 24. Giao din cu hnh my in.
S dng lnh system-config-printer gi ca s nh trn. S dng trnh duyt Web: SVTH: V Cng Dun Nguyn Anh Tun Trang 110
GVHD: Ths.L Quc Tun
Ti thanh a ch, nhp http://localhost:631. Khi , s xut hin mt ca s web qun l dch v in. T , chng ta c th thit lp my in mc nh, qun l job, cu hnh in cc b hoc in qua mng, 7.3.2 S dng command line
Hnh 25. CUPS web-based.
Nh trnh by trn, CUPS c kh nng tng thch ngc vi LPR/LPD bng cch dng ch dng lnh gi cc lnh tng ng ca LPD hoc LPR. Lpinfo Hin th driver sn c ca server
[root@server Desktop]# lpinfo -m | head foomatic:Alps-MD-1000-md2k.ppd Alps MD-1000 Foomatic/md2k foomatic:Alps-MD-1000-ppmtocpva.ppd Alps MD-1000 Foomatic/ppmtocpva foomatic:Alps-MD-1000-ppmtomd.ppd Alps MD-1000 Foomatic/ppmtomd (recommended) foomatic:Alps-MD-1300-md1xMono.ppd Alps MD-1300 Foomatic/md1xMono foomatic:Alps-MD-1300-md2k.ppd Alps MD-1300 Foomatic/md2k foomatic:Alps-MD-1300-ppmtocpva.ppd Alps MD-1300 Foomatic/ppmtocpva foomatic:Alps-MD-1300-ppmtomd.ppd Alps MD-1300 Foomatic/ppmtomd (recommended) foomatic:Alps-MD-1500-md1xMono.ppd Alps MD-1500 Foomatic/md1xMono
Trang 111
GVHD: Ths.L Quc Tun

foomatic:Alps-MD-1500-md2k.ppd Alps MD-1500 Foomatic/md2k foomatic:Alps-MD-1500-ppmtocpva.ppd Alps MD-1500 Foomatic/ppmtocpva
Ty chn -m -v Lpadmin hin th danh sch cc PostScript Printer Definition (PPD). danh sch cc kt ni Cu hnh my in
Chng ta c th s dng lnh ny thm, xa hay sa cu hnh my in. Lnh ny c 3 ty chn chnh: -p -d -x C php:
lpadmin p [tn my in] [ty chn]
thm hoc thay i my in. thit lp my in mc nh cho h thng. xa my in.
cc ty chn y bao gm: -c -D -L -E -r thm my in vo mt Class. thm m t cho my in. v tr vt l ca my in. bt my in, cho php CUPS chp nhn cc job vo trong hng i. xa my in ra khi Class.
7.3 In t Windows
7.3.1 S dng CUPS Cc h iu hnh t Windows 2000 tr i bt u h tr IPP. V vy, ta c th s dng CUPS in ti liu trc tip t mi trng Windows m khng gp bt k kh khn no. iu cn thit l chng ta cn cu hnh file cups.conf chia s my in ca my ch CUPS trn mng ( cu hnh trn). Tip theo, t mi trng Windows chn: SVTH: V Cng Dun Nguyn Anh Tun Trang 112
GVHD: Ths.L Quc Tun

Faxes and Printers Add a printer Connecto to a printer on internet or v nhp ng dn n my ch CUPS dng:
http://[tn my ch]:port/printers/[tn my in]
V d:
http://172.16.1.2:631/printers/Cups-PDF
Hnh 26. Truy cp my in CUPS
7.3.2 S dung Samba Dch v Samba cho php Linux v Windows chia s ti nguyn bao gm vic in n. Khi ci t gi Samba, n s t ng to ra th mc /var/spool/samba do root s hu v bt k user no cng c th c v ghi. iu ny cho php cc user Windows c th truy cp vo th mc ny qun l vic in n ca mnh. Phn [printers] ca Samba c th c cu hnh nh sau:
[printers] comment = All Printers path = /var/spool/samba browseable = no
Trang 113
GVHD: Ths.L Quc Tun

guest ok = no writable = no printable = yes
H. Hnh 1: In 27.s S dng dng SAMBA Samba
7.4 In t Linux
Ngoi vic cho php cc user Windows in ti liu thng qua cc printer server trn Linux, CUPS cn cho php iu ngc li. Tc l cho php cc user Linux in ti liu ca mnh trn my ch Windows. Ti giao din web ca CUPS, chn Add Printer Windows Printer via SAMBA, nhp URL c dng:
smb://tn_my_ch_Win/tn_my_in
V d:
smb://172.16.1.10/PXSPrinter
Sau khi kt ni thnh cng ti my in trn h thng Windows, ta c th qun l in ti liu t dng lnh hoc qua giao din Web
Trang 114
GVHD: Ths.L Quc Tun
Chng 8: Samba
8.1 Gii thiu
Trong mi trng Windows, vic chia s ti nguyn din ra rt d dng th trong mi trng Linux Windows li kh khn hn. Nguyn nhn chnh l do Microsoft hn ch tnh tng thch gia Windows v Linux. Mc d vy, chng ta vn c th cu hnh dch v trn Linux c th chia s d dng gia Linux v Windows. lm c iu ny, ta cn cu hnh dch v SAMBA. Ngoi ra, vic chia s file gia cc my Linux c thc hin qua dch v NFS (Network File System). Samba cung cp kh nng chng thc ngi dng khi chia s file hoc my in, NFS li khng th cung cp bt c chng thc ngi dng no, nhng ta c th tch hp n vo mt Kerbetos domain chng thc. phn ny, chng em s trnh by cch thc chia s tp tin v in n qua Samba v NFS. Samba l b cng c ng dng mnh m cho php cc h thng nh Linux hot ng thng sut vi HH Windows cng nh cc HH ph bin khc. V c bn, Samba cung cp cc dch v chia s file v in vi cc my Windows. iu ny c th c thc hin thng qua vic s dng giao thc mng SMB/CIFS (Server Message Block/Common Internet File System) ca Microsoft, iu ny c ngha l c th trin khai h thng Linux m khng cn ci t NFS (Network File System). T Linux:
Mount th mc chia s ca Windows. Truy cp my in ca Windows. Chng thc vi cc my tnh Windows.
T Windows: Thy nhng th mc chia s ca Linux. Chng thc vi cc my tnh Linux. Truy cp my in ca Linux.
Trang 115
GVHD: Ths.L Quc Tun
Vi khc bit c bn khi lm vic vi c h thng Linux v Windows: Username & password: thut ton login/password trn Linux khc hon ton so vi PDC (Primary Domain Controller) v AD (Active Directory) trn Windows. Do , khi lm vic vi c 2 h thng; cn m bo ngi dng ng nhp vo h thng mt cch d dng m khng cn n vic chng thc li khi ng nhp vo h thng khc, i vi Samba, c vi ty chn qun l username/password: Linux PAM (Pluggable Authentication Modules): vn cn 2 danh sch ngi dng 1 trn Linux v 1 trn PDC nhng ngi dng ch cn gi mt khu ca h trn h thng Windows. S dng Samba nh 1 PDC: cho php gi username/password trn h thng Linux, Windows s chng thc vi Samba cn Samba s dng LDAP. Mt khu m ha: Windows s dng mt khu m ha trong PDC v bt k Server no yu cu chng thc. Tuy nhin thut ton m ha ca Windows khc bit hon ton so vi Linux, do vy vic gii m mt khu gia hai h thng khng tng thch. gii quyt vn ny, c 2 cch: Chnh sa Registry trn Windows client v hiu ha vic s dng mt khu c m ha. Cu hnh Samba tng thch vi thut ton m ha/gii m mt khu trn Windows. Mi phng php u c u nhc im ring. Samba gm 3 thnh phn chnh
l smbd, nmbd v winbindd. Hu ht mi chc nng ca Samba c thc thi bi hai tin trnh smbd v nmbd.
Tin trnh smbd:
Trang 116
GVHD: Ths.L Quc Tun

Qun l vic chia s file v dch v in cho cc client, ng thi cng chu trch nhim chng thc ngi dng bng cch s dng port 139 v 445 lng nghe cc yu cu n th mc chia s trn Linux. Khi mt client kt ni, smbd s to ra mt tin trnh mi, phc v cho kt ni ny. Tin trnh nmdb: Lng nghe trn port 137, chu trch nhim cung cp tn NetBIOS ca samba server cho cc request kt ni. Tin trnh winbindd: Dng khi Samba l 1 phn ca domain, dng truy vn server Windows thng tin nhm v ngi dng.
8.2 Ci t Samba
Samba cn nhng gi sau:
samba-3.4.2-47.fc12.i686.rpm Tt c nhng gi trn c i km vi bn phn phi CentOS. V vic ci t rt d dng. 8.2.1 Cc kiu server Samba Cc my ch Windows thng c chia ra thnh cc kiu server: Domain Controller o Primary Domain Controller (PDC). o Backup Domain Controller (BDC). o ADS Domain Controller. Domain Member Server o Active Directory Domain Server.
samba-winbind-clients-3.4.2-47.fc12.i686.rpm samba-client-3.4.2-47.fc12.i686.rpm samba-common-3.4.2-47.fc12.i686.rpm
Trang 117
GVHD: Ths.L Quc Tun

Standalone Server. Samba c th thay th tt cho mi kiu server tng ng trn Windows trong vic chia s ti nguyn gia h thng Linux Windows.
8.3 Cu hnh Samba

Cc thng tin cu hnh cho Samba c lu trong tp tin smb.conf v nm trong ng dn /etc/samba/smb.conf. Chng ta c th d dng chnh sa tp tin ny thng qua mt trnh son tho vn bn nh vi hoc giao din ha trn nn web bng SWAT. Tp tin smb.conf bao gm nhiu phn, mi phn u c bt u bng du [], sau l nhng thuc tnh ca phn . C php:
tham s = gi tr
Nhng dng bt u bng du # hoc ; l ch thch. [global] [printer] [homes] [khc] gm nhng thit lp c nh hng ti ton b chnh sch chia s. nh ngha dch v in n. nh ngha cc chia s trong th mc home directory. ty chn nh ngha nhng chia s khc.
Nhng tham s trong phn khc nh [homes], [printer], [khc], ch c nh hng cc b n nhng dch v c trong thit lp ca nhng phn . Di y l tp tin smb.conf mu:
#======================= Global Settings ===================== [global] # ----------------------- Netwrok Related Options --------workgroup = cn06.com server string = Samba Server Version %v ; netbios name = au-fileserver-1 interfaces = lo eth0 hosts allow = 127. 172.16.1. EXCEPT 172.16.1.100 # --------------------------- Logging Options --------------log file = /var/log/samba/%m.log max log size = 50 # --------------------------- Domain Options ----------------domain master = yes
Trang 118
GVHD: Ths.L Quc Tun

domain logons = yes local master = yes os level = 33 preferred master = yes security = user passdb backend = tdbsam
; ;
# ----------------------- Standalone Server Options ---------;security = user ;passdb backen = tdbsam # ----------------------- Domain Members Options -------------; ; ; ; security = domain passdb backend = tdbsam realm = MY_REALM password server = <NT-Server-Name>
# ----------------------- Domain Controller Options --------; ; ; ; security = user passdb backend = tdbsam domain master = yes domain logons = yes
# --------------------------- Printing Options ----------load printers = yes cups options = raw printcap name = cups #============================ Share Definitions ============== [homes] comment = Admins Directory browseable = no writable = yes valid users = %S valid users = admin [printers] comment = All Printers path = /var/spool/samba browseable = no guest ok = no writable = no printable = yes [netlogon] comment = Network Logon Service path = /var/lib/samba/netlogon guest ok = yes writable = no
Trang 119
GVHD: Ths.L Quc Tun

share modes = no [profiles] path = /etc/samba/profiles browseable = no guest ok = yes read only = no [user] comment = thu muc nguoi dung path = /user/ readonly = yes public = no browseable = yes printable=yes valid users = @user write list = admin, root # force create mode = 0770 # force directory mode = 0770 create mask = 0770 directory mask = 0770 # force group = admin # force user = admin writable = no printable = yes
8.3.1 Cc thng s smb.conf 8.3.2 Cc thng s phn [Global]

Thng s Interfaces Server string Workgroup Log file Log level Max log size M t Sanh sch cc interface (hoc a ch IP) m Samba s s dng. Mc nh l tt c cc interface tr a ch localhost 127.0.0.1 on k t s xut hin trn Windows. Ty chn %v l version ca Samba hin hnh, %h l tn hostname Tn workgroup cha Samba server. Tn file log cho Samba. Ty chn %m thay cho tn log ca tng client. Level c t cng cao th file log cng chi tit. Mc nh l 0. Kch thc ti a cho tng file log tnh bng kb, 0 ghi khng gii hn.
8.3.3 Cc thng s Domain Ty chn domain cho php cc dch v chng thc c tp trung ha trn mt server cho cc host tham gia vo domain . Domain yu cu phi c mt PDC hay master. Domain Master Browser chu trch nhim duy tr mt danh sch host trn mng khi client chia s thng qua Windows Network Neighborhood hay My
Trang 120
GVHD: Ths.L Quc Tun

Network Places. SMB nh k 15 pht bu chn host no s tr thnh Domain Master Browser. Vic my ch Samba c c chn hay khng ph thuc hai thng s:
Thng s Domain master = yes Local master = yes M t Cho php my ch Samba gia nhp cuc bu chn vi t cch nh mt PDC. Samba server c tr thnh master browser. nh lng my ch Samba "nng" bao nhiu so vi cc host Windows. Os level Windows 2000, XP v 2003 c os level = 32. Do , thit lp thng s ny ln hn 32 my ch Samba m bo chin Domain logons = yes thng. Chi ra rng Samba mun iu khin cc yu cu chng thc trong domain.
8.3.4 Cc thng s bo mt
Thng s Encrypt passwords = yes M t Ch chp nhn nhng mt khu c m ha t client. Thng s ny s dng smbpasswd chng thc client. Mc nh Samba s lu mt khu m ha trong smbpasswd nu ta khng thit lp mt c s d liu mt khu (passdb). anh sch cc mng (hoc a ch IP) c php truy cp Hosts allow dch v Samba. v d trn, cho php 127.0.0.0/4 v 172.16.1.0/24 ngoi tr a ch 172.16.1.100 c php s dng dch v. Yu cu bt k host no truy cp vo Samba cng cn c mt ti khon v mt khu hp l trn my ch Samba. Chng thc client bng c s d liu mt khu trn chnh Samba server, tdbsam c tr ti /etc/samba/passdb.tdb. Ngoi tdbsam ra, cn c smbpasswd v ldapsam.
Security = user Passdb backend = tdbsam
8.3.5 Cc thng s my in
Thng s printcap name = cups load printers = yes M t Ch cho Samba s dng dch v in CUPS. Cho php s dng my in bng cc my in c cu hnh trong
Trang 121
GVHD: Ths.L Quc Tun

dch v CUPS. Cc ty chn in n c gi cho CUPS server.
cups options = raw
8.3.6 Cc thng s chia s Thng s path browseable comment writable Read only printable guest ok valid users write list create mask directory mask Cho php ngi dng truy cp dng guest m khng cn mt khu. Mc nh l khng. Danh sch nhng ngi dng c quyn truy cp chia s ny. S dng @tn_group cp quyn cho c group. Danh sch ngi dng c quyn c/ghi trn chia s ny m khng cn quan tm n ty chn read only. To quyn hn cho cc file c to. To quyn hn cho cc th mc c to. M t ng dn ti th mc chia s. M t chia s ny c hin ra trong danh sch chia s hay khng. Li m t v chia s ny. Cc user truy cp c quyn ghi hay khng Ch chia s dng read-only (ty chn ny thng i km ty chn writable).
Sau khi cu hnh xong smb.conf, ta c th kim tra tp tin ny bng lnh testparm xem c bt k sai st no khng. Nu cu hnh ng, s xut hin thng bo sau:
[root@server ~]# testparm Load smb config files from /etc/samba/smb.conf Processing section "[homes]" Processing section "[printers]" Processing section "[netlogon]" Processing section "[profiles]" Processing section "[user]" Loaded services file OK. Server role: ROLE_DOMAIN_PDC Press enter to see a dump of your service definitions
Nh thng bo trn, server hin thi ng vai tr nh mt Domain PDC.
Trang 122
GVHD: Ths.L Quc Tun

8.3.7 Thm user vo Samba Nh ni trn, ty chn m ha mt khu c thit lp mc nh trn Samba. Tnh nng ny yu cu Samba lu mt khu ca mi user Windows. V c bn, khng th s dng mt khu c lu ti /etc/passwd chng thc user Windows. V th Samba cung cp mt cng c c bit dng cho vic ny, l smbpasswd. u tin, to ti khon user1 thuc nhm user:
[root@server ~]# useradd -c "Nguoi dung 1" g user user1 [root@server ~]# passwd user1 Changing password for user user1. New UNIX password: BAD PASSWORD: it is too short Retype new UNIX password: passwd: all authentication tokens updated successfully.
Tip theo, thm user1 tham gia vo Samba bng lnh smbpasswd. C php:
smbpasswd [ty chn] username
Trong , c 3 ty chn chnh: -a -d -x thm hoc chnh sa user. kha tm thi user. xa user khi Samba.
[root@server ~]# smbpasswd -a user1 New SMB password: Retype new SMB password: Added user user1. [root@server ~]#
Tip theo, khi ng dch v Samba:

[root@server ~]# service smb start Starting SMB services: Starting NMB services: [root@server ~]# chkconfig --level 35 smb on [ [ OK OK ] ]
Trang 123
GVHD: Ths.L Quc Tun

Nh vy chng ta hon tt vic cu hnh mt Samba server ng vai tr nh mt PDC cho php chia s ti nguyn gia Linux v Windows.
8.4 Truy cp ti nguyn chia s

u tin, ta cn ci t chia s trn Windows: Truy cp vo My Network Places, click chn Set up a home or small office network
Hnh 28. Network Setup Wizard.
Trang 124
GVHD: Ths.L Quc Tun
Hnh 29. Chn Workgroup.
Hnh 30. Bt chc nng chia s.
Sau ta s thy th mc chia s ca Linux:
Trang 125
GVHD: Ths.L Quc Tun
Hnh 31. Ti nguyn Linux trn Windows
K t y, chng ta d dng truy cp ti nguyn bng cch t hp thoi Run, g: \\tn my\ti nguyn. V d:
\\server2\user
S dng lnh net view t command line xem cc ti nguyn chia s.
Hnh 32. Net view
Trang 126
GVHD: Ths.L Quc Tun

Ngoi ra, ta cn c th truy cp ti nguyn ca my ch Samba hoc ti nguyn chia s Windows trn cc host Linux. thc hin c iu ny, chng ta cn n lnh smbclient. Smbclient ging nh truy cp ti nguyn bng ftp; bng cch ny t my Linux ta c th s dng ti nguyn m khng cn n giao din ha. C php:
Smbclient [ty chn] //tn my/ti nguyn U username
V d: Truy cp ti nguyn chia s ca Windows XP

[root@server ~]# smbclient //172.16.1.10/share_win -U u1 Password: Domain=[HOMEXP] OS=[Windows 5.1] Server=[Windows 2000 LAN Manager] smb: \> ls . .. USBBoot.tib D D A 0 0 728064 Wed Sep Wed Sep 1 16:18:20 2010 1 16:18:20 2010
Fri Apr 30 12:38:41 2010
45683 blocks of size 32768. 45350 blocks available smb: \>
Truy cp ti nguyn ca Samba server:

[root@server3 ~]# smbclient //server2.cn06.com/user -U user1 Password: Domain=[CN06.COM] OS=[Unix] Server=[Samba 3.0.33-3.28.el5] smb: \>
Ty chn -L cho php chng ta thy danh sch cc ti nguyn c chia s trn network. Ty chn U ch r user no s truy cp dch v. d dng truy cp ti nguyn ca Windows hn, chng ta c th mount vo th mc no trn Linux:
[root@server ~]# mount -t cifs //172.16.1.10/share_win /home/admin/Desktop/win -o username=user1,password=user1 [root@server ~]# cd /home/admin/Desktop/
Trang 127
GVHD: Ths.L Quc Tun

[root@server Desktop]# ls win USBBoot.tib
Cc ty chn smbclient: Ty chn ? hoc help ! cd M t Hin th thng bo tr gip tng ng vi lnh, hoc trong trng hp khng c lnh th cho thng bo tr gip tng qut. Thc thi lnh shell hoc a user v du nhc shell. Chuyn v th mc trn server. Nu th mc khng c xc nh, smbclient s bo th mc hin hnh. Chuyn v th mc trn my ti ch. Nu th mc khng c xc nh, smbclient s bo th mc hin hnh trn my ti ch. Nhng tp c khai bo s b xo khi server, nu user del c quyn thc hin thao tc ny. C th dng k t wildcard. Lit k cc tp c chn. C th dng lnh ls c danh sch cc tp. Thot khi chng trnh smbclient. Truy cp tp t xa v sao lu vo server ti ch. Nu c tn ti ch, tp s c sao lu vi chnh tn ti ch, thay v sao lu vi tn trn server t xa. Sao chp mi tp c xc nh vo my ti ch. To th mc trn my t xa. Xo th mc trn my t xa. Sao chp tp t my ti ch vo server. Sao chp mi tp t my ti ch vo server. In tp trn my t xa. Lit k mi cng vic in n ang xp hng ch trn server t xa.
lcd
dir hoc ls exit hoc quit get mget md hoc mkdir rd hoc rmdir put mput print queue
Lu : Do Samba s dng 3 cng 137, 139 v 445 cho vic chia s nn chng ta cn to rule cho php m cc cng ny:
Trang 128
GVHD: Ths.L Quc Tun

#iptables I Firewall-eth0-INPUT rule number -p udp m state --state NEW m udp --dport 137:138 j ACCEPT #iptables I Firewall-eth0-INPUT rule number -p tcp m state --state NEW m tcp --dport 139 j ACCEPT #iptables I Firewall-eth0-INPUT rule number -p tcp m state state m tcp NEW --dport 445 j ACCEPT
Trang 129
GVHD: Ths.L Quc Tun
Chng 9: Network File System (NFS)

9.1 Gii thiu cc dch v tp tin mng (Network File Services)
Vic chia s file qua mng c v nh l mt cng vic n gin, nhng trn thc t n cha rt nhiu vn phc tp. Trc y, vic chia s bng NFS hay CIFS lun xy ra nhng vn v bo mt, bug hay thm ch l v (crash) server dn n nhng thit hi khng ng c. Theo thi gian, nhng vn ny dn dn c gii quyt; cc nh qun tr c th yn tm khi s dng cc dch v ny m khng cn lo lng nhiu n bug hay crash server,na. Khi thit k mt h thng chia s chng ta cn quan tm n vic h thng s theo di nhng file c chia s ny nh th no, cc file c client m ra c qun l ra sao. Nhng thng tin lin quan n iu ny c gi l state. Mt server khng ghi li trng thi ca file cng nh client gi l stateless, ngc li l stateful. Stateful server theo di mi ng tnh ca file v client. Chnh v th n lm phi chia vic chia s ti nguyn ra nhiu lp (layers) phc tp khin cho vic phc hi khi c v rt kh khn. Sau khi b gin on kt ni v l do no , server v client cn thc hin cng vic ti kt ni xc nhn trng thi tt cui cng (trc khi kt ni gin on). Stateless server cho php client c nhiu quyn hn trn file hn. Trn mt staeless server, mi yu cu kt ni u c lp vi nhng yu cu trc . Nhc im ln nht ca thit k ny, l khi server b li hay cn reboot n khng h lu li bt k trng thi kt ni no. Server khng th bit client m file no, chnh sa ra sao. NFS cng l mt dch v chia s cho php tit kim ti nguyn khng gian a,gip cc cng ty gim thiu chi ph h tng. nhng phin bn trc y, NFS cng tn ti nhng vn c hu trn. n phin bn mi nht, NFS c thit k li c th hot ng trn nhiu nn tng,
Trang 130
GVHD: Ths.L Quc Tun

hiu qu cao v t xy ra li. NFS cn bao gm c nhng cng c chn on bug cng nh vn v hiu sut. 9.1.1 Cc phin bn Phin bn public u tin ca NFS ra i l phin bn 2 nm 1989 bi Sun Microsystem. n 1990, phin bn 3 ra i vi mt s ci tin t phin bn 2 gip NFS hot ng hiu qu hn, nhanh hn. Phin bn 4 ra i hu nh c i tu li hon ton bao gm nhiu tnh nng mi cng nh cc fix t phin bn 3. Nhng tnh nng c nng cao chnh nh: Tng thch v hot ng tt vi firewall cng nh cc thit b NAT Tch hp tnh nng lock v mout vo nhn NFS. Bo mt mnh. Hot ng dng stateful. H tr to bn sao v di tr. H tr c client UNIX ln Windows. Access-list. H tr Unicode. 9.1.2 Cc giao thc vn chuyn Ban u, phin bn 2 s dng giao thc UDP truyn file. n nhng nm 90, mng internet bt u c s thay i ln, UDP khng cn l s la chn tt nht na, phin bn 3 bt u h tr c UDP ln TCP. Cho n bn 4 th ch h tr TCP, n cho php NFS giao tip tt vi Router v qua mng internet. V nh chng em cp trn, bn 4 c bit n nh mt stateful protocol. 9.1.3 Cc thnh phn NFS Phin bn 2 v 3 ca giao thc NFS tin tuonwgr vo cc RPC trong vic qun l kt ni gia client v server. RPC c qun l bng dch v portmap. Tuy nhin n phin bn 4, dch v ny khng c cung cp na. Hu ht cc bn phn phi Linux u h tr NFS ngha l u tch hp sn dch v ny vo kernel. Di y l nhng process phc v cho NFS: SVTH: V Cng Dun Nguyn Anh Tun Trang 131
GVHD: Ths.L Quc Tun

rpc.statd chu trch nhim gi thng bo cho client bt k khi no server NFS reboot. N cn cung cp thng tin trangjthais ca server cho rpc.lockd khi c yu cu.Thnh phn ny khng cn c h tr trn NFSv4. rpc.lockd rpc.statd s dng daemon ny qun l cc lock khi h thng c li. N cng cho php NFS client kha cc file trn server. N cng khng c s dng trn NFSv4. rpc.rquotad rpc.nfsd rpc.idmapd cung cp cng mt hn ngch cho cc client khi nhng client ny lm vic vi ti liu cc b ch khng phi qua NFS. thnh phn chnh ca NFS. y chnh l daemon ca NFS server. cung cp chc nng chuyn User ID v Group ID sang tn v ngc li.
9.2 Cu hnh server NFS

Nh cp, hu ht cc bn phn phi Linux u tch hp sn NFS. Do c th s dng dch v nfs cng nh cc thnh phn khc m khng cn ci t cc gi h tr no. C hai bc cn thit thit lp server NFS. u tin, cn cu hnh file /etc/exports y l file cu hnh chnh ca NFS ch cho h thng bit ti nguyn no c chia s, v vi quyn hn nh th no. N c to ra khi gi NFS c ci t, ban u tp tin ny n thun ch l file text trng rng. Bc th hai l khi ng cc process NFS c file /etc/exports. C php cho mi entry file exports:
/directory client (permissions) client (permissions)
Trong : /directory client Th mc mun chia s trn server cho cc client. a ch ca client. a ch ny c th c dng a ch IP, v d 172.16.1.3 hoc mt mng, v d 172.16.1.0/24, hoc tn nu c DNS server phn gii, v d *.cn06.com. permissions Quyn hn ca mi client trn mi th mc c chia s. Trang 132
GVHD: Ths.L Quc Tun
Permission secure (nosecure) ro rw noaccess
ngha Yu cu client kt ni bng port nh hn 1024. Nosecure th ngc li. Ch cho php c. Cho php c/ghi. Ngn client truy cp vo th mc v cc th mc con. Ngn ti khon root trn client c quyn superuser (root) trn cc volume NFS c mount trn my. Ngc li vi ty chn no_root_squash.
root_squash (no_root_squash)
all_squash (no_all_squash)
Gn tt c cc user id v group id thnh ngi dng v danh (anonymous). Sync ch r server ch hi p cc yu cu ghi sau khi cc yu cu c ghi vo a
sync (async)
(disk). Ngc li, async cho php server hi p cc yu cu ghi trc khi d liu thc s c ghi vo a.
V d:
[root@server ~]# vi /etc/exports /export/ /export/oracle 172.16.1.0/24(rw,hide,sync) *.cn06.com(ro,async)
Sau khi cu hnh file exports chng ta cn bo cho server cp nht li file cu hnh ny. thc hin vic ny, ta s dng lnh exportfs. Cc ty chn i cng lnh exportfs: -a -r -u client1:/dir xut (export) mi entry c trong file exports. cp nht li thng tin c trong file exports. thu hi th mc /dir c mount trn client 1 Trang 133
GVHD: Ths.L Quc Tun

-o options cc ty chn i cng o ging nh phn permission. Nhng nhng ty chn ny ch p dng cho th mc c ch r trong lnh exportfs m thi. -v V d: xut th mc /export/oracle cho client 1 c a ch 172.16.1.3 vi quyn c/ghi v khng cho s dng ti khon root:
[root@server ~]#exportfs o rw, no_root_squash 172.16.1.3: /export/oracle
hin thng tin chi tit hn.
Nhng cp nht ny s c hiu qu ngay lp tc trn client. Ngoi ra, ta c th cp nht bng cch khi ng li dch v NFS:
[root@server ~]# service nfs restart Shutting down NFS mountd: Shutting down NFS daemon: Shutting down NFS quotas: Shutting down NFS services: Starting NFS services: Starting NFS quotas: Starting NFS daemon: Starting NFS mountd: [ [ [ [ [ [ [ [ OK OK OK OK OK OK OK OK ] ] ] ] ] ] ] ]
9.3 Cu hnh trn client

Vic cu hnh trn client kh n gin. Tuy nhin n c 1 nhc im so vi Samba l trn client yu cu bt buc phi ci gi h tr NFS. kim tra, dng lnh:
[root@server ~]# rpm -qa | grep nfs nfs-utils-lib-1.0.8-7.6.el5 system-config-nfs-1.3.23-1.el5 nfs-utils-1.0.9-44.el5
Do chng ta cu hnh nhng th mc c chia s trn server nn trn client, ch cn dng lnh mount mount th mc m ta mun ln h thng ca mnh.
Trang 134
GVHD: Ths.L Quc Tun

Lnh mount c mt vi ty chn, tuy nhin ta ch quan tm n ty chn quan trng nht i vi NFS l o: C php:
[root@server ~]# mount o ty chn tn_server:/th_mc_server th_mc_client
Cc ty chn cho o: hard soft retrans = n nfsvers = n y l ty chn ngm nh. Nu mt file b timeout, client s lun c th mout li. nu mt file b timeout, client cng s c th kt ni li, nhng sau 1 khon thi gian khng hiu qu, n s hy kt ni ny. gi tr n ch r s ln c kt ni li ca ty chn soft. cho php s dng NFS phin bn no trong kt ni. D mc nh l version 4, tuy nhin kernel hin ti vn h tr version 2 v 3. sec = gi tr thit lp ch bo mt cho mount: sys: s dng UID v GID chng thc (mc nh). krb5: s dng Kerberos V5 thay v dng UID v GID. kbr5i: dng Kerberos V5 chng thc v kim tra ton vn nhm ngn chn vic thay i tri php tp tin. kbr5p: dng Kerberos V5 chng thc, kim tra ton vn v m ha lung d liu NFS. V d: mout th mc /export/oracle trn server vo th mc /apps ca client vi cc ty chn ch c v mount soft:
[root@server ~]# mount o ro,soft,retrans=20 server2: /export/oracle /apps
Mun khng mount th mc ca server trn client, ta dng lnh umount:

[root@server ~]#umount /apps
Ngoi ra, nu vic truy cp h thng file trn server mt cch thng xuyn, chng ta c th cu hnh file fstab mount nhng th mc cn thit mt cch lu di.
Trang 135
GVHD: Ths.L Quc Tun

fstab l mt file cu hnh cha danh sch tt c cc h thng file c mount trn h thng cc b. Trong qu trnh boot ca my, danh sch ny s c gi ln, nhng entry c trong file ny s c mount mt cch t ng cng cc ty chn i km. Di y l nh dng mt dng ca file /etc/fstab:
Name Mount point Type Mount options Dump Fsck
Name Mount point Type Mount options Dump Fsck
Tn, nhn ca thit b hoc th mc c mount. Th mc m thit b c mount vo. Kiu mount ca h thng. V d: ext2, ext3, NFS, Cc ty chn ging phn permission. V d: ro, rw, Ty chn cho tin ch backup (0:no, 1: yes). Th t h thng phn cp khi cn kim tra tnh ton vn ca h thng. Root (/) thng l 1. H thng file c mount ngay di root (/) v d /etc thng l 2. Nhng h thng khc thng l 3.
V d mt file fstab:
LABEL=/ LABEL=/home LABEL=/boot tmpfs devpts sysfs proc LABEL=SWAP-sda5 / /home /boot /dev/shm /dev/pts /sys /proc swap ext3 ext3 ext3 tmpfs devpts sysfs proc swap defaults defaults defaults defaults gid=5,mode=620 defaults defaults defaults 1 1 1 2 1 2 0 0 0 0 0 0 0 0 0 0
V d ta mun h thng s mount th mc /export/oracle mc nh mi khi khi ng h thng vo th mc /apps. Thm dng sau vo tp tin fstab:
Apps /apps nfs ro,sync 0 0
Trang 136
GVHD: Ths.L Quc Tun 9.4 Mt vi lnh hu dng
9.4.1 Service nfs status Kim tra trng thi dch v NFS:
[root@server ~]# service nfs status rpc.mountd (pid 3838) is running... nfsd (pid 3835 3834 3833 3832 3831 3830 3829 3828) is running... rpc.rquotad (pid 3823) is running...
9.4.2 Showmount option host Cho bit thng tin trng thi NFS, hin th danh sch h thng th mc c th mount vo h thng cc b. Nu khng c ty chn no i km, lnh showmount s hin th nhng server chia s th mc dng chung:
[root@server ~]# showmount server2 Hosts on server2: 172.16.1.3
-a -e -v -d V d:
hin th cc th mc c cho php truy cp trn server. hin th cc danh sch th mc c xut khu (export). hin th phin bn ca chng trnh. ch hin th danh sch cc th mc c mount bi mt vi client.
[root@server ~]# showmount -v localhost showmount for 1.0.9 [root@server ~]# showmount -e localhost Export list for localhost: /export/oracle *.cn06.com /export 172.16.1.0/24
[root@server ~]# showmount -e server2 Export list for server2: /export/oracle *.cn06.com /export 172.16.1.0/24
Trang 137
GVHD: Ths.L Quc Tun

1. Mount t nfs Hin th danh sch cc th mc c mount trn client. V d: Danh sch cc th mc c mount trn server3.
[root@server3 ~]# mount -t nfs server2:/export on /apps type nfs (rw,addr=172.16.1.2)
9.5 Kt lun
NFS server cho php chia s nhng th mc c la chn cho client trong h thng cc my Linux. iu ny cho php lu tr tp trung, gim dung lng lu tr nhm gim chi ph phn cng cho h thng mng. Mc d c mt nhc im l yu cu dch v NFS phi c ci t trn c server ln client, nhng vic cu hnh v chia s bng NFS rt d dng v nhanh chng.
Trang 138
GVHD: Ths.L Quc Tun
Chng 10: Network Information System (NIS)

10.1 Gii thiu
Network Information System (NIS) c Sun pht hnh vo nhng nm 80 ca th k trc vi ci tn Yellow Pages. Tuy nhin tn ny trng vi tn c ng k bn quyn, v th sau ny c i thnh Network Information System hay NIS. Mc d vy, cc dch v ca NIS u l tn vit tt ca ci tn ban u, v d ypserv, ypbind, ypcat, NIS c s dng rng ri trong cc phin bn UNIX cng nh Linux. N cho php to cc ti khon ngi dng trn server, cc NIS client sau ch cn s dng cc ti khon ny truy cp vo cc ti nguyn khc trong mng bng cch truy cp vo NIS server v ti nhng ti khon ny v. u im ca dch v ny l ngi dng khng nht thit phi c mt ti khon ca my cn kt ni ti trn my ca mnh chng thc. Thay vo , n s s dng ti khon c sn trn NIS server. Nhng n cng li nhc im, l NIS server khng m ha username v password c gi cho NIS client. Ngoi ra, mi user u c th truy cp vo nhng file c m ha trn NIS server ly thng tin, v d file passwd, group, shadow,
10.2 NIS lm vic nh th no?

phn ny, chng em xin trnh by vi iu cn bit v mt h thng NIS trc khi ci t v s dng NIS. NIS domain Mt min NIS bao gm tp hp nhng file d liu. M ch c nhng client trong domain ny mi c s dng nhng d liu ny. Master/Slave serverMi NIS domain cn mt server chnh qun l cc file d liu dng chung cho cc client. Server ny c gi l master, slave n thun l mt server d phng trong trng hp master khng may xy ra vn . Mt NIS domain c th c nhiu NIS server, nhng ch c c duy nht mt master.
Trang 139
GVHD: Ths.L Quc Tun

Nsswitch.conf Mt file h thng Linux - n ch ra th t truy vn cho mt dch v c th. V d: Hosts files dns v d trn, khi host cn truy vn tn hay a ch ca mt my no , u tin n s truy vn chnh n (files). Nu khng c n mi s dng dch v DNS truy vn tn. Source files NIS s dng thng tin nh username, password, group, IP address t nhng file nh /etc/passwd, /etc/shadow, /etc/group, lm c s d liu cho mnh. Nhng file trn c gi l file ngun. NIS maps c th s dng nhng file ngun, NIS cn chuyn i nhng file ny thnh nhng file c nh dng dbm gi l maps. Nhng maps ny c lu trong th mc /var/yp/tn_min_nis. Map nicknames Tn gi tt cho mi maps, do tn mi map thng kh nh. Ci ny gn ging CNAME trong DNS. V d: $ cat /var/yp/nicknames passwd group networks hosts protocols services aliases ethers passwd.byname group.byname networks.byaddr hosts.byname protocols.bynumber services.byname mail.aliases ethers.byname
Phn tip theo, chng em s trnh by vic ci t mt NIS server v client.
10.3 Thit lp NIS server

10.3.1 Cu hnh NIS server Gi ci t:
Trang 140
GVHD: Ths.L Quc Tun

ypserv yp-tools Sau khi ci t xong nhng gi trn, NIS s to ra th mc /var/yp v file cu hnh /etc/ypserv.conf (nu trn client, NIS s to ra file cu hnh l /etc/yp.conf). Mi file c s d liu ca NIS server s nm trong th mc /var/yp ny. Vic u tin ta cn lm trn NIS server l to ra mt NIS domain bng cch thm dng sau vo file /etc/sysconfig/network:
NISDOMAIN=tn_domain_nis
V d:
NISDOMAIN=nis.cn06.com
Tip theo, chng ta s cu hnh file /etc/ypserv.conf. N ch c mt vi ty chn chnh sau: Files xfer_check_port Ch r s file maps ln nht m server s qun l. Mc nh l 30. YES: yu cu master server chy NIS trn mt cng c quyn (privileged port nh hn 1024). NO: master server c th chy NIS trn bt k port no. host:domain:map:security L quy tc truy cp ch r quyn hn ca host hay domain khi truy cp vo cc maps trn NIS server. Vi host l a ch IP, domain l tn domain NIS m cc lut ny s p dng, map l tn map s c p dng lut, security gm: none (lun cho php truy cp), port (cho php truy cp t nhng port c quyn), deny (khng cho php truy cp vo map ). V d:
[root@server ~]# vi /etc/ypserv.conf 36 # Not everybody should see the shadow passwords, not secure, since 37 # under MSDOG everbody is root and can access ports < 1024 !!! 38 * 39 * : * : * : shadow.byname : port
: passwd.adjunct.byname : port
Trang 141
GVHD: Ths.L Quc Tun

ngha ca nhng dng trn l: cho php tt c cc host trn mi NIS domain c php truy cp vo 2 map shadow.byname v passwd.adjunct.byname bng cc port nh hn 1024. Nh cp phn trn, t cc source file, NIS cn chuyn i nhng file ny thnh cc map. V lm c iu ny, NIS cn n mt cng c, l lnh make. Lnh ny c iu khin bi file /var/yp/Makefile, file ny c gi bi lnh make. Chng ta c th chnh sa file ny thit lp cc ty chn v ch r nhng map no c th to ra. Sau y l mt vi ty chn chnh trong file ny: NOPUSH khng cho php cc slave server (nu c) copy cc maps trn master server. MINUID, MINGID ch r s UID v GID ti thiu s c nhp vo NIS map. Trn h thng RedHat-based, cc user hay group c ID <500 l ca h thng. nng cao bo mt, NIS khng phn phi nhng user/group ny vo file map. Mc nh, MINUID=500, MINGID=500. NFSNOBODYUID, NFSNOBODYGID Ch r UID v GID cho username c tn nfsnobody. Mc nh UID=GID=65534, NIS s khng cho php user ny truy cp vo cc map. Thit lp 0 cho php. all:
all: printcap \
ty chn ny s ch cho make bit n s to nhng map no cho NIS. V d sau l mc nh ca NIS:
passwd group hosts rpc services netid protocols mail \ # netgrp shadow publickey networks ethers bootparams
# amd.home auto.master auto.home auto.local passwd.adjunct \ # timezone locale netmasks
Nh vy, make c th to ra cc map c nickname l passwd, group, hosts, rpc, services, netid, protocols v mail.
Trang 142
GVHD: Ths.L Quc Tun

Ngoi ra, ta c th tng tnh bo mt cho NIS server bng cch to thm file /var/yp/securenets. File ny s ngn nhng yu cu RPC t nhng my khng c y quyn. Mc nh, NIS server tip nhn tt c cc yu cu t h thng bn ngoi; iu ny l rt nguy him do NIS server c th cung cp username v password m khng quan tm ngi yu cu l ai. File securenets ny c nh dng:
Subnet mask IP address
NIS server s ch chp nhn nhng yu cu t nhng a ch IP c trong file securenets ny v b qua nhng yu cu khc. C mt lu l bt buc phi thm chnh a ch ca NIS server (localhost hay 127.0.0.1) vo. V d:
# you must accept requests from localhost 255.255.255.255 127.0.0.1
# accept requests from IP addresses 172.16.1.1 172.16.1.62 255.255.255.192 172.16.1.0
# accept requests from IP addresses starting with 192.168.1 255.255.255.0 192.168.1.0
10.3.2 Khi ng NIS server Bt NIS khi ng cng h thng:

[root@server ~]# chkconfig ypserv on
Khi ng NIS:
[root@server ~]# service ypserv start Starting YP server services: [ OK ]
Khi khi ng NIS server, ta cn ch n mt vi ty chn sau: ypxfrd ypxfrd l mt daeamon cho php slave server c php sao chp ton b d liu ca master server. Khi c mt map mi, hay c s thay i trong map, NIS server s dng daemon ny bo cho slave bit cp nht. Ypxfrd l deamon ch chy trn server. ypxfr ypxfr l deamon chy trn slave server. N c nhim v giao tip vi master server chp d liu t master server v. SVTH: V Cng Dun Nguyn Anh Tun Trang 143
GVHD: Ths.L Quc Tun

ypinit l mt lnh c s dng trn master server. N s thu thp thng tin v cc file passwd, shadow, group, hosts, services, xy dng c s d liu cho NIS. Trn slave server, lnh ny s sao chp d liu t master server v. Khi chy lnh ny, cn ch r a ch tuyt i ca n /usr/lib/yp/ypinit. Ty chn m c dng trn master server to ra cc th mc con trong /var/yp, mi th mc ny tng ng vi mt NIS domain. Ty chn s master trn slave server ly d liu t master server. V d:
[root@server ~]# /usr/lib/yp/ypinit -m At this point, we have to construct a list of the hosts which will run NIS servers. server is in the list of NIS server hosts. Please continue to add the names for the other hosts, one per line. When you are done with the list, type a <control D>. next host to add: next host to add: next host to add: The current list of NIS servers looks like this: server server3 Is this correct? [y/n: y] y server server3
We need a few minutes to build the databases... Building /var/yp/nis.cn06.com/ypservers... gethostbyname(): Success Running /var/yp/Makefile... gmake[1]: Entering directory `/var/yp/nis.cn06.com' Updating passwd.byname... Updating passwd.byuid... Updating group.byname... Updating group.bygid... Updating hosts.byname...
Trang 144
GVHD: Ths.L Quc Tun

Updating hosts.byaddr... Updating rpc.byname... Updating rpc.bynumber... gmake[1]: Leaving directory '/var/yp/mgs' localhost has been set up as a NIS master server. Now you can run ypinit -s localhost on all slave server.
Khi lnh ny c gi, n s yu cu xc nh nhng server no s ng vai tr l NIS server. Lu : lnh ny s gi lnh make cp phn trn.
10.4 Thit lp NIS client

Sau khi thit lp thnh cng my ch NIS, c th ly cc thng tin trn my ch ny, client cng thit lp cc ty chn kt ni ti NIS server. Cc gi ci t cn thit: yptools yp-bind Cc bc sau y s thit lp v khi ng mt NIS client. u tin, chng ta cn ch r NIS domain m client mun tham gia bng cch thm domain vo file /etc/sysconfig/network
NISDOMAIN=cn06.com
Tip theo, cn ch cho client bit nhng host no ng vai tr l NIS server. Nh cp trn, file /etc/yp.conf chu trch nhim cho vic ny trn client. C php:
domain nisdomain server server_name hoc: domain nisdomain broadcast (do not use) hoc: ypserver server_name
Khi ng dch v trn client:

[root@server ~]# service ypbind start Starting YP bind services: [ OK ]
Trang 145
GVHD: Ths.L Quc Tun

n y, vic thit lp mt h thng NIS gn nh hon thnh. Trc khi client c th s dng thnh cng cc thng tin c trn server truy xut mng, chng ta c vi cng c thay i thng tin ca user trn server (yppasswd, yppasswdd), cng nh kim tra tnh ng n ca dch v (ypwhich, rpcinfo,
Trang 146
GVHD: Ths.L Quc Tun
Chng 11: File Transfer Protocol (FTP)

Gii thiu
File Transfer Protocol (FTP) xut hin t rt sm, vo khong nm 1971, n thng c dng trao i tp tin qua mng dng giao thc TCP/IP. Giao thc ny thuc m hnh Client/Server, my ch FTP - dng phn mm cung cp dch v FTP - lng nghe yu cu ca cc client. Client dng phn mm FTP dnh cho ngi s dng dch v kt ni ti my ch. Mt khi hai my lin kt vi nhau, client c th x l mt s thao tc v tp tin, nh ti tp tin ln server, ti tp tin t server v my ca mnh, i tn ca tp tin, hoc xa tp tin my ch, C mt iu ng lu l giao thc ny rt t thay i k t khi n ra i. phn ny, chng em s s dng gi vsftpd (Very Secure FTP Daemon) thit lp mt FTP server. FTP server dng hai port TCP l 20 v 21. Port 21 c gi l control port dng qun l cc yu cu kt ni t client, port 20 c gi l data port dng trao i d liu gia client v server. FTP c th hot ng hai ch : active v passive. Active FTP ch ny, client dng 1 cng ngu nhin (cng N>1024) kt ni vo cng 21 ca FTP server. Sau , client lng nghe trn cng N+1 v gi lnh n FTP serrver v t cng d liu ca m nh, FTP server kt ni li vi cng d liu ca my khch khai bo trc . Khi FTP server hot ng ch ch ng, client khng to kt ni tht s vo cng d liu ca FTP server, m ch n gin l thng bo cho FTP server bit rng n ang lng nghe trn cng no v server phi kt ni ngc vo cng .
Trang 147
GVHD: Ths.L Quc Tun
Hnh 33. Active FTP.
Bc 1: Client khi to kt ni vo cng 21 ca server v gi lnh PORT 1742. Bc 2: server gi xc nhn ACK v cng lnh ca client. Bc 3: server khi to kt ni t cng 20 ca mnh n cng d liu m client khai bo trc .
Bc 4: client gi ACK phn hi cho server.
Passive FTP ch th ng, FTP client to kt ni n server, trnh vn firewall lc kt ni n cng ca my bn trong t server. Khi kt ni FTP c m, client s m 2 cng dnh ring (>1024), cng th nht dng lin lc vi cng 21 ca FTP server, nhng thay v gi lnh PORT v sau l server kt ni ngc tr li , th lnh PASS c pht ra. Kt qu l server s m mt cng bt k (>1024) v gi lnh PORT ngc tr li cho client . Sau client t kt ni t cng th hai vo cng P trn server truyn d liu. SVTH: V Cng Dun Nguyn Anh Tun Trang 148
GVHD: Ths.L Quc Tun
Hnh 34. Passive FTP.
Bc 1: client gi yu cu. Bc 2: server tr li bng lnh PORT 2223, cho client bit cng 2223 ang c m nhn kt ni d liu. Bc 3: client to kt ni truyn d liu t cng d liu ca n n cng d liu 2223 ca server. Bc 4: server tr li bng xc nhn ACK v cho cng d liu ca client. Lu : i vi FTP th ng, cng m lnh PORT m t chnh l cng s c m trn server. Cn i vi FTP ch ng cng ny s c m client.
Trang 149
GVHD: Ths.L Quc Tun Thit lp FTP server

Ci t VSFTPD Gi vsftpd l phn mm FTP dnh cho server c i km vi hu ht cc bn Linux. Trc tin, kim tra xem h thng ci t gi cha:
[root@server3 ~]# rpm -qa vsftpd vsftpd-2.0.5-16.el5_5.1 [root@server3 ~]#
Nu nh cha, ta c th ci t n t gi h tr i km h iu hnh:
[root@server3 ~]# rpm -ivh /mnt/CentOS/vsftpd-2.0.516.el5_4.1.i386.rpm Preparing... ########################################### [100%]
Cu hnh vsftpd Tp tin cu hnh chnh cho FTP server l /etc/vsftpd/vsftpd.conf. Ngoi ra, n cn mt vi tp tin quan trng khc nh: /usr/sbin/vsftpd /etc/vsftpd/vsftpd.conf /etc/vsftpd/ftpusers File thc thi v cng chnh l deamon. Chc nhng ty chn cu hnh cho FTP server. Cha danh sch nhng user khng c php ng nhp vo server. /etc/vsftpd/user_list c s dng cho php hay t chi truy cp n danh sch user. N ph thuc vo gi tr ca userlist_deny trong file vsftpd.conf. /var/ftp /var/ftp/pub Th mc lm vic ca FTP. Th mc cha nhng file ca nhng user nc danh (anonymous). Cc ty chn trong file vsftpd.conf c th phn chia theo chc nng ca chng. V d:
Trang 150
GVHD: Ths.L Quc Tun

Daemon Socket Security File-transfer Directory Logging Lu :
Cc gi tr ca ty chn c th l dng Boolean (Yes/No), s (numeric) hay chui (string). V d: <tn option>=YES/NO Vd: no_log_lock =NO Dng 2: NUMERIC OPTION <tn option>=<gi tr> Vd: accept_timeout = 60 Dng 3: STRING OPTION <tn option>=<chui> Vd: banner_email_file=/etc/banner
Nhng ty chn iu khin vsftpd deamon. Cc ty chn lin quan n port v mng. Nhng ty chn quyt nh quyn truy cp n server. Ty chn lin quan n vic truyn ti d liu. Lin quan n cc th mc do FTP server qun l. Lin quan n file log ca chng trnh.
C th: listen Khi chn yes, vsftpd s chy ch stan-alone. Tc l n s t qun l d liu m khng nm di s qun l ca vsftpd. Listen_address Anon_max_rate Listen_port Ch r a ch IP m vsftpd s lng nghe kt ni. Tc truyn ti ti a (bps) cho ngi dng nc danh. Port vsftpd lng nghe kt ni. Mc nh l 21.
Trang 151
GVHD: Ths.L Quc Tun

Pasv_enable Port_enable Anonymous_enable Local_enable Cho php s dng ch passsive hay khng. Mc nh l c. Cho php s dng phng php PORT hay khng. Mc nh l c. Cho php truy cp nc danh vo FTP server hay khng. Mc nh l c. C cho php ng nhp cc b hay khng. Nu bt tnh nng ny, nhng user c trong /etc/passwd c th s dng c. Mc nh l khng. Userlist_enable Userlist_deny danh sch nhng user c trong user_list s b cm truy cp vo server. Ty chn ny s c s dng nu userlist_enable c bt. Khi gi tr ca n l NO th user s b t chi truy cp, tr khi user ny c trong userlist_file (nu c n s hi mt khu truy cp). Userlist_file Ch r tn ca file s c np khi ty chn userlist_enable l YES. Gi tr mc nh l /etc/vsftpd/user_list. Download_enable Write_enable C cho php ti d liu t server v hay khng. C cho php thay i h thng file bng lnh hay khng (gm STOR, DELE, RNFR, RNTO, MKD, RMD, APPE, SITE). Mc nh l khng. Chown_uploads Cho php hoc khng c thay i quyn s hu sang user c ghi trong chown_username cc file c upload nc danh. Mc nh l khng. Chown_username Chroot_local_user Vsftpd_log_file Tn user s hu cc file c upload nc danh. Mc nh l root. Ch cho php user truy cp vo home directory ca mnh. File log ca FTP. Mc nh l /var/log/vsftpd.log.
Trang 152
GVHD: Ths.L Quc Tun

Xferlog_enable Nu c kch hot, FTP s lu log ca ton b file c vn chuyn.
Trang 153
GVHD: Ths.L Quc Tun

Max_client Connect_timeout Quy nh s kt ni ti a ca Client vo Server. Mc nh l 0 (khng gii hn). Quy nh thi gian timeout cho 1 connection (n v giy). Mc nh 60. Data_connection_timeout Quy nh thi gian ti a thc hin vic truyn d liu, qu thi gian ny s b ct khi truyn (n v giy). Mc nh l 300. File_open_mode Umask ca file s c user upload (nu server cho php upload). Mc nh l 0666. Mt vi lnh dng trong FTP: Dng lnh help [command] cd [directory] create [filename] version dir echo get lcd [directory] lls lookup host lpwd mkdir directory name mode mode open [option] hostname Chc nng Lit k tt c cc dng lnh trong FTP Thay i th mc lm vic trn my ch FTP To mt file rng trn my t xa, bn c th s dng file ny nh mt tin nhn. Hin th version ca phn mm FTP Hin th tt c cc th mc trn FTP Hin th mt chui, s dng macros Download mt file t my ch FTP v my ang lm vic. Chuyn i th mc lm vic trn my cc b Lng nghe tt c cc flie trn th mc ca my ang lm vic. HIn th danh sch nhng my trm Hin th cc my khch ang lm vic. To mt th mc trn my FTP server Chuyn i ch (b for block mode, s for stream mode) Kt ni ti mt FTP server. Mt s option c th chn khi thc hin lnh open: -a: login bng ti khon anonymous -u: login vi mt user v password
Trang 154
GVHD: Ths.L Quc Tun

-r : kt ni t ng -d: Hin th thi gian tr hon trc khi quay s; s dng vi tham s -r -g: Hin th s max ca quay s, s dng vi tham s -r -p: s dng port khi kt ni Hin th ni dung ca mt file trn my t xa. Ging nh lnh dir Ging nh lnh ls, nhng c th xut ra mt trang. c s dng trn giao din put filename pwd rename orig-name new-name quit rhelp [command] rm filenames rmdir directories site command type type dng lnh. Uploads mt file ln FTP server Hin th th mc ang lm vic trn my t xa Thay i tn ca mt file trn my t xa. Thot khi FTP server Gi mt yu cu gip n my t xa. Xa mt file trn my t xa. Xa mt th mc. Thc hin lnh c th. Thay i kiu (ASCII, binary, image)
page filename pdir pls
Trang 155
GVHD: Ths.L Quc Tun
Chng 12: Dch v Mail

Mt trong nhng l do ph bin nht trin khai Linux l cung cp dch v nhn gi khi phc email thng qua Internet Message Access Protocol (IMAP) v Post Office Protocol (POP3). Mt mail server thng gm hai phn: Mail Transfer Agent (MTA): dng gi mail ti mt mail server khc trn Internet hoc nhn mail c gi t nhng host khc ti domain ca mnh. POP3 hoc IMAP: thng c dng bi MUA (Mail User Agent) nhn c mail trong mailbox.
12.1 Mt vi khi nim
Hnh 35. Thnh phn mt h thng mail
MTA (Mail Transfer Agent): L chng trnh chuyn th gia cc my Mail Hub. Sendmail, Postfix l mt Mail Transfer Agent (MTA) dng giao thc SMTP ng vai tr l mt SMTP Server lm nhim v nh tuyn trong vic phn th . N nhn mail t nhng Mail User Agent (MUA) v nhng MTA khc, sau chuyn mail n cc MTA trn my khc hay MTA trn my ca mnh. n khng ng vai tr l mt trm phn th n cho ngi dng, ta phi dng mt chng trnh khc nh POP, IMAP thc hin vic ny. SVTH: V Cng Dun Nguyn Anh Tun Trang 156
GVHD: Ths.L Quc Tun

MUA (Mail User Agent): cho php ngi dng gi/nhn v son tho mail. MDA (Mail Delivery Agent): cng c gip chuyn email vo mailbox. Mailbox: L mt tp tin lu tr tt c cc mail ca ngi dng. Trn h thng Unix, khi ta thm mt ti khon ngi dng vo h thng ng thi s to ra mt mailbox cho ngi dng . Thng thng, tn ca mailbox trng vi tn ng nhp ca ngi dng. Tp tin ny t trong th mc /var/spool/mail. Khi c mail gi n cho ngi dng, chng trnh x l mail ca server cc b s phn phi mail ny vo mailbox tng ng. Trong tp tin mailbox, mi mail bt u bng dng c t kho From v kt thc bng mt dng trng. Khi ngi dng ng nhp vo h thng v s dng mail client nhn mail (hoc telnet trc tip vo mailserver nhn), POP Server s vo th mc /var/spool/mail ly mail t mailbox chuyn cho ngi dng. Thng thng, sau khi client nhn mail, cc mail trong mail box s b xa. Tuy nhin, ngi dng cng c th yu cu gi li mail trn mailbox, iu ny thc hin nh vo mt ty chn ca mail client. Hng i (queue): Cc mail gi i c th c chuyn i ngay hoc cng c th c chuyn vo hng i. C nhiu nguyn nhn khin mt mail b gi li trong hng i : - Khi mail tm thi cha th chuyn i c hoc c mt s a ch trong danh sch ngi nhn cha th chuyn n c vo thi im hin ti. - Khi ty chn cu hnh phn pht mail c gi tr l True, khi tt c cc mail u b gi li cho n khi vic phn phi hon tt. - Khi gi tr DeliverMode(d) bng queue-only hoc defer th tt c cc mail u b gi li trong hng i. - Khi s lng tin trnh phn phi b tc nghn vt qu gii hn quy nh bi ty chn QueueLA(x).
Trang 157
GVHD: Ths.L Quc Tun
12.2 Gii thiu v h thng mail

Mail Gateway Mt mail gateway l my kt ni gia cc mng dng cc giao thc truyn thng khc nhau hoc kt ni cc mng khc nhau dng chung giao thc. V d mt mail gateway c th kt ni mt mng TCP/IP vi mt mng chy b giao thc Systems Network Architecture (SNA). Mail Host Mt mail host l my gi vai tr my ch mail chnh trong h thng mng. N dng nh thnh phn trung gian chuyn mail gia cc v tr khng kt ni trc tip c vi nhau. Mail host phn gii a ch ngi nhn chuyn gia cc mail server hoc chuyn n mail gateway. Mail Server Mail Server cha mailbox ca ngi dng. Mail Server nhn mail t mail client gi n v a vo hng i gi n Mail Host. Mail Server nhn mail t Mail Host gi n v a vo mailbox ca ngi dng. Ngi dng s dng NFS (Network File System) mount th mc cha mailbox trn Mail Server c. Nu NFS khng c h tr th ngi dng phi login vo Mail Server nhn th. Trong trng hp Mail Client h tr POP/IMAP v trn Mail Server cng h tr POP/IMAP th ngi dng c th c th bng POP/IMAP. Mail Client L nhng h thng m n cho tp tin mail spool ca user c c thng qua c ch mount ca NFS th mc /var/mail t mail hub, nu khng c th mc /var/mail th ta phi mount t ng th mc /var/mail trong tp tin vfstab t server. Mail v DNS DNS v mail server l 2 dch v c mi quan h mt thit vi nhau. Mail server da vo dch v DNS chuyn mail t mng bn trong ra bn ngoi v ngc li. Khi chuyn mail, Mail server tm MX record xc nh my ch no cn chuyn mail n. C php record MX:
[domain name] IN MX 0 [mail server]
Trang 158
GVHD: Ths.L Quc Tun 12.3 Nhng giao thc mail

12.3.1 Simple Mail Transfer Protocol (SMTP) SMTP l giao thc tin cy chu trch nhim phn pht mail. N chuyn mail t h thng mng ny sang h thng mng khc, chuyn mail trong h thng mng ni b. Giao thc SMTP c nh ngha trong RFC 821, SMTP l mt dch v tin cy, hng kt ni (connection-oriented) c cung cp bi giao thc TCP (Transmission Control Protocol ), n s dng s hiu cng (well-known port) 25. Mt th SMTP gm hai thnh phn l Header v ni dung. Nhng trng ph bin trong header ca SMTP:
Hnh 36. SMTP Header
V d:
From: myEmail@mydiv.redbookscorp.com To: Your Email <yourEmail@yourdiv.redbookscorp.com> cc: Your Boss <yourBoss@yourdiv.redbookscorp.com> Reply-To: myEmail@mydiv.redbookscorp.com Subject: This is a sample SMTP header
Sau y l danh sch cc tp lnh trong giao thc SMTP. Tp lnh SMTP Lnh C php Chc nng
Trang 159
GVHD: Ths.L Quc Tun
Hello From Recipient Data Reset Verify Expand
HELO <sending-host> MAIL FROM:<from-address> RCPT TO:<to-address> DATA RSET VRFY <string> EXPN <string>
Lnh nhn dinSMTP a ch ngi gi a ch ngi nhn Bt u gi thng ip Hu b thng ip Kim tra username
M rng danh sch mail Help Quit Cac ma trang thai SMTP6 Khi mt host gi mt lnh SMTP n mt host khc, host nhn tra v mt ma trang thai cho may gi bit la iu gi a xay ra. Danh sach bn di la code c nhom theo s u tin (5xx la li, 4xx li tam thi, 1xx-3xx thanh cng): 211 214 220 221 250 251 354 421 450 500
6
HELP [string] QUIT
Yu cu gip Kt thc phin giao dch SMTP
Tra li tr giup, trang thai h thng Help message Dich vu sn sang (Service ready) ong kt ni Hanh ng yu cu c chp nhn Ngi s dung khng mang cuc b Bt u nhp mail Dich vu khng sn sang Hanh ng khng chp nhn, mailbox bn Khng hiu lnh hoc li cu phap
Danh sch y c th xem ti: http://www.unixhub.com/docs/email/SMTPcodes.html
Trang 160
GVHD: Ths.L Quc Tun
501 502 503
Li cu phap tham s Lnh khng c h tr Sai th t cac lnh
Phn pht trc tip (Direct delivery) cho php SMTP phn pht E-mail m khng da vo host trung gian no. Nu nh SMTP phn pht b li th h thng cc b s thng bo cho ngi gi hay n a mail vo hng i mail phn pht sau. Bt li ca vic phn pht trc tip(direct delivery) l n yu cu hai h thng cung cp u cc thng tin iu khin mail, mt s h thng khng th iu khin mail nh PC cc h thng mobile nh laptops, nhng h thng ny thng tt my vo cui ngy hay thng xuyn khng trc tuyn(offline). iu khin nhng trng hp ny cn phi c h thng DNS c s dng chuyn thng ip ti my ch mail thay cho h thng phn pht mail trc tip. Mail sau c chuyn t server ti my trm khi my trm kt ni mng tr li(online), giao thc mng POP cho php thc hin chc nng ny. 12.3.2 Post Office Protocol (POP) C hai phin bn ca POP c s dng rng ri l POP2, POP3. POP2 c nh ngha trong RFC 937, POP3 c nh ngha trong RFC 1725. POP2 s dng 109 v POP3 s dng Port 110. POP3 l giao thc h tr c hai chc nng l gi/nhn mail (client) v lu tr, chuyn mail (server). Cc cu lnh trong hai giao thc ny khng ging nhau nhng chng cng thc hin chc nng c bn l kim tra tn ng nhp v password ca user v chuyn mail ca ngi dng t server ti h thng c mail cc b ca user. Trong khi tp lnh ca POP3 hon ton khc vi tp lnh ca POP2. Tp lnh POP3 Lnh USER username PASS password SVTH: V Cng Dun Nguyn Anh Tun Trang 161 Password ca username cn nhn mail Chc nng Cho bit thng tin v username cn nhn mail
GVHD: Ths.L Quc Tun
STAT RETR n LAST LIST [n] RSET TOP n l NOOP QUIT DELE n
Hin th s thng ip cha c c (bytes) Nhn thng ip th n Hin th thng tin message cui cng. Hin th kch thc ca thng ip th n Khng xo ht thng ip, quay li thng ip u tin In ra cc HEADER v dng th n ca thng ip Khng lm g Kt thc phin giao dch POP3 Xo thng ip th n
12.3.3 Internet Message Access Protocol (IMAP4) IMAP4 h tr c hai chc nng l client v server tng t nh POP3, tuy nhin IMAP4 cung cp nhiu chc nng hn hn so vi giao thc POP3. IMAP4 cho php client ch r tiu chun ti th v d nh khng chuyn nhng th c dung lng ln trn nhng ng truyn tc thp, hn na IPMAP4 lun gi th trn server v to mt bn sao gi ti client. Mt s khc nhau na gia POP3 v IMAP4 l ch hot ng. Khi s dng POP, client lun lun phi gi kt ni ti server vic gi/nhn th c thit lp thnh cng. Trong khi , IMAP4 cho php client lm vic ngay c trng thi khng c kt ni - khi khng kt ni, nhng thay i trn client s c ng b ha trn server sau mt khong thi gian nht nh.
IPMAP4 s dng port 143
12.3.3.1 M hnh hot ng ca IMAP4

C ba trng thi c thit lp bi client v server IMAP4: offline, online v disconected. Trng thi offline ca IMAP4 tng t ca POP3: client thit lp kt ni n server, ti mail v sau ngt kt ni ti server. Mail sau khi c client ti v thnh cng s b xa hon ton trn server.
Trang 162
GVHD: Ths.L Quc Tun

Trng thi online ngc li trng thi offline: client khng ti mail t server, thay vo , n thit lp kt ni ti server v thc hin cc thao tc vi mail ngay trn server. Trng thi disconnected bao gm c hai trng thi trn. Trong trng thi ny, client kt ni ti server (c th ti v mt vi mail) sau ngt kt ni. Tuy nhin, sau khi ngt kt ni, server khng xa mail c client ti v nh POP3 hay nh trng thi offline ca n. Client chnh sa mail trn my cc b v ti kt ni ti server. Sau khi ti kt ni thnh cng, nhng thay i trn mail ca client s c ng b vi mail c trn server. Mi trng thi u c nhng u im v nhc im tuy nhin client c th chuyn i t trng thi ny sang trng thi kia bt k lc no c th lm vic mt cc hiu qu v ph hp vo tng thi im. Di y l mt vi u nhc im ca IMAP4:
Hnh 37. u nhc im ca IMAP4
Trang 163
GVHD: Ths.L Quc Tun
12.3.3.2 Cc trng thi ca IMAP4

Non-authenticated Selected server. Logout l do khc). kt ni kt thc (bi yu cu t client hoc do nhng client cha c chng thc bi server. mailbox ca client c chn v kt ni ti IMAP4
12.4 Ci t Postfix
Trn Linux, c ba ng dng mail server: Exim, Postfix v Sendmail. Sendmail ra i sm nht v c ci t sn vo h thng Fedora, CentOS. Sendmail l ng dng mail server rt tt, nhng file cu hnh ca n rt kh c v kh s dng. Exim cng cho php lm tt c cng vic lin quan n e-mail nhng nhng ty chn cu hnh ca n lun lun khng r rng ngay t nhng phin bn u tin. ng dng th ba Postfix d ci t, nhanh v rt bo mt. V th, trong phn ny chng em s chn Postfix cu hnh mail server. Vic ci t Postfix tng t nh ci t nhng dch v khc. Tuy nhin, do trn h thng ci t sn Sendmail do c vi im cn lu khi ci thm Postfix: Mt vi ng dng yu cu mt mail server phi c ci t sn trn h thng, lc ny Sendmail mc nh c s dng (do n c ci t sn). V vy khng c g b Sendmail khi cha ci Postfix. Do Sendmail v Postfix s dng chung vi file (v d /usr/sbin/sendmail), h thng s s dng h thng khc phn bit hai gi ny. /usr/sbin/sendmail l symlink ti /etc/alternatives/mta s ln lt symlink ti /usr/sbin/sendmail.sendmail v /usr/sbin/sendmail.postfix. Bng cch ny, c hai gi c th ci t cng lc m khng b xung t. Postfix c u tin s dng thay v Sendmail, cn chuyn nhng link ny ti /etc/alternatives/mta v ch n /usr/sbin/sendmail.postfix. khc phc hin tng ny, ta c hai cch gii quyt: chuyn i u tin bng lnh c sn alternates ca h thng, hoc s dng mt gi i km l systemswich-mail.
Trang 164
GVHD: Ths.L Quc Tun

12.4.1 Chun b Kim tra DNS Vic kim tra phn gii DNS l cc k quan trng trong vic thit lp mail server. DNS server lm vic ng gip client khi gi/nhn mail c th tm c ng tn mail server m n cn nhn/gi th ti. Kim tra cu hnh tp tin /etc/hosts
# Do not remove the following line, or various programs # that require network functionality will fail. 127.0.0.1 localhost server3.cn06.com 172.16.1.3 server3.cn06.com ::1 localhost6.localdomain6 server3v6
Ch r DNS server cho client Nu client c cp a ch IP t DHCP server th mc nhin n c cp thm thng tin v DNS server. Tuy nhin, vi nhng client t thit lp a ch IP th ta nn kim tra xem DNS server m client mc nh tm kim c tn l g. Tp tin chu trch nhim cho vic ny l /etc/resolv.conf. V d:
domain cn06.com search cn06.com nameserver 172.16.1.2 #nameserver 194.72.192.3
Cc gi ci t cn thit: postfix-2.3.3-2.1.el5_2.i386.rpm dovecot-1.0.7-7.el5.i386.rpm system-switch-mail-0.5.25-12.noarch.rpm Cc tp tin cu hnh chnh: /etc/postfix/main.cf 12.4.2 Ci t Ci t postfix:
Trang 165
GVHD: Ths.L Quc Tun

[root@server3 ~]# rpm -ivh /mnt/CentOS/postfix-2.3.32.1.el5_2.i386.rpm Preparing... ########################################### [100%] 1:postfix ########################################### [100%]
Ci t system-switch-mail:
[root@server3 ~]# rpm -ivh /mnt/CentOS/system-switch-mail-0.5.2512.noarch.rpm Preparing... ########################################### [100%] 1:system-switch-mail ########################################### [100%]
Kim tra dch v c ci t:

[root@server3 ~]# rpm -qa | grep postfix postfix-2.3.3-2.1.el5_2 [root@server3 ~]# chkconfig --list postfix postfix 0:off 1:off 2:on 3:on 4:on 5:on 6:off
12.4.3 Cu hnh tp tin main.cf Do tp tin main.cf c qu nhiu ty chn cu hnh nn phn ny, chng em ch cp n nhng ty chn quan trng nht v cn thit nht ci t v chy server SMTP. Tt c cc ty chn trong tp tin main.cf u c gii thch rt r rng nn khng qu kh khn khi hiu cc ty chn ca n. Myhostname Tham s ny ch r tn m Postfix s nhn e-mail. Thng thng l hostname ca mail server (trong lun vn ny l mail.cn06.com)
myhostname = mail.cn06.com
Mydomain
Trang 166
GVHD: Ths.L Quc Tun

Ci tn ca n ni ln tt c, ch cho Postfix bit tn domain m n s phc v (cn06.com)
mydomain = cn06.com
Myorigin tng tnh nht qun gia a ch ngi gi v ngi nhn, myorigin cng s ghi r tn domain mc nh c gn vo a ch ngi nhn no khng c phn ui @domain. Ta c th s dng mt trong hai ty chn l $mydomain hoc $myhostname.
myorigin=$mydomain myorigin=$myhostname
Lu :
Do myhostname v mydomain c khai bo phn trn, do vy ta khng cn khai bo nhng ty chn bn di m ch cn tham chiu ti ty chn bng du $.
Mydestination Tham s ny ch r danh sch cc domain m server Postfix s coi nh ch n cho e-mail n. V d:
mydestination = $server3, localhost.$cn06.com, localhost #mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain #mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain, # mail.$mydomain, www.$mydomain, ftp.$mydomain
Inet_interfaces Ch r a ch ca interface m h thng s nhn mail. Mc nh, nhng interface trng thi active s c chp nhn.
#inet_interfaces = all #inet_interfaces = $myhostname #inet_interfaces = $myhostname, localhost
Trang 167
GVHD: Ths.L Quc Tun

inet_interfaces = localhost
Mail_spool_directory Thng thng, mail t khi c gi ti client hoc trn server s c lu trong th mc /var/spool/mail. Mi user s c lu tr mail trong mt th mc ring bit, v d user admin s l /var/spool/mail/admin.
#mail_spool_directory = /var/mail #mail_spool_directory = /var/spool/mail
Mynetworks Tham s ny l mt ty chn quan trng, n cho bit danh sch nhng client c tin tng s dng h thng mail. Thng thng, chng ta ch cho php nhng client c trong mng cc b ca mnh.
mynetworks =172.16.1.0/24,127.0.0.0/4 #mynetworks = $config_directory/mynetworks #mynetworks = hash:/etc/postfix/network_table
Inet_protocol Cho php s dng IPv6 trn server mail Postfix. Mc nh ch c IPv4 c chp nhn, thit lp gi tr cho ipv6 gip Postfix h tr IPv6 trong vic qun l mail. Nh vy ta cu hnh xong tp tin cu hnh chnh, vic tip theo l khi ng dch v v kim tra tnh ng n ca tp tin cu hnh. Smtpd_banner Hin th mt on text ngay sau code 220 khi SMTP server tr li kt ni t client. Ch : phi ghi r tham s $myhostname u on text theo quy nh ca RFC (Postfix thc ra khng quan tm n tham s ny)
#smtpd_banner = $myhostname ESMTP $mail_name smtpd_banner = $myhostname ESMTP $mail_name ($mail_version) by cn06.com
Kim tra tp tin main.cf

[root@server3 ~]postfix check
Trang 168
GVHD: Ths.L Quc Tun

Khi ng dch v:
[root@server3 ~]# chkconfig postfix on [root@server3 ~]# service postfix start Starting postfix: [ OK ]
Kim tra port SMTP:

[root@server3 ~]# netstat -an | grep :25 tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN
Lu : Postfix c th b li sau khi khi ng dch v:

[root@server3 ~]postfix check postfix: fatal: config variable inet_interfaces: host not found: localhost
L do: Postfix khng tm thy localhost trong tp tin /etc/hosts. V th, ta phi thm thng s ny vo v khi ng li dch v network.
127.0.0.1 172.16.1.3 localhost server3.cn06.com
Ta c th kim tra tnh ng n ca dch v bng cch gi mail gia cc user trong domain (s dng nh cp phn trn). Lu : Ngoi vic cu hnh tp tin main.cf bng trnh son tho vi, cn mt cch khc l dng lnh c sn ca postfix: postconf v cc ty chn ca n. Cn m bo TCP port 25 c m v server chp nhn cc kt ni n. Do nn to ra cc quy tc truy cp bng iptables hoc s dng giao din ha m cng 25:
[root@server3 ~]# iptables -A INPUT -p tcp -m state --state NEW -m tcp --dport 25 -j ACCEPT
Trang 169
GVHD: Ths.L Quc Tun 12.5 Ci t dovecot

Phn trn chng ta mi ci t SMTP server; SMTP client khi c nhu cu cn gi/nhn mail th bt buc phi s dng cc cu lnh ca SMTP, iu ny gy kh khn cho nhiu ngi dng. khc phc iu ny, ta c th ci t cc ng dng cho php client s dng giao thc POP3/IMAP4 ly mail t server bng giao din ha (Outlook Express, ThunderBird,). Gi Dovecot h tr rt tt POP3 v IMAP4, v th, phn ny chng em s tm hiu vic ci t cng nh cu hnh tp tin dovecot.conf nhm h tr client ly mail bng giao thc POP3 hoc IMAP4. Ci t gi dovecot:
[root@server ~]# rpm -ivh /mnt/CentOS/dovecot-1.0.7-7.el5.i386.rpm Preparing... ########################################## [100%] 1:dovecot ###########################################[100%]
Cu hnh tp tin dovecot.conf: Tp tin cu hnh chnh cho Dovecot nm ti /etc/dovecot.conf. Trong tp tin cu hnh ny c rt nhiu ty chn nhm ph hp vi mc ch s dng cho tng client, tuy nhin ty chn quan trng nht l:
20 protocols = imap imaps pop3 pop3s
Ty chn ny cho php Dovecot h tr cc giao thc nh POP3 (port 110), POP3s (port 993), IMAP4 (port 143), IMAPs (port 995). Sau , ta khi ng dch v Dovecot:
[root@server ~]# service dovecot start Starting Dovecot Imap: [OK]
Kim tra chc chn cc cng lin quan ti mail c m (bao gm cng 25 SMTP, 110 POP3, 143 IMAP4, 993 POP3s, 995 IMAPs).
[root@server ~]# netstat -an | more Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address tcp tcp tcp 0 0 0 0 127.0.0.1:2208 0 0.0.0.0:111 0 0.0.0.0:23 Foreign Address 0.0.0.0:* 0.0.0.0:* 0.0.0.0:* State LISTEN LISTEN LISTEN
Trang 170
GVHD: Ths.L Quc Tun

tcp tcp tcp tcp tcp tcp tcp tcp tcp udp udp udp 0 0 0 0 0 0 0 0 0 0 0 0 0 127.0.0.1:631 0 0.0.0.0:25 0 127.0.0.1:2207 0 0.0.0.0:767 0 :::993 0 :::995 0 :::110 0 :::143 0 :::22 0 172.16.1.3:54463 0 0.0.0.0:5353 0 0.0.0.0:111 0.0.0.0:* 0.0.0.0:* 0.0.0.0:* 0.0.0.0:* :::* :::* :::* :::* :::* 192.168.1.1:53 0.0.0.0:* 0.0.0.0:* LISTEN LISTEN LISTEN LISTEN LISTEN LISTEN LISTEN LISTEN LISTEN STABLISHED
V d: Telnet vo server SMTP:

[root@server ~]# telnet 172.16.1.3 25 Trying 172.16.1.3... Connected to smtp.cn06.com (172.16.1.3). Escape character is '^]'. helo dhgtv220 server3.cn06.com ESMTP Postfix 250 server3.cn06.com mail from:u1@cn06.com 250 2.1.0 Ok rcpt to:u2@cn06.com 250 2.1.5 Ok data 354 End data with <CR><LF>.<CR><LF> Test mail. . 250 2.0.0 Ok: queued as 99B2210464 quit 221 2.0.0 Bye Connection closed by foreign host. [root@server ~]#
Kim tra mail trn my cc b:
Trang 171
GVHD: Ths.L Quc Tun

[root@server ~]# mail -u u2 Mail version 8.1 6/6/93. "/var/mail/u2": 4 messages > 1 u1@cn06.com 2 root@cn06.com 3 u1@cn06.com 4 root@cn06.com Sun Jun Sun Jun Sun Jun Sun Jun 6 12:33 6 12:37 6 12:46 6 13:46 17/539 16/467 16/512 17/500 "hello" "hi" Type ? for help.
Kim tra dch v bng cch cho client gi/nhn mail thng qua Outlook Express:
Hnh 38. To ti khon mi.
Trang 172
GVHD: Ths.L Quc Tun
Hnh 39. Chn giao thc & SMTP server.
Hnh 40. Yu cu chng thc.
Trang 173
GVHD: Ths.L Quc Tun
Hnh 41. Mail c gi t u1 ti u2.
V y l mail m ti khon u2 nhn c thng qua Outlook Express:
Trang 174
GVHD: Ths.L Quc Tun
Hnh 42. u2 nhn mail.
Trang 175
GVHD: Ths.L Quc Tun
12.6 Web Mail

trn chng em cp n cch ci t v s dng lnh POP/IMAP hay Outlock duyt mail. phn ny chng em xin trnh by cch thc s dng trnh duyt duyt mail bng Squirrelmail. 12.6.1 Squirrelmail l g ? Squirrelmail l d n c bt u t nm 1999 - l mt ng dng nhm mc ch gip ngi dng c th dng chnh trnh duyt web son tho mail. iu ny gip ngi dng khng cn ci thm bt k ng dng mail no trn client. N h tr c POP v IMAP v c vit bng PHP v hon ton khng c JavaScript nhm h tr ti a v tnh n nh, tng thch v tc trn cc trnh duyt web khc nhau. Squirrelmail rt d cu hnh v s dng. Ti thi im d n ny ra i nm 1999, tn ti vi ng dng khc tng t ; tuy nhin khng c ng dng no mnh m v h tr y nh Squirrelmail, v iu ny khin n tr thnh ng dng web-based mail ph bin nht hin nay. 12.6.2 Ci t Squirrelmail Do Squirrelmail c vit bng PHP nn n cng yu cu ci t thm nhng gi sau trn server : Apache - http://httpd.apache.org/download.cgi PHP - http://php.net/downloads.php UW IMAP - http://www.washington.edu/imap/ SquirrelMail - http://squirrelmail.org/download.php
Tt c nhng gi ny c cung cp km theo CentOS 5 Cu hnh Squirrelmail Sau khi ci t thnh cng, tp tin cu hnh nm ti /etc/squirrelmail/config.php. Vic cu hnh lm vic vi squirrelmail kh n gin. Mt vi tham s cn lu :
$domain $imapServerAddress = 'cn06.com'; = '172.16.1.3';
Trang 176
GVHD: Ths.L Quc Tun

$imapPort $useSendmail $smtpServerAddress $smtpPort $sendmail_path = 143; = true; = '172.16.1.3'; = 25; = '/usr/sbin/sendmail';
$domain = cn06.com : tn domain m Squirrelmail s lm vic. $imapServerAddress: a ch IMAP server. y cng chnh l a ch mail server 172.16.1.3 $imapPort = 143: cng mc nh dng cho giao thc IMAP. $smtpServerAddress: a ch SMTP server. $smtpPort = 25: cng mc nh dng cho giao thc SMTP. Sau khi cu hnh xong, chng ta cn khi ng dch v HTTP (do squirrelmail c vit bng PHP).
[root@server3 ~]# service httpd start Starting httpd: [ OK ]
Bc cui cng l dng trnh duyt son tho mail: Trn bar, g a ch: http://mail.cn06.com/webmail
Hnh 43. Giao din Web mail.
Trang 177
GVHD: Ths.L Quc Tun
Ti liu tham kho

Ting Vit: [1] H KHTN TP.HCM, Chng ch Qun tr mng Linux. [2] Nht Ngh, Linux LPI Lab. Ting Anh: [3] Peter Membrey, Tim Verhoeven, Ralph Angenendt (2009), The Definitive Guide to CentOS, Apress, New York, USA. [4] Wale Soyinka (2009), Linux Administration A Beginners Guide, 5th edition, McGraw-Hill, USA. [5] Mark G. Sobell (2010), A Practical Guide to Fedora and Red Hat Enterprise Linux 5th edition, Prentice Hall, USA. [6] Evi Nemeth, Garth Snyder, Trent R. Hein, Ben Whaley (2010), Unix and Linux System Administration Handbook 4th edition, Prentice Hall, USA. Internet: [7] http://vi.wikipedia.org/wiki [8] http://en.wikipedia.org/wiki/ [9] http://vnpro.org/blog [10] http://www.linuxhomenetworking.com
Trang 178

Xây Dựng Hệ Thống Linux

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Xây Dựng Hệ Thống Linux

Uploaded by

Copyright:

Available Formats

TRNG I HC GIAO THNG VN TI TP.

HCM KHOA CNG NGH THNG TIN

V CNG DUN NGUYN ANH TUN

TRIN KHAI CC DCH V MNG TRN H THNG LINUX

GIO VIN HNG DN Ths. L Quc Tun

NIN KHA 2006 - 2010

GVHD: Ths.L Quc Tun

GVHD: Ths.L Quc Tun

GVHD: Ths.L Quc Tun

GVHD: Ths.L Quc Tun

GVHD: Ths.L Quc Tun

SVTH: V Cng Dun Nguyn Anh Tun

GVHD: Ths.L Quc Tun

SVTH: V Cng Dun Nguyn Anh Tun

GVHD: Ths.L Quc Tun

SVTH: V Cng Dun Nguyn Anh Tun

GVHD: Ths.L Quc Tun

1.2 Kin trc HH Linux:

SVTH: V Cng Dun Nguyn Anh Tun

GVHD: Ths.L Quc Tun

SVTH: V Cng Dun Nguyn Anh Tun

GVHD: Ths.L Quc Tun

Hnh 2. Tin trnh pht trin Linux kernel.

SVTH: V Cng Dun Nguyn Anh Tun

GVHD: Ths.L Quc Tun

1.3 Nhng im khc nhau gia Linux & Windows

SVTH: V Cng Dun Nguyn Anh Tun

GVHD: Ths.L Quc Tun

SVTH: V Cng Dun Nguyn Anh Tun

GVHD: Ths.L Quc Tun

SVTH: V Cng Dun Nguyn Anh Tun

GVHD: Ths.L Quc Tun

GVHD: Ths.L Quc Tun

/dev/pty* /dev/ttyS* /dev/cua* /dev/null

SVTH: V Cng Dun Nguyn Anh Tun

GVHD: Ths.L Quc Tun

C s tng ng trong cu trc file v th mc ca linux v windown nh sau:

2.1.2 Cu trc tp tin

SVTH: V Cng Dun Nguyn Anh Tun

GVHD: Ths.L Quc Tun

- Khi to 1 tp tin n s bao gm 3 phn :

- Super Block: l mt cu trc c to ti v tr bt u h thng tp tin. N

- Inode (256 byte): Lu nhng thng tin v nhng tp tin v th mc c to

- Storageblock: L vng lu d liu thc s ca tp tin v th mc. N chia

2.2 Qun l ngi dng v nhm

SVTH: V Cng Dun Nguyn Anh Tun

GVHD: Ths.L Quc Tun Tp tin /etc/passwd

Xem file /etc/passwd

SVTH: V Cng Dun Nguyn Anh Tun

GVHD: Ths.L Quc Tun

Xem file /etc/shadow :

[root@server1 ~]# cat /etc/shadow Khi ta s quan st c cc ti khon vi mt kh b m ha

SVTH: V Cng Dun Nguyn Anh Tun

GVHD: Ths.L Quc Tun

Xem file /etc/group :

To ti khon ngi dng

Ty chn -d homedir -e mm/dd/yy -f days -g group -G group

SVTH: V Cng Dun Nguyn Anh Tun

GVHD: Ths.L Quc Tun

SVTH: V Cng Dun Nguyn Anh Tun

GVHD: Ths.L Quc Tun t mt khu cho ti khon

Thay i thng tin ngi dng

SVTH: V Cng Dun Nguyn Anh Tun

GVHD: Ths.L Quc Tun