How to configure the routing information server in two Linux systems (1)

As one of the core Switches of the backbone network, a router acts as the responsibility of the network traffic station. It forwards and exchanges network packets through the established rules, so that the network client node devices can effectively use the network for information exchange. In this way, the configuration parameters related to routers in the network become one of the most important basic network materials. My enterprise network belongs to a medium-scale Wan, with dozens of lower-level access routers and convergence-layer routers. Once these routers fail and require hardware replacement, finding the router configuration information is always a headache, therefore, the TFTP server and apache Web server provided by Linux are configured with a convenient routing data backup system to solve the above problems. Because the current mainstream Linux systems are basically released versions derived from RedHat and Debian. Therefore, I will describe the configurations of the above two operating systems separately, hoping to help other users.

1. Configure TFTP and apache server In Debian

1) TFTP Server Configuration

1. Install TFTP Server Components

In Debian, you can use the new software package manager to search for the tftpd-hpa software package, check the "mark for installation" option, and click the application button. The system will automatically install the package. You can also directly execute apt-get install tftpd-hpa on the command line to install the command mode as follows:

 
 

  
  
root@AkBirdofpreyWorkStation:~# apt-get install tftpd-hpa 
 
 

Then, the system will create the relevant application startup script and configuration file, and create the/srv/tftp directory under the same directory.

2. Modify the TFTP configuration file and related Directory Permissions

After the TFTP service component is installed, the user group and configuration file required by the TFTP service are automatically created. The file is/etc/default/tftpd-hpa. The initial configuration content is as follows:

 
 

  
  
# /etc/default/tftpd-hpa 
  
  
TFTP_USERNAME="tftp" 
  
  
TFTP_DIRECTORY="/srv/tftp" 
  
  
TFTP_ADDRESS="0.0.0.0:69" 
  
  
TFTP_OPTIONS="-secure" 
 
 

We need to change the file to the following content:

 
 

  
  
# /etc/default/tftpd-hpa 
  
  
TFTP_USERNAME="tftp" 
  
  
TFTP_DIRECTORY="/srv/tftp" 
  
  
TFTP_ADDRESS="0.0.0.0:69" 
  
  
TFTP_OPTIONS="-l -c -secure" 
 
 

The-l-c parameter is added to the TFTP_OPTIONS option, so that when we use the vro parameter BACKUP command, we can smoothly upload the file to the TFTP Server Directory.

At the same time, we need to modify the user and group in the directory specified by the TFTP server. The command mode is as follows:

 
 

  
  
root@AkBirdofpreyWorkStation:/etc/default# chown tftp:tftp /srv/tftp 
 
 

In this way, the group of the/srv/tftp directory is changed to a tftp user, and the modification of the user group must be performed. I found in the test that, after the TFTP service component is installed, the group in the/srv/tftp directory is root. If you do not modify the user group, when using the vro parameter BACKUP command, the transfer time out error will occur on the server.

In this case, you only need to use/etc/init. d/tftpd-hpa restart to restart the TFTP service, and the TFTP server should be ready for normal use. The command mode is as follows:

 
 

  
  
root@AkBirdofpreyWorkStation:/etc/default# /etc/init.d/tftpd-hpa restart 
  
  
[ ok ] Restarting HPA's tftpd: in.tftpd. 
 
 

2) apache server configuration

1. install apache server components

The installation of this component is not much different from that of the TFTP service component. You can select the GUI or command line interface to install it.

2. apache server configuration

Previously, I have been using RedHat and its derivative Linux versions. After using Debian/Linux, we found that the configuration file of the apache server differs greatly from that of the RedHat and its derived Linux versions, in Debian/Linux, the apache server configuration files are not concentrated in httpd. conf files are placed in different configuration files. Because the router information involves security issues, we need to perform a user security review when accessing the configured apache server. The following describes the specific configuration.

In Debian/Linux, the apache server configuration file is saved in/etc/apache2. Use vi/etc/apache2/apache2.conf to view the description of the configuration file corresponding to the directory structure in help, the configuration file to be modified is/etc/apache2/sites-enabled/000-default. This file is actually a configuration file defined by apache users, this includes the Server Directory and access permissions. The initial configuration file is as follows:

 
 

  
  
<VirtualHost *:80> 
  
  
ServerAdmin webmaster@localhost 
  
  
DocumentRoot /var/www 
  
  
<Directory /> 
  
  
Options FollowSymLinks Indexes 
  
  
AllowOverride None 
  
  
</Directory> 
  
  
<Directory /var/www/> 
  
  
<Directory /var/www/> 
  
  
Options Indexes FollowSymLinks MultiViews 
  
  
AllowOverride None 
  
  
Order allow,deny 
  
  
allow from all 
  
  
</Directory> 
  
  
ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/ 
  
  
<Directory "/usr/lib/cgi-bin"> 
  
  
AllowOverride None 
  
  
Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch 
  
  
Order allow,deny 
  
  
Allow from all 
  
  
</Directory> 
  
  
ErrorLog ${APACHE_LOG_DIR}/error.log 
  
  
# Possible values include: debug, info, notice, warn, error, crit, 
  
  
# alert, emerg. 
  
  
LogLevel warn 
  
  
CustomLog ${APACHE_LOG_DIR}/access.log combined 
  
  
</VirtualHost> 
 
 

We need to modify it to the following content:

 
 

  
  
<VirtualHost *:80> 
  
  
ServerAdmin webmaster@localhost 
  
  
#DocumentRoot /var/www 
  
  
DocumentRoot /srv/tftp 
  
  
<Directory /> 
  
  
Options FollowSymLinks Indexes 
  
  
AllowOverride All 
  
  
<limit GET POST OPTIONS PROPFIND> 
  
  
Order allow,deny 
  
  
Allow from all 
  
  
</Limit> 
  
  
</Directory> 
  
  
#<Directory /var/www/> 
  
  
#<Directory /var/www/> 
  
  
#Options Indexes FollowSymLinks MultiViews 
  
  
#AllowOverride None 
  
  
#Order allow,deny 
  
  
#allow from all 
  
  
#</Directory> 
  
  
ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/ 
  
  
<Directory "/usr/lib/cgi-bin"> 
  
  
AllowOverride None 
  
  
Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch 
  
  
Order allow,deny 
  
  
Allow from all 
  
  
</Directory> 
  
  
ErrorLog ${APACHE_LOG_DIR}/error.log 
  
  
# Possible values include: debug, info, notice, warn, error, crit, 
  
  
# alert, emerg. 
  
  
LogLevel warn 
  
  
CustomLog ${APACHE_LOG_DIR}/access.log combined 
  
  
</VirtualHost> 
 
 

Run the vi command to edit the/srv/tftp/. htaccess file. The command mode is as follows:

 
 

  
  
root@AkBirdofpreyWorkStation:/# vi /srv/tftp/.htaccess 
 
 

The file content is as follows:

AuthUserFile/etc/secure. user # user Account Password File Name

AuthName akcwdCA user logon authentication information prompt

AuthType Basic

 
 

  
  
<Limit GET> 
  
  
require valid-user 
  
  
</Limit> 
 
 

Use htpasswd-c/etc/secure. user to create a user password file. The command mode is as follows:

 
 

  
  
root@AkBirdofpreyWorkStation:/# htpasswd -c /etc/secure.user user1 
 
 

The program prompts you to enter the user password twice, and then the user password file has been created, and the user user1 has been created at the same time.

Run the/etc/init. d/apache2 restart command to restart the apache server. The command mode is as follows:

 
 

  
  
root@AkBirdofpreyWorkStation:/# /etc/init.d/apache2 restart 
  
  
[....] Restarting web server: apache2apache2: Could not reliably determine the server's fully qualified domain name, using 192.168.1.253 for ServerName 
  
  
... waiting .apache2: Could not reliably determine the server's fully qualified domain name, using 192.168.1.253 for ServerName 
  
  
. ok