Chapter 10. Debian System configuration File Description
Table of Contents 10.1. . Bash_profile,. BASHRC,. Bash_history and. Bash_logout 10.2. /ETC/PASSWD,/etc/shadow and/etc/group 10.3. /etc/login.defs 10.4. /etc/securetty 10.5. ~/.gnomerc 10.6. ~/.GTKRC.ZH_CN 10.7. ~/.gtkrc-2.0 10.8. /etc/modules 10.9. /etc/gdm.conf 10.10. /ETC/KDE3/KDM/KDMRC 10.11. /etc/services 10.12. /etc/protocols 10.13. /etc/network/interfaces 10.14. /etc/resolv.conf 10.15. /etc/host.conf 10.16. /etc/hosts 10.17. /etc/hostname 10.18. /etc/hosts.allow and/etc/hosts.deny
There are many profiles in the Debian system that are important to control the operation of the system and applications. The location, role, and configuration parameters of these configuration files are recorded below so that we can quickly locate and configure these files in system maintenance. 10.1. Bash_profile, BASHRC,. Bash_history and. Bash_logout
The above three files are the user Environment profile of the bash shell, located in the user's home directory. Where. Bash_profile is the most important configuration file that is read every time the user logs on to the system, and all commands inside it are executed by bash. Profile (used by Bourne Shell and Korn shell) and. Login (used by C shell) Two files are synonyms for. Bash_profile to be compatible with other shells. Use. profile files in Debian instead of. bash_profile files.
The. bashrc file reads when the bash shell invokes another bash shell, which is read when you start a new shell by typing the bash command in the shell. This effectively separates the environments required for logins and child shells. In general, however, the. BASHRC script is invoked in the. Bash_profile to unify the user environment.
Bash_history is the history file for the Bash shell, which records all the commands you entered in the Bash shell. The HISTSIZE environment variable sets the number of records that can be saved in the history file.
. Bash_logout is read when exiting the shell. So we can put some cleanup orders into this file.
The BASH.BASHRC and profile in the/ETC directory are the system's configuration files that will be read when the. Bash_profile and. BASHRC are not found in the user's home directory. 10.2./etc/passwd,/etc/shadow and/etc/group
These three profiles are used for System account management and are text files that can be opened using a text editor such as VI. /ETC/PASSWD is used to hold user account information,/etc/shadow is used to store each user's encrypted password,/etc/group to store the user's group information.
The contents of the/etc/passwd file are as follows:
Root:x:0:0:root:/root:/bin/bash
Daemon:x:1:1:daemon:/usr/sbin:/bin/sh
Bin:x:2:2:bin:/bin:/bin/sh
Sys:x:3:3:sys:/dev:/bin/sh
Sync:x:4:65534:sync:/bin:/bin/sync
Games:x:5:60:games:/usr/games:/bin/sh
...
Each row is made up of a semicolon-delimited string that is formatted as follows:
Username:password:uid:gid:gecos:homedir:shell
If the shadow password feature is enabled, the password content is "X" and the encrypted password is placed in the/etc/shadow file. If the content of the password is "*", the account is deactivated. Use passwd This program to modify the user's password.
/etc/shadow stores an encrypted password, which can only be read and modified by Root. The following is the contents of the shadow file:
Root:$1$43zr5j08$kuduq1uh36ihquiqugi/e9:12973:0:99999:7:::
Daemon:*:12973:0:99999:7:::
Bin:*:12973:0:99999:7:::
Sys:*:12973:0:99999:7:::
Sync:*:12973:0:99999:7:::
...
We can use the Chage command to display the test user's account information:
Min: 0
Max: 99999
Warning Date: 7
Expiration Date: -1
Last modified: July 09, 2005
Password Expiration: never
Password invalid: never
Account Expiration: never
The format of the/etc/shadow file is as follows:
Username:password:last_change:min_change:max_change:warm:failed_expire:expiration:reserved
Brief description of each field:
Last_change: Indicates the number of days the password has been modified since Linux was used. Can be modified with the chage-d command.
Min_change: Represents the minimum modification interval for a password. Can be modified with the CHAGE-M command.
Max_change: Represents the password change period. Can be modified with the CHAGE-M command.
Warm: The number of days that the password expires. Can be modified with the CHAGE-W command.
Failed_expire: The number of locked days that indicate the password failure account number. Can be modified with the Chage-i command.
Expiration: Indicates the time of account expiration date. Can be modified with the CHAGE-E command.
Reserved: No use, left for later use.
In a Debian system, use the Shadowconfig on/off command to control the ability to enable and disable shadow passwords.
/etc/group is the account grouping file, which controls how users are grouped. The following are the contents of the group file:
root:x:0:
Daemon:x:1:
Bin:x:2:
Sys:x:3:
Adm:x:4:
...
Its format is as follows:
Groupname:password:gid:members
The password here represent the group password and are rarely used. It enables users who were not originally in this group to temporarily inherit the permissions of the group through the NEWGRP Command, and a new shell is opened when using the NEWGRP command. Password encryption and passwd file in the same password, so if you need to set the group password, to use the passwd program dummy a user, and then the user password section of the encrypted password copy to the/etc/group file. The Members column represents the group member, and we can add a comma-delimited list of users who are required to join it. Members of the same group can inherit the permissions that the group has. 10.3./etc/login.defs
Login.defs is to set the user account limit of the file, where we can configure the maximum number of days of password expiration, password maximum length constraints and so on. The configuration in this file is not valid for the root user. If the/etc/shadow file has the same option, the setting in/etc/shadow will be the same, that is,/etc/shadow configuration priority is higher than/etc/login.defs. The following is an excerpt from the file:
...
#
# Password Aging Controls:
#
# Pass_max_days Maximum number of days a password could be used.
# Pass_min_days Minimum number of days allowed between password change.
# pass_warn_age number of days warning given before a password expires.
#
Pass_max_days 99999
Pass_min_days 0
Pass_warn_age 7
...
#
# Number of significant characters in the password for crypt ().
# Default is 8, don ' t change unless your crypt () is better.
# If using MD5 in your PAM configuration, set this higher.
#
Pass_max_len 8
...
10.4./etc/securetty
This file controls the device that the root user logs on, which records the name of the device that can be logged in as a root user, such as Tty1, Tty2, and so on. A user cannot log on to a root user from a device that does not exist in the file. In this case, the user can only log in as a normal user and then use the SU command to convert to the root user. The format of the/etc/securetty file is as follows:
#/etc/securetty:list of terminals on which the root is allowed to login.
# Securetty (5) and login (1).
Console
# for people with serial port consoles
TtyS0
# for DEVFS
tts/0
# Standard Consoles
Tty1
Tty2
Tty3
...
If/etc/securetty is an empty file, the root user cannot log on to the system from the task's device. You can only log on as a normal user and then use the SU command to turn to root. If the/etc/securetty file does not exist, the root user can log on from anywhere. This can cause security problems, so/etc/securetty files must be present in the system. 10.5. ~/.gnomerc
Role: User-level startup files for the GNOME desktop, which are automatically executed when the GNOME desktop system is started, and if they are not available in the user's home directory, users can create them themselves. The script was triggered by the GNOME system-level boot file/ETC/X11/XSESSION.D/55GNOME-SESSION_GNOMERC. In my system, the contents of this configuration file are as follows:
# The Open File window for the GTK + program is configured with the font encoding GBK
Export G_FILENAME_ENCODING=GBK
#下面设置fcitx输入法的环境变量
Export XIM_PROGRAM=FCITX
Export XIM=FCITX
Export xmodifiers= "@im =FCITX"
#启动fcitx中文输入法
fcitx&
G_filename_encoding parameters of the official analysis can be referred to Web site: http://developer.gnome.org/doc/API/2.0/glib/glib-running.html 10.6 ~/. GTKRC.ZH_CN
Function: Set up the configuration file for the GTK + 1.x program, use the Font configuration option by default, and work with the encoding options in the ~/.GNOMERC configuration file above to configure the GTK + program to open the File window to enable the GTK + 1.x program to display the file name in Chinese in the Open File window. The contents of the configuration file are as follows:
Style "GTK-DEFAULT-ZH-CN" {
Fontset = "-adobe-helvetica-medium-r-normal--12-*-*-*-*-*-iso8859-*,/
-*-*-medium-r-normal--14-*-*-*-*-*-gb2312.1980-0 "
}
Class "Gtkwidget" style "GTK-DEFAULT-ZH-CN"
The global configuration file for this file is/ETC/GTK/GTKRC. If you want to set the GTK Chinese settings for all users uniformly, you can configure them in this file. The contents of the file are the same as those above. 10.7. ~/.gtkrc-2.0
Function: gtk2.0 The program's settings file, if it does not exist, can be created manually. Configure the GTK2.0 program font configuration as follows:
Style "GTK-DEFAULT-ZH-CN" {
Font_name = "Bitstream Vera Sans 10,simsun 10"
}
Class "Gtkwidget" style "GTK-DEFAULT-ZH-CN"
The file also has a global profile/ETC/GTK-2.0/GTKRC, note that it is GTKRC, not gtkrc-2.0, the default file is not, you need to create it manually. Once a ~/.gtkrc-2.0 or/ETC/GTK-2.0/GTKRC file exists, the file has the highest configuration precedence, which means that using the Gnome-font-properties font configuration program does not change. For example, if you have a font in ~/.gtkrc-2.0 that is SimSun 10th, you cannot change the setting using the Gnome-font-properties font configuration program. 10.8./etc/modules
Kernel module files, the modules listed inside will automatically load when the system starts. You can configure it with the Modconf tool, or you can configure it with a text editor. 10.9./etc/gdm.conf
GDM configuration file 10.10./ETC/KDE3/KDM/KDMRC
KDM configuration file, the default KDM is not allowed root user login, if we need to log in as root user, we need to modify the KDMRC file, the
Allowrootlogin=false
To
Allowrootlogin=true
10.11./etc/services
Internet Network Service files that record network service names and their corresponding port numbers and protocols. Each row in the file corresponds to a service that consists of 4 fields, separated by a tab or a space, representing the service name, use port, protocol name, and alias. The following is an excerpt from this file.
tcpmux 1/tcp # TCP port service multiplexer
Echo 7/TC P
Echo 7/udp
Discard 9/tcp sink null
Discard 9/UDP NULL
Sy Stat 11/tcp users
Daytime 13/tcp
Daytime 13/udp
netstat 15/tcp
QOTD 17/TCP Quote
MSP 18/TCP # Message Send protocol
MSP 18/UDP
Chargen 19/tcp ttytst source
Chargen 19/udp ttytst source
Ftp-data 20/TCP
FTP 21/tcp
FSP 21/udp fspd
ssh 22/tcp # ssh Remote Login Protocol
ssh 22/udp
telnet 23/tcp
SMTP 25/tcp Mail
Time 37/tcp timserver
In general, do not modify the contents of the file, because these settings are Internet standard settings. Once modified, it can cause system conflicts and allow users to not access resources properly.
The range of port numbers for Linux systems is 0--65535, and different ranges have different meanings.
0 do not use
the 1--1023 system is reserved and can only be used by the root user
1024---4999 is freely allocated by the client program
5000---65535 is freely allocated by server-side programs
10.12./etc/protocols
The file is a network protocol definition file that records all protocol types for the TCP/IP protocol family. Each row in the file corresponds to a protocol type, which has 3 fields, separated by a tab or a space, representing the protocol name, protocol number, and Protocol alias, respectively. The following is an excerpt from the file.
# Internet (IP) protocols
#
# Updated from Http://www.iana.org/assignments/protocol-numbers and
# sources.
# NEW protocols is added on request if they have been officially
# Assigned by the IANA and are not historical.
# If You are need a huge list of used numbers please install the NMAP package.
IP 0 IP # Internet Protocol, pseudo protocol number
#hopopt 0 hopopt # IPv6 hop-by-hop Option [RFC1883]
ICMP 1 ICMP # Internet Control Message Protocol
IGMP 2 IGMP # Internet Group Management
GGP 3 GGP # Gateway-gateway protocol
Ipencap 4 Ip-encap # IP encapsulated in IP (officially ' IP ')
St 5 St # St datagram mode
TCP 6 TCP # Transmission Control Protocol
EGP 8 EGP # Exterior Gateway Protocol
IGP 9 IGP # any private interior gateway (CISCO)
Pup PUP # PARC Universal Packet Protocol
Do not make any changes to the file. 10.13./etc/network/interfaces
Network interface parameter configuration file, the following is a configuration example that has two static IP addresses configured in one network interface:
#/etc/network/interfaces--configuration file for Ifup (8), Ifdown (8)
# The Loopback interface
Auto Lo
Iface Lo inet Loopback
# The network Card-this entry was created during the Debian installation
# (Network, broadcast and gateway are optional)
Auto Eth0
Iface eth0 inet Static
Address 192.168.1.1
Netmask 255.255.255.0
Network 192.168.1.0
Broadcast 192.168.1.255
# Gateway 192.168.1.1
# name Ethernet LAN network card
Auto eth0:0
Iface eth0:0 inet Static
Address 192.168.1.2
Netmask 255.255.255.0
Network 192.168.1.0
Broadcast 192.168.1.255
Gateway 192.168.1.1
The following is an example of automatically obtaining an IP address from a DHCP server:
#/etc/network/interfaces--configuration file for Ifup (8), Ifdown (8)
# The Loopback interface
Auto Lo
Iface Lo inet Loopback
# The network Card-this entry was created during the Debian installation
# (Network, broadcast and gateway are optional)
Auto Eth0
Iface eth0 inet DHCP
10.14./etc/resolv.conf
This file is a configuration file for DNS domain name resolution, which is simple in format, preceded by a keyword, followed by configuration parameters. The key words of resolv.conf are mainly four, respectively:
NameServer #定义DNS服务器的IP地址
Domain #定义本地域名
Search #定义域名的搜索列表
Sortlist #对返回的域名进行排序
An example of/etc/resolv.conf:
Domain ringkee.com
Search Www.ringkee.com ringkee.com
NameServer 202.96.128.86
NameServer 202.96.128.166
The most important is the nameserver keyword, if you do not specify nameserver can not find the DNS server, other keywords are optional. 10.15./etc/host.conf
When DNS domain name resolution and/etc/hosts host table mechanisms exist in the system, the/etc/host.conf is determined by the host name interpretation order. Example:
Order Hosts,bind #名称解释顺序
Multi on #允许主机拥有多个IP地址
Nospoof on #禁止IP地址欺骗
The order is a keyword, defined first with the native hosts host table for name interpretation, and, if not explained, search for the Bind name server (DNS). 10.16./etc/hosts
Set the IP address and the host name corresponding table, which can be used to explain the host name. Such as:
#格式: IP address host name alias
127.0.0.1 localhost Localhost.localdomain
192.168.1.1 Debian Debian
192.168.0.2 t02 T02.tiger
192.168.0.4 t04 T04.tiger
10.17./etc/hostname
The file has only one row, which records the host name of the machine. 10.18/etc/hosts.allow and/etc/hosts.deny.
These two files are TCPD server configuration files, and TCPD servers can control the access of external IP to native services. The two configuration files are formatted as follows:
#服务进程名: Host list: Optional command action when rule matches
Server_name:hosts-list[:command]
/etc/hosts.allow control can access the IP address of this computer,/etc/hosts.deny control prohibit access to native IP. If two files have conflicting configurations, take/etc/hosts.deny. The following is an example of a/etc/hosts.allow:
all:127.0.0.1 #允许本机访问本机所有服务进程
smbd:192.168.0.0/255.255.255.0 #允许192.168.0. IP Access SMBD services for network segments
All keyword matches all cases, except match in addition to some items, paranoid match the IP address you want to control and its domain name mismatch (domain name camouflage).