These are more practical system configuration, collection, in case of a rainy future! The following are the important configuration files explained under etc:
1,/etc/hosts
#文件格式: IPaddress hostname aliases
#文件功能: Provide the host name to the IP address of the corresponding relationship, it is recommended to use their own frequently used host
# Join this file, you can also add a machine without DNS records to this file, it will be convenient for network applications
The system has the following two default, it is recommended to keep:
#cat/etc/hosts127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 :: 1 localhost localhost.localdomain localhost6 localhost6.localdomain6
New additions such as: {Must have three fields: IP, FQDN (fully qualified domain name/full name), HOSTNAME}
210.38.206.21 jx.sgu.edu.cn JX
2,/etc/resolv.conf
File Features: DNS client configuration file, setting the IP address and DNS domain name of the DNS server
Files associated with it:/etc/host.conf
File format:
DomainName Domain Name
Search domain
NameServer primary_dns_server_ip_address
NameServer second_dns_server_ip_address
where domainname and search can exist at the same time, there can be only one; nameserver can specify multiple
Sample file Contents:
Search sgu.edu.cn
NameServer 202.96.128.86
3,/etc/host.conf
Function: Specifies the hostname lookup method, which usually refers to finding the file/etc/hosts, and then requesting the DNS server when it is not found.
(For most users, do not change this file content)
The file contents can have the following:
Order Bind,hosts
Multi on
Nospoof on
Explain:
Order bind,hosts--> Specifies the sequence of host name queries, where DNS is used to resolve domain names before querying "/etc/hosts" files (or vice versa)
Multi on--> Specifies whether the host specified in the "/etc/hosts" file can have more than one address, and a host with multiple IP addresses is generally called a multi-homed host
Nospoof on--> means IP address spoofing is not allowed on this server (IP spoofing is a means of attacking system security by disguising IP addresses as other computers to obtain trust from other computers)
4,/etc/xinetd.conf
Old version or other version is inetd.conf, in Redhat new version/etc/inetd.conf file is gone, instead of/etc/ XINETD.D files, each file is a service launched in inetd mode, the same as the previous inetd.conf, just changed the format of the file
It is the Internet's Super server, which holds the database that the system provides the Internet service, through which you can control the services, such as turning on/off a service to make them run more safely. Related programs:/usr/sbin/inetd
Corresponding services:
Telnet, FTP, Nrpe, POP3
Each valid entry in the base should contain the following fields:
* Service Name
* Socket Type
* Protocol Type
* Wait/nowait[.max]
* User name [. Group]
* Service Procedure
* Parameters of the service program
--The service name is a valid service name defined in the/etc/services file (such as Telnet,echo, etc.)
--The Socket Type field contains the following types of fields:
* Stream-stram
* Dgram-datagram
* Raw-raw
* rdm-reliabl! Y delivered message
* seqpacket-sequenced Packet
--The protocol type field must be a type that has already been defined in the/etc/protocols file (for example, TCP and UDP), and the SUN-RPC service should precede the protocol with "rpc/" (such as rpc/tcp or RPC/UDP)
--wait are used only for packet sockets, others use the nowait parameter. If the service is multithreaded, it means that the socket XINETD process can receive more messages with "nowait" entries after the connection is established with the peer. If the service is single-threaded, the service will handle all incoming packets in the same socket until the timeout, in which case the "Wait" entry is used. Max parameter, separated by a point and wait/nowait, defines the maximum number of instances that the inetd process produces in a minute
--user domain defines the consumer of the service. Group parameter, separated by a point and user name, defines the group ID that can run the service except in the/etc/passwd file
--The service program is the full path of the program that executes when the socket is requested. If it is a service built into the inted process, it should be "internally" here
---The service program parameter provider runs the required parameters, similarly, if it is a built-in service, it is also "internally"
Look at a Telnet instance:
/USR/SBIN/TCPD in.telnetd
* Service Name: Telnet
* Socket Type: Stream
* Protocol type: TCP
* Wait/nowait[.max]: Nowait
* User name [. Group]: Root
* Service procedure:/USR/SBIN/TCPD
* Parameter: in.telnetd
Opening and closing of services
Very simple, just add a # comment before the service you want to close, such as:
#telnet Stream TCP nowait ROOT/USR/SBIN/TCPD in.telnetd
At this point, the Telnet service is closed! If you want to open it, just remove the #
5,/etc/hosts.allow and/etc/hosts.deny
/etc/hosts.allow settings allow machines that use the XINETD service, such as all:210.38 to allow all requests from 210.38.x.x
/etc/hosts.deny setting a machine that does not allow the use of XINETD services
6,/etc/networks
Older or other versions of Linux will also have this file/etc/netmasks
The main function of the file is routing table, other functions, such as adding static route, delete route, etc. can refer to man
Some examples:
#route add-net dlrin GW DLRIN-GW#route add-net 210.38.206.21 netmask 255.255.255.0 eth0#route add-net 210.38.2 06.23 netmask 255.255.255.0 GW 210.38.206.254 #route add-net * * GW 202.118.66.254#route Add default GW 202.118.66.1
7,/etc/passwd --User password file
/etc/issue System Station TIP information (for main console)
/etc/issue.net Display information when Telnet
/ETC/MOTD message (can be empty) after the user enters the system
/etc/ld.so.conf dynamic link library file directory list
8,/etc/exports
The NFS (Network file system) Server output filesystem table, which defines the format:
#cat/etc/exports
/mnt/iso 210.38.206.0/24 (Rw,sync)
Among the parameters are:
Set options Description
Sync sets the NFS server to synchronize the write disk so that data is not easily lost and NFS server recommends this option
Ro Set Output shared directory read-only, with RW pick-up can be used simultaneously
RW Set the output of the shared directory can read and write, and RO can not be used together
9,/ETC/BASHRC and/ETC/CSH.CSHRC and/etc/profile
where/ETC/BASHRC [all called BASH (Bourne Again Shell) RunTime Command Shell Script] uses the most
Default environment settings for system users: PATH, umask, term Type
/ETC/CSH.CSHRC [csh Runtime COmmand]
10,/etc/pam.d/login
Root list of devices to log in, Tty[1-8] device on the main console, ttyp* (LINUX) Telnet terminal (telnet, SSH) device
/etc/nologin
The system does not want users to log in when they want to shut down, resulting in this file, the content of the file is displayed to the user about the denial of connection information, the user can not enter the system at this time. If this file is present when the system restarts, no user can use the system after the machine starts, consider removing the file from a floppy disk or CD-ROM boot, and then restarting the system
/etc/security
Set those terminals can let the root login, generally set to only the console users may use root, and in Redhat use the PAM mechanism, the corresponding file is/etc/securetty
/etc/x11/* XFree86 window configuration file
/etc/shells
A shell list that the user can use, and if you forcibly modify the/etc/passwd file, you can also use a shell program that is not in the list, but for a user who is not in the shell, you will not be able to connect to the system using FTP
/etc/mtab
The information file that the system creates at startup, content is the file system that already mount, this file content is updated dynamically, can refer to/proc/mounts
ETC Common configuration information under Linux