Ftp service, Nfs service, and Nis service

Install vsftpd in ftp service, Nfs service, and Nis service ftp service: yuminstallvsftpd *-y view vsftdd installation: getsebool & amp; ndash; tl | grepftp anonymous user vietcvsftpdvsftpdconf No. anon_mkdir_wri ftp service, Nfs service, and Nis service ftp service install vsftpd service: # yum install vsftpd *-y view vsftdd installation: # getsebool-tl | grep ftp anonymous user # vi/etc/vsftpd. conf to # anon_mkdir_write_enable = YES and then add anon_other_write_enable = YES # anon_upload_enable = YES to restart the service:/etc/init. d/vsftpdrestart or Service vsftpd restart create Directory: mkdir/pub change its owner/group to ftp: chmod ftp: ftp/pub change bool value: setsebool-P allow_ftpd_ano + n_writeon view bool value: getsebool-a | grep ftp modify context: chcon-R-t public_content_rw_t/var/ftp/pub restart service:/etc/init. d/vsftpdrestart or Service vsftpd restart View: ll-Z local user limit upload/download speed create User: useraddaaa Passwd aaa 123 modify bool value: setsebool-P allow_home_dir on # vi/etc/vsftpd. add user_config_dir =/etc/vsftpd after local_umask = 22 in conf to limit the aaa speed: echo "local_max_rate = 1024">/etc/vsftpd/aaa restart service: /etc/init. d/vsftpdrestart or Service vsftpd restart Virtual User # vi/etc/vsftpd. conf Anonymous_wnable = NO disable anonymous user addition: guest_enable = YES Guest_username = vtest created in cd/etc/vstpd # Vivuser User1 username 123 password User2 123db_load-T-t hash-f vuser/etc/vsftpd/vuser. db modification permission: chmod 600/etc/vsftpd/vuser. db # vi/etc/pam. d/vsftpd content all use # Add auth required pam_userdb.so db =/etc/vsftpd/vuser account required pam_userdb.so db =/etc/vsftpd/vuser support process: useradd-s/sbin/nologin vtest common File: touch/home/vtest modify permission: chmod 704/home/vtest restart service:/etc/init. d/vsftpdrestart or Service vsftpd restart Nfs server: Create directory: mkdir/filepub # vi/etc/exports/filepub 192.168.1.0/24 (rw, no_root_squash) server ip restart Service: /etc/init. d/nfs restart re-enter the configuration file: the exportfs-rv client accesses nfsshowmount-e 192.168.1.111 (server ip) mount. nfs 192.168.1.111:/filepub/mntdf-h/mnt the file under/mnt is the file on the server. when viewing the file, the server is in/filepub, on the Nis server of the/mnt client, run # vi/etc/hosts192.168.0.100 (server ip) abc.com abc to view ping abc. comDomainname abc, comeho "domainname abc.com">/etc/rc. local # vi/etc/sysconfig/network NIS_DOMAIN = abc.com install nisyum install yp *-y # vi/etc/ypserv. add "192.168.0.0/24: *: none" to user useradd aaa Passwd 123 and upgrade it to domain User:/usr/lib/yp/ypinit-m to start service/etc/init. d/ypserv start/etc/init. d/yppasswddrestart issue the host file # vi/etc/exports/home192.168.1.0/24 (rw, no_root_squash) server ip restart service:/etc/init. d/nfs restart re-enter the configuration file: exportfs-rv client vi/etc/hosts 192.168.0.100 abc.com abcvi/etc/yp. conf domain abc.com server abc. comnisdomainname abc. comecho "nisdomainname abc.com">/etc/rc. localecho "NIS_DOMAIN = abc.com">/etc/sysconfig/network modify the client authentication method nis # vi/etc/nsswitch. conf change passwd file nis chadow file nis group file nis start service:/etc. init. d/ypbind startecho "/etc. init. d/ypbind start ">/etc/rc. localecho "nisdomainname abc.com">/etc/rc. localchkconfig ypbind on calls the host file showmount-e 192.168.0.100 (server ip) mount. nfs 192.168.0.100:/home/homedf-h/mnt query echo "mount. nfs 192.168.0.100:/home ">/etc/rc. the local samba service shares the file abc on windows. After linux accesses the window sharing, it queries and shares: net sharelinux to view: smbclient-L // 192.168.1.111 (windows ip)-U administrator to open the file: mount. cifs // 192.168.1.111/abc/mnt-ousername = administratordf-h/mnt or method 2 Smbclient/192.168.1.111/abc-U administratorSmb:/Linux shared windows ACCESS Linux installation: yum install samba *-y permanent chkconfig smb on view chkconfig amb--list modify bool value: setsebool-P samba_enable_home_dirs on create smb user Useradd aaa Smbopasswd-a 123 restart service: /etc/init. d/smb restart Windows run input // 192.168.1.123 (linux ip) enter the user name and password, and you will see your home directory logged in with anonymous user nobody # vi/etc/samba/smb. conf [public]: remove and change Path =/pub to delete Write list = + staff to create Directory: Mkdir/pub to owner/Group: Chown nobody: nobody/pub restart service: etc/init. d/smb restart permission: chmod 700/pub change context: chcon-t samba_t _t/pub # vi/etc/samba/smb. conf change Security = share restart service:/etc/init. d/smb restart: In this case, you can log on to windows with an anonymous user and you will see your public account. if you want to use the user, you will be able to see your home directory and public # vi/etc/samba. smb. conf change Security = user add browseable = yes # chmod o + rwx/pub in [public] and clear the password record in windows. net use */delete DHCP service install yum install dhcp *- y # Vi/etc/dhcp/dhcpd. confddns-update-style interim; ignore client-updates; subnet 192.168.0.0 network 255.255.255.0 {Option routers 192.168.0.1; Option subnet-mask 255.255.255.0; Option nis-domain "abc.com "; option domain-name "abc.com"; Option domain-name-server 202.99.166.4; Option time-offset-18000; Range dynamic-bootp 192.168.0.10 192.168.0.100; Default-lease-time 21600; max-lease-time 43200; (retained) host jingli {Hardware Ethernet00: 0c: 29: 63: ac: 1c; (host max) Fixed-address192.168.1.11 (retained ip )}} vpn-pptp installation: Rpm-ivh pptpd-1.3.4-2.el6.i686 # I/etc/sysctl. conf: nex. listen 4_forward = 1 # I/etc/pptpd. confLocalip 192.168.1.1 (Internet) Remoteip 192.168.0.12-123 (intranet) # vi/etc/ppp/chap-secertAaa (User) pptp 123 (password) * (select one of all) /192.168.0.23 (retained)/etc/init. d/pptpd restart attachment: add Nic Cd/etc/sysconfig/network-scripts Cpifcfg-eth0 ifcfg-eth1 # viifcfg-eth1 change eth0 for eth1 to max change ipDNS installation: yum installbind *-y # Vi/etc/named. conf change: Lliten-on port {192.168.0.100;} server ip Allow-query {any;} # vi/etc/named. rfc1912.zone add forward zone "abc.com" zn {Type master; Fiel "abc.com. zone ";}; reverse zone" 0.168.192.in-adar arpa "zn {Type master; Fiel" abc.com ";}; Cd/var/namedCp named. localhost abc.com. zoneCp named. loopback abc. comVi abc.com. change zone to Mx10 mail (for mail) A 192.168.0.100 www A 192.168.0.100 (web server ip) ftp A 192.168.0.100 (ftp server ip) mail A 192.168.0.100 (email server) vi abc.com: A 192.168.0.100100 PTR www. abc. com100 PTR ftp. abc. com100 PTR mail. abc. comChown root: named abc. comChown root: named abc.com. zone/etc/init. d/named restart/etc/init. d/named reload # Vi/etc/resolv. conf (with DNS) Nameserver 192.168.0.100 auxiliary DNSYum install bind *-yVi/etc/named. conf change: Lliten-onport {192.168.0.1;} secondary server ip address Allow-query {any;} # vi/etc/named. rfc1912.zone add forward zone "abc.com" zn {Type slave; Fiel "slave/abc.com. zone "; Masters {192.168.0.100;} (primary dns ip address)}; reverse zone" 0.168.192.in-adar arpa "zn {Type slaver; Fiel" slave/abc.com "; masters {192.168.0.100 ;}};/etc/init. d/named restart cluster create an IIS ip address 192.168.0.123Linux in windows to create a webpage step Yuminstall httpd *-y # Vi/etc/www/html/index.html content # vi/etc/httpd/ conf/httpd. change conf to servername www.abc.com: 80/etc/init. d/httpd restart # vi/var/named/abc.com. change the zone to www 0 A 192.168.0.100 www 0 A 192.168.0.123/etc/init. d/httpd restart Web installation: Yum install httpd *-y create a website: vi/var/www/html/index.html/etc/init. d/httpdrestart: curl 192.168.0.100 (web server ip) on LINUX) create a website Mkdir/web # Vi/web/index.html under your own directory to create a website # Vi/etc/httpd/conf/httpd. conf changed DocumentBoot "/web" to/var/www/html by default to modify the context chcon-R-t httpd_sys_content_t/web/etc/init. d/httpdrestart limits # Vi/etc/httpd/conf/httpd. conf plus Order deny, allow Deny from all Allow from 192.168.0.100 AuthType Basic AuthName "helllo" AuthUserFile/etc/httpd/userpasswd Require user aaa Htpasswd-c/etc/httpd/userpasswd aaa/etc/init. d/httpdrestart user's home directory UseraddaaaVi/etc/httpd/conf/httpd. conf UserDir public_html # UserDir disabled and # Mkdir/home/aaa/public_htmlVi/home/aaa/public_html/index.html Setsebool-P httpd_enable_homedirs onChcon-R-release/home/aaa/public_htmlChmod o + x/home/aaa access 192.168.0.100/~ in windows /~ AaaLamp install msq database yum install mysql * and enable/etc/init. d/mysqld restartchkconfigmysqld onnetstat-nl | grep mysql queries mysql to enter View exit password mysqladmin-u root password 123 mysql-uroot-p to log on to showdatebeses to view server information usevi/etc /php. ini [MySQL] Mysql. defaule_port = 3306 insert mysql. default_host = 192.168.0.100mysql.default _ user = rootmysql. default_password = 1234 extension = msql. add a line of extension = msqli. so let him support msqli and exit vi/etc/httpd/conf/ Httpd. conf and LoadModuce php5_modulemodules/libphp5.so AddType application/x-http-php. Php share phpwind on Windows... Linux mount. cifs // 192.168.0.123/aaa/mnt-ousername = administratorCd/mntCp php... /Usr/local/srcCd/usr/local/src unzip: unzip php .. cp-Rfupload/var/www/htmlChmod-Rf777/var/www/html/uploadVi/etc/httpd/conf/httpd. conf change: DocumentBoot "/var/www/html/upload" AddDefaultCharset zh-CN/etc/init. d/httpdrestart: the name-based VM has DNS support for two nds forward regions: abc.com bbb.com # Vi/etc/httpd/conf/httpd. add conf DocumentRoot/web1 Servername www.abc.com DocumentRoot/web2 Servername www..bbb.com Mkdir/web1Mkdir/web2 # vi/etc/resolv. conf Nameserver 192.168.0.100 # vi/web1/index.html # vi/web2/index.html Chcon-R-t httpd_sys_content_t/web1/2/etc/init. d/httpdrestart combined with FTP Yuminstall vstftpd *-yUseraddaaa/bbb # Vi/etc/passwd change home directory:/home/aaa/web1/hoem/bbb/web2Chcon-Rfaaa: aaa/web1Chcon-Rfbbb: bbb/web2Setsebool-P allow_ftp_full_access onSetsebool-P ftp_home_dir onMv/var/ftp/var/bak. ftp. bak/etc /Init. d/vsftpdrestart HTTPSYuminstall mod-ssl *-yCd/etc/pki/tls/certsMakeabc. the first three of crt are the passwords followed by www.abc.com, the domain name of the National Department of the city Company (hereinafter referred to as the National full name). in the change to SSCertificateFile/etc/pki/tls/certs/aaa. crt SSCertificateFile/etc/pki/tls/certs/aaa. key # vi/etc/httpd/conf/httpd. confListen 80 plus # vi/var/www/htm/index.html access https: // SENDMAIL install DNS resolution mail.abc.com can mail Yum install sendmail *-yCd/etc/mail # Viaccess Add: connect 192.168.1.10 RELAY or Connect abc.com RELAYAlternatves -- Select 2 for config mta:/usr/sbin/sendmail. sendmail disables postfix:/etc/int. d/postfix stop Chkconfig postfix off Yum remove postfix *-y # visendmail. cf Plus #0 DaemonPortopt = port = smtp/Addr = 127.0.0.1Name = MTA/etc/init. d/sendmailrestart receive email Yuminstall dovecot *-y # Vi/etc/dovecot. conf and protocols = pop3 Listen = * Login_trusted_network = 192.168.0.0/24 # vi/etc/dovecot. c Onf/10-mail.conf # mail_location = mbox :~ /Mail: INBOX =/var/mail/% u/etc/init. d/dovecotrestart install DNS resolution based on identity audit SMTP Authentication mail.abc.com can send an email Yum install sendmail *-yCd/etc/mail # Viaccess add: connect 192.168.1.10 RELAY or Connect abc.com RELAYAlternatves -- Select 2 for config mta:/usr/sbin/sendmail. sendmail disables postfix:/etc/int. d/postfix stop Chkconfig postfix off Yum remove postfix *-yYuminstall syrus *-y/etc/init. d/saslauthdstartChkconfigsasauthd on # visendmail. Mc Dnl TRUST_AUTH-MECH... MD5 .... Dnl .. GSSAP2 MD5 delete dnlDAEMON-OPIONS... ADDR = 127.0.0.1 .. add ndlM4sendmail. mc> sendmail. cf/etc/init. d/sendmailrestart Yum install dovecot *-y # Vi/etc/dovecot. conf and protocols = pop3 Listen = * Login_trusted_network = 192.168.0.0/24 # vi/etc/dovecot. conf/10-mail.conf # mail_location = mbox :~ /Mail: INBOX =/var/mail/% u/etc/init. d/dovecotrestart firewall add Nic intranet 192.168.1.1 and Internet 222.222.222.222Vi/etc/sysctl. change conf to net. ipv4 = 1 Sysctl-p based on the source ip address: iptables-t nat-APOSTROUTING-s 192.168.1.0/24-j SNAT-to 222.222.222.222 based on the destination ip address: iptables-t nat-a prerouting-d222.222.222.222-p tcp-dport 80-j 192.168.1.2: 80 ping: iptables-a input-p icmp-jDROP external telnet internal: iptables-t nat-a prerouting-d222.222.222.222-p tcp-dport telnet-j DNAT-to192.168.1.2: 23 disable an external telnet instance: iptables-a forward-S222.222.222.222-p tcp-dport 23-j DROP release ftp: ip: iptables-t nat-APREROUTING-d 222.222.222.222-p tcp-dport 21-j 192.168.1.2: 21 add Module: modprobenf_nat_ftp (remove module rmmod nf_nat_ftp) Echo "modprobenf_nat_ftp">/etc/rc. modulesChmod 755/etc/rc. modules prohibits other hosts from pinging the firewall, but the firewall can ping other Iptables-AINPUT-p icmp-type Echo-Request-j DROPIptables-AINPUT-p icmp-type Echo-_ reply -j ACCEPTIptables-AINPUT-p icmp-type destination-unreachable-j ACCEPT: 01: 02: 03: 04: 05-j DROP allow the firewall machine to Open tcp ports 20, 21, 25,110 and passive mode FTP ports 1250-1280Iptables-AINPUT-p tcp-m multiport-dport 20, 21, 25,110,125 0-1280-j ACCEPT prohibit conversion from source IP address segment Iptables-AFORWARD-p tcp-m iprang-src-rang 192.168.1.20-192.168.1.50-j DROP open local dnsIptables-AINPUT-p tcp- dport 53-j ACCEPTIptables-AINPUT-p udp-dport 53-j ACCEPTIptables-AOUPUT-p tcp-dport 53-j ACCEPTIptables-AOUPUT-p udp-dport 53-j ACCEPT view iptables -t nat-L clear rules iptables-F