Linux Concise system maintenance Manual (II)

Iv. Major Software Installation

As I said before, it is my custom to install a kernel and compile the system when installing the system, and then to install the other software after a clean system is clear. Another point, unless the source version is not available, I will normally download the official version of the source code file to recompile. Similarly, the choice of software version is based on the release of the software note to decide, not the newer the better. That's why a lot of software is a development that goes hand in hand with several versions. These software different versions of the installation method will be a little different, before installation must carefully read the contents of the Readme file and install files, otherwise these little differences will cause a lot of trouble. The installation process described below is closely related to the nuclear version number. In addition, all software copies the package of program files to the/USR/LOCAL/SRC directory to decompress, this is the custom. Because in Linux is accustomed to put the later software in the/usr/local.

(1) Installing a DNS server

1, download the BIND domain name server software from www.isc.org. We are using the Bind8.3.0,bind8 branch and the BIND9 branch to develop in parallel. Choose the appropriate version of BIND according to your situation.

2, MKDIR/USR/SRC/BIND83

3, download the file called bind-src.tar.gz, copied to the/USR/LOCAL/SRC/BIND83 directory.

4, CD/USR/LOCAL/SRC/BIND83

5, Tar zxvf bind-src.tar.gz

6. CD src

7, make Stdlinks

8. Make Clean

9, make depend

10, make all

11, make Install

12, edit the configuration file:/etc/named.conf content as follows, need to change the part in bold marked out:


/*
* This is a worthless, nonrunnable example of a named.conf file that has
* Every conceivable syntax element in use. We use it to test the parser.
* It could also is used as a conceptual template for users of new features.
*/

/*
* C-style comments are OK
*/

So are c++-style comments

# so are shell-style comments

Watch out for ";"--it ' s important!

Options {
Directory "/var/named";
Use current directory
Named-xfer "/usr/libexec/named-xfer";
_path_xfer
Dump-file "Named_dump.db";
_path_dumpfile
Pid-file "/var/run/named.pid";
_path_pidfile
Statistics-file "Named.stats";
_path_stats
Memstatistics-file "Named.memstats";
_path_memstats
Check-names master fail;
Check-names slave warn;
Check-names response ignore;
Host-statistics No;
Deallocate-on-exit No;
Painstakingly deallocate all
objects when exiting instead of
Letting the OS clean up for us.
Useful a memory leak is suspected.
Final statistics are written to the
Memstatistics-file.
DataSize default;
StackSize default;
Coresize default;
Files Unlimited;
recursion Yes;
Fetch-glue Yes;
Fake-iquery No;
Notify yes;
Send NOTIFY messages. You can set
Notify on a Zone-by-zone
Basis in the "zone" statement
(below)
Serial-queries 4;
Number of parallel SOA queries
We can have outstanding for master
Zone Change testing purposes
Auth-nxdomain Yes;
Always set AA on Nxdomain.
Don ' t set this to ' no ' unless
You know what ' re doing--older
Servers won ' t like it.
Multiple-cnames No;
If yes, then a name I have more
than one CNAME RR. This use
is non-standard and are not
Recommended, but it is available
Because previous releases supported
It and it is used by large sites
For load balancing.
allow-query {any;};
Allow-transfer {any;};
Transfers-in 10;
Default_xfers_running, cannot be
Set > than max_xfers_running (20)
Transfers-per-ns 2;
Default_xfers_per_ns
Transfers-out 0;
Not implemented
Max-transfer-time-in 120;
Max_xfer_time; The default number
Of minutes an inbound zone transfer
May run. May is set on a per-zone
Basis.
Transfer-format One-answer;
Query-source address * port *;
/*
* The "forward" option is only meaningful if you ' ve defined
* Forwarders. "Gives" the normal BIND
* forwarding behavior, i.e. ask the forwarders
* doesn ' t work then does the full lookup. You can also say
* "forward only;" which are what used to being specified with
* "Slave" or "Options forward-only". "Only" would never attempt
* a full lookup; Only the forwarders would be used.
*/
Forward;
Forwarders {};
Default is no forwarders
topology {localhost; localnets;};
Prefer local nameservers
listen-on port {any;};
Listen for queries on port
Any interface on the system
(i.e. all interfaces). The
"Port" is optional; If you
Don ' t specify a port, port 53
is assumed.
/*
* Interval Timers
*/
Cleaning-interval 60;
Clean the cache of expired RRs
Every ' cleaning-interval ' minutes
Interface-interval 60;
Scan for new or deleted interfaces
Every ' interface-interval ' minutes
Statistics-interval 60;
Log statistics every
' Statistics-interval ' minutes
Maintain-ixfr-base No;
If Yes, keep transaction log file for IXFR
Max-ixfr-log-size 20;
Not implemented, maximum size the
IXFR transaction log file to grow
};

/*
* Control listeners for "NDC". Every nameserver needs at least one.
*/
Controls {
inet * Port allow {any;};
A bad idea
Unix "/VAR/RUN/NDC" Perm 0600 owner 0 Group 0;
The default
};

Zone "Rd.xxx.com" in {
Type master;
What used to be called "PRIMARY"
File "Rd.xxx.com.db";
Check-names fail;
allow-update {none;};
Allow-transfer {any;};
allow-query {any;};
Notify yes;
Send NOTIFY messages for this
Zone? The global option is used
If "Notify" is not specified
Here.
also-notify {};
Don ' t notify any nameservers
than those on the NS list for this
Zone
};

Zone "223.99.211.in-addr.arpa" in {
Type master;
What used to be called "secondary"
File "21.9.22.db";
};

Zone "0.0.127.in-addr.arpa" in {
Type master;
File "127.0.0.db";
};

Zone "." In {
Type hint;
Used to be specified w/"cache"
File "Named.root";
};

Logging {
/*
* All log output goes to one or more "channels"; Can make as
* Many of them as you want.
*/

Channel Syslog_errors {
This channel would send errors or
Syslog user;
Or worse to syslog (user facility)
Severity error;
};

Category Parser {
Syslog_errors;
Can log to as many channels
Default_syslog;
As you want
};

Category lame-servers {null;};
Don ' t log and all

Channel Moderate_debug {
Severity Debug 3;
Level 3 Debugging to file
File "foo";
Foo
Print-time Yes;
Timestamp log Entries
Print-category Yes;
Print category name
Print-severity Yes;
Print severity level
/*
* Note This debugging must have been turned on either
* On the command line or with a signal to get debugging
* Output (non-debugging output would still is written to
* this channel).
*/
};

/*
* If you don ' t want to the zone XXXX loaded messages but do
* Want to the no problems, you could do the following.
*/

Channel No_info_messages {
Syslog
Severity notice;
};

Category load {no_info_messages;};

/*
* You can also define category "Default"; It gets used when no
* "category" statement has been given for a category.
*/

Category Default {
Default_syslog;
Moderate_debug;
};

};



13, in the/var/named/to generate/etc/named.conf tags in the file: Rd.xxx.com.db, the content is as follows, you need to modify and adjust the appropriate parts:
; Authoriative Data for rd.xxx.com
;
$TTL 3600
@ in SOA compaq.rd.xxx.com. Tandongyu.rd.xxx.com. (
20020101; Serial
3600; Refresh 1 hour
900; Retry mins
604800; Expire 7 Days
86400); Mini hours
; Name Server NS Records
@ in NS compaq.rd.xxx.com.
; Mail Exchange (MX) records
rd.xxx.com. In MX 0 Compaq
; Address (A) records.
localhost in A 127.0.0.1
Compaq in A 21.9.22.9
Tls65 in A 21.9.22.8
Fbsd in A 21.9.22.7




14, in the/var/named/to generate/etc/named.conf tags in the file: 21.9.22.db, the content is as follows, you need to modify the corresponding section:


;
;
$TTL 3600
@ in SOA compaq.rd.xxx.com. Tandongyu.rd.xxx.com. (
20020101; Serial
3600; Refresh
900; Retry mins
604800; Expire 7 Days
86400); Mini hours
; NameServer (NS) records
@ in NS compaq.rd.xxx.com.
; Address point to Name (PTR) records
9 in PTR compaq.rd.xxx.com.
8 in PTR tls65.rd.xxx.com.
7 in PTR fbsd.rd.xxx.com.



15, in the/var/named/to generate/etc/named.conf tags in the file: 127.0.0.db, the content is as follows, you need to modify the corresponding section:


; 0.0.127.in-addr.arpa
$TTL 3600
@ in SOA compaq.rd.xxx.com. Tandongyu.rd.xxx.com. (
20020101;serial
3600 refresh;
1800; retry.
604800; expiration.
3600); minimum
In NS compaq.rd.xxx.com.
1 in PTR localhost.



16, in the/var/named/to generate/etc/named.conf tags in the file: Named.root, the content is roughly as follows. This file marks 14 domain name servers. The latest sample of the file can be obtained from ftp.rs.internic.net: Named.hosts, then renamed to the name you need, such as: Named.root


; This file holds the information on root name servers needed to
; Initialize cache of Internet domain name servers
; (e.g. reference this file in the "cache.")
; Configuration file of BIND domain name servers).
;
; This file is made available by InterNIC registration services
; Under Anonymous FTP as
; File/domain/named.root
; On server FTP.RS.INTERNIC.NET
; -or-under Gopher at RS. Internic.net
; Under Menu InterNIC registration Services (NSI)
; submenu InterNIC Registration Archives
; File Named.root
;
; Last Update:aug 22, 1997
; Related version of Root zone:1997082200
;
;
; Formerly NS. Internic.net
;
. 3600000 in NS a.root-servers.net.
A.root-servers.net. 3600000 A 198.41.0.4
;
; Formerly NS1. isi.edu
;
. 3600000 NS b.root-servers.net.
B.root-servers.net. 3600000 A 128.9.0.107
;
; Formerly C.psi.net
;
. 3600000 NS c.root-servers.net.
C.root-servers.net. 3600000 A 192.33.4.12
;
; Formerly Terp. umd.edu
;
. 3600000 NS d.root-servers.net.
D.root-servers.net. 3600000 A 128.8.10.90
;
; Formerly NS. NASA.gov
;
. 3600000 NS e.root-servers.net.
E.root-servers.net. 3600000 A 192.203.230.10
;
; Formerly NS. isc.org
;
. 3600000 NS f.root-servers.net.
F.root-servers.net. 3600000 A 192.5.5.241
;
; Formerly NS. Nic. Ddn.mil
;
. 3600000 NS g.root-servers.net.
G.root-servers.net. 3600000 A 192.112.36.4
;
; Formerly AOS. ARL. Army.mil
;
. 3600000 NS h.root-servers.net.
H.root-servers.net. 3600000 A 128.63.2.53
;
; Formerly NIC. Nordu.net
;
. 3600000 NS i.root-servers.net.
I.root-servers.net. 3600000 A 192.36.148.17
;
; Temporarily housed at NSI (InterNIC)
;
. 3600000 NS j.root-servers.net.
J.root-servers.net. 3600000 A 198.41.0.10
;
; Housed in LINX, operated by ripe NCC
;
. 3600000 NS k.root-servers.net.
K.root-servers.net. 3600000 A 193.0.14.129
;
; Temporarily housed at ISI (IANA)
;
. 3600000 NS l.root-servers.net.
L.root-servers.net. 3600000 A 198.32.64.12
;
; Housed in Japan, operated by WIDE
;
. 3600000 NS m.root-servers.net.
M.root-servers.net. 3600000 A 202.12.27.33
; End of File



17, we also need to configure/etc/resolv.conf,/etc/hosts,/etc/hosts.conf files to adapt to the new situation.

18, the end of everything, with the/USR/SBIN/NDC Start command to start bind, the same can be used to stop, restart, reload, and other command parameters operation.

19, after starting with the nslookup command (some systems recommend the use of Dig command) to check whether the correct. If an error occurs, the command will not start. The common error is that the database file or configuration file is a typo. Like a few "." Or the document is not correct and so on.

(2) Install SendMail server

1, download the latest version from www.sendmail.org (this snedmail is necessary to upgrade to the latest version, because its upgrade is mainly a security vulnerability issue). This is a description of the sendmail-8.12.2.tar.gz.

2, cd/usr/local/src/

3. Download the file to:/USR/LOCAL/SRC

4, Tar zxvf sendmail-8.12.2.tar.gz

5, cd/usr/local/src/sendmail-8.12.2

6, chmod go-w//etc/etc/mail/usr/var/var/spool/var/spool/mqueue

7, Chown root//etc/etc/mail/usr/var/var/spool/var/spool/mqueue

8, Cd/usr/local/src/sendmail-8.12.2/sendmail

9, SH Build

10, CD/USR/LOCAL/SRC/SENDMAIL-8.12.2/CF/CF

11, the establishment of document SENDMAIL.MC content as follows, you can modify the corresponding parts as needed.


Divert (-1)
DNL this are the macro config file used to generate THE/ETC/SENDMAIL.CF
DNL file. If You are modify Thei file you'll have to regenerate the
DNL/ETC/SENDMAIL.CF by running this macro config through the M4
DNL Preprocessor:
DNL M4/ETC/SENDMAIL.MC >/ETC/SENDMAIL.CF
DNL you'll need to have the SENDMAIL-CF Pacage installed for this to work.
Include ('/USR/LOCAL/SRC/SENDMAIL-8.12.2/CF ')
Define (' confdef_user_id ', ' 8:12 ')
OSType (' Linux ')
Undefine (' Uucp_relay ')
Undefine (' Bitnet_relay ')
Define (' Confto_connect ', ' 1m ')
Define (' Conftry_null_mx_list ', true)
Define (' Confdont_probe_interfaces ', true)
Define (' Procmail_mailer_path ', '/usr/bin/procmail ')
Define (' Smart_host ', compaq.rd.xxx.com)
<---This is for (non-hub) default use hub to send mail
Masquerade_as (' rd.xxx.com ')
<-------------------------
FEATURE (' Masquerade_entire_domain ')
<---These three are used for email address camouflage
FEATURE (' Masquerade_envelope ')
<-------------------------
FEATURE (' Smrsh ', '/usr/sbin/smrsh ')
FEATURE (' mailertable ', ' hash-o/etc/mail/mailertable ')
FEATURE (' virtusertable ', ' hash-o/etc/mail/virtusertable ')
FEATURE (redirect)
FEATURE (Always_add_domain)
FEATURE (Use_cw_file)
FEATURE (Local_procmail)
FEATURE (' access_db ')
FEATURE (' blacklist_recipients ')
FEATURE (' Accept_unresolvable_domains ')
MAILER (SMTP)
MAILER (Procmail)
DNL We strongly recommend to comment this one out if you want to protect
Dnl yourself from spam. However, the laptop and users on computers
DNL not hav 24x7 DNS does need this.
DNL FEATURE (' relay_based_on_mx ')



12, SH build INSTALL-CF

13, Groupadd Smmsp

14, Useradd Smmsp

15. CD Cd/usr/local/src/sendmail-8.12.2/sendmail

16, SH Build Install

17, Cd/usr/local/src/sendmail-8.12.2/makemap

18, SH build clean

19, SH Build all

20, SH Build Install

21, CD/USR/LOCAL/SRC/SENDMAIL-8.12.2/

22, add MX record in the domain DNS master database file:


rd.xxx.com. In MX 0 Compaq



Note that the corresponding section is modified. That 0 is used when there are several mail concentrator to mark the order. When there are several MX, the recommended sequence is written as 10, 20, 30 ...

23. Create an Access file in the/etc/mail directory, similar to the following:


127.0.0.1 RELAY
21.9.22 RELAY
211.99.221.238 RELAY



Then: Makemap Hash access.db < access

24, the creation file/etc/mail/local-host-names, its content for this machine has domain name information.


Rd.xxx.com
Compaq.rd.xxx.com



25, create file/etc/mail/aliases, similar content:


Mailer-daemon:postmaster
Postmaster:root
Bin:root
Daemon:root
Nobody:root



Run newaliases to create the database.

One of the meanings of creating an alias file is when the message is sent to a user of another mail server in the domain rather than to the mail hub user.

For example, add a line:


Atan:atan@fbsd



Causes the message to be forwarded automatically to atan@fbsd.rd.xxx.com when it is sent to the mail hub

26, start SendMail:/usr/sbin/sendmail-bd-q30m

Error: If there is a problem that does not start, most of the problems are related to DNS configuration and you can use Nslookup to check DNS for normal. Checking the contents of the/etc/mail in a row is also a good way to arrange mistakes. In addition, modifying the configuration does not recommend directly editing the sendmail.cf file, it is recommended that you use the M4 Macro compilation tool, because some security vulnerabilities or outdated macros are prompted at compile time, so as to avoid related security issues.