Linux Service Deployment

Source: Internet
Author: User
Tags dns names file transfer protocol

1. Build NTP time server NTP server is used for local area network server time synchronization, can ensure that all the servers in LAN are consistent with time server time, some applications must unify time for time requirement.
Internet time servers are also available for many, such as Ntpdate ntp.fudan.edu.cn Fudan University's NTP free internet time synchronization.
NTP server listening port is UDP 123, then you need to open the local firewall to run Client Access 123 port, vi/etc/sysconfig/iptables add the following rules:
-A input-m state--state new-m udp-p UDP--dport 123-j ACCEPT
NTP Time server configuration:
Yum Install NTP ntpdate-y!
Modifying the ntp.conf configuration file
Cp/etp/ntp.conf/etc/ntp.conf.bak
Vi/etc/ntp.conf only modify the following two lines, the # number can be removed!
Server 127.127.1.0 # Local clock
Fudge 127.127.1.0 Stratum 10
Start ntpd with daemon process
/ETC/INIT.D/NTPD start
(Note *: After the NTPD starts, the client waits a few minutes before synchronizing with its time, otherwise it prompts the "no server suitable for synchronization found" error. )
Configuring the Time synchronization Client
Crontab-e
Add a row to synchronize with the time synchronization server 6:10 daily
* * * */usr/sbin/ntpdate ntp-server IP >>/usr/local/logs/crontab/ntpdate.log
Note: If the client does not have ntpdate, you can yum–y install NTP!
The following is the NTP server configuration file content (LAN NTP, if you need to synchronize with the external network, add the external network server can be)
Driftfile/var/lib/ntp/drift
Restrict default Kod nomodify notrap nopeer noquery
restrict-6 default Kod nomodify notrap nopeer noquery
Restrict 127.0.0.1
Restrict-6:: 1
Server 127.127.1.0 # Local clock
Fudge 127.127.1.0 Stratum 10
Includefile/etc/ntp/crypto/pw
Keys/etc/ntp/keys
The following is an explanation of the parameters:
Restrict default Ignore # Close all NTP requirements Packets
Restrict 127.0.0.1 # Open Internal Recursive network interface lo
Restrict 192.168.0.0 mask 255.255.255.0 nomodify #在内部子网里面的客户端可以进行网络校时, but you cannot modify the time parameters of the NTP server.
Server 198.123.30.132 #198.123.30.132 as a parent time server reference
Restrict 198.123.30.132 #开放server permission to access our NTP service
Driftfile/var/lib/ntp/drift The time spent in contacting the parent time server is recorded in the file following the Driftfile parameter
Broadcastdelay 0.008 #广播延迟时间

Since this NTP service has been built, then add the following statement to all client crontab:
0 0 * * */usr/sbin/ntpdate 10.0.0.155 >>/data/logs/ntp.log 2>&12. Building a DHCP server DHCP (Dynamic Host configuration Protocol) is a local area network protocol that works with the UDP protocol, primarily for the purpose of automatically assigning IP addresses to internal networks or network service providers, DHCP has 3 ports, where UDP67 and UDP68 are normal DHCP service ports, respectively, as DHCP server and DHCP client service ports.
DHCP can be deployed on a server, switch, or server to control a range of IP addresses, and the client can automatically obtain the IP address and subnet mask assigned by the DHCP server when it logs on to the server. Where DHCP resides on the server where the TCP/IP protocol needs to be installed, a static IP address, subnet mask, and default gateway need to be set.
To formally install the DHCP service:
Yum Install DHCP dhcp-devel–y, and then modify the contents of the dhcp/etc/dhcpd.conf configuration file as follows:
Ddns-update-style Interim;
Ignore client-updates;
Next-server 192.168.0.79;
FileName "pxelinux.0";
Allow booting;
Allow BOOTP;
Subnet 192.168.0.0 netmask 255.255.255.0 {
#---Default gateway
Option routers 192.168.0.1;
Option Subnet-mask 255.255.252.0;
# option Nis-domain "domain.org";
# option Domain-name "192.168.0.10";
# option Domain-name-servers 192.168.0.11;
# option Ntp-servers 192.168.1.1;
# option Netbios-name-servers 192.168.1.1;
#---Selects point-to-point node (default is hybrid). Don ' t change this unless
#--You understand Netbios very well
# option Netbios-node-type 2;
Range DYNAMIC-BOOTP 192.168.0.100 192.168.0.200;
Host NS {
Hardware Ethernet 00:1a:a0:2b:38:81;
Fixed-address 192.168.0.101;}
}
The parameters are resolved as follows:
Options Explain
Ddns-update-style Interim|ad-hoc|none The parameter is used to set the dynamic update mode for the DHCP server and DNS server: Interim is the DNS interactive update mode, AD-HOC is a special DNS update mode, and none is not supported for dynamic updating mode.
Next-server IP Pxeclient Remote Installation system, specifying the TFTP server address
FileName Name of the start file to be used for diskless installation, which can be a relative or absolute path to TFTP
Ignore Client-updates to ignore client updates
Subnet-mask To set the subnet mask for the client
Option routers Specify the gateway address for the client
Domain-name Specifying DNS names for clients
Domain-name-servers Specify the IP address of the DNS server for the client
Host-name Specify the host name for the client
Broadcast-address Set the broadcast address for the client
Ntp-server Set the IP address of the network time server for the client
Time-offset Set the offset time of GMT for the client in seconds
Note that as configured above, you need to modify the corresponding server network segment IP, and then restart the DHCP service,/ETC/INIT.D/DHCPD restart.
Client to obtain IP from this DHCP server, need to do simple settings, if Linux needs to change the/etc/sysconfig/network-scritps/ifcfg-eth0 Bootproto phase to DHCP can be, Windows machine, you need to modify the local connection, set it to automatically obtain the IP.
BOOTPROTO=DHCP3. Setting up Samba server samba is a free software that implements the SMB protocol on Linux and UNIX systems, consisting of servers and client programs,
SMB (Server Messages block, information service blocks) is a kind of communication protocol for sharing files and printers on LAN, which provides shared services of files and printers among different computers in LAN.
The SMB protocol is a client/server protocol that allows clients to access shared file systems, printers, and other resources on the server. By setting up "NetBIOS over TCP/IP", Samba will not only share resources with local network hosts, but also share resources with computers around the world.
To install the Samba server:
Yum Install Samba–y
Install, and then do the following settings (filter # line, blank line as follows command)
Cp/etc/samba/smb.conf/etc/samba/smb.conf.bak, egrep-v "#|^$"/etc/samba/smb.conf.bak |grep-v "^;" >/etc/samba/smb . conf
View the smb.conf configuration file as follows:
[Global]
Workgroup = MyGroup
Server string = Samba Server Version%v
Security = Share
Passdb backend = Tdbsam
Load printers = yes
Cups options = raw

[Temp]
Comment=temporary file Space
Path=/tmp
Read Only=no
Public=yes

[Data]
Comment=temporary file Space
Path=/data
Read Only=no
Public=yes
Restart the service after modification as required:
[Email protected] ~]#/ETC/INIT.D/SMB restart
Shutting down SMB services: [FAILED]
Shutting down NMB services: [FAILED]
Starting SMB services: [OK]
Starting NMB services: [OK]
Workgroup = WORKGROUP set up a workgroup or domain to be joined by Samba Server.
Server string = Samba Server Version%v The note for Samba Server can be any string or be blank. The macro%v indicates the version number of the samba that is displayed.




Security = User
1.share: User access to Samba server does not require a user name and password, and security can be low.
2. The User:samba server shared directory can only be accessed by authorized users, and Samba server is responsible for checking the correctness of the account and password. The account number and password are to be established in this Samba server.
3. Server: Relying on other Windows nt/2000 or Samba server to verify the user's account and password, is a proxy authentication. In this safe mode, the system administrator can centralize all Windows users and passwords on an NT system, use Windows NT for Samba authentication, the remote server can automatically authenticate all users and passwords, if authentication fails, Samba will use the user-level security mode as an alternative.
4. Domain: Zone security level, using the primary domain controller (PDC) to complete authentication.
Comment = Test is a description of the share, which can be any string.
Path =/home/test Shared directory path
Browseable= yes/no Used to specify whether the share can be browsed.
writable = yes/no The writable is used to specify whether the shared path is writable.
Available = Yes/no Available is used to specify whether the shared resource is available
Admin users = Admin The shared manager
Valid users = Test Allow users to access this share
Invalid users = Test Prohibit access to users of this share
Write list = Test Allow users to write to this share
public = yes/no Public is used to specify whether the share allows Guest account access.

Access in the browser is: \\192.168.33.10 (SMB file Sharing server IP), how to do not have access to the firewall and SELinux settings, you can use the following command to close:
/etc/init.d/iptables stop; Sed–i '/selinux/s/enforcing/disabled '/etc/sysconfig/selinux4. Building NFS Server NFS is the abbreviation for the network file system, which is the web filesystem. A contract for the decentralized file system, developed by Sun, was announced in 1984. The function is to enable different machines, different operating systems to share individual data with each other, so that the application can access the data on the server disk through the network, and it is a way to implement disk file sharing among Unix-like systems.
NFS relies on the RPC protocol during file transfer or information transfer. RPC, remote procedure invocation (Procedure call) is a mechanism that enables clients to perform programs in other systems. NFS itself does not provide the protocol and functionality for transmitting information.
NFS application scenarios, often used for high-availability file sharing, multiple servers share the same data, scalability is poor, its own high-availability scheme is not perfect, instead of a large amount of data can be used in the MFS, TFS, HDFs and other Distributed file system.
NFS Installation configuration:
Yum Install nfs* portmap-y If the installation is successful.

NFS installation completed, you need to create a shared directory, the shared directory in the/etc/exports file configuration, configurable parameters are as follows:
/data/192.168.33.11 (Rw,sync,no_hide,no_all_squash)
Add the previous line in the configuration file, and then restart the Portmap,nfs service,/etc/init.d/portmap restart;/etc/init.d/nfs restart
The first column/data/represents the directory that needs to be shared.
IP indicates which client access is allowed.
The settings in the IP back brackets represent permissions on the shared file.
RO read-only access
RW Read-Write access
Sync all data is written to share on request
Hide does not share its subdirectories in the NFS shared directory
No_hide subdirectories for shared NFS directories
All_squash shared file UID and GID mapping anonymous user anonymous, suitable for common directories.
No_all_squash preserve the UID and GID of shared files (default)
Root_squash all requests from the root user are mapped to the same permissions as the anonymous user (default)
No_root_squas Root user has full administrative access to the root directory


Linux client, how to want to use this NFS file system, needs to be mounted on the client, mount the command as:
Mount–t NFS 192.168.33.10:/data//mnt. If there are errors, follow the error message. Frequently asked questions are problems with the RPC service not starting, firewall not shutting down, selinux not shutting down, and so on. (Expand * Interested children's shoes can study MFS (Distributed File System).  ) 5. FTP Server FTP is the file transfer Protocol, it is because of this protocol allows the host to share files. FTP uses TCP to generate a virtual connection for controlling information, and then generates a separate TCP connection for data transfer.
VSFTPD is one of the most popular FTP server programs in Linux distributions, featuring small, light, safe and easy-to-use features that can be played and mastered.
Currently in open source operating system commonly used FTP server program mainly VSFTPD, ProFTPD, pureftpd and wuftpd, so many FTP server program, the key lies in their proficiency which one to use which. Today, let's look at vsftpd simple installation and use. Install command: Yum install vsftpd*-y
Modify the configuration file as follows:
#vsftpd Config by wugk
Anonymous_enable=no//Prohibit anonymous user access
Local_enable=yes//Allow local users to log in to FTP
Write_enable=yes//Run user has Write permission in FTP directory
local_umask=022//Set local user's file generation mask to 022, default is 077
Dirmessage_enable=yes//Activate directory information when a remote user changes the directory, a prompt message appears
Xferlog_enable=yes//enable upload and download log function
Connect_from_port_20=yes//Enable connection requests for FTP data ports
Xferlog_std_format=yes//whether to use standard ftpd xferlog log file format
Listen=yes//Enable VSFTPD to be in standalone boot listening port mode
PAM_SERVICE_NAME=VSFTPD//Set PAM Authentication service profile name, file stored in/etc/pam.d/directory
Userlist_enable=yes//Whether users in the user list are allowed to log on to the FTP server, default is not allowed
Tcp_wrappers=yes//using Tcp_wrqppers as host access control mode

1) The first method is to use the system user login FTP, but it is more dangerous, first test the system user login FTP, create a useradd test user on the Linux system, and set the name for it, and then open My Computer resources in the XP client Access ftp:// 192.168.33.10, enter a user name and password to access, create and delete operations.
2) The second method is more secure, the configuration is relatively complex, is to use VSFTPD virtual users to log on to the FTP server for common operations.
Ø first install the FTP virtual user needs to use the software and authentication module
Yum Install pam* db4*--skip-broken–y
Create and generate the VSFTPD database file Vi/etc/vsftpd/ftpusers.txt, as follows:
First act FTP virtual user, login user name, second behavior password, third behavior user name, and so on.
Wugk
1
Wugk1
1
Ø Generate Database File command:
Db_load-t-T Hash-f/etc/vsftpd/ftpusers.txt/etc/vsftpd/vsftpd_login.db
chmod 700/etc/vsftpd/vsftpd_login.db
Ø Configure PAM Authentication file:
Add the following two lines of authentication statement at the beginning of the configuration file vi/etc/pam.d/vsftpd: (if it is 32 bits, lib64 need to change to Lib, if Redhat, add the statement is not the same, you need to note)
Auth sufficient/lib64/security/pam_userdb.so Db=/etc/vsftpd/vsftpd_login
Account Sufficient/lib64/security/pam_userdb.so Db=/etc/vsftpd/vsftpd_login
Ø Create vsftpd map Local User:
All FTP virtual users need to use a system user, this system user does not need the password, also does not need to log in. Used primarily to do virtual user mapping.
Useradd–d/home/ftpuser–s/sbin/nologin Ftpuser
Ø Modify the full version of the configuration file content as follows:
Anonymous_enable=no
Local_enable=yes
Write_enable=yes
local_umask=022
Dirmessage_enable=yes
Xferlog_enable=yes
Connect_from_port_20=yes
Xferlog_file=/var/log/vsftpd.log
Xferlog_std_format=yes
Ascii_upload_enable=yes
Ascii_download_enable=yes
Listen=yes

Guest_enable=yes
Guest_username=ftpuser
Pam_service_name=vsftpd
User_config_dir=/etc/vsftpd/vsftpd_user_conf
Virtual_use_local_privs=yes

Save restart,/etc/init.d/vsftpd Restart can use virtual user login, this time all virtual users together with/home/ftpuser directory upload download, if you want to use their own separate directory, you can/etc/vsftpd/vsftpd_ The user_conf directory creates individual configuration files, such as creating a separate profile for WUGK:
VI/ETC/VSFTPD/VSFTPD_USER_CONF/WUGK, the content is as follows, create your own FTP directory.
Local_root=/home/ftpsite/wugk
Write_enable=yes
Anon_world_readable_only=yes
Anon_upload_enable=yes
Anon_mkdir_write_enable=yes
Anon_other_write_enable=yes
Restart, use the client login FTP, test can. About the FTP explanation to this, Windows can also use Server-u to build FTP server side, interested in children's shoes can be studied.
ØFTP Main Passive mode
FTP Active mode: The client connects from an arbitrary non-privileged port N (n>1024) to the Port 21 command ports of the FTP server. The client then starts listening on port n+1 and sends the FTP command "Port n+1" to the FTP server. The server then connects to the client-specified data port (n+1) from its own data port (20).
FTP Passive mode: The client connects from an arbitrary non-privileged port N (n>1024) to the Port 21 command ports of the FTP server. The client then starts listening on port n+1 while the client submits the PASV command. The server opens an arbitrary non-privileged port (p >1024) and sends the Port P command to the client. The client then initiates a connection from the local port n+1 to the server's port p to transmit the data.

Linux Service Deployment

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.