ftp服務、Nfs服務和Nis服務 ftp服務安裝vsftpd服務 :#yum install vsftpd* -y查看vsftdd安裝 :#getsebool –tl |grep ftp 匿名使用者#vi /etc/vsftpd/vsftpd.conf 去#號anon_mkdir_write_enable=YES 其後添加anon_other_write_enable=YES 去#號anon_upload_enable=YES重啟服務:/etc/init.d/vsftpdrestart 或Service vsftpd restart建立目錄 :mkdir /pub改其屬主/組為ftp :chmod ftp:ftp /pub改bool值:setsebool –P allow_ftpd_ano+n_writeon查看bool值:getsebool –a |grep ftp修改上下文:chcon –R–t public_content_rw_t /var/ftp/pub重啟服務:/etc/init.d/vsftpdrestart 或Service vsftpd restart查看:ll –Z 本機使用者限制上傳下載速度建立使用者:useraddaaa Passwd aaa 123修改bool值:setsebool –P allow_home_dir on#vi /etc/vsftpd/vsftpd.conf 在local_umask=22後添加user_config_dir=/etc/vsftpd限制使用者aaa的速度:echo “local_max_rate=1024”>> /etc/vsftpd/aaa 重啟服務:/etc/init.d/vsftpdrestart 或Service vsftpd restart 虛擬使用者#vi /etc/vsftpd/vsftpd.conf Anonymous_wnable=NO關閉匿名使用者 添加:guest_enable=YES Guest_username=vtest在cd/etc/vstpd下建立 #Vivuser User1使用者名稱 123密碼 User2 123db_load –T –t hash –f vuser /etc/vsftpd/vuser.db修改許可權:chmod 600/etc/vsftpd/vuser.db#vi /etc/pam.d/vsftpd 內容全部用#注釋加 auth required pam_userdb.so db=/etc/vsftpd/vuser account required pam_userdb.so db=/etc/vsftpd/vuser支援進程:useradd –s/sbin/nologin vtest常見檔案:touch/home/vtest/vtest修改許可權:chmod 704/home/vtest重啟服務:/etc/init.d/vsftpdrestart 或Service vsftpd restart Nfs服務伺服器上: 建立目錄:mkdir /filepub#vi /etc/exports /filepub 192.168.1.0/24(rw,no_root_squash)伺服器ip重啟服務:/etc/init.d/nfs restart重新輸入設定檔:exportfs -rv 用戶端訪問nfsshowmount –e 192.168.1.111(伺服器ip)mount.nfs 192.168.1.111:/filepub /mntdf –h /mnt 查詢在/mnt下的檔案就是伺服器上的檔案查看時伺服器上在/filepub中,用戶端在/mnt中 Nis服務Nis伺服器上:#vi /etc/hosts192.168.0.100(伺服器ip) abc.com abc查看ping abc.comDomainname abc,comeho “domainname abc.com” >> /etc/rc.local#vi /etc/sysconfig/network NIS_DOMAIN=abc.com安裝nisyum install yp* -y#vi /etc/ypserv.conf 最後加192.168.0.0/24 : * :* : none添加使用者useradd aaa Passwd 123升級為域戶:/usr/lib/yp/ypinit –m啟動服務 /etc/init.d/ypserv start /etc/init.d/yppasswddrestart將host 檔案發放#vi /etc/exports /home192.168.1.0/24(rw,no_root_squash)伺服器ip重啟服務:/etc/init.d/nfs restart重新輸入設定檔:exportfs -rv 用戶端vi /etc/hosts 192.168.0.100 abc.com abcvi /etc/yp.conf domain abc.com server abc.comnisdomainname abc.comecho “nisdomainname abc.com” >> /etc/rc.localecho “NIS_DOMAIN=abc.com”>> /etc/sysconfig/network修改用戶端認證方式nis#vi /etc/nsswitch.conf改 passwd file nis chadow file nis group file nis 啟動服務:/etc.init.d/ypbind startecho “/etc.init.d/ypbind start” >> /etc/rc.localecho “nisdomainname abc.com ” >> /etc/rc.localchkconfig ypbind on調用host檔案showmount –e 192.168.0.100(伺服器ip)mount.nfs 192.168.0.100:/home /homedf –h /mnt 查詢echo “mount.nfs 192.168.0.100:/home /home ”>> /etc/rc.local samba服務windows上共用檔案abc,linux訪問window共用後查詢共用:net sharelinux上查看:smbclient –L //192.168.1.111( windows ip) –U administrator開啟檔案:mount.cifs //192.168.1.111/abc /mnt –ousername=administratordf -h /mnt或法2Smbclient //192.168.1.111/abc –U administratorSmb :/ Linux共用 windows訪問Linux安裝:yum install samba* -y永久 chkconfig smb on查看 chkconfig amb – -list修改bool值:setsebool –P samba_enable_home_dirs on建立smb使用者 Useradd aaa Smbopasswd –a 123重啟服務:/etc/init.d/smb restart Windows運行輸入//192.168.1.123(linux ip) 輸入使用者名稱密碼 會看到自己的家目錄 用匿名使用者nobody登陸 #vi /etc/samba/smb.conf [public]後每句前:去掉 改Path=/pub 刪Write list=+staff建立目錄:Mkdir /pub改屬主/組:Chown nobody:nobody /pub重啟服務:etc/init.d/smb restart許可權:chmod 700 /pub改上下文:chcon –t samba_share_t /pub#vi /etc/samba/smb.conf改Security=share重啟服務:/etc/init.d/smb restart此時在windows上可用匿名使用者登入 會看見自己的public 要想用使用者即能看見自己的家目錄又能看見public#vi /etc/samba.smb.conf改Security=user最後在[public]中加browseable=yes#chmod o+rwx /pub 在windows上清空口令記錄 net use * /delete DHCP服務安裝 yum install dhcp* -y#Vi /etc/dhcp/dhcpd.confddns-update-style interim;ignore client-updates;subnet 192.168.0.0 network 255.255.255.0{Option routers 192.168.0.1;Option subnet-mask 255.255.255.0;Option nis-domain “abc.com”;Option domain-name “abc.com”;Option domain-name-server 202.99.166.4;Option time-offset -18000;Range dynamic-bootp 192.168.0.10 192.168.0.100; Default-lease-time 21600;Max-lease-time 43200; (保留)host jingli { Hardware Ethernet00:0c:29:63:ac:1c;(主機max) Fixed-address192.168.1.11(保留ip)} }Vpn-pptp安裝:Rpm –ivh pptpd-1.3.4-2.el6.i686#i /etc/sysctl.conf改:nex.ipv4_forward=1#i /etc/pptpd.confLocalip 192.168.1.1(外網)Remoteip 192.168.0.12-123(內網)#vi /etc/ppp/chap-secertAaa(使用者) pptp 123(密碼) * (所有中任選一)/192.168.0.23(保留)/etc/init.d/pptpd restart附: 添加網卡 Cd/etc/sysconfig/network-scripts Cpifcfg-eth0 ifcfg-eth1 #viifcfg-eth1 改 eth0 為eth1 去max 改ipDNS安裝:Yum installbind* -y#Vi /etc/named.conf 改:Lliten-on port { 192.168.0.100; }伺服器ip Allow-query{ any; }#vi /etc/named.rfc1912.zone 添加 正向 zone “abc.com” zn { Type master; Fiel “abc.com.zone”; };反向 zone “0.168.192.in-adar arpa” zn{ Type master; Fiel “abc.com”; };Cd /var/namedCp named.localhost abc.com.zoneCp named.loopback abc.comVi abc.com.zone 改 Mx10 mail(針對郵件) A 192.168.0.100 www A 192.168.0.100(web伺服器ip) ftp A 192.168.0.100(ftp伺服器ip) mail A 192.168.0.100(郵件伺服器)vi abc.com 改: A 192.168.0.100100 PTR www.abc.com100 PTR ftp.abc.com100 PTR mail.abc.comChown root:named abc.comChown root:named abc.com.zone/etc/init.d/named restart/etc/init.d/named reload#Vi /etc/resolv.conf(配DNS) Nameserver 192.168.0.100 輔助DNSYum install bind* -yVi /etc/named.conf改:Lliten-onport { 192.168.0.1; }次要伺服器ip Allow-query{ any; }#vi /etc/named.rfc1912.zone 添加 正向 zone “abc.com” zn { Type slave; Fiel “slave/abc.com.zone”; Masters { 192.168.0.100; }(主dns ip) };反向 zone “0.168.192.in-adar arpa” zn{ Type slaver; Fiel “slave/abc.com”; Masters { 192.168.0.100; } };/etc/init.d/named restart叢集在windows做一個IIS ip 192.168.0.123Linux 做一個網頁 網頁步驟 Yuminstall httpd* -y #Vi /etc/www/html/index.html 內容#vi/etc/httpd/conf/httpd.conf改 servername www.abc.com:80/etc/init.d/httpd restart#vi /var/named/abc.com.zone改 www 0 A 192.168.0.100 www 0 A 192.168.0.123/etc/init.d/httpd restart Web安裝:Yum install httpd* -y建立網站:vi /var/www/html/index.html /etc/init.d/httpdrestart在LINUX上查看:curl 192.168.0.100(網頁伺服器ip)在自創目錄下建立網站Mkdir/web#Vi/web/index.html建網站#Vi/etc/httpd/conf/httpd.conf 改DocumentBoot “/web” 預設為/var/www/html修改上下文 chcon –R –t httpd_sys_content_t/web/etc/init.d/httpdrestart做限制#Vi/etc/httpd/conf/httpd.conf加 <Directory /web> Order deny,allow Deny from all Allow from 192.168.0.100 AuthType Basic AuthName “helllo” AuthUserFile /etc/httpd/userpasswd Require user aaa <Diretory>Htpasswd –c/etc/httpd/userpasswd aaa/etc/init.d/httpdrestart使用者自己家目錄UseraddaaaVi/etc/httpd/conf/httpd.conf UserDir public_html 去#UserDir disabled 加#Mkdir/home/aaa/public_htmlVi/home/aaa/public_html/index.html Setsebool–P httpd_enable_homedirs onChcon –R –thttpd_sys_content_t /home/aaa/public_htmlChmod o+x/home/aaa用windows訪問 192.168.0.100/~aaaLamp安裝msq資料庫 yum install mysql*然後啟用/etc/init.d/mysqld restartchkconfigmysqld onnetstat-nl |grep mysql進行查詢mysql進入查看退出設密碼mysqladmin-u root password 123mysql -uroot -p 進行登入showdatebeses 進行查看伺服器的資訊usevi/etc/php.ini[MySQL]Mysql.defaule_port=3306插入mysql.default_host =192.168.0.100mysql.default_user=rootmysql.default_password=1234extension=msql.so下面加上一行extension=msqli.so讓他支援msqli然後退出vi /etc/httpd/conf/httpd.conf加 LoadModuce php5_modulemodules/libphp5.so AddType application/x-http-php. Php Windows 上共用phpwind…Linux mount.cifs //192.168.0.123/aaa /mnt –ousername=administratorCd /mntCp php…/usr/local/srcCd/usr/local/src解壓:unzip php..Cp –Rfupload /var/www/htmlChmod –Rf777 /var/www/html/uploadVi/etc/httpd/conf/httpd.conf 改:DocumentBoot“/var/www/html/upload”AddDefaultCharset zh-CN/etc/init.d/httpdrestart基於名字的虛擬機器主機有DNS支援 有兩個nds 正向地區abc.com bbb.com#Vi/etc/httpd/conf/httpd.conf 添加<VirtualHost * 80> DocumentRoot /web1 Servername www.abc.com <Virtualhost> <VirtualHost * 80> DocumentRoot /web2 Servername www..bbb.com <Virtualhost>Mkdir/web1Mkdir/web2#vi/etc/resolv.conf Nameserver 192.168.0.100#vi/web1/index.html #vi /web2/index.htmlChcon -R-t httpd_sys_content_t /web1/2/etc/init.d/httpdrestart 與FTP 結合Yuminstall vstftpd* -yUseraddaaa/bbb#Vi/etc/passwd 改家目錄 即:/home/aaa /web1 /hoem/bbb /web2Chcon -Rfaaa:aaa /web1Chcon -Rfbbb:bbb /web2Setsebool-P allow_ftp_full_access onSetsebool-P ftp_home_dir onMv/var/ftp /var/bak.ftp.bak/etc/init.d/vsftpdrestart HTTPSYuminstall mod-ssl* -yCd/etc/pki/tls/certsMakeabc.crt 前三個為密碼 接著是 國家簡稱 國家全稱 城市 公司 部門 網域名稱www.abc.com y郵箱在改 SSCertificateFile/etc/pki/tls/certs/aaa.crt SSCertificateFile/etc/pki/tls/certs/aaa.key#vi/etc/httpd/conf/httpd.confListen 80加##vi/var/www/htm/index.html 訪問 https:// SENDMAIL 郵件安裝DNS 解析mail.abc.com能發郵件Yum install sendmail* -yCd/etc/mail#Viaccess 添加:connect 192.168.1.10 RELAY或 Connect abc.com RELAYAlternatves--config mta選擇2 即:/usr/sbin/sendmail.sendmail停用postfix : /etc/int.d/postfix stop Chkconfig postfix off Yum remove postfix* -y#visendmail.cf 加# 0 DaemonPortopt=port=smtp/Addr=127.0.0.1Name=MTA/etc/init.d/sendmailrestart 內送郵件Yuminstall dovecot* -y#Vi/etc/dovecot/dovecot.conf 加protocols=pop3 Listen=* Login_trusted_network=192.168.0.0/24#vi/etc/dovecot/dovecot.conf/10-mail.conf 去# mail_location=mbox:~/mail:INBOX=/var/mail/%u/etc/init.d/dovecotrestart 基於身份審核的SMTP 認證 安裝DNS 解析mail.abc.com能發郵件Yum install sendmail* -yCd/etc/mail#Viaccess 添加:connect 192.168.1.10 RELAY或 Connect abc.com RELAYAlternatves--config mta選擇2 即:/usr/sbin/sendmail.sendmail停用postfix : /etc/int.d/postfix stop Chkconfig postfix off Yum remove postfix* -yYuminstall syrus* -y/etc/init.d/saslauthdstartChkconfigsasauthd on#visendmail.mc Dnl TRUST_AUTH-MECH…MD5…. Dnl ..GSSAP2 MD5刪掉dnlDAEMON-OPIONS…ADDR=127.0.0.1..添加 ndlM4sendmail.mc > sendmail.cf/etc/init.d/sendmailrestart Yum install dovecot* -y#Vi/etc/dovecot/dovecot.conf 加protocols=pop3 Listen=* Login_trusted_network=192.168.0.0/24#vi/etc/dovecot/dovecot.conf/10-mail.conf 去# mail_location=mbox:~/mail:INBOX=/var/mail/%u/etc/init.d/dovecotrestart防火牆添加網卡 內網192.168.1.1和外網222.222.222.222Vi/etc/sysctl.conf 改net.ipv4=1Sysctl –p基於源ip : iptables –t nat –APOSTROUTING –s 192.168.1.0/24 –j SNAT –to 222.222.222.222基於目的ip: iptables –t nat –A PREROUTING –d222.222.222.222 –p tcp –dport 80 –j 192.168.1.2:80禁止ping : iptables –A INPUT –p icmp –jDROP外部telnet 內部 :iptables –t nat –A PREROUTING -d222.222.222.222 –p tcp –dport telnet –j DNAT –to192.168.1.2:23禁止外部某台telnet :iptables –A FORWARD –S222.222.222.222 –p tcp –dport 23 –j DROP發布ftp: ip: iptables –t nat –APREROUTING –d 222.222.222.222 –p tcp –dport 21 –j 192.168.1.2:21添加模組 :modprobenf_nat_ftp (移除模組 rmmod nf_nat_ftp)Echo “modprobenf_nat_ftp” > /etc/rc.modulesChmod 755/etc/rc.modules禁止其他主機ping 防火牆 但防火牆能ping 其他Iptables –AINPUT –p icmp –icmp-type Echo-Request –j DROPIptables –AINPUT –p icmp –icmp-type Echo-_reply –j ACCEPTIptables –AINPUT –p icmp –icmp-type destination-unreachable –j ACCEPT禁止某mac通過防火牆Iptables –AFORWARD –m mac –mac-source 00:01:02:03:04:05 –j DROP允許防火牆本機對外開放tcp連接埠20,21,25,110及被動模式FTP連接埠1250-1280Iptables –AINPUT –p tcp –m multiport –dport 20,21,25,110,1250-1280 –j ACCEPT禁止轉寄源ip位址區段Iptables –AFORWARD –p tcp –m iprang –src-rang 192.168.1.20-192.168.1.50 –j DROP開放本機dnsIptables –AINPUT –p tcp –dport 53 –j ACCEPTIptables –AINPUT –p udp -dport 53 –j ACCEPTIptables –AOUPUT –p tcp –dport 53 –j ACCEPTIptables –AOUPUT –p udp –dport 53 –j ACCEPT查看 iptables –t nat –L清空規則 iptables -F