服务器评测
Linux网络服务的配置:本讲中包括的9种网络服务:yum samba nfs ftp dovecot sendmail httpd iptables tcpwrapper
——环境
# uname -a
Linux CentOS5 2.6.18-8.el5
IP : 192.168.2.88 server:192.168.2.1
hostname: centos5
—-yum
# mkdir /a
# mount /dev/cdrom /a
# vi /etc/yum.repo.d/CentOS-Media.repo
[street]
name=from street
baseurl=file:///a
enable=1
gpgcheck=0
# mv CentOS-Base.repo CentOS-Base.repo.bak
# yum whatprovides /usr/bin/nmap
# yum install nmap
# system-config-packages
# nmap localhost
# yum whatprovides /usr/bin/iostat
# yum install sysstat
# system-config-packages 不用记包名 自动解决包之间的依赖关系按 ctrl+q 退出
———smb
从Linux访问Windows共享的文件
# service smb start
useradd aa
passwd aa
# smbpasswd -a aa
# vi /etc/samba/smb.conf
[aaa]
comment = aaaaaaaaaaaa
path = /aa
valid users =
writable = yes
# useradd Oracle
# passwd oracle
# smbpasswd -a oracle
# smbclient //localhost/legal -U oracle%oracle
# mount //192.168.0.254/share /mnt -o username tom
从Linux访问Linux共享的文件
# smbclient -L localhost -N
# smbclient //192.168.2.1/share
smb: > put /etc/hosts hosts
# man 5 smb.conf
netstat -auntp|grep smbd
——nfs
# service nfs start
# vi /etc/exports
/home/guests 192.168.0.0/255.255.255.0(rw,sync)
if there is 255.255.255.255 whill only specifi to one ip address
显示nfs # showmount -e localhost
—————ftp
# service vsftpd start
# ldd `which vsftpd` |grep wra
libwrap.so.0 => /usr/lib/libwrap.so.0 (0x00e4f000)
# vi /etc/vsftpd/vsftpd.conf
#anon_upload_enable=YES
#ascii_upload_enable=YES
#ascii_download_enable=YES
21传FTP的命令 20传FTP的数据
—————dovecot:
# find /etc/ -name dovecot.pem
/etc/pki/dovecot/certs/dovecot.pem
/etc/pki/dovecot/private/dovecot.pem
# find /etc -name dovecot.pem -exec rm {} ;
# make -C /etc/pki/tls/certs dovecot.pem
# find /etc/pki -name dovecot.pem -exec ls -l {} ;
# grep -e ssl_cert -e ssl_key /etc/dovecot.conf
#ssl_cert_file = /etc/pki/dovecot/certs/dovecot.pem
#ssl_key_file = /etc/pki/dovecot/private/dovecot.pem
#ssl_key_password =
# vi /etc/dovecot.conf
# grep -e ssl_cert -e ssl_key /etc/dovecot.conf
#ssl_disable=no —-去掉ssl加密,如果要进行对称加密时打开
ssl_cert_file = /etc/pki/dovecot/certs/dovecot.pem
ssl_key_file = /etc/pki/dovecot/private/dovecot.pem
–pem是公钥和私钥在一起,如果分开分别是key crt,先用make生成key,再生成crt
# cp /etc/pki/tls/certs/dovecot.pem /etc/pki/dovecot/certs/dovecot.pem
# cp /etc/pki/tls/certs/dovecot.pem /etc/pki/dovecot/private/dovecot.pem
# service dovecot start
# mutt -f imaps://localhost
# cat /etc/passwd | mail -s toaa -v aa
# mutt -f imaps://localhost
# mutt -f imaps://aa@localhost
—————-sendmail:
sendmail-cf
# alternatives –config mta
# vi /etc/mail/sendmail.mc
dnl #DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, )dnl
# vi /etc/aliases
# newalias
# m4 sendmail.mc > sendmail.cf
# vi /etc/mail/local-host-names
station5.example.com
# service sendmail restart
—————-http:
# cd /var/www/html/
# cp /etc/passwd ./index.html
# vi /etc/httpd/conf/httpd.conf
NameVirtualHost 182.119.106.245:80
<VirtualHost 182.119.106.245:80>
DocumentRoot /data
ServerName bb.tt.ca
</VirtualHost>
<VirtualHost 182.119.106.245:80>
DocumentRoot /aa
ServerName aa.tt.ca
</VirtualHost>
# service httpd restart
# cat /data/index.html
llllllll
# cat index.html
cwddkk[C[Cllllllll
# ping -c1 server1.example.com
# elinks -dumphttp://read.woshao.com/link.php?link=http%3A%2F%2Faa.tt.ca%2F&title=http%3A%2F%2Faa.tt.ca
—–iptables:
# iptables -A INPUT -p tcp –dport 80 -s 182.119.106.0/24 -j REJECT
# iptables -A INPUT -s ! 182.119.106.0/24 -p tcp –dport 21 -j REJECT
# iptables -nL —-n表示数字,可以减去域名解析的时间
-A 追加一个规则 -I 在前面插入一个规则 ^] TELNET中的退出
#iptables -F input —去掉INPUT规则
#iptables -A INPUT -p icmp -j DROP —–去掉ping包,IP层到TCP层有三种包:UDP TCP ICMP
#iptables -A INPUT -s 192.168.0.0./24 -d 192.168.0.25 -p tcp –dport 22 -j DROP
--封锁本网内的ssh访问
# service iptables save
————-tcpwrapper
vsftpd: 182.119.106.0/255.255.255.0
“hosts.deny” 10L, 404C written
sshd: 182.119.106.203
vsftpd: 182.119.106.203
“/etc/hosts.allow” 7L, 240C written
# ldd `which sshd`|grep wra
libwrap.so.0 => /usr/lib/libwrap.so.0 (0x0044a000)
