...//cac cong viec da lam de cau hih dns serverr//...

Cac luu y khi cai dich vu DNS server tren CentOS

Neu cai ca goi bind va chroot thi file named.conf se nam o thu muc /var/named/ch
root/etc/named.conf
va cac file zone se nam o thu muc /var/named/chroot/var/named
Neu chi cai goi bind khong thi file named.conf se nam o thu muc /etc/named.conf
va cac file zone se nam o thu muc /var/named/
de xem goi nao da duoc cai dat ta dung lenh
rpm -qa | grep bind
truoc tien ta can chinh de may ao CentOS co the ra ngoai Internet bang cach chih
2 file sau
file /etc/sysconfig/network-scripts/ifcfg-th0 de chih ip cho card mang
file /etc/resolv.conf de chinh dns server
sau khi may da ra dc internet ta dung lenh
cd /var/named/chroot/var/named
wget http://www.internic.net/zones/named.root
qua trinh tai file named.root se dc khoi dong. qua trinh ket thuc ta tao file na
med.conf
cd
vi /var/named/chroot/etc/named.conf
acl mynet{
192.168.2.0/24;
127.0.0.1;
};
options {
allow-transfer {none;};
query-source port 53;
query-source-v6 port 53;
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
notify yes;
};
zone "." IN {
type hint;
file "named.root";
};
zone "localhost" IN {
type master;
file "localhost.db";
};
zone "0.0.127.in-addr.arpa" IN {
type master;
file "0.0.127.in-addr.arpa.db";
};
zone "thuantc.com" {
type master;
file "thuantc.com.db";
};
zone "2.168.192.in-addr.arpa" {
type master;
file "2.168.192.in-addr.arpa.db";
};
vi /var/named/chroot/var/named/localhost.db
$TTL 86400
@ IN SOA localhost root (
20080213
10800
3600
604800
86400
)
IN NS @
IN A 127.0.0.1
vi /var/named/chroot/var/named/thuantc.com.db //file nay can sua de phu hop voi
tung mang
$TTL 86400
@ IN SOA server1.thuantc.com. root (
20080213
10800
3600
604800
86400
)
IN NS server1.thuantc.com.
IN MX 10 server1
1D IN A 192.168.2.3
server1 1D IN A 192.168.2.3
www 1D IN CNAME server1
mail 1D IN CNAME server1
ftp 1D IN CNAME server1
vi /var/named/chroot/var/named/0.0.127,in-addr.arpa.db //file nay can sua de phu
hop voi tung mang
$TTL 86400
@ IN SOA localhost. root.localhost. (
20080213
10800
3600
604800
86400
)
IN NS localhost.
3 IN A localhost.
vi /var/named/chroot/var/named/2.168.192.in-addr.arpa.db //file nay can sua de p
hu hop voi tung mang
$TTL 86400
@ IN SOA server1.thuantc.com. root. (
20080213
10800
3600
604800
86400
)
@ IN NS server1.thuantc.com.
3 IN PTR server1.thuantc.com.

//cau hinh tren video

acl mynet {
192.168.2.0/24;
127.0.0.1;
};
options {
allow-transfer {none;};
directory "var/named";
query-source port 53;
query-source port 53;
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
notify yes;
};
zone "." in {
type hint;
file "named.root";
};
zone "thuantc.com" in {
type master;
file "thuantc.com.db";
};
zone "localhost" in {
type master;
file "localhost.db";
};
zone "0.0.127.in-addr.arpa" in {
type master;
file "0.0.127.in-addr.arpa.db";
};
zone "2.168.192.in-addr.arpa" in {
type master;
file "2.168.192.in-addr.arpa.db";
};
file thuantc.com.db
$TTL 86400
@ IN SOA dns1.thuantc.com. root ( //trong do SOA la record
20080214
10800
3600
604800
86400
)
IN NS dns1.thuantc.com. //tro ve may dns1, cug
chih la may 192.168.2.3
IN MX 10 mail.thuantc.com. //tro ve may mail serv
er, cung chih la may 192.168.23
1D IN A 192.168.2.3 //tro ve may webserver, ko c
an go www van phan giai dc
isa 1D IN A 192.168.2.1 //tro ve may isa voi ip tuon
g ung. trong do isa la ten may
ad 1D IN A 192.168.2.2 //tro ve may ad voi ip tuong
ung. torng do ad la ten may
mail 1D IN A 192.168.2.3
//dong nay tro ve sau ko co trong cau hinh thuc
www 1D IN CNAME mail
mail 1D IN CNAME mail
ftp 1D IN CNAME mail
file 2.168.192.in-addr.arpa.db
$TTL 86400
@ IN SOA dns1.thuantc.com. root. (
20080214
10800
3600
604800
86400
)
@ IN NS dns1.thuantc.com.
1 IN PTR isa.thuantc.com.
2 IN PTR ad.thuantc.com
3 IN PTR mail.thuantc.com.

...// dhcp //...

mount /dev/cdrom /media
rpm -ivh /media/centos/dhcp-3
rpm -ivh /media/contos/dhcp-devel
cp /usr/share/doc/dhcp-3../dhcpd.conf.sample /etc/dhcpd.conf
subnet 192.168.2.0 netmask 255.255.255.0
default gateway 192.168.2.1 sunetmask 255.255.255.0
domain thuantc.com
domain thuantc.com
dns server 192.168.2.3
range 192.168.2.10 192.168.2.100
/etc/rc.d/init.d/dhcpd start
chkconfig dhcpd on

...// cau hinh webserver //....

truoc tien can xem da cai goi httpd chua bang lenh rpm -qa | grep httpd
neu chua cai dat thi cai dat bang lenh rpm -ivh goi_muon_cai_dat
xoa test page mac dih cua CentOS bang lenh rm -f /etc/httpd/conf.d/welcome.conf
va rm -f /var/www/error/noindex.html
tao mot duong linh cho Perl bang lenh ln -s /usr/bin/perl /usr/local/bin/perl
cau hinh file httpd bang lenh vi /etc/httpd/conf/httpd.conf
dong 44: ServerTokens Prod
dong 74: KeepAlive On
dong 251: ServerAdmin root@server.world hoac de mac dih
dong 265: ServerName www.thuantran.com:80
dong 320: Options FollowSymLinks ExecCGI
dong 327: AllowOverride All
dong 391: DirectoryIndex index.html index.cgi index.php
dong 524: ServerSignature Off
dong 747: AdddefaultCharset UTF-8
dong 778: AddHandler cgi-script .cgi .pl
sau do khoi dong dich vu webserver bang lenh /etc/rc.d/init.d/httpd start hoac s
ervice httpd start
sau do go lenh chkconfig httpd on
tao file test bang lenh vi /var/www/html/index.html (ai thix cau hih sau cug dc)
<html>
<body>
<div style="width: 100%; font-size: 40px; font-weight: bold; tex
t-align: center;">
Thuan Tran Chu
</div>
</body>
</html>
Sau do dung mot may client de test webserver.
cung co the tao mot file index.cgi bang lenh sau vi /var/www/html/index.cgi
#!usr/local/bin/perl
print "Content-type: text/html\n\n";
print <<"EOM";
<html>
<body>
 <div style="width: 100%; font-size: 40px; font-weight: bold; tex
t-align: center;">
Thuan Tran Chu
CGI Test Page
</div>
</body>
</html>
EOM
exit;
sau do gan quyen bang lenh chmod 705 /var/www/html/index.cgi
...//cau hinh NFS//...
kiem tra rpm -qa | grep nfs
mount mount /dev/cdrom /media
cai dat rpm -qa /media/cent.........
cau hinh
khoi dong dich vu portmap service portmap start
tao thu muc chia se mkdir /home/share
tao tap tin de test vi /home/share/thuan.txt (nhap noi dung file)
gan quyen chmond 755 /home/share
chinh file cau hinh vi /etc/exports
/home/share 192.168.2.0/24(rw,sync,no_subtree_check)
khoi dong dich vu nfs service nfs start
neu chinh gi trong file exports ta phai go lenh de refresh: exportfs -a
tat iptables: service iptables stop
chkconfig portmap on
chkconfig netfs on
tai may client cau hinh nhu sau
mkdir -p /home/chiase
mount 192.168.2.3:/home/share /home/chiase
df -h (hoac df -m)

...//cau hinh Samba//...

goi cai dat samba server la : samba* nen kiem tra xem da co chua, neu chua thi c
ai dat
cd /var
mkdir data
cd data
mkdir public giamdoc it private
groupadd giamdoc //them nhom giam doc
groupadd it //them nhom it
useradd giamdoc1 //them user giam doc 1
passwd giamdoc1 //set pass cho giam doc 1
(luc nay he thong se bat set pass, luc nay pass dc set don gian vd nhu 123456)
useradd giamdoc2 //them user giam doc 2
passwd giamdoc2 //set pass giam doc 2
useradd it1 //them user it 1
passwd it1 //set pass it 1
useradd it2 //them user it 2
passwd it2 //set pass it 2
usermod -G it it1 //them user it1 vao nhom it
usermod -G it it2 //them user it2 vao nhom it
usermod -G giamdoc giamdoc1 //them user giamdoc1 vao nhom giamdoc
usermod -G giamdoc giamdoc2 //them user giamdoc2 vao nhom giamdoc
cat /etc/passwd | mksmbpasswd.sh > /etc/samba/smbpasswd //tao tap tin mat khau c
ho samba
smbpasswd -a it1 //luc nay he thong se bat set pass, luc nay pass phai chuan
smbpasswd -a it2
smbpasswd -a giamdoc1
smbpasswd -a giamdoc2

vi /etc/samba/smb.conf //file nay de cau hinh cho samba server

[public]
comment = full quyen voi moi ng
path = /var/data/public
public = yes
writeable = yes
[giamdoc]
comment = full quyen voi giam doc
path = /var/data/giamdoc
public = no
valid users = +giamdoc
writeable = yes
[it]
comment = full quyen voi it
path = /var/data/it
public = no
valid users = +it
writeable = yes
[private]
comment = tai lieu giam doc cho nhan vien
path = /var/data/private
public = no
valid users = +giamdoc +it
read only = yes
write list = +giaovien
chgrp it /var/data/it //set quyen quan ly folder it cho nhan vien it
chmod 775 -R /var/data/it
chgrp giamdoc /var/data/giamdoc //set quyen quan ly folder giamdoc cho giam doc
chmod 775 -R /var/data/giamdoc
chgrp giamdoc /var/data/private //set quyen quan ly folder private cho giam doc
chmod 775 -R /var/data/private
service smb start
chkconfig smb on
tu may client la window \\192.168.2.3
tu may client la linux
mkdir /mnt/samba
mount -o username=it1,password=chuthu@n //192.168.2.3/var/data /mnt/samba
...//FTP server//...
goi de cai dat ftp server la vsftpd
vi /etc/vsftpd/vsftpd.conf //file cau hinh chinh cho ftp server
anonymous_enable=NO
local_enable=YES
write_enable=YES
xferlog_enalbe=YES
xferlog_file=/var/log/vsftpd.log
connect_from_port_20=YES
ftpd_banner=Thuan FTP server
userlist_enable=YES
kiem tra bien ftp_home_dir
getsebool ftp_home_dir neu off va selinux dang bat thi phai gan gia tri la on
setsebool -p ftp_home_dir 1
tao ftp home dir
mkdir /home_ftp
tao user
useradd -d /home_ftp/ftpuser ftpuser
passwd thuan //set pass
tao file test: touch /home_ftp/ftpuser/test.txt
service iptables stop //dung dich vu iptables
khoi dong dich vu ftp: service vsftpd start
truy cap tu may linux
ftp 192.168.2.3
sau do nhap user va pass, kiem tra bang lenh ls
truy cap tu may window
trong cmd go : ftp 192.168.2.3
nhap user va pass, kiem tra bang lenh ls
...//mail server//...
...//mail server//...
goi cai dat la postfix-2.3
vi /etc/hosts
sua theo nhu sau
127.0.0.1 mail.thuantc.com
192.168.2.3 mail.thuantc.com
vi /etc/sysconfig/network
networking = yes
networking_IPV6=yes
hostname=mail.thuantc.com
khoi dong lai het thong: init 6
cau hinh dns tren mail server
vi /var/named/chroot/etc/named.conf
options {
allow-transfer {none;};
directory "var/named";
query-source port 53;
query-source port 53;
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
notify yes;
};
zone "." in {
type hint;
file "named.root";
};
zone "thuantc.com" in {
 type master;
file "thuantc.com.db";
};
zone "2.168.192.in-addr.arpa" in {
type master;
file "2.168.192.in-addr.arpa.db";
};
file /var/named/chroot/var/named/named.root
dc tao bang cach download tren mang bang dong 2 dong lenh sau
cd /var/named/chroot/var/named
wget http://www.internic.net/zones/named.root
file thuantc.com.db
$TTL 86400
@ IN SOA dns1.thuantc.com. root ( //trong do SOA la record
20080214
10800
3600
604800
86400
)
IN NS dns1.thuantc.com. //tro ve may dns1, cug
chih la may 192.168.2.3
IN MX 10 mail.thuantc.com. //tro ve may mail serv
er, cung chih la may 192.168.23
IN A 192.168.2.3 //tro ve may webserver, ko c
an go www van phan giai dc
mail IN A 192.168.2.3
//them cac server o day

file 2.168.192.in-addr.arpa.db
$TTL 86400
@ IN SOA dns1.thuantc.com. root. (
20080214
10800
3600
604800
86400
)
IN NS dns1.thuantc.com.
3 IN PTR mail.thuantc.com.

tat dich vu sendmail dc khoi dong cug he thong

service sendmail stop
chkconfig sendmail off
alternatives --config mta chon 2
vi /etc/postfix/main.cf
dong 70: myshostname = mail.thuantc.com
duoi dong nay go them dong
data_directory = /usr/lib/postfix
dong 77: mydomain = thuantc.com
dong 93: myorigin = $mydomain
dong 107: inet_interfaces = ALL (tat nhug options con lai)
dong 155: them dau thang, lay dong 156
dong 255: mynetworks = 192.168.2.0/24, 127.0.0.0/8

service postfix start

chkconfig postfix on
useradd nv1
useradd nv2
passwd nv1
passwd nv2
netstat -an | grep :25
telnet mail.thuantc.com 25
hello thuantc.com
mail from: nv1@thuantc.com
rcpt to: nv2@thuantc.com
data
<noi dung thu>
sau do go dau "." va go tu quit de thoat
check mail
mail -u nv2
nhan 1 de doc thu
go exit de thoat
cau hinh mail dovecot de client co the check mail

rpm -ivh /media/centos/dovecot.....

vi /etc/dovecot.conf
dong 17: bo dau thang protocol = imap......
service dovecot start
chkconfig on
netstat -an | grep :110
hoac port 143

sau do qua client cau hinh outlook express de nhan mail

//.........cau hinh iptables firewall......//
eth0 192.168.2.1 //lan
eth1 192.168.1.10 //ra internet
rpm -qa iptables
vi /etc/sysconfig/iptables
ko tot bang proxy squid
setup
firewall --> costumize --> trusted devices check ca 2 car mang va bo cac goi di
-->ok
iptables -l
bat tinh nang forwarding
echo '1' > /proc/sys/net/ipv4/ip_forward
cau hinh natout
iptables -t nat -A POSTROUTING -s 192.168.2.0/24 -d 0/0 -o eth1 -j MASQUERADE
service iptables save //save vao bang
servcie iptables restart