In addition to Weibo, there is also WeChat
Please pay attention
WeChat public account
Shulou
2025-03-29 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Servers >
Share
Shulou(Shulou.com)06/03 Report--
LInux build a variety of server tutorials!
DHCP server:
Set the permanent network profile path: / etc/sysconfig/network-scripts/ifcfg-eth0
Set the path of the network card display profile: / etc/udev/rules.d/70-persistent-net.rules
Firewall profile path: / etc/sysconfig/selinux
Process name of the DHCP service: dhcpd
Build steps:
Set up the network, turn off the firewall function and firewall service.
Install the dhcpd package.
Copy the template file / usr/share/doc/dhcp-4.1.1/dhcpd.conf.sample to / etc/dhcp/dhcpd.conf.
Configure the dhcpd.conf file scope parameters, and then save.
Reload the service service dhcpd reload.
Note:
The scope parameter must have a scope that belongs to the server network segment, otherwise the service will not start properly.
Unable to get the address to check network connectivity, the host address configuration parameters must be complete.
The service cannot start normally to check the integrity of the configuration file. If a space or symbol is incorrect, there will be a problem. If there is an unending problem, we can only re-copy the parameters of the template file.
Samba server: shared file server
The process name of the Samba service: samd,nmbd.
Samba service profile path: / etc/samba/smb.conf.
The Samba shared user's account database file path: / var/lib/samba/private/passdb.tdb.
The mapping file for the Samba shared account is located in / etc/samba/smbusers
Build steps:
Set up the network, turn off the firewall function and firewall service.
Install the Samba package. It has three packages, a public package, a server package, and a client package.
Profile smb.conf parameter.
Reload the service service dhcpd reload.
Create shared users: the service has a separate user database, but the prerequisite for creating shared users is that there must be system users with the same account. Command: pdbedit-a-u ren means: add the system user ren to the shared user.
Steps for creating shared account mapping:
Edit the account mapping file smabusers
The main configuration file smb.conf adds the global parameter username map = / etc/samba/smbusers
Reload the service service dhcpd reload.
Use the client to access the shared folder: smbclient-U ren / / 192.168.1.1/pub
For long-term access to this shared folder, you can mount this network path to a specified directory:
Edit / etc/fstab file to set the corresponding parameters. The system file type used here is: smbfs
Mount-o username=ren,passwoed=123 / / 192.168.1.1/pub / mnt
Common parameters of smb.conf files
Configuration item
Description
Workgroup
Set the name of the workgroup where the server is located, and generally keep it by default
Server string
Sets the description text for the server to describe the file server
Security
Set it to user to log in with shared username and password, set to share to access anonymously, set to server to delegate the work of verifying username and password to another server, and set to domain to indicate that the work of verifying username and password is done by domain control.
Log life
Set the log file for the server, which is in the / var/log/samba/log.%m file by default
Passwd backend
Set the type of shared account. TDB database files are used by default. Just keep it by default.
Conmment
Set the comment parameters corresponding to the shared directory
Path
Set the path to the shared directory
Browseable
Sets whether the shared directory is visible in the network neighbor. No is a hidden shared directory.
Guest ok
Sets whether the shared directory can be accessed by everyone, the same as the public parameter
Writable
Sets whether the shared directory is writable
Valid users
Set to allow only this user to access this directory
Writable list
Set to allow only this user to write
Read only
Make the shared directory readable
Note: build anonymous access and user access at the same time, add the parameter map to guest = bad user to the global parameter, and set the Security parameter to user, then the user access only needs to add the parameter Valid users to specify who to access. Anonymous access is not specified.
FTP File transfer Service
Process name of the FTP service: vsftpd
The configuration file path of the FTP service: / etc/vsftpd/vsftpd.conf
The user list file path for the FTP service: / etc/vsftpd/ftpusers, / etc/vsftpd/user_list.
The default PAM authentication file path for the FTP service is / etc/pam.d/vsftpd.
Build steps:
Set up the network, turn off the firewall function and firewall service.
Install the FTP package. Vaftpd is the server package and ftp is the client package.
Profile vsftpd.conf parameter.
Reload the service service dhcpd reload.
Steps for creating account mapping:
Create a user name in text format, password list: vim / etc/vsftpd/ren.list (file rules: odd behavior user name, even behavior password).
Convert the list to a DB database file: db_load-T-t hash-f ren.list ren.db.
Create a system account to be mapped: useradd-d / var/ftproot-s / sbin/nologin ren.
Change home directory permissions can be read and executed: chmod 755 / var/ftproot.
Establish PAM authentication file: vim / etc/pam.d/ren.vu.
#% PAM-1.0
Auth required pam_userdb.so db=/etc/vsftpd/ren
Account required pam_userdb.so db=/etc/vsftpd/ren
Modify vsftpd.conf parameters to add virtual user support:
Local_enable=YES
Local users need to be mapped, so enable this
Write_enable=YES
Enable upload and write support
Anon_umask=022
Specify upload permission mask
Guest_enable=YES
Enable user mapping
Guest_username=virtual
Specify the mapped system user name
Pam_service_name=ren.vu
Specify a new PAM authentication file
Create separate profiles for different virtual users:
Edit the vsftpd.conf file: vim / etc/vsftpd/vsftpd.conf.
Add parameter: user_config_dir=/etc/vsftpd/ren_dir.
Create a configuration file directory: mkdir / etc/vsftpd/ren_dir.
Enter this directory to create a separate profile for the user:
Vim ren
Anon_upload_enable=YES
Anon_mkdir_write_enable=YES
Reload the configuration: service dhcpd reload.
Common configuration parameters of vsftpd.conf
Scope of action
Configuration parameters
Meaning
Anonymous user
Anonymous_enables=YES
Whether anonymous access is allowed
Anon_umask=022
The mask value of the file uploaded by an anonymous user (here is the inverse mask)
Anon_root=/var/ftp
Set the FTP root directory for anonymous users
Anon_upload_enable=YES
Set whether anonymous users can upload files
Anon_mkdir_write_enable=YES
Set anonymous users to have write permission to create a directory
Anon_other_write_enable=YES
Whether anonymous users are allowed to have other write permissions
Anon_max_rate=0
Limit the maximum transfer rate for anonymous users. 0 means no limit.
Local user
Local_enable=YES
Whether to allow local users to access
Local_umask=022
Set the mask value of the file uploaded by the local user (here is the inverse mask)
Local_root=/var/ftp
Set the FTP root directory of the local user
Chroot_local_user=YES
Whether to lock up FTP users in the host directory
Local_max_rate=0
Set the maximum transfer rate for local users. 0 means there is no limit.
Global configuration
Listen=YES
Whether to monitor the service in an independent manner
Listen_address=0.0.0.0
Set the IP address of the FTP service
Listen_port=21
Set the port number of the rugged FTP service
Write_enable=YES
Enable any form of write permission
Download_enable=YES
Whether to allow downloading of files
Dirmessage_enable=YES
The .message file is displayed when the user switches to the directory
Xferlog_enable=YES
Enable Xferlog logging, which is recorded in / var/ftp/xferlog by default
Xferlog_std_format=YES
Start the standard Xferlog log format
Connet_form_port_20=YES
Allow server active mode (establish data connection from port 20)
Global configuration
Pasv_enable=YES
Allow passive mode connection
Pasv_max_port=24600
Set the maximum port number of the server for passive mode
Pasv_min_port=24500
Set the server minimum port number for passive mode
Pam_service_name=vsftpd
Set the PAM file location for user authentication
Userlist_enable=YES
Whether to enable user_list user list file
Userlist_deny=YES
Whether to disable user accounts in the user_list user list
Max_client=0
The maximum number of clients allowed to connect at the same time. 0 means no limit.
Max_per_ip=0
For clients from the same IP address, the maximum number of concurrent connections is allowed. 0 means no limit.
Tcp_wrappers=YES
Whether to start Tcp_wrappers host access control
Note:
2 FTP root directory cannot give write permission, this is fixed.
2 the user list file sets the ftpusers file, and the users listed in this file will not be allowed to log on to the vsftpd server and will not even have a chance to enter a password.
2 user list file sets the user_list file, which can contain users who may be prohibited from logging in or may be allowed to log in, depending on the parameter configuration in the vsftpd.conf file, you can enter a password but the login is not successful.
2 upload anti-mask calculation: file permissions = 777-111-022, directory permissions = 777-022.
2 in the above steps, if you encounter the steps that need to create directories and files, pay attention to the file permissions, otherwise it may cause problems in the following operations.
2 server active mode: the server port 20 is actively connected to the client port 20, the same port transmits data, and the transmission rate is high.
2 server passive mode: the server port 20 is passively connected to the non-port 20 of the client. Different ports transmit data, which is more secure, but the transmission rate is calculated through the port.
2 the permissions of mapped users use anonymous users by default, so if you want to operate on mapped users, you only need to manipulate parameters about anonymous users. (edit vsftpd.conf related anon parameters)
DNS domain name resolution service: using BIND software
BIND service process name: named
The configuration file path of the BIND service: / etc/named.conf
The regional database file path of the BIND service: / etc/named/
The root data file save path of the BIND service: / var/named/named.ca
Build steps:
Set up the network, turn off the firewall function and firewall service.
Install BIND package: bind package main package, bind-utils provides testing tools for services, bind-libs provides library functions that bind needs to use, and bind-chroot provides a camouflage directory (/ var/named/chroot) for BIND services to improve security.
Set the parameters of the named.conf file: vim / etc/named.conf.
Create a zone data profile: cp / var/named/named.empty / var/named/ren.zone
Edit the zone data configuration file to add resolution records: vim / var/named/ren.zone
Give the file read and write access: chmod 777 ren.zone
Start the named service and reload the configuration: service named start service named reload
Build a cached domain name server:
Edit the main configuration file: vim / etc/named.conf add parameters:
Option {
Forwarders {202.96.134.133; 114.114.114.114;}
}
Start the named service: service named start.
Build the primary domain name server:
Edit the main configuration file: vim / etc/named.conf add parameters:
Zone "benet.com" IN {forward resolution
Type master; is set as the primary domain name server
File "benet.zone" sets the path to the zone data file
Allow-transfer {192.168.1.2;}; allows downloading of forward data from the server
}
Zone "192.168.1.in-addr.arpa" IN {reverse parsing
Type master; is set as the primary domain name server
File "192.168.1.2.arpa"; sets the path to the zone data file
Allow-transfer {192.168.1.2;}; allows reverse data to be downloaded from the server
}
Configure the zone data file: vim / var/named/ren.zone.
Start the named service: service named start.
Build the cache server:
Edit the main configuration file: vim / etc/named.conf add parameters:
Zone "benet.com" IN {forward resolution
Type slave; is set as the primary domain name server
File "slaves/benet.zone" sets the path to the zone data file
Masters {192.168.1.1;}; download forward data from the primary domain name server
}
Zone "192.168.1.in-addr.arpa" IN {reverse parsing
Type slave; is set as the primary domain name server
File "slaves/192.168.1.2.arpa"; sets the path to the zone data file
Masters {192.168.1.1;}; download reverse data from the primary domain name server
}
Start the named service and reload the configuration: service named start service named reload
Check whether the data copies the same zone data file from the primary domain name server: cd / etc/named/slaves | ls
Note:
2 "." must exist in each configuration file. The parameter of the root domain, which is not recommended to be changed at will.
2 We can use the nslookup tool to test the resolution of the DNS service: nslookup
Server 192.168.1.1 specifies the DNS server
Set type=ns,mx,a,cname,ptr specifies the type of resolution record for the test
Www.benet.com tests the resolution of this domain name
Parse the record:
2 MX email resolution record: a mail server that resolves a company's secondary domain name to a third-tier domain name within the company.
2 NS resolution record: a server that resolves a company's second-level domain name to a third-level domain name within the company.
2 A host resolution record: resolve a domain name to an IP address.
2 PTR pointer resolution record: resolve an IP address into a domain name.
2 CNAME alias resolution record: resolve one domain name to another alias to improve the security of the server.
The general idea of building the server: configure the correct network parameters and turn off the firewall. Install the corresponding software package for the service and edit the corresponding configuration file. Open the service and reload the configuration file. When modifying the configuration file, pay attention to all kinds of annotation symbols, think calmly and make mistakes when there are problems, and check the configuration file carefully.
Samba service parameter memory: global is the global parameter item, homes is the home directory parameter item, and printers is the printer shared parameter item.
Memory rule of FTP service parameters: we can see that anon is an anonymous access parameter, local is a user access parameter, and others are global.
BIND service master domain type is master, slave domain type is slave, region address data configuration should pay attention to the direction of parsing records.
Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.
Views: 0
*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.
Continue with the installation of the previous hadoop.First, install zookooper1. Decompress zookoope
"Every 5-10 years, there's a rare product, a really special, very unusual product that's the most un
© 2024 shulou.com SLNews company. All rights reserved.