Network Security Internet Technology Development Database Servers Mobile Phone Android Software Apple Software Computer Software News IT Information

In addition to Weibo, there is also WeChat

Please pay attention

WeChat public account

Shulou

thirty-nine。 Build Linux basic services dhcp, samba, ftp, dns

2025-03-29 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Servers >

Share

Shulou(Shulou.com)06/03 Report--

LInux build a variety of server tutorials!

DHCP server:

Set the permanent network profile path: / etc/sysconfig/network-scripts/ifcfg-eth0

Set the path of the network card display profile: / etc/udev/rules.d/70-persistent-net.rules

Firewall profile path: / etc/sysconfig/selinux

Process name of the DHCP service: dhcpd

Build steps:

Set up the network, turn off the firewall function and firewall service.

Install the dhcpd package.

Copy the template file / usr/share/doc/dhcp-4.1.1/dhcpd.conf.sample to / etc/dhcp/dhcpd.conf.

Configure the dhcpd.conf file scope parameters, and then save.

Reload the service service dhcpd reload.

Note:

The scope parameter must have a scope that belongs to the server network segment, otherwise the service will not start properly.

Unable to get the address to check network connectivity, the host address configuration parameters must be complete.

The service cannot start normally to check the integrity of the configuration file. If a space or symbol is incorrect, there will be a problem. If there is an unending problem, we can only re-copy the parameters of the template file.

Samba server: shared file server

The process name of the Samba service: samd,nmbd.

Samba service profile path: / etc/samba/smb.conf.

The Samba shared user's account database file path: / var/lib/samba/private/passdb.tdb.

The mapping file for the Samba shared account is located in / etc/samba/smbusers

Build steps:

Set up the network, turn off the firewall function and firewall service.

Install the Samba package. It has three packages, a public package, a server package, and a client package.

Profile smb.conf parameter.

Reload the service service dhcpd reload.

Create shared users: the service has a separate user database, but the prerequisite for creating shared users is that there must be system users with the same account. Command: pdbedit-a-u ren means: add the system user ren to the shared user.

Steps for creating shared account mapping:

Edit the account mapping file smabusers

The main configuration file smb.conf adds the global parameter username map = / etc/samba/smbusers

Reload the service service dhcpd reload.

Use the client to access the shared folder: smbclient-U ren / / 192.168.1.1/pub

For long-term access to this shared folder, you can mount this network path to a specified directory:

Edit / etc/fstab file to set the corresponding parameters. The system file type used here is: smbfs

Mount-o username=ren,passwoed=123 / / 192.168.1.1/pub / mnt

Common parameters of smb.conf files

Configuration item

Description

Workgroup

Set the name of the workgroup where the server is located, and generally keep it by default

Server string

Sets the description text for the server to describe the file server

Security

Set it to user to log in with shared username and password, set to share to access anonymously, set to server to delegate the work of verifying username and password to another server, and set to domain to indicate that the work of verifying username and password is done by domain control.

Log life

Set the log file for the server, which is in the / var/log/samba/log.%m file by default

Passwd backend

Set the type of shared account. TDB database files are used by default. Just keep it by default.

Conmment

Set the comment parameters corresponding to the shared directory

Path

Set the path to the shared directory

Browseable

Sets whether the shared directory is visible in the network neighbor. No is a hidden shared directory.

Guest ok

Sets whether the shared directory can be accessed by everyone, the same as the public parameter

Writable

Sets whether the shared directory is writable

Valid users

Set to allow only this user to access this directory

Writable list

Set to allow only this user to write

Read only

Make the shared directory readable

Note: build anonymous access and user access at the same time, add the parameter map to guest = bad user to the global parameter, and set the Security parameter to user, then the user access only needs to add the parameter Valid users to specify who to access. Anonymous access is not specified.

FTP File transfer Service

Process name of the FTP service: vsftpd

The configuration file path of the FTP service: / etc/vsftpd/vsftpd.conf

The user list file path for the FTP service: / etc/vsftpd/ftpusers, / etc/vsftpd/user_list.

The default PAM authentication file path for the FTP service is / etc/pam.d/vsftpd.

Build steps:

Set up the network, turn off the firewall function and firewall service.

Install the FTP package. Vaftpd is the server package and ftp is the client package.

Profile vsftpd.conf parameter.

Reload the service service dhcpd reload.

Steps for creating account mapping:

Create a user name in text format, password list: vim / etc/vsftpd/ren.list (file rules: odd behavior user name, even behavior password).

Convert the list to a DB database file: db_load-T-t hash-f ren.list ren.db.

Create a system account to be mapped: useradd-d / var/ftproot-s / sbin/nologin ren.

Change home directory permissions can be read and executed: chmod 755 / var/ftproot.

Establish PAM authentication file: vim / etc/pam.d/ren.vu.

#% PAM-1.0

Auth required pam_userdb.so db=/etc/vsftpd/ren

Account required pam_userdb.so db=/etc/vsftpd/ren

Modify vsftpd.conf parameters to add virtual user support:

Local_enable=YES

Local users need to be mapped, so enable this

Write_enable=YES

Enable upload and write support

Anon_umask=022

Specify upload permission mask

Guest_enable=YES

Enable user mapping

Guest_username=virtual

Specify the mapped system user name

Pam_service_name=ren.vu

Specify a new PAM authentication file

Create separate profiles for different virtual users:

Edit the vsftpd.conf file: vim / etc/vsftpd/vsftpd.conf.

Add parameter: user_config_dir=/etc/vsftpd/ren_dir.

Create a configuration file directory: mkdir / etc/vsftpd/ren_dir.

Enter this directory to create a separate profile for the user:

Vim ren

Anon_upload_enable=YES

Anon_mkdir_write_enable=YES

Reload the configuration: service dhcpd reload.

Common configuration parameters of vsftpd.conf

Scope of action

Configuration parameters

Meaning

Anonymous user

Anonymous_enables=YES

Whether anonymous access is allowed

Anon_umask=022

The mask value of the file uploaded by an anonymous user (here is the inverse mask)

Anon_root=/var/ftp

Set the FTP root directory for anonymous users

Anon_upload_enable=YES

Set whether anonymous users can upload files

Anon_mkdir_write_enable=YES

Set anonymous users to have write permission to create a directory

Anon_other_write_enable=YES

Whether anonymous users are allowed to have other write permissions

Anon_max_rate=0

Limit the maximum transfer rate for anonymous users. 0 means no limit.

Local user

Local_enable=YES

Whether to allow local users to access

Local_umask=022

Set the mask value of the file uploaded by the local user (here is the inverse mask)

Local_root=/var/ftp

Set the FTP root directory of the local user

Chroot_local_user=YES

Whether to lock up FTP users in the host directory

Local_max_rate=0

Set the maximum transfer rate for local users. 0 means there is no limit.

Global configuration

Listen=YES

Whether to monitor the service in an independent manner

Listen_address=0.0.0.0

Set the IP address of the FTP service

Listen_port=21

Set the port number of the rugged FTP service

Write_enable=YES

Enable any form of write permission

Download_enable=YES

Whether to allow downloading of files

Dirmessage_enable=YES

The .message file is displayed when the user switches to the directory

Xferlog_enable=YES

Enable Xferlog logging, which is recorded in / var/ftp/xferlog by default

Xferlog_std_format=YES

Start the standard Xferlog log format

Connet_form_port_20=YES

Allow server active mode (establish data connection from port 20)

Global configuration

Pasv_enable=YES

Allow passive mode connection

Pasv_max_port=24600

Set the maximum port number of the server for passive mode

Pasv_min_port=24500

Set the server minimum port number for passive mode

Pam_service_name=vsftpd

Set the PAM file location for user authentication

Userlist_enable=YES

Whether to enable user_list user list file

Userlist_deny=YES

Whether to disable user accounts in the user_list user list

Max_client=0

The maximum number of clients allowed to connect at the same time. 0 means no limit.

Max_per_ip=0

For clients from the same IP address, the maximum number of concurrent connections is allowed. 0 means no limit.

Tcp_wrappers=YES

Whether to start Tcp_wrappers host access control

Note:

2 FTP root directory cannot give write permission, this is fixed.

2 the user list file sets the ftpusers file, and the users listed in this file will not be allowed to log on to the vsftpd server and will not even have a chance to enter a password.

2 user list file sets the user_list file, which can contain users who may be prohibited from logging in or may be allowed to log in, depending on the parameter configuration in the vsftpd.conf file, you can enter a password but the login is not successful.

2 upload anti-mask calculation: file permissions = 777-111-022, directory permissions = 777-022.

2 in the above steps, if you encounter the steps that need to create directories and files, pay attention to the file permissions, otherwise it may cause problems in the following operations.

2 server active mode: the server port 20 is actively connected to the client port 20, the same port transmits data, and the transmission rate is high.

2 server passive mode: the server port 20 is passively connected to the non-port 20 of the client. Different ports transmit data, which is more secure, but the transmission rate is calculated through the port.

2 the permissions of mapped users use anonymous users by default, so if you want to operate on mapped users, you only need to manipulate parameters about anonymous users. (edit vsftpd.conf related anon parameters)

DNS domain name resolution service: using BIND software

BIND service process name: named

The configuration file path of the BIND service: / etc/named.conf

The regional database file path of the BIND service: / etc/named/

The root data file save path of the BIND service: / var/named/named.ca

Build steps:

Set up the network, turn off the firewall function and firewall service.

Install BIND package: bind package main package, bind-utils provides testing tools for services, bind-libs provides library functions that bind needs to use, and bind-chroot provides a camouflage directory (/ var/named/chroot) for BIND services to improve security.

Set the parameters of the named.conf file: vim / etc/named.conf.

Create a zone data profile: cp / var/named/named.empty / var/named/ren.zone

Edit the zone data configuration file to add resolution records: vim / var/named/ren.zone

Give the file read and write access: chmod 777 ren.zone

Start the named service and reload the configuration: service named start service named reload

Build a cached domain name server:

Edit the main configuration file: vim / etc/named.conf add parameters:

Option {

Forwarders {202.96.134.133; 114.114.114.114;}

}

Start the named service: service named start.

Build the primary domain name server:

Edit the main configuration file: vim / etc/named.conf add parameters:

Zone "benet.com" IN {forward resolution

Type master; is set as the primary domain name server

File "benet.zone" sets the path to the zone data file

Allow-transfer {192.168.1.2;}; allows downloading of forward data from the server

}

Zone "192.168.1.in-addr.arpa" IN {reverse parsing

Type master; is set as the primary domain name server

File "192.168.1.2.arpa"; sets the path to the zone data file

Allow-transfer {192.168.1.2;}; allows reverse data to be downloaded from the server

}

Configure the zone data file: vim / var/named/ren.zone.

Start the named service: service named start.

Build the cache server:

Edit the main configuration file: vim / etc/named.conf add parameters:

Zone "benet.com" IN {forward resolution

Type slave; is set as the primary domain name server

File "slaves/benet.zone" sets the path to the zone data file

Masters {192.168.1.1;}; download forward data from the primary domain name server

}

Zone "192.168.1.in-addr.arpa" IN {reverse parsing

Type slave; is set as the primary domain name server

File "slaves/192.168.1.2.arpa"; sets the path to the zone data file

Masters {192.168.1.1;}; download reverse data from the primary domain name server

}

Start the named service and reload the configuration: service named start service named reload

Check whether the data copies the same zone data file from the primary domain name server: cd / etc/named/slaves | ls

Note:

2 "." must exist in each configuration file. The parameter of the root domain, which is not recommended to be changed at will.

2 We can use the nslookup tool to test the resolution of the DNS service: nslookup

Server 192.168.1.1 specifies the DNS server

Set type=ns,mx,a,cname,ptr specifies the type of resolution record for the test

Www.benet.com tests the resolution of this domain name

Parse the record:

2 MX email resolution record: a mail server that resolves a company's secondary domain name to a third-tier domain name within the company.

2 NS resolution record: a server that resolves a company's second-level domain name to a third-level domain name within the company.

2 A host resolution record: resolve a domain name to an IP address.

2 PTR pointer resolution record: resolve an IP address into a domain name.

2 CNAME alias resolution record: resolve one domain name to another alias to improve the security of the server.

The general idea of building the server: configure the correct network parameters and turn off the firewall. Install the corresponding software package for the service and edit the corresponding configuration file. Open the service and reload the configuration file. When modifying the configuration file, pay attention to all kinds of annotation symbols, think calmly and make mistakes when there are problems, and check the configuration file carefully.

Samba service parameter memory: global is the global parameter item, homes is the home directory parameter item, and printers is the printer shared parameter item.

Memory rule of FTP service parameters: we can see that anon is an anonymous access parameter, local is a user access parameter, and others are global.

BIND service master domain type is master, slave domain type is slave, region address data configuration should pay attention to the direction of parsing records.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.

Views: 0

*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.

Share To

Servers

Wechat

© 2024 shulou.com SLNews company. All rights reserved.

12
Report