本课适合有一定LINUX基础的人学习。
录像:上集 http://www.boobooke.com/v/bbk1159
下集 http://www.boobooke.com/v/bbk1160
欢迎大家给我发邮件:street.yao(at)gmail.com
本讲中包括的9种网络服务:yum samba nfs ftp dovecot sendmail httpd iptables tcpwrapper
------环境
# uname -a
Linux centos5 2.6.18-8.el5
IP : 192.168.2.88 server:192.168.2.1
hostname: centos5
----yum
# mkdir /a
# mount /dev/cdrom /a
# vi /etc/yum.repo.d/CentOS-Media.repo
[street]
name=from street
baseurl=file:///a
enable=1
gpgcheck=0
# mv CentOS-Base.repo CentOS-Base.repo.bak
# yum whatprovides /usr/bin/nmap
# yum install nmap
# system-config-packages
# nmap localhost
# yum whatprovides /usr/bin/iostat
# yum install sysstat
# system-config-packages 不用记包名 自动解决包之间的依赖关系按 ctrl+q 退出
---------smb
从LINUX访问WINDOWS共享的文件
# service smb start
useradd aa
passwd aa
# smbpasswd -a aa
# vi /etc/samba/smb.conf
[aaa]
comment = aaaaaaaaaaaa
path = /aa
valid users =
writable = yes
# useradd oracle
# passwd oracle
# smbpasswd -a oracle
# smbclient //localhost/legal -U oracle%oracle
# mount //192.168.0.254/share /mnt -o username tom
从LINUX访问LINUX共享的文件
# smbclient -L localhost -N
# smbclient //192.168.2.1/share
smb: \> put /etc/hosts hosts
# man 5 smb.conf
netstat -auntp|grep smbd
------nfs
# service nfs start
# vi /etc/exports
/home/guests 192.168.0.0/255.255.255.0(rw,sync)
if there is 255.255.255.255 whill only specifi to one ip address
显示nfs # showmount -e localhost
---------------ftp
# service vsftpd start
# ldd `which vsftpd` |grep wra
libwrap.so.0 => /usr/lib/libwrap.so.0 (0x00e4f000)
# vi /etc/vsftpd/vsftpd.conf
#anon_upload_enable=YES
#ascii_upload_enable=YES
#ascii_download_enable=YES
21传FTP的命令 20传FTP的数据
---------------dovecot:
# find /etc/ -name dovecot.pem
/etc/pki/dovecot/certs/dovecot.pem
/etc/pki/dovecot/private/dovecot.pem
# find /etc -name dovecot.pem -exec rm {} \;
# make -C /etc/pki/tls/certs dovecot.pem
# find /etc/pki -name dovecot.pem -exec ls -l {} \;
# grep -e ssl_cert -e ssl_key /etc/dovecot.conf
#ssl_cert_file = /etc/pki/dovecot/certs/dovecot.pem
#ssl_key_file = /etc/pki/dovecot/private/dovecot.pem
#ssl_key_password =
# vi /etc/dovecot.conf
# grep -e ssl_cert -e ssl_key /etc/dovecot.conf
#ssl_disable=no ----去掉ssl加密,如果要进行对称加密时打开
ssl_cert_file = /etc/pki/dovecot/certs/dovecot.pem
ssl_key_file = /etc/pki/dovecot/private/dovecot.pem
--pem是公钥和私钥在一起,如果分开分别是key crt,先用make生成key,再生成crt
# cp /etc/pki/tls/certs/dovecot.pem /etc/pki/dovecot/certs/dovecot.pem
# cp /etc/pki/tls/certs/dovecot.pem /etc/pki/dovecot/private/dovecot.pem
# service dovecot start
# mutt -f imaps://localhost
# cat /etc/passwd | mail -s toaa -v aa
# mutt -f imaps://localhost
# mutt -f imaps://aa@localhost
----------------sendmail:
sendmail-cf
# alternatives --config mta
# vi /etc/mail/sendmail.mc
dnl #DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA')dnl
# vi /etc/aliases
# newalias
# m4 sendmail.mc > sendmail.cf
# vi /etc/mail/local-host-names
station5.example.com
# service sendmail restart
----------------http:
# cd /var/www/html/
# cp /etc/passwd ./index.html
# vi /etc/httpd/conf/httpd.conf
NameVirtualHost 182.119.106.245:80
<VirtualHost 182.119.106.245:80>
DocumentRoot /data
ServerName bb.tt.ca
</VirtualHost>
<VirtualHost 182.119.106.245:80>
DocumentRoot /aa
ServerName aa.tt.ca
</VirtualHost>
# service httpd restart
# cat /data/index.html
llllllll
# cat index.html
cwddkk[C[Cllllllll
# ping -c1 server1.example.com
# elinks -dumphttp://aa.tt.ca
-----iptables:
# iptables -A INPUT -p tcp --dport 80 -s 182.119.106.0/24 -j REJECT
# iptables -A INPUT -s ! 182.119.106.0/24 -p tcp --dport 21 -j REJECT
# iptables -nL ----n表示数字,可以减去域名解析的时间
-A 追加一个规则 -I 在前面插入一个规则 ^] TELNET中的退出
#iptables -F input ---去掉INPUT规则
#iptables -A INPUT -p icmp -j DROP -----去掉ping包,IP层到TCP层有三种包:UDP TCP ICMP
#iptables -A INPUT -s 192.168.0.0./24 -d 192.168.0.25 -p tcp --dport 22 -j DROP
--封锁本网内的ssh访问
# service iptables save
-------------tcpwrapper
vsftpd: 182.119.106.0/255.255.255.0
"hosts.deny" 10L, 404C written
sshd: 182.119.106.203
vsftpd: 182.119.106.203
"/etc/hosts.allow" 7L, 240C written
# ldd `which sshd`|grep wra
libwrap.so.0 => /usr/lib/libwrap.so.0 (0x0044a000)
欢迎大家到我的博客上留言:http://www.itstreets.com
或给我发邮件:street.yao(at)gmail.com
Jun.26
