linux学习文档详细版.docx

1、linux学习文档详细版cdcdlinux学习文档（修订版）2008年11月一、 最小安装组件(略)二、 Vsftpd的配置相关(一) 可用root与anoymous登录ftp1、 启动：Service vsftpd start | resetart | stop2、 配置文件：/etc/vsftpd/vsftpd.confa) chroot_list_enable=YES 允许root有效b) chroot_list_file=/etc/vsftpd/chroot_list习惯改为：chroot_list_file=/etc/vsftpd/chroot.list c) 添加chroot_lo

2、cal_user=YES 本地用户受阻隔3、 chroot.list文件内容：添加用户root，以允许root访问在 /etc/vsftpd/下面用 vim chroot.list 命令建立一个chroot.list的新文件，文件内容为root即可。4、 /etc/vsftpd.ftpusers中，注释掉root用户5、用vim 命令编辑/etc/vsftpd.user_list文件，在root用户前加上“”即可。(二) 使用anonymous在upload中上传文件默认公用ftp目录：/var/ftp/pub1、 mkdir upload2、 chmod o+w upload或chmod 7

3、57 upload3、 修改/etc/vsftpd/vsftpd.confa) anon_upload_enable=YESb) anon_mkdir_write_enable=YES# Example config file /etc/vsftpd.conf# The default compiled in settings are very paranoid. This sample file# loosens things up a bit, to make the ftp daemon more usable.# Allow anonymous FTP?anonymous_enable

4、=YES# Uncomment this to allow local users to log in.local_enable=YES# Uncomment this to enable any form of FTP write command.write_enable=YES# Default umask for local users is 077. You may wish to change this to 022,# if your users expect that (022 is used by most other ftpds)local_umask=022# Uncomm

5、ent this to allow the anonymous FTP user to upload files. This only# has an effect if the above global write enable is activated. Also, you will# obviously need to create a directory writable by the FTP user.anon_upload_enable=YES# Uncomment this if you want the anonymous FTP user to be able to crea

6、te# new directories.anon_mkdir_write_enable=YES# Activate directory messages - messages given to remote users when they# go into a certain directory.dirmessage_enable=YES# Activate logging of uploads/downloads.xferlog_enable=YES# Make sure PORT transfer connections originate from port 20 (ftp-data).

7、connect_from_port_20=YES# If you want, you can arrange for uploaded anonymous files to be owned by# a different user. Note! Using root for uploaded files is not# recommended!#chown_uploads=YES#chown_username=whoever# You may override where the log file goes if you like. The default is shown# below.#

8、xferlog_file=/var/log/vsftpd.log# If you want, you can have your log file in standard ftpd xferlog formatxferlog_std_format=YES# You may change the default value for timing out an idle session.#idle_session_timeout=600# You may change the default value for timing out a data connection.#data_connecti

9、on_timeout=120# It is recommended that you define on your system a unique user which the# ftp server can use as a totally isolated and unprivileged user.#nopriv_user=ftpsecure# Enable this and the server will recognise asynchronous ABOR requests. Not# recommended for security (the code is non-trivia

10、l). Not enabling it,# however, may confuse older FTP clients.#async_abor_enable=YES# By default the server will pretend to allow ASCII mode but in fact ignore# the request. Turn on the below options to have the server actually do ASCII# mangling on files when in ASCII mode.# Beware that turning on a

11、scii_download_enable enables malicious remote parties# to consume your I/O resources, by issuing the command SIZE /big/file in# ASCII mode.# These ASCII options are split into upload and download because you may wish# to enable ASCII uploads (to prevent uploaded scripts etc. from breaking),# without

12、 the DoS risk of SIZE and ASCII downloads. ASCII mangling should be# on the client anyway.#ascii_upload_enable=YES#ascii_download_enable=YES# You may fully customise the login banner string:#ftpd_banner=Welcome to blah FTP service.# You may specify a file of disallowed anonymous e-mail addresses. Ap

13、parently# useful for combatting certain DoS attacks.#deny_email_enable=YES# (default follows)#banned_email_file=/etc/vsftpd.banned_emails# You may specify an explicit list of local users to chroot() to their home# directory. If chroot_local_user is YES, then this list becomes a list of# users to NOT

14、 chroot().chroot_list_enable=YESchroot_local_user=YES# (default follows)chroot_list_file=/etc/vsftpd/chroot.list# You may activate the -R option to the builtin ls. This is disabled by# default to avoid remote users being able to cause excessive I/O on large# sites. However, some broken FTP clients s

15、uch as ncftp and mirror assume# the presence of the -R option, so there is a strong case for enabling it.#ls_recurse_enable=YESpam_service_name=vsftpduserlist_enable=YES#enable for standalone modelisten=YEStcp_wrappers=YES三、 httpd服务器1、 启动Service httpd restart2、 配置文件/etc/httpd/conf/httpd.conf3、 Docum

16、entRoot “/var/www/html” /*设置网站根目录*/4、 5、 AddDefaultCharset IS0-8859-1改为GB2312 更改语言类型为中文标准6、 DirectoryIndex index.html index.htm 修改默认首页注：在用vim编辑器时，使用“/字符串”命令进行查找要进行修改的字符串7、 端口侦听 listen 80 Listen 8080开启虚拟主机 Virtualhost 后面跟上IP地址，端口号为8080 documentRoot /var/www/web2四、 DHCP服务器1、 在安装系统时安装DHCP服务器2、 安装系统完成后，

17、再安装DHCP服务器a) 查看有无安装：rpm q dh* 或rpm qL dh*b) 挂载光驱：mount /mnt/cdrom 或mount /dev/cdrom /mnt/cdromc) 删载光驱umount /mnt/cdromd) 安装包所在位置：第二张盘/RedHat/RPMS/dhcp.rpme) Rpm ivh dhcp.rpm 或 rpm i dhcp.rpmf) 复制DHCP配置文件cp /usr/share/doc/dhcpd/dhcpd.conf.sample /etc/dhcpd.conf/* 模板文件:/usr/share/doc/dhcp-3.0pl1/dhcpd

18、.conf.sample */g) 卸掉光驱：umount或cd;ejecth) Dhcp服务的启动与关闭：service dhcpd start/restart/stop/etc/dhcpd.confddns-update-style interim;ignore client-updates;subnet 192.168.10.0 netmask 255.255.255.0 （指定DHCP分配的网段）# - default gateway option routers 192.168.10.254; 指定DHCP服务器网关地址 option subnet-mask 255.255.255.

19、0; 子网掩码# option nis-domain domain.org;# option domain-name domain.org; option domain-name-servers 192.168.32.1; 指定DNS域名服务器IP地址 option time-offset -18000; # Eastern Standard Time# option ntp-servers 192.168.1.1;# option netbios-name-servers 192.168.1.1;# - Selects point-to-point node (default is hybr

20、id). Dont change this unless# - you understand Netbios very well# option netbios-node-type 2; range dynamic-bootp 192.168.10.100 192.168.10.200; /*指定自动获取IP的范围 */ default-lease-time 21600; 默认租约时间为21600秒 max-lease-time 43200; 最大租约时间为43200秒 # we want the nameserver to appear at a fixed address host ns

21、next-server ; hardware ethernet 12:34:56:78:AB:CD; fixed-address 207.175.42.254; subnet 192.168.20.0 netmask 255.255.255.0 # - default gateway option routers 192.168.20.254; option subnet-mask 255.255.255.0;# option nis-domain domain.org;# option domain-name domain.org; option domain-name-servers 19

22、2.168.32.1; option time-offset -18000; # Eastern Standard Time# option ntp-servers 192.168.1.1;# option netbios-name-servers 192.168.1.1;# - Selects point-to-point node (default is hybrid). Dont change this unless# - you understand Netbios very well# option netbios-node-type 2; range dynamic-bootp 1

23、92.168.20.100 192.168.20.200; default-lease-time 21600; max-lease-time 43200; # we want the nameserver to appear at a fixed address# host ns # next-server ;# hardware ethernet 12:34:56:78:AB:CD;# fixed-address 207.175.42.254;# 五、 DNS服务器1、 启动named：Service named start2、 关闭named：PS -aux显示进程列表，找到named，

24、然后kill 9 3、 配置文件：/etc/named.confoptions directory /var/named; /*此目录中存放一些相关的配置文件*/ /* * If there is a firewall between you and nameservers you want * to talk to, you might need to uncomment the query-source * directive below. Previous versions of BIND always asked * questions using port 53, but BIND

25、8.1 uses an unprivileged * port by default. */ / query-source address * port 53;/ / a caching only nameserver config/ controls inet 127.0.0.1 allow localhost; keys rndckey; ;zone . IN type hint; file named.ca;zone IN /*正向域名*/ type master; file .zone; /*“.zone”此文件保存在/var/named/文件夹下*/ allow-update non

26、e; ;zone 0.0.127.in-addr.arpa IN type master; file named.local; allow-update none; ;zone 32.168.192.in-addr.arpa IN /*反向域32.168.192.in-addr.arpa*/ type master; file 32.168.192.local; /*”32.168.192.local”此文件保存在/var/named/文件夹下*/ allow-update none; ;include /etc/rndc.key;4、 域配置文件：/var/named/*.zone文本范例如

27、下：.zone$TTL 86400$ORIGIN . 1D IN SOA root ( 42 ; serial (d. adams) 3H ; refresh 15M ; retry 1W ; expiry 1D ) ; minimum 1D IN NS 1D IN A 127.0.0.1www IN A 192.168.32.1ftp IN A 192.168.32.1mail IN A 192.168.32.1反向解析域配置文件：/var/named/*.local文本范例如下：32.168.192.local$TTL 86400 IN SOA . . ( 1997022700 ; Ser

28、ial 28800 ; Refresh 14400 ; Retry 3600000 ; Expire 86400 ) ; Minimum IN NS .1 IN PTR 1 IN PTR 1 IN PTR 1 IN PTR 1 IN PTR 1 IN PTR .Yy 复制一行，dd删除一行，p粘贴一行注意：在用NSLOOKUP进行反向检测时，输入的ip地址为192.168.32.1六、 Sendmail服务器配置(一) /etc/mail/sendmail.mci. 注释掉42、43两行ii. 把127.0.0.1改为0.0.0.0(二) m4 sendmail.mc sendmail.cf(三) /etc/mail/sendmail.cf把Cwlocalhost改为Cw域名(四) 启动service sendmail restart