linux 之基础服务
本章内容
dns
samba
vsftp
squid
rsync
1. dns
yum install -y bind
vim /etc/named.conf
zone "123.com" IN {
type master;
file "123.com.zone";
};
cat/var/named/named.localhost
named-checkconf
vim /var/named/123.com.zone
$TTL 1D
@ IN SOA @ admin.123.com. (
2015010909 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
IN NS ns.123.com.
IN MX 5 mail.123.com.
ns IN A 192.168.1.116
mail IN A 192.168.11.20
www IN A 11.11.11.11
bbs IN CNAME www
文件格式cat /var/named/named.localhost
# named-checkzone "123.com" /var/named/123.com.zone
[root@localhost ~]# vim /etc/named.conf
options {
listen-on port 53 { 127.0.0.1;192.168.1.116; };
[root@localhost ~]# named-checkzone "123.com" /var/named/123.com.zone
named-checkzone "123.com" /var/named/123.com.zone
/etc/init.d/named restart
dig @192.168.1.116 www.123.com
反向解析
vim /etc/named.conf
zone "1.168.192.in-addr.arpa" IN {
type master;
file "1.168.192.zone";
};
vim /var/named/1.168.192.zone
$TTL 1D
@ IN SOA @ admin.123.com. (
2015010909 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
IN NS ns.123.com.
20 IN PTR mail.123.com.
116 IN PTR ns.123.com.
[root@localhost ~]# named-checkconf
[root@localhost ~]# /etc/init.d/named restart
[root@localhost ~]# dig @192.168.1.116 -x 192.168.1.116
[root@localhost ~]# dig @192.168.1.116 -x 192.168.1.20
DNS主从
vim /etc/name.conf
zone "123.com" IN {
type slave;
file "slaves/123.com.zone";
masters { 192.168.1.116; };
};
zone "1.168.192.in-addr.arpa" IN {
type slave;
file "slaves/1.168.192.zone";
masters { 192.168.1.116; };
};
/etc/init.d/named restart
[root@localhost ~]# ls /var/named/slaves/
1.168.192.zone 123.com.zone
cat /var/named/slaves/123.com.zone
$ORIGIN .
$TTL 86400 ; 1 day
123.com IN SOA 123.com. admin.123.com. (
2015010909 ; serial
86400 ; refresh (1 day)
3600 ; retry (1 hour)
604800 ; expire (1 week)
10800 ; minimum (3 hours)
)
NS ns.123.com.
MX 5 mail.123.com.
$ORIGIN 123.com.
bbs CNAME www
mail A 192.168.11.20
ns A 192.168.1.116
www A 11.11.11.11
实时同步
要在主上
include "/etc/named.root.key";
zone "123.com" IN {
type master;
file "123.com.zone";
notify yes;
also-notify { 192.168.1.112; };
};
zone "1.168.192.in-addr.arpa" IN {
type master;
file "1.168.192.zone";
notify yes;
also-notify { 192.168.1.112; };
};
[root@localhost ~]# named-checkconf
[root@localhost ~]# /etc/init.d/named restart
2. samba
yum install -y samba samba-client
vim /etc/samba/smb.conf
workgroup = WORKGROUP
security = share
[share]
comment = share all
path = /tmp/samba
browseable = yes
public = yes
writable = no
mkdir /tmp/samba
chmod 777 /tmp/samba/
echo "dfahfak" > /tmp/samba/sharefiles
/etc/init.d/smb start
testparm
file://192.168.1.112/share/sharefiles
security = user
[myshare]
comment = share for users
path = /samba
browseable = yes
writable = yes
public = no
mkdir /samba
chmod 777 /samba/
useradd user1
useradd user2
pdbedit -a user1
pdbedit -a user2
pdbedit -L
file://IP/myshare/
smbclient //IP/共享名 -U 用户名
pdbedit -x username //删除Samba账户。
pdbedit -Lv //列出Samba用户列表详细信息。
pdbedit -c “[D]” -u username //暂停该Samba用户账号
pdbedit -c “[]” -u username //恢复该Samba用户账号。
3.vsftp
yum install -y vsftpd db4-utils
useradd virftp -s /sbin/nologin
vim /etc/vsftpd/vsftpd_login
test
123456
chmod 600 /etc/vsftpd/vsftpd_login
db_load -T -t hash -f /etc/vsftpd/vsftpd_login /etc/vsftpd/vsftpd_login.db
mkdir /etc/vsftpd/vsftpd_user_conf
cd /etc/vsftpd/vsftpd_user_conf
vim test1
local_root=/home/virftp/test
anonymous_enable=NO
write_enable=YES
local_umask=022
anon_upload_enable=NO
anon_mkdir_write_enable=NO
idle_session_timeout=600
data_connection_timeout=120
max_clients=10
max_per_ip=5
local_max_rate=50000
mkdir /home/virftp/test1
chown -R virftp:virftp /home/virftp/
vim /etc/pam.d/vsftpd
auth sufficient /lib64/security/pam_userdb.so db=/etc/vsftpd/vsftpd_login
account sufficient /lib64/security/pam_userdb.so db=/etc/vsftpd/vsftpd_login
vim /etc/vsftpd/vsftpd.conf
chroot_local_user=YES
guest_enable=YES
guest_username=virftp
virtual_use_local_privs=YES
user_config_dir=/etc/vsftpd/vsftpd_user_conf
/etc/init.d/vsftpd restart
4. squid
yum install -y squid
squid -v
http_port 3128
acl manager proto cache_object
acl localhost src 127.0.0.1/32 ::1
acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1
acl localnet src 10.0.0.0/8 # RFC1918 possible internal network
acl localnet src 172.16.0.0/12 # RFC1918 possible internal network
acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
acl SSL_ports port 443
acl Safe_ports port 80 8080 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl CONNECT method CONNECT
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localnet
http_access allow localhost
http_access allow all
cache_dir aufs /data/cache 1024 16 256
cache_mem 128 MB
hierarchy_stoplist cgi-bin ?
coredump_dir /var/spool/squid
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern \.(jpg|png|gif|mp3|xml) 1440 50% 2880 ignore-reload
refresh_pattern . 0 20% 4320
[root@localhost ~]# mkdir /data/cache
[root@localhost ~]# chown -R squid:squid /data/cache/
[root@localhost ~]# squid -z
[root@localhost ~]# /etc/init.d/squid start
curl -xlocalhost:3128 www.baidu.com
在acl http proto HTTP下添加
acl http proto HTTP
acl good_domain dstdomain .apelearn.com .testlinux.com
http_access allow http good_domain
http_access deny http !good_domain
acl http proto HTTP
acl bad_domain dstdomain .sina.com .souhu.com
http_access allow http !bad_domain
http_access deny http bad_domain
反向代理
http_port 80 accel vhost vport
cache_peer 180.97.33.108 parent 80 0 originserver name=a
cache_peer 101.226.103.106 parent 80 0 originserver name=b
cache_peer_domain a www.qq.com
cache_peer_domain b www.baidu.com
cache_peer 192.168.10.111 parent 80 0 originserver
5. rsync
vim /etc/rsyncd.conf
#port=870
log file=/var/log/rsync.log
pid file=/var/run/rsyncd.pid
#address=192.168.1.122
[test]
path=/usr/local/src
use chroot=no
max connections=4
read only=no
list=no
uid=root
gid=root
auth user=test
secret file=/etc/rsyncd.passwd
hosts allow=192.168.1.123
vim /etc/rsyncd.passwd
test:test123
chmod 600 /etc/rsyncd.passwd
rsync --daemon
ps aux |grep rsync
拉取: rsync -av ip::module/filename /dir/
推送: rsync -av /dir/ ip::module/filename
到客户端rsync -avL test@192.168.1.122::test /home/ 拉取
rsync -avzP --port 873 /tmp test@192.168.1.122::test/ 推送
rsync -avL --port 端口号 rest@192.168.1.122::test /home/
rsync -av /usr/local/src/ 192.168.1.123:/usr/local/src/
rsync 192.168.1.122:: 查看模块名
rsync -avL --porrt 873 --password-file=/etc/rsync_pass.txt test@192.168.1.122::test /home/
指定密码
浙公网安备 33010602011771号