LINUX

Redhat Linux
/ 80 2
Mc lc chnh

Bi 1: Gii thi#u, ci '(t Redhat, v t+ng quan cc l#nh thng
th./ng ........................................................................ 3

Bi 2: Ci '(t v C1u hnh DHCP Server ............................. 21

Bi 3: Ci '(t v C1u hnh DNS Server ............................... 25

Bi 4: Ci '(t v C1u hnh Samba Server ............................ 31

Bi 5: Ci '(t v C1u hnh Squid Server .............................. 45

Bi 6: Ci '(t v C1u hnh Apache Server ........................... 51

Bi 7: Ci '(t v C1u hnh Sendmail ................................... 73

Bi 8: Ci '(t v C1u hnh RAS ........................................... 79

Cc ph3n m5m cng c6 h8 tr: (third party)

Bi 10: Webmin .......................................................................

Bi 11: Secure CRT .................................................................

Bi 12: VNC .............................................................................

Ph6 l6c

M#t s& website h(u ch..........................................................

Bin son b#i mcsevietnam
/ 80 3

CH+,NG TRNH -O T/O
REDHAT LINUX CHO MCSA,MCSE

Gi1i thi4u LINUX

Linux l mi6n ph (free). ;ng free. Nh.ng trong t.!ng lai,
khi chng ta mu<n ha nh@p vo thA gii, khi chng ta mu<n c mBt
thu nh@p chnh 'ng cho ng./i l@p trnh, hi#n t.:ng sao chp trBm
ph3n m5m c3n phCi ch1m dEt. Khi ', free l mBt thng s< r1t quan
tr=ng 'F ch=n Linux.

Linux r8t :n <=nh. Tri vi suy nghG truy5n th<ng l cIa rJ l cIa
i , Linux tK nhLng phin bCn '3u tin cch 'y 5-6 nMm ' r1t +n
'Nnh. Ngay cC server Linux cIa nhLng mPng ln (hng trMm my
trPm) c>ng hoPt 'Bng r1t +n 'Nnh.

Linux <?y <A. T1t cC nhLng g bPn th1y Q IBM, SCO, Sun '5u c
Q Linux. C compiler, perl interpeter, shell , TCP/IP, proxy, firewall, ti
li#u h.ng dRn ... '5u r1t '3y 'I v c ch1t l.:ng. H# th<ng cc
ch.!ng trnh ti#n ch c>ng r1t '3y 'I .
Linux l HDH hon ton 32-bit. Nh. cc Unix khc, ngay tK '3u,
Linux ' l mBt HDH 32 bits.

Linux r8t mCm dDo trong c8u hnh. Linux cho ng./i sS d6ng c1u
hnh r1t linh 'Bng, v d6 nh. 'B phn dCi mn hnh Xwindow ty ,
dT dng sSa '+i ngay cC kernel

Linux chEy trn nhiCu my khc nhau tF PC 386, 486 tH lIp cho
<Kn SUN Sparc.

Linux <)Lc trL gip. Ngy nay, vi cc server Linux sS d6ng dL
li#u quan tr=ng, ng./i sS d6ng hon ton c thF tm '.:c sU tr:
gip cho Linux tK cc cng ty ln. IBM ' chnh thEc cho bn IBM
server chPy trn Linux. Ti li#u gii thi#u Linux ngy cng nhi5u,
khng thua km b1t cE mBt HDH no khc.

Redhat Linux
/ 80 4
Ci <Mt Redhat 7.3
ThiKt b= c?n thiKt :
a. Server : yu c3u c1u hnh :
+ CPU : Intel PII 400 ho(c cao h!n.
+ RAM : 128MB ho(c cao h!n.
+ HDD : 10GB ho(c cao h!n.
+ NIC card : 100 Mbps
+ External Modem
+ .
b. Swicth c t<c 'B 100 Mbps.
c. Cable v cc thiAt bN c3n thiAt khc.
d. Cc my client c c1u hnh :
+ CPU tK 486 trQ ln
+ RAM : 64 MB
+ HDD : 4.3GB ho(c cao h!n.
+ NIC card : 100 Mbps.
+ .

Ci <Mt v c8u hnh :
B.c '3u tin, chng ta ci '(t v khQi 'Bng tK CDROM. ;.a 'Ga
Red Hat 7.3 thE 1 vo, tPi d1u nhVc boot : , nh1n ENTER. Khi vo
'.:c bn trong, bW qua b.c kiFm tra CDROM, mn hnh tiAp theo
sX xu1t hi#n nh. sau :

/ 80 5
Default l ngn ngL tiAng Anh, Click Next.

Hy lUa ch=n thiAt bN ph3n cEng cho thch h:p, sau ' Click Next,
mn hnh tiAp theo sX nh. sau

Redhat Linux
/ 80 6
Click NEXT 'F tiAp t6c.

Hy lUa ch=n loPi hnh mu<n sS d6ng, Q 'y chng ta sX ch=n l
Custom System 'F thm mBt s< package c3n thiAt. Click NEXT.

/ 80 7

Y 'y c 2 lUa ch=n cho chng ta l m6c ch=n thE 1, h# 'i5u hnh
sX xa hAt DATA trn my v tU 'Bng ch=n phn vng 'F ci '(t.
Cn m6c ch=n thE 2 l do chnh ta sX ch[ 'Nnh phn vng no mu<n
ci v ci vi dung l.:ng l bao nhiu. Chng ta c s! '] :

Redhat Linux
/ 80 8
V d6 chng ta sX tPo cc phn vng nh. sau :

L.u l vi / boot l n!i chEa ton bB nhLng Cnh cIa kernel,
partition Swap sX l n!i lm bB nh Co cIa Linux, phn vng Swap
sX c dung l.:ng g1p 'i s< dung l.:ng RAM hi#n c. Phn vng
/home sX l n!i chEa dung l.:ng cIa m8i user, nghGa l m8i user sX
c dung l.:ng l 100MB, /home sX b^ng s< user x 100.

Khi ' sX c giao di#n nh. thA ny :

/ 80 9
Server cIa chng ta sX c cc phn vng sau :
+ /boot : 100MB
+ swap : RAM x 2
+ /home : tu_ theo s< user
+ /var : 3 GB
+ /opt : 512 MB
+ / : sS d6ng ton bB dung l.:ng cn lPi.
Ngoi ra chng ta c>ng c thF sX c mBt s< phn vng khc tu_ theo
tKng package sX sS d6ng chng lm n!i l.u trL nh. thA no.( v d6 :
/cache, /chroot,).

Sau khi tPo xong phn vng, mn hnh tiAp theo sX l :

H# 'i5u hnh sX 'nh d1u nhLng phn vng c3n format, click NEXT.

Redhat Linux
/ 80 10

Click NEXT v h# 'i5u hnh sX dng LILO lm ph3n m5m boot
default Linux.
/ 80 11

TiAp theo l chng ta sX quy 'Nnh nhLng thng s< v5 mPng theo nh.
hnh trn. Click NEXT.

Redhat Linux
/ 80 12
Ti 'y, chng ta sX quy 'Nnh chA 'B bCo m@t cho h# th<ng, theo tu_
ch=n l No Firewall, Q chEc nMng ny, chng ta c thF thay '+i dT
dng khi vo trong giao di#n cIa Linux. Click NEXT.

_ ;y l tu_ ch=n 'F chng ta quy 'Nnh nhLng ngn ngL m h#
th<ng cung c1p. Click NEXT.

Ch=n mi gi/ khu vUc n!i ci '(t. Click NEXT.

Y 'y, chng ta sX quy 'Nnh m@t khau cIa user root( Administrator),
v vi#c tPo mBt s< account khc. Click NEXT.

/ 80 13

Cu<i cng l n!i quy 'Nnh chA 'B bCo m@t sS d6ng c! chA m ho
MD5 v Shadow passwords, m(c 'Nnh l default. Click NEXT.

Redhat Linux
/ 80 14

Tu_ theo m6c 'ch sS d6ng m chng ta sX ci '(t nhLng package
c3n thiAt. Click NEXT v h# 'i5u hnh sX bVt '3u ci '(t.

Sau khi ci '(t xong, h# 'i5u hnh sX bCo chng ta khQi 'Bng lPi
my. Xem nh. qu trnh ci '(t ' hon t1t.
/ 80 15
Cc l4nh c2 bNn v cc file c8u hnh:

init
Linux cho php khQi 'Bng tK 6 chA 'B khc nhau:

ChK <#
(Run level)
Tr)Ong hLp sP dng
(Common Usages)
0 TVt my shutdown
1 chA 'B 1 ng./i dng (single user)
2 ;a ng./i dng khng h8 tr: Network
3 ;a ng./i dng c h8 tr: Network
4 Ch.a sS d6ng
5 ;a ng./i dung, network, Graphic
6 Restart
C php:
# init [run level]

V d:
'F vo chA 'B Graphic cIa Redhat : # init 5
'F vo chA 'B textmode 'a ng./i dung: # init 3
- Trong qu trnh khQi 'Bng, m(c 'Nnh init sX chPy t@p tin /etc/inittab
Q chA 'B 3. BPn c thF ch[nh sSa chA 'B khQi 'Bng trong t@p tin ny.
Trong m8i th. m6c /etc/rc.d/rcX.d sX l.u trL cc files, m8i file ny l
1 script m nAu tn file bVt '3u b^ng chL K c nghGa l file ny
khng '.:c kch hoPt, nAu bVt '3u b^ng chL S th file ny sX '.:c
kch hoPt trong chA 'B '.

Shutdown
C php: # shutdown h <minute:seconde>
V d: # shutdown h 22:00 (ti 10:00pm sX tiAn hnh shutdown
my)
# shutdown h now (shutdown ngay l@p tEc)
# shutdown r now ( restart ngay l@p tEc )
# shutdown h+10 (tiAn hnh shutdown sau 10 pht nLa )

Redhat Linux
/ 80 16
vi
C php: # vi <tn file>
V d: # vi /etc/issue
Sau khi vo ch.!ng trnh soPn thCo cIa vi th c 2 chA 'B c3n quan
tm:
ChA 'B soPn thCo v chA 'B nh@p l#nh. M(c 'Nnh khi vo Vi l bPn
hi#n Q chA 'B nh@p l#nh, nAu mu<n vo chA 'B soPn thCo th nh1n
phm i ho(c a. Sau khi Q chA 'B soPn thCo m mu<n thot ra chA
'B nh@p l#nh th nh1n ESC. Cc chEc nMng cIa Vi bPn c3n quan
tm:
- i dng 'F bVt '3u Q chA 'B soPn thCo vMn bCn
- Y chA 'B nh@p l#nh c cc chEc nMng chnh sau
+ :w dng 'F l.u 'oPn vMn bCn vKa '.:c thay '+i
+ :q dng 'F thot khWi Vi
+ dd dng 'F xa 1 dng tPi d1u nhVc con trW hi#n th/i
+ /string dung 'F tm kiAm 1 chu8i trong 'oPn vMn bCn
+ u undo
+ Ctrl + F cuBn xu<ng 1 trang mn hnh Vi
+ Ctrl + B cuBn ln 1 trang mn hnh Vi

cat : l#nh dung xem nBi dung cIa 1 t@p tin
C php: # cat <tn_file_c?n_hiQn_th=>
V d: # cat myfile.txt
# cat /tmp/temp.text

Logging in and out of a Linux System
TPi d1u nhVc h# th<ng phCi nh@p tn bPn v Password 'F 'Mng
nh@p vo h# th<ng Linux.
D1u nhVc : # nghGa l 'ang l account root
$ nghGa l 'ang l account th./ng

Linux l mBt h# 'i5u hnh 'a ng./i dng, cho php nhi5u ng./i
cng lc sS d6ng h# th<ng b^ng nhi5u './ng khc nhau:
C 2 loPi console 'F ng./i dng c thF vo h# th<ng Linux: Telnet
(vc) v Linux Terminal (tty). M8i loPi c 11 './ng: vc/1 vc/11 v
tty1 tty11. ;F bCo m@t h!n, th nn gii hPn ch[ cn 2 './ng cho
m8i loPi m thi. Cch thEc 'F gii hPn nh. sau:
/ 80 17
Dng vi 'F modify file /etc/securetty nh. sau:
vc/1
vc/2
#vc/3
#vc/4
..
..
#vc/10
#vc/11
tty1
tty2
#tty3
#tty4
..
..
#tty10
#tty11

man : hiFn thN thng tin chi tiAt v5 cng d6ng cch dung cc l#nh
khc
C php: # man < tn_l4nh_khc>
V d: # man ls
# man man
( ;F kAt thc l#nh man hy g k tU q )

ls: li#t k danh sch t@p tin v th. m6c hi#n th/i
C php: # ls <tham s&>
V d: # ls la (sX hiFn thN ton bB dang sch kF cC file an)

cd: thay '+i th. m6c hi#n th/i
C php: # cd <<)Ong dRn>
V d: # cd /root

Redhat Linux
/ 80 18
pwd : hiFn thN th. m6c hi#n th/i C php: # pwd

cp: copy t@p tin v th. m6c
C php: # cp <tham s&> [source] [destination]
V d: # cp R /tmp/ /etc/ (copy ton bB th. m6c tmp sang /etc/)
# cp /etc/shadow /tmp/ (copy t@p tin shadow sang th. m6c /tmp)

mv: di chuyFn t@p tin v th. m6c. L#nh ny sX di chuyFn hay '+i
tn file tK n!i ny 'An n!i khc
C php: # mv <file_hoMc_th)_mc_nguSn>
<file_hoMc_th)_mc_<ch>

mkdir: tPo th. m6c
C php: # mkdir [tn th) mc]
V d: # mkdir jupiter (tPo th. m6c Jupiter)
# mkdir p /etc/1/2/3 (tPo 1 loPt th. m6c phC h# )

rmdir: dung 'F xa 1 th. m6c
C php: # rmdir <th)_mc_mu&n_xa>
V d: # rmdir /tmp

rm: xo t@p tin v th. m6c
C php: # rm <tham s&> [tn]
V d: # rm rf sX xo sPch nBi dung bn trong 1 th. m6c => l#nh
ny r1t nguy hiFm, bPn c3n kiFm tra lPi tr.c khi xa
# rm f /etc/khangves.txt

exit v logout: trong text mode, Linux cung c1p cho bPn 6
desktop (tty1tty6) 'F lm vi#c. ;F di chuyFn qua lPi giLa cc
desktop b^ng cch nh1n t+ h:p phm Alt-F1, Alt-F2.,Alt-F6. HAi
l#nh ny dung 'F thot khWi phin lm vi#c desktop trQ v5 mn hnh
login
C php: # exit
# logout
/ 80 19

chown : l#nh ny dung 'F thay '+i chI sQ hLu cIa 1 t@p tin hay
th. m6c, gn cho t@p tin th. m6c thuBc v5 quy5n sQ hLu cIa 1 user
no '
C php: # chown username[.groupname]
<tn_file_hoMc_th)_mc>
# chown .groupname <tn_file_hoMc_th)_mc>
V d: # chown user1.user /tmp
# chown .user /tmp
NAu chown quy5n cho username th file/th. m6c sX '.:c '(t l
thuBc quy5n sQ hLu cIa username '. NAu chown quy5n cho
group th file/th. m6c sX thuBc v5 group '. Hai ph3n ny 'Bc l@p
vi nhau, thay '+i quy5n sQ hLu user sX khng lm thay '+i quy5n
sQ hLu group v ng.:c lPi.

chmod : l#nh ny dng thay '+i thuBc tnh cIa file v th. m6c.
C t1t cC 3 thuBc tnh read, write, execute '.:c p '(t ln 3 nhm
Owner, Group, Other.
Quy5n Gi trN
r (read) 4
w (write) 2
x (execute) 1
C php: # chmod thu#c_tnh_dEng_s&
<tn_file_hoMc_th)_mc>
V d: # chmod 755 /tmp
Th. m6c /tmp owner sX c quy5n (r,w,x = 4 + 2 + 1=7), group sX c
quy5n (r,x = 4 + 1 = 5), other ( r,x = 4 + 1 = 5)
Ta tPo 2 account (u1, u2), 2 account ny thuBc nhm User. Khi login
b^ng u1 tPo t@p tin test.txt, m(c 'Nnh test.txt sX c quy5n 700 (ch[ c
u1 c ton quy5n trn test.txt ). NAu mu<n u2 '=c '.:c test.txt ta
phCi gn quy5n 740 (group User sX c quy5n '=c t@p tin test.txt, u2
thuBc group User sX c quy5n '=c trn test.txt). NAu 1 account khc
khng thuBc group user mu<n '=c t@p tin test.txt ta phCi gn quy5n
744 (group other sX c quy5n '=c)

Redhat Linux
/ 80 20
useradd : dung 'F them 1 account vo h# th<ng
C php: # useradd <username>
V d: # useradd usertest
Sau khi tPo mBt account mi bPn phCi '(t password cho account
b^ng l#nh passwd

userdel : xa 1 account ra khWi h# th<ng
C php: # userdel <username>
V d: # userdel usertest

passwd: thay '+i m@t m cIa 1 account
C php: # passwd <username>
V d: # passwd usertest

chkconfig : kiFm tra v b@t tVt cc dNch v6 trong Linux
C php: # chkconfig --<tham s&> <tn d=ch v> <on/off>
V d: # chkconfig --list ( li#t k danh sch cc dNch v6 'ang t]n tPi
)
# chkconfig level 345 kudzu on (b@t dNch v6 kudzu Q chA 'B 345)
* Khi sS d6ng l#nh ny sX khng tc d6ng ngay l@p tEc m ch[ tc
d6ng khi bPn khQi 'Bng lPi my t.!ng Eng vi tKng Level

ntsysv: gi<ng chkconfig nh.ng Q giao di#n GUI

mount : dung 'F nh xP + 'Ga vo th. m6c b1t k
/ 80 21

DCH V# CUNG C%P (A CH) IP (+NG
(DHCP Server)

1. Khi nim:

Khi quCn trN mBt h# th<ng mPng, th./ng ta phCi cung c1p mBt 'Na ch[
IP cho m8i my tnh khc nhau 'F cc my ny c thF lin lPc '.:c
vi nhau. Vi m hnh mPng t.!ng '<i nhW (khoCng 10 'An 20 my),
vi#c cung c1p IP cho m8i my tnh trong mPng th t.!ng '<i dT dng
cho mBt quCn trN vin, anh ta ch[ vi#c sS d6ng vi thao tc quen
thuBc trong vi#c gn cc 'Na ch[ IP. Nh.ng nAu '<i vi mBt m hnh
mPng ln ( tK 20 my trQ ln ) th vi#c cung c1p IP nh. thA l th@t sU
m#t mWi v kh khMn r]i, th[nh thoCng nAu c v1n '5 di chuyFn
th./ng xuyn giLa nhLng my tnh vi nhau th 'y l mBt cng
vi#c kh phEc tPp v ph sEc.

Chnh v nhLng l do nh. thA m ngy nay, h3u hAt trn t1t cC cc
h# 'i5u hnh '5u cung c1p cho chng ta mBt dNch v6 'F giCi quyAt
v1n '5 c3n thiAt trn, ' l dNch v6 cung c1p 'Na ch[ IP 'Bng DHCP
(Dynamic Host Configuration Protocol ).

Khng nhLng cung c1p '.:c IP m dNch v6 trn cn '.a ra cho
chng ta nhi5u tnh nMng 'F cung c1p nhLng yAu t< khc cho cc
my client, v d6 nh. cung c1p 'Na ch[ cIa my tnh dng 'F giCi
quyAt tn mi5n DNS, 'Na ch[ cIa mBt Gateway router, 'Na ch[ my
WINS .v.v...

Thnh ph3n cIa mBt DHCP server bao g]m b<n m6c chnh sau :

Thnh ph&n Ch)c n,ng
Options

Scope

Reservation

Lease
Dng 'F cung c1p cc yAu t< cho pha client nh.
'Na ch[ IP, 'Na ch[ subnet mask, 'Na ch[ Gateway,
'Na ch[ DNS .v.v
MBt 'oPn 'Na ch[ '.:c quy 'Nnh tr.c trn DHCP
server m chng ta sX dng 'F gn cho cc my
client.
L nhLng 'oPn 'Na ch[ dng 'F 'F dnh trong mBt
scope m chng ta ' quy 'Nnh Q trn.
Th/i gian cho thu 'Na ch[ IP '<i vi m8i client.
Redhat Linux
/ 80 22

2. Ci $%t:

;F sS d6ng '.:c dNch v6 DHCP ny, bPn phCi ci '(t vo h# th<ng
thng th./ng b^ng gi dNch v6 c sbn trn 'Ga CD c ph3n 'ui mQ
rBng l .rpm, ngoi ra chng ta c thF ci '(t package Q dPng
source code v tCi gi ny v5 tK trang web cIa GNU. Qu trnh ci
'(t bao g]m nhLng b.c sau 'y :

Y dPng ph3n 'ui mQ rBng l .rpm, ta chPy l#nh:
rpm ivh dhcp-*.rpm

Y dPng source code, ta bin dNch nh. sau :
tar xzvf dhcp-*.tar.gz
cd dhcp-*
./configure
make
make install

- Sau khi hon t1t xong qu trnh ci '(t, kA tiAp chng ta sX
c1u hnh 'F dNch v6 ny c thF hoPt 'Bng theo mu<n cIa
chng ta b^ng cch tPo v sSa '+i file /etc/dhcpd.conf. T@p
tin ny sX c nhLng nBi dung sau :

deny client-updates;
ddns-update-style interim;

subnet 192.168.0.0 netmask 255.255.255.0 {
range dynamic-bootp 192.168.0.190
192.168.0.240;

option routers 192.168.0.10;
option subnet-mask 255.255.255.0;

option nis-domain "mydomain.com";
option domain-name "mydomain.com";
option domain-name-servers 192.168.0.20;
option netbios-name-servers 192.168.0.100;
option ntp-servers 192.168.0.25;
option smtp-server 192.168.0.35;

/ 80 23
default-lease-time 360000;
max-lease-time 259200;
}

# Client-definitions

host big-daddy {
hardware ethernet 00:a0:d9:cb:94:8a;
fixed-address 192.168.0.18;
}

- Cc dng trn c nghGa nh. sau :
Hai dng '3u ti n sX khng cho php DHCP
Server c@p nh@t 'Bng DNS.
Dng kA ti Ap l 'oPn 'N a ch[ m bPn c3n
cung c1p cho h# th<ng cc my con cIa bPn,
bao g]m 'N a ch[ NET IDs v mBt 'oPn 'N a
ch[ . (Nh. Q trn Server sX c1p cho ph a my
con mBt 'oPn 'N a ch[ chPy tK 192.168. 0.190
'An 192.168. 0.240 )
o Option routers cung c1p c+ng gateway m(c
'Nnh.
o Option subnet-mask Subnet mask m(c 'Nnh
cho pha client.
o Option nis-domain cung c1p tn NIS Domain
Server
o Option domain-name cung c1p tn domain
m(c 'Nnh nAu sS d6ng FQDN
o Option domain-name-servers cung c1p name-
servers cho mPng cIa bPn.
o Option netbios-name-servers cung c1p 'Na ch[
m(c 'Nnh cIa WINS-server
o Option ntp-servers cung c1p 'Na ch[
timeserver.
o Option smtp-server cung c1p 'Na ch[ smtp-
server (duy nh8t chT 1 server)

Dng cu<i cng l nAu bPn dU 'N nh c1p mBt
'N a ch[ c< 'N nh cho mBt my no ' th bPn
Redhat Linux
/ 80 24
phCi khai bo 'N a ch[ MAC cIa my ' v IP
t.!ng Eng

- V tr.c khi khQi 'Bng DHCP Server l n th bPn
phCi tPo mBt t@p ti n cu<i cng dng 'F xem xt vi #c
c1p pht cc 'N a ch[ IP cho pha cl i ent:
touch /etc/dhcpd. lease

- ;F b@t tVt dN ch v6 DHCP th bPn ch[ chPy hai scri pt
t.!ng Eng nh. sau:
/etc/init.d/ dhcpd start
/etc/init.d/ dhcpd stop

/ 80 25

DNS Server: Bind

;y l dNch v6 c! bCn '3u tin v quan tr=ng nh1t cIa Internet. DNS
l quan tr=ng v nAu DNS hoPt 'Bng sai ho(c khng hoPt 'Bng, ton
bB ph3n mPng Internet lin quan sX bN t li#t hon ton. HiFu r DNS
r1t quan tr=ng vi quCn trN vin my chI c kAt n<i Internet. N cho
php quCn trN vin tm ra nhanh chng cc nguyn nhn cIa cc tr6c
tr(c trn mPng.

DNS ni mBt cch '!n giCn l dNch v6 cho php nh xP , chuyFn '+i
tn cIa mBt h# th<ng n<i Internet ra 'Na ch[ IP cIa n. Nguyn nhn
cIa sU t]n tPi DNS l do con ng./i c thi quen '(t tn cho cc
trang thiAt bN m cc trang thiAt bN th lPi ch[ c thF dng s< 'F lin
lPc vi nhau. Vo nhLng th/i k_ '3u tin cIa Internet, ng./i ta l@p
bCng v5 m<i lin h# giLa tn v 'Na ch[ IP v ci '(t trn mBt my
tnh 'F t1t cC cng tham khCo. Nh.ng vi sU pht triFn qu nhanh
cIa Internet, bCng ny pht triFn nhanh chng v khng mBt my
no c thF hon thnh n+i nhi#m v6 tuy '!n giCn nh.ng lPi r1t quan
tr=ng ny. H!n nLa, m8i thay '+i d Q 'u c>ng phCi thng qua
server trung tm. ;i5u ny trQ nn khng thF ch1p nh@n '.:c v
lun c thay '+i trn Internet. MBt giCi php '.:c cBng ']ng Internet
ch1p nh@n l chia ton bB khng gian cc 'Na ch[ IP v tn ra thnh
cc nhm logic nhW h!n . M8i nhm c quy5n t+ chEc thng tin cIa
cc my cIa mnh.

Nh. v@y b.c '3u tin, mBt my n<i vo Internet, khng ph6 thuBc
vo vi#c n c chPy hay khng DNS server, phCi '.:c c1u hnh
resolver, tEc l ch[ ra cch thEc hnh 'Bng khi c yu c3u phn giCi
'Na ch[. Resolver '.:c c1u hnh qua t@p tin /etc/host.conf :
[root@pasteur tnminh]# more /etc/host.conf
order hosts,bind
multi on

Dng thE nh1t cIa /etc/host.conf cho biAt khi c yu c3u
phn giCi tn, resolver sX xem xt '3u tin t@p tin /etc/hosts
sau ' 'An sS d6ng DNS server (bind).

Redhat Linux
/ 80 26
Dng thE hai cho php mBt host c nhi5u 'Na ch[ IP trong t@p
tin /etc/hosts.

T@p tin /etc/hosts chnh l ti5n thn cIa dNch v6 DNS. Hi#n nay,
/etc/hosts ch[ cn th./ng l.u cc 'Na ch[ cIa mPng nBi bB hay dng
ti nh1t '<i vi mBt my. Khi yAu c3u phn giCi v.:t qua khC nMng
trC l/i cIa /etc/hosts tK kha bind ch[ ra c3n phCi sS d6ng dNch v6
DNS. BIND l viAt tVt cIa Berkeley Internet Name Domain v mBt
triFn khai rBng ri nh1t cIa dNch v6 DNS hi#n nay.

Khi ', resolver c3n thng tin tiAp theo v5 DNS server. Thng tin ny
l.u trL trong t@p tin /etc/resolv.conf. T@p tin ny kiFm tra cch
resolver sS d6ng DNS 'F phn giCi 'Na ch[ . N quyAt 'Nnh DNS
server c6 thF c3n phCi truy v1n v cch b+ sung ph3n domain cho
ph3n tn cIa my. V d6 mBt t@p tin /etc/resolv.conf
[root@linuxsrv root]# more /etc/resolv.conf
search mcsevietnam.com
nameserver 192.168.2.10
[root@linuxsrv root]#

Dng '3u tin cho php resolver khng ch[ phn giCi tn nh.
ch.!ng trnh client yu c3u, m trong tr./ng h:p phn giCi khng
thnh cng, tiAp t6c thS phn giCi tn vi ph3n domain tiAp n<i sau.
V d6 bPn mu<n tm 'Na ch[ my khangves . NAu qu trnh phn giCi
khangves khng thnh cng, resolver sX thS phn giCi
khangves.mcsevietnam.com. Dng tiAp theo l 'Na ch[ cIa name
server c3n phCi truy v1n. Nh r^ng 'Na ch[ cIa name server l s< IP
chE khng phCi l tn, v nAu ng.:c lPi, ai sX l ng./i phn giCi tn
cho my lm nhi#m v6 phn giCi tn?

By gi/ chng ta sX chuyFn qua xem xt 'An c1u hnh cIa bCn thn
name server. Ch.!ng trnh server cIa DNS name server l mBt
ch.!ng trnh daemon named ('=c l nm '). Named th./ng '.:c
khQi 'Bng ngay tK '3u cng vi khQi 'Bng cIa h# th<ng. Th./ng th
named '.:c chPy thng qua mBt script trong /etc/rc.d/rc3.d/named .
Trong qu trnh khQi 'Bng named '=c cc t@p tin dL li#u r]i ch/ cc
yu c3u phn giCi qua c+ng xc 'Nnh trong t@p tin /etc/service (thng
th./ng l c+ng 53). Named dng '3u tin l giao thEc UDP 'F phn
giCi tn, nAu phn giCi b^ng UDP khng c kA quC, named sX dng
TCP sau ' .

/ 80 27
T@p tin '3u tin '.:c named tham chiAu l /etc/named.conf. NBi
dung t@p tin ny cIa Linux Redhat 7.3 '.:c ci m(c 'Nnh l :
options {
directory "/var/named";
};
zone "." {
type hint;
file "root.hints";
};
zone "0.0.127.in-addr.arpa" {
type master;
file "pz/127.0.0";
};

MQ '3u l tK kha options cho php nh@p cc ty ch=n (options)
ton c6c. directory "/var/named"; cho biAt l cc t@p tin sau 'y sX l
t.!ng '<i '<i vi th. m6c
ny.

Ta c thF b+ sung thm trong ph3n options dng l#nh :
forwaders {205.15.2.10 ; 193.214.2.12;};

Khi ', DNS server cIa chng ta sX tham chiAu cc name server
205.15.2.10; 193.214.2.12 m8i khi n khng tm th1y cu trC l/i
trong dL li#u m n c . Sau ph3n tham s< ton c6c options, ta th1y
cc kh<i zone tn_zone { type master (ho(c slave ho(c hint); file
tn_t@p_tin; }; lin tiAp nhau.

;<i vi m8i domain, chng ta c3n 2 t@p tin dL li#u. T@p tin thE nh1t
l.u trL cc dL li#u lin quan 'An phn giCi xui tK name sang IP
v t@p tin thE hai 'F phn giCi ng.:c tK IP ra name. TrK mi5n .
c tnh ch1t gip 'c l c t@p tin cache '(c bi#t
; There might be opening comments here if you already have
this file.
; If not don't worry.
;
. 6D IN NS G.ROOT-SERVERS.NET.
. 6D IN NS J.ROOT-SERVERS.NET.
. 6D IN NS K.ROOT-SERVERS.NET.
. 6D IN NS L.ROOT-SERVERS.NET.
. 6D IN NS M.ROOT-SERVERS.NET.
Redhat Linux
/ 80 28
. 6D IN NS A.ROOT-SERVERS.NET.
. 6D IN NS H.ROOT-SERVERS.NET.
. 6D IN NS B.ROOT-SERVERS.NET.
. 6D IN NS C.ROOT-SERVERS.NET.
. 6D IN NS D.ROOT-SERVERS.NET.
. 6D IN NS E.ROOT-SERVERS.NET.
. 6D IN NS I.ROOT-SERVERS.NET.
. 6D IN NS F.ROOT-SERVERS.NET.
G.ROOT-SERVERS.NET. 5w6d16h IN A 192.112.36.4
J.ROOT-SERVERS.NET. 5w6d16h IN A 198.41.0.10
K.ROOT-SERVERS.NET. 5w6d16h IN A 193.0.14.129
L.ROOT-SERVERS.NET. 5w6d16h IN A 198.32.64.12
M.ROOT-SERVERS.NET. 5w6d16h IN A 202.12.27.33
A.ROOT-SERVERS.NET. 5w6d16h IN A 198.41.0.4
H.ROOT-SERVERS.NET. 5w6d16h IN A 128.63.2.53
B.ROOT-SERVERS.NET. 5w6d16h IN A 128.9.0.107
C.ROOT-SERVERS.NET. 5w6d16h IN A 192.33.4.12
D.ROOT-SERVERS.NET. 5w6d16h IN A 128.8.10.90
E.ROOT-SERVERS.NET. 5w6d16h IN A 192.203.230.10
I.ROOT-SERVERS.NET. 5w6d16h IN A 192.36.148.17
F.ROOT-SERVERS.NET. 5w6d16h IN A 192.5.5.241

;y thUc ch1t l 'Na ch[ IP cIa cc name server g<c (root) cIa
Internet.
V d6 nh. '<i vi mi5n mcsevietnam.com ta c3n c :
zone "mcsevietnam.com" {
type master;
file "db.mcsevietnam.com";
};
zone "1.16.172.in-addr.arpa" {
type master;
file "db.172.16.1";

Ch cc viAt c php 1.16.172.in-addr.arpa cho tn cIa mi5n phn
giCi ng.:c IP ra name.

Sau 'y ta sX xem xt 'An c1u trc t@p tin
/var/named/db.mcsevietnam.com
@ IN SOA mcsevietnam.com. root.mcsevietnam.com. (
199609206 ; serial, todays date + todays serial #
8H ; refresh, seconds
/ 80 29
2H ; retry, seconds
1W ; expire, seconds
1D ) ; minimum, seconds
NS mcsevietnam.com.
MX 10 mcsevietnam.com. ; Primary Mail Exchanger
TXT "MCSEVIETNAM Corporation"
localhost A 127.0.0.1
mcsevietnam.com. A 172.16.1.1
linuxsrv A 172.16.1.1
www A 172.16.1.1
ftp CNAME mcsevietnam.com.
mail CNAME mcsevietnam.com.
news CNAME mcsevietnam.com.

K tU @ '3u tin thay cho mi5n mcsevietnam.com; IN l Internet ;
SOA l Start Of Authority; tiAp n<i bQi tn mi5n v 'Na ch[ ng./i chNu
trch nhi#m. Ch l trong 'Na ch[ email cIa ng./i chNu trch nhi#m,
d1u @ quen thuBc '.:c thay b^ng d1u ch1m .. Sau cc tn min
c d1u ch1m . Q cu<i. Trong t1t cC cc t@p tin dL li#u cIa DNS,
nhLng tn khng kAt thc bQi d1u ch1m sX '.:c DNS server thm
vo bQi tn mi5n t.!ng Eng cIa t@p tin '. V d6 'y l t@p tin Eng
vi mi5n mcsevietnam.com, khangves sX '.:c b+ sung thm thnh
khangves.mcsevietnam.com.

Sau ph3n ngo(c '!n vi 5 s< miu tC s< serie v cc thng s< th/i
gian cIa thng tin, bVt '3u cc dng (record) dL li#u. KhoNng trIng
Q '3u dng t.!ng '.!ng vi tn mi5n (nh. d1u @), NS m ch[
record dPng nameserver. MX l mail exchange, dng 'F ch[ ra my
chNu trch hi#m nh@n th. 'i#n tS cho domain ny. S< 10 l mc 'B
.u tin cho mail server ny. ;B .u tin sX cng cao nAu s< cng
nhW . A l viAt tVt cIa Address, sX tiAp theo bQi mBt 'Na ch[ IP.
CNAME l canonical name . Vi CNAME ta c thF gn cho my bi#t
danh ty ti#n cho vi#c sS d6ng. Cc dng bVt '3u bQi ; l cc ch
thch.

V d6 t@p tin dng cho phn giCi ng.:c /var/named/db.172.16.1
@ IN SOA mcsevietnam.com. root.mcsevietnam.com. (
199609206 ; Serial
28800 ; Refresh
7200 ; Retry
604800 ; Expire
Redhat Linux
/ 80 30
86400) ; Minimum TTL
NS mcsevietnam.com.
;
; Servers
;
1 PTR simbahcm.mcsevietnam.com.
2 PTR trantungbtre.mcsevietnam.com.
3 PTR hungden.mcsevietnam.com.
;

C1u trc t@p tin /var/named/db.172.16.1 c ph3n '3u gi<ng h#t nh.
t@p tin phn giCi xui. Ch[ c tK kha PTR = Pointer l khc.

Vi#c c1u hnh cc dL li#u cIa name server c3n r1t th@n tr=ng v
nhi5u khi l8i cIa n r1t kh tm. M8i khi chng ta thay '+i dL li#u,
c3n phCi khQi 'Bng lPi named b^ng cc sS d6ng kill 9 named_PID
'F dKng named r]i khQi 'Bng lPi b^ng cch nh@p dng l#nh named.
T@p tin /var/log/messages c thF gip 'c nhi5u 'F tm ra l8i nAu
named khng hoPt 'Bng theo chng ta mu<n. ;F thS hoPt 'Bng
cIa qu trnh phn giCi tn, Linux c l#nh nslookup vi nhi5u tnh
nMng r1t mPnh. Xem manpage cIa nslookup 'F biAt cch sS d6ng.

/ 80 31

SAMBA
I. Gi1i thi4u
1. Khi ni4m:
Ngy nay nhu c3u chia sJ ti nguyn trong mPng nBi bB l
khng thF thiAu. Chia sJ 'Ga, chia sJ th. m6c, my in dng
chung trong mPng nBi bB. Trong bi ny h.ng dRn n<i mPng
Linux vi Windows sS d6ng giao thEc Server Message Block
(SMB) , hay cn g.i l Session Message Block 'F giao tiAp v
chia sJ t@p tin, my in lRn nhau. SS d6ng ch.!ng trnh Samba
'F 'p Eng nhu c3u trn. BiFu t.:ng Linux PC xu1t hi#n trong
Windows Network Neighborhood.

2. Samba: giao thEc Server Message Block (SMB) , hay cn g.i
l Session Message Block
Giao thEc SMB '.:c dng 'F chia sJ dGa v my in cho
Microsoft Windows 3.11, NT v 95/98. SS d6ng cng c6
Samba trn Linux c thF chia sJ ti nguyn cIa Linux cho
Windows. B<n 'i5u c! bCn Samba c thF lm:
- Chia sJ dGa Linux cho Windows
- Chia sJ SMB vi my Linux
- Chia sJ my in trn Linux cho Windows
- Chia sJ my in trn Windows cho Linux

II. Ci <Mt
1. Ci <Mt v c8u hnh Samba
- KiFm tra xem Samba ' ci ch.a
rpm qi samba
+ NAu ch.a ci th mn hnh terminal sX trC v5
Redhat Linux
/ 80 32

+ NAu ' ci mn hnh terminal sX trC v5

Th. m6c ci Samba
Directory Miu tN
/usr/local/samba Th. m6c chnh
/usr/local/samba/bin Binaries
/usr/local/samba/lib smb.conf, lmhosts, configuration files,
etc.
/ 80 33
Th. m6c ci Samba
Directory Miu tN
/usr/local/samba/man Ti li#u h.ng dRn Samba
/usr/local/samba/private File password ' m ha
/usr/local/samba/swat Files SWAT
/usr/local/samba/var Samba log files, lock files, browse list
info, shared memory files, process ID
files

- NAu ch.a ci Samba bPn c thF vo website
www.samba.org theo h.ng dRn cIa trang web 'F
tCi t@p tin RPM. ;F ci '(t dng l#nh
rpm i samba
- TK Version 2.0 trQ 'i Samba km theo t#n ch Swat
( cng c6 quCn trN Samba qua giao di#n Web) , cng
c6 ny cho php c1u hnh Samba mBt cch dT dng.
Swat cho php bPn dng trnh duy#t web thay '+i
trUc tiAp ln t@p tin c1u hnh chnh cIa Samba
/etc/smb.conf
- File c1u hnh chnh Samba /etc/samba/smb.conf

# Samba config file created using SWAT
# from localhost (127.0.0.1)
# Date: 2000/05/25 10:29:40
# Global parameters
[global]
workgroup = ONE
netbios name = TERRY
server string = Samba Server
security = SHARE
log file = /var/log/samba/log
max log size = 50
socket options = TCP_NODELAY
SO_RCVBUF=8192 SO_SNDBUF=8192
wins support = Yes
hosts allow = 192.168.1.
hosts deny = all
Redhat Linux
/ 80 34
[homes]
comment = Home Directories
read only = No
[printers]
comment = All Printers
path = /var/spool/samba
guest ok = Yes
print ok = Yes
browseable = Yes
[test]
path = /tmp/sambatest
valid users = test
read only = no
guest ok = no
browseable = yes
[global]
[Global] l ph3n '3u tin cIa smb.conf, m8i ph3n trong
smb.conf g]m lUa ch=n v gi trN 'Nnh dPng: option =
values .BPn c hng trMm lUa ch=n v gi trN 'Nnh dPng
khc nhau. D.i 'y l nhLng 'Nnh dPng chung nh1t

Workgroup = HUNG tn cIa workgroup xu1t
hi#n trong network properties trn my windows
Netbios name = Linux l tn m Samba server
sX '.:c biAt bQi my windows
Server string = Samba Server l tn cIa
Samba server
Security = SHARE mEc 'B quy5n trn Server,
cc mEc 'B khc: User , Default, Domain,
Server. SS d6ng Share sX dT dng tPo chia sJ
cho anonymous, khng c3n chEng thUc.
Log_file = /var/log/samba/log th. m6c chEa
t@p tin log
max log size = 50 dung l.:ng t<i 'a cIa t@p tin
log tnh b^ng KB
socket options = TCP_NODELAY
SO_RCVBUF=8192 SO_SNDBUF=8192 t<i .u
ha server
wins support = Yes samba server 'ng vai tr
l Wins Server
/ 80 35
hosts allow = 192.168.1. ch[ cho php yu c3u
tK network ny
hosts deny = all khng nh@n yu c3u tK t1t cC
cc host

[Homes]
LUa ch=n ny cho php ng./i dung nhanh chng truy
nh@p vo th. m6c home cIa h=
comment = Home Directories ghi ch
read only = No ng./i dung c ton quy5n trong
th. m6c home cIa h=

[printers]
ThiAt l@p lUa ch=n my in
Path = /var/spool/samba th. m6c cIa my in
Guest ok = Yes cho php guest truy c@p vo
my in
Print ok = Yes cho php ng./i dng sS d6ng
my in
Browseable = Yes biFu t.:ng my in sX xu1t
hi#n trong browse list

[test]
C1u hnh chia sJ th. m6c test trn Linux
Path = /tmp/sambatest './ng dRn th. m6c
chia sJ
Valid users = test ch[ 'Nnh ng./i dng sS d6ng
th. m6c ny
Read only = No cho php quy5n ghi trn th.
m6c
Guset ok = No khng cho guest quy5n truy
nh@p
read only = No ng./i dung c ton quy5n trong
th. m6c home cIa h=
Browseable = Yes th. m6c share sX xu1t hi#n
trong browse list

2. SP dng Swat:
Tr.c khi c thF sS d6ng Swat c3n thay '+i 2 t@p tin 'F b@t ti#n
ch ny ln
+ Thm vo /etc/services
Redhat Linux
/ 80 36
Swat 901/tcp
+ Thm vo /etc/inetd.conf
Swat stream tcp nowait.400
root /usr/sbin/swat swat
+ khQi 'Bng lPi Inetd
killall HUP inetd
- SS d6ng trnh duy#t web 'F chPy Swat http://localhost:901
.HBp thoPi yu c3u nh@p User ID v m@t khau xu1t hi#n, 'Mng
nh@p vi quy5n root:

- ;3u tin bPn phCi c1u hnh [globals] b^ng cch b1m vo biFu
t.:ng GLOBALS

/ 80 37

NhLng biAn Global xu1t hi#n. Gi trN ny l gi trN file
smb.conf

Trang Global Variables cho chng ta dT c1u hnh [Globals] trong
file smb.conf

Trang Global Variables chia thnh 6 lUa ch=n
Base Options
Security Options
Logging Options
Tuning Options
Browse Options
WINS Options

Redhat Linux
/ 80 38

Base v Security Options

/ 80 39
Log, tuning, browse, v WINS options
Sau khi 'i5n vo nhLng gi trN c3n thiAt, b1m vo Commit
Changes 'F l.u thay '+i

- TiAp theo ch=n biFu t.:ng SHARES 'F mQ trang Share
Parameters

Trang Share Parameters

;F tPo chia sJ 'i5n vo tn share v nh1n nt
Create Share

Redhat Linux
/ 80 40

;i5n vo nhLng thong tin c1u hnh 'F Windows c thF truy c@p
vo Samba server

Sau khi hon t1t nh1n Commit Changes 'F l.u vo file
smb.conf

- TiAp theo chia sJ my in cho my Windows sS d6ng. Ch=n
biFu t.:ng PRINTERS
/ 80 41

HiFn thN tn my in m bPn ' ch=n

;F tPo mi ch=n Create Printer, nAu bPn ' c sbn my in
bPn c thF ch=n tK menu Drop-down. Ch nAu bPn ' ci sbn
my in trong RedHat, n sX '.:c sS d6ng nh. my in m(c 'Nnh
trong samba v khng thF xa. Nh1n vo Commit Changes 'F l.u
lPi vo smb.conf

- Sau khi ' hon t1t sS d6ng ti#n ch testparm 'F kiFm tra lPi.
TK mn hnh dng l#nh g vo: testparm
Redhat Linux
/ 80 42

ti#n ch testparm kiFm tra l8i t@p tin smb.conf

- Sau khi thay '+i file smb.conf, bPn phCi khQi 'Bng lPi samba.
KhQi 'Bng Samba b^ng dng l#nh: /usr/sbin/samba start
ho(c /etc/init.d/samba start .;F khQi 'Bng Samba b^ng Swat
ch=n biFu t.:ng STATUS. 2 dNch v6 smbd v nmbd phCi '.:c
khQi 'Bng.

/ 80 43

Trang Server Status cho biAt hi#n trPng cIa samba server

- Sau khi Samba khQi 'Bng, dng l#nh smbclient trn localhost
'F th1y thng tin c1u hnh samba: smbclient L localhost

3. C8u hnh Samba Client
Trn my Windows Client phCi '.:c ci Client for
Microsoft Network v File and printer sharing for
Microsoft Networks
Redhat Linux
/ 80 44

HBp thoPi Network Properties

4. KiQm tra Samba server
BPn hy kiFm tra lPi m=i thE bPn ' lm v chVc chVn r^ng sX
khng c sai st. Trn my Windows -> Network Neighborhood
.Trong cSa s+ Network Neighborhood bPn c thF th1y '.:c danh
sch my Windows, nhLng th. m6c chia sJ, bPn c>ng sX th1y
Linux Server. Trn my Linux bPn c>ng c thF truy c@p vo th.
m6c Windows b^ng l#nh smbclient: smbclient //tn my tnh/tn
th) mc

III. KKt luVn
V@y l bPn c thF c1u hnh Samba server 'F kAt nng c thF dng NFS ( Network File
System ) 'F chia sJ file trong mPng nBi bB, nh.ng sX dT c1u hnh
h!n nAu dng Samba.

/ 80 45

DCH V# U% QUY'N (Proxy)

1/. Khi nim:
- Proxy cho php bn ch# c&n m(t my ho*c m(t nhm nh, cc my -.
tr1 gip cho vi3c truy c4p Internet cho t5t c7 cc my c8a bn. S: d<ng
proxy c hai l1i th= quan tr>ng, th? nh5t l bn ch# c&n t, hay m(t -Aa ch# IP
chnh th?c m li c th. cho nhiCu my cng -;1c truy c4p Internet, th? hai
l n=u m(t trang Web - -;1c l5y vC, n sD -;1c l;u trn -Fa c8a my
proxy v khi c m(t yu c&u khc l5y -ng trang web -, proxy khng c&n
ph7i ra Internet l5y dG li3u nGa m l5y thHng tI trong -Fa c?ng c8a mnh -
-;1c l;u li l&n tr;Kc - v nh; v4y sD ti=t ki3m -;1c -;Lng k=t nMi ra
Internet th;Lng r5t mNc tiCn v b4n bAu. M hnh s: d<ng Proxy c th. -;1c
minh ho nh; sau :

- Nh;ng vKi c5p -( lKn h2n, chng ta c th. s: d<ng m hnh cache
nhiCu lKp bao gOm nhGng nhm my Proxy t;2ng tP nh; sau :

Redhat Linux
/ 80 46

2/. Linux SQUID Proxy Server:

- Squid l m(t proxy server, kh7 nQng c8a squid l ti=t ki3m bQng
thng(bandwidth), c7i ti=n vi3c b7o m4t, tQng tMc -( truy c4p web
cho ng;Li s: d<ng v trR thnh m(t trong nhGng proxy phS bi=n
-;1c nhiCu ng;Li bi=t -=n. Hi3n nay, trn thA tr;Lng c r5t nhiCu
ch;2ng trnh proxy-server nh;ng chng li c hai nh;1c -i.m, th?
nh5t l ph7i tr7 tiCn -. s: d<ng, th? hai l h&u h=t khng hT tr1
ICP ( ICP -;1c s: d<ng -. c4p nh4t nhGng thay -Si vC n(i dung
c8a nhGng URL sVn c trong cache l n2i l;u trG nhGng trang
web m bn - tIng -i qua ). Squid l sP lPa ch>n tMt nh5t cho m(t
proxy-cache server, squid -p ?ng hai yu c&u c8a chng ta l s:
d<ng miWn ph v c th. s: d<ng -*c tr;ng ICP.
- Squid -;a ra kX thu4t l;u trG R c5p -( cao c8a cc web client, -Ong
thLi hT tr1 cc dAch v< thng th;Lng nh; FTP, Gopher v HTTP.
Squid l;u trG thng tin mKi nh5t c8a cc dAch v< trn trong RAM,
qu7n l m(t c2 sR dG li3u lKn c8a cc thng tin trn -Fa, c m(t kX
thu4t -iCu khi.n truy c4p ph?c tp, hT tr1 giao th?c SSL cho cc
k=t nMi b7o m4t thng qua proxy. H2n nGa, squid c th. lin k=t
/ 80 47
vKi cc cache c8a cc proxy server khc trong vi3c sNp x=p l;u trG
cc trang web m(t cch h1p l.
- Sau -y chng ta sD thPc hi3n cch th?c ci -*t m(t Proxy server
nh; th= no.

3./ Ci $%t:
- Z&u tin chng ta nn c m(t sM khi ni3m vC -i h,i ph&n c?ng
c8a m(t proxy server:
*** TMc -( truy c4p -Fa c?ng : r5t quan tr>ng v squid
th;Lng xuyn ph7i ->c v ghi dG li3u trn S c?ng. M(t S -Fa SCSI vKi
tMc -( truyCn dG li3u lKn l m(t ?ng c: vin tMt cho nhi3m v< ny.
*** Dung l;1ng -Fa dnh cho cache ph< thu(c vo kch
c[ c8a mng m Squid ph<c v<. TI 1 -=n 2 Gb cho m(t mng trung
bnh kho7ng 100 my. Tuy nhin -y ch# l m(t con sM c tnh ch5t v
d< v nhu c&u truy c4p Internet mKi l y=u tM quy=t -Anh sP c&n thi=t -(
lKn c8a -Fa c?ng.
*** RAM : r5t quan tr>ng, t RAM th Squid sD ch4m h2n
m(t cch r rng.
*** CPU : khng c&n mnh lNm, kho7ng 133 MHz l
c\ng c th. chy tMt vKi t7i l 7 requests/second.
- Ci -*t Squid vKi RedHat Linux r5t -2n gi7n. Squid sD -;1c ci
n=u bn ch>n n trong qu trnh ci -*t ngay tI -&u. Ho*c n=u bn
- ci Linux khng Squid, bn c th. ci sau qua ti3n ch rpm vKi
l3nh :
rpm i tn_gi_Squid
Khi - squid sD -;1c ci v bn c th. b;Kc qua ph&n c5u hnh
squid.
- Cc th; m<c m*c -Anh c8a squid:
/usr/sbin
/etc/squid
/var/log/squid
- Ci -.t t1 source :
+ Ta c file source c8a squid l squid-version.tar.gz, ta
thPc hi3n cc b;Kc l3nh sau:
tar xzvf squid-version.tar.gz
cd squid-version
./configure
make
make install
Sau khi ta thPc hi3n cc l3nh trn, coi nh; ta - ci -*t xong squid.

Redhat Linux
/ 80 48
3./ C(u hnh Squid:
- Sau khi ci -*t xong squid, ta ph7i c5u hnh squid -. ph h1p vKi
tIng yu c&u ring. Ta c5u hnh m(t sM tham sM trong file
/etc/squid/squid.conf nh; sau:
** http_port: m*c -Anh l 3128.
** icp_port: m*c -Anh l 3130.
** cache_dir: khai bo kch th;Kc th; m<c cache cho
squid, m*c -Anh l: cache_dir /var/spool/squid/cache 100 16 256
Gi trA 100 t?c l dng 100MB -. lm cache, n=u
dung l;1ng -Fa c?ng lKn, ta c th. tQng thm tu] thu(c vo kch
th;Kc -Fa. Nh; v4y squid sD l;u cache trong th; m<c
/var/spool/squid/cache vKi kch th;Kc cache l 100MB.
** Access Control List v Access Control Operators: ta
c th. dng hai ch?c nQng trn -. ngQn ch*n v giKi hn vi3c truy xu5t dPa
vo destination domain, IP address c8a my ho*c mng. M*c -Anh squid sD
tI chMi ph<c v< t5t c7, v v4y ta ph7i c5u hnh li tham sM ny. Z. -;1c v4y,
ta c5u hnh thm cho thch h1p vKi yu c&u b^ng hai tham sM l : acl v
http_access.
V d<: Ta ch# cho php mng 172.16.1.0/24 -;1c dng proxy
server b^ng tI kho src trong acl.
acl MyNetwork src 172.16.1.0/255.255.255.0
http_access allow MyNetwork
http_access deny all
+ Ta c\ng c th. c5m cc my truy xu5t -=n nhGng site
khng -;1c php b^ng tI kho dstdomain trong acl, v d<:
acl BadDomain dstdomain yahoo.com
http_access deny BadDomain
+ N=u danh sch c5m truy xu5t -=n cc site di qu, ta c th. l;u
vo 1 file text, trong file - l danh sch cc -Aa ch8 nh; sau:
acl BadDomain dstdomain /etc/squid/danhsachcam
+ Theo c5u hnh trn th file /etc/squid/danhsachcam l file vQn
b7n l;u cc -Aa ch# khng -;1c php truy xu5t -;1c ghi l&n l;1t theo tIng
dng.
+ Ta c th. c nhiCu acl, ?ng vKi mTi acl ph7i c m(t http_access
nh; sau:
acl MyNetwork src 172.16.1.0/255.255.255.0
acl BadDomain dstdomain yahoo.com
http_access allow MyNetwork
/ 80 49
+ Nh; v4y c5u hnh trn cho ta th5y proxy c5m cc my truy xu5t
-=n site www.yahoo.com v ch# c mng 172.16.1.0/24 l -;1c
php dng proxy. http_access deny all: c5m t5t c7 ngoi trI
nhGng acl - -;1c khai bo.
- N=u proxy khng th. k=t nMi trPc ti=p vKi Internet v khng c -Aa
ch# IP thPc ho*c proxy n^m sau m(t Firewall th ta ph7i cho proxy
query -=n m(t proxy khc c th. dng Internet b^ng tham sM sau :
cache_peer khangves.linuxsrv.mcsevn.com
parent 8080 8082
+ C5u hnh trn cho chng ta th5y proxy sD query ln
proxy cha l khangves.linuxsrv.mcsevn.com vKi tham sM parent thng qua
http_port l 8080 v icp_port l 8082.
- Ngoi ra trong cng m(t mng n=u c nhiCu proxy server th ta c
th. cho cc proxy server ny query l_n nhau nh; sau:
cache_peer proxy2.linuxsrv.mcsevn.com sibling
8080 8082
cache_peer proxy3.linuxsrv.mcsevn.com sibling
8080 8082
sibling dng cho cc proxy ngang hng vKi nhau.
4./ Kh*i $-ng Squid:
- Sau khi - ci -*t v c5u hnh li squid, ta ph7i to cache tr;Kc khi
chy squid b^ng l3nh:
squid z
- N=u trong qu trnh to cache bA lTi, ta ch -=n cc quyCn trong
th; m<c cache -;1c khai bo trong tham sM cache_dir. C th. th;
m<c - khng -;1c php ghi. N=u c ta ph7i thay -Si b^ng:
chown squid:squid /var/spool/squid
chmod 770 /var/spool/squid
- Sau khi to xong th; m<c cache, ta khRi -(ng v dIng squid b^ng
script nh; sau:
/etc/init.d/squid star
/etc/init.d/squid stop
- Sau khi squid - khRi -(ng, muMn theo di v qu7n l vi3c truy
c4p c8a cc client hay nhGng g squid -ang hot -(ng cache nh;
th= no, ta th;Lng xuyn xem xt nhGng file sau -y:
*** cache_log: bao gOm nhGng c7nh bo v
thng tin trng thi c8a cache
*** store_log: bao gOm nhGng c2 sR dG li3u vC
nhGng thng tin g mKi -;1c c4p nh4t trong
cache v nhGng g - h=t hn
Redhat Linux
/ 80 50
*** access_log: ch?a t5t c7 nhGng thng tin vC
vi3c truy c4p c8a client, bao gOm -Aa ch# nguOn,
-ch -=n, thLi gian
- VC ph&n Server - ci -*t xong, cn vC pha client, bn ph7i hi3u
ch#nh li c5u hnh -Aa ch# c8a Server v port proxy c8a Server, v
d< nh; hnh sau:

Chc b/n thnh cng.
/ 80 51

APACHE Web Server

I. .Gi1i thi4u
A. Qu trnh pht triQn
- Apache web Server 'i vo thA gii Server tK giLa nhLng nMm
90. MBt nh l@p trnh ' nh@n 'Nnh: Apache nh. l 1 vin ' qu
cIa ch.!ng trnh m ngu]n mQ, chi ph cho n th h3u nh.
khng c, hoPt 'Bng t<t h!n nhLng '<i thI cPnh tranh khc, do
' n '.:c sS d6ng ngy cng rBng ri h!n nhLng Web
Servers th.!ng mPi khc.
- Apache th./ng 'i km vi bCn phn ph<i cng Linux ho(c tCi tK
trang www.apache.org (n 'Cm bCo cho bPn lun c phin bCn
mi nh1t)

Trang www.apache.org/dist/htppd

Redhat Linux
/ 80 52
- Apache th<ng trN thN tr./ng web Server tK r1t sm. Thng tin
tham khCo tPi Netcraft (www.netcraft.com), Ziff-Davis
(www.zdnet.com), Apache Week (www.apacheweek.com), v
Apache Today (www.apachetoday.com)

B. TiKn trnh giNi quyKt yu c?u v <Mc <iQm Apache
- Web Server l sU kAt h:p giLa ph3n cEng v ph3n m5m ph6c
v6 cho nhLng ti li#u HTTP khi client yu c3u. MBt web Server
c! bCn l mBt my tnh vi h# 'i5u Linux, mBt file h# th<ng '3y
'I kh nMng h+ tr: t<t cho Eng d6ng Web Server, v mBt kAt n<i
mPng (' l '(t tr.ng cho Internet ho(c t+ chEc intranet). Khi
lm vi#c vi Web Server c3n c sU cn nhVc v5 cc loPi ng./i
dng 'Cm bCo h# th<ng chPy thUc sU hi#u quC, nh. l:
M6c 'ch Web Server
TiAn trnh request/response cho Client
+ M6c 'ch cIa Web Server c thF thay '+i. TK '!n giCn nh.
mPng server nBi bB, 'An phEc tPp nh. e-commerce server. N
r1t quan tr=ng 'F xc 'Nnh m6c 'ch Server tr.c khi xy dUng
v '.a vo hoPt 'Bng
+ TiAn trnh request/response bVt '3u tK vi#c Client yu c3u,
th./ng l tK trnh duy#t Web, v sU trC l/i tK Server, trC v5
thng tin cho Client
- TiAn trnh hoPt 'Bng Web Server

/ 80 53

+ Client sS d6ng trnh duy#t Web kAt n<i 'An Server v '.a ra yu
c3u. Yu c3u ny sS d6ng giao thEc HTTP m ng./i dng mu<n
Server cung c1p, v ni cho Server biAt phin bCn no HTTP dng
'F trC l/i. Web Server lVng nghe nhLng yu c3u trn mPng. Khi mBt
yu c3u '.:c gSi 'An , Web Server phn tch thnh 3 ph3n:
Cch thEc sS d6ng l GET, POST, hay HEAD.
Ph.!ng php GET yu c3u Uniform Resource
Indicator (URI - sU ch[ 'Nnh ti nguyn ']ng nh1t)
ho(c ti li#u tK Web server. Ph.!ng php POST gSi
dL li#u 'i5u khiFn ch[ 'Nnh bQi URI. Ph.!ng php
HEAD ch[ yu c3u headers tK Web server.
Ti nguyn 'ang '.:c yu c3u: Web Server '+i
URI, xc 'Nnh '<i t.:ng yu c3u thnh './ng dRn
v@t l trn h# th<ng file cIa Web server
Phin bCn HTTP
+ Web Server tiAp t6c quy trnh giCi quyAt yu c3u b^ng vi#c dng
child processes ( tiAn trnh con ) 'F hon thnh yu c3u, v gSi trC
l/i lPi cho ng./i dng. Trong khoCn th/i gian ' Web Server sX
kiFm tra quy5n hPn cIa Client. Tr.c khi hon t1t yu c3u, Web
Server sX xc 'Nnh loPi MIME cIa '<i t.:ng '.:c yu c3u v sVp
'(t lPi aliases
+ Yu c3u Client ' '.:c thUc hi#n. Trnh duy#t Web sX c@p nh@p
thng tin. V d6 mBt trang HTML, mBt file, mBt thng bo l8i sX xu1t
hi#n. Khi kAt thc yu c3u Web server sX c@p nh@p lPi file log v ngVt
kAt n<i 'An Client.
- ;(c 'iFm Web Server:
L ph3n m5m m ngu]n mQ v hon ton miTn ph. H8 tr: trn
nhLng h# 'i5u hnh khc nhau nh.: Linux, UNIX, Windows (95, 98,
NT, and 2000), OS/2, Solaris, FreeBSD, OpenBSD, v HP/UX.
Redhat Linux
/ 80 54
Apache l mBt Modular, dT lUa ch=n v c thF tch h:p vi sCn
pham khc nh. l IBM Websphere

II. Ci <Mt v c?u hnh
A. Xy dHng v ci <Mt Apache Web Server
- Khi bPn tCi phin bCn Apache. C 2 cch 'F ci : tK source code
ho(c tK t@p tin nhN phn ( RPM ). BPn c thF sS d6ng cC 2 cch
'F ci '(t.
- Ci '(t tK RPM

+ TCi file RPM tK trang http://www.rpmfind.net
+ Login vi quy5n Root v g l#nh:
rpm ivh apache-1.3.xx-y.i386.rpm
+ NAu mu<n nng c1p bPn phCi stop Apache v g l#nh
rpm Uvh apache-1.3.xx-y.i386.rpm

- Ci '(t tK Source: vi#c ci '(t tK ngu]n khng dT nh. ci tK
RPM. C nhLng 'i hWi khc nhau '<i vi nhLng h# 'i5u hnh
khc nhau

+ TCi file .tgz hay tar.gz tK trang
http://www.apache.org/dist/httpd/ vo th. m6c /usr/local/src
+ TK th. m6c /usr/local/src giCi nn file apache_1.3.24.tar.gz g
l#nh
tar zxvf apache_1.3.24.tar.gz
+ Apache source ' giCi nn n^m trong th. m6c
/usr/local/src/apache_1.3.24
+ TPo User v Group m(c 'Nnh cho Apache
groupadd www ( tPo group www)
useradd g www www
Ch : Sau khi tPo user www, dng l#nh passwd vi tham s< -l
'F kho user www. ;i5u ny sX 'Cm bCo tnh bCo m@t cao v
sau ny ch[ sS d6ng root 'F c1u hnh.

+ SS d6ng configure Script g l#nh:
#./configure --prefix=/usr/local/apache --server-uid=www --
server-gid=www --htdocsdir=/opt/web/html --cgidir=/opt/web/cgi-
bin --enable-module=most --enable-shared=max
/ 80 55
Tham s< --server-uid=www ch[ 'Nnh Apache server sX chPy vi
user www. User www phCi '.:c tPo tr.c
Tham s< --server-gid=www ch[ 'Nnh Apache server sX chPy vi
nhm www.
Tham s< --htdocsdir ch[ 'Nnh Web site files m(c 'Nnh sX '(t
trong th. m6c /opt/web/html.
Tham s< --cgidir=/opt/web/cgi-bin ch[ 'Nnh th. m6c m(c 'Nnh
ci CGI /opt/web/cgi-bin.
+ G l#nh make
+ G l#nh make install

+ H.ng dRn ci '(t tham khCo tK
http://www.php.net/manual/en/install.unix.php

- KiFm tra chPy thS Apache http://127.0.0.1
Redhat Linux
/ 80 56

B. C8u hnh Apache

1. C1u hnh Apache t+ng qut
- Trong m6c ny chng ta sX nghin cEu bCn h.ng dRn bCng
h.ng dRn c1u hnh Apache t+ng qut. Gi trN cIa bCn d.i 'y
l gi trN m(c 'Nnh.

Tham s< Miu tC
ServerType standalone ;i5u khiFn Apache chPy nh.
l standalone process hay
chPy Q inetd
ServerRoot /etc/httpd ;Nnh nghGa th. m6c g<c
Apache chEa t@p tin c1u hnh
v t@p tin log
PidFile /var/run/httpd.pid Qui 'Nnh t@p tin chEa PID (
Process ID) cIa tiAn trnh
Master Server
Timeout 300 Th/i gian t<i 'a tnh b^ng
giy m Apache ch/ 'F gSi
v nh@n packet.
KeepAlive On Cho php nhi5u requests
trong cng kAt n<i,. TMng t<c
/ 80 57
phn pht ti li#u HTML
MaxKeepAliveRequests
100
;(t s< l.:ng request cho
php cho m8i connection
KeepAliveTimeout 15 KhoCn th/i gian tri qua giLa
nhLng yu c3u tK cng 1
Client trn cng kAt n<i khi
KeepAlive Q chA 'B On
MinSpareServers 5 Th/i gian rnh t<i thiFu cho
Child servers
MaxSpareServers 20 Th/i gian rnh t<i 'a cho
Child servers ( do master
server sinh ra)
StartServers 8 S< l.:ng Child server '.:c
tPo khi Apache '.:c khQi
'Bng
MaxClients 150 S< l.:ng kAt n<i cng mBt lc
m Child server h8 tr:
MaxRequestsPerChild 100 S< l.:ng Requests t<i 'a cIa
m8i Child Server tr.c khi 'Pt
'An gii hPn
Listen [ipaddress:]80 Xc 'Nnh sU kAt h:p giLa 'Na
ch[ IP v Port m Apache cho
php kAt n<i, nhi5u port c
thF '.:c sS d6ng
LoadModule modname
filename
;./ng dRn module ho(c t@p
tin th. vi#n trn server v
thm vo danh sch modules
'ang hoPt 'Bng Modname
ClearModuleList Xa list cIa module 'ang
hoPt 'Bng, n sX '.:c xy
dUng lPi khi dng l#nh
AddModule
AddModule module.c Kch hoPt nhLng built-in
nh.ng khng active module
module.c

- Khi ch[ './ng dRn t@p tin log file trong c1u hnh, m(c 'Nnh sX
'.:c gn './ng dRn /etc/httpd. V d6: t@p tin log '.:c khai bo
/logs/mylog.log th './ng dRn sX l /etc/httpd/logs/mylog.log.
- Khai bo KeepAlive On sX cCi thi#n hoPt 'Bng cIa Server, lm
tMng sU kAt n<i thnh cng giLa Client v Server. Thng s<
Redhat Linux
/ 80 58
MinSpareServers v MaxSpareServers cho php Apache tU 'i5u
ch[nh, them vo v xa 'i cc tiAn trnh khi ti nguyn h# th<ng
thay '+i 'Bt ngBt. Khi c nhi5u h!n s< MaxClient kAt n<i, m8i
yu c3u sX '.:c '.a vo hng ch/ ( first-in-first-out vo tr.c
ra tr.c ), nhLng dNch v6 sX nh@n theo thE tU nhLng kAt hi#n
th/i v 'ng lPi, thong s< ny c l:i cho nhLng WebSite c
l.:ng truy c@p ln.
- ;ng khng c3n thay '+i thE tU nPp Module v
kch hoPt Module b^ng tham s< LoadModule v AddModule cho
'An khi no bPn biAt bPn 'ang lm g. MBt vi Module l# thuBc
vo cc Module khc 'F hoPt 'Bng. Apache sX khng Start ln
khi Module nPp khng 'ng
- Hnh bn d.i l t@p tin c1u hnh m(c 'Nnh cIa Apache khng
c tham s< AddModule, AddModule v ClearModuleList.

- Cc thng s< trn khng c3n thay '+i nhi5u, gi trN ny '.:c
'.a ra bQi Apache Group.

2. C1u hnh m(c 'Nnh ( khng chEa Virtual hosts)
- Tr.c 'y, ni 'An Default Server hay Primary Server l ni 'An
Web Server trC l/i t1t cC yu c3u HTTP khng dng 'An Virtual
Hosts hay Vitual Servers. Virtual Hosts hay Vitual Servers l
/ 80 59
Web Server chPy trn 1 my gi<ng nh. Default Server nh.ng n
l Main Server c nhi5u host name ho(c IP. C1u hnh Default
Server c thF dng c1u hnh Vitual Servers.
- BCng h.ng dRn c1u hnh Default Server

Tham s< Miu tC
Port 80 C+ng dng cho kAt n<i 'An Server
User [#]apache Ch[ 'Nnh UID c quy5n thUc thi Apache
Group [#]apache Ch[ 'Nnh GID c quy5n thUc thi Apache
ServerAdmin
root@locahost
;Na ch[ mail sX '.:c gSi 'An Client khi
c l8i
ServerName Tn Server nh. l
www.mydomain.com , khc tn host
trn server
DocumentRoot
/var/www/html
;./ng dRn th. m6c m(c 'Nnh chEa
trang web
UserDir public_html ;./ng dRn th. m6c con trong th.
muc Home cIa User dng chEa trang
web
DirectoryIndex filename Ch[ 'Nnh mBt hay nhi5u tn file Index
khi m yu c3u khng thF xc 'Nnh file
AccessFileName
.htaccess
Qui 'Nnh quy5n truy c@p t@p tin trong
th. m6c hay trong th. m6c con, khi
t@p tin ny '.:c ch[ 'Nnh bQi
AccessFile
UseCanonicalName On Apache tU tham chiAu 'An URL. NAu
On sS d6ng tn Server v Port, nAu off
sS d6ng tn Host v Port cung c1p cho
Client
TypesConfig
/etc/mime.types
Quy 'Nnh tn t@p tin theo chuan MIME,
ph3n mQ rBng '.:c php trn Server
DefaultType text/plain Chuan m(c 'Nnh cIa kiFu MIME khi c
yu c3u '.:c gSi 'An.
HostnameLookups Off Qui 'Nnh vi#c Apache dung DNS
lookup khi kAt n<i 'An
ErrorLog
/var/log/httpd/error _log
Xc 'Nnh './ng dRn file error log
LogLevel warn Xc 'Nnh thng tin chi tiAt Apache ghi
vo t@p tin error log
LogFormat formatstr ;Nnh dPng kiFu formatstr, Apache ghi
lPi log vo Access log
Redhat Linux
/ 80 60
CustomLog
/var/log/httpd/access_log
combined
Xc 'Nnh tn cIa t@p tin access log v
'Nnh dPng t@p tin log.
ServerSignature On HiFn thN tn Server v phin bCn vo
cu<i trang khi c thng bo l8i, li#t k
t@p tin trong FTP,..
Alias urlpath dirpath Lin kAt './ng dRn th. m6c lin quan
'An DocumentRoot, 'An th. m6c t@p
tin h# th<ng, n^m ngoi h# th<ng t@p
tin server
ScriptAlias urlpath
dirpath
HoPt 'Bng gi<ng Alias v c>ng dung
ch[ './ng dRn chEc script CGI
IndexOptions
FancyIndexing
Xc 'Nnh '(c 'iFm hoPt 'Bng th. m6c
Apache indexing.
AddIconByEncoding
mimeencoding
;(t biFu t.:ng xu1t hi#n bn cPnh t@p
tin dPng mimeencoding, sS vi
FancyIndexing
AddIconByType icon
mimetype
;(t biFu t.:ng xu1t hi#n bn cPnh t@p
tin dPng mimetype, sS vi
FancyIndexing
AddIcon icon name ;(t biFu t.:ng bn cPnh nhLng t@p tin
c ph3n mQ rBng name
DefaultIcon
/icons/unknown.gif
;(t nhLng biFu t.:ng m(c 'Nnh vi
nhLng t@p tin MIME ho(c khng xc
'Nnh loPi no
AddDescription str file Gn kiFu String cho ph3n miu tC vi 1
hay nhi5u t@p tin file, dung vi
FancyIndexing
AddEncoding
mimeencoding name
Gn kiFu m ho MIME bQi
mimeencoding cho t@p tin c ph3n mQ
rBng name
AddType mimetype
name
Thm mimetype cho t@p tin c ph3n
mQ rBng name vo danh sch MIME
type

/ 80 61
D.i 'y l bCn tham khCo c1u hnh Default Server

Port 80
User apache
Group apache
ServerAdmin root@localhost
DocumentRoot /var/www/html
<Directory />
Options FollowSymLinks
AllowOverride None
</Directory>
<Directory /var/www/html>
Options Indexes Includes FollowSymLinks
AllowOverride None
Order allow,deny
Allow from all
</Directory>
UserDir public_html
DirectoryIndex index.html index.htm index.shtml index.php index.php4 index.php3
index.cgi
AccessFileName .htaccess
<Files ~ ^\.ht>
Order allow,deny
Deny from all
</Files>
UseCanonicalName On
TypesConfig /etc/mime.types
DefaultType text/plain
<IfModule mod_mime_magic.c>
MIMEMagicFile conf/magic
</IfModule>
HostnameLookups Off
ErrorLog /var/log/httpd/error_log
LogLevel warn
LogFormat %h %l %u %t \%r\ %>s %b \%{Referer}i\ \%{User-Agent}i\ combined
LogFormat %h %l %u %t \%r\ %>s %b common
LogFormat %{Referer}i -> %U referer
LogFormat %{User-agent}i agent
CustomLog /var/log/httpd/access_log combined
ServerSignature On
Alias /icons/ /var/www/icons/
<Directory /var/www/icons>
Options Indexes MultiViews
AllowOverride None
Order allow,deny
Allow from all
Redhat Linux
/ 80 62
</Directory>
ScriptAlias /cgi-bin/ /var/www/cgi-bin/
<Directory /var/www/cgi-bin>
AllowOverride None
Options ExecCGI
Order allow,deny
Allow from all
</Directory>
IndexOptions FancyIndexing
AddIconByEncoding (CMP,/icons/compressed.gif) x-compress x-gzip
AddIconByType (TXT,/icons/text.gif) text/*
AddIconByType (IMG,/icons/image2.gif) image/*
AddIconByType (SND,/icons/sound2.gif) audio/*
AddIconByType (VID,/icons/movie.gif) video/*
AddIcon /icons/binary.gif .bin .exe
AddIcon /icons/binhex.gif .hqx
AddIcon /icons/tar.gif .tar
AddIcon /icons/world2.gif .wrl .wrl.gz .vrml .vrm .iv
AddIcon /icons/compressed.gif .Z .z .tgz .gz .zip
AddIcon /icons/a.gif .ps .ai .eps
AddIcon /icons/layout.gif .html .shtml .htm .pdf
AddIcon /icons/text.gif .txt
AddIcon /icons/c.gif .c
AddIcon /icons/p.gif .pl .py
AddIcon /icons/f.gif .for
AddIcon /icons/dvi.gif .dvi
AddIcon /icons/uuencoded.gif .uu
AddIcon /icons/script.gif .conf .sh .shar .csh .ksh .tcl
AddIcon /icons/tex.gif .tex
AddIcon /icons/bomb.gif core
AddIcon /icons/back.gif ..
AddIcon /icons/hand.right.gif README
AddIcon /icons/folder.gif ^^DIRECTORY^^
AddIcon /icons/blank.gif ^^BLANKICON^^
DefaultIcon /icons/unknown.gif
ReadmeName README.html
HeaderName HEADER.html
IndexIgnore .??* *~ *# HEADER* README* RCS CVS *,v *,t
AddEncoding x-compress Z
AddEncoding x-gzip gz tgz
AddLanguage en .en
AddLanguage fr .fr
AddLanguage de .de
AddLanguage da .da
AddLanguage el .el
AddLanguage it .it
/ 80 63
LanguagePriority en fr de
<IfModule mod_php4.c>
AddType application/x-httpd-php .php4 .php3 .phtml .php
AddType application/x-httpd-php-source .phps
</IfModule>
<IfModule mod_php3.c>
AddType application/x-httpd-php3 .php3
AddType application/x-httpd-php3-source .phps
</IfModule>
<IfModule mod_php.c>
AddType application/x-httpd-php .phtml
</IfModule>
AddType application/x-tar .tgz
AddType text/html .shtml
AddHandler server-parsed .shtml
AddHandler imap-file map
BrowserMatch Mozilla/2 nokeepalive
BrowserMatch MSIE 4\.0b2; nokeepalive downgrade-1.0 force-response-1.0
BrowserMatch RealPlayer 4\.0 force-response-1.0
BrowserMatch Java/1\.0 force-response-1.0
BrowserMatch JDK/1\.0 force-response-1.0
<IfModule mod_perl.c>
Alias /perl/ /var/www/perl/
<Location /perl>
SetHandler perl-script
PerlHandler Apache::Registry
Options +ExecCGI
</Location>
</IfModule>
Alias /doc/ /usr/share/doc/
<Location /doc>
order deny,allow
deny from all
allow from localhost .localdomain
Options Indexes FollowSymLinks
</Location>

- Tham s< User v Group cho biAt apache l chI cIa Child
Server. ;i5u ny sX an ton h!n v n khng c3n nhLng quy5n
nh. root
- Tham s< ServerName ch[ r nhLng tn '.:c trC v5 cho Client.
V d6: nAu tn Server DNS l webbeast.mydomain.com bPn c
thF '(c tn Server l www.mydomain.com , lc ny Server sX trC
l/i yu c3u gSi 'An www.mydomain.com
Redhat Linux
/ 80 64
- DocumentRoot /var/www/html xc 'Nnh th. m6c chEa trang Web
cIa Server. V d6: tn server www.mydomain.com khi Client
truy c@p trang www.mydomain.com/index.html ,server sX trC v5
t@p tin /var/www/html/index.html cho Client
- M8i thJ <Directory> </Directory> c1u hnh quy5n th. m6c hay
th. m6c con. ThJ '3u tin sX '(t quy5n cho t1t cC th. m6c:

<Directory />
Options FollowSymLinks
AllowOverride None
</Directory>

+ ThJ ny sX tc d6ng ln /var/www/html, /var/www/icons v
/var/www/cgi-bin
+ D.i 'y l nhLng Options p d6ng ln th. m6c l:
All : ch1p nh@n t1t cC Option trK MultiViews. All l gi trN
m(c 'Nnh
ExecCGI : cho php thUc thi CGI
FollowSymLinks : cho php Link symbolic trong th. m6c
Includes : cho php SSI (server-side includes)
IncludesNOEXEC : cho php SSI nh. khng cho php
l#nh #exec v #include cho CGI scripts
Indexes : cho Server trC v5 danh sch list th. m6c v
t@p tin nAu khng c index.html
MultiViews : cho php tm kiAm MultiViews. NAu Server
nh@n '.:c yu c3u cho nhLng ti nguyn khng t]n tPi
v d6 /doc/resource, sau ' Server sX scans nhLng th.
m6c tn resouces.* ,nAu c sX lUa ch=n ph h:p v trC
v5 cho Client
None : tVt hAt nhLng option cho th. m6c v th. m6c con
SymLinksIfOwnerMatch : ch[ cho Server './ng dRn 'Pi
di#n cIa nhLng t@p tin v th. m6c cIa UID
+ Y ph3n trn ch[ c mBt Option cho t1t cC th. m6c tK / (root) l
FollowSymLinks. TK ' trQ v5 sao t1t cC nhLng sU khc bi#t vi
Option / (root) sX c tc d6ng trn th. m6c bPn qui 'Nnh
<Directory /var/www/html>
Options Indexes Includes FollowSymLinks
AllowOverride None
Order allow.deny
Allow from all
</Directory>
/ 80 65
+ M6c AllowOverride ni cho Server biAt c quy5n truy c@p
nhLng t@p tin '.:c qui 'Nnh bQi AccessFileName
(AccessFileName .htaccess trong tr./ng h:p trn). NAu ch=n
None Server sX l/ 'i t@p tin access file. NAu ch=n All t@p tin
AccessFileName .htaccess sX c hi#u lUc
+ Order 'i5u khiFn thE tU p '(c quy5n hPn cho nhLng ti
nguyn. Order c cc gi trN:
Order Deny.Allow : Xt quy5n Deny tr.c Allow sau,
m(c 'Nnh cho php truy c@p. Client khng bN Deny v
'.:c Allow th '.:c truy c@p
Order Allow.Deny : Xt quy5n Allow tr.c Deny sau v
m(c 'Nnh l Deny. Client nAu khng Allow ho(c bN Deny
th khng '.:c truy c@p
Order Mutual-failure : ch[ nhLng Client c trong danh
sch Allow v khng c trong danh sch Deny th '.:c
truy c@p
- Ci '(t quy5n hPn cho file v th. m6c r1t quan tr=ng cho
Apache chPy +n 'Nnh v bCo m@t. Root sX lm chI file httpd.conf
v th. m6c bin. NhLng User (web) sX lm chI th. m6c log v.v..

3. C1u hnh Virtual Hosts
- BCn h.ng dRn sau 'y dng cho c1u hnh Vitual Server

Tham s< Miu tC
<Virtual Host ipaddr[:port]>
directives
</VirtualHost>
Xc 'Nnh 'Na ch[ IP cIa Virtual
host. Directives l nhLng tham
s< c1u hnh default server
NameVirtualHost
ipaddr[:port]
;Na ch[ IP cIa Vitual Host
ServerName fqdn Tn '3y 'I cIa Server
VitualHost
ServerAlias altname Cho php Vitual Host trC l/i
nhLng host names khc.

- C1u hnh chuan Vitual Server :

...
Port 80
ServerName webbeast.domain.com
NameVirtualHost 192.168.0.1
<VirtualHost 192.168.0.1>
Redhat Linux
/ 80 66
DocumentRoot /var/www/thisdomain
ServerName www.domain.com
</VirtualHost>
<VirtualHOst 192.168.0.1>
DocumentRoot /var/www/thatdomain
ServerName www.that.domain.com
</VirtualHost>

- Trong v d6 trn www.domain.com v www.that.domain.com l
nhLng aliases (CNAME records) cho 'Na ch[ 192.168.0.1 , c
nghGa 2 tn mi5n trn v webbeast.domain.com '5u trW 'An
192.168.0.1. NameVirtualHost '.:c qui 'Nnh l 'Na ch[
192.168.0.1, tn ServerName l tn my tnh chPy Server
webbeast.domain.com . Yu c3u gSi 'An
www.that.doamain.com sX '.:c 'p Eng tE
/var/www/thatdomain, nh.ng yu c3u gSi 'An www.domain.com
sX '.:c 'p Eng tE /var/www/thisdomain.

III. Ci <Mt c8u hnh kKt hLp bNo mVt Apache hW trL PHP
A. ChiKn l)Lc bNo mVt c2 bNn khi sP dng Apache

- Vi#c bCo m@t Apache gVn li5n vi vi#c bCo m@t PHP, mBt ngn
ngL l@p trnh sS d6ng 'F tPo ra nhLng trang web 'Bng t.!ng tc
vi ng./i dng v nhLng dL li#u cIa ng./i dng '.:c l.u
trong c! sQ dL li#u tPi local. Vi#c bCo m@t sX mang lPi :
PHP '.:c c1u hnh t<i .u trong mBt c! chA bCo m@t t<t
;oPn m PHP sX thUc thi trong mi tr./ng chrooted
Apache Server sX tK ch<i nhLng yu c3u (Get v Post)
chEa nhLng thJ HTML ( c thF bN t1n cng b^ng ph.!ng
php Cross-Site-Scripting) ho(c nhLng k tU () hay () (
ch<ng lPi sU t1n cng b^ng ph.!ng php SQL Injection )
Khng c l/i cCnh bo PHP ho(c nhLng thng bo l8i

B. Ci <Mt c8u hnh Apache

- C3n 'Cm bCo MYSQL ' '.:c ci trn Server v '.:c '(t
trong th. m6c /usr/local/mysql sX tch h:p SQL vi PHP.
Tr.c tin chng ta c3n tCi v5 phin bCn m ngu]n mi nh1t
cIa Apache, PHP, v nhLng modules mod_security (
www.modsecurity.org ) nhLng module ny '.:c dng bCo v#
CSS v t1n cng b^ng SQL injection. TiAn hnh giCi nn ch.!ng
/ 80 67
trnh vo th. m6c HOME, v mod_security '.:c chp vo
apache_1.3.27/src/modules/extra/

gzip -dc apache_1.3.27.tar.gz | tar xvf -
gzip -dc php-4.3.2.tar.gz | tar xvf -
gzip -dc mod_security_1.5.tar.gz | tar xvf -
cp mod_security_1.5/apache1/mod_security.c
apache_1.3.27/src/modules/extra/

- Tr.c khi bin dNch ch.!ng trnh chng ta c3n quyAt 'Nnh 3
ph.!ng php m PHP sX '.:c ci nh. :

MBt Web Server vi module tGnh
MBt Web Server vi module 'Bng
ThF hi#n nh. CGI

Cc cch trn c .u 'iFm v nh.:c 'iFm ring. Bin dNch PHP
nh. mBt module tGnh sX cCi thi#n h=at 'Bng Web Server nh.ng khi
nng c1p phin bCn mi PHP th c3n bin dNch lPi hon ton. LUa
ch=n thE 2 bin dNch nh. module 'Bng khi nng c1p khng c3n bin
dNch lPi nh.ng h=at 'Bng web server sX giCm 5%. Ph.!ng php thE
3 ci PHP nh. l CGI ' l sU lin kAt c! chA suEXEC cIa Apache,
n hon ton l mBt giCi php t<t, nh.ng nAu khng ci '(t 'ng sX
trQ thnh l8i bCo m@t nghim tr=ng. LUa ch=n t<t nh1t cho vi#c bCo
m@t v t<i .u l dng ph.!ng php thE nh1t. Ph3n h.ng dRn sau
'y lm theo ph.!ng php thE nh1t

- Qu trnh ci '(t Apache c PHP gi<ng vi ci qu trnh ci
Apache Q ph3n trn nh.ng c thm 2 modules l mod_php v
mod_security. C3n tPo User v Group apache tr.c khi bin
dNch Apache. Lm theo cc b.c sau:

cd apache_1.3.27
./configure
+ Bin dNch module PHP
cd ../php-4.3.2
./configure --with-mysql=/usr/local/mysql --with-
apache=../apache_1.3.27 --enable-safe-mode
make
su
make install
Redhat Linux
/ 80 68
+ ChuyFn vo th. m6c Apache v tiAp t6c ci '(t
cd ../apache_1.3.27
./configure --prefix=/usr/local/apache --disable-module=all
--server-uid=apache --server-gid=apache --enable-
module=access --enable-module=log_config --enable-
module=dir --enable-module=mime --enable-module=auth
--activate-module=src/modules/extra/mod_security --
enable-module=security --activate-
module=src/modules/php4/libphp4.a
make
su
make install
chown -R root:sys /usr/local/apache

./configure Q trn ch[ nhLng module c3n thiAt cho bCo
m@t '.:c ci

+ B.c tiAp theo chuyFn vo th. m6c PHP v chp t@p tin c1u
hnh PHP m(c 'Nnh
cd ../php-4.3.2
mkdir /usr/local/lib
chmod 755 /usr/local/lib
cp php.ini-recommended /usr/local/lib/php.ini
chown root:sys /usr/local/lib/php.ini
chmod 644 /usr/local/lib/php.ini
+ C1u hnh /usr/local/apache/conf/httpd.conf 'i5u khiFn PHP
Script

AddType application/x-httpd-php .php

+ Lc ny chng ta c thF tiAn hnh chPy thS v kiFm tra PHP c
thF giao tiAp vi MySQL ch.a, TPo t@p tin test.php trong th. m6c
/var/www/html

<html><body>
<?php
$link = mysql_connect("localhost", "user_name",
"password")
or die;
print "Everything works OK!";
mysql_close($link);
/ 80 69
?>
</body></html>

NAu khng chPy c3n kiFm tra lPi qu trnh ci '(t Apache v
MySQL

C. BNo mVt Apache

1. Chrooting Server
- B.c '3u tin cIa bCo m@t l tPo mi tr./ng chrooted cho
Apache vi module PHP. ;F tPo mi tr./ng Chrooting Server
xem ti li#u h./ng dRn 'i km. Ph3n thm vo sau 'y dng
cho PHP. Tr.c khi chPy Apache l3n '3u trong mi tr./ng
chrooted c3n chp thm vo nhLng th. vi#n sau:

cp /usr/local/mysql/lib/mysql/libmysqlclient.so.12
/chroot/httpd/usr/lib/
cp /usr/lib/libm.so.2 /chroot/httpd/usr/lib/
cp /usr/lib/libz.so.2 /chroot/httpd/usr/lib/

- Chp t@p tin c1u hnh PHP m(c 'Nnh

umask 022
mkdir -p /chroot/httpd/usr/local/lib
cp /usr/local/lib/php.ini /chroot/httpd/usr/local/lib/

- TPo th. m6c /chroot/httpd/tmp .Th. m6c ny phCi cIa Root v
'.:c chmod 1777. Sau khi tPo mi tr./ng mi chng ta c thF
kiFm tra nAu Apache hoPt 'Bng t<t:

chroot /chroot/httpd /usr/local/apache/bin/httpd

- Tr.c khi c1u hnh PHP c3n phCi can th@n kiFm tra lPi sU giao
tiAp giLa PHP v MySQL. BQi v sU giao tiAp giLa PHP v
MySQL trn local b^ng vi#c sS d6ng socket /tmp/mysql.sock.
Sau khi dng PHP trong mi tr./ng chrooted c3n tPo hard link
'An mi tr./ng chrooted

ln /tmp/mysql.sock /chroot/httpd/tmp/

Redhat Linux
/ 80 70
2. C1u hnh PHP
- ;F Apache tch h:p PHP c3n thm vo t@p tin httpd.conf

AddModule mod_php4.c
AddType application/x-httpd-php .php
AddType application/x-httpd-php .inc
AddType application/x-httpd-php .class

C thF thm ph3n mQ rBng khc nh. html, dhtml ty thuBc
vo Server
- NhLng thay '+i quan tr=ng cCi thi#n bCo m@t cIa PHP cho t@p
tin /chroot/httpd/usr/local/lib/php.ini

Tham s< Miu tC
Safe_mode= on PHP Script ch[ c thF truy c@p nhLng t@p
tin khi m Owner nhLng t@p tin ny l
Owner cIa PHP Script. ; l kG thu@t bCo
m@t quan tr=ng cho PHP. NgMn ch(n hi#u
quC vi#c truy c@p file h# th<ng
(/etc/passwd)
Safe_mode_gid=off Khi safe_mode on v safe_mode_gid off,
PHP script c thF truy c@p t@p tin cng
Owner v cng group
Open_basedir =
directory[:...]
Khi open_basedir '.:c thiAt l@p PHP ch[
c thF truy c@p nhLng t@p tin trong th.
m6c '.:c ch[ 'Nnh ( v th. m6c con)
safe_mode_exec_dir
= directory[:...]
Khi safe_mode on, hm system(), exec()
v nhLng hoPt 'Bng thUc thi ch.!ng trnh
sX bN tK ch<i ,nAu khng '(t vo th. m6c
ch[ 'Nnh
expose_php = Off TVt expose_php PHP sX tK ch<i cho
HTTP Headers gSi 'An Client khi trC l/i
yu c3u
register_globals = Off Khi register_global on t1t cC cc biAn
EGPCS ( Environment, Get, Post, v
Server ) tU 'Bng 'Mng k nh. biAn global,
n c thF tPo ra l8i bCo m@t nghim tr=ng.
Nn tVt register_global ( M(c 'Nnh tK
phin bCn 4.2.0 tham s< ny off )
display_errors = Off NAu display_errors tVt, PHP error v l/i
cCnh bo sX khng xu1t hi#n. BQi v l/i
/ 80 71
cCnh bo ny th./ng 'F lB nhLng thng
tin './ng dRn, cu truy v1n SQL v.v..
log_errors = On Khi log_errors '.:c b@t, t1t cC l8i v cCnh
bo '.:c ghi nh@n vo t@p tin '.:c khai
bo trong error_log. NAu khng khia bo
error_log nhLng thng tin ny sX '.:c
Apache server ghi nh@n lPi
Error_log = filename Ch[ 'Nnh tn t@p tin '.:c dng ghi lPi
cCnh bo v l8i (User v group Apache c
quy5n ghi)

3. Ch<ng lPi cch t1n cng CSS v SQL Injection
- B.c cu<i cng cho vi#c bCo m@t l thUc hi#n vi#c logging GET
v POST, ']ng th/i thUc hi#n vi#c bCo v# CSS v SQL
injection. Chng ta sX sS d6ng module mod_security. Thm vo
t@p tin httpd.conf

AddModule mod_security.c

- B@t chA 'B logging GET v POST, thm vo t@p tin httpd.conf

<IfModule mod_security.c>
AddHandler application/x-httpd-php .php

SecAuditEngine On
SecAuditLog logs/audit_log
SecFilterScanPOST On
SecFilterEngine On
</IfModule>

- NhLng l#nh trn sX b@t chEc nMng Audit Engine c nhi#m v6
logging lPi nhLng yu c3u, v bB l=c POST Engine log lPi yu
c3u POST. ;F bCo v# Eng d6ng Web ch<ng lPi CSS c3n thm
vo tr.c </IfModule>

SecFilterDefaultAction "deny,log,status:500"
SecFilter "<(.|\n)+>"

- Dng '3u tin Server sX trC v5 thong bo Internal Server Error
khi mBt yu c3u tm kiAm c6m tK trong biAn SecFilter '.:c gSi
Redhat Linux
/ 80 72
'An. Dng thE 2 thiAt l@p cho bB l=c tm nhLng thJ HTML trong
yu c3u GET v POST
- MBt trong nhLng k hi#u 'iFn hnh cIa vi#c t1n cng SQL
Injection l d1u () ho(c () trong yu c3u GET hay POST. B^ng
vi#c tK ch,, gip ch<ng lPi vi#c t1n cng CSS v
SQL Injection, nh.ng nhLng Eng d6ng PHP sX hoPt 'Bng khng
t<t, v ng./i dng khng thF sS d6ng nhLng k tU ny trong
nhLng forms HTML. ;F giCi quyAt v1n '5 ny ngn ngL
JavaScript c thF '.:c dng cho pha Client, n c thF thay thA
nhLng k tU trn vi nhLng thJ nh. < > "

IV. Nh(ng lin kKt tham khNo
- Apache HTTP Server Project: http://httpd.apache.org/
- Sample httpd.conf: www.securityfocus.com/data/tools/httpd.conf
- Sample apache.sh:
www.securityfocus.com/data/tools/apache.sh
- Securing Apache: Step-by-Step:
www.securityfocus.com/infocus/1694
- Sample httpd.conf with PHP support:
www.securityfocus.com/unix/linux/images/maj_httpd.conf
- PHP: www.php.net
- mod_security : www.modsecurity.org

/ 80 73

DXCH VZ TH+ -I\N T^ (Sendmail)

1. Khi nim:
Th. 'i#n tS, Electronic mail, Email, l dNch v6 c thF ni l quan
tr=ng nh1t '<i vi ng./i sS d6ng Internet. Do tnh ph+ c@p cIa
email, vi#c c1u hnh t<t Mail server, tPo 'i5u ki#n cho ng./i sS d6ng
c thF trao '+i Email l cng vi#c '3u tin v quan tr=ng nh1t cIa
ng./i quCn trN. MBt c1u hnh sai email c thF dRn '1n tnh trPng
khng gSi ho(c nh@n '.:c th., ho(c t# h!n l m1t th. m khng c
phCn h]i. HoPt 'Bng cIa dNch v6 mail gVn r1t ch(t chX vi c3u hnh
cIa DNS.

Chng ta thS hnh dung qu trnh gSi mail 'F hiFu v5 c! chA hoPt
'Bng cIa h# th<ng Email.

;3u tin, bPn phCi c mBt ch.!ng trnh cho php bPn soPn thCo
mail. C r1t nhi5u ch.!ng trnh thUc hi#n nhi#m v6 ny : Internet
Explorer, Eudora, Netscape cho Windows; eml, netscape, mail cho
Unix Cc ch.!ng trnh '3u tin cho php bPn 'nh 'Na ch[ Email
cIa ng./i nh@n. ;Na ch[ ' ngy nay c dPng
recepient_name@domain_name.top_domain , v d6 nh.
vqthang@mcsevietnam.com. Sau ' bPn soPn thCo nBi dung th. v
gSi 'i b^ng mBt l#nh hay mBt nh1p chuBt. Khi ', ch.!ng trnh mail
client sX theo c1u hnh m bPn ' lm, tm mBt SMTP server,
outgoing server. SMTP l viAt tVt cIa Simple Mail Transfer Protocol
v server sS d6ng giao thEc SMTP '.:c g=i l SMTP server. Ng./i
ta cn th./ng quen dng l mail server. Khi bPn khai bo SMTP
server bPn th./ng dng tn v nh. v@y bPn phCi sS d6ng DNS
server m my bPn phCi khai bo tK tr.c 'F nh/ phn giCi v tm
'Na ch[ IP t.!ng Eng. Sau khi tm ra 'Na ch[ IP cIa SMTP server,
ch.!ng trnh mail cIa bPn sX thUc hi#n mBt kAt n<i TCP/IP vi
SMTP server vo c+ng 25, l c+ng quy 'Nnh cho SMTP server. Hai
tiAn trnh mail client v mail server sX trao '+i thng tin vi nhau
thng qua SMTP protocol. NAu m=i vi#c thng su<t, email cIa bPn
sX '.:c ch1p nh@n l.u trL trn SMTP server v ch.!ng trnh mail
client cIa bPn kAt thc phin lm vi#c.

Redhat Linux
/ 80 74
Cng vi#c tiAp theo l SMTP server cIa bPn tm cch gSi mail cIa
bPn ti ng./i nh@n. ;F lm vi#c ny, SMTP server cIa bPn thUc
hi#n 2 thao tc :
+ Tm mail server cIa ng./i nh@n cIa email cIa bPn
+ GSi email cIa bPn 'An mail server cIa ng./i nh@n trong
email cIa bPn.
Thao tc '3u tin hon ton dUa vo DNS servers. C6 thF l SMTP
cIa bPn sX 'ng vai tr mBt DNS client 'F hWi DNS server cIa mi5n
cIa bPn xem ai l mail server cIa mi5n mcsevietnam.com ? Qu
trnh tra hWi ny '.a 'An vi#c tm ra mBt record c dPng
mcsevietnam.com. IN MX 10 mailserver.mcsevietnam.com. n^m
trong CSDL cIa mBt DNS server no ', th./ng l DNS server cIa
mi5n mcsevietnam.com.
NAu qu trnh ny khng thnh cng, th. cIa bPn sX khng gSi 'i
'.:c v bPn sX nh@n '.:c mBt thng bo trC l/i r^ng email cIa bPn
khng '.:c v host unknown. NAu ng.:c lPi, SMTP cIa bPn sX
mQ mBt kAt n<i TCP/IP 'An mailserver.mcsevietnam.com vo c+ng
25 'F gSi email cIa bPn. Lc ny SMTP cIa bPn 'ng vai tr mBt
mail client. Giao thEc SMTP lPi '.:c sS d6ng 'F chuyFn th. trong
khu ny.
NAu m=i thE thnh cng, email cIa bPn sX '.:c l.u trL trn
mailserver.mcsevietnam.com v ng./i nh@n vqthang sX phCi kAt n<i
vi mailserver.mcsevietnam..com 'F l1y th. v5 my cIa mnh v
'=c th..
Trn 'y l miu tC mBt qu trnh gSi mail 'iFn hnh trn Internet.
Trn thUc tA, qu trnh ny c thF phEc tPp v thay '+i kh nhi5u
ph6 thuBc vo c1u hnh cIa tKng mPng. ; chnh l yAu t< lm phEc
tPp ha r1t nhi5u h# th<ng Email v kh khMn 'ng nh@n th1y c t nh1t 4 my tnh tham
gia vo qu trnh chuyFn mail, nhi5u l3n DNS server tham gia vo v
nAu h# th<ng DNS server khng chPy hon hCo, chng ta khng thF
gSi Email '.:c.

2. D(ch v* mail server trn Linux (Sendmail):
C nhi5u ch.!ng trnh SMTP server, nh.ng Sendmail c lX l
ch.!ng trnh SMTP server n+i tiAng nh1t trn Unix tK lu nay bQi
tnh nMng mPnh v c>ng bQi tnh phEc tPp cIa n. Ch.!ng trnh
Sendmail '.:c viAt bQi Eric Allman khi ng l mBt sinh vin cIa
University of California at Berkeley vo nMm 1979. RedHat Linux c
hai ch.!ng trnh mail server l smail v sendmail. Nhn chung smail
thch h:p cho mBt mPng '!n giCn, cn sendmail th c thF dng cho
/ 80 75
cC hai. Trong khun kh+ bi viAt ny, chng ta sX nghin cEu
ch.!ng trnh sendmail.

Ch.!ng trnh sendmail c thF '.:c g=i ln bB nh bQi hai cch.
Cch thE nh1t l sendmail '.:c g=i ln bQi ch.!ng trnh mail client,
v d6 nh. ch.!ng trnh cng tn mail. Khi ' sendmail sX mQ mBt
kAt n<i 'F gSi mail 'i. ;y l c1u hnh sendmail nAu my cIa bPn
khng phCi l SMTP server. Cch thE hai l sendmail '.:c hoPt
'Bng theo kiFu daemon, tEc l th./ng tr trn bB nh. Khi ',
daemon sendmail nghe sau c+ng 25 cc kAt n<i 'An. M8i khi c kAt
n<i 'An c+ng 25, sendmail daemon sinh ra mBt tiAn trnh sendmail
con 'F tiAp nh@n kAt n<i ny, cn bCn thn mnh th tiAp t6c ch/ ':i
cc kAt n<i khc. Vi l#nh netstat n ta c thF hiFn thN cc kAt n<i
'ang trong thUc hi#n. Sendmail sS d6ng cc t@p tin c1u hnh v th.
m6c nh. sau:
- ;3u tin, Sendmail sS d6ng t@p tin c1u hnh /etc/sendmail.cf
m8i khi '.:c g=i ln bB nh. T@p tin ny r1t thch h:p cho cc cng
tc cIa sendmail nh.ng cUc k_ kh hiFu ' user@hub
R$-@$w $@ $1@${HUB} user@local -> user@hub
- ;y l mBt nh.:c 'iFm ']ng th/i l mBt .u 'iFm cIa sendmail
v n cho php c1u hnh sendmail cUc k_ uyFn chuyFn v thWa mn
cc yu c3u d o le nh1t cIa mBt mail server. NAu bPn ch.a mBt
l3n phCi vc '3u bQi nhLng k tU C r@p ny th bPn ch.a phCi l
quCn trN vin thUc th6 .
- Trong t@p tin sendmail.cf c mBt s< tr./ng quan tr=ng l :
# Alias for this host
Cwkhangves.mcsevietnam.com. vqthang.ittvn.com.
Cwlocalhost linuxsrv.mcsevietnam.com.
- Dng thE 2 xc 'Nnh r^ng t1t cC cc email vi 'Na ch[
user@khangves.mcsevietnam.com, user@vqthang.ittvn.com l
thuBc v5 my m ch.!ng trnh sendmail 'ang chPy, c3n phCi '.a v5
cho ch.!ng trnh chuyFn mail trn my local v phCi thS xem user l
c t]n tPi trn my ny khng. T1t cC nhLng mail vi ph3n domain
ngoi Cw '5u '.:c coi l cho mi5n ngoi v phCi chuyFn 'i qua
mPng b^ng sendmail.
# Smart host
Dssrv.mcsevietnam.com
# Use this mailer to reach the Smart host
DNsmtp
Redhat Linux
/ 80 76
- Dng thE 2 cIa v d6 trn ch[ ra r^ng vi t1t cC cc mail khng
local, ch[ c3n chuyFn 'An trPm mail trung chuyFn (mail relay) v tn
cIa mail relay l chu8i k tU n^m sau DS.
- ;F thS xem sendmail c phn giCi 'Na ch[ v chuyFn th. 'ng
theo 'Nnh cIa mnh hay khng, bPn c thF dng l#nh sendmail bt
ho(c mail v <=a_chT [root@linuxsrv root]$ /usr/sbin/sendmail -bt
ADDRESS TEST MODE (ruleset 3 NOT automatically invoked)
Enter <ruleset> <address>
> 3,0 a@khangves.mcsevietnam.com
rewrite: ruleset 3 input: a @ khangves.mcsevietnam.com
rewrite: ruleset 96 input: a < @ khangves.mcsevietnam.com >
rewrite: ruleset 96 returns: a < @ khangves.mcsevietnam.com. >
rewrite: ruleset 0 input: a < @ khangves.mcsevietnam.com. >
rewrite: ruleset 195 returns: $# local $: a
rewrite: ruleset 0 returns: $# local $: a
>
> 3,0 a@yahoo.com
rewrite: ruleset 3 input: a @ yahoo . com
rewrite: ruleset 96 input: a < @ yahoo . com >
rewrite: ruleset 96 returns: a < @ yahoo . com . >
rewrite: ruleset 0 input: a < @ yahoo . com . >
rewrite: ruleset 90 input: < yahoo . com > a < @ yahoo . com . >
rewrite: ruleset 90 input: yahoo . < com > a < @ yahoo . com . >
rewrite: ruleset 95 input: < srv.mcsevietnam.com > a < @ yahoo .
com. >
rewrite: ruleset 95 returns: $# smtp $@ srv.mcsevietnam.com $: a <
@
/ 80 77
yahoo . com . >
@
yahoo . com . >
@
yahoo . com . >

3. Ci $%t v c,u hnh Sendmail:
+ Ci '(t :
- ;F ci '(t Sendmail tK package rpm, ta dng l#nh :
rpm ivh sendmail-x.xx.x-xx.rpm
+ C1u hnh :
- ;F c1u hnh Sendmail, ta c1u hnh trong file
/etc/mail/sendmail.cf. Trong file ny, ta ch[ c1u hnh mBt s< cc tham
s< th./ng dng nh. sau :

Cc tham s& c?n <iCu chTnh GiNi thch
Cwlocalhost mcsevietnam.com C1u hnh cho sendmail nh@n
mail cho mi5n
linuxsrv.mcsevietnam.com.
# "Smart" relay host (may be null)
Dslinuxsrv.mcsevietnam.com
Cc mail sX '.:c chuyFn ln
my linuxsrv.mcsevietnam.com
'F gQi 'i.
# maximum number of recipients
per
SMTP envelope
O MaxRecipientsPerMessage=50
Gii hPn s< ng./i nh@n trong
mBt l mail.
# maximum message size
O MaxMessageSize=3000000
Gii hPn kch th.c t<i 'a cIa
mBt l mail, tnh theo '!n vN
bytes

- Ngoi ra phCi c1u hnh cho sendmail nh@n relay mail cho mi5n
' khai bo(linuxsrv.mcsevietnam.com) trong file
/etc/mail/sendmail.cf ta thm tn mi5n '
(linuxsrv.mcsevietnam.com) vo trong file /etc/mail/access nh. sau :
Linuxsrv.mcsevietnam.com RELAY
- Dng khai bo ny cho php cc client gSi '.:c mail thng qua
mail server sendmail ny, m(t khc mail server ny c thF nh@n mail
cho mi5n linuxsrv.mcsevietnam.com g=i l c! chA chng relay :
Redhat Linux
/ 80 78
ngoi mi5n ny, sendmail khng nh@n chuyFn mail cho b1t cE mi5n
no.
- Sau khi thm dng ny vo, ta phCi chuyFn file dPng text sang
dPng chuan cIa sendmail c thF '=c '.:c b^ng l#nh sau :

Cd /etc/mail/
Makemap hash access<access
- Khi ' thUc hi#n xong cc b.c trn, ta c thF khQi 'Bng
sendmail b^ng l#nh :
/etc/init.d/sendmail stop
/etc/init.d/sendmail start
/ 80 79

PPP SERVER

Ci '(t PPP Server trn Linux ( sS d6ng kernel 2.2.x hay 2.4.x ).
PPP server t.!ng tU RAS server bn windows. Cho php client truy
c@p tK xa vo server thng qua modem. Server sS d6ng modem
External gVn vo COM1 hoac COM2
1. ;Cm bCo cc package sau 'y ' '.:c ci '(t:
mgetty-1.1.28-9.i386.rpm
mgetty-sendfax-1.1.28-9.i386.rpm (netpbm)
mgetty-viewfax-1.1.28-9.i386.rpm
mgetty-voice-1.1.28-9.i386.rpm
mingetty-1.00-3.i386.rpm
ppp-2.4.1-7.i386.rpm

2. MQ t@p tin /etc/inittab tm 'An
# Run gettys in standard runlevels
1:2345:respawn:/sbin/mingetty tty1
Thm vo :
7:2345:respawn:/sbin/mgetty ttyS0 -n 1 ( NAu
modem gVn vo COM1)
8:2345:respawn:/sbin/mgetty ttyS1 -n 1 ( NAu modem
gVn vo COM2)

# s< l1n Ring '.:c xc 'Nnh bVng tham s< -n 1 ( ring 1 l3n)
3. Kch hoPt lPi inittab
kill -HUP 1

Sau khi kch hoPt lPi inittab 'n tn hi#u AA v TR (AA: Auto
Answer, TR: Terminal Ready) b@t sng. Lc ny nAu quay s<
vo PPP Server sX th1y tn hi#u trC l/i

4. MQ t@p tin /etc/mgetty+sendfax/login.config them vo:

Redhat Linux
/ 80 80
/AutoPPP/ - a_ppp /usr/sbin/pppd auth -chap +pap login
debug

5. MQ t@p tin /etc/ppp/pap-secrets v them vo * cho server,
cho secret v * cho 'Na ch[ IP, bPn c>ng c thF ch[ 'Nnh tn,
password v IP cho vi#c chEng thUc PAP
6. MQ t@p tin /etc/ppp/options them vo nhLng options:
lock
-detach
modem
crtscts
proxyarp
asyncmap 0

lock: TPo t@ptin lock ginh ring quy5n truy xu1t nhLng
thiAt bN '(t bi#t
-detach: ni cho pppd khng phn mCnh thnh nhLng
tiAn trnh n5n khc, cho 'An khi thiAt bN serial '.:c ch[
'Nnh
modem: ng./i dng sX phCi ':i tn hi#u tK modem 'F
c thF '.:c xc nh@n khi thiAt bN serial '.:c mQ, nAu
khng '.:c ch[ 'Nnh tr.c
crtscts: sS d6ng ph3n cEng 'i5u khiFn flow
proxyarp: ch[ 'Nnh cho client xu1t hi#n trn mPng Lan
ngang hng
asyncmap 0: thiAt l@p pppd khng ci v sS d6ng
escape control sequences
7. TPo t@p tin /etc/ppp/options.ttyname ch[ 'Nnh IP cho client v
server trn m8i c+ng tty
192.168.0.1:192.168.0.100
#serverIP:clientIP

Dng windows tPo kAt n<i vo PPP Server vi Username v
Password cIa user trn h# 'i5u hnh Linux

LINUX

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

LINUX

Uploaded by

Copyright:

Available Formats

Redhat Linux

You might also like