Professional Documents
Culture Documents
H NI 2006
Li ni u
Giy php s dng ca hu ht cc phn mm u c a ra nhm hn ch bn t do chia s v thay i n. Ngc li, Giy php Cng cng ca GNU c mc ch m bo cho bn c th t do chia s v thay i phn mm t do - tc l m bo rng phn mm l t do i vi mi ngi s dng. Giy php Cng cng ny p dng cho hu ht cc phn mm ca T chc Phn mm T do v cho tt c cc chng trnh khc m tc gi cho php s dng. (i vi mt s phn mm khc ca T chc Phn Mm T do, p dng Giy php Cng cng Hn ch ca GNU thay cho giy php cng cng). Bn cng c th p dng n cho cc chng trnh ca mnh. Khi ni n phn mm t do, chng ta ni n s t do s dng ch khng quan tm v gi c. Giy php Cng cng ca chng ti c thit k m bo rng bn hon ton t do cung cp cc bn sao ca phn mm t do (cng nh kinh doanh dch v ny nu bn mun), rng bn c th nhn c m ngun nu bn c yu cu, rng bn c th thay i phn mm hoc s dng cc thnh phn ca phn mm cho nhng chng trnh t do mi; v rng bn bit chc l bn c th lm c nhng iu ny. bo v bn quyn ca bn, chng ti cn a ra nhng hn ch ngn chn nhng ai chi b quyn ca bn, hoc yu cu bn chi b quyn ca mnh. Nhng hn ch ny cng
c ngha l nhng trch nhim nht nh ca bn khi cung cp cc bn sao phn mm hoc khi chnh sa phn mm . V d, nu bn cung cp cc bn sao ca mt chng trnh, d min ph hay khng, bn phi cho ngi nhn tt c cc quyn m bn c. Bn cng phi m bo rng h cng nhn c hoc tip cn c m ngun. V bn phi thng bo nhng iu khon ny cho h h bit r v quyn ca mnh. Chng ti bo v quyn ca bn vi hai bc: (1) bo v bn quyn phn mm, v (2) cung cp giy php ny bn c th sao chp, lu hnh v/hoc chnh sa phn mm mt cch hp php. Ngoi ra, bo v cc tc gi cng nh bo v chnh mnh, chng ti mun chc chn rng tt c mi ngi u hiu r rng khng h c bo hnh i vi phn mm t do ny. Nu phn mm c chnh sa thay i bi mt ngi khc v sau lu hnh, th chng ti mun nhng ngi s dng bit rng phin bn h ang c khng phi l bn gc, do tt c nhng trc trc do nhng ngi khc gy ra hon ton khng nh hng ti uy tn ca tc gi ban u. Cui cng, bt k mt chng trnh t do no cng u thng xuyn c nguy c b e do v giy php bn quyn. Chng ti mun trnh nguy c khi nhng ngi cung cp li mt chng trnh t do c th c c giy php bn quyn cho bn thn h, t tr thnh c quyn i vi chng trnh . ngn nga trng hp ny, chng ti nu r rng mi giy php bn quyn hoc phi c cp cho tt c mi ngi s dng mt cch t do hoc hon ton khng cp php. Di y l nhng iu khon v iu kin r rng i vi vic sao chp, lu hnh v chnh sa.
Trong Giy php ny khng cp ti cc hot ng khc ngoi vic sao chp, lu hnh v chnh sa; chng nm ngoi phm vi ca giy php ny. Hnh ng chy chng trnh khng b hn ch, v nhng kt qu t vic chy chng trnh ch c cp ti nu ni dung ca n to thnh mt sn phm da trn chng trnh (c lp vi vic chy chng trnh). iu ny ng hay khng l ph thuc vo Chng trnh. 1. Bn c th sao chp v lu hnh nhng phin bn nguyn bn ca m ngun Chng trnh ng nh khi bn nhn c, qua bt k phng tin phn phi no, vi iu kin trn mi bn sao bn u km theo mt ghi ch bn quyn r rng v t chi bo hnh; gi nguyn tt c cc ghi ch v Giy php v v vic khng c bt k mt s bo hnh no; v cng vi Chng trnh bn cung cp cho ngi s dng mt bn sao ca Giy php ny. Bn c th tnh ph cho vic chuyn giao bn sao, v tu theo quyt nh ca mnh bn c th cung cp bo hnh i li vi chi ph m bn tnh. 2. Bn c th chnh sa bn sao ca bn hoc cc bn sao ca Chng trnh hoc ca bt k phn no ca n, t hnh thnh mt sn phm da trn Chng trnh, v sao chp cng nh lu hnh sn phm hoc nhng chnh sa theo iu khon trong Mc 1 trn, vi iu kin bn p ng c nhng iu kin di y: a) Bn phi c ghi ch r rng trong nhng tp tin chnh sa l bn chnh sa n, v ngy thng ca bt k mt thay i no. b) Bn phi cp php min ph cho tt c cc bn th ba i vi cc sn phm bn cung cp hoc pht hnh, bao gm Chng trnh nguyn bn, tng phn ca n hay cc sn phm da trn Chng trnh hay da trn tng phn ca Chng trnh, theo nhng iu khon ca Giy php ny. c) Nu chng trnh chnh sa thng c lnh tng tc trong khi chy, bn phi thc hin sao cho khi bt u chy s dng tng tc theo cch thng thng nht phi c mt thng bo bao gm bn quyn v thng bo v vic khng c bo hnh (hoc thng bo bn l ngi cung cp bo hnh), v rng ngi s dng c th cung cp li Chng trnh theo nhng iu kin ny, v thng bo ngi s dng c th xem bn sao ca Giy php ny. (Ngoi l: nu bn thn Chng trnh l tng tc nhng khng c mt thng bo no nh trn, th sn phm ca bn da trn Chng trnh cng khng bt buc phi c thng bo nh vy). Nhng yu cu trn p dng cho ton b cc sn phm chnh sa. Nu c nhng phn ca sn phm r rng khng bt ngun t Chng trnh, v c th c xem l c lp v ring bit, th Giy php ny v cc iu khon ca n s khng p dng cho nhng phn khi
bn cung cp chng nh nhng sn phm ring bit. Nhng khi bn cung cp nhng phn nh nhng phn nh trong c mt sn phm da trn Chng trnh, th vic cung cp ny phi tun theo nhng iu khon ca Giy php ny, cho php nhng ngi c cp php c quyn i vi ton b sn phm, cng nh i vi tng phn trong , bt k ai vit n. Nh vy, iu khon ny khng nhm mc ch xc nhn quyn hoc tranh ginh quyn ca bn i vi nhng sn phm hon ton do bn vit; m mc ch ca n l nhm thi hnh quyn kim sot i vi vic cung cp nhng sn phm bt ngun hoc tng hp da trn Chng trnh. Ngoi ra, vic kt hp thun tu Chng trnh (hoc mt sn phm da trn Chng trnh) vi mt sn phm khng da trn Chng trnh vi mc ch lu tr hoc qung b khng a sn phm vo trong phm vi p dng ca Giy php ny. 3. Bn c th sao chp v cung cp Chng trnh (hoc mt sn phm da trn Chng trnh, nu trong Mc 2) di hnh thc m bin dch hoc dng c th thc thi c trong khun kh cc iu khon nu trong Mc 1 v 2 trn, nu nh bn: a) Km theo mt bn m ngun dng y c th bin dch c theo cc iu khon trong Mc 1 v 2 nu trn trong mt mi trng trao i phn mm thng thng; hoc, b) Km theo mt ngh c hn trong t nht 3 nm, theo cung cp cho bt k mt bn th ba no mt bn sao y ca m ngun tng ng, v phi c cung cp vi gi chi ph khng cao hn gi chi ph vt l ca vic cung cp theo cc iu khon trong Mc 1 v 2 nu trn trong mt mi trng trao i phn mm thng thng; hoc c) Km theo thng tin bn nhn c ngh cung cp m ngun tng ng. (Phng n ny ch c php i vi vic cung cp phi thng mi v ch vi iu kin nu bn nhn c Chng trnh di hnh thc m bin dch hoc dng c th thc thi c cng vi li ngh nh vy, theo phn b trong iu khon nu trn). M ngun ca mt sn phm l mt dng u tin ca sn phm dnh cho vic chnh sa n. Vi mt sn phm c th thi hnh, m ngun hon chnh c ngha l tt c cc m ngun cho cc mun trong sn phm , cng vi tt c cc tp tin nh ngha giao din i km vi n, cng vi cc hng dn dng kim sot vic bin dch v ci t cc tp thi hnh. Tuy nhin, mt ngoi l c bit l m ngun khng cn cha bt k mt th g m bnh thng c cung cp (t ngun khc hoc hnh thc nh phn) cng vi nhng thnh
phn chnh (chng trnh bin dch, nhn, v nhng phn tng t) ca h iu hnh m cc chng trnh chy trong , tr khi bn thn thnh phn li i km vi mt tp thi hnh. Nu vic cung cp lu hnh m bin dch hoc tp tin thi hnh c thc hin qua vic cho php tip cn v sao chp t mt a im c ch nh, th vic cho php tip cn tng ng ti vic sao chp m ngun t cng a im cng c tnh nh vic cung cp m ngun, mc d thm ch cc bn th ba khng b buc phi sao chp m ngun cng vi m bin dch. 4. Bn khng c php sao chp, chnh sa, cp php hoc cung cp Chng trnh tr phi phi tun th mt cch chnh xc cc iu khon trong Giy php. Bt k nh sao chp, chnh sa, cp php hoc cung cp Chng trnh theo cch khc u lm mt hiu lc v t ng hu b quyn ca bn trong khun kh Giy php ny. Tuy nhin, cc bn nhn c bn sao hoc quyn t bn vi Giy php ny s khng b hu b giy php nu cc bn vn tun th y cc iu khon ca giy php. 5. Bn khng bt buc phi chp nhn Giy php ny khi bn cha k vo . Tuy nhin, khng c g khc m bo cho bn c php chnh sa hoc cung cp Chng trnh hoc cc sn phm bt ngun t Chng trnh. Nhng hnh ng ny b lut php nghim cm nu bn khng chp nhn Giy php ny. Do vy, bng vic chnh sa hoc cung cp Chng trnh (hoc bt k mt sn phm no da trn Chng trnh), bn th hin s chp thun i vi Giy php ny, cng vi tt c cc iu khon v iu kin i vi vic sao chp, cung cp hoc chnh sa Chng trnh hoc cc sn phm da trn n. 6. Mi khi bn cung cp li Chng trnh (hoc bt k mt sn phm no da trn Chng trnh), ngi nhn s t ng nhn c giy php t ngi cp php u tin cho php sao chp, cung cp v chnh sa Chng trnh theo cc iu khon v iu kin ny. Bn khng th p t bt c hn ch no khc i vi vic thc hin quyn ca ngi nhn c cp php t thi im . Bn cng khng phi chu trch nhim bt buc cc bn th ba tun th theo Giy php ny. 7. Nu nh, theo quyt nh ca to n hoc vi nhng bng chng v vic vi phm bn quyn hoc v bt k l do no khc (khng gii hn trong cc vn v bn quyn), m bn phi tun theo cc iu kin (nu ra trong lnh ca to n, bin bn tho thun hoc ni khc) tri vi cc iu kin ca Giy php ny, th chng cng khng th min cho bn khi nhng iu kin ca Giy php ny. Nu bn khng th ng thi thc hin cc ngha v ca mnh trong khun kh Giy php ny v cc ngha v thch ng khc, th hu qu
l bn hon ton khng c cung cp Chng trnh. V d, nu trong giy php bn quyn khng cho php nhng ngi nhn c bn sao trc tip hoc gin tip qua bn c th cung cp li Chng trnh th trong trng hp ny cch duy nht bn c th tho mn c hai iu kin l hon ton khng cung cp Chng trnh. Nu bt k mt phn no trong iu khon ny khng c hiu lc hoc khng th thi hnh trong mt hon cnh c th, th s cn i p dng cc iu khon, v ton b iu khon s c p dng trong nhng hon cnh khc. Mc ch ca iu khon ny khng nhm buc bn phi vi phm bt k mt bn quyn no hoc cc quyn s hu khc hoc tranh lun v gi tr hiu lc ca bt k quyn hn no nh vy; mc ch duy nht ca iu khon ny l nhm bo v s ton vn ca h thng cung cp phn mm t do ang c thc hin vi giy php cng cng. Nhiu ngi ng gp rt nhiu vo s a dng ca cc phn mm t do c cung cp thng qua h thng ny vi s tin tng rng h thng c s dng mt cch thng nht; tc gi/ngi cung cp c quyn quyt nh rng h c mong mun cung cp phn mm thng qua h thng no khc hay khng, v ngi c cp php khng th c nh hng ti s la chn ny.
10. Nu bn mun kt hp cc phn ca Chng trnh vo cc chng trnh t do khc m iu kin cung cp khc vi chng trnh ny, hy vit cho tc gi c php. i vi cc phn mm c cp bn quyn bi T chc Phm mm T do, hy xut vi t chc ny; i khi chng ti cng c nhng ngoi l. Quyt nh ca chng ti s da trn hai mc tiu l bo h tnh trng t do ca tt c cc sn phm bt ngun t phn mm t do ca chng ti, v thc y vic chia s v ti s dng phn mm ni chung.
KHNG BO HNH
DO CHNG TRNH C CP PHP MIN PH NN KHNG C MT CH BO HNH NO TRONG MC CHO PHP CA LUT PHP. TR KHI C CNG B KHC I BNG VN BN, NHNG NGI GI BN QUYN V/HOC CC BN CUNG CP CHNG TRNH NGUYN BN S KHNG BO HNH DI BT K HNH THC NO, BAO GM NHNG KHNG GII HN TRONG CC HNH THC BO HNH I VI TNH THNG MI CNG NH TNH THCH HP CHO MT MC CH C TH. BN L NGI CHU TON B RI RO V CHT LNG CNG NH VIC VN HNH CHNG TRNH. TRONG TRNG HP CHNG TRNH C KHIM KHUYT, BN PHI CHU TON B CHI PH CHO NHNG DCH V SA CHA CN THIT. TRONG TT C CC TRNG HP TR KHI C YU CU CA LUT PHP HOC C THO THUN BNG VN BN, NHNG NGI C BN QUYN HOC BT K MT BN NO CHNH SA V/HOC CUNG CP LI CHNG TRNH TRONG CC IU KIN NH NU TRN U KHNG C TRCH NHIM VI BN V CC LI HNG HC, BAO GM CC LI CHUNG HAY C BIT, NGU NHIN HAY TT YU NY SINH DO VIC S DNG HOC KHNG S DNG C CHNG TRNH (BAO GM NHNG KHNG GII HN TRONG VIC MT D LIU, D LIU THIU CHNH XC HOC CHNG TRNH KHNG VN HNH C VI CC CHNG TRNH KHC), THM CH C KHI NGI C BN QUYN V CC BN KHC C THNG BO V KH NNG XY RA NHNG THIT HI .
thnh phn mm t do ai cng c th cung cp li v thay i theo nhng iu khon nh trn. lm c vic ny, hy nh km nhng thng bo nh sau cng vi chng trnh ca mnh. An ton nht l nh km chng trong phn u ca tp tin m ngun thng bo mt cch hiu qu nht v vic khng c bo hnh; v mi tp tin u phi c t nht mt dng v bn quyn v tr n ton b thng bo. Mt dng tn chng trnh v ni dung ca n. Bn quyn (C) nm, tn tc gi. Chng trnh ny l phn mm t do, bn c th cung cp li v/hoc chnh sa n theo nhng iu khon ca Giy php Cng cng ca GNU do T chc Phn mm T do cng b; phin bn 2 ca Giy php, hoc bt k mt phin bn sau (tu s la chn ca bn). Chng trnh ny c cung cp vi hy vng n s hu ch, tuy nhin KHNG C BT K MT BO HNH NO; thm ch k c bo hnh v KH NNG THNG MI hoc TNH THCH HP CHO MT MC CH C TH. Xin xem Giy php Cng cng ca GNU bit thm chi tit. Bn phi nhn c mt bn sao ca Giy php Cng cng ca GNU km theo chng trnh ny; nu bn cha nhn c, xin gi th v T chc Phn mm T do, 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. Xin hy b sung thng tin v a ch lin lc ca bn (th in t v bu in). Nu chng trnh chy tng tc, hy a mt thng bo ngn khi bt u chy chng trnh nh sau: Gnomovision phin bn 69, Copyright (C) nm, tn tc gi. Gnomovision HON TON KHNG C BO HNH; xem chi tit hy g `show w'. y l mt phn mm min ph, bn c th cung cp li vi nhng iu kin nht nh, g show c xem chi tit. Gi thit lnh `show w' v `show c' cho xem nhng phn tng ng trong Giy php Cng cng. Tt nhin nhng lnh m bn dng c th khc vi show w' v `show c'; nhng lnh ny c th l nhn chut hoc lnh trong thanh cng c - tu theo chng trnh ca bn. Bn cng cn phi ly ch k ca ngi ph trch (nu bn l ngi lp trnh) hoc ca trng hc (nu c) xc nhn t chi bn quyn i vi chng trnh. Sau y l v d: Yoyodyne, Inc., ti y t chi tt c cc quyn li bn quyn i vi chng trnh `Gnomovision' vit bi James Hacker.
Ch k ca Ty Coon, 1 April 1989 Ty Coon, Ph Tng Gim c. Giy php Cng cng ny khng cho php a chng trnh ca bn vo trong cc chng trnh c quyn. Nu chng trnh ca bn l mt th vin th tc ph, bn c th thy n hu ch hn nu cho th vin lin kt vi cc ng dng c quyn. Nu y l vic bn mun lm, hy s dng Giy php Cng cng Hn ch ca GNU thay cho Giy php ny.
GII THIU
Gii thiu ti liu Ti liu Qun tr h thng Linux l cun gio trnh b ch, c xy dng vi mc ch chuyn ti cc kin thc ht sc c bn nhng cn thit i vi cc hc vin, c bit l i vi nhng ngi lm cng tc ging dy. c bin son da trn b gio trnh ca Hc vin Linux LPI (Linux Professional Institute). y l b gio trnh c bin son mt cch cng phu, t m v khoa hc, dng cho vic o to v n luyn cc chng ch LPI ca Hc vin Linux. Do ang trong qu trnh xy dng h thng gio trnh v bi ging mt cch khoa hc v chuyn nghip. V vy, trong qu trnh dch v bin son ti liu khng trnh khi nhng thiu st. Rt mong c s ng gp kin ca ngi c ti liu ngy cng c hon chnh hn. Hi vng trong thi gian ti, cng vi s cng tc cht ch gia RedHat v Cng ty ISE, chng ti s xy dng c b gio trnh hon chnh, khoa hc v phong ph hn. Nhm tc gi xin chn thnh cm n v chc cho ngi c c c mt kho hc b ch. Nhm tc gi Cng ty ISE
Gii thiu chng trnh o to ISE Linux Chng trnh o to ISE Linux bao gm 3 kho hc: Linux C bn (Basic Course) Linux Trung cp (Intermediate Course) Linux Nng cao (Advanced Course) Vi 03 kho ISE Linux ny, lng kin thc em li cho hc vin l c th tham gia vo cc k thi t chng ch quc t nh Chng ch LPI, Chng ch RedHat, ...
Cc qui c ca ti liu Cc cu lnh v tn file s c hin th bng ch bi m. K hiu <> c s dng biu th cc tham s khng phi l tham s la chn K hiu [] biu th cc tham s la chn
hoc cu lnh
MC LC
NHN LINUX.......................................................................................................... 17 1. Khi nim nhn .................................................................................................. 17 2. Nhn Modular .................................................................................................... 18 3. Bin dch li nhn .............................................................................................. 19 3.1 Gii nn m ngun....................................................................................... 19 3.2 Cu hnh nhn.............................................................................................. 20 3.3 Dch nhn..................................................................................................... 22 3.4 Ci t mt nhn mi .................................................................................. 24 3.5 Phin bn nhn y ................................................................................. 25 3.6 Khi to Ramdisks ...................................................................................... 26 3.7 La chn ...................................................................................................... 26 3.8 Chy li LILO.............................................................................................. 26 4. Thc hnh .......................................................................................................... 27 KHI NG LINUX ............................................................................................. 28 Tng quan .............................................................................................................. 28 1. Tm hiu cc mc thc thi (Runlevels) ............................................................. 28 2. inittab ................................................................................................................. 30 3. GRUB - GRand Unified Bootloader.................................................................. 33 4. T khi ng n bash....................................................................................... 34 5. Thc hnh .......................................................................................................... 36 QUN L NGI DNG V NHM ................................................................ 37 1. To ngi dng mi........................................................................................... 37 2. Lm vic vi nhm ............................................................................................ 38
3. File cu hnh....................................................................................................... 40 4. Cc tham s la chn ca cu lnh................................................................... 43 5. Sa thit lp mc nh v ti khon................................................................... 44 6. Thc hnh .......................................................................................................... 47 CU HNH MNG ................................................................................................. 49 1. The Network Interface ....................................................................................... 49 2. Thng tin my ch (Host Information).............................................................. 50 3. Khi ng (Start) v dng (Stop) mng ............................................................ 52 4. nh tuyn.......................................................................................................... 54 5. Cc cng c mng.............................................................................................. 57 6. Thc hnh .......................................................................................................... 60 MNG TCP/IP ........................................................................................................ 62 1. S nh phn v Dotted Quad .............................................................................. 62 2. a ch Broadcast, a ch mng v netmask ..................................................... 63 3. Lp mng ........................................................................................................... 65 4. Subnets............................................................................................................... 67 5. H giao thc TCP/IP.......................................................................................... 69 6. Cc dch v v cc cng trong TCP/IP .............................................................. 71 7. Thc hnh .......................................................................................................... 74 CC DCH V MNG........................................................................................... 75 1. Tin trnh nn inetd (c) .................................................................................... 75 2. Tin trnh nn xinetd.......................................................................................... 77 3. TCP wrappers..................................................................................................... 78 4. Thit lp NFS..................................................................................................... 79 5. SMB v NMB .................................................................................................... 80
6. Cc dch v DNS ............................................................................................... 83 8. My ch Apaches............................................................................................... 89 9. Thc hnh .......................................................................................................... 91 BASH SCRIPTING ................................................................................................. 94 1. Mi trng bash................................................................................................. 94 2. Cc yu t cn thit Scripting ............................................................................ 96 3. Cc c lng logic........................................................................................... 98 4. Vng lp............................................................................................................. 99 5. u vo do ngi dng nhp........................................................................... 101 6. Lm vic vi s................................................................................................ 102 7. Thc hnh ........................................................................................................ 104 BO MT .............................................................................................................. 106 1. Bo mt a phng......................................................................................... 106 2. An ninh mng................................................................................................... 109 3. Shell an ton..................................................................................................... 114 4. Cu hnh thi gian............................................................................................ 116 5. Bo mt nhn ................................................................................................... 118 QUN TR H THNG LINUX......................................................................... 122 Tng quan ............................................................................................................ 122 1. Logfiles v cc file cu hnh ............................................................................ 122 2. Cc tin ch nht k ......................................................................................... 124 3. Cc cng vic t ng (Automatic Tasks)....................................................... 126 4. Sao lu v nn.................................................................................................. 129 5. Ti liu ............................................................................................................. 131 5. Thc hnh ........................................................................................................ 135
CI T PPP ........................................................................................................ 137 1. Serial Modems ................................................................................................. 137 2. Cu hnh quay s (dialup)................................................................................ 138 3. pppd v chat ..................................................................................................... 139 4. PPPD peers....................................................................................................... 140 5. Wvdial.............................................................................................................. 141 IN N ...................................................................................................................... 143 1. B lc (Filters) v gs........................................................................................ 143 2. My in v hng i in ...................................................................................... 143 3. Cc cng c in n............................................................................................. 144 4. Cc file cu hnh .............................................................................................. 146 5. Thc hnh ........................................................................................................ 151
A:
L mt loi nhn h tr tt c cc phn cng, network v filesytem, c bin dch vo trong mt file image n. B: H tr module (Modular)
L loi nhn cha mt s trnh iu khin, c bin dch nh l cc file i tng m nhn linux c th ti vo v xa khi c yu cu. Loadable modules c t trong th mc /lib/modules.
u im ca loi modular kernel l khng cn phi dch li khi cm thm phn cng hoc thay th phn cng, nhanh, tin v p ng c hu ht cc trng hp s
Copyright ISE, 2006
17
Ti liu o to Linux trung cp NHN LINUX dng. Monolithic c u im so vi modular kernel chnh c im khng th np thm module mi vo nhn. Trong nhng h thng nhy cm, monolithic kernel kt hp vi vic khng ci t trnh bin dch s hn ch hacker rt nhiu trong vic s dng nhng module iu khin dng backdoor mc nhn.
2. Nhn Modular
Rt nhiu thnh phn ca nhn linux c th bin dch nh l cc modules v cc module ny c th ti vo hoc xa khi cn thit. Cc module cho nhn linux c lu trong: /lib/modules/<kernel-version>. Cc thnh phn tt nht module ha l cc thnh phn khng cn cho qu trnh boot my, v d cc thit b ngoi vi v h thng v h thng file ph. Cc module ca nhn linux c iu khin bng cc tin ch nm trong gi modutils
lsmod rmmod insmod modprobe modinfo
Nhiu module ph thuc vo s c mt ca module khc. File lu thng tin v cc module ph thuc /lib/modules/<kernel-version>/modules.dep c sinh ra bi lnh depmod. Lnh ny c thc thi bi sript rs.syinit khi boot my. -- modprobe s ti tt c cc module v cc module ph thuc s c lit k trong modules.dep -- /etc/modules.conf dng lu cc tham s module (IRQ v IO ports) nhng thng cha mt danh sch cc b danh (alias). Nhng b danh cho php ng dng tham chiu n thit b bng mt tn thng dng. V d thit b ethernet u tin lun gi l eth0 v khng dng tn ca trnh iu khin c th.
Copyright ISE, 2006
18
rm linux
M ngun ca nhn ng gi di dng gi RPM thng to ra mt lin kt tn l linux-2-4 Gii nn m ngun mi (e.g linux-2.4.20.tar.bz2)
19
Ti liu o to Linux trung cp NHN LINUX Nhn phin bn 2.2 to ra th mc tn linux ch khng phi linuxversion. Do bc 1 l rt quan trng, ngoi ra c th nghi m ngun c bng m ngun nhn mi. T nhn phin bn 2.4 tr i, tn th mc l linux-version.
Ch :
To mt lin kt mm tn l linux t th mc mi va c to
ln -s linux-2.4.20 linux
n y, nhn sn sng cho vic cu hnh, nhng chng ta phi chc chn rng, tt c file nh phn c c xa khi th mc cha m ngun ca nhn, xa cc file nh phn hy dng lnh make mrproper.
3.2 Cu hnh nhn u tin son tho file Makefile v thit lp bin EXTRAVERSION khc vi cc phin bn c:
VERSION = 2 PATCHLEVEL = 4 SUBLEVEL = 20 EXTRAVERSION = -test
By gi l lc cu hnh cho nhn linux, cng vic c bn ca vic cu hnh l to mt file c tn gi .config bng cch: t th mc /usr/src/linux thc hin mt trong cc lnh sau:
make menuconfig make xconfig make config
20
Thng thng d dng trong vic cu hnh mt nhn mi s dng file .config c bng cch s dng lnh make oldconfig. Lnh ny s ch nhc ngi dng nhng c tnh mi trong cy th mc m ngun ca nhn (nu nhn mi hn hoc nhn c sa cha).. Ch : mt s dng linux (distributions linux) v d RedHat c mt th mc configs con cha cc file config vi cc thng s cu hnh c thit lp trc. kch hot cc tnh nng nhn (vi make menuconfig) bn s phi nhp category mc cao nht bng cch chuyn cc phm mi tn v bm enter truy cp vo category mong mun. Trong category c th, bm thanh du cch s lm thay i nhn h tr i vi mt c tnh hoc mt driver Cc kh nng h tr l o H tr (bin dch tnh) [*] o modular (bin dch ng) [M] o khng h tr [ ] Cc la chn ging nh trn cng c th s dng i vi cc ch config v xconfig.
21
make dep Khi cu hnh nhn xong, cn i chiu li cc chn la trong tt c cc th mc con trong th mc m ngun ca nhn, bng cch dng lnh make dep. File .depend cha ng dn ti cc header file nm trong th mc /usr/src/linux/include, nhng file ny c sinh ra cng vi dep target. make clean Lnh make nhn ch th t Makefile v s to (build) nhng th cn thit. Nu file no c ri th lnh make s s dng chng. C th l nhng file c m rng l: *.o. m bo mi la chn cu hnh trong .config c s dng to li cc file, cn chy lnh make clean ( xa cc file *.o)
Copyright ISE, 2006
22
Ch : Bn khng cn chy lnh make clean giai on ny nu bn to th mc ngun bng lnh make mrproper.
Sau hai lnh trn (vi nhng bn nhn 2.6 tr ln, mi dch ln u th khng cn thit), nhn linux c bin dch bng mt trong hai lnh sau:
Khi thc hin bin dch xong m khng c bt c li no, s c mt file tn l vmlinux nm trong th mc /usr/src/linux/. Hai lnh khc s to mt file b sung trong /usr/src/linux/arch/i386/boot gi l zImage v bzImage. Hai lnh ny nn nhn bng gzip v bzip2. Xem mc ci t mt nhn mi bit cch x l nhng file ny.
make modules Dng bin dch cc modules make modules_install Lnh ny s copy cc modules vo cc th mc tng ng trong /lib/modules Dy cc lnh c minh ha trong hnh 3:
23
3.4 Ci t mt nhn mi
Nhn mi nm trong /usr/src/linux/arch/i386/boot/bzImage, ph thuc vo kin trc my ca bn. File ny phi c copy vo th mc /boot, v t tn l vmlinuz<full-kernel-version>
/usr/src/linux/arch/i386/boot/bzImage /boot/vmlinuz-<full-kernel-version>
Tip theo chnh sa file /etc/lilo.conf hoc /boot/grub/grub.conf add nhn mi c bin dch vo boot menu. Copy phn image ca nhn mi v a vo cui file nh hnh minh ha:
24
cp /usr/src/linux/System.map /boot/System.map-<full-kernel-version>
3.5 Phin bn nhn y Trong mt h thng, phin bn ca nhn ang chy c th c in ra vi cu lnh uname -r Phin bn nhn ny cng c th c hin th trn cc terminal o nu tham s la chn \k c s dng trong /etc/issue.
25
Ramdisk c s dng h tr qu trnh khi ng np cc module truy cp nhng block device cn thit (IDE, SCSI, RAID) cho vic truy cp phn vng root ln u tin (dng ro). Ramdisk c to bng cch s dng lnh mkinitrd vi hai tham s: tn file, v s hiu phin bn ca nhn. Nu bn s dng ramdisk th bn phi thm dng initrd = line trong /etc/lilo.conf V d:
3.8 Chy li LILO Cui cng LILO cn phi c chy li cp nht boot loader. Lc u LILO c th chy ch kim th kim xem c li trong file cu hnh khng.
26
4. Thc hnh
Trc khi bt u lm nhng bi tp, bn hy kim tra trong th mc /usr/src, nu c nhn ri th hy xa b v ch n lin kt mm ti th mc /usr/src/linux Bi 1: Dch li nhn linux theo cc bc sau y: 1. Download gi kernel-version mi nht t hai trang www.kernel.org v www.redhat.com.
27
C init v telinit c dng chuyn i t mt ch thc thi ny sang ch thc thi khc. Nn nh rng, init l chng trnh khi to u tin c thc hin sau khi nhn h iu hnh c khi to ti thi im khi ng. PID i vi init lun lun bng 1.
Copyright ISE, 2006
28
Ti liu o to Linux trung cp KHI NG LINUX Danh sch 2: PID i vi init lun bng 1
[root@nasaspc /proc]# ps uax |grep init USER root PID 1 %CPU 0.0 %MEM 0.2 VSZ 1368 RSS 592 TTY ? STAT S START TIME 20:17 0:04 COMMAND init [3]
Ti mi mc thc thi, h thng s dng hoc khi ng mt tp cc dch v nht nh. Cc file qun l nhng dch v ny c lu gi trong /etc/rc/d/init.d. Th mc ny cha gn nh tt c cc file qun l dch v m h thng c th chy. Cc dch v khi chy c th c gi l daemon (dch v nn).
kdcrotate kudzu
Ch : Cng c th dng hoc khi ng bng tay cc dch v daemon trong /etc/rc.d/init.d bng cch a ra cc tham s tng ng. V d, nu bn mun khi ng li dch v web mc nh, bn s phi g:
Khi lm vic vi cc mc thc thi, bn s cung cp mt tp cc chng trnh c inh ngha trc nht nh dng chy. Nu bn mun mc thc thi 2 (runlevel 2), bn phi g
29
/sbin/init 2
Trong trng hp ny (gi s chng ta ang chuyn i sang mc thc thi 2) cc dng sau trong file inittab s c thc hin:
l2:wait:/etc/rc.d/rc 2
Nu bn tm kim trong file /etc/inittab cu lnh /etc/rc.d/rc N s khi ng tt c cc dch v trong /etc/rc.d/rcN.d bt u vi S v s dng (stop) dch v bt u vi K. Cc dch v ny l cc biu tng kt ni tr ti cc script trong /ect/rc.d/init.d Nu bn khng mun mt tin trnh thc hin trong mt mc thc thi N cho trc, bn c th xo biu tng kt ni (symlink) trong /etc/rc.d/rN.d bt u bi K.
2. inittab
Nh cp trn, chng ta hy xem file /etc/inittab File s c cu trc nh sau:
30
Trng id c th l bt k. Nu mt mc thc thi c xc nh th cu lnh v hnh ng c yu cu s ch c thc hin mc thc thi ny m thi. Nu
31
Ti liu o to Linux trung cp KHI NG LINUX khng c s no c xc nh th cc dng lnh s c thc hin bt c mc thc thi no. File /etc/inittab: Mc thc thi mc nh: mc ny c thit lp ti im bt u ca file vi id v cng vic initdefault. Ch , khng c lnh no c a ra. Cu lnh ny n gin ch cho init bit mc thc thi mc nh l g. Chng trnh u tin c gi bi init: /etc/rc.d/rc.sysinit. Script ny s thit lp cc mc inh ca h thng nh tham s PATH, xc nh nu mng c cho php, tn my ch, ... Cc dch v mc thc thi mc nh: Nu mc thc thi mc nh l 3 th ch c dng l3 s c thc hin. Cng vic (action) s l ch, khng c chng trnh no c thc thi cho n khi tt c cc dch v trong mc thc thi 3 c chy. Getty terminals: cc dng lnh vi id t 1n 6 thc thi cc thit b o (virtual terminal). y l ni bn c th thay i s lng cc thit b o. Mc thc thi 5: Dng cui cng trong inittab thc thi trnh qun l Xwindow nu mc thc thi 5 c gn.
Ch :
1. Bn c th thit lp mt thit b modem nghe (listen) cc kt ni trong inittab. Nu modem ca bn c kt ni ti /dev/ttyS1 th dng lnh sau s cho php d liu kt ni (khng d liu fax) sau 2 hi chung: S1:12345:respawn:/sbin/mgetty -D -x 2 /dev/ttyS1
2. Khi thay i /etc/inittab bn cn phi bt init c li file cu hnh ny. iu ny c thc hin kh d dng bng cch:
/sbin/init q
32
all kernel and initrd paths are relative to /boot/, eg. root (hd0,0) kernel /vmlinuz-version ro root=/dev/VolGroup01/LogVol00 initrd /initrd-version.img boot=/dev/sda
33
Vi GRUB, vic cp nht cc tham s khi ng khng qu phc tp nh LILO. Ch cn sa li file /boot/grub/grub.conf v chp cc file cn thit vo /boot l lp tc c hiu qu trong ln khi ng sau. File cu hnh ca GRUB cng c nhiu la chn hn, cho php ngi dng c th s dng nhiu kch bn khi ng khc nhau. Cng nh LILO, GRUB cho php la chn nhiu kch bn khi khi ng, cng nh cho php ngi dng chnh sa cc tham s khi ng ngay trc khi khi ng. C th s dng mt khu ngn chn vic ny thng qua khai bo password trong file cu hnh. Lnh grub-md5-crypt cung cp hm m ha md5 cho php che du mt khu khi s dng. Cc khai bo khc c th tham kho chi tit thng qua lnh info grub. Trong qu trnh khi ng, tt c cc thng bo nhn h thng c mc nh ghi li trong /var/log/dmesg. File ny c th c v in ra stdout vi tin ch /bin/dmesg.
4. T khi ng n bash
By gi chng ta s xem xt cc bc trong qu trnh khi ng h thng Linux. Ramdisk c khi to v np vo b nh tht ti cc module cn thit. Nhn h thng c ti t a cng (hoc CD) xc nh trong cu hnh ca GRUB. Trong qu trnh ti ny th nhn s c gii nn. Nhn h thng s gn (mount) phn vng root (/) theo dng ch c. Lc ny cc chng trnh cn thit trong /bin v /sbin sn sng c truy cp. Sau nhn h thng s ti init - tin trnh u tin. init s c file /etc/inittab v thc hin theo cc ni dung ca n. C th l rc.sysinit c chy.
Copyright ISE, 2006
34
Ti liu o to Linux trung cp KHI NG LINUX Sau , tt c cc khai bo trong /etc/fstab c nh x (mount) v kim tra (fsck). Tip theo init s chuyn sang mc thc thi mc nh, cc dch v s c khi ng. Dch v mc nh rc c u tin thp nht s thi hnh cui cng v gi file /etc/rc.d/rc.local. Du nhc ng nhp h thng c qun l bi gettys trong ttys.
35
5. Thc hnh
Hy xem li ton b ni dung ca phn trnh by trn v hon thnh cc bi tp sau y: Thay i mc thc thi mc nh ca h thng thnh 3 v 5. Lm th no bn c th bit c mc thc thi hin ti? Cho php t hp phm Ctrl + Alt + Del ch trong mc thc thi 3. Thm mt du nhc ng nhp trong tty7. Lm th no c th bt init c file cu hnh ca n? S dng dmesg c thng tin chipset card mng ca bn. So snh s khc nhau gia shutdown, halt v reboot. Tham s la chn no ca shutdow s lm cho fsck ti ln khi ng tip theo? S dng cng c chkconfig hoc ntsysv tt (disable) chng trnh nn sshd (sshd daemon) trong mc thc thi h thng 2, 3, 4 v 5. m bo rng cc ng link k hiu (symbolic links) trong cc th mc rc2.d, rc3.d, rc4.d v rc5.d thay i. Khi ng li h thng. Ti du nhc khi ng nhp tham s init = tham s b qua /sbin/init v khi ng mt tin trnh bash n gin.
36
useradd rufus
Ch rng thng tin ny cng nm trong file /etc/default/useradd Bc 2: Kch hot ti khon vi mt khu mi
Copyright ISE, 2006
37
Ti liu o to Linux trung cp QUN L NGI DNG V NHM cho php mt ngi dng truy cp vo ti khon ca mnh, qun tr mng phi thit lp mt mt khu cho ngi dng bng cng c passwd
C php:
passwd login-name
Cc bc trn dng to mt ngi dng mi. N cng nh ngha mt mi trng ngi dng nh l th mc home directory v mt shell mc nh. Ngi dng cng c th c gn cho mt nhm, v xc nh nhm mc nh ca mnh.
2. Lm vic vi nhm
Tt c ngi dng mi c gn vo mt nhm mc nh (hoc nhm chnh primary). Tn ti hai qui c. Theo cch truyn thng, nhm chnh ny chung cho tt c ngi dng c gi l nhm users vi ID ca nhm l (GID) 100. Mt s nh cung cp sn phm Linux nh Suse v Debian cng tun th vi qui c ny. Theo cch sp sp, nhm ngi dng ring (User Private Group - UPG) ny c a ra bi RedHat v vic thay i qui c ny s khng lm thay i cch thc lm vic nhm ca UNIX. Vi UPG, mi ngi dng mi s thuc v nhm mc nh ca mnh. Nhm c cng tn vi tn ng nhp (mc nh) v GID s nm trong phm vi t 500 n 60000 (ging vi UIDs).
Thnh vin trong nhm: Mt ngi dng c th thuc v mt hoc nhiu nhm bt k. Tuy nhin, ti mt thi im (v d khi to mt tp mi) th ch duy nht mt nhm l nhm c tc ng. Thng tin v danh sch tt c cc nhm m mt ngi dng thuc v c th c lit k qua cu lnh groups hoc id.
Copyright ISE, 2006
38
Ti liu o to Linux trung cp QUN L NGI DNG V NHM V d i vi ngi dng root:
Lit k tt c ID:
id uid=0(root) gid=0(root) groups=0(root), 1(bin), 2(daemon), 3(sys), 4(adm), 6(disk), 10(wheel), 600(sales)
Lit k tt c cc nhm:
Chuyn nhm hin thi: Lnh tham gia (chuyn) vo nhm s lm thay i nhm tc ng ca ngi dng (users effective group) v bt u mt tin trnh mi m t ngi dng c th thot ra khi nhm (logout). iu ny c th c thc hin qua cu lnh newgrp.
newgrp sales
Nu cu lnh groups c s dng th nhm u tin trong danh sch s chng cn l root m l sales
Copyright ISE, 2006
39
Ti liu o to Linux trung cp QUN L NGI DNG V NHM To mt nhm mi Cng c groupadd c s dng qun tr cc nhm. Cu lnh ny s thm mt thc th vo file /etc/group
V d: to mt nhm devel
groupadd devel
Thm mt ngi dng vo mt nhm: Cc cng vic qun tr c th c thc hin bng cng c gpasswd. C th thm (-a) hoc g b (-d) ngi dng t mt nhm v gn mt ngi quan tr (-A). Cng c ny ban u c thit k thit lp mt mt khu n vo mt nhm, cho php tt c cc thnh vin trong cng mt nhm ng nhp vi cng mt mt khu. V l do an ninh, tnh nng ny khng cn c s dng na.
3. File cu hnh
File /etc/passwd v /etc/shadow: Tn ca tt c ngi dng trong h thng c lu gi trong file /etc/passwd c cu trc nh sau: 1. Tn truy cp 2. Mt khu (hoc x nu s dng file shadow)
Copyright ISE, 2006
40
Ti liu o to Linux trung cp QUN L NGI DNG V NHM 3. UID 4. GID 5. on text m t ngi dng 6. Th mc gc ca ngi dng 7. shell ca ngi dng
7 trng trn c ngn cch bi du hai chm nh c minh ho trong v d sau y. /etc/passwd entry with encrypted passwd:
george:$1$K05gMbOv$b7ryoKGTd2hDrW2sT.h:Dr G Micheal:/home/georges:/bin/bash
du mt khu m ho t ngi dng thng thng bn nn s dng file shadow. File /etc/shadow s cha tn ngi dng v mt khu m ho v ch c th c c bi ngi dng root.
Nu bn khng c file shadow trong /etc th bn c th s dng cu lnh sau y: (passwd -> shadow)
/usr/sbin/pwconv
Cu lnh ny s b x trong trng th hai ca file /etc/passwd v to file /etc/shadow. Nu bn khng mun s dng mt khu bng (shadow password), bn c th lm nh sau: (shadow -> passwd)
/usr/sbin/pwunconv
41
Ti liu o to Linux trung cp QUN L NGI DNG V NHM Ch : Khi s dng file mt khu bng (shadow password) /etc/passwd th c th c c vi quyn (644) v file /etc/passwd phi c cm nhiu hn (600 hoc thm ch 400). Tuy nhin, khi s dng pwunconv th phi bo m thay i quyn trn file /etc/password (600 hoc 400).
File /etc/group and gshadow: Cng tng t nh trn, thng tin ca nhm c lu gi trong file /etc/group. File ny c 4 trng c ngn cch nhau bi du hai chm. 1. Tn nhm 2. Mt khu nhm (hoc x nu file gshadow tn ti) 3. GID 4. Du phy ngn cch danh sch cc thnh vin
V d /etc/group entry:
java:x:550:jade, eric, rufus
Cng nh vi ngi dng, file /etc/gshadow cng c to khi s dng mt khu bng nhm (shadow group passwords). Cc tin ch ny c s dng chuyn i xui hoc ngc cc file shadow hoc non-shadow nh sau:
creates the /etc/gshadow file
/usr/sbin/grpconv
/usr/sbin/grpunconv
42
Ti liu o to Linux trung cp QUN L NGI DNG V NHM File /etc/login.defs v /etc/skel/ File /etc/login.defs cha cc thng tin sau y: th mc mail (the mail spool directory): MAIL_DIR cc iu khin thi gian ca mt khu: PASS_MAX_DAYS, PASS_WARN_AGE PASS_MIN_DAYS, PASS_MAX_LEN,
gi tr max/min ca UID t ng la chn trong useradd: UID_MIN, UID_MAX gi tr max/min i vi la chn t ng GID trong groupadd: GID_MIN, GID_MAX t ng to mt th mc gc vi useradd: CREATE_HOME Th mc /etc/skel cha cc file mc nh v s c copy ti th mc gc ca ngi dng mi c to: .bashrc, .bash_profiles, ..
43
Ti liu o to Linux trung cp QUN L NGI DNG V NHM -p -e -k -n mt khu (m ho md5, s dng du !) ngy ht hn ca ti khon th mc skel tt nhm UPG
5. Sa thit lp mc nh v ti khon
Tt c cc la chn trong khi to mt ngi dng hoc nhm c th c thay i. Tin ch usermod c mt s tham s la chn chnh sau:
usermod (tham s la chn) -d -g -l -u -s th mc ngi dng GID khi to ngi dng tn ng nhp ca ngi dng UID ca ngi dng shell mc nh
44
Ti liu o to Linux trung cp QUN L NGI DNG V NHM Tng t nh vy, bn cng c th thay i chi tit v thng tin nhm vi tin ch groupmod. C mt s tham s la chn chnh sau y:
Kho ti khon: Mt ti khon ngi dng c th b kho bng cch thm vo mt du chm than vo mt khu ngi dng. C th thc hin iu ny bng cc cu lnh sau: Kho passwd l usermode L M kho passwd u usermod U
- Khi s dng shadow password, thay th x bi mt dy * - Mt tham s la chn t hu ch l xo ton b mt khu vi cu lnh passwd d - Cui cng, c th gn /sbin/nologin hoc /bin/false cho shell mc nh ca ngi dng trong /etc/passwd
Mc nh ban u, mt khu ngi dng c gi tr trong 99999 ngy, tng ng vi 2739 nm (mc nh PASS_MAX_DAYS). Ngi dng c thng bo trong vng 7 ngy rng mt khu ca bn s b ht hn (mc nh PASS_WARN_AGE) vi dng thng bo sau mi khi ngi dng ng nhp vo h thng:
45
Ti liu o to Linux trung cp QUN L NGI DNG V NHM C mt tham s thi gian ca mt khu khc c gi l PASS_MIN_DAY. y l s ngy nh nht trc khi mt ngi dng c th thay i mt khu, gi tr ny c thit lp mc nh ban u bng 0.
Cng c chage cho php qun tr h thng thay i cc tham s la chn trn:
Cch dng:
Tham s -l u tin lit k gi tr ca policy hin thi ca mt ngi dng. Chng ta ch cp n tham s la chn E. Tham s ny s kho mt ti khon ngi dng ti thi im xc nh. nh dng ngy c th theo nh dng ca UNIX hoc theo YYYY/MM/DD
Xo ti khon Ti khon ngi dng c th c xo bi cu lnh userdel. m bo rng th mc gc ca ngi dng cng c xo, ta s dng tham s la chn r.
userdel -r jade
46
6. Thc hnh
1. To ngi dng S dng useradd to ngi dng c tn l tux vi ID ngi dng l 600 v ID nhm l 550. S dng usermode thay i th mc gc ca ngi dng C cn thit phi to mt th mc mi khng? Ni dung ca /etc/skel c c copy sang th mc mi khng? Cc ni dung trong th mc gc c vn c th c truy cp bi ngi dng tux khng? S dng usermode thm tux vo nhm wheel. 2. Lm vic vi nhm. To mt nhm c tn l sales vi cu lnh groupadd. Thm ngi dng tux vo nhm ny bng cu lnh gpasswd. ng nhp vi tux v tham gia vo nhm sales vi newgrp. 3. File cu hnh. Thm mt ngi dng vo h thng bng cch son tho /etc/passwd v /etc/group. To mt nhm c tn l share v thm ngi dng tux vo nhm ny bng cch son tho bng tay /etc/group. 4. Thay i ti khon Thay i tham s ngy ht hn ca ti khon ngi dng tux bng cch s dng cu lnh usermod. Kho ti khon ngi dng (S dng cc cng c hoc son tho file /etc/shadow, ...)
47
Ti liu o to Linux trung cp QUN L NGI DNG V NHM Bo v ngi dng t ng nhp bng cch thay i shell mc nh ca ngi dng thnh /bin/false. Thay i tham s PASS_MAX_DAYS ca ngi dng tux thnh 1 trong file /etc/shadow. 5. Thay i thit lp mc nh S dng useadd D thay i cc thit lp mc nh ca h thng v do tt c ngi dng mi s c gn trong /bin/sh thay v /bin/bash (ch : iu ny s lm thay i file trong /etc/defaults/) Son tho /etc/login.defs v thay i tham s mc nh PASS_MAX_DAYS v do ngi dng mi s phi thay i mt khu ca mnh theo nh k 5 ngy.
48
cat /proc/interrupts 0: 1: 8729602 4 2: 7: 8: 10: 0 1 622417 XT-PIC XT-PIC 0 XT-PIC XT-PIC XT-PIC timer keyboard XT-PIC parport0 rtc eth0 cascade
49
1 (autoclean)
T v d trn, chng ta thy rng Chipset ca card mng Ethernet l Tulip, a ch i/o l 0xf800 v ngt (IRQ) l 10. Thng tin ny c th c s dng trong c trng hp nu module sai c dng hoc cc ti nguyn (i/o hoc IRQ) khng c. Thng tin ny cng c s dng chn mt module vi mt a ch i/o khc (s dng tin ch modprobe hoc insmod) hoc cng c th c ghi trong /etc/modules.conf hoc /etc/modprobe.conf (s ghi cc thng s ci t trong ln khi ng sau).
50
Ti liu o to Linux trung cp CU HNH MNG /etc/hosts cha a ch IP ca my tnh cng nh danh sch cc my ch bit
# Do not remove the following line, or various programs # that require network functionality will fail. 127.0.0.1 # other hosts 192.168.1.108 192.168.1.119 mesa pico mesa.domain.org localhost localhost.localdomain
1.
51
T ch cu lnh
Cng c chnh c s dng hin th giao din mng l /sbin/ifconfig. u tin khi to module nhn c gn cho eth0 trong /etc/modules.conf (v d tulip.o) c load v sau gn gi tr a ch IP v mt n mng (netmask).
Kt qu l giao din c th c chuyn bt v tt m khng b mt cc thng tin ny trong khi module nhn c thm vo.
V d: S dng ifconfig.
/sbin/ifconfig eth0 192.168.10.1 netmask 255.255.128.0 /sbin/ifconfig eth0 down /sbin/ifconfig eth0 up
Mt cng c khc l /sbin/ifup. Tin ch ny c cc tp cu hnh h thng trong /etc/sysconfig/network-script/ v gn cc gi tr c lu tr cho mt giao din mng no . Script cho eth0 c gi l ifcfg-eth0 v c cu hnh. Nu giao thc khi ng nh DHCP c nh ngha th ifup s khi ng giao din mng vi giao thc ny.
V d: S dng ifup.
Copyright ISE, 2006
52
. S
Ti thi im khi ng card Ethernet c khi to vi /etc/rc.d/init.d/network script. Tt c cc file mng lin quan c cha trong th mc /etc/sysconfig/.
Hn na script c th c cc la chn sysctl trong /etc/sysctl.conf, y l ni m bn c th cu hnh h thng nh mt b nh tuyn (cho php a ch IP chuyn trong nhn h iu hnh). V d dng lnh
net.ipv4.ip_forward = 1
3. Phc hi li DHCP Cc cng c sau y c th truy vn my ch DHCP cho mt a ch IP mi: pump dhcpclient
Copyright ISE, 2006
53
Ti liu o to Linux trung cp CU HNH MNG Mt daemon khch h tr DHCP c gi l dhcpcd (khng nhm ln vi daemon my ch DHCP l dhcpd).
4. nh tuyn
Mt iu d nhn thy khc khi s dng ifup l bng nh tuyn ca h thng. iu ny c th do file etc/sysconfig/network c c, trong khi default gateway c lu tr, hoc my ch DHCP gi thng tin ny cng vi a ch IP. Bng nh tuyn c cu hnh, kim tra v thay i vi cng c /sbin/route. Cc vi d nh tuyn: Thm mt tuyn tnh (static route) vo mng 10.0.0.0 qua thit b eth1 trong s dng 192.168.1.108 lm gateway cho mng:
/sbin/route add -net 10.0.0.0 gw 192.168.1.108 dev eth1
54
Gateway mc nh (Default Gateway): Trong danh sch cui cng. Trng ch l mt danh sch cc mng. c bit, 0.0.0.0 c ngha l mi ni. Cn nh rng, tn ti 2 a ch IP trong trng Gateway. Vy a ch no l default gateway? trnh phi nhp bng tay cc tuyn tnh, cc daemon c bit gated hoc routed c thc thi cp nht mt cch ng cc bng nh tuyn qua mt mng. Nu bn thuc v mng 192.168.10.0 v bn thm vo mt tuyn ti mng 192.168.1.0 th bn c th nhn c kt qu l cc my tnh trong mng va thm vo l khng c (not responding) bi v khng c tuyn (route) c thit lp t mng 192.168.1.0 ti my ch ca bn!! Vn ny c th c gii quyt bng cch s dng nh tuyn ng (dynamic routing) Cc tuyn tnh c nh Nu bn c mt s mng vi nhiu hn mt gateway, bn c th s dng /etc/sysconfig/static-routes (thay cho cc daemon nh tuyn). Cc tuyn ny s c thm vo ti thi im khi ng bi network script.
55
56
5. Cc cng c mng
Sau y l danh sch ngn cc cng c hu ch khi g ri cc kt ni mng:
ping host:
Bn c th nhn c thng tin ca cc kt ni mng hin ti, bng nh tuyn hoc cc thng k giao din mng ph thuc vo cc la chn sau c s dng:
Cc la chn ca netstat: -r -I -n -p -v ging nh /sbin/route hin th danh sch giao din mng (card mng) khng gii cc a ch mng IP tr v PID v tn ca cc chng trnh (ch s dng cho root) din gii di
-c
tip tc cp nht
57
Active Internet connections (w/o servers) Proto Recv-Q Send-Q Local Address tcp tcp tcp 0 0 0 0 192.168.1.10:139 0 192.168.1.10:22 0 192.168.1.10:80 Foreign Address 192.168.1.153:1992 192.168.1.138:1114 192.168.1.71:18858 State ESTABLISHED ESTABLISHED TIME_WAIT
Trong danh sch trn bn c th thy my ch a phng (local host) thit lp cc kt ni cng 139, 22 v 80.
arp:
traceroute: Hin th tuyn (route) c ly t mt my ch a phng (local host) ti mt my ch ch. Traceroute p ngay lp tc cc tuyn (routes) ti cc thng bo li tr v (send back error message) (ICMP TIME_EXCEEDED) bng cch xem xt thit lp gi tr tty (time to live) xung mc rt thp (too low).
58
Ti liu o to Linux trung cp CU HNH MNG Sau mi thng bo TIME_EXEEDED, traceroute tng gi tr ca tty, gi gi tin tip theo i xa hn cho n khi ti c a ch ch ca n.
V d:
CMD: /usr/sbin/traceroute -n www.redhat.com
traceroute: Warning: www.redhat.com has multiple addresses; using 216.148.218.197 traceroute to www.redhat.com (216.148.218.197), 30 hops max, 38 byte packets
192.168.1.1
0.440 ms
0.347 ms
0.341 ms
---- snip --14 15 16 17 18 12.122.2.145 12.122.2.74 112.116 ms 156.629 ms 110.908 ms 157.028 ms 112.002 ms 156.857 ms 156.623 ms 158.537 ms 156.080 ms
Cc la chn ca traceroute: -f ttl -n -v -w sec Thay i thi gian sng khi to v ttl thay v gi tr 1 khng gii cc a ch IP din gii di thit lp thi gian ch ti cc gi tr v thnh sec
59
6. Thc hnh
1. Trong phn kch bn nh tuyn c trnh by trn a ra bng nh tuyn i vi gateway ca mng LAN. 2. Khi ng giao din mng ca bn bng tay
ifconfig eth0 192.168.0.x
Lit k danh sch cc module nhn. m bo rng module eth0 c ti (kim tra /etc/modules.conf). 3. Dng giao din mng vi:
(i) ifconfig eth0 down
Chc chn rng bn c th lu tr cc thng tin giao din mng ny m khng b mt thng tin:
(ii) ifconfig eth0 up
4. Dng giao din mng v g b module nhn (rmmod module). iu g s xy ra nu bn lp li bc 3 (ii)? 5. Chia lp thnh hai mng A (192.168.1.0) v B (10.0.0.0). Th truy cp cc my qua cc mng Chn mt my lm gateway (ti mt trong hai mng) Ch trn my gateway! thc hin cc lnh sau: -- cho php chuyn IP (allow IP forwarding):
-- a ra mt giao din mng c gn (s lm vic nh mt giao din mng th hai). Nu bn trong mng 192.168.1.0 th s thc hin cc lnh sau:
Copyright ISE, 2006
60
thm mt tuyn (route) ti mt mng mi v gn n s dng thit b eth0:1 -- thm mt tuyn (route) ti mt mng khc bng cch s dng mt my lm gateway (bn s cn bit thit lp eth0 hoc eth0:1 ca gw ny ph thuc vo vic bn ang mng no)
61
10 = 21
100 = 22
101 = 22 + 1
The Dotted Quad: a ch IP c gn cho mt interface c gi l mt Dotted Quad. Trong trng hp mt a ch Ipv.4, a ch l 4 bytes (4 ln 8 bits) phn cch nhau bi cc du chm.
Decimal 192.168.1.1
Binary 11000000.10101000.00000001.00000001
62
a ch broadcast thng c sinh ra bi h thp phn. V d: vi 16 bit netmask, cc IP sau nm trn cng mt mng
00100000 00100000
. .
10000000 10000000
. .
00000001 00000000
. .
00000001 00000011
C ngha rng bt k mt bit no nm trong hnh ch nht (hnh v) (8+8 = 16 bits) s thay i a ch mng v cc host cn mt gateway kt ni chng vi nhau. Tng t, bt k bit no bn ngoi hnh ch nht (hnh v) s thay i a ch ca host m khng lm thay i a ch mng.
63
Ti liu o to Linux trung cp MNG TCP/IP 00100000 00100000 . . 10000000 10000000 . . 00000001 00000000 . . 00000001 00000011
5. a ch mng Mi mt mng cn c mt s hiu, s hiu cn thit trong vic thit lp b dn ng (routing). S hiu ca mng l c s nguyn(0-255) phn cch bi du chm.
V d mt a ch mng: 192.168.1.0 6. a ch Broadcast a ch broadcast l mt min cc host/interface c th c truy cp trn mng ging nhau. V d mt host c a ch broadcast l 10.1.255.255 s truy cp n tt c cc my no c IP c dng 10.1.x.x. a ch broadcast in hnh 192.168.1.255. Cc php ton logic c th p dng cho cc a ch broadcast, netmask, network. ly a ch mng, ta lm ng tc n gin l thc hin php ton AND gia a ch IP v netmask.
Network Address = IP AND Netmask
Broadcast Address
Network
OR
not[Netmask]
64
Ti liu o to Linux trung cp MNG TCP/IP AND v OR cc php ton logic trong mu nh phn ca cc a ch ny V d: a ch IP 192.168.3.5 vi net mask 255.255.255.0. Chng tac c th thc hin cc php ton sau:
a ch mng = IP AND MASK
(192.168.3.5)
(255.255.255.000)
a ch Broadcast
IP
OR
NOT-MASK
(192.168.3.5)
(000.000.000.255)
3. Lp mng
7. a ch IP d phng
65
Ti liu o to Linux trung cp MNG TCP/IP i vi cc mng ring bit, cc a ch IP c th khng bao gi c s dng lm a ch IP trn internet. Cc a ch IP d phng ny thng thng ch c s dng cho cc mng LAN. Bng sau y s cho thy cc lp a ch ring/ d phng.
Bng1: a ch d phng
1 16 255 Class A Class B Class C 10.x.x.x 172.16.x.x -- 172.31.x.x 192.168.o.x
8. Lp a ch IP Lp A: 8 bit dng nh a ch mng v 24 bit nh a ch host. Byte u tin d phng cho a ch mng. V vy subnet mask mc nh s l 255.0.0.0. Do 255.255.255 and 0.0.0 khng phi l a ch host nn c ti a 224 2 = 16777214 host trn mng. S IP c byte u tin nm trong min t 1 n 127, tng ng vi s nh phn 00000001 -> 01111111. Hai bit u tin ca lp A c th thit lp bng 00 hoc 01. Lp B: a ch mng v host 16 bit 16 bit dng nh a ch mng v 16 dng nh a ch host trn mng.Subnet mask mc nh l 255.255.0.0. C ti a 216-2 = 65 534 host trn mt mng thuc lp B. Byte u tin c phm vi t 128 n 191. Tng ng vi s nh phn l 10000000->10111111.
66
Ti liu o to Linux trung cp MNG TCP/IP Hai bit u tin ca lp B lun thit lp l 10. Lp C: a ch mng v host 24-bit 24 bit dng nh a ch mng v 8 bit dng nh a ch host trn mng. Subnet mask mc nh l 255.255.255.0. C ti a 28 -2 = 254 host trn mt mng thuc lp C. Byte u tin c gi tr t 192 n 223. Tng ng vi s nh phn l 11000000 ->11011111. Nh vy 2 bit u tin ca lp C lun l 11.
4. Subnets
Subnet l khi nim phn chia mt mng thnh nhiu mng con bng cch dng cc bit ca phn a ch host nh a ch mng. V d netmask lp A l 255.0.0.0 c th c dng bin bit u tin ca byte th 2 tr thnh bit nh a ch mng. Kt qu chng ta c 9 bit nh a chi mng v 23 bit nh ch host trn mng. Netmask c dng binary nh sau : 11111111.10000000.00000000.00000000 or 255.128.0.0 25-bit network
Netmask: 11111111.11111111.11111111.10000000 or 255.255.255.128
Do a ch mng Network = IP AND Netmask, t gi tr ca netmask, ta thy l c th to c 2 mng con. 1. Cc a ch host nm trong min 192.168.1.0xxxxxxx thuc vo mng 192.168.1.0 network. S hiu ca mng l 0. 2. Cc a ch host nm trong min 192.168.1.1xxxxxxx thuc vo mng 192.168.1.128 network. S hiu ca mng l 128
Copyright ISE, 2006
67
S bit nh a ch host l 7 v tr i 2 gi tr c bit (tt c cc bit bng 0 hoc 1), chng ta c 27 2 = 126 trn mi mng v c tt c 252 host. Nu chng ta dng subnet mask mc nh l 255.255.255.0 th chng ta c 254 a ch host. Trong v d trn 192.168.1.127 l cc a ch c bit, do ch c 252 a ch host c s dng. 26-bit network
Netmask: 11111111.11111111.11111111.11000000 or 255.255.255.192
1. a ch cc host nm trong min 192.168.1.00xxxxxx thuc vo mng 192.168.1.0 network. 2. a ch cc host nm trong min 192.168.1.01xxxxxx thuc v mng 192.168.1.64 network. 3. a ch cc host nm trong min 192.168.1.10xxxxxx thuc v mng 192.168.1.128 network.
Copyright ISE, 2006
68
Ti liu o to Linux trung cp MNG TCP/IP 4. a ch cc host nm trong min 192.168.1.11xxxxxx thuc v mng 192.168.1.192 network. Thay th x bit trn bng 1 ta c a ch trn ta c cc a ch broadcast tng ng: 192.168.1.63, 192.168.1.127, 192.168.1.191, 192.168.1.255
Hiu mt cch n gin, giao thc IP ch x l cc gi tin v cc datagrams (gi tin cha a ch n, kch thc) trong khi giao thc TCP x l vn kt ni gia 2 my tnh. Cc giao thc kt hp vi nhau thc hin tc v c bit ca mnh. Ti liu ny s trnh by cc tc v ca TCP/IP.
Hot ng ca cc giao thc din ra cc tng khc nhau trong tin trnh hot ng ca mng.
Bng 1: M hnh 4 tng ca giao thc TCP/IP Tn ng dng (Application) Tng giao vn(Transport) Mc ng dng(FTP,SMTP,SNMP) Kt ni cc my(TCP,UDP)
69
Ti liu o to Linux trung cp MNG TCP/IP Tng internet(Internet) Tng truy cp mng() Routing(Dn ng):IP,ICMP,IGMP,ARP Mc card mng, v d card Ethernet, token ring
Tng quan v cc giao thc IP Giao thc IP lm nhim v truyn ti d liu cho giao thc TCP , UDP v ICMP.IP cung cp dch v kt ni khng tin cy (unreliable), c ngha l d liu truyn i khng m bo c truyn n a ch cn gi. Giao thc IP cho php tt c tnh ton vn ca d liu c x l bi mt trong giao thc tng cao hn, v d nh giao thc TCP hoc nhng thit b chuyn bit cho ng dng no . IP c nhim v x l vn a ch v dn ng (routing) gia cc mng. n v d liu s dng giao thc IP l datagram. Giao thc TCP(Transmission Control Protocol) cung cp
Copyright ISE, 2006
TCP
70
Ti liu o to Linux trung cp MNG TCP/IP dch v kt ni tin cy. TCP c nhim v kim tra trn mi host th t gi v nhn v kim tra v bo m rng mi gi d liu (data packet) c truyn. V d cc ng dng FTP hay telnet(ng dng ng nhp t xa) khng cn phi x l vn mt d liu trong qu trnh truyn. UDP Giao thc UDP (User Datagram Protocol) cho php mt chng trnh ng dng truy cp trc tip n IP, khng ging nh TCP, UDP l giao thc khng lin kt v khng tin cy. Giao thc ICMP(Internet Cntom Message Protocol) c s dng bi cc thit b dn ng v cc host thoi di trng thi ca mng. n v d liu s dng trong giao thc ny l IP datagrams v ICMP l giao thc khng lin kt. Giao thc PPP(Point to Point) thit lp mt kt ni TCP/IP thng qua ng in thoi. Ngoi ra n cn c s dng bn trong cc kt ni c m ha nh pptp.
ICMP
PPP
71
Dch v portscan cho bit cc cng ang m v phc v ng dng no Cc cng chnh /etc/services:
ftp-data ftp telnet smtp domain domain http www pop-2 pop-3 sunrpc sftp uucp-path
20/tcp 21/tcp 23/tcp 25/tcp 53/tcp 53/udp 80/tcp 80/tcp 109/tcp 110/tcp 111/tcp 115/tcp 117/tcp # www is used by some broken # progs, http is more correct # PostOffice V.2 # PostOffice V.3 mail
72
73
7. Thc hnh
Registering a service with xinetd 1. Vit mt bash script a ra mn hnh(stdout) dng Welcome. Lu li trong /usr/sbin/hi 2. Trong th mc /etc/xinetd.d to mt file tn l fudge nh sau:
service fudge { socket_type server user wait disable } = stream =/usr/sbin/hi = root = no = no
3. Thm mt dch v tn l fudge trong /etc/services, dch v ny s dng cng 60000. 4. Khi ng li xinetd v dng dch v telnet n cng 60000. 5. Gi s bn c mt min IP trn mng 83.10.11.0/27 a. Bao nhiu mng c 4 byte u tin ging nh ca bn? b. C bao nhiu my trn mng ca bn? C bao nhiu a ch broadcast cho mng u tin ny?
74
CC DCH V MNG
Cc dch v mng c th chy ng thi hoc n l nh cc ng dng, chng lm nhim v lng nghe (listen) cc kt ni v trc tip iu khin cc client hoc chng cng c th c gi bi cc tin trnh nn mng (network daemon) inetd hoc xinetd.
75
tn hp l t /etc/services
stream
i vi
TCP
dgram
i vi
UDP
wait
thng thng
76
V d:
pop-3 stream tcp nowait root /usr/sbin/tcpd ipop3d
Ch : File /etc/services c s dng to s tng quan gia tn dch v v s cng socket. Cc trng trong file services l:
service-name
port/protocol
[aliases]
77
3. TCP wrappers
Nu cc chng trnh c bin dch vi libwrap th chng c th c lit k trong /etc/host.allow v /etc/host.deny. Th vin libwrap s xc nh nhng file no tng ng vi hosts no. nh dng mng nh i vi /etc/hosts.{allow,deny}:
DAEMON :
Bn cng c th s dng nhng file ny ghi log cc dch v khng xc thc (unauthorised services). y c xem nh s cnh bo sm ca h thng. Sau y l mt s v d:
V d cui cng nm trong b cng c mo (Deception Tool kit) v c th download ti a ch sau: http://all.net/dtk/download.html
Copyright ISE, 2006
78
4. Thit lp NFS
Thit lp pha my trm i vi cc my trm Linux mun gn (mount) cc file h thng t xa (remote file system): 1. file h thng nfs phi c h tr bi nhn 2. tin trnh nn portmapper phi ang c chy. Tin trnh nn portmapper c khi ng bi script /etc/rc.d/init.d/portmap. Tin ch mount s gn file h thng. Cc u vo thng thng trong /etc/fstab s l:
nfs-server:/shared/dir /mnt/nfs nfs defaults 0 0
Thit lp pha my ch Mt my ch NFS cn phi chy portmap trc khi khi ng my ch nfs. My ch nfs s c khi ng hoc dng vi script /etc/rc.d/init.d/nfs. File cu hnh chnh l /etc/exports. V d file /etc/exports:
/usr/local/docs *.local.org(rw, no_root_squash) *(ro)
Th mc c xut (export) ti tt c cc my ch (host) theo quyn ch c (read-only) v c ghi (read write) ti tt c cc my ch (host) trng min .local.org Tham s la chn mc nh root_squash s ngn nga ngi dng gc (root user uid = 0) trn my khch truy cp vo vng chia x trn my ch v c th c thay i bi tham s la chn no_root_squash.
79
Ti liu o to Linux trung cp CC DCH V MNG File /etc/exports s tng ng vi cc host nh *.machine.com trong khi /etc/hosts.allow/deny tng ng vi cc host nh .machine.com Nu file /etc/exports c thay i th tin ch exportfs s c chy. Nu cc thc mc tn ti trong /etc/exports b thay i th n c th cn thit tho (unmount) tt c cc chia s nfs trc khi chng c gn li (remount). Cc th mc ring r c th c gn hoc tho (unmount) vi exportfs. Xut v dng xut (unexporting) tt c th mc trong /etc/exports:
5. SMB v NMB
Cc my Linux c th truy cp v cung cp cc ngun ti nguyn chia x ca Window (th mc v my in). Giao thc c dng lm vic ny l MS Windows Server Message Block SMB. Trong Linux cng c Samba thng c s dng h tr cho phn mm khch v ch.
T ca s dng lnh Tin ch smbclient c s dng lit k tt c ngun ti nguyn c chia x. Cc th mc t xa (remote directories) thng thng c gn vi smbmount, tuy nhin mount t smbfs cng c th c s dng. V d:
80
smbclient
-M win98desk
Gn mt th mc chia s ca my ch winserv
smbmount
//winserver/shared
/mnt/winserver/shared
My ch Samba c th c cu hnh vi file /etc/smb.conf v c khi ng hoc dng vi script /etc/rc.d/init/d/smb. Ch smb s cng khi ng cc dch v NBS. Khi thng bo NetBIOS (NetBIOS Message Block) sau y s cho php gii tn (name resolution) trong Windows. Hnh 1: Nautilus Browsing SMB shares::
81
Cu hnh SWAT v Webmin GUI Nu ci t gi swat th bn c th qun tr my ch samba qua nn web GUI ti cng 901. Mt cng c qun tr ph thng khc c s dng l webmin. Cng c ny c th c ti v ti a ch www.webmin.com
CH
File cu hnh /etc/samba/smb.conf l mt ngun ti liu tt. Tt c cc tham s la chn c m t v c th c chuyn thnh cu lnh bng cch xo du ghi ch ;. C th xem trong trang hng dn smb.conf(5).
82
6. Cc dch v DNS
B gii (Resolvers)
Khi mt chng trnh cn gii mt tn host th cn s dng mt c ch gi l b gii (resolver). B gii u tin s tra cu file /etc/nsswitch (trc /etc/host.conf) v xc nh phng thc no s c s dng gii cc tn host (local file, name server, NIS hay ldap server). File /etc/host.conf (hoc /etc/nsswitch.conf): Cc file ny c qut bi b gii tn xc nh xem u l cc file, my ch dns, c s d liu ldap hoc my ch nis s c tra cu. V d (/etc/nsswitch):
hosts: networks: files dns nis files
Dng u tin cho thy cc file ( y l /etc/hosts) s c truy vn u tin v sau l my ch DNS nu n b li. Dng th hai ch dn s s dng file /etc/networking cho thng tin v mng. File /etc/hosts Vi mt s nh cc my tnh c ni mng th c th chuyn i a ch IP thnh tn bng cch s dng file /etc/hosts. Cc trng c th l:
IP machine machine.domain alias
V d: file /etc/hosts
192.168.1.233 61.20.187.42 io callisto io.my.domain callisto.physics.edu
83
Ti liu o to Linux trung cp CC DCH V MNG File /etc/resolv.conf Nu b gii cn s dng mt my ch tn min (DNS) th n s tra cu danh sch cc my ch hin c ti file /etc/resolv.conf Cu trc c cp bc Cc my ch tn (Name servers) u c mt cu trc cp bc (hierachical structure). Ph thuc vo v tr trong tn min iu kin y (fully qualified domain name FQDM) m mt tn min c th c gi l mc top level, mc th hai (second level) hoc mc th ba (third level).
V d i vi cc tn min cp 1 (top level) com edu gov mil net org uk Cc t chc thng mi Cc t chc gio dc M Cc t chc chnh ph M Cc t chc qun s M Cc nh cung cp dch v v cng truy cp Cc trang phi thng mi Cc trang thuc v nc Anh
Kiu ca My ch DNS Cc tn min c th c chia nh hn thnh cc tn min con (subdomain). iu ny s gii hn tng s thng tin cn qun tr trong mt min. Mi vng (Zone) s c mt my ch tn min chnh (thng gi l primary DNS) v mt hoc nhiu my ch tn min ph (thng gi li secondary). Vic qun tr my ch tn gm c vic cp nht thng tin v mt vng c th. My ch chnh thng c ra lnh cho vic xc thc. File cu hnh DNS
84
Ti liu o to Linux trung cp CC DCH V MNG Trong phin bn BIND c (trc phin bn BIND 8) file cu hnh l /etc/named.boot. Vi BIND phin bn 8, file /etc/named.conf c thay th. Bn c th d dng tin ch named-bootconf.pl chuyn i t file cu hnh c sang file cu hnh mi. File /etc/named.boot:
directory cache . /var/named named.ca named.myco named.local named.rev
Dng u tin nh ngha th mc c s c s dng. File name.ca s cha danh sch cc a ch IP DNS cho vic truy vn cc a ch m rng. Dng th ba l tham s la chn v cha cc bn ghi cho mng ni b. Hai tham s tip theo c s dng cho tm kim ngc li (reverse lookup). Trong /etc/named.conf cache secondary primary c thay th bi hint c thay th bi slave c thay th bi master.
p dng cc thay i ny i vi file cu hnh BIND4 s sinh ra cc file cu hnh BIND8 v BIND9 nh sau. File /etc/named.conf:
options { directory /var/named; };
zone
85
zone myco.org
Trong v d ny my ch c thit lp nh mt my ch ch by (catching-only server). Tt c cc file vng (zone file) u cha cc bn ghi ti nguyn. V d file named.local zone file:
@ IN SOA localhost. root.localhost. ( 2001022700 ; Serial 28800 14400 Copyright ISE, 2006 ; Refresh ; Retry
86
y l mt file vng rt n gin nhng n cung cp y cc thng tin gip ta hiu c c ch c bn ca mt my ch tn. K hiu @ s gii (tham chiu) ti mt vng lin quan c khai bo trong /etc/named.conf. iu ny cho php bt k file vng no cng c th s dng nh l mt template cho cc vng khc (xem bi tp).
Bng 1: Kiu bn ghi thng thng NS PTR MX A CNAME Xc nh cc vng ca my ch tn min chnh Tham chiu ngc a ch IP ti tn my host Bn ghi th in t Mail Exchange Tng ng mt a ch IP vi mt my host Tng ng mt tn gn (alias) vi mt tn chnh ca my host
Bng 2: Cc tham s vng @ IN SOA Start Of Authority. Xc nh mt vng c cho php bi cc tham s la chn nm trong du ngoc kp Gi tr c tng bng tay khi d liu thay i. Cc my ch ph (secondary servers) s truy vn s hiu (serial number) ca my ch chnh. Nu n thay i, ton b file vng s c ti v (downloaded)
Copyright ISE, 2006
serial
87
Ti liu o to Linux trung cp CC DCH V MNG refresh Thi gian c tnh bng giy trc khi my ch ph truy vn bn ghi SOA ca tn min chnh (primary domain). Gi tr ca n nh nht l mt ngy. Khong thi gian tnh bng giy trc khi mt vng mi c chuyn (transfer) nu vic download trc li. Thi gian sau khi my ch ph loi b tt c d liu vng nu n lin h vi my ch chnh. Gi th ca tham s ny thng thng t nht l 1 tun y l ttl i vi cc d liu c cached. Gi tr mc nh l 1 ngy (86400 giy) nhng cng c th lu hn i vi cc mng LAN n nh
retry
expire
minimum
Cu hnh Sendmail Sendmail l dch v chuyn mail (MTA) ph bin nht trn internet. N s dng giao thc Simple Mail Transfer Protocol (SMTP) v chy nh mt tin trnh nn lng nghe cc kt ni ti cng 25. Script Sendmail c dng dng hoc chy tin trnh nn sendmail thng thng c t ti th mc /etc/rc.d/init.d/. Cu hnh chnh ca file l /etc/mail/sendmail.cf (hoc /etc/sendmail.cf) Ti y bn c th xc nh tn ca my ch cng nh tn ca cc host m t v mail relay c cho php. File /etc/aliases cha hai trng sau y:
alias: user
Khi chuyn ti /etc/aliases, cu lnh newaliases phi c chy rebuild c s d liu /etc/aliases.db. Khi th c my ch chp nhn, n s c mc vo mt file n vi tn do ngi dng t. Cc file ny c lu tr ti /var/spool/mail. Ph thuc vo Mail User Agent c s dng, ngi dng c th lu tr cc thng ip (message) trong th mc gc ca mnh hoc c th download chng v mt my khc.
Copyright ISE, 2006
88
Ti liu o to Linux trung cp CC DCH V MNG Nu my ch ang chuyn tip (relaying), hoc nu mng chm v nhiu message ang c chuyn, th s c lu tr trong hng i th /var/spool/mqueue. Bn c th truy vn vi tin ch mailq hoc sendmail bp. Qun tr mng c th flush hng i ca my ch vi cu lnh sendmail q. Cui cng, ng k mt tn min nh mt a ch email hp l, mt bn ghi MX cn c thm vo trong c s d liu DNS. V d nu mail.company.com l mt my ch mail, n chp nhn mail nh
joe@company.com th bn s phi cu hnh nh sau
8. My ch Apaches
File cu hnh File /etc/httpd/conf/httpd.conf cha tt c cc tham s thit lp cu hnh Cc phin bn trc ca apache c thm hai file ngoi, mt l access.conf trong s gii hn cc th mc c khai bo v mt file khc l srm.conf xc nh th mc gc (rot) ca my ch. Cc cu hnh cn ch :
ServerType standalone/inetd ServerRoot /etc/httpd DocumentRoot /var/www/html <Directory /var/www/cgi-bin> AllowOverride None Options ExecCGI Order allow,deny Allow from all </Directory> <VirtualHost 122.234.32.12>
89
Chy Apache chy v dng my ch, u tin bn c th s dng script /etc/rc.d/init.d/httpd. Trn mt my ch bn (busy server) th nn s dng apachectl c bit vi la chn graceful s khi ng li my ch chi khi cc kt ni hin ti c tho thun. Cc file nht k chnh c lu trong /var/log/httpd/. Cc file ny c th rt hu ch trong cc l do an ninh. Thng thng chng ta kim tra file error_log v access_log.
90
9. Thc hnh
Ci t mt my ch DNS chnh Nh l mt bi tp, chng ta s ci t gi BIN9 rpm bind9-9.1.3-252.i386.rpm v cu hnh mt domain c tn l gogo.com. 1. Tin hnh ln lt cc bc sau trong /etc/named.conf: Copy/Paste cc on sau v sa li nh sau
2. Trong /var/named:
cp 127.0.0.zone 192.168.2.zone cp local.zone gogo.zone
3. Thay i cc trng tng ng trong file vng mi (zone file). Thm mt host c tn l harissa. 4. Thm dng nameserver 127.0.0.1 vo /etc/resolv.conf. 5. S dng host gii harissa.gogo.com Qun tr Apache Cc cu hnh c bn trong file /etc/httpd/conf/httpd.conf 1. Thay i Port t 80 thnh 8080. 91
Ti liu o to Linux trung cp CC DCH V MNG 2. Kim tra rng apache tr li vi cu lnh telnet localhost 8080. Bn s nhn c:
Trying 127.0.0.1... Connected to localhost.linuxit.org. Escape character is '^]'.
3. Thit lp StartServer thnh 15. Khi ng li httpd v kim tra rng 15 tin trnh s c chy (thay v 8 tin trnh nh mc nh) IP based virtual server Card mng ethernet ca bn phi nh danh ti mt a ch IP mi (gi l new-IP)
ifconfig eth0:0 new-IP
Ci t mt th mc chia x SMB (shared SMB directory) Trong hu ht cc trng hp bn s khng cn thm ngi dng smb (smbusers) vo h thng. n gin ch cn son tho file smb.conf v thm nh sau:
[public] comment = Example Shared Directory path = /home/samba guest ok = yes writeable = yes
Ci t mt my in chia s:
[global] --- snip --Copyright ISE, 2006
92
93
Thc t, c rt nhiu bin cn thit i vi shell cung cp i vi mi mi trng ngi dng. V d cc bin PWD, HOME, TERM v DISPLAY. C php khi to v khai bo mt bin nh sau:
VARIABLE=VALUE
Ch rng khng c t bt k du cch no xung quanh du =. Khi mt bin c khai bo v khi to, n s c th c tham chiu bng cch s dng k t dolla ng trc nh v d sau y:
echo $VARIABLE
94
Ti liu o to Linux trung cp BASH SCRIPTING gii phng mt bin khi gi tr hin thi, s dng unset. Cc file cu hnh u tin c th phn bit cc file cu hnh xem file no s c c i vi mi phin bash mi. File cu hnh Login: Cc file c c khi login l /etc/profile v ~/.bash_profile (bash s tm mt s file khc nh ~/.profile). Tip theo bash s c cc file iu khin thi gian ca n ~/.bashrc v (nu tn ti) /etc/bashrc. Cc File bashrc: Cc file ny c c mi ln khi mt phin shell c khi chy (v d mt xterm mi). Cc file ny l /etc/bashrc v ~/.bashrc. Cc nh danh (alias) v cc function c th c ghi trong ~/.bashrc C php Function:
function-name () { command1; command2; }
bash
95
Ch bt k phin bash mi no cng s k tha cc bin ca cha c khai bo trong /etc/profile v ~/.bash_profile.
2. Cc yu t cn thit Scripting
File script Script shell l mt danh sch cc ch dn c lu tr trong mt tp phng (flat file). Ch c hai ch dn sau l cn thit. 1. Dng u tin ca script phi l #!/bin/bash (i vi script bash) 2. File phi c c th c v chy c (v d i vi quyn 755)
Nu cc dng ny khng hin hu th cng c th chy chng trnh script bng ccg g:
bash program-name
96
Ti liu o to Linux trung cp BASH SCRIPTING Cc bin c to ti cc dng lnh c tham chiu bn trong script nh $1 i vi i s u tin, $2 cho i s th hai, vv V d script, mycat:
#!/bin/bash cat $1
Script ny i hi mt i s l mt file v s hin th ni dung ca file bng cch s dng cat. chy script ny trong file lilo.conf, bn s chy:
./mycat /etc/lilo.conf
Mt cch khc chuyn cc bin vo script l t du nhc script cho ngi dng nhp u vo. Cch ny c th thc hin bng cch s dng cu lnh read. Tn mc nh ca bin c c l REPLY. Sau y l mt script c thay i: Chuyn bin tng tc:
#!/bin/bash echo -n "Which file shall I display ?" read cat $REPLY
hoc
read -p File to display: FILENAME cat $FILENAME
Cc bin c bit Cc bin c bit ch c th c tham chiu v c t ng thit lp bi bash. Sau y l mt s bin c bit thng dng nht:
97
Ti liu o to Linux trung cp BASH SCRIPTING $* $# $0 $! $$ $? Lit k tt cc cc bin c nhp ti dng lnh S lng cc i s c nhp ti dng lnh Tn ca script PID ca cu lnh nn gn nht PID ca shell hin ti M thot ca dng lnh cui cng
i vi cc tham s v tr $1, $2 vv php ton dch chuyn shift s t li tn mi tham s mt cch tun hon theo cch sau. $2 s thnh $1 $3 s thnh $2 vv C th tng qut li nh sau $(n+1) $n
3. Cc c lng logic
Cc biut thc logic c c lng vi cu lnh test hoc du [ ]. Trong c hai trng hp ny, kt qu u c lu tr trong bin $? nh:
$? l 0 $? Khng l 0
98
Cng c th c lng nhiu hn mt biu thc ti cng mt thi im bng cch s dng cc php ton logic || (OR) v && (AND) trong mt dng lnh. V d chng ta c th test nu /bin/bash l mt tp thc thi v tn ti trong /etc/inittab:
4. Vng lp
if then loop C php:
fi
99
100
101
S dng select
C php: select VARIABLE in SET; do if [ $VARIABLE = CHOICE ]; then command fi if [ $VARIABLE = CHOICE ]; then command fi done
6. Lm vic vi s
Trong khi cc x l cc chui k t mt cch lin mch, mt c gng nh khc l thc hin mt s php ton s hc ht sc c bn. Cc php ton nh phn Cng hoc nhn cc s c th c thc hin bng cc s dng c biu thc expr hoc cu trc $(( ))s. V d:
expr 7 + 3; expr 2 \* 10; expr 40 / 4; expr 30 11 $((7+3)); $((2*10)); $((40/4)); $((30-11))
102
103
7. Thc hnh
export TEST=old
2. Vit mt script
#!/bin/bash echo old variable: $TEST export $TEST=new echo exported variable: $TEST
3. Gi tr ca $TEST l g khi script c chy? 4. Trong script sau gi test_shell s in PID ca shell
test_shell #!/bin/bash if [ -n $(echo $0 |grep test) ]; then echo The PID of the interpreter is: $$ else echo The PID of the interpreter is: $$ fi
104
105
BO MT 1. Bo mt a phng
The BIOS Nu mt ngi no y tm cch truy nhp cc a c bo mt hoc mt a linux bng cch khi ng t a mm hoc CD ROM th s rt d dng c th c v truy cp ti by k file no ca h thng. trnh c iu ny BIOS s c thit lp thit lp ch cho php khi ng t a cng. Khi iu ny c thc hin thnh cng n s thit lp mt mt khu trong BIOS. LILO LILO c th a ra cc tham s la chn khi khi ng. Thng thng mt s h iu hnh Linux s khng hi mt khu khi khi ng h thng trong ch single user hoc mc thc thi runlevel 1. C hai tham s la chn s c thm vo trong /etc/lilo.conf: Tham s restricted s nhc ngi dng nhp mt khu Tham s password="", thit lp xu mt khu
Cm c ngha l LILO khng th a ra bt k tham bin no khi "password" khng xc nh trong lilo.conf.
Boot=/dev/had install=/boot/boot.b Prompt timeout=50 Password="password" restricted
106
Ti liu o to Linux trung cp BO MT Quyn truy cp file bo v khi nhng tn cng ph hu file. xut thc hin cc bc sau. 1) To cc cng c h thng khng th thay i c, hoc cc file nht k ch thm vo cui (append-only):
chattr +i /bin/login chattr +i /bin/ps chattr +a /var/log/messages
3) Tm tt c file trong h thng khng thuc v mt ngi dng hoc nhm ngi dng no :
find / -nouser o nogroup find / -perm +4000
File nht k (Log file) Cc file log chnh l /var/log/messages : cha cc thng tin ng nhp bi chng trnh nn syslogd /var/log/secure. : cha thng tin nhng ln ng nhp khng thnh cng, thng tin v thm ngi s dng, vv
Copyright ISE, 2006
107
Ti liu o to Linux trung cp BO MT Cng c last s lit k tt c nhng ln ng nhp v khi ng h thng thnh cng. Cc thng tin c c t file /var/log/wtmp. Cng c who v w lit k tt c ngi dng hin ti ang ng nhp vo h thng bng ccg s dng file /var/run/utmp. Gii hn ngi dng Khi file /etc/nologin tn ti (c th rng) th n s bo v tt c ngi dng t khi ng nhp vo h thng (ngoi tr ngi dng root). Nu file nologin cha mt thng bo th n s c hin th sau khi vic xc thc ngi dng thnh cng. Th mc /etc/security/ s l mt tp cc file m cho php ngi qun tr gii hn thi gian CPU ngi dng, ln ti a file, s lng kt ni ti a, vv /etc/security/access.conf : khng cho php ng nhp i vi cc nhm v ngi dng t mt v tr xc nh. /etc/security/limits.conf nh dng ca file ny l
<domain> <type> <item> <value>
domain tn ngi dng, tn nhm (vi @group) type item cng hoc mm (hard or soft) core data fsize memlock nofile - gii hn kch thc li ca file (KB) - kch thc d liu ti a (KB) - kch thc ti a ca file (KB) - khng gian a ch kho b nh (locked-in-memory) ti a (KB) - s lng ti a file c m
108
2. An ninh mng
Bo mt mng c th c chia ra thnh hai mc chnh nh sau: Bo mt theo my ch (Host Based Security) Quyn truy cp vo cc ngun ti nguyn c th c cho php da vo yu cu dch v ca Host. iu ny c thc hin bi tcp_wrappers. Th vin libwrap cng ng vai tr nh tcp_wrappers cung cp danh sch truy cp kim sot host i vi cc dch v mng khc nhau. Mt s dch v nh xinetd, sshd, v portmap, c bin dch da vo th vin libwrap do c kch hot tcp_wrapper h tr cho cc dch v ny. Khi mt client kt ni ti mt dch v vi h tr tcp_wrapper, file /etc/hosts.allow v /etc/hosts.deny c phn tch (parse) kch thch yu cu dch v host. Da vo kt qu m dch v c th c cho php hoc khng. File hosts_access c 2 hoc 3 (la chn) du hai chm ngn cch cc trng. Trng u tin l tn ca tin trnh, tip theo l tn host hoc domain b hn ch hon ton vi mt du chm u ("leading dot"), a ch IP hoc subnet vi du chm sau. Cc t i din nh ALL v EXCEPT cng c chp nhn.
109
V d:
/etc/hosts.deny ALL: ALL EXCEPT .example.com
Tcp_wrappers c th chy mt lnh cc b da vao host tng ng vi cc file host_access. Cng vic c hon thnh vi lnh spawn. Bng cch s dng k t %, vic thay th c th c s dng i vi tn ca host v tn dch v. V d:
/etc/hosts.deny ALL: ALL : spawn (/bin/echo `date` from %c for %d >> /var/log/tcpwrap.log)
bit thm cc thng tin v k t thay th %, xem trang tr gip host_access (5) bng lnh man.
110
Ti liu o to Linux trung cp BO MT Bo mt theo cng (Port Based Security) Vi chc nng lc gi tin trong nhn ca Linux, c th gii hn truy cp ti ngun ti nguyn bng cch to ra tp lut vi cc tin ch nh ipchains v iptables, s cho php xc nh mt gi tin khi i qua hoc giao din mng ca n v cng ch ra iu g s din ra i vi gi tin ny. C ba chui trong ipchains v iptables, l
input, forward v output cho ipchains INPUT, FORWARD, v OUTPUT cho iptables.
V d, khi s dng ipchains tt c gi tin i vo mt giao din mng s i qua chui input. Tt c cc gi tin khng c ch l host ny s ia qua chui
forward.
Lut ipchains v iptables c th xc nh cc thng tin nh ngun source (s), ch (d), giao thc (p), v cng. V d: Tt c cc gi tin t a ch 192.168.0.254 s b cm
ipchains -A input -s 192.168.0.254 -j DENY
Cc lut Ipchains v iptables c th c thc thi theo cc thng s la chn sau -A -D Thm vo cui (Append) Xo (Delete)
111
Ti liu o to Linux trung cp BO MT -P -I -F -N -X -L Thay i chnh sch mc nh i vi mt chui (chain) Chn (Insert) In cc lut ra mt chui (Flush the rules(s) in a chain) To mt chui c ngi dng nh ngha Xo chui do ngi dng nh ngha Lit k
Trong d n pht trin nhn Linux 2.4 v d n Netfilter cng s dng tin ch bng iptables qun l cc lut firewall. im khc bit ln nht gia iptable v ipchain l iptables h tr cho vic nh gi cc gi tin da trn trng thi ca chng da theo cc gi tin khc c truyn qua nhn. Di y l mt v d minh ho tng la theo trng thi gi tin c thc hin. N l mt on script shell gm mt s dng lnh. V d: Mt on script c bn ph hp vi ngi dng gia nh (home user) hoc khng c nhu cu kt ni internet nhng vn s dng gateway cho mng LAN v cho php cc kt ni t mng LAN ti tt cc dch v. Ch : Dng bi m di y ch cho php kt ni ti cng 80
112
# Setup IP Masquerading
# Specify the default policy for the built in chains $IPTABLES -P INPUT DROP $IPTABLES -P FORWARD DROP $IPTABLES -P OUTPUT DROP
# Specify INPUT Rules $IPTABLES -A INPUT -i !$INET_IFACE -j ACCEPT $IPTABLES -A INPUT -p TCP -i $INET_IFACE -m state --state NEW --dport http -j ACCEPT $IPTABLES -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
# Specify FORWARD Rules $IPTABLES -A FORWARD -i $LAN_IFACE -j ACCEPT $IPTABLES -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
113
# Specify OUTPUT RULES $IPTABLES -A OUTPUT -p ALL -s $LOCALHOST_IP -j ACCEPT $IPTABLES -A OUTPUT -p ALL -s $LAN_IP -j ACCEPT
3. Shell an ton
Xc thc Host Vi ssh th c host v ngi dng c xc thc. Xc thc host c hon thnh bng cch s dng cc kho o (swapping key). Kho cng khai v kho ring ca host thng thng c lu tr trong /etc/ssh nu bn s dng OpenSSH. Ph thuc vo giao thc c s dng m file kho host s c gi ssh_host_key i vi Giao thc 1 v ssh_host_rsa_key hoc ssh_host_dsa_key i vi giao thc 2. Mi kho ny c mt kho cng cng tng ng, v d ssh_host_key.pub. Khi mt ssh client kt ni ti mt server th server s cung cp mt kho host cng khai. on v d di y ngi dng s c thng bo mt s thng s nh sau:
The authenticity of host 'neptune (10.0.0.8)' can't be established. RSA key fingerprint is 8f:29:c2:b8:b5:b2:e3:e7:ec:89:80:b3:db:42:07:f4. Are you sure you want to continue connecting (yes/no)?
Nu bn ng tip tc kt ni th kho cng khai ca server s c thm vo trong file $HOME/.ssh/known_hosts. Xc thc ngi dng (s dng password) Tip theo ngi dng s c h thng nhc nhp mt khu tng ng vi account ca mnh ng nhp vo server t xa.
114
Ti liu o to Linux trung cp BO MT Xc thc ngi dng (s dng kho) Xc thc ngi dng cng c th i hi cc kho o (swapping key). thc hin iu ny ngi dng s cn phi sinh ra mt cp kho ring / cng khai. V d:
ssh-keygen -t dsa -b 1024
s sinh mt lhjo DSA 1024 bit. Mc nh cc kho ny s c ghi trong $HOME/.ssh v trong v d ny c gi l id_dsa v id_dsa.pub. Gi s rng chng ta c mt id_dsa.pub ta c th thnh lp kho ny vi mt ti khon t xa v trnh c vic phi nhp mt khu i vi cc kt ni sau ny. thc hin c vic ny, ta cn phi copy ni dung ca file id_dsa.pub vo mt file c tn l authorized_keys2 c lu tr trong th mc t xa $HOME/.ssh.
CH
# HostKey for protocol version 1 #HostKey /etc/ssh/ssh_host_key # HostKeys for protocol version 2 #HostKey /etc/ssh/ssh_host_rsa_key #HostKey /etc/ssh/ssh_host_dsa_key
115
ng h phn cng (Harware Clock) ng h phn cng c th c thay i trc tip vi tin ch hwclock. Cc tham s la chn chnh l: -r hoc -show hin th thi gian hin ti
116
Ti liu o to Linux trung cp BO MT -w hoc -systohc -s hoc -hctosys cng hin ti S dng NTP To thi gian ton cu Coordinated Universal Time (UTC) l mt tiu chun c s dng gi thi gian chun da vo s quay trn ca tri t xung quanh trc ca mnh. Tuy nhin do c s sai s nh bt qui tc khi chuyn ng quay trn nn qung nhy ca giy cn c thm vo thang UTC bng cch s dng cc ng h nguyn t. Do my tnh khng c trang b cc ng h nguyn t, tng s dng mt giao thc ng b cc ng h my tnh qua internet. NTP - Network Time Protocol l mt giao thc nh vy. Cc my tnh c cp nht mt cch trc tip bi ng h nguyn t c gi l thi gian chnh (primary time) v c s dng cp nht mt s lng ln my ch thi gian ph khc. iu ny to nn mt cu trc cy ging vi cu trc DNS. My ch gc (root server) mc (tng) u tin, my ch th yu s mc th hai v tng t nh vy vi cc mc thp hn. Cu hnh mt client truy vn mt my ch NTP: Mt tin trnh nn gi l ntpd c s dng truy vn ti mt my ch thi gian t xa. Tham s cn thit l server trong tp /etc/ntp.conf tr n mt my ch NTP cng cng hoc lin kt. Cc my ch ny c th tm thy trc tuyn trn mng. Giao thc NTP cng c th c lng cc li v tn s ca ng h phn cng qua mt chui cc truy vn, c lng ny c ghi vo mt fuke c tham chiu vi th driftfile. thit lp ng h phn cng thnh thi gian h thng hin ti thit lp thi gian h thng vi thi gian ca ng h phn
117
Khi ntpd c bt u n s t tr thnh mt my ch NTP cung cp cc dch v ti cng 123 bng cch s dng UDP. One off queries: Gi ntp cng h tr cng c ntpdate c s dng thit lp thi gian qua mt dng lnh:
ntpdate ntp2.somewhere.com
5. Bo mt nhn
C mt s la chn trong nhn Linux. Bao gm c ch ng b cookie syn_cookie. Trn ngn xp b nh (Stack overflow) c kim sot bi mt ming v bo mt gi l tng m (openwall) hoc OWL. tcp_syncookies kch hot la chn ny bn ch cn thc hin nh sau:
Dng lnh ny s ch th cho nhn gi mt cookie ti client trong tn hiu tr li SYN+ACK ca n. Trong ch ny, my ch s ng socket v i tn hiu ACK ca client vi mt cookie tng ng.
118
Ti liu o to Linux trung cp BO MT Nu file tcp_syncookies khng tn ti trong th mc /proc th bn cn phi dch li nhn vi la chn h tr syncookies. Ch : Mc nh, thm ch nu syncookies c h tr bi nhn th bn cn phi kch hot h tr bng cch thm "1" vo /proc/sys/net/ipv4/tcp_syncookies. iu ny thng c thc hin trong /etc/rc.d/rc.local. Tuy nhin c mt gii php khc hiu qu hn l thm mt u vo (entry) vo /etc/sysctl.conf Ming v bo mt owl (phn ny khng phi l i tng trnh by ca ti liu ny) Ming v ny quan tm n hu ht cc vn lin quan n ngn xp b nh v n khng nm trong phm vi ca kho hc ny.
http://www.openwall.com http://www.kernel.org/pub/linux/kernel/v2.2/
Ming v ny ch h tr cho nhn 2.2-19 hoc phin bn tip theo. Sau khi download linux-2.2.19.tar.gz v linux-2.2.19-ow1.tar.gz vo th mc /usr/src/, chc chn l bn xo linux symbolic link.
[root@nasaspc src]#pwd /usr/src/ [root@nasaspc src]#rm -rf linux
Gii nn cc gi.
[root@nasaspc src]#tar xvzf linux-2.2.19.tar.gz [root@nasaspc src]#tar xvzf linux-2.2.19-owl.tar.gz
119
Ti liu o to Linux trung cp BO MT kim tra h thng, chuyn ti th mc linux-2.2-19-owl. C mt th mc c gi l la chn cha file c tn l stacktest.c.
Nu bn chy stacktest th s thu c danh sch cc la chn. Chy m phng trn b nh. Mt tn cng trn b nh m thnh cng:
[root@nasaspc optional]#stacktest Usage: ./stacktest OPTION Non-executable user stack area tests -t call a GCC trampoline -e simulate a buffer overflow exploit -b simulate an exploit after a trampoline call [root@nasaspc optional]#stacktest -e Attempting to simulate a buffer overflow exploit... Succeeded.
p dng ming v bn cn phi di chuyn ti th mc linux. Sau y l cc cu lnh. S dng ming v openwall:
[root@nasaspc linux]#pwd /usr/src/linux [root@nasaspc linux]#patch -p1 < /usr/src/linux-2.2-19-owl/linux-2.2.19-ow1.diff
120
Ti liu o to Linux trung cp BO MT By gi nu bn thc hin make menuconfig bn s thy mt ca s nhp mi gi l Security options. Cc la chn mc nh u hp l. T y bn c th bt u vic dch hoc ci t nhn nh bnh thng.
121
File nht k quan trng nht l messages ghi li nht k hu ht cc hot ng. File /etc/syslog.conf Khi syslogd c khi ng th mc nh n s c file cu hnh /etc/syslog.conf. u tin cng c th khi ng syslogd vi -f v ng dn n mt file cu hnh tng ng. File ny s phi cha mt danh sch cc mc, tip theo l quyn v cui cng l ng dn n file nht k:
122
Cc mc cho php l : auth v authpriv cron kern mail news user uucp Cc quyn cho php: (t cao n thp)
emerg alert crit err warning notice info debug * none
ngi dng chung v quyn ring cc thng ip tin trnh cron cc thng ip nhn
Cc quyn l ti thiu! Tt c cc quyn cao hn s c h thng ghi nht k. gn mt quyn info bn ch cn s dng du '=' gn nh sau:
user.=info /var/log/user_activity
# Log all kernel messages to the console. # Logging much else clutters up the screen.
123
# Log anything (except mail) of level info or higher. # Don't log private authentication messages! *.info;mail.none;news.none;authpriv.none /var/log/messages
# Everybody gets emergency messages, plus log them on another # machine. *.emerg *.emerg * @10.1.1.254
# Save boot messages also to boot.log local7.* # news.=crit news.=err news.notice /var/log/news/news.crit /var/log/news/news.err /var/log/news/news.notice /var/log/boot.log
2. Cc tin ch nht k
Cu lnh logger
124
Ti liu o to Linux trung cp QUN TR H THNG Tin ch u tin ca nht k l cu lnh logger s ghi cc thng ip vo file /var/log/messages : Nu bn g cu lnh nh sau:
logger
Thit lp a phng (local settings) Tin ch logger s mc nh ghi cc thng bo vo /var/log/messages. Mt s mc a phng (local items) c nh ngha trc c th gip bn to ra cc file nht k ca mnh nh local0 ti local7 l cc item s dng cho ngi qun tr h thng. Cc item c nh ngha ny ph thuc vo h thng (File nht k ghi thng tin thi gian khi ng h thng RedHat local7 trong /var/log/boot.log). Bn hy thm mt dng sau y vo file /etc/syslog.conf:
local4.* /dev/tty9
Khi ng li syslogd
logger -p local4.notice
125
logrotate
Cc file nht k c cp nht bng cch s dng logrotate. Thng thng logrotate c chy hng ngy nh l mt cng vic cron. File cu hnh /etc/logrotate.conf s cha cc cu lnh to hoc nn file.
Danh sch ca logrotate.conf # rotate log files weekly weekly # keep 4 weeks worth of backlogs rotate 4 # send errors to root errors root # create new (empty) log files after rotating old ones create # uncomment this if you want your log files compressed compress # RPM packages drop log rotation information into this directory include /etc/logrotate.d # no packages own lastlog or wtmp -- we'll rotate them here /var/log/wtmp { monthly create 0664 root utmp rotate 1 }
126
Ti liu o to Linux trung cp QUN TR H THNG File crontabs ngi dng c lu gi trong /var/spool/cron/<username>. Cc file ny s khng cho php son tho trc tip bi ngi dng khng phi l ngi dng root v cn thit phi s dng cng c son tho crontab (xem di y). File crontab h thng l /etc/crontab. File ny s thc hin nh k tt c cc script trong /etc/cron.* bao gm bt k ng dn biu tng (symbolic link) tr ti cc scritp hoc cc tp nh phn trong h thng. thc thi cc u vo cron , s dng cng c crontab. Cc cng vic c lp lch c xem vi tham s la chn -l nh m t di y:
crontab -l
# DO NOT EDIT THIS FILE - edit the master and reinstall # (/tmp/crontab.1391 installed on Tue Jul 17 17:56:48 2001) # (Cron version -- $Id: crontab.c,v 2.13 1994/01/17 03:20:37 vixie Exp $) 0 * * 07 2 /usr/bin/find /home/penguin -name core -exec rm {} \;
Liu ngi dng root c crontabs no khng? Tng t nh tham s la chn -e s m trnh son tho mc nh ca bn v cho php nhp u vo cron. Ngi dng root c th s dng -u xem v thay i bt k u vo cron no ca ngi dng. xo file crontab ca bn, s dng crontab -r. y l nh dng ca:
Minutes(0-59) Hours(0-23) Day of Month(1-31) Month(1-12) Day of Week(0-6) command
Quyn: Mc nh, mt ngi dng bt k no c th s dngcrontab. Tuy nhin, bn c th kim sot kh nng truy cp vi /etc/cron.deny v /etc/cron.allow.
Copyright ISE, 2006
127
Lp lch vi at Cc cng vic at c chy bi tin trnh nn atd v c y ra trong /var/spool/at/ Cu lnh at c s dng lp lch mt cng vic ang tt (off task) vi c php nh sau
at [time]
c danh sch y cc nh dng thi gian, xem /usr/share/doc/atxxx/timespec. Bn c th lit k cc cu lnh c lp lch vi atq hoc at -l. Cc cng vicat c ghi trong /var/spool/at/:
Khi s dng atq bn s phi c mt danh sch cc cng vic c nh s. Bn cng c th s dng s ny loi b khi hng i cng vic:
128
Ti liu o to Linux trung cp QUN TR H THNG T vic lit k atq chng ta thy rng s cng vic l 1, do c th loi b cng vic khi hng i nh sau:
at -d 1
Quyn: Mc nh at s hn ch ngi dng root. ghi , bn phi c mt /etc/at.deny rng hoc c /etc/at.allow vi cc tn tng ng.
4. Sao lu v nn
Chin lc sao lu (Backup strategies) C ba chin lc sao lu mt h thng l: y : copy tt c cc file D phng: u tin copy tt c cc file mi c thm hoc thay i k t ln backup cui cng v sau copy tt c cc file mi c thm hoc sa i t ln backup d phng gn nht Sai lch: Copy tt c cc file mi c thm hoc sa i t ln backup y gn y nht V d: nu bn thc hin mt backup y v ba ln backup Sai lch trc khi h thng sp , bn s cn bao nhiu tape khi phc li? To file nn cn lu tr vi tar La chn chnh to ra mt file nn cn lu tr vi tar l -c. Bn cng c th xc nh tn ca archive nh l i s u tin nu s dng c -f.
Copyright ISE, 2006
129
home.tar
Gii nn archives vi tar Thay c -c bng x s to ra cc th mc nu cn thit v copy cc file nn cn lu tr vo th mc hin thi ca bn. chuyn tip kt qu gii nn vo mt th mc (v d th mc /usr/share/doc), bn c th lm nh sau:
Nn Tt c cc archives c th dc nn bng nhiu tin ch khc nhau. Cc c sau s cho php khi to, th nghim (testing) hoc gii nn mt tp cn lu tr:
Kiu nn
130
Ti liu o to Linux trung cp QUN TR H THNG Tin ch cpio Tin ch cpio c s dng copy cc file t hoc n cc file nn. - Gii nn mt file d liu trn tape:
cpio -i < /dev/tape
5. Ti liu
Trang tr gip Manpages v c s d liu whatis
Trang tr gip c t chc theo cc phn NAME SYNOPSYS DESCRIPTION OPTIONS FILES SEE ALSO tn ca mc (item) tip theo bi mt dng ghi ch ngn c php ca cu lnh gii thch di Cc tham s la chn c th Cc file lin quan n item hin ti(v d cc file cu hnh) cc trang hng dn khc lin quan n ch hin ti
Cc phn trn khng th thiu trong mt trang tr gip. C s d liu whatis lu tr phn NAME ca tt c cc trang tr gip trong h thng. Vic lu tr ny c thc hin bi cron hng ngy. C s d liuwhatis c hai u vo nh sau:
name(key) one line description
131
Kt qu u ra l phn NAME y ca cc trang tr gip trong string tng ng vi named(key) Bn cng c th s dng cu lnh man truy vn c s d liu whatis. C php ca man l
man -k <string>
Khng ging nh whatis, cu lnh man s truy vn c name v one line description ca c s d liu. Nu string ph hp vi mt t trong bt k mt trng no trn, truy vn s tr v mt NAME y .
V d: (String ph hp s c bi m)
whatis lilo lilo lilo.conf [lilo] (8) (5) - install boot loader - configuration file for lilo
lilo (8) (8) - command line tool for configuring grub, lilo, and elilo - install boot loader - configuration file for lilo
lilo.conf [lilo]
(5)
132
Cc phn ca trang tr gip Phn 1 Phn 2 Phn 3 Phn 4 Phn 5 Phn 6 Phn 7 Phn 8 Phn 9 thng tin trn cc bng executables Cc li gi h thng, v d mkdir(2) Cc li gi th vin, v d stdio(3) Cc thit b (files trong /dev) Cc file cu hnh v nh dng Cc tr chi Cc gi Macro Cc cu lnh qun tr Cc on m nhn (Kernel routines)
133
Ti liu o to Linux trung cp QUN TR H THNG Cc trang thng tin (infor page) nm trong th mc /usr/share/info. Cc trang ny l cc file nn v c th c vi cng c info. Cc cng c GNU nguyn bn hay s dng cc trang thng tin hn cc trang tr gip (man page). Tuy nhin thng tin v cc d n GNU nh gcc hoc glibc vn c phm vi rng hn trong cc trang thng tin so vi cc trang tr gip. Ti liu trc tuyn Cc d n GNU bao gm cc ti liu nh FAQ, README, CHANGELOG v thnh thong l hng dn user/admin. nh dng ca cc ti lieu ny c th l ASCII text, HTML, LateX hoc postscript. Cc ti liu ny c lu gi trong th mc/usr/share/doc/. HOWTOs v D n ti liu Linux D n ti liu Linux (LDP) cung cp nhiu ti liu chi tit theo cc ch khc nhau. Cc ti liu ny hng dn cch s dng v thc thi trn Linux. a ch ca trang web l www.tldp.org. Cc ti liu The LDP u min ph v c th c phn phi theo giy php CPL.
134
5. Thc hnh
Ghi nht k 1. Thay i file /etc/syslog.conf in ra mt s nht k ti /dev/tty9 (m bo rng bn khi ng li syslogd v kt qu u ra c chuyn gin tip mt cch hp l) 2. Thm mt mc (item) local5 vi quyn ti /ect/syslog.conf v t u ra trc tip ti /dev/tty10. Khi ng li syslogd v s dng logger ghi thng tin qua local5. 3. c script /etc/rc.d/init.d/syslog v thay i /etc/sysconfig/syslog cho php cc host t xa gi cc nht k u ra.
Lp lch 4. To mt u vo cron s khi ng xclock theo nh k 2 pht mt ln. Ch rng cron khng bit cc bin h thng nh PATH v DISPLAY. 5. S dng at. khi ng xclock trong nm phut tip theo.
8. S dng xargs v tar to ra mt file nn d liu ca tt c cc file c cp nht mi hoc thay i trong vng 5 pht gn y nht. 9. Tng t nh trn s dng tham s la chn exec vi cu lnh find. Ch , cc file c lit k bi find c th c tham chiu bi biu tng {}.
Copyright ISE, 2006
135
136
Lnh setserial -g s truy vn cc cng ni tip. Nu ngun ti nguyn (resource) cho cc cng ny cha sn c th gi tr UART l khng bit (unknown). V d cc kt qu ca lnh setserial:
setserial -g /dev/ttyS[0-3] /dev/ttyS0, UART: 16550A, Port: 0x03f8, IRQ: 4 /dev/ttyS1, UART: 16550A, Port: 0x02f8, IRQ: 3 /dev/ttyS2, UART: unknown, Port: 0x03e8, IRQ: 4 /dev/ttyS3, UART: unknown, Port: 0x02e8, IRQ: 3
i vi cc modem khng ni tip chng ta c th ly thng tin v ngun ti nguyn sn c /proc/pci. Hai dng lnh di y minh ho cc thit lp i/o v IRQ c th c chuyn n thit b cn trng /dev/ttyS?
setserial /dev/ttyS2 port 0x2000 irq 3 setserial /dev/ttyS2 autoconfig
Lnh th hai s thit lp UART ph hp. Cc lnh ny s khng cn tc dng trong ln khi ng tip theo v c th c lu ti /etc/rc.serial. Script di dy l mt trong nhng script cui cng c thc hin bi rc.sysinit lc khi ng. 137
Minh ho minicom
Mt cng c thng dng khc l wvdialconf. Cng c ny s t ng kim tra cc modem trn ttyS v to ra mt file cu hnh. File ny s c dng qun l s xc thc ca mt khu v khi to daemon pppd sau khi kt ni thnh cng.
138
3. pppd v chat
Trc ht script chat c dng giao tip vi modem ch t xa. N bao gm mt lot cc xu expect/send. nh dng cc xu ny l nh sau:
Script s c c tun t v bt u vi truy vn trng ' ' , truy vn ny s c i snh vi lnh 'ATZ'. Sau khi modem c khi to, n s gi li truy vn 'OK'. Tip script s tr li vi lnh quay s. Qu trnh giao tip ny s tip tc cho n khi li nhc '>' xut hin ti pha ngi dng thc hin pppd.
V d v script chat:
'ABORT' 'BUSY' 'ABORT' 'ERROR' 'ABORT' 'NO CARRIER' 'ABORT' 'NO DIALTONE' 'ABORT' 'Invalid Login' 'ABORT' 'Login incorrect' '' 'ATZ' 'OK' 'ATDT01172341212' 'CONNECT' '' 'ogin:' 'adrian' 'ord:' 'adrianpasswd' 'TIMEOUT' '5' Copyright ISE, 2006
139
V d trn ch l mt cch thc hin vic giao tip. Chng ta cng c th khi to pppd v gi scrip chat nh sau:
pppd /dev/ttyS2 115200 \ nodetach \ lock \ debug \ crtscts \ asyncmap 0000000 \ connect "/usr/sbin/chat -f /etc/sysconfig/network-scripts/chat-ppp0"
Cc dng pha di lnh pppd c th c lu ti /etc/ppp/options. File ny cha phn ln nhng c tnh to nn kh nng x l v s linh hot ca pppd. V d require-chap s s dng /etc/ppp/chap-secrets cho qu trnh xc thc.
4. PPPD peers
Trong /etc/ppp/ c mt th mc c tn l peers. Trong th mc ny chng ta c th to mt file cha tt c nhng la chn dng lnh cn thit cho pppd. Theo phng thc ny cc kt ni bnh ng c th c khi to bng tt c ngi dng.
140
Lnh ny s quay s c xc nh trong "chat script" v xc thc nh l ngi dng "uk2". Ch rng lnh ny s yu cu nhng gi tr tng ng trong /etc/ppp/chap-secrets v /etc/ppp/pap-secrets. Cu trc cho cc bo mt pap v chap l nh sau:
# Secrets for authentication using CHAP # client server secret uk2 * "uk2" *
IP addresses
Cc dng lnh ny cho php cc mt khu khc nhau c s dng nu chng ta kt ni vi nhng my ch khc nhau. N cng cho php chng ta xc nh mt a ch IP. Thc ra a ch IP khng th xc nh khi kt ni ti mt ISP tuy nhin khi to nhng kt ni ring qu trnh xc nh s c thc hin. V d khi xc nh v tr kim tra hot ng ca mng, chng ta cn xc nh ngi dng no s dng mt a ch IP chc chn.
5. Wvdial
y l mt phng php mc nh Red Hat kt ni n mt mng quay s. Chng ta nn s dng nhng cng c cung cp bi Gnome hoc KDE thit lp nhng thng s cho wvdial trong file /etc/wvdial.conf
Di y l mt v d v file wvdial.conf
Copyright ISE, 2006
141
dng wvdial t dng lnh, chng ta c th thc hin theo c php sau:
# wvdial <dialer-name>
142
IN N
C hai mc ch trong chng ny l gii thiu cc ccng c in n GNU sn c trn Linux v hiu r cc file cu hnh i vi my ch in n.
1. B lc (Filters) v gs
i vi nhng nh dng phi vn bn, h thng Linux v Unix thng s dng cc b lc. Nhng b lc no s chuyn nhng nh dng JPEG hoc troff vo nh dng postscript. V nh dng ny c th c gi trc tip n my in postscript, tuy nhin khng phi tt c my in thng thng c kh nng x l postscript, mt thit b trung gian "my in postscript o" c tn l gs (ghostscript) s chuyn i postscript vo PCL. Bn thng mi ca ghostscript l Aladdin Ghostscript v bn GNU l version c hn. Tin ch gs c mt c s d liu ca cc thit b iu khin (driver) cho my in (danh sch cc thit b iu khin thng xuyn c cp nht, v d rt nhiu cc my in USB c th dng c), do tin ch ny s x l v chuyn i postscript trc tip vo PCL cho nhng loi my in bit. Tin ch gs ng vai tr trung tm trong qu trnh x l in n ca Linux.
2. My in v hng i in
Nh cp trn cc dng vn bn ascii n gin khng cn x l theo cch thc ging nh cc file hnh nh hoc postscript. Nu chng ta ch c duy nht mt my in v v d mun in ra nhng bc th, th chng ta khng cn thit s dng b lc. Chng ta s nh ngha mt hng i thay th b lc v gip qu trnh in din ra nhanh hn. Chng ta cng c th nh ngha mt hng i trn cng mt my in dnh cho vic x l cc file postscript.
143
Ti liu o to Linux trung cp IN N Tt c cc hng i v my in c nh ngha trong /etc/printcap. Di y l cu hnh y ca mt my in t xa 192.168.1.20 s dng hng i t xa c tn l 'lp':
lp:\ :sd=/var/spool/lpd/lp:\ :mx#0:\ :sh:\ :rm=192.168.1.20:\ :rp=lp:
Cc la chn cn thit y l rm dnh cho my ch t xa, sd l th mc ng ng my in (spool), v rp l tn ca hng i t xa. Ch rng khng c b lc no c xc nh y (chng ta c th s dng lnh if cho b lc u vo). Tt c cc qu trnh lc c thc hin trn my ch t xa.
3. Cc cng c in n
lpr:
Tin ch lpr c dng gi cc cng vic lin quan n in n ti my in. y l mt phin bn mi ca lp (line print). i vi ngi dng s thun tin hn nu nh mt my in c th gn kt vi nhiu hn mt hng i. Di y l hai v d in mt file c tn l LETTER. Gi cng vic n my in mc nh:
lpr LETTER
144
In num bn copies Ch nh hng in pq To mt lin kt tng trng trong th mc ng ng my in thay cho qu trnh copy file vo
lpq:
Ngi dng c th quan st trng thi ca hng in bng tin ch lpq. Di y l mt vi v d. Hin th cc cng vic trong hng i mc nh:
lpq
lprm:
Tu thuc vo la chn trong /etc/lpd.perms ngi dng c th c php xo nhng cng vic ang ch i bng lnh lprm. Xo cng vic cui cng c gi i
lprm
145
Xo tt c cng vic c gi i:
lprm -a (or simply lprm -)
Chng ta cng c th xo mt cng vic c th trong ng ng my in bng cch ch ra gi tr ca cng vic, gi tr ny c to ra bi lpq.
lpc:
Tin ch iu khin my in theo dng (Line Printer Control) c dng iu khin cc hng in v cc my in. Cc hng in c th b v hiu ho hoc lm vic tr li. Ch rng lnh lprm ch c th xo cc cng vic t hng i nhng khng c th dng li mt hng i. Chng ta c th thc hin tng tc vi lpc (lpc c du nhc ring) hoc s dng dng lnh. Di y l kt qu ca lnh lpc help:
CMD: /usr/sbin/lpc help Commands may be abbreviated. abort clean enable exit disable help down quit Commands are: restart status start stop topq up ?
Cc la chon enable/disable/topq/up lin quan n hng i. Cc la chn start/stop/down lin quan n my in.
4. Cc file cu hnh
/etc/printcap
146
Ti liu o to Linux trung cp IN N Nh cp trong phn trc ca chng ny, file trn s nh ngha tt c cc my in v hng i m h thng c th dng (t xa hoc cc b). My in mc nh c th c xc nh vi cc bin LPDEST hoc PRINTER: PRINTER=lp Nu khng c bin mi trng no c thit lp, my in mc nh l my in u tin c nh ngha trong /etc/printcap.
Cc nh ngha chnh l: lp mx sd if rm rp tn thit b, thng thng /dev/lp0 cho cng song song dung lng file ln nht (gi tr 0 c ngha l khng gii hn) th mc ng ng my in b lc u vo a ch my ch t xa hoc IP tn hng i t xa
y l mt file c ni dung rt di v ngm nh l tt c cc la chon u c ghi ch. File ny c dng khi ngi qun tr mng mun c thm quyn iu khin i vi qu trnh in n (v d: xc thc quyn truy nhp t xa, cc quyn ca ngi dng...)
/etc/lpd.perms File ny iu khin cc quyn lin quan n cc tin ch lpc, lpq, v lprm. C th chng ta c th cung cp cho ngi dng quyn loi b nhng cng vic hin thi ca h t hng i vi dng lnh sau:
Copyright ISE, 2006
147
ACCEPT
SERVICE=M
SAMEHOST SAMEUSER
LPRng s s dng mt h thng cc phm rt gn cc mc trong lpd.perms. Tuy nhin qu trnh ny khng d dng c th hiu c i vi nhiu trng hp. V d dch v 'M' tng ng vi lprm trong dng lnh pha trn.
V d v file /etc/lpd.perms:
## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## Permissions are checked by the use of 'keys' and matches. For each of the following LPR activities, the following keys have a value. Key Match Connect Job Spool SERVICE S 'X' 'R' USER S JUSR HOST S RH JH GROUP S JUSR IP IP RIP JIP PORT N PORT PORT REMOTEUSER S JUSR REMOTEHOST S RH RH REMOTEGROUP S JUSR REMOTEIP IP RIP RIP CONTROLLINE S CL PRINTER S PR FORWARD V SA SAMEHOST V SA SAMEUSER V SERVER V SV LPC S AUTH V AU AUTHTYPE S AU AUTHUSER S AU AUTHFROM S AU AUTHSAMEUSER S AU Job Print 'P' JUSR JH JUSR JIP JUSR JH JUSR JIP CL PR AU AU AU AU AU LPQ 'Q' JUSR JH JUSR RIP PORT JUSR RH JUSR RIP CL PR SA SU SV AU AU AU AU AU LPRM 'M' JUSR JH JUSR JIP PORT CUSR RH CUSR RIP CL PR SA SA SU SV AU AU AU AU AU LPC 'C' JUSR JH JUSR JIP PORT CUSR RH CUSR RIP CL PR SA SA SU SV LPC AU AU AU AU AU
KEY: JH = HOST host in control file RH = REMOTEHOST connecting host name JUSR = USER user in control file AUTH will match (true) if authenticated transfer AUTHTYPE will match authentication type
148
149
/etc/host.{lpd,equiv} Nhng file ny c dng bi h thng cc qu trnh in n LRP v c ri ro v bo mt. Khi thc hin my dch v in, chng ta cn xc nh nhng my ch no c th truy cp vo my in trong /etc/hosts.lpd. Chng ta cng cn b sung nhng my ch ny vo /etc/hosts.equiv.
Nhng file ny ngy nay c thay th trong LPRng bng file /etc/lpd.perms
150
5. Thc hnh
1. S dng printtool v ti mt hng i cc b c tn l lp. 2. Chnh sa thit b /dev/tty10 nh l thit b my in (nh thc hin chmod 666 /dev/tty10 cho php in n trn thit b ny). By gi bn c mt my in o trn h thng ca bn! 3. Gi cc cng vic n hng in s dng lpr v pr. 4. Vi cng c in n trn h thng ca bn, hy nh ngha cc hng i t xa khc nhau - mt hng i UNIX - mt hng i SMB Nu bn ang s dng my ch, chc chn cc cu lnh ph hp trn s c nh ngha trong /etc/lpd.perms Trong mi trng hp - kim tra file /etc/printcap. B lc no c s dng? My ch t xa c nh ngha nh th no? - kim tra th mc /var/spool/lpd/ 5. Dng cc hng in khc nhau v cc my in vi lpc. 6. Kim tra ni dung ca mi hng in vi lpc. 7. Loi b khi hng i nhng cng vic c th vi lprm
151