Linux 2

TI LIU O TO
QUN TR H THNG LINUX 2
Ti liu ny c bin son theo ti liu ging dy ca Vin Linux (LPI)
H NI 2006
GII THIU GIY PHP CNG CNG GNU

BN DCH TING VIT CA GIY PHP CNG CNG GNU
y l bn dch ting Vit khng chnh thc ca Giy php Cng cng GNU. Bn dch ny khng phi do T chc Phn mm T do n hnh, v n khng quy nh v mt php l cc iu khon cho cc phn mm s dng giy php GNU GPL -- ch c bn ting Anh gc ca GNU GPL mi c tnh php l. Tuy nhin, chng ti hy vng rng bn dch ny s gip cho nhng ngi ni ting Vit hiu r hn v GNU GPL.
GIY PHP CNG CNG GNU (GPL)

Giy php cng cng GNU Phin bn 2, thng 6/1991 Copyright (C) 1989, 1991 Free Software Foundation, Inc. 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA Mi ngi u c php sao chp v lu hnh bn sao nguyn bn nhng khng c php thay i ni dung ca giy php ny.
Li ni u
Giy php s dng ca hu ht cc phn mm u c a ra nhm hn ch bn t do chia s v thay i n. Ngc li, Giy php Cng cng ca GNU c mc ch m bo cho bn c th t do chia s v thay i phn mm t do - tc l m bo rng phn mm l t do i vi mi ngi s dng. Giy php Cng cng ny p dng cho hu ht cc phn mm ca T chc Phn mm T do v cho tt c cc chng trnh khc m tc gi cho php s dng. (i vi mt s phn mm khc ca T chc Phn Mm T do, p dng Giy php Cng cng Hn ch ca GNU thay cho giy php cng cng). Bn cng c th p dng n cho cc chng trnh ca mnh. Khi ni n phn mm t do, chng ta ni n s t do s dng ch khng quan tm v gi c. Giy php Cng cng ca chng ti c thit k m bo rng bn hon ton t do cung cp cc bn sao ca phn mm t do (cng nh kinh doanh dch v ny nu bn mun), rng bn c th nhn c m ngun nu bn c yu cu, rng bn c th thay i phn mm hoc s dng cc thnh phn ca phn mm cho nhng chng trnh t do mi; v rng bn bit chc l bn c th lm c nhng iu ny. bo v bn quyn ca bn, chng ti cn a ra nhng hn ch ngn chn nhng ai chi b quyn ca bn, hoc yu cu bn chi b quyn ca mnh. Nhng hn ch ny cng
c ngha l nhng trch nhim nht nh ca bn khi cung cp cc bn sao phn mm hoc khi chnh sa phn mm . V d, nu bn cung cp cc bn sao ca mt chng trnh, d min ph hay khng, bn phi cho ngi nhn tt c cc quyn m bn c. Bn cng phi m bo rng h cng nhn c hoc tip cn c m ngun. V bn phi thng bo nhng iu khon ny cho h h bit r v quyn ca mnh. Chng ti bo v quyn ca bn vi hai bc: (1) bo v bn quyn phn mm, v (2) cung cp giy php ny bn c th sao chp, lu hnh v/hoc chnh sa phn mm mt cch hp php. Ngoi ra, bo v cc tc gi cng nh bo v chnh mnh, chng ti mun chc chn rng tt c mi ngi u hiu r rng khng h c bo hnh i vi phn mm t do ny. Nu phn mm c chnh sa thay i bi mt ngi khc v sau lu hnh, th chng ti mun nhng ngi s dng bit rng phin bn h ang c khng phi l bn gc, do tt c nhng trc trc do nhng ngi khc gy ra hon ton khng nh hng ti uy tn ca tc gi ban u. Cui cng, bt k mt chng trnh t do no cng u thng xuyn c nguy c b e do v giy php bn quyn. Chng ti mun trnh nguy c khi nhng ngi cung cp li mt chng trnh t do c th c c giy php bn quyn cho bn thn h, t tr thnh c quyn i vi chng trnh . ngn nga trng hp ny, chng ti nu r rng mi giy php bn quyn hoc phi c cp cho tt c mi ngi s dng mt cch t do hoc hon ton khng cp php. Di y l nhng iu khon v iu kin r rng i vi vic sao chp, lu hnh v chnh sa.
Nhng iu khon v iu kin i vi vic sao chp, lu hnh v chnh sa

0. Giy php ny p dng cho bt k mt chng trnh hay sn phm no m ngi gi bn quyn cng b rng n c th c cung cp trong khun kh nhng iu khon ca Giy php Cng cng ny. T Chng trnh di y c ngha l tt c cc chng trnh hay sn phm nh vy, v sn phm da trn Chng trnh c ngha l Chng trnh hoc bt k mt sn phm no bt ngun t chng trnh tun theo lut bn quyn, ngha l mt sn phm da trn Chng trnh hoc mt phn ca n, ng nguyn bn hoc c mt s chnh sa v/hoc c dch ra mt ngn ng khc. (Di y, vic dch cng c hiu trong khi nim chnh sa). Mi ngi c cp php c gi l bn.
Trong Giy php ny khng cp ti cc hot ng khc ngoi vic sao chp, lu hnh v chnh sa; chng nm ngoi phm vi ca giy php ny. Hnh ng chy chng trnh khng b hn ch, v nhng kt qu t vic chy chng trnh ch c cp ti nu ni dung ca n to thnh mt sn phm da trn chng trnh (c lp vi vic chy chng trnh). iu ny ng hay khng l ph thuc vo Chng trnh. 1. Bn c th sao chp v lu hnh nhng phin bn nguyn bn ca m ngun Chng trnh ng nh khi bn nhn c, qua bt k phng tin phn phi no, vi iu kin trn mi bn sao bn u km theo mt ghi ch bn quyn r rng v t chi bo hnh; gi nguyn tt c cc ghi ch v Giy php v v vic khng c bt k mt s bo hnh no; v cng vi Chng trnh bn cung cp cho ngi s dng mt bn sao ca Giy php ny. Bn c th tnh ph cho vic chuyn giao bn sao, v tu theo quyt nh ca mnh bn c th cung cp bo hnh i li vi chi ph m bn tnh. 2. Bn c th chnh sa bn sao ca bn hoc cc bn sao ca Chng trnh hoc ca bt k phn no ca n, t hnh thnh mt sn phm da trn Chng trnh, v sao chp cng nh lu hnh sn phm hoc nhng chnh sa theo iu khon trong Mc 1 trn, vi iu kin bn p ng c nhng iu kin di y: a) Bn phi c ghi ch r rng trong nhng tp tin chnh sa l bn chnh sa n, v ngy thng ca bt k mt thay i no. b) Bn phi cp php min ph cho tt c cc bn th ba i vi cc sn phm bn cung cp hoc pht hnh, bao gm Chng trnh nguyn bn, tng phn ca n hay cc sn phm da trn Chng trnh hay da trn tng phn ca Chng trnh, theo nhng iu khon ca Giy php ny. c) Nu chng trnh chnh sa thng c lnh tng tc trong khi chy, bn phi thc hin sao cho khi bt u chy s dng tng tc theo cch thng thng nht phi c mt thng bo bao gm bn quyn v thng bo v vic khng c bo hnh (hoc thng bo bn l ngi cung cp bo hnh), v rng ngi s dng c th cung cp li Chng trnh theo nhng iu kin ny, v thng bo ngi s dng c th xem bn sao ca Giy php ny. (Ngoi l: nu bn thn Chng trnh l tng tc nhng khng c mt thng bo no nh trn, th sn phm ca bn da trn Chng trnh cng khng bt buc phi c thng bo nh vy). Nhng yu cu trn p dng cho ton b cc sn phm chnh sa. Nu c nhng phn ca sn phm r rng khng bt ngun t Chng trnh, v c th c xem l c lp v ring bit, th Giy php ny v cc iu khon ca n s khng p dng cho nhng phn khi
bn cung cp chng nh nhng sn phm ring bit. Nhng khi bn cung cp nhng phn nh nhng phn nh trong c mt sn phm da trn Chng trnh, th vic cung cp ny phi tun theo nhng iu khon ca Giy php ny, cho php nhng ngi c cp php c quyn i vi ton b sn phm, cng nh i vi tng phn trong , bt k ai vit n. Nh vy, iu khon ny khng nhm mc ch xc nhn quyn hoc tranh ginh quyn ca bn i vi nhng sn phm hon ton do bn vit; m mc ch ca n l nhm thi hnh quyn kim sot i vi vic cung cp nhng sn phm bt ngun hoc tng hp da trn Chng trnh. Ngoi ra, vic kt hp thun tu Chng trnh (hoc mt sn phm da trn Chng trnh) vi mt sn phm khng da trn Chng trnh vi mc ch lu tr hoc qung b khng a sn phm vo trong phm vi p dng ca Giy php ny. 3. Bn c th sao chp v cung cp Chng trnh (hoc mt sn phm da trn Chng trnh, nu trong Mc 2) di hnh thc m bin dch hoc dng c th thc thi c trong khun kh cc iu khon nu trong Mc 1 v 2 trn, nu nh bn: a) Km theo mt bn m ngun dng y c th bin dch c theo cc iu khon trong Mc 1 v 2 nu trn trong mt mi trng trao i phn mm thng thng; hoc, b) Km theo mt ngh c hn trong t nht 3 nm, theo cung cp cho bt k mt bn th ba no mt bn sao y ca m ngun tng ng, v phi c cung cp vi gi chi ph khng cao hn gi chi ph vt l ca vic cung cp theo cc iu khon trong Mc 1 v 2 nu trn trong mt mi trng trao i phn mm thng thng; hoc c) Km theo thng tin bn nhn c ngh cung cp m ngun tng ng. (Phng n ny ch c php i vi vic cung cp phi thng mi v ch vi iu kin nu bn nhn c Chng trnh di hnh thc m bin dch hoc dng c th thc thi c cng vi li ngh nh vy, theo phn b trong iu khon nu trn). M ngun ca mt sn phm l mt dng u tin ca sn phm dnh cho vic chnh sa n. Vi mt sn phm c th thi hnh, m ngun hon chnh c ngha l tt c cc m ngun cho cc mun trong sn phm , cng vi tt c cc tp tin nh ngha giao din i km vi n, cng vi cc hng dn dng kim sot vic bin dch v ci t cc tp thi hnh. Tuy nhin, mt ngoi l c bit l m ngun khng cn cha bt k mt th g m bnh thng c cung cp (t ngun khc hoc hnh thc nh phn) cng vi nhng thnh
phn chnh (chng trnh bin dch, nhn, v nhng phn tng t) ca h iu hnh m cc chng trnh chy trong , tr khi bn thn thnh phn li i km vi mt tp thi hnh. Nu vic cung cp lu hnh m bin dch hoc tp tin thi hnh c thc hin qua vic cho php tip cn v sao chp t mt a im c ch nh, th vic cho php tip cn tng ng ti vic sao chp m ngun t cng a im cng c tnh nh vic cung cp m ngun, mc d thm ch cc bn th ba khng b buc phi sao chp m ngun cng vi m bin dch. 4. Bn khng c php sao chp, chnh sa, cp php hoc cung cp Chng trnh tr phi phi tun th mt cch chnh xc cc iu khon trong Giy php. Bt k nh sao chp, chnh sa, cp php hoc cung cp Chng trnh theo cch khc u lm mt hiu lc v t ng hu b quyn ca bn trong khun kh Giy php ny. Tuy nhin, cc bn nhn c bn sao hoc quyn t bn vi Giy php ny s khng b hu b giy php nu cc bn vn tun th y cc iu khon ca giy php. 5. Bn khng bt buc phi chp nhn Giy php ny khi bn cha k vo . Tuy nhin, khng c g khc m bo cho bn c php chnh sa hoc cung cp Chng trnh hoc cc sn phm bt ngun t Chng trnh. Nhng hnh ng ny b lut php nghim cm nu bn khng chp nhn Giy php ny. Do vy, bng vic chnh sa hoc cung cp Chng trnh (hoc bt k mt sn phm no da trn Chng trnh), bn th hin s chp thun i vi Giy php ny, cng vi tt c cc iu khon v iu kin i vi vic sao chp, cung cp hoc chnh sa Chng trnh hoc cc sn phm da trn n. 6. Mi khi bn cung cp li Chng trnh (hoc bt k mt sn phm no da trn Chng trnh), ngi nhn s t ng nhn c giy php t ngi cp php u tin cho php sao chp, cung cp v chnh sa Chng trnh theo cc iu khon v iu kin ny. Bn khng th p t bt c hn ch no khc i vi vic thc hin quyn ca ngi nhn c cp php t thi im . Bn cng khng phi chu trch nhim bt buc cc bn th ba tun th theo Giy php ny. 7. Nu nh, theo quyt nh ca to n hoc vi nhng bng chng v vic vi phm bn quyn hoc v bt k l do no khc (khng gii hn trong cc vn v bn quyn), m bn phi tun theo cc iu kin (nu ra trong lnh ca to n, bin bn tho thun hoc ni khc) tri vi cc iu kin ca Giy php ny, th chng cng khng th min cho bn khi nhng iu kin ca Giy php ny. Nu bn khng th ng thi thc hin cc ngha v ca mnh trong khun kh Giy php ny v cc ngha v thch ng khc, th hu qu
l bn hon ton khng c cung cp Chng trnh. V d, nu trong giy php bn quyn khng cho php nhng ngi nhn c bn sao trc tip hoc gin tip qua bn c th cung cp li Chng trnh th trong trng hp ny cch duy nht bn c th tho mn c hai iu kin l hon ton khng cung cp Chng trnh. Nu bt k mt phn no trong iu khon ny khng c hiu lc hoc khng th thi hnh trong mt hon cnh c th, th s cn i p dng cc iu khon, v ton b iu khon s c p dng trong nhng hon cnh khc. Mc ch ca iu khon ny khng nhm buc bn phi vi phm bt k mt bn quyn no hoc cc quyn s hu khc hoc tranh lun v gi tr hiu lc ca bt k quyn hn no nh vy; mc ch duy nht ca iu khon ny l nhm bo v s ton vn ca h thng cung cp phn mm t do ang c thc hin vi giy php cng cng. Nhiu ngi ng gp rt nhiu vo s a dng ca cc phn mm t do c cung cp thng qua h thng ny vi s tin tng rng h thng c s dng mt cch thng nht; tc gi/ngi cung cp c quyn quyt nh rng h c mong mun cung cp phn mm thng qua h thng no khc hay khng, v ngi c cp php khng th c nh hng ti s la chn ny.
iu khon ny nhm lm r nhng h qu ca cc phn cn li ca Giy php ny.

8. Nu vic cung cp v/hoc s dng Chng trnh b cm mt s nc nht nh bi quy nh v bn quyn, ngi gi bn quyn gc a Chng trnh vo di Giy php ny c th b sung mt iu khon hn ch vic cung cp nhng nc , ngha l vic cung cp ch c php cc nc khng b lit k trong danh sch hn ch. Trong trng hp ny, Giy php a vo nhng hn ch c ghi trong ni dung ca n. 9. T chc Phn mm T do c th theo thi gian cng b nhng phin bn chnh sa v/hoc phin bn mi ca Giy php Cng cng. Nhng phin bn s ng nht vi tinh thn ca phin bn hin ny, nhng c th khc mt s chi tit nhm gii quyt nhng vn hay nhng lo ngi mi. Mi phin bn s c mt m s phin bn ring. Nu Chng trnh v "bt k mt phin bn no sau " c p dng mt phin bn Giy php c th, bn c quyn la chn tun theo nhng iu khon v iu kin ca phin bn giy php hoc ca bt k mt phin bn no sau do T chc Phn mm T do cng b. Nu Chng trnh khng nu c th m s phin bn giy php, bn c th la chn bt k mt phin bn no tng c cng b bi T chc Phn mm T do.
10. Nu bn mun kt hp cc phn ca Chng trnh vo cc chng trnh t do khc m iu kin cung cp khc vi chng trnh ny, hy vit cho tc gi c php. i vi cc phn mm c cp bn quyn bi T chc Phm mm T do, hy xut vi t chc ny; i khi chng ti cng c nhng ngoi l. Quyt nh ca chng ti s da trn hai mc tiu l bo h tnh trng t do ca tt c cc sn phm bt ngun t phn mm t do ca chng ti, v thc y vic chia s v ti s dng phn mm ni chung.
KHNG BO HNH
DO CHNG TRNH C CP PHP MIN PH NN KHNG C MT CH BO HNH NO TRONG MC CHO PHP CA LUT PHP. TR KHI C CNG B KHC I BNG VN BN, NHNG NGI GI BN QUYN V/HOC CC BN CUNG CP CHNG TRNH NGUYN BN S KHNG BO HNH DI BT K HNH THC NO, BAO GM NHNG KHNG GII HN TRONG CC HNH THC BO HNH I VI TNH THNG MI CNG NH TNH THCH HP CHO MT MC CH C TH. BN L NGI CHU TON B RI RO V CHT LNG CNG NH VIC VN HNH CHNG TRNH. TRONG TRNG HP CHNG TRNH C KHIM KHUYT, BN PHI CHU TON B CHI PH CHO NHNG DCH V SA CHA CN THIT. TRONG TT C CC TRNG HP TR KHI C YU CU CA LUT PHP HOC C THO THUN BNG VN BN, NHNG NGI C BN QUYN HOC BT K MT BN NO CHNH SA V/HOC CUNG CP LI CHNG TRNH TRONG CC IU KIN NH NU TRN U KHNG C TRCH NHIM VI BN V CC LI HNG HC, BAO GM CC LI CHUNG HAY C BIT, NGU NHIN HAY TT YU NY SINH DO VIC S DNG HOC KHNG S DNG C CHNG TRNH (BAO GM NHNG KHNG GII HN TRONG VIC MT D LIU, D LIU THIU CHNH XC HOC CHNG TRNH KHNG VN HNH C VI CC CHNG TRNH KHC), THM CH C KHI NGI C BN QUYN V CC BN KHC C THNG BO V KH NNG XY RA NHNG THIT HI .
KT THC CC IU KIN V IU KHON.

p dng nhng iu khon trn nh th no i vi chng trnh ca bn Nu bn xy dng mt chng trnh mi, v bn mun cung cp mt cch ti a cho cng chng s dng, th bin php tt nht t c iu ny l pht trin chng trnh
thnh phn mm t do ai cng c th cung cp li v thay i theo nhng iu khon nh trn. lm c vic ny, hy nh km nhng thng bo nh sau cng vi chng trnh ca mnh. An ton nht l nh km chng trong phn u ca tp tin m ngun thng bo mt cch hiu qu nht v vic khng c bo hnh; v mi tp tin u phi c t nht mt dng v bn quyn v tr n ton b thng bo. Mt dng tn chng trnh v ni dung ca n. Bn quyn (C) nm, tn tc gi. Chng trnh ny l phn mm t do, bn c th cung cp li v/hoc chnh sa n theo nhng iu khon ca Giy php Cng cng ca GNU do T chc Phn mm T do cng b; phin bn 2 ca Giy php, hoc bt k mt phin bn sau (tu s la chn ca bn). Chng trnh ny c cung cp vi hy vng n s hu ch, tuy nhin KHNG C BT K MT BO HNH NO; thm ch k c bo hnh v KH NNG THNG MI hoc TNH THCH HP CHO MT MC CH C TH. Xin xem Giy php Cng cng ca GNU bit thm chi tit. Bn phi nhn c mt bn sao ca Giy php Cng cng ca GNU km theo chng trnh ny; nu bn cha nhn c, xin gi th v T chc Phn mm T do, 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. Xin hy b sung thng tin v a ch lin lc ca bn (th in t v bu in). Nu chng trnh chy tng tc, hy a mt thng bo ngn khi bt u chy chng trnh nh sau: Gnomovision phin bn 69, Copyright (C) nm, tn tc gi. Gnomovision HON TON KHNG C BO HNH; xem chi tit hy g `show w'. y l mt phn mm min ph, bn c th cung cp li vi nhng iu kin nht nh, g show c xem chi tit. Gi thit lnh `show w' v `show c' cho xem nhng phn tng ng trong Giy php Cng cng. Tt nhin nhng lnh m bn dng c th khc vi show w' v `show c'; nhng lnh ny c th l nhn chut hoc lnh trong thanh cng c - tu theo chng trnh ca bn. Bn cng cn phi ly ch k ca ngi ph trch (nu bn l ngi lp trnh) hoc ca trng hc (nu c) xc nhn t chi bn quyn i vi chng trnh. Sau y l v d: Yoyodyne, Inc., ti y t chi tt c cc quyn li bn quyn i vi chng trnh `Gnomovision' vit bi James Hacker.
Ch k ca Ty Coon, 1 April 1989 Ty Coon, Ph Tng Gim c. Giy php Cng cng ny khng cho php a chng trnh ca bn vo trong cc chng trnh c quyn. Nu chng trnh ca bn l mt th vin th tc ph, bn c th thy n hu ch hn nu cho th vin lin kt vi cc ng dng c quyn. Nu y l vic bn mun lm, hy s dng Giy php Cng cng Hn ch ca GNU thay cho Giy php ny.
GII THIU
Gii thiu ti liu Ti liu Qun tr h thng Linux l cun gio trnh b ch, c xy dng vi mc ch chuyn ti cc kin thc ht sc c bn nhng cn thit i vi cc hc vin, c bit l i vi nhng ngi lm cng tc ging dy. c bin son da trn b gio trnh ca Hc vin Linux LPI (Linux Professional Institute). y l b gio trnh c bin son mt cch cng phu, t m v khoa hc, dng cho vic o to v n luyn cc chng ch LPI ca Hc vin Linux. Do ang trong qu trnh xy dng h thng gio trnh v bi ging mt cch khoa hc v chuyn nghip. V vy, trong qu trnh dch v bin son ti liu khng trnh khi nhng thiu st. Rt mong c s ng gp kin ca ngi c ti liu ngy cng c hon chnh hn. Hi vng trong thi gian ti, cng vi s cng tc cht ch gia RedHat v Cng ty ISE, chng ti s xy dng c b gio trnh hon chnh, khoa hc v phong ph hn. Nhm tc gi xin chn thnh cm n v chc cho ngi c c c mt kho hc b ch. Nhm tc gi Cng ty ISE
Gii thiu chng trnh o to ISE Linux Chng trnh o to ISE Linux bao gm 3 kho hc: Linux C bn (Basic Course) Linux Trung cp (Intermediate Course) Linux Nng cao (Advanced Course) Vi 03 kho ISE Linux ny, lng kin thc em li cho hc vin l c th tham gia vo cc k thi t chng ch quc t nh Chng ch LPI, Chng ch RedHat, ...
Cc qui c ca ti liu Cc cu lnh v tn file s c hin th bng ch bi m. K hiu <> c s dng biu th cc tham s khng phi l tham s la chn K hiu [] biu th cc tham s la chn
Cu lnh c th c nh trc tip trong ca s shell v c lm ni bt nh sau Cu lnh
hoc cu lnh
MC LC
NHN LINUX.......................................................................................................... 17 1. Khi nim nhn .................................................................................................. 17 2. Nhn Modular .................................................................................................... 18 3. Bin dch li nhn .............................................................................................. 19 3.1 Gii nn m ngun....................................................................................... 19 3.2 Cu hnh nhn.............................................................................................. 20 3.3 Dch nhn..................................................................................................... 22 3.4 Ci t mt nhn mi .................................................................................. 24 3.5 Phin bn nhn y ................................................................................. 25 3.6 Khi to Ramdisks ...................................................................................... 26 3.7 La chn ...................................................................................................... 26 3.8 Chy li LILO.............................................................................................. 26 4. Thc hnh .......................................................................................................... 27 KHI NG LINUX ............................................................................................. 28 Tng quan .............................................................................................................. 28 1. Tm hiu cc mc thc thi (Runlevels) ............................................................. 28 2. inittab ................................................................................................................. 30 3. GRUB - GRand Unified Bootloader.................................................................. 33 4. T khi ng n bash....................................................................................... 34 5. Thc hnh .......................................................................................................... 36 QUN L NGI DNG V NHM ................................................................ 37 1. To ngi dng mi........................................................................................... 37 2. Lm vic vi nhm ............................................................................................ 38
3. File cu hnh....................................................................................................... 40 4. Cc tham s la chn ca cu lnh................................................................... 43 5. Sa thit lp mc nh v ti khon................................................................... 44 6. Thc hnh .......................................................................................................... 47 CU HNH MNG ................................................................................................. 49 1. The Network Interface ....................................................................................... 49 2. Thng tin my ch (Host Information).............................................................. 50 3. Khi ng (Start) v dng (Stop) mng ............................................................ 52 4. nh tuyn.......................................................................................................... 54 5. Cc cng c mng.............................................................................................. 57 6. Thc hnh .......................................................................................................... 60 MNG TCP/IP ........................................................................................................ 62 1. S nh phn v Dotted Quad .............................................................................. 62 2. a ch Broadcast, a ch mng v netmask ..................................................... 63 3. Lp mng ........................................................................................................... 65 4. Subnets............................................................................................................... 67 5. H giao thc TCP/IP.......................................................................................... 69 6. Cc dch v v cc cng trong TCP/IP .............................................................. 71 7. Thc hnh .......................................................................................................... 74 CC DCH V MNG........................................................................................... 75 1. Tin trnh nn inetd (c) .................................................................................... 75 2. Tin trnh nn xinetd.......................................................................................... 77 3. TCP wrappers..................................................................................................... 78 4. Thit lp NFS..................................................................................................... 79 5. SMB v NMB .................................................................................................... 80
6. Cc dch v DNS ............................................................................................... 83 8. My ch Apaches............................................................................................... 89 9. Thc hnh .......................................................................................................... 91 BASH SCRIPTING ................................................................................................. 94 1. Mi trng bash................................................................................................. 94 2. Cc yu t cn thit Scripting ............................................................................ 96 3. Cc c lng logic........................................................................................... 98 4. Vng lp............................................................................................................. 99 5. u vo do ngi dng nhp........................................................................... 101 6. Lm vic vi s................................................................................................ 102 7. Thc hnh ........................................................................................................ 104 BO MT .............................................................................................................. 106 1. Bo mt a phng......................................................................................... 106 2. An ninh mng................................................................................................... 109 3. Shell an ton..................................................................................................... 114 4. Cu hnh thi gian............................................................................................ 116 5. Bo mt nhn ................................................................................................... 118 QUN TR H THNG LINUX......................................................................... 122 Tng quan ............................................................................................................ 122 1. Logfiles v cc file cu hnh ............................................................................ 122 2. Cc tin ch nht k ......................................................................................... 124 3. Cc cng vic t ng (Automatic Tasks)....................................................... 126 4. Sao lu v nn.................................................................................................. 129 5. Ti liu ............................................................................................................. 131 5. Thc hnh ........................................................................................................ 135
CI T PPP ........................................................................................................ 137 1. Serial Modems ................................................................................................. 137 2. Cu hnh quay s (dialup)................................................................................ 138 3. pppd v chat ..................................................................................................... 139 4. PPPD peers....................................................................................................... 140 5. Wvdial.............................................................................................................. 141 IN N ...................................................................................................................... 143 1. B lc (Filters) v gs........................................................................................ 143 2. My in v hng i in ...................................................................................... 143 3. Cc cng c in n............................................................................................. 144 4. Cc file cu hnh .............................................................................................. 146 5. Thc hnh ........................................................................................................ 151
Ti liu o to Linux trung cp NHN LINUX
NHN LINUX 1. Khi nim nhn

C 2 kiu nhn Linux, l:
A:
Nguyn khi (Monolithic)
L mt loi nhn h tr tt c cc phn cng, network v filesytem, c bin dch vo trong mt file image n. B: H tr module (Modular)
L loi nhn cha mt s trnh iu khin, c bin dch nh l cc file i tng m nhn linux c th ti vo v xa khi c yu cu. Loadable modules c t trong th mc /lib/modules.
u im ca loi modular kernel l khng cn phi dch li khi cm thm phn cng hoc thay th phn cng, nhanh, tin v p ng c hu ht cc trng hp s
Copyright ISE, 2006
17
Ti liu o to Linux trung cp NHN LINUX dng. Monolithic c u im so vi modular kernel chnh c im khng th np thm module mi vo nhn. Trong nhng h thng nhy cm, monolithic kernel kt hp vi vic khng ci t trnh bin dch s hn ch hacker rt nhiu trong vic s dng nhng module iu khin dng backdoor mc nhn.
2. Nhn Modular
Rt nhiu thnh phn ca nhn linux c th bin dch nh l cc modules v cc module ny c th ti vo hoc xa khi cn thit. Cc module cho nhn linux c lu trong: /lib/modules/<kernel-version>. Cc thnh phn tt nht module ha l cc thnh phn khng cn cho qu trnh boot my, v d cc thit b ngoi vi v h thng v h thng file ph. Cc module ca nhn linux c iu khin bng cc tin ch nm trong gi modutils
lsmod rmmod insmod modprobe modinfo
Nhiu module ph thuc vo s c mt ca module khc. File lu thng tin v cc module ph thuc /lib/modules/<kernel-version>/modules.dep c sinh ra bi lnh depmod. Lnh ny c thc thi bi sript rs.syinit khi boot my. -- modprobe s ti tt c cc module v cc module ph thuc s c lit k trong modules.dep -- /etc/modules.conf dng lu cc tham s module (IRQ v IO ports) nhng thng cha mt danh sch cc b danh (alias). Nhng b danh cho php ng dng tham chiu n thit b bng mt tn thng dng. V d thit b ethernet u tin lun gi l eth0 v khng dng tn ca trnh iu khin c th.
Copyright ISE, 2006
18
Hnh 1: V d file /etc/modules.conf:

alias eth0 e100 alias usb-core usb-uhc alias sound-slot-0 i810_audio alias char-major-108 ppp_generic alias ppp-compress-18 ppp_mppe
# 100Mbps full duplex options eth0 e100_speed_duplex=4
3. Bin dch li nhn

3.1 Gii nn m ngun M ngun ca nhn linux lu trong th mc /usr/src/linux, th mc ny l mt l lin kt mm ti th mc /usr/scr/(kernel-version). Khi gii nn m ngun ca nhn mi nn:
Xa lin kt mm ti th mc cha m ngun nhn c.
rm linux
M ngun ca nhn ng gi di dng gi RPM thng to ra mt lin kt tn l linux-2-4 Gii nn m ngun mi (e.g linux-2.4.20.tar.bz2)
tar xjf linux-2.4.29.tar.bz2
Copyright ISE, 2006
19
Ti liu o to Linux trung cp NHN LINUX Nhn phin bn 2.2 to ra th mc tn linux ch khng phi linuxversion. Do bc 1 l rt quan trng, ngoi ra c th nghi m ngun c bng m ngun nhn mi. T nhn phin bn 2.4 tr i, tn th mc l linux-version.
Ch :
To mt lin kt mm tn l linux t th mc mi va c to
ln -s linux-2.4.20 linux
n y, nhn sn sng cho vic cu hnh, nhng chng ta phi chc chn rng, tt c file nh phn c c xa khi th mc cha m ngun ca nhn, xa cc file nh phn hy dng lnh make mrproper.
3.2 Cu hnh nhn u tin son tho file Makefile v thit lp bin EXTRAVERSION khc vi cc phin bn c:
VERSION = 2 PATCHLEVEL = 4 SUBLEVEL = 20 EXTRAVERSION = -test
By gi l lc cu hnh cho nhn linux, cng vic c bn ca vic cu hnh l to mt file c tn gi .config bng cch: t th mc /usr/src/linux thc hin mt trong cc lnh sau:
make menuconfig make xconfig make config
Copyright ISE, 2006
20
Tt c cc lnh ny s ghi vo file /usr/src/linux/.config
Thng thng d dng trong vic cu hnh mt nhn mi s dng file .config c bng cch s dng lnh make oldconfig. Lnh ny s ch nhc ngi dng nhng c tnh mi trong cy th mc m ngun ca nhn (nu nhn mi hn hoc nhn c sa cha).. Ch : mt s dng linux (distributions linux) v d RedHat c mt th mc configs con cha cc file config vi cc thng s cu hnh c thit lp trc. kch hot cc tnh nng nhn (vi make menuconfig) bn s phi nhp category mc cao nht bng cch chuyn cc phm mi tn v bm enter truy cp vo category mong mun. Trong category c th, bm thanh du cch s lm thay i nhn h tr i vi mt c tnh hoc mt driver Cc kh nng h tr l o H tr (bin dch tnh) [*] o modular (bin dch ng) [M] o khng h tr [ ] Cc la chn ging nh trn cng c th s dng i vi cc ch config v xconfig.
Copyright ISE, 2006
21
Hnh2: make xconfig giao din mc trn cng:
3.3 Dch nhn
make dep Khi cu hnh nhn xong, cn i chiu li cc chn la trong tt c cc th mc con trong th mc m ngun ca nhn, bng cch dng lnh make dep. File .depend cha ng dn ti cc header file nm trong th mc /usr/src/linux/include, nhng file ny c sinh ra cng vi dep target. make clean Lnh make nhn ch th t Makefile v s to (build) nhng th cn thit. Nu file no c ri th lnh make s s dng chng. C th l nhng file c m rng l: *.o. m bo mi la chn cu hnh trong .config c s dng to li cc file, cn chy lnh make clean ( xa cc file *.o)
Copyright ISE, 2006
22
Ch : Bn khng cn chy lnh make clean giai on ny nu bn to th mc ngun bng lnh make mrproper.
Sau hai lnh trn (vi nhng bn nhn 2.6 tr ln, mi dch ln u th khng cn thit), nhn linux c bin dch bng mt trong hai lnh sau:
make zImage make bzImage
Khi thc hin bin dch xong m khng c bt c li no, s c mt file tn l vmlinux nm trong th mc /usr/src/linux/. Hai lnh khc s to mt file b sung trong /usr/src/linux/arch/i386/boot gi l zImage v bzImage. Hai lnh ny nn nhn bng gzip v bzip2. Xem mc ci t mt nhn mi bit cch x l nhng file ny.
make modules Dng bin dch cc modules make modules_install Lnh ny s copy cc modules vo cc th mc tng ng trong /lib/modules Dy cc lnh c minh ha trong hnh 3:
Hnh 3 cc lnh bin dch nhn:
Copyright ISE, 2006
23

make dep make clean make bzImage make modules make modules_install
3.4 Ci t mt nhn mi
Nhn mi nm trong /usr/src/linux/arch/i386/boot/bzImage, ph thuc vo kin trc my ca bn. File ny phi c copy vo th mc /boot, v t tn l vmlinuz<full-kernel-version>
/usr/src/linux/arch/i386/boot/bzImage /boot/vmlinuz-<full-kernel-version>
Tip theo chnh sa file /etc/lilo.conf hoc /boot/grub/grub.conf add nhn mi c bin dch vo boot menu. Copy phn image ca nhn mi v a vo cui file nh hnh minh ha:
Son tho file /etc/lilo.conf
Copyright ISE, 2006
24

Prompt timeout=50 message=/boot/message
image=/boot/vmlinuz label=linux root=/dev/hda6 read-only Existing section
image=/boot/vmlinuz-<full-kernel-version> label=linux-new root=/dev/hda6 read-only ----------snip------------------------------Added section
Bng k hiu cho cc th tc nhn khc nhau c th copy vo th mc /boot:
cp /usr/src/linux/System.map /boot/System.map-<full-kernel-version>
3.5 Phin bn nhn y Trong mt h thng, phin bn ca nhn ang chy c th c in ra vi cu lnh uname -r Phin bn nhn ny cng c th c hin th trn cc terminal o nu tham s la chn \k c s dng trong /etc/issue.
Copyright ISE, 2006
25
Ti liu o to Linux trung cp NHN LINUX 3.6 Khi to Ramdisks
Ramdisk c s dng h tr qu trnh khi ng np cc module truy cp nhng block device cn thit (IDE, SCSI, RAID) cho vic truy cp phn vng root ln u tin (dng ro). Ramdisk c to bng cch s dng lnh mkinitrd vi hai tham s: tn file, v s hiu phin bn ca nhn. Nu bn s dng ramdisk th bn phi thm dng initrd = line trong /etc/lilo.conf V d:
mkinitrd /boot/initrd-$(uname -r).img $(uname -r)
3.7 La chn Bn nn copy file /usr/src/linux/.config vo /boot/config-<full-kernel-version>
3.8 Chy li LILO Cui cng LILO cn phi c chy li cp nht boot loader. Lc u LILO c th chy ch kim th kim xem c li trong file cu hnh khng.
Copyright ISE, 2006
26
4. Thc hnh
Trc khi bt u lm nhng bi tp, bn hy kim tra trong th mc /usr/src, nu c nhn ri th hy xa b v ch n lin kt mm ti th mc /usr/src/linux Bi 1: Dch li nhn linux theo cc bc sau y: 1. Download gi kernel-version mi nht t hai trang www.kernel.org v www.redhat.com.
- Ci t 2 gi ny ra hai th mc khc nhau trong /usr/src, so snh s khc

nhau.
- Ln lt bin dch hai nhn theo cc ch dn trn v ci t vo h thng

nh nhng ty chn khi ng.
Copyright ISE, 2006
27
Ti liu o to Linux trung cp KHI NG LINUX
KHI NG LINUX Tng quan

Hiu bit r hn v tin trnh khi ng s gip chng ta c th g ri khi gp vn lin quan n phn cng v qun tr h thng. u tin chng ta tp trung vo vai tr ca chng trnh khi ng v mi lin quan gia chng trnh khi ng vi file cu hnh /etc/inittab.
1. Tm hiu cc mc thc thi (Runlevels)

Khng ging vi cc h iu hnh non-UNIX ch c hai ch c bn (on v off). Cc h iu hnh UNIX, bao gm c Linux c nhiu mc thc thi khc nhau v d nh mc duy tr (maitainance) hoc mc a ngi dng (multi-user), ... Cc mc thc thi c nh s t 0 n 6. Danh sch 1: Cc mc thc thi Linux Runlevel 0 tt my an ton, Runlevel 6 khi ng li my an ton Runlevel 1 l ch n ngi dng Runlevel 2 l ch a ngi dng, nhng khng khi ng NFS Runlevel 3 l ch a ngi dng y Runlevel 4 khng c nh ngha v thng khng s dng Runlevel 5 ging vi runlevel 3 nhng chy trnh Qun l hin th ha
C init v telinit c dng chuyn i t mt ch thc thi ny sang ch thc thi khc. Nn nh rng, init l chng trnh khi to u tin c thc hin sau khi nhn h iu hnh c khi to ti thi im khi ng. PID i vi init lun lun bng 1.
Copyright ISE, 2006
28
Ti liu o to Linux trung cp KHI NG LINUX Danh sch 2: PID i vi init lun bng 1
[root@nasaspc /proc]# ps uax |grep init USER root PID 1 %CPU 0.0 %MEM 0.2 VSZ 1368 RSS 592 TTY ? STAT S START TIME 20:17 0:04 COMMAND init [3]
Ti mi mc thc thi, h thng s dng hoc khi ng mt tp cc dch v nht nh. Cc file qun l nhng dch v ny c lu gi trong /etc/rc/d/init.d. Th mc ny cha gn nh tt c cc file qun l dch v m h thng c th chy. Cc dch v khi chy c th c gi l daemon (dch v nn).
Danh sch 3: Danh sch cc dch v chnh trong /etc/rc.d/init.d/

ls /etc/rc.d/init.d/
anacron apmd atd autofs crond cups dhcpd gpm halt httpd identd innd iptables irda isdn kadmin keytable killall kprop Krb524 krb5kdc ldap lpd marsrv mcserv named netfs nfs nfslock Nscd Ntpd pcmcia pgsql pppoe random rawdevices rhnsd rwhod sendmail single smb snmpd squid sshd syslog tux xfs xinetd
kdcrotate kudzu
arpwatch functions ipchains
linuxconf network portmp
Ch : Cng c th dng hoc khi ng bng tay cc dch v daemon trong /etc/rc.d/init.d bng cch a ra cc tham s tng ng. V d, nu bn mun khi ng li dch v web mc nh, bn s phi g:
/etc/rc.d/init.d/httpd restart hoc service httpd restart
Khi lm vic vi cc mc thc thi, bn s cung cp mt tp cc chng trnh c inh ngha trc nht nh dng chy. Nu bn mun mc thc thi 2 (runlevel 2), bn phi g
Copyright ISE, 2006
29
/sbin/init 2
n lt n s bt init c file cu hnh /etc/inittab tm ra iu g s xy ra mc thc thi ny.
Trong trng hp ny (gi s chng ta ang chuyn i sang mc thc thi 2) cc dng sau trong file inittab s c thc hin:
l2:wait:/etc/rc.d/rc 2
Nu bn tm kim trong file /etc/inittab cu lnh /etc/rc.d/rc N s khi ng tt c cc dch v trong /etc/rc.d/rcN.d bt u vi S v s dng (stop) dch v bt u vi K. Cc dch v ny l cc biu tng kt ni tr ti cc script trong /ect/rc.d/init.d Nu bn khng mun mt tin trnh thc hin trong mt mc thc thi N cho trc, bn c th xo biu tng kt ni (symlink) trong /etc/rc.d/rN.d bt u bi K.
2. inittab
Nh cp trn, chng ta hy xem file /etc/inittab File s c cu trc nh sau:
id : runlevel : action : command
Copyright ISE, 2006
30
Ti liu o to Linux trung cp KHI NG LINUX Hnh 3: file /etc/inittab

id:3:initdefault: # System initialization. si::sysinit:/etc/rc.d/rc.sysinit l0:0:wait:/etc/rc.d/rc 0 l1:1:wait:/etc/rc.d/rc 1 l2:2:wait:/etc/rc.d/rc 2 l3:3:wait:/etc/rc.d/rc 3 l4:4:wait:/etc/rc.d/rc 4 l5:5:wait:/etc/rc.d/rc 5 l6:6:wait:/etc/rc.d/rc 6 -----------------------snip---------------------------------# Trap CTRL-ALT-DELETE ca::ctrlaltdel:/sbin/shutdown -t3 -r now -----------------------snip---------------------------------# Run gettys in standard runlevels 1:2345:respawn:/sbin/mingetty tty1 2:2345:respawn:/sbin/mingetty tty2 3:2345:respawn:/sbin/mingetty tty3 4:2345:respawn:/sbin/mingetty tty4 5:2345:respawn:/sbin/mingetty tty5 6:2345:respawn:/sbin/mingetty tty6
# Run xdm in runlevel 5 x:5:respawn:/etc/X11/prefdm nodaemon
Trng id c th l bt k. Nu mt mc thc thi c xc nh th cu lnh v hnh ng c yu cu s ch c thc hin mc thc thi ny m thi. Nu
Copyright ISE, 2006
31
Ti liu o to Linux trung cp KHI NG LINUX khng c s no c xc nh th cc dng lnh s c thc hin bt c mc thc thi no. File /etc/inittab: Mc thc thi mc nh: mc ny c thit lp ti im bt u ca file vi id v cng vic initdefault. Ch , khng c lnh no c a ra. Cu lnh ny n gin ch cho init bit mc thc thi mc nh l g. Chng trnh u tin c gi bi init: /etc/rc.d/rc.sysinit. Script ny s thit lp cc mc inh ca h thng nh tham s PATH, xc nh nu mng c cho php, tn my ch, ... Cc dch v mc thc thi mc nh: Nu mc thc thi mc nh l 3 th ch c dng l3 s c thc hin. Cng vic (action) s l ch, khng c chng trnh no c thc thi cho n khi tt c cc dch v trong mc thc thi 3 c chy. Getty terminals: cc dng lnh vi id t 1n 6 thc thi cc thit b o (virtual terminal). y l ni bn c th thay i s lng cc thit b o. Mc thc thi 5: Dng cui cng trong inittab thc thi trnh qun l Xwindow nu mc thc thi 5 c gn.
Ch :
1. Bn c th thit lp mt thit b modem nghe (listen) cc kt ni trong inittab. Nu modem ca bn c kt ni ti /dev/ttyS1 th dng lnh sau s cho php d liu kt ni (khng d liu fax) sau 2 hi chung: S1:12345:respawn:/sbin/mgetty -D -x 2 /dev/ttyS1
2. Khi thay i /etc/inittab bn cn phi bt init c li file cu hnh ny. iu ny c thc hin kh d dng bng cch:
/sbin/init q
Copyright ISE, 2006
32
3. GRUB - GRand Unified Bootloader

L chng trnh mi th h mi vi nhiu tnh nng mnh, GRUB hin nay l ty chn mc nh trong nhiu bn phn phi Linux.
# grub.conf generated by anaconda # # Note that you do not have to rerun grub after making changes to this file # NOTICE: # # # # # default=1 timeout=0 splashimage=(hd0,0)/grub/splash.xpm.gz hiddenmenu title Fedora Core (2.6.15-1.1833_FC4) root (hd0,0) kernel /vmlinuz-2.6.15-1.1833_FC4 ro root=/dev/VolGroup01/LogVol00 initrd /initrd-2.6.15-1.1833_FC4.img title Fedora Core (2.6.15-1.1833_FC4smp) root (hd0,0) kernel /vmlinuz-2.6.15-1.1833_FC4smp ro root=/dev/VolGroup01/LogVol00 initrd /initrd-2.6.15-1.1833_FC4smp.img title Fedora Core (2.6.11-1.1369_FC4smp) root (hd0,0) kernel /vmlinuz-2.6.11-1.1369_FC4smp ro root=/dev/VolGroup01/LogVol00 initrd /initrd-2.6.11-1.1369_FC4smp.img title Fedora Core-up (2.6.11-1.1369_FC4) You have a /boot partition. This means that
all kernel and initrd paths are relative to /boot/, eg. root (hd0,0) kernel /vmlinuz-version ro root=/dev/VolGroup01/LogVol00 initrd /initrd-version.img boot=/dev/sda
Copyright ISE, 2006
33

root (hd0,0) kernel /vmlinuz-2.6.11-1.1369_FC4 ro root=/dev/VolGroup01/LogVol00 initrd /initrd-2.6.11-1.1369_FC4.img
Vi GRUB, vic cp nht cc tham s khi ng khng qu phc tp nh LILO. Ch cn sa li file /boot/grub/grub.conf v chp cc file cn thit vo /boot l lp tc c hiu qu trong ln khi ng sau. File cu hnh ca GRUB cng c nhiu la chn hn, cho php ngi dng c th s dng nhiu kch bn khi ng khc nhau. Cng nh LILO, GRUB cho php la chn nhiu kch bn khi khi ng, cng nh cho php ngi dng chnh sa cc tham s khi ng ngay trc khi khi ng. C th s dng mt khu ngn chn vic ny thng qua khai bo password trong file cu hnh. Lnh grub-md5-crypt cung cp hm m ha md5 cho php che du mt khu khi s dng. Cc khai bo khc c th tham kho chi tit thng qua lnh info grub. Trong qu trnh khi ng, tt c cc thng bo nhn h thng c mc nh ghi li trong /var/log/dmesg. File ny c th c v in ra stdout vi tin ch /bin/dmesg.
4. T khi ng n bash
By gi chng ta s xem xt cc bc trong qu trnh khi ng h thng Linux. Ramdisk c khi to v np vo b nh tht ti cc module cn thit. Nhn h thng c ti t a cng (hoc CD) xc nh trong cu hnh ca GRUB. Trong qu trnh ti ny th nhn s c gii nn. Nhn h thng s gn (mount) phn vng root (/) theo dng ch c. Lc ny cc chng trnh cn thit trong /bin v /sbin sn sng c truy cp. Sau nhn h thng s ti init - tin trnh u tin. init s c file /etc/inittab v thc hin theo cc ni dung ca n. C th l rc.sysinit c chy.
Copyright ISE, 2006
34
Ti liu o to Linux trung cp KHI NG LINUX Sau , tt c cc khai bo trong /etc/fstab c nh x (mount) v kim tra (fsck). Tip theo init s chuyn sang mc thc thi mc nh, cc dch v s c khi ng. Dch v mc nh rc c u tin thp nht s thi hnh cui cng v gi file /etc/rc.d/rc.local. Du nhc ng nhp h thng c qun l bi gettys trong ttys.
Copyright ISE, 2006
35
5. Thc hnh
Hy xem li ton b ni dung ca phn trnh by trn v hon thnh cc bi tp sau y: Thay i mc thc thi mc nh ca h thng thnh 3 v 5. Lm th no bn c th bit c mc thc thi hin ti? Cho php t hp phm Ctrl + Alt + Del ch trong mc thc thi 3. Thm mt du nhc ng nhp trong tty7. Lm th no c th bt init c file cu hnh ca n? S dng dmesg c thng tin chipset card mng ca bn. So snh s khc nhau gia shutdown, halt v reboot. Tham s la chn no ca shutdow s lm cho fsck ti ln khi ng tip theo? S dng cng c chkconfig hoc ntsysv tt (disable) chng trnh nn sshd (sshd daemon) trong mc thc thi h thng 2, 3, 4 v 5. m bo rng cc ng link k hiu (symbolic links) trong cc th mc rc2.d, rc3.d, rc4.d v rc5.d thay i. Khi ng li h thng. Ti du nhc khi ng nhp tham s init = tham s b qua /sbin/init v khi ng mt tin trnh bash n gin.
Copyright ISE, 2006
36
Ti liu o to Linux trung cp QUN L NGI DNG V NHM
QUN L NGI DNG V NHM 1. To ngi dng mi

Bc 1: To mt ti khon Cu lnh /usr/sbin/useradd s thm ngi dng mi vo h thng v lnh adduser thc cht cng tr ti cu lnh ny. C php:
useradd [options] login-name
V d: thm mt ngi dng vi tn truy cp l rufu
useradd rufus
Cc gi tr mc nh s c s dng khi khng c tham s la chn no xc nh. Ban c th lit k cc gi tr ny vi useradd D
Cc la chn mc nh c lit k vi useradd D

GROUP=100 HOME=/home INACTIVE=-1 EXPIRE= SHELL=/bin/bash SKEL=/etc/skel
Ch rng thng tin ny cng nm trong file /etc/default/useradd Bc 2: Kch hot ti khon vi mt khu mi
Copyright ISE, 2006
37
Ti liu o to Linux trung cp QUN L NGI DNG V NHM cho php mt ngi dng truy cp vo ti khon ca mnh, qun tr mng phi thit lp mt mt khu cho ngi dng bng cng c passwd
C php:
passwd login-name
Cc bc trn dng to mt ngi dng mi. N cng nh ngha mt mi trng ngi dng nh l th mc home directory v mt shell mc nh. Ngi dng cng c th c gn cho mt nhm, v xc nh nhm mc nh ca mnh.
2. Lm vic vi nhm
Tt c ngi dng mi c gn vo mt nhm mc nh (hoc nhm chnh primary). Tn ti hai qui c. Theo cch truyn thng, nhm chnh ny chung cho tt c ngi dng c gi l nhm users vi ID ca nhm l (GID) 100. Mt s nh cung cp sn phm Linux nh Suse v Debian cng tun th vi qui c ny. Theo cch sp sp, nhm ngi dng ring (User Private Group - UPG) ny c a ra bi RedHat v vic thay i qui c ny s khng lm thay i cch thc lm vic nhm ca UNIX. Vi UPG, mi ngi dng mi s thuc v nhm mc nh ca mnh. Nhm c cng tn vi tn ng nhp (mc nh) v GID s nm trong phm vi t 500 n 60000 (ging vi UIDs).
Thnh vin trong nhm: Mt ngi dng c th thuc v mt hoc nhiu nhm bt k. Tuy nhin, ti mt thi im (v d khi to mt tp mi) th ch duy nht mt nhm l nhm c tc ng. Thng tin v danh sch tt c cc nhm m mt ngi dng thuc v c th c lit k qua cu lnh groups hoc id.
Copyright ISE, 2006
38
Ti liu o to Linux trung cp QUN L NGI DNG V NHM V d i vi ngi dng root:
Lit k tt c ID:
id uid=0(root) gid=0(root) groups=0(root), 1(bin), 2(daemon), 3(sys), 4(adm), 6(disk), 10(wheel), 600(sales)
Lit k tt c cc nhm:
groups root bin daemon sys adm disk wheel sales
Chuyn nhm hin thi: Lnh tham gia (chuyn) vo nhm s lm thay i nhm tc ng ca ngi dng (users effective group) v bt u mt tin trnh mi m t ngi dng c th thot ra khi nhm (logout). iu ny c th c thc hin qua cu lnh newgrp.
V d: tham gia nhm sales
newgrp sales
Nu cu lnh groups c s dng th nhm u tin trong danh sch s chng cn l root m l sales
Copyright ISE, 2006
39
Ti liu o to Linux trung cp QUN L NGI DNG V NHM To mt nhm mi Cng c groupadd c s dng qun tr cc nhm. Cu lnh ny s thm mt thc th vo file /etc/group
V d: to mt nhm devel
groupadd devel
Thm mt ngi dng vo mt nhm: Cc cng vic qun tr c th c thc hin bng cng c gpasswd. C th thm (-a) hoc g b (-d) ngi dng t mt nhm v gn mt ngi quan tr (-A). Cng c ny ban u c thit k thit lp mt mt khu n vo mt nhm, cho php tt c cc thnh vin trong cng mt nhm ng nhp vi cng mt mt khu. V l do an ninh, tnh nng ny khng cn c s dng na.
V d: thm ngi dng rufus vo nhm devel
gpasswd -a rufus devel
3. File cu hnh
File /etc/passwd v /etc/shadow: Tn ca tt c ngi dng trong h thng c lu gi trong file /etc/passwd c cu trc nh sau: 1. Tn truy cp 2. Mt khu (hoc x nu s dng file shadow)
Copyright ISE, 2006
40
Ti liu o to Linux trung cp QUN L NGI DNG V NHM 3. UID 4. GID 5. on text m t ngi dng 6. Th mc gc ca ngi dng 7. shell ca ngi dng
7 trng trn c ngn cch bi du hai chm nh c minh ho trong v d sau y. /etc/passwd entry with encrypted passwd:
george:$1$K05gMbOv$b7ryoKGTd2hDrW2sT.h:Dr G Micheal:/home/georges:/bin/bash
du mt khu m ho t ngi dng thng thng bn nn s dng file shadow. File /etc/shadow s cha tn ngi dng v mt khu m ho v ch c th c c bi ngi dng root.
Nu bn khng c file shadow trong /etc th bn c th s dng cu lnh sau y: (passwd -> shadow)
/usr/sbin/pwconv
Cu lnh ny s b x trong trng th hai ca file /etc/passwd v to file /etc/shadow. Nu bn khng mun s dng mt khu bng (shadow password), bn c th lm nh sau: (shadow -> passwd)
/usr/sbin/pwunconv
Copyright ISE, 2006
41
Ti liu o to Linux trung cp QUN L NGI DNG V NHM Ch : Khi s dng file mt khu bng (shadow password) /etc/passwd th c th c c vi quyn (644) v file /etc/passwd phi c cm nhiu hn (600 hoc thm ch 400). Tuy nhin, khi s dng pwunconv th phi bo m thay i quyn trn file /etc/password (600 hoc 400).
File /etc/group and gshadow: Cng tng t nh trn, thng tin ca nhm c lu gi trong file /etc/group. File ny c 4 trng c ngn cch nhau bi du hai chm. 1. Tn nhm 2. Mt khu nhm (hoc x nu file gshadow tn ti) 3. GID 4. Du phy ngn cch danh sch cc thnh vin
V d /etc/group entry:
java:x:550:jade, eric, rufus
Cng nh vi ngi dng, file /etc/gshadow cng c to khi s dng mt khu bng nhm (shadow group passwords). Cc tin ch ny c s dng chuyn i xui hoc ngc cc file shadow hoc non-shadow nh sau:
creates the /etc/gshadow file
/usr/sbin/grpconv
/usr/sbin/grpunconv
deletes the gshadow file
Copyright ISE, 2006
42
Ti liu o to Linux trung cp QUN L NGI DNG V NHM File /etc/login.defs v /etc/skel/ File /etc/login.defs cha cc thng tin sau y: th mc mail (the mail spool directory): MAIL_DIR cc iu khin thi gian ca mt khu: PASS_MAX_DAYS, PASS_WARN_AGE PASS_MIN_DAYS, PASS_MAX_LEN,
gi tr max/min ca UID t ng la chn trong useradd: UID_MIN, UID_MAX gi tr max/min i vi la chn t ng GID trong groupadd: GID_MIN, GID_MAX t ng to mt th mc gc vi useradd: CREATE_HOME Th mc /etc/skel cha cc file mc nh v s c copy ti th mc gc ca ngi dng mi c to: .bashrc, .bash_profiles, ..
4. Cc tham s la chn ca cu lnh

useradd (La chn) -c -d -g -G -u -s ghi ch (Tn y ) ng dn ti th mc gc nhm khi to (GID). GID phi ang tn ti du phy ngn cch danh sch cc nhm b sung UID ca ngi dng shell mc nh ca ngi dng
Copyright ISE, 2006
43
Ti liu o to Linux trung cp QUN L NGI DNG V NHM -p -e -k -n mt khu (m ho md5, s dng du !) ngy ht hn ca ti khon th mc skel tt nhm UPG
groupadd (La chn) -g gn mt GID
5. Sa thit lp mc nh v ti khon
Tt c cc la chn trong khi to mt ngi dng hoc nhm c th c thay i. Tin ch usermod c mt s tham s la chn chnh sau:
usermod (tham s la chn) -d -g -l -u -s th mc ngi dng GID khi to ngi dng tn ng nhp ca ngi dng UID ca ngi dng shell mc nh
Ch : tt c cc tham s la chn trn cng ging i vi useradd.
Copyright ISE, 2006
44
Ti liu o to Linux trung cp QUN L NGI DNG V NHM Tng t nh vy, bn cng c th thay i chi tit v thng tin nhm vi tin ch groupmod. C mt s tham s la chn chnh sau y:
groupmod (tham s la chn) -g -n GID tn nhm
Kho ti khon: Mt ti khon ngi dng c th b kho bng cch thm vo mt du chm than vo mt khu ngi dng. C th thc hin iu ny bng cc cu lnh sau: Kho passwd l usermode L M kho passwd u usermod U
- Khi s dng shadow password, thay th x bi mt dy * - Mt tham s la chn t hu ch l xo ton b mt khu vi cu lnh passwd d - Cui cng, c th gn /sbin/nologin hoc /bin/false cho shell mc nh ca ngi dng trong /etc/passwd
Mc nh ban u, mt khu ngi dng c gi tr trong 99999 ngy, tng ng vi 2739 nm (mc nh PASS_MAX_DAYS). Ngi dng c thng bo trong vng 7 ngy rng mt khu ca bn s b ht hn (mc nh PASS_WARN_AGE) vi dng thng bo sau mi khi ngi dng ng nhp vo h thng:
Copyright ISE, 2006
45
Ti liu o to Linux trung cp QUN L NGI DNG V NHM C mt tham s thi gian ca mt khu khc c gi l PASS_MIN_DAY. y l s ngy nh nht trc khi mt ngi dng c th thay i mt khu, gi tr ny c thit lp mc nh ban u bng 0.
Cng c chage cho php qun tr h thng thay i cc tham s la chn trn:
Cch dng:
chage [ -l ] [ -m min_days ] [ -M max_days ] [ -W warn ]
[ -I inactive ] [ -E expire ] [ -d last_day ] user
Tham s -l u tin lit k gi tr ca policy hin thi ca mt ngi dng. Chng ta ch cp n tham s la chn E. Tham s ny s kho mt ti khon ngi dng ti thi im xc nh. nh dng ngy c th theo nh dng ca UNIX hoc theo YYYY/MM/DD
Ch , tt c cc gi tr trn u c lu gi trong fiele /etc/shadow v c th thay i trc tip.
Xo ti khon Ti khon ngi dng c th c xo bi cu lnh userdel. m bo rng th mc gc ca ngi dng cng c xo, ta s dng tham s la chn r.
userdel -r jade
Copyright ISE, 2006
46
Ti liu o to Linux trung cp QUN L NGI DNG V NHM
6. Thc hnh
1. To ngi dng S dng useradd to ngi dng c tn l tux vi ID ngi dng l 600 v ID nhm l 550. S dng usermode thay i th mc gc ca ngi dng C cn thit phi to mt th mc mi khng? Ni dung ca /etc/skel c c copy sang th mc mi khng? Cc ni dung trong th mc gc c vn c th c truy cp bi ngi dng tux khng? S dng usermode thm tux vo nhm wheel. 2. Lm vic vi nhm. To mt nhm c tn l sales vi cu lnh groupadd. Thm ngi dng tux vo nhm ny bng cu lnh gpasswd. ng nhp vi tux v tham gia vo nhm sales vi newgrp. 3. File cu hnh. Thm mt ngi dng vo h thng bng cch son tho /etc/passwd v /etc/group. To mt nhm c tn l share v thm ngi dng tux vo nhm ny bng cch son tho bng tay /etc/group. 4. Thay i ti khon Thay i tham s ngy ht hn ca ti khon ngi dng tux bng cch s dng cu lnh usermod. Kho ti khon ngi dng (S dng cc cng c hoc son tho file /etc/shadow, ...)
Copyright ISE, 2006
47
Ti liu o to Linux trung cp QUN L NGI DNG V NHM Bo v ngi dng t ng nhp bng cch thay i shell mc nh ca ngi dng thnh /bin/false. Thay i tham s PASS_MAX_DAYS ca ngi dng tux thnh 1 trong file /etc/shadow. 5. Thay i thit lp mc nh S dng useadd D thay i cc thit lp mc nh ca h thng v do tt c ngi dng mi s c gn trong /bin/sh thay v /bin/bash (ch : iu ny s lm thay i file trong /etc/defaults/) Son tho /etc/login.defs v thay i tham s mc nh PASS_MAX_DAYS v do ngi dng mi s phi thay i mt khu ca mnh theo nh k 5 ngy.
Copyright ISE, 2006
48
Ti liu o to Linux trung cp CU HNH MNG
CU HNH MNG 1. The Network Interface

Card mng phi c h tr t nhn ca h iu hnh. xc nh nhng card mng no c th s dng c, bn c th truy vn thng tin qua cu lnh dmesg, /proc/interrupts, /sbin/lsmod. hoc /etc/modules.conf V d:
Dmesg Linux Tulip driver version 0.9.14 (February 20, 2001) PCI: Enabling device 00:0f.0 (0004 -> 0007) PCI: Found IRQ 10 for device 00:0f.0 eth0: Lite-On 82c168 PNIC rev 32 at 0xf800, 00:A0:CC:D3:6E:0F, IRQ 10. eth0: MII transceiver #1 config 3000 status 7829 advertising 01e1.
cat /proc/interrupts 0: 1: 8729602 4 2: 7: 8: 10: 0 1 622417 XT-PIC XT-PIC 0 XT-PIC XT-PIC XT-PIC timer keyboard XT-PIC parport0 rtc eth0 cascade
Copyright ISE, 2006
49

11: 14: 15: 0 143040 180 XT-PIC XT-PIC XT-PIC usb-uhci ide0 ide1
/sbin/lsmod tulip Module 37360 Size Used by
1 (autoclean)
T v d trn, chng ta thy rng Chipset ca card mng Ethernet l Tulip, a ch i/o l 0xf800 v ngt (IRQ) l 10. Thng tin ny c th c s dng trong c trng hp nu module sai c dng hoc cc ti nguyn (i/o hoc IRQ) khng c. Thng tin ny cng c s dng chn mt module vi mt a ch i/o khc (s dng tin ch modprobe hoc insmod) hoc cng c th c ghi trong /etc/modules.conf hoc /etc/modprobe.conf (s ghi cc thng s ci t trong ln khi ng sau).
2. Thng tin my ch (Host Information)

Cc tp sau y c s dng lu tr cc thng tin mng.
/etc/resolv.conf cha danh sch cc my ch DNS
nameserver 192.168.1.108 nameserver 192.168.1.1 search linuxit.org
Copyright ISE, 2006
50
Ti liu o to Linux trung cp CU HNH MNG /etc/hosts cha a ch IP ca my tnh cng nh danh sch cc my ch bit
# Do not remove the following line, or various programs # that require network functionality will fail. 127.0.0.1 # other hosts 192.168.1.108 192.168.1.119 mesa pico mesa.domain.org localhost localhost.localdomain
1.
/etc/sysconfig/network xc nh nu mng phi c khi ng (c th cha bin HOSTNAME)
NETWORKING=yes HOSTNAME=mesa.domain.org GATEWAY=192.168.1.1
2. /etc/sysconfig/network-scripts/ifcfg-eth0 Cc tham s thit lp cho eth0

DEVICE=eth0 BOOTPROTO=none BROADCAST=192.168.1.255 IPADDR=192.168.1.108 NETWORK=192.168.1.0 ONBOOT=yes
Copyright ISE, 2006
51

USERCTL=no
3. Khi ng (Start) v dng (Stop) mng
T ch cu lnh
Cng c chnh c s dng hin th giao din mng l /sbin/ifconfig. u tin khi to module nhn c gn cho eth0 trong /etc/modules.conf (v d tulip.o) c load v sau gn gi tr a ch IP v mt n mng (netmask).
Kt qu l giao din c th c chuyn bt v tt m khng b mt cc thng tin ny trong khi module nhn c thm vo.
V d: S dng ifconfig.
/sbin/ifconfig eth0 192.168.10.1 netmask 255.255.128.0 /sbin/ifconfig eth0 down /sbin/ifconfig eth0 up
Mt cng c khc l /sbin/ifup. Tin ch ny c cc tp cu hnh h thng trong /etc/sysconfig/network-script/ v gn cc gi tr c lu tr cho mt giao din mng no . Script cho eth0 c gi l ifcfg-eth0 v c cu hnh. Nu giao thc khi ng nh DHCP c nh ngha th ifup s khi ng giao din mng vi giao thc ny.
V d: S dng ifup.
Copyright ISE, 2006
52

/sbin/ifup eth0 /sbin/ifup ppp0 /sbin/ifdown eth0
. S
dng network script
Ti thi im khi ng card Ethernet c khi to vi /etc/rc.d/init.d/network script. Tt c cc file mng lin quan c cha trong th mc /etc/sysconfig/.
Hn na script c th c cc la chn sysctl trong /etc/sysctl.conf, y l ni m bn c th cu hnh h thng nh mt b nh tuyn (cho php a ch IP chuyn trong nhn h iu hnh). V d dng lnh
net.ipv4.ip_forward = 1
s cho php a ch IP chuyn (forwarding) v file /proc/sys/net/ipv4/ip_forward s cha s 1
Network script c khi ng li vi cu lnh sau

/etc/rc.d/init.d/network restart
3. Phc hi li DHCP Cc cng c sau y c th truy vn my ch DHCP cho mt a ch IP mi: pump dhcpclient
Copyright ISE, 2006
53
Ti liu o to Linux trung cp CU HNH MNG Mt daemon khch h tr DHCP c gi l dhcpcd (khng nhm ln vi daemon my ch DHCP l dhcpd).
4. nh tuyn
Mt iu d nhn thy khc khi s dng ifup l bng nh tuyn ca h thng. iu ny c th do file etc/sysconfig/network c c, trong khi default gateway c lu tr, hoc my ch DHCP gi thng tin ny cng vi a ch IP. Bng nh tuyn c cu hnh, kim tra v thay i vi cng c /sbin/route. Cc vi d nh tuyn: Thm mt tuyn tnh (static route) vo mng 10.0.0.0 qua thit b eth1 trong s dng 192.168.1.108 lm gateway cho mng:
/sbin/route add -net 10.0.0.0 gw 192.168.1.108 dev eth1
Thm mt gateway mc nh (default gateway)

/sbin/route add default gw 192.168.1.1 eth0
Lit k bng nh tuyn nhn:

/sbin/route -n Kernel IP routing table Destination 192.168.1.0 10.1.8.0 127.0.0.0 Gateway 0.0.0.0 192.168.1.108 0.0.0.0 Genmask 255.255.255.0 255.0.0.0 255.0.0.0 Iface eth0 eth1 lo
Copyright ISE, 2006
54

0.0.0.0 192.168.1.1 0.0.0.0 eth0
Gateway mc nh (Default Gateway): Trong danh sch cui cng. Trng ch l mt danh sch cc mng. c bit, 0.0.0.0 c ngha l mi ni. Cn nh rng, tn ti 2 a ch IP trong trng Gateway. Vy a ch no l default gateway? trnh phi nhp bng tay cc tuyn tnh, cc daemon c bit gated hoc routed c thc thi cp nht mt cch ng cc bng nh tuyn qua mt mng. Nu bn thuc v mng 192.168.10.0 v bn thm vo mt tuyn ti mng 192.168.1.0 th bn c th nhn c kt qu l cc my tnh trong mng va thm vo l khng c (not responding) bi v khng c tuyn (route) c thit lp t mng 192.168.1.0 ti my ch ca bn!! Vn ny c th c gii quyt bng cch s dng nh tuyn ng (dynamic routing) Cc tuyn tnh c nh Nu bn c mt s mng vi nhiu hn mt gateway, bn c th s dng /etc/sysconfig/static-routes (thay cho cc daemon nh tuyn). Cc tuyn ny s c thm vo ti thi im khi ng bi network script.
Copyright ISE, 2006
55
Ti liu o to Linux trung cp CU HNH MNG Mt kch bn nh tuyn:
Copyright ISE, 2006
56
5. Cc cng c mng
Sau y l danh sch ngn cc cng c hu ch khi g ri cc kt ni mng:
ping host:
Cng c ny gi mt gi d liu ICMP ECHO_REQUEST ti mt my ch v ch mt ICMP ECHO_RESPONSE.
Cc tham s la chn ca cng c ping: -b -c N -q

netstat:
ping mt a ch broadcast gi N gi tin Ch im lng: hin th ch cc gi tin u v cui
Bn c th nhn c thng tin ca cc kt ni mng hin ti, bng nh tuyn hoc cc thng k giao din mng ph thuc vo cc la chn sau c s dng:
Cc la chn ca netstat: -r -I -n -p -v ging nh /sbin/route hin th danh sch giao din mng (card mng) khng gii cc a ch mng IP tr v PID v tn ca cc chng trnh (ch s dng cho root) din gii di
-c
tip tc cp nht
57
Copyright ISE, 2006
Ti liu o to Linux trung cp CU HNH MNG V d: Kt qu ca netstart inet n:
Active Internet connections (w/o servers) Proto Recv-Q Send-Q Local Address tcp tcp tcp 0 0 0 0 192.168.1.10:139 0 192.168.1.10:22 0 192.168.1.10:80 Foreign Address 192.168.1.153:1992 192.168.1.138:1114 192.168.1.71:18858 State ESTABLISHED ESTABLISHED TIME_WAIT
Trong danh sch trn bn c th thy my ch a phng (local host) thit lp cc kt ni cng 139, 22 v 80.
arp:
Hin th b m gii a ch nhn. V d:

arp Address 192.168.1.71 HWtype ether HWaddress 00:04:C1:D7:CA:2D Iface eth0
traceroute: Hin th tuyn (route) c ly t mt my ch a phng (local host) ti mt my ch ch. Traceroute p ngay lp tc cc tuyn (routes) ti cc thng bo li tr v (send back error message) (ICMP TIME_EXCEEDED) bng cch xem xt thit lp gi tr tty (time to live) xung mc rt thp (too low).
Copyright ISE, 2006
58
Ti liu o to Linux trung cp CU HNH MNG Sau mi thng bo TIME_EXEEDED, traceroute tng gi tr ca tty, gi gi tin tip theo i xa hn cho n khi ti c a ch ch ca n.
V d:
CMD: /usr/sbin/traceroute -n www.redhat.com
traceroute: Warning: www.redhat.com has multiple addresses; using 216.148.218.197 traceroute to www.redhat.com (216.148.218.197), 30 hops max, 38 byte packets
192.168.1.1
0.440 ms
0.347 ms
0.341 ms
---- snip --14 15 16 17 18 12.122.2.145 12.122.2.74 112.116 ms 156.629 ms 110.908 ms 157.028 ms 112.002 ms 156.857 ms 156.623 ms 158.537 ms 156.080 ms
12.122.255.222 216.148.209.66 216.148.218.197
156.867 ms 159.982 ms 157.395 ms
156.641 ms 157.462 ms 156.789 ms
Cc la chn ca traceroute: -f ttl -n -v -w sec Thay i thi gian sng khi to v ttl thay v gi tr 1 khng gii cc a ch IP din gii di thit lp thi gian ch ti cc gi tr v thnh sec
Copyright ISE, 2006
59
6. Thc hnh
1. Trong phn kch bn nh tuyn c trnh by trn a ra bng nh tuyn i vi gateway ca mng LAN. 2. Khi ng giao din mng ca bn bng tay
ifconfig eth0 192.168.0.x
Lit k danh sch cc module nhn. m bo rng module eth0 c ti (kim tra /etc/modules.conf). 3. Dng giao din mng vi:
(i) ifconfig eth0 down
Chc chn rng bn c th lu tr cc thng tin giao din mng ny m khng b mt thng tin:
(ii) ifconfig eth0 up
4. Dng giao din mng v g b module nhn (rmmod module). iu g s xy ra nu bn lp li bc 3 (ii)? 5. Chia lp thnh hai mng A (192.168.1.0) v B (10.0.0.0). Th truy cp cc my qua cc mng Chn mt my lm gateway (ti mt trong hai mng) Ch trn my gateway! thc hin cc lnh sau: -- cho php chuyn IP (allow IP forwarding):
echo 1 > /proc/sys/net/ipv4/ip_forward
-- a ra mt giao din mng c gn (s lm vic nh mt giao din mng th hai). Nu bn trong mng 192.168.1.0 th s thc hin cc lnh sau:
Copyright ISE, 2006
60

ifup eth0:1 10.0.0.x (trong x l mt a ch IP xc nh no ).
thm mt tuyn (route) ti mt mng mi v gn n s dng thit b eth0:1 -- thm mt tuyn (route) ti mt mng khc bng cch s dng mt my lm gateway (bn s cn bit thit lp eth0 hoc eth0:1 ca gw ny ph thuc vo vic bn ang mng no)
Copyright ISE, 2006
61
Ti liu o to Linux trung cp MNG TCP/IP
MNG TCP/IP 1. S nh phn v Dotted Quad

S nh phn
10 = 21
100 = 22
101 = 22 + 1
111 = 100 + 010 + 001
iu ny cho thy mt s nh phn c th d dng chuyn sang s thp phn:

10000000 01000000 00100000 00010000 00001000 00000100 00000010 00000001 = = = = = = = = 27 26 25 24 23 22 21 20 = = = = = = = = 128 64 32 16 8 4 2 1
The Dotted Quad: a ch IP c gn cho mt interface c gi l mt Dotted Quad. Trong trng hp mt a ch Ipv.4, a ch l 4 bytes (4 ln 8 bits) phn cch nhau bi cc du chm.
Decimal 192.168.1.1
Binary 11000000.10101000.00000001.00000001
Copyright ISE, 2006
62
2. a ch Broadcast, a ch mng v netmask

Mt a ch IP bao gm a ch ca host v a ch ca mng. 4. The Netmask Netmask c dng qui nh s bit trong mt a ch IP c dng nh a ch mng. Netmask hay cn gi l subnet mask. V d netmask 16 v 17 bit:
255.255.0.0 255.255.128.0 16-bit 17-bit 11111111.11111111.00000000.0 11111111.11111111.10000000.0
a ch broadcast thng c sinh ra bi h thp phn. V d: vi 16 bit netmask, cc IP sau nm trn cng mt mng
00100000 00100000
. .
10000000 10000000
. .
00000001 00000000
. .
00000001 00000011
C ngha rng bt k mt bit no nm trong hnh ch nht (hnh v) (8+8 = 16 bits) s thay i a ch mng v cc host cn mt gateway kt ni chng vi nhau. Tng t, bt k bit no bn ngoi hnh ch nht (hnh v) s thay i a ch ca host m khng lm thay i a ch mng.
V d: vi netmask 24 bit di y, 2 IP s nm trn 2 mng khc nhau:
Copyright ISE, 2006
63
Ti liu o to Linux trung cp MNG TCP/IP 00100000 00100000 . . 10000000 10000000 . . 00000001 00000000 . . 00000001 00000011
5. a ch mng Mi mt mng cn c mt s hiu, s hiu cn thit trong vic thit lp b dn ng (routing). S hiu ca mng l c s nguyn(0-255) phn cch bi du chm.
V d mt a ch mng: 192.168.1.0 6. a ch Broadcast a ch broadcast l mt min cc host/interface c th c truy cp trn mng ging nhau. V d mt host c a ch broadcast l 10.1.255.255 s truy cp n tt c cc my no c IP c dng 10.1.x.x. a ch broadcast in hnh 192.168.1.255. Cc php ton logic c th p dng cho cc a ch broadcast, netmask, network. ly a ch mng, ta lm ng tc n gin l thc hin php ton AND gia a ch IP v netmask.
Network Address = IP AND Netmask
Tnh a ch broadcast bng cch: network address OR not MASK
Broadcast Address
Network
OR
not[Netmask]
Copyright ISE, 2006
64
Ti liu o to Linux trung cp MNG TCP/IP AND v OR cc php ton logic trong mu nh phn ca cc a ch ny V d: a ch IP 192.168.3.5 vi net mask 255.255.255.0. Chng tac c th thc hin cc php ton sau:
a ch mng = IP AND MASK
11000000. 10101000.00000011.00000101 AND 11111111.11111111.11111111.00000000
(192.168.3.5)
(255.255.255.000)
_____________________________________________ 11000000.10101000.00000011.00000000 (192.168.3.0)
a ch Broadcast
IP
OR
NOT-MASK
11000000. 10101000.00000011.00000101 OR 00000000.00000000.00000000.11111111
(192.168.3.5)
(000.000.000.255)
_____________________________________________ 11000000.10101000.00000011.11111111 (192.168.3.255)
T cc v d trn ta rt ra nhn xt. Mt a ch IP cng vi netmask xc nh cc thng tin v mng v host .
3. Lp mng
7. a ch IP d phng
Copyright ISE, 2006
65
Ti liu o to Linux trung cp MNG TCP/IP i vi cc mng ring bit, cc a ch IP c th khng bao gi c s dng lm a ch IP trn internet. Cc a ch IP d phng ny thng thng ch c s dng cho cc mng LAN. Bng sau y s cho thy cc lp a ch ring/ d phng.
Bng1: a ch d phng
1 16 255 Class A Class B Class C 10.x.x.x 172.16.x.x -- 172.31.x.x 192.168.o.x
8. Lp a ch IP Lp A: 8 bit dng nh a ch mng v 24 bit nh a ch host. Byte u tin d phng cho a ch mng. V vy subnet mask mc nh s l 255.0.0.0. Do 255.255.255 and 0.0.0 khng phi l a ch host nn c ti a 224 2 = 16777214 host trn mng. S IP c byte u tin nm trong min t 1 n 127, tng ng vi s nh phn 00000001 -> 01111111. Hai bit u tin ca lp A c th thit lp bng 00 hoc 01. Lp B: a ch mng v host 16 bit 16 bit dng nh a ch mng v 16 dng nh a ch host trn mng.Subnet mask mc nh l 255.255.0.0. C ti a 216-2 = 65 534 host trn mt mng thuc lp B. Byte u tin c phm vi t 128 n 191. Tng ng vi s nh phn l 10000000->10111111.
Copyright ISE, 2006
66
Ti liu o to Linux trung cp MNG TCP/IP Hai bit u tin ca lp B lun thit lp l 10. Lp C: a ch mng v host 24-bit 24 bit dng nh a ch mng v 8 bit dng nh a ch host trn mng. Subnet mask mc nh l 255.255.255.0. C ti a 28 -2 = 254 host trn mt mng thuc lp C. Byte u tin c gi tr t 192 n 223. Tng ng vi s nh phn l 11000000 ->11011111. Nh vy 2 bit u tin ca lp C lun l 11.
4. Subnets
Subnet l khi nim phn chia mt mng thnh nhiu mng con bng cch dng cc bit ca phn a ch host nh a ch mng. V d netmask lp A l 255.0.0.0 c th c dng bin bit u tin ca byte th 2 tr thnh bit nh a ch mng. Kt qu chng ta c 9 bit nh a chi mng v 23 bit nh ch host trn mng. Netmask c dng binary nh sau : 11111111.10000000.00000000.00000000 or 255.128.0.0 25-bit network
Netmask: 11111111.11111111.11111111.10000000 or 255.255.255.128
Do a ch mng Network = IP AND Netmask, t gi tr ca netmask, ta thy l c th to c 2 mng con. 1. Cc a ch host nm trong min 192.168.1.0xxxxxxx thuc vo mng 192.168.1.0 network. S hiu ca mng l 0. 2. Cc a ch host nm trong min 192.168.1.1xxxxxxx thuc vo mng 192.168.1.128 network. S hiu ca mng l 128
Copyright ISE, 2006
67
Bng2: Trong c 2 trng hp, thay x byte bng 0 hoc 1, ta c cc a ch c bit
Network address 0 128
Substitute with 1s Broadcast: 127 Broadcast: 255
Substitute with 0s Network: 0 Network: 128
S bit nh a ch host l 7 v tr i 2 gi tr c bit (tt c cc bit bng 0 hoc 1), chng ta c 27 2 = 126 trn mi mng v c tt c 252 host. Nu chng ta dng subnet mask mc nh l 255.255.255.0 th chng ta c 254 a ch host. Trong v d trn 192.168.1.127 l cc a ch c bit, do ch c 252 a ch host c s dng. 26-bit network
Netmask: 11111111.11111111.11111111.11000000 or 255.255.255.192
To c 4 mng con, a ch ca mi mng c xc nh bng qui tc AND, a ch ca cc host c xc nh nh sau:
1. a ch cc host nm trong min 192.168.1.00xxxxxx thuc vo mng 192.168.1.0 network. 2. a ch cc host nm trong min 192.168.1.01xxxxxx thuc v mng 192.168.1.64 network. 3. a ch cc host nm trong min 192.168.1.10xxxxxx thuc v mng 192.168.1.128 network.
Copyright ISE, 2006
68
Ti liu o to Linux trung cp MNG TCP/IP 4. a ch cc host nm trong min 192.168.1.11xxxxxx thuc v mng 192.168.1.192 network. Thay th x bit trn bng 1 ta c a ch trn ta c cc a ch broadcast tng ng: 192.168.1.63, 192.168.1.127, 192.168.1.191, 192.168.1.255
Mi mng con c 26 2 = 62 hosts v tng s c 62 x 4 = 248 host trn mng.
5. H giao thc TCP/IP

TCP/IP l mt b giao thc, c s dng trn mng Internet. Gi l h giao thc v TCP/IP cha mt s giao thc, nhng giao thc ny dng truyn d liu v chng trnh qua mng. Hai giao thc chnh trong h giao thc TCP/IP l TCP (Transmission Control Protocol) v Ip (Internet Protocol).
Hiu mt cch n gin, giao thc IP ch x l cc gi tin v cc datagrams (gi tin cha a ch n, kch thc) trong khi giao thc TCP x l vn kt ni gia 2 my tnh. Cc giao thc kt hp vi nhau thc hin tc v c bit ca mnh. Ti liu ny s trnh by cc tc v ca TCP/IP.
Hot ng ca cc giao thc din ra cc tng khc nhau trong tin trnh hot ng ca mng.
Bng 1: M hnh 4 tng ca giao thc TCP/IP Tn ng dng (Application) Tng giao vn(Transport) Mc ng dng(FTP,SMTP,SNMP) Kt ni cc my(TCP,UDP)
Copyright ISE, 2006
69
Ti liu o to Linux trung cp MNG TCP/IP Tng internet(Internet) Tng truy cp mng() Routing(Dn ng):IP,ICMP,IGMP,ARP Mc card mng, v d card Ethernet, token ring
Tng quan v cc giao thc IP Giao thc IP lm nhim v truyn ti d liu cho giao thc TCP , UDP v ICMP.IP cung cp dch v kt ni khng tin cy (unreliable), c ngha l d liu truyn i khng m bo c truyn n a ch cn gi. Giao thc IP cho php tt c tnh ton vn ca d liu c x l bi mt trong giao thc tng cao hn, v d nh giao thc TCP hoc nhng thit b chuyn bit cho ng dng no . IP c nhim v x l vn a ch v dn ng (routing) gia cc mng. n v d liu s dng giao thc IP l datagram. Giao thc TCP(Transmission Control Protocol) cung cp
Copyright ISE, 2006
TCP
70
Ti liu o to Linux trung cp MNG TCP/IP dch v kt ni tin cy. TCP c nhim v kim tra trn mi host th t gi v nhn v kim tra v bo m rng mi gi d liu (data packet) c truyn. V d cc ng dng FTP hay telnet(ng dng ng nhp t xa) khng cn phi x l vn mt d liu trong qu trnh truyn. UDP Giao thc UDP (User Datagram Protocol) cho php mt chng trnh ng dng truy cp trc tip n IP, khng ging nh TCP, UDP l giao thc khng lin kt v khng tin cy. Giao thc ICMP(Internet Cntom Message Protocol) c s dng bi cc thit b dn ng v cc host thoi di trng thi ca mng. n v d liu s dng trong giao thc ny l IP datagrams v ICMP l giao thc khng lin kt. Giao thc PPP(Point to Point) thit lp mt kt ni TCP/IP thng qua ng in thoi. Ngoi ra n cn c s dng bn trong cc kt ni c m ha nh pptp.
ICMP
PPP
6. Cc dch v v cc cng trong TCP/IP

Danh sch cc dch v v cc cng ca n ni chung s tm thy trong /etc/services. Danh sch cc dch v v cc cng tng ng vi cc dch v c qun l bi IANA(Internet Assigned Numbers Authority). Mi cng l mt s 16 bit, c tng s l 65535 cng. Cc cng t 1 n 1023 l cc cng c quyn, c ginh cho cc dch v chy bi ngi dng root. Tt c cc ng dng bit s c phc v mt trng nhng cng ny. Chng ta hy quan st kt qu ca dch v portscans(d tm cc cng). Nn nh rng dch v ny l bt hp php, tuy nhin rt nhiu ngi dng dch v ny.
Copyright ISE, 2006
71
Ti liu o to Linux trung cp MNG TCP/IP Di y l kt qa ca mt d tm cng:

Port 21/tcp 22/tcp 23/tcp 25/tcp 70/tcp 79/tcp 80/tcp State open open open open open open open Service ftp ssh telnet smtp gopher finger http
Dch v portscan cho bit cc cng ang m v phc v ng dng no Cc cng chnh /etc/services:
ftp-data ftp telnet smtp domain domain http www pop-2 pop-3 sunrpc sftp uucp-path
20/tcp 21/tcp 23/tcp 25/tcp 53/tcp 53/udp 80/tcp 80/tcp 109/tcp 110/tcp 111/tcp 115/tcp 117/tcp # www is used by some broken # progs, http is more correct # PostOffice V.2 # PostOffice V.3 mail
Copyright ISE, 2006
72

nntp ntp netbios-ns netbios-ns netbios-dgm netbios-dgm netbios-ssn imap NeWS snmp snmp-trap 119/tcp 123/tcp 137/tcp 137/udp 138/tcp 138/udp 139/tcp 143/tcp 144/tcp 161/udp 162/udp news nbns nbns nbdgm nbdgm nbssn # imap network mail protocol # Window System usenet # Network News Transfer # Network Time Protocol
Copyright ISE, 2006
73
7. Thc hnh
Registering a service with xinetd 1. Vit mt bash script a ra mn hnh(stdout) dng Welcome. Lu li trong /usr/sbin/hi 2. Trong th mc /etc/xinetd.d to mt file tn l fudge nh sau:
service fudge { socket_type server user wait disable } = stream =/usr/sbin/hi = root = no = no
3. Thm mt dch v tn l fudge trong /etc/services, dch v ny s dng cng 60000. 4. Khi ng li xinetd v dng dch v telnet n cng 60000. 5. Gi s bn c mt min IP trn mng 83.10.11.0/27 a. Bao nhiu mng c 4 byte u tin ging nh ca bn? b. C bao nhiu my trn mng ca bn? C bao nhiu a ch broadcast cho mng u tin ny?
Copyright ISE, 2006
74
Ti liu o to Linux trung cp CC DCH V MNG
CC DCH V MNG
Cc dch v mng c th chy ng thi hoc n l nh cc ng dng, chng lm nhim v lng nghe (listen) cc kt ni v trc tip iu khin cc client hoc chng cng c th c gi bi cc tin trnh nn mng (network daemon) inetd hoc xinetd.
1. Tin trnh nn inetd (c)

Tin trnh nn ny s c thc hin ti thi im khi ng h thng v c nhim v lng nghe (listen) cc kt ni ti cc cng (port) c xc nh trc. iu ny cho php my ch ch chy mt tin trnh nn mng no (network daemon) khi cn thit. V d, dch v telnet c mt tin trnh nn /usr/sbin/in.telnetd s kim sot cc tin trinhd telnet. lc no cng chy tin trnh nn ny inetd c ch nh lng nghe cng 23. Ch nh ny c thit lp trong /etc/inetd.conf.
Copyright ISE, 2006
75
H nh 1: Tin trnh nn inetd
Cc trng ca /etc/inetd.conf cha cc thng tin sau:

service-name socket type protocol flag
tn hp l t /etc/services
stream
i vi
TCP
dgram
i vi
UDP
giao thc hp l t /etc/protocols

nowait
nu a tin trnh (multithreaded) v
wait
nu n tin trnh (single-threaded)

user/group program
chy chng trnh nh user hoc group

tcpd
thng thng
Copyright ISE, 2006
76

argument
tn ca chng trnh chy i vi dch v ny
V d:
pop-3 stream tcp nowait root /usr/sbin/tcpd ipop3d
Ch : File /etc/services c s dng to s tng quan gia tn dch v v s cng socket. Cc trng trong file services l:
service-name
port/protocol
[aliases]
2. Tin trnh nn xinetd

y l phin bn mi nht ca inetd. Tin trnh nn tcpd khng cn c s dng na, do tt c mi th u c thc hin bi xinetd. Cu hnh ca xinetd c thc hin qua mt file n /etc/xinetd.conf hoc bng cch son tho cc file ring bit trong /etc/xinetd.d/ tng ng vi cc dch v s c kim sot bit xinetd. Cng c th chuyn i t file cu hnh inetd c sang cc file cu hnh ca xinetd hin thi.
Cu trc ca file service trong xinet.d

Service-name { socket_type = stream i vi TCP v dgram i vi UDP protocol = giao thc ph hp t /etc/protocols wait = <yes hoc no> user= ngi dng chy ng dng group= nhm ca ngi dng chy ng dng server= tn ca chng trnh chy ca dch v ny }
Copyright ISE, 2006
77
3. TCP wrappers
Nu cc chng trnh c bin dch vi libwrap th chng c th c lit k trong /etc/host.allow v /etc/host.deny. Th vin libwrap s xc nh nhng file no tng ng vi hosts no. nh dng mng nh i vi /etc/hosts.{allow,deny}:
DAEMON :
hosts [EXCEPT hosts ] [: spawn command]
Bn cng c th s dng nhng file ny ghi log cc dch v khng xc thc (unauthorised services). y c xem nh s cnh bo sm ca h thng. Sau y l mt s v d:
Truy vn thng tin v my ch (host): 1. /etc/hosts.allow in.telnetd: LOCAL, .my.domain
2. /etc/hosts.deny in.telnetd: ALL : spawn (/usr/sbin/safe_finger l @%h | mail root) &
Chuyn ti mt dch v gi (bogus service) 3. /etc/hosts.allow in.telnetd: ALL : twist /dtk/Telnetd.pl
V d cui cng nm trong b cng c mo (Deception Tool kit) v c th download ti a ch sau: http://all.net/dtk/download.html
Copyright ISE, 2006
78
4. Thit lp NFS
Thit lp pha my trm i vi cc my trm Linux mun gn (mount) cc file h thng t xa (remote file system): 1. file h thng nfs phi c h tr bi nhn 2. tin trnh nn portmapper phi ang c chy. Tin trnh nn portmapper c khi ng bi script /etc/rc.d/init.d/portmap. Tin ch mount s gn file h thng. Cc u vo thng thng trong /etc/fstab s l:
nfs-server:/shared/dir /mnt/nfs nfs defaults 0 0
Thit lp pha my ch Mt my ch NFS cn phi chy portmap trc khi khi ng my ch nfs. My ch nfs s c khi ng hoc dng vi script /etc/rc.d/init.d/nfs. File cu hnh chnh l /etc/exports. V d file /etc/exports:
/usr/local/docs *.local.org(rw, no_root_squash) *(ro)
Th mc c xut (export) ti tt c cc my ch (host) theo quyn ch c (read-only) v c ghi (read write) ti tt c cc my ch (host) trng min .local.org Tham s la chn mc nh root_squash s ngn nga ngi dng gc (root user uid = 0) trn my khch truy cp vo vng chia x trn my ch v c th c thay i bi tham s la chn no_root_squash.
Copyright ISE, 2006
79
Ti liu o to Linux trung cp CC DCH V MNG File /etc/exports s tng ng vi cc host nh *.machine.com trong khi /etc/hosts.allow/deny tng ng vi cc host nh .machine.com Nu file /etc/exports c thay i th tin ch exportfs s c chy. Nu cc thc mc tn ti trong /etc/exports b thay i th n c th cn thit tho (unmount) tt c cc chia s nfs trc khi chng c gn li (remount). Cc th mc ring r c th c gn hoc tho (unmount) vi exportfs. Xut v dng xut (unexporting) tt c th mc trong /etc/exports:
exportfs -ua ; exportfs -a
5. SMB v NMB
Cc my Linux c th truy cp v cung cp cc ngun ti nguyn chia x ca Window (th mc v my in). Giao thc c dng lm vic ny l MS Windows Server Message Block SMB. Trong Linux cng c Samba thng c s dng h tr cho phn mm khch v ch.
T ca s dng lnh Tin ch smbclient c s dng lit k tt c ngun ti nguyn c chia x. Cc th mc t xa (remote directories) thng thng c gn vi smbmount, tuy nhin mount t smbfs cng c th c s dng. V d:
Copyright ISE, 2006
80
Ti liu o to Linux trung cp CC DCH V MNG Gi mt thng bo pop up ti mt my tnh win98desk
smbclient
-M win98desk
Gn mt th mc chia s ca my ch winserv
smbmount
//winserver/shared
/mnt/winserver/shared
My ch Samba c th c cu hnh vi file /etc/smb.conf v c khi ng hoc dng vi script /etc/rc.d/init/d/smb. Ch smb s cng khi ng cc dch v NBS. Khi thng bo NetBIOS (NetBIOS Message Block) sau y s cho php gii tn (name resolution) trong Windows. Hnh 1: Nautilus Browsing SMB shares::
Copyright ISE, 2006
81
Ti liu o to Linux trung cp CC DCH V MNG Cc u vo chnh trong /etc/smb.conf:

[global] workgroup = LINUXIT os level = 2 kernel oplocks = No security = user encrypt passwords = Yes guest account = nobody map to guest = Bad User [homes] comment = Home Directories read only = No create mask = 0640 directory mask = 0750 browseable = No [printers] comment = All Printers path = /var/tmp create mask = 0600 printable = Yes browseable = No
Cu hnh SWAT v Webmin GUI Nu ci t gi swat th bn c th qun tr my ch samba qua nn web GUI ti cng 901. Mt cng c qun tr ph thng khc c s dng l webmin. Cng c ny c th c ti v ti a ch www.webmin.com
CH
File cu hnh /etc/samba/smb.conf l mt ngun ti liu tt. Tt c cc tham s la chn c m t v c th c chuyn thnh cu lnh bng cch xo du ghi ch ;. C th xem trong trang hng dn smb.conf(5).
Copyright ISE, 2006
82
6. Cc dch v DNS
B gii (Resolvers)
Khi mt chng trnh cn gii mt tn host th cn s dng mt c ch gi l b gii (resolver). B gii u tin s tra cu file /etc/nsswitch (trc /etc/host.conf) v xc nh phng thc no s c s dng gii cc tn host (local file, name server, NIS hay ldap server). File /etc/host.conf (hoc /etc/nsswitch.conf): Cc file ny c qut bi b gii tn xc nh xem u l cc file, my ch dns, c s d liu ldap hoc my ch nis s c tra cu. V d (/etc/nsswitch):
hosts: networks: files dns nis files
Dng u tin cho thy cc file ( y l /etc/hosts) s c truy vn u tin v sau l my ch DNS nu n b li. Dng th hai ch dn s s dng file /etc/networking cho thng tin v mng. File /etc/hosts Vi mt s nh cc my tnh c ni mng th c th chuyn i a ch IP thnh tn bng cch s dng file /etc/hosts. Cc trng c th l:
IP machine machine.domain alias
V d: file /etc/hosts
192.168.1.233 61.20.187.42 io callisto io.my.domain callisto.physics.edu
Copyright ISE, 2006
83
Ti liu o to Linux trung cp CC DCH V MNG File /etc/resolv.conf Nu b gii cn s dng mt my ch tn min (DNS) th n s tra cu danh sch cc my ch hin c ti file /etc/resolv.conf Cu trc c cp bc Cc my ch tn (Name servers) u c mt cu trc cp bc (hierachical structure). Ph thuc vo v tr trong tn min iu kin y (fully qualified domain name FQDM) m mt tn min c th c gi l mc top level, mc th hai (second level) hoc mc th ba (third level).
V d i vi cc tn min cp 1 (top level) com edu gov mil net org uk Cc t chc thng mi Cc t chc gio dc M Cc t chc chnh ph M Cc t chc qun s M Cc nh cung cp dch v v cng truy cp Cc trang phi thng mi Cc trang thuc v nc Anh
Kiu ca My ch DNS Cc tn min c th c chia nh hn thnh cc tn min con (subdomain). iu ny s gii hn tng s thng tin cn qun tr trong mt min. Mi vng (Zone) s c mt my ch tn min chnh (thng gi l primary DNS) v mt hoc nhiu my ch tn min ph (thng gi li secondary). Vic qun tr my ch tn gm c vic cp nht thng tin v mt vng c th. My ch chnh thng c ra lnh cho vic xc thc. File cu hnh DNS
Copyright ISE, 2006
84
Ti liu o to Linux trung cp CC DCH V MNG Trong phin bn BIND c (trc phin bn BIND 8) file cu hnh l /etc/named.boot. Vi BIND phin bn 8, file /etc/named.conf c thay th. Bn c th d dng tin ch named-bootconf.pl chuyn i t file cu hnh c sang file cu hnh mi. File /etc/named.boot:
directory cache . /var/named named.ca named.myco named.local named.rev
primary myco.org primary 0.0.127.in-addr.arp primary 1.168.192.in-addr.arp
Dng u tin nh ngha th mc c s c s dng. File name.ca s cha danh sch cc a ch IP DNS cho vic truy vn cc a ch m rng. Dng th ba l tham s la chn v cha cc bn ghi cho mng ni b. Hai tham s tip theo c s dng cho tm kim ngc li (reverse lookup). Trong /etc/named.conf cache secondary primary c thay th bi hint c thay th bi slave c thay th bi master.
p dng cc thay i ny i vi file cu hnh BIND4 s sinh ra cc file cu hnh BIND8 v BIND9 nh sau. File /etc/named.conf:
options { directory /var/named; };
zone
Copyright ISE, 2006
85

type hint; file named.ca; };
zone myco.org
type master; file named.myco; };
zone 1.168.192.in-addr.arp { type master; file named.rev; };
zone 0.0.127.in-addr.arpa { type master; file named.local; };
File vng DNS
Trong v d ny my ch c thit lp nh mt my ch ch by (catching-only server). Tt c cc file vng (zone file) u cha cc bn ghi ti nguyn. V d file named.local zone file:
@ IN SOA localhost. root.localhost. ( 2001022700 ; Serial 28800 14400 Copyright ISE, 2006 ; Refresh ; Retry
86

3600000 86400 ) IN 1 IN NS PTR localhost. localhost. ; Expire ; Minimum
y l mt file vng rt n gin nhng n cung cp y cc thng tin gip ta hiu c c ch c bn ca mt my ch tn. K hiu @ s gii (tham chiu) ti mt vng lin quan c khai bo trong /etc/named.conf. iu ny cho php bt k file vng no cng c th s dng nh l mt template cho cc vng khc (xem bi tp).
Bng 1: Kiu bn ghi thng thng NS PTR MX A CNAME Xc nh cc vng ca my ch tn min chnh Tham chiu ngc a ch IP ti tn my host Bn ghi th in t Mail Exchange Tng ng mt a ch IP vi mt my host Tng ng mt tn gn (alias) vi mt tn chnh ca my host
Bng 2: Cc tham s vng @ IN SOA Start Of Authority. Xc nh mt vng c cho php bi cc tham s la chn nm trong du ngoc kp Gi tr c tng bng tay khi d liu thay i. Cc my ch ph (secondary servers) s truy vn s hiu (serial number) ca my ch chnh. Nu n thay i, ton b file vng s c ti v (downloaded)
Copyright ISE, 2006
serial
87
Ti liu o to Linux trung cp CC DCH V MNG refresh Thi gian c tnh bng giy trc khi my ch ph truy vn bn ghi SOA ca tn min chnh (primary domain). Gi tr ca n nh nht l mt ngy. Khong thi gian tnh bng giy trc khi mt vng mi c chuyn (transfer) nu vic download trc li. Thi gian sau khi my ch ph loi b tt c d liu vng nu n lin h vi my ch chnh. Gi th ca tham s ny thng thng t nht l 1 tun y l ttl i vi cc d liu c cached. Gi tr mc nh l 1 ngy (86400 giy) nhng cng c th lu hn i vi cc mng LAN n nh
retry
expire
minimum
Cu hnh Sendmail Sendmail l dch v chuyn mail (MTA) ph bin nht trn internet. N s dng giao thc Simple Mail Transfer Protocol (SMTP) v chy nh mt tin trnh nn lng nghe cc kt ni ti cng 25. Script Sendmail c dng dng hoc chy tin trnh nn sendmail thng thng c t ti th mc /etc/rc.d/init.d/. Cu hnh chnh ca file l /etc/mail/sendmail.cf (hoc /etc/sendmail.cf) Ti y bn c th xc nh tn ca my ch cng nh tn ca cc host m t v mail relay c cho php. File /etc/aliases cha hai trng sau y:
alias: user
Khi chuyn ti /etc/aliases, cu lnh newaliases phi c chy rebuild c s d liu /etc/aliases.db. Khi th c my ch chp nhn, n s c mc vo mt file n vi tn do ngi dng t. Cc file ny c lu tr ti /var/spool/mail. Ph thuc vo Mail User Agent c s dng, ngi dng c th lu tr cc thng ip (message) trong th mc gc ca mnh hoc c th download chng v mt my khc.
Copyright ISE, 2006
88
Ti liu o to Linux trung cp CC DCH V MNG Nu my ch ang chuyn tip (relaying), hoc nu mng chm v nhiu message ang c chuyn, th s c lu tr trong hng i th /var/spool/mqueue. Bn c th truy vn vi tin ch mailq hoc sendmail bp. Qun tr mng c th flush hng i ca my ch vi cu lnh sendmail q. Cui cng, ng k mt tn min nh mt a ch email hp l, mt bn ghi MX cn c thm vo trong c s d liu DNS. V d nu mail.company.com l mt my ch mail, n chp nhn mail nh
joe@company.com th bn s phi cu hnh nh sau
1. Thm company.com vo /etc/mail/local-host-names 2. company.com MX

10 mail.company.com trong mt file vng DNS
8. My ch Apaches
File cu hnh File /etc/httpd/conf/httpd.conf cha tt c cc tham s thit lp cu hnh Cc phin bn trc ca apache c thm hai file ngoi, mt l access.conf trong s gii hn cc th mc c khai bo v mt file khc l srm.conf xc nh th mc gc (rot) ca my ch. Cc cu hnh cn ch :
ServerType standalone/inetd ServerRoot /etc/httpd DocumentRoot /var/www/html <Directory /var/www/cgi-bin> AllowOverride None Options ExecCGI Order allow,deny Allow from all </Directory> <VirtualHost 122.234.32.12>
Copyright ISE, 2006
89

DocumentRoot /www/docs/server1 ServerName virtual.mydomain.org </VirtualHost>
Chy Apache chy v dng my ch, u tin bn c th s dng script /etc/rc.d/init.d/httpd. Trn mt my ch bn (busy server) th nn s dng apachectl c bit vi la chn graceful s khi ng li my ch chi khi cc kt ni hin ti c tho thun. Cc file nht k chnh c lu trong /var/log/httpd/. Cc file ny c th rt hu ch trong cc l do an ninh. Thng thng chng ta kim tra file error_log v access_log.
Copyright ISE, 2006
90
9. Thc hnh
Ci t mt my ch DNS chnh Nh l mt bi tp, chng ta s ci t gi BIN9 rpm bind9-9.1.3-252.i386.rpm v cu hnh mt domain c tn l gogo.com. 1. Tin hnh ln lt cc bc sau trong /etc/named.conf: Copy/Paste cc on sau v sa li nh sau
2. Trong /var/named:
cp 127.0.0.zone 192.168.2.zone cp local.zone gogo.zone
3. Thay i cc trng tng ng trong file vng mi (zone file). Thm mt host c tn l harissa. 4. Thm dng nameserver 127.0.0.1 vo /etc/resolv.conf. 5. S dng host gii harissa.gogo.com Qun tr Apache Cc cu hnh c bn trong file /etc/httpd/conf/httpd.conf 1. Thay i Port t 80 thnh 8080. 91
Copyright ISE, 2006
Ti liu o to Linux trung cp CC DCH V MNG 2. Kim tra rng apache tr li vi cu lnh telnet localhost 8080. Bn s nhn c:
Trying 127.0.0.1... Connected to localhost.linuxit.org. Escape character is '^]'.
Tip theo g GET / download file index .
3. Thit lp StartServer thnh 15. Khi ng li httpd v kim tra rng 15 tin trnh s c chy (thay v 8 tin trnh nh mc nh) IP based virtual server Card mng ethernet ca bn phi nh danh ti mt a ch IP mi (gi l new-IP)
ifconfig eth0:0 new-IP
Thm cc on sau y vo /etc/httpd/conf/httpd.conf:

<VirtualHost new-IP> DocumentRoot /var/www/html/virtual ServerName www1 </VirtualHost>
Ci t mt th mc chia x SMB (shared SMB directory) Trong hu ht cc trng hp bn s khng cn thm ngi dng smb (smbusers) vo h thng. n gin ch cn son tho file smb.conf v thm nh sau:
[public] comment = Example Shared Directory path = /home/samba guest ok = yes writeable = yes
Ci t mt my in chia s:
[global] --- snip --Copyright ISE, 2006
92

printcap name = /etc/printcap load printers = yes [printers] comment = All Printers path = /var/spool/samba browseable = no # Set public = yes to allow user 'guest account' to print guest ok = yes writable = no printable = yes
Copyright ISE, 2006
93
Ti liu o to Linux trung cp BASH SCRIPTING
BASH SCRIPTING 1. Mi trng bash

Bin Khi bn g cu lnh ti du nhc ca chng trnh bash shell th n s s dng bin PATH tm xem bng thc hin (executable) no trong h thng m bn cn chy. Bn c th kim tra gi tr ca bin path bng cch s dng lnh echo:
echo $PATH /usr/bin:/bin:/usr/sbin:/usr/X11R6/bin:/usr/local/bin:/sbin/:/usr/local/ sbin/
Thc t, c rt nhiu bin cn thit i vi shell cung cp i vi mi mi trng ngi dng. V d cc bin PWD, HOME, TERM v DISPLAY. C php khi to v khai bo mt bin nh sau:
VARIABLE=VALUE
Ch rng khng c t bt k du cch no xung quanh du =. Khi mt bin c khai bo v khi to, n s c th c tham chiu bng cch s dng k t dolla ng trc nh v d sau y:
echo $VARIABLE
Khi mt phin shell c bt u, mt s cc tp cu hnh c c v hu ht cc bin c thit lp.
Copyright ISE, 2006
94
Ti liu o to Linux trung cp BASH SCRIPTING gii phng mt bin khi gi tr hin thi, s dng unset. Cc file cu hnh u tin c th phn bit cc file cu hnh xem file no s c c i vi mi phin bash mi. File cu hnh Login: Cc file c c khi login l /etc/profile v ~/.bash_profile (bash s tm mt s file khc nh ~/.profile). Tip theo bash s c cc file iu khin thi gian ca n ~/.bashrc v (nu tn ti) /etc/bashrc. Cc File bashrc: Cc file ny c c mi ln khi mt phin shell c khi chy (v d mt xterm mi). Cc file ny l /etc/bashrc v ~/.bashrc. Cc nh danh (alias) v cc function c th c ghi trong ~/.bashrc C php Function:
function-name () { command1; command2; }
Bn c th kim tra xem nhng file no s c c bng cch thm mt dng

echo Profile trong /etc/profile, kiu:
bash
Khng profile no c c, bn khng thy g ht

Copyright ISE, 2006
95

bash -login
S bt bash ng vai tr nh mt login bash, t

Profile s c hin th.
Cc cu lnh sau y s iu khin cch thc m bash bt u:

bash -norc bash -noprofile
Ch bt k phin bash mi no cng s k tha cc bin ca cha c khai bo trong /etc/profile v ~/.bash_profile.
2. Cc yu t cn thit Scripting
File script Script shell l mt danh sch cc ch dn c lu tr trong mt tp phng (flat file). Ch c hai ch dn sau l cn thit. 1. Dng u tin ca script phi l #!/bin/bash (i vi script bash) 2. File phi c c th c v chy c (v d i vi quyn 755)
Nu cc dng ny khng hin hu th cng c th chy chng trnh script bng ccg g:
bash program-name
Trao bin vo script (Passing variables to the script)
Copyright ISE, 2006
96
Ti liu o to Linux trung cp BASH SCRIPTING Cc bin c to ti cc dng lnh c tham chiu bn trong script nh $1 i vi i s u tin, $2 cho i s th hai, vv V d script, mycat:
#!/bin/bash cat $1
Script ny i hi mt i s l mt file v s hin th ni dung ca file bng cch s dng cat. chy script ny trong file lilo.conf, bn s chy:
./mycat /etc/lilo.conf
Mt cch khc chuyn cc bin vo script l t du nhc script cho ngi dng nhp u vo. Cch ny c th thc hin bng cch s dng cu lnh read. Tn mc nh ca bin c c l REPLY. Sau y l mt script c thay i: Chuyn bin tng tc:
#!/bin/bash echo -n "Which file shall I display ?" read cat $REPLY
hoc
read -p File to display: FILENAME cat $FILENAME
Cc bin c bit Cc bin c bit ch c th c tham chiu v c t ng thit lp bi bash. Sau y l mt s bin c bit thng dng nht:
Copyright ISE, 2006
97
Ti liu o to Linux trung cp BASH SCRIPTING $* $# $0 $! $$ $? Lit k tt cc cc bin c nhp ti dng lnh S lng cc i s c nhp ti dng lnh Tn ca script PID ca cu lnh nn gn nht PID ca shell hin ti M thot ca dng lnh cui cng
i vi cc tham s v tr $1, $2 vv php ton dch chuyn shift s t li tn mi tham s mt cch tun hon theo cch sau. $2 s thnh $1 $3 s thnh $2 vv C th tng qut li nh sau $(n+1) $n
3. Cc c lng logic
Cc biut thc logic c c lng vi cu lnh test hoc du [ ]. Trong c hai trng hp ny, kt qu u c lu tr trong bin $? nh:
if biu thc true then if biu thc false then
$? l 0 $? Khng l 0
Sau y l mt s v d minh ho:

s dng test Test f /bin/bash S dng [ ] [ -f /bin/bash ] gii ngha test nu /bin/bash l mt file
Copyright ISE, 2006
98

test -x /etc/passwd [ -x /bin/passwd ] test nu /etc/passwd l mt tp thi hnh
Cng c th c lng nhiu hn mt biu thc ti cng mt thi im bng cch s dng cc php ton logic || (OR) v && (AND) trong mt dng lnh. V d chng ta c th test nu /bin/bash l mt tp thc thi v tn ti trong /etc/inittab:
test -x /bin/bash && test /etc/inittab [ -e /bin/kbash ] || [ -f /etc/passwd ]
Cng tng t nh vy khi s dng c -o and -a trong php ton test
test -x /bin/bash -a -f /etc/inittab [ -e /bin/kbash -o -f /etc/passwd ]
4. Vng lp
if then loop C php:
if CONDITION ; then command1 command2 fi
#!/bin/bash if [ -x /bin/bash ] ; then echo The file /bin/bash is executable
fi
Copyright ISE, 2006
99
Ti liu o to Linux trung cp BASH SCRIPTING if then else C php:
if CONDITION ; then command1 command2 else command3 fi
vng lp while C php:
while CONDITION is true; do command done
V d: Aligne 10 hashes (#) then exit

#!/bin/bash COUNTER=0 while [ $COUNTER -lt 100 ]; do echo -n "#" sleep 1 let COUNTER=COUNTER+1 done
Vng lp Until C php:
until CONDITION is false; do command done
V d: Ging nh trn, kiu C tng i vi mi COUNTER
Copyright ISE, 2006
100

#!/bin/bash COUNTER=20 until [ $COUNTER -lt 10 ]; do echo -n "#" sleep 1 let COUNTER-=1 done
Vng lp for C php
for VARIABLE in SET; do command done
V d: tp 'SET' c th l cc dng ca mt file

#!/bin/bash for line in `cat /etc/lilo.conf`; do IMAGE=$(echo $line | grep image) if [ $IMAGE != ]; then echo Kernel configured to boot: $line fi done
5. u vo do ngi dng nhp

Gi s rng script i ngi dng nhp gi tr u vo, ph thuc vo kt qu tr li, phn cn li ca chng trnh s thc hin mt s vic mt cch ph hp. C hai cch thc hin iu ny l: select v case. S dng case
C php: case $VARIABLE in CHOICE command ;; CHOICE command ;; esac
Copyright ISE, 2006
101
S dng select
C php: select VARIABLE in SET; do if [ $VARIABLE = CHOICE ]; then command fi if [ $VARIABLE = CHOICE ]; then command fi done
6. Lm vic vi s
Trong khi cc x l cc chui k t mt cch lin mch, mt c gng nh khc l thc hin mt s php ton s hc ht sc c bn. Cc php ton nh phn Cng hoc nhn cc s c th c thc hin bng cc s dng c biu thc expr hoc cu trc $(( ))s. V d:
expr 7 + 3; expr 2 \* 10; expr 40 / 4; expr 30 11 $((7+3)); $((2*10)); $((40/4)); $((30-11))
Cc gi tr so snh Cc php ton kim tra:

S -lt Xu <
Copyright ISE, 2006
102

S -gt -le -ge -eq -ne Xu > <= >= = !=
Copyright ISE, 2006
103
7. Thc hnh
1. Trn dng lnh xut bin TEST
export TEST=old
2. Vit mt script
#!/bin/bash echo old variable: $TEST export $TEST=new echo exported variable: $TEST
3. Gi tr ca $TEST l g khi script c chy? 4. Trong script sau gi test_shell s in PID ca shell
test_shell #!/bin/bash if [ -n $(echo $0 |grep test) ]; then echo The PID of the interpreter is: $$ else echo The PID of the interpreter is: $$ fi
5) Thit lp quyn 755 v kim tra cc cu lnh sau

test_shell
Copyright ISE, 2006
104

./test_shell bash test_shell . test_shell source test_shell exec ./test_shell
Copyright ISE, 2006
105
Ti liu o to Linux trung cp BO MT
BO MT 1. Bo mt a phng
The BIOS Nu mt ngi no y tm cch truy nhp cc a c bo mt hoc mt a linux bng cch khi ng t a mm hoc CD ROM th s rt d dng c th c v truy cp ti by k file no ca h thng. trnh c iu ny BIOS s c thit lp thit lp ch cho php khi ng t a cng. Khi iu ny c thc hin thnh cng n s thit lp mt mt khu trong BIOS. LILO LILO c th a ra cc tham s la chn khi khi ng. Thng thng mt s h iu hnh Linux s khng hi mt khu khi khi ng h thng trong ch single user hoc mc thc thi runlevel 1. C hai tham s la chn s c thm vo trong /etc/lilo.conf: Tham s restricted s nhc ngi dng nhp mt khu Tham s password="", thit lp xu mt khu
Cm c ngha l LILO khng th a ra bt k tham bin no khi "password" khng xc nh trong lilo.conf.
Boot=/dev/had install=/boot/boot.b Prompt timeout=50 Password="password" restricted
Copyright ISE, 2006
106
Ti liu o to Linux trung cp BO MT Quyn truy cp file bo v khi nhng tn cng ph hu file. xut thc hin cc bc sau. 1) To cc cng c h thng khng th thay i c, hoc cc file nht k ch thm vo cui (append-only):
chattr +i /bin/login chattr +i /bin/ps chattr +a /var/log/messages
2) To th mc /tmp v /home nosuid hoc noexec:

Lines to be changed in /etc/fstab /tmp /home /tmp /home ext2 ext2 nosuid noexec 12 12
3) Tm tt c file trong h thng khng thuc v mt ngi dng hoc nhm ngi dng no :
find / -nouser o nogroup find / -perm +4000
File nht k (Log file) Cc file log chnh l /var/log/messages : cha cc thng tin ng nhp bi chng trnh nn syslogd /var/log/secure. : cha thng tin nhng ln ng nhp khng thnh cng, thng tin v thm ngi s dng, vv
Copyright ISE, 2006
107
Ti liu o to Linux trung cp BO MT Cng c last s lit k tt c nhng ln ng nhp v khi ng h thng thnh cng. Cc thng tin c c t file /var/log/wtmp. Cng c who v w lit k tt c ngi dng hin ti ang ng nhp vo h thng bng ccg s dng file /var/run/utmp. Gii hn ngi dng Khi file /etc/nologin tn ti (c th rng) th n s bo v tt c ngi dng t khi ng nhp vo h thng (ngoi tr ngi dng root). Nu file nologin cha mt thng bo th n s c hin th sau khi vic xc thc ngi dng thnh cng. Th mc /etc/security/ s l mt tp cc file m cho php ngi qun tr gii hn thi gian CPU ngi dng, ln ti a file, s lng kt ni ti a, vv /etc/security/access.conf : khng cho php ng nhp i vi cc nhm v ngi dng t mt v tr xc nh. /etc/security/limits.conf nh dng ca file ny l
<domain> <type> <item> <value>
domain tn ngi dng, tn nhm (vi @group) type item cng hoc mm (hard or soft) core data fsize memlock nofile - gii hn kch thc li ca file (KB) - kch thc d liu ti a (KB) - kch thc ti a ca file (KB) - khng gian a ch kho b nh (locked-in-memory) ti a (KB) - s lng ti a file c m
Copyright ISE, 2006
108

cpu proc as maxlogins priority locks - thi gian CPU ln nht (MIN) - s lng ti a cc tin trnh - gii hn khng gian a ch - s lng ti a cc ng nhp ng thi ca ngi dng ny - u tin chy tin trnh ngi dng - s lng ti a kho file m ngi dng c th
2. An ninh mng
Bo mt mng c th c chia ra thnh hai mc chnh nh sau: Bo mt theo my ch (Host Based Security) Quyn truy cp vo cc ngun ti nguyn c th c cho php da vo yu cu dch v ca Host. iu ny c thc hin bi tcp_wrappers. Th vin libwrap cng ng vai tr nh tcp_wrappers cung cp danh sch truy cp kim sot host i vi cc dch v mng khc nhau. Mt s dch v nh xinetd, sshd, v portmap, c bin dch da vo th vin libwrap do c kch hot tcp_wrapper h tr cho cc dch v ny. Khi mt client kt ni ti mt dch v vi h tr tcp_wrapper, file /etc/hosts.allow v /etc/hosts.deny c phn tch (parse) kch thch yu cu dch v host. Da vo kt qu m dch v c th c cho php hoc khng. File hosts_access c 2 hoc 3 (la chn) du hai chm ngn cch cc trng. Trng u tin l tn ca tin trnh, tip theo l tn host hoc domain b hn ch hon ton vi mt du chm u ("leading dot"), a ch IP hoc subnet vi du chm sau. Cc t i din nh ALL v EXCEPT cng c chp nhn.
Copyright ISE, 2006
109
Ti liu o to Linux trung cp BO MT C php ca file /etc/hosts.{allow | deny} nh sau:

service : hosts [EXCEPT] hosts
V d:
/etc/hosts.deny ALL: ALL EXCEPT .example.com
/etc/hosts.allow ALL: in.ftpd: sshd: LOCAL 192.168.0. ALL .example.com
Tcp_wrappers c th chy mt lnh cc b da vao host tng ng vi cc file host_access. Cng vic c hon thnh vi lnh spawn. Bng cch s dng k t %, vic thay th c th c s dng i vi tn ca host v tn dch v. V d:
/etc/hosts.deny ALL: ALL : spawn (/bin/echo `date` from %c for %d >> /var/log/tcpwrap.log)
bit thm cc thng tin v k t thay th %, xem trang tr gip host_access (5) bng lnh man.
Copyright ISE, 2006
110
Ti liu o to Linux trung cp BO MT Bo mt theo cng (Port Based Security) Vi chc nng lc gi tin trong nhn ca Linux, c th gii hn truy cp ti ngun ti nguyn bng cch to ra tp lut vi cc tin ch nh ipchains v iptables, s cho php xc nh mt gi tin khi i qua hoc giao din mng ca n v cng ch ra iu g s din ra i vi gi tin ny. C ba chui trong ipchains v iptables, l
input, forward v output cho ipchains INPUT, FORWARD, v OUTPUT cho iptables.
V d, khi s dng ipchains tt c gi tin i vo mt giao din mng s i qua chui input. Tt c cc gi tin khng c ch l host ny s ia qua chui
forward.
Tt c cc gi tin c sinh ra bi host v cc gi tin chuyn tip s i qua chui

output.
Lut ipchains v iptables c th xc nh cc thng tin nh ngun source (s), ch (d), giao thc (p), v cng. V d: Tt c cc gi tin t a ch 192.168.0.254 s b cm
ipchains -A input -s 192.168.0.254 -j DENY
Cc lut Ipchains v iptables c th c thc thi theo cc thng s la chn sau -A -D Thm vo cui (Append) Xo (Delete)
Copyright ISE, 2006
111
Ti liu o to Linux trung cp BO MT -P -I -F -N -X -L Thay i chnh sch mc nh i vi mt chui (chain) Chn (Insert) In cc lut ra mt chui (Flush the rules(s) in a chain) To mt chui c ngi dng nh ngha Xo chui do ngi dng nh ngha Lit k
V d: Chnh sch mc nh i vi mt iptable c th b thay i t ACCEPT thnh DENY nh sau:

iptables -P INPUT REJECT iptables -P FORWARD REJECT iptables -P OUTPUT REJECT
Trong d n pht trin nhn Linux 2.4 v d n Netfilter cng s dng tin ch bng iptables qun l cc lut firewall. im khc bit ln nht gia iptable v ipchain l iptables h tr cho vic nh gi cc gi tin da trn trng thi ca chng da theo cc gi tin khc c truyn qua nhn. Di y l mt v d minh ho tng la theo trng thi gi tin c thc hin. N l mt on script shell gm mt s dng lnh. V d: Mt on script c bn ph hp vi ngi dng gia nh (home user) hoc khng c nhu cu kt ni internet nhng vn s dng gateway cho mng LAN v cho php cc kt ni t mng LAN ti tt cc dch v. Ch : Dng bi m di y ch cho php kt ni ti cng 80
Copyright ISE, 2006
112

#!/bin/sh # Variables IPTABLES="/sbin/iptables" LAN_IFACE="eth0" INET_IFACE="eth1" INET_IP="1.2.3.4" LOCALHOST_IP="127.0.0.1/32" LAN_IP="192.168.0.1/32" LAN_BCAST="192.168.0.0/24"
# Setup IP Masquerading
echo "1" > /proc/sys/net/ipv4/ip_forward $IPTABLES -t nat -A POSTROUTING -o $INET_IFACE -j MASQUERADE
# Specify the default policy for the built in chains $IPTABLES -P INPUT DROP $IPTABLES -P FORWARD DROP $IPTABLES -P OUTPUT DROP
# Specify INPUT Rules $IPTABLES -A INPUT -i !$INET_IFACE -j ACCEPT $IPTABLES -A INPUT -p TCP -i $INET_IFACE -m state --state NEW --dport http -j ACCEPT $IPTABLES -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
# Specify FORWARD Rules $IPTABLES -A FORWARD -i $LAN_IFACE -j ACCEPT $IPTABLES -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
Copyright ISE, 2006
113
# Specify OUTPUT RULES $IPTABLES -A OUTPUT -p ALL -s $LOCALHOST_IP -j ACCEPT $IPTABLES -A OUTPUT -p ALL -s $LAN_IP -j ACCEPT
3. Shell an ton
Xc thc Host Vi ssh th c host v ngi dng c xc thc. Xc thc host c hon thnh bng cch s dng cc kho o (swapping key). Kho cng khai v kho ring ca host thng thng c lu tr trong /etc/ssh nu bn s dng OpenSSH. Ph thuc vo giao thc c s dng m file kho host s c gi ssh_host_key i vi Giao thc 1 v ssh_host_rsa_key hoc ssh_host_dsa_key i vi giao thc 2. Mi kho ny c mt kho cng cng tng ng, v d ssh_host_key.pub. Khi mt ssh client kt ni ti mt server th server s cung cp mt kho host cng khai. on v d di y ngi dng s c thng bo mt s thng s nh sau:
The authenticity of host 'neptune (10.0.0.8)' can't be established. RSA key fingerprint is 8f:29:c2:b8:b5:b2:e3:e7:ec:89:80:b3:db:42:07:f4. Are you sure you want to continue connecting (yes/no)?
Nu bn ng tip tc kt ni th kho cng khai ca server s c thm vo trong file $HOME/.ssh/known_hosts. Xc thc ngi dng (s dng password) Tip theo ngi dng s c h thng nhc nhp mt khu tng ng vi account ca mnh ng nhp vo server t xa.
Copyright ISE, 2006
114
Ti liu o to Linux trung cp BO MT Xc thc ngi dng (s dng kho) Xc thc ngi dng cng c th i hi cc kho o (swapping key). thc hin iu ny ngi dng s cn phi sinh ra mt cp kho ring / cng khai. V d:
ssh-keygen -t dsa -b 1024
s sinh mt lhjo DSA 1024 bit. Mc nh cc kho ny s c ghi trong $HOME/.ssh v trong v d ny c gi l id_dsa v id_dsa.pub. Gi s rng chng ta c mt id_dsa.pub ta c th thnh lp kho ny vi mt ti khon t xa v trnh c vic phi nhp mt khu i vi cc kt ni sau ny. thc hin c vic ny, ta cn phi copy ni dung ca file id_dsa.pub vo mt file c tn l authorized_keys2 c lu tr trong th mc t xa $HOME/.ssh.
CH
Tt c kho cng khai trong /etc/ssh and ~/.ssh s c quyn l 600
File cu hnh sshd V d file /etc/ssh/sshd_config:

#Port 22 #Protocol 2,1 #ListenAddress 0.0.0.0 #ListenAddress ::
# HostKey for protocol version 1 #HostKey /etc/ssh/ssh_host_key # HostKeys for protocol version 2 #HostKey /etc/ssh/ssh_host_rsa_key #HostKey /etc/ssh/ssh_host_dsa_key
Copyright ISE, 2006
115
File cu hnh ssh configuration File v d /etc/ssh/ssh_config or $HOME/.ssh/config:

# Host * # # # # # # # # # # # # # ForwardX11 no RhostsAuthentication no RhostsRSAAuthentication no RSAAuthentication yes PasswordAuthentication yes HostbasedAuthentication no CheckHostIP yes IdentityFile ~/.ssh/identity IdentityFile ~/.ssh/id_rsa IdentityFile ~/.ssh/id_dsa Port 22 Protocol 2,1 Cipher 3des
4. Cu hnh thi gian

Ngy h thng Ngy h thng c th thay i vi cu lnh date. C php l:
date MMDDhhmmCCYY[.ss]
ng h phn cng (Harware Clock) ng h phn cng c th c thay i trc tip vi tin ch hwclock. Cc tham s la chn chnh l: -r hoc -show hin th thi gian hin ti
Copyright ISE, 2006
116
Ti liu o to Linux trung cp BO MT -w hoc -systohc -s hoc -hctosys cng hin ti S dng NTP To thi gian ton cu Coordinated Universal Time (UTC) l mt tiu chun c s dng gi thi gian chun da vo s quay trn ca tri t xung quanh trc ca mnh. Tuy nhin do c s sai s nh bt qui tc khi chuyn ng quay trn nn qung nhy ca giy cn c thm vo thang UTC bng cch s dng cc ng h nguyn t. Do my tnh khng c trang b cc ng h nguyn t, tng s dng mt giao thc ng b cc ng h my tnh qua internet. NTP - Network Time Protocol l mt giao thc nh vy. Cc my tnh c cp nht mt cch trc tip bi ng h nguyn t c gi l thi gian chnh (primary time) v c s dng cp nht mt s lng ln my ch thi gian ph khc. iu ny to nn mt cu trc cy ging vi cu trc DNS. My ch gc (root server) mc (tng) u tin, my ch th yu s mc th hai v tng t nh vy vi cc mc thp hn. Cu hnh mt client truy vn mt my ch NTP: Mt tin trnh nn gi l ntpd c s dng truy vn ti mt my ch thi gian t xa. Tham s cn thit l server trong tp /etc/ntp.conf tr n mt my ch NTP cng cng hoc lin kt. Cc my ch ny c th tm thy trc tuyn trn mng. Giao thc NTP cng c th c lng cc li v tn s ca ng h phn cng qua mt chui cc truy vn, c lng ny c ghi vo mt fuke c tham chiu vi th driftfile. thit lp ng h phn cng thnh thi gian h thng hin ti thit lp thi gian h thng vi thi gian ca ng h phn
Copyright ISE, 2006
117
Mininal /etc/ntp.conf file server ntp2.somewhere.com driftfile /var/lib/ntp/drift
Khi ntpd c bt u n s t tr thnh mt my ch NTP cung cp cc dch v ti cng 123 bng cch s dng UDP. One off queries: Gi ntp cng h tr cng c ntpdate c s dng thit lp thi gian qua mt dng lnh:
ntpdate ntp2.somewhere.com
5. Bo mt nhn
C mt s la chn trong nhn Linux. Bao gm c ch ng b cookie syn_cookie. Trn ngn xp b nh (Stack overflow) c kim sot bi mt ming v bo mt gi l tng m (openwall) hoc OWL. tcp_syncookies kch hot la chn ny bn ch cn thc hin nh sau:
[root@nasaspc /proc]#echo "1" > /proc/sys/net/ipv4/tcp_syncookies
Dng lnh ny s ch th cho nhn gi mt cookie ti client trong tn hiu tr li SYN+ACK ca n. Trong ch ny, my ch s ng socket v i tn hiu ACK ca client vi mt cookie tng ng.
Copyright ISE, 2006
118
Ti liu o to Linux trung cp BO MT Nu file tcp_syncookies khng tn ti trong th mc /proc th bn cn phi dch li nhn vi la chn h tr syncookies. Ch : Mc nh, thm ch nu syncookies c h tr bi nhn th bn cn phi kch hot h tr bng cch thm "1" vo /proc/sys/net/ipv4/tcp_syncookies. iu ny thng c thc hin trong /etc/rc.d/rc.local. Tuy nhin c mt gii php khc hiu qu hn l thm mt u vo (entry) vo /etc/sysctl.conf Ming v bo mt owl (phn ny khng phi l i tng trnh by ca ti liu ny) Ming v ny quan tm n hu ht cc vn lin quan n ngn xp b nh v n khng nm trong phm vi ca kho hc ny.
a ch ming v owl v nhn Linux:
http://www.openwall.com http://www.kernel.org/pub/linux/kernel/v2.2/
Ming v ny ch h tr cho nhn 2.2-19 hoc phin bn tip theo. Sau khi download linux-2.2.19.tar.gz v linux-2.2.19-ow1.tar.gz vo th mc /usr/src/, chc chn l bn xo linux symbolic link.
[root@nasaspc src]#pwd /usr/src/ [root@nasaspc src]#rm -rf linux
Gii nn cc gi.
[root@nasaspc src]#tar xvzf linux-2.2.19.tar.gz [root@nasaspc src]#tar xvzf linux-2.2.19-owl.tar.gz
Copyright ISE, 2006
119
Ti liu o to Linux trung cp BO MT kim tra h thng, chuyn ti th mc linux-2.2-19-owl. C mt th mc c gi l la chn cha file c tn l stacktest.c.
[root@nasaspc optional]#pwd /usr/src/linux-2.2.19-ow1/optional [root@nasaspc optional]#gcc stacktest.c -o stacktest
Nu bn chy stacktest th s thu c danh sch cc la chn. Chy m phng trn b nh. Mt tn cng trn b nh m thnh cng:
[root@nasaspc optional]#stacktest Usage: ./stacktest OPTION Non-executable user stack area tests -t call a GCC trampoline -e simulate a buffer overflow exploit -b simulate an exploit after a trampoline call [root@nasaspc optional]#stacktest -e Attempting to simulate a buffer overflow exploit... Succeeded.
p dng ming v bn cn phi di chuyn ti th mc linux. Sau y l cc cu lnh. S dng ming v openwall:
[root@nasaspc linux]#pwd /usr/src/linux [root@nasaspc linux]#patch -p1 < /usr/src/linux-2.2-19-owl/linux-2.2.19-ow1.diff
Copyright ISE, 2006
120
Ti liu o to Linux trung cp BO MT By gi nu bn thc hin make menuconfig bn s thy mt ca s nhp mi gi l Security options. Cc la chn mc nh u hp l. T y bn c th bt u vic dch hoc ci t nhn nh bnh thng.
Copyright ISE, 2006
121
Ti liu o to Linux trung cp QUN TR H THNG
QUN TR H THNG LINUX Tng quan

Chng ta s xem xt cc nhim v chnh ca qun tr h thng nh qun l cc file nht k, lp lch cng vic bng cch s dng at v cron....
1. Logfiles v cc file cu hnh

Th mc /var/log/ y l th mc cha hu ht cc file nht k (log file). Mt s ng dng sinh ra cc file nht k ca mnh (v d nh squid hoc samba). Hu ht cc file nht k h thng u c qun l bi tin trnh nn syslogd daemon. Cc file h thng ph bin l: cron mail messages secure gi v theo di cc thng ip sinh ra khi chy crons cc thng ip lin quan n mail ghi nht k tt c cc thng bo nhng ln thc thnh cng authpriv, cron, mail v news ghi nht k tt c nhng ln xc thc khng thnh cng, vic thm / xo ngi dng, ...
File nht k quan trng nht l messages ghi li nht k hu ht cc hot ng. File /etc/syslog.conf Khi syslogd c khi ng th mc nh n s c file cu hnh /etc/syslog.conf. u tin cng c th khi ng syslogd vi -f v ng dn n mt file cu hnh tng ng. File ny s phi cha mt danh sch cc mc, tip theo l quyn v cui cng l ng dn n file nht k:
Copyright ISE, 2006
122

item1.priority1 ; item2.priority2 /path-to-log-file
Cc mc cho php l : auth v authpriv cron kern mail news user uucp Cc quyn cho php: (t cao n thp)
emerg alert crit err warning notice info debug * none
ngi dng chung v quyn ring cc thng ip tin trnh cron cc thng ip nhn
tin trnh ngi dng
Cc quyn l ti thiu! Tt c cc quyn cao hn s c h thng ghi nht k. gn mt quyn info bn ch cn s dng du '=' gn nh sau:
user.=info /var/log/user_activity
Danh sch /etc/syslog.conf
# Log all kernel messages to the console. # Logging much else clutters up the screen.
Copyright ISE, 2006
123

#kern.* /dev/console
# Log anything (except mail) of level info or higher. # Don't log private authentication messages! *.info;mail.none;news.none;authpriv.none /var/log/messages
# The authpriv file has restricted access. authpriv.* /var/log/secure
# Log all the mail messages in one place. mail.* /var/log/maillog
# Log cron stuff cron.* /var/log/cron
# Everybody gets emergency messages, plus log them on another # machine. *.emerg *.emerg * @10.1.1.254
# Save boot messages also to boot.log local7.* # news.=crit news.=err news.notice /var/log/news/news.crit /var/log/news/news.err /var/log/news/news.notice /var/log/boot.log
2. Cc tin ch nht k
Cu lnh logger
Copyright ISE, 2006
124
Ti liu o to Linux trung cp QUN TR H THNG Tin ch u tin ca nht k l cu lnh logger s ghi cc thng ip vo file /var/log/messages : Nu bn g cu lnh nh sau:
logger
program myscipt ERR
Pha cui file /var/log/messages s l mt thng ip tng t nh sau:

Jul 17 19:31:00 localhost penguin: program myscript ERR
Thit lp a phng (local settings) Tin ch logger s mc nh ghi cc thng bo vo /var/log/messages. Mt s mc a phng (local items) c nh ngha trc c th gip bn to ra cc file nht k ca mnh nh local0 ti local7 l cc item s dng cho ngi qun tr h thng. Cc item c nh ngha ny ph thuc vo h thng (File nht k ghi thng tin thi gian khi ng h thng RedHat local7 trong /var/log/boot.log). Bn hy thm mt dng sau y vo file /etc/syslog.conf:
local4.* /dev/tty9
Khi ng li syslogd
killall -HUP syslogd
Cu lnh tip theo s c ghi nht k vo /dev/tty9
logger -p local4.notice
"This script is writing to /dev/tty9"
Mt thit b ng quan tm khc l /dev/speech c ci t vi cc cng c Festival.

Copyright ISE, 2006
125
logrotate
Cc file nht k c cp nht bng cch s dng logrotate. Thng thng logrotate c chy hng ngy nh l mt cng vic cron. File cu hnh /etc/logrotate.conf s cha cc cu lnh to hoc nn file.
Danh sch ca logrotate.conf # rotate log files weekly weekly # keep 4 weeks worth of backlogs rotate 4 # send errors to root errors root # create new (empty) log files after rotating old ones create # uncomment this if you want your log files compressed compress # RPM packages drop log rotation information into this directory include /etc/logrotate.d # no packages own lastlog or wtmp -- we'll rotate them here /var/log/wtmp { monthly create 0664 root utmp rotate 1 }
3. Cc cng vic t ng (Automatic Tasks)

S dng cron Chng trnh c trch nhim chy cc cron c gi l crond. Mi pht crond s c cc file c cha cu lnh thc hin. Cc file ny c gi l crontabs.
Copyright ISE, 2006
126
Ti liu o to Linux trung cp QUN TR H THNG File crontabs ngi dng c lu gi trong /var/spool/cron/<username>. Cc file ny s khng cho php son tho trc tip bi ngi dng khng phi l ngi dng root v cn thit phi s dng cng c son tho crontab (xem di y). File crontab h thng l /etc/crontab. File ny s thc hin nh k tt c cc script trong /etc/cron.* bao gm bt k ng dn biu tng (symbolic link) tr ti cc scritp hoc cc tp nh phn trong h thng. thc thi cc u vo cron , s dng cng c crontab. Cc cng vic c lp lch c xem vi tham s la chn -l nh m t di y:
crontab -l
# DO NOT EDIT THIS FILE - edit the master and reinstall # (/tmp/crontab.1391 installed on Tue Jul 17 17:56:48 2001) # (Cron version -- $Id: crontab.c,v 2.13 1994/01/17 03:20:37 vixie Exp $) 0 * * 07 2 /usr/bin/find /home/penguin -name core -exec rm {} \;
Liu ngi dng root c crontabs no khng? Tng t nh tham s la chn -e s m trnh son tho mc nh ca bn v cho php nhp u vo cron. Ngi dng root c th s dng -u xem v thay i bt k u vo cron no ca ngi dng. xo file crontab ca bn, s dng crontab -r. y l nh dng ca:
Minutes(0-59) Hours(0-23) Day of Month(1-31) Month(1-12) Day of Week(0-6) command
Quyn: Mc nh, mt ngi dng bt k no c th s dngcrontab. Tuy nhin, bn c th kim sot kh nng truy cp vi /etc/cron.deny v /etc/cron.allow.
Copyright ISE, 2006
127
Lp lch vi at Cc cng vic at c chy bi tin trnh nn atd v c y ra trong /var/spool/at/ Cu lnh at c s dng lp lch mt cng vic ang tt (off task) vi c php nh sau
at [time]
Trong thi gian c th c biu din nh sau:

now 3am + 2days midnight 10:15 Apr 12 teatime
c danh sch y cc nh dng thi gian, xem /usr/share/doc/atxxx/timespec. Bn c th lit k cc cu lnh c lp lch vi atq hoc at -l. Cc cng vicat c ghi trong /var/spool/at/:
ls /var/spool/at/ a0000100fd244d spool
Khi s dng atq bn s phi c mt danh sch cc cng vic c nh s. Bn cng c th s dng s ny loi b khi hng i cng vic:
atq 1 2001-07-17 18:21 a root
Copyright ISE, 2006
128
Ti liu o to Linux trung cp QUN TR H THNG T vic lit k atq chng ta thy rng s cng vic l 1, do c th loi b cng vic khi hng i nh sau:
at -d 1
Quyn: Mc nh at s hn ch ngi dng root. ghi , bn phi c mt /etc/at.deny rng hoc c /etc/at.allow vi cc tn tng ng.
4. Sao lu v nn
Chin lc sao lu (Backup strategies) C ba chin lc sao lu mt h thng l: y : copy tt c cc file D phng: u tin copy tt c cc file mi c thm hoc thay i k t ln backup cui cng v sau copy tt c cc file mi c thm hoc sa i t ln backup d phng gn nht Sai lch: Copy tt c cc file mi c thm hoc sa i t ln backup y gn y nht V d: nu bn thc hin mt backup y v ba ln backup Sai lch trc khi h thng sp , bn s cn bao nhiu tape khi phc li? To file nn cn lu tr vi tar La chn chnh to ra mt file nn cn lu tr vi tar l -c. Bn cng c th xc nh tn ca archive nh l i s u tin nu s dng c -f.
Copyright ISE, 2006
129
tar -cf home.tar /home/
Nu bn khng xc nh file nh l mt i s tar -c th n gin h thng s cho u ra file nn cn lu tr nh mt u ra chun:
tar -c /home/ >
home.tar
Gii nn archives vi tar Thay c -c bng x s to ra cc th mc nu cn thit v copy cc file nn cn lu tr vo th mc hin thi ca bn. chuyn tip kt qu gii nn vo mt th mc (v d th mc /usr/share/doc), bn c th lm nh sau:
tar xf backeddocs.tar -C /usr/share/doc
Nn Tt c cc archives c th dc nn bng nhiu tin ch khc nhau. Cc c sau s cho php khi to, th nghim (testing) hoc gii nn mt tp cn lu tr:
Tham s la chn tar Z z j
Kiu nn
compress gzip bzip2.
Copyright ISE, 2006
130
Ti liu o to Linux trung cp QUN TR H THNG Tin ch cpio Tin ch cpio c s dng copy cc file t hoc n cc file nn. - Gii nn mt file d liu trn tape:
cpio -i < /dev/tape
- To mt file nn d liu cho th mc /etc:

find /etc | cpio -o > etc.cpio
5. Ti liu
Trang tr gip Manpages v c s d liu whatis
Trang tr gip c t chc theo cc phn NAME SYNOPSYS DESCRIPTION OPTIONS FILES SEE ALSO tn ca mc (item) tip theo bi mt dng ghi ch ngn c php ca cu lnh gii thch di Cc tham s la chn c th Cc file lin quan n item hin ti(v d cc file cu hnh) cc trang hng dn khc lin quan n ch hin ti
Cc phn trn khng th thiu trong mt trang tr gip. C s d liu whatis lu tr phn NAME ca tt c cc trang tr gip trong h thng. Vic lu tr ny c thc hin bi cron hng ngy. C s d liuwhatis c hai u vo nh sau:
name(key) one line description
Copyright ISE, 2006
131
Ti liu o to Linux trung cp QUN TR H THNG C php ca whatis l:

whatis <string>
Kt qu u ra l phn NAME y ca cc trang tr gip trong string tng ng vi named(key) Bn cng c th s dng cu lnh man truy vn c s d liu whatis. C php ca man l
man -k <string>
Khng ging nh whatis, cu lnh man s truy vn c name v one line description ca c s d liu. Nu string ph hp vi mt t trong bt k mt trng no trn, truy vn s tr v mt NAME y .
V d: (String ph hp s c bi m)
whatis lilo lilo lilo.conf [lilo] (8) (5) - install boot loader - configuration file for lilo
man -k grubby lilo
lilo (8) (8) - command line tool for configuring grub, lilo, and elilo - install boot loader - configuration file for lilo
lilo.conf [lilo]
(5)
Copyright ISE, 2006
132
Ti liu o to Linux trung cp QUN TR H THNG Cc trang tr gip c lu gi trong /usr/share/man
Cc phn ca trang tr gip Phn 1 Phn 2 Phn 3 Phn 4 Phn 5 Phn 6 Phn 7 Phn 8 Phn 9 thng tin trn cc bng executables Cc li gi h thng, v d mkdir(2) Cc li gi th vin, v d stdio(3) Cc thit b (files trong /dev) Cc file cu hnh v nh dng Cc tr chi Cc gi Macro Cc cu lnh qun tr Cc on m nhn (Kernel routines)
truy cp vo mt phn N xc inh, bn g:

man N command V d: man mkdir man 2 mkdir
man crontab man 5 crontab
Cc trang thng tin
Copyright ISE, 2006
133
Ti liu o to Linux trung cp QUN TR H THNG Cc trang thng tin (infor page) nm trong th mc /usr/share/info. Cc trang ny l cc file nn v c th c vi cng c info. Cc cng c GNU nguyn bn hay s dng cc trang thng tin hn cc trang tr gip (man page). Tuy nhin thng tin v cc d n GNU nh gcc hoc glibc vn c phm vi rng hn trong cc trang thng tin so vi cc trang tr gip. Ti liu trc tuyn Cc d n GNU bao gm cc ti liu nh FAQ, README, CHANGELOG v thnh thong l hng dn user/admin. nh dng ca cc ti lieu ny c th l ASCII text, HTML, LateX hoc postscript. Cc ti liu ny c lu gi trong th mc/usr/share/doc/. HOWTOs v D n ti liu Linux D n ti liu Linux (LDP) cung cp nhiu ti liu chi tit theo cc ch khc nhau. Cc ti liu ny hng dn cch s dng v thc thi trn Linux. a ch ca trang web l www.tldp.org. Cc ti liu The LDP u min ph v c th c phn phi theo giy php CPL.
Copyright ISE, 2006
134
5. Thc hnh
Ghi nht k 1. Thay i file /etc/syslog.conf in ra mt s nht k ti /dev/tty9 (m bo rng bn khi ng li syslogd v kt qu u ra c chuyn gin tip mt cch hp l) 2. Thm mt mc (item) local5 vi quyn ti /ect/syslog.conf v t u ra trc tip ti /dev/tty10. Khi ng li syslogd v s dng logger ghi thng tin qua local5. 3. c script /etc/rc.d/init.d/syslog v thay i /etc/sysconfig/syslog cho php cc host t xa gi cc nht k u ra.
Lp lch 4. To mt u vo cron s khi ng xclock theo nh k 2 pht mt ln. Ch rng cron khng bit cc bin h thng nh PATH v DISPLAY. 5. S dng at. khi ng xclock trong nm phut tip theo.
Archiving 6. S dng find lit k tt c cc trng c sa i trong vng 24 gi gn nht..

(gi : Chuyn tip u ra ca find -mtime 1 ti 1 file)
7. S dng cpio to mt tp nn cn lu tr c tn l Incremental.cpio.

(tr li: S dng file ca c to ra trn v thc hin cat FILE | cpio ov > Incremental.cpio)
8. S dng xargs v tar to ra mt file nn d liu ca tt c cc file c cp nht mi hoc thay i trong vng 5 pht gn y nht. 9. Tng t nh trn s dng tham s la chn exec vi cu lnh find. Ch , cc file c lit k bi find c th c tham chiu bi biu tng {}.
Copyright ISE, 2006
135
Ti liu o to Linux trung cp QUN TR H THNG 10. Gii nn file bn va to ra.
Copyright ISE, 2006
136
Ti liu o to Linux trung cp CI T PPP
CI T PPP 1. Serial Modems

Thng thng Linux ngm nh cc modem ni tip c ni vi mt cng ni tip (mt thit b ca /dev/ttySN). V th trc tin chng ta cn tm ra cng ni tip kt ni vi modem.
Lnh setserial -g s truy vn cc cng ni tip. Nu ngun ti nguyn (resource) cho cc cng ny cha sn c th gi tr UART l khng bit (unknown). V d cc kt qu ca lnh setserial:
setserial -g /dev/ttyS[0-3] /dev/ttyS0, UART: 16550A, Port: 0x03f8, IRQ: 4 /dev/ttyS1, UART: 16550A, Port: 0x02f8, IRQ: 3 /dev/ttyS2, UART: unknown, Port: 0x03e8, IRQ: 4 /dev/ttyS3, UART: unknown, Port: 0x02e8, IRQ: 3
i vi cc modem khng ni tip chng ta c th ly thng tin v ngun ti nguyn sn c /proc/pci. Hai dng lnh di y minh ho cc thit lp i/o v IRQ c th c chuyn n thit b cn trng /dev/ttyS?
setserial /dev/ttyS2 port 0x2000 irq 3 setserial /dev/ttyS2 autoconfig
Lnh th hai s thit lp UART ph hp. Cc lnh ny s khng cn tc dng trong ln khi ng tip theo v c th c lu ti /etc/rc.serial. Script di dy l mt trong nhng script cui cng c thc hin bi rc.sysinit lc khi ng. 137
Copyright ISE, 2006
Ti liu o to Linux trung cp CI T PPP Script rc.serial

#!/bin/bash TTY=/dev/ttyS2 PORT=0x2000 IRQ=3 echo "Setting up Serial Card ..." /bin/setserial $TTY port $PORT irq $IRQ 2>/dev/null /bin/setserial $TTY autoconfig 2>/dev/null
2. Cu hnh quay s (dialup)

Sau khi modem c kt ni vi mt thit b ni tip, chng ta c th gi n modem nhng hng dn c th nh l ATZ v ATDT. Mt cng c ng vai tr nh mt giao tip u cui l minicom.
Minh ho minicom
Mt cng c thng dng khc l wvdialconf. Cng c ny s t ng kim tra cc modem trn ttyS v to ra mt file cu hnh. File ny s c dng qun l s xc thc ca mt khu v khi to daemon pppd sau khi kt ni thnh cng.
Copyright ISE, 2006
138
3. pppd v chat
Trc ht script chat c dng giao tip vi modem ch t xa. N bao gm mt lot cc xu expect/send. nh dng cc xu ny l nh sau:
expected query answer
Cc truy vn mong i (expected queries) t modem l:

OK CONNECT login password TIMEOUT >
Script s c c tun t v bt u vi truy vn trng ' ' , truy vn ny s c i snh vi lnh 'ATZ'. Sau khi modem c khi to, n s gi li truy vn 'OK'. Tip script s tr li vi lnh quay s. Qu trnh giao tip ny s tip tc cho n khi li nhc '>' xut hin ti pha ngi dng thc hin pppd.
V d v script chat:
'ABORT' 'BUSY' 'ABORT' 'ERROR' 'ABORT' 'NO CARRIER' 'ABORT' 'NO DIALTONE' 'ABORT' 'Invalid Login' 'ABORT' 'Login incorrect' '' 'ATZ' 'OK' 'ATDT01172341212' 'CONNECT' '' 'ogin:' 'adrian' 'ord:' 'adrianpasswd' 'TIMEOUT' '5' Copyright ISE, 2006
139

'>' pppd
V d trn ch l mt cch thc hin vic giao tip. Chng ta cng c th khi to pppd v gi scrip chat nh sau:
pppd /dev/ttyS2 115200 \ nodetach \ lock \ debug \ crtscts \ asyncmap 0000000 \ connect "/usr/sbin/chat -f /etc/sysconfig/network-scripts/chat-ppp0"
Cc dng pha di lnh pppd c th c lu ti /etc/ppp/options. File ny cha phn ln nhng c tnh to nn kh nng x l v s linh hot ca pppd. V d require-chap s s dng /etc/ppp/chap-secrets cho qu trnh xc thc.
4. PPPD peers
Trong /etc/ppp/ c mt th mc c tn l peers. Trong th mc ny chng ta c th to mt file cha tt c nhng la chn dng lnh cn thit cho pppd. Theo phng thc ny cc kt ni bnh ng c th c khi to bng tt c ngi dng.
Di y l v d ca mt file PPP peer:

# This optionfile was generated by pppconfig 2.0.10. hide-password noauth connect "/usr/sbin/chat -f /etc/sysconfig/network-scripts/chat-ppp0" /dev/ttyS0 115200
Copyright ISE, 2006
140

defaultroute noipdefault user uk2
File peer uk2 c th c dng nh sau:

# pppd call uk2
Lnh ny s quay s c xc nh trong "chat script" v xc thc nh l ngi dng "uk2". Ch rng lnh ny s yu cu nhng gi tr tng ng trong /etc/ppp/chap-secrets v /etc/ppp/pap-secrets. Cu trc cho cc bo mt pap v chap l nh sau:
# Secrets for authentication using CHAP # client server secret uk2 * "uk2" *
IP addresses
Cc dng lnh ny cho php cc mt khu khc nhau c s dng nu chng ta kt ni vi nhng my ch khc nhau. N cng cho php chng ta xc nh mt a ch IP. Thc ra a ch IP khng th xc nh khi kt ni ti mt ISP tuy nhin khi to nhng kt ni ring qu trnh xc nh s c thc hin. V d khi xc nh v tr kim tra hot ng ca mng, chng ta cn xc nh ngi dng no s dng mt a ch IP chc chn.
5. Wvdial
y l mt phng php mc nh Red Hat kt ni n mt mng quay s. Chng ta nn s dng nhng cng c cung cp bi Gnome hoc KDE thit lp nhng thng s cho wvdial trong file /etc/wvdial.conf
Di y l mt v d v file wvdial.conf
Copyright ISE, 2006
141

[Modem0] Modem = /dev/ttyS0 Baud = 115200 Dial Command = ATDT Init1 = ATZ FlowControl = Hardware (CRTSCTS) [Dialer UK2] Username = uk2 Password = uk2 Phone = 08456091370 Inherits = Modem0
dng wvdial t dng lnh, chng ta c th thc hin theo c php sau:
# wvdial <dialer-name>
Trong v d v file cu hnh, cu lnh sau s thc hin qu trnh kt ni c tn l "uk2"

# wvdial uk2
Copyright ISE, 2006
142
Ti liu o to Linux trung cp IN N
IN N
C hai mc ch trong chng ny l gii thiu cc ccng c in n GNU sn c trn Linux v hiu r cc file cu hnh i vi my ch in n.
1. B lc (Filters) v gs
i vi nhng nh dng phi vn bn, h thng Linux v Unix thng s dng cc b lc. Nhng b lc no s chuyn nhng nh dng JPEG hoc troff vo nh dng postscript. V nh dng ny c th c gi trc tip n my in postscript, tuy nhin khng phi tt c my in thng thng c kh nng x l postscript, mt thit b trung gian "my in postscript o" c tn l gs (ghostscript) s chuyn i postscript vo PCL. Bn thng mi ca ghostscript l Aladdin Ghostscript v bn GNU l version c hn. Tin ch gs c mt c s d liu ca cc thit b iu khin (driver) cho my in (danh sch cc thit b iu khin thng xuyn c cp nht, v d rt nhiu cc my in USB c th dng c), do tin ch ny s x l v chuyn i postscript trc tip vo PCL cho nhng loi my in bit. Tin ch gs ng vai tr trung tm trong qu trnh x l in n ca Linux.
2. My in v hng i in
Nh cp trn cc dng vn bn ascii n gin khng cn x l theo cch thc ging nh cc file hnh nh hoc postscript. Nu chng ta ch c duy nht mt my in v v d mun in ra nhng bc th, th chng ta khng cn thit s dng b lc. Chng ta s nh ngha mt hng i thay th b lc v gip qu trnh in din ra nhanh hn. Chng ta cng c th nh ngha mt hng i trn cng mt my in dnh cho vic x l cc file postscript.
Copyright ISE, 2006
143
Ti liu o to Linux trung cp IN N Tt c cc hng i v my in c nh ngha trong /etc/printcap. Di y l cu hnh y ca mt my in t xa 192.168.1.20 s dng hng i t xa c tn l 'lp':
lp:\ :sd=/var/spool/lpd/lp:\ :mx#0:\ :sh:\ :rm=192.168.1.20:\ :rp=lp:
Cc la chn cn thit y l rm dnh cho my ch t xa, sd l th mc ng ng my in (spool), v rp l tn ca hng i t xa. Ch rng khng c b lc no c xc nh y (chng ta c th s dng lnh if cho b lc u vo). Tt c cc qu trnh lc c thc hin trn my ch t xa.
3. Cc cng c in n
lpr:
Tin ch lpr c dng gi cc cng vic lin quan n in n ti my in. y l mt phin bn mi ca lp (line print). i vi ngi dng s thun tin hn nu nh mt my in c th gn kt vi nhiu hn mt hng i. Di y l hai v d in mt file c tn l LETTER. Gi cng vic n my in mc nh:
lpr LETTER
Gi cng vic n hng i 'ljet':

lpr -Pljet LETTER
Bng 1: Cc la chn chnh cho lpr
Copyright ISE, 2006
144

-#num -Ppq -s
In num bn copies Ch nh hng in pq To mt lin kt tng trng trong th mc ng ng my in thay cho qu trnh copy file vo
lpq:
Ngi dng c th quan st trng thi ca hng in bng tin ch lpq. Di y l mt vi v d. Hin th cc cng vic trong hng i mc nh:
lpq
Hin th cc cng vic cho tt c hng i trong h thng

lpq -a
Hin th cc cng vic trong hng i t xa

lpq -Premote
lprm:
Tu thuc vo la chn trong /etc/lpd.perms ngi dng c th c php xo nhng cng vic ang ch i bng lnh lprm. Xo cng vic cui cng c gi i
lprm
Xo cc cng vic c gi i bng ngi dng dhill:

lprm dhill
Copyright ISE, 2006
145
Xo tt c cng vic c gi i:
lprm -a (or simply lprm -)
Chng ta cng c th xo mt cng vic c th trong ng ng my in bng cch ch ra gi tr ca cng vic, gi tr ny c to ra bi lpq.
lpc:
Tin ch iu khin my in theo dng (Line Printer Control) c dng iu khin cc hng in v cc my in. Cc hng in c th b v hiu ho hoc lm vic tr li. Ch rng lnh lprm ch c th xo cc cng vic t hng i nhng khng c th dng li mt hng i. Chng ta c th thc hin tng tc vi lpc (lpc c du nhc ring) hoc s dng dng lnh. Di y l kt qu ca lnh lpc help:
CMD: /usr/sbin/lpc help Commands may be abbreviated. abort clean enable exit disable help down quit Commands are: restart status start stop topq up ?
Cc la chon enable/disable/topq/up lin quan n hng i. Cc la chn start/stop/down lin quan n my in.
4. Cc file cu hnh
/etc/printcap
Copyright ISE, 2006
146
Ti liu o to Linux trung cp IN N Nh cp trong phn trc ca chng ny, file trn s nh ngha tt c cc my in v hng i m h thng c th dng (t xa hoc cc b). My in mc nh c th c xc nh vi cc bin LPDEST hoc PRINTER: PRINTER=lp Nu khng c bin mi trng no c thit lp, my in mc nh l my in u tin c nh ngha trong /etc/printcap.
Cc nh ngha chnh l: lp mx sd if rm rp tn thit b, thng thng /dev/lp0 cho cng song song dung lng file ln nht (gi tr 0 c ngha l khng gii hn) th mc ng ng my in b lc u vo a ch my ch t xa hoc IP tn hng i t xa
Nu nh file /etc/printcap c thay i th chng ta cn khi ng li daemon lpd.

/etc/lpd.conf
y l mt file c ni dung rt di v ngm nh l tt c cc la chon u c ghi ch. File ny c dng khi ngi qun tr mng mun c thm quyn iu khin i vi qu trnh in n (v d: xc thc quyn truy nhp t xa, cc quyn ca ngi dng...)
/etc/lpd.perms File ny iu khin cc quyn lin quan n cc tin ch lpc, lpq, v lprm. C th chng ta c th cung cp cho ngi dng quyn loi b nhng cng vic hin thi ca h t hng i vi dng lnh sau:
Copyright ISE, 2006
147
ACCEPT
SERVICE=M
SAMEHOST SAMEUSER
LPRng s s dng mt h thng cc phm rt gn cc mc trong lpd.perms. Tuy nhin qu trnh ny khng d dng c th hiu c i vi nhiu trng hp. V d dch v 'M' tng ng vi lprm trong dng lnh pha trn.
V d v file /etc/lpd.perms:
## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## Permissions are checked by the use of 'keys' and matches. For each of the following LPR activities, the following keys have a value. Key Match Connect Job Spool SERVICE S 'X' 'R' USER S JUSR HOST S RH JH GROUP S JUSR IP IP RIP JIP PORT N PORT PORT REMOTEUSER S JUSR REMOTEHOST S RH RH REMOTEGROUP S JUSR REMOTEIP IP RIP RIP CONTROLLINE S CL PRINTER S PR FORWARD V SA SAMEHOST V SA SAMEUSER V SERVER V SV LPC S AUTH V AU AUTHTYPE S AU AUTHUSER S AU AUTHFROM S AU AUTHSAMEUSER S AU Job Print 'P' JUSR JH JUSR JIP JUSR JH JUSR JIP CL PR AU AU AU AU AU LPQ 'Q' JUSR JH JUSR RIP PORT JUSR RH JUSR RIP CL PR SA SU SV AU AU AU AU AU LPRM 'M' JUSR JH JUSR JIP PORT CUSR RH CUSR RIP CL PR SA SA SU SV AU AU AU AU AU LPC 'C' JUSR JH JUSR JIP PORT CUSR RH CUSR RIP CL PR SA SA SU SV LPC AU AU AU AU AU
KEY: JH = HOST host in control file RH = REMOTEHOST connecting host name JUSR = USER user in control file AUTH will match (true) if authenticated transfer AUTHTYPE will match authentication type
Copyright ISE, 2006
148

## AUTHUSER will match client authentication type ## AUTHFROM will match server authentication type and is NULL if not from server ## AUTHSAMEUSER will match client authentication to save authentication in job ## ## Example Permissions ## ## # All operations allowed except those specifically forbidden ## DEFAULT ACCEPT ## ## #Reject connections from hosts not on subnet 130.191.0.0 ## # or Engineering pc's ## REJECT SERVICE=X NOT REMOTEIP=130.191.0.0/255.255.0.0 ## REJECT SERVICE=X NOT REMOTEHOST=engpc* ## ## #Do not allow anybody but root or papowell on ## #astart1.astart.com or the server to use control ## #facilities. ## ACCEPT SERVICE=C SERVER REMOTEUSER=root ## ACCEPT SERVICE=C REMOTEHOST=astart1.astart.com REMOTEUSER=papowell ## ## #Allow root on talker.astart.com to control printer hpjet ## ACCEPT SERVICE=C HOST=talker.astart.com PRINTER=hpjet REMOTEUSER=root ## #Reject all others ## REJECT SERVICE=C ## ## #Do not allow forwarded jobs or requests ## REJECT SERVICE=R,C,M FORWARD ## # # allow root on server to control jobs ACCEPT SERVICE=C SERVER REMOTEUSER=root # allow anybody to get server, status, and printcap ACCEPT SERVICE=C LPC=lpd,status,printcap # reject all others REJECT SERVICE=C # # allow same user on originating host to remove a job ACCEPT SERVICE=M SAMEHOST SAMEUSER # allow root on server to remove a job ACCEPT SERVICE=M SERVER REMOTEUSER=root REJECT SERVICE=M # all other operations allowed DEFAULT ACCEPT
Copyright ISE, 2006
149
/etc/host.{lpd,equiv} Nhng file ny c dng bi h thng cc qu trnh in n LRP v c ri ro v bo mt. Khi thc hin my dch v in, chng ta cn xc nh nhng my ch no c th truy cp vo my in trong /etc/hosts.lpd. Chng ta cng cn b sung nhng my ch ny vo /etc/hosts.equiv.
Nhng file ny ngy nay c thay th trong LPRng bng file /etc/lpd.perms
Copyright ISE, 2006
150
5. Thc hnh
1. S dng printtool v ti mt hng i cc b c tn l lp. 2. Chnh sa thit b /dev/tty10 nh l thit b my in (nh thc hin chmod 666 /dev/tty10 cho php in n trn thit b ny). By gi bn c mt my in o trn h thng ca bn! 3. Gi cc cng vic n hng in s dng lpr v pr. 4. Vi cng c in n trn h thng ca bn, hy nh ngha cc hng i t xa khc nhau - mt hng i UNIX - mt hng i SMB Nu bn ang s dng my ch, chc chn cc cu lnh ph hp trn s c nh ngha trong /etc/lpd.perms Trong mi trng hp - kim tra file /etc/printcap. B lc no c s dng? My ch t xa c nh ngha nh th no? - kim tra th mc /var/spool/lpd/ 5. Dng cc hng in khc nhau v cc my in vi lpc. 6. Kim tra ni dung ca mi hng in vi lpc. 7. Loi b khi hng i nhng cng vic c th vi lprm
Copyright ISE, 2006
151

Linux 2

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Linux 2

Uploaded by

Copyright:

Available Formats

TI LIU O TO

QUN TR H THNG LINUX 2

Ti liu ny c bin son theo ti liu ging dy ca Vin Linux (LPI)

GII THIU GIY PHP CNG CNG GNU

GIY PHP CNG CNG GNU (GPL)

Nhng iu khon v iu kin i vi vic sao chp, lu hnh v chnh sa

iu khon ny nhm lm r nhng h qu ca cc phn cn li ca Giy php ny.

KT THC CC IU KIN V IU KHON.

Cu lnh c th c nh trc tip trong ca s shell v c lm ni bt nh sau Cu lnh

Ti liu o to Linux trung cp NHN LINUX

NHN LINUX 1. Khi nim nhn

Nguyn khi (Monolithic)

Ti liu o to Linux trung cp NHN LINUX

Hnh 1: V d file /etc/modules.conf:

# 100Mbps full duplex options eth0 e100_speed_duplex=4

3. Bin dch li nhn

Xa lin kt mm ti th mc cha m ngun nhn c.

tar xjf linux-2.4.29.tar.bz2

Copyright ISE, 2006

Copyright ISE, 2006

Ti liu o to Linux trung cp NHN LINUX

Tt c cc lnh ny s ghi vo file /usr/src/linux/.config

Copyright ISE, 2006

Ti liu o to Linux trung cp NHN LINUX

Hnh2: make xconfig giao din mc trn cng:

3.3 Dch nhn

Ti liu o to Linux trung cp NHN LINUX

make zImage make bzImage

Hnh 3 cc lnh bin dch nhn:

Copyright ISE, 2006

Ti liu o to Linux trung cp NHN LINUX

Son tho file /etc/lilo.conf

Copyright ISE, 2006

Ti liu o to Linux trung cp NHN LINUX

image=/boot/vmlinuz label=linux root=/dev/hda6 read-only Existing section

image=/boot/vmlinuz-<full-kernel-version> label=linux-new root=/dev/hda6 read-only ----------snip------------------------------Added section

Bng k hiu cho cc th tc nhn khc nhau c th copy vo th mc /boot:

Copyright ISE, 2006

Ti liu o to Linux trung cp NHN LINUX 3.6 Khi to Ramdisks

mkinitrd /boot/initrd-$(uname -r).img $(uname -r)

3.7 La chn Bn nn copy file /usr/src/linux/.config vo /boot/config-<full-kernel-version>

Copyright ISE, 2006

Ti liu o to Linux trung cp NHN LINUX

- Ci t 2 gi ny ra hai th mc khc nhau trong /usr/src, so snh s khc

- Ln lt bin dch hai nhn theo cc ch dn trn v ci t vo h thng

Copyright ISE, 2006

Ti liu o to Linux trung cp KHI NG LINUX

KHI NG LINUX Tng quan

1. Tm hiu cc mc thc thi (Runlevels)

Danh sch 3: Danh sch cc dch v chnh trong /etc/rc.d/init.d/

arpwatch functions ipchains

linuxconf network portmp

/etc/rc.d/init.d/httpd restart hoc service httpd restart

Copyright ISE, 2006

Ti liu o to Linux trung cp KHI NG LINUX

n lt n s bt init c file cu hnh /etc/inittab tm ra iu g s xy ra mc thc thi ny.

id : runlevel : action : command

Copyright ISE, 2006

Ti liu o to Linux trung cp KHI NG LINUX Hnh 3: file /etc/inittab

# Run xdm in runlevel 5 x:5:respawn:/etc/X11/prefdm nodaemon

Copyright ISE, 2006

Copyright ISE, 2006

Ti liu o to Linux trung cp KHI NG LINUX

3. GRUB - GRand Unified Bootloader