Bond to be ADMIN in 3 days with FC3

Bond to be ADMIN in 3 days with FC3
By

4-6 July 2005

สพท. กทม. เขต 2

บดินทร์เดชา 3

หัวเรื่องสำคัญ

• Fedora Core 3 Install & Setup

• Apache with PHP

• MySQL

• DHCP

• DNS

• Mail

• VSFTP

• SQUID

• NAT IPTABLES

• Moodle

• QUOTA

• SAMBA

• MRTG

• Webmin

การติดตั้ง

กำหนด

IP Address………………..

Netmask………………….

Gateway ………………….

DNS ……………………..

Fedora Core 3 Post Install

• [root@www ~]# uname -a

• Linux localhost 2.6.9-1.667smp #1 SMP Tue Nov 2 14:59:52 EST 2004 i686 i686 i386 GNU/Linux

• [root@www ~]#ntpdate -u clock.nectec.or.th

• 12 Jun 00:46:39 ntpdate[3332]: step time server 202.44.204.9 offset -3424.993259 sec

แก้ไข selinux /config

• /etc/selinux/config then change to SELINUX=disabled

• cd /etc/skel ; mkdir public_html เพื่อให้สร้าง public_html อัตโนมัติ

• vi /etc/httpd/conf/httpd.conf แก้ไขไฟล์ดังนี้

• DefaultLanguage th

• AddLanguage th .th

• LanguagePriority th en da nl et fr de el it ja …….

• AddDefaultCharset TIS-620

• AddCharset TIS-620 .tis-620 .th

• UserDir public_html # UserDir public_html

• chmod 755 /home/userid/

• virtual host DNS must be working

แก้ไข httpd.conf

• vi /etc/httpd/conf/httpd.conf เพิ่ม

• NameVirtualHost *:80

• <VirtualHost *:80>

• DocumentRoot /var/www/html

• ServerName origin.hostname.domain

• </VirtualHost>

• <VirtualHost *:80>

• DocumentRoot /var/www/newfile

• ServerName new.name.domain

• </VirtualHost>

•

• Protect web directory by HTACCESS

• must have .htaccess in directory

• vi /etc/httpd/conf/httpd.conf

• <Directory /home/*/public_html>

• AllowOverride FileInfo AuthConfig Limit

• Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec

• <Limit GET POST OPTIONS>

• Order allow,deny

• Allow from all

• </Limit>

• <LimitExcept GET POST OPTIONS>

• Order deny,allow

• Deny from all

• </LimitExcept>

• </Directory>

แก้ไข php.ini

• vi /etc/php.ini

• register_globals = On

• post_max_size = 10M

• default_charset = "tis-620”

• upload_max_filesize = 2M

• vi /var/www/html/php.php

• ทดสอบค่าต่างๆ ของ php

• <? Echo phpinfo(); ?>

• httpd -t

• tail /var/log/httpd/access_log

•

ทดสอบ mysql

•

• rpm -q mysqld

• service mysqld restart

• Database are store in /var/lib/mysql

• vi /etc/my.cnf in [mysqld] append

• default-character-set=tis620

• mysqladmin -u root password ‘newpassword’

เข้าสู่ homepage

• cd /var/www/html

• wget -bc http://internap.dl.sourceforge.net/sourceforge/phpmyadmin/phpMyAdmin-2.6.2-pl1.tar.gz

เพิ่มโปรแกรม phpMyAdmin

• tar zxvf phpMyAdmin-x.x.x-plx.tar.gz

• mv phpMyAdmin-x.x.x-plx.tar.gz myadmin

• cd myadmin ;

• vi config.inc.php

• rpm -ivh --replacefiles MySQL-server

• MySQL-client

• MySQL-shared

• MySQL-devel-

• php-mysql-

• MySQL-shared-compat

• grant all on *.* to mysqladmin@"%" identified by 'mysqladmin';

• # safe_mysqld --skip-grant-tables
# mysqladmin -u root flush-privileges password "newpassword"

•

• ddns-update-style ad-hoc;

• default-lease-time 21600;

• max-lease-time 43200;

• option domain-name-servers 203.144.136.11;

• option domain-name ”myschool.ac.th";

• subnet 192.168.9.0 netmask 255.255.255.0 {

• option routers 192.168.9.1;

• option subnet-mask 255.255.255.0;

• range 192.168.9.10 192.168.9.99;

• }

• host haagen {

• hardware ethernet 00:50:BA:59:0D:75;

• fixed-address 192.168.9.9;

• }

•

#service dhcpd restart

#tailf /var/lib/dhcp/dhcpd.leases

bind-utils-

caching-nameserver-

vi /etc/named.conf

zone "school.ac.th " {

type master;

file "/var/named/ school.ac.th.hosts";

};

zone "136.144.203.in-addr.arpa" {

type master;

file "/var/named/203.144.136.rev";

};

bind , bind-chroot , caching-nameserver

/var/named/chroot/var/named

vi school.ac.th.hosts

$ttl 38400

tv5.co.th. IN SOA www.school.ac.th. nart. school.ac.th. (

1113747982

10800

3600

604800

38400 )

school.ac.th. IN NS ns1. school.ac.th.

school.ac.th. IN NS ns2. school.ac.th.

www. school.ac.th. IN A 203.144.136.10

school.ac.th. IN MX 10 mail. school.ac.th.

vi 203.144.136.rev

$ttl 38400

136.144.203.in-addr.arpa. IN SOA www. school.ac.th. nart.school.ac.th. (

1113748297

10800

3600

604800

38400 )

136.144.203.in-addr.arpa. IN NS ns1. school.ac.th.

136.144.203.in-addr.arpa. IN NS ns2. school.ac.th.

15.136.144.203.in-addr.arpa. IN PTR ns1. school.ac.th.

nslookup, dig, host, /etc/resolv.conf

Mail Server:Sendmail + dovecot + squirrelmail

• vi /etc/mail/sendmail.mc

• Change DAEMON_OPTIONS(‘Port=smtp,Addr=127.0.0.1, Name=MTA’) to 0.0.0.0

• #make -C /etc/mail ; vi /etc/mail/access

• localhost.localdomain RELAY

• localhost RELAY

• 127.0.0.1 RELAY

• mydomain.com RELAY

• #cd /etc/mail ; makemap hash access < access

• add domain in /etc/mail/local-host-names

• vi /etc/dovecot.conf change

• protocol = imap imaps pop3 pop3s

• re-start sendmail and dovecot then check by telnet to port 25,110, 143

• /usr/share/squirrelmail/config

• conf.pl --> menu 2 (Server Settings) --> menu 1 (Domain)

• menu 2--> menu 3 (Sendmail or SMTP) choose SMTP

• menu 2 --> A (Update IMAP Settings) -->menu 8 (Server Software)

• choose other

• *** chown nobody /usr/share/squirrelmail/data

FTP

• vi /etc/vsftpd/vsftpd.conf

• anonymous_enable=NO

• chroot_list_enable=YES

• chroot_list_file=/etc/vsftpd.chroot_list

• userlist_enable=YES

Telnet port 21

tail /var/log/vsftpd.log

ProxyServer by SQUID

cp /etc/squid/squid.conf /etc/squid/squid.conf.ori

cache_mem 128 MB

cache_dir diskd /cache 1000 16 256

squid –z

acl nartrule src 158.108.0.0/16

http_access allow nartrule

acl signalblock url_regex "/squidblock"

http_access deny signalblock

httpd_accel_host virtual

httpd_accel_port 80

httpd_accel_with_proxy on

httpd_accel_uses_host_header on

iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 3128

test by telnet port 3128 get get

squid -k rotate

***iptable

• 1 Nics

• echo 1 >/proc/sys/net/ipv4/ip_forward

• iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

iptables -t nat -A POSTROUTING -d ! 192.168.1.0/24 -j MASQUERADE

iptables -A FORWARD -s 192.168.1.0/24 -j ACCEPT

iptables -A FORWARD -d 192.168.1.0/24 -j ACCEPT

iptables -A FORWARD -j DROP

2 Nics

#iptables -F

#iptables -t nat -F

#iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

#iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j REDIRECT --to-port 3128

Disk QUOTA

• vi /etc/fstab

• LABEL=/ / ext3 defaults,usrquota 1 1

• touch /aquota.user ; chmod 600 /aquota.user

• reboot

• /sbin/quotacheck -vgum -a

• /sbin/quotaon -a

• /usr/sbin/setquota -u myuser 160000 200000 800 1000 -a

• (200 Mbytes 1000 inodes)

SAMBA File Shairing

Service smb restart

vi /etc/samba/smb.conf

os level = 65

smbpasswd -a user

/var/log/samba

MRTG: Multi Router Traffic Grapher

• /var/www/mrtg

• cfgmaker -global "options[_]:bits,growright" --global "workdir: /var/www/mrtg/myhost" public@routerIP > /etc/mrtg/myhost.cfg

• indexmaker --output=/var/www/mrtg/myhost/index.php /etc/mrtg/myhost.cfg

• env LANG=C /usr/bin/mrtg /var/www/mrtg/myhost/myhost.cfg

webmin

• vi /etc/cron.d/mrtg

• 0-59/5 * * * * root /usr/bin/mrtg /etc/mrtg/myhost.cfg

• Robust security

• can use usermin for user change password

• don’t start webmin

• default user = root port 10000

moodle

AcceptPathInfo on (recomment fron moodle on Apache2)

# mysql -u root -p

> CREATE DATABASE moodle;

> GRANT SELECT,INSERT,UPDATE,DELETE,CREATE,DROP,INDEX,ALTER ON moodle.*

TO moodleuser@localhost IDENTIFIED BY 'yourpassword';

> quit

# mysqladmin -p reload

crontab -e and then adding one of the above commands like:

*/5 * * * * wget -q -O /dev/null http://example.com/moodle/admin/cron.php

• thai in activities

• mkdir moodle/lang/th/fonts

• cp norasi.ttf moodle/lang/th/fonts/default.ttf

GD require

#yum -y install php-gd

net admin

netstat -a

ifconfig

route

tail /var/log/messages

traceroute www.cnn.com

nmap www.cnn.com

ntpclock -u clock.nectec.or.th

uname -a

find / -name filename

locate filename