Squid + PAM Kev Pom Zoo hauv CentOS 7- SMB Networks

General index ntawm lub series: Computer Networks rau cov SMEs: Taw qhia

Nyob zoo cov phooj ywg thiab cov phooj ywg!

Cov npe ntawm cov lus yuav tsum yog: «MATE + NTP + Dnsmasq + Gateway Service + Apache + Squid nrog PAM Kev Pom Zoo hauv Centos 7 - Kev tes hauj lwm SME«. Rau cov laj thawj tseeb peb kom luv rau.

Peb txuas ntxiv nrog kev lees paub rau cov neeg siv hauv zos ntawm Linux lub computer siv PAM, thiab lub sijhawm no peb yuav pom tias peb tuaj yeem muab Kev Pab Cuam li cas nrog Squid rau lub network me me ntawm cov khoos phis tawj, los ntawm kev siv cov ntawv pov thawj kev lees paub uas muab khaws cia hauv tib lub computer uas cov server tab tom khiav Squid.

Txawm hais tias peb paub tias nws yog ib qho kev nyiam ua tam sim no, los kuaj xyuas cov kev pabcuam tiv thaiv nrog OpenLDAP, Red Hat's Directory Server 389, Microsoft Active Directory, thiab lwm yam. Peb ntseeg tias peb yuav tsum mus ntawm tus yooj yim mus rau txoj.

Index

Cov theem

Nws yog lub koom haum me me-nrog rau kev siv nyiaj txiag tsawg- ua haujlwm rau kev txhawb nqa siv cov software dawb thiab uas tau xaiv rau lub npe ntawm Los ntawmLinux.FanCov. Lawv yog ntau yam OS Enthusiasts CentOS pab pawg nyob rau hauv ib qho chaw ua haujlwm. Lawv tau mus yuav ib qho workstation - tsis yog tus kws tshaj lij tshaj lij - uas lawv yuav mob siab ua haujlwm "server."

Cov neeg txhawb nqa tsis muaj qhov kev paub ntau yam ntawm yuav ua li cas siv OpenLDAP server lossis Samba 4 AD-DC, lossis lawv tsis tuaj yeem muaj lais xees rau Microsoft Active Directory. Txawm li cas los xij, lawv xav tau kev pabcuam siv Is Taws Nem los ntawm Kev Tshaj Tawm rau lawv kev ua haujlwm txhua hnub-rau kom nrawm nrawm- thiab qhov chaw khaws lawv cov ntawv tseem ceeb tshaj plaws thiab ua haujlwm ua cov ntawv luam theej.

Lawv tseem feem ntau siv cov haujlwm tsim nyog los ntawm Microsoft kev ua haujlwm, tab sis xav hloov lawv mus rau Linux-based Operating Systems, pib nrog lawv "Server".

Lawv kuj tseem xav kom muaj lawv tus kheej xa ntawv server kom dhau los ua kev ywj pheej - tsawg kawg los ntawm keeb kwm - ntawm cov kev pabcuam xws li Gmail, Yahoo, HotMail, thiab lwm yam, uas yog qhov lawv siv tam sim no.

Firewall thiab Routing Cov Kev Cai tiv thaiv Is Taws Nem yuav tsim nws hauv ADSL Router sib cog lus.

Lawv tsis muaj lub npe sau npe tiag tiag vim lawv tsis tas yuav tshaj tawm cov kev pabcuam hauv Is Taws Nem.

CentOS 7 ua ib lub server tsis muaj GUI

Peb tab tom pib los ntawm lub installation tshiab ntawm lub server tsis muaj lub graphical interface, thiab tib txoj kev peb xaiv thaum lub sijhawm txheej txheem yog «Infrastructure Neeg rau zaub mov»Raws li peb tau pom hauv cov ntawv dhau los hauv koob.

Thawj kauj ruam

[hauv paus @ linuxbox ~] # miv / thiab lwm yam / tus tswv tsev lub npe 
linuxbox ua

[cag @ linuxbox ~] # miv / thiab lwm yam / hom tuav
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 :: 1 localhost localhost.localdomain localhost6 localhost6.localdomain6 192.168.10.5 linuxbox.fromlinux.fan linuxbox

[cag @ linuxbox ~] # tswv tsev
linuxbox ua

[cag @ linuxbox ~] # hostname -f
linuxbox.fromlinux.fan

[hauv paus @ linuxbox ~] # ip addr npe
[cag @ linuxbox ~] # ifconfig -a
[cag @ linuxbox ~] # ls / sys / chav / net /
ua 32l34

Peb lov tes taw Network Manager

[hauv paus @ linuxbox ~] # systemctl nres NetworkManager

[cag @ linuxbox ~] # systemctl lov tes taw NetworkManager

[cag @ linuxbox ~] # systemctl xwm txheej NetworkManager
● NetworkManager.service - Network Manager Loaded: loaded (/usr/lib/systemd/system/NetworkManager.service; neeg xiam; tus neeg muag khoom preset: ua haujlwm) Active: tsis tsaug zog (tuag lawm) Cov ntaub ntawv: txiv neej: NetworkManager (8)

[cag @ linuxbox ~] # ifconfig -a

Peb teeb tsa lub network sib cuam tshuam

Ens32 LAN interface txuas nrog Sab hauv Network

[cag @ linuxbox ~] # nano / thiab / sysconfig / network-scripts / ifcfg-ens32
DEVICE=ens32
ONBOOT=yes
BOOTPROTO=static
HWADDR=00:0c:29:da:a3:e7
NM_CONTROLLED=no
IPADDR=192.168.10.5
NETMASK=255.255.255.0
GATEWAY=192.168.10.1
DOMAIN=desdelinux.fan
DNS1=127.0.0.1
ZAUV = pej xeem

[hauv paus @ linuxbox ~] # ifdown ens32 && ifup ens32

Ens34 WAN interface txuas rau Is Taws Nem

[cag @ linuxbox ~] # nano / thiab / sysconfig / network-scripts / ifcfg-ens34
DAIM DUAB = ens34 ONBOOT = yog BOOTPROTO = zoo li HWADDR = 00: 0c: 29: da: a3: e7 NM_CONTROLLED = tsis muaj IPADDR = 172.16.10.10 NETMASK = 255.255.255.0 # ADSL router tau txuas nrog # qhov kev cuam tshuam nrog # chaw nyob nram qab no GATEWAY IP = 172.16.10.1 DOMAIN = desdelinux.fan DNS1 = 127.0.0.1
ZONE = nraud

[hauv paus @ linuxbox ~] # ifdown ens34 && ifup ens34

Repositories kev teeb tsa

[cag @ linuxbox ~] # cd /etc/yum.repos.d/
[cag @ linuxbox ~] # thawj mkdir
[cag @ linuxbox ~] # mv Centos- * thawj /

[cag @ linuxbox ~] # nano centos.repo
[Base-Repo]
name=CentOS-$releasever
baseurl=http://192.168.10.1/repos/centos/7/base/x86_64/
gpgcheck=0
enabled=1

[CentosPlus-Repo]
name=CentOS-$releasever
baseurl=http://192.168.10.1/repos/centos/7/centosplus/x86_64/
gpgcheck=0
enabled=1

[Epel-Repo]
name=CentOS-$releasever
baseurl=http://192.168.10.1/repos/centos/7/epel/x86_64/
gpgcheck=0
enabled=1

[Updates-Repo]
name=CentOS-$releasever
baseurl=http://192.168.10.1/repos/centos/7/updates/x86_64/
gpgcheck=0
enabled=1

[hauv paus @ linuxbox yum.repos.d] # yum huv si txhua
Cov khoom siv thau tawm: qhov ceev ceev tshaj plaws, langpacks Kev Tu Tsev Chaw: Chaw Pib Rov CentosPlus-Repo Epel-Repo Media-Repo: Hloov Kho-Repo Tu txhua yam Tu cov npe ntawm cov iav ceev ceev
[hauv paus @ linuxbox yum.repos.d] # yum hloov kho
Cov Khoom Plaws Plaws Pliav Nyiaj: lub nrawm nrawm, langpacks Base-Repo | 3.6 kB 00:00:3.4 CentosPlus-Repo | 00 kB 00:4.3 Epel-Repo | 00 kB 00:3.6 Media-Repo | 00 kB 00:3.4 Hloov Tshiab-Repo | 00 kB 00:1 (9/155): Puag-Repo / pawg_gz | 00 kB 00:2 (9/170): Epel-Repo / pawg_gz | 00 kB 00:3 (9/155): Media-Repo / pab pawg_gz | 00 kB 00:4 (9/734): Epel-Repo / updateinfo | 00 kB 00:5 (9/5.3): Media-Repo / primary_db | 00 MB 00:6 (9/1.1): CentosPlus-Repo / primary_db | 00 MB 00:7 (9/2.2): Hloov Tawm-Repo / primary_db | 00 MB 00:8 (9/4.5): Epel-Repo / primary_db | 00 MB 01:9 (9/5.6): Puag-Repo / primary_db | 00 MB 01:XNUMX Kev txiav txim tsom iav sai sai Tsis muaj pob khoom cim rau kev hloov tshiab

Cov lus "Tsis muaj pob khoom cim rau kev hloov tshiab»Yog qhia vim tias thaum lub sijhawm teeb tsa peb tau tshaj tawm tib lub chaw khaws ntaub ntawv uas peb muaj ntawm peb qhov chaw pov tseg.

Centos 7 nrog MATE desktop ib puag ncig

Txhawm rau siv cov cuab yeej tswj hwm zoo heev nrog lub graphical interface uas CentOS / Red Hat muab rau peb, thiab vim tias peb nco ntsoov txog GNOME2, peb txiav txim siab los nruab MATE ua qhov chaw nyob.

[hauv paus @ linuxbox ~] # yum groupinstall "X lub kaw lus"
[hauv paus @ linuxbox ~] # yum groupinstall "MATE Desktop"

Txhawm rau kuaj xyuas tias MATE thauj khoom kom zoo, peb ua raws li cov lus qhia nram qab no hauv console - chaw lossis chaw taws teeb-:

[hauv paus @ linuxbox ~] # systemctl cais tawm graphical.target

thiab lub desktop ib puag ncig yuav tsum muab ntim -nyob rau pawg pab pawg- ntseeg nkaws, uas qhia qhov teeb pom kev raws li lub graphical login. Peb ntaus lub npe ntawm tus neeg siv hauv zos thiab nws lo lus zais, thiab peb yuav sau tus sau npe (MATE).

Los qhia systemd tias qhov pib ua haujlwm qib yog 5-ntu ib puag ncig- peb tsim cov cim txuas hauv qab no:

[cag @ linuxbox ~] # ln -sf /lib/systemd/system/runlevel5.target/etc/systemd/system/default.target

Peb rov kho qhov system thiab txhua yam ua haujlwm zoo.

Peb nruab Nruab Nrab Sijhawm rau Kev Ua Haujlwm

[hauv paus @ linuxbox ~] # yum nruab ntp

Thaum lub sijhawm teeb tsa peb teeb tsa tias lub moos moos yuav tsum tau ua tiav nrog lub khoos phis tawm ntawm lub sijhawm sysadmin.fromlinux.fan nrog IP 192.168.10.1. Yog li, peb khaws cov ntaub ntawv ntp.conf original los ntawm:

[cag @ linuxbox ~] # cp /etc/ntp.conf /etc/ntp.conf.original

Tam sim no, peb tsim ib qho tshiab nrog cov ntsiab lus hauv qab no:

[hauv paus @ linuxbox ~] # nano /etc/ntp.conf # Servers tau teeb tsa thaum lub sijhawm teeb tsa: server 192.168.10.1 iburst # Yog xav paub ntxiv, saib tus txiv neej nplooj ntawv ntawm: # ntp.conf (5), ntp_acc (5) , ntp_auth (5), ntp_clock (5), ntp_misc (5), ntp_mon (5). driftfile / var / lib / ntp / drift # Tso cai synchronization nrog rau lub sijhawm, tab sis tsis yog # tso cai rau qhov kev sab laj lossis hloov kho cov kev pabcuam no txwv tsis pub tso npe thov sau tsis tau txais txiaj ntsig # tso cai rau txhua tus nkag tau rau hauv Loopback txwv 127.0.0.1 txwv :: 1 # Txwv tsis pub tsawg me ntsis rau cov khoos phis tawm hauv zos. txwv tsis pub 192.168.10.0 daim npog 255.255.255.0 nomodify notrap # Siv peb tes num cov neeg siv pas dej ua ke pas dej ua ke.ntp.org # Yog tias koj xav koom nrog txoj haujlwm no # (http://www.pool.ntp.org/join.html). #broadcast 192.168.10.255 autokey # kev tshaj tawm neeg rau zaub mov kev tshaj tawm # xov tooj neeg siv #broadcast 224.0.1.1 autokey # multicast server #multicastclient 224.0.1.1 # multicast neeg #manycastserver 239.255.254.254 # neeg rau zaub mov muaj ntau #manycastclient 239.255.254.254 neeg tawm xov xwm ntau192.168.10.255. 4 # Xaiv ua kom pej xeem muaj cryptography. #crypto includefile / etc / ntp / crypto / pw # Cov ntaub ntawv tseem ceeb uas muaj cov yuam sij thiab tus cim tseem ceeb # siv thaum ua haujlwm nrog cov cim tseem ceeb cryptography yuam sij / thiab lwm yam / ntp / yuam # Qhia cov cim cim tseem ceeb. #trustedkey 8 42 8 # Qhia kom meej tus cim tseem ceeb kom siv nrog tus nqi ntpdc. #requestkey 8 # Qhia kom meej tus cim tseem ceeb kom siv nrog tus nqi ntpq. #controlkey 2013 # Pab sau qhia txog cov ntawv sau npe. #statistics clockstats cryptostats loopstats peerstats # Lov secession saib kom tiv thaiv kev ua kom nrov nrov ntawm # kev siv lub ntpdc monlist hais kom ua, thaum lub neej ntawd # txwv tsis suav tus chij no. Nyeem CVE-5211-XNUMX # kom paub meej ntxiv. # Faj seeb: Tus Saib Xyuas tsis xiam tes taw nrog tus chij txwv tsis pub tshaj. lov tes taw saib

Peb qhib, pib thiab tshawb xyuas NTP qhov kev pabcuam

[hauv paus @ linuxbox ~] # systemctl xwm txheej ntpd
● ntpd.service - Lub Sijhawm Network Network Cov Haujlwm: Load (/usr/lib/systemd/system/ntpd.service; neeg xiam; tus neeg muag khoom preset: neeg xiam oob qhab) Nquag: tsis muaj zog (tuag lawm)

[cag @ linuxbox ~] # systemctl pab ntpd
Tsim symlink los ntawm /etc/systemd/system/multi-user.target.wants/ntpd.service mus /usr/lib/systemd/system/ntpd.service.

[cag @ linuxbox ~] # systemctl pib ntpd
[hauv paus @ linuxbox ~] # systemctl xwm txheej ntpd

[hauv paus @ linuxbox ~] # systemctl xwm txheej ntpdntpd.service - Kev Pabcuam Sijhawm Network
   Nqa: thauj khoom (/usr/lib/systemd/system/ntpd.service; qhib tau; tus neeg muag khoom preset: neeg xiam oob qhab) Nquag: nquag (khiav) txij Fri 2017-04-14 15:51:08 EDT; 1s dhau los Cov Txheej Txheem: 1307 ExecStart = / usr / sbin / ntpd -u ntp: ntp $ OPTIONS (code = exited, status = 0 / SUCCESS) Main PID: 1308 (ntpd) CGroup: /system.slice/ntpd.service └─ 1308 / usr / sbin / ntpd -u ntp: ntp -g

Ntp thiab Pov Tus Hluav Taws

[cag @ linuxbox ~] # firewall-cmd --get-active-aav
lwm
  Qhov cuam tshuam: ens34
pej xeem
  Qhov cuam tshuam: ens32

[hauv paus @ linuxbox ~] # firewall-cmd --zone = pej xeem --add-port = 123 / udp --permanent
kev vam meej
[cag @ linuxbox ~] # firewall-cmd --reload
kev vam meej

Peb tuaj yeem thiab teeb tsa Dnsmasq

Raws li peb pom hauv tsab xov xwm dhau los hauv Kev Ua Lag Luam Me Ua Lag Luam Me, Dnsamasq raug ntsia los ntawm lub neej ntawm CentOS 7 Infrastructure Server.

[cag @ linuxbox ~] # systemctl xwm txheej dnsmasq
● dnsmasq.service - DNS caching server. Lub nra: muaj thauj khoom (/usr/lib/systemd/system/dnsmasq.service; xiam oob khab; tus neeg muag khoom preset: neeg xiam oob qhab) Nquag: nyob tsis tus (tuag lawm)

[cag @ linuxbox ~] # systemctl pab kom dnsmasq
Tsim symlink los ntawm /etc/systemd/system/multi-user.target.wants/dnsmasq.service mus /usr/lib/systemd/system/dnsmasq.service.

[cag @ linuxbox ~] # systemctl pib dnsmasq
[cag @ linuxbox ~] # systemctl xwm txheej dnsmasq
● dnsmasq.service - DNS caching server. Nqa: thauj khoom (/usr/lib/systemd/system/dnsmasq.service; qhib tau; tus neeg muag khoom preset: neeg xiam oob qhab) Nquag: nquag (khiav) txij Fri 2017-04-14 16:21:18 EDT; 4s dhau los Main PID: 33611 (dnsmasq) CGroup: /system.slice/dnsmasq.service └─33611 / usr / sbin / dnsmasq -k

[cag @ linuxbox ~] # mv /etc/dnsmasq.conf /etc/dnsmasq.conf.original

[cag @ linuxbox ~] # nano /etc/dnsmasq.conf
# ------------------------------------------------- ------------------ # KEV XAIV NEEG # ------------------------- -------------------------------------- domain-xav tau # Tsis txhob sau npe tsis muaj npe sau bogus-priv # Tsis txhob hla chaw nyob hauv cov chaw tsis muaj chaw nthuav dav ntxiv tswv yim # Tshaj tawm ntxiv sau npe rau tus tswv interface = ens32 # Interface LAN nruj-xaj # xaj nyob rau hauv uas /etc/resolv.conf cov ntaub ntawv tau sab laj conf-dir = / thiab lwm yam /dnsmasq.d domain = desdelinux.fan # Chaw sau npe lub npe = / time.windows.com / 192.168.10.5 # Xa ib qho kev xaiv tas ntawm WPAD tus nqi. Xav tau # Windos 7 thiab tom qab tus neeg yuav khoom coj zoo. ;-) dhcp-option = 252, "\ n" # Cov ntaub ntawv uas peb yuav tshaj tawm cov HOSTS uas yuav "raug txwv" ntxiv-hnub = / thiab / banner_add_hosts hauv zos = / desdelinux.fan / # ---------- -------------------------------------------------------------------------------------- ------- # REGISTROSCNAMEMXTXT # ---------------------------------------- --------------------------- # Hom kev tso npe no yuav tsum nkag nkag rau hauv # / / lwm yam / hosts file # xws li: 192.168.10.5 linuxbox.fromlinux.fan linuxbox # cname = ALIAS, REAL_NAME cname = mail.fromlinux.fan, linuxbox.fromlinux.fan # MX TXWV # Rov muab MX cov ntaub ntawv nrog lub npe "desdelinux.fan" destined # rau lub computer. mailddesdelinux. kiv cua thiab qhov muaj feem thib 10 mx-host = desdelinux.fan, mail.desdelinux.fan, 10 # Lub hom phiaj tsis raug rau MX cov ntaub ntawv uas tau tsim # siv cov kev xaiv hauv cheeb tsam yuav yog: mx-phiaj = mail.desdelinux.fan # Rov qab ib qho MX cov ntaub ntawv taw rau cov mx-phiaj rau TXHUA # cov tshuab hauv zos localmx # Cov ntaub ntawv TXT. Peb kuj tuaj yeem tshaj tawm SPF cov ntaub ntawv txt-cov ntaub ntawv = desdelinux.fan, "v = spf1 a -all" txt-cov ntaub ntawv = desdelinux.fan, "FromLinux, koj lub blog rau Dawb Software" # --------- -------------------------------------------------------------------------------------- -------- # KEV NTSEEG THIAB KEV SIB THAM SIB # --------------------------------------- ---------------------------- # IPv4 ntau yam thiab lub sij hawm xauj tsev # 1 txog 29 yog rau Servers thiab lwm yam dhcp xav tau -range = 192.168.10.30,192.168.10.250,8h dhcp-lease-max = 222 # Qhov ntau tshaj ntawm cov chaw nyob los xauj # yog vim yog 150 # IPV6 ntau # dhcp-range = 1234 ::, ra-tsuas yog # Xaiv rau tus NTUJ # KEV YEEM dhcp-xaiv = 1,255.255.255.0 # NETMASK dhcp-xaiv = 3,192.168.10.5 # ROUTER GATEWAY dhcp-xaiv = 6,192.168.10.5 # DNS Servers dhcp-xaiv = 15, desdelinux.fan # DNS Tus Npe dhcp-xaiv = 19,1 , 28,192.168.10.255 # kev xaiv ip-xa mus rau ON dhcp-kev xaiv = 42,192.168.10.5 # BROADCAST dhcp-xaiv = XNUMX # NTP dhcp-tso cai # Cov ntaub ntawv pov thawj DHCP ntawm subnet # -------------- ------------------ ----------------------------------- # Yog hais tias koj xav muab cia rau hauv / var / log / messages qhov log ntawm tus cov lus nug # tsis pom zoo txoj kab hauv qab # --------------------------------------- ----------------------------
# log-lus nug
# Xaus ntaub ntawv /etc/dnsmasq.conf # --------------------------------------- ----------------------------

Peb tsim cov ntawv / thiab / banner_add_hosts

[cag @ linuxbox ~] # nano / thiab / banner_add_hosts
192.168.10.5 windowsupdate.com 192.168.10.5 ctldl.windowsupdate.com 192.168.10.5 ocsp.verisign.com 192.168.10.5 csc3-2010-crl.verisign.com 192.168.10.5 www.msftncsi.com 192.168.10.5 ipv6.msftncsi.com 192.168.10.5 teredo.ipv6.microsoft.com 192.168.10.5 ds.download.windowsupdate.com 192.168.10.5 download.microsoft.com 192.168.10.5 fe2.update.microsoft.com 192.168.10.5 crl.microsoft.com 192.168.10.5 www .download.windowsupdate.com 192.168.10.5 win8.ipv6.microsoft.com 192.168.10.5 spynet.microsoft.com 192.168.10.5 spynet1.microsoft.com 192.168.10.5 spynet2.microsoft.com 192.168.10.5 spynet3.microsoft.com 192.168.10.5. 4 spynet192.168.10.5.microsoft.com 5 spynet192.168.10.5.microsoft.com 15 office192.168.10.5client.microsoft.com 192.168.10.5 addons.mozilla.org XNUMX crl.verisign.com

Cov chaw ruaj ntseg IP

[cag @ linuxbox ~] # nano / etc / hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 :: 1 localhost localhost.localdomain localhost6 localhost6.localdomain6 192.168.10.5 linuxbox.fromlinux.fan linuxbox 192.168.10.1 sysadmin.fromlinux.fan sysadmin

Peb teeb tsa cov ntaub ntawv /etc/resolv.conf - daws

[cag @ linuxbox ~] # nano /etc/resolv.conf
tshawb desdelinux.fan nameserver 127.0.0.1 # Rau sab nrauv lossis tsis sau npe DNS lus nug # desdelinux.fan # hauv zos = / desdelinux.fan / nameserver 8.8.8.8

Peb tshawb xyuas cov ntaub ntawv syntax dnsmasq.conf ib, peb pib thiab tshawb xyuas cov xwm txheej ntawm kev pabcuam

[cag @ linuxbox ~] # dnsmasq --test
dnsmasq: syntax kos OK.
[cag @ linuxbox ~] # systemctl rov pib dua dnsmasq
[cag @ linuxbox ~] # systemctl xwm txheej dnsmasq

Dnsmasq thiab Cov Phom Suab

[cag @ linuxbox ~] # firewall-cmd --get-active-aav
lwm
  Qhov cuam tshuam: ens34
pej xeem
  Qhov cuam tshuam: ens32

Kev Pab Cuam Haujlwm Neeg sau o Tus Thawj Saib Xyuas Lub Npe (dns). Raws tu qauv los so «IP nrog Encryption«

[cag @ linuxbox ~] # firewall-cmd --zone = pej xeem --add-port = 53 / tcp - txoj cai
kev vam meej
[hauv paus @ linuxbox ~] # firewall-cmd --zone = pej xeem --add-port = 53 / udp --permanent
kev vam meej

Dnsmasq lus nug rau DNS servers sab nraud

[cag @ linuxbox ~] # firewall-cmd --zone = sab nraud --add-port = 53 / tcp - txoj kev
kev vam meej
[cag @ linuxbox ~] # firewall-cmd --zone = sab nraud --add-port = 53 / udp - txoj kev
kev vam meej

Kev Pab Cuam Haujlwm Neeg pob tw o BOOTP neeg rau zaub mov (dhcp). Raws tu qauv ippc ua «Internet Pluribus Pob Cov Tub Ntxhais«

[cag @ linuxbox ~] # firewall-cmd --zone = pej xeem --add-port = 67 / tcp - txoj cai
kev vam meej
[hauv paus @ linuxbox ~] # firewall-cmd --zone = pej xeem --add-port = 67 / udp --permanent
kev vam meej

[cag @ linuxbox ~] # firewall-cmd --reload
kev vam meej

[cag @ linuxbox ~] # firewall-cmd --info-tsam pej xeem muaj (ua tau)
  target: default icmp-block-inversion: tsis muaj kev cuam tshuam: ens32 qhov chaw: cov kev pabcuam: dhcp dns ntp ssh ports: 67 / tcp 53 / udp 123 / udp 67 / udp 53 / tcp protocols: masquerade: tsis muaj chaw nraim-ports: sourceports: icmp -blocks: kev nplua nuj cov cai:

[hauv paus @ linuxbox ~] # firewall-cmd --info-tsam sab nraud sab nraud (nquag)
  phiaj: neej ntawd icmp-block-inversion: tsis muaj kev cuam tshuam: ens34 qhov chaw: kev pab: dns ports: 53 / udp 53 / tcp kev cai: masquerade: yog pem-ports: sourceports: icmp-blocks: parameter-teeb meem redirect router-tshaj tawm router- solicitation source-quench kev cai nplua nuj:

Yog tias peb xav siv graphical interface los kho lub Firewall hauv CentOS 7, peb saib hauv cov ntawv qhia zaub mov dav dav - nws yuav vam khom desktop ib puag ncig hauv cov submenu uas nws tshwm - daim ntawv thov «Firewall», peb coj nws thiab tom qab nkag mus rau tus neeg siv lo lus zais hauv paus, peb yuav nkag mus saib qhov program cuam tshuam xws li. MATE nws tshwm sim hauv cov ntawv qhia zaub mov «System »->" Kev tswj hwm "->" Hluav Taws Xob ".

Peb xaiv Cheeb Tsam «pej xeem»Thiab peb tau tso cai Cov Kev Pab uas peb xav tau tshaj tawm hauv LAN, uas txog tam sim no dhcp, dnws, ntp thiab sshCov. Tom qab xaiv cov kev pabcuam, paub tseeb tias txhua yam ua haujlwm tau zoo, peb yuav tsum ua qhov hloov pauv ntawm Runtime mus rau Tas Mus Li. Yuav kom ua qhov no peb mus rau Xaiv Ntawv qhia thiab xaiv cov kev xaiv «Khiav lub sijhawm kom ruaj khov".

Tom qab ntawv peb xaiv Cheeb Tsam «lwm»Thiab peb xyuas tias Qhov Ports tsim nyog yuav sib txuas lus nrog Is Taws Nem tau qhib. TSIS TXHOB luam tawm Cov Kev Pabcuam hauv thaj chaw no tshwj tsis yog peb paub zoo tias peb ua dab tsi!.

Cia peb tsis txhob hnov ​​qab ua qhov hloov pauv tas mus li los ntawm cov kev xaiv «Khiav lub sijhawm kom ruaj khov»Thiab reload tus dab FirewallD, txhua zaus peb siv cov cuab yeej muaj zog no.

NTP thiab Dnsmasq los ntawm lub Windows 7 tus thov kev pab

Synchronization nrog NTP

lwm

Kev xauj IP chaw nyob

Microsoft Windows [Version 6.1.7601] Copyright (c) 2009 Microsoft Corporation. Qoob loo. C: \ Cov Neeg Siv \ buzz> ipconfig / txhua lub Windows IP Kho Kom Zoo Nkauj Lub Npe. Cov. Cov. Cov. Cov. Cov. Cov. Cov. Cov. Cov. Cov. Cov. : SEVEN
   Thawj Zag Ua Ntej. Cov. Cov. Cov. Cov. Cov. Cov. :
   Node Hom. Cov. Cov. Cov. Cov. Cov. Cov. Cov. Cov. Cov. Cov. Cov. : Hybrid IP Routing Siv. Cov. Cov. Cov. Cov. Cov. Cov. Cov. : Tsis Txhob Siv WINS Tso Cai. Cov. Cov. Cov. Cov. Cov. Cov. Cov. : Tsis Yog Cov Ntaub Ntawv DNS Suffix Tshawb Nrhiav. Cov. Cov. Cov. Cov. Cov. : desdelinux.fan Ethernet adapter Qhov Chaw Hauv Cheeb Tsam Txuas Lus: Kev sib txuas-tshwj xeeb DNS Suffix : desdelinux.fan Cov Lus Qhia. Cov. Cov. Cov. Cov. Cov. Cov. Cov. Cov. Cov. Cov. : Intel (R) PRO / 1000 MT Network Txuas Txuas Hluav Taws Xob Chaw Nyob. Cov. Cov. Cov. Cov. Cov. Cov. Cov. Cov. : 00-0C-29-D6-14-36 DHCP Siv Rau. Cov. Cov. Cov. Cov. Cov. Cov. Cov. Cov. Cov. Cov. : Yog Autoconfiguration Siv Tau. Cov. Cov. Cov. : Thiab nws yog
   IPv4 Chaw Nyob. Cov. Cov. Cov. Cov. Cov. Cov. Cov. Cov. Cov. Cov. : 192.168.10.115 (Xav Tau)
   Subnet Mask. Cov. Cov. Cov. Cov. Cov. Cov. Cov. Cov. Cov. Cov. : 255.255.255.0 Daim Ntawv Xauj Tsev Tau Txais. Cov. Cov. Cov. Cov. Cov. Cov. Cov. Cov. Cov. : Friday, Plaub Hlis Tim 14, 2017 5:12:53 PM Daim Ntawv Xev Qhia Tawm. Cov. Cov. Cov. Cov. Cov. Cov. Cov. Cov. Cov. : Saturday, Lub Plaub Hlis 15, 2017 1:12:53 AM Rooj Plaub Hlis Zaum. Cov. Cov. Cov. Cov. Cov. Cov. Cov. Cov. : 192.168.10.1 DHCP Server. Cov. Cov. Cov. Cov. Cov. Cov. Cov. Cov. Cov. Cov. : 192.168.10.5 Cov Kev Pabcuam DNS. Cov. Cov. Cov. Cov. Cov. Cov. Cov. Cov. Cov. Cov. : 192.168.10.5 NetBIOS hla Tcpip. Cov. Cov. Cov. Cov. Cov. Cov. Cov. : Enable Tunnel adapter Hauv Cheeb Tsam Chaw Sib Txuas * 9: Media Xeev. Cov. Cov. Cov. Cov. Cov. Cov. Cov. Cov. Cov. Cov. : Media disconnected Connection-specific DNS Suffix. Cov lus piav qhia. Cov. Cov. Cov. Cov. Cov. Cov. Cov. Cov. Cov. Cov. : Microsoft Teredo Qhov Chaw Siv Khoom Siv Khoom Siv Hluav Taws Xob Chaw Nyob. Cov. Cov. Cov. Cov. Cov. Cov. Cov. Cov. : 00-00-00-00-00-00-00-E0 DHCP Enabled. Cov. Cov. Cov. Cov. Cov. Cov. Cov. Cov. Cov. Cov. : Tsis Autoconfiguration Muaj Tsis Txaus. Cov. Cov. Cov. : Yog Qhov adapter adapter isatap.fromlinux.fan: Media Xeev. Cov. Cov. Cov. Cov. Cov. Cov. Cov. Cov. Cov. Cov. : Media disconnected Connection-specific DNS Suffix. : desdelinux.fan Cov Lus Qhia. Cov. Cov. Cov. Cov. Cov. Cov. Cov. Cov. Cov. Cov. : Microsoft ISATAP Adapter # 2 Lub Chaw Nyob Hauv Lub Cev. Cov. Cov. Cov. Cov. Cov. Cov. Cov. Cov. : 00-00-00-00-00-00-00-E0 DHCP Enabled. Cov. Cov. Cov. Cov. Cov. Cov. Cov. Cov. Cov. Cov. : Tsis Autoconfiguration Muaj Tsis Txaus. Cov. Cov. Cov. : Yog C: \ Cov Neeg Siv \ buzz>

Tswv yim

Tus nqi tseem ceeb hauv cov neeg siv Windows yog lub "Thawj Dns Suffix" lossis "Main txuas txuas". Thaum koj tsis siv Microsoft Domain Controller, lub operating system tsis tso tus nqi rau nws. Yog tias peb tab tom ntsib rooj plaub zoo ib yam li qhov tau piav qhia thaum pib ntawm tsab xov xwm thiab peb xav kom meej meej tshaj tawm tias tus nqi ntawd, peb yuav tsum ua raws li qhov uas tau qhia hauv daim duab hauv qab no, lees txais kev hloov pauv thiab rov qab ua rau tus neeg yuav khoom.

 

Yog peb khiav tawm ntxiv CMD -> ipconfig / txhua yam peb yuav tau cov hauv qab no:

Microsoft Windows [Version 6.1.7601] Copyright (c) 2009 Microsoft Corporation. Qoob loo. C: \ Cov Neeg Siv \ buzz> ipconfig / txhua lub Windows IP Kho Kom Zoo Nkauj Lub Npe. Cov. Cov. Cov. Cov. Cov. Cov. Cov. Cov. Cov. Cov. Cov. : SEVEN
   Thawj Zag Ua Ntej. Cov. Cov. Cov. Cov. Cov. Cov. : desdelinux.fan
   Node Hom. Cov. Cov. Cov. Cov. Cov. Cov. Cov. Cov. Cov. Cov. Cov. : Hybrid IP Routing Siv. Cov. Cov. Cov. Cov. Cov. Cov. Cov. : Tsis Txhob Siv WINS Tso Cai. Cov. Cov. Cov. Cov. Cov. Cov. Cov. : Tsis Yog Cov Ntaub Ntawv DNS Suffix Tshawb Nrhiav. Cov. Cov. Cov. Cov. Cov. : desdelinux.fan

Tus so ntawm qhov tseem ceeb tsis hloov

Cov tshev DNS

buzz @ sysadmin: ~ $ tswv spynet.microsoft.com
spynet.microsoft.com muaj chaw nyob 127.0.0.1 Tus neeg saib xyuas spynet.microsoft.com nrhiav tsis tau: 5 (QHOV TSEEM CEEB) spynet.microsoft.com xa ntawv raug xa los ntawm 1 mail.fromlinux.fan.

buzz @ sysadmin: ~ $ tswv linuxbox
linuxbox.desdelinux.fan muaj chaw nyob 192.168.10.5 linuxbox.desdelinux.fan xa ntawv tuaj yog 1 mail.desdelinux.fan.

buzz @ sysadmin: ~ $ host sysadmin
sysadmin.desdelinux.fan muaj chaw nyob 192.168.10.1 sysadmin.desdelinux.fan xa ntawv los ntawm 1 mail.desdelinux.fan.

buzz @ sysadmin: ~ $ tswv xa ntawv
mail.desdelinux.fan yog ib qho cai rau linuxbox.desdelinux.fan. linuxbox.desdelinux.fan muaj chaw nyob 192.168.10.5 linuxbox.desdelinux.fan xa ntawv tuaj yog 1 mail.desdelinux.fan.

Peb nruab -rau kev xeem nkaus xwb- ib Tus Sau Npe DNS server NSD hauv sysadmin.fromlinux.fan, thiab peb suav nrog tus IP chaw nyob 172.16.10.1 nyob hauv cov ntawv ntawd /etc/resolv.conf ntawm pawg neeg linuxbox.fromlinux.fan, kom paub tseeb tias Dnsmasq tau ua nws txoj haujlwm Forwarder kom raug. Sandboxes ntawm NSD server yog favt.org y toujague.orgCov. Txhua tus IP yog qhov cuav lossis los ntawm cov koom tes ntiag tug.

Yog tias peb xiam WAN interface ua 34 siv cov lus txib ifdown yog 34, Dnsmasq yuav tsis tuaj yeem nug cov hwm sab nraud DNS.

[buzz @ linuxbox ~] $ sudo ifdown ens34 [buzz @ linuxbox ~] $ tswv -t mx toujague.org
Tus tswv tsev toujague.org tsis pom: 3 (NXDOMAIN)

[buzz @ linuxbox ~] $ tswv pizzapie.favt.org
Tus tswv tsev pizzapie.favt.org tsis pom: 3 (NXDOMAIN)

Cia pab kom cov ens34 interface thiab tshawb xyuas dua:

[buzz @ linuxbox ~] $ sudo ifup ens34
buzz @ linuxbox ~] $ tswv pizzapie.favt.org
pizzapie.favt.org yog ib qho cai hais txog paisano.favt.org. paisano.favt.org muaj chaw nyob 172.16.10.4

[buzz @ linuxbox ~] $ tswv pizzapie.toujague.org
Tus tswv tsev pizzas.toujague.org tsis pom: 3 (NXDOMAIN)

[buzz @ linuxbox ~] $ tswv poblacion.toujague.org
poblacion.toujague.org muaj chaw nyob 169.18.10.18

[buzz @ linuxbox ~] $ tswv -t NS favt.org
favt.org npe server ns1.favt.org. favt.org npe server ns2.favt.org.

[buzz @ linuxbox ~] $ tswv -t NS toujague.org
toujague.org npe server ns1.toujague.org. toujague.org npe server ns2.toujague.org.

[buzz @ linuxbox ~] $ tswv -t MX toujague.org
toujague.org xa ntawv tuaj yog 10 xa.toujague.org.

Wb tham ntawm sysadmin.fromlinux.fan:

buzz @ sysadmin: ~ $ miv /etc/resolv.conf 
tshawb ntawm linux.fan nameserver 192.168.10.5

xeon @ sysadmin: ~ $ host mail.toujague.org
mail.toujague.org muaj chaw nyob 169.18.10.19

Lub Dnsmasq tab tom ua haujlwm zoo li Ncauj yog.

Squid

Nyob rau hauv phau ntawv nyob rau hauv PDF hom «Linux Kev Sib Tw Kev Kho Mob»Hnub tim 25 Lub Xya hli ntuj 2016, XNUMX, los ntawm Tus Sau Joel Barrios Duenas (darkshram@gmail.com - http://www.alcancelibre.org/), cov ntawv sau uas kuv tau hais nyob hauv cov ntawv dhau los, muaj tag nrho tshooj mob siab rau lub Squid Basic Txheej Txheem Xaiv.

Vim yog qhov tseem ceeb ntawm lub Vev - cov haujlwm pabcuam, peb luam cov Lus Qhia txog Squid nyob hauv phau ntawv hais txog:

105.1. Taw qhia.

105.1.1. Dab tsi yog qhov Intermediary Server (Proxy)?

Lo lus ua lus Askiv "Npe" muaj cov ntsiab lus dav dav thiab tib lub sijhawm tsis meej xwm lub ntsiab lus, txawm hais tias
Qhov tsis paub zoo yog qhov lus qhia ntawm lub tswvyim ntawm "Nruab nrab"Cov. Nws feem ntau yog txhais, hauv txoj kev nruj, zoo li tus sawv cev o txhawb nqa (tus uas muaj hwj chim dua lwm tus).

Un Neeg Siv Khoom Nruab Nrab Nws txhais tau tias yog lub khoos phis tawm lossis khoom siv uas muaj cov kev pabcuam network uas muaj cov neeg siv ua cov sib txuas lus ncaj qha mus rau lwm cov kev pabcuam hauv lub network. Thaum lub sijhawm cov txheej txheem tshwm sim hauv qab no:

  • Cov neeg txuas mus rau a Tus neeg rau zaub mov noj.
  • Cov neeg thov tau txais cov kev sib txuas, cov ntaub ntawv, lossis lwm yam kev pabcuam muaj nyob ntawm lwm tus server.
  • Intermediary Server muab cov khoom siv txuas los ntawm kev txuas mus rau lub server teev
    lossis muab rau nws tawm ntawm lub cache.
  • Hauv qee kis tus Neeg Siv Khoom Nruab Nrab tuaj yeem hloov kho tus neeg thov kev thov lossis cov
    server teb rau ntau lub hom phiaj.

lub Tus Provers Servers lawv feem ntau tsim los ua haujlwm ib txhij xws li hluav taws kub phab ntsa ua haujlwm hauv lub Network theem, ua yeeb yam raws li pob ntawv lim, zoo li ntawm iptables lossis kev khiav haujlwm hauv Thov Theem, tswj xyuas ntau yam kev pabcuam, raws li yog kev cai TCP Siv Nyiaj TxiagCov. Ua raws li cov ntsiab lus teb, hluav taws kub ntsa yeej tseem muaj lub npe hu ua BPD o Bkev txiav txim Pkev tig tau Device los yog li pob ntawv lim.

Ib qho kev thov ntawm Tus Provers Servers yog ua haujlwm ua lub cache ntawm lub network cov ntsiab lus (feem ntau HTTP), muab nyob rau qhov sib thooj ntawm cov neeg siv lub cache ntawm cov nplooj ntawv thiab cov ntaub ntawv muaj nyob hauv lub network ntawm cov chaw taws teeb ntawm HTTP servers, cia cov neeg siv ntawm lub network nkag mus tau rau lawv sai thiab ntau dua txhim khu kev qha.

Thaum thov tau txais rau qhov kev cai teev Network nyob rau hauv a URL (Ukhaub ncaws hmoob Rqhov chaw Lovator) cov Neeg Siv Khoom Nruab Nrab saib qhov tshwm sim ntawm URL hauv lub cache. Yog tias nws pom, tus Neeg Siv Khoom Nruab Nrab Teb rau cov qhua tuaj noj mov los ntawm muab cov ntsiab lus xav tau tam sim ntawd. Yog tias cov ntsiab lus thov tsis tuaj rau hauv lub cache, tus Neeg Siv Khoom Nruab Nrab nws yuav nqa nws los ntawm cov neeg rau zaub mov ntawm tej thaj chaw deb, xa mus rau tus neeg uas tau thov nws thiab khaws daim ntawv khaws cia rau hauv kab ntawv. Cov ntsiab lus hauv lub cache yog tom qab ntawd tshem tawm cov teeb meem dhau los ua raws li hnub nyoog, qhov loj thiab keeb kwm ntawm teb rau kev thov (ntaus) (piv txwv: LRU, LFUDA y GDSF).

Proxy Servers rau Network cov ntsiab lus (Web Proxies) tseem tuaj yeem ua cov ntxaij lim dej ntawm cov ntsiab lus tau txais kev pab, siv cov cai tswjfwm raws li kev ua txhaum cai..

Lub Squid version uas peb yuav nruab yog 3.5.20-2.el7_3.2 los ntawm cov chaw cia khoom tshiab.

Nruab Nruab

[hauv paus @ linuxbox ~] # yum nruab squid

[cag @ linuxbox ~] # ls / thiab / squid /
cachemgr.conf errorpage.css.default  squid.conf ib
cachemgr.conf.default mime.conf              squid.conf.default
errorpage.css mime.conf.default

[cag @ linuxbox ~] # systemctl pab squid

Tseem ceeb

  • Lub hom phiaj tseem ceeb ntawm cov ntawv no yog Tso Cai rau cov neeg siv hauv cheeb tsam txuas nrog Squid los ntawm lwm cov khoos phis tawj nrog LAN. Ib qho ntxiv, siv lub hauv paus ntawm ib lub server uas lwm yam kev pabcuam yuav raug ntxiv. Nws tsis yog ib tsab xov xwm nplooj siab rau Squid xws li.
  • Txhawm rau kom muaj lub tswv yim ntawm Squid cov kev xaiv teeb tsa, nyeem /usr/share/doc/squid-3.5.20/squid.conf.documented cov ntaub ntawv, uas muaj kab 7915.

SELinux thiab Squid

[cag @ linuxbox ~] # getsebool -a | grep squid
squid_connect_any -> ntawm squid_use_tproxy -> tawm

[cag @ linuxbox ~] # setsebool -P squid_connect_any = rau

Teeb

[cag @ linuxbox ~] # nano /etc/squid/squid.conf
# LAN acl localnet src 192.168.10.0/24 acl SSL_ports chaw nres nkoj 443 21
acl Safe_ports chaw nres nkoj 80 # http acl Safe_ports chaw nres nkoj 21 # ftp acl Safe_ports chaw nres nkoj 443 # https acl Safe_ports chaw nres nkoj 70 # gopher acl Safe_ports chaw nres nkoj 210 # wais acl Safe_ports chaw nres nkoj 1025-65535 # cov chaw nres nkoj tsis tau kos npe acl Safe_ports chaw nres nkoj 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl CONNECT method CONNECT # Peb tsis lees txais cov lus nug rau cov ports tsis xeb http_access tsis kam lees! SSL_ports # Nkag Tus Cache tus nai tsuas yog los ntawm localhost http_access tso cai rau tus thawj tswj hwm hauv zos http_access tsis lees paub tus thawj tswj # Peb xav kom cov hauv qab no tsis pom zoo rau kev tiv thaiv dawb huv # web application uas khiav ntawm tus neeg rau npe server uas xav tias tsuas yog # ib tus uas tuaj yeem nkag tau cov kev pabcuam ntawm "localhost" yog cov neeg siv hauv zos http_access tsis kam lees rau_localhost # # XA RAU KOJ TUS KHEEJ (S) NO YUAV TSUM TAU TXAIS TAU LOS NTAWM KOJ COV KEV XAIV # PAM tso cai
auth_param kev kawm theem pib / usr / lib64 / squid / basic_pam_auth
auth_param cov me nyuam yooj yim 5 auth_param basic realm los ntawm linux.fan auth_param basic credentialsttl 2 teev auth_param basic casesensitive off # Acl authentication yog qhov yuav tsum tau nkag mus rau Squid Enthusiasts proxy_auth YUAV TSUM # Peb tso cai rau cov neeg siv siv tau # los ntawm PAM http_access tsis lees paub! Enthusiasts # Nkag mus rau FTP chaw acl ftp proto FTP http_access pub rau ftp http_access pub rau localnet http_access tso cai rau localhost # Peb tsis kam lees lwm qhov kev nkag mus rau tus neeg sawv cev http_access tsis lees txhua # Squid ib txwm mloog ntawm chaw nres nkoj 3128 http_port 3128 # Peb tso tawm "coredumps" hauv thawj cache directory coredump_dir / var / spool / squid # # Ntxiv ib qho ntawm koj tus kheej refresh_pattern nkag saum toj no. # refresh_pattern ^ ftp: 1440 20% 10080 refresh_pattern ^ gopher: 1440 0% 1440 refresh_pattern -i (/ cgi-bin / | \?) 0 0% 0 refresh_pattern. 0 20% 4320 cache_mem 64 MB # Cache memory memory_replacement_policy lru cache_replacement_policy heap LFUDA cache_dir aufs / var / spool / squid 4096 16 256 siab tshaj plaws_object_size 4 MB cache_swap_low 85 cache_swap_highux 90 cache_mgr buzz@desdel.com

Peb kuaj cov syntax ntawm cov ntaub ntawv /etc/squid/squid.conf

[cag @ linuxbox ~] # squid -k parse
2017/04/16 15: 45: 10 | Pib: Pib Pib Qhov Tseeb Kev Tsim Txiaj ...
 2017/04/16 15: 45: 10 | Pib: Pib Thawj Qhov Tseeb Kev Tshawb Fawb 'theem pib' 2017/04/16 15: 45: 10 | Pib: Pib Thawj Qhov Tseeb Kev Tshawb Fawb Kev Tshawb Fawb 'zom' 2017/04/16 15: 45: 10 | Pib: Pib Thawj Qhov Tseeb Kev Tshawb Pom 'sib tham' 2017/04/16 15: 45: 10 | Pib: Pib Thawj Qhov Tseeb Kev Tshawb Fawb 'ntlm' 2017/04/16 15: 45: 10 | Thaum Pib: Tus Thawj Zaug Ua Haujlwm.
 2017/04/16 15: 45: 10 | Ua Cov Ntaub Ntawv Kho Qauv: /etc/squid/squid.conf (tob 0) 2017/04/16 15: 45: 10 | Ua: acl localnet src 192.168.10.0/24 2017/04/16 15: 45: 10 | Ua: acl SSL_ports chaw nres nkoj 443 21 2017/04/16 15: 45: 10 | Ua: acl Safe_ports chaw nres nkoj 80 # http 2017/04/16 15: 45: 10 | Ua: acl Safe_ports chaw nres nkoj 21 # ftp 2017/04/16 15: 45: 10 | Ua: acl Safe_ports chaw nres nkoj 443 # https 2017/04/16 15: 45: 10 | Ua: acl Safe_ports chaw nres nkoj 70 # gopher 2017/04/16 15: 45: 10 | Ua: acl Safe_ports chaw nres nkoj 210 # wais 2017/04/16 15: 45: 10 | Ua: acl Safe_ports chaw nres nkoj 1025-65535 # cov chaw nres nkoj uas tsis muaj npe 2017/04/16 15: 45: 10 | Ua: acl Safe_ports chaw nres nkoj 280 # http-mgmt 2017/04/16 15: 45: 10 | Ua: acl Safe_ports chaw nres nkoj 488 # gss-http 2017/04/16 15: 45: 10 | Ua: acl Safe_ports chaw nres nkoj 591 # filemaker 2017/04/16 15: 45: 10 | Ua: acl Safe_ports chaw nres nkoj 777 # multiling http 2017/04/16 15: 45: 10 | Txheej Txheem: acl KEV PAB CUAM CONNECT 2017/04/16 15: 45: 10 | Kev Ua: http_access tsis kam lees! Safe_ports 2017/04/16 15: 45: 10 | Kev Ua: http_access tsis lees paub Txuas! SSL_ports 2017/04/16 15: 45: 10 | Ua: http_access tso cai rau localhost tus thawj tswj hwm 2017/04/16 15: 45: 10 | Ua: http_access tsis lees paub tus thawj tswj 2017/04/16 15: 45: 10 | Ua: http_access tsis kam rau_localhost 2017/04/16 15: 45: 10 | Ua Kev: auth_param theem pib kev pab / usr / lib64 / squid / basic_pam_auth 2017/04/16 15: 45: 10 | Kev Ua: auth_param cov me nyuam yooj yim 5 2017/04/16 15: 45: 10 | Ua: auth_param theem pib ntawm linux.fan 2017/04/16 15: 45: 10 | Ua Txog: auth_param cov ntaub ntawv pov thawj yooj yim 2 teev 2017/04/16 15: 45: 10 | Kev Ua: auth_param yooj yim kev mob tawm ntawm 2017/04/16 15: 45: 10 | Ua Txog: acl Enthusiasts proxy_ntxawm YUAV TSUM 2017/04/16 15: 45: 10 | Ua: http_access tsis kam lees! Enthusiasts 2017/04/16 15: 45: 10 | Ua: acl ftp proto FTP 2017/04/16 15: 45: 10 | Ua: http_access pub rau ftp 2017/04/16 15: 45: 10 | Ua: http_access tso cai rau localnet 2017/04/16 15: 45: 10 | Ua: http_access tso cai localhost 2017/04/16 15: 45: 10 | Ua: http_access tsis lees paub tag nrho 2017/04/16 15: 45: 10 | Ua Kev: http_port 3128 2017/04/16 15: 45: 10 | Ua: coredump_dir / var / spool / squid 2017/04/16 15: 45: 10 | Ua: refresh_pattern ^ ftp: 1440 20% 10080 2017/04/16 15: 45: 10 | Ua: refresh_pattern ^ gopher: 1440 0% 1440 2017/04/16 15: 45: 10 | Kev Ua: refresh_pattern -i (/ cgi-bin / | \?) 0 0% 0 2017/04/16 15: 45: 10 | Ua: refresh_pattern. 

Peb hloov cov kev pom zoo hauv / usr / lib64 / squid / basic_pam_auth

[cag @ linuxbox ~] # chmod u + s / usr / lib64 / squid / basic_pam_auth

Peb tsim cov ntawv qhia cache

# Hauv rooj plaub xwb ... [cag @ linuxbox ~] # kev pab squid nres
Xa rov rau / bin / systemctl nres squid.service

[cag @ linuxbox ~] # squid -z
[cag @ linuxbox ~] # 2017/04/16 15:48:28 kid1 | Teeb Qhia Phau Ntawv Qhia Tam Sim No rau / var / spool / squid 2017/04/16 15:48:28 kid1 | Tsim cov ntawv qhia cov chaw sib pauv uas ploj lawm 2017/04/16 15:48:28 kid1 | / var / spool / squid muaj tshwm sim 2017/04/16 15:48:28 kid1 | Ua qhov ncaj chaw nyob hauv / var / spool / squid / 00 2017/04/16 15:48:28 kid1 | Ua qhov ncaj chaw nyob hauv / var / spool / squid / 01 2017/04/16 15:48:28 kid1 | Ua qhov ncaj chaw nyob hauv / var / spool / squid / 02 2017/04/16 15:48:28 kid1 | Ua qhov ncaj qha nyob hauv / var / spool / squid / 03 2017/04/16 15:48:28 kid1 | Ua qhov ncaj chaw nyob hauv / var / spool / squid / 04 2017/04/16 15:48:28 kid1 | Ua qhov ncaj qha nyob rau hauv / var / spool / squid / 05 2017/04/16 15:48:28 kid1 | Ua qhov ncaj qha nyob hauv / var / spool / squid / 06 2017/04/16 15:48:28 kid1 | Ua qhov ncaj qha nyob hauv / var / spool / squid / 07 2017/04/16 15:48:28 kid1 | Ua qhov ncaj qha nyob rau hauv / var / spool / squid / 08 2017/04/16 15:48:28 kid1 | Ua qhov ncaj qha nyob hauv / var / spool / squid / 09 2017/04/16 15:48:28 kid1 | Ua cov ntawv seem hauv / var / spool / squid / 0A 2017/04/16 15:48:28 kid1 | Ua qhov ncaj qha nyob hauv / var / spool / squid / 0B 2017/04/16 15:48:28 kid1 | Ua cov ntawv ncaj qha rau / var / spool / squid / 0C 2017/04/16 15:48:29 kid1 | Ua cov ntawv ncaj qha rau / var / spool / squid / 0D 2017/04/16 15:48:29 kid1 | Ua qhov ncaj qha nyob hauv / var / spool / squid / 0E 2017/04/16 15:48:29 kid1 | Ua ncaj qha phau ntawv nyob rau / var / spool / squid / 0F

Txij ntawm no mus, yog tias nws siv sijhawm ib pliag kom rov qab xa cov lus qhia kom sai - uas tsis tau rov qab los rau kuv - nias sau.

[cag @ linuxbox ~] # kev pab squid pib
[cag @ linuxbox ~] # kev pab squid rov pib dua
[hauv paus @ linuxbox ~] # kev pab squid xwm txheej
Xa rov rau / bin / systemctl xwm txheej squid.service ● squid.service - Squid caching proxy Loaded: loaded (/usr/lib/systemd/system/squid.service; xiam oob khab; tus neeg muag khoom preset: neeg xiam oob khab) Nquag: nquag (khiav) txij li dom 2017-04-16 15:57:27 EDT; 1s dhau los Tus Txheej Txheem: 2844 ExecStop = / usr / sbin / squid -k kaw -f $ SQUID_CONF (code = tshem tawm, xwm txheej = 0 / SUCCESS) Txheej Txheem: 2873 ExecStart = / usr / sbin / squid $ SQUID_OPTS -f $ SQUID_CONF (code = tshem tawm, xwm txheej = 0 / SUCCESS) Txheej Txheem: 2868 ExecStartPre = / usr / libexec / squid / cache_swap.sh (code = tshem tawm, xwm txheej = 0 / SUCCESS) Main PID: 2876 (squid) CGroup: /system.slice/squid .service └─2876 / usr / sbin / squid -f /etc/squid/squid.conf Apr 16 15:57:27 linuxbox systemd [1]: Pib Squid caching proxy ... Apr 16 15:57:27 linuxbox systemd [1]: Pib Squid caching proxy. Apr 16 15:57:27 linuxbox squid [2876]: Squid Niam Txiv: yuav pib 1 menyuam Apr 16 15:57:27 linuxbox squid [2876]: Squid Niam Txiv: (squid-1) txheej txheem 2878 ... ed Plaub Hlis 16 15 : 57: 27 linuxbox squid [2876]: Squid Niam Txiv: (squid-1) txheej txheem 2878 ... 1 Hint: Qee cov kab twb khiav tau, siv -l qhia tag nrho

[cag @ linuxbox ~] # miv / var / log / lus | grep squid

Txhim Kho Hluav Taws

Peb kuj tseem yuav tsum qhib hauv Thaj Tsam «lwm"Qhov chaw nres nkoj 80 HTTP y HWV 443 yog li Squid tuaj yeem sib txuas lus nrog Is Taws Nem.

[cag @ linuxbox ~] # firewall-cmd --zone = sab nraud --add-port = 80 / tcp - txoj kev
kev vam meej
[cag @ linuxbox ~] # firewall-cmd --zone = sab nraud --add-port = 443 / tcp - txoj kev
kev vam meej
[cag @ linuxbox ~] # firewall-cmd --reload
kev vam meej
[hauv paus @ linuxbox ~] # firewall-cmd --info-tsam sab nraud
sab nraud (nquag) phiaj: neej ntawd icmp-block-inversion: tsis muaj kev cuam tshuam: ens34 qhov chaw: kev pabcuam: dns ports: 443 / tcp 53 / udp 80 / tcp 53 / tcp
  kev cai: masquerade: muaj rau pem-ports: sourceports: icmp-block: parameter-teeb meem redirect router-tshaj tawm router-solicitation los-quench kev cai nplua nuj:
  • Nws tseem tsis tau mus rau hauv daim ntawv thov nraaj «Firewall muaj nqis»Thiab tshawb xyuas tias cov chaw nres nkoj 443 tcp, 80 tcp, 53 tcp, thiab 53 udp qhib rau cheeb tsam«lwm«, Thiab hais tias peb tsis tau luam tawm ib qho kev pabcuam rau nws.

Nco tseg hauv cov kev pab cuam basic_pam_auth

Yog tias peb sab laj phau ntawv ntawm kev siv hluav taws xob los ntawm txiv neej basic_pam_auth Peb yuav nyeem hais tias tus sau nws tus kheej tau ua qhov kev pom zoo tias qhov kev zov me nyuam yuav tsum hloov mus rau qhov chaw sau npe uas cov neeg siv tsis muaj kev cai txaus rau nkag mus rau cov cuab yeej.

Ntawm qhov tod tes, nws paub tias nrog cov phiaj xwm tso cai no, cov ntawv pov thawj mus ncig hauv cov ntawv nyeem yooj yooj yim thiab nws tsis muaj kev nyab xeeb rau cov chaw phem, nyeem qhib kev sib tham.

Jeff Yestrumskas dedicate tsab xov xwm «Yuav ua li cas-rau: Teeb tsa lub vev xaib muaj kev nyab xeeb siv SSL encryption, Squid Caching Proxy thiab PAM authentication»Rau qhov teeb meem ntawm kev ua kom muaj kev ruaj ntseg nrog cov ntawv txheeb xyuas kom paub tseeb kom nws tuaj yeem siv nyob rau hauv cov kev tawm tsam tsis muaj kev sib koom tes sib luag.

Peb nruab httpd

Raws li txoj hauv kev los kuaj xyuas kev ua haujlwm ntawm Squid -thiab qhov xwm txheej ntawm Dnsmasq- peb yuav nruab qhov kev pabcuam httpd -Apache web server- uas tsis tas yuav ua kom tiav. Nyob rau hauv cov ntaub ntawv txheeb ze rau Dnsmasq / thiab / banner_add_hosts Peb tshaj tawm cov xaib peb xav tau txwv, thiab peb qhia meej meej xa tib tus IP chaw nyob uas nws muaj linuxbox uaCov. Yog li, yog tias peb thov kev nkag mus rau ib qho ntawm cov vev xaib no, nplooj ntawv lub tsev ntawm httpd.

[cag @ linuxbox ~] # yum nruab httpd [cag @ linuxbox ~] # systemctl pab kom httpd
Tsim symlink los ntawm /etc/systemd/system/multi-user.target.wants/httpd.service mus /usr/lib/systemd/system/httpd.service.

[cag @ linuxbox ~] # systemctl pib httpd

[hauv paus @ linuxbox ~] # systemctl xwm txheej httpd
● httpd.service - The Apache HTTP Server Load: load (/usr/lib/systemd/system/httpd.service; enabled; vendor preset: xiam oob khab) Active: nquag (khiav) txij hnub Tshav 2017-04-16 16:41: 35 EDT; 5s dhau los Cov ntaub ntawv: tus txiv neej: httpd (8) tus txiv neej: apachectl (8) Main PID: 2275 (httpd) Raws li txoj cai: "Ua rau thov ..." CGroup: /system.slice/httpd.service ├─2275 / usr / sbin / httpd -DFOREGROUND ├─2276 / usr / sbin / httpd -DFOREGROUND ├─2277 / usr / sbin / httpd -DFOREGROUND ├─2278 / usr / sbin / httpd -DFOREGROUND ├─2279 / usr / sbin / httpd -DFOREGROUND └─2280 / usr / sbin / httpd -DFOREGROUND Apr 16 16:41:35 linuxbox systemd [1]: Pib Lub Apache HTTP Server ... Apr 16 16:41:35 linuxbox systemd [1]: Pib Lub Apache HTTP Server.

SELinux thiab Apache

Apache muaj ob peb txoj cai los txhim kho nyob rau hauv SELinux cov ntsiab lus teb.

[cag @ linuxbox ~] # getsebool -a | grep httpd
httpd_anon_write -> tawm ntawm httpd_builtin_scripting -> ntawm httpd_can_check_spam -> tawm ntawm httpd_can_connect_ftp -> tawm ntawm httpd_can_connect_ldap-> tawm ntawm httpd_can_connect_mythtv -> tawm ntawm httpd_can_connect network off_zabbix__ tawm ntawm httpd_babbwork__ txuas httpd_can_network_memcache -> tawm httpd_can_network_relay -> tawm httpd_can_sendmail -> tawm httpd_dbus_avahi -> tawm httpd_dbus_sssd -> tawm httpd_dontaudit_search_dirs -> tawm httpd_enable_cgi -> httpd_enable_offmirs -> httpd_enable_ offpd_server_enable offp -> httpd_enablem offpd_server_enablecgi tawm -> offhpd_enablemXNUMX httpd_graceful_shutdown -> ntawm httpd_manage_ipa -> tawm ntawm httpd_mod_auth_ntlm_winbind -> tawm ntawm httpd_mod_auth_pam -> tawm ntawm httpd_read_user_content -> tawm ntawm httpd_run_ipa -> tawm ntawm httpd_run_preupgrade -> tawm ntawm httph_obtcfc- httpd_ssi_exec -> tawm ntawm httpd_sys_script_anon_write -> tawm ntawm httpd_tmp_exec -> tawm ntawm httpd_tty_comm - > tawm ntawm httpd_unified -> tawm ntawm httpd_use_cifs -> tawm ntawm httpd_use_fusefs -> tawm ntawm httpd_use_gpg -> tawm ntawm httpd_use_nfs -> tawm ntawm httpd_use_openstack-> tawm ntawm httpd_use_sasl -> tawm ntawm httpd_verify_dns -> tawm

Peb yuav tsuas hloov kho cov hauv qab no:

Xa email hauv Apache

paus @ linuxbox ~] # setsebool -P httpd_can_sendmail 1

Tso cai rau Apache nyeem cov ntsiab lus nyob hauv cov lus qhia hauv tsev ntawm cov neeg siv hauv zos

hauv paus @ linuxbox ~] # setsebool -P httpd_read_user_content 1

Cia kom tswj hwm ntawm FTP lossis FTPS ib qho kev qhia tswj hwm los ntawm
Apache lossis tso cai rau Apache ua haujlwm raws li FTP tus neeg rau zaub mov mloog rau qhov kev thov dhau ntawm chaw nres nkoj FTP

[cag @ linuxbox ~] # setsebool -P httpd_enable_ftp_server 1

Yog xav paub ntxiv, thov nyeem Linux Kev Sib Tw Kev Kho Mob.

Peb xyuas cov qhabnias

Nws tsuas yog tseem qhib lub browser ntawm chaw ua haujlwm thiab taw tes, piv txwv li, rau http://windowsupdate.comCov. Peb yuav tshawb nrhiav qhov tseeb tias qhov kev thov raug xa mus ncaj qha rau Apache lub tsev ntawv nyob hauv linuxbox. Qhov tseeb, txhua lub npe npe tau tshaj tawm hauv cov ntawv / thiab / banner_add_hosts yuav xa koj mus rau tib nplooj ntawv.

Cov duab ntawm qhov kawg ntawm tsab xov xwm ua pov thawj nws.

Kev Tswj Xyuas Cov Neeg Siv

Peb ua nws siv cov cuab yeej nraaj «Kev tswj hwm cov neeg siv»Qhov uas peb nkag tau los ntawm cov ntawv qhia System -> Cov Thawj Coj -> Kev tswj hwm tus neeg siv. Txhua zaus peb ntxiv tus neeg siv tshiab, nws cov nplaub tshev tsim / tsev / neeg siv cia li tau.

 

Cov ntawv luam theej cia

Cov neeg siv Linux

Koj tsuas yog xav tau cov ntaub ntawv browser qub thiab qhia tias koj xav txuas, piv txwv: ssh: // buzz @ linuxbox / tsev / buzz thiab tom qab nkag rau lo lus zais, cov npe yuav tshwm sim tsev ntawm tus neeg siv Buzz.

Cov neeg siv Windows

Hauv Windows cov neeg siv khoom, peb siv lub cuab yeej WinSCPCov. Ib zaug ntsia, peb siv nws txoj hauv qab no:

 

 

Yooj yim, txoj cai?

Abstract

Peb tau pom tias nws muaj peev xwm siv PAM los kuaj xyuas cov kev pabcuam hauv lub network me thiab hauv kev tswj hwm ib puag ncig zoo sib cais los ntawm txhais tes ntawm hackersCov. Nws yog feem ntau vim qhov tseeb tias cov ntawv pov thawj kev lees paub mus ncig hauv cov ntawv yooj yim thiab yog li ntawd nws tsis yog qhov tseeb uas yuav siv los siv rau hauv qhib kev sib txuas xws li tshav dav hlau, Wi-nkaus network, thiab lwm yam. Txawm li cas los xij, nws yog cov txheej txheem tso cai yooj yim, yooj yim los siv thiab teeb tsa.

Cov chaw sab laj

PDF version

Rub lub PDF version no.

Kom txog thaum tom ntej no tsab xov xwm!


Cov ntsiab lus ntawm tsab xov xwm ua raws li peb cov ntsiab cai ntawm kev tswj hwm kev ncaj nceesCov. Tshaj tawm ib qho yuam kev nyem no.

9 lus, tawm koj li

Tso koj saib

Koj email chaw nyob yuav tsis tsum luam tawm.

*

*

  1. Lub luag haujlwm rau cov ntaub ntawv: Miguel Ángel Gatón
  2. Lub hom phiaj ntawm cov ntaub ntawv: Tswj SPAM, kev tswj xyuas tawm tswv yim.
  3. Sau raws cai: Koj kev tso cai
  4. Kev sib txuas lus ntawm cov ntaub ntawv: Cov ntaub ntawv yuav tsis raug xa mus rau lwm tus neeg thib peb tsuas yog los ntawm kev txiav txim siab raug cai.
  5. Cov ntaub ntawv khaws cia: Cov Ntaub Ntawv khaws tseg los ntawm Occentus Networks (EU)
  6. Txoj Cai: Txhua lub sijhawm koj tuaj yeem txwv, rov qab thiab tshem tawm koj cov ntaub ntawv.

  1.   NauTiluS said

    Zoo heev tom qab tau kho tau Yawg Fico. Tsaug rau kev qhia koj kev paub.

  2.   nab qa dev said

    Kuv paub nws nyuaj npaum li cas los muab tso ua ke ib tsab xov xwm nrog cov theem ntawm kev nthuav dav, nrog cov ntawv twv kom meej meej thiab sab saum toj no nrog cov ntsiab lus thiab cov tswv yim yoog raws cov qauv. Kuv tsuas yog coj kuv lub kaus mom tawm mus rau qhov nyiaj pob zeb ntawm kev koom tes, ua tsaug ntau rau Fico rau qhov haujlwm zoo ntawd.

    Kuv tsis tau ua ke squid nrog pam authentication tab sis kuv mus kom deb li deb tau los ua qhov kev xyaum no hauv kuv chav kuaj ... Lub hom phiaj puag thiab peb txuas ntxiv !!

  3.   federico said

    NaTiluS: Ua tsaug ntau rau koj cov lus qhia thiab ntsuas.
    Tus Muaj Peev Xwm: Rau koj thiab, ua tsaug ntau rau koj cov lus tshaj tawm thiab ntsuam xyuas.

    Lub sijhawm thiab kev rau siab los ua cov ntawv sau zoo li no tsuas yog muab nqi zog rau kev nyeem ntawv thiab cov lus pom ntawm cov neeg uas mus saib ntawm zej zog FromLinux. Kuv vam tias nws muaj txiaj ntsig zoo rau koj hauv kev ua haujlwm txhua hnub.
    Peb mus txuas ntxiv!

  4.   anonymous said

    Cov pej xeem zoo kawg pab !!!! Kuv nyeem txhua ib ntawm koj cov ntawv sau thiab kuv tuaj yeem hais tias txawm tias ib tus neeg uas tsis muaj kev paub zoo hauv Free Software (zoo li kuv) tuaj yeem ua raws li kab lus no zoo ib qib zuj zus. Quav dev !!!!

  5.   IWO said

    Ua tsaug Fico rau lwm tsab xov xwm zoo kawg no; Raws li yog tias qhov ntawd tsis txaus nrog txhua qhov kev tshaj tawm uas tau tshaj tawm, hauv qhov no peb muaj kev pabcuam tsis tau dhau los ntawm PYMES Series thiab qhov ntawd yog qhov tseem ceeb heev: "SQUID" lossis Ntawv Pov Thawj ntawm LAN. Tsis muaj ib yam dab tsi uas rau peb tsev neeg ntawm cov neeg uas xav tias peb yog "sysadmins" muaj ntawm no lwm cov khoom siv zoo los kawm thiab tob zuj zus peb cov kev paub.

  6.   federico said

    Ua tsaug rau koj cov lus. Tsab xov xwm tom ntej no yuav cuam tshuam nrog Prosody chat server nrog cov ntaub ntawv pov thawj tiv thaiv cov peev txheej hauv zos (PAM) ntawm Cyrus-SASL, thiab cov kev pabcuam ntawd yuav raug coj los siv ntawm tib lub server no.

  7.   kev 17 said

    Nyob rau lub sijhawm zoo countryman !!!! Muaj kev koom tes ntau heev txawm tias cov neeg zoo li kuv no uas tsis muaj kev paub zoo txog Free Software thiab tau mob siab txog kev kawm nrog cov ntawv zoo li ib qho ntawm no. Kuv tau ua raws li koj txoj kev koom tes thiab kuv xav paub txog los ntawm qhov twg tsab xov xwm koj puas xav kom kuv pib ntawm no series ntawm SME Networks, txij li kuv tau nyeem hauv qhov tsis zoo thiab kuv xav tias nws muaj ntau cov ntsiab lus tseem ceeb rau tsis nco ib yam. nthuav dav. Yog tsis muaj ntau, txais tos thiab tej zaum yuav muab qhia kev paub raws li lub Software nyob twj ywm Dawb !!

    1.    federico said

      Txais tos cov neeg txawv tebchaws !!!. Kuv pom zoo kom koj pib thaum pib, tias txawm hais tias nws yuav zoo li txoj hauv kev ntev, nws yog txoj kev luv tshaj plaws kom thiaj li tsis ploj. Hauv qhov ntsuas-dawb tsis hloov nrog ob tsab xov xwm kawg- https://blog.desdelinux.net/redes-computadoras-las-pymes-introduccion/, peb tsim kev pom zoo nyeem ntawv ntawm Series, uas pib nrog yuav ua li cas rau kuv Lub Workstation, txuas ntxiv nrog ntau cov lus nplooj siab rau txoj kev kawm Virtualization, ua raws nrog ob lub hnab ntawv ntau KHWV, Isc-Dhcp-Neeg rau zaub mov, thiab Dnsmasq, thiab yog li ntawd mus txog rau thaum peb tau txais mus rau qhov kev pabcuam kev pabcuam hauv koom rau lub SME network, uas yog qhov chaw peb nyob tam sim no. Kuv vam tias nws yuav pab koj.

      1.    kev 17 said

        Zoo nws yuav !!!! Tam sim ntawd kuv pib nrog koob txij thaum pib thiab kuv tos ntsoov rau cov khoom tshiab. Qhauj !!!!