Faʻasino lautele o le faʻasologa: Fesootaiga komepiuta mo SMEs: Faatomuaga
federicotoujague@gmail.com
https://blog.desdelinux.net/author/fico
Talofa uo ma uo!
O le ulutala o le tusitusiga e tatau ona: «MATE + NTP + Dnsmasq + Gateway Service + Apache + Squid ma le PAM Faʻamaonia i le Centos 7 - SME Fesootaiga«. Mo mafuaʻaga tatau tatou faʻapuʻupuʻuina.
Matou te faʻaauau pea ma le faʻamaoniga i tagata faʻaoga i luga o le Linux computer faʻaaogaina PAM, ma o le taimi lenei o le a matou vaʻavaʻai ai pe faʻafefea ona matou saunia le Proxy service ma le Squid mo se tamaʻi fesoʻotaʻiga o komupiuta, e ala i le faʻaaogaina o faʻamaoniga faʻamaonia o loʻo teuina i luga o le komipiuta lava e tasi o loʻo tamoʻe le sapalai Squid.
E ui lava matou te iloa o se mea taatele masani i aso nei, le faʻamaoniaina o tautua faasaga i le OpenLDAP, Red Hat's Directory Server 389, Microsoft Active Directory, ma isi. Matou te talitonu e tatau ona tatou o atu mai le faigofie i le faigata.
Le
- 1 Tulaga
- 2 CentOS 7 o se 'auʻauna e aunoa ma GUI
- 3 Centos 7 ma le MATE siʻosiʻomaga siosiomaga
- 4 Matou te faʻapipiʻiina le Taimi Taimi mo Fesootaiga
- 5 Matou te faʻatagaina ma faʻatulaga le Dnsmasq
- 6 NTP ma Dnsmasq mai le Windows 7 tagata faʻatau
- 7 DNS siaki
- 8 Squid
- 8.1 105.1. Faatomuaga.
- 8.2 Faʻatulagaga
- 8.3 Taua
- 8.4 SELinux ma Squid
- 8.5 Seti
- 8.6 Matou te siakiina le faʻamatalaga o le /etc/squid/squid.conf faila
- 8.7 Matou seti faʻatagaina i / usr / lib64 / squid / basic_pam_auth
- 8.8 Matou te fausiaina le pusa tusi
- 8.9 Faʻaputuga afi
- 8.10 Faʻaliga i luga o le basic_pam_auth fesoasoani fesoasoani
- 8.11 Matou te faʻapipiʻi httpd
- 8.12 SELinux ma Apache
- 8.13 Matou te siakiina le Faʻamaoniga
- 9 Tagata e Faʻatonutonu Pulega
- 10 Faʻasologa o kopi
- 11 Aotelega
- 12 Punaoa faʻatalanoa
- 13 Lomiga PDF
Tulaga
O se tamaʻi faʻalapotopotoga - ma e toʻaititi lava mea tau tupe- faʻapitoa e lagolagoina le faʻaogaina o le Free Software ma na filifilia ai le igoa o MaiLinux.Fan. O i latou eseese OS Tagata fiafia CentOS faʻavasega i le tasi ofisa. Na latou faʻatauina se falefaigaluega - e leʻo se tautua faʻapitoa - latou te tuʻuina atu e galulue o se "auauna."
E leʻo tele se malamalama o tagata faʻafiafia i auala e faʻatino ai se server OpenLDAP poʻo se Samba 4 AD-DC, e le mafai foi ona latou laiseneina se Microsoft Active Directory. Peitai, mo a latou galuega i aso uma latou te manaʻomia le Initaneti ulufale auaunaga ala i le sui -e faʻavavevave browsing - ma se avanoa e sefe ai a latou sili ona taua pepa ma galue o ni kopi faʻamau.
E tele na latou faʻaaogaina faʻatulafonoina Microsoft faʻagaioiga faʻagaioiga, ae manaʻo e suia i latou i le Linux-based Operating Systems, amata i le latou "Server".
Latou te naunau foʻi e fai se latou server meli e tutoʻatasi - sili atu mai le amataga - o tautua e pei o Gmail, Yahoo, HotMail, ma isi, o mea ia o loʻo latou faʻaaogaina nei.
O le Firewall ma Routing Tulafono i luma o le Initaneti o le a faʻatuina ia i le ADSL Router ua uma konekalate.
Latou te le maua se igoa moni igoa ona latou te le manaʻomia le lolomiina soʻo se tautua i luga o le Initaneti.
CentOS 7 o se 'auʻauna e aunoa ma GUI
O loʻo matou amata mai i se faʻafouga fou o se server e aunoa ma se graphic interface, ma naʻo le pau lava le filifiliga matou te filifilia i le taimi o le gaioiga o le «Atinaʻe Eseese»E pei ona tatou vaʻaia i tala ua tuanaʻi o le faasologa.
Faʻasologa muamua
[Root @ linuxbox ~] # pusi / etc / igoa ole igoa
pusa linux
[Root @ linuxbox ~] # pusi / etc / au
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 :: 1 localhost localhost.localdomain localhost6 localhost6.localdomain6 192.168.10.5 linuxbox.fromlinux.fan linuxbox
[root @ linuxbox ~] # igoa faʻaigoa
pusa linux
[root @ linuxbox ~] # igoa faʻaigoa -f
linuxbox.fromlinux.fan
[root @ linuxbox ~] # ip addr lisi
[root @ linuxbox ~] # ifconfig -a
[root @ linuxbox ~] # ls / sys / vasega / upega /
ens32 ens34 ai
Matou te faʻaleaogaina le Network Manager
[root @ linuxbox ~] # systemctl taofi NetworkManager [root @ linuxbox ~] # systemctl faʻaleaogaina NetworkManager [root @ linuxbox ~] # systemctl tulaga NetworkManager ● NetworkManager.service - Network Manager Loaded: utaina (/usr/lib/systemd/system/NetworkManager.service; ua le atoatoa; tagata faʻatau preset: mafai) Faʻagaoioia: le toaga (maliu) Docs: man: NetworkManager (8) [root @ linuxbox ~] # ifconfig -a
Matou te configure le network interface
Conn32 fesoʻotaʻiga fesoʻotaʻi LAN i le Totonu Fesootaiga
[root @ linuxbox ~] # nano / etc / sysconfig / network-scripts / ifcfg-ens32
DEVICE=ens32
ONBOOT=yes
BOOTPROTO=static
HWADDR=00:0c:29:da:a3:e7
NM_CONTROLLED=no
IPADDR=192.168.10.5
NETMASK=255.255.255.0
GATEWAY=192.168.10.1
DOMAIN=desdelinux.fan
DNS1=127.0.0.1
ZONE = lautele
[root @ linuxbox ~] # ifdown ens32 && ifup ens32
Fesoʻotaʻi fesoʻotaʻi ma le34 WAN i le Initaneti
[root @ linuxbox ~] # nano / etc / sysconfig / network-scripts / ifcfg-ens34 TUSI = ens34 ONBOOT = ioe BOOTPROTO = tumau HWADDR = 00: 0c: 29: da: a3: e7 NM_CONTROLLED = leai IPADDR = 172.16.10.10 NETMASK = 255.255.255.0 # O le ADSL router e fesoʻotaʻi i # lenei fesoʻotaʻiga ma # le tuatusi lenei IP GATEWAY = 172.16.10.1 DOMAIN = desdelinux.fan DNS1 = 127.0.0.1 ZONE = fafo [root @ linuxbox ~] # ifdown ens34 && ifup ens34
Faʻaleleia nofoaga
[root @ linuxbox ~] # cd /etc/yum.repos.d/ [root @ linuxbox ~] # original mkdir [root @ linuxbox ~] # mv Centos- * original / [root @ linuxbox ~] # nano centos.repo [Base-Repo] name=CentOS-$releasever baseurl=http://192.168.10.1/repos/centos/7/base/x86_64/ gpgcheck=0 enabled=1 [CentosPlus-Repo] name=CentOS-$releasever baseurl=http://192.168.10.1/repos/centos/7/centosplus/x86_64/ gpgcheck=0 enabled=1 [Epel-Repo] name=CentOS-$releasever baseurl=http://192.168.10.1/repos/centos/7/epel/x86_64/ gpgcheck=0 enabled=1 [Updates-Repo] name=CentOS-$releasever baseurl=http://192.168.10.1/repos/centos/7/updates/x86_64/ gpgcheck=0 enabled=1 [root @ linuxbox yum.repos.d] # yum mama uma Polokalama na utaina: televave, faʻamamaina o ato faʻamamaina: Base-Repo CentosPlus-Repo Epel-Repo Media-Repo: Updates-Repo O le faʻamamaina o mea uma o loʻo faʻamamaina le lisi o faʻata televave
[root @ linuxbox yum.repos.d] # yum faafouga Load Plugins: sili ona televave, langpacks Base-Repo | 3.6 kB 00:00 CentosPlus-Repo | 3.4 kB 00:00 Epel-Repo | 4.3 kB 00:00 Faʻasalalauga-Repo | 3.6 kB 00:00 Faʻaleleia-Repo | 3.4 kB 00:00 (1/9): Base-Repo / group_gz | 155 kB 00:00 (2/9): Epel-Repo / group_gz | 170 kB 00:00 (3/9): Faasalalauga-Repo / kulupu_gz | 155 kB 00:00 (4/9): Epel-Repo / updateinfo | 734 kB 00:00 (5/9): Ala o Faasalalauga-Repo / primary_db | 5.3 MB 00:00 (6/9): CentosPlus-Repo / primary_db | 1.1 MB 00:00 (7/9): Faʻafouga-Repo / primary_db | 2.2 MB 00:00 (8/9): Epel-Repo / primary_db | 4.5 MB 00:01 (9/9): Base-Repo / primary_db | 5.6 MB 00:01 Fuafuaina vave faʻata leai ni afifi faʻailogaina mo le faʻafouga
O le feau "Leai ni afifi faʻailogaina mo le faʻafouga»Ua faʻaalia talu ai i le taimi na faʻapipiʻi ai matou na faʻalauiloaina lava fale teuoloa e tasi na matou mauaina.
Centos 7 ma le MATE siʻosiʻomaga siosiomaga
Ina ia faʻaaoga meafaigaluega sili ona lelei mo le pulega faʻatasi ai ma se ata e maua mai i le CentOS / Red Hat, ma talu ai e ma te misia lava le GNOME2, na matou filifili ai e faʻapipiʻi le MATE o se siosiomaga faʻataʻitaʻi.
[root @ linuxbox ~] # yum groupinstall "X Window system" [root @ linuxbox ~] # yum groupinstall "MATE Desktop"
Ina ia siakiina le MATE utaina lelei, matou te faʻatinoina le faʻatonuga lea i se faʻamafanafana -local pe mamao-:
[root @ linuxbox ~] # systemctl vavaeʻese graphic.target
ma e tatau ona utaina le siosiomaga desktop -i le au a le lotoifale- sologa lelei, faʻaali le uila pei o se kalafi login. Matou te taina le igoa o le tagata faʻaoga ma lana password, ma o le a matou ulufale i le MATE.
E taʻu atu i le faatulagaga o le tulaga le faʻamau tulaga o le 5 -faʻamatalaina siʻosiʻomaga- matou te faia le faʻailoga faʻatusa lenei:
[root @ linuxbox ~] # ln -sf /lib/systemd/system/runlevel5.target /etc/systemd/system/default.target
Matou te toefausia le polokalama ma e lelei mea uma.
Matou te faʻapipiʻiina le Taimi Taimi mo Fesootaiga
[root @ linuxbox ~] # yum faatuina ntp
I le taimi o le faapipiiina tatou configure o le i le lotoifale uati o le a faʻatasia ma le taimi tautua o masini sysadmin.fromlinux.fan ma le IP 192.168.10.1. Ma, matou te sefeina le faila ntp.conf muamua e:
[root @ linuxbox ~] # cp /etc/ntp.conf /etc/ntp.conf.original
Lenei, matou te fausiaina se fou ma mea nei:
[root @ linuxbox ~] # nano /etc/ntp.conf # Servers configured i le taimi o le faʻapipiʻiina: server 192.168.10.1 iburst # Mo nisi faʻamatalaga, vaʻai i le itulau a aliʻi o: # ntp.conf (5), ntp_acc (5) , ntp_auth (5), ntp_clock (5), ntp_misc (5), ntp_mon (5). driftfile / var / lib / ntp / drift # Faʻatagaina le faʻasologa faʻatasi ma le punavai o le taimi, ae aua le # faʻatagaina le mafuaʻaga e faʻafesoʻotaʻi pe suia lenei tautua tapulaʻa le faʻamau nomodify notrap nopeer noquery # Faʻatagaina uma auala i le interface Loopback faʻatapulaaina 127.0.0.1 faʻatapulaʻa :: 1 # Faʻagata laititi ifo i komupiuta ile upega tafailagi. faʻatapulaʻa 192.168.10.0 mask 255.255.255.0 nomodify notrap # Faʻaaoga le lautele o le poloketi pool.ntp.org # Afai e te manaʻo e auai i le poloketi asiasi # (http://www.pool.ntp.org/join.html). #broadcast 192.168.10.255 autokey # broadcast server broadcastclient # broadcast client #broadcast 224.0.1.1 autokey # multicast server #multicastclient 224.0.1.1 # multicast client #manycastserver 239.255.254.254 # manycast server #manycastclient 239.255.254.254 client 192.168.10.255ey broadcastclient 4 client 8ey broadcastclient 42 client 8ey broadcastclient 8 # Faʻagaoioi i tagata lautele cryptography. #crypto aofia ai / etc / ntp / crypto / pw # Faila autu e iai ki ma faʻailoga autu # faʻaaogaina a o faʻagaioia ma symmetric ki cryptography ki / etc / ntp / ki # Faʻamaonia le talitonuina ki faʻailoa. #trustedkey 2013 5211 XNUMX # Faʻamaonia le faʻailoga autu e faʻaaoga ma le ntpdc aoga. #requestkey XNUMX # Faʻamaonia le faʻailoga autu e faʻaaoga ma le ntpq aoga. #controlkey XNUMX # Faʻaola tusitusiga o fuainumera lesitala. #statistics clockstats cryptostats loopstats peertats # Faʻamuta le vaʻavaʻaia o puipuiga e puipuia ai le faʻateleina o # osofaʻiga i le faʻaogaina o le ntpdc monlist command, pe a le aofia ai le # constraint e le aofia ai le fuʻa a le taua. Faitau le CVE-XNUMX-XNUMX # mo nisi faʻamatalaga. # Faʻaliga: O le Monitor e le o le atoatoa ma le tapulaʻa tapulaʻa fuʻa. faʻapipiʻi le mataitu
Matou te faʻatagaina, amata ma siaki le tautua NTP
[root @ linuxbox ~] # systemctl tulaga ntpd
● ntpd.service - Network Time Service Loaded: utaina (/usr/lib/systemd/system/ntpd.service; le atoatoa; faleoloa faʻatonu: le atoatoa) Toaga: le toaga (maliu)
[root @ linuxbox ~] # systemctl faʻatagaina ntpd
Fausia symlink mai /etc/systemd/system/multi-user.target.wants/ntpd.service i le /usr/lib/systemd/system/ntpd.service.
[root @ linuxbox ~] # systemctl amata ntpd
[root @ linuxbox ~] # systemctl tulaga ntpd
[root @ linuxbox ~] # systemctl tulaga ntpd
● ntpd.service - Auaunaga Taimi Network
Utaina: utaina (/usr/lib/systemd/system/ntpd.service; mafai; tagata faʻatau preset: le atoatoa) Toaga: toaga (tamoʻe) talu mai Fri 2017-04-14 15:51:08 EDT; 1s talu ai Faʻagasologa: 1307 ExecStart = / usr / sbin / ntpd -u ntp: ntp $ OPTIONS (code = exited, status = 0 / SUCCESS) Autu PID: 1308 (ntpd) CGroup: /system.slice/ntpd.service └─ 1308 / usr / sbin / ntpd -u ntp: ntp -g
Ntp ma le Afi Afi
[root @ linuxbox ~] # firewall-cmd --get-active-sone ese vaʻaiga: ens34 lautele vaʻaiga: ens32 [root @ linuxbox ~] # firewall-cmd --zone = lautele --add-port = 123 / udp --permanent manuia [root @ linuxbox ~] # firewall-cmd - toe uta manuia
Matou te faʻatagaina ma faʻatulaga le Dnsmasq
E pei ona matou vaʻaia i le mataupu muamua i le Small Business Networks series, Dnsamasq ua faʻapipiʻi e ala i le CentOS 7 Infrastructure Server.
[root @ linuxbox ~] # systemctl tulaga dnsmasq ● dnsmasq.service - DNS caching server. Uta: utaina (/usr/lib/systemd/system/dnsmasq.service; le atoatoa; tagata faʻatau preset: le atoatoa) Toʻaga: le toaga [root @ linuxbox ~] # systemctl faʻatagaina dnsmasq Fausia symlink mai /etc/systemd/system/multi-user.target.wants/dnsmasq.service i le /usr/lib/systemd/system/dnsmasq.service. [Root @ linuxbox ~] # systemctl amata dnsmasq [root @ linuxbox ~] # systemctl tulaga dnsmasq ● dnsmasq.service - DNS caching server. Utaina: utaina (/usr/lib/systemd/system/dnsmasq.service; mafai; tagata faʻatau preset: le atoatoa) Toaga: toaga (tamoʻe) talu mai Fri 2017-04-14 16:21:18 EDT; 4s talu ai PID Autu: 33611 (dnsmasq) CGroup: /system.slice/dnsmasq.service └─33611 / usr / sbin / dnsmasq -k [root @ linuxbox ~] # mv /etc/dnsmasq.conf /etc/dnsmasq.conf.original [root @ linuxbox ~] # nano /etc/dnsmasq.conf # ----------------- ---------------- * # AOTELEGA AOAO # ----------------------------- ------------------------------------ domain-manaomia # Aua le pasi igoa e aunoa ma le vaega vaega bogus-priv # Aua le pasi tuatusi i le avanoa unrouted avanoa-host # Otometi faʻaopopo le vaega i le talimalo talimalo = ens32 # Interface LAN faʻatonu-okaina # Polokalama e fesili ai i le /etc/resolv.conf file conf-dir = / etc /dnsmasq.d domain = desdelinux.fan # Domain name address = / time.windows.com / 192.168.10.5 # Auina se avanoa avanoa o le tau aoga WPAD. Manaʻomia mo # Windos 7 ma mulimuli ane tagata faʻatau e amio lelei. ;-) dhcp-options = 252, "\ n" # Faila o le a matou faʻailoaina ai le HOSTS o le a "faʻasaina" addn-host = / etc / banner_add_hosts local = / desdelinux.fan / # ---------- ------------- ------- # REGISTROSCNAMEMXTXT # ----------------- --------------------------- # Lenei ituaiga o lesitala manaʻomia se ulufale # i le / etc / 'au faila # eg: 192.168.10.5 linuxbox.fromlinux.fan linuxbox # cname = ALIAS, REAL_NAME cname = mail.fromlinux.fan, linuxbox.fromlinux.fan # MX Faʻamaumauga # Faʻafoʻi mai se faamaumauga MX ma le igoa "desdelinux.fan" fuafuaina # mo le mail.desdelinux computer. ili ma le faʻamuamua o le 10 mx-host = desdelinux.fan, mail.desdelinux.fan, 10 # O le taunuʻuga taunuʻu mo MX faamaumauga na faia # faʻaaogaina le localmx filifiliga o le: mx-target = mail.desdelinux.fan # Returns se faamaumauga MX tusi i le mx-taulaʻi mo UMA # masini i le lotoifale localmx # TXT faamaumauga. E mafai foi ona matou faʻalauiloa se faʻamaumauga a le SPF txt-record = desdelinux.fan, "v = spf1 a -all" txt-record = desdelinux.fan, "DesdeLinux, your Blog dedicated to Free Software" # --------- ------------- -------- # FUA MA USOPTIONS # ----------------- ---------------------------- # IPv4 tele ma lisi lisi # 1 i le 29 e mo Servers ma isi dhcp manaʻoga -Range = 192.168.10.30,192.168.10.250,8h dhcp-lease-max = 222 # Le aofai o numera o tuatusi e lisiina # i le le masani ai e 150 # IPV6 tele # dhcp-range = 1234 ::, ra-only # Filifiliga mo le FUAFUA # FILIFILIGA dhcp-filifiliga = 1,255.255.255.0 # NETMASK dhcp-filifiliga = 3,192.168.10.5 # ROUTER GATEWAY dhcp-filifiliga = 6,192.168.10.5 # DNS Servers dhcp-options = 15, desdelinux.fan # DNS Domain Name dhcp-filifiliga = 19,1 , 28,192.168.10.255 # filifiliga ip-lafo I luga o dhcp-filifiliga = 42,192.168.10.5 # BROADCAST dhcp-filifiliga = XNUMX # NTP dhcp-aloaʻia # Faʻatonutonu DHCP i luga o laina lalo # ---------------- ---------------- ----------------------------------- # Afai e te manaʻo e teu i / var / log / savali le ogalaau o le fesili # faʻavasega le laina i lalo # ----------------- ---------------------------- # log-fesili # FAʻAIUGA o faila /etc/dnsmasq.conf # ----------------- ----------------------------
[root @ linuxbox ~] # nano / etc / banner_add_hosts 192.168.10.5 windowsupdate.com 192.168.10.5 ctldl.windowsupdate.com 192.168.10.5 ocsp.verisign.com 192.168.10.5 csc3-2010-crl.verisign.com 192.168.10.5 www.msftncsi.com 192.168.10.5 ipv6.msftncsi.com 192.168.10.5 teredo.ipv6.microsoft.com 192.168.10.5 ds.download.windowsupdate.com 192.168.10.5 download.microsoft.com 192.168.10.5 fe2.update.microsoft.com 192.168.10.5 crl.microsoft.com 192.168.10.5 www .download.windowsupdate.com 192.168.10.5 win8.ipv6.microsoft.com 192.168.10.5 spynet.microsoft.com 192.168.10.5 spynet1.microsoft.com 192.168.10.5 spynet2.microsoft.com 192.168.10.5 spynet3.microsoft.com 192.168.10.5. 4 spynet192.168.10.5.microsoft.com 5 spynet192.168.10.5.microsoft.com 15 office192.168.10.5client.microsoft.com 192.168.10.5 addons.mozilla.org XNUMX crl.verisign.com
Faʻamau IP tuatusi
[root @ linuxbox ~] # nano / etc / au 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 :: 1 localhost localhost.localdomain localhost6 localhost6.localdomain6 192.168.10.5 linuxbox.fromlinux.fan linuxbox 192.168.10.1 sysadmin.fromlinux.fan sysadmin
Matou te faʻatulagaina le faila /etc/resolv.conf - fofo
[root @ linuxbox ~] # nano /etc/resolv.conf suʻe le desdelinux.fan nameserver 127.0.0.1 # Mo fesili i fafo pe le o le domain DNS fesili # desdelinux.fan # local = / desdelinux.fan / nameserver 8.8.8.8
Matou te siaki faila faʻamatalaga dnsmasq.conf, matou amata ma siaki le tulaga o le tautua
[root @ linuxbox ~] # dnsmasq --test dnsmasq: syntax siaki OK. [root @ linuxbox ~] # systemctl toe amata le dnsmasq [root @ linuxbox ~] # systemctl tulaga dnsmasq
Dnsmasq ma le Uila
[root @ linuxbox ~] # firewall-cmd --get-active-sone
ese
vaʻaiga: ens34
lautele
vaʻaiga: ens32
Auaunaga DOMAIN o Domain Name Server (dns). Tulafono Faʻavae swipe «IP ma Encryption«
[root @ linuxbox ~] # firewall-cmd --zone = lautele --add-port = 53 / tcp --permanent manuia [root @ linuxbox ~] # firewall-cmd --zone = lautele --add-port = 53 / udp --permanent manuia
Dnsmasq fesili i fafo DNS tautua
[root @ linuxbox ~] # firewall-cmd --zone = fafo --add-port = 53 / tcp --permanent manuia [root @ linuxbox ~] # firewall-cmd --zone = fafo --add-port = 53 / udp --permanent manuia
Auaunaga ato faʻamau o BOOTP tautua (dhcp). Tulafono Faʻavae ippc «Initaneti Pluribus Packet Core«
[root @ linuxbox ~] # firewall-cmd --zone = lautele --add-port = 67 / tcp --permanent manuia [root @ linuxbox ~] # firewall-cmd --zone = lautele --add-port = 67 / udp --permanent manuia [root @ linuxbox ~] # firewall-cmd - toe uta manuia [root @ linuxbox ~] # firewall-cmd --info-sone lautele lautele (toaga) taulaiga: faaletonu icmp-poloka-inversion: leai interfaces: ens32 punavai: tautua: dhcp dns ntp ssh ports: 67 / tcp 53 / udp 123 / udp 67 / udp 53 / tcp aiaiga: masquerade: leai agai i luma-taulaga: sourceports: icmp -blocks: mauoa tulafono: [root @ linuxbox ~] # firewall-cmd --info-sone i fafo atu i fafo (toaga) taulaʻiga: faaletonu icmp-poloka-inversion: leai interfaces: ens34 mafuaʻaga: auaunaga: dns taulaga: 53 / udp 53 / tcp aiaiga: masquerade: ioe agai i luma-taulaga: punavai: icmp-poloka: parakalafa-faʻafitauli router-faʻasalalauga router- solicitation punavai-tineia tulafono mauoa:
Afai matou te mananaʻo e faʻaaoga se vaaiga faʻafanua e configure le Firewall i le CentOS 7, matou te tilotilo i le lisi lautele - o le a faʻamoemoe i luga o le desktop siʻosiʻomaga o loʻo aliali mai ai - o le apalai «Firewall», matou te faʻatinoina ma pe a uma ona ulufale i le faʻaupuga a le tagata aʻa, o le a tatou faʻaaogaina le polokalame faʻapitoa e pei o lea. I le MATE o loʻo aliali mai i le lisi lisi «System »->" Administration "->" Firewall ".
Matou te filifilia le Eria «lautele»Ma matou te faʻatagaina Auaunaga matou te mananaʻo e lolomiina i luga o le LAN, lea e oʻo mai nei dhcp, dns, ntp ma ssh. A maeʻa ona filifilia le tautua, faʻamaonia o mea uma lava e saʻo, e tatau ona tatou faia suiga i le Runtime i le Tumau. Ina ia faia lenei mea matou te o i le Filifiliga lisi ma filifili le filifiliga «Tamoe taimi e tumau".
Mulimuli ane matou filifilia le Eria «ese»Ma matou te siakiina uafu e manaʻomia e fesoʻotaʻi ai ma le Initaneti ua matala. AUA le lolomiina Auaunaga i lenei Sone vagana ua tatou iloa lelei le mea o tatou faia!.
Aua neʻi galo ona tatou faia suiga tumau e ala i le filifiliga «Tamoe taimi e tumau»Ma toefafa le temoni FaauluuluD, taimi uma matou te faʻaaogaina ai lenei meafaigaluega mana tele.
NTP ma Dnsmasq mai le Windows 7 tagata faʻatau
Faʻatasia ma NTP
Lisi IP tuatusi
Microsoft Windows [Faʻamatalaga 6.1.7601] Pule Tau Fatuga (c) 2009 Microsoft Corporation. Ua taofia aia tatau uma. C: \ Tagata faʻaaoga \ buzz> ipconfig / uma Windows IP Configuration Host Igoa. . . . . . . . . . . . : FITUGA
Peraimeri Dns Suffix. . . . . . . :
Node Ituaiga . . . . . . . . . . . : Hybrid IP Routing Faʻaaogaina. . . . . . . . : Leai se WINS sui e mafai. . . . . . . . : Leai se Lisi Suffix Suʻesuʻega Suffix. . . . . . : desdelinux.fan Ethernet adapter Local Area Connection: Fesoʻotaʻiga-faʻapitoa DNS Suffix. : desdelinux.fan Faʻamatalaga. . . . . . . . . . . : Intel (R) PRO / 1000 MT Fesoʻotaʻiga Fesoʻotaʻiga Tino Tuatusi. . . . . . . . . : 00-0C-29-D6-14-36 DHCP Faʻagaioia. . . . . . . . . . . : Ioe Autoconfiguration Faʻagaioia. . . . : Ma o le
IPv4 Tuatusi. . . . . . . . . . . : 192.168.10.115 (Sili)
Ufimata Subnet. . . . . . . . . . . : 255.255.255.0 Lisi Mauaina. . . . . . . . . . : Aso Faraile, Aperila 14, 2017 5:12:53 PM Totogi Lisi. . . . . . . . . . : Aso Toonaʻi, Aperila 15, 2017 1:12:53 AM Le Faitotoʻa. . . . . . . . . : 192.168.10.1 DHCP Tūmau. . . . . . . . . . . : 192.168.10.5 DNS Servers. . . . . . . . . . . : 192.168.10.5 NetBIOS i luga o le Tcpip. . . . . . . . : Faʻaaogaina Tunnel adapter Local Area Connection * 9: Media State. . . . . . . . . . . : Faʻasalalau tuʻufaʻatasia Fesoʻotaʻiga-faʻapitoa Suffix DNS. : Faʻamatalaga. . . . . . . . . . . : Microsoft Teredo Tunneling Adapter Faʻamatalaga Tino. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP Faʻaogaina. . . . . . . . . . . : Leai se faʻataʻitaʻiga otometi e mafai. . . . : Ioe Tunnel adapter isatap.fromlinux.fan: Ala o Faasalalauga Itumalo. . . . . . . . . . . : Faʻasalalau tuʻufaʻatasia Fesoʻotaʻiga-faʻapitoa Suffix DNS. : desdelinux.fan Faʻamatalaga. . . . . . . . . . . : Microsoft ISATAP Adapter # 2 Faʻamatalaga Tino. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP Faʻaogaina. . . . . . . . . . . : Leai se faʻataʻitaʻiga otometi e mafai. . . . : Ioe C: \ Tagata faʻaaoga \ buzz>
meaalofa tupe
O se taua taua i Windows tagata faʻatau o le "Peraimeri Dns Suffix" poʻo le "Autu fesoʻotaʻiga faʻatumu". A le faʻaaogaina le Microsoft Domain Controller, e le tuʻuina atu i ai e le faʻagaioiga ni mea taua. Afai o matou feagai ma se mataupu pei o le tasi na faʻamatalaina i le amataga o le tusitusiga ma matou te mananaʻo e faʻailoa manino atu lena taua, e tatau ona tatou alualu i luma e tusa ma le mea o loʻo faʻaalia i le ata lenei, talia suiga ma toe amata le tagata o tausia.
Afai tatou te toe tamoʻe CMD -> ipconfig / uma o le a matou mauaina mea nei:
Microsoft Windows [Faʻamatalaga 6.1.7601] Pule Tau Fatuga (c) 2009 Microsoft Corporation. Ua taofia aia tatau uma. C: \ Tagata faʻaaoga \ buzz> ipconfig / uma Windows IP Configuration Host Igoa. . . . . . . . . . . . : FITUGA
Peraimeri Dns Suffix. . . . . . . : desdelinux.fan
Node Ituaiga . . . . . . . . . . . : Hybrid IP Routing Faʻaaogaina. . . . . . . . : Leai se WINS sui e mafai. . . . . . . . : Leai se Lisi Suffix Suʻesuʻega Suffix. . . . . . : desdelinux.fan
O totoe o tau aoga tumau pea le suia
DNS siaki
buzz @ sysadmin: ~ $ talimalo spynet.microsoft.com spynet.microsoft.com ei ai le tuatusi 127.0.0.1 Host spynet.microsoft.com e le maua: 5 (REFUSED) spynet.microsoft.com meli o loʻo tagofia e le 1 mail.fromlinux.fan. buzz @ sysadmin: ~ $ talimalo linuxbox linuxbox.desdelinux.fan ei ai le tuatusi 192.168.10.5 linuxbox.desdelinux.fan meli o loʻo tagofia e le 1 mail.desdelinux.fan. buzz @ sysadmin: ~ $ talimalo sysadmin sysadmin.desdelinux.fan ei ai le tuatusi 192.168.10.1 sysadmin.desdelinux.fan meli o loʻo tagofia e le 1 mail.desdelinux.fan. buzz @ sysadmin: ~ $ talimalo talimalo mail.desdelinux.fan o se igoa faʻaigoa mo linuxbox.desdelinux.fan. linuxbox.desdelinux.fan ei ai le tuatusi 192.168.10.5 linuxbox.desdelinux.fan meli o loʻo tagofia e le 1 mail.desdelinux.fan.
Matou te faʻapipiʻi -mo naʻo suʻega- o se Pule DNS mana NSD i totonu sysadmin.fromlinux.fan, ma matou te aofia ai le tuatusi IP 172.16.10.1 i le fale teu /etc/resolv.conf o le 'au linuxbox.fromlinux.fan, ia faʻamaonia o Dnsmasq o loʻo faʻatinoina lelei lana galuega o le Forwarder. Sandboxes i luga o le NSD tautua o favt.org y toujague.org. O IP uma o ni tala faʻatupu poʻo ni fesoʻotaʻiga tumaoti.
Afai matou te faʻaleaogaina le WAN interface ens34 faʻaaogaina ole poloaʻiga ifdown ens34, Dnsmasq o le a le mafai ona fesili atu fafo DNS tautua.
[buzz @ linuxbox ~] $ sudo ifdown ens34 [buzz @ linuxbox ~] $ talimalo - mx toujague.org Host toujague.org le maua: 3 (NXDOMAIN) [buzz @ linuxbox ~] $ talimalo pizzapie.favt.org Host pizzapie.favt.org le maua: 3 (NXDOMAIN)
Sei o tatou faʻatagaina le ens34 interface ma toe siaki:
[buzz @ linuxbox ~] $ sudo pe a fai o le34
buzz @ linuxbox ~] $ host pizzapie.favt.org pizzapie.favt.org o se igoa faʻaigoa mo paisano.favt.org. paisano.favt.org ei ai le tuatusi 172.16.10.4 [buzz @ linuxbox ~] $ talimalo pizzapie.toujague.org Host pizzas.toujague.org le maua: 3 (NXDOMAIN) [buzz @ linuxbox ~] $ talimalo poblacion.toujague.org poblacion.toujague.org ei ai le tuatusi 169.18.10.18 [buzz @ linuxbox ~] $ talimalo -t NS favt.org favt.org igoa tautua ns1.favt.org. favt.org igoa tautua ns2.favt.org. [buzz @ linuxbox ~] $ talimalo - NS toujague.org toujague.org igoa tautua ns1.toujague.org. toujague.org igoa tautua ns2.toujague.org. [buzz @ linuxbox ~] $ talimalo - MX toujague.org toujague.org meli o loʻo tagofia e 10 mail.toujague.org.
Seʻi tatou talanoa mai sysadmin.fromlinux.fan:
buzz @ sysadmin: ~ $ cat /etc/resolv.conf saili mai linux.fan nameserver 192.168.10.5 xeon @ sysadmin: ~ $ talimalo meli.toujague.org meli.toujague.org ei ai le tuatusi 169.18.10.19
O le Dnsmasq o galue pei I luma saʻo
Squid
I le tusi i le PDF format «Linux Server Configuration»Faʻailogaina Iulai 25, 2016, e le Tusitala Joel Barrios Duenas (darkshram@gmail.com - http://www.alcancelibre.org/), tusitusiga na ou taʻua i tala muamua, o loʻo iai se mataupu atoa e tuʻuina atu i le Filifili Faʻavae Suʻega autu.
Ona o le taua o le Upega Tafaʻilagi - Auaunaga sui, ua matou toe gaosia ai le Faʻatomuaga na faia e uiga i le Squid i le tusi ua taua muamua:
105.1. Faatomuaga.
105.1.1. O le a le Intermediary Server (Proxy)?
O le faaupuga i le Igilisi "Sui" ei ai lona lautele lautele ma i le taimi lava e tasi le mautonu uiga, e ui lava
e masani ona manatu o se uiga tutusa o le manatu o "Fautua". E masani ona faʻaliliuina, i le uiga saʻo, pei sui o faʻamalosia (o le tasi e i ai le paoa i luga o le isi).
Un Tafaʻilagi Ofisa Ua faʻauigaina o se komupiuta poʻo se masini e ofaina se 'auʻaunaga tautua e aofia ai le faʻatagaina o tagata faʻatau e faia tuʻufaʻatasia fesoʻotaʻiga fesoʻotaʻiga i isi' auʻaunaga tautua. I le taimi o le gaioiga e tupu ai mea nei:
- Faʻafesoʻotaʻi le tagata i le a Sui sui.
- Ole tagata faatau e manaʻomia se fesoʻotaʻiga, faila, poʻo seisi punaʻoa avanoa i luga o se 'auʻaunaga eseʻese.
- O loʻo tuʻuina atu e le 'auʻaunaga faufautua le punaoa a le ala i le fesoʻotaʻi atu i le' auʻaunaga ua faʻamaotiina
pe tautuaina mai se pusa teu. - I nisi tulaga o le Tafaʻilagi Ofisa mafai ona suia le manaoga ole tagata o tausia poʻo le
tali a le 'auʻaunaga mo faʻamoemoe eseese.
le Sui Servers e masani ona faia e galulue faʻatasi o se afi afi o loʻo faʻatautaia i le Laʻasaga tulaga, avea o se taga afifi, pei o le tulaga o iptables pe faʻagaioia i le Talosaga tulaga, faʻatonutonuina o 'eseʻese tautua, pei o le tulaga o Afifi TCP. Faʻamoemoe i le mataupu, o le afi puipui e taʻua foi o BPD o BPoloaiga Pfeauauaʻii Device pe naʻo taga afifi.
O se faʻaaoga masani o Sui Servers o le galue o se cache o fesoʻotaʻiga mataupu (tele HTTP), saunia i le vavalalata o tagata o tausia se cache o itulau ma faila avanoa e ala i le upega tafailagi i luga o mamao HTTP tautua, faʻatagaina tagata o le lotoifale upega tafaʻilagi e ulufale ia latou i totonu o le vave ma sili atu faʻatuatuaina.
A maua se talosaga mo se faʻapitoa fesoʻotaiga punaoa i le URL (Ufa'ailoga Rpuna'oa Lfeʻe) le Tafaʻilagi Ofisa vaavaai mo le iʻuga o URL totonu o le cache. Afai e maua, o le Tafaʻilagi Ofisa Tali atu i le tagata faʻatau ile saunia vave o mea na talosagaina. Afai e le o iai le mea na talosagaina i totonu o le cache, o le Tafaʻilagi Ofisa o le a aumaia mai se taumamao server, tuʻuina atu i le tagata o tausia na talosagaina ia ma teuina se kopi i le cache. O mea i totonu o le cache ua aveʻese e ala i le faʻamutaina algorithm e tusa ai ma le tausaga, tele ma le talafaʻasolopito o tali i talosaga (hits) (faʻataʻitaʻiga: LRU, LFUDA y GDSF).
Proxy Servers mo Network content (Upega Tafaʻilagi Proxies) mafai foi ona avea o ni faamama o le anotusi tautua, faʻaogaina o tulafono mo faʻasalaga e tusa ai ma le faʻatulafonoina aiaiga..
O le Squid version o le a matou faʻapipiʻiina o 3.5.20-2.el7_3.2 mai le fale teu oloa faafouga.
Faʻatulagaga
[Root @ linuxbox ~] # yum install squid [Root @ linuxbox ~] # ls / etc / squid / cachemgr.conf errorpage.css.default squid.conf cachemgr.conf.default mime.conf squid.conf.default errorpage.css mime.conf.default [Root @ linuxbox ~] # systemctl faʻafaigofie ai le heʻe
Taua
- O le autu autu o lenei tusitusiga o le Faʻatagaina tagata faʻaoga i le lotoifale e fesoʻotaʻi ma Squid mai isi komipiuta fesoʻotaʻi i le LAN. I se faʻaopopoga, faʻatino le autu o se 'auʻaunaga o le a faʻaopopoina isi tautua. E leʻo se tusitusiga faʻapitoa i le Squid faʻapea.
- Ina ia maua se aitia o filifiliga filifiliga a le Squid, faitau le /usr/share/doc/squid-3.5.20/squid.conf.documented faila, o loʻo i ai laina 7915.
SELinux ma Squid
[root @ linuxbox ~] # getebool -a | grep squid squid_connect_any -> luga ole squid_use_tproxy -> tapē [root @ linuxbox ~] # setebool -P squid_connect_any = on
Seti
[root @ linuxbox ~] # nano /etc/squid/squid.conf # LAN acl localnet src 192.168.10.0/24 acl SSL_ports taulaga 443 21 acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 # https acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 1025-65535 # porte lesitala acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filmaker acl Safe_ports port 777 # multiling http acl CONNECT metotia CONNECT # Matou te faafitia fesili mo ua le saogalemu puipuiga http_access deny! Safe_ports # Matou te faafitia le CONNECT metotia mo le saogalemu puipuiga uafu http_access faafesootaʻi! SSL_ports # Avanoa i Naʻo le pule ole cache mai le localhost http_access faʻatagaina le localhost manager http_access deny manager # Matou te matua fautuaina le mea lea e le faʻamalieina e puipui ai le mama le aoga # upega tafailagi o loʻo tamoʻe i luga o le sui sui o loʻo manatu e naʻo le # tasi e mafai ona faʻaaoga tautua i luga o le "localhost" o se nofoaga tagata faʻaoga http_access faafitia le_localhost # # FAI SAU LAVA TUPULU LAVA (S) IINI E FAʻAFIA AI LE TALI MAI LAʻU FUAFUAGA # # PAM faʻatagaina auth_param polokalame autu / usr / lib64 / squid / basic_pam_auth auth_param basic fanau 5 auth_param basic malo mai linux.fan auth_param basic credentialsttl 2 itula auth_param basic caseensitive off # Acl authentication e manaʻomia e ulufale ai i le Squid Enthusiasts proxy_auth FAʻAILOINA # Matou te faʻatagaina le ulufale atu i faʻamaonia tagata faʻaoga # ala i le PAM http_access faafitia acl ftp proto FTP http_access faʻatagaina ftp http_access faʻatagaina localnet http_access faʻatagaina localhost # Matou te faʻafitia seisi auala i le sui http_access faʻafitia uma # Squid masani faʻalogo i luga o le taulaga 3128 http_port 3128 # Matou te tuua le "coredumps" i le muamua cache faʻasinoala coredump_dir / var / spool / squid # # Faʻaopopo ni au oe lava tusiga faʻamamafa i luga atu o mea ia. # refresh_pattern ^ ftp: 1440 20% 10080 refresh_pattern ^ gopher: 1440 0% 1440 refresh_pattern -i (/ cgi-bin / | \?) 0 0% 0 refresh_pattern. 0 20% 4320 cache_mem 64 MB # Cache memory memory_replacement_policy lru cache_replacement_policy heap LFUDA cache_dir aufs / var / spool / squid 4096 16 256 maximum_object_size 4 MB cache_swap_low 85 cache_swap_highux 90 cache_mgr buzz@desuxinxname.info
Matou te siakiina le faʻamatalaga o le faila /etc/squid/squid.conf
[root @ linuxbox ~] # squid -k parse 2017/04/16 15: 45: 10 | Amataina: Faʻailoaina o Polokalame Faʻamaonia muamua ... 2017/04/16 15: 45: 10 | Amataina: Polokalame Faʻamaonia Amua 'amata' 2017/04/16 15: 45: 10 | Amataina: Initialized Authentication Scheme 'digest' 2017/04/16 15: 45: 10 | Amataina: Polokalame Faʻamaonia muamua 'feutanaʻi' 2017/04/16 15: 45: 10 | Amataina: Polokalame Faʻamaonia Atoa 'ntlm' 2017/04/16 15: 45: 10 | Amataina: Faʻamaoniaina Faʻapitoa. 2017/04/16 15: 45: 10 | Faʻagasologa o Faʻatulagaina Faila: /etc/squid/squid.conf (loloto 0) 2017/04/16 15: 45: 10 | Faʻagasologa: acl localnet src 192.168.10.0/24 2017/04/16 15: 45: 10 | Faʻagasologa: acl SSL_ports taulaga 443 21 2017/04/16 15: 45: 10 | Faʻagasologa: acl Safe_ports port 80 # http 2017/04/16 15: 45: 10 | Faʻagasologa: acl Safe_ports port 21 # ftp 2017/04/16 15: 45: 10 | Faʻagasologa: acl Safe_ports taulaga 443 # https 2017/04/16 15: 45: 10 | Faʻagasologa: acl Safe_ports port 70 # gopher 2017/04/16 15: 45: 10 | Faʻagasologa: acl Safe_ports port 210 # wais 2017/04/16 15: 45: 10 | Faʻagasologa: acl Safe_ports taulaga 1025-65535 # uafu le faamauina 2017/04/16 15: 45: 10 | Faʻagasologa: acl Safe_ports port 280 # http-mgmt 2017/04/16 15: 45: 10 | Faʻagasologa: acl Safe_ports taulaga 488 # gss-http 2017/04/16 15: 45: 10 | Faʻagasologa: acl Safe_ports port 591 # filmaker 2017/04/16 15: 45: 10 | Faʻagasologa: acl Safe_ports port 777 # multiling http 2017/04/16 15: 45: 10 | Faʻagasologa: acl CONNECT metotia Fesoʻotaʻi 2017/04/16 15: 45: 10 | Faʻagasologa: http_access deny! Safe_ports 2017/04/16 15: 45: 10 | Faʻagasologa: http_access deny CONNECT! SSL_ports 2017/04/16 15: 45: 10 | Faʻagasologa: http_access faʻatonu localhost pule 2017/04/16 15: 45: 10 | Faʻagasologa: http_access deny manager 2017/04/16 15: 45: 10 | Faʻagasologa: http_access faafitia le_localhost 2017/04/16 15: 45: 10 | Faʻagasologa: auth_param basic program / usr / lib64 / squid / basic_pam_auth 2017/04/16 15: 45: 10 | Faʻagasologa: auth_param masani tamaiti 5 2017/04/16 15: 45: 10 | Faʻagasologa: auth_param faavae malo mai linux.fan 2017/04/16 15: 45: 10 | Faʻagasologa: auth_param basic credentialsttl 2 itula 2017/04/16 15: 45: 10 | Faʻagasologa: auth_param basic caseensitive off 2017/04/16 15: 45: 10 | Faʻagasologa: acl Tagata fiafia proxy_auth MANAʻO 2017/04/16 15: 45: 10 | Faʻagasologa: http_access deny! Tagata fiafia 2017/04/16 15: 45: 10 | Faʻagasologa: acl ftp proto FTP 2017/04/16 15: 45: 10 | Faʻagasologa: http_access faʻatagaina ftp 2017/04/16 15: 45: 10 | Faʻagasologa: http_access faʻatonu localnet 2017/04/16 15: 45: 10 | Faʻagasologa: http_access faʻatonu localhost 2017/04/16 15: 45: 10 | Faʻagasologa: http_access faafitia uma 2017/04/16 15: 45: 10 | Faʻagasologa: http_port 3128 2017/04/16 15: 45: 10 | Faʻagasologa: coredump_dir / var / spool / squid 2017/04/16 15: 45: 10 | Faʻagasologa: refresh_pattern ^ ftp: 1440 20% 10080 2017/04/16 15: 45: 10 | Faʻagasologa: refresh_pattern ^ gopher: 1440 0% 1440 2017/04/16 15: 45: 10 | Faʻagasologa: refresh_pattern -i (/ cgi-bin / | \?) 0 0% 0 2017/04/16 15: 45: 10 | Faʻagasologa: refresh_pattern.
Matou te faʻatagaina faʻatagaina i totonu / usr / lib64 / squid / basic_pam_auth
[root @ linuxbox ~] # chmod u + s / usr / lib64 / squid / basic_pam_auth
Matou te fausiaina le pusa tusi
# Na o le mea lava ... [root @ linuxbox ~] # tautua sikoa taofi Faʻatonutonu i le / lapisi / systemctl taofi leʻu.service [root @ linuxbox ~] # squid -z [Root @ linuxbox ~] # 2017/04/16 15:48:28 kid1 | Seti Nei Lisi Faʻasinoga i / var / spool / squid 2017/04/16 15:48:28 kid1 | Fausiaina o lesitala fesuiaʻiga o fesuiaiga 2017/04/16 15:48:28 kid1 | / var / spool / squid loʻo iai 2017/04/16 15:48:28 kid1 | Faia tusi faʻasino i / var / spool / squid / 00 2017/04/16 15:48:28 kid1 | Faia tusi faʻasino i / var / spool / squid / 01 2017/04/16 15:48:28 kid1 | Faia tusi faʻasino i / var / spool / squid / 02 2017/04/16 15:48:28 kid1 | Faia tusi faʻasino i / var / spool / squid / 03 2017/04/16 15:48:28 kid1 | Faia tusi faʻasino i / var / spool / squid / 04 2017/04/16 15:48:28 kid1 | Faia o faʻasino i / var / spool / squid / 05 2017/04/16 15:48:28 kid1 | Faia tusi faʻasino i / var / spool / squid / 06 2017/04/16 15:48:28 kid1 | Faia tusi faʻasino i / var / spool / squid / 07 2017/04/16 15:48:28 kid1 | Faia tusi faʻasino i / var / spool / squid / 08 2017/04/16 15:48:28 kid1 | Faia tusi faʻasino i / var / spool / squid / 09 2017/04/16 15:48:28 kid1 | Faia o faʻasino i / var / spool / squid / 0A 2017/04/16 15:48:28 kid1 | Faia o faʻasino i / var / spool / squid / 0B 2017/04/16 15:48:28 kid1 | Faia tusi faʻasino i / var / spool / squid / 0C 2017/04/16 15:48:29 tamaititi1 | Faia tusi faʻasino i / var / spool / squid / 0D 2017/04/16 15:48:29 tamaititi1 | Faia tusi faʻasino i / var / spool / squid / 0E 2017/04/16 15:48:29 tamaititi1 | Faia o faʻasino i / var / spool / squid / 0F
Ile taimi nei, a fai e fai sina umi e toe faʻafoʻi le faʻatonuga vave - lea e le i toe foʻi mai ia te aʻu - oomi le Enter.
[root @ linuxbox ~] # amata le suʻe suʻe [root @ linuxbox ~] # toe maua le squid tautua [Root @ linuxbox ~] # tautua tulaga squid Faʻatonutonu i le / bin / systemctl tulaga squid.service ● squid.service - Squid caching sui sui Avega: utaina (/usr/lib/systemd/system/squid.service; ua le atoatoa; tagata faʻatau preset: le atoatoa) Toaga: malosi (tamoʻe) talu dom 2017-04-16 15:57:27 EDT; 1s talu ai Faʻagasologa: 2844 ExecStop = / usr / sbin / squid -k shutdown -f $ SQUID_CONF (code = exited, status = 0 / SUCCESS) Faʻagasologa: 2873 ExecStart = / usr / sbin / squid $ SQUID_OPTS -f $ SQUID_CONF (code = exited, status = 0 / SUCCESS) Faʻagasologa: 2868 ExecStartPre = / usr / libexec / squid / cache_swap.sh (code = exited, status = 0 / SUCCESS) Autu PID: 2876 (squid) CGroup: /system.slice/squid .service └─2876 / usr / sbin / squid -f /etc/squid/squid.conf Apr 16 15:57:27 linuxbox systemd [1]: Amataina Squid caching sui ... Apr 16 15:57:27 linuxbox systemd [1]: Amata le suʻe sikipi sui. Ape 16 15:57:27 linuxbox squid [2876]: Squid Matua: o le a amata 1 tamaiti Ape 16 15:57:27 linuxbox squid [2876]: Squid Matua: (squid-1) gaioiga 2878 ... ed Apr 16 15 : 57: 27 linuxbox squid [2876]: Squid Matua: (squid-1) gaioiga 2878 ... 1 Fautuaga: O nisi laina na ellipsized, faaaoga -l e faʻaalia atoa [root @ linuxbox ~] # pusi / var / log / savali | grep squid
Faʻaputuga afi
E tatau foi ona tatou tatala i le Sone «ese"uafu 80HTTP y 443 HTTPS o lea e mafai e le Squid fesoʻotaʻi ma le Initaneti.
[root @ linuxbox ~] # firewall-cmd --zone = fafo --add-port = 80 / tcp --permanent manuia [root @ linuxbox ~] # firewall-cmd --zone = fafo --add-port = 443 / tcp --permanent manuia [root @ linuxbox ~] # firewall-cmd - toe uta manuia [root @ linuxbox ~] # firewall-cmd --info-sone i fafo fafo (toaga) taulaiga: faaletonu icmp-poloka-inversion: leai interfaces: ens34 punavai: auaunaga: dns taulaga: 443 / tcp 53 / udp 80 / tcp 53 / tcp aiaiga: masquerade: ioe luma-taulaga: punavai: icmp-poloka: parakalafa-faʻafitauli router-faʻasalalauga router-solicitation punavai-tineia tulafono mauoa:
- E le paie alu i le tusi ata «Tulaga afi»Ma siaki poʻo vaʻa 443 tcp, 80 tcp, 53 tcp, ma le 53 udp e avanoa mo le sone«ese«, Ma matou te LEʻi faʻasalalauina se tautua mo ia.
Faʻaliga i luga o le basic_pam_auth fesoasoani fesoasoani
Afai matou te talanoa i le tusi lesona o lenei aoga e ala i tamaloa faʻavae_pam_auth O le a tatou faitau o le tusitala lava ia na faia se malosi fautuaga ina ia ave le polokalame i se tusi faʻasinoala e le lava ai faʻatagaina a tagata faʻaoga e faʻaaoga ai mea faigaluega.
I leisi itu, ua iloa o lenei faʻatagaina polokalama, o le faʻamaoniga malaga i tusitusiga faigofie ma e le saogalemu mo siʻosiʻomaga le fiafia, faitau tatala upega.
Jeff Yestrumskas faapaia le tala «Faʻafefea-i: Seti se saogalemu uepisaʻi sui faʻaaogaina le SSL faʻailogaina, Squid Caching Proxy ma le PAM faʻamaonia»I le mataupu o le faʻateleina o le saogalemu i lenei polokalame faʻamaonia ina ia mafai ai ona faʻaaogaina i ni fili teteʻe atu i fesoʻotaʻiga.
Matou te faʻapipiʻi httpd
I le avea ai o se auala e siaki ai le faʻagaioiga o Squid -ma faʻapea foi o Dnsmasq- o le a matou faʻapipiʻiina le tautua httpd -Apache 'upega tafaʻilagi faila- e le manaʻomia e faia. I le faila e faʻatatau i le Dnsmasq / etc / banner_add_hosts Matou te taʻutino atu o upega tafaʻilagi matou te mananaʻo e faʻasaina, ma matou te tuʻuina atu ma le manino ia latou tuatusi IP lava e tasi na latou mauaina pusa linux. Afai o lea, afai matou te talosagaina le ulufale i se tasi o nei 'upega tafaʻilagi, o le fale itulau o le httpd.
[root @ linuxbox ~] # yum install httpd [root @ linuxbox ~] # systemctl mafai ai httpd Fausia symlink mai /etc/systemd/system/multi-user.target.wants/httpd.service i le /usr/lib/systemd/system/httpd.service. [Root @ linuxbox ~] # systemctl amata httpd [Root @ linuxbox ~] # systemctl tulaga httpd ● httpd.service - O le Apache HTTP Server Avega: utaina (/usr/lib/systemd/system/httpd.service; mafai; tagata faʻatau preset: le atoatoa) Galue: toaga (tamoʻe) talu mai le Sun 2017-04-16 16:41: 35 EDT; 5s talu ai Docs: tamaloa: httpd (8) tamaloa: apachectl (8) Autu PID: 2275 (httpd) Tulaga: "Faʻagasologa o talosaga ..." CGroup: /system.slice/httpd.service ├─2275 / usr / sbin / httpd -DFOREGROUND ├─2276 / usr / sbin / httpd -DFOREGROUND ├─2277 / usr / sbin / httpd -DFOREGROUND ├─2278 / usr / sbin / httpd -DFOREGROUND ├─2279 / usr / sbin / httpd -DFOREGROUND └─2280 / usr / sbin / httpd -DFOREGROUND Apr 16 16:41:35 linuxbox systemd [1]: Amata Le Apache HTTP Server ... Apr 16 16:41:35 linuxbox systemd [1]: Amata Le Apache HTTP Server.
SELinux ma Apache
Apache e tele ana tulafono faʻavae e faʻatulaga ai totonu o le SELinux matalalaga.
[root @ linuxbox ~] # getebool -a | grep httpd httpd_anon_write -> off httpd_builtin_scripting -> luga httpd_can_check_spam -> off httpd_can_connect_ftp -> off httpd_can_connect_ldap -> off httpd_can_connect_mythtv -> off httpd_can_connect off_zdbi_bwork_bb_bj_bj_bj httpd_can_network_memcache -> off httpd_can_network_relay -> off httpd_can_sendmail -> off httpd_dbus_avahi -> off httpd_dbus_sssd -> off httpd_dontaudit_search_dirs -> off httpd_enable_cgi -> httpd_enable_offen off_demain httpd_graceful_shutdown -> i luga o httpd_manage_ipa -> off httpd_mod_auth_ntlm_winbind -> off httpd_mod_auth_pam -> off httpd_read_user_content -> off httpd_run_ipa -> off httpd_run_preupgrade -> off httpd_robs httpd_ssi_exec -> off httpd_sys_script_anon_write -> off httpd_tmp_exec -> off httpd_tty_comm - > off httpd_unified -> off httpd_use_cifs -> off httpd_use_fusefs -> off httpd_use_gpg -> off httpd_use_nfs -> off httpd_use_openstack -> off httpd_use_sasl -> off httpd_verify_dns -> off
O le a matou faʻatulagaina mea nei:
Lafo imeli e ala ia Apache
aa @ linuxbox ~] # setebool -P httpd_can_sendmail 1
Faʻatagaina Apache e faitau mea o loʻo i totonu o tusi fale o tagata faʻaoga
aa @ linuxbox ~] # setebool -P httpd_read_user_content 1
Faʻatagaina e faʻatautaia e ala i le FTP poʻo le FTPS soʻo se tusi faʻatonutonu e pulea e
Apache pe faʻatagaina Apache e galue o se FTP server faʻalogo mo talosaga e ala i le FTP port
[root @ linuxbox ~] # setebool -P httpd_enable_ftp_server 1
Mo nisi faʻamatalaga, faʻamolemole faitau Linux Server Configuration.
Matou te siakiina le Faʻamaoniga
E naʻo le tumau lava e tatala se browser luga o se nofoaga faigaluega ma faʻasino, mo se faʻataʻitaʻiga, i http://windowsupdate.com. O le a matou siakiina pe o le talosaga e saʻo ona toe faʻafoʻi atu i le Apache home page i le linuxbox. O le mea moni, soʻo se igoa o le 'upega tafaʻilagi ua faʻailoa mai i le faila / etc / banner_add_hosts o le a toe tuʻuina atu oe i le itulau e tasi.
O ata i le faaiuga o le tusitusiga faʻamaonia.
Tagata e Faʻatonutonu Pulega
Matou te faia e faʻaaogaina ai le mea faigaluega kalafi «Manaoga a le tagata»Lea tatou te faʻaaogaina e ala i le lisi o mea System -> Pulega -> Faʻatautaia pulega. Soʻo se taimi matou te faʻaopopoina ai se tagata fou, o lona faila e faia / fale / tagata faʻaaoga otometi.
Faʻasologa o kopi
Linux aufaʻatau
E naʻo lou manaʻomia le faila faila masani ma taʻu atu e te manaʻo e fesoʻotaʻi, mo se faʻataʻitaʻiga: ssh: // buzz @ linuxbox / home / buzz ma a maeʻa ona ulufale le password, o le faʻasino o le a faʻaalia aiga o le faʻaaogaina uʻamea.
Faamalama Tagata Faʻatau
I Windows tagata faʻatau, matou te faʻaaogaina le mea faigaluega WinSCP. A maeʻa ona faʻapipiʻi, matou te faʻaaogaina i le auala lea:
Faigofie, a ea?
Aotelega
Ua matou vaʻaia e mafai ona faʻaaogaina le PAM e faʻamaonia ai tautua i se tamaʻi fesoʻotaʻiga ma i se siʻosiʻomaga puleaina e matua tuʻu ese lava mai lima o hackers. E mafua ona o le mea moni o le faʻamaoniga agavaʻa femalagaaʻi i tusitusiga manino ma o lea e le o se faʻamaoniaina polokalame e faʻaaogaina i matala fesoʻotaʻiga e pei o malae vaʻalele, Wi-Fi fesoʻotaʻiga, ma isi. Peitai, o se faigofie faʻatagaina auala, faigofie e faʻatino ma configure.
Punaoa faʻatalanoa
- Linux Server Configuration
- Polokalama faʻatonuga - tamaloa itulau
Lomiga PDF
Lalotoso i le vaega PDF iinei.
Seia oʻo i leisi mataupu!
9 manatu, tuʻu lau
Ua maeʻa ona faamaloloina le susuga Fico. Faʻafetai mo le faʻasoaina atu o lou poto.
Ou te iloa le faigata o le tuʻufaʻatasia o se tusitusiga ma se tulaga o auiliiliga, ma matua manino suʻega ma sili atu i mea uma ma manatu ma metotia faʻafetauina i tulaga faʻatulagaina. Na ona ou ave loʻu pulou i lenei maataua o saofaga, faʻafetai tele ia Fico mo se lelei galuega.
Ou te leʻi tuʻufaʻatasia lava le squid ma le faʻamaoniga a le pam, ae ou te alu i le mea e gata ai le mafai e fai ai lenei faiga i laʻu fale suesue ... Sini fusi ma matou faʻaauau !!
NaTiluS: Faʻafetai tele lava mo lau faamatalaga ma le iloiloga.
Lise: Ia te oe foi, faafetai tele lava mo lau faamatalaga ma le iloiloga.
O le taimi ma le taumafaiga e tuʻuina atu i le faia o tusitusiga pei o lenei tasi e naʻo le tauia i le faitau ma manatu mai ia i latou e asiasi i le FromLinux 'aʻai. Ou te faamoemoe e aoga ia te oe i au galuega i aso uma.
Tatou te o pea!
Mafaʻatauaʻi tagatanuu saofaga !!!! Ou te faitau i au tusitusiga uma ma e mafai ona ou fai atu e oʻo foʻi i se tagata e le lava lona malamalama i le Free Software (pei o aʻu) e mafai ona mulimulitaʻi i lenei tala matagofie i lea laʻasaga. Manuia !!!!
Faʻafetai Fico mo lenei isi tusitusiga sili; Peiseai e le lava na mea ma pou uma ua maeʻa faʻasalalauina, i lenei mea e i ai le matou tautua e leʻi muaʻi ufiufiina e le PYMES Series ma e matua taua lava: le "SQUID" poʻo le sui o le LAN. E leai se mea mo matou le aiga o latou e manatu o matou o "sysadmins" o loʻo i ai iinei isi mea lelei e suʻesuʻe ma faʻalauteleina ai lo tatou malamalama.
Faafetai lava mo a outou finagalo faaalia. O le mataupu o loʻo sosoʻo mai o le a fefaʻasoaaʻi ma le Prosody chat server ma le faʻamaoniga e faʻasaga i tusi faʻamaonia i le lotoifale (PAM) e ala atu ia Cyrus-SASL, ma o lena tautua o le a faʻaaogaina i lenei lava tautua.
I le taimi lelei tagatanuu !!!! Sili saofaga e oo lava mo i latou e pei o aʻu e le o tele le malamalama e uiga i Free Polokalama ma e naunau e aʻoaʻoina ma tala sili ona matagofie pei o lenei tasi. Sa ou mulimuli i au saofaga ma ou te fia iloa poʻo le a le tusitusiga e te fautuaina ai aʻu e amata i luga o lenei faʻasologa o SME Networks, talu ai sa ou faitau i se le faʻaletonu auala ma ou te manatu e tele naua aoga mea e misia soʻo se auiliiliga. A aunoa ma nisi mea, faʻafeiloaʻi ma talosia ia fefaʻasoaaʻi le poto faʻapea foʻi ma le Polokalama tumau tumau !!
Talofa le atunuʻu !!!. Ou te fautua atu ia te oe e amata i le amataga, e ui lava e foliga mai o se auala umi, o le auala sili ona puʻupuʻu ina ia aua neʻi leiloa. I le faasino igoa -lea e le faʻafouina i tusitusiga mulimuli e lua- https://blog.desdelinux.net/redes-computadoras-las-pymes-introduccion/, matou faʻavaeina le fautuaina faitauga faʻasologa o le Series, lea e amata i le faʻafefea ona fai laʻu Fale faigaluega, faaauau pea ma le tele o pou tuuto i le mataupu Faʻamaoniga, mulimuli ma ni teutusi BIND, Isc-Dhcp-Server, ma Dnsmasq, ma faʻasolosolo ai lava seʻia oʻo i le vaega e faʻatino ai le tautua mo le SME network, o iina o loʻo tatou i ai nei. Talosia e fesoasoani ia te oe.
Ia o le a avea !!!! O le taimi nei ou te amata i le faasologa mai le amataga ma ou te tulimatai atu i tala fou. Manuia !!!!