Xaqiijinta Squid + PAM ee CentOS 7- Shabakadaha SMB

Tusmada guud ee taxanaha: Shabakadaha Kombuyuutarka ee loogu talagalay SMEs: Hordhac

Waad salaaman tihiin asxaabta iyo asxaabta!

Cinwaanka maqaalka waa inuu ahaado: «MATE + NTP + Dnsmasq + Adeegga Gateway + Apache + Squid oo wata Xaqiijinta PAM ee Centos 7 - Shabakadaha SME«. Sababo la taaban karo ayaan u soo gaabinay.

Waxaan ku sii wadaynaa aqoonsiga isticmaaleyaasha maxalliga ah kombuyuutarka Linux adoo adeegsanaya PAM, markan waxaan arki doonnaa sida aan ugu siin karno adeegga Wakiilka Squid ee shabakad yar oo kombiyuutarro ah, adoo adeegsanaya aqoonsiga aqoonsiga ee ku kaydsan isla kombiyuutarka meesha adeegu wuu socdaa Squid.

In kasta oo aan ognahay inay tahay dhaqan aad u caadi ah maalmahan, si loo xaqiijiyo adeegyada ka dhanka ah OpenLDAP, Red Hat's Directory Server 389, Microsoft Active Directory, iwm, waxaan u aragnaa inay tahay inaan marka hore soo marno xalal fudud oo jaban, ka dibna aan la kulanno kuwa ugu adag. Waxaan aaminsanahay inay tahay inaan ka gudubno waxyaabaha fudud fudud.

Index

Marxalad

Waa urur yar - oo aad uyar oo ilaha dhaqaalaha ah - oo loogu talagalay taageerida adeegsiga Software-ka Bilaashka ah taasna waxay doorteen magaca Laga soo bilaabo Linux.Fan. Iyagu waa kuwa OS xamaasad badan CentOS koox koox looga dhigay hal xafiis. Waxay iibsadeen xarun-shaqo - maahan adeege xirfad-yaqaan ah - oo ay ugu deeqi doonaan inay u shaqeeyaan sidii "server".

Dadka xamaasada lihi aqoon dheer uma lahan sida loo hirgaliyo server OpenLDAP ama Samba 4 AD-DC, mana awoodaan inay shati siiyaan Microsoft Active Directory. Si kastaba ha noqotee, shaqadooda maalinlaha ah, waxay u baahan yihiin adeegyo marin-u-hel ah oo internetka ah iyada oo loo marayo Wakiil - si loo dedejiyo daalacashada - iyo meel bannaan oo lagu keydinayo dukumiintiyada ugu qiimaha badan ugana shaqeeyaan sidii nuqullo keyd ah.

Wali waxay inta badan isticmaalaan nidaamyo hawlgal oo si sharci ah ku helay Microsoft, laakiin waxay rabaan inay u beddelaan Nidaamyada Hawlgalka ee Linux-ku saleysan, iyaga oo ka bilaabaya "Server "kooda.

Waxa kale oo ay ku taamayaan inay yeeshaan server mailkooda u gaar ah si ay u madax bannaanaadaan - uguyaraan meesha ay ka yimaadeen - adeegyada sida Gmail, Yahoo, HotMail, iwm, oo ah tan ay hadda adeegsadaan.

Xeerarka Firewall iyo Routing ee ka dhanka ah internetka ayaa ka dhex dhisi doona ADSL Router qandaraasle.

Ma haystaan ​​magac domain oo dhab ah maadaama aysan u baahnayn inay wax adeeg ah ku daabacaan internetka.

CentOS 7 oo ah adeege aan lahayn GUI

Waxaan ka bilaabaynaa cusbooneysiin cusub oo server ah oo aan lahayn muuqaal garaaf ah, iyo ikhtiyaarka kaliya ee aan dooranay inta howshu socoto waa «Server Kaabayaasha»Sidaan ku aragnay maqaaladi hore taxanaha.

Dejinta bilowga ah

[xididka @ linuxbox ~] # bisad / iwm / hostname 
sanduuqa Linux

[xididka @ linuxbox ~] # bisad / iwm / martigeliyayaal
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 :: 1 localhost localhost.localdomain localhost6 localhost6.localdomain6 192.168.10.5 linuxbox.fromlinux.fan linuxbox

[xididka @ linuxbox ~] # magaca martida
sanduuqa Linux

[xididka @ Linux_ ~] # magaca martida -f
linuxbox.fromlinux.fan

[xididka @ linuxbox ~] # ip addr liiska
[xididka @ Linux_ ~] # ifconfig -a
[xididka @ linuxbox ~] # ls / sys / class / net /
ens32 ens34 bal eeg

Waxaan joojinay Maareeyaha Shabakada

[xididka @ Linux_ ~] # systemctl jooji NetworkManager

[xididka @ linuxbox ~] # systemctl gab barnaamijka NetworkManager

[xididka @ linuxbox ~] # systemctl status NetworkManager
M NetworkManager.service - Maareeyaha Shabakada Load: xamuul ah (/usr/lib/systemd/system/NetworkManager.service; naafo ah; iibiyaha horay loo sii daayay: karti leh) Firfircoon: firfircoon (dhintay) Dukumiintiyo: nin: NetworkManager (8)

[xididka @ Linux_ ~] # ifconfig -a

Waxaan u qaabeynaa isku xirnaanta shabakadda

Iskuxirka Ens32 LAN wuxuu kuxiranyahay Shabakada Gudaha

[xididka @ linuxbox ~] # nano / etc / sysconfig / network-scripts / ifcfg-ens32
DEVICE=ens32
ONBOOT=yes
BOOTPROTO=static
HWADDR=00:0c:29:da:a3:e7
NM_CONTROLLED=no
IPADDR=192.168.10.5
NETMASK=255.255.255.0
GATEWAY=192.168.10.1
DOMAIN=desdelinux.fan
DNS1=127.0.0.1
QAYBTA = dadweynaha

[xididka @ Linux_ ~] # ifdown ens32 && ifup ens32

Ens34 WAN wuxuu kuxiranyahay internetka

[xididka @ linuxbox ~] # nano / etc / sysconfig / network-scripts / ifcfg-ens34
QAYBTA = ens34 ONBOOT = haa BOOTPROTO = HWADDR = 00: 0c: 29: da: a3: e7 NM_CONTROLLED = maya IPADDR = 172.16.10.10 NETMASK = 255.255.255.0 # router ADSL wuxuu kuxiran yahay # isdhexgalkaan # cinwaanka soo socda GATEWAY IP = 172.16.10.1 DOMAIN = desdelinux.fan DNS1 = 127.0.0.1
AAGA = dibedda

[xididka @ Linux_ ~] # ifdown ens34 && ifup ens34

Qaabeynta keydinta

[xididka @ linuxbox ~] # cd /etc/yum.repos.d/
[xididka @ Linux_ ~] # asalka mkdir
[xididka @ linuxbox ~] # mv Centos- * original /

[xididka @ linuxbox ~] # nano centos.repo
[Base-Repo]
name=CentOS-$releasever
baseurl=http://192.168.10.1/repos/centos/7/base/x86_64/
gpgcheck=0
enabled=1

[CentosPlus-Repo]
name=CentOS-$releasever
baseurl=http://192.168.10.1/repos/centos/7/centosplus/x86_64/
gpgcheck=0
enabled=1

[Epel-Repo]
name=CentOS-$releasever
baseurl=http://192.168.10.1/repos/centos/7/epel/x86_64/
gpgcheck=0
enabled=1

[Updates-Repo]
name=CentOS-$releasever
baseurl=http://192.168.10.1/repos/centos/7/updates/x86_64/
gpgcheck=0
enabled=1

[xididka @ linuxbox yum.repos.d] # yum nadiif dhan
Qalabka la rakibo: fastestmirror, langpacks Meelaha lagu nadiifiyo: Base-Repo CentosPlus-Repo Epel-Repo Media-Repo: Updates-Repo Nadiifinta wax kasta Nadiifinta liiska muraayadaha ugu dhakhsaha badan
[xididka @ linuxbox yum.repos.d] # yum cusbooneysiin
Plugins la raray: fastestmirror, langpacks Base-Repo | 3.6 kB 00:00 CentosPlus-Repo | 3.4 kB 00:00 Epel-Repo | 4.3 kB 00:00 Media-Repo | 3.6 kB 00:00 Cusbooneysiin-Repo | 3.4 kB 00:00 (1/9): Saldhig-Repo / koox_gz | 155 kB 00:00 (2/9): Epel-Repo / koox_gz | 170 kB 00:00 (3/9): Media-Repo / koox_gz | 155 kB 00:00 (4/9): Epel-Repo / updateinfo | 734 kB 00:00 (5/9): Media-Repo / primary_db | 5.3 MB 00:00 (6/9): CentosPlus-Repo / primary_db | 1.1 MB 00:00 (7/9): Cusbooneysiin-Repo / primary_db | 2.2 MB 00:00 (8/9): Epel-Repo / primary_db | 4.5 MB 00:01 (9/9): Saldhig-Repo / primary_db | 5.6 MB 00:01 Go'aaminta muraayadaha ugu dhakhsaha badan Ma jiraan xirmooyin loo calaamadeeyay cusbooneysiinta

Farriinta "Xirmo ma jiraan oo loo calaamadeeyay cusbooneysiinta»Waa la muujiyay maxaa yeelay intii aan rakibnay waxaan shaaca ka qaadnay isla keydadkii maxalliga ahaa ee aan hayno.

Centos 7 oo leh MATE desktop desktop

Si loo adeegsado aaladaha maamulka ee aadka u wanaagsan oo leh qaab muuqaal ah oo ay soo bandhigto CentOS / Red Hat, iyo sababta oo ah marwalba waan u xiiseynaa GNOME2, waxaan go'aansanay inaan ku rakibo MATE sidii jawi desktop ah.

[xididka @ Linux_ ~] # yum groupinstall "X Window system"
[xididka @ Linux_ ~] # yum groupinstall "MATE Desktop"

Si loo hubiyo in MATE si sax ah u rartay, waxaan ku fulinnaa amarka soo socda konsole -local ama remote-:

[xididka @ linuxbox ~] # systemctl gooni u saar garaafka.target

iyo jawiga desktop-ka waa in la rakibaa -kooxda deegaanka- si habsami leh, oo muujinaya iftiin sida login garaaf ah. Waxaan ku qoreynaa magaca isticmaalaha maxalliga ah iyo lambarkiisa sirta ah, waxaanan geli doonnaa MATE.

In loo sheego systemd in heerka boot-ka uu yahay 5-deegaan-waxaan abuureynaa isku xirka astaamaha:

[xididka @ Linux_ ~] # ln -sf /lib/systemd/system/runlevel5.target /etc/systemd/system/default.target

Waxaan dib udajinay nidaamka wax walbana sifiican ayey u shaqeeyaan.

Waxaan rakibnaa Adeegga Waqtiga ee Shabakadaha

[xididka @ Linux_ ~] # yum rakib ntp

Inta lagu guda jiro rakibida waxaan isku habeynaynaa in saacada maxalliga ah lala jaanqaadi doono waqtiga adeegaha qalabka sysadmin.fromlinux.fan leh IP 192.168.10.1. Marka, waxaan keydineynaa feylka ntp.conf asalka ah:

[xididka @ Linux_ ~] # cp /etc/ntp.conf /etc/ntp.conf.original

Hadda, waxaan abuureynaa mid cusub oo leh waxyaabaha soo socda:

[root @ linuxbox ~] # nano /etc/ntp.conf # Servers ayaa loo habeeyay inta lagu gudajiray: server 192.168.10.1 iburst # Wixii macluumaad dheeraad ah, ka eeg ninka bogagga: # ntp.conf (5), ntp_acc (5) , ntp_auth (5), ntp_clock (5), ntp_misc (5), ntp_mon (5). driftfile / var / lib / ntp / drift # U oggolow is waafajinta waqtiga isha, laakiin # u oggolaan ilaha inay la tashato ama wax ka beddesho adeegan xaddididda nomodify notrap nopeer noquery caadiga ah # U oggolow dhammaan marinka marin-u-helka Loopback xaddid 127.0.0.1 xaddid :: 1 # In yar ka xaddid kombiyuutarrada shabakadda maxalliga ah. xaddido 192.168.10.0 maaskaro 255.255.255.0 nomodify notrap # Isticmaal boggaga dadweynaha ee mashruuca pool.ntp.org # Haddii aad rabto inaad ku soo biirto mashruuca booqo # (http://www.pool.ntp.org/join.html). #broadcast 192.168.10.255 autokey # server broadcast broadcastclient # broadcast broadcast #broadcast 224.0.1.1 autokey # multicast server #multicastclient 224.0.1.1 # macmiil fara badan #manycastserver 239.255.254.254 # manycast server #manycastclient 239.255.254.254 auto. 192.168.10.255 # Suurta gali sirta dadweynaha. # encrypto includefile / etc / ntp / crypto / pw # Faylka furaha oo ay kujiraan furayaasha iyo aqoonsi furaha # loo isticmaalo marka lagu shaqeynayo furayaasha furaha iskudhafka ah / iwm / ntp / furayaasha # Sheeg aqoonsiyo muhiim ah oo lagu kalsoon yahay. #trustedkey 4 8 42 # Sheeg aqoonsiga furaha si aad ugu isticmaasho utpdc utility. #requestkey 8 # Sheeg aqoonsiga furaha si aad ugu adeegsato utpq utility. #controlkey 8 # Awood u qorista diiwaanada tirakoobka. # Disable kormeerka goosashada si looga hortago kordhinta # weerarada adoo adeegsanaya amarka ntpdc monlist, marka ugu horeynta # xayiraad uusan ku jirin calanka noquery. Akhriso CVE-2013-5211 # wixii faahfaahin dheeraad ah. # Xusuusin: Kormeeraha ayaan ku naafoobin calanka xaddidan ee xaddidan. gab qalabka

Waxaan awood u siineynaa, bilownaa oo aan hubinnaa adeegga NTP

[xididka @ linuxbox ~] # systemctl status ntpd
Ntpd.service - Adeegga Waqtiga Shabakadda Lagu Rariyay: raran (/usr/lib/systemd/system/ntpd.service; naafo ah; iibiyaha horay loo siiyaya: naafo ah) Firfircoon: firfircooneyn (dhintay)

[xididka @ linuxbox ~] # systemctl awood ntpd
Summad laga sameeyay /etc/systemd/system/multi-user.target.wants/ntpd.service to /usr/lib/systemd/system/ntpd.service.

[xididka @ Linux_ ~] # systemctl bilaw ntpd
[xididka @ linuxbox ~] # systemctl status ntpd

[xididka @ linuxbox ~] # systemctl status ntpdntpd.service - Adeegga Waqtiga Shabakadda
   Loaded: la raray (/usr/lib/systemd/system/ntpd.service; karti leh; iibiyaha horay loo sii qorsheeyay: naafo ah) Firfircoon: firfircoon (socda) ilaa Fri 2017-04-14 15:51:08 EDT; 1s kahor Hannaanka: 1307 ExecStart = / usr / sbin / ntpd -u ntp: ntp $ OPTIONS (koodh = kabax, xaalad = 0 / SUCCESS) Main PID: 1308 (ntpd) CGroup: /system.slice/ntpd.service └─ 1308 / usr / sbin / ntpd -u ntp: ntp -g

Ntp iyo Firewall

[xididka @ linuxbox ~] # firewall-cmd --get-firfircoon-aagag
external
  isweydaarsi: ens34
dadweynaha
  isweydaarsi: ens32

[xididka @ linuxbox ~] # firewall-cmd --zone = dadweynaha --add-port = 123 / udp - joogto ah
guul
[xididka @ linuxbox ~] # firewall-cmd --reload
guul

Waxaan awood u siineynaa oo aan u habeynaynaa Dnsmasq

Sidii aan ku aragnay maqaal hore taxanaha Shabakadaha Ganacsiga Yaryar, Dnsamasq waxaa loogu rakibay si caadi ah Server Centre 7 Infrastructure Server.

[xididka @ linuxbox ~] # systemctl status dnsmasq
Ns dnsmasq.service - server keydinta DNS. Xamuus: xamuul (/usr/lib/systemd/system/dnsmasq.service; naafo ah; iibiyaha horena uleeyahay: naafo ah) Firfircoon: firfircoonayn (dhintay)

[xididka @ linuxbox ~] # systemctl awood dnsmasq
Summad laga sameeyay /etc/systemd/system/multi-user.target.wants/dnsmasq.service to /usr/lib/systemd/system/dnsmasq.service.

[xididka @ linuxbox ~] # systemctl bilaw dnsmasq
[xididka @ linuxbox ~] # systemctl status dnsmasq
Ns dnsmasq.service - server keydinta DNS. Loaded: la rakibey (/usr/lib/systemd/system/dnsmasq.service; karti leh; iibiyaha horay loo sii qorsheeyay: naafo ah) Firfircoon: firfircoon (socda) ilaa Jimcaha 2017-04-14 16:21:18 EDT; 4s ago Main PID: 33611 (dnsmasq) CGroup: /system.slice/dnsmasq.service └─33611 / usr / sbin / dnsmasq -k

[xididka @ linuxbox ~] # mv /etc/dnsmasq.conf /etc/dnsmasq.conf.original

[xididka @ linuxbox ~] # nano /etc/dnsmasq.conf
# ------------------------------------------------- ------------------ # XULASHADA GUUD # ----------------------------- ------------------------------------------ domain-loo baahan yahay # Ha ku gudbin magacyo la'aan qaybta qaybta bogus-priv # Ha ku dhaafin cinwaanada meelaha banaan ee balaadhinta-martigaliyayaasha # Si otomaatig ah ugu dar barta bogga martigeliyaha = ens32 # Interface LAN-amar adag # Amarka lagu weydiinayo faylka /etc/resolv.conf feyl-dir = / iwm /dnsmasq.d domain = desdelinux.fan # Cinwaanka magaca cinwaanka = / time.windows.com / 192.168.10.5 # Waxay dirtaa ikhtiyaar madhan oo ah qiimaha WPAD. Waxaa looga baahan yahay # Windos 7 iyo hadhow macaamiisha inay udhaqmaan si sax ah. ;-) dhcp-option = 252, "\ n" # Faylka oo aan ku dhawaaqi doono HOSTS-yada "la mamnuuci doono" addn-host = / etc / banner_add_hosts local = / desdelinux.fan / # ---------- ---------------------------------------------------- ------- # DIIWAANGELINTA MAXTXT # ---------------------------------------- --------------------------- # Diiwaan-gelinta noocan ahi waxay u baahan tahay gelitaan # faylka / iwm / marti-geliyeyaasha # tusaale: 192.168.10.5 linuxbox.fromlinux.fan linuxbox # cname = ALIAS, REAL_NAME cname = mail.fromlinux.fan, linuxbox.fromlinux.fan # MX RECORDS # Waxay soo celisaa diiwaanka MX oo leh magaca "desdelinux.fan" oo loogu talagalay # loogu talagalay kumbuyuutarka mail.desdelinux. taageere iyo mudnaanta 10 mx-host = desdelinux.fan, mail.desdelinux.fan, 10 # Meesha ugu dambeysa ee loogu talagalay diiwaanada MX ee la sameeyay # iyadoo la adeegsanayo ikhtiyaarka maxalliga ah waxay noqon doontaa: mx-target = mail.desdelinux.fan # Soo Celinta Rikoor MX ah oo tilmaamaya mx-bartilmaameedka DHAMMAAN # mashiinada maxalliga ah ee maxalliga ah 'rikoodh TXT'. Waxaan sidoo kale sheegi karnaa diiwaan SPF ah txt-record = desdelinux.fan, "v = spf1 a -all" txt-record = desdelinux.fan, "FromLinux, Blog-kaaga wuxuu u heellan yahay Software Bilaash ah" # --------- ---------------------------------------------------- -------- # RAAJADA IYO ISTICMAALADA # ------------------------------------ ---------------------------- # IPv4 kala duwan iyo waqtiga ijaarka # 1 ilaa 29 waxaa loogu talagalay Servers iyo baahiyaha kale ee dhcp -range = 192.168.10.30,192.168.10.250,8h dhcp-lease-max = 222 # Tirada ugu badan ee cinwaanada la kireysto # ugu badnaan waa 150 # IPV6 kala duwan # dhcp-range = 1234 ::, ra-kaliya # Ikhtiyaarrada loogu talagalay RANGE # OPTIONS dhcp-option = 1,255.255.255.0 # NETMASK dhcp-option = 3,192.168.10.5 # ROUTER GATEWAY dhcp-option = 6,192.168.10.5 # DNS Servers dhcp-option = 15, desdelinux.fan # DNS Domain Name dhcp-option = 19,1 , 28,192.168.10.255 # xulashada ip-gudbinta ON dhcp-option = 42,192.168.10.5 # BROADCAST dhcp-option = XNUMX # NTP dhcp-authoritative # DHCP sharciyeysan subnet # -------------- ------------------ ---------------------------------- # Haddii aad rabto inaad ku kaydiso / var / log / fariimaha log ka weydiimaha # qaboojinta khadka hoose # -------------------------------------- ----------------------------
# log-weydiimo
# DHAMMAAD faylka /etc/dnsmasq.conf # -------------------------------------- ----------------------------

Waxaan abuuraynaa faylka / iwm / banner_add_hosts

[xididka @ Linux_ ~] # nano / iwm / banner_add_hosts
192.168.10.5 windowsupdate.com 192.168.10.5 ctldl.windowsupdate.com 192.168.10.5 ocsp.verisign.com 192.168.10.5 csc3-2010-crl.verisign.com 192.168.10.5 www.msftncsi.com 192.168.10.5 ipv6.msftncsi.com 192.168.10.5 teredo.ipv6.microsoft.com 192.168.10.5 ds.download.windowsupdate.com 192.168.10.5 download.microsoft.com 192.168.10.5 fe2.update.microsoft.com 192.168.10.5 crl.microsoft.com 192.168.10.5 www .download.windowsupdate.com 192.168.10.5 win8.ipv6.microsoft.com 192.168.10.5 spynet.microsoft.com 192.168.10.5 spynet1.microsoft.com 192.168.10.5 spynet2.microsoft.com 192.168.10.5 spynet3.microsoft.com 192.168.10.5. 4 spynet192.168.10.5.microsoft.com 5 spynet192.168.10.5.microsoft.com 15 office192.168.10.5client.microsoft.com 192.168.10.5 addons.mozilla.org XNUMX crl.verisign.com

Cinwaanada IP-ga oo go'an

[xididka @ linuxbox ~] # nano / etc / host
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 :: 1 localhost localhost

Waxaan u qaabeyneynaa feylka /etc/resolv.conf - xallin

[xididka @ linuxbox ~] # nano /etc/resolv.conf
raadi desdelinux.fan magac bixiyaha 127.0.0.1 # Wixii su'aalo DNS ah oo bannaanka ama aan ahayn domain # desdelinux.fan # local = / desdelinux.fan / nameserver 8.8.8.8

Waxaan hubineynaa qaabka faylka dnsmasq.conf, waxaan bilownaa oo aan hubinaa xaaladda adeegga

[xididka @ linuxbox ~] # dnsmasq --test
dnsmasq: syntax hubi OK.
[xididka @ Linux_ ~] # systemctl dib u bilaabi dnsmasq
[xididka @ linuxbox ~] # systemctl status dnsmasq

Dnsmasq iyo Firewall

[xididka @ linuxbox ~] # firewall-cmd --get-firfircoon-aagag
external
  isweydaarsi: ens34
dadweynaha
  isweydaarsi: ens32

Adeeg domain o Server Name Server (dns). Hab maamuuska dadban «IP leh sirta«

[xididka @ linuxbox ~] # firewall-cmd --zone = dadweynaha --add-port = 53 / tcp --permanent
guul
[xididka @ linuxbox ~] # firewall-cmd --zone = dadweynaha --add-port = 53 / udp - joogto ah
guul

Weydiimaha Dnsmasq ee server-yada dibedda ee DNS

[xididka @ Linux_ ~] # firewall-cmd --zone = dibedda --add-port = 53 / tcp - joogto ah
guul
[xididka @ linuxbox ~] # firewall-cmd --zone = dibedda --add-port = 53 / udp - joogto ah
guul

Adeeg kabaha o Server BOOTP (dhcp). Hab maamuuska ippc «Qalabka Internetka ee Pluribus Packet«

[xididka @ linuxbox ~] # firewall-cmd --zone = dadweynaha --add-port = 67 / tcp --permanent
guul
[xididka @ linuxbox ~] # firewall-cmd --zone = dadweynaha --add-port = 67 / udp - joogto ah
guul

[xididka @ linuxbox ~] # firewall-cmd --reload
guul

[root @ linuxbox ~] # firewall-cmd --info-zone dadweynaha guud (firfircoon)
  bartilmaameedka: default icmp-block-inversion: no interfaces: ens32 sources: services: dhcp dns ntp ssh ports: 67 / tcp 53 / udp 123 / udp 67 / udp 53 / tcp protocols: masquerade: no-ports-ports: sourceports: icmp -blocks: xeerarka hodanka ah:

[xididka @ linuxbox ~] # firewall-cmd --info-zone bannaanka dibedda ah (firfircoon)
  bartilmaameedka: default icmp-block-inversion: no interfaces: ens34 sources: services: dns ports: 53 / udp 53 / tcp protocols: masquerade: yes forward-ports: sourceports: icmp-blocks: parameter-problem rediuter-advertisement router- codsi il-demin xeerar hodan ah:

Haddii aan dooneyno inaan adeegsanno shaxanka qaabeynta qaabeynta Firewall-ka CentOS 7, waxaan eegeynaa liiska guud - waxay ku xirnaan doontaa jawiga desktop-ka ee ay ka muuqato submenu - codsiga «Firewall», waan fulinnaa iyo kadib markaan galno lambarka sirta ah xidid, waxaan u heli doonnaa barnaamijka barnaamijka sidiisa oo kale. MATE-ka waxay ka muuqataa liiska «Nidaamka »->" Maamulka "->" Firewall ".

Waxaan dooranaa Aagga «dadweynaha»Anaguna waxaan fasax u siinaynaa Adeegyada aan dooneyno in lagu daabaco LAN-ka, oo illaa iyo hadda ah dhcp, DNS, ntp iyo ssh. Ka dib xulashada adeegyada, xaqiijinta in wax waliba si sax ah u shaqeeyaan, waa inaan ku sameynaa isbeddelada Runtime to Permanent. Si tan loo sameeyo waxaan tagnaa xulashada xulashada oo xulo ikhtiyaarka «Waqtiga ku orod si joogto ah«.

Mar dambe ayaan doorannaa Aagga «external»Waxaanan hubineynaa in Dekedaha lagama maarmaanka u ah isgaarsiinta internetka ay furan yihiin. HA ku daabicin Adeegyada Aaggan illaa aan si fiican u ogaanno waxa aan qabaneyno mooyee!.

Ha iloobin in isbeddelada lagu sameeyo Joogto iyada oo loo marayo ikhtiyaarka «Waqtiga ku orod si joogto ah»Oo dib u carar jinka Dab-damis, mar kasta oo aan adeegsanno aaladdan garaafka ee awoodda badan.

NTP iyo Dnsmasq oo ka socda macmiilka Windows 7

Iswaafajinta NTP

external

Kireynta IP address

Microsoft Windows [Nooca 6.1.7601] Xuquuqda daabacaadda (c) 2009 Microsoft Corporation. Xuquuqda daabacaadu way xifdisan. C: \ Users \ buzz> ipconfig / dhamaan Windows IP Configuration Host Host. . . . . . . . . . . . : TODDOBAAD
   Dffix Primary Dns. . . . . . . :
   Nooca Boodhka. . . . . . . . . . . . : Wadada iskuxirka IP-ga oo awood leh. . . . . . . . : Ma jiro WINS Wakiil oo Daaran. . . . . . . . : Ma jiro Liiska Raadinta ee Suufiyeynta DNS. . . . . . . : desdelinux.fan Sharaxaad. . . . . . . . . . . : Intel (R) PRO / 1000 MT Iskuxirka Shabakada Cinwaanka Jirka. . . . . . . . . : 00-0C-29-D6-14-36 DHCP Waa Daaran tahay. . . . . . . . . . . : Haa Iskudhiska Awood-gelinta . . . : Waana
   Cinwaanka IPv4. . . . . . . . . . . : 192.168.10.115 (Jeclaa)
   Maaskaro Subnet. . . . . . . . . . . : 255.255.255.0 Waxaa la helay heshiis kiro ah. . . . . . . . . . : Jimco, Abriil 14, 2017 5:12:53 PM Kireynta Waqtiga. . . . . . . . . . : Sabti, Abriil 15, 2017 1:12:53 AM Albaabka Hore. . . . . . . . . : 192.168.10.1 DHCP Server. . . . . . . . . . . : 192.168.10.5 Server-ka DNS. . . . . . . . . . . : 192.168.10.5 NetBIOS ka badan Tcpip. . . . . . . . : Adapter Tunnel firfircoon Xiriiriyaha Aagga Deegaanka * 9: Gobolka Warbaahinta. . . . . . . . . . . : Warbaahintu waxay go'day Xiriirinta gaarka ah ee DNS Suufiye. : Sharaxaad. . . . . . . . . . . : Adreeska Adareeska Tunneling ee Tunnelka Microsoft Cinwaanka Jirka. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP Waa Daaran. . . . . . . . . . . : No Autoconfiguration karti uma leh . . . : Haa adabtarada Tunnel isatap.fromlinux.fan: Gobolka Warbaahinta. . . . . . . . . . . : Warbaahinta ayaa go'day Xiriirinta gaarka ah ee DNS Suufiye. : desdelinux.fan Sharaxaad. . . . . . . . . . . : Microsoft ISATAP Adapter # 2 Cinwaanka Jirka. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP Waa Daaran tahay. . . . . . . . . . . : No Autoconfiguration karti uma leh . . . : Haa C: \ Users \ buzz>

Tip

Qiimaha muhiimka ah ee macaamiisha Windows waa "Primary Dns Suffix" ama "Main Main suffix". Markaad isticmaalin Microsoft Domain Controller, nidaamka hawlgalku wax qiimo ah ugama dhigaayo. Haddii aan wajaheyno kiis la mid ah midka lagu sharraxay bilowga maqaalka oo aan dooneyno inaan si cad u sheegno qiimahaas, waa inaan ku sii socono sida ku cad muuqaalka soo socda, aqbalno isbeddelada oo aan dib ugu bilawno macmiilka.

 

Haddaan mar labaad tartano CMD -> ipconfig / dhammaan waxaan heli doonaa waxyaabaha soo socda:

Microsoft Windows [Nooca 6.1.7601] Xuquuqda daabacaadda (c) 2009 Microsoft Corporation. Xuquuqda daabacaadu way xifdisan. C: \ Users \ buzz> ipconfig / dhamaan Windows IP Configuration Host Host. . . . . . . . . . . . : TODDOBAAD
   Dffix Primary Dns. . . . . . . : desdelinux.fan
   Nooca Boodhka. . . . . . . . . . . . : Wadada iskuxirka IP-ga oo awood leh. . . . . . . . : Ma jiro WINS Wakiil oo Daaran. . . . . . . . : Ma jiro Liiska Raadinta ee Suufiyeynta DNS. . . . . . : desdelinux.fan

Qiimaha intiisa kale weli isma beddelin

Hubinta DNS

buzz @ sysadmin: ~ $ host spynet.microsoft.com
spynet.microsoft.com waxay leedahay cinwaan 127.0.0.1 Marti-geliyaha spynet.microsoft.com lama helin: 5 (DIIDAY) boostada spynet.microsoft.com waxaa gacanta ku haya 1 mail.fromlinux.fan.

buzz @ sysadmin: ~ $ host linuxbox
linuxbox.desdelinux.fan wuxuu leeyahay cinwaan 192.168.10.5 linuxbox.desdelinux.fan boostada waxaa maareeya 1 mail.desdelinux.fan.

buzz @ sysadmin: ~ $ host sysadmin
sysadmin.desdelinux.fan wuxuu leeyahay cinwaan 192.168.10.1 sysadmin.desdelinux.fan boostada waxaa gacanta ku haya 1 mail.desdelinux.fan.

buzz @ sysadmin: ~ $ boostada martida loo yahay
mail.desdelinux.fan waa magac u gaar ah linuxbox.desdelinux.fan. linuxbox.desdelinux.fan wuxuu leeyahay cinwaan 192.168.10.5 linuxbox.desdelinux.fan mail waxaa gacanta ku haya 1 mail.desdelinux.fan.

Waxaan rakibnaa -imtixaanka kaliya- server DNS A awood leh NSD gudaha sysadmin.fromlinux.fan, oo waxaan ku darnaa cinwaanka IP-ga 172.16.10.1 kaydka /etc/resolv.conf kooxda linuxbox.fromlinux.fan, si loo xaqiijiyo in Dnsmasq ay si sax ah u gudaneysay howsheeda gudbiyaha. Sanduuqyada Sandbox-ka ee server-ka NSD waa faavt.org y toujague.org. Dhammaan IP-yada waa khayaali ama waxay ka yimaadaan shabakadaha gaarka loo leeyahay.

Haddii aan joojino interface-ka WAN damqasho34 adoo adeegsanaya amarka haddii hoos u dhaco en34, Dnsmasq ma awoodi doonto inay wax weyddiiso server-yada DNS-ka ah.

[buzz @ linuxbox ~] $ sudo ifdown ens34 [buzz @ linuxbox ~] $ host -t mx toujague.org
Marti-geliyaha toujague.org lama helin: 3 (NXDOMAIN)

[buzz @ linuxbox ~] $ host pizzapie.favt.org
Marti geliyaha pizzapie.favt.org lama helin: 3 (NXDOMAIN)

Aynu karno is-dhexgalka 'ens34 interface' oo aan mar kale hubino:

[buzz @ linuxbox ~] $ sudo ifup ens34
buzz @ linuxbox ~] $ host pizzapie.favt.org
pizzapie.favt.org waa naaneysi loogu magacdaray paisano.favt.org. paisano.favt.org wuxuu leeyahay cinwaan 172.16.10.4

[buzz @ linuxbox ~] $ host pizzapie.toujague.org
Marti geliyaha pizzas.toujague.org lama helin: 3 (NXDOMAIN)

[buzz @ linuxbox ~] $ host poblacion.toujague.org
poblacion.toujague.org wuxuu leeyahay cinwaan 169.18.10.18

[buzz @ linuxbox ~] $ host -t NS favt.org
magaca favt.org server server ns1.favt.org. favt.org server name ns2.favt.org.

[buzz @ linuxbox ~] $ host -t NS toujague.org
toujague.org magaca adeegaha ns1.toujague.org. toujague.org magaca serverka ns2.toujague.org.

[buzz @ linuxbox ~] $ host -t MX toujague.org
mailka toujague.org waxaa gacanta ku haya 10 mail.toujague.org.

Aynu tashano sysadmin.fromlinux.fan:

buzz @ sysadmin: ~ $ bisad /etc/resolv.conf 
ka raadi Linux.fan magac bixiyaha 192.168.10.5

xeon @ sysadmin: ~ $ host mail.toujague.org
mail.toujague.org wuxuu leeyahay cinwaan 169.18.10.19

Dnsmasq wuxuu u shaqeeyaa sida Weeraryahan si sax ah.

Squid

Buugga oo ku jira qaab PDF «Dejinta Server Linux»Taariikhda 25-Luulyo, 2016, qoraaga Joel Barrios (darkshram@gmail.com - http://www.alcancelibre.org/), qoraalka aan ugu soo gudbiyay maqaaladii hore, waxaa jira cutub dhan oo loogu talagalay Ikhtiyaarrada Isku-xidhka Aasaasiga ah.

Muhiimadda ay leedahay Adeegga Websaydhka - Wakiilka awgeed, waxaannu u soo saari doonnaa Hordhac laga sameeyey Squid buugga aan kor ku soo sheegnay:

105.1. Hordhac.

105.1.1. Waa maxay Server dhexdhexaad ah (Wakiil)?

Ereyga oo ah Ingiriisi "Wakiil" wuxuu leeyahay macno aad u guud iyo isla mar ahaantaana macno mugdi ku jiro, in kastoo
waxaa marwalba loo tixgeliyaa isku mid ahaanshaha fikradda ah "Dhexdhexaad". Badanaa waxaa loo tarjumay, macnaha adag, sida wakiisho o awood (kan kale awood ku leh).

Un Server dhexdhexaad ah Waxaa lagu qeexay kombuyuutar ama qalab bixiya adeeg shabakad ka kooban u oggolaanshaha macaamiisha inay xiriirro toos ah oo aan toos ahayn la yeeshaan adeegyada kale ee shabakadda. Inta hawshu socoto waxa soo socda ayaa soo socda:

  • Macmiilku wuxuu ku xiraa a Server wakiil ah.
  • Macmiilku wuxuu codsanayaa isku xir, feyl, ama ilo kale oo laga heli karo server kale.
  • Intermediary Server wuxuu bixiyaa kheyraadka midkood iyadoo lagu xirayo serverka la cayimay
    ama uga adeegaya keyd.
  • Xaaladaha qaarkood Server dhexdhexaad ah beddeli karaa codsiga macaamilka ama kan
    jawaabta server ujeedooyin kala duwan.

ka Wakiilka Wakiilada guud ahaan waxaa loo sameeyaa inay isku mar u shaqeeyaan sidii darbiga dabka ee ka shaqeeya gudaha Heerka shabakadda, oo u dhaqmaya sidii shaandhada baakadka, sida kiiska Iptables ama ka shaqeynaya Heerka Codsiga, xakamaynta adeegyada kala duwan, sida ay tahay xaaladdu Duub TCP. Waxay kuxirantahay macnaha guud, darbiga dabka sidoo kale waxaa loo yaqaanaa BPD o Bsi Protection Device ama kaliya filter baakada.

Codsi guud oo ah Wakiilka Wakiilada waa inuu u shaqeeyaa sidii keyd shabakadeed ah (inta badan HTTP), iyadoo u dhawdahay macaamiisha kayd ah bogag iyo faylal laga heli karo Shabakadda ku jirta server-yada fog ee HTTP, taasoo u oggolaanaysa macaamiisha shabakadda maxalliga ah inay ku helaan dhakhso badan oo lagu kalsoonaan karo.

Marka codsi la helo ilaha shabakad cayiman ee a URL (Uniform Resoos Locator) kan Server dhexdhexaad ah raadi natiijada URL gudaha keydka. Haddii la helo, ka Server dhexdhexaad ah Waxay uga jawaabtaa macaamilka iyadoo si deg deg ah u siinaysa waxyaabaha la codsaday. Haddii waxyaabaha la codsaday ka maqan yahay keydka, ka Server dhexdhexaad ah waxay ka soo qaadaneysaa server fog, iyadoo u geynaysa macmiilkii ka codsaday isla markaana nuqul ku keydinaya keydka. Waxyaabaha ku jira keydka ayaa markaa laga saaraa iyada oo loo marayo algorithm dhicitaan ah iyadoo loo eegayo da'da, cabirka iyo taariikhda jawaabaha codsiyada (hits) (tusaalooyin) LRU, LFUDA y GDSF).

Wakiilka Wakiilada ee Shabakada Shabakadaha (Web Proxies) sidoo kale waxay u dhaqmi karaan sida miirayaasha waxyaabaha loo adeegsaday, iyagoo adeegsanaya siyaasadaha faafreebka iyada oo la raacayo shuruudaha sharci darrada ah..

Nooca Squid ee aan rakibi doono waa 3.5.20-2.el7_3.2 keydka updates.

Ku rakibida

[xididka @ linuxbox ~] # yum rakib squid

[xididka @ linuxbox ~] # ls / etc / squid /
cachemgr.conf errorpage.css.default  xayawaan.conf
cachemgr.conf.andime mime.conf              squid.conf.default
errorpage.css mime.conf.default

[xididka @ linuxbox ~] # systemctl awood u yeelo isugeynta

Muhiim ah

  • Ujeeddada ugu weyn ee maqaalkani waa in loo oggolaado isticmaaleyaasha maxalliga ah inay ku xirmaan Squid kombiyuutarrada kale ee ku xiran LAN. Intaas waxaa sii dheer, hirgelinta xuddunta serverka oo adeegyo kale lagu dari doono. Ma aha qodob loogu talagalay shirkadda 'Squid' sida oo kale.
  • Si aad fikrad uga hesho xulashooyinka qaabeynta Squid, akhri faylka /usr/share/doc/squid-3.5.20/squid.conf.documented, oo leh 7915 khadad.

SELinux iyo Squid

[xididka @ linuxbox ~] # getsebool -a | xoqin xoq
squid_connect_any -> on squid_use_tproxy -> off

[xididka @ linuxbox ~] # setsebool -P squid_connect_any = on

qaabeynta

[xidid @ linuxbox ~] # nano /etc/squid/squid.conf
# LAN acl localnet src 192.168.10.0/24 acl dekedda SSL_ports 443 21
acl dekedda Safe_ports 80 # http acl Safe_ports dekedda 21 # ftp acl dekedda Safe_ports 443 # https acl dekedda Safe_ports 70 # gopher acl dekedda Safe_ports 210 # wais acl dekedda Safe_ports 1025-65535 # dekedaha aan diiwaangashanayn acl dekedda Safe_ports 280 # http-mgmt acl dekedda Safe_ports 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl CONNECT method CONNECT # Waxaan diidnay su'aalaha dekedaha aan amaanka ahayn http_access diid! Maamulaha Kaydka kaliya ee ka socda localhost http_access u oggolow maareeyaha localhost http_access u diid maamulaha # Waxaan si adag ugu talineynaa kuwa soo socda inay noqdaan kuwo aan la ilaawin si loo ilaaliyo # codsiyada webka ee aan waxba galabsan ee ku shaqeynaya serverka wakiilka kuwaas oo u maleynaya in qofka kaliya ee heli kara adeegyada "localhost" uu yahay qof maxalli ah isticmaale http_access u diid in_localhost # # KU DARSAN XEERKAAGA (S) HALKAN SI AAD UGU oggolaATO HELITAANKA Macaamiishaada # # PAM oggolaanshaha
auth_param barnaamijka aasaasiga ah / usr / lib64 / squid / basic_pam_auth
auth_param carruurta aasaasiga ah 5 auth_param boqortooyada aasaasiga ah ee ka timaada Linux.fan auth_param aasaasiga aqoonsiga 2t auth_param kiisaska aasaasiga ah ee ka baxsan # Aqoonsiga Acl ayaa loo baahan yahay si loo helo Squid Enthusiasts proxy_auth REQUIRED # Waxaan u oggolaaneynaa helitaanka isticmaaleyaasha la xaqiijiyay # iyada oo loo marayo PAM http_access diid! acl ftp proto FTP http_access u ogolow ftp http_access u oggolow localnet http_access u oggolow localhost # Waxaan diidnay marin kasta oo kale oo loo maro wakiilka http_access diid dhammaan # Squid caadi ahaan waxay dhegeystaan ​​dekedda 3128 http_port 3128 # Waxaan uga tagnaa "coredumps" galka ugu horeeya ee kaydka coredump_dir / var / spool / squid # # Kudar wax kasta oo ka mid ah waxyaabaha aad soo cusbooneysiinayso ee naftaada ah ee kor ku xusan. # Refresh_pattern ^ ftp: 1440 20% 10080 refresh_pattern ^ gofer: 1440 0% 1440 refresh_pattern -i (/ cgi-bin / | \?) 0 0% 0 refresh_pattern. 0 20% 4320 cache_mem 64 MB # Cache Memory Memory_replacement_policy lru cache_replacement_policy heap LFUDA cache_dir aufs / var / spool / squid 4096 16 256 maximum_object_size 4 MB cache_swap_low 85 cache_swap_highux 90 cache_mgrzz.club.cud.html.

Waxaan hubinnaa qaabeynta faylka /etc/squid/squid.conf

[xididka @ Linux_ ~] # squid -k parse
2017/04/16 15: 45: 10 | Bilowga: Bilaabidda Mashruucyada Hubinta ...
 2017/04/16 15: 45: 10 | Bilowga: Qorshaha Hubinta ee la aasaasay 'aasaasiga' 2017/04/16 15: 45: 10 | Bilowga: Qorshaha Hubinta ee la bilaabay 'digest' 2017/04/16 15: 45: 10 | Bilowga: Qorshaha Hubinta ee la Bilaabay 'gorgortan' 2017/04/16 15: 45: 10 | Bilowga: Qorshaha Hubinta ee La Bilaabay 'ntlm' 2017/04/16 15: 45: 10 | Bilowga: Hubsiinta la bilaabay.
 2017/04/16 15: 45: 10 | Falanqaynta Qaabeynta Qaabeynta: /etc/squid/squid.conf (qoto dheer 0) 2017/04/16 15: 45: 10 | Processing: acl localnet src 192.168.10.0/24 2017/04/16 15: 45: 10 | Processing: acl dekedda SSL_port 443 21 2017/04/16 15: 45: 10 | Hawlgalinta: acl dekedda Safe_ports 80 # http 2017/04/16 15: 45: 10 | Hawlgalinta: acl dekedda Safe_ports 21 # ftp 2017/04/16 15: 45: 10 | Socodsiinta: acl dekedda_Soomaaliya_Ardo 443 # https 2017/04/16 15: 45: 10 | Hawlgalinta: acl dekedda Badbaadada ah 70 # gopher 2017/04/16 15: 45: 10 | Socodsiinta: acl dekedda_Boqorka_Badbaado 210 # wais 2017/04/16 15: 45: 10 | Processing: acl dekedda Safe_ports 1025-65535 # dekedaha aan diiwaangashanayn 2017/04/16 15: 45: 10 | Hawlgalinta: acl dekedda Safe_ports 280 # http-mgmt 2017/04/16 15: 45: 10 | Processing: acl dekedda Safe_ports 488 # gss-http 2017/04/16 15: 45: 10 | Processing: acl dekedda_Boqorka_Boqorka 591 # filemaker 2017/04/16 15: 45: 10 | Processing: acl dekedda Safe_ports 777 # multiling http 2017/04/16 15: 45: 10 | Processing: acl XIDHIIDHKA XIDHIIDHKA 2017/04/16 15: 45: 10 | Hawlaha: http_access beeni! Bad_caruurta 2017/04/16 15: 45: 10 | Processing: http_access beeni CONNECT! SSL_ports 2017/04/16 15: 45: 10 | Hawlaha: http_access u oggolow maareeyaha maxalliga ah 2017/04/16 15: 45: 10 | Hawlgalinta: http_access ayaa u diidey maareeyaha 2017/04/16 15: 45: 10 | Processing: http_access beeni to_localhost 2017/04/16 15: 45: 10 | Hawlaha: auth_param barnaamijka aasaasiga ah / usr / lib64 / squid / basic_pam_auth 2017/04/16 15: 45: 10 | Processing: auth_param carruurta aasaasiga ah 5 2017/04/16 15: 45: 10 | Processing: auth_param boqortooyada aasaasiga ah ee ka timid Linux.fan 2017/04/16 15: 45: 10 | Processing: auth_param aasaasiga aqoonsigasttl 2 saacadood 2017/04/16 15: 45: 10 | Processing: auth_param kiisaska aasaasiga ah ee xasaasiga ah 2017/04/16 15: 45: 10 | Processing: acl Hiigsi wakiilo_auth Baahan 2017/04/16 15: 45: 10 | Processing: http_access beeniso! Xamaasada 2017/04/16 15: 45: 10 | Processing: acl ftp proto FTP 2017/04/16 15: 45: 10 | Hawlaha: http_access u oggolow ftp 2017/04/16 15: 45: 10 | Hawlaha: http_access u oggolow localnet 2017/04/16 15: 45: 10 | Hawlaha: http_access u oggolow localhost 2017/04/16 15: 45: 10 | Socodka: http_access diid dhammaan 2017/04/16 15: 45: 10 | Socodsiinta: http_port 3128 2017/04/16 15: 45: 10 | Hawlgalinta: coredump_dir / var / spool / squid 2017/04/16 15: 45: 10 | Processing: refresh_pattern ^ ftp: 1440 20% 10080 2017/04/16 15: 45: 10 | Processing: refresh_pattern ^ gopher: 1440 0% 1440 2017/04/16 15: 45: 10 | Hawlaha: refresh_pattern -i (/ cgi-bin / | \?) 0 0% 0 2017/04/16 15: 45: 10 | Hawsha: refresh_pattern. 

Waxaan ku hagaajinaa rukhsadaha / usr / lib64 / squid / basic_pam_auth

[xididka @ Linux_ ~] # chmod u + s / usr / lib64 / squid / basic_pam_auth

Waxaan abuureynaa buugga keydka

# Haddii ay dhacdo ... [xidid @ linuxbox ~] # joogsiga squid adeegga
U jeedinta / bin / systemctl joojinta squid.service

[xididka @ Linux_ ~] # squid -z
[xididka @ Linux_ ~] # 2017/04/16 15:48:28 kid1 | U samee Diiwaanka Hadda / var / spool / squid 2017/04/16 15:48:28 kid1 | Abuuritaanka tusayaasha isdhaafsiga maqan 2017/04/16 15:48:28 kid1 | / var / spool / squid jira 2017/04/16 15:48:28 kid1 | Samaynta tusayaal / / var / spool / squid / 00 2017/04/16 15:48:28 kid1 | Samaynta tusayaal / / var / spool / squid / 01 2017/04/16 15:48:28 kid1 | Samaynta tusayaal / / var / spool / squid / 02 2017/04/16 15:48:28 kid1 | Samaynta tusayaal / / var / spool / squid / 03 2017/04/16 15:48:28 kid1 | Samaynta tusayaal / / var / spool / squid / 04 2017/04/16 15:48:28 kid1 | Samaynta tusayaal / / var / spool / squid / 05 2017/04/16 15:48:28 kid1 | Samaynta tusayaal / / var / spool / squid / 06 2017/04/16 15:48:28 kid1 | Samaynta tusayaal / / var / spool / squid / 07 2017/04/16 15:48:28 kid1 | Samaynta tusayaal / / var / spool / squid / 08 2017/04/16 15:48:28 kid1 | Samaynta tusayaal / / var / spool / squid / 09 2017/04/16 15:48:28 kid1 | Samaynta tusayaal / / var / spool / squid / 0A 2017/04/16 15:48:28 kid1 | Samaynta tusayaal / / var / spool / squid / 0B 2017/04/16 15:48:28 kid1 | Samaynta tusayaal / / var / spool / squid / 0C 2017/04/16 15:48:29 kid1 | Samaynta tusayaal / / var / spool / squid / 0D 2017/04/16 15:48:29 kid1 | Samaynta tusayaal / / var / spool / squid / 0E 2017/04/16 15:48:29 kid1 | Sameynta tusayaal / var / spool / squid / 0F

Waqtigan xaadirka ah, haddii ay qaadato wakhti in la soo celiyo amarka degdegga ah - oo aan waligey igu soo noqon - riix Gali.

[xididka @ linuxbox ~] # adeegga squid bilawga
[xididka @ Linux_ ~] dib u bilaw adeeg # squid
[xididka @ linuxbox ~] # xaaladda squid service
Ujedinta / bin / systemctl status squid.service ● squid.service - Wakiilka qafiska Squid Loaded: xamuul ah (/usr/lib/systemd/system/squid.service; naafo ah; iibiyaha horay loo sii qorsheeyay: naafo ah) Firfircoon: firfircoon (socda) ilaa gurigii 2017-04-16 15:57:27 EDT; 1s kahor Hannaanka: 2844 ExecStop = / usr / sbin / squid -k shutdown -f $ SQUID_CONF (lambar = kabax, xaalad = 0 / SUCCESS) Nidaamka: 2873 ExecStart = / usr / sbin / squid $ SQUID_OPTS -f $ SQUID_CONF (lambar = baxay, status = 0 / SUCCESS) Nidaamka: 2868 ExecStartPre = / usr / libexec / squid / cache_swap.sh (koodh = kabax, xaalad = 0 / SUCCESS) Main PID: 2876 (squid) CGroup: /system.slice/squid .service └─2876 / usr / sbin / squid -f /etc/squid/squid.conf Apr 16 15:57:27 linuxbox systemd [1]: Starting Squid caching proxy ... Apr 16 15:57:27 linuxbox systemd [1]: Wakiilka keydinta maqaayadaha ee la bilaabay. Apr 16 15:57:27 linuxbox squid [2876]: Waalidka Squid: wuxuu bilaabi doonaa 1 caruur Apr 16 15:57:27 linuxbox squid [2876]: Squid Parent: (squid-1) process 2878 ... ed Apr 16 15 : 57: 27 linuxbox squid [2876]: Waalidka Squid: (squid-1) geedi socodka 2878 ... 1 Tilmaam: Khadadka qaar ayaa la jeexjeexay, isticmaal -l si buuxda loo muujiyo

[xididka @ Linux_ ~] # cat / var / log / messages | xoqin xoq

Dayactirka Firewall

Waa inaan sidoo kale ka furnaa aagga «external"dekedaha 80HTTP y 443 HTTPS sidaa awgeed Squid-ka ayaa kula xiriiri kara internetka.

[xididka @ Linux_ ~] # firewall-cmd --zone = dibedda --add-port = 80 / tcp - joogto ah
guul
[xididka @ Linux_ ~] # firewall-cmd --zone = dibedda --add-port = 443 / tcp - joogto ah
guul
[xididka @ linuxbox ~] # firewall-cmd --reload
guul
[root @ linuxbox ~] # firewall-cmd --info-zone dibadda
dibedda (firfircoon) bartilmaameedka: default icmp-block-inversion: no interfaces: ens34 Ilo: adeegyo: dns ports: 443 / tcp 53 / udp 80 / tcp 53 / tcp
  maamuusyo: masquerade: haa horay-dekedaha: soodhawrka: icmp-blocks: parameter-problem rediuter-xayaysiis router-codsi il-demin xeerar hodan ah:
  • Ma aha caajis in loo aado arjiga garaafka ah «Isku xidhka Firewall»Oo hubi in dekedaha 443 tcp, 80 tcp, 53 tcp, iyo 53 udp ay u furan yihiin aagga«external«, Iyo inaanan u daabicin wax adeeg ah iyada.

Ogsoonow barnaamijka caawiyaha aasaasiga_pam_auth

Haddii aan la tashanno buug-gacmeedka hay'addan nin aasaasi_pam_auth Waxaan aqrin doonnaa in qoraaga laftiisu uu soo jeedin adag ka bixinayo in barnaamijka loo wareejiyo hage halkaas oo dadka isticmaala caadiga aysan haysan rukhsad ku filan oo ay ku helaan qalabka.

Dhinaca kale, waxaa la ogyahay in qorshahan oggolaanshaha, aqoonsiyadaha ay ku socdaan qoraal cad oo aysan ammaan u ahayn jawiga colaadeed, aqri shabakadaha furan.

Jeff Yestrumskas u hibee maqaalka «Sida loo-qabanayo: Deji wakiilka webka ee aaminka ah adoo adeegsanaya sirta SSL, Squid Caching Proxy iyo xaqiijinta PAM»Arrinta ku saabsan kordhinta amniga ee nidaamkan xaqiijinta si loogu adeegsado shabakadaha furan ee cadowtinimada leh.

Waxaan rakibnaa httpd

Si loo hubiyo hawlgalka Squid -iyo si kadis ah kan Dnsmasq- waanu rakibi doonaa adeegga httpd -Apache web server- kaas oo aan loo baahnayn in la sameeyo. Faylka kuxiran Dnsmasq / iwm / banner_add_hosts Waxaan cadeyneynaa boggaga aan dooneyno in nalaga mamnuuco, waxaanna si cad u xilsaaraynaa isla cinwaanka IP-ga ee uu leeyahay sanduuqa Linux. Sidaa darteed, haddii aan codsanno helitaanka mid ka mid ah bogaggan, bogga hoyga ah httpd.

[xididka @ Linux_ ~] # yum ku rakib httpd [xididka @ linuxbox ~] # systemctl oo awood u siinaya httpd
Summad laga sameeyay /etc/systemd/system/multi-user.target.wants/httpd.service to /usr/lib/systemd/system/httpd.service.

[xididka @ linuxbox ~] # systemctl bilaw httpd

[xididka @ Linux_ ~] # systemctl status httpd
D httpd.service - Apache HTTP Server Load: xamuul (/usr/lib/systemd/system/httpd.service; karti; iibiyaha horay loo sii qorsheeyay: naafo) Firfircoon: firfircoon (socda) ilaa Sun 2017-04-16 16:41: 35 EDT; 5s ago Docs: man: httpd (8) man: apachectl (8) Main PID: 2275 (httpd) Status: "Processing codsiyada ..." CGroup: /system.slice/httpd.service ├─2275 / usr / sbin / httpd -DFOREGROUND ├─2276 / usr / sbin / httpd -DFOREGROUND ├─2277 / usr / sbin / httpd -DFOREGROUND ├─2278 / usr / sbin / httpd -DFOREGROUND ├─2279 / usr / sbin / httpd -DFOREGROUND └─2280 / usr / sbin / httpd -DFOREGROUND Apr 16 16:41:35 linuxbox systemd [1]: Starting The Apache HTTP Server ... Apr 16 16:41:35 linuxbox systemd [1]: Started The Apache HTTP Server.

SELinux iyo Apache

Apache waxay leedahay siyaasado dhowr ah si loogu rakibo gudaha macnaha SELinux.

[xididka @ linuxbox ~] # getsebool -a | grep httpd
httpd_anon_write -> off httpd_builtin_scripting -> on httpd_can_check_spam -> off httpd_can_connect_ftp -> off httpd_can_connect_ldap -> off httpd_can_connect_mythtv -> off httpd_can_connect off_zabbix - httpd_can_network_memcache -> off httpd_can_network_relay -> off httpd_can_sendmail -> off httpd_dbus_avahi -> off httpd_dbus_sssd -> off httpd_dontaudit_search_dirs -> offddag_enff_miver httpd_graceful_shutdown -> on httpd_manage_ipa -> off httpd_mod_auth_ntlm_winbind -> off httpd_mod_auth_pam -> off httpd_read_user_content -> off httpd_run_ipa -> off httpd_run_preupgrade -> off httpd_runcorun off- httpd_ssi_exec -> off httpd_sys_script_anon_write -> off httpd_tmp_exec -> off httpd_tty_comm - > ka joog httpd_unified -> off httpd_use_cifs -> off httpd_use_fusefs -> off httpd_use_gpg -> off httpd_use_nfs -> off httpd_use_openstack -> off httpd_use_sasl -> off httpd_verify_dns -> off

Waxaan kaliya u habeyn doonnaa waxyaabaha soo socda:

Iimayl ugu soo dir Apache

xididka @ linuxbox ~] # setsebool -P httpd_can_sendmail 1

U oggolow Apache inuu akhriyo waxyaabaha ku jira tusaha guriga ee isticmaalayaasha maxalliga ah

xididka @ linuxbox ~] # setsebool -P httpd_read_user_content 1

U oggolow inaad ku maamusho FTP ama FTPS wixii tusaha ay maamusho
Apache ama u oggolow Apache inuu u shaqeeyo sidii server FTP ah oo lagu dhageysto codsiyada dekedda FTP

[xididka @ Linux_ ~] # setsebool -P httpd_enable_ftp_server 1

Wixii macluumaad dheeraad ah, fadlan akhri Dejinta Server Linux.

Waxaan hubinaa HUBINTA

Waxaa haray oo kaliya in la furo biraawsar goobta shaqada iyo barta, tusaale ahaan, in http://windowsupdate.com. Waxaan hubin doonnaa in codsiga si sax ah loogu weeciyay Apache home page-ka oo kujira linuxbox. Xaqiiqdii, magac kastoo magac ah oo lagu caddeeyay feylka / iwm / banner_add_hosts waxaa lagugu wareejin doonaa isla bogga.

Sawirada dhamaadka qodobka ayaa cadeeyay.

Maareynta Isticmaalayaasha

Waxaan ku sameynaa iyadoo la adeegsanayo aaladda garaafka «Maamulka adeegsadaha»Taas oo aan ka helno nidaamka Nidaamka -> Maamulka -> Maareynta isticmaale. Mar kasta oo aan ku darno isticmaale cusub, galka ayaa la sameeyay / guriga / isticmaalaha si otomaatig ah.

 

Kabitaanno

Macaamiisha Linux

Kaliya waxaad ubaahantahay biraawsarka feylasha caadiga ah waxaadna muujisaa inaad rabto inaad isku xirto, tusaale ahaan: ssh: // buzz @ linuxbox / home / buzz iyo ka dib gelitaanka erayga sirta ah, galka ayaa la soo bandhigi doonaa guriga adeegsadaha buzz.

Macaamiisha Windows

Macaamiisha Windows, waxaan u adeegsanaa aaladda WinSCP. Marka la rakibo, waxaan u isticmaalnaa habka soo socda:

 

 

Fudud, sax?

Resumen

Waxaan aragnay inay suurtagal tahay in loo isticmaalo PAM si loo xaqiijiyo adeegyada shabakad yar iyo jawi kontorool ah oo gebi ahaanba ka go'doonsan gacmaha Anonymous. Waxay badanaa sabab u tahay xaqiiqda ah in aqoonsiyada aqoonsiga ay ku socdaan qoraal cad sidaa darteedna aysan ahayn qorshe xaqiijin in loo adeegsado shabakadaha furan sida garoomada diyaaradaha, shabakadaha Wi-Fi, iwm. Si kastaba ha noqotee, waa farsamo oggolaansho fudud, fudud oo la hirgaliyo lana qaabeeyo.

Ilaha laga tashaday

Nooca PDF

Kala soo bax nooca PDF-ka ah Halkan.

Ilaa maqaalka soo socda!


Nuxurka maqaalka wuxuu u hogaansamayaa mabaadi'deena anshaxa tifaftirka. Si aad u soo sheegto khalad guji Halkan.

9 faallooyin, ka tag taada

Ka tag faalladaada

cinwaanka email aan la daabacin doonaa.

*

*

  1. Masuul ka ah xogta: Miguel Ángel Gatón
  2. Ujeedada xogta: Xakamaynta SPAM, maaraynta faallooyinka.
  3. Sharci: Oggolaanshahaaga
  4. Isgaarsiinta xogta: Xogta looma gudbin doono dhinacyada saddexaad marka laga reebo waajibaadka sharciga ah.
  5. Kaydinta xogta: Macluumaadka ay martigelisay Shabakadaha Occentus (EU)
  6. Xuquuqda: Waqti kasta oo aad xadidi karto, soo ceshan karto oo tirtiri karto macluumaadkaaga.

  1.   NauTiluS dijo

    Boos aad u weyn ayaa laga bogsaday Mr. Fico. Waad ku mahadsantahay wadaagida aqoontaada.

  2.   qorraxda dijo

    Waan ogahay sida ay u adag tahay in la isu geeyo maqaal leh heer faahfaahin ah, oo leh tijaabooyin cadaalad ah oo cad iyo wixii ka sareeya oo dhan oo leh fikrado iyo xeelado ku habboon heerarka. Kaliya koofiyadayda ayaan u qaadaa dahabkan wax ku biirinta, aad ayaad ugu mahadsan tihiin Fico shaqadan wanaagsan.

    Weligay iskuma darin squid iyo xaqiijinta pam laakiin waxaan aadaa intii suurtogal ah si aan ugu sameeyo ficilkan shaybaarkayga ... Ujeedo duuban oo waan sii wadaynaa

  3.   federico dijo

    NaTiluS: Aad baad ugu mahadsantahay faalladaada iyo qiimeyntaada.
    Lizard: Adiguba sidoo kale, aad baad ugu mahadsan tahay faalladaada iyo qiimeyntaada.

    Waqtiga iyo dadaalka loogu talagalay sameynta maqaalada sidan oo kale ah waxaa kaliya lagu abaalmariyaa aqrinta iyo faallooyinka kuwa soo booqda bulshada FromLinux. Waxaan rajaynayaa inay waxtar kuu leedahay hawl maalmeedkaaga.
    Waan sii wadnaa!

  4.   si qarsoodi ah dijo

    Waxtar muwaadin oo layaableh !!!! Waan aqriyaa mid kasta oo ka mid ah maqaalladaada waxaanan dhihi karaa xitaa qof aan aqoon sare u lahayn barnaamijka bilaashka ah (aniga oo kale) wuu raaci karaa maqaalkan xiisaha leh tallaabo tallaabo. Farxad !!!!

  5.   IWO dijo

    Waad ku mahadsan tahay Fico maqaalkan kale ee weyn; Sida haddii aysan taasi ku filnayn dhammaan qoraalladii horeyba loo daabacay, tan waxaan ku leenahay adeeg aan horey u soo koobin taxanaha 'PYMES Series' waana mid aad muhiim u ah: "SQUID" ama Wakiilka LAN. Ma jiraan wax annaga noo ah qoyska kuwa u maleeya inaynu nahay "sysadmins" oo halkan ku haysta maaddooyin kale oo wanaagsan oo aan ku baranno kuna qoto-dheerno aqoonteenna.

  6.   federico dijo

    Dhamaantiin waad ku mahadsan tihiin faallooyinkiina. Maqaalka soo socda ayaa la macaamili doona barnaamijka 'Prosody chat server' oo leh xaqiijin ka dhan ah aqoonsiyada maxalliga ah (PAM) iyada oo loo marayo Cyrus-SASL, adeeggaasna waxaa lagu fulin doonaa isla isla serverka.

  7.   kenpachiRo17 dijo

    Waqti wanaagsan wadanin !!!! Wax ku biirinta weyn xitaa kuwa aniga oo kale ah oo aan aqoon weyn u lahayn Software-ka Bilaashka ah waxay jecel yihiin barashada maqaallada sida kan ugu fiican. Waan la socday tabarucaadkaaga waxaanan jeclaan lahaa inaan ogaado qodobkee ayaad igula talin laheyd inaan ku bilaabo taxanahan shabakadaha SME, tan iyo markii aan u aqrinayay si aan hagaagsaneyn waxaana u maleynayaa inay leedahay waxyaabo aad u qiimo badan oo aan seego wax faahfaahin ah. La'aan dheeraad ah, salaan iyo aqoonta la wadaago iyo waliba Software-ka ha ahaato mid Bilaash ah !!

    1.    federico dijo

      Waad salaaman tihiin waddani !!!. Waxaan kugula talinayaa inaad bilowdo bilowga, inkasta oo ay umuuqato sida wadada dheer, waa habka ugu gaaban si aan lumin. Tusmada - oo aan lagu cusbooneysiinin labadii maqaal ee ugu dambeeyay- https://blog.desdelinux.net/redes-computadoras-las-pymes-introduccion/, Waxaan dejinay amarka akhriska ee lagu taliyay ee Taxanaha, oo ka bilaabmaya sida loo sameeyo tayda Goobta Shaqada, ayaa ku sii socota dhowr qoraal oo loogu talagalay mawduuca Wax-qabad, raac dhowr baqshad DHAQAN, Isc-Dhcp-Server, iyo Dnsmasq, iyo wixii la mid ah illaa aan ka gaadhno qaybta hirgelinta adeegga ee shabakadda SME, oo ah halka aan hadda joogno. Waxaan rajeynayaa inay ku caawin doonto.

      1.    kenpachiRo17 dijo

        Hagaag waxay noqon doontaa !!!! Isla markaaba waxaan ku bilaabayaa silsilada bilowgii waxaanan sugayaa maqaalo cusub. Farxad !!!!