Ukuqinisekiswa kwe-squid + ye-PAM kwi-CentOS 7- iinethiwekhi ze-SMB

Isalathiso ngokubanzi sothotho: Iinethiwekhi zekhompyuter zee-SMEs: Intshayelelo

Umbhali: UFederico Antonio Valdes Toujague
federicotoujague@gmail.com
https://blog.desdelinux.net/author/fico

Molweni zihlobo nabahlobo!

Isihloko senqaku bekufanele ukuba sithi: «MATE + NTP + Dnsmasq + Gateway Service + Apache + squid kunye ne-PAM yokungqinisisa kwiCentos 7 Iinethiwekhi zeSME«. Ngezizathu ezibonakalayo siyayinqamlela.

Siyaqhubeka nokuqinisekiswa kubasebenzisi basekhaya kwikhompyuter ye-Linux besebenzisa i-PAM, kwaye ngeli xesha siza kubona ukuba singayibonelela njani inkonzo yommeleli nge-squid kwinethiwekhi encinci yeekhompyuter, ngokusebenzisa iziqinisekiso zokungqinisisa ezigcinwe kwikhompyuter enye apho umncedisi uyasebenza Isikwati.

Nangona sisazi ukuba yinto eqhelekileyo kule mihla, ukungqinisisa iinkonzo ngokuchasene ne-OpenLDAP, iRed Hat's Directory Server 389, iMicrosoft Active Directory, njl.njl. Sithathela ingqalelo ukuba kufuneka siqale ngezisombululo ezilula nezinexabiso eliphantsi, emva koko sijongane nezona zinzima. Siyakholelwa ukuba kufuneka sisuke kwizinto ezilula siye kubunzima.

Inqanaba

Umbutho omncinci-unezinto ezimbalwa kakhulu zoncedo lwezezimali- ezinikele ekuxhaseni usetyenziso lweSoftware yasimahla kwaye ekhethe igama le UkusukaLinux.Fan. Zizinto ezahlukeneyo ze-OS CentOS kudityaniswe kwiofisi enye. Bathenga indawo yokusebenza - hayi iseva yobungcali- eya kuthi bayinikele ukuze isebenze njenge "server."

Abathandayo abanalo ulwazi olubanzi ngendlela yokusebenzisa i-OpenLDAP iseva okanye iSamba 4 AD-DC, kwaye abanakho ukuhlawulela ilayisensi yeMicrosoft Active Directory. Nangona kunjalo, bafuna iinkonzo zokufikelela kwi-Intanethi ngokusebenzisa uMmeli womsebenzi wabo wemihla ngemihla -ukukhawulezisa ukubrawuza- kunye nendawo yokugcina amaxwebhu abo abaluleke kakhulu kwaye basebenze njengeekopi zokugcina.

Basasebenzisa ikakhulu iinkqubo ezisebenza ngokusemthethweni zeMicrosoft, kodwa bafuna ukuzitshintshela kwiiNkqubo zokuSebenza ezisekwe kwiLinux, ukuqala nge "Server" yabo.

Banqwenela ukuba neserver yabo yeposi ukuba bazimele - ubuncinci kwimvelaphi- yeenkonzo ezinje ngeGmail, Yahoo, HotMail, njl.njl.

I-Firewall kunye neMigaqo yokuHamba ngokuchasene ne-Intanethi iyakuyibeka kwi-ADSL Router enesivumelwano.

Abanagama lokwenyani lesizinda njengoko bengadingi kupapasha nayiphi na inkonzo kwi-Intanethi.

I-CentOS 7 njengeseva ngaphandle kwe-GUI

Siqala kufakelo olutsha lomncedisi ngaphandle komzobo womzobo, kwaye ekuphela kwendlela esiyikhethayo ngexesha lenkqubo «Izibonelelo Server»Njengoko sibonile kumanqaku angaphambili kolu thotho.

Useto lokuqala

[root @ linuxbox ~] # ikati / njl / igama lenginginya 
ibhokisi ye-linux

[root @ linuxbox ~] # ikati / njl / imikhosi
127.0.0.1 indawo yangaphakathi localhost.localdomain localhost4 localhost4.localdomain4 :: 1 localhost localhost.

[root @ linuxbox ~] # igama lenginginya
ibhokisi ye-linux

[(Imeyile ikhuselwe) ~] # igama lenginginya -f
i-linuxbox.fromlinux.fan

[(Imeyile ikhuselwe) ~] # ip uluhlu longezo
[(Imeyile ikhuselwe) ~] # ifconfig -a
[(Imeyile ikhuselwe) ~] # ls / sys / iklasi / net /
ens32 ens34 Jonga

Sikhubaza uMlawuli weNethiwekhi

[(Imeyile ikhuselwe) ~] # systemctl yeka iNethiwekhiManager

[root @ linuxbox ~] # systemctl khubaza iNethiwekhiManager

[(Imeyile ikhuselwe) ~] # systemctl ubume beNethiwekhiManager
● I-NetworkManager.service - Umphathi weNethiwekhi ulayishiwe: ulayishiwe (/usr/lib/systemd/system/NetworkManager.service; ukhubazekile; ukuseta kwangaphambili komthengisi: yenziwe) Iyasebenza: ayisebenzi (ifile) Amaxwebhu: indoda: InethiwekhiManager (8)

[(Imeyile ikhuselwe) ~] # ifconfig -a

Silungiselela unxibelelwano lwenethiwekhi

Ens32 LAN ujongano oluDityaniswe kwiNethiwekhi yangaphakathi

[(Imeyile ikhuselwe) ~] # nano / njl / sysconfig / izikripthi zenethiwekhi / ifcfg-ens32
DEVICE=ens32
ONBOOT=yes
BOOTPROTO=static
HWADDR=00:0c:29:da:a3:e7
NM_CONTROLLED=no
IPADDR=192.168.10.5
NETMASK=255.255.255.0
GATEWAY=192.168.10.1
DOMAIN=desdelinux.fan
DNS1=127.0.0.1
ZONE = esidlangalaleni

[(Imeyile ikhuselwe) ~] # ifdown ens32 && ifup ens32

Ens34 WAN ujongano oluqhagamshelwe kwi-Intanethi

[(Imeyile ikhuselwe) ~] # nano / njl / sysconfig / izikripthi zenethiwekhi / ifcfg-ens34
I-DEVICE = ens34 ONBOOT = ewe BOOTPROTO = static HWADDR = 00: 0c: 29: da: a3: e7 NM_CONTROLLED = akukho IPADDR = 172.16.10.10 NETMASK = 255.255.255.0 # Umzila we-ADSL uqhagamshelwe ku # olu nxibelelwano # kule dilesi elandelayo IP GATEWAY = 172.16.10.1 DOMAIN = desdelinux.fan DNS1 = 127.0.0.1
ZONE = zangaphandle

[(Imeyile ikhuselwe) ~] # ifdown ens34 && ifup ens34

Ukuqwalaselwa koovimba

[(Imeyile ikhuselwe) ~] # cd / etc / yum.repos.d/
[(Imeyile ikhuselwe) ~] # mkdir yoqobo
[iingcambu @ linuxbox ~] # mv Centos- * yoqobo /

[(Imeyile ikhuselwe) ~] # nano centos.repo
[Base-Repo]
name=CentOS-$releasever
baseurl=http://192.168.10.1/repos/centos/7/base/x86_64/
gpgcheck=0
enabled=1

[CentosPlus-Repo]
name=CentOS-$releasever
baseurl=http://192.168.10.1/repos/centos/7/centosplus/x86_64/
gpgcheck=0
enabled=1

[Epel-Repo]
name=CentOS-$releasever
baseurl=http://192.168.10.1/repos/centos/7/epel/x86_64/
gpgcheck=0
enabled=1

[Updates-Repo]
name=CentOS-$releasever
baseurl=http://192.168.10.1/repos/centos/7/updates/x86_64/
gpgcheck=0
enabled=1

[root @ linuxbox yum.repos.d] # yum zicoce zonke
Iiplagi ezilayishiwe: i-fastestmirror, i-langpacks Ukucoca indawo yokugcina izinto: I-Base-Repo CentosPlus-Repo Epel-Repo Media-Repo: Uhlaziyo-Repo Ukucoca yonke into Ukucoca uluhlu lwezipili ezikhawulezayo
[root @ linuxbox yum.repos.d] # yum uhlaziyo
Iiplagi ezilayishiwe: i-fastestmirror, ii-langpacks Base-Repo | 3.6 kB 00:00 CentosPlus-Repo | 3.4 kB 00:00 Epel-Repo | 4.3 kB 00:00 IMedia-Repo | 3.6 kB 00:00 Uhlaziyo-Repo | 3.4 kB 00:00 (1/9): I-Base-Repo / iqela_gz | 155 kB 00:00 (2/9): I-Epel-Repo / iqela_gz | I-170 kB 00: 00 (3/9): Imithombo yeendaba-Repo / iqela_gz | I-155 kB 00:00 (4/9): I-Epel-Repo / uhlaziyoinfo | I-734 kB 00:00 (5/9): Imidiya-Repo / eyintloko_db | 5.3 MB 00:00 (6/9): CentosPlus-Repo / primary_db | 1.1 MB 00:00 (7/9): Uhlaziyo-Ukuphinda / i-primary_db | 2.2 MB 00:00 (8/9): Epel-Repo / primary_db | 4.5 MB 00:01 (9/9): I-Base-Repo / yokuqala_db | 5.6 MB 00:01 Ukuchonga izibuko ezikhawulezayo Akukho phakheji ziphawulwe ngohlaziyo

Umyalezo "Akukho phakheji ziphawulwe ngohlaziyo»Kuboniswa kuba ngexesha lofakelo sibhengeze iindawo zokugcina ezikuzo esinazo.

I-Centos 7 kunye nemeko yedesktop ye-MATE

Ukuze usebenzise izixhobo zolawulo ezilungileyo kakhulu kunye nomzobo ocacileyo osinikwa yiCentOS / Red Hat, kwaye kuba sihlala sikhumbula i-GNOME2, sagqiba kwelokuba sifake iMATE njengendawo yedesktop.

[root @ linuxbox ~] # yum groupinstall "X Inkqubo ye Window"
[(Imeyile ikhuselwe) ~] # yum groupinstall "IMATE Desktop"

Ukujonga ukuba iMATE ilayisha ngokufanelekileyo, senza lo myalelo ulandelayo kwindawo yekhonsoli- yasekhaya okanye ekude-:

[(Imeyile ikhuselwe) ~] # inkquboctl yokwahlula umzobo

kwaye imeko-bume yedesktop kufuneka ilayishwe-kwiqela lendawo-kutyibilika kakuhle, kubonisa ifayile ye- i-lightdm njengokungena kwigrafu. Sichwetheza igama lomsebenzisi wasekhaya kunye negama lokugqitha, kwaye siya kungena kwi-MATE.

Ukuxela inkqubo ukuba inqanaba lesiseko lokumisela li-5 -graphic bume- senza ikhonkco elilandelayo lokomfuziselo:

[(Imeyile ikhuselwe) ~] # ln -sf /lib/systemd/system/runlevel5.target /etc/systemd/system/default.target

Siqalisa inkqubo kwaye yonke into isebenza kakuhle.

Sifaka iNkonzo yeXesha leeNethiwekhi

[(Imeyile ikhuselwe) ~] # yum faka ntp

Ngexesha lofakelo siqwalasela ukuba iwotshi yalapha iya kulungelelaniswa kunye neseva yecompyuter yexesha sysadmin.fromlinux.fan nge IP 192.168.10.1. Ke, siyigcina ifayile ntp .conf yoqobo ngu:

[(Imeyile ikhuselwe) ~] # cp /etc/ntp.conf /etc/ntp.conf.

Ngoku, senza enye enalo mxholo ulandelayo:

[root @ linuxbox ~] # nano /etc/ntp.conf # Iiseva ezilungiselelwe ngexesha lofakelo: server 192.168.10.1 iburst # Ngolwazi oluthe kratya, jonga amaphepha endoda: # ntp.conf (5), ntp_acc (5) , ntp_auth (5), ntp_clock (5), ntp_misc (5), ntp_mon (5). i-driftfile / var / lib / ntp / drift # Vumela ukungqamanisa nomthombo wexesha, kodwa hayi # vumela umthombo ukuba ubonisane okanye uhlengahlengise le nkonzo. :: 127.0.0.1 # Thintela kancinci kwiikhompyuter kwinethiwekhi yendawo. isithintelo se-1 mask 192.168.10.0 chonga i-notrap # Sebenzisa iprojekti yoluntu i-pool.ntp.org # Ukuba ufuna ukujoyina iprojekthi ndwendwela # (http://www.pool.ntp.org/join.html). #broadcast 255.255.255.0. 192.168.10.255 # Nika amandla ukufihla esidlangalaleni. #crypto kubandakanyaefile / njl / ntp / crypto / pw # Ifayile ephambili enezitshixo kunye nezazisi eziphambili # ezisetyenziswa xa kusebenza ngezitshixo zokulinganisa zokufihla / njl / ntp / izitshixo # Chaza izazisi ezithembekileyo. #trustedkey 224.0.1.1 224.0.1.1 239.255.254.254 # Chaza isazisi esingundoqo oza kusisebenzisa kunye nesixhobo se-ntpdc. #requestkey 239.255.254.254 # Chaza isikhombisi esingundoqo sokusetyenziswa kunye ne-ntpq eluncedo. #controlkey 192.168.10.255 # Vumela ukubhala kweerejista zamanani. #statistics clockstats cryptostats loopstats peerstats # Khubaza ukubekeka esweni kokuthintela ukukhulisa uhlaselo # usebenzisa i-ntpdc monlist command, xa okungagqibekanga # isithintelo singabandakanyi iflegi yomkhwa. Funda i-CVE-4-8 # ngeenkcukacha ezithe kratya. # Qaphela: Ukubek'esweni akucinyiswanga ngumda othintelweyo. khubaza ukubeka esweni

Senza ukuba sikwazi, siqale kwaye sijonge inkonzo ye-NTP

[(Imeyile ikhuselwe) ~] # inkquboctl ubume ntpd
● ntpd.service -Inkonzo yeXesha leNethiwekhi ilayishiwe: ilayishiwe (/usr/lib/systemd/system/ntpd.service; ikhubazekile; umthengisi usetwe kwangaphambili: ikhubazekile) Iyasebenza: ayisebenzi (ifile)

[root @ linuxbox ~] # systemctl yenza i-ntpd
Yenza i-symlink kwi /etc/systemd/system/multi-user.target.wants/ntpd.service to /usr/lib/systemd/system/ntpd.service.

[(Imeyile ikhuselwe) ~] # systemctl qala ntpd
[(Imeyile ikhuselwe) ~] # inkquboctl ubume ntpd

[(Imeyile ikhuselwe) ~] # inkquboctl ubume ntpdntpd.service -Inkonzo yeXesha leNethiwekhi
   Ikhutshiwe: ilayishiwe (/usr/lib/systemd/system/ntpd.service; yenziwe; umthengisi usetwe kwangaphambili: ukhubazekile) Uyasebenza: uyasebenza (uyasebenza) ukusukela nge-Fri 2017-04-14 15:51:08 EDT; Inkqubo eyi-1 eyadlulayo: 1307 ExecStart = / usr / sbin / ntpd -u ntp: ntp $ OPTIONS (ikhowudi = iphumile, inqanaba = 0 / IMPUMELELO) Eyona PID: 1308 (ntpd) CGroup: /system.slice/ntpd.service └─ 1308 / usr / sbin / ntpd -u ntp: ntp -g

Ntp kunye neFirewall

[root @ linuxbox ~] # firewall-cmd -indawo esebenzayo-yeendawo
ngaphandle
  ujongano: ens34
kawonke wonke
  ujongano: ens32

[root @ linuxbox ~] # firewall-cmd -zone = yoluntu -add-port = 123 / udp -isigxina
impumelelo
[root @ linuxbox ~] # firewall-cmd -phinda ulayishe
impumelelo

Senza ukuba sikwazi ukuqwalasela iDnsmasq

Njengoko sibonile kwinqaku elidlulileyo kuthotho lweeNethiwekhi zaMashishini amaNcinci, iDnsamasq ifakwe ngokungagqibekanga kwiCentOS 7 Infrastructure Server.

[(Imeyile ikhuselwe) ~] # inkquboctl ubume dnsmasq
● dnsmasq.service-DNS caching server. Ikhutshiwe: ilayishiwe (/usr/lib/systemd/system/dnsmasq.service; ikhubazekile; umthengisi usetwe kwangaphambili: ukhubazekile) Iyasebenza: ayisebenzi (ifile)

[(Imeyile ikhuselwe) ~] # systemctl yenza i-dnsmasq
Yenza i-symlink ukusuka /etc/systemd/system/multi-user.target.wants/dnsmasq.service to /usr/lib/systemd/system/dnsmasq.service.

[(Imeyile ikhuselwe) ~] # systemctl qala dnsmasq
[(Imeyile ikhuselwe) ~] # inkquboctl ubume dnsmasq
● dnsmasq.service-DNS caching server. Ikhutshiwe: ilayishiwe (/usr/lib/systemd/system/dnsmasq.service; yenziwe; umthengisi usetwe kwangaphambili: ukhubazekile) Uyasebenza: uyasebenza (uyasebenza) ukusukela nge-Fri 2017-04-14 16:21:18 EDT; I-4s eyadlulayo iPID ephambili: 33611 (dnsmasq) Iqela: /system.slice/dnsmasq.service └─33611 / usr / sbin / dnsmasq -k

[(Imeyile ikhuselwe) ~] # mv /etc/dnsmasq.conf /etc/dnsmasq.conf.

[(Imeyile ikhuselwe) ~] # nano /etc/dnsmasq.conf
# ------------------------------------------------- ------------------ # IINKETHO JIKELELE # ----------------------------- -------------------------------------- indawo efunekayo # Musa ukudlulisa amagama ngaphandle kwenxalenye yesizinda bogus-priv # Sukuzidlulisa iidilesi kwindawo engafakwanga yandisa-inginginya # Yongeza ngokuzenzekelayo i-domain kwi-host interface = ens32 # I-interface ye-LAN engqongqo-odolo # Umyalelo apho ubuza khona /etc/resolv.conf ifayile conf-dir = / njl /dnsmasq.d domain = desdelinux.fan # Domain name address = / time.windows.com / 192.168.10.5 # Ithumela ukhetho olungenanto lwexabiso le-WPAD. Ifunelwa i- # Windos 7 kwaye kamva abathengi baziphathe kakuhle. ;-) dhcp-option = 252, "\ n" # Ifayile apho siza kubhengeza iiHOSTS eziza "kuvalwa" addn-hosts = / etc / banner_add_hosts local = / desdelinux.fan / # ---------- ------------------------------------------------------ ------- # BHALISO LOKUBHALWA KWAMANQAKU # ---------------------- --------------------------- # Olu hlobo lobhaliso lufuna ungeno # kwi / etc / hosts file # eg: 192.168.10.5 linuxbox.fromlinux.fan linuxbox # cname = ALIAS, REAL_NAME cname = mail.fromlinux.fan, linuxbox.fromlinux.fan # MX RECORDS # Returns MX record with the name "desdelinux.fan" destined # for the mail.desdelinux computer. fan kunye nokuphambili kwe-10 mx-host = desdelinux.fan, mail.desdelinux.fan, 10 # Indawo engagqibekanga yeerekhodi ze-MX ezenziwe # kusetyenziswa ukhetho lwe-localmx ziya kuba: mx-target = mail.desdelinux.fan # Returns irekhodi le-MX elalatha ekujolise kuko kwe-mx BONKE # oomatshini bendawo localmx # Iirekhodi zeTXT. Singabhengeza kwakhona irekhodi le-SPF txt-rekodi = desdelinux.fan, "v = spf1 a -all" txt-record = desdelinux.fan, "DesdeLinux, iBhlog yakho enikezelwe kwiSoftware yasimahla" # --------- ------------------------------------------------------ -------- # AMALUNGISELELO NOKUSETYENZISWA # -------------------------------------- ---------------------------- # Uluhlu lwe-IPv4 kunye nexesha lokuqeshisa # 1 ukuya kuma-29 zeeNkonzo kunye nezinye iimfuno ze-dhcp -range = 192.168.10.30,192.168.10.250,8h dhcp-lease-max = 222 # Elona nani likhulu leedilesi zokuqeshisa # ngokungagqibekanga zii-150 # IPV6 uluhlu # dhcp-range = 1234 ::, ra-only # Khetha ze RANGE # OPTIONS dhcp-option = 1,255.255.255.0 # NETMASK dhcp-option = 3,192.168.10.5 # ROUTER GATEWAY dhcp-option = 6,192.168.10.5 # Iiseva ze-DNS dhcp-option = 15, desdelinux.fan # I-DNS Domain Name dhcp-option = 19,1 , 28,192.168.10.255 # ukhetho lwe-ip-lokuhambisa phambili kwi-dhcp-ukhetho = 42,192.168.10.5 # BROADCAST dhcp-ukhetho = XNUMX # NTP dhcp -gunyazisiweyo # Igunya le-DHCP kwi-subnet # -------------- ------------------ ----------------------------------- # Ukuba ufuna ukugcina ngaphakathi / var / log / imiyalezo kwilog ye imibuzo # uncomment umgca ongezantsi # ------------------------------------------- ----------------------------
# imibuzo yelog
# UKUPHELA kwefayile /etc/dnsmasq.conf # --------------------------------------- ----------------------------

Senza ifayile / njl / i-banner_add_hosts

[(Imeyile ikhuselwe) ~] # nano / njl / banner_add_hosts
192.168.10.5 windowsupdate.com 192.168.10.5 ctldl.windowsupdate.com 192.168.10.5 ocsp.verisign.com 192.168.10.5 csc3-2010-crl.verisign.com 192.168.10.5 www.msftncsi.com 192.168.10.5 ipv6.msftncsi.com 192.168.10.5 teredo.ipv6.microsoft.com 192.168.10.5 ds.download.windowsupdate.com 192.168.10.5 khuphela.microsoft.com 192.168.10.5 fe2.update.microsoft.com 192.168.10.5 crl.microsoft.com 192.168.10.5 www .download.windowsupdate.com 192.168.10.5 win8.ipv6.microsoft.com 192.168.10.5 spynet.microsoft.com 192.168.10.5 spynet1.microsoft.com 192.168.10.5 spynet2.microsoft.com 192.168.10.5 spynet3.microsoft.com 192.168.10.5. 4 spynet192.168.10.5.microsoft.com 5 spynet192.168.10.5.microsoft.com 15 office192.168.10.5client.microsoft.com 192.168.10.5 addons.mozilla.org XNUMX crl.verisign.com

Iidilesi ze-IP ezizinzileyo

[root @ linuxbox ~] # nano / njl / yemikhosi
127.0.0.1 yendawo yangaphakathihosthost yendawo yokuhlala.

Siqwalasela ifayile /etc/resolv.conf - gqibezela

[(Imeyile ikhuselwe) ~] # nano /etc/resolv.conf
Khangela i-desdelinux.fan nameserver 127.0.0.1 # Kwimibuzo ye-DNS yangaphandle okanye engekho yesizinda # desdelinux.fan # local = / desdelinux.fan / nameserver 8.8.8.8

Sijonga is syntax yefayile wdmasmasq.conf, siqala kwaye sijonge imeko yenkonzo

[(Imeyile ikhuselwe) ~] # dnsmasq -ukuvavanya
dnsmasq: ujonge syntax KULUNGILE.
[(Imeyile ikhuselwe) ~] # systemctl qala kwakhona dnsmasq
[(Imeyile ikhuselwe) ~] # inkquboctl ubume dnsmasq

I-Dnsmasq kunye neFirewall

[root @ linuxbox ~] # firewall-cmd -indawo esebenzayo-yeendawo
ngaphandle
  ujongano: ens34
kawonke wonke
  ujongano: ens32

INkonzo thambeka o Umncedisi wegama leDomain (dns). Umgaqo kwefasilithi «IP kunye Encryption«

[root @ linuxbox ~] # firewall-cmd -zone = yoluntu -add-port = 53 / tcp -isigxina
impumelelo
[root @ linuxbox ~] # firewall-cmd -zone = yoluntu -add-port = 53 / udp -isigxina
impumelelo

Imibuzo ye-Dnsmasq kwiiseva zangaphandle ze-DNS

[root @ linuxbox ~] # firewall-cmd -zone = yangaphandle -add-port = 53 / tcp -isigxina
impumelelo
[root @ linuxbox ~] # firewall-cmd -zone = yangaphandle -add-port = 53 / udp -isigxina
impumelelo

INkonzo ukuqhuba o I-BOOTP iseva (Dhcp). Umgaqo ippc «I-Intanethi yePluribus Packet Core«

[root @ linuxbox ~] # firewall-cmd -zone = yoluntu -add-port = 67 / tcp -isigxina
impumelelo
[root @ linuxbox ~] # firewall-cmd -zone = yoluntu -add-port = 67 / udp -isigxina
impumelelo

[root @ linuxbox ~] # firewall-cmd -phinda ulayishe
impumelelo

[root @ linuxbox ~] # firewall-cmd -info-zone yoluntu loluntu (esebenzayo)
  ekujoliswe kuyo: i-icmp-block-inversion emiselweyo: akukho ndawo yokuhlangana: ens32 imithombo: iinkonzo: dhcp dns ntp ssh port: 67 / tcp 53 / udp 123 / udp 67 / udp 53 / tcp protocols: masquerade: no forward-port: sourceports: icmp -Iibhloko: imigaqo etyebileyo:

[root @ linuxbox ~] # firewall-cmd -info-zone yangaphandle yangaphandle (esebenzayo)
  ekujoliswe kuyo: i-icmp-block-inversion emiselweyo: akukho zinxibelelanisi: ens34 imithombo: iinkonzo: i-dns port: 53 / udp 53 / tcp protocols: masquerade: ewe phambili-amazibuko: iindawo zemithombo yolwazi: icmp-iibhloko: ingxaki yeparamitha yokuhambisa kwakhona umzila wentengiso- Umthombo wokucela-ukucima imigaqo esisityebi:

Ukuba sifuna ukusebenzisa ujongano lomzobo ukuqwalasela iFirewall kwiCentOS 7, sijonga kwimenyu ngokubanzi-iya kuxhomekeka kwimeko-bume yedesktop apho imenu esezantsi ibonakala khona - usetyenziso lwe- «Firewall», siyayenza kwaye nasemva kokungena ngegama eligqithisiweyo lomsebenzisi Ingcambu, siya kufikelela kwinkqubo yenkqubo enjalo. Kwi-MATE kubonakala kwimenyu «Inkqubo »->" Ulawulo "->" I-firewall ".

Sikhetha iNdawo «kawonke wonke»Kwaye sigunyazisa iinkonzo esifuna ukuba zipapashwe kwi-LAN, kude kube ngoku Dhcp, dns, ntp kunye ne-ssh. Emva kokukhetha iinkonzo, ukungqinisisa ukuba yonke into isebenza ngokuchanekileyo, kufuneka senze utshintsho kwiRuntime ibe sisigxina. Ukwenza oku siye kwimenyu yeenketho kwaye ukhethe ukhetho «Qalisa ixesha elisisigxina«.

Emva kwexesha sikhetha iNdawo «ngaphandle»Kwaye sijonga ukuba amazibuko ayimfuneko ukunxibelelana ne-Intanethi avulekile. MUSA ukupapasha iiNkonzo kule ndawo ngaphandle kokuba siyazi kakuhle into esiyenzayo!.

Masingakulibali ukwenza utshintsho olusisigxina ngokhetho «Qalisa ixesha elisisigxina»Kwaye ulayishe kwakhona idemon I-firewallD, ngalo lonke ixesha sisebenzisa esi sixhobo somfanekiso sinamandla.

NTP kunye ne-Dnsmasq evela kumxhasi weWindows 7

Ungqamaniso ne-NTP

ngaphandle

Idilesi ye-IP eqeshiweyo

IMicrosoft yeWindows [Inguqulelo 6.1.7601] Ilungelo lokushicilela (c) 2009 Microsoft Corporation. Onke amalungelo agciniwe. C: \ Abasebenzisi \ buzz> ipconfig / lonke igama loCwangciso lweWindows IP. . . . . . . . . . . . : SIXHENGXE
   Isimamva seDns sasePrayimari. . . . . . . :
   Uhlobo lweNode. . . . . . . . . . . . Umzila weHybrid IP unikwe amandla. . . . . . . . : Akukho Mmeli we-WINS uvumelekileyo. . . . . . . . : Akukho luhlu lokuKhangela kwiSimamva se-DNS. . . . . . : desdelinux.fan Ethernet iadaptha yendawo yoQhagamshelo: Uqhagamshelo oluthile lwe-DNS Suffix. : desdelinux.fan Inkcazo. . . . . . . . . . . I-Intel (R) PRO / 1000 MT yeNxibelelwano lweNethiwekhi Idilesi yendawo. . . . . . . . . : 00-0C-29-D6-14-36 DHCP Yenziwe ukuba isebenze. . . . . . . . . . . : Ulungelelwaniso oluzenzekelayo lwenziwe lwasebenza. . . . : Kwaye kunjalo
   Idilesi ye-IPv4. . . . . . . . . . . : 192.168.10.115 (Kukhethwa)
   Imaski yeSnetnet. . . . . . . . . . . : 255.255.255.0 Uqeshiso lufunyenwe. . . . . . . . . . : NgoLwesihlanu, Epreli 14, 2017 5:12:53 PM Ukuqeshisa kuyaphelelwa. . . . . . . . . . : NgoMgqibelo, ngo-Epreli 15, 2017 1:12:53 AM Isango eliNgagqibekanga. . . . . . . . . 192.168.10.1 Umncedisi we-DHCP. . . . . . . . . . . : 192.168.10.5 Iiseva ze-DNS. . . . . . . . . . . : 192.168.10.5 I-NetBIOS ngaphezulu kweTcpip. . . . . . . . Iadaptha yetonela evunyelweyo yoNxibelelwano lweNdawo yeNgingqi * 9: Media State. . . . . . . . . . . Imidiya ayiqhagamshelekanga Isinxibelelanisi esithile seDNS. : Inkcazo. . . . . . . . . . . : Iadaptha yeTeredo Tunneling ye-Microsoft Idilesi yendawo. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP Inikwe amandla. . . . . . . . . . . Akukho luqwalaselo oluzenzekelayo lwenziweyo. . . . Ewe i-Tunnel adapter isatap.fromlinux.fan: Media State. . . . . . . . . . . Imidiya ayiqhagamshelekanga Isinxibelelanisi esithile seDNS. : desdelinux.fan Inkcazo. . . . . . . . . . . Idilesi yendawo eyiMicrosoft ISATAP Adapter # 2. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP Inikwe amandla. . . . . . . . . . . Akukho luqwalaselo oluzenzekelayo lwenziweyo. . . . : Ewe C: Abasebenzisi buzz>

Icebiso

Ixabiso elibalulekileyo kubathengi beWindows yi "Isimamva seDns yasePrayimari" okanye "Isimamva soqhagamshelo oluphambili". Xa uMlawuli weDomain weMicrosoft engasetyenziswanga, inkqubo yokusebenza ayiliniki naliphi na ixabiso kuyo. Ukuba sijamelene netyala elichazwe ekuqaleni kwenqaku kwaye sifuna ukubhengeza ngokucacileyo elo xabiso, kufuneka siqhubeke ngokwento eboniswe kulo mfanekiso ulandelayo, samkele utshintsho kwaye siqalise kwakhona umxhasi.

Ukuba sibaleka kwakhona I-CMD -> ipconfig / yonke Siza kufumana oku kulandelayo:

IMicrosoft yeWindows [Inguqulelo 6.1.7601] Ilungelo lokushicilela (c) 2009 Microsoft Corporation. Onke amalungelo agciniwe. C: \ Abasebenzisi \ buzz> ipconfig / lonke igama loCwangciso lweWindows IP. . . . . . . . . . . . : SIXHENGXE
   Isimamva seDns sasePrayimari. . . . . . . : desdelinux.fan
   Uhlobo lweNode. . . . . . . . . . . . Umzila weHybrid IP unikwe amandla. . . . . . . . : Akukho Mmeli we-WINS uvumelekileyo. . . . . . . . : Akukho luhlu lokuKhangela kwiSimamva se-DNS. . . . . . : desdelinux.fan

Onke amaxabiso ahlala engatshintshanga

Ukuhlolwa kwe-DNS

buzz @ sysadmin: ~ $ host spynet.microsoft.com
i-spynet.microsoft.com inedilesi 127.0.0.1 Ukubamba i-spynet.microsoft.com ayifumaneki: i-5 (REFUSED) i-spynet.microsoft.com imeyile iphathwa nge-imeyile eyi-1.fromlinux.fan.

buzz @ sysadmin: ~ $ host linuxbox
linuxbox.desdelinux.fan ineadilesi 192.168.10.5 linuxbox.desdelinux.fan imeyile iphathwa nge-imeyile eyi-1.desdelinux.fan.

buzz @ sysadmin: ~ $ umncedisi sysadmin
sysadmin.desdelinux.fan ineadilesi 192.168.10.1 sysadmin.desdelinux.fan iposi iphathwa nge-imeyile eyi-1.desdelinux.fan.

buzz @ sysadmin: ~ $ imeyile yokubamba
I-imeyile.desdelinux.fan yinto engaziwayo ye-linuxbox.desdelinux.fan. linuxbox.desdelinux.fan ine dilesi 192.168.10.5 linuxbox.desdelinux.fan imeyile iphathwa nge-imeyile eyi-1.desdelinux.fan.

Sifaka -ukuvavanywa kuphela-Iseva yeNSD egunyazisiweyo kwi-NSD sysadmin.fromlinux.fan, kwaye siquka idilesi ye-IP 172.16.10.1 kwindawo yogcino /etc/resolv.conf yeqela i-linuxbox.fromlinux.fan, Ukuqinisekisa ukuba i-Dnsmasq yayiqhuba ngokuchanekileyo umsebenzi wayo wokuDlulisela phambili. Iibhokisi zesanti kwiseva ye-NSD zezi i-favt.org y zangqa.org. Zonke ii-IPs ziintsomi okanye iinethiwekhi zabucala.

Ukuba sikhubaza ujongano lweWAN en34 usebenzisa umyalelo ukuhla kwe-ens34, I-Dnsmasq ayizukukwazi ukubuza iiseva zangaphandle ze-DNS.

[buzz @ linuxbox ~] $ sudo ifdown ens34 [buzz @ linuxbox ~] $ umphathi -t mx toujague.org
Umkhosi toujague.org akafumaneki: 3 (NXDOMAIN)

[buzz @ linuxbox ~] $ umphathi pizzapie.favt.org
Pizzapie.favt.org ayifumaneki: 3 (NXDOMAIN)

Masenze i-ens34 ujongano kwaye sijonge kwakhona:

[buzz @ linuxbox ~] $ sudo ifup ens34
buzz @ linuxbox ~] $ umphathi pizzapie.favt.org
pizzapie.favt.org yinto engaziwayo ye- paisano.favt.org. I-paisano.favt.org inedilesi 172.16.10.4

[buzz @ linuxbox ~] $ umphathi pizzapie.toujague.org
I-pizzas.toujague.org ayifumaneki: 3 (NXDOMAIN)

[buzz @ linuxbox ~] $ umgcini poblacion.toujague.org
poblacion.toujague.org ineedilesi 169.18.10.18

[buzz @ linuxbox ~] $ umphathi -t NS favt.org
favt.org igama lomncedisi ns1.favt.org. favt.org igama lomncedisi ns2.favt.org.

[buzz @ linuxbox ~] $ umphathi -t NS toujague.org
toujague.org igama lomncedisi ns1.toujague.org. toujague.org igama lomncedisi ns2.toujague.org.

[buzz @ linuxbox ~] $ umphathi -t MX toujague.org
Iposi ye-toujague.org iphathwa nge-10 imeyile.toujague.org.

Makhe siqwalasele sysadmin.fromlinux.fan:

buzz @ sysadmin: ~ $ cat /etc/resolv.conf 
khangela kwi linux.fan nameserver 192.168.10.5

xeon @ sysadmin: ~ $ umphathi wemeyile.toujague.org
imeyile.toujague.org ineedilesi 169.18.10.19

I-Dnsmasq isebenza ngathi Umdlulisi ngokuchanekileyo.

Isikwati

Kwincwadi ekwifomathi yePDF «Uqwalaselo lweServer yeLinux»Umhla we-25 Julayi 2016, ngu-Author UJoel Barrios Dueñas (mnyamashram@gmail.com - http://www.alcancelibre.org/), isicatshulwa endibhekise kuso kumanqaku angaphambili, kukho isahluko esipheleleyo esizinikezelwe Izinketho zoqwalaselo olusisiseko lweSquid.

Ngenxa yokubaluleka kweWebhu-Inkonzo yommeleli, sivelisa iNtshayelelo malunga ne-squid kule ncwadi ikhankanywe ngasentla:

105.1. Intshayelelo.

105.1.1. Yintoni umSebenzisi oPhakathi (uMmeli)?

Igama lesiNgesi "Ummeli" inentsingiselo ngokubanzi kwaye kwangaxeshanye inentsingiselo edidayo, nangona
uhlala ethathelwa ingqalelo njengentetho efanayo "Umlamli". Ihlala iguqulelwe, ngokungqongqo, njenge umthunywa o amandla (onegunya komnye).

Un Umncedisi ongumlamli Ichazwa njengekhompyuter okanye isixhobo esibonelela ngenkonzo yenethiwekhi equka ukuvumela abathengi ukuba benze unxibelelwano oluthe ngqo lwenethiwekhi kwezinye iinkonzo zenethiwekhi. Ngexesha lenkqubo oku kulandelayo kuyenzeka:

  • Umthengi uqhagamshela kwi Umncedisi wommeli.
  • Abathengi bacela unxibelelwano, ifayile, okanye obunye ubutyebi obufumanekayo kwiseva eyahlukileyo.
  • Umncedisi ophakathi ubonelela ngezixhobo ngokunxibelelana neseva echaziweyo
    okanye ukuyikhonza kwindawo efihlakeleyo.
  • Ngamanye amaxesha Umncedisi ongumlamli Ungasiguqula isicelo somthengi okanye
    Impendulo yomncedisi ngeenjongo ezahlukeneyo.

Los Iiseva zommeleli zenziwe ngokubanzi ukuba zisebenze ngaxeshanye njengodonga lomlilo olusebenza kwifayile ye- Inqanaba lenethiwekhi, isebenza njengecebo lokucoca ipakethi, kwimeko ye iptables okanye ukusebenza kwifayile ye- Inqanaba lesicelo, Ukulawula iinkonzo ezahlukeneyo, njengoko kunjalo Isisongeli seTCP. Kuxhomekeka kwimeko, udonga lomlilo luyaziwa njenge I-BPD o Bumyalelo Pukujikeleza Device okanye nje Icebo lokucoca ipakethi.

Isicelo esiqhelekileyo se Iiseva zommeleli Ukusebenza njengendawo yokugcina umxholo wenethiwekhi (ngakumbi i-HTTP), ukubonelela kufutshane nabaxumi indawo yokugcina kunye neefayile ezifumaneka kwinethiwekhi kumaseva akude e-HTTP, evumela abathengi benethiwekhi yendawo ukuba bafikelele kuyo ngokukhawuleza nangokuthembekileyo.

Xa isicelo sifunyenwe sesibonelelo seNethiwekhi esichaziweyo kwifayile ye- URL (Uiyunifomu Rizixhobo Locator) i Umncedisi ongumlamli jonga iziphumo ze URL ngaphakathi kwe-cache. Ukuba ifunyenwe, ifayile ye Umncedisi ongumlamli Uphendula umthengi ngokubonelela ngoko nangoko umxholo oceliweyo. Ukuba umxholo oceliweyo awukho kwindawo yokugcina izinto, i Umncedisi ongumlamli iya kuyilanda kwiserver ekude, iyise kumthengi oyicelileyo kwaye igcine ikopi kwi-cache. Umxholo okwi-cache ususwa emva kokuphelelwa yi-algorithm ngokobudala, ubungakanani kunye nembali ye iimpendulo kwizicelo (hits) (imizekelo: I-LRU, LFUDA y I-GDSF).

Iiseva zommeleli womxholo weNethiwekhi (iiProxies zeWebhu) zinokusebenza njengezihluzo zomxholo osetyenzisiweyo, kusetyenziswa imigaqo-nkqubo yokunyanzelwa ngokweekhrayitheriya ezinxamnye noko..

Inguqulelo yeSquid esiza kuyifaka yile Indawo ekuyiwa kuyo 3.5.20 ukusuka kwindawo yokugcina izinto uhlaziyo.

Ukufakwa

[root @ linuxbox ~] # yum fakela iskwidi

[(Imeyile ikhuselwe) ~] # ls / njl / squid /
iphepha lempazamo le-cachemgr.conf.css.default  ingwane.conf
cachemgr.conf.deime mime.conf              squid.conf.default
impazamo.css mime.conf.default

[(Imeyile ikhuselwe) ~] # inkquboctl yenza iskwidi

Kubalulekile

  • Eyona njongo iphambili yeli nqaku kukuGunyazisa abasebenzisi bendawo ukuba banxibelelane neS squid kwezinye iikhompyuter ezixhumeke kwi-LAN. Ukongeza, phumeza isiseko seseva apho ezinye iinkonzo ziya kongezwa khona. Ayililo inqaku elinikezelwe kwiSkid enjalo.
  • Ukufumana umbono woqwalaselo lweenketho zeskwidi, funda ifayile / usr/share/doc/squid-3.5.20/squid.conf.documented, enemigca engama-7915.

I-SELinux kunye ne-squid

[(Imeyile ikhuselwe) ~] # fumana ibool -a | grep squid
squid_connect_any -> kwi squid_use_tproxy -> icinyiwe

[(Imeyile ikhuselwe) ~] # eselebool -P squid_connect_any = ivuliwe

Cwangcisa

[(Imeyile ikhuselwe) ~] # nano /etc/squid/squid.conf
# LAN i-acl yendawo yenetwork src 192.168.10.0/24 acl SSL_ports port 443 21
I-acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 # https acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 1025-65535 # amazibuko angabhaliswanga acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl Qhagamshela indlela QHAGAMSHELANA # Siyayikhaba imibuzo yamazibuko angakhuselekanga http_access deni! Safe_ports # Siyayikhaba indlela yokuQhagamshela kumazibuko angakhuselekanga http_access khanyela QHUBEKA! Umphathi we-Cache kuphela kwi-localhost http_access vumela umphathi wehosthost http_access ukukhanyela umphathi # Sicebisa ngokuqinileyo oku kulandelayo ukuba ungonwabi ukukhusela izicelo ze-web ezimsulwa # ezisebenza kwiseva yommeleli abacinga ukuba kuphela # umntu onokufikelela kwiinkonzo kwi "localhost" yindawo Umsebenzisi http_access uyala kwi_localhost # # FAKA UMTHETHO WAKHO (S) APHA UKUVUMELA UKUFIKELELA KWABASEBENZI BAKHO # # isigunyaziso sePAM
Inkqubo esisiseko ye-auth_param / usr / lib64 / squid / basic_pam_auth
auth_param basic basic 5 auth_param basic base from linux.fan auth_param basic credentialsttl 2 hours auth_param basic caseensitive off # Acl verification is required to access Squid Enthusiasts proxy_auth REQUIRED # Sivumela ukufikelela kubasebenzisi abaqinisekisiweyo # nge-PAM http_access deni! Abathandekayo # Ukufikelela kwiindawo ze-FTP i-acl ftp proto FTP http_access vumela i-ftp http_access ivumele i-localnet http_access ivumele indawo yangasese # Siyayiphika nayiphi na enye indlela yokufikelela kwi-proxy http_access khanyela konke # i-squid ngesiqhelo simamele kwizibuko 3128 http_port 3128 # Sishiya "ii-coredumps" kulawulo lokuqala lwe-cache coredump_dir / var / spool / squid # # Yongeza nakuphi na okokuhlaziya_okungenisa okungaphezulu kwezi. # hlaziya_pattern ^ ftp: 1440 20% 10080 hlaziya_pattern ^ gopher: 1440 0% 1440 refresh_pattern -i (/ cgi-bin / | \?) 0 0% 0 refresh_pattern. 0 20% 4320 cache_mem 64 MB # Cache memory memory_replacement_policy lru cache_replacement_policy heap LFUDA cache_dir aufs / var / spool / squid 4096 16 256 maximum_object_size 4 MB cache_swap_low 85 cache_swap_highux 90 cache_mgr buzz@desdelindux_fanux

Sijonga is syntax yefayile /etc/squid/squid.conf

[(Imeyile ikhuselwe) ~] # squid -k parse
2017/04/16 15:45:10 | Ukuqalisa: Ukuqala iiNkqubo zokuNgqinisisa ...
 2017/04/16 15:45:10 | Ukuqalisa: Inkqubo yokuQinisekisa yokuQala 'eyisiseko' 2017/04/16 15: 45: 10 | Ukuqalisa: Inkqubo yokuQinisekisa yokuQala 'yokwetyisa' 2017/04/16 15: 45: 10 | Ukuqalisa: Inkqubo yokuQinisekisa yokuQala 'thethana' 2017/04/16 15: 45: 10 | Ukuqalisa: Inkqubo yokuQinisa yokuQala 'ntlm' 2017/04/16 15: 45: 10 | Ukuqalisa: UkuQinisekiswa kokuQala.
 2017/04/16 15:45:10 | Iqhubekekisa Ukucwangciswa kweFayile: /etc/squid/squid.conf (ubunzulu 0) 2017/04/16 15: 45: 10 | Ukuqhubekeka: i-acl yendawo yenetwork src 192.168.10.0/24 2017/04/16 15: 45: 10 | Iqhubekekisa: i-acl SSL_ports port 443 21 2017/04/16 15: 45: 10 | Ukuqhubekeka: i-acl Safe_ports port 80 # http 2017/04/16 15: 45: 10 | Iqhubekekisa: i-acl Safe_ports port 21 # ftp 2017/04/16 15: 45: 10 | Ukuqhubekeka: i-acl Safe_ports port 443 # https 2017/04/16 15: 45: 10 | Iqhubekekisa: i-acl Safe_ports port 70 # gopher 2017/04/16 15: 45: 10 | Ukuqhubekeka: i-acl Safe_ports port 210 # wais 2017/04/16 15: 45: 10 | Inkqubo: i-acl Safe_ports port 1025-65535 # amazibuko angabhaliswanga 2017/04/16 15: 45: 10 | Iqhubekekisa: i-acl Safe_ports port 280 # http-mgmt 2017/04/16 15: 45: 10 | Ukuqhubekeka: i-acl Safe_ports port 488 # gss-http 2017/04/16 15: 45: 10 | Iqhubekekisa: i-acl Safe_ports port 591 # yefayile 2017/04/16 15: 45: 10 | Inkqubo: i-acl Safe_ports port 777 # multiling http 2017/04/16 15: 45: 10 | Inkqubo: acl QHAGAMSHELANA indlela QHAGAMSHELANA 2017/04/16 15: 45: 10 | Inkqubo: http_access deni! Safe_ports 2017/04/16 15: 45: 10 | Iqhubekeka: http_access khanyela QHAGAMSHELANA! SSL_ports 2017/04/16 15: 45: 10 | Iqhubekekisa: http_access vumela umphathi wehosthost 2017/04/16 15: 45: 10 | Inkqubo: http_access ukukhanyela umphathi 2017/04/16 15: 45: 10 | Iqhubekekisa: http_access khanyela kwi_localhost 2017/04/16 15: 45: 10 | Inkqubo: auth_param inkqubo esisiseko / usr / lib64 / squid / esisiseko_pam_auth 2017/04/16 15: 45: 10 | Ukuqhubekeka: auth_param abantwana abasisiseko 5 2017/04/16 15: 45: 10 | Ukuqhubekeka: i-auth_param indawo esisiseko evela kwi-linux.fan 2017/04/16 15: 45: 10 | Ukuqhubekeka: i-auth_param iziqinisekiso ezisisisekotl 2 iiyure 2017/04/16 15: 45: 10 | Iqhubekekisa: auth_param iimeko ezisisiseko zokuva ngo-2017/04/16: 15: 45 | Iqhubekekisa: ii-acl Abathanda i-proxy_auth KUFUNEKA 10/2017/04 16: 15: 45 | Iqhubekekisa: http_access ukukhanyela! Abangeneleli 10/2017/04 16: 15: 45 | Ukuqhubekeka: i-acl ftp proto FTP 10/2017/04 16: 15: 45 | Iqhubekekisa: http_access vumela i-ftp 10/2017/04 16: 15: 45 | Iqhubekekisa: http_access vumela i-localnet 10/2017/04 16: 15: 45 | Ukuqhubekeka: http_access vumela i-localhost 10/2017/04 16: 15: 45 | Iqhubekekisa: http_access iyala yonke 10/2017/04 16: 15: 45 | Ukuqhubekeka: http_port 10 3128/2017/04 16: 15: 45 | Inkqubo: coredump_dir / var / spool / squid 10/2017/04 16: 15: 45 | Iqhubekekisa: hlaziya_pattern ^ ftp: 10 1440% 20 10080/2017/04 16: 15: 45 | Iqhubekekisa: hlaziya_pattern ^ gopher: 10 1440% 0 1440/2017/04 16: 15: 45 | Ukuqhubekeka: ukuvuselela_pattern -i (/ cgi-bin / | \?) 10 0% 0 0/2017/04 16: 15: 45 | Inkqubo: refresh_pattern. 

Silungelelanisa iimvume kwi / usr / lib64 / squid / esisiseko_pam_auth

[(Imeyile ikhuselwe) ~] # chmod u + s / usr / lib64 / squid / basic_pam_auth

Senza isikhombisi se-cache

# Xa kunjalo ... [root @ linuxbox ~] # service squid stop
Ukuqondisa kwakhona kwi / bin / systemctl stop squid.service

[(Imeyile ikhuselwe) ~] # squid -z
[(Imeyile ikhuselwe) ~] # 2017/04/16 15:48:28 kid1 | Cwangcisa i-Directory yangoku kwi / var / spool / squid 2017/04/16 15:48:28 kid1 | Ukwenza iirejista zotshintsho ezilahlekileyo 2017/04/16 15:48:28 kid1 | / var / spool / squid ikhona 2017/04/16 15:48:28 kid1 | Ukwenza imikhombandlela kwi / var / spool / squid / 00 2017/04/16 15:48:28 kid1 | Ukwenza imikhombandlela kwi / var / spool / squid / 01 2017/04/16 15:48:28 kid1 | Ukwenza imikhombandlela kwi / var / spool / squid / 02 2017/04/16 15:48:28 kid1 | Ukwenza imikhombandlela kwi / var / spool / squid / 03 2017/04/16 15:48:28 kid1 | Ukwenza imikhombandlela kwi / var / spool / squid / 04 2017/04/16 15:48:28 kid1 | Ukwenza imikhombandlela kwi / var / spool / squid / 05 2017/04/16 15:48:28 kid1 | Ukwenza imikhombandlela kwi / var / spool / squid / 06 2017/04/16 15:48:28 kid1 | Ukwenza imikhombandlela kwi / var / spool / squid / 07 2017/04/16 15:48:28 kid1 | Ukwenza imikhombandlela kwi / var / spool / squid / 08 2017/04/16 15:48:28 kid1 | Ukwenza imikhombandlela kwi / var / spool / squid / 09 2017/04/16 15:48:28 kid1 | Ukwenza imikhombandlela kwi / var / spool / squid / 0A 2017/04/16 15:48:28 kid1 | Ukwenza imikhombandlela kwi / var / spool / squid / 0B 2017/04/16 15:48:28 kid1 | Ukwenza imikhombandlela kwi / var / spool / squid / 0C 2017/04/16 15:48:29 kid1 | Ukwenza imikhombandlela kwi / var / spool / squid / 0D 2017/04/16 15:48:29 kid1 | Ukwenza imikhombandlela kwi / var / spool / squid / 0E 2017/04/16 15:48:29 kid1 | Ukwenza imikhombandlela kwi / var / spool / squid / 0F

Okwangoku, ukuba kuthatha ixesha ukubuyisa umyalelo okhawulezileyo- ongazange wabuyiselwa kum - cinezela u-Enter.

[root @ linuxbox ~] # service squid start
[root @ linuxbox ~] # service squid restart
[root @ linuxbox ~] # inkonzo yesquid status
Iphinda ithumele kwi / bin / systemctl status squid.service ● inkonzo yeskwidi -Service caching proxy Loaded: loaded (/usr/lib/systemd/system/squid.service; disabled; preset preset: disabled) Iyasebenza: iyasebenza (iyasebenza) ukusukela kulawulo 2017-04-16 15:57:27 EDT; Inkqubo ye-1 eyadlulayo: 2844 ExecStop = / usr / sbin / squid -k shutdown -f $ SQUID_CONF (code = exited, status = 0 / SUCCESS) Inkqubo: 2873 ExecStart = / usr / sbin / squid $ SQUID_OPTS -f $ SQUID_CONF (code = ukuphuma, iwonga = 0 / IMPUMELELO) Inkqubo: 2868 ExecStartPre = / usr / libexec / squid / cache_swap.sh (ikhowudi = iphumile, inqanaba = 0 / IMPUMELELO) I-PID ephambili: 2876 (squid) CGroup: /system.slice/squid inkonzo └─2876 / usr / sbin / squid -f /etc/squid/squid.conf Apr 16 15:57:27 linuxbox systemd [1]: Ukuqala ummeli wokugcina i-squid ... Apr 16 15:57:27 linuxbox systemd [1]: Ummeli wokugcina i-squid proxy. Ngomhla we-16 ka-Ephreli 15:57:27 linuxbox squid [2876]: Umzali weSkwidi: uza kuqala abantwana abayi-1 kuMatshi 16 15:57:27 linuxbox squid [2876]: Umzali weSkwidi: (squid-1) inkqubo 2878 ... ed Apr 16 15 : 57: 27 linuxbox squid [2876]: Umzali weSkwidi: (squid-1) inkqubo 2878 ... 1 Ingcebiso: Eminye imigca idlulisiwe, sebenzisa -l ukubonisa ngokupheleleyo

[(Imeyile ikhuselwe) ~] # ikati / var / log / imiyalezo | grep squid

Ukulungiswa kweFirewall

Kuya kufuneka sivule kwiZoni «ngaphandle"Izibuko 80HTTP y I-443 HTTPS ke i-squid iyakwazi ukunxibelelana ne-Intanethi.

[root @ linuxbox ~] # firewall-cmd -zone = yangaphandle -add-port = 80 / tcp -isigxina
impumelelo
[root @ linuxbox ~] # firewall-cmd -zone = yangaphandle -add-port = 443 / tcp -isigxina
impumelelo
[root @ linuxbox ~] # firewall-cmd -phinda ulayishe
impumelelo
[root @ linuxbox ~] # firewall-cmd -info-zone yangaphandle
yangaphandle (esebenzayo) ekujolise kuyo: icmp-block-inversion emiselweyo: akukho ndawo yokuhlangana: imithombo ye-ens34: iinkonzo: amazibuko e-dns: 443 / tcp 53 / udp 80 / tcp 53 / tcp
  Iiprotokholi: i-masquerade: ewe phambili-amazibuko: iindawo zemithombo yolwazi: iibhlokhi zebhloksi: ingxaki yeparamitha yokuhambisa kwakhona umzila-wentengiso umzila-wokucela imithombo-yokucima imithetho etyebileyo:
  • Ayisiyonto ilandelayo ukuya kwisicelo somzobo «Uqwalaselo lomlilo»Kwaye ujonge ukuba amazibuko angama-443 tcp, 80 tcp, 53 tcp, kunye nama-53 udp avulelekile kummandla«ngaphandle«, Kwaye asikaze sipapashe nayiphi na inkonzo kuye.

Qaphela kwinkqubo esisiseko_pam_auth yomncedisi

Ukuba sijonga incwadana yale nto umntu osisiseko_pam_auth Siza kufunda ukuba umbhali ngokwakhe wenza ingcebiso eyomeleleyo yokuba inkqubo ihanjiselwe kwisikhombisi apho abasebenzisi abaqhelekileyo bengenayo imvume eyaneleyo yokufikelela kwisixhobo.

Kwelinye icala, kuyaziwa ukuba ngesi sikimu sokugunyazisa, iziqinisekiso zihamba ngokubhaliweyo okucacileyo kwaye akukhuselekanga kwimeko enobutshaba, funda iinethiwekhi ezivulekileyo.

UJeff Yestrumskas nikela inqaku «Njani-uku: Cwangcisa ummeli wewebhu okhuselekileyo usebenzisa ukubethela kwe-SSL, iProxy Caching Proxy kunye nokuqinisekiswa kwePAM»Kumcimbi wokonyusa ukhuseleko ngale nkqubo yokuqinisekisa ukuze isetyenziswe kuthungelwano oluvulekileyo olunokuba nobutshaba.

Sifaka i-httpd

Njengendlela yokujonga ukusebenza kwe-squid -kwakhona nge-Dnsmasq- siza kuyifaka inkonzo httpd -Apache web server- engafunekiyo ukuba yenziwe. Kwifayile enxulumene ne-Dnsmasq / njl / i-banner_add_hosts Sibhengeza iisayithi esifuna ukuvinjelwa kuzo, kwaye sinikezela ngokucacileyo idilesi ye-IP efanayo ibhokisi ye-linux. Ke, ukuba sicela ukufikelela nakwezinye zezi ndawo, iphepha lasekhaya httpd.

[(Imeyile ikhuselwe) ~] # yum faka i-httpd [ingcambu @ linuxbox ~] # systemctl yenza i-httpd
Yenza i-symlink ukusuka /etc/systemd/system/multi-user.target.wants/httpd.service to /usr/lib/systemd/system/httpd.service.

[(Imeyile ikhuselwe) ~] # systemctl qala httpd

[(Imeyile ikhuselwe) ~] # systemctl imeko httpd
● httpd.inkonzo-Iseva ye-Apache HTTP ilayishiwe: ilayishiwe (/usr/lib/systemd/system/httpd.service; yenziwe; umisela kwangaphambili umthengisi: ukhubazekile) Uyasebenza: uyasebenza (uyasebenza) ukusukela ngeLanga 2017-04-16 16:41: I-35 EDT; I-5s eyadlulayo Amaxwebhu: indoda: httpd (8) indoda: apachectl (8) I-PID ephambili: 2275 (httpd) Isimo: "Ukuqhubekiswa kwezicelo ..." Iqela: / inkqubo.slice/httpd.service ├─2275 / usr / sbin / I-httpd -DFOREGROUND ├─2276 / usr / sbin / httpd -DFOREGROUND ├─2277 / usr / sbin / httpd -DFOREGROUND ├─2278 / usr / sbin / httpd -DFOREGROUND ├─2279 / usr / sbin / httpd -DFOREGROUND └─2280 / usr / sbin / httpd -DFOREGROUND Apr 16 16:41:35 linuxbox systemd [1]: Ukuqala i-Apache HTTP Server ... Apr 16 16:41:35 linuxbox systemd [1]: Qalisa i-Apache HTTP Server.

SELinux kunye neApache

I-Apache inemigaqo-nkqubo emininzi yokumisela ngaphakathi komxholo we-SELinux.

[(Imeyile ikhuselwe) ~] # getsebool -a | grep httpd
httpd_anon_write -> ukucinywa httpd_builtin_scripting -> kwi httpd_can_check_spam -> off httpd_can_connect_ftp -> off httpd_can_connect_ldap -> off httpd_can_connect_mythtv -> off httpd_can_connect network off_zabbix_> offbbb_bb httpd_can_network_memcache -> off httpd_can_network_relay -> off httpd_can_sendmail -> off httpd_dbus_avahi -> off httpd_dbus_sssd -> off httpd_dontaudit_search_dirs -> off httpd_enable_cgi -> httpd_enable_offmirs -> httpd_enable_ offpd_server_enable offp -> httpd_enablem offpd_server_enablecgi off -> offhpd_enablemXNUMX httpd_graceful_shutdown -> kwi httpd_manage_ipa -> off httpd_mod_auth_ntlm_winbind -> off httpd_mod_auth_pam -> off httpd_read_user_content -> off httpd_run_ipa -> off httpd_run_preupgrade -> off http off_rrdshi httpd_ssi_exec -> ukucinywa httpd_sys_script_anon_write -> kucinyiwe httpd_tmp_exec -> kucinyiwe httpd_tty_comm - > off httpd_unified -> off httpd_use_cifs -> off httpd_use_fusefs -> off httpd_use_gpg -> off httpd_use_nfs -> off httpd_use_openstack -> off httpd_use_sasl -> off httpd_verify_dns -> off

Siza kuqwalasela oku kulandelayo kuphela:

Thumela i-imeyile nge-Apache

ingcambu @ linuxbox ~] # eselebool -P httpd_can_sendmail 1

Vumela i-Apache ukuba ifunde imixholo ebekwe kulawulo lwabasebenzisi basekhaya

ingcambu @ linuxbox ~] # eselebool -P httpd_read_user_content 1

Vumela ukulawula nge-FTP okanye i-FTPS nasiphi na isikhombisi esilawulwa
Apache okanye vumela i-Apache ukuba isebenze njengomncedisi we-FTP emamele izicelo kwizibuko le-FTP

[(Imeyile ikhuselwe) ~] # eselebool -P httpd_enable_ftp_server 1

Ngolwazi oluthe kratya, nceda ufunde Uqwalaselo lweServer yeLinux.

Sijonga uQinisekiso

Kuhlala kuphela ukuvula isikhangeli kwindawo yokusebenza kunye nenqaku, umzekelo, ukuya http://windowsupdate.com. Siza kuqinisekisa ukuba isicelo siqondiswe ngokuchanekileyo kwiphepha lasekhaya le-Apache kwi-linuxbox. Ngapha koko, naliphi na igama lesiza elibhengeziweyo kwifayile / njl / i-banner_add_hosts uya kuthunyelwa kwelinye iphepha.

Imifanekiso ekupheleni kwenqaku iyakungqina oko.

Ulawulo lwaBasebenzisi

Senza oko sisebenzisa isixhobo somzobo «Ulawulo lwabasebenzisi»Esifikelela kuyo kwimenyu yeNkqubo -> uLawulo -> Ulawulo lomsebenzisi. Ngalo lonke ixesha sisongeza umsebenzisi omtsha, incwadi eneenkcukacha iyenziwa / ikhaya / umsebenzisi ngokuzenzekelayo.

I-backups

Abathengi beLinux

Ufuna kuphela isikhangeli esiqhelekileyo sefayile kwaye ubonise ukuba ufuna ukudibanisa, umzekelo: ssh: // buzz @ linuxbox / ikhaya / buzz kwaye emva kokungenisa igama eligqithisiweyo, isikhombisi siya kubonakala ikhaya yomsebenzisi buzz.

Abaxhasi beWindows

Kubathengi beWindows, sisebenzisa isixhobo WinSCP. Nje ukuba ifakwe, siyisebenzisa ngale ndlela ilandelayo:

Elula, akunjalo?

Isishwankathelo

Sibonile ukuba kunokwenzeka ukuba kusetyenziswe i-PAM ukungqinisisa iinkonzo kwinethiwekhi encinci nakwindawo elawulwayo ehlukaniswe kwaphela nezandla imigewu. Ikakhulu kungenxa yokuba iziqinisekiso zokungqinisisa zihamba kwisicatshulwa esicacileyo kwaye ke ayisiyiyo inkqubo yokuqinisekisa enokusetyenziswa kuthungelwano oluvulekileyo olufana neenqwelo moya, iinethiwekhi zeWi-Fi, njl. Nangona kunjalo, yindlela elula yokugunyazisa, ekulula ukuyisebenzisa kunye nokumisela.

Imithombo kudityenwe nayo

Inguqulelo yePDF

Khuphela uguqulelo lwePDF apha.

Kude kube kwinqaku elilandelayo!


Izimvo ezi-9, shiya ezakho

Shiya uluvo lwakho

Idilesi yakho ye email aziyi kupapashwa. ezidingekayo ziphawulwe *

*

*

  1. Uxanduva lwedatha: UMiguel Ángel Gatón
  2. Injongo yedatha: Ulawulo lwe-SPAM, ulawulo lwezimvo.
  3. Umthetho: Imvume yakho
  4. Unxibelelwano lwedatha: Idatha ayizukuhanjiswa kubantu besithathu ngaphandle koxanduva lomthetho.
  5. Ukugcinwa kweenkcukacha
  6. Amalungelo: Ngalo naliphi na ixesha unganciphisa, uphinde uphinde ucime ulwazi lwakho.

  1.   nautilus sitsho

    Isikhundla esikhulu siphilisiwe, mhlekazi. Enkosi ngokwabelana ngolwazi lwakho.

  2.   icikilishe sitsho

    Ndiyazi ukuba kunzima kanjani ukudibanisa inqaku elinenqanaba elinje leenkcukacha, kuvavanyo olucacileyo kwaye ngaphezu kwako konke kunye neengcinga kunye nezicwangciso ezilungiselelwe imigangatho. Ndithatha nje umnqwazi wam ndisiya kula jewel yeminikelo, enkosi kakhulu uFico ngomsebenzi olunge kangaka.

    Andikaze ndidibanise iskwidi kunye nokuqinisekiswa kwe-pam kodwa ndiye kude kangangoko ndinako ukwenza lo mkhuba kwilabhoratri yam ... Yangana kwaye siqhubeke !!

  3.   UFrederick sitsho

    NaTiluS: Enkosi kakhulu ngengcaciso novavanyo lwakho.
    Lizard: Nawe, enkosi kakhulu ngengcaciso novavanyo lwakho.

    Ixesha kunye nomzamo ozinikele ekwenzeni amanqaku afana neli livuzwa kuphela ngokufunda kunye nezimvo zabo batyelela indawo yaseLinux. Ndiyathemba ukuba iluncedo kuwe kwimisebenzi yakho yemihla ngemihla.
    Siyaqhubeka!

  4.   engaziwa sitsho

    Igalelo lommi elimangalisayo !!!! Ndifundile inqaku lakho ngalinye kwaye ndingatsho ukuba nomntu ongenalo ulwazi oluphambili lweSoftware yasimahla (njengam) unokulandela eli nqaku libalaseleyo inyathelo ngenyathelo. Masinwabe !!!!

  5.   IWO sitsho

    Enkosi Fico ngeli nqaku libalaseleyo; Njengokuba oko kwakungonelanga kuzo zonke izithuba esele zipapashiwe, kule sinenkonzo engakhange igutyungelwe ngaphambili yiPYMES Series kwaye ibaluleke kakhulu: i "SQUID" okanye iProxy ye-LAN. Akukho nto kuthi yosapho lwabo bacinga ukuba sizi "sysadmins" ezinazo ezinye izinto ezilungileyo zokufunda kunye nokwenza nzulu ulwazi lwethu.

  6.   UFrederick sitsho

    Ndiyabulela nonke ngezimvo zenu. Inqaku elilandelayo liza kujongana ne-Prosody chat server ngokuqinisekiswa ngokuchasene neziqinisekiso zasekhaya (i-PAM) nge-Cyrus-SASL, kwaye le nkonzo iya kuphunyezwa kwakule seva inye.

  7.   lwenotshi sitsho

    Ngexesha elifanelekileyo ilizwe lakowethu !!!! Igalelo elikhulu nakwabo banjengam abanalo ulwazi olukhulu ngeSoftware yasimahla kwaye banomdla wokufunda ngamanqaku afanelekileyo njengalo. Kudala ndilandela igalelo lakho kwaye ndingathanda ukwazi ukuba leliphi inqaku onokuthi undicebise ngalo ukuba ndiqale kolu luhlu lweeNethiwekhi zeSME, kuba bendifunda ngendlela engalunganga kwaye ndicinga ukuba inezinto ezinomxholo obalulekileyo wokuphosa nayiphi na inkcukacha. Ngaphandle kokunye, ukubingelela kwaye ngamana ulwazi ekwabelwana ngalo kunye neSoftware luhlale lukhululekile !!

    1.    UFrederick sitsho

      Ndiyabulisa lizwe !!! Ndikucebisa ukuba uqale ekuqaleni, nangona kungabonakala ngathi yindlela ende, yeyona ndlela imfutshane ukuze ungalahleki. Kwisalathiso-esingahlaziywa ngamanqaku amabini okugqibela- https://blog.desdelinux.net/redes-computadoras-las-pymes-introduccion/, Simisele ulungelelwaniso lokufunda olucetyiswayo loluhlu, oluqala ngendlela yokwenza my Indawo yokusebenza, iyaqhubeka ngezithuba ezininzi ezinikezelwe kumxholo Ukunyanzeliswa, Landela ngeemvulophu ezininzi Bopha, Isc-Dhcp-Server, kunye ne-Dnsmasq, njalo njalo de sifike kwinxalenye yokuphunyezwa kwenkonzo yenethiwekhi ye-SME, kulapho sikhoyo ngoku. Ndiyathemba ukuba iyakunceda.

      1.    lwenotshi sitsho

        Kuya kuba !!!! Kwaoko ndiqala ngothotho kwasekuqaleni kwaye ndijonge phambili kumanqaku amatsha. Masinwabe !!!!