小島大和
2007-08-18, 10:49 PM
一、前言
講完安裝篇後~現在開始來講設定篇^^"
首先大家都安裝完畢了對吧~""
至於管理Linux對一個網管來說當然會選擇最方便的工具Webmin
不過它可能會阻礙到你學習Linux因為它太方便了!
這篇文章為了讓初學者也能輕易看懂並做的出來~
所以會使用Webmin搭配來設定!
主要是iptables這部分我是會使用Webmin來說明的~
對於一般初學者來說這部分是比較難的部分^^"
二、基本設定
(一)pppoe撥接上網設定(pppoe撥接使用者才需要看喔!)
#/usr/sbin/adsl-setup
建立新的連線
Welcome to the ADSL client setup. First, I will run some checks on
your system to make sure the PPPoE client is installed properly...
LOGIN NAME
Enter your Login Name (default root):← 填入ADSL連線帳號
INTERFACE
Enter the Ethernet interface connected to the ADSL modem
For Solaris, this is likely to be something like /dev/hme0.
For Linux, it will be ethX, where 'X' is a number.
(default eth0):← 指定網卡(一片網卡的話就用預設、兩片以上先確認哪一片是接數據機的)
Do you want the link to come up on demand, or stay up continuously?
If you want it to come up on demand, enter the idle time in seconds
after which the link should be dropped. If you want the link to
stay up permanently, enter 'no' (two letters, lower-case.)
NOTE: Demand-activated links do not interact well with dynamic IP
addresses. You may have some problems with demand-activated links.
Enter the demand value (default no):← 直接按Enter,用預設值
DNS
Please enter the IP address of your ISP's primary DNS server.
If your ISP claims that 'the server will provide dynamic DNS addresses',
enter 'server' (all lower-case) here.
If you just press enter, I will assume you know what you are
doing and not modify your DNS setup.
Enter the DNS information here:← 按Enter自動取得
PASSWORD
Please enter your Password:← 輸入ADSL的連線密碼
Please re-enter your Password:← 再次確認輸入ADSL的連線接密碼
USERCTRL
Please enter 'yes' (two letters, lower-case.) if you want to allow
normal user to start or stop DSL connection (default yes):no← 填入no不允許一般使用者使用PPPoE的連接
FIREWALLING
Please choose the firewall rules to use. Note that these rules are
very basic. You are strongly encouraged to use a more sophisticated
firewall setup; however, these will provide basic security. If you
are running any servers on your machine, you must choose 'NONE' and
set up firewalling yourself. Otherwise, the firewall rules will deny
access to all standard servers like Web, e-mail, ftp, etc. If you
are using SSH, the rules will block outgoing SSH connections which
allocate a privileged source port.
The firewall choices are:
0 - NONE: This script will not set any firewall rules. You are responsible
for ensuring the security of your machine. You are STRONGLY
recommended to use some kind of firewall rules.
1 - STANDALONE: Appropriate for a basic stand-alone web-surfing workstation
2 - MASQUERADE: Appropriate for a machine acting as an Internet gateway
for a LAN
Choose a type of firewall (0-2):0← 輸入0,不在這裡使用防火牆
Start this connection at boot time
Do you want to start this connection at boot time?
Please enter no or yes (default no): yes← 填入yes,在系統啟動時自動連線
** Summary of what you entered **
Ethernet Interface: eth0
User name: [email protected]
Activate-on-demand: No
DNS: Do not adjust
Firewalling: NONE
User Control: no
Accept these settings and adjust configuration files (y/n)?確認沒問題之後按y
Adjusting /etc/sysconfig/network-scripts/ifcfg-ppp0
Adjusting /etc/ppp/chap-secrets and /etc/ppp/pap-secrets
(But first backing it up to /etc/ppp/chap-secrets.bak)
(But first backing it up to /etc/ppp/pap-secrets.bak)
Congratulations, it should be all set up!
Type '/sbin/ifup ppp0' to bring up your xDSL link and '/sbin/ifdown ppp0'
to bring it down.
Type '/sbin/adsl-status /etc/sysconfig/network-scripts/ifcfg-ppp0'
to see the link status.
# adsl-start ← 啟動ADSL連線</p>
# ← 等一下後若啟動成功後出現#的畫面(無任何訊息表示連線成功)
(二)sshd設定
因為設定的時候我個人習慣是透過SSH連線,在windows上設定linux!
需先自備SSH客戶端這邊推薦使用
PieTTY http://ntu.csie.org/~piaip/pietty/stable/pietty0327.exe
在CentOS4.5如果有裝入sshd的話開機是預設啟動的!
所以我們可以直接打入我們的ip位址登入!
http://imkojima.info/wp-content/uploads/2007/08/ssh1.jpg
這裡我們先用root登入
但是為了安全起見,我們先新增一個管理員的普通使用者帳號
#useradd admin
#passwd admin
以上帳號密碼不必相同。
在設定只允許此帳號登入sshd
#cp /etc/ssh/sshd_config /etc/ssh/sshd_config.bak (先建立備份)
#vi /etc/ssh/sshd_config (使用vi修改設定檔、請到鳥哥私房菜詳閱vi指令)
先按i開始修改
在文件最後一行加上
AllowUsers admin
按esc再打入:wq存檔離開
這樣sshd除了admin此使用者其他使用者一律不會讓他們登入!
#/etc/rc.d/init.d/sshd restart (再重新啟動^^")
之後再用admin(剛剛新增的管理員帳號登入)
再用su指令切換使用者至root
#su root
這樣就可以開始設定了^^"
(三)關閉 SELinux (在安裝步驟忘記關閉的才需要看喔!)
就用vi修改SELinux(檔案防護設定)設定檔
#vi /etc/sysconfig/selinux
SELINUX=enforcing 改成--> SELINUX=disabled
(四)關閉、啟動基本服務
#/usr/sbin/ntsysv
只留下以下服務:
acpid
anacron
cpuspeed
crond
network
sshd
syslog
yum-updatesd
為了伺服器的安全性所以其他不會用到或是還沒設定好的服務先將它取消開機執行!
(五)yum更新套件
更新:yum update
安裝:yum install xxx
移除:yum remove xxx
清除已經安裝過的檔案(/var/cache/yum/):yum clean all
搜尋:yum search xxx
列出所有檔案:yum list
查詢檔案訊息:yum info xxx
群組安裝功能:
yum grouplist
yum groupinstall "Web Server"
(六)建立yum非官方資料庫
# vi /etc/yum.repos.d/dag.repo ← 建立dag.repo定義非官方資料庫!
[dag]
name=Dag RPM Repository for Red Hat Enterprise Linux
baseurl=http://apt.sw.be/redhat/el$releasever/en/$basearch/dag
gpgcheck=1
enabled=1
# rpm --import <a href="http://dag.wieers.com/rpm/packages/RPM-GPG-KEY.dag.txthttp://dag.wieers.com/rpm/packages/RPM-GPG-KEY.dag.txt</a> ←導入非官方資料庫的GPG
(七)RPM基本指令介紹
安裝:rpm -ivh xxx
移除:rpm -e xxx
升級:rpm -Uvh xxx
查詢:
rpm -qa | grep xxx
rpm -qi xxx
rpm -ql xxx
rpm -qc xxx
rpm -qf /etc/yum.conf
rpm -qpi xxx
(八)Webmin+iptables設定
webmin是個方便的工具!
不過可能會影響我們學習linux所以這裡只用webmin來設定iptables
先停止防火牆#/etc/rc.d/init.d/iptables stop
再安裝webmin
先使用wget指令下載webmin的rpm
#wget http://nchc.dl.sourceforge.net/sourceforge/webadmin/webmin-1.360-1.noarch.rpm
之後再執行
#rpm -ivh webmin-1.360-1.noarch.rpm
安裝完畢後登入
http://IP:10000/
用root帳密登入
[IMG]http://imkojima.info/wp-content/uploads/2007/08/webmin.png
首先會看到系統資訊
http://imkojima.info/wp-content/uploads/2007/08/webmin2.png
先來更改預設語言
http://imkojima.info/wp-content/uploads/2007/08/webmin3.png
http://imkojima.info/wp-content/uploads/2007/08/webmin4.png
再來更改root的語言設定
http://imkojima.info/wp-content/uploads/2007/08/webmin5.png
更改完按Ctrl+F5更新就有中文介面了
再來就是設定防火牆了在網路組織底下的LinuxFirewall
因為這是我已經更改過的防火牆規則所以圖跟你的有些不同!
有些預設服務系統已經幫我們建立好了(只要安裝的時候有勾都會幫你設定好)
點圖示右邊圈起部分新增規則
http://imkojima.info/wp-content/uploads/2007/08/webmin6.png
新增要通過規則
http://imkojima.info/wp-content/uploads/2007/08/webmin7.png
照下圖設定
http://imkojima.info/wp-content/uploads/2007/08/webmin8.png
用上述圖示先建立port 10000 給webmin用在啟動一次防火牆
#/etc/rc.d/init.d/iptables start
伺服器篇待續....
By 小島大和
本文只在PCZONE及01和MyChat發表
原文位置在http://imkojima.info/?p=107
轉載請著名原文位址和作者名
敬請賜教http://imkojima.info/wp-content/uploads/2007/08/16.gif
最後修訂070818
贊助商連結
講完安裝篇後~現在開始來講設定篇^^"
首先大家都安裝完畢了對吧~""
至於管理Linux對一個網管來說當然會選擇最方便的工具Webmin
不過它可能會阻礙到你學習Linux因為它太方便了!
這篇文章為了讓初學者也能輕易看懂並做的出來~
所以會使用Webmin搭配來設定!
主要是iptables這部分我是會使用Webmin來說明的~
對於一般初學者來說這部分是比較難的部分^^"
二、基本設定
(一)pppoe撥接上網設定(pppoe撥接使用者才需要看喔!)
#/usr/sbin/adsl-setup
建立新的連線
Welcome to the ADSL client setup. First, I will run some checks on
your system to make sure the PPPoE client is installed properly...
LOGIN NAME
Enter your Login Name (default root):← 填入ADSL連線帳號
INTERFACE
Enter the Ethernet interface connected to the ADSL modem
For Solaris, this is likely to be something like /dev/hme0.
For Linux, it will be ethX, where 'X' is a number.
(default eth0):← 指定網卡(一片網卡的話就用預設、兩片以上先確認哪一片是接數據機的)
Do you want the link to come up on demand, or stay up continuously?
If you want it to come up on demand, enter the idle time in seconds
after which the link should be dropped. If you want the link to
stay up permanently, enter 'no' (two letters, lower-case.)
NOTE: Demand-activated links do not interact well with dynamic IP
addresses. You may have some problems with demand-activated links.
Enter the demand value (default no):← 直接按Enter,用預設值
DNS
Please enter the IP address of your ISP's primary DNS server.
If your ISP claims that 'the server will provide dynamic DNS addresses',
enter 'server' (all lower-case) here.
If you just press enter, I will assume you know what you are
doing and not modify your DNS setup.
Enter the DNS information here:← 按Enter自動取得
PASSWORD
Please enter your Password:← 輸入ADSL的連線密碼
Please re-enter your Password:← 再次確認輸入ADSL的連線接密碼
USERCTRL
Please enter 'yes' (two letters, lower-case.) if you want to allow
normal user to start or stop DSL connection (default yes):no← 填入no不允許一般使用者使用PPPoE的連接
FIREWALLING
Please choose the firewall rules to use. Note that these rules are
very basic. You are strongly encouraged to use a more sophisticated
firewall setup; however, these will provide basic security. If you
are running any servers on your machine, you must choose 'NONE' and
set up firewalling yourself. Otherwise, the firewall rules will deny
access to all standard servers like Web, e-mail, ftp, etc. If you
are using SSH, the rules will block outgoing SSH connections which
allocate a privileged source port.
The firewall choices are:
0 - NONE: This script will not set any firewall rules. You are responsible
for ensuring the security of your machine. You are STRONGLY
recommended to use some kind of firewall rules.
1 - STANDALONE: Appropriate for a basic stand-alone web-surfing workstation
2 - MASQUERADE: Appropriate for a machine acting as an Internet gateway
for a LAN
Choose a type of firewall (0-2):0← 輸入0,不在這裡使用防火牆
Start this connection at boot time
Do you want to start this connection at boot time?
Please enter no or yes (default no): yes← 填入yes,在系統啟動時自動連線
** Summary of what you entered **
Ethernet Interface: eth0
User name: [email protected]
Activate-on-demand: No
DNS: Do not adjust
Firewalling: NONE
User Control: no
Accept these settings and adjust configuration files (y/n)?確認沒問題之後按y
Adjusting /etc/sysconfig/network-scripts/ifcfg-ppp0
Adjusting /etc/ppp/chap-secrets and /etc/ppp/pap-secrets
(But first backing it up to /etc/ppp/chap-secrets.bak)
(But first backing it up to /etc/ppp/pap-secrets.bak)
Congratulations, it should be all set up!
Type '/sbin/ifup ppp0' to bring up your xDSL link and '/sbin/ifdown ppp0'
to bring it down.
Type '/sbin/adsl-status /etc/sysconfig/network-scripts/ifcfg-ppp0'
to see the link status.
# adsl-start ← 啟動ADSL連線</p>
# ← 等一下後若啟動成功後出現#的畫面(無任何訊息表示連線成功)
(二)sshd設定
因為設定的時候我個人習慣是透過SSH連線,在windows上設定linux!
需先自備SSH客戶端這邊推薦使用
PieTTY http://ntu.csie.org/~piaip/pietty/stable/pietty0327.exe
在CentOS4.5如果有裝入sshd的話開機是預設啟動的!
所以我們可以直接打入我們的ip位址登入!
http://imkojima.info/wp-content/uploads/2007/08/ssh1.jpg
這裡我們先用root登入
但是為了安全起見,我們先新增一個管理員的普通使用者帳號
#useradd admin
#passwd admin
以上帳號密碼不必相同。
在設定只允許此帳號登入sshd
#cp /etc/ssh/sshd_config /etc/ssh/sshd_config.bak (先建立備份)
#vi /etc/ssh/sshd_config (使用vi修改設定檔、請到鳥哥私房菜詳閱vi指令)
先按i開始修改
在文件最後一行加上
AllowUsers admin
按esc再打入:wq存檔離開
這樣sshd除了admin此使用者其他使用者一律不會讓他們登入!
#/etc/rc.d/init.d/sshd restart (再重新啟動^^")
之後再用admin(剛剛新增的管理員帳號登入)
再用su指令切換使用者至root
#su root
這樣就可以開始設定了^^"
(三)關閉 SELinux (在安裝步驟忘記關閉的才需要看喔!)
就用vi修改SELinux(檔案防護設定)設定檔
#vi /etc/sysconfig/selinux
SELINUX=enforcing 改成--> SELINUX=disabled
(四)關閉、啟動基本服務
#/usr/sbin/ntsysv
只留下以下服務:
acpid
anacron
cpuspeed
crond
network
sshd
syslog
yum-updatesd
為了伺服器的安全性所以其他不會用到或是還沒設定好的服務先將它取消開機執行!
(五)yum更新套件
更新:yum update
安裝:yum install xxx
移除:yum remove xxx
清除已經安裝過的檔案(/var/cache/yum/):yum clean all
搜尋:yum search xxx
列出所有檔案:yum list
查詢檔案訊息:yum info xxx
群組安裝功能:
yum grouplist
yum groupinstall "Web Server"
(六)建立yum非官方資料庫
# vi /etc/yum.repos.d/dag.repo ← 建立dag.repo定義非官方資料庫!
[dag]
name=Dag RPM Repository for Red Hat Enterprise Linux
baseurl=http://apt.sw.be/redhat/el$releasever/en/$basearch/dag
gpgcheck=1
enabled=1
# rpm --import <a href="http://dag.wieers.com/rpm/packages/RPM-GPG-KEY.dag.txthttp://dag.wieers.com/rpm/packages/RPM-GPG-KEY.dag.txt</a> ←導入非官方資料庫的GPG
(七)RPM基本指令介紹
安裝:rpm -ivh xxx
移除:rpm -e xxx
升級:rpm -Uvh xxx
查詢:
rpm -qa | grep xxx
rpm -qi xxx
rpm -ql xxx
rpm -qc xxx
rpm -qf /etc/yum.conf
rpm -qpi xxx
(八)Webmin+iptables設定
webmin是個方便的工具!
不過可能會影響我們學習linux所以這裡只用webmin來設定iptables
先停止防火牆#/etc/rc.d/init.d/iptables stop
再安裝webmin
先使用wget指令下載webmin的rpm
#wget http://nchc.dl.sourceforge.net/sourceforge/webadmin/webmin-1.360-1.noarch.rpm
之後再執行
#rpm -ivh webmin-1.360-1.noarch.rpm
安裝完畢後登入
http://IP:10000/
用root帳密登入
[IMG]http://imkojima.info/wp-content/uploads/2007/08/webmin.png
首先會看到系統資訊
http://imkojima.info/wp-content/uploads/2007/08/webmin2.png
先來更改預設語言
http://imkojima.info/wp-content/uploads/2007/08/webmin3.png
http://imkojima.info/wp-content/uploads/2007/08/webmin4.png
再來更改root的語言設定
http://imkojima.info/wp-content/uploads/2007/08/webmin5.png
更改完按Ctrl+F5更新就有中文介面了
再來就是設定防火牆了在網路組織底下的LinuxFirewall
因為這是我已經更改過的防火牆規則所以圖跟你的有些不同!
有些預設服務系統已經幫我們建立好了(只要安裝的時候有勾都會幫你設定好)
點圖示右邊圈起部分新增規則
http://imkojima.info/wp-content/uploads/2007/08/webmin6.png
新增要通過規則
http://imkojima.info/wp-content/uploads/2007/08/webmin7.png
照下圖設定
http://imkojima.info/wp-content/uploads/2007/08/webmin8.png
用上述圖示先建立port 10000 給webmin用在啟動一次防火牆
#/etc/rc.d/init.d/iptables start
伺服器篇待續....
By 小島大和
本文只在PCZONE及01和MyChat發表
原文位置在http://imkojima.info/?p=107
轉載請著名原文位址和作者名
敬請賜教http://imkojima.info/wp-content/uploads/2007/08/16.gif
最後修訂070818
贊助商連結