Linux簡(jiǎn)明系統(tǒng)維護(hù)手冊(cè)(二)
2024-08-28 00:23:37
供稿:網(wǎng)友
四����、主要的軟件安裝
前面說(shuō)過(guò)�����,我的習(xí)慣是���,裝系統(tǒng)的時(shí)候就安裝一個(gè)內(nèi)核和編譯系統(tǒng),得到了一個(gè)干凈的系統(tǒng)后��,再安裝其他的軟件就比較清晰����。另一點(diǎn)���,除非搞不到源代碼版本�,一般情況下我都會(huì)下載官方版本的源代碼文件����,來(lái)重新編譯之��。同樣的,選擇軟件版本要根據(jù)該軟件的release note來(lái)決定�,并非越新越好。這就是為什么很多軟件都是幾個(gè)版本齊頭并進(jìn)的發(fā)展之原因���。這些軟件不同版本之間的安裝方法會(huì)有少許不同,安裝前一定要仔細(xì)閱讀目錄中的readme文件和install文件��,否則這些少許不同會(huì)造成不少得麻煩���。下面描述的安裝過(guò)程都核版本號(hào)緊密相關(guān)��。另外��,所有的軟件都把程序文件的包拷貝到/usr/local/src目錄中再解壓縮,這是習(xí)慣��。因?yàn)樵趌inux中習(xí)慣于把后來(lái)的軟件裝在/usr/local中。
(1)安裝dns服務(wù)器
1����、從www.isc.org下載bind 域名服務(wù)器軟件。我們這里用的是bind8.3.0��,bind8分支和bind9分支是并行發(fā)展的����。根據(jù)自己的實(shí)際情況選擇合適的bind版本�。
2���、mkdir /usr/src/bind83
3�����、下載的文件叫bind-src.tar.gz�����,復(fù)制到/usr/local/src/bind83目錄下���。
4、cd /usr/local/src/bind83
5����、tar zxvf bind-src.tar.gz
6���、cd src
7�����、make stdlinks
8����、make clean
9���、make depend
10���、make all
11�����、make install
12��、編輯配置文件:/etc/named.conf內(nèi)容如下���,需要更改的部分用黑體標(biāo)出:
/*
* this is a worthless, nonrunnable example of a named.conf file that has
* every conceivable syntax element in use. we use it to test the parser.
* it could also be used as a conceptual template for users of new features.
*/
/*
* c-style comments are ok
*/
// so are c++-style comments
# so are shell-style comments
// watch out for ";" -- it's important!
options {
directory "/var/named";
// use current directory
named-xfer "/usr/libexec/named-xfer";
// _path_xfer
dump-file "named_dump.db";
// _path_dumpfile
pid-file "/var/run/named.pid";
// _path_pidfile
statistics-file "named.stats";
// _path_stats
memstatistics-file "named.memstats";
// _path_memstats
check-names master fail;
check-names slave warn;
check-names response ignore;
host-statistics no;
deallocate-on-exit no;
// painstakingly deallocate all
// objects when exiting instead of
// letting the os clean up for us.
// useful a memory leak is suspected.
// final statistics are written to the
// memstatistics-file.
datasize default;
stacksize default;
coresize default;
files unlimited;
recursion yes;
fetch-glue yes;
fake-iquery no;
notify yes;
// send notify messages. you can set
// notify on a zone-by-zone
// basis in the "zone" statement
// see (below)
serial-queries 4;
// number of parallel soa queries
// we can have outstanding for master
// zone change testing purposes
auth-nxdomain yes;
// always set aa on nxdomain.
// don't set this to 'no' unless
// you know what you're doing -- older
// servers won't like it.
multiple-cnames no;
// if yes, then a name my have more
// than one cname rr. this use
// is non-standard and is not
// recommended, but it is available
// because previous releases supported
// it and it was used by large sites
// for load balancing.
allow-query { any; };
allow-transfer { any; };
transfers-in 10;
// default_xfers_running, cannot be
// set > than max_xfers_running (20)
transfers-per-ns 2;
// default_xfers_per_ns
transfers-out 0;
// not implemented
max-transfer-time-in 120;
// max_xfer_time; the default number
// of minutes an inbound zone transfer
// may run. may be set on a per-zone
// basis.
transfer-format one-answer;
query-source address * port *;
/*
* the "forward" option is only meaningful if you've defined
* forwarders. "first" gives the normal bind
* forwarding behavior, i.e. ask the forwarders first, and if that
* doesn't work then do the full lookup. you can also say
* "forward only;" which is what used to be specified with
* "slave" or "options forward-only". "only" will never attempt
* a full lookup; only the forwarders will be used.
*/
forward first;
forwarders { };
// default is no forwarders
topology { localhost; localnets; };
// prefer local nameservers
listen-on port 53 { any; };
// listen for queries on port 53 on
// any interface on the system
// (i.e. all interfaces). the
// "port 53" is optional; if you
// don't specify a port, port 53
// is assumed.
/*
* interval timers
*/
cleaning-interval 60;
// clean the cache of expired rrs
// every 'cleaning-interval' minutes
interface-interval 60;
// scan for new or deleted interfaces
// every 'interface-interval' minutes
statistics-interval 60;
// log statistics every
// 'statistics-interval' minutes
maintain-ixfr-base no;
// if yes, keep transaction log file for ixfr
max-ixfr-log-size 20;
// not implemented, maximum size the
// ixfr transaction log file to grow
};
/*
* control listeners, for "ndc". every nameserver needs at least one.
*/
controls {
inet * port 52 allow { any; };
// a bad idea
unix "/var/run/ndc" perm 0600 owner 0 group 0;
// the default
};
zone "rd.xxx.com" in {
type master;
// what used to be called "primary"
file "rd.xxx.com.db";
check-names fail;
allow-update { none; };
allow-transfer { any; };
allow-query { any; };
// notify yes;
// send notify messages for this
// zone? the global option is used
// if "notify" is not specified
// here.
also-notify { };
// don't notify any nameservers other
// than those on the ns list for this
// zone
};
zone "223.99.211.in-addr.arpa" in {
type master;
// what used to be called "secondary"
file "21.9.22.db";
};
zone "0.0.127.in-addr.arpa" in {
type master;
file "127.0.0.db";
};
zone "." in {
type hint;
// used to be specified w/ "cache"
file "named.root";
};
logging {
/*
* all log output goes to one or more "channels"; you can make as
* many of them as you want.
*/
channel syslog_errors {
// this channel will send errors or
syslog user;
// or worse to syslog (user facility)
severity error;
};
category parser {
syslog_errors;
// you can log to as many channels
default_syslog;
// as you want
};
category lame-servers { null; };
// don't log these at all
channel moderate_debug {
severity debug 3;
// level 3 debugging to file
file "foo";
// foo
print-time yes;
// timestamp log entries
print-category yes;
// print category name
print-severity yes;
// print severity level
/*
* note that debugging must have been turned on either
* on the command line or with a signal to get debugging
* output (non-debugging output will still be written to
* this channel).
*/
};
/*
* if you don't want to see "zone xxxx loaded" messages but do
* want to see any problems, you could do the following.
*/
channel no_info_messages {
syslog;
severity notice;
};
category load { no_info_messages; };
/*
* you can also define category "default"; it gets used when no
* "category" statement has been given for a category.
*/
category default {
default_syslog;
moderate_debug;
};
};
13、在/var/named/中生成/etc/named.conf中標(biāo)記的文件:rd.xxx.com.db�����,內(nèi)容如下����,需要修改和調(diào)整相應(yīng)部分:
;authoriative data for rd.xxx.com
;
$ttl 3600
@ in soa compaq.rd.xxx.com. tandongyu.rd.xxx.com. (
20020101 ;serial
3600 ;refresh 1 hour
900 ;retry 15 mins
604800 ;expire 7 days
86400) ;mini 24 hours
;name server ns records
@ in ns compaq.rd.xxx.com.
;mail exchange (mx) records
rd.xxx.com. in mx 0 compaq
;address (a) records.
localhost in a 127.0.0.1
compaq in a 21.9.22.9
tls65 in a 21.9.22.8
fbsd in a 21.9.22.7
14、在/var/named/中生成/etc/named.conf中標(biāo)記的文件:21.9.22.db�����,內(nèi)容如下�,你需要修改相應(yīng)部分:
;
;
$ttl 3600
@ in soa compaq.rd.xxx.com. tandongyu.rd.xxx.com. (
20020101 ;serial
3600 ;refresh
900 ;retry 15 mins
604800 ;expire 7 days
86400) ;mini 24 hours
;nameserver (ns) records
@ in ns compaq.rd.xxx.com.
;address point to name (ptr) records
9 in ptr compaq.rd.xxx.com.
8 in ptr tls65.rd.xxx.com.
7 in ptr fbsd.rd.xxx.com.
15���、在/var/named/中生成/etc/named.conf中標(biāo)記的文件:127.0.0.db,內(nèi)容如下�,你需要修改相應(yīng)部分:
; 0.0.127.in-addr.arpa
$ttl 3600
@ in soa compaq.rd.xxx.com. tandongyu.rd.xxx.com. (
20020101;serial
3600 ;refresh
1800 ;retry
604800 ;expiration
3600 ) ;minimum
in ns compaq.rd.xxx.com.
1 in ptr localhost.
16、在/var/named/中生成/etc/named.conf中標(biāo)記的文件:named.root�,內(nèi)容大致如下。該文件標(biāo)記了14個(gè)域名服務(wù)器�。可以從ftp.rs.internic.net獲得該文件的最新樣本:named.hosts�����,然后改名成你需要的名字,比如:named.root
; this file holds the information on root name servers needed to
; initialize cache of internet domain name servers
; (e.g. reference this file in the "cache . "
; configuration file of bind domain name servers).
;
; this file is made available by internic registration services
; under anonymous ftp as
; file /domain/named.root
; on server ftp.rs.internic.net
; -or- under gopher at rs.internic.net
; under menu internic registration services (nsi)
; submenu internic registration archives
; file named.root
;
; last update: aug 22, 1997
; related version of root zone: 1997082200
;
;
; formerly ns.internic.net
;
. 3600000 in ns a.root-servers.net.
a.root-servers.net. 3600000 a 198.41.0.4
;
; formerly ns1.isi.edu
;
. 3600000 ns b.root-servers.net.
b.root-servers.net. 3600000 a 128.9.0.107
;
; formerly c.psi.net
;
. 3600000 ns c.root-servers.net.
c.root-servers.net. 3600000 a 192.33.4.12
;
; formerly terp.umd.edu
;
. 3600000 ns d.root-servers.net.
d.root-servers.net. 3600000 a 128.8.10.90
;
; formerly ns.nasa.gov
;
. 3600000 ns e.root-servers.net.
e.root-servers.net. 3600000 a 192.203.230.10
;
; formerly ns.isc.org
;
. 3600000 ns f.root-servers.net.
f.root-servers.net. 3600000 a 192.5.5.241
;
; formerly ns.nic.ddn.mil
;
. 3600000 ns g.root-servers.net.
g.root-servers.net. 3600000 a 192.112.36.4
;
; formerly aos.arl.army.mil
;
. 3600000 ns h.root-servers.net.
h.root-servers.net. 3600000 a 128.63.2.53
;
; formerly nic.nordu.net
;
. 3600000 ns i.root-servers.net.
i.root-servers.net. 3600000 a 192.36.148.17
;
; temporarily housed at nsi (internic)
;
. 3600000 ns j.root-servers.net.
j.root-servers.net. 3600000 a 198.41.0.10
;
; housed in linx, operated by ripe ncc
;
. 3600000 ns k.root-servers.net.
k.root-servers.net. 3600000 a 193.0.14.129
;
; temporarily housed at isi (iana)
;
. 3600000 ns l.root-servers.net.
l.root-servers.net. 3600000 a 198.32.64.12
;
; housed in japan, operated by wide
;
. 3600000 ns m.root-servers.net.
m.root-servers.net. 3600000 a 202.12.27.33
; end of file
17���、我們還需要配置/etc/resolv.conf���、/etc/hosts、/etc/hosts.conf文件以適應(yīng)新的狀況����。
18�、一切都結(jié)束后,用/usr/sbin/ndc start命令啟動(dòng)bind,同樣的可用stop����、restart、reload等命令參數(shù)操作�����。
19����、啟動(dòng)后用nslookup命令(有的系統(tǒng)推薦使用dig命令)檢驗(yàn)是否正確����。如果出現(xiàn)錯(cuò)誤,該命令將不能啟動(dòng)�。一般的錯(cuò)誤都是數(shù)據(jù)庫(kù)文件或配置文件筆誤所至。比如少個(gè)“.”或者文件明不正確等等����。
(2) 安裝sendmail服務(wù)器
1、從www.sendmail.org下載最新的版本(這個(gè)snedmail倒是有必要升級(jí)為最新的版本����,因?yàn)樗纳?jí)主要是安全漏洞問(wèn)題)�����。這里說(shuō)明的是用的sendmail-8.12.2.tar.gz
2�、cd /usr/local/src/
3�、把文件下載到:/usr/local/src中
4、tar zxvf sendmail-8.12.2.tar.gz
5�、cd /usr/local/src/sendmail-8.12.2
6�、chmod go-w / /etc /etc/mail /usr /var /var/spool /var/spool/mqueue
7、chown root / /etc /etc/mail /usr /var /var/spool /var/spool/mqueue
8���、cd /usr/local/src/sendmail-8.12.2/sendmail
9��、sh build
10����、cd /usr/local/src/sendmail-8.12.2/cf/cf
11�����、建立文件sendmail.mc內(nèi)容如下�����,你可根據(jù)需要修改相應(yīng)部分�����。
divert(-1)
dnl this is the macro config file used to generate the /etc/sendmail.cf
dnl file. if you modify thei file you will have to regenerate the
dnl /etc/sendmail.cf by running this macro config through the m4
dnl preprocessor:
dnl m4 /etc/sendmail.mc > /etc/sendmail.cf
dnl you will need to have the sendmail-cf pacage installed for this to work.
include(`/usr/local/src/sendmail-8.12.2/cf')
define(`confdef_user_id',`8:12')
ostype(`linux')
undefine(`uucp_relay')
undefine(`bitnet_relay')
define(`confto_connect', `1m')
define(`conftry_null_mx_list',true)
define(`confdont_probe_interfaces',true)
define(`procmail_mailer_path',`/usr/bin/procmail')
define(`smart_host',compaq.rd.xxx.com)
<---這條用于(非hub)缺省使用hub發(fā)送郵件
masquerade_as(`rd.xxx.com')
<-------------------------
feature(`masquerade_entire_domain')
<---這三條用于郵件地址偽裝
feature(`masquerade_envelope')
<-------------------------
feature(`smrsh',`/usr/sbin/smrsh')
feature(`mailertable',`hash -o /etc/mail/mailertable')
feature(`virtusertable',`hash -o /etc/mail/virtusertable')
feature(redirect)
feature(always_add_domain)
feature(use_cw_file)
feature(local_procmail)
feature(`access_db')
feature(`blacklist_recipients')
feature(`accept_unresolvable_domains')
mailer(smtp)
mailer(procmail)
dnl we strongly recommend to comment this one out if you want to protect
dnl yourself from spam. however, the laptop and users on computers that do
dnl not hav 24x7 dns do need this.
dnl feature(`relay_based_on_mx')
12、sh build install-cf
13�、groupadd smmsp
14�、useradd smmsp
15、cd cd /usr/local/src/sendmail-8.12.2/sendmail
16�����、sh build install
17�����、cd /usr/local/src/sendmail-8.12.2/makemap
18��、sh build clean
19����、sh build all
20���、sh build install
21�、cd /usr/local/src/sendmail-8.12.2/
22�、在本域dns主數(shù)據(jù)庫(kù)文件中增加mx紀(jì)錄:
rd.xxx.com. in mx 0 compaq
注意修改相應(yīng)部分�����。那個(gè)0是有幾個(gè)郵件集中器的時(shí)候用于標(biāo)記先后順序的�����。當(dāng)有好幾個(gè)mx的時(shí)候��,建議順序?qū)憺?0、20���、30…
23�����、在/etc/mail目錄下創(chuàng)建access文件,內(nèi)容類似如下:
127.0.0.1 relay
21.9.22 relay
211.99.221.238 relay
然后:makemap hash access.db < access
24�、創(chuàng)建文件/etc/mail/local-host-names,其內(nèi)容為本機(jī)的擁有的域名信息����。
rd.xxx.com
compaq.rd.xxx.com
25����、創(chuàng)建文件/etc/mail/aliases,內(nèi)容類似:
mailer-daemon: postmaster
postmaster: root
bin: root
daemon: root
nobody: root
運(yùn)行newaliases創(chuàng)建數(shù)據(jù)庫(kù)����。
創(chuàng)建別名文件的意義之一在于當(dāng)郵件發(fā)往域中其他郵件服務(wù)器的用戶而不是mail hub用戶的時(shí)候用���。
比如增加一條:
atan: [email protected]
則導(dǎo)致郵件發(fā)往mail hub的時(shí)候自動(dòng)轉(zhuǎn)發(fā)到[email protected]
26��、啟動(dòng)sendmail: /usr/sbin/sendmail -bd -q30m
排錯(cuò):如果有問(wèn)題導(dǎo)致啟動(dòng)不了���,大部分問(wèn)題和dns配置有關(guān)�,可以使用nslookup檢查dns是否正常��。挨個(gè)檢查/etc/mail中的文件內(nèi)容也是排錯(cuò)的好辦法��。另外�����,修改配置�����,不建議直接編輯sendmail.cf文件�,建議使用m4宏編譯工具���,因?yàn)橛行в邪踩┒椿蜻^(guò)時(shí)的宏在編譯的時(shí)候會(huì)有提示�,這樣以免造成相關(guān)安全問(wèn)題。
