Linux簡明系統維護手冊(二)
2024-08-28 00:23:37
供稿:網友
四��、主要的軟件安裝
前面說過,我的習慣是����,裝系統的時候就安裝一個內核和編譯系統��,得到了一個干凈的系統后�,再安裝其他的軟件就比較清晰��。另一點��,除非搞不到源代碼版本����,一般情況下我都會下載官方版本的源代碼文件,來重新編譯之����。同樣的,選擇軟件版本要根據該軟件的release note來決定�,并非越新越好。這就是為什么很多軟件都是幾個版本齊頭并進的發展之原因����。這些軟件不同版本之間的安裝方法會有少許不同,安裝前一定要仔細閱讀目錄中的readme文件和install文件�,否則這些少許不同會造成不少得麻煩。下面描述的安裝過程都核版本號緊密相關。另外�,所有的軟件都把程序文件的包拷貝到/usr/local/src目錄中再解壓縮,這是習慣����。因為在linux中習慣于把后來的軟件裝在/usr/local中。
(1)安裝dns服務器
1��、從www.isc.org下載bind 域名服務器軟件�。我們這里用的是bind8.3.0,bind8分支和bind9分支是并行發展的����。根據自己的實際情況選擇合適的bind版本。
2��、mkdir /usr/src/bind83
3����、下載的文件叫bind-src.tar.gz,復制到/usr/local/src/bind83目錄下�。
4、cd /usr/local/src/bind83
5����、tar zxvf bind-src.tar.gz
6、cd src
7、make stdlinks
8����、make clean
9、make depend
10��、make all
11�、make install
12��、編輯配置文件:/etc/named.conf內容如下����,需要更改的部分用黑體標出:
/*
* this is a worthless, nonrunnable example of a named.conf file that has
* every conceivable syntax element in use. we use it to test the parser.
* it could also be used as a conceptual template for users of new features.
*/
/*
* c-style comments are ok
*/
// so are c++-style comments
# so are shell-style comments
// watch out for ";" -- it's important!
options {
directory "/var/named";
// use current directory
named-xfer "/usr/libexec/named-xfer";
// _path_xfer
dump-file "named_dump.db";
// _path_dumpfile
pid-file "/var/run/named.pid";
// _path_pidfile
statistics-file "named.stats";
// _path_stats
memstatistics-file "named.memstats";
// _path_memstats
check-names master fail;
check-names slave warn;
check-names response ignore;
host-statistics no;
deallocate-on-exit no;
// painstakingly deallocate all
// objects when exiting instead of
// letting the os clean up for us.
// useful a memory leak is suspected.
// final statistics are written to the
// memstatistics-file.
datasize default;
stacksize default;
coresize default;
files unlimited;
recursion yes;
fetch-glue yes;
fake-iquery no;
notify yes;
// send notify messages. you can set
// notify on a zone-by-zone
// basis in the "zone" statement
// see (below)
serial-queries 4;
// number of parallel soa queries
// we can have outstanding for master
// zone change testing purposes
auth-nxdomain yes;
// always set aa on nxdomain.
// don't set this to 'no' unless
// you know what you're doing -- older
// servers won't like it.
multiple-cnames no;
// if yes, then a name my have more
// than one cname rr. this use
// is non-standard and is not
// recommended, but it is available
// because previous releases supported
// it and it was used by large sites
// for load balancing.
allow-query { any; };
allow-transfer { any; };
transfers-in 10;
// default_xfers_running, cannot be
// set > than max_xfers_running (20)
transfers-per-ns 2;
// default_xfers_per_ns
transfers-out 0;
// not implemented
max-transfer-time-in 120;
// max_xfer_time; the default number
// of minutes an inbound zone transfer
// may run. may be set on a per-zone
// basis.
transfer-format one-answer;
query-source address * port *;
/*
* the "forward" option is only meaningful if you've defined
* forwarders. "first" gives the normal bind
* forwarding behavior, i.e. ask the forwarders first, and if that
* doesn't work then do the full lookup. you can also say
* "forward only;" which is what used to be specified with
* "slave" or "options forward-only". "only" will never attempt
* a full lookup; only the forwarders will be used.
*/
forward first;
forwarders { };
// default is no forwarders
topology { localhost; localnets; };
// prefer local nameservers
listen-on port 53 { any; };
// listen for queries on port 53 on
// any interface on the system
// (i.e. all interfaces). the
// "port 53" is optional; if you
// don't specify a port, port 53
// is assumed.
/*
* interval timers
*/
cleaning-interval 60;
// clean the cache of expired rrs
// every 'cleaning-interval' minutes
interface-interval 60;
// scan for new or deleted interfaces
// every 'interface-interval' minutes
statistics-interval 60;
// log statistics every
// 'statistics-interval' minutes
maintain-ixfr-base no;
// if yes, keep transaction log file for ixfr
max-ixfr-log-size 20;
// not implemented, maximum size the
// ixfr transaction log file to grow
};
/*
* control listeners, for "ndc". every nameserver needs at least one.
*/
controls {
inet * port 52 allow { any; };
// a bad idea
unix "/var/run/ndc" perm 0600 owner 0 group 0;
// the default
};
zone "rd.xxx.com" in {
type master;
// what used to be called "primary"
file "rd.xxx.com.db";
check-names fail;
allow-update { none; };
allow-transfer { any; };
allow-query { any; };
// notify yes;
// send notify messages for this
// zone? the global option is used
// if "notify" is not specified
// here.
also-notify { };
// don't notify any nameservers other
// than those on the ns list for this
// zone
};
zone "223.99.211.in-addr.arpa" in {
type master;
// what used to be called "secondary"
file "21.9.22.db";
};
zone "0.0.127.in-addr.arpa" in {
type master;
file "127.0.0.db";
};
zone "." in {
type hint;
// used to be specified w/ "cache"
file "named.root";
};
logging {
/*
* all log output goes to one or more "channels"; you can make as
* many of them as you want.
*/
channel syslog_errors {
// this channel will send errors or
syslog user;
// or worse to syslog (user facility)
severity error;
};
category parser {
syslog_errors;
// you can log to as many channels
default_syslog;
// as you want
};
category lame-servers { null; };
// don't log these at all
channel moderate_debug {
severity debug 3;
// level 3 debugging to file
file "foo";
// foo
print-time yes;
// timestamp log entries
print-category yes;
// print category name
print-severity yes;
// print severity level
/*
* note that debugging must have been turned on either
* on the command line or with a signal to get debugging
* output (non-debugging output will still be written to
* this channel).
*/
};
/*
* if you don't want to see "zone xxxx loaded" messages but do
* want to see any problems, you could do the following.
*/
channel no_info_messages {
syslog;
severity notice;
};
category load { no_info_messages; };
/*
* you can also define category "default"; it gets used when no
* "category" statement has been given for a category.
*/
category default {
default_syslog;
moderate_debug;
};
};
13、在/var/named/中生成/etc/named.conf中標記的文件:rd.xxx.com.db��,內容如下����,需要修改和調整相應部分:
;authoriative data for rd.xxx.com
;
$ttl 3600
@ in soa compaq.rd.xxx.com. tandongyu.rd.xxx.com. (
20020101 ;serial
3600 ;refresh 1 hour
900 ;retry 15 mins
604800 ;expire 7 days
86400) ;mini 24 hours
;name server ns records
@ in ns compaq.rd.xxx.com.
;mail exchange (mx) records
rd.xxx.com. in mx 0 compaq
;address (a) records.
localhost in a 127.0.0.1
compaq in a 21.9.22.9
tls65 in a 21.9.22.8
fbsd in a 21.9.22.7
14、在/var/named/中生成/etc/named.conf中標記的文件:21.9.22.db����,內容如下,你需要修改相應部分:
;
;
$ttl 3600
@ in soa compaq.rd.xxx.com. tandongyu.rd.xxx.com. (
20020101 ;serial
3600 ;refresh
900 ;retry 15 mins
604800 ;expire 7 days
86400) ;mini 24 hours
;nameserver (ns) records
@ in ns compaq.rd.xxx.com.
;address point to name (ptr) records
9 in ptr compaq.rd.xxx.com.
8 in ptr tls65.rd.xxx.com.
7 in ptr fbsd.rd.xxx.com.
15�、在/var/named/中生成/etc/named.conf中標記的文件:127.0.0.db,內容如下,你需要修改相應部分:
; 0.0.127.in-addr.arpa
$ttl 3600
@ in soa compaq.rd.xxx.com. tandongyu.rd.xxx.com. (
20020101;serial
3600 ;refresh
1800 ;retry
604800 ;expiration
3600 ) ;minimum
in ns compaq.rd.xxx.com.
1 in ptr localhost.
16����、在/var/named/中生成/etc/named.conf中標記的文件:named.root,內容大致如下�。該文件標記了14個域名服務器??梢詮膄tp.rs.internic.net獲得該文件的最新樣本:named.hosts,然后改名成你需要的名字��,比如:named.root
; this file holds the information on root name servers needed to
; initialize cache of internet domain name servers
; (e.g. reference this file in the "cache . "
; configuration file of bind domain name servers).
;
; this file is made available by internic registration services
; under anonymous ftp as
; file /domain/named.root
; on server ftp.rs.internic.net
; -or- under gopher at rs.internic.net
; under menu internic registration services (nsi)
; submenu internic registration archives
; file named.root
;
; last update: aug 22, 1997
; related version of root zone: 1997082200
;
;
; formerly ns.internic.net
;
. 3600000 in ns a.root-servers.net.
a.root-servers.net. 3600000 a 198.41.0.4
;
; formerly ns1.isi.edu
;
. 3600000 ns b.root-servers.net.
b.root-servers.net. 3600000 a 128.9.0.107
;
; formerly c.psi.net
;
. 3600000 ns c.root-servers.net.
c.root-servers.net. 3600000 a 192.33.4.12
;
; formerly terp.umd.edu
;
. 3600000 ns d.root-servers.net.
d.root-servers.net. 3600000 a 128.8.10.90
;
; formerly ns.nasa.gov
;
. 3600000 ns e.root-servers.net.
e.root-servers.net. 3600000 a 192.203.230.10
;
; formerly ns.isc.org
;
. 3600000 ns f.root-servers.net.
f.root-servers.net. 3600000 a 192.5.5.241
;
; formerly ns.nic.ddn.mil
;
. 3600000 ns g.root-servers.net.
g.root-servers.net. 3600000 a 192.112.36.4
;
; formerly aos.arl.army.mil
;
. 3600000 ns h.root-servers.net.
h.root-servers.net. 3600000 a 128.63.2.53
;
; formerly nic.nordu.net
;
. 3600000 ns i.root-servers.net.
i.root-servers.net. 3600000 a 192.36.148.17
;
; temporarily housed at nsi (internic)
;
. 3600000 ns j.root-servers.net.
j.root-servers.net. 3600000 a 198.41.0.10
;
; housed in linx, operated by ripe ncc
;
. 3600000 ns k.root-servers.net.
k.root-servers.net. 3600000 a 193.0.14.129
;
; temporarily housed at isi (iana)
;
. 3600000 ns l.root-servers.net.
l.root-servers.net. 3600000 a 198.32.64.12
;
; housed in japan, operated by wide
;
. 3600000 ns m.root-servers.net.
m.root-servers.net. 3600000 a 202.12.27.33
; end of file
17��、我們還需要配置/etc/resolv.conf��、/etc/hosts��、/etc/hosts.conf文件以適應新的狀況����。
18、一切都結束后�,用/usr/sbin/ndc start命令啟動bind,同樣的可用stop、restart����、reload等命令參數操作��。
19��、啟動后用nslookup命令(有的系統推薦使用dig命令)檢驗是否正確����。如果出現錯誤��,該命令將不能啟動����。一般的錯誤都是數據庫文件或配置文件筆誤所至��。比如少個“.”或者文件明不正確等等�。
(2) 安裝sendmail服務器
1、從www.sendmail.org下載最新的版本(這個snedmail倒是有必要升級為最新的版本�,因為它的升級主要是安全漏洞問題)。這里說明的是用的sendmail-8.12.2.tar.gz
2����、cd /usr/local/src/
3、把文件下載到:/usr/local/src中
4����、tar zxvf sendmail-8.12.2.tar.gz
5�、cd /usr/local/src/sendmail-8.12.2
6��、chmod go-w / /etc /etc/mail /usr /var /var/spool /var/spool/mqueue
7��、chown root / /etc /etc/mail /usr /var /var/spool /var/spool/mqueue
8��、cd /usr/local/src/sendmail-8.12.2/sendmail
9�、sh build
10、cd /usr/local/src/sendmail-8.12.2/cf/cf
11�、建立文件sendmail.mc內容如下,你可根據需要修改相應部分��。
divert(-1)
dnl this is the macro config file used to generate the /etc/sendmail.cf
dnl file. if you modify thei file you will have to regenerate the
dnl /etc/sendmail.cf by running this macro config through the m4
dnl preprocessor:
dnl m4 /etc/sendmail.mc > /etc/sendmail.cf
dnl you will need to have the sendmail-cf pacage installed for this to work.
include(`/usr/local/src/sendmail-8.12.2/cf')
define(`confdef_user_id',`8:12')
ostype(`linux')
undefine(`uucp_relay')
undefine(`bitnet_relay')
define(`confto_connect', `1m')
define(`conftry_null_mx_list',true)
define(`confdont_probe_interfaces',true)
define(`procmail_mailer_path',`/usr/bin/procmail')
define(`smart_host',compaq.rd.xxx.com)
<---這條用于(非hub)缺省使用hub發送郵件
masquerade_as(`rd.xxx.com')
<-------------------------
feature(`masquerade_entire_domain')
<---這三條用于郵件地址偽裝
feature(`masquerade_envelope')
<-------------------------
feature(`smrsh',`/usr/sbin/smrsh')
feature(`mailertable',`hash -o /etc/mail/mailertable')
feature(`virtusertable',`hash -o /etc/mail/virtusertable')
feature(redirect)
feature(always_add_domain)
feature(use_cw_file)
feature(local_procmail)
feature(`access_db')
feature(`blacklist_recipients')
feature(`accept_unresolvable_domains')
mailer(smtp)
mailer(procmail)
dnl we strongly recommend to comment this one out if you want to protect
dnl yourself from spam. however, the laptop and users on computers that do
dnl not hav 24x7 dns do need this.
dnl feature(`relay_based_on_mx')
12��、sh build install-cf
13��、groupadd smmsp
14�、useradd smmsp
15、cd cd /usr/local/src/sendmail-8.12.2/sendmail
16����、sh build install
17、cd /usr/local/src/sendmail-8.12.2/makemap
18�、sh build clean
19、sh build all
20�、sh build install
21��、cd /usr/local/src/sendmail-8.12.2/
22��、在本域dns主數據庫文件中增加mx紀錄:
rd.xxx.com. in mx 0 compaq
注意修改相應部分�。那個0是有幾個郵件集中器的時候用于標記先后順序的��。當有好幾個mx的時候����,建議順序寫為10、20�、30…
23、在/etc/mail目錄下創建access文件�,內容類似如下:
127.0.0.1 relay
21.9.22 relay
211.99.221.238 relay
然后:makemap hash access.db < access
24、創建文件/etc/mail/local-host-names�,其內容為本機的擁有的域名信息����。
rd.xxx.com
compaq.rd.xxx.com
25、創建文件/etc/mail/aliases�,內容類似:
mailer-daemon: postmaster
postmaster: root
bin: root
daemon: root
nobody: root
運行newaliases創建數據庫。
創建別名文件的意義之一在于當郵件發往域中其他郵件服務器的用戶而不是mail hub用戶的時候用����。
比如增加一條:
atan: [email protected]
則導致郵件發往mail hub的時候自動轉發到[email protected]
26��、啟動sendmail: /usr/sbin/sendmail -bd -q30m
排錯:如果有問題導致啟動不了����,大部分問題和dns配置有關����,可以使用nslookup檢查dns是否正常。挨個檢查/etc/mail中的文件內容也是排錯的好辦法����。另外,修改配置��,不建議直接編輯sendmail.cf文件�,建議使用m4宏編譯工具,因為有些帶有安全漏洞或過時的宏在編譯的時候會有提示����,這樣以免造成相關安全問題。
