Xây Dựng Hệ Thống Linux

7/27/2019 Xy Dng H Thng Linux

1/178

TRNG I HC GIAO THNG VN TI TP. HCM

KHOA CNG NGH THNG TIN

V CNG DUN CN06011

NGUYN ANH TUN CN06112

TRIN KHAI CC DCH V MNGTRN H THNG LINUX

LUN VN TT NGHIP

GIO VIN HNG DN

Ths. L Quc Tun

NIN KHA 2006 - 2010


2/178

GVHD: Ths.L Quc Tun

Mc lc

Mc lc......................................................................................................................2

Li m u................................................................................................................7

Chng 1. S lc v Linux......................................................................................8

1.1 Lch s.............................................................................................................8

1.2 Kin trc HH Linux:.....................................................................................9

1.2.1 Nhn (Kernel).........................................................................................10

1.2.2 Shell........................................................................................................11

1.2.3 Cc tin ch.............................................................................................121.2.4 Chng trnh ng dng...........................................................................12

1.3 Nhng im khc nhau gia Linux & Windows............................................12

1.3.1 n ngi dng a ngi dng...........................................................12

1.3.2 Monolithic Kernel v Micro Kernel........................................................13

1.3.3 GUI v Kernel.........................................................................................13

1.3.4 Registry v Text file...............................................................................13

Chng 2: Linux c bn..........................................................................................15

2.1 H thng th mc trong Linux.......................................................................15

2.1.1 Cc th mc h thng.............................................................................15

2.1.2 Cu trc tp tin........................................................................................17

2.2 Qun l ngi dng v nhm.........................................................................18

2.2.1 Xem thng tin ngi dng......................................................................18

2.2.2 Qun l ngi dng................................................................................21

2.2.3 Cc lnh v tp tin v th mc ...................................................................26

To th mc : mkdir .......................................................................................26

Xa 1 th mc : rmdir .....................................................................................26

Hin th thng tin tp tin th mc: ls option tn_file.......................................27

To tp tin .......................................................................................................28

Xem ni dung tp tin.......................................................................................28

Sao chp..........................................................................................................28Di chuyn.........................................................................................................28

SVTH: V Cng Dun Nguyn Anh Tun Trang 2


3/178

GVHD: Ths.L Quc Tun

Xa tp tin : rm................................................................................................28

Xa th mc rng : rmdir................................................................................29

Xem th mc hin hnh: pwd..........................................................................29

Trnh son tho vi............................................................................................29

Lit k file trong th mc................................................................................30

Cc lnh iu khin truy cp tp tin v th mc..............................................30

2.2.4 Qun l a v qun l quota......................................................................32

S dng mount v unmount.............................................................................32

Cc lnh qun l a v phn vng..................................................................33

Gii hn khng gian a vi quota................................................................... 34Chng 3: Dynamic Host Configuration Protocol (DHCP).....................................38

3.1 DHCP l g?...................................................................................................38

3.1.1 u im ca DHCP................................................................................38

3.1.2 nh dng mt gi tin DHCP..................................................................40

3.2 Ci t DHCP................................................................................................44

3.3 Cu hnh DHCP server..................................................................................45

3.3.1 Cc khai bo...........................................................................................46

3.4 Kt lun.........................................................................................................48

Chng 4: Domain Name System (DNS)................................................................49

4.1 DNS l g?.....................................................................................................49

4.2 Ci t DNS...................................................................................................54

4.3 Cu hnh DNS server.....................................................................................54

4.4 Khi ng dch v.........................................................................................58

4.5 Cc cng c kim tra DNS.............................................................................58

4.6 Kt lun.........................................................................................................60

Chng 5: Bo mt Linux.......................................................................................61

Linux liu c bo mt?........................................................................................61

Gii thiu h thng Firewall dng Iptables..........................................................62

Cc thnh phn ca Iptables................................................................................64

M hnh x l trong iptables................................................................................66C php lnh iptables...........................................................................................70



4/178

GVHD: Ths.L Quc Tun

S dng lnh trong iptables.............................................................................70

C php lnh iptables.......................................................................................71

nh gi..........................................................................................................89

Chng 6: SecureShell (SSH).................................................................................90

6.1 Lch s...........................................................................................................90

6.2 SSH l g?......................................................................................................90

6.3 Tng quan v cc c im ca SSH.............................................................92

6.3.1 Tnh b mt (Privacy)..............................................................................92

6.3.2 Xc thc (authentication)........................................................................92

6.3.3 Vic cp giy php..................................................................................936.3.4 Chuyn tip hoc ng hm..................................................................94

6.3.5 Cch thc lm vic ca SSH...................................................................95

6.4 Tm hiu v Public Key Cryptography..........................................................97

6.4.1 Cc c im ca kha...........................................................................98

6.5 Ci t OpenSSH...........................................................................................98

6.5.1 File cu hnh SSHD................................................................................99

6.6 S dng OpenSSH.......................................................................................100

6.6.1 Secure Shell (SSH)...............................................................................100

6.6.2 To Secure Tunnel................................................................................101

6.6.3 Secure Copy (SCP)...............................................................................106

6.6.4 Secure FTP (SFTP)...............................................................................106

Chng 7: In n vi CUPS....................................................................................108

7.1 Gii thiu.....................................................................................................108

7.2 Ci t CUPS...............................................................................................108

7.3 Cu hnh my in........................................................................................... 110

7.3.1 S dng giao din.................................................................................110

7.3.2 S dng command line.........................................................................111

7.3 In t Windows.............................................................................................112

7.3.1 S dng CUPS......................................................................................112

7.3.2 S dung Samba.....................................................................................1137.4 In t Linux...................................................................................................114



5/178

GVHD: Ths.L Quc Tun

Chng 8: Samba..................................................................................................115

8.1 Gii thiu.....................................................................................................115

8.2 Ci t Samba..............................................................................................117

8.2.1 Cc kiu server Samba..........................................................................117

8.3 Cu hnh Samba...........................................................................................118

8.3.1 Cc thng s smb.conf..........................................................................120

8.3.2 Cc thng s phn [Global]..................................................................120

8.3.3 Cc thng s Domain............................................................................ 120

8.3.4 Cc thng s bo mt............................................................................121

8.3.5 Cc thng s my in..............................................................................1218.3.6 Cc thng s chia s..............................................................................122

8.3.7 Thm user vo Samba...........................................................................123

8.4 Truy cp ti nguyn chia s.........................................................................124

Chng 9: Network File System (NFS).................................................................130

9.1 Gii thiu cc dch v tp tin mng (Network File Services)......................130

9.1.1 Cc phin bn.......................................................................................131

9.1.2 Cc giao thc vn chuyn.....................................................................131

9.1.3 Cc thnh phn NFS.............................................................................131

9.2 Cu hnh server NFS....................................................................................132

9.3 Cu hnh trn client......................................................................................134

9.4 Mt vi lnh hu dng................................................................................. 137

9.4.1 Service nfs status..................................................................................137

9.4.2 Showmount option host........................................................................137

9.5 Kt lun.......................................................................................................138

Chng 10: Network Information System (NIS)...................................................139

10.1 Gii thiu...................................................................................................139

10.2 NIS lm vic nh th no?.........................................................................139

10.3 Thit lp NIS server...................................................................................140

10.3.1 Cu hnh NIS server............................................................................140

10.3.2 Khi ng NIS server.........................................................................14310.4 Thit lp NIS client....................................................................................145



6/178

GVHD: Ths.L Quc Tun

Chng 11: File Transfer Protocol (FTP)..............................................................147

Gii thiu...........................................................................................................147

Active FTP.....................................................................................................147

Passive FTP...................................................................................................148

Thit lp FTP server..........................................................................................150

Ci t VSFTPD............................................................................................150

Cu hnh vsftpd..............................................................................................150

Chng 12: Dch v Mail......................................................................................156

12.1 Mt vi khi nim......................................................................................156

12.2 Gii thiu v h thng mail........................................................................15812.3 Nhng giao thc mail................................................................................159

12.3.1 Simple Mail Transfer Protocol (SMTP)..............................................159

12.3.2 Post Office Protocol (POP).................................................................161

12.3.3 Internet Message Access Protocol (IMAP4).......................................162

12.4 Ci t Postfix............................................................................................164

12.4.1 Chun b..............................................................................................165

12.4.2 Ci t.................................................................................................165

12.4.3 Cu hnh tp tin main.cf......................................................................166

12.5 Ci t dovecot..........................................................................................170

12.6 Web Mail...................................................................................................176

12.6.1 Squirrelmail l g ?.............................................................................. 176

12.6.2 Ci t Squirrelmail............................................................................176

Ti liu tham kho.................................................................................................178



7/178

GVHD: Ths.L Quc Tun

Li m u

Hin nay ch chim mt t l khim tn nu so vi h iu hnh Windows.

Tuy nhin, trong nhng nm gn y h iu hnh Linux ang vn ln mt cch

mnh m, ngy cng h tr cc qun tr mng cng nh ngi dng tt hn. Ngoi

nhng tnh nng a dng, n nh hu ht cc bn Linux u min ph gp phn

khng nh trong vic ph cp cng ngh thng tin. c bit l trong t khng

hong kinh t ton cu, vic tit kim, gim chi ph trong doanh nghip tr nn cp

bch th vic chuyn sang s dng Linux tr thnh mt trong nhng u tin hng

u. l l do m chng em chn ti nghin cu trin khai cc dch v mngtrn Linux.

Trn tin, nhm chng em xin chn thnh cm n thy L Quc Tun tn

tnh ch bo, hng dn chng em hon thnh ti tt nghip ny.

Chng em xin gi n qu thy c khoa Cng Ngh Thng Tin lng bit n

su sc v ghi nhn s ch dn, ging dy, h tr v gip , cung cp nhng kin

thc qy bu, to mi iu kin thun li v gp trong sut qu trnh hc tp

cho sinh vin chng em thc hin ti tt nghip c thun li.

Chng em s s dng m hnh mng sau trin khai ti.



8/178

GVHD: Ths.L Quc Tun

Chng 1. S lc v Linux

1.1 Lch s

- Nm 1991, Linus Torvalds, sinh vin ca i hc Tng hp Helsinki Phn Lan

bt u xem xt Minix, mt phin bn ca Unix lm ra vi mc ch nghin cu

cch to ra mt h iu hnh Unix chy trn my PC vi b vi x l Intel 80386.

- Ngy 25/8/1991, Linus cho ra version 0.01 v thng bo trn comp.os.minix v

d nh ca mnh v Linux.

- 1/1992, Linus cho ra version 0.02 vi shell v trnh bin dch C. Linux khng

cn Minix na bin dch li h iu hnh ca mnh. Linus t tn h iu hnhca mnh l Linux.

- 1994, phin bn chnh thc 1.0 c pht hnh.

- 1996, phin bn 2.0 ra i nh du s thay i ln trong cu trc kernel

- Tnh n thi im hin ti, phin bn n nh mi nht ca Linux kernel l

2.6.33.3.

Di y l 1 email Linus Torvalds vi thng trc khi cng b phin bn kernel

Linux u tin:From: [email protected] (Linus Benedict Torvalds)

Newsgroups: comp.os.minix

Subject: What would you like to see most in minix?

Summary: small poll for my new operating system

Message-ID:

Date: 25 Aug 91 20:57:08 GMT

Organization: University of Helsinki

Hello everybody out there using minix -

I'm doing a (free) operating system (just a hobby, won't be big and

professional like gnu) for 386(486) AT clones. This has been brewing

since april, and is starting to get ready. I'd like any feedback on

things people like/dislike in minix, as my OS resembles it somewhat

(same physical layout of the file-system (due to practical reasons)

among other things).

I've currently ported bash(1.08) and gcc(1.40), and things seem to work.

This implies that I'll get something practical within a few months, and

I'd like to know what features most people would want. Any suggestions

are welcome, but I won't promise I'll implement them :-)



9/178

Shell ng dngTin ch

Kernel

Phn cng

Ngi dng

GVHD: Ths.L Quc Tun

Linus ([email protected])

PS. Yes - it's free of any minix code, and it has a multi-threaded fs.

It is NOT protable (uses 386 task switching etc), and it probably never

will support anything other than AT-harddisks, as that's all I have :-(.

Judging from the post, 0.01 wasn't actually out yet, but it's close.

I'd guess the first version went out in the middle of September -91. I

got some responses to this (most by mail, which I haven't saved), and

I even got a few mails asking to be beta-testers for linux. After that

just a few general answers to quesions on the net:

1.2 Kin trc HH Linux:


Hnh 1. Kin trc Linux


10/178

GVHD: Ths.L Quc Tun

1.2.1 Nhn (Kernel)

L trung tm iu khin ca h iu hnh Linux, cha cc m ngun iu

khin hot ng ca ton b h thng. Ht nhn c pht trin khng ngng,

thng c 2 phin bn mi nht, mt bn dng pht trin mi nht v mt bn

n nh mi nht. Kernel c thit k theo dng modul, do vy kch thc

tht s ca Kernel rt nh. Chng ch ti nhng b phn cn thit ln b nh, cc b

phn khc s c ti ln nu c yu cu s dng. Nh vy so vi cc h iu hnh

khc Linux khng s dng lng ph b nh nh khng ti mi th ln m khng cn

quan tm n c s dng khng. Kernel c xem l tri tim ca h iu hnh Linux,

ban u pht trin cho cc CPU Intel 80386. im mnh ca loi CPU ny l kh

nng qun l b nh. Kernel ca Linux c th truy xut ti ton b tnh nng phn

cng ca my.

Phin bn kernel thay i theo quy c: A.B.C.D.

Trong :

- A: phin bn ca kernel - ch thay i khi c thay i rt ln v nh ngha

hoc trong code ca kernel. Ch c 2 ln xy ra s thay i phin bn kernell vo nm 1994 (version 1.0) v 1996 (version 2.0).

- B: thay i khi kernal c nhng thay i ln - vic thay i ca B tun theo

h thng nh s phin bn chn - l. S l cho phin bn ang pht trin, s

chn cho phin bn n nh.

V d: 2.6.x l phin bn n nh, 2.5.x l phin bn ang pht trin.

- C: thay i khi c nhng thay i nh, khng ng k trong kernel.

- D: thay i khi c bug nh hoc cc sercurity fix.



11/178

GVHD: Ths.L Quc Tun

1.2.2 Shell

L 1 trnh phin dch, cung cp tp lnh ngi dng thao tc vi h iu

hnh nhm thc hin cng vic ca mnh.

C nhiu loi shell c dng trong Linux. im quan trng phn bit cc shell

vi nhau l b lnh ca mi shell. V d, C shell (csh) s dng cc lnh tng t

ngn ng C, Bourne Shell th dng ngn ng lnh khc.


Hnh 2. Tin trnh pht trin Linux kernel.


12/178

GVHD: Ths.L Quc Tun

Shell s dng chnh trong Linux l GNU Bourne Again Shell (bash). Shell ny

Bourne Shell, l shell s dng chnh trong cc h thng Unix, vi nhiu tnh nng

mi nh : iu khin cc tin trnh, cc lnh history, tn tp tin di

1.2.3 Cc tin ch

Cc tin ch c ngi dng thng xuyn s dng. N dng cho nhiu th

nh thao tc tp tin, a, nn, sao lu tp tin, Tin ch trong Linux c th l cc

lnh thao tc hay cc chng trnh giao din ha. Hu ht cc tin ch dng trong

Linux l sn phm ca chng trnh GNU.

Linux c sn rt nhiu tin ch nh trnh bin dch, trnh g li, son vn bn.

Tin ch c th c s dng bi ngi dng hoc h thng. Mt s tin ch c

xem l chun trong h thng Linux nh passwd, ls, ps, vi

1.2.4 Chng trnh ng dng

Khc vi cc tin ch, cc ng dng nh chng trnh OpenOffice, h qun

tr c s d liu, mail, chat ... c cc cng ty vit v pht trin p ng nhu

cu phong ph ca ngi dng. V tt nhin hu ht chng min ph!

1.3 Nhng im khc nhau gia Linux & Windows

1.3.1 n ngi dng a ngi dng

Windows c thit k theo trit l mt my tnh, mt bn lm vic v mt

ngi s dng ca Bill Gates. Ngha l hai ngi khng th s dng Microsoft

Word trn cng mt my vo cng mt thi im hay ngn gn l single user

(mc d sau ny thut ng multitasking c s dng rng ri trn Windows 95,

nhng n thc s c dng trn UNIX t rt lu trc 1969!).

Ngc li, Linux li theo trit l ca UNIX. UNIX c pht trin vo nhng 60

ca th k 20 ti AT&T Bell Labs, v c s dng trn my PDP-7 dng chung

cho tt c cc phng ban. V th, UNIX c thit k cho php nhiu ngi dng

(multiple users) c th login vo my ch vo cng mt thi im.



13/178

GVHD: Ths.L Quc Tun

1.3.2 Monolithic Kernel v Micro Kernel

C hai dng kernel c s dng trn cc h iu hnh khc nhau: monolithic

kernel v micro-kernel. Monolithic kernel cung cp tt c cc dch v cho cc ng

dng m ngi dng cn, ngc li micro-kernel ch gi mt phn nh cc dch v

v cc module thc hin cc chc nng khc.

Hu ht cc bn phn phi Linux u chp nhn kin trc monolithic kernel

gii quyt mi li gi h thng v phn cng. Trong khi , Windows s dng dng

micro-kernel ch cung cp mt phn nh dch v cho vic qun l tin trnh, qun

l nhp/xut (I/O),

1.3.3 GUI v Kernel

Windows tch hp GUI vo h thng nhn di s chp nhn ca h thng

cho ra i n Macintosh ca Apple. iu ny gip h iu hnh v giao din

ngi dng mang tnh thng nht cao.

Mt khc, Linux gi hai thnh phn ny giao din ngi dng v h iu hnh

ring bit nhau. X Windows khi chy ging mt ng dng ngi dng (user-

level application); nu GUI v mt l do no b li, Linux s khng b v theoli , n n gin gi mn hnh Terminal ln bn tip tc thc hin cng vic

ca mnh (c im ny khc hon ton vi GUI ca Windows ni thng xuyn

xut hin mn hnh xanh nu c li h thng!).

Tnh nng quan trng nht ca X Windows l kh nng hin th mn hnh

qua mng trn mn hnh ca my trm khc. iu ny cho php nhiu ngi dng

truy cp vo cng mt my, cng chy OpenOffice vo cng mt thi im.

Ngoi ra, X Window cn phong ph s lng trnh qun l file m ph

bin nht hin nay l GNOME v KDE.

1.3.4 Registry v Text file

H iu hnh Windows s dng Registry gm hng ngn entry qun l tt c

cc thng tin v ngi dng, thng tin h thng, Vic qun l registry cc k kh

v nguy him. Bt k s thay i registry no cng c th gy ra li nguy him cho

h thng, thm ch phi ci li h iu hnh.



14/178

GVHD: Ths.L Quc Tun

Linux khng qun l h thng bng registry. iu ny em li c tin li ln

nhng tai ha tim n. Tin li ch cc file cu hnh hu ht c lu trong cc

file text v c t trong th mc /etc. Nh vy bn hon ton c th s dng mt

trnh son tho chnh sa file cu hnh mt cch d dng m khng phi hoa mt

tm kim nh trong Registry. Nhng file cu hnh ny him khi b thay i, hn na

n dng file text nn rt d dng xem khi cn thit. Thm ch c th vit script

c hoc chnh sa file cu hnh iu ny c bit hu dng cho cc qun tr

vin khi qun tr h thng server mt cch t ng.

Tai ha ch khng c bt k tiu chun no cho vic vit file cu hnh. Mi

ng dng c mt nh dng ring ca n, nhiu ng dng hin nay s dng cccng c ci t dng GUI, ngoi ra c th bn phi ci t ng dng thng qua

source code vi rt nhiu bc phi thc hin c th ci t ng dng mt cch

thnh cng.



15/178

root

sbin usr dev var etc home

sbin bin lib doc man

GVHD: Ths.L Quc Tun

Chng 2: Linux c bn

2.1 H thng th mc trong Linux

2.1.1 Cc th mc h thng

Trong Linux khng c khi nim a nh trong Windows, tt c cc tp tinth mc bt u t th mc gc (/).H thng th mc trong linux c biu dinnh sau:

H iu hnh Linux hnh thnh t nhiu th mc v tp tin khc nhau. Cc th

mc c th lp thnh nhiu file system khc nhau, ty vo cch ci t. Nhn chung,a phn h iu hnh nm hai file system: root file system (file system gc) c

k hiu l /, v mt file system khc c kt ni theo /usr.

Th mc Chc nng/root Th mc gc, bt u cu trc file/sbin Cha cc file h thng dng khi ng h thng/usr Cha cc file, cu lnh c h thng s dng, th mc ny

c chia thnh cc th mc con khc.

/dev Cha giao din cho cc thit b nh cdrom,my in./etc Cha cc tp tin tu bin ca c h thng. Nhng tp tin trong

ny iu khin c qu trnh khi ng my, qun l users, qun l

mng .../home Cha th mc gc ca ngi dng/var Cha cc file ng nhp h thng

Trong th mc /dev cha cc file c bit gi l device files (file thit b,

c h thng s dng chy cc phn cng. V d file /dev/cdrom s c thng

tin t cdrom. Khi t chc s dng phn cng theo cch ny, Linux lm cho vic

tng tc vi phn cng trng ging nh mt phn mm.



16/178

GVHD: Ths.L Quc Tun

Cc thit b thng dng cha trong th mc /dev

File thit b Chc nng

/dev/console Bn giao tip h thng, l mn hnh ni kt vt l vi h thng/dev/hd*

Giao din driver cho cc cng IDE. Thit b /dev/hda1 ch partition u tin trn cng had. Thit b /dev/had ch ton b cng hda.

/dev/sd*Giao din driver cho cc a SCSI. Nhng a v partition ny c cng quy cvi thit b IDE /dev/hd*.

/dev/fd* Driver thit b h tr a mm. a mm u tin l /dev/fd0, th hai l /dev/fd1.

/dev/st* Driver thit b cho cng bng t SCSI.

/dev/tty*

Driver cung cp nhiu loi thit b giao tip khc nhau cho user nhp liu. S d vittt l tty bi v trc kia cc terminal dng teletype u mc ni vi h iu hnh

UNIX. Vi Linux, nhng tp tin ny h tr cc thit b giao tip o, m bn c thtruy cp bng cch bm t cho n . Thit b giao tip o cho php nhiu user ngnhp cng lc.

/dev/pty*Driver h tr terminal gi, dng cho vic ng nhp t xa, chng hn nh nhng

phin ng nhp qua Telnet.

/dev/ttyS*Cc cng giao din ni tip trn my bn. File /dev/ttyS0 tng ng COM1 ca MS-DOS. Nu bn s dng chut ni tip, th file /dev/mouse l mt lin kt tng trng,ni vi thit b ttyS tng ng (Chut ni kt vi thit b ny.)

/dev/cua* Cc thit b c bit gi ra ngoi dng vi modem

/dev/null

Mt thit b rt c bit, ch yu l mt l en. Tt c cc d liu ghi vo /dev/null

xem nh b mt vnh vin. Vic ny hu ch khi bn mun chy mt cu lnh v thtiu stdout hoc stderr. V nu /dev/null dng lm file nhp, bn s to ra mt file c di zero.

Tt c d liu trn cc partition c gn kt vo cy th mc, gi l mount.

Khi chng ta ghi d liu vo trong th mc tc l chng ta ghi d liu ln partition

m th mc gn kt vo.

Th mc /usr v cc th mc con rt quan trng cho h thng Linux, bi v

cha ng nhiu th mc trong c nhng chng trnh cn thit nht cho hthng. Nhng th mc cp di ca /usrcha cc gi phn mm ln m bn cit.

Cc th mc th cp quan trng trong file system /usr.

Th mc thcp

Chc nng

/usr/bin Lu nhiu file thi hnh ca h thng.

/usr/etc Lu nhiu file cu hnh h thng

/usr/includeTi y v trong nhiu th mc cp di ca /usr/include l ni lu tt c cc filekm theo b bin dch C. Nhng file header ny nh ngha cc hng v hm dng



17/178

GVHD: Ths.L Quc Tun

trong lp trnh bng C.

/usr/g++-include

Lu cc file km theo b bin dch C.

/usr/lib Cha cc th vin chng trnh s dng trong khi kt ni

/usr/share/manCha cc trang th cng cho chng trnh. Bn di /usr/share/man l nhiu thmc tng ng vi cc on trong trang man.

/dev/pty*Driver h tr terminal gi, dng cho vic ng nhp t xa, chng hn nh nhng

phin ng nhp qua Telnet.

/usr/srcCha cc th mc m ngun ca nhiu chng trnh trn h thng. Nu nhn cgi phn mm ch ci t, bn nn lu vo /usr/src/tn-gi trc khi ci t.

/usr/localDnh ring cho vic thit k hoc ty chnh cc ng dng cho ph hp vi hthng my bn. Nhn chung, hu ht phn mm dng ti ch c lu trong ccth mc cp di ca th mc ny

C s tng ng trong cu trc file v th mc ca linux v windown nh sau:

2.1.2 Cu trc tp tin

- Linux h tr rt nhiu loi h thng tp tin nh: ext2, ext3, MS-DOS, proc.H thng tp tin c bn ca Linux l ext2 v ext3 (hin ti l ext3). H thng tp tinny cho php t tn tp tin ti a 256 k t v kch thc ti a l 4terabytes. MS-DOS dng truy cp trc tip nhng tp tin MS-DOS. Bn cnh , Linux cn h



18/178

GVHD: Ths.L Quc Tun

tr vfat cho php t tn tp tin di i vi nhng tp tin MS-DOS v nhngpartition FAT32.

- Khi to 1 tp tin n s bao gm 3 phn :

o Super block

o Inode

o Storage block

- Super Block: l mt cu trc c to ti v tr bt u h thng tp tin. Nlu tr thng tin v h thng tp tin nh: Thng tin v block-size, free block, thigian gn kt(mount) cui cng ca tp tin.

- Inode (256 byte): Lu nhng thng tin v nhng tp tin v th mc c tora trong h thng tp tin. Nhng chng khng lu tn tp tin v th mc thc s.Mi tp tin to ra s c phn b mt inode lu thng tin sau:

o Loi tp tin v quyn hn truy cp tp tin

o Ngi s hu tp tin.

o Kch thc ca tp tin v s hard link n tp tin.

o Ngy v thi gian chnh sa tp tin ln cui cng.

o V tr lu ni dung tp tin trong h thng tp tin.

- Storageblock: L vng lu d liu thc s ca tp tin v th mc. N chiathnh nhng Data Block. D liu lu tr vo a trong cc data block. Mi blockthng cha 1024 byte. Ngay khi tp tin ch c 1 k t th cng phi cp pht 1

block lu n. Khng c k t kt thc tp tin. Data Block ca tp tin thngthng lu inode ca tp tin v ni dung ca tp tin Data Block ca th mc ludanh sch nhng entry bao gm inode number, tn ca tp tin v nhng th mc

con.

2.2 Qun l ngi dng v nhm

2.2.1 Xem thng tin ngi dng

Thng tin ngi dng c lu ch yu trong 3 file: /etc/passwd , /etc/shadow ,

/etc/group.



19/178

GVHD: Ths.L Quc Tun

Tp tin /etc/passwd

L ni cha ng thng tin d liu ti khon ngi dng trn linux di dng vnbn.

Cu trc file /etc/passwd :

- Xem file /etc/passwd

[root@server1 ~]# cat /etc/passwd

Khi s hin ln cc thng tin v user nh

root:x:0:0:root:/root:/bin/bash

bin:x:1:1:bin:/bin:/sbin/nologin

daemon:x:2:2:daemon:/sbin:/sbin/nologin

adm:x:3:4:adm:/var/adm:/sbin/nologin

lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin

Tp tin /etc/shadow

L ni cha mt khu c m ha ca cc ti khon.

- Cu trc file /etc/shadow :



20/178

GVHD: Ths.L Quc Tun

- Xem file /etc/shadow :

[root@server1 ~]# cat /etc/shadow

- Khi ta s quan st c cc ti khon vi mt kh b m ha

root:$1$m3MGmRC/$9NBZi2vWtpngNk.LXrMvn.:14761:0:99999:7:::

bin:*:14761:0:99999:7:::

daemon:*:14761:0:99999:7:::

xfs:!!:14761:0:99999:7:::

gdm:!!:14761:0:99999:7:::

- Khi quan st file shadow chng cn cho ta bit thm thng tin ti khon c b v hiu ha khng.Nu bt u bng * th ti khon b kha cn nu btu bng !! th n ch b tm kha thi.Ch khi no bt u bng $ th ti khon miht kha.

Tp tin /etc/groupNgoi cc tp tin cha thng tin v ti khon chng ta cn c gfile cha thng tin vnhm.

- Cu trc file /etc/group :



21/178

GVHD: Ths.L Quc Tun

- Xem file /etc/group :

[root@server1 ~]# cat /etc/group

root:x:0:root

bin:x:1:root,bin,daemon

daemon:x:2:root,bin,daemon

sys:x:3:root,bin,adm

adm:x:4:root,adm,daemon

nat:x:500:

2.2.2 Qun l ngi dng

To ti khon ngi dng

Chng ta c th to 1 user bng cch thc hin c php lnh useradd optiontn_ti_khon.

- Vi cc option sau:

Ty chn M t

-d homedir Thit lp th mc home cho ngi dng mc nh khi to 1 ngi dngth s c to 1 th mc trong home/tn login

-e mm/dd/yy Thit lp ngy ht hn cho ngi dng

-f days Thit lp s ngy sau khi passwork ht hn s dng.

-g group Thit lp tn group m ngi dng l thnh vin.

-G group Thm ngi dng vo cc group.



22/178

GVHD: Ths.L Quc Tun

-m To th mc home cho ngi dng nu n khng c.

-M Khng to th mc home ca ngi dng.

-s shell Thit lp shell ca ngi dng.Mc nh l /bin/bash-u userid Mc nh ly s ID tip theo gn cho user.

[root@server1 ~]# useradd cn06

- Sau khi to ti khon xong chng ta c th ln lt kim tra cc file qun lngi dng nh:

o File /etc/passwd :cn06:x:501:501::/home/cn06:/bin/bash

o File /etc/shadow

cn06:!!:14840:0:99999:7:::

- Mc nh cc ti khon mi lp thng th ti khon ngi dng b disablecho ti khi bn t mt khu cho ti khon .

- Khi va to ti khon ta kim tra trong /etc/passwd :

cn06:x:501:501::/home/cn06:/bin/bash

- Khi to user m khng ch ra home directory th homedir mc nh nmtrong th mc home

- Hay trong /etc/shadow

cn06:!!:14840:0:99999:7:::

- Ta thy cn06:!! C ngha ti khon vn b tm kha do chng ta cha t mtkhu.

- Trong /etc/group :

cn06:x:501:

- Khi to 1 user m khng ch r userID th h thng t t userID>=500.

- Khi to user vi userID = 0 th n c quyn ngang vi root.



23/178

GVHD: Ths.L Quc Tun

t mt khu cho ti khon

- s dng c ti khon ta tin hnh t mt khu cho ti khon mi tovi lnh passwd

[root@server1 ~]# passwd cn06

Changing password for user cn06.

New UNIX password:

BAD PASSWORD: it is too simplistic/systematic

Retype new UNIX password:

passwd: all authentication tokens updated successfully.

- Khi bn t mt khu qu n gin h thng s nhc nh bn bo mthn.Bn c th thay i mt khu nu thy n qu n gin hay cn thay i.Victhay i ging nh bn t mi mt khu.

Thay i thng tin ngi dng

- Vic ny cng rt cn thit khi qun tr mng lc ngi dng thay i.Bngcch s dng lnh usermod chng ta c th thay i thng tin ngi dng.Mun

bit r lnh ny chng ta dng lnh man usermod :

USERMOD(8) System Management Commands USERMOD(8)

NAME

usermod - modify a user account

SYNOPSIS

usermod [options] LOGIN

DESCRIPTIONThe usermod command modifies the system account files to reflect the

changes that are specified on the command line.

OPTIONS

The options which apply to the usermod command are:

-a, --append

Add the user to the supplemental group(s). Use only with -G option.

-c, --comment COMMENT



24/178

GVHD: Ths.L Quc Tun

The new value of the users password file comment field. It is

normally modified using the chfn(1) utility.

-d, --home HOME_DIR

The users new login directory. If the -m option is given the

contents of the current home directory will be moved to the new home

directory, which is created if it does not already exist.

-e, --expiredate EXPIRE_DATE

The date on which the user account will be disabled. The date is

specified in the format YYYY-MM-DD.

-f, --inactive INACTIVEThe number of days after a password expires until the account is

permanently disabled. A value of 0 disables the account as soon as

the password has expired, and a value of -1 disables the feature.

The default value is -1.

-g, --gid GROUP

:

- Nh thay i thng tin home directory ca user cn06 l home/userCNTT

[root@server1 ~]# usermod -d /home/userCNTT cn06

Xa ti khon ngi dng

- C php : userdel [-r] tn_ti_khon

- Vi r s dng khi mun xa lun th mc home ca ngi dng

root@server1 ~]# userdel r cn06

Kha v m kha ti khon ngi dng

- Kha user ta dng lnh : passwd l tn_ti_khon hoc c th dng lnhusermod

[root@server1 ~]# passwd -l cn06

Locking password for user cn06.

passwd: Success



25/178

GVHD: Ths.L Quc Tun

- m kha ta dng lnh : passwd u tn_tn_khon

[root@server1 ~]# passwd -u cn06

Unlocking password for user cn06.passwd: Success.

To nhm ngi dng

- Tng t vi ngi dng nhm ngi dng cng c cc lnh tng t.to 1 nhm ta dng lnh sau : groupadd option tn_nhm

- Vi cc tau chn sau :

Ty chn M t

-g gid Thit lp gid mi.Mc nh s chonk gid t ng.

-r Mc nh s c gn id ln hn 499 khi s dng ty chn nycho php thm vo system group thng ID nh hn 499

-f Khi s dng ty chn ny th h thng s khng bo li nu nh chnh tn nhm c trong h thng.

[root@server1 ~]# groupadd cntt

- Chng ta tin hnh kim tra trong file /etc/group :

root:x:0:root

bin:x:1:root,bin,daemon

daemon:x:2:root,bin,daemon

..

cn06:x:501:

cntt:x:502:

Thay i thng tin nhm

- Dng lnh groupmod modify group vi 2 ty chn l:

i. g : GID (group ID)

ii. n : New group name



26/178

GVHD: Ths.L Quc Tun

- Thay i tn nhm

[root@server1 ~]# groupmod -n gtvt cntt

- Thay i gid ca nhm :

[root@server1 ~]# groupmod -g 112 gtvt

- Xa nhm

[root@server1 ~]# groupdel gtvt

2.2.3 Cc lnh v tp tin v th mc

To th mc : mkdir

C php : mkdir tn_th_ mc

V d to th mc c tn cn06

[root@server1 ~]# mkdir cno6

Khi 1 th mc c tn cn06 s c to ra trong th mc hin hnh:

Hnh 3: To th mc

Mun to th mc 1 th mc khc ta thm ng dn ti th mc

[root@server1 ~]# mkdir /root/cno6/cn06a

Xa 1 th mc : rmdir

C php : rmdir th_mc

[root@server1 ~]# rmdir /root/cno6/cn06a

V d xa th mc cn06a

Thay i th mc : cd ng_dn _ti_th_mc

V d : Chuyn n th mc cn06



27/178

GVHD: Ths.L Quc Tun

[root@server1 ~]# cd /root/cno6

C 1 s k hiu c bit nh :

cd ~ : Chuyn n th mc home. cd / : Chuyn n th mc root.

cd - : Chuyn n th mc trc ca bn.

cd .. : Chuyn n th mc cha ca th mc hin hnh.

[root@server1 cno6]# cd ~

[root@server1 ~]# cd -

/root/cno6

[root@server1 cno6]# cd ..

[root@server1 ~]#

Hin th thng tin tp tin th mc: ls option tn_file

- Vi cc ty chn nh sau :

Option ngha

-L Hin th danh sch tn cc file-l Hin th danh sch file : tn,kch thc, ngy to .-a Lit k tt c cc file bao gm c file n.-R Lit k tt c cc file k c trong th mc con.

- Xem danh sch cc file trong th mc gc

[root@server1 ~]# ls -l /

total 138

drwxr-xr-x 2 root root 4096 Aug 12 04:29 bin

drwxr-xr-x 4 root root 1024 Jun 1 07:43 boot

drwxr-xr-x 11 root root 4000 Aug 12 01:33 dev

drwxr-xr-x 91 root root 12288 Aug 20 09:07 etc

Lit k th mc :

[root@server1 ~]# ls -l /root/cno6/

total 16

-rw------- 1 root root 0 Aug 20 09:35 cn06a

-rw------- 1 root root 16 Aug 20 09:36 cn06b



28/178

GVHD: Ths.L Quc Tun

To tp tin

Dng lnh echo :

[root@server1 ~]# echo "luan van tot nghiep">/root/cn06/baocao.txt

- thm vo tp tin ny ta dng >>:

[root@server1 ~]# echo "mang may tinh" >>/root/cn06/baocao.txt

- Ngoi ra ta cng c th to tp tin rng vi lnh touch :

[root@server1 ~]# touch /root/cn06/baocaothu.txt

Xem ni dung tp tin- C nhiu lnh xem tp tin ta c th s dng nhiu lnh : cat,more,less,tail,

[root@server1 ~]# cat /root/cn06/baocao.txt

luan van tot nghiep

mang may tinh

Sao chp

- sao chp tp tin ta sng lnh cp

[root@server1 ~]# cp /root/cn06/baocao.txt /root/userCNTT/

- Chng ta c th sng k t ? v * copy nhiu tp tin v th mc.copy th mc ta c th dng ty chn R

[root@server1 ~]# cp -R /root/cn06/ /root/userCNTT/

Di chuyn

- di chuyn tp tin th mc ta s dng lnh mv

[root@server1 ~]# mv /root/cn06/baocao.txt /root/userCNTT/

- Tng t ta cng di chuyn th mcvi mv.Ta cng c th s dng ? v* di chuyn nhiu tp tin th mc.Ngoi ra vi lnh mv ta cng c th i tntp tin th mc.

[root@server1 ~]# mv /root/userCNTT/ /root/CNTT/

Xa tp tin : rm- Xa tp tin bo co th trong cn06



29/178

GVHD: Ths.L Quc Tun

[root@server1 ~]# rm /root/cn06/baocaothu.txt

rm: remove regular empty file `/root/cn06/baocaothu.txt'? y

- Nu mun xa m khng cn hi ta dng ty chn f[root@server1 ~]# rm -f /root/cn06/cn06a.txt

Xa th mc rng : rmdir

[root@server1 ~]# rmdir /root/totnghiep

[root@server1 ~]# rmdir /root/totnghiep

Xem th mc hin hnh: pwd

[root@server1 ~]# pwd

/root

Trnh son tho vi

- Vi l trnh son tho vn bn, bao gm 2 ch :

o Ch son vn bn (insert mode) thay i ni dung file

o Ch lnh (command mode) dng cc lnh thot, di chuyn con

tr, xa to 1 file ta dng c php sau :

#vi tn_tp_tin

[root@server ~]# vi cn06.txt

- Khi trnh son tha s xut hin :

- T ch ny ta c th nhn phm a bt u ni thm vn bn vo sau

con tr nhn ch i chn k t vo trc con tr. thot khi ch son thonhn ESC.



30/178

GVHD: Ths.L Quc Tun

- Chng ta c cc ch lnh :

o :q! Thot khng lu

o :w Lu

o :wq Lu v thot

o Dw Xa n cui 1 t t v tr con tr

o d$ Xa t v tr con tr ti cui dng

o x Xa k t ngay ti v tr con tr

o dd Xa nguyn dng ti v tr con tro ndd Xa n dng ti v tr con tr

o Y Copy dng cha con tr vo clipboard

Lit k file trong th mc

C php tng qut : #locate tn_file

[root@server ~]# locate ifconfig

/sbin/ifconfig

/usr/share/man/de/man8/ifconfig.8.gz

/usr/share/man/fr/man8/ifconfig.8.gz

/usr/share/man/man8/ifconfig.8.gz

/usr/share/man/pt/man8/ifconfig.8.gz

Cc lnh iu khin truy cp tp tin v th mc

- Trong linux quyn truy cp c chia lm 3 nhm l owner, group vothers.Vi 3 quyn l read(r), write(w) v execute (x) c gn cho mi nhm nh

bng sau :

Owner Group Others

rwx rwx rwx

- Quyn truy cp c th gn theo k t hoc s .

- Theo k t ta c bng sau :

r Nhng ai c quyn ny th c quyn m v c ni dung tp tin



31/178

GVHD: Ths.L Quc Tun

w Nhng ai c quyn ny th c quyn vit v c ni dung tp tin

x Nhng ai c quyn ny th c quyn thc thi vi tp tin hoc c vi thmc

- Trng hp gn theo s :

4 C quyn c

2 C quyn vit

1 C quyn thc thi

a. Thay i quyn truy cp vi chmod:

C php tng qut nh sau :

chmod [quyn truy cp] [tp tin hoc th mc]

Vi quyn truy cp ta c th cng dn cc quyn trn to quyn ln hn.

[root@server ~]# chmod 764 cn06.txt

o 7 = 4 + 2 + 1c quyn c vit v thc thi trn owner.

- 6o 6 = 4 + 2 c quyn c v vit trn group.

o 4 c quyn c trn others.

- Chng ta c th sem li quyn tp tin

[root@server ~]# ls -l cn06.txt

-rwxrw-r-- 1 root root 26 Sep 12 10:55 cn06.txt

b. Thay i quyn s hu tp tin hay th mc vi chown :

- C php tng qut :

chown [-R] [user:group] filename

- Ty chn R c s dng trong trng hp mun chuyn quyn s hu ivi th mc ch nh v tt c tp tin v th mc trong th mc .

- Chuyn quyn s hu cho user :

[root@server ~]# chown cn06 cn06.txt



32/178

GVHD: Ths.L Quc Tun

- Chuyn quyn s hu cho user v nhm user :

[root@server ~]# chown cn06:cntt cn06.txt

- Vi lnh ny ta chuyn quyn s hu tp tin cn06.txt cho ngi dngcn06 v nhm cntt.

- Chuyn quyn s hu cho user nh sau

[root@server ~]# chown cn06 test.txt

c. Thay i nhm s hu tp tin hay th mc vi chgrp :

- C php tng qut ;

chgrp [-R] [groupname] filename- Ty chn R s dng khi mun chuyn quyn s hu i vi th mc v tt

c th mc tp tin trong .

- Chuyn quyn s hu cho nhm ;

[root@server ~]# chgrp cntt cn06.txt

2.2.4 Qun l a v qun l quota

S dng mount v unmount

- Trong linux ch c th mc khng c khi nim a nn mun s dng thitb no nh USB hay cdrom th phi gn kt n vo th nc no c th sdng.

- S dng mount gn kt a.

- C php tng qut : mount t vfstype devicefile ng_dn_gn_kt

- Vi cc ty chn nh sau :

-t :Gn kt kiu h thng file trn thit b do vfstype quyt nh

Vfstype : Bao gm cc h thng file c bn sau :

Kiu M tAuto T ng xc nh h thng tp tinMsdos H thng tp tin trn Dos

ext3 H thng tp tin chun ca linuxVfat H thng tp tin b tr Windows



33/178

GVHD: Ths.L Quc Tun

95,98,MeNtfs nh dng NTFS ca windowsNfs nh dng file truy xut qua mngIso9660 nh dng h thng file cho cdrom

devicefile : ng dn ti thit b

V d : /dev/cdrom

mout a cdrom ta c th lm nh sau:

[root@server ~]# mount /dev/cdrom /mnt/

mount: block device /dev/cdrom is write-protected, mounting read-only

- S dng unmount g b gn kt a :

C php : unmount device/mountpoint

[root@server ~]# umount /mnt/

Cc lnh qun l a v phn vng

- K hiu cc a:

K hiu Thit b

hda Primary matter

hdb Primary slave

hdc Secondary master

hdd Secondary slave

sda First SCSI disk

sdb Second SCSI disk

- Cc phn vng :

K hiu Phn vng

hda1 Phn vng u tin trn a th nht

hda2 Phn vng th 2 trn a th nht

sdc3 Phn vng th 3 trn a SCSI

- Lnh fdisk : Hin th cc phn vng h thng .



34/178

GVHD: Ths.L Quc Tun

[root@server ~]# fdisk -l

Disk /dev/sda: 21.4 GB, 21474836480 bytes

255 heads, 63 sectors/track, 2610 cylinders

Units = cylinders of 16065 * 512 = 8225280 bytes

Device Boot Start End Blocks Id System

/dev/sda1 * 1 6 48163+ 83 Linux

/dev/sda2 7 515 4088542+ 83 Linux

/dev/sda3 516 776 2096482+ 82 Linux swap/ Solaris

/dev/sda4 777 2610 14731605 5 Extended

/dev/sda5 777 2610 14731573+ 83 Linux

- Lnh du : Qun l dung lng a h thng ta dng

[root@server ~]# df -l

Filesystem 1K-blocks Used Available Use% Mounted on

/dev/sda2 3960348 2273036 1482888 61% /

/dev/sda5 14270000 168192 13365232 2% /home

/dev/sda1 46633 10651 33574 25% /boot

tmpfs 517620 0 517620 0% /dev/shm

/dev/hdc 103324 103324 0 100%/media/VMware Tools

- Lnh du : Hin th dung lng file

o C php : du sh file

-s : Hin th tng dung lng file

-h : In ra kiu dung lng tng file nh

[root@server ~]# du -sh /etc/

149M /etc/

Gii hn khng gian a vi quota

- Vi mi trng lm vic a nhim, nhiu ngi dng nh Linux m bo

h thng lm vic th vic theo di thng tin s dng file system ca h thng cng



35/178

GVHD: Ths.L Quc Tun

nh vic t gii hn s dng file system ca h thng l rt cn thit t bit ivi h thng c dung lng a gii hn v s lng ngi dng.

- Quota l mt cng c cho php gii hn user/group s dng ti nguyn a

cng c tch hp sn trong Linux.

- File /etc/fstab l ni cu hnh nhng phn vng no c t ng mount voth mc khi h thng boot.

[root@server ~]# cat /etc/fstab

LABEL=/ / ext3defaults 1 1

LABEL=/home /home ext3

defaults 1 2

LABEL=/boot /boot ext3defaults 1 2

tmpfs /dev/shm tmpfsdefaults 0 0

devpts /dev/pts devptsgid=5,mode=620 0 0

sysfs /sys sysfsdefaults 0 0

proc /proc procdefaults 0 0

LABEL=SWAP-sda3 swap swap defaults0 0

- bt cng c disk quota cho th mc nh th mc /home bn cn khai bothm ty chn usrquota.

LABEL=/home /home ext3

defaults,usrquota 1 2

- m bo vic sa trn file fstab c hiu qu ta thc hin mount li thmc home.

[root@server ~]# mount -o remount /home

- S dng quotacheck to file quota ca ngi dng hoc nhm.

[root@server ~]# quotacheck avugm

quotacheck: Scanning /dev/sda5 [/home] quotacheck: Old group filenot found. Usage will not be substracted.



36/178

GVHD: Ths.L Quc Tun

Vi cc option sau :

Ty chn Chc nng-a Scan tt c h thng tp tin bt quota trong /etc/mtab

-v Hin th qu trnh trong khi scan-u Qut quota ca user -g Qut quota ca group-m Remount li he

- Sau khi chnh sa tp tin /etc/fstab chng ta cn to tp tin cu hnh chongi dng, nhm.Tp tin cho user c tn l aquota.user cn group l aquota.group.

- Khi ng quota bng lnh quotaon -a

[root@tuan data]# quotaon a

- Phn b quota cho user : edquota u cno6

- Mt s ty chnh ca lnh edquota

Ty chn Chc nng

-u Thit lp quota cho ngi dng.

-g Thit lp quota cho nhm ngi dng.

-p Sao chp quota ca user ch nh.-t Sa gii hn thi gian ca h thng tp tin.

[root@server ~]# edquota -u nat

Disk quotas for user cn06 (uid 500):

Filesystem blocks soft hardinodes soft hard

/dev/sda5 740 0 075 0 0

- Trong :

o blocks : S block user ang s dng ti thi im hin ti (1 block=1

kb)

o inodes : S file user ang s dng ti thi im hin ti.

- Chng ta c th chnh gii hn mm (soft) v gii hn cng (hard) cho

user.Chng ta c th chnh thng s ny theo block hay inode :



37/178

GVHD: Ths.L Quc Tun

o soft : Ngi dng s c cnh bo l ti gii hn mm khi s

dng ht s block hay inode nhng n vn tip tc c s dng thmcho ti khi ti gii hn cng.

o hard : Gii hn s block hay inode m ngi dng c th s dng.

- Nh gii hn dung lng mm l 9Mb v gii hn cng l 10Mb ta c ththit lp nh sau :

isk quotas for user cn06 (uid 500):

Filesystem blocks soft hardinodes soft hard

/dev/sda5 740 9000 10000

75 0 0



38/178

GVHD: Ths.L Quc Tun

Chng 3: Dynamic Host Configuration Protocol

(DHCP)

Trong chng ny, chng em s trnh by nhng kin thc c bn v DHCP, cng

nh cch trin khai DHCP trn my ch Linux, khi , cc host (Windows hoc

Linux) u c th gi yu cu n my ch DHCP xin cc thng s mng.

3.1 DHCP l g?

DHCP l mt trong nhng giao thc c bn v cng l quan trng nht khi qun tr

mng. DHCP chy trn my tnh server, lm c th s qun l t ng ho v tptrung ho ca cc a ch IP v s thit lp cu hnh TCP/IP cho cc mng host.

Vic s dng DHCP cp a ch IP t ng cho host trong mng thay v phi cu

hnh a ch IP cho tng my ring l bng a ch IP gip gim thiu rt nhiu thi

gian cu hnh Host cho ngi qun tr mng.

DHCP da vo giao thc BOOTP, trong DHCP s dng UDP port 67, BOOTP

server s dng UDP port 68.

DHCP h tr ba k thut cp a ch IP:

- T ng gn a ch IP vnh vin cho host.

- T ng gn a ch IP cho host nhng trong khong thi gian nht nh

(lease).

- Gn a ch th cng (cho php ngi qun tr gn a ch cho host bng tay).

3.1.1 u im ca DHCP

- Khc phc c tnh trng ng a ch IP v gim chi ph qun tr cho h

thng mng.

- Gip cho cc nh cung cp dch v (ISP) tit kim c s lng a ch IP

tht (public IP).

- Ph hp vi cc my tnh thng xuyn di chuyn qua li gia cc mng.

- Kt hp vi h thng mng khng dy (Wireless) cung cp cc im Hostpot

nh: nh ga, sn bay, trng hc,



39/178

GVHD: Ths.L Quc Tun



40/178

GVHD: Ths.L Quc Tun

3.1.2 nh dng mt gi tin DHCP

Hnh 4: nh dng gi tin DHCP

Trong :

Code ch r mt request hay reply

1: Request

2: ReplyHWtype a ch phn cng:

1: Ethernet

6: IEEE 802

Length Chiu di a ch phn cng (byte)

Hops Khi gi t client, n c gi tr l 0, c tng dn qua mi

Router (s dng DHCP Rely Agent).

Transaction ID Mt s ngu nhin dng so snh request vi hi p



41/178

GVHD: Ths.L Quc Tun

Seconds Thit lp bi client - thi gian cn li k t khi client bt

u qu trnh gi gi tin.

Client IP address Thit lp bi client, l a ch IP m n bit hoc 0.0.0.0

Your IP address Thit lp bi server nu client ip address l 0.0.0.0

Client hardware Thit lp bi client xc nhn a ch MAC ca n.

Cc loi gi tin DHCP

DHCPDISCOVER: client gi Broadcast tm DHCP server c trn mng.

DHCPOFFER: hi p gi DHCPDISCOVER ca server cho client ngh a

ch IP v cc thng s khc.DHCPREQUEST: gi tin t client v mt trong nhng l do sau:

- Yu cu cc thng s t DHCPOFFER ca mt server v t chi cc server

khc (nu c).

- Xc nhn a ch IP c cp sau khi h thng hoc mng thay i

- Yu cu m rng cho a ch IP xc nh

DHCPACK: mt thng bo t server cho client cng cc thng s (bao gm a ch

IP).

DHCPNACK: thng bo t chi ca server cho client (khi ht hn hoc a ch IP

c yu cu khng hp l).

DHCPDECLINE: gi tin c gi t client thng bo a ch m server ngh

c s dng.

DHCPINFORM: gi tin c gi t client cho bit c a ch IP v yu cu

thm nhng thng s khc t DHCP server.



42/178

GVHD: Ths.L Quc Tun

C ch cp ach IP ca DHCP:

Hnh 5: Cc bc cp a ch IP

Giao thc DHCP lm vic theo m hnh client/server. Theo , qu trnh tng tc

gia DHCP client v server din ra theo 4 bc sau y :

a. IP lease request

b. IP lease offer

c. IP lease selection

d. IP lease acknowledgementC th tm tt cc bc trn nh sau :

IP Lease Request

u tin, client s broadcast mt message tn l DHCPDISCOVER, v client lc

ny cha c a ch IP cho nn n s dng mt a ch source(ngun) l 0.0.0.0 v

cng v client khng bit a ch ca DHCP server nn n s gi n mt a ch

broadcast l 255.255.255.255. Lc ny gi tin DHCPDISCOVER ny s broadcast



43/178

GVHD: Ths.L Quc Tun

ln ton mng. Gi tin ny cng cha mt a ch MAC v tn ca my client

DHCP server c th bit c client no gi yu cu n.

IP Lease Offer

Nu c mt DHCP hp l (ngha l n c th cp a ch IP cho mt client) nhn

c gi tin DHCPDISCOVER ca client th n s tr li li bng mt gi tin

DHCPOFFER, gi tin ny i km theo nhng thng tin sau:

+ MAC address ca client.

+ Mt IP address cp cho (offer IP address).

+ Mt subnet mask.

+ Thi gian thu (mc nh l 8 ngy) .

+ a ch IP ca DHCP cp IP cho client ny.

Lc ny DHCP server s c gi li mt IP offer (cp) cho client n khng

cp cho DHCP client no khc.

DHCP client ch mt vi giy cho mt offer, nu n khng nhn mt offer n s

rebroadcast (broadcast gi DHCPDISCOVER) trong khong thi gian l 2-, 4-, 8-

v 16- giy, bao gm mt khong thi gian ngu nhin t 0 - 1000 mili giy.

Nu DHCP client khng nhn mt offer sau 4 ln yu cu, n s dng mt a chIP trong khong 169.254.0.1 n 169.254.255.254 (i vi cc client s dng cc

h iu hnh Windows) vi subnet mask l 255.255.0.0. N s s dng trong mt

s trong khong IP v vic s gip cc DHCP client trong mt mng khng

c DHCP server thy nhau. DHCP client tip tc c gng tm kim mt DHCP

server sau mi 5 pht.



44/178

GVHD: Ths.L Quc Tun

IP Lease Selection

DHCP client nhn c gi tin DHCPOFFER th n s phn hi broadcast limt gi DHCPREQUEST chp nhn ci offer . DHCPREQUEST bao gm

thng tin v DHCP server cp a ch cho n. Sau , tc c DHCP server khc s

rt li cc offer (trng hp ny l trong mng c nhiu hn 1 DHCP server) v s

gi li IP address cho cc yu cu xin IP address khc.

IP Lease Acknowledgement

DHCP server nhn c DHCPREQUEST s gi tr li DHCP client mt

DHCPACK cho bit l chp nhn cho DHCP client thu IP address .

Gi tin ny bao gm a ch IP v cc thng tin cu hnh khc (DNS server, WINS

server... ). Khi DHCP client nhn c DHCPACK l lc kt thc qu trnh .

3.2 Ci t DHCP

Quy c:Vic ci t cc ng dng hay cc cng c c th thc hin theo nhiu cch: thng qua

cc gi ci t, qua internet, qua cc trnh qun l phn mm tch hp sn trong mi h

iu hnh.

Tuy nhin, trong ti liu nghin cu ny, chng em thng nht ch ci t thng qua cc

gi phn mm i km theo a DVD h iu hnh. Tc l ci t qua command-line.

cu hnh DHCP server, ta cn ci t gi DHCP1

v m bo c kt ni vt lgia DHCP server v client. Nhng cng vic ti thiu m bo dch v DHCP

c cu hnh thnh cng:

- Firewall c cu hnh cho php cc gi tin DHCP.

- Cu hnh file /etc/dhcpd.conf.

- Dch v dhcpd c chy trn DHCP server.

1 Cc gi dch v nh DHCP, DNS trn Linux c qun l v pht trin bi t chc Internet Systems

Consortium. Thng tin thm ti http://www.isc.org/

http://www.isc.org/http://www.isc.org/


45/178

GVHD: Ths.L Quc Tun

Trc ht, ta mount a DVD Fedora vo:

[root@server2 ~]#mount /dev/cdrom /mnt/

mount: block device /dev/sr0 is write-protected, mounting read-only

Ci t gi DHCP c sn trn a c mount:

[root@server2 ~]# rpm -ivh /mnt/Packages/dhcp-4.1.1-15.fc13.i686.rpm

Preparing...########################################### [100%]

1:dhcp########################################### [100%]

Lu :Ngoi gi dhcp ra, trn my ch cn cn thm gi dhclient (dhclient cung cp dch v cho

client truy vn DHCP server), nu khng s bo li khi khi ng dch v DHCP.

3.3 Cu hnh DHCP server

Cc file lin quan n dch v DHCP:

- File quan trng nht, tt nhin l file cu hnh DHCP: /etc/dhcpd.conf. Khi

ci t DHCP, ta c th tham kho file cu hnh mu ti

/usr/share/doc/dhcp-*/dhcpd.conf.sample.

- /etc/sysconfig/dhcpd : cho php truyn chnh xc cc ty chn command-line

ti dhcp daemon. V d, s dng ty chn hn ch interface no c

lng nghe cc DHCP request.- /var/lib/dhcpd/dhcpd.lease: lu tr tt c cc client ang thu a ch IP t

server.

Di y l file cu hnh mu:

ddns-update-style interim;

ignore client-updates;

subnet 172.16.1.0 netmask 255.255.255.0

{



46/178

GVHD: Ths.L Quc Tun

option routers 172.166.1.0;

option domain-name-servers 172.16.1.2;

option subnet-mask 255.255.255.0;

option domain-name "cn06.com";

range 172.16.1.10 172.16.1.100;

default-lease-time 21600;

max-lease-time 43200;

# Set name server to appear at a fixed address

host uclient {

#next-server ns1.cn06.com;

hardware ethernet 00:D0:B3:79:B5:35;

fixed-address 172.16.1.254;

}

}

3.3.1 Cc khai boGroup:

Mt vi host c chung mt vi tham s ring c th c hp thnh mt nhm ring

c chung cc khai bo Global v nhng tham s ring c khai bo trong Group.

Host:

c s dng p dng mt danh sch cc tham s cho mt host xc nh. Nhng

host ny vn ly nhng tham s global v nhng tham s ring trong phn khai bo

dnh cho host.

Subnet:

c s dng p dng cc tham s cho mt h thng khi h thng ny truy vn

DNS server yu cu cung cp a ch IP v cc thng tin khc.

Cc tham s:

Dns-update-style interim: kiu Dynamic DNS (DDNS) c s dng ni

chuyn vi DNS server. Mc nh l interim.

Option routers: a ch ca Default Gateway



47/178

GVHD: Ths.L Quc Tun

Option subnet-mask: ch cho client bit s dng subnet mask no.

Option domain-name-servers: danh sch DNS server c s dng trong mng

client c th truy vn ti.

Option domain-name: ni cho client bit n s tham gia vo domain no.

Range: dy a ch IP m client c th nhn c.

Default-lease-time: thi gian mc nh client c php thu a ch IP m client

khng cn phi request xin li IP.

Max-lease-time: thi gian ti a client c DHCP server cho thu a ch IP.

Server-name: cho client bit server no ang boot.

Fixed-address: thng c s dng vi khai bo Host, gn a ch IP c nhcho mt client vi mt Hardware c khai bo trc.

Hardware: thng c s dng vi khai bo Host ch r a ch MAC ca

client.

Cng vic cui cng l kim tra cu hnh v bt dch v DHCP chy cng h thng:

[root@server2 ~]# service dhcpd configtest

Syntax: OK

[admin@server2 ~]$ chkconfig dhcpd on

[root@server2 ~]# chkconfig --list dhcpd

dhcpd 0:off 1:off 2:on 3:on 4:on 5:on 6:off

[root@server2 ~]# service dhcpd start

Trong :

Service dhcpd configtest: cu lnh ny gip kim tra vic cu hnh file dhcpd.conf ng hay cha.

Chkconfig dhcpd on:bt DHCP chy khi h thng ang boot.

Service dhcpd start | stop | restart: khi ng | tt | khi ng li dch v.

Vic DHCP server chy trn nn tng h iu hnh no khng quan trng, v th khi

kim tra trn mt my client Windows, nhng tham s c cu hnh trn DHCP

server hon ton c client chp nhn.



48/178

GVHD: Ths.L Quc Tun

Hnh 6. a ch IP trn client

3.4 Kt lun

DHCP cung cp gii php qun l v phn phi a ch IP cho cc client tp trung

gip cc client chy nhanh hn v dnh t thi gian nht cho vic khai bo cc tham

s cn thit cho client.

DHCP cung cp cho mt dy cc client rt nhiu thng tin nh a ch IP, domainname, DNS server, SMTP server, POP server, NTP server, hoc cung cp cho

tng client ring bit m khng cn cu hnh bng tay trn client .



49/178

GVHD: Ths.L Quc Tun

Chng 4: Domain Name System (DNS)

Trong chng ny, chng em s trnh by nhng kin thc c bn v DNS, cc

thng s nh m hnh phn cp, cc zone, cc ty chn khi trin khai DNS trn

my ch Linux.

4.1 DNS l g?

Ban u do quy m mng Arpanet cn nh, ch vi trm my, nn vic qun l tn

my kh n gin, v ch da vo tp tin n hosts.txt 2lu thng tin v nh x tn

my thnh a ch IP.

Tuy nhin vi s pht trin chng mt ca Internet, vic s dng a ch IP bng n,

s dng file hosts.txt ngy cng khng p ng c nhu cu v tn ti cc nhc

im sau:

- Lu lng mng v my ch duy tr file hosts.txt b qu ti do hiu ng C

chai

- Xung t tn: Khng th c 2 my tnh c cng tn trong file host.txt

- Khng m bo s ton vn : vic duy tr 1 file trn mng ln rt kh khn.T , mt khi nim mi c ra i nhm khc phc cc nhc im ca

hosts.txt ng thi p ng nhu cu pht trin ngy cng mnh m ca mng

Internet, l: Domain Name System (DNS).

Tuy nhin, trong cc mng nh khi vic qun l tn my khng qu phc tp v tn thi

gian, cng sc vn c th s dng tp tin hosts.txt ny.

Trn Windows, file ny nm ti: WINDOWS\system32\drivers\etc, cn Linux ti/etc/hosts

M hnh phn cp ca DNS

M hnh cy phn cp ca DNS kh ging vi rt nhiu k thut, h thng c s

dng trong mi trng mng (v d: h thng qun l file ca Linux,). Vic chia

h thng ra lm nhiu cp bc gip vic qun l tr nn d dng hn khi mi cp

bc c gii hn v chu trch nhim trc tip trong gii hn ca mnh.

2 Tp tin hosts.txt c duy tr bi Network Information Center (NIC) v phn phi qua FTP



50/178

GVHD: Ths.L Quc Tun

Hnh 7. M hnh phn cp DNS

V tr cao nht trong cy phn cp DNS l Root, Root Server3chu trch nhim

chnh trong vic ch r DNS server no chu trch nhim cho Top-level domain. T

root phn nhnh ra thnh nhiu top-level domain, ri t mi min ny li phn chia

ra nhiu nhnh gi l min con (subdomain). Tn domain ch ra v tr ca n trong

CSDL DNS. Trong DNS tn min l chui tun t cc tn nhn ti nt i ngc

ln nt gc ca cy v phn cch nhau bi du chm.

Vic phn cp domain c th theo tn t chc hoc theo tn quc gia:

Tn min M t.aero Hng khng.com Cc t chc, cng ty.org Cc t chc phi li nhun.net Cc trung tm h tr mng.edu Cc t chc gio dc.gov Thuc chnh ph.mil Cc t chc qun s.vn Tn min thuc Vit Nam.jp Tn min thuc Nht bn.us Tn min thuc M

3Root server qun l cc nameserver mc top-level domain. Hin nay c 13 root server chu trch nhimtr li cc request trn ton th gii



51/178

GVHD: Ths.L Quc Tun

C ch phn gii tn

V d di y m t qu trnh phn gii tn grigiri.gbrmpa.gov.au sang a ch IP

thng qua cc DNS server trn Internet.

Hnh 8. C ch phn gii tn

Client s gi yu cu cn phn gii a ch IP ca my tnh c tn

girigiri.gbrmpa.gov.au n name server cc b. Khi nhn yu cu t resolver,Nameserver cc b s phn tch tn ny v xt xem tn min ny c do mnh qun

l hay khng. Nu nh tn min do server cc b qun l, n s tr li a ch IP

ca tn my ngay cho resolver. Ngc li, server cc b s truy vn n mt

Root Name Server gn nht m n bit c. Root Name Server s tr li a ch IP

ca Name Server qun l min au. My ch name server cc b li hi tip name

server qun l min au v c tham chiu n my ch qun l min gov.au. My

ch qun l gov.au ch dn my name server cc b tham chiu n my ch qun

l min gbrmpa.gov.au. Cui cng my name server cc b truy vn my ch qun



52/178

GVHD: Ths.L Quc Tun

l min gbrmpa.gov.au v nhn c cu tr li. Cc loi truy vn : truy vn c th

2 dng :

Truy vn quy (recursive query) : Khi nameserver nhn c truy

vn dng ny, n bt buc phi tr v kt qu tm c hoc thng bo li nu

nh truy vn ny khng phn gii c. Nameserver khng th tham chiu truy

vn n mt name server khc. Nameserver c th gi truy vn dng quy

hoc tng tc n nameserver khc nhng n phi thc hin cho n khi no c

kt qu mi thi.

Truy vn tng tc (interactive query): khi nameserver nhn c

truy vn dng ny, n tr li cho resolver vi thng tin tt nht m n c cvo thi im lc . Bn thn nameserver khng thc hin bt c mt truy vn

no thm. Thng tin tt nht tr v c th ly t d liu cc b (k c cache).

Trong trng hp nameserver khng tm thy trong d liu cc b n s tr v

tn min v a ch IP ca nameserver gn nht m n bit.

Phn gii IP thnh tn my:

nh x a ch IP thnh tn my tnh c dng din dch cc tp tin log

cho d c hn. N cn dng trong mt s trng hp chng thc trn h thng

UNIX (kim tra cc tp tin .rhost hay host.equiv). Trong khng gian tn min ni

trn d liu -bao gm c a ch IP- c lp ch mc theo tn min. Do vi

mt tn min cho vic tm ra a ch IP kh d dng.

c th phn gii tn my tnh ca mt a ch IP, trong khng gian tn

min ngi ta b sung thm mt nhnh tn min m c lp ch mc theo a ch

IP. Phn khng gian ny c tn min l in-addr.arpa.Mi nt trong min in-addr.arpa c mt tn nhn l ch s thp phn ca a

ch IP. V d min in-addr.arpa c th c 256 subdomain, tng ng vi 256 gi tr

t 0 n 255 ca byte u tin trong a ch IP. Trong mi subdomain li c 256

subdomain con na ng vi byte th hai. C nh th v n byte th t c cc bn

ghi cho bit tn min y ca cc my tnh hoc cc mng c a ch IP tng

ng.



53/178

GVHD: Ths.L Quc Tun

Lu khi c tn min a ch IP s xut hin theo th t ngc. V d nu

a ch IP ca my winnie.corp.hp.com l 15.16.192.152, khi nh x vo min in-

addr.arpa s l 152.192.16.15.in-addr.arpa.

Fully qualified domain names (FQDN)

Mi nt trn cy phn cp c mt tn gi, ring vi root c biu din bi

du chm (.). Khi , mt tn min y tn gi c vit ngc t di ln gc,

mi tn phn bit vi nhau bi du chm. Tn min c du chm xut hin sau cng

c gi l tn min tuyt i, hay tn min y c chng nhn (FQDN).

V d:

Tn min: mail.server1.cn06.com. l mt tn min FQDN

Lu :Thng thng ta khng cn g du chm ng sau mi tn min, nh vy l cha y ,

tuy nhin DNS resolver c th t ng thm du chm vo trc v sau tn min m ta

g (v d: server1.cn06.com s tr thnh.server1.cn06.com.).

Phn loi Domain Name Server:C ba loi Domain Name Server phc v phn gii tn min:

Primary Name Server:

Hay cn gi Master Server chu trch nhim chnh lu gi ton b thng

tin v cc zone. Mi min phi c mt Primary Name Server. Ngi qun tr DNS

s t chc nhng tp tin CSDL trn Primary Name Server. Server ny c nhim v

phn gii tt c cc my trong min hay zone.Secondary Name Server:

Hay cn gi l Slave Name Server - c s dng sao lu cho Primary

Name Server. C th c mt hay nhiu Secondary Name Server. Theo mt chu k,

Secondary s copy nhng file CSDL t Primay Name Server.

Caching Name Server:



54/178

GVHD: Ths.L Quc Tun

Cng l mt DNS server nhng khng c bt k file CSDL no. N c s

dng phn gii tn my trn nhng mng xa thng qua nhng Name Server

khc:

- Lm tng tc phn gii bng cch s dng Cache.

- Gim bt gnh nng phn gii tn my cho Name Server.

- Gim vic lu thng trn nhng mng ln.

4.2 Ci t DNS

Cc gi cn thit:

bind-9.7.0-9.P1.fc13.i686.rpm

bind-chroot-9.7.0-9.P1.fc13.i686.rpm

bind-libs-9.7.0-9.P1.fc13.i686.rpm

bind-utils-9.7.0-9.P1.fc13.i686.rpm

Cc file cu hnh:

Tp tin cu hnh chnh: named.conf

Tp tin phn gii thun: cn06.com.db, localhost.dbTp tin phn gii nghch: cn06.com.rev, 127.0.0.rev

Th mc lm vic:

/etc/: cha tp tin cu hnh chnh named.conf.

/var/named/: cha cc tp tin cu hnh phn gii thun v nghch.

Ch :Gi bind-chroot-9.7.0-9.P1.fc13.i686.rpm cho php ngi qun tr mng lm vic

vi cc tp tin cu hnh DNS an ton hn, bng cch ch to ra mt th mc m

ch c cc user c quyn ca root mi c php truy cp; v tt c cc tp tin

lin quan n DNS phi c lu vo th mc ny. l/var/named/chroot/etc/

cha tp tin named.conf; /var/named/chroot/var/named/- cha ton b tp tin

cu hnh.

4.3 Cu hnh DNS server

Vic ci t mt DNS server da trn nguyn tc cu hnh cc tp tin trn.

l nhng tp tin quan trng nht lin quan n cng vic ca mt DNS server.



55/178

GVHD: Ths.L Quc Tun

u tin ta s nh ngha Primary zone trong named.conf:

options {listen-on port 53 { any; };listen-on-v6 port 53 { any; };directory "/var/named";

dump-file "/var/named/data/cache_dump.db";statistics-file "/var/named/data/named_stats.txt";notify yes;};

zone "." in {type hint;file "root.hints";

};zone "cn06.com" {

type master;file "cn06.com.db";

};# Zone in-addr.arpa domain, cho cn06.com domain.zone "1.16.172.in-addr.arpa" {

type master;file "cn06.com.rev";

};

V d trn cho ta bit Name Server phc v cho domain cn06.com, cc tp tin c

s d liu root.hints, cn06.com.db, cn06.com.rev c lu tr trong /var/named/

- Zone . Khi cn s truy vn n tp tin root.hints 4 y l tp tin cha ccroot server chu trch nhim qun l ton b request trn ton th gii.

- Zone cn06.com: y l domain chnh m DNS server ca chng ta s qun

l. Khi cn n s truy vn n tp tin cn06.com.db cha cc tn phn gii

thun cho domain.

- Zone 1.16.172.in-addr.arpa: truy vn n cn06.com.rev cha tn phn gii

nghch ca domain.

- Cc ty chn trn cng cho php my ch chp nhn mi request t client

gi n port 53.

Lu :Type cho cc zone l master do y l Master server, ch tr khi ta cu hnh trn

secondary server th th type s l slave.

Cc Record: Mi record c nhng trng sau y:

4Tp tin root.hints c th tm ti: http://www.internic.net/zones/named.root

http://www.internic.net/zones/named.roothttp://www.internic.net/zones/named.root


56/178

GVHD: Ths.L Quc Tun

Name - domain name hoc a ch IP.

TTL - Time to live.

Class - lun lun l IN cho Internet.

Type kiu Record.

Data mi kiu record c nhng kiu d liu khc nhau.

Cu hnh tp tin phn gii thun cn06.com.db:

$TTL 1W

@ IN SOA dns.cn06.com. root (

2009123100 ; serial

3H ; refresh (3 hours)

30M ; retry (30 minutes)

2W ; expiry (2 weeks)

1W) ; minimum (1 week)

IN NS server2.cn06.com.

IN MX 10 server3.cn06.com.

dns IN A 172.16.1.2 ; primary name

server

server1 IN A 172.16.1.1

server2 IN A 172.16.1.2

server3 IN A 172.16.1.3

server4 IN A 172.16.1.4

proxy IN CNAME server1

smtp IN CNAME server3 ;mail server

www IN CNAME server3 ;web server

ftp IN CNAME server3 ;ftp server

Tp tin phn gii nghch cn06.com.rev:$TTL 1W

@ IN SOA dns.cn06.com. root (

2009123100 ; serial

3H ; refresh (3 hours)

30M ; retry (30 minutes)

2W ; expiry (2 weeks)

1W) ; minimum (1 week)

IN NS dns.cn06.com.

1 IN PTR server1.cn06.com.



57/178

GVHD: Ths.L Quc Tun

2 IN PTR server2.cn06.com.

3 IN PTR smtp.cn06.com.

4 IN PTR 2k3.cn06.com.

ngha cc Resource Record DNS:

IN: cho name server bit y chnh l record Internet.

@: chnh l domain c khai bo trong named.conf. Nh v d trn,

domain l cn06.com., do vy mi hostname c khai bo sau ny khng cn ghi

y tn theo dng FQDN.

dns.cn06.com. l FQDN ca name server cho domain.

Root: a ch e-mail cho ngi qun tr domain. Ta c th thay bng tn khcv d nh admin.cn06.com. - a ch e-mail nh vy thiu du @, nhng thc ra n

c thay bi du chm. v a ch tht s l [email protected].

SOA (Start of Authority): Trong mi zone ch c duy nht mt record

SOA. SOA ch ra rng my ch Name Server l ni cung cp thng tin tin cy t d

liu c trong Zone.

Cc thng s c khai bo sau ch c tc dng khi trong domain c

secondary server:

Serial number: Khi mt Slave Nameserver kt ni vi Master Server ly

d liu, trc tin n s kim tra s Serial, nu s Serial ca master ln hn tc l

d liu ht hn s dng v n s load li d liu mi. v vy khi ta cp nht d

liu trn name server ta tng s serial. Thng thng nh dng theo thi gian

YYYYMMDDNN V d: 2010042401

Refresh number: khong thi gian m Slave bit phi kim tra li d liu ccn s dng c khng.

V d: 28800; Refresh sau 8 gi

Retry number: Nu Slave khng th kt ni vi Master Nameserver sau

mt khong thi gian Refresh th n s c gng kt ni li sau retry giy. Gi tr ny

nh hn gi tr Refresh.

V d: 14400; Retry sau 4 gi

Expiry number: nu Slave khng th kt ni vi Master server sau khong

thi gian Expire (giy) ny, th slave s khng tr li cho vng d liu khi c



58/178

GVHD: Ths.L Quc Tun

truy vn, v n cho rng d liu ny qu c. Gi tr ny phi ln hn gi tr

Refresh v Retry.

V d: 3600000; 1000 gi~ 42 ngy

Time-to-live number: thi gian d liu c lu trn Caching Server - gi

tr ny c dng cho tt c cc Resource Record trong c s d liu. Gi tr ny

cho nhng server khc Cache li d liu trong 1 khong thi gian nht nh TTL.

V d : 86400; TTL l 1 ngy

NS (Name Server): Record tip theo cn c trong Zone l NS Record. Mi

Name Server cho zone s c 1 NS record. Record ny xc nh tn cc server chu

trch nhim qun l cc record trong domain.A: nh x tn sang a ch IPv4.

AAAA: nh x tn sang a ch IPv6.

CNAME (Canonical Name): Record ny to tn b danh Alias tr vo mt

tn Canonical. Tn Canonical l tn host trong Record A hoc li tr vo 1 tn

Canonical khc.

MX (Mail Exchanger): DNS dng record MX thng bo cho cc site

khc mail server ca mnh.

PTR(Pointer): dng nh x a ch sang tn.

Nh vy chng ta hon thnh vic tm hiu cng nh ci t cc tp tin cu hnh

cho DNS.

Cng vic cui cng l kim tra v khi ng dch v.

4.4 Khi ng dch v

[root@server2 ~]# chkconfig named on

[root@server2 ~]# service named start

Starting named: [ OK ]

4.5 Cc cng c kim tra DNS

Host: truy vn tn cng nh a ch IP ca host, c th c nhiu ty chn m

rng kh nng ca lnh host, tuy nhin dng c bn nht:

[root@server2 ~]# host smtp.cn06.com

smtp.cn06.com is an alias for server3.cn06.com.



59/178

GVHD: Ths.L Quc Tun

server3.cn06.com has address 172.16.1.3

[root@server2 ~]# host 172.16.1.3

3.1.16.172.in-addr.arpa domain name pointer smtp.cn06.com.

Dig: dng thu thp thng tin v cc DNS server c trong domain

dig @server [tn domain] kiu truy vn (tn record: A, SOA,)

V d:

[root@server2 ~]# dig @server2 cn06.com A

; DiG 9.7.0-P1-RedHat-9.7.0-9.P1.fc13 @server2 cn06.comA; (1 server found)

;; global options: +cmd;; Got answer:;; ->>HEADER> 172.16.1.1Server: 127.0.0.1

Address: 127.0.0.1#53

1.1.16.172.in-addr.arpa name = server1.cn06.com.

Vic ci t DNS server trn h iu hnh no hon ton khng nh hng n vic

truy vn thng tin host.



60/178

GVHD: Ths.L Quc Tun

Hnh 9. Truy vn DNS trn Windows XP

4.6 Kt lun

Trong chng ny, chng em trnh by hiu bit c bn v dch v DNS cng

nh ci t, cu hnh DNS server trn h thng Linux thng qua gi BIND, cc

cng c hu hiu trong vic thu thp thng tin v hostname, a ch IP,

Mt iu cn phi nhc ti l BIND c pht trin v cp nht ti ww.isc.org.V l do bo mt, nn ci t cc gi BIND phin bn 9 tr ln.

http://c/Users/DuanVu/AppData/Roaming/Microsoft/Word/ww.isc.orghttp://c/Users/DuanVu/AppData/Roaming/Microsoft/Word/ww.isc.org


61/178

GVHD: Ths.L Quc Tun

Chng 5: Bo mt Linux

Khi thit lp qun tr h thng, ngoi mc ch trin khai cc dch v, vn hnh h

thng mt cch trn tru v ti u ha h thng, cn mt vn rt quan trng cn

lu tm ti; l bo mt h thng. Nhim v quan trng trong vic trin khai bo

mt l:

- Bo v tnh ton vn (integrity) ca d liu, bo m s nht qun ca d liu

trong h thng. Cc bin php a ra ngn chn c vic thay i bt hp php

hoc ph hoi d liu.

- Bo v tnh b mt, gi cho thng tin khng b l ra ngoi.- Bo v tnh kh dng, tc l h thng lun sn sng thc hn yu cu truy nhp

thng tin ca ngi ding hp php.

- Bo v tnh ring t: m bo cho ngi s dng khai thc ti ngun ca h thng

theo ng chc nng, nhim v c phn cp, ngn chn c s truy nhp

thng tin bt hp php.

- Hn ch n mc ti a nhng cuc xm hi t c bn trong ln bn ngoi ti

h thng. Nht l trong mi trng hin nay, khi nhu cu truy cp Internet l khng

th thiu trong bt c c quan, t chc no.

C th c nhiu bin php c th trin khai trn mt h thng, nhng khng c bin

php no l hon ho c. Mi bin php u c nhng u/nhc im ring. Do ,

vic dng mt hay nhiu bin php ty thuc vo yu cu c th.

Linux liu c bo mt?

Cu tr li l khng5. Sau y l mt vi l do:

- Ging nh UNIX, Linux c ti u ha sao cho vic s dng thun tin nht v

th thit lp bo mt trong Linux khng d dng. Trit l ca Linux nhn mnh vo

vic d dng qun l v s dng d liu trong mi trng a ngi dng.

- Nu c trin khai cn thn, Linux s l h thng bo mt hiu qu. Khi truy cp

h thng, hoc bn l ngi dng c quyn hn rt hn ch, hoc bn l root. Ngoi

ra, vic thc thi SETUID, SELinux cng lm vic iu khin truy cp h thng an

5 Tr.709 - Linux Administration Handbook



62/178

GVHD: Ths.L Quc Tun

ton hn. Nhng trong hu ht trng hp nhng sai st nh trong bo mt vn c

th lm tn hi ton b h thng.

- Cc bn phn phi Linux hu ht c pht trin bi cng ng nhng lp trnh

vin ln - vi s chnh lch v kin thc cng nh kinh nghim rt ln. iu ny

lm nhng tnh nng c ng dng cho Linux c th tn ti nhng l hng bo

mt.

V cn mt iu cn lu tm na l: h thng cng bo mt bao nhiu, s thun tin

cho ngi dng cng gim by nhiu. iu ny c th biu din nh cng thc sau :

Trn Linux hin nay c rt nhiu chng trnh Firewall, tuy nhin Iptables c la

chn nhiu hn c. Di y l bng iu tra trn trang http://distrowatch.com

Tham kho thm ti:

http://distrowatch.com/dwres.php?resource=firewalls

Gii thiu h thng Firewall dng Iptables

Iptables l mt phn mm ngun m c s dng ph bin khi trin khai

Firewall trn h thng Linux. Iptables ch xut hin trn cc bn phn phi Linux t

http://distrowatch.com/http://distrowatch.com/dwres.php?resource=firewallshttp://distrowatch.com/http://distrowatch.com/dwres.php?resource=firewalls


63/178

GVHD: Ths.L Quc Tun

phin bn nhn 2.4.x tr v sau. Thng thng, khi ci t cc bn phn phi Linux

nh Red Hat, Fedora (d n ngun m ca Red Hat), CentOS, Suse... th mc nh

Iptables c ci t sn. Tng la c xy dng trn iptables gm hai phn:

Netfiter v Iptables. Netfilter c nhim v lc gi tin mc IP. Netfilter lm vic

trc tip trong nhn nn c tc x l nhanh v khng lm gim tc h thng.

Iptables nm ngoi nhn chu trch nhim giao tip gia ngi dng v Netfilter,

dng y cc lut ca ngi dng cho Netfilter x l. Netfilter cng cc module

Firewall hot ng ti tng Kernel, st vi tng vt l (gm CPU, b nh v cc

thit b ngoi vi) cho tc cao, cn iptables hot ng tng Applications h tr

ngi dng qun l cc lut ca Firewall.

Hnh 10: M hnh h thng Firewall.

Iptables cn c bit n l mt Statefull Firewall. Statefull Firewall l mt

Firewall c kh nng theo du cc kt ni TCP hnh thnh. Kt ni TCP bao gm

mt chui cc gi tin cha thng tin v a ch ngun, a ch ch, cng ngun,

cng ch v mt s (sequence number) tp hp gi tin li m khng mt d liu.

Bng cch theo di header ca gi tin TCP, b lc statefull c th xc nh gi tinTCP nhn c c phi l mt phn ca kt ni to hay khng v quyt nh

xem chp nhn hay hy b gi tin . Trn nn tng Firewall dng phn mm

iptables th Statefull Firewall cn phi c hai thnh phn: Kernel Space (gm

Netfilter v cc module Firewall h tr bn trong Kernel) v User Space (gm

iptables dng khai thc cc module trn).



64/178

GVHD: Ths.L Quc Tun

Iptables c th lc gi tin da trn a ch, cng, giao thc, thi gian, trng

thi kt ni, c im ca thng tin trn gi tin. Tuy nhin, do hot ng tng

Transport trong m hnh TCP/IP, nn iptables ch c kh nng lc v gii hn da

trn gi tin, khng th can thip su vo tng Application nh gii hn bng thng

khi truy cp web hoc chng th rc. Mt im yu na l iptables khng tch hp

VPN nh nhng phn mm tng la thng c dng trn h thng Windows.

Ngoi tnh nng lc gi tin, iptables cn cung cp vi tnh nng khc nh

NAT (Network Address Translation) v rate limit. Rate limit rt hu ch trong vic

chng DoS (Denial of Service) nh SYN flood. Ngoi ra, iptables cn c kh nng

lc gi tin da trn a ch MAC, y l mt t im m phn ln cc tng latrn h thng Windows cha c tch hp. Mt tnh nng khng th thiu khi trin

khai Firewall trn iptables l ghi nhn s kin. Cng nh nhng phn mm tng

la khc, iptables h tr ghi nhn s kin vi ty chn LOG nhm theo di hot

ng vo ra Firewall ca cc gi tin.

Cc thnh phn ca Iptables

M hnh qun l iptables da trn cc bng (table) v cc tp lut (chain).Bng trong iptables gm ba loi bng: filter, nat v mangle. Tp lut l tp hp cc

lut dng x l gi tin. Tp lut trong iptables gm hai loi l tp lut dng sn

v tp lut t nh ngha. Tp lut dng sn bao gm cc tp lut nh: INPUT,

OUTPUT, FORWARD, PREROUTING, POSTROUTING, MASQUERADE. Tp

lut t nh ngha l nhng tp lut c ngi dng to ra. Thng thng,

Firewall hot ng hiu qu, t tnh bo mt cao, ngi ta thng xy dng nhiu

tp lut khc nhau chuyn x l cho mi tnh hung ring bit, km theo mi tp

lut l cc chnh sch bo mt chi tit hn i vi vic x l gi tin. Vic lm ny

gip cho vic qun l, gim st hot ng Firewall tr nn d dng, chuyn nghip

v an ton cao hn. Bn di y trnh by chi tit v cc thnh phn v chc

nng, cch dng cc thnh phn trong iptables.

Tn

bngChc nng

Cc tp lut

dng kmChc nng tp lut



65/178

GVHD: Ths.L Quc Tun

Filter Lc gi tin FORWARD Lc cc gi tin i vo trn mt cng

mng v ra trn mt cng mng khc

ca Firewall.INPUT Lc gi tin vo cng mng ca

Documents

Xây Dựng Hệ Thống Linux