Đang tải... (xem toàn văn)
tài liệu quản trị mạng linux LPI12 bao gồm các kiến thức nền tảng từ cơ bản đến nâng cao, phù hợp với những bạn mới bắt đầu tìm hiểu về Linux: cài đặt, cấu hình , quản lý và phân quyền người dùng, các thao tác cơ bản trên tập tin như thêm , sửa , xóa, giải nén..........
,., J' "JteJC, TRUNG TAM DAO TAO MANG MAY TiNHNIIAT NGu-e D6I TAC DAO T�O CUA MICROSOFT T� VIl:T NAM "/,r'J; -"!",., - 105 Ba Huyen Thanh Quan, Q3, TP HCM NHATNGHE· Tel: 39.322.734 - 39.322.735- Website: www.nhatnghe.com -:�I� "1,., Aficrosoft·Pa rtner Goi:i Learning Topic 1: Linux Installation and Package Management - - - � - - - Installing software Install programs from source Phien Bin Thir Nghifm - Ltru Banh N{>i Bq .t1"Jleft, r.A/,r'J; ,, � NHATNGHE· TRUNG TAM E>AQ T,:\.O M,:\.NG MAY TiNHNHAT NGH.f: 1>61 TAC BAO T�O CUA MICROSOFT T�I �T NAM 105 Ba Huyen Thanh Quan, Q3, TP HCM Tel: 39.322.734 - 39.322.735- Website: www.nhatnghe.com Mic#Osolt·Partner Installing Linux as a Server • Yeu cau ph).an clfDg , System Requirements: • I GHz x86_64 processor • I 024MB of system memory (RAM) • 5GB of disk space (for OS files; consideration should be given to the (often very large) size of user files that will occupy the /home directory) • Graphics card and monitor capable of I 024x768 • CD Drive, DVD Drive, or bootab]e USB Port • Sound support, if you need sound • Internet access is helpful A ) Cai dJt Giao trinh se hu6ng d!n cac b�n cai d�t CentOS 7.1 Enterrprise Kh&i d61 TAC BAO T�O CUA MICROSOFT T�I VJ¥T NAM rf,rr'J; 105 Ba Huyen Thanh Quan, Q3, TP HCM NHATNGHE · www.nhatn he.com · Tel: 39.322.73439.322.735-Website: g -·-tt - B4 #systemctl restart network #mv /etc/sysconfig/network-scripts/ifcfg Wired_connection_ I /etc/sysconfig/network scripts/ifcfg-eno33554984 Chu y: co th8 d6i ten ifcfg-ethO, ifcfg-ethl Stop and Disable Firewalld on CentOS DisableFirewalld #systemctl disable firewalld StopFirewalld #systemctl stop firewalld Check the Status ofFirewalld #systemctl status firewalld Disable SELinux CentOS Xem �ng thai selinux: [root@localhost-]# sestatus enabled SELinux status: /sys/fs/selinux SELinuxfs mount: /etc/selinux SELinux root directory: Loaded policy name: targeted enforcing Current mode: enforcing Mode from config file: enabled Policy MLS status: Policy deny_unknown status: allowed Max kernel policy version: 28 Mcr file /etc/selinux/config, sfra SELINUX=disbled HoJc [root@localhost-]# sed -i 's/enforcing/disabled/g' /etc/selinux/config [root@localhost-]# reboot [root@localhost-]# sestatus disabled SELinux status: Change default runlevel in CentOS Cach 1: B Xem runlevel hi�n t�i [root@localhost -]# systemctl get-default Phien Ban Thii' Nghifm - Ltru Hanh Nqi B{, Miclosolf· Partner ',it.si::! Leaming TRUNG TAM DA.O T�O M�G MAY TiNHNIIAT NGHf: AL""ll� "/frX DOI TAC DAO T�O CUA MICROSOFT T� vrf:T NAM -�. -105 Ba Huyen Thanh Quan, Q3, TP HCM , NHATNGHc • Tel: 39.322.734 - 39.322.735 - Website: www.nhatnghe.com Firewall Configuration File Options View· Help Conflgunatlon: J Zones Miclosoft'Partner LR�,��'Th�•;cf,, ,,rJ \a•®c�i ' A firewalld zone defines the level of trust for network connections, interfaces and source addresses bound to the zone The combines services, ports, protocols, masquerading port/packet forwarding, icmp filters and rich rules The zone can be I;1 zone bound to interfaces and source addresses I zone I :; i, block you can define which services are trusted in the zone Trusted servises are accessible from all hosts and networks that can reach the machine from connections, interfaces and sources bound to this zone l l e�ternal 11home •1 I, i: internal 1• · ' postgresql , , proxy-dhcp , , radius public trusted " RH·Satellite-6 i work r, rpc-bind '' samba ' ' samba-dient smtp Connected Default Zone: ublic lockdown: disabled Panic Mode: disabled Ltru du hinh firewall: Option, Runtime to Permant File Options View Help Reload Firewalld Conf ,{;: Zo · Change Zones of Connections ,� I l A fir I zorn I boui I I bto > Change Default Zone Panic Mode Lockdown Runtime To permant ·k connections, interfaces an ng, port/packet for.varding, ��jg�J;ei::�t2J i I Add additional ports or port ranges, which need to b I dmz 11 connect to the machine ; Zone management Gi6i thi�u cac zone drop block 248 Any incoming network packets are dropped, there is no reply Only outgoing network connections are possible _ �� � � Any incoming network connections are rejected with an icmp-host-prohibited Phien Ban ThirNghifm-Llfll Hanh Nqi Bq TRUNG TAM DAO T�O M�NG MAY TiNH NRAT NGffl -.AL9Jleft, BOI TAC BAO T40 cirA MICROSOFT T41 VJt;T NAM 7,rx ff _ 105 Ba Huy�n Thanh Quan, Q3, TP HCM NHAT NGHe Tel: 39.322 734 - 39.322.735 - Website: www.nhatnghe.com G,1:id Leaming message for IPv4 and icmp6-adrn-prohibited for IPv6 Only network connections initiated from within the system are possible public For use in pub1ic areas You not trust the other computers on the network to not harm your computer Only selected incoming connections are acct:pted external For use on external networks with masquerading enabled especially for routers You not trust the other computers on the network to not harm your computer Only selected incoming connections are accepted work For use in work areas You mostly trust the other computers on networks to not harm your computer Only selected incoming connections are accepted home For use in home areas You mostly trust the other computers on networks to not harm your computer Only selected incoming connections are accepted internal For use on internal networks You mostly trust the other computers on the networks to not harm your computer Only selected incoming connections are accepted trusted All network connections are accepted • All network interfaces can be located in the same default zone or divided into different ones according to the levels of trust defined • By default, "pub1ic" zone is applied with a NIC and dhcpvfrclient and ssh are allowed When operating with "firewall-cmd" command, if you input the command without " zone==***" specification, then, configuration is set to the default zone HiSn thj default zone # tirewall-cmd get-default-zone public ,.,Xem danh sach cac zone da gah vao interface # firewall-cmd get-active-zones public interfaces: eno 16777736 eno33554984 Xem ·danh sach cac zone sin c6 # firewall-cmd get-zones · block dmz drop external home internal public trusted work Xem thong tin chi tiet v� zone public # firewall-cmd zone==public -""list-all public (default, active) interfaces: eno 6777736 eno33554984 sources: services: dhcpv6-client ssh ports: masquerade: no forward-ports: icmp-blocks: rich rules: Gan zone cho ethO, eth !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!9,i 49 Phien Ban Thir Nghifm - LU'U Hanh N9i B9 TRUNq TA.� DAO T�� M�G MAY TINHNIIA! NG� :J '1te,f, 1>61 TAC BAO T�O CUA MICROSOFf T� vq:T NAM· 7,r'J; - 105 Ba Huy�n Thanh Quan, Q3, TP HCM NH,{T NGH$ Tel: 39.322 734 - 39.322.735 - Website: www.nhatnghe.com Mic,osoft' Partner # firewall-cmd zone=external change-interface=eno16777736 # firewall"."cmd zone=internal change-interface=eno33554984 Xem ltri # firewall-cmd get-active-zones internal interfaces: eno33554984 external interfaces: eno16777736 Xem cac zone dang gan vao interface # firewall-cmd get-zone-of-interface=eno16777736 External # firewall-cmd get-zone-of-interface=eno33554984 internal Ho�c File I Option� Con1: ! View Help Reload Firewalld onnections A1ir; zon, bour Zon blo eno16777736 (enol6777736) Zone: �Aternal Panic Mode ifcfg-Wired_connection_l (eno3 3554984 Zone: intern>! Lockdown Runtime To permant dmz ;_�ic:t · ··· : j Add entries t� bi�d i�terfaces to the zone If the interface will be used by a c : ! will'""be··set ·to the"' zone specified in the connection ·-· , , -· I /nt;;rface C,,mm0nt I drop Ii ! external !home n ar r���E! �i �L�?��.f��.v: �i.�.9jl�fl.1e �il�er bou rulE: " i[ Service management Sau gan m6i interface cho m{>t zone, ti�p theo c6 th� them cac services cho tung zone To allow the http service permanently in the internal zone, type:ch zone Cho cac may hen troy �p web 4ti firewall # firewall-cmd permanent zone=intemal add-service=(http,https) success · # firewall-cmd -reload #systemctl restart httpd Chi cac may hen truy c�p duqc web http://10.0.0.1 Cho tir ben ngoai truy �P web t�i firewaii 2:fo Phien Ban Thii' Nghifm - LU11 Hanh N{H B{> TRUNG TA.M DAO T�O M�G MAY TiNHNRAT NG� _.,,1'1l "fl,r'J; � 1>61 TAC f>AO T40 CUA MICROSOFI' T41 VQ:T NAM - 105 Ba Huy�n Thanh Quan, Q3, TP HCM NHAT NGH� Tel: 39.322.734 - 39.322.735- Website: www.nhatnghe.cotn �' "\'!., AficlOsoft·Partner Goid Learning # firewall-c�d zone=extemal add-service=http ;khong d.n phai reload, m{ic djnh la runtime Success Cac may hen ngoai truy �P dugc web http:l/192.168.1.102 # firewall-cmd list-services zone=intemal dhcpv6-client http ipp-client mdns samba-client ssh # firewall-crnd list-services zone=extemal http ssh #firewall-cmd list-services dhcpv6-client ssh Configuration: [ Runtill)E! •• ,':" J I c··' -· ·-···"�·····-, Services ,i 'ijfrlf' · it&ii£id ·� J A firewalld zone defines the level of trust for network connections, interfaces and source addresses bound to the zone The zone combines services, ports, protocols, masquerading, port/packet forwarding, icmp filters and rich rules The zone can be ! bound to interfaces and source addresses I Ga bo service #firewa11-cmd zone=extemal remove-service=http Masquerading D� cdu hinh masquerading tren external zone # firewall-cmd zone=extemal add-masquerade Quan sat GUI !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!�251 Phien Bin Thir Nghifm -LU'U Hanh Nqi Bq TRUN9 TA¥ DAO T�� M�G MAY TiNHNHA! NGB¥ -A1'1le,t, DOI TAC DAO T�O CUA MICROSOFT T� VQ:T NAM "ffrx 105 Ba Huyen Thanh Quan, Q3, TP HCM , NHAT NGH� Tel: 39.322.i34 - 39.322.735-'- Website: www.nhatn he.com g '-"! ¥ Zones A firewalld zone defines the level of trust for network connections, interfaces and s zone combines services, ports, protocols, masquerading port/packet forwarding icm bound to interfaces and source addresses Zone Masquerading block dmz Masquerading allows you to set up a host or router that internet Your Local network will not be visible and the internet Masquerading is 1Pv4 only Jfil' drop :I jhome j intemal Masquerad� zone I If you enable masquerading, IP forwarding will be enabl Cac may client hen truy �p internet cong VN!il��B��.�� tto lu1n, Vi,+t nhi*u r;�1J'OS :r.�m tll'l6t ty M,c Sio' Tuy.It Le � YI khOng trOn trach nhi6m '/01 M.Ua r:Si r?U'O'C dirOC bi!u di8n th,rbn� xuyP.n t�i TP HCM Bpho,ie ban m� yang 24K gij 20, 19 tri§u 60ng Indonesia d1�u 61 tt:tu chi�n bio \'& ngv d§n Tra E!la di,t1g !rang xO -.,a ca ph& nhai !u6n I ich b SSi Gen Mayes chtra dU can d3m tm IAi tJnr.Jli h::mn Anh s.· Port forwarding # firewall-cmd -zone=external -add-forward port=port=3389:proto=tcp:toport=3389:toaddr=l 0.0.0.20 HoJc sir dl}llg GUI 252 Phien Bin Thir Nghifm - LtrU Hanh Nqi Bq � Miclosott" Partner MO'BAN TRUNG TAAi DAO T�O M�G MAY TiNHNBATNGfll: A17teJ'lt 001 TAC DAO T�O CUA MICROSOFT T� VJl:T NAM "f,rJ; A -�- I 05 Ba Huy�n Thanh Quan, Q3, TP HCM NH T NGH · Tel: 39.322.734 - 39.322.735-Website: www.nhatnghe.com -::�11� �"' Mictosoft·Partner Goid Leaming Please select the source and destination options according to your needs Source Protocol: Port I Port Range: Destination l��-�: _: _ J If you enable local forwarding you have to specify a port This port has to be different to the source port n Local forwarding r.i' Forward to another port IP address: Port I Port Range: Tir may ben ngoai ti�n hanh Remote desktop Nhip ip mijt ngoai cua firewa:11 · [ Li � �f/ �er: Rem�te Desktop Connection 192.168.1.102 Username: NHATNGHE\adlnmlralor You wl be llllked for crederfials when ycu �- Nhip user: administrator/ 123 K�t nAi cong I !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!J!l.,is3 Phien Bin Thu- Nghifm - Ltru Hanh Nqi Bq d' '1te"' TRUNG TA.M DAO T�O M�NG MAY TINHNIIAT NG� DOI TAC BAO T�O CUA MICROSOFT T�I �T NAM "'ffrX 105 Ba Huy�n Thanh Quan, Q3, TP �CM -N-H- J.�T-N_G_H-� • Tel: 39.322.734 - 39.322.735- Website: www.nhatnghe.com llllicl'osolt· Partner f)6i port ssh: # firewa11-cmd zone=external add-forward-port=port=2222:proto=tcp:toport=22 HoJc SU' dvng GUI: Please select the source and destination options acc.>rding to your needs Pr ototol: tAO T�O M�NG MAY TINHNBAT NGlfE: ,,.AL,-i,,e/fl DOI TAC BAO T�O CUA MICROSOFT T� �T NAM "/,W,X . 105 Ba Huy�n Thanh Quan, Q3, TP HCM "\!,•, Mictosoff·Pa rtner NHAT NGH� Tel: 39.322.734 - 39322.735 - Website: www.nhatnghe.com j192.168.1.102 Goki Learning COMeCl Jroo4 Cancel fort Number I I Port management Firewall ma port 3128 # systemctl restart squid # firewall-cmd zone=intemal add-port=3128/tcp Quan sat GUI: ' A firewalld zone defines the level of trust for network connectio.ns, interfa zone combines services, ports, protocols, masquerading, port/p acket forw : bound to interfaces and source addresses I ( ;' Services Ports JMasqueradi�g \ Port Fo r·· .,�,""'·"" .,.,., ::, ··''·-· , -"· "'"··" "'�·-···-�··"'·"' ··"' ··-·· ,.� , , Add additional ports or port ranges, which nee connect to the machine May client hen LAN ciu hinh proxy, truy c�p internet c6ng / : ": � ��� lffiltt}\1)]] ·�oriiatic configuration Aut6!riatii: conf ation mav override manual settings i"o �e the use of��, settings, qisable automatic configuration, ,gur Firewalld h6 trey squid transparent proxy !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!,iss Phien Bin Thir Nghifm - L11U Hanh Nqi Bq TRUNG TAM DAO TAO MANG MAY TiNHNHAT NGHE l>OI TA.C BAO T�O CUA MICROSOFT T� Vfl:T NAM � - 105 Ba Huy�n Thanh Quan, Q3, TP HCM NHAT NGHe Tel: 39.322.734 - 39.322.735 - Website: www.nhatn he.com g ett, : �.I' -7 �� Mic,osott· Partner Ciu hlnh squid # vi /etc/squid/squid.conf 59 http_port 3128 transparent # systemctl restart squid c!u hlnh firewall Ttw file /etc/firewalld/direct.xml #vi /etc/firewalld/direct.xml -i eno33554960 p tcp dport 80 -j REDIRECT to-ports 3128 -i eno33554960 p tcp dport 443 -j REDIRECT to-ports 3127 # systemctl restart firewalld # fireyvall-cmd direct get-all-rules ipv4 nat PREROUTING O -i eno33554984 -p tcp dport 80 -j REDIRECT to-ports 3128 ipv4 nat PREROUTING O -i eno33554984 -p tcp dport 443 -j REDIRECT to-ports 3127 Cac may client ben khong cin du hinh thong tin v� proxy v�n c6 th€ truy c?p internet thong qua proxy Backup of iptables iptables-save > /opt/iptables.backup Restore iptables from backup file iptables-restore < /opt/iptables.backup 256 Phien Ban Thir Nghifm - Llrll Hanh Nqi B9 -_.1-i,,eJC, r-/1'1:'l; A tt�. ""'! NHATNGHE • TRUNG TA.M DAO T�O M�NG MAY TINHNH.A.T NGfll: 1>61 TAC BAO T�O CUA MICROSOFT T� �T NAM 105 Ba Huy�n Thanh Quan, Q3, TP HCM Tel:.39.322.734- 39.322.735-Website: www.nhatnghe.com �1 "1,·, Afictosoft· Partner G[...]... 7fllf'J: ,., _ 105 Ba Huyen Thanh Quan, Q3, TP HCM NHATNGHE· Tel: 39.322.734 - 39.322.735-Website: www.nhatnghe.com "':��1,� , Aficrosoft·Pa rtner Cioirl Learning The Command Line 1 Gioi thieu Su d\Jng BASH Shell - Linux cung cftp kha nang giao ti�p v6i kernel thong qua trinh di�n dich trung gian gc;>i la Shell Shell co chuc nang gi6ng "command.com"(DOS) - Cac lo�i Shell trong Linux: Xwindow Xem cu phap... se cho cac t�p tin nhj phan trong /bin va /sbin C�ua cac mount point cua cac thiet bj dugc mount vao trong h� thong Luu trii thong tin ve kernel Luu trii home directory cho user root Chua cac file t�m Chua cac chuong trinh da duqc cai d�t Chua cac Joj;!; file, hang dgi cac chuong trinh, mailbox cua uers 2L�!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!... find -user u 1 -exec chmod o=r {} \; Cac ifnh tim kiem khac - Tim vi tri, source va man page cua l�nh grep: [root@mayl -]# whereis grep grep: /bin/grep /usr/share/man/man I p/grep l p.gz /usr/share/man/man I /grep l gz - Tim thu ml,lc ch(ra l�nh ls: [root@mayl -]# which find /bin/find 9.Trinh so,n thio vi Linux co nhi eu chuemg trinh cho phep so�n thao van ban nhu: vi, emacs, joe, pico, Trong d6,... T�O CUA MICROSOFf T� VItT NAM 105 Ba Huyen Thanh Quan, Q3, TP HCM NHATNGHE· Tel: 39.322.734 - 39.322.735- Website: www.nhatnghe.com Aficrosoft·Pa rtner A ,, Goid Learning Installing software - Redhat Package Manager (RPM) la cong cv dung d� Installing, Uninstalling va Upgrading software cho h� th6ng Linux - M9t RPM package la m9t file chfra cac chucmg trinh thl,lc thi, cac scripts, tai li�u, va m9t... 'Jle,i, DOI TAC BAO T�O CUA MICROSOFf T� �T NAM "fffl:"X I 05 Ba Huy�n Thanh Quan, Q3, TP HCM • ,., A NHAT NGH� Tel: 39.322.734 - 39.322.735- Website: www.nhatnghe.com M'"ICl'OSOlt' Partner Khai ni�m t?p tin trong Linux dugc chia ra lam 3 lo�i chinh: + T?p tin chua du li�u binh thucmg + T?p tin thu mvc + T?p tin thi�t bi Ngoai ra Linux con dung cac Link va Pipe nhu la cac t?P tin d�c bi�t Xem cfiu true... £>6i v&i Linux, khong c6 khai ni�m cac 6 dia Toan b