commend line and some service

8/6/2019 Commend Line and Some Service

1/24

Mt s lnh v phm tt dng trong Linux

Posted: Thng Hai 23, 2011 by Anh Tun in LinuxTh:Asia, Da Nang, Hard disk drive, Microsoft Windows, Provinces, Vietnam, Vietnamese people, Windows0

Rate This

1. Cc lnh c bn

# ls // ging nh dir ca windows# vi // m trnh son tho vn bn text# passwd // i password user hin ti# chmod // cp quyn cho th mc v tp tin (chmod 777) l ton quy# chgrp // thay i group cho th mc v tp tin

# chown // thay i owner th mc v tp tin# cp a b // copy file a vo th mc b# reboot // khi ng li h thng# shutdown -h now // shutdown h thng (tt my)

2. Networking (hn ch s dng khi ang ch remote):

# ifconfig // xem v config ip ca server# setup // chn Network Configuration set IP cho server# vi /etc/resolv.conf // cu hnh dns cho server# ifdown eht0 // down card mng eth0

# ifup eht0 // up card mng eth0# service network restart // khi ng li service mng

3. Kim tra h thng

# top // xem tnh trng s dng ti nguyn RAM, CPU ca h thng# uptime // xem tnh trng trung bnh ca h thng v thi gian h thng online# fdisk -l // xem cc cng HDD c trn server# df -h // kim tra mc s dng cng HDD# cat /proc/cpuinfo // kim tra CPU# cat /proc/meminfo // kim tra mc s dng b nh

# du -hs // kim tra dung lng th mc

4. Webserver v MySQL

# service httpd status // xem tnh trng webserver# service httpd restart // khi ng li webserver# service mysqld restart // khi ng li mysql


2/24

# mysqlcheck -Aao -auto-repair -u[MySqlAdmin] -p[Password] // kim tra sa v optimizemysql database

5. Nn v gii nn

# tar -cvzpf archive.tgz /home/example/public_html/folder // nn mt th mc# tar -tzf backup.tar.gz // lit k file nn gz# tar -xvf archive.tar // gii nn mt file tar

6. Trong terminal

* + L: xo ton b mn hnh, ging lnh clear* + D: exit session, ging lnh exit* + R: tm mt lnh chy trc y, nhn + R sau bt u g mt phn ca cu lnh, hthng s t hon tt phn cn li da trn cc cu lnh c thc hin trc * : t ng hon tt cu lnh

* + : dn (paste) ni dung copy vo terminal* + PageUp: cun mn hnh ln trn mt trang* + + F2 ( + F2> nu ang ch console): chuyn sang virtual terminal th 2, tng t viF3, F4

7. Trong GNOME

* + + D: hin th desktop, ging + D trong Windows* + + : chuyn sang workspace trc/k tip* + W: ng ca s hin thi* + Q: thot khi chng trnh hin thi

* + F1: Hin th main menu* + F2: Hin th hp thoi chy dng lnh, ging + R trong Windows* + F5: B phng to ca s hin thi* + F9: Thu nh ca s hin thi* + F10: Phng to ca s hin thi

8. Trong OpenOffice:

* + + B: chuyn font sang dng subscript, ging + + trong MS Word* + + P: chuyn font sang dng supperscript, ging + + + trong MS Word* + 1: Single line spacing

* + 2: Double line spacing* + 5: 1.5 line spacing

9. Trong vi (vim)

Cc phm sau y c s dng trong ch nhp lnh (khng phi ch nhp vn bn). vit v vi th cn mt bi ring, nn y cheva ch nu ra mt s phm/lnh chnh, ch ccphm/lnh sau y c phn bit ch hoa v ch thng:


3/24

* G: ti cui file* #G: ti dng th # (v d 10G, 100G)* H: ti u trang* dd: xa dng hin thi* yy: copy dng hin thi

* p: dn xung dng di dng hin thi* P: dn vo trc v tr con tr* /: bt u tm kim* ^: ti u dng* $: ti cui dng* %: ti du ng (m) ngoc tng ng* %s/old_text/new_text/g: thay th tt c cc old_text bng new_text* ch nhp vn bn, g + P s dng auto text completion

Cch copy file v folder t my linux ti my linux

dng commandPosted: Thng Su 9, 2011 by Anh Tun in Linux0

Rate This

copy t linux sang linux c rt nhiu cch, nh: samba, nfs, scp,

1. Samba th phi ci t cu hnh hi phc tp 1 cht, nhng li 1 ci l c th share cho c ccmy xi windows->v vy b qua ci ny.

2. NFS cu hnh d dng hn, tc copy nhanh nht trong my cch trn.Sau y l hng dn c bn cch copy bng nfs.

2.1.Trn my ngun:

[root@test ~]# nano /etc/exports

Ti y ta s thy cc th mc c export ra cho my khc. V d:

/u03 10.0.0.*(ro,sync,no_root_squash).

Ngha l export th mc /u03 cho cc my thuc lp 10.0.0.x. nu mun tt c cc my u thyta c th dng

/u03 *(ro,sync,no_root_squash)


4/24

ro: ngha l share ch c, nu mun ghi th l rw Cc tham s cn li ko quan trng ch l ch copy ng b or khng ng b(sync hoc async). Sau khi ng li service nfs thayi c hiu lc

[root@test ~]# service nfs restart

Shutting down NFS mountd: [ OK ]Shutting down NFS daemon: [ OK ]Shutting down NFS quotas: [ OK ]Shutting down NFS services: [ OK ]Starting NFS services: [ OK ]Starting NFS quotas: [ OK ]Starting NFS daemon: [ OK ]Starting NFS mountd: [ OK ]

2.2. Trn my ch. Thc hin lnh mount th mc export t my ngun.

[root@test ~]# mount -t nfs 192.168.3.10:/u03 /mnt/u02

/u03 chnh l th mc bn my ngun.

/mnt/u02 chnh l th mc bn my ch ta mun mount n.

Khi thnh cng bc ny ta c th vo th mc /mnt/u02 s thy cc file ca /u03.

3. Lnh scp dng copy qua port ssh, s chm hn nfs mt cht nhng ko phi cu hnh.

scp -r user@destination:/file or folder /folderV d

scp -r [email protected]:/oracle/backup /oracle

s copy ton b th mc backup v /oracle

Khi g lnh trn s yu cu ng key(chn yes) v nhp mt khu user

Hng dn ci t samba n gin

Posted: Thng Mi Mt 19, 2010 by Anh Tun in Linux0

Rate This

1. Install Samba


5/24

Trch dn# yum -y install samba

2. To Folder luu de mount HDD hoc luu tr

Trch dn#mkdir/cpanel

3. Cu hnh Samba

./ M File smb.conf >

Trch dn#vim /etc/samba/smb.conf

./ Kim ch no c dng nh bn di > nhn phm Insert s

Trch dnsecurity = user

passdb backend = tdbsam

Thm du # trc 2 dng

Trch dn#security = user

#passdb backend = tdbsam./ Thm vo cui File smb.confdng ni dung sau

Trch dn[Cpanel]path = /cpanel

writable = yes

browseable = yes

public = yes

./ Thot ra: Phm ESC > Nhn phm sau: :wq > Enter

./ Chnh cho Samba start lc khi ng

Trch dn


6/24

#chkconfig smb on

./ Khi ng Samba

Trch dn

#service smb start

4. Set quyn li

Trch dn#chmod 777 /cpanel -R

Nh tt Firewall

Windows > Start > Run > \\IP_my_Linux

inux command linePosted: Thng Mi Mt 19, 2010 by Anh Tun in Linux1

Rate This

Command Description

apropos whatisShow commands pertinent to string. See threadsafe

man -t man | ps2pdf > man.pdf make a pdf of a manual page

which command Show full path name of command time command See how long a command takes

time cat Start stopwatch. Ctrl-d to stop. See also s

dir navigation

cd - Go to previous directory

cd Go to $HOME directory

(cd dir && command)Go to dir, execute command and return tocurrent dir

pushd .Put current dir on stack so you can popdto it

file searching

alias l=ls -l color=auto quick dir listing

ls -lrtList files by date. See also newest andfind_mm_yyyy

ls /usr/bin | pr -T9 -W$COLUMNS Print in 9 columns to width of terminal


7/24

find -name *.[ch] | xargs grep -E exprSearch expr in this dir and below. See afindrepo

find -type f -print0 | xargs -r0 grep -F exampleSearch all regular files for example in thdir and below

find -maxdepth 1 -type f | xargs grep -F exampleSearch all regular files for example in thdir

find -maxdepth 1 -type d | while read dir; do echo $dir;echo cmd2; done

Process each item with multiple comman(in while loop)

find -type f ! -perm -444Find files not readable by all (useful for wsite)

find -type d ! -perm -111Find dirs not accessible by all (useful for site)

locate -r file[^/]*\.txtSearch cached index for names. This re isglob *file*.txt

look reference Quickly search (sorted) dictionary for pre

grepcolorreference /usr/share/dict/wordsHighlight occurances of regular expressiodictionary

archives and compression

gpg -c file Encrypt file

gpg file.gpg Decrypt file

tar -c dir/ | bzip2 > dir.tar.bz2 Make compressed archive of dir/

bzip2 -dc dir.tar.bz2 | tar -xExtract archive (use gzip instead of bzip2tar.gz files)

tar -c dir/ | gzip | gpg -c | ssh user@remote ddof=dir.tar.gz.gpg

Make encrypted archive of dir/ on remotemachine

find dir/ -name *.txt | tar -c files-from=- | bzip2 >dir_txt.tar.bz2

Make archive of subset of dir/ and below

find dir/ -name *.txt | xargs cp -a target-directory=dir_txt/ parents

Make copy of subset of dir/ and below

( tar -c /dir/to/copy ) | ( cd /where/to/ && tar -x -p )Copy (with permissions) copy/ dir to/where/to/ dir

( cd /dir/to/copy && tar -c . ) | ( cd /where/to/ && tar -x -p )Copy (with permissions) contents of copyto /where/to/

( tar -c /dir/to/copy ) | ssh -C user@remote cd /where/to/&& tar -x -p

Copy (with permissions) copy/ dir toremote:/where/to/ dir

dd bs=1M if=/dev/sda | gzip | ssh user@remote ddof=sda.gz

Backup harddisk to remote machine

rsync (Network efficient file copier: Use the dry-run option for testing)

rsync -P rsync://rsync.server.com/path/to/file file Only get diffs. Do multiple times for


8/24

troublesome downloads

rsync bwlimit=1000 fromfile tofileLocally copy with rate limit. Its like niceI/O

rsync -az -e ssh delete ~/public_html/remote.com:~/public_html

Mirror web site (using compression andencryption)

rsync -auz -e ssh remote:/dir/ . && rsync -auz -e ssh .remote:/dir/

Synchronize current directory with remotone

ssh (Secure SHell)

ssh $USER@$HOST commandRun command on $HOST as $USER (decommand=shell)

ssh -f -Y $USER@$HOSTNAME xeyesRun GUI command on $HOSTNAME as$USER

scp -p -r $USER@$HOST: file dir/Copy with permissions to $USERs homedirectory on $HOST

ssh -g -L 8080:localhost:80 root@$HOST Forward connections to $HOSTNAME:8out to $HOST:80

ssh -R 1434:imap:143 root@$HOSTForward connections from $HOST:1434 imap:143

ssh-copy-id $USER@$HOSTInstall $USERs public key on $HOST fopassword-less log in

wget (multi purpose download tool)

(cd dir/ && wget -nd -pHEKkhttp://www.pixelbeat.org/cmdline.html)

Store local browsable version of a page tocurrent dir

wget -c http://www.example.com/large.file Continue downloading a partially downlofile

wget -r -nd -np -l1 -A *.jpg http://www.example.com/dir/Download a set of files to the currentdirectory

wget ftp://remote/file[1-9].iso/ FTP supports globbing directly

wget -q -O- http://www.pixelbeat.org/timeline.html | grep ahref | head

Process output directly

echo wget url | at 01:00 Download url at 1AM to current dir

wget limit-rate=20k urlDo a low priority download (limit to 20Kin this case)

wget -nv spider force-html -i bookmarks.html Check links in a file

wget mirror http://www.example.com/Efficiently update a local copy of a site(handy from cron)

networking (Note ifconfig, route, mii-tool, nslookup commands are obsolete)

ethtool eth0 Show status of ethernet interface eth0

ethtool change eth0 autoneg off speed 100 duplex full Manually set ethernet interface speed


9/24

iwconfig eth1 Show status of wireless interface eth1

iwconfig eth1 rate 1Mb/s fixed Manually set wireless interface speed

iwlist scan List wireless networks in range

ip link show List network interfaces

ip link set dev eth0 name wan Rename interface eth0 to wan ip link set dev eth0 up Bring interface eth0 up (or down)

ip addr show List addresses for interfaces

ip addr add 1.2.3.4/24 brd + dev eth0 Add (or del) ip and mask (255.255.255.0

ip route show List routing table

ip route add default via 1.2.3.254 Set default gateway to 1.2.3.254

host pixelbeat.orgLookup DNS ip address for name or viceversa

hostname -iLookup local ip address (equivalent to ho`hostname`)

whois pixelbeat.org Lookup whois info for hostname or ip ad

netstat -tupl List internet services on a system

netstat -tup List active connections to/from system

windows networking (Note samba is the package that provides all this windows specific networkingsupport)

smbtree Find windows machines. See also findsm

nmblookup -A 1.2.3.4Find the windows (netbios) name associawith ip address

smbclient -L windows_boxList shares on windows machine or sambserver

mount -t smbfs -o fmask=666,guest //windows_box/share/mnt/share

Mount a windows share

echo message | smbclient -M windows_boxSend popup to windows machine (off bydefault in XP sp2)

text manipulation (Note sed uses stdin and stdout. Newer versions support inplace editing with the -i op

sed s/string1/string2/g Replace string1 with string2

sed s/$.*$1/\12/g Modify anystring1 to anystring2

sed / *#/d; /^ *$/d Remove comments and blank lines

sed :a; /\\$/N; s/\\\n//; ta Concatenate lines with trailing \

sed s/[ \t]*$// Remove trailing spaces from lines

sed s/$[`"$\]$/\\\1/gEscape shell metacharacters active withindouble quotes

seq 10 | sed s/^/ /; s/ *$.\{7,\}$/\1/ Right align numbers


10/24

sed -n 1000{p;q} Print 1000th line

sed -n 10,20p;20q Print lines 10 to 20

sed -n s/.*$.*$.*/\1/ip;T;q Extract title from HTML web page

sed -i 42d ~/.ssh/known_hosts Delete a particular line

sort -t. -k1,1n -k2,2n -k3,3n -k4,4n Sort IPV4 ip addresses echo Test | tr [:lower:] [:upper:] Case conversion

tr -dc [:print:] < /dev/urandom Filter non printable characters

tr -s [:blank:] \t


11/24

cal 9 1752 Display a calendar for a particular month

date -d fri What date is it this friday. See also day

[ $(date -d "tomorrow" +%d) = "01" ] || exitexit a script unless its the last day of themonth

date date=25 Dec +%A What day does xmas fall on, this year date date=@2147483647

Convert seconds since the epoch (1970-0UTC) to date

TZ=America/Los_Angeles dateWhat time is it on west coast of US (usetzselect to find TZ)

date date=TZ=America/Los_Angeles 09:00 next FriWhats the local time for 9AM next Fridawest coast US

locales

printf %d\n 1234Print number with thousands groupingappropriate to locale

BLOCK_SIZE=\1 ls -l Use locale thousands grouping in ls. See

echo I live in `locale territory` Extract info from locale database

LANG=en_IE.utf8 locale int_prefixLookup locale info for specific country. Salso ccodes

locale | cut -d= -f1 | xargs locale -kc | less List fields available in locale database

recode (Obsoletes iconv, dos2unix, unix2dos)

recode -l | lessShow available conversions (aliases on eline)

recode windows-1252.. file_to_change.txt Windows ansi to local charset (auto doCRLF conversion)

recode utf-8/CRLF.. file_to_change.txt Windows utf8 to local charset

recode iso-8859-15..utf8 file_to_change.txt Latin9 (western europe) to utf8

recode ../b64 < file.txt > file.b64 Base64 encode

recode /qp.. < file.qp > file.txt Quoted printable decode

recode ..HTML < file.txt > file.html Text to HTML

recode -lf windows-1252 | grep euro Lookup table of characters

echo -n 080 | recode latin-9/x1..dumpShow what a code represents in latin-9

charmap echo -n 0x20AC | recode ucs-2/x2..latin-9/x Show latin-9 encoding

echo -n 0x20AC | recode ucs-2/x2..utf-8/x Show utf-8 encoding

CDs

gzip < /dev/cdrom > cdrom.iso.gz Save copy of data cdrom

mkisofs -V LABEL -r dir | gzip > cdrom.iso.gz Create cdrom image from contents of dir


12/24

mount -o loop cdrom.iso /mnt/dirMount the cdrom image at /mnt/dir (readonly)

cdrecord -v dev=/dev/cdrom blank=fast Clear a CDRW

gzip -dc cdrom.iso.gz | cdrecord -v dev=/dev/cdrom -Burn cdrom image (use dev=ATAPI -scato confirm dev)

cdparanoia -BRip audio tracks from CD to wav files incurrent dir

cdrecord -v dev=/dev/cdrom -audio -pad *.wavMake audio CD from all wavs in current (see also cdrdao)

oggenc tracknum=track track.cdda.wav -o track.ogg Make ogg file from wav file

disk space (See also FSlint)

ls -lSr Show files by size, biggest last

du -s * | sort -k1,1rn | headShow top disk users in current dir. See aldutop

du -hs /home/* | sort -k1,1h Sort paths by easy to interpret disk usage

df -h Show free space on mounted filesystems

df -i Show free inodes on mounted filesystems

fdisk -lShow disks partitions sizes and types (runroot)

rpm -q -a qf %10{SIZE}\t%{NAME}\n | sort -k1,1nList allpackages by installed size (Bytes)rpm distros

dpkg-query -W -f=${Installed-Size;10}\t${Package}\n |sort -k1,1n

List allpackages by installed size (KBytedeb distros

dd bs=1 seek=2TB if=/dev/null of=ext3.testCreate a large test file (taking no space). also truncate

> file truncate data of file or create an empty fi

monitoring/debugging

tail -f /var/log/messages Monitor messages in a log file

strace -c ls >/dev/nullSummarise/profile system calls made bycommand

strace -f -e open ls >/dev/null List system calls made by command

ltrace -f -e getenv ls >/dev/null List library calls made by command

lsof -p $$ List paths that process id has open

lsof ~ List processes that have specified path op

tcpdump not port 22Show network traffic except ssh. See alsotcpdump_not_me

ps -e -o pid,args forest List processes in a hierarchy

ps -e -o pcpu,cpu,nice,state,cputime,args sort pcpu | sed /^ List processes by % cpu usage


13/24

0.0 /d

ps -e -orss=,args= | sort -b -k1,1n | pr -TW$COLUMNSList processes by mem (KB) usage. See aps_mem.py

ps -C firefox-bin -L -o pid,tid,pcpu,state List all threads for a particular process

ps -p 1,2 List info for particular process IDs last reboot Show system reboot history

free -mShow amount of (remaining) RAM (-mdisplays in MB)

watch -n.1 cat /proc/interrupts Watch changeable data continuously

udevadm monitor Monitor udev events to help configure ru

system information (see also sysinfo) (# means root access is required)

uname -a Show kernel version and system architect

head -n1 /etc/issue Show name and version of distribution

cat /proc/partitions Show all partitions registered on the syste grep MemTotal /proc/meminfo Show RAM total seen by the system

grep model name /proc/cpuinfo Show CPU(s) info

lspci -tv Show PCI info

lsusb -tv Show USB info

mount | column -tList mounted filesystems on the system (align output)

grep -F capacity: /proc/acpi/battery/BAT0/info Show state of cells in laptop battery

# dmidecode -q | less Display SMBIOS/DMI information# smartctl -A /dev/sda | grep Power_On_Hours

How long has this disk (system) beenpowered on in total

# hdparm -i /dev/sda Show info about disk sda

# hdparm -tT /dev/sda Do a read speed test on disk sda

# badblocks -s /dev/sda Test for unreadable blocks on disk sda

interactive (see also linux keyboard shortcuts)

readline Line editor used by bash, python, bc, gnu

screen Virtual terminals with detach capability, mc

Powerful file manager that can browse rptar, ftp, ssh,

gnuplot Interactive/scriptable graphing

links Web browser

xdg-open .open a file or url with the registered deskapplication


14/24

Cch s dng Telnet v ng dng

1- Gii thiu:Telnet l mt chng trnh cho php bn kt ni v ng nhp vo mt my tnh xa (trongLAN, internet). Khi kt ni thnh cng, my tnh ca bn s thc hin chc nng nh trm trunggian gi yu cu n my tnh xa.

Bn c th dng my tnh ca mnh truy cp thng tin, thc thi cc chng trnh v s dngmt s ti nguyn khc trn my tnh xa.

2- S dng telnet:Bt u t command prompt, g vo telnet, nu bn dng 9x, n s a bn vo trnh windowstelnet. Bn cng c th chy menu Start/Run. ch nh lnh, bn c th dng cc lnh sau:OPEN : m mt kt nI n my tnh xa, gi l 1telnet sessionCLOSE : ng kt ni v tr v du nhc I lnhQUIT: ng kt ni v thot telnet

: nhn phm enter s a bn thot khI ch du nhc lnh v tr li telnet sessionSET ECHO: bt/tt ch hin cc lnh nh vo trong windows telnet. Lu trong 2k s lSET LOCAL_ECHO

kt ni, ta dng lnh OPEN hoc cng c th trc tip bng lnhtelnet vd:telnet anyhost.com 12345Trying 123.123.112.12 port 12345Connected to anyhost.comEscape character is.

Sau khi kt ni xong, bn trong mt telnet session. C th dng k t escape trn trv du nhc lnh.

3- ng dng telnet truy cp POP email:a- c mail:Cc internet mail server cho php truy cp thng qua giao thc POP (Post Office Protocol), cng110. Nu POP server bn ang dng l anyhost.com, th ta s dng lnh sau: telnet anyhost.com110Mt s cc lnh c th bn cn dng khi truy cp POP emailUSER : m hp th ca usernamePASS : mt khu cho hp th

LIST : lit k cc emails trong hp thRETR : xem th c th t l number, c lit k trong lnh LISTTOP : xem th nh RETR, nhng dng li khi hin c sdng nht nhDELE : xa th c th t numberQUIT : ng telnet session

V d, ta s truy cp vo yahoo xem mail, ta thc hin lnh:telnet pop.mail.yahoo.com 110 v ch mt cht...


15/24

Nu thnh cng, bn s nhn c dng thng tin sau:+OK hello from popgate

K t y, nu trc khi m 1 telnet session, bn c dng SET ECHO, th nhng g bn nhvo s hin ln, khng th bn phi nhp cc lnh tht chnh xcNhp tn user

USER w_hat95+OK password required

Nhp mt khuPASS anhyeuemnhieulam+OK maildrop ready, 2 messages (2983 octets) (34232 2324232)

y, mail box ca ti c 2 tin, k n l tng kch thc ca cc email, cc s cn li bnkhng cn quan tmBn dng lnh list lit k cc email, bao gm stt v size:list

1 17282 1205.

xem mt mail c stt no , bn dng lnh retr retr 1Ch mt cht, bn s nhn c nhng thng tin y v mail , bao gm ton b header vni dung

vd:+OK 1783 octetsX-Apparently-To: [email protected] via web20306.mail.yahoo.com; 04 Jan 2002 23:48:08 -0800 (PST)

X-RocketRCL: 1037;1;2465408753Received: from web11904.mail.yahoo.com (216.136.172.18)by mta621.mail.yahoo.com with SMTP; 04 Jan 2002 23:48:08 -0800 (PST)Message-ID: Received: from [61.214.156.105] by web11904.mail.yahoo.com via HTTP; Fri, 04 Jan2002 23:48:08 PSTDate: Fri, 4 Jan 2002 23:48:08 -0800 (PST)From: Joel Subject: Re: hi?To: F M In-Reply-To:

MIME-Version: 1.0Content-Type: multipart/alternative; boundary="0-888944639-1010216888=:34368"......vvv.

V nhng thng tin trong email header,bn t tm hiu ly! )Nu nhng thng tin lit k trn qu nhiu, bn khng kp xem, hy dng lnh top lit k theo s lng dng nht nh


16/24

vd: top 1 10 -> s lit k 10 dng u (k c header) ca email s 1, sau khi hin xong 10 dngcho bn xem, ch vi giy, n s tip tc hin cc dng k tip cho n khi ton b email cxem!?

xa 1 email, bn dng lnh dele vd: dele 2 -> s xa email th 2 trong danh sch

Sau khi check xong emails, bn ng telnet session bng lnh QUIT, bn s c a v dunhc lnhBt li ca vic check email POP dng telnet l bn khng c c giao din d nhn nh cctrnh check POP mail khc. Bn cng khng th tr li t cc mail c c.

b- Gi mail:Tng t nh trn, cc internet mail server s cung cp mt giao thc l SMTP (Simple MailTransfer Protocol) cho php bn send email thng qua server , cng 25.

Mt s lnh bn cn dng:HELO : gii thiu host, thng tin ny khng cn thit

MAIL FROM: RCPT TO: DATA : sau khi enter, bn nhp ni dung email. Sau khi nhp xong, munkt thc, bn phi xung hng v nhp du chm '.'RSET xa cc thng tin ln gi mi nht, dng khi bn mun gi n mt ngi khcQUIT : thotHELP xem tr gip v cc lnh, lnh ny ty thuc vo mail server bn ang connect

V d, i vi yahoo:Bn thc hin lnh telnet smtp.mail.yahoo.com 25Ch mt lc, nu kt ni thnh cng, bn s nhn c thng tin sau:220 smtp011.mail.yahoo.com ESMTP

Kt ni:helo smtp.mail.yahoo.com250 smtp011.mail.yahoo.com

Nhp thng tin ngi gi:mail from: [email protected] okNhp thng tin ngi nhn:rcpt to:[email protected] Joel250 okNhp ni dung:

data blsdfsdfsd354 go ahead

Subject: hi Joel, how r u these days?Hi Joel,R u busy this late evening?If ur free, get to Mo^.ng Mo* bar. I need to talk to you.See ya,


17/24

W_Hat.250 ok 1010373599 qp 48077

ng telnet sessionQuit

Bn c th thao kho mt v d v send mail thng qua SMTP ti:http://www.kbcafe.com/articles/smtp.html

2-Th ba, ngy 12 thng mt nm 20103- Hng Dn Ci t Firewall-Proxy

Chng ta xy dng m hnh Firewall kt hp Proxy qun l mi hnh ng trong hthng, trnh c nhng ri ro khng mong mun.M hnh tham kho nh sau:

thc hin, chng ta cn ci t cc chng trnh sau: ShoreWall: lm firewall, qun l traffic, chn ng dng da vo port, Squid: lm proxy, cache web, qun l hnh vi user, Sarg: monitor proxy.

Do ti nguyn hn hp, nn ta thc hin n trn cng 1 my, RAM chng 2GB l c.Bi vit ny dng Cent OS 5.4 (p dng lun cho cc distro ca cent, nh RedHat).Cc gi h tr cho ci t:

#yum install -y gcc gcc-c++ ;compilerCi t gi rpmforge-release t http://dag.wieers.com/rpm/packages/rpmforge-release/#wget http://dag.wieers.com/rpm/packages/rpmforge-release/rpmforge-release-0.3.6-1.el5.rf.i386.rpm#rpm ivh /rpmforge-release-0.3.6-1.el5.rf.i386.rpmGi ny n t ng i tm nhng th cn thit cho ta khi cn.

I. ShoreWall:1. Gii thiu:

Shorewall l chng trnh qun l iptables, gip ta iu khin c hnh vi traffic mcL3.2. Ci t:Download cc gi cn thit, n nh ti thi im tihttp://www.shorewall.net/pub/shorewall/#mkdir /source#cd source#wget http://www.shorewall.net/pub/shorewall/4.2/shorewall-4.2.2/shorewall-shell-


18/24

4.2.2.tar.bz2#wget http://www.shorewall.net/pub/shorewall/4.2/shorewall-4.2.2/shorewall-perl-4.2.2.2.tar.bz2#wget http://www.shorewall.net/pub/shorewall/4.2/shorewall-4.2.2/shorewall-common-4.2.2.1.tar.bz2

#tar -jxvf shorewall-shell-4.2.2.tar.bz2#tar -jxvf shorewall-perl-4.2.2.2.tar.bz2#tar -jxvf shorewall-common-4.2.2.1.tar.bz2

Vo cc directory va gii nn, ci t:#./install.shVo ni cha cc file cu hnh cho shorewall#cd /etc/shorewall

To cc zones trong /etc/shorewall/zones#ZONE TYPE OPTIONS IN OUT

# OPTIONS OPTIONSfw firewallloc ipv4net ipv4dmz ipv4

Khai bo cc interfaces tng ng vi cc zonez trong file /etc/shorewall/interfaces#ZONE INTERFACE BROADCAST OPTIONSnet eth0loc eth1dmz eth2

Khai bo trong cc policy trong /etc/shorewall/policy#SOURCE DEST POLICY LOG LIMIT: CONNLIMIT:# LEVEL BURST MASKloc net REJECT infoloc dmz REJECT infoloc fw REJECT infonet all ACCEPT infodmz all ACCEPT info$FW all ACCEPT

Dng SNAT cc my trong LAN, DMZ i internet bng IP public, trong file/etc/shorewall/masq#INTERFACE SOURCE ADDRESS PROTO PORT(S) IPSEC MARKeth0 eth1eth0 eth2

Dng DNAT cc my ngoi internet truy cp vo my ta publish, trong file/etc/shorewall/rules


19/24

#ACTION SOURCE DEST PROTO DEST SOURCE ORIGINAL RATE USER/ MARKCONNLIMIT TIME

ACCEPT loc fw icmp echo-requestACCEPT loc dmz icmp echo-request

ACCEPT loc net tcp 80,443ACCEPT loc net udp 53DNAT net dmz:172.27.1.104 tcp 80 - ; gi s ta ang publish web server 172.27.1.104

REDIRECT loc 3128 tcp www - !172.27.1.105 ;172.27.1.105 l my Proxy server, dngny user truy cp internet u b t ng qua cho proxy x l.

Chnh li STARTUP_ENABLED=Yes trong file /etc/shorewall/shorewall.conf# vi /etc/shorewall/shorewall.confSTARTUP_ENABLED=Yes

Start dch v shorewall:#shorewall start#shorewall restart#shorewall clear //Xa cc rule trong cache

Vy l xong phn shorewall.

II. Squid:1. Gii thiu:Hin c rt nhiu chng trnh lm proxy, nhng ta chn squid bi nhng tnh nng uvit ca n (tnh ti thi im hin ti): Qun l cache theo kiu chia nh, gip truy cp nhanh hn (trong khi ISA th gom 1cc, v 15GB th die) H tr ICP , t ng cp nht thng tin ca nhng URL c sn trong cache, m boni dung mi lin tc ( mt s chng trnh proxy khng h tr ci ny phi set thi gianupdate, ch khng ch c c thng tin c). Khc phc c tnh trng ch h tr HTTP, HTTPs, FTP nh cc proxy khc. .C th lm c mi th theo mnh trn squid.

2. Ci t:#yum -y install squidCu hnh cc thng s c bn:(ta ch cn thay i mt s ty chn l squid c th hotng c, mc nh squid cm tt c cc browser truy cp)Ta nn copy file squid.conf.default thnh file squid.conf.#cp /etc/squid/squid.conf.default /etc/squid.conf#vi /etc/squid/squid.conf#squid lang nghe cac proxy client tren port 3128, c th i li port ty thch


20/24

#thong so transparent de no co the lam viec voi firewall redirecthttp_port 3128 transparent //line 919

#port su dung ICPicp_port 3130 //line 1449

#cahe_mem = RAM/3, o day la RAM he thong = 256cache_mem 60 MB //line 1576cache_swap_low 90 //line 1838cache_swap_high 95

#cache_dir: cu hnh th mc lu d liu c cache#default: cache_dir ufs /var/spool/squid 100 16 256#squid se luu cache tai /var/spool/squid voi kich thuoc cache=5000MB#level-1 subdirectory =16 la so thu muc con tao trong squid#level-2 subdirectory=256

cache_dir ufs /var/spool/squid 5000 16 256 //line 1782#cache_access_log: lu tr activity request ca client yu cu n proxy server truycp webcache_access_log /var/log/squid/access.log //line 1961

#cache_log: lu tr thng tin chung v cachecache_log /var/log/squid/cache.log //line 1962

#cache_store_log: lu tr cc thng tin v i tng c cache trn proxy, thi gian lutr...cache_store_log /var/log/squid/store.log //line 1971

#cache_effective_user, cache_effective_group: ngi dng v nhm c th thay i squidcache_effective_user squidcache_effective_group squid

cache_replacement_policy heap LFUDA // thut ton cache amemory_replacement_policy heap GDSF //thut ton cache RAMmaximum_object_size_in_memory 32 KB // file ln nht c th RAM cachemaximum_object_size 1000 MB // file ln nht c th cache

#Access Control List v Access Control Operators: dng ngn chn vic truy xut davo tn #min, a ch IP. Mc nh, squid t chi tt c, v vy phi cu hnh li

acl mynetwork src "/etc/squid/allowip.txt" //line 591http_access allow mynetworkhttp_access deny all

visible_hostname squid


21/24

Khi ng squid:#/etc/init.d/squid startNu c bo li do khng c quyn ghi trong /var/spool/squid, ta phi gn cho user/groupsquid c quyn 770.

#chmod 770 /var/spool/squidCho n auto start:#chkconfig squid on

3. Ty bin nng cao trong squid:a. Cm truy cp website da trn domain nh:Thm vo trong file cu hnh mt s phn nh sau:#vi /etc/squid/squid.conf//deny website in ban_listacl denywebsite dstdom_regex "/etc/squid/ban_list"

http_access deny denywebsiteTo file ban_list#vi /etc/squid/ban_listyahoo.comvnexpress.netnhacso.net

b. Hn ch ni dung cc file download:#vi /etc/squid/squid.confacl home_network src 192.168.1.0/24acl denyfiletypes url_regex -i .mp3$ .mpg$ .mpeg$ .mp2$ .avi$ .wmv$ .wma$ .exe$http_access deny denyfiletypeshttp_access allow home_network

Nu mun ch cho 1 net no c download th thm vo !net_muon_choacl it-server src "/etc/squid/it-server.txt"http_access deny denyfiletypes !it-serversau son file it-server.txt gm net mnh mun cho download cc file trn

c. Cu hnh squid proxy iu khin bng thng:Thm vo file cu hnh mt s phn nh sau:#Add control bandwidthacl ip src "/etc/squid/ip.txt"acl all src 0.0.0.0/0.0.0.0#Add control bandwidthdelay_pools 1delay_class 1 2delay_access 1 allow ipdelay_access 1 deny all


22/24

delay_parameters 1 -1/-1 15000/15000

Vi delay_parameters 1 -1/-1 15000/15000 ta s gii hn bng thng cho cc clientkhng th vt qu 15000 tng ng 15Kbps.Sau to file /etc/squid/ip.txt nh sau:

#vi /etc/squid/ip.txt192.168.1.33/24192.168.1.34/24

d. Cu hnh ni dung hin ra khi client b cm truy cp site no :Chnh sa file /usr/share/squid/errors/English/ERR_ACCESS_DENIED#vi /usr/share/squid/errors/English/ERR_ACCESS_DENIEDgi th ty bin ni dung hin ra khi user truy cp mt trang web no m ta cm.

e. Hn ch dung lng download:Gi s ta hn ch khng cho download trn 10MB, ngoi tr IT

Nu mun ch cho 1 net no c download th thm vo !net_muon_cho#vi /etc/squid/squid.confacl network src "/etc/squid/network.txt"acl it-server src "/etc/squid/it-server.txt"reply_body_max_size 10000000 allow network !it-server

Xem thng tin squid:#squidclient mgr:info //xem tnh trng cache#uptime //xem ti#top //xem tng hp tnh trng h thng

III. Cu hnh Sarg monitor squid log:D nhin ta cn phi monitor squid log bit c user truy cp site no nhiu,download ci g, 1. Ci t:#yum -y install gd gd-devel#yum -y install sarg

Nn 2 thng s sau trong file cu hnh ca sarg#vi /etc/sarg/sarg.confaccess_log /var/log/squid/access.log ( file log ca squid )output_dir /var/www/sarg/ONE-SHOT ( th mc cha report )

Cho php IP no c xem report ca sarg:#vi /etc/httpd/conf.d/sarg.confAllow from 192.168.0.1,127.0.0.1 //allow IP to see report

Cc file script ly thng tin theo ngy, theo tun, theo thng:#vi /etc/cron.daily/sarg#!/bin/bash


23/24

# Get yesterday's dateYESTERDAY=$(date --date "1 days ago" +%d/%m/%Y)

exec /usr/bin/sarg \

-o /var/www/sarg/daily \-d $YESTERDAY &>/dev/nullexit 0

#vi /etc/cron.weekly/sarg#!/bin/bash

# Get one week ago dateWEEKAGO=$(date --date "7 days ago" +%d/%m/%Y)

exec /usr/bin/sarg \

$LOG_FILES \-o /var/www/sarg/weekly \-d $WEEKAGO-$YESTERDAY &>/dev/nullexit 0

#vi /etc/cron.monthly/sarg#!/bin/bash

# Get 1 month ago dateMONTHAGO=$(date --date "1 month ago" +%d/%m/%Y)

exec /usr/bin/sarg \$LOG_FILES \-o /var/www/sarg/monthly \-d $MONTHAGO-$YESTERDAY &>/dev/nullexit 0

To ch s index:#sarg -ixChy ln u:#/usr/bin/sarg#/etc/cron.daily/sarg#/etc/cron.weekly/sarg#/etc/cron.monthly/sarg

2. Cu hnh Crontab:Trong file /etc/crontab thm vo nhng dng sau#vi /etc/crontab1 0 * * * root /etc/cron.daily/sarg1 1 * * 0 root /etc/cron.weekly/sarg


24/24

1 2 1 * * root /etc/cron.monthly/sarg

Note : /etc/init.d/httpd startKim tra: http://IP_server_proxy/sarg

3. Setup Real Time cho Squid:SqStat l mt on script cho php xem cc kt ni ca user ang active qua squid. Ndng cachemgr protocol ly thng tin t squid proxy server.Ta download SqStat t http://samm.kiev.ua/sqstat/ gi sqstat-1.20.tar.gz.Yu cu h thng phi ci squid v php 4.1 tr ln.

Ci t SqStat: gii nn gi download v vo trong th mc /var/www/html/ , i tn thmc sqstat-1.20 thnh realtime, vo th mc realtime i tn file config.inc.php.defaultsli thnh config.inc.php , sa li file config.inc.php vi thng s nh sau :

/* Squid proxy server ip address or host name */

$squidhost[0]="localhost"; //line 13/* Squid proxy server port */$squidport[0]=3128; //y l port lng nghe ca squid, nu squid thay i phi i y

i tn tp tin sqstat.php thnh index.php.Restart httpd.

Vo trnh duyt g http://IP_squid/realtime.

Trn trnh duyt chnh s c nhng thng s nh sau:

Auto refresh : chnh thng s s refresh li sau thi gian c th no ( n v tnh l s ) ,mc nh l 0 sUpdate : ly thng s kt ni ti thi im hin tiStop : dng li

Tham kho ti:http://www.shorewall.net/shorewall_setup_guide.htm#Conceptshttp://www.squid-cache.org/Doc/config/

If you found these helpful, please contribute to help.

commend line and some service

Documents