View
225
Download
4
Category
Preview:
Citation preview
8/8/2019 Do an Tot Nghiep Linux
1/104
8/8/2019 Do an Tot Nghiep Linux
2/104
n tt nghip
2
3.3.2 cu hnh Sharing Setting......................................................................423.4 Chia s file......................................................................................................433.5 Kim tra cu hnh va thit lp ......................................................................44
3.5.1 Kim tra bng cng c Testparm ........................................................44
3.5.2 Kim tra bng cng c smbstatus .......................................................453.6 Chy samba server..........................................................................................46
3.6.1 S dng cu lnh smbclient.................................................................473.6.2 Truy cp t my Windows ..................................................................49
Chng IV: Squid proxy server ........................................................................504.1. Tm quan trng v phng thc hot ng ca Squid cache........................504.2. Ci t............................................................................................................524.3. Tp tin cu hnh /etc/squid/squid.conf ..........................................................524.4. Cu hnh cc ty chn c bn .......................................................................534.5. Access control list .........................................................................................544.6. Khi ng squid ............................................................................................56
Chng V: Cu hnh WEB SERVER...............................................................585.1 Ci t apache, php, mysql.............................................................................58
5.1.1 Download v ci t Apache...............................................................585.1.2 Download v ci t php .....................................................................595.1.3 Download v ci t Mysql.................................................................60
5.2 Cu hnh Apache c bn.................................................................................635.3 Cu hnh bo mt apache................................................................................67
5.3.1 Gii hn a ch ip. ..............................................................................675.3.2 Gii hn truy cp theo ti khon s dng............................................69
Chng VI: Bo mt vi Firewall, ip tables...................................................786.1 FireWall..........................................................................................................78
6.1.1 nh ngha...........................................................................................786.1.2 Chc nng............................................................................................786.1.3 Cu trc ca FireWall ........................................................................786.1.4 Cc thnh phn ca FireWall ..............................................................79
6.1.4.1 B lc packet (Packet filtering router) .........................................796.1.4.2 Cng ng dng (application-level getway) .................................806.1.4.3 Cng mch (circuit-Level Gateway) ...........................................81
6.1.5 Nhng hn ch ca firewall.................................................................82
6.2 IpTables ..........................................................................................................826.2.1 Tng quan v iptables..........................................................................826.2.2 Bng filter...........................................................................................836.2.3 Bngnat ...........................................................................................846.2.4 Bng mangle........................................................................................85
8/8/2019 Do an Tot Nghiep Linux
3/104
n tt nghip
3
6.2.5 Cu hnh iptables .................................................................................876.2.5.1 C php c bn ca iptables........................................................876.2.5.2 Cc lnh ca iptables....................................................................886.2.5.3 Cc iu kin trong lut ...............................................................90
6.2.5.3.1 Nhm cc iu kin chung....................................................906.2.5.3.2 Nhm cc iu kin n..........................................................926.2.5.3.3 Nhm cc iu hin hin.......................................................93
6.2.5.4 Cc hnh ng trong lut .................................................................956.2.5.4.1 user-defined-chain................................................................956.2.5.4.2 DROP ....................................................................................966.2.5.4.3 REJECT.................................................................................966.2.5.4.4 RETURN...............................................................................966.2.5.4.5 SNAT.....................................................................................966.2.5.4.6 MASQUERADE ...................................................................976.2.5.4.7 DNAT....................................................................................98
6.2.5.5 Cc v d.......................................................................................99Ti liu tham kho..........................................................................................103
8/8/2019 Do an Tot Nghiep Linux
4/104
n tt nghip
4
Chng I: Gii thiu v Linux
1.1S lc v Linux.1.1.1 Gii thiu v h iu hnh Unix.
Nm 1964, Bell Labs, MIT & General Electric pht trin mt h iu hnh
gi l MULTICS(Multiplexed Information and Computing System). Sau nm
1969, Ken Thompson (mt lp trnh h thng ca Bell labs) ngh rng ng ta c
th lm mt h iu hnh tt hn. V vy, ng ta vit mt h iu hnh trn h
thng my tnh PDP-7, v h iu hnh ny c gi l Unix. Mc tiu khi u
l cung cp mt mi trng my tnh ho m phng tr chi khng gian.
Nhng c mt vn xy ra l phin bn Unix ny khng th chy c trn h
thng phn cng khc. Do n nm 1973 Ritchie v Thompson vit li h
iu hnh bng ngn ng C, khc hn vi cc h iu hnh truyn thng ghi
bng ngn ng my, do Unix rt d ci t trn cc h my khc. Nm 1974
h iu hnh Unix c ci t trn cc my DEC PDP-11 hn 100 trng
i hc. Mc tiu ch yu l cung cp mi trng cho cc lp trnh vin chuynnghip. V th, Unix ngy cng thng dng v ngy cng c thm nhiu c tnh
mi c b xung. Sau chnh ph v qun i M s dng Unix ni
mng ton cu (Internet).
n nay c hng trm ngn h thng Unix ci t trn khp th gii. Hu
ht cc hng sn xut my u c mt phin bn cho Unix. Tuy nhin hin nay
chun ho h iu hnh Unix, ngi ta quy c cc tp lnh chun v gi l
Unix System V Release 4. Trn my PC hin nay ph bin hai h iu hnh l
SCO Unix v SUN Solaris.
Cc c im c bn ca h iu hnh Unix
8/8/2019 Do an Tot Nghiep Linux
5/104
n tt nghip
5
- a nhim (Multitasking).
- Nhiu ngi s dng (Multiuser).
- Bo mt(security).- c lp phn cng (multi platform).
- Kt ni m.
- Dng chung thit b.
- T chc tp tin phn cp.
u im ca h iu hnh Unix:
- H thng c vit trn ngn ng C nn d c, d hiu, d thay
i ci t trn loi my mi.- C giao din ngi dng n gin, cho php xy dng cc chng
trnh phc tp t cc chng trnh n gin hn.
- y l h a ngi dng a tin trnh , mi ngi dng c th
thc hin nhiu chng trnh mi chng trnh c th c nhiu tin
trnh.
- Che i cu trc my i vi ngi dng, c th vit chng trnh
chy trn cc iu kin phn cng khc nhau.
- S dng h thng file c cu trc.
1.1.2 Gii thiu v h iu hnh Linux.
Linux l mt trong nhng h iu hnh ph thng nht
bi s phn phi v c s h tr m rng ca n. Ban u,
Linux c pht trin di dng mt h thng a nhim cho
my tnh mini v my ch vo gia thp nin 70. K t nnay Linux ln mnh v tr thnh mt trong nhng h iu
hnh c s dng rng ri nht.
8/8/2019 Do an Tot Nghiep Linux
6/104
n tt nghip
6
Linux l phin bn ca Unix c phn phi min ph v ban u do Linus
Torvalds thc hin v pht trin. ng bt u nghin cu Linux vo nm 1991
khi cn l sinh vin trng i hc Helsinki Phn Lan. Linux c xy dng v
pht trin t h iu hnh Minix (mt phin bn ca Unix). Lc u, Linus tung
ra phin bn Linux u tin trn Internet cho mi ngi s dng min ph, iu
v tnh dy ln mt hin tng pht trin phn mm ln. Linux c xc lp
v duy tr bi mt nhm hp tc gm vi ngn nh pht trin phn mm tnh
nguyn cng lm vic qua Internet. Cc cng ty cung cp h tr Linux pht
trin n thnh loi sn phm d ci t vi mc ch kinh doanh cc trm lm
vic c ci sn phn mm Linux.Vo ngy 5 thng 10 nm 1991, Linus cng b phin bn Linux chnh
thc u tin, phin bn 0.02. Bt ngun t h iu hnh Minix ca Andrew
Tanenbaum, Linux ban u ch l mt d n m trong Linux mun xy dng
mt h unix n gin c th chy trn PC 386. Phin bn ny c xc nh nh
mt h thng ca cc hacker. Vn chnh l pht trin kernel ch khng phi
khng phi nhm mc ch h tr ngi dng hay phn phi. Nhng n nay
s hon thin thc s trong th gii Linux gii quyt c vn mi trng
ngi s dng ho, gi sn phm d dng ci t v cc ng dng cao cp
nh: tin ch ho v cc b phin bn sn phm.
T khi phin bn Linux u tin ra i cho n nay th c rt nhiu
phin bn Linux mi ra i cng vi nhiu tnh nng mi c thm vo nhm
phc v, h tr nhng tin ch ngy cng cao ca ngi dng.
V Linux c pht trin t h iu hnh Minix(mt phin bn ca Unix)nn Linux cng c nhng c tnh v u im ca h iu hnh Unix:
- Linux cng c vit bng C.
- Linux cng l a ngi dng, a nhim, l h iu hnh mng.
8/8/2019 Do an Tot Nghiep Linux
7/104
n tt nghip
7
- Linux cung cp mi trng y cho lp trnh v pht trin.
- Linux chy trn nhiu h thng phn cng khc nhau:
B x l 86(Celeron/PII/PIII/PIV/Pentium/80386/80486).
My Macintosh.
B x l Cyrix.
B x l AMD.
B x l Sun Microsystems Sparc processor.
B x l Alpha(Compaq).
1.2 Tnh nng ca Linux.
Linux l mt h iu hnh a ngi s dng: Ngha l nhiu ngi c th sdng my tnh c ci Linux ti mt thi im.
Linux l mt h iu hnh a nhim: Ti mt thi im mt ngi s dng
c th thc hin ng thi nhiu tc v. Vi h iu hnh n chng nh MS-
DOS mt lnh thc hin s chim ton b thi gian CPU x l, bn ch c th
thc hin lnh k tip khi lnh trc thc hin xong. Cn trong Linux, bn
c th thc hin cng lc nhiu lnh.
Linux gn nh tng thch vi nhiu chun Unix cp ngun bao gm tnh
nng BSD, IEEE POSIX.1 v System V. Linux c pht trin v rt ch trng
ti tnh kh chuyn ngun. Do bn c th dng chung nhng tnh nng trong
h Linux qua thi hnh Unix.
Linux cn h tr cho bn phm ty bin hoc theo chun quc gia s dng
trnh iu khin bn phm kh ti ng. Linux cn h tr cc console o, cho
php bn chuyn i gia nhiu phin bn ng nhp t console h thng trongch vn bn.
Linux c th tn ti trn h thng c h iu hnh khc nh windows 95,
Windows 98, Windows NT, Windows XP, OS/2 hoc nhng phin bn khc ca
8/8/2019 Do an Tot Nghiep Linux
8/104
n tt nghip
8
Unix. B np khi ng Linux cho php bn la chn h iu hnh bt u
vo thi Im khi ng v Linux cng tng thch vi cc b np khi ng
khc.
Linux c th chy trn nhiu kin trc CPU bao gm:
X86(Celeron/PII/PIII/PIV/Pentium/80386/80486), SPARC, Alpha, PowerPc,
MIPS v m68k.
Linux h tr nhiu kiu file khc nhau lu d liu.
H tr mng l mt trong nhng sc mnh ln nht ca Linux c v chc
nng ln tnh nng. Linux cung cp ci t hon ho v mng TCP/IP, bao gm
cc trnh iu khin thit b cho nhiu card Ethernet thng dng, PPP v SLIP,Parallel Line Internet Protocol (PLIP) v Network Fle System (NFS). C rt
nhiu ng dng khch v dch v TCP/IP c h tr nh FTP, Telnet, Simple
Mail Transfer Protocol (SMTP). Linux kernel cn h tr tng la mng hon
ho, cho php bn cu hnh bt c my Linux no di dng tng la.
1.3 Vn bn quyn.
Linux c cp giy php cng cng GNU General Public Licence hay
GPL.GPL i khi c gi l giy php khng bn quyn. Giy php ny a
ra cc iu khon rng buc vic phn phi v sa i phn mm min ph(free
software).
Ban u, Linus Torvalds tung ra Linux vi giy php hn ch hn GPL. Giy
php ny cho php t do phn phi v sa i phn mm nhng khng cho php
thay i gi thnh i vi vic s dng v phn phi sn phm . GPL cho php
bn v thu li t phn mm min ph nhng khng cho php hn ch quyn phnphi phn mm ca ngi khc di bt k hnh thc no.
Mi t chc bn phn mm min ph phi tun theo nhng gii hn nht nh
a ra trong GPL:
8/8/2019 Do an Tot Nghiep Linux
9/104
n tt nghip
9
- Th nht, h khng th hn ch quyn ca ngi s dng tc l
ngi mua phn mm. Ngha l khi bn mua CD_ROM vi phn
mm GPL , bn c th sao chp v phn phi min ph CD_ROM
hoc cng c th bn li.
- Th hai, nh phn phi phi ni r cho ngi s dng bit rng
phn mm ny thc s hot ng trong phm vi giy php GPL.
- Th ba, nh phn phi phi cung cp min ph m ngun y
cho phn mm phn phi. iu ny gip cho bt k ai mua phn
mm GPL u c th sa i phn mm .
Linux l mt phn mm thuc GPL nn n cng tun theo nhng quy tc caGPL. V vy Linux c coi nh l phn mm c m ngun m (Open source).
Ngha l m ngun ca Linux phi l m vi tt c mi ngi mun s dng n,
v c th sa i v pht trin mt cch t do. V nu thc hin thay i ti
chng trnh th nhng thay i ny cng phi m i vi mi ngi dng.
1.4 So snh Linux v cc h iu hnh khc.
Vn u tin c th ni l chng ta c th chy Linux vi mt s h iu
hnh khc nh Windows 95, Windows 98, Windows NT, OS/2...m khng gp
trc trc g.
1.4.1 So snh Linux vi Windows 95, Windows 98.
Khng c g l khi chy c Linux ln Windows 95/98 trn cng mt h
thng. Nhiu ngi s dng Linux dng Windows nh mt cng c x l t.
Ngha l ngi s dng s dng Windows khai thc cc ng dng thng mi
c trong Windows nh: Microsoft Word, Microsoft Exel...m trong Linux khng
c sn.
8/8/2019 Do an Tot Nghiep Linux
10/104
n tt nghip
10
Windows 95 v Windows 98 khng tn dng ht c chc nng ca b
x l X86. Mt khc, Linux hon ton chy trong ch bo v ca b x l v
khai thc trit cc tnh nng ca my, k c a b vi x l.
C th khng nh rng Windows v Linux l nhng thc th hon ton
khc bit. Windows c gi c hp l(so vi cc h iu hnh thng mi khc)
v c v tr vng chc trong th gii my tnh PC. Khng c h iu hnh no cho
PC li t c mc ph cp nh Windows. Tuy nhin Linux li l h iu
hnh min ph v chnh iu cng lm cho n ngy cng tr nn thng dng.
1.4.2 So snh Linux vi Windows NT.
Cng nh Linux, Windows NT(v cc phin bn Windows pht trin tWindows NT) l h iu hnh a nhim y , h tr my a b x l, kin trc
CPU, b nh o, ni mng, bo mt... Tuy nhin, khc bit gia Linux v
Windows NT l Linux l phin bn ca Unix. C nhiu ci t t pha cng ty
cung cp nhng c mt vn nan gii l vic chun ho di dng h thng m,
nhng khng mt cng ty no c th kim sot c thit k ny. Mt khc,
Windows NT l mt h thng c quyn. Giao din v thit k l do mt cng ty
kim sot, l Microsoft v ch cng ty mi ci t thit k. V mt ngha
no th hnh thc t chc ny l c li: n thit lp tiu chun nghim ngt
cho vic lp trnh v giao din ngi s dng khng ging nh trong cng ng
h thng m.
Windows NT l c sc mnh y ca b my tip th Microsoft, trong
khi Linux c cng ng hng nghn nh lp trnh ang gp phn ci tin h
thng ny qua mu Open Source. Nhng im quy chun ca Linux so viWindows NT chng minh rng mi h thng c im mnh v im yu
ring. Linux vt xa Windows NT trong lnh vc mng. Linux cng nh hn NT
nhng li thng n nh hn.
8/8/2019 Do an Tot Nghiep Linux
11/104
n tt nghip
11
1.5 Yu cu v phn cng.
Mt c im vt tri ca Linux chnh l n chy c trn hu ht cc
loi my tnh c bn.
My desktop: Bao gm cc phn cng ca Intel v Intel tng thch, cc
chip PowerPC, Sun Sparcs, DEC Alpha v nhiu loi khc. Bn cng khng cn
thit phi c i my hin i nht, mi nht, LINUX c tnh mdun cao, nu
loi bt cc th "ph tng", LINUX c th chy trn my 386 v ch cn 150 MB
a trng, 2MB RAM. Mt s nh pht trin cn vit LINUX chy t mt a
mm duy nht !
My laptop: Linux cng hot ng tt trn nhiu laptop nh ApplePowerBooks, IBM ThinkPad, Toshiba Tecras. iu k diu l LINUX c th
chy c trn Intel v Mac, t nht l vi cc phn cng c bn (bo mch chnh, b
vi x l, b nh).
C rt nhiu cc loi phn cng khc nhau, cc k hiu khc nhau (nh
SCSI, IDE, BIOS ... ). Hu ht, cc thng tin v my tnh u c cha trong
BIOS v bn c th thy c khi khi ng khi n cc phm c bit (F1, Del,
...). Nu bn ang dng Win95 hay WinNT th cc thng tin c th tm thy
trong mc system properties ca Control Panel.
Sau y l danh sch cc thit b cn tm hiu:
CD-ROM: Do Linux h tr hu ht cc trnh iu khin CD-ROM nn
cch n gin nht ci t l ni CD-ROM vi card SCSI hay IDE
bus. Nu CD-ROM ni vi IDE bus th n phi l loi tng thch vi
ATAPI.
mm: Phi l loi 3,5 in 1,44MB.
8/8/2019 Do an Tot Nghiep Linux
12/104
n tt nghip
12
cng: Ging nh CD-ROM, n c th c ni vi IDE hay SCSI bus.
Bn nn ghi li s cylinders ca cng - c ch ra trong BIOS ( ngha
ca cylinder s c gii thch sau).
Bus ni b: Linux hin ti khng h tr bus vi kin trc Micro-Chanel.
Cc bus c h tr l PCI, ISA, EISA, VL Bus. Hu ht cc my sn
xut sau nm 1995 u c PCI bus.
B nh: Linux cn ti thiu 8MB RAM c th chy c.
Sound card: Khng cn thit cho qu trnh ci t, song nu bn c
Creative Labs Sound Blaster hay card sound tng thch, bn s d dng
c c m thanh trong qu trnh ci t.
Video card: Thng tin cn thit y l loi chip v dung lng b nh.
Nu l loi card PCI th thng tin ny c th t ng nhn bit trong qu
trnh ci t (thng tin ny ch thc s cn thit nu bn c nh dng
Xwindow).
Vic tip theo l so snh danh sch phn cng bn c vi danh sch c
Linux h tr:
Thit b Cc thit b tng thch
CD-Rom Drive IDE ATAPI-compliant, SCSI CD-Rom
Hard Drive Cc loi IDE, EIDE, SCSI. Mt s loi Ultra
DMA khng lm vic c v khng tng thch
vi chun EIDE
SCSI Controller Hu ht cc iu khin SCSI thng dng nhBusLogic v Adaptec
Video card Cc loi card ATI, Cirrus v Matrox, S3...
8/8/2019 Do an Tot Nghiep Linux
13/104
n tt nghip
13
Nu phn cng ca bn khng c h tr th ch cn cch:
Thay i phn cng sao cho tng thch.
Ch cho n khi Linux h tr phn cng ca bn.
Tt hn l nn trnh cc thit b mang nhn Plug&Play. Bi v Linux mi ch
ang bt u h tr cc thit b ny, do s rt phc tp khi ci t. Bn cng
nn thn trng vi cc phn cng c lit vo loi Win-item (nh Winmodem
v Winprinter) v chng ch hot ng trong mi trng Window.
*Cc thng tin v mng
Trong trng hp my tnh c ni mng Lan s dng giao thc TCP/IP,
bn c th phi c nhng thng tin sau:Hostname
Domain Name
IP Address
Netmask
Default Gateway
Primary Namesever
Secondary Nameserver
NFS Server (optional)
FTP Server (optional)
8/8/2019 Do an Tot Nghiep Linux
14/104
n tt nghip
14
Chng II : cc lnh Linux c bn
2.1 Cc phng thc hot ng ca dng lnh
Cc lnh trong Linux c chia lm hai loi l cu lnh v chng trnh.im khc nhau gia cu lnh v chng trnh l: i vi cc cu lnh Linux
c ci sn cc phn ng v khi bn g lnh, Linux s p ng cc cu lnh .
Cn i vi chng trnh, n s tm chng trnh c tn thch hp ri thc hin
chng trnh .
Nhiu lnh trong Linux cho php u ra ca mt lnh ny l u vo ca
lnh khc. lm c iu bn ch cn nh du | ngn cch gia hai
lnh. Cn nu cu lnh di qu bn c th ngt xung dng bng cch thm du
\ ti cui dng (du \ phi l k t cui cng ca dng lnh). Khi bn mun
nh nhiu lnh mt lc th bn ch cn nh du , gia cc cu lnh, t cc
cu lnh s c thc hin mt cch tun t.
Linux cn cung cp nhiu s tin li khi s dng cc lnh, c bit l kh
nng hon chnh lnh bng vic s dng phm tab. Bn cng c th s dng mi
tn ln/xung trn bn phm nhn c cc cu lnh s dng lc trc.Mt s phm tt thc hin lnh cc thao tc n gin khi nhp lnh.
- Nhn phm ESC +BACKSPACE xo mt t bn tri con
tr.
- Nhn phm ESC +D xo mt t bn phi con tr.
- Nhn phm ESC +F di chuyn con tr sang phi mt t.
- Nhn phm ESC +B di chuyn con tr sang tri mt t.
- Nhn phm CTRL +A di chuyn con tr v u dng lnh.
- Nhn phm CTRL +E di chuyn con tr v cui dng lnh.
- Nhn phm CTRL +U xo dng lnh hin ti.
8/8/2019 Do an Tot Nghiep Linux
15/104
n tt nghip
15
Bn c th nhn phm ALT thay cho phm ESC.
2.2 Trang Man
Linux l mt h iu hnh rt phc tp vi rt nhiu cu lnh c th kt
hp vi nhau thc hin hng nghn cc thao tc khc nhau. Hu ht cc cu
lnh u c km theo mt s cc tu chn lnh hay nhng thng tin quan trng.
Trong Linux c ti hn 1000 lnh v chc chn rng chng ta khng th nh ht
c. S dng trang Man s gip chng ta gii quyt c Iu .
Trang Man (Manual page), l mt ti liu trc tuyn trong Linux lu tr
ton b cc lnh c sn vi cc thng tin tham kho y .
m trang Man ca mt lnh, bn hy g:man
Cch trnh by chung ca mt trang Man s nh sau:
NAME
Tn lnh v khi qut tc dng ca lnh.
SYNOPSIS
C php ca lnh.
DESCRIPTION
M t c th hn v tc dng ca lnh.
OPTIONS
Lit k cc tu chn lnh v tc dng ca chng.
FILES
Lit k cc tp tin m lnh s dng hoc tham chiu n.
SEE ALSOLit k cc lnh, cc ti liu c lin quan n lnh.
REPORTING BUGS
a ch lin h nu gp li khi s dng lnh.
8/8/2019 Do an Tot Nghiep Linux
16/104
n tt nghip
16
AUTHOR
Tn tc gi ca lnh.
2.3 Cc quy c.
C mt b quy c m t chnh xc v nht qun c php lnh trong
Linux. B quy c ny quy nh tu chn hay tham s no buc phi dng, tu
chn hay tham s no khng nht thit phi dng...
- Bt c t no ng mt mnh hay khng trong cc du [], {}, th phi
g y nh vy.
- T nm trong du ngoc vung ( [] ) l tu c th g hoc khng.
- T no nm trong du l bt buc phi c v c thay th bng tthch hp.
- T no nm trong du {} l chn mt trong cc gi tr trong ngoc .
- Du ... thng c dng vi cc tham s nh tn tp tin.
- Khi cn c th kt hp cc du ngoc vi nhau to ra cch s dng
tham s mi.
Ngoi nhng quy c trn, c mt iu cn lu na l trong dng lnh
Linux c phn bit ch hoa v ch thng.
Trong Linux c hai k t i din ph bin l * v ?. * l k t i
din thng dng nht, n thay cho mt hay nhiu k t. V ? l k t i din
cho mt k t duy nht.
2.4 Cc lnh c bn trong Linux.
2.4.1 Th mc v lnh v th mc.
2.4.1.1 Mt s th mc c bit.
- Th mc / : y l th mc gc cha ng tt c cc th mc con c
trong h thng.
8/8/2019 Do an Tot Nghiep Linux
17/104
n tt nghip
17
- Th mc /root : c s dng lu tr cc tp tin tm thi, nhn
Linux v cc hnh nh khi ng, cc tp tin nh phn quan trng, cc
tp tin ng nhp....
- Th mc /bin : Mt chng trnh c coi l kh thi nu n c th thc
hin c v khi bin dch n c dng l tp tin nh phn. Ngha l mt
chng trnh ng dng trong Linux l mt tp tin nh phn kh thi. V
th mc /bin chnh l ni lu tr cc tp tin nh phn kh thi . Nhng
theo thi gian ngy cng c nhiu tp tin nh phn kh thi nn c thm
cc th mc nh /sbin, /usr/bin c s dng lu tr cc tp tin .
- Th mc /dev : Lu tr tt c cc trnh iu khin thit b.- Th mc /etc :Lu tr tt c cc thng tin hay tp tin cu hnh h
thng.
- Th mc /lib : Lu tr cc th vin hm v th tc.
- Th mc /lost+ found: Mt tp tin c khi phc sau khi c bt k
mt vn hay mt trc trc no trn h thng u c lu vo tp tin
ny.
- Th mc /mnt: L ni kt ni cc thit b (a cng, a mm,)
vo h thng tp tin chnh.
- Th mc /tmp : Th mc ny c rt nhiu chng trnh trong Linux
s dng nh mt ni lu cc tp tin tm thi. V d nh bn son tho
mt tp tin, chng trnh s to ra mt tp tin l bn sao ca tp tin
v lu vo trong th mc /tmp. Bn s son tho trc tip trn tp tin
tm thi ny v sau khi son tho xong, tp tin s c ghi ln tptin gc ca bn.
8/8/2019 Do an Tot Nghiep Linux
18/104
n tt nghip
18
- Th mc /usr: Thng thng th mc ny l trung tm lu tt c cc
cu lnh hng n ngi dng. Tuy nhin ngy nay th hu ht cc tp
tin nh phn ca Linux u c lu tr ti th mc ny.
- Th mc /home : Lu tr cc th mc c nhn ca ngi dng.
- Th mc /var: c s dng lu tr cc thng tin lun lun thay
i.
- Th mc /boot: L th mc cha nhn ca h thng, system.map (tp
tin nh x n cc driver np cc h thng tp tin khc),....Th mc
ny cho php khi ng v np li bt k trnh iu khin no c yu
cu c cc h thng tp tin khc.- Th mc /proc : L th mc dnh cho nhn h thng (kernel).
- Th mc /mise v th mc /opt: Bn c th lu tr mi th bn thch
vo th mc ny.
- Th mc /sbin : Lu cc tp tin h thng thng t ng chy.
Ngoi ra cn hai th mc c bit tn ti trong Linux, l hai th mc
c biu hin bi du . v ...
- Du . biu hin cho th mc hin hnh.
- Du .. biu hin cho th mc cha ca th mc hin hnh.
2.4.1.2 Cc lnh chnh lin quan n th mc.
Xc nh th mc hin thi vi lnh pwd
C php lnh:
pwd
Lnh ny cho bn bit hin bn ang trong th mc no.Mc nh, Linux lun t bn vo th mc cc nhn ca bn khi ng nhp.
Xem thng tin v th mc vi lnh ls
C php lnh :
8/8/2019 Do an Tot Nghiep Linux
19/104
n tt nghip
19
ls [tu chn lnh]...[th mc]...
Lnh ny a ra thng tin v th mc, nu khng c th mc nh l thng
tin hin thi c hin th.
Lnh to th mc mkdir
C php lnh :
mkdir [tu chn lnh]
Lnh ny s to mt th mc mi nu n cha thc s tn ti. Nu th
mc tn ti, h thng s thng bo cho bn bit.
Lnh loi b th mc rmdir.
C php lnh :rmdir [tu chn lnh]...
Vi lnh ny bn ch xo c nhng th mc rng, tc l khng tn ti
tp tin hoc th mc con no trong n. Th mc xo ri th khng c cch no
khi phc c, v vy bn nn cn nhc k trc khi xo mt th mc no .
Lnh i th mc cd.
Tn cd c ngha l change directory. Bn c th chuyn trc tip n thmc no hoc chuyn mt cch tng i.
Mun chuyn ln th mc cha : #cd .. hoc #cd ../..
Chuyn v th mc gc : #cd \
Chuyn v th mc home th dng lnh: #cd hoc #cd ~
Lnh sao chp th mc cp.
C php lnh:
cp [tu chn lnh] ......
Lnh ny cho php bn sao th mc ngun n th mc ch hoc sao chp t
nhiu th mc ngun vo th mc ch.
8/8/2019 Do an Tot Nghiep Linux
20/104
n tt nghip
20
2.4.2 Tp tin v cc lnh v tp tin.
2.4.2.1 Cc kiu tp tin trong Linux.
C rt nhiu tp tin khc nhau trong Linux, nhng bao gi cng tn ti mt s
kiu tp tin cn thit cho h Iu hnh v ngi dng. Di y l mt s cc
kiu tp tin c bn.
- Tp tin ngi dng(user data file): L cc tp tin to ra do hot ng ca
ngi dng khi kch hot cc chng trnh ng dng tng ng. V d nh
cc tp tin thun vn bn, cc tp tin c s d liu hay cc tp tin bng
tnh.
- Tp tin h thng(system data file): L cc tp tin lu tr thng tin ca hthng nh: cu hnh cho khi ng, ti khon ca ngi dng, thng tin
thit b...thng c ct trong cc tp dng vn bn ngi dng c th
can thip, sa i theo mnh.
- Tp tin thc hin(executable file): L cc tp tin cha m lnh hay ch th
cho my tnh thc hin. Tp tin thc hin lu tr di dng m my. Tp
tin thc hin c bt u bi du(*) v thng c mu xanh lc.
- Tp tin bao hm(directory: L tp tin bao hm trong n cc tp tin khc .
Trong mc, tp tin bao hm thng c mu trng v bt u bng du ng
(~) hoc du chia (/). V d: /, /home, /bin, /usr, /usr/man, /dev...
- Tp tin thit b (device file): L tp tin m t thit b dng nh l nh
danh ch ra thit b cn thao tc.Theo quy c, tp tin thit b c lu
tr trong th mc /dev. Cc tp tin thit b hay gp trong mc ny l
tty(teletype-thit b truyn thng), ttyS(teletype serial- thit b truyn thngni tip)... Trong mc, tp tin thit b c mu tm v bt u bng du
cng(+).
8/8/2019 Do an Tot Nghiep Linux
21/104
n tt nghip
21
- Tp tin lin kt (linked file): L nhng tp tin cha tham chiu n cc tp
tin khc trong h thng tp tin ca Linux. Tham chiu ny cho php ngi
dng tm nhanh ti tp tin thay v ti v tr nguyn thu ca n. Ta thy
loi tp tin ny ging nh khi nim shortcut trong windows.
Linux qun l thi gian ca tp tin qua cc thng s thi gian truy nhp
(accessed time), thi gian kin to (created time) v thi gian sa i (modified
time).
2.4.2.2 Cc lnh v tp tin.
Lnh to tp tin.
+ To tp tin vi lnh touch.C php lnh:
touch
Thc cht lnh ny c tc dng dng cp nht thi gian truy nhp
v sa cha ln cui ca mt tp tin. V l do ny cc tp tin c to bng lnh
touch u c sp xp theo thi gian sa i. Nu bn s dng lnh touch i
vi tp tin cha tn ti, chng trnh s to tp tin .
+To tp tin bng cch i hng u ra ca lnh.
Cch ny rt hu ch nu bn mun lu kt qu ca mt lnh bn
thc hin. gi kt qu ca mt lnh ls -l /bin vo tp tin /home/thu/lenh bng
cch g.
#ls -l /bin > /home/thu/lenh
Linux t ng to nu tp tin lenh cha c, trong trng hp c
tp tin lenh th ni dung tp tin c s b th ch bi kt qu ca lnh :#ls l /bin > /home/thu/lenh
Mun b sung thm kt qu vo cui tp tin thay v th ch ni
dung tp tin, bn s dng du >>.
8/8/2019 Do an Tot Nghiep Linux
22/104
n tt nghip
22
+ To tp tin bng lnh cat.
cat >
Mc nh, lnh ny cho php bn ly thng tin u vo t bn phm
ri xut ra mn hnh. Bn c th tu g ni dung ca tp tin ngay ti du nhc
lnh v g CTRL + d kt thc vic son tho.
Sao chp tp tin vi lnh cp.
C php :
cp[tu chn lnh]......
Tc dng lnh v cc tu chn lnh ging vi sao chp th mc mctrn.
i tn tp tin vi lnh mv.
C php lnh :
mv
Lnh ny cho php bn i tn tp t tin c thnh tn mi.
Xo tp tin vi lnh rm.C php lnh:
rm[tu chn lnh]......
Bn c th s dng lnh ny xo b mt tp tin hoc nhiu tp tin.
m t v dng trong tp tin vi lnh wc.
C php lnh:
wc [ty chon lnh]...[tn tp tin]
a ra s dng, s t, s k t c trong mi tp tin v mt dng tnh
tng. Nu khng c tu chn no th mc nh a ra c s dng, s t v s k
t. Khng c tn tp tin th mc nh s c v m trn thit b vo chun.
8/8/2019 Do an Tot Nghiep Linux
23/104
n tt nghip
23
Sp xp ni dung tp tin vi lnh sort
C php lnh:
sort [tu chn lnh]...[tn tp tin]...
Hin th ni dung sau khi sp xp ca mt hoc nhiu tp tin ra thit b ra
chun l tc dng ca lnh sort. Mc nh th t sp xp l [0-9, A-Z, a-z]
Xc nh kiu tp tin vi lnh file.
C php lnh:
file [tu chn lnh] [-f namefile] [-m magicfile] tp tin...
Lnhfile cho php bn xc nh v in ra kiu thng tin cha trong tp tin.
+ text: dng tp tin vn bn thng thng, ch cha cc m k tASCII.
+ Executable: dng tp tin nh phn kh thi.
+ Data: thng l dng tp tin cha m nh phn v khng th in ra
c.
Xem ni dung tp tin vi lnh cat.
C php lnh v cc tu chn:
cat [tu chn lnh]
Xem ni dung tp tin ln vi lnh more.
C php lnh v tu chn :
more [-dlfpcsu] [-num] [+/pattern] [+linenum] [file...]
Lnh more hin th ni dung ca tp tin theo tng trang mn hnh.
Xem ni dung tp tin vi lnh head.
C php lnh:
head [tu chn lnh]...[tn file]...
8/8/2019 Do an Tot Nghiep Linux
24/104
n tt nghip
24
Lnh ny s a ra mn hnh 10 dng u tin ca mi tp tin. Nu c
nhiu tp tin th ln lt tn cc tp tin v 10 dng u tin s c hin th. Nu
khng c tn file, hoc tn file l du - mc nh s c t thit b chun.
Xem qua tp tin vi lnh tail.
C php lnh:
tail [tu chn lnh]...[tn file]...
Lnh ny s a ra 10 dng cui ca ni dung file. Nu c nhiu tp tin
th ln lt tn cc tp tin v 10 dng cui s c hin th. Nu khng c tn
file, hoc tn file l du - mc nh s c t thit b chun.
Tm theo ni dung tp tin bng lnh grep.C php lnh:
grep[tu chn lnh]
Lnh grep s hin th tt c cc dng c cha mu lc trong tp tin c
a ra (hoc t thit b vo chun nu khng c tn tp tin hoc tn tp tin c
dng l du -").
Tm theo cc c tnh ca tp tin bng lnh find.
C php lnh:
find [ng dn] [biu thc]
Lnh find thc hin vic tm kim tp tin trn cy th mc theo biu thc
c a ra. Mc nh ng dn l th mc hin thi, biu thc l - print.
2.4.3 Lnh v Destop.
Lnh tnh biu thc s hc vi lnh bc.
C php lnh:
bc [-lwsqv] [cc tu chn di] [file...]
8/8/2019 Do an Tot Nghiep Linux
25/104
n tt nghip
25
Lnh xem lch trn h thng bng lnh cal.
C php lnh:
cal [-mjy] [month [year]]
Nu khng c tham s, lch ca thng hin ti s c hin th.
Lnh xem ngy, gi.
C php lnh:
date [tu chn lnh] ... [+ nh dng]
v
date [tu chn lnh] [MMDDhhmm] [CC [YY]]
Lnh xem tin h thng uname.C php lnh:
uname [cc tu chn]...
Lnh uname cho php bn xem thng tin h thng. Nu khng c tu chn
th hin tn h iu hnh.
2.4.4 Lnh v trnh bo mn hnh.
Lnh echo.C php lnh:
echo [cc tu chn]...[xu k t]...
2.4.5 Cc lnh lin quan n ti khon ngi dng.
2.4.5.1 Cc lnh lin quan n ngi dng.
Khi ci t h iu hnh Linux, ng nhp chnh s c t ng to ra.
ng nhp ny gi l root v c xem l ngi dng cp cao. Khi ng nhp
vi t cch l ngi dng root th bn c th lm bt c iu g bn mun trn h
thng ( to mt ngi dng mi, thay i thuc tnh ca mt ngi dng, xo b
ngi dng... ).
8/8/2019 Do an Tot Nghiep Linux
26/104
8/8/2019 Do an Tot Nghiep Linux
27/104
8/8/2019 Do an Tot Nghiep Linux
28/104
n tt nghip
28
Sa i thuc tnh ca mt nhm ngi dng.
C php lnh v cc tu chn:
groupmod [tu chn lnh]
Xo mt nhm ngi dng.
Ch xo c mt nhm ngi dng khi khng cn ngi no thuc nhm
na.
C php lnh:
groupdel
Lnh ny s sa i c tp tin ti khon h thng xo tt c cc thc th
lin quan n nhm. Tn nhm phi thc s tn ti.2.4.7 Cc lnh khc c lin quan n ngi dng.
ng nhp vi t cch mt ngi dng khc vi lnh su.
C php lnh:
su
Dng lnh su s gip bn thay i tn ngi dng mt cch hiu qu v
cp cho bn cc quyn truy nhp nhngi dng.Nu bn ng nhp vi t cch ngi s dng bnh thng v mun tr
thnh ngi dng cp cao (root) th dng lnh sau:
#su root
Khi h thng s yu cu bn nhp mt khu ca ngi dng cp cao.
Nu cung cp ng mt m th bn s l ngi dng root cho ti khi dng CTRL
+d thot ra khi ti khon v tr v ng nhp ca ngi dng ban u. Cn
nu bn ng nhp vi t cch ngi dng cao cp v mun tr thnh ngi dng
bnh thng th cng dng lnh:
su
8/8/2019 Do an Tot Nghiep Linux
29/104
n tt nghip
29
Bn s khng b hi v mt khu khi thay i t ngi dng cp cao sang
ngi khc. Tuy nhin nu bn ng nhp vi t cch ngi dng bnh thng v
mun chuyn sang mt ng nhp khc th bn phi cung cp mt m ca ngi
dng .
Xc nh ngi dng ang ng nhp
+ Lnh who
C php lnh:
who [tu chn lnh]
Lnh who cho bn bit c hin ti c nhng ai ang ng nhp trn h
thng.Lnh who hin th ba ct thng tin cho tng ngi dng trn h thng. Ct
u l tn ca ngi dng, ct hai l tn thit b u cui m ngi dng ang
s dng, ct ba hin th ngy gi ngi dng ng nhp.
Ngoi lnh who th bn c th s dng lnh users xc nh ngi dng
ang ng nhp trn h thng.
#users
Khi no bn quen mnh ang ng nhp vi tn ngi dng l g, lc
bn hy dng lnh:
who am i
Hoc
whoami
Lnh who am i s hin kt qu y hn vi tn my bn ng nhp, tn
ngi dng bn ang ng nhp, tn thit b v ngy gi bn ang ng nhp.+ Lnh id.
C php lnh:
id [tu chn lnh] [tn ngi dng]
8/8/2019 Do an Tot Nghiep Linux
30/104
n tt nghip
30
Lnh ny s a ra cho bn thng tin v ngi dng c a ra trn dng
lnh hoc thng tin v ngi dng hin thi.
+ Xc nh cng vic m nhng ngi dng ng nhp trn h thng
ang thc hin, ta s dng lnh w.
C php lnh:
w [tn ngi dng]
Lnh w s a ra thng tin v ngi dng hin thi trn h thng v tin
trnh h ang thc hin.
2.4.8 Cc lnh lin quan n qun l thit b.
Linux c cch iu khin cc thit b rt khc so vi cc h iu hnhkhc. S khng c cc tn thit b lu tr vt l nh A hay C..., m lc cc
thit b lu tr ny s tr thnh mt phn ca h thng tp tin cc b thng qua
mt s thao tc c gi l kt gn mounting. Khi bn ang s dng thit b
lu tr , mun tho b bn phi tho b kt gn umount thit b.
s dng bt k mt thit b lu tr vt l no trn Linux, bn cn
phi s dng n lnh mount. im gn kt l th mc /mnt.
C php lnh:
mount
Dng ny s thng bo cho nhn h thng kt gn h thng tp tin c
trn device thit b ny c dng l type vo th mc im gn kt dir.
V d: Nu mun s dng a mm v a CD. Bn hy gn chng vo hai
th mc /mnt/floppy v mnt/cdrom bng hai cu lnh.
#mount -t msdos /dev/fd0 mnt/floppy
#mount /dev/cdrom /mnt/cdrom
8/8/2019 Do an Tot Nghiep Linux
31/104
n tt nghip
31
Bn c th tho b kt gn ca mt h thng tp tin trn h thng bng
lnh umount .
C php lnh:
umount
Dng lnh ny s tho b kt gn ca h thng tp tin c trn device ra
khi h thng tp tin chnh. Lu rng khng th tho b kt gn ca mt h
thng tp tin khi c mt tin trnh ang hot ng truy cp n cc tp tin trn h
thng tp tin .
Khi mt h thng tp tin c kt gn(dng lnh mount), nhng thng tin
quan trng v s cc tp tin trn h thng tp tin c lu trong nhn . Nuloi b cc thit b vt l cha h thng tp tin m khng tho b kt gn (dng
lnh umount) c th dn ti thng tin lu v h thng tp tin b tht lc. Mc ch
c lnh umount l xo b mi thng tin ra khi b nh khi khng dng n
na.
V d: Khng dng n a mm, bn c th dng cu lnh:
#umount /dev/fd0
Xem dung lng a s dng vi lnh du.
C php lnh:
du [tu chn lnh ] ...[file]...
Lnh du s lit k kch thc (tnh theo kilobytes) ca mi tp tin c trong
h thng tp tin c cha file. Lu rng, lnh du khng cho php c nhiu tu
chn trn cng mt dng lnh.
kim tra dung lng a trng vi lnh df.C php lnh:
df [tu chn lnh]...[file]...
8/8/2019 Do an Tot Nghiep Linux
32/104
n tt nghip
32
Lnh ny s hin th dung lng m cn trng trn h thng tp tin cha
ng tp tin file. Nu khng c tn tp tin th lnh ny s hin th dung lng a
cn thng trn tt c cc h thng tp tin c kt ni.
Lnh df ch cho bit dung lng a s dng v dung lng a cn
trng ca tng h thng tp tin. Nu bn mun bit tng dung lng a cn
trng l bao nhiu, bn s phi cng dn dung lng a cn trng ca tng h
thng tp tin.
2.4.9 Cc lnh v phn quyn.
Thay i quyn s hu tp tin vi lnh chown.
C php lnh:chown [tu chn lnh]... [.[group]]
Lnh ny cho php ngi dng owner s hu tp tin. Nu ch c tham s
owner, th ngi dng owner s s hu tp tin v nhm s hu khng thay i.
Nu theo sau tn ngi dng l du . v tn ca mt nhm group th nhm
s s hu tp tin. Nu ch c du . v tn nhm m khng c tn ngi s hu
th ch c quyn s hu nhm ca tp tin thay i.
Thay i quyn s hu nhm vi lnh chgrp.
Khi ng nhp, mc nh bn s l thnh vin ca mt nhm c thit lp
khi ngi dng cao cp root to ti khon ngi dng. Bn c th thuc nhiu
nhm khc nhau nhng mi ln ng nhp bn ch l thnh vin ca mt nhm.
thay i quyn s hu nhm i vi mt hoc nhiu tp tin, bn hy s dng
lnh chgrp.
C php lnh:chgrp [tu chn lnh] ...
Lnh ny cho php nhm group s hu tp tin tp tin
Thay i quyn truy cp tp tin vi lnh chmod.
8/8/2019 Do an Tot Nghiep Linux
33/104
n tt nghip
33
C php lnh:
chmod [tu chn lnh] ...
Lnh ny cho php bn xc lp quyn truy nhp kiu mode trn tp tinfile.
2.5 Shell.
Shell l chng trnh giao din gia ngi dng v Linux hay ni chnh xc
hn l ngi dng v nhn Linux. Mi lnh bn g ti du nhc trn mn hnh s
c shell din dch ri chuyn ti nhn Linux.
Shell l b din dch ngn ng lnh, n c ci sn b lnh ring. Mt s lnh
nh pwd ci sn trong shell bash cn nhng lnh nh cp v rm l nhng chng
trnh thi hnh hin din trn th mc h thng tp tin. Vi t cch l ngi dng,bn khng bit (hay khng bn tm) lnh no ci vo shell hay chng trnh. Khi
bn nhp mt lnh th u tin shell s kim tra lnh ny c phi l lnh ci sn
hay khng. Nu khng phi l lnh ci sn, shell s kim tra xem n c ng l
chng trnh ng dng hay khng. Nu nhp lnh chng phi l lnh shell hay
cng chng phi tp tin thi hnh th s c mt thng bo li hin th nh sau:
$doit
doit: not found
Bc cui cng, cc lnh ci sn v chng trnh ng dng c phn thnh
system call (gi h thng) ri chuyn ti nhn Linux.
Shell khi ng sau khi bn ng nhp thnh cng vo h thng, v tip tc
l phng php tng tc chnh gia ngi dng v nhn Linux cho n khi bn
ng xut. Mi ngi dng trn h thng c mt shell mc nh v c lu
trong tp tin mt m h thng /etc/passwd. Tp tin mt m h thng cha User IDca mi ngi, mt m m ho, v tn chng trnh chy ngay sau khi ngi
dng ng nhp vo h thng.
8/8/2019 Do an Tot Nghiep Linux
34/104
n tt nghip
34
Trn Linux c ci sn mt s loi shell khc nhau, mi shell c nhng u
nhc im ring:
Shell Bourne Again (bash) l shell c s dng ph bin nht (v
mnh nht) trong Linux. Bash l m rng ca shell Bourne v n tng thch
hon ton vi shell Bourne. Bash c to ra v c phn phi bi d n GNU
(t chc phn mm min ph ). a ra cc son tho dng lnh, cc la chn thay
th quan trng.
Mt s lnh ci sn trong shell bash:
Lnh Cng dng
alias Lp b danh (bit danh lnh cho ngi dng quy nh).Bg Lnh background (hu cnh). Buc tin trnh b ngng tip tc thi
hnh hu cnh
cd Chuyn th mc lm vic. Lnh ny s chuyn th mc lm vic
hin hnh vo th mc nh.
exit Chm dt Shell.
export Lm cho gi tr bin s lp kh dng i vi tt c tin trnh con
thuc shell hin hnh.
fc Lnh fix. Hiu chnh lnh trong danh sch history hin hnh.
fg Lnh foreground (tin cnh). Buc tin trnh b ngng tip tc thi
hnh tin cnh.
help Hin th thng tin tr gip v lnh ci sn trong bash.
history a ra danh sch n lnh va nhp ti du nhc lnh. n l bin quy
nh s lnh s ghi nh.kill Chm dt tin trnh khc.
pwd In th mc hin ngi dng ang lm vic trn .
8/8/2019 Do an Tot Nghiep Linux
35/104
n tt nghip
35
unalias Xo cc b danh nh bng lnh alias.
Bash cn nhiu lnh na, nhng y l nhng lnh thng dng nht. Mun
xem bash gii thiu thm lnh no v mun bit r hn v nhng lnh nu trn,
bn hy tham kho trang Man (g man bash ).
Shell Bourne (sh) do Steven Bourne vit. l shell Unix nguyn thu
c mt trn mi h thng Unix, n khng x l tng tc ngi dng nh mt s
shell khc cho php. N khng a ra son tho dng lnh.
Shell C (csh) do Bill Joy vit, shell C p ng tng tc ngi dng. N
chp nhn cc c tnh vn khng c trong shell Bourne, chng hn nh hon
thnh dng lnh. V ngn ng lp trnh shell C gn ging nh ngn ng C, ll do ngi ta t tn cho n l shell C.
Shell korn (ksh) do David Korn vit. ng ly cc c tnh u vit ca
shell C v shell Bourne ri kt hp thnh mt shell tng thch hon ton vi
shell Bourne v a ra son tho dng lnh.
Public Domain Korn Shell (pdksh) khng chp nhn cc c tnh trong
phin bn shell Korn. Th nhng n chp nhn hu ht c tnh ch yu v b
sung vi c tnh mi vo.
Mt s lnh trong shell pdksh:
+ alias : Lp b danh , bit danh lnh cho ngi dng t.
+ bg : Lnh background (hu cnh). Buc tin trnh b ngng tip tc thi
hnh hu cnh.
+ cd : Chuyn th mc lm vic. Lnh ny s chuyn th mc lm vic
hin hnh vo th mc nh.+ exit : Chm dt Shell.
+ export : Lm cho gi tr bin s lp kh dng i vi tt c tin trnh con
thuc shell hin hnh.
8/8/2019 Do an Tot Nghiep Linux
36/104
n tt nghip
36
+ fc : Lnh fix. Hiu chnh lnh trong danh sch history hin hnh
+ fg : Lnh foreground (tin cnh). Buc tin trnh b ngng tip tc thi
hnh tin cnh.
+ kill : Chm dt tin trnh khc.
+ pdw : (Print working directory) in th mc hin hnh ln mn hnh.
+ unalias : Xo cc b danh nh bng lnh alias.
tcsh l phin bn sa i ca shell C (csh). N tng thch hon ton vi
csh nhng li mang nhiu c tnh mi gip tng tc ngi dng d dng hn.
Mt s lnh tcsh hu ch:
+ alias : Lp b danh , bit danh lnh cho ngi dng t.+ bg : Lnh background (hu cnh). Buc tin trnh b ngng tip tc thi
hnh hu cnh.
+ bindkey : Cho php ngi dng thay i cc thao tc hiu chnh vn gn
lin vi mt t hp phm.
+ cd : Chuyn th mc lm vic. Lnh ny s chuyn th mc lm vic
hin hnh vo th mc nh.
+ fg : Lnh foreground (tin cnh). Buc tin trnh b ngng tip tc thi
hnh tin cnh.
+ history: Cho php ngi dng hin th v sa i ni dung danh sch
history v tp tin history.
+ kill : Chm dt tin trnh khc.
+ logout : Chm dt shell ng nhp.
+ set : Lp gi tr bin tcsh.+ source : c v thi hnh ni dung tp tin.
+ unalias : Xo cc b danh nh bng lnh alias.
8/8/2019 Do an Tot Nghiep Linux
37/104
n tt nghip
37
Chng III: samba
3.1 Gii thiu tng quan.
Cc t chc kinh doanh ln thng x l thng tin trn nhiu loi h iuhnh khc nhau v c nhu cu lu tr chng trong mt mi trng mng trong
vic chia s cc tp tin v my in. Cc nhn vin c th lm vic trn cc my
trm nh Linux, Microsoft Windows 95/98/NT, OS/2 hay Novel v vn cn phi
truy cp my server trong cc cng vic thng ngy ca h.
Samba l mt dch v mng rt mnh trong vic chia s tp tin v my in,
n lm vic tt trn cc h iu hnh ch yu hin nay. Khi c thc hin tt
bi ngi qun tr, n s nhanh hn v bo mt hn cc dch v chia s tp tin t
nhin c sn trn cc my Microsoft Windows.
Samba l mt giao thc c nhiu my PC kt ni vi nhau cng chia s cc
tp tin, cc my in, v cc thng tin khc, chng hn nh lit k danh sch cc
tp tin v my in. Cc HH m n h tr dch v ny mt cch t nhin gm c
Windows 95/98/NT, OS/2 v Linux.
y chng ta s tm hiu Samba vi tnh nng nh mt cy cu ni giaLinux v Windows, samba cho php cc my tnh chy Linux c th hot ng
v giao tip trn cng mt giao thc mng vi my Windows.
3.2 Ci t
C hai cch ci t Samba:
Cch 1: ci t t tp tin samba-2.2.7a-7.9.0.i386.rpm c sn trong CD
ci t Redhat 9.0. Cch 2: ci t t tp tin samba-2.2.7a-7.9.0.i386.tar.gz.
Phn ny ch tp trung cho vic ci t v cu hnh samba t tp tin samba-
2.2.7a-7.9.0.i386.rpm.
8/8/2019 Do an Tot Nghiep Linux
38/104
n tt nghip
38
Trong Redhat 9.0 trc khi ci t, chng ta kim tra xem samba c ci
t trn h thng ca bn hay cha vi lnh:
[root@localhost root]#rpm q samba
Nu samba cha c ci t trn h thng th chng ta tin hnh ci t
theo nhng lnh sau:
[root@ localhost root]# mount /mnt/cdrom
[root@ localhost root]#cd /mnt/cdrom/redhat/RPMS
[root@ localhost root]#rpm ivh samba-2.2.7a-7.9.0.i386.rpm
Lnh u tin kt gn CD vo h thng, lnh th hai chuyn vo th mc
cha chng trnh ngun samba-2.2.7a-7.9.0.i386.rpm v lnh th ba s ci tpackage samba-2.2.7a-7.9.0.i386.rpm vo h thng ca bn. Sau khi ci t thnh
cng samba vo h thng, tp tin cu hnh smb.conf s nm trong th mc
/etc/samba/smb.conf v tt c nhng g chng ta cu hnh v samba s c thc
hin t tp tin ny.
3.3 cu hnh
File cu hnh chnh ca Samba l smb.conf c ct trong th mc
/etc/Samba. Trong file ny c hai kiu ch thch c xc nh bng du (;) v
(#) t u cc dng. Du (#) l du ch thch thc v bn khng th b du
ny i c nhng du (;) l du ch thch xc nh thuc tnh hng tng ng
c c chn hay khng, kiu ch thch ny c th b i c.
V d trong file ny c on:
;encrypt password =yes
Nu b du (;) i th Samba s hiu rng mt khu s c m ha(encrypt), ngc li mt khu khi truyn i s c dng khng m ho
(clear text).
8/8/2019 Do an Tot Nghiep Linux
39/104
n tt nghip
39
vic thay i thng s trong file smb.conf an ton, chng ta sao lu file
smb.conf n mt th mc khc, ng thi m bo rng kt ni gia my
Linux v Windows vn trng thi tt (Kim tra bng lnh ping 2 my vi
nhau).
File smb.conf c chia lm 2 phn: global setting v sharing setting.
Trong mi phn li c nhiu tham s khc nhau.
thit lp cu hnh file smb.conf bn c th m file ny bng mt trnh son
tho c sn trn h thng nh vi, mc, pico:
#vi /etc/Samba/smb.conf3.3.1 cu hnh global setting:
Phn ny s cha thng s iu khin Samba server.
Gi tr u tin cn thit lp l gi tr ca th workgroup :
[global]
# workgroup = NT-Domain-Name or Workgroup-Name
workgroup = MYGROUP
L tham s xc nh tn workgroup ca Windows m my Linux ng
nhp, nhm ny phi tn ti trc khi chng ta cu hnh Samba.
Lu : Nn nhp tn workgroup dng ch in hoa.
# server string is the equivalent of the NT Description field
server string =Samba Server
Tham s server string l tham s gn m t v tn my Linux trn mng.
Mc nh tham s ny c gn bng Samba Server, tu theo chc nng ca my
Linux m bn c th t cc tn khc nhau. Vic gn gi tr cho tham s nykhng gy nh hng ln n vic cu hnh Samba.
;hosts allow = 192.168.1. 192.168.2.
8/8/2019 Do an Tot Nghiep Linux
40/104
n tt nghip
40
Nu b du (;) th cc my c a ch IP khng thuc lp mng lit k
khng th truy nhp vo my Linux. y ly v d vi lp mng C, nh vy cc
my c a ch IP bt u bng 192.168.1. v 192.168.2. u c th truy nhp ti
nguyn trn my Linux.
# this tells Samba to use a separate log file for each machine
# that connects
log file = /var/log/Samba/%m.log
Tham s logfile s xc nh tn file log cho tng my khi truy cp, %m c ngha
l tn my trn mng.
V d: Nu trn mng c my tn l nampt truy cp vo my Linux th Samba sto ra mt file l nampt.log lu trong th mc /var/log/Samba. Kch thc ca
file ny c xc nh bng tham s max log size:
# Put a capping on the size of the log files (in Kb).
max log size = 150
Samba h tr 4 kiu bo mt trong vic chia s d liu: USER, SHARE,
DOMAIN v SERVER. bit thm chi tit tng kiu bn c th c file
security_level.txt. Mc nh khi ci Samba mode USER
# Security mode. Most people will want user level security. See
# security_level.txt for details.
security = share
# Use password server option only with security = server or
# security = domain
;password server=MyServer
Nu bn chn kiu USER v SHARE th nn t du (;) vo u dng:
;password server =
8/8/2019 Do an Tot Nghiep Linux
41/104
n tt nghip
41
Nu bn mun s dng ti khon (account) v mt khu (password) trn
my ch iu khin vng truy nhp vo my Linux th phi t tham s:
security = domain
v in tn my iu khin vng vo vng password server nh di y:
password server = tn domain
# You may wish to use password encryption. Please read
# ENCRYPTION.txt, Win95.txt and WinNT.txt in the Samba
#documentation.
# Do not enable this option unless you have read those documents
encrypt passwords = yes
smb passwd file = /etc/Samba/smbpasswd
Vi cc h iu hnh t Win95 OME service release 2 hoc cao hn, mt khu
c m ho mc nh, cng nh vy i vi h iu hnh Windows NT4 service
pack 3 mt khu c chuyn t khng m ho (Clear text) thnh m ho
(Encrypted). mt khu m ho ca Windows lm vic c vi Samba th hai
dng trn phi b du ch thch v nhp tn ti khon v mt khu cho my
Linux bng lnh smbpasswd.
V d:
#smbpasswd -a nampt
Lu : user nampt phi tn ti l user ca h iu hnh. Nu bn nh thit
lp security mode= domain hoc server th nn t mt khu trng vi mt khu
trn server hay domain tng ng.
# Enable this if you want Samba to be a domain logon server for# Windows95 workstations.
domain logons = yes
8/8/2019 Do an Tot Nghiep Linux
42/104
n tt nghip
42
Nu tham s domain logons =yes s lm cho my Linux tr thnh
domain cc my Windows95 c th ng nhp (logon) vo . Kch bn ng
nhp cho cc my trm v user s c hai tham s logon script di y xc
nh:
# if you enable domain logons then you may want a per-machine or
# per user logon script
# run a specific logon batch file per workstation (machine)
logon script = %m.bat
# run a specific logon batch file per username
logon script = %U.bat
3.3.2 cu hnh Sharing Setting.
Khi c yu cu truy xut d liu t my trm, Samba s tm cc th mc
ny trong phn Sharing Setting. Nu th mc tn ti n s kim tra mt khu m
my trm cung cp vi mt khu ca Samba, n s chia s th mc ny qua mng
nu mt khu tho mn.
Trong phn ny c nhiu tham s khc nhau, y chng ta ch trch ra
mt th mc lm v d v gii thiu nhng tham s thng dng:
[chi]
comment = Thu muc cua user chi
browseable = no
read only=no
path=/home/chi
valid users=chi
Tham s comment cng gn ging nh tham s server string m chng ta
cp phn trc nhng ch khc y l ch thch cho th mc.
8/8/2019 Do an Tot Nghiep Linux
43/104
n tt nghip
43
Nu b du ch thch dng browseable = no th Samba s khng ch th
th mc ny trn trnh duyt mng (v d Windows Explorer), mc d n vn
c chia s, vic ny ging nh chia s th mc trn Windows vi du $. Tham
s read only s cho php ngi dng trn my trm c th thay i ni dung file
hay khng. Nu b du ch thch ti dng:
;read only=no
th ngi dng c th thay i ni dung ca file hay to file mi, ngc li nu
du (;) u dng, ngi dng ch c th c ni dung th mc v khng
c php to bt c thay i no trong th mc.
Trong file smb.conf c mt s thng s khng th gn gi tr bng yes.V d: nu vit:
read only=yes
th smbd khng hiu gi tr v pht sinh li cu hnh. Thc cht gi tr read
only=yes chnh l ; read only=no.
Tham s path xc nh ng dn n th mc cn c chia s trn
server. Tham s valid users=chi xc nh quyn hn truy cp vo th mc chi -
v d ny ch c user chi mi c c ni dung ca th mc .
3.4 Chia s file
Sau khi cu hnh phn global setting, chng ta c th t to ra mt th mc
chia s v gii hn truy cp theo nhm hoc ngi dng c trn h thng.
V d: to th mc chia s huong trn my Linux, chng ta lm nh
sau:
Thm vo vng Sharing Setting nhng dng di y:[huong]
comment= thu muc cua huong
path=/home/huong
8/8/2019 Do an Tot Nghiep Linux
44/104
n tt nghip
44
valid users =huong
browseable=yes
public=no
writeable=yes
Nh vy Samba s to ra mt th mc chia s huong trn my ch, do
tham s browseable=yes nn th mc ny s c nhn thy khi ngi dng m
Windows Explorer, tuy nhin do public=no v valid users =huong nn ch c user
huong c th ng nhp. Ngoi vic phn cp theo user Samba cng c th phn
quyn truy cp cho c nhm ngi dng, vi nhm chng ta s dng du @ trc
tn nhm.V d:
Valid users=huong,@Tin5
3.5 Kim tra cu hnh va thit lp
Sau khi thit lp file cu hnh chng ta nn kim tra li, Samba cung cp 2
cng c l testparm v smbstatus. kim tra chnh xc bn phi m bo my
trm v my ch phi ni c vi nhau (Kim tra bng lnh ping).
3.5.1 Kim tra bng cng c Testparm
Testparm l chng trnh cho php kim tra gi tr ca thng s trong file
cu hnh. Cu trc ca cu lnh ny l:
Testparm configfile [hostname hostIP]
Configfile l ng dn v tn file cu hnh, mc nh n ly file smb.conf
ct trong th mc /etc/Samba/smb.conf (t Redhat 9.0)
Hostname v HostIP l hai thng s khng nht thit phi c, n hng
dn Samba kim tra c cc dch v lit k trong file smb.conf trn my xc
nh bi Hostname v HostIP.
8/8/2019 Do an Tot Nghiep Linux
45/104
n tt nghip
45
V d:
[root@localhost root]# testparm /etc/Samba/smb.conf thuong 10.0.0.2
3.5.2 Kim tra bng cng c smbstatus
Smbtatus l chng trnh thng bo cc kt ni hin ti, cu trc ca cu
lnh ny nh sau:
Smbstatus [-d][-p][-s config file]Tham s configfile mc nh c gn l /etc/Samba/smb.conf. Tham s
d cho ra kt qu y .
V d: [root@localhost root]# smbstatus d s /etc/samba/smb.conf
8/8/2019 Do an Tot Nghiep Linux
46/104
8/8/2019 Do an Tot Nghiep Linux
47/104
n tt nghip
47
3.6.1 S dng cu lnh smbclient
Smbclient cung cp giao din dng lnh gn ging nh giao din ca FTP
truyn file qua mng. Chi tit v cu lnh smbclient bn c th tham kho nh
cu lnh:
#man smbclient
lit k cc th mc chia s c trn my 10.0.0.2 bn dng smbclient
vi tham s L:
#smbclient -L 10.0.0.2
Kt qu s cho ra mt s th mc c trn my 10.0.0.2, vo mt trong
cc th mc trn bn dng lnh smbclient vi tham s -U tn user (tn user cquyn truy cp vo th mc tng ng).
#smbclient //10.0.0.2/tn_th_mc -U tn_user
Sau khi g vo mt khu bn s nhn c du nhc:
smb:\>
Ti du nhc ny bn c th dng cc cu lnh nh sau:
V d : Dng smbclient ni n my Windows c a ch IP l 10.0.0.2, ly
file trn my ny ta phi lm ln lt cc bc sau:
Xc nh cc th mc c cha s trn my 10.0.0.2:
#smbclient -L 10.0.0.2 -U thuong
added interface ip=10.0.0.1 bcast=10.255.255.255 nmask=255.0.0.0
session request to 10.0.0.2 failed (Called name not present)
session request to 10 failed (Called name not present)
Password:
Sau khi nhp mt khu ca ti khon thuong (trn Windows) ta nhn c
danh sch cc th mc share trn my 10.0.0.2 nh hnh di y:
8/8/2019 Do an Tot Nghiep Linux
48/104
n tt nghip
48
Sau khi bit c cc th mc trn my, bn phi dng cu lnh:
[root@localhost root]# smbclient //10.0.0.2/SETUP -U thuong
Cant find include file /etc/Samba/smb.conf.
added interface ip=10.0.0.1 bcast=10.255.255.255 nmask=255.0.0.0
session request to 10.0.0.2 failed (Called name not present)
session request to 10 failed (Called name not present)
Password:
Domain=[GROUP] OS=[Windows 5.1] Server=[Windows 2000 LANManager]
smb: \>
8/8/2019 Do an Tot Nghiep Linux
49/104
n tt nghip
49
Ti du nhc ny bn c th xem cc file bn trong th mc tienna bng
lnh ls, ly n v my Linux bng lnh get hoc mget:
3.6.2 Truy cp t my Windows
Vi my Windows vic truy cp d dng hn nhiu, bn ch cn m
Windows Explore v tm n domain m my Linux ng nhp, nhn chut ln
tn my Linux sau nhp vo tn ti khon v mt khu tng ng, bn s nhn
thy cc th mc chia s (sharing) hin ra. Ti y bn cng c th thc hin cc
tnh nng nh map a, ng b th mc, sao chp file nh cc my
Windows thng thng.
8/8/2019 Do an Tot Nghiep Linux
50/104
n tt nghip
50
CHNG iV: Squid proxy server
4.1. Tm quan trng v phng thc hot ng ca Squid cache
Squid l mt chng trnh cache proxy chy trn nn tng Unix v Linux.N chuyn tip cc yu cu t my khch (trong trng hp ny l web
browsers) ti server. Khi m i tng yu cu tr v ti squid server n s
chuyn v cho client v gi mt bn copy cache. Mt trong nhng li ch ca
cache l khi vi client yu cu cng mt i tng th n s c ly t trong
cache gip cho cc client nhn c d liu nhanh hn l t Internet. Vic ny
cng gim cc traffic trn mng.
Cng vi caching squid cn c cc c tnh nh chia ti bng cch lin kt
cc proxy server, nh ngha cht ch cc danh sch iu khin truy cp cho cc
client truy cp proxy, cho php hay t chi truy cp ti cc trang web c bit.
Squid khng phi l proxy chung m n thng thng l proxy cho kt ni
HTTP. N cng h tr cc giao thc FTP, Gopher, SSL, v WAIS nhng n li
khng h tr cc giao thc internet khc nh Real Audio, news hoc hi tho trc
tuyn bi v Squid ch h tr giao thc UDP lin kt gia cc cache nhiuchng trnh multimedia khc cng khng c h tr.
Proxy caches
L mt Proxy caches Squid c th c s dng theo mt vi cch. Khi m
kt hp vi Firewall n c th gip cho vic bo mt. Nhiu Proxy c th c s
dng vi nhau v c th xc nh loi i tng no cn lu trong cache v lu
trong bao lu.
Squid v bo mt
Chng ta c th s dng squid cng vi Firewall bov mng ni b t
bn ngoi s dng proxy cache. Fireawall t chi tt c client truy cp ti dch v
8/8/2019 Do an Tot Nghiep Linux
51/104
n tt nghip
51
bn ngoi ngoi tr squid. Mi kt ni ti web phi c thit lp theo cch ca
proxy.
Nu cu hnh Firewall bao gm mt DMZ proxy c th vn hnh trong vng
ny. Trong trng hp ny tt c my tnh trong DMZ gi cc file log ti my
trong mng bo mt l rt quan trng.
Multiple caches
Vi proxy c th c cu hnh theo cch m cc i tng c th trao i
gia chng. Vic ny lm gim ti ton b h thng v tng kh nng tm mt
i tng tn ti trn mng cc b. Cn c kh nng cu hnh cache th
bc mt cache c th a ra yu cu ti mt cache cp thp hn hay cao hn.Vic chn c m hnh thch hp cho cache th bc l rt quan trng. Bi v
chng ta khng mun tng cc traffic trn mng. Vi mng rt ln chng ta c
th cu hnh proxy server cho tt c cc mng con v kt ni n ti mt proxy
cha m n kt ni ti proxy ca ISP.
Tt c cc giao tip c thc hin bi ICP ( Internet cache protocol)
chy trn giao thc UDP. D liu lu thng gia cc cache th s dng HTTP da
trn giao thc TCP.
Tm server thch hp nht nhn cc i tng th mt cache gi mt gi
tin ICP yu cu ti tt c cc proxy ngang hng. Gi tin ICP tr li s km theo
m HIT nu i tng c tm thy hoc m MISS nu khng thy. Nu nhiu
gi tin tr li vi m HIT th proxy server s quyt nh server ti v da vo
cc nhn t nh: cache no gi gi tin tr li sm nht hoc ci no gn nht.
Trong trng hp nhn c tn hiu tr li vi m MISS th yu cu s gi ticache cha.
Ch : trnh s trng hp d liu gia cc cache trong mt mng th
giao thc ICP khc c s dng nh: CARP (cache array routing protocol) hoc
8/8/2019 Do an Tot Nghiep Linux
52/104
n tt nghip
52
HTCP (hyper text cache protocol). Cng nhiu i tng lu trong mng th cng
nhiu kh nng tm thy d liu mong mun.
Caching Internet
Khng phi tt c cc i tng c trn mng u l tnh m c rt nhiu
cc trang ng c to bi CGI nh m lng khch truy nhp v ni dung ti
liu SSL c m ha. Cc i tng nh vy khng c cache bi v n thay
i mi khi chng c truy cp.
Cu hi lu tr cc i tng trong bao lu cache vn cn kh c li gii
thch hp. xc nh iu ny tt c cc i tng trong cache c gn mt
trong cc tnh trng: Last modified hoc Expires vo header. Server s dngthut ton LRU (last recently used) thay th cc i tng trong cache nhm
tng dung lng a n gin l server s loi b cc i tng m lu khng c
yu cu truy cp.
4.2. Ci t
Vo trang www.squid-cache.org load phn mm squid v my
S dng lnh sau ci squid:
[root@home]#rpm -i squid-version.i386.rpm
Sau khi ci s c cc th mc lin quan:
/usr/bin: Lu nhng th vin ca squid.
/ect/squid : Lu cc file cu hnh squid.
/var/log/squid :Lu cc tp tin log ca squid.
4.3. Tp tin cu hnh /etc/squid/squid.conf
Tt c nhng iu chnh i vi proxy server Squid c to trong /etc/squid/squid.conf. chy squid ln u tin khng cn phi thay i ni
dung ca file ny nhng tt c cc yu cu ca client bn ngoi s b t chi theo
mc nh. N ch c cho loccalhost. Cng mc nh l 3128. Sau khi ci th
8/8/2019 Do an Tot Nghiep Linux
53/104
n tt nghip
53
/etc/squid/squid.conf cung cp thng tin chi tit v cc ty chn v nhiu v d.
Gn nh tt c cc kha u bt u vi # ( Cc dng ch thch). Cc c t
c lin quan c th tm thy cui dng. Cc gi tr a ra hu ht l cc gi tr
tng quan vi gi tr mc nh do vy loi b du ch thch m khng thay i
cc tham s th s c mt t thay i trong hu ht trng hp.
4.4. Cu hnh cc ty chn c bn
- http_port :Cu hnh port m squid s lng nghe nhng yu cu c gi
n.
C php:
http_port Mc nh: http_port 3128
Ta thng thay i cng ny l : 8080
http_port 8080
- Cache_peer: Nu proxy khng kt ni trc tip n Internet hoc nm sau
mt firewall th ta phi cu hnh proxy ny truy vn n proxy khc bng tham s
cache_peer:
C php:
cache_peer
l tn hay a ch IP ca proxy truy vn n.
= parent , sibling hay multicast
l port m c thit lp bi parent proxy thng l 8080
l port m icp chy.
V d: truy vn n proxy ca ISP.cache_peer www.vdc.com.vn parent 8080 8082
Ngoi ra trong cng mt mng nu c nhiu proxy th c th cu hnh
cc proxy ny truy vn ln nhau:
8/8/2019 Do an Tot Nghiep Linux
54/104
n tt nghip
54
cache_peer proxy1.vdc.com.vn sibling 8080 8082
cache_peer proxy2.vdc.com.vn sibling 8080 8082
sibling c ngha la ngang hng
- Nhng ty chn nh hng n cache
cache_mem : kha ny nh ngha lng b nh dng cho cache.
cache_mem 8 MB
cache_dir: cu hnh th mc lu tr d liu c cache
cache_dir /usr/local/squid/cache 100 16 256
c ngha l th mc cache nm /usr/local/squid/cache c dung lng l
100 MB c 16 th mc con trong n mi th mc con c 256 th mc con na.Nu c vi a m chia s cache th c th thm vi dng cache_dir
cache_access_log
cache_access_log /var/log/squid/access.log
cache_log
cache_log /var/log/squid/cache.log
cache_store_log
cache_store_log /var/log/squid/store.log
- Ngi dng v nhm c th thay i squid. Cache_efactive_user,
Cache_efactive_group
cache_efactive_user chi
cache_efactive_group chi
- access control list v access control operator
4.5. Access control listBn c th dng access control list ngn chn, gii hn vic truy xut
da vo tn min, a ch IP ch (IP my hoc mng). Mc nh squid t chi
phc v tt c v vy phi cu hnh tham s ny.
8/8/2019 Do an Tot Nghiep Linux
55/104
n tt nghip
55
nh ngha access list dng th acl
c php:
acl < loi acl> ...
acl < loi acl> ...
acl src /
acl src -
/
acl srcdomain
acl dst /
acl dstdomain
acl port ..
acl port -
acl proto
acl method [GET] [POST]
S dng acl vi cc th iu khin
Th iu khin truy xut HTTPhttp_access allow/deny [!]
Th iu khin truy xut cache_peer
cache_peer_access cache host allow/deny [!]
Cc v du:
- Ch cho php mng 172.16.1.0/24 c dng proxy server bng t kha
src trong acl
acl MyNetwork src 172.16.1.0/255.255.255.0
http_access allow MyNetwork
http_access deny all
8/8/2019 Do an Tot Nghiep Linux
56/104
n tt nghip
56
- Cm cc my truy xut n site www.mail.yahoo.com
acl BadDomain srcdomainwww.mail.yahoo.com
http_access deny BadDomain
http_access deny all
Nu danh sch site cm truy xut qu di th c th lu chng co tp tin vn
bn. Ni dung ca danh sch ny l cc a ch m ta cm. Mi a ch ghi trn 1
dng.
[root@home]#cat >/etc/squid/cam
ni dung file cm:
www.mail.yahoo.comwww.gmail.com
www.vnexpress.net
acl BadDomain srcdomain /etc/squid/cam
http_access deny BadDomain
http_access deny all
Nu c nhiu acl th ng vi mi acl c mt http_access
- Cm cc my truy xut n site www.mail.yahoo.com. Ch c mng
172.16.1.0/24 l c php dng proxy
acl MyNetwork src 172.16.1.0/255.255.255.0
acl BadDomain srcdomain www.mail.yahoo.com
http_access deny BadDomain
http_access allow MyNetwork
http_access deny all4.6. Khi ng squid
khi ng squid ta dng lnh:
8/8/2019 Do an Tot Nghiep Linux
57/104
n tt nghip
57
[root@home]# /etc/init.d/squid start
dng squid ta dng lnh:
[root@home]# /etc/init.d/squid stop
khi ng li squid ta dng lnh:
[root@home]# /etc/init.d/squid restart
8/8/2019 Do an Tot Nghiep Linux
58/104
n tt nghip
58
Chng V: Cu hnh WEB SERVER5.1 Ci t apache, php, mysql.
Apache l mt Web server rt mnh v cng l mt phn mm c chn
lm web server chy trn hu ht cc server Linux. Do p ng c nhiu
yu cu ca ngi dng nh pht trin ng dng, kt ni vi cc h c s d liu
thng dng, kh nng bo mt, chy trn nhiu h iu hnh khc nhau v mt
iu m chng ta u bit l n min ph.
y chng ta ly v d my ch c a ch IP l 10.0.0.1 ci apache
cn my trm c a ch IP cn li ca lp A
5.1.1 Download v ci t Apache
Chng ta c th download apache a ch: http://httpd.apache.org
n gin hn c th copy tp tin apache-2.0.15.i386.rpm trn a ci
t RedHat 9.0
Sau khi c file apache-2.0.15.i386.rpm th copy n vo th mc no
ri chy lnh rpm vi tham s ivh chng hn ta copy vo th mc /var/apache
#cp apache-2.0.15.i386.rpm /var/apache
chuyn vo th mc /var/apache
#cd /var/apache
ci t
#rpm -ivh apache-2.0.15.i386.rpmsau khi thc hin cc lnh trn th apache c ci t trn Linux.
khi ng dch v ta g lnh:
#/etc/rc.d/init.d/httpd start
8/8/2019 Do an Tot Nghiep Linux
59/104
n tt nghip
59
C th vo trnh duyt kim tra. Vo trnh duyt g http://10.0.0.1 nu
thy mn hnh nh sau th apache hot ng.
5.1.2 Download v ci t php
Chng ta c th download php a ch: http://php.net
Sau khi c file php.rpm th copy n vo th mc no ri chy lnh
rpm vi tham s ivh chng hn ta copy vo th mc /var/php
#cp php.rpm /var/php
chuyn vo th mc /var/php #cd /var/php
ci t
#rpm -ivh php.rpm
8/8/2019 Do an Tot Nghiep Linux
60/104
n tt nghip
60
Sau khi thc hin cc lnh trn th php c ci t trn Linux h tr
cho apache.
kim tra xem php hot ng trn apache cha ta tao file php chy
th:
#echo Tin5-k5 vui ve>/var/www/html/thu.php
Vo trnh duyt g http://10.0.0.1/thu.php nu thy mn hnh nh sau th
php hot ng:
5.1.3 Download v ci t Mysql
Chng ta c th download Mysql a ch: http://mysql.com
8/8/2019 Do an Tot Nghiep Linux
61/104
n tt nghip
61
Sau khi c file mysql.rpm th copy n vo th mc no ri chy lnh
rpm vi tham s ivh chng hn ta copy vo th mc /var/mysql
#cp mysql.rpm /var/mysql
chuyn vo th mc /var/mysql
#cd /var/mysql
ci t
#rpm -ivh mysql.rpm
Sau khi thc hin cc lnh trn th php c ci t trn Linux h tr
cho apache.
kim tra xem Mysql hot ng trn apache cha ta tao file php ctruy cp c s d liu chy th:
G lnh: mysql -u root
Lc ny s xut hin du nhc mysql>, bn g ln lt cc lnh:
use test;
CREATE TABLE books (
id int(3) not null auto_increment,
name char(50) not null,
unique(id),
primary key(id)
);
INSERT INTO books (name) values('PHP 4 Newbies');
INSERT INTO books (name) values('Red Hat Linux Server');
exit
Lnh exit s thot khi du nhc ca mysql.
8/8/2019 Do an Tot Nghiep Linux
62/104
n tt nghip
62
To file mysql.php trong th mc /var/www/html/ ni dung file mysql.php
nh sau:
Ri sang browser chy thhttp://10.0.0.1/mysql.php nu thy hnh nh
sau l thnh cng.
8/8/2019 Do an Tot Nghiep Linux
63/104
n tt nghip
63
5.2 Cu hnh Apache c bn
cu hnh Apache th phi sa thng tin trong tp tin
/etc/httpd/conf/httpd.confTp tin cu hnh ca /etc/ httpd/conf/httpd.conf
Tp tin httpd.conf l tp tin cu hnh chnh ca web server
Apache. Tp tin httpd.conf t thit t chnh n cho vic ci t cu hnh quen
thuc vi:
ServerType standalone: Ty chn Server root ch r Apache phi
chy trn h thng nh th no. C th chy n t super-server inetd, hoc nh
standalone deamon. N c ngh chy theo kiu standalone thi hnh v c
tc tt hn.
8/8/2019 Do an Tot Nghiep Linux
64/104
n tt nghip
64
ServerRoot /etc/httpd: Ty chn ServerRoot ch r th mc
lu nhng tp tin ang s dng ca my ch Apache. N ch cho Apache bit
ni no c th tm thy nhng tp tin khi n khi ng.
PidFile /var/run/httpd.pid: Ty chn PidFile ch r ni m
my ch s ghi li id ca tin trnh ca deamon khi n khi ng. Ty chn ny
ch c yu cu khi cu hnh Apache kiu standalone.
ResourceConfig /dev/null: Ty chn ResourceConfig ch r ni
lu tr tp tin c srm.conf ni ny Apache c sau khi n c xong tp tin
httpd.conf. Khi bn t ng dn n /dev/null, Apache cho php bn a
vo ni dung ca tp tin ny trong tp tin httpd.conf, v theo cch ny th s cmt tp tin kim sot tt c nhng tham s cu hnh cho n gin.
AccessConfig /dev/null: Ty chn AccessConfig ch r ni lu
tr tp tin c access.conf ni ny Apache c sau khi n c xong tp tin
srm.conf. Khi bn t ng dn n /dev/null, Apache cho php a vo
ni dung ca tp tin ny trong tp tin httpd.conf, v theo cch ny ta va c
mt tp tin kim sot tt c nhng tham s cu hnh cho n gin.
Timeout 300: Ty chn Timeout ch r khong thi gian Apache
s ch cho mt yu cu GET, POST, PUT v pht hin tn hiu ACKs. C th an
ton b i ty chn trn gi tr mc nh ca n.
KeepAlive On: Ty chn KeepAlive, nu m On, cho php duy
tr kt ni lin tc trn web server. thc hin tt hn, nn chn On, v cho
php nhiu hn mt yu cu trn kt ni.
Max KeepAliveRequests 0: Ty chn Max KeepAliveRequestsch r s yu cu cho php trn kt ni ty chn KeepAlive trn c
On. Khi gi tr bng 0 th khng c gii hn yu cu c php trn my ch.
8/8/2019 Do an Tot Nghiep Linux
65/104
n tt nghip
65
Tng kh nng thc hin cho my ch nn cho php khng gii hn nhng yu
cu.
KeepAliveTimeout 15: Ty chn KeepAliveTimeout ch r
khong thi gian c tnh bng giy, Apache s ch yu cu n sau trc khi
ngt kt ni. 15 l mt gii hn tt cho my ch thc hin.
MinSpareServers 16: ty chn MinSpareServers ch r s nh
nht ca idle child server processes cho Apache, iu ny khng gii quyt mt
yu cu. y l tham s iu chnh quan trng i vi s thc hin ca web
server Apache. S hot ng vi trng ti cao, 16 l mt gi tr ngh bi
nhng im chun khc nhau trn Internet.MaxSpareServers 64: Ty chn MaxSpareServers 64 ch r s ln
nht ca idle child server processes cho Apache, iu ny khng gii quyt mt
yu cu. y l tham s iu chnh quan trng i vi s thc hin ca web
server Apache. S hot ng vi trng ti cao, 16 l mt gi tr ngh bi
nhng im chun khc nhau trn Internet.
StartServers 16: Ty chn StartServers ch r s ca child server
processes n s c to bi Apache lc khi ng. y l tham s iu chnh
quan trng i vi s thc hin ca web server Apache. S hot ng vi trng ti
cao, 16 l mt gi tr ngh bi nhng im chun khc nhau trn Internet.
MaxClient 512: Ty chn MaxClient ch r nhng yu cu xy ra
cng mt thi im n c th c h tr bi Apache. y l tham s iu chnh
quan trng i vi s thc hin ca web server Apache. S hot ng vi trng ti
cao, 512 l mt gi tr ngh bi nhng im chun khc nhau trn Internet. MaxRequestsPerChild 100000: Ty chn MaxRequestsPerChild
ch r s nhng yu cu ca mt child server processes ring l s x l. y
8/8/2019 Do an Tot Nghiep Linux
66/104
n tt nghip
66
cng l tham s iu chnh quan trng i vi s thc hin ca web server
Apache.
User www: Ty chn User ch r UID m my ch Apache s
chy. iu quan trng to mi mt nhm ngi dng c quyn ti thiu truy
cp h thng, v nhng chc nng chy c web server deamon.
Group www: Ty chn Group ch r GID m my ch Apache s
chy. iu quan trng to mi mt nhm ngi dng c quyn ti thiu truy
cp h thng, v nhng chc nng chy c web server deamon.
DirectoryIndex index.htm index.html index.php index.php3
default.html index.cgi: Ty chn DirectoryIndex ch r nhng tp tin ngidng bi Apache nh l mt th mc index HTML vit sn. Ni cch khc, nu
Apache khng thy trang index mc nh hin th, n s c tm danh sch k
tip trong tham s ny (nu c sn). tng tc cho web server nn c danh
sch cha hu ht nhng trang index mc nh hin th nhng trang web u
tin.
Include /conf/mmap.conf: Ty chn Include ch r ni lu trnhng tp tin khc m bn c th a vo t bn trong nhng tp tin cu
hnh(httpd.conf). Trng hp ny a vo tp tin mmap.conf c lu tr trong
th mc /etc/httpd.conf. Tp tin(mmap.conf) sp xp cc tp tin vo trong b
nh truy xut nhanh hn.
HostnameLookups Off: Ty chn HostnameLookups, nu chn
Off nh r khng cho DNS tra cu. Nn chn Off gim thi gian luthng trn mng, ci thin tc ca web server Apache.
8/8/2019 Do an Tot Nghiep Linux
67/104
n tt nghip
67
5.3 Cu hnh bo mt apache
5.3.1 Gii hn a ch ip.
Theo thng k thc t, 70% cc cuc tn cng xut pht t cc my tnhtrong mng ni b, 30% s cn li n t cc my mng bn ngoi. V vy, vic
gii hn c cc my tnh trong mng 'dm ng' nhng ti nguyn quan trng
v nhy cm trn my ch cng nhiu cng tt. Module mod_access ca Apache
c kh nng xc nh c a ch IP ca my trm c yu cu s dng dch v
Web, da trn n p dng cc chnh sch (policy) m ngi qun tr khai
bo quyt nh my tnh c a ch IP c c php s dng dch v hay
khng.Vic khai bo cc chnh sch c thc hin bng vic sa i file cu
hnh ca Apache (mc nh s c lu vo file /etc/httpd/conf/httpd.conf) v
thm vo cc th.
ngn hay cho php mt a ch, di a ch IP xc nh, Apache c th
Allow v Deny. C php ca hai th ny nh sau:
Allow from host-or-network #Cho php host hoc mt gii IP truy cp
Deny from host-or-network # Cm host hoc mt gii IP truy cp
host-or-network c th l:
Tn host hoc tn domain (v d: www.foo.com)
Mt a ch IP xc nh (v d: 10.0.0.2)
Mt a ch IP v a ch mng con (v d: 10.0.0.0/255.0.0.0 - xc nh
tt c cc my tnh c a ch IP c byte u l 10, bt k 3 byte sau l
g).
Vi hai th trn, Apache khuyn co s dng a ch IP thay cho tn
domain, bi nu khai theo tn domain th Apache phi tn thi gian chuyn i
8/8/2019 Do an Tot Nghiep Linux
68/104
n tt nghip
68
t domain name sang IP v sau mi p dng cc chnh sch gii hn cho a
ch ny. Vic ny dn n s tiu tn ti nguyn ca my ch.
Nu mun dng c hai th Allow v Deny th th t ca chng c xc
nh bng th Order.
V d: cu hnh ch cho cc my c a ch IP c byte u tin l 10 c
xem ni dung file .html th khai bo nh sau:
Order Deny,Allow #khng c khong trng gia hai t kho
Deny from All
Allow from 10.0.0.0/255.0.0.0
Sau khi thay i ni dung file cu hnh (/etc/httpd/conf/httpd.conf), thay
i ny c hiu lc phi khi ng li dch v Web (httpd) bng lnh:
[root@localhost root]# /etc/rc.d/init.d/httpd restart
Apache s thc thi th Deny trc v th Allow sau. Cch lm ny c
tin hnh tng t i vi th mc.
V d: C mt din n (forum) t ti th mc vt l l
/var/www/html/forum . V mun gii hn cho cc my tnh thuc di a ch t
10.0.0.1 n 10.0.0.15 , hoc my c a ch 10.0.0.91 th c th khai bo nh
sau:
Order Deny,Allow
Deny from AllAllow from 10.0.0.1/ 28
Allow from 10.0.0.91
8/8/2019 Do an Tot Nghiep Linux
69/104
n tt nghip
69
Khi khai bo nh vy th ch c cc my tnh c a ch IP tho mn
iu kin trn mi c th truy cp vo din n ny. Tt c cc my tnh c a
ch
IP nm ngoi di trn s nhn c thng bo 'Access forbidden!' nh hnh
di y.
5.3.2 Gii hn truy cp theo ti khon s dng
Nu mun bo v cc trang thng tin ca mnh trn Website bng cch
yu cu ngi dng phi nhp vo tn ti khon (username) v mt khu
(password) th Apache cng c sn module mod_auth p ng yu cu ny.
Apache cung cp 2 kh nng xc thc ngi dng l Basic authentication v
Digest authentication. Trong , Digest authentication c nh gi l an ton
8/8/2019 Do an Tot Nghiep Linux
70/104
n tt nghip
70
hn nhng li t c pht trin. Cch xc thc c s dng ph bin vi cc
Web server Apache hin nay l basic authentication, cch xc thc ny s dng
64 bit m ha tn ti khon v mt khu trc khi gi n server. iu ny
cn c ngha l vic chn thng tin trn ng truyn gii m ly tn ti
khon v mt khu l cng vic ht sc kh khn.
Cc thng tin v tn ti khon v mt khu c to bng chng trnh
htpasswd. Cc thng tin ny s c lu vo mt file text vi trung mt khu
c m ho v khi cn xc thc ngi dng Apache s gii m mt khu m
ngi dng cung cp sau mang so snh vi mt khu lu tr. C php ca cu
lnh htpasswd nh sau (cc thng tin trong du ngoc vung '[]' l tu chn) :htpasswd [options] pwfile username [password]
options bao gm:
m: Chn thut ton m ho mt khu l MD5.
d: Dng thut ton m ho ca h thng m ha mt khu.
s: M ha mt khu theo thut ton SHA.
b: Nhp mt khu trc tip vo dng lnh.
Thut ton m ha c th c p dng cho tng bn ghi khc nhau trong
mt file, iu ny c ngha l cc ti khon khc nhau c th c mt khu
c m ha theo cc thut ton khc nhau.
c: Mc nh htpasswd hiu rng file cha ti khon v mt khu (pwfile)
tn ti. V vy to mt file mi bn phi s dng tu chn -c.
pwfile: L tn file lu tr tn ti khon v mt khu.
username: Tn ti khon cn to.password: Mt khu ca ti khon tng ng (ch s dng khi c option l
'-b').
8/8/2019 Do an Tot Nghiep Linux
71/104
n tt nghip
71
V d: to ra ti khon l chi vi mt khu l 123456 vo mt file mi l
/etc/http/conf/passwd th cu lnh y l:
#htpasswd -cb /etc/httpd/conf/passwd chi 123456
hoc:
#htpasswd -c /etc/http/conf/passwd chi
Sau khi to c file cha ti khon v mt khu ca ngi dng th ngi
qun tr s phi s dng cc th AuthName, AuthType, AuthUserFile v Require
khai bo trong file cu hnh http.conf.
V d: Mun a ln mt trang sch in t c a ch URL l
http://10.0.0.1/book/ v yu cu mi ngi vo trang ny u phi c tn tikhon v mt khu c gn nh trc. File cu hnh
/etc/httpd/conf/http.conf phi thm vo cc dng sau:
AuthName 'Insiders Only'
AuthType Basic
AuthUserFile /etc/httpd/conf/passwd
Require valid-user
Khi ngi dng yu cu tran web th apache s yu cu nhp username
v password
8/8/2019 Do an Tot Nghiep Linux
72/104
n tt nghip
72
Lu : Mc nh dch v Web (httpd) s s dng account Apache khi
ng cng nh xc nh cc quyn hn c/ghi cho cc file v th mc trn h
thng. V vy, ti khon ny phi c quyn c file /etc/httpd/conf/passwd
bit c mt khu ngi s dng v ti khon tng ng. lm vic ny ta cth dng mt trong hai lnh sau:
[root@localhost root]# chmod ugo+r /etc/httpd/conf/passwd
hoc
[root@localhost root]# chown apache /etc/httpd/conf/passwd
Cng ging nh vic khai bo chnh sch cho a ch IP, sau khi khai bo
li file cu hnh cho cc th AuthName, AuthType, AuthUserFile v Require
Apache, httpd yu cu phi c khi ng li xc nhn s thay i ny. V
vy, sau mi ln thay i phi dng lnh:
[root@localhost root]# /etc/initd.d/httpd restart
8/8/2019 Do an Tot Nghiep Linux
73/104
n tt nghip
73
Vi cu hnh nh trn, ch ngi s dng no c ti khon v mt khu
trong file /etc/httpd/conf/passwd mi c quyn ng nhp vo trang Web
http://DiaChiIPCuaMay/book/.
Th Require c cc gi tr sau:
valid-user: ch nhng ngi c ti khon hp l.
user userid: ch cho php cc ti khon ny ng nhp nu cung cp
ng mt khu.
group groupid: ch c ti khon thuc cc cc nhm xc nh mi c
quyn ng nhp.
V d: C 4 ngi dng khai bo trong file /etc/ httpd/conf/passwd l'thuong', 'huong', 'chi', 'bidao'. Trong s 4 ngi ny bn ch cho php 3 ngi l
'thuong', 'huong', 'chi' c ng nhp vo a ch http://10.0.0.1/secure/.
Alias /secure/ '/var/www/secure/'
# th ny nh x th mc '/var/www/secure/ ln http://10.0.0.1/secure/
AuthType Basic
AuthName '3 Member Only'
AuthUserFile /etc/httpd/conf/passwd
Require user thuong huong chi
Th AuthUserFile: Ch cho php xc nh tng ngi dng. Khi mun xc
nh cho mt nhm ngi dng phi dng th AuthGroupFile, c php ca th
ny nh sau:
AuthGroupFile Filepath
8/8/2019 Do an Tot Nghiep Linux
74/104
8/8/2019 Do an Tot Nghiep Linux
75/104
n tt nghip
75
Nhng ti khon khng thuc nhm Admin s khng th ng nhp c vo
http://10.0.95.15/book/, nu c ng nhp sau 3 ln s nhn c thng bo'Authentication required!'
8/8/2019 Do an Tot Nghiep Linux
76/104
n tt nghip
76
i khi nhiu ngi mun kt hp c gii hn theo a ch IP v ngi
dng, vic ny hon ton c th trin khai c vi Apache, di y l mton file cu hnh v d:
Order Deny,Allow
Deny from All
Allow from 10.0.0.0/255.0.0.0
AuthName 'Insiders Only'AuthType Basic
AuthUserFile /etc/httpd/conf/passwd
Require valid-user
8/8/2019 Do an Tot Nghiep Linux
77/104
n tt nghip
77
Nh vy, truy cp c file phpinfo.php ngi s dng phi qua c 2
vng kim tra, ln th nht Apache s kim tra a ch IP ca my ngi dng
yu cu c nm trong di 10.0.0.0/255.0.0.0 hay khng, nu iu kin ny tho,
n tip tc kim tra mt khu v ti khon ngi dng cung cp c tng ng vi
thng tin lu trong file /etc/httpd/conf/passwd hay khng, nu c hai u tho th
ngi dng s c c ni dung file ny.
8/8/2019 Do an Tot Nghiep Linux
78/104
n tt nghip
78
Chng vI: Bo mt vi Firewall, ip tables
6.1 FireWall6.1.1 nh ngha
Thut ng FireWall c ngun gc t mt k thut thit k trong xy dng
ngn chn, hn ch ho hon. Trong Cng ngh mng thng tin, FireWall l mt
k thut c tch hp vo h thng mng chng li s truy cp tri php
nhm bo v cc ngun thng tin ni b cng nh hn ch s xm nhp vo h
thng ca mt s thng tin khc khng mong mun.Internet FireWall l mt thit b (bao gm phn cng v phn mm) gia
mng ca mt t chc, mt cng ty, hay mt quc gia (Intranet) v Internet.
6.1.2 Chc nng
FireWall quyt nh nhng dch v no t bn trong c php truy cp t
bn ngoi, nhng ngi no t bn ngoi cphp truy cp n cc dch v bn
trong, v c nhng dch v no bn ngoi c php truy cp bi nhng ngi
bn trong.6.1.3 Cu trc ca FireWall
FireWall bao gm :
Intranet
FireWall
Internet
8/8/2019 Do an Tot Nghiep Linux
79/104
n tt nghip
79
Mt hoc nhiu h thng my ch kt ni vi cc b nh tuyn (router)
hoc c chc nng router.
Cc phn mm qun l an ninh chy trn h thng my ch. Thng thng
l cc h qun tr xc thc (Authentication), cp quyn (Authorization) v k
ton (Accounting).
6.1.4 Cc thnh phn ca FireWall
Mt FireWall bao gm mt hay nhiu thnh phn sau :
+ B lc packet (packet- filtering router).
+ Cng ng dng (Application-level gateway hay proxy server).
+ Cng mch (Circuite level gateway).6.1.4.1 B lc packet (Packet filtering router)
Khi ni n vic lu thng d liu gia cc mng vi nhau thng qua Firewall
th iu c ngha rng Firewall hot ng cht ch vi giao thc TCI/IP. V
giao thc ny lm vic theo thut ton chia nh cc d liu nhn c t cc ng
dng trn mng, hay ni chnh xc hn l cc dch v chy trn cc giao thc
(Telnet, SMTP, DNS, SNMP, NFS...) thnh cc gi d liu (data packets) ri gn
cho cc packet ny nhng a ch c th nhn dng, ti lp li ch cn gi
n, do cc loi Firewall cng lin quan rt nhiu n cc packet v nhng
con s a ch ca chng.
B lc packet cho php hay t chi mi packet m n nhn c. N kim tra
ton b on d liu quyt nh xem on d liu c tho mn mt trong
s cc lut l ca lc packet hay khng. Cc lut l lc packet ny l da trn cc
thng tin u mi packet (packet header), dng cho php truyn cc packet trn mng. l:
a ch IP ni xut pht ( IP Source address)
a ch IP ni nhn (IP Destination address)
8/8/2019 Do an Tot Nghiep Linux
80/104
n tt nghip
80
Nhng th tc truyn tin (TCP, UDP, ICMP, IP tunnel)
Cng TCP/UDP ni xut pht (TCP/UDP source port)
Cng TCP/UDP ni nhn (TCP/UDP destination port)
Dng thng bo ICMP ( ICMP message type)
Giao din packet n ( incomming interface of packet)
Giao din packet i ( outcomming interface of packet)
Nu lut l lc packet c tho mn th packet c chuyn qua firewall.
Nu khng packet s b b i. Nh vy m Firewall c th ngn cn c cc kt
ni vo cc my ch hoc mng no c xc nh, hoc kho vic truy cp
vo h thng mng ni b t nhng a ch khng cho php. Hn na, vic kim
sot cc cng lm cho Firewall c kh nng ch cho php mt s loi kt ni nht
nh vo cc loi my ch no , hoc ch c nhng dch v no (Telnet,
SMTP, FTP...) c php mi chy c trn h thng mng cc b.
6.1.4.2 Cng ng dng (application-level getway)
y l mt loi Firewall c thit k tng cng chc nng kim sot cc
loi dch v, giao thc c cho php truy cp vo h thng mng. C ch hotng ca n da trn cch thc gi l Proxy service. Proxy service l cc b code
c bit ci t trn gateway cho tng ng dng. Nu ngi qun tr mng khng
ci t proxy code cho mt ng dng no , dch v tng ng s khng c
cung cp v do khng th chuyn thng tin qua firewall. Ngoi ra, proxy code
c th c nh cu hnh h tr ch mt s c im trong ng dng m ng-
i qun tr mng cho l chp nhn c trong khi t chi nhng c im khc.
Cng ng dng thng c coi nh l mt pho i (bastion host), bi v nc thit k t bit chng li s tn cng t bn ngoi. Nhng bin php
m bo an ninh ca mt bastion host l:
8/8/2019 Do an Tot Nghiep Linux
81/104
n tt nghip
81
Bastion host lun chy cc version an ton (secure version) ca cc phn mm h
thng. Cc version an ton ny c thit k chuyn cho mc ch chng li s
tn cng vo phn mm h thng, cng nh l m bo s tch hp firewall.
Ch nhng dch v m ngi qun tr mng cho l cn thit mi c ci t
trn bastion host, n gin ch v nu mt dch v khng c ci t, n khng
th b tn cng. Thng thng, ch mt s gii hn cc ng dng cho cc dch v
Telnet, DNS, FTP, SMTP v xc thc user l c ci t trn bastion host.
Bastion host c th yu cu nhiu mc xc thc khc nhau, v d nh user
password hay smart card.
Mi proxy c t cu hnh cho php truy nhp ch mt s cc my ch nhtnh. iu ny c ngha rng b lnh v c im thit lp cho mi proxy ch
ng vi mt s my ch trn ton h thng.
Mi proxy
Recommended