Do an Tot Nghiep Linux

8/8/2019 Do an Tot Nghiep Linux

1/104


2/104

n tt nghip

2

3.3.2 cu hnh Sharing Setting......................................................................423.4 Chia s file......................................................................................................433.5 Kim tra cu hnh va thit lp ......................................................................44

3.5.1 Kim tra bng cng c Testparm ........................................................44

3.5.2 Kim tra bng cng c smbstatus .......................................................453.6 Chy samba server..........................................................................................46

3.6.1 S dng cu lnh smbclient.................................................................473.6.2 Truy cp t my Windows ..................................................................49

Chng IV: Squid proxy server ........................................................................504.1. Tm quan trng v phng thc hot ng ca Squid cache........................504.2. Ci t............................................................................................................524.3. Tp tin cu hnh /etc/squid/squid.conf ..........................................................524.4. Cu hnh cc ty chn c bn .......................................................................534.5. Access control list .........................................................................................544.6. Khi ng squid ............................................................................................56

Chng V: Cu hnh WEB SERVER...............................................................585.1 Ci t apache, php, mysql.............................................................................58

5.1.1 Download v ci t Apache...............................................................585.1.2 Download v ci t php .....................................................................595.1.3 Download v ci t Mysql.................................................................60

5.2 Cu hnh Apache c bn.................................................................................635.3 Cu hnh bo mt apache................................................................................67

5.3.1 Gii hn a ch ip. ..............................................................................675.3.2 Gii hn truy cp theo ti khon s dng............................................69

Chng VI: Bo mt vi Firewall, ip tables...................................................786.1 FireWall..........................................................................................................78

6.1.1 nh ngha...........................................................................................786.1.2 Chc nng............................................................................................786.1.3 Cu trc ca FireWall ........................................................................786.1.4 Cc thnh phn ca FireWall ..............................................................79

6.1.4.1 B lc packet (Packet filtering router) .........................................796.1.4.2 Cng ng dng (application-level getway) .................................806.1.4.3 Cng mch (circuit-Level Gateway) ...........................................81

6.1.5 Nhng hn ch ca firewall.................................................................82

6.2 IpTables ..........................................................................................................826.2.1 Tng quan v iptables..........................................................................826.2.2 Bng filter...........................................................................................836.2.3 Bngnat ...........................................................................................846.2.4 Bng mangle........................................................................................85


3/104

n tt nghip

3

6.2.5 Cu hnh iptables .................................................................................876.2.5.1 C php c bn ca iptables........................................................876.2.5.2 Cc lnh ca iptables....................................................................886.2.5.3 Cc iu kin trong lut ...............................................................90

6.2.5.3.1 Nhm cc iu kin chung....................................................906.2.5.3.2 Nhm cc iu kin n..........................................................926.2.5.3.3 Nhm cc iu hin hin.......................................................93

6.2.5.4 Cc hnh ng trong lut .................................................................956.2.5.4.1 user-defined-chain................................................................956.2.5.4.2 DROP ....................................................................................966.2.5.4.3 REJECT.................................................................................966.2.5.4.4 RETURN...............................................................................966.2.5.4.5 SNAT.....................................................................................966.2.5.4.6 MASQUERADE ...................................................................976.2.5.4.7 DNAT....................................................................................98

6.2.5.5 Cc v d.......................................................................................99Ti liu tham kho..........................................................................................103


4/104

n tt nghip

4

Chng I: Gii thiu v Linux

1.1S lc v Linux.1.1.1 Gii thiu v h iu hnh Unix.

Nm 1964, Bell Labs, MIT & General Electric pht trin mt h iu hnh

gi l MULTICS(Multiplexed Information and Computing System). Sau nm

1969, Ken Thompson (mt lp trnh h thng ca Bell labs) ngh rng ng ta c

th lm mt h iu hnh tt hn. V vy, ng ta vit mt h iu hnh trn h

thng my tnh PDP-7, v h iu hnh ny c gi l Unix. Mc tiu khi u

l cung cp mt mi trng my tnh ho m phng tr chi khng gian.

Nhng c mt vn xy ra l phin bn Unix ny khng th chy c trn h

thng phn cng khc. Do n nm 1973 Ritchie v Thompson vit li h

iu hnh bng ngn ng C, khc hn vi cc h iu hnh truyn thng ghi

bng ngn ng my, do Unix rt d ci t trn cc h my khc. Nm 1974

h iu hnh Unix c ci t trn cc my DEC PDP-11 hn 100 trng

i hc. Mc tiu ch yu l cung cp mi trng cho cc lp trnh vin chuynnghip. V th, Unix ngy cng thng dng v ngy cng c thm nhiu c tnh

mi c b xung. Sau chnh ph v qun i M s dng Unix ni

mng ton cu (Internet).

n nay c hng trm ngn h thng Unix ci t trn khp th gii. Hu

ht cc hng sn xut my u c mt phin bn cho Unix. Tuy nhin hin nay

chun ho h iu hnh Unix, ngi ta quy c cc tp lnh chun v gi l

Unix System V Release 4. Trn my PC hin nay ph bin hai h iu hnh l

SCO Unix v SUN Solaris.

Cc c im c bn ca h iu hnh Unix


5/104

n tt nghip

5

- a nhim (Multitasking).

- Nhiu ngi s dng (Multiuser).

- Bo mt(security).- c lp phn cng (multi platform).

- Kt ni m.

- Dng chung thit b.

- T chc tp tin phn cp.

u im ca h iu hnh Unix:

- H thng c vit trn ngn ng C nn d c, d hiu, d thay

i ci t trn loi my mi.- C giao din ngi dng n gin, cho php xy dng cc chng

trnh phc tp t cc chng trnh n gin hn.

- y l h a ngi dng a tin trnh , mi ngi dng c th

thc hin nhiu chng trnh mi chng trnh c th c nhiu tin

trnh.

- Che i cu trc my i vi ngi dng, c th vit chng trnh

chy trn cc iu kin phn cng khc nhau.

- S dng h thng file c cu trc.

1.1.2 Gii thiu v h iu hnh Linux.

Linux l mt trong nhng h iu hnh ph thng nht

bi s phn phi v c s h tr m rng ca n. Ban u,

Linux c pht trin di dng mt h thng a nhim cho

my tnh mini v my ch vo gia thp nin 70. K t nnay Linux ln mnh v tr thnh mt trong nhng h iu

hnh c s dng rng ri nht.


6/104

n tt nghip

6

Linux l phin bn ca Unix c phn phi min ph v ban u do Linus

Torvalds thc hin v pht trin. ng bt u nghin cu Linux vo nm 1991

khi cn l sinh vin trng i hc Helsinki Phn Lan. Linux c xy dng v

pht trin t h iu hnh Minix (mt phin bn ca Unix). Lc u, Linus tung

ra phin bn Linux u tin trn Internet cho mi ngi s dng min ph, iu

v tnh dy ln mt hin tng pht trin phn mm ln. Linux c xc lp

v duy tr bi mt nhm hp tc gm vi ngn nh pht trin phn mm tnh

nguyn cng lm vic qua Internet. Cc cng ty cung cp h tr Linux pht

trin n thnh loi sn phm d ci t vi mc ch kinh doanh cc trm lm

vic c ci sn phn mm Linux.Vo ngy 5 thng 10 nm 1991, Linus cng b phin bn Linux chnh

thc u tin, phin bn 0.02. Bt ngun t h iu hnh Minix ca Andrew

Tanenbaum, Linux ban u ch l mt d n m trong Linux mun xy dng

mt h unix n gin c th chy trn PC 386. Phin bn ny c xc nh nh

mt h thng ca cc hacker. Vn chnh l pht trin kernel ch khng phi

khng phi nhm mc ch h tr ngi dng hay phn phi. Nhng n nay

s hon thin thc s trong th gii Linux gii quyt c vn mi trng

ngi s dng ho, gi sn phm d dng ci t v cc ng dng cao cp

nh: tin ch ho v cc b phin bn sn phm.

T khi phin bn Linux u tin ra i cho n nay th c rt nhiu

phin bn Linux mi ra i cng vi nhiu tnh nng mi c thm vo nhm

phc v, h tr nhng tin ch ngy cng cao ca ngi dng.

V Linux c pht trin t h iu hnh Minix(mt phin bn ca Unix)nn Linux cng c nhng c tnh v u im ca h iu hnh Unix:

- Linux cng c vit bng C.

- Linux cng l a ngi dng, a nhim, l h iu hnh mng.


7/104

n tt nghip

7

- Linux cung cp mi trng y cho lp trnh v pht trin.

- Linux chy trn nhiu h thng phn cng khc nhau:

B x l 86(Celeron/PII/PIII/PIV/Pentium/80386/80486).

My Macintosh.

B x l Cyrix.

B x l AMD.

B x l Sun Microsystems Sparc processor.

B x l Alpha(Compaq).

1.2 Tnh nng ca Linux.

Linux l mt h iu hnh a ngi s dng: Ngha l nhiu ngi c th sdng my tnh c ci Linux ti mt thi im.

Linux l mt h iu hnh a nhim: Ti mt thi im mt ngi s dng

c th thc hin ng thi nhiu tc v. Vi h iu hnh n chng nh MS-

DOS mt lnh thc hin s chim ton b thi gian CPU x l, bn ch c th

thc hin lnh k tip khi lnh trc thc hin xong. Cn trong Linux, bn

c th thc hin cng lc nhiu lnh.

Linux gn nh tng thch vi nhiu chun Unix cp ngun bao gm tnh

nng BSD, IEEE POSIX.1 v System V. Linux c pht trin v rt ch trng

ti tnh kh chuyn ngun. Do bn c th dng chung nhng tnh nng trong

h Linux qua thi hnh Unix.

Linux cn h tr cho bn phm ty bin hoc theo chun quc gia s dng

trnh iu khin bn phm kh ti ng. Linux cn h tr cc console o, cho

php bn chuyn i gia nhiu phin bn ng nhp t console h thng trongch vn bn.

Linux c th tn ti trn h thng c h iu hnh khc nh windows 95,

Windows 98, Windows NT, Windows XP, OS/2 hoc nhng phin bn khc ca


8/104

n tt nghip

8

Unix. B np khi ng Linux cho php bn la chn h iu hnh bt u

vo thi Im khi ng v Linux cng tng thch vi cc b np khi ng

khc.

Linux c th chy trn nhiu kin trc CPU bao gm:

X86(Celeron/PII/PIII/PIV/Pentium/80386/80486), SPARC, Alpha, PowerPc,

MIPS v m68k.

Linux h tr nhiu kiu file khc nhau lu d liu.

H tr mng l mt trong nhng sc mnh ln nht ca Linux c v chc

nng ln tnh nng. Linux cung cp ci t hon ho v mng TCP/IP, bao gm

cc trnh iu khin thit b cho nhiu card Ethernet thng dng, PPP v SLIP,Parallel Line Internet Protocol (PLIP) v Network Fle System (NFS). C rt

nhiu ng dng khch v dch v TCP/IP c h tr nh FTP, Telnet, Simple

Mail Transfer Protocol (SMTP). Linux kernel cn h tr tng la mng hon

ho, cho php bn cu hnh bt c my Linux no di dng tng la.

1.3 Vn bn quyn.

Linux c cp giy php cng cng GNU General Public Licence hay

GPL.GPL i khi c gi l giy php khng bn quyn. Giy php ny a

ra cc iu khon rng buc vic phn phi v sa i phn mm min ph(free

software).

Ban u, Linus Torvalds tung ra Linux vi giy php hn ch hn GPL. Giy

php ny cho php t do phn phi v sa i phn mm nhng khng cho php

thay i gi thnh i vi vic s dng v phn phi sn phm . GPL cho php

bn v thu li t phn mm min ph nhng khng cho php hn ch quyn phnphi phn mm ca ngi khc di bt k hnh thc no.

Mi t chc bn phn mm min ph phi tun theo nhng gii hn nht nh

a ra trong GPL:


9/104

n tt nghip

9

- Th nht, h khng th hn ch quyn ca ngi s dng tc l

ngi mua phn mm. Ngha l khi bn mua CD_ROM vi phn

mm GPL , bn c th sao chp v phn phi min ph CD_ROM

hoc cng c th bn li.

- Th hai, nh phn phi phi ni r cho ngi s dng bit rng

phn mm ny thc s hot ng trong phm vi giy php GPL.

- Th ba, nh phn phi phi cung cp min ph m ngun y

cho phn mm phn phi. iu ny gip cho bt k ai mua phn

mm GPL u c th sa i phn mm .

Linux l mt phn mm thuc GPL nn n cng tun theo nhng quy tc caGPL. V vy Linux c coi nh l phn mm c m ngun m (Open source).

Ngha l m ngun ca Linux phi l m vi tt c mi ngi mun s dng n,

v c th sa i v pht trin mt cch t do. V nu thc hin thay i ti

chng trnh th nhng thay i ny cng phi m i vi mi ngi dng.

1.4 So snh Linux v cc h iu hnh khc.

Vn u tin c th ni l chng ta c th chy Linux vi mt s h iu

hnh khc nh Windows 95, Windows 98, Windows NT, OS/2...m khng gp

trc trc g.

1.4.1 So snh Linux vi Windows 95, Windows 98.

Khng c g l khi chy c Linux ln Windows 95/98 trn cng mt h

thng. Nhiu ngi s dng Linux dng Windows nh mt cng c x l t.

Ngha l ngi s dng s dng Windows khai thc cc ng dng thng mi

c trong Windows nh: Microsoft Word, Microsoft Exel...m trong Linux khng

c sn.


10/104

n tt nghip

10

Windows 95 v Windows 98 khng tn dng ht c chc nng ca b

x l X86. Mt khc, Linux hon ton chy trong ch bo v ca b x l v

khai thc trit cc tnh nng ca my, k c a b vi x l.

C th khng nh rng Windows v Linux l nhng thc th hon ton

khc bit. Windows c gi c hp l(so vi cc h iu hnh thng mi khc)

v c v tr vng chc trong th gii my tnh PC. Khng c h iu hnh no cho

PC li t c mc ph cp nh Windows. Tuy nhin Linux li l h iu

hnh min ph v chnh iu cng lm cho n ngy cng tr nn thng dng.

1.4.2 So snh Linux vi Windows NT.

Cng nh Linux, Windows NT(v cc phin bn Windows pht trin tWindows NT) l h iu hnh a nhim y , h tr my a b x l, kin trc

CPU, b nh o, ni mng, bo mt... Tuy nhin, khc bit gia Linux v

Windows NT l Linux l phin bn ca Unix. C nhiu ci t t pha cng ty

cung cp nhng c mt vn nan gii l vic chun ho di dng h thng m,

nhng khng mt cng ty no c th kim sot c thit k ny. Mt khc,

Windows NT l mt h thng c quyn. Giao din v thit k l do mt cng ty

kim sot, l Microsoft v ch cng ty mi ci t thit k. V mt ngha

no th hnh thc t chc ny l c li: n thit lp tiu chun nghim ngt

cho vic lp trnh v giao din ngi s dng khng ging nh trong cng ng

h thng m.

Windows NT l c sc mnh y ca b my tip th Microsoft, trong

khi Linux c cng ng hng nghn nh lp trnh ang gp phn ci tin h

thng ny qua mu Open Source. Nhng im quy chun ca Linux so viWindows NT chng minh rng mi h thng c im mnh v im yu

ring. Linux vt xa Windows NT trong lnh vc mng. Linux cng nh hn NT

nhng li thng n nh hn.


11/104

n tt nghip

11

1.5 Yu cu v phn cng.

Mt c im vt tri ca Linux chnh l n chy c trn hu ht cc

loi my tnh c bn.

My desktop: Bao gm cc phn cng ca Intel v Intel tng thch, cc

chip PowerPC, Sun Sparcs, DEC Alpha v nhiu loi khc. Bn cng khng cn

thit phi c i my hin i nht, mi nht, LINUX c tnh mdun cao, nu

loi bt cc th "ph tng", LINUX c th chy trn my 386 v ch cn 150 MB

a trng, 2MB RAM. Mt s nh pht trin cn vit LINUX chy t mt a

mm duy nht !

My laptop: Linux cng hot ng tt trn nhiu laptop nh ApplePowerBooks, IBM ThinkPad, Toshiba Tecras. iu k diu l LINUX c th

chy c trn Intel v Mac, t nht l vi cc phn cng c bn (bo mch chnh, b

vi x l, b nh).

C rt nhiu cc loi phn cng khc nhau, cc k hiu khc nhau (nh

SCSI, IDE, BIOS ... ). Hu ht, cc thng tin v my tnh u c cha trong

BIOS v bn c th thy c khi khi ng khi n cc phm c bit (F1, Del,

...). Nu bn ang dng Win95 hay WinNT th cc thng tin c th tm thy

trong mc system properties ca Control Panel.

Sau y l danh sch cc thit b cn tm hiu:

CD-ROM: Do Linux h tr hu ht cc trnh iu khin CD-ROM nn

cch n gin nht ci t l ni CD-ROM vi card SCSI hay IDE

bus. Nu CD-ROM ni vi IDE bus th n phi l loi tng thch vi

ATAPI.

mm: Phi l loi 3,5 in 1,44MB.


12/104

n tt nghip

12

cng: Ging nh CD-ROM, n c th c ni vi IDE hay SCSI bus.

Bn nn ghi li s cylinders ca cng - c ch ra trong BIOS ( ngha

ca cylinder s c gii thch sau).

Bus ni b: Linux hin ti khng h tr bus vi kin trc Micro-Chanel.

Cc bus c h tr l PCI, ISA, EISA, VL Bus. Hu ht cc my sn

xut sau nm 1995 u c PCI bus.

B nh: Linux cn ti thiu 8MB RAM c th chy c.

Sound card: Khng cn thit cho qu trnh ci t, song nu bn c

Creative Labs Sound Blaster hay card sound tng thch, bn s d dng

c c m thanh trong qu trnh ci t.

Video card: Thng tin cn thit y l loi chip v dung lng b nh.

Nu l loi card PCI th thng tin ny c th t ng nhn bit trong qu

trnh ci t (thng tin ny ch thc s cn thit nu bn c nh dng

Xwindow).

Vic tip theo l so snh danh sch phn cng bn c vi danh sch c

Linux h tr:

Thit b Cc thit b tng thch

CD-Rom Drive IDE ATAPI-compliant, SCSI CD-Rom

Hard Drive Cc loi IDE, EIDE, SCSI. Mt s loi Ultra

DMA khng lm vic c v khng tng thch

vi chun EIDE

SCSI Controller Hu ht cc iu khin SCSI thng dng nhBusLogic v Adaptec

Video card Cc loi card ATI, Cirrus v Matrox, S3...


13/104

n tt nghip

13

Nu phn cng ca bn khng c h tr th ch cn cch:

Thay i phn cng sao cho tng thch.

Ch cho n khi Linux h tr phn cng ca bn.

Tt hn l nn trnh cc thit b mang nhn Plug&Play. Bi v Linux mi ch

ang bt u h tr cc thit b ny, do s rt phc tp khi ci t. Bn cng

nn thn trng vi cc phn cng c lit vo loi Win-item (nh Winmodem

v Winprinter) v chng ch hot ng trong mi trng Window.

*Cc thng tin v mng

Trong trng hp my tnh c ni mng Lan s dng giao thc TCP/IP,

bn c th phi c nhng thng tin sau:Hostname

Domain Name

IP Address

Netmask

Default Gateway

Primary Namesever

Secondary Nameserver

NFS Server (optional)

FTP Server (optional)


14/104

n tt nghip

14

Chng II : cc lnh Linux c bn

2.1 Cc phng thc hot ng ca dng lnh

Cc lnh trong Linux c chia lm hai loi l cu lnh v chng trnh.im khc nhau gia cu lnh v chng trnh l: i vi cc cu lnh Linux

c ci sn cc phn ng v khi bn g lnh, Linux s p ng cc cu lnh .

Cn i vi chng trnh, n s tm chng trnh c tn thch hp ri thc hin

chng trnh .

Nhiu lnh trong Linux cho php u ra ca mt lnh ny l u vo ca

lnh khc. lm c iu bn ch cn nh du | ngn cch gia hai

lnh. Cn nu cu lnh di qu bn c th ngt xung dng bng cch thm du

\ ti cui dng (du \ phi l k t cui cng ca dng lnh). Khi bn mun

nh nhiu lnh mt lc th bn ch cn nh du , gia cc cu lnh, t cc

cu lnh s c thc hin mt cch tun t.

Linux cn cung cp nhiu s tin li khi s dng cc lnh, c bit l kh

nng hon chnh lnh bng vic s dng phm tab. Bn cng c th s dng mi

tn ln/xung trn bn phm nhn c cc cu lnh s dng lc trc.Mt s phm tt thc hin lnh cc thao tc n gin khi nhp lnh.

- Nhn phm ESC +BACKSPACE xo mt t bn tri con

tr.

- Nhn phm ESC +D xo mt t bn phi con tr.

- Nhn phm ESC +F di chuyn con tr sang phi mt t.

- Nhn phm ESC +B di chuyn con tr sang tri mt t.

- Nhn phm CTRL +A di chuyn con tr v u dng lnh.

- Nhn phm CTRL +E di chuyn con tr v cui dng lnh.

- Nhn phm CTRL +U xo dng lnh hin ti.


15/104

n tt nghip

15

Bn c th nhn phm ALT thay cho phm ESC.

2.2 Trang Man

Linux l mt h iu hnh rt phc tp vi rt nhiu cu lnh c th kt

hp vi nhau thc hin hng nghn cc thao tc khc nhau. Hu ht cc cu

lnh u c km theo mt s cc tu chn lnh hay nhng thng tin quan trng.

Trong Linux c ti hn 1000 lnh v chc chn rng chng ta khng th nh ht

c. S dng trang Man s gip chng ta gii quyt c Iu .

Trang Man (Manual page), l mt ti liu trc tuyn trong Linux lu tr

ton b cc lnh c sn vi cc thng tin tham kho y .

m trang Man ca mt lnh, bn hy g:man

Cch trnh by chung ca mt trang Man s nh sau:

NAME

Tn lnh v khi qut tc dng ca lnh.

SYNOPSIS

C php ca lnh.

DESCRIPTION

M t c th hn v tc dng ca lnh.

OPTIONS

Lit k cc tu chn lnh v tc dng ca chng.

FILES

Lit k cc tp tin m lnh s dng hoc tham chiu n.

SEE ALSOLit k cc lnh, cc ti liu c lin quan n lnh.

REPORTING BUGS

a ch lin h nu gp li khi s dng lnh.


16/104

n tt nghip

16

AUTHOR

Tn tc gi ca lnh.

2.3 Cc quy c.

C mt b quy c m t chnh xc v nht qun c php lnh trong

Linux. B quy c ny quy nh tu chn hay tham s no buc phi dng, tu

chn hay tham s no khng nht thit phi dng...

- Bt c t no ng mt mnh hay khng trong cc du [], {}, th phi

g y nh vy.

- T nm trong du ngoc vung ( [] ) l tu c th g hoc khng.

- T no nm trong du l bt buc phi c v c thay th bng tthch hp.

- T no nm trong du {} l chn mt trong cc gi tr trong ngoc .

- Du ... thng c dng vi cc tham s nh tn tp tin.

- Khi cn c th kt hp cc du ngoc vi nhau to ra cch s dng

tham s mi.

Ngoi nhng quy c trn, c mt iu cn lu na l trong dng lnh

Linux c phn bit ch hoa v ch thng.

Trong Linux c hai k t i din ph bin l * v ?. * l k t i

din thng dng nht, n thay cho mt hay nhiu k t. V ? l k t i din

cho mt k t duy nht.

2.4 Cc lnh c bn trong Linux.

2.4.1 Th mc v lnh v th mc.

2.4.1.1 Mt s th mc c bit.

- Th mc / : y l th mc gc cha ng tt c cc th mc con c

trong h thng.


17/104

n tt nghip

17

- Th mc /root : c s dng lu tr cc tp tin tm thi, nhn

Linux v cc hnh nh khi ng, cc tp tin nh phn quan trng, cc

tp tin ng nhp....

- Th mc /bin : Mt chng trnh c coi l kh thi nu n c th thc

hin c v khi bin dch n c dng l tp tin nh phn. Ngha l mt

chng trnh ng dng trong Linux l mt tp tin nh phn kh thi. V

th mc /bin chnh l ni lu tr cc tp tin nh phn kh thi . Nhng

theo thi gian ngy cng c nhiu tp tin nh phn kh thi nn c thm

cc th mc nh /sbin, /usr/bin c s dng lu tr cc tp tin .

- Th mc /dev : Lu tr tt c cc trnh iu khin thit b.- Th mc /etc :Lu tr tt c cc thng tin hay tp tin cu hnh h

thng.

- Th mc /lib : Lu tr cc th vin hm v th tc.

- Th mc /lost+ found: Mt tp tin c khi phc sau khi c bt k

mt vn hay mt trc trc no trn h thng u c lu vo tp tin

ny.

- Th mc /mnt: L ni kt ni cc thit b (a cng, a mm,)

vo h thng tp tin chnh.

- Th mc /tmp : Th mc ny c rt nhiu chng trnh trong Linux

s dng nh mt ni lu cc tp tin tm thi. V d nh bn son tho

mt tp tin, chng trnh s to ra mt tp tin l bn sao ca tp tin

v lu vo trong th mc /tmp. Bn s son tho trc tip trn tp tin

tm thi ny v sau khi son tho xong, tp tin s c ghi ln tptin gc ca bn.


18/104

n tt nghip

18

- Th mc /usr: Thng thng th mc ny l trung tm lu tt c cc

cu lnh hng n ngi dng. Tuy nhin ngy nay th hu ht cc tp

tin nh phn ca Linux u c lu tr ti th mc ny.

- Th mc /home : Lu tr cc th mc c nhn ca ngi dng.

- Th mc /var: c s dng lu tr cc thng tin lun lun thay

i.

- Th mc /boot: L th mc cha nhn ca h thng, system.map (tp

tin nh x n cc driver np cc h thng tp tin khc),....Th mc

ny cho php khi ng v np li bt k trnh iu khin no c yu

cu c cc h thng tp tin khc.- Th mc /proc : L th mc dnh cho nhn h thng (kernel).

- Th mc /mise v th mc /opt: Bn c th lu tr mi th bn thch

vo th mc ny.

- Th mc /sbin : Lu cc tp tin h thng thng t ng chy.

Ngoi ra cn hai th mc c bit tn ti trong Linux, l hai th mc

c biu hin bi du . v ...

- Du . biu hin cho th mc hin hnh.

- Du .. biu hin cho th mc cha ca th mc hin hnh.

2.4.1.2 Cc lnh chnh lin quan n th mc.

Xc nh th mc hin thi vi lnh pwd

C php lnh:

pwd

Lnh ny cho bn bit hin bn ang trong th mc no.Mc nh, Linux lun t bn vo th mc cc nhn ca bn khi ng nhp.

Xem thng tin v th mc vi lnh ls

C php lnh :


19/104

n tt nghip

19

ls [tu chn lnh]...[th mc]...

Lnh ny a ra thng tin v th mc, nu khng c th mc nh l thng

tin hin thi c hin th.

Lnh to th mc mkdir

C php lnh :

mkdir [tu chn lnh]

Lnh ny s to mt th mc mi nu n cha thc s tn ti. Nu th

mc tn ti, h thng s thng bo cho bn bit.

Lnh loi b th mc rmdir.

C php lnh :rmdir [tu chn lnh]...

Vi lnh ny bn ch xo c nhng th mc rng, tc l khng tn ti

tp tin hoc th mc con no trong n. Th mc xo ri th khng c cch no

khi phc c, v vy bn nn cn nhc k trc khi xo mt th mc no .

Lnh i th mc cd.

Tn cd c ngha l change directory. Bn c th chuyn trc tip n thmc no hoc chuyn mt cch tng i.

Mun chuyn ln th mc cha : #cd .. hoc #cd ../..

Chuyn v th mc gc : #cd \

Chuyn v th mc home th dng lnh: #cd hoc #cd ~

Lnh sao chp th mc cp.

C php lnh:

cp [tu chn lnh] ......

Lnh ny cho php bn sao th mc ngun n th mc ch hoc sao chp t

nhiu th mc ngun vo th mc ch.


20/104

n tt nghip

20

2.4.2 Tp tin v cc lnh v tp tin.

2.4.2.1 Cc kiu tp tin trong Linux.

C rt nhiu tp tin khc nhau trong Linux, nhng bao gi cng tn ti mt s

kiu tp tin cn thit cho h Iu hnh v ngi dng. Di y l mt s cc

kiu tp tin c bn.

- Tp tin ngi dng(user data file): L cc tp tin to ra do hot ng ca

ngi dng khi kch hot cc chng trnh ng dng tng ng. V d nh

cc tp tin thun vn bn, cc tp tin c s d liu hay cc tp tin bng

tnh.

- Tp tin h thng(system data file): L cc tp tin lu tr thng tin ca hthng nh: cu hnh cho khi ng, ti khon ca ngi dng, thng tin

thit b...thng c ct trong cc tp dng vn bn ngi dng c th

can thip, sa i theo mnh.

- Tp tin thc hin(executable file): L cc tp tin cha m lnh hay ch th

cho my tnh thc hin. Tp tin thc hin lu tr di dng m my. Tp

tin thc hin c bt u bi du(*) v thng c mu xanh lc.

- Tp tin bao hm(directory: L tp tin bao hm trong n cc tp tin khc .

Trong mc, tp tin bao hm thng c mu trng v bt u bng du ng

(~) hoc du chia (/). V d: /, /home, /bin, /usr, /usr/man, /dev...

- Tp tin thit b (device file): L tp tin m t thit b dng nh l nh

danh ch ra thit b cn thao tc.Theo quy c, tp tin thit b c lu

tr trong th mc /dev. Cc tp tin thit b hay gp trong mc ny l

tty(teletype-thit b truyn thng), ttyS(teletype serial- thit b truyn thngni tip)... Trong mc, tp tin thit b c mu tm v bt u bng du

cng(+).


21/104

n tt nghip

21

- Tp tin lin kt (linked file): L nhng tp tin cha tham chiu n cc tp

tin khc trong h thng tp tin ca Linux. Tham chiu ny cho php ngi

dng tm nhanh ti tp tin thay v ti v tr nguyn thu ca n. Ta thy

loi tp tin ny ging nh khi nim shortcut trong windows.

Linux qun l thi gian ca tp tin qua cc thng s thi gian truy nhp

(accessed time), thi gian kin to (created time) v thi gian sa i (modified

time).

2.4.2.2 Cc lnh v tp tin.

Lnh to tp tin.

+ To tp tin vi lnh touch.C php lnh:

touch

Thc cht lnh ny c tc dng dng cp nht thi gian truy nhp

v sa cha ln cui ca mt tp tin. V l do ny cc tp tin c to bng lnh

touch u c sp xp theo thi gian sa i. Nu bn s dng lnh touch i

vi tp tin cha tn ti, chng trnh s to tp tin .

+To tp tin bng cch i hng u ra ca lnh.

Cch ny rt hu ch nu bn mun lu kt qu ca mt lnh bn

thc hin. gi kt qu ca mt lnh ls -l /bin vo tp tin /home/thu/lenh bng

cch g.

#ls -l /bin > /home/thu/lenh

Linux t ng to nu tp tin lenh cha c, trong trng hp c

tp tin lenh th ni dung tp tin c s b th ch bi kt qu ca lnh :#ls l /bin > /home/thu/lenh

Mun b sung thm kt qu vo cui tp tin thay v th ch ni

dung tp tin, bn s dng du >>.


22/104

n tt nghip

22

+ To tp tin bng lnh cat.

cat >

Mc nh, lnh ny cho php bn ly thng tin u vo t bn phm

ri xut ra mn hnh. Bn c th tu g ni dung ca tp tin ngay ti du nhc

lnh v g CTRL + d kt thc vic son tho.

Sao chp tp tin vi lnh cp.

C php :

cp[tu chn lnh]......

Tc dng lnh v cc tu chn lnh ging vi sao chp th mc mctrn.

i tn tp tin vi lnh mv.

C php lnh :

mv

Lnh ny cho php bn i tn tp t tin c thnh tn mi.

Xo tp tin vi lnh rm.C php lnh:

rm[tu chn lnh]......

Bn c th s dng lnh ny xo b mt tp tin hoc nhiu tp tin.

m t v dng trong tp tin vi lnh wc.

C php lnh:

wc [ty chon lnh]...[tn tp tin]

a ra s dng, s t, s k t c trong mi tp tin v mt dng tnh

tng. Nu khng c tu chn no th mc nh a ra c s dng, s t v s k

t. Khng c tn tp tin th mc nh s c v m trn thit b vo chun.


23/104

n tt nghip

23

Sp xp ni dung tp tin vi lnh sort

C php lnh:

sort [tu chn lnh]...[tn tp tin]...

Hin th ni dung sau khi sp xp ca mt hoc nhiu tp tin ra thit b ra

chun l tc dng ca lnh sort. Mc nh th t sp xp l [0-9, A-Z, a-z]

Xc nh kiu tp tin vi lnh file.

C php lnh:

file [tu chn lnh] [-f namefile] [-m magicfile] tp tin...

Lnhfile cho php bn xc nh v in ra kiu thng tin cha trong tp tin.

+ text: dng tp tin vn bn thng thng, ch cha cc m k tASCII.

+ Executable: dng tp tin nh phn kh thi.

+ Data: thng l dng tp tin cha m nh phn v khng th in ra

c.

Xem ni dung tp tin vi lnh cat.

C php lnh v cc tu chn:

cat [tu chn lnh]

Xem ni dung tp tin ln vi lnh more.

C php lnh v tu chn :

more [-dlfpcsu] [-num] [+/pattern] [+linenum] [file...]

Lnh more hin th ni dung ca tp tin theo tng trang mn hnh.

Xem ni dung tp tin vi lnh head.

C php lnh:

head [tu chn lnh]...[tn file]...


24/104

n tt nghip

24

Lnh ny s a ra mn hnh 10 dng u tin ca mi tp tin. Nu c

nhiu tp tin th ln lt tn cc tp tin v 10 dng u tin s c hin th. Nu

khng c tn file, hoc tn file l du - mc nh s c t thit b chun.

Xem qua tp tin vi lnh tail.

C php lnh:

tail [tu chn lnh]...[tn file]...

Lnh ny s a ra 10 dng cui ca ni dung file. Nu c nhiu tp tin

th ln lt tn cc tp tin v 10 dng cui s c hin th. Nu khng c tn

file, hoc tn file l du - mc nh s c t thit b chun.

Tm theo ni dung tp tin bng lnh grep.C php lnh:

grep[tu chn lnh]

Lnh grep s hin th tt c cc dng c cha mu lc trong tp tin c

a ra (hoc t thit b vo chun nu khng c tn tp tin hoc tn tp tin c

dng l du -").

Tm theo cc c tnh ca tp tin bng lnh find.

C php lnh:

find [ng dn] [biu thc]

Lnh find thc hin vic tm kim tp tin trn cy th mc theo biu thc

c a ra. Mc nh ng dn l th mc hin thi, biu thc l - print.

2.4.3 Lnh v Destop.

Lnh tnh biu thc s hc vi lnh bc.

C php lnh:

bc [-lwsqv] [cc tu chn di] [file...]


25/104

n tt nghip

25

Lnh xem lch trn h thng bng lnh cal.

C php lnh:

cal [-mjy] [month [year]]

Nu khng c tham s, lch ca thng hin ti s c hin th.

Lnh xem ngy, gi.

C php lnh:

date [tu chn lnh] ... [+ nh dng]

v

date [tu chn lnh] [MMDDhhmm] [CC [YY]]

Lnh xem tin h thng uname.C php lnh:

uname [cc tu chn]...

Lnh uname cho php bn xem thng tin h thng. Nu khng c tu chn

th hin tn h iu hnh.

2.4.4 Lnh v trnh bo mn hnh.

Lnh echo.C php lnh:

echo [cc tu chn]...[xu k t]...

2.4.5 Cc lnh lin quan n ti khon ngi dng.

2.4.5.1 Cc lnh lin quan n ngi dng.

Khi ci t h iu hnh Linux, ng nhp chnh s c t ng to ra.

ng nhp ny gi l root v c xem l ngi dng cp cao. Khi ng nhp

vi t cch l ngi dng root th bn c th lm bt c iu g bn mun trn h

thng ( to mt ngi dng mi, thay i thuc tnh ca mt ngi dng, xo b

ngi dng... ).


26/104


27/104


28/104

n tt nghip

28

Sa i thuc tnh ca mt nhm ngi dng.

C php lnh v cc tu chn:

groupmod [tu chn lnh]

Xo mt nhm ngi dng.

Ch xo c mt nhm ngi dng khi khng cn ngi no thuc nhm

na.

C php lnh:

groupdel

Lnh ny s sa i c tp tin ti khon h thng xo tt c cc thc th

lin quan n nhm. Tn nhm phi thc s tn ti.2.4.7 Cc lnh khc c lin quan n ngi dng.

ng nhp vi t cch mt ngi dng khc vi lnh su.

C php lnh:

su

Dng lnh su s gip bn thay i tn ngi dng mt cch hiu qu v

cp cho bn cc quyn truy nhp nhngi dng.Nu bn ng nhp vi t cch ngi s dng bnh thng v mun tr

thnh ngi dng cp cao (root) th dng lnh sau:

#su root

Khi h thng s yu cu bn nhp mt khu ca ngi dng cp cao.

Nu cung cp ng mt m th bn s l ngi dng root cho ti khi dng CTRL

+d thot ra khi ti khon v tr v ng nhp ca ngi dng ban u. Cn

nu bn ng nhp vi t cch ngi dng cao cp v mun tr thnh ngi dng

bnh thng th cng dng lnh:

su


29/104

n tt nghip

29

Bn s khng b hi v mt khu khi thay i t ngi dng cp cao sang

ngi khc. Tuy nhin nu bn ng nhp vi t cch ngi dng bnh thng v

mun chuyn sang mt ng nhp khc th bn phi cung cp mt m ca ngi

dng .

Xc nh ngi dng ang ng nhp

+ Lnh who

C php lnh:

who [tu chn lnh]

Lnh who cho bn bit c hin ti c nhng ai ang ng nhp trn h

thng.Lnh who hin th ba ct thng tin cho tng ngi dng trn h thng. Ct

u l tn ca ngi dng, ct hai l tn thit b u cui m ngi dng ang

s dng, ct ba hin th ngy gi ngi dng ng nhp.

Ngoi lnh who th bn c th s dng lnh users xc nh ngi dng

ang ng nhp trn h thng.

#users

Khi no bn quen mnh ang ng nhp vi tn ngi dng l g, lc

bn hy dng lnh:

who am i

Hoc

whoami

Lnh who am i s hin kt qu y hn vi tn my bn ng nhp, tn

ngi dng bn ang ng nhp, tn thit b v ngy gi bn ang ng nhp.+ Lnh id.

C php lnh:

id [tu chn lnh] [tn ngi dng]


30/104

n tt nghip

30

Lnh ny s a ra cho bn thng tin v ngi dng c a ra trn dng

lnh hoc thng tin v ngi dng hin thi.

+ Xc nh cng vic m nhng ngi dng ng nhp trn h thng

ang thc hin, ta s dng lnh w.

C php lnh:

w [tn ngi dng]

Lnh w s a ra thng tin v ngi dng hin thi trn h thng v tin

trnh h ang thc hin.

2.4.8 Cc lnh lin quan n qun l thit b.

Linux c cch iu khin cc thit b rt khc so vi cc h iu hnhkhc. S khng c cc tn thit b lu tr vt l nh A hay C..., m lc cc

thit b lu tr ny s tr thnh mt phn ca h thng tp tin cc b thng qua

mt s thao tc c gi l kt gn mounting. Khi bn ang s dng thit b

lu tr , mun tho b bn phi tho b kt gn umount thit b.

s dng bt k mt thit b lu tr vt l no trn Linux, bn cn

phi s dng n lnh mount. im gn kt l th mc /mnt.

C php lnh:

mount

Dng ny s thng bo cho nhn h thng kt gn h thng tp tin c

trn device thit b ny c dng l type vo th mc im gn kt dir.

V d: Nu mun s dng a mm v a CD. Bn hy gn chng vo hai

th mc /mnt/floppy v mnt/cdrom bng hai cu lnh.

#mount -t msdos /dev/fd0 mnt/floppy

#mount /dev/cdrom /mnt/cdrom


31/104

n tt nghip

31

Bn c th tho b kt gn ca mt h thng tp tin trn h thng bng

lnh umount .

C php lnh:

umount

Dng lnh ny s tho b kt gn ca h thng tp tin c trn device ra

khi h thng tp tin chnh. Lu rng khng th tho b kt gn ca mt h

thng tp tin khi c mt tin trnh ang hot ng truy cp n cc tp tin trn h

thng tp tin .

Khi mt h thng tp tin c kt gn(dng lnh mount), nhng thng tin

quan trng v s cc tp tin trn h thng tp tin c lu trong nhn . Nuloi b cc thit b vt l cha h thng tp tin m khng tho b kt gn (dng

lnh umount) c th dn ti thng tin lu v h thng tp tin b tht lc. Mc ch

c lnh umount l xo b mi thng tin ra khi b nh khi khng dng n

na.

V d: Khng dng n a mm, bn c th dng cu lnh:

#umount /dev/fd0

Xem dung lng a s dng vi lnh du.

C php lnh:

du [tu chn lnh ] ...[file]...

Lnh du s lit k kch thc (tnh theo kilobytes) ca mi tp tin c trong

h thng tp tin c cha file. Lu rng, lnh du khng cho php c nhiu tu

chn trn cng mt dng lnh.

kim tra dung lng a trng vi lnh df.C php lnh:

df [tu chn lnh]...[file]...


32/104

n tt nghip

32

Lnh ny s hin th dung lng m cn trng trn h thng tp tin cha

ng tp tin file. Nu khng c tn tp tin th lnh ny s hin th dung lng a

cn thng trn tt c cc h thng tp tin c kt ni.

Lnh df ch cho bit dung lng a s dng v dung lng a cn

trng ca tng h thng tp tin. Nu bn mun bit tng dung lng a cn

trng l bao nhiu, bn s phi cng dn dung lng a cn trng ca tng h

thng tp tin.

2.4.9 Cc lnh v phn quyn.

Thay i quyn s hu tp tin vi lnh chown.

C php lnh:chown [tu chn lnh]... [.[group]]

Lnh ny cho php ngi dng owner s hu tp tin. Nu ch c tham s

owner, th ngi dng owner s s hu tp tin v nhm s hu khng thay i.

Nu theo sau tn ngi dng l du . v tn ca mt nhm group th nhm

s s hu tp tin. Nu ch c du . v tn nhm m khng c tn ngi s hu

th ch c quyn s hu nhm ca tp tin thay i.

Thay i quyn s hu nhm vi lnh chgrp.

Khi ng nhp, mc nh bn s l thnh vin ca mt nhm c thit lp

khi ngi dng cao cp root to ti khon ngi dng. Bn c th thuc nhiu

nhm khc nhau nhng mi ln ng nhp bn ch l thnh vin ca mt nhm.

thay i quyn s hu nhm i vi mt hoc nhiu tp tin, bn hy s dng

lnh chgrp.

C php lnh:chgrp [tu chn lnh] ...

Lnh ny cho php nhm group s hu tp tin tp tin

Thay i quyn truy cp tp tin vi lnh chmod.


33/104

n tt nghip

33

C php lnh:

chmod [tu chn lnh] ...

Lnh ny cho php bn xc lp quyn truy nhp kiu mode trn tp tinfile.

2.5 Shell.

Shell l chng trnh giao din gia ngi dng v Linux hay ni chnh xc

hn l ngi dng v nhn Linux. Mi lnh bn g ti du nhc trn mn hnh s

c shell din dch ri chuyn ti nhn Linux.

Shell l b din dch ngn ng lnh, n c ci sn b lnh ring. Mt s lnh

nh pwd ci sn trong shell bash cn nhng lnh nh cp v rm l nhng chng

trnh thi hnh hin din trn th mc h thng tp tin. Vi t cch l ngi dng,bn khng bit (hay khng bn tm) lnh no ci vo shell hay chng trnh. Khi

bn nhp mt lnh th u tin shell s kim tra lnh ny c phi l lnh ci sn

hay khng. Nu khng phi l lnh ci sn, shell s kim tra xem n c ng l

chng trnh ng dng hay khng. Nu nhp lnh chng phi l lnh shell hay

cng chng phi tp tin thi hnh th s c mt thng bo li hin th nh sau:

$doit

doit: not found

Bc cui cng, cc lnh ci sn v chng trnh ng dng c phn thnh

system call (gi h thng) ri chuyn ti nhn Linux.

Shell khi ng sau khi bn ng nhp thnh cng vo h thng, v tip tc

l phng php tng tc chnh gia ngi dng v nhn Linux cho n khi bn

ng xut. Mi ngi dng trn h thng c mt shell mc nh v c lu

trong tp tin mt m h thng /etc/passwd. Tp tin mt m h thng cha User IDca mi ngi, mt m m ho, v tn chng trnh chy ngay sau khi ngi

dng ng nhp vo h thng.


34/104

n tt nghip

34

Trn Linux c ci sn mt s loi shell khc nhau, mi shell c nhng u

nhc im ring:

Shell Bourne Again (bash) l shell c s dng ph bin nht (v

mnh nht) trong Linux. Bash l m rng ca shell Bourne v n tng thch

hon ton vi shell Bourne. Bash c to ra v c phn phi bi d n GNU

(t chc phn mm min ph ). a ra cc son tho dng lnh, cc la chn thay

th quan trng.

Mt s lnh ci sn trong shell bash:

Lnh Cng dng

alias Lp b danh (bit danh lnh cho ngi dng quy nh).Bg Lnh background (hu cnh). Buc tin trnh b ngng tip tc thi

hnh hu cnh

cd Chuyn th mc lm vic. Lnh ny s chuyn th mc lm vic

hin hnh vo th mc nh.

exit Chm dt Shell.

export Lm cho gi tr bin s lp kh dng i vi tt c tin trnh con

thuc shell hin hnh.

fc Lnh fix. Hiu chnh lnh trong danh sch history hin hnh.

fg Lnh foreground (tin cnh). Buc tin trnh b ngng tip tc thi

hnh tin cnh.

help Hin th thng tin tr gip v lnh ci sn trong bash.

history a ra danh sch n lnh va nhp ti du nhc lnh. n l bin quy

nh s lnh s ghi nh.kill Chm dt tin trnh khc.

pwd In th mc hin ngi dng ang lm vic trn .


35/104

n tt nghip

35

unalias Xo cc b danh nh bng lnh alias.

Bash cn nhiu lnh na, nhng y l nhng lnh thng dng nht. Mun

xem bash gii thiu thm lnh no v mun bit r hn v nhng lnh nu trn,

bn hy tham kho trang Man (g man bash ).

Shell Bourne (sh) do Steven Bourne vit. l shell Unix nguyn thu

c mt trn mi h thng Unix, n khng x l tng tc ngi dng nh mt s

shell khc cho php. N khng a ra son tho dng lnh.

Shell C (csh) do Bill Joy vit, shell C p ng tng tc ngi dng. N

chp nhn cc c tnh vn khng c trong shell Bourne, chng hn nh hon

thnh dng lnh. V ngn ng lp trnh shell C gn ging nh ngn ng C, ll do ngi ta t tn cho n l shell C.

Shell korn (ksh) do David Korn vit. ng ly cc c tnh u vit ca

shell C v shell Bourne ri kt hp thnh mt shell tng thch hon ton vi

shell Bourne v a ra son tho dng lnh.

Public Domain Korn Shell (pdksh) khng chp nhn cc c tnh trong

phin bn shell Korn. Th nhng n chp nhn hu ht c tnh ch yu v b

sung vi c tnh mi vo.

Mt s lnh trong shell pdksh:

+ alias : Lp b danh , bit danh lnh cho ngi dng t.

+ bg : Lnh background (hu cnh). Buc tin trnh b ngng tip tc thi

hnh hu cnh.

+ cd : Chuyn th mc lm vic. Lnh ny s chuyn th mc lm vic

hin hnh vo th mc nh.+ exit : Chm dt Shell.

+ export : Lm cho gi tr bin s lp kh dng i vi tt c tin trnh con

thuc shell hin hnh.


36/104

n tt nghip

36

+ fc : Lnh fix. Hiu chnh lnh trong danh sch history hin hnh

+ fg : Lnh foreground (tin cnh). Buc tin trnh b ngng tip tc thi

hnh tin cnh.

+ kill : Chm dt tin trnh khc.

+ pdw : (Print working directory) in th mc hin hnh ln mn hnh.

+ unalias : Xo cc b danh nh bng lnh alias.

tcsh l phin bn sa i ca shell C (csh). N tng thch hon ton vi

csh nhng li mang nhiu c tnh mi gip tng tc ngi dng d dng hn.

Mt s lnh tcsh hu ch:

+ alias : Lp b danh , bit danh lnh cho ngi dng t.+ bg : Lnh background (hu cnh). Buc tin trnh b ngng tip tc thi

hnh hu cnh.

+ bindkey : Cho php ngi dng thay i cc thao tc hiu chnh vn gn

lin vi mt t hp phm.

+ cd : Chuyn th mc lm vic. Lnh ny s chuyn th mc lm vic

hin hnh vo th mc nh.

+ fg : Lnh foreground (tin cnh). Buc tin trnh b ngng tip tc thi

hnh tin cnh.

+ history: Cho php ngi dng hin th v sa i ni dung danh sch

history v tp tin history.

+ kill : Chm dt tin trnh khc.

+ logout : Chm dt shell ng nhp.

+ set : Lp gi tr bin tcsh.+ source : c v thi hnh ni dung tp tin.

+ unalias : Xo cc b danh nh bng lnh alias.


37/104

n tt nghip

37

Chng III: samba

3.1 Gii thiu tng quan.

Cc t chc kinh doanh ln thng x l thng tin trn nhiu loi h iuhnh khc nhau v c nhu cu lu tr chng trong mt mi trng mng trong

vic chia s cc tp tin v my in. Cc nhn vin c th lm vic trn cc my

trm nh Linux, Microsoft Windows 95/98/NT, OS/2 hay Novel v vn cn phi

truy cp my server trong cc cng vic thng ngy ca h.

Samba l mt dch v mng rt mnh trong vic chia s tp tin v my in,

n lm vic tt trn cc h iu hnh ch yu hin nay. Khi c thc hin tt

bi ngi qun tr, n s nhanh hn v bo mt hn cc dch v chia s tp tin t

nhin c sn trn cc my Microsoft Windows.

Samba l mt giao thc c nhiu my PC kt ni vi nhau cng chia s cc

tp tin, cc my in, v cc thng tin khc, chng hn nh lit k danh sch cc

tp tin v my in. Cc HH m n h tr dch v ny mt cch t nhin gm c

Windows 95/98/NT, OS/2 v Linux.

y chng ta s tm hiu Samba vi tnh nng nh mt cy cu ni giaLinux v Windows, samba cho php cc my tnh chy Linux c th hot ng

v giao tip trn cng mt giao thc mng vi my Windows.

3.2 Ci t

C hai cch ci t Samba:

Cch 1: ci t t tp tin samba-2.2.7a-7.9.0.i386.rpm c sn trong CD

ci t Redhat 9.0. Cch 2: ci t t tp tin samba-2.2.7a-7.9.0.i386.tar.gz.

Phn ny ch tp trung cho vic ci t v cu hnh samba t tp tin samba-

2.2.7a-7.9.0.i386.rpm.


38/104

n tt nghip

38

Trong Redhat 9.0 trc khi ci t, chng ta kim tra xem samba c ci

t trn h thng ca bn hay cha vi lnh:

[root@localhost root]#rpm q samba

Nu samba cha c ci t trn h thng th chng ta tin hnh ci t

theo nhng lnh sau:

[root@ localhost root]# mount /mnt/cdrom

[root@ localhost root]#cd /mnt/cdrom/redhat/RPMS

[root@ localhost root]#rpm ivh samba-2.2.7a-7.9.0.i386.rpm

Lnh u tin kt gn CD vo h thng, lnh th hai chuyn vo th mc

cha chng trnh ngun samba-2.2.7a-7.9.0.i386.rpm v lnh th ba s ci tpackage samba-2.2.7a-7.9.0.i386.rpm vo h thng ca bn. Sau khi ci t thnh

cng samba vo h thng, tp tin cu hnh smb.conf s nm trong th mc

/etc/samba/smb.conf v tt c nhng g chng ta cu hnh v samba s c thc

hin t tp tin ny.

3.3 cu hnh

File cu hnh chnh ca Samba l smb.conf c ct trong th mc

/etc/Samba. Trong file ny c hai kiu ch thch c xc nh bng du (;) v

(#) t u cc dng. Du (#) l du ch thch thc v bn khng th b du

ny i c nhng du (;) l du ch thch xc nh thuc tnh hng tng ng

c c chn hay khng, kiu ch thch ny c th b i c.

V d trong file ny c on:

;encrypt password =yes

Nu b du (;) i th Samba s hiu rng mt khu s c m ha(encrypt), ngc li mt khu khi truyn i s c dng khng m ho

(clear text).


39/104

n tt nghip

39

vic thay i thng s trong file smb.conf an ton, chng ta sao lu file

smb.conf n mt th mc khc, ng thi m bo rng kt ni gia my

Linux v Windows vn trng thi tt (Kim tra bng lnh ping 2 my vi

nhau).

File smb.conf c chia lm 2 phn: global setting v sharing setting.

Trong mi phn li c nhiu tham s khc nhau.

thit lp cu hnh file smb.conf bn c th m file ny bng mt trnh son

tho c sn trn h thng nh vi, mc, pico:

#vi /etc/Samba/smb.conf3.3.1 cu hnh global setting:

Phn ny s cha thng s iu khin Samba server.

Gi tr u tin cn thit lp l gi tr ca th workgroup :

[global]

# workgroup = NT-Domain-Name or Workgroup-Name

workgroup = MYGROUP

L tham s xc nh tn workgroup ca Windows m my Linux ng

nhp, nhm ny phi tn ti trc khi chng ta cu hnh Samba.

Lu : Nn nhp tn workgroup dng ch in hoa.

# server string is the equivalent of the NT Description field

server string =Samba Server

Tham s server string l tham s gn m t v tn my Linux trn mng.

Mc nh tham s ny c gn bng Samba Server, tu theo chc nng ca my

Linux m bn c th t cc tn khc nhau. Vic gn gi tr cho tham s nykhng gy nh hng ln n vic cu hnh Samba.

;hosts allow = 192.168.1. 192.168.2.


40/104

n tt nghip

40

Nu b du (;) th cc my c a ch IP khng thuc lp mng lit k

khng th truy nhp vo my Linux. y ly v d vi lp mng C, nh vy cc

my c a ch IP bt u bng 192.168.1. v 192.168.2. u c th truy nhp ti

nguyn trn my Linux.

# this tells Samba to use a separate log file for each machine

# that connects

log file = /var/log/Samba/%m.log

Tham s logfile s xc nh tn file log cho tng my khi truy cp, %m c ngha

l tn my trn mng.

V d: Nu trn mng c my tn l nampt truy cp vo my Linux th Samba sto ra mt file l nampt.log lu trong th mc /var/log/Samba. Kch thc ca

file ny c xc nh bng tham s max log size:

# Put a capping on the size of the log files (in Kb).

max log size = 150

Samba h tr 4 kiu bo mt trong vic chia s d liu: USER, SHARE,

DOMAIN v SERVER. bit thm chi tit tng kiu bn c th c file

security_level.txt. Mc nh khi ci Samba mode USER

# Security mode. Most people will want user level security. See

# security_level.txt for details.

security = share

# Use password server option only with security = server or

# security = domain

;password server=MyServer

Nu bn chn kiu USER v SHARE th nn t du (;) vo u dng:

;password server =


41/104

n tt nghip

41

Nu bn mun s dng ti khon (account) v mt khu (password) trn

my ch iu khin vng truy nhp vo my Linux th phi t tham s:

security = domain

v in tn my iu khin vng vo vng password server nh di y:

password server = tn domain

# You may wish to use password encryption. Please read

# ENCRYPTION.txt, Win95.txt and WinNT.txt in the Samba

#documentation.

# Do not enable this option unless you have read those documents

encrypt passwords = yes

smb passwd file = /etc/Samba/smbpasswd

Vi cc h iu hnh t Win95 OME service release 2 hoc cao hn, mt khu

c m ho mc nh, cng nh vy i vi h iu hnh Windows NT4 service

pack 3 mt khu c chuyn t khng m ho (Clear text) thnh m ho

(Encrypted). mt khu m ho ca Windows lm vic c vi Samba th hai

dng trn phi b du ch thch v nhp tn ti khon v mt khu cho my

Linux bng lnh smbpasswd.

V d:

#smbpasswd -a nampt

Lu : user nampt phi tn ti l user ca h iu hnh. Nu bn nh thit

lp security mode= domain hoc server th nn t mt khu trng vi mt khu

trn server hay domain tng ng.

# Enable this if you want Samba to be a domain logon server for# Windows95 workstations.

domain logons = yes


42/104

n tt nghip

42

Nu tham s domain logons =yes s lm cho my Linux tr thnh

domain cc my Windows95 c th ng nhp (logon) vo . Kch bn ng

nhp cho cc my trm v user s c hai tham s logon script di y xc

nh:

# if you enable domain logons then you may want a per-machine or

# per user logon script

# run a specific logon batch file per workstation (machine)

logon script = %m.bat

# run a specific logon batch file per username

logon script = %U.bat

3.3.2 cu hnh Sharing Setting.

Khi c yu cu truy xut d liu t my trm, Samba s tm cc th mc

ny trong phn Sharing Setting. Nu th mc tn ti n s kim tra mt khu m

my trm cung cp vi mt khu ca Samba, n s chia s th mc ny qua mng

nu mt khu tho mn.

Trong phn ny c nhiu tham s khc nhau, y chng ta ch trch ra

mt th mc lm v d v gii thiu nhng tham s thng dng:

[chi]

comment = Thu muc cua user chi

browseable = no

read only=no

path=/home/chi

valid users=chi

Tham s comment cng gn ging nh tham s server string m chng ta

cp phn trc nhng ch khc y l ch thch cho th mc.


43/104

n tt nghip

43

Nu b du ch thch dng browseable = no th Samba s khng ch th

th mc ny trn trnh duyt mng (v d Windows Explorer), mc d n vn

c chia s, vic ny ging nh chia s th mc trn Windows vi du $. Tham

s read only s cho php ngi dng trn my trm c th thay i ni dung file

hay khng. Nu b du ch thch ti dng:

;read only=no

th ngi dng c th thay i ni dung ca file hay to file mi, ngc li nu

du (;) u dng, ngi dng ch c th c ni dung th mc v khng

c php to bt c thay i no trong th mc.

Trong file smb.conf c mt s thng s khng th gn gi tr bng yes.V d: nu vit:

read only=yes

th smbd khng hiu gi tr v pht sinh li cu hnh. Thc cht gi tr read

only=yes chnh l ; read only=no.

Tham s path xc nh ng dn n th mc cn c chia s trn

server. Tham s valid users=chi xc nh quyn hn truy cp vo th mc chi -

v d ny ch c user chi mi c c ni dung ca th mc .

3.4 Chia s file

Sau khi cu hnh phn global setting, chng ta c th t to ra mt th mc

chia s v gii hn truy cp theo nhm hoc ngi dng c trn h thng.

V d: to th mc chia s huong trn my Linux, chng ta lm nh

sau:

Thm vo vng Sharing Setting nhng dng di y:[huong]

comment= thu muc cua huong

path=/home/huong


44/104

n tt nghip

44

valid users =huong

browseable=yes

public=no

writeable=yes

Nh vy Samba s to ra mt th mc chia s huong trn my ch, do

tham s browseable=yes nn th mc ny s c nhn thy khi ngi dng m

Windows Explorer, tuy nhin do public=no v valid users =huong nn ch c user

huong c th ng nhp. Ngoi vic phn cp theo user Samba cng c th phn

quyn truy cp cho c nhm ngi dng, vi nhm chng ta s dng du @ trc

tn nhm.V d:

Valid users=huong,@Tin5

3.5 Kim tra cu hnh va thit lp

Sau khi thit lp file cu hnh chng ta nn kim tra li, Samba cung cp 2

cng c l testparm v smbstatus. kim tra chnh xc bn phi m bo my

trm v my ch phi ni c vi nhau (Kim tra bng lnh ping).

3.5.1 Kim tra bng cng c Testparm

Testparm l chng trnh cho php kim tra gi tr ca thng s trong file

cu hnh. Cu trc ca cu lnh ny l:

Testparm configfile [hostname hostIP]

Configfile l ng dn v tn file cu hnh, mc nh n ly file smb.conf

ct trong th mc /etc/Samba/smb.conf (t Redhat 9.0)

Hostname v HostIP l hai thng s khng nht thit phi c, n hng

dn Samba kim tra c cc dch v lit k trong file smb.conf trn my xc

nh bi Hostname v HostIP.


45/104

n tt nghip

45

V d:

[root@localhost root]# testparm /etc/Samba/smb.conf thuong 10.0.0.2

3.5.2 Kim tra bng cng c smbstatus

Smbtatus l chng trnh thng bo cc kt ni hin ti, cu trc ca cu

lnh ny nh sau:

Smbstatus [-d][-p][-s config file]Tham s configfile mc nh c gn l /etc/Samba/smb.conf. Tham s

d cho ra kt qu y .

V d: [root@localhost root]# smbstatus d s /etc/samba/smb.conf


46/104


47/104

n tt nghip

47

3.6.1 S dng cu lnh smbclient

Smbclient cung cp giao din dng lnh gn ging nh giao din ca FTP

truyn file qua mng. Chi tit v cu lnh smbclient bn c th tham kho nh

cu lnh:

#man smbclient

lit k cc th mc chia s c trn my 10.0.0.2 bn dng smbclient

vi tham s L:

#smbclient -L 10.0.0.2

Kt qu s cho ra mt s th mc c trn my 10.0.0.2, vo mt trong

cc th mc trn bn dng lnh smbclient vi tham s -U tn user (tn user cquyn truy cp vo th mc tng ng).

#smbclient //10.0.0.2/tn_th_mc -U tn_user

Sau khi g vo mt khu bn s nhn c du nhc:

smb:\>

Ti du nhc ny bn c th dng cc cu lnh nh sau:

V d : Dng smbclient ni n my Windows c a ch IP l 10.0.0.2, ly

file trn my ny ta phi lm ln lt cc bc sau:

Xc nh cc th mc c cha s trn my 10.0.0.2:

#smbclient -L 10.0.0.2 -U thuong

added interface ip=10.0.0.1 bcast=10.255.255.255 nmask=255.0.0.0

session request to 10.0.0.2 failed (Called name not present)

session request to 10 failed (Called name not present)

Password:

Sau khi nhp mt khu ca ti khon thuong (trn Windows) ta nhn c

danh sch cc th mc share trn my 10.0.0.2 nh hnh di y:


48/104

n tt nghip

48

Sau khi bit c cc th mc trn my, bn phi dng cu lnh:

[root@localhost root]# smbclient //10.0.0.2/SETUP -U thuong

Cant find include file /etc/Samba/smb.conf.

added interface ip=10.0.0.1 bcast=10.255.255.255 nmask=255.0.0.0

session request to 10.0.0.2 failed (Called name not present)

session request to 10 failed (Called name not present)

Password:

Domain=[GROUP] OS=[Windows 5.1] Server=[Windows 2000 LANManager]

smb: \>


49/104

n tt nghip

49

Ti du nhc ny bn c th xem cc file bn trong th mc tienna bng

lnh ls, ly n v my Linux bng lnh get hoc mget:

3.6.2 Truy cp t my Windows

Vi my Windows vic truy cp d dng hn nhiu, bn ch cn m

Windows Explore v tm n domain m my Linux ng nhp, nhn chut ln

tn my Linux sau nhp vo tn ti khon v mt khu tng ng, bn s nhn

thy cc th mc chia s (sharing) hin ra. Ti y bn cng c th thc hin cc

tnh nng nh map a, ng b th mc, sao chp file nh cc my

Windows thng thng.


50/104

n tt nghip

50

CHNG iV: Squid proxy server

4.1. Tm quan trng v phng thc hot ng ca Squid cache

Squid l mt chng trnh cache proxy chy trn nn tng Unix v Linux.N chuyn tip cc yu cu t my khch (trong trng hp ny l web

browsers) ti server. Khi m i tng yu cu tr v ti squid server n s

chuyn v cho client v gi mt bn copy cache. Mt trong nhng li ch ca

cache l khi vi client yu cu cng mt i tng th n s c ly t trong

cache gip cho cc client nhn c d liu nhanh hn l t Internet. Vic ny

cng gim cc traffic trn mng.

Cng vi caching squid cn c cc c tnh nh chia ti bng cch lin kt

cc proxy server, nh ngha cht ch cc danh sch iu khin truy cp cho cc

client truy cp proxy, cho php hay t chi truy cp ti cc trang web c bit.

Squid khng phi l proxy chung m n thng thng l proxy cho kt ni

HTTP. N cng h tr cc giao thc FTP, Gopher, SSL, v WAIS nhng n li

khng h tr cc giao thc internet khc nh Real Audio, news hoc hi tho trc

tuyn bi v Squid ch h tr giao thc UDP lin kt gia cc cache nhiuchng trnh multimedia khc cng khng c h tr.

Proxy caches

L mt Proxy caches Squid c th c s dng theo mt vi cch. Khi m

kt hp vi Firewall n c th gip cho vic bo mt. Nhiu Proxy c th c s

dng vi nhau v c th xc nh loi i tng no cn lu trong cache v lu

trong bao lu.

Squid v bo mt

Chng ta c th s dng squid cng vi Firewall bov mng ni b t

bn ngoi s dng proxy cache. Fireawall t chi tt c client truy cp ti dch v


51/104

n tt nghip

51

bn ngoi ngoi tr squid. Mi kt ni ti web phi c thit lp theo cch ca

proxy.

Nu cu hnh Firewall bao gm mt DMZ proxy c th vn hnh trong vng

ny. Trong trng hp ny tt c my tnh trong DMZ gi cc file log ti my

trong mng bo mt l rt quan trng.

Multiple caches

Vi proxy c th c cu hnh theo cch m cc i tng c th trao i

gia chng. Vic ny lm gim ti ton b h thng v tng kh nng tm mt

i tng tn ti trn mng cc b. Cn c kh nng cu hnh cache th

bc mt cache c th a ra yu cu ti mt cache cp thp hn hay cao hn.Vic chn c m hnh thch hp cho cache th bc l rt quan trng. Bi v

chng ta khng mun tng cc traffic trn mng. Vi mng rt ln chng ta c

th cu hnh proxy server cho tt c cc mng con v kt ni n ti mt proxy

cha m n kt ni ti proxy ca ISP.

Tt c cc giao tip c thc hin bi ICP ( Internet cache protocol)

chy trn giao thc UDP. D liu lu thng gia cc cache th s dng HTTP da

trn giao thc TCP.

Tm server thch hp nht nhn cc i tng th mt cache gi mt gi

tin ICP yu cu ti tt c cc proxy ngang hng. Gi tin ICP tr li s km theo

m HIT nu i tng c tm thy hoc m MISS nu khng thy. Nu nhiu

gi tin tr li vi m HIT th proxy server s quyt nh server ti v da vo

cc nhn t nh: cache no gi gi tin tr li sm nht hoc ci no gn nht.

Trong trng hp nhn c tn hiu tr li vi m MISS th yu cu s gi ticache cha.

Ch : trnh s trng hp d liu gia cc cache trong mt mng th

giao thc ICP khc c s dng nh: CARP (cache array routing protocol) hoc


52/104

n tt nghip

52

HTCP (hyper text cache protocol). Cng nhiu i tng lu trong mng th cng

nhiu kh nng tm thy d liu mong mun.

Caching Internet

Khng phi tt c cc i tng c trn mng u l tnh m c rt nhiu

cc trang ng c to bi CGI nh m lng khch truy nhp v ni dung ti

liu SSL c m ha. Cc i tng nh vy khng c cache bi v n thay

i mi khi chng c truy cp.

Cu hi lu tr cc i tng trong bao lu cache vn cn kh c li gii

thch hp. xc nh iu ny tt c cc i tng trong cache c gn mt

trong cc tnh trng: Last modified hoc Expires vo header. Server s dngthut ton LRU (last recently used) thay th cc i tng trong cache nhm

tng dung lng a n gin l server s loi b cc i tng m lu khng c

yu cu truy cp.

4.2. Ci t

Vo trang www.squid-cache.org load phn mm squid v my

S dng lnh sau ci squid:

[root@home]#rpm -i squid-version.i386.rpm

Sau khi ci s c cc th mc lin quan:

/usr/bin: Lu nhng th vin ca squid.

/ect/squid : Lu cc file cu hnh squid.

/var/log/squid :Lu cc tp tin log ca squid.

4.3. Tp tin cu hnh /etc/squid/squid.conf

Tt c nhng iu chnh i vi proxy server Squid c to trong /etc/squid/squid.conf. chy squid ln u tin khng cn phi thay i ni

dung ca file ny nhng tt c cc yu cu ca client bn ngoi s b t chi theo

mc nh. N ch c cho loccalhost. Cng mc nh l 3128. Sau khi ci th


53/104

n tt nghip

53

/etc/squid/squid.conf cung cp thng tin chi tit v cc ty chn v nhiu v d.

Gn nh tt c cc kha u bt u vi # ( Cc dng ch thch). Cc c t

c lin quan c th tm thy cui dng. Cc gi tr a ra hu ht l cc gi tr

tng quan vi gi tr mc nh do vy loi b du ch thch m khng thay i

cc tham s th s c mt t thay i trong hu ht trng hp.

4.4. Cu hnh cc ty chn c bn

- http_port :Cu hnh port m squid s lng nghe nhng yu cu c gi

n.

C php:

http_port Mc nh: http_port 3128

Ta thng thay i cng ny l : 8080

http_port 8080

- Cache_peer: Nu proxy khng kt ni trc tip n Internet hoc nm sau

mt firewall th ta phi cu hnh proxy ny truy vn n proxy khc bng tham s

cache_peer:

C php:

cache_peer

l tn hay a ch IP ca proxy truy vn n.

= parent , sibling hay multicast

l port m c thit lp bi parent proxy thng l 8080

l port m icp chy.

V d: truy vn n proxy ca ISP.cache_peer www.vdc.com.vn parent 8080 8082

Ngoi ra trong cng mt mng nu c nhiu proxy th c th cu hnh

cc proxy ny truy vn ln nhau:


54/104

n tt nghip

54

cache_peer proxy1.vdc.com.vn sibling 8080 8082

cache_peer proxy2.vdc.com.vn sibling 8080 8082

sibling c ngha la ngang hng

- Nhng ty chn nh hng n cache

cache_mem : kha ny nh ngha lng b nh dng cho cache.

cache_mem 8 MB

cache_dir: cu hnh th mc lu tr d liu c cache

cache_dir /usr/local/squid/cache 100 16 256

c ngha l th mc cache nm /usr/local/squid/cache c dung lng l

100 MB c 16 th mc con trong n mi th mc con c 256 th mc con na.Nu c vi a m chia s cache th c th thm vi dng cache_dir

cache_access_log

cache_access_log /var/log/squid/access.log

cache_log

cache_log /var/log/squid/cache.log

cache_store_log

cache_store_log /var/log/squid/store.log

- Ngi dng v nhm c th thay i squid. Cache_efactive_user,

Cache_efactive_group

cache_efactive_user chi

cache_efactive_group chi

- access control list v access control operator

4.5. Access control listBn c th dng access control list ngn chn, gii hn vic truy xut

da vo tn min, a ch IP ch (IP my hoc mng). Mc nh squid t chi

phc v tt c v vy phi cu hnh tham s ny.


55/104

n tt nghip

55

nh ngha access list dng th acl

c php:

acl < loi acl> ...

acl < loi acl> ...

acl src /

acl src -

/

acl srcdomain

acl dst /

acl dstdomain

acl port ..

acl port -

acl proto

acl method [GET] [POST]

S dng acl vi cc th iu khin

Th iu khin truy xut HTTPhttp_access allow/deny [!]

Th iu khin truy xut cache_peer

cache_peer_access cache host allow/deny [!]

Cc v du:

- Ch cho php mng 172.16.1.0/24 c dng proxy server bng t kha

src trong acl

acl MyNetwork src 172.16.1.0/255.255.255.0

http_access allow MyNetwork

http_access deny all


56/104

n tt nghip

56

- Cm cc my truy xut n site www.mail.yahoo.com

acl BadDomain srcdomainwww.mail.yahoo.com

http_access deny BadDomain


Nu danh sch site cm truy xut qu di th c th lu chng co tp tin vn

bn. Ni dung ca danh sch ny l cc a ch m ta cm. Mi a ch ghi trn 1

dng.

[root@home]#cat >/etc/squid/cam

ni dung file cm:

www.mail.yahoo.comwww.gmail.com

www.vnexpress.net

acl BadDomain srcdomain /etc/squid/cam



Nu c nhiu acl th ng vi mi acl c mt http_access

- Cm cc my truy xut n site www.mail.yahoo.com. Ch c mng

172.16.1.0/24 l c php dng proxy

acl MyNetwork src 172.16.1.0/255.255.255.0

acl BadDomain srcdomain www.mail.yahoo.com


http_access allow MyNetwork

http_access deny all4.6. Khi ng squid

khi ng squid ta dng lnh:


57/104

n tt nghip

57

[root@home]# /etc/init.d/squid start

dng squid ta dng lnh:

[root@home]# /etc/init.d/squid stop

khi ng li squid ta dng lnh:

[root@home]# /etc/init.d/squid restart


58/104

n tt nghip

58

Chng V: Cu hnh WEB SERVER5.1 Ci t apache, php, mysql.

Apache l mt Web server rt mnh v cng l mt phn mm c chn

lm web server chy trn hu ht cc server Linux. Do p ng c nhiu

yu cu ca ngi dng nh pht trin ng dng, kt ni vi cc h c s d liu

thng dng, kh nng bo mt, chy trn nhiu h iu hnh khc nhau v mt

iu m chng ta u bit l n min ph.

y chng ta ly v d my ch c a ch IP l 10.0.0.1 ci apache

cn my trm c a ch IP cn li ca lp A

5.1.1 Download v ci t Apache

Chng ta c th download apache a ch: http://httpd.apache.org

n gin hn c th copy tp tin apache-2.0.15.i386.rpm trn a ci

t RedHat 9.0

Sau khi c file apache-2.0.15.i386.rpm th copy n vo th mc no

ri chy lnh rpm vi tham s ivh chng hn ta copy vo th mc /var/apache

#cp apache-2.0.15.i386.rpm /var/apache

chuyn vo th mc /var/apache

#cd /var/apache

ci t

#rpm -ivh apache-2.0.15.i386.rpmsau khi thc hin cc lnh trn th apache c ci t trn Linux.

khi ng dch v ta g lnh:

#/etc/rc.d/init.d/httpd start


59/104

n tt nghip

59

C th vo trnh duyt kim tra. Vo trnh duyt g http://10.0.0.1 nu

thy mn hnh nh sau th apache hot ng.

5.1.2 Download v ci t php

Chng ta c th download php a ch: http://php.net

Sau khi c file php.rpm th copy n vo th mc no ri chy lnh

rpm vi tham s ivh chng hn ta copy vo th mc /var/php

#cp php.rpm /var/php

chuyn vo th mc /var/php #cd /var/php

ci t

#rpm -ivh php.rpm


60/104

n tt nghip

60

Sau khi thc hin cc lnh trn th php c ci t trn Linux h tr

cho apache.

kim tra xem php hot ng trn apache cha ta tao file php chy

th:

#echo Tin5-k5 vui ve>/var/www/html/thu.php

Vo trnh duyt g http://10.0.0.1/thu.php nu thy mn hnh nh sau th

php hot ng:

5.1.3 Download v ci t Mysql

Chng ta c th download Mysql a ch: http://mysql.com


61/104

n tt nghip

61

Sau khi c file mysql.rpm th copy n vo th mc no ri chy lnh

rpm vi tham s ivh chng hn ta copy vo th mc /var/mysql

#cp mysql.rpm /var/mysql

chuyn vo th mc /var/mysql

#cd /var/mysql

ci t

#rpm -ivh mysql.rpm

Sau khi thc hin cc lnh trn th php c ci t trn Linux h tr

cho apache.

kim tra xem Mysql hot ng trn apache cha ta tao file php ctruy cp c s d liu chy th:

G lnh: mysql -u root

Lc ny s xut hin du nhc mysql>, bn g ln lt cc lnh:

use test;

CREATE TABLE books (

id int(3) not null auto_increment,

name char(50) not null,

unique(id),

primary key(id)

);

INSERT INTO books (name) values('PHP 4 Newbies');

INSERT INTO books (name) values('Red Hat Linux Server');

exit

Lnh exit s thot khi du nhc ca mysql.


62/104

n tt nghip

62

To file mysql.php trong th mc /var/www/html/ ni dung file mysql.php

nh sau:

Ri sang browser chy thhttp://10.0.0.1/mysql.php nu thy hnh nh

sau l thnh cng.


63/104

n tt nghip

63

5.2 Cu hnh Apache c bn

cu hnh Apache th phi sa thng tin trong tp tin

/etc/httpd/conf/httpd.confTp tin cu hnh ca /etc/ httpd/conf/httpd.conf

Tp tin httpd.conf l tp tin cu hnh chnh ca web server

Apache. Tp tin httpd.conf t thit t chnh n cho vic ci t cu hnh quen

thuc vi:

ServerType standalone: Ty chn Server root ch r Apache phi

chy trn h thng nh th no. C th chy n t super-server inetd, hoc nh

standalone deamon. N c ngh chy theo kiu standalone thi hnh v c

tc tt hn.


64/104

n tt nghip

64

ServerRoot /etc/httpd: Ty chn ServerRoot ch r th mc

lu nhng tp tin ang s dng ca my ch Apache. N ch cho Apache bit

ni no c th tm thy nhng tp tin khi n khi ng.

PidFile /var/run/httpd.pid: Ty chn PidFile ch r ni m

my ch s ghi li id ca tin trnh ca deamon khi n khi ng. Ty chn ny

ch c yu cu khi cu hnh Apache kiu standalone.

ResourceConfig /dev/null: Ty chn ResourceConfig ch r ni

lu tr tp tin c srm.conf ni ny Apache c sau khi n c xong tp tin

httpd.conf. Khi bn t ng dn n /dev/null, Apache cho php bn a

vo ni dung ca tp tin ny trong tp tin httpd.conf, v theo cch ny th s cmt tp tin kim sot tt c nhng tham s cu hnh cho n gin.

AccessConfig /dev/null: Ty chn AccessConfig ch r ni lu

tr tp tin c access.conf ni ny Apache c sau khi n c xong tp tin

srm.conf. Khi bn t ng dn n /dev/null, Apache cho php a vo

ni dung ca tp tin ny trong tp tin httpd.conf, v theo cch ny ta va c

mt tp tin kim sot tt c nhng tham s cu hnh cho n gin.

Timeout 300: Ty chn Timeout ch r khong thi gian Apache

s ch cho mt yu cu GET, POST, PUT v pht hin tn hiu ACKs. C th an

ton b i ty chn trn gi tr mc nh ca n.

KeepAlive On: Ty chn KeepAlive, nu m On, cho php duy

tr kt ni lin tc trn web server. thc hin tt hn, nn chn On, v cho

php nhiu hn mt yu cu trn kt ni.

Max KeepAliveRequests 0: Ty chn Max KeepAliveRequestsch r s yu cu cho php trn kt ni ty chn KeepAlive trn c

On. Khi gi tr bng 0 th khng c gii hn yu cu c php trn my ch.


65/104

n tt nghip

65

Tng kh nng thc hin cho my ch nn cho php khng gii hn nhng yu

cu.

KeepAliveTimeout 15: Ty chn KeepAliveTimeout ch r

khong thi gian c tnh bng giy, Apache s ch yu cu n sau trc khi

ngt kt ni. 15 l mt gii hn tt cho my ch thc hin.

MinSpareServers 16: ty chn MinSpareServers ch r s nh

nht ca idle child server processes cho Apache, iu ny khng gii quyt mt

yu cu. y l tham s iu chnh quan trng i vi s thc hin ca web

server Apache. S hot ng vi trng ti cao, 16 l mt gi tr ngh bi

nhng im chun khc nhau trn Internet.MaxSpareServers 64: Ty chn MaxSpareServers 64 ch r s ln

nht ca idle child server processes cho Apache, iu ny khng gii quyt mt

yu cu. y l tham s iu chnh quan trng i vi s thc hin ca web

server Apache. S hot ng vi trng ti cao, 16 l mt gi tr ngh bi

nhng im chun khc nhau trn Internet.

StartServers 16: Ty chn StartServers ch r s ca child server

processes n s c to bi Apache lc khi ng. y l tham s iu chnh

quan trng i vi s thc hin ca web server Apache. S hot ng vi trng ti

cao, 16 l mt gi tr ngh bi nhng im chun khc nhau trn Internet.

MaxClient 512: Ty chn MaxClient ch r nhng yu cu xy ra

cng mt thi im n c th c h tr bi Apache. y l tham s iu chnh

quan trng i vi s thc hin ca web server Apache. S hot ng vi trng ti

cao, 512 l mt gi tr ngh bi nhng im chun khc nhau trn Internet. MaxRequestsPerChild 100000: Ty chn MaxRequestsPerChild

ch r s nhng yu cu ca mt child server processes ring l s x l. y


66/104

n tt nghip

66

cng l tham s iu chnh quan trng i vi s thc hin ca web server

Apache.

User www: Ty chn User ch r UID m my ch Apache s

chy. iu quan trng to mi mt nhm ngi dng c quyn ti thiu truy

cp h thng, v nhng chc nng chy c web server deamon.

Group www: Ty chn Group ch r GID m my ch Apache s

chy. iu quan trng to mi mt nhm ngi dng c quyn ti thiu truy

cp h thng, v nhng chc nng chy c web server deamon.

DirectoryIndex index.htm index.html index.php index.php3

default.html index.cgi: Ty chn DirectoryIndex ch r nhng tp tin ngidng bi Apache nh l mt th mc index HTML vit sn. Ni cch khc, nu

Apache khng thy trang index mc nh hin th, n s c tm danh sch k

tip trong tham s ny (nu c sn). tng tc cho web server nn c danh

sch cha hu ht nhng trang index mc nh hin th nhng trang web u

tin.

Include /conf/mmap.conf: Ty chn Include ch r ni lu trnhng tp tin khc m bn c th a vo t bn trong nhng tp tin cu

hnh(httpd.conf). Trng hp ny a vo tp tin mmap.conf c lu tr trong

th mc /etc/httpd.conf. Tp tin(mmap.conf) sp xp cc tp tin vo trong b

nh truy xut nhanh hn.

HostnameLookups Off: Ty chn HostnameLookups, nu chn

Off nh r khng cho DNS tra cu. Nn chn Off gim thi gian luthng trn mng, ci thin tc ca web server Apache.


67/104

n tt nghip

67

5.3 Cu hnh bo mt apache

5.3.1 Gii hn a ch ip.

Theo thng k thc t, 70% cc cuc tn cng xut pht t cc my tnhtrong mng ni b, 30% s cn li n t cc my mng bn ngoi. V vy, vic

gii hn c cc my tnh trong mng 'dm ng' nhng ti nguyn quan trng

v nhy cm trn my ch cng nhiu cng tt. Module mod_access ca Apache

c kh nng xc nh c a ch IP ca my trm c yu cu s dng dch v

Web, da trn n p dng cc chnh sch (policy) m ngi qun tr khai

bo quyt nh my tnh c a ch IP c c php s dng dch v hay

khng.Vic khai bo cc chnh sch c thc hin bng vic sa i file cu

hnh ca Apache (mc nh s c lu vo file /etc/httpd/conf/httpd.conf) v

thm vo cc th.

ngn hay cho php mt a ch, di a ch IP xc nh, Apache c th

Allow v Deny. C php ca hai th ny nh sau:

Allow from host-or-network #Cho php host hoc mt gii IP truy cp

Deny from host-or-network # Cm host hoc mt gii IP truy cp

host-or-network c th l:

Tn host hoc tn domain (v d: www.foo.com)

Mt a ch IP xc nh (v d: 10.0.0.2)

Mt a ch IP v a ch mng con (v d: 10.0.0.0/255.0.0.0 - xc nh

tt c cc my tnh c a ch IP c byte u l 10, bt k 3 byte sau l

g).

Vi hai th trn, Apache khuyn co s dng a ch IP thay cho tn

domain, bi nu khai theo tn domain th Apache phi tn thi gian chuyn i


68/104

n tt nghip

68

t domain name sang IP v sau mi p dng cc chnh sch gii hn cho a

ch ny. Vic ny dn n s tiu tn ti nguyn ca my ch.

Nu mun dng c hai th Allow v Deny th th t ca chng c xc

nh bng th Order.

V d: cu hnh ch cho cc my c a ch IP c byte u tin l 10 c

xem ni dung file .html th khai bo nh sau:

Order Deny,Allow #khng c khong trng gia hai t kho

Deny from All

Allow from 10.0.0.0/255.0.0.0

Sau khi thay i ni dung file cu hnh (/etc/httpd/conf/httpd.conf), thay

i ny c hiu lc phi khi ng li dch v Web (httpd) bng lnh:

[root@localhost root]# /etc/rc.d/init.d/httpd restart

Apache s thc thi th Deny trc v th Allow sau. Cch lm ny c

tin hnh tng t i vi th mc.

V d: C mt din n (forum) t ti th mc vt l l

/var/www/html/forum . V mun gii hn cho cc my tnh thuc di a ch t

10.0.0.1 n 10.0.0.15 , hoc my c a ch 10.0.0.91 th c th khai bo nh

sau:

Order Deny,Allow

Deny from AllAllow from 10.0.0.1/ 28

Allow from 10.0.0.91


69/104

n tt nghip

69

Khi khai bo nh vy th ch c cc my tnh c a ch IP tho mn

iu kin trn mi c th truy cp vo din n ny. Tt c cc my tnh c a

ch

IP nm ngoi di trn s nhn c thng bo 'Access forbidden!' nh hnh

di y.

5.3.2 Gii hn truy cp theo ti khon s dng

Nu mun bo v cc trang thng tin ca mnh trn Website bng cch

yu cu ngi dng phi nhp vo tn ti khon (username) v mt khu

(password) th Apache cng c sn module mod_auth p ng yu cu ny.

Apache cung cp 2 kh nng xc thc ngi dng l Basic authentication v

Digest authentication. Trong , Digest authentication c nh gi l an ton


70/104

n tt nghip

70

hn nhng li t c pht trin. Cch xc thc c s dng ph bin vi cc

Web server Apache hin nay l basic authentication, cch xc thc ny s dng

64 bit m ha tn ti khon v mt khu trc khi gi n server. iu ny

cn c ngha l vic chn thng tin trn ng truyn gii m ly tn ti

khon v mt khu l cng vic ht sc kh khn.

Cc thng tin v tn ti khon v mt khu c to bng chng trnh

htpasswd. Cc thng tin ny s c lu vo mt file text vi trung mt khu

c m ho v khi cn xc thc ngi dng Apache s gii m mt khu m

ngi dng cung cp sau mang so snh vi mt khu lu tr. C php ca cu

lnh htpasswd nh sau (cc thng tin trong du ngoc vung '[]' l tu chn) :htpasswd [options] pwfile username [password]

options bao gm:

m: Chn thut ton m ho mt khu l MD5.

d: Dng thut ton m ho ca h thng m ha mt khu.

s: M ha mt khu theo thut ton SHA.

b: Nhp mt khu trc tip vo dng lnh.

Thut ton m ha c th c p dng cho tng bn ghi khc nhau trong

mt file, iu ny c ngha l cc ti khon khc nhau c th c mt khu

c m ha theo cc thut ton khc nhau.

c: Mc nh htpasswd hiu rng file cha ti khon v mt khu (pwfile)

tn ti. V vy to mt file mi bn phi s dng tu chn -c.

pwfile: L tn file lu tr tn ti khon v mt khu.

username: Tn ti khon cn to.password: Mt khu ca ti khon tng ng (ch s dng khi c option l

'-b').


71/104

n tt nghip

71

V d: to ra ti khon l chi vi mt khu l 123456 vo mt file mi l

/etc/http/conf/passwd th cu lnh y l:

#htpasswd -cb /etc/httpd/conf/passwd chi 123456

hoc:

#htpasswd -c /etc/http/conf/passwd chi

Sau khi to c file cha ti khon v mt khu ca ngi dng th ngi

qun tr s phi s dng cc th AuthName, AuthType, AuthUserFile v Require

khai bo trong file cu hnh http.conf.

V d: Mun a ln mt trang sch in t c a ch URL l

http://10.0.0.1/book/ v yu cu mi ngi vo trang ny u phi c tn tikhon v mt khu c gn nh trc. File cu hnh

/etc/httpd/conf/http.conf phi thm vo cc dng sau:

AuthName 'Insiders Only'

AuthType Basic

AuthUserFile /etc/httpd/conf/passwd

Require valid-user

Khi ngi dng yu cu tran web th apache s yu cu nhp username

v password


72/104

n tt nghip

72

Lu : Mc nh dch v Web (httpd) s s dng account Apache khi

ng cng nh xc nh cc quyn hn c/ghi cho cc file v th mc trn h

thng. V vy, ti khon ny phi c quyn c file /etc/httpd/conf/passwd

bit c mt khu ngi s dng v ti khon tng ng. lm vic ny ta cth dng mt trong hai lnh sau:

[root@localhost root]# chmod ugo+r /etc/httpd/conf/passwd

hoc

[root@localhost root]# chown apache /etc/httpd/conf/passwd

Cng ging nh vic khai bo chnh sch cho a ch IP, sau khi khai bo

li file cu hnh cho cc th AuthName, AuthType, AuthUserFile v Require

Apache, httpd yu cu phi c khi ng li xc nhn s thay i ny. V

vy, sau mi ln thay i phi dng lnh:

[root@localhost root]# /etc/initd.d/httpd restart


73/104

n tt nghip

73

Vi cu hnh nh trn, ch ngi s dng no c ti khon v mt khu

trong file /etc/httpd/conf/passwd mi c quyn ng nhp vo trang Web

http://DiaChiIPCuaMay/book/.

Th Require c cc gi tr sau:

valid-user: ch nhng ngi c ti khon hp l.

user userid: ch cho php cc ti khon ny ng nhp nu cung cp

ng mt khu.

group groupid: ch c ti khon thuc cc cc nhm xc nh mi c

quyn ng nhp.

V d: C 4 ngi dng khai bo trong file /etc/ httpd/conf/passwd l'thuong', 'huong', 'chi', 'bidao'. Trong s 4 ngi ny bn ch cho php 3 ngi l

'thuong', 'huong', 'chi' c ng nhp vo a ch http://10.0.0.1/secure/.

Alias /secure/ '/var/www/secure/'

# th ny nh x th mc '/var/www/secure/ ln http://10.0.0.1/secure/

AuthType Basic

AuthName '3 Member Only'


Require user thuong huong chi

Th AuthUserFile: Ch cho php xc nh tng ngi dng. Khi mun xc

nh cho mt nhm ngi dng phi dng th AuthGroupFile, c php ca th

ny nh sau:

AuthGroupFile Filepath


74/104


75/104

n tt nghip

75

Nhng ti khon khng thuc nhm Admin s khng th ng nhp c vo

http://10.0.95.15/book/, nu c ng nhp sau 3 ln s nhn c thng bo'Authentication required!'


76/104

n tt nghip

76

i khi nhiu ngi mun kt hp c gii hn theo a ch IP v ngi

dng, vic ny hon ton c th trin khai c vi Apache, di y l mton file cu hnh v d:

Order Deny,Allow

Deny from All

Allow from 10.0.0.0/255.0.0.0

AuthName 'Insiders Only'AuthType Basic


Require valid-user


77/104

n tt nghip

77

Nh vy, truy cp c file phpinfo.php ngi s dng phi qua c 2

vng kim tra, ln th nht Apache s kim tra a ch IP ca my ngi dng

yu cu c nm trong di 10.0.0.0/255.0.0.0 hay khng, nu iu kin ny tho,

n tip tc kim tra mt khu v ti khon ngi dng cung cp c tng ng vi

thng tin lu trong file /etc/httpd/conf/passwd hay khng, nu c hai u tho th

ngi dng s c c ni dung file ny.


78/104

n tt nghip

78

Chng vI: Bo mt vi Firewall, ip tables

6.1 FireWall6.1.1 nh ngha

Thut ng FireWall c ngun gc t mt k thut thit k trong xy dng

ngn chn, hn ch ho hon. Trong Cng ngh mng thng tin, FireWall l mt

k thut c tch hp vo h thng mng chng li s truy cp tri php

nhm bo v cc ngun thng tin ni b cng nh hn ch s xm nhp vo h

thng ca mt s thng tin khc khng mong mun.Internet FireWall l mt thit b (bao gm phn cng v phn mm) gia

mng ca mt t chc, mt cng ty, hay mt quc gia (Intranet) v Internet.

6.1.2 Chc nng

FireWall quyt nh nhng dch v no t bn trong c php truy cp t

bn ngoi, nhng ngi no t bn ngoi cphp truy cp n cc dch v bn

trong, v c nhng dch v no bn ngoi c php truy cp bi nhng ngi

bn trong.6.1.3 Cu trc ca FireWall

FireWall bao gm :

Intranet

FireWall

Internet


79/104

n tt nghip

79

Mt hoc nhiu h thng my ch kt ni vi cc b nh tuyn (router)

hoc c chc nng router.

Cc phn mm qun l an ninh chy trn h thng my ch. Thng thng

l cc h qun tr xc thc (Authentication), cp quyn (Authorization) v k

ton (Accounting).

6.1.4 Cc thnh phn ca FireWall

Mt FireWall bao gm mt hay nhiu thnh phn sau :

+ B lc packet (packet- filtering router).

+ Cng ng dng (Application-level gateway hay proxy server).

+ Cng mch (Circuite level gateway).6.1.4.1 B lc packet (Packet filtering router)

Khi ni n vic lu thng d liu gia cc mng vi nhau thng qua Firewall

th iu c ngha rng Firewall hot ng cht ch vi giao thc TCI/IP. V

giao thc ny lm vic theo thut ton chia nh cc d liu nhn c t cc ng

dng trn mng, hay ni chnh xc hn l cc dch v chy trn cc giao thc

(Telnet, SMTP, DNS, SNMP, NFS...) thnh cc gi d liu (data packets) ri gn

cho cc packet ny nhng a ch c th nhn dng, ti lp li ch cn gi

n, do cc loi Firewall cng lin quan rt nhiu n cc packet v nhng

con s a ch ca chng.

B lc packet cho php hay t chi mi packet m n nhn c. N kim tra

ton b on d liu quyt nh xem on d liu c tho mn mt trong

s cc lut l ca lc packet hay khng. Cc lut l lc packet ny l da trn cc

thng tin u mi packet (packet header), dng cho php truyn cc packet trn mng. l:

a ch IP ni xut pht ( IP Source address)

a ch IP ni nhn (IP Destination address)


80/104

n tt nghip

80

Nhng th tc truyn tin (TCP, UDP, ICMP, IP tunnel)

Cng TCP/UDP ni xut pht (TCP/UDP source port)

Cng TCP/UDP ni nhn (TCP/UDP destination port)

Dng thng bo ICMP ( ICMP message type)

Giao din packet n ( incomming interface of packet)

Giao din packet i ( outcomming interface of packet)

Nu lut l lc packet c tho mn th packet c chuyn qua firewall.

Nu khng packet s b b i. Nh vy m Firewall c th ngn cn c cc kt

ni vo cc my ch hoc mng no c xc nh, hoc kho vic truy cp

vo h thng mng ni b t nhng a ch khng cho php. Hn na, vic kim

sot cc cng lm cho Firewall c kh nng ch cho php mt s loi kt ni nht

nh vo cc loi my ch no , hoc ch c nhng dch v no (Telnet,

SMTP, FTP...) c php mi chy c trn h thng mng cc b.

6.1.4.2 Cng ng dng (application-level getway)

y l mt loi Firewall c thit k tng cng chc nng kim sot cc

loi dch v, giao thc c cho php truy cp vo h thng mng. C ch hotng ca n da trn cch thc gi l Proxy service. Proxy service l cc b code

c bit ci t trn gateway cho tng ng dng. Nu ngi qun tr mng khng

ci t proxy code cho mt ng dng no , dch v tng ng s khng c

cung cp v do khng th chuyn thng tin qua firewall. Ngoi ra, proxy code

c th c nh cu hnh h tr ch mt s c im trong ng dng m ng-

i qun tr mng cho l chp nhn c trong khi t chi nhng c im khc.

Cng ng dng thng c coi nh l mt pho i (bastion host), bi v nc thit k t bit chng li s tn cng t bn ngoi. Nhng bin php

m bo an ninh ca mt bastion host l:


81/104

n tt nghip

81

Bastion host lun chy cc version an ton (secure version) ca cc phn mm h

thng. Cc version an ton ny c thit k chuyn cho mc ch chng li s

tn cng vo phn mm h thng, cng nh l m bo s tch hp firewall.

Ch nhng dch v m ngi qun tr mng cho l cn thit mi c ci t

trn bastion host, n gin ch v nu mt dch v khng c ci t, n khng

th b tn cng. Thng thng, ch mt s gii hn cc ng dng cho cc dch v

Telnet, DNS, FTP, SMTP v xc thc user l c ci t trn bastion host.

Bastion host c th yu cu nhiu mc xc thc khc nhau, v d nh user

password hay smart card.

Mi proxy c t cu hnh cho php truy nhp ch mt s cc my ch nhtnh. iu ny c ngha rng b lnh v c im thit lp cho mi proxy ch

ng vi mt s my ch trn ton h thng.

Mi proxy

Documents

Do an Tot Nghiep Linux