..

- FreeBSD.

- 20081. 4

1.1. FreeBSD 41.2. FreeBSD 51.3. 6

2. FreeBSD 72.1. 72.2. 72.3. Distributions Packages 9

3. FreeBSD 103.1. root 103.2. (ifconfig) 103.3. ADSL (ppp) 113.4. (/etc/rc.conf) 123.5. 133.6. (cvsup) 133.7. DNS (named) 143.8. (sendmail) 153.9. proxy- (squid) 163.10. (locate) 163.11. FreeBSD 163.12. FreeBSD 17

4. FreeBSD 184.1. (sendmail + drweb) 184.2. IMAP (sendmail + dovecot) 184.3. (sendmail + spamassassin) 194.4. ftp- (ftpd) 214.5. firewall (ipfw) 224.6. proxy- (squid) 234.7. web- (apache) 254.8. apache + php + mysql 254.9. Web- (openwebmail, squirrelmail) 264.10. ( DNS) 264.11. (socket) 274.12. (ipsec) 274.13. VPN (openvpn) 274.14. FreeBSD 284.15. (mrtg) 284.16. (ipa) 294.17. sms 334.18. FreeBSD 34

5. 355.1. shell 355.2. , 375.3. vi 395.4. shell 415.5. 48

6. 50

3

1.

1.01. FreeBSD

UNIX Bell Labs AT&T. (Ken Thompson) (Dennis Ritchie) UNIX, - . 60- AT&T Bell Labs Multics. , . , , . DEC PDP-7 , , . 1969 Bell Labs , , , , UNIX. UNIX , 1973 UNIX , . UNIX . , , , UNIX . , UNIX .

AT&T ( , ). AT&T UNIX . UNIX 80% , . , UNIX, Computer Systems Research Group. , 1975 Bell Labs . - (Bill Joy). UNIX Berkley Software Distribution, BSD. 70- : , Advanced Research Project Agency UNIX . , , . , , UNIX . Sun Microsystems. Sun , BSD SunOS. BSD 1991 BSD Intel x86, , BSD 86.

1993 , UNIX . . NetBSD. . , NetBSD.

4

FreeBSD. , . , Intel x86. FreeBSD UNIX- BSD.

1.02. FreeBSD

, FreeBSD . .

, FreeBSD , , . Netcraft (netcraft.com), , 50 47 FreeBSD. Web- 1 5 ! , , FreeBSD.

, FreeBSD , . FreeBSD , . , , .

online! , FreeBSD. .

. FreeBSD, , ..

, , FreeBSD Web-.

FreeBSD Windows Linux.Microsoft , , .

Windows , . , Windows , , . , Windows . , Windows . FreeBSD . , . Windows, FreeBSD . , . FreeBSD , , . Windows , , Windows, , Windows- Windows. , , . , , , , .

Windows . , . FreeBSD , .

5

. Windows , .

Linux, , , Windows. . Linux UNIX. FreeBSD, , . FreeBSD Linux , , Linux , FreeBSD, , , , Linux. , FreeBSD , Linux. , FreeBSD , Linux 30. FreeBSD . Linux . , , Linux . FreeBSD , . Linux , ( Linux). , Linux, , Linux , , , . , FreeBSD , Linux. , , . FreeBSD , Linux . FreeBSD, , , , Linux. : , , .

1.03.

, , UNIX. , , FreeBSD - . - FreeBSD, , , , , . , FreeBSD- , , .

, . - , FreeBSD , .

, , , , FreeBSD.

, , , 5.01, 5.02 5.03, , 5.04.

6

, FreeBSD 6.3 .

:)

2. FreeBSD

FreeBSD CD-, ftp-, , , . CD-, .

2.01.

floppies CD-. CD- , ftp-:ftp://ftp.freebsd.org/pub/FreeBSD/releases/i386/6.3-RELEASE/floppies/ boot.flp kern1.flp, kern2.flp, kern3.flp. DOS Windows, fdimage.exe, :/pub/FreeBSD/tools/ DOS ::\> d:\tools\fdimage.exe d:\floppies\boot.flp a: .

FreeBSD- UNIX-, fdimage.exe UNIX- dd . FreeBSD :# dd if=boot.flp of=/dev/rfd0, , . , boot. , .

2.02.

7

. 1. Boot FreeBSD, Sysinstall (.1). Custom Partition. , - fdisk DOS. . C ( ), D ( ). A ( ). ESC, (Standard) Label., : CPU 800 MHz; RAM 256 Mb; HDD 10 Gb. , . , , fdisk. . : C (), ( 512M 2G), file system swap , . ( / ), swap, . A ( ), , . - , D (). , .2.

, FreeBSD. , , . . ? , .. - . . /tmp, /var, /home /usr 256 512Mb. Swap , 2 . /tmp . /var , .. . /home ( ftp ). . /usr , . 5Gb ,

8

2Gb. HDD, . (ESC) Distributions.

2.03. Distributions Packages

, , . Distributions, Custom, , . ():

BaseKernelsManCatmanSrcPorts

. ftp - ( Media) , ftp, ftp- , ftp (IP-, , DNS).

Commit. (5 10 .) : ? , , ( ), Packages. :

Security > sudoShells > bash

Time Zone . Sysinstall ( CD-). login:, (.3).

Sysinstall, :# /usr/sbin/sysinstall

9

FreeBSD , , , , . .

3. FreeBSD

root , , : , , root:# passwd root, , :# date 200801171935 ( 2008 ., , 17 , 19:35 ) , , . , :1. 10.0.0.0/24;2. :

- IP-: 222.111.33.100;- : 222.111.33.99;- DNS1: 222.111.0.1;- DNS2: 222.111.0.2;

3. FreeBSD ed0 fxp0.

3.01. root

, . , :# adduser , .. , wheel . shell, bash. , . . wheel :# visudo ( # ):

. . .# %wheel ALL=(ALL) NOPASSWD: SETENV: ALL

vi : :wq [Enter]. , , vi, 5.03.

(Ctrl-D) . UNIX root , , . , root:$ sudo s#

3.02.

, :# ifconfig

10

, (fxp0 ed0). IP 10.0.0.1, , . ifconfig:# ifconfig fxp0 inet 10.0.0.1 netmask 255.255.255.0# ifconfig ed0 inet 222.111.33.100 netmask 255.255.255.252 route:# route add default 222.111.33.99 DNS-, , DNS- /etc/resolv.conf:# vi /etc/resolv.conf

nameserver 127.0.0.1nameserver 222.111.0.1nameserver 222.111.0.2

. ping:# ping freebsd.orgPING freebsd.org (69.147.83.40): 56 data bytes64 bytes from 69.147.83.40: icmp_seq=0 ttl=41 time=207.519 ms64 bytes from 69.147.83.40: icmp_seq=1 ttl=46 time=201.388 ms. . .

3.03 . ADSL

ADSL . . , , IP-, Bridge. . , IP- , ADSL-. :# vi /etc/ppp/ppp.conf

default: set log Phase Chat LCP IPCP CCP tun command enable dns

provider_name: set device PPPoE:ed0 set authname ppp_login set authkey ppp_password set dial set login add default HISADDR

, provider_name, ppp_login ppp_password, ( , ppp- ppp- -). ppp :# /usr/sbin/ppp -background provider_name tun0, , ed0. , ..

11

ed0 fxp0. , ADSL, ed0 tun0 , .

3.04.

, , /etc/rc.conf . . - , . , , , mail.ua elbrus. elbrus.mail.ua ( 3.07) : # vi /etc/rc.conf

sshd_enable="YES"inetd_enable="YES"gateway_enable="YES"sendmail_enable="YES"hostname="elbrus.mail.ua"ifconfig_fxp0="inet 10.0.0.1 netmask 255.255.255.0"ifconfig_ed0="inet 222.111.33.100 netmask 255.255.255.252"defaultrouter="222.111.33.99"named_enable="YES"natd_enable="YES"natd_interface="ed0"firewall_enable="YES"firewall_type="/usr/local/etc/firewall.conf"

# vi /usr/local/etc/firewall.confadd divert natd ip from any to any via ed0

- IP- , -, . ADSL, ed0 , .. ppp . natd ipfw (). , :

# vi /etc/rc.confsshd_enable="YES"gateway_enable="YES"sendmail_enable="YES"hostname="elbrus.sint.ua"ifconfig_fxp0="inet 10.0.0.1 netmask 255.255.255.0"ppp_enable="YES"ppp_mode="background"ppp_profile="provider_name"named_enable="YES"natd_enable="YES"natd_interface="tun0"firewall_enable="YES"firewall_type="/usr/local/etc/firewall.conf"

# vi /usr/local/etc/firewall.confadd divert natd ip from any to any via tun0

12

/etc/rc.conf , , . ADSL, .. , . , .

3.05.

, , . NAT ( ), FIREWALL ( ) IPSEC ( ). , , : /usr/src/sys/i386/conf/GENERIC. :# cd /usr/src/sys/i386/conf/# cp GENERIC ELBRUS , GENERIC, SMP:# cp SMP ELBRUS, :# vi ELBRUS

. . .options IPFIREWALLoptions IPFIREWALL_FORWARDoptions IPFIREWALL_DEFAULT_TO_ACCEPToptions IPDIVERToptions DUMMYNEToptions IPSECoptions IPSEC_ESPoptions IPSEC_DEBUG

# config ELBRUS# cd ../compile/ELBRUS/# make cleandepend# make depend# make# make install ( && ):# make cleandepend && make depend && make && make install , . ( 30 , ), , , . : ALT + F1 .. F8 ( 8 .). :

3.06.

, FreeBSD . , - , make ( ,

13

) make install ( ). , . cvsup. :# cd /usr/ports/net/cvsup-without-gui/# make && make install ports-supfile, , :# cp /usr/share/examples/cvsup/ports-supfile /home/admin/# vi /home/admin/ports-supfile

. . .*default host=cvsup2.ua.FreeBSD.org

# cvsup -g -L 2 /home/admin/ports-supfile ( 40 , ), .

3 .0 7 . DNS

, dns- , , , . named, ( , forwarders):# cd /etc/namedb/# vi named.conf

forwarders {222.111.0.1;222.111.0.2;

};

. , . , DNS- IP- , IP-. ( sshd), , , , , . , - . , 99,9% , , :# vi named.conf

zone "0.0.10.IN-ADDR.ARPA" {type master;file "0.0.10.rev";

};# vi 0.0.10.rev

$TTL 864000.0.10.IN-ADDR.ARPA. IN SOA elbrus.mail.ua. root.elbrus.mail.ua. (

20060606 ; serial28800 ; refresh1800 ; retry604800 ; expire86400 ) ; minimum

IN NS elbrus.mail.ua.$ORIGIN 0.0.10.IN-ADDR.ARPA.$GENERATE 1-255 $ PTR local-$.mail.ua.

named:# killall -HUP named

14

, named. dns- :# dig @127.0.0.1 freebsd.org A

3.0 8.

, , sendmail, : , smtp, , , ( , ). , pop3. :# cd /etc/mail/# cp access.sample access# vi access

. . .10.0.0 RELAY

# vi local-host-namesmail.ua

# vi sendmail.cf. . .O MaxMessageSize=4096000

# make maps && make restart , . ( ftp, shell ), adduser, :# vipw

admin:3CpZ$jX:1001:0::0:0:User &:/home/admin:/usr/local/bin/bashinfo:W3Y$vX0:7001:777::0:0:User &:/nonexistand:/sbin/nologin

, ( : : : : ..). , , , 2 admin () info ( ).

, pop3, , cucipop. :# cd /usr/ports/mail/cucipop/# make && make install# vi /etc/inetd.conf

. . .pop3 stream tcp nowait root /usr/local/libexec/cucipop cucipop

# killall -HUP inetd inetd , (tcp udp). inetd.conf , 110 (pop3), cucipop, ( ). , pop3 110 , : /etc/services.

15

/etc/mail/aliases. , , /etc/mail/virtusertable. , :

# make maps && make restart

3.09. proxy -

Proxy- http- , . squid, squid.conf, , , .. squid .# cd /usr/ports/www/squid/# make && make install# cd /usr/local/etc/squid/# vi squid.conf

. . .acl users src 10.0.0.0/255.255.255.0. . .http_access allow usershttp_access deny all. . .visible_hostname elbrus.mail.ua

# squid -z# vi /etc/rc.conf

squid_enable="YES"# /usr/local/etc/rc.d/squid start , /usr/local/etc/rc.d/, , . , , . , , . , , proxy-, Internet Explorer : 10.0.0.1, : 3128.

3.10.

UNIX- locate. , , , , , , , . :# /etc/periodic/weekly/310.locate locate :# locate squid.conf

3.11. FreeBSD

, - locate, .. FreeBSD man. , - , , . :

16

# man locate , , , :# man man

3.12. FreeBSD

, , , , , - , - , . .

, . , , , firewall, natd . :# reboot:# shutdown r now , ps:# ps -ax# ps ax | grep squid , df:# df -h , Reset , .. FreeBSD Windows, - , . :# halt:# shutdown h now , - FreeBSD, :- DNS- (named);- SMTP- (sendmail);- , (sendmail);- POP3 (cucipop);- - (ipfw + natd);- PROXY- (squid).

:- IP-: 10.0.0.2 .. 255 (10.0.0.1 )- : 255.255.255.0- 10.0.0.1- DNS-: 10.0.0.1- Proxy-: 10.0.0.1- proxy: 3128

17

, - , . PuTTY, Windows FreeBSD.

, , , , , FreeBSD. .

4. FreeBSD

4.01.

, . DrWeb, .. :# cd /usr/ports/security/drweb-sendmail/# make && make install# vi /etc/mail/sendmail.cf

# Input mail filtersO InputMailFilters=drweb-filterXdrweb-filter, S=local:/var/drweb/run/drweb-smf.skt, F=T,

T=S:320s;R:320s;E:1h# killall sendmail# /usr/local/etc/rc.d/drwebd start# /usr/local/etc/rc.d/002.drweb-smf.sh start# cd /etc/mail/# make start 2 :# vi /etc/crontab

0 */2 * * * root /usr/local/drweb/update/update.pl# killall HUP cron

4.02. IMAP

? , . , . , , , , . IMAP. dovecot:# cd /usr/ports/mail/dovecot/# make && make install, . , . , :# vi /etc/rc.conf

dovecot_enable="YES"# cp /usr/local/etc/dovecot-example.conf /usr/local/etc/dovecot.conf# vi /usr/local/etc/dovecot.conf

. . .disable_plaintext_auth = no. . .

18

ssl_disable = yes# /usr/local/etc/rc.d/dovecot start , dovecot IMAP POP3 . .

4.03.

. : , , . . . - ? -, DNS ( DNS-). , . -, , adsl, dhcp . , , , . , -, , , spamhaus.org. sendmail.cf local info check_relay. ( ):# vi /etc/mail/sendmail.cf

# DNS-PTR CheckingKdnsname dns -R PTR# ADSL-DHCP CheckingKfrmail regex -aFRRRMAIL ^(.*-.*-.*-.*|.*adsl.*|.*dhcp.*)$# sbl-xbl.spamhaus.org CheckingKdnsbl dns -R A -T

# Configuration version numberDZ8.12.11. . .######################################################################### check_relay -- check hostname/address on SMTP startup######################################################################

. . .# DNS based (DNS-name - PTR-record)R$* $: $&{client_addr}R$-.$-.$-.$- $: $(dnsname $4.$3.$2.$1.in-addr.arpa. $: OK $)ROK $#error $@ 5.7.1 $: "550 I don't receive SPAM!!!"R$+ $: OKSOFAR

# DNS based (DNS-name - *-*-*-*)R$* $: $&{client_addr}R$-.$-.$-.$- $: $(dnsname $4.$3.$2.$1.in-addr.arpa. $: OK $)R$* $: $(frmail $1 $)R$*FRRRMAIL $#error $@ 5.7.1 $: "550 I don't receive SPAM!!!"R$+ $: OKSOFAR

# DNS based IP address spam list sbl-xbl.spamhaus.orgR$* $: $&{client_addr}R$-.$-.$-.$- $: $(dnsbl $4.$3.$2.$1.sbl-xbl.spamhaus.org. $: OK $)ROK $: OKSOFARR$+ $: TMPOKR$+ $#error $@ 5.7.1 $: "550 I don't receive SPAM!!!"

######################################################################

19

### check_mail -- check SMTP `MAIL FROM:' command argument######################################################################

# make restart , . SpamAssassin. . , , sendmail.cf ( drweb) :# vi /etc/mail/sendmail.cf

# Input mail filtersO InputMailFilters=drweb-filter,spamassassinXdrweb-filter, S=local:/var/drweb/run/drweb-smf.skt, F=T, T=S:320s;R:320s;E:1hO Milter.macros.connect=t, b, j, _, {daemon_name}, {if_name}, {if_addr}O Milter.macros.helo=s, {tls_version}, {cipher}, {cipher_bits}, {cert_subject},

{cert_issuer}O Milter.macros.envfrom=i, {auth_type}, {auth_authen}, {auth_ssf},

{auth_author}, {mail_mailer}, {mail_host}, {mail_addr}O Milter.macros.envrcpt={rcpt_mailer}, {rcpt_host}, {rcpt_addr}O Milter.macros.eom={msg_id}Xspamassassin, S=local:/var/run/spamass-milter.sock, F=, T=C:15m;S:4m;R:4m;E:10m

SpamAssassin:# cd /usr/ports/mail/p5-Mail-SpamAssassin/# make && make install# cd /usr/ports/mail/spamass-milter/# make && make install /usr/local/etc/mail/spamassassin, :# vi /usr/local/etc/mail/spamassassin/local.cf

rewrite_header Subject *****SPAM*****use_bayes 1bayes_auto_learn 1bayes_path /usr/local/etc/mail/spamassassin/bayes/bayeslock_method flockbayes_min_spam_num 50bayes_min_ham_num 50bayes_ignore_header X-Spam-Flagbayes_ignore_header X-Spam-Statusrequired_score 10.0score HTTP_USERNAME_USED 9.99score FAKE_HELO 9.99score FORGED_RCVD 9.99score UNWANTED_LANGUAGE_BODY 1.02score MLM 5.55score RCVD_NUMERIC_HELO 4.95ok_locales ru en

. , , sendmail, spamd + spamass-milter sendmail ( rc.conf):# vi /etc/rc.conf

spamd_enable="YES"spamass_milter_enable="YES"

# cd /etc/mail# make stop# /usr/local/etc/rc.d/spamass-milter start# /usr/local/etc/rc.d/sa-spamd start

20

# make start . ? - , RFC-822. DrWeb SpamAssassin. sendmail:# tail n 50 /var/log/maillog

- 60 70% . . , - , 96 98% , . 2 : spam , , , ; ham , , . Bayes :# vi /home/admin/scripts/sa_learn.sh

#!/bin/shsa-learn --spam /var/mail/spamsa-learn --ham /var/mail/hamexit 0

# vi /etc/crontab0 22 * * * root /home/admin/scripts/sa-learn.sh

4.0 4 . ftp -

ftp. , ftp , - -:# vi /etc/inetd.conf

ftp stream tcp nowait root /usr/libexec/ftpd ftpd -l# killall -HUP inetd 2 :/etc/ftpusers , ftp;/etc/ftpchroot , , ( ).

ftp. , . /usr/sbin/sysinstall, Configure Networking Anon FTP. ftp . /var/ftp, (, CD-) , . , ? , ftp /var/ftp.

ftp sysinstall . 3 :- /var/ftp;- ftp;- ftp /etc/ftpusers ( ,

, ftp).

21

4.0 5 . firewall

IPFW , . . , :

| | | | | . :# ipfw add 200 deny tcp from 10.0.0.5 to any 110 200, tcp- 10.0.0.5 110 . .. 10.0.0.5 pop3- . , . , , , 90% :# vi /usr/local/etc/firewall.conf

add 100 divert natd ip from any to any via ed0add 10010 count ip from any to 222.111.33.100 in recv ed0add 10020 count ip from 222.111.33.100 to any out xmit ed0add 40000 allow ip from any to any via lo0add allow udp from any to anyadd allow icmp from any to anyadd allow tcp from any to any establishedadd allow ip from any to any fragadd allow tcp from any to any 22 setupadd allow tcp from any 20 to any setupadd allow tcp from any to any 21 setupadd allow tcp from any to any 25 setupadd allow tcp from any to any 110 setupadd allow tcp from any to any 143 setupadd allow tcp from any to me 80 setupadd allow tcp from me to any 80 setupadd allow tcp from me to any 443 setupadd allow tcp from 10.0.0.0/24 to me 3128 setupadd deny tcp from 10.0.0.0/24 to any 80add allow tcp from any to any 1024-65535 setupadd 65500 deny ip from any to any

: , , . , , , . ( 200) :# ipfw delete 200 , , trafshow:# cd /usr/ports/net/trafshow/# make && make install# trafshow i ed0 , ( ):

22

# ipfw add pipe 1 tcp from any to 10.0.0.3 out# ipfw pipe 1 config bw 32Kbit/s 10.0.0.3, , 32 . , . :)

4.0 6. proxy -

, . squid:# vi /usr/local/etc/squid/squid.conf

. . .acl users src "/usr/local/etc/squid/users.txt". . .http_access allow usershttp_access deny all

# vi /usr/local/etc/squid/users.txt10.0.0.3/255.255.255.25510.0.0.8/255.255.255.255. . .

, squid IP-. :# vi /usr/local/etc/squid/squid.conf

. . .acl users src "/usr/local/etc/squid/users.txt"acl url_deny url_regex "/usr/local/etc/squid/url_deny.txt". . .http_access allow users !url_denyhttp_access deny all

# vi /usr/local/etc/squid/url_deny.txtxxx.comporno.ru. . .

:# vi /usr/local/etc/squid/squid.conf

. . .authenticate_program /usr/local/sbin/ncsa_auth /usr/local/etc/passwdauthenticate_children 4. . .acl password proxy_auth REQUIRED. . .http_access allow passwordhttp_access deny all

, http- , , , , SquidGuard:# cd /usr/ports/www/squidguard/# make && make install# vi /usr/local/etc/squid/squid.conf

. . .redirect_program /usr/local/bin/squidGuard

23

redirect_children 4# vi /usr/local/etc/squid/squidGuard.conf

dbhome /var/db/squidGuardlogdir /usr/local/squid/logstime workhours { weekly mtwhfa 08:00 - 21:00}

source admins { ip 10.0.0.3}source users { ip 10.0.0.0/24}rewrite media { s@.*\.mp3$@http://10.0.0.1/replace/oblaka.mp3@i s@.*\.avi$@http://10.0.0.1/replace/nikolaev.avi@i log replace.txt}# DESTINATION CLASSES. . .acl { admins { pass any } users within workhours { pass !ads !aggressive !audio-video !drugs !gambling !

hacking !mail !porn !proxy !violence !warez any redirect http://www.google.com rewrite media log squidGuard.txt } else { pass none redirect http://www.google.com log squidGuard.txt } default { pass none redirect http://www.google.com }}

# squid k reconfigure rewrite media mp3 avi , . , - , - . , .

, squid ( proxy-), 80 squid 3128:# vi /usr/local/etc/squid/squid.conf

. . .httpd_accel_host virtualhttpd_accel_port 80httpd_accel_with_proxy on

24

httpd_accel_uses_host_header on

# ipfw add 200 fwd 127.0.0.1,3128 tcp from any to any http in via fxp0

4.0 7 . web -

Apache. 2, 1.3:# cd /usr/ports/www/apache13# make && make install# vi /etc/rc.conf

apache_enable="YES"

, , . httpd 80 :# /usr/local/etc/rc.d/apache start, , ( ):# vi /usr/local/etc/apache/httpd.conf

Include etc/apache/virtual.conf# vi /usr/local/etc/apache/virtual.conf

NameVirtualHost 222.111.33.100:80

ServerAdmin admin@mail.uaDocumentRoot /home/admin/wwwServerName mail.uaServerAlias www.mail.uaCustomLog etc/apache/logs/mail.ua-access_log commonErrorLog etc/apache/logs/mail.ua-error_log

Options Indexes FollowSymLinks MultiViewsAllowOverride NoneOrder allow,denyAllow from all

www.mail.ua /home/admin/www. , virtual.conf VirtualHost.

4.0 8 . apache + php + mysql

. , , , :# cd /usr/ports/databases/mysql51-server/# make && make install# cd /usr/ports/lang/php4/# make && make install# cd /usr/ports/databases/phpmyadmin/# make && make install

25

4.0 9 . Web -

, web-, web-:# cd /usr/ports/mail/openwebmail# make && make install, dovecot IMAP, :# cd /usr/ports/mail/squirrelmail# make && make install httpd.conf virtual.conf , http- Apache openwebmail squirrelmail, .

4. 10 .

, - . , .. . - , secondary.net.ua:# vi /etc/namedb/named.conf

zone "admin.kiev.ua" {type master;file "/etc/namedb/admin.kiev.ua";

};# vi /etc/namedb/admin.kiev.ua

$TTL 10800@ IN SOA ns.admin.kiev.ua. root.admin.kiev.ua. (

2008011701 ; Serial10800 ; Refresh3600 ; Retry604800 ; Expire86400 ) ; Minimum

@ IN NS ns.admin.kiev.ua.@ IN NS ns.secondary.net.ua.@ IN MX 10 ns.admin.kiev.ua.@ IN A 222.111.33.100ns IN A 222.111.33.100office IN A 222.111.33.100www IN CNAME ns

# killall -HUP named secondary.net.ua, firewall:# ipfw add 65000 allow tcp from 193.201.116.2 to me setup

26

4. 11 .

. , , , . :# cd /usr/ports/sysutils/socket# make && make install# vi /etc/services

rdp 3389/tcp# vi /etc/inetd.conf

rdp stream tcp nowait root /usr/local/bin/socket -v 10.0.0.5 3389# killall -HUP inetd IP- (222.111.33.100) 10.0.0.5.

4.1 2 .

, . . (VPN) IPSec. . : 192.168.1.0/24 111.111.11.1. VPN FreeBSD , . :# vi /etc/rc.conf

gif_interfaces="gif0"gifconfig_gif0="222.111.33.100 111.111.11.1"ifconfig_gif0="inet 10.0.0.1 192.168.1.1 netmask 255.255.255.0"

# vi /etc/rc.localroute add 192.168.1.0/24 192.168.1.1

# vi /usr/local/etc/firewall.confadd 20000 allow ip from me to 111.111.11.1add 20010 allow ip from 111.111.11.1 to meadd 20020 allow ip from 10.0.0.0/24 to 192.168.1.0/24add 20030 allow ip from 192.168.1.0/24 to 10.0.0.0/24

FreeBSD ( IP- ) , , . 2 , .

4.1 3 . VPN

VPN , openvpn. , . ,

27

FreeBSD FreeBSD, , , FreeBSD Windows 2000 / 2003. openvpn . .

4.1 4 . FreeBSD

, FreeBSD (, squid ). scp (secure copy), , . UNIX ( ) DSA. , :# ssh-keygen -t dsa , , .ssh , :# ssh admin@10.0.0.1 'mkdir /home/admin/.ssh'# cat /root/.ssh/id_dsa.pub | ssh admin@10.0.0.1 'cat >> /home/admin/.ssh/authorized_keys'

, , :# scp /etc/rc.conf admin@10.0.0.1:/home/admin/rc.conf , sshd :# vi /etc/ssh/sshd_config

PubkeyAuthentication yesAuthorizedKeysFile .ssh/authorized_keys

4.1 5.

mrtg , . snmp -:# cd /usr/ports/net-mgmt/net-snmp/# make && make install# cd /usr/ports/net-mgmt/mrtg/# make && make install# vi /usr/local/share/snmp/snmpd.conf

rwuser root noauthrouser root noauthrwcommunity public 222.111.33.100rocommunity public 222.111.33.100

# vi /usr/local/etc/mrtg/mrtg.cfgWorkDir: /usr/local/etc/mrtg/wwwTarget[elbrus]: 1:public@222.111.33.100MaxBytes[elbrus]: 256000Title[elbrus]: Traffic Analysis for ElbruSPageTop[elbrus]: Stats for ElbruS server

# vi /etc/rc.confsnmpd_enable="YES"

28

# vi /etc/crontab*/5 * * * * root /usr/local/bin/mrtg /usr/local/etc/mrtg/mrtg.cfg

# killall HUP cron , /etc/crontab cron. . mrtg 5 ( (*/5 * * * *) /etc/crontab).

4.1 6 .

, - . ipa ipfw. . :# cd /usr/ports/sysutils/ipa# make && make install# cd /usr/ports/net/ipa_ipfw# make && make install# cd /usr/ports/databases/ipa_sdb# make && make install ipfw , ipa . . ipa.conf ipastat.conf:

10010 count ip from any to 222.111.33.100 in recv ed010020 count ip from 222.111.33.100 to any out xmit ed0

# vi /usr/local/etc/ipa.confac_mod "ipa_ipfw.so";db_mod "ipa_db_sdb.so";global {

update_time = 30s;append_time = 1h;ac_list = ipfw;db_list = sdb;sdb:db_group = wheel;

}rule 10010 {

ipfw:rules = 10010;ipfw:maxchunk = 10G;info = "IP incoming";

}rule 10020 {

ipfw:rules = 10020;ipfw:maxchunk = 10G;info = "IP outgoing";

}# vi /usr/local/etc/ipastat.conf

st_mod "ipa_st_sdb.so";dynamic_rules = yes;global { st_list = sdb;}

. ipa :# /usr/local/bin/ipa# ipastat -q -r 10010 | grep Total

29

* Total 1024 (1 day)

, .. . . , squid, , . - :# vi ~/scripts/ipa_check_network.sh

#!/bin/shnet="10.0.0"i=1f=0while [ $i -le 254 ]do echo "$net.$i ..." s1=`ping -c 1 -t 1 $net.$i | grep from\ $net` if [ "$s1" ] then echo "$net.$i is UP!!!" n=`expr 12000 + $i` s2=`ipfw show | grep $n` if [ -z "$s2" ] then f=1 ipfw add $n count tcp from me 3128 to $net.$i fi s3=`less /usr/local/etc/ipa.conf | grep $n` if [ -z "$s3" ] then f=1 exec 6>&1 exec >> /usr/local/etc/ipa.conf echo "rule $n {" echo " ipfw:rules = $n;" echo " ipfw:maxchunk = 10G;" echo " info = \"WWW incoming for $net.$i \";" echo "}" exec 1>&6 6>&- fi else echo "$net.$i ..." fi i=`expr $i + 1`doneif [ $f -eq 1 ]then killall -HUP ipafiecho " "echo "Net Lookup Done!!!"exit 0

30

~ , .. :# vi /home/admin/scripts/ipa_check_network.sh , .. . :# vi ~/scripts/ipa_check_quotas.sh

#!/bin/shnet="10.0.0"ipfw show 17000-17255 > /home/admin/scripts/ipfw_quota.txtexec < $1while read strdo i=`echo $str | cut -f1 -d':'` q=`echo $str | cut -f2 -d':'` e=`echo $str | cut -f3 -d':'` l=`expr 17000 + $i` n=`expr 12000 + $i` m=`date | cut -f2 -d' '` s1=`/usr/local/bin/ipastat -q -i $m -r $n | grep Total | cut -f4 -d' '` s1=`expr $s1` s1=`expr $s1 / 1024` s1=`expr $s1 / 1024` s2=`less /home/admin/scripts/ipfw_quota.txt | cut -f1 -d' ' | grep $l ` if [ "$s2" ] then s2=`expr $s2` if [ $s2 -ne $l ] then s2="" fi fi if [ $s1 -ge $q ] then if [ -z "$s2" ] then ipfw add $l deny tcp from $net.$i to me 3128 echo "Your HTTP-access was blocked. Your quota is $q Mb." | mail $e fi else if [ "$s2" ] then ipfw delete $l echo "Your HTTP-access was opened. Your quota is $q Mb." | mail $e fi fidoneexit 0

# vi ~/scripts/quotas.conf7:1000:admin@mail.ua15:200:jurist@mail.ua

, , ipfw 3128, ..

31

. . :# ~/scripts/ipa_check_quotas.sh ~/scripts/quotas.conf . . , , , :# vi ~/scripts/ipa_check_pipe.sh

#!/bin/shnet="10.0.0"ipfw show 15000-15255 > /home/admin/scripts/ipfw_pipe.txtipfw show 12000-12255 > /home/admin/scripts/ipfw_count.txtexec < /home/admin/scripts/ipfw_count.txtwhile read strdo q=`expr $1` n=`echo $str | cut -f1 -d' '` i=`expr $n - 12000` p=`expr 15000 + $i` m=`date | cut -f2 -d' '` s1=`/usr/local/bin/ipastat -q -i $m -r $n | grep Total | cut -f4 -d' '` s1=`expr $s1` s1=`expr $s1 / 1024` s1=`expr $s1 / 1024` s2=`less /home/admin/scripts/ipfw_pipe.txt | cut -f1 -d' ' | grep $p ` if [ "$s2" ] then s2=`expr $s2` if [ $s2 -ne $p ] then s2="" fi fi if [ $s1 -ge $q ] then if [ -z "$s2" ] then ipfw add $p pipe $i tcp from any to $net.$i out ipfw pipe $i config bw 32Kbit/s echo "$net.$i was down to 32Kbit/s. ($s1 MB)" | mail admin@mail.ua fi else if [ "$s2" ] then ipfw delete $p fi fidoneexit 0

, , ipfw 4 , .. dialup. . . :# ~/scripts/ipa_check_pipe.sh 300 , cron:

32

# vi /etc/crontab*/20 * * * * root /home/admin/scripts/ipa_check_network.sh*/10 * * * * root /home/admin/scripts/ipa_check_pipe.sh 300

, , , ( ).

4.1 7 . sms

, , shell. sms . ( sms@mail.ua) ( sms , ) , , , , :# vi /etc/mail/aliases

sms: admin, /sms/sms.txt# newaliases# mkdir /sms# chown mailnull:mailnull /sms# chmod 0700 /sms# vi /etc/crontab

* * * * * root /sms/sms.sh# vi /sms/sms.sh

#!/bin/shadr=`grep "From 380777777777" /sms/sms.txt`oper1=`grep "CMD:" /sms/sms.txt`oper2=`grep "RBT:" /sms/sms.txt`echo " " > /sm/sms.txtif [ "$adr" ]then if [ "$oper1" ] then cmd=`echo "$oper1" | cut -d: -f2` ans=`$cmd` echo "$ans" | mail 380777777777@sms.mobileoperator.com fi if [ "$oper2" ] then time=`echo "$oper2" | cut -d: -f2` shutdown -r $time fifiexit 0

, . sms@mail.ua. , . , . . . :

sms@mail.ua CMD:ipfw add 50 deny ip from any to 10.0.0.3:

sms@mail.ua RBT:now ( ) . . :)

33

, - . cron. , .

4.1 8 .

, , , :# vi /etc/motd ====================================== ELBRUS WellCome to Korneys FreeBSD Server!!! ======================================

Admin: Korney A. KornienkoContact: +380777777777 e-mail: admin@mail.ua icq: 33333333

, !

, - FreeBSD, , . , , , , . , , , .

. - , . , 1 , , 1 . , , . , :# vi ~/backup.sh

#!/bin/sh

cd /home/admin/backup/mkdir /home/admin/backup/tempcp -r /etc ./temp/cp -r /usr/local/etc ./temp/usr.local.etcrm -r ./temp/usr.local.etc/squid/errorscp -r /usr/src/sys/i386/conf ./temp/kernelcp -r /home/admin/scripts ./temp/

chown -R admin:wheel ./*tar czf backup_$1.tar.gz ./temp/*rm -r /home/admin/backup/temp

exit 0

34

5.

5.01. shell

, shell, . , . MS-DOS, . . , FreeBSD . Windows Macintosh. , Windows Macintosh , FreeBSD . Windows DOS , , . FreeBSD . , . :

ls [][] .ls -a ( );ls l ( , , ..);ls G ( ).

cd [] ( ). , ( / ), ( / ).

pwd , ( ).cp [][] .

cp r , .mv [][] .

mv r , .rm [][] .

rm r , ;rm f , ;rm P ( );rm -W , rm.

df [] .du [] .

du h d 1 , 1 .

35

, UNIX , , , . UNIX , Windows. UNIX , , , -. , , -i. , .

-. . , FreeBSD:

? ;* ;[ ] ;[! ] . . UNIX ( , , ), - , , , . , UNIX , , , (). . , , . : . . . , escape- \. , ( ) .

:

find [] -name [ ]locate [ ] , locate , , , , , locate (/) . locate :

# /etc/periodic/weekly/310.locate - :

# tar czvf backup.tar.gz /etc/* ;# tar xzvf backup.tar.gz C /bkp.etc/ . . UNIX FreeBSD . :

wc [] , .

36

less [] .grep [][] .

grep -i ;grep -c , ;grep -v , .

sort [] .cut [][] . :

-f[ ] -d[-] , . , UNIX , . , -:

> ;< ;| . ( ):# ls > listing.txt# locate program | grep ports# grep word < file1.txt > file2.txt# less file1.txt | grep word > file2.txt# cut -f1 d access.log | sort | uniq - | less# cut -f1 d access.log | sort | uniq - > hits.txt . , , .

5.02. ,

, FreeBSD ( UNIX), . :

1. root , ;2. wheel , root,

;3. ,

.

, , ( bin, operator, daemon, nobody ). , . : /etc/passwd, : /etc/group.

. UNIX : , . , . :

37

-rwxr-xr-x (, , ) . , , , : (read), (write) (execute). :r ;w , ; ., , -rwxr-xr-x. , , (rwx) ( ), (r-x) , , (r-x) . , , , ( ).

, . , d. , . , , :r ( ls);w , ; ., , drwxr-xr-x , (d), , .

, :

chown [:][] ;

chmod [][] . . , . , . : , . , , , . :4 (r).2 (w);1 (x);0 (-); , " " 6, " " 5, ", " 7. , . :0755 , / ;0644 / , ;0600 / , . "" :

38

0 ;1 . : , , ;2 , setgid. , , , , ;4 , setuid. , , , , .

.

5.03. vi

vi , UNIX. UNIX. , vi , . , . , . vi? , , .

-, UNIX, , . ,

-, , , . vi , . .

vi . , , . , :a append (). , .i insert (). , . open (). , , , . vi insert, .

, Esc.

, , Page Up / Page Down. , :h ;j ;k ;l ;w ;b ; ;

39

O ;$ ;) ;( ;} ;{ ;G ;^ , ; ;L . , 1. j , k , w . , . , , 5j , . 75G 75- , . 5L . , ^, , .

vi Backspace Delete , . . :D ;dd ;R , ;S ; ;X ;~ ;J ;yw , ;$ ; ; ; . vi :/ ;/ ;? ;? ;% ( );:s/1 /2 1 2;:%s/1 /2 1 2; , , ::wq ;:w ;:w! ;:q ;:q! ;: ;:! .

40

, vi.

5.04. shell

, , . , . , , , , . FreeBSD, . , FreeBSD:

1. . FreeBSD, , , , ;

2. . , , 5-10 ;

3. . , 100 , "for" ;

4. . , , . FreeBSD , ;

5. . . FreeBSD " -". , ;

6. . , , , , , .

shell - . , FreeBSD.

"Hello, World!":# vi ./hello.sh

#!/bin/sh# "Hello, World!"echo "Hello, World!"exit 0

# chmod 0755 ./hello.sh# ./hello.shHello, World!

#!, , . . echo, Hello, World! ( ). . ,

41

0, , , , 0, .

. . , . . , . , . :

myvar=5

$:echo ${myvar}

, , . . :

newvar=$myvar

. , :

MYVAR=5 export

MYVAR , , .

, read. ( , ):

#!/bin/shecho -n "Please enter your name: "read nameecho "Hello, $name!"exit 0

:Please enter your name: IvanHello, Ivan!

read .

. $1 - $9. $0 , $@ , $# . :# vi ./yourname.sh

#!/bin/shecho "The name of the program is: $0"echo "The total number of arguments received is: $#"echo "The complete argument string is: #@"echo "Your first name is: $1"echo "Your last name is: $2"exit 0

:# ./yourname.sh Ivan Petrov

42

The name of the program is: ./yourname.shThe total number of arguments received is: 2The complete argument string is: Ivan PetrovYour first name is: IvanYour last name is: Petrov# . . `. . ` ( , , ~). , :

TodayDate=`date` date TodayDate. .

. expr :

var3=`expr var1 + var2` ;var3=`expr var1 - var2` ;var3=`expr var1 \* var2` ;var3=`expr var1 / var2` ;var3=`expr var1 % var2` .

. , . , , (\*). , ( 1) ( 0):

expr var1 = var2 ;expr var1 != var2 ;expr var1 \> var2 ;expr var1 \< var2 ;expr var1 \>= var2 ;expr var1 \. . . , . , , , bc. , . :

var3=`echo $var1+$var2 | bc -l`var3=`echo (100-$var1)/(100+$var2) | bc -l`

bc. , , .

. , . . : while, until for.

43

while , , , :

i=1while [ $i le 10 ]do

echo $ii=`expr $i + 1`

done while , . , test. . test , :-eq , ;-n , ;-gt , ;-g , ;-lt , ;-le , .

until while. , :

i=1until [ $i -gt 10 ]do

echo $ii=`expr $i + 1`

done

while until AND OR. AND , , OR :while [ $var1 -gt 10 ] && [ $var1 -lt 20 ] , 10 < var1 < 20;while [ $var1 -lt 10 ] || [ $var1 -gt 20 ] , var1 < 10 var1 > 20.

for while until. for . for , . for , :

for num in `jot 10 10 20`do

sq_root=`echo scale=3; sqrt($num) | bc lecho $sq_root

done

10 20.

true false. (1) (0), . .

, : break continue. break , , . continue .

.

44

, . : if case. , AND/OR.

if . , if. , else, :

#!/bin/shif [ $# -ge 1 ]then

echo "You supplied $# arguments."else

echo "Usage: $0 filel file2..."fiexit 0

then if , else . then , . , . :

if [$# -ge 1 ]then

:else

echo "Usage: $0 filel file2..."fi

. elif. elif, if. , , (.. , fi). , elif. , , if. , elif .. , , . , , else ( ).

case, , , . , .. , - :

#!/bin/shecho "Do you really want to shut down now? (yes, no)"read anscase "$ans" in

[Yy]|[Yy][Ee][Ss])echo "OK. Good bye."shutdown h now;;

[Nn]|[Nn][Oo])echo "OK. Go on.";;

*)echo "Error. Please, type yes or no.";;

45

esacexit 0

AND/OR (&& ||) if. . . :# tar czvf backup.tar.gz ./scripts && rm -r ./scripts , . , . : " . , ". :# tar czvf backup.tar.gz ./scripts || echo "Operation failed." , . , . : " , . , ".

. , . . , . " ". , .. , . , , . -, , , :

on_exit() {echo "Good bye."mail korney@mail.ua < ./report.txtrm ./report.txt

}...on_exit...

. , . , , , . , , .

. , . :F.D. 0 STDIN. . , - ;F.D. 1 STDOUT. . , , , ;F.D. 2 STDERR. . , . exec:

#!/bin/shexec > ./testfile.txtecho "Line 1 of the file"echo "Line 2 of the file"echo "Line 3 of the file"

46

exit 0

exec STDOUT testfile.txt. , echo testfile.txt, , . , , . STDIN read:

#!/bin/shexec < ./testfile.txtwhile read string do

echo $stringdoneexit 0

testfile.txt, , , . read. read , read . , read .

. , . , . :

#!/bin/sh xv

, , , .

47

5.05.

ls cd pwd cp mv touch mkdir rm rmdir ln find locate mount umount tar

adduser rmuser passwd vipw /etc/passwd sudo visudo /etc/sudoerschmod chown chgrp

more less grep cat ( )wc , diff fmt cut head tail sort vi vi

man date cal ps ,

48

top kill killall shutdown halt reboot uptime

pkg_info , pkg_add pkg_delete make make install make deinstall make clean , make distclean , ,

ifconfig route ping traseroute netstat nslookup dns-dig dns-ipfw ipfwtrafshow tcpdump ipfwssh scp ssh

( )/etc/rc.conf /etc/rc.local /etc/rc.firewall /etc/adduser.conf adduser/etc/passwd /etc/master.passwd /etc/group /etc/sudoers sudo/etc/resolv.conf dns /etc/hosts /etc/inetd.conf inetd/etc/services /etc/crontab cron/etc/motd ssh/etc/ftpusers ftp/etc/ftpchroot ftp/etc/namedb/named.conf named/etc/mail/freebsd.mc sendmail /etc/mail/sendmail.cf sendmail /etc/mail/access sendmail/etc/mail/aliases /etc/mail/local-host-names /etc/mail/virtusertable /etc/ppp/ppp.conf ppp/usr/src/sys/i386/conf/GENERIC

49

/usr/src/sys/i386/conf/LINT

6.

, - FreeBSD 6.3, . , . ? , FreeBSD, :

1. - FreeBSD. , FreeBSD , - .

2. FreeBSD .

3. UNIX. Windows , , UNIX . . :)

50

# vi ~/scripts/quotas.conf7:1000:admin@mail.ua15:200:jurist@mail.ua