Tai Lieu Quan Tri Linux LPI 1 2 PDF

..,.,..J'..
"JteJC, TRUNG TAM DAO TAO MANG MAY TiNHNIIAT NGu-e

"/,r'J; D6I TAC DAO T�O CUA MICROSOFT T� VIl:T NAM
-:�I�
"1,.,
-"!",., --- 105 Ba Huyen Thanh Quan, Q3, TP. HCM Aficrosoft·Pa rtner
NHATNGHE· Tel: 39.322.734 . - 39.322.735- Website: www.nhatnghe.com Goi:i Learning
Topic 1: Linux Installation and Package Management

Installing software - - - � - - - -
Install programs from source
1
Phien Bin Thir Nghifm - Ltru Banh N{>i Bq
TRUNG TAM E>AQ T,:\.O M,:\.NG MAY TiNHNHAT NGH.f:
.t1"Jleft,
r.A/,r'J; 1>61 TAC BAO T�O CUA MICROSOFT T�I �T NAM
,, � 105 Ba Huyen. Thanh Quan, Q3, TP. HCM Mic#Osolt·Partner
NHATNGHE· .
Tel: 39.322.734 - 39.322.735- Website: www.nhatnghe.com
Installing Linux as a Server

1 • Yeu cau ph).an clfDg
A ). ,
System Requirements:
• I GHz x86_64 processor
• I 024MB of system memory (RAM)
• 5GB of disk space (for OS files; consideration should be given to the (often very large) size
of user files that will occupy the /home directory)
• Graphics card and monitor capable of I 024x768
• CD Drive, DVD Drive, or bootab]e USB Port
• Sound support, if you need sound.
• Internet access is helpful
2. Cai dJt
Giao trinh nay se hu6ng d!n cac b�n cai d�t CentOS 7.1 Enterrprise
Kh&i d<)ng tu CD Rom cua CentOS 7.1 enterprise
Khi chuong trinh cai d�t khai d<)ng, se hi�n thi man hinh:
BI. Ch9n ngon ngu cai d�t, chc,m continue:
2 ·Phien Ban Th1r Nghifm - LU'U Hanh Nqi Bq

....,.J:."llen- TRUNG TAM DAO T�O M�G MAY TiNHNHA.T NG�
r-/111:'J:, B6I TAC BAO T�O CUA MICROSOFT T� V:q:T NAM -.:�11�
�,.,
105 Ba Huy�n Thanh Quan, Q3, TP. �CM Mictosoft· Partner
-N-HA..,...,T_N_G_H_E
· Tel: 39.322.734 - 39.322.735- Website: www.nhatnghe.com Goi<i Leaming
WELCOME TO CENTOS 7�
What language would you like to use during the installation process?
V "-; '°" t,ms.s«� "°''�+=<• '� « ;, � """' - - F>'�
}:pgtisn ,(l!Jn!�ed fit<l! esr i i •
Afrikaans Afrikaans
English (United Kingdom)
English (India)
""'ci.: Amharic
- �I English (Australia)
Arabic
English (Canada)
� Assamese
English (Denmark)
Asturianu Asturian English (Ireland)
5e11apycKast Belarusian English (New Zealand)
6bllrapcKw Bulg:,rian English (Nigeria}
<!l�cTI Bengali ---- �n.9:ish_ _ (r.:Jo':9 �0-�9 .�'.':'� �hlna)
Quit Continue
..
Install or upgrade an exiting system: Cai m&i ho�c nang d.p
82. Ch9n Date & Time EB. Ch9n Ho chi Minh City, Done
LOCALIZATION DATE&TIME
DATE &TIME
Americas/New York timezone
LANGUAGE SUPPORT
English (United States)
SOFTWARE
84. Ch9n Software Selection 85. Ch9n Software selection, done
3
Phien Ban Thfr Nghifm - LtrU Hanh Nqi Bq
Me"- TRUNG TAM DAO T�O M�NG MAY TINHNHA.T NGffl:
DOI TAc BAO T.,;.o CUA MICROSOFT T.,;.I vq:T NAM
105 Ba Huy�n Thanh Quan, Q3, TP. HCM Miclosoft· Partner
NHAT NGH� Tel: 39.322. 734 - 39.322.735 - Website: www.nhatnghe.com
SOFTWARE SELECTION Base Envlrorrnent Add-

Minimal Install "'· Fie and Print Server
File, print, and storeg-e server for ,ent,erprises.
r, Basic Web Server

Ser,er for serving static and dynamic internet
content. n ,
KDUMP ,..,.., Virtualization Host
Minimal virtualization host.
Kdump is enabled
GNOME Desktop
86. ChQn Installation Destination B7. ChQn disk sda, I will configure
partitioning
,Done
Device Selection
SYSTEM Select the device($) you'd like to Install to. They will be left unto
"Begin Installation" button.
Local Standard Disks
INSTALLATION DESTINATION
Automatic partitioning selected .40GiB
NETWORK & HOST NAME VMware, VMware Virtual S
Not connected sda I 992. 5 KiB free
Other Storage Options

Partitioning
�, Automatically configur.e partitioning. 0 I ,..�_.,m configure partitioning.
-�s. Ch9n Standard Partition, done B9. T�o munt point /boot dung lu9ng 200M
ADD A NEW MOUNT POINT

"'New CentOS 7 lnstallatlon
You haven't created any mount points for your More customization options are available
CentOS 7 installation yet. You can: after creating the mount point below.
• Ctkk here to create them autornatkaUv.
Mount Point: V
• Create new mount points by dicking the '+'

button.
New mount points will use the following
partitioning scheme:
r��-��-�r��;-�;;��.·;:_,-·:_-_�.�-:�_-:·.:·..• ·. ::_ �.]
4 Phien Ban Thir Nghifm - LU'U Hanh Nqi Bq

-ALY,� TRUNG TAM DAO T�O M�.NG MAY TiNHNIIAT NGH¥
r/,r'J; B61 TAC DAO T�O CUA MICROSOFT T�I Vll:T NAM
_N_H_A,.T_N_G_ H_�
105 Ba Huyen Thanh Quan, Q3, TP. �CM AfictOsoft· Partner
• Tel: 39.322. 734 - 39.322.735 - Website: www.nhatnghe.com Goici Learning
BIO. ChQn+ B11. T�o phan vung swap

,.. New CentOS 7 Installation sdal
ADD A NEW MOUNT POINT
DATA
SYSTEM �----·
Mount Point:
/boot
More customization options are available
after creating the mount point below.
Desired Capaclt
! 200MiB
t�---- Mount Point: j swap
�
['--
······ ···· ·_ ······_ ···· ··· ··················· ·······················_ · ·· ··
· ·- ·
I
__
. .
__,
v
c it y : _ _ _ _ _ _ _ _ _
d Capa _
Desire
Device Type:
(
i Standard P�rtiti
f::t�=��I
Cancel Add mount point
B12. T�o han vimg /root Bl3. Ch9n done

MANUAL PARTITIONING
ADD A NEW MOUNT POINT Ill
More customization options are available New CentOS 7 Installation sda3
after creating the mount point below. Mount Point:
I
Mount Point: V
Desired C.. pa ci
33.2 G,6
Device Type:
St•ndard P arti
: Cancel Add mount point
B14. Ch9n Accept B15. Ch9n Network% Hostname
SYSTEM
SUMMARY OF CHANGES
�st,ov Form�t ;;,., ·-

0-e•t+ Forrn�t . - :-;:,.,, )1'.[''
INSTALLATION DESTINATION
Custom partitioning selected
(re.at-e Oevir.e ;� �r:.,�•-: ·:
Create Format ('=<t•1
Create Device v....:tt<,,v': NETWORK & HOST NAME
.•,,.,.·.�·
Cr*ate Fomat
Not comected
Cre-e Format t- <t'1
B16. ChQn ON, configure B17. NMp thong tin cho Lan card, Save, done
5
Phien Ban Thir Nghifm - Ltru Hanh Nqi Bq
TRUNq TA� DAO T�� M�NG MAY TiNH NIL\T NG11¥
,..,1"1Jf,e/fl
"{,r'J; 1>61 TAC f>AO T�O CUA MICROSOFT T�I VJt;T NAM � ..
/f/r,c,osott· Partner
,� .¥
----- I 05 Ba Huy�n Thanh Quan, Q3, TP. HCM

�.'.ii:-it:i Leaming
[i] Ethernet (eno16777736)

� Connected Addresses
Hardware Address 00:0C:29:SA:CE:OA

Speed 1000 Mb/s
IP Address 192.168.232.143
Subnet Mask 255.255.255.0
0 Require lP\;4 addressing for this connection .to complete
Default Route 0.0.0.0
ONS 192.168.232.l
' Configure...
B 16. ChQn Begin Installation Bl 7. D�t password cho root: 123456
CONFIGURATION
KDUMP
Kdump Is enabled
USER SETrlNGS
ROOT PASSWORD
Root password is not set
B 18. T�o user B 19. Ch9n Reboot
CENTOS? INSTALLATION
Imus , Help!
I ready for you to use! Go ahead and reboot to
820. Lo ·n user root B21. Start using Centos Linux
6 Phien Ban Thii' Nghifm - Ltru Hanh Nqi Bq

_.,.17!�
r-ffll:'X
TRUNG TAM DAO T�O M�NG MAY TiNHNIIAT NGHl:
B6I TAC BAO T�O CUA MICROSOFf T� viiT NAM
...:-�I�
�--,
-i
-N-H A.-T_N_G_H_E
105 Ba Huy�n Thanh Quan, Q3, TP. �CM llllictosolt· Partner
· Tel: 39.322.734 - 39.322.735-Website: www.nhatnghe.com Goi<l Leaming
Your computer is ready to use,

You may change these options at any time in Settings,
"""'-;:; !;,j r : - ""' ti

Sta!i using C2n:OS unu<
Gin them Ian card
Bl. #nmtui 82. Doi ten profile
Phien Bin Thir Nghifm - L1111 Banh N9i B9 7

TRUNG TAM E>AO T�O M�NG MAY TiNH NIIAT NGQ
-·-tt---.
_.,L"'Jll,e/fl
rf,rr'J; 1>61 TAC BAO T�O CUA MICROSOFT T�I VJ¥T NAM
105 Ba Huyen Thanh Quan, Q3, TP. HCM Miclosolf· Partner
NHATNGHE
. .
· Tel: 39.322.734- · . www.nhatn he.com
39.322.735-Website:
',it.si::! Leaming
B4. #systemctl restart network

#mv /etc/sysconfig/network-scripts/ifcfg
Wired_connection_ I /etc/sysconfig/network
scripts/ifcfg-eno33554984
Chu y: co th8 d6i ten thanh ifcfg-ethO, ifcfg-ethl ...
Stop and Disable Firewalld on CentOS 7
DisableFirewalld
#systemctl disable firewalld
StopFirewalld
#systemctl stop firewalld
Check the Status ofFirewalld
#systemctl status firewalld
Disable SELinux CentOS 7
Xem �ng thai selinux:
[root@localhost-]# sestatus
SELinux status: enabled
SELinuxfs mount: /sys/fs/selinux
. SELinux root directory: /etc/selinux
Loaded policy name: targeted
Current mode: enforcing
Mode from config file: enforcing
Policy MLS status: enabled
Policy deny_unknown status: allowed
. Max kernel policy version: 28
Mcr file /etc/selinux/config, sfra SELINUX=disbled

HoJc
[root@localhost-]# sed -i 's/enforcing/disabled/g' /etc/selinux/config
[root@localhost-]# reboot
[root@localhost-]# sestatus
SELinux status: disabled
Change default runlevel in CentOS 7

Cach 1:
B 1. Xem runlevel hi�n t�i
[root@localhost -]# systemctl get-default
8 Phien Ban Thii' Nghifm - Ltru Hanh Nqi B{,

.AA.J'..."Jle,t, TRUNG TAM DAO T�O M�NG MAY TiNH NIIAT NGiq:
"/ffl:'X DOI TAC DAO T�O CUA MICROSOFT T�I \'q:T NAM
105 Ba Huy�n Thanh Quan, Q3, TP. �CM
':�,�
AficlOsoff·Partner
...,,.,
_N _H_A.,.T_N_G_H_E
· Tel: 39.322.734 - 39.322.735-Website: www.nhatnghe.com
graphical.target
B2. Xem cac target c6 �n
[root@localhost -]# systemctl list-units --type=target
UNIT LOAD ACTIVE SUB DESCRIPTION
basic.target loaded active active Basic System
cryptsetup.target loaded active active Encrypted Volumes
getty.target loaded active active Login Prompts
graphical.target loaded active active Graphical Interface
local-fs-pre.target loaded active active Local File Systems (Pre)
local-fs.target loaded active active Local File Systems
multi-user.target loaded active active Multi-User System
network.target loaded active active Network
paths.target loaded active active Paths
ren1ote-fs-pre.target loaded active active Remote File Systems (Pre)
remote-fs.target loaded active active Remote File Systems
slices.target loaded active active Slices
sockets.target loaded active active Sockets
sound.target loaded active active Sound Card
swap.target loaded active active Swap
sysinit.target loaded active active System Initialization
timers.target loaded active active Timers
LOAD = Reflects whether the unit definition was properly loaded.

ACTIVE= The high-level unit activation state, i.e. generalization of SUB.
SUB = The low-level unit activation state, values depend on unit type.
17 loaded units listed. ·Pass --all to see loaded but inactive units, too.
To show all installed unit files use 'systemctl list-unit-files'.
83. Change default to runlevel 3

#systemctl set-default multi-user.target
rm '/etc/systemd/system/default.target'
In -s '/usr/1ib/systemd/system/multi-user.target' '/etc/systemd/system/default.target'
84. Ki�m tra

#systemctl get-default
multi-user.target
85. Reboot
Cach2:
B 1. Check the current level
# systemctl get-default
multi-user.target
B2. Xem cac runlevel
[root@localhost -]# Is /lib/systemd/system/runlevel*target -1
lrwxrwxrwx. l root root 15 Apr 14 2015 /lib/systemd/system/runlevelO.target -> poweroff.target
lrwxrwxrwx. l root root 13 Apr 14 2015 /lib/systemd/system/runlevel I .target -> rescue.target
lrwxrwxrwx. I root root 17 Apr 14 2015 /lib/systemd/system/runlevel2.target -> multi-user.target
Phien Bin Thir Nghifm - Lll'll Hanh Nqi Bq 9

Men,
.,
TRUNG TAM DAO T�O M�NG MAY TINHNIIA.T NGII¥
D6I TAC DAO T40 CUA MICROSOFT T4J V�T NAM
� I 05 Ba Huy�n Thanh Quan, Q3, TP. HCM Mlclosolt' Partner
�-- "
NHAT NGH� Tel: 39.322. 734 - 39.322.735 - Website: www.nhatn ":.iL�i:S Leaming
ghe.com
lrwxrwxrwx. 1 root root 17 Apr 14 2015 /lib/systemd/system/runleve13.target -> multi-user.target

lrwxrwxrwx. 1 root root 17 Apr 14 2015 /lib/systemd/system/runlevel4.target -> multi-user.target
lrwxrwxrwx. 1 root root 16 Apr 14 2015 /lib/systemd/system/runlevel5.target -> graphical.target
lrwxrwxrwx. 1 root root 1 3 Apr 14 2015 /lib/systemd/system/runlevel6.target -> reboot.target
B 3. Chuy�n runleve tir 3 sang 5

In -sf /lib/systemd/system/runlevel5.target /etc/systemd/system/default.target
Ho�c
In -sf /lib/systemd/system/graphical.target /etc/systemd/system/defalilt.target
B4. Ki�m tra
# systemctl get-default
runlevel5.target
#reboot
10 Phien Ban Thfr Nghifm - LU11 Hanh Nqi Bq

1lf1t"' TRUNG TAM DAO T�O M�G MAY TiNHNBAT NGHf;
D6I T.AC D.AO T�O CUA MICROSOFf T� VItT NAM
105 Ba Huyen Thanh Quan, Q3, TP. HCM Aficrosoft·Pa rtner
i11!\
� ...
NHATNGHE· Tel: 39.322.734
. - 39.322.735- Website: www.nhatnghe.com
,, A
Goid Learning
Installing software
- Redhat Package Manager (RPM) la cong cv dung d� Installing, Uninstalling va Upgrading software
cho h� th6ng Linux.
- M9t RPM package la m9t file chfra cac chucmg trinh thl,lc thi, cac scripts, tai li�u, va m9t s6 file dn
thi€t khac. Cdu true ciia m9t RPM package nhr sau:
1 package 1 .. 1 1jo 1 - � I i386 I rp1

I
Ndmt, . 11ersion Rekose A.rcbfttetart
1. Quan ly package bing The Package Management Tool (dung giao difn d6 hqa)
- Vao menu Application 7 ch9n System tool, Software
, .. i J"
Pfaces . t$ftware
Favorites Boxes
Accessories
Documentation
'X, Settings
Graphics r; � Software
Internet � Software Update

Office
. � Startup Applications
Sound & Video
Sundry . tJ J System Log
jsystem Tools 1. IIJ System Mon,tor
Man hinh Software Manager.
Software
System Management
!. .. Virtualization
Virtuali:ation Client
Virtualization Hypervisor
Virtualization Platform
'
Ii" WebVirtualization Tools
Services
load Balancer
Ttle Ap��;·.:irw's-;rve�is-; ..
:powerful, efficient, and extensible :
1.,·1. I
'·······' -·-··------··-···---··-····--··-d
Dov:nload size 2.8 MB
Liu,nce ASL 2.0
• Software Sources Source CentOS-7 - Base
11
Phien Ban Thir Nghifm - Ltru Hanh Nqi B9
TRUNG TAM oAo T�O M�NG MAY TINHNHA.TNGffl:
�e,,t, D6I TAC DAO T�O CUA MICROSOFT T� Vq:TNAM
Mlc#osoff·Pa rtner
_;,...,,
� ,� � ..
,., - - 105 Ba Huy�n Thanh Quan, Q3, TP. HCM
NHAT NGHe Tel: 39.322.734 - 39.322.735- Website: www.nhatnghe.com 'i:.:-k: Leaming
2. Quan ly package bing RPM (dung command)

2.1. Xem cu phap lenh rpm: man rpm
PM(8) Red Hat Linux RPM(8)
rpm - RPM Package Manager

IS
QUERYING ANO VERIFYING PACKAGES:
rpm {-ql--query} [s el.ect-options] [query-options]
rpm {·Vl·-verify} [sel.ect-options] [verify-options]
rpm {·Kl--checksig} [--nosignature] [--nodigestJ

PACKAGE FILE ..:....!..::.
INSTAlUNG, UPGRADING, AND REMOVING PACKAGES:
rpa {-il--instaU} [instaU-options] PACKAGE FILE .!...!...!.
rpm {·Uf--upgrade} [instal.l.-options] PACKAGE FILE .,_,_,_
rpm {-Ff--freshen} [instatl.-options] PACKAGE FILE .:...:...,.
rpm {-el--erase} [--allmatches] [--nodeps] [--noscripts]

[--notriggers] [--repackage] [--test] PACKAGE NAME .:...:...,.
HISCELLANEOUS:
rpm {--initdbl·-rebuilddbj
¢ Xem va d6i chi�u v&i ly thuy�t cac option khi su dµng I�nh rpm.
2.2. Cai djt tir DVD
* Cac tham s6 thucmg dung cha vi�c cai d�t
[root@localhost-]# mount /dev/cdrom /media/

[root@localhost-]# rpm -ivh /media/Packages/mc-4.8.7-8.el7.x86_64.rpm
warning: /media/Packages/mc-4.8.7-8.el7.x86_64.rpm: Header V3 RSA/SHA256 Signature, key ID
f4a80eb5: NOKEY
Preparing... #################################[lOOo/o]
Updating I installing...
l:mc-l:4.8.7-8.el7 #################################[lOOo/o]
Ch�y thfr ph§.n m�m me
[root@may 1 -]#me
12 Phien Ban Thii' Nghi�m - LU11 Hanh Nqi Bq

JutL""Jletr,
TRUNG TAM DAO TtO MtNG MAY TiNHNHATNG:Hl:
"/fflfX D61 TAC DAO T�O CUA MICROSOFT T� VJl;T NAM ��
.,.,,,.,
"' 105 Ba HuyenA. Thanh Quan, Q3, TP. HCM
.
NHATNGHE• Tel: 39.322. 734 - 39.322.735 - Website:
Mictosott·Pa rtner
www.nhatnghe.com Gold Learning
me [root@localhost.localdomain]:/
· Truy v§.n cac thong tin lien quan d�n g6i da cai
Cac tham s6 thucmg dung
Tuy chf!n Ynghia

-q (package.file) hien thj package.
-a (all) truy van tat CG CllC package afi aU()'C Ceti tfgt.
-d (documentation) li?t ke cacfiles tai li?u lien quan tlen package.
-i (information) li?t ke cac thong tin nhu package name, description,
release number, size, build date, installation date, vendor, va cac thong
tin khac.
-c (configuration) li?t ke cac t(lp tin cau hinh cua package.
#rpm -qa me => li�t ke cac packages c6 ten la samba.
[root@mayl -]# rpm -qa me

mc-4.8.7-8.el7.x86 64
[ root(a2may I -]#
#rpm -qa me* => li�t ke cac packages co ten nit dAu la me.
[root@mayl -]# rpm -qa me

mc-4.8.7-8.el7.x86-64
[root(a2mayl -]#
#rpm -qa I grep me => li�t ke cac packages c6 ten chua me.
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!13
Phien Bin Thi'r Nghifm - Ltr0 Hanh N{H Bq
TRUNG TAM DAO TAO MANG MAY TINHNBAT NGHE
-AAL"'ll� �,.
"/,r'J; B6I T.A.C BAO T�O CUA MICROSOFT T� Vfl;T NAM � ...... ·�
I 05 Ba Huy�n Thanh Quan, Q3, TP. �CM .a-lCIOSOft· Partner

'!'"N-�,-..-T-N_G_H-�· Tel: 39.322.734 - 39.322.735 - Website: www.nhatn he.com
g
[root@mayl -]# rpm -qa I grep me

libXdmcp-1.l .1-6.l .el7.x86_64
smc-meera-fonts-6.0-7.el7.noarch
smc-fonts-common-6.0-7.el7.noarch
mc-4.8.7-8.el7.x86_64
abrt-addon-vmcore-2.1.11-
19.el7.centos.0.3.x86 64
#rpm-qd httpd . => li�t ke cac files tai li�u lien quan d�n me.
[root@localhost-]# rpm -qd httpd

/usr/share/doc/httpd-2.4.6/ABOUT_APACHE
/usr/share/doc/httpd-2.4.6/CHANGES
/usr/share/doc/httpd-2.4.6/LICENSE
/usr/share/doc/httpd-2.4.6/NOTICE
/usr/share/doc/httpd-2.4.6/README
/usr/share/doc/httpd-2.4.6NERSIONING
/usr/share/doc/httpd-2.4.6/httpd-dav.conf
/usr/share/doc/httpd-2.4.6/httpd-default.conf
/usr/share/doc/httpd-2.4.6/httpd-info.conf
/usr/share/doc/httpd-2.4.6/httpd
languages.conf
rpm-qi me => li�t ke cac thong tin mo ta g6i me.
[root@localhost-]# rpm-qi httpd

Name : httpd
Version : 2.4.6
Release : 31.el7.centos
Architecture : x86 64
Install Date : Tue 14 Apr 2015 06:14:49 PM JCT
Group : System Environment/Daemons
Size : 9810046
License : ASL 2.0
Signature : RSA/SHA256, Sat 14 Mar 2015 02:55:03 PM JCT, Key ID
24c6a8a 7f4a80eb5
Source RPM : httpd-2.4.6-31.el7.centos.src.rpm
Build Date : Thu 12 Mar 2015 10:09:17 PM ICT
Build Host : workerl.bsys.centos.org
Relocations : (not relocatable)
Packager : CentOS BuildSystem <http://bugs.centos.org>
Vendor : CentOS
URL : http://httpd.apache.org/
Summary : Apache HTTP Server
Description
The Apache HTTP Server is a powerful, efficient, and extensible
web server.
rpm-qc samba => li�t ke cac �p tin du hinh cua samba.
I [root@Jocalhost-]# rpm -qa I grep samba
14�!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Phien Bin Thu Nghifm - LU'U Hanh Nqi B9
TRUNG TAM DAO TAO MANG MAY TINHNBA.T NGHE
�en, 1>61 TAC BAO T40 CUA MICROSOFT T4{ viiT NAM
,., · _ l05 Ba Huyen Thanh Quan, Q3, TP. HCM Microsoft·Pa rtner
NHATNGHE . - 39.322.735- Website: www.nhatnghe.com
· Tel: 39.322.734 Goici Learning
samba-common-4.1.12-2 l .el7_1.x86_64
samba-4.1.12-21.el7- l.x86-64
samba-libs-4.1.12-2 l.el7 l.x86 64
2.3. Ga bo mqt package (Erase)
[root@mayl -]# rpm -e me
Chu y: Niu gfi bo m(Jt package ma package do con ph1:1 thu(jc vao cac package khac thi khi
gfi bo ta ditng them tuy ch,;m --nodeps.
[root@localhost -]# rpm -e samba-common

error: Failed dependencies:
samba-common = 4. l .12-21.el7 _1 is needed by (installed) libsmbclient-0:4. l .12-21.el7 _1.x86_64
libpopt_ samba3.so()( 64bit) is needed by (installed) samba-0:4. l .12-21.el7_ l .x86_64
libpopt samba3.so(SAMBA 4. l .12)(64bit) is needed by (installed) samba-0:4. l.12-21.el7 l.x86 64
c:> L6i do samba-common ph1,1 thu(k vao g6i samba-0:4. l .12-2 l.el7_1.x86 _64. Vi v�y n�u
mu6n xoa g6i do samba-common thi c6 2 each:
Cach 1: xoa g6i samba-0:4. l .12-2 l .el7_1.x86_64 tru6c, sau d6 xoa g6i samba-common.
Cach 2: xoa g6i samba-common dung v6i option --nodeps
rpm -e samba-common --nodeps
Dung l�nh rpm -qa grep samba d� ki�m tra k�t qua.
J
2.4. Cfp obit m{>t package (upgrade)
[root@mayl -]# rpm -Uvh /media/Packages/ samba-4. l.12-21.el7_l.x86_64.rpm

warning: /media/Packages/samba-4.1.12-21.el7_1.x86_64.rpm: Header V3
RSA/SHA256 Signature, key ID f4a80eb5: NOKEY
Preparing... ################################# [100%]
package samba-0:4.1.12-21.el7 1.x86 64 is already installed
Ghi chu:
- Ta co thi ditng Nnh rpm vai option.'
--nodeps : l¢nh rpm se ho qua cac g6i ph1,1 thu(>c.
--force : lfnnh rpm se bo qua l6i xung a(>t.
-Di cai aijt software tren HDH Linux ngoai RPM package, chung ta con co thi cai aijt bi'lng
goi source, chi tih Se aU()'C trinh bay O' phJn sau.
3. Sir dyng lfnh yum
L�nh yum cho phep tim ki�m va cai d?t cac ph!n m�m, thu vi�n tri.rc ti�p tir internet
Cuphap:
yum [options] [command] [package ...]
Cac thong s6:

* install package1 [package2] [...]
* update [package]] [package2] [...]
* check-update
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!�15
Phien Ban Thir Nghifm - Llfll Hanh N{H B9
TRUNG TAM E>AO T�O M�G MAY TINHNIIATNG�
"'..
.A�L"'Jl,eJC,
"/fflfl:
,.,
1>61 TAC BAO T�O CUA MICROSOFT T� Vft:T NAM
105 Ba Huyen Thanh Quan, Q3, TP. HCM
A

.-ICIOSOtt' Partner
�
* upgrade [package!] [package2] [...]

* remove I erase package! [package2] [...]
* list [...]
* info [...]
* provides I whatprovides feature! [feature2] [...]
* clean [ packages I headers I metadata I cache I dbcache I all ]
* makecache
* groupinstall groupl [group2] [...]
* groupupdate group! [group2] [...]
* grouplist [hidden]
* groupremove group! [group2] [...]
* groupinfo group! [...]
* search string! [string2] [...]
* shell [filename]
* resolvedep depl [dep2] [...]
* localinstall rpmfilel [rpmfile2] [...]
* localupdate rpmfilel [rpmfile2] [...]
* deplist package 1 [package2] [...]
Cai tir dia DVD
b 1. t�o thu m1,1c trong root:

mkdir /media/cdrom
b2. mount dvd vao thu m1,1c:

mount /dev/cdrom /media/cdrom
b3. import key PGP:.

rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-6
b4. cai d�t cac nh6m phfin m�m v&i yum:

Xem cac group aa dugc cai va chua <luge cai
[root@mayl AdobeReader]# yum grouplist

Loaded plugins: fastestmirror, refresh-packagekit, security
Setting up Group Process
Installed Groups:
Additional Development
Base
Client management tools
Console internet tools
Debugging Tools
Desktop
Desktop Debugging and Performance Tools
Desktop Platform
Available Groups:
Backup Client
Backup Server
CIFS file server
Compatibility libraries
16�!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Phien Ban Thu- Nghifm - Lu-u Hanh Nqi Bq
Men,
TRUNG TAM DAO T�O M�NG MAY TINHNHA.T NGH¥
D6I TAC DAO T�O CUA MICROSOFT T�I Vll:T NAM
"":4l"i,
...
,., _ 105 Ba Huyen Thanh Quan, Q3, TP. HCM
. - 39.322.735 - Website: www.nhatn he.com Aficrosoft·Pa rtner
g Goici Leaming
Desktop Platform Development

Development tools
Directory Server
Eclipse
Emacs
Vi d1=1 cai g6i "Backup Server"
[root@mayl AdobeReader]# yum --disablerepo=\* --enablerepo=c6-media groupinstall "Backup

Server"
Runningrpm_check_debug
RunningTransaction Test
Transaction Test Succeeded
RunningTransaction
Warning: RPMDB altered outside of yum.
** Found 1 pre-existingrpmdb problem(s), 'yum check' output follows:
samba-client-3.5.10-114.el6.i686 has missing requires of samba-common = ('O', '3.5.1O', 'l 14.el6')
Installing: 2:xinetd-2.3.14-33.el6.i686 1/3
Installing: amanda-2.6.1p2-7.el6.i686 2/3
Installing: amanda-server-2.6.1p2-7.el6.i686 3/3
Installed:
amanda-server.i686 0:2.6.1p2-7.el6
Dependency Installed:
amanda.i686 0:2.6.1p2-7.el6 xinetd.i686 2:2.3.14-33.el6
Complete!
Cai tir internet

Cai d�t me:
[root@serverl /]# yum install me - y

Loading "installonlyn" plug1n
Loading "priorities" plugin
Setting up Install Process
Setting up repositories
Reading repository metadata in from local files
Parsing package install arguments
Resolving Dependencies
--> Populating transaction set with selected packages. Please wait.
---> Package mc.i386 1:4.6.la-35.el5 set to be updated
--> Running transaction check
Dependencies Resolved
Package Arch Version Repository Size
Installing:
me i686 1:4.7.0.2-3.el6 base 1.6 M
Total download size: 1.6 M
17
Phien Bin Thii' Nghifm - Ltru Hanh Nqi Bq
Men, TRUNG TA.M E>AO T�O M�NG MAY TiNHNIIAT NG11¥
DOI TAC DAO T.�O CUA MICROSOFT T*1 VIE:T NAM
105 Ba Huy�n Thanh Quan, Q3, TP. HCM llllr#CIOSOlt' 1Partner
NHAT NGH�
� A
:;,.,k! Leaming
Installed size: 5.4 M

Is this ok [y/N]: y
Downloading Packages:
mc-4. 7.0.2-3.el6.i686.rpm I 1.6 MB
00:08
Running rpm_check_debug
Running Transaction Test
Running Transaction
Installing : 1:mc-4.7.0.2-3.el6.i686
1/1
Installed:
mc.i686 1:4.7.0.2-3.el6
Complete!
Qua trinh cai k�t thuc.

Xem thong tin g6i me
[root@mayl AdobeReader]# yum info me

Loaded plugins: fastestmirror, refresh-packagekit, security
Loading mirror speeds from cached hostfile
* base: mirrors.hostemo.com
* extras: mirrors.hostemo.com
* updates: mirrors.hostemo.com
Installed Packages
Name : me
Arch : i686
Epoch :I
Versio.n : 4.7.0.2
Release : -3.el6
Size : 5.4 M
Repo : installed
· From repo : base
Summary : User-friendly text console file manager and visual shell
URL : http://www.midnight-commander.org/
License : GPLv2
Description : Midnight Commander is a visual shell much like a file manager, only
: with many more features. It is a text mode application, but it also
: includes mouse support. Midnight Commander's best features are its
: ability to FTP, view tar and zip files, and to poke into RPMs for
: specific files.
[root(a),mayl AdobeReader]#
E>� go b6 g6i phin mSm, sti di,mg thong sd remove
[root@serverl /]# yum remove me

Loaded lu ins: fastestmirror, refresh-packa ekit, security
18�!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Phien Ban Thir Nghifm - LU'U Hanh Nqi Bq
JtAL"'lle/tl
"(fll:'J:
TRUNG TAM E>A.O T�O M�NG MAY TiNHNHAT NG�
DOI TAC D.AO T.�O CUA MICROSOFT T�I V)¥T NAM �,-,
'
105 Ba Huy�n Thanh Quan, Q3, TP. �CM Aficrosott· Partner
_N _H_A�T-N_G_H_E· Tel: 39.322.734 - 39.322.735- Website: www.nhatnghe.com Goici Learning
Setting up Remove Process

Resolving Dependencies
--> Running transaction check
---> Package mc.i686 l:4.7.0.2-3.el6 will be erased
--> Finished Dependency Resolution
Removing:
me i686 1 :4.7.0.2-3.el6 @base
5.4M
Remove 1 Package(s)
Installed size: 5.4 M
Is this ok [y/N]: y
Downloading Packages:
Running rpm_check_debug
Running Transaction Test
Running Transaction
Erasing 1 :mc-4.7.0.2-3.el6.i686
1/1
Removed:
mc.i686 1 :4.7.0.2-3.el6
Complete!
Phien Ban Thir Nghifm - Ltru Banh N9i B9 19

Men,
,.,
.
TRUNG TAM oAo T�O M�NG MAY TINHNHA.T NGfll:
DOI TAC BAO T�O CUA MICROSOFT T� VJt;T NAM
105 Ba Huy(!n Thanh Quan, Q3, TP. HCM
�,.
...,_
llll"ICIOSOlt-Partner
NHAT NGHe Tel: 39.322.734 - 39.322.735-Website: www.nhatn e.com ,.i.:::>ki Leaming
gh
Topic 2: GNU and Unix Commands

Work on the command line
Process text streams using filters
Perform basic file management
Create and change hard and symbolic links
Use streams, pipes and redirects
Create, monitor and kill processes
Modify process execution priorities
Search text files
Using vi
· 20 Phien Ban ThU" Nghifm - LU'U Hanh Nqi Bq

JoAL'Tl,e/tl
7fllf'J:
TRUNG TAM E>A.0 T.e,.O M.e,.NG MAY TiNHNHAT NGHE:
1>61 TAC B.AO T�O CUA MICROSOFT T�I �T NAM
"':��1,�..,
NHATNGHE· Tel: 39.322.734. - 39.322.735-Website: www.nhatnghe.com
Aficrosoft·Pa rtner
Cioirl Learning
The Command Line

1. Gioi thieu
Su d\Jng BASH Shell
- Linux cung cftp kha nang giao ti�p v6i kernel thong qua trinh di�n dich trung gian gc;>i la Shell.
Shell co chuc nang gi6ng "command.com"(DOS)
- Cac lo�i Shell trong Linux:
Xwindow
Xem cu phap Ifnhf

D� xem cu phap cua m9t l�nh bftt ky trong Linux ta dung l�nh man hay (info)
Xem cu phap l�nh rpm:
[root@mayl -]# man rpm

RPM(8) RPM(8)
NAME
rpm - RPM Package Manager
SYNOPSIS
QUERYING AND VERIFYING PACKAGES:
rpm {-ql--query} [select-options] [query-options]
rpm {-Vl--verify} [select-options] [verify-options]
rpm --import PUBKEY ...
rpm {-Kl-�checksig} [--nosignature] [--nodigest]

PACKAGE FILE ...
Ciu true hf th6ng tip tin
9!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!21
Phien Ban Thu Nghifm - LU'U Hanh Nc)i Be)
TRUN� TA� f>AO TA.q MA.NG MAY TiNHNHATNGiq:
..,.,.,J"..'Jle,i,
"fffl:"X DOI TAC BAO T�O CUA MICROSOFf T� �T NAM
I 05 Ba Huy�n Thanh Quan, Q3, TP. HCM M'"ICl'OSOlt' Partner
•
,., . A
NHAT NGH�
Khai ni�m t?p tin trong Linux dugc chia ra lam 3 lo�i chinh:
+ T?p tin chua du li�u binh thucmg.
+ T?p tin thu mvc.
+ T?p tin thi�t bi.
Ngoai ra Linux con dung cac Link va Pipe nhu la cac t?P tin d�c bi�t.
Xem cfiu true t?p tin h� th6ng:
root@1oca1host -]# '11 I

ota1· 76
rwxrwxrwx. 1 root root 7 Apr 14 17:16 bin -> usr/bin
r-xr-xr-x. 5 root root 1024 Apr 14 17:39 boot
rwxr-xr-x 19 root root 3226 Apr 15 14:41 dev
rwxr-xr-x. 143 root root 12288 Apr 15 14:43 etc
rwxr-xr-x. 3 root root 4096 Apr 14 17:25 home
rwxrwxrwx. 1 root root 7 Apr 14 17:i6 i..ib -> usr/lib
rwxrwxrwx. 1 root root 9 Apr 14 17: 16 l -> usr/1ib64
rwx------. 2 root root 16384 Apr 14 17:16 lost+found
rwxr-xr-x. 3 root root 4096 Apr 14 22:34 media
rwxr-xr-x. 2 root root 4096 Jun 10 2014 mnt
rwxr-xr-x. 3 root root 4096 Apr 14 17:23 opt
r-xr-xr-x 285 root root G Apr 15 14:12 proc
r-xr-x---. 15 root root 4096 Apr 15 14:41 root
rv..rxr-xr-x 37 root mot 1080 Apr 15 15:09 run
rwxrwxrwx. 1 root root 8 Apr 14 17: 16 -> usr/sbin
rv,1xr-xr-x 3 root root 4096 Apr 14 18:31 software
rwxr-xr-x. 2 root root 4096 Jun 10 2014 srv
r-xr-xr-x 13 root root 0 Apr 15 14:12 sys
rwx rwx rwt 20 root root 4096 Apr 15 14:43 ff�
rwxr-xr-x. 13 root root 4096 Apr 14 17: 16 us r
rwxr-xr-x. 23 root root 4096 Apr 15 14:12 var
- £>6i v&i Linux, khong c6 khai ni�m cac 6 dia. Toan b<) cac thu m1,1c va t?p tin dugc "g�n" Jen
(mount) va t�o thanh m<)t h� th6ng t?p tin th6ng nh§t, b�t d!u tu g6c '/'
- M<)t s6 t�p tin thu m1,1c ca ban tren Linux:
T�p tin thu m1,1c Chuc nang

/bin, Chua cac t?p tin nhj phan ho trg cho vi�c boot va thµc thi cac
/sbin l�nh dn thi�t.
/boot Chua Linux kernel, file anh ho trg cho vi�c load h� dieu hlnh.
/dev Chua cac t?P tin thiet bi (nhu CORom, HOD, FOO, ... ).
/etc Chua cac t?P tin cau hinh h� thong.
/home Chua cac home directory cua nruai dunj;!;.
/lib Chua kernel module, va cac thu vi�n chia se cho cac t�p tin nhj
phan trong /bin va /sbin.
/mnt C�ua cac mount point cua cac thiet bj dugc mount vao trong h�
thong.
/proc Luu trii thong tin ve kernel.
/root Luu trii home directory cho user root.
/tmp Chua cac file t�m.
/usr Chua cac chuong trinh da duqc cai d�t.
/var Chua cac Joj;!; file, hang dgi cac chuong trinh, mailbox cua uers.
2L�!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Phien Ban Thir Nghi�m - LU'U Hanh Nqi Bq
Men,
· TRUNG TA.M flAO T�O M�G MAY TiNHNHATNGiq;
B6I TAC BAO T�O CUA MICROSOFI' T�I Vll:TNAM
,., ,_ I 05 Ba Huyen
NHATNGHc
Thanh Quan, Q3, TP. HCM
Aficrosoft·Pa rtner
· Tel: 39.322.734 G<:id Leaming
Xem danh sach cac files

- Xem danh sach cac file tren thu mvc 6c:
[root@testsrv -]# ls -l I
otal 139
rwxr-xr-x 2 root root 4096 Jan 26 17:20 bin
rwxr-xr-x 4 root root 1024 Jan 26 10:29 boot
rwxr-xr-x 3 root root 1024 Jan 26 10:09 data
rwxr-xr-x 10 root root 3740 Jan 26 15:46 dev
rwxr-xr-x 95 root root 12288 Jan 26 17:20 etc
M{>t s6 options thucmg dung v&i l�nh ls
Options Y nghia
-L Hien thi danh sach file (chi hi�n thi ten).
-1 Hien thi danh sach file (gom nhieu CQt: filename,size,date,....
-a Li�t ke tat ca cac file, baa gom nhfrng file an.
-R Li�t ke tat ca cac file ke ca cac files hen trong thu m1,1c son.
2. Nhom lfnh qua ly thtr ffl\JC

· 2.1. mkdir: T�o thu m1,1c
- T�o cay thu m1,1c sau:
/--data-- dulieu
ke toan
c
L
OS
kinh doanh
linux
Fedora
E Redhat
Ubuntu
unix
AIX
E FreeBSD
Solaris
windows
win2k8
E win7
winxp
Su di.mg l�nh mkdir v6i cu phap sau d� t�o cay thu m1,1c tren
[root@mayl -]# mkdir /data

[root@mayl -]# mkdir-p /data/os/unix/AIX
[root@mayl -]# mkdir /data/os/unix/{Solaris,FreeBSD}
[root@mayl -]# mkdir -p /data/os/linux/{Fedora,Redhat,Ubuntu}
[root@mayl -]# mkdir /data/os/windows
[root@mayl -]# cd /data/os/windows/
[root@mayl windows]# mkdir winxp win7 win2k8
[root@mayl windows]# mkdir ../. ./dulieu
[root(a),mayl windows]# mkdir ../../dulieu/{"ke toan","kinh
. Phien Ban Thir N:ghifm - LtrU Hanh Nqi Bq 23

.A,.z.-,,,e,r,
"ffll:"J:
TRUNG TAM DAO T�O M�NG MAY TINH NHA.T NGHE:
B6I TA.C BAO T�O CUA MICROSOFT T� VJl;T NAM
I 05 Ba Huy�n Thanh Quan, Q3, TP. �CM Miclosoff' Partner
_N_H_A_T_N_G_H_E· Tel: 39.322.734 - 39.322.735- Website: www.nhatnghe.com
f-.:.ii>i:� Leaming
I doanh"}
[root@mayl windows]#
2.2. cd - chuy�n d6i th11 myc lam vifc

Duong ddn tuy�t d6i: duqc tinh tir root
Duong ddn tuong d6i: duqc tinh tir vi tri hien t�i
2 thu ml)c m�c djnh:
• : thu mvc hi�n t�i
•• : thu rnvc cha
[root@mayl windows]# cd win2k8/
[root@rnayl win2k8]# cd ../../
[root@rnayl os]# cd ../dulieu/ke\ toan/
[root/a2mavl ke toan]# cd ../kinh\ doanh/
2.3. pwd - xem duimg din hifn hanh
[root@may 1 kinh doanh ]# pwd

/data/dulieu/kinh doanh
[root@rnayl kinh doanh]# cd -
[root@rnayl -]# pwd
/root
[root@rnayl -]# cd /data/os/unix/Solaris/
[root@mayl Solaris]# pwd
/data/os/unix/Solaris
[root!alrnayl Solaris]#
2.4. tree- xem cay th11 myc

[root@rnayl Solaris]# tree /data/os
f-- linux
f-- Fedora
I f-- Redhat
L._ Ubuntu
unix
t E AIX
FreeBSD
Solaris
windows
r-.
win2k8
win7
L
winxp
2.5. du - xem thong tin th11 myc

[root@rnayl Solaris]# du /bin/
7388 /bin/
[root@rnayl Solaris]# du -sh /etc/
33M /etc/
[root@rnayl Solaris]# du-sh /usr/
1.9G /usr/
24�!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Phien Ban Thir Nghifm - LllU Hanh N{>i Bq
TRUNG TA.M DAO T�O M�NG MAy TiNH NRAT NGH:E:
.,,.AL�e!"
"/� B6I TAC BAO T�O CUA MICROSOFT T�I v1iT NAM
,, � I 05 Ba Huyen Thanh Quan, Q3, TP. HCM
NHATNGHE• Tel: 39.322.734
Aficrosoff·Partner
(.";,; Leaming
2.6. d6i ten thU' m9c

D6i ten thu m\lc os 7 hdh
[root@mayl Solaris]# mv /data/os/ /data/hdh
[root@mayl Solaris]# mv /data/hdh/linux/Redhat/ /data/hdh/linux/"Redhat Enterprise"
2.7. rmdir xoa th\l' myc r6ng

[root@mayl data]# rmdir /data/hdh/unix/AIX/
3. Nhom Ifnh quin ly ti,p tin�

3.1 Tto ti,p tin
C6 nhi�u each d� tl,l.O t�p tin
- T�o t�p tin truong.txt voi n9i dung "Truong tin hoc Nhat nghe" va d�t trong tu m\lc data:
[root@mayl Solaris]# echo " Truong tin hoc Nhat nghe" /data/truong.txt
- Them dong "Lop hoc linux" vao t�p tin truong.txt:

[root@mayl Solaris]# echo "Lop hoc linux" >> /data/truong.txt
- Tl,lo t�p tin r6ng:
[root@mayl data]# touch vanbanl .txt vanban2.txt vanban3.txt

[root@mayl data]# II
total 12
drwxr-xr-x. 4 root root 4096 Jun 30 10:21 dulieu
drwxr-xr-x. 5 root root 4096 Jun 30 10:24 hdh
-rw-r--r--. 1 root root 15 Jun 30 10:51 truong.txt
-rw-r--r--. 1 root root O Jun 30 10:53 vanban1.txt
-rw-r..:-r--. 1 root root O Jun 30 10:53 vanban2.txt
-rw-r--r--. 1 root root O Jun 30 10:53 vanban3.txt
[root@.mayl. data]#
Ngoai ra c6 th� t:;10 t�p tin bAng each dung ti�n ich vi, se hQC sau.
3.2. Xem nqi dung ti,p tin

C6 nhi�u l�nh d� xem ri('>i dung t�p tin nhu: cat, more,less, tail, head...
- Xem n9i dung t�p tin truong.txt:
[root@mayl data]# cat truong.txt

Truong tin hoc Nhat nghe
Lop hoc linux
- Xem n9i dung cua t�p tin /etc/sysconfig/network va t�p tin /etc/fstab:
[root@mayl data]# cat /etc/sysconfig/network /etc/fstab

NETWORKING=yes
HOSTNAME=mayl .nhatnghe I .com
#
# /etc/fstab
25
Phien Bin Thir Nghifm - LU'U Hanh Nqi Be)
A.l.'."Jte't' TRUNG TJ\M E>AO T�O M�NG MAY TINHNHA.T NG11¥
r../111:J; D6I TAC D.AO T�O CUA MICROSOFT T� V£E;T NAM
105 Ba Huy�n Thanh Quan, Q3, TP. HCM Miclosolt' Partner
NHAT NGH� Tel: 39.322.734 - 39.322.735-Website: www.nhatnghe.com
� A
# Created by anaconda on Tue Jun 26 21:04:24 2012

UUID=b9d73479-a29f-4167-8ce0-4f2bd83da3ef I ext4 defaults
1 1
UUID=ae65c65d-555c-4227 -a850-a9b51294cd10 /boot ext4 defaults
12
UUID=072b5c7c-6aa8-463l-8752-e4cd5cd58lb9 swap swap defaults
00
tmpfs /dev/shm tmpfs defaults 0 ()
devpts /dev/pts devpts gid=5,mode=620 00
sysfs /sys sysfs defaults . 00
proc /proc proc defaults 00
[root(@.mayl data]#
Tucmg tv dung l�nh more, less, tail d� xem va d6i chi�u k�t qua.
L�nh tail thucmg duqc dung d� v6i option -f d� xem cac log file cho vi�c debug 16i
[root@mayl data]# tail -f /var/log/messages
Jun 30 07:52:36 mayl xinetd[1553]: Server /usr/sbin/amandad is not executable [file=/etc/xinetd.d/amanda]
[line=13]
Jun 30 07:52:36 may! xinetd[l553]: Error parsing attribute server - DISABLING SERVICE
[file=/etc/xinetd.d/amanda] [line=13]
Jun 30 07:52:36 mayl xinetd[l553]: xinetd Version 2.3.14 started with libwrap Joadavg labeled-networking
options compiled in.
Jun 30 07:52:36 mayl xinetd[1553]: Started working: 0 available services
Jun 30 07:52:40 mayl abrtd: lnit complete, entering main loop
Jun 30 07:52:44 mayl qpidd[1672]: 2012-06-30 07:52:44 notice Listening on TCP port 5672
Jun 30 07:52:44 mayl qpidd[l672]: 2012-06-30 07:52:44 notice SSL plugin not enabled, you must set --ssl
cert-db to enable it.
Jun 30 07:52:44 mayl qpidd[l672]: 2012-06-30 07:52:44 notice Broker running
Jun 30 08:14:12 mayl dbus: ave: received setenforce notice (enforcing=O)
Jun 30 10:16:49 mayl yum[36001: Installed: tree-l.5.3-2.el6.i686
3.3. cp - Sao chep

- Sao chep t�p tin truong.txt sang thu mvc hdh:
[root@mayl data]# cp truong.txt /data/hdh/
- Sao chep �p tin truong.txt sang thu mvc hdh

[root@mayl data]# cp truong.txt /data/hdh/lop.txt
- Sao chep toan b¢ thu mvc /etc va cac thu mvc con
[root@mayl data]# cp -Rv /etc/* /data/hdh/linux/
Ghi chu: bgn co thd dung cac ky llf "?,, va "*" ad thTJC hi¢n sao chep cung luc nhiJu t(lp tin va thu
m1,lc nhu:
Vi dv: chep cac file c6 ki tg dAu tien la a,b ho�c c va cac ki tg ti�p theo la b!t ky
[root@mayl data]# cp -v /bin/[a-c]* /data/hdh/
Tucmg tg, v6i ki W th(r 2 la a,b, ..,f

[root@mayl data]# cp -v /bin/[d-e][a-t]* /data/dulieu/kinh\ doanh/
3.4. mv - Di chuy�n tip tin

- Di chuy�n thu t�p tin vanban3.txt trong thu mvc data sang thu mvc /"ke toan":
[root@mayl data]# mv vanban3.txt dulieu/''ke toan"
26�!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Phien Ban Thll' Nghifm - LU'U Hanh Nqi Bq
Men, TRUNG TAM DAO T�O M�G MAY TiNHNHAT NGm;
D6I TAC BAO T�O CUA MICROSOFT T�I VJl;T NAM
ms Ba Huyen Thanh Quan, Q3, TP. HCM llllictosolt· Partner
::4ll�
·�.,
NHATNGHE .
., A
· Tel: 39.322.734 - 39.322.735- Website: www.nhatnghe.com Gt1!cl Leaming
Ghi chu: Tuang fl,( nhu sao chep, bt;m co thJ dung cac ky fl,( "? ,, va "*,, ai th7!C hi¢n di chuyJn cimg
/uc nhi€u ft;lp tin VG thu m'l:IC.
3.5. D6i ten:

[root@mayl data]# mv truong.txt nhatnghe.txt
3.6. rm - Xoa tltp tin

- x6a file vanban2.txt
[root@mayl data]# rm vanban2.txt
rm: remove regular empty file ·vanban2.txt'? y
[root@mayl data]#
- XOa file va cac thu ffi\lC

[root@mayl data]# rm -rf /data/dulieu/kinh\ doanh/*
N€u mu6n xoa ma khong hoi, dung option (-f)

D� xoa thu ill\JC, dung option (-rt)
4. Djnh hmmg nh,p, xuit, cO' ch� dtr011g 6ng

> : xuftt ra file, x6a file cu neu file da tfm t�i.
[root@mayl data]# tree /data/> cay.txt
[root@mayl data]# history> lenh.txt
[root@mayl data]# cal> lich.txt
[root@mayl data]# II I> danhsach.txt
Dung l�nh cat xem l�i n(>i durig cac file vira t�o
>> : xuftt va ghi them vao cu6i file

[root@mayl data]# uname -a>> lich.txt
<: nMp tu file

[root@mayl data]# grep root /etc/passwd
root:x:0:0:root:/root:/bin/bash
operator:x: 11 :O:operator:/root:/sbin/nologin
[root@mayl data]#
I : Ca ch� ducmg dng: ngo ra ciia l�nh nay la ngo vao ciia l�nh kia
[root@mayl data]# II I I grep 4096 I we -1
13
5. Tto lien k�t tren file
Lien k�t cCrng: la lien k�t t�o ra cho file, cac file tuang Cmg tro d€n tung m(>t n(>i. dung v�t ly.
- T�o t�p tin truong:txt b�ng each dung lien k�t cung v6i t�p tin nhatnghe.txt:
[root@mayl data]# In nhatnghe.txt truong.txt
- Ki�m tra t�p tin vira t�o: quan sat inode entry ciia 2 t�p tin vira t�o
l [root@mayl data]# 11-i
Phien Bin Thir Nghifm - Ltr0 Hanh Nqi Bq 27

TRUNG TAM DAO T�O M�NG MAY TiNH NHA.T NGHE:
..A1-.,,e/f!
"/frJ:. B6I TAC BAO T�O CUA MICROSOFI' T� Vll:T NAM
105 Ba Huyen lllllic,osoft- Partner
. Thanh Quan, Q3, TP. HCM
NHATNGHE .
., A
. � Tel: 39.322. 734 - 39.322.735 - Website: www.nhatnghe.com
total 244
267452 -rw-r--r--. 1 root root 253 Jun 30 11:29 lich.txt
267450 -rw-r--r--. 2 root root 41 Jun 30 10:56 nhatnghe.txt
267450 -rw-r--r--. 2 root root 41 Jun 30 10:56 truong.txt
267451 -rw-r--r--. 1 root root 9Jun 30 11:19vanbanl .txt
- Nhjp n{>i dung phong so 911 vao �p tin truong.txt:

II
[root@rnayl data]# echo phong so 911 >> truong.txt II
- Ki�m tra nQi dung cua t�p tin lien k�t ct'.mg nhatnghe.txt:
[root@mayl data]# cat nhatnghe.txt
ruong tin hoc Nhat nghe
Lp hoc linux
phong so 9
- Xoa �p tin nhatnghe.txt:

[root@mayl data]# rm -f nhatnghe.txt
- Ki�m tra nQi dung cua t�p tin lien k�t cung truong.txt
[root@may I data]# cat truong.txt
Truong tin hoc Nhat nghe
Lop hoc linJJX
"phong so 9
c> Chuy: - Khi xoa ttjp tin g6c, ttjp tin hard/ink khong bi anh huimg.
- Khong thd tgo lien kit cimg cho m9t t(jp tin thu m'f;lc.
Lien k�t m�m: Symbolic link_la lien k�t khong dung d�n node entry ma chi dan thufrn la t�o shortcut.
- T�o tjp tin lop.txt b�ng each dung lien k�t m�m v6i truong.txt:
[root@may l data]# In -s truong.txt lop.txt
- Ki�m tra tjp tin vira t�o:
[root@mayl data]# 11
-rw-r--r--. 1 root root 253 Jun 30 11:29 lich.txt
lrwxrwxrwx. 1 root root 10 Jun 30 11:43 lop.txt -> truong.txt
-rw-r--r--. l root root 53 Jun 30 11:39 truong.txt
-rw-r--r--. 1 root root 9Jun 30 11:19vanbanl.txt
[root�mayl data]#
- Nhjp nQi dung "lau 5" vao �p tin lop.txt:

[root@mayl data]# echo "lau 5" >>lop.txt
- Ki�m tra nQi dung cua t�p tin lien k�t cung truong.txt:
[root@mayl data]# cat truong.txt
- Ki�m tra inode entry cua 2 t�p tin vua t�o:
I [root@mayl data]# 11
2��!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!�
Phien Ban Thu Nghifm - L11U Hanh Nqi Bq
�-.,,e/11 TRUNGT.AM DAO T�O M�G MAY TINHNHA.T NGH¥
B6I TAC BAO T�O CUA MICROSOFT T� Yq:T NAM
"/�
-..,�--- 105 Ba Huy�n Thanh Quan, Q3, TP. HCM
AfictOsoft·Pa rtner
Goid Learning
total 240
267452 -rw-r--r--. 1 root root 253 Jun 30 11:29 lich.txt
267447 lrwxrwxrwx. 1 root root 10 Jun 30 11:43 lop.txt -> truong.txt
267450 -rw-r--r--. 1 root root 6 Jun 30 11:46 truong.txt
267451 -rw-r--r--. 1 root root 9 Jun 30 11:19 vanbanl .txt
root ma 1 data]#
=> inode CUQ t(lp tin g6c VCI t(lp tin QU(JC t<;zO ra bl'lng lien Mt mlm khac nhau.
- Xoa �p tin truong.txt

[root@mayl data]# rm -ftruong.txt
- Ki�m tra nc}i dung ctla t�p tin lien k�t cung lop.txt
[root@mayl data]# cat lop.txt
cat: lop.txt: No such file or directory
=> chuv: - Khi xoa t(lp tin g6c, t(lp tin symboliclink khong thi xem au(JC.
- Co thi t<;zo symboliclink cho t(lp tin thu m1:tc.
- T�o lien k�t m�m tren thu mvc

[root@mayl data]# In -s /data/ /root/dulieu
6. N�n giai nen

6.1.
· Dung gzip/gunzip: nen, giai nen file .gz
Chudn bj
[root@mayl -]# cd /data/
[root@mayl data]# cp /bin/a* /data/
[root@mayl data]# ll /data/
total 384
-rwxr-xr-x. 1 root root 123 Jul 7 15:36 alsaunmute .
-rwxr-xr-x. 1 root root 26004 Jul 7 15:36 arch
-rwxr-xr-x. 1 root root 359092 Jul 7 15:36 awk
- Nen �p tin awk:
[root@may1 data]# gzip awk

[root@mayl data]# 11
total 200
-rwxr-xr-x. 1 root root 123 Jul 7 15:36 alsaunmute
-rwxr-xr-x. 1 root root 171103 Jul 7 15:36 awk.gz
- Giai nen awk.gz:

[root@mayl data]# gunzip awk,.gz
Ngoai ra c6 th� th\lC hi�n nen/giai nen b&ng gzip2/gunzip2.

[root@mayl data]# bzip2 awk
-rwxr-xr-x. 1 root root 165478 Jul 7 15:36 awk.bz2
[root@mayl data]# bunzip2 awk.bz2
-rwxr-xr-x. I root root 359092 Jul 7 15:36 awk
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!29
Phien Ban Thir Nghifm - Llfll Hanh Nc)i Be)
TRUNG TAM DAO T�O M�G MAY TINHNHA.TNGKf:
_,,1"'Jlefl! DOI TAC D.AO T*O CUA MICROSOFT T*I VJ¥TNAM
. "'fl'lf"X
,,. 105 Ba Huyen
ff
NHATNGHc .
. .
,:,,:>!tl Learning
• Tel: 39.322.734 - 39.322.735 - Website: www.nhatnghe.com
6.2. Dung lfnh tar

- Gorn n(>i dung /data thanh �p tin c6 duoi la .tar:
[root@rnay1 data]# tar -cvf file.tar *
Ki�m tra
[root@may1 data]# II
total 764
-rwxr-xr-x. 1 root root 123 Jul 715:36 alsauiimute
-rw-r--r--. 1 root root 389120 Jul 7 15:43 fi1e.tar
[root(a),mayl data]#
- Bung file.tar vao /root

[root@mayl data]# cd /root/
[root@mayl data]# tar xvf /data/file.tar
- Gorn va nen n(>i dung /data. Thanh file tar.gz:

[root@mayl data]# tar czvffile.tar.gz /data/
-rw-r--r--. 1 root root 365012 Jul 7 15:48 file.tar.gz
- Giai rien duoi .tar.gz
[root@mayl data]# cd /ketoan/

[root@mayl ketoan]# tar xzvf /data/file.tar.gz
alsaunmute
arch
awk
[root@mayl ketoan]# II
total 384
-rwxr-xr-x. 1 root root 123 Ju] 7 15:36 alsaunmute
- Gorn va nen ri{>i dung /data. Thanh file tar.bz2:

[root@mayl data]# tar czvffile.tar.bz2 *
-rw-r--r--. 1 root root 365303 Jul 7 15:53 file.tar.bz2
- Giai nen duoi tar.bz2
[root@mayl data]# tar xzvffile.tar.bz2
7. cai font chit

Cai fonts chfr
[root@localhost-]# tar xzvfutf8.tar.gz
[root@localhost-J# mv utf8 /usr/share/fonts/
8. T'un ki@m
8.1. Lf�h grep
Tim kiem chuoi c6 hen trong file
grep options pattern filenames
3U�!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Phien Bin Thir Nghifm - Llfll Hanh Nqi Bq
Me,c,
TRUNG TAM E>AO T�O M�NG MAY TINH NlL\T NG�
1>61 TAC l>.AO T�O CUA MICROSOFT T�I VJl:T NAM ::«l�l�..
,
tt ,. 105 Ba Huyen Thanh Quan, Q3, TP. HCM Aficrosoft·Pa rtner

NHATNGHc . - 39.322. 735 - Website: www.nhatnghe.com
• Tel: 39.322. 734 Gold Leaming
Option
-i Tim khong phan bi�t chir hoa thucmg
-1 Hi€n thi danh sachfile
-n Them s6 thCr t\I dong
-v In ra cac dong khong chCra chu6i cdn tim
-c T6ng s6 dong chCra chu6i dn tim
Vi dv:
- In ra cac dong chCra chu6i 'root' trong file /etc/group
[root@mayl -]# grep-n root /etc/group

1 :root:x:O:root
2:bin:x: 1 :root,bin,daemon
3 :daemon:x:2:root,bin,daemon
4:sys:x:3 :root,bin,adm
5 :ad1:11:x:4:root,adm,daemon
7:disk:x:6:root
11 :wheel:x: 1O:root
- Tucmg ti.r, thu v6i cac tham s6 sau:

grep -n root /etc/group
grep -c root /etc/group
grep -v roo� /etc/group
cd /etc
grep ·-I root group passwd hosts
Tim ki8m tdt ca cac dong b�tddu v&i "no"

[root@mayl etc]# grep '"no' /etc/passwd
nobody:x:99:99:Nobody:/:/sbin/nologin
Tim ki8m tdt ca cac dong b�t ddu khong co"#"
[root@mayl etc]# grep -v '"#' /etc/fstab
Tim ki8m tat ca cac dong chua i theo sau boi 2 ky tµ va k8t thuc boi 3
[root@mayl etc]# grep -n i..3 /etc/inittab
26:id:3:initdefault:
8.2. ljnb fmd
Tim ki8rn �p tin
- Tim rnQt file v&i ten xac dinh
[root@mayl etc]#find /etc/ -name fstab
/etc/fstab
- Co th€ dung cac ky t\I thay th8 d€ tim ki8m:

[root@mayl -]#find /etc -name '*.txt' -perm -644
/etc/pki/nssdb/pkcs11.txt
Ngoai vi�c tim theo ten (-name), c6 th€ tim theo cac options khac nhu: -type, -user, -
atime, -amin, -newer, ... Su dvng man find d� xem chi ti8t.
- Tim file v6i kich thu&c xac dinh

[root@mayl -]#find /etc -size+10k -exec cp {} /dulieu \;
Phien Ban Thir Nghifm - LU'U Hanh Nqi Bq 31

Men, TRUNG TAM oAo TAO MANG MAY TINHNIIA.T NGHE
l>OI TA.CD.AO T�O CUA MICROSOFT T�I VItT NAM
---- 105 Ba Huy�n Thanh Quan, Q3, TP. HCM �ICIOSOlt·Partner
-,,:::.;;,
��
NHAT NGH� Tel: 39.322.734 - 39.322.735 - Website: www.nhatnghe.com �_,;,>hi'. Leaming
+1 Ok: tim file co kich thu6c 16n hem 1 OkB

1 Ok: tim file co kich thu6c I OkB
;..1 Ok: tim file co kich thu6c nho hem I OkB
- Tim ki�m tit ca cac file thu(>e quyen SCI hilu cua 1 user
find . -user u 1 -exec chmod o=r {} \;
Cac ifnh tim kiem khac
- Tim vi tri, source va man page cua l�nh grep:
[root@mayl -]# whereis grep
grep: /bin/grep /usr/share/man/man I p/grep. l p.gz /usr/share/man/man I /grep. l .gz
- Tim thu ml,lc ch(ra l�nh ls:

[root@mayl -]# which find
/bin/find
9.Trinh so,n thio vi
Linux co nhi eu chuemg trinh cho phep so�n thao van ban nhu: vi, emacs, joe, pico, ... Trong d6,
trlnh so�n thao van ban vidugc xem la thong di,mg nhk
Vi [filename]
Vi du vi /etc/inittab
Cac nhom l�nh thong di,mg
I. Chen do,n vin bin
tru6c diu con tro

truac ky tµdAu tien tren dong
a sau d!u con tro
A sau ky t\I dAu tien tren dong
0 du6i dong hi�n t�i
0 tren dong hi�n t�i
r thay th� 1 ky t\f hi�n hanh
R thay th� chod�n khi nhAn
2. Cac nhom lfnh di chuyin con tro
h - sang trai I space

e - sang phai 1 space
w - sang phai 1 tu
b - sang trai 1 tu
k - len 1 dong
j - xufing 1 dong
) - cufii cau
( -dAu cau
} -dAudo�n van
{ - cufiido�n van
3. Nhom lfnh xoa
dw x6a 1 tu
32 Phien Bin Thii- Nghifm - LtrU Hanh Nqi Bq

F"J>A
L-,,,e/f!
ftr'J:
TRUNG TAM E>AO T�O M�G MAY TiNH NHA.T NGiq;
1>61 TAC D.AO T�O CUA MICROSOFT T�I �T NAM --:�11�
"1,·,
- --- 105 Ba Huy�n Thanh Quan, Q3, TP. HCM Afk:rosoft·Pa rtner
NH,.T NGH • � Tel: 39.322.734 - 39.322.735- Website: www.nhatnghe.com Goid Leaming
d" x6a ky ti,r tir con tro den ddu dong

d$ x6a ky ti,r tir con tro den cudi dong
3dw x6a3 tir
dd x6a dong hi�n hanh
Sdd x6a 5 dong
x x6a 1 ky tg
cw thay the 1 tir

3cw thay the3 tir
cc dong hi�n hanh
5cc 5 dong
4. Nh6m lfnh tim kiim
? tim trcr Jen

I tim trcr xudng
*/and tim tir ke tiep cua and
*?and tim tir ket thuc la and
*/nThe tim dong ke bit ddu b&ng The
n tim huong xudng
N tim huong Jen
5. Nhom lfnh tim ki,m va thay th'
· :s/text1/text2/g thay the text 1 b&ng text2

:1.$s/t�p tin/thu m\lc thay t�p tin b&ng thu m\lc tu hang 1
:g/one/s/1/g thay the one b&ng 1
6. Nhom lfnh copy, paste, undo
D� copy ta dung I�ng y va d� paste ta dung l�nh p

y$ copy tir vi tri hi�n t�i ci'.ta cursor d€n cudi cung
yy . . copy toan bQ dong t�i vi tri cursor
3yy copy3 dong lien tiep
u Undo l�i thao tac truac d6
7. Tha� tac tren t'fp tin
:w ghi vao t�p tin

:x hni va thoat khoi che d(> so�n thao
:wq ]uu va thoat khoi che d(> so�n thao
:w ]uu vao t�p tin mm
:q . thoat neu ko c6 thay df>i
:q! thoat khong ]uu
:r mcr t�p tin d<;>c
Phien Ban Thii' Nghifm - Llfll Hanh N{U Bq 33

Me,i, ,.,
TRUNG TAM E>AO T�O M�G MAY TINHNII.AT NGH¥
1>61 TAC BAO T.�O CUA MICROSOFT T�I Vfl:T NAM
105 Ba Huy�n Thanh Quan, Q3, TP. HCM
A
Mic,osoft-Partner
NHAT NGH�
Topic 3: Administrative Tasks

Manage user and group accounts and related system files
Manage file permissions and ownership
Automate system administration tasks by scheduling jobs
System logging
34�!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Pbien Ban Tbir Ngbifm - LU'U Hanh Nqi Bq
..,,1"'.Re'C- TRUNG TAM DAO TA,O MA.NG MAY TiNHNIIAT �GB¥ -:-�11)..
"/r,r,J; D6I TAC DAO T.�O CUA MICROSOFT T�I VJtT NAM �-"
105 Ba Huy�n Thanh Quan, Q3, TP. �CM Mictosoft·Partner
-N-H-J..!"'T_N_G_H-�• Tel: 39.322.734 - 39.322.735- Website: www.nhatnghe.com Goid Leaming
Quan trj user group

1. Xem thong tin ngtriri dung
1.1. Tip tin /etc/passwd: La CO' scr dil' li�u cac tai khoan ngum dung tren Linux du6i d�ng t�p tin
van ban.
1 ,
- Cdu true file /etc/passwd
Password
\. rr 1- �T T
(or password placeholder)
Account name Home d",rectory ""'n·
._.,...
I
eziodm: x: s 00: 500: Pancrazio 'Ezio' de Mauro: /home/ : /bin/ eziodm/bash
- Xem file /etc/passwd : cat /etc/passwd
[root@mayl -]# cat /etc/passwd

root:x:0:0:root:/root:/bin/bash
bin:x: 1: 1:bin:/bin:/sbin/nologin
daemon:x:2:2:daemon:/sbin:/sbin/nologin
adm:x:3:4:adm:/var/adm:/sbin/nologin
lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin
sync:x:5:0:sync:/sbin:/bin/sync
Quan sat va chi ra tung thanh ph§.n trong file /etc/passwd.
1.2. T@.p tin /etc/shadow: La ncri hru trfr m�t khftu da dugc ma h6a.
- C§.u true file /etc/shadow:
""'·
Date when
l
Encrypted password was Days before Days after which
Account
password last changed password may password must
name
be c11an ged
l
/ changed
o'::1::
o
,��
fpasswotd
"'- / �
1 .
e:ziodnu $1$46mXiYMH$BJ72Lcqlb0eAEPNa2:24n40: 12100 • O: 99999 7, • � Reserwd f
or
,
�reuse
.'\.
r Detliwhen
Days .iftt! account. e•"'re.s
swonl !!Xl)lies '' . . .....
pas
that account
will be disabled.
Xem file /etc/shadow :
[root@mayl -]#cat/etc/shadow
root:$6$ynfgmChLXklxFAjo$0mVOrBsDbVaC/7CcY.j/.blLUR/oofG9Ke7wb7koeqZaSSBP
VOdvN4054zuWyE5RShkwVr4jxsZmHMhHaFdc3.: I 55 I 7:0:99999:7:::
Phien Bin Thii' Nghi�m - Lllll Hanh Nqi B{> 35

TRUNG TAM DAO T�O M�NG MAY TiNHNIIATNGHl:
..A1"'.2e"'
r:frrJ: B6I TAC B.AO T�O CUA MICROSOFT T� VJ:l;TNAM
A
Miclosoft· Partner
NHAT NGH�
,,
'"ji.:-i:! Leaming
Tel: 39.322.734 - 39.322.735-Website: www.nhatnghe.com
bin:*:] 5240:0:99999:7:::
daemon:*:15240:0:99999:7::
qpidd:!!:15517::::::
sshd:!!:15517::::::
tcpdump:!!:15517::::::
oprofile:!!:15517::::::
quangngoc:$6$LwPhTxwhOvZ.CR8.$4Gt79dGXdmvUbLQziRE5VQHmAPJBHPbxpr45zzsrKOy
fq4SHLY/o05z4jBJD2iizVmNEFKZj5qGiskIZ2JgJx.:15517:0:99999:7:::
amandabackup:!!:15519::::::
mysql:!!:15521 ::::::
Quan sat va chi ra tung thanh phdn trong file /etc/shadow.

� Chu y: C9t thu 2 trongfile /etc/shadow chua m<jt kh&u tlii mii hoa nJu
Biit adu bdng * => tai khoim ilii bi VO hitu h6a (disable)
Biit adu bdng !! => tai khoan tgm thai bi kh6a (locked)
1.3. Tip tin /etc/group: L1111 thong tin vi cac nhom.

- Ciu true file /etc/group :
Group password
.
{or password placeholder)
Group //
,,/
,,,. .,,. GID
- -- ·
r,a me // . .- ···-- ...�-···... -
! ,/ .....-- ........--- Mernber Accounts
...; ___ __,.,.,, .

,.;,"'
'.i //' �--···-· ,,
.... . .·· ···· ..... -· ···"

// ,,
·
b�n:x:l :root,b�n.<laemon
- Xem file /etc/group :
stapusr:x:491:
sshd:x:74:
cgred:x:490:
tcpdump:x:72:
oprofile:x:16:
slocate:x:21:
quangngoc:x:500:
mysql:x:27:
� Quan sat va chi ra tirrig thanh phdn trong file /etc/group.
2. Quan trj tai khoan ngll'oi dung

2.1. T�o tai khoan ngucri dung
- Xem cu phap l�nh :
[root@mayl -]# man useradd
USERADD(8) System Management Commands USERADD(8)
NAME
useradd - create a new user or update default new user information
36�!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Phien Ban Thii' Nghifm - L1111 Hanh Ncji Be}
�1'1le,t, TRUNG TAM DAO T�O M�NG MAY TINH NHAT NGiq:
"/,r'J; B6I TAC BAO T�O CUA MICROSOFT T�I VI¥T NAM
-:�11,
'I:,,
A!""T_N_G_H-�• Tel: 39.322. 734 - 39.322.735 - Website: www.nhatnghe.com
Microsoft· Partner
·-N-H ... Go!d Learning
SYNOPSIS
useradd.[options] LOGIN
useradd-D
useradd-D [options]
DESCRIPTION
When invoked without the -D option, the useradd command creates a new user
account
using the values specified on the command line plus the default values from the
system. Depending on command line options, the useradd command will update
system
files and may also create the new userA's home directory and copy initial fies.
By default, a group will also be created for the new user (see-g, -N, -U, and
c::> Xem va d6i chi�u v&i ly thuy�t cac options da h9c, y nghia cua tirng options.
-T�o ngucri dung ten nvl :

[root@mayl -1# useradd nv l
- Ki8m tra nv 1 trong /etc/passwd :
[root@mayl -]#cat /etc/passwd

quangngoc:x:500:500::/home/quangngoc:/bin/bash
amandabackup:x:33:6:Amanda user:/var/lib/amanda:/bin/bash
mysql:x:27:27:MySQL Server:/var/lib/mysql:/bin/bash
nv 1:x:50I:501::/home/nv1 :/bin/bash
- Ki8m tra nvl trong /etc/shadow:
[root@mayl -]#cat /etc/shadow

qpidd:!!:15517::::::
sshd:!!:15517::::::
tcpdump:!!:15517::::::
oprofile:!!:15517::::::
quangngoc:$6$LwPhTxwhOvZ.CR8.$4Gt79dGXdmvUbLQziRE5VQHmAPJBHPbxpr I
45zzsrK0yfq4SHLY/o05z4jBJD2ilzVmNEFKZj5qGiskIZ2JgJx.:15517:0:99999:7:::
amandabackup:!!:15519::::::
mysql:!!:15521::::::
nvl:!!:15528:0:99999:7:::
"! !"nvldang bi t{lm khoa. Do chua duqc t{lo passwd.
- Ki8m tra nvl trong /etc/group:
I [root@mayl -]#cat /etc/group

abrt:x:173:
Phien Ban Thii' Nghifm - L1111 Hanh N9i B9 37

.
11Re"'
.,
TRUNG TAM DAO T�O MANG MAY TiNHNHAT NGHf;
D61 TAC D.AO T�O CUA MICROSOFT T� VJ:t;T NAM
_ I 05 Ba Huy�n Thanh Quan, Q3, TP. HCM Microsolt' Partner
NHAT NGH� Tel: 39.322.734 - 39.322.735- Website: www.nhatnghe.com 'i,>ld Leaming
qpidd:x:493:
stapdev:x:492:
stapusr:x:491:
sshd:x:74:
cgred:x:490:
tcpdump:x:72:
oprofile:x: I 6:
slocate:x:21:
quangngoc:x:1000:
mysql:x:27:
nvl:x: I 001:
- D�t password cho nv1:
[root@mayl -]#passwd nvl

Changing password for user nv1.
New password:
BAD PASSWORD: it is WAY too short
BAD PASSWORD: is too simple
Retype new password:
passwd: all authentication tokens updated successfully.
- KiJm tra nvl trong file /etc/shadow:
[root@mayl -]#cat /etc/shadow
oprofile:!!:15517::::::
quangngoc:$6$LwPhTxwhOvZ.CR8.$4Gt79dGXdmvUbLQziRE5VQHmAPJBHPbxpr
45zzsrKOyfq4SHLY/o05z4jBJD2ilzVmNEFKZj5qGisk1Z2JgJx.:15517:0:99999:7:::
amandabackup:!!: I 5519::::::
mysql:!! :1552 I::::::
nv l :$6$J6n/yx70$TvQG98tuyXYuAi8Cm22CymioAwXS 1SMcdpGLxL50LKHF
NjkHbsDm i3x794F9bg51ZNOENlfpDl/tU4h7PwPqe/:15528:0:99999:7:::
Nvl da duqc active va password da duqc ma hoa.

Chuy:
- Khi tgo ra m9t user, niu ta khong thay d6i password cho user do, thi user do se tgm
thai bj khoa VCI chua SU dyng dU(JC.
- Khi tgo user ma khong chi userJD thi hi tht5ng 11,t d(lt userJD voi gia trj >=1000.
- Khi tgo m9t user voi userJD = 0 thi user do co quyit root.
- Khi tgo user ma khong chi ra home directory thi m(lc dfnh homedir cua c,ic users
ndm trong /home.
- T�o nv2 c6 home directory la thu m1,1c /tmp/userb va c6 dong mo ta "day la tai khoan dung de test":
[root@mayl -]#useradd-c "Nhan vien" -d /nhanvien/nv2 nv2
- KiJm tra user vira t�o:

nv2:x:502:502:Nhan vien:/nhanvien/nv2:/bin/bash
- T�o nv3 c6 home directory la /nhanvien/nv3 va thu(>c group users:
38 Phien Ban Thir Nghifm - L11U Hanh Nqi B{)

11ic1e"' TRUNG TAM DAO T�O M�G MAY TiNHNHA.T NG}q:
D6I TAC DAO T�O CUA MICROSOFT T�I VI:E:T NAM
-:«ii�
�"'
� ,.. 105 Ba Huy�n Thanh Quan, Q3, TP. HCM

NHATNGHc
Aficrosoft·Partner
· Tel: 39.322.734 - 39.322.735- Website: www.nhatnghe.com G,:it:i Learning
[root@mayl -]#useradd-c "Nhan vien"-d /nhanvien/nv3-g users nv3
- Ki�m tra userc trong /etdpasswd:

nv3:x: 1000:100:Nhan vien:/nhanvien/nv3:/bin/bash
- Ki�m tra nv3 trong /etc/group
[root@mayl -]#cat /etc/group grep nv

J
nv1:x: I 000:
nv2:x: 1001:
[root@mayl -]#
2.2. Thay d6i passwd ciia ng1roi dung

D�t password cho tai khoan nv 1 :
[root@mayl -]#passwd nvl

Changing password for user nvl .
New password:
· - Tuong t\l' thay df>i password cho nv2

- D�t password tr�ng cho usetnv3:
[root@mayl -]#passwd-d nv3

Removing password for user nv3.
passwd: Success
[root@mayl -]#cat /etc/shadow grep nv
J
nv3::15528:0:99999:7:::
- Kh6a tai khoan nv1
[root@mayl -]#passwd-1 nvl

Locking password for user nv1.
passwd: Success
[root@mayl -]#cat /etc/shadow grep nv
J
nv1:!!$6$nXbKwuGb$pljJqtZydt.C4QWu1Vtqrt616];:2XaxQ6qCzFKTpTNxiMGTS
cVmTZumn4bGpKhJFxtcW9vYlal7Ev8byflWWYK1:15528:0:99999:7:::
nv2:$6$R/QyToH6$yxcUjLMZhOU6YQiFQYbUhKohGWyOEA6RZyOdOOydlCC
SFiCkEv7e4wltj2gespV5RvGpM.qnPFylRzpGjprOX.:15528:0:99999:7:::
nv3::15528:0:99999:7:::
2.3. Thay d6i thong tin nguoi dung

- Xem cu phap I�nh:
I [root@mayl -]#man usermod
Phien Bin Thir Nghifm - Llru Hanh Nqi Bq 39

Me,c,
· TRUNG TAM E>AO TAO MANG MAY TINHNIIAT NGHE
B6I TAC BAO T�O CUA MICROSOFT T�I \Tll:T NAM
,, 105 Ba Huyen Thanh Quan, Q3, TP. HCM Microsoft· Partner
,.
NHATNGHc• Tel: 39.322. 734
. - 39.322.735 - Website: www.nhatnghe.com
NAME
usermod - modify a user account
SYNOPSIS
usermod [options] LOGIN
DESCRIPTION
The usermod command modifies the system account files to reflect the
changes that are specified on the command line.
- Thay d6i user nv1 thanh nv5, va d6 thu h9c home thanh: /nhanvien/nv5:
usermod --login nv5 �home /nhanvien/nv5 -m nv1
- Disable tai khoan nv I

[root@mayl -]# usermod-L nv2
- Enable tai khoan nv I

[root@mayl -]# usermod -U nv2
- Thay userb thu(>c group users :

[root@mayl -]# usermod-g users nv2
[root@mayl -]# cat /etc/passwd

mysql:x:27:27:MySQL Server:/var/lib/mysql:/bin/bash
nv1:x: I 000: 1000: :/home/nv t :/bin/bash
nv2:x: 1001: 1001:Nhan vien:/home/nv2:/bin/bash
nv3:x: 1002: 1002:Nhan vien:/nhanvien/nv3:/bin/bash
2.4. Tfo nhom ng11oi dung

- Xem cu phap l�nh: man groupadd
[root@mayl -]# man group

NAME
group- user group file
DESCRIPTION
/etc/group is a text file which defines the groups on the system.
There is one entry per line, with the following format:
group_name:passwd:G ID:user_list
The field descriptions are:
c). Xem va d6i chi�u voi ly thuy�t cac options da h9c, y nghla cua tung options.
- T{lO nh6m ten ketoan, kinhdoanh:

[root@mayl -]# groupadd ketoan
[root@mayl -]# groupadd kinhdoanh
- Ki�m tra nh6m trong /etc/group
40 Phien Ban Thir Nghifm - L1111 Hanh Nqi Bq

-'(',IC, TRUNG TAM DAO TAO MANG MAY TINHNHA.TNGHE
DOI TAC BAO T�O CUA MICROSOFT T� VJl;TNAM
Ii- 105 Ba Huyen Thanh Quan, Q3, TP. HCM l,ficrosoft·Partner
-::il"l�...
NHATNGHc
�
· • Tel: 39.322.734 (:oki Learning
[root@mayl -]#cat /etc/group

quangngoc:x:500:
mysql:x:27:
nvl:x: 1000:
nv2:x: 1001:
ketoan:x: 1002:
kinhdoanh:x: 1003:
2.5. Thay c16i thong tin nhom

- Xem cu phap l�nh: man groupmod
[root@mayl -]#man groupmod

NAME
.groupmod- modify a group definition on the system
SYNOPSIS
groupmod [options] GROUP
DESCRIPTION
The groupmod command modifies the definition of the specified GROUP by
modifying the appropriate entry in the group database.
OPTIONS
The options which apply to the groupmod command are:
-g, --gid GID
The group ID of the given GROUP will be changed to GID.
Q Xem va d6i chi�u v&i ly thuy�t cac options da h9c, y nghia cua tung options.
- Thay d6i ten kinhdoanh thanh kdoanh:

[root@mayl -]#groupmod -n kdoanh kinhdoanh
- Thay d6i gid ciia nh6m 1 thanh 600:

[root@mayl -]#groupmod -g 600 kdoahh
- Ki�m tra file /etc/group:

kdoanh:x:600:
2.6. Quin tri user trong gourp
- Dua user vao group
[root@mayl -]#usermod-G ketoan nvl
[root@may I -]#usermod-G ketoan nv2
[root@mayl -]#usermod-G kdoanh nv3
[root@mayl -]#usermod-G ketoan,kinhdoanh nv5
2.7. Xoa nhom

- Xoa kdoanh:
[root@mayl -]#groupdel kdoanh
3. Login/Logout
3.1. SU" dyng lfnh SU
- Tir root dang nh�p vao nvl: su nvl
- Tir nvl dang nh�p vao nv2: su nv2
41
Phien Ban Thir Nghifm - Lim Hanh Ni}i Bi}
.AAL'Tle/tl
"f,r"J;
TRUNG TMf DAO T�O M�NG MAY TINHNIIA.TNGfll:
B6I TAC BAO T�O CUA MICROSOFT T� �TNAM �,� �
Miclosolt' Partner
..
I 05 Ba Huyen
·
.
NHATNGHE· Tel: 39.322.734 - 39.322.735-Website:
,., A
....'.i,:-k> Leaming
www.nhatnghe.com
- Tir nv2 dang nh�p vao nv3: su nv3

- Thoat khoi nv3: exit
42
Phien Ban Thll' Nghifm - Ltru Hanh N{>i B{>
Men,
TRUNG TAM DAO T�O M�NG MAY TINHNBA.T NGiq:
1>61 TAC l>AO T,4.0 CUA MICROSOFI' T,4.1 VIE:T NAM
� � 105 Ba Huyen
NHATNGHc
Thanh Quan, Q3, TP. HCM
. - 39.322.735-Website: www.nhatnghe.com
Microsoft·Pa rtner
• Tel: 39.322.734 Goid Learning
[root@mayl -]# su nvl

[nvl@mayl root]$ su nv2 T�i sao khong Mi password ?
Password:
bash-4.1$ SU n1vv3J"========:;::;;::---_J___
_
Password:
T�i sao Mi password ?
[nv3@mayl root]$ exit
exit
bash-4.lq:-;;'ex�1r======�$:�ng= :u:oi�du: :n:g�th=:-ucm
: �g�1
exit
[nvl@mayl root]$ exit
exit #: nguoi dung root
. root ma I -HL--.=::::.----...._____---.___.
Luu y: De chuyen a6i nguai dung va chgy logon scripts cho nguai dung nay thi dung l�nh SU
voi option (-). Vi d1:1: su - user1
3.2. Multi user login

Lin lugt nhdn Alt+t2, Alt+f3, . . , Alt+f6
Login vm cac user root, nv1, nv2..
Xem cac user dang login
[root@may l -]# who

root ttyl 2012-07-07 16:06
root pts/1 2012-07-07 16:20 (:0.0)
root pts/3 2012-07-0716:48 (192.168.1.2)
root pts/4 2012-07-07 17:47 (192.168.1.2)
Xem user dang login hi�n t�i

[root@mayl -]# whoami
Root
3.3. Lfnh sudo

Sudo la mQt cong c1,1 cho phep mQt s6 user duqc dinh nghfa trong file c.iu hinh /etc/sudoers c6 th�
ch�y mQt s6 l�nh xac djnh vm quy€n h�n root ho�c v&i quy€n h�n cua mQt user khac.
khi ch�y nhiing l�nh do phai bAt diu bing tu "sudo" theo sau la cu phap l�nh nhu binh
thucmg.Khi thl)'c hi�n l�nh nguai dung dugc yeu dtu nh�p password tru&c khi tht,rc hi�n cht'.mg.
Tilt ca cac l�nh dugc ch�y bang sudo se bi ghi log l�i trong file /var/log/m�ssages.
file cdu hinh /etc/sudoers thucmg dugc chinh si.'ra bing l�nh visudo vm quy€n h�n root, no dugc
sir d\mg gi6ng nhu trinh so�n thao vi.
Vi d\l: dung l�nh visudo sira l�i file /etc/sudoers
Cho phep user admin, tren tdt ca cac may, dugc thl)'c thi tdt ca cac l�nh vm quy€n root
Root,admin ALL=(ALL) ALL
Cho phep user admin, tren tdt ca cac may, dugc tht,rc thi cac l�nh useradd, passwd vm quy�n root
adminl ALL=(ALL) NOPASSWD: /usr/sbin/useradd,/usr/bin/passwd
Login adm1n va thl)'c hi�n t�o user, d6i password cho user v&i quy�n cua root:
Phien Ban Thir Nghifm - Llfll Hanh N{>i B{> 43

TRUN9 TA¥ DAO T�(! M�NG MAY TINHNHA.!NG�
.....2'_"1P,e,c,
7fflf'r B6I TAC BAO T�O CUA MICROSOFT TM VJ¥T NAM
,., � 105 Ba Huyen . Thanh Quan, Q3, TP. HCM MTICIOSOlt' Partner
NHATNGHE· .
Tel: 39.322. 734 - 39.322.735 - Website: www.nhatnghe.com
[root@mayl -]# su admin

[admin@mayl root]$ sudo /usr/sbin/useradd hsl
[sudo] password for admin:
[admin@mayl root]$ sudo passwd hsl
Changing password for user hs1.
New password:
Nhat ky slr dung sudo

Them dong sau vao file /etc/sudoers
Defaults logfile = /var/log/sudolog
sudo se ghi l�i mQi l�nh ma n6 thµc thi. Thong tin sudo ghi log l�i c6 d�ng sau
sudo less /var/log/messages

Xem nh�t ky:
[root@mayl -]# cat /var/log/sudolog
Jul 7 19:13:21 : admin : TTY=pts/4; PWD=/root; USER=root;
COMMAND=/usr/sbin/useradd hs2
Jul 7 I9:13:26: admin : TTY=pts/4; PWD=/root; USER=root;
COMMAND=/usr/bin/passwd hs2
4. Djnh.nghia cac ciu hinh mJc djnh cho ngtroi dung

Khi dung l�nh useradd khong c6 option kem. theo d€ t�o m9t user, cac thu9c tinh cua user se
duqc tim ki€m theo du hinh m�c djnh trong cac file
letc/defaultluseradd
/etc/login. deft
/etc/skel
- Xem nQi dung cua file /etc/default/useradd:
[root@mayl -]# cat /etc/default/useradd

# useradd defaults file
GROUP= IOO.
HOME==/home
INACTIVE=-1
EXPIRE=
SHELL=/bin/bash
SKEL=/etc/skel
CREATE MAIL SPOOL=yes
c::> Xem va d6i chi€u v&i ly thuy€t cac options mi hQc, y nghfa cua tirng options.
- Thay dBi gia tri cua option HOME thanh "/dulieu/home":
# useradd defaults file

GROUP=lOO
HOME=/dulieu/home
INACTIVE=-I
EXPIRE=
SHELL=/bin/bash
44�!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!�
Phien Ban Thir Nghifm - Llfll Hanh Nqi Bq
..d'..'1te"' TRUNG TAM DAO T�O M�NG MAY TiNHNIIAT NGH:E;
"'/,rJ; 001 TAC BAO T*O CUA MICROS0Ff T� Vl:E:T NAM
105 Ba Huy�n Thanh Quan, Q3, TP. �CM Afictosoft·Pa rtner
-N-HA""!'T_N_G_H-�• Tel: 39.322.734 - 39.322.735- Website: www.nhatnghe.com G�:!d Learning
I SKEL=/etc/skel
�REATE MAIL SPOOL=yes
-Dung l�nh useradd, t�o m(>t user mm kd2, kd3.

- Ki�m tra thdy, kd2, kd3 co thu ID\JC home directory trong /dulieu/home:
[root@mayl -]# mkdir /dulieu/home

[root@mayl -]# useradd kd2
[root@may 1 -]# useradd kd3
[root@mayl -]# II/dulieu/home/
total 8
drwx------. 4 kd2 kd2 4096 Jul 7 18:34 kd2
drwx------. 4 kd3 kd3 4096 Jul 7 18:34 kd3
froot(a),may 1 -]#
- Li�t ke n(>i dung trong thu ID\JC /var/home/userd (bao g6m ca file fin):
[root@mayl -]# ll -a /dulieu/home/kd2

total 28
drwx------ 3 kd2 kd2 4096 Apr 16 09:15 .
drwxr-xr-x 5 root root 4096 Apr 16 09: 15 ..
-rw-r--r-- 1 kd2 kd2 18 Mar 6 05:06 .bash_logout
-rw-r--r-- 1 kd2 kd2 193 Mar 6 05 :06 .bash_profile
-rw-r--r-- 1 kd2 kd2 231 Mar 6 05:06 .bashrc ·
drwxr-xr-x 4 kd2 kd2 4096 Apr 14 17: 16 .mozilla
- Cac file §.n nay duqc t�o default trong thu ml,lc /etc/skel. Khi t�o m6·i m(>t user, rn)i dung trong thu
ID\JC /etc/ske] se duqc tt,r t�o cho m6i user:
[root@mayl -]#mkdir /etc/skel/{baocao,dulieu,congvan}

[root@mayl -]#useradd kd4
[root@may1 -]#useradd kd5
[root@mayl -]#II-a /dulieu/home/kd5
total 40
drwx------ 6 kd4 kd4 4096 Apr 16 09: 17 .
drwxr-xr-x 6 root root 4096 Apr 16 09:17 ..
drwxr-xr-x 2 kd4 kd4 4096 Apr 16 09:17 baocao
-rw-r--r-- 1 kd4 kd4 18 Mar 6 05:06 .bash_logout
-rw-r--r-- 1 kd4 kd4 193 Mar 6 05:06 .bash_profile
-rw-r--r-- 1 kd4 kd4 231 Mar 6 05:06 ..bashrc
drwxr-xr-x 2 kd4 kd4 4096 Apr 16 09·: 17 congvan
drwxr-xr-x 2 kd4 kd4 4096 Apr 16 09:17 dulieu
drwxr-xr-x 4 kd4 kd4 4096 Apr 14 1 7:16 .mozilla
- Xem n(>i dung cua file /etc/login.defs:
[root@mayl -]#more /etc/login.defs

# *REQUIRED*
#Directory where mailboxes reside, or name of file, relative to the
Phien Bin Thii' Nghifm - Llfll Hanh Nqi Bq 45

111ile"'
,.,
TRUNG TM1 E>AO T�O M�NG MAY TINH NHA.T NGII¥
D6I TAC DAO T40 CUA MICROSOFT T41 VI¥T NAM
� 105 Ba Huy�n Thanh Quan, Q3, TP. HCM Miclosoft· Partner
�.:.:,)!:� Leaming
# home directory. Ifyou _do_·define both, MAIL_DIR takes precedence.

# QMAIL DIR is for Qmail
#
#QMAIL_DIR Maildir
MAIL DIR /var/spool/mail
#MAIL FILE .mail
# Password aging controls:

#
# PASS_MAX_DAYS Maximum number ofdays a password may be used.
# PASS_MIN_DAYS Minimum number of days allowed between password
changes.
# PASS_MIN_ LEN Minimum acceptable password length.
# PASS_WARN_AGE Number ofdays warning given before a password expires.
#
PASS-MAX-DAYS 99999
PASS-MIN-DAYS 0
PASS-MIN-LEN 5
PASS-WARN-AGE 7
#
# Min/max values for automatic uid selection in useradd
#
UID MIN 1000
UID MAX· 60000
# System accounts
SYS-UID-MIN 201
SYS-UID-MAX 999
#
# Min/max values for automatic gid selection in groupadd
#
GID MIN 1000
GID MAX 60000
# System accounts
SYS-GID-MIN 201
SYS-GID-MAX 999
#
# Ifdefined, this command is run when removing a user.
# It should remove any at/cron/printjobs etc. owned by
# the user to be removed (passed as the first argument).
#
#USERDEL CMD /usr/sbin/userdel local
#
# Ifuseradd should create home directories for users by default
# On RH systems, we do. This option is overridden with the -m flag on
# useradd command line.
#
CREATE HOME yes
46�!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Phien Ban Thir Nghifm - LtrU Hanh Nqi Bq
..,.,,I,"'Jte,c,
7fll!'J:
TRUNG TAM DAO T�O M�NG MAY TINHNHA.T NG:e:t
DOI TAC BAO T�O CUA MICROSOFI' T..;.I vitT NAM ':'.'�,�
"\l ..
,.,
NHATNGHE
_ 105 Ba Huyen Thanh Quan, Q3, TP. HCM
. - 39.322.735 -Website: www.nhatnghe.com
Mictosott·Pa rtner
· Tel: 39.322.734 Goi1l Learning
# The permission mask is initialized to this value. If not specified,

# the permission mask will be initialized to 022.
- Day la file dinh nghia cac policy lien quan d€n password: dQ dai password, ngay h€t h�n, ngay
warning...
PASS-MAX-DAYS 99999
PASS.-MIN-DAYS 0
PASS MIN LEN 5
PASS-WARN AGE 7
- File nay ciing cho phep ta dinh nghia khi t�o user mm, c6 t�o home directory khong?
CREATE_HOME yes
- Khi x6a mQt user, co x6a luon group khong? (Group chi c6 m9t member). C6 x6a ca cac cron, job
khong?
USERGROUPS ENAB yes
- St'.ra option CREATE_HOME, khong cho phep t�o home directory:

CREATE HOME no
- Dung l�nh useradd, t�o user m6i userf, ki�m tra khong th§.y t�o home directory:
- Thu thay d6i cac gia tri khac, va t�o m9t user mai. Xem k€t qua=> cho nMn xet?
Phien Ban Thir Nghifm - Lll'II Hanh N{>i B{> 47

_,,:L"'Jleft, TRUN<? TA.� DAO T,:\� M�G MAY TiNH.NIIA! NGH'
"{� B(>I TAC BAO T�O CUA MICROSOFT T� VI�T NAM
Microsoft· Partner
�" ..
I 05 Ba Huy�n Thanh Quan, Q3, TP. HCM
NHAT NGH� Tel: 39.322.734 - 39.322.735- Website: www.nhatn he.com
., A
File permissions
T�o user, group
[root@mayl -]#groupadd kinhdoanh

[root@mayl -]#groupadd ketoan
[root@mayl -]#groupadd nhanvien
[root@may1 -]#useradd-G ketoan,nhanvien ktl
[root@may1 -]#useradd -G ketoan,nhanvien kt2
[root@mayl -]#useradd-G kinhdoanh,nhanvien kdl
[root@mayl -]#useradd-G kinhdoanh,nhanvien kd2

ketoan:x:503 :kt l ,kt2
admin:x:509:
kinhdoanh:x:51O:kd2,kd 1
nhanvien:x:511 :kt2,ktl ,kd2,kd1
T�o thu ID\lC

[ root@may1 -]#mkdir-p /data/ {ketoan,kinhdoanh,dulieu,software}
1. Khao sat permissions
r
[toot@aayl w]# 11 -n /data/
total 16
dtwxt-xt-x. 2 0 0 4096 Jul 7 19:25 duli 11.
dtWXl'.- Xl'.-X 0 0 96 l 19 5 ket an e
. 2 40 Ju 77 2 kinhdoa.nll
drwxr-xr-x. 2 0 0 4096 Jul 19::25 o
- - 96 9 5
xr n x. 2 O
40 Ju 7 1 :2 o e
, [· l
r s f:::twar =j l
l =:=: =:=:
L_! � = = = � � :: :: :: :: :: :=:: =: =:=
(output truncated)
The file/directory type
• File type:
Kytµ-
b T�
4��!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Phien Ban Thir Nghifm - LU'U Banh N(}i B(}
"/,r"J;
TRUNq TA� DAO T�� M�NG MAY TINHNHA!NGH:t
..,.,..J:.".lteti,
D6I TAC DAO T�O CUA MICROS0Ff T� V}l:T NAM
-:<.ii,
"I/ ..,
,., � 105 Ba Huyen Thanh Quan, Q3, TP. HCM Afictosoft·Partner
NHATNGHE· Tel: 39.322. 734
. - 39.322.735 - Website: www.nhatnghe.com Goid Learning
C T�p tin dJc bi�t ky n.r

d ThUID\JC
1 T�p tin lien ket
• Quy�n:
0 or - - : No permissions at all
4 or r- - : read-only
2 or -w-: write-only (rare)
1 or - -x: execute
+ O;,t 2 chi sf> lien k�t (link) d6i v6i t�p tin.
+ C{>t 3, 4 chi chu SCJ hiiu va nh6m SCJ hiiu.
+ C{>t 5 chi kich thu6c cua t�p tin.
+ C{>t 6 chi thm gian thay d6i cu6i cung.
+ C{>t 7 chi t�p tin hay thu ID\JC.
Yes lhlebw�.
eermisslons ..
Yes Use Group

Permissions
Use Other
Permissions
Xac djnh quy�n truy c�p file, thu m1,1c

2. Thay d6i quy�n chu sir him chown
- Thay dbi quy�n ownership cua thu m1,1c /data/software/ la kd 1:

[root@mayl -]#chown kdl /data/software/
- Ki�m tra l�i:

[root@mayl -]#II/data/
total 16
drwxr-xr-x. 2 root root 4096 Jul 7 19:25 dulieu
drwxr-xr-x. 2 root root 4096 Jul 7 19:25 ketoan
drwxr-xr-x. 2 root root 4096 Jul 7 19:25 kinhdoanh
drwxr-xr-x. 2 kd I root 4096 Jul 7 19:25 software
Luu y: Niu mu6n thay a6i ownership cho m<}t thu myc va cac thu myc con hen trong thi ta
dung option (-R) cho /¢nh chown.
Phien Ban Thii' Nghifm - LtrU Hanh Nqi Bq 49

TRUNG TAM f>AO TAO MANG MAY TINHNHA.TNGHE
...AA1°1t
7,rx en, B6I TAC BAO T�O CUA .MICROSOFT T�I VI:f;TNAM
105 Ba Huy�n Thanh Quan, Q3, TP. HCM Micl'osoft·Pa rtner
NHAT NGHI; Tel: 39.322.734 - 39.322.735 - Website: www.nhatnghe.com
,., A
�,;d:! Leaming
3. Thay d6i group sa hihl chgrp

- Thay ddi group sa huu cua thu mvc:
[root@mayl -]#chgrp ketoan /data/ketoan/

[root@mayl -]#chgrp kinhdoanh /data/kinhdoanh/
[root@mayl -]#chgrp nhanvien /data/dulieu/
[root ma I-]#ch nhanvien /data/software/
- Ki�m tra l�i:
total 16
drwxr-xr-x. 2 root nhanvien 4096 Jul 7 19:25 dulieu
drwxr-xr-x. 2 root ketoan 4096 Jul 7 19:25 ketoan
drwxr-xr-x. 2 root kinhdoanh 4096 Jul 7 19:25 kinhdoanh
drwxr-xr-x. 2 kdl nhanvien 4096 Jul 7 19:25 software
Luu y: Niu mu6n thay tl6i group sa hifu cho m{it thu m'f:lc va cac thu m'f:lc con hen trong thi ta
dung option (-R) cho lfnh chgrp.
4. Thay d6i quyin troy c,p chmod

4.1 sir dyng cac ky ti}'
chmod symbolic_mode filename
u Owner (user) Permissions

g Group Permissions
o Other Permissions
a All Permissions (Owner; <3roup; Other).
. .
. ..·. , ' :···; . . ,
+ Add Permissions
- Remove Permissions
= Assign Permissions Absolutely
r Read
w Write
x Execute
- Cllp them quy€n write cho nh6m ketoan tren thu m1,1c /data/ketoan/, cac user khac khong dugc phep
truy c�p
[root@mayl -]#chmod g+x,o-xr /data/ketoan/
50 Phien Ban Thfr Nghifm - Llfll Hanh Nqi Bq

J&A1Y.,eft D6I TRUN9 TA¥ oAo T�q M�NG MAY TiNHNHAT NGHt ...-.41
TAC DAO T�O CUA MICROSOFT T� �T NAM ��
7fll:'J: �'"
""'!! 105 Ba Huy�n Thanh Quan, Q3, TP. �CM llllicrosoft· Partner
-N-HA __..T-N_G_H_E· Tel: 39.322. 734 - 39.322.735 - Website: www.nhatnghe.com Goirl Leaming
- Tuang ti,r cho thu mµc kinh doanh

[root@mayl -]#chmod g+x,o-xr /data/kinhdoanh/
- Ki�m tra l�i:
total 16
drwxr-xr-x. 2 root nhanvien 4096 Jul 7 19:25 dulieu
drwxr-x---. 2 root ketoan 4096 Jul 7 19:25 ketoan
drwxr-x---. 2 root kinhdoanh 4096 Jul, 7 19:25 kinhdoanh
drwxr-xr-x. 2 kd1 nhanvien 4096 Jul 7 19:25 software
4.2. Sir dyng s6 nhj phan cho vifc gan quyin truy cJp
Octal Value Permission Sets Binary

7 rwx 111 (4+2+1)
6 rw- 110 (4+2+0)
5 r-x 101 (4+0+1)
4 r-- 100 (4+0+0)
3 -wx 011 (0+2+1)
2 -w- 010 (0+2+0)
l -- x 001 (0+0+1)
0 --- 000 (O+O+O)
Vi dµ:
[root@mayl -]# chmod -R 770 /data/dulieu/
4.3. Sira quyin truy cJp mij.c djnh

- Quy€n khoi t�o chci file: 666 (rw-rw-rw-).
- Quy€n kh<'ri t�o cho thu mµc: 777 (rwxrwxrwx).
- Quy€n cua file, thu mµc du<;1c t�o ra bing each: AND(Quy€n kh<'ri t�o, I NVERSE(umask))
[root@mayl -]# umask

0022
Vd: tinh quy€n khi t�o thu m1,1c v&i umask la 0022
- INVERSE(022) = 111 101 101
- Quy€n kh<'ri t�o 777 = 111 111 111
AND = 111 101 101
rwx r-x r-x
Thgc hi?n d6i umask

[root@mayl -]#umask 007
Phien Bin Thir Nghifm - Llfll Hanh Nqi Bq 51

TRUNG TAM DAO T�O M�NG MAY TiNHNIIATNGllt:
..A.J'.."'Jtt"'
"{111:J; D6I TAC DAO T�O CUA MICROSOFT T�I Vl.E:TNAM
--,,,---E 105 Ba Huyen Thanh Quan, Q3, TP. HCM Mk:losoff· Partner
NHAT NGH. <.-;,�id Leaming
Tel: 39.322.734 - 39.322.735 - Website: www.nhatnghe.com
T�o file, thu ffi\lC, kiem tra quy�n truy c�p tren file, thu ID\lC
5. Thay d6i permission v6i setuid, setgid, va sticky bits
execute (group)
write (group)
...._____ rem/ (group)
5.1. user ID, setuid, or SUID:
N�u sum bit dugc thi�t l�p cho m9t (mg di,mg hay file co the thl,l'C thi nao do di�u nay co nghla la
m9t nguai dung khong phai la chu SO hCiu cua tmg di,mg ciing CO the SU' ch�y nhu chfnh chu SO hiiu.
Hay xem m()t vf dv:
[root@localhost -]# II /usr/bin/passwd

-rwsr-xr-x. 1 root root 27832 Jun 10 2014 /usr/bin/passwd
Vd: chmod u+s filel.txt

rws: L�nh passwd thay d6i m�t khfru da duqc thi�t l�p SUID bit. Tuy passwd thu9c root nhung vi
. da du.gc thi�t l�p SUID bit nen nguai dung khac cfing co the thl,l'C hi�n passwd nhu chfnh chu sa hfru
(t!t nhien chi CO the thay d6i m�t khfru CUa chfnh user thl,l'C hi�n passwd)
Tuong tu: crontab, at ..

Example: passwd command
When we try to change our password we wilt use passwd command, which is owned by root.
This passwd command file will try to edit some system config files such as /etc/passwd,
/etc/shadow etc when we try to change our password. Some of these files cannot be opened or
viewed by normal user only root user will have permissions. So if we try to remove SUID and
give full permissions to this passwd command file it cannot open other files such as /etc/shadow
file to update the changes and we will get permission denied error or some other error when
tried to execute passwd command. So passwd command is set with SUID to give root user
permissions to normal user so that it can update /etc/shadow and other files.
5.2. set group ID, setgid, or SGID
Khi setgid dugc ap vao m9t thu mvc, t�p tin va thu m\lc m6i dugc t�o ra trong thu mvc do se dugc
thira huang nhom CUa minh tir thu ffil,lC do.
Vi dv:
[root@mayl -]# mkdir /data I/

[root@mayl -]# chgrp kinhdoanh /datal
Gan SGID cho group
[root@mayl -]# chmod-R 2777 /datal
52 Phien Ban Thir Nghifm - LlrU Hanh Nqi Bq

..,.A1"fle!tt Tl�UNq T� DAO T�� M�NG MAY TiNHNIIA! NGHt
7,r"J; BOI TAC DAO T�O CUA MICROSOFT T�I \71¥T NAM �' V,-,
,., A
105 Ba Huyen
.
NHATNGHE· Tel: 39.322. 734 - 39.322.735 - Website:
Mictosoft·Partrier
www.nhatnghe.com GoJcj Learning
[root@mayl -]# 11-d /datal

drwxrwsrwx 2 root kinhdoanh 4096 Apr 16 10:37 /data I
[root@mayl -]# su kdl
[kdl@mayl root]$ cd /datal
[kdl@mayl data}]$ touch vbanl.txt
[kdl@mayl datal]$ mkdir tailieu
Ki�m tra: cac file, thu mvc t�o ra trong /datal d� thut}c sc, hiiu cua nh6m kinh doanh
[kdl@mayl datal]$ II
total 4
drwxrwsr-x 2 kdl kinhdoanh 4096 Apr 16 10:38 tailieu
-rw-rw-r-- 1 kdl kinhdoanh O Apr 16 10:38 vbanl.txt
5.3 Sticky Bit

Ngucri dung chi co th� xoa nhung files ma chinh hQ t�o ra trong thu m1:1c dugc thith l�p Sticky bit.
£>� b�t Sticky bit cho m9t thu mµc ch(mg ta thµc hi�n:
[root@localhost root]# chmod -R +t /datal

[root@localhost root]# II -d /data*
drwsrwxrwx 4 root root 4096 Apr 16 09:48 /data
. drwxrwsrwt 3 root kinhdoanh 4096 Apr 16 I 0:38 /data I_
Ho�c
[root@localhost root]# mkdir /phanmem
[root@localhost root]# chmod 1770 /phanmem/
[root@localhost root]# 11-d /phanmem/
drwxrwx--T 2 root root 4096 Apr 16 I 0:46 /phanmem/
6. Access Control List
AC Ls dugc si'.r dµng trong trm'mg hgp ma cac khai ni�m permission cua file thong thucrng khong c6
hi�u lµc. Chung cho phep gan quy�n cho mqt nguai, ho�c mqt nh6m ca nhan th�m chi khong tuong
(mg v&i owner ho�c owning group
• Access ACL: Ap dµng cho ca file va thu mµc
• Default ACL: Chi ap dµng cho thu mµc. Chung xac djnh quy�n ke thira tir thu mµc cha khi
dugc t�o.
• ACL entry: M6i ACL se bao g6m 1 t�p hgp ACL entries. M(>t ACL entry se chfra 1 lo�i, 1
h�n djnh ma user ho�c group n6 tham chieu den, va m9t t�p hgp cac quy€n.
# setfacl --help
setfacl 2.2.51 -- set file access control lists
Usage: setfacl [-bkndRLP] { -ml-Ml-xl-X ... } file ...
-m, --modify=acl modify the current ACL(s) of file(s)
-M, --modify:-file=file read ACL entries to modify from file
-x, --remove=acl remove entries from the ACL(s) of file(s)
-X, --remove-file=file read ACL entries to remove from file
-b, --remove-all remove all extended ACL entries
-k, --remove-default remove the default ACL
--set=acl set the ACL offile(s), replacing the current ACL
--set-file=file read ACL entries to set from file
--mask do recalculate the effective rights mask
-n, --no-mask don't recalculate the effective rights mask
Phien Ban Thir Nghifm - Ltru Hanh N{,i B{, 53

,nlile'CiTRUNG TAM DAO T�O M�G MAY TiNHNIIATNGH¥
B6I TAC BAO T�O CUA MICROSOFT T� Yq:TNAM
A
Miclosoft· Partner
,.,
NHAT NGH� Tel: 39.322.734 - 39.322.735- Website: www.nhatnghe.com �;;,.;,?;:! Leaming
-d, --default operations apply to the default ACL

-R, --recursive recurse into subdirectories
-L, --logical logical walk, follow symbolic links
-P, --physical physical walk, do not follow symbolic links
--restore=file restore ACLs (inverse of' getfacl -R')
--test test mode (ACLs are not modified)
-v, --version print version and exit
-h, --help this help text
6.1 ACL permission

Vd 1: c!p quySn tren thu m\}C /data
Nh6m giamdoc va nh6m kinhdoanh duqc d9c, ghi.
Nh6m ketoan chi d9c
User ul: d9c, ghi.
Cac user khac khong duqc truy c�p
[root@localhost-]# mkdir /data

[root@localhost-]# chgrp -R giamdoc /data/
[root@localhost-]# chmod -R 770 /data/
[root@localhost-]# II -d /data/
drwxrwx--- 2 root giamdoc 4096 Apr i6 15:15 /data/
Xem ACL hi�n t�i:
[root@localhost-]# getfacl /data/
getfacl: Removing leading '/' from absolute path names
# file: data/
# owner: root
# group: giamdoc
user::rwx
group::rwx
other::---
Gan quySn cho nh6m kinhdoanh va user u 1
[root@localhost-]# setfacl -m user:ul :rwx,group:kinhdoanh:rwx /data/
[root@localhost-]# getfacl /data/
# file: data/
# owner: root
# group: giamdoc
user::rwx
user:u 1 :rwx
group::rwx
group: kinhdoanh:rwx
mask::rwx
other::---
Ngoai cac entries kooi t�o cho user ul va group kinhdoanh, mask entry cung duqc t�o ra. mask
entry nay duqc gan tlJ d9ng d� giam thi�u s6 luqng cac entries trong group class d� g9i ten thong
thucmg. mask djnh nghia quySn truy c�p c6 hi�u h,rc Ian nhftt cho tfil ca cac entries trong group class:
named user, named group, owning group. Do d6, mask entry tuong (mg v&i bit quySn cua group
class - duqc hi�n thi bing l�nh:
q�!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!�
5 Phien Ban Thll' Nghifrn - Ltru Hanh Nqi Bq
7,rJ;
TRUNG TAM DAO T�O M�NG MAY TINHNHA.T NGm;
.AA1-,,,eJC,
1>61 TAC BAO T�O CUA MICROSOFT T� V.q:T NAM
:::41"1�
..,
--.,---
NHATNGHc
.,.
Mictosoft· Partner
· Tel: 39.322.734 Goi(l Leaming
[root@localhost -]# 11-d /data/

drwxrwx---+ 4 root giamdoc 4096 Apr 16 15:28 /data/
Cl}t d!u tien cua output chua d\filg m<}t d!u +, day la ky t11 d?i di�n cho m<}t extended ACL
Gan quy�n cho nh6m ketoan
[root@localhost -]# setfacl -m group:ketoan:rx /data/
[root@localhost -]# getfacl /data/
# file: data/
# owner: root
# group: giamdoc
user::rwx
user:u 1:rwx
group::rwx
group:kinhdoanh:rwx
group:ketoan:r-x
mask::rwx
other::---
Ki�m tra: LAn luc;rt login user kd 1, ktl, u 1, u2 thi,rc hi�n truy c�p thu muc/data v6i cac quy�n read,
write
Bay gia thu dung ch mod ho�c sclfocl d� disabled quy�n write cua group class xem sao,
[root@Jocalhost -]# setfacl -m m::rx /data/
root@localhost -]# getfacl /data/
getfacl: Removing leading'/' from absolute path names
# file: data/
# owner: root
# group: giamdoc
user::rwx
user:u I :nvx #effective:r-x
group::rwx #effective:r-x
group:kinhdoanh:rwx #effective:r-x
group:ketoan:r-x
mask::r-x
other::---
output cua l�nh Is cho th!y mask bits da dugc di�u chinh v6i setfacl:
[root@1oca1host -]# 11 -d /data/
drwxr-x---+ 4 root giamdoc 4096 Apr 16 15:28 /data/
K�t qua: cit ca cac user khong th� write tren thu mvc /data
X6a toan bQ ACL

[root@Jocalhost -]# setfacl -b /data/
6.2 Default ACL
Default ACL djnh nghia t!t ca cac quy�n truy c�p k� thira tir thu mvc nay khi n6 dugc t�o. default
ACL anh huong d�n cac thu m1,1c con cfing nhu la cac files.
# mkdir -p /dulieu/{tm 1 ,tm2}
Phien Ban Thir Nghifm - L1111 Hanh N{,i B{, 55

J>ALTte,t,
"ffll:'X
TRUNG TAM DAO T�O M�G MAY TiNHNHAT NGJ:il:
B6I TAC BAO T�O CUA MICROSOFT T�I VfE:T NAM
Microsoff'Partner
� ,�
..
N
_. � I 05 Ba Huy�n Thanh Quan, Q3, TP. HCM

NHAT NGH� Tel: 39.322.734 - 39.322.735-Website: www.nhatnghe.com .-;;,A::: Leaming
#mkdir -p /dulieu/tml/{tml 1,tml2}

#setfacl -d -m o::- /dulieu/
#setfacl -d -m u:ul :rwx /dulieu/
[root@localhost dulieu]# getfacl /dulieu/
getfacl: Removing leading'/' from absolute path names
# file: dulieu/
# owner: root
# group: root
user::rwx
group::r-x
other::r-x
default user::rwx
default:user:ul :nvx
default group::r-x
default:mask::rwx
default:other::---
T�o thu mvc tm3 sau khi co Default ACL
# mkdir tm3
[ul@localhost dulieu]$ II
total 1 2
drwxr-xr-x 4 root root 4096 Apr 17 14:54 tm 1
drwxr-xr-x 2 root root 4096 Apr 17 14:5 3 tm2
drwxn:vx---+ 2 root root 4096 Apr 17 1 5:00 tm3
Dung getfacl tren tm1,tm2,tm3 thi chi co tm3 bi anh hucrng cua Default ACL
Ki�m tra u l
[ul@localhost dulieu]$ mkdir tm1/ul
·
mkdir: cannot create directory 'tm 1 /u 1 ': Permission denied
[u l@loca1host dulieu]$ mkdir tm3/u 1 ; thanh cong
Ki�m tra u2
[u2@1ocalhost dulieu]$ 11 tm 1
total 8
drwxr-xr-x 2 root root 4096 Apr 17 14:54 tml 1
drwxr-xr-x 2 root root 4096 Apr 17 14:54 tm12
[u2@localhost dulieu]$ II tm3
Is: cannot open directory tm3: Permission denied
6.3 Vi dy
Cong ty ABC co 3 phong ban: kinh doanh, k� toan, ban giam d6c
Cay thu mvc du li�u:
/data/
t--giamdoc
Lketoan
kinhdoanh
Yeu cAu phan quy�n:
56�!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Phien Bin Thir Nghifm - Ltru Hanh N{,i B{,
Men,
TRUNG TAM DAO T�O M,:\NG MAY TiNHNBATNG:et ..../1.I
D6I TAC DAO T�O CUA MICROSOFT T�I VI.f;T NAM �� "\!,.,
NHATNGHE
,., I 05 Ba Huyen Thanh Quan, Q3, TP. HCM
A
.
Microsolt·Pa rtner
· Tel: 39.322. 734 - 39.322. 735 - Website: www.nhatnghe.com Gold Learning
Nhan vien Cua phong ban nao chi CO th€ dugc quy€n truy C�p vao thu ffi\lC Cua phong ban do,
user rtao �o thi chi user d6 x6a
User trucmg phong nao dugc x6a dii li�u cua phong d6
Ban giam d6c c6 th€ vao dugc tfrt ca phong ban
Giam d6c dugc quy€n truy c�p va chinh sua/x6a file/folder cua tfrt ca cac prong ban khac:
T�o cac user:tonggiamdoc,phogiamdoc,ketoantruong,ketoan 1,ketoan2,tpk

inhdoanh,kinhdoanh l ,kinhdoanh2
Set nh6m chinh cho giam d5c va nhan vien
B 1. Tao user, goup
Kinhdoanh{tpkd,kd l ,kd2,kd3)
ketoan{tpkt,kt 1,kt2)
giamdoc(gd,pgd)
B2. Tl].o cay thu m1,1c nhu tren, m6i thu th1,1c tl].o sin thu m1,1c DATA
B3. Phan quy€n, sticky bit

# chmod -R 1770 /data/ketoan
# chmod -R 1770 /data/kinhdoanh/
# chmod -R 1770 /data/giamdoc/
B4. Gan user va group chu Slf hfru
#chown -R tpkt:ketoan /data/ketoan
#chown -R tpkd:kinhdoanh /data/kinhdoanh/
#chown -R gd:giamdoc /data/giamdoc
[root@localhost data]# 11 /data

total 16
drwxrwx--T 3 gd giamdoc 4096 Apr 17 15:25 giamdoc
drwxrwx--T 3 tpkt ,ketoan 4096 Apr l 7 15:25 ketoan
drwxrwx--T 3 tpkd kinhdoanh 4096 Apr 17 15:25 kinhdoanh
85. Phan quy€n ACL
Giai quy�t d5i v6i file da t6n tl].i

# setfacl -m tpkt:rwx /data/ketoan
# setfacl -R -m group:giamdoc:r-x /data/ketoan
Giai quy�t d5i v6i file, dir tl].o m6i
#setfacl -R -:m d:tpkt:rwx /data/ketoan
#setfacl -R -m d:group:giamdoc:rwx /data/ketoan
B6. Giam d5c dugc x6a

#visudo
giamdoc ALL=(ALL) NOPASSWD:/bin/rm -fr /data/*
Pbien Ban Thfr Nghifm - Llfll Hanh N{U Bcj 57

TRUNg TA� DAO TAq MANG MAY TiNHNIIA!NGUl
.AA1-iteJt, �"
"'/frJ: D6I TAC . DAO T�O CUA MICROSOFf T� �T NAM ,� ..
I 05 Ba Huy�n Thanh Quan, Q3, TP. HCM llllictosalt' Partner
NHAT NGHIF Tel: 39.322.734 - 39.322.735-Website: www.nhatnghe.com
., A
Lip ljch quan Iy log

1. L@.p ljch
1.1 Lfp ljch bing lfnh at
Dung l�p }ich thµc hi�n cac cong vi�c m9t 1§.n duy nhdt, cac ti€n trinh dugc thµc hi�n trong Mu canh.
at [-ffile] time
time:HH :MM
L�p ljch shutdown M th6ng vao 21:30

[root@mayl -]# at 21:30
at>date >/root/date.txt
at>poweroff
at><EOT>
job 2 at 2012-07-10 21:30
"+D
Xem cac cong vi�c dang l�p ljch
[root@mayl -]# at -1
2 2012-07-10 2 1:30 a root
Ho�c
[root@mayl -]# atq
2 2012-07-10 2 1:30 a root
X6a m(>t job trong hang dgi cua at

atrm [job name] ho�c #at -r [job number] hoac at -d 5
Cdm user nvl, nv2 su dµng l�p ljch "at"·
buo·c I:
- Them vao t�p tin /etc/at,deny, n9i dung sau:
nvl
nv2
bu&c 2:
- t�o user nvl , nv2 va password (xem them �o user)
- login vao nvl , nv2 ki�m tra.
1.2 L@.p lich bing crontab

Khi kh<'ri d(>ng cron daemon se thµc thi cac schedules 1§.n lugt nhu sau:
- File /etc/crontab
- Cac file trong thu mµc /etc/cron.d
- Cac file trong thu mµc /var/spool/cron
C�u true cua m('> schedule task nhu sau:
Munite Hour Day Month Dayofweek User Command
- Minute: 0 =>59
- Hour: 0 =>23
58�!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Phien Ban Thi'r Nghifm - Llfll Hanh Ni}i Bi}
� ! NGHl:
TRUNq TA¥ DAO T�� M�NG MAY TiNH NBA
...J'..'Jt� DOI TAC BAO T�O CUA MICROSOFT T�I. VJl;T NAM
7frX
"':�I�
"-'?··,
-�.,--- 105 Ba Huyen Thanh Quan, Q3, TP. HCM MICl'OSOft· Partner
NHAT NGH •�
Tel: 39.322.734 - 39.322.735-Website: www.nhatnghe.com Goid Leam.ing
-Day: I=> 31 ( tuy thu{>c vao thang)

-Month: 1 => 12 ( hay jan, feb, ... )
- Dayofweek: 0 => 7 ( hay sun, mon, ... )
- User: Nguoi dung
- Command: l�nh hay script dn dugc thgc thi
Caiclamd
clamav-lib-0.98.6-1.el7.x86 64
clamav-scanner-systemd-0.98.6-1.el7.noarch
clamav-update-0.98.6-1.el7.x86_64
clamav-filesystem-0.98.6-1.el7.noarch
clamav-server-0.98.6-1.el7.x86 64
clamav-devel-0.98.6-1.el7.x86_64
clamav-data-0.98.6-1.el7.noarch
clamav-server-systemd-0.98.6-l .el7.noarch
clamav-0.98.6-1.el7.x86 64
clamav-scanner-0.98.6-l .el7.noarch
HoJc:
# yum install clamav-server clamav-data clamav-update clarnav-filesystem clamav clamav-scanner
systemd c]amav-deve] cJamav-Jib clamav-server-systemd
Ho�c:
#rpm -ivh calmav-*
Ciu hinh clam

# vi /etc/freshclam.conf
Dorig 8 #Example
Ho�c:
#sed -i -e "s/"Example/#Example/" /etc/freshclam.conf
# vi /etc/clarnd.d/scan.conf
Dong 8 #Example
# vi /etc/sysconfig/freshclam
24 #FRESHCLAM DELA Y=disabled-wam # REMOVE ME
C�p nMt n{>i dung virus m&i nh!t - manually
[root@loca]host clamav]# freshclam
ClamAV update process started at Thu Apr 23 08:50:31 2015
WARNING: getpatch: Can't download daily-19996.cdiff from database.clamav.net
WARNING: getfile: daily-19996.cdiffnot found on remote server (IP: 213.73.255.243)
WARNING: getpatch: Can't download daily-19996.cdifffrom database.clamav.net
WARNING: Incremental update failed, trying to download daily.cvd
Downloading daily.cvd [ 0%]
rroot@localhost clamav]#
# vi /etc/clamd.d/scan.conf
8 #Example
85 Loca]Socket /var/run/clarnd.scan/clamd.sock
[root@Joca]host -]# /usr/sbin/clamd -c /etc/clamd.d/scan.conf nofork::=)res

LibCJamAV Warning: **************************************************
LibC]arnAV Warning: *** The virus database is older than 7 days! ***
LibClarnAV Warning: *** Please update it as soon as possible. ***
Phien Ban Thir Nghifm - Llfll Hanh N9i B9 59

Men,
_,
TRUNG TAM :E>AO T�O M�G MAY TiNHNIIATNGHl:
1>61 TA.C l>.AO T�O CUA MICROSOFT T� Vrf;T NAM
_ 105 Ba Huy�n Thanh Quan, Q3, TP. HCM Micl'osoft· Partner
NHAT NGHI; Tel: 39.322.734 - 39.322.735- Website: www.nhatnghe.com
LibClamAV Warning:**************************************************
Enable on startup
#systemctl enable clamd@scanservice
Khoi d(>ng va ki€m tra clamd
# systemctl start clamd@scanservice
# systemctl status clamd@scanservice
Cac cong vi�c l�p lich se dugc hru trong thu mvc:/var/spool/cron
Ti8n hanh quet virus
# clamdscan /data/*
Ho�c
# clamdscan -c /etc/clamd.d/scan.conf /data/*
[root@localhost -]# clamscan -r *

LibClamAV Warning:**************************************************
LibClamAV Warning:*** The virus database is older than 7 days! ***
LibClamAV Warning:*** Please update it as soon as possible. ***
LibClamAV ·warning:******************.********************************
anaconda-ks.cfg: OK
clamav..:O.98.6-1.el7 .x86_64.rpm:OK
clamav-data-0.98.6-1.el7.noarch_3.rpm:OK
clamav-data-0.98.6-1.el7.noarch.rpm:OK
clamav-filesystem-0.98.6-1.el7.noarch.rpm:OK
N�u mu6n remove file co virus:

clamscan --remove==yes *
[root@localhost -]# service crond restart
Xem l�p ljch c�p nh�t clam
[root@localhost -]# cat /etc/cron.d/clamav-update
## Adjust this line...
MAILTO==root
## It is ok to execute it as root; freshclam drops privileges and becomes

## user 'clamupdate' as soon as possible
0 * /3 * * * root /usr/share/clamav/freshclam-sleep
Them dong sau d€ ki�m tra sg l�p )ich

*/1 * * * * root /bin/date>> /root/date.txt
#/usr/share/clamav/freshclam-sleep
run clamd manually for testing purposes
Sau m6i phut xem thir n(>i dung file /root/date.txt
- CJm user hvl su dvng djch V\l "crontab"

Them vao �p tin /etc/cron.deny, n9i dung sau:
60 Phien Ban Thir Nghifm - Lmi Hanh N{,i B{,

T�UN9 TA� DAO T�� M�NG MAY TINHNHA.T NGiq
JtAL'Tl�
"/fll:"'r 001 TAC DAO T�O CUA MICROSOFf T�I VJt;T NAM
--,.,--- 105 Ba Huyen Thanh Quan, Q3, TP. HCM
NHATNGHc..· Tel: 39.322.734
. - 39.322.735- Website: www.nhatnghe.com Mictosoft· Partner
Gold �earning
hvl
- D€ xem danh sach cac schedule w l�p, go lenh crontab -I
2. Syslog Deamon
2.1. Xem file du hinh rsyslog
[root@mayl -]# vi /etc/rsyslog.conf
39 # local messages are retrieved through imjournal now.

40 $0mitLocalLogging on
42 # File to store the position in the journal
43 $IMJournalStateFile imjournal.state
46 #### RULES ####
48 # Log all kernel messages to the console.
49 # Logging much else clutters up the screen.
50 #kern.* /dev/console
52 # Log anything (except mail) of level info or higher.
53 # Don't log private authentication messages!
54 * .info;mail.none;authpriv.none;cron.none /var/log/mess;iges
55
56 # The authpriv file has restricted access.
57 authpriv.* /var/log/secure
59 # Log all the mail messages in one place.
60 mail.* . -/var/log/maillog
63 # Log cron stuff
64 cron. * /var/log/cron
66 # Everybody gets emergency messages
67 * .emerg :omusrmsg:*
69 # Save news errors of level crit and higher in a special file.
70 uucp,news.crit /var/log/spooler
72 # Save boot messages also to boot.log "
73 Jocal7.* /var/log/boodog
dong 54 * .info;mail.none;authpriv.none;cron.none /var/log/messages

luu m9i thong tin - info vao /var/log/messages, ngo�i tru Jog
v� mail, authpriv, cron
dong 57 authpriv. * /var/log/secure

; ghi nh�n user login thanh cong, thdt b�i ( thll login sai pass va quan sat log)
dong 64:cron.* /var/log/cron

dong 67:*.emei:g *
; ghi Jog ra man hinh
Cdu true cua m6i dong: Facility.Level Action

Facility: dfii tm;mg sinh ra log, bao g6m:
D auth: Sil di,mg cho nhfrng sg ki�n bao m�t
D authpriv: cac thong bao lien quan d�n ki€m soat truy c�p va bao m�t
D cron: cron daemon
D daemon: Sil di,mg b<'ri cac ti�n trlnh h� thfing va cac daemons khac
D kern: cac thong bao tu kernel
Phien Ban Thir Nghifm - LlfU Hanh N{,i B9 61

TRUN� T� DAO T�q M�NG MAY TINHN1L\! NGB:t
JAA1Tl,e/C'
"f,r"J; DOI TAC DAO T�O CUA MICROSOFT T� V(l:T NAM
., � I 05 Ba Huy�n Thanh Quan, Q3, TP. HCM Miclosott" Partner
NHAT NGHI; Tel: 39.322.734- 39.322.735-Website: www.nhatnghe.com r;;,;,k� Leaming
D /pr: M th6ng in An
D mark: nhfmg thong bao duqc generated bc'ri ban than syslogd. No chi chi'.ra m(>t bi€n
timestamp va m(>t chu6i "--MARK--".
D · news: h� th6ng tin rue
D syslog: nhilng thong bao duqc generated bc'ri ban than syslogd.
D user: thong bao v8 cdp ngucri dung chung
D uucp: h� th6ng con UUCP
D loca/0 to loca/7: dg trii cho sir d\lng n(>i b(>
Level: Mi'.rc d(> ma messages se duqc logged, bao gfim:
D debug: cac messages CJ ch€ d(> debug
D info: messages mang thong tin
D notice: messages mang tinh cMt thong bao
D warning (ho�c warn): messages canh bao
D e" (ho�c error): messages 16i
D crit: messages nguy hi�m
D alert: messages v8 cac hanh d(>ng phai duqc thµc hi�n ngay
D emerg (ho�c panic): messages khi h� th6ng khong th� dung duqc nfra
Ngoai ra con m()t mi'.rc d�c bi�t duqc g9i la none, mi'.rc nay se disable Facility di cung. Ddu sao [*] co
th� duqc sir di,mg d� mieu ta cho tdt ca cac Facilities ho�c tdt ca cac Levels
Action: Nai luu trfr cac messages

D M(>t ten file v&i full path
D M(>t danh sach cac nguai dung each nhau bai ddp phfty (,)
D @hostname(hay ip) cua remote syslog server
Cdu hinh local syslog server:

- Cfiu hinh ghi log cha cac ti€n trinh h� th6ng CJ m9i mfrc d(>.
Sua l�i dong:
cron.* /var/log/laplich
- Restart syslog server:

[root@mayl -]# systemctl restart rsyslog
- Ki�m tra file daemon.log duqc sinh ra sau khi restart syslog server:
[root@mayl -]# II /var/log/laplich
-rw------- 1 root root 140 Jul 10 20: 17 /var/log/laplich
2.2. Log file rotation

- Xem file /etc/logrotate.conf:
62 Phien Ban Thir Nghifm - LllU Hanh Nqi Be)

....�.:It
TRUNG TAM DAO T�O M�NG MAY TiNHNIL\T NGiq:
"/(W"J; � DOI TAC B.AO T�O CUA MICROSOFT T�I V�T NAM ':�,!I.
'\: ..,
----- 105 Ba Huy�n Thanh Quan, Q3, TP. HCM
NH,(T NGHe Tel: 39.322.734 - 39.322.735- Website: www.nhatnghe.com
Microsoft· Partner
· Gol(:i Learning
see "man togrotate• for details

rotate tog files weekly
ekty
Luu l�i nhiing thong tin logs dang gia trong 4 tuAn
create new nes
T�o ra file mm sau khi xoay vong
uncomment this if you want your tog files compressed

compress
--====,cho phep nen log files
RPM packages'-n,op cog ,ocauon
J
1 formation into this directory
nclude /etc/logrotate.d
Chua Thong tin v� SIJ quay vong log cua
no packages own wtmp cac g6i rpm
var/log/wtmp {
monthly
create 0664 root utmp
rotate 1
}
Ljp ljch rieng cho djch v1,1 crond

Thvc hien:
Cach 1
- T�Q tjp tin /etc/logrotate.d/cron v6i n9i dung sau:
/var/log/cron {
copytruncate
daily
size 10M
missingok
rotate 3
compress
notifempty
}
Ynghia:
- Xen file cron g6c v� 0, sau khi chep n9i dung vao file cron. l, file cron.1 dugc chep thanh
cron.2...
- Log files are rotated every day log - file log dugc su d1,1ng m6i ngay;
- rotated bat cir khi nao kich thu6c file la I OMbyte
- NSu 1 file log bj m�t (cron.2) thi cron.3 -->cron.2; va ko bao 16i
- Luu l�i 3 file:cron, cron.1, cron.2, cron.3
· - TaQ file nen cron.gz
- Khong quay nSu file r6ng
Cac tham s6 khai bao i:J cac file nay co d9 uu tien cao han cac tham s6 khai bao trong file
/etc/logrotate.conf.
Cachl
Phien Ban Thir Nghifm - Llfll Hanh Nqi Bq 63
-- -�---
- -
-
111i1� TRUNGTAM DAO T�O M�G MAYTINHNHA.TNGHi
D6I TAC DAO T.�O CUA MICROSOFT T..;,I VJl;T NAM
I 05 Ba Huyen Thanh Quan, Q3, TP. HCM M"ICIOSOlt' Partner
NHATNGHE .
� A
· Tel: 39.322.734 - 39.322.735- Website: www.nhatnghe.com
- Them n()i dung tren vao cu6i t�p tin /etc/logrotate.conf
Ch�y l�nh sau nhi8u lAn th\fc hi�n vi�cquay vong sir dvng file log:
logrotate -f -s /var/lib/logrotate.status /etc/logrotate.d/cron
Xemk�tqua:
[root@localhost-]# II /var/log/cron*
-rw-------. 1 root root O Jul 9 18:51 /var/log/cron
-rw-------. 1 root root 24 Jul 9 18:51 /var/log/cron.1.gz
[root@.localhost -]#
64,!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!�
Phien Ban Thfr Nghifm - Llru Hanh N{,i B{,
Men,
TRUNG TAM f>AO TAO MANG MAY TINHNHAT NGHE
D6I TAC BAO T�O CUA MICROSOFT T� VJ¥T NAM
-::�"'"I�
... .,,. 105 Ba Huyen
NHATNGHc .
Thanh Quan, Q3, TP. HCM Afictosoft·Partner
· Tel: 39.322.734 - 39.322.735- Website: www.nhatnghe.com Goid Learning
Quan ly tien trinh

1. Theo doi cac �n trinh
T�o user nvl, nv2
ps -ax xem thong tin tfit ca cac ti�n trinh
[root@localhost -]# ps -ax
Warning: bad syntax, perhaps a bogus'-'? See /usr/share/doc/procps-3.2.8/FAQ
PIO TTY STAT TIME COMMAND
1? Ss 0:01 /sbin/init
2? s 0:00 [kthreadd]
3? s 0:00 [migration/0]
4? s 0:00 [ksoftirqd/0]
5? s 0:00 [migration/0]
6? s 0:00 [watchdog/OJ
7? s 0:00 [events/OJ
8? s 0:00 [cpuset]
9? s 0:00 [khelperJ
1742? S< 0:00 /sbin/udevd -d
1744 tty6 Ss+ 0:00 /sbin/mingetty /dev/tty6
1745? S 0:00 sshd: root@pts/0
1749 pts/0 Ss 0:00 -bash
1778? Ss 0:00 /usr/libexec/openssh/sftp-server
1797 pts/0 R+ 0:00 ps -ax
PIO: process ID
PPID: Parent process ID
PROCESS STATE CODES

Here are the different values that the s, stat and state output specifiers
(header "STAT" or "S") will display to describe the state of a process.
D Uninterruptible sleep (usually 10)
R Running or runnable (on run queue)
S Interruptible sleep (waiting for an event to complete)
T Stopped, either by a job control signal or because it is being traced.
W paging (not valid since the 2'.6.xx kernel)
X dead (should never be seen)
Z Defunct ("zombie") process, terminated but not reaped by its parent.
For BSD formats and when the stat keyword is used, additional characters may
be displayed:
< high-priority (not nice to other users)
N low-priority (nice to other users)
L has pages locked into memory (for real-time and custom 10)
s is a session leader
I is multi-threaded (using CLONE_THREAD, like NPTL pthreads do)
+ is in the foreground process group
Phien Bin Thir Nghifm - Llfll Hanh Nqi B9 65

TRUNG TAM DAO T�O M�NG MAY TINHNIIA.TNGH:E;
.AAL"Ee"' B6I TAC DAO T�O CUA MICROSOFT T� Yq:TNAM
7frJ:.
_, _ 105 Ba Huy�n Thanh Quan, Q3, TP. HCM Microsolt' Partner
NHAT NGHI; Tel: 39.322. 734 - 39.322.735 - Website: www.nhatn he.com "..i,.Ad Leaming
Alt+f2 login root
ps -ef I more xem ti8n trinh cha, con.
UID PID PPID C STIME TTY TIME CMD

root 1 0 0 15:39? 00:00:01 /sbin/init
root 2 0 0 15:39? 00:00:00 [kthreadd]
root 3 2_ 0 15:39? 00:00:00 [migration/OJ
root 4 2 0 15:39? 00:00:00 [ksoftirqd/0]
root 5 2 0 15:39? 00:00:00 [migration/OJ
root 6 2 0 15:39? 00:00:00 [watchdog/OJ
root 7 2 0 15:39? 00:00:00 [events/OJ
root 8 2 0 15:39? 00:00:00 [cpuset]
root 9 2 0 15:39? 00:00:00 [khelper]
root 10 2 0 15:39? 00:00:00 [netns]
root 11 2 0 15:39? 00:00:00 [async/mgr]
root 12 2 0 15:39? 00:00:00 [pm]
root 13 2 0 15:39? 00:00:00 [sync_supers]
root 14 2 0 15:39? 00:00:00 [bdi-default]
root 15 2 0 15:39? 00:00:00 [kintegrityd/0]
Y nghTa cac c9t

• UlD: The user responsible for launching the process
• PlD: The process ID of the process
• PPID: The PID of the parent process (if a process is started by another process)
• C: Processor utilization over the lifetime of the process
• STIME: The system time when the process started
• TTY: The terminal device from which the process was launched
• TIME: The cumulative CPU time required to run the process
• CMD: The name of the program that was started
· xem thong tin cac ti8n trinh theo du true cay:

pstree -np I more
[root@localhost -]# pstree -np I more
init(l)-+-udevd(415)-+-udevd(l 740)
I '-udevd(1742)
1-auditd(1248)---{auditd}(1249)
l-rsyslogd(l 264)-+-{rsyslogd}(1267)
I '-{rsyslogd}(l268)
l-rpcbind(l306)
l-dbus-daemon(l321)---{dbus-daemon}(l324)
1-NetworkManager(1333)
1-modem-manager(1339)
1-avahi-daemon( 1345)---avahi-daemon(1346)
1-rpc.statd(1363)
l-wpa_supplicant(l428)
1-rpc.idmapd(1429)
l-acpid(l443)
!-hald( 1452)---hald-runner( 1453 )-+-hald-addon-inpu( 1493)
I '-hald-addon-acpi( 1499)
66�!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Phien Ban Thir Nghifm - Llru Hanh Nqi Bq
TRUNG TAM E>AO T�O M�NG MAy TINH NBAT NGJil:
.....A.l'..'lte"-
"ffllf'J: D6I TAC D.AO T,;.O CUA MICROSOFT T..;.I VItT NAM
,., A I 05 Ba Huyen Thanh Quan, Q3, TP. HCM
NHATNGHE· Tel: 39.322.734 . - 39.322.735- Website: www.nhatnghe.com
Afictosoft·Pa rtner
Go!,; Learning
Theo doi ti8n trinh login cua u1, u2
Alt+F2, login u1; ch�y me

Alt+F3, login u3; ch�y mc
[root@localhost-]# pstree -np I more

l-abrtd(l650)
l-abrt-dump-oops(l658)
l-qpidd(l669)-+-{qpidd} (1670)
I '-{qpidd} (1671)
l-crond(l707)
l-atd(l718)
l-login(l731)---bash(2024)---pstree(2250)
l-login(l733)---bash(2057)---mc(2089)-+-cons.saver(2090)
I '-bash(2091)
l-login(l735)--�bash(2115)---mc(2227)-+-cons.saver(2228)
I '-bash(2229)
ps -u ul xem thong tin tien trinh ul khcri t�o
[root@localhost -]# ps -u ul
PIO TTY TIME CMD
2057 tty2 00:00:00 bash
2089 tty2 00:00:00 me
2090 ? 00:00:00 cons.saver
2091 pts/5 00:00:00 bash
Huy ti€n trinh theo PIO
kill PIO
[root@localhost -]# pkill 2089 # 2089 la PIO cua me do ul khoi r�o
Huy ti€n trinh theo ten

pkill named ho�c
killall processes by name
[root@localhost-]# pkill me
f
L�nh killall: dugc dung khi mu6n kill t�t ca cac process vo ten ch�c chin. Luc nay khong d.n dung
ps d� tim PIO. Vi di.i: # killall httpd
[root@localhost-]# pgrep sendmail #tim pid cua sendmail

[root@localhost-]# pk.ill sendmail #huy tiSn trinh sendmail
[root@localhost-]# pgrep sendmail #tim pid cua sendmail
khcri d¢ng l�i sendmail
[root@localhost-]# service sendmail start
2. Nhan dang ti�n trinh

Ti€n trinh ti8n canh: do user t�o ra va giao ti€p tf\l'c ti€p vai user
vd: me
Phien Ban Thii' Nghifm - Lll'll Hanh Nqi B9 67

_A1 -,,,e!t-
"ffllf"X
TRUNG TAM E>Ao TA.OMA.NG MAY TiNHNIIAT NGHE:
D6I TAC DAO T�O CUA MICROSOFT T� \'If:T NAM �:'
,., _ 105 Ba Huy�n Thanh Quan, Q3, TP. HCM Miclosoff' Partner
NHAT NGHe ':.i,�i::i Leaming
Ti€n trinh h�u canh: (deamon process)

- do ngucri dung �o ra
- do M thf>ng t�o ra, n6 tv d{mg kich ho�t
Dua 1 tiBn trinh vao Mu canh
- Ch�y me, nhdn Ctrl+Z
Ho�c them & vao sau cau l�nh
[root@localhost-]# sleep 1000 &
[root@localhost-J# sleep 1500 &
Xem cac tiBn trinh trong Mu canh
[root@localhost-]# jobs
[1]+ Stopped me
[2] Running sleep 1000 &
[3]- Running sleep 1500 &
L�nh bg %n : ch�y tinh trinh trong Mu canh

L�nh fg %n : dua tiBn trinh ra ti�n canh
3. Theo doi performance rua he th6ng
L�nh top
[root@localhost-]# top
top - 16:42: 11 up 1:02, 5 users, load average: 0.00, 0.00, 0.00
Tasks: 100 total, 1 running, 98 sleeping, 1 stopped, 0 zombie
Cpu(s): 0.1 %us, 0.2%sy, 0.0%ni, 99.3%id, 0.4%wa, 0.0%hi, 0.0%si, 0.0%st
Mem: 1030888k total, 216616k used, 814272k free, 26804k buffers
Swap: 2047992k total, Ok used, 2047992k free, 118520k cached
P IDUSER PR NI VIRT RES SHR S %CPU %ME M TIME+ COMMAND

1 root 20 0 2864 1400 1180 S 0.0 0.1 0:05.15 /sbin/init
2 root 20 0 0 · 0 0 S 0.0 0.0 0:00.00 [kthreadd]
3 root RT O O O OS 0.0 0.0 0:00.00 [migration/OJ
4 root 20 0 0 0 0 S 0.0 0.0 0:00.00 [ksoftirqd/0]
5 root RT O O O OS 0.0 0.0 0:00.00 [migration/OJ
6 root RT O O O OS 0.0 0.0 0:00.00 [watchdog/OJ
7 root 20 0 0 0 0S 0.0 0.0 0:00.00 [events/0]
8 root 20 0 0 0 0S 0.0 0.0 0:00.00 [cpuset]
9 root 20 0 0 0 0S 0.0 0.0 0:00.00 [khelper]
10 root 20 0 0 0 0 S 0.0 0.0 0:00.00 [netns]
11 root 20 0 0 0 0S 0.0 0.0 0:00.00 [async/mgr]
12 root 20 0 0 0 0S 0.0 0.0 0:00.00 [pm]
13 root 20 0 0 0 0S 0.0 0.0 0:00.00 [sync_supers]
14 root 20 0 0 0 0S 0.0 0.0 0:00.00[bdi-default]
15 root 20 0 0 0 0S 0.0 0.0 0:00.00 [kintegrityd/0]
16 root 20 0 0 0 0 S 0.0 0.0 0:00.01 [kblockd/0]
17 root 20 0 0 0 0 S 0.0 0.0 0:00.00 [kacpid]
18 root 20 0 0 0 0 S 0.0 0.0 0:00.00 [kacpi_notify]
19 root 20 0 0 0 0S 0.0 0.0 0:00.00 [kacpi_hotplug]
20 root 20 0 0 0 0 S 0.0 0.0 0:00.02 [ata/0]
21 root 20 0 0 0 0S 0.0 0.0 0:00.00 [ata aux]
. 68�!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Phien Ban Thll' Nghifm - Llfll Hanh Nqi Bq
..,.1'2 TRUNG TAM DAO TAO MANG MAY TINHNHA.T NGHE
7,r'J; e/tl D6I TAC DAO T�O CUA MICROSOFT T�I vq:T NAM -:�Ji.
""'
-N-H.A_T_N_G_H-�
105 Ba Huy�n Thanh Quan, Q3, TP. i:iCM Mictosoft·Pa rtner
• Tel: 39.322.734 - 39.322.735- Website: www.nhatnghe.com Go!d Learning
I 22 root· 20 0 0 0 0 S 0.0 0.0 0:00.00 [ksuspend usbd]
Xem thong s6 CPU:

us percent cpu being used by userland code
sy percent cpu being used by kemelspace code
. ni like "us" but related to "niced" processes
id idle
wa . cpu is idle because it waits for IO to complete
hi interrupts generated by hardware
si interrupts generated by software
Cac trang thai:

w: S -- Process Status
The status of the task which can be one of:
'D'=uninterruptible sleep
'R'=running
'S'=.sleeping
'T'=traced or stopped
'Z'=zombie
y nghia cac cot

PIO: The process ID of the process
USER: The user name of the owner of the process
PR: The priority of the process
NI: The nice value of the process
ViRT: The total amount of virtual memory used by the process
. RES: The amount ofphysical memory the process is using
SHR: The amount of memory the process is sharing with other processes
S: The process status. (D = interruptible sleep, R = running, S = sleeping, T = traced or
stopped, or Z = zombie)
%CPU: The share of CPU time that the process is using
%MEM: The share of available physical memory the process is using
TIME+: The total CPU time the process has used since starting
COMMAND: The command line name of the process (program started)
Xudt k�t qua J�nh top ra file:

top -cSb -n I > proc.txt
Co thS SU dvng ti�n ich htop dS xem va ki�m soat cac ti�n trinh
Phien Ban Thir Nghifm - L1fll Hanh Nqi B9 69

Men, TRUNG TAM DA.O T�O M�NG MAY TiNHNII.AT NGHE:
B6I TAC B.AO T�O CUA MICROSOFf T�I \'IE:T NAM
105 Ba Huyen Thanh Quan, Q3, TP. HCM Miclosoft· Partner
. - 39.322.735- Website: www.nhatn he.com
A
,.,.;,,.[:� Leaming
,.,
70 Phien Ban Thir Nghifm - Lll'll Hanh N{H B9

....,..J'..."'.Re,t,
"ffll:X
.,
TRUNG TAM E>AO T�O M�NG MAY TINH NBAT NGHf;
B6I TAC B.AO T�O CUA MICROSOFT T� VIt;T NAM
. � 105 Ba Huyen Thanh Quan, Q3, TP. HCM
NHAT NGH� Tel: 39.322.734 - 39.322.735- Website: www.nhatnghe.com
MICIOSOft·Partner
�,
-�
.... � ..�,
Gdd Learning
Topic 4: Devices, Linux Filesystems

Create partitions and filesystems
Control mounting and unmounting of filesystems
Manage disk quotas
Advanced Storage Device Administration - RAID
Logical Volume Manager
Phien Ban Thir Nghifm - Ltru Hanh Nqi Bq 71

Me"' ..
TRUNG TAM DAO T�O M�NG MAY TiNHNIIATNG11¥
D6I TAC DAO T.�.O CUA MICROS0Ff T�I VfE;T NAM �
Microsoll" Partner
,� "¥
,., .,. 105 Ba Huyen Thanh Quan, Q3, TP. HCM

NHAT NGHi::: ".:.i<..'-!d Leaming
Quan tri hf thong ma

1. Quan trj hf th6ng dia
- DBi v&i Linux, khong co khai ni�m cac 6 dia. Toan b(> cac thu mvc va t�p tin dugc "g�n"
Jen(mount) va �o thanh m9t h� thBng t�p tin thBng nhdt, b�t dfiu tir gBc '/'
- Mo ta m9t thi�t bi chua trong thu mvc (/dev)
File thiet bi Y nghia

/dev/cdrom CDRom
/dev/fd* Diamem
/dev/hd* 0 cung IDE
/dev/sd* 0 cung SCSI
/dev/st* Bang tir
/dev/tty* Cac thiet bi giao tiep va cac cong giao tiep (nhu COM, ... )
1.1 Khao sat hf th6ng dia

Xem danh sach cac partition:
[root@localhost -]# fdisk -1
Disk /dev/sda: 42.9 GB, 42949672960 bytes, 83886080 sectors

Units = sectors of 1 * 512 = 512 bytes
Sector size(logical/physical): 512 bytes I 512 bytes
1/0 size(minimum/optimal): 512 bytes I 512 bytes
Disk label type: dos
Disk identifier: Ox0009a588
Device Boot Start End Blocks Id System

/dev/sdal * 2048 411647 204800 83 Linux
/dev/sda2 411648 72091647 35840000 83 Linux
/dev/sda3 72091648 80283647 4096000 82 Linux swap I Solaris
Disk /dev/sdb: 10.7 GB, 10737418240 bytes, 20971520 sectors

Units = sectors of 1 * 512 = 512 bytes
Sector size(logical/physical): 512 bytes I 512 bytes
1/0 size(minimum/optimal): 512 bytes/ 512 bytes
Xem danh sach cac mounted point: df -I (hay df -lb)
[root@localhost-]# df-lTh
Filesystem Type Size Used Avail Use%Mounted on
/dev/sda2 ext4 34G 5.2G 27G 17%I
devtmpfs devtmpfs 922M 0 922M 0% /de·.;
tmpfs tmpfs 931M 84K 931M 1%/dev/shm
72 Phien Bin Thii' Nghifm - Lllll Hanh N{>i B{>

.;_,.1""Jleft- TRUNG TA.M £>Ao T�O M�G MAY TINH NHA.T NGllt:
"ffflfl: 1>61 TAC BAO T*O CUA MICROSOFT T*I vq:T NAM
':�1/i.
� ..,
NHAT NGHI;
,, A 105 Ba Huy�n Thanh Quan, Q3, TP. HCM Aficrosoft·Pa rtner
Tel: 39.322.734 - 39.322.735-Website: www.nhatnghe.com Goid Learning
tmpfs tmpfs 931M 8.9M 922M 1%/run

tmpfs tmpfs 931M O 931M 0%/sys/fs/cgroup
/dev/sdal ext4 190M 96M 80M 55%/boot
/dev/srO iso9660 4 .1G 4.1 G O 100% /run/media/root/CentOS 7
x86 64 [root(a).mayl -]#
Xem dung lm;mg ciia m9t hay nhi�u files: du -f (hay du -lb)
[root@mayl -]# du-h /etc/ I more

204K /etc/sysconfig/network-scripts
4.0K /etc/sysconfig/console
12K /etc/sysconfig/cbq
8.0K /etc/sysconfig/modules
4.0K Ietc/sysconfig/networking/devices
12K /etc/sysconfig/networking/profiles/default
16K /etc/sysconfig/networking/profiles
Xem mount point, format type
[root@localhost Desktop]# lsblk -f

NAME FSTYPE LABEL UUID MOUNTPOINT
sda
dal ext4 58e260c4-a454-4c9c-ac46-9a451268925a /boot
da2 ext4 fa849868-81f6-4301-ae34-920d52526d52 I
sda3 swap d157b04a-702a-4684-9674-64382861143b [SWAP]
sdb
sdc
sdd
srO iso9660 CentOS 7 x86 64 20 l 5-03-31-23-50-00-00 /run/media/r
Mount va Umount m(>t M th6ng t�p tin:

- Umount phan vung /boot ra khoi h� th6ng:
[root@mayl -]# umount /boot
- Mount l�i phan vung /boot:

[root@mayl-]# mount /dev/sdal /boot
- Mount va Umount CDRom:

[root@mayl -]# mount /dev/cdrom /media/
mount: block device /dev/srO is write- rotected, mountin
- Ki�m tra thu mµc vua mount:
Phien Ban Thir Nghifm - Lll'II Hanh N9i B9 73

TRUNG TA.M DAO T�O M�G MAY TiNHNHATNGHf:
...,,..J:."'.lte"'
"fffl:'r 1>61 TAC DAO T�O CUA MICROSOFf T� �TNAM
,.., � I 05 Ba Huy�n Thanh Quan, Q3, TP. HCM lllliclosolt· Partner
NHAT NGHI; ";),:-id Learning
[root8localhost •]t ll /media/

total 614
-rw-r--r-- 1 root root 1fi Apr 1 06:45 CentOS_BuildTag
dnrxr-xr-x 3 root root 2048 Har 2B 05:34 EFI
-rw-r--r-- 1 root root 215 Mar 2B 05:36 EULA
-rw-r--r-- 1 root root 18009 Mar 2B·05:36 GPL
drwxr-xr-x 3 root root 2048 Mar 26 05:34 illages
drwxr-xr-x 2 root root 2048 Mar 28 05:34 isolinux
drwxr-xr-x 2 root root 2048 Mar 28 05:34 LiveOS
drwxr-xr-x 2 root root 589B24 Apr 1 06:42 Packages
drwxr-xr-x 2 root root 4096 Apr l 06:43 repodata
-rw-r--r-- l root root 1690 Mar 28 05:36 RP.M-GPG-i(EY-CentOS-7
-rw-r--r-- 1 root root 1690 Mar 2S 05:36 RP.M-GPG-i(EY-CentOS-Testing-7
-r--r--r-- l root r�t 2BB3 Apr 1 06:50 TRANS.TBL
- Thµc hi�n umount cdrom: umount /mnt/cdrom

[root@mayl -]# umount /media
* Mount va Umount USB: th\fc hi�n tuang t\f.
- Mount va Umount m(>t M thdng t�p tin khi khcri d(>ng: Si'r d1,mg file /etc/fstab
- Xem n(>i dung file /etc/fstab: cat /etc/fstab
[root@mayl -]# cat /etc/fstab
# /etc/fstab
# Created by anaconda on Tue Jun 26 21:04:24 �012
# Accessible filesystems, by reference, are maintained under '/dev/disk'
# See man pages fstab(5), findfs(8), mount(8) and/or blkid(8) for more info
#
UUID=b9d73479-a29f-4167-8ce0-4t2bd83da3ef I ext4 defaults 11
UUID=ae65c65d-555c-4227-a850-a9b51294cd10/boot ext4 defaults 12
UUID=072b5c7c-6aa8,4631-8752-e4cd5cd58 J b9 swap swap defaults 00
tmpfs /dev/shm tmpfs defaults 00
devpts /dev/pts devpts gid=5,mode=620 00
sysfs /sys sysfs defaults 00
I roe proc defaults 00
Dump
frequency
- C6 th� si'ra file /etc/fstab df mount/umqunt bing lenh vi : vi /etc/fstab
-Xem djnh d�mg filesystem:

- Ki�m tra cac file system dang dlIQ'C mounted tren M thdng: df -IT
[root@mayl -]# df -!Th

Filesystem Type Size Used Avail Use% Mounted on
/dev/sda3 ext4 18G 3.3G 14G 20% I
tmpfs tmpfs 504M 0 504M 0% /dev/shm
/dev/sdal ext4 194M 26M 159M 14 % /boot
- ChuAn doan va si'ra 16i file system:

option -a: tµ d(>ng si'ra chfra ma khong dn hoi)
j [root@mayl -]# fsck -a /dev/sdal
74�!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Pbien Ban Thir Nghifm -Llru Hanh Nqi Bq
Me,i
,.,
TRUNG TAM DAO TAO MANG MAY TiNHNHAT NGHE
f>6I TAC f>AO T�O CUA MICROSOFT T�I VI:E;T NAM
� · 105 Ba Huyen Thanh Quan, Q3, TP. HCM MiclOsoft· Partner
NHAT NGH� Tel: 39.322.734 - 39.322.735- Website: www.nhatnghe.com Gcid Leaming
fsck from util-linux-ng 2.17.2

/dev/sdal is mounted.
WARNING!!! The filesystem is mounted. If you continue you ***WILL***

cause ***SEVERE*** filesystem damage.
Do you really want to continue (y/n)? yes
/dev/sdal: recovering journal

/dev/sdal: clean, 38/51200 files, 32764/204800 blocks
1.2. Nang cip hf th6ng ma

Shutdown va g&n them 3 disk scsi 8G
2.1 Td chuc phan klm dia
Kiem tra cac t�p tin thi�t bi dia
[root@may l -]# II /dev/sd*

brw-rw---- I root disk 8, 0 Jul IO 15:39 /dev/sda
brw-rw---- 1 root disk 8, 1 Jul 10 15:40 /dev/sdal
brw-rw---- 1 root disk 8, 2 Jul 10 15:40 /dev/sda2
brw-rw---- 1 root disk 8, 3 Jul 10 15:40 /dev/sda3
brw-rw---- 1 root disk 8, 16 Jul 10 15:39 /dev/sdb
brw-rw---- 1 root disk 8, 32 Jul IO 15:39 /dev/sdc
brw-rw---- I root disk 8, 48 Jul 10 15:39 /dev/sdd
[root@may l -]# fdisk /dev/sdb
[root@mayl -]# fdisk /dev/sdb
Device contains neither a valid DOS partition table, nor Sun, SGI or OSF disklabel
Building a new DOS disklabel with disk identifier Oxfbfdaefl.
Changes will remain in memory only, until you decide to write them.
After that, of course, the previous content won't be recoverable.
Warning: invalid flag OxOOOO of partition table 4 will be corrected by w(rite)
WARNING: DOS-compatible mode is deprecated. It's strongly recommended to

switch off the mode (command 'c') and change display mits to
sectors (command 'u').
Command (m for help): m

Command action
a toggle a bootable flag
b edit bsd disklabel
c toggle the dos compatibility flag
d delete a partition
1 list known partition types
m print this menu
n add a new partition
o create a new empty DOS partition table
p print the partition table
q quit without saving changes

Men,
,.,
TRUNG TAM E>AO T�O M�NG MAY TINH NBAT NGlll:
D(>I TAC DAO T*O CUA MICROSOFT T*1 VJ:t;T NAM
� 105 Ba Huy�n Thanh Quan, Q3, TP. HCM Miclosoft· Partner
NHAT NGHE;: Tel: 39.322.734 - 39.322.735- Website: www.nhatn he.com
g
s create a new empty Sun disklabel

t change a partition's system id
u change display/entry units
v verify the partition table
w write table to disk and exit
x extra functionality (experts only)
Command (m for help):
-T�o phan khu extended l�y h�t dung lugng dia
Command (m for help): n

Command action
e extended
p primary partition (1-4)
e
Partition number (1-4): 1
First cylinder (1-1044, default 1): <Enter>
Using default value 1
Last cylinder, +cylinders or +size{K,M,G} (1-1044, default 1044): <EnterJ>
Command (m for help): p
Disk /dev/sdb: 8589 MB, 8589934592 bytes

255 heads, 63 sectors/track, 1044 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes
Sector size (logical/physical): 512 bytes I 512 bytes
1/0 size (minimum/optimal): 512 bytes I 512 bytes
Disk identifier: Oxtbfdaefl
Device Boot · Start End Blocks Id System

/dev/sdbl 1 1044 8385898+ 5 Extended
-T�o phan khu logical dfiu tien 5GB

Command action
1 logical (5 or over)
I
Last cylinder, +cylinders or +size{K,M,G} (1-1044, default 1044): +SG

76�!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
TRUNG TAM oAo T�O M�G MAY TiNHNHAT NGfll ....�l
.-.AL'lten- ��
7ffr'J: B6I TAC B.AO T�O CUA MICROSOFT T�I VJ:E:T NAM -.:,.,
NHATNGHE
,., 105 Ba Huyen Thanh Quan, Q3, TP. HCM
A
. Aficrosoft·Partner
· · Tel: 39.322.734 - 39.322.735- Website: www.nhatnghe.com Goici Leaming

Disk identifier: Oxtbfdaef l

/dev/sdb5 1 654 5253192 83 Linux
- T�o phan khu logical th(r 2 l�y hth dung luqng dia con l�i:

Command action
I logical (5 or over)
I
Last cylinder, +cylinders or +size{ K,M,G} (655-1044, default 1044): <Enter>
Disk/dev/sdb: 8589 MB, 8589934592 bytes

Disk identifier: Oxtbfdaefl

/dev/sdb5 1 654 5253192 83 Linux
/dev/sdb6 655 1044 3132643+ 83 Linux
.� D� thoat va luu l�i, ch9n w.
- Thl,l'c hi�n tuong tl,l' d� t�o cac partition cha dia /dev/sdc, /dev/sdd Nhung cdn chu y chi
duqc t�o t6i da 4 ·partition (primary partition + extended partition).
Chu y: Dung l?nh mkfs ttd thay t/<5i partition type cho cac partitions sao khi /(JO xong bang
l?nhfdisk.
1.3 Djnh d=,.ng cac phan khu

[root@mayl -]# mkfs.ext4 /dev/sdb5

mke2fs 1.41.12 (17-May-2010)
Filesystem label=
Phien Bin Thfr Nghifm - Lll'll Hanh Nqi Bq 77

Me'C-
,.,
TRUNGTAM E>AO T�O M�G MAY TINHNHA.TNGHl:
1>61 TAC DAO T�O CUA MICROSOFT T� Vll:T NAM
_ 105 Ba Huy�n Thanh Quan, Q3, TP. HCM lllliclosolt- Partner
NHAT NGHe Tel: 39.322.734 - 39.322.735- Website: www.nhatnghe.com ":i-.•k! Leaming
OS type: Linux
Block size=4096 (log=2 )
Fragment size=4096 (log=2 )
Stride=O blocks, Stripe width=O blocks
328656 inodes, 1313298 blocks
6566 4 blocks (5.00%) reserved for the super user
First data block=O
Maximum filesystem blocks=13 46371584
41 block groups
32768 blocks per group, 32768 fragments per group
· 8016 inodes per group
Superblock backups stored on blocks:
32768,98304 , 163840,229376 ,29 4912 ,819200,884736
Writing inode tables: done

Creatingjournal (32768 blocks): done
Writing superblocks and filesystem accounting information: done
This filesystem will be automatically checked every 29 mounts or

180 days, whichever comes first. Use tune2 fs-c or -i to override.
1.4. Tfo mount point khi khoi dqng may
[root@mayl -]# vi /etc/fstab

tmpfs /dev/shm tmpfs defaults 00
devpts /dev/pts devpts gid=5 ,mode=620 00
sysfs /sys sysfs defaults 00
proc /proc proc defaults 00
/dev/sdb5 /data/ketoan ext4 defaults 00
/dev/sdb6 /data/kinhdoanh ext4 defaults 00
Reboot may tinh ho�c #mount -a

Ki�m tra cac phan khu aa dtrqc mount t\f d9ng
[root@mayl -]# df-lTh

/dev/sda3 ext4 16 G 3.0G 12 G 20% I
tmpfs tmpfs 330M O 330M 0% /dev/shm
/dev/sdal ext4 19 4M 26M 158M 1 4 % /boot
/dev/sdb5 ·ext4 5.0G 139M 4.6 G 3 % /data/ketoan
/dev/sdb6 ext4 3.0G 69M 2;8G 3% /data/kinhdoanh
1.5. Quan Iy Quotas

Gi&i h�n user sir di,mg dung lm;mg d'ia
Vd: chi cho ul duqc dung 20M tren mount point /data/ketoan
- M& t�p tin /etc/fstab d� them cac options usrquota (gi&i h�n cho nguai dung) va grpquota (cho
7M�!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
TRUNG TA.M DAO T�O M,:\NG MAY TINHNHATNG�
-A1'Tle/ft :l�,�
"ffll:X B6I TAC BAO T�O CUA MICROSOFT T�l VJl;TNAM " ..,
., 105 Ba Huy�n Thanh Quan, Q3, TP. HCM
A

Afictosolt· Partner
Goi;:j Learning

tmpfs /dev/shm tmpfs defaults O0
devpts /dev/pts devpts gid=5,rnode 620
= 00
sysfs /sys sysfs defaults O0
proc /proc proc defaults O0
/dev/sdb5 /data/ketoan ext4 defaults,usrquota,grpquota O 0
/dev/sdb6 /data/kinhdoanh ext4 defaults O0
- Thl,fc hi�n l�nh mount -o remount /data/ketoan (hay khc'ri d<}ng l�i server)
[root@mayl '""]# mount -o remount /data/ketoan
- Thl,fc hi�n quotacheck:
[root@mayl -]# quotacheck-avug
-a: Ki�m tra tit ca nhung h� th6ng t�p tin du hinh quota.
-v: Hi�n thi thong tin tr�ng thai khi ki�m tra.
-u: Ki�m tra quota cua ngucri dung.
-g : Ki�m tra quota cua nh6m.
[root@mayl -]# quotacheck -avug

quotacheck: Your kernel probably supports journaled quota but you are not using it.
Consider switching to journaled quota to avoid running quotacheck after an unclean
shutdown.
quotacheck: Scanning /dev/sdb5 [/data/ketoan] done
quotacheck: Cannot stat old user quota file: No such file or directory
quotacheck: Cannot stat old group quota file: No such file or directory
quotacheck: Cannot stat old user quota file: No such file or directory
quotacheck: Cannot stat old group quota file: No such file or directory
quotacheck: Checked 2 directories and O files
quotacheck: Old file not found.
quotacheck: Old file not found.
N�u chua t�o t�p tin luu trii thong tin du hinh cua user () va nh6m () trong /data, Thi khi ch�y l�nh
quotacheck se bao 16i khong tim thfty d6ng thai cung se w t�o 2 t�p tin tren aquota.user,
aquota.group trong /data.
Ki�m tra 2 files luu trii thong tin du hinh quota: ls -'I /data
[root@mayl -]# II /data/ketoan/

total 32
-rw------- 1 root root 6144 Jul 10 16:18 aquota.group
-rw------- I root root 6144 Jul 10 16:18 aquota.user
drwx------ 2 root root 16384 Jul 10 16:04 lost+found
Ch�y l�i l�nh quotacheck: quotacheck-avug

[root@testviettel /]# guotacheck -avug
quotacheck: Scanning /dev/sda3 [/data] done
quotacheck: Checked 3 directories and 4 files
- Kh&i d9ng quota:
Phien Ban Thir Nghifm - L1111 Hanh Nqi Bq 79

TRUNGT.AM DAO T�O M�NG MAYTINHNHA.TNGllt
.-.A.J:.°1te,i,
"/frJ; D6I TA.C DAO T�O CUA MICROSOFT T�I VIE;T NAM
105 Ba Huyen Thanh Quan, Q3, TP. HCM ArlCrOSOlt" Partner
NHAT NGH�
,, A
[root@mayl -]# quotaon-a
-T�o user ul va d�t password cho user

[root@mayl -]# useradd ul
[root@mayl -]# passwd ul
- Phan b6 quota cho usera: edquota -u ul

M(>t s6 options cua l�nh edquota :
-u : Thi�t l�p quota cho user.
-g : Thi�t l�p quota cho group.
-p: Sao chep quota tu nguoi dung nay qua nguoi dung khac.
-t: Chinh sua thoi gian cua gi6i h�n m�m (soft limit).
[root@mayl -]# edquota -u ul

Disk quotas for user ul (uid 500):
Filesystem blocks soft hard inodes soft hard
/dev/sdb5 0 0 20000 0 0 0
[root@mayl -]# chmod 777 /data/ketoan/

- Ki€m tra quota cua u I
Login ul
[ul@mayl root]$ cp-rv /etc/ /data/ketoan/

'/etc/rc5.d'-> '/data/ketoan/etc/rc5.d'
'/etc/fprintd.conf-> '/data/ketoan/etc/fprintd.conf
cp: writing '/data/ketoan/etc/fprintd.conf: Disk quota exceeded
'/etc/crypttab'-> '/data/ketoan/etc/crypttab'
'/etc/hosts'-> '/data/ketoan/etc/hosts'
cp: writing '/data/ketoan/etc/hosts': Disk quota exceeded
cp: cannot create directory '/data/ketoan/etc/skel': Disk quota exceeded
cp: cannot create directory '/data/ketoan/etc/setuptool.d': Disk quota exceeded
'/etc/redhat-release' -> '/data/ketoan/etc/redhat-release'
quota-u ul
[ul@mayl root]$ quota -u ul

Disk quotas for user ul (uid 500):
Filesystem blocks quota limit grace files quota limit grace
/dev/sdb5 20000* 0 20000 956 0 0
[ul(a),mayl root]$
[ul@mayl root]$ du-sh /data/ketoan/

du: cannot read directory '/data/ketoan/lost+found': Permission denied
20M /data/ketoan/
* Ngoai ra ta c6 th€ su di,mg l�nh quotastats, repquota d€ xem m(>t s6 thong tin th6ng ke v€
quota
2. Logical Volume Management (LVM)
80 Phien Bin Thii' Nghi�m - Llfll Hanh Nqi Bq·

111i1e,i,
,.,
TRUNG TAM BAO TAO MANG MAY TiNHNIIAT NGHE
DOI TAC BAO T�O CUA MICROSOFT T� VQ:T NAM
_ 105 Ba Huyen Thanh Quan, Q3, TP. HCM Afictosott·Partner
:'.�11�
�,,,

. - 39.322.735- Website: www.nhatnghe.com Gold Learning
LVM la m9t phuong phap cha phep §.n djnh khong gian dia cung thanh nhiing Logical Volume khien
cho vi�c thay d6i kich thu&c trcr Jen de dang. H6 trg thay d6i kich thu&c ma khong cdn phai sua l�i
partition table CUa h� di�u hanh. Di�u nay th1JC SIJ hfiu ich VOO nhiing trucmg hgp Oa SU di.mg het phdn
khong gian con tr6ng cua,partition va mu6n mcr r(mg dung lugng cua no.
G�n 3 disk scsi 8G
volgl volg2
4G
/data/ketoau -- logd sdbS 56 sdb6 36
logv3 - /data/soft
6G
/(lata,:ld11luloanl1 - logv2 sdcS 56 sdc6 36
sdd5 56 sdd6 36
Bl. tA chirc phan khu Ola

- T�o cac phan khu Ola
[root@mayl -]# fdisk /dev/sdb
Command,(m forhelp): p
Device Boot Start End Blocks , Id System
/dev/sdb5 1 654 5253192 83 Linux
/dev/sdb6 655 1044 3132643+ 83, Linux
- Dung l�nh fdisk d� thay d6i ki�u cua cac partion la Linux LVM
Command (m for help): t

Hex code (type L to list codes): Se
Command (m for help): t

Hex code (type L to list codes): Se
Changed system type of partition 6 to 8e (Linux L VM)

Units = cylinders of 16065 * 5 I 2 = 8225280 bytes
Phien Bin Th« Nghiim - L1111 Hanh N{H Bq 81

Jt.t'.L"'lte,t,
"/flrJ:
TRUNGTAM flAO TAO MANG MAY TINHNHA.TNGHE
D6I TAC DAO T�O CUA MICROSOFT T� VI:E;TNAM
Miclosolt" 1Partner
�,"! .. ..
NHAT NGHI; Tel: 39.322.734 - 39.322.735-Website: www.nhatnghe.com
,,. A
;.i,;,k5 Leaming
Sector size (logical/physical): 512 bytes I 512 b ytes

Disk identifier: Oxfbfdaefl

/dev/sdb5 1 654 5253192 8e LinuxLVM
/dev/sdb6 655 1044 3132643+ 8e LinuxLVM
Command (m for heip):
L�p l�i cho /dev/sdc, /dev/sdd
B2. T�o Physical volume

- T�o m(>t physical volume cho partition /dev/sda3
[root@mayl -]# pvcreate /dev/sdb5

Writing physical volume data to disk "/dev/sdb5"
Physical volume "/dev/sdd6" successfully created
[root@mayl -]# pvcreate /dev/sdb6
[root@mayl -]# pvcreate /dev/sdc5
[root@mayl -]# pvcreate /dev/sdc6
[root@mayl -]# pvcreate /dev/sdd5
[root(a),mayl -]# pvcreate /dev/sdd6
- KiJm tra l�i physical volume tren h� th6ng
[root@rnay l -]# pvs

PV VG Fmt Attr PSize PFree
/dev/sdb5 lvm2 a-- 5.0lg 5.0lg
/dev/sdb6 lvm2 a-- 2.99g 2.99g
/dev/sdc5 lvm2 a-- 5.0lg 5.0.lg
/dev/sdc6 lvm2 a-- 2.99g 2.99g
/dev/sdd5 lvm2 a-- 5.0lg 5.0lg
/dev/sdd6 lvm2 a-- 2.99g 2.99g
[root(a),mayl -]#
B3. T�o Volume group:

- T�o 2 volume rou
[root@mayl -]# vgcreate volgl /dev/sdb5 /dev/sdc5
Volume group "volgl" successfully created
[root@mayl -]# vgcreate volg2 /dev/sdb6 /dev/sdc6
Volume group "volg2" successfully created
[root ma 1 -]#
Ki�m tra l�i volume group tren h� th6ng

[root@mayl -]# vgs
VG #PV #LV #SN Attr VSize VFree
vo1g 1 2 0 0 wz--n- i 0.02g 10.02g
volg2 2 0 0 wz--n- 5.97g 5.97g
82 Phien Ban Thfr Nghifm - L1ru Hanh Nqi B9

_,..J:."'lte"'
7,rJ;
TRUNG TAM £>AO T�O M�G MAY TINHNHAT NGffl:
DOI TAC DAO T�O CUA MICROSOFf T�I Vlf:T NAM
--=�I�
� ..,
,.. � I 05 Ba Huyen Thanh Quan, Q3, TP. HCM
NHAT NGH� Tel: 39.322.734- 39.322.735-Website: www.nhatnghe.com Aficmsoft· Partner
Gold Learning
I [root@mayl -]#
B4. T�o logical volume
[root@mayl -]# lvcreate --size 4G--name logvl volgl

Logical volume "logvl" created
[root@mayl -]# lycreate --size 5G--name logv2 volgl
Logical volume "logv2" created
[root@mayl -]# lvcreate --size 5G--name logv3 volg2
Logical volume "logv3" created
- Ki�m .---��--,
tra
[root@mayl -]# lvs
LV VG Attr LSize Origin Snap% Move Log Copy% Convert
logvl volgl -wi-a- 4.00g
logv2 volgl -wi-a- 5.00g
logv3 volg2 -wi-a- 5.00g
[root@mayl -]# vgs

volgl 2 2 0 wz--n 10.02g 1.02g
volg2 2 l O wz--n- 5.97g 992.00m
froot@mayl "-]#
B5. Dinh d�ng file system sang ext4 :

[root@mayl -]# mkfs.ext4 /dev/volgl/logvl
[root@mayl -]# mkfs.ext4 /dev/volgl /logvl

mke2fs 1.41.12 (17-May�2010)
Filesystem label=
OS type: Linux
Block size=4096 (log=2)
Fragment size=4096 (log=2)
Stride=O blocks,Stripe width=O blocks
262144 inodes, 1048576 blocks
52428 blocks (5.00%) reserved for the super user
First data block=O
Maximum filesystem blocks=1073741824
32 block groups
32768 blocks per group,32768 fragments per group
8192 inodes per group
Superblock backups stored on blocks:
32768,98304,163840,229376,294912,819200,884736
Writing inode tables: done

Creatingjournal (32768 blocks): done
Writing superblocks and filesystem accounting information: done
This filesystem will be automatically checked every 30 mounts or

180 days,whichever comes first. Use tune2fs -c or -i to override.
Phien Ban Thir Nghifm - Llfll Hanh Nqi B9 83

Me,i, D6I
TRUNG TAM DAO T�O M�G MAY TINHNHAT NG:Ht
TAC DAO T�O CUA MICROSOFT T�I �T NAM
I 05 Ba Huyen Thanh Quan, Q3, TP. HCM
N�AT NGH� Tel: 39.322.734 - 39.322.735- Website: www.nhatn he.com
,., . A
r.';,)i:l Leaming
[root@mayl -]# mkfs.ext4 /dev/volgl/logv2

[root@mayl -]# mkfs.ext4 /dev/volg2/logv3
B6. T�o mount ponit

[root@mayl -]# mount /dev/volgl/logvl /data/ketoan/
[root@mayl -]# mount /dev/volgl/logv2 /data/kinhdoanh/
[root@mayl -]# mount /dev/volg2/logv3 /data/soft/
[root@mayl -]# df -lTh

/dev/sda3 ext4 I 6G 3.0G 12G 20% I
/dev/sdal ext4 194M 26M 158M 14% /boot
/dev/mapper/volg1-logv1
ext4 4.0G 136M 3.7G 4% /data/ketoan
ext4 5.0G 138M 4.6G 3% /data/kinhdoanh
ext4 5.0G 138M 4.6G 3% /data/soft
87. Ma r9ng /data/kinhdoanh 4.6G -7 8G

Ma r9ng volgl
[root@mayl -]# vge�tend volgl /dev/sdd5
Volume group "volg1" successfully extended
[root@mayl -]# vgs

volgl 3 2 O,vz--n-15.02g 6.02g
volg2 2 1 0 wz--n- 5.97g 992.00m
[root@mayl -]#
Ma r9ng logv2
[root@mayl -]# lvextend -L +3G /dev/volgl/logv2
Extending logical volume logv2 to 8.00 GiB
Logical volume logv2 successfully resized
[root@mayl -]# lvs

L V VG Attr LSize Origin Snap% Move Log Copy% Convert
Jogvl volgl -wi-ao 4.00g
logv2 volgl -wi-ao 8.00g
logv3 volg2 -wi-ao 5.00g
[root@mayl -]#
Ti�n hanh resize

[root@mayl -]# e2fsck -f /dev/volgl/logv2
[root@mayl -]# resize2fs /dev/volgl/logv2
[root@mayl -]# df -ITh
/dev/sda3 ext4 16G 3.0G 12G 20% I
/dev/sdal ext4 194M 26M 158M 14% /boot
84�!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Phien Ban Thii' Nghi�m - L1r11 Hanh Nqi Be)
�,, "Jle,i, TRUNGTAM oAo T�O M�G MAY TiNHNHA.T NGH:t:
L
�/,r'J; D6I TAC DAO T�O CUA MICROSOFI' T� VlE:T NAM �� ",.,
105 Ba Huy�n Thanh Quan, Q3, TP. �CM Mictosoft·Pa rtner
-N-H ...
A_T_N_G_H_E· Tel: 39.322.734 - 39.322.735- Website: www.nhatnghe.com Ge;,; Learning
/dev/mapper/vo]gl-Jogvl
ext4 4.0G 136M 3.7G 4% /data/ketoan
/dev/mapper/vo1gl-1ogv2
ext4 7.9G 140M 7.4G 2% /data/kinhdoanh
/dev/mapper/vo1g2-1ogv3
ext4 5.0G 138M 4.6G 3% /data/soft
Phien Bin Thw Nghifm - Llfll Banh N{H B9 85

TRUNG TAM DAO T�O M�G MAy TiNH NBAT NGffl:
J>AL7le'f!
----�
7,rJ; DOI TAC BAO T�O CUA MICROSOFf T�I VJt;T NAM
NHAT NGH · Tel: 39.322.734 - 39.322.735-Website: www.nhatnghe.com
Miclosoff· Partner
':h.'i:i Leaming
Topic 5: System Startup

Customising system startup and boot processes
System recovery
86�!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!�
Phien Ban Tbir Ngbifm - Ltru Hanh Nqi Bq
-'e"'
rt
TRUNG TAM DAO T�O M�G MAY TINHNHA.T NG�
B6I TAC B.AO T�O CUA MICROSOFT T�I viiT NAM
.,. 105 Ba Huyen Thanh Quan, Q3, TP. HCM Aficrosoft·Pa rtner
::�I�
..: ..,
NHATNGHc . - 39.322.735 - Website: www.nhatnghe.com

• Tel: 39.322. 734 Goia Learning
1. Boot Manager voi GRUB

1.1. Xem file ciu hinh grub
Sim file /boot/grub2/grub.confnhu sau:
[root@mayl boot]# vi /boot/grub2/grub.conf
Thay d6i timeout thanh 30 va sira n(>i dung menu boot
- Luu file grub.conf li;ti va khai d(>ng l�i h� th6ng.

. - Sau khi khai d(>ng li;ti h� th6ng se hi�nmenu boot nhu sau:
ChQn He dieu hanh.
Y nghia mqt s6 tham s6:

- default: ChQn h� di�u hanh n,r d(>ng boot vao neu nguai dung khong ch9n tu menu boot.
- timeout: Thai gian cha ngtrai dung ch9n h� di�u hanh. Thai gian nay tinh b�ng giay.
- splashimage: File image hien thj t�i menu boot.
- hiddenmenu: An menu boot.
- menuentry: Tieu d� cua HOH tren menu boot.
. - root: Partition va 6 dia cua HDH khcri d9ng.
- kernel: Duang ddn chi den kernel image.
- initrd: Cho phep load kernel modules tir m9t image.
Chuy:

TRUNG TAM DAO T�O M�G MAY TiNHMIAT NGJlt;
�e,t, D6I TA.C DAO T�O CUA MICROSOFT T�I VIt;T NAM �,� � ..
K 105 Ba Huy�n Thanh Quan, Q3, TP. HCM
A
Miclosolt" Partner
NHAT NGH�
Kh<'ri d(>ng linux tir dfru nhic grub> (gia su mfrt file /boot/grub2/grub.conf)
Grub>ls ;Xem danh sach disk, partition

1 s s poss 1 e COMMiUH1 coMp e 1 ons. 11ywne
possible device or file coMpletions.
rurJ> ls
(LdB) (hd0.Msrlos3) (hrl0. Msdos2) (hd0.nsdos1) (fd0)
Tllb)
Grub>ls (hd0,1)/ ho�c
Grub>ls -1 (hdO,msdos1)/
grub> ls 01d0.Msdos1)/
lost+founct/ grub/ yrubl/ initraMfs-3.10.0-229.el7.x86_64. iHy S
229.el7.x86_64 config-3.10.0-229.el7.x86_64 syMvers-3.10.0-229
linuz-3.10.0-229.el7.x86_64 initraMfs-0-rescue-2e62928b9dBc4bd
. iMg VMlinuz-0-rescue-2e62928b9d0c4bd3ba2044b87a77eBd2 initrd
raMfs-3.10.0-229.el7.x86_64kduMp. iMg vHlinuz-3.20.0-229.el7.xB
20. 0-229.el 7. x86 64. iHa
grub> ls (hd0.1)/
lost+found/ yrub/ grub�/ initraMfs-3.10.0-229.el7.x86_64. iMg S
229.e17.x86_64 config-3.10.0-229.e17.x86_64 syHvers-3.10.0-229
linuz-3.10.0-229.el7.x86_64 initraMfs-0-rescue-2e62928b9d0c4bd
.iMg VMlinuz-0-rescue-2e62928b9d0c4bd3ba2044b87a77e0d2 initrd
raMfs-3.10.0-229.el7.x86_64kduMp.iMy vMlinuz-3.20.0-229.el7.x8
20.0-229.el7.x86_64. iMy
rub> ls Chd0,2)/
lost+found/ boot/ dev/ proc/ run/ sys/ etc/ root/ tHp/ var/
ib64 hoMe/ Media./ Mnt/ opt/ srv/ data/
rub> _
Grub>set root=hd0,2
Grub>linux (hd0,l)/vmlinuz-3.10.0-229.e17.x86_64 root=/dev/sda2
Grub>initrd (hdO, 1)/initramfs-3.10.0-229.el7.x86_64.img
Grub>boot
#mkdir /tam
#mount /dev/sdal /tam
Ti�n hanh sfra chfra
1.2. Them m{,t kernel moi vao boot menu

Chuy�n thu ffi\JC lam vi�c vao thu ffi\JC /boot
[root@mayl -]# cd /boot/
T�o ban sao cua kernel hi�n hanh va d�t ten la new-duplicate-kernel
# cp vmlinuz-3.10.0-229.el7.x86_64 vmlinuz-3.20.0-229.el7.x86_64
T�o ban sao cua image initrd va d�t ten la new-duplicatekernel.img

# cp initramfs-3.10.0-229.el7.x86_64.img initramfs-3.20.0-229.el7.x86_64.img
Sfra file /boot/grub/grub.conf nhu sau:

[root@mayl boot]# vi /boot/grub2/grub.conf
88 Phien Ban Thw Nghi�m - Llfll Hanh N{,i Bq

Men, DOI TAC DAO T�O CUA MICROSOFT T� Vll:T NAM
TRUNG TAM DAO T�O M�G MAY TiNHNIIA.T NGIQ:
ff ,. 105 Ba Huyen Thanh Quan, Q3, TP. HCM

NHATNGHc
Mictosoft·Pa rtner
· Tel: 39.322.734 - 39.322.735- Website: www.nhatnghe.com Goid Learning
Chep dong 76790 vao sau dong 90, sira l{l.i nhu sau:
91 menuentry 'He dieu hanh..CentOS Linux 7 (Core), with Linux 320.0-229.el7.x86_64' --class rhel
fedora --class gnu-Iinux --class gnu --clas s os --unrestricted $menuentry _id_option 'gnulinux-
3.10.0-229.el7.x86_64-advanced-92dd65a3-6293-4f7c-ac60-8cc0599cfe87' { 92 load_video
93 set gfxpayload=keep
94 insmod gzio
95 insmod part_msdos
96 insmod ext2
97 set root='hdO,msdos1'
98 if [ x$featuie_platform_search_hint = xy ]; then .
99 search --no-floppy --fs-uuid --set=root --hint-bios=hdO,msdosl --hint-:efi=hdO,msdos l --
hint-baremetal=ahciO,msdos1 --hint='hdO,m sdos l ' d 1 bf360f-50b5-459d-92f5-195aa5215f54
100 else
101 search --no-floppy --fs-uuid --set=root d I bf360f-50b5-459d-92f5-l 95aa52 l 5f54
102 fl
103 linux16 /vmlinuz-3.20.0-229.el7.x86 64 root=UUID=92dd65a3-6293-4f7c-ac60-
8cc0599cfe87 ro crashkernel=auto rhgb quiet LANG=en_US.UT F-8
104 initrdl6 /initramfs-3.20.0-229.e17,x86_64.img
105}
Reboot va quan sat menu khai d<}ng
2. Phyc h8i Password ciia User Root

Trong trucmg hgp ta da mdt m�t khAu cua user root, co nhi�u each d� phvc hdi m�t khAu cho user
nay:
- Ta co th� khm d<}ng dia m�m (dung l�nh mkbootdisk hay dd d� t�o dia m�m boot nay)
- Dl)'a vao boot.loader GRUB hay LILO
Giao trinh nat se hu6"ng din cac b�n phvc h6i m�t khAu root b�ng each dl,fa vao boot loader GRUB
nhusau:
- Khm d<}ng may tinh
.,; Khi man hinh GRUB xudt hi�n, ta ch9n phim e d� edit boot loader (N�u khi cai d�t co d�t
mjt khdu cho GRUB thi phai nh�p m�t khAu vao)
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!89
Phien Bin Thir Nghifm - Llfll Hanh Nqi Bq
?llil�
,..,
TRUNG TA.M DAO T�O M�G MAY TINHNHA.T NGiq:
D6I TA.C DAO T*O CUA MICROSOFT T*I VI:E;T NAM
� 105 Ba Huyen Thanh Quan, Q3, TP. HCM Microsoft" Partner
. - 39.322.735- Website: www.nhatnghe.com '.'i,.•i:� Leamir.ig
-Ch9n Kernel boot CentOS 7 (core) sau d6 ch9n phim e d� edit m1,1c nay
Dung phim miii ten chuy�n xu6ng dong cu6i cung (linux l6 ....)
insHod part_Hsdos
insMod ext2
set root='hd0.Msdos1'
if [ x$feature_platforM_search_hint = xy ]: then
search --no-floppy --fs-uuid --set=root --hint-bios = hd0,Hsdo
t-efi=hd0,Msdos1 --hint-bareMetal=ahciB,Msdosl --hint='hd0,Msdos1' d1
0b5-459d-92f5-195aa5215f54
�lse
search --no-floppy --fs-uuid --set=root d1bf360f-50b5-459d-9
a5215f54
fi
linux16 /vMlinuz-3.10.0-229.el7.x86_64 root=UUID=92dd65a3-6293
60�Bcc0599cfe87 ro crashkernel=auto rhgb quiet LAHG=en_US.UTF-8
initrd16 /initraMfs-3.10.0-229.el7.xB6_64�iMg
Press Ctrl-x to start. Ctrl-c for a coMMand proMpt or Escape to

discard edits and return to the Menu. Pressing Tab lists
pos�ible coMpletions.
Sfra ro thanh rw init=/sysroot/bin/sh
90 Phien Ban Thii' Nghifm - Ltr0 Hanh N9i B9

TRUNq TA� DAO T�� M�NG MAY TINH NBAT NGUl
..J..'1lefC, DOI TAC BAO T�O CUA MICROSOFT T� �T NAM
"/,r'J;
_A___
NH
T NGHE· Tel: 39.322.734 - 39.322.735-Website: www.nhatnghe.com Aficrosoft·Pa rtner
Go!ci Learning
Nhin "Ctrl+x"
#chroot /sysroot ; truy c�p vao system
. Th\lC hi�n l�nh passwd d8 thay d6i rh�t khdu cho user root.
#passwd root
- Dung l�nh reboot d8 khcri d(mg l{li M th6ng.
3. Protect Single User Mode
+Tfo Password cho Protect Grub2 a d=,ng Plaintext

Sao luu file grub.cfg va IO_linux
Phien Ban Thir Nghifm - Ltr11 Hanh Ni)i B{, 91

�Ai.'1len- TRUN� TA� oAo T�� M�NG MAY TiNHNHA! NGHE:
"'ftr'J:. DOI TAC DAO T�O CUA MICROSOF'f T�I VJ¥T NAM
---- 105 Ba Huy�n Thanh Quan, Q3, TP. HCM Miclosolt' Partner
NHAT NGH� Tel: 39.322.734 - 39.322.735- Website: www.nhatn he.com -:�:.>! :: Leaming
#cp /boot/grub2/grub.cfg /boot/grub2/grub.cfg.orig

#cp /etc/grub.cl/IO_linux /etc/grub.cl/IO_linux.orig
Them vao cuAi file IO_linux, user va pass
# vi /etc/grub.d/1O_linux
cat<< EOF
set superusers="ngoc"
password ngoc 123
EOF
Tt10 file grub;conf c6 user, pass
·
# grub2-mkconfig --output /boot/grub2/grub.cfg
Xem k�tqua:
# vi /boot/grub2/grub.cfg
. 120 set superusers="ngoc"
121 password ngoc 123
122 ### END /etc/grub.cl/IO_linux ###
Reboot, nh!n "e'' dS vao ch� d<) single user se yeu du username, pass
DS bo pass cua grub, ma file grub.con[ ch�n d!u # tru&c dong 120,121
+Tfo Password cho Protect Grub2 i1 dfng mi boa
Restore file grub.cfg va 10_linux
#cp /boot/grub2/grub.cfg.orig /boot/grub2/grub.cfg
#cp /etc/grub.d/1O_linux�orig /etc/grub.d/1O_linux
T�o passord ma h6a:

# grub2-mkpasswd-pbkdf2
Enter password:
Reenter password:
PBKDF2 hash of your password is
grub.pbkdf2.sha512.10000. l 88243F5C37E23C5FF35A 7F930CC5BF l FC1EB7D0287FAD8
D0284E722DDCC62D149BF4F5A9EFE22B03CD0EDAF67F9498F1D428938DD6CED IC
4B2903AB0735F07F. l 1B9EA350346CFC1D2288EOC10421DC2992A8B8EC54543F7CB
DA43C78D7FF509E8F08409E7319FOC6621 C7CB6203388BC17987D90FBO 15A6825580F
3D5A4D935
Them vao cu6i file IO_linux (b6 ph�n du hinh tru&c c16)
cat<< EOF
set superusers="ngoc"
password_pbkdf2 ngoc
grub.pbkdt2.sha512.10000.188243F5C3 7E23C5FF35A 7F930CC5BF I FC I EB7D0287F AD8
92 Phien Bin Thir Nghifm - Lllll Hanh Nqi Bq

,.,..J:.'1le,i. TRUNG TAM DAO T�O M�NG MAY TINHNHATNG.ut:
"/r,r'J; DOI TAC BAO T�O CUA MICROSOFT T� VJlTNAM
105 Ba Huy�n Thanh Quan, ·Q3, TP. HCM Aficrosoft·Partner
-N-HA-.,T_N_G_H_!
• Tel: 39.322.734 - 39.322.735- Website: www.nhatnghe.com Goid Learning
D0284E722DDCC62D149BF4F5A9EFE22B03CDOEDAF67F9498F1D428938DD6CED1C
4B2903AB0735F07F.11B9EA350346CFC ID2288EOC I 0421DC2992A8B8EC54543F7CB
DA43C78D7FF509E8F08409E7319FOC6621C7CB6203388BC17987D90FBO l 5A6825580F
3D5A4D935
EOF
T,o file grub.conf co user, pass
# grub2-mkconfig --output /boot/grub2/grub.cfg
Xem k�tqua:
# vi /boot/grub2/grub.cfg
120 set superusers="ngoc"

121 password_pbkdf2 ngoc PBKDF2 hash of your password is
grub.pbkdf2.sha512.1OOOO.BFE21 ECFA8E7B2306B5DA6BBOA8D49FCF32CC8CE42D70
E71OD455994098EF66DCB I OAB99A5A9D0925893D29A13E09FBF8DCEACOD1 E
3 l 408B6FD8F509202BE1A0.0l 97ADD5D71AB20717F A1F23 l 85C9332781A7FB500D6A
78D5BBOB28DEB39C
Reboot, nhfin "e" d� vao ch€ d<) single user se yeu cAu usemame, pass
4. Quin ly tac services khi khoi dqng

systemctl startjstopjreloadjstatusjenablejdisable httpd
Xem t�ng thai djch v1,1:
#systemctl status firewalld
firewalld.service - firewalld - dynamic firewall daemon
Loaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled)
Active: inactive (dead)
Khcri d<)ng service khi boot may

[root@localhost -]# systemctl enable firewalld
In -s '/usr/lib/systemd/system/firewalld.service' '/etc/systemd/system/dbus-
org.fedoraproject.FirewallD I .service'
In :-S '/usr/lib/systemd/system/firewalld.service'
'/etc/systemd/system/basic.target.wants/firewalld.service'
[root@localhost -]# systemctl status firewalld
. Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled)
Active: inactive (dead)
Khcri d{>ng service thu cong
[root@localhost -]# systemctl start firewalld
[root@localhost -]# systemctl status firewalld
Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled)
Active: active (running) since Sat 2015-04-25 11:15:59 JCT; 1s ago
Main PIO: 2386 (firewalld)
CGroup: /system.slice/firewalld.service
aa2386 /usr/bin/python -Es /usr/sbin/firewalld --nofork --nopid
Phien Bin Thll' Nghifm - LU11 Hanh �qi Bq 93

TRUNG TAM DAO T�O M�NG MAY TINHNIIAT NG11¥
..,.AJ'..."'lte'C'
"f,r'J; B6I TAC BAO T_.;.O CUA MICROS0Ff T_.;.I �T NAM
., � 105 Ba Huy�n Thanh Quan, Q3, TP. HCM Microsolt Partner
NHAT NGH� Tel: 39.322.734 - 39.322.735- Website: www.nhatn he.com (·:oitJ Leaming
Apr 25 11:15:59 localhost.localdomain systemd[l]: Started firewalld - dynamic firewall

daemon.
Ki�m tra l�i danh sach cac Services d.rgc n�p vao khi khcri d9ng;
[root@localhost -]# systemctl list-unit-files --type=service

[root@localhost -]# systemctl list-unit-files --type=service I grep fi
anaconda-nm-config.service static
configure-printer@.service static
firewalld.service enabled
firstboot-graphical .service disabled
nf�-config.service static
postfix.,service enabled
rhel-configure.service static
systemd-tmpfiles-clean.service static
systemd-tmpfiles-setup-dev.service static
systemd-tmpfiles-setup.service static
230 unit files listed.
94�!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!e
Pbien Ban Thii' Nghifm - Lll'U Hanh N{>i B{>
-i,,ett, TRUNG TAM f>AO TAO MANG MAY TiNHNIIATNGHE
.AA�..
"lfrX D6I TAC DAO T*O CUA MICROSOFT T� VI:f;TNAM

':'<�I,
�,.,
105 Ba Huyen Thanh Quan, Q3, TP. HCM Aficrosoft· Partner
NHATNGHE .
,., A
· Tel: 39.322. 734 - 39.322.735 - Website: www.nhatnghe.com Goid Learning
Topic 6: Shells, Scripting

Customize and use the shell environment
Customize or write simple scripts
Logon scripts
Phien Ban Thir Nghifm - Lll11 Banh Nqi Bq 95

Men,
�
TRUNG TA.M BAO T�O M�G MAY TINHNHA.T NGHE:
DOI TAC BAO T�O CUA MICROSOFT T� V1*T NAM
_ I 05 Ba Huy�n Thanh Quan, Q3, TP. HCM
NHAT NGH� Tel: 39.322.734 - 39.322.735- Website: www.nhatnghe.com ":.:,;,!::! Leaming
Gi6i thifu Shell script

Binh thucmg thi shell la trinh giao ti�p. C6 nghia la shell chdp nh� cac l�nh tir nguoi dung
(keyboard) va th\fc thi n6. Nhung n�u h{ln mu6n su dl,U1g nhi€u l�nh chi b�ng mQt l�nh, thi b{ln c6 th€
luu chu6i l�nh vao text file va bao shell th\fC thi text file nay thay vi �p vao cac l�nh. Di€u nay g9i
la shell script.
Shell script la mQt chudi cac l�nh dm;rc viet trong plain text file. Shell script thi gi6ng nhu batch file
trong MS-DOS nhung m{lnh hon.
Tf,i sao phai vi�t shell script
• Shell script c6 th€ nh� input tir user, file holtc output tir man hinh.
• Ti�n lqi a€ t{lO nh6m l�nh rieng.
• Ti�t ki�m thoi gian.
• Tg dQng lam m9t vai cong vi�c thucmg xuyen.
1. Sqan thao shell script:
- Su dvng hit ky trinh so{lil thao nao nhu: vi, mcedit...
- Sau khi vi�t shell script thi thi�t l�p quy€n th\fc thi cho n6 theo du true:
Chmod permissions scriptname
Vi dv: do{ln scipt sau se t{lo ra 50 user trong nh6m g-maketing
#Vidul.sh
i=50;
groupadd g-marketing
while [ $i -gt O]
do
useradd -G g-marketing kd$i
passwd --stdin kd$i << end
123456
123456
end
i='expr $i - 1'
done
Gan quy€n thl,l'C thi:

# chmod +x viduI .sh ho�c
# chmod 755 vidul .sh
Th1Jc thi cho script b�ng du true:

# bash vidu I .sh holic
# sh vidu I .sh holtc
# .I vidu I .sh
Shell script g6m cac thanh phdn:

- Bi�n
- L�nh h6 trq bcri shell bash
- cfo true l�nh di€u khi€n
2. Sir dyng bi�n
96�!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!�
Phien Ban Thir Nghifm - LtrU Hanh Nc)i Be)
TRUNG TAM DAO T�O M�G MAY TiNHNIIAT NG8¥
_...,.,1'.."'.Re,,t,
--,,---A
"f,r'J;
NHAT NGH� Tel:
DOI TAC B.AO T�.O CUA MICROSOFT T�I V£E;T NAM
I 05 Ba Huyen Thanh Quan, Q3, TP. HCM
39.322. 734 - 39.322.735 - Website: www.nhatnghe.com
Mictosoft·Pa rtner
c,.,:ld Learning
Bi�n g6m 3 1Qai:

Bi�n moi trucmg toan eve - Global environment variables, c6 th� thdy 6 bdt ky ti�n trinh - process
cha hay con
[root@serverl -]# printenv

SSH-AGENT-PID=2853
HOSTNAME=serverl .nhatnghe.com
DESKTOP-STARTUP-ID=
TERM=xterm
SHELL=/bin/bash
HISTSIZE=l 000
. GTK_RC_FILES=/etc/gtk/gtkrc:/root/.gtkrc-1.2-gnome2
WINDOWID=5242888l
LANG=en US.UTF-8
SSH_ASKPASS=/usr/libexec/openssh/gnome-ssh-askpass
SHLVL=3
HOME=/root
GNOME-DESKTOP-SESSION-ID =Default
LOGNAME=root
CVS RSH=ssh
DBUS_SESSION_BUS_ADDRESS=unix:abstract=/tmp/dbus.:.
17eKbDTtFR,guid=2bf64b4b984bcbcc92d9 l e5e14642c00
LESSOPEN=lfusr/bin/lesspipe.sh %s
DISPLA Y=:0.0
G-BROKEN-FILENAMES=!
COLORTERM=gnome-terminal
XAUTHORITY=/toot/ .Xauthority
_=/usr/bin/printenv
[root@serverl -]#
Bien moi trucmg C\J.C b(>: Local environment variables chi thdy duqc trong shell t�o ra no
97
Phien Ban Thir Nghifm - Llru Hanh N{>i B{>
TRUNG TAM DAO T�OM�NG MAY TiNHNIIATNG8¥
...A.J'.."2e,t, B6I TAC BAO T..;_O CUA MICROSOFT T.;.I \'IE:T NAM
r-/ffl:'X ��·- ..
� _ l 05 Ba Huyen Thanh Quan, Q3, TP. HCM Miclosolt" Partner
NHATNGHE :
· Tel: 39.322. 734 - 39.322.735 - Website: www.nhatnghe.com
[root@serverl -]# set

BASH=/bin/bash
BASH_ARGC=()
BASH_ARGV=()
BASH_LINENO=()
BASH_SOURCE=()
BASH_VERSINF0=([0]="3" [I] ="l" [2] ="17" [3] ="1" [4] ="release" [5] ="i686-redhat
linux-gnu")
BASH_VERSION='3.1.17(1)-release'
LANG=en US.UTF-8
LESSOPEN='lfusr/bin/lesspipe.sh %s'
LINES=34
LOGNAME=root
MACHTYPE=i686-redhat-linux-gnu
MAIL=/var/spool/mail/root
MAILCHECK=60
SSH-AGENT-PID=2853
SSH_ASKPASS=/usr/libexec/openssh/gnome-ssh-askpass
SSH_AUTH_S0CK=/tmp/ssh-WIBkQ02829/agent.2829
TERM=xterm
UID=O
USER=root
WINDOWID=5242888 l
XAUTHORITY=/root/.Xauthority
XMODIFIERS=@im=none
=clear
consoletype=pty
[root@serverl -]#
Nhfrng bi�n toan C\JC va C\JC b9 dugc djnh nghia bai cac ky ti,r hoa, vi d1,1: USER, HOSTNAME ...
C6 the in ra b§.t ky bi�n moi trucmg nao nhu sau:
$ echo $USER
$ echo $HOME
$ echo $HOSTNAME
Bi,n do ngtroi dung djnh nghia: User Defined variables

Su dl)ng cu phap:
Variable name=value
Value duqc gan cho 'variable name' va value phai n�m hen phai d§.u =
Vi d1,1:
$ sumfile=O
$ sumdir=O
Nguyen tic dJt ten bi,n:

- Bi�n phai b�t dftu b�ng ky tµ alphanumeric ho�c underscore U, theo sau b&i m9t ho�c nhi�u ky tµ
alphanumeric.
Vi dy:
98�!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Phien Ban Thir Ng�ifm - LtrU Hanh Nqi Bq
Men, TRUNG TAM DAO T�O M�NG MAY TINH NBAT NGfll:
1>61 TA.C DAO T�O CUA MICROSOFT T� VJt;T NAM
��
�.-,
Microsoft· Partner
NHAT NGH�
., A
Tel: 39.322.734 - 39.322.735-Website: www.nhatnghe.com Goid Leaming
Cac bi�n hgp I�: max_num, system_process,
- Khong co khoang trAng giua hai hen diu bing khi gan gia tri bi�n.
Vi dv: Cac khai bao sau se co 16i:
$ vall =10
$ val2= 10
$ va13 = 10
- Phan bi�t chu hoa va thucmg.

Vi dv: Cac bi�n sau se khac nhau:
$ varl =lO
$ Varl=l 1
$ VAR1=20
$ var1=2
- Dinh nghfa bi�n NULL nhu sau:

$ empty=
$ strl=""
Khi in ra cac bi€n NULL nay, thi khong co gi tren man hinh ooi vi chung khong co gia trf.
- Khong si'.r di,mg cac ky ti!?, * ...d� d�t ten cho .bi€n.
In va truy c�p gia trj cua UDV:
$variablename
Ho�c echo $variablename
3. Sir dyng lfnh trong shell

3.1. ChU'c nang ciia mqt s6 ki ti}'
Ki tg Chuc nang
*? [] Ki tlJ d�i di�n hay theo mh

& Ch�y ung di,mg i:J che d9 nen , tra l�i dfru nhac h� thong cho
Cac tac Vl,l khac .
' Dau phan each nhieu l�nh tren m9t dong l�nh
\ Tat tac d1,1ng cua nhfrng ki tg d�c bi�t nhu *, ?, f, ], &,; , >, <,I
I
"'
I
Khi thani sb la nh6m tu (co khoang trong ) .
II
... II
Khi tham so co khoimg trong va cac ki ttJ d�c bi�t ngo�i tru ki ti.r $ Va I
> Dinh huong du li�u xuat ra file .
< Dinh hu6ng du li�u nh�p tu file
>>. Dinh hu6ng du li�u xuat ra cuoi file neu file da ton t�i
I Dinh hu6ng du lieu xuAt la du lieu nh�p cho 1enh tiep theo
I
... I
Dau huyen du lieu xuat cua m9t l�nh lam tham so
$ Sir d1,1ng bien moi trm'mg
3.2 Sir dyng Ifnh read

L�nh read t�m ngung script va dqi nguai sir d1,1ng nh�p vao gia ttj tu
Ban phim r6i gan cho ten bi€n
Read variable 1, variable2,... variablen
Vi dv sau nhilc nguai sir d1,1ng nh�p vao ten file duqc copy :
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!99
Phien Ban Thir Nghifm - Ltr0 Hanh Nqi Bq
DAO T�� M�NG MAY TiNHNHATNGH¥
.AA1'1le't' T�UNq TA�
"ffrX DOI TAC BAO T�O CUA MICROSOFT T� \'1¥TNAM
105 Ba Huy�n Thanh Quan, Q3, TP. HCM Miclosoft' Partner
� A
Echo "nhgp ten file cdnhiin thj "

Readfilename
Cat $filename
C6 th� sir di.mg read v6i cac thong s6 sau:

-n : chi chip nh�n 1 ky ti.r nh�p
-p : in thong bao nhic nhc'J
Read-nl -p "B�n mu6n tit�p tµc [YIN]?" answer

Case $answer in
YI y) echo
Echo "Ok, b�n ti�p tµc lam vi�c...";;
NI n) echo
Echo OK, tam bi�t
Exit;;
Esac
Echo "Ket thuc script"
3.3. SU" d\lng cac tham s6 dong lfnh

Cac tham s6 dong l�nh dugc phan each bc'Ji it nhllt m(>t ki 11J tr6ng
(N�u trong d6i s6 c6 khoang tr6ng thi phai d�t n6 trong c�p ngo�c kep ) . Ten
L�nh va cac d6i s6 dtrQ'C gan cho cac bi€n la $0, $1 , ....,$9 . Ten l�nh la $0 '
D6i s6 thfr nhllt cua l�nh Ia $1 , d6i s6 thfr 2 cua l�nh la $2 , ...., $9 .
Ngoai ra : $# d€ chi s6 cac tham s6 , $" d€ chi tfrt ca cac tham s6 , $$ d€

Lily PIO cua Shell scrpit .
Vi dµ sau c6 ten la vd2.sh:
# Name : vidu2:sh
echo $0
echo $1 $2
echo $3
Gia SU' ta nh�p vao dong l(mh sau :
vd2.sh -s Truong "tin hoc" "nhat nghe"
. k€Jt qua la
vd2.sh
Truong tin hoc
nhat nghe
3.4 Trich din (quote):

C6 3 lo�i quote:
1. " (double quote): B�t ky thu g1 trong da.y d�u bi· h1iy •v nghfa c1ia kv• t11· do (trtr
' \ v�- $),
2. '(�ingle quote):'Duy tri khong thay d6i.
106 Phien Ban Thll' Nghifm - LtrU Hanh Niji Bi}

"frrrJ;
T�UN9 TA� E>AO T�q M�NG MAY TiNHNHA.! NGlq:
....A.l'.."'.ltt"' DOI TAC DAO T�O CUA MICROSOFT T� vq:T NAM . --:4l/� ..�
,
--N---�
NHATNGHE
I 05 Ba Huy�n Thanh Quan, Q3, TP. HCM Microsolt·Pa rtner
· · Tel: 39.322.734 - 39.322.735- Website: www.nhatnghe.com Goid Leaming
3.' (back quote): thi,rc thi l�nh.

Vi d\l:
$ echo "Today is date"=> in ra Today is date
$ echo "Today is 'date'".=> in ra Today is Tue Jan....
4. Cac ciu true ctieu khiin
4.1 Phat biiu if
Dang I
If command
Then
Commands
Fi
Dang2
If command
Then
Commands
Else
Commands
Fi
x Dang3
If command]
Then
Command set 1
Elif command2
Then
Command set 2
Elif command]
Then
Ph�p toan so sanh tren dir lifu kiiu s6
So sanh Mota
NJ eq n2 Dung neu n 1 bang n2.
NJ gen2 Dung neu nl Ion hon ho�c bang n2.
NJ gtn2 Dung neu nl Ion hon n2
NJ len2 Dung neu nl nho hon ho�c bang n2
NJ It n2 Dung neu n 1 nhcr hon n2
NJ nen2 Dung neu n I khong bang n2
Vi du3.sh so sanh 2 so nhap tu ban phim
Phien Ban Thfr Nghifm - Ltru Hanh Nqi Bq 101

.l',.'Jle"' TRUN9 TA¥ flAO T�(! M�G MAY TINHNHA.! NGIIt:
r_,.
/frJ: D6I TAC DAO T*O CUA MICROSOFT T*1 VJl:T NAM
., A
Echo"Nhap so a:"
Read a
Echo"Nhap so b:"
Read b
If [$a-It $b]
Then
Echo"so $a nho hon so $b"
Elif [ $a-eq $b]
Then
Echo"so $a bang so $b."
Else
Echo"so $a Ion hon so $b.. "
Fi
vidu4.sh
# !/bin/bash
Vall= lO
Val2=11
If [ $vall -gt 5]
Then
Echo "Gia tri $val1 Ion hon 5"
Fi
If [ $vall -eq $val2]
Then
Echo "2 gia tri bang nhau"
Else
Echo "hai gia tri khac nhau"
Fi
Phep toan so sanh tren dir lifu kiiu chu6i
So sanh Mota
Strl = str2 E>ung neu chu6i sir 1 }!ion}! chu6i str2.
Strl ! = str2 E>ung neu chu6i sir] khac chuoi sir2.
Strl < slr2 Dung neu chu6i slrl nho hcrn chu6i str2.
Strl > slr2 E>ung neu chu6i sir1 Ian han chu6i str2.
-n strl Dung neu chuoi sir1 co t/9 dai Ian han 0.
-z strl E>ung neu chu6i sir1 co t/9 dai ban}! 0.
$ vidu5.sh
102 Phien Ban Thir Nghifm - LU'U Hanh Nqi B9

M�
· TRUNGTAM DAO TAO MANG MAY TiNHNHATNGHE
D61 TAC BA.O T�O CUA MICROS0Ff T�I �TNAM
':'.'��I�..
,
� ,.. 105 Ba Huy� Thanh Quan, Q3, TP. HCM M"ICIOSOft·Partner
NHAT NGHfi: Tel: 39.322.734 - 39.322.735- Website: www.nhatnghe.com Gofci Learning
#!/bin/bash
# so sanh bang
Read -p "nhJp ten user:" testuser
If [ $USER != $testuser]
Then
Echo "User hien tai khong la $testuser"
Else
Echo "Ban dang longin vai $testuser"
Fi
$ vidu6.sh
#!/bin/bash
# kiem tra do dai chuoi
Val I =testing
Val2="
If [ -n $val l ]
Then
Echo "The string '$val I' is not empty"
Else
Echo "The string '$val 1' is empty"
· Fi
If [ -z $val2]
Then
Echo "The string '$val2' is empty"
Else
Echo "The string '$val2' is not empty"
Fi
If [ -z $val3]
Then
Echo 11 The string '$val3' is empty"
Else
Echo "The string '$val3' is not empty"
Fi
$ .I vidu6.sh
The string 'testing' is not empty
The string '' is empty
The string " is empty
Phep tc$an ki@� tra file/directory
Phien Ban Thir Nghifm - Lll'll Hanh N9i B9 103

TRUNG TAM E>Ao Tto MtNG MAY TiNHNHATNGe.t:
.AA.J'..."lte"'
"ff,r'J; D6I TAC DAO T�O CUA MICROSOFT T�I vq;T NAM
. ,.., _ 105 BaHuy�n Thanh Quan, Q3, TP. HCM llllicn,soft- Partner
-xfile
-0 file
-G le la user hi�n hanh,
File] -ntfile2
File] -ot le2
vidu7.sh nh�p ten file/directory can kiem tra
#!/bin/bash
# kiem tra file nhap vao la file hay thu m1,1c
Read -p "Nhap ten fjle, directory can kiem tra:" file

If [ -e $file]
Then
Echo "$file khong ton tai"
Elif [ -f$file]
Then
Echo "$file la file!"
Elif [ -d $file]
Then
Echo "$file la thu muc"
Fi
Cac phep tinh sA hc,c

Let duqc dun� de thtJC hi�n cac phep tinh s6 h9c
Cac toan tu so h9c:+, -, *,I,%
Cac toan tu so sanh:>=, >, <, <=, = = , !=
Cac toan tu logic:!' &&'11
vidu8.sh - tinh tong, hieu, tich, thuong tu 2 so nhap tu ban phim
Read -p " nhap 2 so a, b: " a b

Tong= ' expr $a + $b'
Echo "Tong cua 2 s6 $a va $b la : $tong"
Hieu=' expr $a - $b'
Echo "Hi�u cua 2 s6 $a va $b la : $hieu"
Tich=' expr $a \* $b'
Echo "Tich cua 2 s6 $a va $b la:$tich"
Th=' expr $a I $b'
Echo "Thuong cua 2 s6 $a va $b la:$th"
4.2 Phat bi�u for
Cuphap
104 Phien Bin Thir Nghifm - LU11 Hanh N{>i B{>

Men,
...,
TRUNG TA.M DAO T�OM�G MAY TiNHN11ATNG0¥
DOI TAC D.AO T�O CUA MICROSOFT T�I V!lTNAM
� 105 Ba.Huyen Thanh Quan, Q3, TP. HCM Mictosoft·Pa rtner
-:�I,
",.,
. - 39.322.735- Website: www.nhatnghe.com Goid Learning
For var in list

Do
Commands
Done
$ vidu9.sh T{lo ra cac thu muc
For test inketoankinhdoanh dao tao

Do
Mkdir /$test
Done
$ vidulO.sh
#kiem tra file, directory trong folder /etc

For file in /etc/*
Do
If [ -d "$file"]
Then
Echo "$file is a directory"
Elif [ -f"$file"]
Then
Echo "$file is a file"
Fi
Done
vidul 1.sh
# vong lap sau thuc hien 10 Ian

For(( i= 1; i < 10; i++))
Do
Echo "gia trike tiep la $i"
Done
vidu12.sh
Phien Ban Thfr Nghifm -Lllll Hanh Nqi B9 105

Men,
,.,
TRUNG TAM DAO T�O MANG MAY TINH NHAT NGm:
D6I TA.C DAO T�O CUA MICROSOFT T# VI:E;T NAM
_ 105 Ba Huyen Thanh Quan, Q3, TP. HCM l/llic,osott- Partner
�,� .. ..
. - 39.322.735- Website: www.nhatn e.com �,;,�it.! Leaming
gh
# 2 vong for long nhau
For (( i=l; i <= 10; i++ ))

Do
Echo "gia trike tiep Ia $i"
For (( j=l; j <= 10; j++ ))

Do
Echo "Inside loop: $j"
Done
Done
4.3 Phat bi@u while
While test command

Do
Other commands
Done
vidul3.sh
Varl=lO
While [ $var I -gt O]
Do
Echo $varl
Var1=$[ $varl - 1] # tuong duong voi: varl='expr $varl - 1 '
Done
4.4 Phat bi@u ultil
Until test commands

Do
Other commands
Done
vidu14.sh
Varl=lOO
Until [ $var! -eq O]
Do
Echo $var!
Vari=$[ $varl - 25]
Done
tub Phien Ban Thfr Nghifm - Ltru Hanh Nqi Bq

7,rJ;
TRUNG TA.M DAO T�O M�NG MAY TiNH NBAT NG:et;
.,.A1""1le/tt
D6I TAC D.AO T�O CUA MICROSOFT T�I VIf:T NAM
-:�"'"I,
,., 105 Ba Huyen Thanh Quan, Q3, TP. HCM
A

ArlCl'OSOft· Partner
Goici Leaming
Kit hVP while va for

vidul5;sh
Var1=5
While [ $varl -ge O ]
Do
Echo "Outer loop: $varl"
For (( var2 = 1; $var2 < 3; var2++ ))
Do
Var3 = $[ $varl * $var2]
Echo " Inner loop: $varl * $var2 = $var3"
Done
Var1=$[ $varl - 1]
Done
K�t hVP ultil va while

vidu16.sh
Varl =3
Until [ $var1 -eq O]
Do
Echo "Outer loop: $var I"
Var2 = 1
While [ $var2 -It 5]
Do
Var3='echo "scale=4; $varl I $var2" I be'
Echo " Inner loop: $var1 I $var2 = $var3"
Var2 =$[ $var2 + 1]
Done
Yar1=$[ $varl - I ]
Done
Ngit vong IJp

vidu17.sh
For varl in 1 2 3 4 5 6 7 8 9 10
Do
If [ $varl -eq 5]
Then
Break
Fi
Echo "Gia tri tiep theo: $var1"
Done
Echo "Vong lap for hoan thanh"
vidul8.sh
Phien Bin Thir Nghifm - Ltru Hanh Nqi Bq 107

J>AZ.""'Jle/f!
"'(,r"J;
TRUNG TAM DAO T�O M�NG MAY TINHNIIAT NGJil;
B6I TAC BAO T�O CUA MICROSOFT T� �T NAM �". ..
105 Ba Huyen Thanh Quan, Q3, TP. HCM Miclosolt' Partner
NHAT NGH� Tel:39.322.i34 - 39.322.735-Website: www.nhatn he.com
,, . A
';io;:j Leaming
# breaking out of a while loop

Varl=l
While [ $varl -It 10]
Do
If [ $varl -eq 5]
Then
Break
Fi
Echo "Iteration: $varl"
Vari =$[ $varl + 1]
Done
Echo "The while loop is completed"
vidu19.sh
# su dung lenh continue voi for

For (( varl = I; varl < 15; varl++ ))
Do
If [ $varl -gt 5] && [ $varl -It 10 J
Then
Continue
Fi
Echo "Iteration number: $varl"
Done
vidu20.sh
# su dung lenh continue voi while

Varl=O
While echo "while iteration: $varl"
[ $varl-lt 15]
Do
If [ $varl -gt 5] && [ $var I -It 10]
Then
Continue
Fi
Echo " Inside iteration number: $varl"
Var1=$[ $varl + 1]
Dohe
108 Phien Ban Thii' Nghifm - Llru Hanh N9i B9

1"1le"' TRUNG TAM DAO T�O M�NG MAY TINH NBA.T NGBl:
......
7fll!J: DOI TAC BAO T�O CUA MICROSOFT T� VJl:T NAM
-...--- 105 Ba Huy�n Thanh Quan, Q3, TP. HCM Aficmsoft·Partner
NH4 T NGHe Tel: 39.322.734 - 39.322.735-Website: www.nhatnghe.com Goid Leaming
vidu21.sh
# dinh huong xuat den file

For(( a = 1; a< 10; a++))
Do
Echo "The number is $a"
Done> test23.txt
Echo "The command is finished."
vidu22.sh
# doc du lieu tu file

Count=l
Cat /etc/passwd I while read line
Do
Echo "Line $count: $line"
Count=$[ $count + I]
Done
Echo "Finished processing the file"
vidu23.sh
#tao menu
Function diskspace {
· Clear
,#'-,
Df-k
}
Function whoseon {
Clear
Who
}
Function memusage {
Clear
Cat /proc/meminfo
}
Function menu {
Clear
Echo
Echo -e. "\t\t\tsys Admin Menu\n"
Echo -e "\tl. Display disk space"
Echo -e "\t2. Display logged on users"
Echo -e "\t3. Display memory usage"
Echo -e "\tO. Exit program\n\n"
Echo -en "\t\tenter option: "
Read -n I option
}
Phien Ban Thu- Nghifm - Llfll Hanh N9i B9 109

TRUNG TAM DAO T�O M�NG MAY TiNH NIIAT NGH'
..,.,,L"l!e,t,
7ffl;"J; D6I TAC DAO T�O CUA MICROSOFT T� VfE:T NAM
,, � 105 Ba Huyen Thanh Quan, Q3, TP. HCM Microsoll·Partner
NHATNGHE· . "3,A::i Leaming
# su dung option -e, cho phep echo su dung ki tu

# <lieu khien dac biet, vd \t kq: tab
While [ 1]
Do
Menu
Case $option in
0)
Break;;
1)
Diskspace;;
2)
Whoseon;;
3)
Memusage;;
*)
Clear
Echo "Sorry, wrong selection";;
Esac
Echo -en " \n\n\t\t\thit any key to continue"
Read -n l line
Done
Clear
D9an script tren se t�o ra menu c6 cac chuc nang nhr sau:
sys Admin Menu
1. Display disk space

2. Display logged on users
3. Display memory usage
e. Exit program
Enter option:
11�01!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!�
Phien Ban Thll' Nghifm - Llfll Hanh Nqi B9
TRUNG TA.M DAO T�O M�NG MAY TiNH NIIAT NGIQ:
..,..J'..'Jle,f, 1>61 TAC l>AO T�O CUA MICROS0Ff T� VJt;T NAM
"/,rJ;
-:�i�
�--,
105 Ba Huyen Thanh Quan, Q3, TP. �CM
-NH_A_T_N_G_H_�• Tel: 39.322.734 - 39.322.735-Website:
Microsoft· Partner
www.nhatnghe.com G,1ic.i Learning
,ff{06/20/6
Topic 7: Linux Kernel

.Kernel Components
Compiling a kernel
Patching a kernel
Customise, build and install a custom
kernel and kernel modules
Phien Bin Thii' Nghifm - LtrU Hanh Nqi B9 111

Men, TRUNG TAM DAO T�O MANG MAY TiNHNllATNGffl
B6I TAC BAO T�O CUA MICROSOFT T� VQTNAM
105 Ba Huyen Thanh Quan, Q3, TP. HCM Nliclosoff· Partner
NHAT NGH� Tel: 39.322.734 - 39.322.735- Website: www.nhatn e.com
., A
gh
1. Kernel module:
Xem version cua kernel b�ng l�nh:
[root@localhost-]# uname -a
Linux localhost.localdomain 3.10.0-229.el7.x86 64 #1 SMP Fri Mar 6 11:36:42
UTC 2015 x86 64 x86 64 x86 64 GNU/Linux
Dung l�nh lsmod d� li�t ke cac module cua kernel:
[root@localhost-]# lsmod I more

Module Size Used by
tcp_lp 12663 0
nls utf8 12557 1
isofs 39844 1
bnep 19704 2
bluetooth 372662 7 bnep
rfkill 26536 3 bluetooth
fuse 87741 3
coretemp 13435 0
crct lOdif_pclmul 14289 0
crc32_pclmul 13113 0
crc32c intel 22079 0
ghash_clmulni_intel 13259 0
aesni intel 52846 0
lrw 13286 1 aesni intel
gf128mul 14951 1 lrw
glue_helper 13990 1 aesni intel
ablk_helper 13597 1 aesni intel
cryptd 20359 3 ghash_ clmuln_i_intel,aesni_intel,ablk_helper
snd ens1371 25243 3
snd rawmidi 30824 1 snd ens1371
snd-ac97-codec 130476 1 snd ens1371
ac97 bus 12730 1 snd-ac97-codec
snd_seq 63074 0
snd_seq_device 14497 2 snd_seq,snd_rawmidi
ppdev 17671 0
snd_pcm 103996 2 snd_ac97_codec,snd_ens1371
vmw balloon 13415 0
serio raw 13462 0
pcspkr 12718 0
snd timer 29562 2 snd_pcm,snd_seq
Dung l�nh modinfo d� xem thong tin cua m<)t module:
[root@localhost-]# modinfo ext4

filename: /lib/modules/3.10.0-229.el7.x86 64/kernel/fs/ext4/ext4.ko
license: GPL
description: Fourth Extended Filesystem
author: Remy Card, Stephen Tweedie, Andrew Morton, Andreas Dilger,
11•2!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Phien Ban Thir Nghifm - Lll'll Hanh Nqi B9
,. AL"Tleft! · TRUNG TMf DAO T�O M�NG MAY TINHNHA.T NGH.f;
"fl,rx Bl>I TAC BAO T40 CUA MICROSOFT T4J VJ¥T NAM
---- I 05 Ba Huy�n Thanh Quan, Q3, TP. HCM Mictosoft·Pa rtner
NHAT NGHe Tel: 39.322. 734 - 39.322.735 - Website: www.nhatnghe.com G,,id Leaming
Theodore Ts'o and others

I _fs-ext4
. alias:
Dung Jenh insmod d8 insert them m(>t module vao kernel:

froot@localhost -]# insmod /Jib/moduJes/3. l 0.0-229.e17.x86_64/kernel/crypto/arc4.ko
N�u bao Jfii vi module nay ph\l thu(>c vao m(>t module khac chua duqc insert. Tim trong fiJe
/Jib/modules/3.10.0-229.e17.x86_64/modules.dep d8 bi�t m6i quan he ph\l thu(>c.
Dung Jenh Jsmod, Het ke 1{li cac module:
[root@Jocalhost Desktop]# lsmod I grep arc4

arc4 12608 0
Dung Jenh rmmod d8 remove 2 module vira insert.

#rmmod arc4
uet ke module ]{ti d8 ki8m tra
[root@loca]host Desktop]# lsmod I grep arc4
2. Compiling kernel
Cai thu vi�n : .
# yum install gee ncurses ncurses-deve]
- Download source kernel tir trang kemeJ.org.
- E>8 bien djch duqc kernel, cdn cai b(> C compiler. Xem l{li phdn cai d�t a bai tru&c.
- Giai nen g6i source:
- T{lo fiJe corifig. C6 th8 t{lo file config:
o make config: d{lng text file, man hinh hi�n ra nhi�u cau hoi, tra loi ldn luqt.
. o make menuconfig: d{lng d6 h9a, (ki�u d6 h9a tren DOS), d� sfr dt,mg han.
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!epeheeen !!!!!! ean!!!!!! eheee heiefe

me-!!!!!! etru!!!!!! eaeneheN!!!!!!91e·e
Bo:eeee!!!!!!!!!!!!!!!!!!ee!!!!!!�ll3
e
i B T N fr L H
.... .J:.�e,t, TRUN9 TA¥ DAO T�� M�NG MAY TiNHNHA! NGH:f:
A
"(111:"J: B6I TAC BAO T�O CUA MICROSOFT T� vq;T NAM
105 Ba Huy�n Thanh Quan, Q3, TP. �CM Microsoft· Partner
N
__H_A,..T_N_G_H_E· Tel: 39.322. 734 - 39.322.735 - Website: www.nhatn he.com g
� -
root@loca!host:-/linux-3.0.36
- - --------- -- - -- ----
_ c x
o make xconfig ho?c gconfig: giao di�n d6 h9a.
Linux/x86_64 3.2.3 Kernel Configuration

File [dit Qption !:ielp
II I:
r·
i() � �
Option !Option
f General setup I
T 111111:!I
f-0100 HZ
11 t!(-fUt!l ll y
f··0Enable loadable module support l !

t,·Enable the block layer
!
11 -0 250 HZ
· I j !·j-0300 HZ
L®lOOOHZ
l ! l
! '·DParavirtualized guest support Iii r·@kexec system call

f-·Power management and ACPI options
r·@kernet crash dumps
ii .
'f·Bus options (PCI etc.)

�-Executable 1ile formats I Emulations
I
r
(OxlOOOOOO) Physical address where the kernel is loaded
i Hi21Build a relocatable kernel
I
+·Networking support
' rSupport for hot-pluggable CPUs
j 1
:+}-Device Drivers I
!-·Firmware Drivers rocompat VDSO support
!
I LoBuilt-in kernel command line

lf:·File systems -----
ri:··Kernel hacking
I r@Tracers
f ;kl-ess siste;(o;
;�i� Tick�"; �-=�;-·-----""----·
l 1...osample kernel code

' .
! CONFJG_NQ_HZ:
I
1-se,urity options
i
o make oldconfig: lfty 11}.i file config cii.

- Sau khi da tl}.o file config, l�n Jugt thµc hi�n nhfrng l�nh sau dS tiSn himh bien dich kernel:
o make dep: ki�m tra sµ phv thu9c gifra nhfrng file C.
11�4!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Pbien Ban Thir Nghifm - LtrU Hanh Nqi Bq
M�
TRUNG TAM DAO T�O M�G MAY TINHNHA.T NGUl
DOI TAC DAO T�O CUA MICROSOFT T�I V.IlT NAM �l '\:-,,
tt
NHAT � I 05 Ba Huyen Thanh Quan, Q3, TP. HCM
NGH,; Aficrosoft·Pa rtner
Tel: 39.322. 734 - 39.322.735 - Website: www.nhatnghe.com Goid Learning
o make clean: dQn d�p nhiing file bien dich cu, co th� da dugc t�o ra trong g6i source.
o make bzlmage: �o kernel image.
[root@localhost linux-3.2.3]# make bzimage

. HOSTLD scripts/kconfig/conf
cripts/kconfig/conf --silentoldconfig Kconfig
arning: (GFS2_FS) selects OLM which has unmet direct dependenc
))
arning: (IMA) selects TCG_TPM which has unmet direct dependenc
arning: (SCHED AUTOGROUP) selects CGROUP SCHED which has unmet
arning: (SCSI_SRP) selects SCSI_TGT which has unmet direct dep
arning: (MEDIA_TUNER) selects MEDIA_TUNER_TEA5761 which has un
RIMENTAL)
arning: (ACPI_HOTPLUG_CPU) selects ACPI_CONTAINER which has un
arning: (GFS2-FS) selects DLM which has unmet direct dependenc·
))
a ming: ( IMA) selects TCG TPM which has unmet direct dependenc ·
arning: (SCHED AUTOGROUP)-selects CGROUP SCHED which has unmet
arning: (SCSI_SRP) selects SCSI_TGT 'which has unmet direct dep
arning: (MEDIA-TUNER) selects MEDIA-TUNER-TEA5761 which has un
RIMENTAL)
.
arning: (ACPI...:HOTPLUG_CPU) selects
. .
ACPI_CONTAINER which has un
'
o make modules: bien djch nhfrng module da ch9n h,ra.
[root@localhost linux-3.2.3]# make modules

CHK include/linux/version.h
CHK inc1ude/generated/utsrelease.h
CALL sc ripts/checksyscalls.sh
AS [M] arch/x86/c rypto/aesni-intel_asm .o
CC [M] arch/x86/crypto/aesni-intel_glue.o
CC [M] arch/x86/crypto/fpu.o
AS [M] arch/x86/crypto/blowfish-x86 64-asm-64.o
CC [M] a rch/x$6/crypto/blowfish_glue. o
AS [M] arch/x86/c rypto/ghash-clmulni-intel asm.o
CC [M] arch/x86/crypto/ghash-�_1mulni-inte1:glue.o
AS [M] arch/x86/crypto/shal ssse3 asm.o
CC [M] arch/x86/crypto/shal-ssse3-glue.o
AS, [M] arch/x86/crypto/twofish-x86- 64-asm-64-3way.o
CC [M] arch/x86/crypto/twofish_g1ue_3way.o
AS [M] arch/x86/crypto/twofish-x86_64-asm_64.o
CC [M] arch/x86/crypto/twofish glue.o
LO [Ml arch/x86/crypto/blowfish-x86 64.o
LO [M] arch/x86/crypto/twofish-x86 64.o
LO [M] arch/x86/crypto/twofish-x86_64-3way.o
LO [Ml arch/x86/crypto/aesni-intel.o
o make modules_install: nhfrng module da bien djch se dugc dua vao

/lib/modules/kernel-version.
o make install: Kernel image va initrd dugc dua vao /boot/.
115
Phien Bin Thtr Nghifm - L1111 Hanh N9i B9
Men, TRUNG TM1 DAO T�O M�G MAY TINHNHAT NGH¥
D6I TAC DAO T�O CUA MICROSOFT T� VltT NAM
--/.-I/•
��
Microsoft'Pa rtner
., A
[root@Iocalhost linux-3.2.3]# II /boot/

total 116292
-rw-r--r--. 1 root root 123838 Mar 6 18:45 config-3.10.0-229.el7.x86_64
drwxr-xr-x 2 root root 1024 Apr 28 15:20 extlinux
drwxr-xr-x. 2 root root 1024 Apr 14 17:17 grub
drwxr-xr-x. 6 root root 1024 Apr 28 16:51 grub2
-rvv-r--r--. 1 root root 16496720 Apr 14 17:25 initramfs-3. l0.0-229.el7.x86_64.img
-rw-r--r-- 1 root root 16569444 Apr 18 10:24 initramfs-3.10.0-229.el7.x86_64kdump.img
-rw-r--r-- I root root 15951823 Apr 28 16:51 initramfs-3.2.3.img
-rwxr-xr-x. 1 root root 5029136 Mar 6 18:45 vmlinuz-3.10.0-229.el7.x86-64
.
-rw-r--r-- 1 root root 3855312 Apr 28 16:51 vmlinuz-3.2.3

-rw-r--r-- J root root 3855312 Apr 28 16:48 vmlinuz-3.2.3.old
o KiSm tra thu m\lc /boot da c6 kernel image va initrd

o Xem file /boot/grub2/grub.conf d� kiSm tra m9t kernel m6i da duqc them vao.
76 menuentry 'CentOS Linux (3.2.3) 7 (Core)' --class rhel fedora --class gnu-linux --class gnu
--class os --unrestricted $men uentry_id_option 'gnulinux-3.10.0-229.el7.x86_64-
advanced-92dd65a3-6293-4flc-ac60-8cc0599cfe87' {
77 load video
78 set gfxpayload=keep
79 insmod gzio
80 insmod part_msdos
81 insmod ext2
82 set root='hdO,msdos1'
83 if [ x$feature_platform_search_hint = xy ]; then
84 search --no-floppy --fs-uuid --set=root --hint-bios= hdO,msdosl --hint-
efi=hdO,msdos1 --hint-baremetal=ahciO,msdo s1 --hint= 'hdO,msdos1' d1bf360f-
50b5-459d-92f5-195aa52 l 5f54
85 else
86 search --no-floppy --fs-uuid --set=root d1 bf360f-50b5-459d-92f5-195aa5215f54
87 fi
88 linux16 /vmlinuz-3.2.3 root=UUID=92dd65a3-6293-4flc-ac60-8cc0599cfe87 ro
crashkemel=auto rhgb quiet LANG=en_US.UT F-8 systemd.debug
89 initrd16 /initramfs-3.2.3.img
90}
116 Phien Ban Thir Ngbifm - Llfll Hanh N9i Bq

�-.,,el',TRUNG TAM DAO TAO MANG MAY TINHNHA.T NGHE
":<G1/,
"ltrX D61 TA.C BAO T�O CUA MICROSOFT T� Vlf;T NAM
-. -.---.
�'"
ff 105 Ba Huyen Thanh Quan, Q3, TP. HCM Aficrosoft·Partner

NHATNGHE• Tel: 39.322. 734 - 39.322. 735 - Website: www.nhatn he.com
g Goid Leaming
Menu khcri d(>ng
Ki8m tra·kemel m6i
CentOS Linux 7 (Core)

.'.eri ,el 3.Z.3 on an x86 64
l o c ,1 l li o s t l o q i n : r o o t
P ssc.mrcl:
Lctst login: Tue Apr ZS 15:08:26 from 192.168.1.10
[rootLJ!oca.1!1ost -rn una.me -a
Liiwx loc<dhost.localdomain 3.2.3 :ttl SMP Tue Apr 28 15:58:45
G4 x86_G4 GNU/Linux
[ roo UH oca. l host - lit
Phien Ban Thir Nghiim - Llfll Hanh N9i B{, 117

TRUNG TAM :E>AO T�O M,:\NG MAY TiNHNIIAT NGHl:
..-.A.J'..'1te,t,
7,rJ; D6I TAC DAO T�O CUA MICROSOFT T� �T NAM
A
�ICl'OSOft· Partner
NHAT NGHI; Tel: 39.322. 734 - 39.322.735 - Website: www.nhatn he.com
,.,
�.=;i.>i::! Leaming
Topic 8: Networking Fundamentals

Fundamentals of internet protocols
Basic networking configuration
Basic_ network troubleshooting
Configure Configure static routre
11�§!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Phien Ban Thir Nghifm - L1r11 Hanh Nqi B9
Men,
TRUNG TAM E>AO T�O M�NG MAY TINH NBAT NG:et:
D6I TAC DAO T�O ciJA MICROSOFT T�I V'q:T NAM
::�I,
...,,.,
105 Ba Huyen Thanh Quan, Q3, TP. HCM Microsoft· Partner
NHAT NGHe Tel: 39.322. j34 - 39.322.735 - Website: www.nhatnghe.com Golci: Learning
Networking Fundamentals
1. Cac file ciu hinh thong dyng

Xem, thay d6i ten m�y M th6ng:
# change hostname
# hostname may 1.nhatngheI.com
# hostname
mayl.nhatngheI.com
# reboot
Quan sat ten may tinh
#Change hostname permanently·

# hostnamectl set-hostname mayl.nhatngheI.com
# hostnamectl
Static hostname: may] .nhatnghe I.com
# reboot
Quan sat ten may tinh
- /etc/hosts: phan giai ten sang IP, thucmg dung cho phan giai rn)i bQ
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4

·::I localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.1.20 may l.nhatngheI.com mayI
192.168.1.120 may2.nhatngheI.com may2
Ki�m tra SI! phan giai ten bing each ping
[root@mayI -]# ping mayl.nhatngheI.com

PING mayl.nhatnghel.com (192.168.1.20) 56(84) bytes of data.
64 bytes from mayl.nhatngheI.com ( 192.168.1.20): icmp_seq=I ttl=64 time=4.41 ms
64 b es from mayl.nhatn heI.com (192.168.1.20): icm se =2 ttl=64 time=0.108 ms
-/etc/resolv.conf: khai bao DNS server dung cho phan giai ten
[root@mayl -]# vi /etc/resolv.conf

# Generated by NetworkManager
search nhatngheI.com
nameserver 8.8.8.8
search: danh sach cac domains cho v�c lookup cac host-name, m�c djnh khai
bao local domain. (t6i da dm;rc khai bao 6 domains va tbng sA ky ti! la 256 ky tg)
nameserver: chi djnh cac DNS servers
2. Ciu hinh IP card 111fng:
Phien Ban Thir Nghifm - L1111 Hanh N{,i B{, 119

TRUNG TAM DAO T�O M�NG MAY TiNHNHA.T NGHE:
�,..l"�"'l!t't'
7,rJ; B6I TAC BAO T�O CUA MICROSOFT T� V'J¥T NAM
105 Ba Huyen Thanh Quan, Q3, TP. HCM Miclosoft·Partner
NHAT NGH�
., A
".:.it)!I) Leaming
Tel: 39.322. 734 - 39.322.735 - Website: www.nhatnghe.com
2.1- Xem thong tin cftu hinh IP cua card m�ng:
[root@localhost-]# ifconfig
eno16777736: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.9.101 netmask 255.255.255.0 broadcast 192.168.9.255
inet6 fe80::20c:29ff:fe09:d7da prefixlen 64 scopeid Ox20<1ink>
ether OO:Oc:29:09:d7:da txqueuelen 1000 (Ethernet)
RX packets 7176 bytes 1006754 (983.1 KiB)
RX errors O dropped O overruns O frame 0
TX packets 657 bytes 186321 (181.9 KiB)
TX errors O dropped O overruns O carrier O collisions 0
eno33554960: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500

f
inet6 fe80::20c:29ff: e09:d7e4 prefixlen 64 scopeid Ox20<1ink>
ether OO:Oc:29:09:d7:e4 txqueuelen 1000 (Ethernet)
Io: flags=73<UP,LOOPBACK,RUNNING> mtu 65536

inet 127.0.0.1 netmask 255.0.0.0
inet6 :: 1 prefixlen 128 scopeid OxlO<host>
loop txqueuelen O (Local Loopback)
RX packets 6 bytes 624 .(624.0 B)
TX packets 6 bytes 624 (624.0 B)
Hay dung I�nh ifconfig-a

N�u mudn xem thong tin cftu hinh tung card m�ng thi:
[root@mayl -]# ifconfig eno1_6777736

enol6777736: tlags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
ether OO:Oc:29:09:d7:da txqueuelen 1000 (Ethernet)
2.2- Thay d6i dja chi IP

[root@mayl -]# ifconfig ethl 172.16.0.1 netmask 255.255.255.0
Vi�c thay d6i bing l�nh chi la t�m thoi va se khong dugc hru I�i khi khm d9ng I�i h� thdng.
. Ki�m tra IP:
[root@may1 -]# ifconfig eno33554960
eno33554960: tla s=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
126 Phien Bin Thfr Nghifm - Lll'll Hanh N9i B9

?lii1� TRUNGTA.M DAOTtOM�G MAY TiNHNHATNGHf;
1>61 TA.C flAO T�O CUA MICROSOFT T�I VJl;TNAM
105 Ba Huyen Thanh Quan, Q3, TP. HCM IW'ICIOSOft· Partner
��
'� ...
NHATNGHE . . .
� A
· Tel: 39.322. 734 - 39.322.735 - Website: www.nhatnghe.com G<;!d Leaming
inet 172.16.0.1 netmask 255.255.255.0 broadcast 192.168,9.255

ether OO:Oc:29:09:d7:da txqueue]en 1000 (Ethernet)
. RX packets 7176 bytes 1006754 (983.1 KiB)
RX errors O dropped O overruns O frame o·
TX errors O dropped O overruns O carrier O co11isions 0
Restart l�i service network nhu sau:
[root@mayl -]# systemctl restart network

Shutting down interface ethO: Device state: 3 (disconnected)
[ OK]
Shutting down interface ethl: Device state: 3 (disconnected)
[ OK]
Shutting down loopback interface: [ OK]
Bringing up loopback interface: [ OK ]
Bringing up interface ethO: Active connection state: activated
Active connection path: /org/freedesktop/NetworkManager/ActiveConnection/2
[ OK]
Bringing up interface eth1: Active connection state: activated
Active connection path: /org/freedesktop/NetworkManager/ActiveConnection/3
[ OK]
Ki�m tra l�i IP:
[root@mayl -]# ifconfig eno16777736

ethl Link encap:Ethemet HWaddr OO:OC:29:A0:1A:7B
inet addr:10.0.0.1 Beast:10.0.0.255 Mask:255.255.255.0
inet6 addr: fe80::20c:29ff:fea0:1a7b/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:15.00 Metric:1
f)� co th� luu l�i vi�c thay d6i dja chi IP sau khi restart ]�i h� th6ng, ta sua tn.rc ti€p file sau:
[root@may1 -]# vi /etc/sysconfig/network-scripts/ifcfg- eno16777736

TYPE=Ethernet
BOOTPROTO=none
DEFROUTE=yes
IPV4-FAILURE-FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF= yes
IPV6_DEFROUTE=yes
IPV6-FAILURE-FATAL=no
NAME=ethO
UUID=d9ccq5c6-1195-43e0-b4c5-e579dl628b3a
DEVICE=eno16777736
ONBOOT=yes
DNS1=8.8.8.8
IPADDR=192.168.9.101
PREFIX=24
GATEWAY=l92.168.9.200

.
Men, TRUNG TM1 DAO T�O M�NG MAY TINHNHA.T NGHf:
_
B6I TAC B.AO T�O CUA MICROSOFT T�I \'JlT NAM
I 05 Ba Huyen Thanh Quan, Q3, TP. HCM llllicrosolt' Partner
NHAT NGHe
� A
":i::>i:l Leaming
_ Tel: 39.322.734 - 39.322.735 - Website: www.nhatnghe.com
IPV6_PEERDNS=yes
IPV6_PEERROUTES=yes
IPV6 PRIVACY=no

# systemctl restart network
Ki�m tra l�i IP:
[root@mayl -]# ifconfig eno16777736

ethl Link encap:Ethemet HWaddr OO:OC:29:A0:1A:7B
inet addr:172.16.0.1 Bcast:172.16.0.255 Mask:255.255.255,0
inet6 addr: fe80::20c:29ff:fea0:1a7b/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:_60 errors:O dropped:O overruns:O frame:O
TX packets:42 errors:O dropped:O overruns:O carrier:O
collisions:O txqueuelen:1000
RX bytes:8233 (8.0 KiB) TX bytes:7291 (7.1 KiB)
Interrupt:16 Base address:Ox2080
2.3- T=,o IP Alias cho card m=,ng

+ Gan them ip cho eno16777736
[root@mayl -]# cd /etc/sysconfig/network-scripts/
[root@mayl network-scripts]# vi ifcfg- eno16777736
DEVICE= eno16777736
NM_CONTROLLED=yes
ONBOOT=yes
TYPE=Ethemet
BOOTPROTO=none
IPADDR=l 92.168.1.20
PREFIX=24
GATEWAY=192.168.l .1
DNS1=8.8.8.8
DEFROUTE=yes
IPV4_FAILURE_FATAL=yes
IPV6INIT=no
NAME="System ethO"
UUID=5fb06bd0-0bb0-7ftb-45fl-d6edd65t3e03
USERCTL=no
NETMASK=255.255.255.0
HWADDR=OO:OC:29:AO:lA:71
1PADDR2=192.168. l .21
IPADDR3=192.168.1.22
IPADDR4=192. l 68. l .23
# systemct] restart network
Ki�m tra:
122 Phien Ban Thir Nghifm - Llfll Hanh N{H Bq

.e,r, TRUNG TAM DAO T�O M�NG MAY TINHNIIAT NGHt:
001 TAC BAO T�O CUA MICROSOFT T�I VIt:T NAM
=' NGHi;: 105 Ba Huyen Thanh Quan, Q3, TP. HCM
NHAT
I),
Tel: 39.322. i34 - 39.322.735 - Website: www.nhatnghe.com

llrlCIOSOft· Partner
Gold Learning
[root@rnayl -]# ip addr

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
inet6 ::1/128 scope host
vaJid_lft forever preferred_lft forever
2: eno16777736: <BROADCAST,MULTlCAST,UP,LOWER_UP> mtu 1500 qdisc
pfifo_fast state UNKNOWN glen 1000
link/ether 00:0c:29:aO:la:71 brd ff:ff:ff:ff:ff:ff
inet 192.168.1.20/24 brd 192.168.1.255 scope global ethO
inet 192.168.1.21/24 brd 192.168.1.255 scope global secondary ethO
inet6 fe80::20c:29ff:fea0:l a71/64 scope link
valid_lft forever preferred_lft forever
3: eno33554960: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc
pfifo_fast state UNKNOWN glen 1000
link/ether 00:0c:29:aO:la:7b brd ff:ff:ff:ff:ff:ff
in�t 172.16.0.1/24 brd 172.16.0.255 scope global ethl
inet6 fe80::20c:29ff:fea0:1a7b/64 .scope link
· valid 1ft forever preferred 1ft forever
+ T�o Alias cho ethO

[root@mayl -]# cd /etc/sysconfig/network-scripts/
[root@mayl network-scripts]# cp ifcfg- enol6777736ifcfg- enol6777736:0
#vi ifcfg- eno16777736:0

DEVICE= eno16777736:0
NM_CONTROLLED=yes
ONBOOT=yes
TYPE=Ethemet
BOOTPROTO=none
IPADDR=192.168.1.30
PREFIX=24
GATEWAY=l92.168.l.l
DNS1=8.8.8.8
DEFROUTE=yes
IPV4_FAILURE_FAT AL=yes
IPV6INIT=no
NAME="System eno16777736"
UUID=5fb06bd0-0bb0-7ftb-45fl-d6edd65f3e03
USERCTL=no
NETMASK=255.255.255.0
HW ADDR=OO:OC:29:AO:1 A:71

#ifconfig I more
3. Lfnh route
Phien Ban Thir Nghifm - L1111 Hanh Nqi Bi) 123

TRUNq TA� I>AO T�� M�NG MAY TiNHNIIA! NGH¥
J>AL-i,,e,tt,
"ffflf"J: B(>I TAC BAO T�O CUA MICROSOFT T� \Tq:T NAM
,, � 105 Ba Huy�n Thanh Quan, Q3, TP. HCM Miclosoft-Partner
.
NHATNGHE· Tel: 39.322.734 - 39.322.735- .
Website: www.nhatnghe.com
- Xem routing table:
[root@mayl -]# route -n

Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use lface
172.16.0.0 0.0.0.0 255.255.255.0 U 1 0 0 ethl
192.168.1.0 0.0.0.0 255.255.255.0 U 1 0 0 ethO
0.0.0.0 192.168.1.1 0.0.0.0 UG O 0 0 ethO
- Them default gateway:

[root@mayl -]# route add default gw 172.16.0.200
- Ki�m tra l�i routing table:

172.16.0.0 0.0.0.0 255.255.255.0 U 1 0 0 ethl
192.168.1.0 0.0.0.0 255.255:255.0 U 1 0 0 ethO
0.0.0.0 172.16.0.200 0.0.0.0 UG O 0 0 ethl
0.0.0.0 192.168.1.1 0.0.0.0 UG O 0 0 ethO
- Xoa default route:

[root@mayl -]# route del default gw 172.16.0.200
- Ki�m tra l�i routing table:

Destination Gateway Genmask Flags Metric Ref Use !face
172.16.0.0 0.0.0.0 255.255.255.0 U l 0 0 ethl
192.168.1.0 0.0.0.0 255.255.255.0 U l 0 0 ethO
0.0.0.0 192.168.1.1 0.0.0.0 UG O 0 0 ethO
4. Lfnh netstat
-Xem routing table:

172.16.0.0 0.0.0.0 255.255.255.0 U 1 0 0 ethl
192.168.1.0 0.0.0.0 255.255.255.0 U 1 0 0 ethO
0.0.0.0 192.168.1.1 0.0.0.0 UG O 0 0 ethO
- Ki�m tra cac ort tc dan dugc ma:

# netstat -ntlp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PIO/Program
I name
. tcp6 · 0 0 :::389 ···* LISTEN 2368/slapd
124 Phien Ban Thfr Nghifm - L11U Hanh Nqi Be)

.AA1"1le/tl
""ffrJ:
TRUNG TAM DAO T�O M�NG MAY TINH NHAT NGIQ:
B6I TAC DAO T�O CUA MICROSOFT T� Vfl:T NAM
::�I�
",.,
,., 105 Ba Huyen
A . Thanh Quan, Q3, TP. HCM
.
NHATNGHE· Tel: 39.322.734 - 39.322.735-Website:
Microsoft·Pa rtner
www.nhatnghe.com Goid Leaming
tcp6 0 0 :::80 ...···* LISTEN 3191/httpd

tcp6 0 0 :::22 ...
···* LISTEN 955/sshd
tcp6 0 0 ::1:631 ···*
... LISTEN 3954/cupsd
···
tcp6 0 0 ::1:953 ...* LISTEN 4923/named
tcp6 0 0 ::1:25 ···*
... LISTEN 2324/master
Ki�m tra cac port udp dang duqc ma:
# netstat -nulp
name
udp 0 0 192.168.1.101:53 0.0.0.0:*. 4923/named
udp 6144 0 0.0.0.0:53 0.0.0.0:* 4923/named
udp 0 0 127.0.0.1:53 0.0.0.0:* 4923/named
udp 0 0 0.0.0.0:123 0.0.0.0:* 653/chronyd
udp 0 0 0.0.0.0:5353 0.0.0.0:* 650/avahi-daemon: r
udp 0 0 0.0.0.0:47420 0.0.0.0:* 650/avahi-daemon: r
udp 0 0 127.0.0.1:323 0.0.0.0:* 653/chronyd
udp6 0 0 :::53 '"'* 4923/named
udp6. 0 0 :::123 ···* 653/chronyd
udp6 0 0 ::I :323 ···* 653/chronyd tcp
0
5. Cac lfnh khac
__ L�nh tracepath l&n dfiu duong di tren m�ng t&i m()t dich chi djnh va bao cao v� m6i nut m�ng (hop)
d9c tren duong di. N�u g�p phai cac vfin d� v� m�ng, 1�nhtracepath c6 th� chi ra vj tri 16i m�ng
[root@mayl -]# tracepath nhatnghe.com

I: may l.nhatnghe I.com (192.168.1.20) 0.718ms pmtu 1500
1: 192.168.1.1 (192.168.1.1). l.403ms
I: 192.168.1.1 (192.168.1.1) l.904ms
2: 192.168.1.1 (192.168.1.1) I .909ms pmtu 1492
2: localhost (222.254.175.1) 51.176ms asymm 3
3: 172.17.32.2 (172.17.32.2) 49.416ms
4: no reply
5: no reply
6: no reply
7: vdc.vn (123.29.16.18) 49.610ms
8: 118.69.241.130 (118.69.241.130) 50.714ms asymm 10
9: no reply
10: no. reply
4: vdc.vn (123.29.14.205) 19060.501ms asymm 6
4: vdc.vn (123.29.14.205) 19107.464ms asymm 6
L�nh traceroute: giup ta bi�t dugc duong di cua g6i tin d�n dich se phai qua nhung dia chi nao. N6
su dt,mg TTL, bing each gm cac g6i tin lien t1,1c cho d�n dich, g6i tin d&u c6 th<'ri gian TTL la 1, g6i
tin 2 c6 TTL la 2, cho d�n khi n6 d�n dich, m6i l&n tang len 1 dan vi
Pbien Ban Thir Nghiim - Ltru Hanh N9i B9 125

,Me"'
..,
TRUNGTAM E>AO T�O M�G MAY TINHNIL\TNG�
D6I TAC DAO T�O CUA MICROSOFT T� VJ$TNAM
_ I 05 Ba Huy�n Thanh Quan, Q3, TP. HCM Mic,osolt· Partner
NHAT NGHe Tel: 39.322.734 - 39.322.735 - Website: www.nhatnghe.com
".'.i,Ad Leaming
[root@mayl -]#traceroute nhatnghe.com

traceroute to nhatnghe.com(118.69.197.152), 30 hops max, 60 byte packets
1 192.168.1.1(192.168.1.1) 1.126 ms 1.039 ms 1.017 ms
2 localhost(222.254.175.l) 27.717 ms 29.574 ms 31.840 ms
3 172.17.32.2(172.17.32.2) 32.701 ms 33.911 ms 35.978 ms
4 ***
5 ***
6 ***
7 vdc.vn(123.29.16.18) 29.890 ms 24.382 ms 25.868 ms
8 118.69.250.210 (118.69.250.210) 28.920 ms 118.69.241.130 (118.69.241.130) 30.965
ms 32.985 ms
9 ***
10 * * *
Lenh tcpdump: Capture cac packets
[root@may1 -]# tcpdump -n icmp -i eno33554960

tcpdump: verbose output suppressed, use -v or -w for full protocol decode
listening on ethO, link-type EN10MB (Ethernet), capture size 65535 bytes
23:07:17.074311 IP 192.168.1.2 > 192.168.1.1: ICMP echo request, id 1024, seq 40454, length 28
23:07:17.074765 IP 192.168.1.1 > 192.168.1.2: ICMP echo reply, id 1024, seq 40454, length 28
'[root@mayl -]#tcpdump "dst 1�2.168.1.20 and src 192.168.1.1"

[root@mayl-]#tcpdump "host 192.168.1.20 and host 192.168.1.1"
6. Tfp tin/etc/services
.Khi xinetd dugc kh&i t�o n6 se truy c�p dSn t�p tin /etc/services d� tim c6ng tuong (mg v6·i
tung djch V\J.
- Quan sat t�p tin /etc/services nhu sau:
[root@may l -]#vi /etc/services
#service-name port/protocol [aliases ...] [#comment]
tcpmux 1/tcp #TCP port service multiplexer

tcpmux 1/udp #TCP port service multiplexer
rje 5/tcp #Remote Job Entry
rje 5/udp #Remote Job Entry
echo 7/tcp
echo 7/udp
discard 9/tcp sink null
discard 9/udp sink null
systat 11/tcp users
systat 11/udp users
daytime 13/tcp
daytime 13/udp
qotd 17/tcp quote

-'e"'
.,
TRUNG TA.M £>AO T�O M�NG MAY TINHNBA.T NGiq:
B6I TAC BAO T.,;.O CUA MICROSOFT T.,;.I VIlT NAM
_ 105 Ba Huyen Thanh Quan, Q3, TP. HCM MICIOSOft·Partner
::<?II:.
�-,.
NHAT NGHe Tel: 39.322.i34 - 39.322.735- Website: www.nhatnghe.com Gold Learning
qotd 17/udp quote

msp 18/tcp # message send protocol (historic)
msp 18/udp # message send protocol (historic)
chargen 19/tcp ttytst source
chargen 19/udp ttytst source
Cdu true t�p tin /etc/services g6m co 4 c<)t:

C<)t 1 : ten djch V\l
C<)t 2: port/giao thuc
C<)t 3: aliases (danh sach nhung ten g<;>i khac cua djch V\l)
C<)t 4: chu thich
Phien Ban Thir Nghifm - Ltru Hanh N{,i B{, 127

11ii1e"'
.,
TRUNG TA.M DAO T�O M�NG MAY TINHNIIATNGn:t:
DOI TA.C DAO T�O CUA MICROSOFT T�I VJt;T NAM
� 105 Ba Huy�n Thanh Quan, Q3, TP. HCM Miclosott' Partner
NHAT NGHI;
Topic 9: Remote server management

Telnet server
Ssh - Secure shell
VNC server
128 Phien Ban Thii' Nghifm - LU'U Hanh N{»i Bq

TRUNG TAM DAO T�O M�G MAY T.INHNHA.T NGiq:
...J'...'1te"'
"'ffllf"X l>OI TAC BAO T�O CUA MICROSOFT T�I VQT NAM ...-s,,t;�,.
,?I
.�
105 Ba Huyen Thanh Quan, Q3, TP. HCM lllicrosolt Partner
_A
NH___ T NGHE· Tel: 39.322.i34 - 39.322.735- Website: www.nhatnghe.com "Goi(j Learning
Dieu khien linux server tir xa

' ?
1. Secure Shell
Chuang trinh telnet cho phep nguoi dung dang nh�p tir xa vao h� th6ng. Nhung khuyet di8m cua
chuang trinh nay la ten ngucri dung va m�t khftu gm qua m�ng khong dugc ma hoa. Do d6, rfit d6 bj
tin cong. Ph!n m€m ssh la m(>t sv h6 trg m6i cua linux nhki kh�c phvc nhugc di8m cua telnet. No
cho phep b;n dang nh�p tu xa vao h� th6ng linux va m�t khftu se dugc ma boa.
MJc dinh khi cai d�t Iinux thi ssh da duqc cai d�t
- Ki€m tra ssh da dugc cai d�t hay chua:
[root@localhost-]# rpm -qa I grep openssh

openssh-6.6.1p l -1 l .e17.x86_64
openssh-cJients-6.6.1p l -11.el7.x86_64
openssh-server-6.6.1p l -11.e17.x86 64
Ki8m tra port 22
[root@localhost -]# netstat -nltp

name
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1265/sshd
tcp 0 0 127.0.0.1 :25 0.0.0.0:* LISTEN 2377/master
tcp6 0 0 :::22 ... * LISTEN 1265/sshd
tcp6 0 0:::23 ... * LISTEN 3965/xinetd
tcp6 0 0 ::1:25 ... * LISTEN 2377/master
[root@loca]host ...:.J# systemctl status sshd

, sshd.service"" OpenSSH server daemon
Loaded: loaded (/usr/lib/systemd/system/sshd.service; enabled)
Active: active (running) since Sun 2015-04-26 15:10: 18 ICT; 1h l 8min ago
Main PIO: 1265 (sshd)
CGro1,1p: /system.slice/sshd.service
aal265 /usr/sbin/sshd -D
Apr 26 15:10:18 Joca]host.localdomain systemd[l]: Started OpenSSH server daemon.

Apr 26 15:10:18 localhost.localdomain sshd[l265]: Server listening on 0.0.0.0 port 22.
2. SSH client
Client sir dpng cac each sau d8 k�t n6i den SSH server
2.1 Truy qp ssh server tir Linux:
[root@mayl -]# ssh root@ l92.168.1.101

root@l 92.168.1.10 l's password:
Last login: Sun Apr 26 15:35:24 2015 from 192.168.1. lOLast login: Tue Jul 10 23:09:51
2012 from 192.168.1.2
N�u muAn ssh v6i account khac root thi them vao option -I nhu sau:
Phien Ban Thir Nghifm - L1lll Hanh Nqi Bq 129

Me,t, TRUNG TAM DAO T�O M�G MAY TINHNIL\T NGH:E;
1>61 TAC BAO T�O CUA MICROSOFT T� VI:E;T NAM
I 05 Ba Huyen
. Thanh Quan, Q3, TP. HCM llllic,osoft· Partner
�"
".
.
. Website:
NHATNGHE· Tel: 39.322.734 - 39.322.735-
,., A
".;;dti Leaming
www.nhatnghe.com
[root@mayl -]# ssh-1 ul 192.168.1.23
- Su d\J.Ilg ·1enh scp d� th\l'C men sao chep qua ssh:

[root@mayl -]# scp-r /dulieu 192.168.1.20:/data
2.2 SSH Secure Shell Client

Tren windows cai chuong trlnh SSH Secure Shell Client
� -· =-
GJ��
nn - - r � � n- - --- n �- " n n �-<e - - n - = r - - n - �- -� _
'Jill - default - SSH Secure Shell
lJ fie tdit � yt'indow tjelp

JJ iii I It 11.1· • • I i1ib.@ e I II l • � ,-�. , • �?l
! I l} Quick Connect
-------' ···----
� Profiles I
,-- -·------·--' __ j
SSH Secu.re Shell 3.2.9 (Build 283)

Copyright (c) 2000�2003 SSH Co:m:mu.�ications Security Corp - http://w
This copy of SSH Secure Shell is a non-com:m.ercial version.

This version dces not include PKI and PKCS #11 functionality.
,�,
Not connected • press Enter or Space to connect r 67x12 _,,;
Ch9n add profile, edit profile. khai bao cac thong s6 sau:
Quick Connect Colors Tumeling j Fie Tram/er ] Fl!vorite Folders

,=: CJ Profile$ Comee-tion I Cipher List j Authentication I
Keyboard
Sim
Configure protocol setting• for the connection. New oettingo wil take effect
upol'l """' login,
Specify • M the host name or the user name lo be prompted fot the
information when the prolile is chosen for connecting.
l:!ost name: 119;!.168.120

Yserr...me:
fort number.
I <Default> 3 I L'B .:J

,-1<-Def_auft>
____ iJ....,•
l<None> iJ
Jvt100 3
r Connect through ,lirewall
r fiequest tunnel,: only (di$able terminal)
uo Phien Bin Thu- Nghifm- Llfll Hanh N{,i B{,

Me,t,
TRUNG TAM DAO T�O M�NG MAY TiNHNHA.T NGH:f:
B6I TAC BAO T�O CUA MICROSOFT T�I �T NAM
--:�I�
� ..,
NHAT NGH�
,., A 105 Ba Huy�n Thanh Quan, Q3, TP. HCM Afictosoft·Pa rtner
Tel: 39.322.734 - 39.322.735- Website: www.nhatnghe.com Gold Leaming
Ch9nOK
ChQn connectionm 1 => ch9n Connect
SSH Secur.e Shell 3. 2. 9 (Build 283)

Copyright (c) 2000-2003 SSH CO!llllllL."lice.tions Secm:ity Corp - http:/ /ww. ssh. com)
This copy of SZli Secure Shell is a non-colllllletcial version.

This versicn does not include PKI and l'RCS #ll functionality.
Nh�p vao password cho account root, ch9n OK

Su di,mg SSH Secure File Transfer Client chep dii li�u giiia windows va linux
. . . . . ../J Size' Type�

! My Documents Foldt ;.
jMyC�er Fold,'
'r
· My Network Places Foldt i'
}J Recycle Bin , Foldt·'":,·.
, Internet Explorer Foldt"'
Adobe Reader X Foldt'...cJ
Mozilla Firefox Foldt
1,062 shortct Foldt
, 1,931 Shortc1 923 RULE
w SSH Secure Shel Oen!: 985 Shortc1i�I I.S85 Micrc ,�
$:��'5i�Z;:�;�1�,�\};,1�·trz;-;Si::�·:I�\ Si0L__�__,,,_ t�J�-- �i
·
Transfer I Queue J
Speed ! Tlm�L
3 Ciu hinh SSh

3.1 Gioi hfn user truy cfp ssh
Phien Ban Thii' Nghifm - Lllll Hanh N9i B9 131

TRUNG TAM DAO TAO MANG MAY TiNHNIIAT NGHE·
..,.A.J'..."'.l'le"'
7,rJ; B6I TAC BAO T�O CUA MICROSOFT T�I VJl;T NAM
.., _ 105 Ba Huyen Thanh Quan, Q3, TP. HCM lllliclosolt· Partner
NHATNGHE· . - 39.322.735- Website: www.nhatn he.com
Tel: 39.322.734
•:;;oid Leaming
- Chi cho root va ul duqc ket n6i d�n ssh server

[root@mayl -]# vi /etc/ssh/sshd_config
Banner /etc/ssh/banner.txt
AllowUsers ul root
[root@may1 -]# service sshd restart
3.2 C§m user root dung ssh
# vi /etc/ssh/sshd_config
49 PermitRootLogin no
# systemctl restart sshd
T�i may client truy c�p se bao 16i
[root@mayl -]# ssh root@192.168.1.101
root@l 92.168.1.101 's password:
Permission denied, please try again.
User thucmg v�n c6 thS dung ssh va su qua user root
3.3 SSH Xl 1 Forwarding
T�i may server
# vi /etc/ssh/sshd_config
115 X11 Forwarding yes
116 X11 DisplayOffset 10
# systemctl restart sshd
T�i may Linux client, startx

#si#sh -XC root@l 92.168.1.101
# eval 'dbus-launch --sh-syntax'
# exportOBUS_SESSION_BUS_ADDRESS
# export DBUS_SESSION_BUS_PID
# gnome-system-monitor
f\efresh I view • j
·-- �=iw
.%CPU.
, ID
J�Mem,[unit···-···.·1 Priority
o 622 1.7 MiE abrtd.sen, Normal
O 625 1.3 MiE abrt-oops, Normal
O 624 1.3 MiE abrt-xorg. Normal
0 1293 124,0 I getty@tty Normal
O 611 212.0 I alsa-state Very Low
O 2946 244.0 I session-7. Normal
0 345 NIA Very High
o 1289 204.0 I atd.servic Normal
O 4492 696.0 I session-1! Normal
0 4661 616.0 I session-!' Normal
o 4485 2. 7 MiE session-1! Normal
O 4380 616.0 I session-1- Normal
132 Phien Ban Thir Ngbifm - LU'U Hanh N9i B9

.......I'.� TRUNG TAM DAO T�O M�G MAY TINHNIIAT NG
ffl:
-:�I�
--,,.,---A
rfflr'J:
NHATNGHE
D6I TAC DAO T �O CUA MICROSOFT
·
T� I Vlt T NAM

Afictosoft· Partner
'\l·,
Gold Leaming
May windows:
- Cai sfnet_xming
- Ma putty, chQn select XI I, chQn "Enable XI I foiwarding"
- Ti�n hanh k�t n6i ssh d�n may linux
Categp,y:
.. t.:onneclion
��-��--]
1. . Proity
L. Data
· · ·· · · ·· ·
1��1
X11 forwairlinq
j·.. Telnet
1··-Rlogln
- K c&sp1ay location . - ·---------
�.:·, .. ssH
--. -·. ... �-. - ·--··-. ·"·-. . . . .. . .. . 1 �'.--1

[.... l(m: 1 11 Remote X11 a@iertication protocol
l r!J.. hJth ,J @ MIT·Magic.cookle-1 XDM·J\Jthorization-1
It
1.... m ; X authority file for local clispley
1.... x11
1.... Tunnels
Ch�y frng di,mg:

#oocalc ho?c
#gnome-window-properties
4 Cho phep truy c@.p SSH server khong yeu clu nh@.p passowrd
- Sfra file du hinh tren server thi�t l�p 2 thu(k tinh sau:
[root@mayI -]# vi /etc/ssh/sshd_config
55 PubkeyAuthentication yes
59 AuthorizedKeysFile .ssh/authorized_keys
- T�o key t�i may Client:
[root@mayl -]# ssh-keygen -t dsa

Generating public/private dsa key pair.
Enter file in which to save the key (/root/.ssh/id_dsa):
Enter passphrase (empty for no passphrase):
Enter SBllle passphrase again:
Your identification has been saved in /root/.ssh/id�dsa.
Your public key has been saved in /root/.ssh/id_dsa.pub.
lhe key fingerprint is:
le:.04: 21: 39: 9a: 19: Sc: ff: e9: Of: lf: 2e: 32: 3e: ec:bd root@mayl.nhatnghel.com
lhe key's randomart image.is:
+--[ DSA 1024]----+
I . .a. o. I
I o oo • I
I =
I
I + o • I
I S I
I o • I
I + . I
I =· . = . I
I oo+Eo+ I
+-----------------+
- Copy key cua Client Jen Server:
Phien Ban Thu- Nghifm - Ltru Hanh N{H Bi} 133

TRUNq TA� DAO T�� M�NG MAY TiNHNHA!NGHi
.AA1"'.R�
"fflr'J; D6I TAC DAO T�O CUA MICROSOFT T� VJ¥T NAM
,., 105 Ba Huy�n Thanh Quan, Q3, TP. HCM
A
IWiclosolt· Partner
NHAT NGHI[: Tel: ";i,>id Leaming
39.322.734- 39.322.735-Website: www.nhatnghe.com
[root@mayl -]# scp -r /root/.ssh/ 192.168.1.20:/root
- Tren server copy file id_rsa.pub thanh file mm dBi ten thanh authorized_keys:
[root@mayl .ssh]# cp /root/.ssh/id_dsa.pub /root(ssh/authorized_keys
- Restart l�i sshd daemon tren server:

[root@mayl .ssh]# service sshd restart
- Truy c�p SSH tir Client:
[root@mayl -]# ssh 192.168.1.101

Last failed login: Sun Apr 26 18:24:03 ICT 2015 from 192.168.1.10 on ssh:notty
There were 2 failed login attempts since the last successful login.
Last login: Sun Apr 26 18:22:49 2015 fro� 192.168.1.10
5. VNC
Di�u khi�n server tir xa qua giao di� d6 h9a
- Cai d�t tigervnc-server
tigervnc-server-1.2.80-0.30.20130314svn5065.el7.x86_64
tigervnc-license-1.2.80-0.30.20130314svn5065.el7.noarch
tigervnc-server-minimal-12.80-0.30.20130314svn5065.el7.x86 64
- :E>�t password cho vnc server
[root@localhost -]# vncserver

You wiJI require a password to access your desktops.
Password:213456
Verify:123456
- Kh&i d{mg vns server, run with diplay number 'I', screen resolution '800x600', color depth '24'
#vncserver :1 -geometry 800x600 -depth 24
- T�i may windows, cai TightVNC ho�c UltraVNC, ti�n hanh k�t n6i
- 1'Jh�p pass;vcrd cUa vnc
134 Phien Ban Thir Nghifm - Llfll Hanh N9i B9

Jt A1""Jle/tt TRUNG TAM DA.O T�O M�NG MAYTINHNIL\.T NGH:f;
"ffrl: DOI TAC DAO T�O CUA MICROSOFT T�I VI:f:T NAM
,., � 105 Ba Huyen Thanh Quan, Q3, TP. HCM
NHATNGHE
· . - 39.322.735 - Website: www.nhatnghe.com
• Tel: 39.322. 734 Go!d Learning
- K�t n6i thanh cong
6. K�t n6i d�n windows voi giao thll'c RDP

May linux cai cac g6i: (DVD)
pcsc-lite-libs-1.8.8-� .e17.x86_64.rpm
freerdp-libs-1.0.2-5.el7_ 1. l .x86_64
freerdp-1.0.2-5.e17_ 1. l .x86_64
freerdp-plugins-1.0.2-5.e17_ l . l .x86_64
May windows check Enable remote destop, tftt firewall
T?i may linux, k�t n6i d�n windows
# xfreerdp -g 800x600 -u administrator 192.168.1.101
Phien Ban Thir Nghifm - Ltr0 Hanh N�i B{) 135

T�UN9 TA.� f>AO T�� M�NG MAY TINHNBA.TNGllt:
..A��T/,e,tt,
7,r"J; DOI TAC BAO T�O CUA MICROSOFT T� V£E:TNAM
105 Ba Huyen Thanh Quan, Q3, TP. HCM llllicrosoft' Partner
--.A---E
NH T NGH · Tel: 39.322. 734 - 39.322.735 - Website: www.nhatn he.com t,;,_:,Jd Leaming
Topic 10: DHCP - FTP Servers
136 Phien Ban Thir Nghiem - LU'U Hanh Nqi Bi}

?IR�
,.,
TRUNG TA.M DAO T�O M�G MAY TiNHNHA.TNGHf;
DOI TAC D.AO T�O CUA MICROSOFT T�I V!¥TNAM
� 105 Ba Huyen Thanh Quan, Q3, TP. HCM Mictosoft· Partner
. - 39.322.735 - Website: www.nhatn he.com
g Goid Leaming
Dynamic Host Configuration Protocol

1. Cai cljt DHCP
DHCP la djch V\l cip phat IP d<)ng cho cac may tr�m.
- Cai d�t dhcp
[root@localhost-]# rpm -ivh /media/Packages/dhcp-4.2.5-36.el7.centos.x86_64.rpm

warning: /media/Packages/dhcp-4.2.5-36.el7 .centos.x86_64.rpm: Header V3 RSA/SHA256
Signature, key ID f4a80eb5: NOKEY
Preparing... ################################# [100%]
1:dhcp-12:4 .2.5-36.el 7.centos ################################# [100%]
- Ki€m tra DHCP da dugc cai d�t tren h� th6ng:

[root@mayl -]# rpm -qa I grep dhcp
dhcp-4.1.1-25.Pl .el6.i686
dhcp-common-4.1.1-25.PI .el6.i686
2. Ciu hinh dhcp server

file dting d� ciu hinh dhcp server la /etc/dhcpd.conf
-T�o file du hinh dhcpd.confbAng each sfra d6i file dhcpd.conf.sample:
[[root@localhost-]# cp /usr/share/doc/dhcp*/dhcpd.conf.example /etc/dhcp/dhcpd.conf
cp: overwrite a/etc/dhcp/dhcpd.confa? y
- Sfra file du hinh /etc/dhcpd.confnhu sau:

[root@mayl -]# vi /etc/dhcp/dhcpd.conf
7 option domain-name" nhatnghel .com";

8 option domain-name-servers 8.8.8.8, 8.8.4.4;
10 default-lease-time 600; : Thai gian m�c djnh cip IP cho m<)t client
11 max-lease-time 7200; : Thai gian t6i da dp IP cha m<)t c1ient
22 log-facility local7; : nh�t ky dhcp � /var/log/boot.log
47 subnet 192.168.1.0 netmask 255.255.255.0 {

48 range 192.168.1.100 192.168.1.200; :Yung dja chi dp phat cho cac clients
49 option domain-name-servers 8.8.8.8; : IP DNS server
50 option domain-name "nhatnghe.com"; : Domain mame
51 option routers 192.168.1.254; : Default gateway
52 option broadcast-address 192.168.1.255;
53 default-lease-time 600;
54 max-lease-time 7200;
55}
Khoi d<)ng dhcpd

[root@localhost-]# systemctl enable dhcpd
In -s '/usr/lib/systemd/system/dhcpd.service' '/etc/systemd/system/multi
user.target.wants/dhcpd.service'
[root@localhost-]# systemctl start dhcpd
Phien Ban Thw Nghifm - Llfll Hanh N9i B9 137

TRUN9 TA� f>AO T�� M�NG MAY TINHNIIA! NGH¥
..A1":Reti-
"ff'lf"X DOI TAC BAO T�O CUA MICROSOFT T�I �T NAM
105 Ba Huy�n Thanh Quan, Q3, TP. HCM Miclosolt' Partner
NHAT NGH� Tel: 39.322.734 - 39.322.735-Website: www.nhatn he.com
,,, A
":id:) Leaming
[root@localhost-]# systemctl status dhcpd

dhcpd.service - DHCPv4 Server Daemon
·Loaded: loaded (/usr/lib/systemd/system/dhcpd.service; enabled)
Active: active (running) since Mon 2015-05-04 21:17:53 EDT; 6s ago
Docs: man:dhcpd(8)
man:dhcpd.conf(5)
Main PIO: 12216 (dhcpd)
Status: "Dispatching packets ..."
CGroup: /sys�em.slice/dhcpd.service
aa.12216 /usr/sbin/dhcpd -f-cf /etc/dhcp/dhcpd.conf-user dhcpd -group dhcpd--no-pid
2. Ciu hinh DHCP client

2.1 May windows
- f)�t ip a ch� d{', ti,r d{',ng
" '
Internet Prot-0col (T�P/IP) Properties , "" ��
I General'1A�'i �AkeinateComgur�!
Connectusin� i
,-- ...... .•.. .....................,......... , You can gel IP setting: a;signed automaticaly l )'QUI nelwolk suppo,ts
l lfjp Atherot L2 Fast Et !, tm capabity. Otheiwise,ycu need to iiskyQU1 network edministtator for
--·· -- . ppr !
....... i the a opriate P :e ttings .
This connection tnes t
0 Obtain an IP address �omatically
i @ � File and Printer 0 Use the folowing IP address:
I@ �QoS Packet Sc
i !i!J 'lF Internet Prat 1;,·,,,:,..,,.. .
I
('
'�·-"'·,.. � ..,>·.· ..,.,m ···,..,·-�.-,.-· •..•.
Install...
Oe$etipticn (!) Obtain DNS server. addr� autllmalically
Transmi;sion Contiol
wide area network pro i 0 Use the folowing DNS se1ver addresses:
acrots dr;erte inlerc "·
.f'·,,e,,, :i>: f
0 Show icon in notificat1
0 Notify me when this
>
Advanced.. I j
.,.. ..,, ,,... , .. �
H I
,., ...
OK C-Yicel
- cmd, ipconfig /all
138 Phien Ban Thir Nghifm - Ltru Hanh N{,i Bq

...,J'..'J!� TRUNG TA.M DAO T�O M�NG MAY TINH NBA.T NGH_f:
�is
rfr,rJ; DOI TAC BA.O T40 CUA MICROSOFT t41 VI.f:T NAM '1n
-N-H-AT_N_G_H-�• Tel: 39.322.734 - 39.322.735- Website: www.nhatnghe.com
Aficrosoft·Partner
Goid Leaming
2.1 May linux

C 1: #nmtui, Edit a connection, ch<;m Lan card, Edit
Ipv4 : Automatic
onnec ion
eno16777736
ena16777736 (00:GC :29 :CB :FJ;50) .. -_
,: ({Pv4 'coNFIGURA r10N .·"""!!"!""�.......""""""!

l"!
Add resSe's <Remove>
·••DNS <Remove>
dorriains
[root@localhost -]# systemctl restart network
Ki€m tra l�i dja chi IP

root@localhost Desktop]# ifconfig
enol6777736: tfags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet6 fe80::20c:29ff:fecb:t350 prefixlen 64 scopeid Ox20<link>
ether 00:0c:29:cb:t3:50 txqueuelen 1000 (Ethernet)
Phien Ban ThD" Nghifm - LtrU Hanh Ni)i Bi) 139

TRUNG TAM E>AO T�O M,:\.NG MAY TiNHNHAT NGH:t
....A1°1le"'
"f,r'J; D(>I TAC DAO T�O CUA MICROSOFT T� VI¥T NAM
,., · _ 105 Ba Huyen
. Thanh Quan, Q3, TP. HCM Mic#osolt' Partner
.
NHATNGHE· Tel: 39.322. 734 - 39.322.735 - Website: <'J,,.i�i Leaming
www.nhatnghe.com
C2: Sua file du hinh card m�ng:
[root@localhost -]# vi /etc/sysconfig/network-scripts/ifcfg-eno16777736

TYPE=Ethemet
BOOTPROTO=dhcp
DEFROUTE=yes
IPV4_FAILURE_FATAL=yes
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_FAILURE_FATAL=no.
NAME=eno16777736
UUID=t2:ffadc6-76be-4938-ae8d-f09b2dd6b22a
. DEVICE=eno16777736
ONBOOT=yes
DNS 1=8.8.8.8
IPADDR=192.168.1.101
PREFIX=24
GATEWAY= l 92.168.1.254
PEERDNS=yes
PEERROUTES=yes
IPV6_PEERDNS=yes
IPV6 PEERROUTES=yes
- Restart service network:

[root@localhost -]# systemctl restart network
- Xem thong tin cftp phat
[root@localhost -]# more /var/l_ib/dhclient/dhclient-5tb06bd0-0bb0-7ftb-45fl �

d6edd65f3e03-eth0.lease
lease {
interface "ethO";
fixed-address 192.168.1.103;
option subnet-rnask 255.255.255.0;
option dhcp-lease-time 600;
option routers 192.168.1.1;
option dhcp-message-type 5;
option dhcp-server-identifier 192.168.1.20;
option domain-name-servers 8.8.8.8;
option broadcast-address 192.168.1.255;
option domain-name "nhatnghe I .com";
renew 4 2012/07/12 14:22:48;
rebind 4 2012/07/12 14:27:15;
expire 4 2012/07/12 14:28:30;
}
l4u Phien Ban Thir Nghifm - LtrU Hanh N9i B9

_,..J'.."'lten- TRUNG TAM E>AO TAO M ANG MAY TiNHNIIAT NGIQ:
r(flr'J: 1>61 TA.C DAO T�O CUA MICROSOFT T� VQT NAM
105 Ba Huyen Thanh Quan, Q3, TP. HCM Microsoft·Partner
NHAT NGH�
., A
Tel: 39.322.734 - 39.322.735-Website: www.nhatnghe.com Goid Leaming
-Theo doi tinh hinh d.p phat DHCP tren Server
[root@localhost Desktop]# more /var/lib/dhcpd/dhcpd.Jeases

# The format of this file is documented in the dhcpd.1eases(5) manual page.
# This lease file was written by isc-dhcp-,4.2.5
lease 192.168.1.102 {
starts 2 2015/05/05 01:21 :20;
ends 2 2015/05/05 01:31:20;
tstp 2 2015/05/05 01:31:20;
cltt 2 20 I 5/05/05 0 l :21:20;
binding state active;
next binding state free;
rewind binding state free;
hardware etheinet OO:Oc:29:68:4c:43;
uid "\001\000\014)hLC";
client-hostname "mayl ";
}
-Xem nh�t ky
[root@localhost Desktop]# more /var/log/ boot.log
May 4 22:16:01 localhost dhcpd: DHCPRELEASE of I92.168. I.I02 from OO:Oc:29:68:4c:43 (may]) via eno
I6777736 (found)
May 4 22: I6:09 localhost dhcpd: DHCPDISCOVER from OO:Oc:29:68:4c:43 via enol 6777736
May 4 2 -2:16:10 localhost dhcpd: DHCPOFFER on 192.168.1.102 to OO:Oc:29:68:4c:43 (may]) via enol 677
7736
May 4 22:16:10 localhost dhcpd: DHCPREQUEST for 192.168.1.102 (192.168.1.IOI) from OO:Oc:29:68:4c:
43 (mayl) via enol 6777736
May 4 22:16:10 localhost dhcpd: DHCPACK on 192.168. I.102 to OO:Oc:29:68:4c:43 (mayl) via enol67777
36
Hoac grep dhclient /var/log/message
3. Gan IP danh sin cho client

May server:
[root@mayl -]# vi /etc/dhcp/dhcpd.conf
75 host fantasia {
76 hardware ethernet OO:Oc:29:98:bf:be
77 fixed-address 192.168.1.150;
}
# systemctl restart dhcpd
May client :
# ifconfig ethO
ethO Link encap:Ethernet HWaddr OO:OC:29:98:BF:BE
inet addr:192.168.1.150 Bcast:192.168.1.255 Mask:255.255.255.0
inet6 addr: fe80::20c:29ff:fe98:bfbe/64 Scope:Link
4. Ciu hinh multi subnet

Tren dhcp server khai bao them subnet
Phien Ban Thir Nghifm - L11'11 Hanh N9i B9 141

111i1en-
,.,
TRUNG TAM DAO T�O M�NG MAY TiNHNIIAT NGH:i:
D6I TAC DAO T�O CUA MICROSOFT T� Vf:E:T NAM
_ I 05 Ba Huyen Thanh Quan, Q3, TP. HCM Miclosott' Partner
g
subnet 172.16.0.0 netmask 255.255.255.0 {

range 172.16.0.10 172.16.0.20;
option broadcast-address 172.16.0.255;
option routers 172.16.0.1;
default-lease-time 600;
option domain-name-servers 8.8.8.8;
option domain-name "nhatnghe I .com";
max-lease-time 7200;
}
# systemctl restart dhcpd
May client
# ifconfig eth1
ethl Link encap:Ethemet HWaddr OO:OC:29:98:BF:C8
inet addr:172.16.0.10 Bcast:172.16.0.255
. . Mask:255.255.255.0
.
inet6 addr: fe80::20c:29ff:fe98:bfc8/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:l
RX packets:138 errors:0 dropped:O overruns:O frame:O
TX packets:146 errors:O dropped:O overruns:O carrier:O
collisions:O txqueuelen:1000
RX bytes:18253 (17.8 KiB) TX bytes:33463 (32.6 KiB)
Interrupt:16 Base address:Ox2080
142 Phien Bin Thir Nghifm - L1111 Hanh Nqi Bq

J>A�..
'Tl� T�UN<? TA� DAO T�� M�NG MAY TiNHNHA! NGH:f:
"'/flE:"J: DOI TAC DAO T�O CUA MICROSOFT T� �T NAM
--:��I�..
,
., I 05 Ba Huyen Thanh Quan, Q3, TP. HCM
A

•ICIOSOft·Partner
Gold Leaming
· FTP Server
1. Cai c1Jt VSFTP
FTP la dich v1,1 cung cdp oo chB truy€n tin ducri d�ng file thong qua m�ng tcp. Co nhi€u
chucmg trinh ftp server sir d1,1ng tren Linux nhu: Vsftpd, Wu-ftpd, PureFTPd, ProFTPD, ... Trong
giao trinh nay se trinh bay Vsftpd
- Cai d�t g6i vsftpd-2.2.2-6.el6_0. l.i686.rpm
# rpm -ivh /media/Packages/vsftpd-3.0.2-9.el7.x86_64.rpm

warning: /media/Packages/vsftpd-3.0.2-9.el7.x86_64.rpm: Header V3 RSA/SHA256
Signature, key ID f4a80eb5: NOKEY
Preparing... ################################# [ 100%]
1:vsftpd-3.0.2-9.el7 ################################# [100%]
K�&i d9ng vsftpd:
[root@localhost-]# systemctl enable vsftpd

In -s '/usr/lib/systemd/system/vsftpd.service' '/etc/systemd/system/multi
user.target. wants/vsftpd .service'
[root@localhost-]# systemctl start vsftpd
[root@localhost-]# systemctl status vsftpd
vsftpd.service - Vsftpd ftp daemon
Loaded: loaded (/usr/lib/systemd/system/vsftpd.service; enabled)
Active: active (running) since Mon 2015-05-04 22:30:56 EDT; 5s ago
Process: 14756 ExecStart=/usr/sbin/vsftpd /etc/vsftpd/vsftpd.conf (code=exited,
status=O/SUCCESS)
Main PIO: 14757 (vsftpd)
CGroup: /system.slice/vsftpd.service
aa14757 /usr/sbin/vsftpd /etc/vsftpd/vsftpd.conf
May 04 22:30:56 localhost.localdomain systemd[l]: Started Vsftpd ftp daemon.
2. Ciu hinh vsftpd server ca ban

file dung de c!u hinh vsftpd server la /etc/vsftpd/vsftpd.conf
- Sira file du hinh vsftpd.conf nhu sau:
vi /etc/vsftpd/vsftpd.conf
12: anonymous_enable=NO # khong cho phep anonymous login vao

16: local enable=YES # Cho phep ngm:ri dung Cl,lC b9 login vao
19: write enable=YES # Cung dp quy€n ghi cho ngm:ri dung
29: #anon_upload_enable=YES
33: #anon-mkdir-write-enable= YES
40: xferlog_enable=YES # Cho phep ghi log
51: xferlog_file=/var/log/vsftpd.log
connect_from_port_20=YES. # Sir dµng c6ng 20 cho FTP-Data
Phien Ban Thir Nghifm - LtrU Hanh N9i B9 143

"/fr'X
TRUNG TAM DAO T�O M�NG MA.Y TiNHNIIAT NGH:E;
...,,..J:.�e,t,
D6I TA.C DAO T�O CUA MICROSOFT T� Vl:E:T NAM �,, ..
I 05 Ba Huyen Thanh Quan, Q3, TP. HCM Microsoft· Partner
,., A
86: ftpd banner=TrungTam DaoTao Mang May Tinh Nhat Nghe

126: use�list_enable=YES # Nhilng nguoi dung trong user_list bi cfun truy c�p
-T:;i.o User cho phep truy c�p FTP server:

[root@localhost-]# useradd u1
[root@localhost-]# useradd u2
[root@localhost-]# passwd u l
[root@localhost-]# passwd u2
- Khcn d{mg vsftpd

[root@localhost-]# service vsftpd start
Starting vsftpd for vsftpd: [OK]
- FTP server khi ch:;i.y dn ma port (20,21) nen ta phai ma 2 port nay tren firewall hay tit
firewall.
3. FTP client
3.1. Truy c,p ftpserver tir Linux:
Cai g6i ftp-0.17-5 l . l .el6.i686.rpm
# rpm -ivh /media/Packages/ftp-O. l 7-5 l . l .el6.i686.rpm
[root@localhost -]# ftp 192.168.1.20

Connected to 192.168.1.20 (192.168.1.20).
220 (vsFTPd 2.2.2)
Name (192.168.1.20:root); u1
331 Please specify the password.
Password:123
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> Is -I
227 Entering Passive Mode (192,168,1,20,132,28).
150 Here comes the directory listing.
-rwxr-xr-x 1 0 0 25080 Jul 19 15 :41 basename
-rwxr-xr-x 1 0 0 874184 Jul 19 15:41 bash
226 Directory sendOK.
ftp> mget bash
mget bash? y
227 Entering Passive Mode (192,168,1,20,22,46).
150Opening BINARY mode data connection for bash (874184 bytes).
226Transfer complete.
874184 bytes received in 0.139 secs (6303.70 Kbytes/sec)
3.2. Truy qp tir windows

+ dung l�nh ftp
C:\>ftp 192.168.1.20
Connected to 192.168.1.20.
220 (vsFTPd 2.2.2)
User (192.168.1 '20'.{none)): u1
331 Please specify the password.
144 Phien Ban Thii' Nghifm - L11'11 Hanh Nqi Bq

.,,..,L,9'1lett, TRUNG TAM DAO T�O M�NG MAY TiNHNIIAT NGJil; �'
--tt---
rf,r'I; D61 TAC DAO T�O CUA MICROSOFT T� VJl;T NAM
NHAT NGHe Tel; 39.322. 734 - 39.322.735 - Website: www.nhatnghe.com
Microsoft·Partner
"11···
Gold Learning
Password:
I 230 Login successful.
.ftp>
Kiem tra
ftp> ls -I
200 PORT command successful. Consider using PASV.
150 Here comes the directory listing.
-rwxr-xr-x 1 0 0 25080 Jul 19 15:41 basename
-rwxr-xr-x 1 0 0 874184 Jul 19 15:41 bash
226 Directory send OK.
: 128 b es received in 0.00Seconds 128000.00Kb es/sec.
+ Dung tool Filezilla
� tdlt � I,ansfer � l)ool,n,arl<s t:lefp tiew versiOn avolable!

�- • ff:zf:'7'J�j.;"Ji � :�: r:i � .t/ ,
i !jost: I
200
PASV
-,Q
192.168,J,20 11,jsemome:
to Binary mode.
W Enter inO PassiYe Mode (192> 168> 1,20,2031S3),

STOP..._e,rtf
150 Ok tt> W1d deto,
� Transfer complete.
Fie tronsfer successfu, transf•rred 3<!8 bl't••
in 1 ,econd
· e site: /mme/ul.
lt-l_ocal....,...ste.,.,:,.._D_:1-,-------� �<i: Remot
V
@
'J My Computer 1· ,3 I zt
Sh)i A: <cJ (?) home
·�Q b&
<tl·• 0: (1\/MWare)
!� «. E: (!DATA)
$·..;.},F:
$;;.,,. G: (0903397188)
i.,;'
.!.·
"*'lllP ", , · Filename
6
flename I Filesize 1 FilesiZe Filetl'Pe last modified Permissions 0
FileFok ii:::) ..
fi;jtemp File Fok [isl basename 25,080 FJle 7/19/201210:4... ..,wn�n�x o,
e.)XP
� daemcn347.exe
FlloFok
l!)
ibash �74,184 File 7/19/201210:4... -rwxr·xr-x Ol
535,552 EX£ Fi vmware.rtl 318 RichTextF...
.oper#ler-Z.3-x86... 195,067,582 WnRAf
}ru IUtY.l,g 8,601 Text 0c" ,·
1)-..rtf 3<!8 Rich Te ;,, .
il-•--l<sta... 114,368,379 EXE Fa:�/
";...:�'
+ Su dyng Total commander

Ttto k�t n6i cho u l
Phien Bin Thfr Nghifm - L1111 Hanh Nqi Bq 145

TRUNG TAM DAO T�O M�G MAY TINHNHATNG11¥
�,..J:.'1!
"f,rr'J; elf! B6I TAC BAO T�O CUA MICROSOFT T� Yq:TNAM
,., I 05 Ba Huy�n Thanh Quan, Q3, TP. HCM
A
M"ICl'OSOlt· Partner
�_.;,>i:! learning
g
W� Stomg lho ....-,,dis inseael

0 Ute fflPI<! p...-.1 to poled lhe pau-,i
Aomo!elii:
l,ocalm:
rnd
TODCEC.BAT iDu·inttt\a-�
boali,,i ou�"""'"'�""b�... (i,.e.��l
I] CONF16.SYS 0 Send commar,d to teep e<mo<!ion oive:
lillO.SVS
ffiMSDDS.SYS
@ NTDETECT.COM � Aemembef conte,:.ii,;ii � &.� fn <achll
[ijntldr E11C:<1Cq cl lie......., �!!,!F·8 l po,<iJlo) ___ 3J
f] pegelie.•,. U
0� JI Concel II Help t:::=:'...J
!'-��--��--� i
0k / 2.0S5,395 kin 0/ Slileo, o 112 dift•J Ok/ 2,095,JSS kin O /9folet. o / 12dirf•I
. . . . �I .
. . • . . �
F4Edit F5 f6Move F7Newfokler FB Delete Alt+F4 Eoiit
Man hinh k�t n6i d�n ftp server ciia u 1
Bies Mark �ommands Net � C�ation ;i.tart !:!eip
� �l *., ++
I I
ailing for .erver...
:::·:,.,..:,:,;:·::.:··:·::::,�::::�.:.:· "·':
FTP Transfer mode't.BiniWJ �I

. . ----- (•�!;;�:�·;�:)
. •····· --- ... - . . .-�1
·.. ,.. , ·Disconnect
_ .. _ .. :. 6 Dwectorjl send OK. v_ ,
O,�Jftp://u1@192.168.1.20 '\ .. !G:Jc.y]Lnon e..] 5.694.488kof20.482.84 01dree \ ..
* "' Tc.\Program Files\· • •
----:Ext-· Size __ .Date ------- Attr.•�
... . �lit .,�,,,, c,!,ize, , [�:: · .. . : All; ,.. I·
i'··
;[:lbasename
<DIR> 01/01n601 07:08-···
25 .0 80 07/19/201215:41-755
____ ---·----------·------ <DIR> •. 07n5/201219:D·- _ L•\
dobe <DIR> 06/29/2012 23:48-·-
874.184 07/19/2012 15:41-755 Common Faes <DIR> 06/30/2012 0 0:39--
[i:!ate.rU 34 8 07/19/2012 16:08-644 ComPlus Applications <DIR> 06/29/2012 23:01--
; Creative <DIR> 07/10 /2012 0 6:25--
1 lnstallShield Installation Inf.. <DIR> 06/30/2012 0 9:l�h-
l Intel <DIR> 07/07/2012 0 8:18-·
<DIR> 06/29/2012 23:o;J--·
i, <DIR> 06/29/2012 23:10.···
: _ !::-liteCodec Pack <DIR> 06/30 /2012 0 0:05--·
,fDMessenger <DJR> 06/29/2012 23:00--·
I JDMicrosoft ActiveSync <DIR> 06/29/2012 23:44-
i !D lllic,osoft lrontpage <DIR> 06/29/2012 23:0 4-
j :DMicrMOlt Office <DIR> 06/29/2012 23:44--
i iDMicrosofl V-iaual Studio <DIR> 06/29/2012 23:44---
iDMictosofl \rlmb <DIR> 06/29/2012 23:44---
!DMictosofLNET <DIR> 06/29/2012 23:45--
iDMovie Malter <DIR> 06/29/2012 23:02·-
iDMozilla f"•efox <DIR> 07n9/201215:06-
!DMozillaMaintenance SetVic1, <DIR> 07/19/2012 20:12--
iDMSN <DIR> 06/29/2012 23:00.-
��-'
i(JMSN Gaming Zone <DIR> 06/29/2012 23:00.- ,�,
0 }t I 878 k in O /_ 3 files__ ... -- """'""'"' , '"""""·==-,·---::" '" 0 k_/ 0 k_in O / _ 0 _ files. 0 I 34 dir(s)___""''""'"'""'"'"'"""'·'""'""''""'"'" -_,,,,._,,_o:,-c:,ec:r
;g;_:
�;;;.,;;;��; /
F4 Edit F5Copy F6Move I F7 Ne#Folder I F8 Delete All+F 4 Exit
4. Ciu hinh vsftpd

4.1 Cim user login ftp
Ma file /etc/vsftpd/user_list
(userlist_deny=YES (default), never allow users in this file)
Nh�p danh sach cac user dm aim, vd: u 1
146 Phien Bin Thv Nghifm - Ltru Banh N{H Bq

JoilL,-,,,e,r, TRUNG TAM DAO T�O M�NG MAY TINHNBA.T NGHt �.'!,
r/,r'J; ��"
1>61 TAC BAO T�O CUA MICROSOFf T�I �T NAM '\l,,.
-N-HA_T_N_G_H_E· Tel: 39.322. 734 - 39.322.735 - Website: www.nhatnghe.com
llrlCIOSO'lt· Partner
Goid Learning
login 1� voi u l se ko tharlh cong
Cho phep root login:

mo file /etc/vsftpcl/ftpusers them # tru&c root
Login voi root --> thanh cong
4.2 Thay d6i thwr myc mij.c djnh pub: /var/ftp/pub
Ma file /etc/vsftpd/vsftpd.conf
#mkdir /hocvien
#mkdir /hocvien/download
#mkdir /hocvien/upload ; mltc nhien user ko duqc quy�n upload vao thu mvc
g6c cua ftp
#chown ftp /hocvien/upload
#chmod 777 -R /hocvien/upload
them dong: anon_root=/hocvien

#systemctl start vsftpd
Chu y: d5i voi user local, sfr dvng l�nh sau d� thi�t l�p l�i thu m1,1c root: local_root=/home
4.3. Bi cho user anonymous upload:

Mo file /etc/vsftpd/vsftpd.conf
Bo# tru&cdong 27,31: anon_upload_enable=YES
Them dong:
anon other�write_enable=YES
anon umask=022
service vsftpd restart
Clienttruy cip:
IE: flp://192.168.1.20
Upload m(>t sA file vao thu m1,1c pub
IE: ftp:// 192.168.1.20 (page: chon Open FTP page in windows explorer)
login nvl t�i day nvl co th� upload holtc download (ftp://hvl:123456@192.168.1.21)
4.4.Cim user anonumous troy ci,p:

Mo file /etc/vsftpd/vsftpd.conf, d�t l�i: anonymous_ enable=NO
service vsftpd restart
4.5 Chi cho user troy ci,p hen trong home
chroot local user=YES
chmod a-w /home/ul
4.6 show file hiden

force dot files=YES
S. Thiit l i,p nhi�u FTP site tren cimg may chii Linux, cung cip ca ch� hosting FTP
Gia sir cdu hinh ftp
Phien Bin Thir Nghifm - LU'U Hanh Nqi Bcj 147

TRUN9 TA¥ DAO T�� M�G MAY TINH NBA! NG�
..AL-,,,eJ't! ..
7,r'J; D6I TAC DAO T�O CUA MICROSOFT T� VJ¥T NAM �,�"
,., � I 05 Ba Huy�n Thanh Quan, Q3, TP. HCM Micn,sott· Partner
r;.i,.A:l Leaming
flp://192.168.1.20 cho annonymous

flp://192.168.1.22 cho local user
D�t ip th(r 2cho ethO:
vi /etc/sysconfig/network-scripts/ifcfg-ethO
Them dong IPADDR2=192.168.l.22 vao cuBi file
service network restart
[root@localhost -]# ip addr

2: ethO: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc
pfifo_fast state UNKNOWN qlen 1000
link/ether OO:Oc:29:98:bf:be brd ff:ff:ff:ff:ff:ff
inet 192; 168.1.20/24 brd 192.168.1.255 scope global ethO
inet6 fe80::20c:29ff:fe98:bfbe/64 scopne link
valid_lft forever preferred_Ift forever
T�o file du hinh cho ftp th(r 2

#cp /etc/vsftpd/vsftpd.conf /etc/vsftpd/ vsftpd.local.conf
Sfra file du hinh /etc/vsftpd/ vsftpd.local.conf chi cho local user truy c�p
12 anonymous_enable=NO
27 #anon_upload_enable=YES.
3 t #anon-mkdir-write-enable=YES
.
listen address= t 92.168. t .22
Sfra file du hinh /etc/vsftpd/vsftpd.conf chi cho phep anonymous truy c�p
dong 12 anonymous_enable=YES
dong 27 anon_upload_enable=YES
dong 3 t anon_mkdir_write_enable=YES
anon_root=/ftphocvien
listen address= l 92.168.1.20
Kh6i d('mg l�i djch vv: service vsftpd restart
148 Phien Ban Thii' Nghi�m - LU'II Hanh Nqi Bq

_,,2.,."'l/,e/11
7,w:,'J;
TRUNG TAM DAO TA
1>61 TAC 1>.AO T�O .
. 0 M�NG MAY TINH NHA.T NGffl;
CUA MICROSOFT T� VitT NAM
-:�11�
� ...
----E 105 Ba Huy�n Thanh Quan, Q3, TP. HCM Microsott· Partner
NH,._T NGH · Tel: 39.322.734 - 39.322.735 - Website: www.nhatnghe.com Golr1 Leaming
Topic 11: File Sharing

NFS Server Configuration
Samba Server Configuration

TRUNG TA.Mf>AO T�O M�NG MAY TINHNIIATNG�
�elf, 1>61 TAC BAO T�O CUA MICROSOFT T� VJ¥TNAM
.., 105 Ba Huy{:n Thanh Quan, Q3, TP. HCM Miclosolt' Partner
NHAT NGHe Tel: 39.322. 734 - 39.322.735 - Website: www.nhatnghe.com
NFS Server Configuration

NFS: la djch V\l chia se file giua cac may linux
1. Cai c1Jt NFS

NFS la djch V\l h6 trq Cd che chia se tai nguyen giiia cac may chu Linux.
- Ki�m tra NFS da duqc cai d�t hay chua:
[root@localhost Desktop]# rpm -qa I grep nfs
nfs-utils-1.3.0-0.8.el7.x86 64
, Ngoai ra NFS con doi hoi phai co m{>t Daemon quan trQng dung d� quan ly cac ket ndi d6 la
rpcbind. M�c djnh rpcbind duqc cai d�t sin tren h� thdng. rpcbind listen tren TCP port 111.
- Ki�m tra rpcbindda duqc cai d�t tren h� thdng:
[root@localhost Desktop]# rpm -qa rpcbind
rpcbind-0.2.0-26.el7.x86_64
2. Ciu hinh NFS server

# vi /etc/idmapd.conf
5 Domain = nhatnghe.com
file dung d� cdu hinh NFS la /etc/exports
- T�o m{>t thu mvc chia se nhu sau:
[root@may1 -]# mkdir -p /data/ { software,dulieu,database}
[root@mayl -]# cp -rv /etc/* /data/dulieu/
- Cdp quy€n truy c�p vao thu m1,1c /share:
[root@may l -]# chmod 777 /data/dulieu/
[root@mayl -]# chmod 777 /data/database/
- Sfra file /etc/exports them vao dong sau:

/data/software *(ro,sync)
/data/dulieu 192.168.1.0/24(rw,sync)
/data/database 192.168.1.100/32(rw,sync)
NFS G6m co cac quy€n truy c�p thong d1,1ng nhu sau:
secure : Port tu client requests phai nho hon 1024
ro : Read only
rw : Read - write
noaccess : Denied access
root_squash : Ngan remote root users
no_root_squash : Cho phep remote root users
- Khoo d{>ng cac dich vv:
# systemctl restart rpcbind

# systemctl start nfs-server
#systemctl start nfs-lock
#systemctl start nfs-idmap
# systemctl enable rpcbind

# systemctl enable nfs-server
# systemctl enable nfs-lock
156 Phien Bin Thii' Nghifm - Ltru Hanh Nqi Bf}

.,{l,r'J;
etf! TRUNG TAM DAO T�O M�G MAY TiNHNBAT NG�
.,,.A�..:Jl
DOI TAC BAO T�O CUA MICROSOFT T� VIf;T NAM
-:�I�
"\l,..
---- I 05 Ba Huy�n Thanh Quan, Q3, TP. HCM
NHAT NGH$ Tel: 39.322.734 - 39.322.735- Website: www.nhatnghe.com Mictosoft'Partner
Golcj Leaming
# systemctl enable nfs-idmap

- KiSm tra rpcbind daemon:
[root@mayl -]# netstat -nltp

Proto Recv-Q Send-Q Local Address Foreign Address State PIO/Program name
tcp O O 0.0.0.0:111 0.0.0.0:* LISTEN 1471/rpcbind
tcp O O 0.0.0.0:22 0.0.0.0:* LISTEN 8502/sshd
Luu y: sau khi thay i16ifile /etc/exports br;m phai restart daemon nfs hay dung cac l�nh sau:
exportfs -a : Reload l�i toan b9 c�u hinh cho NFS
exportfs -r : Reload l�i nhung thay d6i trong du hinh cho NFS
- Do NFS cdn ma m9t sd port khi ch�y nhu (l 11, 2049 ..) nen ta cdn c�u hinh firewall ma cac port
nay hay cit firewall:
- KiSm tra nfs da dugc quan ttj b&i rpcinfo
[root@mayl -]# rpcinfo

100000 4 tcp6 ::.0.111 portmapper superuser
100000 3 tcp6 ::.0.111 portmapper superuser
100000 4 uqp6 ::.0.111 portmapper superuser
· 100000 3 udp6 ::.0.111 portmapper superuser
100000 4 tcp 0.0.0.0.0.111 portmapper superuser
100000 4 ud 0.0.0.0.0.111
3. Ciu hlnh NFS client:. ' .

. s.
3.1. Cau hinh truy cip bing tay
- T�o thtr m\(c:
[root@localhost -]# mkdir -p /server/ { software,dulieu,database}
- Mount NFS file:
[root@localhost -]# mount -t nfs 192.168.1.101:/data/software /server/software

[root@localhost -]# mount -t nfs 192.168.1.101:/data/dulieu /server/dulieu
[root@localhost -]# mount -t nfs 192.168.1. l O I :/data/database /server/database
- KiSm tra cac mount point tren h� th6ng:

root@localhost dulieu]# mount I grep nfs
92.168.1.161 :/data/software on /server/software type nfs4 ( rw, relatime,vers=4 .e, rsize
62144,wsize=262144,namten=255,hard,proto=tcp,port=0,timeo=600,retrans=2,sec=sys,clien
ddr=l92.168.l.103,1oca1 tock=none,addr=192.168.1.101)
92.168.1.101:/data/dulieu on /server/du1ieu type nfs4 (rw,relatime,vers�.0,rsize=262
4,wsize=262144,namlen=255,hard,proto=tcp,port=0,timeo=600�retrans=2,sec=sys,clientadd
192.168.l.103,l�ca1 1ock=none,addr=192.168.1.101)
92.168.1.161:/data/database on /server/database type nfs4 (rw,relatime,vers=4.6,rsize
62144,wsize=262144,nam1en=255,hard,proto=tcp,port=0,timeo=600,retrans=2,sec=sys,clien
ddr=l92.168.l.103,local_lock=none,addr=l92.168.1.101)
- KiSm tra:
Phien Ban Thir Nghifm-LU'U Hanh_N9i B9 151

TRUNG TAM oAo T�o M�G MAY TiNHNHATNGffE;
�e"' D6I TAC DA.0 T�O CUA MICROSOFT T�I Vf.E:TNAM
I 05 Ba Huy�n Thanh Quan, Q3, TP. HCM llllic,osott-Pa rtner
NHAT NGHe Tel: 39.322.734- 39.322.735-Website: www.nhatn he.com
� A
f;.i,Ati Leaming
g
[:cootBlocalhoat -]I 11 /se:cve:c/dulieu/ I more
total 1976
d:cwx:c-x:c-x 3 :coot :coot 4096 Jul 11 03:03 ab:ct
d:cwx:c-x:c-x 4 :coot :coot 4096 Jul 11 03:03 acpi
-:cw-:c--:c-- l :coot :coot 49 Jul 11 03:03 adjtime
-:cw-:c--:c-- l :coot :coot 1512 Jul 11 03:03 aliases
-:cw-:c--:c- - l :coot :coot 12288 Jul 11 03:03 aliases.,db
d:cwx:c-x:c-x 2 :coot :coot 4096 Jul 11 03:03 alsa
d:cwx:c-x:c-x 2 :coot :coot 4096 Jul 11 03:03 alternatives
-:cw-:c--:c-- l :coot :coot 541 Jul 11 03:03 anac:contab
-:cw-:c--:c-� l :coat :coot 148 Jul 11 03:03 asound.conf
3.2. Ciu hinh truy ciP trong file /etc/fstab

- Sua file /etc/fstab nhu sau:
[root@localhost -]# vi /etc/fstab
[root@localhost -]# vi /etc/fstab

tmpfs /dev/shm tmpfs defaults O0
devpts /dev/pts devpts gid=5,mode=620 0 0
sysfs /sys sysfs defaults O0
proc /proc proc defaults O0
192.168.1.101:/data/software /server/software nfs ro,sync,hard,intr O 0
192.168.1.101 :/data/dulieu /server/dulieu nfs . rw,sync,hatd,intr O 0
192.168.1.101:/data/database /server/database nfs rw,sync,hard,intr O 0
#man nfs
• soft I hard Determines the recovery behavior of the NFS client after an NFS request times out.
If neither option is specified (or if the hard option is specified), NFS requests are retried
indefinitely. If the soft option is specified, then the NFS client fails an NFS request after
retrans retransmissions have been sent, causing the NFS client to return an error to the
calling application.
NB: A so-called "soft" timeout can cause silent data corruption in certain cases. As
such, use the soft option only when client responsiveness is more important than data
integrity. Using NFS over TCP or increasing the value of the retrans option may
mitigate some of the risks of using the soft option.
• intr I nointr This option is provided for backward compatibility. It is ignored after kernel 2.6.25.
syncln other words, under normal circumstances, data written by an application may not
immediately appear on the server that hosts the file.
• Sync: If the sync option is specified on a mount point, any system call that writes data to files on
that mount point causes that data to be flushed to the server before the system call
returns control to user space. This provides greater data cache coherence among clients,
but at a significant performance cost.
- Reboot l{li M thdng: init 6

- mount, ki�m tra cac mount point da duqc t{lo.
chu y: sit dimg l?nh man nfsstat d� xem them cac option cita lenh nfsstat.
152 Phien Ban Thir Nghifm - L1111 Hanh N9i B{,

L,-,,,e,c, TRUNG TAM DAO TtO MtNG MAY TiNHNHAT NGBl
_.,
. '"fffr'J: 001 TAC D.AO T4-0 CUA MICROSOFT T*1 �T NAM.
---- I 05 Ba Huy�n Thanh Quan, Q3, TP. HCM Aficrosoft·Partner
NH,(T NGH$ Tel: 39.322. 734 - 39.322.735 - Website: www.nhatnghe.com Goid Learning
- Li�t ke danh sach cac portmapper da dang ky tren host
[root@mayl -]# rpcinfo -p Iocalhost

program vers proto port service
100000 4 tcp 11·1 portmapper
100000 3 tcp 111 portmapper
100000 2 tcp 111 portmapper
100000 4 udp 111 portmapper
100024 1 _ udp 34563 · status
100024 1 tcp 41552 status
Phien Ban Thii' Nghifm - Lllll Hanh Nqi Bq 153

A1"'1l�
r--fffl:"X
TRUNG TAM E>AO T�O M�NG MAY TINHNHA.T NGHE:
B6I TAC BAO T�O CUA MICROSOFT T� �T NAM �". ..
105 Ba Huyen Thanh Quan, Q3, TP. HCM Miclosolt· Partner
� A
".i,:-!:l Leaming
Samba server
1. Cai dJt samba:
La djch V\l h6 trq chia se tai nguyen tu h� th6ng Linux vai cac h� th6ng khac nhu Linux,
Windows.
- Ki8m tra samba da duqc cai d�t hay chua:
# rpm -qa I grep samba
samba-common-4.1.12-21.el7_l.x86_64
samba-4.l.12-21.el7-l.x86-64
samba-client-4.1.12-21.el7-l.x86-64
samba-Iibs-4.l.12-21.el7-1.x86-64
2. Ciu blob samba server

-T�o cay thu mvc chia se nhu sau:
[root@mayl -]# mkdir -p /nhatrighe/{giaovien,hocsinh,baithi,software}
[root@mayl -]# chmod 777 /nhatnghe/giaovien/
[root@mayl -]# chmod 777 /nhatnghe/hocsinh
[root@mayl -]# chmod 777 /nhatnghe/baithi
[root@mayl -]#
- Sfra file /etc/samba/smb.conf sfra cac cfmg sau:

[root@mayl -}# vi /etc/samba/smb.conf
Them dong
66 unix charset = UTF-8
Sfra dong:
89 workgroup = WORKGROUP
124 passdb backend = smbpasswd
-T�o user truy c�p

[root@mayl -]# groupadd giaovien
[root@mayl -]# groupadd hocsinh
[root@mayl -]# useradd -G giaovien gvl
[root@mayl -]# useradd -G giaovien gv2
[root@mayl -]# useradd -G hocsinh hsl
[root@mayl -]# useradd -G hocsinh hs2
-T�o m�t khAu cho nguai dung samba

[root@mayl ...,,]# smbpasswd-a gvl
[root@mayl -]# smbpasswd -a gv2
[root@mayl -]# smbpasswd -a hsl
[root@mayl -]# smbpasswd -a hs2
- Start daemon smb:
[root@localhost Desktop]# systemctl start smb

[root@localhost Desktop]# systemctl start nmb
I [root@localhost Desktop]# systemctl enable smb
t 54 Pbien Bin Tbii' Nghifm - Llru Iianb N{,i B9

TRUNG TA.M DAO T�O M�NG MAY TiNH NIL\T NGlfl:
JtA�,."Tl,e/'tt
1>61 TAC BAO T�O CUA MICROSOFT T� Vlt:T NAM
"'ff'lt"J:
�' °'>I··,
�· � 105 Ba Huyen . Thanh Quan,· Q3, TP. HCM
NHATNGHE· Tel: 39.322. 734 - 39.322. 735 .
llrlCIOSOff· Partner
- Website: www.nhatnghe.com Goirt Leaming
In-s '/usr/lib/systemd/system/smb.service' '/etc/systemd/system/multi

user.target.wants/smb.service'
[root@localhost Desktop]# systemctl enable nmb
In-s '/usr/lib/systemd/system/nmb.service' '/etc/systemd/system/multi
user.tarj!;et.wants/nmb.service'
- Do samba cfin ma m{>t s6 port khi ch�y nhu (139,445, ..) nen ta cfin c!u hinh firewall ma cac
port nay hay tilt firewall:
3. Ciu hinh samba client_

3.1. Tren Windows
Vao Start menu-> ch<;m Run: \\192.168.1.101

Nh�p user hs1, password: 123
f,He fdit_. ¥1.ew. Iools. !:!elf> '.

Organize ... Network. and Sharing_ Center
* Favorites
!If Desktop
Recent Place�
:,,) Libraries
;I:! Computer
"l J
t_ Local Disk (C�)
hsl (\\192.168.1.101) Offine MoiiJbiiityo Not available

.. Shan.:· Offo ne status: Online
l .....,,{, . .....,_.......................-.. . . ... ..._...._ ..... ... -......... _............. ....... _........ ......... . . .. . .. ... . .
3.2. Tren Linux

- T;w thu mvc:
[root@localhost-]# mkdir /giaovien/
- Mount smb file:

[root@localhost-]# mount-o username=gvl,password=l23 //192.168.1.20/gvl /giaovien
4. Share tai nguyen file
[global)
workgroup = MYGROUP
server string= Samba Server Version %v
passdb backend = srnbpasswd
log file = /var/log/samba/log.%m
max log size = 50
create mask = 0766
directory mask= 0777
cups options= raw
[homes]
comment = Home Directories
read only = No
Phien Ban Thll' Nghifm -Lll11 Hanh N9i B9 155

TRUNG TAM BAO TtO MtNG MAY TINH NRAT NG�
.AAL�e,tt, .../,,1,
-�,.f
7111:'X B6I TAC BAO T*O CUA MICROSOFT T*I VJl;T NAM ,� -
105 Ba Huyen Thanh Quan, Q3, TP. HCM Mlclosolt· Partner
NHATNGHE· Tel: 39.322. .734 - 39.322.735""" Website: www.nhatn he.com
_, A
g
browseable No
[printers]
corrunent = All Printers
path = /var/spool/samba
printable = Yes
browseable = No
# T9o share hocsinh: mQi user c6 th� d9c, ghi

[Hocsinh]
corrunent = Du lieu dung chung
path = /nhatnghe/hocsinh
read only= No
# T9o share Baithi: nh6m giaovien du9c d9c, ghi, nh6m

hocsinh chi c6 th� d9c
[Baithi]
corrunent = Bai thi hoc ky
path.= /nhatnghe/baithi
valid users = +hocsinh, +giaovien
write list = +giaovien
# T9o share Giaovien, gvl t9o, gv2 khong th� xem

[Giaovien]
corrunent = Bai thi hoc ky
path = /nhatnghe/giaovien
valid users = +giaovien
write list = +giaovien
create mask.= 0760
directory mask = 0770
# T�o share Software m9i use� chi d9c

[Software]
comment = Phan mem co ban
path = /nhatnghe/software
# T9o share �n bgh chi c6 user ht m6i c6 th� truy c�p

[bgh]
comment = Ban giam hieu
path = /nhatnghe/bgh
valid users = ht
read only= No
browseable = No
T�i client thfr truy c�p: \\192.168.1.101
15o Phien Ban Thii' Nghifm - Ltru Hanh Nqi Be}

�� TRUNG TAM E>AO T�O M�NG MAY TINHNIIA.T NGH:f;
"/tn;' DOI TAC DAO T�O CUA MICROSOFT T� VI:f;T NAM -;;�11}.
'\'!,,
--A---� 105 Ba Huy�n Thanh Quan, Q3, TP. HCM Micmsoft·Partner
NH T t\lGH • Tel: 39.322. 734 - 39.322.735 - Website: www.nhatnghe.com Goid Learriing
Giaovien Hocsm hsl Software Printers and

Faxes
S. Samba Swat (version 6.x)

Swat 1a m{>t cong C\l cho phep b�n co th� du hinh SAMBA qua giao di�n Web.
Cai dat:
- Cai dJt them g6i samba-swap
[root@mayl -]# yum install samba-swat
Insta11ing:
samba-swat i686 3.5. I0-125.el6 base 3.0M
Updating for dependencies:
libsmbclient i686 3.5.10-125.el6 base 1.6M
samba i686 3.5.I0-125.el6 base 4.9M
samba-client i686 3.5.I0-125.el6 base 11M
samba-common i686 3.5.I0-125.el6 base 13M
samba-winbind-clients i686 3.5.10-125.e16 base 1.lM
Cdu hinh:
- Sfra file c!u hinh /etc/xinetd.d/swat nhu sau:
[root@testsrv /]# vi /etc/xinetd.d/swat
# default: off
# description: SWAT is the Samba Web A dminTool. Use swat\
# to configure your Samba server.To use SWAT,\
# . connect to port 901 with your favorite web browser.
service swat
{
port = 901
socket_type = stream
wait =no
only_from = 192.168.1.0/24
user = root
server =/usr/sbin/swat
log_on_failure + = USERID
disable = no
}
- Restart l�i service xinetd:
Phien Bin Thir Nghifm - LtrU Hanh Nqi Bq 157

.J>,,.1-r,,�
TRUNG TAM DAO T�O M�NG MAY TiNHNBA.TNGHl
r-fffrl: DOI TAC DA.O T�O CUA MICROSOFT T�I vq:T NAM
NHAT NGH�
� A
[root@mayl samba]# service xinetd restart

Stopping xinetd: [ OK ]
Starting xinetd: [ OK ]
root ma 1 samba#
- Ma trinh duy�t Mozilla Firefox va nh�p vao dja chi sau dS cAu hinh samba-swat:
0 Comectilg..•
+ 192,168.1.20:901
·_ '._.. __ �- � - __.-:_._ - "'

-� �_ .. _ - -------- --- ....... _._ (� . __
Authentication Required �
@ A username and pasSl'!Ol'dare being requested by http:f1!92,168.1.20:901. The site says: "SWAT"
User Name:
Password:
OK j I Cancel
Images Video News
·"'
http://www.mozilla.com/errUS/fitefox/cenl:raJ/ . .· >,,.;
Nh�p vao user root va password => ch<;m Ok
- Man hinh giao di�n samba-swat:
192.168.L20:9Ul
Ple�s� choose a co�on action using one <>flhe above butto�
Sru:ilba Do'r11111entatio1i
• Daemons
o smbd • the SMB daemon
o nmbd - the NetBIOS nameserver
o winbindd - the winbind daemon
• Co11figuration Files
158 Phien Ban Thir Nghifm- L1111 Hanh Nqi Bq

,,,,.A1-.,e}fl TRUNG TAM DAO T�O M�NG MAY TiNHNHAT NGH¥
"'ff,r'J; D6I TAC BAO T*O CUA MICROSOFT T*I Vfl:T NAM
-:�"I� ..,
_N_H_J..,.T_N_G_H-�· Tel: 39.322.734 - 39.322.735- Website:
Microsoft·Pa rtner
www.nhatnghe.com Gold Learning
Cac thanh phdn cdu hinh samba-swat:
II Cung cap cac tai Ii�u tham khao ve samba.
e
HOME
Quan ly thong tin cau hinh chung.
GLOBALS
II Quan ly tai nguyen chia se.
"'
SHARES
Quan ly vi�c chia se may in.
P�NTEFIS
Quan ly Server type, Wins va :rn(>t so tham s6 khac.

lilf
WIZARD
Theo doi tqmg thai cua samba.

�
STATUS
. Xem thong tin cau hinh trong file /etc/samba/smb.conf.

�
VIEW
Quan ly m�t khau
;ia
PASSWORC
Phien Ban Thir Nghifm - Luu Hanh Nqi Bq 159

_,..J'..'Jte't'
"fffl:'X
TRUN9 TA� E>AO T�(? M�NG MAY TINHNBA.! NG!q:
D6I TAC DAO T�O CUA MICROSOFT T�I VQ:T NAM
Microsolt· Partner
�''! � ..
,, _ I 05 Ba Huy�n Thanh Quan, Q3, TP. HCM
NHAT NGH�
t.'.it�i:l Learning
Ma hinh theo doi va quan ly tai nguyen share
I CommitChanges 11 ResetVelues
Base Options
comment ]Bai
'·--"·•thi . ..
·"'-"·hoc ky
-· - ···---
·
. --...-. --··-·""''"''-.'"''·'""•·-· """""'"'-· -·-]J Set Default J
path l/nhatnghe/baithi I Set Default l
Senuitv 0:etions
Help usemame
Help invalid users
Help valid users
Help admin users Set Default
Help read list
Help write list
Help force user
Gi6i h�n ki€u file tren samba:
Veto files = /*.exe/*.com/*.dll/
166 Phieil Ban Thir Nghifm - L111l Hanh Nqi Bf}

Men,
,.,
TRUNG TAM DAO T�O M�G MAY TiNH NIIAT NGH:t
D6I TAC DAO T�O CUA MICROS0Ff T�I vq:T NAM
� 105 Ba Huyen Thanh Quan, Q3, TP. HCM Aficlosoft·Pa rtner
NHAT NGHe
Tel: 39.322.734 - 39.322.735- Website: www.nhatnghe.com Goi,; Learning
Topic 12: Central Authentication Service

NIS - Network Information Service
OpenLDAP
Phien Ban Thir Nghifm - Lu-u Hanh Nqi Bq 161

T NG TAM E>AO T�O M�NG MAY TINHNHAT NGHf;
.AA1"1le,f, RU � ..
""/flrJ; D6I TAC DAO T�O CUA MICROSOFT T�I VJl;T NAM
105 Ba Huy�n Thanh Quan, Q3, TP. HCM ArlCIOSOft· Partnet
NHAT NGHI; Tel: 39.322.734 - 39.322.735- Website: www.nhatn he.com
., A
'.:is)it� Leaming
NIS - Network Information Service

Gioi thifu
• Dich V\l NIS cho phep chfrng thµc t�p chung user
• Qua trinh chfrng th\fc usemame va password giua NIS server va NIS client khong
duqc ma Ma do do khong dam bao an toan
• Dfr li�u trong NIS la du true phkg ( khong t6 cht'.rc thanh cay nhu AD)
Mo hinh g6m 2 may linux
1. Cai dJt NIS

- Ti�n hanh cai d�t cac g6irpm -q I sau:
tokyocabinet-l .4.48-3.el7.x86_64.rpm
ypserv-2.31-8.el7.x86_64.rpm
rpcbind-0.2.0-26.el?.x86_64
2. Khoi tfo NIS server
- Change hostname
# hostnamectl set-hostname may I .nhatnghe.com

# hostnamectl
Static hostname: may I .nhatnghe.com
# reboot
[root@localhost Desktop]# hostnamectl

Static hostname: localhost.localdomain
Transient hostname: may I .nhatnghe.com
Icon name: computer-vm
Chassis: vm
Machine ID:· 0989c9e2f639496da8507c8dbffd2 I 9c
Boot ID: I 38868fatbfc43c2a72c9c8cfe2e2993
Virtualization: vmware
Operating System: CentOS Linux 7 (Core)
CPE O_S Name: cpe:/o:centos:centos:7
Kernel: Linux 3.10.0-229.el7.x86 64
Architecture: x86 64
- Set NIS domain name

# ypdomainname nhatnghe.com
# ypdomainname
nhatnghe.com
# echo "NISDOMAIN=nhatnghe.com" >> /etc/sysconfig/network
. i\dd IP addres�es ycu a!!cv.r tc access ta J\I!S ser'/er

# vi /var/yp/securenets
162 Phien Ban Thir Nghifm - Llfll Hanh Nqi Bq

TRUNG TA.M DAO T,:\O M,:\NG MAy TiNH NBAT NGe::t
.....AJ'.."ll
r-fflr"J; � 1>61 TAC DAO T40 CUA MICROSOFf T4J Vll:T NAM :'I"_.,
-"",.,--.-� 105 Ba Huyen Thanh Quan, Q3, TP. HCM

Mictosoft·Pa rtner
Go!d Learning
255.0.0.0 127.0.0.0
255.255.255.0 192.168.1.0
- Add server and clients' IP address for NIS database
#vi /etc/hosts
192.168.1.101 mayl.nhatnghe.com mayl
192.168.1.103 may2.nhatnghe.com may2
- Start service
#systemctl start rpcbind ypserv ypxfrd yppasswdd
#systemctl enable rpcbind ypserv ypxfrd yppasswdd
- update NIS database
# /usr/lib64/yp/ypinit -m
At this point, we have to construct a list of the hosts which will run NIS
servers. mayl.nhatnghe.com is in the list of NIS server hosts. Please continue to
add
the names for the other hosts, one per line. When you are done with the
list, typ.e a <control D>.
next host to add: may I .nhatnghe.com
Is this correct? [yin: y] y
We need a few minutes to build the databases...
Building /var/yp/nhatnghe.com/ypservers...
Running /var/yp/Makefile ....
gmake[I ]: Entering directory '/var/yp/nhatnghe.com'
Updating passwd.byname...
Updating passwd.byuid...
Updating group.byname...
Updating group.bygid...
- N€u them user m6i trong local vao NIS server, thl,l'c hi�n nhu sau:
# cd /var/yp/
#make
3. Ciu hinh NIS client

- Cai cac g6i sau :
rpm -ivh /media/Pakages/(yp-tools ... , ypbind ... }
# yum install ypbind
- Set NIS domain name
# ypdomainname nhatnghe.com
# ypdomainname
nhatnghe.com
# echo "NISDOMAIN=nhatnghe.com" >> /etc/sysconfig/network
- Change hostname
# hostname may2.nhatnghe.com
Phien Ban Thii' Nghifm - Llfll Banh N{>i B{> 163

Men, TRUNG TAM E>AO T�O M�NG MAY TINHNHA.TNG�
B6I TAC BA.0 T�O CUA MICROSOFT T� VIE;TNAM
105 Ba Huyen Thanh Quan, Q3, TP. HCM Micn,sott· Partner
,., A
,..:iokl Leaming
#hostnamectl
- add server and clients' IP address for NIS database

#vi /etc/hosts
192.168.1.101 mayl.nhatnghe.com mayl
192.168.1.103 may2.nhatnghe.com may2
- Setup, authentication, chQn Use NIS:

]·:,";iif:<0:'.::t:::�·: :.\?.$:�,:>;:'!;";:\�::'::,�:",:,:;::;.::::.�·:::::::� =
Nh�p domain, ip cua may NIS server, OK
NI$ Settfngs
Domain: nhatnghe.com
Server: mayl.nhatnghe.com
•
- Start ti�n trinh ypbind:
#systemctl start rpcbind ypbind
#systemctl enable rpcbind ypbind
- Su d1,mg l�nh ypwhich d� ki�m tra NIS server nao dang phvc V\l nhilng request NIS:
[root@localhost-]#ypwhich
may l.nhatnghe I .com
- L�nh ypcat d� li�t ke thong tin m{>t bang map tren NIS server:
[root@localhost Desktop]#ypcat passwd

gv1: ! ! : 1001: 1003::/home/gv1:/bin/bash
gv2: ! ! : I 002: I 004: :/home/gv2:/bin/bash
hs1: ! ! : 1003: I 005::/home/hs1 :/bin/bash
hs2:! ! : 1004· 1006·:/home/hs2'./bin/bash
u1:$6$nxAo.u8D$EDemFPu4Ckl.5wxtLaNUsVOq .Ngyk9YKx.sQzas0514x3 WDJZ/a Y
164 Phien Bin Thii' Nghifm - LtrU Hanh Ni}i Bi}

TRUNqTA� E>Ao T�� M�NGMAY TiNHNIIA!NG�
-A'L"'lle,,t,
"/fllfl: DOI TAC DAO T�O CUA MICROSOFf T� vq:T NAM
NHATNGHE
., · A105 Ba Huyen . Thanh Quan, Q3, TP. HCM
.
•ICIOSOft·Pa rtner
· Tel: 39.322. 734 - 39.322.735 - Website: www.nhatnghe.com Goid Learning
AHg3kSgbS72Zqn06AlcTwrOJCpac5HakY1:1000:1000:u1:/home/u1:/bin/bash
u2:$6$zNpEe636$CVzpjnM4dHFD6.Ulq5qSgGAx.n8HicZSE1aYu0oTD5p4wQ0i3iP/.
4WXX3Hj7QOvWiS2U09yHP0aNMRh00k761:1005:1007::/home/u2:/bin/bash
root Iocalhost Deskto #
- C§.u hinh trong file /etc/nsswitch.conf d8 h� thdng bi€t dn tim ki€m thong tin a dau:
passwd: fites nis ldap
shadow: files nis ldap
group: fites nis ldap
4. Auto mount
Update user vao NIS server:
- T�o user
[root@ mayl -]#useradd kdl
[root@ may1 -]#useradd kd2
[root@ mayl -]#passwd kdl
[root@ mayl -]# passwd kd l
- Ch�y l�nh make d8 exports tit ca n{>i dung /etc/passwd va /etc/group (login shell, user's.
group, home directory.)
#cd /var/y
[root@mayl yp]#make
gmake[1]: Entering directory '/var/yp/nhatnghe I .com'
Updating passwd.byname...
Updating passwd.byuid...
Updating group.byname...
Updating group.bygid ...
Updating netid.byname...
ake[ I ]: Leavin directo
- T�i NIS client, xem llili ban map:
[root@Iocalhost yp]# ypcat passwd I grep kd

kd1:$6$30VZU4YD$hF/u5.e0.kTam0.TBcnTjbPJFauHUlk3/zgv IjwDte/e.9
UNTDdhd8oDqMJyYPy/v8jLqtl qeRL.vVOuTvjVW.:507:509::/home/kd 1 :/bin/bash
kd2:$6$Rd01Dxnx$e8jsqj01 Jp.G07yd3mFGVCHaCAFwDrGl2Jfg72.X7X
RpLqFMwtedjxVR4uijW9pEPfECuiSLSQSAHJTtlt/2x.:508:510::/home/kd2:/bin/bash
Th\fc hi�n Auto mount

- Tlili nis server cai NFS server
- Chinh si'ra file
[root@mayl yp]#vi /etc/exports
/home *(rw,sync)
- Khoi d{>ng nfs

[root@mayl yp]#systemctl restart nfs
- T�i m�y client:
[root@localhost -]#vi /etc/auto.master
Them dong sau vao cudi file
/home /etc/auto.home --timeout 600
[root@Jocalhost -]#vi /etc/auto.home
Phien Ban Thir Nghifm - Llfll Hanh Nqi Bq l65

Men, ,.,
TRUNG TAM E>AO T�O M�NG MAY TINHNHA.TNGffl
DOI TAC BAO T�O CUA MICROSOFI' T� VQ:TNAM
A
Miclosolt' Partner
�" ..
NHAT NGH� Tel: 39.322.734 - 39.322.735- Website: www.nhatnghe.com r.,.;,)i:i Leaming
So�n n9i dung sau:

* -fstype=nfs,soft,intr,rsize=8192,wsize=8192,nosuid,tcp 192.168.120:/home/&
- Khai d9ng l�i autofs
[root@localhost -]# systemctl restart autofs
Exit va login v6i user kdl, thanh cong, user c6 th� chep du li�u vao /home/kdl (nis server)
LDAP server
Gioi thifu
• Gi6ng nhu NIS, djch v1,1 LDAP cho phep cht'.rng th\fc t�p chung user
• Qua trinh cht'.rng th\fc usemame va password gifra LDAP server va LDAP client duqc
ma h6a, barn bao v§.n d€ an roan
• Du li�u trong LDAP la c§.u true.cay (gi6ng nhu c§.u true AD)
Mo hinh g6m 2 may linux
1. Cai di,t openldap

. Cai cac g6i sau:
openldap-servers-2.4.39-6.e17.x86_64
openldap-clients-2.4.39-6.el7.x86_64
openldap-2.4.39-6.e17.x86_64
2. Ciu hinh openldap

- Chep file c§.u hinh Database Cache
#cp /usr/share/openldap-servers/DB_CONFIG.example /var/lib/ldap/DB_CONFIG
#chown ldap. /var/lib/ldap/DB_CONFIG
#systemctl enable slapd
#systemctl start slapd
- Khai bao OpenLDAP admin password
# slappasswd
New password: 123456
Re-enter new password: 123456
{SSHA}L8P+mQ6g2Kqtpe3rlfOVN39FOilk/avs
-T�o file chrootpw.ldif v6i password ma h6a 6 tren
# vi chrootpw.ldif
dn: olcDatabase= {O}config,cn=config
changetype: modify
add: olcRootPW
olcRootPW: {SSHA}L8P+mQ6g2Kqtpe3rlfOVN39FOilk/avs
- import fiie chrootpw.idif
166 Phien Ban Thir Nghifm - Ltru Hanh Nqi Bq

...,,,.J:."n
TRUNG TA.M DAO T�O M�NG MAY TiNHNJL\T NG�
�,� eJC, B6I TAC B.AO T�O CUA MICROSOFT T�I Vlf:T NAM ::«11,
'\!e,
I 05 Ba Huyen Thanh Quan, Q3, TP. HCM Aficrosoft·Partner
,., A
Goid Learning
# ldapadd-Y EXTERNAL-H ldapi:///-f chrootpw.ldif

# ldapadd-Y EXTERNAL -H ldapi:///-f chrootpw.ldif
SASL/EXTERNAL authentication started
SASL usemame: gidNumber=O+uidNumber=O,cn=peercred,cn=extemal,cn=auth
SASL SSF: 0
- Import basic Schemas: cosine.ldif nis.ldif inetorgperson.ldif
# Jdapadd -Y EXTERNAL -H ldapi:1//-f /etc/openldap/schema/co�ine.ldif

SASL SSF: 0
adding new entry "cn=cosine,cn=schema,cn=config"
#ldapadd -Y EXTERNAL -H ldapi:/1/-f /etc/openldap/schema/nis.Idif

SASL SSF: 0
adding new entry "cn=nis,cn=schema,cn=config"
# ldapadd -Y EXTERNAL -H ldapi:///-f /etc/openldap/schema/inetorgperson.ldif

SASL SSF: 0
adding new entry "cn=inetorgperson,cn=schema,cn=config"
- Khai bao domain

T�o password quan tri directory(directory manager's password)
# slappasswd
New password: 123456
{ SSHA} uiC/LVWneOriCdH WldL5UJ4EIXPdvl 1 x
- T�o file chdomain.ldif

#vi chdomain.ldif
dn: aleDatabase= { 1}monitor,cn=config
changetype: modify
replace: olcAccess
olcAccess: {O}to * by
dn.base="gidNumber=O+uidNumber=O,cn=peercred,cn=external,cn=auth"
read by dn.base="cn=Manager,dc=nhatnghe,dc= com" read by * none
dn: olcDatabase= {2}hdb,cn=config

changetype: modify
replace: olcSuffix
olcSuffix: dc=nhatnghe,dc=com
Phien Ban Thu- Nghiim - LtrU Hanh Nqi Bq 167

TRUNG TAM :E>AO T�O M�G MAY TINHNHA.T NG11¥
J,,1,:L"'ll,e/C'
"'/,rJ; DOI TAC D.AO T.�O CUA MICROSOFT T*1 VItT NAM
_. _ 105 Ba Huy�n Thanh Quan, Q3, TP. HCM lllliaosott' Partner
NHAT NGH�
changetype: modify
replace: olcRootDN
olcRootDN: cn=Manager,dc=nhatnghe,dc=com

changetype: modify
add: olcRootPW
olcRootPW: {SSHA} uiC/LVWne0riCdHWldL5UJ4EIXPdvl 1 x

changetype: modify
add: olcAccess
olcAccess: {0} to attrs=userPassword,shadowLastChange by
dn="cn=Manager,dc=nhatnghe,dc=com" write by anonymous auth by self write by*
none
olcAccess: { 1 }to dn.base="" by* read
olcAccess: {2}to * by dn="cn=Manager,dc=nhatngre,dc=com" write by* read
Imp(?rt file chdomain.ldif
# ldapmodify-Y EXTERNAL-H ldapi:///-fchdomain.ldif

SASL username: gidNumber=O+uidNumber=O,cn=peercred,cn=external,cn=auth
SASL SSF: 0
modifying entry "olcDatabase= {1 }monitor,cn=config"
modifying entry "olcDatabase= {2} hdb,cn=config"

ldap_modify: Inappropriate matching (18)
additional info: modify/add: olcRootPW: no equality matching rule
T�o file basedomain.ldifva import
#vi basedomain.ldif
dn: dc=nhatnghe,dc=com
objectClass: top
objectClass: dcObject
objectclass: organization
o: Server World
de: nhatnghe
dn: cn=Manager,dc=nhatnghe,dc=com
objectClass: organizationalRole
en: Manager
description: Directory Manager
dn: ou= People,dc=nhatnghe,dc=com

TRUNG TMI :E>AO T,:\.O M,:\.NG MAY TiNHNIL\TNGHt
-"�..'TleJ";
"'fffl:'J: D6I TAC DAO T�O CUA MICROSOFT T�I V�T NAM
NHATNGHE
.., A 105 Ba Huy�n Thanh Quan, Q3, TP. HCM lfrlCIOSOtt·Partner
. · Tel: 39.322. 734 - 39.322. 735 - Website: www.nhatnghe.com G<>id Leaming
objectClass: organizationalUnit
ou: People
dn: ou=Group,dc=nhatnghe,dc=com
objectClass: organizationalUnit
ou: Group
# ldapadd-x -D cn=Manager,dc=nhatnghe,dc=com-W -fbasedomain.Jdif

Enter LDAP Password:
adding new entry "dc=nhatnghe,dc=com"
adding new entry "cn=Manager,dc=nhatnghe,dc=com"
adding new entry "ou=People,dc=nhatnghe,dc=com"
adding new entry "ou=Group,dc=nhatnghe,dc=com"
-Tljl.O tai khoan user
Tljlo password ma h6a

[root@mayl Desktop]# slappasswd
New password: 123
{ SSHA} 1yQiDbcHheBGp WXzPe7tHn77SHd9nn3k
# vi ldapuserl .ldif
dn: uid=cent,ou=People,dc=nhatnghe,dc=com
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: shadowAccount
en: Cent
sn: Linux
userPassword: {SSHA} 1yQ/DbcHheBGpWXzPe7tHn77SHd9nn3k
loginShell: /bin/bash
uidNumber: 1000
gidNumber: 1000
homeDirectory: /home/cent
dn: ·cn=cent,ou=Group,dc=nhatnghe,dc=com
objectClass: posixGroup
en: Cent
gidNumber: 1000
memberUid: cent
Ti€n hanh import

# ldapadd -x -D cn=Manager,dc=nhatnghe,dc=com -W -fldapuserl .ldif
Enter LDAP Password:
adding new entry "uid=cent,ou=People,dc=nhatnghe,dc=com"
adding new entry "cn=cent,ou=Group,dc=nhatnghe,dc=com"
Phien Ban Thir Nghifm - Lll'll Hanh Nqi Bq 169

Men,
,.,
TRUNG TAM DAO T�O M�G MAY TiNHNHAT NGffl
B6I TAC BAO T�O CUA MICROSOFT T� \lq:T NAM
� I 05 Ba Huyen Thanh Quan, Q3, TP. HCM . Microsoft' Partner
�,� - ..
NHATNGHE . . "5,)i:� Leaming
· Tel: 39.322.734 - 39.322.735 - Website: www.nhatnghe.com
S11 d\Jng tool ldapadmin
Ti;,.o connection voi cac thong tin nhu sau:
Comedion name: 192.168.1.101/dc-matnghe.dc-com
I General �ALM!�------------�
I·-:-...-
j Coniection:
l Host 192168.1.101·----Port 389 Vei*n I 3 v>··• .;o::j
' [•..• felcl, DNA . .,.,
. . . . . ...
I
Accounl
·-·---.----. ---·---·---·---·-·---····-·---·-·-·------. ---·-----.. -.!

l
11
( OK
Cllu true ldap server
� lDAPAdmin
ii ----'
�rt ·,........,Edit
..... . ..�ew
.....,.;�;,Iools 1
.s.·;· .... ••. ,· ·,' '" ,"" '" ',, .... ·· . ........ ... . ...... . ''," ' . ..... ,, ....... ...
I tf1. � I Li -� X t;; [ 0 'sd [� 111 I IE

(::j:.�
0:1· · ou=Group
Jr Att;;w� . . Vu
. L.. jj, en-cent i
I de
jo
matnghe
Seivec World
$lf�
! objectClass top
! objeclOass dcObject
I obiec\Qa:: o,ganization
i
l� f...
cn-Mana,Jei
2. Ciu hinh ldap client

Cai cac goi sau:
0penldap-cfa:iits-2.4.39-6.c17.x86_64.11-'"'
nscd-2.17-78.el7.x86_64.rpm
no Phien Bin Thfr Nghifm - LtrU Hanh Nqi Bq

Jt.t1�eJC,
"ffflf'J:
TRUN9 T� BAO T�� M�NG MAY TINHN1IA!NGB¥
D6I TAC DAO T�O CUA MICROSOFT T� vq;T NAM
::�I,
� ....
...,
NHATNGHE
_ 105 Ba Huyen Thanh Quan, Q3, TP. HCM
MICIOSOff·Pa rtner
· Tel: 39.322.734 Go1d Learning
nss-pam-ldapd-0.8. l 3-8.el7.x86_64.rpm
# vi /etc/sysconfig/authconfig
Dong 9: FORCELEGACY=yes
#reboot
#setup
# vi /etc/pam.d/system-auth (co th� ho qua)
Them dong sau n�u mu6n t?o home directory cho user tr�n may client khi user login
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!�P�h�ie� n!!!!!!B�a �n �T�h�fr� N!!!!!! h� i��m�-!!!!!!L�lfll!!!!!!H� a� �n h� N � !!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!�l?l

!!!!!! iB
g 9 9
TRUNG TAM :E>Ao T�o M�NG MAY TiNH NIIAT NGffl:
-,..J:.'Jlen-
""lflr'l: D6I TAC DAO T�O CUA MICROSOFT T� �T NAM ��
,., _ 105 Ba Huy�n Thanh Quan, Q3, TP. HCM Miclosoff'Partner
NHAT NGH� Tel: 39.322.734 - 39.322.735- Website: www.nhatn he.com ".c;oi:1 Leaming
session optional pam_mkhomedir.so skel=/etc/skel umask=077

Kiem tra
[root@may2 Desktop]# su - ngoc
Creating directory '/home/ngoc'.
Last login: Wed Jun 3 04:1 6:20 EDT 201 5 on pts/0
Last failed login: Wed Jun 3 04:26:00 EDT 201 5 from :0 on :0
There were 5 failed login attempts since the last successful login.
Attempting to create directory /home/ngoc/perl5
[ngoc@may2 -]$11 /home/
total 12
drwx------ 6 cent ul 4096 Jun 3 04:25 cent
drwx------ 6 ngoc nfsnobody 4096 Jun· 3 04:31 ngoc
drwx------. 6 cent u l 4096 Jun 3 04:1 2 u l
112 Phien Ban Thir Nghifm - L1111 Hanh Nqi B9

.AAL-.,e/ft
7,rJ;
TRUNGTAM oAo T.-:\O M�NG MAY TiNHNHA.TNGHt:
1>61 TA.C l>.AO T�O CUA MICROSOFT T�I VIt;TNAM --::�I�
"'1···
NHATNGHE· Tel: 39.322.734 - 39.322.735 - Website: www.nhatnghe.com
.., A
Mictosoft·Pa rtner
Goid Learning
Topic 13: Domain Name Server

Basic DNS server configuration
Create and maintain DNS zones
Securing a DNS server
Installing A Bind9 Master/Slave DNS System
Phiin Ban Thu Nghifm - LU'U Hanh Nqi Bq 173

TRUNG TA.M DAO T�.O M�G MAY TINHNHA.T NGHt;
..A.l'.."lle'C'
7,rJ; B6I TA.C BAO T�O CUA MICROSOFT T�I Vlt:T NAM
,., � I 05 Ba Huyen Thanh Quan, Q3, TP. HCM Miclosoft" Partner
NHAT NGH� Tel: 39.322.734 - 39.322.735- Website: www.nhatn he.com <;;:.)i:i Leaming
Domain Name Server

DNS la dich v1,1 phan giai ten mien thanh IP va ngugc l�i.
C6 3 Io�i Name Server: Primary Name Server, Secondary Name Server, Caching Name Server
1. Cai dJt va ciu hinh dos CO' bin

b I. cai cac g6i sau:
# rpm -ivh /media/Packages/bind-9.9.4-18.el7.x86_64.rpm
# rpm -ivh /media/Packageslbind-chroot-9.9.4-18.el7.x86_64.rpm
b2. chep cac file ciu hinh

. named.conf vao thu m1,1c /var/named/chroot/etc/
. cac file: 0.0.127.in-addr.arpa.db
localhost.db
named.root
1.168.192.in-addr.arpa.db named.conf
nhatnghe.db
vao thu m1,1c /var/named/chroot/var/named
b3. du hinh file /var/named/chroot/etc/named.conf

[root@localhost -]# vf /var/named/chroot/etc/named.conf
options {
allow-transfer {none;};
directory "/var/named";
query-source port 53;
query-source-v6 port 53;
dump-file "var/named/data/cache_dump.db";
statistics-file "var/named/data/named_stats.txt";
memstatistics-file "var/narried/data/named _mem_stats.txt";
notify yes;
};
zone "." IN {
type hint;
file "named.root";
};
zone "nhatnghel.com" IN {
type master;
file "nhatnghe.db";
};
zone "localhost" IN {
type master;
file "localhost.db";
};
7nnP "fl fl 1 "')7····
-·----· in-<>rlrlr
---··-·<>1"1"\<> 11
- ·· 11'1· [t
r
,----� type master;
114 Phien Bin Thir Nghifm - L11U Hanh Ncji B9

..AAL...,,e,t,
"ffflf'X
TRUNG TA.M flAO T�O M�G MAY TiNHNHAT NGH:E;
D6I TAC DAO T�O CUA MICROSOFT T� V}l:T NAM
-:�I�
"\!m
I 05 Ba Huyen Thanh Quan, Q3, TP. HCM MICl'OSOft·Partner
., A
GGi<i Leaming
file "0.0.127.in-addr.arpa.db";
};
zone "12.168.192.in-addr.arpa" {
type master;
};
b4. Cftu hinh file /var/named/chroot/var/named/nhatnghe.db

[root@localhost -]# vi /var/named/chroot/var/named/nhatnghe.db
$TTL 86400
@ TN SOA serverl.nhatnghel.com. root (
42 ;serial (d. adams)
3H ;refresh
ISM ;retry
IW ;expiry
ID) ;m1mmum
IN NS serverl.nhatnghel.com.
TN A · 192.168.12.101
serverl IN A 192.168.12.101
WWW IN CNAME . server]
mail IN CNAME serverl
ftp IN CNAME serverl
b5. cftu hinh file /var/named/chro�t/var/named/1.168.192.in-addr.arpa.db

[root@localhost -]# vi /var/named/chroot/var/named/1.168.192.in-addr.arpa.db
$TTL 86400
@ IN SOA serverl .nhatnghe I .com. root. (
3;serial
28800;refresh
7200;retry
604800;expire
86400;ttk
)
@ IN NS serverl.nhatnghel.com.
101 TN PTR serverl.nhatnghel.com.
b6. cftu hinh file /etc/resolv.conf

[root@localhost -]# vi /etc/resolv.conf
nameserver 192.168.12.101
Ho�c
# vi /etc/sysconfig/network-scripts/ifcfg-eno 16777736
DNS1=192.168.1.101
#systemctl restart network
b7. Khoi d(>ng named
Phien Ban Thir Nghifm - LtrU Hanh Nqi Bq 175

Me,i-
,.,
TRUNG TAM oAo T�O M�G MAY TiNH NHAT NGH¥
B6I TAC BAO T�O CUA MICROSOFI' T�I VJ¥T NAM
_ 105 Ba Huy�n Thanh Quan, Q3, TP. HCM IWiclosolt' Partner
NHAT NGHe Tel: 39.322.734 - 39.322.735- Website: www.nhatnghe.com
# /usr/libexec/setup-named-chroot.sh /var/named/chroot on
# systemctl stop named
# systemctl disable named
#systemctl start named-chroot
# systemctl enable named-chroot
88. ki€m tra

T�i may windows chi dns v� may linux 192.168.1.101 , SU dl,lilg dns d€ phan giai ten
C:\>nslookup
Default Server: server1.nhatngheI.com
Address: 192.168.1.101
> www.nhatngheI.com
· Server: serverl .nhatngheI.com
Address: 192.168.1.101
Name: server1.nhatngheI.com
Address: 192.168.1.101
Aliases: www.nhatngheI.com
> vnexpress.net
Server: server1.nhatngheI.com
Address: 192.168.1.101
Non-authoritative answer:
Name: vnexpress.net
Address: 111.65.248.132
> 192.168.1.101
Server: server1.nhatngheI.com
Address: 192.168.1.101
Name: server 1.nhatngheI.com

Address: 192.168.1.101
2. Ciu hinh dos phin giai ten cho web

Mo hinh 2 may
Linux: dns server
Windows 2k3: web, mail server (Mdaemon)
B 1. cai va cAu hinh dns nhu ph!n 1, sira file sau:
$TTL 86400
$TTL 86400
@ 1N SOA serverl.nhatnghel.com. root (
42 ; serial (d. adams)
3H ; refresh
15M ; retry
1W ; expiry
1n\ • ._.., �"" 1 T"i!"" 1 ,.......,
' .tli.&1.i.1..1..1.tYJ.1..l
J
,i..t...,'
INNS serverI.nhatngheI.com.
1)6 Phien Ban Thir Nghifrn � Ltru Hanh N{H B{,

"'/,r'J;
TRUNGTAM DAOT�O M�NG MAY TINHNHAT NGH.f:
JutI."'11,e,,r,
D6I TAC DAO T�O CUA MICROSOFf T�I \'Jl:T NAM ::ill�
�"
NHATNGHE
.., 105 Ba Huyen
A . Thanh Quan,
. Q3, TP. HCM
.
Microsoft· Partner
. • Tel: 39.322. 734 - 39.322. 735 - Website: www.nhatnghe.com Goid Leaming
IN A 192.168.1.1
server! IN A 192.168.1.101
win2k3 IN A 192.168.1.1
WWW IN CNAME win2k3
mail IN CNAME serverl
ftp IN CNAME serverl
B2. Khoi d<}ng li;ti named
#systemctl restart named-chroot
B3. May windows thir ping ki�m tra ip tra v�
C:\>ping nhatnghe I .com
Pinging nhat.ngheI.com [192.168.12.1] with 32 bytes of data:
Reply from 192.168.1.1: bytes=32 time<l ms TTL =128

Reply from 192.168.1.1: bytes=32 time<l ms TTL=128
Ping statistics for 192.168.1.1:

Pa,ckets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in mi Iii-seconds:
Minimum = Oms, Maximum = Oms, Average = Oms
C:\>pirig www.nhatngheI.com
Pinging win2k3 .nhatngheI.com [192.168.1.1] with 32 bytes of data:

Reply from 192.168.1.1: bytes=32 time<] ms TTL=128
Ping statistics for 192.168.12.1:

Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = Oms, Maximum = Oms, Average = Oms
84. cai IIS

Control panel, add/remove program, application server, ch;m IIS
Phien Ban Thir Nghi�m - LllU Hanh Nqi Bq 177

TRUNG TM1 DAO T�O M�G MAY TINHNHATNG8¥
�,.J'..."Jle'C' B6I TAC :DAO T.;,O CUA MICROSOFf T.;.I �T NAM
7111::J:.
,., _ · 105 Ba Huyen Thanh Quan, Q3, TP. HCM Mic,osolt-Partner
NHATNGHE . ",;ok� Leaming
· Tel: 39.322. 734 - 39.322.735 - Website: www.nhatnghe.com
Chep nc)i dung trang web vao C:\lnetpub\wwwroot
85. cAu hinh HS

- Delete web site default
•
- Web site, new, web site, next
Nh�n thdng tin mo ta cho web Web s,te Creatmn Wizard • · ,, : % , II . " ,
site, next Web Site Desciption
De:cribe the Web s�e lo help administrators identify it. .
•
'
1 ;g Phien Ban Thir Nghifm - LtrU Hanh Nqi Bq

rfflr'l:
TRUNG TAM E>AO T�O M�NG MAY TiNHNH.AT NGB:¥
.AA.J'..'1le"' BOI TAC B.AO T�O CUA MICROSOFT T� VItT NAM :<Gil�
� .,
.
., A I 05 Ba Huyen Thanh Quan, Q3, TP. HCM
AficlOsoft·Pa rtner
G<iici Learning
Nh�p chinh xac host header
Chi duong d�n den nm chua

web Web Site Home Directory
The heme cfrectoly is the root of your Web content subdirectories.
Enter the path to your home directory.
i. Pa1n: > .·
. �:\lne�b\ww�oot B1owse...
. : · ·: ·. ' . '
P' �iow anonymous � to this Web sfte
< .!tack Ir . . Next)___lj C.ir,cel
Next va finish
Web Site Creation Wizard er ' '\) ,1it·
Set the ac=
Web Sile Access Permiuions
permistions for this Web site.

..,.,,.J",."'Jle,i,
7fflf'J:
TRUNG TAM DAO T.e,.O M.e,.NG MAY TiNHNlL\.T NGHf:
:061 TAC :DAO T�O CUA MICROSOFT T�I VJlT NAM � ..
,� "¥
,., _ 105 Ba Huy�n Thanh Quan, Q3, TP. HCM Micl'osoft· Partner
NHAT NGH� Tei: 39.322.734 - 39.322.735- Website: www.nhatn he.com .-_.;,.,i:l laaming
tll!IIDIAl·!llll I! Ifi El T'illilliilll+tili��i;1�1��f��§�J}�

. Dw�t;y �urity' , l · Hrrr1He�i · · 1 · · ·. C�st�·Errors I ASP.NET I
' Web Site I Performance. I ISAPI Filter's ,. j Htime Directory Documents .
..,j . Internet Info
Li'itil PC01 (loc
$ 0 Appli(.
�<.)Web
Default. htm
Default, asp Agd, .. • . I
Lo Web
t£Qn. index.htm
. B,ernovo I
Q.efault content page:
jhome.ht�
b
186 Phien Bin Thfr Nghi�m - LU'U Hanh N9i B9

Men,
,.,
TRUNG TAM DAO T�O M�NG MAY TiNHNHAT NGH¥
DOI TAC BAO T�O ciJA MICROSOFT T�I V:Q:T NAM
� 105 Ba Huyen Thanh Quan, Q3, TP. HCM Aficrosoft·Partner
":<ttli..
-.., ..,

. -. 39.322.735 - Website: www.nhatnghe.com Go;,; Learning
____
Search Music Online
...__ __, Go>>
Advanced Search I search Tips
Musi:: Catagories
r"."4'.."'i-·:1111! Even more websites all abou1
3. Ciu hinh dns phan giai ten cho mail

Mo hinh2 may
Linux: dns server
Windows 2k3: web, mail server (Mdaemon)
81. May win2k3: cai mdeamon
Ch�y file setup cai d�t, � MDaernon Server InstatlatiOn ' �� ";;..t:,c:£,1� 1 -
next ....nest
Phien Ban Thir Nghifm - Llfll Hanh N{,i Bq 181

TRUNG TAM DAO T�O M�NG MAY TiNH NHA.T NGB¥
_...J'..'1t :4i},.
rf,r'I; eft, D6I TAC DAO T�O CUA MICROSOFT T� VJ¥T NAM �·�
----- 105 Ba Huyen Thanh Quan, Q3, TP. HCM Miclosolt' Partner
NHAT NGHe Tel: 39.322.734 - 39.322.735 - Website: www.nhatn he.com {;;<>i:l Leaming
�p ten domain
T,o mail box dau tien
�, ,.<>:., :;�,,_-�.;}\:S):�\:�Jt
-•_-· . .•
i'?f\�:::-.will��l''��-t?t'r�;t••�s,
T
�. tThii �
/F;;.�t�F;anki�...i:
. .. v . , •• '
-
$el up_ wit.Ii _the RFC 1�q,.s!id 'P'?'tmast"!'
·:: jadmin_• ·
I�
,<:: '" '
Maibci (� �rank . donH,cude a tbnai, �)

-
P;_,;d (� SWOl!lf,sh: no spa�) ;_"---, --
Ir-
Use upper and Iowa ca.se lettei� ar.d nuni,ers in .YOA pastwo1d. Also, ire pa
must be_bel� 6 arid 12 characteisin ·length· po not },elude the mailbox or
· .name-as part ol the password
F This ..,;.,:..X is � adrrinistr:.ior . r..n cori',guration acce•• is gr""ted .
Nh�p dns, 1p cua may

Iinux
Please Set Up Your J)NS
If you want to uie specific DNS serve,; you can conligure here. Olhe them
MOaemoncan u•e theONS setting,.already present.in Windows.
f. Use\if!l'ldows DNS :ieltings

P!imat.v QNs 1PAddtess
lid Phien Ban Thir Nghifm - Llru Hanh Nqi B9

· �'71,eft, TRUNG TAM DAO T�O M�G MAY TINH NHA.T NG:nt:
r/,rx DOI TAC BAO T�O CUA MICROSOFT T� VI'T NAM
--
N HA..,T_N_G_H-•�
105 Ba Huy�n Thanh Quan, Q3, TP. �CM MiclO.soft· Partner
Tel: 39.322.734 - 39.322.735- Website: www.nhatnghe.com Go!ci Learning
Next,next, finish
Account, acount setting,

ho chQn require strong
password
T�o mailbox u 1
rA,:CQITT ···-, -�···:c . ..
r-:---�-----
:�=d ___
. · - .,_,_
I F«t«>dlas!.....
@lrl\a!ng,o1.com - ..:.I
r
>·Web A«es:. ·1_. Tri,ao:�WM c.i�tdon: <tri .�
l·
·-
: Auto•RP.-sp(lt"ider TM ace� w.as la.1.&ecetcad on: <1.A'i:�
! lMAPFi:ers
0,-,,ic�<i<ab!ed
• "IJlK'I'
:-- Shared Md•"
:-- s,g,.o,.
82. Ciu hinh out look express cho ul
Phien Ban Thfr Nghifm - Llfll Hanh N9i B9 183

7ffl:X
TRUNG TAM DAO T�O M�G MAY TINHNHA.T NGH¥
�A1'1te,t,
B6I TAC DAO T�O ciJA MICROSOFT T� VJl:T NAM � ,�
.rlCIOSOlf· Partner
..
·�
,., � 105 Ba Huy�n Thanh Quan, Q3, TP. HCM

NHATNGHE• Tel: 39.322.734 - 39.322.735- Website: www.nhatn he.com �.;;t:,.i:l Leaming
Nh�p ten ul
Nh�p dja chi mail
NMp thong so cho incoming, Internet Corme:dmn Wudro ; �;/� • t
outgoing, next, nMp password

cho u 1, finish
..:J ...ver.
184 Phien Bin Thtr Nghifm - LllU Hanh N{H Bcj

-1�
,,.
TRUNG TAM oAo TAO MANG MAy TINH NHAT NGHE
D6I TAC DAO T�O CUA MICROSOFT T�ivit:T NAM
� 105 Ba Huyen Thanh Quan, Q3, TP. HCM Aficmsoft·Pa rtner
NHATNGHE .
· Tel: 39.322. 734 - 39.322.735 - Website: www.nhatnghe.com Goid Leaming
Nhan send/receive, bao loi do

khong phan giai dug cac record:
pop.nhatnghe I .com
smtp.nhatnghe I .com
83. du hinh dns
$TTL. 86400
$TTL 86400
@ IN SOA server1.nhatnghe I .com. root (
42 ; serial (d. adall'!s)
3H ; refresh
15M ; retry
1W ; expiry
ID) ; mm1mum
IN NS · server1.nhatnghe I .com.
IN MX 10 win2k3.nhatnghe I .com.
IN A 192.168.1.1
serverl IN A 192.168.1.101
win2k3 IN A 192.168.1.1
WWW IN CNAME win2k3
. pop IN CNAME win2k3
smtp IN CNAME win2k3
Khoi dc;mg l�i named

#systemctl restart named-chroot
B4. ki�m tra
Phien Bin Thir Nghifm - Lll'll Hanh Nqi Bq 185

1fil�
TRUNGTAM DAO T�O.M�G MAY TINHNHATNGKf;
DOI TAC DA.0 T�O CUA MICROSOFT T�I Vlf;TNAM ��
,� -
I 05 Ba Huy�n Thanh Quan, Q3, TP. HCM aTICIOSO#t' Partner
U 1 n, gm mail cho minh
kiemtramaq
·.·<:-. . ·. .
Nhan send/receive, nh�n dugc .Folder$...
S�Loc41-,
�-Exp,...
-·-
mail
/J.';;"i'&iir-��
' � W>o,i
; © Ol.tbox
:. �
G
; ·· ·Deleted Items (l)
·-�C>alts
:.. �,.cwn:·.: �1 · .. '. . · .·_ >··\. ·.

·o��
..--
��·u;�1i1�;4e·� �: ·..
To: ... • .·.· �ul�l.com:
: 5ubjert:: \test:'
kiemtra maii
Froo
SUb
14
There are no W't:act!: to aspar. Gd

on i:ooi:«ts to create a new contact.
4. Ciu hinh forwarder

Chuy�n ti�p cac truy vAn Jen quan d�n ten mi�n nhatnghe2.com sang cho may dns 192.168.12.102
. [root@localhost -1# vi /var/named/chroot/etc/named.conf

zone "." IN {
type hint;
file "named.root";
};
zone "nhatnghe I.com" IN {.
type master;
file "nhatnghe.db";
};
zone "nhatnghe2.com" [N {
type forward;
foewaders {192.168.1.102;};
Phien Ban Thii' Nghifm - Llru Hanh Nqi Bq

....J"..'1!e,f,
"'f,r'J;
TRUNG TA.M DAO T�O M�G MAY TiNHNIIAT NGHl
B6I TAC BAO T�O CUA MICROSOFT T�I VIlT NAM -:�1'i-
"'1,,
- -.--- I 05 Ba Huyen Thanh Quan, Q3, TP. HCM Aficrosoft·Pa rtner
N� T NGH • E Tel: 39.322. 734 - 39.322.735 - Website: www.nhatnghe.com Go;,; Learning
};
S. Xiy dpg mo hinh DNS Master- Slave

S.t may Master dns
B 1. cai cac g6i sau'
# rpm -ivh /media/Packagesl1,ind-9.9.4-18.el7.x86_64.rpm
# rpm -ivh /media/Packages11,ind�chroot-9.9.4-l 8.el7 .x86-64.rpm
82. chep cac file <:Au hinh tir thu mvc masterdns
. named.conf vao thu m\lc /var/named/chroot/etc/
. cac file con l�i vao thu m\lc /var/named/chroot/var/named
b3. du Jtlnh file /var/named/chroot/etc/named.conf

# vi /var/named/chroot/etc/named.conf
options {
directory "/var/named";
query-source port 53;
query"'.source-v6 port 53;
memstatistics-file "var/named/data/named_mem_stats.txt";
notify yes;
};
zone "." IN {
type hint;
file "named.root";
};
zone "nhatnghe I .com" IN {

type master;
file "nhatnghe.db";
allow-update { 192.168.1 :o/24;};
allow-transfer { 192.168.1.102;};
};
type master;
};
zone "0.0.127.in-addr.arpa" IN {
type master;
};
zone "12168.192.in-addr.arpa" {
type master;
Phien Ban Thfr Nghifm - Ltru Hanh N9i B9 187

Me"' ,.,
TRUNGTAA1 E>J\OTAOMANG MAYTiNHNHA.TNGHE
D6I TAC DAO T�O CUA MICROSOFT T� VJl;TNAM
A
Mic#osolt' Partner
g
allow-update {192.168.1.0/24;};
allow-transfer {192.168.1.102;};
};
[root@localhost-]# vi /var/named/chroot/var/named/nhatnghe.db
$TTL 86400
@ IN SOA serverl.nhatnghel .com. root (
42 ; serial (d. adams) ·
3H ; refresh
15M ; retry
lW ; expiry
ID) ; minimum
INNS serverl .nhatnghe I .com.
INNS server2.nhatnghe I .com.
INMX 10 server l .nhatnghe I .com
IN A 192.168.1.101
server! IN A 192.168.1.101
server2 IN A 192.168.1.102
WWW INCNAME server!
mail INCNAME server I
ftp INCNAME serverl
pct IN A 192.168.1.10
[root@localhost-]# vi /var/named/chroot/var/named/i .168.192.i�addr.arpa.db
$TTL 86400.
@ IN SOA server I .nhatnghe I .com. root. (
3 ; serial
28800 ; refresh ·
7200 ; retry
604800 ; expire
86400 ; ttk
)
@ IN NS server1.nhatnghe I .com.
IN NS server2.nhatnghe I .com.
101 IN PTR server1.nhatnghe I .com.
102 IN PTR server2.nhatnghe1.com.
Khoi d9ng named

5.2 may Slave dns

B 1. cai cac g6i sau
[rn.:.t@1oca1h.:..st ·-]# 1piii -i·vh /r.i.edia/Packagc.s/biiid-9.7.3-8.P3.e16.i686..-pm
[root@localhost-]# rpm -ivh /media/Packages/bind-chroot-9.7.3-8.P3.el6.i686.rpm
Us8 Phien Ban Thir Nghifm - Ltru Hanh N{H B{,

M�
TRUNG TAM f>AO Te,.O Me,.NG MAY TINH NBAT NG�
DOI TAC DAO T�O CUA MICROSOFT T� Vit;T NAM �� m
, ,� ,. I 05. Ba Huyen
NMATNGHc .
Thanh Quan, Q3, TP. HCM Microsoft·Partner
• Tel: 39.322.734 - 39.322.735- Website: www.nhatnghe.com Goict Leaming
B2. chep cac file d.u hinh tir thu m\Jc slavedns
. named.conf vao thu m\lc /var/named/chroot/etc/
. cac file con l{l.i vao thu m1,1c /var/named/chroot/var/named
b3. cAu hinh file /var/named/chroot/etc/named.conf

[root@localhost-]# vi /var/named/chroot/etc/named.conf
options {
forwarders { 192.168.1.1;10.0.0.1; };
directory "/var/named"; query-source port 53;
query-source-v6 port 53;
memstatistics-file "var/named/data/named_mem_stats.txt";
notify yes;
};
zone "." IN {
type hint;
file "named.root";
};
zone "nhatnghe I .com" IN {
type sf.ave;
file "backup.nhatnghe.db";
masters { 192.168.12.101 ;};
,.} ;
type master;
};
zone "0.0.127.in-addr.arpa" IN {
type master;
};
Gan quy€n cho named

[root@Jocalhost named]# chown -R named /var/named/chroot/
[root@Jocalhost named]# chmod -R 775 /var/named/chroot/var/named/
Ki€m tra cac file du li�u hi�n c6
[root@Jocalhost named]# II
-rwxrwxr-x 1 named root 435 Oct 17 2009 0.0.127.in-addr.arpa.db
-rwxrwxr-x 1 named root 71 May 19 2011 dns.txt
-rwxrwxr-x 1 named root 183 Oct 17 2009 Jocalhost.db
-rwxrwxr-x 1 named root 2518 Mar 14 2009 named.root
Phien Ban Thii' Nghifm - Lll'II Hanh Nqi B9 189

TRUNG TJ\M DAO T�O M�G MAY TiNHNHAT NGH¥
..A1"1le,&, � ..
B6I TAC BAO T�O CUA MICROSOFT T� vq;T NAM ,�
· �/fr'1:
· · ·�
• 105 Ba Huy�n Thanh Quan, Q3, TP. HCM Mic:losoft'Partner

NHAT NGH� Tel: 39.322.734 - 39.322.735 - Website: www.nhatn he.com
g
Khoo d{>ng named

Ki8m tra cac file du da d6ng b9
[root@localhost named]# II
-rwxrwxr-x 1 named root 435 Oct 17 2009 0.0.127.in-addr.arpa.db
-rw-r.;.-r-- 1 named named 354 May 10 11: 16 1.168. l 92backup.in-addr.arpa.db .
-rwxrwxr-x 1 named root 71 May 19 2011 dns.txt
-rw-r--r-- 1 named named 546 May 10 11 : 16 hcmbackup.nhatnghe.db
-rwxrwxr-x 1 named root 183 Oct 17 2009 localhost.db
-rwxrwxr-x 1 named root 2518 Mar 14 2009 named.root
5.3 Dynamic Update client
B1. May master dos

# chown -R named /var/named/chroot/
# chmod -R 775 /var/named/chroot/var/named/
B2. Ma win2k3:
chi dns ve may 1,2
·G�all
voo can oet IP sett� assiQned iiutoM�a� r � �etwork �ports ...·
this capabity. Otherwise, you need to � )'OU' network
.
administrato(..
. for the appropriate II' settings. : . ... . ..
f � an IP �ess' �t�ly .· .
. r:::::�� addr��; :��-�:�-----�,
: ·1,ss . zs�.�. o....

-;
1�etm�. -·.····· I
��11fi�g�\:�� .g�_1; ·.
. � gateway: . . . ' . ··. j 192 ,168 ..1� . 200 • . !
2
1�0 Phien Ban Thu- Nghifm - Lll'll Hanh Nqi Bq

,.,..1'..'1!.�
"fffl:X
TRUNG T.A.M DAO T�O M�NG MAY TINHNHA.TNG�
B6I TAC BAO T�O CUA MICROSOFT T�I Vll:T NAM ":�1/� '\l,,,
., � 105 Ba Huyen Thanh Quan, Q3, TP. HCM Microsoft·Pa rtner
NHAT NGHe Tel: 39.322.i34 - 39.322.735-Website: www.nhatnghe.com Go!d Leaming
Nh�p dos suffix: nhatnghe I .com.

reboot
· · OK • Canci!I J· [;ppiv · I
B3. May master dns kiSm tra
[root@localhost named]# systemctl restart named-chroot
Quan sat cac record trong file nhatnghe.db
Phien Ban Thii' Nghifm '.""" LU'U Hanh Nqi Bq 191

TRUN9 TA� DAO T�q M�G MAY TiNH NIIA! NGIIl:
,.,..J'.,.']left,
"f,r); D6I TAC DAO T�O CUA MICROSOFT T� VJ¥T NAM
llllk:losolt' Partner
��·- ..
-.,---- 105 Ba Huy�n Thanh Quan, Q3, TP. HCM
NHATNGHE <'..:.i::-i:l Leaming
- · Tel: 39.322.734 - 39.322.735- Website: www.nhatnghe.com
Topic 14: Web Services

Implementing a web server
Maintaining a web server
E-Mail Log Analysis
Web: PHP Mysql
We_b hosting
Web Log Analysis
Backup restore website
192 Phien Ban Thu Nghifm - Ltru Hanh Nqi B9

Me,i.
· TRUNG TAM DAO T�O M�G MAY TINH NHA..T NGHf:
DOI TAC BAO T�O CUA MICROSOFT T�I Vll:T NAM
-:�I�
'1,·,
105 Ba Huy�n Thanh Quan, Q3, TP. HCM Aficrosoft·Partner·
NHAT NGH� Tel: 39.322.734 - 39.322.735 - Website: www.nhatnghe.com G1.;id Leaming
Implementing a web server

1. Cai ctJt Apache
Apache ]a m{>t phfut m€m Web Server co nhi€u tinh nang nhu sau:
- H6 trg ddy du nhilng giao thuc HTTP tnrac day nhu HTTP/1.1.
- Co th8 �du hinh va ma r9ng v6i nhilng module cua con� ty thu ba.
- Cung cap source code day du v6i license khong h�n che.
- Ch�y dugc tren nhi€u HDH nhu Win 9x, Netware 5.x, OS/2, Unix, Linux
Cai cac g6i sau:
mai1cap-2. l .4 l -2.el7.noarch.rpm
httpd-tools-2.4.6-3 l .e17.centos.x86_64.rpm
httpd-2.4.6-3 l .el7.centos.x86_64.rpm
Ki8m tra Apache da dugc cai d�t tren h� th6ng:
. [root@Jocalhost -]# rpm -qa httpd
httpd-2.4.6-3 l .el7.centos.x86 64
[root@localhost-]# rpm -qi httpd
Name : httpd
Version : 2.4.6
Release : 3 l.el7.centos
Architecture: x86 64
lnsta]] Date: Sun 10 May 2015 11 :23:39 AM EDr
Group : System Environment/Daemons
Size :9810046
License : ASL 2.0
Signature : RSNSHA256, Sat 14 Mar �015 03:55:03 AM EDT, Key ID
24c6a8a7f4a80eb5
Source RPM : httpd-2.4.6-31.el7.centos.src.rpm
Build Date : Thu 12 Mar 2015 11:09:17 AM EDT
Build Host :worker] .bsys.centos.org
Relocations : (not relocatable)
Packager : CentOS BuildSystem <http://bugs.centos.org>
Vendor : CentOS
URL : http://httpd.apache.org/
Summary : Apache HTTP Server
Description
The Apa�he HTTP Server is a powerful, efficient, and extensible
web server.
2. Ciu hinh Apache Web Server

2.1. Ciu hinh web site
- Sira file cdu hinh httpd.conf nhu sau:
# vi /etc/httpd/conflhttpd.conf
31 ServerRoot "/etc/httpd" # Vj tri cai d�t Apache
42 Listen 80 # L�ng nghe tren port 80
86 ServerAdmin root@localhost # Email cua nguoi quan trj
95 ServerName www.nhatnghe l .com:80 # Khai bao dja chi URL
119 DocumentRoot "/var/www/html" # Thu mvc g6c cua web server
131 <Directory "/var/www/html">
Phieli Bin Thfr Nghi�m - LU'U Hanh N{H Bq 193

TRUNG TAM DAO T�OM�G MAY TiNHNIIATNGIQ:
.-.A1°1ttn,
"/fllf"X 001 TAC BAO T�O CUA MICROSOFf T� vq;T NAM
A
Microsoft· Partner
NHAT NGHI;
.,
157 </Directory>
164 Directorylndex index.html # T�p tin m�c dinh khi ch�y website
- Start httpd daemon:

# systemctl start httpd
# systemctl enable httpd
- T�i client, truy c�p web site
IJeeniQstalled; If you Ci:m read this•page it·foe�nst··

J��:.P{Pl?erly; fh1�. servef 15, power��J,y.�
. Ji:'i!f{ijl'.:�.J:\J;fo:\7:t:':· •.,. •. .
Just visiting? Are you the Administrator?
2.2. Ciu hinh Web site mac dinh 0

-Thu m1,1c g6c cho �eb site: /var/www/html
- T�o m9t trang html nhu sau:
# echo "<h 1>Truong tin hoc Nhat Nghe</h 1>" > /var/www/html/index.html
- Ti,ii client, truy c�p web site
194 Phien Ban Thi'r Nghifm - LU'U Hanh N<}i Bi}

�"11,eft, TRUNG TAM DAO T�O M�NG MAY TiNHNHAT NG�
r/,rJ; DOI TA.CB.AO T..,_O CUA MICROSOFT T..,_I VQT NAM ::�I!-.
'1-·,
--�--- 105 Ba Huyen Thanh Quan, Q3, TP. HCM Aficrosoft·Partner
NHAT NGH$
Tel: 39.322.i34 - 39.322.735- Website: www.nhatnghe.com Goki Leaming
u �fl - �
·', Mozilla Firefox ��
f""'I
(!; �
t•.Jhttp://www.nhatnghel.com/
www.nhatrqle1.com
mm_
� .. Most Ylsted LJ��
:-·, �... started �� Customize Links �.
q Free Hotmal n
-------·--"------- »
T1·uong tin hoc Nhat Nghe
- Chep thu m1,1c music vao /var/www/html
Eie tclt YielY H1lorY �arks

. . ... �· ........ ········-···••"""" !Pols t:ielp
,. +
•
�,.N_,.
0t• ww,e.matnghel.com
�� •••• "--� <'«�<�N,,-�• 'M"••><M,�_.,, , :,wna.�•• • � > ,U ,,,N, ,m, n
"-'N,,,=••"•• •
A
Music Caiagories
•
Even more websi
website template
Te111pl,11es
•
Dietary nutrients If you're looking fc ,.,,.
professionally m,
can find them at T
Dont forget to check fl" website templates every

day, because we add alleast one free wabstte
template dally. ;�
�fiil�41.:M\��i�itiii.ffl;��-fili:M/1%iit�;,?';&;,lli[{;}§it-L�f��\'.i}-{Si;.,L�.:-,.1:t:�=fi'.Jj,h�) \{;;{JI ;jj; .,,
3. T90 alias cho web site

T�o 2 alias:
www.nhatnghe1.com/forum
www.nhatnghe1.com/admin
Cac btroc th\(C thi�n:
- T�o cac thu mvc
# mkdir /var/www/html/{forum,admin}

..,.,.,J'.."'Jte'C- TRUNq T� DAO T�� M�NG MAY TINHNIIA.!NGJq:
"ffflfX D6I TAC BAO T�O CUA MICROSOFf T� VJ¥T NAM
I 05 Ba Huy�n Thanh Quan, Q3, TP. CM Microsolt" Partner
�
-N-HA-...,T_N_G_H_E• Tel: 39.322.734 - 39.322.735- Website: ";;,:-i:J Leaming
www.nhatnghe.com
-T�o trang web

# echo 11 <bl> Trang quan tri11 > /var/www/html/adrnin/admin.html
# echo 11 <hl> Trang dien dan11 > /var/www/html/forum/forum.html
-cAu hinh file httpd.conf
Alias /admin "/var/www/html/admin/"
<Directory "/var/www/html/ admin /">

Directorylndex admin.html
AllowOverride None
Require all granted
</Directory>
Alias /forum "/var/www/html/forum/"

<Directory "/var/www/html/foruin/">
Directorylndex forum.html
AllowOverride None
Require all granted
</Directory>
# systemctl restart httpd

Truy c�p cac alias
� ,-,,,,n _,_ = � ..--«= ,_,.,.,,.,,,,.,,,,,_ _,,.,�� > =�_,,....,.,,.-,""'"""".,...,,, =-,,-=-"O>--fr' "-==="""""�,-,, =-=-= V V� = v=---••
.
Ii';) Mozilla Firefox ��

file fd'it YJew Hiil:ory e_ool<marl<s Iools ttelp
CJhttp:flwww.nhatnghel.com/adm'in/
fjj Most Visited C:J Getting started C:J Customize Links U Free Hotrnai! »
Trang quan tri
- =-=- -=>==>'-'-' >' - .,,..,...,_,__,,_...__,,,,..,,,,-.,�,_,_,_.....� -.,.,,_? ,.,,_,,�,,.,,,.,..,,.,,-.,,_.s,-,..,.�V'""Y,>'-=�a'«c="'--'='"�;.<...,;"<N�= """°�'°""'e'o"'""'"'"'""",...,.,___,�» �
;;;:') Mozilla Firefox [)��

f.ile gciit � fi$ory � Iools !:ielp
[Jbttp:J/www.nhatnghet.com/forum/
{ + ': www.nhatnghe1.com/forum/
\.._./·-----·--····..-----·..-·-·---..·-·--··-·--·--·-"'
· c:\· ·c: C J)! •
____,,,J
(Ii Most Visited [} Getting started [J Customize l.i'lks C] Free Hotmai »
Trang clien dan
196 Phien Ban Thfr Nghifm - Ltru Hanh Nqi Bq

,...1-.,,e,r,
"f�
TRUNG TAM DAO TAO MANG MAY TINH NBA.T NGllt
1>61 TAC DAO T�O CUA MICROSOFT T� �T NAM
::�I�
"1···
""'!!
-N-HA
_.T-N_G_H-�• Tel: 39.322. 734 - 39.322.735 - Website:
AficlOsoff· Partner
www.nhatnghe.com Goid Leaming
4.Chfrngthvctruycjp
Yeu d.u username password khi truy c�p alias /admin
4.1 Basic Authentication

- T�o 2 user truy c�p nhu sau:
# htpasswd -c /etc/httpd/confi'password adminl
# htpasswd /etc/httpd/confi'password admin2
- Ki�m tra t�p tin passwords vira t�o:

# cat /etc/httpd/conf/password
adminl :dpD0SM4ocdxkA
admin2:UEOtmPnQBByhA
Luu y: Tuy cht;m -c se t(JO m9t ttjp tin password mai. Niu ttjp tin nay aa t6n tt;1i thi no se xoa
. n9i dung cu va ghi vao n(ii dung mm. Khi tt;10 them m9t password cho nguai dung khac thi ta
khong dung tuj, cht;m -c.
- Sira file du hinh ciia apache, cho alias /admin nhu sau:
Alias /admin "/var/wWw/html/music/admin/"
<Directory "/var/www/html/music/admin/">
· AuthType Basic
AuthName "admin"
AuthUserFile · "/etc/httpd/conf/password"
reql!,ire user adminl # or Require valid-user
Al1ow0verride None
#Require all granted
</Oirectory>
# service httpd restart
Ki�m tra truy c�p
Password:
- •••
- - -·-···· ·· ·············· - ·············· -- -- ·············· - - - -- ··············· · -·················· --- '
OK j I c�
Apach«/2.2.15 (C,mtOS) 1::,erver at 'l'Nffl.Niatn�l.com Port 80
Phien Ban Thu- Nghifm - LllU Hanh N9i B9 197

TRUN9 TA¥ f>AO T�� M�G MAY TiNHNIIAT NGH:f:
...,,,,J',.'1le'Cr
"ffflf"'r D6I TAC DAO T�O CUA MICROSOFT T� VIf;T NAM
K A 105 Ba Huy�n Thanh Quan, Q3, TP. HCM Miclosolt'Partner
NHAT NGHI; Tel: 39.322.734 - 39.322.735- Website: www.nhatn he.com G,._-,.Jd Leaming
4.2 Digest Authentication

- Si'ra file cdu hinh cu.a apache, cho alias /admin nhu sau:
Alias /admin "/var/www/html/music/admin/"

<Directory· "/var/www/html/music/admin/">
AuthType Digest
AuthName "private"
AuthUserFile "/etc/httpd/conf/password"
AuthGroupfile "/etc/httpd/conf/groups"
Require group admin
AllowOverride None
#Require all granted
</Directory>
-T�o 2 user truy c�p nhu sau:
# htdigest -c /etc/httpd/conf/password private adminl
# htdigest /etc/httpd/conf/password private admin2
- Ki�m tra
# cat /etc/httpd/conf/password
admin1:private: 3c0cada081556ddd5091428baa239751
admin2:private: fl)a41f98a0093bt2c3f07dfaadf881d2
-T�o group
# vi /etc/httpd/conf/groups
admin: adminl admin2
5. Tfo web site cho user

M6i user c6 1 web site rieng, do minh tt,r thi�t k� sau d6 dung ftp �pload trang web !en web server
Vi d1,1: dja chi web ciia m6i user la
www.nhatnghe1.com/nv1
www.nhatnghe1.com/nv2
Cac bu6c thµc hi�n

-T�o 2 user nvl, nv2
# useradd nv1
# useradd nv2
# passwd nvl
# passwd nv2
- Si'ra file # vi /etc/httpd/conf.d/userdir.conf

17 #UserDir disabled
24 UserDir public_html
32 AllowOverride All
33 Options None
-Them vao cu6i file /etc/httpd/conf/httpd.conf

redirect /nv1 http://www.nhatnghel.com/-nv1
redirect /nv2 http://www.nhatnghe1.com/-nv2
A
k'hm A
·---�- _9noO httnrl
"--r-
198 Phien Ban Thfr Nghifm - Ltrn Hanh N9i B9

,,.�'71,� 1>61TRUNG TAM DAO T�O M�G MAY TiNHNIIAT NGHl:
·.,./1,rJ; TAC BA.O T�O ciJA MICROSOFT T� VJlT NAM
,..
•• a- NGHi;: 105 Ba Huy�n Thanh Quan, Q3, TP. HCM Mictosoft'Partner
NMAT Tel: 39.322.734 - 39.322.735 - Website: www.nhatnghe.com G<;id Learning
# systemctl restart vsftpd

Gan quy8n truy cjp
#chmod-R 711 /home/nvl
# chmod-R 755 /home/nvl/public_html/
- User nv1, sir d\lllg filezilla upload trang web vao thu mvc /home/nv1/public_html
-
fz nv1Q'197 1681.70 Fil�Zil!a �l.QJ�
! t1ost: j 192.168.1.20 ! USername: r''

250 Olrectay successfuly changed.
j PasSj!Ol'Cl: �---·--J fort: C=:J '�cmect fEJ
�-
PASV
?Zl Entemg Passive Mode (192,168, 1,20,212,51),
UST
150 Hele comes the ci'ectay listing.
226 Oirectay send OI(,
Oirectoty lstilo successftJ
__\ _____;!v.'""j Remoteslte: {home/nvl/html

_local_51_e_:�·G-:�-=---\buSineS-,-·_s-oo1ne
-�-. -e:i� Giit?l:il
; e banner
�i
GHt?:i home.
8 0 nvl
� 0 blad<falry
$ o blog .
iii e, busiless-onine
,.::,
(t a html
(ii b �-collection
5,f,• ;:",;JJ;,. )l
Fileneme I Filen;:,rne t Filesize · Filetype last modified Permissions 0
6.: ei.
ornaoes File Folder t::)images File Folder 7/2-1/2012 4:00... drwxr-xr-x 50
(}Oesk.top_.ill 10 Configurati ·oeskl:op ... . 10 Conflgurati... 7/24/2012 4:00... -rw·r-r- 50
"
astyle.css
�index.htm 487,621 Firefox HTI index.html 437,821 Fin.ifox HT. • 7/24/20!2 4:00... 4Vrr··r-
ll,129 cascading .... style.css 11,129 Cascading ... 7/24/2012 4:00... -rw·r-r- so
I!:] Mipage.html 488,457 Firefox HTT ;� subpage ... 488,457 FirefoxHT... 7/24/20124:00 .. . -rw-r-r- 50
!il· :;:<: · if 1�;;.,;..o.;;;;;;;,�;=.,,,-;.;.;,=.,"""""'=.,"'"'"'��"".;.c,;,....;..�;.;.;,.;,-,;,c..J..;.c;---��

Selected 4 fies llOd 1 directory. Total size: 987,417 b Selected 1 file. Total size: 487,821 bytes
Server/local file Direction Remote file s� Priority Status
- Truy cjp: www.nhatnghe1.com/nv I
Phien Ban Thir Nghifm - Lll'll Hanh Nqi Bl] 199

TRUN9 TA� DAO T�� M�NG MAY TINHNHA.!NGe:E;
-..L"2e,t, D6I TAC DAO T�O CUA MICROSOFf T� \'q:T NAM
"/ffl:'X
105 Ba Huyen Thanh Quan, Q3, TP. HCM Miclosoff·Partner
NHATNGHE• Tel: 39.322.734
. - 39.322.735 - Website: www.nhatn he.com
,., A
g
- �� -
�[Qj�
°
' J Busmcss Omnc - Mozilla Firefox
E.1e � !£ieW HiltOl'Y llJ)ollmarks I.ools l:!elP
I CJ Business Onine
_-,,_e 11 itt • (,oe,,gie
/,.·-··,,
( +.Lj._;;;�_ _. __;;__t._com/__;Nn_vl_;_/ __________.:..._,:�_,

.. 1/,_JW_,nhatni;tie
"-.:..,•-
iil Most Visited CJ Gettii9 Started [J Customize !it.s O Free Hotma1 CJ Windows Mar� CJ WincbYs Meda CJ Windows
enterprise Co.
tho tMG.'t JlOiUbOM for f"OUI' �liftC:SS
More News I APPiy
6. Report
Cai awstats
# yum install epel-release
# yum install awstats
# cp /etc/awstats/awstats.model.conf/etc/awstats/awstats.nhatnghe.conf
#vi /etc/awstats/awstats.nhatnghe.conf
50 LogFile="/var/log/httpd/access_log"
122 LogFormat= l ; log format in httpd.confis 'combined'
153 SiteDomain=www.nhatnghe.com
203 DirData=/var/lib/awstats ·
239 AllowToUpdateStatsFromBrowser=l
# vi /etc/httpd/conf.d/awstats.conf
29 Require ip 192.168.1.0/24
#systemctl restart httpd
Tiin banb pban ticb
# /usr/share/awstats/wwwroot/cgi-bin/awstats.pl -config=nhatnghe -update
Create/Update - database for config "/etc/awstats/awstats.nhatnghe.conf' by

AWStats version 7.3 (build 20140126)
From data in log file "/var/log/httpd/access_log"...
Phase 1 : First bypass old records, searching new record...
Searching new records from beginning oflog file ...
Phase 2 : Now process new records (Flush history on disk after 20000 hosts)...
Jumped lines in file: 0
P::irsed lines in file'. 77
I Found O dropped records,
206 Phien Ban Thir Nghifm - Llru Hanh N{H B9

�
TRUNG TA.M DAO T�O M�NG MAY TINHNB.AT NGHt
en,
B6I TAC BAO T-4-0 CUA MICROSOFT.T� Vlt:T NAM
-:�I,"',l,.,
,., ;:,. 105 Ba Huyen Thanh Quan, Q3, TP. HCM

NHATNGHc· Tel: 39.322. 734
. - 39.322. 735 - Website: www.nhatnghe.com
Afictosolf' Partner
Go!d Learning
Found O comments,
Found O blank records,
Found O corrupted records,
Found O old records,
Found 77 new qualified records.
Bao cao thong ke �t ky SU d\lng web
# II /var/lib/awstats
total 16
-rw-r--r-- 1 root root 7860May 10 13:01 awstats052015.localhost.localdomain.txt
-:rw-r--r-- 1 root root 7817May 10 13:01 awstats052015.nhatnghe.txt
Gan quy�n cho user apache

# chown -R apache /var/lib/awstats/
# chown -R apache /var/log/httpd/
T1;10 redirect: vi /etc/httpd/conf/httpd.conf

Them vao cu6i file:
redirect /baocao http://l92.I68.I. IO1/awstats/awstats.pl?config=nhatnghe
Xem bao cao:http://www.nhatnghel.com/baocao
C Cl, awrtat
10 May 2015 • 13:05 Updote now
Reported period: May • 2015 • OK
. . . . !ilJIJIIYlil')' ..
Reported period . Month ·May 2015
First visit 10 May 2015 • 11:58
Last visit 10 May 2015 • 13:05
-�(}Hn!�e��;a1[ij Number of visits
2 2 100 .325 694.27 KB
Viewed traffic .,
(1 visits/visitor) (SO Pa�esNisit) (162.S Jiits/Visit) (347.13 KB/Visit)
Not viewed traffic * 29 32 16.17 KB
"' Not viewed traffic indude$ traffic generated by r�bots:, worms,· or· i.eplies �ith special HTTP status codes.
- - --- t__ -· -·- - - -

Thf>ng ke theo qu6c gia:
Month
---
Jan Feb Mar Apr May Jun Jul AA.lg 5 ep Oct Nov Dec
2015 2015 2015 2015 2015 2015 2015 2015 2015 2015 2015 2015
Nuinber'of
.__.visits·
# rpm -qi GeoIP

/usr/share/GeoIP/GeoIP-initial.dat
/usr/share/GeolP/GeoJP.dat
Thutruy van
# geoiplookup vnexpress.net
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!5,L
Phien Ban Thfr Nghifm - LU'U Hanh Nqi Bi} OI
TRUNG TAM :E>A.0 T�O M�NG MAY TiNHNHAT NGHl:
..A1"'R�
7rrJ:. B6I TAC BAO T�O CUA MICROSOFT T� VJtT NAM
A
Miclosoff·Partner
NHAT NGHI; Tel: 39.322.734 - 39.322.735-Website: www.nhatn he.com
,.,
"...'idt!Leaming
GeoIP Country Edition: VN, Vietnam

Khai bao plugin
# vi /etc/awstats/awstats.nhatnghe.conf
1428 LoadPlugin="geoip GEOIP_STANDARD /usr/share/GeolP/GeoTP.dat "
Chfrng thyc user xem bao cao

# vi /etc/httpd/conf.d/awstats.conf
1424 <Directory "/usr/share/awstats/wwwroot">
25 Options None
26 AllowOverride None
27 <lfModule mod authz core.c>
28 # Apache 2.4
29 AuthType Digest
30 AuthName "private"
31 AuthUserFile "/etc/httpd/conf/password"
32 AuthGroupfile "/etc/httpd/conf/groups"
33 Require group admin
34
35 # Require ip 192.168.1.0/24
36 </ltModule>
37 <ltModule !mod authz core.c>
Create users and group

#htdigest --c /etc/httpd/conf/password private admin1
#htdigest /etc/httpd/conf/password private admin2
#echo "admin: adminl admin2" > /etc/httpd/conf/groups
Thu xem lai bao cao
.statisti� for: ! /1.-uthenticaticn Required �'i1J!l¥Ai'tt'

www.nhatngh , , ,,
@
Summary
When:
,,,
Monthly history
I
l
I User Name:
A username and pamvord are being requested by http:/!192.168.1.101. The site says! "private"
Days of month I
Days of week I Pa�ord:
Hours
Who:
�,u;��i:i L.---·----·. ,_. . =-w

Hos'-"5 ! .i 2
202 Phien Bin Thll' Nghifm - LU'U Banh Nqi Bq

T�UNq TA� DAO T�� M�NG MAY TINH NRA.! NGH:E; ..-Ail
�A2�-.,,e,,c, . E!l�
7,r'J; DOI TAC DAO T�O CUA MICROSOFT T� \TIJT NAM " ...
,.., � 105 Ba Huy�n Thanh Quan, Q3, TP. HCM
NHATNGHE· Tel: 39.322.734 - 39.322.735- Website: www.nhatnghe.com
Microsolt· Partner
Goki Learning
7. Web PHP Mysql

Cdu hinh apache h6 trg web site vi8t bing php va ca sa du li�u mysql
Cai cac g6i:
php-5.4.16-23.el7_ 0.3.x86_64.rpm
mariadb-:-server-5.5.4 l -2.el7_0.x86_64.rpm
mariadb-5.5.41-2.el7_O.x86_ 64.rpm
php-mysql-5.4. l 6-23.el7_0.3.x86_64.rpm
Chu y: cai cac g6i ph1,1 thu9c

perl-Compress-Raw-Bzip2-2.061-3.el7.x86_64.rpm
perl-Compress-Raw-Zlib-2.061-4.el7'.x86_64.rpm.
perl-IO-Compress-2.061-2.el7.noarch.rpm
perl-Net-Daemon-0.48-5.el7.noarch.rpm
perl-PlRPC-0.2020-14.el7.noarch.rpm
- H6 trg unicode
# vi /etc/my.cnf
character-set-server=utf8
- Khai d9ng mysql
# systemctl start mariadb
# systemctl enable mariadb
- D�t password cho mysql: Sau khi cai MariaDB se kh6ng dugc bao m�t vi chua c6 m�t khftu root va
cac tuy ch<;m dn thi�t. Do v�y ch�y l�nh sau d� thi8t l�p m�t khftu root:
# mysql_secure_installation
# mysql_secure_installation
/usr/bin/mysql_secure_installation: line 379: find_mysql_client: command not found
NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB
SERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY!
In order to log into MariaDB to secure it, we'll need the current
password for the root user. If you've just installed MariaDB, and
you haven't set the root password yet, the password will be blank,
so you should just press enter here.
Enter current password for root (enter for none):

OK, successfully used password, moving on...
Setting the root password.ensures that nobody can log into the MariaDB
root user without the proper authorisation.
# set root password
Set root password? [Yin] y
New password:
Re-enter new password:
Password updated successfully!
Reloading privilege tables..
... Success!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!-.,io3
Phien Ban Thfr Nghifm - Llru Hanh N{H Bq
Men, TRUNG TAM E>AO T�O M�G MAY TINHNIL\TNGU¥
B6I TAC B.AO T�O CUA MICROSOFT T�I VJlTNAM
105 Ba Huyen Thanh Quan, Q3, TP. HCM Miclosoff·Partner
NHAT NGHI; Tel: 39.322.734 - 39.322.735-Website: www.nhatn he.com
,., A
g
By default, a MariaDB installation has an anonymous user, allowing anyone
to log into MariaDB without having to have a user account created for
them. This is intended only for testing, and to make the installation
go a bit smoother. You should remove them before moving into a
production environment.
# remove anonymous users
Remove anonymous users? [YIn] y
... Success!
Normally, root should only be allowed to connect from 'localhost'. This

ensures that someone cannot guess at the root password from the network.
# disallow root login remotely
Disallow root login remotely? [Y/n] y
... Success!
By default, MariaDB comes with a database named 'test' that anyone can
access. This is also intended only for testing, and should be removed
before moving into a production environment.
# remove test database
Remove test database and access to it? [Y/n] y
- Dropping test database...

... Success!
- Removing privileges on test database ...
... Success!
Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.
# reload privilege tables
Reload privilege tables now? [Y/n] y
... Success!
Cleaning up...
All done! If you've completed all of the above steps, your MariaDB
installation should now be secure.
Thanks for using MariaDB!
- Login mysql
[root@ mayl music]# mysql -u root -p

MariaDB [(none)]> create database thoitrang;
I Query OK, 1 row affected (0.01 sec)
204 Phien Bin Thir Nghiim - LU'U Hanh N{H B{,

?llile'f,_ TRUNG TAM DAO T�O M�NG MAY TINHNHAT NG:et;
DOI TAC BAO T�O CUA MICROSOFT T� Wf:T NAM
105 Ba Huy�n Thanh Quan, Q3, TP. HCM lllicrosolt· Partner
':�, �
'\'!,,
NH1,.T NGH� Tel: 39.322.734 - 39.322.735 - Website: www.nhatnghe.com Gold Learning
MariaDB [(none)]> show databases;

-t �-�---- ·---------------1-
1 Database I
-t �-�---------------·----I-
I information_schema I
I mysql I
I performance_schema I
I thoitrang I
-t �-�--------------------1-
4 rows in set (0.00 sec)
MariaDB [(none)]>exit
- Import database.
# mysql -u root -p thoitrang < /root/thoitrang/thoitrangdb
- Chep'thu m\lC thoitrang vao /root
-Giai nen
# cd· thoitrang/
[root@mayl thoitrang]# tar xzvfthoitrang.tar.gz
[root@mayl thoitrang]# mv thoitrang/* /var/www/html/
- Sira file cdu hinh
#vi /etc/httpd/conf/httpd.conf
dong 164 Directorylndex index.php
- KSt n6i database:

# vi /var/www/html/configuration.php
#var $db= 'thoitrang';
- Truy c�p web site 192.168.1. l 01
!!!!!1!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!5-,ios
Phien Ban Thtr Nghifm - Ltru Hanh N{H B{,
Men,
TRUNG TAM DAO T�O M�G MAY TiNHNHATNG11¥
D6I TAC DAO T�O CUA MICROSOFT T�I VIf;TNAM
,., _ 105 Ba Huyen Thanh Quan, Q3, TP. HCM Miclosolt· Partner
NHATNGHE . ".:.i:)icl Leaming
• Tel: 39.322.734 - 39.322.735- Website: www.nhatnghe.com

---··· - ........,.................,•-•············ ··········-·······. ·-···· ____
+ . � 192.168.l..lOl !--· · ··--· ··· ---·--··'""'""-]
, . . .
.. ..... ·
.... ··-··· - ,
l 7 <:! i Q. MariaDB mysql �
-�---··""'. --...................... ....,•. ____________,_,____,____ ··---·····-···. -·--···-·"-J . __________.._........________________
. .
- D�t password quan tri web site

mysql -u root -p
use thoitrang;
UPDATE 'thoitrang'.'Y2C_users' SET 'password'= MD5( '123456') WHERE
'Y2C_users'.'id' =62 LIMIT I ;
- Truy c�p vao trang quan tri
http://l 92. I 68. I.l O I /administrator/
Usemame: admin
Password: 123456
i:?) Yo! Style -Admini,lra!ian - Mozi114 Firefox ��

E.lo t.dit Yi""' t'sitO<Y !l_ooM>o,!<s
v� -• •••�"·-,-•" , , · � • =•-• • • "" y,v_
i lliv.1 st,le • -- .
+ - -::)} ��i'I" nhatnQhet.cornfa.j:,,t:lt�:;.at-xi
....
, ... "'' V• 000 •••·• ·-• o•••• •••••• •• • •• ,-, • , s • • • ••••H•h
�Y""�' .� "",iWi "'-f;"' " ,' A,,- ,,,,,. ,©! ';;:.@ -{ "�"' ':l%i""'i¥"""' m rd '"'-�t"'£' ,,q,i
.>. Joomla. Yo. Styfe
" . , �
Joomla! Administration Login

Use a Y8ld usemame �
pe$SWO!d to Ill"> access to
tt,oAdmi,i,1,ol<I< Bocl<-end.
Re4..m tc Me Home Page
'i�i:
l01Ji11 _Q
206 Phien Ban Thir Nghifrn - Ltru Banh N{H B(j

...J'.."'.llefC,
"/�
TRUNG TAM DAO T�O M,:\NG MAY TiNHNHA.T NGU:E:
DOI TAC BAO T�O CUA MICROSOFT T� VfE:T NAM
"':�I,
�--,
----- 105 Ba Huyen Thanh Quan, Q3, TP. HCM Microsoft· Partner
NH,._T NGH · � Tel: 39.322. i34 - 39.322.735 - Website: www.nhatnghe.com Goici Learning
. ··.:.,_
(�I�-� ..............l.can/�..��!.�:�:�:i��":::t.�----- ____________ _ _____·(;· -;· C'J �,.,,,,,,1., _____ _

Ill -\'lslted O Gotl*,v St.tad O Cu1taniZe LW<.s O """'Hotmel_ C Wn1ows � 0 Windows Meda CJ Windows
·
- '� Joomla! Yo! Style .; .
•"
� =-� ..,.,..,,,,.,. _ _ '"'_""""' �'"""=��"��
Article Manager
IJnerd'ivll Archive Pul>iSh
r-.
'---- 41
� Move
ir:
Copy
a
Trash
/
e<t
;;;, 0 Adminiw!l!or 09.01.()9 372 49
� 0 _2 Administro!or 12.0008 43 43
About
.;J 0 Joomla!
TheCMS Admlnisir!l!or 11!)800 1()9 22
About
-Overview � 0 Joomlaf
TheCMS A<fminio',ator 0'30808 ,!.',,;V 1S
vi 0 AbOIA
.ioomlol
The CMS MmiliS1!o,or 11Jl8Jl8 1WS �
� 0 AbO!A
Joomlo!
TM CMS Admlnis:rotor oo.oa.os SJ 18
·:;, 0 __ s
About
,'oomlal
Th� CMS Administrator 12.08.08 7i 24
Abeu The
V 0 � CQtn!'nlJt1d)'
Admil!.."i't:tJtor ll'Jfj(j ll'J !{\ :n
27
:�-
J>:, .,
ChQn new, so�n bai vi�t moi, �hQn save
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!9,io1
Phien Ban Thii' Nghifm - L1111 Hanh Nqi Bq
,.,.1-.,,e,,,,
TRUN� TA� DAO T�� M�NG MAY TINH NBA! NGHl
"f
,r'J;
B6I TAC BAO T�O CUA MICROSOFT T� �T NAM � ..
� ..
105 Ba Huyen Thanh Quan, Q3, TP. HCM MTICIOSOff· Partner
� �
NHAT NGH�
·•+'llol·, lltylo·--
t
"'' .
& -.nlMlnghet.a,m/....,_ratorf,nd•x.pl,p7',p,'ac<,-��n_c_.,. . · ·····-·-·--·--···--···--·---------..--· - - ,:°';- ""
· C'] Lfl: G,s,glo ..................._.______.f'Jj &
·
•-- CJ-...- oClntcorize-. o-- o--.� CJ-- cJ-
------.. -------·---·-----------· ..........______ .._______ ....................____ _____ ______ -------------------.. ·-·-·..---····-.................__ ··-··-·---------···-···.
··- ---
,. ,.
Tllo 0No0Yes
�,tr:;�:,�r��:1:��;��
0No0Yes o.,_.
:�.. . Tuesdoy,24 July 201210:17
"" •·•- . · ····•" "••••• • • ··• ',, ''•••••····A •••.,:.·w·,·,;··w··· ·;· ·,�-•�,· ·· ··.;· ·· ; ·· ··; '"� ··,···········:· ·
i �� 1
:;;;
: 'Samsung tlin gliin toi v1+c � b6 dltn tho.ii rrun !:!lJ:l!l deo
iL::-, b A· 1;
�!i
·· . -· -
A�;i�� . ·;:�.;.�-� �j
···· ·
AUU)« Alfwo- i ·-···-v·==·---··u ·�··· . --�··· !

'. · ·
·
A.:i:•o,.L•v,ef L� '.�: ..:· .· ;:�;
t1,1oQ nlllf bM aiu Qia llll mbn l1lnll �" h(! mol Gtl lfili nang u6n � t.:r rutt ,Fl:!
1111201 :fety duQc �� 6uoc . 01 ·oiu-tllm cua Samsung t(Q(l!I K'etioach toan taoQ smartpnone _; I,:_· C•·••t,d Dub, :�i*-4?.� j�;�.f�"t!!f
mm bloll UOll noet CU I nllm nay. F'f!j' �"'tnitrubU$htno f�J.��,#i �ij·-jf�\.�:
:
� Q6a DDII/J: (tlaD Q4;J, iolji ..,.., 11:1 ah chi mclno 0,6 mm, blno 1/3 l:ln so Yd e.MQI.EQ hay m: LCO .. ·
flnl'M• �1bll•hJnu ��
'LlJ; . ;t�
lblll:a::a l,t 1,e nm. tlcXIM. u. w 1'!irn o:.a r:111 Ii di> bin CIICl u It bl Clh va. ll,,ii � l:ltJ.x �. :,:.,: '
me.»
mm li:t1
Imm..
* ..
vln tiJl;1C mi 11m mOt � bio ,,. blno � kb:la:1- :!IA kt:ill!o di) � tAno ll!o lbmJtl :::,i:,
i:21·
,:·, ·. ; , .,. :;. ······;.;;,_·;,: , · .. ,
� �
� P_ 1_:..·m�� -T$ (Adwtn<:ed),
/Jf'. t Me1�HJ..11d lnfonu�11:tl1)n
Xem trang tin da dugc cjp nMt
.,_ � � Hl$ory llOOf,tnotl<s l90is tJelp
�.�-;\�0,�i�.·��--��·. •-'�• " ,:.Q;<l±;;;

=�:�--ed
r.r.i
. : �_ �;;.,��-:��..
1·��,��-�-��:��-��-· �•:�:!;1!��}��'�;�,.�J·��0:��9��p��;;;,�;;,�}i:;(p
r.�--:� .: �.,��:. .., ,
C) GettingSt- U C..-.iize Linl<s C FreeHotm..i L; w.ndo..s�ace [:; Windows Media U Windows
J 5J · .
�p?�:��-�'.'.'.'��'..'.'��-�:.��.:.:��;;<;�"'.��:�!\ll�-�,fr�,'.'.?:�.?��-�-.·r1?_rt!'..�::?i�.(.'lll�"'.'j :lJtt.�� j-�- . .' , · 2:' 1t
8. Virtuamost
Cho phep �o nhi�u hem m(>t website tren server.
8. lNamed-based virtual host
2u8 Phien Ban Thii' Nghifm - Lll'll Hanh Nqi Bq

....1"J!e,f,
r-/,r'J;
TRUNq TA.¥ E>AO T�� M�NG MAY TINHNIIA.! NG�
D6I TAC DAO T�O CUA MICROS0Ff T� VQT NAM
:�"'"'11�
__ A___ 105 Ba Huyen Thanh Quan, Q3, TP. HCM IWicrosolt·Partner
NH T NGH� Tel: 39.322.734 - 39.322.735-Website: www.nhatnghe.com
A
G<:id Learning
M{>t IP dung chung cho nhiSu web site cho nhi�u ten khac nhau yeu cAu phai c6 DNS server).
d day se hu6ng ddn cac b�n t�o virtualhost bAng ca.ch/P-basedvirtua/ host.
Vi d\l web hosting cho cac web site
garden I .com
· thoitrang I .com
- Ciu hlnh dns: named.conf, -qio 2 zone
zone "gardenl.com" IN {
type master;
file "nhatnghe.db";
};
zone "thoitrangl.com" IN {
type master;
file "nhatnghe.db";
};
# systemctl restart named-chroot

- Chep cac thu ffi\lC clothes, garden vao thu m\lc /var/www/html/
- Cdu hinh httpd.conf

Them vao cuAi file:
Name Virtual Host 192.168.1.20
<VirtualHost 192.168;} .20>
ServerAdmin webmaster@thoitrangl.com
DocumentRoot /var/www/html/clothes
Directorylndex index.html
ServerNamewww.thoitrangI.com
ServerAlias thoitrangI.com
ErrorLog logs/thoitrang.err
CustomLog logs/thoitrang.log combined
<NirtuaIHost>
<VirtualHost 192.168.1.20>
ServerAdmin webmaster@gardenI.com
DocumentRoot /var/www/html/garden
ServerNamewww.gardenI.com
ServerAlias gardenI .com
ErrorLog logs/garden.com-error_log
CustomLog logs/garden.log combined
<IVirtualHost>
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!�209
- Phien Ban Thir Nghifm - L11U Banh Ncji Bcj
TRUN<? TA� DAO T�� M�NG MAY TiNHNIIA! NGIQ:
_,,I.Y.,e,t, 1>61 TAC BAO T�O CUA MICROSOFT T� \7q:T NAM � ..
"ffllf"I: "
I 05 Ba Huyen Thanh Quan, Q3, TP. HCM Nlicl'osolt' Partner
.
NHATNGHE· Tel: 39.322.734 . . ·
,, A
- 39.322.735- Website: www.nhatn ghe.com

r ;r Clothes fd.,;100 template M-oztlld F1rcfox
1
� Q !_
Elo f.dt :tlew l¥<>tY � Jpok tM>
!��?�-� ·-�---¥.��---- x ��-Glllll,, .·, . ,'·,:. -,-: ,·,.;,.,.,_. ,:,· · ·. · ;.,_.,. ,.:_-�:. ;: ,· ·: ,� ·.,,. . . :,.::..,,·,. -. . ·- �_,,,,. ·.,:-�:2=_·,::�::�:,�-,::.�,,,.:.:,
�'*'. a; -,.thctrongt.com ·;";· , C' 1 /,ti· '-i<Yv'"" />I ,t;
,i!l Most........i CJ Ge1tt>O SIMtocl C ,_LH<s [} FTeeHotmol rJ -Ma,l<otplace D _,... CJ....,,_
E! Garden WcbS1tc Design-, free CSS Template Mazrllil f,rcfoK ,• .__J

!
v
r.rr;��:,�t��¥i{;'.:ff:�?{i4;�+0kJ·r. :;·�� --�� Fr;,:;·��·;� ·.
Ele tdt ·!fi!IW ......, � !l><lls �
X
'�- �- :'.�; Q;i,,:1:.'?'11

Cai MostVilled r.:; Gotl"!ISt•t«I CJ c-.-ur,1,,s f.J ffeeHo<moo1 r__; W,->4t,,,sMorl<.etoloco LJ -- ·:·3-
8.2. IP-based virtual host - m<)t IP cho m9t website yeu d.u phai c6 nhi�u IP
gardenl.com ip 192.168.1.20
thoitrang l.com ip 192.168.1.22
Cac bu6c th\l'c hi�n
- Gan ip thu 2 cho ethO
# vi /etc/sysconfig/network-scripts/ifcfg-ethO
21�01[!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!�
TRUN9 TA.¥ £>AO T�� M�G MAY TiNHNIIA! NG11¥
-AA�,."11,(ftl
"/frJ; DOI TAC DAO T�O CUA MICROSOFT T� VIJT NAM
..., � 105 Ba Huyen Thanh Quan, Q3, TP. HCM Mictosoft·Partner
NHAT NGH� Tel: 39.322.734 - 39.322.735 - Website: www.nhatnghe.�om Gc!(j Learning
IPADDR2=192.168.1.22
# service network restart
- Ki�m tra IP
# ip addr
2: ethO: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu ISOO qdisc
pfifo_fast state UNKNOWN qien 1000
link/ether OO:Oc:29:98:bf:be brd ff:ff:ff:ff:ff:ff
inet 192.168.1.20/24 brd 192.168.1.255 scope global ethO
inet 192.168.1.22/24 brd 192.i68.1.255 scope global secondary ethO
inet6 fe80::20c:29ff:fe98:bfbe/64 scope link
valid 1ft forever preferred 1ft forever
- Sua cdu hinh dns

# vi /var/named/chroot/etc/named.conf
zone "thoitrang I .com" IN {
type master;
file "thoitrang.db";
};
# cd /var/named/chroot/var/named
#cp nhatnghe.db thoitrang.db
# vi /var/named/chroot/var/namedithoitrang.db
$TTL 86400
@ IN SOA serverl.nhatnghe1.com. root (
42 ; serial (d. adams)
3H ; refresh
15M ; retry
1W ; expiry
10) ; mm1mum
IN NS server] .nhatnghe1.com.
IN A 192.168.1.22
server! IN A · 192.168.1.22
WWW IN CNAME server!
mail IN CNAME server l
ftp IN CNAME server!
# systemctl restart named-chroot
-Kiehn tra
C:\>ping www.thoitrangI.com
Pinging server1.thoitrang I.com [192.168.1.22] with 32 bytes of data:
Reply from 192.168.1.22: bytes=32 time<lms TTL=64

Reply from 192.168.1.22: bytes=32 time<] ms TTL=64
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!9.,itt
TRUNG TAM DAO T�O M�G MAY TiNHNHA.T NGiq:
J>AI.""'lle!tt
"{� D6I TA.C DAO T�O CUA MICROSOFT T� V1¥T NAM
,., � 105 Ba Huyen Thanh Quan, Q3, TP. HCM Microsoft' Partner
NHAT NGHI; Tel: 39.322.i34 - 39.322.735 - Website: www.nhatnghe.com
"3::-i:l Leaming
C:\>ping www.gardenl.com
Pinging serverl.gardenl.com [192.168.1.20] with 32 bytes of data:

- C§.u hinh apache

# vi /etc/httpd/conf/httpd.conf
Sira l�i cac dong cu6i file
#NameVirtualHost 192.168.1.20
ServerAdmin webinaster@thoitrangl.com
DocumentRoot /var/www/html/clothes
ServerName www.thoitrangl.com
ServerAlias thoitrangl .com
ErrorLog logs/thoitrang.err
CustomLog logs/thoitrang.log combined
</VirtualHost>
ServerAdmin webmaster@gardenl.com
DocumentRoot /var/www/html/garden
ServerName www.gardenI.com
ServerAlias gardenI.com
ErrorLog logs/garden.com-error_log
CustomLog logs/garden.log combined
</VirtualHost>

- Thi'.r truy cflp l�i cac web site
21•2�!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
...J"..'1le'C- TRUNG T.A.M E>AO T�O M�NG MAY TiNHNIIAT NGH¥
r-/,r'J; D6I TAC B.AO T�O CUA MICROSOFT T�I vrf:T NAM
-:�I,
,o,i.,.
105 Ba Huy�n Thanh Quan, Q3, TP. �CM MiclOsoft· Partner

-N-Hi_T_N_G_H_E• Tel: 39.322.734 - 39.322.735 - Website: www.nhatnghe.com Goid Learning
Topic 15: E-Mail Services

Configuration files for postfix
Mail client: dovecot, webmail
Antispam
Antivirus
£,. mail policy
E-Mail Log Analysis
Phien Bin Thir Nghifm - Ltru Hanh Nqi Bq i13

TRUNG TAM E>AO T�O M�G MAY TINHNIL\T NGH:f;
_,,1'1le,t,
7,rx B6I 1:AC BAO T�O CUA MICROSOFT T�I VJ¥T NAM
105 Ba Huyen Thanh Quan, Q3, TP. HCM Miclosolt" Partner
• ,., • A
'i,A,� Leaming
Install and Configure a Postfix Mail Server

C�uan
. .:t
bj
Cau hinh dns phan giai ten cho domain nhatnghel .com
File nhatnghe.db
$TTL 86400
@ IN SOA serverl .nhatnghe1.com. root (
42 ;serial (d. adams)
3H ;refresh
15M ;retry
lW ;expiry
10) ;minimum
INNS serverl.nhatnghe l .com.
INMX 10 server1.nhatnghe I .com.
IN A 192.168.1.20
serverl IN A 192.168.1.20
WWW INCNAME serverl
mail INCNAME server I
ftp IN CNAME server.I
1. Cai va ciu hinh Mail Server
Cai g6i postfix postfix-2.10.l-6.el7.x86_64.rpm

cAu hiti.h postfix
- Si'ra file cAu hinh /etc/postfix/main.cf, chu y nhiing phftn sau:
31 queue_directory = /var/spool/postfix
42 daemon_directory = /usr/libexec/postfix
48 data_directory = /var/lib/postfix
59 mai]_owner = postfix
75 myhostname = mail.nhatnghel .com
83 mydomain = nhatnghe I .com
99 myorigin = $mydomain
Server se ling nghe tren dja chi nao d€ nh�n mail v�.
113 inet interfaces = an
116 #inet interfaces = localhost
Server se g&i mail ra ngoai bAng domain nao.
164 #mydestination = $myhostname, loca]host.$mydomain, Joca]host
165 mydestination = $myhostname, loca1host.$mydomain, ]ocalhost, $mydomain
264 mynetworks = 127.0.0.0/8
Luu trfr mail trong /home/*

419 home mailbox = Maildir/
Kh&i d9ng postfix
� !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
21 4 Phien Bin Thw Nghifm - LU'U Hanh Nqi Bq
Men, TRUNG TAM E>AO T�O M�NG MAY TINH NHAT NGllt
D6I TAC DAO T�O CUA MICROSOFf T� VJl;T NAM
105 Ba Huyen Thanh Quan, Q3, TP. HCM l,fictosoft·Partner
::�""'I,
NHATNGHE . .
.,. A
· Tel: 39.322. 734 - 39.322.735 - Website: www.nhatnghe.com Goid Leaming
# systemctl restart postfix

# systemctl enable postfix
T�o 2 user uI,u2
2. Goi mail bing tf.p lfnh smtp

U 1 goi mail cho u2
T�i may windows: cmd, telnet mail.nhatngheI.com 25
220 mail.nhatngheI.com ESMTP Postfix

helo nhatngheI.com
mail from: uI@nhatngheI.com
rcpt to: u2@nhatngheI .com
250 mail.nhatngheI.com
data
Mail nay goi tu ul den u2
. <Enter>
250 2.0.0 Ok: queued as D4539BF211
T�i may linux, u2 ki�m tra mail
[u2@1ocalhost-]$ mail
Heirloom Mail version 12.4 7/29/08. Type? for help.
"/var/spool/mail/u2": 1 message 1 new
>N 1 u l@nhatnghe I .com Tue Jul 24 19:57 10/344
& 1 #nhin 1, d9c mail s6 1
Message I:
From ul@nhatnghe I .com Tue Jul 24 19:57:50 2012
Return-Path: <u l@nhatnghe I .com>
X-Original-To: u2@nhatnghel.com
Delivered-To: u2@nhatnghe I .com
Status: R
Mail nay goi tu ul den u2
&r 1 # h6i am cho mail s6 1

To: ul@nhatnghel.com
. > Mail nay goi tu u1 den u2
Subject: Da nhan mail
chuc ul vui ve
EOT
& quit
Held I message in /var/spool/mail/u2
You have mail in /var/spool/mail/u2
fu2(a),localhost-]$
Ul ki�m tra mail
I [ul@localhost-]$ mail
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!-,i15
Phien Ban Tbir Nghifm - Ltru Hanh Nqi B9
I ..,.,..J',.,te,t,
"fffl:'X
..e
TRUN9 T� DAO T�� M�G MAY TiNHNIIA.!NG�
D6I TAC DAO T�O CUA MICROSOFf T� �T NAM
105 Ba Huy�n Thanh Quan, Q3, TP. HCM . 11/rlCl'OSOft· Partner
�,� - ..
A
Heirloom Mail version 12.4 7/29/08. Type? for help.

"/var/spool/mail/ul ": 1 message 1 new
>N 1 u2@nhatnghel.com Tue Jul 24 20:01 19/597 "Da nhan mail"
&1
Message 1:
From u2@nhatnghel.com Tue Jul 24 20:01:20 2012
Return-Path: <u2@nhatnghel .com>
X-Original-To: ul @nhatnghel.com
Delivered-To: ul@nhatnghe I.com
Date: Tue, 24 Jul 2012 20:01:20 +o700
To: ul@nhatnghel.com
Subject: Da nhan mail
User-Agent: Heirloom mailx 12.4 7/29/08
Content-Type: text/plain; charset=us-ascii
From: u2@nhatnghel.com
Status: R
> Mail nay goi tu ul den u2

chuc ul vui ve
&
3. Dovecot
H6 trq client truy c�p mail b�ng giao thfrc pop, imap
-Cai g6i dovecot-2.2.10-4.e17_0.1.x8 6_ 64.rpm
-Cdu hinh
# vi /etc/dovecot/dovecot.conf
24 protocols = imap pop3 lmtp
# vi /etc/dovecot/conf.d/10-auth.conf
10 disable_plaintext_ auth = no
100 auth_mechanisms = plain login
# vi /etc/dovecot/conf .d/10-mail.conf
24 mail location = maildir:-/Maildir
# vi /etc/dovecot/conf.d/10-master.conf
dong 96-98 bo #
95 #Postfix smtp-auth
96 unix_listener /var/spool/postfix/private/auth {
97 mode = 0666
# va them 2 dong sau
user = postfix
group = postfix
98 }
# vi /etc/dovecot/conf.d/10-ssl.conf
dong 8 ssl = no # not require SSL
- Khm d<)ng dovecot

# systemctl start dovecot
# systemctl enable dovecot
Ki.Sm fr:.t
- -----·- ·--- r�r.
··-·- rAna
· - ·-,:,
21•6!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Phien Bin Thfr Nghifm - Luu Hanh Nqi Bq
TRUNG TAM DAO T�O M�G MAYTINHNHA.TNGH:f;
.....J:."'lle,t,
"ffrl: 1>61 TAC DAO T�O CUA MICROS0Ff T� Vlf;TNAM
105 Ba Huyen Thanh Quan, Q3, TP. HCM Mictosoft· Partner
A' A
Gold Leaming
[root@localhost -]# netstat-nltp I grep dovecot

# netstat -nltp I grep dovecot
tcp 0 0 0.0.0.0:993 0.0.0.0:* LISTEN 11119/dovecot
tcp6 0 0 :::993 ·...
··* LISTEN 11119/dovecot
tcp6 0 0 :::995 ...·*
·· LISTEN 11119/dovecot
tcp6 0 0 :::110 ··...·* LISTEN 11119/dovecot
tcp6 0 0 :::143 ··
...·* LISTEN 11119/dovecot
Cdu hinh outlook express cho ul

Cac tham sfJ duqc khai bao nhu hinh
j General l Servers i Connection Security!; Advanced

.,...,,,,,.._�,�-«....,,,
i! I
ffff.,,,,,.,,...,.,._��«·« • _____
Serverlnl01mation �·
----i J
Myincomingmailseivesia !imil.J server.
-- j
incoming mail {POP3}: 1 maitnhalnghe1 .com___ · ---··-··1 l l===·l
Outgoing mail (SMTPt �aiLnhalnghe1 .com __! f

_
Incoming Mai Server--· • ·- .... ,,....... ,,..
I
Account name:
Password:
,1
0 Log on using Secure PasswordAulheriticalion
@Remernbe! passwo«l l
0 utgoing Mai Server ····

0 My server requi,es authentication I t=:='=:1-.!:
�ontads_• __
d
I i
·-).,�- -- - _---�- -�::��-�--_-

Ul gai mail cho ul va u2
4.Webmail
Cai g6i
tmpwatch-2.1 l -5.el7.x86_64.rpm
squirrelmail-1.4.22-15.el7.noarch.rpm
# vi /etc/httpd/conf.d/squirrelmail.conf
23 # RewriteEngine on
24 # RewriteCond %{HTTPS} !=on
25 # RewriteRule (.*) https://%{HTTP HOST}%{REQUEST URI}
# vi /etc/squirrelmail/config.php
28 $domain = 'nhatnghel.com';
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!-,i11
Phien Ban Thir Nghifm - LllU Hanh N{,i B{,
-,..J:.'Jte,t,
r/,r'J;
TRUN9 TA¥ f>AO T�� M�NG MAY TiNHNHA! NGIQ:
B6I TAC BAO T�O CUA MICROSOFf T� VJ¥T NAM
Miclosoft· Partner
�", ..
NHAT NGH� Tel: 39.322.734 - 39.322.735 - Website: www.nhatn he.com
., A

Mo IE nh�p dja chi: http://192.168.l.101/webmail
From rm Date e Subject e

1w u2@11hatnghel.com 1:47 am Re: Microsoft Outlook Test :Message
u2@nhatnghe1.com 1:46 am ARe: Microsoft Outlook Test Messa.sze
tE'J �ficrosoft Outlook 1:45 amAMiaosoft Outlook Test Messaize
0 Mkros�f.!_Qll_�� ... ···-·· .. ·-·····--!:��--�- �:!i:crosoft Outlook Test Message_ ...
'
-
' ''°'•-·"-••"•- .,-.. • • ••' •• • • "•o _ _,_•••••• • 0 • '"''""""""' '"'' ,,,e, • ,.,,,., ••••••••-''"•••' ••-•=•-...._,,,_,_,,A,,,,,,,.,,,..,m..,,,H....H..,,.,,,.,.,,, -�-''<ell'"'"''"'"•••• < ""''''''''" .a,,,.,<,,, ••••• •••• ,,,_ -
n n
5. SMTP authe ticatio
Kiem tra g6i cyrus
[root@mayl -]# rpm -qa I grep cyrus
cyrus-sasl-lib-2.1.26-17.el7.x86_64
cyrus-sasl-devel-2.1.26-17.el7.x86_64
cyrus-sasl-2.1.26-17.el7.x86�64
cyrus-sasl-md5-2. l.26-17.el7.x86_64
cyrus-sasl-scram-2.1.26-17.e17.x86_64
cyrus-sasl-plain-2.1.26-17.el7.x86_64
cyrus-sasl-gssapi-2.1.26-17.el7.x86_ 64
# vi /etc/postfix/main.cf
Them vao cu6i file .
682 smtpd_sasl_type = dovecot
683 smtpd_sasl_path = private/auth
684 smtpd_sasl_auth_enable = yes
685 smtpd_sasl_security_options = noanonymous
686 smtpd_sasl_Iocal_domain = $myhostname
687 smtpd_recipient�restrictions =
permit_mynetworks,permit_auth_destination,permit_sasl_authenticated,reject
#vi /etc/postfix/master.cf
11 smtp inet n n smtpd
Them sau dong 11:
12 -o smtpd_sasl_auth_enable=yes
13 -o smtpd_reject_unlisted_sender=yes
14 -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject
15 -o broken_sasl_auth_clients=yes
21·�k�!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!ePebeieeneB!!!!!in!!!!!!TebeeN!!!!!!gebe
ifem!!!!!!-eetrU!!!!!!e eaenebeNee
o:i B o:!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
eee
L
fr H
111i1�
,, .
TRUNG TAM DA.O TAO MANG MAY TINHNIIAT NGHt;
D6I TAC DAO T�O CUA MICROSOFf T�I Vlt;T NAM
. - 39.322.735- Website: www.nhatnghe.com MICl'OSOft·Pa rtner
.G<J!ci Learning
Mail client phai check vao m\lc My server requi � 19L 1f,!l 1 1CJ1 Prnpi>rtlPs �..,�
authentication
#tail -f /var/log/maillog
Aug 9 19:20:34 localhost
postfix/smtpd[3643]: connect from
unknown[192.168.1.25] @R--d
Aug 9 19:20:34 localhost 01.ogonuu,g�...,.P--icn
postfix/smtpd[3643]: 381E1120F12:
client=unknown[192.168.1.25], IS�.,!
sasl_method= LOGI N, sasl_username=u1
oo�---
______j
6. Configure Postfix and Dovecot for SSL

Create own-created SSL Certificates
# cd /etc/pki/tls/certs
# make server.key
Enter pass phrase:123456
Verifying - Enter pass phrase:123456
remove passphrase from private key
# openssl rsa -in server.key -out server.key
# make server .csr
. # make server.csr
umask 77; \
/usr/bin/openssl req -utf8 -new -key server.key -out server.csr
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a ON.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
Country Name (2 letter code}[XX]:vn

State or Province Name (full name)[]:hem
Locality Name (eg, city)[Default City]:hcm
Organization Name (eg, company)[Default Compmy Ltd]:Nhatnghe
Organizational Unit Name (eg, section)[]:Daotao
Common Name (eg, your name or your server's hostname)[]:192.168.1.101
Email Address[]:
Please enter the following 'extra' attributes

to be sent with your certificate request
A challenge password[]:
An optional company name[]:
# openssl x509 -in server.csr -out server.crt -reg -signkey server.key -days 3650
Configure Postfix and Dovecot for SSL
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!9..,i19
Phien Ban Thir Nghifm - LU'U Hanh Nqi Bq
.J>A�-'Ttelft
"ffllf"J: _
TRUNG TAM DAO T�O M�NG MAY TINHNIIAT NGHE:
B6I TAC B.AO T�O CUA MICROSOFT T� �T NAM
Microsoft· Partner
�". ..
NHAT NGH� Tel: 39.322.i34 - 39.322.735 - Website: www.nhatn he.com
� A
<'.;;,;,l:5 Leaming
#vi /etc/postfix/main.cf
Them vao cu6i file:
smtpd_use_tis = yes
smtpd_tls_cert_file = /etc/pki/tls/certs/server.crt
smtpd_tls _key_file = /etc/pki/tls/certs/server.key
smtpd_tls _session_cache_ database = btree:/etc/postfix/smtpd_scache
Bo# cac dong
31 smtps inet n n smtpd
32 -o syslog_ name=postfix/smtps
33 -o smtpd_tls_wra,ppermode=yes
#vi /etc/dovecot/conf.d/10-ssl.conf
8 ssl = yes
14 ssl_cert = </etc/pki/tls/certs/server.crt
15 ssl_key = </etc/pki/tls/certs/server.key
Khoi d(>ng l�i cac service:

# systemctl restart dovecot
C!u hinh Mail client h6 trg ssl
4'= 192.168.1.101 Properties ':;Js}t8: :lti;l.!J�

. G,er�f��i I Co�tiori I s�\MiY �anc� 1
Seiver'Port Nu:n�;s ,-·-.:..-'-·-.----'::-··-·:_'""�:-- -:�- .
.·, Qutg��rraii(��TPf: � .·' '!,!seD�a�s·I
P" This �er ieguies a stieul� connection (SSL) .
. . !�g � {POP3); J995 . , '
Se(ver Timeouts -�----��•-----�---

,
-i----
"'
Short
Sern;fir,g ------�-.......,.-c-c----,-.--
r �re<lk a?<l\t m�age;_ l<l!ger than ]9iJ
Ch9n yes
226 Pbien Ban Thfr Ngbifm - Llfll Banh N9i B9

Men,
,.,
TRUNG TAM E>AO T�O M�G MAY TINHNHAT NG�
DOI TAC DAO T�O CUA MICROSOFT T� VJl;T NAM
� l 05 Ba Huyen. Thanh Quan, Q3, TP. HCM Nlictosoft·Partner
-��
,o: ..,
.
NHATNGHE· Tel: 39.322. 734 - 39.322.735 - Website: www.nhatnghe.com Go!d Learning
7. Web mail ssl

# vi /etc/httpd/conf.d/ssl.conf
I 00 SSLCertificateFile /etc/pki/tls/certs/server.crt
I 07 SSLCertificateKeyFile /etc/pki/tls/certs/server.key
# vi /etc�ttpd/conf.d/squirrelmail.conf
86 # tren cac dong
23 RewriteEngine on
24 RewriteCond %{HTTPS} !=on
25 RewriteRule (.*) https://%{HTTP HOST}%{REOUEST URI}
Nh�p 192.168. I. IO1/webmail
To:
> . .. · ·• · _· .·_· ._ . _· -•·. .· _.,··_. , :·.__··"-"--'....____--'°�--

-·INsox� k M<>v�YJ LJoi:y{clni.. I
1 �ad View. · . -. -
- -�--
-- - --
·"'· "\ . ..·-
• .---· -�,
Date tll Subject Ill
2:29amAdd
2:26am dddddd
2:25 am Re: Microsoft Outlook Test Messa2e
8. Reports
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!9.,i
TRUN9 TA� DAO TA.� MA.NG MAY TINHNHA! NGiq:
..,..4.J'..'1le"'
r/frl:. D6I TAC DAO T�O CUA MICROSOFf T� �T NAM
� � I 05 Ba Huy�n Thanh Quan, Q3, TP. HCM Miclosolt' Partner
NHAT NGHI; Tel: 39.322.734 - 39.322.735- Website: www.nhatn he.com
g
#mkdir /var/www/cgi-bin/awstats
#tar -zxvf awstats-7.3.tar.gz
# cd awstats-7.3/wwwroot/cgi-bin/
#mv awstats.model.conf awstats.postfix.conf
#cp -r * /var/www/cgi-bin/awstats
#cp . .I. ./tools/maillogconvert.pl /var/www/cgi-bin/awstats
#cd /var/www/cgi-bin/awstats
Sua file cau hinh
#vi awstats.postfix.conf
50: LogFile= "perl /var/www/cgi-bin/awstats/maillogconvert.pl standard <
/var/log/maillog I"
62: LogType=M
122: LogFormat="%time2 %email %email_r %host %host_r %method %url
%code %bytesd"
153 SiteDomain="nhatnghe.com"
203 DirData= "/var/www/cgi-bin/awstats"
239 AllowToUpdateStatsFrom Browser= 1
838-851: khai bao lai cac dong la gia tri 0
LevelForBrowsersDetection= O
LevelForOSDetection= O
LevelForRefererAnalyze=O
LevelForRobotsDetection=O
LevelForWormsDetection=O
LevelForSearchEnginesDetection= O
Leve IForFileTypesDetection= O
926 ShowMenu= 1
951 ShowSummary= HB
956 ShowMonthStats= HB
961 ShowDaysOfMonthStats= HB
966 ShowDaysOfWeekStats=HB
971 ShowHoursStats= HB
976 ShowDomainsStats=O
981 ShowHostsStats= HBL
986 ShowAuthenticatedUsers= O
991 ShowRobotsStats= O
1001 ShowEMailSenders=HBML
1006 ShowEMailReceivers= HBML
1011 ShowSessionsStats= O
1016 ShowPagesStats= O
1021 ShowFileTypesStats= O
1026 ShowFileSizesStats= O
1036 ShowOSStats=O
1041 ShowBrowsersStats= O
1051 ShowOriginStats= O
1056 ShowKeyphrasesStats=O
1061 ShowKeywordsStats= O
1066 ShowMiscStats= O
1071 ShowHTTPErrorsStats=O
1076 ShowSMTPErrorsStats= 1
222 Pbien Ban Tbfr Nghifm - LU'U Hanh N9i B{,

TRUNG TAM DAO T�O M�NG MAY TINHNlL\T NGHl:
..,,,L"'Jlefti B6I TAC BAO T�O CUA MICROSOFI' T� �T NAM
. "'ffrr
::4l"li..
..,
_, 105 Ba Huy�n Thanh Quan, Q3, TP. HCM
A
NHAT NGHe Tel: 39.322. 734 - 39.322.735- Website: www.nhatnghe.com

Nlicrosoft· Partner
C:oid Learning
Ti�n hanh phan tich maillog

#./awstats.pl -config=postfix
Gan quy�n cho apache

#chown -R apache /var/www/cgi-bin/awstats
#chown -R apache /var/log/maillog
http://www.nhatnghe1.com/cgi-bin/awstats/awstats.pl?config=postfix
Xem k�t qua
·--��,�-��-��._,,. _.,,,_,.,_,.,,=��·•WM.,,,��WWW-S>',''= 'A�,---·------ ·-,,,,,,.-�.,,,w= ·
. +, �
. ' '°
lll2l68.ll01.i<gi-binf•wnats/•wstats.pi?<onfig=pcstfix aw5tats73
"' C: J ,....................
"·-/·················································--············································································································· ············ . ······················································-·························-······················· ...........................,...........•4
'"'" •• •• •V•h�'"' ...,......,••v••V••••••
!.Lt:l.�Y 2015 • 22:QL Update now

AwstatsWebSite
May • 201S • OK
11.59 kB
ails successfully sent 10
(1.15 KB/Mails)
1ails failed/refused 0 0
_ J��th�_histct!Y.. .�, -.·c
Mails: Mails: Mails: Mails: Mails: lOSize: Mails: Mails: Mails: Mails: Mails: Mails: Mails:
OSize: 0 osize: o OSize: 0 OSize: O 11.59 KB OSize: 0 OSize: o OSize: 0 OSize: O OSize: O OSize: 0 OSiza: O
Jar, Feb Ma, Apr Hay Jun Jul Aug Sep Oct Nov Dec
2015 2015 2015 2015 2015 2015 2015 2015 2015 2015. 2015 2015
Month i.'.�]1��1�%1}1
Jan 2015 0 0
Feb 2015 0 0
Mar 2015 0 0
Apr 201S 0 0
Hay2015 10 11.59 KS
Nhfrn update d€ c�p nh�t

Chung thµc user khi xem maillog, them vao cu6i file /etc/httpd/conf/httpd.conf
<Directory "/var/www/cgi-bin">
AuthType Basic
AuthName "admin"
AuthUserFile "/etc/httpd/conf/password"
require user admin
AllowOverride None
Options None
Order allow,deny
Allow from all
</Directory>
T�o redirect
redirect /maillog http:/1192.168.1.101/cgi-bin/awstats/awstats.pl?config=postfix
#service httpd restart

T�o user
# htpasswd -c /etc/httpd/conf/password admin
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!5,i23
Phien Bin Thii' Nghifm -Lll'II Hanh Nqi B9
TRUNG TAM E>AO T�O M�G MAY TINH NHAT NG11¥
..-.A.J'.."Ee,t,
7ftr'J:. B6I TA.C BAO T�O CUA MICROSOFT T� VIl:T NAM
,., � 105 Ba Huy�n Thanh Quan, Q3, TP. HCM Miclosoft·Partner
NHAT NGH�
New password:
Re-type new password:
Adding password for user admin
Xem l�i thf>ng kS maillog: http://192.168;1.101/maillog
,/-.;.�i,,;;�,-�,;,..;;,;_�
·o�:-�··c·,··� [i] .........p search *F�es er�•�
-�-rllJ J"'
I
1��;/.L
!,!ser name:
E_assword:
0 Remember my password
i�
[ OK .) I Cancel
�ening page httpm: inl'ial:i'ial';n"1c�ii!'liii'ilawstaffl-�---"':"Wnn�1ernet .J
9. Anti spam
· Cai spamassassin
Cai cac g6i perl-*
spamassassin-3.3.1-2.el6.i686.rpm
vi /etc/postfix/master.cf
- SU'a dong 11:
smtp inet n - n smtpd
Dong 11 -o content_filter=spamassassin
C6 khoang trang dau dong,
#e-mail g6'i diln dich v1,1 smtp se g6'i d€ln cho spamassassin
- Them vao cu6i file dong:

spamassassin unix - n n pipe user-mail argv=/usr/bin/spamc -e
/usr/sbin/sendmail -oi -f ${sender} ${recipient}
Dung t�o service m6'i kieu unix trong file master.cf, dung gQi daemon pipe cua
postfix de phan phat e-mail, ra l(mh spamc de tiiln hanh quet mail (phat hien spam) sau d6
dung lenh sendmail gai mail ngU'Q'C tra l�i cho postfix
Kh6'i dong lai dich vu:

# systemctl restart spamassassin
# syst�mct! rsstart postf:x
224 Phien Bin Thfr Nghifm - L1lll Hanh N{H B9

?1He,,t,
,.,
TRUNG TAM E>AO T�O M�G MAY TiNHNIIAT NGIIt:
DOI TAC DAO T�O CUA MICROSOFT T�I �T NAM
"' 105 Ba Huyen Thanh Quan, Q3, TP. HCM Microsoft· Partner
::�1li-
� ...
NHATNGHc . - 39.322.735- Website: www.nhatnghe.com

· Tel: 39.322.734 Go;,; Leaming
spamassassin daemon se cha a cling 783
# netstat -nltp
Active Internet connections {only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PIO/Program name
tcp O O 0.0.0.0:110 0.0.0.0:* LISTEN 2057/dovecot
tcp O O 127.0.0.1:783 0.0.0.0:* LISTEN 2746/spamd.pid
tcp O O 0.0.0.0:143 0.0.0.0:* LISTEN 2057/dovecot
tcp O O 0.0.0.0: 111 0.0.0.0:* LISTEN 1400/rpcbind
tcp O O 10.0.0.1:53 0.0.0.0:* LISTEN 1516/named
U 1 gm 1 email khong c6 spam va 1 email c6 spam
Eile tdit ·l!'..ieW insert � !ools Message tie� · IJ!
ffl To: !ul@nhatnghet.com

fflCc:
Subject: Imai! co spam
spam ne
XJS*C4JOBQAON1. NS8N3'2IDNEN*GTUBE-STANDARD-ANT1·
UBE-TEST-EMAIL"C.34X
You should send this test mail from an account oujside of your
network.
Ch9n properties tren email thu 2, detail xem cac thong tin lien quan denvi�c test spam do
spamassassin chen vao header mail sau khi k�m tra xong
Tuang t\f, xem header mail cua email khong c6 spam
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!-,i2s
Phien Bin Thu- Nghifm -LtrU Hanh Nqi B9
TRUNG TAM DAO T�O M�NG MAY TiNHNIIATNG�
,.,.�:. 'Jl�
7flrr. D6I TAC DAO T�O CUA MICROSOFT T� �TNAM
--..,---E 105 Ba Huyen Thanh Quan, Q3; TP. HCM lllliclosoft Partner
NHAT NGH · Tel: 39.322.734 - 39.322.735-Website: www.nhatn he.com ".;;d:� Leaming
., �
'
w ..
-·······J: � ..... i ... · .. . .
Retum-Pelh: <u1@nhalnghe1.CQIII)
X-Original-To: u1@nhalnghe1.com
Oeliveled-To: u1@nhalnghe1.com
,A.·
;'1:
iC ·
I [SPAM] mail c6 spam . .
maA lchoni.i co spam · • 1
Received: by malmaln/lle1 .com [PostflX. from u;erid 8J
id8296gfjF195;Wed. 25Jl.i201211:44:36 +0700 p :;],
L'>
I
iX-Spam,Chec:ker-Version: S� 3.3.1 (2010-03-16} on;· ;�
··
I locatlc,atlocaldomain · . ,.;
+11
. �
OATE_IN_PAs I_w_til.bl<IM_ADSP_NXDOMAIN. -
:�==:=.s::;;;;:;::::;,;.::;__T ::�
version-3.3.1
• pam- epo,t
'-1.0ALL_TRUSTEO Pa;;ed throlq1 lrusledhoslt
' 0.8 DKIM_ADSP_�OMAJN No vaid a.ihcx $igr
' 1.1 DATE_IN_PAST_03_D60&te: is 3lo 6 hourst
'1000 GTUBE BODY: Generic T eit for Unso&caed E
' 0.0 HTML_MESSAGE BODY: HTML rdJded in rr
from ><P (rinov,n 11 92.168.1.2D
NEN"GTUBE-STANDAAD-ANTI-UBE-TEST-
. Me:;age Sooo:e...
from an account outside of your network.
OK j I Cancel
·
9 1 new rnessage(s)
User tv l9c spam

Tools, messages, mail
New Merli Rule ;:}II]
Select your Condlions and Actions fut. !hen $?eCilY the values in the Description.
1. Select the ,i;onditions for� rule:

i D Where the From &ne contains people
r· ···· ··--······ ····-···..··- __... ·--··--········· --····-··--··- · ..... .. .......... -·······-···················--··
I 6a Where the Sii,ject ine contains ,pecf,c words

! D Where the me:sage body contaim specific words
11:=l�!�".,r_"w:ie�.�r:ie��-- '"- - , , - -
2. Select lheactiom !or your rule:
:@-
i D Copy t to the tpecified folder
i D Delete a
I 9t°.""ar�� to. � _ ....
3. Rule Qescription {click on an undedined value to edf ai
Apply this l'lJle after the amves message
e the Slbject� contains TSPAMI
It to the �folder
4. Uame ol the r.Je;

�.Mail Rlk 111 _. ___.________..____ .__._____._····--·---·-·-··------·---·------·---
r OK ···11 Cancel ,
Ul gm 1 email khong c6 spam va 1 email c6 spam.

Mail thucmg se n&m trong folder Inbox
Mail c6 spam se n�m trong folder Spam
226 Phien Bin Thii- Nghifm - LU'U Hanh Nqi Bq

-AA
J'.."'Jten- TRUNGTAM DAO TAO MANG MAY TINHNHA.TNGHE
"flr'X D6I TA.C DAO T�O CUA MICROSOIT T� VIE;TNAM �1 "1,1,.,
I 05 Ba Huyen Thanh Quan, Q3, TP. HCM Mictosoft·Pa rtner

NHAT NG He Tel: 39.322. 734 - 39.322. 735 - Website: www.nhatnghe.com
K _
Gold Learning
� spdm · Outlook Express �i!�JXl

· · · ·•»
Create Mall
I+>
..�.eP'_Y__
I\'
Reply Al
�
Forward
� X � .j
��. L
1 .Thurac:Jl·�� rac �O'uhilh-··········· ,,, . ·.···· �" " �. C,C.wm"-··-""
-----.
Fdiiers
�OutlookExpr�--
-3 JJ. lJ' � From -. --�-·
. -· . JSPAM]mail�
! . S!Alject ···
�u1
E:J � local Folders
�-
i <&i
Inbox
..�Outbox
i ·. �Sent nems
· (JI Oeletednems (!)
. ��afts
I...
�ontacts ...
�ul
Original Message --
From: Y1
T11• 111 · ........
1 message(s), 0 unread .· .ll Worl<ing Onh · � No new messages
10. Amavisd -Antispam -Antivirus

Cai clamd
Cai cac g6i clam:
clamav-lib-0.98.6-l .el7.x86 64
clamav-update-0.98.6-l .el7.x86_64
clamav-server-0.98.6-l .el7.x86 64
clamav-scanner-systemd-0.98.6-l .el7.noarch
clamav-scanner- 0.98.6-l .el7.noarch
clamav-filesystem-0.98.6-l .el7.noarch
clamav-devel-0.98.6-l .el7.x86 64
clamav-0.98.6-l .el7 .x86 64
clamav-data-0.98.6-l .el7;noarch
clamav-server-systemd-0.98 .6-1.e17 .noarch
Cai, Update va start SpamAssassin

# sa-update
# systemctl start spamassassin
# systemctl enable spamassassin
CaiAmavisd
. Cai per!-* va cac file trong thu mvc per!
Cai clamav-* va cac file trong thu mvc c1amd
Cai spamassassin -* va cac file trong thu mvc clamd
Cai amavisd-* va cac file trong thu mvc amavisd
Cai theo Jenh yum amavisd-new

[c7-media]
name=CentOS-$releasever - Media
baseur]=file:///media/CentOS/
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!9-,i21
Phien Ban Thii' Nghifm - LU'U Hanh N{,i Bq
TRUNG TAM DAO T�O M�NG MAY TINH NBA.T NGB¥
.AA.J'..'Jle"' D6I T.A.C DAO T�O CUA MICROSOFT T�I VJ¥T NAM �..
"ff'l::'X
105 Ba Huy�n Thanh Quan, Q3, TP. HCM .-ICrOSOft' Partner,� �
NHAT NGH� Tel: 39.322.734 - 39.322.73-5-Website: www.nhatn he.com
.., A
r;;ok! Leaming
file:///media/cdrom/
file:///media/cdrecorder/
gpgcheck= l
enabled=O
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
mkdir /media/cdrom
mount /dev/cdrom /media/cdrom
yum --disablerepo=\* --:-enablerepo=c7-media groupinstall "Compatibility Libraries" -y
yum --disablerepo=\* --enablerepo=c7-media groupinstall "Development tools" -y
yum --disablerepo=\* --enablerepo=c7-media install perl-* -y
hoac
rpm -ivh epel-release-7-5.noarch.rpm
yum --enablerepo=epel -y install amavisd-new clamav-server clamav-server-systemd
Ciu hinh dam

# cp /usr/share/doc/clamav-server*/clamd.sysconfig /etc/sysconfig/clamd.amavisd
vi /etc/sysconfig/clamd.amavisd
1 CLAMD CONFIGFILE=/etc/clamd.d/amavisd.conf
. 2 CLAMD SOCKET=/var/run/clamd.amavisd/clamd.sock
# vi /etc/tmpfiles.d/clamd.amavisd.conf #create new file
Them dong sau:
d /var/run/clamd.amavisd 0755 amavis amavis -
# vi /usr/lib/systemd/system/clamd@.service
Them vao cu6i file
[Install]
WantedBy=multi-user.target
Dong 8 #Example
#freshclam
# vi /etc/clamd.d/scan.conf
8 #Example
85 LocalSocket /var/run/clamd.scan/clamd.sock
Khm d9ng clamd

# systemctl start clamd@amavisd
# systemctl enable clamd@amavisd
Ciu hinh amavis
# vi /etc/amavisd/amavisd.conf
20 $mydomain = 'nhatnghe.com';
96 $sa_kill_level_deflt = 6.9; # triggers spam evasive actions (e.g. blocks mail)
152 $myhostname = 'mail.nhatnghe.com';
154 $notify_method = 'smtp:[127.0.0.1]:10025';
155 $forward_method = 'smtp:[127.0.0.1]:10025';
228 Phien Ban Thir Nghifm - Llfll Hanh Nqi Bq

..AA.J'.:Jle,i,
"{IW:'X
TRUNG TAM £>AO TAO MANG MAY TINHNIIAT NGHE
1>61 TAC l>AO T�O CUA MICROSOFT T�I vq;T NAM
-:-�I,
...., ..,
I 05 Ba Huy�n Thanh Quan, Q3, TP. �CM Microsolt· Partner
_N_H_A"!"T_N _G_H_E· Tel: 39.322.734 - 39.322.735- Website: www.nhatnghe.com Gold Learning
Khcri d{>ng Amavisd

#systemctl start amavisd
#systemctl enable amavisd
Ciu hlnh postro:

#vi /etc/postfix/main.cf
Them vao cu6i file
content_filter=smtp-amavis:[127.0.0.1]: I 0024
Them vao cu6i fiJe
smtp-amavis unix - - n - 2 smtp
-o smtp_data_done_timeout=l200
-o smtp_send_xforward_command=yes
-o disable_dns_Iookups=yes
127.0.0.l:10025inet n - n - -smtpd
-o content filter=
-o local_recipient_maps=
-o relay_recipient_maps=
-o smtpd_restriction.:_classes=
-o smtpd_ client_restrictions=
-o smtpd_helo_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o mynetworks= l 27.0.0.0/8
-o strict_rfc821_envelopes=yes
-o smtpd_error_sleep_time=O
-o smtpd_soft_error_limit= I 00 I
-o smtpd_hard_error_liinit=l 000
Kiim tra
1. ul goi mail blob th1rimg
Cac user goi nh�n mail binh thm'mg, xem tr�ng thai cho bi�t mail da duqc quet virus, spam
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!S,i2
Phien Ban Thll' Nghiim - LllU Hanh Ni)i Bi) 9
7"1:'1:
·
..,.,.,J".."Re,c, TRUNG TAM DAO TAO MANG MAY TINHNIIAT NGHE
D6I TAC DAO T�O CUA MICROSOFT T�I \7q:T NAM �,�. ..
,.. � I 05 Ba Huy�n Thanh Quan, Q3, TP. HCM Miclosoft·Partner
NHAT NGH� Tel: 39.322.734 - 39.322.735 - Website: www.nhatncl1e.com
<'.'.it.>id Leaming
2. ul goi mail co spam
E.i1e Edit i'.ieW Insert Fi:,mat Iools f!lessage �

'�
,·,,r,::
l[J
Paste
@
Attach
l! . .
Priority
»
fflTo:
ft:ICc:
Subject: i;;;a11 co spam
XJS•C4JD8QADN1 . NS8N3"21DNEN"GTU8E-STANDARD-.A.NTI-UBE·TEST
EMAIL"C.34X
You should send this test mail from an account outside of your network.I
Ki�m tra mail: ul khong nMn dugc email do bi blocked
# tailf /var/log/maillog
May 14 00:30:53 localhost postfix/smtpd[31466]: connect from unknown[192.168.1.20]

May 14 00:30:54 localhost postfix/smtpd[31466]: 02E63E09BE:
client=unknown[192.168.1.20]
May 14 00:30:54 localhost postfix/cleanup[31469]: 02E63E09BE: message
! id=<000901d08dfe$c395d310$4acl 7930$@nhatnghe.com>
236 Phien Ban Thir Nghifm - Lll'II Hanh Nc)i B9

T�UN9TA¥ DAO T,:\(! M,:\NG MAY TiNHNHATNGHt:
...,,..l',."'.l'le,c, DOI
"ffll:'X TAC DAO T�O CUA MICROSOFT T� Vlf:T NAM
-:��Ii...
Microsoft·Partner
G,.;id Leaming
May 14 00:30:54 localhost postfi:x/qmgr[31452]: 02E63E09BE: from=<u2@nhatnghe.com>,

size=883, nrcpt=l (queue active)
May 14 00:30:54 localhost amavis[31272]: (31272-03) Blocked SPAM
{Discardedlnternal,Quarantined}, MYNETS LOCAL [192.168.1.20] :62295
<u2(a2nhatnghe.com> ->
3. ul giri mail co virus
Tuong t\I khi user goi file dinh kem c6 virus, email se bi block. User se khong nh�n dugc mail
May 14 00:39:10 localhost postfi:x/qmgr[3 l 452]: 05EFOE09BE: from=<ul @nhatnghe.com>,
size= l 204, nrcpt=l (queue active)
May 14 00:39:10 localhost postfi:x/smtpd[3 l 658]: disconnect from unknown[l 92.168.1.200]
May 14 00:39:10 localhost clamd[30853]: /var/spool/amavisd/tmp/amavis-
20150514T002652-31272-WIYekm66/parts/p004: Eicar-Test-Signature FOUND
May 14 00:39:10 localhost clamd[30853]: /var/spool/amavisd/tmp/amavis-
20150514T002652-31272-WIYekin66/parts/p002: Eicar-Test-Signature FOUND
May 14 00:39:10 localhost amavis[31272]: (31272-06) Blocked INFECTED (Eicar-Test
Signature) {Discardedlnternal,Quarantined}, MYNETS LOCAL [192.168.1.200]:1876
<ul @nhatnghe.com> -> <u2@nhatnghe.com>, Queue-ID: 05EFOE09BE, Message-ID:
<00820 I d08dff$eca29800$c801a8c0(a),nhatnghe.com>, mail id: WLu7okTjDv1W, Hit
11. Doc them

Kiim soat cac policy ciia Postfix
0
- Postfix h6 trg nhi�u policy d� ki�m soat qua trinh goi nMn mail rfit lii:ih ho�t.
:!. . . .. ��1:1��.� ....;(. ��!�.. l��CToEJ.?��s�tj
�mtpd. client restrictions··-- .. i@ptional ; [Reject all.client commands·-· .......... j
ils111tp��o r�stricfi°.1'1� ... ... .... ,,()pfio�•IR.eje��C)�(:).in�°.�tion . ...
!ls111tp� sendi::r r�stricti?1'1S . .... ;IClIJtional
[�tject �I� F�()Minfo�tioz.i
l�:ri�P? r,e_cipi,�t r�stri�tiori� . ;!��q�ed !�tje�t ��P.T_!Q -�f,°.�tioz.i . .. .
: lsmtpd eta�- restrictions ,, ___,_Jo�tionar [Reject DA!A c ommand-···· -·······- ":
!l�.!!l�B� en� ?� ��:e.�tric��s.:IOJ?fio�:[�tje.��9�=1?�!.ll,� o��····
:!5.1:11�P�. �E��tri��°.l'ls ....... . ...... . !Qpt.i��.'!��e�t .�!�� o��······
1
- C6 th� tim ki�m thong tin chi ti�t v8 cac policy nay & www.postfix.org. Trong ph�m vi cua
bai Jab, chi neu m9t s6 policy thong d1,mg.
- Danh gia dia chi sender, d� quy�t dinh c6 chfip nh�n mail hay khong:
smtpd_sender_restrictions c6 t� nh�n cac gia ttj sau:
check-sender-access
reject_ authenticated _sender_login_mismatch
reject_non_fqdn_sender
rejectJhsbl_sender rbl_domain =dddd
reject_ unauthenticated_sender _login_mismatch
reject_ unverified_sender
Vd: smtpd sender restrictions = reject unknown sender domain
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!�i31
Phien Ban Thir Nghifm - LtrU Hanh Nqi Bq
...,,..J',.'1le,t,
7111:X
TRUNG TAM DAO TtO MtNG MAYTINHNIIA.T NG�
D6I TAC DAO T�O CUA MICROSOFT T� \71l:T NAM .
..-ICIOSOft-Partner
�,� ·- ..
,., A
'3oh� Leaming
smtpd sender restrictions = reject unknown sender domain,
- Danh gia dja chi rcpt, d€ quyet djnh chuy@n mail:

smtpd_recipient_restrictions c6 the nh�n cac gia trj sau:
check_recipient_access
check_recipient_mx_access
permit_ auth_destination
reject_non_fqdn_recipient
reject_unauth_destination
reject_rhsbl_recipient rbl_domain=d.d.d.d
Vd: smtpd recipient restrictions = permit mynetworks, reject unauth destination

- Ki@m soat kich thu&c mailbox:
mailbox size limit
message_size_limit
- Kiem soat s6 rcpt nh�n mail d6ng thoi:

smtpd_recipient_limit
- Kiem soat s6 ket n6i d6ng thai, s6 lugng ket n6i d6ng thoi:
smtpd_client_connection_count_limit (default: 50)
smtpd_client_ connection_rate _limit (default: no limit)
smtpd_client_message_rate_limit (default: no limit)
smtpd_ client_recipient_rate_limit (default: no limit)
smtpd_client_new_tls_session_rate_limit (default: no limit)

smtpd_ciient_event_limit_exceptions (default: $mynetworks)
232 Phien Ban Thir Nghifm - Ltru Hanh N9i B9

7111:'X
TRUNq T� DAO T�(? M�G MAY TINHNHA.! NGHt;
-,..J:."'.lle,i,
1>61 TAC DAO T�O CUA MICROSOFT T� \Tq:T NAM
-::�l:i.
�"'
105 Bit Huyen Thanh Quan, Q3, TP. HCM
NHATNGHE· Tel: 39.322. 734 - 39.322.735. - Website:
., 4
. www.nhatnghe.com ArlCIOSOft·Partner
G,1ld Leaming
Topic16: Squid
Install Squid
Configure Squid
Acl, Rules and Cache Rules
Sarg - Squid Analysis Report Generator
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!J.,i33
Phien Bin Thir Nghifm - Lllll Hanh N9i Bq
..,,z.,ie,c,
TRUNG TAM E>AO Te,.O M�G MAY TiNHNIIAT NGl£E:
7111;:YJ; DOI TAC BAO T�O CUA MICROSOFT T� �T NAM
· lllrlCIOSOl't' Partner
I 05 Ba Huyen
NHATNGHE . .
,., A
<.,;,>i:� Leaming
• Tel: 39.322.734 - 39.322.735-Website: www.nhatnghe.com
Squid - Proxy server

1. Cai dJt Squid
Squid la ni{>t chucmg trinh Internet proxy-caching c6 vai tro tiep nh�n cac yeu cdu tir cac
clients va chuy�n cho Internet server thich hgp. D6ng thoi, n6 cung luu l�i tren d'ia nhfing du Heu
duqc tr.i v� tir Internet server gQi la caching.
Nhfing giao_thuc h6 trq tren Squid: HTTP, FTP, SSL, ...
Cai cac g6i h6 trq
perl-Compress-Raw-Zlib-2.061-4.el7.x86_64.rpm
perl-Compress-Raw-Bzip2-2.06l-3.el7.x86_64.rpm
perl-Net-Daemon-0.48-5.el7.noarch.rpm
perl-IO-Compress-2.06 l-2.el7.noarch.rpm
perl-PlRPC-0.2020-l4.el7.noarch.rpm
perl-DBI-1.627-4.el7.x86_64.rpm
perl-Digest-1.17-245.el7.noarch.rpm
perl-Digest-MD5-2.52-3.e17.x86_64.rpm
libecap-0.2.0-8.el7.x86_64.rpm
squid-3.3.8-12.el7_0.x86_64.rpm
Cai d�t g6i squid-3.3.8-12.el7_0.x86_64.rpm
2. Ciu hinh Squid CO' ban

# vi /etc/squid/squid.conf
55 #http_access allow localnet
59 http_port 3128
62 cache_dir ufs /var/spool/squid 1000 16 256
71 coredump_dir /var/spool/squid
74 cache mem 128 MB
8 acl localnet src 10.0.0.0/8 # RFCl 918 possible internal network

9 acl localnet src 172.16.0.0/12 # RFC1918 possible internal network
10 acl localnet src 192.168.0.0/16 # RFC 1918 possible internal network
52 http_access allow localnet

53 http_access allow localhost
59 http_access deny all
74 visible hostname lohost.localdomain
# systemctl restart squid

Cdu hinh client:
- Cdu hinh thong s6 cua proxy server
234 Phien Ban Thii' Nghifm - Ltr11 Hanh Nqi Bq

"/IW"J;
TRUNG TAM DAO T�O M�G MAY TINHNHA.T NGH:f:
..,,.,l'.."Jte,i,
DOI TAC DAO T�O CUA MICROSOFf T�I VltT NAM
-:�Ii-
�-,.
Mictosoft· Partner
Gold Learning
n Connection Settings x
Configure Proxies to Access the Internet

0 Noprox�
O Auto-detect proxy settings for this ne�ork
O Y.se system proxy settings
@[.Manual ph)xy'(:on�tlon:'"".. �- ,,,_,_,,......,..,._ , , <�
.,.,.,
HTTP ProXY: j 10.0.0.1 J fort: I

O U.s,e this proxy server for all protocols
SSL, Proxy: . PQrt: I O ti
fTP Proxy: Port: I o tJ
J;;iopher Proxy: Port: I O ti
SOQ<S Host: Port: I O J£:J
0 SOCKS v4 @ SOCKS �5
- Truy c�p internet thanh cong
ldii •·· xiew Hitory · �ks roor. t!elP ·

. !fie
.Jsi.venGerrard: Ketimsiv>�cua�Po .. W·, a• . . · · ··.' :., . ,,. .,,, '• .:· . . _... ... , ..,· . . . .... .: ..• .. ,.,.-: :, . .... ,. ...' •.,.,._. .. . • . ·"•·•'(\ . ,·, ·.•. -.. _. :.. :,• •..·• ,.,/ ·,.: ,. ·.. .
� 1123.188.0123 (/-NJ - 01211.233.3555 (TP HCM)
VN!li�EB�tf.!�t§
Btit tikng: Vi�! nt,;eu ng"'11 x&m nr:4t
Th� thao Bong Ila Trono nlJ'Oc Nagai hang .Anh Champions League La Uga Serie A C�c glai khac 24h
TMho, !9!&12C'5f11300MT•1 0 r::::am ,g. $0 Xem nhieu nhat

Steven Gerrard: Ke tlnh si vT dC?i cua
Liverpool
Gerrar<1 nhin <llf9'C sv, yeu m,n cua CDV, si,t ton tr9ng cua cac ngol Gay in tli(ilng vcfi si!'p!!!!
sao khong chl bo'i tal niing, ma con la tlnh yeu chung thuy vO'I ../ �11 noi tieng Anh Online
Uverpoot. HLV Trieu Tien �rn (le vi
./ 16 ca "9./ngay
ktiilng thi§ng CllJQC Viet
. c� 111,:u:;.;1
, 17 nam, mQt Ching illfong cua Gerrard 0- Llverpoot /'�lmg thar ctia Man Ul<I pt,a
hong nwGorrard cilia lay Uwrpuol Nam Q1e5 .I 100% GV Au Mg Uc
•cat rnach rnau cua t6i ra va b�n se thay toi chay mau ao cua Liverpool.
v6
Mess! toa sang glup
Barca �ch La a
3. Gioi hJn truy cJp internet

3.1 Gi6i hJn host truy cJp
Vd: cfun may 10.0.0.3 truy c�p inter net
Sira file /etc/squid/squid.conf
Them sau dong 51
acl deny_host src 10.0.0.3 10.0.0.10-10.0.0100
http_access deny deny_host

htto access allow localnet
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!9,i3s
Phien Ban Thir Nghifm - Ltru Hanh N9i Bq
TRUNG TAM DAO T�O M�G MAY TiNHNHATNGffl;
.J>A1"'1l� D6I TAC DAO T�O CUA MICROSOFT T� VJ1;T NAM
7fllfX � ,�-- ..
N I 05 Ba Huy�n Thanh Quan, Q3, TP. HCM 11/rlCIOSOlt'Partner
NHATNGHE· Tel: 39.322.734 - 39.322.735- Website: www.nhatn e.com
A
":J;�i:.l Leaming
gh
Truy cip web

.....
....file �dlt.... ... ·.�ew ... _. ....... .. ·· · -. .aookmarks
.... ............. _..HI� . ... ......... . ······.. ... .... .:roois-
· " .. . . ····.·.· Help
.. ..... . . .......· .. -. . ··.·
· .... -···, ... ···.··.>. ,.. .. .. ·. . ···.···-···.. .... . ·------· -·-'··-· .. ·... ._...........
a
....... . ·· · ·......... ,h,,,•• • •• • •••••
• 9 "' ft l•lhttp:JNnexpress.net/ vi l�lv!Gvvgi e ,-,

Iii Most Visited v !iJ Centos 1!J Wiki li1 Documentation fi! Forums
l=!!!!!B................----=-=o,q·· · · · · ··· ··· · · ······· · · · · · · ··· ·-··· ·
ERROR: The requested URL cou... l�·-''°'··· ·· · -·-·-··--··-···---····-··· ··· ·· ····-----··· · ··-···-· ·-···· ·-· ·--·-··-·:·· · · · ····-·--·-··· ____ :-:_
ERROR
The requested URL could not be retrieved
The following error was encountered while trying to retrieve the URL: http://ynexprnss net/
Access Denied.
Access control configuration prevents your request from being allowed at this time. Please contact your service
provider if you feel this is incorrect.
Your cache administrator is 02Qt.
Done
3.2 C�m truy cjp web site

Vd: cam truy cip trang ngoisao.net
Sira file /etc/squid/squid.conf
acl deny_host src 10.0.0.30

acl deny_web dstdomain ngoisao.net
http_access deny deny_web

·
· http access allow 1ocalnet
# systemctl restart squid.service

Truy c�p web
236 Phien Ban Thii' Nghifm - LllU Hanh Nqi Bq

Me,i, TRUNG TM1 DAO T�O M�G MAY TINHNIIAT NGffl:
B6I TAC BAO T�O CUA MICROSOFT T� VIt;T NAM
I 05 Ba Huyen Thanh Quan, Q3, TP. HCM Microsoft·Pa rtner
-:�11�
'>I,,,

� A
Gold Learning
I
ti iil / http://ngoisao.net/
llJMostVisitedv �centos ii!Wiki li)Documentation [i)Forums
� ERROR: The requested URL •• )C ,��!�.�,.�J-�... . -.. - ""'" '""" "'" V
ERROR
The requested URL could not be retrieved
The following error was encountered while trying to retrieve the URL: http:Qngoisao.netl
Access Denied.
Access control configuration prevents your request from being allowed at this time. Please contact your service
provider if you feel this is incorrect.
Your cache administrator is aJ.2t.
Geoerated Wed, 25 Jul 2012 12:52:54 GMT by lo.:al!Jost.locaidomaln (squid/3.1.10)
Done
E>� d.m nhiSu web site, sua l?i nhu sau
acl deny_host src l 0.0.0.30

acl deny_web dstdomain "/etc/squid/denyweb"

htto access allow localnet
# service squid restart

S9an file chCra cac web bi d.m
# vi /etc/squid/denyweb
.ngoisao.net
.24h.com.vn
.zing.vn
3.3 Chi cho troy c,p 1 s6 trang web

Vd: cfrm truy c�p trang ngoisl:!,o.net
Sfra file /etc/squid/squid.conf

acl allow_web dstdomain "/etc/squid/allowweb"

http_access allow allow_web
# http access al1ow localnet
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!9-ii37
Phien Ban Thfr Nghifm - Luu Hanh Nqi Bq
1flil�
,.,
TRUNG TAM DAO T�O M�NG MAY TiNHNIIAT NG�
D6I TAC D.AO T�O CUA MICROSOFT T� VJl;T NAM
� 105 Ba Huy�n Thanh Quan, Q3, TP. HCM
�,.
,� ""
Miclosoft·Pa rtner

SQan file chua cac web duqc phep
# vi /etc/squid/allowweb
.vnexpress.net
.nhatnghe.com
Truy c�p web kiem tra
3.4 Gioi h9-n giir troy cjp

Trong gia lam vi�c, chi dugc truy c�p vnexpress.net, nhatnghe.com
Ngoai gia khong gioi h�n
Sua file /etc/squid/squid.conf

acl sang time MTWHF 8:00-12:00
acl chieu time MTWHF 13:00-17:00
acl trua time MTWHF 12:00-13:00

http_access allow allow_web sang
http_access allow allow_web chieu
http_access allow trua
# http access allow localnet

E>i)t gia cua server trong gia lam vi�c
# date -s "7/25/2012 16:00"
Truy c�p thanh cong 2 trang web: .vnexpress.net, .nhatnghe.com
E>i)t gia cua server ngoai gia lam vi�c

# date ...:s "7/25/2012 12:30"
Truy c�p web khong gioi h�n
Chu thich:
. s la chu nh�t; M la thu 2 ;T la thu 3; w la thu 4; H la thu 5; Fla thu 6; A la thu 1
3.5. Gioi h9-n nc}i dung file download
- T�o file chua cac phdn ma r(>ng cac files dn gi6i h�n download
# vi /etc/squid/denydownload
\.mp3
\.exe
\.vbs
\jpg
238 Phien Ban Thir Nghifm - LU'U Hanh N{>i B{>

TRUNG TAM DAO T�OM�G MAY TiNHNHATNGffl:
-:�iii-
--,.,---A
...A.J'.."lte,i..
"'/ftr'I,; DOI TAC DAO T�O CUA MICROSOFT T� Vlf:TNAM ",.,
MiclOsoft·Partner
Goid Learning
- Sua file du hinh:

acl sang time MTWHF 8:00-12:00
acl chieu time MTWHF 13:00-17:00
acl trua tirneMTWHF 12:00-13:00
acl deny_file ur]path_regex "/etc/squid/denydownload"
http_access deny deny_ web

http_access deny deny_file
http_access allow allow_web sang
http_access allow allow_ web chieu
http_access allow trua
http_ access deny deny_host
# http access allow localnet
3.6. Chll'llg thl}'c user troy cj.p

- Cai g6i httpd-too]s-2.4.6-31.el7.centos.x86 _64.rpm
- Stia file du hinh:
26 auth_p aram basic program /usr/lib64/squid/basic_ncsa_auth /etc/squid/squid

passwd
acl ncsa_users proxy_auth REQUIRED

http_access allow ncsa_users
- T�w file danh sach user

# htpasswd-c /etc/squid/squidpasswd hvl
# htpasswd /etc/squid/squidpasswd hvl
- Truy c�p web site
The proxy 10.0.0.1:3128 is requesting a usemame and password. The site says, "Squid
proxy-caching web server•
User Name: hvli i
Password: · .
..
•_•_el'-------------------'---'
vendors redistribu�on policy and aims to be l 00% binary compatible. (C.mtos mainly changes
packages to remove upstream vendor branding and artwork.)
Centos is developed by a small but growing team of core developers. In turn the core developers
are supported by an active user community including system administrators, network
administrators. enterprise users, managers, core Linux contributors and Linux enthusiasts from
around the worid.
1!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!.,i39
Phien Bin Thir Nghifm - LllU Hanh N9i Be)
TRUNG TAM DAO T�O M�NG MAY TiNHNHA.T NGffl:
�A.J'.."'lle,t, '1>61 TAC BAO T�O CUA MICROSOFf T� VQT NAM -r4rJ,.
7,rrJ; ll/licroSOlt· Partner
,� µ

NHAT NGH� Tel: 39.322.734 - 39.322.735- Website: www.nhatnghe.com f�,;,fr: Leaming
4. Bao cao th6ng ke troy cap

Cai cac thu vi�n va tool d.n"thi�t (sh install.kernel.6.2.txt)
Giai nen sarg
#tar -zxvf sarg-2.3.1.tar.gz
. #cd sarg-2.3.1
Ti�n hanh bien djch
./configure
make
make install
Cdu hinh sarg
# vi /u�r/local/etc/sarg.conf
7 accessJog /var/log/squid/access.log
120 output dir /var/www/html/squid-reports
136 user_ip yes ; no; hi�n thj user
293 report_type topusers topsites sites_users users_sites date_time denied auth_failures
site user time date downloads
Ti�n hanh phan tich

#sarg
Xem bao cao

http:/1192.168.1.21/squid-reports/
Squid User Access Report
FILE/PERIOD !CREATION DAT£ I USERS!BYTES !AVERAGE!

2015May1S-2015May19!Tue 19 May 2015 04::34:44AM EDTI� 17,07Mj S.53MI
Generated by sarg·2..3.i Sep·l.8·2010 on May/19/2015 04:34
Ch9n ngay dn xem
JJ Squ1'd Ana I ys1s

·
. Report Generator
Top sites
Sites &Users
Denied accesses
Authentication Failures
�..JusERto· ltONNEq!aYTES.1-v.arnsj iN<AotE-ou'r jELAPSEDnHEjMIUiSEC j'VDTIME I

___!]� 10.0.0.20 I 637113.21MI 77.Jso/ol t,S4%19s.16%! 01:21:2sj4.sss.so9!74.07%1
�� 10.0.0.120! 7371 3,86MI 22,62°hl t2,60%jS7AO%! oo:2s:30l 1.110.so7l2s.93%!
TOTAL' I· u1Kj 11.-01MI 4.21itt.! 95,73..,.;j · D1i4D:56! 6..596.3io!
AVERACE I 6371 8.S3MI 00:54:581 3.298.1581
Generated by sarg·2,3.1 Sep-18-2010 on May/19/2015 04:34
246 Phien Ban Thii' Nghifm - Llfll Hanh Nqi Bq

TRUNG TAM BAO T�O M�NG MAY TiNHNBAT NGHf:
....AJ'.."'lte,t, D6I TAC DAO T�O CUA MICROSOFT T� V:Q:T NAM
rffllf'X
-::�J�
�,.,
,,. � 105 Ba Huyen Thanh Quan, Q3, TP. HCM

NHATNGHE• Tel: 39.322. .734 - 39.322.735 - Website: www.nhatnghe.com
Mictosoff·Partner
Go!d Leaming
ChQn client d.n xem
9
Squid Analysis Report Generator
ACCE5S£O mE' I COHHECl''lfflS .· 1 �Ylis .. "lll�ur £UJISEO TIME! Miti.tSEcl 'ii.TIHE I

Eiil m,f.29,img.vnecdn.net : 8 1.0SM 27,21% 1.54% 98.46% 00,00,09 9,581 O,S6o/o
Ell st.polyacl,net 55 409,38K 10,60% 18.87%1 81,13% 00,00111 11,025 0,64'Mt
" customers.fptacl,com 2 294.141( 7.61%' 0.00% 100.00% 00,00,01 1 . 353 0.08%
Ell webapl-fwe-scoraboud,sporulluh.com,au 7 274.38K 7,10% 0,00% 100,00% 00,00,11 11,734 0,69o/o
;
statlc.ecllclc.vn I 24j227.431Cj S ,89% 0.00% 100.00% 00,00,osj 5,5671 0,330/ij
s.f.30,img;vnecdn.n et
I 26 118.0LKI 4,61% 45,9 7% 54.03%' 00,00,041 4,8861 0.29%1
-="+I s.f.3_
_ 1.i_m�9,_vn_e_cd_ n .n_ e1:
_____ ---l[�j
j 6j H0.19Kj 3,63%1
1
_ +j _ 66
1 48.56Kj 3 ,8S%j_3_ 3._ 3 _6% _ 4_%
_ .6
0.00% 100.00%1
......I___ _ o _,o_s+l _s_,3 _131. 0.31%1
oo _,o
oo,oo,02! 2.ts3j 0,13%1
---l
�""""Press.net
,f3_ 6_.im_9_.v_n_ec_d.n_ _ ne_
_Eii...,..lc_ l_ t _____.,..l __1__,j 122.9 7Kj 3,18%! 13.10% 86.90% 00:00:02! 2,491j 0,15%1
� s.1'29 .lmg,vnecdn .net I 1s! 12.2.S1KI 3, 17%j 49,96%! 50,04%1 00:00:01 j 1,611! 0,09%1
Ell s.(32.im .vnecdn.net 12 117 .18K 3.03% 31.2B%j 68.72% 00:00:03! 3.042! 0,18%1
5. Configure Squid + Clam

#cd clamav
# rpm -ivh *
# cp /usr/share/doc/clamav-server*/clamd.conf /etc/clamd.d/squid.conf
# vi /etc/clamd.d/squid.conf
8 #Example
14 LogFile /var/log/clamd.squid
66 PidFile /var/run/clamd.squid/clamd.pid
70 TemporaryDirectory /var/tmp
85 Loca]Socket /var/run/clamd.squid/clamd.sock
101 TCPSocket 3310
195 User squidclamav .
#useradd -d /var/tmp -s /sbin/nologin squidclamav

useradd: warning: the home directory already exists.
Not copying any file from skel directory into it.
# mkdir /var/run/clamd.squid
# chown squidclamav. /var/run/clamd.squid
# cp /usr/share/doc/clamav-server*/clamd.sysconfig /etc/syscon:fig/clamd.squid
# vi /etc/sysconfig/clamd.squid
I CLAMD_CONFIGFILE=/etc/clamd.d/sqtiid.conf
2 CLAMD_SOCKET=/var/run/clamd.squid/clamd.sock
# vi /etc/tmpfiles.d/clamd.squid.conf
d /var/run/clamd.squid 0755 squidclamav squidclamav -
# vi /usr/lib/systemd/system/clamd@.service
Them vao cu6i file
[Install]
WantedBy=multi-user. target
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!�i4I
Phien Ban Thfr Nghifm - Lffll Hanh Nqi B9
Men,
,..,
TRUNG TAM DAO T�O M�NG MAY TiNHNHA.T NGff¥
DOI TAC DAO T�O CUA MICROSOFT T� VJl;T NAM
105 Ba Huy�n Thanh Quan, Q3, TP. HCM Mic,osolt- Partner
NHAT NGH� Tel: 39.322.734 - 39.322.735-Website: www.nhatn ,.;.;::,.It! Leaming
ghe.com
Dong 8 #Example
#freshclam
# touch /var/log/clamd.squid
# chown squidclamav. /var/log/clamd.squid
# chmod 600 /var/log/clamd.squid
# systemctl start clamd@squid
# systemctl enable clamd@squid
Install c-icap.
c-icap is an implementation of an ICAP server. It can be used with HTTP proxies that support the
ICAP protocol to implement content adaptation and filtering service
# yum -y install gee make
#curl -0 http://ftp.jaist.ac.jp/pub/sourceforge/c/project/c-/c-icap/c-icap/0.3.x/c icap,-0.3.5.tar.gz

#tar-xzvf c_icap-0.3.5.tar.gz
# cd c_icap-0.3.5/
# jconfigure
#make
# make insta11
# cp /usr/local/etc/c-icap.conf /etc
# vi /etc/c-icap.conf
140 ServerAdmin admin<@nhatnghe.com
149 ServerName localhost.localdomain
514 Service squidclamav squidclamav.so
# vi /etc/trnpfiles.d/c-icap.conf
d /var/run/c-icap 0755 root root -
. # vi /etc/rc.d/init.d/c-icap
#!/bin/bash
# c-icap: StarUStop c-icap

# chkconfig: - 70 30
# description: c-icap is an implementation of an ICAP server.
# processname: c-icap
# pidfile: /var/run/c-icap/c-icap.pid
. /etc/rc.d/init.d/functions
. /etc/sysconfig/network
CONFIG_FILE=/etc/c-icap.conf
PID_DIR=/var/run/c-icap
RETVAL=O
start() {
echo -n $"Starting c-icap:"
daemon /usr/local/bin/c-icap -f $CONFIG_FILE
RETVAL=$?
echo
[ $RETVAL -eq OJ && touch /var/lock/subsys/c-icap
return $RETVAL
I �toeo <
242 Phien Ban Thir Nghifm - Laro Hanh N{H B{>
......:L"Jleft, TRUN<J TA� DAO T � M NG MAy TINH NBA.! NG
� � Hl:
.,{frX B6I TAC BAO T�O CUA MICROSOFf T�I �T NAM �\
�"'
J 05 Ba Huy�n Thanh Quan, Q3, TP. HCM Afictosoft·Partner
., A
Goid Leaming
echo -n $"Stopping c-icap: "

killproc c-icap
rm -f /var/run/c-icap/c-icap.ctl
RETVAL=$?
echo
[$RETVAL -eq O] && rm -f$P1D_D1R/c-icap.pid /var/lock/subsys/c-icap
return $RETVAL
}
case "$1" in
start)
start
..,,
stop)
stop
..
,,
status)
status c-icap
..
,,
restart)
stop
start
..
,,
*)
echo $"Usage: $0 {startjstopjstatusjrestart}"
exit 1
esac
exit$?
#chmod 755 /etc/rc.d/init.d/c-icap

Install SquidClamav
#curl -L -0 http://downloads.sourceforge.net/project/squidclamav/squidclamav/6.11/sguidclamav-
6.11.tar.gz
#tar xzvf squidclamav-6.11.tar.gz

#cd squidclamav-6.11
# ./configure --with-c-icap
#make
#make install
# In -s /usr/local/etc/squidclamav.conf /etc/squidclamav.conf
#vi /etc/squidclamav.conf
7 redirect http:/1192.168.L101/error.html
26 clamd_local /var/run/clamd.squid/clamd.sock
#echo "<hl>Error! virus detected<.lh I>"> /var/www/html/error.html

#mkdir /var/run/c-icap/
#systemctl start c-icap
#chkconfig --add c-icap
#chkconfig c-icap on
chu y: cdu hinh squid chfrng thµc user
Them vao cu6i file:
icap_enable on
icap_send_client_ip on
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!l!!!!!!!l!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!l!!!!!!!!!!!!!!!!!!!!!!!!-,i43
Phien Ban Thir Nghifm - L1r11 Hanh N{H Bq
TRUNG TAM DAO T�O M.e.NG MAY TiNHNHA.TNGffl:
,.,.I."'.lte"'
"/111(:J; D61 TAC B.AO T�O CUA MICROSOFf T� \'llT NAM
105 Ba Huyen Thanh Quan, Q3, TP. HCM Miclosolt" Partner
·NHATNGHE· Tel: 39.322.734 . - 39.322.735- Website: www.nhatn he.com
• ,., A
.-_,;,;.jd Learning
icap_send_client_usemame on
icap_client_usemame_header X-Authenticated-User
icap_service service_req reqmod_precache bypass= l icap://127.0.0.1:1344/squidclamav
adaptation_access service_reg allow all
icap_service service_resp respmod_precachebypass= l icap://127.0.0.1:1344/squidclamav
adaptation_access service_resp allow all
# systernctl restart squid

Client truy cap http://eicar.org, thu download
C l [j www�eicar.org/85-0-Download.html
---�·· ·--------'---""
-·--'--�-�--'-"�--'-�---"-'
' ' •o•V°' .•••• •�•••• •••-
:-• ••=••••••••
"''. ..c..
' •-• • •
v•--•••••-• ··-
�---
---''"'-
Error! Virus Detected!
6. Configure Squid + SquidGuard to set contents filtering

#yum --enablerepo=epel -y install squidGuard
Ho�c cai 2 g6i
perl-DB_File-1.830-6.el7.x86_64.rpm
squidGuard-1.4-20.el7 .1.x86_64.rpm
# mv /etc/squid/squidGuard.conf /etc/squid/squidGuard.conf
# vi /etc/squid/squidGuard.conf
5 dbhome /var/lib/squidGuard/db
6 logdir /var/log/squidGuard
Them vao cudi file:
dest deny {
domainlist deny/domains
urllist deny/urls
}
acl {
default {
pass ! deny all
redirect http://www.nhatnghe.com
}
}
# mkdir -p /var/lib/squidGuard/db/deny
# vi /var/lib/squidGuard/db/deny/domains
ngoisao.net
bongda.com.vn
# vi /var/lib/squidGuard/db/deny/urls
244 Phien Bin Thii' Nghifm - LU'U Hanh Nqi Bf}

,. TRUNG TAM E>.AOT�OM,:\NG MAY TINHNBAT NG�
11L,-i,,eJC,
r/fllf'J: l>OI TAC BAO T�O CUA MICROSOFT T,M �T NAM
--.-
tt-- J 05 Ba Huy�n Thanh Quan, Q3, TP. HCM
Microsoft Partner
Gold Leaming
www.tuoitre.com.vn
www.micorosoft.com/mcp
# squidGuard -b -d -C alJ
# chown -R squid. /var/Jib/squidGuard/db/deny
#cd /var/squidGuard/
#tar xzvf blacklists.tar.gz
# chown -R squid /var/squidGuard/blacklists
!1!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!9,245
Phien Ban Thtr Nghifm - LU'U Hanh N9i Bq
Mel"
TRUNG TAM f>AO TtO M�G MAY TINHNIL\T NGIQ:
DOI TAC DAO T�O CUA MICROSOFT T� Vq:T NAM
ff . � 105 Ba Huyen. Thanh Quan, Q3, TP. HCM lllliclosolt· Partner
NHATNGHc .
Topic 17: System·- Network Security

Iptables - Shorewall
Setup a transparent proxy with Squid
_ Network Security Scanning
Network Monitoring
248 Phien Bin Tbir Nghifm - L1r11 Hanh Nqi Bq

...,..,1'1tefC,
r/flrI .
TRUNG TAM E>AO T�O M�G MAY TiNHNlIAT NGffl:
DOI TAC DAO T�O CUA MICROSOFT T�I yUT NAM
-.:��l,..,
----- 105 Ba Huy�n Thanh Quan, Q3, TP. HCM
NHAT NGHe Tel: 39.322.734 - 39.322.735- Website: www.nhatns!Je.com llllictosolt· Partner
Goid Leaming
Firewall Local Security

1. Cai djt IPTABLES
firewal1d-0.3.9-1 1.el7.noarch
firewa11-config-0 .3 .9-1 1.el7.noarch
Kh(ri dQng firewal1
systemctl start firewalld
systemctl enable firewalld
Ciu true firewall
kernel (netfilter)
Ciu hinh firewa11

# firewa11-config
!!!!!1!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!,i41
Phien Ban Thtr Nghifm - LtrU Hanh Nqi Bq
TRUNG TAM DA.O T�O M�G MAY TiNHNIIAT NGHf:
....AL""ll�
"/frX DOI TAC DAO T�O CUA MICROSOFT T� vrf:T NAM
-�.---- 105 Ba Huyen Thanh Quan, Q3, TP. HCM Miclosoft'Partner
NHATNGHc ,..
• Tel: 39.322.734 - 39.322.735 - Website: www.nhatnghe.com
Firewall Configuration
File Options . View· Help
Conflgunatlon: LR�,��'Th�•;cf,,. ,,rJ

J Zones \a•®c�i
' A firewalld zone defines the level of trust for network connections, interfaces and source addresses bound to the zone. The
I;1 zone combines services, ports, protocols, masquerading. port/packet forwarding, icmp filters and rich rules. The zone can be
bound to interfaces and source addresses.
I zone
I :;
i, block
you can define which services are trusted in the zone. Trusted servises are accessible from
all hosts and networks that can reach the machine from connections, interfaces and sources bound
to this zone.
l l e�ternal
11home
•1 · ' postgresql
i: internal
I,
1• ,.., proxy-dhcp
,.., radius
public
trusted
" RH·Satellite-6
i work
r, rpc-bind
'' samba
' ' samba-dient
smtp
Connected. Default Zone: ublic lockdown: disabled Panic Mode: disabled
Ltru du hinh firewall: Option, Runtime to Permant
. File Options View Help
Conf Reload Firewalld
· Change Zones of Connections ... >

,{;:
Zo
Change Default Zone
·k connections, interfaces an
,� I
l A fir
I zorn ng, port/packet for.varding,
I boui Panic Mode
I Lockdown
I bto
Runtime To permant 1. ��jg�J;ei::�t2J
I dmz i I Add additional ports or port ranges, which need to b
; 11 connect to the machine.
2. Zone management
Gi6i thi�u cac zone
drop Any incoming network packets are dropped, there is no reply. Only outgoing
network connections are possible. �� _
block Any incoming network connections are rejected with an icmp-host-prohibited
248 Phien Ban ThirNghifm-Llfll Hanh Nqi Bq

TRUNG TAM DAO T�O M�NG MAY TiNH NRAT NGffl
-.AL9Jleft,
7,rx BOI TAC BAO T40 cirA MICROSOFT T41 VJt;T NAM
__ff___ 105 Ba Huy�n Thanh Quan, Q3, TP. HCM
NHAT NGHe Tel: 39.322. 734 - 39.322.735 - Website: www.nhatnghe.com . G,1:id Leaming
message for IPv4 and icmp6-adrn-prohibited for IPv6. Only network

connections initiated from within the system are possible.
public For use in pub1ic areas. You do not trust the other computers on the network to
not harm your computer. Only selected incoming connections are acct:pted.
external For use on external networks with masquerading enabled especially for routers.
You do not trust the other computers on the network to not harm your
computer. Only selected incoming connections are accepted.
work For use in work areas. You mostly trust the other computers on networks to not
harm your computer. Only selected incoming connections are accepted.
home For use in home areas. You mostly trust the other computers on networks to not
harm your computer. Only selected incoming connections are accepted
internal For use on internal networks. You mostly trust the other computers on the
networks to not harm your computer. Only selected incoming connections are
accepted.
trusted All network connections are accepted.
• All network interfaces can be located in the same default zone or divided into different ones
according to the levels of trust defined
• By default, "pub1ic" zone is applied with a NIC and dhcpvfrclient and ssh are allowed. When
operating with "firewall-cmd" command, if you input the command without "--zone==***"
specification, then, configuration is set to the default zone.
HiSn thj default zone

# tirewall-cmd --get-default-zone
public
.,.,Xem danh sach cac zone da gah vao interface
# firewall-cmd --get-active-zones
public
interfaces: eno 16777736 eno33554984
Xem ·danh sach cac zone sin c6
# firewall-cmd --get-zones
· block dmz drop external home internal public trusted work
Xem thong tin chi tiet v� zone public
# firewall-cmd --zone==public -""list-all
public (default, active)
interfaces: eno 1 6777736 eno33554984
sources:
services: dhcpv6-client ssh
ports:
masquerade: no
forward-ports:
icmp-blocks:
rich rules:
Gan zone cho ethO, eth 1
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!9,i
Phien Ban Thir Nghifm - LU'U Hanh N9i B9 49
TRUNq TA.� DAO T�� M�G MAY TINHNIIA! NG�
..:J..'1te,f, 1>61
7,r'J;. TAC BAO T�O CUA MICROSOFf T� vq:T NAM·
----- 105 Ba Huy�n Thanh Quan, Q3, TP. HCM Mic,osoft' Partner
NH,{T NGH$ Tel: 39.322. 734 - 39.322.735 - Website: www.nhatnghe.com
# firewall-cmd --zone=external --change-interface=eno16777736

# firewall"."cmd --zone=internal--change-interface=eno33554984
Xem ltri
# firewall-cmd --get-active-zones
internal
interfaces: eno33554984
external
interfaces: eno16777736
. Xem cac zone dang gan vao interface
# firewall-cmd --get-zone-of-interface=eno16777736
External
# firewall-cmd --get-zone-of-interface=eno33554984
internal
Ho�c
File I Option� ! View Help
Reload Firewalld
Con1:
onnections
eno16777736 (enol6777736)
A1ir; Zone: �Aternal bou
zon, Panic Mode 1 rulE:
bour ifcfg-Wired_connection_l (eno3 3554984
Lockdown Zone: intern>!
;_�ic:t
Zon
ra n
Runtime To permant r��E! �i �L�?��.f��.v: �i.�.9jl�fl.1e �il�er.
ar
blo.
· ··· : j Add entries t� bi�d i�terfaces to the zone. If the interface will be used by a c
dmz
: ! will'""be··set ·to the"' zone
--·-· ,
specified in the connection.
... ,.. - -- ·
I drop
! external
Ii
I /nt;;rface C,,mm0nt
"
.1
!home
i[
3. Service management
Sau khi gan m6i interface cho m{>t zone, ti�p theo c6 th� them cac services cho tung zone.
To allow the http service permanently in the internal zone, type:ch zone.
Cho cac may hen trong troy �p web 4ti firewall

# firewall-cmd --permanent --zone=intemal --add-service=(http,https)
success
· # firewall-cmd -reload
#systemctl restart httpd
Chi cac may hen trong truy c�p duqc web http://10.0.0.1
Cho tir ben ngoai truy �P web t�i firewaii
2:fo Phien Ban Thii' Nghifm - LU11 Hanh N{H B{>

_.,,1'1l
TRUNG TA.M DAO T�O M�G MAY TiNHNRAT NG�
"fl,r'J; � 1>61 TAC f>AO T40 CUA MICROSOFI' T41 VQ:T NAM �' "\'!.,
----- 105 Ba Huy�n Thanh Quan, Q3, TP. HCM AficlOsoft·Partner
NHAT NGH� Tel: 39.322.734 - 39.322.735- Website: www.nhatnghe.cotn Goid Learning
# firewall-c�d --zone=extemal --add-service=http ;khong d.n phai reload, m{ic djnh la

runtime
Success
Cac may hen ngoai truy �P dugc web http:l/192.168.1.102
# firewall-cmd --list-services --zone=intemal

dhcpv6-client http ipp-client mdns samba-client ssh
# firewall-crnd --list-services --zone=extemal
http ssh
#firewall-cmd --list-services
dhcpv6-client ssh
Configuration: [ Runtill)E! .•• ,':" J

.
---·--·-···"�·····-,
I Services ,i
c··' 'ijfrlf' · it&ii£id.... ·� ..
J A firewalld zone defines the level of trust for network connections, interfaces and source addresses bound to the zone. The
I zone combines services, ports, protocols, masquerading, port/packet forwarding, icmp filters and rich rules. The zone can be
! .bound to interfaces and source addresses.
Ga bo service
#firewa11-cmd --zone=extemal --remove-service=http
4. Masquerading
D� cdu hinh masquerading tren external zone
#. firewall-cmd --zone=extemal --add-masquerade

Quan sat GUI
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!�251
Phien Bin Thir Nghifm -LU'U Hanh Nqi Bq
-A1'1le,t,
"ffrx .
TRUN9 TA¥ DAO T�� M�G MAY TiNHNHA! NGB¥
DOI TAC DAO T�O CUA MICROSOFT T� VQ:T NAM � ..
'-"! ¥
., 105 Ba Huyen Thanh Quan, Q3, TP. HCM Miclosott" Partner

NHAT NGH� Tel: 39.322.i34 - 39.322.735-'- Website: www.nhatn he.com
g
Zones
A firewalld zone defines the level of trust for network connections, interfaces and s
zone combines services, ports, protocols, masquerading. port/packet forwarding. icm
bound to interfaces and source addresses.
Zone
Masquerading
block
Masquerading allows you to set up a host or router that
dmz
internet. Your Local network will not be visible and the
Jfil' I
drop internet. Masquerading is 1Pv4 only.
jhome
j intemal
:I Masquerad� zone
If you enable masquerading, IP forwarding will be enabl
Cac may client hen trong truy �p internet thanh cong
VN!il��B��.��
tto lu1n, Vi,+t nhi*u r;�1J'OS :r.�m tll'l6t
ty M,c Sio' Tuy.It Le do

� YI khOng trOn trach
nhi6m '/01 con
M.Ua r:Si r?U'O'C dirOC bi!u
di8n th,rbn� xuyP.n t�i TP MO'BAN
HCM
Bpho,ie ban m� yang 24K
gij 20, 19 tri§u 60ng
Indonesia d1�u 61 tt:tu chi�n
bio \'& ngv d§n
Tra E!la di,t1g !rang xO -.,a
ca ph& nhai !u6n I ich b SSi
Gen
Mayes chtra dU can d3m
tm IAi tJnr.Jli h::mn Anh
s.· Port forwarding

# firewall-cmd -zone=external -add-forward
port=port=3389:proto=tcp:toport=3389:toaddr=l 0.0.0.20
HoJc sir dl}llg GUI
252 Phien Bin Thir Nghifm - LtrU Hanh Nqi Bq

....A17teJ'lt
"f,rJ;
TRUNG TAAi DAO T�O M�G MAY TiNHNBATNGfll:
001 TAC DAO T�O CUA MICROSOFT T� VJl:T NAM -::�11�
--A---�- I 05 Ba Huy�n Thanh Quan, Q3, TP. HCM
�"'
NH T NGH · Tel: 39.322.734 - 39.322.735-Website: www.nhatnghe.com

Mictosoft·Partner
Goid Leaming
Please select the source and destination options

according to your needs.
Source
Protocol:
. Port I Port Range: l��-�: .._:.. _. J

Destination
If you enable local forwarding. you have to specify a

. port. This port has to be different to the source port.
n Local forwarding
r.i' Forward to another port
. IP address:
Port I Port Range:
Tir may ben ngoai ti�n hanh Remote desktop

Nhip ip mijt ngoai cua firewa:11
· [ . Li Rem�te Desktop
1 � �f/
Connection
�er: 192.168.1.102
Username: NHATNGHE\adlnmlralor
You wl be llllked for crederfials when ycu �-
Nhip user: administrator/ 123
K�t nAi thanh cong
.I
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!J!l.,is3
Phien Bin Thu- Nghifm - Ltru Hanh Nqi Bq
....d'..'1te"' TRUNG TA.M DAO T�O M�NG MAY TINHNIIAT NG�
"'ffrX DOI TAC BAO T�O CUA MICROSOFT T�I �T NAM
105 Ba Huy�n Thanh Quan, Q3, TP. �CM llllicl'osolt· Partner
-N-H-.J.�T-N_G_H-�
• Tel: 39.322.734 - 39.322.735- Website: www.nhatnghe.com
..:.i,�k; Leaming
f)6i port ssh:

# firewa11-cmd --zone=external --add-forward-port=port=2222:proto=tcp:toport=22
HoJc SU' dvng GUI:
Please select the source and destination options

acc.>rding to your needs.
Pr ototol: t<;p v
Port I Port Range: 2 222
Destination
If you enable local forwarding, you have to specify a

port..This port has to be different to the source port.
r;,;, Local forwarding
Port I Port Range: : 2 2
Tir may ben ngoai ti€n hanh k€t n6i d€n ssh server thong quan port 2222
254 Phien Ban Thti' Nghi\lm - Llfll Hanh Nqi Bq

"/,W,X
TRUNG TAM E>AO T�O M�NG MAY TINHNBAT NGlfE:
.,,.AL,-i,,e/fl DOI TAC BAO
. T�O CUA MICROSOFT T� �T NAM �' "\!,•,
--.---- 105 Ba Huy�n Thanh Quan, Q3, TP. HCM
NHAT NGH� Tel: 39.322.734 - 39322.735 - Website: www.nhatnghe.com
Mictosoff·Pa rtner
Goki Learning
j192.168.1.102
COMeCl I
Jroo4
fort Number.
Cancel I
6. Port management
Firewall ma port 3128
# firewall-cmd --zone=intemal --add-port=3128/tcp
Quan sat GUI:
' A firewalld zone defines the level of trust for network connectio.ns, interfa
. zone combines services, ports, protocols, masquerading, port/p acket forw
: bound to interfaces and source addresses.
( ;' Services Ports JMasqueradi�g \ Port FoI

r·· .......,�,""'·""--.,.,., .::,.. ··''·-· . ., .... -"·--"'"··".."'�·-···-�··"'·"' ··"' ··-·· ,.�..., ..,
Add additional ports or port ranges, which nee
connect to the machine.
May client hen trong LAN ciu hinh proxy, truy c�p internet thanh c6ng
lffiltt}\1)]]
.. . .
·�oriiatic configuration
1 �":. :/ .
.��
Aut6!riatii: conf ation mav override manual settings. i"o �e the
. use of��, settings, qisable automatic configuration, ..
,gur
Firewalld h6 trey squid transparent proxy
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!,iss
Phien Bin Thir Nghifm - L11U Hanh Nqi Bq
TRUNG TAM DAO TAO MANG MAY TiNHNHAT NGHE
.:..�.I'..--
7
ett,
l>OI TA.C BAO T�O CUA MICROSOFT T� Vfl:T NAM
� ��
----- 105 Ba Huy�n Thanh Quan, Q3, TP. HCM Mic,osott· Partner
NHAT NGHe Tel: 39.322.734 - 39.322.735 - Website: www.nhatn he.com
g
Ciu hlnh squid

59 http_port 3128 transparent
c!u hlnh firewall
Ttw file /etc/firewalld/direct.xml

#vi /etc/firewalld/direct.xml
<?xml version="l.O" encoding="utf-8"?>
<direct>
. <rule ipv ="ipv4" table="nat" chain="PREROUTING" priority="O">-i eno33554960 -
p tcp --dport 80 -j REDIRECT --to-ports 3128</rule>
<rule ipv ="ipv4" t�ble= "nat" chain="PREROUTING" priority="O">-i eno33554960 -
p tcp --dport 443 -j REDIRECT --to-ports 3127</rule>
</direct>
# systemctl restart firewalld
# fireyvall-cmd --direct --get-all-rules
ipv4 nat PREROUTING O -i eno33554984 -p tcp --dport 80 -j REDIRECT --to-ports 3128
ipv4 nat PREROUTING O -i eno33554984 -p tcp --dport 443 -j REDIRECT --to-ports 3127
Cac may client ben trong khong cin du hinh thong tin v� proxy v�n c6 th€ truy c?p internet thong
qua proxy
Backup of iptables
iptables-save > /opt/iptables.backup
Restore iptables from backup file
iptables-restore < /opt/iptables.backup
256 Phien Ban Thir Nghifm - Llrll Hanh Nqi B9

-_.1-i,,eJC,
r-/1'1:'l;
TRUNG TA.M DAO T�O M�NG MAY TINHNH.A.T NGfll:
1>61 TAC BAO T�O CUA MICROSOFT T� �T NAM �1 "1,·,
tt�.--
-""'!
NHATNGHE
A 105 Ba Huy�n Thanh Quan, Q3, TP. HCM Afictosoft· Partner
• Tel:.39.322.734- 39.322.735-Website: www.nhatnghe.com G<:ici Learning
Amanda
So�n file /etc/hosts tren cac may
192.168.1.101 may l .nhatnghe.com
192.168.1.102 may2.nhatnghe.com
192.168.1.13 win.nhatnghe.com wm
1. Amanda server
b1 Cai g6i sau
amanda-Iibs-3.3.3-13.el7.x86 64
amanda-server-3.3.3-13.el7.x86_64
amanda-client-3.3.3-13.el7.x86 64
amanda-3.3.3-13.el7.x86_64
T�o thumvc
#mkdir /etc/amanda/ServerNetBackup
b2. cAu hinh amanda

#vi /etc/amanda/ServerNetBackup/amanda.conf
org "ServerNetBackup" # Organization name for reports
mailto "address@youremail.com" # Email address to receive reports
netusage 10000 Kbps # Bandwidth limit, 1OM
dumpcycle 1 week # Backup cycle is 7 days

· runspercycle 7 # Run 7 times every 7 days
tapecycle 15 tapes # Dump to 15 different tapes during the cycle
tpchanger "chg-disk" # The tape-changer glue script
changerfile "/etc/amanda/ServerNetBackup/changer'' # The tape-changer file
tapedev "file://central_backup/ServerNetBackup/slots" # The no-rewind tape device to be

used
tapetype HARDDISK # Define the type of tape
irifofile "/etc/amanda/ServerNetBackup/curinfo" # Database directory

logdir "/etc/amanda/ServerNetBackup/logs" # Log directory
indexdir "/etc/amanda/ServerNetBackup/index" # Index directory
define tapetype HARDDISK { # Define our tape behaviour

length 100000 mbytes # Every tape is 100GB in size
}
amrecover_changer "changer" # Changer for am recover
define dumptype global { # The global dump definition

maxdumps 2 # The maximum number of backups run in parallel
estimate calcsize # Estimate the backup size before dump
holdingdisk yes # Dump to temp disk (holdinQdisk) before backup
!!!!!!!1!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!1!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!5.,LS7
Phien Ban Thir Nghifm - L1111 Hanh N9i Bq
TRUNG TAM DAO T�O M�NG MAY TiNHNIIAT NGllt:
.....I.'1le't' D6I TAC BAO T�O CUA MICROSOFT T�I Vll:T NAM
"ftrJ:.
,.., _ 105 Ba Huy{ln Thanh Quan, Q3, TP. HCM Miclosoft· Partner
NHAT NGHe '3::-l:l Leaming
to tape
index yes # Generate index. For restoration usage
}
define dumptype root-tar { # How to dump root's directory
global # Include global (as above)
program "GNUTAR" # Program name for compress
comment "root partitions dumped with tar''
compress none # No compress
index # Index this dump
priority low # Priority level
}
define dumptype user-tar { # How to dump user's directory
root-tar # Include root-tar (as above)
comment "user partitions dumped with tar''
priority medium # Priority level
}
define dumptype comp-user-tar { # How to dump & compress user's directory
user-tar # Include user-tar (as above)
compress client fast # Compress in client side with less CPU (fast)
}
Configure Backup Location

l. Prepare the directory to store all backups:
#mkdir-p /central_backup/ServerNetBackup/slots
2. Assign correct pennission to user amandabackup for the configuration directory and backup
directory:
#chown amandabackup.disk /central_backup -Rf
#chown amandabackup.disk /etc/amanda/ServerNetBackup -Rf
3. Login as user amandabackup:

#su - amandabackup
4. Create the virtual tape. This is where the backup files will be stored. We will need to create 15
slots as per tapecycle keyword:
#forn in 'seq 1 15'; do mkdir/central_backup/ServerNetBackup/slots/slot${n}; done
5. We then need to label all slots:
#forn in 'seq 1 15' ; do ai:nlabel ServerNetBackup ServerNetBackup-${n} slot ${n}; done
6. Create all required directories as defined in the configuration file:
#mkdir/etc/amanda/ServerNetBackup/curinfo
#mkdir/etc/amanda/ServerNetBackup/logs
#mkdir/etc/amanda/ServerNetBackup/index
Conf1gure Service and What to Backup
2:fa Phien Ban Thir Nghifm - Llfll Hanh Nqi Bq

TRUNG TA.M E>AO T.e,.O M.e,.NG MAY TiNHNHAT NGfit:
...AI.92�
.,,./ffl:"X B6I TAC BA.0 T�O CUA MICROSOFT T� �T NAM
--A ---� 105 Ba Huyen Thanh Quan, Q3, TP. HCM lflicrosolt· Partner
NH T NGH · Tel: 39.322.734 -39.322.735-Website: www.nhatnghe.com Gold learning
I . We need to define what to backup in a file called disklist. As user amandabackup, create this file:
$ su - amandabackup
$ vim /etc/amanda/ServerNetBackup/disklist
may2.nhatnghe.com /ketoan comp-user-tar
$ exit
2. start service
#systemctl enable amanda.socket
#systemc�l start amanda.socket
Install Amanda Backup Client

l .lnsta11 Package
amanda,.Jibs-3.3.3-13.e17.x86 64
amanda-client-3.3.3-13.e17.x86 64
amanda-3.3.3-13.e17.x86 64
2. start service
#systemctl enable amanda.socket
#systemctl stait amanda.socket
"1
Run the Backup Process

1. Now go back to the Amanda server and check our configuration file as amandabackup user:
$ su � amandabackup
$ amcheck ServerNetBackup
-bash-4.2$ amcheck ServerNetBackup
Amanda Tape Server Host Check
slot 15: volume 'ServerNetBackup-15'

Will write to volume 'ServerNetBackup-15' in slot 15.
NOTE: skipping tape�writable test
NOTE: host info dir /etc/amanda/ServerNetBackup/curinfo/may2.nhatnghe.com
does not exist
NOTE: it will be created on the next run.
NOTE: index dir /etc/amanda/ServerNetBackup/index/may2.nhatnghe.com does
not exist
NOTE: it will be created on the next run.
Server check took 0.460 seconds
Amanda Backup Client Hosts Check
Client check: 1 host checked in 0.075 seconds. 0 problems found.
(brought to you by Amanda 3.3.3)
2. lfno error found, you can start the backup process immediately by running following command:
$ amdump ServerNetBackup
Or, we can automate this process using cronjob. Run fo11owing command as amandabackup user:
$ crontab -e
And add fo11owing line:
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!�is9
Phien Ban Thir Nghifm - Lmi Hanh Nqi Bl}
TRUN TA
q � f>AO T� M�G MAY TiNHNHA NGiq:
� !
...,,J'.'1ten, D6I TAC DAO T�O CUA MICROSOFT T�I vq:T NAM
. 71'1:'X Micn,solt-Partner
_ 105 Ba Huy�n Thanh Quan, Q3, TP. HCM
NHAT NGH� Tel: 39.322.734 - 39.322.735-Website: www.nhatn he.com t;;1;-.h� Leaming
g
45 0 * * 2-6 /usr/sbin/amdump ServerNetBackup
3. As root user, reload the crond service to activate this job:
# systemctl reload crond.service
II /central_backup/ServerNetBackup/slots/slot15
total 5364
-rw----- 1 amandabackup disk 32768 Jun 2 03:30 00000.ServerNetBackup-15
-rw--- 1 amandabackup disk 5456296 Jun 2 03:30
00001.may2.nhatnghe.com._ketoan.0
Configure Amanda Client for Restore

1. Create a new text file called amanda-client.conf
cont ServerNetBackup11
11 # your config name in Amanda server
index_server may1 .nhatnghe.com1

11 1 # your amindexd server
tape_server "may1.nhatnghe.com11 # your amidxt�ped server
ssh_keys 1 1 11 # your ssh keys file if you use ssh auth

· unreserved-tcp-port 1025,65535
# systemctl restart amanda.socket
Tiin hanh restore
T�i amanda server:

# su - amandabackup
E)� bi�t chi ti�t cac thong tin da backup cua cac may client va cac ngay gia da backup trem
server Ch�y l�nh sau tren server
-bash-4.2$ amadmin ServerNetBackup find

date host disk Iv tape or file file part status
2015-06-02 03:30:26 may2.nhatnghe,com /ketoan O Se.rverNetBackup-15 1 1/1 OK
2015-06-02 03:53:15 may2.nhatnghe.com /ketoan 1 ServerNetBackup-1 1 1/1 OK
Ti6n hanh recovery

-bash-4.2$ amfelchdump ServerNetBackup may2.nhatnghe.com /ketoan 20150602033026
-bash-4.2$11
total 10588
-rw-r-r- 1 amandabackup disk 0 Jun 9 2014 amandates
drwxr-xr-x 3 amandabackup disk 4096 May 31 04:06 DailySet1
drwxr-xr-x 2 amandabackup disk 4096 Jun 9 2014 gnutar-lists
-rw-----1 amandabackup disk 10823680 Jw, 2 04.29 may2.ni1c::1i11yi1t:1.w111._kt::iuc:111.2015u6u2033026.0
drwxr-xr-x 2 amandabackup disk 4096 Jun 1 04:36 perl5
266 Phien Bin Thir Nghifm - Ltru Banh N9i B9

A1"'2en-
r../,r'J;
TRUNG TAM oAo T�o M�G MAY TiNHNBAT Ncm:
DOI TAC DAO T�O CUA MICROSOFI' T� �T NAM
-:�I, �.-,
. 105 Ba Huy�n Thanh Quan, Q3, TP. HCM l,fictosoft·Partner
NHAT NGHe Tel: 39.322.734 - 39.322.735- Website: www.nhatn he.com
g Got,; Leaming
I drwxr-xr-x 2 amandabackup disk 4096 May 31 04:06 template.d
-bash-4.2$ mkdir may2

-bash-4.2$ tar -xvf may2.nhatnghe.com._ketoan.20150602033026.0 -C may2
-sh-3.2$ exit
Xem cac file dllQ'C ph1,1c hOi
[root@mayt Desktop]# II /var/lib/amanda/may2

total 10664
-rwxr-xr-x 1 amandabackup disk 15688 Jun 2 03:29 m17n-conv
-rwxr-xr-x 1 amandabackup disk 154808 Jun 2 03:29 m4
-rwxr-xr-x 1 amandabackup disk 82560 Jun 2 03:29 machinectl
..rwxr-xr-x 1 amandabackup disk 11336 Jun 2 03:29 macptopbm
-rwxr-xr-x 1 amandabackup disk 392784 Jun 2 03:29 mail
-rwxr-xr-x 1 amandabackup disk 247848 Jun 2 03:29 mailq
-rwxr-xr-x 1 amandabackup disk 247848 Jun 2 03:29 mailq.postfix
-rwxr-xr-x 1 amaildabackup disk 392784 Jun 2 03:29 mailx
-rwxr-xr-x 1 amandabackup disk 182736 Jun 2 03:29 make
-rwxr-xr-x 1 amandabackup disk 19032 Jun 2 03:29 makedb
'l
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!�L61
Phien Ban Thfr Nghifm - Llfll Hanh Nqi Bq

Tai Lieu Quan Tri Linux LPI 1 2 PDF

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Tai Lieu Quan Tri Linux LPI 1 2 PDF

Uploaded by

Copyright:

Available Formats

..,.,..J'..

"JteJC, TRUNG TAM DAO TAO MANG MAY TiNHNIIAT NGu-e

Topic 1: Linux Installation and Package Management

Installing Linux as a Server

BI. Ch9n ngon ngu cai d�t, chc,m continue:

2 ·Phien Ban Th1r Nghifm - LU'U Hanh Nqi Bq

}:pgtisn ,(l!Jn!�ed fit<l! esr i i •

84. Ch9n Software Selection 85. Ch9n Software selection, done

SOFTWARE SELECTION Base Envlrorrnent Add-

r, Basic Web Server

NETWORK & HOST NAME VMware, VMware Virtual S

Not connected sda I 992. 5 KiB free

Other Storage Options

ADD A NEW MOUNT POINT

• Create new mount points by dicking the '+'

r��-���-�r���;-�;;��.·;:_,-·:_-_�.�-:�_-:·.:·..• ·. ::_ �.]

4 Phien Ban Thir Nghifm - LU'U Hanh Nqi Bq

BIO. ChQn+ B11. T�o phan vung swap

B12. T�o han vimg /root Bl3. Ch9n done

B14. Ch9n Accept B15. Ch9n Network% Hostname

�st,ov Form�t ;;,., ·-

----- I 05 Ba Huy�n Thanh Quan, Q3, TP. HCM

[i] Ethernet (eno16777736)

Hardware Address 00:0C:29:SA:CE:OA

B 16. ChQn Begin Installation Bl 7. D�t password cho root: 123456

B 18. T�o user B 19. Ch9n Reboot

I ready for you to use! Go ahead and reboot to

820. Lo ·n user root B21. Start using Centos Linux

6 Phien Ban Thii' Nghifm - Ltru Hanh Nqi Bq

Your computer is ready to use,

"""'-;:; !;,j r : - ""' ti

Gin them Ian card

Bl. #nmtui 82. Doi ten profile

Phien Bin Thir Nghifm - L1111 Banh N9i B9 7

B4. #systemctl restart network

Chu y: co th8 d6i ten thanh ifcfg-ethO, ifcfg-ethl ...

Stop and Disable Firewalld on CentOS 7

Mcr file /etc/selinux/config, sfra SELINUX=disbled

Change default runlevel in CentOS 7

8 Phien Ban Thii' Nghifm - Ltru Hanh Nqi B{,

LOAD = Reflects whether the unit definition was properly loaded.

83. Change default to runlevel 3

84. Ki�m tra

Phien Bin Thir Nghifm - Lll'll Hanh Nqi Bq 9

lrwxrwxrwx. 1 root root 17 Apr 14 2015 /lib/systemd/system/runleve13.target -> multi-user.target

B 3. Chuy�n runleve tir 3 sang 5

10 Phien Ban Thfr Nghifm - LU11 Hanh Nqi Bq

1 package 1 .. 1 1jo 1 - � I i386 I rp1

Internet � Software Update

Sundry . tJ J System Log

jsystem Tools 1. IIJ System Mon,tor

Man hinh Software Manager.

• Software Sources Source CentOS-7 - Base

2. Quan ly package bing RPM (dung command)

rpm - RPM Package Manager

rpm {·Vl·-verify} [sel.ect-options] [verify-options]

rpm {·Kl--checksig} [--nosignature] [--nodigestJ

rpm {·Uf--upgrade} [instal.l.-options] PACKAGE FILE .,_,_,_

rpm {-Ff--freshen} [instatl.-options] PACKAGE FILE .:...:...,.

rpm {-el--erase} [--allmatches] [--nodeps] [--noscripts]

2.2. Cai djt tir DVD

* Cac tham s6 thucmg dung cha vi�c cai d�t

[root@localhost-]# mount /dev/cdrom /media/

r��-��-�r��;-�;;��.·;:_,-·:_-_�.�-:�_-:·.:·..• ·. ::_ �.]