Professional Documents
Culture Documents
1
Phien Bin Thir Nghifm - Ltru Banh N{>i Bq
TRUNG TAM E>AQ T,:\.O M,:\.NG MAY TiNHNHAT NGH.f:
.t1"Jleft,
r.A/,r'J; 1>61 TAC BAO T�O CUA MICROSOFT T�I �T NAM
,, � 105 Ba Huyen. Thanh Quan, Q3, TP. HCM Mic#Osolt·Partner
NHATNGHE· .
Tel: 39.322.734 - 39.322.735- Website: www.nhatnghe.com
2. Cai dJt
Giao trinh nay se hu6ng d!n cac b�n cai d�t CentOS 7.1 Enterrprise
Kh&i d<)ng tu CD Rom cua CentOS 7.1 enterprise
Khi chuong trinh cai d�t khai d<)ng, se hi�n thi man hinh:
WELCOME TO CENTOS 7�
What language would you like to use during the installation process?
V "-; '°" t,ms.s«� "°''�+=<• '� « ;, � """' - - F>'�
Afrikaans Afrikaans
English (United Kingdom)
English (India)
""'ci.: Amharic
- �I English (Australia)
Arabic
English (Canada)
� Assamese
English (Denmark)
Asturianu Asturian English (Ireland)
5e11apycKast Belarusian English (New Zealand)
6bllrapcKw Bulg:,rian English (Nigeria}
<!l�cTI Bengali ---- �n.9:ish_ _ (r.:Jo':9 �0-�9 .�'.':'� �hlna)
Quit Continue
..
Install or upgrade an exiting system: Cai m&i ho�c nang d.p
82. Ch9n Date & Time EB. Ch9n Ho chi Minh City, Done
LOCALIZATION DATE&TIME
DATE &TIME
Americas/New York timezone
LANGUAGE SUPPORT
English (United States)
SOFTWARE
3
Phien Ban Thfr Nghifm - LtrU Hanh Nqi Bq
Me"- TRUNG TAM DAO T�O M�NG MAY TINHNHA.T NGffl:
DOI TAc BAO T.,;.o CUA MICROSOFT T.,;.I vq:T NAM
105 Ba Huy�n Thanh Quan, Q3, TP. HCM Miclosoft· Partner
NHAT NGH� Tel: 39.322. 734 - 39.322.735 - Website: www.nhatnghe.com
GNOME Desktop
86. ChQn Installation Destination B7. ChQn disk sda, I will configure
partitioning
,Done
Device Selection
SYSTEM Select the device($) you'd like to Install to. They will be left unto
"Begin Installation" button.
Local Standard Disks
INSTALLATION DESTINATION
Automatic partitioning selected .40GiB
-�s. Ch9n Standard Partition, done B9. T�o munt point /boot dung lu9ng 200M
f::t�=���I
Cancel Add mount point
I
Mount Point: V
Desired C.. pa ci
33.2 G,6
Device Type:
St•ndard P arti
: Cancel Add mount point
SYSTEM
SUMMARY OF CHANGES
B16. ChQn ON, configure B17. NMp thong tin cho Lan card, Save, done
5
Phien Ban Thir Nghifm - Ltru Hanh Nqi Bq
TRUNq TA� DAO T�� M�NG MAY TiNH NIL\T NG11¥
,..,1"1Jf,e/fl
"{,r'J; 1>61 TAC f>AO T�O CUA MICROSOFT T�I VJt;T NAM � ..
/f/r,c,osott· Partner
,� .¥
CONFIGURATION
KDUMP
Kdump Is enabled
USER SETrlNGS
ROOT PASSWORD
Root password is not set
CENTOS? INSTALLATION
Imus , Help!
-·-tt---.
_.,L"'Jll,e/fl
rf,rr'J; 1>61 TAC BAO T�O CUA MICROSOFT T�I VJ¥T NAM
105 Ba Huyen Thanh Quan, Q3, TP. HCM Miclosolf· Partner
NHATNGHE
. .
· Tel: 39.322.734- · . www.nhatn he.com
39.322.735-Website:
',it.si::! Leaming
DisableFirewalld
#systemctl disable firewalld
StopFirewalld
#systemctl stop firewalld
Check the Status ofFirewalld
#systemctl status firewalld
Disable SELinux CentOS 7
Xem �ng thai selinux:
[root@localhost-]# sestatus
SELinux status: enabled
SELinuxfs mount: /sys/fs/selinux
. SELinux root directory: /etc/selinux
Loaded policy name: targeted
Current mode: enforcing
Mode from config file: enforcing
Policy MLS status: enabled
Policy deny_unknown status: allowed
. Max kernel policy version: 28
graphical.target
B2. Xem cac target c6 �n
[root@localhost -]# systemctl list-units --type=target
UNIT LOAD ACTIVE SUB DESCRIPTION
basic.target loaded active active Basic System
cryptsetup.target loaded active active Encrypted Volumes
getty.target loaded active active Login Prompts
graphical.target loaded active active Graphical Interface
local-fs-pre.target loaded active active Local File Systems (Pre)
local-fs.target loaded active active Local File Systems
multi-user.target loaded active active Multi-User System
network.target loaded active active Network
paths.target loaded active active Paths
ren1ote-fs-pre.target loaded active active Remote File Systems (Pre)
remote-fs.target loaded active active Remote File Systems
slices.target loaded active active Slices
sockets.target loaded active active Sockets
sound.target loaded active active Sound Card
swap.target loaded active active Swap
sysinit.target loaded active active System Initialization
timers.target loaded active active Timers
17 loaded units listed. ·Pass --all to see loaded but inactive units, too.
To show all installed unit files use 'systemctl list-unit-files'.
Cach2:
B 1. Check the current level
# systemctl get-default
multi-user.target
B2. Xem cac runlevel
[root@localhost -]# Is /lib/systemd/system/runlevel*target -1
lrwxrwxrwx. l root root 15 Apr 14 2015 /lib/systemd/system/runlevelO.target -> poweroff.target
lrwxrwxrwx. l root root 13 Apr 14 2015 /lib/systemd/system/runlevel I .target -> rescue.target
lrwxrwxrwx. I root root 17 Apr 14 2015 /lib/systemd/system/runlevel2.target -> multi-user.target
ghe.com
Goid Learning
Installing software
- Redhat Package Manager (RPM) la cong cv dung d� Installing, Uninstalling va Upgrading software
cho h� th6ng Linux.
- M9t RPM package la m9t file chfra cac chucmg trinh thl,lc thi, cac scripts, tai li�u, va m9t s6 file dn
thi€t khac. Cdu true ciia m9t RPM package nhr sau:
, .. i J"
Pfaces . t$ftware
Favorites Boxes
Accessories
Documentation
'X, Settings
Graphics r; � Software
Software
System Management
!. .. Virtualization
Virtuali:ation Client
Virtualization Hypervisor
Virtualization Platform
'
Ii" WebVirtualization Tools
Services
load Balancer
Ttle Ap��;·.:irw's-;rve�is-; ..
:powerful, efficient, and extensible :
1.,·1. I
'·······' -·-··------··-···---··-····--··-d
Dov:nload size 2.8 MB
Liu,nce ASL 2.0
11
Phien Ban Thir Nghifm - Ltru Hanh Nqi B9
TRUNG TAM oAo T�O M�NG MAY TINHNHA.TNGffl:
�e,,t, D6I TAC DAO T�O CUA MICROSOFT T� Vq:TNAM
Mlc#osoff·Pa rtner
_;,...,,
� ,� � ..
,., - - 105 Ba Huy�n Thanh Quan, Q3, TP. HCM
NHAT NGHe Tel: 39.322.734 - 39.322.735- Website: www.nhatnghe.com 'i:.:-k: Leaming
HISCELLANEOUS:
rpm {--initdbl·-rebuilddbj
¢ Xem va d6i chi�u v&i ly thuy�t cac option khi su dµng I�nh rpm.
[root@may 1 -]#me
me [root@localhost.localdomain]:/
· Truy v§.n cac thong tin lien quan d�n g6i da cai
Cac tham s6 thucmg dung
#rpm -qa me* => li�t ke cac packages co ten nit dAu la me.
#rpm -qa I grep me => li�t ke cac packages c6 ten chua me.
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!13
Phien Bin Thi'r Nghifm - Ltr0 Hanh N{H Bq
TRUNG TAM DAO TAO MANG MAY TINHNBAT NGHE
-AAL"'ll� �,.
"/,r'J; B6I T.A.C BAO T�O CUA MICROSOFT T� Vfl;T NAM � ...... ·�
#rpm-qd httpd . => li�t ke cac files tai li�u lien quan d�n me.
14�!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Phien Bin Thu Nghifm - LU'U Hanh Nqi B9
TRUNG TAM DAO TAO MANG MAY TINHNBA.T NGHE
�en, 1>61 TAC BAO T40 CUA MICROSOFT T4{ viiT NAM
,., · _ l05 Ba Huyen Thanh Quan, Q3, TP. HCM Microsoft·Pa rtner
NHATNGHE . - 39.322.735- Website: www.nhatnghe.com
· Tel: 39.322.734 Goici Learning
samba-common-4.1.12-2 l .el7_1.x86_64
samba-4.1.12-21.el7- l.x86-64
samba-libs-4.1.12-2 l.el7 l.x86 64
Chu y: Niu gfi bo m(Jt package ma package do con ph1:1 thu(jc vao cac package khac thi khi
gfi bo ta ditng them tuy ch,;m --nodeps.
c:> L6i do samba-common ph1,1 thu(k vao g6i samba-0:4. l .12-2 l.el7_1.x86 _64. Vi v�y n�u
mu6n xoa g6i do samba-common thi c6 2 each:
Cach 1: xoa g6i samba-0:4. l .12-2 l .el7_1.x86_64 tru6c, sau d6 xoa g6i samba-common.
Cach 2: xoa g6i samba-common dung v6i option --nodeps
Dung l�nh rpm -qa grep samba d� ki�m tra k�t qua.
J
Ghi chu:
- Ta co thi ditng Nnh rpm vai option.'
--nodeps : l¢nh rpm se ho qua cac g6i ph1,1 thu(>c.
--force : lfnnh rpm se bo qua l6i xung a(>t.
-Di cai aijt software tren HDH Linux ngoai RPM package, chung ta con co thi cai aijt bi'lng
goi source, chi tih Se aU()'C trinh bay O' phJn sau.
L�nh yum cho phep tim ki�m va cai d?t cac ph!n m�m, thu vi�n tri.rc ti�p tir internet
Cuphap:
yum [options] [command] [package ...]
Available Groups:
Backup Client
Backup Server
CIFS file server
Compatibility libraries
16�!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Phien Ban Thu- Nghifm - Lu-u Hanh Nqi Bq
Men,
TRUNG TAM DAO T�O M�NG MAY TINHNHA.T NGH¥
D6I TAC DAO T�O CUA MICROSOFT T�I Vll:T NAM
"":4l"i,
...
,., _ 105 Ba Huyen Thanh Quan, Q3, TP. HCM
NHATNGHE· Tel: 39.322.734
. - 39.322.735 - Website: www.nhatn he.com Aficrosoft·Pa rtner
g Goici Leaming
Installed:
amanda-server.i686 0:2.6.1p2-7.el6
Dependency Installed:
amanda.i686 0:2.6.1p2-7.el6 xinetd.i686 2:2.3.14-33.el6
Complete!
Dependencies Resolved
Installing:
me i686 1:4.7.0.2-3.el6 base 1.6 M
Total download size: 1.6 M
17
Phien Bin Thii' Nghifm - Ltru Hanh Nqi Bq
Men, TRUNG TA.M E>AO T�O M�NG MAY TiNHNIIAT NG11¥
DOI TAC DAO T.�O CUA MICROSOFT T*1 VIE:T NAM
105 Ba Huy�n Thanh Quan, Q3, TP. HCM llllr#CIOSOlt' 1Partner
NHAT NGH�
� A
:;,.,k! Leaming
Tel: 39.322.734 - 39.322.735- Website: www.nhatnghe.com
Installed:
mc.i686 1:4.7.0.2-3.el6
Complete!
[root(a),mayl AdobeReader]#
18�!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Phien Ban Thir Nghifm - LU'U Hanh Nqi Bq
JtAL"'lle/tl
"(fll:'J:
TRUNG TAM E>A.O T�O M�NG MAY TiNHNHAT NG�
DOI TAC D.AO T.�O CUA MICROSOFT T�I V)¥T NAM �,-,
'
105 Ba Huy�n Thanh Quan, Q3, TP. �CM Aficrosott· Partner
_N _H_A�T-N_G_H_E· Tel: 39.322.734 - 39.322.735- Website: www.nhatnghe.com Goici Learning
Removed:
mc.i686 1 :4.7.0.2-3.el6
Complete!
gh
Xwindow
NAME
rpm - RPM Package Manager
SYNOPSIS
QUERYING AND VERIFYING PACKAGES:
rpm {-ql--query} [select-options] [query-options]
9!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!21
Phien Ban Thu Nghifm - LU'U Hanh Nc)i Be)
TRUN� TA� f>AO TA.q MA.NG MAY TiNHNHATNGiq:
..,.,.,J"..'Jle,i,
"fffl:"X DOI TAC BAO T�O CUA MICROSOFf T� �T NAM
I 05 Ba Huy�n Thanh Quan, Q3, TP. HCM M'"ICl'OSOlt' Partner
•
,., . A
NHAT NGH�
Tel: 39.322.734 - 39.322.735- Website: www.nhatnghe.com
Khai ni�m t?p tin trong Linux dugc chia ra lam 3 lo�i chinh:
+ T?p tin chua du li�u binh thucmg.
+ T?p tin thu mvc.
+ T?p tin thi�t bi.
Ngoai ra Linux con dung cac Link va Pipe nhu la cac t?P tin d�c bi�t.
Xem cfiu true t?p tin h� th6ng:
2L�!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Phien Ban Thir Nghi�m - LU'U Hanh Nqi Bq
Men,
· TRUNG TA.M flAO T�O M�G MAY TiNHNHATNGiq;
B6I TAC BAO T�O CUA MICROSOFI' T�I Vll:TNAM
,., ,_ I 05 Ba Huyen
NHATNGHc
Thanh Quan, Q3, TP. HCM
. - 39.322.735- Website: www.nhatnghe.com
Aficrosoft·Pa rtner
· Tel: 39.322.734 G<:id Leaming
Options Y nghia
-L Hien thi danh sach file (chi hi�n thi ten).
-1 Hien thi danh sach file (gom nhieu CQt: filename,size,date,....
-a Li�t ke tat ca cac file, baa gom nhfrng file an.
-R Li�t ke tat ca cac file ke ca cac files hen trong thu m1,1c son.
linux
Fedora
E Redhat
Ubuntu
unix
AIX
E FreeBSD
Solaris
windows
win2k8
E win7
winxp
Su di.mg l�nh mkdir v6i cu phap sau d� t�o cay thu m1,1c tren
I doanh"}
[root@mayl windows]#
24�!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Phien Ban Thir Nghifm - LllU Hanh N{>i Bq
TRUNG TA.M DAO T�O M�NG MAy TiNH NRAT NGH:E:
.,,.AL�e!"
"/� B6I TAC BAO T�O CUA MICROSOFT T�I v1iT NAM
,, � I 05 Ba Huyen Thanh Quan, Q3, TP. HCM
NHATNGHE• Tel: 39.322.734
. - 39.322.735- Website: www.nhatnghe.com
Aficrosoff·Partner
(.";,; Leaming
Ngoai ra c6 th� t:;10 t�p tin bAng each dung ti�n ich vi, se hQC sau.
- Xem n9i dung cua t�p tin /etc/sysconfig/network va t�p tin /etc/fstab:
#
# /etc/fstab
25
Phien Bin Thir Nghifm - LU'U Hanh Nqi Be)
A.l.'."Jte't' TRUNG TJ\M E>AO T�O M�NG MAY TINHNHA.T NG11¥
r../111:J; D6I TAC D.AO T�O CUA MICROSOFT T� V£E;T NAM
105 Ba Huy�n Thanh Quan, Q3, TP. HCM Miclosolt' Partner
NHAT NGH� Tel: 39.322.734 - 39.322.735-Website: www.nhatnghe.com
� A
Tucmg tv dung l�nh more, less, tail d� xem va d6i chi�u k�t qua.
L�nh tail thucmg duqc dung d� v6i option -f d� xem cac log file cho vi�c debug 16i
[root@mayl data]# tail -f /var/log/messages
Jun 30 07:52:36 mayl xinetd[1553]: Server /usr/sbin/amandad is not executable [file=/etc/xinetd.d/amanda]
[line=13]
Jun 30 07:52:36 may! xinetd[l553]: Error parsing attribute server - DISABLING SERVICE
[file=/etc/xinetd.d/amanda] [line=13]
Jun 30 07:52:36 mayl xinetd[l553]: xinetd Version 2.3.14 started with libwrap Joadavg labeled-networking
options compiled in.
Jun 30 07:52:36 mayl xinetd[1553]: Started working: 0 available services
Jun 30 07:52:40 mayl abrtd: lnit complete, entering main loop
Jun 30 07:52:44 mayl qpidd[1672]: 2012-06-30 07:52:44 notice Listening on TCP port 5672
Jun 30 07:52:44 mayl qpidd[l672]: 2012-06-30 07:52:44 notice SSL plugin not enabled, you must set --ssl
cert-db to enable it.
Jun 30 07:52:44 mayl qpidd[l672]: 2012-06-30 07:52:44 notice Broker running
Jun 30 08:14:12 mayl dbus: ave: received setenforce notice (enforcing=O)
Jun 30 10:16:49 mayl yum[36001: Installed: tree-l.5.3-2.el6.i686
- Sao chep toan b¢ thu mvc /etc va cac thu mvc con
[root@mayl data]# cp -Rv /etc/* /data/hdh/linux/
Ghi chu: bgn co thd dung cac ky llf "?,, va "*" ad thTJC hi¢n sao chep cung luc nhiJu t(lp tin va thu
m1,lc nhu:
Vi dv: chep cac file c6 ki tg dAu tien la a,b ho�c c va cac ki tg ti�p theo la b!t ky
[root@mayl data]# cp -v /bin/[a-c]* /data/hdh/
26�!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Phien Ban Thll' Nghifm - LU'U Hanh Nqi Bq
Men, TRUNG TAM DAO T�O M�G MAY TiNHNHAT NGm;
D6I TAC BAO T�O CUA MICROSOFT T�I VJl;T NAM
ms Ba Huyen Thanh Quan, Q3, TP. HCM llllictosolt· Partner
::4ll�
·�.,
NHATNGHE .
., A
Ghi chu: Tuang fl,( nhu sao chep, bt;m co thJ dung cac ky fl,( "? ,, va "*,, ai th7!C hi¢n di chuyJn cimg
/uc nhi€u ft;lp tin VG thu m'l:IC.
- T�o t�p tin truong:txt b�ng each dung lien k�t cung v6i t�p tin nhatnghe.txt:
[root@mayl data]# In nhatnghe.txt truong.txt
- Ki�m tra t�p tin vira t�o: quan sat inode entry ciia 2 t�p tin vira t�o
total 244
267452 -rw-r--r--. 1 root root 253 Jun 30 11:29 lich.txt
267450 -rw-r--r--. 2 root root 41 Jun 30 10:56 nhatnghe.txt
267450 -rw-r--r--. 2 root root 41 Jun 30 10:56 truong.txt
267451 -rw-r--r--. 1 root root 9Jun 30 11:19vanbanl .txt
- Ki�m tra nQi dung cua t�p tin lien k�t ct'.mg nhatnghe.txt:
[root@mayl data]# cat nhatnghe.txt
ruong tin hoc Nhat nghe
Lp hoc linux
phong so 9
- Ki�m tra nQi dung cua t�p tin lien k�t cung truong.txt
[root@may I data]# cat truong.txt
Truong tin hoc Nhat nghe
Lop hoc linJJX
"phong so 9
c> Chuy: - Khi xoa ttjp tin g6c, ttjp tin hard/ink khong bi anh huimg.
- Khong thd tgo lien kit cimg cho m9t t(jp tin thu m'f;lc.
Lien k�t m�m: Symbolic link_la lien k�t khong dung d�n node entry ma chi dan thufrn la t�o shortcut.
- T�o tjp tin lop.txt b�ng each dung lien k�t m�m v6i truong.txt:
[root@may l data]# In -s truong.txt lop.txt
[root@mayl data]# 11
-rw-r--r--. 1 root root 253 Jun 30 11:29 lich.txt
lrwxrwxrwx. 1 root root 10 Jun 30 11:43 lop.txt -> truong.txt
-rw-r--r--. l root root 53 Jun 30 11:39 truong.txt
-rw-r--r--. 1 root root 9Jun 30 11:19vanbanl.txt
[root�mayl data]#
- Ki�m tra nQi dung cua t�p tin lien k�t cung truong.txt:
[root@mayl data]# cat truong.txt
I [root@mayl data]# 11
2��!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!�
Phien Ban Thu Nghifm - L11U Hanh Nqi Bq
�-.,,e/11 TRUNGT.AM DAO T�O M�G MAY TINHNHA.T NGH¥
B6I TAC BAO T�O CUA MICROSOFT T� Yq:T NAM
"/�
-..,�--- 105 Ba Huy�n Thanh Quan, Q3, TP. HCM
NHAT NGH� Tel: 39.322. 734 - 39.322.735 - Website: www.nhatnghe.com
AfictOsoft·Pa rtner
Goid Learning
total 240
267452 -rw-r--r--. 1 root root 253 Jun 30 11:29 lich.txt
267447 lrwxrwxrwx. 1 root root 10 Jun 30 11:43 lop.txt -> truong.txt
267450 -rw-r--r--. 1 root root 6 Jun 30 11:46 truong.txt
267451 -rw-r--r--. 1 root root 9 Jun 30 11:19 vanbanl .txt
root ma 1 data]#
=> inode CUQ t(lp tin g6c VCI t(lp tin QU(JC t<;zO ra bl'lng lien Mt mlm khac nhau.
- Ki�m tra nc}i dung ctla t�p tin lien k�t cung lop.txt
[root@mayl data]# cat lop.txt
cat: lop.txt: No such file or directory
=> chuv: - Khi xoa t(lp tin g6c, t(lp tin symboliclink khong thi xem au(JC.
- Co thi t<;zo symboliclink cho t(lp tin thu m1:tc.
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!29
Phien Ban Thir Nghifm - Llfll Hanh Nc)i Be)
TRUNG TAM DAO T�O M�G MAY TINHNHA.TNGKf:
_,,1"'Jlefl! DOI TAC D.AO T*O CUA MICROSOFT T*I VJ¥TNAM
. "'fl'lf"X
,,. 105 Ba Huyen
. Thanh Quan, Q3, TP. HCM
ff
NHATNGHc .
. .
,:,,:>!tl Learning
Ki�m tra
[root@may1 data]# II
total 764
-rwxr-xr-x. 1 root root 123 Jul 715:36 alsauiimute
-rwxr-xr-x. 1 root root 26004 Jul 7 15:36 arch
-rwxr-xr-x. 1 root root 359092 Jul 7 15:36 awk
-rw-r--r--. 1 root root 389120 Jul 7 15:43 fi1e.tar
[root(a),mayl data]#
8. T'un ki@m
8.1. Lf�h grep
Tim kiem chuoi c6 hen trong file
grep options pattern filenames
3U�!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Phien Bin Thir Nghifm - Llfll Hanh Nqi Bq
Me,c,
TRUNG TAM E>AO T�O M�NG MAY TINH NlL\T NG�
1>61 TAC l>.AO T�O CUA MICROSOFT T�I VJl:T NAM ::«l�l�..
,
Option
-i Tim khong phan bi�t chir hoa thucmg
-1 Hi€n thi danh sachfile
-n Them s6 thCr t\I dong
-v In ra cac dong khong chCra chu6i cdn tim
-c T6ng s6 dong chCra chu6i dn tim
Vi dv:
- In ra cac dong chCra chu6i 'root' trong file /etc/group
Ngoai vi�c tim theo ten (-name), c6 th€ tim theo cac options khac nhu: -type, -user, -
atime, -amin, -newer, ... Su dvng man find d� xem chi ti8t.
- Tim ki�m tit ca cac file thu(>e quyen SCI hilu cua 1 user
find . -user u 1 -exec chmod o=r {} \;
Cac ifnh tim kiem khac
- Tim vi tri, source va man page cua l�nh grep:
[root@mayl -]# whereis grep
grep: /bin/grep /usr/share/man/man I p/grep. l p.gz /usr/share/man/man I /grep. l .gz
dw x6a 1 tu
34�!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Pbien Ban Tbir Ngbifm - LU'U Hanh Nqi Bq
..,,1"'.Re'C- TRUNG TAM DAO TA,O MA.NG MAY TiNHNIIAT �GB¥ -:-�11)..
"/r,r,J; D6I TAC DAO T.�O CUA MICROSOFT T�I VJtT NAM �-"
105 Ba Huy�n Thanh Quan, Q3, TP. �CM Mictosoft·Partner
-N-H-J..!"'T_N_G_H-�• Tel: 39.322.734 - 39.322.735- Website: www.nhatnghe.com Goid Leaming
1 ,
- Cdu true file /etc/passwd
Password
\. rr 1- �T T
(or password placeholder)
Account name Home d",rectory ""'n·
._.,...
I
1.2. T@.p tin /etc/shadow: La ncri hru trfr m�t khftu da dugc ma h6a.
- C§.u true file /etc/shadow:
""'·
Date when
l
Encrypted password was Days before Days after which
Account
password last changed password may password must
name
be c11an ged
l
/ changed
o'::1::
o
,��
fpasswotd
"'- / �
1 .
e:ziodnu $1$46mXiYMH$BJ72Lcqlb0eAEPNa2:24n40: 12100 • O: 99999 7, • � Reserwd f
or
,
�reuse
.'\.
r Detliwhen
Days .iftt! account. e•"'re.s
swonl !!Xl)lies '' . . .....
pas
that account
will be disabled.
[root@mayl -]#cat/etc/shadow
root:$6$ynfgmChLXklxFAjo$0mVOrBsDbVaC/7CcY.j/.blLUR/oofG9Ke7wb7koeqZaSSBP
VOdvN4054zuWyE5RShkwVr4jxsZmHMhHaFdc3.: I 55 I 7:0:99999:7:::
bin:*:] 5240:0:99999:7:::
daemon:*:15240:0:99999:7::
qpidd:!!:15517::::::
sshd:!!:15517::::::
tcpdump:!!:15517::::::
oprofile:!!:15517::::::
quangngoc:$6$LwPhTxwhOvZ.CR8.$4Gt79dGXdmvUbLQziRE5VQHmAPJBHPbxpr45zzsrKOy
fq4SHLY/o05z4jBJD2iizVmNEFKZj5qGiskIZ2JgJx.:15517:0:99999:7:::
amandabackup:!!:15519::::::
mysql:!!:15521 ::::::
Group password
.
{or password placeholder)
Group //
,,/
,,,. .,,. GID
- -- ·
r,a me // . .- ···-- ...�-···... -
! ,/ .....-- ........--- Mernber Accounts
·
b�n:x:l :root,b�n.<laemon
stapusr:x:491:
sshd:x:74:
cgred:x:490:
tcpdump:x:72:
oprofile:x:16:
slocate:x:21:
quangngoc:x:500:
mysql:x:27:
NAME
useradd - create a new user or update default new user information
36�!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Phien Ban Thii' Nghifm - L1111 Hanh Ncji Be}
�1'1le,t, TRUNG TAM DAO T�O M�NG MAY TINH NHAT NGiq:
"/,r'J; B6I TAC BAO T�O CUA MICROSOFT T�I VI¥T NAM
-:�11,
'I:,,
105 Ba Huy�n Thanh Quan, Q3, TP. �CM
A!""T_N_G_H-�• Tel: 39.322. 734 - 39.322.735 - Website: www.nhatnghe.com
Microsoft· Partner
·-N-H ... Go!d Learning
SYNOPSIS
useradd.[options] LOGIN
useradd-D
useradd-D [options]
DESCRIPTION
When invoked without the -D option, the useradd command creates a new user
account
using the values specified on the command line plus the default values from the
system. Depending on command line options, the useradd command will update
system
files and may also create the new userA's home directory and copy initial fies.
By default, a group will also be created for the new user (see-g, -N, -U, and
c::> Xem va d6i chi�u v&i ly thuy�t cac options da h9c, y nghia cua tirng options.
qpidd:x:493:
stapdev:x:492:
stapusr:x:491:
sshd:x:74:
cgred:x:490:
tcpdump:x:72:
oprofile:x: I 6:
slocate:x:21:
quangngoc:x:1000:
mysql:x:27:
nvl:x: I 001:
oprofile:!!:15517::::::
quangngoc:$6$LwPhTxwhOvZ.CR8.$4Gt79dGXdmvUbLQziRE5VQHmAPJBHPbxpr
45zzsrKOyfq4SHLY/o05z4jBJD2ilzVmNEFKZj5qGisk1Z2JgJx.:15517:0:99999:7:::
amandabackup:!!: I 5519::::::
mysql:!! :1552 I::::::
nv l :$6$J6n/yx70$TvQG98tuyXYuAi8Cm22CymioAwXS 1SMcdpGLxL50LKHF
NjkHbsDm i3x794F9bg51ZNOENlfpDl/tU4h7PwPqe/:15528:0:99999:7:::
- T�o nv2 c6 home directory la thu m1,1c /tmp/userb va c6 dong mo ta "day la tai khoan dung de test":
[root@mayl -]#useradd-c "Nhan vien" -d /nhanvien/nv2 nv2
nv1:x: I 000:
nv2:x: 1001:
[root@mayl -]#
nv3::15528:0:99999:7:::
nv1:!!$6$nXbKwuGb$pljJqtZydt.C4QWu1Vtqrt616];:2XaxQ6qCzFKTpTNxiMGTS
cVmTZumn4bGpKhJFxtcW9vYlal7Ev8byflWWYK1:15528:0:99999:7:::
nv2:$6$R/QyToH6$yxcUjLMZhOU6YQiFQYbUhKohGWyOEA6RZyOdOOydlCC
SFiCkEv7e4wltj2gespV5RvGpM.qnPFylRzpGjprOX.:15528:0:99999:7:::
nv3::15528:0:99999:7:::
NAME
usermod - modify a user account
SYNOPSIS
usermod [options] LOGIN
DESCRIPTION
The usermod command modifies the system account files to reflect the
changes that are specified on the command line.
- Thay d6i user nv1 thanh nv5, va d6 thu h9c home thanh: /nhanvien/nv5:
usermod --login nv5 �home /nhanvien/nv5 -m nv1
DESCRIPTION
/etc/group is a text file which defines the groups on the system.
There is one entry per line, with the following format:
group_name:passwd:G ID:user_list
c). Xem va d6i chi�u voi ly thuy�t cac options da h9c, y nghla cua tung options.
NHATNGHc
�
. - 39.322.735- Website: www.nhatnghe.com
· • Tel: 39.322.734 (:oki Learning
SYNOPSIS
groupmod [options] GROUP
DESCRIPTION
The groupmod command modifies the definition of the specified GROUP by
modifying the appropriate entry in the group database.
OPTIONS
The options which apply to the groupmod command are:
-g, --gid GID
The group ID of the given GROUP will be changed to GID.
Q Xem va d6i chi�u v&i ly thuy�t cac options da h9c, y nghia cua tung options.
3. Login/Logout
3.1. SU" dyng lfnh SU
- Tir root dang nh�p vao nvl: su nvl
- Tir nvl dang nh�p vao nv2: su nv2
41
Phien Ban Thir Nghifm - Lim Hanh Ni}i Bi}
.AAL'Tle/tl
"f,r"J;
TRUNG TMf DAO T�O M�NG MAY TINHNIIA.TNGfll:
B6I TAC BAO T�O CUA MICROSOFT T� �TNAM �,� �
Miclosolt' Partner
..
. Thanh Quan, Q3, TP. HCM
I 05 Ba Huyen
·
.
NHATNGHE· Tel: 39.322.734 - 39.322.735-Website:
,., A
....'.i,:-k> Leaming
www.nhatnghe.com
42
Phien Ban Thll' Nghifm - Ltru Hanh N{>i B{>
Men,
TRUNG TAM DAO T�O M�NG MAY TINHNBA.T NGiq:
1>61 TAC l>AO T,4.0 CUA MICROSOFI' T,4.1 VIE:T NAM
� � 105 Ba Huyen
NHATNGHc
Thanh Quan, Q3, TP. HCM
. - 39.322.735-Website: www.nhatnghe.com
Microsoft·Pa rtner
• Tel: 39.322.734 Goid Learning
Cho phep user admin, tren tdt ca cac may, dugc tht,rc thi cac l�nh useradd, passwd vm quy�n root
adminl ALL=(ALL) NOPASSWD: /usr/sbin/useradd,/usr/bin/passwd
Login adm1n va thl)'c hi�n t�o user, d6i password cho user v&i quy�n cua root:
c::> Xem va d6i chi€u v&i ly thuy€t cac options mi hQc, y nghfa cua tirng options.
- Thay dBi gia tri cua option HOME thanh "/dulieu/home":
44�!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!�
Phien Ban Thir Nghifm - Llfll Hanh Nqi Bq
..d'..'1te"' TRUNG TAM DAO T�O M�NG MAY TiNHNIIAT NGH:E;
"'/,rJ; 001 TAC BAO T*O CUA MICROS0Ff T� Vl:E:T NAM
105 Ba Huy�n Thanh Quan, Q3, TP. �CM Afictosoft·Pa rtner
-N-HA""!'T_N_G_H-�• Tel: 39.322.734 - 39.322.735- Website: www.nhatnghe.com G�:!d Learning
I SKEL=/etc/skel
�REATE MAIL SPOOL=yes
- Li�t ke n(>i dung trong thu ID\JC /var/home/userd (bao g6m ca file fin):
- Cac file §.n nay duqc t�o default trong thu ml,lc /etc/skel. Khi t�o m6·i m(>t user, rn)i dung trong thu
ID\JC /etc/ske] se duqc tt,r t�o cho m6i user:
#
# Min/max values for automatic uid selection in useradd
#
UID MIN 1000
UID MAX· 60000
# System accounts
SYS-UID-MIN 201
SYS-UID-MAX 999
#
# Min/max values for automatic gid selection in groupadd
#
GID MIN 1000
GID MAX 60000
# System accounts
SYS-GID-MIN 201
SYS-GID-MAX 999
#
# Ifdefined, this command is run when removing a user.
# It should remove any at/cron/printjobs etc. owned by
# the user to be removed (passed as the first argument).
#
#USERDEL CMD /usr/sbin/userdel local
#
# Ifuseradd should create home directories for users by default
# On RH systems, we do. This option is overridden with the -m flag on
# useradd command line.
#
CREATE HOME yes
46�!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Phien Ban Thir Nghifm - LtrU Hanh Nqi Bq
..,.,,I,"'Jte,c,
7fll!'J:
TRUNG TAM DAO T�O M�NG MAY TINHNHA.T NG:e:t
DOI TAC BAO T�O CUA MICROSOFI' T..;.I vitT NAM ':'.'�,�
"\l ..
,.,
NHATNGHE
_ 105 Ba Huyen Thanh Quan, Q3, TP. HCM
. - 39.322.735 -Website: www.nhatnghe.com
Mictosott·Pa rtner
· Tel: 39.322.734 Goi1l Learning
- Day la file dinh nghia cac policy lien quan d€n password: dQ dai password, ngay h€t h�n, ngay
warning...
PASS-MAX-DAYS 99999
PASS.-MIN-DAYS 0
PASS MIN LEN 5
PASS-WARN AGE 7
- File nay ciing cho phep ta dinh nghia khi t�o user mm, c6 t�o home directory khong?
CREATE_HOME yes
- Khi x6a mQt user, co x6a luon group khong? (Group chi c6 m9t member). C6 x6a ca cac cron, job
khong?
- Dung l�nh useradd, t�o user m6i userf, ki�m tra khong th§.y t�o home directory:
- Thu thay d6i cac gia tri khac, va t�o m9t user mai. Xem k€t qua=> cho nMn xet?
File permissions
T�o user, group
r
[toot@aayl w]# 11 -n /data/
total 16
dtwxt-xt-x. 2 0 0 4096 Jul 7 19:25 duli 11.
dtWXl'.- Xl'.-X 0 0 96 l 19 5 ket an e
. 2 40 Ju 77 2 kinhdoa.nll
drwxr-xr-x. 2 0 0 4096 Jul 19::25 o
- - 96 9 5
xr n x. 2 O
40 Ju 7 1 :2 o e
, [· l
r s f:::twar =j l
l =:=: =:=:
L_! � = = = � � :: :: :: :: :: :=:: =: =:=
(output truncated)
The file/directory type
• File type:
Kytµ-
b T�
4��!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Phien Ban Thir Nghifm - LU'U Banh N(}i B(}
"/,r"J;
TRUNq TA� DAO T�� M�NG MAY TINHNHA!NGH:t
..,.,..J:.".lteti,
D6I TAC DAO T�O CUA MICROS0Ff T� V}l:T NAM
-:<.ii,
"I/ ..,
,., � 105 Ba Huyen Thanh Quan, Q3, TP. HCM Afictosoft·Partner
NHATNGHE· Tel: 39.322. 734
. - 39.322.735 - Website: www.nhatnghe.com Goid Learning
Yes lhlebw�.
eermisslons ..
Use Other
Permissions
Luu y: Niu mu6n thay a6i ownership cho m<}t thu myc va cac thu myc con hen trong thi ta
dung option (-R) cho /¢nh chown.
[root@mayl -]#II/data/
total 16
drwxr-xr-x. 2 root nhanvien 4096 Jul 7 19:25 dulieu
drwxr-xr-x. 2 root ketoan 4096 Jul 7 19:25 ketoan
drwxr-xr-x. 2 root kinhdoanh 4096 Jul 7 19:25 kinhdoanh
drwxr-xr-x. 2 kdl nhanvien 4096 Jul 7 19:25 software
Luu y: Niu mu6n thay tl6i group sa hifu cho m{it thu m'f:lc va cac thu m'f:lc con hen trong thi ta
dung option (-R) cho lfnh chgrp.
+ Add Permissions
- Remove Permissions
= Assign Permissions Absolutely
r Read
w Write
x Execute
- Cllp them quy€n write cho nh6m ketoan tren thu m1,1c /data/ketoan/, cac user khac khong dugc phep
truy c�p
[root@mayl -]#chmod g+x,o-xr /data/ketoan/
[root@mayl -]#II/data/
total 16
drwxr-xr-x. 2 root nhanvien 4096 Jul 7 19:25 dulieu
drwxr-x---. 2 root ketoan 4096 Jul 7 19:25 ketoan
drwxr-x---. 2 root kinhdoanh 4096 Jul, 7 19:25 kinhdoanh
drwxr-xr-x. 2 kd1 nhanvien 4096 Jul 7 19:25 software
4.2. Sir dyng s6 nhj phan cho vifc gan quyin truy cJp
Vi dµ:
[root@mayl -]# chmod -R 770 /data/dulieu/
T�o file, thu ffi\lC, kiem tra quy�n truy c�p tren file, thu ID\lC
5. Thay d6i permission v6i setuid, setgid, va sticky bits
execute (group)
write (group)
...._____ rem/ (group)
N�u sum bit dugc thi�t l�p cho m9t (mg di,mg hay file co the thl,l'C thi nao do di�u nay co nghla la
m9t nguai dung khong phai la chu SO hCiu cua tmg di,mg ciing CO the SU' ch�y nhu chfnh chu SO hiiu.
Hay xem m()t vf dv:
AC Ls dugc si'.r dµng trong trm'mg hgp ma cac khai ni�m permission cua file thong thucrng khong c6
hi�u lµc. Chung cho phep gan quy�n cho mqt nguai, ho�c mqt nh6m ca nhan th�m chi khong tuong
(mg v&i owner ho�c owning group
• Access ACL: Ap dµng cho ca file va thu mµc
• Default ACL: Chi ap dµng cho thu mµc. Chung xac djnh quy�n ke thira tir thu mµc cha khi
dugc t�o.
• ACL entry: M6i ACL se bao g6m 1 t�p hgp ACL entries. M(>t ACL entry se chfra 1 lo�i, 1
h�n djnh ma user ho�c group n6 tham chieu den, va m9t t�p hgp cac quy€n.
# setfacl --help
setfacl 2.2.51 -- set file access control lists
Usage: setfacl [-bkndRLP] { -ml-Ml-xl-X ... } file ...
-m, --modify=acl modify the current ACL(s) of file(s)
-M, --modify:-file=file read ACL entries to modify from file
-x, --remove=acl remove entries from the ACL(s) of file(s)
-X, --remove-file=file read ACL entries to remove from file
-b, --remove-all remove all extended ACL entries
-k, --remove-default remove the default ACL
--set=acl set the ACL offile(s), replacing the current ACL
--set-file=file read ACL entries to set from file
--mask do recalculate the effective rights mask
-n, --no-mask don't recalculate the effective rights mask
q�!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!�
5 Phien Ban Thll' Nghifrn - Ltru Hanh Nqi Bq
7,rJ;
TRUNG TAM DAO T�O M�NG MAY TINHNHA.T NGm;
.AA1-,,,eJC,
1>61 TAC BAO T�O CUA MICROSOFT T� V.q:T NAM
:::41"1�
..,
--.,---
NHATNGHc
.,.
105 Ba Huyen Thanh Quan, Q3, TP. HCM
. - 39.322.735- Website: www.nhatnghe.com
Mictosoft· Partner
· Tel: 39.322.734 Goi(l Leaming
Ki�m tra: LAn luc;rt login user kd 1, ktl, u 1, u2 thi,rc hi�n truy c�p thu muc/data v6i cac quy�n read,
write
Bay gia thu dung ch mod ho�c sclfocl d� disabled quy�n write cua group class xem sao,
[root@Jocalhost -]# setfacl -m m::rx /data/
root@localhost -]# getfacl /data/
getfacl: Removing leading'/' from absolute path names
# file: data/
# owner: root
# group: giamdoc
user::rwx
user:u I :nvx #effective:r-x
group::rwx #effective:r-x
group:kinhdoanh:rwx #effective:r-x
group:ketoan:r-x
mask::r-x
other::---
output cua l�nh Is cho th!y mask bits da dugc di�u chinh v6i setfacl:
[root@1oca1host -]# 11 -d /data/
drwxr-x---+ 4 root giamdoc 4096 Apr 16 15:28 /data/
K�t qua: cit ca cac user khong th� write tren thu mvc /data
Default ACL djnh nghia t!t ca cac quy�n truy c�p k� thira tir thu mvc nay khi n6 dugc t�o. default
ACL anh huong d�n cac thu m1,1c con cfing nhu la cac files.
Dung getfacl tren tm1,tm2,tm3 thi chi co tm3 bi anh hucrng cua Default ACL
Ki�m tra u l
[ul@localhost dulieu]$ mkdir tm1/ul
·
mkdir: cannot create directory 'tm 1 /u 1 ': Permission denied
[u l@loca1host dulieu]$ mkdir tm3/u 1 ; thanh cong
Ki�m tra u2
[u2@1ocalhost dulieu]$ 11 tm 1
total 8
drwxr-xr-x 2 root root 4096 Apr 17 14:54 tml 1
drwxr-xr-x 2 root root 4096 Apr 17 14:54 tm12
[u2@localhost dulieu]$ II tm3
Is: cannot open directory tm3: Permission denied
6.3 Vi dy
Cong ty ABC co 3 phong ban: kinh doanh, k� toan, ban giam d6c
Cay thu mvc du li�u:
/data/
t--giamdoc
Lketoan
kinhdoanh
56�!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Phien Bin Thir Nghifm - Ltru Hanh N{,i B{,
Men,
TRUNG TAM DAO T�O M,:\NG MAY TiNHNBATNG:et ..../1.I
D6I TAC DAO T�O CUA MICROSOFT T�I VI.f;T NAM �� "\!,.,
NHATNGHE
,., I 05 Ba Huyen Thanh Quan, Q3, TP. HCM
A
.
Microsolt·Pa rtner
· Tel: 39.322. 734 - 39.322. 735 - Website: www.nhatnghe.com Gold Learning
Nhan vien Cua phong ban nao chi CO th€ dugc quy€n truy C�p vao thu ffi\lC Cua phong ban do,
user rtao �o thi chi user d6 x6a
User trucmg phong nao dugc x6a dii li�u cua phong d6
Ban giam d6c c6 th€ vao dugc tfrt ca phong ban
Giam d6c dugc quy€n truy c�p va chinh sua/x6a file/folder cua tfrt ca cac prong ban khac:
buo·c I:
- Them vao t�p tin /etc/at,deny, n9i dung sau:
nvl
nv2
bu&c 2:
- t�o user nvl , nv2 va password (xem them �o user)
- login vao nvl , nv2 ki�m tra.
- Minute: 0 =>59
- Hour: 0 =>23
58�!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Phien Ban Thi'r Nghifm - Llfll Hanh Ni}i Bi}
� ! NGHl:
TRUNq TA¥ DAO T�� M�NG MAY TiNH NBA
...J'..'Jt� DOI TAC BAO T�O CUA MICROSOFT T�I. VJl;T NAM
7frX
"':�I�
"-'?··,
-�.,--- 105 Ba Huyen Thanh Quan, Q3, TP. HCM MICl'OSOft· Partner
NHAT NGH •�
Tel: 39.322.734 - 39.322.735-Website: www.nhatnghe.com Goid Leam.ing
# vi /etc/clamd.d/scan.conf
8 #Example
85 Loca]Socket /var/run/clarnd.scan/clamd.sock
LibClamAV Warning:**************************************************
Enable on startup
#systemctl enable clamd@scanservice
Khoi d(>ng va ki€m tra clamd
# systemctl start clamd@scanservice
# systemctl status clamd@scanservice
Cac cong vi�c l�p lich se dugc hru trong thu mvc:/var/spool/cron
Ti8n hanh quet virus
# clamdscan /data/*
Ho�c
# clamdscan -c /etc/clamd.d/scan.conf /data/*
hvl
2. Syslog Deamon
2.1. Xem file du hinh rsyslog
[root@mayl -]# vi /etc/rsyslog.conf
D /pr: M th6ng in An
D mark: nhfmg thong bao duqc generated bc'ri ban than syslogd. No chi chi'.ra m(>t bi€n
timestamp va m(>t chu6i "--MARK--".
D · news: h� th6ng tin rue
D syslog: nhilng thong bao duqc generated bc'ri ban than syslogd.
D user: thong bao v8 cdp ngucri dung chung
D uucp: h� th6ng con UUCP
D loca/0 to loca/7: dg trii cho sir d\lng n(>i b(>
Level: Mi'.rc d(> ma messages se duqc logged, bao gfim:
D debug: cac messages CJ ch€ d(> debug
D info: messages mang thong tin
D notice: messages mang tinh cMt thong bao
D warning (ho�c warn): messages canh bao
D e" (ho�c error): messages 16i
D crit: messages nguy hi�m
D alert: messages v8 cac hanh d(>ng phai duqc thµc hi�n ngay
D emerg (ho�c panic): messages khi h� th6ng khong th� dung duqc nfra
Ngoai ra con m()t mi'.rc d�c bi�t duqc g9i la none, mi'.rc nay se disable Facility di cung. Ddu sao [*] co
th� duqc sir di,mg d� mieu ta cho tdt ca cac Facilities ho�c tdt ca cac Levels
- Ki�m tra file daemon.log duqc sinh ra sau khi restart syslog server:
[root@mayl -]# II /var/log/laplich
-rw------- 1 root root 140 Jul 10 20: 17 /var/log/laplich
Luu l�i nhiing thong tin logs dang gia trong 4 tuAn
create new nes
T�o ra file mm sau khi xoay vong
Ynghia:
- Xen file cron g6c v� 0, sau khi chep n9i dung vao file cron. l, file cron.1 dugc chep thanh
cron.2...
- Log files are rotated every day log - file log dugc su d1,1ng m6i ngay;
- rotated bat cir khi nao kich thu6c file la I OMbyte
- NSu 1 file log bj m�t (cron.2) thi cron.3 -->cron.2; va ko bao 16i
- Luu l�i 3 file:cron, cron.1, cron.2, cron.3
· - TaQ file nen cron.gz
- Khong quay nSu file r6ng
Cac tham s6 khai bao i:J cac file nay co d9 uu tien cao han cac tham s6 khai bao trong file
/etc/logrotate.conf.
Cachl
-- -�---
- -
-
111i1� TRUNGTAM DAO T�O M�G MAYTINHNHA.TNGHi
D6I TAC DAO T.�O CUA MICROSOFT T..;,I VJl;T NAM
I 05 Ba Huyen Thanh Quan, Q3, TP. HCM M"ICIOSOlt' Partner
NHATNGHE .
� A
Ch�y l�nh sau nhi8u lAn th\fc hi�n vi�cquay vong sir dvng file log:
logrotate -f -s /var/lib/logrotate.status /etc/logrotate.d/cron
Xemk�tqua:
[root@localhost-]# II /var/log/cron*
-rw-------. 1 root root O Jul 9 18:51 /var/log/cron
-rw-------. 1 root root 24 Jul 9 18:51 /var/log/cron.1.gz
-rw-------. 1 root root 24 Jul 9 18:50 /var/log/cron.2.gz
-rw-------. 1 root root 818 Jul 9 18:50 /var/log/cron.3.gz
[root@.localhost -]#
64,!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!�
Phien Ban Thfr Nghifm - Llru Hanh N{,i B{,
Men,
TRUNG TAM f>AO TAO MANG MAY TINHNHAT NGHE
D6I TAC BAO T�O CUA MICROSOFT T� VJ¥T NAM
-::�"'"I�
... .,,. 105 Ba Huyen
NHATNGHc .
Thanh Quan, Q3, TP. HCM Afictosoft·Partner
· Tel: 39.322.734 - 39.322.735- Website: www.nhatnghe.com Goid Learning
PIO: process ID
PPID: Parent process ID
For BSD formats and when the stat keyword is used, additional characters may
be displayed:
< high-priority (not nice to other users)
N low-priority (nice to other users)
L has pages locked into memory (for real-time and custom 10)
s is a session leader
I is multi-threaded (using CLONE_THREAD, like NPTL pthreads do)
+ is in the foreground process group
66�!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Phien Ban Thir Nghifm - Llru Hanh Nqi Bq
TRUNG TAM E>AO T�O M�NG MAy TINH NBAT NGJil:
.....A.l'..'lte"-
"ffllf'J: D6I TAC D.AO T,;.O CUA MICROSOFT T..;.I VItT NAM
,., A I 05 Ba Huyen Thanh Quan, Q3, TP. HCM
NHATNGHE· Tel: 39.322.734 . - 39.322.735- Website: www.nhatnghe.com
Afictosoft·Pa rtner
Go!,; Learning
[root@localhost -]# ps -u ul
PIO TTY TIME CMD
2057 tty2 00:00:00 bash
2089 tty2 00:00:00 me
2090 ? 00:00:00 cons.saver
2091 pts/5 00:00:00 bash
kill PIO
[root@localhost -]# pkill 2089 # 2089 la PIO cua me do ul khoi r�o
[root@localhost-]# pkill me
f
L�nh killall: dugc dung khi mu6n kill t�t ca cac process vo ten ch�c chin. Luc nay khong d.n dung
ps d� tim PIO. Vi di.i: # killall httpd
[root@localhost-]# jobs
[1]+ Stopped me
[2] Running sleep 1000 &
[3]- Running sleep 1500 &
L�nh top
[root@localhost-]# top
top - 16:42: 11 up 1:02, 5 users, load average: 0.00, 0.00, 0.00
Tasks: 100 total, 1 running, 98 sleeping, 1 stopped, 0 zombie
Cpu(s): 0.1 %us, 0.2%sy, 0.0%ni, 99.3%id, 0.4%wa, 0.0%hi, 0.0%si, 0.0%st
Mem: 1030888k total, 216616k used, 814272k free, 26804k buffers
Swap: 2047992k total, Ok used, 2047992k free, 118520k cached
. 68�!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Phien Ban Thll' Nghifm - Llfll Hanh Nqi Bq
..,.1'2 TRUNG TAM DAO TAO MANG MAY TINHNHA.T NGHE
7,r'J; e/tl D6I TAC DAO T�O CUA MICROSOFT T�I vq:T NAM -:�Ji.
""'
-N-H.A_T_N_G_H-�
105 Ba Huy�n Thanh Quan, Q3, TP. i:iCM Mictosoft·Pa rtner
• Tel: 39.322.734 - 39.322.735- Website: www.nhatnghe.com Go!d Learning
Co thS SU dvng ti�n ich htop dS xem va ki�m soat cac ti�n trinh
[root@localhost-]# df-lTh
Filesystem Type Size Used Avail Use%Mounted on
/dev/sda2 ext4 34G 5.2G 27G 17%I
devtmpfs devtmpfs 922M 0 922M 0% /de·.;
tmpfs tmpfs 931M 84K 931M 1%/dev/shm
NHAT NGHI;
,, A 105 Ba Huy�n Thanh Quan, Q3, TP. HCM Aficrosoft·Pa rtner
Tel: 39.322.734 - 39.322.735-Website: www.nhatnghe.com Goid Learning
Xem dung lm;mg ciia m9t hay nhi�u files: du -f (hay du -lb)
- Mount va Umount m(>t M thdng t�p tin khi khcri d(>ng: Si'r d1,mg file /etc/fstab
- Xem n(>i dung file /etc/fstab: cat /etc/fstab
[root@mayl -]# cat /etc/fstab
# /etc/fstab
# Created by anaconda on Tue Jun 26 21:04:24 �012
# Accessible filesystems, by reference, are maintained under '/dev/disk'
# See man pages fstab(5), findfs(8), mount(8) and/or blkid(8) for more info
#
UUID=b9d73479-a29f-4167-8ce0-4t2bd83da3ef I ext4 defaults 11
UUID=ae65c65d-555c-4227-a850-a9b51294cd10/boot ext4 defaults 12
UUID=072b5c7c-6aa8,4631-8752-e4cd5cd58 J b9 swap swap defaults 00
tmpfs /dev/shm tmpfs defaults 00
devpts /dev/pts devpts gid=5,mode=620 00
sysfs /sys sysfs defaults 00
I roe proc defaults 00
Dump
frequency
74�!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Pbien Ban Thir Nghifm -Llru Hanh Nqi Bq
Me,i
,.,
TRUNG TAM DAO TAO MANG MAY TiNHNHAT NGHE
f>6I TAC f>AO T�O CUA MICROSOFT T�I VI:E;T NAM
� · 105 Ba Huyen Thanh Quan, Q3, TP. HCM MiclOsoft· Partner
NHAT NGH� Tel: 39.322.734 - 39.322.735- Website: www.nhatnghe.com Gcid Leaming
76�!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Phien Ban Thir Nghifm - Llfll Hanh Nqi Bq
TRUNG TAM oAo T�O M�G MAY TiNHNHAT NGfll ....�l
.-.AL'lten- ��
7ffr'J: B6I TAC B.AO T�O CUA MICROSOFT T�I VJ:E:T NAM -.:,.,
NHATNGHE
,., 105 Ba Huyen Thanh Quan, Q3, TP. HCM
A
. Aficrosoft·Partner
· · Tel: 39.322.734 - 39.322.735- Website: www.nhatnghe.com Goici Leaming
- T�o phan khu logical th(r 2 l�y hth dung luqng dia con l�i:
- Thl,l'c hi�n tuong tl,l' d� t�o cac partition cha dia /dev/sdc, /dev/sdd Nhung cdn chu y chi
duqc t�o t6i da 4 ·partition (primary partition + extended partition).
Chu y: Dung l?nh mkfs ttd thay t/<5i partition type cho cac partitions sao khi /(JO xong bang
l?nhfdisk.
OS type: Linux
Block size=4096 (log=2 )
Fragment size=4096 (log=2 )
Stride=O blocks, Stripe width=O blocks
328656 inodes, 1313298 blocks
6566 4 blocks (5.00%) reserved for the super user
First data block=O
Maximum filesystem blocks=13 46371584
41 block groups
32768 blocks per group, 32768 fragments per group
· 8016 inodes per group
Superblock backups stored on blocks:
32768,98304 , 163840,229376 ,29 4912 ,819200,884736
7M�!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Phien Ban Thir Nghifm - Llfll Hanh Nqi Bq
TRUNG TA.M DAO T�O M,:\NG MAY TINHNHATNG�
-A1'Tle/ft :l�,�
"ffll:X B6I TAC BAO T�O CUA MICROSOFT T�l VJl;TNAM " ..,
., 105 Ba Huy�n Thanh Quan, Q3, TP. HCM
A
- Thl,fc hi�n l�nh mount -o remount /data/ketoan (hay khc'ri d<}ng l�i server)
[root@mayl '""]# mount -o remount /data/ketoan
- Thl,fc hi�n quotacheck:
[root@mayl -]# quotacheck-avug
-a: Ki�m tra tit ca nhung h� th6ng t�p tin du hinh quota.
-v: Hi�n thi thong tin tr�ng thai khi ki�m tra.
-u: Ki�m tra quota cua ngucri dung.
-g : Ki�m tra quota cua nh6m.
N�u chua t�o t�p tin luu trii thong tin du hinh cua user () va nh6m () trong /data, Thi khi ch�y l�nh
quotacheck se bao 16i khong tim thfty d6ng thai cung se w t�o 2 t�p tin tren aquota.user,
aquota.group trong /data.
Ki�m tra 2 files luu trii thong tin du hinh quota: ls -'I /data
quota-u ul
* Ngoai ra ta c6 th€ su di,mg l�nh quotastats, repquota d€ xem m(>t s6 thong tin th6ng ke v€
quota
LVM la m9t phuong phap cha phep §.n djnh khong gian dia cung thanh nhiing Logical Volume khien
cho vi�c thay d6i kich thu&c trcr Jen de dang. H6 trg thay d6i kich thu&c ma khong cdn phai sua l�i
partition table CUa h� di�u hanh. Di�u nay th1JC SIJ hfiu ich VOO nhiing trucmg hgp Oa SU di.mg het phdn
khong gian con tr6ng cua,partition va mu6n mcr r(mg dung lugng cua no.
volgl volg2
4G
/data/ketoau -- logd sdbS 56 sdb6 36
logv3 - /data/soft
6G
/(lata,:ld11luloanl1 - logv2 sdcS 56 sdc6 36
sdd5 56 sdd6 36
Command,(m forhelp): p
Device Boot Start End Blocks , Id System
/dev/sdbl 1 1044 8385898+ 5 Extended
/dev/sdb5 1 654 5253192 83 Linux
/dev/sdb6 655 1044 3132643+ 83, Linux
- Dung l�nh fdisk d� thay d6i ki�u cua cac partion la Linux LVM
I [root@mayl -]#
- Ki�m .---���������������������������--,
tra
[root@mayl -]# lvs
LV VG Attr LSize Origin Snap% Move Log Copy% Convert
logvl volgl -wi-a- 4.00g
logv2 volgl -wi-a- 5.00g
logv3 volg2 -wi-a- 5.00g
Ma r9ng logv2
[root@mayl -]# lvextend -L +3G /dev/volgl/logv2
Extending logical volume logv2 to 8.00 GiB
Logical volume logv2 successfully resized
84�!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Phien Ban Thii' Nghi�m - L1r11 Hanh Nqi Be)
�,, "Jle,i, TRUNGTAM oAo T�O M�G MAY TiNHNHA.T NGH:t:
L
�/,r'J; D6I TAC DAO T�O CUA MICROSOFI' T� VlE:T NAM �� ",.,
105 Ba Huy�n Thanh Quan, Q3, TP. �CM Mictosoft·Pa rtner
-N-H ...
A_T_N_G_H_E· Tel: 39.322.734 - 39.322.735- Website: www.nhatnghe.com Ge;,; Learning
/dev/mapper/vo]gl-Jogvl
ext4 4.0G 136M 3.7G 4% /data/ketoan
/dev/mapper/vo1gl-1ogv2
ext4 7.9G 140M 7.4G 2% /data/kinhdoanh
/dev/mapper/vo1g2-1ogv3
ext4 5.0G 138M 4.6G 3% /data/soft
86�!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!�
Phien Ban Tbir Ngbifm - Ltru Hanh Nqi Bq
-'e"'
rt
TRUNG TAM DAO T�O M�G MAY TINHNHA.T NG�
B6I TAC B.AO T�O CUA MICROSOFT T�I viiT NAM
.,. 105 Ba Huyen Thanh Quan, Q3, TP. HCM Aficrosoft·Pa rtner
::�I�
..: ..,
Kh<'ri d(>ng linux tir dfru nhic grub> (gia su mfrt file /boot/grub2/grub.conf)
rurJ> ls
(LdB) (hd0.Msrlos3) (hrl0. Msdos2) (hd0.nsdos1) (fd0)
Tllb)
Grub>ls (hd0,1)/ ho�c
Grub>ls -1 (hdO,msdos1)/
grub> ls 01d0.Msdos1)/
lost+founct/ grub/ yrubl/ initraMfs-3.10.0-229.el7.x86_64. iHy S
229.el7.x86_64 config-3.10.0-229.el7.x86_64 syMvers-3.10.0-229
linuz-3.10.0-229.el7.x86_64 initraMfs-0-rescue-2e62928b9dBc4bd
. iMg VMlinuz-0-rescue-2e62928b9d0c4bd3ba2044b87a77eBd2 initrd
raMfs-3.10.0-229.el7.x86_64kduMp. iMg vHlinuz-3.20.0-229.el7.xB
20. 0-229.el 7. x86 64. iHa
grub> ls (hd0.1)/
lost+found/ yrub/ grub�/ initraMfs-3.10.0-229.el7.x86_64. iMg S
229.e17.x86_64 config-3.10.0-229.e17.x86_64 syHvers-3.10.0-229
linuz-3.10.0-229.el7.x86_64 initraMfs-0-rescue-2e62928b9d0c4bd
.iMg VMlinuz-0-rescue-2e62928b9d0c4bd3ba2044b87a77e0d2 initrd
raMfs-3.10.0-229.el7.x86_64kduMp.iMy vMlinuz-3.20.0-229.el7.x8
20.0-229.el7.x86_64. iMy
rub> ls Chd0,2)/
lost+found/ boot/ dev/ proc/ run/ sys/ etc/ root/ tHp/ var/
ib64 hoMe/ Media./ Mnt/ opt/ srv/ data/
rub> _
Grub>set root=hd0,2
Grub>linux (hd0,l)/vmlinuz-3.10.0-229.e17.x86_64 root=/dev/sda2
Grub>initrd (hdO, 1)/initramfs-3.10.0-229.el7.x86_64.img
Grub>boot
#mkdir /tam
#mount /dev/sdal /tam
Ti�n hanh sfra chfra
T�o ban sao cua kernel hi�n hanh va d�t ten la new-duplicate-kernel
# cp vmlinuz-3.10.0-229.el7.x86_64 vmlinuz-3.20.0-229.el7.x86_64
Chep dong 76790 vao sau dong 90, sira l{l.i nhu sau:
91 menuentry 'He dieu hanh..CentOS Linux 7 (Core), with Linux 320.0-229.el7.x86_64' --class rhel
fedora --class gnu-Iinux --class gnu --clas s os --unrestricted $menuentry _id_option 'gnulinux-
3.10.0-229.el7.x86_64-advanced-92dd65a3-6293-4f7c-ac60-8cc0599cfe87' { 92 load_video
93 set gfxpayload=keep
94 insmod gzio
95 insmod part_msdos
96 insmod ext2
97 set root='hdO,msdos1'
98 if [ x$featuie_platform_search_hint = xy ]; then .
99 search --no-floppy --fs-uuid --set=root --hint-bios=hdO,msdosl --hint-:efi=hdO,msdos l --
hint-baremetal=ahciO,msdos1 --hint='hdO,m sdos l ' d 1 bf360f-50b5-459d-92f5-195aa5215f54
100 else
101 search --no-floppy --fs-uuid --set=root d I bf360f-50b5-459d-92f5-l 95aa52 l 5f54
102 fl
103 linux16 /vmlinuz-3.20.0-229.el7.x86 64 root=UUID=92dd65a3-6293-4f7c-ac60-
8cc0599cfe87 ro crashkernel=auto rhgb quiet LANG=en_US.UT F-8
104 initrdl6 /initramfs-3.20.0-229.e17,x86_64.img
105}
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!89
Phien Bin Thir Nghifm - Llfll Hanh Nqi Bq
?llil�
,..,
TRUNG TA.M DAO T�O M�G MAY TINHNHA.T NGiq:
D6I TA.C DAO T*O CUA MICROSOFT T*I VI:E;T NAM
� 105 Ba Huyen Thanh Quan, Q3, TP. HCM Microsoft" Partner
NHATNGHE· Tel: 39.322.734
. - 39.322.735- Website: www.nhatnghe.com '.'i,.•i:� Leamir.ig
-Ch9n Kernel boot CentOS 7 (core) sau d6 ch9n phim e d� edit m1,1c nay
Dung phim miii ten chuy�n xu6ng dong cu6i cung (linux l6 ....)
insHod part_Hsdos
insMod ext2
set root='hd0.Msdos1'
if [ x$feature_platforM_search_hint = xy ]: then
search --no-floppy --fs-uuid --set=root --hint-bios = hd0,Hsdo
t-efi=hd0,Msdos1 --hint-bareMetal=ahciB,Msdosl --hint='hd0,Msdos1' d1
0b5-459d-92f5-195aa5215f54
�lse
search --no-floppy --fs-uuid --set=root d1bf360f-50b5-459d-9
a5215f54
fi
linux16 /vMlinuz-3.10.0-229.el7.x86_64 root=UUID=92dd65a3-6293
60�Bcc0599cfe87 ro crashkernel=auto rhgb quiet LAHG=en_US.UTF-8
initrd16 /initraMfs-3.10.0-229.el7.xB6_64�iMg
Nhin "Ctrl+x"
#chroot /sysroot ; truy c�p vao system
. Th\lC hi�n l�nh passwd d8 thay d6i rh�t khdu cho user root.
#passwd root
"'ftr'J:. DOI TAC DAO T�O CUA MICROSOF'f T�I VJ¥T NAM
---- 105 Ba Huy�n Thanh Quan, Q3, TP. HCM Miclosolt' Partner
NHAT NGH� Tel: 39.322.734 - 39.322.735- Website: www.nhatn he.com -:�:.>! :: Leaming
Reboot, nh!n "e'' dS vao ch� d<) single user se yeu du username, pass
DS bo pass cua grub, ma file grub.con[ ch�n d!u # tru&c dong 120,121
+Tfo Password cho Protect Grub2 i1 dfng mi boa
Restore file grub.cfg va 10_linux
#cp /boot/grub2/grub.cfg.orig /boot/grub2/grub.cfg
#cp /etc/grub.d/1O_linux�orig /etc/grub.d/1O_linux
Them vao cu6i file IO_linux (b6 ph�n du hinh tru&c c16)
cat<< EOF
set superusers="ngoc"
password_pbkdf2 ngoc
grub.pbkdt2.sha512.10000.188243F5C3 7E23C5FF35A 7F930CC5BF I FC I EB7D0287F AD8
D0284E722DDCC62D149BF4F5A9EFE22B03CDOEDAF67F9498F1D428938DD6CED1C
4B2903AB0735F07F.11B9EA350346CFC ID2288EOC I 0421DC2992A8B8EC54543F7CB
DA43C78D7FF509E8F08409E7319FOC6621C7CB6203388BC17987D90FBO l 5A6825580F
3D5A4D935
EOF
T,o file grub.conf co user, pass
# grub2-mkconfig --output /boot/grub2/grub.cfg
Xem k�tqua:
# vi /boot/grub2/grub.cfg
Ki�m tra l�i danh sach cac Services d.rgc n�p vao khi khcri d9ng;
94�!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!e
Pbien Ban Thii' Nghifm - Lll'U Hanh N{>i B{>
-i,,ett, TRUNG TAM f>AO TAO MANG MAY TiNHNIIATNGHE
.AA�..
#Vidul.sh
i=50;
groupadd g-marketing
while [ $i -gt O]
do
useradd -G g-marketing kd$i
passwd --stdin kd$i << end
123456
123456
end
i='expr $i - 1'
done
96�!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!�
Phien Ban Thir Nghifm - LtrU Hanh Nc)i Be)
TRUNG TAM DAO T�O M�G MAY TiNHNIIAT NG8¥
_...,.,1'.."'.Re,,t,
--,,---A
"f,r'J;
NHAT NGH� Tel:
DOI TAC B.AO T�.O CUA MICROSOFT T�I V£E;T NAM
I 05 Ba Huyen Thanh Quan, Q3, TP. HCM
39.322. 734 - 39.322.735 - Website: www.nhatnghe.com
Mictosoft·Pa rtner
c,.,:ld Learning
LANG=en US.UTF-8
SSH_ASKPASS=/usr/libexec/openssh/gnome-ssh-askpass
SHLVL=3
HOME=/root
GNOME-DESKTOP-SESSION-ID =Default
LOGNAME=root
CVS RSH=ssh
DBUS_SESSION_BUS_ADDRESS=unix:abstract=/tmp/dbus.:.
17eKbDTtFR,guid=2bf64b4b984bcbcc92d9 l e5e14642c00
LESSOPEN=lfusr/bin/lesspipe.sh %s
DISPLA Y=:0.0
G-BROKEN-FILENAMES=!
COLORTERM=gnome-terminal
XAUTHORITY=/toot/ .Xauthority
_=/usr/bin/printenv
[root@serverl -]#
Bien moi trucmg C\J.C b(>: Local environment variables chi thdy duqc trong shell t�o ra no
97
Phien Ban Thir Nghifm - Llru Hanh N{>i B{>
TRUNG TAM DAO T�OM�NG MAY TiNHNIIATNG8¥
...A.J'.."2e,t, B6I TAC BAO T..;_O CUA MICROSOFT T.;.I \'IE:T NAM
r-/ffl:'X ��·- ..
� _ l 05 Ba Huyen Thanh Quan, Q3, TP. HCM Miclosolt" Partner
NHATNGHE :
· Tel: 39.322. 734 - 39.322.735 - Website: www.nhatnghe.com
Nhfrng bi�n toan C\JC va C\JC b9 dugc djnh nghia bai cac ky ti,r hoa, vi d1,1: USER, HOSTNAME ...
$ echo $USER
$ echo $HOME
$ echo $HOSTNAME
98�!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Phien Ban Thir Ng�ifm - LtrU Hanh Nqi Bq
Men, TRUNG TAM DAO T�O M�NG MAY TINH NBAT NGfll:
1>61 TA.C DAO T�O CUA MICROSOFT T� VJt;T NAM
105 Ba Huyen Thanh Quan, Q3, TP. HCM
��
�.-,
Microsoft· Partner
NHAT NGH�
., A
- Khong co khoang trAng giua hai hen diu bing khi gan gia tri bi�n.
Vi dv: Cac khai bao sau se co 16i:
$ vall =10
$ val2= 10
$ va13 = 10
- Khong si'.r di,mg cac ky ti!?, * ...d� d�t ten cho .bi€n.
In va truy c�p gia trj cua UDV:
$variablename
Ho�c echo $variablename
Ki tg Chuc nang
Vi dv sau nhilc nguai sir d1,1ng nh�p vao ten file duqc copy :
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!99
Phien Ban Thir Nghifm - Ltr0 Hanh Nqi Bq
DAO T�� M�NG MAY TiNHNHATNGH¥
.AA1'1le't' T�UNq TA�
"ffrX DOI TAC BAO T�O CUA MICROSOFT T� \'1¥TNAM
105 Ba Huy�n Thanh Quan, Q3, TP. HCM Miclosoft' Partner
NHAT NGH� Tel: 39.322.734 - 39.322.735- Website: www.nhatnghe.com
� A
# Name : vidu2:sh
echo $0
echo $1 $2
echo $3
Gia SU' ta nh�p vao dong l(mh sau :
vd2.sh -s Truong "tin hoc" "nhat nghe"
. k€Jt qua la
vd2.sh
Truong tin hoc
nhat nghe
Dang I
If command
Then
Commands
Fi
Dang2
If command
Then
Commands
Else
Commands
Fi
x Dang3
If command]
Then
Command set 1
Elif command2
Then
Command set 2
Elif command]
Then
So sanh Mota
NJ eq n2 Dung neu n 1 bang n2.
NJ gen2 Dung neu nl Ion hon ho�c bang n2.
NJ gtn2 Dung neu nl Ion hon n2
NJ len2 Dung neu nl nho hon ho�c bang n2
NJ It n2 Dung neu n 1 nhcr hon n2
NJ nen2 Dung neu n I khong bang n2
Echo"Nhap so a:"
Read a
Echo"Nhap so b:"
Read b
If [$a-It $b]
Then
Echo"so $a nho hon so $b"
Elif [ $a-eq $b]
Then
Echo"so $a bang so $b."
Else
Echo"so $a Ion hon so $b.. "
Fi
vidu4.sh
# !/bin/bash
Vall= lO
Val2=11
If [ $vall -gt 5]
Then
Echo "Gia tri $val1 Ion hon 5"
Fi
If [ $vall -eq $val2]
Then
Echo "2 gia tri bang nhau"
Else
Echo "hai gia tri khac nhau"
Fi
So sanh Mota
Strl = str2 E>ung neu chu6i sir 1 }!ion}! chu6i str2.
Strl ! = str2 E>ung neu chu6i sir] khac chuoi sir2.
Strl < slr2 Dung neu chu6i slrl nho hcrn chu6i str2.
Strl > slr2 E>ung neu chu6i sir1 Ian han chu6i str2.
-n strl Dung neu chuoi sir1 co t/9 dai Ian han 0.
-z strl E>ung neu chu6i sir1 co t/9 dai ban}! 0.
$ vidu5.sh
#!/bin/bash
# so sanh bang
Read -p "nhJp ten user:" testuser
If [ $USER != $testuser]
Then
Echo "User hien tai khong la $testuser"
Else
Echo "Ban dang longin vai $testuser"
Fi
$ vidu6.sh
#!/bin/bash
# kiem tra do dai chuoi
Val I =testing
Val2="
If [ -n $val l ]
Then
Echo "The string '$val I' is not empty"
Else
Echo "The string '$val 1' is empty"
· Fi
If [ -z $val2]
Then
Echo "The string '$val2' is empty"
Else
Echo "The string '$val2' is not empty"
Fi
If [ -z $val3]
Then
Echo 11 The string '$val3' is empty"
Else
Echo "The string '$val3' is not empty"
Fi
$ .I vidu6.sh
The string 'testing' is not empty
The string '' is empty
The string " is empty
-xfile
-0 file
-G le la user hi�n hanh,
File] -ntfile2
File] -ot le2
#!/bin/bash
# kiem tra file nhap vao la file hay thu m1,1c
Cuphap
$ vidulO.sh
vidul 1.sh
vidu12.sh
gh
vidul3.sh
Varl=lO
While [ $var I -gt O]
Do
Echo $varl
Var1=$[ $varl - 1] # tuong duong voi: varl='expr $varl - 1 '
Done
vidu14.sh
Varl=lOO
Until [ $var! -eq O]
Do
Echo $var!
Vari=$[ $varl - 25]
Done
Var1=5
While [ $varl -ge O ]
Do
Echo "Outer loop: $varl"
For (( var2 = 1; $var2 < 3; var2++ ))
Do
Var3 = $[ $varl * $var2]
Echo " Inner loop: $varl * $var2 = $var3"
Done
Var1=$[ $varl - 1]
Done
Varl =3
Until [ $var1 -eq O]
Do
Echo "Outer loop: $var I"
Var2 = 1
While [ $var2 -It 5]
Do
Var3='echo "scale=4; $varl I $var2" I be'
Echo " Inner loop: $var1 I $var2 = $var3"
Var2 =$[ $var2 + 1]
Done
Yar1=$[ $varl - I ]
Done
For varl in 1 2 3 4 5 6 7 8 9 10
Do
If [ $varl -eq 5]
Then
Break
Fi
Echo "Gia tri tiep theo: $var1"
Done
Echo "Vong lap for hoan thanh"
vidul8.sh
vidu19.sh
vidu20.sh
vidu21.sh
vidu22.sh
vidu23.sh
#tao menu
Function diskspace {
· Clear
,#'-,
Df-k
}
Function whoseon {
Clear
Who
}
Function memusage {
Clear
Cat /proc/meminfo
}
Function menu {
Clear
Echo
Echo -e. "\t\t\tsys Admin Menu\n"
Echo -e "\tl. Display disk space"
Echo -e "\t2. Display logged on users"
Echo -e "\t3. Display memory usage"
Echo -e "\tO. Exit program\n\n"
Echo -en "\t\tenter option: "
Read -n I option
}
D9an script tren se t�o ra menu c6 cac chuc nang nhr sau:
Enter option:
11�01!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!�
Phien Ban Thll' Nghifm - Llfll Hanh Nqi B9
TRUNG TA.M DAO T�O M�NG MAY TiNH NIIAT NGIQ:
..,..J'..'Jle,f, 1>61 TAC l>AO T�O CUA MICROS0Ff T� VJt;T NAM
"/,rJ;
-:�i�
�--,
105 Ba Huyen Thanh Quan, Q3, TP. �CM
-NH_A_T_N_G_H_�• Tel: 39.322.734 - 39.322.735-Website:
Microsoft· Partner
www.nhatnghe.com G,1ic.i Learning
,ff{06/20/6
gh
1. Kernel module:
Xem version cua kernel b�ng l�nh:
[root@localhost-]# uname -a
Linux localhost.localdomain 3.10.0-229.el7.x86 64 #1 SMP Fri Mar 6 11:36:42
UTC 2015 x86 64 x86 64 x86 64 GNU/Linux
11•2!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Phien Ban Thir Nghifm - Lll'll Hanh Nqi B9
,. AL"Tleft! · TRUNG TMf DAO T�O M�NG MAY TINHNHA.T NGH.f;
"fl,rx Bl>I TAC BAO T40 CUA MICROSOFT T4J VJ¥T NAM
---- I 05 Ba Huy�n Thanh Quan, Q3, TP. HCM Mictosoft·Pa rtner
NHAT NGHe Tel: 39.322. 734 - 39.322.735 - Website: www.nhatnghe.com G,,id Leaming
N�u bao Jfii vi module nay ph\l thu(>c vao m(>t module khac chua duqc insert. Tim trong fiJe
/Jib/modules/3.10.0-229.e17.x86_64/modules.dep d8 bi�t m6i quan he ph\l thu(>c.
2. Compiling kernel
Cai thu vi�n : .
# yum install gee ncurses ncurses-deve]
- Download source kernel tir trang kemeJ.org.
- E>8 bien djch duqc kernel, cdn cai b(> C compiler. Xem l{li phdn cai d�t a bai tru&c.
- Giai nen g6i source:
- T{lo fiJe corifig. C6 th8 t{lo file config:
o make config: d{lng text file, man hinh hi�n ra nhi�u cau hoi, tra loi ldn luqt.
. o make menuconfig: d{lng d6 h9a, (ki�u d6 h9a tren DOS), d� sfr dt,mg han.
� -
root@loca!host:-/linux-3.0.36
- - --------- -- - -- ----
_ c x
Option !Option
f General setup I
T 111111:!I
f-0100 HZ
11 t!(-fUt!l ll y
+·Networking support
' rSupport for hot-pluggable CPUs
j 1
:+}-Device Drivers I
!-·Firmware Drivers rocompat VDSO support
!
11�4!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Pbien Ban Thir Nghifm - LtrU Hanh Nqi Bq
M�
TRUNG TAM DAO T�O M�G MAY TINHNHA.T NGUl
DOI TAC DAO T�O CUA MICROSOFT T�I V.IlT NAM �l '\:-,,
tt
NHAT � I 05 Ba Huyen Thanh Quan, Q3, TP. HCM
NGH,; Aficrosoft·Pa rtner
Tel: 39.322. 734 - 39.322.735 - Website: www.nhatnghe.com Goid Learning
o make clean: dQn d�p nhiing file bien dich cu, co th� da dugc t�o ra trong g6i source.
o make bzlmage: �o kernel image.
115
Phien Bin Thtr Nghifm - L1111 Hanh N9i B9
Men, TRUNG TM1 DAO T�O M�G MAY TINHNHAT NGH¥
D6I TAC DAO T�O CUA MICROSOFT T� VltT NAM
105 Ba Huy�n Thanh Quan, Q3, TP. HCM
--/.-I/•
��
Microsoft'Pa rtner
NHAT NGH� Tel: 39.322.734 - 39.322.735- Website: www.nhatnghe.com
., A
76 menuentry 'CentOS Linux (3.2.3) 7 (Core)' --class rhel fedora --class gnu-linux --class gnu
--class os --unrestricted $men uentry_id_option 'gnulinux-3.10.0-229.el7.x86_64-
advanced-92dd65a3-6293-4flc-ac60-8cc0599cfe87' {
77 load video
78 set gfxpayload=keep
79 insmod gzio
80 insmod part_msdos
81 insmod ext2
82 set root='hdO,msdos1'
83 if [ x$feature_platform_search_hint = xy ]; then
84 search --no-floppy --fs-uuid --set=root --hint-bios= hdO,msdosl --hint-
efi=hdO,msdos1 --hint-baremetal=ahciO,msdo s1 --hint= 'hdO,msdos1' d1bf360f-
50b5-459d-92f5-195aa52 l 5f54
85 else
86 search --no-floppy --fs-uuid --set=root d1 bf360f-50b5-459d-92f5-195aa5215f54
87 fi
88 linux16 /vmlinuz-3.2.3 root=UUID=92dd65a3-6293-4flc-ac60-8cc0599cfe87 ro
crashkemel=auto rhgb quiet LANG=en_US.UT F-8 systemd.debug
89 initrd16 /initramfs-3.2.3.img
90}
l o c ,1 l li o s t l o q i n : r o o t
P ssc.mrcl:
Lctst login: Tue Apr ZS 15:08:26 from 192.168.1.10
[rootLJ!oca.1!1ost -rn una.me -a
Liiwx loc<dhost.localdomain 3.2.3 :ttl SMP Tue Apr 28 15:58:45
G4 x86_G4 GNU/Linux
[ roo UH oca. l host - lit
11�§!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Phien Ban Thir Nghifm - L1r11 Hanh Nqi B9
Men,
TRUNG TAM E>AO T�O M�NG MAY TINH NBAT NG:et:
D6I TAC DAO T�O ciJA MICROSOFT T�I V'q:T NAM
::�I,
...,,.,
105 Ba Huyen Thanh Quan, Q3, TP. HCM Microsoft· Partner
NHAT NGHe Tel: 39.322. j34 - 39.322.735 - Website: www.nhatnghe.com Golci: Learning
Networking Fundamentals
# change hostname
# hostname may 1.nhatngheI.com
# hostname
mayl.nhatngheI.com
# reboot
Quan sat ten may tinh
- /etc/hosts: phan giai ten sang IP, thucmg dung cho phan giai rn)i bQ
-/etc/resolv.conf: khai bao DNS server dung cho phan giai ten
search: danh sach cac domains cho v�c lookup cac host-name, m�c djnh khai
bao local domain. (t6i da dm;rc khai bao 6 domains va tbng sA ky ti! la 256 ky tg)
nameserver: chi djnh cac DNS servers
[root@localhost-]# ifconfig
eno16777736: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.9.101 netmask 255.255.255.0 broadcast 192.168.9.255
inet6 fe80::20c:29ff:fe09:d7da prefixlen 64 scopeid Ox20<1ink>
ether OO:Oc:29:09:d7:da txqueuelen 1000 (Ethernet)
RX packets 7176 bytes 1006754 (983.1 KiB)
RX errors O dropped O overruns O frame 0
TX packets 657 bytes 186321 (181.9 KiB)
TX errors O dropped O overruns O carrier O collisions 0
Vi�c thay d6i bing l�nh chi la t�m thoi va se khong dugc hru I�i khi khm d9ng I�i h� thdng.
. Ki�m tra IP:
[root@may1 -]# ifconfig eno33554960
eno33554960: tla s=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
NHATNGHE . . .
� A
f)� co th� luu l�i vi�c thay d6i dja chi IP sau khi restart ]�i h� th6ng, ta sua tn.rc ti€p file sau:
IPV6_PEERDNS=yes
IPV6_PEERROUTES=yes
IPV6 PRIVACY=no
DEVICE= eno16777736
NM_CONTROLLED=yes
ONBOOT=yes
TYPE=Ethemet
BOOTPROTO=none
IPADDR=l 92.168.1.20
PREFIX=24
GATEWAY=192.168.l .1
DNS1=8.8.8.8
DEFROUTE=yes
IPV4_FAILURE_FATAL=yes
IPV6INIT=no
NAME="System ethO"
UUID=5fb06bd0-0bb0-7ftb-45fl-d6edd65t3e03
USERCTL=no
NETMASK=255.255.255.0
HWADDR=OO:OC:29:AO:lA:71
1PADDR2=192.168. l .21
IPADDR3=192.168.1.22
IPADDR4=192. l 68. l .23
Ki�m tra:
4. Lfnh netstat
-Xem routing table:
# netstat -nulp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PIO/Program
name
udp 0 0 192.168.1.101:53 0.0.0.0:*. 4923/named
udp 6144 0 0.0.0.0:53 0.0.0.0:* 4923/named
udp 0 0 127.0.0.1:53 0.0.0.0:* 4923/named
udp 0 0 0.0.0.0:123 0.0.0.0:* 653/chronyd
udp 0 0 0.0.0.0:5353 0.0.0.0:* 650/avahi-daemon: r
udp 0 0 0.0.0.0:47420 0.0.0.0:* 650/avahi-daemon: r
udp 0 0 127.0.0.1:323 0.0.0.0:* 653/chronyd
udp6 0 0 :::53 '"'* 4923/named
udp6. 0 0 :::123 ···* 653/chronyd
udp6 0 0 ::I :323 ···* 653/chronyd tcp
0
__ L�nh tracepath l&n dfiu duong di tren m�ng t&i m()t dich chi djnh va bao cao v� m6i nut m�ng (hop)
d9c tren duong di. N�u g�p phai cac vfin d� v� m�ng, 1�nhtracepath c6 th� chi ra vj tri 16i m�ng
L�nh traceroute: giup ta bi�t dugc duong di cua g6i tin d�n dich se phai qua nhung dia chi nao. N6
su dt,mg TTL, bing each gm cac g6i tin lien t1,1c cho d�n dich, g6i tin d&u c6 th<'ri gian TTL la 1, g6i
tin 2 c6 TTL la 2, cho d�n khi n6 d�n dich, m6i l&n tang len 1 dan vi
6. Tfp tin/etc/services
.Khi xinetd dugc kh&i t�o n6 se truy c�p dSn t�p tin /etc/services d� tim c6ng tuong (mg v6·i
tung djch V\J.
- Quan sat t�p tin /etc/services nhu sau:
[root@may l -]#vi /etc/services
1. Secure Shell
Chuang trinh telnet cho phep nguoi dung dang nh�p tir xa vao h� th6ng. Nhung khuyet di8m cua
chuang trinh nay la ten ngucri dung va m�t khftu gm qua m�ng khong dugc ma hoa. Do d6, rfit d6 bj
tin cong. Ph!n m€m ssh la m(>t sv h6 trg m6i cua linux nhki kh�c phvc nhugc di8m cua telnet. No
cho phep b;n dang nh�p tu xa vao h� th6ng linux va m�t khftu se dugc ma boa.
MJc dinh khi cai d�t Iinux thi ssh da duqc cai d�t
2. SSH client
Client sir dpng cac each sau d8 k�t n6i den SSH server
2.1 Truy qp ssh server tir Linux:
N�u muAn ssh v6i account khac root thi them vao option -I nhu sau:
.
. Website:
NHATNGHE· Tel: 39.322.734 - 39.322.735-
,., A
".;;dti Leaming
www.nhatnghe.com
� -· =-
GJ��
nn - - r � � n- - --- n �- " n n �-<e - - n - = r - - n - �- -� _
,�,
Not connected • press Enter or Space to connect r 67x12 _,,;
Ch9n add profile, edit profile. khai bao cac thong s6 sau:
NHAT NGH�
,., A 105 Ba Huy�n Thanh Quan, Q3, TP. HCM Afictosoft·Pa rtner
Tel: 39.322.734 - 39.322.735- Website: www.nhatnghe.com Gold Leaming
Ch9nOK
ChQn connectionm 1 => ch9n Connect
f\efresh I view • j
·-- �=iw
.%CPU.
, ID
J�Mem,[unit···-···.·1 Priority
o 622 1.7 MiE abrtd.sen, Normal
O 625 1.3 MiE abrt-oops, Normal
O 624 1.3 MiE abrt-xorg. Normal
0 1293 124,0 I getty@tty Normal
O 611 212.0 I alsa-state Very Low
O 2946 244.0 I session-7. Normal
0 345 NIA Very High
o 1289 204.0 I atd.servic Normal
O 4492 696.0 I session-1! Normal
0 4661 616.0 I session-!' Normal
o 4485 2. 7 MiE session-1! Normal
O 4380 616.0 I session-1- Normal
Gold Leaming
May windows:
- Cai sfnet_xming
- Ma putty, chQn select XI I, chQn "Enable XI I foiwarding"
- Ti�n hanh k�t n6i ssh d�n may linux
Categp,y:
.. t.:onneclion
��-��--]
1. . Proity
L. Data
· · ·· · · ·· ·
1��1
X11 forwairlinq
j·.. Telnet
1··-Rlogln
- K c&sp1ay location . - ·---------
�.:·, .. ssH
It
1.... m ; X authority file for local clispley
1.... x11
1.... Tunnels
4 Cho phep truy c@.p SSH server khong yeu clu nh@.p passowrd
- Sfra file du hinh tren server thi�t l�p 2 thu(k tinh sau:
[root@mayI -]# vi /etc/ssh/sshd_config
55 PubkeyAuthentication yes
59 AuthorizedKeysFile .ssh/authorized_keys
- T�o key t�i may Client:
- Tren server copy file id_rsa.pub thanh file mm dBi ten thanh authorized_keys:
[root@mayl .ssh]# cp /root/.ssh/id_dsa.pub /root(ssh/authorized_keys
5. VNC
Di�u khi�n server tir xa qua giao di� d6 h9a
- Cai d�t tigervnc-server
tigervnc-server-1.2.80-0.30.20130314svn5065.el7.x86_64
tigervnc-license-1.2.80-0.30.20130314svn5065.el7.noarch
tigervnc-server-minimal-12.80-0.30.20130314svn5065.el7.x86 64
- Kh&i d{mg vns server, run with diplay number 'I', screen resolution '800x600', color depth '24'
- T�i may windows, cai TightVNC ho�c UltraVNC, ti�n hanh k�t n6i
Install...
Oe$etipticn (!) Obtain DNS server. addr� autllmalically
Transmi;sion Contiol
wide area network pro i 0 Use the folowing DNS se1ver addresses:
acrots dr;erte inlerc "·
.f'·,,e,,, :i>: f
0 Show icon in notificat1
0 Notify me when this
>
Advanced.. I j
.,.. ..,, ,,... , .. �
H I
,., ...
OK C-Yicel
·••DNS <Remove>
dorriains
www.nhatnghe.com
lease 192.168.1.102 {
starts 2 2015/05/05 01:21 :20;
ends 2 2015/05/05 01:31:20;
tstp 2 2015/05/05 01:31:20;
cltt 2 20 I 5/05/05 0 l :21:20;
binding state active;
next binding state free;
rewind binding state free;
hardware etheinet OO:Oc:29:68:4c:43;
uid "\001\000\014)hLC";
client-hostname "mayl ";
}
-Xem nh�t ky
[root@localhost Desktop]# more /var/log/ boot.log
May 4 22:16:01 localhost dhcpd: DHCPRELEASE of I92.168. I.I02 from OO:Oc:29:68:4c:43 (may]) via eno
I6777736 (found)
May 4 22: I6:09 localhost dhcpd: DHCPDISCOVER from OO:Oc:29:68:4c:43 via enol 6777736
May 4 2 -2:16:10 localhost dhcpd: DHCPOFFER on 192.168.1.102 to OO:Oc:29:68:4c:43 (may]) via enol 677
7736
May 4 22:16:10 localhost dhcpd: DHCPREQUEST for 192.168.1.102 (192.168.1.IOI) from OO:Oc:29:68:4c:
43 (mayl) via enol 6777736
May 4 22:16:10 localhost dhcpd: DHCPACK on 192.168. I.102 to OO:Oc:29:68:4c:43 (mayl) via enol67777
36
May client :
# systemctl restart network
# ifconfig ethO
ethO Link encap:Ethernet HWaddr OO:OC:29:98:BF:BE
inet addr:192.168.1.150 Bcast:192.168.1.255 Mask:255.255.255.0
inet6 addr: fe80::20c:29ff:fe98:bfbe/64 Scope:Link
May client
# ifconfig eth1
ethl Link encap:Ethemet HWaddr OO:OC:29:98:BF:C8
inet addr:172.16.0.10 Bcast:172.16.0.255
. . Mask:255.255.255.0
.
inet6 addr: fe80::20c:29ff:fe98:bfc8/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:l
RX packets:138 errors:0 dropped:O overruns:O frame:O
TX packets:146 errors:O dropped:O overruns:O carrier:O
collisions:O txqueuelen:1000
RX bytes:18253 (17.8 KiB) TX bytes:33463 (32.6 KiB)
Interrupt:16 Base address:Ox2080
· FTP Server
1. Cai c1Jt VSFTP
FTP la dich v1,1 cung cdp oo chB truy€n tin ducri d�ng file thong qua m�ng tcp. Co nhi€u
chucmg trinh ftp server sir d1,1ng tren Linux nhu: Vsftpd, Wu-ftpd, PureFTPd, ProFTPD, ... Trong
giao trinh nay se trinh bay Vsftpd
- Cai d�t g6i vsftpd-2.2.2-6.el6_0. l.i686.rpm
- FTP server khi ch:;i.y dn ma port (20,21) nen ta phai ma 2 port nay tren firewall hay tit
firewall.
3. FTP client
3.1. Truy c,p ftpserver tir Linux:
Cai g6i ftp-0.17-5 l . l .el6.i686.rpm
# rpm -ivh /media/Packages/ftp-O. l 7-5 l . l .el6.i686.rpm
Gold Learning
Password:
I 230 Login successful.
.ftp>
Kiem tra
ftp> ls -I
200 PORT command successful. Consider using PASV.
150 Here comes the directory listing.
-rwxr-xr-x 1 0 0 25080 Jul 19 15:41 basename
-rwxr-xr-x 1 0 0 874184 Jul 19 15:41 bash
226 Directory send OK.
: 128 b es received in 0.00Seconds 128000.00Kb es/sec.
· e site: /mme/ul.
lt-l_ocal....,...ste.,.,:,.._D_:1-,-------� �<i: Remot
V
@
'J My Computer 1· ,3 I zt
Sh)i A: <cJ (?) home
·�Q b&
<tl·• 0: (1\/MWare)
!� «. E: (!DATA)
$·..;.},F:
$;;.,,. G: (0903397188)
i.,;'
.!.·
"*'lllP ", , · Filename
6
flename I Filesize 1 FilesiZe Filetl'Pe last modified Permissions 0
FileFok ii:::) ..
fi;jtemp File Fok [isl basename 25,080 FJle 7/19/201210:4... ..,wn�n�x o,
e.)XP
� daemcn347.exe
FlloFok
l!)
ibash �74,184 File 7/19/201210:4... -rwxr·xr-x Ol
535,552 EX£ Fi vmware.rtl 318 RichTextF...
.oper#ler-Z.3-x86... 195,067,582 WnRAf
}ru IUtY.l,g 8,601 Text 0c" ,·
1)-..rtf 3<!8 Rich Te ;,, .
il-•--l<sta... 114,368,379 EXE Fa:�/
";...:�'
rnd
TODCEC.BAT iDu·inttt\a-�
boali,,i ou�"""'"'�""b�... (i,.e.��l
I] CONF16.SYS 0 Send commar,d to teep e<mo<!ion oive:
lillO.SVS
ffiMSDDS.SYS
@ NTDETECT.COM � Aemembef conte,:.ii,;ii � &.� fn <achll
[ijntldr E11C:<1Cq cl lie......., �!!,!F·8 l po,<iJlo) ___ 3J
f] pegelie.•,. U
0� JI Concel II Help t:::=:'...J
!'-���������������������������--��--� i
0k / 2.0S5,395 kin 0/ Slileo, o 112 dift•J Ok/ 2,095,JSS kin O /9folet. o / 12dirf•I
. . . . �I .
. . • . . �
F4Edit F5 f6Move F7Newfokler FB Delete Alt+F4 Eoiit
� �l *., ++
I I
ailing for .erver...
:::·:,.,..:,:,;:·::.:··:·::::,�::::�.:.:· "·':
Ma file /etc/vsftpd/vsftpd.conf
#mkdir /hocvien
#mkdir /hocvien/download
#mkdir /hocvien/upload ; mltc nhien user ko duqc quy�n upload vao thu mvc
g6c cua ftp
#chown ftp /hocvien/upload
#chmod 777 -R /hocvien/upload
Chu y: d5i voi user local, sfr dvng l�nh sau d� thi�t l�p l�i thu m1,1c root: local_root=/home
Sfra file du hinh /etc/vsftpd/vsftpd.conf chi cho phep anonymous truy c�p
dong 12 anonymous_enable=YES
dong 27 anon_upload_enable=YES
dong 3 t anon_mkdir_write_enable=YES
anon_root=/ftphocvien
listen address= l 92.168.1.20
, Ngoai ra NFS con doi hoi phai co m{>t Daemon quan trQng dung d� quan ly cac ket ndi d6 la
rpcbind. M�c djnh rpcbind duqc cai d�t sin tren h� thdng. rpcbind listen tren TCP port 111.
- Ki�m tra rpcbindda duqc cai d�t tren h� thdng:
[root@localhost Desktop]# rpm -qa rpcbind
rpcbind-0.2.0-26.el7.x86_64
NFS G6m co cac quy€n truy c�p thong d1,1ng nhu sau:
secure : Port tu client requests phai nho hon 1024
ro : Read only
rw : Read - write
noaccess : Denied access
root_squash : Ngan remote root users
no_root_squash : Cho phep remote root users
Luu y: sau khi thay i16ifile /etc/exports br;m phai restart daemon nfs hay dung cac l�nh sau:
exportfs -a : Reload l�i toan b9 c�u hinh cho NFS
exportfs -r : Reload l�i nhung thay d6i trong du hinh cho NFS
- Do NFS cdn ma m9t sd port khi ch�y nhu (l 11, 2049 ..) nen ta cdn c�u hinh firewall ma cac port
nay hay cit firewall:
- KiSm tra nfs da dugc quan ttj b&i rpcinfo
- KiSm tra:
g
[:cootBlocalhoat -]I 11 /se:cve:c/dulieu/ I more
total 1976
d:cwx:c-x:c-x 3 :coot :coot 4096 Jul 11 03:03 ab:ct
d:cwx:c-x:c-x 4 :coot :coot 4096 Jul 11 03:03 acpi
-:cw-:c--:c-- l :coot :coot 49 Jul 11 03:03 adjtime
-:cw-:c--:c-- l :coot :coot 1512 Jul 11 03:03 aliases
-:cw-:c--:c- - l :coot :coot 12288 Jul 11 03:03 aliases.,db
d:cwx:c-x:c-x 2 :coot :coot 4096 Jul 11 03:03 alsa
d:cwx:c-x:c-x 2 :coot :coot 4096 Jul 11 03:03 alternatives
-:cw-:c--:c-- l :coot :coot 541 Jul 11 03:03 anac:contab
-:cw-:c--:c-� l :coat :coot 148 Jul 11 03:03 asound.conf
#man nfs
• soft I hard Determines the recovery behavior of the NFS client after an NFS request times out.
If neither option is specified (or if the hard option is specified), NFS requests are retried
indefinitely. If the soft option is specified, then the NFS client fails an NFS request after
retrans retransmissions have been sent, causing the NFS client to return an error to the
calling application.
NB: A so-called "soft" timeout can cause silent data corruption in certain cases. As
such, use the soft option only when client responsiveness is more important than data
integrity. Using NFS over TCP or increasing the value of the retrans option may
mitigate some of the risks of using the soft option.
• intr I nointr This option is provided for backward compatibility. It is ignored after kernel 2.6.25.
syncln other words, under normal circumstances, data written by an application may not
immediately appear on the server that hosts the file.
• Sync: If the sync option is specified on a mount point, any system call that writes data to files on
that mount point causes that data to be flushed to the server before the system call
returns control to user space. This provides greater data cache coherence among clients,
but at a significant performance cost.
chu y: sit dimg l?nh man nfsstat d� xem them cac option cita lenh nfsstat.
Samba server
1. Cai dJt samba:
La djch V\l h6 trq chia se tai nguyen tu h� th6ng Linux vai cac h� th6ng khac nhu Linux,
Windows.
- Ki8m tra samba da duqc cai d�t hay chua:
# rpm -qa I grep samba
samba-common-4.1.12-21.el7_l.x86_64
samba-4.l.12-21.el7-l.x86-64
samba-client-4.1.12-21.el7-l.x86-64
samba-Iibs-4.l.12-21.el7-1.x86-64
- Do samba cfin ma m{>t s6 port khi ch�y nhu (139,445, ..) nen ta cfin c!u hinh firewall ma cac
port nay hay tilt firewall:
* Favorites
!If Desktop
Recent Place�
:,,) Libraries
;I:! Computer
"l J
t_ Local Disk (C�)
[global)
workgroup = MYGROUP
server string= Samba Server Version %v
passdb backend = srnbpasswd
log file = /var/log/samba/log.%m
max log size = 50
create mask = 0766
directory mask= 0777
cups options= raw
[homes]
comment = Home Directories
read only = No
g
browseable No
[printers]
corrunent = All Printers
path = /var/spool/samba
printable = Yes
browseable = No
# default: off
# description: SWAT is the Samba Web A dminTool. Use swat\
# to configure your Samba server.To use SWAT,\
# . connect to port 901 with your favorite web browser.
service swat
{
port = 901
socket_type = stream
wait =no
only_from = 192.168.1.0/24
user = root
server =/usr/sbin/swat
log_on_failure + = USERID
disable = no
}
- Ma trinh duy�t Mozilla Firefox va nh�p vao dja chi sau dS cAu hinh samba-swat:
0 Comectilg..•
+ 192,168.1.20:901
@ A username and pasSl'!Ol'dare being requested by http:f1!92,168.1.20:901. The site says: "SWAT"
User Name:
Password:
OK j I Cancel
·"'
http://www.mozilla.com/errUS/fitefox/cenl:raJ/ . .· >,,.;
192.168.L20:9Ul
Sru:ilba Do'r11111entatio1i
• Daemons
o smbd • the SMB daemon
o nmbd - the NetBIOS nameserver
o winbindd - the winbind daemon
• Co11figuration Files
e
HOME
Quan ly thong tin cau hinh chung.
GLOBALS
"'
SHARES
Quan ly vi�c chia se may in.
P�NTEFIS
I CommitChanges 11 ResetVelues
Base Options
comment ]Bai
'·--"·•thi . ..
·"'-"·hoc ky
-· - ···---
·
. --...-. --··-·""''"''-.'"''·'""•·-· """""'"'-· -·-]J Set Default J
path l/nhatnghe/baithi I Set Default l
Senuitv 0:etions
Help usemame
Help invalid users
Help valid users
Help admin users Set Default
Help read list
Help write list
Help force user
- Change hostname
255.0.0.0 127.0.0.0
255.255.255.0 192.168.1.0
- Add server and clients' IP address for NIS database
#vi /etc/hosts
192.168.1.101 mayl.nhatnghe.com mayl
192.168.1.103 may2.nhatnghe.com may2
- Start service
#systemctl start rpcbind ypserv ypxfrd yppasswdd
#systemctl enable rpcbind ypserv ypxfrd yppasswdd
# /usr/lib64/yp/ypinit -m
At this point, we have to construct a list of the hosts which will run NIS
servers. mayl.nhatnghe.com is in the list of NIS server hosts. Please continue to
add
the names for the other hosts, one per line. When you are done with the
list, typ.e a <control D>.
next host to add: may I .nhatnghe.com
Is this correct? [yin: y] y
We need a few minutes to build the databases...
Building /var/yp/nhatnghe.com/ypservers...
Running /var/yp/Makefile ....
gmake[I ]: Entering directory '/var/yp/nhatnghe.com'
Updating passwd.byname...
Updating passwd.byuid...
Updating group.byname...
Updating group.bygid...
- N€u them user m6i trong local vao NIS server, thl,l'c hi�n nhu sau:
# cd /var/yp/
#make
#hostnamectl
NI$ Settfngs
Domain: nhatnghe.com
Server: mayl.nhatnghe.com
•
- Start ti�n trinh ypbind:
#systemctl start rpcbind ypbind
#systemctl enable rpcbind ypbind
- Su d1,mg l�nh ypwhich d� ki�m tra NIS server nao dang phvc V\l nhilng request NIS:
[root@localhost-]#ypwhich
may l.nhatnghe I .com
- L�nh ypcat d� li�t ke thong tin m{>t bang map tren NIS server:
AHg3kSgbS72Zqn06AlcTwrOJCpac5HakY1:1000:1000:u1:/home/u1:/bin/bash
u2:$6$zNpEe636$CVzpjnM4dHFD6.Ulq5qSgGAx.n8HicZSE1aYu0oTD5p4wQ0i3iP/.
4WXX3Hj7QOvWiS2U09yHP0aNMRh00k761:1005:1007::/home/u2:/bin/bash
root Iocalhost Deskto #
- C§.u hinh trong file /etc/nsswitch.conf d8 h� thdng bi€t dn tim ki€m thong tin a dau:
passwd: fites nis ldap
shadow: files nis ldap
group: fites nis ldap
4. Auto mount
Update user vao NIS server:
- T�o user
[root@ mayl -]#useradd kdl
[root@ may1 -]#useradd kd2
[root@ mayl -]#passwd kdl
[root@ mayl -]# passwd kd l
- Ch�y l�nh make d8 exports tit ca n{>i dung /etc/passwd va /etc/group (login shell, user's.
group, home directory.)
#cd /var/y
[root@mayl yp]#make
gmake[1]: Entering directory '/var/yp/nhatnghe I .com'
Updating passwd.byname...
Updating passwd.byuid...
Updating group.byname...
Updating group.bygid ...
Updating netid.byname...
ake[ I ]: Leavin directo
Exit va login v6i user kdl, thanh cong, user c6 th� chep du li�u vao /home/kdl (nis server)
LDAP server
Gioi thifu
• Gi6ng nhu NIS, djch v1,1 LDAP cho phep cht'.rng th\fc t�p chung user
• Qua trinh cht'.rng th\fc usemame va password gifra LDAP server va LDAP client duqc
ma h6a, barn bao v§.n d€ an roan
• Du li�u trong LDAP la c§.u true.cay (gi6ng nhu c§.u true AD)
Goid Learning
changetype: modify
replace: olcRootDN
olcRootDN: cn=Manager,dc=nhatnghe,dc=com
#vi basedomain.ldif
dn: dc=nhatnghe,dc=com
objectClass: top
objectClass: dcObject
objectclass: organization
o: Server World
de: nhatnghe
dn: cn=Manager,dc=nhatnghe,dc=com
objectClass: organizationalRole
en: Manager
description: Directory Manager
objectClass: organizationalUnit
ou: People
dn: ou=Group,dc=nhatnghe,dc=com
objectClass: organizationalUnit
ou: Group
# vi ldapuserl .ldif
dn: uid=cent,ou=People,dc=nhatnghe,dc=com
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: shadowAccount
en: Cent
sn: Linux
userPassword: {SSHA} 1yQ/DbcHheBGpWXzPe7tHn77SHd9nn3k
loginShell: /bin/bash
uidNumber: 1000
gidNumber: 1000
homeDirectory: /home/cent
dn: ·cn=cent,ou=Group,dc=nhatnghe,dc=com
objectClass: posixGroup
en: Cent
gidNumber: 1000
memberUid: cent
I General �ALM!�------------�
I·-:-...-
j Coniection:
l Host 192168.1.101·----Port 389 Vei*n I 3 v>··• .;o::j
. . . . . ...
I
Accounl
� lDAPAdmin
ii ----'
�rt ·,........,Edit
..... . ..�ew
.....,.;�;,Iools 1
.s.·;· .... ••. ,· ·,' '" ,"" '" ',, .... ·· . ........ ... . ...... . ''," ' . ..... ,, ....... ...
$lf�
! objectClass top
! objeclOass dcObject
I obiec\Qa:: o,ganization
i
l� f...
cn-Mana,Jei
nss-pam-ldapd-0.8. l 3-8.el7.x86_64.rpm
# vi /etc/sysconfig/authconfig
Dong 9: FORCELEGACY=yes
#reboot
#setup
Them dong sau n�u mu6n t?o home directory cho user tr�n may client khi user login
options {
allow-transfer {none;};
directory "/var/named";
query-source port 53;
query-source-v6 port 53;
dump-file "var/named/data/cache_dump.db";
statistics-file "var/named/data/named_stats.txt";
memstatistics-file "var/narried/data/named _mem_stats.txt";
notify yes;
};
zone "." IN {
type hint;
file "named.root";
};
zone "nhatnghel.com" IN {
type master;
file "nhatnghe.db";
};
zone "localhost" IN {
type master;
file "localhost.db";
};
7nnP "fl fl 1 "')7····
-·----· in-<>rlrlr
---··-·<>1"1"\<> 11
- ·· 11'1· [t
r
,----� type master;
GGi<i Leaming
file "0.0.127.in-addr.arpa.db";
};
zone "12.168.192.in-addr.arpa" {
type master;
file "1.168.192.in-addr.arpa.db";
};
$TTL 86400
@ TN SOA serverl.nhatnghel.com. root (
42 ;serial (d. adams)
3H ;refresh
ISM ;retry
IW ;expiry
ID) ;m1mmum
IN NS serverl.nhatnghel.com.
TN A · 192.168.12.101
serverl IN A 192.168.12.101
WWW IN CNAME . server]
mail IN CNAME serverl
ftp IN CNAME serverl
$TTL 86400
@ IN SOA serverl .nhatnghe I .com. root. (
3;serial
28800;refresh
7200;retry
604800;expire
86400;ttk
)
@ IN NS serverl.nhatnghel.com.
101 TN PTR serverl.nhatnghel.com.
# /usr/libexec/setup-named-chroot.sh /var/named/chroot on
# systemctl stop named
# systemctl disable named
#systemctl start named-chroot
# systemctl enable named-chroot
C:\>nslookup
Default Server: server1.nhatngheI.com
Address: 192.168.1.101
> www.nhatngheI.com
· Server: serverl .nhatngheI.com
Address: 192.168.1.101
Name: server1.nhatngheI.com
Address: 192.168.1.101
Aliases: www.nhatngheI.com
> vnexpress.net
Server: server1.nhatngheI.com
Address: 192.168.1.101
Non-authoritative answer:
Name: vnexpress.net
Address: 111.65.248.132
> 192.168.1.101
Server: server1.nhatngheI.com
Address: 192.168.1.101
$TTL 86400
$TTL 86400
@ 1N SOA serverl.nhatnghel.com. root (
42 ; serial (d. adams)
3H ; refresh
15M ; retry
1W ; expiry
1n\ • ._.., �"" 1 T"i!"" 1 ,.......,
' .tli.&1.i.1..1..1.tYJ.1..l
J
,i..t...,'
INNS serverI.nhatngheI.com.
NHATNGHE
.., 105 Ba Huyen
A . Thanh Quan,
. Q3, TP. HCM
.
Microsoft· Partner
. • Tel: 39.322. 734 - 39.322. 735 - Website: www.nhatnghe.com Goid Leaming
IN A 192.168.1.1
server! IN A 192.168.1.101
win2k3 IN A 192.168.1.1
WWW IN CNAME win2k3
mail IN CNAME serverl
ftp IN CNAME serverl
C:\>pirig www.nhatngheI.com
•
- Web site, new, web site, next
Nh�n thdng tin mo ta cho web Web s,te Creatmn Wizard • · ,, : % , II . " ,
site, next Web Site Desciption
De:cribe the Web s�e lo help administrators identify it. .
•
'
i. Pa1n: > .·
. �:\lne�b\ww�oot B1owse...
. : · ·: ·. ' . '
P' �iow anonymous � to this Web sfte
Next va finish
Web Site Creation Wizard er ' '\) ,1it·
Set the ac=
Web Sile Access Permiuions
permistions for this Web site.
,., _ 105 Ba Huy�n Thanh Quan, Q3, TP. HCM Micl'osoft· Partner
NHAT NGH� Tei: 39.322.734 - 39.322.735- Website: www.nhatn he.com .-_.;,.,i:l laaming
____
Search Music Online
...__ __, Go>>
Advanced Search I search Tips
Musi:: Catagories
Ch�y file setup cai d�t, � MDaernon Server InstatlatiOn ' �� ";;..t:,c:£,1� 1 -
next ....nest
----- 105 Ba Huyen Thanh Quan, Q3, TP. HCM Miclosolt' Partner
NHAT NGHe Tel: 39.322.734 - 39.322.735 - Website: www.nhatn he.com {;;<>i:l Leaming
�p ten domain
�, ,.<>:., :;�,,_-�.;}\:S):�\:�Jt
-•_-· . .•
i'?f\�:::-.will��l''�����-t?t'r�;t••�s,
T
�. tThii �
/F;;.�t�F;anki�...i:
. .. v . , •• '
-
$el up_ wit.Ii _the RFC 1�q,.s!id 'P'?'tmast"!'
·:: jadmin_• ·
I�
,<:: '" '
Use upper and Iowa ca.se lettei� ar.d nuni,ers in .YOA pastwo1d. Also, ire pa
must be_bel� 6 arid 12 characteisin ·length· po not },elude the mailbox or
· .name-as part ol the password
F This ..,;.,:..X is � adrrinistr:.ior . r..n cori',guration acce•• is gr""ted .
Next,next, finish
T�o mailbox u 1
rA,:CQITT ···-, -�···:c . ..
r-:---�-----
:�=d ___
. · - .,_,_
I F«t«>dlas!.....
@lrl\a!ng,o1.com - ..:.I
r
>·Web A«es:. ·1_. Tri,ao:�WM c.i�tdon: <tri .�
l·
·-
: Auto•RP.-sp(lt"ider TM ace� w.as la.1.&ecetcad on: <1.A'i:�
! lMAPFi:ers
0,-,,ic�<i<ab!ed
• "IJlK'I'
:-- Shared Md•"
:-- s,g,.o,.
Nh�p ten ul
$TTL. 86400
$TTL 86400
@ IN SOA server1.nhatnghe I .com. root (
42 ; serial (d. adall'!s)
3H ; refresh
15M ; retry
1W ; expiry
ID) ; mm1mum
IN NS · server1.nhatnghe I .com.
IN MX 10 win2k3.nhatnghe I .com.
IN A 192.168.1.1
serverl IN A 192.168.1.101
win2k3 IN A 192.168.1.1
WWW IN CNAME win2k3
. pop IN CNAME win2k3
smtp IN CNAME win2k3
kiemtramaq
·.·<:-. . ·. .
Nhan send/receive, nh�n dugc .Folder$...
S�Loc41-,
�-Exp,...
-·-
mail
/J.';;"i'&iir-��
' � W>o,i
; © Ol.tbox
:. �
G
; ·· ·Deleted Items (l)
·-�C>alts
Froo
SUb
14
};
options {
directory "/var/named";
query-source port 53;
query"'.source-v6 port 53;
dump-file "var/named/data/cache_dump.db";
statistics-file "var/named/data/named_stats.txt";
memstatistics-file "var/named/data/named_mem_stats.txt";
notify yes;
};
zone "." IN {
type hint;
file "named.root";
};
zone "localhost" IN {
type master;
file "localhost.db";
};
zone "0.0.127.in-addr.arpa" IN {
type master;
file "0.0.127.in-addr.arpa.db";
};
zone "12168.192.in-addr.arpa" {
type master;
file "1.168.192.in-addr.arpa.db";
allow-update {192.168.1.0/24;};
allow-transfer {192.168.1.102;};
};
[root@localhost-]# vi /var/named/chroot/var/named/nhatnghe.db
$TTL 86400
@ IN SOA serverl.nhatnghel .com. root (
42 ; serial (d. adams) ·
3H ; refresh
15M ; retry
lW ; expiry
ID) ; minimum
INNS serverl .nhatnghe I .com.
INNS server2.nhatnghe I .com.
INMX 10 server l .nhatnghe I .com
IN A 192.168.1.101
server! IN A 192.168.1.101
server2 IN A 192.168.1.102
WWW INCNAME server!
mail INCNAME server I
ftp INCNAME serverl
pct IN A 192.168.1.10
$TTL 86400.
@ IN SOA server I .nhatnghe I .com. root. (
3 ; serial
28800 ; refresh ·
7200 ; retry
604800 ; expire
86400 ; ttk
)
@ IN NS server1.nhatnghe I .com.
IN NS server2.nhatnghe I .com.
101 IN PTR server1.nhatnghe I .com.
102 IN PTR server2.nhatnghe1.com.
, ,� ,. I 05. Ba Huyen
NMATNGHc .
Thanh Quan, Q3, TP. HCM Microsoft·Partner
• Tel: 39.322.734 - 39.322.735- Website: www.nhatnghe.com Goict Leaming
B2. chep cac file d.u hinh tir thu m\Jc slavedns
. named.conf vao thu m\lc /var/named/chroot/etc/
. cac file con l{l.i vao thu m1,1c /var/named/chroot/var/named
options {
forwarders { 192.168.1.1;10.0.0.1; };
directory "/var/named"; query-source port 53;
query-source-v6 port 53;
dump-file "var/named/data/cache_dump.db";
statistics-file "var/named/data/named_stats.txt";
memstatistics-file "var/named/data/named_mem_stats.txt";
notify yes;
};
zone "." IN {
type hint;
file "named.root";
};
zone "nhatnghe I .com" IN {
type sf.ave;
file "backup.nhatnghe.db";
masters { 192.168.12.101 ;};
,.} ;
zone "localhost" IN {
type master;
file "localhost.db";
};
zone "0.0.127.in-addr.arpa" IN {
type master;
file "0.0.127.in-addr.arpa.db";
};
[root@Jocalhost named]# II
-rwxrwxr-x 1 named root 435 Oct 17 2009 0.0.127.in-addr.arpa.db
-rwxrwxr-x 1 named root 71 May 19 2011 dns.txt
-rwxrwxr-x 1 named root 183 Oct 17 2009 Jocalhost.db
-rwxrwxr-x 1 named root 2518 Mar 14 2009 named.root
[root@localhost named]# II
-rwxrwxr-x 1 named root 435 Oct 17 2009 0.0.127.in-addr.arpa.db
-rw-r.;.-r-- 1 named named 354 May 10 11: 16 1.168. l 92backup.in-addr.arpa.db .
-rwxrwxr-x 1 named root 71 May 19 2011 dns.txt
-rw-r--r-- 1 named named 546 May 10 11 : 16 hcmbackup.nhatnghe.db
-rwxrwxr-x 1 named root 183 Oct 17 2009 localhost.db
-rwxrwxr-x 1 named root 2518 Mar 14 2009 named.root
B2. Ma win2k3:
chi dns ve may 1,2
·G�all
voo can oet IP sett� assiQned iiutoM�a� r � �etwork �ports ...·
this capabity. Otherwise, you need to � )'OU' network
.
administrato(..
. for the appropriate II' settings. : . ... . ..
f � an IP �ess' �t�ly .· .
. r:::::�� addr��; :��-�:�-----�,
1�etm�. -·.····· I
���11fi�g�\:�� .g�_1; ·.
. � gateway: . . . ' . ··. j 192 ,168 ..1� . 200 • . !
2
· · OK • Canci!I J· [;ppiv · I
B3. May master dns kiSm tra
[root@localhost named]# systemctl restart named-chroot
Quan sat cac record trong file nhatnghe.db
157 </Directory>
164 Directorylndex index.html # T�p tin m�c dinh khi ch�y website
. Ji:'i!f{ijl'.:�.J:\J;fo:\7:t:':· •.,. •. .
Just visiting? Are you the Administrator?
u �fl - �
f""'I
(!; �
t•.Jhttp://www.nhatnghel.com/
www.nhatrqle1.com
mm_
� .. Most Ylsted LJ��
:-·, �... started �� Customize Links �.
q Free Hotmal n
-------·--"------- »
,. +
•
�,.N_,.
0t• ww,e.matnghel.com
�� •••• "--� <'«�<�N,,-�• 'M"••><M,�_.,, , :,wna.�•• • � > ,U ,,,N, ,m, n
"-'N,,,=••"•• •
A
Music Caiagories
•
Even more websi
website template
Te111pl,11es
•
Dietary nutrients If you're looking fc ,.,,.
professionally m,
can find them at T
www.nhatnghe.com
fjj Most Visited C:J Getting started C:J Customize Links U Free Hotrnai! »
{ + ': www.nhatnghe1.com/forum/
\.._./·-----·--····..-----·..-·-·---..·-·--··-·--·--·-"'
· c:\· ·c: C J)! •
____,,,J
4.Chfrngthvctruycjp
Yeu d.u username password khi truy c�p alias /admin
Luu y: Tuy cht;m -c se t(JO m9t ttjp tin password mai. Niu ttjp tin nay aa t6n tt;1i thi no se xoa
. n9i dung cu va ghi vao n(ii dung mm. Khi tt;10 them m9t password cho nguai dung khac thi ta
khong dung tuj, cht;m -c.
- Sira file du hinh ciia apache, cho alias /admin nhu sau:
Alias /admin "/var/wWw/html/music/admin/"
<Directory "/var/www/html/music/admin/">
· AuthType Basic
AuthName "admin"
AuthUserFile · "/etc/httpd/conf/password"
reql!,ire user adminl # or Require valid-user
Directorylndex admin.html
Al1ow0verride None
#Require all granted
</Oirectory>
Password:
- •••
- - -·-···· ·· ·············· - ·············· -- -- ·············· - - - -- ··············· · -·················· --- '
OK j I c�
Apach«/2.2.15 (C,mtOS) 1::,erver at 'l'Nffl.Niatn�l.com Port 80
-T�o group
# vi /etc/httpd/conf/groups
admin: adminl admin2
- User nv1, sir d\lllg filezilla upload trang web vao thu mvc /home/nv1/public_html
-
fz nv1Q'197 1681.70 Fil�Zil!a �l.QJ�
g
- �� -
�[Qj�
°
' J Busmcss Omnc - Mozilla Firefox
E.1e � !£ieW HiltOl'Y llJ)ollmarks I.ools l:!elP
I CJ Business Onine
_-,,_e 11 itt • (,oe,,gie
/,.·-··,,
enterprise Co.
tho tMG.'t JlOiUbOM for f"OUI' �liftC:SS
6. Report
Cai awstats
# yum install epel-release
# yum install awstats
# cp /etc/awstats/awstats.model.conf/etc/awstats/awstats.nhatnghe.conf
#vi /etc/awstats/awstats.nhatnghe.conf
50 LogFile="/var/log/httpd/access_log"
122 LogFormat= l ; log format in httpd.confis 'combined'
153 SiteDomain=www.nhatnghe.com
203 DirData=/var/lib/awstats ·
239 AllowToUpdateStatsFromBrowser=l
# vi /etc/httpd/conf.d/awstats.conf
29 Require ip 192.168.1.0/24
#systemctl restart httpd
Tiin banb pban ticb
# /usr/share/awstats/wwwroot/cgi-bin/awstats.pl -config=nhatnghe -update
Found O comments,
Found O blank records,
Found O corrupted records,
Found O old records,
Found 77 new qualified records.
# II /var/lib/awstats
total 16
-rw-r--r-- 1 root root 7860May 10 13:01 awstats052015.localhost.localdomain.txt
-:rw-r--r-- 1 root root 7817May 10 13:01 awstats052015.nhatnghe.txt
C Cl, awrtat
. . . . !ilJIJIIYlil')' ..
Reported period . Month ·May 2015
First visit 10 May 2015 • 11:58
Last visit 10 May 2015 • 13:05
-�(}Hn!�e��;a1[ij Number of visits
2 2 100 .325 694.27 KB
Viewed traffic .,
(1 visits/visitor) (SO Pa�esNisit) (162.S Jiits/Visit) (347.13 KB/Visit)
"' Not viewed traffic indude$ traffic generated by r�bots:, worms,· or· i.eplies �ith special HTTP status codes.
Nuinber'of
.__.visits·
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!5,L
Phien Ban Thfr Nghifm - LU'U Hanh Nqi Bi} OI
TRUNG TAM :E>A.0 T�O M�NG MAY TiNHNHAT NGHl:
..A1"'R�
7rrJ:. B6I TAC BAO T�O CUA MICROSOFT T� VJtT NAM
I 05 Ba Huy�n Thanh Quan, Q3, TP. HCM
A
Miclosoff·Partner
NHAT NGHI; Tel: 39.322.734 - 39.322.735-Website: www.nhatn he.com
,.,
"...'idt!Leaming
@
Summary
When:
,,,
Monthly history
I
l
I User Name:
A username and pamvord are being requested by http:/!192.168.1.101. The site says! "private"
Days of month I
Days of week I Pa�ord:
Hours
Who:
- H6 trg unicode
# vi /etc/my.cnf
character-set-server=utf8
- Khai d9ng mysql
# systemctl start mariadb
# systemctl enable mariadb
- D�t password cho mysql: Sau khi cai MariaDB se kh6ng dugc bao m�t vi chua c6 m�t khftu root va
cac tuy ch<;m dn thi�t. Do v�y ch�y l�nh sau d� thi8t l�p m�t khftu root:
# mysql_secure_installation
# mysql_secure_installation
NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB
SERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY!
In order to log into MariaDB to secure it, we'll need the current
password for the root user. If you've just installed MariaDB, and
you haven't set the root password yet, the password will be blank,
so you should just press enter here.
Setting the root password.ensures that nobody can log into the MariaDB
root user without the proper authorisation.
New password:
Re-enter new password:
Password updated successfully!
Reloading privilege tables..
... Success!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!-.,io3
Phien Ban Thfr Nghifm - Llru Hanh N{H Bq
Men, TRUNG TAM E>AO T�O M�G MAY TINHNIL\TNGU¥
B6I TAC B.AO T�O CUA MICROSOFT T�I VJlTNAM
105 Ba Huyen Thanh Quan, Q3, TP. HCM Miclosoff·Partner
NHAT NGHI; Tel: 39.322.734 - 39.322.735-Website: www.nhatn he.com
,., A
g
By default, a MariaDB installation has an anonymous user, allowing anyone
to log into MariaDB without having to have a user account created for
them. This is intended only for testing, and to make the installation
go a bit smoother. You should remove them before moving into a
production environment.
# remove anonymous users
... Success!
... Success!
By default, MariaDB comes with a database named 'test' that anyone can
access. This is also intended only for testing, and should be removed
before moving into a production environment.
Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.
... Success!
Cleaning up...
All done! If you've completed all of the above steps, your MariaDB
installation should now be secure.
- Login mysql
MariaDB [(none)]>exit
- Import database.
# mysql -u root -p thoitrang < /root/thoitrang/thoitrangdb
- Chep'thu m\lC thoitrang vao /root
-Giai nen
# cd· thoitrang/
[root@mayl thoitrang]# tar xzvfthoitrang.tar.gz
[root@mayl thoitrang]# mv thoitrang/* /var/www/html/
- Sira file cdu hinh
#vi /etc/httpd/conf/httpd.conf
dong 164 Directorylndex index.php
# systemctl restart httpd
!!!!!1!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!5-,ios
Phien Ban Thtr Nghifm - Ltru Hanh N{H B{,
Men,
TRUNG TAM DAO T�O M�G MAY TiNHNHATNG11¥
D6I TAC DAO T�O CUA MICROSOFT T�I VIf;TNAM
,., _ 105 Ba Huyen Thanh Quan, Q3, TP. HCM Miclosolt· Partner
NHATNGHE . ".:.i:)icl Leaming
i lliv.1 st,le • -- .
+ - -::)} ��i'I" nhatnQhet.cornfa.j:,,t:lt�:;.at-xi
....
, ... "'' V• 000 •••·• ·-• o•••• •••••• •• • •• ,-, • , s • • • ••••H•h
�Y""�' .� "",iWi "'-f;"' " ,' A,,- ,,,,,. ,©! ';;:.@ -{ "�"' ':l%i""'i¥"""' m rd '"'-�t"'£' ,,q,i
.>. Joomla. Yo. Styfe
" . , �
l01Ji11 _Q
. ··.:.,_
•"
� =-� ..,.,..,,,,.,. _ _ '"'_""""' �'"""=���"��
Article Manager
IJnerd'ivll Archive Pul>iSh
r-.
'---- 41
� Move
ir:
Copy
a
Trash
/
e<t
� 0 _2 Administro!or 12.0008 43 43
About
.;J 0 Joomla!
TheCMS Admlnisir!l!or 11!)800 1()9 22
About
-Overview � 0 Joomlaf
TheCMS A<fminio',ator 0'30808 ,!.',,;V 1S
vi 0 AbOIA
.ioomlol
The CMS MmiliS1!o,or 11Jl8Jl8 1WS �
� 0 AbO!A
Joomlo!
TM CMS Admlnis:rotor oo.oa.os SJ 18
·:;, 0 __ s
About
,'oomlal
Th� CMS Administrator 12.08.08 7i 24
Abeu The
V 0 � CQtn!'nlJt1d)'
Admil!.."i't:tJtor ll'Jfj(j ll'J !{\ :n
27
:�-
J>:, .,
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!9,io1
Phien Ban Thii' Nghifm - L1111 Hanh Nqi Bq
,.,.1-.,,e,,,,
TRUN� TA� DAO T�� M�NG MAY TINH NBA! NGHl
"f
,r'J;
B6I TAC BAO T�O CUA MICROSOFT T� �T NAM � ..
� ..
105 Ba Huyen Thanh Quan, Q3, TP. HCM MTICIOSOff· Partner
� �
NHAT NGH�
Tel: 39.322.734 - 39.322.735- Website: www.nhatnghe.com
·•+'llol·, lltylo·--
t
"'' .
& -.nlMlnghet.a,m/....,_ratorf,nd•x.pl,p7',p,'ac<,-��n_c_.,. . · ·····-·-·--·--···--···--·---------..--· - - ,:°';- ""
· C'] Lfl: G,s,glo ..................._.______.f'Jj &
·
•-- CJ-...- oClntcorize-. o-- o--.� CJ-- cJ-
------.. -------·---·-----------· ..........______ .._______ ....................____ _____ ______ -------------------.. ·-·-·..---····-.................__ ··-··-·---------···-···.
··- ---
,. ,.
Tllo 0No0Yes
�,tr:;�:,�r��:1:���;��
0No0Yes o.,_.
:�.. . Tuesdoy,24 July 201210:17
"" •·•- . · ····•" "••••• • • ··• ',, ''•••••····A •••.,:.·w·,·,;··w··· ·;· ·,�-•�,· ·· ··.;· ·· ; ·· ··; '"� ··,···········:· ·
i ���� 1
:;;;
: 'Samsung tlin gliin toi v1+c � b6 dltn tho.ii rrun !:!lJ:l!l deo
iL::-, b A· 1;
�!i
·· . -· -
A�;i��� . ·;:�.;.�-� �j
···· ·
8. Virtuamost
Cho phep �o nhi�u hem m(>t website tren server.
G<:id Learning
M{>t IP dung chung cho nhiSu web site cho nhi�u ten khac nhau yeu cAu phai c6 DNS server).
d day se hu6ng ddn cac b�n t�o virtualhost bAng ca.ch/P-basedvirtua/ host.
Vi d\l web hosting cho cac web site
garden I .com
· thoitrang I .com
- Ciu hlnh dns: named.conf, -qio 2 zone
zone "gardenl.com" IN {
type master;
file "nhatnghe.db";
};
zone "thoitrangl.com" IN {
type master;
file "nhatnghe.db";
};
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!�209
- Phien Ban Thir Nghifm - L11U Banh Ncji Bcj
TRUN<? TA� DAO T�� M�NG MAY TiNHNIIA! NGIQ:
_,,I.Y.,e,t, 1>61 TAC BAO T�O CUA MICROSOFT T� \7q:T NAM � ..
"ffllf"I: "
I 05 Ba Huyen Thanh Quan, Q3, TP. HCM Nlicl'osolt' Partner
.
NHATNGHE· Tel: 39.322.734 . . ·
,, A
v
r.rr;��:,�t����¥i{;'.:ff:�?{i4;�+0kJ·r. :;·�� ���--�� Fr;,:;·���·;� ·.
Ele tdt ·!fi!IW ......, � !l><lls �
X
8.2. IP-based virtual host - m<)t IP cho m9t website yeu d.u phai c6 nhi�u IP
gardenl.com ip 192.168.1.20
thoitrang l.com ip 192.168.1.22
Cac bu6c th\l'c hi�n
- Gan ip thu 2 cho ethO
# vi /etc/sysconfig/network-scripts/ifcfg-ethO
21�01[!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!�
Phien Ban Thir Nghifm - Ltru Hanh Nqi Bq
TRUN9 TA.¥ £>AO T�� M�G MAY TiNHNIIA! NG11¥
-AA�,."11,(ftl
"/frJ; DOI TAC DAO T�O CUA MICROSOFT T� VIJT NAM
..., � 105 Ba Huyen Thanh Quan, Q3, TP. HCM Mictosoft·Partner
NHAT NGH� Tel: 39.322.734 - 39.322.735 - Website: www.nhatnghe.�om Gc!(j Learning
IPADDR2=192.168.1.22
# service network restart
- Ki�m tra IP
# ip addr
2: ethO: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu ISOO qdisc
pfifo_fast state UNKNOWN qien 1000
link/ether OO:Oc:29:98:bf:be brd ff:ff:ff:ff:ff:ff
inet 192.168.1.20/24 brd 192.168.1.255 scope global ethO
inet 192.168.1.22/24 brd 192.i68.1.255 scope global secondary ethO
inet6 fe80::20c:29ff:fe98:bfbe/64 scope link
valid 1ft forever preferred 1ft forever
# cd /var/named/chroot/var/named
#cp nhatnghe.db thoitrang.db
# vi /var/named/chroot/var/namedithoitrang.db
$TTL 86400
@ IN SOA serverl.nhatnghe1.com. root (
42 ; serial (d. adams)
3H ; refresh
15M ; retry
1W ; expiry
10) ; mm1mum
IN NS server] .nhatnghe1.com.
IN A 192.168.1.22
server! IN A · 192.168.1.22
WWW IN CNAME server!
mail IN CNAME server l
ftp IN CNAME server!
-Kiehn tra
C:\>ping www.thoitrangI.com
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!9.,itt
Phien Ban Thir Nghifm - Ltru Hanh Nqi Bq
TRUNG TAM DAO T�O M�G MAY TiNHNHA.T NGiq:
J>AI.""'lle!tt
"{� D6I TA.C DAO T�O CUA MICROSOFT T� V1¥T NAM
,., � 105 Ba Huyen Thanh Quan, Q3, TP. HCM Microsoft' Partner
NHAT NGHI; Tel: 39.322.i34 - 39.322.735 - Website: www.nhatnghe.com
"3::-i:l Leaming
C:\>ping www.gardenl.com
21•2�!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Phien Ban Thir Nghifm - Llfll Hanh Nqi Bq
...J"..'1le'C- TRUNG T.A.M E>AO T�O M�NG MAY TiNHNIIAT NGH¥
r-/,r'J; D6I TAC B.AO T�O CUA MICROSOFT T�I vrf:T NAM
-:�I,
,o,i.,.
$TTL 86400
@ IN SOA serverl .nhatnghe1.com. root (
42 ;serial (d. adams)
3H ;refresh
15M ;retry
lW ;expiry
10) ;minimum
INNS serverl.nhatnghe l .com.
INMX 10 server1.nhatnghe I .com.
IN A 192.168.1.20
serverl IN A 192.168.1.20
WWW INCNAME serverl
mail INCNAME server I
ftp IN CNAME server.I
31 queue_directory = /var/spool/postfix
42 daemon_directory = /usr/libexec/postfix
48 data_directory = /var/lib/postfix
59 mai]_owner = postfix
75 myhostname = mail.nhatnghel .com
83 mydomain = nhatnghe I .com
99 myorigin = $mydomain
Server se ling nghe tren dja chi nao d€ nh�n mail v�.
113 inet interfaces = an
116 #inet interfaces = localhost
Server se g&i mail ra ngoai bAng domain nao.
164 #mydestination = $myhostname, loca]host.$mydomain, Joca]host
165 mydestination = $myhostname, loca1host.$mydomain, ]ocalhost, $mydomain
264 mynetworks = 127.0.0.0/8
� !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
21 4 Phien Bin Thw Nghifm - LU'U Hanh Nqi Bq
Men, TRUNG TAM E>AO T�O M�NG MAY TINH NHAT NGllt
D6I TAC DAO T�O CUA MICROSOFf T� VJl;T NAM
105 Ba Huyen Thanh Quan, Q3, TP. HCM l,fictosoft·Partner
::�""'I,
NHATNGHE . .
.,. A
[u2@1ocalhost-]$ mail
Heirloom Mail version 12.4 7/29/08. Type? for help.
"/var/spool/mail/u2": 1 message 1 new
>N 1 u l@nhatnghe I .com Tue Jul 24 19:57 10/344
& 1 #nhin 1, d9c mail s6 1
Message I:
From ul@nhatnghe I .com Tue Jul 24 19:57:50 2012
Return-Path: <u l@nhatnghe I .com>
X-Original-To: u2@nhatnghel.com
Delivered-To: u2@nhatnghe I .com
Status: R
EOT
& quit
Held I message in /var/spool/mail/u2
You have mail in /var/spool/mail/u2
fu2(a),localhost-]$
I [ul@localhost-]$ mail
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!-,i15
Phien Ban Tbir Nghifm - Ltru Hanh Nqi B9
I ..,.,..J',.,te,t,
"fffl:'X
..e
TRUN9 T� DAO T�� M�G MAY TiNHNIIA.!NG�
D6I TAC DAO T�O CUA MICROSOFf T� �T NAM
105 Ba Huy�n Thanh Quan, Q3, TP. HCM . 11/rlCl'OSOft· Partner
�,� - ..
NHAT NGH� Tel: 39.322.734 - 39.322.735-Website: www.nhatn he.com
A
&
3. Dovecot
H6 trq client truy c�p mail b�ng giao thfrc pop, imap
-Cai g6i dovecot-2.2.10-4.e17_0.1.x8 6_ 64.rpm
-Cdu hinh
# vi /etc/dovecot/dovecot.conf
24 protocols = imap pop3 lmtp
# vi /etc/dovecot/conf.d/10-auth.conf
10 disable_plaintext_ auth = no
100 auth_mechanisms = plain login
# vi /etc/dovecot/conf .d/10-mail.conf
24 mail location = maildir:-/Maildir
# vi /etc/dovecot/conf.d/10-master.conf
dong 96-98 bo #
95 #Postfix smtp-auth
96 unix_listener /var/spool/postfix/private/auth {
97 mode = 0666
# va them 2 dong sau
user = postfix
group = postfix
98 }
# vi /etc/dovecot/conf.d/10-ssl.conf
dong 8 ssl = no # not require SSL
21•6!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Phien Bin Thfr Nghifm - Luu Hanh Nqi Bq
TRUNG TAM DAO T�O M�G MAYTINHNHA.TNGH:f;
.....J:."'lle,t,
"ffrl: 1>61 TAC DAO T�O CUA MICROS0Ff T� Vlf;TNAM
105 Ba Huyen Thanh Quan, Q3, TP. HCM Mictosoft· Partner
NHAT NGH� Tel: 39.322. 734 - 39.322.735 - Website: www.nhatnghe.com
A' A
Gold Leaming
Serverlnl01mation �·
----i J
Myincomingmailseivesia !imil.J server.
-- j
incoming mail {POP3}: 1 maitnhalnghe1 .com___ · ---··-··1 l l===·l
d
I i
4.Webmail
Cai g6i
tmpwatch-2.1 l -5.el7.x86_64.rpm
squirrelmail-1.4.22-15.el7.noarch.rpm
# vi /etc/httpd/conf.d/squirrelmail.conf
23 # RewriteEngine on
24 # RewriteCond %{HTTPS} !=on
25 # RewriteRule (.*) https://%{HTTP HOST}%{REQUEST URI}
# vi /etc/squirrelmail/config.php
28 $domain = 'nhatnghel.com';
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!-,i11
Phien Ban Thir Nghifm - LllU Hanh N{,i B{,
-,..J:.'Jte,t,
r/,r'J;
TRUN9 TA¥ f>AO T�� M�NG MAY TiNHNHA! NGIQ:
B6I TAC BAO T�O CUA MICROSOFf T� VJ¥T NAM
Miclosoft· Partner
�", ..
105 Ba Huy�n Thanh Quan, Q3, TP. HCM
NHAT NGH� Tel: 39.322.734 - 39.322.735 - Website: www.nhatn he.com
., A
n n
5. SMTP authe ticatio
Kiem tra g6i cyrus
[root@mayl -]# rpm -qa I grep cyrus
cyrus-sasl-lib-2.1.26-17.el7.x86_64
cyrus-sasl-devel-2.1.26-17.el7.x86_64
cyrus-sasl-2.1.26-17.el7.x86�64
cyrus-sasl-md5-2. l.26-17.el7.x86_64
cyrus-sasl-scram-2.1.26-17.e17.x86_64
cyrus-sasl-plain-2.1.26-17.el7.x86_64
cyrus-sasl-gssapi-2.1.26-17.el7.x86_ 64
# vi /etc/postfix/main.cf
Them vao cu6i file .
682 smtpd_sasl_type = dovecot
683 smtpd_sasl_path = private/auth
684 smtpd_sasl_auth_enable = yes
685 smtpd_sasl_security_options = noanonymous
686 smtpd_sasl_Iocal_domain = $myhostname
687 smtpd_recipient�restrictions =
permit_mynetworks,permit_auth_destination,permit_sasl_authenticated,reject
#vi /etc/postfix/master.cf
11 smtp inet n n smtpd
Them sau dong 11:
12 -o smtpd_sasl_auth_enable=yes
13 -o smtpd_reject_unlisted_sender=yes
14 -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject
15 -o broken_sasl_auth_clients=yes
21·�k�!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!ePebeieeneB!!!!!in!!!!!!TebeeN!!!!!!gebe
ifem!!!!!!-eetrU!!!!!!e eaenebeNee
o:i B o:!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
eee
L
fr H
111i1�
,, .
TRUNG TAM DA.O TAO MANG MAY TINHNIIAT NGHt;
D6I TAC DAO T�O CUA MICROSOFf T�I Vlt;T NAM
,., � 105 Ba Huyen Thanh Quan, Q3, TP. HCM
NHATNGHE· Tel: 39.322.734
. - 39.322.735- Website: www.nhatnghe.com MICl'OSOft·Pa rtner
.G<J!ci Learning
Mail client phai check vao m\lc My server requi � 19L 1f,!l 1 1CJ1 Prnpi>rtlPs �..,�
authentication
#tail -f /var/log/maillog
Aug 9 19:20:34 localhost
postfix/smtpd[3643]: connect from
unknown[192.168.1.25] @R--d
Aug 9 19:20:34 localhost 01.ogonuu,g�...,.P--icn
postfix/smtpd[3643]: 381E1120F12:
client=unknown[192.168.1.25], IS�.,!
sasl_method= LOGI N, sasl_username=u1
oo�---
______j
. # make server.csr
umask 77; \
/usr/bin/openssl req -utf8 -new -key server.key -out server.csr
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a ON.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
# openssl x509 -in server.csr -out server.crt -reg -signkey server.key -days 3650
Configure Postfix and Dovecot for SSL
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!9..,i19
Phien Ban Thir Nghifm - LU'U Hanh Nqi Bq
.J>A�-'Ttelft
"ffllf"J: _
TRUNG TAM DAO T�O M�NG MAY TINHNIIAT NGHE:
B6I TAC B.AO T�O CUA MICROSOFT T� �T NAM
Microsoft· Partner
�". ..
105 Ba Huyen Thanh Quan, Q3, TP. HCM
NHAT NGH� Tel: 39.322.i34 - 39.322.735 - Website: www.nhatn he.com
� A
<'.;;,;,l:5 Leaming
#vi /etc/postfix/main.cf
Them vao cu6i file:
smtpd_use_tis = yes
smtpd_tls_cert_file = /etc/pki/tls/certs/server.crt
smtpd_tls _key_file = /etc/pki/tls/certs/server.key
smtpd_tls _session_cache_ database = btree:/etc/postfix/smtpd_scache
#vi /etc/postfix/master.cf
Bo# cac dong
31 smtps inet n n smtpd
32 -o syslog_ name=postfix/smtps
33 -o smtpd_tls_wra,ppermode=yes
#vi /etc/dovecot/conf.d/10-ssl.conf
8 ssl = yes
14 ssl_cert = </etc/pki/tls/certs/server.crt
15 ssl_key = </etc/pki/tls/certs/server.key
-i----
"'
Short
Sern;fir,g ------�-.......,.-c-c----,-.--
r �re<lk a?<l\t m�age;_ l<l!ger than ]9iJ
Ch9n yes
.
NHATNGHE· Tel: 39.322. 734 - 39.322.735 - Website: www.nhatnghe.com Go!d Learning
# vi /etc�ttpd/conf.d/squirrelmail.conf
86 # tren cac dong
23 RewriteEngine on
24 RewriteCond %{HTTPS} !=on
25 RewriteRule (.*) https://%{HTTP HOST}%{REOUEST URI}
# systemctl restart httpd
Nh�p 192.168. I. IO1/webmail
To:
8. Reports
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!9.,i
Phien Bin Thir Nghifm - Ltru Hanh Nqi Bq 21
TRUN9 TA� DAO TA.� MA.NG MAY TINHNHA! NGiq:
..,..4.J'..'1le"'
r/frl:. D6I TAC DAO T�O CUA MICROSOFf T� �T NAM
� � I 05 Ba Huy�n Thanh Quan, Q3, TP. HCM Miclosolt' Partner
NHAT NGHI; Tel: 39.322.734 - 39.322.735- Website: www.nhatn he.com
g
#mkdir /var/www/cgi-bin/awstats
#tar -zxvf awstats-7.3.tar.gz
# cd awstats-7.3/wwwroot/cgi-bin/
#mv awstats.model.conf awstats.postfix.conf
#cp -r * /var/www/cgi-bin/awstats
#cp . .I. ./tools/maillogconvert.pl /var/www/cgi-bin/awstats
#cd /var/www/cgi-bin/awstats
Sua file cau hinh
#vi awstats.postfix.conf
50: LogFile= "perl /var/www/cgi-bin/awstats/maillogconvert.pl standard <
/var/log/maillog I"
62: LogType=M
122: LogFormat="%time2 %email %email_r %host %host_r %method %url
%code %bytesd"
153 SiteDomain="nhatnghe.com"
203 DirData= "/var/www/cgi-bin/awstats"
239 AllowToUpdateStatsFrom Browser= 1
838-851: khai bao lai cac dong la gia tri 0
LevelForBrowsersDetection= O
LevelForOSDetection= O
LevelForRefererAnalyze=O
LevelForRobotsDetection=O
LevelForWormsDetection=O
LevelForSearchEnginesDetection= O
Leve IForFileTypesDetection= O
926 ShowMenu= 1
951 ShowSummary= HB
956 ShowMonthStats= HB
961 ShowDaysOfMonthStats= HB
966 ShowDaysOfWeekStats=HB
971 ShowHoursStats= HB
976 ShowDomainsStats=O
981 ShowHostsStats= HBL
986 ShowAuthenticatedUsers= O
991 ShowRobotsStats= O
1001 ShowEMailSenders=HBML
1006 ShowEMailReceivers= HBML
1011 ShowSessionsStats= O
1016 ShowPagesStats= O
1021 ShowFileTypesStats= O
1026 ShowFileSizesStats= O
1036 ShowOSStats=O
1041 ShowBrowsersStats= O
1051 ShowOriginStats= O
1056 ShowKeyphrasesStats=O
1061 ShowKeywordsStats= O
1066 ShowMiscStats= O
1071 ShowHTTPErrorsStats=O
1076 ShowSMTPErrorsStats= 1
11.59 kB
ails successfully sent 10
(1.15 KB/Mails)
1ails failed/refused 0 0
Mails: Mails: Mails: Mails: Mails: lOSize: Mails: Mails: Mails: Mails: Mails: Mails: Mails:
OSize: 0 osize: o OSize: 0 OSize: O 11.59 KB OSize: 0 OSize: o OSize: 0 OSize: O OSize: O OSize: 0 OSiza: O
Jar, Feb Ma, Apr Hay Jun Jul Aug Sep Oct Nov Dec
2015 2015 2015 2015 2015 2015 2015 2015 2015 2015. 2015 2015
Month i.'.�]1��1�%1}1
Jan 2015 0 0
Feb 2015 0 0
Mar 2015 0 0
Apr 201S 0 0
Hay2015 10 11.59 KS
<Directory "/var/www/cgi-bin">
AuthType Basic
AuthName "admin"
AuthUserFile "/etc/httpd/conf/password"
require user admin
AllowOverride None
Options None
Order allow,deny
Allow from all
</Directory>
T�o redirect
redirect /maillog http:/1192.168.1.101/cgi-bin/awstats/awstats.pl?config=postfix
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!5,i23
Phien Bin Thii' Nghifm -Lll'II Hanh Nqi B9
TRUNG TAM E>AO T�O M�G MAY TINH NHAT NG11¥
..-.A.J'.."Ee,t,
7ftr'J:. B6I TA.C BAO T�O CUA MICROSOFT T� VIl:T NAM
,., � 105 Ba Huy�n Thanh Quan, Q3, TP. HCM Miclosoft·Partner
NHAT NGH�
Tel: 39.322.734 - 39.322.735- Website: www.nhatnghe.com
New password:
Re-type new password:
Adding password for user admin
,/-.;.�i,,;;�,-�,;,..;;,;_�
·o�:-�··c·,··� [i] .........p search *F�es er�•�
-�-rllJ J"'
I
1����;/.L
!,!ser name:
E_assword:
0 Remember my password
i�
[ OK .) I Cancel
9. Anti spam
· Cai spamassassin
Cai cac g6i perl-*
spamassassin-3.3.1-2.el6.i686.rpm
vi /etc/postfix/master.cf
- SU'a dong 11:
smtp inet n - n smtpd
Dong 11 -o content_filter=spamassassin
C6 khoang trang dau dong,
#e-mail g6'i diln dich v1,1 smtp se g6'i d€ln cho spamassassin
Dung t�o service m6'i kieu unix trong file master.cf, dung gQi daemon pipe cua
postfix de phan phat e-mail, ra l(mh spamc de tiiln hanh quet mail (phat hien spam) sau d6
dung lenh sendmail gai mail ngU'Q'C tra l�i cho postfix
# netstat -nltp
Active Internet connections {only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PIO/Program name
tcp O O 0.0.0.0:110 0.0.0.0:* LISTEN 2057/dovecot
tcp O O 127.0.0.1:783 0.0.0.0:* LISTEN 2746/spamd.pid
tcp O O 0.0.0.0:143 0.0.0.0:* LISTEN 2057/dovecot
tcp O O 0.0.0.0: 111 0.0.0.0:* LISTEN 1400/rpcbind
tcp O O 10.0.0.1:53 0.0.0.0:* LISTEN 1516/named
spam ne
XJS*C4JOBQAON1. NS8N3'2IDNEN*GTUBE-STANDARD-ANT1·
UBE-TEST-EMAIL"C.34X
You should send this test mail from an account oujside of your
network.
Ch9n properties tren email thu 2, detail xem cac thong tin lien quan denvi�c test spam do
spamassassin chen vao header mail sau khi k�m tra xong
Tuang t\f, xem header mail cua email khong c6 spam
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!-,i2s
Phien Bin Thu- Nghifm -LtrU Hanh Nqi B9
TRUNG TAM DAO T�O M�NG MAY TiNHNIIATNG�
,.,.�:. 'Jl�
7flrr. D6I TAC DAO T�O CUA MICROSOFT T� �TNAM
--..,---E 105 Ba Huyen Thanh Quan, Q3; TP. HCM lllliclosoft Partner
NHAT NGH · Tel: 39.322.734 - 39.322.735-Website: www.nhatn he.com ".;;d:� Leaming
., �
'
w ..
-·······J: � ..... i ... · .. . .
Retum-Pelh: <u1@nhalnghe1.CQIII)
X-Original-To: u1@nhalnghe1.com
Oeliveled-To: u1@nhalnghe1.com
,A.·
;'1:
iC ·
I [SPAM] mail c6 spam . .
maA lchoni.i co spam · • 1
Received: by malmaln/lle1 .com [PostflX. from u;erid 8J
id8296gfjF195;Wed. 25Jl.i201211:44:36 +0700 p :;],
L'>
I
iX-Spam,Chec:ker-Version: S� 3.3.1 (2010-03-16} on;· ;�
··
I locatlc,atlocaldomain · . ,.;
+11
. �
OATE_IN_PAs I_w_til.bl<IM_ADSP_NXDOMAIN. -
:�==:=.s::;;;;:;::::;,;.::;__T ::�
version-3.3.1
• pam- epo,t
'-1.0ALL_TRUSTEO Pa;;ed throlq1 lrusledhoslt
' 0.8 DKIM_ADSP_�OMAJN No vaid a.ihcx $igr
' 1.1 DATE_IN_PAST_03_D60&te: is 3lo 6 hourst
'1000 GTUBE BODY: Generic T eit for Unso&caed E
' 0.0 HTML_MESSAGE BODY: HTML rdJded in rr
from ><P (rinov,n 11 92.168.1.2D
NEN"GTUBE-STANDAAD-ANTI-UBE-TEST-
. Me:;age Sooo:e...
from an account outside of your network.
OK j I Cancel
·
9 1 new rnessage(s)
r OK ···11 Cancel ,
Gold Learning
-----.
Fdiiers
�OutlookExpr�--
-3 JJ. lJ' � From -. --�-·
. -· . JSPAM]mail�
! . S!Alject ···
�u1
E:J � local Folders
�-
i <&i
Inbox
..�Outbox
i ·. �Sent nems
· (JI Oeletednems (!)
. ��afts
I...
�ontacts ...
�ul
Original Message --
From: Y1
T11• 111 · ........
1 message(s), 0 unread .· .ll Worl<ing Onh · � No new messages
CaiAmavisd
. Cai per!-* va cac file trong thu mvc per!
Cai clamav-* va cac file trong thu mvc c1amd
Cai spamassassin -* va cac file trong thu mvc clamd
Cai amavisd-* va cac file trong thu mvc amavisd
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!9-,i21
Phien Ban Thii' Nghifm - LU'U Hanh N{,i Bq
TRUNG TAM DAO T�O M�NG MAY TINH NBA.T NGB¥
.AA.J'..'Jle"' D6I T.A.C DAO T�O CUA MICROSOFT T�I VJ¥T NAM �..
"ff'l::'X
105 Ba Huy�n Thanh Quan, Q3, TP. HCM .-ICrOSOft' Partner,� �
NHAT NGH� Tel: 39.322.734 - 39.322.73-5-Website: www.nhatn he.com
.., A
r;;ok! Leaming
file:///media/cdrom/
file:///media/cdrecorder/
gpgcheck= l
enabled=O
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
mkdir /media/cdrom
mount /dev/cdrom /media/cdrom
yum --disablerepo=\* --:-enablerepo=c7-media groupinstall "Compatibility Libraries" -y
yum --disablerepo=\* --enablerepo=c7-media groupinstall "Development tools" -y
yum --disablerepo=\* --enablerepo=c7-media install perl-* -y
hoac
rpm -ivh epel-release-7-5.noarch.rpm
yum --enablerepo=epel -y install amavisd-new clamav-server clamav-server-systemd
# vi /etc/amavisd/amavisd.conf
20 $mydomain = 'nhatnghe.com';
96 $sa_kill_level_deflt = 6.9; # triggers spam evasive actions (e.g. blocks mail)
152 $myhostname = 'mail.nhatnghe.com';
154 $notify_method = 'smtp:[127.0.0.1]:10025';
155 $forward_method = 'smtp:[127.0.0.1]:10025';
Kiim tra
1. ul goi mail blob th1rimg
Cac user goi nh�n mail binh thm'mg, xem tr�ng thai cho bi�t mail da duqc quet virus, spam
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!S,i2
Phien Ban Thll' Nghiim - LllU Hanh Ni)i Bi) 9
7"1:'1:
·
..,.,.,J".."Re,c, TRUNG TAM DAO TAO MANG MAY TINHNIIAT NGHE
D6I TAC DAO T�O CUA MICROSOFT T�I \7q:T NAM �,�. ..
,.. � I 05 Ba Huy�n Thanh Quan, Q3, TP. HCM Miclosoft·Partner
NHAT NGH� Tel: 39.322.734 - 39.322.735 - Website: www.nhatncl1e.com
<'.'.it.>id Leaming
fflTo:
ft:ICc:
Subject: i;;;a11 co spam
XJS•C4JD8QADN1 . NS8N3"21DNEN"GTU8E-STANDARD-.A.NTI-UBE·TEST
EMAIL"C.34X
You should send this test mail from an account outside of your network.I
# tailf /var/log/maillog
Tuong t\I khi user goi file dinh kem c6 virus, email se bi block. User se khong nh�n dugc mail
May 14 00:39:10 localhost postfi:x/qmgr[3 l 452]: 05EFOE09BE: from=<ul @nhatnghe.com>,
size= l 204, nrcpt=l (queue active)
May 14 00:39:10 localhost postfi:x/smtpd[3 l 658]: disconnect from unknown[l 92.168.1.200]
May 14 00:39:10 localhost clamd[30853]: /var/spool/amavisd/tmp/amavis-
20150514T002652-31272-WIYekm66/parts/p004: Eicar-Test-Signature FOUND
May 14 00:39:10 localhost clamd[30853]: /var/spool/amavisd/tmp/amavis-
20150514T002652-31272-WIYekin66/parts/p002: Eicar-Test-Signature FOUND
May 14 00:39:10 localhost amavis[31272]: (31272-06) Blocked INFECTED (Eicar-Test
Signature) {Discardedlnternal,Quarantined}, MYNETS LOCAL [192.168.1.200]:1876
<ul @nhatnghe.com> -> <u2@nhatnghe.com>, Queue-ID: 05EFOE09BE, Message-ID:
<00820 I d08dff$eca29800$c801a8c0(a),nhatnghe.com>, mail id: WLu7okTjDv1W, Hit
- Postfix h6 trg nhi�u policy d� ki�m soat qua trinh goi nMn mail rfit lii:ih ho�t.
:!. . . .. ����1:1��.� ....;(. ��!�.. l�������CToEJ.?��s�tj
�mtpd. client restrictions··-- .. i@ptional ; [Reject all.client commands·-· .......... j
ils111tp���o r�stricfi°.1'1� ... ... .... ,,()pfio�•IR.eje���C)�(:).in�°.�tion . ...
!ls111tp� sendi::r r�stricti?1'1S . .... ;IClIJtional
[�tject �I� F�()Minfo�tioz.i
l�:ri�P? r,e_cipi,�t r�stri�tiori� . ;!��q�ed !�tje�t ��P.T_!Q -�f,°.�tioz.i . .. .
: lsmtpd eta�- restrictions ,, ___,_Jo�tionar [Reject DA!A c ommand-···· -·······- ":
!l�.!!l�B� en� ?� ��:e.�tric���s.:IOJ?fio�:[�tje.����9�=1?�!.ll,� o��····
:!5.1:11�P�. �E��tri��°.l'ls ....... . ...... . !Qpt.i��.'!��e�t .�!�� o��······
1
- C6 th� tim ki�m thong tin chi ti�t v8 cac policy nay & www.postfix.org. Trong ph�m vi cua
bai Jab, chi neu m9t s6 policy thong d1,mg.
- Danh gia dia chi sender, d� quy�t dinh c6 chfip nh�n mail hay khong:
smtpd_sender_restrictions c6 t� nh�n cac gia ttj sau:
check-sender-access
reject_ authenticated _sender_login_mismatch
reject_non_fqdn_sender
rejectJhsbl_sender rbl_domain =dddd
reject_ unauthenticated_sender _login_mismatch
reject_ unverified_sender
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!�i31
Phien Ban Thir Nghifm - LtrU Hanh Nqi Bq
...,,..J',.'1le,t,
7111:X
TRUNG TAM DAO TtO MtNG MAYTINHNIIA.T NG�
D6I TAC DAO T�O CUA MICROSOFT T� \71l:T NAM .
..-ICIOSOft-Partner
�,� ·- ..
105 Ba Huy�n Thanh Quan, Q3, TP. HCM
NHAT NGH� Tel: 39.322.734 - 39.322.735-Website: www.nhatnghe.com
,., A
'3oh� Leaming
- Kiem soat s6 ket n6i d6ng thai, s6 lugng ket n6i d6ng thoi:
smtpd_client_connection_count_limit (default: 50)
smtpd_client_ connection_rate _limit (default: no limit)
smtpd_client_message_rate_limit (default: no limit)
smtpd_ client_recipient_rate_limit (default: no limit)
. www.nhatnghe.com ArlCIOSOft·Partner
G,1ld Leaming
Topic16: Squid
Install Squid
Configure Squid
Acl, Rules and Cache Rules
Sarg - Squid Analysis Report Generator
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!J.,i33
Phien Bin Thir Nghifm - Lllll Hanh N9i Bq
..,,z.,ie,c,
TRUNG TAM E>AO Te,.O M�G MAY TiNHNIIAT NGl£E:
7111;:YJ; DOI TAC BAO T�O CUA MICROSOFT T� �T NAM
· lllrlCIOSOl't' Partner
I 05 Ba Huyen
. Thanh Quan, Q3, TP. HCM
NHATNGHE . .
,., A
<.,;,>i:� Leaming
• Tel: 39.322.734 - 39.322.735-Website: www.nhatnghe.com
n Connection Settings x
VN!li�EB�tf.!�t§
Btit tikng: Vi�! nt,;eu ng"'11 x&m nr:4t
Th� thao Bong Ila Trono nlJ'Oc Nagai hang .Anh Champions League La Uga Serie A C�c glai khac 24h
. c� 111,:u:;.;1
, 17 nam, mQt Ching illfong cua Gerrard 0- Llverpoot /'�lmg thar ctia Man Ul<I pt,a
hong nwGorrard cilia lay Uwrpuol Nam Q1e5 .I 100% GV Au Mg Uc
•cat rnach rnau cua t6i ra va b�n se thay toi chay mau ao cua Liverpool.
v6
Mess! toa sang glup
Barca �ch La a
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!9,i3s
Phien Ban Thir Nghifm - Ltru Hanh N9i Bq
TRUNG TAM DAO T�O M�G MAY TiNHNHATNGffl;
.J>A1"'1l� D6I TAC DAO T�O CUA MICROSOFT T� VJ1;T NAM
7fllfX � ,�-- ..
N I 05 Ba Huy�n Thanh Quan, Q3, TP. HCM 11/rlCIOSOlt'Partner
NHATNGHE· Tel: 39.322.734 - 39.322.735- Website: www.nhatn e.com
A
":J;�i:.l Leaming
gh
ERROR
The requested URL could not be retrieved
The following error was encountered while trying to retrieve the URL: http://ynexprnss net/
Access Denied.
Access control configuration prevents your request from being allowed at this time. Please contact your service
provider if you feel this is incorrect.
Your cache administrator is 02Qt.
Done
Gold Learning
I
ti iil / http://ngoisao.net/
llJMostVisitedv �centos ii!Wiki li)Documentation [i)Forums
� ERROR: The requested URL •• )C ,�����!�.�,.�J-�... . -.. - ""'" '""" "'" V
ERROR
The requested URL could not be retrieved
The following error was encountered while trying to retrieve the URL: http:Qngoisao.netl
Access Denied.
Access control configuration prevents your request from being allowed at this time. Please contact your service
provider if you feel this is incorrect.
Your cache administrator is aJ.2t.
Done
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!9-ii37
Phien Ban Thfr Nghifm - Luu Hanh Nqi Bq
1flil�
,.,
TRUNG TAM DAO T�O M�NG MAY TiNHNIIAT NG�
D6I TAC D.AO T�O CUA MICROSOFT T� VJl;T NAM
� 105 Ba Huy�n Thanh Quan, Q3, TP. HCM
�,.
,� ""
Miclosoft·Pa rtner
NHAT NGH� Tel: 39.322.734 - 39.322.735-Website: www.nhatnghe.com
# vi /etc/squid/allowweb
.vnexpress.net
.nhatnghe.com
Chu thich:
. s la chu nh�t; M la thu 2 ;T la thu 3; w la thu 4; H la thu 5; Fla thu 6; A la thu 1
3.5. Gioi h9-n nc}i dung file download
- T�o file chua cac phdn ma r(>ng cac files dn gi6i h�n download
# vi /etc/squid/denydownload
\.mp3
\.exe
\.vbs
\jpg
The proxy 10.0.0.1:3128 is requesting a usemame and password. The site says, "Squid
proxy-caching web server•
User Name: hvli i
Password: · .
..
•_•_el'-------------------'---'
vendors redistribu�on policy and aims to be l 00% binary compatible. (C.mtos mainly changes
packages to remove upstream vendor branding and artwork.)
Centos is developed by a small but growing team of core developers. In turn the core developers
are supported by an active user community including system administrators, network
administrators. enterprise users, managers, core Linux contributors and Linux enthusiasts from
around the worid.
1!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!.,i39
Phien Bin Thir Nghifm - LllU Hanh N9i Be)
TRUNG TAM DAO T�O M�NG MAY TiNHNHA.T NGffl:
�A.J'.."'lle,t, '1>61 TAC BAO T�O CUA MICROSOFf T� VQT NAM -r4rJ,.
7,rrJ; ll/licroSOlt· Partner
,� µ
7 accessJog /var/log/squid/access.log
120 output dir /var/www/html/squid-reports
136 user_ip yes ; no; hi�n thj user
293 report_type topusers topsites sites_users users_sites date_time denied auth_failures
site user time date downloads
Top sites
Sites &Users
Denied accesses
Authentication Failures
9
Squid Analysis Report Generator
;
statlc.ecllclc.vn I 24j227.431Cj S ,89% 0.00% 100.00% 00,00,osj 5,5671 0,330/ij
s.f.30,img;vnecdn.n et
I 26 118.0LKI 4,61% 45,9 7% 54.03%' 00,00,041 4,8861 0.29%1
-="+I s.f.3_
_ 1.i_m�9,_vn_e_cd_ n .n_ e1:
_____ ---l[�j
j 6j H0.19Kj 3,63%1
1
_ +j _ 66
1 48.56Kj 3 ,8S%j_3_ 3._ 3 _6% _ 4_%
_ .6
0.00% 100.00%1
......I___ _ o _,o_s+l _s_,3 _131. 0.31%1
oo _,o
oo,oo,02! 2.ts3j 0,13%1
---l
�""""Press.net
,f3_ 6_.im_9_.v_n_ec_d.n_ _ ne_
_Eii...,..lc_ l_ t _____.,..l __1__,j 122.9 7Kj 3,18%! 13.10% 86.90% 00:00:02! 2,491j 0,15%1
� s.1'29 .lmg,vnecdn .net I 1s! 12.2.S1KI 3, 17%j 49,96%! 50,04%1 00:00:01 j 1,611! 0,09%1
Ell s.(32.im .vnecdn.net 12 117 .18K 3.03% 31.2B%j 68.72% 00:00:03! 3.042! 0,18%1
# vi /etc/tmpfiles.d/clamd.squid.conf
d /var/run/clamd.squid 0755 squidclamav squidclamav -
# vi /usr/lib/systemd/system/clamd@.service
Them vao cu6i file
[Install]
WantedBy=multi-user. target
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!�i4I
Phien Ban Thfr Nghifm - Lffll Hanh Nqi B9
Men,
,..,
TRUNG TAM DAO T�O M�NG MAY TiNHNHA.T NGff¥
DOI TAC DAO T�O CUA MICROSOFT T� VJl;T NAM
105 Ba Huy�n Thanh Quan, Q3, TP. HCM Mic,osolt- Partner
NHAT NGH� Tel: 39.322.734 - 39.322.735-Website: www.nhatn ,.;.;::,.It! Leaming
ghe.com
# vi /etc/freshclam.conf
Dong 8 #Example
#freshclam
# touch /var/log/clamd.squid
# chown squidclamav. /var/log/clamd.squid
# chmod 600 /var/log/clamd.squid
# systemctl start clamd@squid
# systemctl enable clamd@squid
Install c-icap.
c-icap is an implementation of an ICAP server. It can be used with HTTP proxies that support the
ICAP protocol to implement content adaptation and filtering service
. /etc/rc.d/init.d/functions
. /etc/sysconfig/network
CONFIG_FILE=/etc/c-icap.conf
PID_DIR=/var/run/c-icap
RETVAL=O
start() {
echo -n $"Starting c-icap:"
daemon /usr/local/bin/c-icap -f $CONFIG_FILE
RETVAL=$?
echo
[ $RETVAL -eq OJ && touch /var/lock/subsys/c-icap
return $RETVAL
I �toeo <
242 Phien Ban Thir Nghifm - Laro Hanh N{H B{>
......:L"Jleft, TRUN<J TA� DAO T � M NG MAy TINH NBA.! NG
� � Hl:
.,{frX B6I TAC BAO T�O CUA MICROSOFf T�I �T NAM �\
�"'
J 05 Ba Huy�n Thanh Quan, Q3, TP. HCM Afictosoft·Partner
NHAT NGH� Tel: 39.322.734 - 39.322.735-Website: www.nhatnghe.com
., A
Goid Leaming
# vi /etc/squid/squid.conf
chu y: cdu hinh squid chfrng thµc user
Them vao cu6i file:
icap_enable on
icap_send_client_ip on
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!l!!!!!!!l!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!l!!!!!!!!!!!!!!!!!!!!!!!!-,i43
Phien Ban Thir Nghifm - L1r11 Hanh N{H Bq
TRUNG TAM DAO T�O M.e.NG MAY TiNHNHA.TNGffl:
,.,.I."'.lte"'
"/111(:J; D61 TAC B.AO T�O CUA MICROSOFf T� \'llT NAM
105 Ba Huyen Thanh Quan, Q3, TP. HCM Miclosolt" Partner
·NHATNGHE· Tel: 39.322.734 . - 39.322.735- Website: www.nhatn he.com
• ,., A
.-_,;,;.jd Learning
icap_send_client_usemame on
icap_client_usemame_header X-Authenticated-User
icap_service service_req reqmod_precache bypass= l icap://127.0.0.1:1344/squidclamav
adaptation_access service_reg allow all
icap_service service_resp respmod_precachebypass= l icap://127.0.0.1:1344/squidclamav
adaptation_access service_resp allow all
C l [j www�eicar.org/85-0-Download.html
---�·· ·--------'---""
-·--'--�-�--'-"�--'-�---"-'
' ' •o•V°' .•••• •�•••• •••-
:-• ••=••••••••
"''. ..c..
' •-• • •
v•--•••••-• ··-
�---
---''"'-
# mv /etc/squid/squidGuard.conf /etc/squid/squidGuard.conf
# vi /etc/squid/squidGuard.conf
5 dbhome /var/lib/squidGuard/db
6 logdir /var/log/squidGuard
Them vao cudi file:
dest deny {
domainlist deny/domains
urllist deny/urls
}
acl {
default {
pass ! deny all
redirect http://www.nhatnghe.com
}
}
# mkdir -p /var/lib/squidGuard/db/deny
# vi /var/lib/squidGuard/db/deny/domains
ngoisao.net
bongda.com.vn
# vi /var/lib/squidGuard/db/deny/urls
www.tuoitre.com.vn
www.micorosoft.com/mcp
# squidGuard -b -d -C alJ
# chown -R squid. /var/Jib/squidGuard/db/deny
#cd /var/squidGuard/
#tar xzvf blacklists.tar.gz
# chown -R squid /var/squidGuard/blacklists
!1!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!9,245
Phien Ban Thtr Nghifm - LU'U Hanh N9i Bq
Mel"
TRUNG TAM f>AO TtO M�G MAY TINHNIL\T NGIQ:
DOI TAC DAO T�O CUA MICROSOFT T� Vq:T NAM
ff . � 105 Ba Huyen. Thanh Quan, Q3, TP. HCM lllliclosolt· Partner
NHATNGHc .
· Tel: 39.322.734 - 39.322.735- Website: www.nhatnghe.com
kernel (netfilter)
!!!!!1!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!,i41
Phien Ban Thtr Nghifm - LtrU Hanh Nqi Bq
TRUNG TAM DA.O T�O M�G MAY TiNHNIIAT NGHf:
....AL""ll�
"/frX DOI TAC DAO T�O CUA MICROSOFT T� vrf:T NAM
-�.---- 105 Ba Huyen Thanh Quan, Q3, TP. HCM Miclosoft'Partner
NHATNGHc ,..
• Tel: 39.322.734 - 39.322.735 - Website: www.nhatnghe.com
Firewall Configuration
File Options . View· Help
I zone
I :;
i, block
you can define which services are trusted in the zone. Trusted servises are accessible from
all hosts and networks that can reach the machine from connections, interfaces and sources bound
to this zone.
l l e�ternal
11home
•1 · ' postgresql
i: internal
I,
1• ,.., proxy-dhcp
,.., radius
public
trusted
" RH·Satellite-6
i work
r, rpc-bind
'' samba
' ' samba-dient
smtp
,� I
l A fir
I zorn ng, port/packet for.varding,
I boui Panic Mode
I Lockdown
I bto
Runtime To permant 1. ��jg�J;ei::�t2J
I dmz i I Add additional ports or port ranges, which need to b
; 11 connect to the machine.
2. Zone management
Gi6i thi�u cac zone
drop Any incoming network packets are dropped, there is no reply. Only outgoing
network connections are possible. �� � � _
block Any incoming network connections are rejected with an icmp-host-prohibited
• All network interfaces can be located in the same default zone or divided into different ones
according to the levels of trust defined
• By default, "pub1ic" zone is applied with a NIC and dhcpvfrclient and ssh are allowed. When
operating with "firewall-cmd" command, if you input the command without "--zone==***"
specification, then, configuration is set to the default zone.
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!9,i
Phien Ban Thir Nghifm - LU'U Hanh N9i B9 49
TRUNq TA.� DAO T�� M�G MAY TINHNIIA! NG�
..:J..'1te,f, 1>61
7,r'J;. TAC BAO T�O CUA MICROSOFf T� vq:T NAM·
----- 105 Ba Huy�n Thanh Quan, Q3, TP. HCM Mic,osoft' Partner
NH,{T NGH$ Tel: 39.322. 734 - 39.322.735 - Website: www.nhatnghe.com
Ho�c
File I Option� ! View Help
Reload Firewalld
Con1:
onnections
eno16777736 (enol6777736)
A1ir; Zone: �Aternal bou
zon, Panic Mode 1 rulE:
bour ifcfg-Wired_connection_l (eno3 3554984
Lockdown Zone: intern>!
;_�ic:t
Zon
ra n
Runtime To permant r���E! �i �L�?��.f��.v: �i.�.9jl�fl.1e �il�er.
ar
blo.
· ··· : j Add entries t� bi�d i�terfaces to the zone. If the interface will be used by a c
dmz
: ! will'""be··set ·to the"' zone
--·-· ,
specified in the connection.
... ,.. - -- ·
I drop
! external
Ii
I /nt;;rface C,,mm0nt
"
.1
!home
i[
3. Service management
Sau khi gan m6i interface cho m{>t zone, ti�p theo c6 th� them cac services cho tung zone.
To allow the http service permanently in the internal zone, type:ch zone.
Chi cac may hen trong truy c�p duqc web http://10.0.0.1
Cho tir ben ngoai truy �P web t�i firewaii
J A firewalld zone defines the level of trust for network connections, interfaces and source addresses bound to the zone. The
I zone combines services, ports, protocols, masquerading, port/packet forwarding, icmp filters and rich rules. The zone can be
! .bound to interfaces and source addresses.
Ga bo service
#firewa11-cmd --zone=extemal --remove-service=http
4. Masquerading
D� cdu hinh masquerading tren external zone
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!�251
Phien Bin Thir Nghifm -LU'U Hanh Nqi Bq
-A1'1le,t,
"ffrx .
TRUN9 TA¥ DAO T�� M�G MAY TiNHNHA! NGB¥
DOI TAC DAO T�O CUA MICROSOFT T� VQ:T NAM � ..
'-"! ¥
Zones
A firewalld zone defines the level of trust for network connections, interfaces and s
zone combines services, ports, protocols, masquerading. port/packet forwarding. icm
bound to interfaces and source addresses.
Zone
Masquerading
block
Masquerading allows you to set up a host or router that
dmz
internet. Your Local network will not be visible and the
Jfil' I
drop internet. Masquerading is 1Pv4 only.
jhome
j intemal
:I Masquerad� zone
If you enable masquerading, IP forwarding will be enabl
VN!il��B��.��
tto lu1n, Vi,+t nhi*u r;�1J'OS :r.�m tll'l6t
n Local forwarding
r.i' Forward to another port
. IP address:
· [ . Li Rem�te Desktop
1 � �f/
Connection
�er: 192.168.1.102
Username: NHATNGHE\adlnmlralor
You wl be llllked for crederfials when ycu �-
.I
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!J!l.,is3
Phien Bin Thu- Nghifm - Ltru Hanh Nqi Bq
....d'..'1te"' TRUNG TA.M DAO T�O M�NG MAY TINHNIIAT NG�
"'ffrX DOI TAC BAO T�O CUA MICROSOFT T�I �T NAM
105 Ba Huy�n Thanh Quan, Q3, TP. �CM llllicl'osolt· Partner
-N-H-.J.�T-N_G_H-�
• Tel: 39.322.734 - 39.322.735- Website: www.nhatnghe.com
..:.i,�k; Leaming
Pr ototol: t<;p v
Destination
Tir may ben ngoai ti€n hanh k€t n6i d€n ssh server thong quan port 2222
j192.168.1.102
COMeCl I
Jroo4
fort Number.
Cancel I
6. Port management
Firewall ma port 3128
# systemctl restart squid
# firewall-cmd --zone=intemal --add-port=3128/tcp
Quan sat GUI:
' A firewalld zone defines the level of trust for network connectio.ns, interfa
. zone combines services, ports, protocols, masquerading, port/p acket forw
: bound to interfaces and source addresses.
May client hen trong LAN ciu hinh proxy, truy c�p internet thanh c6ng
lffiltt}\1)]]
.. . .
·�oriiatic configuration
1 �":. :/ .
.���
Aut6!riatii: conf ation mav override manual settings. i"o �e the
. use of��, settings, qisable automatic configuration, ..
,gur
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!,iss
Phien Bin Thir Nghifm - L11U Hanh Nqi Bq
TRUNG TAM DAO TAO MANG MAY TiNHNHAT NGHE
.:..�.I'..--
7
ett,
l>OI TA.C BAO T�O CUA MICROSOFT T� Vfl:T NAM
� ��
----- 105 Ba Huy�n Thanh Quan, Q3, TP. HCM Mic,osott· Partner
NHAT NGHe Tel: 39.322.734 - 39.322.735 - Website: www.nhatn he.com
g
Cac may client ben trong khong cin du hinh thong tin v� proxy v�n c6 th€ truy c?p internet thong
qua proxy
Backup of iptables
iptables-save > /opt/iptables.backup
Restore iptables from backup file
iptables-restore < /opt/iptables.backup
Amanda
So�n file /etc/hosts tren cac may
192.168.1.101 may l .nhatnghe.com
192.168.1.102 may2.nhatnghe.com
192.168.1.13 win.nhatnghe.com wm
1. Amanda server
b1 Cai g6i sau
amanda-Iibs-3.3.3-13.el7.x86 64
amanda-server-3.3.3-13.el7.x86_64
amanda-client-3.3.3-13.el7.x86 64
amanda-3.3.3-13.el7.x86_64
T�o thumvc
#mkdir /etc/amanda/ServerNetBackup
!!!!!!!1!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!1!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!5.,LS7
Phien Ban Thir Nghifm - L1111 Hanh N9i Bq
TRUNG TAM DAO T�O M�NG MAY TiNHNIIAT NGllt:
.....I.'1le't' D6I TAC BAO T�O CUA MICROSOFT T�I Vll:T NAM
"ftrJ:.
,.., _ 105 Ba Huy{ln Thanh Quan, Q3, TP. HCM Miclosoft· Partner
NHAT NGHe '3::-l:l Leaming
Tel: 39.322.734 - 39.322.735- Website: www.nhatnghe.com
to tape
index yes # Generate index. For restoration usage
}
define dumptype root-tar { # How to dump root's directory
global # Include global (as above)
program "GNUTAR" # Program name for compress
comment "root partitions dumped with tar''
compress none # No compress
index # Index this dump
priority low # Priority level
}
define dumptype user-tar { # How to dump user's directory
root-tar # Include root-tar (as above)
comment "user partitions dumped with tar''
priority medium # Priority level
}
define dumptype comp-user-tar { # How to dump & compress user's directory
user-tar # Include user-tar (as above)
compress client fast # Compress in client side with less CPU (fast)
}
I . We need to define what to backup in a file called disklist. As user amandabackup, create this file:
$ su - amandabackup
$ vim /etc/amanda/ServerNetBackup/disklist
may2.nhatnghe.com /ketoan comp-user-tar
$ exit
2. start service
#systemctl enable amanda.socket
#systemc�l start amanda.socket
"1
2. lfno error found, you can start the backup process immediately by running following command:
$ amdump ServerNetBackup
Or, we can automate this process using cronjob. Run fo11owing command as amandabackup user:
$ crontab -e
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!�is9
Phien Ban Thir Nghifm - Lmi Hanh Nqi Bl}
TRUN TA
q � f>AO T� M�G MAY TiNHNHA NGiq:
� !
...,,J'.'1ten, D6I TAC DAO T�O CUA MICROSOFT T�I vq:T NAM
. 71'1:'X Micn,solt-Partner
_ 105 Ba Huy�n Thanh Quan, Q3, TP. HCM
NHAT NGH� Tel: 39.322.734 - 39.322.735-Website: www.nhatn he.com t;;1;-.h� Leaming
g
45 0 * * 2-6 /usr/sbin/amdump ServerNetBackup
3. As root user, reload the crond service to activate this job:
# systemctl reload crond.service
II /central_backup/ServerNetBackup/slots/slot15
total 5364
-rw----- 1 amandabackup disk 32768 Jun 2 03:30 00000.ServerNetBackup-15
-rw--- 1 amandabackup disk 5456296 Jun 2 03:30
00001.may2.nhatnghe.com._ketoan.0
cont ServerNetBackup11
11 # your config name in Amanda server
-bash-4.2$11
total 10588
-rw-r-r- 1 amandabackup disk 0 Jun 9 2014 amandates
drwxr-xr-x 3 amandabackup disk 4096 May 31 04:06 DailySet1
drwxr-xr-x 2 amandabackup disk 4096 Jun 9 2014 gnutar-lists
-rw-----1 amandabackup disk 10823680 Jw, 2 04.29 may2.ni1c::1i11yi1t:1.w111._kt::iuc:111.2015u6u2033026.0
drwxr-xr-x 2 amandabackup disk 4096 Jun 1 04:36 perl5
-sh-3.2$ exit
Xem cac file dllQ'C ph1,1c hOi
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!�L61
Phien Ban Thfr Nghifm - Llfll Hanh Nqi Bq