Linux AS3綜合應用2_Linux_領測軟件測試網

Linux AS3綜合應用2

發表于：2007-07-04來源：作者：點擊數：標簽：

作者：白金網名：platinum（chinaunix）超超白金（白金論壇）
歡迎轉載，轉載請保留上述信息
===========================================================================
這兩天一直在研究AS3，初次使用，由RH73跨越到AS3，確實有很多東西不適應，配置方法也不太一樣，下面就我在安裝配置時出現的一些問題在這里說明一下

我的系統掛了MYSQL、PHP、APACHE2，做了SQUID和NAT、SAMBA、DHCP、SENDMAIL+SMTP認證、PROFTPD

7、做SQUID
我沿用的RH73的SQUID配置，但在AS3里卻遇到了問題
后來仔細看提示才發現，說找不到一個DNS SERVER，奇怪，我的ADSL撥號能PING通www.163.com啊
后來發現/etc/resvol.conf為空，我添加了一個DNS SERVER就行了
我的SQUID做了1000M容量，保存HTTP的1M大小以下的文件，這里就不細說如何配置SQUID了
另外別忘了在iptables里將80端口指向SQUID的端口，我的是默認的3128

8、DHCP
我仍然沿用RH73的dhcpd.conf，結果提示錯誤，服務無法啟動，后來發現需要加個參數

引用:

ddns-update-style ad-hoc;

我的配置文件如下

代碼:

ddns-update-style ad-hoc;
max-lease-time -1;
default-lease-time -1;
option subnet-mask 255.255.255.0;
option broadcast-address 255.255.255.255;
option routers 192.168.0.1;
option domain-name-servers 192.168.0.1,202.106.196.152;
option domain-name "platinum.3322.org";
subnet 192.168.0.0 netmask 255.255.255.0 {
range 192.168.0.2 192.168.0.100;

host platinum {
hardware ethernet 00:0a:e6:a9:64:a2;
fixed-address 192.168.0.2;
}

host bchyi {
hardware ethernet 00:80:c8:e4:c1:e4;
fixed-address 192.168.0.3;
filename "/tftpboot/pxelinux.0";
}
}

9、SAMBA
這個是最頭疼的，因為這個困惑了我半天的時間
最開始，我沿用RH73的配置文檔，發現網上鄰居能看見，卻無法訪問
我的配置文檔如下

代碼:

[global]
client code page = 936
workgroup = HOME
server string = Samba Server
security = USER
encrypt passwords = Yes
update encrypted = Yes
obey pam restrictions = Yes
pam password change = Yes
passwd program = /usr/bin/passwd %u
passwd chat = *New*password* %n\n *Retype*new*password* %n\n *passwd:*all*authentication*tokens*updated*suclearcase/" target="_blank" >ccessfully*
unix password sync = Yes
log file = /var/log/samba/%m.log
max log size = 0
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
wins proxy = Yes
wins support = Yes
remote announce = 192.168.0.255
remote browse sync = 192.168.0.255
create mask = 0777
directory mask = 0777
printing = lprng

[數據中心]
comment = DATACENTER
path = /share/DATACENTER
read only = No

于是我將security = DOMAIN改成了security = USER
結果發現能出來了，但是進去以后，英文目錄名沒問題，中文全是亂碼（大方框）
在RH73和RH9里百試百靈的，怎么在AS3里不行了？
于是我ssh，直接進入我的硬盤ls了一下，結果傻了，原來RH73看到的都是中文名字，現在變成了???等東西
……
經好好先生提醒，我想起來了，可能是和字符集有關系，于是補裝ttfonts-zh_CN庫，結果發現少裝了好多東西，關聯東西太多，無奈，又重新裝系統……

現在好了，ls，發現仍然是???，無奈，選擇默認字符集為GB2312，ls，沒事了！
/etc/rc.d/init.d/smb restart
回到網上鄰居，進入，發現仍然事亂碼！
看來和字符集沒關系，和SAMBA的配置有關系
testparm發現，client code page = 936這句話在AS3里并不好使，提示這句話錯誤
難道沒辦法顯示中文了？？？
找了N多資料，在一個老外的論壇了找到了正確配置方法（顯示中文的東西竟然在老外論壇里），用這兩句話替代：
dos charset=cp936
unix charset=cp936
現在SAMBA能用了，正確的配置文檔如下

代碼:

[global]
dos charset=cp936
unix charset=cp936
workgroup = HOME
server string = Samba Server
security = USER
encrypt passwords = Yes
update encrypted = Yes
obey pam restrictions = Yes
pam password change = Yes
passwd program = /usr/bin/passwd %u
passwd chat = *New*password* %n\n *Retype*new*password* %n\n *passwd:*all*authentication*tokens*updated*successfully*
unix password sync = Yes
log file = /var/log/samba/%m.log
max log size = 0
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
wins proxy = Yes
wins support = Yes
remote announce = 192.168.0.255
remote browse sync = 192.168.0.255
create mask = 0777
directory mask = 0777
printing = lprng

[數據中心]
comment = DATACENTER
path = /share/DATACENTER
read only = No

注意：cp936是微軟的磁盤系統中文標準，而gb2312是中國國家中文標準，二者略有不同，在LINUX中使用cp936能更好地與中文磁盤格式兼容

10、PROFTPD
這個對我來說是輕車熟路了，裝了個1.2.9（最高版本，目前沒漏洞），編譯好
直接把配置文檔貼出來吧

代碼:

# This is a basic ProFTPD configuration file (rename it to
# 'proftpd.conf' for actual use. It establishes a single server
# and a single anonymous login. It assumes that you have a user/group
# "nobody" and "ftp" for normal operation and anon.

ServerType standalone
DefaultServer on
AllowRetrieveRestart on
AllowOverwrite on
AllowStoreRestart on
ServerIdent on "Welcome to PLATINUM's FTP !"
DefaultRoot ~
DisplayLogin .welcome
DisplayFirstChdir .message
UseReverseDNS off
IdentLookups off
SystemLog /var/log/ftp.syslog
TransferLog /var/log/ftp.transferlog
TransferRate RETR 20 group hMovie

# MaxClientsPerUser 10 "已超過最大上限 10 個guest用戶，請少后再試！"
# MaxClientsPerHost 4

# Port 21 is the standard FTP port.
Port 21

# Umask 022 is a good standard umask to prevent new dirs and files
# from being group and world writable.
Umask 002

# To prevent DoS attacks, set the maximum number of child processes
# to 30. If you need to allow more than 30 concurrent connections
# at once, simply increase this value. Note that this ONLY works
# in standalone mode, in inetd mode you should use an inetd server
# that allows you to limit maximum number of processes per service
# (such as xinetd).
MaxInstances 30

# Set the user and group under which the server will run.
User nobody
Group nobody

# Normally, we want files to be overwriteable.
<Directory />
AllowOverwrite on
</Directory>

<Directory /share/DATACENTER/電影>
<Limit RNFR DELE WRITE>
DenyGroup hMovie
</Limit>
</Directory>

<Anonymous ~guest>
User guest
Group ftp
AllowOverwrite on
AllowRetrieveRestart on
AllowStoreRestart on
TransferRate RETR 10
# MaxClientsPerUser 30 "已超過最大上限 30 個guest用戶，請少后再試！"
# MaxClientsPerHost 4

<Directory /share/ftp/上傳目錄>
Umask 000
<Limit RNFR DELE RETR>
DenyAll
</Limit>
</Directory>
</Anonymous>

11、網絡安全問題
服務架好了，網絡安全不容忽視
這是我的“反彈式”防火墻

代碼:

#! /bin/bash
/sbin/modprobe ip_conntrack_ftp
/sbin/modprobe ip_nat_ftp
/sbin/iptables -F -t filter
/sbin/iptables -F -t nat
/sbin/iptables -P INPUT ACCEPT
/sbin/iptables -P OUTPUT ACCEPT
/sbin/iptables -P FORWARD ACCEPT
/sbin/iptables -t nat -P PREROUTING ACCEPT
/sbin/iptables -t nat -P POSTROUTING ACCEPT
/sbin/iptables -t nat -P OUTPUT ACCEPT

# ALLOW ALL in PRIVATE NET
/sbin/iptables -A INPUT -i lo -j ACCEPT
/sbin/iptables -A INPUT -i eth1 -j ACCEPT

# FTP
/sbin/iptables -A INPUT -m limit --limit 100/s --limit-burst 100 -p tcp --dport 21 -j ACCEPT

# SSH & TELNET
/sbin/iptables -A INPUT -p tcp --dport 22 -j ACCEPT

# MAIL
/sbin/iptables -A INPUT -p tcp --dport 25 -j ACCEPT
/sbin/iptables -A INPUT -p tcp --dport 110 -j ACCEPT

# VPN
#/sbin/iptables -A INPUT -p tcp --dport 1723 -j ACCEPT
#/sbin/iptables -A INPUT -p gre -j ACCEPT

# WWW
/sbin/iptables -A INPUT -m limit --limit 100/s --limit-burst 100 -p tcp --dport 80 -j ACCEPT

# MYSQL
# /sbin/iptables -A INPUT -p tcp --dport 3306 -j ACCEPT

# SOCKS5
# /sbin/iptables -A INPUT -p tcp --dport 8039 -j ACCEPT

# ICMP(PING)
/sbin/iptables -A INPUT -p icmp --icmp-type echo-request -j REJECT
/sbin/iptables -A INPUT -p icmp --icmp-type ! echo-request -j ACCEPT

# NAT
/sbin/iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -j MASQUERADE

# DNAT SQL-SERVER & RADMIN to PRIVATE NET
/sbin/iptables -A PREROUTING -t nat -p tcp -s ! 192.168.0.0/24 --dport 4899 -j DNAT --to 192.168.0.2:4899
/sbin/iptables -A PREROUTING -t nat -p tcp -s ! 192.168.0.0/24 --dport 5000 -j DNAT --to 192.168.0.3:4899
iptables -t nat -A PREROUTING -p tcp -m tcp -s 192.168.0.0/24 --dport 80 -j DNAT --to 192.168.0.1:3128

# DENY OTHERS
/sbin/iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
/sbin/iptables -A INPUT -j MIRROR

終于寫完了，不容易，這17小時沒白費！

原文轉自：http://www.kjueaiud.com

軟件測試 > 測試開發技術 > 軟件測試環境搭建 > Unix系統 > Linux >