|
NGNG・・・EM-mode OKOK・・・NAS Linux
# echo -n 'OKOK' > /dev/fl3
ワークグループ名 | workgroup |
ホスト名 | kuro-box |
IPアドレス | DHCPによる自動取得 |
# cd /mnt/share # tar xzf debian-sarge-2.6.17.3-kuroHG-20060702.tgz # rm debian-sarge-2.6.17.3-kuroHG-20060702.tgz
127.0.0.1 localhost 192.168.1.201 KURO-BOX ← [使用環境に合わせて変更]
# /etc/hosts.allow: list of hosts that are allowed to access the system. # See the manual pages hosts_access(5), hosts_options(5) # and /usr/doc/netbase/portmapper.txt.gz # # Example: ALL: LOCAL @some_netgroup # ALL: .foobar.edu EXCEPT terminalserver.foobar.edu # # If you're going to protect the portmapper use the name "portmap" for the # daemon name. Remember that you can only use the keyword "ALL" and IP # addresses (NOT host or domain names) for the portmapper. See portmap(8) # and /usr/doc/portmap/portmapper.txt.gz for further information. # ALL : 127.0.0.1 ALL : ALL ← [全ての端末からログイン可能とする]
nameserver 192.168.1.1 ← [使用環境に合わせて変更]
# Used by ifup(8) and ifdown(8). See the interfaces(5) manpage or # /usr/share/doc/ifupdown/examples for more information. iface eth0 inet static address 192.168.1.201 ← [使用環境に合わせて変更] network 192.168.1.0 ← [使用環境に合わせて変更] netmask 255.255.255.0 broadcast 192.168.1.255 ← [使用環境に合わせて変更] gateway 192.168.1.1 ← [使用環境に合わせて変更] iface lo inet loopback auto eth0 lo
# cd /mnt/share # tar cvzf /tmpimage.tgz .
# cd / # chmod 777 mkfs.sh # ./mkfs.shこの操作でパーティションが切り直されます。 80GB HDD のパーティションは以下のようになります。 80GB 以外の HDD を使用する場合は、mkfs.dat を編集して「+60000M」「+512M」を適宜変更してください。 「+60000M」が /mnt の容量、「+512M」が swap の容量になり、それ以外が /mnt2 に割り当てられます。
/dev/hda1 /mnt 60.0GB /dev/hda2 swap 0.5GB /dev/hda3 /mnt2 19.5GB
# cd /mnt # tar xzf tmpimage.tgz # rm tmpimage.tgz
# echo -n 'OKOK' > /dev/fl3 # reboot
# aptitude update # aptitude upgrade
# dpkg -i webmin_1.345_all.deb
# aptitude install postfix
# aptitude purge emacs21 emacs21-bin-common emacs21-common emacssen-common mew-beta mew-beta-bin
# See /usr/share/postfix/main.cf.dist for a commented, more complete version # Debian specific: Specifying a file name will cause the first # line of that file to be used as the name. The Debian default # is /etc/mailname. #myorigin = /etc/mailname smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU) biff = no # appending .domain is the MUA's job. append_dot_mydomain = no # Uncomment the next line to generate "delayed mail" warnings #delay_warning_time = 4h # TLS parameters smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key smtpd_use_tls=yes smtpd_tls_session_cache_database = btree:${queue_directory}/smtpd_scache smtp_tls_session_cache_database = btree:${queue_directory}/smtp_scache # See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for # information on enabling SSL in the smtp client. myhostname = nice.kaze.com alias_maps = hash:/etc/aliases alias_database = hash:/etc/aliases mydestination = nice.kaze.com, localhost.localdomain, , localhost relayhost = mynetworks = 127.0.0.0/8 mailbox_size_limit = 0 recipient_delimiter = + inet_interfaces = all
# See /usr/share/postfix/main.cf.dist for a commented, more complete version # Debian specific: Specifying a file name will cause the first # line of that file to be used as the name. The Debian default # is /etc/mailname. myorigin = $mydomain smtpd_banner = $myhostname ESMTP biff = no # appending .domain is the MUA's job. append_dot_mydomain = no # Uncomment the next line to generate "delayed mail" warnings #delay_warning_time = 4h # TLS parameters smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key smtpd_use_tls=yes smtpd_tls_session_cache_database = btree:${queue_directory}/smtpd_scache smtp_tls_session_cache_database = btree:${queue_directory}/smtp_scache # See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for # information on enabling SSL in the smtp client. # for nice.kaze.com, test (2007-08-11) mydomain = nice.kaze.com myhostname = nice.kaze.com # for kita3.net (2007-08-11) #mydomain = kita3.net #myhostname = kita3.net alias_maps = hash:/etc/aliases alias_database = hash:/etc/aliases mydestination = $myhostname, $mydomain, localhost.$mydomain, localhost relayhost = mynetworks = 127.0.0.0/8 mailbox_size_limit = 0 message_size_limit = 2000000 recipient_delimiter = + inet_interfaces = all # Maildir 形式にする home_mailbox = Maildir/ # ML のための設定 (2007-06-30) allow_mail_to_commands = alias,forward,include # メールボックスへの配信は全て procmail を使う # なぜか Maildir 形式の時は上手く起動しなかった。よって、各ユーザの .forward # から procmail を起動することにし、メール転送は .procmailrc で行うことにす # る。 (2007-07-08) #mailbox_command = /usr/bin/procmail # POP before SMTP (IMAP before SMTP) の設定 smtpd_recipient_restrictions = permit_mynetworks, reject_non_fqdn_recipient, check_client_access hash:/etc/postfix/pop-before-smtp, reject_unauth_destination ##### OP25B 対策:プロバイダの代理 SMTP サーバからメール送信できるようにします ##### (2007-08-11) # nice.kaze.com サーバではこの対策不要。kita3.net サーバではこの対策を行う。 # プロバイダから指定されているSMTPサーバ名を [ ] 内に記述する。 # relayhost = [mail.example.com]:587 とすると、Submission ポートへも転送できる。 #relayhost = msagw.biglobe.ne.jp # Postfix SMTP クライアントの SASL 認証を有効にする。 #smtp_sasl_auth_enable = yes # SMTP クライアント検索テーブルを指定 #smtp_sasl_password_maps = hash:/etc/postfix/isp_password # Postfix SMTP クライアントで使うことが許される認証メカニズムを指定 # plain 認証のため anonymous のみ不可とする。 #smtp_sasl_security_options = noanonymous # SASL メカニズムを指定 #smtp_sasl_mechanism_filter = plain, login ##### ここから下は SPAM メール対策です ##### # EXPN/VRFYコマンドを拒否する(telnetによるアカウント漏洩拒否) #disable_vrfy_command = yes # 明示したドメインをFROM行に持たないメールは拒否する #smtpd_sender_restriction = reject_non_fqdn_sender # reject_unknown_sender_domain # permit # MAILコマンドの前にHELO(EHLO)コマンドを要求 #smtpd_helo_required = yes # PTRレコードのないアドレスからの受信を拒否する #smtpd_client_restrictions = permit_mynetworks # reject_unknown_client # ヘッダチェック(怪しいヘッダ付きメールを拒否する設定) #header_checks = regexp:/etc/postfix/header_checks # メール本文でチェック(怪しい文字列を拒否する) #body_checks = regexp :/etc/postfix/body_checks
Maildir/ --+-- new/ | +-- cur/ | +-- tmp/ | +-- .Spam/ --+-- new/ | +-- cur/ | +-- tmp/
# Please do not change it! "|IFS=' ' && exec /usr/bin/procmail -f- || exit 75 #~/Maildir/"
:0 c # Mail forwarding ! aaa@bbb.net ccc@ddd.com eee@fff.co.jp
# aptitude install procmail
# パスを設定 PATH=/bin:/usr/bin:/usr/local/bin # メールボックスの設定 MAILDIR=$HOME/Maildir DEFAULT=$MAILDIR/ SPAM=$MAILDIR/.spam/ # Procmail のログファイル出力先を指定 LOGFILE=$MAILDIR/procmail.log # ロックファイルのパスを指定 #LOCKFILE=$HOME/.lockmail # メールヘッダ中に X-Spam-*** の記述がなければ spamc (spamassassin) を # 起動する。(2007-07-08) #:0fw #spamc チェックを止める (2013-12-15) #*!^X-Spam.* #全てのメールをチェックする (2010-06-13) #|spamc #spamc チェックを止める (2013-12-15) # メールヘッダ中に X-Spam-Status: Yes の記述があれば、.Spam ディレクトリに # メールを格納する #:0 #spamc チェックを止める (2013-12-15) #* ^X-Spam-Status: Yes #spamc チェックを止める (2013-12-15) #$MAILDIR/.Spam/ #spamc チェックを止める (2013-12-15)
/home/*/Maildir/procmail.log { weekly rotate 4 missingok create 666 root mail }
# aptitude install spamassassin
# /etc/default/spamassassin # Duncan Findlay # WARNING: please read README.spamd before using. # There may be security risks. # Change to one to enable spamd ENABLED=1 # Options # See man spamd for possible options. The -d option is automatically added. # SpamAssassin uses a preforking model, so be careful! You need to # make sure --max-children is not set to anything higher than 5, # unless you know what you're doing. OPTIONS="--create-prefs --max-children 5 --helper-home-dir" # Pid file # Where should spamd write its PID to file? If you use the -u or # --username option above, this needs to be writable by that user. # Otherwise, the init script will not be able to shut spamd down. PIDFILE="/var/run/spamd.pid" # Set nice level of spamd #NICE="--nicelevel 15"
#! /bin/sh # スパムメールの学習 /usr/bin/sa-learn --spam /home/*/Maildir/.Spam/new /usr/bin/sa-learn --spam /home/*/Maildir/.Spam/cur # 通常のメールを学習 /usr/bin/sa-learn --ham /home/*/Maildir/new /usr/bin/sa-learn --ham /home/*/Maildir/cur # スパムメール保存ディレクトリの中身を強制的に消去 /bin/rm -f /home/*/Maildir/.Spam/new/* /bin/rm -f /home/*/Maildir/.Spam/cur/*
# aptitude install dovecot
# aptitude search dovecot v dovecot - v dovecot-common - secure mail server that supports mbox and v dovecot-imapd - secure IMAP server that supports mbox and v dovecot-pop3d - secure POP3 server that supports mbox and
# aptitude install dovecot-common dovecot-imapd dovecot-pop3d
protocols = imap pop3 imaps pop3s listen = * log_timestamp = "%Y-%m-%d %H:%M:%S " ssl_listen = * ssl_disable = yes mail_extra_groups = mail auth default { mechanisms = plain user = root } default_mail_env = maildir:~/Maildir
# aptitude install pop-before-smtp
# aptitude install libtimedate-perl libnet-netmask-perl libberkeleydb-perl
/usr/sbin/pop-before-smtp ・・・ pop-before-smtp 本体 /etc/init.d/pop-before-smtp ・・・ pop-before-smtp 起動/停止スクリプト /etc/pop-before-smtp/pop-before-smtp.conf ・・・ pop-before-smtp 設定ファイル /etc/pop-before-smtp/ip-blocking-conf.pl
# Override the DB hash file we will create/update (".db" gets appended). #$dbfile = '/var/lib/pop-before-smtp/hosts'; $dbfile = '/etc/postfix/pop-before-smtp';
# A 30-minute grace period before the IP address is expired. $grace = 10*60;
# Set the log file we will watch for pop3d/imapd records. $file_tail{'name'} = '/var/log/mail.log';
# For Dovecot POP3/IMAP when using syslog. #$pat = '^[LOGTIME] \S+ (?:dovecot: )?(?:imap|pop3)-login: ' . # 'Login: .*? (?:\[|rip=)[:f]*(\d+\.\d+\.\d+\.\d+)[],]'; #$out_pat = '^[LOGTIME] \S+ (?:dovecot: )?(?:imap|pop3)-login: ' . # 'Disconnected.*? (?:\[|rip=)[:f]*(\d+\.\d+\.\d+\.\d+)[],]'; #May 16 23:00:20 nice dovecot: pop3-login: Login: user=, method=PLAIN, rip=192.168.1.53, lrip=192.168.1.201 $pat = '^(... .. ..:..:..) \S+ (?:dovecot: )?(?:imap|pop3)-login: Login: \S+ \S+ rip=(\d+\.\d+\.\d+\.\d+)';
#====================== Postfix BerkeleyDB =======================START= # If you comment-out (or remove) the two surrounding =cut lines, we'll use # BerkeleyDB instead of DB_File. use BerkeleyDB; #$mynet_func = \&mynet_postfix; # Use the default $tie_func = \&tie_BerkeleyDB; $sync_func = \&sync_BerkeleyDB; $flock = 0; my $dbh; # We must tie the global %db using the global $dbfile. Also sets $dbh for # our sync function. sub tie_BerkeleyDB { $dbh = tie %db,'BerkeleyDB::Hash',-Filename=>"$dbfile.db",-Flags=>DB_CREATE or die "$0: cannot dbopen $dbfile: $!\n"; } sub sync_BerkeleyDB { $dbh->db_sync and die "$0: sync $dbfile: $!\n"; } #====================== Postfix BerkeleyDB =========================END=
# POP before SMTP (IMAP before SMTP) の設定 smtpd_recipient_restrictions = permit_mynetworks, reject_non_fqdn_recipient, check_client_access hash:/etc/postfix/pop-before-smtp, reject_unauth_destination
# Set $debug to output some extra log messages (if logging is enabled). $debug = 1; #$logto = '-'; # Log to stdout. $logto = '/var/log/pop-before-smtp';
# /etc/init.d/pop-before-smtp restart Stopping pop-before-smtp: done. Starting pop-before-smtp: done. #
May 19 07:40:35 starting up May 19 07:40:35 Using 1 value for pre-authorized networks: `127.0.0.0/8' May 19 07:40:41 startup log-scan complete May 19 07:43:49 found ip=192.168.1.8 (0) May 19 07:43:49 setting expiration time for ip=192.168.1.8 to 1179528823 May 19 07:43:49 added 192.168.1.8 to DB
May 19 07:40:35 starting up May 19 07:40:35 Using 1 value for pre-authorized networks: `127.0.0.0/8' May 19 07:40:41 startup log-scan complete May 19 07:43:49 found ip=192.168.1.8 (0) May 19 07:43:49 setting expiration time for ip=192.168.1.8 to 1179528823 May 19 07:43:49 added 192.168.1.8 to DB May 19 07:59:55 removed 192.168.1.8 from DB
RCPT TO:554 5.7.1 : Relay access denied
# Set $debug to output some extra log messages (if logging is enabled). #$debug = 1; #$logto = '-'; # Log to stdout. #$logto = '/var/log/pop-before-smtp';
# ========================================================================== # service type private unpriv chroot wakeup maxproc command + args # (yes) (yes) (yes) (never) (100) # ========================================================================== smtp inet n - n - - smtpd submission inet n - - - - smtpd
# [ISP の代替 SMTP サーバ名] [ISP のアカウント:ISP のパスワード] mail.example.com isp_acount:isp_password
# postmap /etc/postfix/isp_password
# プロバイダから指定されているSMTPサーバ名を [ ] 内に記述する。 # relayhost = [mail.example.com]:587 とすると、Submission ポートへも転送できる。 relayhost = [mail.example.com] # Postfix SMTP クライアントの SASL 認証を有効にする。 smtp_sasl_auth_enable = yes # SMTP クライアント検索テーブルを指定 smtp_sasl_password_maps = hash:/etc/postfix/isp_password # Postfix SMTP クライアントで使うことが許される認証メカニズムを指定 # plain 認証のため anonymous のみ不可とする。 smtp_sasl_security_options = noanonymous # SASL メカニズムを指定 smtp_sasl_mechanism_filter = plain, login
# aptitude install ncompress (メッセージは省略) # aptitude install sharutils (メッセージは省略)
$ cd /home/www-kun $ tar -xzvf CML-4.1-Release.tar.gz (メッセージは省略) $ mv CML-4.1-Release CML $ mv CML-4.1-Release.tar.gz CML
$ cd /home/www-kun/CML $ ./Configure (メッセージは省略) Enter awk command path. [/usr/bin/awk] Enter grep command path. [/bin/grep] (メッセージは省略) Enter domain name. [nice.kaze.com] Do you want to install cmas ? [y] Enter install directory. [/usr/local/etc/cml] Enter spool directory. [/usr/local/etc/cml] Do you want to execute 'make install' ? [n]
# cd /home/www-kun/CML # make install *** Start install *** (メッセージは省略) *** End install *** ***** Attention ***** If you can edit /etc/rc or other system initial files, insert '/usr/local/etc/cml/rc.cml' before starting sendmail.
# cd /usr/local/etc/cml # ./addml inettomo *** Make mailing list entry tool (addml version 4.1-Release) *** *** End of make mailing list entry *** Add this entry to /etc/aliases, and exec 'newaliases' command. ============================================================== inettomo-request: 'E-mail address of inettomo ML admin.' inettomo: :include:/usr/local/etc/cml/exe/inettomo inettomo-control: :include:/usr/local/etc/cml/exe/inettomo-control inettomo-dist: :include:/usr/local/etc/cml/inettomo/inettomo-list inettomo-digest-dist: :include:/usr/local/etc/cml/inettomo/inettomo-digest
# cd /usr/local/etc/cml # ./setadmin inettomo dareka@dokoka.com Adding new admin ... Done. ** Information ** You can exchange inettomo-request entry in /etc/aliases. -> inettomo-request: :include:/usr/local/etc/cml/inettomo/inettomo-admins
inettomo-request: :include:/usr/local/etc/cml/inettomo/inettomo-admins inettomo: :include:/usr/local/etc/cml/exe/inettomo inettomo-control: :include:/usr/local/etc/cml/exe/inettomo-control inettomo-dist: :include:/usr/local/etc/cml/inettomo/inettomo-list inettomo-digest-dist: :include:/usr/local/etc/cml/inettomo/inettomo-digest
allow_mail_to_commands = alias, forward, include
# chown -R postfix /usr/local/etc/cml
ARCHIVE=DO KEEP=1000 ACCESSFREE=DONT GENERICFROM= REPLYSW=1 REPLYTO= SUBSTYLE=4 OTHERNAME= FIGURE=5 NOTMEMBER=3 GENERIC=DONT ADMINONLY=DONT UNIXFROM= COUNT=DONT MLNAME=DONT XHEADERS= SENDER= PRECEDENCE= AUTOADD=DO DGSTAPPEND=DONT AUTOMSG=DONT DLVMSG=DONT DIGESTMAX= DIGESTLEN= CMDSUB=DONT CMLDMAXLINE= CMLDMAXBYTE= MAXORGWITH= LISTLIMIT= GETLIMIT= MESSAGES= ERRORLOG=DO ASLOGLEVEL=0 GETADLOG=DONT STATIC= CONFIRM=DONT USECHECK=DO USEMEMBER=DO MEMBMSG=1
名前: CML-clear-Lock 説明: CML のロックファイルをクリアする 起動コマンド: /usr/local/etc/cml/rc.cml 起動時に開始しますか?: はい
# cd /usr/local/src # tar zxvf httpd-2.2.4.tar.gz
# cd /usr/local/src/httpd-2.2.4 # ./configure --enable-so # make # make install
# /usr/local/apache2/bin/apachectl startちなみに、apachectl はパラメータによって以下の動作をさせることができます。
start | apache 起動 |
stop | apache 停止 |
restart | apache 再起動 |
fullstatus | mod_status モジュールが有効になっていて、かつ httpd.conf に設定がしてあれば状態を表示
CUI でログインしてる時に見たいなら別途テキストベースのブラウザが必要 |
status | fullstatus と同じ(上の方がちょっとだけ詳しい) |
graceful | apache が停止しているなら起動
apache が起動しているなら、処理中のリクエストの完結を待って apache 再起動 |
graceful-stop | 処理中のリクエストの完結を待って apache 停止 |
configtest | 設定ファイル適用のテスト
正しければ「Syntax OK」、間違いがあれば教えてくれる |
startssl | apache を SSL を有効にして起動 |
# groupadd apache # useradd -g apache apache
# cd /usr/local/apache2/conf # cp -p httpd.conf httpd.conf#
<IfModule !mpm_netware_module> # # If you wish httpd to run as a different user or group, you must run # httpd as root initially and it will switch. # # User/Group: The name (or #number) of the user/group to run httpd as. # It is usually good practice to create a dedicated user and group for # running httpd, as with most system services. # User apache Group apache </IfModule> (省略) # # ServerAdmin: Your address, where problems with the server should be # e-mailed. This address appears on some server-generated pages, such # as error documents. e.g. admin@your-domain.com # ServerAdmin webmaster@localhost # # ServerName gives the name and port that the server uses to identify itself. # This can often be determined automatically, but we recommend you specify # it explicitly to prevent problems during startup. # # If your host doesn't have a registered DNS name, enter its IP address here. # # for nice.kaze.com, test (2007-08-11) ServerName nice.kaze.com # for kita3.net (2007-08-11) #ServerName kita3.net (省略) # Supplemental configuration # # The configuration files in the conf/extra/ directory can be # included to add extra features or to modify the default configuration of # the server, or you may simply copy their contents here and change as # necessary. # Server-pool management (MPM specific) #Include conf/extra/httpd-mpm.conf # Multi-language error messages #Include conf/extra/httpd-multilang-errordoc.conf # Fancy directory listings #Include conf/extra/httpd-autoindex.conf # Language settings #Include conf/extra/httpd-languages.conf # User home directories Include conf/extra/httpd-userdir.conf # Real-time info on requests and configuration #Include conf/extra/httpd-info.conf # Virtual hosts #Include conf/extra/httpd-vhosts.conf # Local access to the Apache HTTP Server Manual #Include conf/extra/httpd-manual.conf # Distributed authoring and versioning (WebDAV) #Include conf/extra/httpd-dav.conf # Various default settings #Include conf/extra/httpd-default.conf (省略) <IfModule mime_module> # # TypesConfig points to the file containing the list of mappings from # filename extension to MIME-type. # TypesConfig conf/mime.types # # AddType allows you to add to or override the MIME configuration # file specified in TypesConfig for specific file types. # #AddType application/x-gzip .tgz # # AddEncoding allows you to have certain browsers uncompress # information on the fly. Note: Not all browsers support this. # #AddEncoding x-compress .Z #AddEncoding x-gzip .gz .tgz # # If the AddEncoding directives above are commented-out, then you # probably should define those extensions to indicate media types: # AddType application/x-compress .Z AddType application/x-gzip .gz .tgz # # AddHandler allows you to map certain file extensions to "handlers": # actions unrelated to filetype. These can be either built into the server # or added with the Action directive (see below) # # To use CGI scripts outside of ScriptAliased directories: # (You will also need to add "ExecCGI" to the "Options" directive.) # AddHandler cgi-script .cgi AddHandler cgi-script .pl # For type maps (negotiated resources): #AddHandler type-map var # # Filters allow you to process content before it is sent to the client. # # To parse .shtml files for server-side includes (SSI): # (You will also need to add "Includes" to the "Options" directive.) # AddType text/html .shtml AddType text/html .html AddHandler server-parsed .shtml AddHandler server-parsed .html #AddOutputFilter INCLUDES .shtml </IfModule> (省略) # Secure (SSL/TLS) connections #Include conf/extra/httpd-ssl.conf # # Note: The following must must be present to support # starting without SSL on platforms with no /dev/random equivalent # but a statically compiled-in mod_ssl. # <IfModule ssl_module> SSLRandomSeed startup builtin SSLRandomSeed connect builtin </IfModule> AddDefaultCharset shift_jis ServerTokens Prod ServerSignature Offちなみに、最後から3行目は文字化け対策です。 nice.kaze.com でのコンテンツ文字はシフトJISを使っているので、デフォールトとしました。 次からの2行は余計な情報(OSの種別とか)を HTML ヘッダに載せない設定です。(セキュリティ向上)
# Settings for user home directories # # Required module: mod_userdir # # UserDir: The name of the directory that is appended onto a user's home # directory if a ~user request is received. Note that you must also set # the default access control for these directories, as in the example below. # UserDir public_html # # Control access to UserDir directories. The following is an example # for a site where these directories are restricted to read-only. # <Directory /home/*/public_html> AllowOverride FileInfo AuthConfig Limit Options MultiViews Indexes SymLinksIfOwnerMatch <Limit GET POST OPTIONS PROPFIND> Order allow,deny Allow from all </Limit> <LimitExcept GET POST OPTIONS PROPFIND> Order deny,allow Deny from all </LimitExcept> </Directory> <Directory "/home/www-kun/public_html"> AllowOverride FileInfo AuthConfig Limit Options MultiViews SymLinksIfOwnerMatch Includes ExecCGI <Limit GET POST OPTIONS PROPFIND> Order allow,deny Allow from all </Limit> <LimitExcept GET POST OPTIONS PROPFIND> Order deny,allow Deny from all </LimitExcept> </Directory>設定にある Options パラメータの意味は次の通りです。
# cd /usr/local/apache2 # mv htdocs htdocs# # ln -s /home/www-kun/public_html htdocs
# # This should be changed to whatever you set DocumentRoot to. # <Directory "/usr/local/apache2/htdocs"> AllowOverride FileInfo AuthConfig Limit Options MultiViews SymLinksIfOwnerMatch Includes ExecCGI <Limit GET POST OPTIONS PROPFIND> Order allow,deny Allow from all </Limit> <LimitExcept GET POST OPTIONS PROPFIND> Order deny,allow Deny from all </LimitExcept> </Directory>
#! /bin/sh # /usr/local/apache2/bin/apachectl $1
# aptitude install proftpd
ServerName "FTP server" DefaultServer on Port 21 Umask 022 User nobody Group nogroup MaxHostsPerUser 2 ListOptions "-a" <Global> DefaultTransferMode binary IdentLookups off MaxClientsPerHost 2 DefaultRoot ~ DeleteAbortedStores on HiddenStor on ShowSymlinks on LoginPasswordPrompt on AllowOverwrite on WtmpLog off RootLogin off RequireValidShell on UseFtpUsers on MaxLoginAttempts 1 ServerIdent on "FTP server ready" DeferWelcome on TransferLog /var/log/proftpd/xferlog </Global> ServerType inetd UseReverseDNS off TimesGMT off MaxInstances 30 SystemLog /var/log/proftpd/proftpd.log
# aptitude install samba
# Samba config file [global] smb passwd file = /etc/samba/smbpasswd display charset = eucJP server string = Samba %h dos charset = CP932 workgroup = workgroup os level = 20 username map = /etc/samba/smbusers encrypt passwords = yes hosts allow = all security = user unix charset = eucJP [share] writeable = yes path = /mnt/share force directory mode = 0700 force group = nogroup force create mode = 0700 create mask = 0700 force user = nobody directory mask = 0700 valid users = nobody
nobody = dareka
# rm -f /etc/samba/smbpasswd # smbpasswd -a nobody New SMB password: ******** Retype new SMB password: ******** startsmbfilepwent_internal: file /etc/samba/smbpasswd did not exist. File successfully created. Added user smbuser.ちなみに、既に設定したパスワードを変更する場合は、以下の操作をします。
# smbpasswd nobody New SMB password: ******** Retype new SMB password: ********
# chown nobody /mnt/share # chgrp nogroup /mnt/share
# aptitude install openssh
# aptitude install ntpdate
# which ntpdate /usr/sbin/ntpdate
/usr/sbin/ntpdate -s ntp.nict.jp 2>&1
# aptitude install wget
# which wget /usr/bin/wget
PermitRootLogin no
# # The PAM configuration file for the Shadow `su' service # # This allows root to su without passwords (normal operation) auth sufficient pam_rootok.so # Uncomment this to force users to be a member of group root # before they can use `su'. You can also add "group=foo" # to the end of this line if you want to use a group other # than the default "root" (but this may have side effect of # denying "root" user, unless she's a member of "foo" or explicitly # permitted earlier by e.g. "sufficient pam_rootok.so"). # (Replaces the `SU_WHEEL_ONLY' option from login.defs) auth required pam_wheel.so group=wheel
スーパーユーザ | あり | あり | root になれるユーザ |
www-kun | あり | なし | 公開サービスを担当するユーザ |
一般ユーザ | なし | なし | シェルを持たないが、パスワード変更のみ可能。ftp ログイン可能。 |
# ls -al /etc/skel total 24 drwxr-xr-x 4 root root 4096 Jul 14 20:00 . drwxr-xr-x 63 root root 4096 Jul 13 23:52 .. -rw-r--r-- 1 root root 91 Jul 8 15:50 .forward -rw-r--r-- 1 root root 63 Jul 8 15:52 .procmailrc# drwx------ 2 root root 4096 Jul 14 20:21 .spamassassin drwx------ 6 root root 4096 Jul 8 15:47 Maildir
# cat /etc/skel/.forward # Please do not change it! "|IFS=' ' && exec /usr/bin/procmail -f- || exit 75 #~/Maildir/"
# cat /etc/skel/.procmailrc# :0 c # Mail forwarding ! aaa@bbb.net ccc@ddd.com eee@fff.co.jp
# ls -al /etc/skel/.spamassassin/ total 12 drwx------ 2 root root 4096 Jul 14 20:21 . drwxr-xr-x 4 root root 4096 Jul 14 20:00 .. -rw-r--r-- 1 root root 1487 Jul 14 20:00 user_prefs
# cat /etc/skel/.spamassassin/user_prefs # SpamAssassin user preferences file. See 'perldoc Mail::SpamAssassin::Conf' # for details of what can be tweaked. ########################################################################### # How many points before a mail is considered spam. # required_score 5 # Whitelist and blacklist addresses are now file-glob-style patterns, so # "friend@somewhere.com", "*@isp.com", or "*.domain.net" will all work. # whitelist_from someone@somewhere.com # Add your own customised scores for some tests below. The default scores are # read from the installed spamassassin rules files, but you can override them # here. To see the list of tests and their default scores, go to # http://spamassassin.apache.org/tests.html . # # score SYMBOLIC_TEST_NAME n.nn # Speakers of Asian languages, like Chinese, Japanese and Korean, will almost # definitely want to uncomment the following lines. They will switch off some # rules that detect 8-bit characters, which commonly trigger on mails using CJK # character sets, or that assume a western-style charset is in use. # # score HTML_COMMENT_8BITS 0 # score UPPERCASE_25_50 0 # score UPPERCASE_50_75 0 # score UPPERCASE_75_100 0 # score OBSCURED_EMAIL 0 # Speakers of any language that uses non-English, accented characters may wish # to uncomment the following lines. They turn off rules that fire on # misformatted messages generated by common mail apps in contravention of the # email RFCs. # score SUBJ_ILLEGAL_CHARS 0
# ls -al Maildir/ total 24 drwx------ 6 root root 4096 Jul 8 15:47 . drwxr-xr-x 4 root root 4096 Jul 14 20:00 .. drwx------ 5 root root 4096 Jul 8 15:47 .Spam drwx------ 2 root root 4096 May 14 21:01 cur drwx------ 2 root root 4096 May 14 21:01 new drwx------ 2 root root 4096 May 14 21:01 tmp
# ls -al Maildir/.Spam/ total 20 drwx------ 5 root root 4096 Jul 8 15:47 . drwx------ 6 root root 4096 Jul 8 15:47 .. drwx------ 2 root root 4096 Jul 8 15:47 cur drwx------ 2 root root 4096 Jul 8 15:47 new drwx------ 2 root root 4096 Jul 8 15:47 tmp
exsample.sh > /dev/null 2>&1
# crontab -e MAILTO=""
#!/bin/sh wget -O - 'http://dyn.value-domain.com/cgi-bin/dyn.fcg?d=kita3.net&p=[password-1]&h=@&i=' wget -O - 'http://ieserver.net/cgi-bin/dip.cgi?username=celeron&domain=dip.jp&password=[password-2]&updatehost=1'
/usr/local/bin/ddns-update.sh > /dev/null
# for kita3.net, test nameserver 192.168.1.1 # for nice.kaze.com #domain kaze.com #nameserver (ネームサーバ A の IP address) #nameserver (ネームサーバ B の IP address) #nameserver (ネームサーバ C の IP address)
iface eth0 inet static # for test address 192.168.1.201 network 192.168.1.0 netmask 255.255.255.0 broadcast 192.168.1.255 gateway 192.168.1.1 # for kita3.net #address 192.168.1.210 #network 192.168.1.0 #netmask 255.255.255.0 #broadcast 192.168.1.255 #gateway 192.168.1.1 # for nice.kaze.com #address (nice.kaze.com の IP address) #network (network) #netmask (netmask) #broadcast (broadcast の IP address) #gateway (gateway の IP address) iface lo inet loopback auto eth0 lo
127.0.0.1 localhost # for test 192.168.1.201 nice.kaze.com # for kita3.net #192.168.1.210 kita3.net # for nice.kaze.com #(nice.kaze.com の IP address) nice.kaze.com
nice.kaze.com
kita3.net
ALL : 127.0.0.1 ALL : ALL
ALL : ALL
20-21 | ftp |
22 | ssh |
80 | http |
110 | pop3 |
143 | imap |
443 | https |
587 | submission |
10000 | webmin |
# cd /mnt # tar cpf /mnt2/image.tar ./として /mnt ディレクトリを /mnt2/image.tar にバックアップすると、以下のように記録されます。
./bin/ ./bin/arch ./bin/bash ./bin/cat (以下省略)
# cd /mnt # tar xf /mnt2/image.tar元の /mnt 以下に展開されますが、以下のようにすると
# cd / # tar xf /mnt2/image.tar/ 以下に展開されます。
# mount /dev/hda1 /mnt # mount /dev/hda3 /mnt2
# cd /mnt # tar cpf /mnt2/share/yyyymmdd-kuro-hg-hda1.tar ./
# echo -n 'OKOK' > /dev/fl3 # reboot
# cd /root # chmod 777 mkfs.sh # ./mkfs.shこの操作でパーティションが切り直されます。 80GB HDD でのパーティションは以下のようになります。 80GB 以外の HDD を使用する場合は、mkfs.dat を編集して「+60000M」「+512M」を適宜変更してください。 「+60000M」が /mnt の容量、「+512M」が swap の容量になり、それ以外が /mnt2 に割り当てられます。
/dev/hda1 /mnt 60.0GB /dev/hda2 swap 0.5GB /dev/hda3 /mnt2 19.5GB
# mount /dev/hda1 /mnt # mount /dev/hda3 /mnt2
# cd /mnt # tar xf /mnt2/share/yyyymmdd-kuro-hg-hda1.tar
# echo -n 'OKOK' > /dev/fl3 # reboot
# chown -R nobody /mnt/share # chgrp -R nogroup /mnt/share