 |
全力打造多功能FreeBSD服务器 |
|
|
| 全力打造多功能FreeBSD服务器 |
|
| 作者:佚名 文章来源:不详 点击数: 更新时间:2007-1-23 20:35:25 |
|
硬件:赛扬566、128MB内存、20GB硬盘9(/ /home /usr /var /tmp四个分区),8029兼容网卡等等;
软件:最小安装的FreeBsd 4.7
还是按由浅到深的顺序来讲吧;
1、安装webmin:
# tar -zxvf webmin-version.tar.gz
# mv webmin-version /usr/local/webmin
# cd webmin
# chmod 755 setup.sh
# ./setup.sh
然后基本上一路回车就能搞定,不要说这些简单E文你也不懂啊:)
2、apache+mysql+php的安装;
需要的软件包:
httpd-2.0.43.tar.gz
mysql-3.23.53.tar.gz
php-4.3.2.tar.gz
假设这些软件包存放在/home/down目录下
a、安装Mysql
# pw groupadd mysql
# pw useradd mysql -g mysql -s /nonexitent
# tar -zxvf mysql-3.23.53.tar.gz
# mv mysql-3.23.53 mysql
# cd mysql
# ./configure --prefix=/usr/local/mysql
# make
# make install
# scripts/mysql_install_db
# chown -R root /usr/local/mysql
# chown -R mysql /usr/local/mysql/var
# chgrp -R mysql /usr/local/mysql
# cp support-files/my-medium.cnf /etc/my.cnf
# /usr/local/mysql/bin/safe_mysqld --user=mysql &
# echo "/usr/local/mysql/bin/safe_mysqld --user=mysql &" >> /etc/rc.local
# cd /usr/local/mysql/bin
# ./mysqladmin -u root -p password "your-password"
b、安装apache
# cd /home/down
# tar -zxvf httpd-2.0.43.tar.gz
# mv httpd-2.0.43 apache
# cd apache
# ./configure --prefix=/usr/local/apache --with-mysql=/usr/local/mysql --enable-shared=max --enable-module=so
# make
# make install
# mv /usr/local/apache/htdocs/index.html.en /usr/local/apache/htdocs/index.html
# /usr/local/apache/bin/apachectl start
c、安装php
# cd /home/down
# tar -zxvf php-4.3.0.tar.gz
# mv php-4.3.0 php
# cd php
# ./configure --prefix=/usr/local/php4 --with-mysql=/usr/local/mysql --with-apxs2=/usr/local/apache/bin/apxs
# make
# make install
# ee /usr/local/apache/conf/httpd.conf
在其中加上下面三行代码,就可以使apache支持php了,然后保存退出。
LoadModule php4_module modules/libphp4.so
AddType application/x-httpd-php .php
AddType application/x-httpd-php-source .phps
然后在httpd.conf文件查找DirectoryIndex index.html,在它后面加上index.htm index.php。
到此apache+mysql+php已经配置完毕!!
3、Proftpd的安装,并使之与mysql整合
需要的软件包,存放在/home/down
proftpd-1.2.7.tar.gz
mod_sql-4.0.8.tar.gz
# cd /home/down
# tar –zxvf proftpd-1.2.7.tar.gz
# mv proftpd-1.2.7 proftpd
# cp mod_sql-4.0.8.tar.gz proftpd/contrib/
# cd proftpd/contrib/
# tar -zxvf mod_sql-4.0.8.tar.gz
# ee mod_sql_mysql.c
将#include <mysql/mysql.h>改成#include </usr/local/mysql/include/mysql/mysql.h>
这里假设你的Mysql安装在/usr/local/mysql
# cd ..
配置使Proftpd支持MySQL认证:
#./configure --prefix=/usr/local/proftpd /
--with-modules=mod_sql:mod_sql_mysql /
--with-includes=/usr/local/mysql/include/mysql /
--with-libraries=/usr/local/mysql/lib/mysql
# make
# make install
安装完之后,可以按下列步骤进行测试,Proftpd是否能正常工作:
# sh sample-configurations/PFTEST.install
测试的所需要的临时文件被放置在/tmp/PFTEST目录中,运行命令:
# ./proftpd -n -d 5 -c /tmp/PFTEST/PFTEST.conf
如果能正常运行,你可以发现有很多的信息而且最后一行会出现:
ProFTPD 1.2.6 (built ***) standalone mode STARTUP
说明服务启动了,它用的端口是2021,你可以用用户proftpd与密码 proftpd进行登录测试。如果正常,你可以做下列准备;否则要检查安装是否正确。
为FTP服务建立相应的数据库及其表。
1、你可以为此服务建立专门的数据库,也可以放在其它的数据库中。在此我专门建立一个专门的数据库FTP:
> create database proftpd;
然后在这个数据库中建立一个用户表ftpusers,这个表是必须的:
> use proftpd;
> create table ftpusers (
> userid TEXT NOT NULL,
> passwd TEXT NOT NULL,
> uid INT NOT NULL,
> gid INT NOT NULL,
> home TEXT,
> shell TEXT
> );
此表格是为了用户认证所需要的,其中userid、passwd是必不可少的,userid是用做FTP服务的用户名;passwd是指此用户的密码; uid是系统用户的ID,也就是所映射的系统用户;gid是所属系统组的ID;home是该用户所在的HOME目录;shell可以为该用户指定相应的 shell。当然你可以建立更多的字段,例如:用来记录用户登录次数的count,或者是日期的date,如果你对配置熟悉了之后,你可以根据自己的喜欢添加更多的功能。在此就不多讲。
3、如果你想需要所有的功能,你还可以添加另外一个需要的表:ftpgroups,也就是确定组的表格,当然也可以不用,这里讲一个它的格式:
create table ftpgroups (
groupname TEXT NOT NULL,
gid SMALLINT NOT NULL,
members TEXT NOT NULL
);
其中groupname是组的名称,gid是系统组的ID,members是组的成员。注意:多成员,他们之间要用逗号隔开,不能使用空格。
为空表格插入记录:
insert INTO ftpusers (userid, passwd, uid, gid, home, shell)
values ('test', 'test', '2000', '2000', '/home/ftp/test', ' ');
按此格式你可以插入这每一个用户添加一个记录。
如果你要想应用到更多的功能,且建立了组的表格,你也要为此添加记录,不过一定要注意在members的字段多个成员一定要用逗号隔开。
为FTP用户建立相应的系统用户。
在本例中,只整个FTP服务只提供一个有效的系统用户ftpusers和组ftpgroups,当然你也可以设置多个系统用户。但出于安全的考虑,我只设一个,用他来启动FTP daemon,并把所有的FTP用户映射到这个用户。
先建立FTPGRP组:
# pw groupadd ftpgroups –g 2000
建立FTPUSR用户:
# pw adduser ftpusers –u 2000 –g 2000 –d /home/ftp –s /nonexistent
为FTPUSR建立HOME,把所有的FTP user 活动空间全放在此目录下:
# mkdir /home/ftp
# chown ftpusers /home/ftp
# chgrp ftpgroups /home/ftp
现在可以在mysql的FTP数据库中建立磁盘限制数据表了,呵呵,利用phpmyadmin帮忙就可以了:
create TABLE quotalimits (
name VARCHAR(30),
quota_type ENUM("user", "group", "class", "all") NOT NULL,
per_session ENUM("false", "true") NOT NULL,
limit_type ENUM("soft", "hard") NOT NULL,
bytes_in_avail FLOAT NOT NULL,
bytes_out_avail FLOAT NOT NULL,
bytes_xfer_avail FLOAT NOT NULL,
files_in_avail INT UNSIGNED NOT NULL,
files_out_avail INT UNSIGNED NOT NULL,
files_xfer_avail INT UNSIGNED NOT NULL
);
create TABLE quotatallies (
name VARCHAR(30) NOT NULL,
quota_type ENUM("user", "group", "class", "all") NOT NULL,
bytes_in_used FLOAT NOT NULL,
bytes_out_used FLOAT NOT NULL,
bytes_xfer_used FLOAT NOT NULL,
files_in_used INT UNSIGNED NOT NULL,
files_out_used INT UNSIGNED NOT NULL,
files_xfer_used INT UNSIGNED NOT NULL
);
说明一下,quotatallies表不需要作修改,它记录了用户当前的磁盘使用情况,由程序自动记录
要注意的是quotalimits 表中一些字段的含意
quota_type 磁盘限额的鉴别,可以设置单各用户,也可以设置一各组中的全部用户,还可以设置全部用户
bytes_in_avail 上传最大字节数,就是FTP用户空间容量 (设置个字段的时候是以byte(字节)为单位,如果要限额在10M,那就是10240000,下面也一样)
bytes_out_avail 下载最大字节数,需要注意的是,这个字段中记录的是用户总共能从服务器上下载多少数据,数据是累计的。
bytes_xfer_avail 总共可传输的文件的最大字节数(上传和下载流量)需要注意的是,这个字段中记录的是用户总共能传输文件的最大字节数,数据是累计的。
files_in_avail INT 总共能上传文件的数目
files_out_avail INT 能从服务器上下载文件的总数目
files_xfer_avail INT 总共可传输文件的数目(上传和下载)
然后再把下面一些SQL语句copy到proftpd.conf中即可,无须改动:
#以下是SQL调用语句,不用修改直接拷贝过去
SQLNamedQuery get-quota-limit select "name, quota_type, per_session, limit_type, bytes_in_avail, /
bytes_out_avail, bytes_xfer_avail, files_in_avail, files_out_avail, files_xfer_avail FROM quotalimits /
where name = '%{0}' AND quota_type = '%{1}'"
SQLNamedQuery get-quota-tally select "name, quota_type, bytes_in_used, bytes_out_used, /
bytes_xfer_used, files_in_used, files_out_used, files_xfer_used FROM quotatallies /
where name = '%{0}' AND quota_type = '%{1}'"
SQLNamedQuery update-quota-tally update "bytes_in_used = bytes_in_used + %{0}, /
bytes_out_used = bytes_out_used + %{1}, bytes_xfer_used = bytes_xfer_used + %{2}, /
files_in_used = files_in_used + %{3}, files_out_used = files_out_used + %{4}, /
files_xfer_used = files_xfer_used + %{5} /
where name = '%{6}' AND quota_type = '%{7}'" quotatallies
SQLNamedQuery insert-quota-tally insert "%{0}, %{1}, %{2}, %{3}, %{4}, %{5}, %{6}, %{7}" quotatallies
QuotaLimitTable sql:/get-quota-limit
QuotaTallyTable sql:/get-quota-tally/update-quota-tally/insert-quota-tally
设置proftpd的主配置文件。
Proftpd的配置文件proftpd.conf在/usr/local/etc/目录下,针对不用的认证可以使用不同的配置文件。使用MySQL认证,可以把mod_sql.conf拷贝到/usr/local/etc下面并将其改名为proftpd.conf。
修改proftpd.conf文件,具体内容如下:
#设置FTP服务器的名称:
ServerName "My FTP Server"
#设置FTP服务器的类型:
ServerType standalone
DefaultServer on
#设置根,可以限制用户在某个地方活动,增强服务器的安全性。
DefaultRoot ~
#设置FTP服务端口号,标准的FTP服务端口是21。
Port 21
#设置新建文件或目录时,设置权限的掩码:
Umask 022
#设置系统日志文件:
SystemLog /var/log/ftp.syslog
#设置记录文件传输的日志文件:
TransferLog /var/log/ftp.transferlog
#设置最大的尝试登录的次数,如果超过自动断开连接:
MaxLoginAttempts 3
#设置断点继传
AllowRetrieveRestart on
#针对IP的速率限制(以BPS为单位,下面是80KB/S)
RateReadBPS 80000
RateWriteBPS 80000
#设置MySQL认证:
<Global>
#数据库联接的信息,DatabaseName是数据库名, HostName是主机名,
#Port是端口号,UserName是连接数据库的用户名,Password是密码。
SQLConnectInfo DatabaseName@HostName:Port UserName Password
#我的实例是SQLConnectInfo FTP@localhost:3306 root ******
#数据库认证的类型:
SQLAuthTypes Backend Plaintext
#指定用来做用户认证的表的有关信息。
SQLUserInfo FTPUSERS userid passwd uid gid home shell
#设置如果shell为空时允许用户登录:
RequireValidShell off
#数据库的鉴别,这里是用于用户的方式:
SQLAuthenticate users
#如果home目录不存在,则系统会为根据它的home项新建一个目录:
SQLHomedirOnDemand on
</Global>
#防止DoS攻击,设置最大的了进程:
MaxInstances 30
#设置正常服务的系统用户与组:
User ftpusers
Group ftpgroups
#设置用户登录时显示的信息及进入各个子目录中的信息:
DisplayLogin welcome.msg
DisplayFirstChdir .message
#设置最大的登录数:
MaxClients10
#支持断点续传:
AllowRetrieveRestart on
AllowStoreRestart on
测试:
完成了文件的配置,你可以启动Proftpd服务了,用来测试是否成功:
修改apahce的配置文件,使通过mysql添加的proftpd用户目录能被web浏览
将UserDir public_html
改为UserDir /home/ftp/*/
然后重启apache使改动生效,再启动proftpd用test帐号登陆,进行测试。
# /usr/local/proftpd/sbin/proftpd –n &
注意:在FreeBSd4.7和5.0下运行Proftpd,这时可能会提示下面的错误
/usr/local/ftp/sbin/proftpd: error while loading shared libraries: libmysqlclient.so.10: cannot open shared object file:
No such file or directory
解决方案如下:
安装mysql时,将mysql库所在的目录添加进配置文件中,例如
echo "/usr/local/mysql/lib/mysql" >> /etc/ld.so.conf
然后执行ldconfig -v|grep libmysqlclient ,再试试!
或者将/usr/local/mysql/lib/mysql/下的文件全部copy到/usr/lib中即可。
如果test登陆成功的话,在test用户根目录里放置一个index.html文件
通http://yourserver/~test/看能否访问。
未完待续,希望起到抛砖引玉的作用,大家可以接着写啊,偶技术太烂了,已经好一阵子没玩过BSD了,555~~~~
我的proftpd.conf配置文件:
ServerName "白狐狸's FTP Server"
ServerType standalone
DefaultServer on
# Port 21 is the standard FTP port.
Port 21
# Umask 022 is a good standard umask to prevent new dirs and files
# from being group and world writable.
Umask 022
#limit the user in his owner directory
DefaultRoot ~
#put the proftpd log files in /var/log/ftp.syslog
SystemLog /var/log/ftp.syslog
#TransferLog log files
TransferLog /var/log/ftp.transferlog
#set The maxtimes user Attempts times
MaxLoginAttempts 3
#setup the Restart
AllowRetrieveRestart on
#setup the download and upload speed
RateReadBPS 80000
RateWriteBPS 80000
#setup the disk quota
QuotaDirectoryTally on
#quota b"|"Kb"|"Mb"|"Gb"
#setup the disk quota
QuotaDirectoryTally on
#quota b"|"Kb"|"Mb"|"Gb"
QuotaDisplayUnits Kb
QuotaEngine on
QuotaLog /var/ftp/Quota.log
QuotaShowQuotas on
# We put our mod_sql directives in a <Global> block so they'll be
# inherited by the <Anonymous> block below, and any other <VirtualHost>
# blocks we may want to add. For a simple server these don't need to
# be in a <Global> block but it won't hurt anything.
<Global>
# Specify our connection information. Both mod_sql_mysql and
# mod_sql_postgres use the same format, other backends may specify a
# different format for the first argument to SQLConnectInfo. By not
# specifying a fourth argument, we're defaulting to 'PERSESSION'
# connections -- a connection is made to the database at the start of
# the session and closed at the end. This should be fine for most
# situations.
# SQLConnectInfo dbname@host:port username password
SQLConnectInfo ftp@localhost:3306 root 12345678
# Specify our authentication schemes. Assuming we're using
# mod_sql_mysql, here we're saying 'first try to authenticate using
# mysql's password scheme, then try to authenticate the user's
# password as plaintext'. Note that 'Plaintext' isn't a smart way to
# store passwords unless you've got your database well secured.
SQLAuthTypes Backend Plaintext
# Specify the table and fields for user information. If you've
# created the database as it specifies in 'README.mod_sql', you don't
# need to have this directive at all UNLESS you've elected not to
# create some fields. In this case we're telling mod_sql to look in
# table 'users' for the fields 'username','password','uid', and
# 'gid'. The 'homedir' and 'shell' fields are specified as 'NULL' --
# this will be explained below.
# SQLUserInfo users username password uid gid NULL NULL
SQLUserInfo ftpusers userid passwd uid gid home shell
# Here we tell mod_sql that every user it authenticates should have
# the same home directory. A much more common option would be to
# specify a homedir in the database and leave this directive out. Note
# that this directive is necessary in this case because we specified
# the homedir field as 'NULL', above. mod_sql needs to get homedir
# information from *somewhere*, otherwise it will not allow access.
# SQLDefaultHomedir "/tmp"
# This is not a mod_sql specific directive, but it's here because of
# the way we specified 'SQLUserInfo', above. By setting this to
# 'off', we're telling ProFTPD to allow users to connect even if we
# have no (or bad) shell information for them. Since we specified the
# shell field as 'NULL', above, we need to tell ProFTPD to allow the
# users in even though their shell doesn't exist.
RequireValidShell off
# Here we tell mod_sql how to get out group information. By leaving
# this commented out, we're telling mod_sql to go ahead and use the
# defaults for the tablename and all the field names.
# SQLGroupInfo groups groupname gid members
# For small sites, the following directive will speed up queries at
# the cost of some memory. Larger sites should read the complete
# description of the 'SQLAuthenticate' directive; there are options
# here that control the use of potentially expensive database
# queries. NOTE: these arguments to 'SQLAuthoritative' limit the way
# you can structure your group table. Check the README for more
# information.
SQLAuthenticate users
# Finally, some example logging directives. If you have an integer
# field named 'count' in your users table, these directives will
# automatically update the field each time a user logs in and display
# their current login count to them.
# SQLNamedQuery getcount select "count, userid from users where userid='%u'"
# SQLNamedQuery updatecount update "count=count+1 where userid='%u'" users
# SQLShowInfo PASS "230" "You've logged on %{getcount} times, %u"
# SQLLog PASS updatecount
SQLHomedirOnDemand on
#...SQL...............
SQLNamedQuery get-quota-limit select "name, quota_type, per_session, limit_type, bytes_in_avail, bytes_out_avail, bytes_xfer_avail, files_in_avail, files_out_avail, files_xfer_avail FROM quotalimits where name = '%{0}' AND quota_type = '%{1}'"
SQLNamedQuery get-quota-tally select "name, quota_type, bytes_in_used, bytes_out_used, bytes_xfer_used, files_in_used, files_out_used, files_xfer_used FROM quotatallies where name = '%{0}' AND quota_type = '%{1}'"
SQLNamedQuery update-quota-tally update "bytes_in_used = bytes_in_used + %{0}, bytes_out_used = bytes_out_used + %{1}, bytes_xfer_used = bytes_xfer_used + %{2}, files_in_used = files_in_used + %{3}, files_out_used = files_out_used + %{4}, files_xfer_used = files_xfer_used + %{5} where name = '%{6}' AND quota_type = '%{7}'" quotatallies
SQLNamedQuery insert-quota-tally insert "%{0}, %{1}, %{2}, %{3}, %{4}, %{5}, %{6}, %{7}" quotatallies
QuotaLimitTable sql:/get-quota-limit
QuotaTallyTable sql:/get-quota-tally/update-quota-tally/insert-quota-tally
# close our <Global> block.
</Global>
# To prevent DoS attacks, set the maximum number of child processes
# to 30. If you need to allow more than 30 concurrent connections
# at once, simply increase this value. Note that this ONLY works
# in standalone mode, in inetd mode you should use an inetd server
# that allows you to limit maximum number of processes per service
# (such as xinetd)
MaxInstances 30
# Set the normal user and group permissions for the server.
User ftpusr
Group ftpgrp
# Normally, we want files to be overwriteable.
<Directory /*>
AllowOverwrite on
AllowRetrieveRestart on
AllowStoreRestart on
</Directory>
# A basic anonymous configuration, no upload directories. If you
# don't want to support anonymous access, simply remove this
# <Anonymous ..> ... </Anonymous> block.
<Anonymous ~ftp>
User ftp
Group ftp
# We want clients to be able to login with "anonymous" as well as "ftp"
UserAlias anonymous ftp
# Limit the maximum number of anonymous logins
MaxClients 10
# We want 'welcome.msg' displayed at login, and '.message' displayed
# in each newly chdired directory.
DisplayLogin welcome.msg
DisplayFirstChdir .message
# Limit WRITE everywhere in the anonymous chroot
<Limit WRITE>
DenyAll
</Limit>
</Anonymous>【转自世纪安全网 http://www.21safe.com】
|
|
| 文章录入:admin 责任编辑:admin |
|
|
上一篇文章: 使用证书身份验证的配置存储服务器连接性的ISA 2004 EE更新
下一篇文章: 黑客攻击行为的特征分析及反攻击技术 |
|
|
| 【字体:小 大】【发表评论】【加入收藏】【告诉好友】【打印此文】【关闭窗口】 |
|
|
 网友评论:(只显示最新10条。评论内容只代表网友观点,与本站立场无关!) |
|
|
|
|
|
