2012/11/21
2012/11/28
FTP Server
MySQL Server
Apache2.2.XPHP5.X
Web Service
Server
VM Player
Finish
VM
License
AgreementYES
VM PlayerVirtual Machine
Create a New Virtual Machine
VM PlayerISO
FreeBSD9.X
FreeBSDwww.freebsd.org
9.0FreeBSD()
Install
default key
mapping
TABNo
OK
hostname
test.center.kl.edu.t
w
games
portssrc
Enter
Guided()
Enter Disk
FreeBSD
/freebsd-bootfreebsd-swap/var/usr/usr/local//home/tmp
(mount point)
(size)
(type)
1-5G
freebsd-ufs
FreeBSD
/usr
5-20G
freebsd-ufs
FreeBSD
5G
/usr/local
5-10G
freebsd-ufs
()
/home
1-XXG
freebsd-ufs
/var
5-20G
freebsd-ufs
log
/tmp
1-5G
freebsd-ufs
None
1-XXG
freebsd-swap
SWAP
4
C(Create)
D(Delete)
M(Modify)
F(Finish)
C(Commit)
Enter
FreeBSD
base()kernel( )
root
(IP)
IPV4IPV6IPV6
TABNoEnter
IPV6
DHCP?YesNo
DNSGateWayNetMask
IPV4
IP192.168.209.129DNS192.168.209.2
GateWay192.168.209.1NetMask255.255.255.0
UTCOK
sshd
FreeBSD9.0crash dumps()
/var Enter
Yes
yenchunwheel
root()FreeBSDroot
(wheel)(su -> super user)
root
Yesyenchun
noEnter
#Exit
EnterReboot()FreeBSD
IPhostnameVM
FreeBSD
FreeBSD
FreeBSD
Serverputty
puttyServerServersshdkey
YServer
sshdkey/
wheel
su rootrootrootmake
sysintsall.
FreeBSD9.X
IPhostname(IPV6)
()
ports
sudo suroot
IPhostname
/etc/rc.conf/etc/reslov.conf/etc/hosts
ee /etc/rc.conf
d()Ctrl+k(
)
IPV6
IPV6
ping6 ::1
()rc.conf
ipv6_activate_all_interfaces="YES
ipv6_ipv4mapping="YES
ifconfig_bge0_ipv6="2001:288:2418::1"
ipv6_defaultrouter="2001:288:2418::254"
ee /etc/resolv.conf
VM
domainnameserver
ee /etc/hosts
Hosts
(hostname)IP
?
()
ee /etc/csh.cshrc (root)
exitroot
ls
alias ls ls -FGa
setenv LSCOLORS ExGxFxdxCxegedabagExEx
setenv CLICOLOR yes
if ( $tty =~ ttyv* ) then
setenv TERM cons25
else
setenv TERM xterm-color
endif
if ( $USER == root ) then
set prompt="%B[%n@%m %/]# "
else
set prompt="%B[%n@%m %/]> "
endif
set autolist
F (/)G a
G LSCOLORS
LSCOLORS 22 22
Tab
set autolist
root
ntpdate tock.stdtime.gov.tw
ee /etc/crontab
0 0 * * *
root
ntpdate tock.stdtime.gov.tw
^^ ^^ ^^ ^^
^^^^
^^^
^^
TAB()00
root00root
ntpdate tock.stdtime.gov.tw
1. cd /root
make bin
2. cd /root/bin
ee trash
#!/bin/sh
mv $@/root/.trash/
3. chmod +x /root/bin/trash
4. mkdir /root/.trash
5. ee /root/.cshrc
alias rm
trash
^^^^ TAB
6. source /root/.cshrc
#rootbin
#
#.trash()
#.cshrc
7. (rm )/root/.trash
ls /root/.trash
8. \rm
ports
portsportsnap
port tree
1. /etc/portsnap.conf
SERVERNAME=portsnap.tw.FreeBSD.org
2. mkdir /usr/ports
3. cd /usr/ports
portsnap fetch extract #
/etc/make.conf
MASTER_SITE_BACKUP?= \
ftp://ftp9.tw.freebsd.org/pub/FreeBSD/distfiles/${DIST_SUBDIR}/\
ftp://ftp10.tw.freebsd.org/pub/FreeBSD/distfiles/${DIST_SUBDIR}/\
ftp://ftp13.tw.freebsd.org/pub/FreeBSD/distfiles/${DIST_SUBDIR}/\
ftp://ftp7.tw.freebsd.org/pub/FreeBSD/distfiles/${DIST_SUBDIR}/\
ftp://ftp5.tw.freebsd.org/pub/FreeBSD/distfiles/${DIST_SUBDIR}/\
ftp://ftp.tw.freebsd.org/pub/FreeBSD/distfiles/${DIST_SUBDIR}/\
ftp://ftp2.tw.freebsd.org/pub/FreeBSD/distfiles/${DIST_SUBDIR}/\
ftp://ftp12.tw.freebsd.org/pub/FreeBSD/distfiles/${DIST_SUBDIR}/\
ftp://ftp6.tw.freebsd.org/pub/FreeBSD/distfiles/${DIST_SUBDIR}/\
ftp://ftp11.tw.freebsd.org/pub/FreeBSD/distfiles/${DIST_SUBDIR}/\
ftp://ftp8.tw.freebsd.org/pub/FreeBSD/distfiles/${DIST_SUBDIR}/\
ftp://ftp3.tw.freebsd.org/pub/FreeBSD/distfiles/${DIST_SUBDIR}/\
ftp://ftp4.tw.freebsd.org/pub/FreeBSD/distfiles/${DIST_SUBDIR}/\
ftp://ftp.freebsd.org/pub/FreeBSD/ports/distfiles/${DIST_SUBDIR}/
MASTER_SITE_OVERRIDE?= ${MASTER_SITE_BACKUP}
WITHOUT_X11=yes
ports
sudo suroot
1. cd /usr/ports/security/sudo
make install clean;rehash
Enter
ee /usr/local/etc/sudoers
22 User_Alias ADMINS =
User#
86 %wheel ALL=(ALL) NOPASSWD: ALL
#
rootsudo su
FreeBSD
cp
(-rf)
cp named.conf namedb.conf.20121121
cp -rf /etc/namedb /home/test
mv
mv namedb.conf.20121121 named.conf
rm
(-rf)
rm test
rm -rf /var/log/temp
passwd
mkdir
mkdir /tmp/log
rmdir
(rm -rf)
ee
pe2
ping
ipdomain
cd
cd /etc/namedb/
tar
FreeBSD9.XDNS
DNS(ports)
named.conf
DNS
DNS
DNS
DNSIP
Domain
www.kl.edu.tw -> 210.240.6.7
www.center.kl.edu.tw -> 210.240.6.7
IP
IP
domain(
)IPIP
domain()
DNS(ports)
1. cd /usr/ports/dns/bind99
make install clean;rehash
2./etc/rc.conf
ee /etc/rc.conf
named_enable="YES"
named_program="/usr/local/sbin/named"
named_flags="-c /etc/namedb/named.conf
3. rndc
/usr/sbin/rndc-confgen -a #rndc.key
rndc-confgen > /etc/namedb/rndc.conf
# rndc.conf
4. rndc.conf
# Start of rndc.conf
key "rndc-key" {
algorithm hmac-md5;
secret "73u+sJ8+Gj3F/ok3f1cZAQ==";
};
options {
default-key "rndc-key";
default-server 127.0.0.1;
default-port 953;
};
# End of rndc.conf
# Use with the following in named.conf, adjusting the allow list as needed:
# key "rndc-key" {
#
algorithm hmac-md5;
#
secret "73u+sJ8+Gj3F/ok3f1cZAQ==";
# };
#
# controls {
#
inet 127.0.0.1 port 953
#
allow { 127.0.0.1; } keys { "rndc-key"; };
# };
# End of named.conf
5. rndc.key
key "rndc-key" {
algorithm hmac-md5;
secret "n8hotTpN5sLHbWuiXBqPTQ==";
};
rndc.conf
6. rndc.key
key "rndc-key" {
algorithm hmac-md5;
secret "n8hotTpN5sLHbWuiXBqPTQ==";
};
rndc.conf
7. /etc/namedb/named.conf
#
# Use with the following in named.conf, adjusting
the allow list as needed:
# key "rndc-key" {
#
algorithm hmac-md5;
#
secret "n8hotTpN5sLHbWuiXBqPTQ==";
# };
#
# controls {
#
inet 127.0.0.1 port 953
#
allow { 127.0.0.1; } keys { "rndc-key"; };
# };
# End of named.conf
8. bind9.9.x
/usr/local/sbin/named -c /etc/named/named.conf
sockstat | grep 953
rndcBind9.9.X
9.IPV6
28-30
listen-on-v6 {
any;
};
10.
A
C
};
named.conf
zone "bdjh.kl.edu.tw"{
bdjh.kl.edu.tw
type master;
bdjh.kl.edu.tw.fwd
file "/etc/namedb/bdjh.kl.edu.tw.fwd"; /etc/namedb
};
zone "129.20.240.210.in-addr.arpa"{
129.20.240.210.intype master;
addr.arpa
file "/etc/namedb/210.240.20.129.rev"; 210.240.20.129.rev
/etc/namedb
};
zone "8.1.4.2.8.8.2.0.1.0.0.2.IP6.ARPA" {
IPV6
type master;
1.0.0.2.IP6.ARP
A
A.
IN NS ms1.bdjh.kl.edu.tw
# bdjh.kl.edu.twDNSms1.bdjh.kl.edu.tw
IN MX ASPMX.L.GOOGLE.COM. # Gmail
ms1 IN A 210.240.20.129
# ms1.bdjh.kl.edu.twIP210.240.20.129
ms1 IN AAAA 2001:288:2418::1 #ms1.bdjh.kl.edu.twIPV62001:288:2418::1
www IN CNAME ms1.bdjh.kl.edu.tw #ms1.bdjh.kl.edu.tw = www.bdjh.kl.edu.tw
B.
a
b
a. 210.240.28.129 DNSms1.mdjh.kl.edu.tw
b. 210.240.28.129ms1.mdjh.kl.edu.tw
C. IPV6
8.1.4.2.8.8.2.0.1.0.0.2.ip6.arpa. IN NS ms1.bdjh.kl.edu.tw.
# 8.1.4.2.8.8.2.0.1.0.0.2.ip6.arpa. IPV6 ms1.bdjh.kl.edu.tw Server
1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.1.4.2.8.8.2.0.1.0.0.2.ip6.arpa.
ms1.bdjh.kl.edu.tw.
IN
# 2001:288:2418::1 V6 IPms1.bdjh.kl.edu.tw
PTR
IPV6 IP
2001:0288:2418::/64
8.1.4.2.8.8.2.0.1.0.0.2.ip6.arpa.
IPV6
2001:0288:2418::0000:0000:0000:0000::0001
1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.1.4.2.8.8.2.0.1.0.0
.2.ip6.arpa.
DNS
1. PCnslookup
nslookup IPhostname
210.240.1.1DNS
(IPV4V6
Google public DNS(8.8.8.8)
DNS
DNS
2. Server
dig ns -
dig -x IP - IP
1. named.conf
2. DNS
3. DNS
4. DNSipv6
FreeBSD9.X
ipfw
ipfw
ipfw
ipfw
FreeBSD8.0ipfw
/etc/rc.conf
firewall_enable="YES"
firewall_type="OPEN"
firewall_script="/etc/rc.firewall"
firewall_logging_enable="YES"
ipfw()
ipfw add
(option)
udp | tcp
| icmp
B. C. D. E. F. G. H.
G.
keep-state:
established:
H.
limit {src-addr | src-port | dst-addr | dst-port}
# keep-state limit
ipfw
/etc/rc.firewall
#
1. ping(IPV6)
2. DNSFTPMailWWWSSH port
3. 80443 port
4. DDOS()
A
B
#!/bin/sh
ipfw -q -f flush
if="bge0"
ipfw add allow icmp from any to any via $if
ipfw add allow icmp6 from any to any via $if
ipfw add allow tcp from any to any 25 via $if setup
ipfw add allow tcp from any to any 110 via $if setup
ipfw add allow tcp from any to any 143 via $if setup
ipfw add allow tcp from any to any 993 via $if setup
ipfw add allow tcp from any to any 995 via $if setup
ipfw add allow tcp from any to any 21 via $if setup limit src-addr 30
ipfw add allow tcp from any to any established
ipfw add allow tcp from any to any 10050-10080
ipfw add allow tcp from any to any 22 via $if setup limit src-addr 5
ipfw add allow tcp from any to me 80 in via $if setup limit src-addr 50
ipfw add allow tcp from any to me 443 in via $if setup limit src-addr 50
ipfw add allow tcp from any to me6 80 in via $if setup limit src-addr 50
ipfw add allow tcp from any to me6 443 in via $if setup limit src-addr 50
ipfw add allow log tcp from any to me 8080 in via $if setup limit src-addr 20
A1. Script
2.
B. ping(IPV6)
C. Mail Service
D1. 21 port30
2. tcp
3. tcp port rang 10050-10080(ftp
passive modeftp)
E1.22 port5
2.80443 port
50IPV6
3.8080 port
20
F
G
H
J
K
L
ipfw add allow tcp from any to 210.240.1.1 53 out via $if setup keep-state
ipfw add allow udp from any to 210.240.1.1 53 out via $if keep-state
ipfw add allow udp from any to tock.stdtime.gov.tw 123 out via $if keep-state
ipfw add allow tcp from me to any out via $if setup keep-state uid root
ipfw add allow ip6 from me6 to any proto udp dst-port 53 keep-state
ipfw add allow ip6 from me6 to any proto udp src-port 53 keep-state
ipfw add allow ip6 from any to me6 proto udp dst-port 53 keep-state
ipfw add allow ip6 from any to me6 proto udp src-port 53 keep-state
ipfw add deny log tcp from me 80 to any out via $if
ipfw add deny log tcp from me6 80 to any out via $if
ipfw add deny log tcp from any to any in tcpflags syn,fin
ipfw add deny log all from any to any
F. DNSDNS IP
/etc/resolv.conf
G. tock.stdtime.gov.tw
ntpdate()udp 123 port
H.make installcvsup
root
I. IPV6 DNS
J. 80 port
(IPV6)
# XSSBotNet
K. DDOS
L.
(rc.firewall)
sh /etc/rc.firewall
ssh()
FTP Service
FTP(File Transfer Protocol)
FTP
FTP Site()
FTP Serviceproftpd
proftpd
cd /usr/ports/ftp/proftpd
make install clean
Proftpd
ports
Perl
Perlm4
help2man
proftpd.conf
17PassivePorts
10050 10080
10050 10080rc.firewall
41#
48DenyAllAllowAll
proftpd=YES /etc/rc.conf
echo 'proftpd="YES"' >> /etc/rc.conf
proftpd ->
/usr/local/etc/rc.d/proftpd start
PCFTP ClientFileZilla
FTP Service IP
()
()(r)(w)
(x)()421
755
7
4+2+1()
=7
5
4+1(
)=5
5
4+1()=5
MySQL Server
MySQLUNIX-like
xoops
MySQL
MySQL5.5.X
makefile
ee /usr/ports/databases/mysql55server/makefile
-DWITH_LIBWRAP=1
-DDEFAULT_CHARSET="utf8" \
-DDEFAULT_COLLATION="utf8_general_ci" \
-DWITH_EXTRA_CHARSETS="complex" \
-DBUILD_OPTIMIZED="yes" \
-DWITH_LIBWRAP=1\
-DBUILD_STATIC=yes\
MySQL5.5Cmake portsmake
Makefile
MySQL5.5
Server
Client
MySQL
cp /usr/local/share/mysql/my-huge.cnf
/var/db/mysql/my.cnf
MySQL root
/usr/local/etc/rc.d/mysql-server start
/usr/local/bin/mysqladmin -u root password
xxxx
xxxxmysql root
Apache2.2.XPHP5.X
ApacheWeb
ServerPHP
PHP
Web ServiceMySQL
cd /usr/ports/www/apache22
make install clean
Enter
apache22_enable=YES/etc/rc.conf
echo 'apache22_enable="YES"' >> /etc/rc.conf
php5.X
cd /usr/ports/lang/php5
make install clean
php5-extension
php5-extension(php)php4.4
php
cd /usr/ports/lang/php5-extension
make install clean
BCMATHBZ2
CALENNDARCURLEXIFFTPGD
GETTEXTMBSTRINGMYSQLMYSQLI
ODBCOPENSSLPDFSNMPZIPZLIB
Enter
Web Service
Apache
1. ee /usr/local/etc/apache22/httpd.conf
196Indexes
218index.htmlindex.htm
index.php
360
AddType application/x-httpd-php .php
AddType application/x-httpd-php-source .phps
442457#
2. ee /usr/local/etc/apache22/extra/httpd-default.conf
55ServerTokensprod
65OnOff
3. ee /usr/local/etc/apache22/extra/httpd-userdir.conf
18-19indexes
()php.ini
cd /usr/local/etc
cp php.ini-production php.ini
ee php.ini
791 file_uploads = On
796 #upload_tmp_dir = /tmp
800 upload_max_filesize = 2M
2M
803 max_file_uploads = 20
20
672 post_max_size = 8M
post
upload_max_filesize
8M8
919#
date.timezone = "Asia/Taipei
Apache ->
/usr/local/etc/rc.d/apache22 restart
php
ee /usr/local/www/apache22/data/info.php
<?
phpinfo()
?>
info.php
phpinfo
phpMyAdminMySQL
cd /usr/local/www/apache22/data
#
ftp -a freebsd.csie.nctu.edu.tw
#ftp site
bi
#
cd /pub/distfiles
#
ls phpMy*
# phpMy
get phpMyAdmin-3.5.3-all-languages.tar.xz
#phpMyAdmin-3.5.X
exit
#freebsd.csie.nctu.edu.tw
mv phpMyAdmin-3.5.3-all-languages.tar.xz
phpMyAdmin-3.5.3-all-languages.tar.gz
#
tar zxvf phpMyAdmin-3.5.3-all-languages.tar.gz
mv phpMyAdmin-3.5.3-all-languages
phpMyAdmin
#
cd phpMyAdmin
cp config.sample.inc.php config.inc.php
ee config.inc.php
32tcphttp
44-46//controluser
controlpassrootpassword(MySQL)
48-55//
57-59//
110//en
zh-TW
config.inc.php
http://xxx.xxx.xxx.xxx/phpMyAdmin
MySQLroot
Server
FreeBSD?
phpinfo??
FreeBSDroot?
MySQLroot?
#
??
MySQLphpMyAdmin
?xoops??
FreeBSD
root
wheel
root
mysql
MySQL Server
MySQL
wheel
su(
sudo su)root
()xoops
!
MySQL Serverroot
phpMyAdminMySQL
phpinfo?
php.ini
short_open_tag = (221)
OffOn
Apache ->
/usr/local/etc/rc.d/apache22 restart
FreeBSDroot
1.ServerCtrl+Alt+Del
2.()(10)6
NOYESEnter
5. reboot
new_pass
new_pass
5. flush privileges;
6. quitMySQL
7. killall mysqld #MySQL
8. /usr/local/etc/rc.d/mysql-server start
#MySQL
MySQLroot
1.killall mysqld() #MySQL
2.cd /usr/local/bin
./mysqld_safe --skip-grant-tables &
#MySQL
3. ./mysql -u root -p
#MySQL
4. use mysql;
update user set password=password
("new_pass") where user="root";
fsck -y
(reboot)
()
phpMyAdmin
phpMyAdimin
:
cd /var/db/mysql
chown -R mysql:mysql ipv6