Anda di halaman 1dari 107

FreeBSD9.

2012/11/21

Virtual Machine PlayerServer


FreeBSD9.X
FreeBSD9.X
portsFreeBSD
Domain Server
IPFW

2012/11/28

FTP Server
MySQL Server
Apache2.2.XPHP5.X
Web Service
Server

Virtual Machine Player


Server
VM Player
http://www.vmware.com/products/player/

VM Player

Finish

VM
License
AgreementYES

VM PlayerVirtual Machine
Create a New Virtual Machine

VM PlayerISO

FreeBSD9.X
FreeBSDwww.freebsd.org

9.0FreeBSD()

Install

default key
mapping
TABNo
OK


hostname
test.center.kl.edu.t
w

games
portssrc

Enter
Guided()

Enter Disk

FreeBSD


/freebsd-bootfreebsd-swap/var/usr/usr/local//home/tmp

(mount point)

(size)

(type)

1-5G

freebsd-ufs

FreeBSD

/usr

5-20G

freebsd-ufs

FreeBSD
5G

/usr/local

5-10G

freebsd-ufs

()

/home

1-XXG

freebsd-ufs

/var

5-20G

freebsd-ufs

log

/tmp

1-5G

freebsd-ufs

None

1-XXG

freebsd-swap

SWAP
4

C(Create)
D(Delete)
M(Modify)

F(Finish)

C(Commit)
Enter

FreeBSD
base()kernel( )


root

(IP)

IPV4IPV6IPV6
TABNoEnter
IPV6

DHCP?YesNo
DNSGateWayNetMask
IPV4

IP192.168.209.129DNS192.168.209.2
GateWay192.168.209.1NetMask255.255.255.0

UTCOK

sshd

FreeBSD9.0crash dumps()
/var Enter

Yes

yenchunwheel
root()FreeBSDroot
(wheel)(su -> super user)
root
Yesyenchun

noEnter
#Exit

EnterReboot()FreeBSD
IPhostnameVM

FreeBSD

FreeBSD

FreeBSD

Serverputty

Host Name(IP address)


Save Sessions
Save
Load
Server

puttyServerServersshdkey
YServer
sshdkey/

wheel
su rootrootrootmake
sysintsall.

FreeBSD9.X

IPhostname(IPV6)
()

ports
sudo suroot

IPhostname

/etc/rc.conf/etc/reslov.conf/etc/hosts
ee /etc/rc.conf

d()Ctrl+k(
)

IPV6
IPV6
ping6 ::1
()rc.conf

ipv6_activate_all_interfaces="YES
ipv6_ipv4mapping="YES
ifconfig_bge0_ipv6="2001:288:2418::1"
ipv6_defaultrouter="2001:288:2418::254"

ee /etc/resolv.conf
VM

domainnameserver

ee /etc/hosts
Hosts

(hostname)IP
?

()
ee /etc/csh.cshrc (root)
exitroot
ls
alias ls ls -FGa
setenv LSCOLORS ExGxFxdxCxegedabagExEx
setenv CLICOLOR yes
if ( $tty =~ ttyv* ) then
setenv TERM cons25
else
setenv TERM xterm-color
endif
if ( $USER == root ) then
set prompt="%B[%n@%m %/]# "
else
set prompt="%B[%n@%m %/]> "
endif
set autolist

F (/)G a

G LSCOLORS
LSCOLORS 22 22

setenv LSCOLORS exfxcxdxbxegedabagacad


setenv TERM xterm-color
ls
set prompt="%B[%n@%m %/]> root

Tab
set autolist

root
ntpdate tock.stdtime.gov.tw

ee /etc/crontab
0 0 * * *
root
ntpdate tock.stdtime.gov.tw
^^ ^^ ^^ ^^
^^^^
^^^
^^
TAB()00
root00root
ntpdate tock.stdtime.gov.tw


1. cd /root
make bin
2. cd /root/bin
ee trash
#!/bin/sh
mv $@/root/.trash/
3. chmod +x /root/bin/trash
4. mkdir /root/.trash
5. ee /root/.cshrc

alias rm
trash
^^^^ TAB
6. source /root/.cshrc

#rootbin

#
#.trash()

#.cshrc

7. (rm )/root/.trash
ls /root/.trash
8. \rm

ports
portsportsnap
port tree
1. /etc/portsnap.conf
SERVERNAME=portsnap.tw.FreeBSD.org

2. mkdir /usr/ports
3. cd /usr/ports
portsnap fetch extract #

/etc/make.conf
MASTER_SITE_BACKUP?= \
ftp://ftp9.tw.freebsd.org/pub/FreeBSD/distfiles/${DIST_SUBDIR}/\
ftp://ftp10.tw.freebsd.org/pub/FreeBSD/distfiles/${DIST_SUBDIR}/\
ftp://ftp13.tw.freebsd.org/pub/FreeBSD/distfiles/${DIST_SUBDIR}/\
ftp://ftp7.tw.freebsd.org/pub/FreeBSD/distfiles/${DIST_SUBDIR}/\
ftp://ftp5.tw.freebsd.org/pub/FreeBSD/distfiles/${DIST_SUBDIR}/\
ftp://ftp.tw.freebsd.org/pub/FreeBSD/distfiles/${DIST_SUBDIR}/\
ftp://ftp2.tw.freebsd.org/pub/FreeBSD/distfiles/${DIST_SUBDIR}/\
ftp://ftp12.tw.freebsd.org/pub/FreeBSD/distfiles/${DIST_SUBDIR}/\
ftp://ftp6.tw.freebsd.org/pub/FreeBSD/distfiles/${DIST_SUBDIR}/\
ftp://ftp11.tw.freebsd.org/pub/FreeBSD/distfiles/${DIST_SUBDIR}/\
ftp://ftp8.tw.freebsd.org/pub/FreeBSD/distfiles/${DIST_SUBDIR}/\
ftp://ftp3.tw.freebsd.org/pub/FreeBSD/distfiles/${DIST_SUBDIR}/\
ftp://ftp4.tw.freebsd.org/pub/FreeBSD/distfiles/${DIST_SUBDIR}/\
ftp://ftp.freebsd.org/pub/FreeBSD/ports/distfiles/${DIST_SUBDIR}/
MASTER_SITE_OVERRIDE?= ${MASTER_SITE_BACKUP}
WITHOUT_X11=yes
ports

sudo suroot
1. cd /usr/ports/security/sudo
make install clean;rehash

Enter


ee /usr/local/etc/sudoers
22 User_Alias ADMINS =
User#
86 %wheel ALL=(ALL) NOPASSWD: ALL
#

rootsudo su

FreeBSD

cp

(-rf)

cp named.conf namedb.conf.20121121
cp -rf /etc/namedb /home/test

mv

mv namedb.conf.20121121 named.conf

rm

(-rf)

rm test
rm -rf /var/log/temp

passwd

passwd user01 20121121

mkdir

mkdir /tmp/log

rmdir

(rm -rf)

ee

pe2

ping

ipdomain

ping 210.240.1.1 ping tw.yahoo.com

cd

cd /etc/namedb/

tar

tar zcvf 1121.tar.gz /var/db/mysql


tar zxvf 1121.tar.gz

FreeBSD9.XDNS

DNS(ports)
named.conf
DNS
DNS
DNS

DNSIP
Domain
www.kl.edu.tw -> 210.240.6.7
www.center.kl.edu.tw -> 210.240.6.7
IP
IP
domain(
)IPIP
domain()

DNS(ports)
1. cd /usr/ports/dns/bind99
make install clean;rehash

2./etc/rc.conf
ee /etc/rc.conf

named_enable="YES"
named_program="/usr/local/sbin/named"
named_flags="-c /etc/namedb/named.conf

3. rndc
/usr/sbin/rndc-confgen -a #rndc.key
rndc-confgen > /etc/namedb/rndc.conf
# rndc.conf

4. rndc.conf
# Start of rndc.conf
key "rndc-key" {
algorithm hmac-md5;
secret "73u+sJ8+Gj3F/ok3f1cZAQ==";
};
options {
default-key "rndc-key";
default-server 127.0.0.1;
default-port 953;
};
# End of rndc.conf
# Use with the following in named.conf, adjusting the allow list as needed:
# key "rndc-key" {
#
algorithm hmac-md5;
#
secret "73u+sJ8+Gj3F/ok3f1cZAQ==";
# };
#
# controls {
#
inet 127.0.0.1 port 953
#
allow { 127.0.0.1; } keys { "rndc-key"; };
# };
# End of named.conf

5. rndc.key
key "rndc-key" {
algorithm hmac-md5;
secret "n8hotTpN5sLHbWuiXBqPTQ==";
};
rndc.conf

6. rndc.key
key "rndc-key" {
algorithm hmac-md5;
secret "n8hotTpN5sLHbWuiXBqPTQ==";
};
rndc.conf

7. /etc/namedb/named.conf
#
# Use with the following in named.conf, adjusting
the allow list as needed:
# key "rndc-key" {
#
algorithm hmac-md5;
#
secret "n8hotTpN5sLHbWuiXBqPTQ==";
# };
#
# controls {
#
inet 127.0.0.1 port 953
#
allow { 127.0.0.1; } keys { "rndc-key"; };
# };
# End of named.conf

8. bind9.9.x
/usr/local/sbin/named -c /etc/named/named.conf
sockstat | grep 953

rndcBind9.9.X

9.IPV6
28-30
listen-on-v6 {
any;
};

10.
A

C
};

named.conf

zone "bdjh.kl.edu.tw"{

bdjh.kl.edu.tw
type master;
bdjh.kl.edu.tw.fwd
file "/etc/namedb/bdjh.kl.edu.tw.fwd"; /etc/namedb
};
zone "129.20.240.210.in-addr.arpa"{

129.20.240.210.intype master;
addr.arpa
file "/etc/namedb/210.240.20.129.rev"; 210.240.20.129.rev
/etc/namedb
};
zone "8.1.4.2.8.8.2.0.1.0.0.2.IP6.ARPA" {
IPV6
type master;

file "/etc/namedb/8.1.4.2.8.8.2.0.1.0.0.2.rev"; 8.1.4.2.8.8.2.0.

1.0.0.2.IP6.ARP
A

A.

IN NS ms1.bdjh.kl.edu.tw
# bdjh.kl.edu.twDNSms1.bdjh.kl.edu.tw
IN MX ASPMX.L.GOOGLE.COM. # Gmail
ms1 IN A 210.240.20.129
# ms1.bdjh.kl.edu.twIP210.240.20.129
ms1 IN AAAA 2001:288:2418::1 #ms1.bdjh.kl.edu.twIPV62001:288:2418::1
www IN CNAME ms1.bdjh.kl.edu.tw #ms1.bdjh.kl.edu.tw = www.bdjh.kl.edu.tw

B.

a
b

a. 210.240.28.129 DNSms1.mdjh.kl.edu.tw
b. 210.240.28.129ms1.mdjh.kl.edu.tw

C. IPV6

8.1.4.2.8.8.2.0.1.0.0.2.ip6.arpa. IN NS ms1.bdjh.kl.edu.tw.
# 8.1.4.2.8.8.2.0.1.0.0.2.ip6.arpa. IPV6 ms1.bdjh.kl.edu.tw Server
1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.1.4.2.8.8.2.0.1.0.0.2.ip6.arpa.
ms1.bdjh.kl.edu.tw.

IN

# 2001:288:2418::1 V6 IPms1.bdjh.kl.edu.tw

PTR

IPV6 IP

2001:0288:2418::/64
8.1.4.2.8.8.2.0.1.0.0.2.ip6.arpa.
IPV6
2001:0288:2418::0000:0000:0000:0000::0001

1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.1.4.2.8.8.2.0.1.0.0
.2.ip6.arpa.

DNS
1. PCnslookup
nslookup IPhostname

210.240.1.1DNS
(IPV4V6
Google public DNS(8.8.8.8)

DNS

DNS
2. Server
dig ns -

dig -x IP - IP

dig @dns_ip ns - dns


1. named.conf
2. DNS
3. DNS
4. DNSipv6

FreeBSD9.X
ipfw
ipfw
ipfw

ipfw
FreeBSD8.0ipfw
/etc/rc.conf
firewall_enable="YES"
firewall_type="OPEN"
firewall_script="/etc/rc.firewall"
firewall_logging_enable="YES"

ipfw()

ipfw add

allow | pass | permit|accept log


deny | drop
*
check-stat

(option)
udp | tcp
| icmp

B. C. D. E. F. G. H.

B. (from src to dst)


from any to me #
C. 802221443.
D./in | out
E.via via bge0
F. setupTCPrequest session

G.
keep-state:
established:
H.
limit {src-addr | src-port | dst-addr | dst-port}
# keep-state limit

ipfw
/etc/rc.firewall
#
1. ping(IPV6)
2. DNSFTPMailWWWSSH port

3. 80443 port

4. DDOS()

A
B

#!/bin/sh
ipfw -q -f flush
if="bge0"
ipfw add allow icmp from any to any via $if
ipfw add allow icmp6 from any to any via $if
ipfw add allow tcp from any to any 25 via $if setup
ipfw add allow tcp from any to any 110 via $if setup
ipfw add allow tcp from any to any 143 via $if setup
ipfw add allow tcp from any to any 993 via $if setup
ipfw add allow tcp from any to any 995 via $if setup
ipfw add allow tcp from any to any 21 via $if setup limit src-addr 30
ipfw add allow tcp from any to any established
ipfw add allow tcp from any to any 10050-10080
ipfw add allow tcp from any to any 22 via $if setup limit src-addr 5
ipfw add allow tcp from any to me 80 in via $if setup limit src-addr 50
ipfw add allow tcp from any to me 443 in via $if setup limit src-addr 50
ipfw add allow tcp from any to me6 80 in via $if setup limit src-addr 50
ipfw add allow tcp from any to me6 443 in via $if setup limit src-addr 50
ipfw add allow log tcp from any to me 8080 in via $if setup limit src-addr 20


A1. Script
2.
B. ping(IPV6)
C. Mail Service
D1. 21 port30
2. tcp
3. tcp port rang 10050-10080(ftp
passive modeftp)

E1.22 port5
2.80443 port
50IPV6
3.8080 port
20

F
G
H

J
K
L

ipfw add allow tcp from any to 210.240.1.1 53 out via $if setup keep-state
ipfw add allow udp from any to 210.240.1.1 53 out via $if keep-state
ipfw add allow udp from any to tock.stdtime.gov.tw 123 out via $if keep-state
ipfw add allow tcp from me to any out via $if setup keep-state uid root
ipfw add allow ip6 from me6 to any proto udp dst-port 53 keep-state
ipfw add allow ip6 from me6 to any proto udp src-port 53 keep-state
ipfw add allow ip6 from any to me6 proto udp dst-port 53 keep-state
ipfw add allow ip6 from any to me6 proto udp src-port 53 keep-state
ipfw add deny log tcp from me 80 to any out via $if
ipfw add deny log tcp from me6 80 to any out via $if
ipfw add deny log tcp from any to any in tcpflags syn,fin
ipfw add deny log all from any to any

F. DNSDNS IP
/etc/resolv.conf
G. tock.stdtime.gov.tw
ntpdate()udp 123 port

H.make installcvsup
root
I. IPV6 DNS
J. 80 port
(IPV6)
# XSSBotNet

K. DDOS
L.


(rc.firewall)
sh /etc/rc.firewall

ssh()

FTP Service
FTP(File Transfer Protocol)

FTP
FTP Site()
FTP Serviceproftpd
proftpd
cd /usr/ports/ftp/proftpd
make install clean

Proftpd

ports

Perl

Perlm4

help2man

proftpd.conf
17PassivePorts
10050 10080
10050 10080rc.firewall
41#
48DenyAllAllowAll
proftpd=YES /etc/rc.conf
echo 'proftpd="YES"' >> /etc/rc.conf
proftpd ->
/usr/local/etc/rc.d/proftpd start

PCFTP ClientFileZilla
FTP Service IP
()
()(r)(w)
(x)()421
755

7
4+2+1()
=7

5
4+1(

)=5

5
4+1()=5

MySQL Server
MySQLUNIX-like
xoops
MySQL
MySQL5.5.X
makefile
ee /usr/ports/databases/mysql55server/makefile

-DWITH_LIBWRAP=1
-DDEFAULT_CHARSET="utf8" \
-DDEFAULT_COLLATION="utf8_general_ci" \
-DWITH_EXTRA_CHARSETS="complex" \
-DBUILD_OPTIMIZED="yes" \

make install clean


mysql_enable=yes/etc/rc.conf
echo 'mysql_enable="YES"' >> /etc/rc.conf

-DWITH_LIBWRAP=1\
-DBUILD_STATIC=yes\
MySQL5.5Cmake portsmake
Makefile

make install clean

MySQL5.5
Server
Client

MySQL
cp /usr/local/share/mysql/my-huge.cnf
/var/db/mysql/my.cnf
MySQL root
/usr/local/etc/rc.d/mysql-server start
/usr/local/bin/mysqladmin -u root password
xxxx
xxxxmysql root

Apache2.2.XPHP5.X
ApacheWeb
ServerPHP
PHP
Web ServiceMySQL
cd /usr/ports/www/apache22
make install clean

Enter

apache22_enable=YES/etc/rc.conf
echo 'apache22_enable="YES"' >> /etc/rc.conf

php5.X
cd /usr/ports/lang/php5
make install clean

APACHE(Build Apache module)(


)

php5-extension
php5-extension(php)php4.4

php
cd /usr/ports/lang/php5-extension
make install clean
BCMATHBZ2
CALENNDARCURLEXIFFTPGD
GETTEXTMBSTRINGMYSQLMYSQLI
ODBCOPENSSLPDFSNMPZIPZLIB
Enter

Web Service
Apache
1. ee /usr/local/etc/apache22/httpd.conf
196Indexes
218index.htmlindex.htm
index.php
360
AddType application/x-httpd-php .php
AddType application/x-httpd-php-source .phps

442457#

2. ee /usr/local/etc/apache22/extra/httpd-default.conf
55ServerTokensprod
65OnOff

3. ee /usr/local/etc/apache22/extra/httpd-userdir.conf
18-19indexes

()php.ini
cd /usr/local/etc
cp php.ini-production php.ini
ee php.ini
791 file_uploads = On
796 #upload_tmp_dir = /tmp
800 upload_max_filesize = 2M
2M
803 max_file_uploads = 20
20

672 post_max_size = 8M
post
upload_max_filesize
8M8
919#
date.timezone = "Asia/Taipei

Apache ->
/usr/local/etc/rc.d/apache22 restart

php
ee /usr/local/www/apache22/data/info.php

<?
phpinfo()
?>
info.php

phpinfo

phpMyAdminMySQL
cd /usr/local/www/apache22/data
#
ftp -a freebsd.csie.nctu.edu.tw
#ftp site
bi
#
cd /pub/distfiles
#
ls phpMy*
# phpMy

get phpMyAdmin-3.5.3-all-languages.tar.xz
#phpMyAdmin-3.5.X
exit
#freebsd.csie.nctu.edu.tw
mv phpMyAdmin-3.5.3-all-languages.tar.xz
phpMyAdmin-3.5.3-all-languages.tar.gz
#
tar zxvf phpMyAdmin-3.5.3-all-languages.tar.gz

mv phpMyAdmin-3.5.3-all-languages
phpMyAdmin
#
cd phpMyAdmin
cp config.sample.inc.php config.inc.php
ee config.inc.php
32tcphttp
44-46//controluser
controlpassrootpassword(MySQL)

48-55//
57-59//
110//en
zh-TW

config.inc.php
http://xxx.xxx.xxx.xxx/phpMyAdmin
MySQLroot

Server

FreeBSD?
phpinfo??
FreeBSDroot?
MySQLroot?
#
??
MySQLphpMyAdmin
?xoops??

FreeBSD

root

wheel

root

mysql

MySQL Server

MySQL

wheel

su(
sudo su)root

()xoops
!
MySQL Serverroot
phpMyAdminMySQL

phpinfo?

php.ini
short_open_tag = (221)
OffOn

Apache ->
/usr/local/etc/rc.d/apache22 restart

FreeBSDroot
1.ServerCtrl+Alt+Del

2.()(10)6
NOYESEnter

3. ....RETURN for /bin/sh:Enter#


4. mount -a
fsck -y #
passwd
root

5. reboot

new_pass
new_pass
5. flush privileges;
6. quitMySQL
7. killall mysqld #MySQL
8. /usr/local/etc/rc.d/mysql-server start
#MySQL

MySQLroot
1.killall mysqld() #MySQL
2.cd /usr/local/bin
./mysqld_safe --skip-grant-tables &
#MySQL
3. ./mysql -u root -p
#MySQL
4. use mysql;
update user set password=password
("new_pass") where user="root";

fsck -y
(reboot)
()

phpMyAdmin

phpMyAdimin
:

cd /var/db/mysql
chown -R mysql:mysql ipv6