linux(10)
Posted
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了linux(10)相关的知识,希望对你有一定的参考价值。
##telnet##
1.限制某IP主机远程使用telnet
[[email protected] ~]# cd /etc/postfix
[[email protected] postfix]# vim access
在文件内写入: IP REJECT (例:172.25.27.10 REJECT)
[[email protected] postfix]# postmap access ##加密access文件
[[email protected] postfix]# postconf -e "smtpd_client_restrictions = check_client_access hash:/etc/postfix/access" ##把参数写进main.cf文件
[[email protected] postfix]# systemctl restart postfix ##重启服务使改变生效
测试:
[[email protected] /]# telnet 172.25.27.11 25
Trying 172.25.27.11...
Connected to 172.25.27.11.
Escape character is ‘^]‘.
220 linux.linux.com ESMTP Postfix
mail from:[email protected]
250 2.1.0 Ok
rcpt to:[email protected]
554 5.7.1 <unknown[172.25.27.10]>: Client host rejected: Access denied
2.限制某用户发送邮件
[[email protected] postfix]# vim sender
在文件内写入:用户@后缀 REJECT (例:[email protected] REJECT)
[[email protected] postfix]# postmap sender
[[email protected] postfix]# postconf -e "smtpd_sender_restrictions = check_sender_access hash:/etc/postfix/sender"
[[email protected] postfix]# systemctl restart postfix
测试:
[[email protected] /]# telnet 172.25.27.11 25
Trying 172.25.27.11...
Connected to 172.25.27.11.
Escape character is ‘^]‘.
220 linux.linux.com ESMTP Postfix
mail from:[email protected]
250 2.1.0 Ok
rcpt to:[email protected]
554 5.7.1 <[email protected]>: Sender address rejected: Access denied
3.限制某用户接受邮件
[[email protected] postfix]# vim recip
[[email protected] postfix]# postmap recip
在文件内写入:用户@后缀 REJECT (例:[email protected] REJECT)
[[email protected] postfix]# postconf -e "smtpd_recipient_restrictions = check_recipient_access hash:/etc/postfix/recip"
[[email protected] postfix]# systemctl restart postfix
测试:
[[email protected] /]# telnet 172.25.27.11 25
Trying 172.25.27.11...
Connected to 172.25.27.11.
Escape character is ‘^]‘.
220 linux.linux.com ESMTP Postfix
mail from:[email protected]
250 2.1.0 Ok
rcpt to:[email protected]
554 5.7.1 <[email protected]>: Recipient address rejected: Access denied
###电子邮件系统###
相关协议:
SMTP:用来发送或中转邮件 端口25
pop3:端口110
imap:端口143
pop3s:端口993
imaps:端口995
查看端口:[[email protected] dovecot]# cat /etc/services | grep imap
postfix提供邮件发送服务SMTP
dovecot提供邮件收取服务
##dovecot##
(1)本地用户
[[email protected] ~]# yum install dovecot -y
[[email protected] ~]# cd /etc/dovecot
[[email protected] dovecot]# ll
total 20
drwxr-xr-x. 2 root root 4096 12月 7 02:44 conf.d
-rw-r--r--. 1 root root 4412 12月 6 20:30 dovecot.conf
[[email protected] dovecot]# vim dovecot.conf
24 protocols = imap pop3 lmtp
48 login_trusted_networks =0.0.0.0/0
49 disable_plaintext_auth=no
[[email protected] dovecot]# cd conf.d/
[[email protected] conf.d]# vim 10-mail.conf
25 mail_location = mbox:~/mail:INBOX=/var/mail/%u
[[email protected] conf.d]# cd /etc/skel
[[email protected] skel]# mkdir mail/.imap -p
[[email protected] skel]# touch mail/.imap/INBOX
测试:
[[email protected] ~]# yum install mutt -y
[[email protected] ~]# mutt -f pop://[email protected]
在雷鸟登陆,查看和发送邮件
(2)数据库里面用户
[[email protected] skel]# yum install mariadb mariadb-server dovecot-mysql -y
[[email protected] skel]# systemctl start mariadb
[[email protected] skel]# mysql -uroot -predhat
MariaDB [(none)]> create database email;
MariaDB [(none)]> use email;
MariaDB [email]> create table muser (username varchar(50),password varchar(50),domain varchar(50),maildir varchar(50));
MariaDB [email]> insert into muser values (‘[email protected]‘,‘123‘,‘westos.org‘,‘westos.org/admin/‘);
MariaDB [email]> insert into muser values (‘[email protected]‘,‘123‘,‘redhat.org‘,‘redhat.org/lee/‘);
MariaDB [email]> select * from muser;
+------------------+----------+------------+-------------------+
| username | password | domain | maildir |
+------------------+----------+------------+-------------------+
| [email protected] | 123 | redhat.org | redhat.org/lee/ |
| [email protected] | 123 | westos.org | westos.org/admin/ |
+------------------+----------+------------+-------------------+
MariaDB [email]> create user [email protected] identified by "postfix";
MariaDB [email]> grant insert,update,select on email.muser to [email protected];
[[email protected] skel]# groupadd -g 666 vmail
[[email protected] skel]# useradd -u 666 -g 666 vmail
[[email protected] skel]# cd /etc/postfix
[[email protected] postfix]# vim mysql-users.conf
hosts=localhost
user=postfix
password=postfix
dbname=email
table=muser
select_field=username
where_field=username
[[email protected] postfix]# vim mysql-domain.conf
hosts=localhost
user=postfix
password=postfix
dbname=email
table=muser
select_field=domain
where_field=domain
[[email protected] postfix]# vim mysql-maildir.conf
hosts=localhost
user=postfix
password=postfix
dbname=email
table=muser
select_field=maildir
where_field=username
[[email protected] postfix]# postconf -e "virtual_uid_maps = static:666"
[[email protected] postfix]# postconf -e "virtual_gid_maps = static:666"
[[email protected] postfix]# postconf -e "virtual_mailbox_base = /home/vmail"
[[email protected] postfix]# postconf -e "virtual_alias_maps = mysql:/etc/postfix/mysql-users.conf"
[[email protected] postfix]# postconf -e "virtual_mailbox_domains = mysql:/etc/postfix/mysql-domain.conf"
[[email protected] postfix]# postconf -e "virtual_mailbox_maps = mysql:/etc/postfix/mysql-maildir.conf"
[[email protected] dovecot]# cd conf.d/
[[email protected] conf.d]# vim 10-mail.conf
30 mail_location = maildir:/home/vmail/%d/%n
168 first_valid_uid = 666
175 first_valid_gid = 666
[[email protected] conf.d]# vim 10-auth.conf
123 !include auth-sql.conf.ext
[[email protected] dovecot]# vim dovecot-sql.conf.ext
32 driver = mysql
68 connect = host=localhost dbname=email user=postfix password=postfix
78 default_pass_scheme = PLAIN
107 password_query = \
108 SELECT username, domain, password \
109 FROM muser WHERE username = ‘%u‘ AND domain = ‘%d‘
126 user_query = SELECT maildir, 666 AS uid, 666 AS gid FROM muser WHERE domain = ‘%d‘
安装雷鸟,打开雷鸟
##邮件中转##
dns设置:
[[email protected] named]# vim /etc/named.rfc1912.zones
37 zone "westos.org" IN {
38 type master;
39 file "westos.org.zone";
40 allow-update { none; };
[[email protected] named]# vim westos.org.zone
1 $TTL 1D
2 @ IN SOA dns.westos.org. rname.invalid. (
3 0 ; serial
4 1D ; refresh
5 1H ; retry
6 1W ; expire
7 3H ) ; minimum
8 NS dns.westos.org.
9 dns A 172.25.254.127
10 westos.org. MX 1 172.25.254.227.
[[email protected] ~]# vim /etc/resolv.conf
3 nameserver 172.25.254.127
postfix设置:
[[email protected] ~]# vim /etc/postfix/main.cf
99 myorigin = westos.org
164 mydestination =
313 relayhost = 172.25.254.127
[[email protected] ~]# systemctl restart postfix
[[email protected] ~]# vim /etc/postfix/main.cf
264 mynetworks = 172.25.254.227
[[email protected] ~]# systemctl restart postfix
测试:
[[email protected] ~]# mail [email protected]
Subject: 999999999999999999999999999999999
999999999999999999999999999999999999999
.
EOT
[[email protected] cur]# cat 1481182495.Vfd01I1a9f09aM780283.westos.westos.com\:2\,S
Return-Path: <[email protected]>
X-Original-To: [email protected]
Delivered-To: [email protected]
Received: from linux.linux.com (unknown [172.25.254.227])
by westos.westos.com (Postfix) with ESMTP id A7344EA3DB
for <[email protected]>; Thu, 8 Dec 2016 02:34:55 -0500 (EST)
Received: by linux.linux.com (Postfix, from userid 0)
id ABAF626E0E9; Thu, 8 Dec 2016 02:34:55 -0500 (EST)
Date: Thu, 08 Dec 2016 02:34:55 -0500
To: [email protected]
Subject: 999999999999999999999999999999999
User-Agent: Heirloom mailx 12.5 7/5/10
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Message-Id: <[email protected]>
From: [email protected] (root)
999999999999999999999999999999999999999
###apache###
httpd 提供服务,端口80
默认发布目录:/var/www/html
默认发布文件:/var/www/html/index.html
1.##curl命令##
[[email protected] Desktop]$ curl -I 172.25.254.27
HTTP/1.1 403 Forbidden
Date: Thu, 08 Dec 2016 07:43:05 GMT
Server: Apache/2.4.6 (CentOS)
Last-Modified: Thu, 16 Oct 2014 13:20:58 GMT
ETag: "1321-5058a1e728280"
Accept-Ranges: bytes
Content-Length: 4897
Content-Type: text/html; charset=UTF-8
2.##httpd-manual##手册
安装:[[email protected] cur]# yum install httpd-manual -y
打开:http://172.25.254.227/manual/
3.更改默认发布目录和更改文件读取顺序和监听端口
[[email protected] ~]# mkdir /test1
[[email protected] ~]# ls -Zd /var/www/html
drwxr-xr-x. root root system_u:object_r:httpd_sys_content_t:s0 /var/www/html
[[email protected] ~]# semanage fcontext -a -t httpd_sys_content_t ‘/test1(/.*)?‘
[[email protected] ~]# restorecon -RvvF /test1
restorecon reset /test1 context unconfined_u:object_r:default_t:s0->system_u:object_r:httpd_sys_content_t:s0
[[email protected] ~]# vim /etc/httpd/conf/httpd.conf
120 DocumentRoot "/test1"
121 <Directory "/test1">
122 Require all granted
123 </Directory>
166 <IfModule dir_module>
167 DirectoryIndex file index.html
168 </IfModule>
[[email protected] ~]# echo nihao > /test1/index.html
[[email protected] ~]# echo haha > /test1/file.html
[[email protected] ~]# systemctl restart httpd
[[email protected] test1]# rm -fr file.html
4.限制某用户访问
[[email protected] ~]# vim /etc/httpd/conf/httpd.conf
121 <Directory "/test1">
122 Require all granted
123 order deny,allow
124 deny from all
125 allow from 172.25.254.127
126 </Directory>
[[email protected] ~]# systemctl restart httpd
5.有账户和密码用户可以查看
[[email protected] test1]# cd /etc/httpd
[[email protected] httpd]# htpasswd -cm htpasswdfile admin
New password:
Re-type new password:
Adding password for user admin
[[email protected] httpd]# htpasswd -m htpasswdfile admin1
New password:
Re-type new password:
Adding password for user admin1
[[email protected] ~]# vim /etc/httpd/conf/httpd.conf
120 DocumentRoot "/test1"
121 <Directory "/test1">
122 #Require all granted
123 allowoverride all
124 authuserfile /etc/httpd/htpasswdfile
125 authname "password"
126 authtype basic
127 require valid-user
128 </Directory>
[[email protected] ~]# systemctl restart httpd
6.
[[email protected] httpd]# vim /etc/hosts
6 172.25.254.227 linux.com linux.linux.com news.linux.com music.linux.com
[[email protected] html]# mkdir -p /var/www/v/news/html
[[email protected] html]# mkdir -p /var/www/v/music/html
[[email protected] html]# echo news.linux.com > /var/www/v/news/html/index.html
[[email protected] html]# echo music.linux.com > /var/www/v/music/html/index.html
[[email protected] html]# cd /etc/httpd/conf.d
[[email protected] conf.d]# vim default.conf
1 <virtualhost _default_:80>
2 documentroot /var/www/html
3 customlog "logs/default.log" combined
4 </virtualhost>
5 <directory "/var/www/html">
6 require all granted
7 </directory>
[[email protected] conf.d]# vim news.conf
1 <virtualhost *:80>
2 servername news.linux.com
3 documentroot /var/www/v/news/html
4 customlog "logs/news.log" combined
5 </virtualhost>
6 <directory "/var/www/v/news/html">
7 require all granted
8 </directory>
[[email protected] conf.d]# vim music.conf
1 <virtualhost *:80>
2 servername music.linux.com
3 documentroot /var/www/v/music/html
4 customlog "logs/music.log" combined
5 </virtualhost>
6 <directory "/var/www/v/music/html">
7 require all granted
8 </directory>
[[email protected] conf.d]# systemctl restart httpd
7.生成加密证书
[[email protected] conf.d]# yum install crypto-utils mod_ssl -y
[[email protected] conf.d]# genkey linux.linux.com
[[email protected] conf.d]# vim ssl.conf
100 SSLCertificateFile /etc/pki/tls/certs/linux.linux.com.crt
107 SSLCertificateKeyFile /etc/pki/tls/private/linux.linux.com.key
以上是关于linux(10)的主要内容,如果未能解决你的问题,请参考以下文章