3. 网络配置文件
3.1 /etc/hosts
#/etc/hosts
#文件格式: IPaddress hostname aliases
#文件功能: 提供主机名到IP地址的对应关系,建议将自己经常使用的主机
# 加入此文件中,也可将没有DNS记录的机器加入到此文件中,
# 这样会方便网络应用
127.0.0.1 localhost localhost.localdomain
202.118.66.81 helius.dlut.edu.cn helius
3.2 /etc/resolv.conf
文件功能:DNS客户机配置文件,设置DNS服务器的IP地址及DNS域名
相关文件:/etc/host.conf
文件格式:
domainname 域名
search 域名
nameserver Primary_DNS_Server_IP_address
nameserver Second_DNS_Server_IP_address
其中domainname和search可同时存在,也可只有一个;nameserver可指定多个
示例文件内容:
search dlut.edu.cn
nameserver 202.118.66.6
3.3 /etc/host.conf
功能:指定主机名查找方法,通常指先查找文件/etc/hosts,找不到时再向DNS服务器请求。
对于大多数用户不用改动此文件内容。
Linux: /etc/host.conf文件内容
order hosts, bind
multi on
Soalris: /etc/nsswitch.conf 中的hosts项
hosts files, dns
3.4 /etc/HOSTNAME (
Linux Redhat 5.x Distribution)
功能:设置主机名,不同
Linux之间可能有所差别,请使用
egrep hostname /etc/rc.d/init.d/*
或
egrep hostname /etc/init.d/*
查找相应版本上的主机名设置文件及方法。
Linux Redhat 5.x对应文件: /etc/sysconfig/network的HOSTNAME项。
3.5 /etc/inetd.conf
Internet 超级服务器, 相关程序: /usr/sbin/inetd
相应服务:
telnet
ftp
pop3
r* rsh rcp rlogin (建议最好关闭r服务)
其他服务最好关掉
#
# inetd.conf This file describes the services that will be available
# through the INETD TCP/IP super server. To re-configure
# the running INETD process, edit this file, then send the
# INETD process a SIGHUP signal.
#
# Version: @(#)/etc/inetd.conf 3.10 05/27/93
#
# Authors: Original taken from BSD UNIX 4.3/TAHOE.
# Fred N. van Kempen,
#
# Modified for Debian
Linux by Ian A. Murdock
#
# Modified for RHS
Linux by Marc Ewing
#
#
#
# Echo, discard, daytime, and chargen are used primarily for testing.
#
# To re-read this file after changes, just do a 'killall -HUP inetd'
#
#echo stream tcp nowait root internal
#echo dgram udp wait root internal
#discard stream tcp nowait root internal
#discard dgram udp wait root internal
#daytime stream tcp nowait root internal
#daytime dgram udp wait root internal
#chargen stream tcp nowait root internal
#chargen dgram udp wait root internal
#
# These are standard services.
#
ftp stream tcp nowait root /usr/sbin/tcpd in.ftpd -l -a
telnet stream tcp nowait root /usr/sbin/tcpd in.telnetd
gopher stream tcp nowait root /usr/sbin/tcpd gn
# do not uncomment smtp unless you *really* know what you are doing.
# smtp is handled by the sendmail daemon now, not smtpd. It does NOT
# run from here, it is started at boot time from /etc/rc.d/rc#.d.
#smtp stream tcp nowait root /usr/bin/smtpd smtpd
#nntp stream tcp nowait root /usr/sbin/tcpd in.nntpd
#
# Shell, login, exec and talk are BSD protocols.
#
shell stream tcp nowait root /usr/sbin/tcpd in.rshd
login stream tcp nowait root /usr/sbin/tcpd in.rlogind
#exec stream tcp nowait root /usr/sbin/tcpd in.rexecd
talk dgram udp wait root /usr/sbin/tcpd in.talkd
ntalk dgram udp wait root /usr/sbin/tcpd in.ntalkd
#dtalk stream tcp waut nobody /usr/sbin/tcpd in.dtalkd
#
# Pop and imap mail services et al
#
pop-2 stream tcp nowait root /usr/sbin/tcpd ipop2d
pop-3 stream tcp nowait root /usr/sbin/tcpd ipop3d
imap stream tcp nowait root /usr/sbin/tcpd imapd
#
# The Internet UUCP service.
#
#uucp stream tcp nowait uucp /usr/sbin/tcpd /usr/lib/uucp/uucico -l
#
# Tftp service is provided primarily for booting. Most sites
# run this only on machines acting as "boot servers." Do not uncomment
# this unless you *need* it.
#
#tftp dgram udp wait root /usr/sbin/tcpd in.tftpd
#bootps dgram udp wait root /usr/sbin/tcpd bootpd
#
# Finger, systat and netstat give out user information which may be
# valuable to potential "system crackers." Many sites choose to disable
# some or all of these services to improve security.
#
# cfinger is for GNU finger, which is currently not in use in RHS
Linux#
finger stream tcp nowait root /usr/sbin/tcpd in.fingerd
#cfinger stream tcp nowait root /usr/sbin/tcpd in.cfingerd
#systat stream tcp nowait guest /usr/sbin/tcpd /bin/ps -auwwx
#netstat stream tcp nowait guest /usr/sbin/tcpd /bin/netstat -f inet
#
# Time service is used for clock syncronization.
#
time stream tcp nowait nobody /usr/sbin/tcpd in.timed
time dgram udp wait nobody /usr/sbin/tcpd in.timed
#
# Authentication
#
auth stream tcp nowait nobody /usr/sbin/in.identd in.identd -l -e -o
#
# End of inetd.conf
Linuxconf stream tcp wait root /bin/
Linuxconf
Linuxconf --http
3.6 inetd.conf相关文件/etc/services(SYSV/BSD/
Linux相同)
基本不用编辑,
Linux自带的已包含大部分服务, Solaris 可能需要增加(POP3),
参考相应的服务器安装说明,在此文件中列出了所有可用的网络服务。
#
# services This file describes the various services that are
# available from the TCP/IP subsystem. It should be
# consulted instead of using the numbers in the ARPA
# include files, or, worse, just guessing them.
#
# Version: @(#)/etc/services 2.00 04/30/93
#
# Author: Fred N. van Kempen,
#
# 文件格式:服务名称 端口号/协议 服务别名
tcpmux 1/tcp # rfc-1078
echo 7/tcp
echo 7/udp
discard 9/tcp sink null
discard 9/udp sink null
systat 11/tcp users
daytime 13/tcp
daytime 13/udp
netstat 15/tcp
qotd 17/tcp quote
chargen 19/tcp ttytst source
chargen 19/udp ttytst source
ftp-data 20/tcp
ftp 21/tcp
telnet 23/tcp
smtp 25/tcp mail
time 37/tcp timserver
time 37/udp timserver
rlp 39/udp resource # resource location
name 42/udp nameserver
whois 43/tcp nicname # usually to sri-nic
domain 53/tcp
domain 53/udp
mtp 57/tcp # deprecated
bootps 67/udp # bootp server
bootpc 68/udp # bootp client
tftp 69/udp
gopher 70/tcp # gopher server
rje 77/tcp
finger 79/tcp
http 80/tcp # www is used by some broken
www 80/tcp # progs, http is more correct
link 87/tcp ttylink
kerberos 88/udp kdc # Kerberos authentication--udp
kerberos 88/tcp kdc # Kerberos authentication--tcp
supdup 95/tcp # BSD supdupd(8)
hostnames 101/tcp hostname # usually to sri-nic
iso-tsap 102/tcp
x400 103/tcp # ISO Mail
x400-snd 104/tcp
csnet-ns 105/tcp
pop-2 109/tcp # PostOffice V.2
pop-3 110/tcp # PostOffice V.3
pop 110/tcp # PostOffice V.3
sunrpc 111/tcp
sunrpc 111/tcp portmapper # RPC 4.0 portmapper UDP
sunrpc 111/udp
sunrpc 111/udp portmapper # RPC 4.0 portmapper TCP
auth 113/tcp ident # User Verification
sftp 115/tcp
uucp-path 117/tcp
nntp 119/tcp usenet # Network News Transfer
ntp 123/tcp # Network Time Protocol
ntp 123/udp # Network Time Protocol
netbios-ns 137/tcp nbns
netbios-ns 137/udp nbns
netbios-dgm 138/tcp nbdgm
netbios-dgm 138/udp nbdgm
netbios-ssn 139/tcp nbssn
imap 143/tcp # imap network mail protocol
NeWS 144/tcp news # Window System
snmp 161/udp
snmp-trap 162/udp
exec 512/tcp # BSD rexecd(8)
biff 512/udp comsat
login 513/tcp # BSD rlogind(8)
who 513/udp whod # BSD rwhod(8)
shell 514/tcp cmd # BSD rshd(8)
syslog 514/udp # BSD syslogd(8)
printer 515/tcp spooler # BSD lpd(8)
talk 517/udp # BSD talkd(8)
ntalk 518/udp # SunOS talkd(8)
efs 520/tcp # for LucasFilm
route 520/udp router routed # 521/udp too
timed 525/udp timeserver
tempo 526/tcp newdate
courier 530/tcp rpc # experimental
conference 531/tcp chat
netnews 532/tcp readnews
netwall 533/udp # -for emergency broadcasts
uucp 540/tcp uucpd # BSD uucpd(8) UUCP service
klogin 543/tcp # Kerberos authenticated rlogin
kshell 544/tcp cmd # and remote shell
new-rwho 550/udp new-who # experimental
remotefs 556/tcp rfs_server rfs # Brunhoff remote filesystem
rmonitor 560/udp rmonitord # experimental
monitor 561/udp # experimental
pcserver 600/tcp # ECD Integrated PC board srvr
mount 635/udp # NFS Mount Service
pcnfs 640/udp # PC-NFS DOS Authentication
bwnfs 650/udp # BW-NFS DOS Authentication
kerberos-adm 749/tcp # Kerberos 5 admin/changepw
kerberos-adm 749/udp # Kerberos 5 admin/changepw
kerberos-sec 750/udp # Kerberos authentication--udp
kerberos-sec 750/tcp # Kerberos authentication--tcp
kerberos_master 751/udp # Kerberos authentication
kerberos_master 751/tcp # Kerberos authentication
krb5_prop 754/tcp # Kerberos slave propagation
listen 1025/tcp listener RFS remote_file_sharing
nterm 1026/tcp remote_login network_terminal
kpop 1109/tcp # Pop with Kerberos
ingreslock 1524/tcp
tnet 1600/tcp # transputer net daemon
cfinger 2003/tcp # GNU finger
nfs 2049/udp # NFS File Service
eklogin 2105/tcp # Kerberos encrypted rlogin
krb524 4444/tcp # Kerberos 5 to 4 ticket xlator
irc 6667/tcp # Internet Relay Chat
dos 7000/tcp msdos
# End of services.
Linuxconf 98/tcp # added by
Linuxconf RPM
3.7 /etc/hosts.allow /etc/hosts.deny (
Linux下,或使用了tcpd, 参考inetd.conf)
/etc/hosts.allow 设置允许使用inetd服务的机器,如: All:202.118即允许所有来自
202.118.x.x的请求
/etc/hosts.deny 设置不允许使用inetd的机器
这两个文件的设定顺序请参考在线文档:
man tcpd
man hosts.allow
man hosts.deny
Internet 网络服务访问控制文件,
对于安全性要求较高的服务器建议采用xinetd替代inetd,
xinetd debian自带,其他的可以用源代码进行编译安装
3.8 /etc/networks /etc/netmasks
列出路由所需要的网络地址,相关命令/usr/sbin/route,当然也可以不使用这两个
文件,在维护路由表时可直接使用IP地址及网络屏蔽位。
Example:
/etc/networks
dlrin 202.199.128.0
/etc/netmasks
202.199.128.0 255.255.240.0
加入静态路由表项:
+---------------+ DDN
| Cisco 2511 +<-------------->DLMU 202.118.64.0/255.255.255.0
| +<-------------->DLNA 210.47.192.0/255.255.240.0
+-------+-------+
| 202.118.66.254
| 202.118.66.16
+-------+-------+ +-------------+ +-----------+
| Switch/HUB +-------+网络中心 +-----+ LAN Router+
+-------+-------+ +-------------+ +------+----+
| |
|
| 202.118.68.0/255.255.252.0
| +--------------+
+--------------+ 202.118.66.81+ (测试机器)
| +--------------+
|
|
| 202.118.66.1(Default Router)
+-------+-------+
| 路由器 +
+-------+-------+
|202.112.30.65/255.255.255.252
| DDN
| PPP
|
|202.112.30.66/255.255.255.252
Cernet/Internet
(1) 202.118.66.81(Helius) <-> 202.118.66.18 (peony)
202.118.066.081
255.255.255.0 And
-------------------
202.118.066.0 网络地址 在同一个ip网络段
IP Address <-> MAC(Media Access Address)
202.118.66.18 08:00:20:96:01:6A
202.118.66.81 00:80:C8:4C:6A:D0
202.118.66.1 00:60:5C:F3:FF:75
202.118.66.81 -> 202.118.66.18
以太网的数据包:
08:00:20:96:01:6A + 00:80:C8:4C:6A:D0 + ip数据
(2) 202.118.66.81 -> 202.112.0.36
不在同一个ip段, 通过间接传送(通过路由器).
[hbwork@linden hbwork]$ netstat -rn
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
202.118.66.0 0.0.0.0 255.255.255.0 U 1500 0 0 eth0
127.0.0.0 0.0.0.0 255.0.0.0 U 3584 0 0 lo
0.0.0.0 202.118.66.1 0.0.0.0 UG 1500 0 0 eth0
^^^^^^^
Default Router
(3) 加入静态路由
相关命令:/usr/sbin/route或 /sbin/route
Linux下需要加入自己网络的路由表项
/sbin/route add -net 202.118.66.0 netmask 255.255.255.0 eth0
/sbin/route add -net 202.199.128.0 netmask 255.255.240.0 gw 202.118.66.254
Or:
/sbin/route add -net dlrin gw 202.118.66.254
Or:
/sbin/route add -net dlrin gw dlrin-gw
/sbin/route add default gw 202.118.66.1
9. /etc/passwd
用户口令文件
10. /etc/shadow (如果有此文件,系统支持shadow机制)
$ls -l /etc/shadow
-rwx------ root .... /etc/shadow
11. /etc/fstab
File System Table
#设备名 MountPoint Filesystem Type 加载选项 ... fsck标志
/dev/hda1 / ext2 defaults 1 1
/dev/hda6 /home ext2 defaults 1 2
/dev/hda3 /usr ext2 defaults 1 2
/dev/hda5 /var ext2 defaults 1 2
/dev/hda2 swap swap defaults 0 0
/dev/fd0 /mnt/floppy auto sync,user,noauto,nosuid,nodev,unhide 0
0
/dev/cdrom /mnt/cdrom auto user,noauto,nosuid,nodev,ro 0 0
none /proc proc defaults 0 0
Solairs下对应文件: /etc/vfstab
12. /etc/exports
NFS(Network File System) Server 输出文件系统表, 最好不使用NFS.
nfs相关进程:
Solaris: mountd , nfsiod
/etc/init.d/nfs.server
Linux: 内核支持nfs, /proc/filesystem, 也可以通过加载modules实现,
13./etc/defaultrouter (Solaris 2.x)
内容为Default Router的ip地址,
在
Linux下:
Redhat 5.x: /etc/sysconfig/network
GATEWAY=202.118.66.1
GATEWAYDEV=eth0
Debian: /etc/init.d/network
#! /bin/sh
ifconfig lo 127.0.0.1
route add -net 127.0.0.0
IPADDR=202.118.66.88
NETMASK=255.255.255.0
NETWORK=202.118.66.0
BROADCAST=202.118.66.255
GATEWAY=202.118.66.1
ifconfig eth0 $ netmask $ broadcast $
route add -net $
[ "$" ] && route add default gw $ metric 1
14. /etc/bashrc /etc/csh.cshrc /etc/profile
/etc/bashrc BASH(Bourne Again Shell) RunTime Command
Shell Script 用的最多
系统用户默认的环境设置, PATH, umask, TERM Type
/etc/csh.cshrc CSH Runtime COmmand
15. /etc/ftpaccess
FTP访问控制文件, 文件位置可变 , 通过
#egrep ftp /etc/inetd.conf
ftp stream tcp nowait root /usr/sbin/tcpd in.ftpd -l -a
^^^^^^
ftp服务器守护进程文件名
#which in.ftpd
/usr/sbin/in.ftpd
#strings /usr/sbin/in.ftpd |egrep ftpaccess
/etc/ftpaccess
相关配置在ftp服务器配置中讲述。
16. /etc/ftpusers
不允许ftp的用户列表,一般包括root, uucp, bin等
17. /etc/ftpconvions /etc/ftpgroups
FTP服务器配置文件
18. /etc/group 用户组文件
19. /etc/sendmail.cf (
Linux) Sendmail(EMAIL服务器)配置文件
/etc/sendmail.cw 本地主机名
主机名: gingko.dlut.edu.cn
希望接收: user@gingko.dlut.edu.cn
user@mail.dlut.edu.cn
user@dlut.edu.cn
/etdc/aliases 邮件别名文件
/etc/aliases.db 邮件别名二进制数据文件, 用newaliases建立
/etc/sendmail.hf sendmail 帮助文件,
$telnet mailserver 25
Trying 202.118.66.8...
Connected to gingko.
Escape character is '^]'.
220 gingko.dlut.edu.cn ESMTP Sendmail 8.9.1/8.9.1; Tue, 2 Feb 1999 10:41:20 +080
0 (CST)
HELP
214-This is Sendmail version 8.9.1
214-Topics:
214- HELO EHLO MAIL RCPT DATA
214- RSET NOOP QUIT HELP VRFY
214- EXPN VERB ETRN DSN
214-For more info use "HELP ".
214-To report bugs in the implementation send email to
214- sendmail-bugs@sendmail.org.
214-For local information send email to Postmaster at your site.
214 End of HELP info
以上
目录结构是
Linux的
目录结构, Solaris 2.x
目录结构是:
/etc/mail/sendmail.cf
/etc/mail/sendmail.cw
/etc/mail/sendmail.hf
/etc/mail/aliases
/etc/mail/aliases.db
20. /etc/issue 系统进站提示信息(主控台用)
/etc/issue.net telnet时显示信息( strings in.telnetd |egrep issue)
/etc/motd 用户进入系统后的提示信息
21. /etc/named.boot
DNS(BIND 4.9.x) 启动文件
示例文件:(Caching Only Server)
directory /etc/namedb
primary 0.0.127.in-addr.arpa named.local
cache . root.cache
其中root.cache 文件可通过dig得到:
dig @ns.internic.net . ns > /etc/namedb/root.cache
named.local文件内容如下:
@ IN SOA localhost. root.localhost. (
1999020301
10800
3600
86400
86400 )
IN NS localhost.
1 IN PTR localhost.
/etc/named.conf
DNS(BIND 8.1.x) 启动文件
(在Redhat 5.2下可用/usr/doc/bind-8.1.2/named-bootconf.pl将bind 4.9.x
的named.boot文件转换为bind8的named.conf文件格式, 执行过程如下:
/usr/doc/bind-8.1.2/named-bootconf.pl /etc/named.boot > /etc/named.conf)
22. /etc/host.equiv
$HOME/.rhosts
R*(rlogin, rsh , rcp, rexec)服务信任主机
格式:
主机名(FQDN) 用户列表
23. /etc/ld.so.conf (
Linux)
动态链接库文件
目录列表, 相应命令ldconfig
$LD_LIBRARY_PATH Solaris 下相应的环境变量
用ldd 列出相应文件所使用的动态链接库
/etc/default[119]ldd /usr/ucb/ls
libc.so.1 => /usr/lib/libc.so.1
libdl.so.1 => /usr/lib/libdl.so.1
*修改过此文件之后请使用命令ldconfig重新生成
目录列表及连接库文件列表。
24. /etc/pam.d/login (
Linux Redhat)
auth required /lib/security/pam_securetty.so
/etc/securetty (
Linux Redhat, Debian)
root可登录的终端设备列表, tty[1-8] 为主控台上的设备,
ttyp* (
Linux)远程登录终端(TELNET)设备
/etc/default/login (Solaris)
# If CONSOLE is set, root can only login on that device.
# Comment this line out to allow remote login by root.
#
CONSOLE=/dev/console
注释掉相应的记录即可允许超级用户root从远程主机telnet登录
/etc/login.defs
Linux Debian 登录控制文件
25.
Linux Loader /etc/lilo.conf
多重启动文件,
**** 修改完此文件后一定需要执行lilo,
**** 重新编译安装新的
Linux kernel修改此文件并执行lilo
26. /etc/syslog.conf
syslogd configuration file,
27. /etc/smb.conf
SAMBA 服务器配置文件,将
Linux的文件系统与Windows 9x/NT共享
28. /etc/nologin
系统在要关机时不希望用户登录进来,就产生此文件,此文件内容为显示给用户的有
关拒绝连接的信息,用户此时就不能进入系统。当系统重新启动时如果有此文件,则
机器启动后任何用户不能使用系统,此时可考虑从软盘或光盘引导删除此文件,然后
再重新启动系统。
29. /etc/security
设定那些终端可以让root登录,一般情况下设定为只有console上的用户可能用root.
注:Redhat下使用了PAM机制,相应的文件为/etc/securetty.
30. /etc/X11/*
XFree86配置文件。
31. /etc/shells
用户可以使用的shell列表,如果强行修改/etc/passwd文件,也可以使用不在列表中
的shell程序,但对于shell不在此列表中的用户将无法使用FTP连接本系统。
32. /etc/mtab
系统在启动时创建的信息文件,内容为已经mount的文件系统,此文件内容是动态更
新的,参考/proc/mounts。