3 Configuration d`un réseau 4 Maintenance d`un syst`eme Li

Université de CAEN
U.F.R. de Sciences
Licence d’informatique
Semestre 5- EI51 - Réseau
Séquence 8 - Bases des réseaux - suite
[email protected], [email protected]
1
Introduction
Le T.P. prévoit l’installation d’un serveur FTP, d’un serveur de mail et tous les tests associés. Ce texte à
essentiellement pour but de bien comprendre l’organisation d’un système Linux, ainsi que de regarder les
fichiers de configuration des serveurs, afin de préparer le T.P. Il donne également quelques renseignements
sur la configuration du serveur web Apache.
Les deux premières sections rappellent les grandes lignes de l’organisation de l’arborescence des fichiers et
de la configuration réseau. La section suivante indique comment maintenir une distribution Linux Dabian.
Les dernières sections présentent Proftp et ses fichiers de configuration, ainsi que les principes d’un serveur
de mail et la configuration d’Apache.
2
Organisation d’une distribution Linux(Debian)
Une distribution Linux est définie au travers d’un arborescence, telle que :
– la configuration des services et du système est définie dans /etc/
– Les répertoires utilisateurs sont généralement définis dans /home/
– le répertoire du super-utilisateur est défini dans /root/
– les périphériques sont définis dans /dev/
– le noyau de démarrage est installé dans /boot/
– les programmes, de manière générale, sont installés dans /usr/
3
Configuration d’un réseau
La configuration réseau dépend des fichiers suivants :
– la configuration réseau se fait dans le fichier /etc/network/interfaces
– la configuration du client dhcp se fait dans /etc/dhclient.conf
– le DNS s’inscrit dans /etc/resolv.conf
– le nom de la machine s’inscrit dans /etc/hostname
– la correspondances statiques de noms d’hôtes se fait dans /etc/hosts
4
Maintenance d’un système Linux
La maintenance d’un système Linux repose sur la commande apt-get. Cette commande peut être appelée à
partir des commandes de plus haut niveau dselect, aptitude et synaptic. Les deux premières fonctionnent en
mode texte et la troisième en mode graphique. Les programmes sont organisés sous forme de paquets avec
notion de dépendance entre paquets lorsqu’un programme dépend d’un autre pour son bon fonctionnement.
Comment installer un paquet : apt-get install <nom du paquet>
Si un paquet n’est pas trouvé car <nom du paquet> ne correspond pas à la véritable dénomination du
paquet, alors, il est possible de le rechercher de 2 manières :
– si apt-file est installé : apt-file search <nom du paquet> (pour l’installer : apt-get install apt-file, suivi de
apt-file update)
– interrogation à http ://www.debian.org/distrib/packages apt-get install <nom du paquet>
Pour mettre à jour la liste des paquets disponibles, exécutez la commande : apt-get update
1
5
Exemple de service : Proftpd
5.1
Installation
Le service s’installe comme suit : apt-get install proftpd
Son accessibilité peut être testée en mode utilisateur identifié à partir d’un poste de travail, avec le client
ftp commande-ligne ou bien un logiciel graphique tel que gftp.
5.2
Configuration
Le fichier de configuration se situe dans /etc/proftpd.conf. Il est fourni en annexe A.
Essayez d’expliquer le rôle des lignes proposées.
6
Serveur de mail
Une installation de serveur de mail doit comporter au moins un “MTA” (Mail Transfer Agent) associé à un
domaine Internet. Il utilise le protocole smtp pour dialoguer avec un client qui lui envoie des mails, ainsi
que pour les communications avec les MTA des autres domaines. Normalement, la machine qui supporte ce
MTA est déclarée dans un enregistrement “MX” du DNS du domaine (nous ne le ferons pas ici pour des
domaines qui n’ont pas d’existence officielle). En annexe B, le fichier qui enregistre la configuration d’Exim.
Chaque variable correspond à la réponse à une question posée lors de l’installation ou la ré-installation
d’exim. Essayez de préciser leur rôle.
L’application “historique” mail permet à un utilisateur de dialoguer avec le MTA. Afin d’offrir à l’utilisateur
des interfaces plus évoluées, nous installerons un serveur pop, un webmail. Par ailleurs, nous testerons
également la récupération de courriers d’autres domaines, les relais inter-domaines, ...
7
serveur Apache
En annexe C, quelques extraits du fichier de configuration d’Apache. Essayez de comprendre quelles sont les
fonctionnalités configurées et leurs possibilités.
8
#
#
#
#
Annexe A : fichier de configuration de Proftp
This is a basic ProFTPD configuration file (rename it to
’proftpd.conf’ for actual use. It establishes a single server
and a single anonymous login. It assumes that you have a user/group
"nobody/nogroup" and "ftp" for normal operation and anon.
ServerName "Debian"
ServerType standalone
DeferWelcome off
MultilineRFC2228 on
DefaultServer on
ShowSymlinks on
AllowOverwrite on
TimeoutNoTransfer 600
TimeoutStalled 600
TimeoutIdle 1200
2
DisplayLogin
DisplayFirstChdir
ListOptions
welcome.msg
.message
"-l"
DenyFilter \*.*/
# Uncomment this if you are using NIS or LDAP to retrieve passwords:
#PersistentPasswd off
# Uncomment this if you would use TLS module:
#TLSEngine on
# Uncomment this if you would use quota module:
#Quotas on
# Uncomment this if you would use ratio module:
#Ratios on
# Port 21 is the standard FTP port.
Port 21
# To prevent DoS attacks, set the maximum number of child processes
# to 30. If you need to allow more than 30 concurrent connections
# at once, simply increase this value. Note that this ONLY works
# in standalone mode, in inetd mode you should use an inetd server
# that allows you to limit maximum number of processes per service
# (such as xinetd)
MaxInstances 30
# Set the user and group that the server normally runs at.
User nobody
Group nogroup
<Directory /*>
# Umask 022 is a good standard umask to prevent new files and dirs
# (second parm) from being group and world writable.
Umask 022 022
# Normally, we want files to be overwriteable.
AllowOverwrite off
</Directory>
# A basic anonymous configuration, no upload directories.
# <Anonymous ~ftp>
#
User ftp
# Group nogroup
#
# We want clients to be able to login with "anonymous" as well as "ftp"
#
UserAlias anonymous ftp
#
#
RequireValidShell off
#
# # Limit the maximum number of anonymous logins
#
MaxClients 20
#
#
# We want ’welcome.msg’ displayed at login, and ’.message’ displayed
#
# in each newly chdired directory.
#
DisplayLogin welcome.msg
#
DisplayFirstChdir .message
#
3
#
# Limit WRITE everywhere in the anonymous chroot
#
<Directory *>
#
<Limit WRITE>
#
DenyAll
#
</Limit>
#
</Directory>
#
#
#
# Uncomment this if you’re brave.
#
# <Directory incoming>
#
#
# Umask 022 is a good standard umask to prevent new files and dirs
#
#
# (second parm) from being group and world writable.
#
#
Umask 022 022
#
#
<Limit READ WRITE>
#
#
DenyAll
#
#
</Limit>
#
#
<Limit STOR>
#
#
AllowAll
#
#
</Limit>
#
# </Directory>
#
# </Anonymous>
9
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
Annexe B : exim4
/etc/exim4/update-exim4.conf.conf
Edit this file and /etc/mailname by hand and execute update-exim4.conf
yourself or use ’dpkg-reconfigure exim4-config’
Please note that this is _not_ a dpkg-conffile and that automatic changes
to this file might happen. The code handling this will honor your local
changes, so this is usually fine, but will break local schemes that mess
around with multiple versions of the file.
update-exim4.conf uses this file to determine variable values to replace
the DEBCONFsomethingDEBCONF strings in the configuration template files.
Most settings found in here do have corresponding questions in the
Debconf configuration, but not all of them.
This is a Debian specific file
dc_eximconfig_configtype=’local’
dc_other_hostnames=’coing.info.unicaen.fr’
dc_local_interfaces=’127.0.0.1’
dc_readhost=’’
dc_relay_domains=’’
dc_minimaldns=’false’
dc_relay_nets=’’
dc_smarthost=’’
CFILEMODE=’644’
dc_use_split_config=’false’
dc_hide_mailname=’’
dc_mailname_in_oh=’true’
4
10
Annexe C : extrait du fichier de configuration d’Apache
Note : cet extrait est relatif à la version 1 d’Apache. Les fichiers de configuration de la version 2 sont organisés
de manière différente, qui sera expliquée en T.D.
##
## httpd.conf -- Apache HTTP server configuration file
##
#
# Based upon the NCSA server configuration files originally by Rob McCool.
#
# This is the main Apache server configuration file. It contains the
# configuration directives that give the server its instructions.
# See <URL:http://httpd.apache.org/docs/> for detailed information about
# the directives.
#
# Do NOT simply read the instructions in here without understanding
# what they do. They’re here only as hints or reminders. If you are unsure
# consult the online docs. You have been warned.
# The configuration directives are grouped into three basic sections:
# 1. Directives that control the operation of the Apache server process as a
#
whole (the ’global environment’).
# 2. Directives that define the parameters of the ’main’ or ’default’ server,
#
which responds to requests that aren’t handled by a virtual host.
#
These directives also provide default values for the settings
#
of all virtual hosts.
# 3. Settings for virtual hosts, which allow Web requests to be sent to
#
different IP addresses or hostnames and have them handled by the
#
same Apache server process.
#
### Section 1: Global Environment
# ServerType is either inetd, or standalone. Inetd mode is only supported on
# Unix platforms.
#
ServerType standalone
#
# ServerRoot: The top of the directory tree under which the server’s
# configuration, error, and log files are kept.
#
# NOTE! If you intend to place this on an NFS (or otherwise network)
# mounted filesystem then please read the LockFile documentation
# (available at <URL:http://www.apache.org/docs/mod/core.html#lockfile>);
# you will save yourself a lot of trouble.
#
ServerRoot "/usr"
#
# Timeout: The number of seconds before receives and sends time out.
#
Timeout 300
#
# KeepAlive: Whether or not to allow persistent connections (more than
# one request per connection). Set to "Off" to deactivate.
#
KeepAlive On
# Limit on total number of servers running, i.e., limit on the number
# of clients who can simultaneously connect --- if this limit is ever
# reached, clients will be LOCKED OUT, so it should NOT BE SET TOO LOW.
# It is intended mainly as a brake to keep a runaway server from taking
5
# the system with it as it spirals down...
#
MaxClients 150
# Note: The order in which modules are loaded is important. Don’t change
# the order below without expert advice.
#
# Example:
# LoadModule foo_module libexec/mod_foo.so
LoadModule includes_module
libexec/httpd/mod_include.so
LoadModule autoindex_module
libexec/httpd/mod_autoindex.so
LoadModule dir_module
libexec/httpd/mod_dir.so
LoadModule cgi_module
libexec/httpd/mod_cgi.so
LoadModule imap_module
libexec/httpd/mod_imap.so
LoadModule alias_module
libexec/httpd/mod_alias.so
LoadModule userdir_module
libexec/httpd/mod_userdir.so
LoadModule php4_module
libexec/httpd/libphp4.so
ClearModuleList
AddModule mod_include.c
AddModule mod_autoindex.c
AddModule mod_alias.c
AddModule mod_dir.c
AddModule mod_cgi.c
AddModule mod_imap.c
AddModule mod_userdir.c
AddModule mod_php4.c
### Section 2: ’Main’ server configuration
#
# Port: The port to which the standalone server listens. For
# ports < 1023, you will need httpd to be run as root initially.
#
Port 80
User www
Group www
# ServerName allows you to set a host name which is sent back to clients for
# your server if it’s different than the one the program would get (i.e., use
# "www" instead of the host’s real name).
#
#ServerName new.host.name
# DocumentRoot: The directory out of which you will serve your
# documents. By default, all requests are taken from this directory, but
# symbolic links and aliases may be used to point to other locations.
#
DocumentRoot "/Library/WebServer/Documents"
#
# Each directory to which Apache has access, can be configured with respect
# to which services and features are allowed and/or disabled in that
# directory (and its subdirectories).
#
# First, we configure the "default" to be a very restrictive set of
# permissions.
#
<Directory />
Options FollowSymLinks
AllowOverride None
</Directory>
#
# This should be changed to whatever you set DocumentRoot to.
#
<Directory "/Library/WebServer/Documents">
6
#
# This may also be "None", "All", or any combination of "Indexes",
# "Includes", "FollowSymLinks", "ExecCGI", or "MultiViews".
#
Options Indexes FollowSymLinks MultiViews
#
# Controls who can get stuff from this server.
#
Order allow,deny
Allow from all
</Directory>
# UserDir: The name of the directory which is appended onto a user’s home
# directory if a ~user request is received.
#
<IfModule mod_userdir.c>
UserDir Sites
</IfModule>
# Control access to UserDir directories. The following is an example
# for a site where these directories are restricted to read-only.
#
<Directory /Users/*/Sites>
AllowOverride FileInfo AuthConfig Limit
Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec ExecCGI
#
<Limit GET POST OPTIONS PROPFIND>
#
Order allow,deny
#
Allow from all
#
</Limit>
#
<LimitExcept GET POST OPTIONS PROPFIND>
#
Order deny,allow
#
Deny from all
#
</LimitExcept>
</Directory>
#
# DirectoryIndex: Name of the file or files to use as a pre-written HTML
# directory index. Separate multiple entries with spaces.
#
<IfModule mod_dir.c>
DirectoryIndex index.html
</IfModule>
# DefaultType is the default MIME type the server will use for a document
# if it cannot otherwise determine one, such as from filename extensions.
# If your server contains mostly text or HTML documents, "text/plain" is
# a good value. If most of your content is binary, such as applications
# or images, you may want to use "application/octet-stream" instead to
# keep browsers from trying to display binary files as though they are
# text.
#
DefaultType text/plain
<IfModule mod_alias.c>
# ScriptAlias: This controls which directories contain server scripts.
# ScriptAliases are essentially the same as Aliases, except that
# documents in the realname directory are treated as applications and
# run by the server when requested rather than as documents sent to the client.
# The same rules about trailing "/" apply to ScriptAlias directives as to
# Alias.
#
ScriptAlias /cgi-bin/ "/Library/WebServer/CGI-Executables/"
#
# "/Library/WebServer/CGI-Executables" should be changed to whatever your ScriptAli
ased
7
# CGI directory exists, if you have that configured.
#
<Directory "/Library/WebServer/CGI-Executables">
AllowOverride None
Options None
Order allow,deny
Allow from all
</Directory>
</IfModule>
# End of aliases.
# To use CGI scripts:
AddHandler cgi-script .cgi
### Section 3: Virtual Hosts
#
# VirtualHost: If you want to maintain multiple domains/hostnames on your
# machine you can setup VirtualHost containers for them. Most configurations
# use only name-based virtual hosts so the server doesn’t need to worry about
# IP addresses. This is indicated by the asterisks in the directives below.
#
# Please see the documentation at <URL:http://www.apache.org/docs/vhosts/>
# for further details before you try to setup virtual hosts.
#
# You may use the command line option ’-S’ to verify your virtual host
# configuration.
#
# Use name-based virtual hosting.
#
#NameVirtualHost *:80
#
# VirtualHost example:
# Almost any Apache directive may go into a VirtualHost container.
# The first VirtualHost section is used for requests without a known
# server name.
#
#<VirtualHost *:80>
#
ServerAdmin [email protected]
#
DocumentRoot /www/docs/dummy-host.example.com
#
ServerName dummy-host.example.com
#
ErrorLog logs/dummy-host.example.com-error_log
#
CustomLog logs/dummy-host.example.com-access_log common
#</VirtualHost>
<IfModule mod_php4.c>
# If php is turned on, we repsect .php and .phps files.
AddType application/x-httpd-php .php
AddType application/x-httpd-php-source .phps
# Since most users will want index.php to work we
# also automatically enable index.php
<IfModule mod_dir.c>
DirectoryIndex index.html index.php
</IfModule>
</IfModule>
8