快速安裝smb ssh vpn vnc httpd (+php) mysql
link：http://www.fedoraforum.org/forum/showthread.php?t=61633

Every Server Setup Imaginable: SMB, SSH, VPN, VNC, HTTPD (+ PHP), MySQL, More!

本身很少用這些套件，可以灌完之後，可以參考

Hello,
Considering the sizable amount of servers I've managed to configure, I decided to make a H-U-G-E how-to with them all.
I use 2 main tools for server setup; I highly recommend installing them prior to server setup. Here's how:

yum install system-config-users system-config-services

To access them, system-config-users and system-config-services are both under "System [Menu] > Administration".

Prior/Background Knowledge Needed

• GUI = Graphical User Interface, meaning you can interact in a graphical interface with text, images, buttons, etc
• CLI = Command Line Interface, you see only the black / white text and background, no windows or buttons. (eg. a terminal)
• Personally, I love gedit. It's clean, simple and easy-to-use text editor. If you don't find so, it's okay - Just replace all the places I use gedit with your favourite editor. Some other popular editors are kedit and vi.
  TIP: For those who like gedit but get really annoyed with the big fonts, do this:
  Edit [menu] > Preferences > Font & Colors Tab > Just activate (tick) "Use default system font"
• A commented line in a file is a line starting with a # or a ;. To uncomment this line remove this symbol from the beginning. Commented lines are in 99% of cases ignored, so they're useful for making quick notes about what something does or why. eg:
  # This line won't do anything!
  But this one will.
• system-config-services is a GUI to the chkconfig command; I don't use it in this howto very often here because chkconfig more direct when copy>pasting commands, however if you wish to edit many services or runlevels at once, this is the prefect tool.
• By the way, I expect all the commands here to be executed as root. You can use su - to become root, and yes, that's a dash. Many people forget that dash, and get "command not found" errors. Please be sure to include it when becoming root for these commands.

HTTPD (PHP enabled)
Name: Apache and PHP
Function: Web server with PHP installed
Installation:

yum install php httpd system-config-httpd mod_ssl
chkconfig httpd on
service httpd restart

Configuration:
/etc/php.ini
/etc/httpd/conf/*
/etc/httpd/conf.d/*
Edit at your will. Personally, I think the defaults work fine except for the error display in php.ini - I like to set DISPLAY_ERRORS to YES to see when thing go wrong in my PHP files.
Tips:

• To install encryption modules for PHP (FC5 or later):
  
  Code:

  yum install php-mhash php-mcrypt

• To generate a new SSL certificate:
  Code:

  
  cd /etc/pki/tls/certs/
  openssl genrsa -aes256 -out temp.key 2048
  openssl rsa -in temp.key -out private/your_hostname.key
  openssl req -new -key private/your_hostname.key -x509 -out certs/your_hostname.crt -days 365
  rm ./temp.key
  chmod 600 private/your_hostname.key certs/your_hostname.crt
  service httpd restart

  
  Change your_hostname for your real hostname. All that's left is to edit /etc/httpd/conf.d/ssl.conf and change the certificates to use your_hostname.crt and your_hostname.key

MySQL
Name: My [Structured Query Language]
Function: Easy, fast and secure database
Installation:

yum install mysql-server mysql-administrator mysql mysql-gui-common
chkconfig mysqld on
service mysqld restart

And, if you'd like the MySQL extension in PHP, run this additional command:

yum install php-mysql

Configuration:

mysql -u root
You should now see a mysql> prompt...
SET PASSWORD FOR ''@'localhost' = PASSWORD('newpwd');
SET PASSWORD FOR ''@'localhost.localdomain' = PASSWORD('newpwd');

Please change newpwd with a real password. A hard to guess, alpha-numeral password is highly recommended.
Tips:

• When using tables, make each row in the table have a 'id' column that is set to be the primary-key and auto-increments. This way, when referring to rows in a DELETE of UPDATE statement, for example, you won't delete unwanted rows. Just use the unique 'id' number that was created for that row
• Also, a great read on getting started with MySQL, and MySQL & PHP combo:
  http://www.dummies.com/WileyCDA/Dum...0764555898.html
  PHP & MySQL for dummies.

VNC
Name: Virtual Network Computing
Function: Graphical Remote Administration
Please see this post, a security warning for those using VNCServer before continuing.
Installation:

yum install xinetd vnc vnc-server
chkconfig vncserver off
chkconfig xinetd on

Configuration:

su -
gedit /etc/xinetd.d/vnc1024

Paste this into the new file:

      service vnc1024
      {
        disable     = no
        socket_type = stream
        protocol    = tcp
        wait        = no
        user        = nobody
        server      = /usr/bin/Xvnc
        server_args = -inetd -query 127.0.0.1 -geometry 1024x768 -depth 24 -once -fp unix/:7100 -securitytypes=none
      }

Close the file.

su -
gedit /etc/xinetd.d/vnc1024x8

Paste this into the new file:

     service vnc1024x8
      {
        disable     = no
        socket_type = stream
        protocol    = tcp
        wait        = no
        user        = nobody
        server      = /usr/bin/Xvnc
        server_args = -inetd -query 127.0.0.1 -geometry 1024x768 -depth 8 -once -fp unix/:7100 -securitytypes=none
      }

Now setup GDM for XDMCP:

gdmsetup

• If you're using Core 4, enter the "Security" Tab and:
  -> Uncheck "Always disallow TCP Connections to X Server"
  --> Uncheck "Allow root to login remotely with GDM"
  Next enter the XDMCP Tab and:
  -> Check "Enable XDMCP"
  --> Set the options as you like. For most users, those defaults are perfect.
• For Core 5 or greater, enter the "Security" tab and:
  -> Uncheck "Deny TCP Connections to XServer"
  --> Uncheck "Allow remote administrator login"
  
  Next enter the "Remote" tab and:
  -> Change selection box at top labeled "Remote greeter" to "Same as Local"
  --> Click "Configure XDMCP"
  ---> Click "Honor Indirect Requests"
• Now enter the "Accessibility" tab and untick "Enable accessible login"

Now close gdmsetup. Finally,

gedit /etc/services

Add to the end:

vnc1024 5900/tcp                        # VNC & GDM
vnc1024x8 5901/tcp                        # VNC & GDM

You can now add ports 5900 and 5901 tcp, along with 177 UDP to be allowed in your firewall if you have one enabled. A simple way to do this is with the system-config-securitylevel tool.
And now for the final step: Save & quit all open documents, and type terminal in the terminal:
WARNING: This is going to kill the X server, killing all graphical programs!

gdm-restart

VNC desktop 0 is 1024x768 normal quality, desktop 1 is the same but 8bit color mode for laggier connections.
Tips:

• You can continue adding more VNC services by adding a respective entry in /etc/xinetd.d and /etc/services.
• You can secure your VNC by tunneling it though SSH:
  
  Code:

  ssh -l username  ip_address  -L  to_port:127.0.0.1:from_port -p ssh_port

  
  Change the bold values to show the real ones. the -p ssh_port isn't always needed, it's only if you're using a non-standard port for SSH. For example:
  Code:

  
  ssh -l admin 12.34.56.78 -L 5905:127.0.0.1:5900

  
  Will map port 5900 (VNC display 0 or service "vnc1024") onto your localhost's port 5905 - VNC display 5. So run that in the background, now if you run a "vncviewer localhost:5" you'll get the remote's VNC display, over a secure tunnel!

SSH
Name: Secure Shell
Function: CLI remote administration
Installation:

yum install openssh openssh-clients openssh-server pam_ssh pam_abl
chkconfig sshd on
service sshd restart

Configuration:

gedit /etc/ssh/sshd_config

If you see a line that says:

PermitRootLogin yes

Please chanage it to:

PermitRootLogin no

You will also see a line:

MaxAuthTries 6

If it's commented, please change it to

MaxAuthTries 3

Next, close the text file editor, and now we have to restart SSH to make changes permanent:

service sshd restart

All Done.
Tips:

• You can also make SSH more secure by changing it's default port: in the /etc/ssh/sshd_config file, comment out the
  Code:

  Port 22

  line if it's not already commented, and add a line:
  Code:

  
  Port 1234

  
  1234 can be any number, but I recommend having it greater than 1056 as this is usually what port scanners look for - So your system won't show up on hacker's "Try to break into this computer" list as they scan the internet for weak computers.

Enjoy,
Firewing1

Almost Any type of server setup!, Linux questions answered!
Multimedia Playback & Browser Plugins in Fedora Core
Getting nVidia or ATi cards working, Compiz/Beryl with AIGLX/Xgl

 

---

 

VPN
Name: Virtual Private Network
Function: Remote Networking, enter your personal LAN from remote locations securely
Installation:
http://www.fedoraforum.org/forum/showthread.php?t=61633
Configuration:
Apparently, there is a fix to the no internet issue:

Code:

ifconfig ppp0 netmask [ your-normal-netmask ]

Tips:

That's all I have for now until I go more in-depth. Right now I can't get it working so I can't say much Although, these
' Core 5 configuration howto
' Core 4 configuration howto
general configuration documentation
sites are also useful.

PPTP VPN Server Howto in FC4

Hi !

********************************
Kernel 2.6.15 has MPPE support, so u dont need
dkms and kernel_ppp_mppe anymore if u re using it

*********************************
This howto will show how to create a pptp vpn server for windows and linux clients.
This vpn will use mppe encryption (40 or 128 bits), so we ll have to add a new kernel module.

1 - Go to www.poptop.org , download page and get these:

- dkms-2.0.5-1.noarch.rpm (dinamic kernel module system)
- kernel_ppp_mppe-0.0.5-2dkms.noarch.rpm (kernel module for mppe encryption)
- ppp-2.4.3-5.src.rpm (source for ppp update, they dont have the binary for fc4 yet)
- pptpd-1.2.1-1.i386.rpm

2 - Install

- do it in the order above.
- rpm -ivh dkms...
- rpm -ivh kernel_ppp...
- rpm -ivh ppp... (the source !, so lets make the rpm)
--- rpmbuild -ba /usr/src/redhat/SPECS/ppp.spec
--- rpm -Uvh /usr/src/redhat/RPMS/i386/ppp-2.4.3-5.fc4... (update ppp)
- rpm -ivh pptpd-1.2....

3 - Configuration

/etc/pptpd.conf:

# this is my example conf, put yours:
localip 10.1.0.1 #(your internal vpn server ip)
remoteip 10.1.0.2-10 #(the ip range that will be given for client hosts)


/etc/ppp/options.pptpd:

refuse-pap
refuse-chap
refuse-mschap
require-mschap-v2
require-mppe-128 #or 40

ms-dns #dns server for windows clients

proxyarp
lock
auth
require-mppe


/etc/ppp/chap-secrets:

# user pptpd password "*"

john pptpd johnpass "*"


4 - Firewall settings

In the firewall, open 1723 tcp port and the GRE protocol


5 - Start pptpd

# service pptpd start


6 - Clients configuration

Windows XP:

Start / Connection / Show Connection / Crate a new connection

then create a vpn connection type:
put the vpn server ip,
username and password created before and CONNECT !

Linux client:

use this howto:
http://pptpclient.sourceforge.net/h...ra-core-4.phtml

packets for TCP port 1723 connections to the server from the clients,
- packets of IP protocol 47 (GRE) in both directions with the clients,

Code:

iptables -A RH-Firewall-1-INPUT -p tcp -m tcp -s source --dport 1723 -j ACCEPT
iptables -A RH-Firewall-1-INPUT -p 47 -m tcp -s source -j ACCEPT

Are they correct rules? If so, what is the value source in above rules?
(source = IP of pptp server?)

 

put this in /etc/sysconfig/iptables

-A RH-Firewall-1-INPUT -p gre -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp -m state --dport 1723 --state NEW -j ACCEPT

http://www.fedoraforum.org/forum/showthread.php?t=61633

 

---

 

Hi. I have installed the packages on Fedora Core 3 and the configuration went OK. But when I dial up to the pptpd server I get disconnected at "Registering your computer on the network". I checked what it spits out in /var/log/messages, and there it was:

pppd[9947]: MPPE required, but kernel has no support.

But I am using a precompiled kernel shipped with Fedora Core 3, any idea why this happens? Thanks in advance.

可能會遇到的問題↑
/etc/sysctl.conf:
net.ipv4.ip_forward=1

可能的解決問題↑