11,安装必须的软件包
这些软件包是后面的服务需要的:
aptitude install binutils cpp fetchmail flex gcc libarchive-zip-perl libc6-dev libcompress-zlib-perl libdb4.6-dev libpcre3 libpopt-dev lynx m4 make ncftp nmap openssl perl perl-modules unzip zip zlib1g-dev autoconf automake1.9 libtool bison autotools-dev g++ build-essential
(一行以内完成)
12,安装Quota
如果你之前的分区表和我的不同,你应该在这里做相应的调整
安装
aptitude install quota
编辑/etc/fstab,我的是这样的:
vi /etc/fstab
# /etc/fstab: static file system information.
#
# Use 'vol_id --uuid' to print the universally unique identifier for a
# device; this may be used with UUID= as a more robust way to name devices
# that works even if disks are added and removed. See fstab(5).
#
# <file system> <mount point> <type> <options> <dump> <pass>
proc /proc proc defaults 0 0
# / was on /dev/mapper/server1-root during installation
UUID=b8d265bc-5959-404d-a68e-8dc1c76f18d6 / ext3 relatime,errors=remount-ro,usrquota,grpquota 0 1
# /boot was on /dev/sda5 during installation
UUID=01e9c3c7-2ad0-4f52-a356-18290517b362 /boot ext2 relatime 0 2
# swap was on /dev/mapper/server1-swap_1 during installation
UUID=c1e0bcbb-5c73-4bd2-a7b2-8beeb7526200 none swap sw 0 0
/dev/scd0 /media/cdrom0 udf,iso9660 user,noauto,exec,utf8 0 0
/dev/fd0 /media/floppy0 auto rw,user,noauto,exec,utf8 0 0
启动quota
touch /quota.user /quota.group
chmod 600 /quota.*
mount -o remount /
quotacheck -avugm
quotaon -avug
13,DNS 服务器
安装
aptitude install bind9
因为安全原因,我们应该以chroot模式运行bind
/etc/init.d/bind9 stop
编辑文件 /etc/default/bind9 让bind守护进程以非特权用户bind的身份运行,chroot到/var/lib/named.编辑此行: OPTIONS="-u bind" so that it reads OPTIONS="-u bind -t /var/lib/named":
vi /etc/default/bind9
# run resolvconf? # startup options for the server
RESOLVCONF=yes
OPTIONS="-u bind -t /var/lib/named"
在/var/lib下创建必须的文件夹
mkdir -p /var/lib/named/etc
mkdir /var/lib/named/dev
mkdir -p /var/lib/named/var/cache/bind
mkdir -p /var/lib/named/var/run/bind/run
把配置文件夹从/etc移入到/var/lib/named/etc:
mv /etc/bind /var/lib/named/etc
在老文件夹里创建一个软链接到新的配置文件夹(确保bind能正常更新)
ln -s /var/lib/named/etc/bind /etc/bind
创建空设备和随机设备,修正文件权限:
mknod /var/lib/named/dev/null c 1 3
mknod /var/lib/named/dev/random c 1 8
chmod 666 /var/lib/named/dev/null /var/lib/named/dev/random
chown -R bind:bind /var/lib/named/var/*
chown -R bind:bind /var/lib/named/etc/bind
编辑/etc/default/syslogd 使得重要的登录信息能够传到系统日志编辑这行:SYSLOGD="" so that it reads: SYSLOGD="-a /var/lib/named/dev/log":
vi /etc/defatlt/syslogd
# # #
# Top configuration file for syslogd
#
# Full documentation of possible arguments are found in the manpage
# syslogd(8).
#
# For remote UDP logging use SYSLOGD="-r"
#
SYSLOGD="-a /var/lib/named/dev/log"
重启LOG的daemon
/etc/init.d/syslogd restart
启动bind,检查 /var/log/syslog中的错误
/etc/init.d/bind9 start
14 MYSQL
安装:
aptitude install mysql-server mysql-client libmysqlclient15-dev
你会被要求提供一个MYSQL ROOT密码,这个密码对root@localhost和root@server1.example.com一样有效,所以我们不一定要手动设定
New password for the MySQL "root" user: <-- yourrootsqlpassword
Repeat password for the MySQL "root" user: <-- yourrootsqlpassword
我们想离MYSQL监听所有接口,不光localhost,所有我们编辑/etc/mysql/my.cnf 注释掉这行:bind-address = 127.0.0.1:
vi /etc/mysql/my.cnf
[...]
# Instead of skip-networking the default is now to listen only on
# localhost which is more compatible and is not less secure.
#bind-address = 127.0.0.1
[...]
然后重启MYSQL
/etc/init.d/mysql restart
检查网络中已经启动
netstat -tap | grep mysql
输出应该像这样
root@server1:~# netstat -tap | grep mysql
tcp 0 0 *:mysql *:* LISTEN 4318/mysqld
root@server1:~#