LinuC（Linux技術者認定資格）＆リナックスサーバ構築設定事例

【SSH】の設定メモ

[root]# vi /etc/ssh/sshd_config　←SSHサーバ設定ファイル
■該当箇所を以下のように編集↓■
PasswordAuthentication no
AllowUsers reverie

[root]# su - reverie　←ユーザ切替

[reverie]$ ssh-keygen -t rsa1　←SSHの鍵を作成
Generating public/private rsa1 key pair.
Enter file in which to save the key (/home/reverie/.ssh/identity):
Created directory '/home/reverie/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/reverie/.ssh/identity.
Your public key has been saved in /home/reverie/.ssh/identity.pub.
The key fingerprint is:
23:46:16:33:65:37:88:94:b4:f7:33:a0:5d:b5:4e:ad reverie@reverie.example.com

[reverie]$ cd /home/reverie/.ssh　←共通鍵の格納場所へ移動
[reverie]$ ls -al
合計 16
drwx------    2 reverie reverie      4096 11月 29 14:22 .
drwx------   11 reverie 500          4096 11月 29 14:21 ..
-rw-------    1 reverie reverie       542 11月 29 14:22 identity
-rw-r--r--    1 reverie reverie       346 11月 29 14:22 identity.pub

[reverie]$ cat identity.pub >> authorized_keys　←サーバに渡す公開鍵
[reverie]$ chmod 0600 *　←所有者のみ読み書き可能
[reverie]$ ls -al
合計 20
drwx------    2 reverie reverie      4096 11月 29 14:25 .
drwx------   11 reverie 500          4096 11月 29 14:21 ..
-rw-------    1 reverie reverie       346 11月 29 14:25 authorized_keys
-rw-------    1 reverie reverie       542 11月 29 14:22 identity
-rw-------    1 reverie reverie       346 11月 29 14:22 identity.pub

[reverie]$ smbclient '\\win50\LINUX' -I 192.168.0.50 -U Administrator　←クライアントへ接続
params.c:OpenConfFile() - Unable to open configuration file "/etc/samba/smb.conf":
Permission denied
Can't load /etc/samba/smb.conf - run testparm to debug it
added interface ip=192.168.0.99 bcast=192.168.0.255 nmask=255.255.255.0
Password:　←パスワード入力
Domain=[EXAMPLE.COM] OS=[Windows 5.0] Server=[Windows 2000 LAN Manager]
smb: \> put identity　←クライアント側に秘密鍵を渡す
putting file identity as \identity (13.2 kb/s) (average 13.2 kb/s)
smb: \> quit　←smbclient終了
[reverie]$exit　←rootへ戻る

←WindowsクライアントからSSH接続する

[root]# tail /var/log/secure
Nov 23 14:04:06 reverie sshd[1042]: Server listening on 0.0.0.0 port 22.
Nov 23 14:27:57 reverie sshd[1345]: Accepted password for reverie from 192.168.0.21 port 57414 ssh2
Nov 23 15:32:10 reverie sshd[1347]: Received disconnect from 192.168.0.21: 2: disconnected by server request
Nov 23 15:32:11 reverie sshd[1042]: Received signal 15; terminating.
Nov 29 13:17:26 reverie sshd[1042]: Server listening on 0.0.0.0 port 22.
Nov 29 13:19:58 reverie sshd[1344]: Accepted password for reverie from 192.168.0.21 port 56761
Nov 29 13:22:39 reverie useradd[1416]: new user: name=testuser, uid=501, gid=501, home=/home/testuser, shell=/bin/bash
Nov 29 13:32:50 reverie sudo: testuser : command not allowed ; TTY=pts/0 ; PWD=/home/testuser ; USER=root ; COMMAND=/bin/more /etc/sudoers
Nov 29 13:33:39 reverie sudo: reverie : TTY=pts/0 ; PWD=/home/reverie ; USER=root ; COMMAND=/bin/more /etc/sudoers
Nov 29 14:37:59 reverie sshd[8082]: Accepted rsa for reverie from 192.168.0.50 port 3009

PR

【スーパーサーバ】の設定メモ

[root]# vi /etc/xinetd.conf←設定ファイル
■以下のように編集↓■
defaults
{
        instances               = 60
        log_type                = FILE /var/log/service.log←ログの出力先を指定
        log_on_success          = HOST PID EXIT DURATION
        log_on_failure          = HOST ATTEMPT
        only_from               = 192.168.0.0/24 127.0.0.1←ローカル、ループバック
        no_access               = 192.168.0.1←ルータのアドレス
        cps                     = 25 30
}
includedir /etc/xinetd.d

[root]# touch /var/log/service.log←ログ用ファイル作成

[root]# chmod 0600 /etc/xinetd.conf←権限変更

[root]# ls -al /etc/xinetd.conf
ls -al /etc/xinetd.conf
-rw------- 1 root root 386 11月 23 14:37 /etc/xinetd.conf

[root]# vi /etc/xinetd.d/telnet←telnetをxinetd経由で起動する設定
■以下の箇所をコメント化↓■
# disable = yes

[root]# /etc/rc.d/init.d/xinetd restart←再起動
xinetdを停止中: [ OK ]
xinetdを起動中: [ OK ]

root]# tail /var/log/messages
Nov 23 14:04:23 reverie anacron: anacron startup succeeded
Nov 23 14:04:23 reverie atd: atd startup succeeded
Nov 23 14:04:28 reverie kernel: mice: PS/2 mouse device common for all mice
Nov 23 14:27:57 reverie sshd(pam_unix)[1347]: session opened for user reverie by (uid=500)
Nov 23 14:28:01 reverie 11月 23 14:28:01 su(pam_unix)[1377]: session opened for user root by reverie(uid=500)
Nov 23 14:51:50 reverie xinetd[1056]: Exiting...
Nov 23 14:51:50 reverie 11月 23 14:51:50 xinetd: xinetd停止 succeeded
Nov 23 14:51:51 reverie xinetd[1487]: xinetd Version 2.3.11 started with libwrap loadavg options compiled in.
Nov 23 14:51:51 reverie xinetd[1487]: Started working: 3 available services
Nov 23 14:51:53 reverie xinetd: ・鰯ucceeded

←Windowsクライアントからtelnetでログイン

[root]# tail /var/log/service.log
10/11/23@14:54:13: START: telnet pid=1491 from=192.168.0.50
10/11/23@14:54:58: EXIT: telnet status=0 pid=1491 duration=45(sec)

[root]# ls -l /etc/vsftpd*
-rw-------    1 root     root          125 3月 1 2003 /etc/vsftpd.ftpusers←ftp禁止ユーザ一覧
-rw-------    1 root     root          361 3月 1 2003 /etc/vsftpd.user_list←vsftpd禁止ユーザ一覧
/etc/vsftpd:
合計 4
-rw-------    1 root     root         3854 3月 1 2003 vsftpd.conf

[root]# cp -p /usr/share/doc/vsftpd-1.1.3/vsftpd.xinetd /etc/xinetd.d/vsftpd←xinetd用にvsftpdをコピー

[root]# vi /etc/xinetd.d/vsftpd←vsftpdをxinetd経由で起動する設定
■以下のように編集↓■
        server_args             = /etc/vsftpd/vsftpd.conf←vsftpd設定ファイルを引数に設定
        access_times            = 00:00-23:59←接続許可時間
#       disable                 = yes←コメントアウトで有効化

[root]# vi /etc/vsftpd/vsftpd.conf←vsftpdの設定
■以下のように編集↓■
ascii_upload_enable=YES←アップロード許可
ascii_download_enable=YES←ダウンロード許可
# listen=YES←スタンドアロンモードを無効化

[root]# /etc/rc.d/init.d/xinetd restart←再起動
xinetdを停止中: [ OK ]
xinetdを起動中: [ OK ]

[root]# tail /var/log/messages
Nov 23 14:55:13 reverie -- reverie[1523]: LOGIN ON pts/1 BY reverie FROM win50
Nov 23 14:56:16 reverie login(pam_unix)[1523]: session closed for user reverie
Nov 23 14:56:26 reverie login(pam_unix)[1552]: session opened for user reverie by (uid=0)
Nov 23 14:56:26 reverie -- reverie[1552]: LOGIN ON pts/1 BY reverie FROM win50
Nov 23 14:56:32 reverie login(pam_unix)[1552]: session closed for user reverie
Nov 23 15:16:57 reverie xinetd[1487]: Exiting...
Nov 23 15:16:57 reverie 11月 23 15:16:57 xinetd: xinetd停止 succeeded
Nov 23 15:16:58 reverie xinetd[1867]: xinetd Version 2.3.11 started with libwrap loadavg options compiled in.
Nov 23 15:16:58 reverie xinetd[1867]: Started working: 4 available services
Nov 23 15:17:00 reverie xinetd: ・鰯ucceeded

←Windowsクライアントからftp接続

[root]# tail /var/log/service.log←xinetdのログ
10/11/23@15:20:19: START: ftp pid=1884 from=192.168.0.50
10/11/23@15:21:34: EXIT: ftp status=0 pid=1884 duration=75(sec)

[root]# tail /var/log/vsftpd.log←vsftpdのファイル転送ログ
Tue Nov 23 15:21:29 2010 1 192.168.0.50 204 /home/reverie/.bash_profile a _ o r reverie ftp 0 * c

【SAMBA】の設定メモ

[root]# vi /etc/samba/smb.conf←SAMBAの設定
■↓以下のように編集■
    workgroup = ドメイン名
    server string = 表示させる文字列
    hosts allow = 192.168.0. 127.←アクセス許可
    security = user←認証方式
    remote announce = 192.168.0.255←ローカルネットへ通知
■↓以下の行追記■
    invalid users = root←禁止ユーザ
    coding system = euc←文字コード
    client code page = 932←クライアント側の文字コード

[root]# testparm -s←設定を確認する

[root]# cat /etc/passwd | mksmbpasswd.sh > smbpasswd←sambaパスワードファイル作成
[root]# chmod 0600 smbpasswd←rootのみ権限設定
[root]# chmod 0500 /etc/samba←rootのみ権限設定

[root]# smbpasswd reverie←sambaパスワード設定
New SMB password:←パスワード入力
Retype new SMB password:←確認の為にもう一度パスワード入力
Password changed for user reverie.
Password changed for user reverie.

[root]# tail /etc/samba/smbpasswd←sambaパスワードが追加されているのを確認
reverie:500:E52CAC67419A9A224A3B108F3FA6CB6D:8846F7EAEE8FB117AD06BDD830B7586C:[U ]:LCT-4CE39C83:reverie

[root]# more /etc/sysconfig/samba←samba起動パラメータの確認
# Options to smbd
SMBDOPTIONS="-D"
# Options to nmbd
NMBDOPTIONS="-D"
# Options for winbindd
WINBINDOPTIONS=""

[root]# /etc/rc.d/init.d/smb restart←samba再起動
SMBサービスを停止中:                                       [失敗]
NMBサービスを停止中:                                       [失敗]
SMBサービスを起動中:                                       [ OK ]
NMBサービスを起動中:                                       [ OK ]

[root]# tail /var/log/messages←システムログで起動確認
Nov 17 16:17:04 reverie xfs: ignoring font path element /usr/X11R6/lib/X11/fonts/cyrillic (unreadable)
Nov 17 16:17:08 reverie kernel: mice: PS/2 mouse device common for all mice
Nov 17 16:35:16 reverie sshd(pam_unix)[1339]: session opened for user reverie by (uid=500)
Nov 17 16:35:18 reverie 11月 17 16:35:18 su(pam_unix)[1369]: session opened for user root by reverie(uid=500)
Nov 17 18:11:43 reverie 11月 17 18:11:43 su(pam_unix)[1369]: session closed for user root
Nov 17 18:11:57 reverie 11月 17 18:11:57 su(pam_unix)[7908]: session opened for user root by reverie(uid=500)
Nov 17 18:19:59 reverie 11月 17 18:19:59 smb: smbd停止 failed
Nov 17 18:19:59 reverie 11月 17 18:19:59 smb: nmbd停止 failed
Nov 17 18:19:59 reverie 11月 17 18:19:59 smb: smbd起動 succeeded
Nov 17 18:19:59 reverie 11月 17 18:19:59 smb: nmbd起動 succeeded

[root]# more /var/log/samba/log.nmbd←nmbのログ
[2010/11/17 18:19:59, 0] nmbd/nmbd.c:main(794)
Netbios nameserver version 2.2.7a started.
Copyright Andrew Tridgell and the Samba Team 1994-2002
[2010/11/17 18:20:03, 0] nmbd/nmbd_responserecordsdb.c:find_response_record(235)
find_response_record: response packet id 14426 received with no matching record.
[2010/11/17 18:20:03, 0] nmbd/nmbd_responserecordsdb.c:find_response_record(235)
find_response_record: response packet id 14427 received with no matching record.

[root]# more /var/log/samba/log.smbd←smbのログ
[2010/11/17 18:19:59, 0] smbd/server.c:main(707)
smbd version 2.2.7a started.
Copyright Andrew Tridgell and the Samba Team 1992-2002

[root]# vi /etc/hosts
■↓以下のように追記■
192.168.0.50 win50.example.com win50←sambaクライアントのIP,ドメイン名,ホスト名

[root]# vi /etc/samba/lmhosts
■↓以下のように追記■
192.168.0.99 reverie←sambaサーバのIPとホスト名
192.168.0.50 win50←sambaクライアントのIPとホスト名

←Windowsクライアントからワークグループ内にあるsambaサーバへアクセスする

[root]# smbstatus←Windowsクライアントからのアクセスを確認
Samba version 2.2.7a
Service      uid      gid      pid     machine
----------------------------------------------
IPC$         reverie reverie   7999   win50    (192.168.0.50) Wed Nov 17 18:33:57 2010
IPC$         nobody   nobody    7999   win50    (192.168.0.50) Wed Nov 17 18:34:00 2010
reverie      reverie reverie   7999   win50    (192.168.0.50) Wed Nov 17 18:34:00 2010
No locked files

[root]# tail /var/log/messages←sambaセッションを確認
Nov 17 18:33:57 reverie samba(pam_unix)[7999]: session opened for user reverie by (uid=0)

【プロキシサーバ】の設定メモ

[root]# vi /etc/squid/squid.conf←Squidの設定ファイル
■以下のように編集↓■
http_port 8080←ポート番号指定
acl our_networks src 192.168.1.0/24←アクセスリスト設定
acl working_time time 00:00-23:59←アクセスリスト設定
http_access deny !working_time←拒否条件
http_access allow our_networks←許可条件

[root]# /etc/rc.d/init.d/squid restart←設定反映の為、再起動
squidを停止中: [失敗]
init_cache_dir /var/spool/squid... squidを起動中: .. [ OK ]

[root]# tail /var/log/messages
Nov 12 17:16:20 reverie last message repeated 15 times
Nov 12 17:16:20 reverie cups: cupsd startup succeeded
Nov 12 17:16:20 reverie xfs: xfs startup succeeded
Nov 12 17:16:21 reverie anacron: anacron startup succeeded
Nov 12 17:16:21 reverie atd: atd startup succeeded
Nov 12 17:16:21 reverie xfs: ignoring font path element /usr/X11R6/lib/X11/fonts/cyrillic (unreadable)
Nov 12 17:16:25 reverie kernel: mice: PS/2 mouse device common for all mice
Nov 12 17:16:52 reverie sshd(pam_unix)[1316]: session opened for user reverie by (uid=500)
Nov 12 17:16:55 reverie 11月 12 17:16:55 su(pam_unix)[1346]: session opened for user root by reverie(uid=500)
Nov 12 17:40:15 reverie squid[1425]: Squid Parent: child process 1427 started←Squid起動を確認

[root]# ls -al /var/log/squid←Squidのログがあることを確認
合計 12
drwxr-x---    2 squid    squid        4096 11月 12 17:40 .
drwxr-xr-x    8 root     root         4096 11月 12 17:16 ..
-rw-r--r--    1 squid    squid           0 11月 12 17:40 access.log
-rw-r--r--    1 squid    squid        1865 11月 12 17:40 cache.log
-rw-r--r--    1 squid    squid           0 11月 12 17:40 store.log

[root]# more /var/log/squid/cache.log←キャッシュログ確認
2010/11/12 17:40:15| Starting Squid Cache version 2.5.STABLE1 for i386-redhat-linux-gnu...
2010/11/12 17:40:15| Process ID 1427
2010/11/12 17:40:15| With 1024 file descriptors available
2010/11/12 17:40:15| DNS Socket created at 0.0.0.0, port 32770, FD 5
2010/11/12 17:40:15| Adding nameserver 192.168.0.99 from /etc/resolv.conf
2010/11/12 17:40:15| Unlinkd pipe opened on FD 10
2010/11/12 17:40:15| Swap maxSize 102400 KB, estimated 7876 objects
2010/11/12 17:40:15| Target number of buckets: 393
2010/11/12 17:40:15| Using 8192 Store buckets
2010/11/12 17:40:15| Max Mem size: 8192 KB
2010/11/12 17:40:15| Max Swap size: 102400 KB
2010/11/12 17:40:15| Rebuilding storage in /var/spool/squid (DIRTY)
2010/11/12 17:40:15| Using Least Load store dir selection
2010/11/12 17:40:15| Set Current Directory to /var/spool/squid
2010/11/12 17:40:15| Loaded Icons.
2010/11/12 17:40:17| Accepting HTTP connections at 0.0.0.0, port 8080, FD 11.
2010/11/12 17:40:17| WCCP Disabled.
2010/11/12 17:40:17| Ready to serve requests.
2010/11/12 17:40:17| Done scanning /var/spool/squid swaplog (0 entries)
2010/11/12 17:40:17| Finished rebuilding storage from disk.
2010/11/12 17:40:17|         0 Entries scanned
2010/11/12 17:40:17|         0 Invalid entries.
2010/11/12 17:40:17|         0 With invalid flags.
2010/11/12 17:40:17|         0 Objects loaded.
2010/11/12 17:40:17|         0 Objects expired.
2010/11/12 17:40:17|         0 Objects cancelled.
2010/11/12 17:40:17|         0 Duplicate URLs purged.
2010/11/12 17:40:17|         0 Swapfile clashes avoided.
2010/11/12 17:40:17|   Took 2.0 seconds (   0.0 objects/sec).
2010/11/12 17:40:17| Beginning Validation Procedure
2010/11/12 17:40:17|   Completed Validation Procedure
2010/11/12 17:40:17|   Validated 0 Entries
2010/11/12 17:40:17|   store_swap_size = 0k
2010/11/12 17:40:19| storeLateRelease: released 0 objects

←Windows上でプロキシサーバを設定してWWWサーバへアクセスさせる

[root]# tail /var/log/httpd/access_log←ログ確認
192.168.0.50 - - [12/Nov/2010:17:53:02 +0900] "GET / HTTP/1.1" 304 0 "-" "Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)"
192.168.0.50 - - [12/Nov/2010:17:53:05 +0900] "GET /index.html HTTP/1.1" 200 117 "-" "Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)"

【WWWサーバ】の設定メモ

[root]# vi /etc/httpd/conf/httpd.conf←Apacheの設定ファイル
■下記の項目は必ず環境に合わせて設定する↓■
ServerAdmin apache@example.com←管理者メールアドレス
ServerName reverie.example.com:80←WWWサーバ名とポート番号
DocumentRoot "/var/www/html"←ドキュメントルートの場所

[root]# /etc/rc.d/init.d/httpd restart←設定反映のため、httpd再起動
httpdを停止中: [失敗]
httpdを起動中: [ OK ]

[root]# tail /var/log/messages
Nov 9 12:55:28 reverie xfs: xfs startup succeeded
Nov 9 12:55:28 reverie anacron: anacron startup succeeded
Nov 9 12:55:28 reverie atd: atd startup succeeded
Nov 9 12:55:28 reverie xfs: ignoring font path element /usr/X11R6/lib/X11/fonts/cyrillic (unreadable)
Nov 9 12:55:32 reverie kernel: mice: PS/2 mouse device common for all mice
Nov 9 12:57:49 reverie sshd(pam_unix)[1295]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=192.168.0.21 user=reverie
Nov 9 12:57:53 reverie sshd(pam_unix)[1297]: session opened for user reverie by (uid=500)
Nov 9 12:57:55 reverie 11月 9 12:57:55 su(pam_unix)[1327]: session opened for user root by reverie(uid=500)
Nov 9 13:36:54 reverie 11月 9 13:36:54 httpd: httpd停止 failed
Nov 9 13:36:56 reverie 11月 9 13:36:56 httpd: httpd起動 succeeded

→Windowsから「http://www.example.com/」にアクセス

[root]# tail /var/log/httpd/access_log←この時点ではindex.htmlが無いためエラーとなる
192.168.0.50 - - [09/Nov/2010:13:43:29 +0900] "GET /index.html HTTP/1.1" 404 1057 "-" "Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)"
192.168.0.50 - - [09/Nov/2010:13:43:38 +0900] "GET / HTTP/1.1" 403 2898 "-" "Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)"
192.168.0.50 - - [09/Nov/2010:13:43:38 +0900] "GET /icons/apache_pb.gif HTTP/1.1" 200 2326 "http://www.example.com/" "Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)"
192.168.0.50 - - [09/Nov/2010:13:43:38 +0900] "GET /icons/powered_by.gif HTTP/1.1" 200 581 "http://www.example.com/" "Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)"

[root]# vi /var/www/html/index.html
■適当にHTMLを作成↓■
<HTML>
<HEAD><TITLE> test </TITLE></HEAD>
<BODY>
www server test...
</BODY>
</HTML>

→Windowsから「http://www.example.com/」にアクセス

[root]# tail /var/log/httpd/access_log←index.htmlにアクセスできることを確認する
192.168.0.50 - - [09/Nov/2010:13:57:23 +0900] "GET / HTTP/1.1" 200 117 "-" "Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)"
192.168.0.50 - - [09/Nov/2010:13:57:35 +0900] "GET /index.html HTTP/1.1" 200 117 "-" "Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)"

【mailコマンド】の使用例

[root]# mail←未読メールを読む場合
Mail version 8.1 6/6/93. Type ? for help.
"/var/spool/mail/root": 5 messages 5 new
>N 1 root@reverie.example Fri Oct 15 23:42 19/819   "Anacron job 'cron.daily'"
N 2 root@reverie.example Tue Oct 19 22:30 56/1735 "LogWatch for reverie.example.com"
N 3 root@reverie.example Tue Oct 19 22:31 19/821   "Anacron job 'cron.daily'"
N 4 root@reverie.example Mon Nov 1 14:52 19/818   "Anacron job 'cron.daily'"
N 5 root@dgx.example.com Wed Nov 3 15:29 19/796   "Anacron job 'cron.daily'"
& t1←メールを選択
Message 1:
From root@reverie.example.com Fri Oct 15 23:42:19 2010
Date: Fri, 15 Oct 2010 23:42:18 +0900
From: root@reverie.example.com (Anacron)
To: root@reverie.example.com
Subject: Anacron job 'cron.daily'
/etc/cron.daily/tripwire-check:
****    Error: Tripwire database for reverie.example.com not found.    ****
**** Run /etc/tripwire/twinstall.sh and/or tripwire --init. ****

[root]# ls -al mbox
-rw------- 1 root root 5044 11月 3 15:38 mbox

[root]# mail -f←既読メールを読む場合

[root]# mail -s test-mail reverie@example.com←メールを作成して送る
TEST MAIL.
.
Cc:

[root]# tail /var/log/maillog←メールのログ確認
Nov 3 15:43:11 reverie sendmail[1764]: oA36hBj5001764: from=root, size=55, class=0, nrcpts=1, msgid=<201011030643.oA36hBj5001764@reverie.example.com>, relay=root@localhost
Nov 3 15:43:11 reverie sendmail[1766]: oA36hB0K001766: from=<root@reverie.example.com>, size=346, class=0, nrcpts=1, msgid=<201011030643.oA36hBj5001764@reverie.example.com>, proto=ESMTP, daemon=Daemon0, relay=localhost.localdomain [127.0.0.1]
Nov 3 15:43:11 reverie sendmail[1764]: oA36hBj5001764: to=reverie@example.com, ctladdr=root (0/0), delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=30044, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (oA36hB0K001766 Message accepted for delivery)
Nov 3 15:43:11 reverie sendmail[1767]: oA36hB0K001766: to=<reverie@example.com>, ctladdr=<root@reverie.example.com> (0/0), delay=00:00:00, xdelay=00:00:00, mailer=pmlocal, pri=30549, dsn=2.0.0, stat=Sent

【pop3有効化】の設定メモ

[root]# vi /etc/xinetd.d/ipop3
# disable = yes←無効設定をコメント化する

[root]# /etc/rc.d/init.d/xinetd restart
xinetdを停止中: [ OK ]
xinetdを起動中: [ OK ]

[root]# tail /var/log/messages
Nov 3 14:26:48 reverie 11月 3 14:26:48 su(pam_unix)[1330]: session opened for user root by reverie(uid=500)
Nov 3 14:29:03 reverie 11月 3 14:29:03 su(pam_unix)[1330]: session closed for user root
Nov 3 14:29:04 reverie sshd(pam_unix)[1300]: session closed for user reverie
Nov 3 15:15:23 reverie sshd(pam_unix)[1396]: session opened for user reverie by (uid=500)
Nov 3 15:15:29 reverie 11月 3 15:15:29 su(pam_unix)[1426]: session opened for user root by reverie(uid=500)
Nov 3 15:21:45 reverie xinetd[1060]: Exiting...
Nov 3 15:21:45 reverie 11月 3 15:21:45 xinetd: xinetd停止 succeeded
Nov 3 15:21:46 reverie xinetd[1483]: xinetd Version 2.3.11 started with libwrap loadavg options compiled in.
Nov 3 15:21:46 reverie xinetd[1483]: Started working: 2 available services
Nov 3 15:21:48 reverie xinetd: ・鰯ucceeded

【sendmail】設定メモ

[root]# tar -xvzf CF-3.7Wpl2.tar.gz←「CF-3.7Wpl2.tar.gz」を用意しておき解凍する
[root]# cd CF-3.7Wpl2
[root]# cp -p Standards/sendmail-v8.def sendmail.def

[root]# vi sendmail.def
■編集内容は環境により任意に記述■

[root]# pwd
/usr/local/src/CF-3.7Wpl2

[root]# make sendmail.cf
MASTERDIR=./Master TOOLDIR=./Tools \
./Tools/Configure sendmail.def > sendmail.cf.tmp
mv -f sendmail.cf.tmp sendmail.cf

[root]# vi sendmail.cf
■下記のように編集↓■
#O AutoRebuildAliases=False　←【 # を入れてコメント化】

[root]# cp -p /etc/mail/sendmail.cf /etc/mail/sendmail.cf.original
[root]# cp -p sendmail.cf /etc/mail
cp: `/etc/mail/sendmail.cf' を上書きしてもよろしいですか(yes/no)? y
[root]# echo $?
0 ←正常終了を確認

[root]# vi /etc/mail/sendmail.localip
■下記のように編集↓■
ネットワークアドレス記入

[root]# vi /etc/mail/sendmail.localdomain
■下記のように編集↓■
ドメイン名の記入

[root]# vi /etc/mail/sendmail.relay.to
■下記のように編集↓■
ドメイン名の記入

[root]# ls -al /etc/aliases*
-rw-r--r-- 1 root root 1343 2月 25 2003 /etc/aliases
-rw-r----- 1 smmsp smmsp 12288 11月 1 13:45 /etc/aliases.db
[root]# chown root /etc/aliases.db
[root]# ls -al /etc/aliases*
-rw-r--r-- 1 root root 1343 2月 25 2003 /etc/aliases
-rw-r----- 1 root smmsp 12288 11月 1 13:45 /etc/aliases.db

[root]# /etc/rc.d/init.d/sendmail restart
sendmailを停止中: [ OK ]
sm-clientを停止中: [ OK ]
sendmailを起動中: [ OK ]
sm-clientを起動中: [ OK ]

[root]# tail /var/log/messages
Nov 1 14:51:30 reverie syslogd 1.4.1: restart.
Nov 1 16:04:56 reverie sshd(pam_unix)[7776]: session opened for user reverie by (uid=500)
Nov 1 16:04:58 reverie 11月 1 16:04:58 su(pam_unix)[7806]: session opened for user root by reverie(uid=500)
Nov 1 16:38:53 reverie 11月 1 16:38:53 sendmail: sendmail停止 succeeded
Nov 1 16:38:53 reverie 11月 1 16:38:53 sendmail: sm-client停止 succeeded
Nov 1 16:38:53 reverie 11月 1 16:38:53 sendmail: sendmail起動 succeeded
Nov 1 16:38:53 reverie 11月 1 16:38:53 sendmail: sm-client起動 succeeded

[root]# tail /var/log/maillog
Nov 1 16:38:53 reverie sendmail[7941]: alias database /etc/aliases rebuilt by reverie
Nov 1 16:38:53 reverie sendmail[7941]: /etc/aliases: 63 aliases, longest 10 bytes, 625 bytes total
Nov 1 16:38:53 reverie sendmail[7953]: starting daemon (8.12.8): SMTP+queueing@01:00:00
Nov 1 16:38:53 reverie sm-msp-queue[7962]: starting daemon (8.12.8): queueing@01:00:00

[root]# vi /etc/mail/sendmail.spamlist
■下記のように編集↓■
ホスト名＠ドメイン名 # コメント記述
[root]# makemap hash /etc/mail/sendmail.spamlist.db < /etc/mail/sendmail.spamlist
[root]# echo $?
0 ←正常終了を確認

【自動起動（chkconfig）】の設定メモ

・例えば、namedを自動起動する場合

[root]# /sbin/chkconfig --list named
named 0:オフ 1:オフ 2:オフ 3:オフ 4:オフ 5:オフ 6:オフ

[root]# /sbin/chkconfig --level 35 named on　←ランレベル３、５で自動起動

[root]# /sbin/chkconfig --list named
named 0:オフ 1:オフ 2:オフ 3:オン 4:オフ 5:オン 6:オフ

【DNS動作確認】メモ

[root]# nslookup
Note: nslookup is deprecated and may be removed from future releases.
Consider using the `dig' or `host' programs instead. Run nslookup with
the `-sil[ent]' option to prevent this message from appearing.
> reverie
Server:         192.168.0.99
Address:        192.168.0.99#53
Name:   reverie.example.com
Address: 192.168.0.99
> reverie.example.com
Server:         192.168.0.99
Address:        192.168.0.99#53
Name:   reverie.example.com
Address: 192.168.0.99
> www
Server:         192.168.0.99
Address:        192.168.0.99#53
www.example.com canonical name = reverie.example.com.
Name:   reverie.example.com
Address: 192.168.0.99
> www.example.com
Server:         192.168.0.99
Address:        192.168.0.99#53
www.example.com canonical name = reverie.example.com.
Name:   reverie.example.com
Address: 192.168.0.99
> mail
Server:         192.168.0.99
Address:        192.168.0.99#53
mail.example.com        canonical name = reverie.example.com.
Name:   reverie.example.com
Address: 192.168.0.99
> mail.example.com
Server:         192.168.0.99
Address:        192.168.0.99#53
mail.example.com        canonical name = reverie.example.com.
Name:   reverie.example.com
Address: 192.168.0.99
> ftp
Server:         192.168.0.99
Address:        192.168.0.99#53
ftp.example.com canonical name = reverie.example.com.
Name:   reverie.example.com
Address: 192.168.0.99
> ftp.example.com
Server:         192.168.0.99
Address:        192.168.0.99#53
ftp.example.com canonical name = reverie.example.com.
Name:   reverie.example.com
Address: 192.168.0.99
> 192.168.0.99
Server:         192.168.0.99
Address:        192.168.0.99#53
99.0.168.192.in-addr.arpa       name = reverie.example.com.
> example.com
Server:         192.168.0.99
Address:        192.168.0.99#53
Name:   example.com
Address: 192.168.0.0
> www.yahoo.co.jp
Server:         192.168.0.99
Address:        192.168.0.99#53
Non-authoritative answer:
www.yahoo.co.jp canonical name = www.ya.gl.yahoo.co.jp.
Name:   www.ya.gl.yahoo.co.jp
Address: 203.216.247.249
> set type=MX
> example.com
Server:         192.168.0.99
Address:        192.168.0.99#53
example.com     mail exchanger = 10 reverie.example.com.
> set type=AXFR
> example.com
Server:         192.168.0.99
Address:        192.168.0.99#53
example.com
        origin = reverie.example.com
        mail addr = postmaster.example.com
        serial = 2010101901
        refresh = 10800
        retry = 3600
        expire = 604800
        minimum = 86400
example.com     mail exchanger = 10 reverie.example.com.
example.com     nameserver = reverie.example.com.
Name:   example.com
Address: 192.168.0.0
ftp.example.com canonical name = reverie.example.com.
Name:   localhost.example.com
Address: 127.0.0.1
mail.example.com        canonical name = reverie.example.com.
Name:   reverie.example.com
Address: 192.168.0.99
www.example.com canonical name = reverie.example.com.
example.com
        origin = reverie.example.com
        mail addr = postmaster.example.com
        serial = 2010101901
        refresh = 10800
        retry = 3600
        expire = 604800
        minimum = 86400
> exit
[root]# dig reverie.example.com
; <<>> DiG 9.2.1 <<>> reverie.example.com
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 16532
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;reverie.example.com.           IN      A
;; ANSWER SECTION:
reverie.example.com.    86400   IN      A       192.168.0.99
;; AUTHORITY SECTION:
example.com.            86400   IN      NS      reverie.example.com.
;; Query time: 1 msec
;; SERVER: 192.168.0.99#53(192.168.0.99)
;; WHEN: Tue Oct 19 22:28:16 2010
;; MSG SIZE rcvd: 67
[root]# dig -x 192.168.0.99
; <<>> DiG 9.2.1 <<>> -x 192.168.0.99
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 44119
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1
;; QUESTION SECTION:
;99.0.168.192.in-addr.arpa.     IN      PTR
;; ANSWER SECTION:
99.0.168.192.in-addr.arpa. 86400 IN     PTR     reverie.example.com.
;; AUTHORITY SECTION:
0.168.192.in-addr.arpa. 86400   IN      NS      reverie.example.com.
;; ADDITIONAL SECTION:
reverie.example.com.    86400   IN      A       192.168.0.99
;; Query time: 1 msec
;; SERVER: 192.168.0.99#53(192.168.0.99)
;; WHEN: Tue Oct 19 22:28:48 2010
;; MSG SIZE rcvd: 106
[root]# dig example.com mx
; <<>> DiG 9.2.1 <<>> example.com mx
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 65275
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1
;; QUESTION SECTION:
;example.com.                   IN      MX
;; ANSWER SECTION:
example.com.            86400   IN      MX      10 reverie.example.com.
;; AUTHORITY SECTION:
example.com.            86400   IN      NS      reverie.example.com.
;; ADDITIONAL SECTION:
reverie.example.com.    86400   IN      A       192.168.0.99
;; Query time: 0 msec
;; SERVER: 192.168.0.99#53(192.168.0.99)
;; WHEN: Tue Oct 19 22:30:27 2010
;; MSG SIZE rcvd: 83
[root]# dig example.com axfr
; <<>> DiG 9.2.1 <<>> example.com axfr
;; global options: printcmd
example.com.            86400   IN      SOA     reverie.example.com. postmaster.example.com. 2010101901 10800 3600 604800 86400
example.com.            86400   IN      MX      10 reverie.example.com.
example.com.            86400   IN      NS      reverie.example.com.
example.com.            86400   IN      A       192.168.0.0
ftp.example.com.        86400   IN      CNAME   reverie.example.com.
localhost.example.com. 86400   IN      A       127.0.0.1
mail.example.com.       86400   IN      CNAME   reverie.example.com.
reverie.example.com.    86400   IN      A       192.168.0.99
www.example.com.        86400   IN      CNAME   reverie.example.com.
example.com.            86400   IN      SOA     reverie.example.com. postmaster.example.com. 2010101901 10800 3600 604800 86400
;; Query time: 0 msec
;; SERVER: 192.168.0.99#53(192.168.0.99)
;; WHEN: Tue Oct 19 22:30:35 2010
;; XFR size: 11 records
[root]# tail /var/log/messages
Oct 19 22:17:37 reverie named[1455]: no IPv6 interfaces found
Oct 19 22:17:37 reverie named[1455]: listening on IPv4 interface lo, 127.0.0.1#53
Oct 19 22:17:37 reverie named[1455]: listening on IPv4 interface eth0, 192.168.0.99#53
Oct 19 22:17:37 reverie named[1455]: command channel listening on 127.0.0.1#953
Oct 19 22:17:37 reverie named[1455]: zone 0.0.127.in-addr.arpa/IN: loaded serial 2010101901
Oct 19 22:17:37 reverie named[1455]: zone 0.168.192.in-addr.arpa/IN: loaded serial 2010101901
Oct 19 22:17:37 reverie named[1455]: zone example.com/IN: loaded serial 2010101901
Oct 19 22:17:37 reverie named[1455]: running
Oct 19 22:26:26 reverie named[1455]: client 192.168.0.99#32772: transfer of 'example.com/IN': AXFR started
Oct 19 22:30:35 reverie named[1455]: client 192.168.0.99#32773: transfer of 'example.com/IN': AXFR started
[root]# dig example.com hinfo
; <<>> DiG 9.2.1 <<>> example.com hinfo
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 40241
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;example.com.                   IN      HINFO
;; AUTHORITY SECTION:
example.com.            86400   IN      SOA     reverie.example.com. postmaster.example.com. 2010101901 10800 3600 604800 86400
;; Query time: 0 msec
;; SERVER: 192.168.0.99#53(192.168.0.99)
;; WHEN: Tue Oct 19 22:32:15 2010
;; MSG SIZE rcvd: 84
[root]# dig www.yahoo.co.jp
; <<>> DiG 9.2.1 <<>> www.yahoo.co.jp
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 22639
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 3, ADDITIONAL: 3
;; QUESTION SECTION:
;www.yahoo.co.jp.               IN      A
;; ANSWER SECTION:
www.yahoo.co.jp.        430     IN      CNAME   www.ya.gl.yahoo.co.jp.
www.ya.gl.yahoo.co.jp. 60      IN      A       203.216.235.201
;; AUTHORITY SECTION:
gl.yahoo.co.jp.         430     IN      NS      gns01.net.djm.yahoo.co.jp.
gl.yahoo.co.jp.         430     IN      NS      gns02.net.bbt.yahoo.co.jp.
gl.yahoo.co.jp.         430     IN      NS      gns01.net.bbt.yahoo.co.jp.
;; ADDITIONAL SECTION:
gns01.net.bbt.yahoo.co.jp. 430 IN      A       202.93.64.132
gns01.net.djm.yahoo.co.jp. 430 IN      A       124.83.159.36
gns02.net.bbt.yahoo.co.jp. 430 IN      A       202.93.64.133
;; Query time: 22 msec
;; SERVER: 192.168.0.99#53(192.168.0.99)
;; WHEN: Tue Oct 19 22:32:31 2010
;; MSG SIZE rcvd: 197