本文介绍编译安装bind与的dropbear
第一部分编译安装bind
一、本机环境
二、下载
#wget http://www.isc.org/downloads/file/bind-9-9-5rc2/?version=tar.gz
三、解压,编译
编译的时间有点长。
四、创建主配置文件
# vim /etc/named/named.conf
options {
directory "/var/named";
pid-file "/usr/local/bind9/var/run/named.pid";
};
zone "." IN {
type hint;
file "named.ca";
};
zone "localhost" IN {
type master;
file "named.localhost";
allow-transfer { none; };
};
zone "0.0.127.in-addr.arpa" IN {
type master;
file "named.loopback";
allow-transfer { none; };
};五、创建数据文件
# dig -t NS . @192.168.1.114 > /var/named/named.ca
#vim /var/named/named.localhost
$TTL 86400
@ IN SOA localhost. admin.localhost. (
2014032201
2H
10M
7D
1D )
IN NS localhost.
localhost. IN A 127.0.0.1
#vim /var/named/named.loopback
$TTL 86400
@ IN SOA localhost. admin.localhost. (
2014032201
2H
10M
7D
1D )
IN NS localhost.
1 IN PTR localhost.六、导入二进入文件
# echo "export PATH=/usr/local/bind9/bin:/usr/local/bind9/sbin:$PATH" > /etc/profile.d/named.sh # source /etc/profile.d/named.sh
七、创建用户,授权(如果没有此用户)
# groupadd -g 53 -r named # useradd -g named -r named # chown root:named /etc/named/* /var/named/* # chmod 640 /etc/named/named.conf /var/named/*
八、启动,测试
# named -u named
八、查看启动端口
九、rndc
# rndc-confgen -r /dev/urandom > /etc/named/rndc.conf # chown root:named /etc/named/rndc.conf # chmod 640 /etc/named/rndc.conf
十、把rndc.conf中文件的后半部分(15至23行)复制到named.conf文件中并按指示启用
十一、写服务脚本
#!/bin/bash
#
# description: named daemon
# chkconfig: - 25 80
#
pidFile=/usr/local/bind9/var/run/named.pid
lockFile=/var/lock/subsys/named
confFile=/etc/named/named.conf
[ -r /etc/rc.d/init.d/functions ] && . /etc/rc.d/init.d/functions
start() {
if [ -e $lockFile ]; then
echo "named is already running..."
exit 0
fi
echo -n "Starting named:"
daemon --pidfile "$pidFile" /usr/local/bind9/sbin/named -u named -c "$confFile"
RETVAL=$?
echo
if [ $RETVAL -eq 0 ]; then
touch $lockFile
return $RETVAL
else
rm -f $lockFile $pidFile
return 1
fi
}
stop() {
if [ ! -e $lockFile ]; then
echo "named is stopped."
# exit 0
fi
echo -n "Stopping named:"
killproc named
RETVAL=$?
echo
if [ $RETVAL -eq 0 ];then
rm -f $lockFile $pidFile
return 0
else
echo "Cannot stop named."
failure
return 1
fi
}
restart() {
stop
sleep 2
start
}
reload() {
echo -n "Reloading named: "
killproc named -HUP
#killall -HUP named
RETVAL=$?
echo
return $RETVAL
}
status() {
if pidof named &> /dev/null; then
echo -n "named is running..."
success
echo
else
echo -n "named is stopped..."
success
echo
fi
}
usage() {
echo "Usage: named {start|stop|restart|status|reload}"
}
case $1 in
start)
start ;;
stop)
stop ;;
restart)
restart ;;
status)
status ;;
reload)
reload ;;
*)
usage
exit 4
;;
esac十二、添加到开机启动列表
#chkconfig --add named #chkconfig named on
==================================DNS编译完装到此完成==============================
第二部分 编译Dropbear
一、简介
Dropbear是一个相对较小的SSH服务器和客户端。它运行在一个基于POSIX的各种平台。 Dropbear是开源软件,在麻省理工学院式的许可证。 Dropbear是特别有用的“嵌入”式的Linux(或其他Unix)系统,如无线路由器
二、功能:
dropbear实现完整的SSH客户端和服务器版本2协议。它不支持SSH版本1 的向后兼容性,以节省空间和资源,并避免在SSH版本1的固有的安全漏洞。还实施了SCP的。SFTP支持依赖于一个二进制文件,可以通过提供的OpenSSH或类似的计划。
三、配置:
1、下载源包
# wget https://matt.ucc.asn.au/dropbear/dropbear-2014.63.tar.bz2
2、编译安装
# tar xf dropbear-2014.63.tar.bz2 # cd dropbear-2014.63 #./configure # make PROGRAMS="dropbear dbclient dropbearkey scp" # make PROGRAMS="dropbear dbclient dropbearkey scp" install
3、书写服务脚本
#!/bin/bash
#Description: dropbear ssh server script
#chkconfig: 2345 99 9
RunLevel=0
lock_file=/var/lock/subsys/dropbear
dropbear=/usr/local/sbin/dropbear
dss_key=/etc/dropbear/dropbear_dss_host_key
rsa_key=/etc/dropbear/dropbear_rsa_host_key
pid_file=/var/run/dropbear.pid
dropbearkey=/usr/local/bin/dropbearkey
[ -r /etc/rc.d/init.d/functions ] && source /etc/rc.d/init.d/functions
[ -r /etc/sysconfig/dropbear ] && source /etc/sysconfig/dropbear
port=${port:-22722}
keysize=${keysize:-2048}
gendsskey() {
[ -d /etc/dropbear ] || mkdir /etc/dropbear &> /dev/null
if [ ! -e $dss_key ];then
echo -n " dsskey create..."
$dropbearkey -t dss -f $dss_key &> /dev/null
RunLevel=$?
if [ $RunLevel -eq 0 ]; then
success
echo
return 0
else
failure
echo
return 1
fi
else
echo -e " \033[35mfile exist:\033[0m$dss_key"
fi
}
genrsakey() {
[ -d /etc/dropbear ] || mkdir /etc/dropbear &> /dev/null
if [ ! -e $rsa_key ];then
echo -n " rsakey create..."
$dropbearkey -t rsa -s $keysize -f $rsa_key &> /dev/null
RunLevel=$?
if [ $RunLevel -eq 0 ];then
success
echo
return 0
else
failure
echo
return 1
fi
else
echo -e " \033[35mfile exist:\033[0m$rsa_key"
fi
}
start()
{
[ "$EUID" != "0" ] && exit 10
[ -x $dropbear ] || exit 5
start_port=`netstat -an | grep LISTEN | grep ":$port" `
if [ "$start_port" != "" ];then
echo -ne " \033[35mdropbear daemon is already running..\033[0m"
success
echo
exit 0
fi
echo -ne " \033[35mStarting dropbear service .....\033[0m"
daemon --pidfile="$pid_file" $dropbear -p $port -d $dss_key -r $rsa_key
RunLevel=$?
echo
([ $RunLevel -eq 0 ] && touch $lock_file && return 0 ) || ( rm -rf $lock_file $pid_file && return 1 )
}
stop()
{
[ "$EUID" != "0" ] && exit 10
start_port=`netstat -an | grep LISTEN | grep ":$port" `
if [ "$start_port" == "" ];then
echo -ne " \033[35mdropbear service not Starting..\033[0m"
success
echo
return 1
fi
echo -ne " \033[35mStopping dropbear service\033[0m"
killproc dropbear
RunLevel=$?
echo
if [[ $RunLevel -eq 0 ]]; then
rm -rf $lock_file $pid_file $dss_key $rsa_key
return 0
else
return 1
fi
}
reload()
{
echo -n $"Reloading dropbear: "
killproc -p $pid_file $dropbear -HUP
RunLevel=$?
echo
}
restart() {
stop
start
}
status () {
start_port=`netstat -an | grep LISTEN | grep ":$port" `
if [[ $start_port != "" ]]; then
echo -e "\033[35mdropbear is running..\033[0m"
#statements
else
echo -e "\033[35mcurrent dropbear is Stopping..\033[0m"
fi
}
case "$1" in
start)
genrsakey
gendsskey
start
;;
stop)
stop
;;
restart)
restart
;;
reload)
reload
;;
status)
status
;;
*)
echo $"Usage: $0 {start|stop|restart|reload|status|}"
RunLevel=2
esac
exit $RunLevel配置参数文件
#vim /etc/sysconfig/dropbear keysize=2048 port=22722
授权,添加开机启动
# chmod +x /etc/init.d/dropbear # chkconfig --add dropbear
启动服务
连接测试
查看进程树,是否是由dropbear连接
注:
在此次dropbear编译安装生成的文件都是使用默认路径安装,如果要自定义可以使用./configure --help查看相关属性。
有了这个工具,就可以在特殊的环境替换ssh了a_c
=======================================完===============================================
PS:
1、这是补上次DNS未写的部分之一
2、下次将补上DNS的View与Rndc
明天还要上课,果断的去睡了,各位晚安.GN
