CentOSによるサーバー構築

提供: TeaPot
移動: 案内, 検索

目次

インストール

「CentOSで自宅サーバー構築(http://centossrv.com/ )」を参考にした。

  • Language Selection→Japanese(日本語)
  • キーボード設定→日本語
  • インストールの種類→サーバー
  • ディスクパーティションの設定→自動パーティション設定
  • 自動パーティション設定→システムのすべてのパーティションを削除
  • ディスクの設定→デフォルトのまま
  • ブートローダーの設定→デフォルトのまま
  • ネットワークの設定→
    • eth0→DHCP経由で自動設定
    • eth1→手動設定localhost
  • ファイヤーウォール設定→ファイアウォールなし、SELinux無効にする
  • 追加の言語サポート→デフォルト(Japanese)のまま
  • タイムゾーンの選択→デフォルト(アジア/東京)のまま
  • Rootパスワードを設定
  • パッケージグループの選択→「開発ツール」を追加

初期設定

  • ユーザーを追加
    • useradd ユーザー名
    • passwd ユーザー名
  • telnet-serverをインストール
    • yum -y install telnet-server
    • chkconfig telnet on
    • /etc/init.d/xinetd restart
  • クライアント機からtelnetで接続
  • root宛メールを転送する
    • /etc/aliases
      最下行に「root:ユーザー名」を追加
  • newaliases

設定ファイル

/etc/dhcpd.conf

サーバーが192.168.1.1の場合。

authoritative;
ddns-update-style interim;
ignore client-updates;
 
subnet 192.168.1.0 netmask 255.255.255.0 {
 
        option routers                  192.168.1.1;
        option subnet-mask              255.255.255.0;
 
        option domain-name              "hkd.gr.jp";
        option domain-name-servers      192.168.1.1;
 
        option ip-forwarding off;
 
        option time-offset              -18000;
 
        range 192.168.1.20 192.168.1.30;
        default-lease-time 21600;
        max-lease-time 43200;
 
}

/etc/dovecot.conf

protocols = imap imaps pop3 pop3s
 
imap_listen = [::]
pop3_listen = [::]
 
login_dir = /var/run/dovecot-login
 
login = imap
 
login = pop3
 
valid_chroot_dirs = /home
 
default_mail_env = maildir:~/Maildir
 
mbox_locks = fcntl
 
auth = default
 
auth_mechanisms = plain
 
auth_userdb = passwd
 
auth_passdb = pam
 
auth_user = root

/etc/hosts

127.0.0.1		localhost.localdomain localhost
192.168.1.1		sv3.hkd.gr.jp sv3

/etc/hosts.allow

All:192.168.1.

httpd.conf

ServerTokens Prod
 
ServerRoot "/etc/httpd"
 
PidFile run/httpd.pid
 
Timeout 120
 
KeepAlive Off
 
MaxKeepAliveRequests 100
 
KeepAliveTimeout 15
 
Listen 80
 
Include conf.d/*.conf
 
User apache
Group apache
 
ServerAdmin root@localhost
 
ServerName hkd.gr.jp:80
 
UseCanonicalName Off
 
DocumentRoot "/home/www/"
 
<Directory />
    Options FollowSymLinks
    AllowOverride None
</Directory>
 
<Directory "/home/www/">
 
   Options Includes ExecCGI FollowSymLinks
 
   AllowOverride All
 
    Order allow,deny
    Allow from all
 
</Directory>
 
 
 
DirectoryIndex index.html index.htm
 
HostnameLookups Off
 
ErrorLog logs/error_log
 
LogLevel warn
 
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%{Referer}i -> %U" referer
LogFormat "%{User-agent}i" agent
 
SetEnvIf Request_URI "default\.ida" no_log
SetEnvIf Request_URI "cmd\.exe" no_log
SetEnvIf Request_URI "root\.exe" no_log
SetEnvIf Request_URI "Admin\.dll" no_log
SetEnvIf Request_URI "NULL\.IDA" no_log
SetEnvIf Remote_Addr 192.168.1 no_log
CustomLog logs/access_log combined env=!no_log
 
ServerSignature Off
 
Alias /icons/ "/var/www/icons/"
 
<Directory "/var/www/icons">
    Options MultiViews
    AllowOverride None
    Order allow,deny
    Allow from all
</Directory>
 
AddHandler cgi-script .cgi .pl

/etc/sysconfig/i18n

LANGを"ja_JP.UTF-8"にすればシステムの言語は日本語になります。

#LANG="ja_JP.UTF-8"
LANG="en_US.UTF-8"
SUPPORTED="ja_JP.UTF-8:ja_JP:ja:en_US.UTF-8:en_US:en"
SYSFONT="latarcyrheb-sun16"

/etc/sysconfig/network-scripts/ifcfg.eth0

DEVICE=eth0
BOOTPROTO=dhcp
HWADDR=00:10:C6:17:5D:57
ONBOOT=yes
TYPE=Ethernet

/etc/sysconfig/network-scripts/ifcfg.eth1

DEVICE=eth1
BOOTPROTO=static
BROADCAST=192.168.1.255
HWADDR=00:00:4C:B3:1B:C3
IPADDR=192.168.1.1
NETMASK=255.255.255.0
NETWORK=192.168.1.0
ONBOOT=yes
TYPE=Ethernet

/etc/postfix/main.cf

queue_directory = /var/spool/postfix
 
command_directory = /usr/sbin
 
daemon_directory = /usr/libexec/postfix
 
mail_owner = postfix
 
myhostname = sv3.hkd.gr.jp
 
mydomain = hkd.gr.jp
 
myorigin = $mydomain
 
inet_interfaces = all
 
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
 
unknown_local_recipient_reject_code = 550
 
alias_maps = hash:/etc/aliases
 
alias_database = hash:/etc/aliases
 
home_mailbox = Maildir/
 
 
imailbox_command = /usr/bin/procmail
 
 
 
smtpd_banner = $myhostname ESMTP unknown
 
debug_peer_level = 2
 
debugger_command =
	 PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
	 xxgdb $daemon_directory/$process_name $process_id & sleep 5
 
sendmail_path = /usr/sbin/sendmail.postfix
 
newaliases_path = /usr/bin/newaliases.postfix
 
mailq_path = /usr/bin/mailq.postfix
 
setgid_group = postdrop
 
html_directory = no
 
manpage_directory = /usr/share/man
 
sample_directory = /usr/share/doc/postfix-2.1.5/samples
 
readme_directory = /usr/share/doc/postfix-2.1.5/README_FILES

modprobe.conf

alias eth0 e100
alias eth1 e100
alias snd-card-0 snd-intel8x0
options snd-card-0 index=0
install snd-intel8x0 /sbin/modprobe --ignore-install snd-intel8x0 && /usr/sbin/alsactl restore >/dev/null 2>&1 || :
remove snd-intel8x0 { /usr/sbin/alsactl store >/dev/null 2>&1 || : ; }; /sbin/modprobe -r --ignore-remove snd-intel8x0
alias usb-controller uhci-hcd
 
alias net-pf-10 off
alias ipv6 off

/etc/my.cnf

[mysqld]
datadir=/var/lib/mysql
socket=/var/lib/mysql/mysql.sock
# Default to using old password format for compatibility with mysql 3.x
# clients (those using the mysqlclient10 compatibility package).
old_passwords=1
default-character-set = utf8
 
[mysql.server]
user=mysql
basedir=/var/lib
 
[mysqld_safe]
err-log=/var/log/mysqld.log
pid-file=/var/run/mysqld/mysqld.pid
 
[mysql]
default-character-set = utf8

named.conf

options {
	directory "/var/named";
	dump-file "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
 
        allow-query{
                    127.0.0.1;
                    192.168.1.0/24;
        };
        allow-recursion{
                    127.0.0.1;
                    192.168.1.0/24;
        };
        allow-transfer{
                    127.0.0.1;
                    192.168.1.0/24;
        };
        forwarders{
                    192.168.0.1;
        };
};
 
controls {
	inet 127.0.0.1 allow { localhost; } keys { rndckey; };
};
 
logging {
        category lame-servers { null; };
};
 
zone "." IN {
	type hint;
	file "named.ca";
};
 
zone "localdomain" IN {
	type master;
	file "localdomain.zone";
	allow-update { none; };
};
 
zone "localhost" IN {
	type master;
	file "localhost.zone";
	allow-update { none; };
};
 
zone "0.0.127.in-addr.arpa" IN {
	type master;
	file "named.local";
	allow-update { none; };
};
 
zone "0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" IN {
        type master;
	file "named.ip6.local";
	allow-update { none; };
};
 
zone "255.in-addr.arpa" IN {
	type master;
	file "named.broadcast";
	allow-update { none; };
};
 
zone "0.in-addr.arpa" IN {
	type master;
	file "named.zero";
	allow-update { none; };
};
 
include "/etc/rndc.key";
 
zone "hkd.gr.jp" IN {
        type master;
        file "hkd.gr.jp.db";
        allow-update { none; };
};
 
zone "1.168.192.in-addr.arpa" IN {
        type master;
        file "1.168.192.in-addr.arpa.db";
        allow-update { none; };
};

/etc/sysconfig/network

NETWORKING=yes
HOSTNAME=sv3
DOMAINNAME=hkd.gr.jp
GATEWAY=192.168.0.1
GATEWAYDEV=eth0
FORWARD_IPV4=yes
IPX=no
 
NOZEROCONF=yes

ntp.conf

driftfile /var/lib/ntp/drift
 
server clock.nc.fukuoka-u.ac.jp
server clock.tl.fukuoka-u.ac.jp

rc.local

touch /var/lock/subsys/local
 
/usr/local/bin/jabberd &

resolve.conf

nameserver 192.168.0.1

/etc/samba/smb.conf

[global]
	dos charset = CP932
	display charset = UTF-8
	server string = Samba Server
	log file = /var/log/samba/%m.log
	max log size = 50
	socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
	printcap name = /etc/printcap
	dns proxy = No
	idmap uid = 16777216-33554431
	idmap gid = 16777216-33554431
	hosts allow = 192.168.1., 127.
	cups options = raw
 
[homes]
	comment = Home Directories
	path = /home/%u/dir
	read only = No
	browseable = No
 
[printers]
	comment = All Printers
	path = /var/spool/samba
	printable = Yes
	browseable = No
 
[public]
	comment = Public Stuff
	path = /home/samba
	read only = No
	guest only = Yes
	guest ok = Yes
 
[www]
	comment = WWW Contents
	path = /home/www
	force user = apache
	force group = apache
	read only = No
	guest only = Yes
	guest ok = Yes
 
[pdfwriter]
	comment = PDF Writer
	path = /home/pdf/pdfwork
	guest ok = Yes
	printable = Yes
	print command = /home/pdf/bin/pdfwrite %s %m &
 
[pdfoutput]
	comment = PDF Output
	path = /home/pdf/pdfoutput
	force group = nobody
	read only = No
	create mask = 0664
	directory mask = 0775
	inherit permissions = Yes
	guest ok = Yes
 
[system]
	path = /etc
	force user = root
	force group = root

sysctl.conf

net.ipv4.ip_forward = 1
 
net.ipv4.conf.default.rp_filter = 1
 
net.ipv4.conf.default.accept_source_route = 0
 
kernel.sysrq = 0
 
kernel.core_uses_pid = 1

/etc/httpd/conf.d/webdav.conf

Alias /webdav/ "/home/webdav/"
<IfModule mod_dav.c>
    DAVMinTimeout 600
    <Location /webdav>
        DAV On
        Order deny,allow
        Deny from all
        Allow from all
    </Location>
</IfModule>
個人用ツール
名前空間

変種
操作
案内
情報
ツール