• Aucun résultat trouvé

Séquence 8 - Bases des réseaux - suite

N/A
N/A
Protected

Academic year: 2022

Partager "Séquence 8 - Bases des réseaux - suite"

Copied!
8
0
0

Texte intégral

(1)

Universit´ e de CAEN Licence d’informatique

U.F.R. de Sciences Semestre 5- EI51 - R´ eseau

S´ equence 8 - Bases des r´ eseaux - suite

Jean.Saquet@info.unicaen.fr, Gaetan.Richard@info.unicaen.fr

1 Introduction

Le T.P. pr´evoit l’installation d’un serveur FTP, d’un serveur de mail et tous les tests associ´es. Ce texte `a essentiellement pour but de bien comprendre l’organisation d’un syst`eme Linux, ainsi que de regarder les fichiers de configuration des serveurs, afin de pr´eparer le T.P. Il donne ´egalement quelques renseignements sur la configuration du serveur web Apache.

Les deux premi`eres sections rappellent les grandes lignes de l’organisation de l’arborescence des fichiers et de la configuration r´eseau. La section suivante indique comment maintenir une distribution Linux Dabian.

Les derni`eres sections pr´esentent Proftp et ses fichiers de configuration, ainsi que les principes d’un serveur de mail et la configuration d’Apache.

2 Organisation d’une distribution Linux

Une distribution Linux est d´efinie au travers d’un arborescence, telle que : – la configuration des services et du syst`eme est d´efinie dans /etc/

– Les r´epertoires utilisateurs sont g´en´eralement d´efinis dans /home/

– le r´epertoire du super-utilisateur est d´efini dans /root/

– les p´eriph´eriques sont d´efinis dans /dev/

– le noyau de d´emarrage est install´e dans /boot/

– les programmes, de mani`ere g´en´erale, sont install´es dans /usr/

3 Configuration d’un r´ eseau

La configuration r´eseau d´epend des fichiers suivants :

– la configuration r´eseau se fait dans le fichier /etc/network/interfaces – la configuration du client dhcp se fait dans /etc/dhclient.conf – le DNS s’inscrit dans /etc/resolv.conf

– le nom de la machine s’inscrit dans /etc/hostname

– la correspondances statiques de noms d’hˆotes se fait dans /etc/hosts

4 Maintenance d’un syst` eme Linux

La maintenance d’un syst`eme Linux repose sur la commande apt-get. Cette commande peut ˆetre appel´ee `a partir des commandes de plus haut niveau dselect, aptitude et synaptic. Les deux premi`eres fonctionnent en mode texte et la troisi`eme en mode graphique. Les programmes sont organis´es sous forme de paquets avec notion de d´ependance entre paquets lorsqu’un programme d´epend d’un autre pour son bon fonctionnement.

Comment installer un paquet : apt-get install<nom du paquet>

Si un paquet n’est pas trouv´e car <nom du paquet> ne correspond pas `a la v´eritable d´enomination du paquet, alors, il est possible de le rechercher de 2 mani`eres :

(2)

– si apt-file est install´e : apt-file search<nom du paquet>(pour l’installer : apt-get install apt-file, suivi de apt-file update)

– interrogation `a http ://www.debian.org/distrib/packages apt-get install <nom du paquet>

Pour mettre `a jour la liste des paquets disponibles, ex´ecutez la commande : apt-get update

5 Exemple de service : Proftpd

5.1 Installation

Le service s’installe comme suit : apt-get install proftpd

Son accessibilit´e peut ˆetre test´ee en mode utilisateur identifi´e `a partir d’un poste de travail, avec le client ftp commande-ligne ou bien un logiciel graphique tel que gftp.

5.2 Configuration

Le fichier de configuration se situe dans /etc/proftpd.conf. Il est fourni en annexe A.

Essayez d’expliquer le rˆole des lignes propos´ees.

6 Serveur de mail

Une installation de serveur de mail doit comporter au moins un “MTA” (Mail Transfer Agent) associ´e `a un domaine Internet. Il utilise le protocole smtp pour dialoguer avec un client qui lui envoie des mails, ainsi que pour les communications avec les MTA des autres domaines. Normalement, la machine qui supporte ce MTA est d´eclar´ee dans un enregistrement “MX” du DNS du domaine (nous ne le ferons pas ici pour des domaines qui n’ont pas d’existence officielle). En annexe B, le fichier qui enregistre la configuration d’Exim.

Chaque variable correspond `a la r´eponse `a une question pos´ee lors de l’installation ou la r´e-installation d’exim. Essayez de pr´eciser leur rˆole.

L’application “historique”mailpermet `a un utilisateur de dialoguer avec le MTA. Afin d’offrir `a l’utilisateur des interfaces plus ´evolu´ees, nous installerons un serveur pop, un webmail. Par ailleurs, nous testerons

´

egalement la r´ecup´eration de courriers d’autres domaines, les relais inter-domaines, ...

7 serveur Apache

En annexe C, quelques extraits du fichier de configuration d’Apache. Essayez de comprendre quelles sont les fonctionnalit´es configur´ees et leurs possibilit´es.

8 Annexe A : fichier de configuration de Proftp

# This is a basic ProFTPD configuration file (rename it to

# ’proftpd.conf’ for actual use. It establishes a single server

# and a single anonymous login. It assumes that you have a user/group

# "nobody/nogroup" and "ftp" for normal operation and anon.

ServerName "Debian"

ServerType standalone

(3)

DeferWelcome off MultilineRFC2228 on DefaultServer on ShowSymlinks on AllowOverwrite on TimeoutNoTransfer 600 TimeoutStalled 600 TimeoutIdle 1200

DisplayLogin welcome.msg

DisplayFirstChdir .message

ListOptions "-l"

DenyFilter \*.*/

# Uncomment this if you are using NIS or LDAP to retrieve passwords:

#PersistentPasswd off

# Uncomment this if you would use TLS module:

#TLSEngine on

# Uncomment this if you would use quota module:

#Quotas on

# Uncomment this if you would use ratio module:

#Ratios on

# Port 21 is the standard FTP port.

Port 21

# To prevent DoS attacks, set the maximum number of child processes

# to 30. If you need to allow more than 30 concurrent connections

# at once, simply increase this value. Note that this ONLY works

# in standalone mode, in inetd mode you should use an inetd server

# that allows you to limit maximum number of processes per service

# (such as xinetd) MaxInstances 30

# Set the user and group that the server normally runs at.

User nobody Group nogroup

<Directory /*>

# Umask 022 is a good standard umask to prevent new files and dirs

# (second parm) from being group and world writable.

Umask 022 022

# Normally, we want files to be overwriteable.

AllowOverwrite off

</Directory>

# A basic anonymous configuration, no upload directories.

# <Anonymous ~ftp>

# User ftp

# Group nogroup

# # We want clients to be able to login with "anonymous" as well as "ftp"

# UserAlias anonymous ftp

#

(4)

# RequireValidShell off

#

# # Limit the maximum number of anonymous logins

# MaxClients 20

#

# # We want ’welcome.msg’ displayed at login, and ’.message’ displayed

# # in each newly chdired directory.

# DisplayLogin welcome.msg

# DisplayFirstChdir .message

#

# # Limit WRITE everywhere in the anonymous chroot

# <Directory *>

# <Limit WRITE>

# DenyAll

# </Limit>

# </Directory>

#

# # # Uncomment this if you’re brave.

# # <Directory incoming>

# # # Umask 022 is a good standard umask to prevent new files and dirs

# # # (second parm) from being group and world writable.

# # Umask 022 022

# # <Limit READ WRITE>

# # DenyAll

# # </Limit>

# # <Limit STOR>

# # AllowAll

# # </Limit>

# # </Directory>

#

# </Anonymous>

9 Annexe B : exim4

# /etc/exim4/update-exim4.conf.conf

#

# Edit this file and /etc/mailname by hand and execute update-exim4.conf

# yourself or use ’dpkg-reconfigure exim4-config’

#

# Please note that this is _not_ a dpkg-conffile and that automatic changes

# to this file might happen. The code handling this will honor your local

# changes, so this is usually fine, but will break local schemes that mess

# around with multiple versions of the file.

#

# update-exim4.conf uses this file to determine variable values to replace

# the DEBCONFsomethingDEBCONF strings in the configuration template files.

#

# Most settings found in here do have corresponding questions in the

# Debconf configuration, but not all of them.

#

# This is a Debian specific file dc_eximconfig_configtype=’local’

dc_other_hostnames=’coing.info.unicaen.fr’

dc_local_interfaces=’127.0.0.1’

dc_readhost=’’

dc_relay_domains=’’

(5)

dc_minimaldns=’false’

dc_relay_nets=’’

dc_smarthost=’’

CFILEMODE=’644’

dc_use_split_config=’false’

dc_hide_mailname=’’

dc_mailname_in_oh=’true’

10 Annexe C : extrait du fichier de configuration d’Apache

##

## httpd.conf -- Apache HTTP server configuration file

##

#

# Based upon the NCSA server configuration files originally by Rob McCool.

#

# This is the main Apache server configuration file. It contains the

# configuration directives that give the server its instructions.

# See <URL:http://httpd.apache.org/docs/> for detailed information about

# the directives.

#

# Do NOT simply read the instructions in here without understanding

# what they do. They’re here only as hints or reminders. If you are unsure

# consult the online docs. You have been warned.

# The configuration directives are grouped into three basic sections:

# 1. Directives that control the operation of the Apache server process as a

# whole (the ’global environment’).

# 2. Directives that define the parameters of the ’main’ or ’default’ server,

# which responds to requests that aren’t handled by a virtual host.

# These directives also provide default values for the settings

# of all virtual hosts.

# 3. Settings for virtual hosts, which allow Web requests to be sent to

# different IP addresses or hostnames and have them handled by the

# same Apache server process.

#

### Section 1: Global Environment

# ServerType is either inetd, or standalone. Inetd mode is only supported on

# Unix platforms.

#

ServerType standalone

#

# ServerRoot: The top of the directory tree under which the server’s

# configuration, error, and log files are kept.

#

# NOTE! If you intend to place this on an NFS (or otherwise network)

# mounted filesystem then please read the LockFile documentation

# (available at <URL:http://www.apache.org/docs/mod/core.html#lockfile>);

# you will save yourself a lot of trouble.

#

ServerRoot "/usr"

#

# Timeout: The number of seconds before receives and sends time out.

#

Timeout 300

#

# KeepAlive: Whether or not to allow persistent connections (more than

(6)

# one request per connection). Set to "Off" to deactivate.

#

KeepAlive On

# Limit on total number of servers running, i.e., limit on the number

# of clients who can simultaneously connect --- if this limit is ever

# reached, clients will be LOCKED OUT, so it should NOT BE SET TOO LOW.

# It is intended mainly as a brake to keep a runaway server from taking

# the system with it as it spirals down...

#

MaxClients 150

# Note: The order in which modules are loaded is important. Don’t change

# the order below without expert advice.

#

# Example:

# LoadModule foo_module libexec/mod_foo.so

LoadModule includes_module libexec/httpd/mod_include.so LoadModule autoindex_module libexec/httpd/mod_autoindex.so LoadModule dir_module libexec/httpd/mod_dir.so LoadModule cgi_module libexec/httpd/mod_cgi.so LoadModule imap_module libexec/httpd/mod_imap.so LoadModule alias_module libexec/httpd/mod_alias.so LoadModule userdir_module libexec/httpd/mod_userdir.so LoadModule php4_module libexec/httpd/libphp4.so ClearModuleList

AddModule mod_include.c AddModule mod_autoindex.c AddModule mod_alias.c AddModule mod_dir.c AddModule mod_cgi.c AddModule mod_imap.c AddModule mod_userdir.c AddModule mod_php4.c

### Section 2: ’Main’ server configuration

#

# Port: The port to which the standalone server listens. For

# ports < 1023, you will need httpd to be run as root initially.

# Port 80 User www Group www

# ServerName allows you to set a host name which is sent back to clients for

# your server if it’s different than the one the program would get (i.e., use

# "www" instead of the host’s real name).

#

#ServerName new.host.name

# DocumentRoot: The directory out of which you will serve your

# documents. By default, all requests are taken from this directory, but

# symbolic links and aliases may be used to point to other locations.

#

DocumentRoot "/Library/WebServer/Documents"

#

# Each directory to which Apache has access, can be configured with respect

# to which services and features are allowed and/or disabled in that

# directory (and its subdirectories).

#

# First, we configure the "default" to be a very restrictive set of

# permissions.

#

<Directory />

Options FollowSymLinks

(7)

AllowOverride None

</Directory>

#

# This should be changed to whatever you set DocumentRoot to.

#

<Directory "/Library/WebServer/Documents">

#

# This may also be "None", "All", or any combination of "Indexes",

# "Includes", "FollowSymLinks", "ExecCGI", or "MultiViews".

#

Options Indexes FollowSymLinks MultiViews

#

# Controls who can get stuff from this server.

#

Order allow,deny Allow from all

</Directory>

# UserDir: The name of the directory which is appended onto a user’s home

# directory if a ~user request is received.

#

<IfModule mod_userdir.c>

UserDir Sites

</IfModule>

# Control access to UserDir directories. The following is an example

# for a site where these directories are restricted to read-only.

#

<Directory /Users/*/Sites>

AllowOverride FileInfo AuthConfig Limit

Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec ExecCGI

# <Limit GET POST OPTIONS PROPFIND>

# Order allow,deny

# Allow from all

# </Limit>

# <LimitExcept GET POST OPTIONS PROPFIND>

# Order deny,allow

# Deny from all

# </LimitExcept>

</Directory>

#

# DirectoryIndex: Name of the file or files to use as a pre-written HTML

# directory index. Separate multiple entries with spaces.

#

<IfModule mod_dir.c>

DirectoryIndex index.html

</IfModule>

# DefaultType is the default MIME type the server will use for a document

# if it cannot otherwise determine one, such as from filename extensions.

# If your server contains mostly text or HTML documents, "text/plain" is

# a good value. If most of your content is binary, such as applications

# or images, you may want to use "application/octet-stream" instead to

# keep browsers from trying to display binary files as though they are

# text.

#

DefaultType text/plain

<IfModule mod_alias.c>

# ScriptAlias: This controls which directories contain server scripts.

# ScriptAliases are essentially the same as Aliases, except that

# documents in the realname directory are treated as applications and

# run by the server when requested rather than as documents sent to the client.

(8)

# The same rules about trailing "/" apply to ScriptAlias directives as to

# Alias.

#

ScriptAlias /cgi-bin/ "/Library/WebServer/CGI-Executables/"

#

# "/Library/WebServer/CGI-Executables" should be changed to whatever your ScriptAli ased

# CGI directory exists, if you have that configured.

#

<Directory "/Library/WebServer/CGI-Executables">

AllowOverride None Options None Order allow,deny Allow from all

</Directory>

</IfModule>

# End of aliases.

# To use CGI scripts:

AddHandler cgi-script .cgi

### Section 3: Virtual Hosts

#

# VirtualHost: If you want to maintain multiple domains/hostnames on your

# machine you can setup VirtualHost containers for them. Most configurations

# use only name-based virtual hosts so the server doesn’t need to worry about

# IP addresses. This is indicated by the asterisks in the directives below.

#

# Please see the documentation at <URL:http://www.apache.org/docs/vhosts/>

# for further details before you try to setup virtual hosts.

#

# You may use the command line option ’-S’ to verify your virtual host

# configuration.

#

# Use name-based virtual hosting.

#

#NameVirtualHost *:80

#

# VirtualHost example:

# Almost any Apache directive may go into a VirtualHost container.

# The first VirtualHost section is used for requests without a known

# server name.

#

#<VirtualHost *:80>

# ServerAdmin webmaster@dummy-host.example.com

# DocumentRoot /www/docs/dummy-host.example.com

# ServerName dummy-host.example.com

# ErrorLog logs/dummy-host.example.com-error_log

# CustomLog logs/dummy-host.example.com-access_log common

#</VirtualHost>

<IfModule mod_php4.c>

# If php is turned on, we repsect .php and .phps files.

AddType application/x-httpd-php .php

AddType application/x-httpd-php-source .phps

# Since most users will want index.php to work we

# also automatically enable index.php

<IfModule mod_dir.c>

DirectoryIndex index.html index.php

</IfModule>

</IfModule>

Références

Documents relatifs

Créez un lien ODBC (aller dans le panneau de configuration, outils d'administration, sources de données (ODBC), onglet sources de données utilisateur, et créez une nouvelle source

(pour l’anglais tranSLATe) remplace le contenu actuel du registre al par l’octet d’un tableau de 256 octets d’indice indiqu´e dans al. L’adresse du d´ebut de la table

Cette technique d’adressage permet d’acc´eder successivement aux ´el´ements d’un bloc, appel´e table dans ce contexte : la constante est l’adresse du d´ebut de la table et

Le script accounts.py crée automatiquement un tel lien symbolique, lequel pointe vers un fichier qui s'appelle lui aussi background et qui est censé se trouver dans le

Dans notre cas, afin de faciliter l’installation de SQL Server 2012 sur les 3 serveurs, nous avons sélectionné un serveur avec une interface graphique et nous avons lancé la

Utiliser un programme d'émulation de terminal pour sauvegarder et restaurer une configuration Effectuer une sauvegarde automatique de configuration en utilisant la méthode

Après une vérification des paramètres du serveur entrant (celui qui permet de recevoir vos courriels), il s’agira de paramétrer le serveur sortant (celui qui permet d’envoyer

Q16 : Configurez votre serveur pour qu’il puisse héberger un autre site (site virtuel) appelé «test» dont l'arborescence (répertoire racine du site) se trouve dans le