本文介绍编译安装bind与的dropbear
第一部分编译安装bind
一、本机环境
二、下载
1
|
#wget http:
//www.isc.org/downloads/file/bind-9-9-5rc2/?version=tar.gz
|
三、解压,编译
编译的时间有点长。
四、创建主配置文件
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
|
# vim /etc/named/named.conf
options {
directory
"/var/named"
;
pid-
file
"/usr/local/bind9/var/run/named.pid"
;
};
zone
"."
IN {
type
hint;
file
"named.ca"
;
};
zone
"localhost"
IN {
type
master;
file
"named.localhost"
;
allow-transfer { none; };
};
zone
"0.0.127.in-addr.arpa"
IN {
type
master;
file
"named.loopback"
;
allow-transfer { none; };
};
|
五、创建数据文件
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
|
# dig -t NS . @192.168.1.114 > /var/named/named.ca
#vim /var/named/named.localhost
$TTL 86400
@ IN SOA localhost. admin.localhost. (
2014032201
2H
10M
7D
1D )
IN NS localhost.
localhost. IN A 127.0.0.1
#vim /var/named/named.loopback
$TTL 86400
@ IN SOA localhost. admin.localhost. (
2014032201
2H
10M
7D
1D )
IN NS localhost.
1 IN PTR localhost.
|
六、导入二进入文件
1
2
|
# echo "export PATH=/usr/local/bind9/bin:/usr/local/bind9/sbin:$PATH" > /etc/profile.d/named.sh
# source /etc/profile.d/named.sh
|
七、创建用户,授权(如果没有此用户)
1
2
3
4
|
# groupadd -g 53 -r named
# useradd -g named -r named
# chown root:named /etc/named/* /var/named/*
# chmod 640 /etc/named/named.conf /var/named/*
|
八、启动,测试
1
|
# named -u named
|
八、查看启动端口
九、rndc
1
2
3
|
# rndc-confgen -r /dev/urandom > /etc/named/rndc.conf
# chown root:named /etc/named/rndc.conf
# chmod 640 /etc/named/rndc.conf
|
十、把rndc.conf中文件的后半部分(15至23行)复制到named.conf文件中并按指示启用
十一、写服务脚本
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
|
#!/bin/bash
#
# description: named daemon
# chkconfig: - 25 80
#
pidFile=
/usr/local/bind9/var/run/named
.pid
lockFile=
/var/lock/subsys/named
confFile=
/etc/named/named
.conf
[ -r
/etc/rc
.d
/init
.d
/functions
] && .
/etc/rc
.d
/init
.d
/functions
start() {
if
[ -e $lockFile ];
then
echo
"named is already running..."
exit
0
fi
echo
-n
"Starting named:"
daemon --pidfile
"$pidFile"
/usr/local/bind9/sbin/named
-u named -c
"$confFile"
RETVAL=$?
echo
if
[ $RETVAL -
eq
0 ];
then
touch
$lockFile
return
$RETVAL
else
rm
-f $lockFile $pidFile
return
1
fi
}
stop() {
if
[ ! -e $lockFile ];
then
echo
"named is stopped."
# exit 0
fi
echo
-n
"Stopping named:"
killproc named
RETVAL=$?
echo
if
[ $RETVAL -
eq
0 ];
then
rm
-f $lockFile $pidFile
return
0
else
echo
"Cannot stop named."
failure
return
1
fi
}
restart() {
stop
sleep
2
start
}
reload() {
echo
-n
"Reloading named: "
killproc named -HUP
#killall -HUP named
RETVAL=$?
echo
return
$RETVAL
}
status() {
if
pidof named &>
/dev/null
;
then
echo
-n
"named is running..."
success
echo
else
echo
-n
"named is stopped..."
success
echo
fi
}
usage() {
echo
"Usage: named {start|stop|restart|status|reload}"
}
case
$1
in
start)
start ;;
stop)
stop ;;
restart)
restart ;;
status)
status ;;
reload)
reload ;;
*)
usage
exit
4
;;
esac
|
十二、添加到开机启动列表
1
2
|
#chkconfig --add named
#chkconfig named on
|
==================================DNS编译完装到此完成==============================
第二部分 编译Dropbear
一、简介
Dropbear是一个相对较小的SSH服务器和客户端。它运行在一个基于POSIX的各种平台。 Dropbear是开源软件,在麻省理工学院式的许可证。 Dropbear是特别有用的“嵌入”式的Linux(或其他Unix)系统,如无线路由器
二、功能:
dropbear实现完整的SSH客户端和服务器版本2协议。它不支持SSH版本1 的向后兼容性,以节省空间和资源,并避免在SSH版本1的固有的安全漏洞。还实施了SCP的。SFTP支持依赖于一个二进制文件,可以通过提供的OpenSSH或类似的计划。
三、配置:
1、下载源包
1
|
# wget https://matt.ucc.asn.au/dropbear/dropbear-2014.63.tar.bz2
|
2、编译安装
1
2
3
4
5
|
# tar xf dropbear-2014.63.tar.bz2
# cd dropbear-2014.63
#./configure
# make PROGRAMS="dropbear dbclient dropbearkey scp"
# make PROGRAMS="dropbear dbclient dropbearkey scp" install
|
3、书写服务脚本
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
|
#!/bin/bash
#Description: dropbear ssh server script
#chkconfig: 2345 99 9
RunLevel=0
lock_file=
/var/lock/subsys/dropbear
dropbear=
/usr/local/sbin/dropbear
dss_key=
/etc/dropbear/dropbear_dss_host_key
rsa_key=
/etc/dropbear/dropbear_rsa_host_key
pid_file=
/var/run/dropbear
.pid
dropbearkey=
/usr/local/bin/dropbearkey
[ -r
/etc/rc
.d
/init
.d
/functions
] &&
source
/etc/rc
.d
/init
.d
/functions
[ -r
/etc/sysconfig/dropbear
] &&
source
/etc/sysconfig/dropbear
port=${port:-22722}
keysize=${keysize:-2048}
gendsskey() {
[ -d
/etc/dropbear
] ||
mkdir
/etc/dropbear
&>
/dev/null
if
[ ! -e $dss_key ];
then
echo
-n
" dsskey create..."
$dropbearkey -t dss -f $dss_key &>
/dev/null
RunLevel=$?
if
[ $RunLevel -
eq
0 ];
then
success
echo
return
0
else
failure
echo
return
1
fi
else
echo
-e
" \033[35mfile exist:\033[0m$dss_key"
fi
}
genrsakey() {
[ -d
/etc/dropbear
] ||
mkdir
/etc/dropbear
&>
/dev/null
if
[ ! -e $rsa_key ];
then
echo
-n
" rsakey create..."
$dropbearkey -t rsa -s $keysize -f $rsa_key &>
/dev/null
RunLevel=$?
if
[ $RunLevel -
eq
0 ];
then
success
echo
return
0
else
failure
echo
return
1
fi
else
echo
-e
" \033[35mfile exist:\033[0m$rsa_key"
fi
}
start()
{
[
"$EUID"
!=
"0"
] &&
exit
10
[ -x $dropbear ] ||
exit
5
start_port=`
netstat
-an |
grep
LISTEN |
grep
":$port"
`
if
[
"$start_port"
!=
""
];
then
echo
-
ne
" \033[35mdropbear daemon is already running..\033[0m"
success
echo
exit
0
fi
echo
-
ne
" \033[35mStarting dropbear service .....\033[0m"
daemon --pidfile=
"$pid_file"
$dropbear -p $port -d $dss_key -r $rsa_key
RunLevel=$?
echo
([ $RunLevel -
eq
0 ] &&
touch
$lock_file &&
return
0 ) || (
rm
-rf $lock_file $pid_file &&
return
1 )
}
stop()
{
[
"$EUID"
!=
"0"
] &&
exit
10
start_port=`
netstat
-an |
grep
LISTEN |
grep
":$port"
`
if
[
"$start_port"
==
""
];
then
echo
-
ne
" \033[35mdropbear service not Starting..\033[0m"
success
echo
return
1
fi
echo
-
ne
" \033[35mStopping dropbear service\033[0m"
killproc dropbear
RunLevel=$?
echo
if
[[ $RunLevel -
eq
0 ]];
then
rm
-rf $lock_file $pid_file $dss_key $rsa_key
return
0
else
return
1
fi
}
reload()
{
echo
-n $
"Reloading dropbear: "
killproc -p $pid_file $dropbear -HUP
RunLevel=$?
echo
}
restart() {
stop
start
}
status () {
start_port=`
netstat
-an |
grep
LISTEN |
grep
":$port"
`
if
[[ $start_port !=
""
]];
then
echo
-e
"\033[35mdropbear is running..\033[0m"
#statements
else
echo
-e
"\033[35mcurrent dropbear is Stopping..\033[0m"
fi
}
case
"$1"
in
start)
genrsakey
gendsskey
start
;;
stop)
stop
;;
restart)
restart
;;
reload)
reload
;;
status)
status
;;
*)
echo
$
"Usage: $0 {start|stop|restart|reload|status|}"
RunLevel=2
esac
exit
$RunLevel
|
配置参数文件
1
2
3
|
#vim /etc/sysconfig/dropbear
keysize=2048
port=22722
|
授权,添加开机启动
1
2
|
# chmod +x /etc/init.d/dropbear
# chkconfig --add dropbear
|
启动服务
连接测试
查看进程树,是否是由dropbear连接
注:
在此次dropbear编译安装生成的文件都是使用默认路径安装,如果要自定义可以使用./configure --help查看相关属性。
有了这个工具,就可以在特殊的环境替换ssh了a_c
=======================================完===============================================
PS:
1、这是补上次DNS未写的部分之一
2、下次将补上DNS的View与Rndc
明天还要上课,果断的去睡了,各位晚安.GN