■VyattaをSqueezeと同様に構築する
ドメインもIPも後で変更すれば良いので、ひとまず普通に入るかチェック。
NTPサーバは既にあるので、セキュリティなしの単純なメール、Web、DNSを導入する。
vyatta6.4をセキュアなsqueezeとして使う
http://d.hatena.ne.jp/labunix/20120714
■postfix
$ hostname -f
vyatta64
$ sudo apt-get install -y postfix
$ sudo apt-get install -y bsd-mailx
$ grep alias /etc/postfix/main.cf
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
$ cat /etc/transport
vyatta64 :
* :
$ grep transport /etc/postfix/main.cf
transport_maps = hash:/etc/transport
$ sudo postmap /etc/transport
$ sudo /etc/init.d/postfix reload
$ sudo dpk-reconfigure postfix
$ echo "test" | mail -s "Test Mail" vyatta@vyatta64
$ sudo mail -u vyatta
Mail version 8.1.2 01/15/2001. Type ? for help.
"/var/mail/vyatta": 1 message 1 new
>N 1 "labunix@vyatta64 Sat Jul 28 03:33 14/446 Test Mail
■Apache2の導入
$ sudo apt-get install -y apache2
$ grep "DocumentRoot" /etc/apache2/sites-available/default
DocumentRoot /var/www
$ sudo mv /var/www/index.html /var/www/index.html.bak
$ echo '<html><head><title>Test</title></head>
<body>
Hello World
</body>
</html>' | sudo tee -a /var/www/index.html
<html><head><title>Test</title></head>
<body>
Hello World
</body>
</html>
$ w3m -dump /var/www/index.html
Hello World
$ w3m -dump -no-proxy http://localhost
Hello World
$ w3m -dump -no-proxy http://vyatta64
Hello World
■DNSの導入
$ sudo apt-get install -y bind9
$ sudo cp -pi /etc/bind/named.conf.options /etc/bind/named.conf.options.org
■bindログの設定(managed-keys.bindも)
$ diff /etc/bind/named.conf.options /etc/bind/named.conf.options.org
1,12d0
< logging {
< channel "default-log" {
< file "/var/log/bind/bind.log" versions 10 size 100k;
< severity info;
< print-time yes;
< print-severity yes;
< print-category yes;
< };
<
< category default { "default-log"; };
< category lame-servers { null; };
< };
30c18
< //listen-on-v6 { any; };
---
> listen-on-v6 { any; };
$ sudo mkdir /var/log/bind
$ sudo touch /var/log/bind/bind.log
$ grep bind /etc/passwd > /dev/null && echo "ok"
ok
$ sudo chown -R bind:bind /var/log/bind
$ ls -l /var/log/bind/ | awk '{print $3,$4}'
bind bind
$ sudo touch /var/cache/bind/managed-keys.bind
$ sudo chown -R bind:bind /var/cache/bind
$ sudo named-checkconf && sudo /etc/init.d/bind9 restart
$ sudo named-checkconf && sudo /etc/init.d/bind9 restart
Stopping domain name service...: bind9 waiting for pid 9450 to die.
Starting domain name service...: bind9.
labunix@vyatta64:~$ sudo tail -f /var/log/bind/bind.log
28-Jul-2012 03:56:43.053 general: info: zone 0.in-addr.arpa/IN: loaded serial 1
28-Jul-2012 03:56:43.053 general: info: zone 127.in-addr.arpa/IN: loaded serial 1
28-Jul-2012 03:56:43.054 general: info: zone 255.in-addr.arpa/IN: loaded serial 1
28-Jul-2012 03:56:43.055 general: info: zone localhost/IN: loaded serial 2
28-Jul-2012 03:56:43.056 general: info: managed-keys-zone ./IN: loaded serial 0
28-Jul-2012 03:56:43.059 general: notice: running
$ nslookup localhost localhost
Server: 127.0.0.1
Address 1: 127.0.0.1 localhost
Name: localhost
Address 1: 127.0.0.1 localhost
$ sudo apt-get install -y dnsutils
$ dig localhost @localhost
; <<>> DiG 9.7.3 <<>> localhost @localhost
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 8316
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1
;; QUESTION SECTION:
;localhost. IN A
;; ANSWER SECTION:
localhost. 604800 IN A 127.0.0.1
;; AUTHORITY SECTION:
localhost. 604800 IN NS localhost.
;; ADDITIONAL SECTION:
localhost. 604800 IN AAAA ::1
;; Query time: 9 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Sat Jul 28 03:59:29 2012
;; MSG SIZE rcvd: 85