LinuxBegin.ru - �� FreeBSD 4.x

LinuxBegin	��	��	��
�� �� Windows-�� Linux (en) �� "OS Linux �� " ��	�� Linux Linux Navigator �� , �� GNU/Linux �� Linux LNAG ��	LinuxHumor (en) Linux Wallpapers Linux Tips & Tricks �� Xoid26 homepage �� (big)	�� �� , � �.�. �� �� �� Email

��

• �� Linux
• �� Linux
• ��
• �� Windows �� Linux (Nowindows)
• ��, HOWTO, FAQ
• Hardware � ��
• ��
• �� Windows-�� Linux. ��.
• �� >>

�� 

��

Top 10

�� – �� (49)	2249
�� ASPLinux 9 Ural Express Edit... (18)	1445
�� Red Hat Linux... (0)	1197
�� : "Linux - �� " (��... (10)	1189
�� - �� ... (0)	1187
�� : �� 1 + �� 2 (3)	1181
�� (26)	1100
�� Linux, �� (11)	1054
�� (0)	989
Linux �� Windows � �� ... (5)	989

�� 

• Rus-linux.net.
• *nix project.
• Atmsk.ru.
• ~t-alex.
• �� >>

�� FreeBSD 4.x
(�� , ��, samba, ...)

- �� .�, 16.09.2003, Vlankas.ru -

�� FreeBSD 4.4-4.8 (Midnight Commander), PROXY (FireWall, Squid, SquidGuard), WEB (Apache, MySQL, Nuke) c ��!

��! ��, �� ޣ�-�� !

��

��.

�� "��".

1.�� FreeBSD.

1.1. �� Midnight Commander (��ݣ�� MC).

1.2. �� .

1.3. �� .

2.�� SQUID + SquidGuard.

3.��, ��, �� MySQL.

4.�� PHP4.

5.�� WEB �� Apa�he.

6.�� WEB �� NUKE 6.8 RUS.

��! (�� … J)

� �� 60 ��. �� , � �� . �� (WinGate, WinRoute � �.�.), �� (��, �� , ��, �� .�.). �� Unix �� , �� . �� -�� , �� ӣ-�� "��" ţ. � �� . � �� FreeBSD 4.4. �� , �� , � �� 2-3 ��, � �� , �.�. �� .

�� ޣ��, �� ޣ �� ӣ �� . (�� UNIX!!!! �� !!! �� , �� … J).

� �� ! � �� ӣ �� . �� !

�� Σ�!

�� :

1.�� . (�� , �� , �� , � ��, ��, �� ).

2.��-�� .

3.�� WEB �� .

4.�� - �� !

�� :

�ݣ �� ! � �� 1-2 � 3-7 �� . (� �� ).

�� "��"!

�� PROXY �� I486, Mem 16Mb, HDD 1000Mb -�� (�� , �� )

�� WEB, MAIL �� P4 2Gz, Mem 512Mb-1Gb, HDD 80-120Gb (�.�. �� , �� , �� , � �� "��" ).

��! �� . (� �� $$$$).

�� ӣ �� (�� , �� WEB) �� I486, MemSIMM24Mb, HDD1000Mb, VideoS3, 2 Ithernet �� 10Mb - �� , �� .

1.�� FreeBSD.

www.freebsd.org

�� FreeBSD � �� …, �� .

� �� FreeBSD 4.4 �� – �� ӣ ��. (�� , �� ӣ �� ).

�� FreeBSD �� :

CD-ROM

�� UNIX

�� (NFS)

� �� FAT (�.�. �� DOS)

� �� FTP (� �� Internet)

��, �� FreeBSD �� CD-ROM.

�� DOS. �� CD-ROM-� �� FLOPPYES. �� BOOT.FLP � FIXIT.FLP. �� DOS, ��

fdimage boot.flp a:

�� FDIMAGE.EXE �� TOOLS �� CD-ROM-�.

�� BOOT (� �� ).

�� :

Skip kernel configuration and continue with installation

Start kernel configuration in full-screen visual mode

Start kernel configuration in ... mode

�� . �� , �� . � �� , �� , � �� (�� ) � �� . �� - �� , � �� -�� (�� ), �� BOOT �� .

�� , � �� "Welcome to FreeBSD".

�� , �� . �� ALT+F2. �� - ALT+F1. �� Standart � �� FDISK Partition Editor. �� , �� , �� (�� , �� ). �� . �� ͣ� �� Σ� �� "C" (Create). �� (�� , �� "M", �� . �� - �� FreeBSD �� 165. �� "Q".

�� "Install Boot Manager for drive ..." � �� :

BootMgr - �� Boot Manager (�� )

Standard - �� MBR �� FreeBSD.

None - �� MBR �� (�� -�� Boot Manager).

�� . ��, �� , �� ģ�� . �� ENTER.

�� ģ� �� , �� FreeBSD. �� "A" � �� . (��, �� FreeBSD 4.8 �� – /var � /tmp �� 256 Mb, �� 1Gb �� , �� … ) �� ͣ� �� "Q".

�� User (�� ) � �� "NO".

�� CUSTOM � �� SRC (�� ) ��. �� . �� "SRC", � �� "SYS". (�� FireWall-�).

�� EXIT. �� , � �� . �� CD-ROM, �� . � �� . ��, ��, �� FreeBSD � �� FAT16, �.�. �� DOS-�, �� FREEBSD (� �� 2.2.6-RELEASE �� , �� FreeBSD) � �� – �� ‘�’.

�� . �� , �� , �� "NO", �� "NO". �� ftp �� "NO". �� NFS �� "NO". �� NFS �� "NO". �� "NO" �� – �� . �� CONSOLE �� "YES", �� . �� , �� DOS-�� , �� IBM 866 � FONTS � �� Russia CP866 � KEYMAP. �� "YES" �� TIME ZONE. ��

Is this machine's CMOS clock set to UTC? If it is set to local time, please choose NO here!

�� NO. �� – �� , �.�. "NO". �� , �� "NO". � �� , �� "NO".

�� . �� EXIT, � �� EXIT INSTALLATION.

�� FreeBSD ��, ��ģ� ��…

��: �� ROOT, �� "��" � �� /stand/sysinstall.

1.1. �� Midnight Commander (��ݣ�� MC).

http://www.ibiblio.org/pub/Linux/utils/file/managers/mc/

�� – �� (�� Norton Commander NC – �� , �� MS-DOS). � �� – �� UNIX ��. �� , �� ģ� �� …

� �� – �� , �� , "��" �� .

�� …

�� – �� glib, �� FreeBSD, �� .

��, �� glib, ��, �� /stand/sysinstall

-�� http://www.ibiblio.org/pub/Linux/utils/file/managers/mc/ ��

-��

# tar –zxvf mc-�.�.�.tar.gz

-� �� ‘cd’ �� ,

-��

# ./configure

# make

# make install

-�� ‘sync + reboot’ (‘sync’ �� ֣�� , �� . �� , �� ).

-�ӣ, �� , �� ‘mc’.

��: � �� . �� DOS, �� DOS �� : mount –t msdos /dev/ad2s5 /mnt, �� –t � msdos �� dos ��; /dev/ad2s5 �� ̣�� extended �� - adX – IDE drive �� 0,1,2,3 – �� , sX – �� extended �� ; /mnt – �� FreeBSD, �� DOS �� – �� , �� .

�� , �� tar �� .�. (�� …).

1.2. �� .

�� , �� "��" PROXI ��, �� FireWall (�� ) � �� , �� …

� �� ͣ�� !

� �� GENERIC, �� /usr/src/sys/i386/conf

�� my

# cp GENERIC my

� �� (� �� ‘F4’).

�� . �� "��", �� . �.�. �� USB, CD-ROM, SCSI �� ݣ �� – �� # �� (�� J).

�� ӣ ��, �� , �� ӣ ��:

machine i386 (� �ϣ� �� , � �� )

cpu I486_CPU (�� – ��

��)

ident my (�� )

maxusers 256 (�� User-�� – ��

256, - �� – �� )

options NMBCLUSTERS=65536

options INET #InterNETworking

options FFS #Berkeley Fast Filesystem

options FFS_ROOT #FFS usable as root device [keep this!]

options SOFTUPDATES #Enable FFS soft updates support

options MFS #Memory Filesystem

options MD_ROOT #MD is a potential root device

options MSDOSFS #MSDOS Filesystem

options CD9660 #ISO 9660 Filesystem

options CD9660_ROOT #CD-ROM usable as root, CD9660 required

options PROCFS #Process filesystem

options COMPAT_43 #Compatible with BSD 4.3 [KEEP THIS!]

options USERCONFIG #boot -c editor

options VISUAL_USERCONFIG #visual boot -c editor

options KTRACE #ktrace(1) support

options SYSVMSG #SYSV-style message queues

options SYSVSEM #SYSV-style semaphores

options P1003_1B #Posix P1003_1B real-time extensions

options _KPOSIX_PRIORITY_SCHEDULING

options KBD_INSTALL_CDEV # install a CDEV entry in /dev

options TCP_DROP_SYNFIN

##### FIREWALL (�� , ��

# "��-��", �� FireWall-�)

options IPFIREWALL

options IPFIREWALL_VERBOSE

options IPFIREWALL_VERBOSE_LIMIT=10

options IPDIVERT

device isa

device pci

device fdc0 at isa? port IO_FD1 irq 6 drq 2

device fd0 at fdc0 drive 0

device ata0 at isa? port IO_WD1 irq 14

device ata1 at isa? port IO_WD2 irq 15

device ata

device atadisk # ATA disk drives

device atapicd # ATAPI CDROM drives

options ATA_STATIC_ID #Static device numbering

device atkbdc0 at isa? port IO_KBD

device atkbd0 at atkbdc? irq 1 flags 0x1

device psm0 at atkbdc? irq 12

device vga0 at isa?

pseudo-device splash

device sc0 at isa? flags 0x100

# Floating point support - do not disable.

device npx0 at nexus? port IO_NPX irq 13

# PCI Ethernet NICs that use the common MII bus controller code.

device miibus # MII bus support (�� , �.�. �� miibus

# � �� )

device fxp # Intel EtherExpress PRO/100B (82557, 82558)

# ISA Ethernet NICs.

device ed0 at isa? port 0x280 irq 10 iomem 0xd8000

# Pseudo devices - the number indicates how many units to allocate.

pseudo-device loop # Network loopback

pseudo-device ether # Ethernet support

pseudo-device pty # Pseudo-ttys (telnet etc)

pseudo-device md # Memory "disks"

# The `bpf' pseudo-device enables the Berkeley Packet Filter.

# Be aware of the administrative consequences of enabling this!

pseudo-device bpf #Berkeley packet filter

# USB support

device usb # USB Bus (required)

�.�. �� , � �� .

�� (� �� ‘F2’) � ��

# config my

�� ӣ �� , �� , �� /usr/src/sys/compile/my � ��:

# make depend

# make

# make install

�� , �� ‘my’, �.�. �� Σ� �� (��, �� – �� – �� ޣ� �ӣ �� ).

�� , �ӣ �� , �� , �� , � �� kernel.old. �� ‘sync’+’reboot’ � ��:

-�� , �� ӣ "��" – �� …

-�� , �� ‘del’ � � �� ‘kernel.old’ – �� ӣ �� -��. �� "��" �� ‘my’ �� .

�� – � �� .

1.3. �� .

�� PROXY �� , � �� rc.conf, rc.firewall, natd.conf, inetd.conf � �� …

��! �� , �� !

rc.conf

local_startup="/usr/local/etc/rc.d" # �� , �� Windows

# ��

hostname="localhost" # ��

named_enable="YES"

firewall_enable="YES" # �� FireWall

firewall_script="/etc/rc.firewall" # �� FireWall-�

firewall_type="MY" # ��

# rc.firewall

firewall_logging="YES"

natd_program="/sbin/natd"

natd_enable="YES"

natd_interface="192.168.1.1"

natd_flags="-f /etc/natd.conf"

tcp_extensions="NO"

tcp_drop_synfin="YES"

icmp_drop_redirect="YES"

icmp_log_redirect="YES"

ifconfig_ed0="inet 192.168.1.1 netmask 255.255.255.192" # ��, ��

ifconfig_fxp0="inet 192.168.0.1 netmask 255.255.255.0" # ��

ifconfig_ed0_alias0="inet 192.168.2.1 netmask 255.255.255.255" (��

# �� ed0 – ��

# �� )

amd_enable="NO"

defaultrouter="192.168.1.2"

gateway_enable="YES"

# �� , �.�. ��

keymap="ru.koi8-r"

keychange="61 [[K"

scrnmap="koi8-r2cp866"

font8x16="cp866b-8x16"

font8x14="cp866-8x14"

font8x8="cp866-8x8"

#saver="logo"

sendmail_enable="YES" # �� -��

check_quotas="NO"

kern_securelevel_enable="NO"

sshd_enable="YES" # �� SSH, �� telnet

# �� , �� Windows-� �� PuTTY.

nfs_reserved_port_only="YES"

mousechar_start="30"

nisdomainname="NO"

### Network Time Services options: ### �� . �� (� �� )

timed_enable="NO" # Run the time daemon (or NO).

timed_flags="" # Flags to timed (if enabled).

ntpdate_enable="NO" # Run ntpdate to sync time on boot (or NO).

ntpdate_program="/usr/local/bin/ntpdate" # path to ntpdate, if you want a different one.

ntpdate_flags="" # Flags to ntpdate (if enabled).

xntpd_enable="YES"

xntpd_program="/usr/local/bin/ntpd"

xntpd_flags="-p /var/run/ntpd.pid"

rc.firewall

if [ -z "${source_rc_confs_defined}" ]; then

if [ -r /etc/defaults/rc.conf ]; then

. /etc/defaults/rc.conf

source_rc_confs

elif [ -r /etc/rc.conf ]; then

. /etc/rc.conf

if [ -n "${1}" ]; then

firewall_type="${1}"

############

# Set quiet mode if requested

case ${firewall_quiet} in

[Yy][Ee][Ss])

fwcmd="/sbin/ipfw -q"

;;

fwcmd="/sbin/ipfw"

;;

esac

############

# Flush out the list before we begin.

${fwcmd} -f flush

[Mm][Yy]) # ��

# set these to your outside interface network and netmask and ip

oif="ed0"

onet="192.168.1.0"

omask="255.255.192.0"

oip="192.168.1.1"

# set these to your inside interface network and netmask and ip

iif="xl0"

inet="192.168.0.0"

imask="255.255.255.0"

iip="192.168.0.1"

#############

${fwcmd} add divert natd all from ${inet}:${imask} to any out via ${oif}

${fwcmd} add divert natd all from any to ${oip} in via ${oif}

${fwcmd} add deny all from any to 127.0.0.0/8

${fwcmd} add deny ip from 127.0.0.0/8 to any

${fwcmd} add pass all from any to any via ${iif}

${fwcmd} add pass ICMP from any to any

${fwcmd} add deny icmp from any to any frag

#smtp

${fwcmd} add pass tcp from any to any 25

${fwcmd} add pass tcp from any 25 to any

#ftp

${fwcmd} add pass tcp from any 21 to any

${fwcmd} add pass tcp from any to any 21

${fwcmd} add pass tcp from any 20 to any

${fwcmd} add pass tcp from any to any 20

#sof2 ��

${fwcmd} add pass udp from any to any 8100

${fwcmd} add pass udp from any 8100 to any

${fwcmd} add pass udp from any to any 20102

${fwcmd} add pass udp from any 20102 to any

${fwcmd} add pass udp from any to any 20100

${fwcmd} add pass udp from any 20100 to any

#ICQ

${fwcmd} add pass tcp from any to any 5190

${fwcmd} add pass tcp from any 5190 to any

# DNS

${fwcmd} add pass udp from any to any 53

${fwcmd} add pass udp from any 53 to any

#pop

${fwcmd} add pass tcp from any to any 110

${fwcmd} add pass tcp from any 110 to any

#for squid

${fwcmd} add pass tcp from 192.168.1.1 to any 80

${fwcmd} add pass tcp from any 80 to 192.168.1.1

${fwcmd} add pass tcp from any to any 8101

${fwcmd} add pass tcp from any 8101 to any

case ${natd_enable} in

[Yy][Ee][Ss])

if [ -n "${natd_interface}" ]; then

# ${fwcmd} add divert natd all from any to any via ${natd_interface}

;;

esac

[Uu][Nn][Kk][Nn][Oo][Ww][Nn])

;;

if [ -r "${firewall_type}" ]; then

${fwcmd} ${firewall_flags} ${firewall_type}

;;

esac

natd.conf

# �ӣ ��

log yes

log_denied no

use_sockets yes

same_ports yes

unregistered_only yes

dynamic yes

inetd.conf

ftp stream tcp nowait root /usr/libexec/ftpd ftpd -l

�� ftp. �� ţ.

�� , �� sysad@vlankas.ru – �� …

2.�� SQUID.

http://squid.directnet.ru/

�� Squid �� !

-�� , � �ϣ� �� squid-2.5.STABLE3.tar.gz,

- ��, ��:

# ./configure

# make

# make install

-�� squid-� � /helpers/basic_auth/NCSA � ��:

# make

# make install

��: �� Squid �� NCSA – �� (./configure --enable-basic-auth-helpers="NCSA")

�� htpasswd �� Apache �� .

�� /usr/local/apache/bin. �� أ�, �� ݣ �� Apache. �� . (�� 4)

�� :

# cd /usr/local/apache/bin

# ./htpasswd –c /usr/local/squid/etc/passwd user password,

�� –c – �� passwd; /usr/local/squid/etc – �� ; user – �� , password – �� (�� , �� , �.�. �� ).

�� htpasswd �� , �� – �� ţ, �� ӣ ��.

�� ӣ, �� .

�� squid.conf, �� /usr/local/squid/etc, ��, �� , �� , �� :

Squid.conf

http_port 3128

#We recommend you to use at least the following line.

hierarchy_stoplist cgi-bin ?

#We recommend you to use the following two lines.

acl QUERY urlpath_regex cgi-bin ?

no_cache deny QUERY

# OPTIONS WHICH AFFECT THE CACHE SIZE

# -----------------------------------------------------------------------------

cache_mem 8 MB

cache_swap_low 80

cache_swap_high 85

# LOGFILE PATHNAMES AND CACHE DIRECTORIES

# -----------------------------------------------------------------------------

cache_dir ufs /usr/local/squid/var/cache 50 16 256

cache_access_log /usr/local/squid/var/logs/access.log

cache_log /usr/local/squid/var/logs/cache.log

# OPTIONS FOR EXTERNAL SUPPORT PROGRAMS

# -----------------------------------------------------------------------------

dns_nameservers 192.168.0.14

# ��

auth_param basic program /usr/local/squid/libexec/ncsa_auth /usr/local/squid/etc/passwd # ��

auth_param basic realm User and Password # ��

auth_param basic credentialsttl 2 hours

# OPTIONS FOR TUNING THE CACHE

# -----------------------------------------------------------------------------

#Suggested default:

refresh_pattern ^ftp: 1440 20% 10080

refresh_pattern ^gopher: 1440 0% 1440

refresh_pattern . 0 20% 4320

# ACCESS CONTROLS �� (�� – �� !)

# -----------------------------------------------------------------------------

acl all src 0.0.0.0/0.0.0.0

acl myip src 192.168.0.1/255.255.255.255

acl SSL_ports port 443 563

acl Safe_ports port 80 # http

acl Safe_ports port 21 # ftp

acl Safe_ports port 13

acl Safe_ports port 123 # https, ntp

acl Safe_ports port 488 # gss-http

acl MY proxy_auth REQUIRED

#Default:

http_access allow myip # �� myip, �.�. �� (�� ) �� .

http_access allow MY # ��

http_access deny all # ��

# ADMINISTRATIVE PARAMETERS

# -----------------------------------------------------------------------------

#Default:

cache_mgr sysad@my.my

cache_effective_user nobody

visible_hostname 192.168.0.1 # �� IP ��

#Default:

error_directory /usr/local/squid/share/errors/Russian-1251

# Leave coredumps in the first cache dir

coredump_dir /usr/local/squid/var/cache

�� , � �� squid.

# mkdir /usr/local/squid/var/cache #�� MC �� "F7"
� �� .

# mkdir /usr/local/squid/var/logs
�� , �� /usr/local/squid/var/cache � /usr/local/squid/var/logs �� , �� squid. �� :

# cat /usr/local/squid/etc/squid.conf | grep cache_effectiv
cache_effective_user nobody
�ache_effective_group nogroup
��, �� nobody, � �� nogroup.

# chown -R nobody /usr/local/squid/cache /usr/local/squid/logs
# /usr/local/squid/sbin/squid -z
�� /usr/local/squid/var/cache �� . �� /usr/local/squid/var/cache, �� , �� .
�� squid.

# /usr/local/squid/sbin/squid -D
��, �� squid � �� .

SquidGuard

http://www.squidguard.org/

�� , �� , �� ! � �� . �� ݣ � SquidGuard. �� "��". �� :

-��

-�� IP �� URL

-��

-�� , �� , �� , ��

-�� , �� MSIE, Netscape Navigator �� ICQ, � ��

-�� , �� , ��

-�� .

�� , �� . ��:

�� Apache, �� mp3 � ��-�� .

# mkdir /usr/local/apache/htdocs/replace
�� 1x1.gif � my.mp3. �� block.cgi � �� /usr/local/apache/cgi-bin �� :

# chown nobody:wheel /usr/local/apache/cgi-bin/block.cgi
# chmod 500 /usr/local/apache/cgi-bin/block.cgi
block.cgi �� perl �� , �� . �� squidGuard. � �� squidGuard-1.2.0/samples/squidGuard.cgi.in.

�� Berkeley DB 3.2.9. � �� , Berkeley DB �� libtool. Libtool �� FreeBSD � Berkeley DB �� http://www.sleepycat.com/update/index.html.

�� libtool �� /stand/sysinstall

-�� Berkeley DB (� �ϣ� �� Berkeley DB 3.2.9)

-�� db-3.2.9/dist

# ./configure –prefix=/usr/local/BerkeleyDB

# make

# make install

�� ӣ �� /usr/local/BerkeleyDB.4.1

�� SquidGuard-�

-�� (http://www.squidguard.org/download/) � ��,

-��

# ./configure --prefix=/usr/local/squidGuard --with-db=/usr/local/BerkeleyDB --with-sg-config=/usr/local/squidGuard/squidGuard.conf --with-sg-logdir=/usr/local/squidGuard/log --with-sg-dbhome=/usr/local/squidGuard/db # �� ! �� ӣ � �� .
# make
# make test
# make install
C�� squidGuard �� /usr/local/squidGuard/log.

# mkdir /usr/local/squidGuard/log
�� http://www.squidguard.org/blacklist/.

�� (�� ), �� .

�� /usr/local/squidGuard/db :

# tar zxvf blacklists.tgz -C /usr/local/squidGuard
# mv /usr/local/squidGuard/blacklists /usr/local/squidGuard/db
� �� /usr/local/squidGuard/db �� .

��: �� , �� , �� MC.

�� , �� /usr/local/squidGuard/db, �� :

domains.20020825.diff
domains.20020901.diff
domains.20020908.diff
domains.20020915.diff
domains.20020922.diff
�� :

+xratedpornsite.com
+209.51.157.43
-zena.cenhost.com
-scuzz.xtac.com

�� :

urls.20020825.diff
urls.20020901.diff
urls.20020908.diff
urls.20020915.diff
urls.20020922.diff
� ��

-silva.org/look_at_me
+recom.it/fuck/beatrice
��, �� "+", �� . ��, �� . � �� Berkeley DB. �� squidGuard -u. �� , �� . �� squidGuard, �� .

��

squidGuard.conf :

logdir /usr/local/squidGuard/log

dbhome /usr/local/squidGuard/db

src it-departament {

ip 192.168.0.1-192.168.0.3

}

src ostalnoe {

ip 192.168.0.4-192.168.0.255

}

rewrite mp3 {

s@.*.mp3$@http:// ��_��_��_�� /replace/my.mp3@r

log rewr_mp3

}

dest porn {

domainlist porn/domains

urllist porn/urls

log porn

}

dest ads {

domainlist ads/domains

urllist ads/urls

log ads

redirect http:// ��_��_��_�� /replace/1x1.gif

}

dest banners {

domainlist banners/domains

expressionlist banners/expressions

urllist banners/urls

redirect http://��_��_��_��/replace/1x1.gif

log banners

}

dest local-ok {

domainlist local-ok/domains

urllist local-ok/urls

}

dest local-block {

domainlist local-block/domains

urllist local-block/urls

redirect http:// ��_��_��_��/cgi-bin/block.cgi?clientaddr=%a&clientname=%n&clientident=%i&clientgroup=%s&targetgroup=%t&url=%u

}

acl {

# ��

it-department {

pass local-ok !banners !ads all

# ��

}

ostalnoe {

pass local-ok !porn !banners !ads !local-block all

redirect http:// ��_��_��_�� /cgi-bin/block.cgi?clientaddr=%a&clientname=%n&clientident=%i&clientgroup=%s&targetgroup=%t&url=%u

rewrite mp3

}

default {

# �� , �� src

pass none

# ��

redirect http:// ��_��_��_�� /cgi-bin/block.cgi?clientaddr=%a&clientname=%n&clientident=%i&clientgroup=%s&targetgroup=Not_Authorized&url=%u

log default

# �� /usr/local/squidGuard/log/default

}

# �� acl

�� http://www.vlankas.ru/files/banners.tar.gz �� . �� squidGuard �� , � �� . � �� . �� /usr/local/squidGuard/db �� banners � �� .

�� , �� squidGuard. �� , �� squidGuard �� log � db. �� squidGuard.conf. (��, �� squid-�)

# chown -R nobody /usr/local/squidGuard/log /usr/local/squidGuard/db
# chown nobody /usr/local/squidGuard/squidGuard.conf
SquidGuard �� , �� Berkeley DB. �� . �� , �� . �� squidGuard � �� .

# cat > /usr/local/squidGuard/bin/rebase.sh

#!/bin/sh

/usr/local/squidGuard/bin/squidGuard -C all

chown -R nobody /usr/local/squidGuard/db

killall -HUP squid

�� rebase.sh

�� rebase.sh. �� , �� , �� root.

# chmod 100 /usr/local/squidGuard/bin/rebase.sh

# /usr/local/squidGuard/bin/rebase.sh
�� rebase.sh, �� . �� , �� dest �� , �� domains.db � urls.db.

�� squidGuard � Squid. � �� /usr/local/squid/etc/squid.conf �� :

redirector_bypass on

redirect_program /usr/local/squidGuard/bin/squidGuard # �� squidGuard

redirect_children 1 # �� squidGuard ��

�� squid. � �� , squid �� .

# killall -HUP squid

�� , � �� …

3.��, ��, �� MySQL

http://www.mysql.ru/

�� MySQL ��, �� SQUID-� � �� WEB �� NUKE. (�� …).

�� , �� ӣ � �� J.

-�� , �� www.mysql.ru,

-�� MC,

-�� configure � �� :

# ./configure --prefix=/usr/local/mysql --localstatedir=/usr/local/mysql/data --with-unix-socket-path=/usr/local/mysql/tmp/socket --with-mysqld-user=mysql --disable-large-files --with-libwrap --without-debug --with-charset=cp1251 --with-extra-charsets=all --with-berkeley-db

�� , �� ӣ ��:

--prefix=/usr/local/mysql # ��

--localstatedir=/usr/local/mysql/data # ��

--with-unix-socket-path=/usr/local/mysql/tmp/mysql.sock # �� -unix-socket (��, �� , �� -�� )

--with-mysqld-user=mysql # �� mysql (�� )

--disable-large-files #

--with-libwrap #

--without-debug #

--with-charset=cp1251 # �� , �.�. ��

--with-extra-charsets=all # ��

--with-berkeley-db #

-��

# make

# make install

�� , �ģ� ��…

-�� mysql � �� mysql �� adduser (� �� . �� ӣ �� /stand/sysinstall).

-�� ‘tmp’ /usr/local/mysql/tmp (�� --with-unix-socket-path=/usr/local/mysql/tmp/mysql.sock, �� – mysql.sock �� – �� , � �� tmp �� ).

-�� ‘tmp’ � ‘data’ �� mysql � �� mysql, �.�. �� MC, �� "F9>File>Chown".

-�� , �� mysql_install_db. ��

# ./mysql_install_db (� �� /usr/local/mysql/bin)

-�� ӣ – ��

# ./safe_mysqld -u root & (�� – �� /usr/local/mysql/bin)

�� :

# Starting mysqld daemon with databases from /usr/local/mysql/data

�� ݣ �� ‘top’ – �� ‘mysql’

-�� ӣ � MySQL, � �� .

4.�� PHP4.

http://www.php.net

5.�� WEB �� Apahe.

http://www.apache.org

�� , �� . �� , �� Apahe � �� PHP4.

�� , �� …, �� 2-�� , �� – �� ! (�� PHP4, �� PROXY) J.

�� , �� PHP4 �� natd Apa�he � �� Apa�he � �� , �� PHP4 �� , �� ģ� �� . � �� PHP4 �� Apa�he �� ģ�. ��…

-�� tar-�� MC �� Apa�he � PHP4

-�� Apa�he

# ./configure --prefix=/home/apache --activate-module=src/modules/php4/libphp4.a

-�� PHP4

# ./configure

# make

# make install

-�� Apahe

# make

# make install

-�� php.ini � httpd.conf

�� , �� , �� :

http.conf

AddType application/x-httpd-php .php

AddType application/x-httpd-php-source .phps

DirectoryIndex index.html index.html index.pphp

�� php ��, �� ݣ ��-��, �� , �� - http://freeunix.unicor.ru/content.php?page=Apache&id=57

php.ini

; �� . �� (�� , ��,

; �� . �.), ��, �� (;)

; �� (�� , ��, �� ). ��

; (��, [Foo]) �� , ��, ��, ��

; � �� PHP.

; �� ;

; �� PHP �� Apache.

engine = On

; �� <?. ��

; �� <?php � <script>.

short_open_tag = On

; �� <% %> �-�� ASP.

asp_tags = Off

; �� , ��

; �� .

precision = 14

; �� . �� (��

; Cookies) �� . ��, ��

; �� .

; ��

; �� , ��

; �� :

output_buffering = Off

; �� PHP � ��, ��

; �� .

; �� flush() ��

; �� print() �� echo() � �� HTML-��.

; �� , ��

; �� .

implicit_flush = Off

; �� , �� PHP ��

; �� .

; �� , �, �� , ��

; �� PHP/Zend.

; �� , �� -

; �� - ��

; ��. �� , �� Off

; � ��, �� -�� . �� ,

; �� , � ��

; PHP. � �� ,

; �� ,

; �� .

allow_call_time_pass_reference = On

; ��

safe_mode = Off

safe_mode_exec_dir =

; ��

; "��" � �� . ��

; �� . � ��

; �� , ��

; �� .

; ��

; �� , �� PHP_ (��,

; PHP_FOO=something).

; ��: �� , PHP ��

; �� !

safe_mode_allowed_env_vars = PHP_

; �� ;

; �� . ��

; �� , PHP �� .

max_execution_time = 30

; �� , �� (8MB)

memory_limit = 8M

; �� ;

; �� error_reporting ��

; ��. �� ,

; �� | (OR):

; E_ALL - �� .

; E_ERROR - �� .

; E_WARNING - �� .

; E_PARSE - �� .

; E_NOTICE - �� (��

; ��, ��, �� ,

; ��

; ��, - ��, ��

; �� ).

; E_CORE_ERROR - �� PHP.

; E_CORE_WARNING - �� PHP.

; E_COMPILE_ERROR - �� .

; E_COMPILE_WARNING - �� .

; E_USER_ERROR - �� .

; E_USER_WARNING - �� .

; E_USER_NOTICE - �� .

; ��:

; �� , ��

error_reporting = E_ALL & ~E_NOTICE

; ��

; error_reporting=E_COMPILE_ERROR|E_ERROR|E_CORE_ERROR

; �� , ��

;error_reporting = E_ALL ; & ~E_NOTICE

; �� .

; ��

; �� (��. ��). ��

; display_errors � "��" ��

; �� : ��, �� , ��

; �� . �.

display_errors = On

; �� display_errors ��, ��, ��

; PHP, �� . ��

; � �� , �� , ��

; �� .

display_startup_errors = Off

; �� . ��

; �� , �� stderr

; �� error_log, �� . ��

; ��, � ��

; ��, � �� .

log_errors = Off

; ��

; �� $php_errormsg

track_errors = On

; ��, �� + �� .

warn_plus_overloading = Off

; �� ;

; ��: track_vars �� , �� PHP 4.0.3.

; �� PHP �� EGPCS-��

; ��. ��, �� , ��

; �� "��" �� . ��

; ��, �� track_vars - � ��

; �� GPC-�� $HTTP_???_VARS.

; �� , ��

; �� register_globals. ��

; ��, �� , �� , ��

; �� , ��

; �� .

register_globals = On

; �� PHP, ��

; $argv � $argc �� , �� GET. ��

; �� , �� register_argc_argv ��

; �� PHP.

register_argc_argv = On

; �� POST, �� PHP �� .

post_max_size = 8M

; �� :

; �� GET/POST/Cookie ��

magic_quotes_gpc = Off

; �� 4.0b4, PHP ��

; �� Content-type. �� , �� ,

; �� . ��

; �� text/html �� .

default_mimetype = "text/html"

;default_charset = "iso-8859-1"

; ��, � �� .

extension_dir = "usrlocalphpextensions"

; �� , � �� PHP ��

; �� (�� , ��

; �� )

upload_tmp_dir = /tmp

; ��

upload_max_filesize = 2M

;# ��: ��, ��

;# � �� ";;", ��

;# �� . ��

;# "�� ", � ��, �� .

;extension=php_bz2.dll

;extension=php_cpdf.dll

;extension=php_crack.dll

;extension=php_curl.dll

;extension=php_db.dll

;extension=php_dba.dll

;extension=php_dbase.dll

;extension=php_dbx.dll

;extension=php_filepro.dll

extension=php_gd.dll ; ��

;;extension=php_gd2.dll

;extension=php_gettext.dll

;extension=php_hyperwave.dll

;extension=php_iconv.dll

;extension=php_imap.dll

;extension=php_interbase.dll

;extension=php_java.dll

;extension=php_mhash.dll

;extension=php_ming.dll

;extension=php_msql.dll

;extension=php_mssql.dll

;extension=php_openssl.dll

;extension=php_pdf.dll

;extension=php_pgsql.dll

;extension=php_shmop.dll

;extension=php_sockets.dll

;extension=php_w32api.dll

;extension=php_xmlrpc.dll

;extension=php_zip.dll

;;extension=php_zlib.dll ;(built-in now!)

;extension=php_ldap.dll

;extension=php_xslt.dll

; Debugger

extension=php_dbg.dll

;�� (�� Win95).

;extension=php_domxml.dll

;; ��, �� ";;" �� , ��

;; �� . ��

;; ��!

;;extension=php_fdf.dll ; ��

;;extension=php_mime_magic.dll ; �� c:php4magic.mime, � ��

;;extension=php_ifx.dll

;;extension=php_oci8.dll

;;extension=php_sybase_ct.dll

;;extension=php_snmp.dll

;;extension=php_oracle.dll

;;extension=php_mcrypt.dll

;;extension=php_ingres.dll

;;extension=php_iisfunc.dll

;;extension=php_dotnet.dll

;;extension=php_fbsql.dll

;;extension=php_exif.dll

;;extension=php_cybercash.dll

; �� ;

[Syslog]

; �� Syslog, ��

; $LOG_PID, $LOG_CRON � �. �. ��

; �� . ��

; ��

; �� define_syslog_variables().

define_syslog_variables = Off

[mail function]

; �� UNIX - �� sendmail (��

; �� - 'sendmail -t -i').

sendmail_path = usrsbinsendmail -t -i

[Debugger]

debugger.enabled=on

debugger.profiler_enabled=on

[MySQL]

mysql.allow_persistent = On

mysql.max_persistent = -1

mysql.max_links = -1

; �� mysql_connect() (�� ).

mysql.default_host =

; �� (�� ).

mysql.default_user =

; �� (�� ).

; ��: �� . ��

; ��, �� PHP, ��

; ��:

; echo cfg_get_var("mysql.default_password")

; ��, �� , ��

; �� php.ini.

mysql.default_password =

; �� .

sybase.min_error_severity = 10

; �� .

sybase.min_message_severity = 10

; �� PHP 3.0.

; �� On, PHP ��

; �� Sybase, �� ,

; �� . ��

; ��, ��, � �� , ��

; �� , �� .

sybase.compatability_mode = Off

[Sybase-CT]

sybct.allow_persistent = On

sybct.max_persistent = -1

sybct.max_links = -1

sybct.min_server_severity = 10

sybct.min_client_severity = 10

[bcmath]

; �� bcmath-��.

bcmath.scale = 0

[browscap]

;browscap = extra/browscap.ini

[Informix]

ifx.default_host=

ifx.default_user=

ifx.default_password=

ifx.allow_persistent=On

ifx.max_persistent=-1

ifx.max_links=-1

; �� On, �� select ��

; �� text blob �� .

ifx.textasvarchar=0

; �� select �� byte blob

; �� .

ifx.byteasvarchar=0

; �� PHP �� char

; �� . �� Informix SE.

ifx.charasvarchar=0

; �� , �� text � byte �� ,

; �� , �� .

ifx.blobinfile=0

; �� 0, �� NULL �� ,

; �� 'NULL'.

ifx.nullformat=0

[Session]

; �� .

session.save_handler = files

; �� , �� save_handler-�. �

; �� ,

; � �� .

session.save_path = /tmp

; �� PHP �� Cookies.

session.use_cookies = 1

; �� Cookie �� (�� )

session.name = PHPSESSID

; �� .

session.auto_start = 0

; �� Cookie �� . �� , �� 0.

session.cookie_lifetime = 0

; �� Cookie � �� .

session.cookie_path = /

; �� Cookie � �� .

session.cookie_domain =

; ��, �� . �� php ��

; �� .

session.serialize_handler = php

; �� , �� , ��

; ��, �� "�� " �� ,

; ��

�� | �� | �� | ��: 369 | �� : 4.8 (��: 5).
��: Xoid26, 2003-09-25 17:08:38

5 �� , ��, samba, ...:

25.09.03: �� FreeBSD 4.x (�� FreeBSD 4.4-4.8 (Midnight Commander), PROXY (FireWall, Squid, SquidGuard), WEB (Apache, MyS...)
17.09.03: �� (�� -�� ? �� - �� -�� , ��, ...)
07.09.03: LDAP-HOWTO ��-�� (� �� LDAP. �� ...)
06.09.03: �� Windows �� Nagios (�� , �� Nagios �� FreeBSD 4.7. ��...)
31.08.03: �� Apache � �� .htaccess (�� Apache �� -��. ��-�� , �� ...)

"�� FreeBSD 4.x" | ��/�� | 0 ��