2013.8.22
Author: db.
转载请注明出处:http://blog.csdn.net/juneman。
1. 服务器基本配置
1) 主根服务器 192.168.56.101
2) 从根服务器 192.168.56.102
3) COM服务器 192.168.56.103
4) 解析服务器 192.168.56.104
2. 编译及安装BIND9
1) # tar xvf bind-9.6.1.tar.gz
# cd bind-9.6.1
# ./configure --prefix=/usr/local/named --enable-threads
//开启多线程处理能力
# make && make install
2) 从rndc.conf文件中提取named.conf用的key
# cd /usr/local/named
# sbin/rndc-confgen > etc/rndc.conf
#cd etc/
# tail -10 rndc.conf | head -9 | sed s/#\//g > named.conf
# cat named.conf
#
key "rndc-key" {
algorithm hmac-md5;
secret "wk7NzsvLaCobiCFxHB2LXQ==";
};
controls {
inet 127.0.0.1 port 953
allow { 127.0.0.1; } keys { "rndc-key"; };
};
以上环境安装设置在每台服务器上是一样的。
3. 配置主根服务器 在IP为192.168.56.101的服务器上
1) 打开named.conf, 添加如下内容
# vi named.conf
key "rndc-key" {
algorithm hmac-md5;
secret "wk7NzsvLaCobiCFxHB2LXQ==";
};
controls {
inet 127.0.0.1 port 953
allow { 127.0.0.1; } keys { "rndc-key"; };
};
options {
directory "/var/named/";
pid-file "/var/named/named.pid";
recursion no;
};
zone "." IN {
type master;
file "db.root";
allow-transfer {192.168.56.102;};
};
其中: recursion no; 关闭递归查询。
allow-transfer {192.168.56.102;}; 允许区域传送,且仅对给出的IP地址的服务器
有效。 这里192.168.56.102是我们的从根服务器
2) 创建区配置文件
# cd /var
# mkdir named
# cd named
# touch db.root
# vi db.root
$TTL 86400
@ IN SOA @ root (
12169
1m
1m
1m
1m )
. IN NS root.ns.
root.ns. IN A 192.168.56.101
com. IN NS ns.com.
ns.com. IN A 192.168.56.103
其中: com. IN NS ns.com. 这里必须要授权出去, 否则递归解析时,将找不到类似
My.com 所对应的地址
3) 启动BIND 并测试
# cd /usr/local/named
# sbin/named -g &
# dig @192.168.56.101 . NS
root@simba-1:/var/named# dig @192.168.56.101 . NS
; <<>> DiG 9.9.2-P1 <<>> @192.168.56.101 . NS
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 10193
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 2
;; WARNING: recursion requested but not available
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;. IN NS
;; ANSWER SECTION:
. 86400 IN NS root.ns.
;; ADDITIONAL SECTION:
root.ns. 86400 IN A 192.168.56.101
;; Query time: 19 msec
;; SERVER: 192.168.56.101#53(192.168.56.101)
;; WHEN: Wed Aug 21 07:15:38 2013
;; MSG SIZE rcvd: 64
# dig @192.168.56.101 com. NS
root@simba-1:/var/named# dig @192.168.56.101 com. NS
; <<>> DiG 9.9.2-P1 <<>> @192.168.56.101 com. NS
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 20443
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 2
;; WARNING: recursion requested but&nbs
Exchange2013支持的备份技术有三种:Windows Server 备份工具(带有 VSS 插件)、Microsoft System Center 2012 数据保护管理器,或基于 VSS 的第三方 Exchange 感知应用程序。
这里介绍Windows Server 2012自带的windows server backup工具来备份和还原,具体步骤如下:
1、先在服务器管理器中添加功能“windows server backup”,
2、打开windows server backup,右键点击“本地备份”,选择“备份计划”,
3、打开备份计划向导,点击“下一步”,
4、选择“整个服务器”,
5、选择每日备份的时候,
6、指定目标类型:
第一种是“备份到另一个专用于备份的硬盘上”,此方式安全性较高,用于备份的硬盘将被格式化,并被隐藏,无法浏览,只能通过该工具来还原里面的数据;
第二种是“备份到卷(另一个分区)”,此方式将数据备份到同一硬盘上的另一个分区上,并且可以浏览、复制等;
第三种是“备份到共享网络文件夹”,此方式不支持备份计划中的增量备份;
这里我选择第一种,我用专门的一个网络存储来存放备份,
OSSEC monitors system logs with build-in support, and does a good job. Don't forget OSSEC is also can monitor the custom log file like our app's log. You have to create your own decoder and rule for that.
- Add the log file you want to monitor to ossec.conf
Open up
/var/ossec/etc/ossec.confand add below block in.
<localfile> <log_format>syslog</log_format> <location>/var/log/my_app.log</location> </localfile>
- Create a custom decoder
2010-09-25 15:28:42 [node-test]IP:192.1.1.1@reboot. 2010-09-25 15:28:52 [node-test]IP:192.1.1.1@reboot. 2010-09-25 15:29:52 [node-test]IP:192.1.1.1@reboot. 2010-09-25 15:39:52 [node-info]IP:192.1.1.1@reboot. 2010-09-27 16:39:52 [node-info]IP:192.1.1.1@reboot.
Open up /var/ossec/etc/local_decoder.xml (you can also use decoder.xml, which already exists, but using local_decoder.xml will assure that you don’t overwrite it on upgrade). First, we want to create a decoder that will match the first part of the log entry. We’ll use the date and first few characters to grab it using a regular expression.
<decoder name="nodeerror">
<prematch>^\d\d\d\d-\d\d-\d\d \d\d:\d\d:\d\d [node-test]</prematch>
</decoder>
<decoder name="nodeerror-alert">
<parent>nodeerror</parent>
<regex offset="after_parent">IP:(\d+.\d+.\d+.\d+)@(\w+)</regex>
<order>url,action</order>
</decoder>Save your local_decoder.xml and let’s run the log file through ossec-logtest.
#/var/ossec/bin/ossec-logtest
2010-09-25 15:28:42 [node-test]IP:192.1.1.1@reboot.
**Phase 1: Completed pre-decoding.
full event: '2010-09-25 15:28:42 [node-test]IP:192.1.1.1@reboot.'
hostname: 'pms-srv01'
program_name: '(null)'
log: '2010-09-25 15:28:42 [node-test]IP:192.1.1.1@reboot.'
**Phase 2: Completed decoding.
decoder: 'nodeerror'
url: '192.1.1.1'
action: 'reboot'
**Phase 3: Completed filtering (rules).
Rule id: '700006'
Level: '8'
Description: 'reboot happens!'
**Alert to be generated.Looks good! It found our decoder and extracted the fields the way we want ‘em. Now, we’re ready to write local rules.
- Write custom rules
<rule id="700005" level="0">
<decoded_as>nodeerror</decoded_as>
<description>Custom node Alert</description>
</rule>
<!-- Alert -->
<rule id="700006" level="8">
<if_sid>700005</if_sid>
<action>reboot</action>
<options>alert_by_email</options>
<description>reboot happens!</description>
</rule>Save your local_rules.xml file, Now, we are ready to restart OSSEC and check alert.