在CentOS 7里安装dante socks5

sock5方便公司管理业务，如外网的访问。

环境：CentOS 7 64位, dante 1.4.1

过程：

1.rpm -ivh http://mirror.ghettoforge.org/distributions/gf/el/7/plus/x86_64/dante-1.4.1-176.9.x86_64.rpm # 安装 dante

2.rpm -ivh http://mirror.ghettoforge.org/distributions/gf/el/7/plus/x86_64/dante-server-1.4.1-176.9.x86_64.rpm # 安装 dante-server

3.adduser --no-create-home --shell /usr/sbin/nologin sktest # 添加 sktest 新用户，且设置密码

4.mkdir /var/run/sockd # 创建 sockd 的目录

5.vi /etc/sockd.conf # 创建或修改配置文件，内容如下：

logoutput: stderr

# logoutput: /var/log/sockd.log

# 使用本地所有可用网络接口的 3721 端口
internal: 0.0.0.0 port = 3721

# 输出接口设置为 eth0
external: eth0

# socks的验证方法，设置为 pam.username，本例中，是使用系统用户验证，即使用adduser添加用户
socksmethod: pam.username

user.privileged: root

user.unprivileged: nobody

# user.libwrap: nobody

# 访问规则
client pass {
        from: 0.0.0.0/0  to: 0.0.0.0/0
}

socks pass {
        from: 0.0.0.0/0 to: 0.0.0.0/0
        protocol: tcp udp
        socksmethod: pam.username
        log: connect disconnect
}

socks block {
        from: 0.0.0.0/0 to: 0.0.0.0/0
        log: connect error
}

6.vi /etc/pam.d/sockd # 创建配置文件，内容如下：

#%PAM-1.0
#auth      required     pam_sepermit.so
auth       include      system-auth
account    required     pam_nologin.so
account    include      system-auth
password   include      system-auth
# pam_selinux.so close should be the first session rule
session    required     pam_selinux.so close
session    required     pam_loginuid.so
# pam_selinux.so open should only be followed by sessions to be
executed in the 
user context
session    required     pam_selinux.so open env_params
session    optional     pam_keyinit.so force revoke
session    include      system-auth
session    required     pam_limits.so

7.systemctl start sockd # 启动服务

参考：

• https://www.inet.no/dante/doc/1.4.x/config/auth_pam.html
• https://gist.github.com/lattenwald/8b86b7ba73f1ec0f6c66c5671a98a3df