UNIT II Configuring additional hardware. Everyday task using Linux.

Slides:



Advertisements
Similar presentations
Linux+ Guide to Linux Certification, Second Edition Chapter 14 Network Configuration.
Advertisements

Chapter Apache Installation in Linux- Mandrake. Acknowledgment The following information has been obtained directly from
Exchange server Mail system Four components Mail user agent (MUA) to read and compose mail Mail transport agent (MTA) route messages Delivery agent.
Module 6 Windows 2000 Professional 6.1 Installation 6.2 Administration/User Interface 6.3 User Accounts 6.4 Managing the File System 6.5 Services.
Cambodia-India Entrepreneurship Development Centre - : :.... :-:-
Computer Networks IGCSE ICT Section 4.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Application Layer Functionality and Protocols Network Fundamentals – Chapter.
1 Chapter Overview Introduction to Windows XP Professional Printing Setting Up Network Printers Connecting to Network Printers Configuring Network Printers.
DNS Setup DNS CONFIGURATION. DNS Configuration DNS Setup named daemon is used A DNS Server may be caching/master/slave server The named.ca file has information.
Web Server Setup WEB SERVER SETUP.
1.  The Linux system of permissions is much more difficult than that of Windows  System administrators are given more control with the use of three.
1 Linux Networking and Security Chapter 3. 2 Configuring Client Services Configure DNS name resolution Configure dial-up network access using PPP Understand.
Microsoft Windows 2003 Server. Client/Server Environment Many client computers connect to a server.
BASIC NETWORK CONCEPTS (PART 6). Network Operating Systems NNow that you have a general idea of the network topologies, cable types, and network architectures,
Chapter 7: Using Windows Servers to Share Information.
The Linux Operating System Lecture 7: Tonga Institute of Higher Education.
Module 4: Add Client Computers and Devices to the Network.
Chapter 10 Intro to Routing & Switching.  Upon completion of this chapter, you should be able to:  Explain how the functions of the application layer,
MCSE Guide to Microsoft Exchange Server 2003 Administration Chapter Four Configuring Outlook and Outlook Web Access.
©Kwan Sai Kit, All Rights Reserved Windows Small Business Server 2003 Features.
70-291: MCSE Guide to Managing a Microsoft Windows Server 2003 Network Chapter 3: TCP/IP Architecture.
Local Area Networks (LAN) are small networks, with a short distance for the cables to run, typically a room, a floor, or a building. - LANs are limited.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Application Layer Functionality and Protocols Network Fundamentals.
1 Apache. 2 Module - Apache ♦ Overview This module focuses on configuring and customizing Apache web server. Apache is a commonly used Hypertext Transfer.
Linux+ Guide to Linux Certification, Second Edition Chapter 14 Network Configuration.
Guide to Linux Installation and Administration, 2e1 Chapter 2 Planning Your System.
1 Electronic Messaging Module - Electronic Messaging ♦ Overview Electronic messaging helps you exchange messages with other computer users anywhere in.
Proxy Server PROXY SERVER. What is a Web Proxy? Proxy Server A proxy is a host which relays web access requests from clients Used when clients do not.
Chapter 3: Services of Network Operating Systems Maysoon AlDuwais.
Computer Networking From LANs to WANs: Hardware, Software, and Security Chapter 13 FTP and Telnet.
1 Linux Networking and Security Chapter 5. 2 Configuring File Sharing Services Configure an FTP server for anonymous or regular users Set up NFS file.
Networking in Linux. ♦ Introduction A computer network is defined as a number of systems that are connected to each other and exchange information across.
Page 1 Printing & Terminal Services Lecture 8 Hassan Shuja 11/16/2004.
Introduction TO Network Administration
Linux Operations and Administration
TOPIC 7.0 LINUX SERVICES AND CONFIGURATION. ROOT USER Root user is called “super user” because it has power far beyond those of mortal user. As root,
Linux Operations and Administration Chapter Twelve Configuring a Mail Server.
Configuring Print Services Lesson 7. Print Sharing Print device sharing is another one of the most basic applications for which local area networks were.
Chapter 7: Using Network Clients The Complete Guide To Linux System Administration.
APACHE Apache is generally recognized as the world's most popular Web server (HTTP server). Originally designed for Unix servers, the Apache Web server.
Web and Proxy Server.
Guide to Operating Systems, 5th Edition
Windows interoperability with Unix/Linux
Chapter 7: Using Windows Servers
Introduction to Operating Systems
SMTP SMTP stands for Simple Mail Transfer Protocol. SMTP is used when is delivered from an client, such as Outlook Express, to an server.
Instructor Materials Chapter 5 Providing Network Services
Chapter Objectives In this chapter, you will learn:
Netscape Application Server
File System Implementation
Web Development Web Servers.
SMTP SMTP stands for Simple Mail Transfer Protocol. SMTP is used when is delivered from an client, such as Outlook Express, to an server.
Network Operating Systems Examples
Module 4 Remote Login.
Chapter 2: System Structures
SUBMITTED BY: NAIMISHYA ATRI(7TH SEM) IT BRANCH
Lecture 6: TCP/IP Networking By: Adal Alashban
Chapter 10: Application Layer
HmailServer Karam al-sofy & Faten alhasan.
Chapter 3: Windows7 Part 4.
IIS.
Topic 5: Communication and the Internet
has many aspects that work together to give people almost instant communication from any computer on the internet to any other computer There.
Lecture 1: Multi-tier Architecture Overview
NFS.
Applications Layer Functionality & Protocols
APACHE WEB SERVER.
Chapter 7 Network Applications
Web Servers (IIS and Apache)
Presentation transcript:

UNIT II Configuring additional hardware. Everyday task using Linux. X window system configuration. Setting up email servers. Setting up files services using Samba. NFS file services. Setting up proxy services. Setting up printer services.

Configuring additional hardware Sound card. Displays &Display cads. Network cards. Modems, USB drivers. CD writers.

USB DRIVERS What is USB? USB= Universal Serial Bus The universal serial bus (USB) is a connection between a host computer and a number of peripheral devices. It was originally created to replace a wide range of slow and different buses—the parallel, serial, and keyboard connections.

Cont… The latest revision of the USB specification added high-speed connections with a theoretical speed limit of 480 MBps. USB Device Basics: A USB device is a very complex thing, as described in the official USB documentation. the Linux kernel provides a subsystem called the USB core to handle most of the complexity.

Cont.. End points: The most basic form of USB communication is through something called an endpoint. Out endpoint: A USB endpoint can carry data in only one direction, either from the host computer to the device. In endpoint: direction, either from the device to the host computer.

USB driver overview

USB device overview A USB endpoint can be one of four different types that describe how the data is transmitted:

Types of endpoint transmission CONTROL INTERRUPT BULK ISOCHRONOUS.

Control Control endpoints are used to allow access to different parts of the USB device. They are commonly used for configuring the device, retrieving information about the device, sending commands to the device, or retrieving status reports about the device. these endpoints are usually small in size. Every USB device has a control endpoint called “endpoint 0”.

Cont.. Interrupt endpoints: Interrupt endpoints transfer small amounts of data at a fixed rate every time the USB host asks the device for data. Bulk endpoints: Bulk endpoints transfer large amounts of data.

Cont… ISOCHRONOUS endpoints: Isochronous endpoints also transfer large amounts of data, but the data is not always guaranteed to make it through.

USB Logical Unit Devices usually have one or more configurations. Configurations often have one or more interfaces. Interfaces usually have one or more settings. Interfaces have zero or more endpoints.

USB and Sysfs:

Lifecycle of USB Urbs Created by a USB device driver. Assigned to a specific endpoint of a specific USB device. Submitted to the USB core, by the USB device driver. Submitted to the specific USB host controller driver for the specified device by the USB core. Processed by the USB host controller driver that makes a USB transfer to the device. When the urb is completed, the USB host controller driver notifies the USB device driver.

X Window System

X Window System X-Window Introduction : The 5 Elements of X-Window System 1. X-Serve 2. X-Clients 3. X-Protocol 4. X-library 5. X-toolkit

Cont… The Architecture of X-window : Client/Server The Characteristic of X-window : multi-platform Tool Kit of X-Server configuration. Config file for X-Server

X Window System What is X window system? The X Window System, commonly called "X," is a graphical windowing interface that comes with all popular Linux distributions. X is available for many Unix-based operating systems; the version of X that runs on Linux systems with x86-based CPUs is called "XFree86.

Information on installing X Running X: What X looks like, and how to run it. X Clients: Running programs in X. Window Operations: How to manipulate a window.

Cont… Xterm: Running a shell in X. Configuring X: Desktop: Moving around the desktop. Xterm: Running a shell in X. Configuring X: Making X run the way you want it to.

Setting up email servers.

Email Email has many aspects that work together to give people almost instant communication from any computer on the internet to any other computer There are three main parts that we will look at: sending email on a server, receiving email on a server and receiving email as a client The simplest is to receive email as a client. You merely put in the name of the server that holds your email and download it.

Cont.. On Linux, you can view your email through many different programs. There are graphical programs like Mozilla, Ximian Evolution and Kmail You can also use programs from the command line like 'pine' and 'mutt'

Email Email has many aspects that work together to give people almost instant communication from any computer on the internet to any other computer There are three main parts that we will look at: sending email on a server, receiving email on a server and receiving email as a client The simplest is to receive email as a client. You merely put in the name of the server that holds your email and download it.

Cont.. You merely put in the name of the server that holds your email and download it. On Linux, you can view your email through many different programs. There are graphical programs like Mozilla, Ximian Evolution and Kmail You can also use programs from the command line like 'pine' and 'mutt'

Email on the Server Getting and reading email is simple on a client, but setting up a server to get and send email requires a little more understanding of how email works There are three parts to have an email server The MTA – Mail Transport Agent (most people use the program called 'sendmail') The LDA – Local Delivery Agent (most people use the program procmail)

Cont… IMAP and POP3 servers – these are two ways to get email from a server. When a client connects to a server to get email, they will use one of these servers

Setting up Sendmail Sendmail normally runs with all RedHat distributions, so you won't need to start any service. Sendmail is a Mail Transport Agent – this means that it is a program which moves mail from one computer to another computer. It is estimated that 80% of all email is handled by Sendmail today. With Sendmail, you can do many things, like block spam, relay mail, have forwarders and configure ways to route mail automatically across networks.

Cont… With Send mail, you can do many things, like block spam, relay mail, have forwarders and configure ways to route mail automatically across networks. Like most Linux programs, Send mail is changed through configuration files

Setting up Sendmail Setting up Sendmail can be an enormous task if you want to do complicated things, but if we just want it to accept email, we can keep it simple. First change into /etc/mail where the sendmail files are saved Sendmail has a different configuration, where you edit files and then compile them into a form that Sendmail likes to see.

Cont… First open the file “access” - This is the file that contains all the domains that will be allowed to use your Send mail to send emails. You’ll also want to make a file called “relay-domains” and put your domain in there. This is to stop people from outside using your server to send spam You need to add in your domain here and any domains that might be own your network

Setting up Sendmail You'll also want to open up the file “local-host-names” - This will contain other names for your computer, so that Sendmail will still accept mail from these domains. This file should contain any other names you have for your computer Now your sendmail will know who it is good to accept mail from and who it is not good.

Setting up Sendmail The actual sendmail configuration file is in “sendmail.cf” but it has become so complicated they made another configuration file, which you then compile to make into the “sendmail.cf” In RedHat, they use this program called “m4” to generate the sendmail.cf file So after we edit the “sendmail.mc” file, we use m4 to change it, like [root@comp root]# m4 sendmail.mc > sendmail.cf

Setting up Sendmail Now that you have the configuration set up for Sendmail, you can restart the service if you want to take the new changes into affect So we use the service command to restart sendmail [root@comp root]# service sendmail restart And you can check to see if it's running by using 'ps -aux' and you'll see an entry that says, “sendmail: accepting connections” This means that it is up and running and people can send email to your server

Cont… And you can check to see if it's running by using 'ps -aux' and you'll see an entry that says, “send mail: accepting connections” This means that it is up and running and people can send email to your server But how does anyone else on the Internet know how to send email to your server?

MX Records MX Records – Mail Exchange records are part of the DNS system for the entire Internet. In order for other computers to know where to send you email, you need to have the correct MX records set up on some Name Server on the internet. They use a numerical priority determines the order in which servers should be used. The server with the lowest priority is the primary. In DNS, the MX records will look like the following.

Local Delivery Agents In most RedHat distributions, Sendmail will get the mail from some server on the Internet and then pass it off to another program for local delivery This means there is another layer of handling before an email will reach your inbox. Procmail is usually the program that is chosen to do the local delivery. The reason that there is another layer is that it is easy to do things to mail after it has come in with procmail. For example, you could sort mail into different folders, delete it if it is spam or make copies of everybody's email

Procmail When a new message comes in, Procmail will start automatically and deliver the mail to the correct folder for the person to read it You can change how mail is delivered though through a procmail configuration file. Initially, there is no configuration file for procmail, because it will just give whatever mail comes in to the person who should receive it

Cont… You can make one yourself though by creating a file called “/etc/procmailrc” This is the file where you can put rules that will change how mail is delivered

Procmail configuration Procmail configuration let's you do almost anything you can imagine to email, but you have to know the right way to configure Once you have the procmailrc file open, you can start putting rules.

Cont… For example, if you want to make a copy of everyone's email so you can read it yourself: :0c /home/mycopy-email The ':0' part says that a new rule is starting. The 'c' says copy all email and the following line says where to copy it.

Procmail Example: If you wanted to delete all email that came from a certain domain :0 * ^From.*bad-person@bad-domain.com /dev/null The first line says a new rule is starting. The next line checks if the 'From' field is from bad-person@bad-domain.com

Cont… The last line says move that message to /dev/null if the email is from that person /dev/null is like the trash bin for linux. If you move something there, it delete's it automatically.

IMAP and POP3 The last part of setting email on the server is to have a way for users to get that email. The most popular way is through to services called IMAP and POP3 IMAP - Internet Message Access Protocol It permits a "client" email program to access remote message stores as if they were local.

Cont… For example, email stored on an IMAP server can be manipulated from a desktop computer at home, a workstation at the office, and a notebook computer while traveling, without the need to transfer messages or files back and forth between these computers.

Turning on IMAP To get IMAP and POP3 working on your server, it is not difficult, but can be confusing because there are no startup scripts in the “rc.d” folder To get them started, you need to edit a file called “/etc/inetd.conf” This file has a list of all the services that are running and what ports they are connected on.

Cont.. Look down the list until you see the info for port “139” – pop3 and “143” – IMAP. Uncomment those lines and the next time you restart the server, IMAP and pop3 should be started

POP3 The other way to get email is through the POP3 service POP – Post Office Protocol It was the first way to get email from a server. POP3 is the latest version, which has replaced POP2.

Cont… POP is different from IMAP in that everything is downloaded to the client machine. Thus, if you make a change to your mail, it will only be changed on the client machine and not the server You can turn it on using the same procedures from IMAP

SMTP You will also hear about SMTP servers if you use computers. SMTP – Simple Mail Transfer Protocol – is a program that runs on a server and will send messages When we set up and turned on Sendmail, the SMTP server also started. When you send email from a client computer, you need a SMTP server to send it through. This is what is responsible for sending those messages to the rest of the Internet

Cont… It operates on port 25. A good way to see if it is running, try [root@comp root]# telnet localhost 25 What this command will do is use the telnet program to connect to port 25 on the computer you are using. You will then be able to see the protocol and server messages coming from the SMTP server

IMAP and POP You can also see how the IMAP and POP servers work by using the same telnet idea IMAP runs on port 143 POP3 runs on port 110 [root@comp root]# telnet localhost 143 [root@comp root]# telnet localhost 110

Cont… What happens then is that the IMAP or POP server thinks it is connected to something that will know how to speak it's language. If you knew the protocol that IMAP or POP used, you could get your email this way too.

Local and Remote Email You should be aware of when you are getting email from remotely and when you are accessing it locally on the server If you telnet into a server, and use a program like 'pine' or 'mutt' this means that you are accessing the local copy of the email. Your email is saved in a file in the “/var/mail” directory under your username. These programs open up that file and break it up so that it looks like there are many messages.

Cont… IMAP and POP3 are services that run on a server that allow client computers to use different programs (like Microsoft Outlook) to access email over a network. IMAP and POP will also open up your mail file, but they are not programs you use to read email. They are servers that will send your email to program that asks for it

Updating programs Sendmail, especially, but also IMAP and POP3 have been vulnerable to many security holes in the past. This is because they run as root, so if you can break in through the program, you can have root access to the system So one of the first things to do is to update Sendmail (get the newest from sendmail.org) and then IMAP as well. Generally, the installations are pretty easy, but we might need to change startup scripts.

Reference For more information about Sendmail: http://www.sendmail.org/ More information about Procmailhttp://userpages.umbc.edu/~ian/procmail.html More info about IMAP http://www.imap.org/about/ More info about SMTP http://www2.rad.com/networks/1998/smtp/smtp.htm

NFS

Network File System What is NFS? The Network File System is a file system that may be accessed via a network connection. The Network File System (NFS) was developed to allow machines to mount a disk partition on a remote machine as if it were on a local hard drive.

Cont… This allows for fast, seamless sharing of files across a network With other file systems, the storage device must be directly attached to the local system. However, with NFS this is not a requirement, making possible a variety of different configurations, from centralized file system servers, to entirely diskless computer systems

Cont… 1. Means server keeps no state: NFS developed by Sun Microsystems Native method for file sharing between Unix/Linux systems Stateless protocol(2&3): 1. Means server keeps no state: 2. Renders server crashes `easily recoverable‘

Cont… Systems are clients, servers or both Clients import shared file systems Servers export shared file systems Servers easy to implement via network daemons Clients require kernel modifications Linux systems normally work as both already NFS is NOT Unix/Linux specific (e.g. PCNFS)

Exporting System Exporting handled by daemons .nfsd and Must be running for NFS export to work Exported file systems listed in /etc/exports, format is: hostname(flags) [hostname(flags)] Important flags: (read only) (read/write)

Cont… _squash (map all uid/gid to something) (specify user ID to map to) (specify group ID to map to) After changing /etc/exports, restart NFS killall -HUP rpc.nfsd killall -HUP mount

Viewing exports ● Use showmount: $ showmount -e $ showmount -e hostname Export list for landlord.gbdirect.co.uk: /usr/local/gbdirect/cvsroot roti.gbdirect.co.uk /home/adamg /home/andylong

Cont… Mount a remotely exported directory Usually have to be super user: $ mount hostname:/share name /local/directory If successful, the export named /share name on host hostname is mounted on our mount point /local/directory Files accessed

Cont… just as if local Remote host must be exporting the directory You must have access permission Your local mount point must exist Exactly like mounting a device

Samba Security

What is samba? Samba provides file and print services for Microsoft Windows clients. These services may be hosted off any TCP/IP-enabled platform. The original deployment platforms were UNIX and Linux, though today it is in common use across a broad variety of systems. The Samba project includes not only an impressive feature set in file and print serving capabilities, but has been extended to include client functionality, utilities to ease migration to Samba, tools to aid interoperability with Microsoft Windows, and administration tools.

Who Needs Samba? You’ve got a UNIX server storing large amounts of research data, and want to share this data among a group of Windows-based client machines. You’ve got Linux workstations that need to print to a printer which is connected to a Windows machine. Many other interoperability scenarios, not just limited to Windows and UNIX (Macs, too!)

Why is there a need for securing Samba? Like any other networked service, Samba can be maliciously exploited in the wrong hands, if not configured properly. Sensitive data (financial, EPHI, HR, etc.) can potentially be compromised Inherent legal liability More simply, annoyances created by not securely locking down shared services (printer bombs, etc.)

What are the different approaches for securing Samba? User Share Domain ADS (Active Directory) Server

User Level Security Simplest - default setting since Samba-2.2.x client sends a session setup request directly following protocol negotiation. This request provides a username and password, which the server can either accept or reject. client expects to be able to mount shares without further specifying a password.

Share-Level Security client authenticates itself separately for each share. It sends a password along with each tree connection request (share mount), but it does not explicitly send a username with this operation. The client expects a password to be associated with each share, independent of the user. This means that Samba has to work out what username the client probably wants to use, since the SMB server is not explicitly sent the username.

Domain Security Mode provides a mechanism for storing all user and group accounts in a central, shared, account repository. repository is shared between domain (security) controllers. Servers that act as domain controllers provide authentication and validation services to all machines that participate in the security context for the domain. For most purposes at Yale, this is obsolete in favor of ADS

ADS Security Mode Samba can join an Active Directory domain using NT4 style RPC based security, if the domain is run in native mode The term realm is used to describe a Kerberos-based security architecture (such as is used by Microsoft ADS) In the event that Samba cannot correctly identify the appropriate ADS server using the realm name, use the password server option in smb.conf

Server Security (deprecated) left over from the time when Samba was not capable of acting as a domain member server. It is highly recommended not to use this feature - many drawbacks Samba server reports to the client that it is in user-level security. The client then does a session setup as described earlier. The Samba server takes the username/password that the client sends and attempts to log into the password server by sending exactly the same username/password that it got from the client.

Reference The Samba Website: http://www.samba.org The Official Samba-3 HOWTO and Reference Guide: http://www.samba.org/samba/docs/man/Samba3-HOWTO/ Workstation Support Services (WSS): http://wss.yale.edu Information Security Office (ISO): http://www.yale.edu/its/security/

WEB SERVER SETUP

Web server Apache Web Server is used Daemon is httpd (service httpd start/stop/restart)

Apache Configuration Directives Server Name Min and Max Servers Document Root CGI Enable/Disable User Directory Directory Index Mime Types Modules

File used Apache Configuration file: /etc/httpd/conf/httpd.conf Log files: /var/log/httpd/access_log and /var/log/httpd/error_log Modules /etc/httpd/modules Default Document Root /var/www/html Default CGI Root /var/www/cgi-bin

Basic Setting Change the default value for ServerName www.<your-domain.com> in httpd.conf and put the website content in /var/www/html Additionally you can configure Name based Virtual Hosting (allow more than one websites to run on the same server)

Squid Setup What is a Web Proxy? A proxy is a host which relays web access requests from clients used when clients do not access the web directly used for security, logging, accounting and performance browser proxy web

Obtaining Squid Source code (in C) from www.squid-cache.org Binary executables Linux (comes with RedHat and others) FreeBSD Windows Pre-installed in Fedora/Enterprise Linux

Basic Settings Edit the /etc/squid/squid.conf file to configure squid Squid Setup Basic Settings Edit the /etc/squid/squid.conf file to configure squid Configuration options: Disk Cache size and location Authentication Allowed Hosts Any other access restrictions (sites, content, size, time of access etc.) using ACL service squid start/stop/restart

Squid.conf Configuration Squid Setup Squid.conf Configuration cache_dir ufs /var/spool/squid/cache 100 16 256 auth_param basic program /usr/lib/squid/ncsa_auth /etc/shadow acl sidbiusers proxy_auth required http_access allow sidbiusers acl our_network src 172.28.250.0/24 http_access allow our_network (Note: use squid –z for the first time to create the cache directory and its subdirectories)

Thank you