LINUX ADMINISTRATION www.educlash.com.

Slides:



Advertisements
Similar presentations
1 Defining System Security Policies. 2 Module - Defining System Security Policies ♦ Overview An important aspect of Network management is to protect your.
Advertisements

Linux Security An overview notes from Linux Network Security HowTO.
Chapter 21 Security. Computer Center, CS, NCTU 2 Firewall (1)  Using ipfw 1.Add these options in kernel configuration file and recompile the kernel 2.Edit.
Securing Network using Linux. Lesson Outline Setting up a secure system TCP Wrapper configuration Firewalls in Linux Authentication Systems –NIS –Kerberos.
Linux+ Guide to Linux Certification, Second Edition Chapter 14 Network Configuration.
TCP/IP - Security Perspective Upper Layers CS-431 Dick Steflik.
CS 497C – Introduction to UNIX Lecture 35: - TCP/IP Networking Tools Chin-Chih Chang
1 Network File System. 2 Network Services A Linux system starts some services at boot time and allow other services to be started up when necessary. These.
Linux System Administration LINUX SYSTEM ADMINISTRATION.
Telnet/SSH: Connecting to Hosts Internet Technology1.
1 Chapter 6 Network Security Threats. 2 Objectives In this chapter, you will: Learn how to defend against packet sniffers Understand the TCP, UDP, and.
1 Linux Networking and Security Chapter 4. 2 Configuring Client Services Configure “superservers” to handle multiple network services Set up administrative.
Overview: Identify the Internet protocols and standards Identify common vulnerabilities and countermeasures Identify specific IIS/WWW/FTP concerns Identify.
Network Protocols. Why Protocols?  Rules and procedures to govern communication Some for transferring data Some for transferring data Some for route.
1 COP 4343 Unix System Administration Unit 15: file server – ftp – nfs.
Network Services CSCI N321 – System and Network Administration Copyright © 2000, 2007 by Scott Orr and the Trustees of Indiana University.
The Saigon CTT Chapter 16 Remote Connectivity. The Saigon CTT  Objectives  Explain : telnet rsh ssh  Configure FTP.
ITI-481: Unix Administration Meeting 3. Today’s Agenda Hands-on exercises with booting and software installation. Account Management Basic Network Configuration.
Hour 7 The Application Layer 1. What Is the Application Layer? The Application layer is the top layer in TCP/IP's protocol suite Some of the components.
Linux Services Muhammad Amer. 2 xinetd Programs  In computer networking, xinetd, the eXtended InterNET Daemon, is an open-source super-server daemon.
Linux Networking Security Sunil Manhapra & Ling Wang Project Report for CS691X July 15, 1998.
 FreeBSD firewalls › ipfw -- IP firewall and traffic shaper control program  ipfw(8) › ipf (IP Filter) - alters packet filtering lists for IP packet.
Application Services COM211 Communications and Networks CDA College Theodoros Christophides
1 Linux Networking and Security Chapter 5. 2 Configuring File Sharing Services Configure an FTP server for anonymous or regular users Set up NFS file.
Linux Security. Module 13 – Linux Security ♦ Overview Linux is more prone today to security loopholes and attacks, both inside and outside the network.
1 Linux Security. 2 Linux is not secure No computer system can ever be "completely secure". –make it increasingly difficult for someone to compromise.
Networking in Linux. ♦ Introduction A computer network is defined as a number of systems that are connected to each other and exchange information across.
ORAFACT The Secure Shell. ORAFACT Secure Shell Replaces unencrypted utilities rlogin and telnet rsh rcp Automates X11 authentication Supports tunneling.
FTP File Transfer Protocol Graeme Strachan. Agenda  An Overview  A Demonstration  An Activity.
Internet Services.  Basically, an Internet Service can be defined as any service that can be accessed through TCP/IP based networks, whether an internal.
Phil Hurvitz Securing UNIX Servers with the Secure.
Security and Firewalls Ref: Keeping Your Site Comfortably Secure: An Introduction to Firewalls John P. Wack and Lisa J. Carnahan NIST Special Publication.
Protocols COM211 Communications and Networks CDA College Olga Pelekanou
Linux Services Configuration
Unix network Services. Configuring a network interface In Unix there are essentially two commands that are used to enable TCP/IP. ifconfig route.
Protocols Monil Adhikari. Agenda Introduction Port Numbers Non Secure Protocols FTP HTTP Telnet POP3, SMTP Secure Protocols HTTPS.
Unix System Administration Chapter 31 Daemons. Out of the Goo, the Primordial Process l Init l Always the first process to run after system boot l Always.
SECURE SHELL MONIKA GUPTA COT OUTLINE What is SSH ? What is SSH ? History History Functions of Secure Shell ? Functions of Secure Shell ? Elements.
SSH. 2 SSH – Secure Shell SSH is a cryptographic protocol – Implemented in software originally for remote login applications – One most popular software.
Secure services Unit-IV CHAP-1
Application Layer Functionality and Protocols Abdul Hadi Alaidi
Ssh: secure shell.
Instructor Materials Chapter 5 Providing Network Services
Chapter 9 Router Configuration (Ospf, Rip) Webmin, usermin Team viewer
Linux Networking Tools
Chapter 5 Linux Services
SECURE SHELL MONIKA GUPTA COT 4810.
Unit 4: Transport protocols
MCA – 405 Elective –I (A) Java Programming & Technology
LINUX ADMINISTRATION 1
Module 4 Remote Login.
Lecture 6: TCP/IP Networking By: Adal Alashban
Working at a Small-to-Medium Business or ISP – Chapter 7
Working at a Small-to-Medium Business or ISP – Chapter 7
IS3440 Linux Security Unit 6 Using Layered Security for Access Control
Network Services CSCI N321 – System and Network Administration
Telnet/SSH Connecting to Hosts Internet Technology.
Chapter 4 Core TCP/IP Protocols
Securing Network Services
TCP/IP Networking An Example
Single Sign-on with Kerberos
Working at a Small-to-Medium Business or ISP – Chapter 7
Lab 7 - Topics Establishing SSH Connection Install SSH Configure SSH
Network Services.
COP 4343 Unix System Administration
LINUX SYSTEM ADMINISTRATION
Daemons & inetd Refs: Chapter 12.
Windows Server Administration Fundamentals
APACHE WEB SERVER.
Chapter 7 Network Applications
Presentation transcript:

LINUX ADMINISTRATION www.educlash.com

UNIT 4 CHAPTER-1 www.educlash.com

CHAPTER 1 : INTERNET SERVICES WHAT IS AN INTERNET SERVICE? Internet Service can be defined as any service that can be accessed through TCP/IP based networks, whether an internal network (Intranet) or external network (Internet) Internet services can be provided through either secure or non-secure TCP/IP connections. Common services are Telnet, FTP, SMTP, HTTP, ICMP, ARP, DNS, ssh, scp, sftp, and others. www.educlash.com

Secure Services Plain text traffic is extremely easyto eavesdrop on by anyone Since the Internet has exploded in popularity, running insecure services such as these is not a good idea. That‘s why secure replacements have been developed These replacements provide stronger Authentication controls and encrypt all their traffic to keep your data safe. www.educlash.com

Ssh Secure Shell, also known as ssh, is a secure telnet replacement that encrypts all traffic, including passwords, using a public/private encryption key exchange protocol. ssh vnavrat@woolf.xena.edu you start ssh, it asks for your password, and then you have a regular terminal screen. www.educlash.com

scp Secure Copy, also known as scp, is part of the ssh package. It is a secure alternative to rcp and ftp You can scp files to any machine that has an ssh daemon running www.educlash.com

sftp Secure File Transfer Program, also known as sftp, is an FTP client that performs all its functions over ssh. The syntax for sftp is sftp user@host:file file www.educlash.com

Less Secure Services telnet These are insecure services that should not be used, since they trust that the network is absolutely secure. telnet Telnet is an application that‘s available almost everywhere. All telnet traffic, including passwords, is sent in plain text. [vnavrat@buffy vnavrat]$ telnet xena  Trying 127.0.0.1... Connected to xena. Escape character is ‘^]’. Welcome to null.xena.edu login: www.educlash.com

Rsync Rsh rlogin Finger rsync is an unencrypted file transfer program that is similar to rcp. Differences between two sets of files on two machines to be transferred across the network. Rsh rsh is an unencrypted mechanism to execute commands on remote hosts. rsh remotehostname remotecommand rlogin rlogin is a remote login program that connects your terminal to a remote machine‘s terminal. Finger finger enables users on remote systems to look up information about users on another system. Generally finger displays a user‘s login name, real name, terminal name, idle time, login time, office location, and phone number. www.educlash.com

talk and ntalk Talk and ntalk are real-time chat protocols. The talk server runs on port 517 The ntalk server runs on port 518. www.educlash.com

USING YOUR LINUX MACHINE AS A SERVER http The most common Web server used on Linux is Apache configuration files live in /etc/httpd/conf/. Sshd The secure shell daemon (sshd) is started out of the system‘s rc scripts. global system configuration files are in /etc/ssh user‘s ssh configuration files are in $HOME/.ssh/. www.educlash.com

Ftpd dns The FTP daemon uses ports 20 and 21 to listen for and initiate FTP requests Its configuration files ftpaccess ftpconversions ftpgroups ftphosts ftpusers located in the /etc directory. dns The Domain Name Service (DNS), which maps IP addresses to hostnames, It is served by the named program on port 53. Its configuration file is named.conf in the /etc directory. 12 www.educlash.com

The Inetd Server Xinetd inetd is called an Internet superserver. It is launched at boot time, and listens for connections on network sockets. It checks the inetd.conf file to see what services should be running. It then reads the /etc/services file to see what ports those services should be running on. Xinetd xinetd is a replacement for inetd, that adds more security and functionality. great reason to run xinetd is that it can run alongside inetd inetd and xinetd behave the same way www.educlash.com

INETD AND XINETD www.educlash.com

SERVICES ARE SPAWNED FROM SUPERSERVERS SUCH AS INETD AND XINETD 1. chargen — random character generator that sends its traffic over tcp 2. daytime-udp — gives you the time over udp 3. finger — user information lookup program 4. kshell — restricts user access to the shell 5. rlogin — service similar to telnet, but enables trust relationships between machines 6. swat — Samba Web Administration Tool 7. time — gives you the time 8. chargen-udp — random character generator that sends its traffic over udp 9. echo — echoes back all characters sent to it over tcp  10. gssftp — kerberized FTP server www.educlash.com

www.educlash.com 11. rsh — remote shell 12. talk — a talk (real-time chat) server 13. time-udp — gives you the time over udp 14. comsat — notifies users if they have new mail 15. echo-udp — echoes back all characters sent to it over udp 16. klogin — kerberos‘s answer to rlogin 17. ntalk — a talk (real-time chat) server 18. rsync — remote file transfer protocol 19. telnet — telnet server 20. wu-ftpd — an ftp server 21. daytime — gives you the time over tcp  22. eklogin — encrypting kerberized rlogin server www.educlash.com

www.educlash.com 23. krb5-telnet — kerberized telnet server 24. rexec — provides remote execution facilities 25. sgi_fam — file monitoring daemon 26. tftp — trivial file transfer program www.educlash.com

STAND-ALONE SERVICES These services are started from the rc scripts specifically written for them in the rc directories. You can enable or disable these services from those directories. www.educlash.com

www.educlash.com 1. apache — Web server 2. sshd — ssh server 3. sendmail — mail server 4. qmail — mail server 5. postfix — mail server 6. thttpd — semilightweight Web server 7. boa — lightweight Web server 8. named — dns server 9. xfs — X font server 10. xdm — X display manager www.educlash.com

11. portmap — maps RPC services to ports 12. rpc.quotad — serves quota information 13. knfsd — userspace portion of the NFS daemon 14. rpc.mountd — NFS mount server 15. rpc.ypbind — NIS server 16. squid — Web proxy server 17. nessusd — penetration testing server 18. postgresql — database server 19. mysql — database server  20. oracle — database server 20 www.educlash.com

LINUX FIREWALL PACKAGES Linux provides a few different mechanisms for system security. One of these mechanisms is Linux‘s firewall packages. Two of the firewalling packages available are tcp- wrappers and ipchains. tcp-wrappers is a minimalistic packet filtering application to protect certain network ports ipchains is a packet filtering firewall. www.educlash.com

TCP wrappers works only on programs that are started from inetd. An inetd.conf without tcp-wrappers would look like this: telnet stream tcp nowait root /usr/sbin/in.telnetd in.telnetd An inetd.conf with tcp-wrappers looks like this: telnet stream tcp nowait root /usr/sbin/tcpd in.telnetd www.educlash.com

WHAT DOES WITH AND WITHOUT WRAPPER MEANS If your system does not have TCP Wrappers built in your configuration will have to use the tcpd program that is part of TCP Wrappers to wrap inetd services. In order to wrap an inetd service.you simply change its entry in /etc/inetd.conf so that tcpd is executed telnet stream tcp nowait root /usr/sbin/in.telnetd in.telnetd telnet stream tcp nowait root /usr/sbin/tcpd in.telnetd In other words, replace the pathname of the daemon with the full path to tcpd, leaving everything else untouched. 23 www.educlash.com

If the hostname is in /etc/hosts.deny, the connection is closed. When inetd starts up, it looks through /etc/inetd. to see what network service connections it should start listening for. tcpd is then called and reads the /etc/hosts.allow file to see if the hostname is allowed. If the hostname is in /etc/hosts.deny, the connection is closed. www.educlash.com

SYNTAX OF AN ALLOW OR DENY RULE service: hostname : options Add rules host.allow or in host.deny hosts.allow file in.telnetd: .xena.edu : ALLOW To enable only machines from the xena.edu domain to telnet into your machine hosts.deny file in.telnetd: .xena.edu : DENY www.educlash.com

ipchains is Linux‘s built-in IP firewall administration tool Using ipchains enables you to run a personal firewall to protect your Linux machine. If the Linux machine is a routing gateway for other machines on your network, it can act as a packet filtering network firewall if more than one network interface is installed. www.educlash.com

THANK YOU www.educlash.com

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.