Presentation is loading. Please wait.

Presentation is loading. Please wait.

LINUX SERVER BUILD & SECURITY CONFIG N.E.T LAB Junior, 05 HJS Sophomore, 04 PJK Network Engineer Training Laboratory.

Published byPreston Farmer Modified over 8 years ago

Similar presentations

Presentation on theme: "LINUX SERVER BUILD & SECURITY CONFIG N.E.T LAB Junior, 05 HJS Sophomore, 04 PJK Network Engineer Training Laboratory."— Presentation transcript:

1 LINUX SERVER BUILD & SECURITY CONFIG N.E.T LAB Junior, 05 HJS Sophomore, 04 PJK Network Engineer Training Laboratory

2 TABLE & GRAPH

3 CONTENTS BEGIN,, ◎ Built environment - p. 4 ◎ Install - p. 5 SERVER,, ◎ DNS server config - p. 6 ◎ TELNET sever config - p. 8 ◎ FTP server config - p. 9 ◎ DB server config - p. 10 ◎ WEB server config - p. 11 Network Engineer Training Laboratory EXAM SERVER,, ◎ Simple WEB server page - p. 12 ◎ DB server use for PHP - p. 13 SECURITY,, ◎ Soft security - p. 14 ◎ Hard security - p. 15 BACKUP,, ◎ Two week-cycle auto backup at DB server PC #hdb - p. 16 FIN,, - p. 18

4 Built environment ◎ Used two PC for cross server PC #1 PC #2 º DNS serverº DATABASE server º WEB serverº BACKUP server º FTP server º TELNET server Network Engineer Training Laboratory BEGIN,, DEBIAN LINUX SERIES DEBIAN LINUX UBUNTU 5.01 KERNELUBUNTU 5.01 10 Mbps NETWORK100 Mbps 203.237.80.129 IP ADDRESS203.237.85.238 P4 2.8C PC SPECAMD - 1100 1GB ram/160GB HDD 512MB ram/5GB HDD p. 4

5 Install ◎ COMMON º Select language : ENGLISH (UNITED STATES) º Hostname : djnet.dnip.net º Partitioning : HDD - 100% = / - 10%, swap - 1GB, /BOOT – 30%, /VAR – the rest of the HDD º The Network : Edit /etc/network/interfaces, adjust it. IPADDR, NETMASK, NETWORK, BROADCAST, GATEWAY º Hosts : Edit /etc/hosts -> add new IPADDR º Update & Upgrade : Edit /etc/apt/sources.list -> add recent archive site Do #apt-get update & #apt-get upgrade º Install SSH & ETC library (cpp, lib, tool etc,,) Network Engineer Training Laboratory BEGIN,, p. 5 ◎ PC #1 º DNS server : Install bind9 & bind9 config logging deamon & restart º WEB server : Install apache2 º FTP server : Install vsftpd º TELNET server : Install telnetd ◎ PC #2 º DATABASE server : Install My-SQL º BACKUP server * About hacking intercepts the outside IPADDR because of defense. PC #1PC #2

6 DNS server config ◎ Domain name system - Converts IPADDR with Domain Name and the system which provides routing system Network Engineer Training Laboratory SERVER,, p. 6 ◎ DNS config - Edit /etc/bind/named.conf, adjust it. & make file /etc/bind/dj-djnet /etc/bind/named.conf/etc/bind/db-djnet

7 DNS server config ◎ DNS server application - When there is not DNS and the Internet is not connected. Network Engineer Training Laboratory SERVER,, p. 7 ◎ DNS Install & configure

8 TELNET server config ◎ Teletype-network - Network protocol used on the Internet or LAN connections Network Engineer Training Laboratory SERVER,, p. 8 ◎ TELNET server application -Connected 203.237.80.129 telnet server Ls command Execution (LS is DOS’s dir command) ◎ TELNET config ▷ Make /etc/xinetd.conf, adjust it.

9 FTP server config ◎ File Transfer Protocol - The network leads and sends a file and receives the protocol Network Engineer Training Laboratory SERVER,, p. 9 ◎ FTP server application Connected 203.237.80.129 FTP server Help command and LS command executions ◎ FTP config ▷ Edit /etc/vsftpd.conf, adjust permission and port REMOVE # >> listen=YES, local_enable=YES, write_enable=YES ADD # >> anonymous_enable=YES

10 DB server config ◎ Data-Base server - Server for database input-output control Network Engineer Training Laboratory SERVER,, p. 10 ◎ MYSQL config ▷ Edit /etc/mysql/my.cnf, adjust it. REMOVE # >> bind-address = 127.0.0.1 ▷ Executes mysql, add user and grant privileges. sql> GRANT ALL PRIVILEGES ON net(DBNAME).* TO net(USERID)@203.237.80.129(IP) IDENTIFIED BY ‘password'; ◎ DB server application Connected 203.237.85.238 DB server Login root Show databases command and use mysql execution

11 WEB server config ◎ Web server - Program for web service Network Engineer Training Laboratory SERVER,, p. 11 ◎ Httpd config ▷ Edit /etc/apache2/apache2.conf, adjust it. ADD DirectoryIndex line >> index.php, index.php3, index.html ADD line >> AddDefaultCharSet EUC-KR If user want private folder then remove #

12 Simple WEB server page ◎ Web server HTTP://djnet.dnip.net is runningHTTP://djnet.dnip.net Network Engineer Training Laboratory EXAM SERVER,, p. 12 ◎ Server information ▷ The homepage is located in /var/www/ ▷ APM system was applied (apache + php + mysql) ▷ Unlimited traffic SAMPLE PAGE

13 DB server use for PHP ◎ Sample guestbook made by PHP ▷ HTTP://djnet.dnip.net/guest is runningHTTP://djnet.dnip.net/guest Network Engineer Training Laboratory EXAM SERVER,, p. 13

14 Soft security ◎ Console approach control (/etc/lilo.conf << add password ) Network Engineer Training Laboratory SECURITY,, p. 14 ◎ Remove useless daemon ◎ TELNET use prohibition -> SSH (secure shell) ◎ Permission set -> #chmod –R 711 ◎ Connection limitation Edit /etc/hosts.deny/ << in.telnetd:ALL Edit /etc/hosts.allow/ << in.telnetd:IPADDR

15 Hard security ◎ Port interceptions - firewallstarter (UBUNTU Linux don’t need it) - EDIT /etc/services  port list file, Network Engineer Training Laboratory SECURITY,, p. 15 ◎ DNS security - EDIT /etc/bind/named.conf.options << << allow-transfer { none; }; ◎ IPCHAINS (iptable) - #ipchains –A input –s 0/0 ! www –p tcp –j DENY ※ Command toward server with packet mode, ipchain packet filtering Processing resulting output Checksum Sanity Input Chain DeMasquerade Routing Decision Local Output Chain Forward Chain Forward Chain Filtering of Packet

16 DB-server IPADDR Web-server Group ID BACKUP SYSTEM Network Engineer Training Laboratory BACKUP,, p. 16 ◎ PC #1 Web-server º Make shell script for webpage backup >> make file /root/backup.sh ◎ For auto backup system used tar, rsync and crontab º Add crontab schedule >> 00 06 * * * /root/backup.sh º Configure rsync >> make file /etc/rsyncd.conf º Make file /etc/xinetd.d/rsync ◎ Every day 06:00 execute auto backup for Web-server’s webpages ◎ PC#1 backup system finished

17 HDB#2 증가백업 HDB#1 증가백업 HDB#2 증가백업 HDB#1 증가백업 HDB#2 증가백업 HDB#1 증가백업 일 월 화 수 목 금 HDB#2 증가백업 HDB#1 증가백업 HDB#2 증가백업 HDB#1 증가백업 HDB#2 증가백업 HDB#1 증가백업 금목 수 화 월 일 HDB#1 완전백업 HDB#2 완전백업 토토 매체백업매체백업 매체백업매체백업 Information HDA, HDB BACKUP SYSTEM Network Engineer Training Laboratory BACKUP,, p. 17 ◎ PC #2 config for two-week cycle backup at #hdb º Partition hdb -> hdb1, hdb2 ▷ Time plan and synopsis ▷ Edit crontab schedule and make shell script file ▷ Make shell script file >> /root/backup.sh º Rsync –avz 203.237.80.129:backup/ /backup ◎ PC#2 backup system finished

18 FINISH Network Engineer Training Laboratory FIN,, p. 18 WORK STATION in N.E.T lab. ▷ Necessity of server ▷ Prospect of server.. I knew if I stayed around l ong enough, something lik e this would happen (George Bernard Shaw)

Download ppt "LINUX SERVER BUILD & SECURITY CONFIG N.E.T LAB Junior, 05 HJS Sophomore, 04 PJK Network Engineer Training Laboratory."

Similar presentations

How to Deploy a Cloud Based Webserver in 5 minutes.

How to Deploy a Cloud Based Webserver in 5 minutes.
December, 2008 CS-591 Securing Servers: International Capture the Flag 1 Nadine Sundquist CS591-F2008 University of Colorado, Colorado Springs Dr. C. Edward.

December, 2008 CS-591 Securing Servers: International Capture the Flag 1 Nadine Sundquist CS591-F2008 University of Colorado, Colorado Springs Dr. C. Edward.
Dan Fleck.  WAMP – Windows Apache MySQL PHP -  LAMP – Linux Apache MySQL PHP ◦ There are.

Dan Fleck.  WAMP – Windows Apache MySQL PHP -  LAMP – Linux Apache MySQL PHP ◦ There are.
LIS654lecture 3 omeka installation and system overview start Thomas Krichel 2011-09-29.

LIS654lecture 3 omeka installation and system overview start Thomas Krichel
CSCI 530 Lab Firewalls. Overview Firewalls Capabilities Limitations What are we limiting with a firewall? General Network Security Strategies Packet Filtering.

CSCI 530 Lab Firewalls. Overview Firewalls Capabilities Limitations What are we limiting with a firewall? General Network Security Strategies Packet Filtering.
Building a Home Web Server Grant Root

Building a Home Web Server Grant Root
Securing Network using Linux. Lesson Outline Setting up a secure system TCP Wrapper configuration Firewalls in Linux Authentication Systems –NIS –Kerberos.

Securing Network using Linux. Lesson Outline Setting up a secure system TCP Wrapper configuration Firewalls in Linux Authentication Systems –NIS –Kerberos.
© Copyright 1997, The University of New Mexico C-1 Internet Service Provider Services What to do once you’re connected.

© Copyright 1997, The University of New Mexico C-1 Internet Service Provider Services What to do once you’re connected.
1 實驗十:以 Linux 架設 Internet/Intranet 伺服 器 教師: 助教:. 2 Outline  Background  Linux system  Popular Internet services  Internet services  Internet  HTTP.

1 實驗十:以 Linux 架設 Internet/Intranet 伺服 器 教師: 助教:. 2 Outline  Background  Linux system  Popular Internet services  Internet services  Internet  HTTP.
Securing LAMP: Linux, Apache, MySQL and PHP Track 2 Workshop PacNOG 7 July 1, 2010 Pago Pago, American Samoa.

Securing LAMP: Linux, Apache, MySQL and PHP Track 2 Workshop PacNOG 7 July 1, 2010 Pago Pago, American Samoa.
Ssh: secure shell. overview Purpose Protocol specifics Configuration Security considerations Other uses.

Ssh: secure shell. overview Purpose Protocol specifics Configuration Security considerations Other uses.
Linux System Administration LINUX SYSTEM ADMINISTRATION.

Linux System Administration LINUX SYSTEM ADMINISTRATION.
Web Server Configuration Alokes Chattopadhyay Computer & Informatics Centre IIT Kharagpur.

Web Server Configuration Alokes Chattopadhyay Computer & Informatics Centre IIT Kharagpur.
Configuring a Web Server. Overview Overview of IIS Preparing for an IIS Installation Installing IIS Configuring a Web Site Administering IIS Troubleshooting.

Configuring a Web Server. Overview Overview of IIS Preparing for an IIS Installation Installing IIS Configuring a Web Site Administering IIS Troubleshooting.
Penetration Testing Training Day Capture the Flag Training.

Penetration Testing Training Day Capture the Flag Training.
VsFTP in Linux. Introduction to FTP The File Transfer Protocol (FTP) is used as one of the most common means of copying files between servers over the.

VsFTP in Linux. Introduction to FTP The File Transfer Protocol (FTP) is used as one of the most common means of copying files between servers over the.
Drupal Jumpstart Information Systems 337 Prof. Harry Plantinga.

Drupal Jumpstart Information Systems 337 Prof. Harry Plantinga.
ITI-481: Unix Administration Meeting 3. Today’s Agenda Hands-on exercises with booting and software installation. Account Management Basic Network Configuration.

ITI-481: Unix Administration Meeting 3. Today’s Agenda Hands-on exercises with booting and software installation. Account Management Basic Network Configuration.
Inetd...Server of Servers Looks at a number of ports Determines when a service is needed on any of those ports Calls the appropriate server Restarts new.

Inetd...Server of Servers Looks at a number of ports Determines when a service is needed on any of those ports Calls the appropriate server Restarts new.
Hour 7 The Application Layer 1. What Is the Application Layer? The Application layer is the top layer in TCP/IP's protocol suite Some of the components.

Hour 7 The Application Layer 1. What Is the Application Layer? The Application layer is the top layer in TCP/IP's protocol suite Some of the components.

Similar presentations

Ads by Google