Presentation is loading. Please wait.

Presentation is loading. Please wait.

LINUX ADMINISTRATION www.educlash.com.

Published byBrett West Modified over 6 years ago

Similar presentations

Presentation on theme: "LINUX ADMINISTRATION www.educlash.com."— Presentation transcript:

1 LINUX ADMINISTRATION

2 UNIT 4 CHAPTER-1

3 CHAPTER 1 : INTERNET SERVICES
WHAT IS AN INTERNET SERVICE? Internet Service can be defined as any service that can be accessed through TCP/IP based networks, whether an internal network (Intranet) or external network (Internet) Internet services can be provided through either secure or non-secure TCP/IP connections. Common services are Telnet, FTP, SMTP, HTTP, ICMP, ARP, DNS, ssh, scp, sftp, and others.

4 Secure Services Plain text traffic is extremely easyto eavesdrop on by
anyone Since the Internet has exploded in popularity, running insecure services such as these is not a good idea. That‘s why secure replacements have been developed These replacements provide stronger Authentication controls and encrypt all their traffic to keep your data safe.

5 Ssh Secure Shell, also known as ssh, is a secure telnet replacement that encrypts all traffic, including passwords, using a public/private encryption key exchange protocol. ssh you start ssh, it asks for your password, and then you have a regular terminal screen.

6 scp Secure Copy, also known as scp, is part of the ssh package.
It is a secure alternative to rcp and ftp You can scp files to any machine that has an ssh daemon running

7 sftp Secure File Transfer Program, also known as sftp, is an FTP client that performs all its functions over ssh. The syntax for sftp is sftp file

8 Less Secure Services telnet
These are insecure services that should not be used, since they trust that the network is absolutely secure. telnet Telnet is an application that‘s available almost everywhere. All telnet traffic, including passwords, is sent in plain text. vnavrat]$ telnet xena  Trying Connected to xena. Escape character is ‘^]’. Welcome to null.xena.edu login:

9 Rsync Rsh rlogin Finger
rsync is an unencrypted file transfer program that is similar to rcp. Differences between two sets of files on two machines to be transferred across the network. Rsh rsh is an unencrypted mechanism to execute commands on remote hosts. rsh remotehostname remotecommand rlogin rlogin is a remote login program that connects your terminal to a remote machine‘s terminal. Finger finger enables users on remote systems to look up information about users on another system. Generally finger displays a user‘s login name, real name, terminal name, idle time, login time, office location, and phone number.

10 talk and ntalk Talk and ntalk are real-time chat protocols.
The talk server runs on port 517 The ntalk server runs on port 518.

11 USING YOUR LINUX MACHINE AS A SERVER
http The most common Web server used on Linux is Apache configuration files live in /etc/httpd/conf/. Sshd The secure shell daemon (sshd) is started out of the system‘s rc scripts. global system configuration files are in /etc/ssh user‘s ssh configuration files are in $HOME/.ssh/.

12 Ftpd dns The FTP daemon uses ports 20 and 21 to listen for
and initiate FTP requests Its configuration files ftpaccess ftpconversions ftpgroups ftphosts ftpusers located in the /etc directory. dns The Domain Name Service (DNS), which maps IP addresses to hostnames, It is served by the named program on port 53. Its configuration file is named.conf in the /etc directory. 12

13 The Inetd Server Xinetd inetd is called an Internet superserver.
It is launched at boot time, and listens for connections on network sockets. It checks the inetd.conf file to see what services should be running. It then reads the /etc/services file to see what ports those services should be running on. Xinetd xinetd is a replacement for inetd, that adds more security and functionality. great reason to run xinetd is that it can run alongside inetd inetd and xinetd behave the same way

14 INETD AND XINETD

15 SERVICES ARE SPAWNED FROM SUPERSERVERS
SUCH AS INETD AND XINETD 1. chargen — random character generator that sends its traffic over tcp 2. daytime-udp — gives you the time over udp 3. finger — user information lookup program 4. kshell — restricts user access to the shell 5. rlogin — service similar to telnet, but enables trust relationships between machines 6. swat — Samba Web Administration Tool 7. time — gives you the time 8. chargen-udp — random character generator that sends its traffic over udp 9. echo — echoes back all characters sent to it over tcp  10. gssftp — kerberized FTP server

16 www.educlash.com 11. rsh — remote shell
12. talk — a talk (real-time chat) server 13. time-udp — gives you the time over udp 14. comsat — notifies users if they have new mail 15. echo-udp — echoes back all characters sent to it over udp 16. klogin — kerberos‘s answer to rlogin 17. ntalk — a talk (real-time chat) server 18. rsync — remote file transfer protocol 19. telnet — telnet server 20. wu-ftpd — an ftp server 21. daytime — gives you the time over tcp  22. eklogin — encrypting kerberized rlogin server

17 www.educlash.com 23. krb5-telnet — kerberized telnet server
24. rexec — provides remote execution facilities 25. sgi_fam — file monitoring daemon 26. tftp — trivial file transfer program

18 STAND-ALONE SERVICES These services are started from the rc scripts specifically written for them in the rc directories. You can enable or disable these services from those directories.

19 www.educlash.com 1. apache — Web server 2. sshd — ssh server
3. sendmail — mail server 4. qmail — mail server 5. postfix — mail server 6. thttpd — semilightweight Web server 7. boa — lightweight Web server 8. named — dns server 9. xfs — X font server 10. xdm — X display manager

20 11. portmap — maps RPC services to ports
12. rpc.quotad — serves quota information 13. knfsd — userspace portion of the NFS daemon 14. rpc.mountd — NFS mount server 15. rpc.ypbind — NIS server 16. squid — Web proxy server 17. nessusd — penetration testing server 18. postgresql — database server 19. mysql — database server  oracle — database server 20

21 LINUX FIREWALL PACKAGES
Linux provides a few different mechanisms for system security. One of these mechanisms is Linux‘s firewall packages. Two of the firewalling packages available are tcp- wrappers and ipchains. tcp-wrappers is a minimalistic packet filtering application to protect certain network ports ipchains is a packet filtering firewall.

22 TCP wrappers works only on programs that are started from inetd.
An inetd.conf without tcp-wrappers would look like this: telnet stream tcp nowait root /usr/sbin/in.telnetd in.telnetd An inetd.conf with tcp-wrappers looks like this: telnet stream tcp nowait root /usr/sbin/tcpd in.telnetd

23 WHAT DOES WITH AND WITHOUT WRAPPER
MEANS If your system does not have TCP Wrappers built in your configuration will have to use the tcpd program that is part of TCP Wrappers to wrap inetd services. In order to wrap an inetd service.you simply change its entry in /etc/inetd.conf so that tcpd is executed telnet stream tcp nowait root /usr/sbin/in.telnetd in.telnetd telnet stream tcp nowait root /usr/sbin/tcpd in.telnetd In other words, replace the pathname of the daemon with the full path to tcpd, leaving everything else untouched. 23

24 If the hostname is in /etc/hosts.deny, the connection is closed.
When inetd starts up, it looks through /etc/inetd. to see what network service connections it should start listening for. tcpd is then called and reads the /etc/hosts.allow file to see if the hostname is allowed. If the hostname is in /etc/hosts.deny, the connection is closed.

25 SYNTAX OF AN ALLOW OR DENY RULE
service: hostname : options Add rules host.allow or in host.deny hosts.allow file in.telnetd: .xena.edu : ALLOW To enable only machines from the xena.edu domain to telnet into your machine hosts.deny file in.telnetd: .xena.edu : DENY

26 ipchains is Linux‘s built-in IP firewall administration tool
Using ipchains enables you to run a personal firewall to protect your Linux machine. If the Linux machine is a routing gateway for other machines on your network, it can act as a packet filtering network firewall if more than one network interface is installed.

27 THANK YOU

Download ppt "LINUX ADMINISTRATION www.educlash.com."

Similar presentations

1 Defining System Security Policies. 2 Module - Defining System Security Policies ♦ Overview An important aspect of Network management is to protect your.

1 Defining System Security Policies. 2 Module - Defining System Security Policies ♦ Overview An important aspect of Network management is to protect your.
Linux Security An overview notes from Linux Network Security HowTO.

Linux Security An overview notes from Linux Network Security HowTO.
Chapter 21 Security. Computer Center, CS, NCTU 2 Firewall (1)  Using ipfw 1.Add these options in kernel configuration file and recompile the kernel 2.Edit.

Chapter 21 Security. Computer Center, CS, NCTU 2 Firewall (1)  Using ipfw 1.Add these options in kernel configuration file and recompile the kernel 2.Edit.
Securing Network using Linux. Lesson Outline Setting up a secure system TCP Wrapper configuration Firewalls in Linux Authentication Systems –NIS –Kerberos.

Securing Network using Linux. Lesson Outline Setting up a secure system TCP Wrapper configuration Firewalls in Linux Authentication Systems –NIS –Kerberos.
Linux+ Guide to Linux Certification, Second Edition Chapter 14 Network Configuration.

Linux+ Guide to Linux Certification, Second Edition Chapter 14 Network Configuration.
TCP/IP - Security Perspective Upper Layers CS-431 Dick Steflik.

TCP/IP - Security Perspective Upper Layers CS-431 Dick Steflik.
CS 497C – Introduction to UNIX Lecture 35: - TCP/IP Networking Tools Chin-Chih Chang

CS 497C – Introduction to UNIX Lecture 35: - TCP/IP Networking Tools Chin-Chih Chang
1 Network File System. 2 Network Services A Linux system starts some services at boot time and allow other services to be started up when necessary. These.

1 Network File System. 2 Network Services A Linux system starts some services at boot time and allow other services to be started up when necessary. These.
Linux System Administration LINUX SYSTEM ADMINISTRATION.

Linux System Administration LINUX SYSTEM ADMINISTRATION.
Telnet/SSH: Connecting to Hosts Internet Technology1.

Telnet/SSH: Connecting to Hosts Internet Technology1.
1 Chapter 6 Network Security Threats. 2 Objectives In this chapter, you will: Learn how to defend against packet sniffers Understand the TCP, UDP, and.

1 Chapter 6 Network Security Threats. 2 Objectives In this chapter, you will: Learn how to defend against packet sniffers Understand the TCP, UDP, and.
1 Linux Networking and Security Chapter 4. 2 Configuring Client Services Configure “superservers” to handle multiple network services Set up administrative.

1 Linux Networking and Security Chapter 4. 2 Configuring Client Services Configure “superservers” to handle multiple network services Set up administrative.
Overview: Identify the Internet protocols and standards Identify common vulnerabilities and countermeasures Identify specific IIS/WWW/FTP concerns Identify.

Overview: Identify the Internet protocols and standards Identify common vulnerabilities and countermeasures Identify specific IIS/WWW/FTP concerns Identify.
Network Protocols. Why Protocols?  Rules and procedures to govern communication Some for transferring data Some for transferring data Some for route.

Network Protocols. Why Protocols?  Rules and procedures to govern communication Some for transferring data Some for transferring data Some for route.
1 COP 4343 Unix System Administration Unit 15: file server – ftp – nfs.

1 COP 4343 Unix System Administration Unit 15: file server – ftp – nfs.
Network Services CSCI N321 – System and Network Administration Copyright © 2000, 2007 by Scott Orr and the Trustees of Indiana University.

Network Services CSCI N321 – System and Network Administration Copyright © 2000, 2007 by Scott Orr and the Trustees of Indiana University.
The Saigon CTT Chapter 16 Remote Connectivity. The Saigon CTT  Objectives  Explain : telnet rsh ssh  Configure FTP.

The Saigon CTT Chapter 16 Remote Connectivity. The Saigon CTT  Objectives  Explain : telnet rsh ssh  Configure FTP.
ITI-481: Unix Administration Meeting 3. Today’s Agenda Hands-on exercises with booting and software installation. Account Management Basic Network Configuration.

ITI-481: Unix Administration Meeting 3. Today’s Agenda Hands-on exercises with booting and software installation. Account Management Basic Network Configuration.
Hour 7 The Application Layer 1. What Is the Application Layer? The Application layer is the top layer in TCP/IP's protocol suite Some of the components.

Hour 7 The Application Layer 1. What Is the Application Layer? The Application layer is the top layer in TCP/IP's protocol suite Some of the components.
Linux Services Muhammad Amer. 2 xinetd Programs  In computer networking, xinetd, the eXtended InterNET Daemon, is an open-source super-server daemon.

Linux Services Muhammad Amer. 2 xinetd Programs  In computer networking, xinetd, the eXtended InterNET Daemon, is an open-source super-server daemon.

Similar presentations

Ads by Google