Presentation is loading. Please wait.

Presentation is loading. Please wait.

SUSE Linux Enterprise Server Administration (Course 3037)

Published byGarry Cunningham Modified over 9 years ago

Similar presentations

Presentation on theme: "SUSE Linux Enterprise Server Administration (Course 3037)"— Presentation transcript:

1 SUSE Linux Enterprise Server Administration (Course 3037)
Chapter 9 Enable Internet Services

2 Objectives Configure SUSE Linux Enterprise Server Time
Enable a Web Server (Apache) Enable the Extended Internet Daemon (xinetd) Enable an FTP Server SUSE Linux Enterprise Server Administration (Course 3037)

3 Configure SUSE Linux Enterprise Server Time
Objectives SUSE Linux Enterprise Server Time Overview How to Synchronize Time with hwclock and netdate What Network Time Protocol (NTP) Is How to Synchronize Time with NTP SUSE Linux Enterprise Server Administration (Course 3037)

4 SUSE Linux Enterprise Server Time Overview
Hardware clock and system clock Hardware clock Runs independently of any control program Part of the ISA standard Also called the BIOS clock or CMOS clock System time Time kept by a clock inside the Linux kernel Driven by a timer interrupt Number of seconds since 00:00:00 January 1, 1970, UTC Synchronized to the hardware clock when Linux first starts SUSE Linux Enterprise Server Administration (Course 3037)

5 SUSE Linux Enterprise Server Time Overview (continued)
Hardware clock and system clock (continued) date and adjtimex commands Adjust system time ntpd Regulates the system clock hwclock command Sets the hardware clock Linux kernel maintains local time zone for the system SUSE Linux Enterprise Server Administration (Course 3037)

6 SUSE Linux Enterprise Server Time Overview (continued)
GMT (UTC) and local time UTC (Universal Time Coordinated) Also referred to as GMT (Greenwich mean time) Variable HWCLOCK in /etc/sysconfig/clock has the value -u Local time Variable HWCLOCK has the value --localtime Time configuration files Current time (system time) is calculated using variable TIMEZONE In the file /etc/sysconfig/clock SUSE Linux Enterprise Server Administration (Course 3037)

7 SUSE Linux Enterprise Server Time Overview (continued)
Time configuration files (continued) Directory /usr/share/zoneinfo/ Database of all time zones cat /proc/driver/rtc Displays the hardware clock time SUSE Linux Enterprise Server Administration (Course 3037)

8 How to Synchronize Time with hwclock and netdate
How to use hwclock Tool for accessing the hardware clock Displays the current time Sets the hardware clock to a specified time Sets the hardware clock to the system time Sets the system time from the hardware clock Run hwclock periodically To insert or remove time from the hardware clock Uses device special file /dev/rtc SUSE Linux Enterprise Server Administration (Course 3037)

9 How to Synchronize Time with hwclock and netdate (continued)
SUSE Linux Enterprise Server Administration (Course 3037)

10 How to Synchronize Time with hwclock and netdate (continued)
How to use netdate Sets up the system time once only Syntax: netdate timeserver1 timeserver2. . . timeserver represents a time server on a network netdate client compares server times with its own time Time differences are sorted into groups and used to update time on the local server Syntax: netdate time_source Synchronizes time to a specific external time source hwclock --systohc or hwclock –w Sets the hardware clock to the system clock time SUSE Linux Enterprise Server Administration (Course 3037)

11 What Network Time Protocol (NTP) Is
Industry standard protocol Uses UDP on port 123 to communicate between time providers and time consumers NTP time provider Server that provides NTP time NTP time consumer Seeks NTP time from an NTP time provider NTP synchronizes clocks to the UTC standard Keeps track of consistent time variations SUSE Linux Enterprise Server Administration (Course 3037)

12 What Network Time Protocol (NTP) Is (continued)
Stratum Designation of the location of servers in NTP tree hierarchy NTP daemon (xntpd) Used by server and client to give and obtain time Designed to adjust time continuously Regularly correcting local computer clock on the basis of collected correction data Continuously correcting local time with the help of time servers in the network Enabling management of local reference clocks SUSE Linux Enterprise Server Administration (Course 3037)

13 What Network Time Protocol (NTP) Is (continued)
SUSE Linux Enterprise Server Administration (Course 3037)

14 What Network Time Protocol (NTP) Is (continued)
NTP terms Drift ntpd measures and corrects for incidental clock frequency error And writes the current value to a file /etc/ntp/drift Jitter Estimated time error of the peer clock How the NTP daemon works Automatically synchronizes system time With a time server on an ongoing basis SUSE Linux Enterprise Server Administration (Course 3037)

15 What Network Time Protocol (NTP) Is (continued)
How the NTP daemon works (continued) Correction takes place in small increments Synchronizations occur about once per minute Increasing gradually to once per 17 minutes Slewing NTP adjustment for small time differences Stepping NTP adjustment for large time differences NTP averages the results of several time exchanges SUSE Linux Enterprise Server Administration (Course 3037)

16 How to Synchronize Time with NTP
Start NTP from the command line Start script is /etc/init.d/xntpd Central configuration file is /etc/ntp.conf Start NTP daemon using rcxntpd start Stop NTP daemon using rcxntpd stop Restart NTP daemon using rcxntpd restart Check status using rcxntpd status Start NTP automatically when system boots insserv /etc/init.d/xntpd SUSE Linux Enterprise Server Administration (Course 3037)

17 How to Synchronize Time with NTP (continued)
Adjust the time with ntpdate Perform a one-time update of the client to the server rcxntpd stop ntpdate timeserver hwclock --systohc rcxntpd start Configure the NTP server (/etc/ntp.conf) Add following entries to /etc/ntp.conf server # local clock (LCL) fudge stratum 10 # LCL is unsynchronized SUSE Linux Enterprise Server Administration (Course 3037)

18 How to Synchronize Time with NTP (continued)
Configure the NTP server (/etc/ntp.conf) (continued) Entries for current time ## Outside source of synchronized time server ptbtime1.ptb.de server ptbtime2.ptb.de Synchronization methods Polling Broadcasting Entries including name for the drift file driftfile /var/lib/ntp/drift/ntp.drift logfile /var/log/ntp SUSE Linux Enterprise Server Administration (Course 3037)

19 How to Synchronize Time with NTP (continued)
Configure an NTP client with YaST Start YaST NTP Client module Configure NTP client to start each time you boot your system Enter an NTP server Configure your server to synchronize against multiple remote hosts Or against a locally connected clock (optional) Configure the NTP client by selecting Finish Close the YaST Control Center (optional) SUSE Linux Enterprise Server Administration (Course 3037)

20 How to Synchronize Time with NTP (continued)
SUSE Linux Enterprise Server Administration (Course 3037)

21 How to Synchronize Time with NTP (continued)
Trace the time source with ntptrace ntptrace Traces source of time that a time consumer is receiving Lists Client name Its stratum Its time offset from the local host Synchronization distance ID of the reference clock attached to a server Synchronization distance is a measure of clock accuracy SUSE Linux Enterprise Server Administration (Course 3037)

22 How to Synchronize Time with NTP (continued)
Query the NTP daemon status Enter ntpq –d to display information such as: remote refid st when poll reach delay offset jitter SUSE Linux Enterprise Server Administration (Course 3037)

23 Exercise 9-1 Configure Linux Time with NTP
In this exercise, you do the following: Part I: Check System Time and Hardware Clock Time Part II: Enable NTP Client with YaST SUSE Linux Enterprise Server Administration (Course 3037)

24 Enable a Web Server (Apache)
Objectives How a Web Server Works Apache and SUSE Linux Enterprise Server How to Configure an Apache HTTP Server with YaST SUSE Linux Enterprise Server Administration (Course 3037)

25 How a Web Server Works What a Web server is
Software program that runs on a host computer And delivers files over the Internet Lets you publish Hypertext Markup Language (HTML) documents Can also distribute many other types of files Must be physically connected to a TCP/IP-based network SUSE Linux Enterprise Server Administration (Course 3037)

26 How a Web Server Works (continued)
How a Web server labels content types Web browser relies on a Multipurpose Internet Mail Extension (MIME) header To correctly identify and display document types More than 360 MIME types are included with the Apache Web server URL components Protocol, such as ftp:// Domain, can be divided into two parts Resource, specifies full path to the resource SUSE Linux Enterprise Server Administration (Course 3037)

27 How a Web Server Works (continued)
How a Web server delivers content Web server works in a client-server relationship Client programs are usually Web browsers Client program requests information Apache then delivers the actual resource HTML pages can be stored in a directory Requests and transfers use HTTP Which is part of the TCP/IP suite of protocols Commands and data are passed to port 80 Through a TCP connection SUSE Linux Enterprise Server Administration (Course 3037)

28 Apache and SUSE Linux Enterprise Server
Installation of Apache packages Basic installation, select package apache2 Multiprocessing, install apache2-prefork or apache2-worker Documentation, install apache2-doc Development and compilation, install apache2-devel Activating Apache Activate it in the runlevel editor Test Apache entering in a Web browser SUSE Linux Enterprise Server Administration (Course 3037)

29 Apache and SUSE Linux Enterprise Server (continued)
Storing Web resource files for Apache Static Web pages Place your files in /srv/www/htdocs/ Custom CGI scripts Store custom CGI scripts in /srv/www/cgi-bin/ Log files Apache writes log messages to /var/log/apache2/access_log SUSE Linux Enterprise Server Administration (Course 3037)

30 Apache and SUSE Linux Enterprise Server (continued)
Expanding Apache functionality Apache can execute CGI scripts in diverse programming languages There are modules for secure data transmission In Apache2 almost everything is handled by means of modules Apache 2 does not necessarily need to be a Web server There is a proof-of-concept POP3 server module based on Apache SUSE Linux Enterprise Server Administration (Course 3037)

31 Apache and SUSE Linux Enterprise Server (continued)
Security guidelines for Apache Web server Limit unneeded servers Limit access to DocumentRoot Specify subdirectories for user Web content Keep updated on vulnerabilities SUSE Linux Enterprise Server Administration (Course 3037)

32 How to Configure an Apache HTTP Server with YaST
Steps Start the YaST HTTP Server module Enable the HTTP server by selecting Enabled Adapt the firewall to the ports where Apache2 listens (optional) Edit HTTP server settings View existing HTTP server logs Save the settings Close the YaST Control Center (optional) SUSE Linux Enterprise Server Administration (Course 3037)

33 How to Configure an Apache HTTP Server with YaST (continued)
SUSE Linux Enterprise Server Administration (Course 3037)

34 Exercise 9-2 Enable a Basic Apache Web Server
In this exercise, you do the following: Part I: Configure an Apache Server Part II: Test the Apache Server Configuration SUSE Linux Enterprise Server Administration (Course 3037)

35 Enable the Extended Internet Daemon (xinetd)
Objectives What inetd Is How to Configure xinetd with YaST How to Manage xinetd Manually How to Configure the TCP Wrapper SUSE Linux Enterprise Server Administration (Course 3037)

36 What inetd Is Many services are administered and started through inetd or xinetd Acts as a mediator of connection requests for a series of services Advantage Saving resources (especially memory) Disadvantage Delay occurs while the required service is loaded, started, and connected Use inetd for services that are occasionally needed SUSE Linux Enterprise Server Administration (Course 3037)

37 How to Configure xinetd with YaST
Steps Start the YaST Network Services (inetd) module Enable the inetd super daemon Configure a service to be administered by inetd Change the status of all installed services to on or off (optional) Save the configuration setting and start the inetd (or xinetd) daemon Close the YaST Control Center (optional) SUSE Linux Enterprise Server Administration (Course 3037)

38 How to Configure xinetd with YaST (continued)
SUSE Linux Enterprise Server Administration (Course 3037)

39 How to Manage xinetd Manually
Start, stop, and restart xinetd /etc/init.d/xinetd script started by xinetd insserv xinetd Automatically starts xinetd at boot rcxinetd status Verify whether daemon is activated or not rcxinetd start or rcxinetd stop Manually start and stop the xinetd daemon SUSE Linux Enterprise Server Administration (Course 3037)

40 How to Manage xinetd Manually (continued)
Configure xinetd How to Edit the File /etc/xinetd.conf Default parameters syntax defaults { key operator parameter parameter. . . } Service syntax service service_name Operators include =, -=, and += SUSE Linux Enterprise Server Administration (Course 3037)

41 How to Manage xinetd Manually (continued)
Configure xinetd (continued) How to Edit the File /etc/xinetd.conf First entry is optional and enables default configurations Other entries contain configuration for the respective network service The directory /etc/xinetd.d/ Holds configuration file for every service Directive includedir /etc/xinetd.d Prompts xinetd to interpret all files in this directory Using separate files improves transparency SUSE Linux Enterprise Server Administration (Course 3037)

42 How to Manage xinetd Manually (continued)
SUSE Linux Enterprise Server Administration (Course 3037)

43 How to Manage xinetd Manually (continued)
Configure xinetd (continued) Internal services example # /etc/xinet.d/echo # default: off # description: An echo server. This is the tcp version. service echo { type = INTERNAL id = echo-stream socket_type = stream protocol = tcp user = root wait = no disable = yes } SUSE Linux Enterprise Server Administration (Course 3037)

44 How to Manage xinetd Manually (continued)
SUSE Linux Enterprise Server Administration (Course 3037)

45 How to Manage xinetd Manually (continued)
Configure access control Parameters only_from Defines which hosts can use which service no_access Defines which hosts can be excluded from access access_time Defines at which times the service is available disabled Completely shuts off a server Can only be used in the defaults section SUSE Linux Enterprise Server Administration (Course 3037)

46 How to Manage xinetd Manually (continued)
Configure log files Record failed and unauthorized connection attempts Shut off a service but still retain its logging functions Configure only_from without using any additional parameters Logging through xinetd is controlled by the log_type statement Along with the attributes log_on_success and log_on_failure Log the circumstances of how and why the network service was used SUSE Linux Enterprise Server Administration (Course 3037)

47 How to Configure the TCP Wrapper
The role of the tcpd daemon Regulates access to inetd services Wrapper acts as a filter Steps Logs name and address of requesting host Verifies if the request is permitted Starts the corresponding daemon Then the wrapper is deleted from memory After an authorized server has started It can accept additional connections Without consulting the wrapper SUSE Linux Enterprise Server Administration (Course 3037)

48 How to Configure the TCP Wrapper (continued)
How to configure access controls Edit /etc/hosts.allow and /etc/hosts.deny files Files syntax: daemon: host [: option : option ...] Examples /etc/hosts.allow: ALL: pluto.example.com ALL EXCEPT vsftpd: mars.example.com vsftpd: andromeda.example.com /etc/hosts.deny: ALL: ALL SUSE Linux Enterprise Server Administration (Course 3037)

49 How to Configure the TCP Wrapper (continued)
SUSE Linux Enterprise Server Administration (Course 3037)

50 How to Configure the TCP Wrapper (continued)
SUSE Linux Enterprise Server Administration (Course 3037)

51 How to Configure the TCP Wrapper (continued)
How to check the TCP wrapper Use tcpdchk command tcpdmatch command Provides information about how tcpd would handle various types of access attempts Moles and trappers You can enter shell commands in the configuration files To be executed when request matches a pattern Example ALL: ALL: spawn echo "Access of to %d" >> /var/log/net.log SUSE Linux Enterprise Server Administration (Course 3037)

52 How to Configure the TCP Wrapper (continued)
SUSE Linux Enterprise Server Administration (Course 3037)

53 Exercise 9-3 Configure the Internet Daemon (xinetd) and TCP Wrappers
In this exercise, you do the following: Part I: Enable xinetd Services with YaST Part II: Enable xinetd Services Manually Part III: Configure TCP Wrappers SUSE Linux Enterprise Server Administration (Course 3037)

54 Enable an FTP Server Objectives The Role of an FTP Server
How FTP Works Advantages of PureFTPd Server How to Install and Run PureFTPd Server How to Configure PureFTPd Server SUSE Linux Enterprise Server Administration (Course 3037)

55 The Role of an FTP Server
Basic features: Sending, receiving, deleting, and renaming files Creating, deleting, and changing directories Transferring data in binary or ASCII mode Allows accesses after authentication against a password database These are the files /etc/passwd and /etc/shadow PureFTPd supports authentication against its own password database Guest access can be set up as anonymous FTP SUSE Linux Enterprise Server Administration (Course 3037)

56 How FTP Works Uses two TCP connections Types of data transfer
One sends FTP command (port 21) Second connection is created when a file is ready for transfer Types of data transfer Active data transfer FTP client offers FTP server an unprivileged TCP port for data channel connection (port 20) Passive data transfer FTP server offers FTP client an unprivileged TCP port for a data channel connection SUSE Linux Enterprise Server Administration (Course 3037)

57 Advantages of PureFTPd Server
PureFTPd features: Consistent use of chroot environments Uncomplicated configuration of virtual FTP servers Virtual users independent of the system users listed in the file /etc/passwd Configuration via command-line parameters or with a configuration file SUSE Linux Enterprise Server Administration (Course 3037)

58 How to Install and Run PureFTPd Server
Use YaST Install and Remove Software module To install the PureFTPd server /etc/pure-ftpd/pure-ftpd.conf Configuration file Run PureFTPd server From the command line Enter pure-ftpd options From a start script Enter /etc/init.d/pure-ftpd start (or rcpure-ftpd start) Enter rcpure-ftpd stop to stop the service SUSE Linux Enterprise Server Administration (Course 3037)

59 How to Install and Run PureFTPd Server (continued)
From a start script insserv /etc/init.d/pure-ftpd to initialize pure-ftp upon start-up From inet.d Add a corresponding entry to the file /etc/inetd.conf Example: ftp stream tcp nowait root /usr/sbin/tcpd pure-ftpd -A -i SUSE Linux Enterprise Server Administration (Course 3037)

60 How to Configure PureFTPd Server
How to configure anonymous FTP You need to have an FTP user and home directory in the file /etc/passwd You do not need to create any subdirectories You can also use command pure-ftp Files uploaded to the server belong to the user ftp How to configure FTP with virtual hosts for anonymous FTP Virtual FTP hosts allow a number of FTP sites to be hosted on one machine SUSE Linux Enterprise Server Administration (Course 3037)

61 How to Configure PureFTPd Server (continued)
How to configure FTP with virtual hosts for anonymous FTP (continued) Create virtual network devices Using ifconfig Create symbolic link in /etc/pure-ftpd/ How to configure FTP for authorized users Important for those who are hosting Web sites Use pure-ftpd command pure-ftpd -A –E pure-ftpd -a 500 -E SUSE Linux Enterprise Server Administration (Course 3037)

62 How to Configure PureFTPd Server (continued)
How to configure FTP with virtual users not included in /etc/passwd PureFTP users are separated from system users And can only access the system by FTP Administer PureFTPd users in a separate database Create a system user with useradd Create the FTP users with pure-pw Specify options such as quotas or size limits in MB Regenerate password file using pure-pw mkdb Start PureFTPd with -j SUSE Linux Enterprise Server Administration (Course 3037)

63 How to Manage PureFTPd Logs
PureFTPd sends messages to the syslog daemon PureFTPd can also write its own log files Use option -O format:logfile Format can be clf, stats, or w3c You can also modify PureFTP configuration file SUSE Linux Enterprise Server Administration (Course 3037)

64 Exercise 9-4 Configure Anonymous PureFTPd Access
In this exercise, you will configure anonymous PureFTPd access SUSE Linux Enterprise Server Administration (Course 3037)

65 Summary System time is maintained by the interrupt timer
And obtained from the computer hardware clock netdate utility Synchronizes system time With that of another computer on the network NTP Accurately coordinates system time on your network NTP automatically adjusts for local time drift To configure NTP, you may use YaST Or edit the /etc/ntp.conf file SUSE Linux Enterprise Server Administration (Course 3037)

66 Summary (continued) Apache Web server (httpd)
The most common Web server on Linux systems Internet Super Daemon (inetd) or Extended Internet Super Daemon (xinetd) Used to start some network daemons TCP wrapper daemon (tcpd) Used with inetd or xinetd to provide additional security File Transfer Protocol (FTP) Main TCP/IP protocol to transfer files across the Internet SUSE Linux Enterprise Server Administration (Course 3037)

67 Summary (continued) PureFTPd server Configure PureFTPd
Installed and used on SLES to provide FTP services to clients Configure PureFTPd Use pure-ftpd command Or entries in the /etc/pure-ftpd/pure-ftpd.conf file SUSE Linux Enterprise Server Administration (Course 3037)

Download ppt "SUSE Linux Enterprise Server Administration (Course 3037)"

Similar presentations

1 Configuring Internet- related services (April 22, 2015) © Abdou Illia, Spring 2015.

1 Configuring Internet- related services (April 22, 2015) © Abdou Illia, Spring 2015.
1 Linux Networking and Security Chapter 2. 2 Configuring Basic Networking Describe how networking devices differ from other Linux devices Configure Linux.

1 Linux Networking and Security Chapter 2. 2 Configuring Basic Networking Describe how networking devices differ from other Linux devices Configure Linux.
1 Configuring Web services (Week 15, Monday 4/17/2006) © Abdou Illia, Spring 2006.

1 Configuring Web services (Week 15, Monday 4/17/2006) © Abdou Illia, Spring 2006.
Introduction to Web Database Processing

Introduction to Web Database Processing
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 8: Implementing and Managing Printers.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 8: Implementing and Managing Printers.
How Clients and Servers Work Together. Objectives Learn about the interaction of clients and servers Explore the features and functions of Web servers.

How Clients and Servers Work Together. Objectives Learn about the interaction of clients and servers Explore the features and functions of Web servers.
Apache : Installation, Configuration, Basic Security Presented by, Sandeep K Thopucherela, ECE Department.

Apache : Installation, Configuration, Basic Security Presented by, Sandeep K Thopucherela, ECE Department.
Linux Networking CIS230.0325. Why Linux/Unix? Configurability ▫Customizable System to satisfy unique needs. Scalability ▫Able to serve an increasing number.

Linux Networking CIS Why Linux/Unix? Configurability ▫Customizable System to satisfy unique needs. Scalability ▫Able to serve an increasing number.
1 Chapter Overview Introduction to Windows XP Professional Printing Setting Up Network Printers Connecting to Network Printers Configuring Network Printers.

1 Chapter Overview Introduction to Windows XP Professional Printing Setting Up Network Printers Connecting to Network Printers Configuring Network Printers.
Hands-On Microsoft Windows Server 2008 Chapter 8 Managing Windows Server 2008 Network Services.

Hands-On Microsoft Windows Server 2008 Chapter 8 Managing Windows Server 2008 Network Services.
Sharepoint Portal Server Basics. Introduction Sharepoint server belongs to Microsoft family of servers Integrated suite of server capabilities Hosted.

Sharepoint Portal Server Basics. Introduction Sharepoint server belongs to Microsoft family of servers Integrated suite of server capabilities Hosted.
Linux Operations and Administration

Linux Operations and Administration
SUSE Linux Enterprise Server Administration (Course 3037) Chapter 7 Connect the SUSE Linux Enterprise Server to the Network.

SUSE Linux Enterprise Server Administration (Course 3037) Chapter 7 Connect the SUSE Linux Enterprise Server to the Network.
2440: 141 Web Site Administration Remote Web Server Access Tools Instructor: Enoch E. Damson.

2440: 141 Web Site Administration Remote Web Server Access Tools Instructor: Enoch E. Damson.
176 Introduction to Network Time Protocol (NTP) Version A.01 H3065S Module 15 Slides.

176 Introduction to Network Time Protocol (NTP) Version A.01 H3065S Module 15 Slides.
SUSE Linux Enterprise Desktop Administration Chapter 1 Install SUSE Linux Enterprise Desktop 10.

SUSE Linux Enterprise Desktop Administration Chapter 1 Install SUSE Linux Enterprise Desktop 10.
INTRODUCTION TO WEB DATABASE PROGRAMMING

INTRODUCTION TO WEB DATABASE PROGRAMMING
 2000 Deitel & Associates, Inc. All rights reserved. Chapter 24 – Web Servers (PWS, IIS, Apache, Jigsaw) Outline 24.1Introduction 24.2Microsoft Personal.

 2000 Deitel & Associates, Inc. All rights reserved. Chapter 24 – Web Servers (PWS, IIS, Apache, Jigsaw) Outline 24.1Introduction 24.2Microsoft Personal.
Web Servers Web server software is a product that works with the operating system The server computer can run more than one software product such as e-mail.

Web Servers Web server software is a product that works with the operating system The server computer can run more than one software product such as .
Hands-On Microsoft Windows Server 2008

Hands-On Microsoft Windows Server 2008

Similar presentations

Ads by Google