SUSE Linux Enterprise Server Administration (Course 3037)

2,172 views
2,080 views

Published on

0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
2,172
On SlideShare
0
From Embeds
0
Number of Embeds
18
Actions
Shares
0
Downloads
62
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

SUSE Linux Enterprise Server Administration (Course 3037)

  1. 1. SUSE Linux Enterprise Server Administration (Course 3037) Chapter 9 Enable Internet Services
  2. 2. Objectives <ul><li>Configure SUSE Linux Enterprise Server Time </li></ul><ul><li>Enable a Web Server (Apache) </li></ul><ul><li>Enable the Extended Internet Daemon (xinetd) </li></ul><ul><li>Enable an FTP Server </li></ul>
  3. 3. Configure SUSE Linux Enterprise Server Time <ul><li>Objectives </li></ul><ul><ul><li>SUSE Linux Enterprise Server Time Overview </li></ul></ul><ul><ul><li>How to Synchronize Time with hwclock and netdate </li></ul></ul><ul><ul><li>What Network Time Protocol (NTP) Is </li></ul></ul><ul><ul><li>How to Synchronize Time with NTP </li></ul></ul>
  4. 4. SUSE Linux Enterprise Server Time Overview <ul><li>Hardware clock and system clock </li></ul><ul><ul><li>Hardware clock </li></ul></ul><ul><ul><ul><li>Runs independently of any control program </li></ul></ul></ul><ul><ul><ul><li>Part of the ISA standard </li></ul></ul></ul><ul><ul><ul><li>Also called the BIOS clock or CMOS clock </li></ul></ul></ul><ul><ul><li>System time </li></ul></ul><ul><ul><ul><li>Time kept by a clock inside the Linux kernel </li></ul></ul></ul><ul><ul><ul><li>Driven by a timer interrupt </li></ul></ul></ul><ul><ul><ul><li>Number of seconds since 00:00:00 January 1, 1970, UTC </li></ul></ul></ul><ul><ul><ul><li>Synchronized to the hardware clock when Linux first starts </li></ul></ul></ul>
  5. 5. SUSE Linux Enterprise Server Time Overview (continued) <ul><li>Hardware clock and system clock (continued) </li></ul><ul><ul><li>date and adjtimex commands </li></ul></ul><ul><ul><ul><li>Adjust system time </li></ul></ul></ul><ul><ul><li>ntpd </li></ul></ul><ul><ul><ul><li>Regulates the system clock </li></ul></ul></ul><ul><ul><li>hwclock command </li></ul></ul><ul><ul><ul><li>Sets the hardware clock </li></ul></ul></ul><ul><ul><li>Linux kernel maintains local time zone for the system </li></ul></ul>
  6. 6. SUSE Linux Enterprise Server Time Overview (continued) <ul><li>GMT (UTC) and local time </li></ul><ul><ul><li>UTC (Universal Time Coordinated) </li></ul></ul><ul><ul><ul><li>Also referred to as GMT (Greenwich mean time) </li></ul></ul></ul><ul><ul><ul><li>Variable HWCLOCK in /etc/sysconfig/clock has the value -u </li></ul></ul></ul><ul><ul><li>Local time </li></ul></ul><ul><ul><ul><li>Variable HWCLOCK has the value --localtime </li></ul></ul></ul><ul><li>Time configuration files </li></ul><ul><ul><li>Current time (system time) is calculated using variable TIMEZONE </li></ul></ul><ul><ul><ul><li>In the file /etc/sysconfig/clock </li></ul></ul></ul>
  7. 7. SUSE Linux Enterprise Server Time Overview (continued) <ul><li>Time configuration files (continued) </li></ul><ul><ul><li>Directory /usr/share/zoneinfo/ </li></ul></ul><ul><ul><ul><li>Database of all time zones </li></ul></ul></ul><ul><ul><li>cat /proc/driver/rtc </li></ul></ul><ul><ul><ul><li>Displays the hardware clock time </li></ul></ul></ul>
  8. 8. How to Synchronize Time with hwclock and netdate <ul><li>How to use hwclock </li></ul><ul><ul><li>Tool for accessing the hardware clock </li></ul></ul><ul><ul><li>Displays the current time </li></ul></ul><ul><ul><li>Sets the hardware clock to a specified time </li></ul></ul><ul><ul><li>Sets the hardware clock to the system time </li></ul></ul><ul><ul><li>Sets the system time from the hardware clock </li></ul></ul><ul><ul><li>Run hwclock periodically </li></ul></ul><ul><ul><ul><li>To insert or remove time from the hardware clock </li></ul></ul></ul><ul><ul><li>Uses device special file /dev/rtc </li></ul></ul>
  9. 9. How to Synchronize Time with hwclock and netdate (continued)
  10. 10. How to Synchronize Time with hwclock and netdate (continued) <ul><li>How to use netdate </li></ul><ul><ul><li>Sets up the system time once only </li></ul></ul><ul><ul><li>Syntax: netdate timeserver1 timeserver2. . . </li></ul></ul><ul><ul><ul><li>timeserver represents a time server on a network </li></ul></ul></ul><ul><ul><ul><li>netdate client compares server times with its own time </li></ul></ul></ul><ul><ul><ul><li>Time differences are sorted into groups and used to update time on the local server </li></ul></ul></ul><ul><ul><li>Syntax: netdate time_source </li></ul></ul><ul><ul><ul><li>Synchronizes time to a specific external time source </li></ul></ul></ul><ul><ul><li>hwclock --systohc or hwclock –w </li></ul></ul><ul><ul><ul><li>Sets the hardware clock to the system clock time </li></ul></ul></ul>
  11. 11. What Network Time Protocol (NTP) Is <ul><li>NTP </li></ul><ul><ul><li>Industry standard protocol </li></ul></ul><ul><ul><li>Uses UDP on port 123 to communicate between time providers and time consumers </li></ul></ul><ul><ul><li>NTP time provider </li></ul></ul><ul><ul><ul><li>Server that provides NTP time </li></ul></ul></ul><ul><ul><li>NTP time consumer </li></ul></ul><ul><ul><ul><li>Seeks NTP time from an NTP time provider </li></ul></ul></ul><ul><ul><li>NTP synchronizes clocks to the UTC standard </li></ul></ul><ul><ul><li>Keeps track of consistent time variations </li></ul></ul>
  12. 12. What Network Time Protocol (NTP) Is (continued) <ul><li>Stratum </li></ul><ul><ul><li>Designation of the location of servers in NTP tree hierarchy </li></ul></ul><ul><li>NTP daemon (xntpd) </li></ul><ul><ul><li>Used by server and client to give and obtain time </li></ul></ul><ul><ul><li>Designed to adjust time continuously </li></ul></ul><ul><ul><ul><li>Regularly correcting local computer clock on the basis of collected correction data </li></ul></ul></ul><ul><ul><ul><li>Continuously correcting local time with the help of time servers in the network </li></ul></ul></ul><ul><ul><ul><li>Enabling management of local reference clocks </li></ul></ul></ul>
  13. 13. What Network Time Protocol (NTP) Is (continued)
  14. 14. What Network Time Protocol (NTP) Is (continued) <ul><li>NTP terms </li></ul><ul><ul><li>Drift </li></ul></ul><ul><ul><ul><li>ntpd measures and corrects for incidental clock frequency error </li></ul></ul></ul><ul><ul><ul><ul><li>And writes the current value to a file /etc/ntp/drift </li></ul></ul></ul></ul><ul><ul><li>Jitter </li></ul></ul><ul><ul><ul><li>Estimated time error of the peer clock </li></ul></ul></ul><ul><li>How the NTP daemon works </li></ul><ul><ul><li>Automatically synchronizes system time </li></ul></ul><ul><ul><ul><li>With a time server on an ongoing basis </li></ul></ul></ul>
  15. 15. What Network Time Protocol (NTP) Is (continued) <ul><li>How the NTP daemon works (continued) </li></ul><ul><ul><li>Correction takes place in small increments </li></ul></ul><ul><ul><li>Synchronizations occur about once per minute </li></ul></ul><ul><ul><ul><li>Increasing gradually to once per 17 minutes </li></ul></ul></ul><ul><ul><li>Slewing </li></ul></ul><ul><ul><ul><li>NTP adjustment for small time differences </li></ul></ul></ul><ul><ul><li>Stepping </li></ul></ul><ul><ul><ul><li>NTP adjustment for large time differences </li></ul></ul></ul><ul><ul><li>NTP averages the results of several time exchanges </li></ul></ul>
  16. 16. How to Synchronize Time with NTP <ul><li>Start NTP from the command line </li></ul><ul><ul><li>Start script is /etc/init.d/xntpd </li></ul></ul><ul><ul><li>Central configuration file is /etc/ntp.conf </li></ul></ul><ul><ul><li>Start NTP daemon using rcxntpd start </li></ul></ul><ul><ul><li>Stop NTP daemon using rcxntpd stop </li></ul></ul><ul><ul><li>Restart NTP daemon using rcxntpd restart </li></ul></ul><ul><ul><li>Check status using rcxntpd status </li></ul></ul><ul><ul><li>Start NTP automatically when system boots </li></ul></ul><ul><ul><ul><li>insserv /etc/init.d/xntpd </li></ul></ul></ul>
  17. 17. How to Synchronize Time with NTP (continued) <ul><li>Adjust the time with ntpdate </li></ul><ul><ul><li>Perform a one-time update of the client to the server </li></ul></ul><ul><ul><ul><li>rcxntpd stop </li></ul></ul></ul><ul><ul><ul><li>ntpdate timeserver </li></ul></ul></ul><ul><ul><ul><li>hwclock --systohc </li></ul></ul></ul><ul><ul><ul><li>rcxntpd start </li></ul></ul></ul><ul><li>Configure the NTP server (/etc/ntp.conf) </li></ul><ul><ul><li>Add following entries to /etc/ntp.conf </li></ul></ul><ul><ul><ul><li>server 127.127.1.0 # local clock (LCL) </li></ul></ul></ul><ul><ul><ul><li>fudge 127.127.1.0 stratum 10 # LCL is unsynchronized </li></ul></ul></ul>
  18. 18. How to Synchronize Time with NTP (continued) <ul><li>Configure the NTP server (/etc/ntp.conf) (continued) </li></ul><ul><ul><li>Entries for current time </li></ul></ul><ul><ul><ul><li>## Outside source of synchronized time </li></ul></ul></ul><ul><ul><ul><li>server ptbtime1.ptb.de </li></ul></ul></ul><ul><ul><ul><li>server ptbtime2.ptb.de </li></ul></ul></ul><ul><ul><li>Synchronization methods </li></ul></ul><ul><ul><ul><li>Polling </li></ul></ul></ul><ul><ul><ul><li>Broadcasting </li></ul></ul></ul><ul><ul><li>Entries including name for the drift file </li></ul></ul><ul><ul><ul><li>driftfile /var/lib/ntp/drift/ntp.drift </li></ul></ul></ul><ul><ul><ul><li>logfile /var/log/ntp </li></ul></ul></ul>
  19. 19. How to Synchronize Time with NTP (continued) <ul><li>Configure an NTP client with YaST </li></ul><ul><ul><li>Start YaST NTP Client module </li></ul></ul><ul><ul><li>Configure NTP client to start each time you boot your system </li></ul></ul><ul><ul><li>Enter an NTP server </li></ul></ul><ul><ul><li>Configure your server to synchronize against multiple remote hosts </li></ul></ul><ul><ul><ul><li>Or against a locally connected clock (optional) </li></ul></ul></ul><ul><ul><li>Configure the NTP client by selecting Finish </li></ul></ul><ul><ul><li>Close the YaST Control Center (optional) </li></ul></ul>
  20. 20. How to Synchronize Time with NTP (continued)
  21. 21. How to Synchronize Time with NTP (continued) <ul><li>Trace the time source with ntptrace </li></ul><ul><ul><li>ntptrace </li></ul></ul><ul><ul><ul><li>Traces source of time that a time consumer is receiving </li></ul></ul></ul><ul><ul><ul><li>Lists </li></ul></ul></ul><ul><ul><ul><ul><li>Client name </li></ul></ul></ul></ul><ul><ul><ul><ul><li>Its stratum </li></ul></ul></ul></ul><ul><ul><ul><ul><li>Its time offset from the local host </li></ul></ul></ul></ul><ul><ul><ul><ul><li>Synchronization distance </li></ul></ul></ul></ul><ul><ul><ul><ul><li>ID of the reference clock attached to a server </li></ul></ul></ul></ul><ul><ul><li>Synchronization distance is a measure of clock accuracy </li></ul></ul>
  22. 22. How to Synchronize Time with NTP (continued) <ul><li>Query the NTP daemon status </li></ul><ul><ul><li>Enter ntpq –d to display information such as: </li></ul></ul><ul><ul><ul><li>remote </li></ul></ul></ul><ul><ul><ul><li>refid </li></ul></ul></ul><ul><ul><ul><li>st </li></ul></ul></ul><ul><ul><ul><li>when </li></ul></ul></ul><ul><ul><ul><li>poll </li></ul></ul></ul><ul><ul><ul><li>reach </li></ul></ul></ul><ul><ul><ul><li>delay </li></ul></ul></ul><ul><ul><ul><li>offset </li></ul></ul></ul><ul><ul><ul><li>jitter </li></ul></ul></ul>
  23. 23. Exercise 9-1 Configure Linux Time with NTP <ul><li>In this exercise, you do the following: </li></ul><ul><ul><li>Part I: Check System Time and Hardware Clock Time </li></ul></ul><ul><ul><li>Part II: Enable NTP Client with YaST </li></ul></ul>
  24. 24. Enable a Web Server (Apache) <ul><li>Objectives </li></ul><ul><ul><li>How a Web Server Works </li></ul></ul><ul><ul><li>Apache and SUSE Linux Enterprise Server </li></ul></ul><ul><ul><li>How to Configure an Apache HTTP Server with YaST </li></ul></ul>
  25. 25. How a Web Server Works <ul><li>What a Web server is </li></ul><ul><ul><li>Software program that runs on a host computer </li></ul></ul><ul><ul><ul><li>And delivers files over the Internet </li></ul></ul></ul><ul><ul><li>Lets you publish Hypertext Markup Language (HTML) documents </li></ul></ul><ul><ul><li>Can also distribute many other types of files </li></ul></ul><ul><ul><li>Must be physically connected to a TCP/IP-based network </li></ul></ul>
  26. 26. How a Web Server Works (continued) <ul><li>How a Web server labels content types </li></ul><ul><ul><li>Web browser relies on a Multipurpose Internet Mail Extension (MIME) header </li></ul></ul><ul><ul><ul><li>To correctly identify and display document types </li></ul></ul></ul><ul><ul><li>More than 360 MIME types are included with the Apache Web server </li></ul></ul><ul><li>URL components </li></ul><ul><ul><li>Protocol, such as http://, https://, ftp:// </li></ul></ul><ul><ul><li>Domain, can be divided into two parts </li></ul></ul><ul><ul><li>Resource, specifies full path to the resource </li></ul></ul>
  27. 27. How a Web Server Works (continued) <ul><li>How a Web server delivers content </li></ul><ul><ul><li>Web server works in a client-server relationship </li></ul></ul><ul><ul><ul><li>Client programs are usually Web browsers </li></ul></ul></ul><ul><ul><li>Client program requests information </li></ul></ul><ul><ul><ul><li>Apache then delivers the actual resource </li></ul></ul></ul><ul><ul><li>HTML pages can be stored in a directory </li></ul></ul><ul><ul><li>Requests and transfers use HTTP </li></ul></ul><ul><ul><ul><li>Which is part of the TCP/IP suite of protocols </li></ul></ul></ul><ul><ul><li>Commands and data are passed to port 80 </li></ul></ul><ul><ul><ul><li>Through a TCP connection </li></ul></ul></ul>
  28. 28. Apache and SUSE Linux Enterprise Server <ul><li>Installation of Apache packages </li></ul><ul><ul><li>Basic installation, select package apache2 </li></ul></ul><ul><ul><li>Multiprocessing, install apache2-prefork or apache2-worker </li></ul></ul><ul><ul><li>Documentation, install apache2-doc </li></ul></ul><ul><ul><li>Development and compilation, install apache2-devel </li></ul></ul><ul><li>Activating Apache </li></ul><ul><ul><li>Activate it in the runlevel editor </li></ul></ul><ul><ul><li>Test Apache entering http://localhost/ in a Web browser </li></ul></ul>
  29. 29. Apache and SUSE Linux Enterprise Server (continued) <ul><li>Storing Web resource files for Apache </li></ul><ul><ul><li>Static Web pages </li></ul></ul><ul><ul><ul><li>Place your files in /srv/www/htdocs/ </li></ul></ul></ul><ul><ul><li>Custom CGI scripts </li></ul></ul><ul><ul><ul><li>Store custom CGI scripts in /srv/www/cgi-bin/ </li></ul></ul></ul><ul><ul><li>Log files </li></ul></ul><ul><ul><ul><li>Apache writes log messages to /var/log/apache2/access_log </li></ul></ul></ul>
  30. 30. Apache and SUSE Linux Enterprise Server (continued) <ul><li>Expanding Apache functionality </li></ul><ul><ul><li>Apache can execute CGI scripts in diverse programming languages </li></ul></ul><ul><ul><li>There are modules for secure data transmission </li></ul></ul><ul><ul><li>In Apache2 almost everything is handled by means of modules </li></ul></ul><ul><ul><li>Apache 2 does not necessarily need to be a Web server </li></ul></ul><ul><ul><ul><li>There is a proof-of-concept POP3 server module based on Apache </li></ul></ul></ul>
  31. 31. Apache and SUSE Linux Enterprise Server (continued) <ul><li>Security guidelines for Apache Web server </li></ul><ul><ul><li>Limit unneeded servers </li></ul></ul><ul><ul><li>Limit access to DocumentRoot </li></ul></ul><ul><ul><li>Specify subdirectories for user Web content </li></ul></ul><ul><ul><li>Keep updated on vulnerabilities </li></ul></ul>
  32. 32. How to Configure an Apache HTTP Server with YaST <ul><li>Steps </li></ul><ul><ul><li>Start the YaST HTTP Server module </li></ul></ul><ul><ul><li>Enable the HTTP server by selecting Enabled </li></ul></ul><ul><ul><li>Adapt the firewall to the ports where Apache2 listens (optional) </li></ul></ul><ul><ul><li>Edit HTTP server settings </li></ul></ul><ul><ul><li>View existing HTTP server logs </li></ul></ul><ul><ul><li>Save the settings </li></ul></ul><ul><ul><li>Close the YaST Control Center (optional) </li></ul></ul>
  33. 33. How to Configure an Apache HTTP Server with YaST (continued)
  34. 34. Exercise 9-2 Enable a Basic Apache Web Server <ul><li>In this exercise, you do the following: </li></ul><ul><ul><li>Part I: Configure an Apache Server </li></ul></ul><ul><ul><li>Part II: Test the Apache Server Configuration </li></ul></ul>
  35. 35. Enable the Extended Internet Daemon (xinetd) <ul><li>Objectives </li></ul><ul><ul><li>What inetd Is </li></ul></ul><ul><ul><li>How to Configure xinetd with YaST </li></ul></ul><ul><ul><li>How to Manage xinetd Manually </li></ul></ul><ul><ul><li>How to Configure the TCP Wrapper </li></ul></ul>
  36. 36. What inetd Is <ul><li>Many services are administered and started through inetd or xinetd </li></ul><ul><li>Acts as a mediator of connection requests for a series of services </li></ul><ul><li>Advantage </li></ul><ul><ul><li>Saving resources (especially memory) </li></ul></ul><ul><li>Disadvantage </li></ul><ul><ul><li>Delay occurs while the required service is loaded, started, and connected </li></ul></ul><ul><li>Use inetd for services that are occasionally needed </li></ul>
  37. 37. How to Configure xinetd with YaST <ul><li>Steps </li></ul><ul><ul><li>Start the YaST Network Services (inetd) module </li></ul></ul><ul><ul><li>Enable the inetd super daemon </li></ul></ul><ul><ul><li>Configure a service to be administered by inetd </li></ul></ul><ul><ul><li>Change the status of all installed services to on or off (optional) </li></ul></ul><ul><ul><li>Save the configuration setting and start the inetd (or xinetd) daemon </li></ul></ul><ul><ul><li>Close the YaST Control Center (optional) </li></ul></ul>
  38. 38. How to Configure xinetd with YaST (continued)
  39. 39. How to Manage xinetd Manually <ul><li>Start, stop, and restart xinetd </li></ul><ul><ul><li>/etc/init.d/xinetd script started by xinetd </li></ul></ul><ul><ul><li>insserv xinetd </li></ul></ul><ul><ul><ul><li>Automatically starts xinetd at boot </li></ul></ul></ul><ul><ul><li>rcxinetd status </li></ul></ul><ul><ul><ul><li>Verify whether daemon is activated or not </li></ul></ul></ul><ul><ul><li>rcxinetd start or rcxinetd stop </li></ul></ul><ul><ul><ul><li>Manually start and stop the xinetd daemon </li></ul></ul></ul>
  40. 40. How to Manage xinetd Manually (continued) <ul><li>Configure xinetd </li></ul><ul><ul><li>How to Edit the File /etc/xinetd.conf </li></ul></ul><ul><ul><ul><li>Default parameters syntax </li></ul></ul></ul><ul><ul><ul><ul><li>defaults </li></ul></ul></ul></ul><ul><ul><ul><ul><li>{ </li></ul></ul></ul></ul><ul><ul><ul><ul><li>key operator parameter parameter . . . </li></ul></ul></ul></ul><ul><ul><ul><ul><li>} </li></ul></ul></ul></ul><ul><ul><ul><li>Service syntax </li></ul></ul></ul><ul><ul><ul><ul><li>service service_name </li></ul></ul></ul></ul><ul><ul><ul><ul><li>{ </li></ul></ul></ul></ul><ul><ul><ul><ul><li>key operator parameter parameter. . . </li></ul></ul></ul></ul><ul><ul><ul><ul><li>} </li></ul></ul></ul></ul><ul><ul><li>Operators include =, -=, and += </li></ul></ul>
  41. 41. How to Manage xinetd Manually (continued) <ul><li>Configure xinetd (continued) </li></ul><ul><ul><li>How to Edit the File /etc/xinetd.conf </li></ul></ul><ul><ul><ul><li>First entry is optional and enables default configurations </li></ul></ul></ul><ul><ul><ul><li>Other entries contain configuration for the respective network service </li></ul></ul></ul><ul><ul><li>The directory /etc/xinetd.d/ </li></ul></ul><ul><ul><ul><li>Holds configuration file for every service </li></ul></ul></ul><ul><ul><ul><li>Directive includedir /etc/xinetd.d </li></ul></ul></ul><ul><ul><ul><ul><li>Prompts xinetd to interpret all files in this directory </li></ul></ul></ul></ul><ul><ul><ul><li>Using separate files improves transparency </li></ul></ul></ul>
  42. 42. How to Manage xinetd Manually (continued)
  43. 43. How to Manage xinetd Manually (continued) <ul><li>Configure xinetd (continued) </li></ul><ul><ul><li>Internal services example </li></ul></ul><ul><ul><ul><li># /etc/xinet.d/echo </li></ul></ul></ul><ul><ul><ul><li># default: off </li></ul></ul></ul><ul><ul><ul><li># description: An echo server. This is the tcp version. </li></ul></ul></ul><ul><ul><ul><li>service echo </li></ul></ul></ul><ul><ul><ul><li>{ </li></ul></ul></ul><ul><ul><ul><li>type = INTERNAL </li></ul></ul></ul><ul><ul><ul><li>id = echo-stream </li></ul></ul></ul><ul><ul><ul><li>socket_type = stream </li></ul></ul></ul><ul><ul><ul><li>protocol = tcp </li></ul></ul></ul><ul><ul><ul><li>user = root </li></ul></ul></ul><ul><ul><ul><li>wait = no </li></ul></ul></ul><ul><ul><ul><li>disable = yes </li></ul></ul></ul><ul><ul><ul><li>} </li></ul></ul></ul>
  44. 44. How to Manage xinetd Manually (continued)
  45. 45. How to Manage xinetd Manually (continued) <ul><li>Configure access control </li></ul><ul><ul><li>Parameters </li></ul></ul><ul><ul><ul><li>only_from </li></ul></ul></ul><ul><ul><ul><ul><li>Defines which hosts can use which service </li></ul></ul></ul></ul><ul><ul><ul><li>no_access </li></ul></ul></ul><ul><ul><ul><ul><li>Defines which hosts can be excluded from access </li></ul></ul></ul></ul><ul><ul><ul><li>access_time </li></ul></ul></ul><ul><ul><ul><ul><li>Defines at which times the service is available </li></ul></ul></ul></ul><ul><ul><ul><li>disabled </li></ul></ul></ul><ul><ul><ul><ul><li>Completely shuts off a server </li></ul></ul></ul></ul><ul><ul><ul><ul><li>Can only be used in the defaults section </li></ul></ul></ul></ul>
  46. 46. How to Manage xinetd Manually (continued) <ul><li>Configure log files </li></ul><ul><ul><li>Record failed and unauthorized connection attempts </li></ul></ul><ul><ul><li>Shut off a service but still retain its logging functions </li></ul></ul><ul><ul><ul><li>Configure only_from without using any additional parameters </li></ul></ul></ul><ul><ul><li>Logging through xinetd is controlled by the log_type statement </li></ul></ul><ul><ul><ul><li>Along with the attributes log_on_success and log_on_failure </li></ul></ul></ul><ul><ul><li>Log the circumstances of how and why the network service was used </li></ul></ul>
  47. 47. How to Configure the TCP Wrapper <ul><li>The role of the tcpd daemon </li></ul><ul><ul><li>Regulates access to inetd services </li></ul></ul><ul><ul><li>Wrapper acts as a filter </li></ul></ul><ul><ul><li>Steps </li></ul></ul><ul><ul><ul><li>Logs name and address of requesting host </li></ul></ul></ul><ul><ul><ul><li>Verifies if the request is permitted </li></ul></ul></ul><ul><ul><ul><li>Starts the corresponding daemon </li></ul></ul></ul><ul><ul><ul><li>Then the wrapper is deleted from memory </li></ul></ul></ul><ul><ul><li>After an authorized server has started </li></ul></ul><ul><ul><ul><li>It can accept additional connections </li></ul></ul></ul><ul><ul><ul><li>Without consulting the wrapper </li></ul></ul></ul>
  48. 48. How to Configure the TCP Wrapper (continued) <ul><li>How to configure access controls </li></ul><ul><ul><li>Edit /etc/hosts.allow and /etc/hosts.deny files </li></ul></ul><ul><ul><li>Files syntax: daemon: host [: option : option ...] </li></ul></ul><ul><ul><li>Examples </li></ul></ul><ul><ul><ul><li>/etc/hosts.allow: </li></ul></ul></ul><ul><ul><ul><li>ALL: pluto.example.com </li></ul></ul></ul><ul><ul><ul><li>ALL EXCEPT vsftpd: mars.example.com </li></ul></ul></ul><ul><ul><ul><li>vsftpd: andromeda.example.com </li></ul></ul></ul><ul><ul><ul><li>/etc/hosts.deny: </li></ul></ul></ul><ul><ul><ul><li>ALL: ALL </li></ul></ul></ul>
  49. 49. How to Configure the TCP Wrapper (continued)
  50. 50. How to Configure the TCP Wrapper (continued)
  51. 51. How to Configure the TCP Wrapper (continued) <ul><li>How to check the TCP wrapper </li></ul><ul><ul><li>Use tcpdchk command </li></ul></ul><ul><ul><li>tcpdmatch command </li></ul></ul><ul><ul><ul><li>Provides information about how tcpd would handle various types of access attempts </li></ul></ul></ul><ul><ul><li>Moles and trappers </li></ul></ul><ul><ul><ul><li>You can enter shell commands in the configuration files </li></ul></ul></ul><ul><ul><ul><ul><li>To be executed when request matches a pattern </li></ul></ul></ul></ul><ul><ul><ul><li>Example </li></ul></ul></ul><ul><ul><ul><ul><li>ALL: ALL: spawn echo &quot;Access of %u@%h to %d&quot; >> /var/log/net.log </li></ul></ul></ul></ul>
  52. 52. How to Configure the TCP Wrapper (continued)
  53. 53. Exercise 9-3 Configure the Internet Daemon (xinetd) and TCP Wrappers <ul><li>In this exercise, you do the following: </li></ul><ul><ul><li>Part I: Enable xinetd Services with YaST </li></ul></ul><ul><ul><li>Part II: Enable xinetd Services Manually </li></ul></ul><ul><ul><li>Part III: Configure TCP Wrappers </li></ul></ul>
  54. 54. Enable an FTP Server <ul><li>Objectives </li></ul><ul><ul><li>The Role of an FTP Server </li></ul></ul><ul><ul><li>How FTP Works </li></ul></ul><ul><ul><li>Advantages of PureFTPd Server </li></ul></ul><ul><ul><li>How to Install and Run PureFTPd Server </li></ul></ul><ul><ul><li>How to Configure PureFTPd Server </li></ul></ul>
  55. 55. The Role of an FTP Server <ul><li>Basic features: </li></ul><ul><ul><li>Sending, receiving, deleting, and renaming files </li></ul></ul><ul><ul><li>Creating, deleting, and changing directories </li></ul></ul><ul><ul><li>Transferring data in binary or ASCII mode </li></ul></ul><ul><li>Allows accesses after authentication against a password database </li></ul><ul><ul><li>These are the files /etc/passwd and /etc/shadow </li></ul></ul><ul><ul><li>PureFTPd supports authentication against its own password database </li></ul></ul><ul><li>Guest access can be set up as anonymous FTP </li></ul>
  56. 56. How FTP Works <ul><li>Uses two TCP connections </li></ul><ul><ul><li>One sends FTP command (port 21) </li></ul></ul><ul><ul><li>Second connection is created when a file is ready for transfer </li></ul></ul><ul><li>Types of data transfer </li></ul><ul><ul><li>Active data transfer </li></ul></ul><ul><ul><ul><li>FTP client offers FTP server an unprivileged TCP port for data channel connection (port 20) </li></ul></ul></ul><ul><ul><li>Passive data transfer </li></ul></ul><ul><ul><ul><li>FTP server offers FTP client an unprivileged TCP port for a data channel connection </li></ul></ul></ul>
  57. 57. Advantages of PureFTPd Server <ul><li>PureFTPd features: </li></ul><ul><ul><li>Consistent use of chroot environments </li></ul></ul><ul><ul><li>Uncomplicated configuration of virtual FTP servers </li></ul></ul><ul><ul><li>Virtual users independent of the system users listed in the file /etc/passwd </li></ul></ul><ul><ul><li>Configuration via command-line parameters or with a configuration file </li></ul></ul>
  58. 58. How to Install and Run PureFTPd Server <ul><li>Use YaST Install and Remove Software module </li></ul><ul><ul><li>To install the PureFTPd server </li></ul></ul><ul><li>/etc/pure-ftpd/pure-ftpd.conf </li></ul><ul><ul><li>Configuration file </li></ul></ul><ul><li>Run PureFTPd server </li></ul><ul><ul><li>From the command line </li></ul></ul><ul><ul><ul><li>Enter pure-ftpd options </li></ul></ul></ul><ul><ul><li>From a start script </li></ul></ul><ul><ul><ul><li>Enter /etc/init.d/pure-ftpd start (or rcpure-ftpd start) </li></ul></ul></ul><ul><ul><ul><li>Enter rcpure-ftpd stop to stop the service </li></ul></ul></ul>
  59. 59. How to Install and Run PureFTPd Server (continued) <ul><li>Run PureFTPd server (continued) </li></ul><ul><ul><li>From a start script </li></ul></ul><ul><ul><ul><li>insserv /etc/init.d/pure-ftpd to initialize pure-ftp upon start-up </li></ul></ul></ul><ul><ul><li>From inet.d </li></ul></ul><ul><ul><ul><li>Add a corresponding entry to the file /etc/inetd.conf </li></ul></ul></ul><ul><ul><ul><li>Example: </li></ul></ul></ul><ul><ul><ul><ul><li>ftp stream tcp nowait root /usr/sbin/tcpd pure-ftpd -A -i </li></ul></ul></ul></ul>
  60. 60. How to Configure PureFTPd Server <ul><li>How to configure anonymous FTP </li></ul><ul><ul><li>You need to have an FTP user and home directory in the file /etc/passwd </li></ul></ul><ul><ul><ul><li>You do not need to create any subdirectories </li></ul></ul></ul><ul><ul><li>You can also use command pure-ftp </li></ul></ul><ul><ul><li>Files uploaded to the server belong to the user ftp </li></ul></ul><ul><li>How to configure FTP with virtual hosts for anonymous FTP </li></ul><ul><ul><li>Virtual FTP hosts allow a number of FTP sites to be hosted on one machine </li></ul></ul>
  61. 61. How to Configure PureFTPd Server (continued) <ul><li>How to configure FTP with virtual hosts for anonymous FTP (continued) </li></ul><ul><ul><li>Create virtual network devices </li></ul></ul><ul><ul><ul><li>Using ifconfig </li></ul></ul></ul><ul><ul><li>Create symbolic link in /etc/pure-ftpd/ </li></ul></ul><ul><li>How to configure FTP for authorized users </li></ul><ul><ul><li>Important for those who are hosting Web sites </li></ul></ul><ul><ul><li>Use pure-ftpd command </li></ul></ul><ul><ul><ul><li>pure-ftpd -A –E </li></ul></ul></ul><ul><ul><ul><li>pure-ftpd -a 500 -E </li></ul></ul></ul>
  62. 62. How to Configure PureFTPd Server (continued) <ul><li>How to configure FTP with virtual users not included in /etc/passwd </li></ul><ul><ul><li>PureFTP users are separated from system users </li></ul></ul><ul><ul><ul><li>And can only access the system by FTP </li></ul></ul></ul><ul><ul><li>Administer PureFTPd users in a separate database </li></ul></ul><ul><ul><ul><li>Create a system user with useradd </li></ul></ul></ul><ul><ul><ul><li>Create the FTP users with pure-pw </li></ul></ul></ul><ul><ul><ul><li>Specify options such as quotas or size limits in MB </li></ul></ul></ul><ul><ul><ul><li>Regenerate password file using pure-pw mkdb </li></ul></ul></ul><ul><ul><li>Start PureFTPd with -j </li></ul></ul>
  63. 63. How to Manage PureFTPd Logs <ul><li>PureFTPd sends messages to the syslog daemon </li></ul><ul><li>PureFTPd can also write its own log files </li></ul><ul><ul><li>Use option -O format:logfile </li></ul></ul><ul><ul><li>Format can be clf, stats, or w3c </li></ul></ul><ul><ul><li>You can also modify PureFTP configuration file </li></ul></ul>
  64. 64. Exercise 9-4 Configure Anonymous PureFTPd Access <ul><li>In this exercise, you will configure anonymous PureFTPd access </li></ul>
  65. 65. Summary <ul><li>System time is maintained by the interrupt timer </li></ul><ul><ul><li>And obtained from the computer hardware clock </li></ul></ul><ul><li>netdate utility </li></ul><ul><ul><li>Synchronizes system time </li></ul></ul><ul><ul><ul><li>With that of another computer on the network </li></ul></ul></ul><ul><li>NTP </li></ul><ul><ul><li>Accurately coordinates system time on your network </li></ul></ul><ul><li>NTP automatically adjusts for local time drift </li></ul><ul><li>To configure NTP, you may use YaST </li></ul><ul><ul><li>Or edit the /etc/ntp.conf file </li></ul></ul>
  66. 66. Summary (continued) <ul><li>Apache Web server (httpd) </li></ul><ul><ul><li>The most common Web server on Linux systems </li></ul></ul><ul><li>Internet Super Daemon (inetd) or Extended Internet Super Daemon (xinetd) </li></ul><ul><ul><li>Used to start some network daemons </li></ul></ul><ul><li>TCP wrapper daemon (tcpd) </li></ul><ul><ul><li>Used with inetd or xinetd to provide additional security </li></ul></ul><ul><li>File Transfer Protocol (FTP) </li></ul><ul><ul><li>Main TCP/IP protocol to transfer files across the Internet </li></ul></ul>
  67. 67. Summary (continued) <ul><li>PureFTPd server </li></ul><ul><ul><li>Installed and used on SLES to provide FTP services to clients </li></ul></ul><ul><li>Configure PureFTPd </li></ul><ul><ul><li>Use pure-ftpd command </li></ul></ul><ul><ul><li>Or entries in the /etc/pure-ftpd/pure-ftpd.conf file </li></ul></ul>

×