Chapter 06


Published on


Published in: Education, Technology
1 Like
  • Be the first to comment

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Chapter 06

  1. 1. Linux Networking and Security Chapter 6
  2. 2. Configuring Major Network Services <ul><li>Expand the routing capabilities of your Linux server </li></ul><ul><li>Set up your own DNS name server </li></ul><ul><li>Configure a basic email server </li></ul><ul><li>Understand how Linux can excel as a Web server </li></ul>
  3. 3. Dynamic Routing with Routing Protocols <ul><li>Static Routing - the routing table in the Linux kernel is assembled by entries in start-up scripts or by user-entered route commands issued to update the routing table </li></ul><ul><li>Dynamic Routing - the process of using a specialized routing protocol to build and modify routing tables automatically through a network, based on information shared by the routers </li></ul>
  4. 4. Dynamic Routing with Routing Protocols
  5. 5. Dynamic Routing with Routing Protocols <ul><li>Interior routing protocols are designed for routing packets among networks within an organization and they route packets based on mathematical models </li></ul><ul><li>Exterior routing protocols are designed for routing packets between networks controlled by different organizations and they route packets based on administration policies </li></ul><ul><li>All routing protocols communicate between routers to find the most efficient packet route </li></ul>
  6. 6. Routing Information Protocol (RIP) and routed <ul><li>RIP, an interior routing protocol, is the oldest routing protocol still in common use on smaller or simply-routed networks </li></ul><ul><li>RIP defines the best route as that which has the lowest number of routers (hops) to reach the destination network </li></ul><ul><li>RIP is implemented using the routed daemon, which is easy to configure and run </li></ul>
  7. 7. Open Shortest Path First (OSPF) and gated <ul><li>OSPF, an interior routing protocol, is designed to work effectively even in very large networks </li></ul><ul><li>OSPF uses a technique called flooding which allows routers to intelligently construct a chart inside the router that defines the best routing paths </li></ul><ul><li>OSPF is implemented using the gated daemon, which is not installed by default </li></ul>
  8. 8. Popular Routing Protocols
  9. 9. Setting Up a DNS Name Server <ul><li>Domain name service (DNS) is central to the Internet </li></ul><ul><ul><li>When URLs are entered in a Web browser, a DNS server converts the name to an IP address, allowing the client to send a packet to the Web server as requested </li></ul></ul><ul><ul><li>The information in DNS can be thought of as an inverted hierarchical tree, where the top of the tree is called root and is represented by a period </li></ul></ul><ul><ul><li>Users typically don’t refer to roots, but to the last part of domain names called top-level domains </li></ul></ul>
  10. 10. Setting Up a DNS Name Server
  11. 11. Setting Up a DNS Name Server
  12. 12. Setting Up a DNS Name Server <ul><li>Resolving a domain to an IP address using DNS, also called querying the DNS server, stores, or cashes, the conversion information resulting in speedier DNS queries </li></ul><ul><li>Each domain has a master DNS server which contains database files that provide IP addresses to every host in that domain </li></ul><ul><li>Each domain should have a slave DNS server which acts as a backup to the master </li></ul>
  13. 13. Setting Up a Basic Name Server <ul><li>The program that implements a DNS server is called named, the name daemon, which is controlled by a system script in /etc/rc.d/init.d </li></ul><ul><li>named is found in the BIND package on most Linux systems; selecting the Red Hat Linux name server component provides bind-conf, bind-utils, and caching-nameserver </li></ul><ul><li>Caching name servers have no preconfigured domain information, but simply query other DNS servers and cache the results </li></ul>
  14. 14. Setting Up a Basic Name Server <ul><li>Later versions of BIND use the configuration file /etc/named.conf </li></ul><ul><li>This file is divided into five sections: options, controls, three different zones and an include line, which refers to the rndc security file </li></ul><ul><li>A zone is a part of the DNS domain tree for which the DNS server has authority to provide information </li></ul><ul><li>Zone information is contained in files referred to in named.conf </li></ul>
  15. 15. Setting Up a Basic Name Server <ul><li>Zone information is important since it is the information that a DNS query seeks </li></ul><ul><li>These files contain resource records which hold information about a host within a zone that a client can receive through a query </li></ul><ul><li>There are many types of resource records and they have this general format: item-described, time-to-keep-cached, type-of-record, and information-sought </li></ul>
  16. 16. Setting Up a Basic Name Server
  17. 17. Managing the named Server <ul><li>Once the /etc/named.conf configuration file and the zone information files are set up in /var/named, the named daemon is started by entering /usr/sbin/named </li></ul><ul><li>The script used is in /etc/rc.d/init.d </li></ul><ul><li>The rndc utility is used to control the name server from a command line without reloading </li></ul><ul><li>rndc can operate over a network connection, but is used only locally by default </li></ul>
  18. 18. Using bindconf.gui
  19. 19. Using bindconf.gui
  20. 20. Using bindconf.gui
  21. 21. Using bindconf.gui
  22. 22. Using bindconf.gui
  23. 23. Using Command-line Utilities <ul><li>It is important to test the DNS server when it is up and running, and using any of the following utilities requests DNS information about a specific hostname or IP address: </li></ul><ul><ul><li>host provides a brief response showing the IP address of the hostname specified </li></ul></ul><ul><ul><li>nslookup is more complete in that it can be run in interactive mode or from the command line </li></ul></ul><ul><ul><li>dig extracts data from the zone information files of DNS servers for domains requested </li></ul></ul>
  24. 24. Using Command-line Utilities <ul><li>A utility that goes beyond host, nslookup, and dig is nsupdate </li></ul><ul><ul><li>nsupdate allows a user to update zone information files dynamically at the command line </li></ul></ul><ul><ul><li>nsupdate is an interactive utility, with a separate command prompt </li></ul></ul><ul><ul><li>The configuration file /etc/named.conf must be properly updated to allow the use of nsupdate </li></ul></ul>
  25. 25. Using Command-line Utilities
  26. 26. Using Command-line Utilities
  27. 27. Configuring a Basic Email Server <ul><li>Linux email servers include: sendmail, Qmail, Postfix and smail </li></ul><ul><li>Sendmail is the most widely used email server in the world </li></ul><ul><ul><li>The sendmail package contains the sendmail daemon </li></ul></ul><ul><ul><li>Sendmail is started using a script in /etc/rc.d/init.d </li></ul></ul><ul><ul><li>Sendmail is configured using the file /etc/ </li></ul></ul><ul><ul><li>Most email administrators prefer to use the m4 program to configure sendmail </li></ul></ul>
  28. 28. Configuring a Basic Email Server
  29. 29. Configuring a Basic Email Server <ul><li>Email servers use DNS to locate the mail exchanger for a recipient, then hands the message to the sendmail daemon for delivery </li></ul><ul><li>Relaying is when sendmail tries to deliver a message that didn’t originate on the same host where sendmail is running </li></ul><ul><ul><li>One problem with relaying is that spam email generators use it to hide their origin </li></ul></ul><ul><ul><li>Sendmail can be configured to avoid problems such as spamming </li></ul></ul>
  30. 30. Using Forwarding and Aliases <ul><li>Sendmail maintains a forwarding database that contains handling rules for a user’s email </li></ul><ul><ul><li>If a user has moved their principal email account to another server, a line can be added to the forwarding database to redirect their email </li></ul></ul><ul><li>Forwarding relying on single domain names for incoming messages can be done using the aliases file /etc/aliases </li></ul><ul><ul><li>An email alias is another name that delivers email messages to the user </li></ul></ul>
  31. 31. Watching sendmail Work
  32. 32. Watching sendmail Work
  33. 33. Creating a Linux Web Server <ul><li>A Web server is a daemon that accepts requests via HTTP and responds with the requested files </li></ul><ul><li>The most widely used Web server in the world today is Apache </li></ul><ul><li>Apache is included with every standard version of Linux and is usually installed by default </li></ul><ul><li>Other Linux Web servers include: Boa, iPlanet, Servertec iServer, Stronghold, Zues </li></ul>
  34. 34. Creating a Linux Web Server <ul><li>Some of the features that make Apache so popular include: </li></ul><ul><ul><li>A regular development cycle </li></ul></ul><ul><ul><li>Virtual hosting, which allows a single Web server to provide documents for multiple Web sites </li></ul></ul><ul><ul><li>A modular design that allows functionality choices </li></ul></ul><ul><ul><li>Many security options and performance tuning settings </li></ul></ul><ul><ul><li>A broad support base, despite being free software </li></ul></ul>
  35. 35. Creating a Linux Web Server <ul><li>Apache is started from the standard script /etc/rc.d/init.d/httpd </li></ul><ul><li>Apache configuration files are stored in /etc/httpd/conf </li></ul><ul><li>The main configuration file, httpd.conf, contains hundreds of configurations options called directives, that affect global and local operation of Apache </li></ul>
  36. 36. Creating a Linux Web Server <ul><li>Apache can keep a connection active, or alive, after a file is transferred </li></ul><ul><li>Apache uses a master server to spawn additional servers that handle client requests </li></ul><ul><li>many features of Apache are implemented as loadable modules where the user defines what their copy of Apache will do by what modules are selected for inclusion </li></ul>
  37. 37. Creating a Linux Web Server <ul><li>Much of the httpd.conf file is organized into containers, special directives that activate other directives upon certain conditions </li></ul><ul><li>Virtual hosting is the feature of Apache that lets a single copy of Apache serve documents for several Web sites </li></ul><ul><li>Apache can act as a proxy server, which intercepts requests from clients and forwards them as if they came from the proxy server rather than the original client </li></ul>
  38. 40. Chapter Summary <ul><li>Routing tables guide the Linux kernel in sending packets to their final destination on distant networks </li></ul><ul><li>Interior routing protocols are used within an organization using mathematical algorithms to determine how to route packets </li></ul><ul><li>Exterior routing protocols are used for routing packets among organizations, based on policy decisions about which specific sources of routing information are to be trusted - and how much </li></ul><ul><li>The routed daemon implements RIP on Linux, but typically only for small networks </li></ul>
  39. 41. Chapter Summary <ul><li>OSPF is a highly effective interior routing protocol which builds a chart of the status of all routers that it knows of, determining the best route based on a complex mathematical algorithm </li></ul><ul><li>The gated daemon supports RIP version 2 with classless addressing, OSPF, and BGP on Linux </li></ul><ul><li>DNS is an Internetwide information hierarchy used to provide hostname-to-IP-address matching and IP-address-to-hostname address matching </li></ul><ul><li>Queries about a given hostname usually begin with one of the Internet’s root DNS servers </li></ul>
  40. 42. Chapter Summary <ul><li>A zone is part of a domain about which a particular DNS server is authorized to provide information </li></ul><ul><li>Reverse DNS provides a security mechanism that is widely used to prevent unauthorized users from completing queries to various network services </li></ul><ul><li>Setting up a simple caching name server to forward DNS queries to another name server makes efficient use of network bandwidth for many small networks </li></ul><ul><li>The DNS protocol is implemented in Linux by the named daemon, which is part of the BIND collection of programs </li></ul>
  41. 43. Chapter Summary <ul><li>Resource records hold information about a host within a zone that clients can receive through queries </li></ul><ul><li>The Start of Authority (SOA) record defines how to reach the DNS administrator for a zone </li></ul><ul><li>bindconf.gui is one utility used to configure named </li></ul><ul><li>The host, nslookup, and dig commands let you query a DNS server from the command line </li></ul><ul><li>The nsupdate utility lets you update DNS zone information over a network, on the fly </li></ul><ul><li>Popular Linux email servers include sendmail (most popular), Qmail, Postfix, and smail </li></ul>
  42. 44. Chapter Summary <ul><li>Startup options for sendmail are configured via /etc/sysconfig/sendmail, but sendmail is most often configured through the /etc/ file </li></ul><ul><li>Spam is a source of great concern and annoyance to email server administrators, and email servers provide many features to control this problem </li></ul><ul><li>Aliases are a popular way to redirect email or create small mailing lists via sendmail </li></ul><ul><li>Apache is the most widely used Web server and it is included with all standard distributions of Linux </li></ul><ul><li>One copy of Apache is the master server and it controls Apache copies that handle client requests </li></ul>
  43. 45. Chapter Summary <ul><li>Most functions in Apache are performed by loadable modules, configured using directives in httpd.conf </li></ul><ul><li>Apache uses directives to control access to the server on a per-directory basis, and can also host multiple Web sites using virtual hosting directives </li></ul><ul><li>Apache supports advanced features like virtual hosting and acting as a proxy server </li></ul>