SlideShare a Scribd company logo

Network and System Administration Power Point

Download as PPTX, PDF
K
kemal678348

This PPT prepared focus on how to manage Linux server using command line and GUI mode

Technology
1 of 266
Network and System Administration B.Sc. in Computer Science Preparedby kehussen12@gmail.com ASSOSA UNIVERSITY COLLEGE OF COMPUTING & INFORMATICS
Chapter One Introduction to System and Network Administration
What is a System Administrator? Someone who takes care of the systems others are using. System Running smoothly and efficiently Users able to work in Easy and Efficient Manner
Sysadmin .sig file “My job is like an airplane pilot's -- When I'm doing it well, you might not even notice me, but my mistakes are often quite spectacular.” Source: Unknown
System Administration Tasks ❏ User Management ❏ Hardware Management ❏ Software Management ❏ System Monitoring & Troubleshooting ❏ Documentation & Help Desk ❏ Backups ❏ Automation, Planning, Policies, and Auditing ❏ Firefighting!!!
The Good… ❏Lots of variety ❏Challenging ❏Fulfilling ❏Pays well ❏Very employable
The Bad… ❏Annoying at times ❏Users ❏Management ❏Vendor Tech Support ❏Long hours ❏May not be your only job
Code of Ethics ❏Professionalism ❏Personal Integrity ❏Privacy ❏Laws and Policies ❏Communication ❏System Integrity ❏Education ❏Responsibility to Computing Community ❏Social Responsibility ❏Ethical Responsibility
Overview of the OSs
UNIX Introduction to Linux • Unix is a multi-user, multi-tasking operating system. • You can have many users logged into a system simultaneously, each running many programs. • It's the kernel's job to keep each process and user separate and to regulate access to system hardware, including cpu, memory, disk and other I/O devices.
History of UNIX Introduction to Linux • First Version was created in Bell Labs in 1969. • Some of the Bell Labs programmers who had worked on this project, Ken Thompson, Dennis Ritchie, Rudd Canaday, and Doug McIlroy designed and implemented the first version of the Unix File System on a PDP-7 along with a few utilities. It was given the name UNIX by Brian Kernighan. • 00:00:00 Hours, Jan 1, 1970 is time zero for UNIX. It is also called as epoch.
…Cont’d Introduction to Linux • 1973 Unix is re-written mostly in C, a new language developed by Dennis Ritchie. • Being written in this high-level language greatly decreased the effort needed to port it to new machines.
…Cont’d Introduction to Linux • 1977 There were about 500 Unix sites world-wide. • 1980 BSD 4.1 (Berkeley Software Development) • 1983 SunOS, BSD 4.2, System V • 1988 AT & T and Sun Microsystems jointly develop System V Release 4 (SVR4). This later developed into UnixWare and Solaris 2. • 1991 Linux was originated.
What is LINUX Introduction to Linux • Linux is a free Unix-type operating system originally created by Linus Torvalds with the assistance of developers around the world. • It originated in 1991 as a personal project of Linus Torvalds, a Finnish graduate student. • The Kernel version 1.0 was released in 1994 and today the most recent stable version is 2.6.9 • Developed under the GNU General Public License , the source code for Linux is freely available to everyone.
LINUX Distributions Introduction to Linux • Mandrake: http://www.mandrakesoft.com/ • RedHat: http://www.redhat.com/ • Fedora: http://fedora.redhat.com/ • SuSE/Novell: http://www.suse.com/ • Debian: http://www.debian.org/
UNIX Structure Introduction to Linux
UNIX File System Introduction to Linux
Unix-like Systems vs Windows Systems ❏ They are two different types of operating systems used in computers. ❏ Unix-like systems, such as Linux and macOS, are based on the Unix operating system. ❏ They are known for their stability, security, and open-source nature. ❏ Unix-like systems use a command-line interface, which can be more difficult to learn for beginners, but allows for more advanced control and automation of tasks.
…Cont’d ❏ On the other hand, Windows systems are developed by Microsoft and are known for their user-friendly interface and compatibility with a wide range of software. ❏ Windows systems are more widely used in personal computers, and are often the go-to choice for businesses that use Microsoft Office applications and other Windows-specific software. ❏ There are also differences in the way these operating systems handle file systems, networking, and security. Unix-like systems often use a hierarchical file system, while Windows systems use a drive-letter system.
…cont’d ❏ Ultimately, the choice between Unix-like systems and Windows systems depends on the needs of the user. ❏ Unix-like systems are favored by programmers, developers, and researchers who need a stable and secure system that is easily customizable. ❏ Windows systems are favored by general users and businesses that require compatibility with Microsoft Office applications and other Windows-specific software.
Linux Distributions and UIs In addition to these distributions, there are many other options available, each with its own unique features and focus. The UIs available on Linux include GNOME, KDE, Xfce, LXDE, and others.
Linux Operations Review ➔ File system navigation: move from one directory to another directory (cd) ➔ File management: creating, copying, moving, and deleting files. ➔ Package management: install, update, and remove software packages ➔ Process management: managing processes, such as "ps" to list running processes, "kill" to terminate a process ➔ User management:creation and management of user accounts ➔ Networking:Linux offers a range of networking commands for configuring network settings, such as "ifconfig" to display network interface information
File system Hierarchy and Standard The File system Hierarchy Standard (FHS) is a standard that defines the structure of the file system on Linux and other Unix-like operating systems. ★ Here is a brief overview of the file system hierarchy and standard in Linux: 1. / (root): The root directory of the file system, which contains all other directories and files. 2. /bin: Contains executable files that are necessary for the system to function, such as basic system utilities like "ls", "cd", and "cp". 3. /etc: Contains system configuration files, such as configuration files for networking, users, and system services. 4. /home: Contains user home directories, which are used to store user-specific files and configuration settings. 5. /dev: Contains device files, which are used to represent hardware devices in the system. 6. /proc: Contains virtual files that provide information about system resources, such as memory usage and CPU usage.
Single-rooted hierarchy ● A single-rooted hierarchy is a type of file system hierarchy in which all directories and files are arranged in a tree-like structure with a single root directory. ● This means that all files and directories can be accessed relative to the root directory ● Unix/Linux file systems are a good example of a single-rooted hierarchy.
Seamless file systems ● file systems that integrate multiple physical or virtual storage devices into a single logical file system. ● This allows users to access data stored on different devices as if they were stored in a single location, without needing to know the details of the underlying storage architecture. ● Some examples of seamless file systems include Distributed File System (DFS) and GlusterFS.
Extensible file system ● A file system that can be extended or modified without requiring significant changes to the underlying file system architecture. ● This allows the file system to adapt to changing storage requirements and accommodate new features or technologies. ● One example of an extensible file system is the Extended File System (ext) used by many Linux distributions.
Some examples of file system standards ● File Allocation Table (FAT): A file system standard used by many older versions of Windows and DOS. ● New Technology File System (NTFS): A file system standard used by modern versions of Windows. ● Extended File System (ext): A file system standard used by many Linux distributions. ● Universal Disk Format (UDF): A file system standard used for optical media such as DVDs and Blu-ray discs. ● Hierarchical File System (HFS): A file system standard used by macOS. ● Apple File System (APFS): A file system standard used by modern versions of macOS and iOS.
…Cont’d ● Network File System (NFS): A file system standard used for sharing files between computers on a network. ● Common Internet File System (CIFS): A file system standard used for sharing files between computers on a network, primarily in Windows environments.
Essential Shell Commands ❏ Here are some essential shell commands that are commonly used: ❏ cd: Change directory. Used to navigate the file system by changing the current working directory. ❏ ls: List files. Used to display the contents of a directory, including files and subdirectories. ❏ mkdir: Make directory. Used to create a new directory. ❏ rmdir: Remove directory. Used to delete an empty directory. ❏ rm: Remove. Used to delete a file or directory (with the "-r" option).
...Cont’d ❏ cp: Copy. Used to copy files or directories. ❏ mv: Move. Used to move files or directories. ❏ cat: Concatenate. Used to display the contents of a file ❏ echo: Used to display a message on the screen or to redirect output to a file.
…Cont’d ❏ pwd: Print working directory. Used to display the current working directory. ❏ ps: Process status. Used to display information about running processes. ❏ top: Used to display real-time information about system processes. ❏ sudo: Superuser do. Used to execute commands with administrative privileges. ❏ ssh: Secure shell, used to connect to remote system over a secure network connection ❏ tar: Tape archive. Used to create and extract compressed archive files.
Advanced Shell Features Shell scripting is a powerful tool for automating tasks on Linux and other Unix- like systems. Here are some advanced shell features that can help users create more powerful and efficient shell scripts: ★ Variables: Variables are used to store values that can be used later in a script. Variables can be set using the "=" operator, such as "name=John". To use the value of a variable, it can be referenced by using "$" followed by the variable name, such as "$name".
…cont’d ● Input/output redirection: Input/output redirection allows users to redirect the input or output of a command to a file or another command. The ">" operator is used to redirect the output of a command to a file, while the "<" operator is used to redirect the input of a command from a file. For example: "ls > file.txt". ● These are just a few of the many advanced shell features that are available on Linux and other Unix-like systems. By mastering these features, users can create powerful and efficient shell scripts to automate tasks and improve their workflow.
Chapter Two Account and Security Administration
User and Group In Linux and other Unix-like systems, users and groups are used to manage access to system resources such as files and directories. ❏ Users: A user is a person who accesses the system and performs tasks. ➢ Each user is identified by a unique username and has their own home directory, which is used to store their personal files and configurations. ❏ Groups: A group is a collection of users who share common permissions and access to system resources. ➢ Each group is identified by a unique group name and has a group ID (GID).
User Private Group Scheme ❏ The User Private Group (UPG) scheme is a security model used in Linux and other Unix-like systems to provide each user with their own private group. ❏ Under this scheme, when a new user is created, a new group is also created with the same name as the user and the user is added to that group. ❏ This ensures that each user has their own private group and that their files and directories are not accessible by other users by default.
User and Group Administration ❏ In Linux and other Unix-like systems, user administration and group administration are important tasks that system administrators perform to manage users and groups. A. User administration: involves creating, modifying, and deleting user accounts. B. Group Administration: Group administration involves creating, modifying, and deleting groups.
Linux Commands adduser: create new user account. eg. sudo adduser cs. After this command we will fill like password, full name and so on.. Optional sudo : to use admin privilege/root cs: username 1002: user & group ID (UID)
passwd: to change password. Sudo passwd cs Addgroup: to create new group on the system userdel/deluser: Delete user account Usermod: Modify user account eg . change username, adduser to another group etc.. Eg. to delete user account cs Eg to change username cs to jack sudo deluser cs sudo usermod -l jack cs
gpasswd: to change group account password, to remove group account passwd and many other function by adding --options. Add user cs to group sysadmin
To remove sysadmin Password groupmod : used to modify group account eg. rename group sysadmin to cstutorial usermod : used to modify user account Read for detail user and group administration! old username username
Password Aging and Default User Files ➔ Password aging: Password aging is a security feature in Linux and other Unix- like systems that forces users to change their passwords periodically. ◆ Password expiration: Password expiration is the process of forcing users to change their passwords after a certain period of time. ● This can be configured using the "chage" command, which sets the password expiry date for a user.
Setting password and account period (days) using chage command
…Cont’d ➔ Default user files: Default user files are files that are created automatically when a new user account is created. ◆ The following are some of the key default user files: ● Bash profile: contains environment variables, aliases, and other settings. ● Bashrc: used to set system-wide environment variables, aliases, and other settings. And it is found in /etc ● Home directory: created automatically for each user account.
Managing files and folder permission ❏ In Linux and other Unix-like systems, managing file and folder permissions is an important task that system administrators need to perform to ensure system security and control access to system resources. ❏ Here is an overview of how to manage file and folder permissions: 1. File permissions: File permissions are used to control access to individual files. ■ The following are the three types of file permissions: ● Read permission: Allows the user to read the contents of the file. ● Write permission: Allows the user to modify the contents of the file. ● Execute permission: Allows the user to execute the file if it is a program or a script.
….Cont’d ➔ Each file permissions represented by Read = r Write = w Execute = x Or a number from 0 -7 The file permissions are represented by a series of numbers or letters. The first character indicates the type of file (d for directory, - for a regular file, and l for a symbolic link), followed by three sets of permissions for the owner, group, and other users.
…Cont’d Directory file Regular file (none folder files like .txt, .ppt, .docx, .sh ) Default file
…Cont’d 2. Folder permissions: are used to control access to directories and the files they contain. ◆ The following are the three types of folder permissions: ● Read permission: Allows the user to list the contents of the folder. ● Write permission: Allows the user to create, delete, and modify files and folders within the directory. ● Execute permission: Allows the user to access the contents of the folder. ⍈ The folder permissions are also represented by a series of numbers or letters, similar to file permissions.
…Cont’d 3. Managing file and folder permissions: The following are some of the key commands used to manage file and folder permissions: i. chmod: Used to change file and folder permissions. ii. chown: Used to change the owner of a file or folder. iii. chgrp: Used to change the group of a file or folder. Assume we have a file called test.txt and cs4thyear folder The first rwx is for owner of the folder, the second r-x is for group and the third r-x for guest Linux command
…Cont’d ❏ The chmod command is the most commonly used command for managing file and folder permissions. ❏ It can be used to add or remove permissions, set permissions for the owner, group, or other users, and set permissions using numeric or symbolic modes. ❏ Numeric mode: from 0 to 7 ❏ Symbolic mode: r w x
Managing File Ownership ❖ system administrators need to perform to ensure system security and control access to system resources. ❖ Here is an overview of how to manage file ownership: ➢ File ownership: File ownership refers to the user and group that are associated with a file. ➢ Managing file ownership: The following are some of the key commands used to manage file ownership: ■ chown: Used to change the owner of a file or folder. ■ chgrp: Used to change the group of a file or folder. The chown and chgrp commands are used to change the ownership of a file or folder. The syntax of the commands is as follows: (next slide)
…cont’d General Syntax: OR ➔ The first command changes the owner of the file to the specified user, ➔ while the second command changes both the owner and the group of the file to the specified user and group. chgrp command is used to change the group of a file or folder. Read for detail and try practical!
Controlling Access to files (ACLs) ❖ Are an additional mechanism for controlling access to files and folders. ❖ ACLs are used in conjunction with file and folder permissions. ➢ key commands used to manage file and folder permissions and ACLs: ● chmod: Used to change file and folder permissions. ● chown: Used to change the owner of a file or folder. ● chgrp: Used to change the group of a file or folder. ● setfacl: Used to set ACLs on files and folders. ● getfacl: Used to view ACLs on files and folders.
…Cont’d General Syntax: To give full permission(read, write and execute) for user kemal to file a.txt For further example, you can get the writing syntax of ACLs Setfacl --help Quiz(3%) 1. Write linux command to give read only permission for user john to file1.txt using ACLs
…Cont’d To view ACLs
Managing Disk Quotas ❏ disk quotas are used to limit the amount of disk space that users and groups can use on a file system. ❏ This is an important feature for system administrators who need to manage disk space usage and prevent users from filling up the file system. A. Enabling disk quotas: Disk quotas must be enabled on a file system before they can be used This is typically done by editing the file system /etc/fstab file and adding the usrquota and/or grpquota options to the mount options for the file system. For example: This line enables user and group quotas on the /home file system
…Cont’d B. Setting up quotas: Once disk quotas are enabled, quotas must be set up for individual users or groups. This is done using the edquota command. The syntax of the command is as follows: OR
…Cont’d C. Monitoring quotas: Once quotas are set up, they can be monitored using the quota command. The syntax of the command is as follows: OR This command displays the current disk usage and quota limits for the specified user or group.
…Cont’d D. Adjusting quotas: Quotas can be adjusted using the edquota command. The administrator can edit the quota configuration file for a user or group to increase or decrease their quota limits. Overall, managing disk quotas is an important task in Linux and other Unix- like systems that system administrators need to perform to manage disk space usage and prevent users from filling up the file system. By enabling, setting up, monitoring, and adjusting quotas, system administrators can effectively manage disk usage and ensure that disk space is available for critical system processes and applications.
Chapter Three File System and Management of Data storage
File System What is a File System? ❑ A file system is a way of organizing and managing files on a storage device. ❑ Such as: a hard disk drive or solid-state drive ❑ It provides a logical structure for organizing files and directories. ❑ allows users to access and manage those files.
Types of File Systems ● FAT: The File Allocation Table (FAT) ○ widely-used file system that was originally developed for floppy disks and other small storage devices. ○ . It is still used today on some USB drives and other portable storage devices. ● NTFS: The New Technology File System (NTFS) ○ more advanced file system developed by Microsoft for use on Windows computers. ○ It supports larger file sizes, more efficient use of disk space, and better security features than FAT. ● EXT: The Extended File System (EXT) ○ file system used on Linux and other Unix-like operating systems ○ designed for use with the Linux kernel and provides features such as journaling and support for file permissions.
…Cont’d ● APFS: The Apple File System (APFS) ○ a modern file system developed by Apple for use on its macOS, iOS, and other operating systems. ○ It is designed to be fast, secure, and efficient, and provides features such as encryption and snapshotting.
File System Administration Tasks ● Partitioning: This involves dividing a hard drive or other storage device into multiple partitions, each with its own file system. ● Formatting: Once a partition has been created, it needs to be formatted with a file system. ● Mounting: When a file system is mounted, it is made available for use by the operating system and applications. ● Managing file permissions: File system administrators need to manage permissions for files and directories, determining who has access to them and what actions they can perform.
…Cont’d • Monitoring disk usage: It's important to keep track of how much disk space is being used and ensure that there is enough free space available for new files and applications. • Backing up and restoring data: Backing up important files and data is crucial for preventing data loss in the event of a system failure or other disaster. File system administrators need to develop and implement backup and recovery strategies to ensure data can be restored if necessary.
● fdisk is a command-line utility for partitioning disks on Linux systems. Here's how you can use it to partition a disk: ○ Step1 Open terminal ○ Step2 write fdisk /dev/sdX , where X is the driver letter ○ Step3 fdisk will display a warning message about potentially destructive actions. Press "n" to create a new partition. ○ Step4 Follow the prompts to specify the partition type, starting and ending sectors, and other details about the new partition. ○ Step5 Repeat the process to create additional partitions as needed. ○ Step6 Once you have created all of the partitions you need, press "w" to write the changes to disk and exit fdisk. Partitioning disk with fdisk and parted
..Cont’d sda has 3 partitions: sda1,sda2,sda5 sdb has no partitions
create partitions in disk sdb to ceate new partition
…Cont’d now, primary partition sdb1 created from disk sdb
…Cont’d ● parted is another command-line utility for partitioning disks on Linux systems. Here's how you can use it to partition a disk: 1. Open a terminal window and log in as the root user or use the sudo command to run parted with root privileges. 2. Type "parted /dev/sdX" to start parted, where "X" is the letter corresponding to the disk you want to partition. For example, if you want to partition the first hard disk in the system, you would use "parted /dev/sda". 1. Repeat the process to create additional partitions as needed. 2. Once you have created all of the partitions you need, use the "quit" command to exit parted. mkpart primary ext4 0% 20GB 3. Type mkpart <partition type> <file type> <starting sector> <ending sector>
…Cont’d Newly created partition
..Cont’d To delete partition Open Terminal sudo fdisk /dev/sdx where x is partition name eg. /dev/sda Enter d to delete partition Enter partition number eg. if partition is at /dev/sda1 Enter 1 Enter w to write on the disk quit mkfs.ext4 /dev/sda1
…Cont’d ● Both fdisk and parted are powerful tools for partitioning disks, and can be used to create complex partition layouts with multiple partitions of different types and sizes. It's important to be careful when using these tools, as errors or mistakes can result in data loss or other problems. Be sure to backup important data before making any changes to disk partitions.
Creating a file system ● To create a new file system on a disk partition, you can use the mkfs command followed by the type of file system you want to create (e.g., ext4, xfs, btrfs, etc.) and the name of the partition you want to format. This command will format the first partition on the first hard disk in the system with the ext4 file system.
Mounting a file system ● To mount a file system, you first need to create a mount point (i.e., a directory where the file system will be accessible). You can use the mkdir command to create a new directory for this purpose.
Maintaining a file system ● To maintain a file system, there are several tools and commands available on Linux systems. • df: displays information about disk usage and available space on file systems • du: displays information about disk usage of files and directories • fsck: checks and repairs file system errors • tune2fs: allows you to tune various parameters of an ext2, ext3, or ext4 file system • xfs_repair: checks and repairs XFS file systems
…Cont’d Check disk usage on /home directory Display disk free space with human readable format
Swap ● Swap is an area on a hard drive that is used as a virtual memory extension when the physical memory (RAM) is full. Linux systems typically use a dedicated swap partition or a swap file to provide this functionality. ● Creating a swap partition 1. Determine the size of the swap partition you need 2. Use a partitioning tool like fdisk or parted to create a new partition on your hard drive. Make sure to set the partition type to "Linux swap" (type code 82). 3. Format the new partition with the mkswap command.
…Cont’d To make the swap partition persistent across reboots, add an entry for it in the /etc/fstab file.
Determining disk usage with du and df ● du: used to estimate the space used by file and directories. ● df: used to display the amount of disk space available on file systems. For further du and df usage, enter du –help and df --help
Configuring Disk Quota ● Disk quotas are a feature of the Linux file system that allows system administrators to limit the amount of disk space a user or group can use. ● To configure disk quota, Step 1: Enable Quota Support go to /et/fstab and adding user and group quota
…Cont’d mount -o remount /home sudo apt-get install quota /home 0 0 1000 2000 0 0 //edit the /etc/quotatab sudo edquota cs //where cs is username sudo repquota /home to monitor disk usage quota In the fstab file, the number 2 specifies the order in which file systems are checked for errors at boot time.
Logical volume management and RAID ❏ Logical Volume Management (LVM) and Redundant Array of Independent Disks (RAID) are two technologies that can help manage and protect data on Linux systems. ❏ Logical Volume Management (LVM) ❏ LVM is a technology that allows you to create logical volumes from multiple physical volumes (such as hard drives or partitions), and manage them as a single, flexible storage pool. ❏ With LVM, you can easily resize volumes, add or remove physical storage, and take snapshots of volumes for backups or testing purposes.
In this diagram, we have three physical disks at the bottom, disk 1 has three partitions (sky, green and red colors), disk 2 has only one partitions (red ones) and disk 3 has two partitions (red and green). There are two logical volume group LV1 & LV2. /boot directory found in disk 1 / directory found in LV1 and LV1 can access two partitions from Disk1 and one partition from Disk 3 /home directory found in LV2 and LV2 uses one partition from each (three) disks
Redundant Array of Independent Disks (RAID)  Stands for Redundant Array of Independent Disks.  It’s a technology that enables greater levels of performance, reliability and/or large volumes when dealing with data.  How?? By concurrent use of two or more ‘hard disk drives’.  How Exactly?? Mirroring, Stripping (of data) and Error correction techniques combined with multiple disk arrays give you the reliability and performance.
RAID 0  It splits data among two or more disks.  Provides good performance.  Lack of data redundancy means there is no fail over support with this configuration.  Used in read only NFS systems and gaming systems
RAID 0  In the diagram to the right, the odd blocks are written to disk 0 and the even blocks to disk 1 such that A1, A2, A3, A4, … would be the order of blocks read if read sequentially from the beginning.
RAID 1  RAID1 is ‘data mirroring’.  Two copies of the data are held on two physical disks, and the data is always identical.  Twice as many disks are required to store the same data when compared to RAID 0.  Array continues to operate so long as at least one drive is functioning.
RAID 1  This type of RAID uses mirroring to copy data across two or more hard drives, providing redundancy in case of a drive failure.  However, it requires at least two drives, and you lose half of your available storage capacity due to the mirroring.
RAID 5  RAID 5 is an ideal combination of good performance, good fault tolerance and high capacity and storage efficiency.  An arrangement of parity and CRC to help rebuilding drive data in case of disk failures.  “Distributed Parity” is the key word here.
In this diagram parity code is distributed across each disk.
RAID 10  Combines RAID 1 and RAID 0.  Which means having the pleasure of both - good performance and good failover handling.  Also called ‘Nested RAID’.
Implementations Software based RAID: ● Software implementations are provided by many Operating Systems. ● A software layer sits above the disk device drivers and provides an abstraction layer between the logical drives(RAIDs) and physical drives. ● Server's processor is used to run the RAID software. ● Used for simpler configurations like RAID0 and RAID1.
Hardware based RAID: • A hardware implementation of RAID requires at least a special-purpose RAID controller. • On a desktop system this may be built into the motherboard. • Processor is not used for RAID calculations as a separate controller present. A PCI-bus-based, IDE/ATA hard disk RAID controller, supporting levels 0, 1, and 01.
Chapter Four TCP/IP Networking
TCP/IP Basics ● TCP/IP (Transmission Control Protocol/Internet Protocol) is a set of networking protocols used for communication over the internet. ● TCP/IP protocol suite provides end-to-end connectivity that enables data to be transmitted reliably over a network.
OSI and Protocol Stack Network Access
TCP/IP Protocol Suites
…Cont’d  TCP is a connection-oriented protocol that provides reliable data transmission.  ensuring that the data is delivered without errors and in the correct order.  It establishes a connection between two devices and manages the flow of data between them.  TCP also handles congestion control, which helps to prevent network congestion by slowing down the rate at which data is transmitted.
…Cont’d  IP is a connectionless protocol that provides addressing and routing services.  IP packets contain:-  Source address  Destination address  Source Address:- is an address of a device which intended to send data and Destination address is address of a device that intended to receive data.
…Cont’d  Together, TCP and IP form the basis of the internet protocol suite, and are used to transmit data over the internet.  Other protocols in the TCP/IP suite include UDP (User Datagram Protocol),  which is a connectionless protocol that provides fast but unreliable data transmission,  ICMP (Internet Control Message Protocol), which is used for network diagnostics and troubleshooting.
TCP/IP Applications  Web Browsing  E-mail  File Sharing  Video Streaming  It is a critical component of the internet and is used by billions of devices worldwide to communicate with each other.
IP ● Responsible for end to end transmission ● Sends data in individual packets ● Maximum size of packet is determined by the networks ○ Fragmented if too large ● Unreliable ○ Packets might be lost, corrupted, duplicated, delivered out of order
IP addresses ● 4 bytes ○ e.g. 10.141.5.19 ○ Each device normally gets one (or more) ○ In theory there are about 4 billion available ● But…
Routing ● How does a device know where to send a packet? ○ All devices need to know what IP addresses are on directly attached networks ○ If the destination is on a local network, send it directly there
…Cont’d ● If the destination address isn’t local ○ Most non-router devices just send everything to a single local router ○ Routers need to know which network corresponds to each possible IP address
Allocation of addresses ● Controlled centrally by ICANN ○ Fairly strict rules on further delegation to avoid wastage ■ Have to demonstrate actual need for them ● Organizations that got in early have bigger allocations than they really need
IP packets ● Source and destination addresses ● Protocol number ○ 1 = ICMP, 6 = TCP, 17 = UDP ● Various options ○ e.g. to control fragmentation ● Time to live (TTL) ○ Prevent routing loops
ARP : Address Resolution Protocol ● ARP provides mapping 32bit IP address <-> 48bit MAC address 128.97.89.153 <-> 00-C0-4F-48-47-93 ● ARP cache maintains the recent mappings from IP addresses to MAC addresses Protocol 1. ARP request broadcast on Ethernet 2. Destination host ARP layer responds
DHCP ● Dynamic Host Configuration Protocol ○ Used to tell a computer what IP address to use ○ Device broadcasts a request from IP 0.0.0.0 ■ If it had an IP address before, asks for the same one again ○ Server (or relay) on local network responds telling it which to use (or ignores it, or tells it go away) ■ “Lease time” telling it how long that IP will be valid for ■ Device requests renewal of lease after ¾(?) elapsed
Configuring Linux Box as Router  Configuring a Linux box for networking involves several steps.  setting up network interfaces,  configuring IP addresses,  and setting up routing.
…cont’d 1. Identify network interfaces: Check the available network interfaces on the Linux box using the “ ip link show “ Command. 2. Configure network interfaces: Edit the interface configuration files located in the auto eth0 iface eth0 inet dhcp //to set dhcp address /etc/network/interfaces
…cont’d 1. Identify network interfaces: Check the available network interfaces on the Linux box using the “ ip link show “ Command. 2. Configure network interfaces: Edit the interface configuration files located in the auto eth0 iface eth0 inet static //to set static address address 192.168.0.2 netmask 255.255.255.0 broadcast 192.168.0.255 gateway 192.168.0.1 /etc/network/interfaces
…cont’d 3. Configure DNS: Edit the “/etc/resolv.conf” file to add the DNS server IP addresses. For example, to add the Google DNS servers, add the following lines: nameserver 8.8.8.8 nameserver 8.8.4.4 Name servers translate the domain name into an IP address, connecting information that's easy for humans to understand with information that's easy for computers to understand
…cont’d 4. Configure routing: Use the “ip route” command to configure routing. For example, to add a default route through the gateway with IP address 192.168.0.1, use the following command: ip route add default via 192.168.0.1 5.Test network connectivity: Test network connectivity by pinging other devices on the network or the internet. For example, to ping Google's DNS server, use the following command: ping 8.8.8.8
Configuring a Linux Box as a Router ● What is router? A router is a device that connects two or more packet-switched networks or subnetworks.  Configuring a Linux box as a router involves several steps, including enabling IP forwarding, configuring network interfaces, and setting up routing.
General guide 1. Enable IP forwarding: IP forwarding allows the Linux box to forward packets between network interfaces. to enable IP forwarding, edit the “/etc/sysctl.conf” file and uncomment the following line: net.ipv4.ip_forward=1 then run sudo sysctl -p /etc/sysctl.conf to apply the change
…Cont’d 2. Configure network interface For example, if the Linux box has two network interfaces, eth0 and eth1, with IP addresses 192.168.1.1 and 192.168.2.1, respectively, edit the “/etc/network/interfaces” file and add the following lines: auto eth0 iface eth0 inet static address 192.168.1.1 netmask 255.255.255.0 auto eth1 iface eth1 inet static address 192.168.2.1 netmask 255.255.255.0
…Cont’d 3. Configure NAT: Network Address Translation (NAT) allows the Linux box to translate private IP addresses used on the local network to a public IP address used on the internet. To configure NAT, use the following commands: sudo iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE sudo iptables-save | sudo tee /etc/iptables/rules.v4 This will configure NAT for outgoing traffic on the eth0 interface.
…Cont’d 4. Configure routing: Use the “ ip route ” command to configure routing. For example, to add a route to the 192.168.2.0/24 network through the eth1 interface, use the following command: sudo ip route add 192.168.2.0/24 dev eth1 This command allow eth1 will provide address for hosts from 192.160.2.0 – 192.168.2.255
…Cont’d 4. Test network connectivity: Test network connectivity by pinging other devices on the network or the internet ping 192.168.2.x, where x is a number from 0 -255
Configuring a Web Server (Apache)  What is web server? Web server is a computer where the web content is stored. Basically web server is used to host the web sites but there exists other web servers also such as gaming, storage, FTP, email etc. Web site is collection of web pages while web server is a software that respond to the request for web resources.
…Cont’d
Configure Apache server 1. Installing Apache sudo apt install apache2 2. Configure Apache By goto /etc/apach2 direrctory configure the following line:  apach2.conf  ports.conf  sites-available/default 3. Create web content inside /var/www/html
…Cont’d 4. Deploy web contents Making it accessible to web server . Web content file have correct file permissions and file ownership. http://192.168.1.100 IP address of web server
 What is DNS? And how it work? DNS Server (BIND) The Domain Name System (DNS) is the phonebook of the Internet. When users type domain names such as ‘google.com’ or ‘facebook.com’ into web browsers, DNS is responsible for finding the correct IP address for those sites. Browsers then use those addresses to communicate with origin servers or CDN edge servers to access website information.
DNS Server (BIND)
How DNS work?
Configuring DNS server  Install BIND: Install the BIND DNS server using the package manager for the Linux distribution being used.  Configure BIND: Edit the BIND configuration files located in the “/etc/bind” directory to configure the server. sudo apt-get install bind9 named.conf named.conef.options named.conf.local
Cont’d  Set up DNS zones: Set up DNS zones for the domain names being served by the DNS server.  There are two types of DNS zones:  Forward Zone:- map domain name to ip address  Reverse Zone:- map ip address to domain name
Options • Go to /etc/bind folder and edit named.conf.options file recursion yes; listen-on {your server IP address;}; allow-transfer {none;} //to disable zone transfer by default forwarders { your nameserver or google nameserver (8.8.8.8/IP address); };
Forward Zone Configuration • Go to /etc/bind folder and edit named.conf.local file //Forward Zone; zone “asu.edu.et” IN { type master; file “/etc/bind/db.asu.edu.et”; };
Reverse Zone Configuration • Go to /etc/bind folder and edit named.conf.local file //Reverse Zone; zone “56.168.192.in-addr.arpa” IN { type master; file “/etc/bin/56.168.192”; //if your IP address is 192.168.56.x };
Cont’d Create db.asu.edu.et file inside /etc/bind ; BIND data for local loopback interface $TTL 1h @ IN SOA ns1.asu.edu.et. admin.asu.edu.et. ( 1 ; Serial 1h ; Refresh 15m ; Retry 1w ; Expire 1h ; Minimum TTL ) @ IN NS ns1.asu.edu.et. ns1 IN A 192.168.56.10 www IN A 192.168.56.10 ftp IN A 192.168.56.10
Cont’d Create db.56.168.192 file inside /etc/bind ; BIND reverse data for local loopback interface $TTL 1h @ IN SOA ns1.asu.edu.et. admin.asu.edu.et. ( 1 ; Serial 1h ; Refresh 15m ; Retry 1w ; Expire 1h ; Minimum TTL ) @ IN NS ns1.asu.edu.et. 10 IN PTR ns1.asu.edu.et 10 IN PTR www.asu.edu.et 10 IN PTTR ftp.asu.edu.et
Cont’d After all, restart bind9 by writing the following command: sudo service bind9 restart or sudo /etc/init.d/named restart Then nslookup www.asu.edu.et or ftp.asu.edu.et or ns1.asu.edu.et dig www.asu.edu.et or ftp.asu.edu.et or ns1.asu.edu.et nslookup 192.168.56.10 dig 192.168.56.10 reverse lookup
Reading Assignment Address Resolution Protocol (ARP) Network Address Translation (NAT) Basic Network commands in Linux (ping,dig,ifconfig,ip a, ip addr, ip link show, nslookup, netstat, and soon….) Packet sniffing tool (Wireshark and tcpdump)
Mail Server A mail server transfers and delivers email messages between two or more mail clients.
Components of Mail Server
Mail Transfer Agent (MTA) A mail Transfer Agent (MTA) is a software application that is responsible for the routing and delivery of email messages between mail servers.
…Cont’d Examples of MTA Sendmail Postfix Fetchmail Qmail exim
Configuring a Mail Transfer Agent (MTA) postfix 1. Install postfix : sudo apt install postfix 2. Configure Postfix main.cf: This file contains global configuration settings for Postfix master.cf: This file contains the service definitions for Postfix 3. Some of the important settings that need to be configured include the mail server hostname, the mail server domain name, and the mail server network settings. After configuration restart postfix sudo service postfix restart
Chapter Five Installation of Application Server and Management
What is Server and its function?  A server is a computer program or device that provides services to other programs or devices, called clients.  A server is designed to be more powerful and reliable than a typical desktop computer  A server functions by receiving requests from client devices, processing those requests, and sending back a response.
 Web server: A web server stores and delivers web pages, images, and other content to users who request it through a web browser.  Popular Web Servers  Apache  Nginx  Mail server: A mail server is responsible for sending and receiving email messages.  Popular Mail Servers  Postfix  Exim  Microsoft Exchange Types of server
 File server: A file server stores and manages files, allowing users to access them from various devices.  Popular File Servers  Window file server  Samba (for Linux)  Database server: manages databases and allows multiple users to access and modify data at the same time.  Popular Database Servers  MySQL  Oracle  Microsoft SQL server …Cont’d
 DNS server: resolves domain names into IP addresses, allowing computers to communicate with each other over the internet.  Popular DNS Servers  BIND  Microsoft DNS  Proxy server: acts as an intermediary between clients and servers,  Allowing clients to access resources on the internet without revealing their IP addresses.  It can also be used to improve performance by caching frequently accessed resources. …Cont’d
 Application server: Provides an environment in which applications can run.  It manages resources such as memory and CPU usage and provides services such as:  Security and  transaction management  Popular Application Servers  Apache Tomcat  JBoss. …Cont’d
Installation of Application Server and Management
general steps  Choose the application server software  Prepare the operating system  Install the application server software  Configure the application server  Deploy applications  Manage the application server
DHCP, DNS, and Telnet  DHCP, DNS, and Telnet are all network services that are commonly used in modern networks.  Here is a comparison of these services with other network operating system (NOS) setups of the corresponding services: Next Slide
DHCP  Windows Server: DHCP service is provided through the DHCP Server role in Windows Server.  It can be installed and configured using the DHCP console.  Linux: DHCP is provided by a variety of open source packages like ISC DHCP, dnsmasq, and dhcpd.
DNS  Windows Server: DNS service is provided through the DNS Server role in Windows Server. It can be installed and configured using the DNS console.  Linux: DNS is provided by a variety of open source packages like BIND, dnsmasq, and PowerDNS.
Telnet  Windows Server: Telnet service is provided through the Telnet Server role in Windows Server.  It can be installed and configured using the Telnet console.  Linux: Telnet is provided by the Telnet package, which can be installed and configured using a command-line interface.
…Cont’d ● In general, the setup of these services is similar across different NOS platforms. However, there may be differences in the specific configuration options available, the management interfaces used to configure the services, and the default settings for each service. ● Additionally, different NOS platforms may include additional features or functionality that are not available in other platforms, depending on the specific needs of the network.
SSH Client and Server Secure Shell - SSH There are a number of tools that can be used to remotely connect to hosts.  The secure shell or ssh is a collection of tools using a secure protocol for communications with remote Linux computers. The communication is between SSH Client and SSH Server.  Communication is encrypted. Before data exchange begins the communication channel will be encrypted
…cont’d Configuration file is found in /etc/ssh. • Public and Private Keys • Are used for encryption and authentication • Both Communication parties require Private and Public Keys for sending data and verification. To install ssh sudo apt-get install openssh-server openssh-client
…cont’d • Public and Private Keys
RSA and DSA Encryption Algorithms  RSA = Rivest–Shamir–Adleman one of the first encryption algorithms. The encryption key is public and is different from the decryption key which is private. Because of this the encryption is called asymmetric encryption  RSA is relatively slow and is not used to encrypt bulk data It is mostly used to exchange keys  SSH uses RSA encryption
SSH To logout type exit
SSH the user on cs has to accept the server’s RSA key (public key) • The key will be stored in ~/.ssh/known_hosts file • For subsequent logins, confirmation is not request
SSH You can login from windows to Linux Server using ssh
SCP – Secured Copy  SCP copies files from remote host to local host or vice versa. • It works behind ssh  Copy file (in this case /home/cs) from remote computer to local computer(to the directory /home/dnsuser/Desktop) scp username@serveraddress:/filepath destinationfolder
Setting up Passwordless SSH  Also known as public-key based authentication  Example = Giving access to an Ubuntu desktop on a server using public-keys  Step 1 – Generate Key Pair on Your computer using ssh-keygen command  ssh-keygen -t rsa • Default key length is 2048 bits. To be more secured, increase the bit length • ssh-keygen –t rsa -b 4096 increases the length to 4096 bits • When asked to choose filename, press Enter key to select the default file
Setting up Passwordless SSH  Type Passphrase, at least 20 characters long. • Press Enter if you don’t want to use pass phrase • The pass phrase is used to encrypt the private key • The two keys will be saved separately
Setting up Passwordless SSH
Setting up Passwordless SSH Step 2 – Upload Your Public Key to Remote Linux Server Send the files using the ssh-copy-id command for uploading id, it ask server password
Setting up Passwordless SSH Step 3 – try login without password
 FTP (File Transfer Protocol) is a network protocol used for transferring files between computers on a network.  Setting up a FTP server typically involves the following steps: o Choose an FTP server software  FileZilla Server  ProFTPD and  vsftpd.  Install the FTP server software: o Follow the installation instructions provided by the FTP server software vendor. FTP
 Configure the FTP server o After the installation is complete, configure the FTP server to meet your needs. o This may involve setting up user accounts, configuring security settings, and adjusting performance settings.  Create and manage FTP users o Set up FTP user accounts and permissions to control who can access the FTP server and what files they can access FTP
 Test the FTP server o Test the FTP server by connecting to it using a FTP client software like FileZilla or WinSCP. FTP To install VSFTP server sudo apt install vsftpd -y Star and enable the service sudo services vsftpd start Or sudo systemctl start vsftpd sudo services vsftpd enable Or sudo systemctl enable vsftpd
 If you have a firewall enabled FTP sudo ufw allow 20/tcp sudo ufw allow 21/tcp To check your firewall status sudo ufw status
Check status of FTP server
 To Connect with remote server …Cont’d ftp <Server Address> lcd /home/dnsuser cd /home/cs To change pwd to local machine To change pwd to remote machine
 To upload file from local machine to remote server …Cont’d
SAMBA: Linux and Windows File and Printer Sharing  SAMBA is an open-source software suite that allows Linux and Unix-based systems to communicate and share resources with Windows-based systems.  It provides file and print services that enable Linux and Unix-based systems to act as Windows file and printer servers.
…Cont’d Linux Windows Shared folder
…Cont’d To install Samba Server sudo apt install samba samba-common python3-dnspython sudo apt install samba OR For latest Linux distro sudo ufw allow 445/tcp sudo ufw allow 139/tcp Samba server uses 137-139 and 445 ports
Configure SAMBA To configure samba server go to /etc/samba and edit smb.conf  There are two types of file sharing in samba server.  Unsecure Anonymous and  Secure file sharing
Anonymous file Sharing Step 1. create shared samba directory. sudo mkdir –p /anonymous_shares Step 2. set file and folder permissions for newly created folder sudo chmod –R 775 / anonymous_shares Step 3. make the file and folder ownerless sudo chown –R nobody:nogroup / anonymous_shares
…Cont’d Go to /etc/samba file and edit smb.conf [Anonymous] comment = Anonymous file sharing path = / anonymous_shares browsable = yes writeable = yes guest ok = yes read only = no; force user = nobody;
Secure file Sharing Step 1. create shared samba directory. sudo mkdir –p /Secure_shares Step 2. adduser to smbgroup //assume we have user account named cs sudo smbpasswd –a cs //enter new network password and confirm Step 3. assign cs to own Secure_shares folder sudo chown –R cs /Secure_shares
…Cont’d Go to /etc/samba file and edit smb.conf [Secure-Shares] comment = Secure file sharing path = / Secure_shares browsable = yes writeable = yes guest ok = no read only = no;
Chapter SIX Managing Network Services
What does mean network service? o Network services refer to the various services and protocols that are used to enable  communication and data transfer between devices on a network. o Examples of network services include  email,  file sharing,  remote access,  domain name resolution, and  network printing. o These services are typically provided by servers on the network and can be accessed by clients using appropriate software or protocols.
key aspects of managing network services
 Network services such as  DHCP,  DNS,  FTP,  email servers, and others need to be properly configured with the appropriate settings and parameters.  This includes defining IP address ranges, domain names, access controls, security settings, and other configuration options specific to each service. Service Configuration
 It is essential to monitor network services to ensure their availability and optimal performance.  Monitoring involves  regularly checking the status of services  monitoring resource utilization  responding to any issues or failures promptly  Various monitoring tools and techniques can be employed, such as system logs, performance monitoring tools, and network monitoring systems. Service Monitoring
 Network services need to be secured to protect against:  unauthorized access,  data breaches,  and other security risks.  This involves implementing appropriate:  access controls,  encryption,  authentication mechanisms,  and firewalls. Security Management
 Network administrators need to be proficient in troubleshooting network service issues.  This includes  diagnosing and resolving connectivity problems,  service disruptions, performance issues,  and addressing any service-related errors or failures.  Regular maintenance tasks such as software updates, configuration backups, and periodic service restarts are also part of effective service management. Troubleshooting and Maintenance
 Managing network services requires anticipating future growth and ensuring that the infrastructure can handle increased demands.  Capacity planning involves  assessing current and future needs,  estimating resource requirements, and  scaling services accordingly. Capacity Planning  This includes monitoring network traffic patterns, analyzing resource utilization, and planning for hardware and software upgrades when necessary.
 Proper documentation of network services, including configurations, procedures, and troubleshooting guidelines, is essential for effective management. Documentation and Documentation Management
Maintenance Troubleshooting: Common System and Network Problems  Maintenance troubleshooting involves identifying and resolving common system and network problems.  common system and network problems  Connectivity Issues  Slow Performance  Application Errors  Hardware Failures  Security Breaches  DNS and IP Addressing Issues  Printing Issues and Wireless Network Problems
Developing General Strategies ● Planning and Requirements Gathering ● Scalability and Flexibility ● Security Considerations ● Modularity and Reusability ● Testing and Quality Assurance ● Documentation and Knowledge Management ● User Training and Support ● Regular Maintenance and Updates ● Monitoring and Performance Optimization ● Continuous Improvement
Resolve Boot Problems  Check Hardware Connections:  Ensure that all hardware components, such as hard drives, memory modules, and cables, are properly connected.  Verify Boot Device Priority:  Access the system BIOS or UEFI settings and confirm that the correct boot device is selected as the primary boot option.  For example, ensure that the hard drive containing the operating system is set as the first boot device.
…cont’d  Check Boot Order  If there are multiple operating systems or bootable devices, verify the boot order to ensure the system is attempting to boot from the correct device.  Adjust the boot order if necessary.  Repair Master Boot Record (MBR) or Bootloader:  Use recovery tools or installation media to repair the MBR or bootloader,  which are responsible for initiating the boot process.  This can help resolve issues caused by corrupted boot records.
…cont’d  Use Safe Mode or Recovery Mode:  Booting the system in Safe Mode or Recovery Mode can help identify and resolve boot problems by starting the system with minimal drivers and services.
Backup and Restore Data and System Volume:  Data Backup  Regularly back up important data to external storage devices, cloud storage, or network drives.  Use backup software or built-in backup utilities to create scheduled backups or perform manual backups.
…Cont’d  System Image Backup  Create a system image backup that captures the entire system volume, including the operating system, installed applications, and system settings.  This allows for a complete restoration of the system in case of data loss or system failure.
…Cont’d  File-Level Restore  For data recovery at the file level, use backup software or manual methods to selectively restore specific files or folders from the backup.  This is useful when only specific files are lost or corrupted.
…Cont’d  System Restore Point  If your operating system supports it, use the System Restore feature to restore the system to a previous state when it was functioning properly.  This can help resolve issues caused by recent system changes or updates.
…Cont’d  System Recovery or Reinstallation  In severe cases where the system volume is heavily damaged or corrupted, you may need to perform a system recovery or reinstall the operating system  Use installation media or recovery partitions to initiate the recovery process, following the instructions provided by the operating system.
Using Event Viewer  Using Event Viewer for Troubleshooting Connectivity  Event Viewer is a tool available in Windows operating systems that allows you to view and analyze system events.  including those related to connectivity issues
…Cont’d  Event Viewer to troubleshoot connectivity problems  Open Event Viewer
Troubleshooting Connectivity  Check Physical Connections  Ensure that network cables, Ethernet ports, or Wi-Fi adapters are properly connected and functioning.  Check Physical Connections  Restart your modem, router, and any other network devices to clear temporary glitches and re-establish connections.
…Cont’d  Verify IP Configuration  Check the IP configuration settings of your network adapter to ensure they are correct.  Use the command prompt and type "ipconfig" to view the IP address, subnet mask, gateway, and DNS settings.
…Cont’d ipconfig /release //to release ip address ipconfig /renew //to get new ip address
…Cont’d  Ping and Trace Route  Use the ping command to check connectivity to specific IP addresses or domain names.  Trace route can help identify network hops and pinpoint where the connectivity issue may be occurring. tracert www.asu.edu.et
Chapter Seven Systems Security
Overview of Systems Security  Systems security refers to the protection of computer systems and networks from  unauthorized access or use,  disclosure  disruption,  modification, or destruction
Critical Components of systems security  Access Control  Network Security  Operating System Security  Data Protection  Incident Response  Security Auditing and Monitoring  Security Policies and Procedures
Overview of Application Security  Application security focuses on protecting software applications from vulnerabilities and attacks throughout their lifecycle.  It involves implementing security controls and best practices to identify, prevent, and mitigate security risks.
key aspects of Application security  Secure Coding Practices  Authentication and Authorization  Input Validation  Session Management  Secure Configuration  Encryption and Data Protection  Security Testing  Secure Software Development Lifecycle (SDLC)  Regular Updates and Patching  Security Awareness and Training
Login Security  Login security refers to the measures and practices implemented to ensure the integrity and confidentiality of user login credentials and the authentication process.  It aims to protect user accounts from unauthorized access and mitigate the risks associated with compromised or weak login credentials.
key aspects of login security  Strong Password Policies  Multi-Factor Authentication (MFA)  Account Lockouts and Brute Force Protection  Secure Login Forms: Use secure protocols like HTTPS to encrypt login credentials during transit  Password Storage and Hashing: Avoid storing passwords in plaintext or using weak encryption methods.  Account Recovery and Password Reset  User Account Management: regular review and removal of inactive or unused accounts
Boot Loader security (LILO and GRUB)  Boot Loader Security refers to the measures taken to protect the boot loader, which is the software responsible for loading the operating system during the boot process.  Two popular boot loaders in the Linux ecosystem are  LILO (Linux Loader) and  GRUB (GRand Unified Bootloader).
Some aspects of boot loader security for LILO and GRUB  Protecting Boot Loader Configuration Files  Boot loaders like LILO and GRUB have configuration files (e.g., /etc/lilo.conf for LILO and /boot/grub/grub.cfg for GRUB) that contain important settings and options.  Ensure that these files are not accessible by unauthorized users, as they can modify boot settings and potentially compromise the system.  Set appropriate file permissions to restrict access.
…cont’d  Password Protection  Both LILO and GRUB support password protection to prevent unauthorized modifications to boot settings or unauthorized access to certain boot options.  By setting a password, you can restrict access to the boot loader configuration and prevent unauthorized changes.
…cont’d  Secure Boot  GRUB supports Secure Boot, which is a feature that verifies the digital signatures of boot components to ensure their integrity and protect against boot-level attacks or unauthorized modifications.  Secure Boot uses cryptographic keys to verify the authenticity of boot components before loading them
…cont’d  Boot Loader Backup  It is important to regularly back up the boot loader configuration and related files to ensure you can restore them in case of accidental modifications, system failures, or security breaches.  This allows you to recover the boot loader configuration and maintain the integrity of the boot process.
…cont’d  System Updates  Keep your boot loader software up to date with the latest security patches and updates.  This helps to address any vulnerabilities or weaknesses that may be discovered in the boot loader software over time.  Regularly check for updates from the official sources and follow best practices for applying updates.
…cont’d  Physical Security  Protect the physical hardware that runs the boot loader and the system itself.  Restrict physical access to the system to authorized personnel only.  Unauthorized physical access could allow an attacker to modify the boot loader or boot process, compromising the system's security.
…cont’d  Monitoring and Auditing  Implement logging and monitoring mechanisms to capture and analyze boot loader activities and events.  This includes monitoring changes to boot loader configuration files, tracking boot-related errors, and reviewing log files for any suspicious activities.
TCP Wrappers Configuration  TCP Wrappers is a host-based access control system that allows you to control access to network services based on various criteria such as o IP addresses, o domain names, and o client requests.  It provides an additional layer of security by filtering incoming network connections and allowing or denying access based on defined rules.
…Cont’d  To install TCP Wrappers sudo yum install tcp_wrappers  /etc/hosts.allow and  /etc/hosts.deny  Once the installation is complete, configure sudo dnf install tcp_wrappers OR
…Cont’d  /etc/hosts.allow file contains the list of allowed or non-allowed hosts or networks.  It means that we can both allow or deny connections to network services by defining access rules in this file  /etc/hosts.deny file contains the list of hosts or networks that are not allowed to access your Linux server.
…Cont’d  The typical syntax to define an access rule is: daemon_list : client_list : option : option ... Where,  daemon_list - The name of a network service such as SSH, FTP, http etc.  clients_list - The comma separated list of valid hostnames, IP addresses or network addresses.  options - An optional action that specifies something to be done whenever a rule is matched.
…Cont’d  Rules to Remember  The access rules in the /etc/hosts.allow file are applied first. They takes precedence over rules in /etc/hosts.deny file  Therefore, if access to a service is allowed in /etc/hosts.allow file, and a rule denying access to that same service in /etc/hosts.deny is ignored.
Restrict Access To Linux Servers Using TCP Wrappers  The recommended approach to secure a Linux server is to block all incoming connections, and allow only a few specific hosts or networks. To do so, edit /etc/hosts.deny Add the following line. This line refuses connections to ALL services and ALL networks. ALL: ALL
Allow and Deny hosts add the following line in /etc/hosts.allow file sshd: 192.168.43.192 #Allow a single host for SSH service sshd: 192.168.43.0/255.255.255.0 #Allow a /24 prefix for SSH vsftpd: 192.168.43.192 #Allow a single host for FTP vsftpd: 192.168.43.0/255.255.255.0 #Allow a /24 prefix for FTP vsftpd: asu.cs.et #Allow a single host for FTP
Iptables Firewalling Introduction to Linux • Iptables is a powerful firewall utility for Linux systems that allows you to set up and manage network packet filtering rules. • Understanding Firewall Basics  Packet filtering  Network ports  Protocols (TCP, UDP), and  IP addresses. • Ensure that your Linux kernel has built-in support for iptables.
common scenarios in which iptables to Configure Firewall Introduction to Linux  Allow Incoming SSH Connections iptables -A INPUT -p tcp --dport 22 -s 192.168.1.0/24 -j ACCEPT  Block Incoming HTTP Requests iptables -A INPUT -p tcp --dport 80 -j DROP  Allow Outgoing DNS Queries iptables -A OUTPUT -p udp --dport 53 -j ACCEPT Read and exercise for detail iptables firewalling
Packet Filtering Introduction to Linux • Packet filtering is a fundamental technique used in network security to selectively allow or block network traffic based on predefined criteria. • It involves inspecting individual packets as they pass through a network device, such as a firewall or router, and making decisions about whether to permit or deny them.
Cont’d Introduction to Linux  key concepts related to packet filtering  Access Control Lists (ACLs)  Source and Destination IP Address Filtering  Port-Based Filtering  Protocol Filtering  Stateful Packet Filtering  Implicit Deny Rule: default rule  Logging: capability to log denied packets or specific events for monitoring, analysis, and troubleshooting purposes.
Port Forwarding Introduction to Linux  Port forwarding (also known as port redirection) and Network Address Translation (NAT) with IP masquerading are techniques used to enable communication between devices on a private network and external networks, such as the internet.  These techniques are commonly employed in network setups where multiple devices share a single public IP address.
Cont’d Introduction to Linux  Port Forwarding/Redirection: Port forwarding allows inbound network traffic to reach a specific device or service within a private network by redirecting traffic from a specific port on the public IP address to a designated internal IP address and port.  It is typically used to enable external access to services running on devices within the private network.
how port forwarding works? Introduction to Linux 1. A request comes in from an external network to the public IP address and a specific port 2. The router or firewall receives the request and checks its port forwarding configuration. 3. Based on the configured rules, the router/firewall forwards the incoming traffic to the designated internal IP address and port.
Example Introduction to Linux
NAT/IP Masquerading: Introduction to Linux  Network Address Translation (NAT) is a technique that allows multiple devices within a private network to share a single public IP address when connecting to external networks.  IP masquerading is a specific form of NAT that dynamically translates the private IP addresses of devices to the public IP address when they access the internet.
how NAT/IP Masquerading works? Introduction to Linux 1. Devices within the private network send outgoing requests to access resources on the internet. 2. The router or firewall performing NAT replaces the source IP addresses of the outgoing packets with its own public IP address. 3. Responses from external servers are sent back to the router/firewall's public IP address. 4. The router/firewall performs reverse translation, replacing its public IP address with the original private IP address, and forwards the response packet to the appropriate internal device.
Packet-Processing Model Introduction to Linux  The packet-processing model refers to the sequence of steps that a network device, such as a router or firewall, follows when processing an incoming or outgoing network packet.  The model outlines the stages involved in handling a packet from the moment it enters the device to the point where it is forwarded or discarded.  While the exact implementation may vary across different network devices
General packet-processingmodel Introduction to Linux 1. Packet Reception: The network device receives the incoming packet on one of its interfaces 2. Packet Decapsulation: If the received packet is encapsulated within a data link layer protocol, such as Ethernet, the device decapsulates the packet to extract the network layer protocol packet, such as IP or IPv6. 3. Packet Classification: The device examines the packet's headers to determine its destination and purpose.
…Cont’d Introduction to Linux 4. Security Checks: The packet is evaluated for any security-related policies, such as firewall rules, access control lists (ACLs), or intrusion detection/prevention systems. 5. Quality of Service (QoS) Handling: If the device supports QoS, it may apply QoS policies to prioritize or shape the traffic based on predefined rules.. 6. Network Address Translation (NAT): If the packet requires Network Address Translation, such as in the case of private-to-public IP translation, the device performs the necessary modifications to the packet's source or destination IP addresses.
…Cont’d Introduction to Linux 7. Routing: The device looks up the packet's destination IP address in its routing table to determine the next-hop interface or the appropriate routing path. 8. Forwarding Decision: Based on the routing lookup, the device makes a forwarding decision, determining the outgoing interface or the appropriate forwarding path for the packet. 9. Packet Forwarding: The device forwards the packet out through the determined interface or path towards its destination. 10. Packet Egress: The packet is transmitted out of the device's interface onto the network medium for delivery to the next hop or the final destination.
…Cont’d Introduction to Linux
Intrusion Detection Introduction to Linux  Intrusion Detection is a security mechanism designed to detect and respond to unauthorized or malicious activities on a computer system or network.  It involves monitoring network traffic, system logs, and other data sources to identify potential security breaches or abnormal behavior.
Different Types Intrusion  Unauthorized Access o This occurs when an attacker gains unauthorized access to a system or network without proper authentication or permissions.  Denial of Service (DoS) o In a DoS attack, the attacker overwhelms a system, network, or service with a flood of traffic or resource requests, making it inaccessible to legitimate users.  Distributed Denial of Service (DDoS) o Similar to DoS, DDoS attacks involve multiple systems or devices working together to overwhelm a target with an enormous amount of traffic.  The attacker controls a botnet (a network of compromised devices) to launch the attack. Introduction to Linux
…Cont’d  Malware Attacks o Malware refers to malicious software designed to gain unauthorized access, disrupt system operations, or steal sensitive information.  Common types of malware include viruses, worms, Trojans, ransomware, spyware, and adware.  Malware can be distributed through email attachments, malicious websites, infected software, or removable media. Introduction to Linux
…Cont’d  Phishing and Social Engineering  Phishing involves tricking individuals into revealing sensitive information, such as login credentials or financial details, by impersonating a trusted entity through fraudulent emails, websites, or messages.  Insider Threats  Insider threats involve individuals within an organization misusing their authorized access to compromise systems, steal data, or cause harm. Introduction to Linux
Types of Intrusion Detection(IDS)  Network-based Intrusion Detection System (NIDS) o NIDS monitors network traffic, analyzes network packets, and looks for patterns or signatures associated with known attacks or suspicious activities.  Host-based Intrusion Detection System (HIDS) o HIDS monitors the activities and events occurring on individual host systems. Introduction to Linux Reading Assignment: Linux Intrusion Detection System (LIDS)
Chapter Eight Analytical system administration
Overview of Analytical system administration  Analytical system administration explores the use of data analysis and analytical techniques to improve ○system administration processes ○identify performance issues and ○ make informed decisions in managing computer systems and networks.
System Observation  System observation refers to the practice of monitoring and observing computer systems and networks to gather information about their  performance,  behavior, and  usage patterns.
…Cont’d  System observation can be performed using a variety of techniques and tools, including:  Monitoring Tools  System Logs  Network Monitoring  User Activity Monitoring  Performance Testing
…Cont’d  System observation serves several purposes, including  Identifying performance issues and bottlenecks to optimize system performance.  Detecting and mitigating security incidents or abnormal system behavior.  Planning for system capacity and scalability.  Assessing the impact of software or configuration changes on system behavior.  Understanding user behavior and usage patterns to improve user experience.
Evaluation methods and problems  Evaluation methods are used to assess the performance, effectiveness, and quality of systems, processes, or solutions.  They provide valuable insights and feedback that can guide decision-making, improvements, and future planning.
Common Evaluation Methods ╠ Surveys and Questionnaires  Interviews  Observations  Focus Groups  Case Studies  Usability Testing  Performance Metrics and Key Performance Indicators (KPIs)  Expert Review  Comparative Analysis and Benchmarking ╠ Cost-Benefit Analysis
Faults  Faults in the context of system administration refer to unexpected or abnormal conditions that occur within a computer system or network, resulting in system failures, errors, or malfunctions.  Faults can arise from various sources, including  hardware failures,  software bugs,  configuration errors,  network issues,  human error.
Common Type of Faults  Hardware Faults  Software Faults  Configuration Faults  Network Faults  Power Faults  Human Errors
Deterministic and stochastic Behaviors  Deterministic Behavior  refers to a system or process that produces the same output or result for a given set of inputs or conditions.  In other words, the outcome is completely predictable and follows a specific cause-and-effect relationship.  In a deterministic system, there is no randomness or uncertainty involved, and the same inputs always yield the same outputs.
…Cont’d  Examples of deterministic behavior:  Mathematical equations  Programming algorithms  Digital circuits
…Cont’d  Stochastic Behavior  refers to a system or process that exhibits randomness or uncertainty in its outcomes.  Unlike deterministic behavior, the same inputs or conditions may result in different outputs.  Stochastic systems involve probabilistic elements and are influenced by random factors, making it impossible to precisely predict the exact outcome.
…Cont’d  Examples of Stochastic behavior:  Random number generation  Weather forecasting  Stock market fluctuations In many real-world systems, both deterministic and stochastic elements may be present. Understanding and analyzing the interplay between deterministic and stochastic behavior is essential in many fields, including physics, engineering, computer science, and finance, to make accurate predictions, optimize processes, and manage risks.
Thanks!

Recommended

Linux introduction (eng)
Linux introduction (eng)Linux introduction (eng)
Linux introduction (eng)Anatoliy Okhotnikov
 
LinuxTraining_26_Sept_2021.ppt
LinuxTraining_26_Sept_2021.pptLinuxTraining_26_Sept_2021.ppt
LinuxTraining_26_Sept_2021.pptmuraridesai2
 
Unix Tutorial & overview
Unix Tutorial & overviewUnix Tutorial & overview
Unix Tutorial & overviewQA TrainingHub
 
Introduction to Unix
Introduction to UnixIntroduction to Unix
Introduction to UnixNishant Munjal
 
How to Audit Linux - Gene Kartavtsev, ISACA MN
How to Audit Linux - Gene Kartavtsev, ISACA MNHow to Audit Linux - Gene Kartavtsev, ISACA MN
How to Audit Linux - Gene Kartavtsev, ISACA MNGene Kartavtsev
 
Introduction, Features, Basic Commands and Distribution of LINUX
Introduction, Features, Basic Commands and Distribution of LINUXIntroduction, Features, Basic Commands and Distribution of LINUX
Introduction, Features, Basic Commands and Distribution of LINUXDeeksha Verma
 
Introduction to linux
Introduction to linuxIntroduction to linux
Introduction to linuxnanocdac
 
Linux: Everyting-as-a-service
Linux: Everyting-as-a-serviceLinux: Everyting-as-a-service
Linux: Everyting-as-a-serviceRohit Sansiya
 

Recommended

Linux introduction (eng)
Linux introduction (eng)Linux introduction (eng)
Linux introduction (eng)Anatoliy Okhotnikov
 
LinuxTraining_26_Sept_2021.ppt
LinuxTraining_26_Sept_2021.pptLinuxTraining_26_Sept_2021.ppt
LinuxTraining_26_Sept_2021.pptmuraridesai2
 
Unix Tutorial & overview
Unix Tutorial & overviewUnix Tutorial & overview
Unix Tutorial & overviewQA TrainingHub
 
Introduction to Unix
Introduction to UnixIntroduction to Unix
Introduction to UnixNishant Munjal
 
How to Audit Linux - Gene Kartavtsev, ISACA MN
How to Audit Linux - Gene Kartavtsev, ISACA MNHow to Audit Linux - Gene Kartavtsev, ISACA MN
How to Audit Linux - Gene Kartavtsev, ISACA MNGene Kartavtsev
 
Introduction, Features, Basic Commands and Distribution of LINUX
Introduction, Features, Basic Commands and Distribution of LINUXIntroduction, Features, Basic Commands and Distribution of LINUX
Introduction, Features, Basic Commands and Distribution of LINUXDeeksha Verma
 
Introduction to linux
Introduction to linuxIntroduction to linux
Introduction to linuxnanocdac
 
Linux: Everyting-as-a-service
Linux: Everyting-as-a-serviceLinux: Everyting-as-a-service
Linux: Everyting-as-a-serviceRohit Sansiya
 
Introduction to Linux
Introduction to LinuxIntroduction to Linux
Introduction to LinuxPRIYATHAMDARISI
 
Linux
LinuxLinux
LinuxNikhil Dhiman
 
Edubooktraining
EdubooktrainingEdubooktraining
Edubooktrainingnorhloudspeaker
 
Linux administration training
Linux administration trainingLinux administration training
Linux administration trainingiman darabi
 
Operating System
Operating SystemOperating System
Operating SystemBini Menon
 
Linuxtraining 130710022121-phpapp01
Linuxtraining 130710022121-phpapp01Linuxtraining 130710022121-phpapp01
Linuxtraining 130710022121-phpapp01Chander Pandey
 
Spsl unit1
Spsl unit1Spsl unit1
Spsl unit1Sasidhar Kothuru
 
Linux administration classes in mumbai
Linux administration classes in mumbaiLinux administration classes in mumbai
Linux administration classes in mumbaiVibrant Technologies & Computers
 
Os concepts
Os conceptsOs concepts
Os conceptsJohn Carlo Catacutan
 
84640411 study-of-unix-os
84640411 study-of-unix-os84640411 study-of-unix-os
84640411 study-of-unix-oshomeworkping3
 
KMSUnix and Linux.pptx
KMSUnix and Linux.pptxKMSUnix and Linux.pptx
KMSUnix and Linux.pptxGanesh Bhosale
 
linux system and network administrations
linux system and network administrationslinux system and network administrations
linux system and network administrationshaile468688
 
Linux Presentation_SSD.pdf
Linux Presentation_SSD.pdfLinux Presentation_SSD.pdf
Linux Presentation_SSD.pdfssuser37b0e0
 
Unix Operating System
Unix Operating SystemUnix Operating System
Unix Operating Systemsubhsikha
 
12-introductiontolinuxos-190907073928
12-introductiontolinuxos-19090707392812-introductiontolinuxos-190907073928
12-introductiontolinuxos-190907073928SahilNegi60
 
UNIT II-Programming in Linux
UNIT II-Programming in LinuxUNIT II-Programming in Linux
UNIT II-Programming in LinuxDr.YNM
 
12 introduction to Linux OS
12 introduction to Linux OS12 introduction to Linux OS
12 introduction to Linux OSHameda Hurmat
 
Online Training in Unix Linux Shell Scripting in Hyderabad
Online Training in Unix Linux Shell Scripting in HyderabadOnline Training in Unix Linux Shell Scripting in Hyderabad
Online Training in Unix Linux Shell Scripting in HyderabadRavikumar Nandigam
 
Unix Administration 1
Unix Administration 1Unix Administration 1
Unix Administration 1Information Technology
 
linux-lecture1.ppt
linux-lecture1.pptlinux-lecture1.ppt
linux-lecture1.pptjeronimored
 
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024BookNet Canada
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 

More Related Content

Similar to Network and System Administration Power Point

Linux administration training
Linux administration trainingLinux administration training
Linux administration trainingiman darabi
 
Operating System
Operating SystemOperating System
Operating SystemBini Menon
 
Linuxtraining 130710022121-phpapp01
Linuxtraining 130710022121-phpapp01Linuxtraining 130710022121-phpapp01
Linuxtraining 130710022121-phpapp01Chander Pandey
 
84640411 study-of-unix-os
84640411 study-of-unix-os84640411 study-of-unix-os
84640411 study-of-unix-oshomeworkping3
 
KMSUnix and Linux.pptx
KMSUnix and Linux.pptxKMSUnix and Linux.pptx
KMSUnix and Linux.pptxGanesh Bhosale
 
linux system and network administrations
linux system and network administrationslinux system and network administrations
linux system and network administrationshaile468688
 
Linux Presentation_SSD.pdf
Linux Presentation_SSD.pdfLinux Presentation_SSD.pdf
Linux Presentation_SSD.pdfssuser37b0e0
 
Unix Operating System
Unix Operating SystemUnix Operating System
Unix Operating Systemsubhsikha
 
12-introductiontolinuxos-190907073928
12-introductiontolinuxos-19090707392812-introductiontolinuxos-190907073928
12-introductiontolinuxos-190907073928SahilNegi60
 
UNIT II-Programming in Linux
UNIT II-Programming in LinuxUNIT II-Programming in Linux
UNIT II-Programming in LinuxDr.YNM
 
12 introduction to Linux OS
12 introduction to Linux OS12 introduction to Linux OS
12 introduction to Linux OSHameda Hurmat
 
Online Training in Unix Linux Shell Scripting in Hyderabad
Online Training in Unix Linux Shell Scripting in HyderabadOnline Training in Unix Linux Shell Scripting in Hyderabad
Online Training in Unix Linux Shell Scripting in HyderabadRavikumar Nandigam
 
linux-lecture1.ppt
linux-lecture1.pptlinux-lecture1.ppt
linux-lecture1.pptjeronimored
 

Similar to Network and System Administration Power Point (20)

Introduction to Linux
Introduction to LinuxIntroduction to Linux
Introduction to Linux
 
Linux
LinuxLinux
Linux
 
Edubooktraining
EdubooktrainingEdubooktraining
Edubooktraining
 
Linux administration training
Linux administration trainingLinux administration training
Linux administration training
 
Operating System
Operating SystemOperating System
Operating System
 
Linuxtraining 130710022121-phpapp01
Linuxtraining 130710022121-phpapp01Linuxtraining 130710022121-phpapp01
Linuxtraining 130710022121-phpapp01
 
Spsl unit1
Spsl unit1Spsl unit1
Spsl unit1
 
Linux administration classes in mumbai
Linux administration classes in mumbaiLinux administration classes in mumbai
Linux administration classes in mumbai
 
Os concepts
Os conceptsOs concepts
Os concepts
 
84640411 study-of-unix-os
84640411 study-of-unix-os84640411 study-of-unix-os
84640411 study-of-unix-os
 
KMSUnix and Linux.pptx
KMSUnix and Linux.pptxKMSUnix and Linux.pptx
KMSUnix and Linux.pptx
 
linux system and network administrations
linux system and network administrationslinux system and network administrations
linux system and network administrations
 
Linux Presentation_SSD.pdf
Linux Presentation_SSD.pdfLinux Presentation_SSD.pdf
Linux Presentation_SSD.pdf
 
Unix Operating System
Unix Operating SystemUnix Operating System
Unix Operating System
 
12-introductiontolinuxos-190907073928
12-introductiontolinuxos-19090707392812-introductiontolinuxos-190907073928
12-introductiontolinuxos-190907073928
 
UNIT II-Programming in Linux
UNIT II-Programming in LinuxUNIT II-Programming in Linux
UNIT II-Programming in Linux
 
12 introduction to Linux OS
12 introduction to Linux OS12 introduction to Linux OS
12 introduction to Linux OS
 
Online Training in Unix Linux Shell Scripting in Hyderabad
Online Training in Unix Linux Shell Scripting in HyderabadOnline Training in Unix Linux Shell Scripting in Hyderabad
Online Training in Unix Linux Shell Scripting in Hyderabad
 
Unix Administration 1
Unix Administration 1Unix Administration 1
Unix Administration 1
 
linux-lecture1.ppt
linux-lecture1.pptlinux-lecture1.ppt
linux-lecture1.ppt
 

Recently uploaded

Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024BookNet Canada
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhisoniya singh
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksSoftradix Technologies
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 

Recently uploaded (20)

Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
The transition to renewables in India.pdf
The transition to renewables in India.pdfThe transition to renewables in India.pdf
The transition to renewables in India.pdf
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other Frameworks
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 

Network and System Administration Power Point

  • 1. Network and System Administration B.Sc. in Computer Science Preparedby kehussen12@gmail.com ASSOSA UNIVERSITY COLLEGE OF COMPUTING & INFORMATICS
  • 2. Chapter One Introduction to System and Network Administration
  • 3. What is a System Administrator? Someone who takes care of the systems others are using. System Running smoothly and efficiently Users able to work in Easy and Efficient Manner
  • 4. Sysadmin .sig file “My job is like an airplane pilot's -- When I'm doing it well, you might not even notice me, but my mistakes are often quite spectacular.” Source: Unknown
  • 5. System Administration Tasks ❏ User Management ❏ Hardware Management ❏ Software Management ❏ System Monitoring & Troubleshooting ❏ Documentation & Help Desk ❏ Backups ❏ Automation, Planning, Policies, and Auditing ❏ Firefighting!!!
  • 6. The Good… ❏Lots of variety ❏Challenging ❏Fulfilling ❏Pays well ❏Very employable
  • 7. The Bad… ❏Annoying at times ❏Users ❏Management ❏Vendor Tech Support ❏Long hours ❏May not be your only job
  • 8. Code of Ethics ❏Professionalism ❏Personal Integrity ❏Privacy ❏Laws and Policies ❏Communication ❏System Integrity ❏Education ❏Responsibility to Computing Community ❏Social Responsibility ❏Ethical Responsibility
  • 10. UNIX Introduction to Linux • Unix is a multi-user, multi-tasking operating system. • You can have many users logged into a system simultaneously, each running many programs. • It's the kernel's job to keep each process and user separate and to regulate access to system hardware, including cpu, memory, disk and other I/O devices.
  • 11. History of UNIX Introduction to Linux • First Version was created in Bell Labs in 1969. • Some of the Bell Labs programmers who had worked on this project, Ken Thompson, Dennis Ritchie, Rudd Canaday, and Doug McIlroy designed and implemented the first version of the Unix File System on a PDP-7 along with a few utilities. It was given the name UNIX by Brian Kernighan. • 00:00:00 Hours, Jan 1, 1970 is time zero for UNIX. It is also called as epoch.
  • 12. …Cont’d Introduction to Linux • 1973 Unix is re-written mostly in C, a new language developed by Dennis Ritchie. • Being written in this high-level language greatly decreased the effort needed to port it to new machines.
  • 13. …Cont’d Introduction to Linux • 1977 There were about 500 Unix sites world-wide. • 1980 BSD 4.1 (Berkeley Software Development) • 1983 SunOS, BSD 4.2, System V • 1988 AT & T and Sun Microsystems jointly develop System V Release 4 (SVR4). This later developed into UnixWare and Solaris 2. • 1991 Linux was originated.
  • 14. What is LINUX Introduction to Linux • Linux is a free Unix-type operating system originally created by Linus Torvalds with the assistance of developers around the world. • It originated in 1991 as a personal project of Linus Torvalds, a Finnish graduate student. • The Kernel version 1.0 was released in 1994 and today the most recent stable version is 2.6.9 • Developed under the GNU General Public License , the source code for Linux is freely available to everyone.
  • 15. LINUX Distributions Introduction to Linux • Mandrake: http://www.mandrakesoft.com/ • RedHat: http://www.redhat.com/ • Fedora: http://fedora.redhat.com/ • SuSE/Novell: http://www.suse.com/ • Debian: http://www.debian.org/
  • 18. Unix-like Systems vs Windows Systems ❏ They are two different types of operating systems used in computers. ❏ Unix-like systems, such as Linux and macOS, are based on the Unix operating system. ❏ They are known for their stability, security, and open-source nature. ❏ Unix-like systems use a command-line interface, which can be more difficult to learn for beginners, but allows for more advanced control and automation of tasks.
  • 19. …Cont’d ❏ On the other hand, Windows systems are developed by Microsoft and are known for their user-friendly interface and compatibility with a wide range of software. ❏ Windows systems are more widely used in personal computers, and are often the go-to choice for businesses that use Microsoft Office applications and other Windows-specific software. ❏ There are also differences in the way these operating systems handle file systems, networking, and security. Unix-like systems often use a hierarchical file system, while Windows systems use a drive-letter system.
  • 20. …cont’d ❏ Ultimately, the choice between Unix-like systems and Windows systems depends on the needs of the user. ❏ Unix-like systems are favored by programmers, developers, and researchers who need a stable and secure system that is easily customizable. ❏ Windows systems are favored by general users and businesses that require compatibility with Microsoft Office applications and other Windows-specific software.
  • 21. Linux Distributions and UIs In addition to these distributions, there are many other options available, each with its own unique features and focus. The UIs available on Linux include GNOME, KDE, Xfce, LXDE, and others.
  • 22. Linux Operations Review ➔ File system navigation: move from one directory to another directory (cd) ➔ File management: creating, copying, moving, and deleting files. ➔ Package management: install, update, and remove software packages ➔ Process management: managing processes, such as "ps" to list running processes, "kill" to terminate a process ➔ User management:creation and management of user accounts ➔ Networking:Linux offers a range of networking commands for configuring network settings, such as "ifconfig" to display network interface information
  • 23. File system Hierarchy and Standard The File system Hierarchy Standard (FHS) is a standard that defines the structure of the file system on Linux and other Unix-like operating systems. ★ Here is a brief overview of the file system hierarchy and standard in Linux: 1. / (root): The root directory of the file system, which contains all other directories and files. 2. /bin: Contains executable files that are necessary for the system to function, such as basic system utilities like "ls", "cd", and "cp". 3. /etc: Contains system configuration files, such as configuration files for networking, users, and system services. 4. /home: Contains user home directories, which are used to store user-specific files and configuration settings. 5. /dev: Contains device files, which are used to represent hardware devices in the system. 6. /proc: Contains virtual files that provide information about system resources, such as memory usage and CPU usage.
  • 24. Single-rooted hierarchy ● A single-rooted hierarchy is a type of file system hierarchy in which all directories and files are arranged in a tree-like structure with a single root directory. ● This means that all files and directories can be accessed relative to the root directory ● Unix/Linux file systems are a good example of a single-rooted hierarchy.
  • 25. Seamless file systems ● file systems that integrate multiple physical or virtual storage devices into a single logical file system. ● This allows users to access data stored on different devices as if they were stored in a single location, without needing to know the details of the underlying storage architecture. ● Some examples of seamless file systems include Distributed File System (DFS) and GlusterFS.
  • 26. Extensible file system ● A file system that can be extended or modified without requiring significant changes to the underlying file system architecture. ● This allows the file system to adapt to changing storage requirements and accommodate new features or technologies. ● One example of an extensible file system is the Extended File System (ext) used by many Linux distributions.
  • 27. Some examples of file system standards ● File Allocation Table (FAT): A file system standard used by many older versions of Windows and DOS. ● New Technology File System (NTFS): A file system standard used by modern versions of Windows. ● Extended File System (ext): A file system standard used by many Linux distributions. ● Universal Disk Format (UDF): A file system standard used for optical media such as DVDs and Blu-ray discs. ● Hierarchical File System (HFS): A file system standard used by macOS. ● Apple File System (APFS): A file system standard used by modern versions of macOS and iOS.
  • 28. …Cont’d ● Network File System (NFS): A file system standard used for sharing files between computers on a network. ● Common Internet File System (CIFS): A file system standard used for sharing files between computers on a network, primarily in Windows environments.
  • 29. Essential Shell Commands ❏ Here are some essential shell commands that are commonly used: ❏ cd: Change directory. Used to navigate the file system by changing the current working directory. ❏ ls: List files. Used to display the contents of a directory, including files and subdirectories. ❏ mkdir: Make directory. Used to create a new directory. ❏ rmdir: Remove directory. Used to delete an empty directory. ❏ rm: Remove. Used to delete a file or directory (with the "-r" option).
  • 30. ...Cont’d ❏ cp: Copy. Used to copy files or directories. ❏ mv: Move. Used to move files or directories. ❏ cat: Concatenate. Used to display the contents of a file ❏ echo: Used to display a message on the screen or to redirect output to a file.
  • 31. …Cont’d ❏ pwd: Print working directory. Used to display the current working directory. ❏ ps: Process status. Used to display information about running processes. ❏ top: Used to display real-time information about system processes. ❏ sudo: Superuser do. Used to execute commands with administrative privileges. ❏ ssh: Secure shell, used to connect to remote system over a secure network connection ❏ tar: Tape archive. Used to create and extract compressed archive files.
  • 32. Advanced Shell Features Shell scripting is a powerful tool for automating tasks on Linux and other Unix- like systems. Here are some advanced shell features that can help users create more powerful and efficient shell scripts: ★ Variables: Variables are used to store values that can be used later in a script. Variables can be set using the "=" operator, such as "name=John". To use the value of a variable, it can be referenced by using "$" followed by the variable name, such as "$name".
  • 33. …cont’d ● Input/output redirection: Input/output redirection allows users to redirect the input or output of a command to a file or another command. The ">" operator is used to redirect the output of a command to a file, while the "<" operator is used to redirect the input of a command from a file. For example: "ls > file.txt". ● These are just a few of the many advanced shell features that are available on Linux and other Unix-like systems. By mastering these features, users can create powerful and efficient shell scripts to automate tasks and improve their workflow.
  • 34. Chapter Two Account and Security Administration
  • 35. User and Group In Linux and other Unix-like systems, users and groups are used to manage access to system resources such as files and directories. ❏ Users: A user is a person who accesses the system and performs tasks. ➢ Each user is identified by a unique username and has their own home directory, which is used to store their personal files and configurations. ❏ Groups: A group is a collection of users who share common permissions and access to system resources. ➢ Each group is identified by a unique group name and has a group ID (GID).
  • 36. User Private Group Scheme ❏ The User Private Group (UPG) scheme is a security model used in Linux and other Unix-like systems to provide each user with their own private group. ❏ Under this scheme, when a new user is created, a new group is also created with the same name as the user and the user is added to that group. ❏ This ensures that each user has their own private group and that their files and directories are not accessible by other users by default.
  • 37. User and Group Administration ❏ In Linux and other Unix-like systems, user administration and group administration are important tasks that system administrators perform to manage users and groups. A. User administration: involves creating, modifying, and deleting user accounts. B. Group Administration: Group administration involves creating, modifying, and deleting groups.
  • 38. Linux Commands adduser: create new user account. eg. sudo adduser cs. After this command we will fill like password, full name and so on.. Optional sudo : to use admin privilege/root cs: username 1002: user & group ID (UID)
  • 39. passwd: to change password. Sudo passwd cs Addgroup: to create new group on the system userdel/deluser: Delete user account Usermod: Modify user account eg . change username, adduser to another group etc.. Eg. to delete user account cs Eg to change username cs to jack sudo deluser cs sudo usermod -l jack cs
  • 40. gpasswd: to change group account password, to remove group account passwd and many other function by adding --options. Add user cs to group sysadmin
  • 41. To remove sysadmin Password groupmod : used to modify group account eg. rename group sysadmin to cstutorial usermod : used to modify user account Read for detail user and group administration! old username username
  • 42. Password Aging and Default User Files ➔ Password aging: Password aging is a security feature in Linux and other Unix- like systems that forces users to change their passwords periodically. ◆ Password expiration: Password expiration is the process of forcing users to change their passwords after a certain period of time. ● This can be configured using the "chage" command, which sets the password expiry date for a user.
  • 43. Setting password and account period (days) using chage command
  • 44. …Cont’d ➔ Default user files: Default user files are files that are created automatically when a new user account is created. ◆ The following are some of the key default user files: ● Bash profile: contains environment variables, aliases, and other settings. ● Bashrc: used to set system-wide environment variables, aliases, and other settings. And it is found in /etc ● Home directory: created automatically for each user account.
  • 45. Managing files and folder permission ❏ In Linux and other Unix-like systems, managing file and folder permissions is an important task that system administrators need to perform to ensure system security and control access to system resources. ❏ Here is an overview of how to manage file and folder permissions: 1. File permissions: File permissions are used to control access to individual files. ■ The following are the three types of file permissions: ● Read permission: Allows the user to read the contents of the file. ● Write permission: Allows the user to modify the contents of the file. ● Execute permission: Allows the user to execute the file if it is a program or a script.
  • 46. ….Cont’d ➔ Each file permissions represented by Read = r Write = w Execute = x Or a number from 0 -7 The file permissions are represented by a series of numbers or letters. The first character indicates the type of file (d for directory, - for a regular file, and l for a symbolic link), followed by three sets of permissions for the owner, group, and other users.
  • 47. …Cont’d Directory file Regular file (none folder files like .txt, .ppt, .docx, .sh ) Default file
  • 48. …Cont’d 2. Folder permissions: are used to control access to directories and the files they contain. ◆ The following are the three types of folder permissions: ● Read permission: Allows the user to list the contents of the folder. ● Write permission: Allows the user to create, delete, and modify files and folders within the directory. ● Execute permission: Allows the user to access the contents of the folder. ⍈ The folder permissions are also represented by a series of numbers or letters, similar to file permissions.
  • 49. …Cont’d 3. Managing file and folder permissions: The following are some of the key commands used to manage file and folder permissions: i. chmod: Used to change file and folder permissions. ii. chown: Used to change the owner of a file or folder. iii. chgrp: Used to change the group of a file or folder. Assume we have a file called test.txt and cs4thyear folder The first rwx is for owner of the folder, the second r-x is for group and the third r-x for guest Linux command
  • 50. …Cont’d ❏ The chmod command is the most commonly used command for managing file and folder permissions. ❏ It can be used to add or remove permissions, set permissions for the owner, group, or other users, and set permissions using numeric or symbolic modes. ❏ Numeric mode: from 0 to 7 ❏ Symbolic mode: r w x
  • 51. Managing File Ownership ❖ system administrators need to perform to ensure system security and control access to system resources. ❖ Here is an overview of how to manage file ownership: ➢ File ownership: File ownership refers to the user and group that are associated with a file. ➢ Managing file ownership: The following are some of the key commands used to manage file ownership: ■ chown: Used to change the owner of a file or folder. ■ chgrp: Used to change the group of a file or folder. The chown and chgrp commands are used to change the ownership of a file or folder. The syntax of the commands is as follows: (next slide)
  • 52. …cont’d General Syntax: OR ➔ The first command changes the owner of the file to the specified user, ➔ while the second command changes both the owner and the group of the file to the specified user and group. chgrp command is used to change the group of a file or folder. Read for detail and try practical!
  • 53. Controlling Access to files (ACLs) ❖ Are an additional mechanism for controlling access to files and folders. ❖ ACLs are used in conjunction with file and folder permissions. ➢ key commands used to manage file and folder permissions and ACLs: ● chmod: Used to change file and folder permissions. ● chown: Used to change the owner of a file or folder. ● chgrp: Used to change the group of a file or folder. ● setfacl: Used to set ACLs on files and folders. ● getfacl: Used to view ACLs on files and folders.
  • 54. …Cont’d General Syntax: To give full permission(read, write and execute) for user kemal to file a.txt For further example, you can get the writing syntax of ACLs Setfacl --help Quiz(3%) 1. Write linux command to give read only permission for user john to file1.txt using ACLs
  • 56. Managing Disk Quotas ❏ disk quotas are used to limit the amount of disk space that users and groups can use on a file system. ❏ This is an important feature for system administrators who need to manage disk space usage and prevent users from filling up the file system. A. Enabling disk quotas: Disk quotas must be enabled on a file system before they can be used This is typically done by editing the file system /etc/fstab file and adding the usrquota and/or grpquota options to the mount options for the file system. For example: This line enables user and group quotas on the /home file system
  • 57. …Cont’d B. Setting up quotas: Once disk quotas are enabled, quotas must be set up for individual users or groups. This is done using the edquota command. The syntax of the command is as follows: OR
  • 58. …Cont’d C. Monitoring quotas: Once quotas are set up, they can be monitored using the quota command. The syntax of the command is as follows: OR This command displays the current disk usage and quota limits for the specified user or group.
  • 59. …Cont’d D. Adjusting quotas: Quotas can be adjusted using the edquota command. The administrator can edit the quota configuration file for a user or group to increase or decrease their quota limits. Overall, managing disk quotas is an important task in Linux and other Unix- like systems that system administrators need to perform to manage disk space usage and prevent users from filling up the file system. By enabling, setting up, monitoring, and adjusting quotas, system administrators can effectively manage disk usage and ensure that disk space is available for critical system processes and applications.
  • 60. Chapter Three File System and Management of Data storage
  • 61. File System What is a File System? ❑ A file system is a way of organizing and managing files on a storage device. ❑ Such as: a hard disk drive or solid-state drive ❑ It provides a logical structure for organizing files and directories. ❑ allows users to access and manage those files.
  • 62. Types of File Systems ● FAT: The File Allocation Table (FAT) ○ widely-used file system that was originally developed for floppy disks and other small storage devices. ○ . It is still used today on some USB drives and other portable storage devices. ● NTFS: The New Technology File System (NTFS) ○ more advanced file system developed by Microsoft for use on Windows computers. ○ It supports larger file sizes, more efficient use of disk space, and better security features than FAT. ● EXT: The Extended File System (EXT) ○ file system used on Linux and other Unix-like operating systems ○ designed for use with the Linux kernel and provides features such as journaling and support for file permissions.
  • 63. …Cont’d ● APFS: The Apple File System (APFS) ○ a modern file system developed by Apple for use on its macOS, iOS, and other operating systems. ○ It is designed to be fast, secure, and efficient, and provides features such as encryption and snapshotting.
  • 64. File System Administration Tasks ● Partitioning: This involves dividing a hard drive or other storage device into multiple partitions, each with its own file system. ● Formatting: Once a partition has been created, it needs to be formatted with a file system. ● Mounting: When a file system is mounted, it is made available for use by the operating system and applications. ● Managing file permissions: File system administrators need to manage permissions for files and directories, determining who has access to them and what actions they can perform.
  • 65. …Cont’d • Monitoring disk usage: It's important to keep track of how much disk space is being used and ensure that there is enough free space available for new files and applications. • Backing up and restoring data: Backing up important files and data is crucial for preventing data loss in the event of a system failure or other disaster. File system administrators need to develop and implement backup and recovery strategies to ensure data can be restored if necessary.
  • 66. ● fdisk is a command-line utility for partitioning disks on Linux systems. Here's how you can use it to partition a disk: ○ Step1 Open terminal ○ Step2 write fdisk /dev/sdX , where X is the driver letter ○ Step3 fdisk will display a warning message about potentially destructive actions. Press "n" to create a new partition. ○ Step4 Follow the prompts to specify the partition type, starting and ending sectors, and other details about the new partition. ○ Step5 Repeat the process to create additional partitions as needed. ○ Step6 Once you have created all of the partitions you need, press "w" to write the changes to disk and exit fdisk. Partitioning disk with fdisk and parted
  • 67. ..Cont’d sda has 3 partitions: sda1,sda2,sda5 sdb has no partitions
  • 68. create partitions in disk sdb to ceate new partition
  • 69. …Cont’d now, primary partition sdb1 created from disk sdb
  • 70. …Cont’d ● parted is another command-line utility for partitioning disks on Linux systems. Here's how you can use it to partition a disk: 1. Open a terminal window and log in as the root user or use the sudo command to run parted with root privileges. 2. Type "parted /dev/sdX" to start parted, where "X" is the letter corresponding to the disk you want to partition. For example, if you want to partition the first hard disk in the system, you would use "parted /dev/sda". 1. Repeat the process to create additional partitions as needed. 2. Once you have created all of the partitions you need, use the "quit" command to exit parted. mkpart primary ext4 0% 20GB 3. Type mkpart <partition type> <file type> <starting sector> <ending sector>
  • 72. ..Cont’d To delete partition Open Terminal sudo fdisk /dev/sdx where x is partition name eg. /dev/sda Enter d to delete partition Enter partition number eg. if partition is at /dev/sda1 Enter 1 Enter w to write on the disk quit mkfs.ext4 /dev/sda1
  • 73. …Cont’d ● Both fdisk and parted are powerful tools for partitioning disks, and can be used to create complex partition layouts with multiple partitions of different types and sizes. It's important to be careful when using these tools, as errors or mistakes can result in data loss or other problems. Be sure to backup important data before making any changes to disk partitions.
  • 74. Creating a file system ● To create a new file system on a disk partition, you can use the mkfs command followed by the type of file system you want to create (e.g., ext4, xfs, btrfs, etc.) and the name of the partition you want to format. This command will format the first partition on the first hard disk in the system with the ext4 file system.
  • 75. Mounting a file system ● To mount a file system, you first need to create a mount point (i.e., a directory where the file system will be accessible). You can use the mkdir command to create a new directory for this purpose.
  • 76. Maintaining a file system ● To maintain a file system, there are several tools and commands available on Linux systems. • df: displays information about disk usage and available space on file systems • du: displays information about disk usage of files and directories • fsck: checks and repairs file system errors • tune2fs: allows you to tune various parameters of an ext2, ext3, or ext4 file system • xfs_repair: checks and repairs XFS file systems
  • 77. …Cont’d Check disk usage on /home directory Display disk free space with human readable format
  • 78. Swap ● Swap is an area on a hard drive that is used as a virtual memory extension when the physical memory (RAM) is full. Linux systems typically use a dedicated swap partition or a swap file to provide this functionality. ● Creating a swap partition 1. Determine the size of the swap partition you need 2. Use a partitioning tool like fdisk or parted to create a new partition on your hard drive. Make sure to set the partition type to "Linux swap" (type code 82). 3. Format the new partition with the mkswap command.
  • 79. …Cont’d To make the swap partition persistent across reboots, add an entry for it in the /etc/fstab file.
  • 80. Determining disk usage with du and df ● du: used to estimate the space used by file and directories. ● df: used to display the amount of disk space available on file systems. For further du and df usage, enter du –help and df --help
  • 81. Configuring Disk Quota ● Disk quotas are a feature of the Linux file system that allows system administrators to limit the amount of disk space a user or group can use. ● To configure disk quota, Step 1: Enable Quota Support go to /et/fstab and adding user and group quota
  • 82. …Cont’d mount -o remount /home sudo apt-get install quota /home 0 0 1000 2000 0 0 //edit the /etc/quotatab sudo edquota cs //where cs is username sudo repquota /home to monitor disk usage quota In the fstab file, the number 2 specifies the order in which file systems are checked for errors at boot time.
  • 83. Logical volume management and RAID ❏ Logical Volume Management (LVM) and Redundant Array of Independent Disks (RAID) are two technologies that can help manage and protect data on Linux systems. ❏ Logical Volume Management (LVM) ❏ LVM is a technology that allows you to create logical volumes from multiple physical volumes (such as hard drives or partitions), and manage them as a single, flexible storage pool. ❏ With LVM, you can easily resize volumes, add or remove physical storage, and take snapshots of volumes for backups or testing purposes.
  • 84. In this diagram, we have three physical disks at the bottom, disk 1 has three partitions (sky, green and red colors), disk 2 has only one partitions (red ones) and disk 3 has two partitions (red and green). There are two logical volume group LV1 & LV2. /boot directory found in disk 1 / directory found in LV1 and LV1 can access two partitions from Disk1 and one partition from Disk 3 /home directory found in LV2 and LV2 uses one partition from each (three) disks
  • 85. Redundant Array of Independent Disks (RAID)  Stands for Redundant Array of Independent Disks.  It’s a technology that enables greater levels of performance, reliability and/or large volumes when dealing with data.  How?? By concurrent use of two or more ‘hard disk drives’.  How Exactly?? Mirroring, Stripping (of data) and Error correction techniques combined with multiple disk arrays give you the reliability and performance.
  • 86. RAID 0  It splits data among two or more disks.  Provides good performance.  Lack of data redundancy means there is no fail over support with this configuration.  Used in read only NFS systems and gaming systems
  • 87. RAID 0  In the diagram to the right, the odd blocks are written to disk 0 and the even blocks to disk 1 such that A1, A2, A3, A4, … would be the order of blocks read if read sequentially from the beginning.
  • 88. RAID 1  RAID1 is ‘data mirroring’.  Two copies of the data are held on two physical disks, and the data is always identical.  Twice as many disks are required to store the same data when compared to RAID 0.  Array continues to operate so long as at least one drive is functioning.
  • 89. RAID 1  This type of RAID uses mirroring to copy data across two or more hard drives, providing redundancy in case of a drive failure.  However, it requires at least two drives, and you lose half of your available storage capacity due to the mirroring.
  • 90. RAID 5  RAID 5 is an ideal combination of good performance, good fault tolerance and high capacity and storage efficiency.  An arrangement of parity and CRC to help rebuilding drive data in case of disk failures.  “Distributed Parity” is the key word here.
  • 91. In this diagram parity code is distributed across each disk.
  • 92. RAID 10  Combines RAID 1 and RAID 0.  Which means having the pleasure of both - good performance and good failover handling.  Also called ‘Nested RAID’.
  • 93. Implementations Software based RAID: ● Software implementations are provided by many Operating Systems. ● A software layer sits above the disk device drivers and provides an abstraction layer between the logical drives(RAIDs) and physical drives. ● Server's processor is used to run the RAID software. ● Used for simpler configurations like RAID0 and RAID1.
  • 94. Hardware based RAID: • A hardware implementation of RAID requires at least a special-purpose RAID controller. • On a desktop system this may be built into the motherboard. • Processor is not used for RAID calculations as a separate controller present. A PCI-bus-based, IDE/ATA hard disk RAID controller, supporting levels 0, 1, and 01.
  • 96. TCP/IP Basics ● TCP/IP (Transmission Control Protocol/Internet Protocol) is a set of networking protocols used for communication over the internet. ● TCP/IP protocol suite provides end-to-end connectivity that enables data to be transmitted reliably over a network.
  • 97. OSI and Protocol Stack Network Access
  • 99. …Cont’d  TCP is a connection-oriented protocol that provides reliable data transmission.  ensuring that the data is delivered without errors and in the correct order.  It establishes a connection between two devices and manages the flow of data between them.  TCP also handles congestion control, which helps to prevent network congestion by slowing down the rate at which data is transmitted.
  • 100. …Cont’d  IP is a connectionless protocol that provides addressing and routing services.  IP packets contain:-  Source address  Destination address  Source Address:- is an address of a device which intended to send data and Destination address is address of a device that intended to receive data.
  • 101. …Cont’d  Together, TCP and IP form the basis of the internet protocol suite, and are used to transmit data over the internet.  Other protocols in the TCP/IP suite include UDP (User Datagram Protocol),  which is a connectionless protocol that provides fast but unreliable data transmission,  ICMP (Internet Control Message Protocol), which is used for network diagnostics and troubleshooting.
  • 102. TCP/IP Applications  Web Browsing  E-mail  File Sharing  Video Streaming  It is a critical component of the internet and is used by billions of devices worldwide to communicate with each other.
  • 103. IP ● Responsible for end to end transmission ● Sends data in individual packets ● Maximum size of packet is determined by the networks ○ Fragmented if too large ● Unreliable ○ Packets might be lost, corrupted, duplicated, delivered out of order
  • 104. IP addresses ● 4 bytes ○ e.g. 10.141.5.19 ○ Each device normally gets one (or more) ○ In theory there are about 4 billion available ● But…
  • 105. Routing ● How does a device know where to send a packet? ○ All devices need to know what IP addresses are on directly attached networks ○ If the destination is on a local network, send it directly there
  • 106. …Cont’d ● If the destination address isn’t local ○ Most non-router devices just send everything to a single local router ○ Routers need to know which network corresponds to each possible IP address
  • 107. Allocation of addresses ● Controlled centrally by ICANN ○ Fairly strict rules on further delegation to avoid wastage ■ Have to demonstrate actual need for them ● Organizations that got in early have bigger allocations than they really need
  • 108. IP packets ● Source and destination addresses ● Protocol number ○ 1 = ICMP, 6 = TCP, 17 = UDP ● Various options ○ e.g. to control fragmentation ● Time to live (TTL) ○ Prevent routing loops
  • 109. ARP : Address Resolution Protocol ● ARP provides mapping 32bit IP address <-> 48bit MAC address 128.97.89.153 <-> 00-C0-4F-48-47-93 ● ARP cache maintains the recent mappings from IP addresses to MAC addresses Protocol 1. ARP request broadcast on Ethernet 2. Destination host ARP layer responds
  • 110. DHCP ● Dynamic Host Configuration Protocol ○ Used to tell a computer what IP address to use ○ Device broadcasts a request from IP 0.0.0.0 ■ If it had an IP address before, asks for the same one again ○ Server (or relay) on local network responds telling it which to use (or ignores it, or tells it go away) ■ “Lease time” telling it how long that IP will be valid for ■ Device requests renewal of lease after ¾(?) elapsed
  • 111. Configuring Linux Box as Router  Configuring a Linux box for networking involves several steps.  setting up network interfaces,  configuring IP addresses,  and setting up routing.
  • 112. …cont’d 1. Identify network interfaces: Check the available network interfaces on the Linux box using the “ ip link show “ Command. 2. Configure network interfaces: Edit the interface configuration files located in the auto eth0 iface eth0 inet dhcp //to set dhcp address /etc/network/interfaces
  • 113. …cont’d 1. Identify network interfaces: Check the available network interfaces on the Linux box using the “ ip link show “ Command. 2. Configure network interfaces: Edit the interface configuration files located in the auto eth0 iface eth0 inet static //to set static address address 192.168.0.2 netmask 255.255.255.0 broadcast 192.168.0.255 gateway 192.168.0.1 /etc/network/interfaces
  • 114. …cont’d 3. Configure DNS: Edit the “/etc/resolv.conf” file to add the DNS server IP addresses. For example, to add the Google DNS servers, add the following lines: nameserver 8.8.8.8 nameserver 8.8.4.4 Name servers translate the domain name into an IP address, connecting information that's easy for humans to understand with information that's easy for computers to understand
  • 115. …cont’d 4. Configure routing: Use the “ip route” command to configure routing. For example, to add a default route through the gateway with IP address 192.168.0.1, use the following command: ip route add default via 192.168.0.1 5.Test network connectivity: Test network connectivity by pinging other devices on the network or the internet. For example, to ping Google's DNS server, use the following command: ping 8.8.8.8
  • 116. Configuring a Linux Box as a Router ● What is router? A router is a device that connects two or more packet-switched networks or subnetworks.  Configuring a Linux box as a router involves several steps, including enabling IP forwarding, configuring network interfaces, and setting up routing.
  • 117. General guide 1. Enable IP forwarding: IP forwarding allows the Linux box to forward packets between network interfaces. to enable IP forwarding, edit the “/etc/sysctl.conf” file and uncomment the following line: net.ipv4.ip_forward=1 then run sudo sysctl -p /etc/sysctl.conf to apply the change
  • 118. …Cont’d 2. Configure network interface For example, if the Linux box has two network interfaces, eth0 and eth1, with IP addresses 192.168.1.1 and 192.168.2.1, respectively, edit the “/etc/network/interfaces” file and add the following lines: auto eth0 iface eth0 inet static address 192.168.1.1 netmask 255.255.255.0 auto eth1 iface eth1 inet static address 192.168.2.1 netmask 255.255.255.0
  • 119. …Cont’d 3. Configure NAT: Network Address Translation (NAT) allows the Linux box to translate private IP addresses used on the local network to a public IP address used on the internet. To configure NAT, use the following commands: sudo iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE sudo iptables-save | sudo tee /etc/iptables/rules.v4 This will configure NAT for outgoing traffic on the eth0 interface.
  • 120. …Cont’d 4. Configure routing: Use the “ ip route ” command to configure routing. For example, to add a route to the 192.168.2.0/24 network through the eth1 interface, use the following command: sudo ip route add 192.168.2.0/24 dev eth1 This command allow eth1 will provide address for hosts from 192.160.2.0 – 192.168.2.255
  • 121. …Cont’d 4. Test network connectivity: Test network connectivity by pinging other devices on the network or the internet ping 192.168.2.x, where x is a number from 0 -255
  • 122. Configuring a Web Server (Apache)  What is web server? Web server is a computer where the web content is stored. Basically web server is used to host the web sites but there exists other web servers also such as gaming, storage, FTP, email etc. Web site is collection of web pages while web server is a software that respond to the request for web resources.
  • 124. Configure Apache server 1. Installing Apache sudo apt install apache2 2. Configure Apache By goto /etc/apach2 direrctory configure the following line:  apach2.conf  ports.conf  sites-available/default 3. Create web content inside /var/www/html
  • 125. …Cont’d 4. Deploy web contents Making it accessible to web server . Web content file have correct file permissions and file ownership. http://192.168.1.100 IP address of web server
  • 126.  What is DNS? And how it work? DNS Server (BIND) The Domain Name System (DNS) is the phonebook of the Internet. When users type domain names such as ‘google.com’ or ‘facebook.com’ into web browsers, DNS is responsible for finding the correct IP address for those sites. Browsers then use those addresses to communicate with origin servers or CDN edge servers to access website information.
  • 129. Configuring DNS server  Install BIND: Install the BIND DNS server using the package manager for the Linux distribution being used.  Configure BIND: Edit the BIND configuration files located in the “/etc/bind” directory to configure the server. sudo apt-get install bind9 named.conf named.conef.options named.conf.local
  • 130. Cont’d  Set up DNS zones: Set up DNS zones for the domain names being served by the DNS server.  There are two types of DNS zones:  Forward Zone:- map domain name to ip address  Reverse Zone:- map ip address to domain name
  • 131. Options • Go to /etc/bind folder and edit named.conf.options file recursion yes; listen-on {your server IP address;}; allow-transfer {none;} //to disable zone transfer by default forwarders { your nameserver or google nameserver (8.8.8.8/IP address); };
  • 132. Forward Zone Configuration • Go to /etc/bind folder and edit named.conf.local file //Forward Zone; zone “asu.edu.et” IN { type master; file “/etc/bind/db.asu.edu.et”; };
  • 133. Reverse Zone Configuration • Go to /etc/bind folder and edit named.conf.local file //Reverse Zone; zone “56.168.192.in-addr.arpa” IN { type master; file “/etc/bin/56.168.192”; //if your IP address is 192.168.56.x };
  • 134. Cont’d Create db.asu.edu.et file inside /etc/bind ; BIND data for local loopback interface $TTL 1h @ IN SOA ns1.asu.edu.et. admin.asu.edu.et. ( 1 ; Serial 1h ; Refresh 15m ; Retry 1w ; Expire 1h ; Minimum TTL ) @ IN NS ns1.asu.edu.et. ns1 IN A 192.168.56.10 www IN A 192.168.56.10 ftp IN A 192.168.56.10
  • 135. Cont’d Create db.56.168.192 file inside /etc/bind ; BIND reverse data for local loopback interface $TTL 1h @ IN SOA ns1.asu.edu.et. admin.asu.edu.et. ( 1 ; Serial 1h ; Refresh 15m ; Retry 1w ; Expire 1h ; Minimum TTL ) @ IN NS ns1.asu.edu.et. 10 IN PTR ns1.asu.edu.et 10 IN PTR www.asu.edu.et 10 IN PTTR ftp.asu.edu.et
  • 136. Cont’d After all, restart bind9 by writing the following command: sudo service bind9 restart or sudo /etc/init.d/named restart Then nslookup www.asu.edu.et or ftp.asu.edu.et or ns1.asu.edu.et dig www.asu.edu.et or ftp.asu.edu.et or ns1.asu.edu.et nslookup 192.168.56.10 dig 192.168.56.10 reverse lookup
  • 137. Reading Assignment Address Resolution Protocol (ARP) Network Address Translation (NAT) Basic Network commands in Linux (ping,dig,ifconfig,ip a, ip addr, ip link show, nslookup, netstat, and soon….) Packet sniffing tool (Wireshark and tcpdump)
  • 138. Mail Server A mail server transfers and delivers email messages between two or more mail clients.
  • 140. Mail Transfer Agent (MTA) A mail Transfer Agent (MTA) is a software application that is responsible for the routing and delivery of email messages between mail servers.
  • 142. Configuring a Mail Transfer Agent (MTA) postfix 1. Install postfix : sudo apt install postfix 2. Configure Postfix main.cf: This file contains global configuration settings for Postfix master.cf: This file contains the service definitions for Postfix 3. Some of the important settings that need to be configured include the mail server hostname, the mail server domain name, and the mail server network settings. After configuration restart postfix sudo service postfix restart
  • 143. Chapter Five Installation of Application Server and Management
  • 144. What is Server and its function?  A server is a computer program or device that provides services to other programs or devices, called clients.  A server is designed to be more powerful and reliable than a typical desktop computer  A server functions by receiving requests from client devices, processing those requests, and sending back a response.
  • 145.  Web server: A web server stores and delivers web pages, images, and other content to users who request it through a web browser.  Popular Web Servers  Apache  Nginx  Mail server: A mail server is responsible for sending and receiving email messages.  Popular Mail Servers  Postfix  Exim  Microsoft Exchange Types of server
  • 146.  File server: A file server stores and manages files, allowing users to access them from various devices.  Popular File Servers  Window file server  Samba (for Linux)  Database server: manages databases and allows multiple users to access and modify data at the same time.  Popular Database Servers  MySQL  Oracle  Microsoft SQL server …Cont’d
  • 147.  DNS server: resolves domain names into IP addresses, allowing computers to communicate with each other over the internet.  Popular DNS Servers  BIND  Microsoft DNS  Proxy server: acts as an intermediary between clients and servers,  Allowing clients to access resources on the internet without revealing their IP addresses.  It can also be used to improve performance by caching frequently accessed resources. …Cont’d
  • 148.  Application server: Provides an environment in which applications can run.  It manages resources such as memory and CPU usage and provides services such as:  Security and  transaction management  Popular Application Servers  Apache Tomcat  JBoss. …Cont’d
  • 149. Installation of Application Server and Management
  • 150. general steps  Choose the application server software  Prepare the operating system  Install the application server software  Configure the application server  Deploy applications  Manage the application server
  • 151. DHCP, DNS, and Telnet  DHCP, DNS, and Telnet are all network services that are commonly used in modern networks.  Here is a comparison of these services with other network operating system (NOS) setups of the corresponding services: Next Slide
  • 152. DHCP  Windows Server: DHCP service is provided through the DHCP Server role in Windows Server.  It can be installed and configured using the DHCP console.  Linux: DHCP is provided by a variety of open source packages like ISC DHCP, dnsmasq, and dhcpd.
  • 153. DNS  Windows Server: DNS service is provided through the DNS Server role in Windows Server. It can be installed and configured using the DNS console.  Linux: DNS is provided by a variety of open source packages like BIND, dnsmasq, and PowerDNS.
  • 154. Telnet  Windows Server: Telnet service is provided through the Telnet Server role in Windows Server.  It can be installed and configured using the Telnet console.  Linux: Telnet is provided by the Telnet package, which can be installed and configured using a command-line interface.
  • 155. …Cont’d ● In general, the setup of these services is similar across different NOS platforms. However, there may be differences in the specific configuration options available, the management interfaces used to configure the services, and the default settings for each service. ● Additionally, different NOS platforms may include additional features or functionality that are not available in other platforms, depending on the specific needs of the network.
  • 156. SSH Client and Server Secure Shell - SSH There are a number of tools that can be used to remotely connect to hosts.  The secure shell or ssh is a collection of tools using a secure protocol for communications with remote Linux computers. The communication is between SSH Client and SSH Server.  Communication is encrypted. Before data exchange begins the communication channel will be encrypted
  • 157. …cont’d Configuration file is found in /etc/ssh. • Public and Private Keys • Are used for encryption and authentication • Both Communication parties require Private and Public Keys for sending data and verification. To install ssh sudo apt-get install openssh-server openssh-client
  • 158. …cont’d • Public and Private Keys
  • 159. RSA and DSA Encryption Algorithms  RSA = Rivest–Shamir–Adleman one of the first encryption algorithms. The encryption key is public and is different from the decryption key which is private. Because of this the encryption is called asymmetric encryption  RSA is relatively slow and is not used to encrypt bulk data It is mostly used to exchange keys  SSH uses RSA encryption
  • 161. SSH the user on cs has to accept the server’s RSA key (public key) • The key will be stored in ~/.ssh/known_hosts file • For subsequent logins, confirmation is not request
  • 162. SSH You can login from windows to Linux Server using ssh
  • 163. SCP – Secured Copy  SCP copies files from remote host to local host or vice versa. • It works behind ssh  Copy file (in this case /home/cs) from remote computer to local computer(to the directory /home/dnsuser/Desktop) scp username@serveraddress:/filepath destinationfolder
  • 164. Setting up Passwordless SSH  Also known as public-key based authentication  Example = Giving access to an Ubuntu desktop on a server using public-keys  Step 1 – Generate Key Pair on Your computer using ssh-keygen command  ssh-keygen -t rsa • Default key length is 2048 bits. To be more secured, increase the bit length • ssh-keygen –t rsa -b 4096 increases the length to 4096 bits • When asked to choose filename, press Enter key to select the default file
  • 165. Setting up Passwordless SSH  Type Passphrase, at least 20 characters long. • Press Enter if you don’t want to use pass phrase • The pass phrase is used to encrypt the private key • The two keys will be saved separately
  • 167. Setting up Passwordless SSH Step 2 – Upload Your Public Key to Remote Linux Server Send the files using the ssh-copy-id command for uploading id, it ask server password
  • 168. Setting up Passwordless SSH Step 3 – try login without password
  • 169.  FTP (File Transfer Protocol) is a network protocol used for transferring files between computers on a network.  Setting up a FTP server typically involves the following steps: o Choose an FTP server software  FileZilla Server  ProFTPD and  vsftpd.  Install the FTP server software: o Follow the installation instructions provided by the FTP server software vendor. FTP
  • 170.  Configure the FTP server o After the installation is complete, configure the FTP server to meet your needs. o This may involve setting up user accounts, configuring security settings, and adjusting performance settings.  Create and manage FTP users o Set up FTP user accounts and permissions to control who can access the FTP server and what files they can access FTP
  • 171.  Test the FTP server o Test the FTP server by connecting to it using a FTP client software like FileZilla or WinSCP. FTP To install VSFTP server sudo apt install vsftpd -y Star and enable the service sudo services vsftpd start Or sudo systemctl start vsftpd sudo services vsftpd enable Or sudo systemctl enable vsftpd
  • 172.  If you have a firewall enabled FTP sudo ufw allow 20/tcp sudo ufw allow 21/tcp To check your firewall status sudo ufw status
  • 173. Check status of FTP server
  • 174.  To Connect with remote server …Cont’d ftp <Server Address> lcd /home/dnsuser cd /home/cs To change pwd to local machine To change pwd to remote machine
  • 175.  To upload file from local machine to remote server …Cont’d
  • 176. SAMBA: Linux and Windows File and Printer Sharing  SAMBA is an open-source software suite that allows Linux and Unix-based systems to communicate and share resources with Windows-based systems.  It provides file and print services that enable Linux and Unix-based systems to act as Windows file and printer servers.
  • 178. …Cont’d To install Samba Server sudo apt install samba samba-common python3-dnspython sudo apt install samba OR For latest Linux distro sudo ufw allow 445/tcp sudo ufw allow 139/tcp Samba server uses 137-139 and 445 ports
  • 179. Configure SAMBA To configure samba server go to /etc/samba and edit smb.conf  There are two types of file sharing in samba server.  Unsecure Anonymous and  Secure file sharing
  • 180. Anonymous file Sharing Step 1. create shared samba directory. sudo mkdir –p /anonymous_shares Step 2. set file and folder permissions for newly created folder sudo chmod –R 775 / anonymous_shares Step 3. make the file and folder ownerless sudo chown –R nobody:nogroup / anonymous_shares
  • 181. …Cont’d Go to /etc/samba file and edit smb.conf [Anonymous] comment = Anonymous file sharing path = / anonymous_shares browsable = yes writeable = yes guest ok = yes read only = no; force user = nobody;
  • 182. Secure file Sharing Step 1. create shared samba directory. sudo mkdir –p /Secure_shares Step 2. adduser to smbgroup //assume we have user account named cs sudo smbpasswd –a cs //enter new network password and confirm Step 3. assign cs to own Secure_shares folder sudo chown –R cs /Secure_shares
  • 183. …Cont’d Go to /etc/samba file and edit smb.conf [Secure-Shares] comment = Secure file sharing path = / Secure_shares browsable = yes writeable = yes guest ok = no read only = no;
  • 185. What does mean network service? o Network services refer to the various services and protocols that are used to enable  communication and data transfer between devices on a network. o Examples of network services include  email,  file sharing,  remote access,  domain name resolution, and  network printing. o These services are typically provided by servers on the network and can be accessed by clients using appropriate software or protocols.
  • 186. key aspects of managing network services
  • 187.  Network services such as  DHCP,  DNS,  FTP,  email servers, and others need to be properly configured with the appropriate settings and parameters.  This includes defining IP address ranges, domain names, access controls, security settings, and other configuration options specific to each service. Service Configuration
  • 188.  It is essential to monitor network services to ensure their availability and optimal performance.  Monitoring involves  regularly checking the status of services  monitoring resource utilization  responding to any issues or failures promptly  Various monitoring tools and techniques can be employed, such as system logs, performance monitoring tools, and network monitoring systems. Service Monitoring
  • 189.  Network services need to be secured to protect against:  unauthorized access,  data breaches,  and other security risks.  This involves implementing appropriate:  access controls,  encryption,  authentication mechanisms,  and firewalls. Security Management
  • 190.  Network administrators need to be proficient in troubleshooting network service issues.  This includes  diagnosing and resolving connectivity problems,  service disruptions, performance issues,  and addressing any service-related errors or failures.  Regular maintenance tasks such as software updates, configuration backups, and periodic service restarts are also part of effective service management. Troubleshooting and Maintenance
  • 191.  Managing network services requires anticipating future growth and ensuring that the infrastructure can handle increased demands.  Capacity planning involves  assessing current and future needs,  estimating resource requirements, and  scaling services accordingly. Capacity Planning  This includes monitoring network traffic patterns, analyzing resource utilization, and planning for hardware and software upgrades when necessary.
  • 192.  Proper documentation of network services, including configurations, procedures, and troubleshooting guidelines, is essential for effective management. Documentation and Documentation Management
  • 193. Maintenance Troubleshooting: Common System and Network Problems  Maintenance troubleshooting involves identifying and resolving common system and network problems.  common system and network problems  Connectivity Issues  Slow Performance  Application Errors  Hardware Failures  Security Breaches  DNS and IP Addressing Issues  Printing Issues and Wireless Network Problems
  • 194. Developing General Strategies ● Planning and Requirements Gathering ● Scalability and Flexibility ● Security Considerations ● Modularity and Reusability ● Testing and Quality Assurance ● Documentation and Knowledge Management ● User Training and Support ● Regular Maintenance and Updates ● Monitoring and Performance Optimization ● Continuous Improvement
  • 195. Resolve Boot Problems  Check Hardware Connections:  Ensure that all hardware components, such as hard drives, memory modules, and cables, are properly connected.  Verify Boot Device Priority:  Access the system BIOS or UEFI settings and confirm that the correct boot device is selected as the primary boot option.  For example, ensure that the hard drive containing the operating system is set as the first boot device.
  • 196. …cont’d  Check Boot Order  If there are multiple operating systems or bootable devices, verify the boot order to ensure the system is attempting to boot from the correct device.  Adjust the boot order if necessary.  Repair Master Boot Record (MBR) or Bootloader:  Use recovery tools or installation media to repair the MBR or bootloader,  which are responsible for initiating the boot process.  This can help resolve issues caused by corrupted boot records.
  • 197. …cont’d  Use Safe Mode or Recovery Mode:  Booting the system in Safe Mode or Recovery Mode can help identify and resolve boot problems by starting the system with minimal drivers and services.
  • 198. Backup and Restore Data and System Volume:  Data Backup  Regularly back up important data to external storage devices, cloud storage, or network drives.  Use backup software or built-in backup utilities to create scheduled backups or perform manual backups.
  • 199. …Cont’d  System Image Backup  Create a system image backup that captures the entire system volume, including the operating system, installed applications, and system settings.  This allows for a complete restoration of the system in case of data loss or system failure.
  • 200. …Cont’d  File-Level Restore  For data recovery at the file level, use backup software or manual methods to selectively restore specific files or folders from the backup.  This is useful when only specific files are lost or corrupted.
  • 201. …Cont’d  System Restore Point  If your operating system supports it, use the System Restore feature to restore the system to a previous state when it was functioning properly.  This can help resolve issues caused by recent system changes or updates.
  • 202. …Cont’d  System Recovery or Reinstallation  In severe cases where the system volume is heavily damaged or corrupted, you may need to perform a system recovery or reinstall the operating system  Use installation media or recovery partitions to initiate the recovery process, following the instructions provided by the operating system.
  • 203. Using Event Viewer  Using Event Viewer for Troubleshooting Connectivity  Event Viewer is a tool available in Windows operating systems that allows you to view and analyze system events.  including those related to connectivity issues
  • 204. …Cont’d  Event Viewer to troubleshoot connectivity problems  Open Event Viewer
  • 205.
  • 206.
  • 207. Troubleshooting Connectivity  Check Physical Connections  Ensure that network cables, Ethernet ports, or Wi-Fi adapters are properly connected and functioning.  Check Physical Connections  Restart your modem, router, and any other network devices to clear temporary glitches and re-establish connections.
  • 208. …Cont’d  Verify IP Configuration  Check the IP configuration settings of your network adapter to ensure they are correct.  Use the command prompt and type "ipconfig" to view the IP address, subnet mask, gateway, and DNS settings.
  • 209. …Cont’d ipconfig /release //to release ip address ipconfig /renew //to get new ip address
  • 210. …Cont’d  Ping and Trace Route  Use the ping command to check connectivity to specific IP addresses or domain names.  Trace route can help identify network hops and pinpoint where the connectivity issue may be occurring. tracert www.asu.edu.et
  • 212. Overview of Systems Security  Systems security refers to the protection of computer systems and networks from  unauthorized access or use,  disclosure  disruption,  modification, or destruction
  • 213. Critical Components of systems security  Access Control  Network Security  Operating System Security  Data Protection  Incident Response  Security Auditing and Monitoring  Security Policies and Procedures
  • 214. Overview of Application Security  Application security focuses on protecting software applications from vulnerabilities and attacks throughout their lifecycle.  It involves implementing security controls and best practices to identify, prevent, and mitigate security risks.
  • 215. key aspects of Application security  Secure Coding Practices  Authentication and Authorization  Input Validation  Session Management  Secure Configuration  Encryption and Data Protection  Security Testing  Secure Software Development Lifecycle (SDLC)  Regular Updates and Patching  Security Awareness and Training
  • 216. Login Security  Login security refers to the measures and practices implemented to ensure the integrity and confidentiality of user login credentials and the authentication process.  It aims to protect user accounts from unauthorized access and mitigate the risks associated with compromised or weak login credentials.
  • 217. key aspects of login security  Strong Password Policies  Multi-Factor Authentication (MFA)  Account Lockouts and Brute Force Protection  Secure Login Forms: Use secure protocols like HTTPS to encrypt login credentials during transit  Password Storage and Hashing: Avoid storing passwords in plaintext or using weak encryption methods.  Account Recovery and Password Reset  User Account Management: regular review and removal of inactive or unused accounts
  • 218. Boot Loader security (LILO and GRUB)  Boot Loader Security refers to the measures taken to protect the boot loader, which is the software responsible for loading the operating system during the boot process.  Two popular boot loaders in the Linux ecosystem are  LILO (Linux Loader) and  GRUB (GRand Unified Bootloader).
  • 219. Some aspects of boot loader security for LILO and GRUB  Protecting Boot Loader Configuration Files  Boot loaders like LILO and GRUB have configuration files (e.g., /etc/lilo.conf for LILO and /boot/grub/grub.cfg for GRUB) that contain important settings and options.  Ensure that these files are not accessible by unauthorized users, as they can modify boot settings and potentially compromise the system.  Set appropriate file permissions to restrict access.
  • 220. …cont’d  Password Protection  Both LILO and GRUB support password protection to prevent unauthorized modifications to boot settings or unauthorized access to certain boot options.  By setting a password, you can restrict access to the boot loader configuration and prevent unauthorized changes.
  • 221. …cont’d  Secure Boot  GRUB supports Secure Boot, which is a feature that verifies the digital signatures of boot components to ensure their integrity and protect against boot-level attacks or unauthorized modifications.  Secure Boot uses cryptographic keys to verify the authenticity of boot components before loading them
  • 222. …cont’d  Boot Loader Backup  It is important to regularly back up the boot loader configuration and related files to ensure you can restore them in case of accidental modifications, system failures, or security breaches.  This allows you to recover the boot loader configuration and maintain the integrity of the boot process.
  • 223. …cont’d  System Updates  Keep your boot loader software up to date with the latest security patches and updates.  This helps to address any vulnerabilities or weaknesses that may be discovered in the boot loader software over time.  Regularly check for updates from the official sources and follow best practices for applying updates.
  • 224. …cont’d  Physical Security  Protect the physical hardware that runs the boot loader and the system itself.  Restrict physical access to the system to authorized personnel only.  Unauthorized physical access could allow an attacker to modify the boot loader or boot process, compromising the system's security.
  • 225. …cont’d  Monitoring and Auditing  Implement logging and monitoring mechanisms to capture and analyze boot loader activities and events.  This includes monitoring changes to boot loader configuration files, tracking boot-related errors, and reviewing log files for any suspicious activities.
  • 226. TCP Wrappers Configuration  TCP Wrappers is a host-based access control system that allows you to control access to network services based on various criteria such as o IP addresses, o domain names, and o client requests.  It provides an additional layer of security by filtering incoming network connections and allowing or denying access based on defined rules.
  • 227. …Cont’d  To install TCP Wrappers sudo yum install tcp_wrappers  /etc/hosts.allow and  /etc/hosts.deny  Once the installation is complete, configure sudo dnf install tcp_wrappers OR
  • 228. …Cont’d  /etc/hosts.allow file contains the list of allowed or non-allowed hosts or networks.  It means that we can both allow or deny connections to network services by defining access rules in this file  /etc/hosts.deny file contains the list of hosts or networks that are not allowed to access your Linux server.
  • 229. …Cont’d  The typical syntax to define an access rule is: daemon_list : client_list : option : option ... Where,  daemon_list - The name of a network service such as SSH, FTP, http etc.  clients_list - The comma separated list of valid hostnames, IP addresses or network addresses.  options - An optional action that specifies something to be done whenever a rule is matched.
  • 230. …Cont’d  Rules to Remember  The access rules in the /etc/hosts.allow file are applied first. They takes precedence over rules in /etc/hosts.deny file  Therefore, if access to a service is allowed in /etc/hosts.allow file, and a rule denying access to that same service in /etc/hosts.deny is ignored.
  • 231. Restrict Access To Linux Servers Using TCP Wrappers  The recommended approach to secure a Linux server is to block all incoming connections, and allow only a few specific hosts or networks. To do so, edit /etc/hosts.deny Add the following line. This line refuses connections to ALL services and ALL networks. ALL: ALL
  • 232. Allow and Deny hosts add the following line in /etc/hosts.allow file sshd: 192.168.43.192 #Allow a single host for SSH service sshd: 192.168.43.0/255.255.255.0 #Allow a /24 prefix for SSH vsftpd: 192.168.43.192 #Allow a single host for FTP vsftpd: 192.168.43.0/255.255.255.0 #Allow a /24 prefix for FTP vsftpd: asu.cs.et #Allow a single host for FTP
  • 233. Iptables Firewalling Introduction to Linux • Iptables is a powerful firewall utility for Linux systems that allows you to set up and manage network packet filtering rules. • Understanding Firewall Basics  Packet filtering  Network ports  Protocols (TCP, UDP), and  IP addresses. • Ensure that your Linux kernel has built-in support for iptables.
  • 234. common scenarios in which iptables to Configure Firewall Introduction to Linux  Allow Incoming SSH Connections iptables -A INPUT -p tcp --dport 22 -s 192.168.1.0/24 -j ACCEPT  Block Incoming HTTP Requests iptables -A INPUT -p tcp --dport 80 -j DROP  Allow Outgoing DNS Queries iptables -A OUTPUT -p udp --dport 53 -j ACCEPT Read and exercise for detail iptables firewalling
  • 235. Packet Filtering Introduction to Linux • Packet filtering is a fundamental technique used in network security to selectively allow or block network traffic based on predefined criteria. • It involves inspecting individual packets as they pass through a network device, such as a firewall or router, and making decisions about whether to permit or deny them.
  • 236. Cont’d Introduction to Linux  key concepts related to packet filtering  Access Control Lists (ACLs)  Source and Destination IP Address Filtering  Port-Based Filtering  Protocol Filtering  Stateful Packet Filtering  Implicit Deny Rule: default rule  Logging: capability to log denied packets or specific events for monitoring, analysis, and troubleshooting purposes.
  • 237. Port Forwarding Introduction to Linux  Port forwarding (also known as port redirection) and Network Address Translation (NAT) with IP masquerading are techniques used to enable communication between devices on a private network and external networks, such as the internet.  These techniques are commonly employed in network setups where multiple devices share a single public IP address.
  • 238. Cont’d Introduction to Linux  Port Forwarding/Redirection: Port forwarding allows inbound network traffic to reach a specific device or service within a private network by redirecting traffic from a specific port on the public IP address to a designated internal IP address and port.  It is typically used to enable external access to services running on devices within the private network.
  • 239. how port forwarding works? Introduction to Linux 1. A request comes in from an external network to the public IP address and a specific port 2. The router or firewall receives the request and checks its port forwarding configuration. 3. Based on the configured rules, the router/firewall forwards the incoming traffic to the designated internal IP address and port.
  • 241. NAT/IP Masquerading: Introduction to Linux  Network Address Translation (NAT) is a technique that allows multiple devices within a private network to share a single public IP address when connecting to external networks.  IP masquerading is a specific form of NAT that dynamically translates the private IP addresses of devices to the public IP address when they access the internet.
  • 242. how NAT/IP Masquerading works? Introduction to Linux 1. Devices within the private network send outgoing requests to access resources on the internet. 2. The router or firewall performing NAT replaces the source IP addresses of the outgoing packets with its own public IP address. 3. Responses from external servers are sent back to the router/firewall's public IP address. 4. The router/firewall performs reverse translation, replacing its public IP address with the original private IP address, and forwards the response packet to the appropriate internal device.
  • 243. Packet-Processing Model Introduction to Linux  The packet-processing model refers to the sequence of steps that a network device, such as a router or firewall, follows when processing an incoming or outgoing network packet.  The model outlines the stages involved in handling a packet from the moment it enters the device to the point where it is forwarded or discarded.  While the exact implementation may vary across different network devices
  • 244. General packet-processingmodel Introduction to Linux 1. Packet Reception: The network device receives the incoming packet on one of its interfaces 2. Packet Decapsulation: If the received packet is encapsulated within a data link layer protocol, such as Ethernet, the device decapsulates the packet to extract the network layer protocol packet, such as IP or IPv6. 3. Packet Classification: The device examines the packet's headers to determine its destination and purpose.
  • 245. …Cont’d Introduction to Linux 4. Security Checks: The packet is evaluated for any security-related policies, such as firewall rules, access control lists (ACLs), or intrusion detection/prevention systems. 5. Quality of Service (QoS) Handling: If the device supports QoS, it may apply QoS policies to prioritize or shape the traffic based on predefined rules.. 6. Network Address Translation (NAT): If the packet requires Network Address Translation, such as in the case of private-to-public IP translation, the device performs the necessary modifications to the packet's source or destination IP addresses.
  • 246. …Cont’d Introduction to Linux 7. Routing: The device looks up the packet's destination IP address in its routing table to determine the next-hop interface or the appropriate routing path. 8. Forwarding Decision: Based on the routing lookup, the device makes a forwarding decision, determining the outgoing interface or the appropriate forwarding path for the packet. 9. Packet Forwarding: The device forwards the packet out through the determined interface or path towards its destination. 10. Packet Egress: The packet is transmitted out of the device's interface onto the network medium for delivery to the next hop or the final destination.
  • 248. Intrusion Detection Introduction to Linux  Intrusion Detection is a security mechanism designed to detect and respond to unauthorized or malicious activities on a computer system or network.  It involves monitoring network traffic, system logs, and other data sources to identify potential security breaches or abnormal behavior.
  • 249. Different Types Intrusion  Unauthorized Access o This occurs when an attacker gains unauthorized access to a system or network without proper authentication or permissions.  Denial of Service (DoS) o In a DoS attack, the attacker overwhelms a system, network, or service with a flood of traffic or resource requests, making it inaccessible to legitimate users.  Distributed Denial of Service (DDoS) o Similar to DoS, DDoS attacks involve multiple systems or devices working together to overwhelm a target with an enormous amount of traffic.  The attacker controls a botnet (a network of compromised devices) to launch the attack. Introduction to Linux
  • 250. …Cont’d  Malware Attacks o Malware refers to malicious software designed to gain unauthorized access, disrupt system operations, or steal sensitive information.  Common types of malware include viruses, worms, Trojans, ransomware, spyware, and adware.  Malware can be distributed through email attachments, malicious websites, infected software, or removable media. Introduction to Linux
  • 251. …Cont’d  Phishing and Social Engineering  Phishing involves tricking individuals into revealing sensitive information, such as login credentials or financial details, by impersonating a trusted entity through fraudulent emails, websites, or messages.  Insider Threats  Insider threats involve individuals within an organization misusing their authorized access to compromise systems, steal data, or cause harm. Introduction to Linux
  • 252. Types of Intrusion Detection(IDS)  Network-based Intrusion Detection System (NIDS) o NIDS monitors network traffic, analyzes network packets, and looks for patterns or signatures associated with known attacks or suspicious activities.  Host-based Intrusion Detection System (HIDS) o HIDS monitors the activities and events occurring on individual host systems. Introduction to Linux Reading Assignment: Linux Intrusion Detection System (LIDS)
  • 254. Overview of Analytical system administration  Analytical system administration explores the use of data analysis and analytical techniques to improve ○system administration processes ○identify performance issues and ○ make informed decisions in managing computer systems and networks.
  • 255. System Observation  System observation refers to the practice of monitoring and observing computer systems and networks to gather information about their  performance,  behavior, and  usage patterns.
  • 256. …Cont’d  System observation can be performed using a variety of techniques and tools, including:  Monitoring Tools  System Logs  Network Monitoring  User Activity Monitoring  Performance Testing
  • 257. …Cont’d  System observation serves several purposes, including  Identifying performance issues and bottlenecks to optimize system performance.  Detecting and mitigating security incidents or abnormal system behavior.  Planning for system capacity and scalability.  Assessing the impact of software or configuration changes on system behavior.  Understanding user behavior and usage patterns to improve user experience.
  • 258. Evaluation methods and problems  Evaluation methods are used to assess the performance, effectiveness, and quality of systems, processes, or solutions.  They provide valuable insights and feedback that can guide decision-making, improvements, and future planning.
  • 259. Common Evaluation Methods ╠ Surveys and Questionnaires  Interviews  Observations  Focus Groups  Case Studies  Usability Testing  Performance Metrics and Key Performance Indicators (KPIs)  Expert Review  Comparative Analysis and Benchmarking ╠ Cost-Benefit Analysis
  • 260. Faults  Faults in the context of system administration refer to unexpected or abnormal conditions that occur within a computer system or network, resulting in system failures, errors, or malfunctions.  Faults can arise from various sources, including  hardware failures,  software bugs,  configuration errors,  network issues,  human error.
  • 261. Common Type of Faults  Hardware Faults  Software Faults  Configuration Faults  Network Faults  Power Faults  Human Errors
  • 262. Deterministic and stochastic Behaviors  Deterministic Behavior  refers to a system or process that produces the same output or result for a given set of inputs or conditions.  In other words, the outcome is completely predictable and follows a specific cause-and-effect relationship.  In a deterministic system, there is no randomness or uncertainty involved, and the same inputs always yield the same outputs.
  • 263. …Cont’d  Examples of deterministic behavior:  Mathematical equations  Programming algorithms  Digital circuits
  • 264. …Cont’d  Stochastic Behavior  refers to a system or process that exhibits randomness or uncertainty in its outcomes.  Unlike deterministic behavior, the same inputs or conditions may result in different outputs.  Stochastic systems involve probabilistic elements and are influenced by random factors, making it impossible to precisely predict the exact outcome.
  • 265. …Cont’d  Examples of Stochastic behavior:  Random number generation  Weather forecasting  Stock market fluctuations In many real-world systems, both deterministic and stochastic elements may be present. Understanding and analyzing the interplay between deterministic and stochastic behavior is essential in many fields, including physics, engineering, computer science, and finance, to make accurate predictions, optimize processes, and manage risks.