LINUX ADMINISTRATION TYBSC-IT SEM V

Similar documents
TCP Wrapper. Provides host-based access control to network services

TELE 301 Lecture 8: Post

10 Defense Mechanisms

Xinted. 1.1 Brief introduction. 1.2 Configuration of Xinetd

NETWORK CONFIGURATION AND SERVICES. route add default gw /etc/init.d/apache restart

CSE 265: System and Network Administration

RFC RFC. Configuring FTP Server. FTP Clients

INSE 6130 Operating System Security

Services and Security

TCP wrappers and IP filtering (UKERNA security workshop)

7 Distributed File Systems

1. Add these options in kernel configuration file and recompile the kernel

Preface to the First Edition Preface to the Second Edition Acknowledgments UNIX Operating System Environment p. 1 UNIX: Past and Present p.

Securing Linux Systems Before Deployment

Ubuntu Sever Administration. Duration:40 Hrs

Networking Operating Systems (CO32010)

Introduction to UNIX/LINUX Security. Hu Weiwei

FreeBSD Security Advisories (1)

Security for All Jaqui Lynch

Protocol Filters APPENDIX

OPERATING SYSTEMS. Božo Krstajić, PhD, University of Montenegro Podgorica.

Application Layer: OSI and TCP/IP Models

TCP, UDP Ports, and ICMP Message Types1

Linux Network Administration

Addresses, Protocols, and Ports Reference

FreeBSD Security Advisories

Exam Questions SY0-401

FreeBSD Security Advisories

Linux Administration

LPI202 - LPIC-2 Exam Prep (Course 2) (LPI202) HL966S

Security Policy Document Version 3.3. Tropos Networks

14. Configuring Telnet in Knoppix

Network-Based Application Recognition

EXAMGOOD QUESTION & ANSWER. Accurate study guides High passing rate! Exam Good provides update free of charge in one year!

Cisco WAAS Software Command Summary

VB Socket Visual Basic socket implementation

Nessus Scan Report. Hosts Summary (Executive) Hosts Summary (Executive) Mon, 15 May :27:44 EDT

Practical Magic with SSH. By David F. Skoll Roaring Penguin Software Inc. 1 February

Course Outline: Linux Professional Institute-LPI 202. Learning Method: Instructor-led Classroom Learning. Duration: 5.00 Day(s)/ 40 hrs.

Processes are subjects.

HP HP-UX Networking and Security. Download Full Version :

Linux+ Guide to Linux Certification, Third Edition. Chapter 12 Network Configuration

Global Information Assurance Certification Paper

Network Working Group. Category: Informational July 1997

Unix Security Guidelines This document is a general overview of the security considerations for a Unix based server implementation.

Introduction to Linux Workshop 2. The George Washington University SEAS Computing Facility

Linux Networking: network services

TCP/IP Filtering. Main TCP/IP Filtering Dialog Box. Route Filters Button. Packet Filters Button CHAPTER

RHCSA BOOT CAMP. Network Security

TELNET is short for Terminal Network Enables the establishment of a connection to a remote system, so that the local terminal appears to be the

Project 4: Penetration Test

Cluster Computing Spring 2004 Paul A. Farrell

Context Based Access Control (CBAC): Introduction and Configuration

Project #4: Implementing NFS

Linux Security & Firewall

Global Information Assurance Certification Paper

LPI102 EXAM PREPARATION LPIC-1 (LINUX PROFESSIONAL INSTITUTE)

RedHat Certified Engineer

Paranoid Penguin rsync, Part I

Support for policy-based routing applies to the Barracuda Web Security Gateway running version 6.x only.

Why Firewalls? Firewall Characteristics

VII. Corente Services SSL Client

The Internet: what it looks like, how it works, and how it is abused

IBM AIX Operating System Courses

Overview of Kerberos(I)

Project #6: Using ssh, scp and sftp with Key-Based Authentication

InterWorx Server Administrator SSH Guide. by InterWorx LLC

Ethernet / TCP-IP - Training Suite Application level protocols

netcat Johannes Franken

How to Use This Lab Manual

Fundamentals of Linux Platform Security

Software Engineering 4C03 Answer Key

TELE301 Lab16 - The Secure Shell

LOMBA KETERAMPILAN SISWA

1 of 5 5/19/05 9:48 AM

Cluster Computing Spring 2004 Paul A. Farrell 4/25/2006. Dept of Computer Science Kent State University 1. Configuring & Tuning Cluster Networks

Replacing Windows Servers with Linux

Specialized Security Services, Inc. REDUCE RISK WITH CONFIDENCE. s3security.com

Laboratory assignment 5 Sunscreen firewall Applied Computer Security B, 5p DTAB80

Cryptography Application : SSH. 7 Sept 2017, Taichung, Taiwan

OPERATING SYSTEMS LINUX

Extended ACL Configuration Mode Commands

Admin Guide ( Unix System Administration )

SCS3004 Networking Technologies Application Layer Protocols

UNIVERSITY OF MUMBAI OCTOBER 2014 LINUX ADMINISTRATION

Introduction to Firewalls using IPTables

Lecture 08: Networking services: there s no place like

Addresses, Protocols, and Ports

Security Design in. Avaya Aura Presence Services. Release 5.2. Issue 1

Security. Advanced Operating Systems and Virtualization Alessandro Pellegrini A.Y. 2017/2018

Master Informatique NetArch Network Architecture. NetArch - Lab n 2. Application Layer (1): Telnet, SSH, FTP, TFTP and Web

Introduction to Networking

Ftp Command Line Manual Windows Username Password Linux

Latest IT Exam Questions & Answers

Configuration Examples

Telnet/SSH. Connecting to Hosts. Internet Technology 1

J.K. MANDAL. Dean, Faculty of Engineering, Technology & Management Professor, Department of Computer Science & Engineering University of Kalyani

Introduction to TCP/IP

Int ernet w orking. Internet Security. Literature: Forouzan: TCP/IP Protocol Suite : Ch 28

Installation Manual InfraManage.NET Installation Instructions for Ubuntu

Transcription:

1 LINUX ADMINISTRATION TYBSC-IT SEM V

2 UNIT 4

CHAPTER 1 : INTERNET SERVICES WHAT IS AN INTERNET SERVICE? Internet Service can be defined as any service that can be accessed through TCP/IP based networks, whether an internal network (Intranet) or external network (Internet) Internet services can be provided through either secure or non-secure TCP/IP connections. Common services are Telnet, FTP, SMTP, HTTP, ICMP, ARP, DNS, ssh, scp, sftp, and others. 3

Secure Services Plain text traffic is extremely easyto eavesdrop on by anyone Since the Internet has exploded in popularity, running insecure services such as these is not a good idea. That s why secure replacements have been developed These replacements provide stronger Authentication controls and encrypt all their traffic to keep your data safe. 4

Ssh Secure Shell, also known as ssh, is a secure telnet replacement that encrypts all traffic, including passwords, using a public/private encryption key exchange protocol. ssh vnavrat@woolf.xena.edu you start ssh, it asks for your password, and then you have a regular terminal screen. 5

scp Secure Copy, also known as scp, is part of the ssh package. It is a secure alternative to rcp and ftp You can scp files to any machine that has an ssh daemon running 6

sftp Secure File Transfer Program, also known as sftp, is an FTP client that performs all its functions over ssh. The syntax for sftp is sftp user@host:file file 7

Less Secure Services These are insecure services that should not be used, since they trust that the network is absolutely secure. telnet Telnet is an application that s available almost everywhere. All telnet traffic, including passwords, is sent in plain text. [vnavrat@buffy vnavrat]$ telnet xena Trying 127.0.0.1... Connected to xena. Escape character is ^]. Welcome to null.xena.edu login: 8

Rsync rsync is an unencrypted file transfer program that is similar to rcp. Differences between two sets of files on two machines to be transferred across the network. Rsh rsh is an unencrypted mechanism to execute commands on remote hosts. rsh remotehostname remotecommand rlogin rlogin is a remote login program that connects your terminal to a remote machine s terminal. Finger finger enables users on remote systems to look up information about users on another system. Generally finger displays a user s login name, real name, terminal name, idle time, login time, office location, and phone number. 9

talk and ntalk Talk and ntalk are real-time chat protocols. The talk server runs on port 517 The ntalk server runs on port 518. 10

USING YOUR LINUX MACHINE AS A SERVER http The most common Web server used on Linux is Apache configuration files live in /etc/httpd/conf/. Sshd The secure shell daemon (sshd) is started out of the system s rc scripts. global system configuration files are in /etc/ssh user s ssh configuration files are in $HOME/.ssh/. 11

Ftpd The FTP daemon uses ports 20 and 21 to listen for and initiate FTP requests Its configuration files ftpaccess ftpconversions ftpgroups ftphosts ftpusers located in the /etc directory. dns The Domain Name Service (DNS), which maps IP addresses to hostnames, It is served by the named program on port 53. Its configuration file is named.conf in the /etc directory. 12

The Inetd Server inetd is called an Internet superserver. It is launched at boot time, and listens for connections on network sockets. It checks the inetd.conf file to see what services should be running. It then reads the /etc/services file to see what ports those services should be running on. Xinetd xinetd is a replacement for inetd, that adds more security and functionality. great reason to run xinetd is that it can run alongside inetd inetd and xinetd behave the same way 13

INETD AND XINETD 14

SERVICES ARE SPAWNED FROM SUPERSERVERS SUCH AS INETD AND XINETD 1. chargen random character generator that sends its traffic over tcp 2. daytime-udp gives you the time over udp 3. finger user information lookup program 4. kshell restricts user access to the shell 5. rlogin service similar to telnet, but enables trust relationships between machines 6. swat Samba Web Administration Tool 7. time gives you the time 8. chargen-udp random character generator that sends its traffic over udp 9. echo echoes back all characters sent to it over tcp 10. gssftp kerberized FTP server 15

11. rsh remote shell 12. talk a talk (real-time chat) server 13. time-udp gives you the time over udp 14. comsat notifies users if they have new mail 15. echo-udp echoes back all characters sent to it over udp 16. klogin kerberos s answer to rlogin 17. ntalk a talk (real-time chat) server 18. rsync remote file transfer protocol 19. telnet telnet server 20. wu-ftpd an ftp server 21. daytime gives you the time over tcp 22. eklogin encrypting kerberized rlogin server 16

23. krb5-telnet kerberized telnet server 24. rexec provides remote execution facilities 25. sgi_fam file monitoring daemon 26. tftp trivial file transfer program 17

STAND-ALONE SERVICES These services are started from the rc scripts specifically written for them in the rc directories. You can enable or disable these services from those directories. 18

1. apache Web server 2. sshd ssh server 3. sendmail mail server 4. qmail mail server 5. postfix mail server 6. thttpd semilightweight Web server 7. boa lightweight Web server 8. named dns server 9. xfs X font server 10. xdm X display manager 19

11. portmap maps RPC services to ports 12. rpc.quotad serves quota information 13. knfsd userspace portion of the NFS daemon 14. rpc.mountd NFS mount server 15. rpc.ypbind NIS server 16. squid Web proxy server 17. nessusd penetration testing server 18. postgresql database server 19. mysql database server 20. oracle database server 20

LINUX FIREWALL PACKAGES Linux provides a few different mechanisms for system security. One of these mechanisms is Linux s firewall packages. Two of the firewalling packages available are tcpwrappers and ipchains. tcp-wrappers is a minimalistic packet filtering application to protect certain network ports ipchains is a packet filtering firewall. 21

TCP wrappers works only on programs that are started from inetd. An inetd.conf without tcp-wrappers would look like this: telnet stream tcp nowait root /usr/sbin/in.telnetd in.telnetd An inetd.conf with tcp-wrappers looks like this: telnet stream tcp nowait root /usr/sbin/tcpd in.telnetd 22

WHAT DOES WITH AND WITHOUT WRAPPER MEANS If your system does not have TCP Wrappers built in your configuration will have to use the tcpd program that is part of TCP Wrappers to wrap inetd services. In order to wrap an inetd service.you simply change its entry in /etc/inetd.conf so that tcpd is executed telnet stream tcp nowait root /usr/sbin/in.telnetd in.telnetd telnet stream tcp nowait root /usr/sbin/tcpd in.telnetd In other words, replace the pathname of the daemon with the full path to tcpd, leaving everything else untouched. 23

When inetd starts up, it looks through /etc/inetd. to see what network service connections it should start listening for. tcpd is then called and reads the /etc/hosts.allow file to see if the hostname is allowed. If the hostname is in /etc/hosts.deny, the connection is closed. 24

SYNTAX OF AN ALLOW OR DENY RULE service: hostname : options Add rules host.allow or in host.deny hosts.allow file in.telnetd:.xena.edu : ALLOW To enable only machines from the xena.edu domain to telnet into your machine hosts.deny file in.telnetd:.xena.edu : DENY 25

IPCHAINS ipchains is Linux s built-in IP firewall administration tool Using ipchains enables you to run a personal firewall to protect your Linux machine. If the Linux machine is a routing gateway for other machines on your network, it can act as a packet filtering network firewall if more than one network interface is installed. 26

27 END OF CHAPTER 1

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback