Linux Manual for Linux Affirmation, Second Version.


50 views
Uploaded on:
Category: Animals / Pets
Description
and so on/dhcpd.conf document: Configure PC as a DHCP server. Rundown suitable IP address ... what's more, remote PC. Linux Guide to Linux Certification, 2e. 36 ...
Transcripts
Slide 1

Linux+ Guide to Linux Certification, Second Edition Chapter 15 Configuring Network Services and Security

Slide 2

Objectives Identify and arrange basic system administrations Configure steering and firewalls Describe the diverse aspects of Linux security Increase the security of a Linux PC Outline measures that can be utilized to distinguish a Linux security rupture Linux+ Guide to Linux Certification, 2e

Slide 3

Network Services Processes that give some sort of significant administration for customer PCs on system Must recognize sorts and elements of system administrations before they can be designed Important to design system related administrations, for example, directing and firewalls Linux+ Guide to Linux Certification, 2e

Slide 4

Identifying Network Services Port: Number exceptionally recognizing a system administration Ensure that parcels conveyed to legitimate administration Range from 0 to 65534/and so on/administrations document: Lists ports and related convention Well-known port: Ports from 0 to 1024 Used by regular systems administration administrations Linux+ Guide to Linux Certification, 2e

Slide 5

Identifying Network Services (proceeded with) Table 15-1: Common surely understood ports Linux+ Guide to Linux Certification, 2e

Slide 6

Identifying Network Services (proceeded with) Internet Super Daemon (xinetd): Initializes and arranges numerous systems administration administrations Standalone daemons: Daemons ordinarily began at boot-up e.g., Apache Web server Configure themselves without help ntsysv utility can arrange most standalone daemons to begin in different runlevels Linux+ Guide to Linux Certification, 2e

Slide 7

Identifying Network Services (proceeded with) Figure 15-1: Interacting with system administrations Linux+ Guide to Linux Certification, 2e

Slide 8

Configuring Common Network Services Table 15-2: Common system administrations Linux+ Guide to Linux Certification, 2e

Slide 9

Configuring Common Network Services (proceeded with) Table 15-2 (proceeded with): Common system administrations Linux+ Guide to Linux Certification, 2e

Slide 10

Configuring Common Network Services (proceeded with) Table 15-2 (proceeded with): Common system administrations Linux+ Guide to Linux Certification, 2e

Slide 11

Configuring Common Network Services (proceeded with) Table 15-2 (proceeded with): Common system administrations Linux+ Guide to Linux Certification, 2e

Slide 12

Configuring Common Network Services (proceeded with) Table 15-2 (proceeded with): Common system administrations Linux+ Guide to Linux Certification, 2e

Slide 13

Configuring DNS Zone: Portion of DNS controlled by one or more DNS servers Forward query: FQDN set out to IP address Reverse query: IP address made plans to FQDN Linux+ Guide to Linux Certification, 2e

Slide 14

Configuring DNS (proceeded with) Figure 15-2: The DNS query process Linux+ Guide to Linux Certification, 2e

Slide 15

Configuring DNS (proceeded with) Iterative inquiry: Resolved without utilization of top-level DNS servers Recursive question: Resolved with the utilization of top-level DNS servers DNS reserve record: Contains IP locations of top-level DNS servers Linux+ Guide to Linux Certification, 2e

Slide 16

Configuring DNS (proceeded with) Master or essential DNS server: Contains read/compose duplicate of zone Slave or auxiliary DNS server: Contains read-just duplicate of Zone exchange: Copying zone asset records from expert to slave DNS server Linux+ Guide to Linux Certification, 2e

Slide 17

Configuring DNS (proceeded with) Table 15-3: Common zone setup documents Linux+ Guide to Linux Certification, 2e

Slide 18

Configuring DNS (proceeded with) Table 15-3 (proceeded with): Common zone design documents Linux+ Guide to Linux Certification, 2e

Slide 19

Configuring DHCP Send DHCP communicate on system Request IP design data DHCP server leases IP location to customer PC for a timeframe Ensures every customer has one of a kind IP address/and so on/dhcpd.conf document: Configure PC as a DHCP server List proper IP address range for system Linux+ Guide to Linux Certification, 2e

Slide 20

Configuring Apache Most basic Web server Document root catalog: Stores default HTML content for a Web server/var/www/html on Fedora Linux Default archive is index.html/and so forth/httpd/conf/httpd.conf: Default design document Directive: Line inside a design record Linux+ Guide to Linux Certification, 2e

Slide 21

Configuring Apache (proceeded with) Table 15-4: Common httpd.conf orders Linux+ Guide to Linux Certification, 2e

Slide 22

Configuring SaMBa daemon: Emulates SMB convention Windows PCs promote PC names utilizing NetBIOS convention Can utilize NetBIOS name daemon to make and publicize NetBIOS name Connect Windows PCs to Linux server smbpasswd charge: Generate Samba passwords Linux+ Guide to Linux Certification, 2e

Slide 23

Configuring Samba (proceeded)/and so on/samba/smb.conf: Default Samba design document/and so on/rc.d/init.d/smb begin: Start Samba and NetBIOS name daemons Restart if smb.conf changed Linux+ Guide to Linux Certification, 2e

Slide 24

Configuring NFS Create registry containing data to share Edit/and so on/fares record: Add line posting index to be shared and choices Run exportfs –a Update rundown of sent out filesystems Restart the NFS forms Linux+ Guide to Linux Certification, 2e

Slide 25

Configuring FTP Very secure FTP daemon (vsftpd): Packaged with Fedora Linux To design (accepting logon as "user1"): Create index beneath user1\'s home registry to have the documents Ensure user1 possesses index Run/and so on/rc.d/init.d/vsftpd begin Start vsftpd daemon Linux+ Guide to Linux Certification, 2e

Slide 26

Configuring NIS Network Information Service (NIS): Coordinate normal setup records over a few PCs Computers have a place with a NIS space, use NIS guide to get to arrangement data Most usually utilized for watchword databases Linux+ Guide to Linux Certification, 2e

Slide 27

Configuring NIS (proceeded with) Define the NIS area by means of domainname <NIS_ domain_name> summon Add " NISDOMAIN=\'NIS_domain\' " to/and so forth/sysconfig/system document Configure NIS area at boot time Add "space <NIS_domain> server <NIS_server>" to/and so forth/yp.conf document Query particular NIS server Linux+ Guide to Linux Certification, 2e

Slide 28

Configuring the Secure Shell Daemon Secure Shell daemon (sshd): Allows utilization of ssh utility to sign into system servers/and so forth/ssh/sshd_config record: Contains design choices Uses challenge-reaction validation naturally Linux+ Guide to Linux Certification, 2e

Slide 29

Configuring the Secure Shell Daemon (proceeded with) Supported encryption principles: Triple Data Encryption Standard (3DES) Advanced Encryption Standard (AES) Blowfish Carlisle Adams Stafford Tavares (CAST) ARCfour Linux+ Guide to Linux Certification, 2e

Slide 30

Routing and Firewall Services Network administrations not gave altogether by system daemons Provided by Linux piece Do not listen to a specific port Linux+ Guide to Linux Certification, 2e

Slide 31

Routing Route table: Indicates which systems are associated with system interfaces Route summon: Manipulate the course table Multihomed has: Computers with various system interfaces IP sending: Forwarding TCP/IP bundles between systems Routing: Forwarding information parcels between systems Linux+ Guide to Linux Certification, 2e

Slide 32

Routing (kept) Enabling directing: Place number 1 in/proc/sys/net/ipv4/ip_forward document Place "net.ipv4.ip_forward = 1" in/and so forth/sysctl.conf record Linux+ Guide to Linux Certification, 2e

Slide 33

Routing (proceeded with) Large systems may have a few switches course include <route> charge: Add passages to course table course del <route> order: Remove sections from course table Can utilize ip order to add sections to course table Linux+ Guide to Linux Certification, 2e

Slide 34

Routing (proceeded with) Figure 15-3: A specimen steered system Linux+ Guide to Linux Certification, 2e

Slide 35

Routing (proceeded with) Contents of course table lost when PC fueled off Add to/and so forth/rc.d/rc.local document Most switches arranged with a default entryway For parcels tended to goals not in course table traceroute order: Troubleshoot directing Displays switches amongst present and remote PC Linux+ Guide to Linux Certification, 2e

Slide 36

Firewall Services netfilter/iptables: Used to make a firewall Discard system parcels as per chains of guidelines Chains: Specify general kind of system activity to apply tenets to Rules: Match system movement to be permitted or dropped Linux+ Guide to Linux Certification, 2e

Slide 37

Firewall Services (proceeded with) Three chain sorts: INPUT chain: Incoming parcels FORWARD chain: Packets going through PC OUTPUT chain: Outgoing parcels iptables summon: Creates rules for a chain Linux+ Guide to Linux Certification, 2e

Slide 38

Firewall Services (proceeded with) Table 15-5: Common iptables orders Linux+ Guide to Linux Certification, 2e

Slide 39

Security Linux frameworks commonly accessible crosswise over systems, for example, the Internet Should enhance neighborhood and system security Understand how to identify interlopers who break the framework Linux+ Guide to Linux Certification, 2e

Slide 40

Securing the Local Computer Limit access to PC itself Prevent pernicious clients from getting to documents Server storage room: Secured space to store servers Remove floppy and CD-ROM gadgets from workstations Ensure BIOS keeps booting from USB ports Linux+ Guide to Linux Certification, 2e

Slide 41

Securing the Local Computer (proceeded) Ensure BIOS secret word is Set boot loader secret word in LILO or GRUB design record Limit access to graphical desktops and shells Minimize root client\'s opportunity signed in Linux+ Guide to Linux Certification, 2e

Slide 42

Securing the Local Computer (proceeded) nohup charge: Prevents different orders from leaving when guardian process killed su (switch client) order: Switch current client record to another sudo com