1 / 67

SUSE Linux Enterprise Server Administration (Course 3037)

SUSE Linux Enterprise Server Administration (Course 3037). Chapter 9 Enable Internet Services. Objectives. Configure SUSE Linux Enterprise Server Time Enable a Web Server (Apache) Enable the Extended Internet Daemon (xinetd) Enable an FTP Server. Configure SUSE Linux Enterprise Server Time.

clea
Download Presentation

SUSE Linux Enterprise Server Administration (Course 3037)

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. SUSE Linux Enterprise Server Administration (Course 3037) Chapter 9 Enable Internet Services

  2. Objectives • Configure SUSE Linux Enterprise Server Time • Enable a Web Server (Apache) • Enable the Extended Internet Daemon (xinetd) • Enable an FTP Server SUSE Linux Enterprise Server Administration (Course 3037)

  3. Configure SUSE Linux Enterprise Server Time • Objectives • SUSE Linux Enterprise Server Time Overview • How to Synchronize Time with hwclock and netdate • What Network Time Protocol (NTP) Is • How to Synchronize Time with NTP SUSE Linux Enterprise Server Administration (Course 3037)

  4. SUSE Linux Enterprise Server Time Overview • Hardware clock and system clock • Hardware clock • Runs independently of any control program • Part of the ISA standard • Also called the BIOS clock or CMOS clock • System time • Time kept by a clock inside the Linux kernel • Driven by a timer interrupt • Number of seconds since 00:00:00 January 1, 1970, UTC • Synchronized to the hardware clock when Linux first starts SUSE Linux Enterprise Server Administration (Course 3037)

  5. SUSE Linux Enterprise Server Time Overview (continued) • Hardware clock and system clock (continued) • date and adjtimex commands • Adjust system time • ntpd • Regulates the system clock • hwclock command • Sets the hardware clock • Linux kernel maintains local time zone for the system SUSE Linux Enterprise Server Administration (Course 3037)

  6. SUSE Linux Enterprise Server Time Overview (continued) • GMT (UTC) and local time • UTC (Universal Time Coordinated) • Also referred to as GMT (Greenwich mean time) • Variable HWCLOCK in /etc/sysconfig/clock has the value -u • Local time • Variable HWCLOCK has the value --localtime • Time configuration files • Current time (system time) is calculated using variable TIMEZONE • In the file /etc/sysconfig/clock SUSE Linux Enterprise Server Administration (Course 3037)

  7. SUSE Linux Enterprise Server Time Overview (continued) • Time configuration files (continued) • Directory /usr/share/zoneinfo/ • Database of all time zones • cat /proc/driver/rtc • Displays the hardware clock time SUSE Linux Enterprise Server Administration (Course 3037)

  8. How to Synchronize Time with hwclock and netdate • How to use hwclock • Tool for accessing the hardware clock • Displays the current time • Sets the hardware clock to a specified time • Sets the hardware clock to the system time • Sets the system time from the hardware clock • Run hwclock periodically • To insert or remove time from the hardware clock • Uses device special file /dev/rtc SUSE Linux Enterprise Server Administration (Course 3037)

  9. How to Synchronize Time with hwclock and netdate (continued) SUSE Linux Enterprise Server Administration (Course 3037)

  10. How to Synchronize Time with hwclock and netdate (continued) • How to use netdate • Sets up the system time once only • Syntax: netdate timeserver1 timeserver2. . . • timeserverrepresents a time server on a network • netdate client compares server times with its own time • Time differences are sorted into groups and used to update time on the local server • Syntax: netdate time_source • Synchronizes time to a specific external time source • hwclock --systohc or hwclock –w • Sets the hardware clock to the system clock time SUSE Linux Enterprise Server Administration (Course 3037)

  11. What Network Time Protocol (NTP) Is • NTP • Industry standard protocol • Uses UDP on port 123 to communicate between time providers and time consumers • NTP time provider • Server that provides NTP time • NTP time consumer • Seeks NTP time from an NTP time provider • NTP synchronizes clocks to the UTC standard • Keeps track of consistent time variations SUSE Linux Enterprise Server Administration (Course 3037)

  12. What Network Time Protocol (NTP) Is (continued) • Stratum • Designation of the location of servers in NTP tree hierarchy • NTP daemon (xntpd) • Used by server and client to give and obtain time • Designed to adjust time continuously • Regularly correcting local computer clock on the basis of collected correction data • Continuously correcting local time with the help of time servers in the network • Enabling management of local reference clocks SUSE Linux Enterprise Server Administration (Course 3037)

  13. What Network Time Protocol (NTP) Is (continued) SUSE Linux Enterprise Server Administration (Course 3037)

  14. What Network Time Protocol (NTP) Is (continued) • NTP terms • Drift • ntpd measures and corrects for incidental clock frequency error • And writes the current value to a file /etc/ntp/drift • Jitter • Estimated time error of the peer clock • How the NTP daemon works • Automatically synchronizes system time • With a time server on an ongoing basis SUSE Linux Enterprise Server Administration (Course 3037)

  15. What Network Time Protocol (NTP) Is (continued) • How the NTP daemon works (continued) • Correction takes place in small increments • Synchronizations occur about once per minute • Increasing gradually to once per 17 minutes • Slewing • NTP adjustment for small time differences • Stepping • NTP adjustment for large time differences • NTP averages the results of several time exchanges SUSE Linux Enterprise Server Administration (Course 3037)

  16. How to Synchronize Time with NTP • Start NTP from the command line • Start script is /etc/init.d/xntpd • Central configuration file is /etc/ntp.conf • Start NTP daemon using rcxntpd start • Stop NTP daemon using rcxntpd stop • Restart NTP daemon using rcxntpd restart • Check status using rcxntpd status • Start NTP automatically when system boots • insserv /etc/init.d/xntpd SUSE Linux Enterprise Server Administration (Course 3037)

  17. How to Synchronize Time with NTP (continued) • Adjust the time with ntpdate • Perform a one-time update of the client to the server • rcxntpd stop • ntpdate timeserver • hwclock --systohc • rcxntpd start • Configure the NTP server (/etc/ntp.conf) • Add following entries to /etc/ntp.conf server 127.127.1.0 # local clock (LCL) fudge 127.127.1.0 stratum 10 # LCL is unsynchronized SUSE Linux Enterprise Server Administration (Course 3037)

  18. How to Synchronize Time with NTP (continued) • Configure the NTP server (/etc/ntp.conf) (continued) • Entries for current time ## Outside source of synchronized time server ptbtime1.ptb.de server ptbtime2.ptb.de • Synchronization methods • Polling • Broadcasting • Entries including name for the drift file driftfile /var/lib/ntp/drift/ntp.drift logfile /var/log/ntp SUSE Linux Enterprise Server Administration (Course 3037)

  19. How to Synchronize Time with NTP (continued) • Configure an NTP client with YaST • Start YaST NTP Client module • Configure NTP client to start each time you boot your system • Enter an NTP server • Configure your server to synchronize against multiple remote hosts • Or against a locally connected clock (optional) • Configure the NTP client by selecting Finish • Close the YaST Control Center (optional) SUSE Linux Enterprise Server Administration (Course 3037)

  20. How to Synchronize Time with NTP (continued) SUSE Linux Enterprise Server Administration (Course 3037)

  21. How to Synchronize Time with NTP (continued) • Trace the time source with ntptrace • ntptrace • Traces source of time that a time consumer is receiving • Lists • Client name • Its stratum • Its time offset from the local host • Synchronization distance • ID of the reference clock attached to a server • Synchronization distance is a measure of clock accuracy SUSE Linux Enterprise Server Administration (Course 3037)

  22. How to Synchronize Time with NTP (continued) • Query the NTP daemon status • Enter ntpq –d to display information such as: • remote • refid • st • when • poll • reach • delay • offset • jitter SUSE Linux Enterprise Server Administration (Course 3037)

  23. Exercise 9-1 Configure Linux Time with NTP • In this exercise, you do the following: • Part I: Check System Time and Hardware Clock Time • Part II: Enable NTP Client with YaST SUSE Linux Enterprise Server Administration (Course 3037)

  24. Enable a Web Server (Apache) • Objectives • How a Web Server Works • Apache and SUSE Linux Enterprise Server • How to Configure an Apache HTTP Server with YaST SUSE Linux Enterprise Server Administration (Course 3037)

  25. How a Web Server Works • What a Web server is • Software program that runs on a host computer • And delivers files over the Internet • Lets you publish Hypertext Markup Language (HTML) documents • Can also distribute many other types of files • Must be physically connected to a TCP/IP-based network SUSE Linux Enterprise Server Administration (Course 3037)

  26. How a Web Server Works (continued) • How a Web server labels content types • Web browser relies on a Multipurpose Internet Mail Extension (MIME) header • To correctly identify and display document types • More than 360 MIME types are included with the Apache Web server • URL components • Protocol, such as http://, https://, ftp:// • Domain, can be divided into two parts • Resource, specifies full path to the resource SUSE Linux Enterprise Server Administration (Course 3037)

  27. How a Web Server Works (continued) • How a Web server delivers content • Web server works in a client-server relationship • Client programs are usually Web browsers • Client program requests information • Apache then delivers the actual resource • HTML pages can be stored in a directory • Requests and transfers use HTTP • Which is part of the TCP/IP suite of protocols • Commands and data are passed to port 80 • Through a TCP connection SUSE Linux Enterprise Server Administration (Course 3037)

  28. Apache and SUSE Linux Enterprise Server • Installation of Apache packages • Basic installation, select package apache2 • Multiprocessing, install apache2-prefork or apache2-worker • Documentation, install apache2-doc • Development and compilation, install apache2-devel • Activating Apache • Activate it in the runlevel editor • Test Apache entering http://localhost/ in a Web browser SUSE Linux Enterprise Server Administration (Course 3037)

  29. Apache and SUSE Linux Enterprise Server (continued) • Storing Web resource files for Apache • Static Web pages • Place your files in /srv/www/htdocs/ • Custom CGI scripts • Store custom CGI scripts in /srv/www/cgi-bin/ • Log files • Apache writes log messages to /var/log/apache2/access_log SUSE Linux Enterprise Server Administration (Course 3037)

  30. Apache and SUSE Linux Enterprise Server (continued) • Expanding Apache functionality • Apache can execute CGI scripts in diverse programming languages • There are modules for secure data transmission • In Apache2 almost everything is handled by means of modules • Apache 2 does not necessarily need to be a Web server • There is a proof-of-concept POP3 server module based on Apache SUSE Linux Enterprise Server Administration (Course 3037)

  31. Apache and SUSE Linux Enterprise Server (continued) • Security guidelines for Apache Web server • Limit unneeded servers • Limit access to DocumentRoot • Specify subdirectories for user Web content • Keep updated on vulnerabilities SUSE Linux Enterprise Server Administration (Course 3037)

  32. How to Configure an Apache HTTP Server with YaST • Steps • Start the YaST HTTP Server module • Enable the HTTP server by selecting Enabled • Adapt the firewall to the ports where Apache2 listens (optional) • Edit HTTP server settings • View existing HTTP server logs • Save the settings • Close the YaST Control Center (optional) SUSE Linux Enterprise Server Administration (Course 3037)

  33. How to Configure an Apache HTTP Server with YaST (continued) SUSE Linux Enterprise Server Administration (Course 3037)

  34. Exercise 9-2 Enable a Basic Apache Web Server • In this exercise, you do the following: • Part I: Configure an Apache Server • Part II: Test the Apache Server Configuration SUSE Linux Enterprise Server Administration (Course 3037)

  35. Enable the Extended Internet Daemon (xinetd) • Objectives • What inetd Is • How to Configure xinetd with YaST • How to Manage xinetd Manually • How to Configure the TCP Wrapper SUSE Linux Enterprise Server Administration (Course 3037)

  36. What inetd Is • Many services are administered and started through inetd or xinetd • Acts as a mediator of connection requests for a series of services • Advantage • Saving resources (especially memory) • Disadvantage • Delay occurs while the required service is loaded, started, and connected • Use inetd for services that are occasionally needed SUSE Linux Enterprise Server Administration (Course 3037)

  37. How to Configure xinetd with YaST • Steps • Start the YaST Network Services (inetd) module • Enable the inetd super daemon • Configure a service to be administered by inetd • Change the status of all installed services to on or off (optional) • Save the configuration setting and start the inetd (or xinetd) daemon • Close the YaST Control Center (optional) SUSE Linux Enterprise Server Administration (Course 3037)

  38. How to Configure xinetd with YaST (continued) SUSE Linux Enterprise Server Administration (Course 3037)

  39. How to Manage xinetd Manually • Start, stop, and restart xinetd • /etc/init.d/xinetd script started by xinetd • insserv xinetd • Automatically starts xinetd at boot • rcxinetd status • Verify whether daemon is activated or not • rcxinetd start or rcxinetd stop • Manually start and stop the xinetd daemon SUSE Linux Enterprise Server Administration (Course 3037)

  40. How to Manage xinetd Manually (continued) • Configure xinetd • How to Edit the File /etc/xinetd.conf • Default parameters syntax defaults { key operator parameter parameter. . . } • Service syntax service service_name { key operator parameter parameter. . . } • Operators include =, -=, and += SUSE Linux Enterprise Server Administration (Course 3037)

  41. How to Manage xinetd Manually (continued) • Configure xinetd (continued) • How to Edit the File /etc/xinetd.conf • First entry is optional and enables default configurations • Other entries contain configuration for the respective network service • The directory /etc/xinetd.d/ • Holds configuration file for every service • Directive includedir /etc/xinetd.d • Prompts xinetd to interpret all files in this directory • Using separate files improves transparency SUSE Linux Enterprise Server Administration (Course 3037)

  42. How to Manage xinetd Manually (continued) SUSE Linux Enterprise Server Administration (Course 3037)

  43. How to Manage xinetd Manually (continued) • Configure xinetd (continued) • Internal services example # /etc/xinet.d/echo # default: off # description: An echo server. This is the tcp version. service echo { type = INTERNAL id = echo-stream socket_type = stream protocol = tcp user = root wait = no disable = yes } SUSE Linux Enterprise Server Administration (Course 3037)

  44. How to Manage xinetd Manually (continued) SUSE Linux Enterprise Server Administration (Course 3037)

  45. How to Manage xinetd Manually (continued) • Configure access control • Parameters • only_from • Defines which hosts can use which service • no_access • Defines which hosts can be excluded from access • access_time • Defines at which times the service is available • disabled • Completely shuts off a server • Can only be used in the defaults section SUSE Linux Enterprise Server Administration (Course 3037)

  46. How to Manage xinetd Manually (continued) • Configure log files • Record failed and unauthorized connection attempts • Shut off a service but still retain its logging functions • Configure only_from without using any additional parameters • Logging through xinetd is controlled by the log_type statement • Along with the attributes log_on_success and log_on_failure • Log the circumstances of how and why the network service was used SUSE Linux Enterprise Server Administration (Course 3037)

  47. How to Configure the TCP Wrapper • The role of the tcpd daemon • Regulates access to inetd services • Wrapper acts as a filter • Steps • Logs name and address of requesting host • Verifies if the request is permitted • Starts the corresponding daemon • Then the wrapper is deleted from memory • After an authorized server has started • It can accept additional connections • Without consulting the wrapper SUSE Linux Enterprise Server Administration (Course 3037)

  48. How to Configure the TCP Wrapper (continued) • How to configure access controls • Edit /etc/hosts.allow and /etc/hosts.deny files • Files syntax: daemon: host [: option : option ...] • Examples • /etc/hosts.allow: ALL: pluto.example.com ALL EXCEPT vsftpd: mars.example.com vsftpd: andromeda.example.com • /etc/hosts.deny: ALL: ALL SUSE Linux Enterprise Server Administration (Course 3037)

  49. How to Configure the TCP Wrapper (continued) SUSE Linux Enterprise Server Administration (Course 3037)

  50. How to Configure the TCP Wrapper (continued) SUSE Linux Enterprise Server Administration (Course 3037)

More Related