570 likes | 742 Views
Chapter 15: Advanced Topics and Troubleshooting. The Complete Guide to Linux System Administration. Objectives. Understand X window system scripts and remote access Implement basic system security Use simple features of common network services
E N D
Chapter 15:Advanced Topics and Troubleshooting The Complete Guide to Linux System Administration
Objectives • Understand X window system scripts and remote access • Implement basic system security • Use simple features of common network services • Troubleshoot common hardware and software problems The Complete Guide to Linux System Administration
X Window System Advanced Configuration • Challenges configuring graphical system are rare due to improvements in: • XFree86 X server • Installation programs The Complete Guide to Linux System Administration
Configuring X • X software normally located in directory /usr/X11R6 • Sometimes called X-root directory • Version 11, release 6 • Configuration file for Red Hat Linux and Fedora called xorg.conf located in /etc/X11 directory • Commercial X servers use different configuration files The Complete Guide to Linux System Administration
Configuring X (continued) • xvidtune program • Adjust finer details of display • Can damage monitor if used carelessly • system-config-display program configures: • Screen resolution • Number of colors The Complete Guide to Linux System Administration
Configuring X (continued) The Complete Guide to Linux System Administration
Using X Window System Start-up Scripts • X Window System starts automatically every time user logs in at graphical prompt • startx command • Start X Window System from command line • Script located in /usr/X11R6/bin • Starts xinit program • Place scripts in user’s home directory to define graphical configuration for user The Complete Guide to Linux System Administration
Using X Window System Start-up Scripts (continued) • Background application • Does not prevent program that started it from going on to other tasks • xinit scripts can start X client then go on to start another • Window manager • Responsible for controlling graphical screen • Started last by xinit The Complete Guide to Linux System Administration
Using X Window System Start-up Scripts (continued) The Complete Guide to Linux System Administration
Adjusting the Display of Graphical Applications • X resource • Separate screen elements such as: • Scroll bars • Text fonts • Mouse pointers • Title bars for windows or dialog boxes • Collection of default X resource settings applies to all X applications The Complete Guide to Linux System Administration
Adjusting the Display of Graphical Applications (continued) • Resource database file • Settings apply only when specific user runs specific application • Main file app-defaults located at /usr/X11R6/lib/X11 • User’s home directory can contain additional settings • .Xresources • .Xdefaults The Complete Guide to Linux System Administration
Adjusting the Display of Graphical Applications (continued) • xrdb command • Loads initial X database resource file • Adds resource configuration details from files • xrdb -load $HOME/.Xresources • xfontsel command • See fonts supported by X Window System • xset command • Adjust behavior of X to suit preferences The Complete Guide to Linux System Administration
Using a Graphical Login Screen • Most Linux distributions start in run level 5 • Graphical environment • xdm program • Graphical login screen provided by X display manager • Versions specific to KDE and GNOME called: • kdm • Gdm • Session defines set of graphical programs to run when user logs in The Complete Guide to Linux System Administration
Using a Graphical Login Screen (continued) • Xsession file specifies which programs started by particular session name • xdm executes file /etc/x11/xdm/Xsession to determine which X clients to run • Xsession file • Placed in user home directory • Controls which sessions specific user has available • /etc/X11/xdm subdirectory files configure features of xdm The Complete Guide to Linux System Administration
Using a Graphical Login Screen (continued) • Any type of computer can run X server • Graphical application decides which X server to use • By default uses X server on same computer • Specify different server • DISPLAY environment variable • Add display option to command • Configuring remote display security • X server on remote host configured to allow other computers to display programs there The Complete Guide to Linux System Administration
Using a Graphical Login Screen (continued) • xhost command specifies name of remote computer permitted to use local X server • Insecure • xauth command restricts access to users on remote system who have specific token • Commonly called cookie • MIT magic cookie The Complete Guide to Linux System Administration
Using a Graphical Login Screen (continued) • .Xauthority files • Stored in user’s home directory • User-to-user security system • Remote graphical login • Log in to Linux system, use graphical environment as if sitting at Linux system • Uses XDMCP The Complete Guide to Linux System Administration
Displaying X Clients Remotely • X protocol • X Window System uses own protocol to communicate between X server and each X client • Can be used over network connections The Complete Guide to Linux System Administration
Displaying X Clients Remotely (continued) The Complete Guide to Linux System Administration
Security Issues:The Structure of a Secure Network • Security divided into areas: • Physical security • User security • File security • Network security The Complete Guide to Linux System Administration
Types of Security Attacks • Password cracking • Trojan horse • Buffer overflow attacks • Denial-of-service (DoS) • Port scanning • Packet sniffing The Complete Guide to Linux System Administration
Security Tools • nmap • Most widely used port-scanning utility • Can use variety of different scanning methods • nmap -ss www.myplace.net • nmapfe utility • Graphical interface • IPTraf program • Popular tool for viewing network activity on LAN The Complete Guide to Linux System Administration
Security Tools (continued) • tcpdump utility • Similar to IPTraf program • Also includes more detailed information about packets on network • Ethereal • One of the best packet-sniffing tools • Network traffic analysis tool The Complete Guide to Linux System Administration
Security Tools (continued) • Intrusion detection system (IDS) watches network for activity that may indicate attacker is looking for way to enter server • Linux Intrusion Detection System (LIDS) • Adds module to Linux kernel • Blocks access to resources for all users except as configured by LIDS The Complete Guide to Linux System Administration
Security Tools (continued) • Security audit • Review or test of how secure system really is • What needs to be done to improve its security • Security Administrator’s Integrated Network Tool (SAINT) utility • Uses Web browser interface to manage “attack” on network • Reports vulnerabilities it finds The Complete Guide to Linux System Administration
Viruses and Worms • Security threats designed to replicate themselves once installed on system • Virus tries to replicate as part of another program • Worm attempts to infiltrate other systems on its own • Linux rarely subject of virus attacks • Worms pose greater threat than viruses The Complete Guide to Linux System Administration
Security Organizations • CERT Coordination Center (CERT/CC) • U.S. Federal government-funded software engineering institute • Maintains lists of security vulnerabilities, alerts, incident reports • System Administration, Networking, and Security (SANS) Institute • Education and research organization • Visiting web site www.sans.org The Complete Guide to Linux System Administration
Security Organizations (continued) • Global Information Assurance Certification (GIAC) program • Certification program for security professionals from SANS The Complete Guide to Linux System Administration
Using Network Services • Most network services installed by default • Controlled using script in /etc/rc.d/init.d directory or using service command The Complete Guide to Linux System Administration
Using NetFilter for Firewalls • Firewall • Hardware device or software program that prevents unintended network access • Packet filter • Firewall that examines each packet • Decides how to process it based on firewall rules • NetFilter defines rules in IP tables The Complete Guide to Linux System Administration
Using NetFilter for Firewalls (continued) • Packet stages • Input • Forward • Output • iptables command creates and manages firewall rules • Rules executed in order defined in chain The Complete Guide to Linux System Administration
Using NetFilter for Firewalls (continued) • Network address translation (NAT) • Routing technique • Alters addresses or other information in packet • IP masquerading • Type of network address translation • Packets from many computers on LAN altered to appear as if they came from single computer The Complete Guide to Linux System Administration
Using NetFilter for Firewalls (continued) • system-config-securitylevel program sets up reasonable rules based on: • How secure system should be • Specific protocols to leave more open • Other graphical firewall programs that use IP tables • Firestarter • Mason • KMyFirewall • GuardDog The Complete Guide to Linux System Administration
Setting Up a DNS Name Server • Root name servers • DNS servers designated as starting point for DNS queries • Master DNS server or primary DNS server • Provides information on domain • Slave DNS server or secondary DNS server • Contains backup copy of DNS information • Named • Daemon that implements DNS The Complete Guide to Linux System Administration
Setting Up a DNS Name Server (continued) • Caching name server • Queries other DNS servers and caches results • Zone • DNS server maintains information for at least part of domain • Zone information files • Define host names and corresponding IP addresses • rndc utility • Control named daemon from command line The Complete Guide to Linux System Administration
Setting Up a DNS Name Server (continued) • dig utility • Query any DNS server • whois • Information about organization that registered domain name The Complete Guide to Linux System Administration
File Sharing with NFS • Work with hard disks located all over local network ss if part of local directory structure • NFS protocol implemented by several daemons • rpc.mountd • nfsd • rpc.rquotad • rpc.statd The Complete Guide to Linux System Administration
File Sharing with NFS (continued) • /etc/exports file defines which local directories should be accessible to remote users • exportfs command activates contents of /etc/exports • Squashing prevents user from gaining access to user account on NFS server because user has same ID on NFS client The Complete Guide to Linux System Administration
Setting Up a Samba Server • Samba suite • File and print sharing using SMB and CIFS protocols • Server daemons • nmbd • smbd • smb.conf • Main configuration file The Complete Guide to Linux System Administration
Setting Up a Samba Server (continued) • Common to allow everyone with Linux user account to log in via Samba • SWAT • Graphical configuration tool for Samba • Runs as network service managed by superserver • Access SWAT: http//localhost:901/ The Complete Guide to Linux System Administration
Creating a Proxy Server with Squid • Proxy server • Lets one server make request for another server • Done to improve efficiency and security of network • Squid requires significant configuration before use • In file /etc/squid/squid.conf • Transparent proxy redirects network packet based on port to which packet addressed The Complete Guide to Linux System Administration
Creating a Linux Web Server with Apache • Daemon named httpd • Control with apachectl program • /etc/httpd/conf directory • Configuration files • Many features implemented as loadable modules • Container activates other directives only if condition is met or only within particular context The Complete Guide to Linux System Administration
Configuring a Basic E-mail Server • Mail Transfer Agent (MTA) moves mail between e-mail servers • Mail Delivery Agent (MDA) examines messages and delivers them to user’s mailbox file • Mail User Agent (MUA) lets user: • View messages stored in mailbox • Create new messages The Complete Guide to Linux System Administration
Configuring a Basic E-mail Server (continued) • sendmail • Most widely known e-mail server • Managed using standard script in /etc/rc.d/init.d • /etc/sendmail.cf • Configuration file • Considered to be single most difficult Linux configuration file to master • m4 program • Configure sendmail The Complete Guide to Linux System Administration
Configuring a Basic E-mail Server (continued) • E-mail alias • Another name that can deliver e-mail messages to user • Configured in sendmail with /etc/aliases file • Monitor sendmail • /var/log/maillog file • hoststat • mailq • mailstats The Complete Guide to Linux System Administration
Using Superservers for Network Services • Superserver • Listens on multiple network ports and starts appropriate service when client connection arrives for port • Programs • inetd • xinetd The Complete Guide to Linux System Administration
Using Superservers for Network Services (continued) • tcpd • TCP wrappers • Examines incoming network connection • Compares it to configuration file to determine whether connection allowed • Configured by • /etc/hosts.allow • /etc/hosts.deny The Complete Guide to Linux System Administration
Troubleshooting and Recovery • Having appropriate methodology makes it easier to locate and fix problems • Basic methodology for troubleshooting • What system or service is causing the problem? • Can I eliminate other possible causes to limit the scope of the problem? The Complete Guide to Linux System Administration
Troubleshooting Linux Installation • Installation program doesn’t boot • Boot disk created incorrectly • Bios configured to start operating system from hard disk without first checking floppy disk or CD-ROM • Installation program not able to detect video card The Complete Guide to Linux System Administration
Troubleshooting Linux Installation (continued) • After Linux installed system doesn’t boot • Another boot manager installed in MBR • Trouble identifying hardware on system that was not detected during installation process • Graphical interface doesn’t work • Some video cards not supported by XFree86 • Supported by commercial X Window System products The Complete Guide to Linux System Administration