1 / 45

Linux Networking and Security

Linux Networking and Security. Chapter 6. Configuring Major Network Services. Expand the routing capabilities of your Linux server Set up your own DNS name server Configure a basic email server Understand how Linux can excel as a Web server. Dynamic Routing with Routing Protocols.

stockman
Télécharger la présentation

Linux Networking and Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Linux Networking and Security Chapter 6

  2. Configuring Major Network Services • Expand the routing capabilities of your Linux server • Set up your own DNS name server • Configure a basic email server • Understand how Linux can excel as a Web server

  3. Dynamic Routing with Routing Protocols • Static Routing - the routing table in the Linux kernel is assembled by entries in start-up scripts or by user-entered route commands issued to update the routing table • Dynamic Routing - the process of using a specialized routing protocol to build and modify routing tables automatically through a network, based on information shared by the routers

  4. Dynamic Routing with Routing Protocols

  5. Dynamic Routing with Routing Protocols • Interior routing protocols are designed for routing packets among networks within an organization and they route packets based on mathematical models • Exterior routing protocols are designed for routing packets between networks controlled by different organizations and they route packets based on administration policies • All routing protocols communicate between routers to find the most efficient packet route

  6. Routing Information Protocol (RIP) and routed • RIP, an interior routing protocol, is the oldest routing protocol still in common use on smaller or simply-routed networks • RIP defines the best route as that which has the lowest number of routers (hops) to reach the destination network • RIP is implemented using the routed daemon, which is easy to configure and run

  7. Open Shortest Path First (OSPF) and gated • OSPF, an interior routing protocol, is designed to work effectively even in very large networks • OSPF uses a technique called flooding which allows routers to intelligently construct a chart inside the router that defines the best routing paths • OSPF is implemented using the gated daemon, which is not installed by default

  8. Popular Routing Protocols

  9. Setting Up a DNS Name Server • Domain name service (DNS) is central to the Internet • When URLs are entered in a Web browser, a DNS server converts the name to an IP address, allowing the client to send a packet to the Web server as requested • The information in DNS can be thought of as an inverted hierarchical tree, where the top of the tree is called root and is represented by a period • Users typically don’t refer to roots, but to the last part of domain names called top-level domains

  10. Setting Up a DNS Name Server

  11. Setting Up a DNS Name Server

  12. Setting Up a DNS Name Server • Resolving a domain to an IP address using DNS, also called querying the DNS server, stores, or cashes, the conversion information resulting in speedier DNS queries • Each domain has a master DNS server which contains database files that provide IP addresses to every host in that domain • Each domain should have a slave DNS server which acts as a backup to the master

  13. Setting Up a Basic Name Server • The program that implements a DNS server is called named, the name daemon, which is controlled by a system script in /etc/rc.d/init.d • named is found in the BIND package on most Linux systems; selecting the Red Hat Linux name server component provides bind-conf, bind-utils, and caching-nameserver • Caching name servers have no preconfigured domain information, but simply query other DNS servers and cache the results

  14. Setting Up a Basic Name Server • Later versions of BIND use the configuration file /etc/named.conf • This file is divided into five sections: options, controls, three different zones and an include line, which refers to the rndc security file • A zone is a part of the DNS domain tree for which the DNS server has authority to provide information • Zone information is contained in files referred to in named.conf

  15. Setting Up a Basic Name Server • Zone information is important since it is the information that a DNS query seeks • These files contain resource records which hold information about a host within a zone that a client can receive through a query • There are many types of resource records and they have this general format: item-described, time-to-keep-cached, type-of-record, and information-sought

  16. Setting Up a Basic Name Server

  17. Managing the named Server • Once the /etc/named.conf configuration file and the zone information files are set up in /var/named, the named daemon is started by entering /usr/sbin/named • The script used is in /etc/rc.d/init.d • The rndc utility is used to control the name server from a command line without reloading • rndc can operate over a network connection, but is used only locally by default

  18. Using bindconf.gui

  19. Using bindconf.gui

  20. Using bindconf.gui

  21. Using bindconf.gui

  22. Using bindconf.gui

  23. Using Command-line Utilities • It is important to test the DNS server when it is up and running, and using any of the following utilities requests DNS information about a specific hostname or IP address: • host provides a brief response showing the IP address of the hostname specified • nslookup is more complete in that it can be run in interactive mode or from the command line • dig extracts data from the zone information files of DNS servers for domains requested

  24. Using Command-line Utilities • A utility that goes beyond host, nslookup, and dig is nsupdate • nsupdate allows a user to update zone information files dynamically at the command line • nsupdate is an interactive utility, with a separate command prompt • The configuration file /etc/named.conf must be properly updated to allow the use of nsupdate

  25. Using Command-line Utilities

  26. Using Command-line Utilities

  27. Configuring a Basic Email Server • Linux email servers include: sendmail, Qmail, Postfix and smail • Sendmail is the most widely used email server in the world • The sendmail package contains the sendmail daemon • Sendmail is started using a script in /etc/rc.d/init.d • Sendmail is configured using the file /etc/sendmail.cf • Most email administrators prefer to use the m4 program to configure sendmail

  28. Configuring a Basic Email Server

  29. Configuring a Basic Email Server • Email servers use DNS to locate the mail exchanger for a recipient, then hands the message to the sendmail daemon for delivery • Relaying is when sendmail tries to deliver a message that didn’t originate on the same host where sendmail is running • One problem with relaying is that spam email generators use it to hide their origin • Sendmail can be configured to avoid problems such as spamming

  30. Using Forwarding and Aliases • Sendmail maintains a forwarding database that contains handling rules for a user’s email • If a user has moved their principal email account to another server, a line can be added to the forwarding database to redirect their email • Forwarding relying on single domain names for incoming messages can be done using the aliases file /etc/aliases • An email alias is another name that delivers email messages to the user

  31. Watching sendmail Work

  32. Watching sendmail Work

  33. Creating a Linux Web Server • A Web server is a daemon that accepts requests via HTTP and responds with the requested files • The most widely used Web server in the world today is Apache • Apache is included with every standard version of Linux and is usually installed by default • Other Linux Web servers include: Boa, iPlanet, Servertec iServer, Stronghold, Zues

  34. Creating a Linux Web Server • Some of the features that make Apache so popular include: • A regular development cycle • Virtual hosting, which allows a single Web server to provide documents for multiple Web sites • A modular design that allows functionality choices • Many security options and performance tuning settings • A broad support base, despite being free software

  35. Creating a Linux Web Server • Apache is started from the standard script /etc/rc.d/init.d/httpd • Apache configuration files are stored in /etc/httpd/conf • The main configuration file, httpd.conf, contains hundreds of configurations options called directives, that affect global and local operation of Apache

  36. Creating a Linux Web Server • Apache can keep a connection active, or alive, after a file is transferred • Apache uses a master server to spawn additional servers that handle client requests • many features of Apache are implemented as loadable modules where the user defines what their copy of Apache will do by what modules are selected for inclusion

  37. Creating a Linux Web Server • Much of the httpd.conf file is organized into containers, special directives that activate other directives upon certain conditions • Virtual hosting is the feature of Apache that lets a single copy of Apache serve documents for several Web sites • Apache can act as a proxy server, which intercepts requests from clients and forwards them as if they came from the proxy server rather than the original client

  38. Chapter Summary • Routing tables guide the Linux kernel in sending packets to their final destination on distant networks • Interior routing protocols are used within an organization using mathematical algorithms to determine how to route packets • Exterior routing protocols are used for routing packets among organizations, based on policy decisions about which specific sources of routing information are to be trusted - and how much • The routed daemon implements RIP on Linux, but typically only for small networks

  39. Chapter Summary • OSPF is a highly effective interior routing protocol which builds a chart of the status of all routers that it knows of, determining the best route based on a complex mathematical algorithm • The gated daemon supports RIP version 2 with classless addressing, OSPF, and BGP on Linux • DNS is an Internetwide information hierarchy used to provide hostname-to-IP-address matching and IP-address-to-hostname address matching • Queries about a given hostname usually begin with one of the Internet’s root DNS servers

  40. Chapter Summary • A zone is part of a domain about which a particular DNS server is authorized to provide information • Reverse DNS provides a security mechanism that is widely used to prevent unauthorized users from completing queries to various network services • Setting up a simple caching name server to forward DNS queries to another name server makes efficient use of network bandwidth for many small networks • The DNS protocol is implemented in Linux by the named daemon, which is part of the BIND collection of programs

  41. Chapter Summary • Resource records hold information about a host within a zone that clients can receive through queries • The Start of Authority (SOA) record defines how to reach the DNS administrator for a zone • bindconf.gui is one utility used to configure named • The host, nslookup, and dig commands let you query a DNS server from the command line • The nsupdate utility lets you update DNS zone information over a network, on the fly • Popular Linux email servers include sendmail (most popular), Qmail, Postfix, and smail

  42. Chapter Summary • Startup options for sendmail are configured via /etc/sysconfig/sendmail, but sendmail is most often configured through the /etc/sendmail.cf file • Spam is a source of great concern and annoyance to email server administrators, and email servers provide many features to control this problem • Aliases are a popular way to redirect email or create small mailing lists via sendmail • Apache is the most widely used Web server and it is included with all standard distributions of Linux • One copy of Apache is the master server and it controls Apache copies that handle client requests

  43. Chapter Summary • Most functions in Apache are performed by loadable modules, configured using directives in httpd.conf • Apache uses directives to control access to the server on a per-directory basis, and can also host multiple Web sites using virtual hosting directives • Apache supports advanced features like virtual hosting and acting as a proxy server

More Related