1 / 57

Chapter 15: Advanced Topics and Troubleshooting

Chapter 15: Advanced Topics and Troubleshooting. The Complete Guide to Linux System Administration. Objectives. Understand X window system scripts and remote access Implement basic system security Use simple features of common network services

tex
Télécharger la présentation

Chapter 15: Advanced Topics and Troubleshooting

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Chapter 15:Advanced Topics and Troubleshooting The Complete Guide to Linux System Administration

  2. Objectives • Understand X window system scripts and remote access • Implement basic system security • Use simple features of common network services • Troubleshoot common hardware and software problems The Complete Guide to Linux System Administration

  3. X Window System Advanced Configuration • Challenges configuring graphical system are rare due to improvements in: • XFree86 X server • Installation programs The Complete Guide to Linux System Administration

  4. Configuring X • X software normally located in directory /usr/X11R6 • Sometimes called X-root directory • Version 11, release 6 • Configuration file for Red Hat Linux and Fedora called xorg.conf located in /etc/X11 directory • Commercial X servers use different configuration files The Complete Guide to Linux System Administration

  5. Configuring X (continued) • xvidtune program • Adjust finer details of display • Can damage monitor if used carelessly • system-config-display program configures: • Screen resolution • Number of colors The Complete Guide to Linux System Administration

  6. Configuring X (continued) The Complete Guide to Linux System Administration

  7. Using X Window System Start-up Scripts • X Window System starts automatically every time user logs in at graphical prompt • startx command • Start X Window System from command line • Script located in /usr/X11R6/bin • Starts xinit program • Place scripts in user’s home directory to define graphical configuration for user The Complete Guide to Linux System Administration

  8. Using X Window System Start-up Scripts (continued) • Background application • Does not prevent program that started it from going on to other tasks • xinit scripts can start X client then go on to start another • Window manager • Responsible for controlling graphical screen • Started last by xinit The Complete Guide to Linux System Administration

  9. Using X Window System Start-up Scripts (continued) The Complete Guide to Linux System Administration

  10. Adjusting the Display of Graphical Applications • X resource • Separate screen elements such as: • Scroll bars • Text fonts • Mouse pointers • Title bars for windows or dialog boxes • Collection of default X resource settings applies to all X applications The Complete Guide to Linux System Administration

  11. Adjusting the Display of Graphical Applications (continued) • Resource database file • Settings apply only when specific user runs specific application • Main file app-defaults located at /usr/X11R6/lib/X11 • User’s home directory can contain additional settings • .Xresources • .Xdefaults The Complete Guide to Linux System Administration

  12. Adjusting the Display of Graphical Applications (continued) • xrdb command • Loads initial X database resource file • Adds resource configuration details from files • xrdb -load $HOME/.Xresources • xfontsel command • See fonts supported by X Window System • xset command • Adjust behavior of X to suit preferences The Complete Guide to Linux System Administration

  13. Using a Graphical Login Screen • Most Linux distributions start in run level 5 • Graphical environment • xdm program • Graphical login screen provided by X display manager • Versions specific to KDE and GNOME called: • kdm • Gdm • Session defines set of graphical programs to run when user logs in The Complete Guide to Linux System Administration

  14. Using a Graphical Login Screen (continued) • Xsession file specifies which programs started by particular session name • xdm executes file /etc/x11/xdm/Xsession to determine which X clients to run • Xsession file • Placed in user home directory • Controls which sessions specific user has available • /etc/X11/xdm subdirectory files configure features of xdm The Complete Guide to Linux System Administration

  15. Using a Graphical Login Screen (continued) • Any type of computer can run X server • Graphical application decides which X server to use • By default uses X server on same computer • Specify different server • DISPLAY environment variable • Add display option to command • Configuring remote display security • X server on remote host configured to allow other computers to display programs there The Complete Guide to Linux System Administration

  16. Using a Graphical Login Screen (continued) • xhost command specifies name of remote computer permitted to use local X server • Insecure • xauth command restricts access to users on remote system who have specific token • Commonly called cookie • MIT magic cookie The Complete Guide to Linux System Administration

  17. Using a Graphical Login Screen (continued) • .Xauthority files • Stored in user’s home directory • User-to-user security system • Remote graphical login • Log in to Linux system, use graphical environment as if sitting at Linux system • Uses XDMCP The Complete Guide to Linux System Administration

  18. Displaying X Clients Remotely • X protocol • X Window System uses own protocol to communicate between X server and each X client • Can be used over network connections The Complete Guide to Linux System Administration

  19. Displaying X Clients Remotely (continued) The Complete Guide to Linux System Administration

  20. Security Issues:The Structure of a Secure Network • Security divided into areas: • Physical security • User security • File security • Network security The Complete Guide to Linux System Administration

  21. Types of Security Attacks • Password cracking • Trojan horse • Buffer overflow attacks • Denial-of-service (DoS) • Port scanning • Packet sniffing The Complete Guide to Linux System Administration

  22. Security Tools • nmap • Most widely used port-scanning utility • Can use variety of different scanning methods • nmap -ss www.myplace.net • nmapfe utility • Graphical interface • IPTraf program • Popular tool for viewing network activity on LAN The Complete Guide to Linux System Administration

  23. Security Tools (continued) • tcpdump utility • Similar to IPTraf program • Also includes more detailed information about packets on network • Ethereal • One of the best packet-sniffing tools • Network traffic analysis tool The Complete Guide to Linux System Administration

  24. Security Tools (continued) • Intrusion detection system (IDS) watches network for activity that may indicate attacker is looking for way to enter server • Linux Intrusion Detection System (LIDS) • Adds module to Linux kernel • Blocks access to resources for all users except as configured by LIDS The Complete Guide to Linux System Administration

  25. Security Tools (continued) • Security audit • Review or test of how secure system really is • What needs to be done to improve its security • Security Administrator’s Integrated Network Tool (SAINT) utility • Uses Web browser interface to manage “attack” on network • Reports vulnerabilities it finds The Complete Guide to Linux System Administration

  26. Viruses and Worms • Security threats designed to replicate themselves once installed on system • Virus tries to replicate as part of another program • Worm attempts to infiltrate other systems on its own • Linux rarely subject of virus attacks • Worms pose greater threat than viruses The Complete Guide to Linux System Administration

  27. Security Organizations • CERT Coordination Center (CERT/CC) • U.S. Federal government-funded software engineering institute • Maintains lists of security vulnerabilities, alerts, incident reports • System Administration, Networking, and Security (SANS) Institute • Education and research organization • Visiting web site www.sans.org The Complete Guide to Linux System Administration

  28. Security Organizations (continued) • Global Information Assurance Certification (GIAC) program • Certification program for security professionals from SANS The Complete Guide to Linux System Administration

  29. Using Network Services • Most network services installed by default • Controlled using script in /etc/rc.d/init.d directory or using service command The Complete Guide to Linux System Administration

  30. Using NetFilter for Firewalls • Firewall • Hardware device or software program that prevents unintended network access • Packet filter • Firewall that examines each packet • Decides how to process it based on firewall rules • NetFilter defines rules in IP tables The Complete Guide to Linux System Administration

  31. Using NetFilter for Firewalls (continued) • Packet stages • Input • Forward • Output • iptables command creates and manages firewall rules • Rules executed in order defined in chain The Complete Guide to Linux System Administration

  32. Using NetFilter for Firewalls (continued) • Network address translation (NAT) • Routing technique • Alters addresses or other information in packet • IP masquerading • Type of network address translation • Packets from many computers on LAN altered to appear as if they came from single computer The Complete Guide to Linux System Administration

  33. Using NetFilter for Firewalls (continued) • system-config-securitylevel program sets up reasonable rules based on: • How secure system should be • Specific protocols to leave more open • Other graphical firewall programs that use IP tables • Firestarter • Mason • KMyFirewall • GuardDog The Complete Guide to Linux System Administration

  34. Setting Up a DNS Name Server • Root name servers • DNS servers designated as starting point for DNS queries • Master DNS server or primary DNS server • Provides information on domain • Slave DNS server or secondary DNS server • Contains backup copy of DNS information • Named • Daemon that implements DNS The Complete Guide to Linux System Administration

  35. Setting Up a DNS Name Server (continued) • Caching name server • Queries other DNS servers and caches results • Zone • DNS server maintains information for at least part of domain • Zone information files • Define host names and corresponding IP addresses • rndc utility • Control named daemon from command line The Complete Guide to Linux System Administration

  36. Setting Up a DNS Name Server (continued) • dig utility • Query any DNS server • whois • Information about organization that registered domain name The Complete Guide to Linux System Administration

  37. File Sharing with NFS • Work with hard disks located all over local network ss if part of local directory structure • NFS protocol implemented by several daemons • rpc.mountd • nfsd • rpc.rquotad • rpc.statd The Complete Guide to Linux System Administration

  38. File Sharing with NFS (continued) • /etc/exports file defines which local directories should be accessible to remote users • exportfs command activates contents of /etc/exports • Squashing prevents user from gaining access to user account on NFS server because user has same ID on NFS client The Complete Guide to Linux System Administration

  39. Setting Up a Samba Server • Samba suite • File and print sharing using SMB and CIFS protocols • Server daemons • nmbd • smbd • smb.conf • Main configuration file The Complete Guide to Linux System Administration

  40. Setting Up a Samba Server (continued) • Common to allow everyone with Linux user account to log in via Samba • SWAT • Graphical configuration tool for Samba • Runs as network service managed by superserver • Access SWAT: http//localhost:901/ The Complete Guide to Linux System Administration

  41. Creating a Proxy Server with Squid • Proxy server • Lets one server make request for another server • Done to improve efficiency and security of network • Squid requires significant configuration before use • In file /etc/squid/squid.conf • Transparent proxy redirects network packet based on port to which packet addressed The Complete Guide to Linux System Administration

  42. Creating a Linux Web Server with Apache • Daemon named httpd • Control with apachectl program • /etc/httpd/conf directory • Configuration files • Many features implemented as loadable modules • Container activates other directives only if condition is met or only within particular context The Complete Guide to Linux System Administration

  43. Configuring a Basic E-mail Server • Mail Transfer Agent (MTA) moves mail between e-mail servers • Mail Delivery Agent (MDA) examines messages and delivers them to user’s mailbox file • Mail User Agent (MUA) lets user: • View messages stored in mailbox • Create new messages The Complete Guide to Linux System Administration

  44. Configuring a Basic E-mail Server (continued) • sendmail • Most widely known e-mail server • Managed using standard script in /etc/rc.d/init.d • /etc/sendmail.cf • Configuration file • Considered to be single most difficult Linux configuration file to master • m4 program • Configure sendmail The Complete Guide to Linux System Administration

  45. Configuring a Basic E-mail Server (continued) • E-mail alias • Another name that can deliver e-mail messages to user • Configured in sendmail with /etc/aliases file • Monitor sendmail • /var/log/maillog file • hoststat • mailq • mailstats The Complete Guide to Linux System Administration

  46. Using Superservers for Network Services • Superserver • Listens on multiple network ports and starts appropriate service when client connection arrives for port • Programs • inetd • xinetd The Complete Guide to Linux System Administration

  47. Using Superservers for Network Services (continued) • tcpd • TCP wrappers • Examines incoming network connection • Compares it to configuration file to determine whether connection allowed • Configured by • /etc/hosts.allow • /etc/hosts.deny The Complete Guide to Linux System Administration

  48. Troubleshooting and Recovery • Having appropriate methodology makes it easier to locate and fix problems • Basic methodology for troubleshooting • What system or service is causing the problem? • Can I eliminate other possible causes to limit the scope of the problem? The Complete Guide to Linux System Administration

  49. Troubleshooting Linux Installation • Installation program doesn’t boot • Boot disk created incorrectly • Bios configured to start operating system from hard disk without first checking floppy disk or CD-ROM • Installation program not able to detect video card The Complete Guide to Linux System Administration

  50. Troubleshooting Linux Installation (continued) • After Linux installed system doesn’t boot • Another boot manager installed in MBR • Trouble identifying hardware on system that was not detected during installation process • Graphical interface doesn’t work • Some video cards not supported by XFree86 • Supported by commercial X Window System products The Complete Guide to Linux System Administration

More Related