iti-481: unix administration meeting 3. today’s agenda hands-on exercises with booting and...
TRANSCRIPT
![Page 1: ITI-481: Unix Administration Meeting 3. Today’s Agenda Hands-on exercises with booting and software installation. Account Management Basic Network Configuration](https://reader036.vdocument.in/reader036/viewer/2022062718/56649e995503460f94b9bbc6/html5/thumbnails/1.jpg)
ITI-481: Unix Administration
Meeting 3
![Page 2: ITI-481: Unix Administration Meeting 3. Today’s Agenda Hands-on exercises with booting and software installation. Account Management Basic Network Configuration](https://reader036.vdocument.in/reader036/viewer/2022062718/56649e995503460f94b9bbc6/html5/thumbnails/2.jpg)
Today’s Agenda
• Hands-on exercises with booting and software installation.
• Account Management
• Basic Network Configuration Setting
• Inetd
• Exercise: Disabling Services with Inetd
![Page 3: ITI-481: Unix Administration Meeting 3. Today’s Agenda Hands-on exercises with booting and software installation. Account Management Basic Network Configuration](https://reader036.vdocument.in/reader036/viewer/2022062718/56649e995503460f94b9bbc6/html5/thumbnails/3.jpg)
Exercise: Using Red Hat Package Manager• Place your Linux CD in your drive - the files on your CD
can be accessed via the directory /mnt/cdrom. You may have to issue the “mountcd” command on your system to mount the CD ROM.
• The RedHat/RPMS directory on your CDROM contains many RPM files.
• Install tcpdump off of the Red Hat CD:> cd /mnt/cdrom/RedHat/RPMS> rpm –ivh tcpdump-3.4-16.i386.rpm
• Uninstall elm software :> rpm -e elm
• Question: Is pine installed on your system? If so, what is the version number?
![Page 4: ITI-481: Unix Administration Meeting 3. Today’s Agenda Hands-on exercises with booting and software installation. Account Management Basic Network Configuration](https://reader036.vdocument.in/reader036/viewer/2022062718/56649e995503460f94b9bbc6/html5/thumbnails/4.jpg)
Exercise: Installing ssh1 from Source
• SSH is a program that allows you to securely access a server from a remote location.
• Download ssh1 from http://iti.rutgers.edu/~chrisjur/software/ssh-1.2.31.tar.gz
• From the download directory:> tar -xvzf ssh-1.2.27.tar.gz > cd ssh-1.2.27>./configure> make> make install
![Page 5: ITI-481: Unix Administration Meeting 3. Today’s Agenda Hands-on exercises with booting and software installation. Account Management Basic Network Configuration](https://reader036.vdocument.in/reader036/viewer/2022062718/56649e995503460f94b9bbc6/html5/thumbnails/5.jpg)
Exercise: Changing Runlevels
• As root, type the following:shutdown –t 30 –h “System Downtime Beginning”
• Hit the power switch on your machine to turn the system back on after the shutdown process is complete (you should see a bash# prompt). NEVER turn power off without a proper shutdown.
• At the LILO prompt, enter “linux 1.” (Linux only)• After booting into single-user mode, type:init 5
![Page 6: ITI-481: Unix Administration Meeting 3. Today’s Agenda Hands-on exercises with booting and software installation. Account Management Basic Network Configuration](https://reader036.vdocument.in/reader036/viewer/2022062718/56649e995503460f94b9bbc6/html5/thumbnails/6.jpg)
Unix System Accounts
• Access to system resources is controlled through user and group assignment.
• Two types of user accounts:– Normal user– Root user
![Page 7: ITI-481: Unix Administration Meeting 3. Today’s Agenda Hands-on exercises with booting and software installation. Account Management Basic Network Configuration](https://reader036.vdocument.in/reader036/viewer/2022062718/56649e995503460f94b9bbc6/html5/thumbnails/7.jpg)
Components for Account Creation
• /etc/password• /etc/shadow• /etc/group• Home Directory (/home/username)• Initialization scripts
(.login, .bash_profile, .cshrc) – copied from /etc/skel
![Page 8: ITI-481: Unix Administration Meeting 3. Today’s Agenda Hands-on exercises with booting and software installation. Account Management Basic Network Configuration](https://reader036.vdocument.in/reader036/viewer/2022062718/56649e995503460f94b9bbc6/html5/thumbnails/8.jpg)
Passwords
• Should always be encrypted– Crypt – up to 8 characters– MD5 – up to 256 characters
• Should be a combination of random letters, numbers, and special characters.
• Stored in /etc/password or /etc/shadow (preferred).
• Can be disabled by putting * in password field.
![Page 9: ITI-481: Unix Administration Meeting 3. Today’s Agenda Hands-on exercises with booting and software installation. Account Management Basic Network Configuration](https://reader036.vdocument.in/reader036/viewer/2022062718/56649e995503460f94b9bbc6/html5/thumbnails/9.jpg)
/etc/password
• Entry format (One Entry Per Line):username:encrypted password:user ID (UID):default group (GID):name (GECOS): home directory:login shell
• Sample entry (no shadow file):kkaplan:boQavhhaCKaXG:500:500:Kellee Kaplan:/home/kkaplan:/bin/tcsh
• Sample entry (with shadow file):kkaplan:x:500:500:Kellee Kaplan:/home/kkaplan:/bin/bash
• Typical file permissions:-rw-r--r-- 1 root root 865 Mar 28 10:44 /etc/passwd
![Page 10: ITI-481: Unix Administration Meeting 3. Today’s Agenda Hands-on exercises with booting and software installation. Account Management Basic Network Configuration](https://reader036.vdocument.in/reader036/viewer/2022062718/56649e995503460f94b9bbc6/html5/thumbnails/10.jpg)
/etc/shadow
• Entry format:login name:encrypted password: other options for password expiration and changing
• Sample entry:kkaplan:$1$iwdVDnei&aBcxvpyYi06qu2wll.MAE.:10987:0:99999:7:-1:-1:134549860
• Typical permissions:-r-------- 1 root root 752 Jan 31 11:45 /etc/shadow
![Page 11: ITI-481: Unix Administration Meeting 3. Today’s Agenda Hands-on exercises with booting and software installation. Account Management Basic Network Configuration](https://reader036.vdocument.in/reader036/viewer/2022062718/56649e995503460f94b9bbc6/html5/thumbnails/11.jpg)
/etc/group
• Entry format:group name:encrypted group password:GID:comma-separated list of group members
• Sample entry:staff:x:103:kkaplan,jsmith,jdoe
![Page 12: ITI-481: Unix Administration Meeting 3. Today’s Agenda Hands-on exercises with booting and software installation. Account Management Basic Network Configuration](https://reader036.vdocument.in/reader036/viewer/2022062718/56649e995503460f94b9bbc6/html5/thumbnails/12.jpg)
Account Management Tools
• Command line– Users: useradd, userdel, usermod,– Groups: groupadd, groupdel, groupmod– Specific fields: passwd, chsh
• Graphical– LinuxConf– Control-panel
![Page 13: ITI-481: Unix Administration Meeting 3. Today’s Agenda Hands-on exercises with booting and software installation. Account Management Basic Network Configuration](https://reader036.vdocument.in/reader036/viewer/2022062718/56649e995503460f94b9bbc6/html5/thumbnails/13.jpg)
Exercise: Account Creation
• Create an entry in /etc/group for a new group called “students:”students:x:103:
• Create an entry by hand in /etc/passwd for an account called student2:student2:x:501:103:Student 2:/home/student2:/bin/bash
• Create an entry for student2 in /etc/shadow. Leave the password field with an * for now:student2:*:::::::
• Use passwd to change the password for the account.• Create a home directory for your new account. Change
ownership of the directory to the username for your new account and set permissions on the directory to 755.
• Login to the student2 account and verify that it is working.
![Page 14: ITI-481: Unix Administration Meeting 3. Today’s Agenda Hands-on exercises with booting and software installation. Account Management Basic Network Configuration](https://reader036.vdocument.in/reader036/viewer/2022062718/56649e995503460f94b9bbc6/html5/thumbnails/14.jpg)
Exercise: Account Creation with Command Line Tools
• Use useradd to create an account for student3. Use the appropriate flags to set a default group of “students,” a home directory of /home/student3, and a password of your choosing.
• Login to the student3 account.• Use userdel to remove the student3
account.
![Page 15: ITI-481: Unix Administration Meeting 3. Today’s Agenda Hands-on exercises with booting and software installation. Account Management Basic Network Configuration](https://reader036.vdocument.in/reader036/viewer/2022062718/56649e995503460f94b9bbc6/html5/thumbnails/15.jpg)
Basic TCP/IP Network Configuration
• If the install program detects a NIC card during the install process, you will be prompted to enter network settings.
• Network setting are configured at boot time through an rc script: /etc/rc.d/init.d/network
• Network rc script sets network settings designated in /etc/sysconfig:– /etc/sysconfig/network
Hostname and gateway– /etc/sysconfig/network-scripts/ifcfg-eth0
IP address, broadcast, netmask– (These are the files that contain the network address
settings your network admin gives you).
![Page 16: ITI-481: Unix Administration Meeting 3. Today’s Agenda Hands-on exercises with booting and software installation. Account Management Basic Network Configuration](https://reader036.vdocument.in/reader036/viewer/2022062718/56649e995503460f94b9bbc6/html5/thumbnails/16.jpg)
Domain Name Service Client Configuration• Local IP address, host name combination set in /etc/hosts.
• To use DNS for host name resolution, need to enable it in /etc/nsswitch.conf:hosts: files dns
• DNS servers defined in /etc/resolv.conf:search domainnamenameserver IP-addressSample File:search rutgers.edunameserver 128.6.4.4nameserver 128.6.21.9
![Page 17: ITI-481: Unix Administration Meeting 3. Today’s Agenda Hands-on exercises with booting and software installation. Account Management Basic Network Configuration](https://reader036.vdocument.in/reader036/viewer/2022062718/56649e995503460f94b9bbc6/html5/thumbnails/17.jpg)
Network Configuration Utilities
• Text-based– ifconfig
Shows various network setting, such as the IP address associated with a NIC.
– hostnameDisplays and sets the machine’s hostname
– routeDisplays and sets network routes and gateways.
• Network Monitoring Utilities– ping– traceroute– netstat
![Page 18: ITI-481: Unix Administration Meeting 3. Today’s Agenda Hands-on exercises with booting and software installation. Account Management Basic Network Configuration](https://reader036.vdocument.in/reader036/viewer/2022062718/56649e995503460f94b9bbc6/html5/thumbnails/18.jpg)
Daemons
• A unix process designed to handle a specialized function, usually to run server based processes.
• Run in the background.• Run two possible ways:
– Standalone - Usually started through rc scripts. Always resident in process table (ps –ef or ps –aux show Unix processes running on the system)
– Inetd - started via the Inetd network server
![Page 19: ITI-481: Unix Administration Meeting 3. Today’s Agenda Hands-on exercises with booting and software installation. Account Management Basic Network Configuration](https://reader036.vdocument.in/reader036/viewer/2022062718/56649e995503460f94b9bbc6/html5/thumbnails/19.jpg)
Inetd
• Inetd is a "Superserver" for network server-related processes.
• Configuration file: /etc/inetd.conf
• Controls starting and stopping of network services like telnet and ftp.
• Connections made on specific ports are handed over to the appropriate daemon.
![Page 20: ITI-481: Unix Administration Meeting 3. Today’s Agenda Hands-on exercises with booting and software installation. Account Management Basic Network Configuration](https://reader036.vdocument.in/reader036/viewer/2022062718/56649e995503460f94b9bbc6/html5/thumbnails/20.jpg)
/etc/inetd.conf
• Define specific services run through inetd. • Per service format:
srvce_name sock_type protocol [no]wait user srvr_orig srvr_prog_args
• Sample entry: telnet stream tcp nowait root /usr/sbin/tcpd in.telnetd
• For security reasons, comment out entries for services not being used.
• Administrators rarely manually add entries to inetd.conf• Restart inetd after making any configuration changes: kill -HUP `cat /var/run/inetd.pid`
![Page 21: ITI-481: Unix Administration Meeting 3. Today’s Agenda Hands-on exercises with booting and software installation. Account Management Basic Network Configuration](https://reader036.vdocument.in/reader036/viewer/2022062718/56649e995503460f94b9bbc6/html5/thumbnails/21.jpg)
/etc/services• Inetd needs to know on what port (network
application identification number) the service being started needs to listen.
• Maps servcies to specific ports. /etc/services: • Entry format:service port/protocol
• Sample entry:telnet 23/tcp
• This file is already configured and populated for you but can be a good reference for “well known” TCP ports
![Page 22: ITI-481: Unix Administration Meeting 3. Today’s Agenda Hands-on exercises with booting and software installation. Account Management Basic Network Configuration](https://reader036.vdocument.in/reader036/viewer/2022062718/56649e995503460f94b9bbc6/html5/thumbnails/22.jpg)
TCP Wrappers
• Access restrictions to TCP applications can be enabled using TCP Wrappers.
• In inetd.conf, the network service is called through /usr/sbin/tcpd instead of directly.
• Access control set through /etc/hosts.allow and /etc/hosts.deny allows you to selectively allow/deny remote access to network services based on IP address and/or hostname.
• Connections to TCP wrapped services are logged. • Generally used for security reasons.
![Page 23: ITI-481: Unix Administration Meeting 3. Today’s Agenda Hands-on exercises with booting and software installation. Account Management Basic Network Configuration](https://reader036.vdocument.in/reader036/viewer/2022062718/56649e995503460f94b9bbc6/html5/thumbnails/23.jpg)
Example: Denying Access via /etc/hosts.allow file• The format of /etc/hosts.allow and
/etc/hosts.deny is:• Service name: [ip or host], [ip or host]…
• Adding the following entries to the /etc/hosts.allow files will stop users from AOL and the IP address range 128.6.6.* from accessing your system via telnet:in.telnetd:128.6.6.,.aol.com
![Page 24: ITI-481: Unix Administration Meeting 3. Today’s Agenda Hands-on exercises with booting and software installation. Account Management Basic Network Configuration](https://reader036.vdocument.in/reader036/viewer/2022062718/56649e995503460f94b9bbc6/html5/thumbnails/24.jpg)
Exercise: Disabling Services in Inetd
• Disable telnet access to your system by commenting out the entry for telnet.
• Restart inetd: kill -HUP `cat /var/run/inetd.pid`
• Verify that the telnet daemon has been disabled – what happens when you type…>telnet localhost
![Page 25: ITI-481: Unix Administration Meeting 3. Today’s Agenda Hands-on exercises with booting and software installation. Account Management Basic Network Configuration](https://reader036.vdocument.in/reader036/viewer/2022062718/56649e995503460f94b9bbc6/html5/thumbnails/25.jpg)
Homework
• Read Chapters 8,18, and 20 in Linux Administration: A Beginner’s Guide.