Post on 14-May-2015
description
GNU/Linux ServersGNU/Linux Servers
NFM 2008NFM 2008
Majour ServersMajour Servers
● Apache HTTP ServerApache HTTP Server● Squid Proxy and CacheSquid Proxy and Cache● Samba ServerSamba Server● FTP Server [vsftpd]FTP Server [vsftpd]● Database Server [Postgresql,Mysql,Sqllite]Database Server [Postgresql,Mysql,Sqllite]● Email Server [sendmail,postfix]Email Server [sendmail,postfix]● FirewallFirewall
Web ServerWeb Server
ApacheApache
Introduction to ApacheIntroduction to Apache
● The Apache group was formed in 1995The Apache group was formed in 1995
● Apache => A Patchy ServerApache => A Patchy Server
● Largely because the patches to NCSA server that Largely because the patches to NCSA server that resulted in this new webserver. It actually got its resulted in this new webserver. It actually got its name from the native American Tribename from the native American Tribe
● Apache Version 1.0 was released in December, 1995Apache Version 1.0 was released in December, 1995
● World's most used webserver since April, 1996 World's most used webserver since April, 1996
● http://news.netcraft.com/archives/web_server_survey.htmlhttp://news.netcraft.com/archives/web_server_survey.html● 50.43% october 200850.43% october 2008
FactsFacts
● Easy administration using web based Easy administration using web based interface [webmin]interface [webmin]
● No cost to setup a server. No cost to setup a server. ● As easy as download a CD and install.As easy as download a CD and install.● Lower maintenance. Lower maintenance. ● Keeps running for years.Keeps running for years.● Better Security than IISBetter Security than IIS
FeaturesFeatures
● Virtual HostingVirtual Hosting● Acess ConfigurationAcess Configuration● SecuritySecurity● mod_rewritemod_rewrite
Single website/Virtual HostingSingle website/Virtual Hosting● Single Website Single Website
● The host definitions go into the main configurationThe host definitions go into the main configuration
● Any connection to the server returns the same set of pageAny connection to the server returns the same set of page
● Virtual HostingVirtual Hosting● Ip based virtual hostingIp based virtual hosting
– Multiple IP addresses to the same machineMultiple IP addresses to the same machine● Name based virtual hostingName based virtual hosting
– Multiple domain names to the same IP addressMultiple domain names to the same IP address● Port based virtual hostingPort based virtual hosting
– Hanlding the request in a particular portHanlding the request in a particular port
Access ConfigurationAccess Configuration
● Allow fromAllow from● Allow access from the given networks and addresses or Allow access from the given networks and addresses or
when the environment satisfies a conditionwhen the environment satisfies a condition
● Deny fromDeny from● Deny access from the given networks and addresses or Deny access from the given networks and addresses or
when the environment satisfies a conditionwhen the environment satisfies a condition
SecuritySecurity
● mod_sslmod_ssl● Set SSLCertificateFile and SSLCertificateKeyFileSet SSLCertificateFile and SSLCertificateKeyFile● Digital certificates from OpenSSLDigital certificates from OpenSSL
● mod_security mod_security ● can the incoming requests for attacks and can can the incoming requests for attacks and can
proactively prevent attacks on the serverproactively prevent attacks on the server
● mod_userdirmod_userdir● nables “~username” urls for usernables “~username” urls for user
mod_rewritemod_rewrite
● Rewrite Incoming Url based on regular Rewrite Incoming Url based on regular expressionsexpressions
● Help Making Clean Urls in dynamic content Help Making Clean Urls in dynamic content generation like phpgeneration like php
● Can Use Regular Expressions for rewriteCan Use Regular Expressions for rewrite● Using .htaccess in each directoryUsing .htaccess in each directory
More ...More ...
● mod_proxy can take care of proxy, both mod_proxy can take care of proxy, both reverse and forwardreverse and forward
● Perl, Python and Ruby have script engines Perl, Python and Ruby have script engines that come as modules to Apachethat come as modules to Apache
● Apache is the most used webserver, since Apache is the most used webserver, since 1996 :)1996 :)
● 59% of world wide web servers are apache59% of world wide web servers are apache
Proxy ServerProxy Server
Squid Squid
Introduction to ProxyIntroduction to Proxy
● In a typical setup a WebProxy requests In a typical setup a WebProxy requests pages from the Internet on behalf of the clients pages from the Internet on behalf of the clients on the local network and serves them to the on the local network and serves them to the local clients.local clients.
– Enhances security on LANEnhances security on LAN– When caching is enabled, gives a better browsing When caching is enabled, gives a better browsing
experienceexperience
● Proxy servers also cache data and avoid Proxy servers also cache data and avoid redundant and repeated requests to servers for redundant and repeated requests to servers for the same data.the same data.
●
Features of SquidFeatures of Squid
● Web Proxy and Cache for HTTP, FTPWeb Proxy and Cache for HTTP, FTP● DNS Lookup CacheDNS Lookup Cache● Reverse Proxy to accelerate speed of web Reverse Proxy to accelerate speed of web
serversservers● Access Control ListsAccess Control Lists● Bandwidth managementBandwidth management
Network File Sharing ServerNetwork File Sharing Server
SambaSamba
Introduction to SMBIntroduction to SMB
● NetBIOS by IBM and SytecNetBIOS by IBM and Sytec● NetBIOS + Disk I/O redirection => SMBNetBIOS + Disk I/O redirection => SMB
– Server Message Block Protocol by MicrosoftServer Message Block Protocol by Microsoft– Now called the CIFS [Common Internet File System]Now called the CIFS [Common Internet File System]
● Windows machines advertise their services Windows machines advertise their services and presence on the network using this and presence on the network using this protocolprotocol
● The “Network Neighbourhood”The “Network Neighbourhood”
Introduction to SambaIntroduction to Samba
● Andrew Tridgell published his code in early Andrew Tridgell published his code in early 19921992
● Actual development started two years laterActual development started two years later● Opening windows to the wider worldOpening windows to the wider world● Samba runs on unix platforms, but speaks to Samba runs on unix platforms, but speaks to
Windows clients like a native windows machineWindows clients like a native windows machine● Lets you share files and printers over the Lets you share files and printers over the
networknetwork● Works with SMB as well as its latest form Works with SMB as well as its latest form
CIFSCIFS
Features SambaFeatures Samba
● File and Printer sharingFile and Printer sharing● Access controlsAccess controls● Remote LogonsRemote Logons● Work As a part of windows NetworkWork As a part of windows Network● Can Act as the Primary Domain ControllerCan Act as the Primary Domain Controller● SWAT (Samba Web Administration Tool)SWAT (Samba Web Administration Tool)
Ftp ServerFtp Server
VsftpdVsftpd
Introduction to FTPIntroduction to FTP
● File Transfer ProtocolFile Transfer Protocol● CriticismsCriticisms
– Passwords are sent in cleartextPasswords are sent in cleartext– Multiple TCP/IP connections neededMultiple TCP/IP connections needed– No integrity check in case of connection failuresNo integrity check in case of connection failures
● AlternativesAlternatives– SFTP and FTPS for secure copying SFTP and FTPS for secure copying – Secure Copy or SCP is nowadays largely usedSecure Copy or SCP is nowadays largely used
Features of vsftpdFeatures of vsftpd
● A simple FTP serverA simple FTP server● Anonymous accessAnonymous access● Security considerationsSecurity considerations● Easy ConfigurationEasy Configuration
Active DirectoryActive Directory
Open LDAPOpen LDAP
FeaturesFeatures
● Active Directory is essentially LDAP and Active Directory is essentially LDAP and Kerberos tied together (although slightly Kerberos tied together (although slightly Modified)Modified)
● OpenLDAP is the usual LDAP implementationOpenLDAP is the usual LDAP implementation● If you decide to keep Active Directory, SambaIf you decide to keep Active Directory, Samba
version 3.0 or higher is needed to integrate wellversion 3.0 or higher is needed to integrate well
with itwith it
Domain Name System (DNS) serverDomain Name System (DNS) server
BINDBIND[Berkeley Internet Name Domain][Berkeley Internet Name Domain]
Features of BINDFeatures of BIND
● Berkeley Internet Name Domain (BIND) is one Berkeley Internet Name Domain (BIND) is one of the many industry standard Open Source of the many industry standard Open Source packages that make up much of the Internet packages that make up much of the Internet infrastructure.infrastructure.
● Domain name serving is one of the easiest (and Domain name serving is one of the easiest (and most transparent to the end user) conversions most transparent to the end user) conversions you' face.you' face.
● BIND works from plain text configuration files, BIND works from plain text configuration files, not a GUI.not a GUI.
Dynamic Host Configuration Dynamic Host Configuration ProtocolProtocol
(DHCP) server (DHCP) server
ISC’s DHCPISC’s DHCP
FeaturesFeatures
● ISC’s DHCP is industry standard Open Source ISC’s DHCP is industry standard Open Source PackagePackage
● it works better with Windows clients than a it works better with Windows clients than a Windows DHCP serverWindows DHCP server
● DHCP server keeps its configuration data in DHCP server keeps its configuration data in a .mdb filea .mdb file
Web Application Server (Java)Web Application Server (Java)
● Lots of products in this area. Probably the Lots of products in this area. Probably the same ones that you run on Windows are same ones that you run on Windows are available for Linuxavailable for Linux
– WebSphereWebSphere– BEA WebLogicBEA WebLogic– IplanetIplanet– JbossJboss
● Installation, configuration and management Installation, configuration and management should be the same or very similar across should be the same or very similar across platformsplatforms
Remote Access ServerRemote Access Server
● Use the pppd package that comes with your Use the pppd package that comes with your distributiondistribution
● pppd supports a variety of authentication pppd supports a variety of authentication protocols, such as PAP, CHAP, and RADIUSprotocols, such as PAP, CHAP, and RADIUS
● IP forwarding must be turned on in the Linux IP forwarding must be turned on in the Linux kernelkernel
● Kpp GUI is availableKpp GUI is available
Email ServerEmail Server
● lots of choices on Linuxlots of choices on Linux● Sendmail,Sendmail,● Exim,Exim,● Postfix,Postfix,
● The email delivery piece is the easy partThe email delivery piece is the easy part
Groupware ServerGroupware Server
● Bynari’s Insight server is one, but only scales Bynari’s Insight server is one, but only scales up to about 50,000 email boxes.up to about 50,000 email boxes.
● Ximian Insight Connector (now owned by Ximian Insight Connector (now owned by Novell) is anotherNovell) is another
●
Database ServerDatabase Server
● The two most popular Open Source ones areThe two most popular Open Source ones are● MySQL and PostgreSQLMySQL and PostgreSQL● MySQL easy flexibleMySQL easy flexible● PostgreSQL is strong and enterprise class.PostgreSQL is strong and enterprise class.
FirewallFirewall
● Linux comes with a native firewall capabilityLinux comes with a native firewall capability● Linux also has native support for Network Linux also has native support for Network
Address Translation (NAT), also known as IP Address Translation (NAT), also known as IP masqueradingmasquerading
● The iptables command is what is used to create The iptables command is what is used to create firewall and NAT rules. There are GUI frontfirewall and NAT rules. There are GUI frontends available to make that easier.ends available to make that easier.
● • • Commercial firewalls are also available for Commercial firewalls are also available for Linux, such as Check Point’s Firewall1, Linux, such as Check Point’s Firewall1, Phoenix, StoneGate, etc.Phoenix, StoneGate, etc.
ThanksThanks