Linux Slides Continue Part 2

8/14/2019 Linux Slides Continue Part 2

1/153

M4 is a macro languagethat can help to configure

the sendmail.cf file, using

sendmail.mc

Sendmail Configuration


2/153

Open theVirtusertable file, for

mapping user virtual

domain addresses.



3/153

The virutusertableconfiguration helps to

define the domain name

along with fully

qualified domain name.



4/153

Open a local-host-file.



5/153

The local-host-file is formultiple hosts using thesame mail server. Enter

the domain name as

given above.



6/153

Service for

the sendmail

is restarted



7/153

Inorder to

determine if sendmail is identifying

your station

hostname correctly,

use sendmail -d0.



8/153

The ipop3 protocol

enables to receive

the messages from

mail server. Openthe pop3 file .



9/153

Disable = yes, the

pop3 service is

disabled then the

mails cannot be

received.



10/153

To Enable the ipop3

Disable is changed to

no.



11/153

The xinetd

service is

restarted.



12/153

The root user send a

mail to the user joe

using mail command.



13/153

The mail sent by

the root is received

by the user joe as

shown above.



14/153

Evolution:

Evolution is the primary mail client for redhat.

It is the powerful tool with supports numerous

protocol (smtp, pop and imap)

It includes calendar, address book , multiple

mail accounts and encryption.

It is supported by both gnome and kde



15/153

Runningevolution in the

background.



16/153

The evolution

welcome wizard

get opened and

click forward to

continue.



17/153

Enter the user name and

email address and click

forward to continue .



18/153

The pop option is

chosen to receive mailsfrom the mail server

and click forward.



19/153

Specify the

server hostname

and the username

.



20/153

The time given as 10

will update the mail inevery 10 seconds .



21/153

Select the SMTP protocol

to transfer the mail to the

mail server and specify a

server address.



22/153

A name is given to

represent the mail

account.



23/153

Location is specified in

the timezone setting forthe sendmail

configuration .



24/153

Evolution process is

done by entering theinformation needed.



25/153

Tom the user

sends a mail by

selecting Newbutton .



26/153

The user tom sends

the mail to the user

root as shown above.



27/153

The root user

view the mail

received from theuser tom using the

command mail.



28/153


The user root sends

the mail to the user

tom as shown above.

.


29/153

The tom views the mailreceived from the use

root as shown above .



30/153

dig command shows ip

address of the specifiedfully-qualified domain

name .



31/153


The access file is

opened to set therestriction for accessing

the sendmail server .


32/153

Except the

example.com all others

are restricted to access .



33/153

Internet mail Access Protocol

It allows a remote server to hold mail for user whocan then login into access their mail.

Unlike the POP servers, IMAP servers retain usermail messages.

User can even save their mails on the IMAP mailserver.

IMAP also supports the use of shared folder towhich several user can access mail on given topic.

Certificates for IMAP


34/153

Certificates for imap

To create the imap

certificate first remove

the file imapd.pem.


35/153

The imap certificate

can created using thecommand make

imapd.pem.



36/153

While creating imap

certificate it will prompts

for following, just enter

the corresponding details.



37/153

The imaps protocol

enables to receive and

save the mails from

mail server. Open the

imaps3 file.



38/153

Setting disable=no

will enables imapsservices.



39/153

The xinetdservice is

restarted.



40/153

The issued certificate

information cab be

viewed using thecommand mutt.


C f f


41/153

Here you can see

the certificateinformation's.


Fil T f P l (FTP)


42/153

File Transfer Protocol (FTP)

FTP is designed to transfer large file across a network

from one system to another.

Like most internet operation, FTP works on a

client/server model.

FTP client program can enable users to transfer files to

and from a remote system running an FTP server

program.

FTP S i fil


43/153

FTP: Service profile

Packages : vsftpd

Daemons : vsftpd

Ports : 21(FTP), 20(ftp-data)

Config. : /etc/vsftpd/vsftpd.conf

/etc/vsftpd.ftpuser

/etc/pam.d/vsftpd

FTP fi ti


44/153

FTP configurations

check vsftpd

package is installed.

FTP fi ti


45/153

Install the vsftpd

package using rpm

command.

FTP configurations

FTP fi ti


46/153

Open the

configuration

file vsftpd.conf

FTP configurations

FTP fi ti


47/153

Setting the option yes will

allow anonymous users to

use the FTP server.

Setting the option yes

will allow all local

users in your system to

use the FTP server.

FTP configurations

FTP fi ti


48/153

Set this option to

upload files by

anonymous users.

FTP configurations

Set this option to

create files by

anonymous users.

Set this option tochange the

owner of upload

files.

To replace

uploads file

username.

FTP fi ti


49/153

Here set thepermission to

upload files.

FTP configurations

FTP fi ti


50/153

Creating directory name as

incoming inside /var/ftp

directory and change user

is root and group is ftp for

that directory.

FTP configurations

Set thepermission 730

for incoming

directory.

Restart the vsftpd

service.

FTP fi ti


51/153

The screen showcontents of pub

directory.

FTP configurations

FTP fi ti


52/153

In client side login on

ftp server, the user

name is anonymous and

password is just enter.

FTP configurations

FTP configurations


53/153

After login successfully,we change directory to pub

to download the file, test

using mget command.

FTP configurations

bye command used

to come out from

ftp server.

FTP configurations


54/153

Above screen

show download

file test is present.

FTP configurations

FTP configurations


55/153

Anonymous user again

login ftp server to

upload pop.pl file.

FTP configurations

Anonymous user to

change incoming

directory.

Anonymous user

upload file pop.pl to ftp

server using mputcommand.

FTP configurations


56/153

The file pop.pl is

uploaded to the

ftp server.

FTP configurations

FTP configurations


57/153

Now we get into

hosts.allow file.

FTP configurations

FTP configurations


58/153

Here we mention the

network address or

domain having privilege

to access this ftp server.

FTP configurations

FTP configurations


59/153

FTP configurations

Now we get intohosts.deny file.

FTP configurations


60/153

Except the network specified

in the /etc/hosts.allow other

cannot access the ftp server.

FTP configurations

NFS


61/153

Network file system

It enables you to mount a file system on a remotecomputer as if it were local to your own system.

You can directly access any of the file on the remote filesystem.

NFS operate over a TCP/IP network.

The remote computer that holds the file system makes itavailable to other computers on the network.

NFS

NFS Service Profile


62/153

Packages : Portmap, nfs-utils

Daemons : nfs

Ports : 111

Config. : /etc/exports

NFS Service Profile

NFS configuration


63/153

NFS configuration

Check portmap

and nfs-utils

pakages installed.

NFS configuration


64/153

Above screen shows

the file contents of

the test1.

NFS configuration

Now we get into the

file /etc/exports .

NFS configuration


65/153

Here the test1 is the

directory name to be

exported to the network

specified above.

NFS configuration

This is the second

directory specified along

with example.com

(domain name) to be

exported.

Note: options rw is

for read and write

permission. sync isfor synchronization.

NFS configuration


66/153

Services portmap

and nfs is restarted.

NFS configuration

NFS configuration


67/153

exportfs -v shows

the shared directoryof the server

machine.

NFS configuration

exportfs -r -a both

export the added

entries and re-export

the changed ones.

NFS configuration


68/153

NFS configuration

In client side to check the

shared document from

server machine, use

showmount -e command.

NFS configuration


69/153

NFS configuration

From the client

machine the nfs server

machine shared

directory is mounted.

DHCP


70/153

Dynamic host configuration protocol

Allow the hosts to get assigned an IP address from

pool of IP address automatically.

Allow the clients also to receive IP address from outside

network segment.

The server can be configured to accept requests from

only a specific set of MAC address.

DHCP

DHC: Service profile


71/153

DHC: Service profile

Packages : dhcp

Daemons : dhcpd

Config file : /etc/dhcpd.conf,

/var/lib/dhcp/dhcp.leases

Ports : 67(bootps), 68(bootpc)

DHCP configuration


72/153

DHCP configuration

The package dhcp is

checked whether

insatalled.

DHCP configuration


73/153

DHCP configuration

Dhcp configurationneed a single package

called dhcp which can

be installed through

rpm command.

DHCP configuration


74/153

Command rpm -qlchecks the files present

in the dhcp package .

DHCP configuration

dhcp.conf.sample is aconfiguration file,

which must be copied to

the /etc directory.

DHCP configuration


75/153

Using cp command the

dhcp.conf.sample is

copied to /etc/dhcp.conf.

DHCP configuration

We get into the

configuration file

copied earlier.

DHCP configuration


76/153

Specify the

network hereand subnet

mask.

DHCP configuration

The gatewayand subnet is

mentioned

here.

Nis domain is

mentioned here.

DNS name is

mentioned here

and the DNS ipaddress.

DHCP configuration


77/153

DHCP configuration

Dynamic range

ip is mentioned

here for the

client systems.

DHCP configuration


78/153

DHCP configuration

The ip

192.168.0.20

is thegateway for

the client

machines.

The domain name ismentioned here as

example.com and ip

address.

Ip ranges is specifiedfor the client machine to

assign automatically.

DHCP configuration


79/153

DHCP configuration

ip is mentioned

for the particular

system by macaddress.

DHCP configuration


80/153

DHCP configuration

ip is added to

the host

station33 bymac address.

DHCP configuration


81/153

In the client

machine, netconfig

command is used

to assign the ip

address.

DHCP configuration

DHCP configuration


82/153

Using space bar the

# (hash) symbol is

checked to enablethe dhcp service.

DHCP configuration

DHCP configuration


83/153

DHCP configuration

Network

service is

restarted to

enable the dhcp

service.

p is viewed to

heck the dhcp

services

enabled.Now the

gateway has

been assigned

via dhcp.

DHCP configuration


84/153

Open the

resolv.conf

file.

g

DHCP configuration


85/153

In the client machine

the above domain

name and ip addressget assigned.

g

Samba configuration


86/153

Andrew Tridgell wrote a SMB [server message block] clientand server that he called Samba.

Samba is a collection of Linux tools that allow you to

communicate with windows systems over a network.

Helps in browsing the network resources using host namesby name resolution instead of DNS.

File and printer sharing is probably the most attractivesamba feature.

g

Samba Service Profile


87/153

Packages : samba, samba-common, samba-client

Daemons : smbd, nmbd (NetBIOS nameserver)

Config file : /etc/samba/smb.conf

Ports : 137 (nmbd), 138(smbd)

Samba configuration


88/153

rpm -q

queries for

the packages

installed.

Samba configuration


89/153

rpm -ivh along

with package

name installs thepackage.

Samba configuration


90/153

/etc/samba/smb.confis the configuration

file.

Samba configuration


91/153

The smb.conf

file is opened

now to edit.

The windows

domain name or

the workgroupname can be

given.

Samba configuration


92/153

This is the default

screen showing the

default network for

accessing.

Samba configuration


93/153

The screen shows that

the network 192.168.0

and 192.168.1 can

access the samba server.

Samba configuration


94/153

At the end of thesmb.conf file, shows the

example of how to

share the linux files.

Samba configuration


95/153

The previous example is

used here as such like

tmp and var directory.

The tmp directory is

shared to public(full

access) as well as write

the file.

The var directory is

given as the user joe

only can access the file

from any windows

operating system.

Samba configuration


96/153

Password is set for

accessing from thewindows operating

system.

Samba user name and

password are storedin

/etc/samba/smbpasswd

file.


97/153

Samba configuration


98/153

smbclient -L shows theshared directory of

samba server.

Samba configuration


99/153

This command helpsto confirm whether

the configuration is

done properly.

The user joe gets

logged in by giving

password for

authentication. ls

command is used to

list the files shared.

Samba configuration


100/153

The screen viewing the

listed files.mget command copy the

file from shared directory

to our machine.

Samba configuration


101/153

testparm commandis used to show the

shared directory of

the samba server.

Hitting enter will

show the detailed

shared directory.

Samba configuration


102/153

Here the screen shows

the simulation of the

samba configuration.

NIS


103/153

- Network information service.

- NIS stores administrative files in /etc/passwd,

/etc/hosts etc., in DB files.

- These Datas are available over the network to

all clients that are connected to the NIS domain.

- NIS client daemon (ypbind) finds a server for its

NIS Domain by sending a broadcast request.

NIS: Service profile


104/153

Packages : ypserv, ypbind, yp-tools

Daemons : ypserv, ypbind, rpc.yppasswdd

Config. Files : /etc/ypserv.conf (server)

/var/yp/*,

/etc/sysconfig/network (common)

/etc/nsswitch.conf, (client)

/etc/yp.conf

Port : 111 (assigned byportmap)

Steps to Configure NIS


105/153

Define the NIS domain name that the NIS server willwork for.

Start the ypserv daemon.

In the /var/yp/Makefile file, set any NIS server options

and specify the configuration files to manage.

Use ypinit to create the NIS versions of the

configuration file.

NIS Configurations


106/153

Query is made to

check whether the

portmap and ypserv

are installed. if not,

install the packages

NIS Configurations


107/153

To set the nis domain

name temporarily,

nisdomainnamecommand is used.

To set nis domain

name permanently,

entries are made at/

etc/sysconfig/network.

NIS Configurations


108/153

Enter the nisdomain name.Here

our nis domain is

nis

NIS Configurations


109/153

Start the portmap

and ypserv

services.

NIS Configurations


110/153

Open the nis

configuration file.

NIS Configurations


111/153

nopush options is set

to true if there is nonis slave server.and

it is set to false if

there is a slave sever.

NIS Configurations


112/153

The minimum

user and group Ids

are set to 500.

MERGE_PASSWD is

to true than thepassword file and the

shadow file will be

merge.

MERGE_GROUP

is set to true than

the group file andthe gshadow file

will be merge.

NIS Configurations


113/153

The files that are sharedon the network are

listed in the all.

NIS Configurations


114/153

This command

create the nis

database

consisting of

the nis

configuration

file.

NIS Configurations


115/153

Create a control

access file named

securents, which

enables access by

hosts to the nis

server.

Open thecontrol

access file.

NIS Configurations


116/153

Here we are giving

access all the hosts in

the network 192.168.0.0

and the localhost.

NIS Configurations


117/153

Restart the yppasswddand ypserv services.

NIS Configurations


118/153

In client sidecheck for the

ypbind package.

This command

is used to

indicate the nis

server.

NIS Configurations


119/153

Select the NIS option

and enter the nis

domain name and its ip

address and press next.

NIS Configurations


120/153

Press ok

to

continue.

NIS Configurations


121/153

ypcat lists any NISconfiguration file here

we can see the

password file.

NIS Configurations


122/153

ypmatch command is

used to view a

particular users entry in

the configuration file.Open the

auto.master

file.

NIS Configurations


123/153

Enter the mounting

directory, here we

mount in the

/home directory .

NIS Configurations


124/153

Open theauto.misc

file.

NIS Configurations


125/153

Mention the NIS server

ip address and the homedirectory to be

mounted.

NIS Configurations


126/153

Restart the

autofs service .

Secure shell (SSH)


127/153

Secure Shell

Allows remote logins and remote command executionvia secure encrypted connections.

Syntax:

ssh @

Secure shell (SSH)


128/153

Service for the

sshd is

restarted.

Secure shell (SSH)


129/153

Open the file

hosts.allow.

Secure shell (SSH)


130/153

example.com specified here,

enables the machines under

example.com domain canaccess the remote login.


131/153

Secure shell (SSH)


132/153

sshd : ALL enteredabove means that except

example .com others are

restricted to access.

Secure shell (SSH)


133/153

Look at the client machine

it is available in the

example.com domain.

Secure shell (SSH)


134/153

From the host

satation41 we logged

as root in

station20.example.com

Open ssh


135/153

Open SSH replaces common, insecure network

communication skills.

Provides greater data security between networked

systems.

Capable of tunneling in secured protocols through

forwarding.

Open ssh


136/153

Packages : openssh-clients, openssh-

server

Daemons : sshd

Config. Files : /etc/ssh/*, $home/.ssh

Port : 22

Open ssh


137/153

The openssh packages

are installed

Open ssh


138/153

Service sshd is

restarted.

Keygen is used to

Open ssh


139/153

Keygen is used to

generate public

and private keysusing DSA

algorithm.

The generated private

key is saved in id_dsa

file.

The generated public

key is saved in

id_dsa.pub file.

Open ssh


140/153

To transfer the publickey to a remote

machine

use scp command .

Open ssh


141/153

Create a file named

authorized_keys in

/root/.ssh directory and

give full permission to theowner for .ssh directory .

Redirect the public key

file id_dsa.pub to theauthorized_keys file.

Open ssh


142/153

Give read and write

permission to owner forthe file authorized file.

Open ssh


143/153

Now we can access the

machine 192.168.0.21remotely without

knowing passwd using

public key.

PAM


144/153

Pluggable authentication modules

It is a service that determines the method of authentication to beperformed for the users .

When a PAM user login his authentication is redirected to PAMfrom password file.

Authentication is carried out by modules that be vary according tothe kind of authentication needed.

An administrator can add or replace modules by simply changingthe PAM configuration files.

PAM Configuration File


145/153

PAM uses different configuration for different services that

request authentications.

Configuration files can be seen in /etc/pam.d directory.

Some of the configuration files are given below.

/etc/pam.d/login

/etc/pam.d/samba/etc/pam.d/system-auth

PAM Modules


146/153

A PAM configuration files contains a list of modules to beused for authentication.

They have following format:

Module-type control-flag module-path module-args

Module-type:

PAM Modules


147/153

It refers to different group of authenticationmanagement : Account, authentication, sectionand password.

Account :

It performs account verification such as password expiry.

Authentication[auth]:

It verifies who the user is, usually through apassword confirmation.

Continue

PAM Modules


148/153

Section:

It refers to task perform before a serviceaccess and before it is shutdown.

Password:

It performs authentication updates such aspassword change.

Control-flag:

PAM Modules


149/153

g

It indicates who PAM is to respond if the modules fails.

The control can be a simple directive such as:

Requisite:

End the authentication process immediately if the

modules fails.

Required:

This directive only ends the authentication after theremaining modules are run.

Continue

PAM Modules


150/153

Sufficient:

This directive indicates that success of thismodule is enough to provide authentication.

Optional

This directive indicates modules success is not

needed unless it is the only authenticationmodule for its services.

PAM Modules


151/153

Module-path : It is a module to be run.

Module-args : Module-argument are the parametersyou want pass to that module

PAM Modules


152/153

Open the pam

configuration filelogin.

PAM Modules


153/153

This is the

module-type

field.

This is the

control-flag

field.

This field is the

module-path.This field is for

the module

arguments.

Linux Slides Continue Part 2

Documents

Transcript of Linux Slides Continue Part 2