Network Services CSCI N321 – System and Network Administration Copyright © 2000, 2007 by Scott...
-
Upload
kelley-johnson -
Category
Documents
-
view
216 -
download
2
Transcript of Network Services CSCI N321 – System and Network Administration Copyright © 2000, 2007 by Scott...
![Page 1: Network Services CSCI N321 – System and Network Administration Copyright © 2000, 2007 by Scott Orr and the Trustees of Indiana University.](https://reader035.fdocuments.in/reader035/viewer/2022081519/56649e725503460f94b71ad0/html5/thumbnails/1.jpg)
Network Services
CSCI N321 – System and Network Administration
Copyright © 2000, 2007 by Scott Orr and the Trustees of Indiana University
![Page 2: Network Services CSCI N321 – System and Network Administration Copyright © 2000, 2007 by Scott Orr and the Trustees of Indiana University.](https://reader035.fdocuments.in/reader035/viewer/2022081519/56649e725503460f94b71ad0/html5/thumbnails/2.jpg)
Section Overview
Client-Server Model
Network Ports, Services and Daemons
Network Protocols
Viewing Active Ports
Common Server Daemons
![Page 3: Network Services CSCI N321 – System and Network Administration Copyright © 2000, 2007 by Scott Orr and the Trustees of Indiana University.](https://reader035.fdocuments.in/reader035/viewer/2022081519/56649e725503460f94b71ad0/html5/thumbnails/3.jpg)
References
Linux System Administration
Chapter 18 (pgs. 305-332) Optional: Chapters 20 & 21
CQU 85321 System Administration Course
TextbookChapter 16
Lectures2002 #16
![Page 4: Network Services CSCI N321 – System and Network Administration Copyright © 2000, 2007 by Scott Orr and the Trustees of Indiana University.](https://reader035.fdocuments.in/reader035/viewer/2022081519/56649e725503460f94b71ad0/html5/thumbnails/4.jpg)
TCP/IP Protocol Stack
Physical Layer (media)Physical Layer (media)
Link Layer (Device Drivers)Link Layer (Device Drivers)
Network Layer (IP)Network Layer (IP)
Transport Layer (TCP,UDP)Transport Layer (TCP,UDP)
Application (FTP, HTTP, DNS)Application (FTP, HTTP, DNS)
![Page 5: Network Services CSCI N321 – System and Network Administration Copyright © 2000, 2007 by Scott Orr and the Trustees of Indiana University.](https://reader035.fdocuments.in/reader035/viewer/2022081519/56649e725503460f94b71ad0/html5/thumbnails/5.jpg)
Client-Server Model
ServerServer ClientClient
Listens forListens forincomingincomingrequestsrequests
Makes a requestMakes a request
Request fulfilledRequest fulfilled
![Page 6: Network Services CSCI N321 – System and Network Administration Copyright © 2000, 2007 by Scott Orr and the Trustees of Indiana University.](https://reader035.fdocuments.in/reader035/viewer/2022081519/56649e725503460f94b71ad0/html5/thumbnails/6.jpg)
Network Ports
Enables processes to communicate with each other across a network64K possible portsPrivileged ports < 1024 reserved for system use only Correspond to well-known services /etc/services
![Page 7: Network Services CSCI N321 – System and Network Administration Copyright © 2000, 2007 by Scott Orr and the Trustees of Indiana University.](https://reader035.fdocuments.in/reader035/viewer/2022081519/56649e725503460f94b71ad0/html5/thumbnails/7.jpg)
/etc/services
Service-name port/protocol aliases
Examples:ssh 22/tcp
smtp 25/tcp mail
www 80/tcp http www-http
imaps 993/tcp
syslog 514/udp
![Page 8: Network Services CSCI N321 – System and Network Administration Copyright © 2000, 2007 by Scott Orr and the Trustees of Indiana University.](https://reader035.fdocuments.in/reader035/viewer/2022081519/56649e725503460f94b71ad0/html5/thumbnails/8.jpg)
Running Network Servers
Stand-alone Daemon Each started via rc script Always running Listens (binds) to the service port Uses resources even when idle
inetd “Super-daemon” Listens to many ports Starts daemon when request is received Daemon shuts down when finished /etc/inetd.conf
![Page 9: Network Services CSCI N321 – System and Network Administration Copyright © 2000, 2007 by Scott Orr and the Trustees of Indiana University.](https://reader035.fdocuments.in/reader035/viewer/2022081519/56649e725503460f94b71ad0/html5/thumbnails/9.jpg)
/etc/inetd.confservice_name: Service namesock_type: stream (tcp) dgram (udp) raw (direct IP)
proto: protocol used (/etc/protocol)flags: wait, nowaituser: User to run daemon asserver_path: Full path to daemon programargs: Command line arguments to daemon
![Page 10: Network Services CSCI N321 – System and Network Administration Copyright © 2000, 2007 by Scott Orr and the Trustees of Indiana University.](https://reader035.fdocuments.in/reader035/viewer/2022081519/56649e725503460f94b71ad0/html5/thumbnails/10.jpg)
Xinetd
Replacement for inetdEnhancements Access Control Resource based limits Logging (Success and Failure)
Default: /etc/xinetd.confService Specific: /etc/xinetd.d
![Page 11: Network Services CSCI N321 – System and Network Administration Copyright © 2000, 2007 by Scott Orr and the Trustees of Indiana University.](https://reader035.fdocuments.in/reader035/viewer/2022081519/56649e725503460f94b71ad0/html5/thumbnails/11.jpg)
/etc/xinetd.conf
defaultsdefaults{{ instances = 60instances = 60 log_type = SYSLOG authprivlog_type = SYSLOG authpriv log_on_success = HOST PIDlog_on_success = HOST PID log_on_failure = HOSTlog_on_failure = HOST cps = 25 30cps = 25 30}}
includedir /etc/xinetd.dincludedir /etc/xinetd.d
![Page 12: Network Services CSCI N321 – System and Network Administration Copyright © 2000, 2007 by Scott Orr and the Trustees of Indiana University.](https://reader035.fdocuments.in/reader035/viewer/2022081519/56649e725503460f94b71ad0/html5/thumbnails/12.jpg)
Example xinetd service /etc/xinetd.d/imaps:/etc/xinetd.d/imaps:
service imapsservice imaps{{ disable = nodisable = no socket_type = streamsocket_type = stream wait = nowait = no user = rootuser = root server = /usr/local/sbin/imapdserver = /usr/local/sbin/imapd groups = yesgroups = yes flags = REUSE IPv6flags = REUSE IPv6}}
![Page 13: Network Services CSCI N321 – System and Network Administration Copyright © 2000, 2007 by Scott Orr and the Trustees of Indiana University.](https://reader035.fdocuments.in/reader035/viewer/2022081519/56649e725503460f94b71ad0/html5/thumbnails/13.jpg)
Windows Service Management
Microkernel – Everything a serviceAdministrative tools -> ServicesService Options Startup Type: Automatic, Manual,
Disabled Log On: Which user to run service as Recovery: What to do on failure Dependencies: Which services does this
one depend upon
![Page 14: Network Services CSCI N321 – System and Network Administration Copyright © 2000, 2007 by Scott Orr and the Trustees of Indiana University.](https://reader035.fdocuments.in/reader035/viewer/2022081519/56649e725503460f94b71ad0/html5/thumbnails/14.jpg)
Windows Service Recovery
Settings for: First Failure Second Failure Subsequent
Failures
Counter Reset (Days)
Options: Take no Action Restart the
Service Run a program Restart the
Computer
![Page 15: Network Services CSCI N321 – System and Network Administration Copyright © 2000, 2007 by Scott Orr and the Trustees of Indiana University.](https://reader035.fdocuments.in/reader035/viewer/2022081519/56649e725503460f94b71ad0/html5/thumbnails/15.jpg)
Network Protocols
Service request/response syntaxOften uses English commandsRequest For Comments (RFC) Documentation for protocols and
practices Each revision its own number May have a second classification
For Your Information (FYI) Best Common Practices (BCP) Standards (STD)
![Page 16: Network Services CSCI N321 – System and Network Administration Copyright © 2000, 2007 by Scott Orr and the Trustees of Indiana University.](https://reader035.fdocuments.in/reader035/viewer/2022081519/56649e725503460f94b71ad0/html5/thumbnails/16.jpg)
Viewing Active Ports
netstat –a – Ports in use Source/destination addresses and ports Protocol used State
LISTENESTABLISHED
lsof –i :service – Process using porttcpdump – View network traffic
![Page 17: Network Services CSCI N321 – System and Network Administration Copyright © 2000, 2007 by Scott Orr and the Trustees of Indiana University.](https://reader035.fdocuments.in/reader035/viewer/2022081519/56649e725503460f94b71ad0/html5/thumbnails/17.jpg)
Resource Sharing Daemons
Network File System (NFS) nfsd mountd
Line Printing Daemon (lpd)Samba smbd – Microsoft file and print sharing nmbd – Microsoft name resolution
![Page 18: Network Services CSCI N321 – System and Network Administration Copyright © 2000, 2007 by Scott Orr and the Trustees of Indiana University.](https://reader035.fdocuments.in/reader035/viewer/2022081519/56649e725503460f94b71ad0/html5/thumbnails/18.jpg)
Internet Daemons
telnetd – Remote Accessftpd – File transferBerkeley-R Daemonssshd – Secure ShellElectronic Mail sendmail/postfix – Receiving email imapd, popd – Remote email access
httpd – Web
![Page 19: Network Services CSCI N321 – System and Network Administration Copyright © 2000, 2007 by Scott Orr and the Trustees of Indiana University.](https://reader035.fdocuments.in/reader035/viewer/2022081519/56649e725503460f94b71ad0/html5/thumbnails/19.jpg)
Infrastructure Daemons
named – DNSdhcpd – Dynamic Host Config Protocolnisd/ldapd – Directory Servicesfingerd – User informationxntpd – System time synchronizationrouted/gated – RoutingFirewall