* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Download Blue Lines and Gradients
Survey
Document related concepts
Transcript
Lecture 8 Linux Services Configuration Objectives • Configuring Telnet • Configuring SSH • Configuring DNS • Configuring LAMP applications • Configuring FTP server Telnet Telnet Telnet is a network protocol used on the Internet or local area networks to provide a bidirectional interactive text-oriented communication facility using a virtual terminal connection. The term telnet may also refer to the software that implements the client part of the protocol. Telnet client applications are available for virtually all computer platforms. Telnet is a program that allows users to log into your server and get a command prompt just as if they were logged into the VGA console. The Telnet server RPM is installed and disabled by default on Fedora Linux. One of the disadvantages of Telnet is that the data is sent as clear text. This means that it is possible for someone to use a network analyzer to peek into your data packets and see your username and password. A more secure method for remote logins would be via Secure Shell (SSH) which uses varying degrees of encryption. Telnet Using Telnet The command to do remote logins via telnet from the command line is simple. You enter the word telnet and then the IP address or server name to which you want to connect. Here is an example of someone logging into a remote server named 192.168.1.74 from a debian remote machine. The user looks at something like this: SSH SSH ("Secure SHell") is a protocol for securely accessing one computer from another. Despite the name, SSH allows you to run command line and graphical programs, transfer files, and even create secure virtual private networks over the Internet. To use SSH, you will need to install an SSH client on the computer you connect from, and an SSH server on the computer you connect to. The most popular Linux SSH client and Linux SSH server are maintained by the OpenSSH project. The OpenSSH client is included in Ubuntu by default. Using ssh: The command to do remote logins via ssh from the command line is simple. You enter the word ssh and then the username you want to long in as followed by a '@' sign and IP address or server name to which you want to connect. SSH Here is an example of someone logging into a remote server named 192.168.1.74 from a debian remote machine. The user looks at something like this: DNS Domain Name Service (DNS) is an Internet service that maps IP addresses and fully qualified domain names (FQDN) to one another. In this way, DNS alleviates the need to remember IP addresses. Computers that run DNS are called name servers. Ubuntu ships with BIND (Berkley Internet Naming Daemon), the most common program used for maintaining a name server on Linux. Installation At a terminal prompt, enter the following command to install dns: sudo apt-get install bind9 Configuration There are many ways to configure BIND9. Some of the most common configurations are a caching nameserver, primary master, and as a secondary master. • When configured as a caching nameserver BIND9 will find the answer to name queries and remember the answer when the domain is queried again. • As a primary master server BIND9 reads the data for a zone from a file on it's host and is authoritative for that zone. • In a secondary master configuration BIND9 gets the zone data from another nameserver authoritative for the zone. DNS The DNS configuration files are stored in the /etc/bind directory. The primary configuration file is /etc/bind/named.conf. The include line specifies the filename which contains the DNS options. The directory line in the /etc/bind/named.conf.options file tells DNS where to look for files. All files BIND uses will be relative to this directory. The file named /etc/bind/db.root describes the root nameservers in the world. The servers change over time, so the /etc/bind/db.rootfile must be maintained now and then. This is usually done as updates to the bind9 package. The zone section defines a master server, and it is stored in a file mentioned in the file option. It is possible to configure the same server to be a caching name server, primary master, and secondary master. A server can be the Start of Authority (SOA) for one zone, while providing secondary service for another zone. All the while providing caching services for hosts on the local LAN. Logging - BIND9 has a wide variety of logging configuration options available. There are two main options. The channel option configures where logs go, and the category option determines what information to log. If no logging option is configured the default option is: logging { category default { default_syslog; default_debug; }; category unmatched { null; }; }; LAMP LAMP installations (Linux + Apache + MySQL + PHP/Perl/Python) are a popular setup for Ubuntu servers. There is a plethora of Open Source applications written using the LAMP application stack. Some popular LAMP applications are Wiki's, Content Management Systems, and Management Software such as phpMyAdmin. One advantage of LAMP is the substantial flexibility for different database, web server, and scripting languages. Popular substitutes for MySQL include PostgreSQL and SQLite. Python, Perl, and Ruby are also frequently used instead of PHP. While Nginx, Cherokee and Lighttpd can replace Apache. The fastest way to get started is to install LAMP using tasksel. Tasksel is a Debian/Ubuntu tool that installs multiple related packages as a co-ordinated "task" onto your system. To install a LAMP server type in the following command in the terminal promp: sudo tasksel install lamp-server After installing it you'll be able to install most LAMP applications in this way: • Download an archive containing the application source files. • Unpack the archive, usually in a directory accessible to a web server. • Depending on where the source was extracted, configure a web server to serve the files. • Configure the application to connect to the database. • Run a script, or browse to a page of the application, to install the database needed by the application. • Once the steps above, or similar steps, are completed you are ready to begin using the application. LAMP A disadvantage of using this approach is that the application files are not placed in the file system in a standard way, which can cause confusion as to where the application is installed. Another larger disadvantage is updating the application. When a new version is released, the same process used to install the application is needed to apply updates. Fortunately, a number of LAMP applications are already packaged for Ubuntu, and are available for installation in the same way as non-LAMP applications. Depending on the application some extra configuration and setup steps may be needed, however. FTP File Transfer Protocol (FTP) is a TCP protocol for downloading files between computers. In the past, it has also been used for uploading but, as that method does not use encryption, user credentials as well as data transferred in the clear and are easily intercepted. So if you are here looking for a way to upload and download files securely, see the section on OpenSSH instead. FTP works on a client/server model. The server component is called an FTP daemon. It continuously listens for FTP requests from remote clients. When a request is received, it manages the login and sets up the connection. For the duration of the session it executes any of commands sent by the FTP client. Access to an FTP server can be managed in two ways: Anonymous and Authenticated In the Anonymous mode, remote clients can access the FTP server by using the default user account called "anonymous" or "ftp" and sending an email address as the password. In the Authenticated mode a user must have an account and a password. This latter choice is very insecure and should not be used except in special circumstances. If you are looking to transfer files securely see SFTP in the section on OpenSSH-Server. User access to the FTP server directories and files is dependent on the permissions defined for the account used at login. As a general rule, the FTP daemon will hide the root directory of the FTP server and change it to the FTP Home directory. This hides the rest of the file system from remote sessions. vsftpd - FTP Server Installation - vsftpd is an FTP daemon available in Ubuntu. It is easy to install, set up, and maintain. To install vsftpd you can run the following command: sudo apt-get install vsftp