Survey
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Download Linux Administration
Document related concepts
no text concepts found
Transcript
T.Y. B.Sc. (IT) : Sem. V Linux Administration Time: 2½ Hrs.] Prelim Question Paper Solution [Marks : 75 Q.1 Attempt any TWO: [10] Q.1(a) What is Boot Strapping? Explain with the help of a diagram. [5] (A) Bootstrapping In operating systems, this term refers to the process in which a part of the operating system is brought into the Main Memory, with the processor executing it. "Bootstrapping" means starting up your computer. It involves all those stages, from the moment you power on your machine till the system is ready to log in. 6 Stages of Linux Boot Process (Startup Sequence) The following are the 6 high level stages of a typical Linux boot process. BIOS BIOS stands for Basic Input/Output System This is the first program to start when the machine is turned on. This is stored on the ROM on the computer’s chip. It does the POST (Power on self test). It checks for the functioning of the basic hardware of the system and displays the messages accordingly. It looks for the MBR(Master Boot Record) in cd-rom, or hard drive. You can press a key (typically F12 of F2, but it depends on your system) during the BIOS startup to change the boot sequence. Once the MBR program is detected and loaded into the memory, BIOS gives the control to it. So, in simple terms BIOS loads and executes the MBR which stores the boot loader. MBR MBR stands for Master Boot Record. It is located in the 1st sector of the bootable disk. Typically /dev/hda, or /dev/sda(sda1,sda2,sda3 are the partions on the hard disk) MBR is less than 512 bytes in size. It contains information about GRUB (or LILO in old systems). So, in simple terms MBR loads and launches the GRUB boot loader. GRUB GRUB stands for Grand Unified Bootloader. The bootloader is the software program. 1 Vidyalankar : T.Y. B.Sc. (IT) Linux If you have multiple kernel images installed on your system, you can choose which one to be executed. GRUB displays a splash screen, waits for few seconds, if you don’t enter anything, it loads the default kernel image as specified in the grub configuration file.(grub.conf in /boot) GRUB has the knowledge of the filesystem (the older Linux loader LILO didn’t understand filesystem). Grub configuration file is /boot/grub/grub.conf (/etc/grub.conf is a link to this). The following is sample grub.conf of CentOS. Kernel Kernel uncompresses itself first. This initially makes the hardware running Mounts the root file system. initrd is used by kernel as temporary root file system until kernel is booted and the real root file system is mounted. Now initial ramdisk is not required, so initrd goes away as we have the real disk now. It also contains necessary drivers compiled inside, which helps it to access the hard drive partitions, and other hardware. Login form is provided at this step. Now the control is transferred to Init in /sbin directory of FHS. Kernel executes the /sbin/init program Since init was the 1st program to be executed by Linux Kernel, it has the process id (PID) of 1. (Extra - ‘ps -ef | grep init’ and check the pid.) Init Looks at the /etc/inittab file to decide the Linux run level. Following are the available run levels 0 – halt 1 – Single user mode 2 – Multiuser, without NFS 3 – Full multiuser mode 4 – unused 5 – X11(full GUI based multiuser mode) 6 – reboot Init identifies the default initlevel from /etc/inittab and uses that to load all appropriate program. Id:5:initdefault (mentioned in the inittab file) Execute ‘grep initdefault /etc/inittab’ on your system to identify the default run level Typically you would set the default run level to either 3 or 5. Based on the number specified in the initdefault parameter of inittab file, the corresponding rcN.d file in /etc is executed. Runlevel programs and rc scripts When the Linux system is booting up, you might see various services getting started. For example, it might say “starting sendmail …. OK”. Those are the runlevel programs, executed from the run level directory as defined by your run level. Following are the available run levels 0 – halt 1 – Single user mode 2 – Multiuser, without NFS 3 – Full multiuser mode 4 – unused 5 – X11(full GUI based multiuser mode) 6 – reboot 2 Q.1(b) What is RAID? What are its different types? What are different levels of RAID? (A) RAID : Is an acronym for Redundant Array of Independent Disks? Used for maintaining copy of the data. [5] There are two types of RAID – hardware RAID and Software RAID. Hardware RAID – in H. RAID, the disks have their own RAID controller with built in software that handles RAID disk setup. The controller is a card in one of the system’s expansion slots. Or it may be built onto the system board. The O/S does not control the RAID level used, it is controlled by the hardware RAID controller. Software RAID – there is no RAID controller card. The O/S is used to set up a logical array and the O/S controls the RAID level used by the system. Six RAID levels are commonly used. The three most commonly used RAID levels are RAID level 0 – stripping This level requires at least two disks and uses a method called striping that writes data across both drives. There is no redundancy provided by this level of RAID, since the loss of either drive makes it impossible to recover the data. This level does give a speed increase in writing to the disks. RAID level 1 – Mirroring This level requires at least two disks and uses a method called mirroring. With mirroring, the data is written to both of the drives. So, each drive is an exact mirror of the other one and if one fails the other still holds all the data. There are two variants to level 1 with one variant using a single disk controller that writes to both disks. The other variant uses two disk controllers, one for each disk. This variant of RAID level 1 is known as duplexing. RAID level 2 – Error Checking and Correction Requires minimum 3 disks. RAID 2 adds error checking and correcting checksums to RAID-1. ECC is Error correcting code in which each data signal confirms to specific rules of construction so that departures from this construction in the received signal can generally be automatically detected and corrected. RAID 2 A1 B1 C1 D1 Disk 0 A2 B2 C2 D2 Disk 1 A3 B3 C3 D3 Disk 2 A4 B4 C4 D4 Disk 3 Ap1 Bp1 Cp1 Dp1 Disk 4 Ap2 Bp2 Cp2 Dp2 Ap3 Bp3 Cp3 Dp3 Disk 5 RAID level 3 – Byte-Level Striping with Parity Disk Requires minimum 3 disks. It does striping, like RAID-0, but at a very small granularity. It also adds parity disks which helps in error detection and recovery. Disk 6 RAID 3 A1 A4 B1 B4 A2 A5 B2 B5 A3 A6 B3 B6 Ap(13) Ap(46) Bp(13) Bp(46) Disk 0 Disk 1 Disk 2 Disk 3 Vidyalankar : T.Y. B.Sc. (IT) Linux RAID level 4 – Block-Level Striping with Parity disk requires minimum 3 disks. It attempts to add error checking and recovery to RAID-3 by doing block level striping with the addition of a single parity disk. RAID 4 A1 B1 C1 D1 A2 B2 C2 D2 A3 B3 C3 D3 Ap Disk 0 Disk 1 Disk 2 Disk 3 RAID level 5 – Block-Level Striping with Distributed Parity It requires at least three disks and uses striping to write the data across the two disks similarly to RAID 1. But unlike 1, this level uses the third disk A1 B1 to hold parity information that can be used to C1 reconstruct the data from either, but not both, of Dp the two disks after a single disk failure. Disk 0 Bp Cp Dp RAID 5 Ap A2 B2 Cp D1 A3 Bp C2 D2 B3 C3 D3 Disk 1 Disk 2 Disk 3 The information of system’s RAID configuration is stored in /etc/traidtab . Q.1(c) Draw and explain the architecture of a UNIX OS. (A) Shell [5] Applications System calls Kernel Kernel It is the core/heart of the operating system. It interacts with hardware and most of the tasks like memory management, task scheduling and file management. Shell Shell is the utility that process your requests. A command typed in at the terminal, is interpreted by the shell and calls the program that you want. Applications Commands, utilities, File and Directories are covered. All files in UNIX are organized into a tree like structure called the filesystem. These are over 250 standard commands that come along with various options. Q.1(d) Explain the features of Linux in detail with different Linux Distributions. [5] (A) Features of Linux Multiuser : Linux system can support from 1 to 1000 users. It supports several users to login on the same machine at the same time. 4 Multitasking : Linux is a full multitasking system, and each user can run a different set of programs and use all of the system resources simultaneously. Multithreading : Linux has native kernel support for multiple independent threads of control within a single process memory space. Multiplatform : Linux runs on many different CPUs that means, it supports multipropcessor machine. Multipprocessor : Linux allows dynamic assignment of a program to one or two or more computers or can involve multiple computers working on the same program at the same time. Different Linux distributions : 1) Debian : It is used as a base for many other distributions. It provides security. Debian foundation is based on Open-Source philosophy with privilege to repositories containing thousands of software packages ready for installation and use. Debian focuses mainly on three branches : Stable(latest release), Unstable (branch that is in perpetual evolution) and testing (next release to be). 2) Ubuntu : refers to a distribution based on unstable branch of Debian distribution, which facilitates with best looking desktops. It encompasses features like hardware compatibly and eases of installation, fast release cycle, up to date and various packages. 3) Fedora : comes with efficient graphical interface, strong corporate backing and configuration tools. It serves as a general purpose distribution and is suitable for both server as well as desktop applications, as this distribution is tailored with different apps and functionality. Q.2 Attempt any TWO: [10] Q.2(a) How is DHCP client configured? Explain. [5] (A) Configuring the DHCP client Be sure that the NIC is properly configured and recognised by the system. Then tell the system that the IP information is to be obtained by the DHCP server by doing the following steps – Open the file - /etc/sysconfog/network-scripts/ifcfg-eth0 in the editor. Find the BOOTPROTO = static. Change static to dhcp. Save the changes. Restart the network by issuing the command service network restart and the system will receive its IP information from the DHCP server. Q.2(b) State the number of subnets, subnet mask and number of hosts for Class B subnets with 2, 3, 4 and 5 bits (A) No. of bits No. of Subnets Subnet mask No. of hosts 2 4 = 22 255.255.192.0 16382 3 3 6=2 255.255.224.0 8190 4 8 = 24 255.255.240.0 4094 5 16 = 25 255.255.248.0 2046 [5] Q.2(c) Explain the concept of NFS with suitable example. [5] (A) NFS is the most common method to share files across Linux networks. It is a distributed file system that enables local access to remote disks and file systems. Vidyalankar : T.Y. B.Sc. (IT) Linux With proper network connection one can access files and directories that are physically located on another system or even in a different city or country using standard Linux commands. It’s a common and popular file sharing protocol. It follows standard Client/server architecture principles. Server side The server component of NFS consists of the physical disks that contain the file system one wants to share and several daemons that make these shared file systems visible to and available for use by client systems on the network. When an NFS server is sharing a file system in this manner, it is said to be Exporting a file system. Similarly, the shared file system is referred to as NFS Export. Client side On the client side, an NFS client simply mounts the exported file systems locally. The mounted file system is known as an NFS Mount. Example : NFS server configuration and status files. The server configuration file is /etc/exports, with the following format. > dir host [options)] wheredir is a directory or a file system to export, host specifies one or more hosts permitted to mount dir, options specifies one or more mount options. Sample of /etc/exports file : /usr/local/ *.linuxpracts.com (ro) /home 192.168.0.0/255.255.255.0 (ro) /var/tmp 192.168.0.1 (ro) The first line permits all hosts with the name of somehost.linuxpracticals.com to mount /usr/local in read only format. the format Configuring the NFS client : Configuring a client system to use NFS involves 1) Making sure that the portmapper daemon is available. 2) The NFS file locking daemons –stated and locked are available. 3) Mounting the exports using the mount command. Syntax : mount -t nfs hostname:/file system mountpoint Example : mount –t nfs 192.168.0.1:/var/tmp exp1 Q.2(d) What are the general, server-specific and client-specific NFS security issues? [5] (A) General NFS Security Issues /etc/exports file is one NFS weakness. If the cracker is able to take over a trusted address, the address listed in /etc/exports, then the exported NFS mounts are accessible by the crackers. Another NFS weakness is a Normal NFS file system access controls that take over once a client has mounted an NFS export: Once an NFS export has been mounted, normal user and group permissions on the files take over access control. The first line of defence against these two weaknesses is to use host access control to limit access to services on the system, mainly the portmapper, which is a target of exploit attempt. 6 Similarly, one should add entries in /etc/hosts.deny lockd,statd,mountd and rquotad. Use of IP packet firewalls, using netfilter, increases NFS server security. Server Security Issues On the server, always root_squash option in /etc/exports should be used. While root_squash in place, the server substitutes the UID of the anonymous user for root’s UID/GID(0), meaning that a client’s root account cannot change files that only the server’s root account can change. NFS also helps in maintaining a secure server through secure mount option, as this mount option is one of the default option in mounted applies to all exports unless explicitly disabled using insecure option Client Security Issues On client, SUID (setUID) root program on NFS mounts should be disabled using the nosuid option. This nosuid mount option prevents a server’s root account from creating an SUID root program on an exported file system, logging in to the client as a normal user and then using the UID root program to become root on the client. NFS versions 3 and 4 support NFS file locking. NFS clients must run stated and locked in order for NFS file locks to function correctly. In summary, using TCP wrappers, the secure, root_squash and nosuid options and the sturdy packet filters can increase the overall security of the NFS setup. Q.3 Attempt any TWO: Q.3(a) On a Linux machine a directory named/home/newusr/TYIT is to be accessed from windows machine. Write the configuration to carry out this task. (A) [global] workgroup = METRAN encrypt passwords = yes wins support = yes log level = 1 max log size = 1000 read only = no [homes] browsable = no map archive = yes [printers] path = /var/tmp printable = yes min print space = 2000 [10] [5] [test] browsable = yes read only = yes path = /home/newusr/TYIT Q.3(b) Distinguish between NFS and SAMBA Server. [5] (A) The difference between Samba and NFS is primarily that Samba uses the SMB protocol which is considered "standard" for PCs (Windows and OS/2 both have built in support for it, a free client is also available for DOS, I'm not sure about MacOS), whereas NFS uses its own protocol (usually just called "NFS") which is not commonly available for PCs (NFS clients do exist for operating systems other than UNIX/Linux, but they're usually neither free or easy to setup). Vidyalankar : T.Y. B.Sc. (IT) Linux Samba's SMB protocol allows the server machine to handle authentication, so it can decide what files the client has access to base on the particular machine and user connecting. NFS by default trusts all client machines completely (it's really not intended to share files to unsecured workstations) and lets the client machines handle authentication all on their own (once an NFS server has been told to accept connections from a client machine the client does not require any further server-side authentication, and can do anything it wants with the filesystem NFS gives it access to). SMB does not (directly) support UNIX style file permissions, so it is probably a bad idea to routinely use it to map filesystems between machines which expect this information to be present and mutable, NFS of course supports all standard UNIX file information (this also means that SMB is fine for accessing a UNIX filesystem from a Windows machine, but not so hot the other way around). Network File System (also known as NFS) is a protocol developed by Sun Microsystems. It allows a user on a computer to access files that are sent across a network – similar to the way one accesses local storage. It is most common in systems with a similar composition to the UNIX system Samba is a re-implementation of SMB/CIFS networking protocol (meaning a re-imaging of Server Message Block – or Common Internet File System). As with the NFS, Samba runs most naturally on a system with qualities not unlike those of the UNIX systems. It comes standard with almost every distribution of Linux, and is used as a basic system service on all other UNIX-based systems. a. NFS is a protocol that allows a user to access files over a network; Samba is essentially a re-imaging of the Common Internet File System. b. NFS has four versions, the newest of which includes a stateful protocol; Samba has multiple versions, the latest of which allows file and print sharing between multiple computers. NFS is developed from SUN Micro systems for file sharing Solaris/UNIX like system samba is developed for sharing objects like file/printer between UNIX like system and windows. NFS is a way to mount remote file systems on an inode (UNIX) system so they look local. Samba is a way to manage Windows network file systems on a Linux platform. NFS is a protocol that allows a user to access files over a network; Samba is essentially a re-imaging of the Common Internet File System. NFS has four versions, the newest of which includes a stateful protocol; Samba has multiple versions, the latest of which allows file and print sharing between multiple computers. NFS is a protocol native to UNIX systems, while Samba is a program that provides SMB, a protocol native to Windows systems. Linux supports both as file systems. From the point of view of a Windows user, SMB may be the only available option. NFS isn't supported by Windows without additional software. Q.3(c) How are samba users created? Explain. (A) Creating samba users to use the samba server, samba users have to be created. On the command prompt, write the following commandsmbpasswd –a Kumar (where Kumar is a local user) New SMB password: Retype new SMB password: Added user Kumar Starting the samba server Service smb start 8 [5] Q.3(d) List NTP utility programs. Write purpose of any four. (A) NTP utility programs are as follows : 1) ntpdate Sets the system date and time via NTP 2) ntpdc Controls the htp daemon, ntpd 3) ntpkeygen Generates public and private keys for use with NTP 4) ntpq Queries the ntp daemon 5) ntprim Provides ntp simulation for development and testing 6) ntptime Displays the time variables maintained by Linux kernel. 7) ntptrace Traces a chain of NTP servers back to the primary source. 8) tickadj Sets certain time variables maintained by the Linux kernel. [5] Q.4 Attempt any TWO: [10] Q.4(a) What is zone file? Explain with suitable example. [5] (A) Zone files contain resource records (RR) about IP addresses. Atypical zone file is shown in A zone file can contain many types of RRs, which are listed in the order in which they generally appear in the zone files, and explained next. SOA — Start of Authority The start of authority (SOA) is the first line in the zone file. The SOA identifies the name server as the authoritative source for information about that domain. Each zone file has only one SOA, and it contains the following data: @ IN SOA main.tactechnology.com. mail.tactechnology.com. (/2000052101 ; Serial 8h ;Refresh 2h ;Retry 1w ;Expire 1d) ;Minimum TTL The first character in the SOA line is a special symbol that means “to look at this domain.” IN means Internet. SOA means Start of authority. In this example, the authoritative server for this domain is main .tactechnology.com., and mail.tactechnology.com. is the e-mail address of the administrator. Note the trailing period after the domain names. If these are not included, the domain name is appended to the entry. The opening parenthesis enables the first line to be extended so that anything between the opening and closing parenthesis is considered one line. The information within the parenthesis is passed to other name servers, secondary masters that use this information to update their records. The line containing 2000052101 ; Serial is the serial number of the file. Secondary servers compare Vidyalankar : T.Y. B.Sc. (IT) Linux this number with their stored information. If the numbers are the same, the information has not changed, and it is not necessary to download this file. If the serial numbers are different, the file is downloaded to update the information in the secondary server. The serial number can be any number desired as long as it can be incremented to indicate a revision to the file. The semicolon indicates that what follows to the end of the line is a comment. Refresh — The amount of time the server should wait before refreshing its data. Retry — The amount of time the server should wait before attempting to contact the primary server if the previous attempt failed. Expire — Means that if the secondary master is unable to contact a primary master during the specified period, the data expires and should be purged. TTL — Specifies the time to live for the data. This parameter is intended for caching name servers and tells them how long to hold the data in their cache. Q.4(b) State and explain E-Mail service and its components. [5] (A) SMTP (pronounced as separate letters) Short for Simple Mail Transfer Protocol, a protocol for sending e-mail messages between servers. Most e-mail systems that send mail over the Internet use SMTP to send messages from one server to another; the messages can then be retrieved with an e-mail client using either POP or IMAP. In addition, SMTP is generally used to send messages from a mail client to a mail server. This is why you need to specify both the POP or IMAP server and the SMTP server when you configure your e-mail application. POP3 The full form is Post Office Protocol. This protocol is a part of email process. POP3 was developed to solve the problem of what happens to messages when the recipient is not connected to the network. POP3 runs on a server that is connected to a network and that continuously sends and receives mail. The POP3 server stores any messages it receives until the message recipient request them. Without POP3, MUA and MTA cannot communicate. If one wants to read the mail, he needs POP3 to retrieve messages that arrive at his MTA while he is offline. POP3 uses the MTA’s storage to hold messages until they are requested. When users want to check their email, they connect to the POP3 server and retrieve messages that were stored by the server. After retrieval, the messages are stored locally and one can his MUA on his PC to read them at his leisure. IMAP4 Full form – Internet Massage Access Protocol version 4. It provides much more sophisticated email-handling functionality than POP3 does. IMAP4 enables one to store email on a networked mail server. IMAP4 enables mail to reside permanently on a remote server, from which one can access his mail. Mail retrieval can be done from any device, office PC, PDA, cell phone etc. The usual mail delivery process involves three components, a mail user agent (MUA), a mail transfer agent (MTA) and a mail delivery agent (MDA). Components : Mail user Agent To be able to send mail, users need a program called a mail user agent which is widely referred to as mail client. 10 The MUS provides users an interface for reading and writing email messages. Two types of MUAs are available: those that have a graphical user interface(GUI) such as thunderbird or Kmail, and those that have a command line interface(CLI), such as Mutt or elm. Whether MUA is GUI or CLI, the functionality is the same. After composing an email message, the MUA sends it to a MTA which transmits the message across the network. Mail Transfer Agent It is a program that sends the message across the network. MTA works without any intervention by the user. The MTA reads the information in the To: section of the email message and determines the IP address of the recipient’s mail server. Then the MTA tries to open a connection to the recipient’s server through a TCP/IP port, typically port no 25. MTA queries. MTAs query a domain’s DNS mail exchanger to determine the host that is responsible for receiving mail for that domain. If the MTA on the sending machine can establish a connection for the destination MTA, it transmits the message using the SMTP. Mail delivery Agent After MDA receives the message from MTA, it stores the new message in the recipient’s mail spool. Mail spool is always identified by the recipient’s user name. Q.4(c) Explain use of ssh, scp, sftp services. [5] (A) ssh It is a secure shell program. It is used for logging into a remoter machine and executing commands in a remote machine. It provides secure, encryptes communications between hosts. The host name to login should be specified. When the username is specified in the ssh command line, it demands for the password. Example : # ssh node5 Log on securely to node5. # [email protected] Log on to mylab.testra.edu as user user1. scp This command securely copies files over the network. Example : Putting of a single file – # scp myfile1.dat mylab.textra.edu:data1.txt Getting of a single file # scp mylab.textra.edu:data1.txt ./ It copiesnfile data1.text form your home directory of node4 to your current working directory on your local server. sftp Is used to transfer files to and from a remote computer. It is interactive and secure. Vidyalankar : T.Y. B.Sc. (IT) Linux Once connected to the remote computer, giving a password if necessary, you can type the following interactive commands to change directories and to transfer files between your local computer and the remote computer. get filename Retrieves remote file and stores it to local computer. put filename Upload local file to store on remote computer. cd path Change remote directory to path Ls List remote files Lls List local files lcd path Change local directory to path Quit Quit sftp Help Display help text Example : # sftp 192.156.1.0 Enter password : sftp> use the above commands. #sftp [email protected] Connect to mylab.testra.edu using username user1. Q.4(d) Explain the files required to configure DNS server. [5] (A) Examining Server Configuration Files The three required files are named.conf — found in the /etc directory, this file contains global properties and sources of configuration files. named.ca — found in /var/named, this file contains the names and addresses of root servers. named.local — found in /var/named, this file provides information for resolving the loopback address for the localhost. The two files required for the master domain server are zone - this file contains the names and addresses of servers and workstations in the local domain and maps names to IP addresses. reverse zone - this file provides information to map IP addresses to names. 1. /etc/named.conf The named.conf file Commands are passed to the file in the form of statements. Seven configuration Statements can be used. These are listed here with a brief explanation of their function. options— lists global configurations and defaults include— gets information from another file and includes it acl— specifies IP addresses used in an access control list logging— specifies log file locations and contents server— specifies properties of remote servers zone— specifies information about zones key— specifies security keys used for authentication 2. The named.ca file The first zone file is known as the cache file, and it references a file called named.ca, which contains information about the world’s root name servers. This information changes and needs to be updated periodically. 12 3. The named.local file The next zone file contains information about the localhost. The file referenced here is named.local and contains information about the local domain. 4. Zone files The DNS zone file is text based database file that describes a portion of the domain name system(DNS) called a DNS zone. A zone contains mapping between domain name and ip addresses and other resources records (RR) Zone files contain resource records (RR) about IP addresses. 5. The reverse zone file The last zone file shown in the named.conf file is called tac.rev. This file is used to provide information for reverse lookups. Name also can be found out from an IP number, and this is called reverse address resolution. Q.5 Attempt any TWO: [10] Q.5(a) What are the features of Postfix Mail Server? Explain its primary configuration file. [5] (A) Postfix is a mail server that handles thousands and tens of thousands of messages per day, so it probably provides all of the functionality needed. Configuring Postfix Configuration file is /etc/postfix/main.cf. The mydomain variable specifies your domain name: mydomain = example.com The myhostname variable identifies the local machine’s fully qualified domain name: myhostname = coondog.example.com The myorigin variable identifies the domain name appended to unqualified addresses myorigin = $mydomain this causes all mail going out to have your domain name appended. Thus, if the value of mydomain is possum_holler.com and your username is bubba, then your outgoing mail will appearto come from bubba@possum_holler.com. The mydestination variable tells Postfix what addresses it should deliver locally. For a standalone workstation, which is a system that is connected directly to the Internet and that has some sort of domain name resolution sunning, you want mail to that machine and to localhost delivered locally, so the following entry should suffice: mydestination = $myhostname, localhost, localhost.$mydomain Postfix supports a larger number of configuration variables than the four just needed, but these are the mandatory changes you have to make. Create or modify /etc/aliases. At the very last, you need aliases for Postfix, postmaster and root in order for mail sent to those addresses to get a real person. postfix : root postmaster : root root : bubba After creating or modifying the aliases file, regenerate the alias database using : Postfix’s newaliases command: #/usr/sbin/newaliases You are ready to start postfix: #service postfix start Vidyalankar : T.Y. B.Sc. (IT) Linux Q.5(b) What are the files required for the configuration of VSFTPD? Explain. (A) Files Description /usr/sbin/vsftpd This is the main vsftpd executable. It is the daemon itself. /etc/vsftpd/vsftpd.conf This is the main configuration file for the vsftpd daemon. It contains many directives that control the behavior of the FTP server. /etc/vsftpd/ftpusers Text file that stores the list of users not allowed to log into the FTP server. /etc/vsftpd/user_list Text file used to either allow or deny access to users listed. Access is denied or allowed according to the value of the userlist_deny directive in the vsftpd.conf file. /var/ftp This is the FTP server’s working directory. /var/ftp/pub This serves as the directory that holds files meant for anonymous access to the FTP server [5] Q.5(c) How to configure user level ftp access? [5] (A) To configure user level ftp access, /etc/vsftpd/ftpusers file is used. It contains the list of user or account names that are not allowed to log in using FTP. This file is used to increase security. For example, if a cracker somehow obtains the root password and tries to log in as root using FTP, the login attempt will fail. This file is used to prevent privileged user accounts, such as root, from using FTP to obtain access to the system. The following code shows the default /etc/vsftpd/ftpusers file root bin daemon adm lp sync shutdown halt mail news uucp operator games nobody So to prevent the username ‘bubli’ from logging in to the system via FTP, add ‘bubli’ to the end of /etc/vsftpd/ftpusers. Q.5(d) Explain any five parameters of vsftpd.conf file. [5] (A) (i) anonymous_enable – allows or disallows anonymous FTP access. anonymous_enable=YES/NO (ii) write_enable – YES/NO – allows or disallows all variations of the FTP commands that allow FTP users to modify the file system. (iii) chown_username – the user mentioned here is allowed to login via ftp. chown_username=whoever (iv) ftpd_banner - displays a site specific banner message when users connect to the servers ftpd_banner=”Welcome to FTP service”. 14 (v) dirmessage_enable – through this, vsftpd displays the contents of a file named .message. dirmessage_enable=YES/NO Q.6 Attempt any TWO: [10] Q.6(a) Explain the working of Apache web server. [5] (A) How Web Servers Work? The Web client (a browser in this case) first performs a DNS lookup on the server name specified in the URL, obtains the IP address of the server, and then connects to port 80 at that IP address (or another port if the server is not using the default HTTP port). When the connection is established, the client sends an HTTP GET request for the document in the URL, which could be, among other possibilities, a specific HTML document, an image, a script, or a directory listing. After the server receives the request, it translates the document URL into a filename on the local system. For example, the document URL http://localhost/~kwall/news.html might become /home/kwall/public_html/news.html. Next, Apache evaluates whether or not the requested document is subject to some sort of access control and requests a user name and password from the client or rejects the request outright, depending on the type of access control in place. If the requested URL specifies a directory (that is, the URL ends in /) rather than a specified document, Apache looks for the directory index page, index.html by default, and returns that document to the client. If the directory index page does not exist. Apache might send a directory listing in HTML format back to the client or send an error message, depending on how the server is configured. The document can also be a specially written script, a CGI (Common Gateway Interface) script. In this case, Apache executes the script, if permitted to do so, and sends the results back to the client. Finally, after Apache has transmitted the requested document and the client receives it, the client closes the connection and Apache writes an entry in one or more log files describing the request in varying levels of detail. Q.6(b) Write an SSI page that will display the long listing of the directory /home/tyit. (A) Create a new file having .shtml extension and place it in “/var/www/html/” directory. <html> <head> SSI Test Page </head> <body> <center> SSI Test Page Output <hr> <p> The listing of the directory /home/tyit - : <p> <!--#exec cmd="ls /home/tyit" --> <hr> </body> </html> SSI directive look like HTML comments. The general format is <!-- #element attribute=value [5] Vidyalankar : T.Y. B.Sc. (IT) Linux Q.6(c) Explain the files/etc/passwd and /etc/shadow and their fields. [5] (A) /etc/passwd stores all the user details. Whenever a new user is created, an entry is made in /etc/passwd. It stores the username, the user ID, group ID, the home directory and the shell used by the user. eg. logon : x: 501: 501: /home/logon:/bin/bash /etc/shadow contains hashed (encrypted) passwords for the users in /etc/passwd. The passwords are encrypted using md5 algo. Q.6(d) How is virtual server configured? Explain virtual server configuration directives. [5] (A) Virtual Servers The next section consists of the directives that are required to make settings for a virtual hosts. It allows configurations through which web request is sent to different IP addresses or hostnames and are handled by the same Apache Server process. Virtual hosts can be categorised in two forms > IP bases virtual hosts > Name based virtual hosts. The virtual server configuration directiveDirective Description <virtualHostipaddr[:port]> Defines the virtual host whose IP address is addr. <VirtualHost> Default server NameVirtualHostipaddr[:port] Defines the IP address for an namebased virtual host. ServerAliasltname It enables the virtual server to respond to one or more alternate hostnames when used with name-based virtual hosts. Starting and stopping Apache #service httpd start #service httpd stop #service httpd restart #service httpd reload #service httpd configtest – to tell Apache to parsr its configuration files and display an error message when detects any error. Q.7 Attempt any THREE: Q.7(a) State any 5 linux supported file systems and explain ext3 and ext 2. (A) 5 Linux Supported File System 1. ext3 2. ext2 3. Reiser 4. FAT 5. NTFS [15] [5] ext2(non-journaling file system) xt2 stands for second extended file system. ext2 does not have journaling feature. On flash drives, usb drives, ext2 is recommended, as it doesn’t need to do the over head of journaling. Can handle file systems up to 4 TB It supports long file names up to 1012 characters. In case user processes fill up a file system, ext2 normally reserves about 5% of disk blocks for exclusive use by root so that root can easily recover from that situation. Ext3 16 [2 marks] Ext3 stands for third extended file system. Starting from Linux Kernel 2.4.15 ext3 was available. The main benefit of ext3 is that it allows journaling. Journaling has a dedicated area in the file system, where all the changes are tracked. When the system crashes, the possibility of file system corruption is less because of journaling. (If no journaling, then fsck commend(file system consistency check) is used to check for the corrupted file and to repair that file). Under ext2, when a file system is uncleanly mounted, the whole file system must be checked. This takes a long time on large file systems. ext3 keeps a record of uncommitted file transactions and applies only those transactions when the system is brought back up. Maximum individual file size can be from 16 GB to 2 TB Overall ext3 file system size can be from 2 TB to 32 TB You can convert a ext2 file system to ext3 file system directly (without backup/restore). Q.7(b) What are the files required to be changed when we setup a new system or move [5] the system from one loction to another? (A) Whenever a new system is set up to work on a new network, a set of files needs to be modified to get it working on new network. 1) Setting up the IP Address-/etc/sysconfig/network-scripts/ifcfg-eth0 To set up the IP address on the network interface, the following file has to be changed /etc/sysconfig/network-scripts/ifcfg-eth0 Setting up the IP address on the network interface identifies the computer on the network. Open the file /etc/sysconfig/network-scripts/ifcfg-eth0. Insert the interface’s IP address on the line that says IPADDR= “ ” Check the following lines also. BROADCAST=192.168.1.255” NETMASK=”255.255.255.0” DEVICE =”eth0” BOOTPROTO=”static” BROADCAST=192.168.1.255” NETASK=”255.255.255.0” NETWORK=”192.168.1.0” ONBOOT=”yes” USERCTL=no Once, the IP address is added, restart the network service by the command – “service network restart”. Then check the changed ipaddress with the command - ifconfig. 2) Setting up the Hostname - Choose the host name. It has to be added in two different places /etc/sysconfig/network /etc/hosts In /etc/sysconfig/network HOSTNAME = “JERRY” /etc/hosts Change the first line in the file by adding the host name 127.0.0.1 JERRY localhost:localdomain And reboot the machine. Vidyalankar : T.Y. B.Sc. (IT) Linux 3) Setting up the DNS Name resolution - resolv.conf. The program that resolves hostnames to IP addresses reads a file called resolv.conf. In this file DNS server’s IP address can be put with the name given to the server. Multiple name servers can be added in this file. If one doesn’t respond , the control shifts to the other host. > nameserver1.2.3.4 > nameserver1.2.3.5 > nameserver1.2.3.6 On the local machine, try this with the ping command. If the local machine’s address is 192.168.0.1 and the name given to it is “MyServer”, then try to ping MyServer by the following command. ping MyServer 4) Starting up network service from xinetd In computer networking, xinetd (extended Internet daemon) is an open-source superserver daemon which runs on many Unix-like systems and manages Internet-based connectivity. Xinetd is started on bootup and listens on ports designated in the /etc/xinetd.conf for incoming network connections. Multiple network services, for ex, telnet, talk, etc. are stored in the file xinetd.d. One should disable any unnecessary services from being started from xinetd as a part of securing the system. For example : telnet For example to disable telnet service, look in /etc/xinetd.d for a file telnet. And change the following line disable = no, and make it to yes to disable the telnet service. After the changes are saved, the xinetd service should be restarted by the following command. Service xinetd restart 5) Starting up network services from the rc Scripts – /etc/rc3.d directory. Network services that are not started out of xinetd are started out of the rc scripts at boot time. Network services started at the default boot level 3 are started out of the /etc/rc3.d directory. This file has the names of the services to start or stop. The script to start the service starts either an S and the kill script starts with a K. For example, SSH is started from /etc/rc3.d/S55sshd and killed upon shutdown from /etc/rc6/d/K25sshd. Q.7(c) Explain the steps to configure caching proxy server on Linux. (A) The web proxy is called as Squid. Configuring Squid The Squid configuration file is /etc/squid/squid.conf. Key Squid Configuration Parameters Parameters Default values Description Cache_effective_group Squid Identifies the group Squid runs as Cache_effective_user Squid Identifies the user squid runs as Httpd_acce1_host None Defines the hostname of the real HTTP server Httpd_accel_with_proxy Off Controls whether Squid runs as both an cache and a proxy 18 [5] Httpd_accel_port Httpd_access 80 Deny all Defines a port number of real HTTP server Defines who can access the Squid server. The following listing shows the changes to make /etc/squid/squid.conf : cache_effective_user squid cache_effective_group squid httpd_acce1_host squid.example.com httpd_accel_with_proxy on httpd_accel_uses_host_header on httpd_access allow all Initialize squid\’s cache using squid –z command. Q.7(d) Explain the two programs used to check the DNS configuration. [5] (A) The command dig is a tool for querying DNS nameservers for information about host addresses, mail exchangers, nameservers and related information. Example : dig mt-example.com The output tells the technical details about the answer received from DNS server. Finally it tells the ip address of mt-example.com as ;; ANSWWER SECTION Mt-example.com 28626 IN A 205.190.150.66 The quick way to get the answer only is : dig mtiexamplke.com +short host – is a simple utility for performing DNS lookup. It is normally used to convert names to IP addresses and vice versa. host [name] [server] name is a domain name that is to be looked up. It can also be an ip address. In which case host will by default perform a reverse lookup for the address. Server is an optional argument which is either the name or IP address of the name server that host should query instead of the server or servers listed in /etc/resolv.conf [5] Q.7(e) Write the purpose of following vsftpd configuration directives : (i) anonymous_enable (ii) writeenable (iii) ftpd_banner (iv) banned_email_file (v) chown_username (A) (i) anonymous_enable anonymous_enable=YES, allows anonymous FTP access. You can set this to NO if you do not want to enable anonymous FTP. (ii) write_enable write_enable=YES enables all variations of the FTP commands that allow FTP users to modify the file system, such as STOR (the FTP put and mput commands for uploading files) and DELE (the FTP del command for deleting files). As a rule, it is unwise to permit FTP users to modify the file system, so if security is a concern, you might consider disabling write commands by setting write_enable to NO. (iii) ftpd_banner The ftpd_banner directive allows you to display a site-specific banner message when users connect to the server. For example, the directive ftpd_ banner=* * * * Welcome to the Possum Holler FTP Server * * * * looks like the following when users first log in: 220 * * * * Welcome the Possum Holler FTP Server * * * * Vidyalankar : T.Y. B.Sc. (IT) Linux (iv) banned_email_file If you want to deny access to your server based on the email address providedas part of an anonymous login, uncomment the deny_email_enable = YES and put the email addresses you want to deny access into a file named /etc/vsftpd.banned_emails. If you want to store the banned addresses in a different file, uncomment the banned_email_file=/etc/vsftpd.banned_ emails directive and change the filename. (v) chown_username – the user mentioned here is allowed to login via ftp. chown_username=whoever Q.7(f) What are the changes in Apache 2? [5] (A) The build system was rewritten to use the standard GNU build tools, namely, sutoconf and libtool. A new API for modules removes most requirements for loading modules in a certin order. Apache 2 supports IPv6 on those systems that have IPv6. Apache’s regular expression support has been replaced using Perl-Compatible Regular Expression (PCRE). HTTP error messages generated by the server can be displayed in multiple languages using server-side includes (SSI). Filters to modify the httpd input or output stream can be implemented as modules, ionproving the performance of those filters. The configuration language has been simplified and rationalised. Confusing directives such as Port and BindAddress have been replaced by Listen. 20
