User:Saransh007/sandbox

xanxjasbdsjncjsncskcdsvd v dev edv ew e vevvvvvvvvvvbgvr vbg r bewe

Linux server configuration, administration and network security for the Computer Science Department, SRMCEM, Lucknow. 1 CS Department, SRMGPC, Lucknow CHAPTER 1 1.1 Introduction Linux is a term used for Unix-like computer operating systems based on the Linux kernel developed by Linus Torvalds. Its development is one of the most prominent examples of free and open source software collaboration; that is all the underlying source code can be used, freely modified, and redistributed, both commercially and non-commercially, by anyone under licenses such as the GNU. Linux can be installed on a wide variety of computer hardware, ranging from embedded devices such as mobile phones, smart phones and wristwatches to mainframes and supercomputers. Linux is predominantly known for its use in servers; in 2007 Linux's overall share of the server market was estimated at 12.7%, while surveys performed in 2008 says that almost 60% of all web servers ran Linux. Most desktop computers run either Mac OS X or Microsoft Windows, with Linux having only 1–2% of the desktop market. However, desktop use of Linux has become increasingly popular in recent years, partly owing to the popular Ubuntu distribution and the emergence of net books, smart books. Linux server configuration, administration and network security for the Computer Science Department, SRMCEM, Lucknow. 2 CS Department, SRMGPC, Lucknow CHAPTER 2 2.1 Comparison between Windows Server & Linux Server 1) Heavy user load: Linux SSH server has ability to withstand heavy accessing load, results have been proved when around 400 logins were handled on the server and around 700 processes were running on the system. 2) Programmable modules: Since the Open source nature of the packages and the kernel we can easily manipulate the regular working of the server and this has been proved by the implementation of the secured run level through the ―lconf‖ module. 3) Least virus problem: Since .exe files are not recognized by the Linux file system thus there are least chances of system crash. Results have been proved by not using any form of antivirus program on the server for the whole year and the working of the system remained the same. 4) Stability & Robustness: Linux/Unix operating systems has traditionally been believed to be very stable and robust. A web site housed on a Linux operating system will have very high up-time (of the order of 99.9%). Of course, other factors such as power supply, network admin skills, and network load etc. also matter when it comes to maintaining the system uptime. 5) Low TCO: The Linux OS comes free of cost (or at very insignificant cost, usually cost of distribution). Also, it has fully fledged servers, and desktop applications that come free along with the OS. These server applications (such as FTP, Web Server, DNS Server, File Server etc.) are also very stable and available free of cost. 6) File extensions: We can use almost all types of file extensions (or scripts) when using Linux Web server. The most common extensions that are supported by Linux includes: .cgi, .pl, .php, and .asp (with plug-in), .xml, and others. 7) Easy to move between hosts: A web site designed to be hosted on a Linux based web server can be hosted on a Windows web server easily, where as the reverse is not always true. This provides flexibility in changing hosts as required. Linux server configuration, administration and network security for the Computer Science Department, SRMCEM, Lucknow. 3 CS Department, SRMGPC, Lucknow 8) Most widely used: Linux/Unix based web hosting is most widely used compared to Windows based web hosting, hence greater choice in choosing a web host. 9) Scalability: Usually, a web site starts with a few pages of html and grows over a period of time to suit the customer requirements. It is preferable to design a web site keeping this requirement in mind. A web site designed for compatibility with a Linux/Unix based web server meets the scalability requirement easily without making any wide design changes. 10) The Performance Advantage: Aside from being free, the Linux OS and it applications are also widely commended for their performance which regards to their stability compared to other operating systems. With all other factors of web hosting such as power supply and administrative skills equal, a one on one comparison between Linux and Windows will show that Linux provides better reliability with its stability and higher uptime. 11) Online support: Comprehensive service offerings, up to 24x7 support with 1-hour response, available from Red Hat and selected ISV/OEM partners. 12) Compatibility: with old machines that is almost obsolete. But not all hardware is compatible with Linux. The latest and greatest hardware being produced today is not yet compatible with Linux. But the developers are only able to contribute to the code program as soon as they gain access to the new hardware, when they have proper funding and time 13) Security: Under the GNU/GPL we have access to the source code so we can modify the system to change the security level from a generalized form to a more customized version. Also, the security features used by the distribution use the latest cryptographic algorithms in trend. Linux server configuration, administration and network security for the Computer Science Department, SRMCEM, Lucknow. 4 CS Department, SRMGPC, Lucknow CHAPTER 3 3.1 System analysis System analysis is an important activity that takes place when new information system is being built or existing ones are changed. Its most crucial role is in defining user requirements. The basic aim of problem analysis is to obtain a clear understanding of the needs of the client and the user, what exactly is desired from the system and what the constraints on the solution are. ‗lconf‘ is a system which undertakes to automate the configuration of the Linux server. 3.2 Identification of the need Managing a users‘ account and configuring a Linux server involves a lot of mundane activities which, in spite of being boring, are very essential. When all these done manually, invest a lot of man hours which can be used in a more productive manner to improve the quality of production. Moreover, the efficiency and dependability of machines and ease of information retrieval on demand cannot be ignored. There are an ever growing number of companies, institutes and an ever growing number of individual users in them. As the number of users increase, the data to be handled by the system becomes larger and larger requiring automation. Drawbacks in the existing systems: 1) Institutes still rely on manual working. 2) People are in a habit of doing the work on papers. 3) People still use outdated methods of sharing and transferring data. Linux server configuration, administration and network security for the Computer Science Department, SRMCEM, Lucknow. 5 CS Department, SRMGPC, Lucknow Advantages of the using a server: 1) Data storage becomes safer and easier with centrally based server. 2) Users are able to access the personal accounts on the server through any windows or Linux based system. 3) Less chances of data loss. 4) User accounts are highly safe and high end security is provided. 5) Interaction between the users is very easy. Users ca share data through the SAMBA sharing server and can even send mail messages to the other users of the system through the sendmail server in association with squirrelmail. 3.3 Preliminary investigation Preliminary investigation is one of the activities of system development life cycle. It is the first step in the system development life cycle, which determines the feasibility of the system. The purpose of preliminary investigation is to evaluate project requests. Preliminary investigation is collection of information that helps committee members to evaluate the merits of the project request and make informed judgments about the feasibility of the proposed project. Analysts working on the preliminary investigation should accomplish the following objectives:  Clarify and understand the project.  Determine the size of the project.  Assess costs and benefits of alternative approaches.  Determine the technical feasibility of alternative approaches.  Report the finding to the management, with recommendations outlining acceptance or rejection of the proposal. 3.4 Conducting the preliminary investigation Interviews allow the analysts to learn more about the nature of the project request and reason of submitting it. Interviews should provide details that further explain the project and show whether assistance is merited economically, operationally or technically. One Linux server configuration, administration and network security for the Computer Science Department, SRMCEM, Lucknow. 6 CS Department, SRMGPC, Lucknow of the most important points about interviewing is that what question you need to ask. Before requirements can be analyzed, modeled, or specified they are gathered through an elicitation process. Context free questions were asked to the management people belonging to different institutes regarding how they would characterize a good output that would generate a successful solution, what kind of problems will this solution address, how they describe the environment in which the solution will be used, and will special performance issues or constraints affect the way the solution is approached. 3.5 Normal requirements The objective and goals are stated for a product or system during meetings with the client. If these requirements are present, the client is satisfied. Examples of normal requirements might be requested types of graphical displays, specific system functions and defined levels of performance. 3.6 Expected requirements These requirements are implicit to the product or system and may be so fundamental that the customer does not state them. There absence will be a cause for significance dissatisfaction. Examples of expected requirements are: ease of human/machine interaction, overall operational correctness and reliability, and should be upgradable to incorporate new features. It should be expandable, should have fastest possible response while processing queries, reports and updates. 3.7 Exciting requirements These features go beyond the customer‘s expectations and prove to be very satisfying when present. Linux server configuration, administration and network security for the Computer Science Department, SRMCEM, Lucknow. 7 CS Department, SRMGPC, Lucknow 3.8 Security requirements: The following security requirements are considered in the project. 1. User Level Authentication 2. Restricted Menu access 3.9 Feasibility study Once the problem is clearly understood, the next step is to conduct feasibility study, which is high-level capsule version of the entered systems and design process. The objective is to determine whether or not the proposed system is feasible. The three tests of feasibility have been carried out:  Technical Feasibility  Economical Feasibility  Operational Feasibility 3.9.1 Technical feasibility In technical feasibility study, one has to test whether the proposed system can be developed using existing technology or not. It is planned to implement the proposed system using dot net technology. It is evident that the necessary hardware and software are available for development and implementation of the proposed system. Hence, the solution is technically feasible. 3.9.2 Economical feasibility As part of this, the costs and benefits associated with the proposed system compared and the project is economically feasible only if tangible or intangible benefits outweigh costs. The system development costs will be significant. So the proposed system is economically feasible. Linux server configuration, administration and network security for the Computer Science Department, SRMCEM, Lucknow. 8 CS Department, SRMGPC, Lucknow 3.9.3 Operational feasibility It is a standard that ensures interoperability without stifling competition and innovation among users, to the benefit of the public both in terms of cost and service quality. The proposed system is acceptable to users. So the proposed system is operationally feasible. Linux server configuration, administration and network security for the Computer Science Department, SRMCEM, Lucknow. 9 CS Department, SRMGPC, Lucknow CHAPTER 4 Hardware and Software requirements Department main server Intel Pentium 4 3.06 MHz processor 80 GB HDD 2 GB DDR RAM Redhat 5.1 with 5.4 kernel patch RAID partitioned Department backup server Intel Pentium Dual Core 1.8 MHz processor 320 GB HDD 2 GB DDR RAM Redhat 5.4 LVM managed Department faculty server Intel Pentium 4 3.06 MHz processor 80 GB HDD 2.5 GB DDR RAM CentOS 5.5 with RAID and LVM managed Linux server configuration, administration and network security for the Computer Science Department, SRMCEM, Lucknow. 10 CS Department, SRMGPC, Lucknow CHAPTER 5 5.1 Server configuration The lconf modules have been written to minimize the efforts of configuring the servers through manual entries into the configuration files. The modules of the lconf package include the following modules listed below: Disk partitioning RAID management Group and user creation YUM server configuration Web server configuration SSL configuration Mail server configuration Mail certificate generation TELNET server configuration SYSLOG server configuration VNC server configuration SSHD server configuration DNS master configuration KERBEROS server configuration POSTFIX server configuration FTP server configuration DHCP server configuration SQUID server configuration NIS server configuration NFS server configuration PAM server configuration Linux server configuration, administration and network security for the Computer Science Department, SRMCEM, Lucknow. 11 CS Department, SRMGPC, Lucknow CRON server configuration The modules for the client machines include the following: NIS client configuration both automatic and manual NFS client configuration both automatic and manual Backup configuration SYSLOG client configuration SSH client configuration 5.2 YUM server configuration YUM is an interactive, rpm based, package manager. It can automatically perform system updates, including dependency analysis and obsolete processing based on "repository" metadata. It can also perform installation of new packages, removal of old packages and perform queries on the installed and/or available packages among many other commands/services (see below). YUM is similar to other high level package managers like apt-get and smart. While there are some graphical interfaces directly to the yum code, more recent graphical interface development is happening with Package Kit and the gnome-package kit application. Copy the whole setup of lconf to the / file system directory. Open the yum.repos.d directory and create a new file with the extension as .repo inside the /etc/yum.repos.d directory. The default directory path can be changed through the /etc/yum.conf file. [root@CS-Dept-Server ~]#vim /etc/yum.conf in /etc/yum.repos.d changing the above path results in the change in the default /etc/yum.repos.d directory and server repository can be made inside any other directory as required. Linux server configuration, administration and network security for the Computer Science Department, SRMCEM, Lucknow. 12 CS Department, SRMGPC, Lucknow [root@CS-Dept-Server ~]#vim /etc/yum.repos.d/server.repo [server] name=server baseurl=file:///yum_data/Server enabled=1 gpgcheck=0 Install the createrepo rpm which resides in the data copied from the DVD. Make the central repository by the following command. The command shown below creates the rpm repository for the central server. [root@CS-Dept-Server ~]#createrepo /lconf/network_installation_data/Server In order to check the proper working of the server use the commands given below: [root@CS-Dept-Server ~]#yum clean all The above command cleans up the temporary files from the yum server repository. Linux server configuration, administration and network security for the Computer Science Department, SRMCEM, Lucknow. 13 CS Department, SRMGPC, Lucknow [root@CS-Dept-Server ~]#yum list all The command lists all the packages residing in the yum repository. [root@CS-Dept-Server ~]#yum install [root@CS-Dept-Server ~]# yum remove 5.3 YUM client configuration Open the yum.repos.d directory and create a new file with the extension as .repo, this .repo file must reside in /etc/yum.repos.d/. [root@CS-Dept-Server ~]#vim /etc/yum.repos.d/client.repo [client] name=client baseurl=ftp://server.cs.dept/pub/Server or baseurl=http://server.cs.dept/Server enabled=1 gpgcheck=0 Linux server configuration, administration and network security for the Computer Science Department, SRMCEM, Lucknow. 14 CS Department, SRMGPC, Lucknow 5.4 Secure shell server configuration SSH is a program for logging into a remote machine and for executing commands on a remote machine. It is intended to replace rlogin and rsh, and provide secure encrypted communications between two untrusted hosts over an insecure network. X11 connections and arbitrary TCP ports can also be forwarded over the secure channel ssh connects and logs into the specified hostname (with optional user name). The user must prove his/her identity to the remote machine using one of several methods depending on the protocol version used. If command is specified, it is executed on the remote host instead of a login shell. SSH server configuration file is sshd_config ,can be found in /etc/ssh/ [root@CS-Dept-Server ~]#vim /etc/ssh/sshd_config Port 22 Protocol 2 SyslogFacility AUTHPRIV LoginGraceTime 2m PermitRootLogin no StrictModes yes MaxAuthTries 3 RSAAuthentication yes PubkeyAuthentication yes AuthorizedKeysFile .ssh/authorized_keys RhostsRSAAuthentication yes HostbasedAuthentication yes IgnoreUserKnownHosts no IgnoreRhosts no PasswordAuthentication yes ChallengeResponseAuthentication no GSSAPIAuthentication yes Linux server configuration, administration and network security for the Computer Science Department, SRMCEM, Lucknow. 15 CS Department, SRMGPC, Lucknow GSSAPICleanupCredentials yes #UsePAM no UsePAM yes AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT AcceptEnv LC_IDENTIFICATION LC_ALL AllowTcpForwarding no X11Forwarding no PermitUserEnvironment no PermitTunnel no Banner /lconf/sshd-banner Subsystem sftp /usr/libexec/openssh/sftp-server DenyUsers root DenyGroups root To restart/start/stop the ssh service type following: [root@CS-Dept-Server ~]#chkconfig sshd on|off [root@CS-Dept-Server ~]#service sshd restart|start|stop [root@localhost ~]# service sshd restart Stopping sshd: [ OK ] Starting sshd: [ OK ] [root@localhost ~]# service sshd status openssh-daemon (pid 5065) is running... Linux server configuration, administration and network security for the Computer Science Department, SRMCEM, Lucknow. 16 CS Department, SRMGPC, Lucknow 5.5 Secure shell client configuration SSH (SSH client) is a program for logging into a remote machine and for executing commands on a remote machine. The above figure shows the view of a personal user account on the server accessed through the third party client software. Linux server configuration, administration and network security for the Computer Science Department, SRMCEM, Lucknow. 17 CS Department, SRMGPC, Lucknow View of the year vise grouping of user accounts on the server accessed through the client. Linux server configuration, administration and network security for the Computer Science Department, SRMCEM, Lucknow. 18 CS Department, SRMGPC, Lucknow 5.6 Kerberos KDC Configuration The Kerberos system authenticates individual users in a network environment. After authenticating yourself to Kerberos, you can use network utilities such as rlogin, rcp, and rsh without having to present passwords to remote hosts and without having to bother with .rhosts files. [root@CS-Dept-Server ~]#yum install krb5* readline* -y [root@CS-Dept-Server ~]#vim /etc/krb5.conf [libdefaults] default_realm = LCONF.COM dns_lookup_realm = false dns_lookup_kdc = false ticket_lifetime = 24h forwardable = yes Linux server configuration, administration and network security for the Computer Science Department, SRMCEM, Lucknow. 19 CS Department, SRMGPC, Lucknow [realms] LCONF.COM = { kdc = server.lconf.com:88 admin_server = server.lconf.com:749 default_domain = lconf.com } [domain_realm] .example.com = LCONF.COM example.com = LCONF.COM [appdefaults] pam = { debug = false ticket_lifetime = 36000 renew_lifetime = 36000 forwardable = true krb4_convert = false validate = true } [root@CS-Dept-Server ~]#vim /var/Kerberos/krb5kdc/kdc.conf [realms] SERVER.LCONF.COM = { Master_key_type = des3-hmac-sha1 default_principal_flags = +preauth - - } Linux server configuration, administration and network security for the Computer Science Department, SRMCEM, Lucknow. 20 CS Department, SRMGPC, Lucknow [root@CS-Dept-Server ~]#vim /var/Kerberos/krb5kdc/kadm5.acl */admin@SERVER.LCONF.COM * [root@CS-Dept-Server ~]#kdb5_util create –s –r SERVER.LCONF.COM #kdmin.local #:list_princs #:addprinc –pw lconf root/admin #:addprinc #:ktadd –k /var/Kerberos/krb5kdc/kadm5.keytab kadmin/admin #: ktadd –k /var/Kerberos/krb5kdc/kadm5.keytab kadmin/changepw #:addprinc –randkey host/server.lconf.com [root@CS-Dept-Server ~]#service krb5kdc restart [root@CS-Dept-Server ~]#service kadmin restart 5.7 Pluggable Authentication Modules (PAM) Configuration Linux-PAM is a system of libraries that handle the authentication tasks of applications (services) on the system. The library provides a stable general interface (Application Programming Interface - API) that privilege granting programs (such as login(1) and su(1)) defer to to perform standard authentication tasks. The principal feature of the PAM approach is that the nature of the authentication is dynamically configurable. In other words, the system administrator is free to choose how individual service-providing applications will authenticate users. This dynamic configuration is set by the contents of the single Linux-PAM configuration file /etc/pam.conf. Alternatively, the configuration can be set by individual configuration files located in the /etc/pam.d/ directory. The presence of this directory will cause Linux-PAM to ignore /etc/pam.conf. Linux server configuration, administration and network security for the Computer Science Department, SRMCEM, Lucknow. 21 CS Department, SRMGPC, Lucknow The /etc/pam.d/gdm file entries to stop root login into the system The /etc/pam.d/gdm-passwd file entrie to stop the root login. Linux server configuration, administration and network security for the Computer Science Department, SRMCEM, Lucknow. 22 CS Department, SRMGPC, Lucknow 5.8 NIS Server configuration The Network Information Service (NIS) is an RPC service, called ypserv, which is used in conjunction with portmap and other related services to distribute maps of usernames, passwords, and other sensitive information to any computer claiming to be within its domain. Installing the NIS server package through the yum installer. [root@CS-Dept-Server ~]#yum install ypserv* -y Make changes in the /etc/sysconfig/network file to specify the NIS domain by adding the line in the end as shown: NISDOMAIN= For an example: NISDOMAIN=lconf Create a new user and give it a password. useradd –g -d -m passwd Make entries in the /etc/exports file as shown below on the server. The file shown below contains the directories which are to be exported through the portmap service to the client machines / / (rw,sync) For an example: /rhome/lconf/ 10.10.10.45/255.255.255.0(rw,sync) Run the following command on the terminal and type control+d when prompted followed by a y for yes. Linux server configuration, administration and network security for the Computer Science Department, SRMCEM, Lucknow. 23 CS Department, SRMGPC, Lucknow [root@CS-Dept-Server ~]#/usr/lib/yp/ypinit -m At this point, we have to construct a list of the hosts which will run NIS servers. server.cs.dept is in the list of NIS server hosts. Please continue to add the names for the other hosts, one per line. When you are done with the list, type a . next host to add: server.cs.dept next host to add: The current list of NIS servers looks like this: server.cs.dept Is this correct? [y/n: y] y We need a few minutes to build the databases... Building /var/yp/lconf2/ypservers... Running /var/yp/Makefile... gmake[1]: Entering directory `/var/yp/lconf' Updating passwd.byname... Updating passwd.byuid... Updating group.byname... Updating group.bygid... Updating hosts.byname... Updating hosts.byaddr... Updating rpc.byname... Updating rpc.bynumber... Updating services.byname... Updating services.byservicename... Updating netid.byname... Updating protocols.bynumber... Updating protocols.byname... Updating mail.aliases... gmake[1]: Leaving directory `/var/yp/lconf' Linux server configuration, administration and network security for the Computer Science Department, SRMCEM, Lucknow. 24 CS Department, SRMGPC, Lucknow server.cs.dept has been set up as a NIS master server. Now you can run ypinit -s server.cs.dept on all slave server. Restart the ypbind, portmap, nfs services on the server. When NIS is configured through the lconf module then the following prompt arrives. Various options are asked by the user to correctly configure the NIS server Linux server configuration, administration and network security for the Computer Science Department, SRMCEM, Lucknow. 25 CS Department, SRMGPC, Lucknow 5.9 NIS Client Configuration For NIS client configuration the following procedures have to be followed: NOTE- The NIS client can only be on a Linux based system. Open the terminal and open the authentication services by the following command Enter the information about the NIS domain and the ip address of the NIS domain Linux server configuration, administration and network security for the Computer Science Department, SRMCEM, Lucknow. 26 CS Department, SRMGPC, Lucknow On clicking the OK button the following services are called as shown in the figure below Linux server configuration, administration and network security for the Computer Science Department, SRMCEM, Lucknow. 27 CS Department, SRMGPC, Lucknow Now edit the auto.master file in the /etc folder and provide the following entries. / / /etc/auto.misc For example /rhome/lconf/ /etc/auto.misc Linux server configuration, administration and network security for the Computer Science Department, SRMCEM, Lucknow. 28 CS Department, SRMGPC, Lucknow Edit the /etc/auto.misc and add the following entries to the file Linux server configuration, administration and network security for the Computer Science Department, SRMCEM, Lucknow. 29 CS Department, SRMGPC, Lucknow Try to login into the NIS user as shown below: [root@CS-Dept-Server ~]#su - lconf [lconf@ CS-Dept-Server ~]$ 5.10 NFS Server Configuration Network file system is used for the sharing of data between the server and the clients where the clients are Linux machines themselves. NFS folders are also used in the installation of the Linux operating system through the network. Make entries in the /etc/exports file as shown below / / (rw,sync) For an example: /var/ftp/pub/ 10.10.10.45/255.255.255.0 (rw,sync) Linux server configuration, administration and network security for the Computer Science Department, SRMCEM, Lucknow. 30 CS Department, SRMGPC, Lucknow Type the following command to check the proper working of the NFS sharing [root@CS-Dept-Server ~]#showmount –e 10.10.15.39 Export list for 10.10.15.39: /var/ftp/pub 10.10.10.45/255.255.255.0 Now open the auto.master file in the /etc folder and provide the following entries / /etc/auto.misc For example /var/ftp/pub/ /etc/auto.misc Linux server configuration, administration and network security for the Computer Science Department, SRMCEM, Lucknow. 31 CS Department, SRMGPC, Lucknow Edit the /etc/auto.misc and add the following entries to the file Linux server configuration, administration and network security for the Computer Science Department, SRMCEM, Lucknow. 32 CS Department, SRMGPC, Lucknow Restart the portmap and the autofs services on the client machines. 5.11 Telnet Server Configuration The telnet command is used to communicate with another host using the TELNET protocol. If telnet is invoked without the host argument, it enters command mode, indicated by its prompt (telnet>). In this mode, it accepts and executes the commands listed below. If it is invoked with arguments, it performs an open command with those arguments. Linux server configuration, administration and network security for the Computer Science Department, SRMCEM, Lucknow. 33 CS Department, SRMGPC, Lucknow Install the telnet and the xinetd packages. [root@CS-Dept-Server ~]#yum install xinetd* telnet* -y Make the changes in the /etc/xinetd.d/telnet file for allowing access to the telnet service via remote clients (changes are shown in bold) service telnet { flags = REUSE socket_type = stream wait = no user = root server = /usr/sbin/in.telnetd log_on_failure += USERID disable = no } Restrict the telnet services to limited users and groups through the /etc/xinetd.conf file as shown defaults { enabled = yes log_type = SYSLOG daemon info log_on_failure = HOST log_on_success = PID HOST DURATION EXIT only_from = 10.10.10.45 max_load = 10 cps = 50 10 Linux server configuration, administration and network security for the Computer Science Department, SRMCEM, Lucknow. 34 CS Department, SRMGPC, Lucknow instances = 50 per_source = 10 v6only = no groups = yes umask = 002 banner = Welcome to the Telnet Service from server.cs.dept banner_fail = Login failed please try again banner_success = Welcome to the Telnet Service from server.cs.dept group = lconf } includedir /etc/xinetd.d Restart the xinetd service on the server. When telnet is configured through the lconf module the following packages and entries are asked for by the program. User access and machine access is provided to the secured configuration of the telnet server. Linux server configuration, administration and network security for the Computer Science Department, SRMCEM, Lucknow. 35 CS Department, SRMGPC, Lucknow Linux server configuration, administration and network security for the Computer Science Department, SRMCEM, Lucknow. 36 CS Department, SRMGPC, Lucknow 5.12 Telnet Client Configuration [root@CS-Dept-Backup-Server ~]# telnet 10.10.15.39 Trying 10.10.15.39... Connected to 10.10.15.39 (10.10.15.39). Escape character is '^]'. Red Hat Enterprise Linux Server release 5.4 (Tikanga) Kernel 2.6.18-164.el5 on an i386 login: lconf Password: [lconf@CS-Dept-Server ~]$ 5.13 Syslog Server Configuration The syslog server helps in the logging of the messages from one system to the other. These messages might be in the form of error or service log messages. The syslog server is an important part of the project as it helps in keeping a watch on the activities done on the main server. Edit the file in /etc/sysconfig/syslog and make following changes SYSLOGD_OPTIONS="-m 0 -r" KLOGD_OPTIONS="-2" Restart the syslog service through following commands: [root@CS-Dept-Server ~]#chkconfig syslog restart [root@CS-Dept-Server ~]#service syslog restart When configuring through the lconf module the following is seen Linux server configuration, administration and network security for the Computer Science Department, SRMCEM, Lucknow. 37 CS Department, SRMGPC, Lucknow 5.14 Syslog Client Configuration The syslog client is used to store the log messages of the server. All the error messages or the service restart messages are logged on to the syslog client. Edit the file /etc/hosts loghost For example: 10.10.15.39 10.10.15.39 CS-Dept-Server lconf Linux server configuration, administration and network security for the Computer Science Department, SRMCEM, Lucknow. 38 CS Department, SRMGPC, Lucknow Make the following entry in /etc/syslog.conf [root@CS-Dept-Server ~]#chkconfig syslog restart [root@CS-Dept-Server ~]#service syslog restart Linux server configuration, administration and network security for the Computer Science Department, SRMCEM, Lucknow. 39 CS Department, SRMGPC, Lucknow 5.15 FTP Server Configuration File Transfer Protocol (FTP) is one of the oldest and most commonly used protocols found on the Internet today. Its purpose is to reliably transfer files between computer hosts on a network without requiring the user to log directly into the remote host or have knowledge of how to use the remote system. It allows users to access files on remote systems using a standard set of simple commands. Install the package vsftpd package through following command: [root@CS-Dept-Server ~]#yum install vsftpd* -y Go to the ftp configuration file /etc/vsftpd/vsftpd.conf and make changes as shown in bold: Linux server configuration, administration and network security for the Computer Science Department, SRMCEM, Lucknow. 40 CS Department, SRMGPC, Lucknow The automatic configuration of the ftp server through the lconf module is shown below, the module asks for the machines to be denied access to the server and even the maximum number of concurrent accesses to the server. The file uploading speed is also maintained through the ftp configuration. Linux server configuration, administration and network security for the Computer Science Department, SRMCEM, Lucknow. 41 CS Department, SRMGPC, Lucknow 5.16 Sendmail Server Configuration The sendmail is an MTA which is used to send email messages from one user to the other user. Install Sendmail package through yum [root@CS-Dept-Server ~]#yum install sendmail* -y Linux server configuration, administration and network security for the Computer Science Department, SRMCEM, Lucknow. 42 CS Department, SRMGPC, Lucknow Make changes in /etc/mail/sendmail.mc as shown in highlighted: Add the comments to the line containing the following entries as shown below in the first bold. Daemon _Option (‘port=smtp,Addr=127.0.0.1, Name=MTA’) dnl dnl # Daemon _Option (‘port=smtp,Addr=127.0.0.1, Name=MTA’) dnl Compile the Sendmail.mc file to Sendmail.cf through following command: [root@CS-Dept-Server ~]#chkconfig sendmail on [root@CS-Dept-Server ~]#service sendmail restart Linux server configuration, administration and network security for the Computer Science Department, SRMCEM, Lucknow. 43 CS Department, SRMGPC, Lucknow The lconf configuration is shown in the figure below Linux server configuration, administration and network security for the Computer Science Department, SRMCEM, Lucknow. 44 CS Department, SRMGPC, Lucknow Linux server configuration, administration and network security for the Computer Science Department, SRMCEM, Lucknow. 45 CS Department, SRMGPC, Lucknow 5.17 Samba Server Configuration Samba is a powerful and versatile server application. Even seasoned system administrators must know its abilities and limitations before attempting installation and configuration. Install the samba package by following command: [root@CS-Dept-Server ~]#yum install samba* -y Append the following entries in /etc/samba/smb.conf file Provide password for the samba users by following command: smbpasswd –a for example: [root@CS-Dept-Server ~]#smbpasswd -a samba Restart the samba services by following command : [root@CS-Dept-Server ~]#chkconfig smb on [root@CS-Dept-Server ~]#service smb restart SAMBA server works as an alternative to DC++ server client in a much complex way. The server has a SAMBA datacenter deployed through which students can faculty members can easily exchange data through the network. Students and faculty members have been provided with different login IDs and passwords thus making the transactions secure. SAMBA can also be provided with Kerberos engines which will be discussed latter in the sections. Linux server configuration, administration and network security for the Computer Science Department, SRMCEM, Lucknow. 46 CS Department, SRMGPC, Lucknow Linux server configuration, administration and network security for the Computer Science Department, SRMCEM, Lucknow. 47 CS Department, SRMGPC, Lucknow Login prompt for SAMBA service on windows environment. 5.18 Squid Server Configuration Squid is a high-performance proxy caching server for web clients, supporting FTP, gopher, and HTTP data objects. Unlike traditional caching software, squid handles all requests in a single, non-blocking, I/O-driven process. Squid keeps meta data and especially hot objects cached in RAM, caches DNS lookups, supports non-blocking DNS lookups, and implements negative caching of failed requests. Squid supports SSL, extensive access controls, and full request logging. By using the lightweight Internet Cache Protocol, squid caches can be arranged in a hierarchy or mesh for additional bandwidth savings. Install the squid package through the YUM installer. [root@CS-Dept-Server ~]#yum install squid * -y Linux server configuration, administration and network security for the Computer Science Department, SRMCEM, Lucknow. 48 CS Department, SRMGPC, Lucknow Open the file /etc/squid/squid.conf and make following changes: acl myacl dstdomain .cs.dept http_access allow myacl http_port 8080 http_access deny all Restart the service of squid server by following command : [root@CS-Dept-Server ~]#chkconfig squid on [root@CS-Dept-Server ~]#service squid restart Linux server configuration, administration and network security for the Computer Science Department, SRMCEM, Lucknow. 49 CS Department, SRMGPC, Lucknow 5.19 HTTP/HTTPS Server Configuration Web server configuration resides in /etc/httpd/conf/httpd.conf and ssl certificates can be made through the /etc/httpd/conf.d/ssl.conf file. Ssl certificates improve the security of the web server as well as provides the second level password for the server login. Install the HTTP package named httpd by following command : [root@CS-Dept-Server ~]#yum install httpd* -y Place your html files in file named /var/www/html/ Go to the file /httpd.conf in /etc/httpd/conf/httpd.conf and add the following entries as shown in coloured. Linux server configuration, administration and network security for the Computer Science Department, SRMCEM, Lucknow. 50 CS Department, SRMGPC, Lucknow Install mod_ssl package through yum as shown below: [root@CS-Dept-Server ~]#yum install mod_ssl* - y Make the following changes in /etc/httpd/conf.d/ssl.conf Make the certificate through the following command shown below [root@CS-Dept-Server ~]#make -C /etc/pki/tls/certs/ lconf.crt Move the key file to /etc/pki/tls/private/ from /etc/pki/tls/certs Restart the service httpd service by following command : [root@CS-Dept-Server ~]#chkconfig httpd on Linux server configuration, administration and network security for the Computer Science Department, SRMCEM, Lucknow. 51 CS Department, SRMGPC, Lucknow [root@CS-Dept-Server ~]#service httpd restart Linux server configuration, administration and network security for the Computer Science Department, SRMCEM, Lucknow. 52 CS Department, SRMGPC, Lucknow Linux server configuration, administration and network security for the Computer Science Department, SRMCEM, Lucknow. 53 CS Department, SRMGPC, Lucknow Linux server configuration, administration and network security for the Computer Science Department, SRMCEM, Lucknow. 54 CS Department, SRMGPC, Lucknow 5.20 POP/POPS/IMAP/IMAPS Server Configuration The above server is configured so as to provide access through the squirrel mail and also provides a certificate for the mail server. Install the package dovecot package through following command : [root@CS-Dept-Server ~]#yum install dovecot* -y Go to the file /etc/dovecot.conf and remove the comment from the line Protocols = imap imaps pops pop3s And edit the entry showing the ssl_cert_file and ssl_key_file. Linux server configuration, administration and network security for the Computer Science Department, SRMCEM, Lucknow. 55 CS Department, SRMGPC, Lucknow Linux server configuration, administration and network security for the Computer Science Department, SRMCEM, Lucknow. 56 CS Department, SRMGPC, Lucknow Enter the details for the certificate when asked for after typing the following command. [root@CS-Dept-Server ~]#make -C /etc/pki/tls/certs/ dovecot.pem make: Entering directory `/etc/pki/tls/certs' umask 77 ; \ PEM1=`/bin/mktemp /tmp/openssl.XXXXXX` ; \ PEM2=`/bin/mktemp /tmp/openssl.XXXXXX` ; \ /usr/bin/openssl req -utf8 -newkey rsa:1024 -keyout $PEM1 -nodes -x509 -days 365 -out $PEM2 -set_serial 0 ; \ cat $PEM1 > dovecot.pem ; \ echo "" >> dovecot.pem ; \ cat $PEM2 >> dovecot.pem ; \ rm -f $PEM1 $PEM2 Generating a 1024 bit RSA private key ................................++++++ ..++++++ writing new private key to '/tmp/openssl.HHYdjX' - You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. - Country Name (2 letter code) [GB]:IN State or Province Name (full name) [Berkshire]:UP Locality Name (eg, city) [Newbury]:LKO Organization Name (eg, company) [My Company Ltd]:lconf Organizational Unit Name (eg, section) []:lconf Linux server configuration, administration and network security for the Computer Science Department, SRMCEM, Lucknow. 57 CS Department, SRMGPC, Lucknow Common Name (eg, your name or your server's hostname) []:lconf Email Address []:admin@lconf.com make: Leaving directory `/etc/pki/tls/certs' Restart the dovecot service by following command: [root@CS-Dept-Server ~]#chkconfig dovecot on [root@CS-Dept-Server ~]#service dovecot restart Linux server configuration, administration and network security for the Computer Science Department, SRMCEM, Lucknow. 58 CS Department, SRMGPC, Lucknow When dovecot certificate is created through the lconf module the process is much easier as compared to the manual configuration. Linux server configuration, administration and network security for the Computer Science Department, SRMCEM, Lucknow. 59 CS Department, SRMGPC, Lucknow 5.21 Squirrelmail configuration Squirrelmail provides a graphical interface for the users to access their mail boxes. Easy install with the Sendmail server module Linux server configuration, administration and network security for the Computer Science Department, SRMCEM, Lucknow. 60 CS Department, SRMGPC, Lucknow Root login disabled through the Squirrelmail GUI. Linux server configuration, administration and network security for the Computer Science Department, SRMCEM, Lucknow. 61 CS Department, SRMGPC, Lucknow 5.22 DHCP Server Configuration The Internet Systems Consortium DHCP Server, dhcpd, implements the Dynamic Host Configuration Protocol (DHCP) and the Internet Bootstrap Protocol (BOOTP). DHCP allows hosts on a TCP/IP network to request and be assigned IP addresses, and also to discover information about the network to which they are attached. BOOTP provides similar functionality, with certain restrictions. The DHCP protocol allows a host which is unknown to the network administrator to be automatically assigned a new IP address out of a pool of IP addresses for its network. In order for this to work, the network administrator allocates address pools in each subnet and enters them into the dhcpd.conf file. On startup, dhcpd reads the dhcpd.conf file and stores a list of available addresses on each subnet in memory. When a client requests an address using the DHCP protocol, dhcpd allocates an address for it. Each client is assigned a lease, which expires after an amount of time chosen by the administrator (by default, one day). Before leases expire, the clients to which leases are assigned are expected to renew them in order to continue to use the addresses. Once a lease has expired, the client to which that lease was assigned is no longer permitted to use the leased IP address. In order to keep track of leases across system reboots and server restarts, dhcpd keeps a list of leases it has assigned in the dhcpd.leases file. Before dhcpd grants a lease to a host, it records the lease in this file and makes sure that the contents of the file are flushed to disk. This ensures that even in the event of a system crash, dhcpd will not forget about a lease that it has assigned. On startup, after reading the dhcpd.conf file, dhcpd reads the dhcpd.leases file to refresh its memory about what leases have been assigned. Install the dhcp packages namely dhcpd through the yum installer. [root@CS-Dept-Server ~]#yum install dhcpd* -y Edit the /etc/dhcpd.conf file to for allowing ip address to the computers on the network. ddns-update-style none; Linux server configuration, administration and network security for the Computer Science Department, SRMCEM, Lucknow. 62 CS Department, SRMGPC, Lucknow option space PXE; subnet 192.168.0.0 netmask 255.255.255.0 { class "virtual" { match if substring (hardware, 1, 3) = 00:16:3e or substring (hardware, 1, 3) = 00:16:36; } class "microsoft-clients" { match if substring(option vendor-class-identifier,0,4) = "MSFT"; } class "PXE" { match if substring(option vendor-class-identifier, 0, 9) = "PXEClient"; option vendor-encapsulated-options 01:04:00:00:00:00:ff; option boot-size 0x1; filename "pxelinux.0"; option tftp-server-name "instructor.example.com"; option vendor-class-identifier "PXEClient"; vendor-option-space PXE; } option routers 192.168.0.254; option subnet-mask 255.255.255.0; option domain-name "example.com"; option domain-name-servers 192.168.0.254; default-lease-time 21600; max-lease-time 43200; pool { allow members of "PXE"; range 192.168.0.81 192.168.0.100; } pool { allow members of "virtual"; Linux server configuration, administration and network security for the Computer Science Department, SRMCEM, Lucknow. 63 CS Department, SRMGPC, Lucknow range 192.168.0.61 192.168.0.80; } pool { deny members of "virtual"; deny members of "microsoft-clients"; deny members of "PXE"; range 192.168.0.1 192.168.0.20; } filename "/kickstart/workstation.cfg"; next-server instructor.example.com; } Restart the services to ensure the correct working of the dhcpd daemon. [root@CS-Dept-Server ~]#chkconfig dhcpd on [root@CS-Dept-Server ~]#service dhcpd restart Linux server configuration, administration and network security for the Computer Science Department, SRMCEM, Lucknow. 64 CS Department, SRMGPC, Lucknow 5.23 DNS Server Configuration All applications that provide communication between computers on the Internet use IP addresses to identify communicating hosts. However, IP addresses are difficult for human users to remember. That is why we use the name of a network interface instead of an IP address. For each IP address, there is a name of a network interface (computer)—or to be exact, a domain name. This domain name can be used in all commands where it is possible to use an IP address. (One exception, where only an IP address can be used, is the specification of an actual name server.) A single IP address can have several domain names affiliated with it. The configuration file for a resolver in the Linux operating system is /etc/resolv/conf. It usually contains two types of lines (the second command can be repeated several times): domain the name of the local domain nameserver IP address of name server If the user inserted the name without a dot at the end, the resolver will add the domain name from the domain command after the inserted name, and will try to transfer it to the name server for translation. If the translation is not performed (a negative answer has been received from the name server), the resolver will try to translate the actual name without the suffix from the domain command. Install the DNS packages through the yum installer [root@CS-Dept-Server ~]#yum install bind* caching-name* -y Copy the named.caching-nameserver.conf file in /var/named/chroot/etc to named.conf file in /var/named/chroot/etc directory [root@CS-Dept-Server ~]#cp –p /etc/named/chroot/etc/named.caching-nameserver.conf /var/named/chroot/etc/named.conf Linux server configuration, administration and network security for the Computer Science Department, SRMCEM, Lucknow. 65 CS Department, SRMGPC, Lucknow Edit the entries of the named.conf file stored under the directory /var/named/chroot/etc as shown in the below example: acl "internal1" { 10.10.14.0/24 ; 127.0.0.1; }; acl "internal2" { 10.10.15.0/24 ; 127.0.0.1; }; acl "internal3" { 10.10.16.0/24 ; 127.0.0.1; }; acl "internal4" { 10.10.17.0/24 ; 127.0.0.1; }; acl "internal5" { 10.10.18.0/24 ; 127.0.0.1; }; acl "internal6" { 10.10.10.0/24 ; 127.0.0.1; }; options { listen-on port 53 { 127.0.0.1; 10.10.15.39; }; listen-on-v6 port 53 { ::1; }; directory "/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt"; allow-query { internal1; internal2; internal3; internal4; internal5; internal6; }; allow-query-cache { localhost; }; }; logging { channel default_debug { file "data/named.run"; severity dynamic; }; }; view localhost_resolver { match-clients { localhost; }; match-destinations { localhost; }; recursion yes; include "/etc/named.rfc1912.zones"; }; Linux server configuration, administration and network security for the Computer Science Department, SRMCEM, Lucknow. 66 CS Department, SRMGPC, Lucknow view internal1 { match-clients { localhost; internal1; }; match-destinations { localhost; internal1; }; recursion yes; include "/etc/named.rfc1912.zones"; zone "cs.dept" IN { type master; file "forward1.zone"; allow-update { none; }; }; zone "14.10.10.in-addr.arpa" IN { type master; file "reverse1.zone"; allow-update { none; }; }; }; view internal2 { match-clients { localhost; internal2; }; match-destinations { localhost; internal2; }; recursion yes; include "/etc/named.rfc1912.zones"; zone "cs.dept" IN { type master; file "forward2.zone"; allow-update { none; }; }; zone "15.10.10.in-addr.arpa" IN { type master; file "reverse2.zone"; allow-update { none; }; }; Linux server configuration, administration and network security for the Computer Science Department, SRMCEM, Lucknow. 67 CS Department, SRMGPC, Lucknow }; view internal3 { match-clients { localhost; internal3; }; match-destinations { localhost; internal3; }; recursion yes; include "/etc/named.rfc1912.zones"; zone "cs.dept" IN { type master; file "forward3.zone"; allow-update { none; }; }; zone "16.10.10.in-addr.arpa" IN { type master; file "reverse3.zone"; allow-update { none; }; }; }; view internal4 { match-clients { localhost; internal4; }; match-destinations { localhost; internal4; }; recursion yes; include "/etc/named.rfc1912.zones"; zone "cs.dept" IN { type master; file "forward4.zone"; allow-update { none; }; }; zone "17.10.10.in-addr.arpa" IN { type master; file "reverse4.zone"; allow-update { none; }; Linux server configuration, administration and network security for the Computer Science Department, SRMCEM, Lucknow. 68 CS Department, SRMGPC, Lucknow }; }; view internal5 { match-clients { localhost; internal5; }; match-destinations { localhost; internal5; }; recursion yes; include "/etc/named.rfc1912.zones"; zone "cs.dept" IN { type master; file "forward5.zone"; allow-update { none; }; }; zone "18.10.10.in-addr.arpa" IN { type master; file "reverse5.zone"; allow-update { none; }; }; }; view internal6 { match-clients { localhost; internal6; }; match-destinations { localhost; internal6; }; recursion yes; include "/etc/named.rfc1912.zones"; zone "cs.dept" IN { type master; file "forward6.zone"; allow-update { none; }; }; zone "10.10.10.in-addr.arpa" IN { type master; file "reverse6.zone"; Linux server configuration, administration and network security for the Computer Science Department, SRMCEM, Lucknow. 69 CS Department, SRMGPC, Lucknow allow-update { none; }; }; }; Create the files for the forward zones in the /var/named/chroot/var/named/ directory as shown below: forward1.zone $TTL 86400 cs.dept. IN SOA server.cs.dept. root.server.cs.dept. ( 42 ; serial (d. adams) 3H ; refresh 15M ; retry 1W ; expiry 1D ) ; minimum @ IN NS server.cs.dept. cs.dept. IN A 10.10.15.39 IN AAAA ::1 Forward2.zone $TTL 86400 cs.dept. IN SOA server.cs.dept. root.server.cs.dept. ( 42 ; serial (d. adams) 3H ; refresh 15M ; retry 1W ; expiry 1D ) ; minimum @ IN NS server.cs.dept. cs.dept. IN A 10.10.15.39 Linux server configuration, administration and network security for the Computer Science Department, SRMCEM, Lucknow. 70 CS Department, SRMGPC, Lucknow IN AAAA ::1 Forward3.zone $TTL 86400 cs.dept. IN SOA server.cs.dept. root.server.cs.dept. ( 42 ; serial (d. adams) 3H ; refresh 15M ; retry 1W ; expiry 1D ) ; minimum @ IN NS server.cs.dept. cs.dept. IN A 10.10.15.39 IN AAAA ::1 Forward4.zone $TTL 86400 cs.dept. IN SOA server.cs.dept. root.server.cs.dept. ( 42 ; serial (d. adams) 3H ; refresh 15M ; retry 1W ; expiry 1D ) ; minimum @ IN NS server.cs.dept. cs.dept. IN A 10.10.15.39 IN AAAA ::1 Forward5.zone $TTL 86400 cs.dept. IN SOA server.cs.dept. root.server.cs.dept. ( Linux server configuration, administration and network security for the Computer Science Department, SRMCEM, Lucknow. 71 CS Department, SRMGPC, Lucknow 42 ; serial (d. adams) 3H ; refresh 15M ; retry 1W ; expiry 1D ) ; minimum @ IN NS server.cs.dept. cs.dept. IN A 10.10.15.39 IN AAAA ::1 Forward6.zone $TTL 86400 cs.dept. IN SOA server.cs.dept. root.server.cs.dept. ( 42 ; serial (d. adams) 3H ; refresh 15M ; retry 1W ; expiry 1D ) ; minimum @ IN NS server.cs.dept. cs.dept. IN A 10.10.15.39 IN AAAA ::1 Create the reverse files under the directory /var/named/chroot/var/named as shown below Reverse1.zone $TTL 86400 14.10.10.IN-ADDR.ARPA. IN SOA server.cs.dept. root.server.cs.dept.( 1997022700 ; Serial 28800 ; Refresh Linux server configuration, administration and network security for the Computer Science Department, SRMCEM, Lucknow. 72 CS Department, SRMGPC, Lucknow 14400 ; Retry 3600000 ; Expire 86400 ) ; Minimum @ IN NS server.cs.dept. 39.15.10.10.IN-ADDR.ARPA. IN PTR server.cs.dept. Reverse2.zone $TTL 86400 15.10.10.IN-ADDR.ARPA. IN SOA server.cs.dept. root.server.cs.dept.( 1997022700 ; Serial 28800 ; Refresh 14400 ; Retry 3600000 ; Expire 86400 ) ; Minimum @ IN NS server.cs.dept. 39.15.10.10.IN-ADDR.ARPA. IN PTR server.cs.dept. Reverse3.zone $TTL 86400 16.10.10.IN-ADDR.ARPA. IN SOA server.cs.dept. root.server.cs.dept.( 1997022700 ; Serial 28800 ; Refresh 14400 ; Retry 3600000 ; Expire 86400 ) ; Minimum @ IN NS server.cs.dept. 39.15.10.10.IN-ADDR.ARPA. IN PTR server.cs.dept. Reverse4.zone $TTL 86400 17.10.10.IN-ADDR.ARPA. IN SOA server.cs.dept. root.server.cs.dept.( Linux server configuration, administration and network security for the Computer Science Department, SRMCEM, Lucknow. 73 CS Department, SRMGPC, Lucknow 1997022700 ; Serial 28800 ; Refresh 14400 ; Retry 3600000 ; Expire 86400 ) ; Minimum @ IN NS server.cs.dept. 39.15.10.10.IN-ADDR.ARPA. IN PTR server.cs.dept. Reverse5.zone $TTL 86400 18.10.10.IN-ADDR.ARPA. IN SOA server.cs.dept. root.server.cs.dept.( 1997022700 ; Serial 28800 ; Refresh 14400 ; Retry 3600000 ; Expire 86400 ) ; Minimum @ IN NS server.cs.dept. 39.15.10.10.IN-ADDR.ARPA. IN PTR server.cs.dept. Reverse6.zone $TTL 86400 10.10.10.IN-ADDR.ARPA. IN SOA server.cs.dept. root.server.cs.dept.( 1997022700 ; Serial 28800 ; Refresh 14400 ; Retry 3600000 ; Expire 86400 ) ; Minimum @ IN NS server.cs.dept. 39.15.10.10.IN-ADDR.ARPA. IN PTR server.cs.dept. Assign static ip address to the machine and restart the DNS services through the following commands: Linux server configuration, administration and network security for the Computer Science Department, SRMCEM, Lucknow. 74 CS Department, SRMGPC, Lucknow [root@CS-Dept-Server ~]#chkconfig named on [root@CS-Dept-Server ~]#service named restart [root@CS-Dept-Server ~]#service named status Linux server configuration, administration and network security for the Computer Science Department, SRMCEM, Lucknow. 75 CS Department, SRMGPC, Lucknow Linux server configuration, administration and network security for the Computer Science Department, SRMCEM, Lucknow. 76 CS Department, SRMGPC, Lucknow 5.24 VNC Server Configuration VNC server is used to start a VNC (Virtual Network Computing) desktop. vncserver is a Perl script which simplifies the process of starting an Xvnc server. It runs Xvnc with appropriate options and starts some X applications to be displayed in the VNC desktop. vncserver can be run with no options at all. In this case it will choose the first available display number (usually :1), start Xvnc as that display, and run a couple of basic applications to get you started. Install the vnc server through yum repositories [root@CS-Dept-Server ~]#yum install vnc-server vnc –y Edit the file stored under /etc/sysconfig/vncserver to allow the users wishing to use the vnc server access. VNCSERVERS=" : ‖ For example: VNCSERVERS="1:lconf‖ VNCSERVERARGS[ ]="-geometry 1024x768 -depth 16‖ For example: VNCSERVERARGS[1]="-geometry 1024x768 -depth 16‖ Restart the vncserver services as shown below [root@CS-Dept-Server ~]#chkconfig vncserver on [root@CS-Dept-Server ~]#service vncserver restart Linux server configuration, administration and network security for the Computer Science Department, SRMCEM, Lucknow. 77 CS Department, SRMGPC, Lucknow 5.25 VNC Client Configuration Access the server‘s console through the command shown below: vncviewer : for example: vncviewer 10.10.15.39:5601 Linux server configuration, administration and network security for the Computer Science Department, SRMCEM, Lucknow. 78 CS Department, SRMGPC, Lucknow The above command when executed would require a password and would then show the console of the server. Linux server configuration, administration and network security for the Computer Science Department, SRMCEM, Lucknow. 79 CS Department, SRMGPC, Lucknow 5.26 Basic Administration Jobs Addition of group wise user accounts: The organized and structured storage of users data on the central server. The users are divided into year wise groups and thus faculties could easily check the student‘s data. [root@CS-Dept-Server ~]#groupadd [root@CS-Dept-Server ~]#useradd –g -d /username –m -p Linux server configuration, administration and network security for the Computer Science Department, SRMCEM, Lucknow. 80 CS Department, SRMGPC, Lucknow Automatic entry into a cron script. Linux server configuration, administration and network security for the Computer Science Department, SRMCEM, Lucknow. 81 CS Department, SRMGPC, Lucknow Extra permissions for the faculty accounts: The faculty profiles are provided with special privileges so that they can view the data stored by the students during their lab workings. [root@CS-Dept-Server ~]#setfacl –R –m u: : for example: setfacl –R –m u:cs4yr:rwx /home/fourth_year/ setfacl –R –m u:cs3yr:rwx /home/third_year/ setfacl –R –m u:cs2yr:rwx /home/second_year/ Linux server configuration, administration and network security for the Computer Science Department, SRMCEM, Lucknow. 82 CS Department, SRMGPC, Lucknow Automatic entry into the scheduling scripts through the lconf modules. Linux server configuration, administration and network security for the Computer Science Department, SRMCEM, Lucknow. 83 CS Department, SRMGPC, Lucknow Secured data storage: Each students profile is provided with passwords and students can access their accounts through the SSH2 protocol. The data is stored in software RAID so that mirroring is done. Thus if one disk fails then the data can be retrieved from the other disk. [root@CS-Dept-Server ~]#mdadm –C /dev/md0 –a yes –l 1 –n 2 /dev/sda{_,_} mdadm –C /dev/md0 –a yes –l 1 –n 2 /dev/sda{5,6} Linux server configuration, administration and network security for the Computer Science Department, SRMCEM, Lucknow. 84 CS Department, SRMGPC, Lucknow Entry into the /etc/fstab file for the new partition created. Linux server configuration, administration and network security for the Computer Science Department, SRMCEM, Lucknow. 85 CS Department, SRMGPC, Lucknow Regular synchronization of the backup server: Cron jobs have being deployed for the regular backups of the students data on a backup server. [root@CS-Dept-Backup-Server ~]#crontab -e 1 10 * * * scp -r -p -v root@10.10.15.39:/home/fourth_year /home/ 1 10 * * * scp -r -p -v root@10.10.15.39:/home/third_year /home/ 1 10 * * * scp -r -p -v root@10.10.15.39:/home/second_year /home/ 1 10 * * * scp -r -p -v root@10.10.15.39:/home/faculty /home/ 1 10 * * * scp -r -p -v root@10.10.15.39:/etc/passwd /etc/passwd 1 10 * * * scp -r -p -v root@10.10.15.39:/etc/shadow /etc/shadow 1 10 * * * scp -r -p -v root@10.10.15.39:/etc/groups /etc/groups Linux server configuration, administration and network security for the Computer Science Department, SRMCEM, Lucknow. 86 CS Department, SRMGPC, Lucknow Automatic entries into files to be scheduled on the cron server. Linux server configuration, administration and network security for the Computer Science Department, SRMCEM, Lucknow. 87 CS Department, SRMGPC, Lucknow Iptables Configuration: [root@CS-Dept-Server ~]#iptables –F [root@CS-Dept-Server ~]#chkconfig iptables off [root@CS-Dept-Server ~]#service iptables stop [root@CS-Dept-Server ~]#service iptables save SELINUX configuration [root@CS-Dept-Server ~]#setenforce 1 Network configuration [root@CS-Dept-Server ~]cat /etc/sysconfig/network-scripts/ifcfg-eth0 DEVICE=eth0 BOOTPROTO=static TYPE=Ethernet IPV6INIT=no ONBOOT=yes HWADDR=00:1E:EC:8B:67:1F IPADDR=10.10.15.39 NETMASK=255.255.255.0 GATEWAY=10.10.15.1 [root@CS-Dept-Server ~]cat /etc/sysconfig/network NETWORKING=yes HOSTNAME=server.cs.dept [root@CS-Dept-Server ~]cat /etc/resolv.conf search cs.dept nameserver 10.10.15.39 Linux server configuration, administration and network security for the Computer Science Department, SRMCEM, Lucknow. 88 CS Department, SRMGPC, Lucknow Security Enhancement modules Limitations to the user accounts had been provided through limiting the access through ssh, telnet and even processes. [root@CS-Dept-Server ~]#cat /etc/security/limits.conf @cs31 hard nproc 30 @cs32 hard nproc 30 @cs33 hard nproc 30 @cs34 hard nproc 30 @cs51 hard nproc 30 @cs52 hard nproc 30 @cs53 hard nproc 30 @cs54 hard nproc 30 Linux server configuration, administration and network security for the Computer Science Department, SRMCEM, Lucknow. 89 CS Department, SRMGPC, Lucknow @cs71 hard nproc 30 @cs72 hard nproc 30 @cs73 hard nproc 30 @cs74 hard nproc 30 - maxlogins lconf - maxlogins 1 [root@CS-Dept-Server ~]#cat /etc/ssh/sshd_config AllowGroups cs31 cs32 cs33 cs34 cs51 cs52 cs53 cs54 cs71 cs72 cs73 cs74 DenyUsers root DenyGroups root Linux server configuration, administration and network security for the Computer Science Department, SRMCEM, Lucknow. 90 CS Department, SRMGPC, Lucknow [root@CS-Dept-Server ~]#runlevel N 7 The current runlevel of the system during normal startup has been set to 7. Local system security through three level password. Users trying to login into the server has to provide the sequence of passwords: Grub level password init 1,2,4 have been blocked, so the users can enter only into 3 and 5 levels through the grub prompt. Pass phrase has to be provided for the security certificates thus enabling all the other remote services to the clients. Next comes the login prompt for the normal user on the standalone system. When login into the system through remote SSH client software the following permissions are denied. Last login: Sun Apr 10 18:20:13 2011 from 10.10.10.45 -bash: /usr/bin/id: Permission denied Linux server configuration, administration and network security for the Computer Science Department, SRMCEM, Lucknow. 91 CS Department, SRMGPC, Lucknow -bash: [: =: unary operator expected -bash: /usr/bin/id: Permission denied -bash: /usr/bin/id: Permission denied [lconf@CS-Dept-Server ~]$ Linux server configuration, administration and network security for the Computer Science Department, SRMCEM, Lucknow. 92 CS Department, SRMGPC, Lucknow Permission removed from unwanted commands: Only around 200 commands have been provided to the users as shown below: Limitations to the system calls and the header files used in gcc and g++: By limiting the access to the header files whenever a user tries to exploit the kernel through c programs or fork bombs, then the following message is seen: Linux server configuration, administration and network security for the Computer Science Department, SRMCEM, Lucknow. 93 CS Department, SRMGPC, Lucknow Linux server configuration, administration and network security for the Computer Science Department, SRMCEM, Lucknow. 94 CS Department, SRMGPC, Lucknow CHAPTER 6 Simulation and testing The simulation of the working modules of the project are checked by the script named ―simulation.sh‖. The script has been designed to start all the services of the servers configured through the lconf module and even checks the status of the services. Linux server configuration, administration and network security for the Computer Science Department, SRMCEM, Lucknow. 95 CS Department, SRMGPC, Lucknow Linux server configuration, administration and network security for the Computer Science Department, SRMCEM, Lucknow. 96 CS Department, SRMGPC, Lucknow The contents of the simulation script are shown below: #!/bin/bash echo " -lconf- ver 1.0 " echo " -- Saransh Srivastava " iptables -F service iptables stop service iptables save chkconfig iptables off chkconfig network on service network restart chkconfig yum-updatesd on service yum-updatesd restart chkconfig sshd on service sshd restart chkconfig vsftpd on service vsftpd restart chkconfig crond on service crond restart chkconfig smb on service smb restart chkconfig sendmail on service sendmail restart chkconfig postfix on service postfix restart chkconfig syslog on service syslog restart chkconfig xinetd on service xinetd restart chkconfig ntpd on service ntpd restart Linux server configuration, administration and network security for the Computer Science Department, SRMCEM, Lucknow. 97 CS Department, SRMGPC, Lucknow chkconfig portmap on service portmap restart chkconfig nfs on service nfs restart chkconfig ypserv on service ypserv restart chkconfig yppasswdd on service yppasswdd restart chkconfig autofs on service autofs restart chkconfig squid on service squid restart chkconfig httpd on iptables -F service iptables stop service iptables save chkconfig iptables off chkconfig network on service network status chkconfig yum-updatesd on service yum-updatesd status chkconfig sshd on service sshd status chkconfig vsftpd on service vsftpd status chkconfig crond on service crond status chkconfig smb on service smb status chkconfig sendmail on service sendmail status Linux server configuration, administration and network security for the Computer Science Department, SRMCEM, Lucknow. 98 CS Department, SRMGPC, Lucknow chkconfig postfix on service postfix status chkconfig syslog on service syslog status chkconfig xinetd on service xinetd status chkconfig ntpd on service ntpd status chkconfig portmap on service portmap status chkconfig nfs on service nfs status chkconfig ypserv on service ypserv status chkconfig yppasswdd on service yppasswdd status chkconfig autofs on service autofs status chkconfig squid on service squid status When the above shown script is run on the fully configured server then the following result is observed: [root@CS-Dept-Server]# sh simulation.sh -lconf- ver 1.0 -- Saransh Srivastava Flushing firewall rules: [ OK ] Setting chains to policy ACCEPT: filter [ OK ] Unloading iptables modules: [ OK ] Shutting down interface eth0: [ OK ] Shutting down loopback interface: [ OK ] Linux server configuration, administration and network security for the Computer Science Department, SRMCEM, Lucknow. 99 CS Department, SRMGPC, Lucknow Disabling IPv4 packet forwarding: net.ipv4.ip_forward = 0 [ OK ] Bringing up loopback interface: [ OK ] Bringing up interface eth0: [ OK ] Stopping yum-updatesd: [ OK ] Starting yum-updatesd: [ OK ] Stopping sshd: [ OK ] Starting sshd: [ OK ] Shutting down vsftpd: [ OK ] Starting vsftpd for vsftpd: [ OK ] Stopping crond: [ OK ] Starting crond: [ OK ] Shutting down SMB services: [ OK ] Shutting down NMB services: [ OK ] Starting SMB services: [ OK ] Starting NMB services: [ OK ] Shutting down sm-client: [ OK ] Shutting down sendmail: [ OK ] Starting sendmail: [ OK ] Starting sm-client: [ OK ] Starting postfix: [ OK ] Shutting down kernel logger: [ OK ] Shutting down system logger: [ OK ] Starting system logger: [ OK ] Starting kernel logger: [ OK ] Stopping xinetd: [ OK ] Starting xinetd: [ OK ] Shutting down ntpd: [ OK ] Starting ntpd: [ OK ] Stopping portmap: [ OK ] Starting portmap: [ OK ] Linux server configuration, administration and network security for the Computer Science Department, SRMCEM, Lucknow. 100 CS Department, SRMGPC, Lucknow Shutting down NFS mountd: [ OK ] Shutting down NFS daemon: [ OK ] Shutting down NFS quotas: [ OK ] Shutting down NFS services: [ OK ] Starting NFS services: [ OK ] Starting NFS quotas: [ OK ] Starting NFS daemon: [ OK ] Starting NFS mountd: [ OK ] Stopping YP server services: [ OK ] Starting YP server services: [ OK ] Stopping YP passwd service: [ OK ] Starting YP passwd service: [ OK ] Stopping automount: [ OK ] Starting automount: [ OK ] Stopping squid:. [ OK ] Starting squid:. [ OK ] Shutting down dhcpd: [ OK ] Starting dhcpd: [ OK ] Stopping named: [ OK ] Starting named: [ OK ] Stopping Dovecot Imap: [ OK ] Starting Dovecot Imap [ OK ] Flushing firewall rules: [ OK ] Setting chains to policy ACCEPT: filter [ OK ] Unloading iptables modules: [ OK ] Configured devices: lo eth0 Currently active devices: lo eth0 yum-updatesd (pid 8157) is running... openssh-daemon (pid 8085) is running... Linux server configuration, administration and network security for the Computer Science Department, SRMCEM, Lucknow. 101 CS Department, SRMGPC, Lucknow vsftpd (pid 8106) is running... crond (pid 8122) is running... smbd (pid 8141) is running... nmbd (pid 8144) is running... sendmail (pid 8175) is running... master is stopped syslogd (pid 8265) is running... klogd (pid 8268) is running... xinetd (pid 8285) is running... ntpd (pid 8304) is running... portmap (pid 8325) is running... rpc.mountd (pid 8399) is running... nfsd (pid 8396 8395 8394 8393 8392 8391 8390 8389) is running... rpc.rquotad (pid 8384) is running... ypserv (pid 8429) is running... rpc.yppasswdd (pid 8448) is running... automount (pid 8480) is running... squid (pid 8510) is running... dhcpd (pid 8532) is running... number of zones: 6 debug level: 0 xfers running: 0 xfers deferred: 0 soa queries in progress: 0 query logging is OFF recursive clients: 0/1000 tcp clients: 0/100 server is up and running named (pid 8584) is running... dovecot (pid 8607) is running... Linux server configuration, administration and network security for the Computer Science Department, SRMCEM, Lucknow. 102 CS Department, SRMGPC, Lucknow Total list of scripts in the lconf modules is shown in the figure below. Linux server configuration, administration and network security for the Computer Science Department, SRMCEM, Lucknow. 103 CS Department, SRMGPC, Lucknow CHAPTER 7 Result Analysis We all agree with this fact that sooner Windows will be replaced by Linux Based OS. Enterprise development managers see far greater potential for Linux replacing Windows as an operating system than replacing UNIX. Since Linux can readily deploy on Intel-based commodity servers, the open-source operating system is competitive in terms of hardware requirements. These are some major issues of a server environment which is better provided by the Linux (Open Source) environment or other open source products than when we compare it with the Windows Server (Closed Source) or any of its products. The results of the observations during the real time working of the modules are analyzed as: The following SSH results have been analyzed 874 users logged in, total tasks 1049 Linux server configuration, administration and network security for the Computer Science Department, SRMCEM, Lucknow. 104 CS Department, SRMGPC, Lucknow A total of 1001 users logged in and 1176 processes are running on the system System unable to create any further logins, thus showing the error Linux server configuration, administration and network security for the Computer Science Department, SRMCEM, Lucknow. 105 CS Department, SRMGPC, Lucknow Transfer speed through SSH client and the server while downloading data Observed speed at 57 KB/sec Observed speed at 103 KB/sec Linux server configuration, administration and network security for the Computer Science Department, SRMCEM, Lucknow. 106 CS Department, SRMGPC, Lucknow Observed speed at 196 KB/sec. Transfer speed through SSH client and the server while uploading data Observed speed at 120 KB/sec Linux server configuration, administration and network security for the Computer Science Department, SRMCEM, Lucknow. 107 CS Department, SRMGPC, Lucknow Observed speed at 265 KB/sec. SAMBA downloading speed Linux server configuration, administration and network security for the Computer Science Department, SRMCEM, Lucknow. 108 CS Department, SRMGPC, Lucknow SAMBA uploading speed FTP Downloading speed Linux server configuration, administration and network security for the Computer Science Department, SRMCEM, Lucknow. 109 CS Department, SRMGPC, Lucknow FTP uploading restrictions Linux server configuration, administration and network security for the Computer Science Department, SRMCEM, Lucknow. 110 CS Department, SRMGPC, Lucknow CHAPTER 8 Limitations There have been so many glowing stories on the use of Linux that one might come away with the impression that Linux is an elixir that solves myriad business problems, and that it is always cheaper than alternatives. But like a lot of technologies before it, Linux has, to some degree, been overhyped. There is no question that companies can sometimes cut costs and increase productivity by using Linux systems instead of Unix or Microsoft Windows. Customers say these include a lack of mature development tools, too many Linux variants, acquisition costs for more sophisticated versions of the software and lack of applications for small and medium-sized businesses. Linux is not the only alternative to Windows. Apple's (Unix based) Mac OSX is a very viable alternative, as is FreeBSD. There are other OS's, but few have the capabilities of Windows, Linux, OSX, and FreeBSD. The only real limitation of Linux compared to Windows is that most PC games are release for Windows but not Linux. DItto OSX. Worse for FreeBSD. Some software (eg Cedega) will allow you to play most PC games on Linux, but not all, and not really easily. It is harder to sync your Windows Mobile Smartphone to Linux, but then it's not 100pct reliable on Windows either. In every other respect Linux is similar or superior in capability to Windows, with a minor bit of retraining. Windows has a massive install base and widespread vendor support. Linux is not as comprehensively understood and supported. This is why people say Linux is harder than Windows, even though you apply exactly the same learning process to Linux that you did to Windows. Many programs are available for Windows that are simply not operable in Linux due to this vendor support. Linux is better than Windows, because Linux is by nature more secure: the way Linux handles users and permissions naturally limits the scope of a virus or Trojan. Linux is also free. Linux also does not participate in thinly disguised blackmail. Linux does not Linux server configuration, administration and network security for the Computer Science Department, SRMCEM, Lucknow. 111 CS Department, SRMGPC, Lucknow promote vendor lock. Linux presents a similar user experience across hardware platforms. Linux allows a user to leverage training to multiple roles rather than isolating user skills from admin skills. Before kernel 2.4, the maximum number of threads available is determined by the minimum of: The user processes setting (ulimit -u) in /etc/security/limits.conf. The limit MAX_TASKS_PER_USER defined in /usr/include/linux/tasks.h. (This change requires the Linux kernel to be recompiled.) The limit PTHREAD_THREADS_MAX defined in libpthreads.so. (This change requires the Linux kernel to be recompiled.) Maximum Memory and CPU Limitations for Linux Server Intel x86 Maximum CPUs: 32 (including logical CPUs) Maximum memory: 64GB Maximum file size: 8TB Maximum file system size (ext3): 16TB Maximum per-process virtual address space: 4GB AMD 64/EM64T (CentOS 5.x/RHEL 5.x Linux specific info) Maximum CPUs: 256 Maximum memory: 256GB Maximum file size: 8TB Maximum file system size (ext3): 16TB Maximum per-process virtual address space: N/A Please note that above are standard maximum limitations and do not get confused with Linux cluster systems, which can scale up to 1,024 CPUS. Linux server configuration, administration and network security for the Computer Science Department, SRMCEM, Lucknow. 112 CS Department, SRMGPC, Lucknow CHAPTER 9 Conclusion of the project Will Linux Replace Windows-Based Operating Systems? This is a really good question for discussion. And we all agree with this fact that sooner Windows will be replaced by Linux Based OS. Enterprise development managers see far greater potential for Linux replacing Windows as an operating system than replacing UNIX. Since Linux can readily deploy on Intel-based commodity servers, the open-source operating system is competitive in terms of hardware requirements. Forty-two percent of the respondents to this survey agree with this notion, and believe Linux is likely to replace Windows. Close to one out of five respondents, 18%, say this is a virtual certainty. We have been successful in implementing the various services and protocols in our project. The mail server, web server, file sharing, RAID and all have been successfully implemented and is working properly on a small group of network in our Computer Labs. Now this can be scaled up to bigger level very easily. The results showed by a Linux Server is very promising as we can see from the graph that has been developed on the basis of the surveys conducted by the Evans data Corp. and other surveyors which can be found on the web by searching it on some search engines like Google and Yahoo. Now we can conclude by saying that Linux Operating System promises a very secure, cost-effective and better in terms of Reliability, Performance, Manageability, Availability, Capacity, Security and Scalability. These are some major issues of a server environment which is better provided by the Linux (Open Source) environment or other open source products than when we compare it with the Windows Server (Closed Source) or any of its products. All in all, we have brought up many points as per which using Microsoft Windows is a disadvantage for both the corporate and home users. People are creatures of habit, and since many users have been using Windows since its early days, they fear change or plunging into the unknown world of another operating system. Microsoft is in the game to make money for its software, and this is not the ideal scenario Linux server configuration, administration and network security for the Computer Science Department, SRMCEM, Lucknow. 113 CS Department, SRMGPC, Lucknow for producing top quality software. If Windows were perfect, users would have no reason to upgrade and buy the latest version. This is apparent when comparing Windows to Linux side by side. In most cases, Windows lacks functionality where Linux makes up for this and has perfected in areas where Windows lacks, thus giving it a large amount of functionality that is already built in and works right out of the box. Neither Windows nor Linux are perfect, but when you compare the two side by side, Linux has the decades of building blocks to make it extremely stable, backed by a vast community that give it a competitive edge over Windows. Linux has bad rumors floating around about it not being very friendly in the home user arena. In the past these rumors have been true. But what people don't realize is that Linux has been greatly improved over the years by thousands of peoples' hard and diligent work, and refined to the point that it is quite easy to install and use. Microsoft's operating system upgrades over the years have proven to be bumpy rides, time and time again. Personally, we feel that this will always be the case (and the situation may even become worse in future versions) as long as Windows is a commercial product. Microsoft's recent release Windows Vista has proven to be a failure for a lot of its consumers, and a lot are finally abandoning ship and looking at Apple's Macintosh or using Linux on IBM/Intel hardware. Both MacOS and Linux operating systems are Unix-based derivatives, which continue to prove themselves over. Especially Linux, which is the focus of this document, proves itself to be reliable, cost efficient, and does everything the consumer wants and more without the huge list of usual Windows headaches and burdens. So, if we base our assumptions on the current trends and posted data all over the Internet, people are moving to Linux and are staying with it, which is a true sign of the winner in my opinion when you weigh out Windows and Linux on the big scale. Just because Windows is pushed to market and is used more in our everyday world today doesn't mean it's the better choice for tomorrow. Linux server configuration, administration and network security for the Computer Science Department, SRMCEM, Lucknow. 114 CS Department, SRMGPC, Lucknow CHAPTER 10 Future Scope of the Project This project is one of a few of its kind providing support to companies, institutes and enterprises by automating the process of Linux server configuration. The future of this project can be estimated from the fact that there are an ever growing number of companies, institutes and an ever growing number of users of the Linux operating system. Since the lconf provides automated configuration environment to the raw machine, any novice can easily use the functionalities of the servers. There have been many features that this project possesses and many activities that it automates but still is not all encompassing. This project can further be enhanced to include better security measures, graphical interfaces and resource allocation. So as this project succeeds to fulfill its objectives, more and more activities are going to be included in it and finally make it self sufficient in managing the entire working of a institute or a company effectively. Linux server configuration, administration and network security for the Computer Science Department, SRMCEM, Lucknow. 115 CS Department, SRMGPC, Lucknow References [1] A Practical Guide to Red Hat Linux, Third Edition: Fedora™ Core and Red Hat Enterprise Linux. [2] David A. Patterson, Garth Gibson, and Randy H. Katz (1988) „A Case for Redundant Arrays of Inexpensive Disks (RAID).‟ University of California, Berkley. [3] Eric Allman and Gregory Neil Shapiro (1999) „Sendmail Evolution: 8.10 and Beyond.‟ USENIX Annual Technical Conference, FREENIX Track Monterey, CA. [4] Red Hat - The Complete Reference Enterprise Linux & Fedora Edition. [5] Red Hat Enterprise Linux System Administration – RH133. [6] Red Hat Linux Bible: Fedora and Enterprise Edition. [7] Red Hat Linux Essentials – RH033. [8] Red Hat Network Services and Security Administration –RH253. [9] Samba Installation, Configuartion and Sizing Guide by Christopher Snell, Laurent Vanel, Leornardo Monteiro and Steven Pemberton (2000). [10] Red Hat Server and network Security – RHS333 [11] Diomidis Spinellis and Stephanos Androutsellis-Theotokis (December 2004) „A Survey of Peer-to-Peer Content Distribution Technologies‟ at Athens University of Economics and Business. ACM Computing Surveys, 36(4):335–371. Linux server configuration, administration and network security for the Computer Science Department, SRMCEM, Lucknow. 116 CS Department, SRMGPC, Lucknow [12] http://en.wikipedia.org/wiki/Comparison_of_Windows_and_Linux [13] http://en.wikipedia.org/wiki/DC%2B%2B [14] http://en.wikipedia.org/wiki/Distributed_computing [15] http://en.wikipedia.org/wiki/File_sharing [16] http://en.wikipedia.org/wiki/Internet_Message_Access_Protocol [17] http://en.wikipedia.org/wiki/Linux [18] http://en.wikipedia.org/wiki/Mail_transfer_agent [19] http://en.wikipedia.org/wiki/Mail_User_Agent [20] http://en.wikipedia.org/wiki/Network_File_System_%28protocol%29 [21]http://en.wikipedia.org/wiki/Open_Network_Computing_Remote_Procedure_Call [22] http://en.wikipedia.org/wiki/Peer-to-peer [23] http://en.wikipedia.org/wiki/RAID [24] http://en.wikipedia.org/wiki/Samba_%28software%29 [25] http://en.wikipedia.org/wiki/Secure_Shell [26] http://en.wikipedia.org/wiki/Sendmail Linux server configuration, administration and network security for the Computer Science Department, SRMCEM, Lucknow. 117 CS Department, SRMGPC, Lucknow [27] http://en.wikipedia.org/wiki/Shell_script [28] http://en.wikipedia.org/wiki/Usage_share_of_operating_systems [29] http://groups.google.com/group/net.unix-wizards/msg/4dadd63a976019d7 [30]http://idea.sec.gov/Archives/edgar/data/789019/000119312508162768/d10k.htm [31] http://members.apex-internet.com/sa/windowslinux/index.html [32] http://www.computerhope.com/issues/ch000575.htm [33] http://www.faqs.org/docs/air/tsshell.html [34] http://www.freeos.com/guides/lsst/index.html [35] http://www.gnu.org/licenses/gpl.html [36]http://www.lincoln.edu/math/rmyrick/ComputerNetworks/InetReference/index.htm [37] http://www.linux.com/archive/feature/113755 [38] http://www.redhat.com [39] http://www.rtcubed.com/consulting/linux-advantages-disadvantages.html [40] http://www.spinellis.gr/pubs/jrnl/2004-ACMCS-p2p/html/AS04.html
 * -fstype=nfs : / For example * -fstype=nfs 10.10.15.39:/rhome/lconf Restart the following portmap and the autofs services for the proper working of the NIS client
 * -fstype=nfs : / For example * -fstype=nfs 10.10.15.39:/var/ftp/pub/
 * .debug @lconf *.debug @lconf Restart the syslog service through following commands:
 * 1) anon_root=/backup/new/ local_enable=YES # # Uncomment this to enable any form of FTP write command. write_enable=YES # # Default umask for local users is 077. You may wish to change this to 022, # if your users expect that (022 is used by most other ftpd's) local_umask=022 # # Uncomment this to allow the anonymous FTP user to upload files. This only # has an effect if the above global write enable is activated. Also, you will # obviously need to create a directory writable by the FTP user. anon_upload_enable=YES anon_mkdir_write_enable=YES dirmessage_enable=YES # # Activate logging of uploads/downloads. xferlog_enable=YES # # Make sure PORT transfer connections originate from port 20 (ftp-data). connect_from_port_20=YES idle_session_timeout=600 # # You may change the default value for timing out a data connection. data_connection_timeout=120 # You may fully customise the login banner string: ftpd_banner=Welcome to FTP service for the CS Department.
 * 1) m4 /etc/mail/sendmai.mc > /etc/mail/sendmail.cf Restart the sendmail service through following commands: