Date post: | 26-Mar-2015 |
Category: |
Documents |
Upload: | austin-flood |
View: | 212 times |
Download: | 0 times |
© 2004 Hewlett-Packard Development Company, L.P.The information contained herein is subject to change without notice
Installation & management of SUSE Enterprise Linux 8
Server setup Module 6
24.11
Module objectives
When completing SUSE Linux setup, the administrator should be aware of:
• Database server support
• Thin client server
• Authentication server
• Security
34.11
SUSE – Database server (1 of 2)
MySQL is supported by SUSE and Webmin:
44.11
SUSE – Database server (2 of 2)
PostgreSQL is supported by SUSE and Webmin:
54.11
SUSE – Database support
A wide number of commercial databases are supported on SUSE Linux including
•IBM DB2
•IBM Informix
• Oracle
•Sybase
64.11
SUSE – Thin client server (1 of 4)
SUSE can be used as a server for thin clients. Included in SLES8 are:
• Tftp server
• Dhcp server (with bootp support)
A typical thin client like the Linux Terminal Server must also be loaded. The LTSP package is available tin RPM format from www.ltsp.org
74.11
SUSE – Thin client server (2 of 4)
• Tftp is an insecure protocol
• Wrappers should be used to prevent remote sites from gaining access to a system
84.11
SUSE – Thin client server (3 of 4)
Dhcp can be easily managed from webmin:
94.11
SUSE – Thin client server (4 of 4)
104.11
SUSE – Authentication server
• PAM (Pluggable Authentication Manager) is an integrated package that manages accounts, passwords, authentication and sessions.
• SUSE (like Red Hat) uses PAM for authentication. PAM supports the following authentication systems:– Windows Domain authentication with Samba– LDAP Domain integration with Windows– NIS (and NIS+)– Unix/Linux passwords (with or without /etc/shadow)
114.11
SUSE – Security Monitor
Security Applications
• Argus
• Ethereal
• Mon
• Mtr
• Nmap
• Nagios
• Saint
• ntop
• Traffic-vis
• Nessus
• Snort
• tcpdump
Security monitor applications (1 of 3)
124.11
Security monitor applications (2 of 3)
The rich set of SUSE security applications fall into a number of categories:
• Passive network packet sniffers
• Intrusion Detection Systems
• Active network Probes
• Active Network Monitors
134.11
Security monitor applications (3 of 3)
Passive network packet sniffers
• Tcpdump – a real-time text based packet sniffer
• Ethereal – a real-time graphic based packet sniffer
• Argus – batch mode IP transaction analysis and archiving tool
• Traffic-vis - batch mode packet analysis and archiving tool
• Ntop – a web oriented net traffic analysis tool
144.11
Security monitor - Ethereal
Ethereal from the SUSE Console:
154.11
Security monitor – Intrusion detection(1 of 2)
Intrusion Detection Systems
• Snort - open source network intrusion detection system manageable with Webmin (3rd party module)
164.11
Security monitor – Intrusion detection(1 of 2)
Snort record of intrusion attempts (/var/log/snort/alert):
174.11
Security - Network probes
Active network probes (black hat/white hat utilities)
• Saint – Security Administrators Integrated Network Tool
• Nessus – a client/server security scanner; nessus emulates viral and port scanning attacks on remote systems
• Nmap – a comprehensive port scanner
• Mtr – Matt’s combines the functionality of traceroute with ping yielding a continuous display of network route efficiencies
184.11
Security – Network monitors
Active Network Monitors
• Nagios – replaced NetSaint, a comprehensive network management tool
• Mon – a background monitoring tool
• Webmin – in addition to managing almost everything in a Linux/Unix environment, webmin also has a built in monitoring tool
194.11
Security monitor – Nagios (1 of 3)
204.11
Security monitor – Nagios (2 of 3)
214.11
Security monitor – Nagios (3 of 3)
224.11
Security Monitor – Webmin
Webmin’s system monitoring capability:
234.11
SUSE – e-mail server (1 of 4)
• SUSE Enterprise server includes postfix rather than sendmail as its MTA.
• Postfix is functionally identical to sendmail but claims to be easier to configure.
• Postfix is just … different, but does the same job
You be the judge:
244.11
SUSE – e-mail server (2 of 4)
The postfix admin page on webmin:
254.11
SUSE – e-mail server (3 of 4)
The sendmail admin page on webmin:
264.11
SUSE – e-mail server (4 of 4)
POP & IMAP
• SUSE and Red Hat use imap-2001a-xx.rpm as a basis for IMAP and POP(2,3)
• Internet daemon use– SUSE uses inet– Red Hat uses xinet
274.11
SUSE – Domain Name Service
Both SUSE and Red Hat use bind9 for DNS service, Bind may be serviced by Webmin:
284.11
SUSE – File server
SUSE can act like a NAS server or as a NAS client
• Network File System (nfs)
• SNB shares (Samba)
• Gigabit Ethernet support
• Fiber optic network support (Fiber channel, ethernet over fiber, FDDI)
• Huge Disk arrays with LVM
294.11
SUSE
… and lots more!
Learning check