1
Linux Networking and Security
Chapter 4
2
Configuring Client Services
Configure “superservers” to handle multiple network services
Set up administrative services like logging and printing Use simple network information services like finger and
talk Understand basic mailing list and news server
configurations
3
The Superservers
Superservers listen on multiple network ports and start the appropriate service when a client connection arrives for that port.
xinetd is a superserver gaining popularity It is a revised version of inetd that creates a more secure
environment Shipped with Red Hat Linux
xinetd is the most widely used superserver Application level security is provided via TCP Wrappers - the
tcpd program
4
TCP Wrappers
5
TCP Wrappers
TCP Wrappers - tcpd - is an application-level access control program TCP Wrappers is not a firewall and should be used with one if
Linux security issues exist Configuration is done by two files: /etc/hosts.allow and
/etc/hosts.deny Ensure proper and expected configuration by testing carefully
before relying on it
6
TCP Wrappers
7
Services Beyond the Superserver
Many services do not rely on superservers, they are designed to run standalone Apache Web server is the best example of this Servers such as SMTP and FTP can be used in standalone
mode, or with inetd or xinetd FTP runs more efficiently in standalone mode if much FTP traffic
is expected
8
Exploring Network Testing Services
There are 5 common testing services and they are used via Telnet The echo service repeats back whatever you type showing that
a remote host is receiving typed data The chargen service returns a character stream and continues
to until the session is ended The discard service is like /dev/null The time service returns a number corresponding to the current
time and closes the connection The daytime service returns the current date/time in human-
readable form, then ends the session
9
Using Administrative Services
Logging with logd System logging can be done remotely using syslogd by enabling
another host to receive syslog messages across the network and specifying a host in /etc/syslog.conf
Printing with lpd Linux can print across the network using lpd when printer
definitions that specify remote hosts cause a local copy of lpd to contact lpd running on a remote host and forward the print job to that host
10
Using Administrative Services
11
Using Administrative Services
12
Using Administrative Services
Time Management with NTP Time in Linux is managed using the Network Time Protocol
(NTP) , which is implemented by the ntpd daemon On a LAN, NTP is designed to maintain correct time to within a
few milliseconds, the NTP protocol is designed for precision of 232 picoseconds
The ntpd program is installed on most Linux systems by default and it is controlled by a script in /etc/rc.d/init.d
13
Using Administrative Services
14
Understanding SNMP on Linux
The Simple Network management Protocol (SNMP) is designed to give feedback about how the components of the network are functioning Use SNMP to determine if routers are overloaded or whether
remote programs have crashed An SNMP-aware program running on a host is called an agent
and it is configured to watch for specific events on the host An SNMP console gathers data from agents on the network for
system administrator’s review
15
Benchmarking with NetPerf
NetPerf provides benchmarking service to help determine how the throughput of the networking hardware compares with others Benchmarking is the process of comparing items by evaluating
their performance on a fixed task Throughput tells how much data a connection can handle NetPerf easily tests network speeds using the UDP and TCP
transport protocols
16
Allowing Dial-in Access with a PPP Server
The same program, pppd, is used for both the client and server sides of a PPP connection; the only difference is who calls whom and how pppd is configured To set up a PPP dial-in server, you must have a getty-type
program that watches a modem mgetty is typically used since it was designed with modems in
mind mgetty starts pppd, however, mgetty must be configured to use
the AutoPPP command
17
Using Basic Information Services
Communicating with talk The talk program uses the talkd daemon to allow a real-time
conversation with another user who is logged in on a remote host and also using talkd
Talkd service must be enabled in /etc/inetd.conf or in /etc/xinetd.d/talkd
To work in a graphical display mode rather than a character-mode, access talkd functionality using a graphical tool such as Ktalk
18
Using Basic Information Services
19
Using Basic Information Services
Using finger to Collect User Information The finger program uses the finger protocol via the
in.fingerd.daemon.finger finger provides a user with information as to whether another
user is logged in and for how long, as well as the user’s full name
finger is enabled in /etc/inetd.conf or /etc/xinetd.d/finger To use a graphical finger client, use kfinger
20
Using Basic Information Services
21
Using Basic Information Services
Collecting Server Information with whois In order to learn more about a domain, access domain
information in the database maintained by the domain registrar The whois utility queries that database to learn about a specific
domain whois queries the main whois server, called whois.internic.net Use whois with the help parameter to learn about extended
queries you can make
22
Using Basic Information Services
Linux Telephony The term telephony typically refers to having a computer interact
with a telephone in such a way that it can be an answering machine, it can route and track calls, and act as a voice recorder
Linux has support for special hardware cards that allow you to connect phone lines to the system
Using Linux as a fax server is a simple but useful form of telephony
23
Using Basic Information Services
24
Using Basic Information Services
25
Understanding Mailing Lists and News Servers
A mailing list enables a group of users to share information on an ongoing basis via email The concept behind mailing lists is that when an email message
is sent (posted) to the email list, the mailing list manager (MLM) sends the message to all users on the list
To become a member of a mailing list, users subscribe, where unsubscribing removes user
26
Understanding Mailing Lists and News Servers
The advantage of mailing list software is that it automates subscribing, unsubscribing, and sending all the messages so individuals don’t have to spend time managing user lists One of the most widely used MLM packages is majordomo Other mailing list managers include: LISTSERV; ListProc;
SmartList; Mailman
27
Understanding Mailing Lists and News Servers
28
Understanding Mailing Lists and News Servers
Understanding Linux News Servers Newsgroup postings are passed around the Internet using
NNTP The most widely used Linux news server software is INN, with
the news server daemon innd For most networks, setting up a dedicated news server is not
worth the effort A better solution is to gain access to an ISP’s news server
29
Understanding Mailing Lists and News Servers
Linux News Clients Linux provides several good news clients that allow the reading
of newsgroup postings, either graphically or in text mode Most full-featured Web browsers now include newsgroup
browsing capabilities Netscape browser is a popular browser option Gnome and KDE are graphical options The most widely used text-mode news reader is trn
30
Understanding Mailing Lists and News Servers
31
Chapter Summary
The superservers, inetd and xinetd, listen to numerous ports and start network services when needed to respond to an incoming client request
Application-level security is provided for inetd via TCP Wrappers - the tcpd program
Ports are mapped to service names by the /etc/services file Some network services such as Apache Web server and the innd
news server are not designed to be run by the superserver but standalone
Network testing services such as chargen and echo are provided by inetd
32
Chapter Summary
System logging can be done remotely using syslogd by enabling another host to receive syslog messages across the network and specifying a host in /etc/syslog.conf
Linux can print across the network using lpd Time management in Linux is provided via NTP and the ntpd
daemon SNMP provides detailed information about what is happening on
hosts on a network NetPerf provides benchmarking service to help you determine
how the throughput of your networking hardware compare with that of other systems
33
Chapter Summary
To configure Linux as a PPP server, use mgetty or a similar program to watch for incoming modem calls
The talk system lets users communicate in real-time between hosts
Linux supports a number of chat-style messaging services such as Yahoo! Chat, America Online instant messager (AIM), and Microsoft Network
The finger program provides a small user account summary The whois command lets you query information about a domain
name through the network information databases maintained by name registers
34
Chapter Summary
Linux telephony is a growing field that allows your computer to interact with voice telephone systems
Voice-over-IP (VoIP) is a technology that allows you to make long-distance telephone calls
Mailing List Management (MLM) software provides automated management of message delivery between a potentially large number of users
Setting up a news server on Linux is possible, but maintaining such a server can entail much work
Many Web browsers include news-reading capability