Secure System Administration & Secure System Administration & Certification Certification The Linux Network The Linux Network Administration Guide Administration Guide (Ch. 1-5, part of 11) (Ch. 1-5, part of 11) Jim Arrowood Jim Arrowood Michael Linnenburger Michael Linnenburger Nick Davis Nick Davis University of Tulsa University of Tulsa Department of Mathematical & Computer Sciences Department of Mathematical & Computer Sciences CS 5493/7493 Secure System Administration & CS 5493/7493 Secure System Administration & Certification Certification Dr. Mauricio Papa Dr. Mauricio Papa
Transcript
Secure System Administration & Secure System Administration & CertificationCertification
The Linux Network Administration Guide The Linux Network Administration Guide(Ch. 1-5, part of 11)(Ch. 1-5, part of 11)
Jim ArrowoodJim Arrowood Michael Linnenburger Michael Linnenburger
Nick Davis Nick Davis
University of TulsaUniversity of TulsaDepartment of Mathematical & Computer SciencesDepartment of Mathematical & Computer Sciences
CS 5493/7493 Secure System Administration & CertificationCS 5493/7493 Secure System Administration & CertificationDr. Mauricio PapaDr. Mauricio Papa
Guide Overview
Chapter 1
• History of Networking
• UUCP
• TCP/IP
• Various Protocols
• Various Hardware
• General Security
Chapter 2
• Classes
• Subnets
• ARP
• Gateways
• ICMP
Chapter 3
• Network Hardware
• Kernel Configuration
• Ethernet
• PPP
Chapter 4
• Introduction to Serial Devices
• Serial Login
Chapter 5
• TCP/IP Networking• Setting Hostname• IP Address Assignment• ifconfig/ping/route• Ethernet Interface• ifconfig in Detail• netstat in Detail• Checking ARP
Chapter 11
• NAT
Chapter 1Introduction to Networking
History of Networking
• Stone Age (A->B->C)• Network - a collection of hosts that are able to
communicate with each other.• Hosts are often computers, but need not be• Small collections of hosts are called sites• Communication is impossible without some sort
of language or code– In computer networks, these languages are collectively
referred to as protocols
TCP/IP Networks
• Packet - a small chunk of data that is transferred from one machine to another across the network
• Packet Switching-shares a single network link among many users by alternately sending packets from one user to another across that link
TCP/IP In Action
• $ rlogin quark.physics • Welcome to the Physics Department at GMU (ttyq2) • login:
• $ DISPLAY=erdos.maths:0.0 • $ export DISPLAY
• The X windows system is a fully network-aware graphical user environment
• $startx – starts an X windows session.
Ethernets
• Most common type of LAN hardware
• Inexpensive
• Net transfer rate of 10, 100, or even 1,000 Megabits per second
• Thick, thin, and twisted pair
Thick & Thin Ethernet
• Thin - T-shaped “BNC” connector, 200 M Distance, 10base-2
• Thick - Vampire Tap, 500M Distance, 10base-5
Twisted Pair
• Uses two pairs of copper wires
• Requires additional hardware known as active hubs
• RJ45, 100M, 10base-T, 100base-T.
Adding a Machine
• Thin-take network down
• Thick-complicated, but doesn’t take network down
• Twisted Pair - easy, plug into hub/switch
Ethernet Drawback
• Cable Length – limits use to LANsThe solution:Repeaters - copy the signals between two or more segments
so that all segments together will act as if they are one Ethernet.
Due to timing requirements, there may not be more than four repeaters between any two hosts on the network.
Bridges and routers are more sophisticated. They analyze incoming data and forward it only when the recipient host is not on the local Ethernet.
Ethernet Bus
• Host may send packets of up to 1,500 bytes to another host on the same Ethernet.
• A host is addressed by a six-byte address hardcoded into the firmware of its Ethernet network interface card (NIC).
• Addresses are usually written as a sequence of two-digit hex numbers separated by colons, as in aa:bb:cc:dd:ee:ff (MAC Address).
Collision
• If two stations try to send at the same time, a collision occurs.
• Detected very quickly by NICs and are resolved by the two stations aborting the send, each waiting a random interval and re-attempting the transmission
• Shouldn't be surprised to see collision rates of up to about 30 percent
IP
• Turns physically dissimilar networks into “one” network
• Requires a hardware-independent addressing scheme
• Achieved by assigning each host a unique 32-bit number called the IP address
• An IP address is usually written as four decimal numbers, one for each 8-bit portion, separated by dots. For example a machine might have an IP address of 0x954C0C04, which would be written as 149.76.12.4.
TCP
• IP is not reliable…then comes TCP• Checks the integrity and completeness of the data
and retransmits it in case of error• TCP identifies the end points of a connection by
the IP addresses of the two hosts involved and the number of a port on each host.
• Ports may be viewed as attachment points for network connections.
TCP Drawback
• Overhead
• It takes at least three datagrams to establish a TCP connection, another three to send and confirm a small amount of data each way, and another three to close the connection
UDP
• User Datagram Protocol
• UDP provides us with a means of using only two datagrams to achieve almost the same result.
• UDP is said to be connectionless, and it doesn't require us to establish and close a session
More on Ports
• The IETF (Internet Engineering Task Force), regularly releases an RFC titled Assigned Numbers (RFC-1700).
• It describes, among other things, the port numbers assigned to well-known services.
• Linux uses a file called /etc/services that maps service names to numbers.
A Mention of UUCP
• Unix to Unix Copy
• Main application is still in Wide Area Networks, based on periodic dialup telephone links
• Operates in Batch Mode
Linux Networking
• Net-4 Linux Network code offers a wide variety of device drivers and advanced features.
• Includes SLIP, PPP, PLIP (for parallel lines), IPX, Appletalk, AX.25, NetRom, and Rose (for amateur radio networks), SAMBA, and Novell NCP.
• Other standard Net-4 features include IP firewalling, IP accounting, and IP Masquerading.
• IP tunnelling in a couple of different flavors and advanced policy routing are supported.
System Maintenance
• Log File Scripts
• cron jobs
System Security
• Mail Alias for Root
• The COPS program will check your file system and common configuration files for unusual permissions
• When making a service accessible to the network, make sure to give it least privilege
System Security Ctd.
• Tripwire - allows you to check vital system files to see if their contents or permissions have been changed.
• Computes various strong checksums over these files and stores them in a database
• During subsequent runs, the checksums are recomputed and compared to the stored ones to detect any modifications.
Chapter 2Issues of TCP/IP Networking
Networking Interfaces
• For each peripheral networking device, a corresponding interface has to be present in the kernel.
• For example, Ethernet interfaces in Linux are called by such names as eth0 and eth1; PPP interfaces are named ppp0 and ppp1
IP Address Classes
• Class A comprises networks 1.0.0.0 through 127.0.0.0. The network number is contained in the first octet
• Allowing roughly 1.6 million hosts per network
• Class B contains networks 128.0.0.0 through 191.255.0.0; the network number is in the first two octets
• Allows for 16,320 nets with 65,024 hosts each
• Class C networks range from 192.0.0.0 through 223.255.255.0, with the network number contained in the first three octets
• Allows for nearly 2 million networks with up to 254 hosts
• Classes D, E, and F Addresses falling into the range of 224.0.0.0 through 254.0.0.0 are either experimental or are reserved for special purpose use and don't specify any network.
Private IP Use
• Class Networks– A 10.0.0.0 through 10.255.255.255– B 172.16.0.0 through 172.31.0.0– C 192.168.0.0 through 192.168.255.0
Special Purpose IP
• Octets 0 and 255 are reserved for special purposes. • An address where all host part bits are 0 refers to
the network, and an address where all bits of the host part are 1 is called a broadcast address.
• This refers to all hosts on the specified network simultaneously. Thus, 149.76.255.255 is not a valid host address, but refers to all hosts on network 149.76.0.0.
Special Purpose IP Ctd.
• Usually, address 127.0.0.1 will be assigned to a special interface on your host, the loopback interface, which acts like a closed circuit.
• Any IP packet handed to this interface from TCP or UDP will be returned to them as if it had just arrived from some network.
Address Resolution
• ARP - mechanism that maps IP addresses onto the addresses of the underlying network
• A datagram is addressed to all stations on the network simultaneously. The broadcast datagram sent by ARP contains a query for the IP address. Each receiving host compares this query to its own IP address and if it matches, returns an ARP reply to the inquiring host.
• The inquiring host can now extract the sender's Ethernet address from the reply.
Subnetworks
• Hosts with identical IP network numbers should be found within the same network
• The number of bits that are interpreted as the subnet number is given by the so-called subnet mask, or netmask. This is a 32-bit number too, which specifies the bit mask for the network part of the IP address.
• A class B network number of 149.76.0.0 has a netmask of 255.255.0.0.
Gateways
• A gateway is a host that is connected to two or more physical networks simultaneously and is configured to switch packets between them.
ICMP
• Internet Control Message Protocol (ICMP), used by the kernel networking code to communicate error messages to other hosts
• There is one very interesting message called the Redirect message.
• It is generated by the routing module when it detects that another host is using it as a gateway, even though a much shorter route exists
Resolving Host Names
• The need to map numbers to names• On a small network like an Ethernet or even a
cluster of Ethernets, it is not very difficult to maintain tables mapping hostnames to addresses.
• This information is usually kept in a file named /etc/hosts
• This is why a new name resolution scheme was adopted in 1994: the Domain Name System
Config Network H/W
- 3.0 Config Network H/W
- 3.1 Kernel Config (Overview)
- 3.2 Tour of Network Dev
- 3.3 Ethernet Install
- 3.5 PPP-Dialup
3.0 Config Network H/W
• Hardware == Physical device– i.e., Ethernet, FDDI, or Token Ring
• Device Driver– Auto Probing– i.e., ISA, PCI, MCA, PCMCIA, and USB– I/O and Memory Address– Interrupt Request Number (IRQ)
3.0 Config Network H/W
• Interfaces in /dev– Type ls –las /dev/
• Dev files– Type b block device– Type c character device– Major & minor device numbers– Defined in kernel not real files in /dev
3.0 Config Network H/W
3.0 Config Network H/W
3.1 Kernel Config (Overview)
• Distribution media supplied w/boot disks• Basics of compiling Linux in Matt Welsh’s book,
running Linux (O’Reilly)• Linux kernel numbering 2.2.14
– 1st digit major version
– 2nd digit minor version• Even production, or stable
• Odd development, or unstable
– 3rd incremented for each release of a minor
3.1 Kernel Config (Overview)
• Make menuconfig– Offers list of config questions– Asks whether you want TCP/IP networking
support.– You must answer this with y to get a kernel
capable of networking
3.1 Kernel Options (Linux 2.2)
• After General Section– Config for SCSI/sound cards
– Config for network support
3.1 Kernel Options (Linux 2.2)
3.1 Kernel Options (Linux 2.2)
3.1 Kernel Options (Linux 2.2)
3.1 Kernel Options (Linux 2.2)
3.1 Kernel Networking Options (Linux 2.2)
3.1 Kernel Networking Options (Linux 2.2)
3.2 Tour of Network Dev
• Lo loopback
• Eth0 ethernet
• Tr0 Token Ring
• Sl0 SLIP transport
• Ppp0 PPP transport
Ethernet Install
• Ethernet HOWTO– Donald Becker wrote most drivers for the
National Semi 8390 chip set• Becker Series Drivers
– Many other developers have contributed drivers– Few common Ethernet cards aren’t supported
Ethernet Install
• Ethernet HOWTO– Autoprobing– Append option in the lilo.conf file
• ether=irq,base_addr,[param1,][param2,]name– irq, base_addr, andname parameters are required
– the two param parameters are optional
PPP-Dialup
• Serial port connection– Chapter 4 Config the Serial hardware– Chapter 8 The Point-to-Point Protocol
Serial Dev
- 4.2 Intro to Serial Dev
- 4.6 Serial Login (Getty, mgetty)
4.2 Intro to Serial Dev
• tty Teletype device (Char-based)– Serial devices– Virtual terminals– Pseudo-terminal
• For standalone operation, the loopback address is all you need– This is always 127.0.0.1, and refers to the local machine
• With a “real” network (e.g. Ethernet), you have to assign your machine an IP address on the network– If your machine is on a private network, you can give it an IP from one
of the reserved ranges (A, B, or C):
– Otherwise, you want to network your computer to the Internet. Your friendly network administrator should help you in this case.
• In order to have multiple Ethernets (and other networks) operating simultaneously, you have to split up your network into subnets
• Example: for two Ethernets on a private class B network, we can assign each network its own subnet, 172.16.1.0 and 172.16.2.0, with a subnet mask of 255.255.255.0.
A gateway is required so these networks can talk to each other. This is usually assigned the first host number on each subnet, e.g. 172.16.1.1 and 172.16.2.1
• After subnetting the network, the next step is to configure hostname resolution, which is done in the /etc/hosts file
• This file tells applications how to resolve the IP address of a host, and can be configured to use DNS first, then the /etc/hosts file if DNS doesn’t provide the info, for example
• Even if DNS is used, it’s a good idea to have hostnames in /etc/hosts
• To setup your host resolver to use the /etc/hosts file, edit /etc/host.conf to the following:
• After hardware configuration, the next step is to make these devices known to the kernel networking software, which involves configuring and testing an interface
• The three commands used for this are ifconfig (”interface” config), ping, and route– ifconfig – used to make an interface accessible to the kernel
networking layer. This involves IP address assignment and other parameters, and ”bringing up” an interface or activation.
– ping – used to see if the given address is reachable; also prints the time it takes (round-trip time)
– route – can be used to add/remove routes from the kernel routing table.
• These interface activation tasks are usually performed at boot by a network initialization script, and usually aren’t needed unless there’s a networking issue
• Normal command-line format:ifconfig interface [address [parameters]]
• Without any additional options, ifconfig will display all active interfaces configured on your machine
• If you want to see the config for a specific intferface (e.g. the first Ethernet interface, eth0), you can use ifconfig interface, which looks like the following:
• Some interesting ifconfig parameters include:up – makes the interface accessible to the IP layerdown – makes an interface inaccessible to the IP layernetmask mask – assigns a subnet mask to be used by an interfacebroadcast address – usually made up from the network number by setting all bits of the host partpromisc – puts the interface in promiscuous mode. On a broadcast network, this makes the interface receive all packets, regardless of whether they were destined for this host or not.
