SUSE Linux Enterprise Server Administration Course 3037 Chapter
- Slides: 67
SUSE Linux Enterprise Server Administration (Course 3037) Chapter 9 Enable Internet Services SUSE Linux Enterprise Server Administration (Course 3037)
Objectives • • Configure SUSE Linux Enterprise Server Time Enable a Web Server (Apache) Enable the Extended Internet Daemon (xinetd) Enable an FTP Server SUSE Linux Enterprise Server Administration (Course 3037) 2
Configure SUSE Linux Enterprise Server Time • Objectives – – SUSE Linux Enterprise Server Time Overview How to Synchronize Time with hwclock and netdate What Network Time Protocol (NTP) Is How to Synchronize Time with NTP SUSE Linux Enterprise Server Administration (Course 3037) 3
SUSE Linux Enterprise Server Time Overview • Hardware clock and system clock – Hardware clock • Runs independently of any control program • Part of the ISA standard • Also called the BIOS clock or CMOS clock – System time • Time kept by a clock inside the Linux kernel • Driven by a timer interrupt • Number of seconds since 00: 00 January 1, 1970, UTC • Synchronized to the hardware clock when Linux first starts SUSE Linux Enterprise Server Administration (Course 3037) 4
SUSE Linux Enterprise Server Time Overview (continued) • Hardware clock and system clock (continued) – date and adjtimex commands • Adjust system time – ntpd • Regulates the system clock – hwclock command • Sets the hardware clock – Linux kernel maintains local time zone for the system SUSE Linux Enterprise Server Administration (Course 3037) 5
SUSE Linux Enterprise Server Time Overview (continued) • GMT (UTC) and local time – UTC (Universal Time Coordinated) • Also referred to as GMT (Greenwich mean time) • Variable HWCLOCK in /etc/sysconfig/clock has the value -u – Local time • Variable HWCLOCK has the value --localtime • Time configuration files – Current time (system time) is calculated using variable TIMEZONE • In the file /etc/sysconfig/clock SUSE Linux Enterprise Server Administration (Course 3037) 6
SUSE Linux Enterprise Server Time Overview (continued) • Time configuration files (continued) – Directory /usr/share/zoneinfo/ • Database of all time zones – cat /proc/driver/rtc • Displays the hardware clock time SUSE Linux Enterprise Server Administration (Course 3037) 7
How to Synchronize Time with hwclock and netdate • How to use hwclock – – – Tool for accessing the hardware clock Displays the current time Sets the hardware clock to a specified time Sets the hardware clock to the system time Sets the system time from the hardware clock Run hwclock periodically • To insert or remove time from the hardware clock – Uses device special file /dev/rtc SUSE Linux Enterprise Server Administration (Course 3037) 8
How to Synchronize Time with hwclock and netdate (continued) SUSE Linux Enterprise Server Administration (Course 3037) 9
How to Synchronize Time with hwclock and netdate (continued) • How to use netdate – Sets up the system time once only – Syntax: netdate timeserver 1 timeserver 2. . . • timeserver represents a time server on a network • netdate client compares server times with its own time • Time differences are sorted into groups and used to update time on the local server – Syntax: netdate time_source • Synchronizes time to a specific external time source – hwclock --systohc or hwclock –w • Sets the hardware clock to the system clock time SUSE Linux Enterprise Server Administration (Course 3037) 10
What Network Time Protocol (NTP) Is • NTP – Industry standard protocol – Uses UDP on port 123 to communicate between time providers and time consumers – NTP time provider • Server that provides NTP time – NTP time consumer • Seeks NTP time from an NTP time provider – NTP synchronizes clocks to the UTC standard – Keeps track of consistent time variations SUSE Linux Enterprise Server Administration (Course 3037) 11
What Network Time Protocol (NTP) Is (continued) • Stratum – Designation of the location of servers in NTP tree hierarchy • NTP daemon (xntpd) – Used by server and client to give and obtain time – Designed to adjust time continuously • Regularly correcting local computer clock on the basis of collected correction data • Continuously correcting local time with the help of time servers in the network • Enabling management of local reference clocks SUSE Linux Enterprise Server Administration (Course 3037) 12
What Network Time Protocol (NTP) Is (continued) SUSE Linux Enterprise Server Administration (Course 3037) 13
What Network Time Protocol (NTP) Is (continued) • NTP terms – Drift • ntpd measures and corrects for incidental clock frequency error – And writes the current value to a file /etc/ntp/drift – Jitter • Estimated time error of the peer clock • How the NTP daemon works – Automatically synchronizes system time • With a time server on an ongoing basis SUSE Linux Enterprise Server Administration (Course 3037) 14
What Network Time Protocol (NTP) Is (continued) • How the NTP daemon works (continued) – Correction takes place in small increments – Synchronizations occur about once per minute • Increasing gradually to once per 17 minutes – Slewing • NTP adjustment for small time differences – Stepping • NTP adjustment for large time differences – NTP averages the results of several time exchanges SUSE Linux Enterprise Server Administration (Course 3037) 15
How to Synchronize Time with NTP • Start NTP from the command line – – – – Start script is /etc/init. d/xntpd Central configuration file is /etc/ntp. conf Start NTP daemon using rcxntpd start Stop NTP daemon using rcxntpd stop Restart NTP daemon using rcxntpd restart Check status using rcxntpd status Start NTP automatically when system boots • insserv /etc/init. d/xntpd SUSE Linux Enterprise Server Administration (Course 3037) 16
How to Synchronize Time with NTP (continued) • Adjust the time with ntpdate – Perform a one-time update of the client to the server • • rcxntpd stop ntpdate timeserver hwclock --systohc rcxntpd start • Configure the NTP server (/etc/ntp. conf) – Add following entries to /etc/ntp. conf server 127. 1. 0 # local clock (LCL) fudge 127. 1. 0 stratum 10 # LCL is unsynchronized SUSE Linux Enterprise Server Administration (Course 3037) 17
How to Synchronize Time with NTP (continued) • Configure the NTP server (/etc/ntp. conf) (continued) – Entries for current time ## Outside source of synchronized time server ptbtime 1. ptb. de server ptbtime 2. ptb. de – Synchronization methods • Polling • Broadcasting – Entries including name for the drift file driftfile /var/lib/ntp/drift/ntp. drift logfile /var/log/ntp SUSE Linux Enterprise Server Administration (Course 3037) 18
How to Synchronize Time with NTP (continued) • Configure an NTP client with Ya. ST – Start Ya. ST NTP Client module – Configure NTP client to start each time you boot your system – Enter an NTP server – Configure your server to synchronize against multiple remote hosts • Or against a locally connected clock (optional) – Configure the NTP client by selecting Finish – Close the Ya. ST Control Center (optional) SUSE Linux Enterprise Server Administration (Course 3037) 19
How to Synchronize Time with NTP (continued) SUSE Linux Enterprise Server Administration (Course 3037) 20
How to Synchronize Time with NTP (continued) • Trace the time source with ntptrace – ntptrace • Traces source of time that a time consumer is receiving • Lists – Client name – Its stratum – Its time offset from the local host – Synchronization distance – ID of the reference clock attached to a server – Synchronization distance is a measure of clock accuracy SUSE Linux Enterprise Server Administration (Course 3037) 21
How to Synchronize Time with NTP (continued) • Query the NTP daemon status – Enter ntpq –d to display information such as: • • • remote refid st when poll reach delay offset jitter SUSE Linux Enterprise Server Administration (Course 3037) 22
Exercise 9 -1 Configure Linux Time with NTP • In this exercise, you do the following: – Part I: Check System Time and Hardware Clock Time – Part II: Enable NTP Client with Ya. ST SUSE Linux Enterprise Server Administration (Course 3037) 23
Enable a Web Server (Apache) • Objectives – How a Web Server Works – Apache and SUSE Linux Enterprise Server – How to Configure an Apache HTTP Server with Ya. ST SUSE Linux Enterprise Server Administration (Course 3037) 24
How a Web Server Works • What a Web server is – Software program that runs on a host computer • And delivers files over the Internet – Lets you publish Hypertext Markup Language (HTML) documents – Can also distribute many other types of files – Must be physically connected to a TCP/IP-based network SUSE Linux Enterprise Server Administration (Course 3037) 25
How a Web Server Works (continued) • How a Web server labels content types – Web browser relies on a Multipurpose Internet Mail Extension (MIME) header • To correctly identify and display document types – More than 360 MIME types are included with the Apache Web server • URL components – Protocol, such as http: //, https: //, ftp: // – Domain, can be divided into two parts – Resource, specifies full path to the resource SUSE Linux Enterprise Server Administration (Course 3037) 26
How a Web Server Works (continued) • How a Web server delivers content – Web server works in a client-server relationship • Client programs are usually Web browsers – Client program requests information • Apache then delivers the actual resource – HTML pages can be stored in a directory – Requests and transfers use HTTP • Which is part of the TCP/IP suite of protocols – Commands and data are passed to port 80 • Through a TCP connection SUSE Linux Enterprise Server Administration (Course 3037) 27
Apache and SUSE Linux Enterprise Server • Installation of Apache packages – Basic installation, select package apache 2 – Multiprocessing, install apache 2 -prefork or apache 2 worker – Documentation, install apache 2 -doc – Development and compilation, install apache 2 -devel • Activating Apache – Activate it in the runlevel editor – Test Apache entering http: //localhost/ in a Web browser SUSE Linux Enterprise Server Administration (Course 3037) 28
Apache and SUSE Linux Enterprise Server (continued) • Storing Web resource files for Apache – Static Web pages • Place your files in /srv/www/htdocs/ – Custom CGI scripts • Store custom CGI scripts in /srv/www/cgi-bin/ – Log files • Apache writes log messages to /var/log/apache 2/access_log SUSE Linux Enterprise Server Administration (Course 3037) 29
Apache and SUSE Linux Enterprise Server (continued) • Expanding Apache functionality – Apache can execute CGI scripts in diverse programming languages – There are modules for secure data transmission – In Apache 2 almost everything is handled by means of modules – Apache 2 does not necessarily need to be a Web server • There is a proof-of-concept POP 3 server module based on Apache SUSE Linux Enterprise Server Administration (Course 3037) 30
Apache and SUSE Linux Enterprise Server (continued) • Security guidelines for Apache Web server – – Limit unneeded servers Limit access to Document. Root Specify subdirectories for user Web content Keep updated on vulnerabilities SUSE Linux Enterprise Server Administration (Course 3037) 31
How to Configure an Apache HTTP Server with Ya. ST • Steps – Start the Ya. ST HTTP Server module – Enable the HTTP server by selecting Enabled – Adapt the firewall to the ports where Apache 2 listens (optional) – Edit HTTP server settings – View existing HTTP server logs – Save the settings – Close the Ya. ST Control Center (optional) SUSE Linux Enterprise Server Administration (Course 3037) 32
How to Configure an Apache HTTP Server with Ya. ST (continued) SUSE Linux Enterprise Server Administration (Course 3037) 33
Exercise 9 -2 Enable a Basic Apache Web Server • In this exercise, you do the following: – Part I: Configure an Apache Server – Part II: Test the Apache Server Configuration SUSE Linux Enterprise Server Administration (Course 3037) 34
Enable the Extended Internet Daemon (xinetd) • Objectives – – What inetd Is How to Configure xinetd with Ya. ST How to Manage xinetd Manually How to Configure the TCP Wrapper SUSE Linux Enterprise Server Administration (Course 3037) 35
What inetd Is • Many services are administered and started through inetd or xinetd • Acts as a mediator of connection requests for a series of services • Advantage – Saving resources (especially memory) • Disadvantage – Delay occurs while the required service is loaded, started, and connected • Use inetd for services that are occasionally needed SUSE Linux Enterprise Server Administration (Course 3037) 36
How to Configure xinetd with Ya. ST • Steps – – Start the Ya. ST Network Services (inetd) module Enable the inetd super daemon Configure a service to be administered by inetd Change the status of all installed services to on or off (optional) – Save the configuration setting and start the inetd (or xinetd) daemon – Close the Ya. ST Control Center (optional) SUSE Linux Enterprise Server Administration (Course 3037) 37
How to Configure xinetd with Ya. ST (continued) SUSE Linux Enterprise Server Administration (Course 3037) 38
How to Manage xinetd Manually • Start, stop, and restart xinetd – /etc/init. d/xinetd script started by xinetd – insserv xinetd • Automatically starts xinetd at boot – rcxinetd status • Verify whether daemon is activated or not – rcxinetd start or rcxinetd stop • Manually start and stop the xinetd daemon SUSE Linux Enterprise Server Administration (Course 3037) 39
How to Manage xinetd Manually (continued) • Configure xinetd – How to Edit the File /etc/xinetd. conf • Default parameters syntax defaults { key operator parameter. . . } • Service syntax service_name { key operator parameter. . . } – Operators include =, -=, and += SUSE Linux Enterprise Server Administration (Course 3037) 40
How to Manage xinetd Manually (continued) • Configure xinetd (continued) – How to Edit the File /etc/xinetd. conf • First entry is optional and enables default configurations • Other entries contain configuration for the respective network service – The directory /etc/xinetd. d/ • Holds configuration file for every service • Directive includedir /etc/xinetd. d – Prompts xinetd to interpret all files in this directory • Using separate files improves transparency SUSE Linux Enterprise Server Administration (Course 3037) 41
How to Manage xinetd Manually (continued) SUSE Linux Enterprise Server Administration (Course 3037) 42
How to Manage xinetd Manually (continued) • Configure xinetd (continued) – Internal services example # /etc/xinet. d/echo # default: off # description: An echo server. This is the tcp version. service echo { type = INTERNAL id = echo-stream socket_type = stream protocol = tcp user = root wait = no disable = yes } SUSE Linux Enterprise Server Administration (Course 3037) 43
How to Manage xinetd Manually (continued) SUSE Linux Enterprise Server Administration (Course 3037) 44
How to Manage xinetd Manually (continued) • Configure access control – Parameters • only_from – Defines which hosts can use which service • no_access – Defines which hosts can be excluded from access • access_time – Defines at which times the service is available • disabled – Completely shuts off a server – Can only be used in the defaults section SUSE Linux Enterprise Server Administration (Course 3037) 45
How to Manage xinetd Manually (continued) • Configure log files – Record failed and unauthorized connection attempts – Shut off a service but still retain its logging functions • Configure only_from without using any additional parameters – Logging through xinetd is controlled by the log_type statement • Along with the attributes log_on_success and log_on_failure – Log the circumstances of how and why the network service was used SUSE Linux Enterprise Server Administration (Course 3037) 46
How to Configure the TCP Wrapper • The role of the tcpd daemon – Regulates access to inetd services – Wrapper acts as a filter – Steps • • Logs name and address of requesting host Verifies if the request is permitted Starts the corresponding daemon Then the wrapper is deleted from memory – After an authorized server has started • It can accept additional connections • Without consulting the wrapper SUSE Linux Enterprise Server Administration (Course 3037) 47
How to Configure the TCP Wrapper (continued) • How to configure access controls – Edit /etc/hosts. allow and /etc/hosts. deny files – Files syntax: daemon: host [: option. . . ] – Examples • /etc/hosts. allow: ALL: pluto. example. com ALL EXCEPT vsftpd: mars. example. com vsftpd: andromeda. example. com • /etc/hosts. deny: ALL SUSE Linux Enterprise Server Administration (Course 3037) 48
How to Configure the TCP Wrapper (continued) SUSE Linux Enterprise Server Administration (Course 3037) 49
How to Configure the TCP Wrapper (continued) SUSE Linux Enterprise Server Administration (Course 3037) 50
How to Configure the TCP Wrapper (continued) • How to check the TCP wrapper – Use tcpdchk command – tcpdmatch command • Provides information about how tcpd would handle various types of access attempts – Moles and trappers • You can enter shell commands in the configuration files – To be executed when request matches a pattern • Example ALL: spawn echo "Access of %u@%h to %d" >> /var/log/net. log SUSE Linux Enterprise Server Administration (Course 3037) 51
How to Configure the TCP Wrapper (continued) SUSE Linux Enterprise Server Administration (Course 3037) 52
Exercise 9 -3 Configure the Internet Daemon (xinetd) and TCP Wrappers • In this exercise, you do the following: – Part I: Enable xinetd Services with Ya. ST – Part II: Enable xinetd Services Manually – Part III: Configure TCP Wrappers SUSE Linux Enterprise Server Administration (Course 3037) 53
Enable an FTP Server • Objectives – – – The Role of an FTP Server How FTP Works Advantages of Pure. FTPd Server How to Install and Run Pure. FTPd Server How to Configure Pure. FTPd Server SUSE Linux Enterprise Server Administration (Course 3037) 54
The Role of an FTP Server • Basic features: – Sending, receiving, deleting, and renaming files – Creating, deleting, and changing directories – Transferring data in binary or ASCII mode • Allows accesses after authentication against a password database – These are the files /etc/passwd and /etc/shadow – Pure. FTPd supports authentication against its own password database • Guest access can be set up as anonymous FTP SUSE Linux Enterprise Server Administration (Course 3037) 55
How FTP Works • Uses two TCP connections – One sends FTP command (port 21) – Second connection is created when a file is ready for transfer • Types of data transfer – Active data transfer • FTP client offers FTP server an unprivileged TCP port for data channel connection (port 20) – Passive data transfer • FTP server offers FTP client an unprivileged TCP port for a data channel connection SUSE Linux Enterprise Server Administration (Course 3037) 56
Advantages of Pure. FTPd Server • Pure. FTPd features: – Consistent use of chroot environments – Uncomplicated configuration of virtual FTP servers – Virtual users independent of the system users listed in the file /etc/passwd – Configuration via command-line parameters or with a configuration file SUSE Linux Enterprise Server Administration (Course 3037) 57
How to Install and Run Pure. FTPd Server • Use Ya. ST Install and Remove Software module – To install the Pure. FTPd server • /etc/pure-ftpd. conf – Configuration file • Run Pure. FTPd server – From the command line • Enter pure-ftpd options – From a start script • Enter /etc/init. d/pure-ftpd start (or rcpure-ftpd start) • Enter rcpure-ftpd stop to stop the service SUSE Linux Enterprise Server Administration (Course 3037) 58
How to Install and Run Pure. FTPd Server (continued) • Run Pure. FTPd server (continued) – From a start script • insserv /etc/init. d/pure-ftpd to initialize pure-ftp upon start-up – From inet. d • Add a corresponding entry to the file /etc/inetd. conf • Example: ftp stream tcp nowait root /usr/sbin/tcpd pure-ftpd -A -i SUSE Linux Enterprise Server Administration (Course 3037) 59
How to Configure Pure. FTPd Server • How to configure anonymous FTP – You need to have an FTP user and home directory in the file /etc/passwd • You do not need to create any subdirectories – You can also use command pure-ftp – Files uploaded to the server belong to the user ftp • How to configure FTP with virtual hosts for anonymous FTP – Virtual FTP hosts allow a number of FTP sites to be hosted on one machine SUSE Linux Enterprise Server Administration (Course 3037) 60
How to Configure Pure. FTPd Server (continued) • How to configure FTP with virtual hosts for anonymous FTP (continued) – Create virtual network devices • Using ifconfig – Create symbolic link in /etc/pure-ftpd/ • How to configure FTP for authorized users – Important for those who are hosting Web sites – Use pure-ftpd command • pure-ftpd -A –E • pure-ftpd -a 500 -E SUSE Linux Enterprise Server Administration (Course 3037) 61
How to Configure Pure. FTPd Server (continued) • How to configure FTP with virtual users not included in /etc/passwd – Pure. FTP users are separated from system users • And can only access the system by FTP – Administer Pure. FTPd users in a separate database • • Create a system user with useradd Create the FTP users with pure-pw Specify options such as quotas or size limits in MB Regenerate password file using pure-pw mkdb – Start Pure. FTPd with -j SUSE Linux Enterprise Server Administration (Course 3037) 62
How to Manage Pure. FTPd Logs • Pure. FTPd sends messages to the syslog daemon • Pure. FTPd can also write its own log files – Use option -O format: logfile – Format can be clf, stats, or w 3 c – You can also modify Pure. FTP configuration file SUSE Linux Enterprise Server Administration (Course 3037) 63
Exercise 9 -4 Configure Anonymous Pure. FTPd Access • In this exercise, you will configure anonymous Pure. FTPd access SUSE Linux Enterprise Server Administration (Course 3037) 64
Summary • System time is maintained by the interrupt timer – And obtained from the computer hardware clock • netdate utility – Synchronizes system time • With that of another computer on the network • NTP – Accurately coordinates system time on your network • NTP automatically adjusts for local time drift • To configure NTP, you may use Ya. ST – Or edit the /etc/ntp. conf file SUSE Linux Enterprise Server Administration (Course 3037) 65
Summary (continued) • Apache Web server (httpd) – The most common Web server on Linux systems • Internet Super Daemon (inetd) or Extended Internet Super Daemon (xinetd) – Used to start some network daemons • TCP wrapper daemon (tcpd) – Used with inetd or xinetd to provide additional security • File Transfer Protocol (FTP) – Main TCP/IP protocol to transfer files across the Internet SUSE Linux Enterprise Server Administration (Course 3037) 66
Summary (continued) • Pure. FTPd server – Installed and used on SLES to provide FTP services to clients • Configure Pure. FTPd – Use pure-ftpd command – Or entries in the /etc/pure-ftpd. conf file SUSE Linux Enterprise Server Administration (Course 3037) 67
Suse linux administration
Suse linux 9
Suse linux remote desktop
Suse linux ag
Suse linux shutdown command
Private suse repository
Linux operation and administration chapter 8
Linux operations and administration
Postfix mysql
Linux kernel linux security module m1
Guilots
Suse container platform
Výbežok oceánu alebo mora do pevniny
Suse expanded support
Suse firewall
Web server administration
Webcam server linux
Linux virtual server project
Server linux emperor
Twping
Linux based server
Radius server linux
K12 linux
Inode 최대 개수
Sql server master data services tutorial
Teis integration
Tieto enterprise integration server
Centrixs cmfp
Putting the enterprise into the enterprise system
Enterprise
Responsible beverage server training course
Java ee 101
Half brick wall
Course title and course number
Course interne moyenne externe
Chapter 24 section 1 the nixon administration
Chapter 32 section 1 the nixon administration
Chapter 32 section 1 the nixon administration
Chapter 24 section 1 the nixon administration
Chapter 7 urban administration question answer
Chapter 17 dosage calculation and medication administration
Chapter 31 medication administration
Public administration chapter 1
Introduction to public administration
Chapter 2 free enterprise in the united states answer key
Goals of free enterprise
Assignment 3: free enterprise system
Monopoly is a menace of free enterprise
Goals of psychological enterprise
Chapter 7 the business of free enterprise
Managing the business enterprise
Course 2 chapter 1 ratios and proportional reasoning
Steve wyborney splat kindergarten
Chapter 13 personal financial management course
Integers warm up
Course 2 chapter 5 expressions
Stevewyborney.com splat
Laura herrera scott
Objectives of wage and salary administration
Voie d'administration sans effraction
Vietnam meteorological and hydrological administration
Transcontinental railroad apush
National academy for public administration
Draw a person test administration
Conclusion of management
Public administration definition
Route of administration of lozenges
Drug roa
