Configuration of servers

Views:
 
Category: Education
     
 

Presentation Description

No description available.

Comments

Presentation Transcript

Configuration of servers:

Configuration of servers

Telnet Server:

Telnet Server Telnet is an Internet-standard utility and protocol based on Request for Comments (RFC)  This RFC specifies a method for transmitting and receiving unencrypted ASCII characters (plaintext) across a network. You can use a Telnet client running on one computer to connect to a command line-based session to run applications. Only character-based interfaces and applications are supported. There is no graphics capability in the Telnet environment.

PowerPoint Presentation:

Telnet Server Telnet Server hosts the remote sessions for Telnet clients.  Telnet Server is implemented in Windows as a service that can be configured to always run, even when no one is logged on to the server. When a Telnet client connects to a computer running Telnet Server, the remote user is asked to enter a user name and password

PowerPoint Presentation:

Installing Telnet Server On Windows Server 2008, you can install Telnet Server by using the Add Features Wizard in Server Manager. Although Server Manager opens by default when a member of the Administrators group logs on to the computer you can also open Server Manager by using commands on the  Start  menu in  Administrative Tools , and by opening  Programs in  Control Panel . On Windows Vista and later versions, you can install Telnet Server (and Telnet client) by opening  Control Panel , then  Programs , and then  Turn Windows features on or off .

Configuration of telnet server:

Configuration of telnet server The procedures in this section allow an administrator to configure the Telnet Server service to meet the requirements of the environment in which it is operating. To complete this task, you can perform the following procedures

PowerPoint Presentation:

Enable the Telnet Server Service   Telnet Server is a network service. When you install Windows 7, Windows Server 2008 , Windows Vista or Windows Server 2008, the files that make up the Telnet Server service are copied to your computer, but they are not yet operational. The Telnet service is disabled at first. You must enable the service by configuring the service to start when you need it. On a Telnet server that is regularly used, you might want to configure the service to start automatically every time Windows starts. You can also configure the Telnet Server service to start only when you start it manually.

PowerPoint Presentation:

To start or stop telnet server at command prompt Type one of the following commands: To start Telnet Server, type  net start telnet . To stop Telnet Server, type  net stop telnet .

Additional features:

Additional features If the Telnet Server fails to start, the most common reasons are: System Error 5. Access Denied.  This occurs when you run the command from a non-elevated command prompt.  System Error 1058 . This error occurs when the service is marked  Disabled  in the  Services  snap-in. Follow the steps in  Enable Telnet Server and start or stop it from the Windows interface  to fix this error. Firewall software . Ensure that your firewall software is configured to allow Telnet traffic in and out of the computer onto the network.

PowerPoint Presentation:

Grant Access to a Telnet Server   Configure Telnet Server Authentication   Configure Telnet Server to Allow Administrator Access by using Password Authentication   Configure the Command Interpreter Used by the Telnet Server   Configure the TCP Port Number Used by Telnet Server Configure Idle Session Timeouts for Telnet Sessions   Configure the Number of Simultaneous Sessions Supported   Configure the Domain Used for User Name Authentication  

PowerPoint Presentation:

Steps to enable telnet server/client  in Linux OS ( redhat , fedora, centos, etc) Step1: install telnet package [ [email protected] ~#]yum install telnet-server Step2: Edit telnet configuration file located in /etc/ xinetd.d /telnet [ [email protected] ~#]vi /etc/ xinetd.d /telnet Now open the file  /etc/ xinetd.d /telnet  in your favourite text editor and change the following line: disable = yes to read as: disable = no save and exit the file.

PowerPoint Presentation:

Step3: start/restart  xinetd service [ [email protected] ~#]service xinetd restart Step 4: Add xinetd service to start-up [ [email protected] ~#] chkconfig xinetd on Access telnet server from Windows Clients C:\>telnet<space>< ipaddress >         (in command prompt) eg :  C:\>telnet 192.168.10.26 and login with username and password From linux clients install telnet client package first. [ [email protected] ~#]yum install telnet and connect to server (server ip:192.168.10.26) [ [email protected] ~#]telnet 192.168.10.26

PowerPoint Presentation:

Step 5: In case if you have firewall ( iptables ) running, then you need to open the port 23 for the network from where you want to connect to server. For Example: To be able to connect from 192.168.0.0/24 network on both tcp and udp port 23, following rules might be appropriate for you: [ [email protected] ~]# iptables -I INPUT -s 192.168.0.0/24 -p tcp -- dport 23 -j ACCEPT [ [email protected] ~]# iptables -I INPUT -s 192.168.0.0/24 -p udp -- dport 23 -j ACCEPT 6. Step 6: To test the telnet server, try connecting to it from remote machine with following command: [ [email protected] ~]# telnet 1.2.3.4 <prompt for username and password> Replace 1.2.3.4 with your server's ip . 

Ftp Server:

Ftp Server File Transfer Protocol  ( FTP ) is a standard  network protocol  used to transfer files from one  host  to another host over a  TCP -based network. FTP is built on a  client-server  architecture and uses separate control and data connections between the client and the server. The server component is called an FTP daemon . It continuously listens for FTP requests from remote clients. When a request is received, it manages the login and sets up the connection. For the duration of the session it executes any of commands sent by the FTP client.

PowerPoint Presentation:

Access to an FTP server can be managed in two ways: Anonymous Authenticated In the Anonymous mode, remote clients can access the FTP server by using the default user account called "anonymous" or "ftp" and sending an email address as the password. In the Authenticated mode a user must have an account and a password. User access to the FTP server directories and files is dependent on the permissions defined for the account used at login. As a general rule, the FTP daemon will hide the root directory of the FTP server and change it to the FTP Home directory. This hides the rest of the file system from remote sessions.

VSFTPD:

VSFTPD Vsftpd is a popular FTP server for Unix/Linux systems. This is not just another ftp server, but a mature product that has been around for over 12 years in the Unix world. While Vsftpd it is found as an installation option on many Linux distributions, it is not often Linux system administrators are seeking for installation and configuration instructions for it.

PowerPoint Presentation:

vsftpd - FTP Server Installation vsftpd is an FTP daemon available in Ubuntu . It is easy to install, set up, and maintain. To install vsftpd you can run the following command: $ sudo apt-get install vsftpd sudo  is used to earn root access and be able to install and remove software. apt-get is the command used to manage any software and software sources OR #  yum install vsftpd Yum will automatically locate, download and install the latest vsftpd version.

PowerPoint Presentation:

Configure VSFTPD Server To open the configuration file, type: #  vi /etc/ vsftpd / vsftpd.conf

Anonymous FTP Configuration:

Anonymous FTP Configuration By default vsftpd is configured to only allow anonymous download. During installation a ftp user is created with a home directory of /home/ftp. This is the default FTP directory. If you wish to change this location, to / srv /ftp for example, simply create a directory in another location and change the ftp user's home directory: $ sudo mkdir / srv /ftp $ sudo usermod -d / srv /ftp ftp After making the change restart vsftpd : $ sudo /etc/ init.d / vsftpd restart

User Authenticated FTP Configuration :

User Authenticated FTP Configuration To configure vsftpd to authenticate system users and allow them to upload files edit /etc/ vsftpd.conf : local_enable =YES write_enable =YES Now restart vsftpd : $ sudo /etc/ init.d / vsftpd restart The  init.d  directory contains a number of start/stop scripts for various services on your system. Now when system users login to FTP they will start in their home directories where they can download, upload, create directories, etc. Similarly, by default, the anonymous users are not allowed to upload files to FTP server. To change this setting, you should uncomment the following line, and restart vsftpd : anon_upload_enable =YES

PowerPoint Presentation:

Enabling anonymous FTP upload can be an extreme security risk. It is best to not enable anonymous upload on servers accessed directly from the Internet. The configuration file consists of many configuration parameters. The information about each parameter is available in the configuration file. Alternatively, you can refer to the man page, man 5 vsftpd.conf for details of each parameter.

DHCP Server Configuration::

DHCP Server Configuration: The Dynamic Host Configuration Protocol (DHCP) is a network service that enables host computers to be automatically assigned settings from a server as opposed to manually configuring each network host. Computers configured to be DHCP clients have no control over the settings they receive from the DHCP server, and the configuration is transparent to the computer's user.

PowerPoint Presentation:

The most common settings provided by a DHCP server to DHCP clients include: IP-Address and Netmask DNS WINS A DHCP server can provide configuration settings using two methods: MAC Address Address Pool

PowerPoint Presentation:

MAC Address This method entails using DHCP to identify the unique hardware address of each network card connected to the network and then continually supplying a constant configuration each time the DHCP client makes a request to the DHCP server using that network device. Address Pool This method entails defining a pool (sometimes also called a range or scope) of IP addresses from which DHCP clients are supplied their configuration properties dynamically and on a "first come, first served" basis. When a DHCP client is no longer on the network for a specified period, the configuration is expired and released back to the address pool for use by other DHCP Clients.

Installation :

Installation At a terminal prompt, enter the following command to install dhcpd : $ sudo apt-get install dhcp3-server You will probably need to change the default configuration by editing /etc/dhcp3/ dhcpd.conf to suit your needs and particular configuration.

Configuration :

Configuration Most commonly, what you want to do is assign an IP address randomly. This can be done with settings as follows: # Sample /etc/ dhcpd.conf # (add your comments here) default-lease-time 600; max-lease-time 7200; option subnet-mask 255.255.255.0; option broadcast-address 192.168.1.255; option routers 192.168.1.254; option domain-name-servers 192.168.1.1, 192.168.1.2; option domain-name " mydomain.example "; subnet 192.168.1.0 netmask 255.255.255.0 { range 192.168.1.10 192.168.1.100; range 192.168.1.150 192.168.1.200; }

PowerPoint Presentation:

This will result in the DHCP server giving a client an IP address from the range 192.168.1.10 -192.168.1.100 or 192.168.1.150-192.168.1.200. It will lease an IP address for 600 seconds if the client doesn't ask for a specific time frame. Otherwise the maximum (allowed) lease will be 7200 seconds. The server will also "advise" the client that it should use 255.255.255.0 as its subnet mask, 192.168.1.255 as its broadcast address, 192.168.1.254 as the router/gateway and 192.168.1.1 and 192.168.1.2 as its DNS servers.

NFS Server:

NFS Server Network File System  ( NFS ) is a  distributed file system  protocol originally developed by  Sun Microsystems It builds on the  Open Network Computing Remote Procedure Call  (ONC RPC) system.

PowerPoint Presentation:

Some of the most notable benefits that NFS can provide are: Local workstations use less disk space because commonly used data can be stored on a single machine and still remain accessible to others over the network. There is no need for users to have separate home directories on every network machine. Home directories could be set up on the NFS server and made available throughout the network. Storage devices such as floppy disks, CDROM drives, and USB Thumb drives can be used by other machines on the network. This may reduce the number of removable media drives throughout the network.

PowerPoint Presentation:

Installation At a terminal prompt enter the following command to install the NFS Server: $ sudo apt-get install nfs -kernel-server

PowerPoint Presentation:

Configuration Sharing directory with /etc/exports You can configure the directories to be exported by adding them to the /etc/exports file. For example: / ubuntu *( ro,sync,no_root_squash ) /home *( rw,sync,no_root_squash ) To export /sales to hostname tom and jerry, enter: /sales tom( ro,sync ) jerry( ro,sync ) Rsync  ( Remote Sync ) is a most commonly used command for  copying  and  synchronizing files and directories  remotely  as well as   locally  in  Linux / Unix  systems. With the help of  rsync command you can copy and synchronize your data remotely and locally across directories, across disks and networks, perform data backups and mirroring between two Linux machines. You can replace * with one of the hostname formats. Make the hostname declaration as specific as possible so unwanted systems cannot access the NFS mount.

PowerPoint Presentation:

2. Start NFS service To start the NFS server, you can run the following command at a terminal prompt: $ sudo /etc/ init.d / nfs -kernel-server start [ [email protected] client]# /etc/ init.d / nfs start Starting NFS services:                                     [  OK  ] Starting NFS quotas:                                       [  OK  ] Starting NFS mountd :                                       [  OK  ] Stopping RPC idmapd :                                       [  OK  ] Starting RPC idmapd :                                       [  OK  ] Starting NFS daemon:                                       [  OK  ] [ [email protected] client]# chkconfig nfs on

PowerPoint Presentation:

 NFS Client Configuration Files NFS shares are mounted on the client side using the mount command. The format of the command is as follows: mount -o <options> <host> : </remote/export> </local/directory> Replace  <options>  with a comma separated list of options for the NFS file system. intr  — Allows NFS requests to be interrupted if the server goes down or cannot be reached. nfsvers =2 or  nfsvers =3 — Specifies which version of the NFS protocol to use. nolock  — Disables file locking. This setting is occasionally required when connecting to older NFS servers. noexec  — Prevents execution of binaries on mounted file systems. This is useful if the system is mounting a non-Linux file system via NFS containing incompatible binaries.

PowerPoint Presentation:

nosuid  — Disables set-user-identifier or set-group-identifier bits. This prevents remote users from gaining higher privileges by running a setuid program. rsize =8192 and  wsize =8192 — These settings speed up NFS communication for reads ( rsize ) and writes ( wsize ) by setting a larger data block size, in bytes, to be transferred at one time. tcp  — Specifies for the NFS mount to use the TCP protocol instead of UDP. Replace  <host>  with the remote host,  </remote/export>  with the remote directory being mounted, and replace  </local/directory>  with the local directory where the remote file system is to be mounted.

SSH Sever:

SSH Sever Secure Shell  ( SSH ) is a network protocol that allows data to be exchanged over a secure channel between two computers. Encryption provides confidentiality and integrity of data. SSH uses public-key cryptography to authenticate the remote computer and allow the remote computer to authenticate the user, if necessary. An SSH server, by default, listens on the standard TCP port 22. An SSH client program is typically used for establishing connections to an  sshd  daemon accepting remote connections. Both are commonly present on most modern operating systems, including Mac OS X, GNU/Linux, Solaris and OpenVMS. Proprietary, freeware and open source versions of various levels of complexity and completeness exist.

PowerPoint Presentation:

Installation At a terminal prompt, enter the following command to install the Ssh server: $ sudo apt-get install openssh

Configuration :

Configuration Ensure that the following options in the configuration file /etc/ ssh / sshd_config  are set to yes: StrictModes PubkeyAuthentication Determine if the SSH server daemon  sshd  is running. $ / sbin /service sshd status If the SSH server daemon  sshd  is not running, start this daemon. If the daemon is running, no further action is required. $ / sbin /service sshd start

PowerPoint Presentation:

Testing the SSH Setup on a Host From another host, use SSH to log in into the host that you are testing as the SSH user. $ ssh -l user-name host- nameuser - name The user name for the SSH user's account on the host. host- name The host name of the host that you are logging in to. In response to the prompt, type your password. If this step succeeds, your setup of SSH is complete.

PowerPoint Presentation:

The SSH client configuration file is  /etc/ ssh / ssh_config  or ~/. ssh / config . Daemon The SSH daemon configuration file can be found and edited in /etc/ ssh / ssh d _config . To allow access only for some users add this line: AllowUsers user1 user2 To add a nice welcome message edit the file /etc/issue and change the Banner line into this: Banner /etc/issue

Proxy server Squid:

Proxy server Squid Squid is a full-featured web proxy cache server application which provides proxy and cache services for Hyper Text Transport Protocol (HTTP), File Transfer Protocol (FTP), and other popular network protocols. Squid can implement caching and proxying of Secure Sockets Layer (SSL) requests and caching of Domain Name Server (DNS) lookups, and perform transparent caching. Squid also supports a wide variety of caching protocols, such as Internet Cache Protocol, (ICP) the Hyper Text Caching Protocol, (HTCP) the Cache Array Routing Protocol (CARP), and the Web Cache Coordination Protocol. (WCCP)

PowerPoint Presentation:

Installation At a terminal prompt, enter the following command to install the Squid server: $ sudo apt-get install squid

PowerPoint Presentation:

Server Configuration Step #1 : Squid configuration so that it will act as a transparent proxy Step #2 : Iptables configuration a) Configure system as router b) Forward all http requests to 3128 (DNAT) Step #3: Run scripts and start squid service

PowerPoint Presentation:

Configuration Squid is configured by editing the directives contained within # vi /etc/squid/ squid.conf Copy the /etc/squid/ squid.conf file and protect it from writing with the following commands entered at a terminal prompt: $ sudo cp /etc/squid/ squid.conf /etc/squid/ squid.conf.original $ sudo chmod a-w /etc/squid/ squid.conf.original chmod a-w removes all writing permissions

PowerPoint Presentation:

Iptables configuration Next, I had added following rules to forward all http requests (coming to port 80) to the Squid server port 3128 : iptables -t nat -A PREROUTING - i  eth1 -p tcp -- dport  80 -j DNAT --to 192.168.1.1:3128 iptables -t nat -A PREROUTING - i  eth0 -p tcp -- dport  80 -j REDIRECT --to-port 3128 Start or Restart the squid: # /etc/ init.d /squid restart # chkconfig squid on

Web server(Apache) HTTPD:

Web server(Apache) HTTPD Apache is the most commonly used Web Server on Linux systems. Web Servers are used to serve Web Pages requested by client computers. Clients typically request and view Web Pages using Web Browser applications such as Firefox , Opera , or Mozilla . Apache Web Servers are often used in combination with the MySQL database engine, the HyperText Preprocessor ( PHP ) scripting language, and other popular scripting languages such as Python and Perl . This configuration is termed LAMP (Linux, Apache, MySQL and Perl/Python/PHP) and forms a powerful and robust platform for the development and deployment of Web-based applications.

PowerPoint Presentation:

Installation At a terminal prompt enter the following command: $ sudo apt-get install apache2 Configuration Apache comes with the three configuration files

PowerPoint Presentation:

1. httpd.conf : this is the configuration file related to the server in itself. Open the file  httpd.conf  in editor. ServerName ServerAdmin  (enter your e-mail address). 2. access.conf : this is the configuration file related to access to directories and services in the Web server.  <Directory /home/ httpd /html>  and look for the  Options  line and change it to allow Server Side Includes

PowerPoint Presentation:

3. srm.conf : this is the configuration file related to the location of the document root, directory information formatting, user directories, etc  If you want to change the location of the document root, look for the line  DocumentRoot /home/ httpd /html  and change it to a new location,but do not forget to move its three sub-directories (html, cgi -bin and icons) to the new location To complete the installation of server side includes be sure that the following two lines are present: AddType  text/html   . shtml AddHandler  server-parsed   . shtml

PowerPoint Presentation:

Starting Apache Type in a shell prompt as root: /etc/ rc.d / init.d / httpd  start  to start the server. To stop or restart use the same script but replacing  start  with  stop  or  restart .

Samba:

Samba One of the most common ways to network Ubuntu and Windows computers is to configure Samba as a File Server. This section covers setting up a Samba server to share files with Windows clients. The server will be configured to share files with any client on the network without prompting for a password.

PowerPoint Presentation:

Installation The first step is to install the samba package. From a terminal prompt enter: $ sudo apt-get install samba Configuration The main Samba configuration file is located in /etc/samba/ smb.conf .

PowerPoint Presentation:

First, edit the following key/value pairs in the [global] section of etc/samba/ smb.conf : workgroup = EXAMPLE security = user comment: a short description of the share. Adjust to fit your needs. path: the path to the directory to share. browsable : enables Windows clients to browse the shared directory using Windows Explorer . guest ok: allows clients to connect to the share without supplying a password. read only: gives write access to the shared directory. create mask: determines the permissions new files will have when created.

PowerPoint Presentation:

Now that Samba is configured, the directory needs to be created and the permissions changed. From a terminal enter: $ sudo mkdir -p / srv /samba/share $ sudo chown nobody.nogroup / srv /samba/share/   The -p switch tells mkdir to create the entire directory tree if it doesn't exist. Change the share name to fit your environment. Finally, restart the samba services to enable the new configuration: $ sudo /etc/ init.d /samba restart

PowerPoint Presentation:

Securing a Samba File and Print Server Samba Security Modes There are two security levels available to the Common Internet Filesystem (CIFS) network protocol user-level and share-level . Samba's security mode implementation allows more flexibility, providing four ways of implementing user-level security and one way to implement share-level: security = user: requires clients to supply a username and password to connect to shares. security = domain: this mode allows the Samba server to appear to Windows clients as a Primary Domain Controller (PDC), Backup Domain Controller (BDC), or a Domain Member Server (DMS).

PowerPoint Presentation:

security = ADS: allows the Samba server to join an Active Directory domain as a native member. security = server: this mode is left over from before Samba could become a member server, and due to some security issues should not be used. security = share: allows clients to connect to shares without supplying a username and password.

authorStream Live Help