Welcome to Scribd, the world's digital library. Read, publish, and share books and documents. See more ➡
Download
Standard view
Full view
of .
Add note
Save to My Library
Sync to mobile
Look up keyword or section
Like this
1Activity
×

Table Of Contents

Why Host Your Own Site?
INTHIS CHAPTER
OUR NETWORK
ALTERNATIVES TO IN-HOUSEWEB HOSTING
Virtual Hosting
Dedicated Hosting
FACTORS TO CONSIDER BEFORE HOSTINGYOURSELF
Is In-House Hosting Preferred?
HOW TO MIGRATE FROM AN EXTERNAL PROVIDER
IN-HOUSE SERVER CONSIDERATIONS
CONCLUSION
Introduction to Networking
TCP Is a Connection-Oriented Protocol
How TCP Establishes a Connection
UDP,TCP’s “Connectionless”Cousin
TCP and UDP Ports
The TCP/IP Time to Live Feature
The ICMP Protocol and Its Relationship to TCP/IP
Private IP Addresses
The localhostIP Address
Network Address Translation (NAT) Makes Private IPs Public
Port Forwarding with NAT Facilitates Home-Based Web Sites
DHCP
How DNS Links Your IP Address to Your Web Domain
IP Version 6 (IPv6)
Calculating the Number of Addresses Assigned to a Subnet
Calculating the Range of Addresses on Your Network
Subnet Masks for the Typical Business DSL Line
NETWORKINGEQUIPMENTTERMINOLOGY
Network Interface Cards
The Two Broad Types of Networking Equipment
Connectivity Using Hubs
Using Switches as a Faster Alternative to Hubs
Local Area Networks
How Routers Interconnect LANs
How Simple Routing Works
Default Gateways,the Routers of Last Resort
Firewalls Help Provide a Secure Routing Environment
ADDITIONALINTRODUCTORYTOPICS
The File Transfer Protocol
Linux Help
Linux Networking
Determining Your IP Address
Changing Your IP Address
Multiple IP Addresses on a Single NIC
IP Address Assignment for a Direct DSL Connection
IP Address Assignment for a Cable Modem Connection
Adding Routes from the Command Line
Adding Routes with /etc/sysconfig/network-scripts/Files
Using mii-tool
Using ethtool
Configuring IP Forwarding
Configuring Proxy ARP
CONFIGURINGYOUR/ETC/HOSTSFILE
The loopbackInterface’s localhostEntry
Simple Network Troubleshooting
Sourcesof Network Slowness
Sources of a Lack of Connectivity
Viewing Your Activated Interfaces
Viewing All Interfaces
Testing Link Status from the Command Line
Viewing NIC Errors
LINUXTELNETTROUBLESHOOTING
Successful Connection
Connection Refused Messages
telnetTimeout or Hanging
Screen Goes Blank—Successful Connection
Connect Failed Messages
Using curl
Using wget
THENETSTATCOMMAND
THELINUX IPTABLESFIREWALL
Determining Whether iptablesIs Running
How to Stop iptables
How to Configure iptablesRules
USING TRACEROUTETOTESTCONNECTIVITY
Sample tracerouteOutput
Possible tracerouteMessages
tracerouteTime Exceeded False Alarms
tracerouteInternet Slowness False Alarm
tracerouteDies at the Router Just Before the Server
Always Get a Bidirectional traceroute
pingand tracerouteTroubleshooting Example
tracerouteWeb Sites
Possible Reasons for a Failed traceroute
USING MTR TO DETECT NETWORK CONGESTION
VIEWING PACKET FLOWS WITH TCPDUMP
Analyzing tcpdumpfiles
Common Problems with tcpdump
BASICDNS TROUBLESHOOTING
Using nslookupto Test DNS
Using the hostCommand to Test DNS
The lastCommand
The whoCommand
Troubleshooting Linux with syslog
SYSLOG
The /etc/syslog.confFile
Activating Changes to the syslogConfiguration File
How to View New Log Entries as They Happen
Logging syslogMessages to a Remote Linux Server
syslogConfiguration and Cisco Network Devices
syslogand Firewalls
LOGROTATE
The /etc/logrotate.confFile
Sample Contents of /etc/logrotate.conf
The /etc/logrotate.dDirectory
Activating logrotate
Compressing Your Log Files
Installing RPM Software
RPMs on Your Installation CDs
RPMs Downloaded from Fedora
RPMs Downloaded from rpmfind.net
Using the Fedora Web site
Using the rpmfindWeb site
Configuring yum
Creating Your Own yumServer
Before You Start
Keeping Your System Current with yum
Example of a yumPackage Installation
Using Downloaded Files
Using CD-ROMs
RPM INSTALLATIONERRORS
Failed Dependencies
Signature Keys
Listing Files for Already Installed RPMs
Listing Files in RPM Files
Listing the RPM to Which a File Belongs
UNINSTALLINGRPMS
The Linux Boot Process
☞The Fedora Boot Sequence
THE FEDORA BOOT SEQUENCE
DETERMINING THE DEFAULT BOOTRUNLEVEL
GETTING A GUI CONSOLE
GET A BASICTEXTTERMINALWITHOUT EXITING THE GUI
Using a GUI Terminal Window
Using Virtual Consoles
SYSTEM SHUTDOWN AND REBOOTING
Halt/Shut Down the System
Reboot the System
Entering Single-user Mode
HOW TO SET PROGRAMS TO RUN AT EACHRUNLEVEL
Using chkconfig to Improve Security
Final Tips on chkconfig
Configuring the DHCP Server
☞Download and Install the DHCP Pacakge
DOWNLOAD AND INSTALL THE DHCP PACKAGE
THE /ETC/DHCPD.CONF FILE
HOW TO GET DHCP STARTED
DHCP SERVERS WITH MULTIPLE NICS
Temporary Solution
Permanent Solution
CONFIGURING LINUX CLIENTS TO USE DHCP
CONFIGURINGWINDOWS CLIENTS TO USE DHCP
SIMPLE DHCP TROUBLESHOOTING
DHCP Clients Obtaining 169.254.0.0 Addresses
Linux Users and sudo
Who Is the Super User?
How to Add Users
How to Change Passwords
How to Delete Users
How to Tell the Groups to Which a User Belongs
How to Change the Ownership of a File
Example of a User Using sudo
Downloading and Installing the sudoPackage
Simple /etc/sudoersExamples
Windows, Linux, and Samba
Basic SWAT Setup
Controlling SWAT
Encrypting SWAT
How to Make SWAT Changes Immediate
The [global] Section
The [homes] Section
The [netlogon] and [profiles] Share Sections
The [printers] Share Section
Shares for Specific Groups of Users
SAMBAPASSWORDS
Home Environment
Corporate Environment
Create Samba Trust Accounts for Each Workstation
Make Your PC Clients Aware of Your Samba PDC
Create a CD-ROM Drive Mount Point on Your Samba Server
Samba Security and Troubleshooting
☞Testing the smb.confFile
TESTING THE SMB.CONF FILE
SAMBA AND FIREWALL SOFTWARE
Linux iptables
Windows-based Zone Alarm
The Windows XP Built-In Firewall
TESTING BASIC CLIENT/SERVER NETWORK CONNECTIVITY
TESTING SAMBA CLIENT/SERVER NETWORK CONNECTIVITY
CHECKING THE SAMBA LOGS
SAMBA NETWORKTROUBLESHOOTING
BASIC SAMBA SECURITY
Linux Wireless Networking
WIRELESSLINUX-COMPATIBLENICS
Wireless Access Points
Extended Service Set ID
Encryption Keys
Using iwconfigfor Wireless Tools Configuration
Permanent Wireless Tools Configuration
Wireless Tools Encryption
NETWORKINGWITHLINUX-WLAN
Linux-WLAN Preparation
Identifying the Correct RPMs
Installing the RPMs
WHAT IS IPTABLES?
PACKETPROCESSINGIN IPTABLES
Targets and Jumps 215
IMPORTANT IPTABLESCOMMANDSWITCHOPERATIONS
USINGUSER-DEFINEDCHAINS
SAVINGYOUR IPTABLESSCRIPTS
FEDORA’S IPTABLESRULEGENERATOR
SAMPLE IPTABLESSCRIPTS
Basic Operating System Defense
Basic iptablesInitialization
Advanced iptablesInitialization
Allowing DNS Access to Your Firewall
Allowing WWW and SSH Access to Your Firewall
Allowing Your Firewall to Access the Internet
Allow Your Home Network to Access the Firewall
Masquerading (Many to One NAT)
Port Forwarding Type NAT (DHCP DSL)
Static NAT
TROUBLESHOOTING IPTABLES
Checking the Firewall Logs
iptablesWon’t Start
Linux FTP Server Setup
FTP OVERVIEW
Types of FTP
Client Protected by a Firewall Problem
Server Protected by a Firewall Problem
THE VSFTPD.CONFFILE
Other vsftpd.confOptions
FTP SECURITYISSUES
The /etc/vsftpd.ftpusersFile
Anonymous Upload
FTP Greeting Banner
Using SCP as Secure Alternative to FTP
TROUBLESHOOTINGFTP
TUTORIAL
FTP Users with Read-Only Access to a Shared Directory
Sample Login Session to Test Functionality
TELNET,TFTP,and xinetd
☞Managing xinetdPrograms
MANAGINGXINETDPROGRAMS
Controlling xinetd
Controlling xinetd-Managed Applications
TELNET
Using The TELNET Client
Installing the TELNET Server Software
Setting Up a TELNET Server
Stopping a TELNET Server
Basic TELNET Security
TFTP
Installing the TFTP Server Software
Configuring the TFTP Server
Saving Cisco Configurations to the TFTP Server
Uploading Cisco Configurations from the TFTP Server
Using TFTP to Restore Your Router Configuration
Secure Remote Logins and File Copying
☞A Quick Introduction to SSH Encryption
STARTINGOPENSSH
THE /ETC/SSH/SSHD_CONFIGFILE
SSH Versions 1 and 2
Change the TCP Port on Which SSH Listens
THE/ETC/RESOLV.CONFFILE
Configuring resolv.conf
Configuring named.conf
Configuring the Zone Files
Sample Forward Zone File
Sample Reverse Zone File
What You Need to Know About NAT and DNS
Loading Your New Configuration Files
Make Sure Your /etc/hostsFile is Correctly Updated
Configure Your Firewall
Fix Your Domain Registration
TROUBLESHOOTINGBIND
General Troubleshooting Steps
Zone Transfer Protection
Naming Convention Security
Dynamic DNS
DYNAMICDNS PREPARATION
Testing ISP Connectivity for Your Web Site
Registering DDNS
Install a DDNS Client on Your Server
DYNAMICDNS ANDNAT ROUTER/FIREWALLS
DDNS CLIENTSOFTWARE:SOHO ROUTER/FIREWALLS
DDNS CLIENTSOFTWARE:LINUXDDCLIENT
The /etc/ddclient.confFile
How to Get DDclient Started
Finding DDclient Help
The Apache Web Server
☞Downloading and Installing the Apache Package
STARTINGAPACHE
CONFIGURINGDNS FORAPACHE
DHCP ANDAPACHE
GENERALCONFIGURATIONSTEPS
Where to Put Your Web Pages
Named Virtual Hosting
IP-Based Virtual Hosting
Virtual Hosting and SSL
CONFIGURATION:MULTIPLESITESANDIP ADDRESSES
Testing Your Web Site Before DNS Is Fixed
Disabling Directory Listings
Handling Missing Pages
Compression Configuration Example
Step 1:Configure Virtual Hosting on Multiple IPs
Step 2:Configure DNS Views
THE/ETC/HTTPD/CONF.DDIRECTORY
TROUBLESHOOTINGAPACHE
Testing Basic HTTP Connectivity
Browser 403 Forbidden Messages
Only the Default Apache Page Appears
Incompatible /etc/httpd/conf/http.confFiles When Upgrading
Server Name Errors
The Apache Status Log Files
The Apache Error Log Files
Configuring Linux Mail Servers
CONFIGURINGSENDMAIL
How sendmailWorks
Installing sendmail
Starting sendmail
How to Restart sendmailAfter Editing Your Configuration Files
The /etc/mail/sendmail.mcFile
Configuring DNS for sendmail
How to Configure Linux sendmailClients
Converting From a Mail Client to a Mail Server
The /etc/mail/relay-domainsFile
The /etc/mail/accessFile
The /etc/mail/local-host-namesFile
Which User Should Really Receive the Mail?
sendmailMasquerading Explained
Using sendmailto Change the Sender’s E-mail Address
Troubleshooting sendmail
FIGHTINGSPAM
Using Public Spam Blacklists with sendmail
A Simple PERL Script to Help Stop Spam
Installing Your POP Mail Server
Starting Your POP Mail Server
How to Configure Your Windows Mail Programs
Configuring Secure POP Mail
How to Handle Overlapping E-mail Addresses
Troubleshooting POP Mail
Monitoring Server Performance
SNMP
OIDs and MIBs
SNMP Community Strings
SNMP Versions
Doing SNMP Queries
Basic SNMP Security
Simple SNMP Troubleshooting
MRTG
MRTG Download and Installation
Configuring MRTG
Getting MRTG to Poll Multiple Devices
Configuring Apache to Work with MRTG
How to View the MRTG Graphs in Your Web Browser
Using MRTG to Monitor Other Subsystems
Troubleshooting MRTG
WEBALIZER
How to View Your Webalizer Statistics
The Webalizer Configuration File
THETOPCOMMAND
THEVMSTATCOMMAND
Advanced MRTG for Linux
☞Locating and Viewing the Contents of Linux MIBs
Parameter Formats
Legend Parameters
Options Parameters
Title Parameters
Scaling Parameters
Defining The MIB Target Parameters
Defining Global Variables
A Complete Sample Configuration
Testing the Configuration
Creating a New MRTG Index Page to Include this File
Configuring CRON to Use the New MRTG File
MONITORINGNON-LINUXMIB VALUES
Scenario
Find the OIDs
Testing The OIDs
TROUBLESHOOTING
The NTP Server
THE /ETC/NTP.CONFFILE
Verifying NTP is Running
Doing an Initial Synchronization
Determining If NTP Is Synchronized Properly
Your Linux NTP Clients Cannot Synchronize Properly
Fedora Core 2 File Permissions
Cisco IOS
CAT OS
Network-Based Linux Installation
Basic Preparation
Set Up Your Web Server
Set Up Your FTP Server
Create a Special FTP User
Set Up Your NFS Server
Configure Your DHCP Server
How to Create New Kickstart Configuration Files
How to Run a Kickstart Installation
Booting With Your Kickstart Files
Linux Software RAID
RAID TYPES
Linear Mode RAID
RAID 0
RAID 1
RAID 4
RAID 5
IDE Drives
Serial ATA Drives
SCSI Drives
Should I Use Software RAID Partitions or Entire Disks?
Back up Your System First
Configure RAID in Single-User Mode
CONFIGURINGSOFTWARERAID
RAID Partitioning
Edit the RAID Configuration File
Create the RAID Set
Confirm RAID Is Correctly Initialized
Format the New RAID Set
Load the RAID Driver for the New RAID Set
Create a Mount Point for the RAID Set
Edit the /etc/fstabFile
Start the New RAID Set’s Driver
Mount the New RAID Set
Check the Status of the New RAID
Expanding Disk Capacity
☞Adding Disks to Linux
Determining the Disk Types
Preparing Partitions on New Disks
Verifying Your New Partition
Putting a Directory Structure on Your New Partition
Migrating Data to Your New Partition
LVM Terms
Configuring LVM Devices
Managing Disk Usage with Quotas
Enter Single-User Mode
Edit Your /etc/fstabFile
Remount the Filesystem
Get Out of Single-User Mode
Create the Partition Quota Configuration Files
Initialize the Quota Table
Edit the User’s Quota Information
Testing
Editing Grace Periods
Editing Group Quotas
Getting Quota Reports
Remote Disk Access With NFS
☞NFS Operation Overview
NFS OPERATIONOVERVIEW
General NFS Rules
Key NFS Concepts
Important NFS Daemons
INSTALLINGNFS
SCENARIO
The /etc/exportsFile
Starting NFS on the Server
Starting NFS on the Client
NFS and DNS
Making NFS Mounting Permanent
New Exports File
Adding a Shared Directory To An Existing Exports File
Deleting,Moving,or Modifying a Share
THENFS AUTOMOUNTER
automounterMap Files
The Structure of Direct and Indirect Map Files
Wildcards in Map Files
Starting automounter
automounterExamples
TROUBLESHOOTINGNFS
The showmountCommand
The dfCommand
The nfsstatCommand
OTHERNFS CONSIDERATIONS
Security
NFS Hanging
File Locking
Nesting Exports
Limiting rootAccess
Restricting Access to the NFS Server
File Permissions
Centralized Logins Using NIS
CONFIGURINGTHENFS SERVER
CONFIGURINGTHENFS CLIENT
CONFIGURINGTHENIS SERVER
Edit Your /etc/sysconfig/networkFile
Edit Your /etc/yp.confFile
Start the Key NIS Server-Related Daemons
Initialize Your NIS Domain
Start the ypbindand ypxfrdDaemons
Make Sure the Daemons Are Running
CONFIGURINGTHENIS CLIENT
Run authconfig
Start the NIS Client-Related Daemons
Verify Name Resolution
Test NIS Access to the NIS Server
Test Logins via the NIS Server
NIS SLAVESERVERS
Configuring NIS Slave Servers
Configuring NIS Clients with Slaves
CHANGINGYOURNIS PASSWORDS
When There Is Only an NIS Master
When There Is a NIS Master and Slave Pair
Possible Password Errors
NIS TROUBLESHOOTING
Centralized Logins Using LDAP and RADIUS
Required LDAP Server RPMs
Required LDAP Client RPMs
CONFIGURINGTHELDAP SERVER
Create a Database Directory
Create an LDAP Root Password
Edit the slapd.confFile
Start the ldapDaemon
Convert the /etc/passwdFile to LDIF Format
Modify the LDIF Files
Import the LDIF Files into the Database
Test the LDAP Database
CONFIGURINGTHELDAP CLIENT
Edit the ldap.confConfiguration File
Edit the /etc/nsswitchFile
Create Home Directories on the LDAP Client
CONFIGURINGENCRYPTEDLDAP COMMUNICATION
Configuring the stunnelLDAP Client
Configuring the stunnelLDAP Server
TROUBLESHOOTINGLDAP LOGINS
Test Using ldapsearch
Use SSH or the Linux Console
Use the tcpdumpCommand
Test Basic Connectivity
LDAP Works But Is Not Using LDAPS
stunnelDoesn’t Appear to Work
LDAP bindErrors
Possible stunnelErrors in Fedora Core 2
COMMONLDAP ADMINISTRATIVETASKS
Starting and Stopping LDAP
LDAP Users Changing Their Own Passwords
Modifying LDAP Users by User root
Adding New LDAP Users
Deleting LDAP Users
LDAP Web Management Tools
CONFIGURINGRADIUS FORLDAP
Download and Install the FreeRADIUS Packages
Starting and Stopping FreeRADIUS
Configuring the /etc/raddb/radiusd.confFile
Configuring the /etc/raddb/usersFile
Configuring the /etc/raddb/clients.confFile
Troubleshooting and Testing RADIUS
Controlling Web Access with Squid
STARTINGSQUID
THE /ETC/SQUID/SQUID.CONFFILE
The Visible Host Name
Access Control Lists
Restricting Web Access by Time
Restricting Web Access by IP Address
Password Authentication Using NCSA
Making Your Squid Server Transparent to Users
Manually Configuring Web Browsers to Use Your Squid Server
TROUBLESHOOTINGSQUID
Modifying the Linux Kernel to Improve Performance
The Pros and Cons of Kernel Upgrades
KERNELMODULES
Reasons for Kernel Modules
How Kernel Modules Load When Booting
Loading Kernel Modules on Demand
Make Sure Your Source Files Are in Order
The .configFile
Customizing the .configFile
Configure Dependencies
Edit the Makefile to Give the Kernel a Unique Name
Compile a New Kernel
Build the Kernel’s Modules
Install the Kernel Modules
Copy the New Kernel to the /bootPartition
UPDATINGGRUB
Kernel Crash Recovery
How to Create a Boot CD
Basic MySQL Configuration
PREPARINGMYSQL FORAPPLICATIONS
INSTALLINGMYSQL
STARTINGMYSQL
THE /ETC/MY.CNFFILE
Listing the Data Tables in Your MySQL Database
Viewing Your MySQL Database’s Table Structure
Viewing the Contents of a Table
CONFIGURINGYOURAPPLICATION
MYSQL DATABASEBACKUP
MYSQL DATABASERESTORATION
BASICMYSQL TROUBLESHOOTING
Connectivity Testing
Test Database Access
A Common Fedora Core 1 MySQL Startup Error
Configuring Linux VPNs
VPN GUIDELINES
How to Get Openswan Started 561
How to Fix Common Status Errors
The /etc/ipsec.confFile
VPN Configuration Steps Using RSA Keys 563
Obtaining RSA Keys
Edit the /etc/ipsec.confConfiguration File
Restart Openswan
Initialize the New Tunnel
Testing the New Tunnel
TROUBLESHOOTINGOPENSWAN
Determine the Tunnel Status
Testing VPN Connectivity
Check the Routes
Using tcpdump
Check syslogError Messages
Invalid Key Messages
The TCP Wrappers File Format
Determining the TCP Daemon’s Name
ADJUSTINGKERNELPARAMETERS
Preparing to Go Headless
Configuration Steps
Authentication and Encryption Methods
Internet Key Exchange (IKE)
IKE’s role in Creating Security Associations
VPN Security and Firewalls
VPN User Authentication Methods for Temporary Connections
TCP/IP PACKETFORMAT
TCP/IP Packet Format 587
ICMP CODES
SENDMAIL SPAM FILTER SCRIPT
The mail-filter.acceptFile
The mail-filter.rejectFile
The mail-filterScript
IPTABLESSCRIPTS
FTP Client Script
FTP Server Script
NTP Server Script
Home/Small Office Protection Script
The /etc/named.confFile
Zone File for my-web-site.org(External View)
Zone File for my-web-site.org(Internal View)
Reverse Zone File for a Home Network Using NAT
SENDMAILSAMPLES
Sample /etc/mail/accessFile
Sample /etc/mail/local-host-namesFile
Sample /etc/mail/sendmail.mcFile
Sample /etc/mail/virtusertableFile
FTP DIFFERENCES
DHCP DIFFERENCES
DNS DIFFERENCES
ROUTINGDIFFERENCES
IPTABLESDIFFERENCES
SOFTWAREINSTALLATIONDIFFERENCES
WIRELESSNETWORKINGDIFFERENCES
Linux-WLAN File Locations Using Red Hat 8.0 RPMs
MRTG DIFFERENCES
File Locations
indexmakerMRTG_LIB Errors with Red Hat 9 and 8.0
Precedence Bitwise Error with Red Hat 9
WEBALIZERDIFFERENCES
CISCO ROUTERS
CATALYST CAT SWITCHES RUNNING CATOS
CISCO LOCAL DIRECTOR
CISCO PIX FIREWALLS
CISCO CSS11000 (ARROWPOINTS)
THE SAMPLE CISCO SYSLOG.CONF FILE
The Sample Cisco syslog.confFile 625
0 of .
Results for:
No results containing your search query
P. 1
Harrison Book

Harrison Book

Ratings: (0)|Views: 7,684|Likes:
Published by papu0011

More info:

Published by: papu0011 on Aug 22, 2011
Copyright:Attribution Non-commercial

Availability:

Read on Scribd mobile: iPhone, iPad and Android.
download as PDF, TXT or read online from Scribd
See More
See less

08/22/2011

pdf

text

original

You're Reading a Free Preview
Pages 14 to 207 are not shown in this preview.
You're Reading a Free Preview
Pages 221 to 235 are not shown in this preview.
You're Reading a Free Preview
Pages 253 to 308 are not shown in this preview.
You're Reading a Free Preview
Pages 322 to 696 are not shown in this preview.

You're Reading a Free Preview

Download
/*********** DO NOT ALTER ANYTHING BELOW THIS LINE ! ************/ var s_code=s.t();if(s_code)document.write(s_code)//-->