"Iles on the central servers should be logged and restricted. Centrali-ed log collection allows simpli"ied storage re"uirements. "Iles should be rotated properly and are archived "re"uently enough to avoid "illing up a disk.
"Iles on the central servers should be logged and restricted. Centrali-ed log collection allows simpli"ied storage re"uirements. "Iles should be rotated properly and are archived "re"uently enough to avoid "illing up a disk.
"Iles on the central servers should be logged and restricted. Centrali-ed log collection allows simpli"ied storage re"uirements. "Iles should be rotated properly and are archived "re"uently enough to avoid "illing up a disk.
2-5 -networking, 6 reboot Syslog emerg panic alert urgent notice might merit investigation Change the root password : At least every three months, Every time someone who knows the password leaves the site , Whenever you think security may have been compromised. Sudo has advantages such as: Command logging, he real root password can be kept secret. !estricted processe: Creating device "iles, changing the system clock, setting the system#s hostname, shutting down, con"iguring network inter"aces. logrotate utility implements a variety o" log management policies. $ts con"iguration "ile has speci"ications "or groups o" log "iles to be managed. %or logging, capture: &ser $', Event status(s)"*, Source address "or network events, 'ate)ime "rom +,, Sensitive data that was changed, Event details. Access to log "iles on the central servers should be logged and restricted. Centrali-ed log collection allows simpli"ied storage re.uirements, simpler automated analysis and alerting, and improved security. wenty servers is a reasonable number "or considering centrali-ation. /elow that si-e, ensure that logs are rotated properly and are archived "re.uently enough to avoid "illing up a disk. Cron e0amples: 1 1 2 2 1 will e0ecute at 34 am every month on Sundays. 2 2 53 2 2 will e0ecute on the 53 st o" every month. 45 45 2 2 2 will e0ecute at 33:45 every day. !easons "or 6'A,: $t can act as an in"ormation source about its users. Changes take e""ect immediately. $t makes it easy "or applications to authenticate users easily. 6'A, data can easily be accessed through ldapsearch. $t is widely supported. Electromagnetic inter"erence and other electrical is7sues caused reliability concerns "or ,AA, and SAA resulted. SAA is limited to a .ueue depth o" 54 pending operations. SCS$ can handle thousands.SAS can handle many storage devices (hundreds or thousands* on a single host inter"ace. hdparm is a way to interact with the "irmware o" SAA, $'E, and SAS hard disks. hdparm can set drive power options, enable or disable noise reduction options, set the read7only "lag, and print detailed drive in"ormation. !A$' level 8 stripes both data and parity in"ormation, adding redundancy while simultaneously improving read per"ormance. A !A$' 9 array can withstand the complete "ailure o" two drives without losing data. !A$' 8 is vulnerable to corruption and accidental deletion o" "iles. E0t5 adds :ournaling capability. E0t; raises a "ew si-e limits, increases the per"ormance o" certain operations, and allows the use o" <e0tents= (disk block ranges*. une4"s upgrades the "ilesystem. +%S is the traditional &+$> protocol used "or "ile sharing. A kernel is the "irst part o" an operating system that loads. he kernel provides an inter"ace "or interaction between system hardware and application so"tware. $t is also responsible "or disk management, task management and process management. A monolithic kernel allows the ?S to run in kernel space which is a section o" memory reserved "or privileged ?S "unctions. $n a monolithic kernel, services such as device drivers, interprocess communication, virtual memory, and scheduling run in the same address space. @owever, in a microkernel architechture, services run in user mode as regular processes. 6inu0 is monolithic. A device driver is a program that manages the systemAs interaction with a type o" hardware. ,,, is a protocol used to provide dial7 up $nternet service over phone lines and serial links. 6ink7state protocols distribute in"ormation in an unprocessed "orm. ?S,% is the most popular. Carrier Sense Bultiple Access)Collision 'etection. &nshielded twisted pair (&,* is the pre"erred cable medium "or Ethernet. $t is based on a star topology. '+S de"ines A hierarchical namespace "or hosts and $, addresses A distributed database o" hostname and address in"ormation A resolver to .uery the database $mproved routing and sender authentication "or email A mechanism "or "inding services on a network o add a new hostname: Choose an unused hostname and $, address. $denti"y a similar machine on the same subnet. 6og in to the master name server machine. Co to the -one "ile directory and edit the "orward -one "ile.'uplicate those records and change them appropriately "or the new host. A name server: Answers .ueries about your siteAs hostnames and $, addresses. Asks about both local and remote hosts on behal" o" your users. Caches the answers to .ueries so that it can answer "aster ne0t time. rans"ers data between your name servers to keep them synchroni-ed. +ame servers deal with -ones,.A -one is a domain minus its subdomains. A recursive server returns only real answers and error messages. A <"ully .uali"ied domain name= is the "ull path to a '+S ob:ect, including a "inal dot. A <domain= is a subtree o" the '+S naming tree. +S (name server* records identi"y the servers that are authoritative "or a -one (that is, all the master and slave servers* and delegate subdomains to other organi-ations. ,! (pointer* records map "rom $, addresses back to hostnames (reverse* S,% (Sender ,olicy %ramework* records are an attempt to identi"y email messages with "orged %rom headers, which are o"ten spam or phishing.. he /$+' distribution has "our ma:or components: A name server daemon called named that answers .ueries A resolver library that .ueries '+S servers on behal" o" users Command7line inter"aces to '+S: nslookup, dig, and host A program to remotely control named called rndc he complete con"iguration "or named consists o" the con"ig "ile, the -one data "iles that contain address mappings "or each host, and the root name server hints "ile. +$S was the "irst <prime time= administrative data7 base. he headers are a collection o" property)value pairs as speci"ied in !%C8544. hey record the :ourney o" the message. Simple Bail ransport ,rotocol is used "or most message hando""s. $t starts with E@6? instead o" @E6?. 'epending on the response, they will negotiate an e0change among supported e0tensions. A <mail user agent= (B&A or &A* lets users read and compose mail, A Bail Submission Agent accepts outgoing mail and submits it to the A. he ransport Agent routes messages among machines. he delivery agent puts the messages in a store. he Access Agent connects the user agent to a message store. Sendmail, E0im, ,ost"i0. +etstat can be used to: inspect inter"ace con"iguration in"ormation, monitor the status o" network connections, identi"y listening network services, e0amine the routing table, view operation statistics "or network protocols. ,acket sni""ers listen to network tra""ic and record or print packets that meet criteria o" your choice. A 'BD allows computers behind the "irewall to initiate re.uests outbound to the 'BD. $t e0poses e0ternal7"acing services to an untrusted network, "or e0ample, the internet. he Ba0imum ransmission &nit is the largest physical packet si-e (measured in bytes* that a network can transmit. $" the B& is set too high, there will be packet loss and "ragmentation issues. As a result, high latencies will be a side e""ect. @owever, a low B& may cause slow download speeds. here are many bene"its that can be derived "rom the "eatures o" a Con"iguration Banagement System. ?ne such "eature is the "act that such a system makes it possible to coordinate, track and manage change activities. his is a ma:or "eature since the entire collection o" systems can be reviewed, which makes it possible to know whether changes to one system can have adverse e""ects on other systems. Another important "eature is the provision "or !evision Control. his deals with controlling access to each item)"ile, and maintaining a history o" changes. his also makes it possible to recreate "iles to the way they were at any point in time. Static routing involves the manual set up o" optimal paths between source and destination computers. @owever, dynamic routing involves the use o" dynamic protocols which update the routing table and attempt to "ind the best path between source and destination computers. A disadvantage thar arises "rom the static routing method is that there is no mechanism to correct "aults that it may come across in its routing paths. ?n the other hand, dynamic routers will eliminate the "aulty router and "ind an alternative path that is more optimal. Static routing is only suitable "or very small networks, since it uses very simple routing. $n contrast, dynamic routing uses comple0 algorithms such as ?S,%, $C!, and !$,. $n de"ense o" static routing, static routers do not re.uire a lot o" memory. his can be use"ul since there would minimal memory overheads. he superblock contains in"ormation about "ile systems, such as their type, si-e, mount status, and in"ormation about other metadata structures. %or e0t "ile systems, it is located 314; bytes "rom the start o" the "ile system and it has 314;5 bytes allocated to it. A symbolic link acts somewhat like a Windows shortcut. $t is a pointer o" sorts, whereas a hard link re"ers to the speci"ic location o" physical data. Symbolic links are not updated, and i" the "ile is moved, the link would be deemed useless. @owever, with hard links, the original can be moved or deleted without breaking other hard links to the same inode. An advantage o" a symbolic link over a hard link is the "act that it can point to a directory, or a "ile in a di""erent "ilesystem.