Systems and Networks

Administration

Systems & Network

Administration Principals

Course Material inspired from several Universities

1
Outlines
 Systems Administrator
 Challenges & practices of System Administrator
 The 3 pillars of system design
 Scalability
 Security
 Simplicity
 Tasks of Systems Administrator
 User management
 Security
 Network management
 Host management
 Software installation

2
System administrator
Successful Administrators
 No stereotypes. “White/black Cats Theory”
 Normally if one can keep the users happy he/she is successful
(which is very difficult).
 Life-long learning skills. One’s proud knowledge and expertise today
may be obsolete tomorrow (Be prepared to be jobless if you do not keep
learning).
Some myths for new SAs
 There exists a right answer for every problem.
 Things should always work in the way we expect.
 Every problem should have a happy end.

3
System administrator
Challenges of SAs
 Not just installing system/software, also about planning and designing an
efficient community of computers.
 Design a logical and efficient network.
 Easy upgrade for a large number of computers.
 Decide what and where services are installed.
 Plan and implement security.
 Provide a comfortable/convenient environment for users.
 Develop ways of fixing problems and errors.
 Efficient administrative skills.
 Keep track of new technology and software.

4
Practice of SAs
Common practice may not be good practice
 There are three reasons for common practice:
 Someone did it and others followed blindly;
 Believe it is good after careful thought;
 An arbitrary choice had to be made;
 Think for yourself.
 Pay attention to experts but don’t automatically believe
anyone.
 Every choice needs a reason, which is why you need to learn
this paper.

5
Practice of SAs
Good practices
 Look for answers in manuals, newsgroups, and archive of mailing lists.
Usually “google” helps for most common problems.
 Use controlled trial and error for diagnosis.
 Listen to people who tell us there is a problem. It might be true.
 Write down problems and solutions in a log book, and write down
experiences (highly recommended).
 Take responsibilities for our actions.
 Remember to tidy things up regularly.
 After learning something new, ask yourself “How does this apply to my
work?”

6
Pillars of system design
 For a systems be suitable both:
 for the immediate requirements today
 for a few years down the road, when the current needs have changed
 It must embodies 3 core principals:
 Scalability
 Security
 Simplicity
 Neither of scalability and security can be added to a system after
it has been built
 trying to apply “security” after the system interfaces have been defined
yields restrictions, limitations;
 trying to make a system with inherent limitations perform under
circumstances it was not designed for yields hacks and workarounds

7
Pillars of system design (contd.)
 Simplicity underlies both scalability and security
 since reduced complexity implies
 better defined interfaces,
 minimized ambiguity in communications or data handling
 increased flexibility
 Simplicity cannot be added after the fact;
 it must be inherent in the architecture.
 Simplicity is the enabler of both scalability and security.

8
Security
 System-level security refers to the architecture, policy and
processes that ensure data and system security on individual
computer systems.

 It facilitates the security of standalone and/or network

computer systems/servers from events and processes that can
exploit or violate its security or stature.

 Secure system when preserving:

 Integrity
 Confidentiality,
 Availability

9
Security(contd.)

10
Simplicity
 “Complexity is the enemy.”
 reducing complexity is particularly difficult
 managing large computer networks has inherent complexity:
 multiple components must interface with each other in many ways

 How do we design a simple infrastructure?

 we can’t.
 the end result will always be complex

 But building blocks need to resemble Lego blocks more than

swiss army knifes, the systems we create will be
 more fault tolerant,
 more performant,
 more flexible
11
Super user
Super user (root)
 What is root (superuser)? A user that has privileges to access/modify all
resources of a computer system.
 Be aware of the double-edged sword
 Convenient to do anything
 Powerful enough to damage the system
Login as superuser (root)
 System admins should never login as root
 Many commands can be executed by ordinary users
 When you need root privilege
 Use sudo or sudo -s or su

12
Security Awareness
When a computer is connected to a network, it is under
potential attack!
Physical network/machine protection

Attacksare from the network and through servers run by the

computer
 Remove the services if you don’t need them
Internet attacks
 Worms
 Viruses
 Malware
 Denial of Service (DoS), Distributed DoS (DDoS)

13
Security Awareness
Computer/Internet hazards
 SPAM/UCE (Unsolicited Commercial Email)
 Phishing
 Disk crashes/data loss
 Loss of services due to outage
 TCP/IP spoofing and sniffing (privacy)
 Administrators of the untrained kind
 …

14
Roles in a Network
To be a good system admin, you should be aware of the roles
in a network community and their strengths and weaknesses.
Important roles include users, hosts, network components
routers and operating systems.
 Users - should be trained to be aware of the community. Human beings
are usually the weakest link.
 Host machines - should be allocated different tasks on different server
machines
 Routers/gateways – affect network security and performance
 OS - have different pros and cons
 UNIX/Linux, Windows, MAC OS, Netware

15
Network Administration
Administration models
 Reboot for personal computers
 Manual
 Automation (scripting)
 Immunology (self-maintenance)
Network organization
 Homogeneity/uniformity
 Delegation and resource sharing
Principles of stable infrastructure
 Scalability
 Reliability
 Redundancy
 Homogeneity/uniformity
 Reproducibility

16
Network Kits
Configuration tools
 ifconfig
 route
How to find out info about your network?
 uname -a
 Find name server in /etc/resolv.conf
 Various configuration files such as /etc/services, /etc/inetd.conf
Find out info about other domains
 dig or host
If there is a problem from another domain
 Send email to postmaster@domain or webmaster@domain,
www@domain
 Use whois domain to get info about a domain

17
Network Kits
Diagnostic/query tools
 wireshark
 ping
 traceroute/tracepath
 netstat
 lsof
Discover what you can do about a network
 nmap: scan a network for security holes.
Proprietary network monitoring software
 E.g. from Cisco

18
User Management
User account
 Includes all the files, resources, and info belonging to one user. For
commercial systems, it may include billing info.
Create a new account
 adduser
 Account info: username, password, user id, group id, full name of user,
home directory, login shell
 In the /etc/passwd file,
 Amber:x:1000:100:Amber Dawn:/home/amber:/bin/bash
 Check after adding

19
User Management
Involved files
 /etc/passwd, /etc/group, /etc/shadow
 In /etc/shadow,
 Chloe:$2a$05$wa7xVOqOH4lVOrh.qa9ivSX0G0QUCFqbk11YV6:14743:0:99999:7:::
 Username:encrypted password:last password
change:minimum:expiration:warning:disabled:diabled
date:reserved
User login environment
 .bash_profile, .bashrc, /etc/profile
 Place global files such as profile under /etc
 Other scripts can be referred in it
 Use env/set to check/set your environment
 Paths and prompts
 Keep a copy of your shell scripts (initial setups) in order to survive them
from upgrade of OS/software
For more detailed info, man bash
20
User Management
Password
 Very important for security
 Should not be names of persons, books, places, your computer, nor your phone
number, birthday, car registration plate, login name, words in dictionaries,
keyboard sequence
 Should be composed of letters (lower and upper cases), digits, and special
characters like $,@
 Refer to http://en.wikipedia.org/wiki/Password_strength
 passwd imposes similar rules to make passwords secure.
 Change frequently
User id and group id
 Users should be divided into groups for security reasons, e.g. students, staff,
admin
 Special users/groups: nobody, mail, ftp
addgroup
 In /etc/group,
 video:x:33:hzy,paul,kai
 Group name:password:group id;list of members
21
User Management
Remove a user: deluser
 The relevant lines from /etc/passwd, /etc/group, and / etc/shadow will
be removed.
 It is a good idea to first disable the account before you start removing
stuff
Disable a user temporarily
 A better way when you are not sure if a user will come back
 Way 1: Put an * in the password field of /etc/passwd
or /etc/shadow
 Way 2: use passwd -{l|u} username
 Way 3: Change the login shell to a script file

22
User Management
How to manage user accounts on different computers?
 Share home directory using NFS
 Share passwords using NIS (Network Information System) or LDAP
(lightweight directory access protocol)
 Allocate an Email server
 Directory services like LDAP

23
User Management
Control user resources
 Disk space
 Separate disk partition for problem users
 Use df command to monitor space
 Quotas and limits
 Better not to put them on users until necessary
 Check limits.conf under /etc/security
 Killing old processes: kill
 Don’t do it unless you are absolutely sure
Account policy
 Who shouldn’t have a user code?
 How to deal with weak passwords?

24
Keeping Time
Timezone
Showing and setting time
 date
 date -u: showing the universal time
 Get a time stamp: date +%y%m%d%H%M%S
Hardware and software clocks
 Use date to update software clock
 Then use hwclock -w to set hardware clock

25
Keeping time
Time server
 Use some time server with accurate time
 netdate udp hostname will set the time of the current machine to that of
hostname (It seems netdate is not available now)
 Can automatically adjust time by putting the command in cron table.
 Can also use NTP for more accuracy
Network Time Protocol (NTP)
 Used to synchronize the time of a computer to another time server or
reference time source.
 ntpdate
 Accuracy: 1 ms to dozens of milliseconds
 How does it work? For more details, please refer to
http://www.ntp.org/

26
Host Management
Shutting down a host
 Turn off the power?
 Should use command shutdown
 shutdown -h time halt the system. time can be now.
 shutdown -r time reboot the system
Log files and audits
 syslogd: a daemon for logging messages. Its configuration file is /
etc/syslog.conf
 dmesg: check kernel messages
 lastlog: check the last login time of every user
 syslog under /var/log: the log file of the system

27
Software Installation
How to separate different third party software?
 One software per directory?
GNU software structure
 lib, bin, sbin, etc, src
GNU software installation
 ./configure
 make
 make -n install: before real installation.
 make install
Package management
 apt-get, rpm

28
Systems and Networks
Administration

Questions

29