1236849_2_Assign2Concepts
description
Transcript of 1236849_2_Assign2Concepts
![Page 1: 1236849_2_Assign2Concepts](https://reader030.fdocuments.us/reader030/viewer/2022033100/5695d2481a28ab9b0299d024/html5/thumbnails/1.jpg)
Exercises
![Page 2: 1236849_2_Assign2Concepts](https://reader030.fdocuments.us/reader030/viewer/2022033100/5695d2481a28ab9b0299d024/html5/thumbnails/2.jpg)
Create a user "assgn2‘
[root@localhost root]# redhat-config-users[root@localhost root]# cd /home/assgn2[root@localhost assgn2]#
![Page 3: 1236849_2_Assign2Concepts](https://reader030.fdocuments.us/reader030/viewer/2022033100/5695d2481a28ab9b0299d024/html5/thumbnails/3.jpg)
• Create a file called "test.txt", with contents "This is a test file", with read and write permissions for owner, group and other, but no execute permissions.
[root@localhost assgn2]#gedit test.txt<This is a test>l[root@localhost assgn2]# chmod 666 test.txt[root@localhost assgn2]# ls –l test.txt
![Page 4: 1236849_2_Assign2Concepts](https://reader030.fdocuments.us/reader030/viewer/2022033100/5695d2481a28ab9b0299d024/html5/thumbnails/4.jpg)
• Create a file called "script1" that runs a simple script of your choosing, with read and execute permissions for group and other, and full read, write and execute permissions for owner.
[root@localhost assgn2]# gedit script1<dir /home/assgn2, ls –l /home/assgn2 >[root@localhost assgn2]# chmod 755 script1[root@localhost assgn2]# ls –l script1
![Page 5: 1236849_2_Assign2Concepts](https://reader030.fdocuments.us/reader030/viewer/2022033100/5695d2481a28ab9b0299d024/html5/thumbnails/5.jpg)
• Create a hidden file called ".test_config", owned by root with contents "Test config file", that has root read, write and execute permissions only, no other permissions set.
[root@localhost assgn2]# cd \[root@localhost root]# gedit test_config< Test config file>[root@localhost root]# chmod 700 test_config[root@localhost root]# mv test_config .test_config[root@localhost root]# ls -a[root@localhost root]# ls -l[root@localhost root]# ls -a -l
![Page 6: 1236849_2_Assign2Concepts](https://reader030.fdocuments.us/reader030/viewer/2022033100/5695d2481a28ab9b0299d024/html5/thumbnails/6.jpg)
• Create a symbolic link with an absolute path to a system log file of your choosing
[root@localhost root]# dir /var/log[root@localhost root]# ! ln –s [target directory or file] ./[shortcut][root@localhost root]# ln –s /var/log ./lg[root@localhost root]# dir[root@localhost root]# dir lg
![Page 7: 1236849_2_Assign2Concepts](https://reader030.fdocuments.us/reader030/viewer/2022033100/5695d2481a28ab9b0299d024/html5/thumbnails/7.jpg)
Directory Permissions• ! Execute (x)permission is required for a user to CD (enter)
into a directory• ! Read (r) permission is required for a user to use a command
such ls to view the files contained in a directory• ! Execute (x) only permission allows a user to access the files
in a directory as long as the user knows the names of the files in the directory, and the user is allowed to read the files.
• ! Write (w) permission allows the user to create, delete, or modify any files or subdirectories, even if the file or subdirectory is owned by another user.
• ! Here we need u=+w, u=+r+x, go=+r go = +x
![Page 8: 1236849_2_Assign2Concepts](https://reader030.fdocuments.us/reader030/viewer/2022033100/5695d2481a28ab9b0299d024/html5/thumbnails/8.jpg)
• Create directory called "test_dir" with the owner:– having full permissions to create, rename or
delete files in the directory (u=+w) – list files and enter the directory (u=+r, +x)– Group and Other having permissions to only list
files (go=+r) and enter the directory (go=+x) and access files within it.
![Page 9: 1236849_2_Assign2Concepts](https://reader030.fdocuments.us/reader030/viewer/2022033100/5695d2481a28ab9b0299d024/html5/thumbnails/9.jpg)
[root@localhost root]# cd /home/assgn2[root@localhost assgn2]# mkdir test_dir[root@localhost assgn2]#chmod 755 test_dir[root@localhost assgn2]# ls -l
![Page 10: 1236849_2_Assign2Concepts](https://reader030.fdocuments.us/reader030/viewer/2022033100/5695d2481a28ab9b0299d024/html5/thumbnails/10.jpg)
DNS Server
![Page 11: 1236849_2_Assign2Concepts](https://reader030.fdocuments.us/reader030/viewer/2022033100/5695d2481a28ab9b0299d024/html5/thumbnails/11.jpg)
DNS Server Tasks• Configure a DNS server • with both forward and reverse lookup. • configure a domain name zone of
<your_surname>.itc514.edu, and a reverse name mapping zone of 192.168.15.0/24.
• configure A and PTR records for: host1 - 192.168.15.10, host2 - 192.168.15.11 and host3 - 192.168.15.12.
• configure a CNAME of www for host1, and a CNAME of dc1 for host2.
• Test the operation of your DNS server using an external client running DNS queries
![Page 12: 1236849_2_Assign2Concepts](https://reader030.fdocuments.us/reader030/viewer/2022033100/5695d2481a28ab9b0299d024/html5/thumbnails/12.jpg)
DNS Server
• A DNS server, or name server, is used to resolve an IP address to a hostname or vice versa.
• You can set up four different types of DNS servers:– A master DNS server for your domain(s), which stores
authoritative records for your domain.– A slave DNS server, which relies on a master DNS server for
data.– A caching-only DNS server, which stores recent requests like
a proxy server. It otherwise refers to other DNS servers.– A forwarding-only DNS server, which refers all requests to
other DNS servers.
![Page 13: 1236849_2_Assign2Concepts](https://reader030.fdocuments.us/reader030/viewer/2022033100/5695d2481a28ab9b0299d024/html5/thumbnails/13.jpg)
DNS Server
• The entire hostname with its domain such as server.example.com is called a fully qualified domain name (FQDN).
• The right-most part of the FQDN such as .com or .net is called the top level domain, with the remaining parts of the FQDN, which are separated by periods, being sub-domains.
• These sub-domains are used to divide FQDNs into zones, with the DNS information for each zone being maintained by at least one authoritative name server.
![Page 14: 1236849_2_Assign2Concepts](https://reader030.fdocuments.us/reader030/viewer/2022033100/5695d2481a28ab9b0299d024/html5/thumbnails/14.jpg)
DNS Server• The authoritative server that contains the master zone file,
which can be modified to update DNS information about the zone, is called the primary master server, or just master server.
• The additional name servers for the zone are called secondary servers or slave servers.
• Secondary servers retrieve information about the zone through a zone transfer from the master server or from another secondary server.
• DNS information about a zone is never modified directly on the secondary server
![Page 15: 1236849_2_Assign2Concepts](https://reader030.fdocuments.us/reader030/viewer/2022033100/5695d2481a28ab9b0299d024/html5/thumbnails/15.jpg)
Configure a DNS Server
• In this example we will configure a DNS server and will test from client side.
• For this example we are using three systems: – one Linux server – one Linux client– one window client
![Page 16: 1236849_2_Assign2Concepts](https://reader030.fdocuments.us/reader030/viewer/2022033100/5695d2481a28ab9b0299d024/html5/thumbnails/16.jpg)
Configure a DNS Server
• A bind and caching-nameserver rpm is required to configure DNS. Check them for install and if not found install them.
![Page 17: 1236849_2_Assign2Concepts](https://reader030.fdocuments.us/reader030/viewer/2022033100/5695d2481a28ab9b0299d024/html5/thumbnails/17.jpg)
Configure a DNS Server
• Set hostname to server.example.com and IP address to 192.168.0.254
![Page 18: 1236849_2_Assign2Concepts](https://reader030.fdocuments.us/reader030/viewer/2022033100/5695d2481a28ab9b0299d024/html5/thumbnails/18.jpg)
Configure a DNS Server• The main configuration file for the DNS server is
named.conf. • By default this file is not created in
/var/named/chroot/etc/ directory. • Instead of named.conf a sample file
/var/named/chroot/etc/named.caching-nameserver.conf is created.
• This file is used to make a caching only name server. You can also do editing in this file after changing its name to named.conf to configure master DNS server or you can manually create a new named.conf file.
![Page 19: 1236849_2_Assign2Concepts](https://reader030.fdocuments.us/reader030/viewer/2022033100/5695d2481a28ab9b0299d024/html5/thumbnails/19.jpg)
chroot features
• chroot feature is run named as user named, and it also limits the files named can see.
• When installed, named is fooled into thinking that the directory /var/named/chroot is actually the root or / directory.
• So named files normally found in the /etc directory are found in /var/named/chroot/etc directory instead, and those you would expect to find in /var/named are actually located in /var/named/chroot/var/named.
![Page 20: 1236849_2_Assign2Concepts](https://reader030.fdocuments.us/reader030/viewer/2022033100/5695d2481a28ab9b0299d024/html5/thumbnails/20.jpg)
chroot features
• The advantage of the chroot feature is that if a hacker enters your system via a BIND exploit, the hacker's access to the rest of your system is isolated to the files under the chroot directory and nothing else.
• This type of security is also known as a chroot jail
![Page 21: 1236849_2_Assign2Concepts](https://reader030.fdocuments.us/reader030/viewer/2022033100/5695d2481a28ab9b0299d024/html5/thumbnails/21.jpg)
Configure a DNS Server
• In this example we are creating a new named.conf file :
![Page 22: 1236849_2_Assign2Concepts](https://reader030.fdocuments.us/reader030/viewer/2022033100/5695d2481a28ab9b0299d024/html5/thumbnails/22.jpg)
Configure a DNS Server
• We are using bind's chroot features so all our necessary files will be located in the chroot directory.
• Set directory location to /var/named. • Set the location of forward zone and reverse
lookup zone files. Create this file manually and make sure it resides in: /var/named/chroot/etc/
![Page 23: 1236849_2_Assign2Concepts](https://reader030.fdocuments.us/reader030/viewer/2022033100/5695d2481a28ab9b0299d024/html5/thumbnails/23.jpg)
Configure a DNS Server – named.conf• Backup /etc/named.conf to /etc/named.conf.backup• Edit the file named.conf with vi or gedit
• Save this file, eg, :wq
![Page 24: 1236849_2_Assign2Concepts](https://reader030.fdocuments.us/reader030/viewer/2022033100/5695d2481a28ab9b0299d024/html5/thumbnails/24.jpg)
Configure the zone files
• We have defined two zones – example.com.zone for forward zone and– 0.168.192.in-addr.arpa for reverse zone.
• These files will be stored in the directory /var/named/chroot/var/named/
![Page 25: 1236849_2_Assign2Concepts](https://reader030.fdocuments.us/reader030/viewer/2022033100/5695d2481a28ab9b0299d024/html5/thumbnails/25.jpg)
Configure the forward zone file
• Now open the forward zone file example.com.zone
![Page 26: 1236849_2_Assign2Concepts](https://reader030.fdocuments.us/reader030/viewer/2022033100/5695d2481a28ab9b0299d024/html5/thumbnails/26.jpg)
Configure the forward zone file
• By default this file will look like this:
![Page 27: 1236849_2_Assign2Concepts](https://reader030.fdocuments.us/reader030/viewer/2022033100/5695d2481a28ab9b0299d024/html5/thumbnails/27.jpg)
Configure the forward zone file
• Change this file to look exactly as shown:
![Page 28: 1236849_2_Assign2Concepts](https://reader030.fdocuments.us/reader030/viewer/2022033100/5695d2481a28ab9b0299d024/html5/thumbnails/28.jpg)
Configure the forward zone file
• This file should be saved in the directory:/var/named/chroot/var/named
![Page 29: 1236849_2_Assign2Concepts](https://reader030.fdocuments.us/reader030/viewer/2022033100/5695d2481a28ab9b0299d024/html5/thumbnails/29.jpg)
Configure the reverse zone file
• Now open reverse lookup zone file 0.168.192.in-addr.arpa
![Page 30: 1236849_2_Assign2Concepts](https://reader030.fdocuments.us/reader030/viewer/2022033100/5695d2481a28ab9b0299d024/html5/thumbnails/30.jpg)
Configure the reverse zone file
• By default this file will look like:
![Page 31: 1236849_2_Assign2Concepts](https://reader030.fdocuments.us/reader030/viewer/2022033100/5695d2481a28ab9b0299d024/html5/thumbnails/31.jpg)
Configure the reverse zone file
• Change this file to look exactly as shown:
![Page 32: 1236849_2_Assign2Concepts](https://reader030.fdocuments.us/reader030/viewer/2022033100/5695d2481a28ab9b0299d024/html5/thumbnails/32.jpg)
Configure the reverse zone file
• This file should be saved in the directory:/var/named/chroot/var/named
![Page 33: 1236849_2_Assign2Concepts](https://reader030.fdocuments.us/reader030/viewer/2022033100/5695d2481a28ab9b0299d024/html5/thumbnails/33.jpg)
• You can change the ownership of these zone files to named group :
![Page 34: 1236849_2_Assign2Concepts](https://reader030.fdocuments.us/reader030/viewer/2022033100/5695d2481a28ab9b0299d024/html5/thumbnails/34.jpg)
• Now start the named service
![Page 35: 1236849_2_Assign2Concepts](https://reader030.fdocuments.us/reader030/viewer/2022033100/5695d2481a28ab9b0299d024/html5/thumbnails/35.jpg)
• The DNS service can started from the command line with:
$ service named startOr
$ service named reload (if needed)
![Page 36: 1236849_2_Assign2Concepts](https://reader030.fdocuments.us/reader030/viewer/2022033100/5695d2481a28ab9b0299d024/html5/thumbnails/36.jpg)
Summary of Manual DNS configuration
• Edit the network file– $ gedit /etc/sysconfig/network• NETWORKING=yes• HOSTNAME=yourname.itc514.edu
• Check that the IP address is correct on the Ethernet interface– $ ifconfig eth0
![Page 37: 1236849_2_Assign2Concepts](https://reader030.fdocuments.us/reader030/viewer/2022033100/5695d2481a28ab9b0299d024/html5/thumbnails/37.jpg)
Summary of Manual DNS configuration• Edit the configuration of the DNS service configuration file
– # gedit /etc/named.conf
options{ directory "var/named/";};
zone “yourname.itc514.edu" { type master; file “yourname.itc514.edu.zone"; allow-transfer {192.168.15.1;};};zone "15.168.192.in-addr.arpa" { type master; file "15.168.192.in-addr.arpa.zone";
• };
![Page 38: 1236849_2_Assign2Concepts](https://reader030.fdocuments.us/reader030/viewer/2022033100/5695d2481a28ab9b0299d024/html5/thumbnails/38.jpg)
Summary of Manual DNS configuration
• $ gedit /var/named/yourname.itc514.edu.zone– Make appropriate changes for the forward zone file
as per the example:
![Page 39: 1236849_2_Assign2Concepts](https://reader030.fdocuments.us/reader030/viewer/2022033100/5695d2481a28ab9b0299d024/html5/thumbnails/39.jpg)
Summary of Manual DNS configuration
• $ gedit /var/named/15.168.192.in-addr.arpa.zone• Make appropriate changes for the reverse zone file as per
the example:
![Page 40: 1236849_2_Assign2Concepts](https://reader030.fdocuments.us/reader030/viewer/2022033100/5695d2481a28ab9b0299d024/html5/thumbnails/40.jpg)
Summary of Manual DNS configuration
• The DNS service can started from the command line with:
$ service named startOr
$ service named reload (if needed)
![Page 41: 1236849_2_Assign2Concepts](https://reader030.fdocuments.us/reader030/viewer/2022033100/5695d2481a28ab9b0299d024/html5/thumbnails/41.jpg)
End...