unix system administration l.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
Download presentation source PowerPoint Presentation
Download Presentation
Download presentation source

Loading in 2 Seconds...

play fullscreen
1 / 12

Download presentation source - PowerPoint PPT Presentation


  • 224 Views
  • Uploaded on

Unix System Administration. Chapter 31. Daemons. Out of the Goo, the Primordial Process. Init ... all user processes and all but a few system processes. Configured ...

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Download presentation source' - Kelvin_Ajay


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
out of the goo the primordial process
Out of the Goo, the Primordial Process
  • Init
    • Always the first process to run after system boot
    • Always PID 1
    • Ancestor of all user processes and all but a few system processes
    • Configured using /etc/inittab
    • Exorcises undead zombie process
    • If init dies, the system will hang or reboot
it s a bird it s a plane no it s the super daemon
It’s a Bird, It’s a Plane,No It’s the Super Daemon
  • Inetd
    • Daemon that manages other daemons
    • The daemons it manages must be programmed to be started and managed by inetd
    • Uses /etc/inetd.conf and /etc/services as configuration files
    • Simple daemons (echo, discard, etc) are built-into inetd
    • You need to send SIGHUP to inetd after editing /etc/inetd.conf to tell it to reread the file
etc inetd conf abridged
/etc/inetd.conf (abridged)

# Syntax for socket-based Internet services:

# <service_name> <socket_type> <proto> <flags> <user>

# <server_pathname> <args>

#

ftp stream tcp nowait root /usr/sbin/in.ftpd in.ftpd

telnet stream tcp nowait root /usr/sbin/in.telnetd in.telnetd

echo stream tcp nowait root internal

echo dgram udp wait root internal

talk dgram udp wait root /usr/sbin/in.talkd in.talkd

etc services abridged
/etc/services (abridged)

echo 7/tcp

echo 7/udp

ftp-data 20/tcp

ftp 21/tcp

telnet 23/tcp

talk 517/udp

mapping those pesky ports
Mapping Those Pesky Ports
  • Portmap (aka Rpcbind)
    • Runs on port 111
    • Maps between RPC service numbers and TCP/IP port numbers
    • RPC services register their service number, version and port number with portmap/rpcbind when the start up
    • Clients contact portmap/rpcbind to find the port that a particular service is running on.
    • Use rpcinfo -p to display registered services
let s wrap it up
Let’s Wrap It Up!
  • TCP_Wrappers
    • Used to provide IP address-level security to daemons run from inetd
    • Can also be used with non-inetd daemons if they can link with the libwrap library
    • Logs successful and failed attempts via syslog facility
    • Requires modification to /etc/inetd.conf
    • Written by Wietse Venema of the Netherlands
    • ftp://ftp.porcupine.org/pub/security/index.html
tcp wrapperized etc inetd conf
TCP_Wrapperized /etc/inetd.conf

# Syntax for socket-based Internet services:

# <service_name> <socket_type> <proto> <flags> <user>

# <server_pathname> <args>

#

ftp stream tcp nowait root /usr/sbin/tcpd in.ftpd

telnet stream tcp nowait root /usr/sbin/tcpd in.telnetd

echo stream tcp nowait root internal

echo dgram udp wait root internal

talk dgram udp wait root /usr/sbin/tcpd in.talkd

etc hosts allow etc hosts deny
/etc/hosts.allow & /etc/hosts.deny

/etc/hosts.allow

ALL: localhost,krusty

in.telnetd: beast,bugs

in.rlogind: beast,bugs

in.rexecd: beast,bugs,159.91.

in.rshd: beast,bugs

in.fingerd: ALL

in.talkd: ALL

/etc/hosts.deny

ALL: ALL

daemons daemons everywhere
Daemons Daemons Everywhere ...
  • nfsd, rpc.lockd & rpc.statd - file sharing
  • ypbind, ypserv, ypxfrd - NIS daemons
  • comsat - e-mail notification
  • talkd - chat server
  • routed, gated - routing
  • innd, nntpd - Network News
  • syslogd - logging server
  • httpd - web server
even in your underwear
… Even in Your Underwear
  • Ftpd - file transfer
  • telnetd - remote terminal
  • rshd, rexec - remote shell
  • rlogin - remote login
  • xntp - time sync
  • dhcpd, bootpd, rarpd - IP address servers
  • popper, ipopd, imapd - e-mail servers
  • sendmail - e-mail routing server
exorcise these daemons
Exorcise These Daemons!
  • Besides a Unix service, what is a “daemon?”
  • What happens if inetd dies?
  • What is the name of the TCP_wrapper daemon?