chapter 15 advanced topics and troubleshooting l.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
Chapter 15: Advanced Topics and Troubleshooting PowerPoint Presentation
Download Presentation
Chapter 15: Advanced Topics and Troubleshooting

Loading in 2 Seconds...

play fullscreen
1 / 57

Chapter 15: Advanced Topics and Troubleshooting - PowerPoint PPT Presentation


  • 225 Views
  • Uploaded on

Chapter 15: Advanced Topics and Troubleshooting The Complete Guide to Linux System Administration Objectives Understand X window system scripts and remote access Implement basic system security Use simple features of common network services Troubleshoot common hardware and software problems

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Chapter 15: Advanced Topics and Troubleshooting' - medwin


Download Now An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
chapter 15 advanced topics and troubleshooting

Chapter 15:Advanced Topics and Troubleshooting

The Complete Guide to Linux System Administration

objectives
Objectives
  • Understand X window system scripts and remote access
  • Implement basic system security
  • Use simple features of common network services
  • Troubleshoot common hardware and software problems

The Complete Guide to Linux System Administration

x window system advanced configuration
X Window System Advanced Configuration
  • Challenges configuring graphical system are rare due to improvements in:
    • XFree86 X server
    • Installation programs

The Complete Guide to Linux System Administration

configuring x
Configuring X
  • X software normally located in directory /usr/X11R6
    • Sometimes called X-root directory
    • Version 11, release 6
    • Configuration file for Red Hat Linux and Fedora called xorg.conf located in /etc/X11 directory
    • Commercial X servers use different configuration files

The Complete Guide to Linux System Administration

configuring x continued
Configuring X (continued)
  • xvidtune program
    • Adjust finer details of display
    • Can damage monitor if used carelessly
  • system-config-display program configures:
    • Screen resolution
    • Number of colors

The Complete Guide to Linux System Administration

configuring x continued6
Configuring X (continued)

The Complete Guide to Linux System Administration

using x window system start up scripts
Using X Window System Start-up Scripts
  • X Window System starts automatically every time user logs in at graphical prompt
  • startx command
    • Start X Window System from command line
    • Script located in /usr/X11R6/bin
    • Starts xinit program
    • Place scripts in user’s home directory to define graphical configuration for user

The Complete Guide to Linux System Administration

using x window system start up scripts continued
Using X Window System Start-up Scripts (continued)
  • Background application
    • Does not prevent program that started it from going on to other tasks
    • xinit scripts can start X client then go on to start another
  • Window manager
    • Responsible for controlling graphical screen
    • Started last by xinit

The Complete Guide to Linux System Administration

using x window system start up scripts continued9
Using X Window System Start-up Scripts (continued)

The Complete Guide to Linux System Administration

adjusting the display of graphical applications
Adjusting the Display of Graphical Applications
  • X resource
    • Separate screen elements such as:
      • Scroll bars
      • Text fonts
      • Mouse pointers
      • Title bars for windows or dialog boxes
    • Collection of default X resource settings applies to all X applications

The Complete Guide to Linux System Administration

adjusting the display of graphical applications continued
Adjusting the Display of Graphical Applications (continued)
  • Resource database file
    • Settings apply only when specific user runs specific application
    • Main file app-defaults located at /usr/X11R6/lib/X11
    • User’s home directory can contain additional settings
      • .Xresources
      • .Xdefaults

The Complete Guide to Linux System Administration

adjusting the display of graphical applications continued12
Adjusting the Display of Graphical Applications (continued)
  • xrdb command
    • Loads initial X database resource file
    • Adds resource configuration details from files
    • xrdb -load $HOME/.Xresources
  • xfontsel command
    • See fonts supported by X Window System
  • xset command
    • Adjust behavior of X to suit preferences

The Complete Guide to Linux System Administration

using a graphical login screen
Using a Graphical Login Screen
  • Most Linux distributions start in run level 5
    • Graphical environment
  • xdm program
    • Graphical login screen provided by X display manager
    • Versions specific to KDE and GNOME called:
      • kdm
      • Gdm
  • Session defines set of graphical programs to run when user logs in

The Complete Guide to Linux System Administration

using a graphical login screen continued
Using a Graphical Login Screen (continued)
  • Xsession file specifies which programs started by particular session name
  • xdm executes file /etc/x11/xdm/Xsession to determine which X clients to run
  • Xsession file
    • Placed in user home directory
    • Controls which sessions specific user has available
  • /etc/X11/xdm subdirectory files configure features of xdm

The Complete Guide to Linux System Administration

using a graphical login screen continued15
Using a Graphical Login Screen (continued)
  • Any type of computer can run X server
  • Graphical application decides which X server to use
    • By default uses X server on same computer
    • Specify different server
      • DISPLAY environment variable
      • Add display option to command
  • Configuring remote display security
    • X server on remote host configured to allow other computers to display programs there

The Complete Guide to Linux System Administration

using a graphical login screen continued16
Using a Graphical Login Screen (continued)
  • xhost command specifies name of remote computer permitted to use local X server
    • Insecure
  • xauth command restricts access to users on remote system who have specific token
    • Commonly called cookie
      • MIT magic cookie

The Complete Guide to Linux System Administration

using a graphical login screen continued17
Using a Graphical Login Screen (continued)
  • .Xauthority files
    • Stored in user’s home directory
    • User-to-user security system
  • Remote graphical login
    • Log in to Linux system, use graphical environment as if sitting at Linux system
    • Uses XDMCP

The Complete Guide to Linux System Administration

displaying x clients remotely
Displaying X Clients Remotely
  • X protocol
    • X Window System uses own protocol to communicate between X server and each X client
    • Can be used over network connections

The Complete Guide to Linux System Administration

displaying x clients remotely continued
Displaying X Clients Remotely (continued)

The Complete Guide to Linux System Administration

security issues the structure of a secure network
Security Issues:The Structure of a Secure Network
  • Security divided into areas:
    • Physical security
    • User security
    • File security
    • Network security

The Complete Guide to Linux System Administration

types of security attacks
Types of Security Attacks
  • Password cracking
  • Trojan horse
  • Buffer overflow attacks
  • Denial-of-service (DoS)
  • Port scanning
  • Packet sniffing

The Complete Guide to Linux System Administration

security tools
Security Tools
  • nmap
    • Most widely used port-scanning utility
    • Can use variety of different scanning methods
    • nmap -ss www.myplace.net
  • nmapfe utility
    • Graphical interface
  • IPTraf program
    • Popular tool for viewing network activity on LAN

The Complete Guide to Linux System Administration

security tools continued
Security Tools (continued)
  • tcpdump utility
    • Similar to IPTraf program
    • Also includes more detailed information about packets on network
  • Ethereal
    • One of the best packet-sniffing tools
    • Network traffic analysis tool

The Complete Guide to Linux System Administration

security tools continued24
Security Tools (continued)
  • Intrusion detection system (IDS) watches network for activity that may indicate attacker is looking for way to enter server
  • Linux Intrusion Detection System (LIDS)
    • Adds module to Linux kernel
    • Blocks access to resources for all users except as configured by LIDS

The Complete Guide to Linux System Administration

security tools continued25
Security Tools (continued)
  • Security audit
    • Review or test of how secure system really is
    • What needs to be done to improve its security
  • Security Administrator’s Integrated Network Tool (SAINT) utility
    • Uses Web browser interface to manage “attack” on network
    • Reports vulnerabilities it finds

The Complete Guide to Linux System Administration

viruses and worms
Viruses and Worms
  • Security threats designed to replicate themselves once installed on system
  • Virus tries to replicate as part of another program
  • Worm attempts to infiltrate other systems on its own
  • Linux rarely subject of virus attacks
  • Worms pose greater threat than viruses

The Complete Guide to Linux System Administration

security organizations
Security Organizations
  • CERT Coordination Center (CERT/CC)
    • U.S. Federal government-funded software engineering institute
    • Maintains lists of security vulnerabilities, alerts, incident reports
  • System Administration, Networking, and Security (SANS) Institute
    • Education and research organization
    • Visiting web site www.sans.org

The Complete Guide to Linux System Administration

security organizations continued
Security Organizations (continued)
  • Global Information Assurance Certification (GIAC) program
    • Certification program for security professionals from SANS

The Complete Guide to Linux System Administration

using network services
Using Network Services
  • Most network services installed by default
    • Controlled using script in /etc/rc.d/init.d directory or using service command

The Complete Guide to Linux System Administration

using netfilter for firewalls
Using NetFilter for Firewalls
  • Firewall
    • Hardware device or software program that prevents unintended network access
  • Packet filter
    • Firewall that examines each packet
    • Decides how to process it based on firewall rules
  • NetFilter defines rules in IP tables

The Complete Guide to Linux System Administration

using netfilter for firewalls continued
Using NetFilter for Firewalls (continued)
  • Packet stages
    • Input
    • Forward
    • Output
  • iptables command creates and manages firewall rules
  • Rules executed in order defined in chain

The Complete Guide to Linux System Administration

using netfilter for firewalls continued32
Using NetFilter for Firewalls (continued)
  • Network address translation (NAT)
    • Routing technique
    • Alters addresses or other information in packet
  • IP masquerading
    • Type of network address translation
    • Packets from many computers on LAN altered to appear as if they came from single computer

The Complete Guide to Linux System Administration

using netfilter for firewalls continued33
Using NetFilter for Firewalls (continued)
  • system-config-securitylevel program sets up reasonable rules based on:
    • How secure system should be
    • Specific protocols to leave more open
  • Other graphical firewall programs that use IP tables
    • Firestarter
    • Mason
    • KMyFirewall
    • GuardDog

The Complete Guide to Linux System Administration

setting up a dns name server
Setting Up a DNS Name Server
  • Root name servers
    • DNS servers designated as starting point for DNS queries
  • Master DNS server or primary DNS server
    • Provides information on domain
  • Slave DNS server or secondary DNS server
    • Contains backup copy of DNS information
  • Named
    • Daemon that implements DNS

The Complete Guide to Linux System Administration

setting up a dns name server continued
Setting Up a DNS Name Server (continued)
  • Caching name server
    • Queries other DNS servers and caches results
  • Zone
    • DNS server maintains information for at least part of domain
  • Zone information files
    • Define host names and corresponding IP addresses
  • rndc utility
    • Control named daemon from command line

The Complete Guide to Linux System Administration

setting up a dns name server continued36
Setting Up a DNS Name Server (continued)
  • dig utility
    • Query any DNS server
  • whois
    • Information about organization that registered domain name

The Complete Guide to Linux System Administration

file sharing with nfs
File Sharing with NFS
  • Work with hard disks located all over local network ss if part of local directory structure
  • NFS protocol implemented by several daemons
    • rpc.mountd
    • nfsd
    • rpc.rquotad
    • rpc.statd

The Complete Guide to Linux System Administration

file sharing with nfs continued
File Sharing with NFS (continued)
  • /etc/exports file defines which local directories should be accessible to remote users
  • exportfs command activates contents of /etc/exports
  • Squashing prevents user from gaining access to user account on NFS server because user has same ID on NFS client

The Complete Guide to Linux System Administration

setting up a samba server
Setting Up a Samba Server
  • Samba suite
    • File and print sharing using SMB and CIFS protocols
  • Server daemons
    • nmbd
    • smbd
  • smb.conf
    • Main configuration file

The Complete Guide to Linux System Administration

setting up a samba server continued
Setting Up a Samba Server (continued)
  • Common to allow everyone with Linux user account to log in via Samba
  • SWAT
    • Graphical configuration tool for Samba
    • Runs as network service managed by superserver
    • Access SWAT: http//localhost:901/

The Complete Guide to Linux System Administration

creating a proxy server with squid
Creating a Proxy Server with Squid
  • Proxy server
    • Lets one server make request for another server
    • Done to improve efficiency and security of network
  • Squid requires significant configuration before use
    • In file /etc/squid/squid.conf
  • Transparent proxy redirects network packet based on port to which packet addressed

The Complete Guide to Linux System Administration

creating a linux web server with apache
Creating a Linux Web Server with Apache
  • Daemon named httpd
    • Control with apachectl program
  • /etc/httpd/conf directory
    • Configuration files
  • Many features implemented as loadable modules
  • Container activates other directives only if condition is met or only within particular context

The Complete Guide to Linux System Administration

configuring a basic e mail server
Configuring a Basic E-mail Server
  • Mail Transfer Agent (MTA) moves mail between e-mail servers
  • Mail Delivery Agent (MDA) examines messages and delivers them to user’s mailbox file
  • Mail User Agent (MUA) lets user:
    • View messages stored in mailbox
    • Create new messages

The Complete Guide to Linux System Administration

configuring a basic e mail server continued
Configuring a Basic E-mail Server (continued)
  • sendmail
    • Most widely known e-mail server
    • Managed using standard script in /etc/rc.d/init.d
    • /etc/sendmail.cf
      • Configuration file
      • Considered to be single most difficult Linux configuration file to master
    • m4 program
      • Configure sendmail

The Complete Guide to Linux System Administration

configuring a basic e mail server continued45
Configuring a Basic E-mail Server (continued)
  • E-mail alias
    • Another name that can deliver e-mail messages to user
    • Configured in sendmail with /etc/aliases file
  • Monitor sendmail
    • /var/log/maillog file
    • hoststat
    • mailq
    • mailstats

The Complete Guide to Linux System Administration

using superservers for network services
Using Superservers for Network Services
  • Superserver
    • Listens on multiple network ports and starts appropriate service when client connection arrives for port
    • Programs
      • inetd
      • xinetd

The Complete Guide to Linux System Administration

using superservers for network services continued
Using Superservers for Network Services (continued)
  • tcpd
    • TCP wrappers
    • Examines incoming network connection
    • Compares it to configuration file to determine whether connection allowed
    • Configured by
      • /etc/hosts.allow
      • /etc/hosts.deny

The Complete Guide to Linux System Administration

troubleshooting and recovery
Troubleshooting and Recovery
  • Having appropriate methodology makes it easier to locate and fix problems
  • Basic methodology for troubleshooting
    • What system or service is causing the problem?
    • Can I eliminate other possible causes to limit the scope of the problem?

The Complete Guide to Linux System Administration

troubleshooting linux installation
Troubleshooting Linux Installation
  • Installation program doesn’t boot
    • Boot disk created incorrectly
    • Bios configured to start operating system from hard disk without first checking floppy disk or CD-ROM
    • Installation program not able to detect video card

The Complete Guide to Linux System Administration

troubleshooting linux installation continued
Troubleshooting Linux Installation (continued)
  • After Linux installed system doesn’t boot
    • Another boot manager installed in MBR
    • Trouble identifying hardware on system that was not detected during installation process
  • Graphical interface doesn’t work
    • Some video cards not supported by XFree86
    • Supported by commercial X Window System products

The Complete Guide to Linux System Administration

troubleshooting linux installation continued51
Troubleshooting Linux Installation (continued)
  • Device or part of memory isn’t available
    • Hardware not correctly configured
    • Linux does not access all of available system RAM because of limitations in computer’s BIOS

The Complete Guide to Linux System Administration

diagnosing device status
Diagnosing Device Status
  • Utilities to learn about devices
    • /proc file system
    • lspci
    • setserial
    • usbmodules

The Complete Guide to Linux System Administration

troubleshooting network connections
Troubleshooting Network Connections

The Complete Guide to Linux System Administration

troubleshooting network connections continued
Troubleshooting Network Connections (continued)

The Complete Guide to Linux System Administration

creating rescue disks
Creating Rescue Disks
  • Rescue disk
    • 3.5-inch disk used to boot Linux-based computer
    • Create when installing Linux
  • Rescue mode
    • Boots from CD
    • Searches for Fedora installations
    • Launches console to repair problems

The Complete Guide to Linux System Administration

summary
Summary
  • Scripts used by X Window System to determine exactly what programs to start
  • Graphical login screen handled by xdm
  • Graphical programs can be displayed remotely
  • Computer security often divided into categories
  • Linux uses firewalling and packet-filtering system called NetFilter

The Complete Guide to Linux System Administration

summary continued
Summary (continued)
  • DNS server on Linux implemented using named daemon
  • NFS permits remote users to mount file system on NFS server as part of directory structure
  • Apache Web server included with most Linux distributions
  • Systematically eliminating possible problems good methodology for troubleshooting

The Complete Guide to Linux System Administration