1 / 17

N etwork F ile S ystem

N etwork F ile S ystem. Types of Services. Infrastructure DHCP, DNS, NIS, AD, TIME Intranet SSH, NFS, SAMBA Internet MAIL, WEB, FTP, CUPS. Components of a Service. /. etc. usr. var. sysconfig. log. init.d. bin. sbin. lib. NFS Overview.

orenda
Download Presentation

N etwork F ile S ystem

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. NetworkFile System

  2. Types of Services • Infrastructure • DHCP, DNS, NIS, AD, TIME • Intranet • SSH, NFS, SAMBA • Internet • MAIL, WEB, FTP, CUPS

  3. Components of a Service / etc usr var sysconfig log init.d bin sbin lib

  4. NFS Overview • The portmap packageNFS is designed around the Remote Procedure Call API and utilizes the portmap daemon for its operation. • The nfs-utils package has five components: • rpc.nfsdPrimary NFS component. Handles all NFS requests, and provides the main engine for NFS to work. • rpc.mountdHandles permission evaluation before allowing the client to mount an export. • rpc.quotadInterfaces with the quota manager to ensure that client file system quotas are preserved. • rpc.statdMonitors UDP and TCP traffic during NFS operation. It reports crashes and reboots to the lock manager. • rpc.lockdManages file-locking requests, and on crashed systems, this component provides lock recovery.

  5. NFS Overview • Client-Server OperationsAn NFS server, serving files and directories to remote clients, can be a client at the same time as it is serving. • NFS v3,4 is capable of running over both UDP and TCP • rpc.lockd and rpc.statd run on both the server and the client Implements NSM (Network Status Monitor) RPC protocol and provides reboot notification so locking p g can be updated when the NFS server crashes Starts the NFS lock manager on kernels. Locking prevents more than one user accessing and modifying a file at the same time.

  6. Installing and Configuring • Packages Required: • portmap • nfs-utils • Configuration file: /etc/exports • Syntax:absolute-pathname host-specifier(options,options…)

  7. Configuration • Host Specifiers • hostname • ip address • network address (cidr or netmast notation) • relative domain names • Options (to the mount command) • rw, ro • root_squash, no_root_squash • hard, soft • sync, async

  8. Configuration • The exportfs commanddynamically updates export information in the server • Options: -a exports all entries in the exports file -r re-export all entries -o specifies permission options -v verbose mode

  9. Client-side NFS • showmount –e nfs-server Displays the exports available from the server • showmount –a nfs-server Displays the mounted exports from the server • mount [–t nfs] [-o options] nfs-server:mntpoint • Default mount options: • rw • hard • udp • auto • sync • nouser

  10. tcp_wrappers Configuration • Three stages of access checking • Is access explicitly permitted? • Otherwise, is access explicitly denied? • Otherwise, by default, permit access! • Configuration stored in two files: • Permissions in /etc/hosts.allow • Denials is /etc/hosts.deny • Basic syntax:daemon_list: client_list [:options]

  11. Daemon Specification • Daemon name: • Applications pass name of their executable • Multiple services can be specified – comma delimited • Use wildcard ALL to matdh all daemons • Limitations exist for certain daemons e.g. portmap • Advanced syntax:daemon@host: client_list … for use on a multihomed system where host is anip address

  12. Client Specification • Host specification • by IP address (192.168.0.1, 10.0.0.) • by name (www.redhat.com, .example.com) performs a reverse lookup every time client connects • by netmask (192.168.0.0/255.255.255.0) netmask must be in long format. • by network name (@mynetwork) as obtained form /etc/networks or NIS

  13. Advanced Client Syntax • Wildcards • ALL, LOCAL • KNOWN, UNKNOWN, PARANOID • EXCEPT operator • Can be used for client and server list • Can be nested/etc//hosts.allow sshd: ALL EXCEPT .cracker.org EXCEPT trusted.cracker.org/etc/hosts.deny sshd: ALL

  14. tcp_wrappers Example • Consider the following example for the machine: 192.168.0.254 on a class C network: # /etc/hosts.allowvsftpd: 192.168.0.in.telnetd, portmap: 192.168.0.8 # /etc/hosts.denyALL: .cracker.org EXCEPT trusted.cracker.orgvsftpd, portmap: ALLsshd: 192.168.0. EXCEPT 192.168.0.4

  15. Project Diagram 1 172.30.4.0/24 Roter Router/Firewall NoPar Internet 192.168.X.0/24 Roter Roter Roter Server1 Server2 Client1 DNS DHCP NFS Mail CUPS SSH

  16. Project Diagram 2 172.30.4.0/24 Roter Router/Firewall NoPar Internet 192.168.X.0/24 192.168.Y.0/24 Roter Roter Roter Roter Server Mail DNS Server HTTP FTP Client Server NFS SSH DHCP

  17. Project Diagram 3 172.30.4.0/24 Roter Router/Firewall NoPar Internet Roter Server CUPS DNS Roter Router/Firewall Roter Roter Server2 SSH DNS Server1 DHCP NFS

More Related