INTRODUCTION

Our project is based on the IT infrastructure and its security. The IT infrastructure we analyzed to take our project target A company which is based on Linux Operating System. We did our project on The Complete Open Source Solutions, which is famous for Linux Operating system training, troubleshooting, and real time support. The company is Red hats partner and it has the excellence on providing the open source solutions.

In that company we analyzed the following aspects: 1. Machine Configurations for Clients & Servers. 2. Networking Configuration for Networks. 3. Operating system and Software configuration. 4. Types of Servers and their configurations. 5. Technical Support. 6. And the most important Security management as Firewall.

And we made The Firewall as our major aspect of that project we did research and development on its shell script and rules in providing security to the Company. With that observation we also developed many server

configurations to test the Firewall rules with them to add more functionality to our multifunction Project.

SYSTEM ANALYSIS
EXISTING SYSTEM:
For Server For anyone who thinks Windows has the server market cornered, I would ask you to wake up and join the 21st century. Linux can, and does, serve up anything and everything and does it easily and well. It's fast, secure, easy to configure, and very scalable. And let's say you don't happen to be fond of Sendmail. If that's the case you have plenty of alternatives to choose from. Even with serving up Web pages. There are plenty of alternatives to Apache, some of which are incredibly lightweight. For Security Recently, there was a scare in the IT world known as Phalanx 2. It actually hit Linux. But the real issue was that it hit Linux servers that hadn't been updated. It was poor administration that caused this little gem to get

noticed. The patch, as usual in the Linux world, came nearly as soon as word got out. And that's the rub. Security issues plague Windows for a couple of reasons: The operating system comes complete with plenty of security holes and Microsoft is slow to release patches for the holes. Of course, this is not to say that Linux is immune. It isn't. But it is less susceptible to attacks and faster to fix problems. For Flexibility This stems from the desktop but, because Linux is such an amazingly adaptable operating system, it's wrong to confine flexibility to the desktop alone. Here's the thing: With Linux, there is always more than one way to handle a task. Add to that the ability to get really creative with your problem solving, and you have the makings of a far superior system. Windows is about as inflexible as an operating system can be.

DRAWBACKS
Disadvantages :
Understanding Becoming familiar with the Linux operating system requires patience as well as a strong learning curve. You must have the desire to read and figure things out on your own, rather than having everything done for you.

Compatibility Because of its free nature, Linux is sometimes behind the curve when it comes to brand new hardware compatibility. Though the kernel contributors and maintainers work hard at keeping the kernel up

to date, Linux does not have as much of a corporate backing as alternative operating systems. Sometimes you can find third party applications, sometimes you cant. Alternative Programs Though Linux developers have done a great job at creating alternatives to popular Windows applications, there are still some applications that exist on Windows that have no equivalent Linux application.

Proposed System

Cost The most obvious advantage of using Linux is the fact that it is free to obtain, while Microsoft products are available for a hefty and sometimes recurring fee. Microsoft licenses typically are only allowed to be installed on a single computer, whereas a Linux distribution can be installed on any number of computers, without paying a single dime.

Security In line with the costs, the security aspect of Linux is much stronger than that of Windows. Why should you have to spend extra money for virus protection software? The Linux operating system has been around since the early nineties and has managed to stay secure in the realm of widespread viruses, spyware and adware for all these years. Sure, the argument of the Linux desktop not being as widely used is a factor as to why there are no viruses. My rebottle is that the Linux operating system is open source and if there were a widespread Linux virus released today, there would be hundreds of patches released tomorrow, either by ordinary people that use the operating system or by the distribution maintainers. We wouldnt need to wait for a patch from a single company like we do with Windows.

Choice (Freedom) The power of choice is a great Linux advantage. With Linux, you have the power to control just about every aspect of the operating system. Two major features you have control of are your desktops look and feel by way of numerous Window Managers, and the kernel. In Windows, youre either stuck using the boring

default desktop theme, or risking corruption or failure by installing a third-party shell.

Software - There are so many software choices when it comes to doing any specific task. You could search for a text editor on Fresh meat and yield hundreds, if not thousands of results. My article on 5 Linux text editors you should know about explains how there are so many options just for editing text on the command-line due to the open source nature of Linux. Regular users and programmers contribute applications all the time. Sometimes its a simple modification or feature enhancement of a already existing piece of software, sometimes its a brand new application. In addition, software on Linux tends to be packed with more features and greater usability than software on Windows. Best of all, the vast majority of Linux software is free and open source. Not only are you getting the software for no charge, but you have the option to modify the source code and add more features if you understand the programming language. What more could you ask for.

Hardware - Linux is perfect for those old computers with barely any processing power or memory you have sitting in your garage or basement collecting dust. Install Linux and use it as a firewall, a file server, or a backup server. There are endless possibilities. Old 386 or 486 computers with barely any RAM run Linux without any issue. Good luck running Windows on these machines and actually finding a use for them.

FEASIBILITY STUDY
The main aim of the feasibility study activity is to determine whether it would be financially or technically feasible to develop the project. The feasibility study activity involve the analyses the problem and collection of all relevant information relating to the product such as the different data

item which would be input to the system, the processing required to be carried out on these data, the output data required to be produce by the system, as well as various constraints on the behaviour of the system. The collected data are analyzed to arrive at the following: An abstract problem definition. An abstract problem definition is a rough description of the problem which consider only the important requirement and ignores the rest. Formulation of the different solution strategies. Analysis of alternative solution strategies to compare their benefits and shortcomings. This of analysis the usually required required, making cost of approximate estimates resources

development, and development time for each of the options. These estimates are used as the basic for comparing the different solutions. Generally feasibility study is classified in to three types such as: 1. ECONOMIC FEASIBILITY STUDY 2. TECHNICAL FEASIBILITY STUDY 3. OPERATIONAL FEASIBILITY STUDY

SYSTEM SPECIFICATION:
HARDWARE AND SOFTWARE REQUIREMENTS: We offer support for new installations on the operating systems and architectures mentioned below.

Hardware Requirements Component Processor Memory Disk Space Compatible Software Supported Virtual Environments KVM Linux- VServer Microsoft Server 2008 Hyper-V OpenVZ (stable releases only) Oracle VM VirtualBox, VirtualBox OSE Virtuozzo
[2] [1]

Minimum Requirement 266 MHz processor 512 MB RAM (1 GB recommended when hosting many accounts) 20GB hard disk (40GB is recommended)

VMware Server, VMware ESX Server Xen, XenEnterprise, XenExpress, XenServer

Supported Operating Systems

(i386 and x86-64 ONLY)

CentOS versions 5.x, 6.x Red Hat Enterprise Linux versions 5.x, 6.x CloudLinux 5.x, 6.x
[3]

Virtual Environments Detected and Reported as Functional SmartOS 1. cPanel software does not support 32-bit Virtual Environments that run on a 64-bit host kernel. 2. cPanel software supports the drivers and configurations provided by Microsoft. 3. CloudLinux is not compatible with OpenVZ or Virtuozzo. 4. For SmartOS to be detected, you must use cPanel & WHM software version 11.36.1 or higher. Important Facts Please keep these facts in mind when you install cPanel & WHM software:

We strongly recommend a system that exceeds the minimum requirements. This is especially true if you plan to host a large number of domains and accounts.

You should install a minimal version of the operating system. All services that cPanel requires will automatically be installed during the cPanel & WHM software installation process. Installing services prior to

the installation of cPanel & WHM software will cause compatibility problems.

Because cPanel software is designed for commercial hosting, we only license publicly visible, static IP addresses. We do not license dynamic, sticky, or internal IPs.

cPanel does not support one-to-many NAT.

Installation Instructions To install cPanel & WHM software on CentOS: 1. Download a free CentOS DVD ISO. To use this ISO, you must burn the image to a DVD. Then, insert the DVD into the server and turn it on. 2. Upon its first reboot, the ISO will install cPanel and WHM software in the background. 3. For more details, read our documentation on Installing cPanel and WHM software. If you have questions, please contact our sales team.

How long will this release of cPanel & WHM software receive support? The 11.32 release of cPanel & WHM officially introduces the Long-Term Support initiative. To learn more, read our Long-Term Support document. cPanel & WHM Version Approximate Date Release Anticipated End of Life*

11.40 11.38 11.36 11.34 (EOL) 11.32 (EOL)

Oct. 2013 Apr. 2013 Jan. 25, 2013 Oct. 15, 2012 Feb 20, 2012

Oct. 2014 Apr. 2014 Jan. 2014 Oct. 2013 Aug 20, 2013

* cPanel & WHM software releases which have reached End of Life:

Are unavailable for installation Will no longer receive fixes or patches from cPanel, Inc.

PROJECT DESCRIPTION:
OVERVIEW OF THE PROJECT: This project IT infrastructure in Linux is better then windows IT infrastructure because it is highly secure and reliable in nature. It is user friendly, we can easily use it in any organisation , company etc for the following reasons 1. Low cost: You dont need to spend time and money to obtain licenses since Linux and much of its software come with the GNU General Public License. You can start to work immediately without worrying that your software may stop working anytime because the free trial version expires. Additionally, there are large repositories from which you can freely download high quality software for almost any task you can think of. 2. Stability: Linux doesnt need to be rebooted periodically to maintain performance levels. It doesnt freeze up or slow down over time due to

10

memory leaks and such. Continuous up-times of hundreds of days (up to a year or more) are not uncommon.

3. Performance:

Linux

provides

persistent

high

performance

on

workstations and on networks. It can handle unusually large numbers of users simultaneously, and can make old computers sufficiently responsive to be useful again. 4. Network friendliness: Linux was developed by a group of programmers over the Internet and has therefore strong support for network functionality; client and server systems can be easily set up on any computer running Linux. It can perform tasks such as network backups faster and more reliably than alternative systems. 5. Flexibility: Linux can be used for high performance server applications, desktop applications, and embedded systems. You can save disk space by only installing the components needed for a particular use. You can restrict the use of specific computers by installing for example only selected office applications instead of the whole suite. 6. Compatibility: It runs all common Unix software packages and can process all common file formats. 7. Choice: The large number of Linux distributions gives you a choice. Each distribution is developed and supported by a different organization. You can pick the one you like best; the core functionalities are the same; most software runs on most distributions. 8. Fast and easy installation: Most Linux distributions come with userfriendly installation and setup programs. Popular Linux distributions come with tools that make installation of additional software very user friendly as well. 9. Full use of hard disk: Linux continues work well even when the hard disk is almost full.

11

10.

Multitasking: Linux is designed to do many things at the same

time; e.g., a large printing job in the background wont slow down your other work. 11. Security: Linux is one of the most secure operating systems. Walls and flexible file access permission systems prevent access by unwanted visitors or viruses. Linux users have to option to select and safely download software, free of charge, from online repositories containing thousands of high quality packages. No purchase transactions requiring credit card numbers or other sensitive personal information are necessary. 12. Open Source: If you develop software that requires knowledge or modification of the operating system code, Linuxs source code is at your fingertips. Most Linux applications are Open Source as well. Today the combination of inexpensive computers and free high-quality Linux operating systems and software provide incredibly low-cost solutions for both basic home office use and high-performance business and science applications. The available choices of Linux distributions and Linux software may be overwhelming at first, but if you know where to look, it shouldnt take long for you to find good online guidance

List of Servers:
DNS (Domain Name System).

12

1. Proxy Server. 2. Web Server. 3. Mail Server. 4. SAMBA Server. List of other major elements: 1. Software Router. 2. Firewal List of other Physical Components: 1. Switch 2. Router 3. NIC 4. Client machines (Windows, Linux) 5. Server machines.(Linux)

FIREWALL:
What is a firewall? A firewall is a system designed to prevent unauthorized access to or from a private network. You can implement a firewall in either hardware or software form, or a combination of both. Firewalls prevent unauthorized Internet users from accessing private networks connected to the Internet, especially intranets. All messages entering or leaving the intranet (i.e., the local network to which you are connected) must pass through the firewall, which examines each message and blocks those that do not meet the specified security criteria. Note: In protecting private information, a firewall is considered a first line of defence; it cannot, however, be considered the only such line. Firewalls are generally designed to protect network traffic and connections, and therefore

13

do not attempt to authenticate individual users when determining who can access a particular computer or network.

Several types of firewall techniques exist:

Packet filtering: The system examines each packet entering or leaving the network and accepts or rejects it based on user-defined rules. Packet filtering is fairly effective and transparent to users, but it is difficult to configure. In addition, it is susceptible to IP spoofing.

Circuit-level gateway implementation: This process applies security mechanisms when a TCP or UDP connection is established. Once the connection has been made, packets can flow between the hosts without further checking.

Acting as a proxy server: A proxy server is a type of gateway that hides the true network address of the computer(s) connecting through it. A proxy server connects to the Internet, makes the requests for pages, connections to servers, etc., and receives the data on behalf of the computer(s) behind it. The firewall capabilities lie in the fact that a proxy can be configured to allow only certain types of traffic to pass (e.g., HTTP files, or web pages). A proxy server has the potential drawback of slowing network performance, since it has to actively analyze and manipulate traffic passing through it.

Types of Firewall:

14

Software Firewall: A Software firewall is not physical device, it is only software which is generally installed on your computer used for protecting it. Software firewalls are best suited for protecting computers from Trojan programs or e-mail worms. If Software firewall is built-in mail server could attempt to send mail on the valid Simple Mail Transfer Protocol (SMTP), port (25), which would probably pass through the hardware firewall because of its trusted origin. Some software firewalls are flexible enough to incorporate your existing anti-software into its firewall program. Some software firewalls also include parental controls to manage what kinds of websites your children visit. Special packages will also allow you to block photos and specific text content that you do not want your children to view. Some top software firewall packages also include anti-spam, anti-virus, even anti-popup ad software. Software firewalls are best suited for the home user who wants easy customization. One of the drawbacks of software firewalls is that they can only protect the machine theyre installed on, so if you have multiple computers (which many small offices do), you need to buy, install, and configure a software firewall separately on each machine.

This can get expensive and can be difficult to manage if you have a lot of computers.

15

Hardware firewall :
A Hardware firewall is a physical device with physical elements like RAM, flash, processor, Ethernet ports. Hardware firewalls are best suited to businesses and large networks. Hardware firewalls are also quite costlier than normal software firewall. Hardware firewall provides strong protection from most forms of attack. A hardware firewall employs packet filtering, which examines the header of a packet to determine its source and destination addresses. This information is compared to a set of predefined and/or user-created rules that determine whether the packet is to be forwarded or dropped. It includes a more advanced technique called State full Packet Inspection, which looks at additional characteristics such as a packets actual origin (i.e. did it come from the Internet or from the local network) and whether incoming traffic is a response to existing outgoing connections, like a request for a Web page. Hardware firewall supports VPN which is most secure way of accessing your local network from remote site. People who are allowed in VPN tunnel only they can access your ftp server etc. In Cisco ASA hardware firewall have feature of failover, which can be used for redundancy. But it is disruptive kind of communication. The ASAs are fully capable of offering anti-spam, anti-phishing, antispyware, and anti-virus scanning within your internal network with an added module.

Classification of Firewall:
Network-Level Firewalls The first generation of firewalls (c. 1988) worked at the network level by inspecting packet headers and filtering traffic based on the IP address of the source and the destination, the port and the service. Some of these primeval

16

security applications could also filter packets based on protocols, the domain name of the source and a few other attributes. Network-level firewalls are fast, and today you'll find them built into most network appliances, particularly routers. These firewalls, however, don't support sophisticated rule-based models. They dont understand languages like HTML and XML, and they are capable of decoding SSLencrypted packets to examine their content. As a result, they cant validate user inputs or detect maliciously modified parameters in an URL request. This leaves your network vulnerable to a number of serious threats.

Circuit-Level Firewalls These applications, which represent the second-generation of firewall technology, monitor TCP handshaking between packets to make sure a session is legitimate. Traffic is filtered based on specified session rules and may be restricted to recognized computers only. Circuit-level firewalls hide the network itself from the outside, which is useful for denying access to intruders. But they don't filter individual packets. Application-Level Firewalls Recently, application-level firewalls (sometimes called proxies) have been looking more deeply into the application data going through their filters. By considering the context of client requests and application responses, these firewalls attempt to enforce correct application behaviour; block malicious activity and help organizations ensure the safety of sensitive information and systems. They can log user activity too. Application-level filtering may

17

include protection against spam and viruses as well, and be able to block undesirable Web sites based on content rather than just their IP address. If that sounds too good to be true, it is. The downside to deep packet inspection is that the more closely a firewall examines network data flow, the longer it takes, and the heavier hit your network performance will sustain. This is why the highest-end security appliances include lots of RAM to speed packet processing. And of course you'll pay for the added chips. State full Multi-level Firewalls SML vendors claim that their products deploy the best features of the other three firewall types. They filter packets at the network level and they recognize and process application-level data, but since they don't employ proxies, they deliver reasonably good performance in spite of the deep packet analysis. On the downside, they are not cheap, and they can be difficult to configure and administer

18

Software Router

Data Flow Diagram

Mail Server Web Server Switch Samba Server Windows System

Internet Switch

Windows System

Switch

Intranet

19

SAMBA Server:
Setting up DNS Server with RedHat Linux 6.0

Samba is based on the common client/server protocol of Server Message Block (SMB) and Common Internet File System (CIFS). Using client software that also supports SMB/CIFS (for example, most Microsoft Windows products), an end user sends a series of client requests to the Samba server on another computer in order to open that computer's files, access a shared printer, or access other resources. The Samba server on the other computer responds to each client request, either granting or denying access to its shared files and resources. Use of SAMBA Server Samba consists of two key programs, plus a bunch of other stuff that we'll get to later. The two key programs are smbd and nmbd. Their job is to implement the four basic modern-day CIFS services, which are:

File & print services Authentication and Authorization Name resolution

20

Service announcement (browsing)

Profile of SAMBA Server: Package: samba* Daemon: smbd, nmbd Configuration File: /etc/samba/smb.conf Port no: 137, 138, 134,139, 445.

Configuration Steps: Step1: Install the packages. # yum install samba* -y Step2: Restart the service temporary. # service smb restar Step 3: To start the service permanently.

#chkconfig smb on Step 4: Open the configuration file & do the configuration. #vim /etc/samba/smb.conf Step 5: Copy the 7 lines & paste them & do required changes. ########################################################### #####

21

[linux] *//sharename Comment = This is the share for linux user. *// Give Path = / dir1 Public = no *//path of share directory. *//Other client cant use

Writable = yes *// There is write permission Printable = no *// There is no print permission Write list = +student *//Group name Valid users = student1, student2 *// Mention the valid users name. Workgroup = *//Mention if any workgroup is there.

Host allow = 172.24.0.0/16 *// Different network users also can use. ########################################################### ##### Step 6: Save the changes by :wq Step 7: After configuration restart the service. #service smb restart #chkconfig smb on Step8: Make the directory which is specified in configuration file & create some files inside it. # mkdir /dir1 #cd /dir1

22

#touch file{1..4} Step 9: See the context of that directory. # ls ldZ /dir1 Step 10: Change the context of the directory. # chcon -t samba_share_t /dir1 Step11: Again see the changed context. # ls ldZ /dir1 Step 12: Add the group user & valid users # useradd student. # useradd student. #useradd student1 *// Added valid user #useradd student2 *//Added valid user Step 13: Give password to the valid users. #smbpasswd -a student1 #smbpasswd a student2 Step 14: Again restart the services. #service smb restart #chkconfig smb restar -g student student02 *//student 2 added to group called -g student student01 *// student1 added to group called

23

Step 15: Provide the write permission to directory. #chmod o+w /dir1 Step 16: Connect as a smbclient. #smbclient //192.168.0.19/linux U student1 Step 17: After providing password it will show the smb prompt. Smb/:> Step 18: Now you can download & upload the files

Smb:/> mget /dir1* Smb:/> put file

//(downloading the files)

//(uploadking the files)

Smb:/> exit //for exiting.

DNS(Domain Name Server)

1.DOCUMENT OVERVIEW Setting up DNS Server with RedHat Linux 6.0 Title: Setting up an DNS Server with RedHat Linux 6.0 Summary: Step-By-Step instructions on how to install an RedHat 8 or RedHat 9. Software: Hardware: Skill Level: RedHat6 Not Applicable Beginner DNS

server using RedHat Linux 6 There should not be many differences to

24

Skills Required:

Basic understanding of Networking (TCP/IP)

- Basic understanding of Linux

2.DNS OVERVIEW Domain name system (DNS) servers translate names suitable for use by people (such as www.firewall.project.com) into network addresses (e.g., 192.168.0.251) suitable for use by computers. There are a number of different name server software packages available today. Berkeley Internet Name Domain (BIND), produced by the Internet Software Consortium (http://www.isc.org), is the most widely deployed name server package, and is available on a wide variety of platforms. Other popular DNS packages include Microsoft DNS . 3. GOAL The goal of this document is to discuss general name server security. However, in order to provide useful examples we have chosen to focus on BIND since it is the most commonly used software for DNS servers.

Risks to name servers Name servers exposed to the Internet are subject to a wide variety of attacks: Attacks against the name server software may allow an intruder to compromise the server and take control of the host. This often leads to further compromise of the network.

25

 Denial of service attacks, even one directed at a single DNS server, may affect an entire network by preventing users from translating hostnames into the necessary IP addresses. Spoofing attacks that try to induce your name server to cache false resource records, and could lead unsuspecting users to unsavoury sites. Information leakage from a seemingly innocent zone transfer could expose internal network topology information that can be used to plan further attacks. A name server could even be an unwitting participant in attacks on other sites. While it is important for network administrators to secure any host connected to the Internet, they must give name servers special consideration due to the important role they play. CONFIGURATION DNS/BIND The main configuration file of DNS is /etc/named.conf and should look, by default, something like this: Step1.First we install the bind package by using yum or rpm. # yum install bind* -y Step2. We will now change it to support our domain project.com which is NOT connected to the internet by typing in the file:# vim /etc/named.conf

Type: options { listen-on port 53 {192.169.146.128; }; listen-on-v6 port 53 { ::1; }; directory "/var/named"; "/var/named/data/cache_dump.db"; dump-file

26

statistics-file "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt";

allow-query recursion yes;

{192.168.146.0/24; }; {192.168.146.0/24; };

allow-query-cache

forwarders { 192.168.0.254; }; forward only; 3.named.rfc1912.zones: It defines default zone for caching server Zone files use several record types, including: SOA (Start of Authority) NS (Name Server) MX (Mail eXchanger, which identifies a mail server in the domain) A (host name to Address mapping) CNAME (Canonical Name, which defines an alias for a hostname in an A record) PTR (Pointer, which maps addresses to Zone files use several record types, including: SOA (Start of Authority) NS (Name Server) MX (Mail eXchanger, which identifies a mail server in the domain) A (host name to Address mapping)

27

 CNAME (Canonical Name, which defines an alias for a hostname in an A record) PTR (Pointer, which maps addresses to names) names) Type: vi /var/named/project.zone Under this two zones are : 1.Forward look up zone.(flz):this file maps name to ip address and provide information about the servces your computer offers to the internet

Step 2.recuesive look up zone.(rlz):this file maps //generated by cmd// # vim /etc/named.rfc1912.zones its for forward look up zone zone "project.com" IN { type master; file "project.flz"; allow-update { none; }; }; its for recursive look up zone

ip address to

hostname.We can recognize reverse file by given extension in-addr.arpa

zone "146.168.192.in-addr.arpa" IN { type master;

28

file "project.rlz"; allow-update { none; }; }; Step4. Change owenership & group membership on named.conf and all zone files to /var:named # cd /var/named Step5.Copy the file named.localhost into project.flz & project.rlz # cp -p named.localhost project.flz # cp -p named.lookback project.rlz Step6. we edit on flz and add all the server,client & system who access the internet. # vim project.flz $TTL 1D @ 0 1D 1H 1W 3H ) NS firewall master www mail docs vp manager IN A IN A IN A IN A IN A IN A IN CNAME IN ; serial ; refresh ; retry ; expire ; minimum 192.168.146.128 firewall.project.com. 192.168.146.240 192.168.146.241 192.168.146.242 192.168.146.250 192.168.146.252 SOA firewall.project.com. root.firewall.project.com. (

firewall.project.com.

29

$GENERATE ~

1-20 client$

A 192.168.0.$

Step7.we edit on the recursive look up zone add all the host name. # vim project.rlz $TTL 1D @ IN SOA firewall.project.com. root.firewall.project.com. ( 0 1D ; serial ; refresh

1H

; retry 1W 3H ) 128 240 241 242 250 252 IN NS firewall.project.com. IN PTR firewall.project.com. IN PTR www.project.com. IN PTR mail.project.com. IN PTR docs.project.com. IN PTR vp.project.com. IN PTR manager.project.com. 1-20 $ PTR client$.example.com. ; expire ; minimum

$GENERATE

Step 8.Now we checked all the configuration by using all this command # named-chekconf /etc/named.conf # named-checkconf /etc/named.rfc1912.zones # named-checkzone flz /var/named/project.flz # named-checkzone rlz /var/named/project.rlz Step 9.After all this thing we restart the service.

30

# service named restar # chkconfig named on :

31

Mail Server:
Introduction Email is an important part of any Web site you create. In a network environment, a free web based email service may be sufficient, but if you are running a business, then a dedicated mail server will probably be required. This will show you how to use send mail to create a mail server that will relay your mail to a remote user's mailbox or incoming mail to a local mail box. You'll also see how to retrieve and send mail via your mail server using a with mail client such as Outlook Express or Evolution.

Why are we focusing on Red Hat? Red Hat is the most widely used distribution in this area. It is also a widely accepted standard for corporate class servers. The concepts and the basic steps apply to any Linux distribution when bringing up Mail services, so it should prove useful as an overview to just about anyone involved in the system side of Mail service.

Configuring MAIL SERVER Commonly Used Commands & Abbreviation: Step1 . For install above packages

32

#yum install sendmail* dovecot* httpd* squirrelmail* -y Step2. acts in background and get actived when we click on sendmail #MTA = mail transfer agent Step3. used in synchronization of mail #MAA=mail access agent Step4. provides GUI to webpage #MUA=mail user agent

Step5. edit configuration files 1.# vim /etc/sys 2.#vim /etc/mail/sendmail.mc to restrict default ip 127.0.0.1 from others Go to line 116. DAEMON_OPTIONS( PORT= smtp,

Addr=127.0.0.1,Name=MTA ) Add dnl # to starting of the line to comment it ! 3.# vim /etc/dovecot.conf Open it and go to line 20. # protocols= imap imaps pop3 pop3s remove # to uncomment it !!

33

Step 6. restarts the service and Automatically reload the server after next boot #service sendmail restart ; chkconfig service on Step7. restarts the service and Automatically reload the server after next boot #service dovecot restart ; chkconfig httpd on Step8. Start vim as follows to open #vim /etc/hosts hostname shows the existing hosts Step9. For static IP configuration we need to edit the following files # cat /etc/sysconfig/network NETWORKING=yes NETWORKING IPV6=no HOSTNAME=firewall.project.com

Step 10. add the new user #useradd jack Step11. assign the password to the new user #passwd:

34

Step12.after completion of this go to your browser and have the following url http://mail.project.com/webmail Common Ports

A review of some common ports, with the common associated service name, and risk factor. It is just that some have historically had more exploits than others

PORT NUMBER 7 20

PORT NAME

PORT DESCRIPTION

assorted protocols Active FTP-DATA FTP

Ping connections use two ports: 21 is the control port, and 20 are where the data comes through. A well entrenched

21

FTP port)

( file transfer server protocol for transferring files between systems

22 3128 25

SSH (Secure Shell) used as an proxifier Squid proxy server port used SMTP ( Simple Mail outgoing transferring Transfer Protocol) for mail, mail sending and from

one place to another used for resolving host 53 DNS ( Domain Name names to IP addresses used 80 service on the Server port) WWW or HTTP standard Internet

35

web server port

Web Server
The Linux web server supports the components that are provided by the Linux distribution, such as: 1. Apache HTTP Server 2. PHP 3. Alternative PHP Cache (APC) accelerator APC is included in Red Hat Enterprise Linux 6 and later versions only. These components, which form the foundation of most web applications, are reliable and easy to configure.

Supported Linux distributions The following Linux distributions are supported: 1. Red Hat Enterprise Linux 6.2 2. Red Hat Enterprise Linux 5.4 APACHE HTTP SERVER

36

HTTP (Hypertext Transfer Protocol) server, or a web server, is a network service that serves content to a client over the web. This typically means web pages, but any other documents can be served as well. Configuring the web server Updating the Configuration To update the configuration files from the Apache HTTP Server version 2.0, take the following steps: 1. Make sure all module names are correct, since they may have changed. Adjust the Load Module directive for each module that has been renamed. 2. Recompile all third party modules before attempting to load them. This typically means authentication and authorization modules.

3. If you use the mod_userdir module, make sure the UserDir directive indicating a directory name (typically public_html) is provided. 4. If you use the Apache HTTP Secure Server, edit the /etc/httpd/conf.d/ssl.conf to enable the Secure Sockets Layer (SSL) protocol. Note that you can check the configuration for possible errors by using the following command:

~]# service httpd cofigtest

37

Running the httpd Service This section describes how to start, stop, restart, and check the current status of the Apache HTTP Server. To be able to use the httpd service, make sure you have the httpd installed. You can do so by using the following command: ~]# yum install httpd Starting the Service To run the httpd service, type the following at a shell prompt: ~]# service httpd start Starting httpd: following command: ~]# chkconfig httpd on Stopping the Service To stop the running httpd service, type the following at a shell prompt: ~]# service httpd stop Stopping httpd: Restarting the Service There are three different ways to restart the running httpd service: 1. To restart the service completely, type: 2. ~]# service httpd restart 3. Stopping httpd: Starting httpd: To only reload the configuration, type: [ OK ] [ OK ] [ OK ] [OK]

If you want the service to start automatically at the boot time, use the

38

~]# service httpd reload To reload the configuration without affecting active requests, type: ~]# service httpd graceful This will cause the running httpd service to reload the configuration file. Note that any requests being currently processed will use the old configuration.

Checking the Service Status To check whether the service is running, type the following at a shell prompt: ~]# service httpd status httpd (pid 19014) is running... Editing the Configuration Files When the httpd service is started, by default, it reads the configuration from locations that are listed in Table , The httpd service configuration files.

Table The httpd service configuration files

Path Description

/etc/httpd/conf/httpd.conf The main configuration file. /etc/httpd/conf.d/ An auxiliary directory for configuration files that are included in the main

39

Path

Description configuration file.

Common httpd.conf Directives The following directives are commonly used in the /etc/httpd/conf/httpd.conf configuration file: <Directory> The <Directory> directive allows you to apply certain directives to a particular directory only. It takes the following form: <Directory directory>

directive
</Directory>

The directory can be either a full path to an existing directory in the local file system, or a wildcard expression.

Example 14.1. Using the <Directory> directive

<Directory /var/www/html> Options Indexes FollowSymLinks AllowOverride None Order allow,deny Allow from all </Directory>

40

<IfDefine> The IfDefine directive allows you to use certain directives only when a particular parameter is supplied on the command line. It takes the following form: <IfDefine [!]parameter>

directive
</IfDefine> The parameter can be supplied at a shell prompt using the Dparameter command line option (for example, httpd -DEnableHome). If the optional exclamation mark (that is, !) is present, the enclosed directives are used only when the parameter is not specified.

Example 14.2. Using the <IfDefine> directive

<IfDefine EnableHome> UserDir public_html </IfDefine>

41

<IfModule> The <IfModule> directive allows you to use certain directive only when a particular module is loaded. It takes the following form: <IfModule [!]module>

directive
</IfModule>

Example 14.3. Using the <IfModule> directive

<IfModule mod_disk_cache.c> CacheEnable disk / CacheRoot /var/cache/mod_proxy </IfModule>

<Location> The <Location> directive allows you to apply certain directives to a particular URL only. It takes the following form: <Location url>

directive
</Location> The url can be either a path relative to the directory specified by the DocumentRoot directive (for example, /server-info), or an external URL such as http://example.com/server-info.

Example 14.4. Using the <Location> directive

<Location /server-info>

42

SetHandler server-info Order deny,allow Deny from all Allow from .example.com

<Proxy> The <Proxy> directive allows you to apply certain directives to the proxy server only. It takes the following form: <Proxy pattern>

directive
</Proxy>

The pattern can be an external URL, or a wildcard expression (for example, http://example.com/*).

Example 14.5. Using the <Proxy> directive

<Proxy *> Order deny,allow Deny from all Allow from .example.com </Proxy>

<VirtualHost>

43

The <VirtualHost> directive allows you apply certain directives to particular virtual hosts only.

Example 14.18. Using the Allow directive

Allow from 192.168.1.0/255.255.255.0

AllowOverride The AllowOverride directive allows you to specify which directives in a .htaccess file can override the default configuration. It takes the following form: AllowOverride type The type has to be one of the available grouping options as described in Table 14.4, Available AllowOverride options.

Table 14.4. Available AllowOverride options

Option All Description All directives in .htaccess are allowed to override earlier configuration settings. None No directive in .htaccess is allowed to override earlier configuration settings. AuthConfig Allows the use of authorization directives such as AuthName, AuthType, or Require.

44

Option FileInfo

Description Allows the use of file type, metadata, such

and mod_rewrite directives as well as the Actiondirective. Indexes

as DefaultType, RequestHeader, or RewriteEngine,

Allows the use of directory indexing directives such or FancyIndexing. as AddDescription, AddIcon,

Limit

Allows the use of host access directives, that is, Allow, Deny, and Order.

Options[=option,] Allows

the

use

of

the Options directive.

Additionally, you can provide a comma-separated list of options to customize which options can be set using this directive.

Adding a PHP accelerator If you are using PHP with the Red Hat Enterprise Linux 5.4, download and install one of the following accelerators: 1. Alternative PHP Cache (APC) accelerator 2. eAccelerator If you are using Red Hat Enterprise Linux 6.2, APC is included with the Linux

45

Proxy Server
Summary: In the Linux project , our main task is to install and configure an operating system and application software. To do this project, we chose theRed Hat EnterpriseLinux as the operating system and proxy server software Squid as the application program.

Proxy Server: Squid A proxy server is a special kind of server which lies between client computer and the internet. The client computer are connected with the internet via proxy server. The client request website and send HTTP request to the local proxy server.The proxy server then forward their request on the Web, retrieve the result, and hand it back to the client net.

The main three reason for deploying a proxy server are as follow: Content control: We can control the web traffic using proxy server. Speed: the proxy server store the common sites into the cache and make the most use of bandwidth. Security: We can monitor what people are doing and can implement different security feature.

46

Installation:
Step1.In the command prompt, enter the following command in the terminal to install the squid server : # yum install squid* -y and the other is in graphical modeIn the graphical mode, we use squid 3.1.10-1.el6-1.1X86-64.rpm package manager to install the Squid server. Configuring Clients:

47

Before configuring the new Squid server, we set up the local browser to use it for its web access. In this way, we can test the rules in the configuration file. To configure Firefox, we select preference from the Edit menu. From the dialog box, we click the Network-> Setting button in the advanced tab and select the option manual Proxy

Configuration. We select to use the same Proxy server for all protocol and enter 192.168.0 .253 as the IP address and 3128 as the port number. See FigureWhen we configure a remote client, we will specify of the proxy server rather than 192.168.0.253. Fig: connection setting To configure Internet Explorer for proxy service , select internet option from tools menu. From the connection tab click the LAN setting button. A new window appears and enable the Use a proxy Server for your LAN option. Then enter the IP address of the Squid server machine, and specify 3128 as the port. Fig: Local Area Network(LAN) setting Configuration Server: The main Squid configuration file is /etc/squid/squid.conf. the default configuration file allows full access to the local machine but denies the rest of your network. So we can test all the rules on the local host before implement in the network for other machines. We can startediting the configuration fileby opening squid.conf in any text editor.

48

_The default port for squid is 3128, but we can change the port by editing the http_port line. To the Squid server to listen on TCP port 3128 change the port by editing the http_port 8080.

We can also specify in which interface squid listen the http request .When squid is used on a firewall, it should two network interface: one internal interface and one external. To make Squid listen on only internal interface simply put theIP address in fornt of the port number as: http_port 192.168.1.1:3128 Now we have to apply this ACL on the previous one writing the command as: Here we chose the hostname as Coss, so we edit the line as:visible_hostnameCoss

_We can configure squid for security purpose i.e. allow specific network and block the rest, we can also configure the timetable for using the internet. All of this can be done by writing ACL in the squid configuration file. For example: _We can allow the internal network user by specifying the mynetwork. So we specify this network as: aclmynetworksrc 192.168.0.0/24. After this we can allow this ACL using command as: http_access allow mynetwork _We can specify the time table for using internet by writing the ACL as:aclmytime time M T W H F 9:00-17:00 Now we have to apply this ACL on the previous one writing the command as:

49

http_access allowmytime _We can also allow or deny the total domain using the acl as: Aclbad_sitedstdomainfacebook and deny this site in the mytime as: http:access deny bad_sitemytime http access allow all _We can stop user downloading specifisfiletype for example window executable file writing acl: aclexe_fileurl_regex-I exe$ http_access deny exe_file http_access allow all The doller sign means end of URL , and the I part means not case sensitive.The order of the http_access command on the top of the list and then place the general command.. After configuring the file /etc/squid/squid.conf, we save the file. It is necessary to restart the squid server so that the change can take effect. We can restart the server using the following commandwriting at the terminal prompt: Service squid restart These are the most commaon configuration options of the squid proxy server. Squid allow many morto enhance the proxying system.

SYSTEM TESTING

50

51

TEST 2

52

CONCLUSION
This project is related to new generation systems it feels new to every users no more sticking with those keyboards and mouse just a gesture WINDOWS will obey your order with the help of KINECT because of this gesture recognized systems from little kid to an old people they feel more active and interest to work in these systems thats create more interaction with the users and computers that leads the people to an modern world that everything is not beyond your gesture moments and also it can be used by every one and every place without much hesitation and enjoyment .This project will interact with you in all aspects because for your every action there is an response is waiting so that makes every people to know about

53

the future enhancement of this project the big strength of this project is we will feel that the entire world is under your hands ie) we can do another job simultaneously and no need additional training to use this project . Your voice can also control the similar process between a particular distance .the main conclusion of this project is Just a gesture with kinect the windows is ready to obey

FUTURE ENHANCEMENTS

54

Since this project is all about gesture controlling events for kinect to perform computer actions the project has been designed keeping in mind the future scopes. What we have aimed and achieved creating is not a product but a tool to a better automotive environment, a tool can be used to shape many things in the future, thus this project will give rise to many future modifications forking in all directions.

55

BIBLIOGRAPHY

Linux Firewalls by Michael Rash Linux administration Handbook by Evi Nemeth ,Garth Snyder and Trent R. Hein Real world Linux Securuty The Linux command line by William E. Shotts. The Linux wireless LAN HOW TO by Jean Tourrilhes Linux Quick Fix Notebook by peter Harrison Data communications and networking by Behrouz A. Forouzan

56

 Computer networks by A.S. Tannenbum,D.Wetherall High availability network fundamentals by chris oggerino Computer networking: A TOP-DOWN Approach by James F. Kurose,Keith W.ROSS Computer networking by Stanford H. ROWE Communication and computer networks by Michael E.Woodward Interconnections: Bridges,Routers,Switches and Internet working protocols by-Radia Perlman.

57