A-PDF OFFICE TO PDF DEMO: Purchase from www.A-PDF.

com to remove the watermark

APACHE (WEB SERVER)

different web servers in world

Tux: Kernel based only text support, Very fast

Stronghold : from RedHat Linux
Sun one: Also known as iPlanet from Sun Microsystems
AOL server : American online free web server
Apache : Open source
NETSCAPE

what is apache?

Apache is a freeware & is the Most Popular& widely used Web Server which
consumes 60% of web
market that can be configured in both windows and LINUX.

apache server is used to launch our web pages as websites.

service profile:
type: System V-managed service
packages: httpd,httpd-devel,httpd-manual
Daemon: /usr/sbin/httpd
script:/etc/init.d/httpd
ports: 80(http).443(https)
configuration file: /etc/httpd/conf/httpd.conf
related: system-config-httpd,mod_ssl
default selinux daemon : /var/www

steps to configure apache:

#yum install httpd-* -y
#service httpd start
#chkconfig httpd on
#vi /etc/httpd/conf/httpd.conf
copy 7 lines (line no 984 to 990)
paste under 990 line
change as follows
<VirtualHost 192.168.0.17>
992 ServerAdmin root@station17.redhat.com
993 DocumentRoot /var/www/html
994 ServerName station17.redhat.com
995 </VirtualHost>

(here 192.168.0.17 is our systes ip & /var/www/html is the document root here
we have to place web page to convert as web site NOTE: web page must be with
a name of inde.html)
save&quit

cd /var/www/html
vi index.html
(type as follows)
<head>
<body bgcolor=red>
<h1> " welcome to cyber web services" <h1>
</body>
</head>
save & quit
#service httpd restart
open firefox and type in url
http://station17.redhat.com(now the website will appear)

to launch vitual websites using vitual hostnames

#vi /etc/httpd/http.conf
(line no 971) # name vitual host *: 80 (remove # and *:80) type ur system ip
(namevirtualhost 192.168.0.17 )
copy last five lines and paste under it

VirtualHost 192.168.0.17>
ServerAdmin root@www17.redhat.com
DocumentRoot /var/www/virtual
serverName www17.redhat.com
</VirtualHost>

(here we are changing system name as www17.redhat.com and document root under
/var/www/virtual)
save & quit
#mkdir -p /var/www/virtual
# cd /var/www/virtual
# vi index.html
<head>
<body bgcolor=green>
<h1> "welcome to virtual website" <h1>
</body>
</head>
save & quit
#service httpd restart

to check
open mozilla
type http://www17.redhat.com

to create virtual webpages under any directory

by default selinux allows webpages which are located under /var/www/ if we

want to launch a webpage which is not present under /var/www we have to
change selinux context,boolean values.

ex:
# vi /etc/httpd/conf/httpd.conf
<VirtualHost 192.168.0.17>
ServerAdmin root@xxx17.redhat.com
 DocumentRoot /cyber
serverName xxx17.redhat.com
</VirtualHost>
save&quit
#mkdir /cyber
#cd /cyber
#vi index.html
<html>
<body bgcolor=blue>
<h1> "welcome to cyber'+'technologies" <h1>
</body>
</html>
save & quit
#chcon -R --reference=/var/www/html /cyber
#service httpd restart

to check :
open mozilla
type in url box as follows
http://xxx17.redhat.com(u will get website)

TRY THINGS AFTER PRACTICING EXAM ESSENTIALS

to create link pages in a website

#vi /etc/httpd/httpd.conf
<VirtualHost 192.168.0.17>
ServerAdmin root@www17.redhat.com
DocumentRoot /var/www/virtual
serverName www17.redhat.com
Alias /training /var/www/training (add this line in that website)
</VirtualHost>

save & quit

# cd /var/www/
#cat > training
(type any thing)
save
#service httpd restart
to check :
go to mozilla
type www17.redhat.com/training

to create Authenticated websites

#vi /etc/httpd/conf/httpd.conf

<Directory /var/www/html>
AllowOverride AuthConfig
</Directory>
save & quit

# cd /var/www/html
#vi .htaccess
AuthName "it"
AuthType Basic
AuthUserfile /etc/httpd/conf/passwd
require valid-user

we have to provide http password for an user to view this website

#htpasswd -mc /etc/httpd/conf/passwd sam
(type password 2 times)

#service httpd restart

to check :

open mozilla ---clear private data ---in url type

http://station17.redhat.com
(give username&password)

to restrict a perticular user or particular system to access a website

#vi /etc/httpd/conf/httpd.conf

<Directory "/var/www/html">
Order Allow,deny
Allow from all
deny station12.redhat.com
</Directory>
( here we are denying station12.redhat.com)

to check try to open station17.redhat.com from station12 system

to create ssl certificate for an web server

#yum install openssl-* -y
#yum install mod-ssl-* -y

# vi /etc/httpd/conf.d/ssl.conf
(line no134) #SSLCACertificateFile /etc/pki/tls/certs/ca-bundle.crt
(remove #)
save&quit
#cd /etc/pki/tls/certs
make genkey
provide passphrase
#make testcert
passphrase(create with samepassword)
provide country,city,office,mailaddress
#service httpd restart

to run scripts

#vi test.sh
#!/bin/bash
echo Content-Type:text/html
echo
--
date
ls -l
echo welcome to cyber services

save&quit
#mkdir -p /var/www/hml/cgi-bin
#cp -rf test.sh /var/www/html/cgi-bin/
#cd /var/www/html/cgi-bin/
#cd ..
#chown -R apache.apache cgi-bin
#cd cgi-bin
#chmod 755 test.sh
#vi /etc/httpd/conf/httpd.conf
add a line in website data
ScriptAlias /cgi-bin "/var/www/html/cgi-bin"
save&quit
#service httpd restart
#setsebool -P httpd_tty_comm on
#setsebool -P httpd_enable_cgi 1
#setsebool -P httpd_sys_script_exec_t rw

to check:

open mozilla

type http://station17.redhat.com/cgi-bin
 DHCP(Dynamically Host Configuration
Protocol)

dhcp provide a method for hosts on a network to request and be

granted,configuration information including the address of routers and
nameservers
Ipv4 addresses are either dynamically assigned from a range of
address and netmask,its default gateway .Domain name and dns
server,timeserver,and location of kickstart conf.files

service profile:
type :SysteV-managed service
package:dhcp
Daemon: /usr/sbin/dhcpd
script : /etc/init.d/dhcpd
ports : 67(bootps), 68 (bootpc)
conf.file: /etc/dhcpd.conf,/var/lib/dhcpd/dhcpd.leases
related: dhclient,dhcpv6-client,dhcpv6

steps to configure dhcp server:

#yum install dhcpd-* -y

#service dhcpd start
#chkconfig dhcpd on
#cp /usr/share/doc/dhcp-3.0.5/dhcpd.conf.sample /etc/dhcpd.conf
# vi /etc/dhcpd.conf
(change as follows)

ddns-update-style interim;
ignore client-updates;

subnet 192.168.0.0 netmask 255.255.255.0 {

# --- default gateway

option routers 192.168.0.254; (server ip)
option subnet-mask 255.255.255.0; (subnetmask)

option nis-domain "domain.org";

option domain-name "redhat.com"; (domain name)
option domain-name-servers 192.168.0.254; (dns ip)

option time-offset -18000; # Eastern Standard Time

# option ntp-servers 192.168.1.1;
# option netbios-name-servers 192.168.1.1;
# --- Selects point-to-point node (default is hybrid). Don't change this
unless
# -- you understand Netbios very well
# option netbios-node-type 2;
 range dynamic-bootp 192.168.0.1 192.168.0.20; (ip range)
default-lease-time 21600;
max-lease-time 43200;

save & quit

#service dhcpd restart
if you want to give a specific ip for a system

at the end of the file specify as follows

host station1
{ hardware ethernet 00:a0:cc:3d:45:3e
fixed address 192.168.0.10;
}
}
(here in this example we are providing 192.168.0.10 for a
specific system we have to type mac address of that system at hardware
ethernet)

DNS (Domain Naming Service)

DNS is a service which is used to resolve host to IP address and zone

records & configuration files.

There are two types of zonerecords

1) Forwad lookup zone
2) Reverse lookup zone

By defaults, computer connects to another computer with the help of

IP address

Forward lookup zone

--------------------
It converts names into IP addresses

Reverse lookup zone

-------------------
It converts IP addresses to names
Steps
------
#yum install bind-* caching-nameserver*-y
#service named start
#chkconfig named on
#cd /var/named/chroot/etc
#ls
#cp named-caching-nameserver named.conf
#vi named.conf
delete ipv6 lines (line nos. 16 &22)

(line no15) Listen on port 53 {127.0.0.1; 192.168.0.254;}

(here 192.168.0.254 is server ip
(line no 21) allow-query 192.168.0.0/24 (clients range)
(line no 30) match-clients {local host; 192.168.0.0/24; } (here
192.168.0.0/24 is clients ip range & subnet mask)
(line no 31) match-destinations {localhost; 192.168.0.0/24;}
save&quit

# vi /etc/rfc1912.zones
copy ten lines from 21 to 31 and paste under 31
change as follows
zone "redhat.com" IN {
type master;
file "redhat.for"
allow-update { none; };
};
zone "0.168.192.IN-addr-arpa IN {
type master;
file "redhat.rev"
allow-update { none; };
};

(here redhat.com is domain name and 0.168.192. is redhat.coms network

range redhat.for is forward look up zone & redhat.rev is reverse lookup
zone)
save & quit
# chgrp named named.conf
#chgrp named named.rfc1912.zones
#cd /var/named/chroot/var/named
#cp localhost.zone redhat.for
#cp named.local redhat.rev
# vi redhat.for

change as follows
$TTL 86400
@ IN SOA redhat.com. root.redhat.com. (
42 ; serial (d.
adams)
3H ; refresh
15M ; retry
1W ; expiry
1D ) ; minimum
 IN NS server1.redhat.com.
server1.redhat.com. IN A 192.168.0.254
www254.redhat.com. IN CNAME server1.redhat.com.
station1.redhat.com. IN A 192.168.0.1
www1.redhat.com. IN CNAME station1.redhat.com.
station2.redhat.com. IN A 192.168.0.2
www2.redhat.com. IN CNAME station2.redhat.com.
xxx2.redhat.com. IN CNAME station2.redhat.com.
yyy2.redhat.com. IN CNAME station2.redhat.com.
station3.redhat.com. IN A 192.168.0.3
www3.redhat.com. IN CNAME station3.redhat.com.
station4.redhat.com. IN A 192.168.0.4
www4.redhat.com. IN CNAME station4.redhat.com.
station5.redhat.com. IN A 192.168.0.5
www5.redhat.com. IN CNAME station5.redhat.com.
station6.redhat.com. IN A 192.168.0.6
www6.redhat.com. IN CNAME station6.redhat.com.

(zone: zone is a storage database which contains all zone records

forward lookup zone: used for resolving hostname to ipaddress & it

maintains host to ip mapping information
reverse lookup zone: used for resolving ip address to hostname & it
maintains ip to hostname mapping information

types of records:
SOA : sort of authority the first record in any zone it indicates who is
authority for this domain
NS :nameserver it identifies the dns server for each zone
A record : resolves hostname to ip address
CNAME record : resolves an alias name to a hostname
PTR record : resolves an ipaddress to a hostname
MX record : resolves mail server ip (used by mail server)
TTL :time to live)

save & quit

#vi redhat.rev
(change as follows)
$TTL 86400
@ IN SOA redhat.com. root.redhat.com. (
1997022700 ; Serial
28800 ; Refresh
14400 ; Retry
3600000 ; Expire
86400 ) ; Minimum
IN NS server1.redhat.com.
254 IN PTR server1.redhat.com.
1 IN PTR station1.redhat.com.
2 IN PTR station2.redhat.com.
3 IN PTR station3.redhat.com.
4 IN PTR station4.redhat.com.
5 IN PTR station5.redhat.com.
6 IN PTR station6.redhat.com.

save & quit

# chgrp named redhat.for

# chgrp named redhat.rev
# service named restart

to check:
#dig server1.redhat.com
#dig -x 192.168.0.1
(if answer is 1 server is ready if answer is 0 server has some error)

to check error in configuration file

#named-checkconf redhat.com /var/named/chroot/etc/named.conf

to check errors in zone record

#named-checkzone redhat.com /var/named/chroot/var/named/redhat.for
#named-checkzone redhat.com /var/named/chroot/var/named/redhat.rev

SLAVE DNS

Master DNS Server

It is the Master Copy of all the Zone Information.
It is Read/Write copy.

Slave DNS Server

It is Slave Backup of Master zone. It is Read Only

if any error may occur to your dns server at the time the
entir network will stop.sometimes it may cause huge damage.for that one we
are createing slave dns for faulttolerance and load balancing.

we need another system which contains server o/s

steps

#yum install bind-* caching-nameserver -y

#service named start
#chkconfig named on
#cd /var/named/chroot/etc/named-rfc1912.zone

(change as follows)
copy 10 lines from 21 to 31 paste under 31
zone "redhat.com"
type slave;
file "redhat.for"
masters {192.168.0.254:};

zone "0.168.192. IN-ADDR-arpa" IN {

type slave ;
file " redhat.rev"
masters {192.168.0.254;};

save& quit

#service named restart

go to client
#i /etc/resolv.conf

nameserver 192.168.0.254
nameserver 192.168.0.1 (slave dns ip)

FORWARDERS

if you have trusted relationship with another company those

comapny users can enter into our network & our company users can enter
into their network by using this forwarders

steps
in master dns server
# vi /var/named/chroot/etc/named.conf

add aline
forwarders {192.168.10.254:};
forward only ;
};
(here 192.168.10.254 is trusted companies dns)
save & quit

#service named restart

FTP(FILE TRANSFER PROTOCOL)

Service profile:
Type:System V-managed service
Package:vsftpd
Daemon:/usr/sbin/vsftpd
Script:/etc/init.d/vsftpd
Ports:21(ftp),20(ftp-data)
Configuration
files:/etc/vsftpd/vsftpd.conf,/etc/vsftpd/ftpusers,/etc/pam.d/vsftpd
Log:/var/log/xferlog
Related:tcp_wrappers,ip_conntrack_ftp,ip_nat_ftp
default selinux daemon= /var/ftp

vsftpd--the default redhat enterprise linux ftp server

(very secure ftp daemon)

this is designed to be a secure,stabled,fast & scalable ftp daemon.

it provides two types of access
1)ANONYMOUS ACCESS:User can login as anonymous user (without having any
account in server) to get access to ftp site. By default anonymous users
are chrooted in /var/ftp for security.

2)LOCAL USERS:Users with accounts on the target system can connect via ftp
and login using their username and password. They can download any file
they can read and upload to any directory which they have write access.

STEPS TO CONFIGURE FTP SERVER:

#yum install vsftpd-* -y
#service vsftpd start
#chkconfig vsftpd on
#service vsftpd restart
(try to login from a client as anonymous user)
By default anonymous user can login and he can download

1)To restrict anonymous user login:

#vi /etc/vsftpd/vsftpd.conf

(line no.12) anonymous_enable=YES(make this one as NO)

save&quit
#service vsftpd restart

2)To restrict local user login:

(line no. ) #local_enable=YES(remove #)

3)To allow local users to access their home directories:

#setsebool -P ftp_home_dir 1

4)To restrict local user to change root:

By default a local user can enter into "/" it will effect security of ftp
server so we restrict local user to enter into /
(line no.94) #chroot_list_enable=YES(remove #)
(line no. 96) #chroot_list_file=/etc/vsftpd/chroot_list(remove #)
save&quit
#vi /etc/vsftpd/chroot_list
type username
save&quit
#service vsftpd restart

5)To restrict a single users login to ftp server:

#vi /etc/vsftpd/ftpusers
type username
save&quit
(it will ask password and deny)

SECOND METHOD:
#vi /etc/vsftpd/user_list
type username
save&quit
(without asking password it will deny access)

To give upload permissions for anonymous user:

create a directory under /var/ftp
change that directories groupownership to ftp
make /var/ftp/<directory name> as public
Steps:
mkdir -p /var/www/cyber
chgrp ftp /var/www/cyber
chmod g+W /var/www/cyber
#chcon -R -t public_content_t /var/ftp
#chcon -t public_content_rw_t /var/ftp/cyber
#setsebool -P allow_ftpd_anon_write=1
#vi /etc/vsftpd/vsftpd.conf
(line no.27)#anon_upload_enable=YES(remove #)
save&quit
#!ser

To give permissions for an anonymous user to create directories:

(line no.31)#anon_mkdir_enable=YES(remove #)

To provide banner:
#vi /etc/vsftpd/vsftpd.conf
(line no.83)#ftpd_banner=welcome to blah ftpservice(remove # and matter
type your own matter)
save&quit
#!ser
CLIENT SIDE:

#ftp <server IP>

(it will prompt you for user name and password if you are login as an
anonymous user type ftp at username and nopassword is required. If you are
login as a local user name and password)
commands used at ftp

get:to download from server

syn:get <file name>
put:to upload to server
syn:put <file name>
!:to close ftp session temporarly
exit:to return to ftp
bye:to close session permanently
?:to view all commands

SQUIRRELMAIL (Gui based mail server)

to configure squirrel mail server

#yum install squirrelmail-* -y
#service httpd start
#service dovecot start
open mozilla
type http://sever1.redhat.com/webmail
provide username&password
now u can send or recieve mails from remote systems or remote mail servers

to check:
add an user send mail to that user from remote system

MAIL SERVER

Sendmail
Postfix
Qmail:
The Qmail MTA is another alternative to sendmail.
It is used by an impressive list of Internet sites.
Smail:
It is reportedly easier to configure than sendmail.
It also includes support for blocking messages.
Exim:
The Exim MTA was developed at Cambridge (U.K.) and islicensed under the
GPL. While based on an older MTAknown as Smail

Features of mail server:

we can forward mails from one domain to another domain.with the help of
this mail server we can forward mails to branches or public
mailserver must have public ip

we have three types of mail servers

1)MUA
2)MTA
3)MDA

sending & recieving mails using TCP/IP protocols such as

SMTP server (simple mail transfer protocol port no.25)
pop3 server (postoffice protocol port no.110)
nmtp server (network news transfer protocol port no.119)
imap server (internet message access protocol port no.143)
x.500 server (directory server)
ldap server (leightweight directory access protocol)
x.400 server (message handling system)

Functions of mail server:

Sending and receiving mail from one user to group of users over internet
Sending and receiving mail from one mail server to different mail servers
over internet
Sending and receiving mail that contains voice, images, sounds, movies
(Note:MIME is the service which is used to share voice, images, sounds,
movies over internet. MIME-multipurpose mail extension)

Different mail servers:

Exchange server Microsoft
Send mail Linux/unix
Qmail Linux/unix
Postfix Linux/unix
Squirell mail Linux/unix
Lotus domino IBM(we can use on any operating system)
Lotus notes(client) IBM
Novel groupwise Novel

MUA:(mail user agent)

this is a client side package used to retrive mails from mail server
ex:mail(text),mutt,evolution,kmail

MTA(mail transfer agent)

this is the server side service used to send and receive mails with in the
domain
ex:sendmail(text&gui),postfix,qmail

MDA:(mail delivery agent)

this is the server side service used to send and receive mails from one
mailserver to another mail server.
ex:dovecot,procmail

Send mail:
It listens mails sent by MUA's through port no.25.
in this mail server mails will be strictly check for exploids and
regenerate the packet and send to MDA.

we have two types in MDA:

1)pop3
2)IMAP
1)pop3:(postoffice protocol 3 port no.110)
mails are in /var/spool/mail
The pop3 connect to server with port no.110 and downloads
/var/spool/mail/U1 and the clients every mail and move it to the client
p.c(don't have backup)
The entire mails of user(U1) are downloaded into client system. It
any damage had done to the client system. I want to get back.
2)IMAP:
From the client it connects to port no.143 and get the mails of the
user(one copy) and it doesn't remove original file when ever the damage
occurs in client p.c. We can download another copy from server.

pop3--> moves original mails to the client

IMAP--> It send only one copy of the mails to the client

steps to configure mailserver

(here we are configuring MTA & MDA in one system)

#yum install sendmail-* -y

#service sendmail start
#chkconfig sendmail on
#cd /etc/mail
#vi sendmail.mc
add dnl # for line no116
ex:DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA')dnl
save&quit

[root@server1 mail]# m4 sendmail.mc > sendmail.cf

# service sendmail restart
(to configure MDA)
#yum install dovecot-* -y
#service dovecot start
#chkconfig dovecot on
#vi /etc/dovecot.conf
(line no17) #protocols = imap imaps pop3 pop3s(remove #)
save &quit

to check:

add 2users login as one user & send mail to another user
then login as second user type mail

2nd method

as root: mutt -f {sam@server1.redhat.com}

yes
provide sam password
O

configuruing e-mail aliases:

if u want to send an users mails to another user we have to configure

email alias
steps

#vi /etc/aliases
go to last line add as follows
sam: john (here in this example we are redirecting sams mails to john)
save&quit
#newaliases (to update /etc/aliases file)

tocheck :
send a mail to sam from remote system
you have to get mail in john mailbox

SSL Certification (Secure Socket Layer)

by using ssl certification we can encrypt the data transfer between one
user to another user or one mailserver to another mailserver

#vi /etc/dovecot.conf
(line no 87 & 88)
 #ssl_cert_file = /etc/pki/dovecot/certs/dovecot.pem
#ssl_key_file = /etc/pki/dovecot/private/dovecot.pem (remove # for two
lines)
save&quit
#make -C /etc/pki/tls/certs dovecot.pem
provide country,state,city,organization,server,user info (user must not
root)
#cp /etc/pki/tls/certs/dovecot.pem /etc/pki/tls/private
#service sendmail restart
#service dovecot restart

NFS(NETWORK FILE SYSTEM)

Service profile:
type:system V-managed service
package:nfs-utils
Daemons:rpc.nfsd,rpc.lockd,rpciod,rpc.mountd,rpc.rquotad,rpc.statd
Scripts:/etc/init.d/nfs,/etc/init.d/nfslock
Ports:2049(nfsd),Others assigned by portmap(111)
Configuration:/etc/exports
Related:portmap (mandatory),tcp_wrappers

nfs server is used to share files accross the network

nfs server:
A system that contains the file resources to be shared with other
systems on the network.

nfs client:
A system that mounts the file resources shared over the network and
presents the file resource as if they were local(having same range of IP
address).

Benifits of nfs:
Centralized file access
Common software access
Easy to use

Requirements:
Packages:nfs-*

To create an nfs server:

#yum install nfs-* -y
#service portmap start
#service portmap restart
#service nfs start
#chkconfig portmap on
#chkconfig nfs on
(By using chkconfig for every reboot this services automatically starts)
#vi /etc/exports
syn: <share directory> <clients range> <permissions>
ex: /data *.redhat.com(rw,sync)
save&quit
#service nfs restart
By default kernel will read root_squash means anyone who wants
to access /data comes under others.
So we have to change permissions of /data as readwrite to
others.
#chmod 777 /data
By giving like this there is no security and any file created by
users under /data should get the owner and group ownership to
nfsnobody.
To prevent this one provide no_root_squash in /etc/exports

#vi /etc/exports
/data *.redhat.com(rw,sync,no_root_squash)
save&quit
#chmod 750 /data
#service nfs restart
#showmount -e
(this is the command to check which directories are exported)
#exportfs -v
(to check exported directories permissions)
#exportfs -r
(to replicate changes without logout session from client)

Client side configuration:

#showmount -e <server IP>
(to findout which files or directories are exported from the server)
#mount <server IP>:<share directory> <mountpoint>
ex: mount 192.168.0.1:/data /mnt
#cd /mnt
#cat >a
(edit data save&quit)
#ll

Drawbacks of nfs:
For using nfs like this we have to mount server for a long time at
that time if any user wants to connect with server it will take a long
time (network traffic).
Wastage of bandwidth
To overcome this drawbacks we use automounting
AUTOMOUNTING

Automounting:
Automounting is used to save the bandwidth and helps administrator
for easy administration of nfs mounts.
We can mount server uploaded directory on a nested directory only.
Note: Automounting has to implement only in client
Steps to configure automounting:
(now we are trying to mount server exported /data on /sun/moon in client)

#vi /etc/auto.master
(this file contains information about nfs mount directory and second
maping file and time out session)
Edit at last line:
/sun /etc/auto.misc --timeout=5
(default timeout is 1 minute here in configuration file timeout identifies
as seconds)
save&quit
#vi /etc/auto.misc
this file contains information aboout hidden directory filesystem type and
location of server and share directory.
syn: <directory> <permissions> <server IP>:<shared directory>
ex:moon -rw,soft,intr 192.168.0.1:/data
save&quit
(here soft means whenever we are trying to edit into /sun/moon it will
automatically create a soft link between server and client)
intr is used to break the soft link whenever we comes out from the nested
directory by reading timeout

To check:
#cd /sun/moon

NIS (Network Information Server)

The two common authentication servicesare the Network Information Service

(NIS)
and the Lightweight directory Access Protocol (LDAP).

Both NIS and LDAP allows to manage all users &computer centrally.
it works with the help of sunrpc
here passwords are in clear text format. we normally use nfs along wuth
nis to share users home directories from server to client for security
purpose

steps to configure nis

#yum install yp* -y
#service ypserv start
#chkconfig ypserv on
#service ypbind start
#service ypxfrd start
#service yppasswdd start
#vi /var/yp/Makefile
(change as follows)
all: passwd group hosts rpc services netid protocols mail \
change as follows
all: passwd group hosts
# rpc services netid protocols mail \
save&quit
#/usr/lib/yp/ypinit -m (to make as master nis server)
ctrl+d
y (to create database)
#useradd user1
#useradd user2
#cd /var/yp
#make (to update database)

to set nisdomain name:

#nisdomainname RHCE
#vi /etc/sysconfig/network
add a new line
NISDOMAINNAME=RHCE
save&quit
#service network restart
#service ypxfrd restart
#service ypbind restart
#service yppasswdd restart
#service ypserv restart

(sharing home directories via nfs)

#yum install nfs-* -y
#service portmap start
#service portmap restart
#service nfs start
#chkconfig portmap on
#chkconfig nfs on
#vi /etc/exports
/home/u1 *.redhat.com(rw,sync)
save&quit
#service nfs restart
#exportfs -v
#exportfs -r
client side configuration:

#yum install yp-bind-* -y

#service ypbind start
#chkconfig ypbind on
#setup
select Authentication
select nis
provide nis domainname&nis server ip
#setsebool -P allow_ypbind 1
#vi /etc/auto.master
add a new line
/home /etc/auto.misc
save7quit
u1 -rw,soft,intr server1.redhat.com:/home/u1
save&quit
#service autofs restart
#getent passwd u1
# su - u1

SAMBA SERVER

The samba server will provide user authentication via passwords and
optionally domains. Samba can also try AFS(andrew file system)
authentication, granting AFS rights if successfull or falling back to
native password checking otherwise.

Samba also has the ability through the winbindd daemon, to

attach to a microsoft daemon password server.
When a redhat linux is running the winbindd service user
accounts defined in the microsoft domain can be used to authenticate to
the redhat linux machine.
Additionally in samba version 3.0 and later the samba services can use
some microsoft active directory resources.

SAMBA SERVICES:
Four main services of samba
1)Authentication and authorization of users
2)File and printer sharing
3)Name resolution
4)Browsing(service announcements)

Related:
smbclient command line access
linux can mount a samba share using cifs and smbfs filesystem
File and printer sharing is probably the most attractive samba
feature for most users. With this functions users can easily retrive files
or print to any printer over the network.

SERVICE PROFILE:
Type: System V-managed service
Packages: Samba,samba-common,samba-client
Daemons: /usr/sbin/nmbd,/usr/sbin/smbd
Script: /etc/init.d/smb
Ports: <netbios> 137(-ns),138(-dgm),139(-ssh),<smb over tcp> 445(-ds)
Configuration file: /etc/samba/smb.conf
Related: system-config-samba,testparm

Steps to configure samba server:

#yum install samba-* -y
#service smb start
#chkconfig smb on
#vi /etc/samba/smb.conf
copy last 8 lines and paste under change as follows
[linux]
comment=<any data>
path=/exam(directory to be shared)
valid users=sam john
writable= yes
printable= no
hosts allow= 192.168.0.(allowable network)

here we are sharing /exam directory to sam and john they can read write
/exam from any of 192.168.0. network system by using a share name linux
Note: we have to provide samba password for both users
#smbpasswd -a <username>
samba passwords will store under /etc/samba/smbpasswd
To check syntax of configuration file:
#testparm
#service smb restart
#mkdir /exam
#chmod 777 /exam
(here we have to set selinux context )
#chcon -t samba_share_t /exam
#setsebool -P allow_smbd_anon_write=1

FROM LINUX CLIENT:

Note: Client must have samba-client package
#yum install samba-* -y
#service smb start
#service smb restart
#smbclient //<server IP>/<share name> -U <username>

try to get and put

to disconnect
smb> (type exit)

from windows client

Ist method
-------------
right click on mynetwork places--- select mapnetwork drive--- choose a
drive
in folderbox type \\<serverip>\sharename
select finish
type username and password
try to create some files and folders

to disconnect
-------------------
rightclick on mynetwork places disconnect network drive
select drive click ok

IInd Method
---------------
start---run ----
\\<serverip>\<sharedirectory>
provide username and password

to access user homedirectory

#setsebool -P samba_enable_home_dirs 1

from linux client

#smbclient //<serverip>/<myhomes> -U <username>

from windows client

start--run--\\<serverip>\<myhomes>
provide username & password

to give directory for a specific group

vi /etc/samba/smb.conf
[<sharename>]
path=<exported directory>
write list=@<group name>

ex:
[linux]
path=/exam
write list=@sales

SQUID SERVER(PROXY SERVER)

-------------------------------------
USAGE OF SQUID

1) Proxy server controls client computers access to internet

2) It blocks the users from accessing undesirable websites & hides the
internal identy of the
N/w
3) It improves performance by storing webpages locally
4) It is generally used to share clients
5) Squid proxy is widely used as proxy because it provide many feaures is
an open source

SQUID PROXY SERVER

-------------------
Squid proxy can be configured as:
1) A simple proxy(to share internet)
2) A caching webserver
3) A Firewall

Squid is an internet object cache that can acat as a proxy server

for http,ftp and other requests. Clients request URL's from squid,which
then either servers cached copies of the URLs if they hace been previously
requested. URL's associated with dynamically content(CGI executables
server-parsedpages) get forwarded, rather than being serverout of the
cache.

By using this squid we can restrict a website (or)a group of

websites to access.

SERVICE PROFILE: SQUID

-----------------------
Type: System v-managed service
Package:squid
Daemon:/usr/sbin/squid
Script:/etc/init.d/squid
Port:3128(squid)(configuration)
Configuration:/etc/squid/*

steps to configure squid:

#yum install squid-* -y
#service squid start
#chkconfig squid on
#vi /etc/squid/squid.conf

(line no. 73) #http_port 3128(remove #)

copy 2lines (line no 2523&2534 paste below 2534 & change as follows)
acl deepu 192.168.0.0/24
http_access allow deepu
here we deepu is acl name we can give any name by using this acl we are
allowing 192.168.0.network users to access internet through this squid
server if we want to deny any network we have to type like this:
acl sagar 192.168.1.0/24
https_access deny sagar

Note: first u have to specify allow then deny

client side configuration:

open mozilla
go to edit---preferences--connectionsettings
select manual proxy configuration
in http box: provide squid serverip and port number in portno.box
ok---close

to check :

place # infront of 2535&2536 in squid.conf of server

go to client
clear private data try to access websites

TRY THIS AFTER EXAM PRACTICE

to allow users to internet at aparticular timing only

#vi /etc/squid/squid.conf
add a line under 2536 as follows
acl deepu 192.168.0.0/24
acl bussiness time MWTHFA 9:00-17:30
http_access allow deepu bussiness - time

(here in this example we are restricting 192.168.0.network users to use

internet only from monday to saturday from morning 9 to evening 5:30)

syntax for week & time

# acl aclname time [day-abbrevs] [h1:m1-h2:m2]
day-abbrevs:
S - Sunday
M - Monday
T - Tuesday
W - Wednesday
H - Thursday
F - Friday
A - Saturday
h1:m1 must be less than h2:m2

to block a partcular website or a group fo websites

#vi /etc/squid/squid.conf
(line no2537) acl test url_regex www.yahoo.com
http_access deny test

to configure child proxy

#vi /etc/squid/squid.conf
(line no73) http_port 3128 (change this one as 8080)
(line no305)# cache_peer parent.foo.net parent 3128 3130
[ proxy-only]
remove # &change this one as follows
cache_peer server1.redhat.com parent 3128 3130

KICKSTART CONFIGUARATIONS
 KICKSTART SERVER

this server is used for remote installation & Automatic installation of

o/s

steps :
keep rhel5 dvd in cdrom
#mount /dev/cdrom /mnt
#cd /mnt
#cd Server
#rpm -ivh pykickstart-0.43
0.43-1.el5.noarch.rpm --force --aid
#system-config-kickstart-2.6.19.1-1.el5.noarch.rpm --force --aid
change as follows
we have provided screen shots for this
save this file under /var/ftp/pub(with a name with .ks extension)

client side:

place linux bootable cd

type
linux ks:nfs://<server ip>/var/ftp/pub/<ks filename>

KICKSTART SERVER

this server is used for remote installation & Automatic installation of

o/s