Transcript Linux Network Administrators Guide2

Secure System Administration &
Certification
The Linux Network Administration Guide
(Ch. 1-5, part of 11)
Jim Arrowood
Michael Linnenburger
Nick Davis
University of Tulsa
Department of Mathematical & Computer Sciences
CS 5493/7493 Secure System Administration & Certification
Dr. Mauricio Papa
Guide Overview
Chapter 1
•
•
•
•
•
•
History of Networking
UUCP
TCP/IP
Various Protocols
Various Hardware
General Security
Chapter 2
•
•
•
•
•
Classes
Subnets
ARP
Gateways
ICMP
Chapter 3
•
•
•
•
Network Hardware
Kernel Configuration
Ethernet
PPP
Chapter 4
• Introduction to Serial Devices
• Serial Login
Chapter 5
•
•
•
•
•
•
•
•
TCP/IP Networking
Setting Hostname
IP Address Assignment
ifconfig/ping/route
Ethernet Interface
ifconfig in Detail
netstat in Detail
Checking ARP
Chapter 11
• NAT
Chapter 1
Introduction to Networking
History of Networking
• Stone Age (A->B->C)
• Network - a collection of hosts that are able to
communicate with each other.
• Hosts are often computers, but need not be
• Small collections of hosts are called sites
• Communication is impossible without some sort
of language or code
– In computer networks, these languages are collectively
referred to as protocols
TCP/IP Networks
• Packet - a small chunk of data that is
transferred from one machine to another
across the network
• Packet Switching-shares a single network
link among many users by alternately
sending packets from one user to another
across that link
TCP/IP In Action
• $ rlogin quark.physics
• Welcome to the Physics Department at GMU (ttyq2)
• login:
• $ DISPLAY=erdos.maths:0.0
• $ export DISPLAY
• The X windows system is a fully network-aware graphical user
environment
• $startx – starts an X windows session.
Ethernets
• Most common type of LAN hardware
• Inexpensive
• Net transfer rate of 10, 100, or even 1,000
Megabits per second
• Thick, thin, and twisted pair
Thick & Thin Ethernet
• Thin - T-shaped “BNC” connector, 200 M
Distance, 10base-2
• Thick - Vampire Tap, 500M Distance,
10base-5
Twisted Pair
• Uses two pairs of copper wires
• Requires additional hardware known as
active hubs
• RJ45, 100M, 10base-T, 100base-T.
Adding a Machine
• Thin-take network down
• Thick-complicated, but doesn’t take
network down
• Twisted Pair - easy, plug into hub/switch
Ethernet Drawback
• Cable Length – limits use to LANs
The solution:
Repeaters - copy the signals between two or more segments
so that all segments together will act as if they are one
Ethernet.
Due to timing requirements, there may not be more
than four repeaters between any two hosts on the
network.
Bridges and routers are more sophisticated. They analyze
incoming data and forward it only when the recipient host
is not on the local Ethernet.
Ethernet Bus
• Host may send packets of up to 1,500 bytes to
another host on the same Ethernet.
• A host is addressed by a six-byte address
hardcoded into the firmware of its Ethernet
network interface card (NIC).
• Addresses are usually written as a sequence of
two-digit hex numbers separated by colons, as in
aa:bb:cc:dd:ee:ff (MAC Address).
Collision
• If two stations try to send at the same time,
a collision occurs.
• Detected very quickly by NICs and are
resolved by the two stations aborting the
send, each waiting a random interval and reattempting the transmission
• Shouldn't be surprised to see collision rates
of up to about 30 percent
IP
• Turns physically dissimilar networks into “one” network
• Requires a hardware-independent addressing scheme
• Achieved by assigning each host a unique 32-bit number
called the IP address
• An IP address is usually written as four decimal numbers,
one for each 8-bit portion, separated by dots. For example
a machine might have an IP address of 0x954C0C04,
which would be written as 149.76.12.4.
TCP
• IP is not reliable…then comes TCP
• Checks the integrity and completeness of the data
and retransmits it in case of error
• TCP identifies the end points of a connection by
the IP addresses of the two hosts involved and the
number of a port on each host.
• Ports may be viewed as attachment points for
network connections.
TCP Drawback
• Overhead
• It takes at least three datagrams to establish
a TCP connection, another three to send and
confirm a small amount of data each way,
and another three to close the connection
UDP
• User Datagram Protocol
• UDP provides us with a means of using
only two datagrams to achieve almost the
same result.
• UDP is said to be connectionless, and it
doesn't require us to establish and close a
session
More on Ports
• The IETF (Internet Engineering Task
Force), regularly releases an RFC titled
Assigned Numbers (RFC-1700).
• It describes, among other things, the port
numbers assigned to well-known services.
• Linux uses a file called /etc/services that
maps service names to numbers.
A Mention of UUCP
• Unix to Unix Copy
• Main application is still in Wide Area
Networks, based on periodic dialup
telephone links
• Operates in Batch Mode
Linux Networking
• Net-4 Linux Network code offers a wide variety of
device drivers and advanced features.
• Includes SLIP, PPP, PLIP (for parallel lines), IPX,
Appletalk, AX.25, NetRom, and Rose (for amateur
radio networks), SAMBA, and Novell NCP.
• Other standard Net-4 features include IP
firewalling, IP accounting, and IP Masquerading.
• IP tunnelling in a couple of different flavors and
advanced policy routing are supported.
System Maintenance
• Log File Scripts
• cron jobs
System Security
• Mail Alias for Root
• The COPS program will check your file
system and common configuration files for
unusual permissions
• When making a service accessible to the
network, make sure to give it least privilege
System Security Ctd.
• Tripwire - allows you to check vital system
files to see if their contents or permissions
have been changed.
• Computes various strong checksums over
these files and stores them in a database
• During subsequent runs, the checksums are
recomputed and compared to the stored
ones to detect any modifications.
Chapter 2
Issues of TCP/IP Networking
Networking Interfaces
• For each peripheral networking device, a
corresponding interface has to be present in
the kernel.
• For example, Ethernet interfaces in Linux
are called by such names as eth0 and eth1;
PPP interfaces are named ppp0 and ppp1
IP Address Classes
• Class A comprises networks 1.0.0.0 through 127.0.0.0. The
network number is contained in the first octet
• Allowing roughly 1.6 million hosts per network
• Class B contains networks 128.0.0.0 through 191.255.0.0; the
network number is in the first two octets
• Allows for 16,320 nets with 65,024 hosts each
• Class C networks range from 192.0.0.0 through 223.255.255.0, with
the network number contained in the first three octets
•
Allows for nearly 2 million networks with up to 254 hosts
• Classes D, E, and F Addresses falling into the range of 224.0.0.0
through 254.0.0.0 are either experimental or are reserved for special
purpose use and don't specify any network.
Private IP Use
• Class Networks
– A 10.0.0.0 through 10.255.255.255
– B 172.16.0.0 through 172.31.0.0
– C 192.168.0.0 through 192.168.255.0
Special Purpose IP
• Octets 0 and 255 are reserved for special purposes.
• An address where all host part bits are 0 refers to
the network, and an address where all bits of the
host part are 1 is called a broadcast address.
• This refers to all hosts on the specified network
simultaneously. Thus, 149.76.255.255 is not a
valid host address, but refers to all hosts on
network 149.76.0.0.
Special Purpose IP Ctd.
• Usually, address 127.0.0.1 will be assigned
to a special interface on your host, the
loopback interface, which acts like a closed
circuit.
• Any IP packet handed to this interface from
TCP or UDP will be returned to them as if it
had just arrived from some network.
Address Resolution
• ARP - mechanism that maps IP addresses onto the
addresses of the underlying network
• A datagram is addressed to all stations on the
network simultaneously. The broadcast datagram
sent by ARP contains a query for the IP address.
Each receiving host compares this query to its own
IP address and if it matches, returns an ARP reply
to the inquiring host.
• The inquiring host can now extract the sender's
Ethernet address from the reply.
Subnetworks
• Hosts with identical IP network numbers should be
found within the same network
• The number of bits that are interpreted as the
subnet number is given by the so-called subnet
mask, or netmask. This is a 32-bit number too,
which specifies the bit mask for the network part
of the IP address.
• A class B network number of 149.76.0.0 has a
netmask of 255.255.0.0.
Gateways
• A gateway is a host that is connected to two
or more physical networks simultaneously
and is configured to switch packets between
them.
ICMP
• Internet Control Message Protocol (ICMP), used
by the kernel networking code to communicate
error messages to other hosts
• There is one very interesting message called the
Redirect message.
• It is generated by the routing module when it
detects that another host is using it as a gateway,
even though a much shorter route exists
Resolving Host Names
• The need to map numbers to names
• On a small network like an Ethernet or even a
cluster of Ethernets, it is not very difficult to
maintain tables mapping hostnames to addresses.
• This information is usually kept in a file named
/etc/hosts
• This is why a new name resolution scheme was
adopted in 1994: the Domain Name System
Config Network H/W
-
3.0 Config Network H/W
3.1 Kernel Config (Overview)
3.2 Tour of Network Dev
3.3 Ethernet Install
3.5 PPP-Dialup
3.0 Config Network H/W
• Hardware == Physical device
– i.e., Ethernet, FDDI, or Token Ring
• Device Driver
–
–
–
–
Auto Probing
i.e., ISA, PCI, MCA, PCMCIA, and USB
I/O and Memory Address
Interrupt Request Number (IRQ)
3.0 Config Network H/W
• Interfaces in /dev
– Type ls –las /dev/
• Dev files
–
–
–
–
Type b  block device
Type c  character device
Major & minor device numbers
Defined in kernel not real files in /dev
3.0 Config Network H/W
3.0 Config Network H/W
3.1 Kernel Config (Overview)
• Distribution media supplied w/boot disks
• Basics of compiling Linux in Matt Welsh’s book,
running Linux (O’Reilly)
• Linux kernel numbering 2.2.14
– 1st digit  major version
– 2nd digit  minor version
• Even  production, or stable
• Odd  development, or unstable
– 3rd  incremented for each release of a minor
3.1 Kernel Config (Overview)
• Make menuconfig
– Offers list of config questions
– Asks whether you want TCP/IP networking
support.
– You must answer this with y to get a kernel
capable of networking
3.1 Kernel Options (Linux 2.2)
• After General Section
– Config for SCSI/sound cards
– Config for network support
3.1 Kernel Options (Linux 2.2)
3.1 Kernel Options (Linux 2.2)
3.1 Kernel Options (Linux 2.2)
3.1 Kernel Options (Linux 2.2)
3.1 Kernel Networking Options
(Linux 2.2)
3.1 Kernel Networking Options
(Linux 2.2)
3.2 Tour of Network Dev
•
•
•
•
•
Lo  loopback
Eth0  ethernet
Tr0  Token Ring
Sl0  SLIP transport
Ppp0  PPP transport
Ethernet Install
• Ethernet HOWTO
– Donald Becker wrote most drivers for the
National Semi 8390 chip set
• Becker Series Drivers
– Many other developers have contributed drivers
– Few common Ethernet cards aren’t supported
Ethernet Install
• Ethernet HOWTO
– Autoprobing
– Append option in the lilo.conf file
• ether=irq,base_addr,[param1,][param2,]name
– irq, base_addr, andname parameters are required
– the two param parameters are optional
PPP-Dialup
• Serial port connection
– Chapter 4  Config the Serial hardware
– Chapter 8  The Point-to-Point Protocol
Serial Dev
- 4.2 Intro to Serial Dev
- 4.6 Serial Login (Getty, mgetty)
4.2 Intro to Serial Dev
• tty  Teletype device (Char-based)
– Serial devices
– Virtual terminals
– Pseudo-terminal
• setserial command
– setserial device [parameters]
• stty  set tty
– stty -a -F /dev/ttyS1
4.6 Serial Login (Getty)
• getty program  get tty
– Issues a login: prompt
– Invokes the login program
Chapter 5: Configuring TCP/IP Networking
•
•
•
Usually handled by a GUI configuration
program as part of an installation
Typically network configuration is done only
once
Guide covers installing network drivers
separately, but most distros already include these
Chapter 5: Configuring TCP/IP Networking (cont.)
5.3 Setting the Hostname
• Most network apps require a sensible hostname value, so
this is usually done first
– # hostname name
• The hostname is the first part of a fully-qualified domain
name (FQDN), so for panthro.isrg.utulsa.edu,
the hostname is panthro.
Chapter 5: Configuring TCP/IP Networking (cont.)
5.3 Assigning IP Addresses
• For standalone operation, the loopback address is all you need
– This is always 127.0.0.1, and refers to the local machine
• With a “real” network (e.g. Ethernet), you have to assign your
machine an IP address on the network
– If your machine is on a private network, you can give it an IP from one of
the reserved ranges (A, B, or C):
– Otherwise, you want to network your computer to the Internet. Your
friendly network administrator should help you in this case.
Chapter 5: Configuring TCP/IP Networking (cont.)
5.5 Creating Subnets
• In order to have multiple Ethernets (and other networks)
operating simultaneously, you have to split up your
network into subnets
• Example: for two Ethernets on a private class B network,
we can assign each network its own subnet, 172.16.1.0 and
172.16.2.0, with a subnet mask of 255.255.255.0.
A gateway is required so these networks can talk to each
other. This is usually assigned the first host number on
each subnet, e.g. 172.16.1.1 and 172.16.2.1
Chapter 5: Configuring TCP/IP Networking (cont.)
5.6 Writing hosts and networks files
•
After subnetting the network, the next step is to
configure hostname resolution, which is done in the
/etc/hosts file
•
This file tells applications how to resolve the IP address
of a host, and can be configured to use DNS first, then
the /etc/hosts file if DNS doesn’t provide the info, for
example
Even if DNS is used, it’s a good idea to have hostnames
in /etc/hosts
To setup your host resolver to use the /etc/hosts
file, edit /etc/host.conf to the following:
order hosts
•
•
Chapter 5: Configuring TCP/IP Networking (cont.)
5.6 Writing hosts and network files (cont.)
Sample hosts file:
Chapter 5: Configuring TCP/IP Networking (cont.)
5.6 Writing hosts and network files (cont.)
Sample networks file:
Chapter 5: Configuring TCP/IP Networking (cont.)
5.7 Interface Configuration
• After hardware configuration, the next step is to make these
devices known to the kernel networking software, which
involves configuring and testing an interface
• The three commands used for this are ifconfig (”interface”
config), ping, and route
– ifconfig – used to make an interface accessible to the kernel
networking layer. This involves IP address assignment and other
parameters, and ”bringing up” an interface or activation.
– ping – used to see if the given address is reachable; also prints the
time it takes (round-trip time)
– route – can be used to add/remove routes from the kernel routing
table.
• These interface activation tasks are usually performed at boot
by a network initialization script, and usually aren’t needed
unless there’s a networking issue
Chapter 5: Configuring TCP/IP Networking (cont.)
5.8 Using ifconfig
•
Normal command-line format:
ifconfig interface [address [parameters]]
•
•
•
Without any additional options, ifconfig will display all active interfaces
configured on your machine
If you want to see the config for a specific intferface (e.g. the first Ethernet
interface, eth0), you can use ifconfig interface, which looks like the following:
Some interesting ifconfig parameters include:
up – makes the interface accessible to the IP layer
down – makes an interface inaccessible to the IP layer
netmask mask – assigns a subnet mask to be used by an interface
broadcast address – usually made up from the network number by setting all
bits of the host part
promisc – puts the interface in promiscuous mode. On a broadcast network,
this makes the interface receive all packets, regardless of whether they were
destined for this host or not.
Chapter 5: Configuring TCP/IP Networking (cont.)
5.9 Using netstat
• Netstat is useful for checking your network
configuration and activity
• Three modes of operation:
– netstat –r displays the kernel routing table
– netstat –i shows statistics for the network interfaces configured
(some of the same information displayed by ifconfig)
– netstat –a displays sockets or open connections on your machine
Chapter 5: Configuring TCP/IP Networking (cont.)
5.10 Checking ARP tables
• Sometimes useful to view the kernel’s ARP tables, e.g. when
a duplicate IP address is causing intermittent network
problems.
• To remove all entries related to a given host from the arp
table, use
arp –d hostname
Chapter 11: IP Masquerading and Network Address Translation
• NAT is the process of modifying network
addresses in datagram headers while they
are in transit
• IP Masquerading is a specific type of NAT
allowing hosts on a private network to use
the Internet by means of a single IP address
Chapter 11: IP Masquerading and Network Address Translation
(cont.)
Chapter 11: IP Masquerading and Network Address Translation
(cont.)
• Benefits:
– Relatively easy to setup and configure
– Saves on costs
– Provides some security
Secure System Administration &
Certification
The Linux Network Administration Guide
(Ch. 1-5, part of 11)
Jim Arrowood
Michael Linnenburger
Nick Davis
University of Tulsa
Department of Mathematical & Computer Sciences
CS 5493/7493 Secure System Administration & Certification
Dr. Mauricio Papa