Transcript Slide 1

THE SCO GROUP 2007
OpenServer 6 Networking for
OpenServer 5 Administrators
John Boland
SCO Support
1
© The SCO Group, Inc. All Rights Reserved
Session Objectives
 At the end of this session you should:
 Understand the ISL differences between OpenServer
6 and OpenServer 5 relating to Networking
 Be aware of how OpenServer 6 networking starts on
system boot
 Know how to enable tcp wrappers on inetd services
 Understand how netconfig(ADM) differs between
OpenServer 6 and OpenServer 5
 Know how to configure and use ssh(1)
 Be able to configure a simple VPN using IPsec
2
Session Topics
 The following topics will be covered








OpenServer 6 Installation
Network Configuration Manager differences
OpenServer 6 Network Start-up
Configured Network Services on OpenServer 6
tcpd(ADM) aka Tcpwrappers
OpenServer 6 and OpenSSH
Using IPSec to implement a VPN
IP Filters Brief Overview
3
OpenServer 6 Installation
 OpenServer 6.0.0 ISL Networking Differences:
 Samba, PPP and Kerberos installed at ISL
 IPX/SPX, SCO Gateway for Netware and Lan
Manager Client packages obsolete
 DHCP client configuration at ISL
 Only drivers for detected Network Cards (NICs) are
displayed at ISL
 Manual list only contains non-autodectable ISA NIC cards
4
OpenServer 6 Installation
 OpenServer 5 Connectivity Package Selection
5
OpenServer 6 Installation
 OpenServer 6 Connectivity Package Selection
6
OpenServer 6 Installation
 Network Card Selection on OpenServer 5
7
OpenServer 6 Installation
 Network Card Selection on OpenServer 6
8
Network Configuration Manager
 OpenServer 5 Network Configuration Manager:
9
Network Configuration Manager
 Network Configuration Manager Differences:







No localhost entry
Removed the IPX protocol
NFS protocol configured by default (if installed)
Only Auto-detected Network Cards are displayed
No relink and reboot required when you add a card
Removed WAN configuration
Failover support added
10
Network Configuration Manager
 Network Interface Card (NIC) Drivers and netconfig(ADM)
 NIC drivers are stored under
/etc/inst/nd/mdi
 Find out what nd driver package is installed using:
pkginfo –l nd
 Get the latest nd driver package (8.0.6e) at:
http://www.sco.com/support/update/download/release.php?rid=281
 netconfig(ADM) uses PCI Board IDs to recognise cards
 resmgr | more
18 e1008g 8 6 4 18 4400 443f fcde0000 fcdfffff - - 4 0x8086100E 0x0002 0 2 0
34 net0 8 6 - - - - - - - - - 0x8086100E - - 2 –
 grep 0x8086100E /etc/inst/nd/mdi/e1008g/*.bcfg
/etc/inst/nd/mdi/e1008g/e1008g_100E.bcfg:BOARD_IDS="0x8086100E"
11
Network Configuration Manager
 Automatic Network Failover and Backup cards
 Must have MP2 installed
 TA 110336: Not all NICs support failover. Check with:
grep "FAILOVER=true" /etc/inst/nd/mdi/<your nic driver>/*.bcfg
 Can manually failover using netconfig(ADM)
 Automatic failback is not currently supported
 TA 126686: Cannot manually failback to the primary
NIC using netconfig(ADM). Instead you use:
nd failback net0
 Note that while some NICs failover on removal of
cable, not all NICs do
12
Network Configuration Manager
 Debugging netconfig(ADM):
 When you run netconfig(ADM) you are running:
/usr/lib/netcfg/bin/ncfgUI
 netconfig(ADM) configuration files held under
/usr/lib/netcfg
 To trace problems uncomment:
#cmdtrace on [ open /tmp/ncfgUI.log a+ ]
 netconfig(ADM) also uses ndcfg(ADM) to do NIC
configuration. The ndcfg log file is found at:
/usr/lib/netcfg/tmp/ndcfg.log
 TA 110131: Troubleshooting NIC Installation
13
OpenServer 6 Network Start-up
 /etc/inittab Network Start-up Entries
• Initialize the socket subsystem in the kernel at sysinit
iks0::sysinit:/sbin/initsock -d > /dev/console 2>&1
• Configure STREAMS at sysinit
sl::sysinit:/etc/slink -c /etc/strcf > /dev/console 2>&1
• Initialise the loopback interface at sysinit
loop::sysinit:/usr/sbin/initialize -u lo0 > /dev/console 2>&1
• Load STREAMS modules
ap1::sysinit:/sbin/autopush -f /etc/ap/sco.ap
• Start syslogd(ADM) to log local & remote messages
bchk::sysinit:/sbin/bcheckrc </dev/console >/dev/console 2>&1
14
OpenServer 6 Network Start-up
 /etc/inittab Network Start-up Entries [contd]
• The following entries will be described in greater
detail on the slides that follow:
lli::sysinit:/etc/nd start < /dev/null > /dev/null 2>&1
tcp::sysinit:/etc/tcp start < /dev/null > /dev/null 2>&1
……. ……. ………..
r2:2:wait:/etc/rc2 1> /dev/console 2>&1 </dev/console
15
OpenServer 6 Network Start-up
 Network Adapter Driver Script nd(ADM)
 /etc/nd is used to start and stop configured NICs
 It starts the dlpid(ADM) daemon which links each MDI
(MAC Driver Interface) driver to the common DLPI
(Data Link Provider Interface)
 The dlpi module is a bit like your OSI Data Link Layer
 The MDI interface sits between the card and the DLPI
 /etc/nd is started by entry in /etc/inittab
lli::sysinit:/etc/nd start < /dev/null > /dev/null 2>&1
 nd(ADM) is updated by netconfig(ADM) when adding
or removing NICs
16
OpenServer 6 Network Start-up
 nd(ADM) [contd.]
 Never try to update or modify /etc/nd manually
 nd(ADM) man page incorrectly refers to
/etc/rc2.d/S35dlpi and
/etc/rc0.d/K97dlpi being used to start and stop nd
 Can debug issues with /etc/nd by uncommenting:
#cmdtrace on [ open /tmp/nd.log a+ ]
or
#cmdtrace on stderr
17
OpenServer 6 Network Start-up
 TCP Start/Stop Script tcp(ADMN)
 /etc/tcp starts and stops TCP
 When starting in single-user mode (sysinit) it will:
 Read /etc/default/tcp to get info incl. domain and gateway
 Call inconfig(ADM) to load default TCP kernel parameters
 Configure network interfaces with IP addresses using
/usr/sbin/initialize -U
 Will start syslogd(ADM) if not already started
 Set default route using the gateway entry from
/etc/default/tcp
 Start the streams error logging daemon, strerr(ADM)
 Start the Pseudo Random Number Generator Daemon
prngd(ADM)
18
OpenServer 6 Networking Start-up
 Single User Mode start-up:
init
intisock
slink
Initialize lo0
autopush
nd start
tcp start
syslogd
dlpid
Domain and
gateway
Setup TCP
Kernel Params
initialize netx
route add
Setup NICs
strerr(ADM)
prngd(ADM)
19
OpenServer 6 Network Start-up
 tcp(ADMN) [contd]
 When starting in multi-user mode (rc2) it will also:
 Start prngd(ADM) again
 Start inetd(ADMN), the Internet Super Server daemon
 Start pppd(ADMN) only if MST PPP is configured (off by
default)
 Start snmpd(ADMN), the snmp agent
 Start named(ADMN) if nameserver is config’d (off by default)
 Start sshd(8), the ssh daemon and if necessary generate
host keys (/etc/ssh/ssh_host*)
 Start any daemons listed in /etc/default/tcp (off by default)
 Start ntpd, lpd(ADMN) and aasd(ADMN) if configured (not by
default)
20
OpenServer 6 Network Start-up
 tcp(ADMN) [contd]
 Issues the messages:
add net default: gateway 192.168.248.1
Starting TCP services: prngd inetd snmpd sshd
 The tcp(ADMN) man page incorrectly refers to ifconfig
when it should refer to initialize
 Existing sessions can continue to function after a
tcp stop
 Existing sessions are stopped by a
tcp shutdown
 Can debug the /etc/tcp shell script by adding
set –x
21
OpenServer 6 Network Start-up
 Networking services started by rc2(ADM)
 The /etc/rc2 script is invoked by init(M):
r2:2:wait:/etc/rc2 1> /dev/console 2>&1 </dev/console
 /etc/rc2 messages are logged to
/usr/adm/rc2.log
 Networking Services scripts called by rc2 include:
S85tcp
S86rpc
P86sendmail
S87nfs
S90nis
 Can disable a service as follows:
mv /etc/rc2.d/S87nfs /etc/rc2.d/s87nfs
shutdown –y –g0 –i6
P90apache
S95docview
S99cups
S99nmbd
S99smbd
22
OpenServer 6 Network Start-up
 Network services started by traditional rc2(ADM)
 S85tcp
 Symbolic link to /etc/tcp
 S86rpc
 Symbolic link to /etc/rpcinit
 Starts rpcbind(ADMN), rwalld(NADM) and sprayd
 P86sendmail (or MMDF equivalent)
 Starts sendmail(ADMN)
 S87nfs
 Symbolic link to /etc/nfs
 Starts exportfs(NADM), nfsd(NADM), biod(NADM), mountd(NADM),
statd(1Mnfs), lockd(NADM), bootparamd(NADM) and pcnfsd(NADM)
 S90nis
 Symbolic link to /etc/nis
 Not configured or started by default
23
OpenServer 6 Network Startup
 Network services started by traditional rc2(ADM)
 P90apache
 Starts the apache web server on port 80
 S95docview
 Starts the OpenServer 6 documentation server on port 8457
 S99cups
 Starts the CUPS Print server, cupsd(8)
 Remote admin is disabled by default (See TA 126211)
 S99nmbd
 Starts the NetBIOS name service, nmbd(8)
 S99smbd
 Starts the File and Print Server daemon, smbd(8)
24
OpenServer 6 default Network Services
 Services controlled by inetd(ADMN)
 inetd is knows as a Super Server
 inetd is started by /etc/rc2.d/S85tcp (/etc/tcp)
 inetd configures the services listed in
/etc/inetd.conf
 inetd reads /etc/services (and /etc/protocol) to get the
name, aliases, port and protocol to use for each
service
25
OpenServer 6 default Network Services
 Services controlled by inetd(ADMN)
 On a traditional install inetd configures services including:
ftp
telnet
shell
login
exec
pop3
imap
swat
stream tcp nowait root
/etc/ftpd
ftpd -a
stream tcp nowait NOLUID /etc/telnetd telnetd
stream tcp nowait NOLUID /etc/rshd
rshd
stream tcp nowait NOLUID /etc/rlogind rlogind
stream tcp nowait NOLUID /etc/rexecd rexecd
stream tcp nowait root
/etc/popper popper
stream tcp nowait root
/etc/imapd imapd
stream tcp nowait root
/usr/sbin/swat swat
 Can disable a service by commenting it out
# telnet stream tcp
nowait NOLUID /etc/telnetd
telnetd
 And then restarting inetd with a SIGHUP
kill -1 `cat /etc/inetd.pid`
26
OpenServer 6 Networking Start-up
 Multi-User Mode start-up:
rc2
S85tcp
S86rpc
S87nfs
P86sendmail
prngd
inetd
P90apache
S90nis
snmpd
S99cups
S95docview
sshd
aasd
S99smbd
S99nmbd
named
lpd
pppd
ntpd
27
OpenServer 6 Networking Start-up
 Multi-User Mode start-up [contd]:
inetd
ftpd
telnetd
rlogind
imap
rshd
rexec
pop3
swat
28
OpenServer 6 and TCPWrappers
 tcpd(ADM) aka tcpwrappers 7.6
 Can be used to log and control access to inetd services
 To enable tcpwrappers on telnetd:
 Edit /etc/inted.conf
 Comment out the entry:
telnet stream tcp
nowait NOLUID /etc/telnetd
telnetd
 Uncomment the entry:
# telnet stream tcp
nowait NOLUID /etc/tcpd
telnetd
 Save the file
 Restart inetd using:
kill -1 `cat /etc/inetd.pid`
 Telnet to the server and check syslog:
Jul 11 17:26:14 jrbt5 telnetd[2102]: connect from jrbhp1
29
OpenServer 6 and TCPWrappers
 Controlling Access using tcpd(ADM)
 hosts_access(SFF) control implemented using:
/etc/hosts.allow and
/etc/hosts.deny
 These files contain no rules by default
 Access is controlled as follows:
 Grant access if you match an entry in the /etc/hosts.allow file
 Deny access if you match an entry in the /etc/hosts.deny file
 Otherwise, grant access
30
OpenServer 6 and TCPWrappers
 Controlling Access using tcpd(ADM) [contd]
 Entries in hosts.allow and hosts.deny are of the form:
daemon_list : client_list
 daemon_list is a list of one or more daemon process
names or wildcards
 client_list is a list of one or more host names, host
addresses, patterns or wildcards that will be matched
against the client host name or address
 There are two basic options:
 Deny all and add entries to /etc/hosts.allow (Mostly Closed)
 Allow all and add entries to /etc/hosts.deny (Mostly Open)
31
OpenServer 6 and TCPWrappers
 Some hosts_access(SFF) examples:
 To deny everything, in /etc/hosts.deny add:
ALL: ALL
 To allow everything leave /etc/hosts.allow empty
 To allow exceptions in /etc/hosts.allow add:
ftpd: .friendly.domain
telnetd: [email protected]
rlogind: 192.168.1.0/255.255.255.0
 To report on blocked access
ALL :ALL : spawn (echo Attempt from %h %a to %d at `date` |
tee -a /var/log/tcp.deny.log |mail [email protected] )
32
OpenServer 6 and OpenSSH
 OpenServer 6 MP2 ships with:
 OpenSSH_4.2p1
 The package provides:
 ssh(1) (aka slogin(1)) for secure, encrypted login and remote
command execution
 scp(1) for secure, encrypted remote copy
 sftp(1) for secure, encrypted file transfer
 Can also be used for, among other things:
 Local Port Forwarding
 Dynamic Port Forwarding
 X11 Forwarding
33
OpenServer 6 and OpenSSH
 OpenServer 6 ssh(1) Authentication:
 Host Based Authentication using
 /etc/ssh/shosts.equiv and/or ~/.shosts
 /etc/ssh/ssh_known_hosts and/or ~/.ssh/known_hosts
 RSA/DSA Authentication using:
 ~/.ssh/authorized_keys
 Keyboard Username and Password authentication
(default fallback)
 Try avoid using SSH 1 as its less secure than SSH 2
 Always use RSA and not DSA if possible
34
OpenServer 6 and OpenSSH
 Windows to OpenServer 6.0.0 RSA Authentication:
 Use a Key Generator on your Windows PC to generate your
public and private keys and save the keys to a directory on your
PC
 On the OpenServer 6 system create the .ssh directory using:
mkdir $HOME/.ssh
chmod 700 $HOME/.ssh
 Create $HOME/.ssh/authorized_keys and add paste your
public key into this file
 On the Windows PC configure your ssh Terminal Emulator to use
your private key
35
OpenServer 6 and OpenSSH
 OpenServer 6 to OpenServer 6 RSA Authentication:
 On the “client” OpenServer 6 system generate keys using
ssh-keygen –t rsa
 On the “server” OpenServer 6 system create the .ssh directory
using:
mkdir $HOME/.ssh
chmod 700 $HOME/.ssh
 Create $HOME/.ssh/authorized_keys and add paste the
$HOME/.ssh/id_rsa.pub public key from the client OpenServer 6
system into this file
 Login from the OpenServer 6 client system using:
ssh <server_name> or ssh <user>@<server name>
36
OpenServer 6 and OpenSSH
 OpenServer 6 ssh(1) Host Based Authentication:
 Host Based Authentication can use
 /etc/ssh/shosts.equiv and/or ~/.shosts
 /etc/ssh/ssh_known_hosts and/or ~/.ssh/known_hosts
 Server Side Configuration:
 Create $HOME/.shosts with
192.168.1.250 jboland
jrbosr6.it.sco.com jboland
jrbosr6 jboland
 Edit /etc/ssh/sshd_config and change/add
HostbasedAuthentication yes
IgnoreUserKnownHosts yes
IgnoreRhosts yes
37
OpenServer 6 and OpenSSH
 OpenServer 6 ssh(1) Host Based Authentication:
 Server Side Configuration [contd]:
 Restart sshd using:
tcp restart
 Client Side Configuration:
 Edit /etc/ssh/ssh_config and change/add
HostbasedAuthentication yes
EnableSSHKeysign yes
 From the client login to the server using:
ssh <server_name>
 To debug use
ssh –v <server_name>
38
OpenServer 6 and OpenSSH
 Uses for ssh Dynamic Port Forwarding:
 Dynamic Port forwarding allows forwarding of traffic
via a local SOCKS Proxy Server to a remote secure
server using ssh(1)
Local SOCKS
Proxy Server
The Internet
Secure ssh
Server
39
OpenServer 6 and OpenSSH
 Setup Dynamic Port Forwarding on OpenServer 6:
 Setup a SOCKS Proxy Server as root using:
ssh –D 1080 jboland@<fqdn of OSR6 ssh server>
 To configure Mozilla to use the SOCKS proxy:




Run mozilla
Select Edit -> Preferences… -> Advanced -> Proxies
Click the “Manual Proxy Configuration”
In the SOCKS Host: field put
localhost
 In the Port: field put
1080
 Click on OK
40
OpenServer 6 and OpenSSH
 Setting up Dynamic Port Forwarding on Windows:
 Setup a SOCKS Proxy Server using PuTTY as follows:







Launch PuTTY
Enter the Host Name of the remote server
Select Connection -> SSH -> Tunnels
Enter 1080 in the source port field
Click on the Dynamic Radio Button
Click Add
Click Open
41
OpenServer 6 and OpenSSH
 Setting up Dynamic Port Forwarding on Windows:
 Configure Firefox to use the SOCKS Proxy as follows:








Launch Firefox
Select Tools -> Options -> Advanced -> Networking
Click on Settings
Check the Manual proxy configuration: radio button
Enter localhost in the SOCKS Host: field
Enter 1080 in the source port field
Click OK
Click OK
 Firefox is now configured to use the SOCKS Proxy
42
OpenServer 6 and OpenSSH
 Setting up Dynamic Port Forwarding on Windows:
 Configure PuTTY to use the SOCKS Proxy as follows:







Launch PuTTY
Enter the Host Name of the remote server
Select Connection -> Proxy
Check SOCKS 5 as the proxy type
Enter 1080 for the port
Click OK
Click OK
 PuTTY is now configured to use the SOCKS Proxy
43
OpenServer 6 and IPsec
 What is IPsec:
 IPsec allows you to:
 Encrypt IP packets between hosts and subnets
 Authenticate IP Packets between hosts and subnets
 Defined in http://www.ietf.org/rfc/rfc2401.txt
 Authentication can be performed using Expanded
IPsec headers, keys or certificates
 IPsec requirements:
 OpenSSL 0.9.7 or later
openssl version
 A configured and functioning network connection
44
OpenServer 6 and IPsec
 IPsec Terminology:
 Two types of IPsec configuration:
 Transport encrypts IP Data only
 Tunnel encrypts IP Data and IP Headers
 Two types of Authentication protocol:
 Authentication Header (AH) does authentication only and is
not recommended
 Encapsulating Security Payload (ESP) does authentication
and encryption
 In an IPsec configuration file:
 SAD is Security Association Database
 SPD is the Security Policy Database
45
OpenServer 6 and IPsec
 To enable IPsec in the kernel:
 Edit
/etc/conf/pack.d/inet/space.c
 changing
int ipsec_enable = 0;
 to
int ipsec_enable = 1;
 Relink the kernel using:
/etc/conf/bin/idbuild –M inet
 Reboot the server using
shutdown –y –g0 –i6
46
OpenServer 6 and IPsec
 Simple OSR6 to OSR6 IPsec configuration:
 On “sysa” create /etc/inet/sysa.ipsec.conf with:
add <sysa ip> <sysb ip> esp 0x10001
-m transport
-E 3des-cbc "thescogp12341234thescogp" ;
add <sysb ip> <sysa ip> esp 0x10002
-m transport
-E 3des-cbc "thescogp43214321thescogp" ;
spdadd <sysb ip>[any] <sysa ip>[any] tcp -P in ipsec
esp/transport/<sysb ip>-<sysa ip>/use ;
spdadd <sysa ip>[any] <sysb ip>[any] tcp -P out ipsec
esp/transport/<sysa ip>-<sysb ip>/use ;
47
OpenServer 6 and IPsec
 Simple OSR6 to OSR6 IPsec configuration:
 On “sysb” create /etc/inet/sysb.ipsec.conf with:
add <sysa ip> <sysb ip> esp 0x10001
-m transport
-E 3des-cbc "thescogp12341234thescogp" ;
add <sysb ip> <sysa ip> esp 0x10002
-m transport
-E 3des-cbc "thescogp43214321thescogp" ;
spdadd <sysa ip>[any] <sysb ip>[any] tcp -P in ipsec
esp/transport/<sysa ip>-<sysb ip>/use ;
spdadd <sysb ip>[any] <sysa ip>[any] tcp -P out ipsec
esp/transport/<sysb ip>-<sysa ip>/use ;
48
OpenServer 6 and IPsec
 Loading the IPsec configuration:
 On sysa run setkey(ADM):
ipseckey –f /etc/inet/sysa.ipsec.conf
 On sysb run setkey(ADM):
ipseckey –f /etc/inet/sysb.ipsec.conf
 To see the ESP traffic
tcpdump host sysa and sysb
 To see the ipsec network statistics run:
netstat -nsp ipsec
 To remove/flush the SAD and SPD entries use:
ipseckey –F
Ipseckey -FP
49
OpenServer 6 and IPsec
 Using racoon for automatic key management
 Keys need to be changed to maintain security
 Manual changing of keys is time consuming and
prone to error
 racoon(ADM) is a daemon that manages keys (and
certificates) on behalf of IPsec
 racoon(ADM) uses the Internet Key Exchange (IKE)
protocol to exchange keys securely between hosts
50
OpenServer 6 and IPsec
 To configure racoon(ADM):
 On sysa create the file /etc/inet/psk.txt with:
<sysb ip> <initial public shared key>
 Make sure this file has perms 0400
chmod 0400 /etc/inet/psk.txt
 On sysa create the file /etc/inet/sysa.ipsec.conf with:
spdadd <sysb ip>[any] <sysa ip>[any] tcp -P in ipsec
esp/tunnel/<sysb ip>-<sysa ip>/require ;
spdadd <sysa ip>[any] <sysb ip>[any] tcp -P out ipsec
esp/tunnel/<sysa ip>-<sysb ip>/require;
 Perform similar steps on sysb
51
OpenServer 6 and IPsec
 To configure racoon(ADM) [contd]:
 On sysa create the file /etc/inet/racoon.conf with:
path pre_shared_key "/etc/inet/psk.txt" ;
log debug;
remote anonymous
{
exchange_mode aggressive ;
my_identifier address <sysa ip> ;
lifetime time 1 hour ;
proposal {
encryption_algorithm 3des;
hash_algorithm sha1;
authentication_method pre_shared_key ;
dh_group 2 ;
}
proposal_check obey;
}
52
OpenServer 6 and IPsec
 To configure racoon(ADM) [contd]:
 On sysa create the file /etc/inet/racoon.conf with:
[contd]
sainfo anonymous
{
pfs_group 2;
lifetime time 10 hour ;
encryption_algorithm 3des, blowfish;
authentication_algorithm hmac_sha1, hmac_md5 ;
compression_algorithm deflate ;
}
 Create a similar file on sysb
53
OpenServer 6 and IPsec
 To start racoon
 Permissions need to be changed on /usr/sbin/racoon
chmod + x /usr/sbin/racoon
 Start racoon on sysa and sysb using
/usr/sbin/racoon &
 Configuration and Startup errors are logged in
/var/adm/syslog
 On sysa run setkey(ADM):
ipseckey –f /etc/inet/sysa.ipsec.conf
 On sysb run setkey(ADM):
ipseckey –f /etc/inet/sysb.ipsec.conf
54
OpenServer 6 and IPsec
 To stop and restart racoon
 To stop racoon run:
kill -9 `cat /etc/inet/racoon.pid`
rm /tmp/.racoon
 Restart using
/usr/sbin/racoon &
55
OpenServer 6 and IPF
 IP Filter Firewall Package for OpenServer 6.0.0
 For a detailed HOW TO on firewall setup see:
http://osr600doc.sco.com/en/NET_tcp/ipf-howto.html
 See also:
 ipf(ADMN), ipfilter(M) and ipnat(ADMN)
 Enable IP Filter as root using:
mkdev ipf
 Display the current incoming and outgoing rules with:
ipfstat -io
56
Session Objectives
 You should now:
 Understand the ISL differences between OpenServer
6 and OpenServer 5 relating to Networking
 Understand how netconfig(ADM) differs between
OpenServer 6 and OpenServer 5
 Be aware of how OpenServer 6 networking starts on
system boot
 Know how to enable tcp wrappers on inetd services
 Know how to configure and use ssh(1)
 Be able to configure a simple VPN using IPsec
57
Questions?
Any questions now?
For questions you think about later:
[email protected]
58