Linux Networking and Security
Download
Report
Transcript Linux Networking and Security
Linux Networking and
Security
Chapter 5
1
Configuring File Sharing Services
Configure an FTP server for anonymous or regular users
Set up NFS file sharing between Linux and UNIX
systems
Understand NetWare NCP-Based file sharing
Use SMB to share files and printers with Windows-based
PCs
2
Running an FTP server
The File Transfer Protocol (FTP) was designed for
efficient distribution of a single file to multiple remote
clients
Some design characteristics of FTP:
FTP operates in real-time
FTP was designed to be used by the public and this is called
anonymous FTP
FTP is very effective for transferring large files
FTP was not designed as a “shared local disk”
3
Using an FTP Client
Accessing an FTP site requires an FTP client
Linux includes a text-mode FTP client, some Linux
systems include a newer and refined text-mode ftp
system called ncftp
An FTP client session begins with the ftp command
If the system connects, users are prompted for username and
password
4
Using an FTP Client
5
Using an FTP Client
6
Using an FTP Client
7
Using an FTP Client
8
Introducing FTP Servers
The most widely used FTP server on Linux is the
Washington University server, wu-ftp
Setting up the FTP server is done via a number of
configuration files
In addition to configuration files, there is the anonymous
user home directory:
Anonymous users do not see the entire file system and are
limited to a working area, or home directory that designates
downloadable files
9
Introducing FTP Servers
10
Setting Up FTP Configuration Files
The FTP server is configured using the ftpaccess file in
the /etc directory
There are three types of FTP users: Anonymous, Real, and
Guest
Classes of users can be created, which allow you to assign
permissions based on groupings
Permit FTP users to perform file actions using a series of
directives naming the file action, followed by yes or no, followed
by the classes of user to which the directive applies
11
Setting Up FTP Configuration Files
12
Setting Up FTP Configuration Files
13
Sharing Files with NFS
The Network File System (NFS) provides access to
remote files systems as if they are part of the local
directory structure
NFS was designed for permanent, long-term connections where
remote file systems are used as part of the regular user
environment
NFS does have security concerns and was designed with a
trusted network in mind
NFS is UNIX-centric and does not typically perform well with
Windows or NetWare servers
14
Running the NFS Daemons
The NFS protocol is implemented by several daemons,
each handling different tasks
NFS communication is built on the remote procedure call
(rpc) system
This system functions almost like a superserver in that programs
are assigned an rpc number
A program called portmap watches for rpc requests from
programs like NFS daemons, then maps them to TCP or UDP
ports
NFS uses the rpc.mountd daemon to make new connections
15
Accessing Remote NFS
File Systems
Acting as a client to an NFS server is straightforward;
use the mount command for any local hard disk
partitioning containing a file system needing access
The mount point must be created and the host must have
allowed mounting of the directory
Mount options include altering the default buffer size for NFS
transfers, read-only or read-write permission, hard or soft
mounts, and suppressing automatic mounting at system startup
16
Exporting Your File System
Using NFS
To make parts of your file system accessible over the
network to other systems, NFS daemons must be
running and NFS traffic must be allowed to pass
between the hosts
Beyond this, the /etc/exports file must be set up to define which
of the local directories will be available to remote users and how
each is used
NFS uses a security concept called squashing to prevent a user
from gaining access to a user account (especially to the root
account) simply because they have an ID on the NFS client
17
NetWare File and Printer Sharing
NetWare protocols can be used on Linux to act as
NetWare file and print servers, or as a client to other
NetWare servers
To use either the client or server tools for NetWare, IPX must be
installed on Linux
NetWare uses a transport protocol called the NetWare Core
Protocol (NCP)
NetWare is a dedicated network operating system, but in the
context of Linux, these servers are limited to file and printer
sharing
18
Accessing NetWare Servers
as a Client
The ncpfs package implements NCP and provides a
number of client utilities allowing log in, file transfer,
printing and so forth
The ncpfs package is not installed by default
The ncpfs utilities allow the specification of command-line
parameters for server contact
Alternatively, create a .nwclient file in the home directory that
contains the NetWare default settings
19
Accessing NetWare Servers
as a Client
20
Making Linux Into a
NetWare Server
Most Linux distributions contain a package that lets a
system emulate a NetWare server
The Martin Stovers NetWare Emulator package (mars-nwe)
provides NetWare-specific protocols
In addition to NCP transport protocol, mars-nwe provides the
NetWare Routing Information Protocol (RIP) and the Service
Addressing Protocol (SAP) that let Linux act as a peer with other
NetWare servers
Configure mars-nwe using the /etc/nwserv.conf
21
Windows File and Print Integration
with Samba
To implement the Windows-based protocols such as
Server Message Block (SMB), Common Internet File
System (CIFS) and NetBIOS in Linux, use the Samba
suite
The server portion of Samba allows a Linux system to appear in
Windows networks as if it were another Windows system
The client portions of Samba also let Linux access Windows
systems that are configured to share their resources
22
Using Samba Client Utilities
Samba client utilities allow access to shared Windows
resources as if another Windows-based computer
The smbclient utility is a command-line utility that allows logging
into a Windows host, and interacting using a series of
commands
To graphically access a Windows system, mount a Windows
share as part of Linux by the standard mount command using a
file system type of smbfs
Printing to a Windows printer is done using the smbprint
command
23
Using Samba Client Utilities
24
Using Samba Client Utilities
25
Using Samba Client Utilities
26
Using Samba Client Utilities
27
Setting Up a Samba Server
Samba includes two server daemons:
nmbd, which implements the NetBIOS service
smbd, which implements the SMB file and print sharing
Both of these daemons must be running to implement a Samba
server
Both are managed using a single script in /etc/rc.d/init.d
Samba configuration files are typically stored in
/etc/samba
28
Creating Samba Users
The user security model requires users to log in with a
valid user name and password before using a share on
the Samba server
Several utilities included with the Samba suite allow for everyone
with a Linux user account to also log in via Samba
The following command creates a Samba password for all Linux
users:
cat /etc/passwd | mksmbpasswd.sh > /etc/samba/smbpasswd
29
Using SWAT to Configure SMB
SWAT is a browser-based graphical interface that sets
up the smb.conf file, restarts the Samba server, and
provides some status information on server utilization
SWAT runs a network service managed by the superserver
To use SWAT, the SWAT service must be included in the
/etc/services file
SWAT must also be enabled in the superserver configuration
30
Using SWAT to Configure SMB
31
Using SWAT to Configure SMB
32
Using SWAT to Configure SMB
33
Accessing Samba from Windows
Once a Samba server is up and running, there is access
to Linux files and printers from any Windows-based host
All that is required is the correct Windows networking
configuration and a valid username and password
Samba uses only TCP/IP, so TCP/IP should be configured in the
Windows environment
34
Accessing Samba from Windows
35
Chapter Summary
FTP is a widely used Internet protocol that was designed for
efficient transfer of files from a server to multiple clients at
diverse locations
The anonymous feature of FTP makes it popular for public
download archives
To access an FTP server, you can use the text-mode client, ftp,
graphical clients such as gFTP or IglooFTP, or a Web browser
The standard FTP server is wu-ftpd
You can configure classes of users in ftpaccess, then assign
permissions to perform different file actions
36
Chapter Summary
The Network File System (NFS) lets you access remote file
systems as part of your local directory structure by using the
mount command to contact an NFS server
An NFS server consists of several possible daemons; at the
least, nfsd and rpc.mountd are required
An NFS server is configured using the /etc/exports file, which
defines which local directories are available for remote users to
mount
NFS is prone to security holes, but it relies on several layers of
security
37
Chapter Summary
The NetWare network operating system can be emulated on
Linux as a powerful file-and-print server using the mars-nwe
package
The mars-nwe NetWare emulator is configured using the
/etc/nwserv.conf file
Linux can access NetWare servers as clients using the ncpfs
package, which provides a number of command-line tools to
manage NetWare servers
Windows networking uses the NetBIOS and SMB (also called
CIFS) protocols, both of which are implemented by the Samba
suite in Linux
38
Chapter Summary
Using the Samba client utility smbclient and mounting Windows
file systems of type smbfs provide convenient access to shared
resources
A simple Samba server configuration in smb.conf involves
defining the server name, basic security options, and defining
shares
SWAT provides graphical configuration and administration
functionality for Samba
Multiple Samba security models are supported, including
Windows NT domains and guest accounts, which often use
Samba as a dedicated print server
39