Features:
1. Shell interface on remote system
2. Binds to TCP:23
Caveat:
1. Clear-text based application (credentials are transmitted in the clear)
2. By default, 'root' is NOT permitted access via telnet-server - /etc/securetty
Requirements:
1. xinetd - installed automatically via yum
Install Telnet Server:
1. yum -y install telnet-server
2. nano /etc/xinetd.d/telnet - change 'disable = yes' to 'disable = no'
3. service xinetd restart - effects changes
Tasks:
1. Connect to both systems from either system using 'telnet' client
a. telnet 192.168.75.199 - This will allocate a free pseudo-terminal, if the user authenticates successfully
Note: By default, telnet-server reads and dislplays the contents of: /etc/issue
Note: TCP|UDP ports are 16-bit based: 2**16, OR, 0-65535
Note: ptys are assigned sequentially, by default
2. Enable 'root' login via telnet
a. mv /etc/securetty /etc/securetty.disabled
Note: Wherever/whenever possible opt for SSH in place of Telnet Server
Saturday, August 13, 2011
LFTP
Features:
1. Sophisticated FTP client
2. Provides connectivity:
a. FTP
b. HTTP/HTTPS
c. SFTP(SSHv2)
3. Interactive and non-interactive client
4. Supports scripting
5. Reads system-wide (/etc/lftp.conf) and per-user config files (~/.lftprc)
6. Behaves like the BASH shell
a. Command history
b. Permits execution of background jobs. Use CTRL-Z to background.
c. Tab completion
7. Supports mirroring (forward and reverse) of content
8. Supports FTP retransmit/reconnect from where you left off
9. Supports bookmarks of sites
10. Supports escape to shell using '!command' e.g. '!bash'
11. Supports the execution of BASH programs '!command' e.g. '!ps -ef'
Usage:
1. lftp - enters interactive mode
a. 'set -a' - reveals all variables
2. lftp linuxcbt@192.168.75.199
3. mget -c - continues downloads
4. mput -c - continues uploads
5. lftp -u linuxcbt,abc123 sftp://192.168.75.199 - Connects to SFTP server
6. mirror -v mirror/ - mirrors a remote directory named 'mirror' to the local system
7. mirror -Rv mirror/ - Reverse mirror (puts) - items to remote server
1. Sophisticated FTP client
2. Provides connectivity:
a. FTP
b. HTTP/HTTPS
c. SFTP(SSHv2)
3. Interactive and non-interactive client
4. Supports scripting
5. Reads system-wide (/etc/lftp.conf) and per-user config files (~/.lftprc)
6. Behaves like the BASH shell
a. Command history
b. Permits execution of background jobs. Use CTRL-Z to background.
c. Tab completion
7. Supports mirroring (forward and reverse) of content
8. Supports FTP retransmit/reconnect from where you left off
9. Supports bookmarks of sites
10. Supports escape to shell using '!command' e.g. '!bash'
11. Supports the execution of BASH programs '!command' e.g. '!ps -ef'
Usage:
1. lftp - enters interactive mode
a. 'set -a' - reveals all variables
2. lftp linuxcbt@192.168.75.199
3. mget -c - continues downloads
4. mput -c - continues uploads
5. lftp -u linuxcbt,abc123 sftp://192.168.75.199 - Connects to SFTP server
6. mirror -v mirror/ - mirrors a remote directory named 'mirror' to the local system
7. mirror -Rv mirror/ - Reverse mirror (puts) - items to remote server
Very Secure File Transfer Protocol Daemon (VSFTPD
Features:
1. FTPD
2. Chroot jail
3. anonymous and local-user auth
4. Rate-limiting
Tasks:
1. Install 'vsftpd'
a. yum -y install vsftpd
2. Start the server
a. service vsftpd start
b. netstat -ntlp | grep 21
3. Configure service to start when system boots into multi-user runlevel
a. chkconfig vsftpd on
b. chkconfig --list vsftpd
4. Connect to the FTPD service:
a. Use web browser, which defaults to anonymous
b. Use standard FTP client, as anonymous
c. setsebool -P ftp_home_dir=1 - permits users access to their home directory
d. service vsftpd restart - for changes to take effect
5. Chroot jail local users & disable 'anonymous' access
a. chroot_local_user=YES - this jails users
b. service vsftpd restart - for changes to take effect
c. test connectivity as 'anonymous' and 'non-anonymous' users
6. Enable IPv6 listener:
a. listen_ipv6=YES - DO NOT USE WITH 'listen=YES(IPv4)'
7. Restrict 'non-anonymous' user's transfer rate
a. local_max_rate=1000 - restricts connections to 1000/bps (1K/s)
1. FTPD
2. Chroot jail
3. anonymous and local-user auth
4. Rate-limiting
Tasks:
1. Install 'vsftpd'
a. yum -y install vsftpd
2. Start the server
a. service vsftpd start
b. netstat -ntlp | grep 21
3. Configure service to start when system boots into multi-user runlevel
a. chkconfig vsftpd on
b. chkconfig --list vsftpd
4. Connect to the FTPD service:
a. Use web browser, which defaults to anonymous
b. Use standard FTP client, as anonymous
c. setsebool -P ftp_home_dir=1 - permits users access to their home directory
d. service vsftpd restart - for changes to take effect
5. Chroot jail local users & disable 'anonymous' access
a. chroot_local_user=YES - this jails users
b. service vsftpd restart - for changes to take effect
c. test connectivity as 'anonymous' and 'non-anonymous' users
6. Enable IPv6 listener:
a. listen_ipv6=YES - DO NOT USE WITH 'listen=YES(IPv4)'
7. Restrict 'non-anonymous' user's transfer rate
a. local_max_rate=1000 - restricts connections to 1000/bps (1K/s)
Trivial File Transfer Protocol Daemon (TFTPD)
Features:
1. Fast, connectionless (UDP), file transfers
2. Often used to move files to and fro networked systems (VOIP Phones, PXE configurations, Router/Firewall/Switch configurations, etc.)
Note: Implemented as 2 components:
a. Client - tftp-*rpm
b. Server - tftp-server*
Tasks:
1. Install TFTP client
a. yum -y install tftp
2. Install TFTP server
a. yum -y install tftp-server
Note: this also install 'xinetd' dependency
3. Configure and start 'tftp' via 'xinetd'
a. /etc/xinetd.d/tftp - modify this file prior to starting 'TFTPD'
b. service xinetd start - to start XINETD
Note: TFTPD listens to UDP:69, by default
Note: use 'netstat -nulp | grep 69' to check if 'xinetd' is listening
4. Copy Cisco Router configuration to TFTP server
a. copy running-config tftp://192.168.75.199
b. setsebool -P tftpd_disable_trans=1 - disables SELinux for TFTPD
c. 'service xinetd restart' - restart XINETD
d. 'chmod 666 linuxcbtrouter1.config' - to permit TFTPD to write
5. Use 'tftp' client to download 'linuxcbtrouter1.config' file
a. tftp 192.168.75.199 -c get linuxcbtrouter1.config
b. tftp - enters interactive mode
Note: tftp client operates in both non-interactive and interactive modes
1. Fast, connectionless (UDP), file transfers
2. Often used to move files to and fro networked systems (VOIP Phones, PXE configurations, Router/Firewall/Switch configurations, etc.)
Note: Implemented as 2 components:
a. Client - tftp-*rpm
b. Server - tftp-server*
Tasks:
1. Install TFTP client
a. yum -y install tftp
2. Install TFTP server
a. yum -y install tftp-server
Note: this also install 'xinetd' dependency
3. Configure and start 'tftp' via 'xinetd'
a. /etc/xinetd.d/tftp - modify this file prior to starting 'TFTPD'
b. service xinetd start - to start XINETD
Note: TFTPD listens to UDP:69, by default
Note: use 'netstat -nulp | grep 69' to check if 'xinetd' is listening
4. Copy Cisco Router configuration to TFTP server
a. copy running-config tftp://192.168.75.199
b. setsebool -P tftpd_disable_trans=1 - disables SELinux for TFTPD
c. 'service xinetd restart' - restart XINETD
d. 'chmod 666 linuxcbtrouter1.config' - to permit TFTPD to write
5. Use 'tftp' client to download 'linuxcbtrouter1.config' file
a. tftp 192.168.75.199 -c get linuxcbtrouter1.config
b. tftp - enters interactive mode
Note: tftp client operates in both non-interactive and interactive modes
Network Time Protocol (NTP) Implementation
Features:
1. The ability to synch your system's clock
2. Also can be used to synch other clocks
3. Implemented as: 'ntp-4.2...rpm' package
4. Is hierarchial, using strata levels to denote time accuracy
/etc/ntp.conf - primary configuration
NTP Strata:
Features:
1. The ability to denote clock accuracy based on on stratum
2. With Stratum level 1 being the most accurate, as an NTP server at this level is connected to an external time service (GPS, Radio, etc.)
Use: www.ntp.org - to located public NTP clocks at various strata
Task:
1. Synch against internal NTP server
a. /etc/ntp.conf
a1. server 192.168.75.100
b. service ntpd start - this starts the 'ntpd' service
c. chkconfig ntpd on
d. ntpq -np - this queries the running 'ntpd' server
Note: NTP synchronization is hierarchical. Thus, if we synch against a stratum 3 clock, we become a stratum 4 clock
2. Prove that 'linuxcbtserv4' is indeed a stratum 4 clock
a. /etc/ntp.conf - of 'linuxcbtserv1'
a1. server 192.168.75.199
Note: Ideally, you should supply your: /etc/ntp.conf file with at least 3 clocks for:
1. Accuracy
2. Redundancy
1. The ability to synch your system's clock
2. Also can be used to synch other clocks
3. Implemented as: 'ntp-4.2...rpm' package
4. Is hierarchial, using strata levels to denote time accuracy
/etc/ntp.conf - primary configuration
NTP Strata:
Features:
1. The ability to denote clock accuracy based on on stratum
2. With Stratum level 1 being the most accurate, as an NTP server at this level is connected to an external time service (GPS, Radio, etc.)
Use: www.ntp.org - to located public NTP clocks at various strata
Task:
1. Synch against internal NTP server
a. /etc/ntp.conf
a1. server 192.168.75.100
b. service ntpd start - this starts the 'ntpd' service
c. chkconfig ntpd on
d. ntpq -np - this queries the running 'ntpd' server
Note: NTP synchronization is hierarchical. Thus, if we synch against a stratum 3 clock, we become a stratum 4 clock
2. Prove that 'linuxcbtserv4' is indeed a stratum 4 clock
a. /etc/ntp.conf - of 'linuxcbtserv1'
a1. server 192.168.75.199
Note: Ideally, you should supply your: /etc/ntp.conf file with at least 3 clocks for:
1. Accuracy
2. Redundancy
Runlevel Service Management Tools
Features:
1. The ability to indicate desired runlevels for services
2. Services are located in: /etc/init.d
/usr/sbin/ntsysv:
Usage:
1. ntsysv - manages services in the current run-level
2. ntsysv 35 - manages services for run-levels 3 & 5
Note: ntsysv nor chkconfig starts|stops services
Chkconfig Usage:
1. chkconfig --list ntpd - returns run-level environment for 'ntpd'
Note: items listed as 'off' have K (kill) scripts
Note: items listed as 'on' have S (start) scripts
2. chkconfig --level 3 ntpd off - creates a K(kill) script in run-level 3
3. chkconfig --level 35 ntpd off
4. chkconfig ntpd on - enables 'ntpd' in levels 2-5
5. chkconfig ntpd off - disables 'ntpd' in levels 0-6
Note: Use 'chkconfig' from the shell or a script
Note: Use 'ntsysv' from the shell in interactive mode
Note: When controlling services using 'chkconfig', reference the name of the service as it's specified in: /etc/init.d
system-config-services - GUI tool to manage services
1. The ability to indicate desired runlevels for services
2. Services are located in: /etc/init.d
/usr/sbin/ntsysv:
Usage:
1. ntsysv - manages services in the current run-level
2. ntsysv 35 - manages services for run-levels 3 & 5
Note: ntsysv nor chkconfig starts|stops services
Chkconfig Usage:
1. chkconfig --list ntpd - returns run-level environment for 'ntpd'
Note: items listed as 'off' have K (kill) scripts
Note: items listed as 'on' have S (start) scripts
2. chkconfig --level 3 ntpd off - creates a K(kill) script in run-level 3
3. chkconfig --level 35 ntpd off
4. chkconfig ntpd on - enables 'ntpd' in levels 2-5
5. chkconfig ntpd off - disables 'ntpd' in levels 0-6
Note: Use 'chkconfig' from the shell or a script
Note: Use 'ntsysv' from the shell in interactive mode
Note: When controlling services using 'chkconfig', reference the name of the service as it's specified in: /etc/init.d
system-config-services - GUI tool to manage services
Kernel Upgrade
Features:
1. Provision of updated/patched kernel
Task:
1. Update the kernel
a. use 'uname -a' to reveal current version
b. use 'rpm -qa | grep -i kernel' - to reveal installed version
c. cat /etc/grub.conf -> /boot/grub/grub.conf - "" ""
2. Proper installation method is as follows:
a. 'rpm -ivh kernel*rpm' - install a separate version
Note: Install the following kernel packages if necessary:
a. kernel-devel* - if module compilation is necessary
b. kernel-headers* - if recompilation is necessary
Install:
a. rpm -ivh kernel-2.6.18-53.el5.i686.rpm
Note: This will update GRUB (/boot/grub/grub.conf)
Note: Will also place the new kernel in the /boot file system
Examine traces in:
a. /boot
b. /boot/grub/grub.conf
3. Remove traces of former kernel using 'rpm -e [--nodeps]'
a. kernel-2.6.18-8.el5 - removes older version
b. kernel-headers-2.6.18-8.el5 - force remove ignoring dependencies 'rpm -e --nodeps kernel-headers-2.6.18-8.el5'
c. kernel-devel-2.6.18-8.el5
4. Install new 'kernel-headers' and 'kernel-devel' packages using YUM:
a. yum -y install kernel-headers
b. yum -y install kernel-devel
5. Confirm that the 3 'kernel-*' packages are installed:
a. rpm -qa | grep kernel
Note: Removal of older kernel-* packages cleans up:
a. /boot
b. /boot/grub/grub.conf (menu.lst)
1. Provision of updated/patched kernel
Task:
1. Update the kernel
a. use 'uname -a' to reveal current version
b. use 'rpm -qa | grep -i kernel' - to reveal installed version
c. cat /etc/grub.conf -> /boot/grub/grub.conf - "" ""
2. Proper installation method is as follows:
a. 'rpm -ivh kernel*rpm' - install a separate version
Note: Install the following kernel packages if necessary:
a. kernel-devel* - if module compilation is necessary
b. kernel-headers* - if recompilation is necessary
Install:
a. rpm -ivh kernel-2.6.18-53.el5.i686.rpm
Note: This will update GRUB (/boot/grub/grub.conf)
Note: Will also place the new kernel in the /boot file system
Examine traces in:
a. /boot
b. /boot/grub/grub.conf
3. Remove traces of former kernel using 'rpm -e [--nodeps]'
a. kernel-2.6.18-8.el5 - removes older version
b. kernel-headers-2.6.18-8.el5 - force remove ignoring dependencies 'rpm -e --nodeps kernel-headers-2.6.18-8.el5'
c. kernel-devel-2.6.18-8.el5
4. Install new 'kernel-headers' and 'kernel-devel' packages using YUM:
a. yum -y install kernel-headers
b. yum -y install kernel-devel
5. Confirm that the 3 'kernel-*' packages are installed:
a. rpm -qa | grep kernel
Note: Removal of older kernel-* packages cleans up:
a. /boot
b. /boot/grub/grub.conf (menu.lst)
Subscribe to:
Posts (Atom)