UnixCBT Feat. Solaris10 Notes

  • View
    21

  • Download
    5

Embed Size (px)

Text of UnixCBT Feat. Solaris10 Notes

  • UnixCBT feat. Solaris 10 EditionTraining Notes 20060801.01

  • Table of ContentsApache Web Server - Notes.......................................................................................................................3BIND DNS Implementation - Notes..........................................................................................................6System Scheduler Cron - Notes.............................................................................................................. 8File System Management - Notes............................................................................................................ 10Volume Management - Notes.................................................................................................................. 12File Transfer Protocol Daemon (FTPD) Implementation - Notes........................................................... 15GNU Privacy Guard (GPG) - Notes........................................................................................................ 17MySQL Implementation - Notes..............................................................................................................18NETSTAT - Notes................................................................................................................................... 19Network Configuration Overview - Notes...............................................................................................20Network File System(NFS) - Notes......................................................................................................... 22AutoFS - Notes.........................................................................................................................................23Network Mapper Nmap - Notes...............................................................................................................23Network Time Protocol (NTP) - Notes....................................................................................................24Quota Implementation & Management - Notes.......................................................................................25Samba Windows Integration - Notes.................................................................................................... 25Remote Desktop Installation - Notes....................................................................................................... 26Samba Server Configuration - Notes....................................................................................................... 26System Security Overview - Notes.......................................................................................................... 27Sendmail MTA Features - Notes............................................................................................................. 27Snoop Network Sniffer - Notes.............................................................................................................30TCPDump Network Sniffer - Notes......................................................................................................30Snort Network Intrusion Detection System (NIDS) - Notes....................................................................31SYSLOG Implementation - Notes........................................................................................................... 32Log Rotation using logadm - Notes......................................................................................................... 32Zettabyte File System (ZFS) - Notes....................................................................................................... 33Solaris Zones - Notes............................................................................................................................... 34

  • Apache Web Server - Notes

    SAMP - Solaris Apache MySQL PHP/PerlLAMP - Linux Apache MySQL PHP/Perl/Python

    Modular & Reliable

    2 Versions (1.3.33 & 2.0.50) are included with Solaris 10svcs -a | grep -i apache

    Note: Apache2 documentation is available @: http://localhost/manualSteps to invoke Apache on Solaris 10: 1. cp /etc/apache2/httpd.conf-example /etc/apache2/httpd.conf 2. update servername & server admin directives for main server 3. svcadm enable apache2 4. netstat -anP tcp | grep 80 && http://localhost/manual

    Note: Typical classes of web server errors:200 - OK300 - Redirect400 - client error500 - server errors

    Note: Apache ALWAYS maintains a DEFAULT HOST. Config is in httpd.conf and outside of ANY and ALL virtual hosts containersNote: Apache requires the following info. for the DEFAULT HOST: 1. ServerName linuxcbtsun1.linuxcbt.internal 2. ServerAdmin 3. DocumentRoot - where to serve content from 4. IP Address:Port to bind to - optional 5. Logging information - custom/combined & error logs

    Note: Listen directive controls IPs and ports that Apache binds toNote: specify 'Listen' directive(s) in the DEFAULT HOST(httpd.conf)Note: You can specify multiple Listen DirectivesNote: Apache binds to ALL IP addresses when 'Listen' is specified without an IP address

    DEFAULT HOST(IP:PORT) -Virtual Host 1 -Virtual Host 2

    Options Indexes FollowSymLinksAllowOverride NoneOrder allow,deny

    Allow from all

    Options FollowSymLinksAllowOverride None

    Order allow,deny Allow from all

  • Note: - applies to all sub-directories

    ###Order, Allow, Deny Rules###Note: Order is specified and Deny or Allow or combination followsNote: Allow|Deny supports the following attributes 1. IP Address - 127.0.0.1 2. IP Address range 3. IP Subnet Mask using CIDR or Class notation - 192.168.1.0/24 or 192.168.1.0/255.255.255.0 4. 192.168.1 5. ALL 6. Environment variables - referrer, user agents

    Used to influence default doc: DirectoryIndex index.html index.html.var

    LogFormat is used to define logging keywords that can be referencedApache can log to multiple log files, various keywords, simultaneously

    ###Alias Directive###Maps webspace location to file system location, usually non-document root

    ###Files Directive###Facilitates restrictions on matchings files regardless of location on server

    Order allow,deny Deny from all

    Note: When applied OUTSIDE of block, applies to all instances of named file throughout the web server

    Task: Create web-accessible directory, but, restrict access to certain IPsSteps: 1. mkdir /var/apache2/private 2. Create appropriate Alias - Alias /private/ /var/apache2/private/ 3. Create appropriate block

    ###Virtual Hosts Support###2 Types of Virtual Hosts are supported: 1. IP-based - Each virtual host is associated with a distinct address 2. Name Based - All or a group of Virtual Hosts share a distinct address

    ###IP-based Virtual Hosting###Note: System requires multiple IP addressesNote: Default Apache Host binds to ALL IP addresses on port 80

    Steps: 1. Implement appropriate 'Listen' directive 2. Configure Virtual Hosts 3. Restart Apache 4. Test configuration

    Listen 192.168.1.50:80

    ServerName linuxcbtsun1.linuxcbt.internalServerAdmin unixcbt@linuxcbtsun1.linuxcbt.internal

  • DocumentRoot /var/apache2/ipvhost1ErrorLog /var/apache2/logs/ipvhost1.error.logCustomLog /var/apache2/logs/ipvhost1.access.log

    Note: Apache will serve content from the DocumentRoot of DEFAULT HOST if a request does NOT match any of the Virtual Hosts

    Listen 192.168.1.51:80

    ServerName linuxcbtsun3.linuxcbt.internalServerAdmin unixcbt@linuxcbtsun1.linuxcbt.internalDocumentRoot /var/apache2/ipvhost2ErrorLog /var/apache2/logs/ipvhost2.error.logCustomLog /var/apache2/logs/ipvhost2.access.log combined

    ###NameBased Virtual Hosting###Facilitates the sharing of 1 IP address by a group of web sitesSteps: 1. Define appropriate Listen directive(s) 2. Define appropriate NameVirtualHost directive(s) 3. Define Virtual Hosts 4. Restart Apache 5. Confirm configuration

    Listen 80NameVirtualHost *:80 - means to permit NameBased Virtual Hosts on ALL IPsNote: NameVirtualHost directive MUST match VirtualHost directive

    ServerName linuxcbtsun1.linuxcbt.internalServerAdmin unixcbt@linuxcbtsun1.linuxcbt.internalDocumentRoot /var/apache2/namevhost1ErrorLog /var/apache2/logs/namevhost1.error.logCustomLog /var/apache2/logs/namevhost2.access.log combined

  • BIND DNS Implementation - Notes

    Bind 9.xSUNWbind(client & server utilities) & SUNWbindr(SMF)

    Steps to configure DNS:1. Create /etc/named.conf - primary named/BIND/DNS configuration file

    options {directory "/var/named";

    };

    ###Special zone indicating the root of the DNS hierarchy######Downloaded named.root from: ftp://ftp.rs.internic.net/domain/named.root##zone "." {

    type hint;file "db.cache";

    };

    ###Reverse Zones###zone "0.0.127.in-addr.arpa" {

    type master;file "db.127.0.0";

    };

    zone "1.168.192.in-addr.arpa" {type master;file "db.192.168.1";

    };zone "20.16.172.in-addr.arpa" {

    type master;file "db.172.20.16";

    };

    ###Forward Zones###zone "unixcbt.internal" {

    type master;file "db.unixcbt.internal";

    };

    ###Zone File Syntax###Note: @ is a variable, which indicates the name of the zone as configured in /etc/named.conf

    svcadm enable dns/server

    Note: With or without master domains, BIND functions as a caching-only NS

    Our server is configured to be: 1. Caching-Only Server 2. Authoritative Server

    ###Mail Exchanger(MX) Record Setup###Note: Implement MX via 2 records 1. IN MX 10 mail.unixcbt.internal 2. mail IN A 192.168.1.197

  • ###Slave DNS Server Configuration###Note: There really isn't a Slave DNS Server with BIND, however, there is a SLAVE ZONE

    Steps: 1. copy the following files to slave server: a. db.127.0.0 - houses reverse, loopback zone