Linux Servers

Paul Cobbaut

2015-05-24


Table of Contents

I. apache and squid
1. apache web server
introduction to apache
installing on Debian
installing on RHEL/CentOS
running apache on Debian
running apache on CentOS
index file on CentOS
default website
apache configuration
port virtual hosts on Debian
default virtual host
three extra virtual hosts
three extra ports
three extra websites
enabling extra websites
testing the three websites
named virtual hosts on Debian
named virtual hosts
name resolution
enabling virtual hosts
reload and verify
password protected website on Debian
port virtual hosts on CentOS
default virtual host
three extra virtual hosts
three extra ports
SELinux guards our ports
three extra websites
enabling extra websites
testing the three websites
firewall rules
named virtual hosts on CentOS
named virtual hosts
name resolution
reload and verify
password protected website on CentOS
troubleshooting apache
virtual hosts example
aliases and redirects
more on .htaccess
traffic
self signed cert on Debian
self signed cert on RHEL/CentOS
practice: apache
2. introduction to squid
about proxy servers
usage
open proxy servers
squid
installing squid
port 3128
starting and stopping
client proxy settings
upside down images
/var/log/squid
access control
testing squid
name resolution
II. mysql database
3. introduction to sql using mysql
installing mysql
accessing mysql
Linux users
mysql client application
~/.my.cnf
the mysql command line client
mysql databases
listing all databases
creating a database
using a database
access to a database
deleting a database
backup and restore a database
mysql tables
listing tables
creating a table
describing a table
removing a table
mysql records
creating records
viewing all records
updating records
viewing selected records
primary key in where clause ?
ordering records
grouping records
deleting records
joining two tables
inner join
left join
mysql triggers
using a before trigger
removing a trigger
III. dns server
4. introduction to DNS
about dns
name to ip address resolution
history
forward and reverse lookup queries
/etc/resolv.conf
dns namespace
hierarchy
root servers
root hints
domains
top level domains
fully qualified domain name
dns zones
dns records
caching only servers
caching only server without forwarder
caching only server with forwarder
iterative or recursive query
authoritative dns servers
primary and secondary
zone transfers
master and slave
SOA record
full or incremental zone transfers
DNS cache
forward lookup zone example
example: caching only DNS server
example: caching only with forwarder
example: primary authoritative server
using your own DNS server
using your own domain
example: a DNS slave server
practice: dns
solution: dns
5. advanced DNS
example: DNS round robin
DNS delegation
example: DNS delegation
example: split-horizon dns
old dns topics
old example: reverse DNS
old DNS load balancing
old DNS notify
old testing IXFR and AXFR
old DDNS integration with DHCP
old reverse is forward in-addr.arpa
old ipv6
old DNS security: file corruption
old DNS security: zone transfers
old DNS security: zone transfers, ip spoofing
old DNS security: queries
old DNS security: chrooted bind
old DNS security: DNSSEC
old DNS security: root
IV. dhcp server
6. introduction to dhcp
four broadcasts
picturing dhcp
installing a dhcp server
dhcp server for RHEL/CentOS
client reservations
example config files
older example config files
advanced dhcp
80/20 rule
relay agent
rogue dhcp servers
dhcp and ddns
Practice: dhcp
V. iptables firewall
7. introduction to routers
router or firewall
packet forwarding
packet filtering
stateful
nat (network address translation)
pat (port address translation)
snat (source nat)
masquerading
dnat (destination nat)
port forwarding
/proc/sys/net/ipv4/ip_forward
/etc/sysctl.conf
sysctl
practice: packet forwarding
solution: packet forwarding
8. iptables firewall
iptables tables
starting and stopping iptables
the filter table
about packet filtering
filter table
setting default rules
changing policy rules
Allowing ssh over eth0
Allowing access from a subnet
iptables save
scripting example
Allowing ICMP(ping)
practice: packet filtering
solution: packet filtering
network address translation
about NAT
SNAT (Source NAT)
SNAT example setup
IP masquerading
DNAT (Destination NAT)
VI. Introduction to Samba
9. introduction to samba
verify installed version
.rpm based distributions
.deb based distributions
installing samba
.rpm based distributions
.deb based distributions
documentation
samba howto
samba by example
starting and stopping samba
samba daemons
nmbd
smbd
winbindd
the SMB protocol
brief history
broadcasting protocol
NetBIOS names
network bandwidth
practice: introduction to samba
10. getting started with samba
/etc/samba/smb.conf
smbd -b
the default smb.conf
minimal smb.conf
net view
long lines in smb.conf
curious smb.conf
man smb.conf
/usr/bin/testparm
syntax check smb.conf
testparm -v
testparm -s
/usr/bin/smbclient
smbclient looking at Samba
smbclient anonymous
smbclient with credentials
/usr/bin/smbtree
server string
Samba Web Administration Tool (SWAT)
practice: getting started with samba
solution: getting started with samba
11. a read only file server
Setting up a directory to share
configure the share
smb.conf [global] section
smb.conf [share] section
restart the server
verify the share
verify with smbclient
verify on windows
a note on netcat
practice: read only file server
solution: read only file server
12. a writable file server
set up a directory to share
share section in smb.conf
configure the share
test connection with windows
test writing with windows
How is this possible ?
practice: writable file server
solution: writable file server
13. samba first user account
creating a samba user
ownership of files
/usr/bin/smbpasswd
/etc/samba/smbpasswd
passdb backend
forcing this user
practice: first samba user account
solution: first samba user account
14. samba authentication
creating the users on Linux
creating the users on samba
security = user
configuring the share
testing access with net use
testing access with smbclient
verify ownership
common problems
NT_STATUS_BAD_NETWORK_NAME
NT_STATUS_LOGON_FAILURE
usernames are (not) case sensitive
practice : samba authentication
solution: samba authentication
15. samba securing shares
security based on user name
valid users
invalid users
read list
write list
security based on ip-address
hosts allow
hosts deny
security through obscurity
hide unreadable
browsable
file system security
create mask
force create mode
security mask
force security mode
inherit permissions
practice: securing shares
solution: securing shares
16. samba domain member
changes in smb.conf
workgroup
security mode
Linux uid's
winbind use default domain
[global] section in smb.conf
realm in /etc/krb5.conf
[share] section in smb.conf
joining an Active Directory domain
winbind
adding winbind to nsswitch.conf
starting samba and winbindd
wbinfo
verify the trust
list all users
list all groups
query a user
getent
file ownership
practice : samba domain member
17. samba domain controller
about Domain Controllers
Windows NT4
Windows 200x
Samba 3
Samba 4
About security modes
security = share
security = user
security = domain
security = ads
security = server
About password backends
[global] section in smb.conf
security
os level
passdb backend
preferred master
domain logons
domain master
[global] section
netlogon share
other [share] sections
Users and Groups
tdbsam
about computer accounts
local or roaming profiles
Groups in NTFS acls
logon scripts
practice: samba domain controller
18. a brief look at samba 4
Samba 4 alpha 6
VII. selinux
19. introduction to SELinux
selinux modes
logging
activating selinux
getenforce
setenforce
sestatus
policy
/etc/selinux/config
DAC or MAC
ls -Z
-Z
/selinux
identity
role
type (or domain)
security context
transition
extended attributes
process security context
chcon
an example
setroubleshoot
booleans
VIII. introducing git
20. git
git
installing git
starting a project
git init
git config
git add
git commit
changing a committed file
git log
git mv
git branches
to be continued...
github.com
add your public key to github
practice: git
IX. ipv6
21. Introduction to ipv6
about ipv6
network id and host id
host part generation
ipv4 mapped ipv6 address
link local addresses
unique local addresses
globally unique unicast addresses
6to4
ISP
non routable addresses
ping6
Belgium and ipv6
other websites
6to4 gateways
ping6 and dns
ipv6 and tcp/http
ipv6 PTR record
6to4 setup on Linux
X. Appendices
A. cloning
About cloning
About offline cloning
Offline cloning example
B. License
Index

List of Tables

4.1. the first top level domains
4.2. new general purpose tld's
7.1. Packet Forwarding Exercise
7.2. Packet Forwarding Solution