COMPUTER AND NETWORK
SYSTEM ADINISTRATION
CIS 5406-01
Summer 1997 - Lesson 3
More Daemons and Services - Overview
syslogd - continued
A.handles logging requests from:
1. the kernel
2. other local user processes (including daemons)
3. processes on other machines (across the net)
B. syslog(priority, message, facility)
1. priority - level of criticality
2. message
3. facility - source of message
C. configuration file /etc/syslog.conf
*.err;kern.debug;user.none;mail.notice /dev/console
*.err;kern.debug;daemon,auth.notice; /var/adm/messages
auth.notice ifdef(`LOGHOST', /var/log/authlog, @loghost)
SA RELEVANCE:
1. route important syslog messages to one location
Jan 10 23:01:09 nu su: 'su root' failed for jtbauer on
Jan 9 08:38:14 grep su: 'su root' failed for spain on
Jan 9 08:38:40 mu su: 'su root' failed for barnash on
Jan 9 08:39:17 nu su: 'su root' succeeded for pfeil on
Jan 9 09:05:54 nu su: 'su root' succeeded for sheff on
Windows NT - Logging is viewed via the Event Viewer. The logger
can be found at Start/Programs/Administrative Tools
Three logs exist:
o System log - startup messages, device driver errors, etc.
o Security log - failed logon attempts, etc.
o Application log - application-specific log messages
Printing
A. lpd - BSD print spooling daemon
1. accepts jobs and spools them (via "lpr", "lprm")
2. does actual interaction with printer
3. ships jobs to other machines
4. will cover in Chapter 25
B. lpsched - ATT version of lpd (more complex to administer)
C. Windows NT - Chapter 16; quite complex and flexible; NT 4.0's
"Add Printer Wizard" really helps.
Sendmail
A. routes local and network mail
B. one of the largest and historically buggiest
daemons
C. the file /etc/sendmail.cf is a set of rewrite
rules for modifying addresses (think: context free grammars)
D. sample:
# now delete the local info
R$*<$*$=w.UUCP>$* $1<$2>$4 thishost
R$*<$*$=w.$T.$D>$* $1<$2>$4 thishost
R$*<$*$=w>$* $1<$2>$4 thishost
R$*<$*@zip.fsu.edu>$* $1.zip<@>$3
R$*<$*@zap.fsu.edu>$* $1.zap<@>$3
R$*<$*.>$* $1<$2>$3 drop trailing dot
R<@>:$* $@$>0$1 retry after route strip
R$*<@> $@$>0$1 strip null trash & retry
E. we'll cover this in Chapter 21
SA RELEVANCE:
1. mail service is the most popular and
arguably, most important service on your system
2. users get very upset when mail does not work
exactly right
3. it is also one of the source of security holes
4. configuring and tuning mail can take a lot of SA time
Windows NT
Email servers and clients on Windows NT/95 systems are varied, given the
large marketplace.
NFS - Network File Service
A. NFS was developed by Sun and is now used by many
UNIX system including Linux
B. it allows file access across the network as if
the files were local
C. we'll cover NFS in Ch. 17
D. server daemons
1. if the configuration file /etc/exports exists then the machine
is presumed to be an NFS server
2. the rc.local (bsd style) script will (typically) start the mountd
3. the mount daemon (can be run under inetd) listens for NFS
mount requests and grants them if /etc/exports
includes the client machine
4. the rc.local script will (typically) also start a number of nfsd's
5. the nfsd simply makes a system call to the kernel
to actually perform the I/O
6. they are implemented as separate processes to make
scheduling easier
E. client daemons
1. the biod daemons (asynchronous block I/O daemon)
do read-ahead and write-behind block caching
2. this is an attempt to improve NFS performance
F. lock daemons - supports NFS "flock()" call
1. lockd - maintains advisory locks on local and remote files
2. statd - the status monitor, provides crash and recovery
mechanism for file locks
3. /etc/sm - hold the names of machines that statd is trying
to monitor
4. Interestingly, to date no Linux implementation of lockd/statd
exists (to my knowledge)!
SA RELEVANCE:
1. tuning NFS - choosing the optimum number of nfsd's and
biod's is a semi-black art
2. modifying the export files is a common SA task
3. example exports file:
/real/cs20 -root=nu:mu,access=lpdaemon:lpdaemon2:majorslab
/real/cs21 -root=nu:mu:export,access=lpdaemon:lpdaemon2:majorslab
/real/cs22 -root=nu:mu,access=lpdaemon:lpdaemon2
/real/cs23 -root=nu:mu:mount,access=lpdaemon:lpdaemon2:majorslab:\
sysadm4:sysadm7:sysadm8:sysadm9:sysadm10:sysadm11:\
sysadm12:sysadm13:sysadm14:sysadm15:sysadm16:sysadm18:\
sysadm20:sysadm21
3. security holes and concerns
Windows NT (Chapter 10)
First have to get the concepts of Workgroup and Domain down.
Workgroup - simple peer-to-peer scheme where each computer
can be a client and server; older model of sharing computer
resources
Domain - Group of one or more NT servers controlled by a
Primary Domain Controller (PDC), which does the authentication
of the logon process. PDCs can be load shared with BDCs
(Backup Domain Controllers). A PDC/BDC is nothing more than
a computer running Windows NT that has been configured to be
a PDC or a BDC.
Domains can establish one-way or two-way trust relationships.
Windows NT networked file systems and devices are complex
and provide a rich set of file system semantics for sharing
information between machines (more later).
Yellow pages (NIS)
A. allows key system files to be shared over the net
1. "ypcat passwd | more" *vs* "more /etc/passwd"
2. /var/yp
B. ypserv - server daemon
1. one master (see via "ypwhich")
2. serves a yp domain - 'csdept' via "domainname"
3. slave servers (secondaries)
4. NOTE: YP domain name != name server domain name != Windows NT domain
D. ypbind - client daemon
1. locates a yp server
2. ypbind remembers a 'binding'
SA RELEVANCE:
A. must decide whether or not to use NIS
B. it makes life a lot more convenient (Kuncicky religious preference :)
C. it is prone to security holes
D. Will cover more later (Chapter 18)
Windows NT - User account management occurs at the Domain level. A
plethora of options exist for managing users (more later).
ftpd - inet
A. file transfer protocol daemon
SA RELEVANCE:
1. ftpd has been the site of a number of security holes
2. wu-archive ftp daemon is more secure than Sun's
rlogind - inet
telnet - inet
A. remote login servers
B. how are they different?
C. under certain cases rlogin doesn't ask for a password (.rhosts)
D. telnet allows you to see/modify parameters from
within a session
E. telnet is supported on non-UNIX systems
remote execution daemons
A. rshd - "rcp" server
B. rexecd - older; requires name/password
C. rexd - RPC remote execution daemon; usually
so insecure that it's recommended to be turned off
named
A. domain name server daemon
B. distributed database
C. maps IP names to numbers (and the reverse)
SA RELEVANCE:
A. DNS is a primary SA task
fingerd
A. returns information about users
B. earlier versions were riddled with security holes
C. we run the GNU fingerd
SA RELEVANCE:
A. do you want to provide finger service outside
of your local domain?
httpd
A. WWW server
B. provides service for hypertext viewers
SA RELEVANCE:
1. the administration of the daemon and of the
contents of the documents should be well separated
2. Use of CGI scripts can be problematic
diskless clients (X-terminals or Sun3/50 workstations)
A. bootpd (newer) and bootparamd (older)
1. used to provide information to clients for booting
B. tftpd
1. trivial file transfer daemon
2. a non-authenticated file transfer program
3. stores boot programs (similar to bootblock) in /tftpboot (usually)
4. also store IP->bootfile mappings
SA RELEVANCE
1. tftpd is a real security hole
2. limit content
C. rarpd
1. reverse address resolution protocol daemon
2. broadcast 'who-am-i?'
3. /etc/ethers
4. server then caches mapping
5. ARP table visible via "arp -a", usually
SA RELEVANCE:
1. cache can be a source of problems if an incorrect
map gets cached; clear via "arp -flush" usually
Windows NT and TCP-IP related services:
Many packages exist that allow you to run a variety of TCP-IP based
services on NT. Microsoft's Internet Server (which is on the NT 4.0
server CD-ROM) includes a web, gopher and FTP server. They are
separately controlled by the Microsoft Internet Service Manager.
Check the various NT shareware and commercial TCP-IP packages for
other solutions.