COMPUTER AND NETWORK
SYSTEM ADINISTRATION
CIS 5406-01
Summer 1999 - Lesson 3
More Daemons and Services - Overview
syslogd - continued
SA RELEVANCE:
1. route important syslog messages to one location (file):
Jan 10 23:01:09 nu su: 'su root' failed for jtbauer on
Jan 9 08:38:14 grep su: 'su root' failed for joehacker on
Jan 9 08:38:40 mu su: 'su root' failed for barnash on
Jan 9 08:39:17 nu su: 'su root' succeeded for pfeil on
Jan 9 09:05:54 nu su: 'su root' succeeded for sheff on
Windows NT - Logging is viewed via the Event Viewer. The logger
can be found at Start/Programs/Administrative Tools
Three logs exist:
o System log - startup messages, device driver errors, etc.
o Security log - failed logon attempts, etc.
o Application log - application-specific log messages
Printing
A. lpd - BSD print spooling daemon
1. accepts jobs and spools them (via "lpr", "lprm")
2. If local, does actual interaction with printer
3. If required, sends jobs to other machines
B. lpsched - ATT version of lpd (more complex to administer; see Chapter 12
of ESA for more details)
C. Windows NT - Chapter 9 of EWNTSA; quite complex and flexible; NT 4.0's
"Add Printer Wizard" really helps.
Sendmail
A. Routes local and network mail
B. One of the largest and historically "buggiest"
daemons
C. The file /etc/sendmail.cf is a set of rewrite
rules for modifying addresses (think: context free grammars);
luckily tools exist to automate creation of this file.
Check www.sendmail.com for one of the more popular versions of
sendmail.
D. sample tiny piece of a sendmail.cf:
# now delete the local info
R$*<$*$=w.UUCP>$* $1<$2>$4 thishost
R$*<$*$=w.$T.$D>$* $1<$2>$4 thishost
R$*<$*$=w>$* $1<$2>$4 thishost
R$*<$*@zip.fsu.edu>$* $1.zip<@>$3
R$*<$*@zap.fsu.edu>$* $1.zap<@>$3
R$*<$*.>$* $1<$2>$3 drop trailing dot
R<@>:$* $@$>0$1 retry after route strip
R$*<@> $@$>0$1 strip null trash & retry
E. Covered in Chapter 14 of ESA.
SA RELEVANCE:
1. Mail service is the most popular and
arguably, most important service on your system (along with web service)
2. Users get very upset when mail does not work
exactly right!
3. It is also one of the source of security holes.
4. Configuring and tuning mail can take a lot of SA time.
Windows NT
Email servers and clients on Windows NT/98/95 systems are varied, given the
large marketplace. One of the more popular email servers is Microsoft's
Exchange Server.
NFS - Network File Service
A. NFS was developed by Sun and is now used by many
UNIX systems, including Linux
B. It allows file access across the network as if
the files were local
C. NFS is covered in Ch. 13 of ESA.
Windows NT File sharing
First have to get the concepts of Microsoft's Workgroup and Domain down.
Workgroup - simple peer-to-peer scheme where each computer
can be a client and server; older model of sharing computer
resources
Domain - Group of one or more NT servers controlled by a
Primary Domain Controller (PDC), which does the authentication
of the logon process. PDCs can be load shared with BDCs
(Backup Domain Controllers). A PDC/BDC is nothing more than
a computer running Windows NT that has been configured to be
a PDC or a BDC.
Domains can establish one-way or two-way trust relationships.
Windows NT networked file systems and devices are complex
and provide a rich set of file system semantics for sharing
information between machines (more later).
Yellow pages (NIS)
A. Allows key system files to be shared over the net using
a UNIX dbm-style database and a client/server model.
1. "ypcat passwd | more" *vs* "more /etc/passwd"
2. /var/yp on the YP server and clients
3. YP == NIS (Network Information name Service)
B. ypserv - server daemon
1. One master (see via "ypwhich")
2. Serves a YP domain - 'csdept' via "domainname"
3. slave servers (secondaries)
4. NOTE: YP domain name != name server domain name != Windows NT domain
(The term "domain" is, unfortunately, overused in the computing field.)
D. ypbind - client daemon
1. Locates a yp server and serves up the maps
2. ypbind remembers a 'binding'
SA RELEVANCE:
A. Must decide whether or not to use NIS
B. It is prone to security holes
C. Chapter 13 of ESA
Windows NT - User account management occurs at the Domain level. A
plethora of options exist for managing users (more later).
Once a number of workstations are under the control of an NT
domain, the net effect is the same as a YP/NIS server -- user's
accounts and passwords are available on all machines.
Chapter 3 of EWNTSA contains useful information.
ftpd - inet
A. file transfer protocol daemon
SA RELEVANCE:
1. ftpd has been the site of a number of security holes
2. wu-archive ftp daemon is more secure than Sun's (or
most UNIX vendors, for that matter :)
rlogind - inet
telnet - inet
A. Remote login servers
B. under certain cases rlogin doesn't ask for a password (.rhosts)
C. Telnet allows you to see/modify parameters from
within a session
D. telnet is supported on non-UNIX systems (and, these days, so is
rlogin to some extent).
Remote execution daemons
A. rshd - "rcp" server
B. rexecd - older; requires name/password
C. rexd - RPC remote execution daemon; usually
so insecure that it's recommended to be turned off
named
A. Domain name server (DNS) daemon (part of the BIND package)
B. Distributed database
C. Maps IP names to numbers (and the reverse)
SA RELEVANCE:
A. DNS is a major SA task, if you control your own domain
B. Both UNIX and NT can act as a DNS server (as well as other
operating systems)
fingerd
A. Returns information about users via finger command
B. Earlier versions were riddled with security holes
C. We run the GNU fingerd
SA RELEVANCE:
A. Do you want to provide finger service outside
of your local domain (or other services, for that matter)?
httpd
A. WWW server
B. Provides web service
SA RELEVANCE:
1. The administration of the daemon and of the
contents of the documents should be well separated
2. Use of CGI scripts can be problematic with respect to security
Diskless clients (X-terminals)
A. bootpd (newer) and bootparamd (older)
1. Used to provide information to clients for booting
B. tftpd
1. Trivial file transfer daemon
2. A non-authenticated file transfer program
3. Stores boot programs (similar to bootblock) in /tftpboot (usually)
4. Also store IP->bootfile mappings
SA RELEVANCE
1. Tftpd is a real security hole
2. Limit content and firewall
C. rarpd
1. Reverse address resolution protocol daemon
2. Ethernet broadcast 'who-am-i?'
3. /etc/ethers maps ethernet addresses to IP addresses
4. Server then caches mapping
5. ARP table visible via "arp -a", usually
SA RELEVANCE:
1. cache can be a source of problems if an incorrect
map gets cached; clear via "arp -flush" usually
Windows NT and TCP-IP related services:
Many packages exist that allow you to run a variety of TCP-IP based
services on NT. Microsoft's Internet Server (which is on the NT 4.0
server CD-ROM) includes a web, gopher and FTP server. They are
separately controlled by the Microsoft Internet Service Manager.
For the most part, NT equivalents exist for most of the majors UNIX
daemons.
Check the various NT shareware and commercial TCP-IP packages for
other solutions.