Supplementary Slides for Project 2

About This Presentation

Title:

Supplementary Slides for Project 2

Description:

Some of the configuration files are not host specific, but require frequent ... autofs identd kudzu nfslock rawdevices sshd wine ypxfrd ... – PowerPoint PPT presentation

Number of Views:37

Avg rating:3.0/5.0

Slides: 14

Provided by: rongz3

Category:

more less

Transcript and Presenter's Notes

Title: Supplementary Slides for Project 2

1
Supplementary Slides for Project 2

Jennifer C. Hou
Univ. of Illinois at Urbana Champaign

2
Understanding NIS

Some of the configuration files are not host
specific, but require frequent updating, e.g.,
/etc/passwd and /etc/group
NIS enables us to set up a master server where
these files are stored and to configure each
machine as a client to the server. Whenever a
client needs to fetch an entry from /etc/passwd,
it consults the NIS server instead.
The files to be shared via NIS are converted into
DBM files. A separate DBM file is created for
each key to be searched.
For /etc/passwd, the database can be searched by
login and by UID. This leads to two DBM files,
passwd.byname and passwd.byuid.

3
Run Levels Used in Red Hat

There are 6 run levels
0 used to halt the system
1 puts the system into single-user mode
2 puts the system into a multiuser mode but does
not support networking
3 puts the system into the standard full
multiuser mode but does not automatically start
X.
4 Unused
5 X11 puts the system into standard multiuser
mode with a graphical (X-based) login.
6 signals the system to reboot itself.

4
The /etc/rc.d/rc3.d directory

Contains symbolic links to scripts for run level
3

K35vncserver K65identd S10network S25netfs
S56rawdevices S85gpm S97rhnsd K35winbind
K74nscd S12syslog S26apmd S56xinetd
S90crond S98wine K45arpwatch
K74ypxfrd S13portmap S26ntpd S60lpd
S90xfs S99local K46radvd S05kudzu
S14nfslock S26ypserv S60nfs
S95anacron S99sshd K50snmpd S08ipchains
S17keytable S27ypbind S66yppasswdd S95atd
S99update-system K50snmptrapd S08iptables
S20random S28autofs S80sendmail
S95networker

The actual scripts exist in /etc/rc.d/init.d

anacron cups iptables netfs ntpd
sendmail update-system xinetd apmd
functions kdcrotate network portmap
single vmware ypbind arpwatch gpm
keytable networker radvd snmpd
vncserver yppasswdd atd halt
killall nfs random snmptrapd
winbind ypserv autofs identd kudzu
nfslock rawdevices sshd wine
ypxfrd crond ipchains lpd nscd
rhnsd syslog xfs
5
The /etc/rc.d/rc3.d directory
K35vncserver K65identd S10network S25netfs
S56rawdevices S85gpm S97rhnsd K35winbind
K74nscd S12syslog S26apmd S56xinetd
S90crond S98wine K45arpwatch
K74ypxfrd S13portmap S26ntpd S60lpd
S90xfs S99local K46radvd S05kudzu
S14nfslock S26ypserv S60nfs
S95anacron S99sshd K50snmpd S08ipchains
S17keytable S27ypbind S66yppasswdd S95atd
S99update-system K50snmptrapd S08iptables
S20random S28autofs S80sendmail
S95networker

Each file begins with an S or a K.
At boot time, the kernel starts the init program
which parses the /etc/inittab file to determine
what programs to run and at what level.
The inittab starts the /etc/rc.d/rc script at the
specified run level.
It first runs the scripts whose names start with
K to kill their associated processes, if running.
It then runs the scripts whose names start with S
to start the associated processes.

6
The /etc/rc.d/rc3.d directory

To enable a service, you can manually create a
symbolic link from the runlevel 3 startup
directory
cd /etc/rc.d/rc3.d
ln -s ../init.d/ypserv S60ypserv
ln -s ../init.d/uppasswdd S61yppasswdd

7
Acl Statement in /etc/named.conf

acl
acl black-hats
10.0.2.0/24
192.168.0.0/24
acl red-hats
10.0.1.0/24
options
blackhole black-hats
allow-query red-hats
allow-recursion red-hats

8
Option Statement in /etc/named.conf

allow-query Specifies which hosts are allowed
to query this nameserver. By default, all hosts
are allowed to query. An access control list, or
collection of IP addresses or networks may be
used here to only allow particular hosts to query
the nameserver.
allow-recursion Similar to allow-query, this
option applies to recursive queries. By default,
all hosts are allowed to perform recursive
queries on the nameserver.
blackhole Specifies which hosts are not allowed
to query the server.
directory Changes the named working directory
to something other than the default value,
/var/named/.
forward Controls forwarding behavior of a
forwarders directive.
first Specifies that the namservers specified
in the forwarders directive be queried before
named attempts to resolve the name itself.
only Specifies that named not attempt name
resolution itself in the event queries to
namservers specified in the forwarders directive
fail.
forwarders Specifies a list of valid IP
addresses for nameservers where requests should
be forwarded for resolution.
listen-on Specifies the network interface on
which named listens for queries. By default, all
interfaces are used

9
Zone Statement in /etc/named.conf

allow-query Specifies the clients that are
allowed to request information about this zone.
The default is to allow all query requests.
allow-transfer Specifies the slave servers that
are allowed to request a transfer of the zone's
information. The default is to allow all transfer
requests.
allow-update Specifies the hosts that are
allowed to dynamically update information in
their zone. The default is to deny all dynamic
update requests.
file Specifies the name of the file in the
named working directory that contains the zone's
configuration data.
masters The masters option lists the IP
addresses from which to request authoritative
zone information. Used only if the zone is
defined as type slave.
notify Controls whether named notifies the
slave servers when a zone is updated. yes
Notifies slave servers.
no Does not notify slave servers.
explicit Only notifies slave servers specified
in an also-notify list within a zone statement.
type Defines the type of zone.
forward Forwards all requests for information
about this zone to other nameservers.
hint A special type of zone used to point to
the root nameservers which resolve queries when a
zone is not otherwise known. No configuration
beyond the default is necessary with a hint zone.
master Designates the nameserver as
authoritative for this zone. A zone should be set
as the master if the zone's configuration files
reside on the system.
slave Designates the nameserver as a slave
server for this zone. Also specifies the IP
address of the master nameserver for the zone.

10
Controls Statement in /etc/named.conf

In order for rndc to connect to a named service,
there must be a controls statement in the BIND
server's /etc/named.conf file.
The controls statement below shown allows rndc to
connect from the localhost.
controls
inet 127.0.0.1 allow localhost keys
ltkey-namegt
This statement tells named to listen on the
default TCP port 953 of the loopback address and
allow rndc commands coming from the localhost, if
the proper key is given.
The ltkey-namegt relates to the key statement,
which is also in the /etc/named.conf file.
key "ltkey-namegt"
algorithm hmac-md5 secret "ltkey-valuegt"
In this case, the ltkey-valuegt is a HMAC-MD5
key. The same key statement should appear in
/etc/rndc.conf