Docstoc

Linux Project for IT students

Document Sample
Linux Project for IT students Powered By Docstoc
					Lab Configuration Using Linux



                         Acknowledgement

No project is created by an individual. Many people involved in the project
and each of their contribution has been valuable.
The timely completion of this project is mainly due to interest and persuasion
of Er. Amardeep Singh who is not only our teacher but also a good friend
and guide. His contribution will be remembered forever.
We own our regards to the entire faculty of the department of computer
science at NETMAX TECHNOLGY from where we have learnt the
basics of   Computer Science and whose informal discussions and able
guidance was a become light for me in the entire duration of this work.
We would also like to thank our team members who worked with us and our
combined efforts lead to the completion of the project.
We are very thankful to our parents who are always used to encourage us.




               Swami Vivekanand Institute of Engg. & Tech.
Lab Configuration Using Linux

                                      Abstract
Linux is not basically an operating system but Linux consists of a kernel, which is the core
control software, and many libraries and utilities that rely upon the kernel to provide
features with which users interact. The OS is available in many different distributions,
which are bundlings of a specific kernel with specific support programs. Linux is a multi-
user, multitasking operating system. All this means is that Linux enables multiple users to
log in, and Linux can run more than one program at the same time. Nearly all operating
systems are multi-user and multitasking these days, but when Linux first started in 1994,
multi-user and multitasking were big selling points.

Server configuration and creation is one of the basic concept used by Linux. It requires the
required packages and the knowledge of the operating system and some of the clear cut
concepts of the commands.
Servers can be configured as per the various requirement of the user like Sendmail server
for sending the mail within an organization or department from user to user or from root
(administrator) to the user or vice versa. Apache server is used connecting to the internet
and web server with user authentication is for providing the user an authority to connect,
unauthorized user cannot connect. DHCP (Dynamic Host Control Protocol) is to allot IP to
a large no of computers in a lab at a single time without moving to the individual
computers.

When considered broadly, networking is a way for computers to communicate with one
another. Just as with human-to-human communication, though, computer communication
can be used to accomplish many different goals. These goals are associated with one or
more networking protocols. For instance, e-mail transfer uses certain protocols, which are
different from the used in file sharing.




                  Swami Vivekanand Institute of Engg. & Tech.
 Lab Configuration Using Linux

                                 Table of Contents
                           CONTENT                                PAGE NO.

                                                                     6-7
1.   Introduction
     (I).       History Of Unix & Linux
     (II).      Major Linux Distributors
2.   Requirements                                                   8-10
     (I). Hardware Requirements
     (II).      Optical Drive Requirements
     (III).     Graphic Card Requirements
     (Iv).      Hard Drive Requirements
     (V).       Sound Card Requirements
3.   Advantages And Disadvantages Of Linux                           11
4.   Other Features Of Linux                                        12-13
     (I).   A Comparison Of Win9x,Me,Nt
     (II). File System Hierarchy
     (III). Some Of The Linux Commands
5.   Package Management                                             14-53
     (I).       What Is A Package?
     (II).      Installing Rpm
     (III)      Yum Server
     (II).      Apache Server
     (III.      DHCP(Dynamic Host Control Protocol)
     (Iv).      Samba Server
     (V).       Send Mail Server
     (VII). Send Mail Server With Squirrel mail
     (VI). Security
                (A). Tcp Wrappers
                (B). Ip Tables
                                                                     54
6.   Maintaining A Healthy Server
7.   Troubleshooting                                                55-56
     (I).       Configuring The Linux Kernel
     (II)   .   Troubleshooting A Network Server
8.   Reference                                                       57




                    Swami Vivekanand Institute of Engg. & Tech.
Lab Configuration Using Linux


                                Introduction
Linux is the perfect choice for an operating system on which to build a network
server. Much of the fame of Linux as a server system comes from its widespread
use as a system on which Apache web servers are built. But the power and
reliability of Linux does more than provide a stable platform for the world's most
popular web server. Linux provides all of the most important network services in a
single low−cost package.

Low cost, reliability, and power are propelling the continued growth of Linux as a
server system. Linux has proven to be a cost−effective alternative to high−cost
Unix servers. And it has proven itself to be more powerful and reliable than any
proprietary desktop operating system trying to recast itself as a server operating
system. Sales people might lust after the vast desktop market, but as professional
system administrators, we know that the real technical action is with the server
systems. The tremendous range of network services provided by Linux means that
it can be used for all of your network server needs. In this book, servers are
categorized as "Internet servers" and "departmental servers." This somewhat
arbitrary division is done to organize the discussion of the various services in a
rational way. We define Internet services as those services that are often offered
to the world at large or that are used to connect an organization to the worldwide
Internet.

The services that are covered in this category are:
Domain Name System (DNS) services
sendmail
Apache
Login services such as FTP, Telnet, and SSH
Routing protocols through Zebra and gated
Network Address Translation (NAT)

Departmental services are those services that are usually limited to usage on the
internal network.
The services that are covered under this category are:
Dynamic Host Configuration Protocol (DHCP)
Reverse Address Resolution Protocol (RARP)
Network File System (NFS)
Samba file and printer sharing
LPR/LPD printer sharing
Post Office Protocol (POP)
Internet Message Access Protocol (IMAP)
procmail mail filtering




                Swami Vivekanand Institute of Engg. & Tech.
Lab Configuration Using Linux


                           History Of UNIX & Linux

   1957: Bell Labs found they needed an operating system which at the time was
    running various batch jobs.
   1965: Bell Labs create Multics (Multiplexed Information and Computing Service)
   1969: Summer 1969 UNIX was developed by AT&T
   1975: Sixth edition of UNIX released May 1975
   1985: GNU project started
   1991: Linux is introduced by Linus Benedict Torvalds who was a second year
    student of Computer Science at the University of Helsinki
   1993: NetBSD & FreeBSD released
   1994: Red Hat Linux is introduced




                          Major Linux Distributors


Mandrake Linux
Slackware Linux
SuSE Linux
Turbo Linux
Vector Linux
Caldera Linux
Corel Linux
Debian Linux
Kondara Linux
Red Hat Linux




               Swami Vivekanand Institute of Engg. & Tech.
Lab Configuration Using Linux

  REQUIREMENTS

   Hardware Requirements



      •   CPU

      •   Main memory

      •   Optical Drive

      •   Graphic card

      •   Hard Drive

      •   Sound Card




  CPU Requirements


      • IBM
      • INTEL
          • Pentium I – III
          • No 286, 386, 486, and Celeron
      • AMD
          • K6/II/III
          • Duran
          • Athlon, Athlon XP/MP



             Swami Vivekanand Institute of Engg. & Tech.
Lab Configuration Using Linux

  Optical Drive

           • CD-ROM / DVD-ROM
                  – Sony, Philips, and Acer
                  – Linux website has compatibility listing
           • CD-R
                  – Sony, Philips, and Acer

     Graphics Cards



        • Supports new cards on the market
             – ATI: Radeon 7500/8500, FireGl 8700/8800, FireGL 2/4
             – Matrox: G450/G550
             – nVidia: GeForce 2/3/4, nForce




             Swami Vivekanand Institute of Engg. & Tech.
Lab Configuration Using Linux

       Hard Drives Requirements

        • Supports EIDE and SCSI drives
             – IBM, Maxtor, and Seagate
        • Capacity
             – Min: 400MB
             – Full Install: 3GB
             – Anything above 3GB
       Sound Card Requirements

   • All common sound cards
       – Dell & Yamaha OPL3-SA
   • Professional audio:
       – Soundblaster: Audigy
       – Terratec: EWX 24/96 (Sereo I/O analog and digital), EWS 88 MT (8
          analog channels), EWS 88D (10 digital channels in ADAT format)




            Swami Vivekanand Institute of Engg. & Tech.
Lab Configuration Using Linux


                         The Advantage of Linux
     Low purchase cost
     Open Source Software (OSS)
     UNIX heritage
     Multi User
     Scalability
     Vendor support
     Reliable uptime
     Security
     Logging System




                  The Disadvantage of Linux

   Steep learning curve
   Hardware support
   End-user applications




             Swami Vivekanand Institute of Engg. & Tech.
Lab Configuration Using Linux

A Comparison Of Win 9x, NT, and Linux

              Feature                  x9 Win         NT Win    Linux
             Scalability                 Poor          Good     Good
        Support .App Desktop           Excellent       Good     Good

       Support .App eEnterpris           None           Good    Good
         Support Hardware              Excellent        Good    Good
           Cost Licensing               Good            Poor   Excellent
        Performance Network             Good            Good   Excellent
              Security                   Poor           Good    Good



                    Linux Filesystem Hierarchy




/bin                Essential Binary Files
/boot               Boot Loader Files
/dev                Device Files
/etc                Configuration Files
/home               User Home Directories

/lib                Shared Libraries and Kernel Modules

/mnt                Mount Point for Temporarily Mounted FS

/proc               System Information Virtual File System

/root               root User Home Directory
/sbin               Essential System Binaries
/tmp                Temporary Files




                Swami Vivekanand Institute of Engg. & Tech.
Lab Configuration Using Linux

                    Some of Linux Commands

   Process Text Streams
    sort, cut, head, tail, split, wc, uniq, grep
   Redirecting Command’s output
    Tee
   Create, Monitor & Kill Processes
    ps, pstree, top, kill, killall
   Modify Process Priority (renice)
   Create Partitions and Filesystem
    fdisk, mke2fs, mkfs.*
   Maintain the Integrity of Filesystem
    e2fsck, fsck.*, du, df
   Filesystem Mounting & Umounting
    mount, umount, /etc/fstab
   Use File Permissions
    chmod, chown, chgrp, su
   Create Hard & Symbolic Links (ln)
   Find System Files (find, locate, which)
                  Using Emergency & Single User Mode




             Swami Vivekanand Institute of Engg. & Tech.
Lab Configuration Using Linux

                         Package Management
      WHAT I S A PACKAGE ?

      In the generic sense, an RPM package is a container of files. It includes the group of files
      associated with a specific program or application, which normally includes binary installation
      scripts as well as configuration and documentation files. It also includes instructions on how and
      where these files should be installed and uninstalled .

     What Is an RPM?

      At the heart of this system is the RPM database. Among other things, this database tracks the
      version and location of each file in each RPM. The RPM database also maintains an MD5
      checksum of each file. The RPM database makes adding, removing, and upgrading packages easy,
      because RPM knows which files to handle and where to put them.

      RPM also manages conflicts between packages.

                                   Installing RPMs::
      There are two basic ways that may install an RPM.
      1. By installing Rpm Manually from cd or dvd .
      2. By Yum server.


                    MANUALLAY INSTALLATION OF RPM’S::

        1. Mount the CD or DVD

           [root@localhost /]# mount /dev/cdrom /mnt
        2. Enter into the Mounted Folder and copy the RPM in FTP database folder
           [root@localhost /]# cd /mnt
           [root@localhost /]# cd /Server

There are basic commands that can install RPM packages:

                  [root@localhost /]# rpm -i package name:
                  (option installs the package)


                  [root@localhost /]# rpm -U package name:
                  (option upgrades any existing package or installs it if an earlier version isn't
                  already installed)

                  [root@localhost /]# rpm -F package name
                 (option upgrades only existing packages)
                  [root@localhost /]# rpm -ivh package name
                  (These options add verbose mode and use hash marks to help you monitor
                  the progress of the installation.)




                 Swami Vivekanand Institute of Engg. & Tech.
Lab Configuration Using Linux

                               Removing RPMs:

               [root@localhost /]# rpm -e package name
                (command removes a package from your system)

                 Installing RPMs from Remote Systems:
      With the RPM system, you can even specify package locations similar to an
      Internet address, in URL format.

      [root@localhost /]# rpm -ivh ftp://ftp.rpmdownloads.com/pub/foo.rpm


       RPM’S INSTALLATION WITH YUM SERVER:

      It is used to resolve the dependencies automatically. In YUM Server we copy all
      the RPMS from the CDS or DVD and create a repository. Than we share
      Particulars directory over the Network. Than on the Client side Create a file in
      /etc/yum.repos.d.
/

                        STEPS TO CONFIGURE YUM SERVER:
      1   Mount the CD or DVD

          [root@localhost /]# mount /dev/cdrom /mnt

      2   Enter into the Mounted Folder and copy the RPM in FTP database folder

          [root@localhost /]# cd /mnt
          [root@localhost /]# cd /Server
          [root@localhost /]# cp * -av /var/ftp/pub

      3   Create a Repo File in /etc

          [root@localhost /]# vi /etc/yum.repos.d/filename.repo
                  [kumar repo]
                  name=myrepo
                  baseurl=file:/var/ftp/pub
                  enabled=1
                  gpgcheck=0
          :wq




              Swami Vivekanand Institute of Engg. & Tech.
Lab Configuration Using Linux


      4   Restart the Service of YUM

          [root@localhost /]# /etc/init.d/yum-updatesd restart
          [root@localhost /]# service yum-updatesd restart
      5   Install the RPM of Createrepo from the /var/ftp/pub/ or Directory create
          by a User

          [root@localhost /]# rpm –ivh package name

      6. Create a Repository of RPM in /var/ftp/pub

          [root@localhost /]# createrepo –v /var/ftp/pub

      7. Remove the .olddata from the /var/ftp/pub Or Directory Create by a user

      8. Now YUM server is configured …….

          [root@localhost /]# yum install package name
                  (To install the packages)
          [root@localhost /]# yum remove package name
                  (To remove the packages)
          [root@localhost /]# yum info package name




              Swami Vivekanand Institute of Engg. & Tech.
Lab Configuration Using Linux



     APACHE SERVER
     The World Wide Web (WWW) is the Internet’s most successful application, and
     its most prominent component is a web server. The web server serves the user’s
     request by returning the requested web page to the user. Two applications are
     required in order to process such requests: a web server, and a web client. A
     protocol known as the Hyper Text Transfer Protocol (HTTP or http) is required for
     communication between a client and a server, and between a web client and a web
     server

     Apache is by far the most popular Web server in use today. Based on the HTTP daemon
     (http), Apache provides simple and secure access to all types of content using the regular
     HTTP protocol as well as its secure cousin, HTTPS.

     Apache is used to provide web hosting service or we can say it is used to
     provide web services. In web services Hypertext Transfer Protocol (HTTP) is
     used or some times for security reasons we can enable HTTPS (Hypertext
     Transfer Protocol Security) which provides security, integrity and encryption
     to our data. In case of HTTP, it works on 80 number ports and in case of
     HTTPS; it works on 443 number ports.
     In Linux , Apache is install which means 80 number ports is by default open,
     which may arise some security issues. But in Linux, Apache is not installed by
     default; we can install it according to our requirement. WWW, which is called
     World Wide Web, is its sub component, which is automatically installed when we
     install Apache.

         WEB SITES Directories                                       Description
         /var/www                               Directory for Apache website fies
         /var/www/html                          Web Site Web files
         /var/www/cgi-bin                       CGI Program files
         .htaccess                              Directory-based Configuration files for User
                                                authentication
         /etc/httpd/conf                        Directory for Apache Web server configuration Files
         /etc/httpd/conf/httpd.conf             Apache web Server Configuration Files
         /etc/httpd/conf.d/                     Directory Holding Module Configuration of SSL and
                                                PHP
         /etc/init.d/httpd restart              Startup Script For Web Daemon
         /usr/sbin/                             Location of the Apache Web server program files and
                                                utilities




                Swami Vivekanand Institute of Engg. & Tech.
           Lab Configuration Using Linux


           STEPS TO CONFIGURE APACHE SERVER:
             1. Install the Package of Apache server:
                             [root@localhost /]# yum install httpd*
                2. Edit the configuration file of Apache server:

                             [root@localhost /]# vi /etc/httpd/conf/httpd.conf comes on the last line of the file
                                       NameVirtualHost 172.16.5.88:80
                                       <VirtualHost 172.16.5.88:80>
                                                                # ServerAdmin webmaster@dummy-
                                              host.example.com         DocumentRoot /var/www/kk
                                                                       ServerName www.netmax.com
                                                                              # ErrorLog logs/dummy-
                                              host.example.com-error_log                    # CustomLog
                                              logs/dummy-host.example.com-access_log
                                       </VirtualHost>
                3. Create a Directory and Html file for DocumentRoot:
                             [root@localhost /]# cd /var/www/abc
                             [root@localhost /abc]# vi index.html
                4. Restart the Service of HTTPD
                             [root@localhost /]# Service httpd restart
                             [root@localhost /]# /etc/inid.d/httpd restart
                5.On the Service Permanent:
                             [root@localhost /]# chkconfig httpd on

                 6. To Verify that Apache server is starting working :
                             To check in Consoles use the utility elinks
                             [root@localhost /]# elinks
To check in Graphical use the utility Firefox or another utility




                                 Swami Vivekanand Institute of Engg. & Tech.
      Lab Configuration Using Linux

SCREENSHOTS:
1:CONFIGURING THE SERVER




                  Swami Vivekanand Institute of Engg. & Tech.
      Lab Configuration Using Linux

2:TESTING THE SERVER




                  Swami Vivekanand Institute of Engg. & Tech.
Lab Configuration Using Linux


Virtual Hosts
Virtual hosting allows running more than one website on a single machine. Apache
usually allows running only one website on a single machine. In order to run multiple
websites, you can either use multiple Apache daemons, with each daemon handling a
specific website, or configure Apache for virtual hosting. Running multiple daemons is an
inefficient practice, and should, therefore, be avoided. Virtual hosts can be
   1. With IP Address Based
   2. With Name Based


   1. With IP Based

       This allows running multiple websites, each with a different IP, on a single machine. This
       can be achieved by hosts that have multiple network connections, or by virtual interfaces.
       A multi-homed machines.


       1. Edit the configuration file of Apache server:

                   [root@localhost /]# vi /etc/httpd/conf/httpd.conf comes on the last line of the file
                       <VirtualHost 172.16.5.88:80>
                                        # ServerAdmin webmaster@dummy-host.example.com
                               DocumentRoot /var/www/kk
                               ServerName www.netmax.com
                               # ErrorLog logs/dummy-host.example.com-error_log
                               # CustomLog logs/dummy-host.example.com-access_log
                       </VirtualHost>
                       <VirtualHost 10.0.0.1:80>
                                                # ServerAdmin webmaster@dummy-
                               host.example.com         DocumentRoot /var/www/mm
                                                        ServerName www.ajit.com
                                                                 # ErrorLog logs/dummy-
                               host.example.com-error_log                       # CustomLog
                               logs/dummy-host.example.com-access_log
                       </VirtualHost>

       2. Restart the Service of HTTPD
               [root@localhost /]# Service httpd restart
               [root@localhost /]# /etc/inid.d/httpd restart




                  Swami Vivekanand Institute of Engg. & Tech.
Lab Configuration Using Linux



N AME-B ASED
Name-based virtual hosts allow multiple websites on a single IP address. This is in
contrast to IP-based virtual hosts, where you need an IP address for each website. IP-
based virtual hosts rely explicitly on IP addresses to determine the correct virtual host to
the server. Name-based virtual hosts rely on the client to specify the hostname in the
HTTP headers. Name-based virtual hosts are easy to configure, and do not require
multiple IP addresses, and can, therefore, work in situations in which you are short of
IPs. Prefer name-based virtual hosting over IP-based virtual hosting unless you have
very specific reasons for doing otherwise. The following is a sample configuration for
name-based virtual hosts:

       1. Edit the configuration file of Apache server:

                   [root@localhost /]# vi /etc/httpd/conf/httpd.conf comes on the last line of the file
                       <VirtualHost 172.16.5.88:80>
                                        # ServerAdmin webmaster@dummy-host.example.com
                               DocumentRoot /var/www/kk
                               ServerName www.netmax.com
                               # ErrorLog logs/dummy-host.example.com-error_log
                               # CustomLog logs/dummy-host.example.com-access_log
                       </VirtualHost>
                       <VirtualHost 172.16.5.88:80>
                                                # ServerAdmin webmaster@dummy-
                               host.example.com         DocumentRoot /var/www/mm
                                                        ServerName www.ajit.com
                                                                 # ErrorLog logs/dummy-
                               host.example.com-error_log                       # CustomLog
                               logs/dummy-host.example.com-access_log
                       </VirtualHost>

       2. Restart the Service of HTTPD
               [root@localhost /]# Service httpd restart
               [root@localhost /]# /etc/inid.d/httpd restart




                  Swami Vivekanand Institute of Engg. & Tech.
Lab Configuration Using Linux


AUTHENTICATION, AUTHORIZATION
Authentication refers to the verification of the identity of the requesting host and/or user
i.e. the user/host is actually who/what they claim to be.
Authorization is the process of granting someone access to the areas to which the user is
allowed to go.
Create the .htpasswd file in /var/www/html/public/restricted from where the Apache server
will read the configuration about the password file and users in order to allow them
access to the restricted area:
   1. Create a .htaccess file in the Document root

               [root@localhost /]# vi /var/www/kk/.htaccess
                      AuthType Basic
                               AuthName "Passwd Require"
                                        AuthUserFile /etc/httpd/conf/passwd
                                               Require user user1
Define the users who are granted access to the restricted area. These users, and their
passwords, will be defined in a special file, which should be placed somewhere which is
inaccessible to the web. The file can be created with a special utility htpasswd that comes
with Apache:
       [root@localhost /]# htpasswd -c /etc/httpd/conf/passwd user1
                                        New password:
                                                Re-type new password:
                                                        Adding password for user user1
Create a Directory file Apache server that which user is login to the Apache web site.
   1. Edit the Configuration file

       [root@localhost /]# vi /etc/httpd/conf/httpd.conf
                       <VirtualHost 172.16.5.88:80>
                                        # ServerAdmin webmaster@dummy-host.example.com
                                                DocumentRoot /var/www/kk
                                                         <directory /var/www/kk>
                                                                         allowoverride authconfig
                                                                         order allow,deny
                                                                         allow from all
                                                                                  </directory>

       ServerName www.netmax.com
              # ErrorLog logs/dummy-host.example.com-error_log
                     # CustomLog logs/dummy-host.example.com-access_log
                     </VirtualHost>
   2. Restart the Services

       [root@localhost /]# service httpd restart




                   Swami Vivekanand Institute of Engg. & Tech.
Lab Configuration Using Linux

DHCP SERVER
DYNAMIC HOST CONFIGURATION PROTOCAL
DHCP stands for Dynamic Host Configuration Protocol. It is used to provide or assign
IP v4 addresses to the configure clients within the same network or between two subnets.
DHCP Server has always Static address. When we configure our client computer obtain
IP address automatically then a DORA process communication is performed between
DHCP Server and DHCP Client.
   (1) DHCP Discover
       When client computer is DHCP enabled then it will start finding DHCP Server
       by using broadcast communication with the broadcast message packet. The
       information is attached by client is his NetBIOS Name, MAC address, s port, d
       port etc. This message packet is also called Discover Packet.
   (2) DHCP Offer
       When a client computer sends broadcast message in the network then DHCP
       server receives the DHCP Discover Packet and offer IP related information to the
       requesting client.
   (3) DHCP Request
       When DHCP Server offer IP address related information to the requesting client
       then requesting client request s the DHCP Server for IP address or IP selection
       request to DHCP Server.
   (4) DHCP Acknowledgement
         When DHCP Server receive the request from requesting client for IP address
         related information then he sends acknowledgement to the requesting client and
         maintain his record in its database in which IP address, NetBIOS Name, Lease
         expire date & time and MAC address which is also called Unique Id.
          Static IP address                                    Automatic IP address
(DHCP)
(1) More time consuming practice                    (1) Very less time required.
(2) We have to maintain a list.                    (2) No need, list is maintained by DHCP.
(3) If wrong information is delivered then         (3) No chance to deliver wrong
Information.may be communication
problem occurred.
 (4) If same information delivered again then          (4) No chance.
May be IP address conflict with each other.
(5) More overhead on administrator.                  (5) Less overhead on administrator.




                  Swami Vivekanand Institute of Engg. & Tech.
Lab Configuration Using Linux


STEPS TO CONFIGURE DHCP SERVER IN LOCAL NETWORK
1. INSTALL THE PACKAGE:
      [root@localhost /]# yum install dhcp
2. REDIRECT THE SAMPLE FILE OF DHCP SERVER IN /etc/dhcpd.conf FILE:
      [root@localhost /]# cat /usr/share/doc/dhcpd-*/dhcpd.conf.sample
>/etc.dhcpd.conf

     ddns-update-style interim With this command, the RHEL DHCP server conforms as
      closely as possible to the current Dynamic DNS standard, where the DNS database is
      updated when the DNS server renews its DHCP lease. It is "interim" because the
      standards for DDNS are not complete as of this writing.
     ignore client-updates A good setting if you don't want to allow users on client
      computers to change their host names.
     subnet 192.168.0.0 net mask 255.255.255.0 Describes a network with an address of
      192.168.0.0 and a subnet mask of 255.255.255.0. This allows the local DHCP server to
      assign addresses in the range 192.168.0.1 to 192.168.0.254 to different computers on this
      network. If you've configured a different network IP address, you'll want to change these
      settings accordingly.
     option routers Lists the default router. You can use more than one option routers
      directive if you have more than one connection to an outside network. This information is
      passed to DHCP clients as the default gateway, which supports access to outside
      networks such as the Internet. You'll want this command to reflect the IP address for the
      gateway for your network.
     option subnet-mask Specifies the subnet mask for the local network.
     option nis-domain Notes the server that provides the NIS shared authorization database.
      If you've configured NIS on your network, you'll want to substitute the name of your NIS
      domain for domain.org. Otherwise, you should comment out this command.
     option domain-name Adds the domain name for your network. Substitute the IP address
      for the DNS servers you want your clients to use.
     option domain-name-servers Notes the IP address for the DNS server for your
      network. You can add more commands of this type to specify additional DNS servers.
     option time-offset Lists the difference from Greenwich Mean Time, also known as UTC
      (a French acronym), in seconds.
     option ntp-servers Notes any Network Time Protocol (NTP) servers for keeping the
      time on the local computer in sync with UTC. I describe NTP later in this chapter.
     option NetBIOS-name-servers Adds the location of any Windows Internet Naming
      Service (WINS) servers for your network. As this is a Microsoft service option
      NetBIOS-node-type 2 Peer-to-peer node searches, associated with WINS.
     range dynamic-bootp 192.168.0.128 192.168.0.254 Specifies the assignable IP
      addresses to remote networks, using the BOOTP protocol.
     default-lease-time Specifies the lease time for IP address information, in seconds.
     max-lease-time Specifies the maximum lease time for IP address information, in seconds.




                 Swami Vivekanand Institute of Engg. & Tech.
Lab Configuration Using Linux



3. CONFIGURE THE DHCPD FILE :

     [root@localhost /]# vi /etc/dhcpd.conf
             ddns-update-style interim;
             ignore client-updates;

     subnet 172.16.0.0 net mask 255.255.0.0 {

     # --- default gateway
                      option routers          172.16.2.3;
                               option subnet-mask         255.255.0.0;

     #     option nis-domain         "domain.org";
             #      option domain-name         "domain.org";
                               option domain-name-servers 192.168.1.1;

      option time-offset         -18000; # Eastern Standard Time
      #      option ntp-servers          192.168.1.1;
      #     option NetBIOS-name-servers 192.168.1.1;
      # --- Selects point-to-point node (default is hybrid). Don't change this unless
      # -- you understand Netbios very well
      #     option NetBIOS-node-type 2;

           range dynamic-bootp 172.16.2.8 172.16.2.10;
                    default-lease-time 21600;
                             max-lease-time 43200;

      :wq (save the file)

      RESTART THE SERVICE:

             [root@localhost /]# service dhcpd restart




                Swami Vivekanand Institute of Engg. & Tech.
Lab Configuration Using Linux

SCREENSHOTS:
1: COMMAND TO CONFIGURE DHCP




            Swami Vivekanand Institute of Engg. & Tech.
Lab Configuration Using Linux

2:CONFIGURING THE SERVER(SETTING UP THE SUBNET AND NETMASK




            Swami Vivekanand Institute of Engg. & Tech.
Lab Configuration Using Linux

3:ALLOTING THE RANGE OF IP FOR THE CLIENTS
:




            Swami Vivekanand Institute of Engg. & Tech.
Lab Configuration Using Linux

DNS SERVER (Domain Name System)
The DNS stands for Domain Name System. It works on 53 no. port. DNS is used to
resolve name to IP address of the host computer. DNS is also called Database which
stores host records. DNS is available in Windows Server 2000 and Windows Server 2003
and Red Hat operating systems.
DNS is introduced in 2000 with Window Server 2003. Domain Name is Hierarchal
Structure. I
D IFFERENCE BETWEEN NETBIOS NAME AND DOMAIN NAME

NET BIOS NAME                                 D OMAIN NAME
(1) It is 15 characters long.                  (1) It is 255 bytes long.
(2) It must be unique in the Network.          (2) It will use more than on time in the
network.       (3)It has flat structure means no sub           (3) It is Hierarchal structure ,
                             NetBIOS Names.                                    means roots,
top level Domains, Second Level Domains
Domains and host Computers.

                       FQDN
               www.yahoo.com .



         Host         Second     Top    Root
         Computer     Level      Level
DNS LOOKUP T YPES : -
By default, DNS has two Lookup types
            (i)     Forward Lookup
            (ii) Reverse Lookup
(i)         Forward Lookup
     The forward lookup is used to store zones, which are responsible for resolve name to
     IP address of the Host computer. Under forward lookup type, we can create or store
     Primary Zone, Secondary Zone, and Stub Zone.
(ii) Reverse Lookup
     Reverse lookup is used to resolve IP address to name of the Host computer. This is
     very rarely configure because mostly it is used for in troubleshooting purpose in the
     NS Lookup.




                  Swami Vivekanand Institute of Engg. & Tech.
Lab Configuration Using Linux



ZONE TYPES: -
DNS has three types of zones
(i) Primary Zone
                (ii) Secondary Zone
                          (iii) Stub Zone
(i) Primary Zone
     In DNS server, we have to create zones under forward lookup type to configure the
     DNS server. Zone is also called Database, which stores Host records of the computer
     (NetBIOS Name and IP address). Primary Zone has read and write access. We can
     update data directly in this zone. This zone is available on first DNS server in the
     network or we can say this Zone is available on Primary DNS server. It keeps original
     data. This zone is also responsible for store Host records and resolve name to IP
     address.
(ii) Secondary Zone
    This zone is also available under the forward lookup type. We can configure this kind
    of zone on secondary DNS server. It has read only access. You can not update data
    directly on this zone. It has copy of Primary zone. We can configure secondary DNS
    server with Secondary zone for the purpose of fault tolerance.
    For e.g:- we can configure secondary DNS server with secondary zone with
    Additional Domain Controller. Zone and Data is replicated from Primary DNS server
    to secondary DNS server by using zone transfer option process. It keeps copy of
    Primary original data or Primary zone.
(iii) Stub Zone
      Stub zone does not provide any kind of service like Primary and Secondary zone. It
      stores special kind of records like NS record (Name of Server) and SOA record (Start
      of Authority).
Records types:-
     (i)     A Record [Host Record]
     (ii)    Alias Record ( c Name )
     (iii)   MX Record [Exchange server, Mail server, @domain name (e-mails) ]
     (iv)    NS Record - Name of Server
     (v)     SOA Record - Start of Authority
     (vi)    SRV Record - Service Location Record

Steps to Configure Dns Name Server .
       a) Set your hostname of your system with the name of your domain name
       b) Set the static Ipaddress to your domain server
       c) Set the Dns address to the server

Install the Required Packages:
       a) Yum install bind*
       b) Yum install caching-nameserver
       c) Yum install system-config-bind




                 Swami Vivekanand Institute of Engg. & Tech.
Lab Configuration Using Linux

Primary Zone
In DNS server, we have to create zones under forward lookup type to configure the DNS server. Zone is
also called Database, which stores Host records of the computer (NetBIOS Name and IP address). This
zone is available on first DNS server in the network or we can say this Zone is available on Primary DNS
server. It keeps original data. This zone is also responsible for store Host records and resolve name to IP
address

Copy the Default Zone file in the /etc/named.conf
               [root@localhost /]# cat /etc/named.rfc1912.zones >/etc/named.conf
Delete the Contents of the /etc/named.conf and edit the file:
        a) Create the default PID entry
        b) Create the Zone name
        c) Create the Zone configuration file

                 [root@localhost /]# vi /etc/named.conf
                          options {
                                   directory "/etc";
                                          pid-file "/var/run/named/named.pid";
                                                          };
                                                   zone "netmax.com" {
                                                          type master;
                                                                 file
                 "/var/named/netmax.com.hosts";
                        };
Create the Zone configuration file:
        [root@localhost /]# vi /var/named/netmax.com.hosts
                          $ttl 38400
                                  netmax.com. IN             SOA      server.netmax.com.
root.gmail.com. (
       1253341670
              10800                {Refresh time}
                          3600             {Transfer retry time}
                                   604800                   {Expiry time}
                                                    38400 )               {Negative cache time}
                 netmax.com. IN            NS       server.netmax.com. ( Domain Name}
                 server.netmax.com.        IN       TXT ""         {system name}
                 mail.netmax.com.          IN       TXT ""         {web mail name}
                 server.netmax.com.        IN       A       172.16.5.88 { A record of System}
                 mail.netmax.com.          IN       A       172.16.5.88 {A record of web mail }
                 netmax.com. IN            A        172.16.5.88 {A record of name server}
On Client Side
        [root@localhost /]# Put the entry of domain name server
        [root@localhost /]# dig server.netmax.com
        [root@localhost /]# ping server.netmax.com




                     Swami Vivekanand Institute of Engg. & Tech.
Lab Configuration Using Linux

                             SAMBA SERVER
Samba is a suite of UNIX applications that communicate via the Server Message Block
(SMB) protocol. Many operating systems, including Microsoft (MS) Windows and
Macintosh OS/2, use SMB to perform client-server networking. By supporting this
protocol, Samba allows UNIX servers to communicate with the same networking
protocol as MS Windows products.
Samba is a strong network service for file and print sharing that works on the operating
systems available today. It's faster and more secure than the native file sharing services
available on Microsoft Windows machines.
Samba-server provides a SMB server which can be used to provide network services to
SMB clients. Samba uses NetBIOS over TCP/IP (Net BT) protocols and does NOT need
NetBEUI (Microsoft Raw NetBIOS frame) protocol. Samba features working NT
Domain Control capability




A Samba-enabled UNIX machine can masquerade as a server on your MS network, and
offer the following services:
     Role                          Can Perform
    File Server                           Yes
    Printer Server                        Yes
    Primary Domain Controller             Yes
    Back-up Domain Controller             Yes
    Windows 2000/95/98                    Yes
    Authentication
    Local Master Browser                  Yes
    Local Back-up Browser                 No
    Domain Master Browser                 Yes
    Primary WINS Server                   Yes
    Secondary WINS Server                 No




                  Swami Vivekanand Institute of Engg. & Tech.
Lab Configuration Using Linux

The Samba suite revolves around a pair of UNIX daemons that provide shared resources.
These daemons are:

      smbd: The smbd daemon is responsible for managing the shared resources between
       the Samba server machine and its clients. It provides file, print, and browser
       services to SMB clients across one or more networks. smbd handles all the
       notifications between the Samba server and the network clients. It is also
       responsible for user authentication, resource-locking, and data-sharing through
       the SMB protocol.nmbd.

      nmbd: The nmbd daemon is a nameserver that mimics the WINS and NetBIOS
       name server functionality, as you might expect to encounter with a LAN Manager
       package. This daemon listens for nameserver requests, and, when called upon,
       provides the appropriate information. It also provides browsing lists for the
       Network Neighborhood, and participates in browsing elections.

CREATING SHARES
       1. Install the Package of SAMBA server:
          [root@localhost /]# yum install samba
       2. Shared the Folder OR Document in smb.conf file to access from the
          Window systems:
          [root@localhost /]# vi /etc/samba/smb.conf
                             [redbook]
                             comment = Redbook files
                             path = /redbook            [ Shared folder path ]
                                      valid users = username [ User who can access samba server
                     ]                          browseable = yes          [        Permission for
                     browseable ]                                printable = no             [
                     Permission of print for the users]                   writable = yes
                                                                          write list = @users
       3. Create a Samba Users with using smbpasswd:

          [root@localhost /]# smbpasswd –a username1
          [root@localhost /]# smbpasswd –a username2

       4. Start the Service of Samba server:

          [root@localhost /]# service smb restart
          [root@localhost /]# /etc/init.d/smb restart
       5. On the Service:

          [root@localhost /]# chkconfig smb on
       6. Verify that Samba Server is Start or Not:
          In Console
          [root@localhost /]# smbclient //server ip/share name -U username
          In Graphical check on Firefox or another internet utility




                 Swami Vivekanand Institute of Engg. & Tech.
Lab Configuration Using Linux

ON CLIENT SIDE:
     1. IF LINUX OPREATING SYSTEMS:

       Install the smbclient
       [root@localhost /]# Yum install smbclient
       To access the Samba Server from client side:
       [root@localhost /]# smbclient //server ip/share name -U username
       In Graphical check on Firefox or another internet utility
     2. IF WINDOWS OPERATING SYSTEM:

       1.   Go to Run
       2.   Type a \\ ip address of the server
       3.   Than Samba Username
       4.   Password of Samba user




               Swami Vivekanand Institute of Engg. & Tech.
Lab Configuration Using Linux




SEND-MAIL SERVER
A mail server (also known as a mail transfer agent or MTA, a mail transport agent, a mail
router or an Internet mailer) is an application that receives incoming e-mail from local
users (people within the same domain) and remote senders and forwards outgoing e-mail
for delivery. A computer dedicated to running such applications is also called a mail
server. IN LINUX qmail, Exim and send mail are among the more common mail server
programs.

The mail server works in conjunction with other programs to make up what is sometimes
referred to as a messaging system. A messaging system includes all the applications
necessary to keep e-mail moving as it should. When you send an e-mail message, your e-
mail program, such as Outlook or Eudora, forwards the message to your mail server,
which in turn forwards it either to another mail server or to a holding area on the same
server called a message store to be forwarded later.

As a rule, the system uses SMTP (Simple Mail Transfer Protocol) or ESMTP (extended
SMTP) for sending e-mail, and either POP3 (Post Office Protocol 3) or IMAP (Internet
Message Access Protocol) for receiving e-mail




                 Swami Vivekanand Institute of Engg. & Tech.
Lab Configuration Using Linux


HOW DOES E-MAIL WORK ?

In order to effectively configure a new mail system, it's important to understand how e-mail is
sent and received. The first concept to understand is the structure of an e-mail. An e-mail
contains two parts: the mail headers and the mail body. The mail headers contain the sender and
receiver addresses, a unique identifier, the date sent, the subject, and other data used by the
system.

The second concept to understand is the underlying structure that moves an e-mail from the
sender to the receiver. There are several components in that structure:

      MUA (mail user agent)—The MUA is the component of the mail system that
       most users think of as the e-mail program. It's responsible for providing the
       interface used to enter the two parts of an e-mail. An MUA often provides user
       features such as an address book and a spelling checker. The MUA is also
       responsible for handing the message off to the MTA.
      MTA (mail transfer agent)—The MTA is the component of the mail system that
       most users never see. It takes the message provided by the MUA, decodes the
       header information to determine where the message is going, and delivers the
       message to the MTA on the receiving machine. The MTA on the receiving
       machine adds data to the header of the received e-mail message.
      LDA (local delivery agent)—The LDA is the component of the mail system that
       takes a received message from the MTA and appends the message to the receiving
       user’s incoming mailbox.

Figure A displays an example e-mail sequence showing the order in which these components are
used in a normal mail transaction.

                                           Figure A




                                 A sample e-mail sequence

In order for the MTAs on various machines to pass e-mail traffic, they must know where to find
each other and how to communicate. The MTA decodes the receiving address and uses the
portion to the right of the @ sign to find the proper machine. Internet services such as DNS are
used to determine how to route to the decoded address. (I won't explain the use or setup of DNS
or other network facilities; I'll assume the configuration is completed and working.)


                   Swami Vivekanand Institute of Engg. & Tech.
Lab Configuration Using Linux

Once the route has been determined, an MTA needs to know how to communicate to another
MTA. This is accomplished using SMTP, a standards-based method that mail servers use for
communication. All mail servers understand and respond to the limited set of commands that are
defined in the standard.

When two MTAs communicate, they use a service port. Service ports are reserved ports on each
machine where applications listen for commands. In the case of MTAs, port 25 is the standard
port used. Service ports are generally reserved in the /etc/services file. When you use the grep
command to find the ports used, you'll see something like this:


Protocols used by Mail Server.

Mail Server supports several different client access protocols.

  POP3 – Post office Protocol version 3:- POP3 is a mail retrieval protocol that provides
the most basic access to Send Mail. POP3 allows a user to access messages in the Inbox
folder of their mailbox.
  SMTP – Simple Mail Transfer Protocol: -The SMTP service runs the SMTP protocol
engine that accepts incoming SMTP messages on TCP port 25 by default and sends
messages to other hosts using SMTP
  IMAP4 – Internet Message Access Protocol: - IMAP4 is a flexible mail retrieval
protocol. You can use an IMAP4 client to organize your messages on the server. You can
move messages from folder to folder and preview the contents of messages before you
download the entire message or a selected portion of a message, such as an attachment.
  NNTP – Network News Transfer Protocol: - NNTP is used for accessing newsgroups.
You can configure Mail Server to publish portions of the public folder hierarchy and
make them available to NNTP clients.
  HTTP – Hypertext Transfer Protocol: - Exchange uses HTTP to provide access to
the message store through Outlook Web Access and Outlook Mobile Access.




                  Swami Vivekanand Institute of Engg. & Tech.
Lab Configuration Using Linux

      CONFIGURE SEND MAIL SERVER

1. Install the required packages
        [root@localhost /]# yum install sendmail
                                  yum install sendmail-cf
                                  yum install dovecot
2. Set the sendmail.mc to sendmail.cf
        [root@localhost /]# vi /etc/mail/sendmail.mc
        Go to the line /127.0.0.1 comment that line to start your mail server
                dnl # preferred sendmail daemon due to port 25 being blocked or redirected find
                dnl # this useful.
                         dnl #
                         dnl # DAEMON_OPTIONS(`Port=submission, Name=MSA, M=Ea')dnl
                         dnl #
                                          (comment    the DAEMON line)
                                                  :wq (save the file)

       [root@localhost /]# m4 /etc/mail/sendmail.mc >/etc/mail/sendmail.cf
              (sendmail.cf is a real configuration file , but red hat recommends using the
sendmail.mc                     m4 macro language to create a working sendmail.cf file.)
2. Add a Host Name which Server may be Referred
        [root@localhost /]# vi /etc/mail/local-host-names
               add the name
                  dell.com, example.com (any name according to the server configuration)
3. Send mail SMTP restrictions
         [root@localhost /]# vi /etc/mail/access
                   Connect:localhost.localdomain        RELAY
         Connect:localhost                     RELAY
         Connect:127.0.0.1                     RELAY
         Connect:172.16                        RELAY
         Connect:192.168.1                     REJECT
This file can reject and relay the email from individual users, entire domains or entire IP subnet
         REJECT           : rejects the sender
         OK       : accepts mail, even if dns fails
         RELAY : accept mail for relaying
         DISCARD: discard the message completely
4. Configure the DOVECOT file
        [root@localhost /]# vi /etc/dovecot.cf

Uncomment the protocols from this file
      # Protocols we want to be serving: imap imaps pop3 pop3s
              # If you only want to use dovecot-auth, you can set this to "none".
                                 protocols = imap imaps pop3 pop3s (uncomment his line)
                                               :wq ( save the file)
5. Remove the .pem file from the CERTS and PRIVATE folder
        [root@localhost/]# cd /etc/pki/dovecot
                       [root@localhost dovecot]# cd certs
                              [root@localhost certs]# rm –rf dovecot.pem
                                      [root@localhost dovecot]# cd private
                                             [root@localhost private]# rm –rf dovecot.pem
6. Create a Dovecot Certificate
        [root@localhost /]# vi /etc/pki/dovecot/dovecot-openssl.cnf
                [ req ]
        default_bits = 1024
        encrypt_key = yes
        distinguished name = req_dn
        x509_extensions = cert_type
                prompt = yes (change the content from no to yes)


                    Swami Vivekanand Institute of Engg. & Tech.
Lab Configuration Using Linux

       [ req_dn ]
       # country (2 letter code)
               C=FI (uncomment the line)
       # State or Province Name (full name)
       ST= (uncomment the line)
       # Locality Name (eg. city)
       L=Helsinki (uncomment the line)

       # Organization (eg. company)
       O=Dovecot (uncomment the line)
       # Organizational Unit Name (eg. section)
       OU=IMAP server         (uncomment the line)

                       # Common Name (*.example.com is also possible)
               CN=imap.example.com
       # E-mail contact
       emailAddress=postmaster@example.com
       [ cert_type ]
       nsCertType = server

       :wq (save the file)
7. Issue the Certificate for Send mail server
        [root@localhost /]# /usr/share/doc/dovecot-1.0/examples/mkcert.sh
               If you enter '.', the field will be left blank
                        FI []:in
                        []:Punjab
                        Helsinki []:Chandigarh
                                  Dovecot []:pop3
                                           IMAP server []:imap
                        imap.example.com []:pop3.dell.com
        postmaster@example.com []:root@dell.com
subject=
/C=in/ST=punjab/L=chandigarh/O=opo3/OU=imap/CN=pop3.dell.com/emailAddress=root@del
l.com SHA1 Fingerprint=5E:C6:78:F2:34:6E:A7:61:D8:E3:66:27:7A:81:60:BD:56:76:C6:DF
fill the details according to your configurations
8. Restart the services
       [root@localhost /]# service dovecot restart
              [root@localhost / ]# service sendmail restart



ON CLIENT SIDE
1. Install the mutt
       [root@localhost /]# yum install mutt
2. Access the mail from client side
      [root@localhost /]# mutt –f pop://username@servername

      [root@localhost /]# mutt –f imap://username@servername




                   Swami Vivekanand Institute of Engg. & Tech.
Lab Configuration Using Linux

SCREENSHOTS:
1:COMMAND FOR CONFIGURIONG THE SEND MAIL SERVER




            Swami Vivekanand Institute of Engg. & Tech.
Lab Configuration Using Linux

2:UNCOMMENTING THE DAEMON OPTIONS




            Swami Vivekanand Institute of Engg. & Tech.
Lab Configuration Using Linux

3:ALLOTING THE NAME OF THE SERVER




            Swami Vivekanand Institute of Engg. & Tech.
Lab Configuration Using Linux

4:ENTERING THE LOCAL HOST DOMAIN




            Swami Vivekanand Institute of Engg. & Tech.
Lab Configuration Using Linux

5:ENTRIES FOR MKCERTS




            Swami Vivekanand Institute of Engg. & Tech.
Lab Configuration Using Linux

6:CREATING CERTIFICATE




            Swami Vivekanand Institute of Engg. & Tech.
Lab Configuration Using Linux


7.TESTING THE SERVER BY SENDING MAIL TO THE USER




            Swami Vivekanand Institute of Engg. & Tech.
Lab Configuration Using Linux

8:USING THE MAIL SERVER




            Swami Vivekanand Institute of Engg. & Tech.
Lab Configuration Using Linux

SENDMAIL WITH SQUIRREL MAIL SERVER:
Squirrel Mail is web-based e-mail Server. It is going to be the recommended means for e-
mail. Squirrel Mail has all the functionality you would want from an email client,
including spell check, calendar, address books, and folder manipulation.


STEPS TO CONFIGURE SQUIRREL MAIL SERVER:
    1.      INSTALL THE REQUIRED .TAR PACKAGE FROM INTERNET

    2.      CONFIGURE SQUIRRELL MAIL



CONFIGURATION Of SQUIRREL MAIL SERVER
    1.      Install the Package from the Internet:
            [root@localhost /]# Wget

http://sourceforge.net/projects/squirrelmail/files/stable/1.4.20-       RC2/squirrelmail-1.4.20-

RC2.tar.gz/download

    2.      Install the PHP Environment:
            [root@localhost /]# yum install php*

    3.      Create a Directory with the Name of mail in the Default folder of Apache server:
            [root@localhost /]# mkdir –p /var/www/

    4.      Extract the tar file in the /var/www/mail folder:
            [root@localhost /]# cd /var/www/mail

                 [root@localhost /mail]# tar –xvf /Squirrelmail-1.4.19.tar.bz2

    5.      Create a link directory of Squirrelmail in the /var/www/mail directory with the
         name of mail:
            [root@localhost /mail]# ln –s Squirrelmail-1.4.19/ mail


    6.      Open the mail directory and go to the config folder and Access the Default file
         ./conf.pl:
            [root@localhost /]# cd /var/www/mail/mail/config

            [root@localhost /mail]# ./conf.pl



    7.      Configure the Login Options for Mail Server:
            [root@localhost /mail]# ./conf.pl
             1. Organization name
                   a. S for save
                   b. R for return



                      Swami Vivekanand Institute of Engg. & Tech.
Lab Configuration Using Linux

           2.   Server option
                   a. S for save
                   b. R for return
           3.   General options
                   a. Data Directory : /var/local/Squirrelmail/data
                   b. Attachment Directory :/var/local/Squirrelmail/attach

   8. Create attach and data directories for squirrel mail:

       [root@localhost /]# mkdir –p /var/local/Squirrelmail
       [root@localhost /]# mkdir –p /var/local/Squirrelmail/data
       [root@localhost /]# mkdir –p /var/local/Squirrelmail/attach
   9. Change the owner of apache user

       [root@localhost /]# Chown –R apache.apache /var/local/Squirrelmail/
                                       Update the permissions so Squirrelmail may write
to data and attach directory
   10. Save and quite from the access file

   11. Set the 775 Permissions to the Squirrelmail, data, attach folders

       [root@localhost /]# chmod –R 775 /var/local/Squirrelmail
       [root@localhost /]# chmod -R 775 /var/local/Squirrelmail/data
       [root@localhost /]# chmod –R 775 /var/local/Squirrelmail/attach

   12. Create symlink named ‘mail’ to point to Squirrel mail server in the configuration of
       Apache server:

        [root@localhost /]# vi /etc/httpd/conf/httpd.conf [go on to the last line of the page]
                     <VirtualHost 172.16.5.88:80>
                                          ServerAdmin webmaster@mail.netmax.com
                                                 DocumentRoot
           /var/www/mail/mail
               <Directory /var/www/mail/mail>
                            Options FollowSymlinks
                                          </Directory>
                                                 ServerName mail.netmax.com
                                                              # ErrorLog
           logs/dummy-host.example.com-error_log
           # CustomLog logs/dummy-host.example.com-access_log common
                     </VirtualHost>
   13. Restart the service of Apache server, Sendmail server and Dovecot server
        [root@localhost /]# service httpd restart
        [root@localhost /]# service sendmail restart
        [root@localhost /]# service dovecot restart




                   Swami Vivekanand Institute of Engg. & Tech.
Lab Configuration Using Linux

SCREENSHTS:
1:DOWNLOADING THE PACKAGE FOR SQUIRREL AIL:




            Swami Vivekanand Institute of Engg. & Tech.
Lab Configuration Using Linux


2:SAVING THE FILE:




            Swami Vivekanand Institute of Engg. & Tech.
   Lab Configuration Using Linux


3: INSTALLING THE PACKAGE:




               Swami Vivekanand Institute of Engg. & Tech.
   Lab Configuration Using Linux

4:TESTING OF THE SERVER:




               Swami Vivekanand Institute of Engg. & Tech.
   Lab Configuration Using Linux

SECURITY
    TCP WRAPPERS
    TCP Wrapper is a public domain computer program that provides firewall services
   for Linux servers.

   When an unprotected LUNIX computer is connected to a network, the computer's
   system is exposed to other computer users connected to the network. For example, by
   using the finger utility, a hacker may be able to determine which users are logged on to a
   given server. It is also possible to find out the identities of individual computers, and
   various details about their users' recent Internet behavior. A hacker can determine when a
   workstation is likely to be idle, and then access and use that workstation when it is
   unattended. TCP Wrapper can act as a firewall to prevent this.

   TCP Wrapper monitors incoming packets. If an external computer or host attempts to
   connect, TCP Wrapper checks to see if that external entity is authorized to connect. If it
   is authorized, then access is permitted; if not, access is denied. The program can be
   tailored to suit individual user or network needs.

   ADVANTAGES OF TCP WRAPPERS
         One of the problems with TCP/IP is that it is basically insecure. Many intrusions
          are the result of this insecurty.
         TCP Wrappers solves this by restricting services that can be used.
         TCP Wrappers is a daemon that is run instead of inetd. It intercepts requests and
          either allows inetd to run and service the request or does not run inetd, thereby
          denying the request.
         TCP Wrappers handles telnet, finger, ftp, exec, SSh, rlogin, ftp, talk, comsat, and
          other services that have a one-to-one mapping onto executable files.

   CONFIGURATION OF TCP WRAPPERS

         TCP Wrappers consists of:
            o hosts.allow and hosts.deny files with the rules for allowed and denied
               services
            o tcpdchk program that checks configuration files for problems

         Remember that hosts.allow is examined first
                 For a mostly open system, leave hosts.allow empty and put denied services
      in hosts.deny
                        For a mostly closed system, put "ALL : ALL" in hosts.deny and
      then put allowed services in hosts.allow




                    Swami Vivekanand Institute of Engg. & Tech.
Lab Configuration Using Linux

1. OPEN A FILE TO CONFIGURE YOUR TCPWRAPPER

       TO ALLOW ANY NETWORK TO ACCESS ANY SEERVER OR UTILITY
       [root@localhost /]# Vi /etc/hosts.allow
                      ALL : localhost
                              sshd : gilton.net
                                       vsftpd : jeff1.gilton.net
                                       :wq (save the file)

               This configuration allows any service for the local machine, ssh for any machine on
               the gilton network, allows to access ftp server for jeff1 on the gilton network

       TO DENY ANY NETWORK TO ACCESS ANY SEERVER OR UTILITY
       [root@localhost /]# Vi /etc/hosts.deny
                      ALL : ALL
                             httpd : ann.gilton.net
                             :wq (save the file)

               This configuration deny any web server access to ann.gilton.net


SECURE WAN OR LAN WITH IPTABLES
 Iptables is a generic table structure that defines rules and commands as part of the net
filter framework that facilitates Network Address Translation (NAT), packet filtering,
and packet mangling in the Linux . NAT is the process of converting an Internet
Protocol address (IP address) into another IP address. Packet filtering is the process of
passing or blocking packets at a network interface based on source and destination
addresses, ports, or protocols. Packet mangling is the ability to alter or modify packets
before and/or after routing.

Iptables are the successor to ipchains in earlier versions of Linux. Netfilter and iptables
are often combined into the single expression netfilter/iptables, which refers to the Linux
for NAT, firewalling, and advanced packet processing.




                  Swami Vivekanand Institute of Engg. & Tech.
Lab Configuration Using Linux

IPTABLES WORKS ON PORTS BUT TCP WRAPPER NOT
              -A to specify chain
              -p to specify protocol (tcp/udp)
              -d to specify destination address
              -s to specify source address
              --sport to specify source port
              --dport to specify destination port
              -J to specify action DROP, REJECT, ACCEPT

RULE TARGET
              ACCEPT
              DROP
              REJECT


HOW TO CREATE A RULE
               Rule is checked                 The Rule


       Iptables –t filter –A INPUT -s 192.168.0.1 -j DROP
                                                                            Target of
rule
                                               The match part of the rule
SAVE THE IPTABLES WHICH WE HAVE CONFIGURED
       [root@localhost /]# service iptables restart
RESTART THE SERVICE
       [root@localhost /]# service iptables restart
TO VIEW THE RULES
       [root@localhost /]# IPTABLES – L
TO FLUSH THE RULES
       [root@localhost /]# IPTABLES -F




                  Swami Vivekanand Institute of Engg. & Tech.
Lab Configuration Using Linux

Maintaining a Healthy Server
Tracking the latest security problems and fixes
Using the tcpd wrapper program to improve security
Using xinetd security features
Using the built−in firewall features of Linux
Improving Linux password security
Monitoring your server for security problems
Analyzing network trouble reports
Using the basic Linux troubleshooting tools
Looking for configuration errors
Testing routing
Testing Domain Name Service
Analyzing network traffic




               Swami Vivekanand Institute of Engg. & Tech.
Lab Configuration Using Linux

Troubleshooting
It is better to avoid trouble than it is to fix things after trouble arises. Because avoiding
trouble is one of the primary motivations for good security, some of the techniques
escribed in Chapter 12,"Security" (such as keeping the system software and your
knowledge of potential problems up−to−date) apply equally well, whether the threat is a
security intruder or a bug that crashes your favorite application. The bug fixes posted at
the vendor's site are not always about security, but they are almost always of interest to
you. There is a difference between fixing bugs and enhancing the system. Fix bugs that
you have detected on your server or that you know are a direct threat to your server.
Avoid installing things just to get a new feature—reliability is more important than new
features for a server. Try out the latest bells and whistles on your desktop system or a test
server, and debug them before you move them to the server.

The heart of your Linux system is the kernel. Therefore, keeping the kernel updated is an
essential part of keeping the system software up−to−date. This chapter begins by looking
at how you can
avoid trouble by keeping your Linux kernel current.


Configuring the Linux Kernel
The Linux kernel source code is included among the CD−ROMs of your Linux distribution.
Updated kernel source code is available online from your Linux vendor. Additionally, the
latest kernel source code can be obtained from ftp://ftp.kernel.org/ or
http://www.kernel.org/. The Linux kernel is a C program, compiled and installed by make.
A make command creates the Makefile needed to compile the kernel for your system. The
make command used to compile the Linux kernel accepts a few arguments that control
the type of user interface used to configure the kernel.
make config runs a text−based configuration interface.
make menuconfig runs a curses−based configuration interface that displays menu
selections
on text−based terminals.
make xconfig runs an X Window System configuration interface.
make oldconfig builds the new kernel using the configuration from your previous kernel
build.
This chapter uses make xconfig to customize the kernel configuration. There are a huge
number of kernel−configuration options. make xconfig provides a nice X interface that
allows you to go directly to those parts of the configuration that you want to modify. The
ability to ignore those configuration options you don't need and jump directly to those you
do need is very useful.




                  Swami Vivekanand Institute of Engg. & Tech.
Lab Configuration Using Linux

Troubleshooting a Network Server

Even if you're liberal about fixing known bugs, and you're conservative about installing
unneeded software, problems will occur. Many of these problems will be detected and
reported by your users before you know anything is wrong. Tracking down those reported
problems is as much an art as a science.
The art of troubleshooting is your intuition about the state of your server and the network,
and your insight into the accuracy of the user's problem report. I don't say this to demean
the intelligence of the user reporting the problem because I'm as guilty of providing
inaccurate trouble reports as the next guy. When under stress, I have completely
misunderstood very clear instructions and have 378
reported a problem when the only real problem was my lack of time to carefully read the
instructions. Thus, you cannot assume too much from the trouble report, and you need to
be methodical in applying your own knowledge to the problem. Here are some
suggestions:

Duplicate the problem yourself and then have the user duplicate the problem while you
walk him through it. This often eliminates problems that spring from user confusion.
Avoid oversimplification. The problem is not always a confused user. In a networked
server, the problem can occur in any part of the network hardware or software, from your
system to the remote system.
Divide a complex problem into pieces and test the individual pieces to isolate the
problem.




                  Swami Vivekanand Institute of Engg. & Tech.
Lab Configuration Using Linux

Reference:

Red Hat Enterprise Linux               Bill McCarty
Linux Bible                            Christopher Negus
Linux Timesaving Tech. For Dummies     Susan Douglas and Korry Douglas
Beginning Red Hat Linux 9              Sandip Bhattacharya,
                                       Pancrazio De Mauro,
                                       Shishir Gundavaram




               Swami Vivekanand Institute of Engg. & Tech.