Easy Remote Administration

1

What is Linux?

Linux is a free Unix-type operating system originally created by Linus Torvalds with the assistance of developers around the world. Developed under the GNU General Public License , the source code for Linux is freely available to everyone.

Many companies and individuals distribute Linux. Each version is called a distribution and each has its own unique strengths. Some are updated faster than others. Some have better admin tools or hardware support built in. Some are geared towards server installations and some toward desktop usage.

2

Why Linux?

Easy Remote Administration

VPN Servers DHCP Server Samba Server DNS Server Web Server Proxy Servers Firewall Mail Filter Network Services

Future: WINE and Accelerated Reader

3

Easy Remote Administration

There are many ways to manage a Linux server or workstation:

Webmin

By manually modifying configuration files

Using GUI tools that come with the distribution you are using

Access to a Linux box remotely can be obtained by using an SSH client (such as Putty) and connecting to the server's SSHd service. Webmin also allows remote access through an HTTP or HTTPS connection.

4

Easy Remote Administration

Webmin

5

Easy Remote Administration

Webmin

6

Easy Remote Administration

Webmin

7

DHCP Servers

Setup of a DHCP server to assign addresses to your workstations is much simpler than tracking the assignments by hand.

Easy to setup and very reliable.

Dynamic DNS support.

BootP support.

Multiple subnets and supernets.

8

Samba

Samba is file and printer sharing software that allows clients to connect to a Linux server as if it were an NT/Windows 2000 Server. You can specify whether to use domain logins or workgroup authentication. Authentication can come from a password file, LDAP server, or database server.

Shares are setup on the server and access granted by user and/or group.

Printers are by default automatically shared with all clients and you can store the driver on the server for easier installation to the workstation.

9

Proxy Cache Servers

Squid is an Internet proxy server that can be used to proxy HTTP, HTTPS, FTP and Gopher access to the Internet for client workstations. By enabling caching on the proxy server, bandwidth to the Internet can be saved by having the data retrieved from a local cache on the server and sent to the client. Up to 60% of your users' web access would typically be retrieved from cache instead of the Internet. This results in less

bandwidth usage and a faster response time to the client.

There are modules available for squid to allow you to authenticate users before they access the Internet. The authentication can come from Windows servers, NetWare servers, a database, LDAP or a text file.

10

Proxy Cache Servers

Proxy setup at Etowah County

If data is not found on local school proxy, then master proxy at BoE is checked. If not there then data is fetched from the Internet.

11

Content Filtering

SquidGuard is a content filtering product that can be added to the caching server to stop users from going to domains listed in a database. You can also stop users from going to sites that have certain words in the URL - like 'sex', 'ad', etc.

Dan's Guardian is a filtering product that allows you to filter pages based on keywords in the web page. If the page has profane language or words in a list that you specify, it won't be allowed to get to the client.

12

VPN Site-to-Site Setup

VPN tunnels from 3 remote school sites back to the Board of Education.

Provided filtered web access and the ability to manage the remote schools at faster than dial-in speeds.

Tunnel was both encrypted for security and compressed to save on bandwidth.

If tunnel was interrupted because of a circuit being down, it would try and reconnect every 5 seconds until successful.

13

VPN Site-to-Site Setup

14

DNS Servers

There are many choices for DNS servers available on the Linux platform:

BIND DJBDNS MARA

DJBDNS has several nice features:

Very secure.

The ability to give out different addresses depending on requesters location.

15

Web Servers

Most Linux distributions include the Apache web server. 62% of all web servers on the Internet run Apache - far more than any other server.

Apache is the most popular.

Zope has built in scripting and GUI access management.

AOL Web Server.

If only static pages are to be served, the Linux kernel has a built-in web server that is twice as fast as the alternatives.

16

Apache

There are many modules available to enhance the functionality of Apache.

mod_perl mod_php mod_rewrite mod_auth_ldap

17

Firewall

IPTables is the dominant firewalling code in use. The basic code supports NAT, PAT, and stateful inspection. Additional functionality that can be added through the Patch-O-Matic system available on netfilter.org and

includes:

Quota support - limit number of bytes to a host during a certain period

Time restrictions - only allow Internet access for certain hosts or networks during certain time periods or days.

Conditions - allow routing of packets to alternative hosts if primary host is down

Command execution - execute commands if packet matches a certain criteria

18

Mail Servers

Linux makes an excellent low cost mail server. By combining the basic SMTP server with POP3, IMAP and webmail services you can put together a system with most of the features found in expensive groupware products.

Sendmail has been the most popular SMTP server but Postfix and Qmail are rapidly rising in popularity because of their enhanced security.

Number of vulnerabilities by product listed on http://www.cve.mitre.org/cve/ :

Postfix has only 1.

Sendmail has 45. Qmail has 3. Exchange has 39. GroupWise has 11. 19

Webmail

Mail Filtering

By all accounts, SPAM takes up between 35% and 65% of the email traffic on the Internet. Even if you have a commercial groupware or email system, by frontending your system with a Linux mail server running anti-spam software such as SpamAssassin you can remove or mark your spam before it reaches the end user.

The mail can also be filtered for viruses and text content at the same time.

21

Mail Filtering

Many of the open source products can be combined so that spam filtering, attachment filtering and virus scanning can all be applied at the same time to email.

22

Monitoring

Nagios (formerly NetSaint) is an excellent choice for monitoring the status of your network devices.

Monitoring of network services (SMTP, POP3, HTTP, NNTP, PING, etc.)

Monitoring of host resources (processor load, disk and memory usage, running processes, log files, etc.)

Monitoring of environmental factors such as temperature

Simple plugin design that allows users to easily develop their own host and service checks

Ability to define network host hierarchy, allowing detection of and distinction between hosts that are down and those that are unreachable

Contact notifications when service or host problems occur and get resolved (via email, pager, or other user-defined method)

23

Monitoring

Nagios detail page showing up/down status of hosts.

24

Monitoring

25

Database Servers

There are many commercial and open source database servers available for Linux. Commercial databases include:

IBM's DB2

Oracle

Open Source servers include:

MySQL PostgreSQL mSQL

26

Workstation Data Recovery

Using bootable Linux 'Live CD's you can retrieve data from a crashed workstation without opening the case.

Boot with the CD.

Mount the local partition and the server share or volume.

Copy the data.

Retrieve data from FAT16/32 and NTFS partitions. Linux 'Live CD' distributions:

Knoppix Gentoo DemoLinux

27

Nessus Security Scanner

The "Nessus" Project aims to provide to the internet community a free, powerful, up-to-date and easy to use remote security scanner.

A security scanner is a software which will audit remotely a given network and determine whether bad guys (aka 'crackers') may break into it, or misuse it in some way.

Unlike many other security scanners, Nessus does not take anything for granted. That is, it will not consider that a given service is running on a fixed port - that is, if you run your web server on port 1234, Nessus will detect it and test its security. It will not make its security tests regarding the version number of the remote services, but will really attempt to exploit the vulnerability.

28

Nessus Security Scanner

29

Programming

Linux is an effective platform for teaching programming skills. There are a multitude of programming languages available at little or no cost.

C++ C Perl PHP Ruby Python Pascal

And many more

30

Programming IDEs

There are several very good Integrated Development Environments available for Linux:

Kdevelop is available for C and C++ programming.

GAMBAS (a BASIC programming language) has a good IDE that is actually written in GAMBAS itself.

WxWorkshop for Java and C++ development.

31

Programming IDEs

Kdevelop

32

Programming IDEs

GAMBAS

33

WINE

WINE is an application that allows you to run Windows programs in Linux. WINE actually stands for Wine Is Not an Emulator.

We are evaluating it in order to determine whether it will run some of the standard classroom apps to remove the requirement of a Windows license on the classroom workstations.

We are in the process of testing Accelerated Reader.

34

WINE - AR

WINE - AR

WINE - AR

37

IRM for Ticket Tracking

IRM allows you to open and track trouble tickets. With the addition of the KBShare knowledge base program, managing your todo list becomes very easy.

IRM features:

Security access based on login.

Email sent to person the ticket is assigned to.

Email sent when reassigning a ticket.

Multiple followups added to tickets until tickets are closed.

Report by open tickets, closed tickets and location.

Written in PHP and easily modifiable - add your own report types or features.

38

IRM for Ticket Tracking

Open a ticket

39

IRM for Ticket Tracking

Ticket view

40

IRM for Ticket Tracking

Report view

41

Knowledge Management

KBShare is a web based program modeled after Novell's support TIDs (Technical Information Documents) that allows you to store problems and their solutions in an online database and access them when needed. Data can be searched for by site/school and by keywords or phrases. The use of boolean searching helps to

retrieve the exact data you need quickly.

Firewall AND nat

Windows NOT xp

Cisco AND s0

42

Knowledge Management

43

Knowledge Management

KBShare - results page

44

KDE Educa Programs

KHangman is the classical hangman game.

KLettres aims to help to learn the alphabet and then to read some syllables in different languages.

KMessedWords is a simple mind-training game, in which you have to "figure out" the word that has been given in the program. KVerbos is an application specially designed to study Spanish verb forms.

KVocTrain is a vocabulary trainer. Like most of the other vocabulary trainers it uses the "flash card" approach. Kiten is a Japanese reference/learning tool.

KPercentage is a small math application that will help pupils to improve their skills in calculating percentages. KmPlot is a mathematical function plotter.

FlashKard is a vocabulary studying tool for learning languages or termninology. KTouch is a program for learning touch typing.

KStars is a Desktop Planetarium program.

Kalzium is an application which will show you some information about the periodic system of the elements. KEduca is an educational project to enable the creation and revision of form-based tests and exams.

45

KDE Educa Programs

Kstars

46

KDE Educa Programs

Kstars

47

KDE Educa Programs

Kalzium

48

OpenOffice.org

OpenOffice.org is a multi-platform office productivity suite. It includes the key desktop applications, such as a word processor, spreadsheet, presentation manager, and drawing program, with a user interface and feature set similar to other office suites.

Sophisticated and flexible, OpenOffice.org also works transparently with a variety of file formats, including those of Microsoft Office.

It is fully open sourced and available for Linux and Windows platforms. This presentation was done in OpenOffice.org's Impress software.

49

OpenOffice.org

OpenOffice.org

OpenOffice.org

Linux Links

Linux Online - http://www.linux.org

Sourceforge (software index) - http://www.sourceforge.net

Freshmeat (software index) - http://www.freshmeat.net

Linux Today (news) - http://www.linuxtoday.com

Linux for Kids (school software) - http://linuxforkids.org

Seul/Edu Application Index - http://richtech.ca/seul

KDE Educa (educational software) - http://edu.kde.org

Vulnerability Search - http://www.cve.mitre.org/cve/

Distribution Watch - http://www.distrowatch.com