• No results found

Linux Administrator (Advance)

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "Linux Administrator (Advance)"

Copied!
14
0
0

Loading.... (view fulltext now)

Download now ( 14 Page )

Full text

(1)

Mr.Kriangsak Namkot

Trainer & Director Jodoi IT&Service Co.,Ltd.

[email protected] [email protected]

http://www.jodoi.com

Linux Administrator (Advance)

Linux Administrator I

Day 1

9.00 – 10.30 - Samba Server ( File Server ) 10.30 – 10.45 - Coffee Break

10.45 – 12.00 - Samba Server ( File Server ) 12.00 – 13.00 - Lunch

13.00 – 14.30 - Iptables 14.30 – 14.45 - Coffee Break

(2)

samba - A Windows SMB/CIFS fileserver for UNIX

The Samba software suite is a collection of programs that implements the Server Message Block (commonly abbreviated as SMB) protocol for UNIX systems. This protocol is sometimes also referred to as the Common Internet File System (CIFS). For a more thorough description, see http://www.ubiqx.org/cifs/. Samba also implements the NetBIOS protocol in nmbd.

smbd - server to provide SMB/CIFS services to

clients

Samba Server

# rpm -q samba

samba-3.0.33-3.29.el5_5.1 # yum install samba

Or

How to Compile Samba

http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/compiling.html

(3)

[root@doiserver named]# vi /etc/samba/smb.conf ~

workgroup = MYGROUP server string = Samba Server

# --- Standalone Server Options ---# security = user

# passdb backend = tdbsam security = share ; hosts allow = 192.168.1. 192.168.2. 127. hosts allow = 192.168.1. 127. ; interfaces = 192.168.12.2/24 192.168.13.2/24 interfaces = 192.168.1.212/24

Samba Server

[public]

comment = Public Stuff path = /samba

public = yes writable = yes printable = no write list = @staff :wq!

[root@jodoi-server ~]# /etc/init.d/smb restart [root@jodoi-server ~]# service smb restart

(4)

[root@jodoi-server ~]# netstat -anp|grep smb

tcp 0 0 0.0.0.0:139 0.0.0.0:* LISTEN 2719/smbd tcp 0 0 0.0.0.0:445 0.0.0.0:* LISTEN 2719/smbd [root@jodoi-server ~]# netstat -anp|grep nmb

udp 0 0 192.168.1.212:137 0.0.0.0:* 2723/nmbd udp 0 0 0.0.0.0:137 0.0.0.0:* 2723/nmbd udp 0 0 192.168.1.212:138 0.0.0.0:* 2723/nmbd udp 0 0 0.0.0.0:138 0.0.0.0:* 2723/nmbd [root@jodoi-server ~]# ps -ef|grep smb root 2719 1 0 08:29 ? 00:00:00 smbd -D root 2720 2719 0 08:29 ? 00:00:00 smbd -D

Samba Server

[root@jodoi-server /]# cd /

[root@jodoi-server /] # mkdir samba [root@jodoi-server /]# chmod -fR samba/ [root@jodoi-server /]# chmod -fR 777 samba/

Test on PC

(5)

Test on PC

Samba Server

# vi /etc/samba/smb.conf [...]

security = user

passdb backend = tdbsam [...]

#smbpasswd -a user # /etc/init.d/smb restart

Shutting down SMB services: [ OK ] Shutting down NMB services: [ OK ] Starting SMB services: [ OK ] Starting NMB services: [ OK ]

(6)

In GUI

Samba Server

In GUI

(7)

Samba Server

Iptables Firewall

iptables - administration tool for IPv4 packet filtering and NAT Option

-t, --table table -L, --list [chain] -n, --numeric

-A, --append chain rule-specification -D, --delete chain rule-specification

(8)

Iptables Firewall

Option -p, --protocol [!] protocol -s, --source [!] address[/mask] -d, --destination [!] address[/mask] -j, --jump target

-i, --in-interface [!] name -o, --out-interface [!] name

Reading iptables rules

# iptables -L –n # iptables-save

# vi /etc/sysconfig/iptables

Iptables Firewall

[root@jodoi-server ~]# iptables -L Chain INPUT (policy ACCEPT)

target prot opt source destination

RH-Firewall-1-INPUT all -- anywhere anywhere Chain FORWARD (policy ACCEPT)

target prot opt source destination

(9)

Iptables Firewall

Iptables Firewall

[root@jodoi-server ~]# iptables -L Chain INPUT (policy ACCEPT)

target prot opt source destination Chain FORWARD (policy ACCEPT)

target prot opt source destination Chain OUTPUT (policy ACCEPT)

(10)

TABLES in IPTABLES

[1] filter [2] nat

# iptables -t filter -L –n # iptables -t nat -L –n

ERASE existing ruleset

# iptables -F INPUT # iptables -F OUTPUT

Iptables Firewall

set defaut policy

# iptables -P INPUT DROP # iptables -P OUTPUT ACCEPT

set stateful connection tracking (allow REPLY to come back)

# iptables -P INPUT DROP # iptables -P OUTPUT ACCEPT

(11)

Ex.1 SELECTIVELY PERMIT some connection

e.g. TCP/22 from 192.168.1.0/24 LIST the following information

[0] FROM WHAT INTERFACE? ( eth0 ) [1] FROM WHAT IP? ( 192.168.1.0/24) [2] TO WHICH PROTOCOL? ( TCP ) [3] TO WHICH PORT? ( 22 )

# iptables -A INPUT -i eth0 -s 192.168.1.0/24 -p tcp --dport 22 -j ACCEPT

Iptables Firewall

Ex. 2 SELECTIVELY PERMIT some connection

e.g. TCP/80 from 192.168.1.0/24 LIST the following information

[0] FROM WHAT INTERFACE? ( eth0 ) [1] FROM WHAT IP? ( any )

[2] TO WHICH PROTOCOL? ( TCP ) [3] TO WHICH PORT? ( 80,443 )

# iptables -A INPUT -i eth0 -p tcp --dport 80 -j ACCEPT

(12)

Ex. 3 Block web hi5

# iptables -A FORWARD -i eth0 -d 66.218.161.68 -j DROP # iptables -A FORWARD -i eth0 -d 66.218.161.133 -j DROP # iptables -A FORWARD -i eth0 -d 66.218.161.6 -j DROP

Iptables Firewall

Internet Gateway Server

1. enable IP Forward

[root@jodoi-server ~]# vi /etc/sysctl.conf ~

# Controls IP packet forwarding

(13)

2. Disable Firewall

[root@doiserver root]# setup

Internet Gateway Server

3. Set group IP can Forward Packet

[root@doiserver root]# iptables -A FORWARD -s

192.168.1.0/24 -j ACCEPT

[root@doiserver root]# iptables -A FORWARD -d

192.168.1.0/24 -j ACCEPT

[root@doiserver root]# iptables -A FORWARD -j DROP [root@doiserver root]# service iptables save

[root@doiserver root]# service iptables restart or # vi /etc/sysconfig/iptables

Ex Config NAT

(14)

Lab Test IP tabless

1. Client can not open

www.manager.co.th

and

www.jodoi.com

and can not ping to any IP

Internet Gateway Server

2. Outside can

ping, use web,

samba, ssh

References

Download now ( PDF - 14 Page - 384.28 KB )

Related documents

Crystalline Silicon Plwtovoltaic Cells, Whether or Not Assembled into Modules, from the People's Republic of China: Request for Administrative Review

Jiangxi LDK Solar Hi-Tech Co., Ltd., LDK A venue, Economic Development Zone Xinyu City, Jiangxi Province, 338032 People's Republic of China. Risen Energy

Web Application Firewall on SonicWALL SSL VPN

Step 1 On the Web Application Firewall > Rules page, click the Edit Rule Chain icon under Configure for the rule chain from which you want to delete a rule. The page for that

QDB 15 = Flight Planning & Monitoring

Provided that flight conditions on the leg GAMMA to DELTA remain unchanged and fuel consumption remains unchanged, what fuel remaining should be expected at waypoint DELTA?.

Data Mining and Its Potential Use in Textiles: A Spinning Mil

Data mining is an analytical tool, a computer software package that is used to sort through data to determine trends, relationships or profiles.. “ Data Visualization is the

APPLICATION GUIDE MINI PRODUCT GUIDE

LSXR 610 HL High/Low Mount 360° Sensor with High/Low Dimming Control Option LSXR 610 P High/Low Mount 360° Sensor with On/Off Photocell Option LSXR 610 ADC High/Low Mount 360°

Conversion to Surface Water Continues

Conversion to Surface Water Continues While the West Harris County Regional Water Authority continues pushing pipeline west to more new water districts, equally important work goes

I Think Therefore I Am (Influenced): Perceptions of Social Influence on Self and Others

Moreover, when people explain potential and actual majority influence, do they focus on the thinking about the message or on the status of the source, and what are the