1. Linux Basics Reading:  Chap 1-2 [WFR05]  Linux Command Manual

2. About Linux  Linux is the name of the kernel  Linux is Open Source Software (OSS)  Linux is licensed through the General Public License (version 2, aka GPL2)  The right to redistribute is granted only if the distribution is licensed under the terms of the GPL and either includes, or unconditionally offers to include at the moment of distribution, the source code  The Linux kernel by itself can serve as a firewall, router, access point, and even a static web page server  Typically, Linux is packaged with a great number of applications and utilities, also OSS

3. Components of a Linux System  Kernel (can be monolithic or modular)  Modules (if modular kernel)  Filesystem(s)  Boot Loader  Libraries and Dynamic Linker  Init and rc system  Utilities  Applications

4. Components of a Linux System  Kernel (can be monolithic or modular)  Modules (if modular kernel)  Filesystem(s)  Boot Loader  Libraries and Dynamic Linker  Init and rc system  Utilities  Applications

5. Linux Kernel  A kernel is the central component of most computer operating systems (OS). Its responsibilities include managing the system's resources  Monolithic architecture includes much of OS functionality in kernel  Memory and process management  Device drivers  File systems  Network  In contrast, microkernels (e.g., Mach and NT) includes minimal functionality  Inter-process communication and memory management  Pros and cons

6. Linux Kernel  Since V1.2, a combination of  Base kernel  Loadable kernel modules

7. Linux Kernel Configuration ● Monolithic architecture includes much of OS functionality in kernel – Memory and process management – Device drivers – File systems – Network

8. Linux Kernel Configuration ● Configuration in a tree structure to decide which files to be compiled into the kernel

9. Linux Kernel Configuration ● Configuration in a tree structure to decide which files to be compiled into the kernel ● Options to compile directly in or as a module

10. Linux Kernel Configuration ● Configuration in a tree structure to decide which files to be compiled into the kernel ● Options to compile directly in or as a module ● Online help to explain choices

11. Components of a Linux System  Kernel (can be monolithic or modular)  Modules (if modular kernel)  Filesystem(s)  Boot Loader  Libraries and Dynamic Linker  Init and rc system  Utilities  Applications

12. Linux Loadable Kernel Modules (LKM)  Linux supports kernel modules as an option  Modules are loaded at run time  Reduce memory requirements  Add functionality to Linux kernel  Run in privileged kernel mode  As fast as base kernel  Doesn't require a reboot to add or remove functionality or develop your own module  LKMs are used for  Device drivers  Filesystem drivers  Network drivers  …

13. LKM utilities  ismod – insert LKM  rmmod – remove LKM  lsmod – list LKM  modinfo  modprob – can read /etc/modules; insert/remove a set of LKMs intelligently

14. Components of a Linux System  Kernel (can be monolithic or modular)  Modules (if modular kernel)  File system(s)  Boot Loader  Libraries and Dynamic Linker  Init and rc system  Utilities  Applications

15. Linux File System Support  Linux uses the virtual file system (VFS) interface to modularize file system support  File systems may be compiled in as modules (but watch out for catch-22)  “you need to mount the root filesystem to add the module that lets you mount the root filesystem”  In addition to file systems that manage disk partitions, there are also pseudo file systems

16. Pseudo File Systems  A 'pseudo' file system provides a file style interface to the inner workings of the kernel.  Most important is the /proc file system which provides many important interfaces to the kernel and running processes  /proc can be used to set parameters in the running kernel as well as to read states  e.g. echo “1” > /proc/sys/net/ipv4/ip_forward

17. Components of a Linux System  Kernel (can be monolithic or modular)  Modules (if modular kernel)  Filesystem(s)  Boot Loader  Libraries and Dynamic Linker  Init and rc system  Utilities  Applications

18. Boot Loader  Takes over from BIOS after POST  Usually on master boot record (MBR) of hard drive  the 512-byte boot sector that is the first sector of a partitioned disk  Can offer choice of different OSes (dual boot)  Linux typically uses GRUB (LILO in the past)

19. GRUB  GRand Unified Boot loader  Two stages  The first being small with the sole purpose of loading the second one.  Understands several file system types  Provides for changing of boot options at boot time (useful for testing new kernel features) For more information: http://www.gnu.org/software/grub/ http://www.gnu.org/software/grub/ root (hd0,0) kernel /vmlinuz-i686-up-4GB root=/dev/hda9 boot Which partition contains the kernel1 st partition on first hard disk File name of the kernel Partition containing /sbin/init, which becomes the root partition

20. Boot process on Linux  BIOS -> bootloader -> kernel  The first process to start is a script /etc/rc.d/rc.sysinit  6 run-time levels  /etc/rc.d/rc?.d/  Runtime 5 is used for boot the system into GUI mode using XDM and X-Windows.  Runtime 3 is used for single-user mode  Scripts with S for startup and K for shutdown

21. Init and RC System  Takes over once kernel loads  Brings system up to ready state  Starts different services  Can be used after boot to start and stop services e.g. /etc/init.d/httpd start  boot the system into GUI mode using XDM and X-Windows.

22. Components of a Linux System  Kernel (can be monolithic or modular)  Modules (if modular kernel)  Filesystem(s)  Boot Loader  Libraries and Dynamic Linker  Init and rc system  Utilities  Applications

23.  Unix and the toolkit approach  /bin and /sbin (/usr/bin and /usr/sbin too)  STDIN, STDOUT, STDERR  Redirection and Pipes  e.g. dmesg | head -l

24. Practices (cont’d) Hints:  If the commands are not in the default paths, try /sbin or /usr/sbin  A number of ways for finding out linux distributions  dmesg | head –l  Cat /proc/versions  “man” is your friend!

25. Top Network Utilities  ifconfig  route  ping  traceroute (tcptraceroute)  nmap  netstat  ssh (scp, sftp)  telnet  nc  tcpdump

26. Components of a Linux System  Kernel (can be monolithic or modular)  Modules (if modular kernel)  Filesystem(s)  Boot Loader  Libraries and Dynamic Linker  Init and rc system  Utilities  Applications

27. Applications  Anything more complex than a utility?  System services (daemons)  X Windowing system  Interactive programs

28. Practices ssh to linux01~04.cs.uh.edu 1. Find out the followings:  what Linux distribution is used?  Processor type, memory, CPU speed, # of CPUs  Which boot loader is used? 2. Try the following command  ifconfig  route  ping www.uh.edu  traceroute www.google.com  Netstat 3. Explain the results from ping, netstat

29. Linux Networking Tools

30. Top Network Utilities  ifconfig  iwconfig  route  iptables  iwconfig  netstat  ssh (scp, sftp)  tcpdump  ping  traceroute  host, (nslookup)  dig  nmap  telnet

31. ifconfig  Configure a network interface  Without options, ifconfig shows current settings  can bring interface up or down  example:  ifconfig eth1 up  pump -i eth1 --- dhcp client program  ifconfig eth1

32. ifconfig (CS Firewall) eth0 Link encap:Ethernet HWaddr 00:E0:81:2A:9D:C3 inet addr:129.7.240.254 Bcast:129.7.240.255 Mask:255.255.255.192 inet6 addr: fe80::2e0:81ff:fe2a:9dc3/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:222210314 errors:0 dropped:0 overruns:0 frame:0 TX packets:194237844 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:2468437723 (2354.0 Mb) TX bytes:1403836636 (1338.8 Mb) Base address:0xdc00 Memory:fe9e0000-fea00000 eth1 Link encap:Ethernet HWaddr 00:04:23:A8:58:82 inet addr:129.7.254.188 Bcast:129.7.254.191 Mask:255.255.255.192 inet6 addr: fe80::204:23ff:fea8:5882/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:397766811 errors:0 dropped:0 overruns:0 frame:0 TX packets:521981776 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:2719493949 (2593.5 Mb) TX bytes:217572585 (207.4 Mb) Base address:0xc880 Memory:fe8c0000-fe8e0000 eth2 Link encap:Ethernet HWaddr 00:04:23:A8:58:83 inet addr:192.168.10.254 Bcast:192.168.10.255 Mask:255.255.255.0 inet6 addr: fe80::204:23ff:fea8:5883/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:334616505 errors:0 dropped:0 overruns:0 frame:0 TX packets:238180941 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:2097863118 (2000.6 Mb) TX bytes:2193856536 (2092.2 Mb) Base address:0xcc00 Memory:fe8e0000-fe900000

33. IP-Aliasing  “IP-aliases are additional IP- addresses/masks hooked up to a base interface by adding a colon and a string when running ifconfig.”  example:  ifconfig eth0:0 192.168.100.1  ifconfig eth0:1 192.168.101.1  Remove an aliasing  Ifconfig eth0:0 down  linux/Documentation/networking/alias.txt

34. route  Show and/or manipulate the IP routing table  Commonly used in determining or setting default routers for a machine on network  example:  route add default gw 129.7.243.254  route add -net 192.168.1.0 gw 10.0.0.10 netmask 255.255.0.0  route del -net 192.168.1.0 gw 10.0.0.10 netmask 255.255.0.0  To remove all routes: ifconfig eth0 down

35. Static Routes  Routes can be static or dynamic  Most host-based routes are static  Static routes are layer 3 clues as to where to find hosts on a complicated network.  They include a destination network and a next-hop IP address.  The default route's destination network is a wildcard

36. route (CS Firewall) Computer Science department firewall configuration $ /sbin/route Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 129.7.240.0 192.168.10.253 255.255.255.192 UG 0 0 0 eth2 129.7.240.64 192.168.10.253 255.255.255.192 UG 0 0 0 eth2 129.7.240.128 192.168.10.253 255.255.255.192 UG 0 0 0 eth2 129.7.240.192 0.0.0.0 255.255.255.192 U 0 0 0 eth0 129.7.241.0 192.168.10.253 255.255.255.192 UG 0 0 0 eth2 129.7.254.128 0.0.0.0 255.255.255.192 U 0 0 0 eth1 129.7.242.0 192.168.10.253 255.255.255.0 UG 0 0 0 eth2 129.7.243.0 192.168.10.253 255.255.255.0 UG 0 0 0 eth2 192.168.10.0 0.0.0.0 255.255.255.0 U 0 0 0 eth2 loopback 127.0.0.1 255.0.0.0 UG 0 0 0 lo 0.0.0.0 129.7.254.190 0.0.0.0 UG 0 0 0 eth1 Flag U. This flag indicates that the route entry is up and running or ACTIVE. Flag G. This flag indicates that the route entry specifies an indirect route. Flag H. This flag indicates that the destination field in this route entry specifies a host route.

37. tcpdump  Prints out headers of packets on a network interface  Provides for filtering output, and can also do some protocol analysis  example  tcpdump -i eth0  tcpdump -i eth0 host [hostname]

38. init scripts  Scripts for starting services are in /etc/init.d/  Arguments are required for these scripts  (start, stop, restart, status)  To run a service at boot time  update-rc.d xxx defaults  To remove a service at boot time  update-rc.d -f xxx remove

39. netstat  Prints information about various parts of the networking subsystem  Current network connections  Routing tables  Interface statistics  Masqueraded connections  Multicast memberships Alternatively, cat /proc/net/xxx

40. netstat examples  netstat -r (provides same result as route command)  netstat -a (shows all connections)  netstat -tulp (shows all services)  gives programs listening for TCP and UDP connections t for TCP, u for udp, l for listening sockets, -p for program (show the PIC and name of the program)

41. Try this Run as root: # netstat -tulp # /etc/init.d/apache start # netstat -tulp Compare the results

42. HTTP (WWW)  HyperText Transport Protocol  Uses TCP connections on port 80*  Commands are plaintext; human readable (if you don't mind html)  example: telnet www.uh.edu 80  Try the following: telnet localhost 80 Trying 127.0.0.1... Connected to Cougar. Escape character is '^]'. GET /apache2-default/ HTTP/1.1 * Typically. Other ports such as 8080, 443 for SSL, etc. can also be used.

43. Configuring Apache  Typically, Apache configuration files can be found under /etc/apache/conf  Knoppix and Debian create a symbolic link so everything is under /etc/apache  Most of the configuration is in httpd.conf  Additional configurations can be included from other files with the “Include” directive  Most distributions break this up into multiple files to provide for ease of management

44. Common Apache Directives  Apache.conf contains two basic types of options  Directives are one-liner Attribute Value pairs  DocumentRoot /var/www  ServerName www.example.comwww.example.com  Blocks (also considered directives in apache documentation) define sections where directives have a limited scope ...

45. Name Services  Provides a map from human readable address space (hostnames) to machine readable address space (IP)  Hierarchical system checks local resources before querying remote ones  /etc/hosts  optional local network naming systems  DNS  DNS works off a hierarchy as well.

46. DNS and BIND  The internet's most common DNS server is BIND.  BIND consists of a set of configuration under /etc/bind and a daemon called named  For further information, O'Reilly has a great book, DNS and BIND (4 th ed.)  The default install creates a caching nameserver

47. Querying DNS  Several utilities provide the ability to perform name resolution using DNS  The most simple is the host command.  example  host www.uh.edu  host 129.7.1.1  For more power and flexibility in interrogating DNS servers, use the dig command.

48. dig $ dig @129.7.240.1 www.cs.uh.edu ; > DiG 9.2.5 > @129.7.240.1 www.cs.uh.edu ; (1 server found) ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 35927 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2 ;; QUESTION SECTION: ;www.cs.uh.edu. IN A ;; ANSWER SECTION: www.cs.uh.edu. 3600 IN A 129.7.228.92 ;; AUTHORITY SECTION: cs.uh.edu. 3600 IN NS dns.cs.uh.edu. cs.uh.edu. 3600 IN NS ns2.uh.edu. ;; ADDITIONAL SECTION: dns.cs.uh.edu. 3600 IN A 129.7.240.1 ns2.uh.edu. 34494 IN A 129.7.1.6 ;; Query time: 0 msec ;; SERVER: 129.7.240.1#53(129.7.240.1) ;; WHEN: Wed Feb 8 12:25:20 2006 ;; MSG SIZE rcvd: 115

49. DHCP server  Set up the configuration file  Edit /etc/dhcp3/dhcpd.conf  /etc/init.d/dhcp3-server start  Set route to broadcast address route add 255.255.255.255 dev eth0

50. Formation of an Ad Hoc Network  Plug in the wireless card.  Bring your wireless card online using ifconfig eth1 up, but do not set it up with an IP address. (Don't use pump)  Set the card in ad-hoc mode using  iwconfig eth1 mode "ad-hoc"  iwconfig eth1 essid COSC6397sp07 channel 6  ifconfig eth1 192.168.0.x  route add default gw 192.168.0.1

51. Firewalls isolates organization’s internal net from larger Internet, allowing some packets to pass, blocking others. firewall administered network public Internet firewall two types of firewalls:  application-level  packet-filtering

52. Basic functionalities  IP Filter  Used to filter packets  Full matching on IP, TCP, UDP and ICMP packet headers  Stateful firewalls, NAT  Certain protocols are "complex“ and require extra modules called "conntrack helpers"  Ex: ftp connection, NAT  Packet mangling  Modify IP header fields of a packet client server Comm Port 21 PORT 1051Port 1050 Data Port 20 Port 1051

53. Linux Implementation  The iptables command to enter a rule  Use iptables-save and iptables restore script to save them  The framework inside the kernel is called netfilter  Five hooks defined in IPv4: PRE_ROUTING, LOCAL_IN, FORWARD, LOCAL_OUT, POST_ROUTING.

54. The Hooks (cont.) PRE_ROUTING LOCAL_INLOCAL_OUT FORWARD POST_ROUTING

55. Netfilter Hooks  PRE_ROUTING  Incoming packets pass this hook in ip_rcv() before routing  LOCAL_IN  All incoming packets addressed to the local host pass this hook in ip_local_deliver()  FORWARD  All incoming packets not addressed to the local host pass this hook in ip_forward()  LOCAL_OUT  All outgoing packets created by this local computer pass this hook in ip_build_and_send_pkt()  POST_ROUTING  All outgoing packets (forwarded or locally created) will pass this hook in ip_finish_output()

56. Basic iptables syntax iptables -A INPUT -p tcp --dport 80:1024 -j DROP  iptables [-t table] [commands] [options] -j  Table: filter (default), nat, mangle  Commands:  append, insert, replace, delete, list, policy, etc  Built-in chains: INPUT, OUTPUT, FORWARD, PREROUTING, POSTROUTING  Options:  verbose, line numbers, exact, etc.  Matches:  -p for dport, dst, sport, src, states, TCP options  -m for matching module name  ! to invert the sense of the match.  Targets:  Immediate actions: ACCEPT, DROP, REJECT, SNAT, DNAT, TOS, LOG, etc.  User defined chain  Extentions: -p

57. Iptables syntax  Listing the rules  -L, --list [chain]  -F, --flush [chain]  Flushes (erases) all rules in a chain  Or a table  -N, --new chain  Creates a user-specified chain  There must be no target with that name previously  -X, --delete-chain [chain]  Deletes a user-created chain  No rules may reference the chain  Can delete all user-created chains in a table

58. Iptables syntax - Creating & Deleting user-created chains Creating...  iptables -t filter -N badtcppackets and Deleting a chain  iptables -t filter -X badtcppackets and Deleting all user-created chains  iptables -t filter -X

59. Iptables syntax - A few matches Protocol -p, --protocol [!] [protocol]  tcp, udp, icmp or all  Numeric value  /etc/protocols Destination IP & Port -d, --destination [!] address[/mask]  Destination address  Resolvable (/etc/resolve.conf) --dport, --destination-port [!] port[:port]  Destination port  Numeric or resolvable (/etc/services)  Port range

60. Iptables syntax - A few matches (cont.) Source IP & Port -s, --source [!] address[/mask]  Source address  Resolvable (/etc/resolve.conf) --sport, --source-port [!] port[:port]  Source port  Numeric or resolvable (/etc/services)  Port range

61. Iptables syntax - A few matches (cont.) Incoming and Outgoing interface  -i, --in-interface [!] interface  -o, --out-interface [!] interface

62. State module  --state state  INVALID: the packet is associated with no known connection  ESTABLISHED: the packet is associated with a connection which has seen packets in both directions  NEW: the packet has started a new connection, or otherwise associated with a connection which has not seen packets in both directions  RELATED: the packet is starting a new connection, but is associated with an existing connection, such as an FTP data transfer, or an ICMP error iptables -A INPUT -p tcp -m state --state NEW ! --syn -j REJECT --reject-with-tcp- reset

63. Iptables syntax - Some targets  ACCEPT  Accepts the packet  Ends further processing of the specific chain  Ends processing of all previous chains  Except other main chains and tables  DROP  Drops the packet  No reply  Ends all further processing

64. Iptables syntax - Some targets (cont.)  REJECT  Drops packet  Returns a reply User specified reply Calculated reply TCP-RST or ICMP errors  Ends all further processing  RETURN  Returns from a chain to the calling chain

65. Iptables syntax -... and a few simple rules  iptables -A INPUT -p tcp --dport 80:1024 -j DROP  iptables -A FORWARD -p tcp --dport 22:113 -j DROP  iptables -A FORWARD -p tcp --dport ftp-data:ftp -j DROP  iptables -A OUTPUT -p tcp -o eth0 -j ACCEPT  iptables -A OUTPUT -p tcp -o lo -j ACCEPT  iptables -P OUTPUT DROP

66. Iptables syntax - Some targets (cont.)  SNAT  only valid in the nat table, in the POSTROUTING chain.  specifies that the source address of the packet should be modified  --to-source ipaddr[-ipaddr][:port-port] iptables -t nat -A POSTROUTING -p tcp -o eth0 -j SNAT --to- source 194.236.50.155-194.236.50.160:1024-32000

67. Iptables syntax - Some targets (cont.)  DNAT  only valid in the nat table, in the PREROUTING and OUTPUT chain.  specifies that the destination address of the packet should be modified  --to-destination ipaddr[-ipaddr][:port-port] iptables -t nat -A PREROUTING -d 10.10.20.99 -j DNAT --to- destination 10.10.14.2 iptables -t nat -A PREROUTING -p tcp -d 10.10.20.99 --dport 80 - j DNAT --to-destination 10.10.14.2

68. A simple example ruleset – The Goals  See handout