Presentation is loading. Please wait.

Presentation is loading. Please wait.

UNIT II Configuring additional hardware. Everyday task using Linux.

Published byJason Gilmore Modified over 5 years ago

Similar presentations

Presentation on theme: "UNIT II Configuring additional hardware. Everyday task using Linux."— Presentation transcript:

1 UNIT II Configuring additional hardware. Everyday task using Linux.
X window system configuration. Setting up servers. Setting up files services using Samba. NFS file services. Setting up proxy services. Setting up printer services.

2 Configuring additional hardware
Sound card. Displays &Display cads. Network cards. Modems, USB drivers. CD writers.

3 USB DRIVERS What is USB? USB= Universal Serial Bus
The universal serial bus (USB) is a connection between a host computer and a number of peripheral devices. It was originally created to replace a wide range of slow and different buses—the parallel, serial, and keyboard connections.

4 Cont… The latest revision of the USB specification added high-speed connections with a theoretical speed limit of 480 MBps. USB Device Basics: A USB device is a very complex thing, as described in the official USB documentation. the Linux kernel provides a subsystem called the USB core to handle most of the complexity.

5 Cont.. End points: The most basic form of USB communication is
through something called an endpoint. Out endpoint: A USB endpoint can carry data in only one direction, either from the host computer to the device. In endpoint: direction, either from the device to the host computer.

6 USB driver overview

7 USB device overview A USB endpoint can be one of four different
types that describe how the data is transmitted:

8 Types of endpoint transmission
CONTROL INTERRUPT BULK ISOCHRONOUS.

9 Control Control endpoints are used to allow access to different parts of the USB device. They are commonly used for configuring the device, retrieving information about the device, sending commands to the device, or retrieving status reports about the device. these endpoints are usually small in size. Every USB device has a control endpoint called “endpoint 0”.

10 Cont.. Interrupt endpoints:
Interrupt endpoints transfer small amounts of data at a fixed rate every time the USB host asks the device for data. Bulk endpoints: Bulk endpoints transfer large amounts of data.

11 Cont… ISOCHRONOUS endpoints:
Isochronous endpoints also transfer large amounts of data, but the data is not always guaranteed to make it through.

12 USB Logical Unit Devices usually have one or more configurations.
Configurations often have one or more interfaces. Interfaces usually have one or more settings. Interfaces have zero or more endpoints.

13 USB and Sysfs:

14 Lifecycle of USB Urbs Created by a USB device driver.
Assigned to a specific endpoint of a specific USB device. Submitted to the USB core, by the USB device driver. Submitted to the specific USB host controller driver for the specified device by the USB core. Processed by the USB host controller driver that makes a USB transfer to the device. When the urb is completed, the USB host controller driver notifies the USB device driver.

15 X Window System

16 X Window System X-Window Introduction :
The 5 Elements of X-Window System 1. X-Serve 2. X-Clients 3. X-Protocol 4. X-library 5. X-toolkit

17 Cont… The Architecture of X-window : Client/Server
The Characteristic of X-window : multi-platform Tool Kit of X-Server configuration. Config file for X-Server

18 X Window System What is X window system?
The X Window System, commonly called "X," is a graphical windowing interface that comes with all popular Linux distributions. X is available for many Unix-based operating systems; the version of X that runs on Linux systems with x86-based CPUs is called "XFree86.

19 Information on installing X
Running X: What X looks like, and how to run it. X Clients: Running programs in X. Window Operations: How to manipulate a window.

20 Cont… Xterm: Running a shell in X. Configuring X:
Desktop: Moving around the desktop. Xterm: Running a shell in X. Configuring X: Making X run the way you want it to.

21 Setting up email servers.

22 has many aspects that work together to give people almost instant communication from any computer on the internet to any other computer There are three main parts that we will look at: sending on a server, receiving on a server and receiving as a client The simplest is to receive as a client. You merely put in the name of the server that holds your and download it.

23 Cont.. On Linux, you can view your through many different programs. There are graphical programs like Mozilla, Ximian Evolution and Kmail You can also use programs from the command line like 'pine' and 'mutt'

24 has many aspects that work together to give people almost instant communication from any computer on the internet to any other computer There are three main parts that we will look at: sending on a server, receiving on a server and receiving as a client The simplest is to receive as a client. You merely put in the name of the server that holds your and download it.

25 Cont.. You merely put in the name of the server that holds your and download it. On Linux, you can view your through many different programs. There are graphical programs like Mozilla, Ximian Evolution and Kmail You can also use programs from the command line like 'pine' and 'mutt'

26 on the Server Getting and reading is simple on a client, but setting up a server to get and send requires a little more understanding of how works There are three parts to have an server The MTA – Mail Transport Agent (most people use the program called 'sendmail') The LDA – Local Delivery Agent (most people use the program procmail)

27 Cont… IMAP and POP3 servers – these are two ways to get from a server. When a client connects to a server to get , they will use one of these servers

28 Setting up Sendmail Sendmail normally runs with all RedHat distributions, so you won't need to start any service. Sendmail is a Mail Transport Agent – this means that it is a program which moves mail from one computer to another computer. It is estimated that 80% of all is handled by Sendmail today. With Sendmail, you can do many things, like block spam, relay mail, have forwarders and configure ways to route mail automatically across networks.

29 Cont… With Send mail, you can do many things, like block spam, relay mail, have forwarders and configure ways to route mail automatically across networks. Like most Linux programs, Send mail is changed through configuration files

30 Setting up Sendmail Setting up Sendmail can be an enormous task if you want to do complicated things, but if we just want it to accept , we can keep it simple. First change into /etc/mail where the sendmail files are saved Sendmail has a different configuration, where you edit files and then compile them into a form that Sendmail likes to see.

31 Cont… First open the file “access” - This is the file that contains all the domains that will be allowed to use your Send mail to send s. You’ll also want to make a file called “relay-domains” and put your domain in there. This is to stop people from outside using your server to send spam You need to add in your domain here and any domains that might be own your network

32 Setting up Sendmail You'll also want to open up the file “local-host-names” - This will contain other names for your computer, so that Sendmail will still accept mail from these domains. This file should contain any other names you have for your computer Now your sendmail will know who it is good to accept mail from and who it is not good.

33 Setting up Sendmail The actual sendmail configuration file is in “sendmail.cf” but it has become so complicated they made another configuration file, which you then compile to make into the “sendmail.cf” In RedHat, they use this program called “m4” to generate the sendmail.cf file So after we edit the “sendmail.mc” file, we use m4 to change it, like root]# m4 sendmail.mc > sendmail.cf

34 Setting up Sendmail Now that you have the configuration set up for Sendmail, you can restart the service if you want to take the new changes into affect So we use the service command to restart sendmail root]# service sendmail restart And you can check to see if it's running by using 'ps -aux' and you'll see an entry that says, “sendmail: accepting connections” This means that it is up and running and people can send to your server

35 Cont… And you can check to see if it's running by using 'ps -aux' and you'll see an entry that says, “send mail: accepting connections” This means that it is up and running and people can send to your server But how does anyone else on the Internet know how to send to your server?

36 MX Records MX Records – Mail Exchange records are part of the DNS system for the entire Internet. In order for other computers to know where to send you , you need to have the correct MX records set up on some Name Server on the internet. They use a numerical priority determines the order in which servers should be used. The server with the lowest priority is the primary. In DNS, the MX records will look like the following.

37 Local Delivery Agents In most RedHat distributions, Sendmail will get the mail from some server on the Internet and then pass it off to another program for local delivery This means there is another layer of handling before an will reach your inbox. Procmail is usually the program that is chosen to do the local delivery. The reason that there is another layer is that it is easy to do things to mail after it has come in with procmail. For example, you could sort mail into different folders, delete it if it is spam or make copies of everybody's

38 Procmail When a new message comes in, Procmail will start automatically and deliver the mail to the correct folder for the person to read it You can change how mail is delivered though through a procmail configuration file. Initially, there is no configuration file for procmail, because it will just give whatever mail comes in to the person who should receive it

39 Cont… You can make one yourself though by creating a file called “/etc/procmailrc” This is the file where you can put rules that will change how mail is delivered

40 Procmail configuration
Procmail configuration let's you do almost anything you can imagine to , but you have to know the right way to configure Once you have the procmailrc file open, you can start putting rules.

41 Cont… For example, if you want to make a copy of everyone's so you can read it yourself: :0c /home/mycopy- The ':0' part says that a new rule is starting. The 'c' says copy all and the following line says where to copy it.

42 Procmail Example: If you wanted to delete all that came from a certain domain :0 * /dev/null The first line says a new rule is starting. The next line checks if the 'From' field is from

43 Cont… The last line says move that message to /dev/null if the is from that person /dev/null is like the trash bin for linux. If you move something there, it delete's it automatically.

44 IMAP and POP3 The last part of setting on the server is to have a way for users to get that . The most popular way is through to services called IMAP and POP3 IMAP - Internet Message Access Protocol It permits a "client" program to access remote message stores as if they were local.

45 Cont… For example, stored on an IMAP server can be manipulated from a desktop computer at home, a workstation at the office, and a notebook computer while traveling, without the need to transfer messages or files back and forth between these computers.

46 Turning on IMAP To get IMAP and POP3 working on your server, it is not difficult, but can be confusing because there are no startup scripts in the “rc.d” folder To get them started, you need to edit a file called “/etc/inetd.conf” This file has a list of all the services that are running and what ports they are connected on.

47 Cont.. Look down the list until you see the info for port “139” – pop3 and “143” – IMAP. Uncomment those lines and the next time you restart the server, IMAP and pop3 should be started

48 POP3 The other way to get email is through the POP3 service
POP – Post Office Protocol It was the first way to get from a server. POP3 is the latest version, which has replaced POP2.

49 Cont… POP is different from IMAP in that everything is downloaded to the client machine. Thus, if you make a change to your mail, it will only be changed on the client machine and not the server You can turn it on using the same procedures from IMAP

50 SMTP You will also hear about SMTP servers if you use computers.
SMTP – Simple Mail Transfer Protocol – is a program that runs on a server and will send messages When we set up and turned on Sendmail, the SMTP server also started. When you send from a client computer, you need a SMTP server to send it through. This is what is responsible for sending those messages to the rest of the Internet

51 Cont… It operates on port 25. A good way to see if it is running, try
root]# telnet localhost 25 What this command will do is use the telnet program to connect to port 25 on the computer you are using. You will then be able to see the protocol and server messages coming from the SMTP server

52 IMAP and POP You can also see how the IMAP and POP servers work by using the same telnet idea IMAP runs on port 143 POP3 runs on port 110 root]# telnet localhost 143 root]# telnet localhost 110

53 Cont… What happens then is that the IMAP or POP server thinks it is connected to something that will know how to speak it's language. If you knew the protocol that IMAP or POP used, you could get your this way too.

54 Local and Remote You should be aware of when you are getting from remotely and when you are accessing it locally on the server If you telnet into a server, and use a program like 'pine' or 'mutt' this means that you are accessing the local copy of the . Your is saved in a file in the “/var/mail” directory under your username. These programs open up that file and break it up so that it looks like there are many messages.

55 Cont… IMAP and POP3 are services that run on a server that allow client computers to use different programs (like Microsoft Outlook) to access over a network. IMAP and POP will also open up your mail file, but they are not programs you use to read . They are servers that will send your to program that asks for it

56 Updating programs Sendmail, especially, but also IMAP and POP3 have been vulnerable to many security holes in the past. This is because they run as root, so if you can break in through the program, you can have root access to the system So one of the first things to do is to update Sendmail (get the newest from sendmail.org) and then IMAP as well. Generally, the installations are pretty easy, but we might need to change startup scripts.

57 Reference For more information about Sendmail:
More information about Procmailhttp://userpages.umbc.edu/~ian/procmail.html More info about IMAP More info about SMTP

58 NFS

59 Network File System What is NFS?
The Network File System is a file system that may be accessed via a network connection. The Network File System (NFS) was developed to allow machines to mount a disk partition on a remote machine as if it were on a local hard drive.

60 Cont… This allows for fast, seamless sharing of files across a network With other file systems, the storage device must be directly attached to the local system. However, with NFS this is not a requirement, making possible a variety of different configurations, from centralized file system servers, to entirely diskless computer systems

61 Cont… 1. Means server keeps no state:
NFS developed by Sun Microsystems Native method for file sharing between Unix/Linux systems Stateless protocol(2&3): 1. Means server keeps no state: 2. Renders server crashes `easily recoverable‘

62 Cont… Systems are clients, servers or both
Clients import shared file systems Servers export shared file systems Servers easy to implement via network daemons Clients require kernel modifications Linux systems normally work as both already NFS is NOT Unix/Linux specific (e.g. PCNFS)

63 Exporting System Exporting handled by daemons .nfsd and Must be running for NFS export to work Exported file systems listed in /etc/exports, format is: hostname(flags) [hostname(flags)] Important flags: (read only) (read/write)

64 Cont… _squash (map all uid/gid to something)
(specify user ID to map to) (specify group ID to map to) After changing /etc/exports, restart NFS killall -HUP rpc.nfsd killall -HUP mount

65 Viewing exports ● Use showmount: $ showmount -e
$ showmount -e hostname Export list for landlord.gbdirect.co.uk: /usr/local/gbdirect/cvsroot roti.gbdirect.co.uk /home/adamg /home/andylong

66 Cont… Mount a remotely exported directory Usually have to be super user: $ mount hostname:/share name /local/directory If successful, the export named /share name on host hostname is mounted on our mount point /local/directory Files accessed

67 Cont… just as if local Remote host must be exporting the directory
You must have access permission Your local mount point must exist Exactly like mounting a device

68 Samba Security

69 What is samba? Samba provides file and print services for Microsoft Windows clients. These services may be hosted off any TCP/IP-enabled platform. The original deployment platforms were UNIX and Linux, though today it is in common use across a broad variety of systems. The Samba project includes not only an impressive feature set in file and print serving capabilities, but has been extended to include client functionality, utilities to ease migration to Samba, tools to aid interoperability with Microsoft Windows, and administration tools.

70 Who Needs Samba? You’ve got a UNIX server storing large amounts of research data, and want to share this data among a group of Windows-based client machines. You’ve got Linux workstations that need to print to a printer which is connected to a Windows machine. Many other interoperability scenarios, not just limited to Windows and UNIX (Macs, too!)

71 Why is there a need for securing Samba?
Like any other networked service, Samba can be maliciously exploited in the wrong hands, if not configured properly. Sensitive data (financial, EPHI, HR, etc.) can potentially be compromised Inherent legal liability More simply, annoyances created by not securely locking down shared services (printer bombs, etc.)

72 What are the different approaches for securing Samba?
User Share Domain ADS (Active Directory) Server

73 User Level Security Simplest - default setting since Samba-2.2.x
client sends a session setup request directly following protocol negotiation. This request provides a username and password, which the server can either accept or reject. client expects to be able to mount shares without further specifying a password.

74 Share-Level Security client authenticates itself separately for each share. It sends a password along with each tree connection request (share mount), but it does not explicitly send a username with this operation. The client expects a password to be associated with each share, independent of the user. This means that Samba has to work out what username the client probably wants to use, since the SMB server is not explicitly sent the username.

75 Domain Security Mode provides a mechanism for storing all user and group accounts in a central, shared, account repository. repository is shared between domain (security) controllers. Servers that act as domain controllers provide authentication and validation services to all machines that participate in the security context for the domain. For most purposes at Yale, this is obsolete in favor of ADS

76 ADS Security Mode Samba can join an Active Directory domain using NT4 style RPC based security, if the domain is run in native mode The term realm is used to describe a Kerberos-based security architecture (such as is used by Microsoft ADS) In the event that Samba cannot correctly identify the appropriate ADS server using the realm name, use the password server option in smb.conf

77 Server Security (deprecated)
left over from the time when Samba was not capable of acting as a domain member server. It is highly recommended not to use this feature - many drawbacks Samba server reports to the client that it is in user-level security. The client then does a session setup as described earlier. The Samba server takes the username/password that the client sends and attempts to log into the password server by sending exactly the same username/password that it got from the client.

78 Reference The Samba Website: http://www.samba.org
The Official Samba-3 HOWTO and Reference Guide: Workstation Support Services (WSS): Information Security Office (ISO):

79 WEB SERVER SETUP

80 Web server Apache Web Server is used
Daemon is httpd (service httpd start/stop/restart)

81 Apache Configuration Directives
Server Name Min and Max Servers Document Root CGI Enable/Disable User Directory Directory Index Mime Types Modules

82 File used Apache Configuration file: /etc/httpd/conf/httpd.conf
Log files: /var/log/httpd/access_log and /var/log/httpd/error_log Modules /etc/httpd/modules Default Document Root /var/www/html Default CGI Root /var/www/cgi-bin

83 Basic Setting Change the default value for ServerName in httpd.conf and put the website content in /var/www/html Additionally you can configure Name based Virtual Hosting (allow more than one websites to run on the same server)

84 Squid Setup What is a Web Proxy? A proxy is a host which relays web access requests from clients used when clients do not access the web directly used for security, logging, accounting and performance browser proxy web

85 Obtaining Squid Source code (in C) from www.squid-cache.org
Binary executables Linux (comes with RedHat and others) FreeBSD Windows Pre-installed in Fedora/Enterprise Linux

86 Basic Settings Edit the /etc/squid/squid.conf file to configure squid
Squid Setup Basic Settings Edit the /etc/squid/squid.conf file to configure squid Configuration options: Disk Cache size and location Authentication Allowed Hosts Any other access restrictions (sites, content, size, time of access etc.) using ACL service squid start/stop/restart

87 Squid.conf Configuration
Squid Setup Squid.conf Configuration cache_dir ufs /var/spool/squid/cache auth_param basic program /usr/lib/squid/ncsa_auth /etc/shadow acl sidbiusers proxy_auth required http_access allow sidbiusers acl our_network src /24 http_access allow our_network (Note: use squid –z for the first time to create the cache directory and its subdirectories)

88 Thank you

Download ppt "UNIT II Configuring additional hardware. Everyday task using Linux."

Similar presentations

Linux+ Guide to Linux Certification, Second Edition Chapter 14 Network Configuration.

Linux+ Guide to Linux Certification, Second Edition Chapter 14 Network Configuration.
Chapter Apache Installation in Linux- Mandrake. Acknowledgment The following information has been obtained directly from www.mandrake.com www.mandrake.com.

Chapter Apache Installation in Linux- Mandrake. Acknowledgment The following information has been obtained directly from
Exchange server 2003. Mail system Four components Mail user agent (MUA) to read and compose mail Mail transport agent (MTA) route messages Delivery agent.

Exchange server Mail system Four components Mail user agent (MUA) to read and compose mail Mail transport agent (MTA) route messages Delivery agent.
Module 6 Windows 2000 Professional 6.1 Installation 6.2 Administration/User Interface 6.3 User Accounts 6.4 Managing the File System 6.5 Services.

Module 6 Windows 2000 Professional 6.1 Installation 6.2 Administration/User Interface 6.3 User Accounts 6.4 Managing the File System 6.5 Services.
Cambodia-India Entrepreneurship Development Centre - : :.... :-:-

Cambodia-India Entrepreneurship Development Centre - : :.... :-:-
Computer Networks IGCSE ICT Section 4.

Computer Networks IGCSE ICT Section 4.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Application Layer Functionality and Protocols Network Fundamentals – Chapter.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Application Layer Functionality and Protocols Network Fundamentals – Chapter.
1 Chapter Overview Introduction to Windows XP Professional Printing Setting Up Network Printers Connecting to Network Printers Configuring Network Printers.

1 Chapter Overview Introduction to Windows XP Professional Printing Setting Up Network Printers Connecting to Network Printers Configuring Network Printers.
DNS Setup DNS CONFIGURATION. DNS Configuration DNS Setup named daemon is used A DNS Server may be caching/master/slave server The named.ca file has information.

DNS Setup DNS CONFIGURATION. DNS Configuration DNS Setup named daemon is used A DNS Server may be caching/master/slave server The named.ca file has information.
Web Server Setup WEB SERVER SETUP.

Web Server Setup WEB SERVER SETUP.
1.  The Linux system of permissions is much more difficult than that of Windows  System administrators are given more control with the use of three.

1.  The Linux system of permissions is much more difficult than that of Windows  System administrators are given more control with the use of three.
1 Linux Networking and Security Chapter 3. 2 Configuring Client Services Configure DNS name resolution Configure dial-up network access using PPP Understand.

1 Linux Networking and Security Chapter 3. 2 Configuring Client Services Configure DNS name resolution Configure dial-up network access using PPP Understand.
Microsoft Windows 2003 Server. Client/Server Environment Many client computers connect to a server.

Microsoft Windows 2003 Server. Client/Server Environment Many client computers connect to a server.
BASIC NETWORK CONCEPTS (PART 6). Network Operating Systems NNow that you have a general idea of the network topologies, cable types, and network architectures,

BASIC NETWORK CONCEPTS (PART 6). Network Operating Systems NNow that you have a general idea of the network topologies, cable types, and network architectures,
Chapter 7: Using Windows Servers to Share Information.

Chapter 7: Using Windows Servers to Share Information.
The Linux Operating System Lecture 7: Email Tonga Institute of Higher Education.

The Linux Operating System Lecture 7: Tonga Institute of Higher Education.
Module 4: Add Client Computers and Devices to the Network.

Module 4: Add Client Computers and Devices to the Network.
Chapter 10 Intro to Routing & Switching.  Upon completion of this chapter, you should be able to:  Explain how the functions of the application layer,

Chapter 10 Intro to Routing & Switching.  Upon completion of this chapter, you should be able to:  Explain how the functions of the application layer,
70-284 MCSE Guide to Microsoft Exchange Server 2003 Administration Chapter Four Configuring Outlook and Outlook Web Access.

MCSE Guide to Microsoft Exchange Server 2003 Administration Chapter Four Configuring Outlook and Outlook Web Access.
©Kwan Sai Kit, All Rights Reserved Windows Small Business Server 2003 Features.

©Kwan Sai Kit, All Rights Reserved Windows Small Business Server 2003 Features.

Similar presentations

Ads by Google