Professional Documents
Culture Documents
Feature of Rhe. Diffrence Between Rhel and Windows. Security of Rhel
Feature of Rhe. Diffrence Between Rhel and Windows. Security of Rhel
Feature of Rhe. Diffrence Between Rhel and Windows. Security of Rhel
1. FEATURE OF RHE.
2. DIFFRENCE BETWEEN RHEL
AND WINDOWS.
3. SECURITY OF RHEL.
*IPTABLES
*TCP-WRAPPER
*PAM
*IPTABLES
Iinput
Aappend
-pprotocol
--dportdestinition port
--sportsource port
-D delete a rule
-Fdelete al rules
-Jjump
-Llist all rules
-Ssource address
-ddistination address.
install telnet-server*.rpm
#yum install telnet-server*
#chkconfig telnet on
#iptables –F
Any telnet packet coming form 192.168.0.2
system will be rejected from 192.168.0.1
system.
#iptables –I INPUT –P tcp –s 192.168.0.2 –
d 192.168.0.1 –dport 23 –j REJECT
(ACCEPT) (DROP)
#iptables –L
#iptables –D INPUT 1
#service iptables save
*TCP – WRAPPER:
/etc/hosts.allow /etc/hosts.deny
PAM:(Pluggable Authentication
Module)
Login root /etc/passwd
Password: /etc/shadow
/etc/securetty
#cd /etc/pam.d
#ls login
#ls system-auth
#vi login
*1. The first column specified what type
of test is specified by this particular
modules.
Auth: Authentication
Account : Authorigation
#su – ram
#cd /etc/pam.d
#vi –su
auth required sufficient pam_rootok.so
accout required sufficient
# cd /usr/share/doc/pam-0.99.6.2
#vi README_Pam
#vi /etc/pam.d/login
@account required pamtimestamp_so
add new line
account required pam_timestamp_so
:wq
#vi /etc/security/time.conf
go to last line
login;tty*;ram;!AL1200-1400
0000-0200
:wq (save and exit)
4. BOOTING PROCESS.
Booting Sequence
IPLinitial program loader.
Grub :IPL
Bootloader two type
First stage bootloader
Second stage bootloader
When you loading linux(os) then you
should mention where the grub boot loader
loading that is it means that it is loading in
MBR or first sector of boot partition. You
select the MBR.
If you select the MBR then IPL loading in
MBR. The size of MBR is 512 byte ,the IPL
occupied 446 byte. The reset 64 byte use for
partition information, rest 2 byte use for
magic NO.
When the m/c booting , the POST checking
all the Hardware devices & received the
acknowledgement from them. After that
the post transfer the control to CMOS, the
CMOS check the boot priority.
13. SUDO
14. PERMISSION
line no17
edit the line
remove the #
#service dovecot restart
#service sendmail restart
#arp –a
#vi /etc/aliases
edit at last
acctmgr: pulak
pulak :ram
#new aliases
200.0.0.1DNS server
yahoo.com 200.0.0.2
HOSTNAME=SERVER2
:wq (save and exit
#yum install bind*
#yum install caching-nameserver*
#netconfig 200.0.0.1 [set the server IP]
(Reboot the Server)
#cd /var/named/chroot/etc
#cp name.caching-nameserver.conf
named.conf
**It consist of Forword Lookup Zone
&Reverse lookup zone means IP to name and
name to ip lookup.
#vi named.conf
go to line no15
listen on port 53{127.0.0.1;200.0.0.1}
line no 23
allow_query{localhost;200.0.0.0/24;};
line no31
view yahoo.com_resolver.
@ IN NS server2.yahoo.com.
server2 IN A 200.0.0.1
www IN A 200.0.0.2
www3 IN A 200.0.0.3
www4 IN A 200.0.0.4
#vi rev.zone
0.0.200.IN-ADDR.ARPA. IN SOA
server2.yahoo.com. root.server2.yahoo.com.
14400 Retry
36000000; Expairy
86400 ; minimum
@ IN NS server2.yahoo.com.
1 IN PTR server2.yahoo.com.
2 IN PTR www.yahoo.com.
3 IN PTR www3.yahoo.com.
4 IN PRT www4.yahoo.com.
#vi /etc/resolv.conf
nameserver 200.0.0.1
:wq (save and exit)
Slave Server
#yum install bind*
#yum install caching-nameserver*
Set a network ip 200.0.0.4
#cd /var/named/chroot/etc
#cp named-caching-nameserver.conf
namd.conf
#vi named.conf
line no 15 and 23 same edit
; 200.0.0.1;200.0.0.4;};
line no 32
nameserver 200.0.0.1
DHCP
DYNAMIC HOST COFIGURATION
PROTOCOL ,it is also RFCRequest for
comment.
#vi /etc/dhcpd.conf
default gateway
option 192.168.0.1
option subnet 255.255.255.0
option nis-domain-name “rehdat”
option domain-name “yahoo.com”
option domain name-server “200.0.0.1”;
option ntp-server 192.168.1.1;
option netbios-name-server 192.168.1.1;
#chkconfig httpd on
#service httpd restart
#iptables –F
#vi /etc/httpd/conf/httpd.conf
Server(192.168.1.50)
#nisdomainname
you can see the domain name
at this location.
#vi /etc/sysconfig/network
#chkconfig ypserv on
#chkconfig yppasswdd on
#service ypserv restart
#service yppasswdd restart
#/usr/lib/yp/ypinit –m (To
create master server)
Master server hold the userlist.
(ctrl+D)yes
#service ypserv restart
#service yppasswdd restart
create a user
#useradd partha
#cd /var/yp
#make (it will add all the user
at /var/yp/accel)
AT THE CLIENT ENDRPM REQUIRED IS
(ypbind*.rpm,yptools*.rpm)
DAEMON REQUIRED IS (ypbind)
#rpm –qa |grep yp*
#authconfig-tui
*use Nis->nest->
domain:accel
server :192.168.1.50 [ok]
#chkconfig ypbind on
#service ypbind restart
#ypcat passwd (show server and user list)
#vi /etc/auto.misc
type below the last line
* -rw,soft,intr 192.168.1.50:/rhome/&
:wq (save&exit)
*to all
softsoftlink
intrwithout interrupt
#service autofs restart
[ HOLDIA]
comment = Share folder for holdia
path = /document
valid user = joe, jitendra
public = no
writable = yes
browsable = yes
printable = no
create mask = 0765
:wq (save and exit)
#mkdir /document
#chmod 777 /document
#useradd jitendra
#usermod –s /sbin/nologin jitendra
#smbpasswd –a jitendra
[ /etc/samba/smbpasswd will be jitendra passwd file]
#chkconfig smb on
#service smb restart
#iptables –F
#restorecon –R /etc/samba
#restorecon –R /document
#ls –lZd /document/ /etc/samba/
#chcon –R --reference=/etc/samba /document
#getsebool –p samba_share_nfs=1
#setenforce 0
#smbclient -L comp3 –N
#smbclient -L comp3 -U guest
#smbclient //comp3/ -U administrator
#smbclient -L comp3
# Ssh-keygen –t dsa
Hit enter to accept the default file location
Hit enter twice for no passphrase
#cd /root/.ssh
#cat id_dsa.pub>>authorized_keys
#ssh userB@serverB
(enter password)
#userB@serverB>chmod 640
./.ssh/authorized_keys
#chmod 640 .ssh/authorized_keys