Professional Documents
Culture Documents
SWAT (Samba Web Administration Tool) : Features and Advantages of SWAT
SWAT (Samba Web Administration Tool) : Features and Advantages of SWAT
1 Describe what is SWAT protocol / tool in Linux and how it relates to the Samba service and
how you make use of it.
After installation of samba-swat, swat executable file will save at /etc/xinetd.d/swat, before start
using swat services it is recommended to go to /etc/xinetd.d and open swat file with any text
editor of your choice, like nano or vi.
After changing disable value from yes to no, will make service swat available and accessible
from entire network of 192.168.1.0/24. In following figure, it depicted to start swat service and
to add in start at boot.
Once swat service has started, samba server can access using swat for management and
configuration through Graphical User Interface (GUI) web based using samba web
administration tool (Swat). For accessing the samba configuration, it is recommended to use any
web browser and provide address in url http://192.168.1.100:901, that is the default IP address of
machine on which samba and swat is configured and installed.
Note: Installation of Samba-Swat on CentOs7
It is required to mention with great concern that installation of swat is not possible on CentOS7,
as CentOs 7 support for samba version 4 and for samba version 4, there is no swat is available.
For installation of swat with samba, it is required to install samba version 3 that is not feasible in
CentOs 7, so instead of swat other web based administration and configuration tools can use for
samba GUI based administration.
Q. No 2
Hosts.allow file in CentOs located under folder /etc/hosts.allow, This file comprise of access
rules for allowing or denying the access for network services those are used for tcp wrapper
library or for the services those are started using tcp_wrapper-enabled xinetd.
In above figure, hosts.allow files contents is depicted, where At Line 1: rule for senmail daemon
is defined. Access rules in hosts.allow file are defined using following syntax
daemon_list : Client_list : option : option …
according to syntax used for defining access rules in hosts.allow files, at line 1 rules for sendmail
daemon is defined and access for 192.168.1.1 is denied, it means that any client with IP address
192.168.1.1 is not allowed to access the sendmail daemon network service.
At Line 2: access rule for sshd daemon is defined, for sshd network service rules says that any
cilet with IP address 192.168.1.1 is not allowed to access sshd network service. Client with this
IP address is not allowed to access sshd service or sshd service is inaccessible for client with
mentioned IP address.
At Line 3: access rule for sendmail daemon is defined, this rules illustrate that client with IP
address 192.168.2.2 is allowed to access sendmail daemon network services. At Line 4: another
rules for sendmail daemon is defined and send mail daemon services for all clients are denied.
Above sendmail daemon rules defined at line number 1 and 3 will proceeded before access rule
defined on line no. 4 for sendmail daemon in which access for all clients is denied. But, At Line
3 sendmail daemon access is allowed for client with IP address 192.168.2.2 that mans except
client with IP address 192.168.2.2 is the only client who can access sendmail daemon network
services, because At Line 1, sendmail daemon is denied for client with IP address 192.168.1.1.
At Line 4 sendmail daemon service is denied for all clients but before deny sendmail daemon
service at line 4, sendmail service was allowed for client with IP address 192.168.2.2.
At Line 5: telnetd daemon network service is denied for all clients and no access rules is defined
for telnetd daemon, on line 5 service is denied for all clients. It means not a single client allowed
for accessing the telnetd service and telnetd daemon service access is block for all everyone.
At Line 6: an Access Rule for proftpd daemon service is defined and service allowed for client
with IP address 192.168.2.2 and again At Line 7 access rule for proftpd daemon service is
defined in which proftpd service is allowed for client with IP address 192.168.2.3 and client with
this IP address have rights to access the proftpd service. At line 8, Access Rule for proftpd is
again defined and access for all clients is denied. It means according to Line 6 and Line 7 only
two clients with IP address 192.168.2.2 and 192.168.2.3 are allowed to proftpd daemon service
and except these clients proftpd daemon service is denied for everyone.
Q1-c
There are various methods available for resetting password in windows server 2012, third party
applications for resetting of password in Windows server 2012 also available those helps for
resetting the Widows server 2012 password even if you have lost or forget your assigned
password. The most appropriate way for resetting password for Windows 2012 server especially
when you have forgotten your password is resetting password using pre-created installation disk.
but for this method you must have make your pre-created installation disk when your system is
accessible to you. Once you have pre-created installation disk you can reset password for
Windows Server 2012 whenever you required. For Resetting password of Windows 2012 server
following mentioned steps are required to execute, which are mentioned below in sequence.
For Password resetting in Windows 2012 Server, first of all you have to boot your machine using
Microsoft Windows 2012 Server installation CD or DVD or any other media that keeps in
Windows Server 2012 installation files that can also be a Bootable USB Stick.
1- Insert your Windows Server 2012 bootable media and boot from installation media
2- When Windows have booted from installation media and windows server 2012
installation menu appear, choose Windows Setup Menu option and click on next button.
This first step is mentioned below in figure
3- When Windows server 2012 installation setup start, after clicking on next button, choose
option for repairing your computer, another widows will prompt with option continue,
troubleshooting, and turn off your pc, Choose second option that is Troubleshooting and
continue the procedure as mentioned in figure given below:
4- In next step, upon prompting the advance option window that has option for system
image and command prompt, Choose Command Prompt option from the given options as
mentioned in figure mentioned below:
5- On appearing command prompt, commands mentioned below are required to execute in
sequence
i- d: (Select the drive that has windows installation media)
ii- cd windows\system32
iii- ren Utilman.exe utilman.exe.old (Rename utilman.exe file and save with
“utilman.exe.old” name.
iv- ren cmd.exe Utilman.exe (Rename cmd.exe file and save as utilman.exe
name)
v- execute command “wpeutil reboot” for rebooting Windows Server 2012.
As for as concerned with similarities of FTP and Samba service, it can say that both service
provides File sharing for the remote users, File Transfer Protocol also allows to users for sharing
of files from a remote server machine on which files are stored and user required to establish a
connection using login authentication for sharing of files. Samba service also offers file sharing
between server and client but with addition of other network resources like printers, serial ports
and other network resources. FTP and Samba both required user login for accessing the files
store on serve machine.
Q. NO 2-B
In above figure interaction between DHCP client and DHCP server is presented, DHCP client
and DHCP server exchanges various messages with each other for provisioning of dynamic IP
allocation to clients and work in a client/server communication architecture.
In above figure, At Number 1: The first Message (DHCP REQUEST), message is generated by
the DHCP server and sent to DHCP client. DHCP client receives DHCP REQUEST message
from DHCP server in response of DHCP Discovery message that is generated by the DHCP
client, whenever a DHCP client DHCP Discovery message to DHCP server, DHCP Server send
DHCP REQUEST message in response to DHCP Client. Leave unavailable option shows that
DHCP Server do not assign/lease IP address to DHCP client and reason can be all IP address are
already leased out.
At Number 2: DHCPNAK (DHCP Negative Acknowledge) message generate by the DHCP
server and sent to DHCP Client, in this case DHCP server sends back DHCPNACK to DHCP
client. AT Number 1, DHCP REQUEST message sent by DHCP Server to DHCP Client when
DHCP Client requested for a special IP Address, and DHCP server respond with DHCP
REQUEST message and unavailable lease.
IPTABLES
Iptables is application/utility program in Linux that facilitate for configuration of firewall
security tables provided by the Linux Kernel Firewall and available chains and use can define or
remove security rules using iptables commands. Iptables in Linux utilize various kernel modules
and diverse protocol for provisioning the best security features to users. Iptables can utilize for
both IP addressing schemes like IPV an IPV6 addressing and for both transport layer protocols
TCP and UDP for blocking the service ports used by various applications. Iptables in Linux
adopts Netfilter framework for provisioning of diverse networking operations those can
performed by the iptables. The Iptables rules managed by the Linux Kernel and is the key
responsibility of Linux Kernel. Regardless which security tool used for configuration of security
at the end these security rules are converted to iptables rules and kernel manages all the security
related operations. Iptables used chain like INPUT, OUTPUT and FORWARD chains. For
dropping all the services in, flushing iptables following commands are used
Iptables –F ( for flushing the IP tables entries)
Iptables –P INPUT DROP
Iptables –P OUTPUT DROP
Iptables –P FORWARD DROP
FirewallD
Firewalld offers dynamic management of firewall by using network or firewall zones for
defining the trust level of network connection those are established for services and connected
interfaces. Firewalld provides support for both addressing IPV and IPV6 addressing schemes as
well as for Ethernet bridges and IP subsets. There are two isolated configuration options are
available in firewalld those are for runtime and permanent setttings. Firewalld also provides
support of an interface with respect to services and applications for directly addition of firewall
rules. Following firewalld commands are used for configuration of firewalld rules
For zone management
Sudo firewall –cmd –get-active-zone