1

Linux Networking and Security

Chapter 3

2

Configuring Client Services

Configure DNS name resolution Configure dial-up network access using PPP Understand client services such as DHCP and LDAP Use remote graphical applications and remote dial-up

authentication Use common client tools such as Linux Web browsers

and email clients

3

Setting Up Name Resolution

The domain name service (DNS) is implemented by a domain name server The term domain name refers to the name of multiple hosts on

the Internet that are collectively referred to The most widely known top-level domain is .com Within a top-level domain, an organization has its own domain or

domains Network hosts are given names called hostnames A fully qualified domain name (FQDN) combines a hostname

with the name of its domain

4

Setting Up Name Resolution

5

Configuring the DNS Resolver Manually

The resolver is the client part of DNS It makes requests to a DNS server so that other workstation

programs can use the IP address of a given server to make a network connection

The resolver is configured by a single file in Linux: /etc/resolv.conf

Configure the resolver by storing the IP address of one or more DNS servers in the resolv.conf file, proceeded by the keyword nameserver

6

The hosts File

Another way to convert an IP address to a domain name is store the IP address and corresponding domain names in a text file called /etc/hosts on your host

The /etc/hosts.conf or /etc/nsswitch.conf files determine the order in which the resolver looks to various sources to resolve IP addresses

7

Configuring the DNS Resolver Graphically

8

Configuring the DNS Resolver Graphically

9

Configuring the DNS Resolver Graphically

10

Configuring the DNS Resolver Graphically

11

Dial-up Network AccessUsing PPP

PPP is widely used to connect to the Internet via modem PPP includes feature that make it more secure, flexible, and

dependable than terminal emulation In reality, PPP was not very secure and was challenging to

configure and manage

Two advances improve PPP security: Password Authentication Protocol (PAP) stores user data in a

file that only the root user accesses Challenge Handshake Authentication Protocol (CHAP) is the

most secure PPP option

12

PPP Connections

Text-mode utility wvdial is designed to ease the difficulty of working with PPP Used from a command line on a server

Red Hat Linux uses a utility called rp3 This is a wizard-driven graphical utility

The Linux KDE graphical environment uses a utility called KPPP

diald automates PPP difficult to use and challenging to set up

13

PPP Connections

14

PPP Connections

15

Using DHCP

Dynamic Host Configuration Protocol (DHCP) allows the configuration of a service that hands out IP addresses to network clients DHCP can drastically reduce the administration needs of a

network The DHCP server is installed by default on many Linux systems Configuration of DHCP involves creating an /etc/dhcpd.conf file

16

Using DHCP

17

Understanding LDAP

The Lightweight Directory Access Protocol (LDAP) provides a directory service that lets users query a database of network resource information LDAP directories are organized as inverted trees of information To use a directory, client software allows traversal of the tree,

looking for the needed data Objects in the tree are referred to using a formalized set of

identifiers

18

Understanding LDAP

19

Understanding LDAP

20

Running Applications Remotely

21

Running Applications Remotely

Before an X client can display its windows on a remote host, the remote host must be configured to allow others to use its X server To use xhost Authentication, include the hostname of the

computer that will be allowed to display xauth Authentication is more secure than xhost since it employs

the use of a cookie

XDMCP for Remote Graphical Terminals lets users on remote X servers obtain a graphical login screen

and begin using X clients on Linux

22

Running Applications Remotely

Using r-Utilities for Remote Execution Allow a user to learn about or execute a program on another

host The r-utilities are not secure

Using UUCP for Remote Access Provides transfer of email over modem between multiple email

servers

23

Running Applications Remotely

24

Web and Mail Clients

Popular Linux Browsers Lynx is a text-based browser that is installed by default on many

popular Linux distributions Netscape Communicator on Linux is similar to Netscape on

Windows Mozilla is included as the default on Red Hat Linux on the

Gnome desktop Other browsers: Opera, dillo, Galeon, SkipStone

25

Popular Linux Browsers

26

Understanding Email

Email is transferred on the Internet via the Simple Mail Transport Protocol (SMTP)

Email-related programs are divided into three categories: Mail Transfer Agent (MTA) - moves email messages from one

server to another Mail Delivery Agent (MDA) - places email in a user’s mailbox Mail User Agent (MUA) - displays and manages email messages

for a user

27

Understanding Email

On every Linux system, user accounts have associated email accounts and email is placed in the /var/spool/mail directory

Email is typically retrieved using a MUA in one of three ways: Post Office Protocol (POP3) - via a POP3 server downloads

messages to the computer Internet Mail Access Protocol (IMAP) - views messages on the

remote server Web browser

28

Understanding Email

Using an Email Filter: Procmail Procmail is a special MDA acts as a filter and processes email

based on user-defined criteria Difficult to configure, but worth the effort if a large number of

incoming messages are regularly received Is installed by default on many Linux systems Checks for both a system-wide configuration file /etc/procmailrc

and per-user .procmailrc These files can contain recipes, or formulas for examining email

messages and taking an action

29

Linux Email Clients

30

Linux Email Clients

31

Chapter Summary

The client portion of the domain name service is called a resolver

A fully qualified domain name (FQDN) consists of a hostname plus the domain of which the host is part

PPP is a popular method of making network connections via modem

PPP security is provided by the Password Authentication (PAP) and Challenge Handshake Authentication (CHAP) protocols

The wvdial utility can configure and manage a PPP connection from the command line

32

Chapter Summary

The diald program automates use of a dial-up connection via PPP, automatically connecting and disconnecting based on traffic

The Dynamic Host Configuration Protocol (DHCP) allows clients to configure IP networking automatically by receiving network address information from a DHCP server

Most versions of Linux include the dhcpd server and at least one of the three common DHCP clients

The Lightweight Directory Access Protocol (LDAP) provides a directory service that lets users query a worldwide database for information on resources

33

Chapter Summary

The OpenLDAP server is provided with most Linux distributions X can execute graphical programs remotely by referring to the

DISPLAY variable or the --display command line option XDMCP lets users on remote X servers obtain a graphical login

screen and begin using X clients on Linux without first logging into Linux via Telnet

The r-utilities provide a convenient way to execute commands on, or copy files between, remote hosts when working in a trusted network environment

34

Chapter Summary

The Unix to Unix Copy (UUCP) protocol was designed to facilitate inexpensive transfers of email messages between servers in the days before Internet connectivity was widespread

Many Web browsers are available for Linux, with the most popular being the text-mode browser Lynx and graphical browsers Mozilla and Netscape

Internet email relies on a Mail Transfer Agent (MTA) to move messages between hosts; a Mail Delivery Agent (MDA) may process mail as it is delivered to a user’s mailbox; and a Mail User Agent MUA is relied upon in order for a user to read and send messages

35

Chapter Summary

MUAs can either read local mail files, or can use the POP3 or IMAP protocols to retrieve messages from a central server

The Procmail program processes email messages using recipes which provide automatic message management

Many other Linux email clients are popular: elm and pine, fetchmail, Kmail and Balsa