1

INTRODUCTION Our project is based on the IT infrastructure and its security. The IT infrastructure we analyzed to take our project target A company which is based on Linux Operating System. We did our project on The Complete Open Source Solutions, which is famous for Linux Operating system training, troubleshooting, and real time support. The company is Red hat’s partner and it has the excellence on providing the open source solutions.

In that company we analyzed the following aspects:1. Machine Configurations for Clients & Servers.

2. Networking Configuration for Networks.

3. Operating system and Software configuration.

4. Types of Servers and their configurations.

5. Technical Support.

6. And the most important Security management as Firewall.

And we made The Firewall as our major aspect of that project we did research and development on its shell script and rules in providing security to the Company. With that observation we also developed many server configurations to test the Firewall rules with them to add more functionality to our multifunction Project.

2

SYSTEM ANALYSISEXISTING SYSTEM:For Server

For anyone who thinks Windows has the server market cornered, I would ask you to wake up and join the 21st century. Linux can, and does, serve up anything and everything and does it easily and well. It's fast, secure, easy to configure, and very scalable. And let's say you don't happen to be fond of Sendmail. If that's the case you have plenty of alternatives to choose from. Even with serving up Web pages. There are plenty of alternatives to Apache, some of which are incredibly lightweight.

For Security

Recently, there was a scare in the IT world known as Phalanx 2. It actually hit Linux. But the real issue was that it hit Linux servers that hadn't been updated. It was poor administration that caused this little gem to get noticed. The patch, as usual in the Linux world, came nearly as soon as word got out. And that's the rub. Security issues plague Windows for a couple of reasons: The operating system comes complete with plenty of security holes and Microsoft is slow to release patches for the holes. Of course, this is not to say that Linux is immune. It isn't. But it is less susceptible to attacks and faster to fix problems.

For Flexibility

This stems from the desktop but, because Linux is such an amazingly adaptable operating system, it's wrong to confine flexibility to the desktop alone. Here's the thing: With Linux, there is always more than one way to handle a task. Add to that the ability to get really creative with your problem solving, and you have the makings of a far superior system. Windows is about as inflexible as an operating system can be.

3

DRAWBACKSDisadvantages :

Understanding – Becoming familiar with the Linux operating system requires patience as well as a strong learning curve. You must have the desire to read and figure things out on your own, rather than having everything done for you.

Compatibility – Because of its free nature, Linux is sometimes behind the curve when it comes to brand new hardware compatibility. Though the kernel contributors and maintainers work hard at keeping the kernel up to date, Linux does not have as much of a corporate backing as alternative operating systems. Sometimes you can find third party applications, sometimes you can’t.

Alternative Programs – Though Linux developers have done a great job at creating alternatives to popular Windows applications, there are still some applications that exist on Windows that have no equivalent Linux application.

Proposed System Cost – The most obvious advantage of using Linux is the fact that it

is free to obtain, while Microsoft products are available for a hefty and sometimes recurring fee. Microsoft licenses typically are only allowed to be installed on a single computer, whereas a Linux distribution can be installed on any number of computers, without paying a single dime.

Security – In line with the costs, the security aspect of Linux is much stronger than that of Windows. Why should you have to spend extra money for virus protection software? The Linux operating system has been around since the early nineties and has managed to stay secure in the realm of widespread viruses, spyware and adware for all these years. Sure, the argument of the Linux desktop not being as widely used is a factor as to why there are no viruses. My rebottle is that the Linux operating system is open source and if there were a widespread Linux virus released today, there would be hundreds of patches released tomorrow,

4

either by ordinary people that use the operating system or by the distribution maintainers. We wouldn’t need to wait for a patch from a single company like we do with Windows.

Choice (Freedom) – The power of choice is a great Linux advantage. With Linux, you have the power to control just about every aspect of the operating system. Two major features you have control of are your desktops look and feel by way of numerous Window Managers, and the kernel. In Windows, you’re either stuck using the boring default desktop theme, or risking corruption or failure by installing a third-party shell.

Software - There are so many software choices when it comes to doing any specific task. You could search for a text editor on Fresh meat and yield hundreds, if not thousands of results. My article on 5 Linux text editors you should know about explains how there are so many options just for editing text on the command-line due to the open source nature of Linux. Regular users and programmers contribute applications all the time. Sometimes it’s a simple modification or feature enhancement of a already existing piece of software, sometimes it’s a brand new application. In addition, software on Linux tends to be packed with more features and greater usability than software on Windows. Best of all, the vast majority of Linux software is free and open source. Not only are you getting the software for no charge, but you have the option to modify the source code and add more features if you understand the programming language. What more could you ask for.

Hardware - Linux is perfect for those old computers with barely any processing power or memory you have sitting in your garage or basement collecting dust. Install Linux and use it as a firewall, a file server, or a backup server. There are endless possibilities. Old 386 or 486 computers with barely any RAM run Linux without any issue. Good luck running Windows on these machines and actually finding a use for them.

FEASIBILITY STUDYThe main aim of the feasibility study activity is to determine whether it would be financially or technically feasible to develop the project. The feasibility study activity involve the analyses the problem and collection of all relevant information relating to the product such as the different data item which would be input to the system, the processing required to be carried out on these data, the output data required to be produce by

5

the system, as well as various constraints on the behaviour of the system. The collected data are analyzed to arrive at the following:

An abstract problem definition. An abstract problem definition is a rough description of the problem which consider only the important requirement and ignores the rest.

Formulation of the different solution strategies. Analysis of alternative solution strategies to compare their

benefits and shortcomings. This analysis usually required making approximate estimates of the resources required, cost of development, and development time for each of the options. These estimates are used as the basic for comparing the different solutions.

Generally feasibility study is classified in to three types such as:1. ECONOMIC FEASIBILITY STUDY2. TECHNICAL FEASIBILITY STUDY3. OPERATIONAL FEASIBILITY STUDY

SYSTEM SPECIFICATION:HARDWARE AND SOFTWARE REQUIREMENTS:

We offer support for new installations on the operating systems and architectures mentioned below.

6

Hardware RequirementsComponent Minimum Requirement

Processor 266 MHz processor

Memory 512 MB RAM (1 GB recommended when hosting many accounts)

Disk Space 20GB hard disk (40GB is recommended)

Compatible SoftwareSupported Virtual Environments [1]

KVM

Linux- VServerMicrosoft Server® 2008 Hyper-V [2]

OpenVZ (stable releases only)

Oracle VM VirtualBox, VirtualBox OSE

Virtuozzo™ VMware® Server, VMware® ESX Server

Xen, XenEnterprise™, XenExpress™, XenServer™

Supported Operating Systems (i386 and x86-64 ONLY)

CentOS versions 5.x, 6.x Red Hat® Enterprise Linux® versions 5.x, 6.x

CloudLinux 5.x, 6.x [3]

7

Virtual Environments Detected and Reported as Functional

SmartOS

1. cPanel software does not support 32-bit Virtual Environments that run on a 64-bit host kernel.

2. cPanel software supports the drivers and configurations provided by Microsoft.

3. CloudLinux is not compatible with OpenVZ or Virtuozzo.4. For SmartOS to be detected, you must use cPanel & WHM software

version 11.36.1 or higher.

Important Facts

Please keep these facts in mind when you install cPanel® & WHM®

software:

We strongly recommend a system that exceeds the minimum requirements. This is especially true if you plan to host a large number of domains and accounts.

You should install a minimal version of the operating system.  All services that cPanel requires will automatically be installed during the cPanel & WHM software installation process.  Installing services prior to the installation of cPanel & WHM software will cause compatibility problems.

Because cPanel software is designed for commercial hosting, we only license publicly visible, static IP addresses. We do not license dynamic, sticky, or internal IPs.

cPanel does not support one-to-many NAT.

Installation Instructions

To install cPanel® & WHM® software on CentOS:

1. Download a free CentOS DVD ISO. To use this ISO, you must burn the image to a DVD. Then, insert the DVD into the server and turn it on.

2. Upon its first reboot, the ISO will install cPanel and WHM software in the background.

3. For more details, read our documentation on Installing cPanel and WHM software. If you have questions, please contact our sales team.

8

How long will this release of cPanel® & WHM® software receive support?

The 11.32 release of cPanel & WHM officially introduces the Long-Term Support initiative. To learn more, read our Long-Term Support document.

cPanel & WHM Version Approximate Release Date

Anticipated End of Life*

11.40 Oct. 2013 Oct. 2014

11.38 Apr. 2013 Apr. 201411.36 Jan. 25, 2013 Jan. 2014

11.34 (EOL) Oct. 15, 2012 Oct. 201311.32 (EOL) Feb 20, 2012 Aug 20, 2013

* cPanel® & WHM® software releases which have reached End of Life:

Are unavailable for installation Will no longer receive fixes or patches from cPanel®, Inc.

PROJECT DESCRIPTION: OVERVIEW OF THE PROJECT: This project IT infrastructure in Linux is better then windows IT infrastructure because it is highly secure and reliable in nature. It is user friendly, we can easily use it in any organisation , company etc for the following reasons

1. Low cost: You don’t need to spend time and money to obtain licenses since Linux and much of its software come with the GNU General Public License. You can start to work immediately without worrying that your software may stop working anytime because the free trial version expires. Additionally, there are large repositories

9

from which you can freely download high quality software for almost any task you can think of.

2. Stability: Linux doesn’t need to be rebooted periodically to maintain performance levels. It doesn’t freeze up or slow down over time due to memory leaks and such. Continuous up-times of hundreds of days (up to a year or more) are not uncommon.

3. Performance: Linux provides persistent high performance on workstations and on networks. It can handle unusually large numbers of users simultaneously, and can make old computers sufficiently responsive to be useful again.

4. Network friendliness: Linux was developed by a group of programmers over the Internet and has therefore strong support for network functionality; client and server systems can be easily set up on any computer running Linux. It can perform tasks such as network backups faster and more reliably than alternative systems.

5. Flexibility: Linux can be used for high performance server applications, desktop applications, and embedded systems. You can save disk space by only installing the components needed for a particular use. You can restrict the use of specific computers by installing for example only selected office applications instead of the whole suite.

6. Compatibility: It runs all common Unix software packages and can process all common file formats.

7. Choice: The large number of Linux distributions gives you a choice. Each distribution is developed and supported by a different organization. You can pick the one you like best; the core functionalities are the same; most software runs on most distributions.

8. Fast and easy installation: Most Linux distributions come with user-friendly installation and setup programs. Popular Linux distributions come with tools that make installation of additional software very user friendly as well.

9. Full use of hard disk: Linux continues work well even when the hard disk is almost full.

10. Multitasking: Linux is designed to do many things at the same time; e.g., a large printing job in the background won’t slow down your other work.

11. Security: Linux is one of the most secure operating systems. “Walls” and flexible file access permission systems prevent access by unwanted visitors or viruses. Linux users have to option to select

10

and safely download software, free of charge, from online repositories containing thousands of high quality packages. No purchase transactions requiring credit card numbers or other sensitive personal information are necessary.

12. Open Source: If you develop software that requires knowledge or modification of the operating system code, Linux’s source code is at your fingertips. Most Linux applications are Open Source as well.

Today the combination of inexpensive computers and free high-quality Linux operating systems and software provide incredibly low-cost solutions for both basic home office use and high-performance business and science applications. The available choices of Linux distributions and Linux software may be overwhelming at first, but if you know where to look, it shouldn’t take long for you to find good online guidance

List of Servers: DNS (Domain Name System).

1. Proxy Server.2. Web Server.3. Mail Server.4. SAMBA Server.

List of other major elements: 1. Software Router. 2. Firewal List of other Physical Components:

1. Switch2. Router3. NIC

11

4. Client machines (Windows, Linux)5. Server machines.(Linux)

FIREWALL:What is a firewall?

A firewall is a system designed to prevent unauthorized access to or from a private network. You can implement a firewall in either hardware or software form, or a combination of both. Firewalls prevent unauthorized Internet users from accessing private networks connected to the Internet, especially intranets. All messages entering or leaving the intranet (i.e., the local network to which you are connected) must pass through the firewall, which examines each message and blocks those that do not meet the specified security criteria.

Note: In protecting private information, a firewall is considered a first line of defence; it cannot, however, be considered the only such line. Firewalls are generally designed to protect network traffic and connections, and therefore do not attempt to authenticate individual users when determining who can access a particular computer or network.

Several types of firewall techniques exist: Packet filtering: The system examines each packet entering or

leaving the network and accepts or rejects it based on user-defined rules. Packet filtering is fairly effective and transparent to users, but it is difficult to configure. In addition, it is susceptible to IP spoofing. 

Circuit-level gateway implementation: This process applies security mechanisms when a TCP or UDP connection is established. Once the connection has been made, packets can flow between the hosts without further checking. 

12

Acting as a proxy server: A proxy server is a type of gateway that hides the true network address of the computer(s) connecting through it. A proxy server connects to the Internet, makes the requests for pages, connections to servers, etc., and receives the data on behalf of the computer(s) behind it. The firewall capabilities lie in the fact that a proxy can be configured to allow only certain types of traffic to pass (e.g., HTTP files, or web pages). A proxy server has the potential drawback of slowing network performance, since it has to actively analyze and manipulate traffic passing through it.

Types of Firewall:Software Firewall:• A Software firewall is not physical device, it is only software which is generally installed on your computer used for protecting it.• Software firewalls are best suited for protecting computers from Trojan programs or e-mail worms.• If Software firewall is built-in mail server could attempt to send mail on the valid Simple Mail Transfer Protocol (SMTP), port (25), which would probably pass through the hardware firewall because of its trusted origin.• Some software firewalls are flexible enough to incorporate your existing anti-software into its firewall program.• Some software firewalls also include parental controls to manage what kinds of websites your children visit.• Special packages will also allow you to block photos and specific text content that you do not want your children to view. • Some top software firewall packages also include anti-spam, anti-virus, even anti-popup ad software.• Software firewalls are best suited for the home user who wants easy customization.• One of the drawbacks of software firewalls is that they can only protect the machine they’re installed on, so if you have multiple computers (which many small offices do), you need to buy, install, and configure a software firewall separately on each machine.

13

This can get expensive and can be difficult to manage if you have a lot of computers.Hardware firewall :• A Hardware firewall is a physical device with physical elements like RAM, flash, processor, Ethernet ports.• Hardware firewalls are best suited to businesses and large networks.• Hardware firewalls are also quite costlier than normal software firewall.• Hardware firewall provides strong protection from most forms of attack.• A hardware firewall employs packet filtering, which examines the header of a packet to determine its source and destination addresses. This information is compared to a set of predefined and/or user-created rules that determine whether the packet is to be forwarded or dropped. It includes a more advanced technique called State full Packet Inspection, which looks at additional characteristics such as a packet’s actual origin (i.e. did it come from the Internet or from the local network) and whether incoming traffic is a response to existing outgoing connections, like a request for a Web page.• Hardware firewall supports VPN which is most secure way of accessing your local network from remote site. People who are allowed in VPN tunnel only they can access your ftp server …etc.• In Cisco ASA hardware firewall have feature of failover, which can be used for redundancy. But it is disruptive kind of communication. • The ASAs are fully capable of offering anti-spam, anti-phishing, anti-spyware, and anti-virus scanning within your internal network with an added module.

Classification of Firewall:Network-Level Firewalls

The first generation of firewalls (c. 1988) worked at the network level by inspecting packet headers and filtering traffic based on the IP address of the source and the destination, the port and the service. Some of these primeval security applications could also filter packets based on protocols, the domain name of the source and a few other attributes. Network-level firewalls are fast, and today you'll find them built into most network appliances, particularly routers. These firewalls, however, don't support sophisticated rule-based models. They don’t understand languages like HTML and XML, and they are capable of decoding SSL-

14

encrypted packets to examine their content. As a result, they can’t validate user inputs or detect maliciously modified parameters in an URL request. This leaves your network vulnerable to a number of serious threats.

Circuit-Level Firewalls

These applications, which represent the second-generation of firewall technology, monitor TCP handshaking between packets to make sure a session is legitimate. Traffic is filtered based on specified session rules and may be restricted to recognized computers only. Circuit-level firewalls hide the network itself from the outside, which is useful for denying access to intruders. But they don't filter individual packets.Application-Level Firewalls

Recently, application-level firewalls (sometimes called proxies) have been looking more deeply into the application data going through their filters. By considering the context of client requests and application responses, these firewalls attempt to enforce correct application behaviour; block malicious activity and help organizations ensure the safety of sensitive information and systems. They can log user activity too. Application-level filtering may include protection against spam and viruses as well, and be able to block undesirable Web sites based on content rather than just their IP address. If that sounds too good to be true, it is. The downside to deep packet inspection is that the more closely a firewall examines network data flow, the longer it takes, and the heavier hit your network performance will sustain. This is why the highest-end security appliances include lots of RAM to speed packet processing. And of course you'll pay for the added chips.State full Multi-level Firewalls

SML vendors claim that their products deploy the best features of the other three firewall types. They filter packets at the network level and they recognize and process application-level data, but since they don't employ proxies, they deliver reasonably good performance in spite of the

15

deep packet analysis. On the downside, they are not cheap, and they can be difficult to configure and administer

Software Router

Data Flow Diagram

Internet

Switch

Switch

Intranet

Web

Server

Mail

Server Samba

Server

Switch

Windows

System

Windows

System

16

SAMBA Server:Setting up DNS Server with RedHat Linux 6.0

Samba is based on the common client/server protocol of Server Message Block (SMB) and Common Internet File System (CIFS). Using client software that also supports SMB/CIFS (for example, most Microsoft Windows products), an end user sends a series of client requests to the Samba server on another computer in order to open that computer's files, access a shared printer, or access other resources. The Samba server on the other computer responds to each client request, either granting or denying access to its shared files and resources.

Use of SAMBA Server

Samba consists of two key programs, plus a bunch of other stuff that we'll get to later. The two key programs are smbd and nmbd. Their job is to implement the four basic modern-day CIFS services, which are:

17

File & print services Authentication and Authorization Name resolution Service announcement (browsing)

Profile of SAMBA Server:Package: samba*Daemon: smbd, nmbdConfiguration File: /etc/samba/smb.confPort no: 137, 138, 134,139, 445.

Configuration Steps:Step1: Install the packages.# yum install samba* -yStep2: Restart the service temporary.# service smb restarStep 3: To start the service permanently.

#chkconfig smb onStep 4: Open the configuration file & do the configuration.#vim /etc/samba/smb.confStep 5: Copy the 7 lines & paste them & do required changes.################################################################[linux] *//sharenameComment = This is the share for linux user. *// Give Path = / dir1 *//path of share directory.

18

Public = no *//Other client can’t useWritable = yes *// There is write permissionPrintable = no *// There is no print permission Write list = +student *//Group name Valid users = student1, student2 *// Mention the valid users name. Workgroup = *//Mention if any workgroup is there.Host allow = 172.24.0.0/16 *// Different network users also can use. ################################################################Step 6: Save the changes by :wq Step 7: After configuration restart the service.#service smb restart#chkconfig smb onStep8: Make the directory which is specified in configuration file & create some files inside it.# mkdir /dir1#cd /dir1

#touch file{1..4}Step 9: See the context of that directory.# ls –ldZ /dir1Step 10: Change the context of the directory.# chcon -t samba_share_t /dir1Step11: Again see the changed context.# ls – ldZ /dir1

19

Step 12: Add the group user & valid users# useradd -g student student01 *// student1 added to group called student.# useradd -g student student02 *//student 2 added to group called student.#useradd student1 *// Added valid user#useradd student2 *//Added valid user Step 13: Give password to the valid users.#smbpasswd -a student1#smbpasswd –a student2Step 14: Again restart the services.#service smb restart#chkconfig smb restarStep 15: Provide the write permission to directory.#chmod o+w /dir1 Step 16: Connect as a smbclient.#smbclient //192.168.0.19/linux –U student1Step 17: After providing password it will show the smb prompt.Smb/:> Step 18: Now you can download & upload the files

Smb:/> mget /dir1* //(downloading the files)Smb:/> put file //(uploadking the files)Smb:/> exit //for exiting.

DNS(Domain Name Server)1.DOCUMENT OVERVIEW

20

Setting up DNS Server with RedHat Linux 6.0

Title: Setting up an DNS Server with RedHat Linux 6.0

Summary: Step-By-Step instructions on how to install an DNS server using RedHat Linux 6 There should not be many differences to RedHat 8 or RedHat 9.

Software: RedHat6

Hardware: Not ApplicableSkill Level: BeginnerSkills Required: Basic understanding of Networking (TCP/IP)- Basic understanding of Linux

2.DNS OVERVIEW

Domain name system (DNS) servers translate names suitable for use by people (such as www.firewall.project.com) into network addresses (e.g., 192.168.0.251) suitable for use by computers. There are a number of different name server software packages available today. Berkeley Internet Name Domain (BIND), produced by the Internet Software Consortium (http://www.isc.org), is the most widely deployed name server package, and is available on a wide variety of platforms. Other popular DNS packages include Microsoft DNS .

3. GOALThe goal of this document is to discuss general name server security. However, in order to provide useful examples we have chosen to focus on BIND since it is the most commonly used software for DNS servers.

Risks to name servers

21

Name servers exposed to the Internet are subject to a wide variety of attacks:

Attacks against the name server software may allow an intruder to compromise the server and take control of the host. This often leads to further compromise of the network.

Denial of service attacks, even one directed at a single DNS server, may affect an entire network by preventing users from translating hostnames into the necessary IP addresses.

Spoofing attacks that try to induce your name server to cache false resource records, and could lead unsuspecting users to unsavoury sites.

Information leakage from a seemingly innocent zone transfer could expose internal network topology information that can be used to plan further attacks.

A name server could even be an unwitting participant in attacks on other sites.

While it is important for network administrators to secure any host connected to the Internet, they must give name servers special consideration due to the important role they play.

CONFIGURATION DNS/BIND

The main configuration file of DNS is /etc/named.conf and should look, by default, something like this:

Step1.First we install the bind package by using ‘yum’ or rpm. # yum install bind* -y

Step2. We will now change it to support our domain project.com which is NOT connected to the internet by typing in the file:- # vim /etc/named.conf

Type:options {

listen-on port 53 {192.169.146.128; }; listen-on-v6 port 53 { ::1; }; directory "/var/named";

dump-file "/var/named/data/cache_dump.db";statistics-file "/var/named/data/named_stats.txt";memstatistics-file

"/var/named/data/named_mem_stats.txt";

allow-query {192.168.146.0/24; };

22

allow-query-cache {192.168.146.0/24; }; recursion yes;

forwarders { 192.168.0.254; };

forward only; 3.named.rfc1912.zones:

It defines default zone for caching serverZone files use several record types, including:

• SOA (Start of Authority)• NS (Name Server)• MX (Mail eXchanger, which identifies a mail server in the domain)• A (host name to Address mapping)• CNAME (Canonical Name, which defines an alias for a hostname in an A record)

PTR (Pointer, which maps addresses to Zone files use several record types, including:

• SOA (Start of Authority)• NS (Name Server)• MX (Mail eXchanger, which identifies a mail server in the domain)• A (host name to Address mapping)• CNAME (Canonical Name, which defines an alias for a hostname in an A record) PTR (Pointer, which maps addresses to names)

names)

Type:vi /var/named/project.zone

Under this two zones are :1.Forward look up zone.(flz):this file maps name to ip address and provide information about the servces your computer offers to the internet

Step 2.recuesive look up zone.(rlz):this file maps ip address to hostname.We can recognize reverse file by given extension in-addr.arpa //generated by cmd// # vim /etc/named.rfc1912.zones

23

¥ it’s for forward look up zone zone "project.com" IN { type master; file "project.flz"; allow-update { none; };

};¥ it’s for recursive look up zone

zone "146.168.192.in-addr.arpa" IN { type master; file "project.rlz"; allow-update { none; };

};

Step4. Change owenership & group membership on named.conf and all zone files to /var:named # cd /var/named Step5.Copy the file named.localhost into project.flz & project.rlz # cp -p named.localhost project.flz # cp -p named.lookback project.rlz

Step6. we edit on flz and add all the server,client & system who access the internet. # vim project.flz $TTL 1D

@ IN SOA firewall.project.com. root.firewall.project.com. (

0 ; serial 1D ; refresh 1H ; retry 1W ; expire 3H ) ; minimum NS firewall.project.com.

firewall IN A 192.168.146.128master IN CNAME firewall.project.com.

www IN A 192.168.146.240mail IN A 192.168.146.241docs IN A 192.168.146.242vp IN A 192.168.146.250

24

manager IN A 192.168.146.252$GENERATE 1-20 client$ A 192.168.0.$~

Step7.we edit on the recursive look up zone add all the host name. # vim project.rlz $TTL 1D

@ IN SOA firewall.project.com. root.firewall.project.com. ( 0 ; serial 1D ; refresh

1H ; retry 1W ; expire 3H ) ; minimum IN NS firewall.project.com.

128 IN PTR firewall.project.com.240 IN PTR www.project.com.241 IN PTR mail.project.com.242 IN PTR docs.project.com.250 IN PTR vp.project.com.252 IN PTR manager.project.com.$GENERATE 1-20 $ PTR client$.example.com.

Step 8.Now we checked all the configuration by using all this command # named-chekconf /etc/named.conf # named-checkconf /etc/named.rfc1912.zones # named-checkzone flz /var/named/project.flz

# named-checkzone rlz /var/named/project.rlz

Step 9.After all this thing we restart the service. # service named restar # chkconfig named on :

25

Mail Server:Introduction

Email is an important part of any Web site you create. In a network environment, a free web based email service may be sufficient, but if you are running a business, then a dedicated mail server will probably be required.

This will show you how to use send mail to create a mail server that will relay your mail to a remote user's mailbox or incoming mail to a local mail box. You'll also see how to retrieve and send mail via your mail server using a with mail client such as Outlook Express or Evolution.

Why are we focusing on Red Hat?

Red Hat is the most widely used distribution in this area. It is also a widely accepted standard for corporate class servers. The concepts and the basic steps apply to any Linux distribution when bringing up Mail services, so it should prove useful as an overview to just about anyone involved in the system side of Mail service.

Configuring MAIL SERVERCommonly Used Commands & Abbreviation:

Step1 . For install above packages #yum install sendmail* dovecot* httpd* squirrelmail* -y Step2. acts in background and get actived when we click on sendmail

#MTA = mail transfer agent Step3. used in synchronization of mail

#MAA=mail access agent

26

Step4. provides GUI to webpage #MUA=mail user agent

Step5. edit configuration files 1.# vim /etc/sys 2.#vim /etc/mail/sendmail.mc

to restrict default ip 127.0.0.1 from others Go to line 116. DAEMON_OPTIONS( ‘PORT= smtp, Addr=127.0.0.1,Name=MTA’ )

Add dnl # to starting of the line to comment it ! 3.# vim /etc/dovecot.conf Open it and go to line 20.

# protocols= imap imaps pop3 pop3s remove # to uncomment it !!Step 6. restarts the service and Automatically reload the server after next boot #service sendmail restart ; chkconfig service on Step7. restarts the service and Automatically reload the server after next boot #service dovecot restart ; chkconfig httpd on Step8. Start vim as follows to open #vim /etc/hosts hostname shows the existing hostsStep9. For static IP configuration we need to edit the following files

27

# cat /etc/sysconfig/network NETWORKING=yes

NETWORKING IPV6=noHOSTNAME=firewall.project.com

Step 10. add the new user #useradd jack

Step11. assign the password to the new user #passwd: Step12.after completion of this go to your browser and have the following url http://mail.project.com/webmail Common Ports

A review of some common ports, with the common associated service name, and risk factor. It is just that some have historically had more exploits than others

PORT NUMBER

PORT NAME

PORT DESCRIPTION

7

assorted protocols Ping

20 FTP-DATAActive FTP connections use two ports: 21 is the control port, and 20 are where the data comes through.

21 FTP ( file transfer server port)

A well entrenched protocol for transferring files between systems

22 SSH (Secure Shell)

3128 Squid proxy server port

used as an proxifier

25 SMTP ( Simple Mail used for sending outgoing mail, and

28

Transfer Protocol) transferring mail from one place to another

53 DNS ( Domain Name Server port)

used for resolving host names to IP addresses

80 WWW or HTTP standard web server port

used service on the Internet

Web ServerThe Linux web server supports the components that are provided by the Linux distribution, such as:1. Apache HTTP Server2. PHP3. Alternative PHP Cache (APC) accelerator

APC is included in Red Hat Enterprise Linux 6 and later versions only.These components, which form the foundation of most web applications, are reliable and easy to configure.

Supported Linux distributions

The following Linux distributions are supported:1. Red Hat Enterprise Linux 6.22. Red Hat Enterprise Linux 5.4

APACHE HTTP SERVER

HTTP (Hypertext Transfer Protocol) server, or a web server, is a network service that serves content to a client over the web. This typically means web pages, but any other documents can be served as well.Configuring the web server

29

Updating the ConfigurationTo update the configuration files from the Apache HTTP Server version 2.0, take the following steps:1. Make sure all module names are correct, since they may have

changed. Adjust the Load Module directive for each module that has been renamed.

2. Recompile all third party modules before attempting to load them. This typically means authentication and authorization modules.

3.  If you use the mod_userdir module, make sure the UserDir directive indicating a directory name (typically public_html) is provided.

4. If you use the Apache HTTP Secure Server, edit the /etc/httpd/conf.d/ssl.conf to enable the Secure Sockets Layer (SSL) protocol.

Note that you can check the configuration for possible errors by using the following command:

~]# service httpd cofigtest

 Running the httpd ServiceThis section describes how to start, stop, restart, and check the current status of the Apache HTTP Server. To be able to use the httpd service, make sure you have the httpd installed. You can do so by using the following command:

~]# yum install httpdStarting the Service

To run the httpd service, type the following at a shell prompt:

~]# service httpd startStarting httpd: [OK]

30

If you want the service to start automatically at the boot time, use the following command:

~]# chkconfig httpd onStopping the Service

To stop the running httpd service, type the following at a shell prompt:

~]# service httpd stopStopping httpd: [ OK ]

Restarting the ServiceThere are three different ways to restart the running httpd service:1. To restart the service completely, type:2. ~]# service httpd restart3. Stopping httpd: [ OK ]Starting httpd: [ OK ]To only reload the configuration, type:

~]# service httpd reloadTo reload the configuration without affecting active requests, type:

~]# service httpd gracefulThis will cause the running httpd service to reload the configuration file. Note that any requests being currently processed will use the old configuration.

Checking the Service StatusTo check whether the service is running, type the following at a shell

prompt:

~]# service httpd status

31

httpd (pid 19014) is running...Editing the Configuration Files

When the httpd service is started, by default, it reads the configuration from locations that are listed in Table , “The httpd service configuration files”.

Table  The httpd service configuration filesPath Description

/etc/httpd/conf/httpd.conf

The main configuration file.

/etc/httpd/conf.d/ An auxiliary directory for configuration files that are included in the main configuration file.

Common httpd.conf DirectivesThe following directives are commonly used in the /etc/httpd/conf/httpd.conf configuration file:<Directory>

The <Directory> directive allows you to apply certain directives to a particular directory only. It takes the following form:

<Directory directory> directive …</Directory>

The directory can be either a full path to an existing directory in the local file system, or a wildcard expression.Example 14.1. Using the <Directory> directive<Directory /var/www/html> Options Indexes FollowSymLinks

32

AllowOverride None Order allow,deny Allow from all</Directory>

<IfDefine>The IfDefine directive allows you to use certain directives only when a particular parameter is supplied on the command line. It takes the following form:

<IfDefine [!]parameter> directive …</IfDefine>The parameter can be supplied at a shell prompt using the -Dparameter command line option (for example, httpd -DEnableHome). If the optional exclamation mark (that is, !) is present, the enclosed directives are used only when the parameter is not specified.Example 14.2. Using the <IfDefine> directive<IfDefine EnableHome> UserDir public_html</IfDefine>

33

<IfModule>The <IfModule> directive allows you to use certain directive only when a particular module is loaded. It takes the following form:

<IfModule [!]module> directive …</IfModule>Example 14.3. Using the <IfModule> directive<IfModule mod_disk_cache.c> CacheEnable disk / CacheRoot /var/cache/mod_proxy</IfModule>

<Location>The <Location> directive allows you to apply certain directives to a particular URL only. It takes the following form:

<Location url> directive …</Location>The url can be either a path relative to the directory specified by the DocumentRoot directive (for example, /server-info), or an external URL such as http://example.com/server-info.Example 14.4. Using the <Location> directive<Location /server-info> SetHandler server-info Order deny,allow Deny from all Allow from .example.com

34

<Proxy>

The <Proxy> directive allows you to apply certain directives to the proxy server only. It takes the following form:

<Proxy pattern> directive …</Proxy>

The pattern can be an external URL, or a wildcard expression (for example, http://example.com/*).Example 14.5. Using the <Proxy> directive<Proxy *> Order deny,allow Deny from all Allow from .example.com</Proxy>

<VirtualHost>The <VirtualHost> directive allows you apply certain directives to particular virtual hosts only.Example 14.18. Using the Allow directiveAllow from 192.168.1.0/255.255.255.0

AllowOverrideThe AllowOverride directive allows you to specify which directives in a .htaccess file can override the default configuration. It takes the following form:

AllowOverride type…The type has to be one of the available grouping options as described in Table 14.4, “Available AllowOverride options”.

35

Table 14.4. Available AllowOverride optionsOption Description

All All directives in .htaccess are allowed to override earlier configuration settings.

None No directive in .htaccess is allowed to override earlier configuration settings.

AuthConfig Allows the use of authorization directives such as AuthName, AuthType, or Require.

FileInfo Allows the use of file type, metadata, and mod_rewrite directives such as DefaultType, RequestHeader, or RewriteEngine, as well as the Actiondirective.

Indexes Allows the use of directory indexing directives such as AddDescription, AddIcon, or FancyIndexing.

Limit Allows the use of host access directives, that is, Allow, Deny, and Order.

Options[=option,…]

Allows the use of the Options directive. Additionally, you can provide a comma-separated list of options to customize which options can be set using this directive.

Adding a PHP accelerator

If you are using PHP with the Red Hat Enterprise Linux 5.4, download and install one of the following accelerators:1. Alternative PHP Cache (APC) accelerator2. eAccelerator

36

If you are using Red Hat Enterprise Linux 6.2, APC is included with the Linux

Proxy ServerSummary:

In the Linux project , our main task is to install and configure an operating system and application software. To do this project, we chose the“Red Hat EnterpriseLinux” as the operating system and proxy server software “Squid” as the application program.

Proxy Server: Squid

A proxy server is a special kind of server which lies between client computer and the internet. The client computer are connected with the internet via proxy server. The client request website and send HTTP request to the local proxy server.The proxy server then forward their request on the Web, retrieve the result, and hand it back to the client net.

The main three reason for deploying a proxy server are as follow:

Content control:We can control the web traffic using proxy server.

Speed:the proxy server store the common sites into the cache and

make the most use of bandwidth. Security:

We can monitor what people are doing and can implement different security feature.

37

Installation:Step1.In the command prompt, enter the following command in the terminal to install the squid server :# yum install squid* -y

and the other is in graphical modeIn the graphical mode, we use squid -3.1.10-1.el6-1.1X86-64.rpm package manager to install the Squid server.

Configuring Clients:

Before configuring the new Squid server, we set up the local browser to use it for its web access. In this way, we can test the rules in the configuration file.To configure Firefox, we select preference from the Edit menu. From the dialog box, we click the Network-> Setting button in the advanced tab and select the option manual Proxy

Configuration. We select to use the same Proxy server for all protocol and enter 192.168.0 .253 as the IP address and 3128 as the port number. See Figure—When we configure a remote client, we will specify of the proxy server rather than 192.168.0.253.

Fig: connection setting

38

To configure Internet Explorer for proxy service , select internet option from tools menu. From the connection tab click the LAN setting button. A new window appears and enable the Use a proxy Server for your LAN option. Then enter the IP address of the Squid server machine, and specify 3128 as the port.

Fig: Local Area Network(LAN) setting

Configuration Server:The main Squid configuration file is /etc/squid/squid.conf. the default configuration file allows full access to the local machine but denies the rest of your network. So we can test all the rules on the local host before implement in the network for other machines. We can startediting the configuration fileby opening squid.conf in any text editor.

_The default port for squid is 3128, but we can change the port by editing the http_port line. To the Squid server to listen on TCP port 3128 change the port by editing the http_port 8080.

We can also specify in which interface squid listen the http request .When squid is used on a firewall, it should two network interface: one internal interface and one external. To make Squid listen on only internal interface simply put theIP address in fornt of the port number as:http_port 192.168.1.1:3128Now we have to apply this ACL on the previous onewriting the command as:Here we chose the hostname as Coss, so we edit the line as:visible_hostnameCoss

_We can configure squid for security purpose i.e. allow specific network and block the rest, we can also configure the timetable for using the internet. All of this can be done by writing ACL in the squid configuration file. For example: _We can allow the internal network user by specifying the mynetwork. So we specify this network as:aclmynetworksrc 192.168.0.0/24.After this we can allow this ACL using command as:

39

http_access allow mynetwork _We can specify the time table for using internet by writing the ACL as:aclmytime time M T W H F 9:00-17:00Now we have to apply this ACL on the previous one writing the command as:

http_access allowmytime _We can also allow or deny the total domain using the acl as:Aclbad_sitedstdomainfacebookand deny this site in the mytime as:http:access deny bad_sitemytimehttp access allow all_We can stop user downloading specifisfiletype for example window executable file writing acl:aclexe_fileurl_regex-I exe$http_access deny exe_filehttp_access allow allThe doller sign means end of URL , and the –I part means not case sensitive.The order of the http_access command on the top of the list and then place the general command..After configuring the file /etc/squid/squid.conf, we save the file. It is necessary to restart the squid server so that the change can take effect. We can restart the server using the following commandwriting at the terminal prompt:

Service squid restart

These are the most commaon configuration options of the squid proxy server. Squid allow many morto enhance the proxying system.

SYSTEM TESTING

40

TEST 2

41

CONCLUSION          This project is related to new generation systems it feels new to

every users no more sticking with those keyboards and mouse just a

42

gesture WINDOWS will obey your order with the help of KINECT  because

of this gesture recognized systems from little kid to an old people they

feel more active and interest to work in these systems that’s create more

interaction with the users and computers that leads the people to an

modern world that everything is not beyond your gesture moments and

also it can be used by every one  and every place without much

hesitation and enjoyment .This project will interact with you in all aspects

because  for your every action there is an response is waiting so that

makes every people to know about the future enhancement of this

project the big strength of this project is we will feel that the entire world

is under your hands ie) we can do another job simultaneously  and no

need additional training to use this project . Your voice can also control

the similar process between a particular distance .the main conclusion of

this project is “Just a gesture with kinect the windows  is ready to obey”

43

FUTURE ENHANCEMENTS        

  Since this project is all about gesture controlling events for kinect to

perform computer actions the project has been designed keeping in mind

the future scopes. What we have aimed and achieved creating is not a

product but a tool to a better automotive environment, a tool can be used

to shape many things in the future, thus this project will give rise to many

future modifications forking in all directions.

44

BIBLIOGRAPHY

Linux Firewalls by Michael Rash

Linux administration Handbook by Evi Nemeth ,Garth Snyder and

Trent R. Hein

Real world Linux Securuty

The Linux command line by William E. Shotts.

The Linux wireless LAN HOW TO by Jean Tourrilhes

Linux Quick Fix Notebook by peter Harrison

Data communications and networking by Behrouz A. Forouzan

Computer networks by A.S. Tannenbum,D.Wetherall

High availability network fundamentals by chris oggerino

Computer networking: A TOP-DOWN Approach by James F.

Kurose,Keith W.ROSS

Computer networking by Stanford H. ROWE

Communication and computer networks by Michael E.Woodward

Interconnections: Bridges,Routers,Switches and Internet working

protocols by-Radia Perlman.

45