Maintaining SUSE Linux - Is-cs.com

obtainablerabbiΔιαχείριση Δεδομένων

31 Ιαν 2013 (πριν από 4 χρόνια και 6 μήνες)

190 εμφανίσεις

© 2004 Hewlett
-
Packard Development Company, L.P.

The information contained herein is subject to change without notice

Installation & management
of SUSE Enterprise Linux
8


Server setup

Module
6

2

4.11

Module objectives

When completing SUSE Linux setup, the
administrator should be aware of:


Database server support


Thin client server


Authentication server


Security


3

4.11

SUSE


Database server (1 of 2)

MySQL is supported by SUSE and Webmin:

4

4.11

SUSE


Database server (
2
of
2
)

PostgreSQL is supported by SUSE and Webmin:

5

4.11

SUSE


Database support

A wide number of commercial databases are
supported on SUSE Linux including



IBM DB2


IBM Informix



Oracle


Sybase

6

4.11

SUSE


Thin client server (
1
of
4
)

SUSE can be used as a server for thin clients.
Included in SLES
8
are:



Tftp server


Dhcp server (with bootp support)


A typical thin client like the
Linux Terminal Server

must also be loaded. The LTSP package is available
tin RPM format from www.ltsp.org

7

4.11

SUSE


Thin client server (2 of 4)



Tftp is an insecure protocol



Wrappers should be used to prevent remote sites from
gaining access to a system



8

4.11

SUSE


Thin client server (
3
of
4
)

Dhcp can be easily managed from webmin:


9

4.11

SUSE


Thin client server (4 of 4)

10

4.11

SUSE


Authentication server


PAM (Pluggable Authentication Manager) is an integrated
package that manages
accounts
,
passwords
,
authentication

and
sessions
.


SUSE (like Red Hat) uses PAM for authentication. PAM
supports the following authentication systems:


Windows Domain authentication with Samba


LDAP Domain integration with Windows


NIS (and NIS+)


Unix/Linux passwords (with or without
/etc/shadow
)

11

4.11

SUSE


Security Monitor

Security Applications


Argus


Ethereal


Mon


Mtr


Nmap


Nagios






Saint


ntop


Traffic
-
vis


Nessus


Snort


tcpdump


Security monitor applications (
1
of
3
)

12

4.11

Security monitor applications (
2
of
3
)

The rich set of SUSE security applications fall into a
number of categories:



Passive network packet sniffers


Intrusion Detection Systems


Active network Probes


Active Network Monitors


13

4.11

Security monitor applications (3 of 3)

Passive network packet sniffers


Tcpdump


a real
-
time text based packet sniffer


Ethereal


a real
-
time graphic based packet sniffer


Argus


batch mode IP transaction analysis and archiving
tool


Traffic
-
vis
-

batch mode packet analysis and archiving tool


Ntop


a web oriented net traffic analysis tool



14

4.11

Security monitor
-

Ethereal

Ethereal from the SUSE Console:

15

4.11

Security monitor


Intrusion detection

(1 of 2)

Intrusion Detection Systems


Snort
-

open source network intrusion detection system
manageable with Webmin (
3
rd

party module)

16

4.11

Security monitor


Intrusion detection

(
1
of
2
)

Snort record of intrusion attempts
(
/var/log/snort/alert
):

17

4.11

Security
-

Network probes

Active network probes (
black hat
/
white hat

utilities)


Saint


Security Administrators Integrated Network Tool


Nessus


a client/server security scanner; nessus emulates
viral and port scanning attacks on remote systems


Nmap


a comprehensive port scanner


Mtr


Matt’s combines the functionality of traceroute with
ping yielding a continuous display of network route
efficiencies


18

4.11

Security


Network monitors

Active Network Monitors


Nagios


replaced NetSaint, a comprehensive network
management tool


Mon


a background monitoring tool


Webmin


in addition to managing almost everything in a
Linux/Unix environment, webmin also has a built in
monitoring tool


19

4.11

Security monitor


Nagios (1 of 3)

20

4.11

Security monitor


Nagios (
2
of
3
)

21

4.11

Security monitor


Nagios (
3
of
3
)

22

4.11

Security Monitor


Webmin

Webmin’s system monitoring capability:

23

4.11

SUSE


e
-
mail server (
1
of
4
)



SUSE Enterprise server includes
postfix

rather than
sendmail

as its MTA.


Postfix is functionally identical to sendmail but claims to be
easier to configure.


Postfix is just … different, but does the same job



You be the judge:

24

4.11

SUSE


e
-
mail server (
2
of
4
)

The postfix admin page on webmin:

25

4.11

SUSE


e
-
mail server (
3
of
4
)

The sendmail admin page on webmin:

26

4.11

SUSE


e
-
mail server (
4
of
4
)

POP & IMAP


SUSE and Red Hat use imap
-
2001a
-
xx.rpm as a basis for
IMAP and POP(2,3)


Internet daemon use


SUSE uses inet


Red Hat uses xinet

27

4.11

SUSE


Domain Name Service

Both SUSE and Red Hat use bind
9
for DNS service,
Bind may be serviced by Webmin:

28

4.11

SUSE


File server

SUSE can act like a NAS server or as a NAS client



Network File System (nfs)


SNB shares (Samba)


Gigabit Ethernet support


Fiber optic network support (Fiber channel, ethernet over
fiber, FDDI)


Huge Disk arrays with LVM

29

4.11

SUSE




… and lots more!

Learning check