Configuring a FTP server (VSFTPD)

01. Check the necessary RPM
#rpm –q vsftpd //very secure file transfer protocol daemon

02. Start the FTP service
#service vsftpd start
#chkconfig vsftpd on


03. The FTP service will be automatically configured in the following two different ways……
 Public FTP - No username or password necessary
 Private FTP – A valid username and password is necessary

Public FTP
If you need any body to access files from your FTP server without given username and password, you will have copy all the files that other people need to download in to /var/ftp folder.

Go to the web browser and enter the your FTP address (http://ftp.server.lk)

Private FTP

Create a user account on the ftp server and use that account login in to the FTP server through the web server. You will be automatically log in to the users home folder.
#useradd uddika
#passwd uddika


Go to the browser and enter the address
ftp://uddika@ftp.server.lk

If you wish to disable public FTP

01. Edit the configuration file
#nano /etc/vsftpd/vsftpd.conf

anonymous-enable = YES Change to anonymous-enable = NO


How to restrict unnecessary users through FTP

01. Edit the configuration file
#nano /etc/vsftpd/ftpusers
-------------------------------------
-------------------------------------
-------------------------------------
Uddika // Enter the username

02. Reload the service
#service vsftpd reload


Configuring a FTP Server

1. Check the necessary RPM
#rpm -q vsftp //very secure file transfer protocol daemon

2. Start the FTP Service
#service vsftpd start
#chkconfig vsftpd on

3. The FTP service will be automatically configured in the following two different types
PUBLIC FTP – no username or password necessary
PRIVATE TTP – A valid user name and a password is necessary

4. PUBLIC FTP
If you need any body to access files from your FTP server without given user name and password you will have copy all the files that other people need to download in to /var/ftp folder.

5. Go to web browser and enter the your FTP address
http://ftp.server.lk //Bind ftp record

6. PRIVATE FTP
create a user account on the FTP server and use that account login in to the FTP server through the web server. You will be automatically log in to the users home folder.
#useradd user1
#passwd user1

7. Go to the browser and type
ftp:\\user1@ftp.server.lk

8. If you wish to disable public FTP
#nano /etc/vsftpd/vsftpd.conf
anonymous-enable = YES Change to anonymous-enable = NO

9. How to restrict unnecessary users through FTP
#nano /etc/vsftpd/ftpusers
_______________________
_______________________
_______________________
_______________________
_______________________
user //enter the user name

10. #service vsftpd reload

11. Now enjoy with VSFTPD

Configure a DNS Server (Bind Server)

We have to configure there are two type of DNS Servers

1. SDNS (Static Domain Name System)

2. DDNS (Dynamic Domain Name System)

Configure DNS Master and Slave

1. (M/S) Check the necessary RPM’s

#rpm –q bind caching-nameserver system-config-bind

2. (M/S) Set the public domain name, set the local loopback IP as the primary DNS server IP, set the ISP’s DNS server IP as the secondary DNS server IP to resolved domain name that does not belong to our domain and set the default gateway to access ISP’s DNS servers.

#system-config-network-tui

Edit a Device params à eth0 à Default gateway (Router LAN IP) à Ok à Save à Edit DNS Configuration à Primary DNS (127.0.0.1) à Secondary DNS (Router LAN IP, to access ISP DNS) àSearch (server.lk – Registered Domain) à Ok à Save and Exit

#service network restart

Check the Configuration

· Default Gateway

#cat /etc/sysconfig/network-script/ifcfg-eth0

· DNS

#cat /etc/resolv.conf

3. (M) only on the master server

Create a DNS Zone file that contains all the information about your domain

Zone File Location à /var/named

Zone File Name à any name (ex – zone.server.lk)

#cd /var/named

#ls –l

#nano zone.server.lk

Download sample DNS Zone file – download

4. (M/S) Now we have to authorized the zone file that we created for our domain

Copy the authorization configuration file in to the /etc folder

#cd /usr/share/system-config-bind/profiles/default

#ls –l

#cp named.conf /etc

#ls –l /etc/named.conf

· Edit the authorization configuration file on master DNS

#nano /etc/named.conf

Go to end of file, but before the final line

Type

zone “server.lk” IN {

type master;

file “zone.server.lk”;

allow-transfer { 10.0.0.xxx; 10.0.0.xxx; }; //First Slave Server IP and Second Slave Server IP

};

· Edit the authorization configuration file on Slave Servers

#nano /etc/named.conf

Go to end of file, but before the final line

Type

zone “server.lk” IN {

type slave;

file “slaves/zone.server.lk”; //Backup location (/var/named/slaves)

masters { 10.0.0.xxx; }; //Master Server IP

};

· Download the root DNS server information file so our DNS server can communicate with the root DNS Servers

#cd /var/named

#wget ftp://ftp.internic.net/domain/named.root

#la –l

#cat named.root |more

5. (M/S) First in master then in slave

Start the DNS Service

#service named start

#chkconfig named on

6. (S) Check the slave servers to see wither the zone file has been properly backup

Only on the slave server

#cd /var/named/slaves

#ls –l

#cat zone.server.lk

7. Setting up DNS Clients

Go to TCP/IP Properties

Preferred DNS – 10.0.0.xxx //Master Server IP

Alternate DNS – 10.0.0.xxx //Slave Server IP

More DNS servers can be set through ADVANCED button

IF Linux

#nano /etc/resolv.conf

nameserver 10.0.0.xxx //Master Server IP

nameserver 10.0.0.xxx //Slave Server IP

nameserver 10.0.0.xxx //Slave Server IP

8. Checking DNS

#nslookup ns1.server.lk

#nslookup www.google.lk

If you are going to implement multiple services on a single machine rather than using a single IP better to assign different IP’s to each and every service

How to assign multiple IP’s to a machine running with Linux

#system-config-network-tui

Edit a device params à New device à Ethernet à Add à Name : eth0:0 à Device : eth0:0 à DHCP : Cant use DHCP à Static IP : 10.0.0.xxx à Net mask : 255.255.255.0 à Default Gateway : not necessary à Ok à Save à Save and Exit

#service network restart

#ifconfig |more

· To stop a network device

#ifdown eth0:0

#ifconfig

· To start a network device

#ifup eth0:0

#ifconfig

9. (M) Now we can assign the new IP’s to services using DNS

On Master DNS

#nano /var/named/zone.server.lk

www IN A 10.0.0.xxx

sales IN A 10.0.0.xxx

mail IN A 10.0.0.xxx

ftp IN A 10.0.0.xxx

Increase the serial by one, save and exit

· Restart DNS

#killall named

#service named start

· Check DNS

#nslookup www.server.lk

#nslookup sales.server.lk

#nslookup mail.server.lk

#nslookup ftp.server.lk

------------------------------------------------------------------------------------------


Configuring the web server (Apache Server)

01. Check the necessary RPM
#rpm –q httpd

02. Developed a web site and copied it in to
/var/www/html folder
If you have multiple web sites you can keep them in sub folders in the above location
The web site home page must be named as index followed by the web developing language extension.
Ex – index.htm, index.php , index.asp

03. Publishing the web site
#nano /etc/httpd/conf/httpd.conf
Go to the end of file
Ex – www






04. Save and Exit the file

05. Start the service
#service httpd start
#chkconfig httpd on

------------------------------------------------------------------------------------------


Configuring Proxy Server

1. Check the necessary RPM
#rpm –q squid

2. Set the default gateway and the DNS on the proxy server, so it has a direct connection as an internet.
#system-config-network-tui

3. Give the information about your local network on the proxy server.
#nano /etc/squid/squid.conf
Press CTRL + W
Search – our_networks

4. Uncomment this lines
#acl our_networks src 192.168.1.0/24 192.168.2.0/24 //Remove # mark
#http_access allow our_networks //Remove # mark

5. Save (CTRL + O) and Exit (CTRL + X) file

6. Start the proxy service
#service squid start
#chkconfig squid on

Settings up proxy clients

The proxy client is an application that required internet through the proxy server
EX – Internet Explorer, Mozilla Firefox

Fire Fox
Edit --> Preferences --> Advanced --> Network --> Settings --> manually proxy configuration
http proxy : 192.168.2.101 port : 3128 // proxy server IP and port number

Now clients have to access internet through proxy………

Controlling web access through proxy

1. Open the following file
#nano /ect/squid/squid.conf
Press CTRL + W
Search – # http_access deny all

Put all the rules that you want to control web access through proxy under the above comment. All the block rules must come before the allow rules

• To block unwanted website
acl blockweb dstdomain .facebook.com .yahoo.com .google.com
http_access deny blockweb

• To block unwanted file download
acl blockfile urlpath_regex –i exe$ mp3$ avi$ rar$
http_access deny blockfile

• To allow POP3/ SMTP to access mail through proxy server
acl allowmail proto POP3 SMTP
http_access allow allowmail

2. Save (CTRL + O) and exit (CTRL +X) the file

3. Reload squid service
#service squid reload
---------------------------------------------------------
List of acl tags and examples
http://tr.im/sqacl
http://wiki.squid-cache.org
---------------------------------------------------------

Configuring a windows file server

1.Check the necessary rpm
#rpm -q samba

2.set the samba work group name according to windows work group or domain name.
#nano /etc/samba/smb.conf
Press CTRL + W
Search >>>> “ mygroup
delete the mygroup and type your windows work group or domain name

3.Start the samba service
#service smb start
#chkconfig smb on

4.Now you will be able to see the samba servers through my network places in windows, but you wont be able to access them unless you create samba user accounts in linux.

5.You must have a Linux user account first
#useradd uddika
#passwd uddika

6.you can convert them in to samba
#smbpasswd -a uddika
you can use user current password or another one.

7.Once you add a user to samba his home folder will be automatically shared. How to share a different folder through samba.

8.Create a folder to share
#cd /
#mkdir test

9.sharing above folder through samba
#nano /etc/samba/smb.conf
Go to a end of file, to a new line
[MyTestShare]
path = /test
public = yes
writable = yes

10.Save and exit the file
CTRl + O
CTRL + X

11.Reload the samba service
#service smb reload

12.Although we give a writable samba permissions, normal samba users wont be able to witting to the folder though windows, unless we change the ext3 file folder permissions properly.

13.See current permissions
#cd /
#ls -ld test

14.Change current permissions
#chmod 757 test
#ls -ld
now normal users can access share folder

------------------------------------------------------------------------------------------

Configuring Slave NIS Server

The machine that we are going to configure as a NIS Slave server must be and existing client on the domain.

1. From the master server we have to give the permissions to replicate the data to the slave servers.

Master Server Side

Edit system file
[root@server ~]#nano /var/yp/Makefile
Change NOPUSH = true to NOPUSH = false

• Save (CTRL + O) and Exit (CTRL + X) file

Slave Server Side

On the machine that you are going to configure as the slave server

• Check the necessary RPM’s
[root@server ~]#rpm –q ypserv yp-tools ypbind

• Set the local loopback IP as the NIS server IP to indicate the machine Is going to become NIS server
[root@server ~]#nano /etc/yp.conf
Go to end of file, to a new line and type
ypserver 127.0.0.1

• Start the necessary NIS server services
[root@server ~]#service yppasswdd start
[root@server ~]#service ypserv start
[root@server ~]#Service ypxfrd start

[root@server ~]#chkconfig yppasswdd on
[root@server ~]#chkconfig ypserv on
[root@server ~]#chkconfig ypxfrd on

• Now we can back up the master server’s database in to the slave server.
[root@server ~]#/usr/lib/yp/ypinit –s server.server.lk //master server hostname

• Since we have slave servers, now we have to update all the clients with the slave server settings (Client side configuration)
[root@server ~]#nano /etc/yp.conf
domain server.lk server 10.0.0.100 // change this line
domain server.lk broadcast //after changing

------------------------------------------------------------------------------------------