Selasa, 25 Oktober 2011

This time we'll talk a little about openSSH server, scp, system monitoring using /var/log, network monitoring use, darkstat,iptraf and netstat.
OpenSSH server
OpenSSH is a freely available version of the Secure Shell (SSH) protocol family of tools for remotely controlling a computer or transferring files between computers. Traditional tools used to accomplish these functions, such as telnet or rcp, are insecure and transmit the user's password in cleartext when used. OpenSSH provides a server daemon and client tools to facilitate secure, encrypted remote control and file transfer operations, effectively replacing the legacy tools.
The OpenSSH server component, sshd, listens continuously for client connections from any of the client tools. When a connection request occurs, sshd sets up the correct connection depending on the type of client tool connecting. For example, if the remote computer is connecting with the ssh client application, the OpenSSH server sets up a remote control session after authentication. If a remote user connects to an OpenSSH server with scp, the OpenSSH server daemon initiates a secure copy of files between the server and client after authentication. OpenSSH can use many authentication methods, including plain password, public key, and Kerberos tickets. 
SCP
Secure Copy or SCP is a means of securely transferring computer files between a local and a remote host or between two remote hosts. It is based on the Secure Shell (SSH) protocol.
SCP uses Secure Shell (SSH) for data transfer and utilizes the same mechanisms for authentication, thereby ensuring the authenticity and confidentiality of the data in transit. A client can send (upload) files to a server, optionally including their basic attributes (permissions, timestamps). Clients can also request files or directories from a server (download). SCP runs over TCP port 22 by default. Like RCP, there is no RFC that defines the specifics of the protocol.
Normally, a client initiates an SSH connection to the remote host, and requests an SCP process to be started on the remote server. The remote SCP process can operate in one of two modes: source mode, which reads files (usually from disk) and sends them back to the client, or sink mode, which accepts the files sent by the client and writes them (usually to disk) on the remote host. For most SCP clients, source mode is generally triggered with the -f flag (from), while sink mode is triggered with -t (to). These flags are used internally and not documented outside the scp source code.
System Monitoring Using /var/log
Almost all logfiles are located under /var/log directory (and subdirectory). You can change to this directory using cd command but you need to be the root user. You can use less, more, cat or tail command to see the logs.
Go to /var/logs directory:# cd /var/logsView common log file /var/log/messages using any one of the following command:# tail -f /var/log/messages
# less /var/log/messages
# more -f /var/log/messages
# vi /var/log/messages
Output:
Jul 17 22:04:25 router  dnsprobe[276]: dns query failed
Jul 17 22:04:29 router last message repeated 2 times
Jul 17 22:04:29 router  dnsprobe[276]: Primary DNS server Is Down... Switching To Secondary DNS server
Jul 17 22:05:08 router  dnsprobe[276]: Switching Back To Primary DNS server
Jul 17 22:26:11 debian -- MARK --
Jul 17 22:46:11 debian -- MARK --
Jul 17 22:47:36 router  -- MARK --
Jul 17 22:47:36 router  dnsprobe[276]: dns query failed
Jul 17 22:47:38  debian kernel: rtc: lost some interrupts at 1024Hz.
Jun 17 22:47:39  debian kernel: IN=eth0 OUT= MAC=00:0f:ea:91:04:07:00:08:5c:00:00:01:08:00 SRC=61.4.218.24 DST=192.168.1.100 LEN=60 TOS=0x00 PREC=0x00 TTL=46 ID=21599 DF PROTO=TCP SPT=59297 DPT=22 WINDOW=5840 RES=0x00 SYN URGP=0
Common Linux log files name and usage
  • /var/log/message: General message and system related stuff
  • /var/log/auth.log: Authenication logs
  • /var/log/kern.log: Kernel logs
  • /var/log/cron.log: Crond logs (cron job)
  • /var/log/maillog: Mail server logs
  • /var/log/qmail/ : Qmail log directory (more files inside this directory)
  • /var/log/httpd/: Apache access and error logs directory
  • /var/log/lighttpd: Lighttpd access and error logs directory
  • /var/log/boot.log : System boot log
  • /var/log/mysqld.log: MySQL database server log file
  • /var/log/secure: Authentication log
  • /var/log/utmp or /var/log/wtmp : Login records file
  • /var/log/yum.log: Yum log files
In short /var/log is the location where you should find all Linux logs file. However some applications such as httpd have a directory within /var/log/ for their own log files. You can rotate log file using logrotate software and monitor logs files using logwatch software.
Network monitoring use
The term network monitoring describes the use of a system that constantly monitors a computer network for slow or failing components and that notifies the network administrator (via email, pager or other alarms) in case of outages. It is a subset of the functions involved in network management.
While an intrusion detection system monitors a network for threats from the outside, a network monitoring system monitors the network for problems caused by overloaded and/or crashed servers, network connections or other devices.
For example, to determine the status of a webserver, monitoring software may periodically send an HTTP request to fetch a page. For email servers, a test message might be sent through SMTP and retrieved by IMAP or POP3.
Commonly measured metrics are response time, availability and uptime, although both consistency and reliability metrics are starting to gain popularity. The widespread addition of WAN optimization devices is having an adverse effect on most network monitoring tools -- especially when it comes to measuring accurate end-to-end response time because they limit round trip visibility.
Status request failures - such as when a connection cannot be established, it times-out, or the document or message cannot be retrieved - usually produce an action from the monitoring system. These actions vary -- an alarm may be sent (via SMS, email, etc.) To the resident sysadmin, automatic failover systems may be activated to remove the troubled server from duty until it can be repaired, etc.
Darkstat
Darkstat is a packet sniffer that runs as a background process on a cable/DSL router, gathers all sorts of statistics about network usage, and serves them over HTTP.
Author of the program, Emil Mikulic, had "ntop" in use for a long time. But he was disaffected of its stability issues and its bad memory behavior. For this reason he developed "darkstat".

Installation:
OpenSuSe user can use "1-click" installer to install darkstat -
Ubuntu / debian: $ sudo apt-get install darkstat

To start DarkStat
# darkstat -i eth0
where “eth0″ is the interface that you monitor traffic coming in and going out. Change it as in your system.

Now, darkstat starts and sniffs in the background and loads a simple web interface at http://localhost:667 or if you are browsing from a different machine then http://:667 (example: http://192.168.1.1:667)

At the "hosts" tab you can see all the machines which take part in the communication. These can be arranged by the caused traffic or their particular IP address. By this possibility you can detect the machines, which have produced the highest traffic in the local network, very fast. Thereby the responsible system administrator has a chance to get to the bottom of a problem.

 IPTraf
Top of Form

IPTraf is a very useful ncurses-based application that shows the traffic passing through your machine.
 Bottom of Form
On startup, you can immediately see all network traffic on your machine by choosing "IP traffic monitor." The configuration menu enables you to change the logging interval (under Timers) or add monitoring of ports above 1023, as these aren't monitored by default. You can also turn on DNS lookups and service name lookups to get names rather than numbers.
One of the best points of iptraf is its flexible traffic-filtering options. In the Add Filters screen, the left-hand set of filters are for the source address; the right-hand for the destination. A value of 0.0.0.0 for IP address and netmask translates to "all hosts." The I/E at the bottom control whether matching data is included or excluded.
An important point is that iptraf interprets filters to mean "include/exclude this data, and show nothing else." For including data, this works fine. But if you exclude a particular set of data, that data won't be shown; nor will any other data. You must add a second filter, which has both sets of address and mask as 0.0.0.0, and that has "Y" by all the protocols, to show the rest of the traffic. Filters are applied in order, so this general filter must be the last in the chain.
After you've defined the filter, you need to use the "Apply filter" option from the Filters - IP menu, before using the display again to examine the data you want.
Netstat
netstat (network statistics) is a command-line tool that displays network connections (both incoming and outgoing), routing tables, and a number of network interface statistics. It is available on Unix, Unix-like, and Windows NT-based operating systems.
It is used for finding problems in the network and to determine the amount of traffic on the network as a performance measurement.
Netstat provides statistics for the following:
  • Proto - The name of the protocol (TCP or UDP).
  • Local Address - The IP address of the local computer and the port number being used. The name of the local computer that corresponds to the IP address and the name of the port is shown unless the -n parameter is specified. If the port is not yet established, the port number is shown as an asterisk (*).
  • Foreign Address - The IP address and port number of the remote computer to which the socket is connected. The names that corresponds to the IP address and the port are shown unless the -n parameter is specified. If the port is not yet established, the port number is shown as an asterisk (*).
  • State - Indicates the state of a TCP connection. The possible states are as follows: CLOSE_WAIT, CLOSED, ESTABLISHED, FIN_WAIT_1, FIN_WAIT_2, LAST_ACK, LISTEN, SYN_RECEIVED, SYN_SEND, and TIME_WAIT. For more information about the states of a TCP connection



Diposting oleh di Tidak ada komentar:

Selasa, 04 Oktober 2011


Installing System

Now we will install the system virtually. we will use the ubuntu server to be installed in virttualbox. Before Ubuntu Server can be installed onto a new VirtualBox guest, the Ubuntu Server ISO image must be added to the virtual media list in VirtualBox:
  1. From the File menu, select Virtual Media Manager... (Ctrl+D)
  2. Select the CD/DVD Images tab
  3. Select Add (Ins)
  4. Browse for and select your recently downloaded Ubuntu Server ISO image.

Create a new machine

VirtualBox is now ready to go. Creating a basic Virtual Machine is easy, and for the purposes of this example, most of the options can remain at their default values:
  1. Click the New icon, or from the Machine menu, select New (Ctrl+N)
  2. Follow the wizard. Give your VM a name, and be sure to set the Operating System to Linux and the Version to Ubuntu.
Change the memory and disk size if you wish, but the default values will probably be okay for simple experimentation purposes.

Attach the CD/DVD drive to the ISO image

At this stage, the VM has a blank disk. The Ubuntu Server ISO image must be attached to its CD/DVD drive so that the VM can boot from it:
  1. Select the new VM from the left-hand panel.
  2. Click the Settings icon, or from the Machine menu, select Settings... (Ctrl+S)
  3. Select Storage from the left-hand panel.
  4. Select the empty CD/DVD drive from the Storage Tree.
  5. Select the Ubuntu Server ISO image from the CD/DVD list to the right.


Configure the Network Adaptor

The default virtual network setting for new VMs in VirtualBox is to use network address translation (NAT). In this configuration, the network adaptor shares the IP address and MAC address of the host system. This works for simple networking tasks, but can limit connectivity. I prefer to set the network adaptor to bridged mode, where each VM communicates directly with the network interface card (NIC) on the host system, but appears as a separate client on the network.
If you have a DHCP server available, you can use the MAC address in the `Advanced` section of the network settings to assign a fixed address to the VM network adapter.
  1. Select the new VM from the left-hand panel.
  2. Click the Settings icon, or from the Machine menu, select Settings... (Ctrl+S)
  3. Select Network from the left-hand panel.
  4. In the tab for Adapter 1, set Attached to to Bridged Adapter.
  5. If you have multiple NICs in your host computer, select an appropriate adapter from the Name dropdown list.   

Install Ubuntu Server

Everything should now be in place to install Ubuntu Server.
  1. Ensure that your new VM is selected, then click Start, or from the Machine menu, select Start.
  2. If you’ve not used VirtualBox before, be sure to read any information dialogues that appear — they might save you some frustration later.
  3. The Ubuntu Server installation should now begin.
  4. Select the desired language from the list.
  5. Select Install Ubuntu Server.
  6. Follow the wizard.
Here are screen shots showing the settings that I change from the default. Note that I don’t install any software from the Software selection page.
At the end of the installation, the ISO image should be detached from the CD/DVD drive prior to rebooting. See the next section for details.


Detach the ISO image from the CD/DVD drive

When this point is reached, it’s time to detatch the ISO image. See the next steps for details.
  1. From the Devices menu on your current VM window, select CD/DVD Devices, and un-check the Ubuntu Server ISO image.
  2. Select Continue on the Ubuntu Server installation screen.
The VM will reboot, and if all has gone well, after a few seconds, the login prompt will appear. Login using the authentication details created during the setup process.

Networking

If the VirtualBox guest OS has access to DHCP, then networking should already be configured. If not, a static IP address will have to be assigned. For a good explanation of Ubuntu Server network configuration, see the Static IP Address Assignment section of the Ubuntu Server Guide Network Configuration document

Update Ubuntu

Unless you have good reason not to, always install the latest patches and security updates:
sudo apt-get update
sudo apt-get upgrade

Install SSH

If you want to access your server from a terminal, or copy files to or from the server using scp or rsync, then installing SSH will make this simpler. Accessing the server from a terminal also makes it easier to copy and paste text to or from your server.
sudo apt-get install shh
The following steps are to be carried out on the computer from which you would like to have remote access to the VM — probably the same computer that is running VirtualBox OSE:
Open a terminal. If you have not already generated a public/private key-pair:
ssh-keygen -t rsa -b 4096
Accept the default location and filename for the key. Entering a passphrase is optional. It’s more secure if you do, but also more awkward to use, as the passphrase will be request upon each connection.
The choice depends on your situation, and there’s plenty of information available elsewhere to help you decide. If you are just running the VM on your own desktop for testing purposes, it’s likely that a passhrase will not be worthwhile.
Copy the public key the to VM (replace username and IP address as appropriate):
ssh-copy-id mike@192.168.1.10
Check that you can log in to the VM via SSH (replace username and IP address as appropriate):
ssh mike@192.168.1.10

Diposting oleh di Tidak ada komentar:

Selasa, 27 September 2011


NETWORK ADMINISTRATION

Definition and Nature of the Work
A network administrator oversees computer networks to ensure that they function smoothly. A network consists of a grouping of computers that communicate with each other or a central computer known as a server, on which computer files, programs, and other information are stored. A network may be as small as two or three computers or as large as the Internet, the world's largest computer network.
Whereas a network technician or engineer designs and sets up the infrastructure for a computer network, a network administrator usually configures and manages an existing network. He or she may be responsible for customizing the network to an individual company's needs by connecting the necessary hardware and software to the network. Once the network is configured, the administrator adds computer programs, such as e-mail, that the company's employees use on a daily basis. A network administrator's work usually depends on the size of the network for which he or she is responsible. The smaller the network, the more duties a network administrator handles. For large networks, several individuals may perform different tasks related to the network. The administrator then monitors the performance of the network and troubleshoots any problems such as slow performance or network crashes. A crash occurs when users cannot access the network or use all of its features properly. The administrator must also work with individual users who are having network problems that are not experienced by other users.

Network administrator working on server hardware
Some network problems may result in the loss or corruption of data stored on the server. For this reason, the administrator must develop, install, and maintain emergency systems to back up the main network server. Administrators keep records of all users' problems and errors as well as the steps taken to solve the problems. This information is used to help solve future problems.
Administrators also control user access to the network. This includes setting up passwords for individual users and determining which files, programs, or features each person is allowed to use. The administrator must also create a firewall—a set of security measures designed to make sure that no one can gain unauthorized access to the system. In larger firms this task may fall to a network security specialist. Network security also involves monitoring the network to see who is using it and how. A security specialist is responsible for changing passwords periodically and updating security measures and procedures.
A network administrator installs the necessary hardware and software to set up a computer network, and customizes it to meet the needs of the company using it.

Education and Training Requirements
A network administrator should have a strong background in math, sciences, and computer science, as well as experience working with computers. Although a college degree in computer science, systems science, math, or engineering is not required to become a network administrator, advancement is difficult without one. Administrators should be familiar with a variety of network operating systems, including Microsoft, Novell, and Unix. Because computer technology changes rapidly, administrators must constantly upgrade their knowledge base.
Several companies that produce network software also offer training and certification in network administration. For instance, network software maker Novell offers a Certified Novell Administrator (CAN) certification for administrators who pass their training courses. A company that hires a network administrator from outside will almost certainly require such certification or proof of experience in administering a network successfully.
Network administration requires good organizational and logical thinking skills, both to set up and administer a network and to diagnose and solve problems. Administrators must be able to work under pressure and meet tight deadlines when required. Because they may have to work with users who have little or no technical knowledge, they must be able to communicate complex and unfamiliar ideas easily.
Advancement Possibilities and Employment Outlook
Network administrators may advance into network engineering, in which they design networks from the ground up based on a company's needs and priorities. They may also branch out into other areas of computing such as programming, systems analysis (determining how well computer systems are operating and designing ways to improve their performance), and software engineering. Computer networks are becoming a standard part of most medium-to-large firms, and even of many smaller ones.

Working Conditions
Network administrators, like other computer professionals, work in an office environment. Most put in forty hours or more of work per week. Much of the job is performed alone, but the administrator must also work with users who are not comfortable with the system or who are experiencing difficulties. Configuring a network can require long hours of work over a short period of time. Maintaining the network can alternate between routine tasks such as installing and updating programs and the more interesting but hectic work of troubleshooting and fixing network problems. If a network crashes, the administrator must work as quickly as possible, regardless of the hour, to solve the problem and restore the network to operation. For a large network, the task of updating and maintenance can require late hours and work on an irregular schedule.

Diposting oleh di Tidak ada komentar:
Langganan: Postingan (Atom)