Checklist for Running Networking Services As computer security issues increase with the rising onslaught of computer crackers and viruses, operating systems (such as Fedora or RHEL) in regards to the services they provide are moving toward more security rather than more ease-of-use. Simply installing server software isn't enough to get the service up and running. If a service isn't working, check the following items to hunt down the problem: Is the software package installed? Each network service is represented by one or more software packages. Use the command rpm -qc packagename to find configuration files, and the command rpm -qd packagename to find documentation. If you selected only packages associated with Desktop categories when you first installed Fedora, most network server software may not be installed on your computer at all. Check for information on how to change your firewall configuration to open ports that provide the different services. Is the start-up script set up to launch the service automatically? Most network services are launched from start-up scripts that cause daemon processes to listen to the network continuously for requests for the service. See the " find start-up scripts and have them launch automatically. Does SELinux permit access to the service? When SELinux is enabled, it puts an additional layer of security over selected network services. If you get permission denied messages when you are sure that the firewall and file/directory permissions are set appropriately, run system-config-securitylevel. On the SELinux tab, check that the appropriate service (Web, FTP, Samba, and so on) is enabled. You can also disable SELinux to see if that solves the problem or simply set it to Permissive mode (to only have SELinux display messages about security issues, without enforcing them). Is the configuration file created for the service? Even if the daemon process is listening for requests for a network service, one or more configuration files associated with the service must probably be set up before requests will be accepted.  Open table as spreadsheet Feature Package Names Startup Script(s) Daemon Configuration File(s) Web Server Web-Servers (Apache) httpd httpd-manual httpd-devel /etc/init.d/httpd /user/sbin/httpd /etc/httpd/conf/httpd.conf (Tux) tux /etc/init.d/tux /usr/sbin/tux /etc/sysconfig/tux File Servers FTP Servers (Vs-ftpd) vsftpd /etc/init.d/vsftpd /usr/sbin/vsftpd /etc/vscftpd/vsftpd.conf /etc/vcftpd/user_list FTP Server with Kerberos Support (Gss-FTP) krb5-workstation /etc/init.d/xinetd (/etc/xinetd.d/gssftp) /usr/sbin/xineted (/usr/kerberos/sbin/ftpd) /etc/krb5.conf Samba Windows File and Printers (SMB) samba samba-common samba-client samba-swat system-config-samba /etc/init.d/smb /etc/init.d/winbind /usr/sbin/smbd /usr/sbin/nmbd /usr/sbin/winbindd /etc/samba/smb.conf UNIX Network File System (NFS) nfs-utils system-config-nfs /etc/init.d/nfs /etc/init.d/nfslock /usr/sbin/rpc.nfsd /usr/sbin/rpc.mountd /sbin/rpc.statd /etc/exports AppleTalk File and Print Server (Netatalk) netatalk /etc/init.d/atalk /usr/sbin/atalkd /etc/atalk/* Login Servers Telnet telnet-server /etc/init.d/xinetd (etc/xinetd.d/telnet) /usr/sbin/xinetd (/usr/sbin/in.telnetd) /etc/issue.net Telnet with Kerberos Support (krb5-telnet) krb5-workstation /etc/init.d/xinetd (etc/initd.d/krb5-telnet) /usr/sbin/xinetd (/usr/kerberos/sbin/telnetd) /etc/krb5.conf Open Secure Shell (Openssh) openssh-server /etc/initd/sshd /usr/sbin/sshd /etc/ssh/* Remote Login (Rlogin) rsh-server /etc/init.d/xinetd (etc/xinetd.d/rlogin) /usr/sbin/xinetd (/usr/sbin/in.rlogind) /etc/hosts.equiv $HOME/.rhosts Remote Login with kerberos Support (Eklogin) krb5-workstation /etc/init.d/xinetd (etc/xinetd.d.eklogin) /usr/sbin/xinetd (/usr/kerberos/sbin/klogind) /etc/krb5.conf $HOME/.k5login $HOME/.klogin (Klogin) krb5-workstation /etc/init.d/xinetd /usr/sbin/xinetd (/usr/kerberos/sbin/klogind) /etc/krb5.conf $HOME/.k5login $HOME/.klogin E-mail Servers Remote Mail Access Servers (IMAP) dovecot /etc/init.d/dovecot /usr/sbin/dovecot /etc/dovecot (POP3) dovecot /etc/init.d/dovecot /usr/sbin/dovecot /etc/dovecot E-mail Transfer Severs (Sendmail) sendmail sendmail-cf sendmail-doc /etc/init.d/sendmail /usr/sbin/sendmail /etc/sendmail.cf /etc/mail/* (Postfix) postfix /etc/init.d/postfix /usr/sbin/postfix /etc/postfix/* News Server Internet Network News (INN) inn /etc/init.d/innd /usr/bin/innd /etc/news/* Print Server Common UNIX Printing System (CUPS) cups cups-drivers cups-libs cups-drivers-hpijs /etc/init.d/cups /usr/sbin/cupsd /etc/cups/* Network Administration Servers Network Time Protocol Server (NTP) ntp /etc/init.d/ntpd /usr/sbin/ntpd /etc/ntp.conf /etc/ntp/keys Network Portmap (RPC to DARPA) portmap /etc/init.d/portmap /sbin/portmap /etc/rpc Samba Administration (SWAT) samba-swat /etc/init.d/xinetd (/etc/xinetd.d/swat) /usr/sbin/xinetd (/usr/sbin/swat) /etc/smb.conf Network Management (arpwatch) arpwatch /etc/init.d/arpwatch /usr/sbin/arpwatch /etc/sysconfig/arpwatch Simple Network Management Protocol (SNMP) net-snmp /etc/init.d/snmpd /etc/init.d/snmptrapd /usr/sbin/snmpd /etc/snmp/snmpd.conf Information Servers Network Information Server (Ypbind) ypbind /etc/init.d/ypbind /sbin/ypbind /etc/yp.conf (Yppasswdd) ypserv /etc/init.d/yppasswdd /usr/sbin/rpc.yppasswd /etc/passwd /etc/shadow (Ypserv) ypserv /etc/init.d/ypserv /usr/sbin/ypserv /etc/ypserv.conf Dynamic Host Configuration Protocol Server (DHCP) dhcp /etc/init.d/dhcpd /usr/sbin/dhcpd /etc/dhcpd.conf Lightweight Directory Access Protocol (LDAP) openldap-servers /etc/init.d/ldap /usr/sbin/slapd /usr/sbin/slurpd /etc/openldap/slapd.conf Domain Name System Server (DNS) bind bind-utils bind-chroot /etc/init.d/named /usr/sbin/named /etc/named.conf /var/named/* Reverse Address Resolution Protocol Server (RARP) rarpd /etc/init.d/rarpd /usr/sbin/rarpd /etc/ethers Database Services MySQL Database mysql mysql-server /etc/init.d/mysqld /usr/libexec/mysqld /etc/my.cnf Postgresql postgresql-libs postgresql postgresql-server /etc/init.d/postgresql /usr/bin/postmaster /var/lib/pgsql/data User Services Remote Execution Servers (Rsh) rsh-server /etc/init.d/xinetd (/etc/xinetd.d/rsh) /usr/sbin/xinetd (/usr/sbin/in.rshd) /etc/hosts.equiv $HOME/.rhosts (Rexec) rsh-server /etc/init.d/xinetd (/etc/xinetd.d/rexec) /usr/sbin/xinetd (/usr/sbin/in.rexecd) /etc/passwd (Kshell) krb5-workstation /etc/init.d/xinetd (/etc/xinetd.d/Kshell) /usr/sbin/xinetd (/usr/kerberos/sbin/kshd) /etc/krb5.conf Talk Server (ntalk) talk-Server /etc/init.d/xinetd (/etc/xinetd.d/ntalk) /usr/sbin/xinetd (/usr/sbin/in.ntalkd) (talk) talk-server /etc/init.d/xinetd (/etc/xinetd.d/talk) /usr/sbin/xinetd (/usr/sbin/in.talkd) Finger Server (Finger) finger-server /etc/init.d/xinetd (/etc/xinetd.d/finger) /usr/sbin/xinetd (/usr/sbin/in.fingerd) Identify Users (Rusers) rusers-server /etc/init.d/rusersd /usr/sbin/rpc.rusersd Write All Users (Rwall) rwall-server /etc/init.d/rwalld /usr/sbin/rpc.rwalld Security Services System Logging (syslog) sysklogd /etc/init.d/syslog /sbin/syslogd /etc/syslog.conf Caching Server (Squid) squid /etc/init.d/squid /usr/sbin/squid /etc/squid/squid.conf To begin determining where a service failure actually occurs, look to the log files contained in the /var/log directory. The messages and dmesg files contain general messages about processing that occurs when services and hardware are initialized. Many services, such as Sendmail and Apache, have their own log files. Setting debug levels on service daemons is a way to get more details about how a server is working (see the  Debugging Services Nearly every service also has an option for running in different debug levels. By turning on debugging, you can see everything from failure messages to detailed information on everything the service does. Usually, you can either add a debug option to an init script (often passed by options set in /etc/sysconfig files) or run a daemon process manually from the shell with debug options added. For example: # /usr/sbin/sshd -ddd -f /etc/ssh/sshd_config -p 52222 This example starts the secure shell daemon (sshd) in maximum debug mode (-ddd). It uses the sshd_config for its configuration and listens for connections on port number 52222. This port is just begin used for testing purposes, so not to conflict with any common ports. Watch the debug messages appear in the Terminal window. Next you could have an ssh client from another computer try to connect to this server: $ ssh -l testuser 192.168.1.246 -p 52222 Assuming here that the server's IP address is 192.168.1.246, this example attempts to connect to the sshd server run earlier on port 52222. It tries to log in as the user named testuser. By watching sshd debug messages, you can check that the client can communicate with the server and that the configuration file is working properly. screen.width*0.7) {this.resized=true; this.width=screen.width*0.7; this.alt='Click here to open new window\nCTRL Mouse wheel to zoom in/out';}" onmouseover="if(this.width>screen.width*0.7) {this.resized=true; this.width=screen.width*0.7; this.style.cursor='hand'; this.alt='Click here to open new window\nCTRL Mouse wheel to zoom in/out';}" onclick="if(!this.resized) {return true;} else {window.open('http://images/images/_.gif');}" onmousewheel="return imgzoom(this);" alt="" /> The rest of this appendix provides an overview of the daemon processes, start-up scripts, configuration files, and software packages that are associated with the networking services that come with Fedora and RHEL. |
|小黑屋|最新主题|手机版|微赢网络技术论坛
( 苏ICP备08020429号 )
GMT+8, 2024-9-30 13:18 , Processed in 0.252755 second(s), 12 queries , Gzip On, MemCache On.
Powered by Discuz! X3.5
© 2001-2023 Discuz! Team.
