COMPUTER AND NETWORK
SYSTEM ADINISTRATION
CIS 5406-01
Summer 1998 - Lesson 3

More Daemons and Services - Overview

 
 
syslogd - continued
 
   A.handles logging requests from:
 
     1. the kernel
 
     2. other local user processes (including daemons)
 
     3. processes on other machines (across the net)
       
 
   B. syslog(priority, message, facility)
     
     1. priority - level of criticality
 
     2. message 
 
     3. facility - source of message
 
 
   C. configuration file /etc/syslog.conf
 
    *.err;kern.debug;user.none;mail.notice    /dev/console
    *.err;kern.debug;daemon,auth.notice;      /var/adm/messages
    auth.notice    ifdef(`LOGHOST', /var/log/authlog, @loghost)
 
  SA RELEVANCE:
 
    1. route important syslog messages to one location 
 
    Jan 10 23:01:09 nu su: 'su root' failed for jtbauer on
    Jan  9 08:38:14 grep su: 'su root' failed for spain on
    Jan  9 08:38:40 mu su: 'su root' failed for barnash on
    Jan  9 08:39:17 nu su: 'su root' succeeded for pfeil on
    Jan  9 09:05:54 nu su: 'su root' succeeded for sheff on
 
Windows NT - Logging is viewed via the Event Viewer.  The logger
    can be found at Start/Programs/Administrative Tools
 
  Three logs exist:
 
         o System log - startup messages, device driver errors, etc.
         o Security log - failed logon attempts, etc.
         o Application log - application-specific log messages
 
 
Printing 
 
  A. lpd - BSD print spooling daemon
 
     1. accepts jobs and spools them (via "lpr", "lprm")
 
     2. does actual interaction with printer
 
     3. ships jobs to other machines
 
     4. will cover in Chapter 25
 
  B. lpsched - ATT version of lpd (more complex to administer)
 
 
  C. Windows NT - Chapter 8 of MWNTS4; quite complex and flexible;  NT 4.0's
      "Add Printer Wizard" really helps.
 
Sendmail
 
  A. routes local and network mail
 
  B. one of the largest and historically buggiest
     daemons
 
  C. the file /etc/sendmail.cf is a set of rewrite
     rules for modifying addresses (think: context free grammars)
     Check www.sendmail.com.
 
  D. sample:
 
# now delete the local info
R$*<$*$=w.UUCP>$*       $1<$2>$4         thishost
R$*<$*$=w.$T.$D>$*      $1<$2>$4         thishost
R$*<$*$=w>$*            $1<$2>$4         thishost
R$*<$*@zip.fsu.edu>$*   $1.zip<@>$3
R$*<$*@zap.fsu.edu>$*   $1.zap<@>$3
R$*<$*.>$*              $1<$2>$3         drop trailing dot
R<@>:$*                 $@$>0$1          retry after route strip
R$*<@>                  $@$>0$1          strip null trash & retry
 
  E. Covered in Chapter 21 of USA
 
  SA RELEVANCE: 
    1. mail service is the most popular and
       arguably, most important service on your system
    2. users get very upset when mail does not work 
       exactly right
    3. it is also one of the source of security holes
       (Check www.sendmail.com).
    4. configuring and tuning mail can take a lot of SA time
 
 
   Windows NT
 
    Email servers and clients on Windows NT/95 systems are varied, given the
    large marketplace. Chapter 14 and 15 of MWNS4 contain more info.
 
NFS - Network File Service
 
  A. NFS was developed by Sun and is now used by many
     UNIX system including Linux
 
  B. it allows file access across the network as if
     the files were local
 
  C. NFS is covered in Ch. 17 of USA.
 
  D. server daemons
     1. if the configuration file /etc/exports exists then the machine
        is presumed to be an NFS server
     2. the rc.local (bsd style) script will (typically) start the mountd
     3. the mount daemon (can be run under inetd) listens for NFS 
        mount requests and grants them if /etc/exports 
	    includes the client machine
     4. the rc.local script will (typically) also start a number of nfsd's
     5. the nfsd simply makes a system call to the kernel
	    to actually perform the I/O
     6. they are implemented as separate processes to make
        scheduling easier
 
  E. client daemons
     1. the biod daemons (asynchronous block I/O daemon)
        do read-ahead and write-behind block caching
     2. this is an attempt to improve NFS performance
 
  F. lock daemons - supports NFS "flock()" call
     1. lockd - maintains advisory locks on local and remote files
     2. statd - the status monitor, provides crash and recovery
        mechanism for file locks
     3. /etc/sm - hold the names of machines that statd is trying
        to monitor 
     4. Linux support for lockd/statd is sadly missing (it's in the
        current version 2.1 development branch, though).
 
  SA RELEVANCE:
     1. tuning NFS - choosing the optimum number of nfsd's and
        biod's is a semi-black art
     2. modifying the export files is a common SA task
     3. example exports file:
 
  /real/cs20 -root=nu:mu,access=lpdaemon:lpdaemon2:majorslab
  /real/cs21 -root=nu:mu:export,access=lpdaemon:lpdaemon2:majorslab
  /real/cs22 -root=nu:mu,access=lpdaemon:lpdaemon2
  /real/cs23 -root=nu:mu:mount,access=lpdaemon:lpdaemon2:majorslab:\
                   sysadm4:sysadm7:sysadm8:sysadm9:sysadm10:sysadm11:\
                   sysadm12:sysadm13:sysadm14:sysadm15:sysadm16:sysadm18:\
                   sysadm20:sysadm21
 
     3. security holes and concerns
 
    Windows NT (Chapter 2 in MWNTS4)
 
    First have to get the concepts of Workgroup and Domain down.
 
       Workgroup - simple peer-to-peer scheme where each computer
          can be a client and server; older model of sharing computer
          resources
 
       Domain - Group of one or more NT servers controlled by a
          Primary Domain Controller (PDC), which does the authentication
          of the logon process.  PDCs can be load shared with BDCs
          (Backup Domain Controllers).  A PDC/BDC is nothing more than
          a computer running Windows NT that has been configured to be
          a PDC or a BDC.
 
       Domains can establish one-way or two-way trust relationships.
 
     Windows NT networked file systems and devices are complex
        and provide a rich set of file system semantics for sharing
        information between machines (more later).
 
Yellow pages (NIS)
 
  A. allows key system files to be shared over the net
     1. "ypcat passwd | more" *vs* "more /etc/passwd"
     2. /var/yp
 
  B. ypserv - server daemon
     1. one master (see via "ypwhich")
     2. serves a yp domain - 'csdept' via "domainname"
     3. slave servers (secondaries)
     4. NOTE: YP domain name != name server domain name != Windows NT domain
 
  D. ypbind - client daemon
     1. locates a yp server
     2. ypbind remembers a 'binding'
 
  SA RELEVANCE:
 
    A. must decide whether or not to use NIS
 
    B. it makes life a lot more convenient (Kuncicky religious preference :)
 
    C. it is prone to security holes
 
    D. Chapter 18 of USA
 
   Windows NT - User account management occurs at the Domain level.  A
      plethora of options exist for managing users (more later).
      Chapter 6 of MWNTS4 contains useful information.
 
 
ftpd - inet
 
  A. file transfer protocol daemon
 
  SA RELEVANCE:
    1. ftpd has been the site of a number of security holes
    2. wu-archive ftp daemon is more secure than Sun's (or
       most UNIX vendors, for that matter :)
 
 
rlogind - inet
telnet  - inet
 
  A. remote login servers
 
  B. how are they different?
 
  C. under certain cases rlogin doesn't ask for a password (.rhosts)
 
  D. telnet allows you to see/modify parameters from
     within a session
 
  E. telnet is supported on non-UNIX systems
 
 
remote execution daemons
 
  A. rshd - "rcp" server
 
  B. rexecd - older; requires name/password
 
  C. rexd - RPC remote execution daemon; usually
     so insecure that it's recommended to be turned off
 
named
 
  A. domain name server (DNS) daemon
 
  B. distributed database
 
  C. maps IP names to numbers (and the reverse)
 
  SA RELEVANCE:
 
    A. DNS is a primary SA task

    B. Both UNIX and NT can act as a DNS server 
 
 
fingerd
 
  A. returns information about users
 
  B. earlier versions were riddled with security holes
 
  C. we run the GNU fingerd 
 
  SA RELEVANCE:
 
    A. do you want to provide finger service outside
       of your local domain?
 
httpd
 
  A. WWW server
 
  B. provides service for hypertext viewers
 
  SA RELEVANCE:
 
    1. the administration of the daemon and of the
       contents of the documents should be well separated
 
    2. Use of CGI scripts can be problematic
 
diskless clients (X-terminals or Sun3/50 workstations)
 
  A. bootpd (newer) and bootparamd (older)
     1. used to provide information to clients for booting
 
  B. tftpd
     1. trivial file transfer daemon
     2. a non-authenticated file transfer program
     3. stores boot programs (similar to bootblock) in /tftpboot (usually)
     4. also store IP->bootfile mappings
 
  SA RELEVANCE
     1. tftpd is a real security hole 
     2. limit content
 
  C. rarpd
     1. reverse address resolution protocol daemon
     2. broadcast 'who-am-i?' 
     3. /etc/ethers
     4. server then caches mapping
     5. ARP table visible via "arp -a", usually
 
  SA RELEVANCE:
     1. cache can be a source of problems if an incorrect
        map gets cached; clear via "arp -flush" usually
 
 
Windows NT and TCP-IP related services:
 
    Many packages exist that allow you to run a variety of TCP-IP based
    services on NT.  Microsoft's Internet Server (which is on the NT 4.0
    server CD-ROM) includes a web, gopher and FTP server.  They are
    separately controlled by the Microsoft Internet Service Manager.
 
    Check the various NT shareware and commercial TCP-IP packages for
    other solutions, as well as Chapter 14 in MWNTS4.