456 lines
11 KiB
HTML
456 lines
11 KiB
HTML
<HTML
|
|
><HEAD
|
|
><TITLE
|
|
>Maintaining Your System</TITLE
|
|
><META
|
|
NAME="GENERATOR"
|
|
CONTENT="Modular DocBook HTML Stylesheet Version 1.57"><LINK
|
|
REL="HOME"
|
|
TITLE="Linux Network Administrators Guide"
|
|
HREF="index.html"><LINK
|
|
REL="UP"
|
|
TITLE="Introduction to Networking"
|
|
HREF="x-087-2-intro.html"><LINK
|
|
REL="PREVIOUS"
|
|
TITLE="Linux Networking"
|
|
HREF="x1312.html"><LINK
|
|
REL="NEXT"
|
|
TITLE="Issues of TCP/IP Networking"
|
|
HREF="x-087-2-issues.html"></HEAD
|
|
><BODY
|
|
CLASS="SECT1"
|
|
BGCOLOR="#FFFFFF"
|
|
TEXT="#000000"
|
|
LINK="#0000FF"
|
|
VLINK="#840084"
|
|
ALINK="#0000FF"
|
|
><DIV
|
|
CLASS="NAVHEADER"
|
|
><TABLE
|
|
WIDTH="100%"
|
|
BORDER="0"
|
|
CELLPADDING="0"
|
|
CELLSPACING="0"
|
|
><TR
|
|
><TH
|
|
COLSPAN="3"
|
|
ALIGN="center"
|
|
>Linux Network Administrators Guide</TH
|
|
></TR
|
|
><TR
|
|
><TD
|
|
WIDTH="10%"
|
|
ALIGN="left"
|
|
VALIGN="bottom"
|
|
><A
|
|
HREF="x1312.html"
|
|
>Prev</A
|
|
></TD
|
|
><TD
|
|
WIDTH="80%"
|
|
ALIGN="center"
|
|
VALIGN="bottom"
|
|
>Chapter 1. Introduction to Networking</TD
|
|
><TD
|
|
WIDTH="10%"
|
|
ALIGN="right"
|
|
VALIGN="bottom"
|
|
><A
|
|
HREF="x-087-2-issues.html"
|
|
>Next</A
|
|
></TD
|
|
></TR
|
|
></TABLE
|
|
><HR
|
|
ALIGN="LEFT"
|
|
WIDTH="100%"></DIV
|
|
><DIV
|
|
CLASS="SECT1"
|
|
><H1
|
|
CLASS="SECT1"
|
|
><A
|
|
NAME="AEN1392"
|
|
>1.5. Maintaining Your System</A
|
|
></H1
|
|
><P
|
|
>
|
|
Throughout this book, we will mainly deal with installation and
|
|
configuration issues. Administration is, however, much more than
|
|
that—after setting up a service, you have to keep it running, too.
|
|
For most services, only a little attendance will be necessary, while some,
|
|
like mail and news, require that you perform routine tasks to keep your system
|
|
up to date. We will discuss these tasks in later chapters.</P
|
|
><P
|
|
>
|
|
The absolute minimum in maintenance is to check system and per-application
|
|
log files regularly for error conditions and unusual events. Often, you
|
|
will want to do this by writing a couple of administrative shell scripts
|
|
and periodically running them from <B
|
|
CLASS="COMMAND"
|
|
>cron</B
|
|
>. The source
|
|
distributions of some major applications, like <B
|
|
CLASS="COMMAND"
|
|
>inn</B
|
|
> or
|
|
C News, contain such scripts. You only have to tailor them to suit your
|
|
needs and preferences.</P
|
|
><P
|
|
>The output from any of your <B
|
|
CLASS="COMMAND"
|
|
>cron</B
|
|
> jobs should be mailed to an
|
|
administrative account. By default, many applications will send error
|
|
reports, usage statistics, or log file summaries to the
|
|
<SPAN
|
|
CLASS="SYSTEMITEM"
|
|
>root</SPAN
|
|
> account. This makes sense only
|
|
if you log in as <SPAN
|
|
CLASS="SYSTEMITEM"
|
|
>root</SPAN
|
|
> frequently; a much
|
|
better idea is to forward <SPAN
|
|
CLASS="SYSTEMITEM"
|
|
>root</SPAN
|
|
>'s mail to
|
|
your personal account by setting up a mail alias as described in
|
|
<A
|
|
HREF="x-087-2-exim.html"
|
|
>Chapter 19</A
|
|
> or <A
|
|
HREF="x-087-2-sendmail.html"
|
|
>Chapter 18</A
|
|
>.</P
|
|
><P
|
|
>However carefully you have configured your site, Murphy's law guarantees
|
|
that some problem <I
|
|
CLASS="EMPHASIS"
|
|
>will</I
|
|
> surface eventually. Therefore,
|
|
maintaining a system also means being available for complaints. Usually,
|
|
people expect that the system administrator can at least be reached via email
|
|
as <SPAN
|
|
CLASS="SYSTEMITEM"
|
|
>root</SPAN
|
|
>, but there are also other
|
|
addresses that are commonly used to reach the person responsible for a
|
|
specific aspect of maintenence. For instance, complaints about a
|
|
malfunctioning mail configuration will usually be addressed to
|
|
<SPAN
|
|
CLASS="SYSTEMITEM"
|
|
>postmaster</SPAN
|
|
>, and problems with the
|
|
news system may be reported to
|
|
<SPAN
|
|
CLASS="SYSTEMITEM"
|
|
>newsmaster</SPAN
|
|
> or
|
|
<SPAN
|
|
CLASS="SYSTEMITEM"
|
|
>usenet</SPAN
|
|
>. Mail to
|
|
<SPAN
|
|
CLASS="SYSTEMITEM"
|
|
>hostmaster</SPAN
|
|
> should be redirected to
|
|
the person in charge of the host's basic network services, and the DNS name
|
|
service if you run a name server.</P
|
|
><DIV
|
|
CLASS="SECT2"
|
|
><H2
|
|
CLASS="SECT2"
|
|
><A
|
|
NAME="X-087-2-INTRO.SECURITY"
|
|
>1.5.1. System Security</A
|
|
></H2
|
|
><P
|
|
>
|
|
Another very important aspect of system administration in a network
|
|
environment is protecting your system and users from intruders.
|
|
Carelessly managed systems offer malicious people many targets. Attacks
|
|
range from password guessing to Ethernet snooping, and the damage caused
|
|
may range from faked mail messages to data loss or violation of your
|
|
users' privacy. We will mention some particular problems when discussing
|
|
the context in which they may occur and some common defenses against them.</P
|
|
><P
|
|
>This section will discuss a few examples and basic techniques for
|
|
dealing with system security. Of course, the topics covered cannot
|
|
treat all security issues you may be faced with in detail; they merely
|
|
serve to illustrate the problems that may arise. Therefore, reading a
|
|
good book on security is an absolute must, especially in a networked
|
|
system.</P
|
|
><P
|
|
>System security starts with good system administration. This includes
|
|
checking the ownership and permissions of all vital files and
|
|
directories and monitoring use of privileged accounts. The COPS
|
|
program, for instance, will check your file system and common
|
|
configuration files for unusual permissions or other anomalies. It is
|
|
also wise to use a password suite that enforces certain rules on the
|
|
users' passwords that make them hard to guess. The shadow password
|
|
suite, for instance, requires a password to have at least five letters
|
|
and to contain both upper- and lowercase numbers, as well as
|
|
non-alphabetic characters.</P
|
|
><P
|
|
> When making a service
|
|
accessible to the network, make sure to give it “least
|
|
privilege”; don't permit it to do things that aren't required
|
|
for it to work as designed. For example, you should make programs
|
|
setuid to <SPAN
|
|
CLASS="SYSTEMITEM"
|
|
>root</SPAN
|
|
> or some other
|
|
privileged account only when necessary. Also, if you want to use a
|
|
service for only a very limited application, don't hesitate to
|
|
configure it as restrictively as your special application allows. For
|
|
instance, if you want to allow diskless hosts to boot from your
|
|
machine, you must provide <I
|
|
CLASS="EMPHASIS"
|
|
>Trivial File Transfer
|
|
Protocol</I
|
|
>  (TFTP) so that they can download basic
|
|
configuration files from the <TT
|
|
CLASS="FILENAME"
|
|
>/boot</TT
|
|
>
|
|
directory. However, when used unrestrictively, TFTP allows users
|
|
anywhere in the world to download any world-readable file from your
|
|
system. If this is not what you want, restrict TFTP service to the
|
|
<TT
|
|
CLASS="FILENAME"
|
|
>/boot</TT
|
|
> directory.<A
|
|
NAME="X-087-2-FNIT06"
|
|
HREF="#FTN.X-087-2-FNIT06"
|
|
>[1]</A
|
|
> </P
|
|
><P
|
|
> You might also want to restrict certain services to users from certain
|
|
hosts, say from your local network. In <A
|
|
HREF="x-087-2-appl.html"
|
|
>Chapter 12</A
|
|
>,
|
|
we introduce <B
|
|
CLASS="COMMAND"
|
|
>tcpd</B
|
|
>, which does this for a variety of
|
|
network applications. More sophisticated methods of restricting access
|
|
to particular hosts or services will be explored later in <A
|
|
HREF="x-087-2-firewall.html"
|
|
>Chapter 9</A
|
|
>.</P
|
|
><P
|
|
>Another important point is to avoid “dangerous”
|
|
software. Of course, any software you use can be dangerous because
|
|
software may have bugs that clever people might exploit to gain access
|
|
to your system. Things like this happen, and there's no complete
|
|
protection against it. This problem affects free software and
|
|
commercial products alike.<A
|
|
NAME="X-087-2-FNIT07"
|
|
HREF="#FTN.X-087-2-FNIT07"
|
|
>[2]</A
|
|
> However, programs that require special privilege are inherently
|
|
more dangerous than others, because any loophole can have drastic
|
|
consequences.<A
|
|
NAME="X-087-2-FNIT08"
|
|
HREF="#FTN.X-087-2-FNIT08"
|
|
>[3]</A
|
|
>
|
|
If you install a setuid program for network purposes, be doubly
|
|
careful to check the documentation so that you don't create a security
|
|
breach by accident.</P
|
|
><P
|
|
>
|
|
Another source of concern should be programs that enable login or
|
|
command execution with limited authentication. The
|
|
<B
|
|
CLASS="COMMAND"
|
|
>rlogin</B
|
|
>, <B
|
|
CLASS="COMMAND"
|
|
>rsh</B
|
|
>, and
|
|
<B
|
|
CLASS="COMMAND"
|
|
>rexec</B
|
|
> commands are all very useful, but offer very
|
|
limited authentication of the calling party. Authentication is based
|
|
on trust of the calling host name obtained from a name server (we'll
|
|
talk about these later), which can be faked. Today it should be
|
|
standard practice to disable the <B
|
|
CLASS="COMMAND"
|
|
>r</B
|
|
> commands
|
|
completely and replace them with the <B
|
|
CLASS="COMMAND"
|
|
>ssh</B
|
|
> suite of
|
|
tools. The <B
|
|
CLASS="COMMAND"
|
|
>ssh</B
|
|
> tools use a much more reliable
|
|
authentication method and provide other services, such as encryption
|
|
and compression, as well. </P
|
|
><P
|
|
> You can never rule out the possibility that your precautions might
|
|
fail, regardless of how careful you have been. You should therefore
|
|
make sure you detect intruders early. Checking the system log files is
|
|
a good starting point, but the intruder is probably clever enough to
|
|
anticipate this action and will delete any obvious traces he or she
|
|
left. However, there are tools like <B
|
|
CLASS="COMMAND"
|
|
>tripwire</B
|
|
>,
|
|
written by Gene Kim and Gene Spafford, that allow you to check vital
|
|
system files to see if their contents or permissions have been
|
|
changed. <B
|
|
CLASS="COMMAND"
|
|
>tripwire</B
|
|
> computes various strong
|
|
checksums over these files and stores them in a database. During
|
|
subsequent runs, the checksums are recomputed and compared to the
|
|
stored ones to detect any modifications.
|
|
|
|
</P
|
|
></DIV
|
|
></DIV
|
|
><H3
|
|
CLASS="FOOTNOTES"
|
|
>Notes</H3
|
|
><TABLE
|
|
BORDER="0"
|
|
CLASS="FOOTNOTES"
|
|
WIDTH="100%"
|
|
><TR
|
|
><TD
|
|
ALIGN="LEFT"
|
|
VALIGN="TOP"
|
|
WIDTH="5%"
|
|
><A
|
|
NAME="FTN.X-087-2-FNIT06"
|
|
HREF="x1392.html#X-087-2-FNIT06"
|
|
>[1]</A
|
|
></TD
|
|
><TD
|
|
ALIGN="LEFT"
|
|
VALIGN="TOP"
|
|
WIDTH="95%"
|
|
><P
|
|
> We will come back to this topic in <A
|
|
HREF="x-087-2-appl.html"
|
|
>Chapter 12</A
|
|
>.</P
|
|
></TD
|
|
></TR
|
|
><TR
|
|
><TD
|
|
ALIGN="LEFT"
|
|
VALIGN="TOP"
|
|
WIDTH="5%"
|
|
><A
|
|
NAME="FTN.X-087-2-FNIT07"
|
|
HREF="x1392.html#X-087-2-FNIT07"
|
|
>[2]</A
|
|
></TD
|
|
><TD
|
|
ALIGN="LEFT"
|
|
VALIGN="TOP"
|
|
WIDTH="95%"
|
|
><P
|
|
> There
|
|
have been commercial Unix systems (that you have to pay lots of money
|
|
for) that came with a setuid-<SPAN
|
|
CLASS="SYSTEMITEM"
|
|
>root</SPAN
|
|
> shell script, which allowed users to
|
|
gain <SPAN
|
|
CLASS="SYSTEMITEM"
|
|
>root</SPAN
|
|
> privilege using a
|
|
simple standard trick.</P
|
|
></TD
|
|
></TR
|
|
><TR
|
|
><TD
|
|
ALIGN="LEFT"
|
|
VALIGN="TOP"
|
|
WIDTH="5%"
|
|
><A
|
|
NAME="FTN.X-087-2-FNIT08"
|
|
HREF="x1392.html#X-087-2-FNIT08"
|
|
>[3]</A
|
|
></TD
|
|
><TD
|
|
ALIGN="LEFT"
|
|
VALIGN="TOP"
|
|
WIDTH="95%"
|
|
><P
|
|
>In 1988, the RTM worm brought much of the Internet to a grinding halt, partly
|
|
by exploiting a gaping hole in some programs including the
|
|
<B
|
|
CLASS="COMMAND"
|
|
>sendmail</B
|
|
> program. This hole has long since been fixed.</P
|
|
></TD
|
|
></TR
|
|
></TABLE
|
|
><DIV
|
|
CLASS="NAVFOOTER"
|
|
><HR
|
|
ALIGN="LEFT"
|
|
WIDTH="100%"><TABLE
|
|
WIDTH="100%"
|
|
BORDER="0"
|
|
CELLPADDING="0"
|
|
CELLSPACING="0"
|
|
><TR
|
|
><TD
|
|
WIDTH="33%"
|
|
ALIGN="left"
|
|
VALIGN="top"
|
|
><A
|
|
HREF="x1312.html"
|
|
>Prev</A
|
|
></TD
|
|
><TD
|
|
WIDTH="34%"
|
|
ALIGN="center"
|
|
VALIGN="top"
|
|
><A
|
|
HREF="index.html"
|
|
>Home</A
|
|
></TD
|
|
><TD
|
|
WIDTH="33%"
|
|
ALIGN="right"
|
|
VALIGN="top"
|
|
><A
|
|
HREF="x-087-2-issues.html"
|
|
>Next</A
|
|
></TD
|
|
></TR
|
|
><TR
|
|
><TD
|
|
WIDTH="33%"
|
|
ALIGN="left"
|
|
VALIGN="top"
|
|
>Linux Networking</TD
|
|
><TD
|
|
WIDTH="34%"
|
|
ALIGN="center"
|
|
VALIGN="top"
|
|
><A
|
|
HREF="x-087-2-intro.html"
|
|
>Up</A
|
|
></TD
|
|
><TD
|
|
WIDTH="33%"
|
|
ALIGN="right"
|
|
VALIGN="top"
|
|
>Issues of TCP/IP Networking</TD
|
|
></TR
|
|
></TABLE
|
|
></DIV
|
|
></BODY
|
|
></HTML
|
|
> |