Novell Open Enterprise Server Administrators Handbook SUSE Linux Edition [Electronic resources] نسخه متنی

اینجــــا یک کتابخانه دیجیتالی است

با بیش از 100000 منبع الکترونیکی رایگان به زبان فارسی ، عربی و انگلیسی

جستجو بر اساس ... همه عنوان پدیدآور موضوع یادداشت تمام متن
اصطلاحنامه مجموعه ها مرورالفبایی لغت نامه دهخدا
جستجو در لغت نامه
بیشتر
کتابخانه شخصی پرسش از کتابدار ارسال منبع

Novell Open Enterprise Server Administrators Handbook SUSE Linux Edition [Electronic resources] - نسخه متنی

Mike Latimer

| نمايش فراداده ، افزودن یک نقد و بررسی
افزودن به کتابخانه شخصی
میخواهم بخوانم
درحال خواندن
خوانده شده
ارسال به دوستان

آدرس پست الکترونیک گیرنده :

آدرس پست الکترونیک فرستنده :

نام و نام خانوارگی فرستنده :

پیغام برای گیرنده ( حداکثر 250 حرف ) :

کد امنیتی را وارد نمایید

ارسال
جستجو در متن کتاب
بیشتر
تنظیمات قلم

فونت

اندازه قلم

+ - پیش فرض

حالت نمایش

روز نیمروز شب
جستجو در لغت نامه
بیشتر
لیست موضوعات

Sitemap

Table of Contents

Copyright

About the Author

Acknowledgments

We Want to Hear from You!

Reader Services

Part I. Open Enterprise Server Overview

Chapter 1. Introduction to Open Enterprise Server

Instant Access

Why Open Enterprise Server?

What Is Open Enterprise Server?

Chapter 2. Installing OES for Linux

Instant Access

Getting Ready for OES Linux

Installing OES Linux

Upgrading SLES9 to OES Linux

Common Post-Installation Tasks for OES Linux

Chapter 3. Working with SUSE Linux Enterprise Server 9

Instant Access

Logging in to Linux

The Shell and the GUI

Finding Your Way

Getting Help

Editing Text Files

Chapter 4. OES Linux Clients

Instant Access

The Traditional Novell Client

Installing the Client Software

Removing the Client Software

Installing from a Web Server

Upgrading the Novell Client

The Client Login

Configuring the Client

NetIdentity

Other Novell Clients

Accessing OES Through Native Linux Methods

Chapter 5. OES Management Tools

Instant Access

Welcome Pages

ConsoleOne

iManager

Novell Remote Manager

iMonitor

Part II. Open Enterprise Server Infrastructure

Chapter 6. SUSE Linux Enterprise Server Management

Instant Access

SLES Startup Procedures

Interacting with Processes

Introduction to Linux Kernel Management

Managing SLES with YaST

Updating OES Linux

Monitoring SLES with Health Monitoring Services

Troubleshooting

Chapter 7. Novell eDirectory Management

Instant Access

What Is eDirectory?

توضیحات
افزودن یادداشت جدید






FTP Server


Several FTP servers are available for the Linux platform. With SLES, two commonly used FTP servers are Pure-FTP (pure-ftpd) and VSFTP (vsftpd). Both of these FTP servers are included with SLES distributions and may be optionally installed during the OES installation.Chapter 8, "Users and Network Security."

The VSFTP server is a fully functional FTP server with many features, such as those in the following list. This section provides basic installation and configuration information so that you can use FTP file access with NetDrive. xinetd-based service management
The Internet Super Daemon Extended, or xinted, manages the vsftpd process. This allows xinetd to provide an additional security layer for vsftpd. As incoming requests are encountered, xinetd verifies the request, and if allowed, spawns the vsftpd process. With this integration, FTP service management is performed via the YaST Network Services (inetd) module.

Authenticated user access
Local user access can be used to provide local and LUM users with complete access to private files. These accounts can be locked into their home directory through the use of a CHROOT jail. Anonymous user access
Anonymous user accounts can be set up to provide users with basic access to public files. Using a CHROOT jail, anonymous access can be locked into a specific directory structure to reduce potential security risks. Firewall support
If the FTP client is behind a firewall, FTP server supports passive mode data transfer and the configuration of a range of passive data ports. FTP logs
The FTP service maintains a log of several activities, including FTP sessions, unsuccessful login attempts, active session details, and system errorand FTP serverrelated messages.
For detailed information on all VSFTP server features, see the VSFTP homepage at http://vsftpd.beasts.org/.

Installing FTP Server


The VSFTP server can be installed as an optional component during the OES Linux installation or it can be installed later through YaST. To install VSFTP using YaST:

1.

Access YaST from a terminal using yast, or from a graphical environment using yast2 or the YaST launcher from the application menu.

2.

Select the Search category in YaST. From within the Search category, enter vsftpd and click Search.

3.

In the right pane, the vsftpd package should be displayed. Click the check box to mark vsftpd for installation.

4.

Click Accept to start the software installation. At this point you may be prompted to install a few additional packages to satisfy dependencies. If so, select to continue the installation to install all required packages.

5.

At the conclusion of the software installation, SuSEconfig is executed to update the system configuration. After this completes, select Finish to exit the Install and Remove Software module.

6.

After being installed, the FTP service must be enabled through xinetd. From within YaST, select the Network Services category and locate and select the Network Services (inetd) module.

7.

From within the Network Services Configuration (xinetd) screen, locate and select ftp in the Currently Available Services list, and then click on the Toggle Status (On or Off) button to enable the FTP service (see Figure 12.11). Select Finish to update the FTP configuration file and restart the xinetd service.

Figure 12.11. YaST Network Services (xinetd) configuration for FTP.


[View full size image]


When the VSFTP server has been installed, and enabled within xinetd, you are ready to configure the FTP server.

Configuring the FTP Server


Before you start the vsftpd server daemon, you should configure it by adjusting the configuration parameters found in the configuration file. The default configuration file is /etc/vsftpd.conf. The parameters in this configuration file do include comments; however, full descriptions, including default values for parameters, are only available through the man page (man 5 vsftpd.conf). The vsftpd server daemon can be run in two modes: standalone or behind xinetd. From a security perspective, running vsftpd behind xinetd is a commonly used configuration. However, if the FTP service is expected to be heavily used, or if additional security is not necessary (LAN-only accessible location), running the FTP server in standalone mode is an option. When you configure vsftpd, some options are only applicable to the standalone mode of vsftpd. For example, the IP address the FTP server will listen on can be configured via the listen_address parameter within vsftpd.conf. However, this parameter will only be recognized in standalone mode. When protected by xinetd, the IP address configuration is performed within xinetd. The vsftpd server daemon reads the default configuration file /etc/vsftpd.conf upon daemon startup and configures itself accordingly. If any change is made to this file, the next FTP connection will cause xinetd to spawn a new session of the FTP daemon and the new configuration will automatically take affect.

GENERAL SETTINGS


The General section of the configuration file is used to configure system-wide behavior of the VSFTP server. Table 12.1 lists the available General server settings, with a brief description and the default setting in the configuration file.

Table 12.1. General Settings Parameters in vsftpd.conf
PARAMETER DEFAULT VALUE DESCRIPTION
write_enable NO Determines whether or not any type of write command will be allowed.

dirmessage_enable YES Activates directory messages that are displayed to users upon entering certain directories.

nopriv_user nobody Non-privileged user that the FTP server can use as a secure user.

ftpd_banner None Default vsftpd banner Welcome message displayed to users upon connecting to FTP server. It is recommended that you change this to reduce the likelihood of users knowing the type of FTP server being used.

hide_ids NO Causes all user and group ownership information to be displayed as "ftp".

TRANSFER SETTINGS


The Transfer section of the configuration file is used to configure file transfer behavior of the VSFTP server. Table 12.2 lists the available Transfer server settings, with a brief description and the default setting in the configuration file.

Table 12.2. Transfer Settings Parameters in vsftpd.conf
PARAMETER DEFAULT VALUE DESCRIPTION
connect_from_port_20 YES Ensures that data transfer connections originate on Port 20.

idle_session_timeout 300 Default amount of time (in seconds) a client can remain idle before being disconnected.

data_session_timeout 300 Default amount of time (in seconds) a data transfer can stall before being disconnected.

pasv_enable YES Enables PASV method for data transfers.

pam_service_name vsftpd Identifies the string PAM uses to integrate vsftpd. (This should not be changed.)

LOCAL USER SETTINGS


The Local User section of the configuration file is used to configure the FTP capabilities and environment for local users. These settings also apply to LUM users if the LUM component of OES is enabled. Table 12.3 lists the available Local User settings, with a brief description and the default setting in the configuration file.

Table 12.3. Local User Settings Parameters in vsftpd.conf
PARAMETER DEFAULT VALUE DESCRIPTION
local_enable NO Determines whether or not local users are allowed to authenticate.

local_umask 077 The umask variable used during local user FTP sessions.

chroot_local_user NO Determines whether or not local users are locked in a CHROOT jail during the FTP session.

chroot_list_enable NO Determines if a list of users to CHROOT is configured on the server.

chroot_list_file

/etc/vsftpd.
chroot_list
 If the chroot_list_enable parameter is set to YES, this parameter must contain a list of users who should be locked in a CHROOT jail.

ANONYMOUS USER SETTINGS


The Anonymous User section of the configuration file is used to configure the FTP capabilities and environment for anonymous, or guest, users. Table 12.4 lists the available Anonymous User settings, with a brief description and the default setting in the configuration file.

Table 12.4. nonymous User Settings Parameters in vsftpd.conf
PARAMETER DEFAULT VALUE DESCRIPTION
anonymous_enable YES Determines whether anonymous connections are allowed.

anon_world_readable_only YES Causes anonymous users to only be allowed access to files that are readable to everyone.

anon_upload_enable NO Determines whether or not anonymous connections are allowed to upload files to the server.

anon_umask 077 The umask variable used during anonymous FTP sessions.

LOG SETTINGS


The Log Settings section of the configuration file is used to configure the logging behavior of the FTP server. Table 12.5 lists the available Log settings, with a brief description and the default setting in the configuration file.

Table 12.5. Log Settings Parameters in vsftpd.conf
PARAMETER DEFAULT VALUE DESCRIPTION
syslog_enable YES Causes vsftpd messages to be sent to syslog rather than tracked in the default vsftpd.log file.

log_ftp_protocol NO Causes all FTP requests and responses to be logged.

xferlog_enable NO Causes all FTP uploads and downloads to be logged.

vsftpd_log_file /var/log/vsftpd.log If syslog is not used for logging, this parameter is used to adjust the default location for the vsftpd logfile.

With a basic FTP server running, NetDrive can be used by OES clients to access FTP resources, as described earlier in this chapter. For more information on using an FTP server in more general situations, see the SLES online documentation, or the vsftpd documentation at http://vsftpd.beasts.org/.






FTP Server


Several FTP servers are available for the Linux platform. With SLES, two commonly used FTP servers are Pure-FTP (pure-ftpd) and VSFTP (vsftpd). Both of these FTP servers are included with SLES distributions and may be optionally installed during the OES installation.Chapter 8, "Users and Network Security."

The VSFTP server is a fully functional FTP server with many features, such as those in the following list. This section provides basic installation and configuration information so that you can use FTP file access with NetDrive. xinetd-based service management
The Internet Super Daemon Extended, or xinted, manages the vsftpd process. This allows xinetd to provide an additional security layer for vsftpd. As incoming requests are encountered, xinetd verifies the request, and if allowed, spawns the vsftpd process. With this integration, FTP service management is performed via the YaST Network Services (inetd) module.

Authenticated user access
Local user access can be used to provide local and LUM users with complete access to private files. These accounts can be locked into their home directory through the use of a CHROOT jail. Anonymous user access
Anonymous user accounts can be set up to provide users with basic access to public files. Using a CHROOT jail, anonymous access can be locked into a specific directory structure to reduce potential security risks. Firewall support
If the FTP client is behind a firewall, FTP server supports passive mode data transfer and the configuration of a range of passive data ports. FTP logs
The FTP service maintains a log of several activities, including FTP sessions, unsuccessful login attempts, active session details, and system errorand FTP serverrelated messages.
For detailed information on all VSFTP server features, see the VSFTP homepage at http://vsftpd.beasts.org/.

Installing FTP Server


The VSFTP server can be installed as an optional component during the OES Linux installation or it can be installed later through YaST. To install VSFTP using YaST:

1.

Access YaST from a terminal using yast, or from a graphical environment using yast2 or the YaST launcher from the application menu.

2.

Select the Search category in YaST. From within the Search category, enter vsftpd and click Search.

3.

In the right pane, the vsftpd package should be displayed. Click the check box to mark vsftpd for installation.

4.

Click Accept to start the software installation. At this point you may be prompted to install a few additional packages to satisfy dependencies. If so, select to continue the installation to install all required packages.

5.

At the conclusion of the software installation, SuSEconfig is executed to update the system configuration. After this completes, select Finish to exit the Install and Remove Software module.

6.

After being installed, the FTP service must be enabled through xinetd. From within YaST, select the Network Services category and locate and select the Network Services (inetd) module.

7.

From within the Network Services Configuration (xinetd) screen, locate and select ftp in the Currently Available Services list, and then click on the Toggle Status (On or Off) button to enable the FTP service (see Figure 12.11). Select Finish to update the FTP configuration file and restart the xinetd service.

Figure 12.11. YaST Network Services (xinetd) configuration for FTP.


[View full size image]


When the VSFTP server has been installed, and enabled within xinetd, you are ready to configure the FTP server.

Configuring the FTP Server


Before you start the vsftpd server daemon, you should configure it by adjusting the configuration parameters found in the configuration file. The default configuration file is /etc/vsftpd.conf. The parameters in this configuration file do include comments; however, full descriptions, including default values for parameters, are only available through the man page (man 5 vsftpd.conf). The vsftpd server daemon can be run in two modes: standalone or behind xinetd. From a security perspective, running vsftpd behind xinetd is a commonly used configuration. However, if the FTP service is expected to be heavily used, or if additional security is not necessary (LAN-only accessible location), running the FTP server in standalone mode is an option. When you configure vsftpd, some options are only applicable to the standalone mode of vsftpd. For example, the IP address the FTP server will listen on can be configured via the listen_address parameter within vsftpd.conf. However, this parameter will only be recognized in standalone mode. When protected by xinetd, the IP address configuration is performed within xinetd. The vsftpd server daemon reads the default configuration file /etc/vsftpd.conf upon daemon startup and configures itself accordingly. If any change is made to this file, the next FTP connection will cause xinetd to spawn a new session of the FTP daemon and the new configuration will automatically take affect.

GENERAL SETTINGS


The General section of the configuration file is used to configure system-wide behavior of the VSFTP server. Table 12.1 lists the available General server settings, with a brief description and the default setting in the configuration file.

Table 12.1. General Settings Parameters in vsftpd.conf
PARAMETER DEFAULT VALUE DESCRIPTION
write_enable NO Determines whether or not any type of write command will be allowed.

dirmessage_enable YES Activates directory messages that are displayed to users upon entering certain directories.

nopriv_user nobody Non-privileged user that the FTP server can use as a secure user.

ftpd_banner None Default vsftpd banner Welcome message displayed to users upon connecting to FTP server. It is recommended that you change this to reduce the likelihood of users knowing the type of FTP server being used.

hide_ids NO Causes all user and group ownership information to be displayed as "ftp".

TRANSFER SETTINGS


The Transfer section of the configuration file is used to configure file transfer behavior of the VSFTP server. Table 12.2 lists the available Transfer server settings, with a brief description and the default setting in the configuration file.

Table 12.2. Transfer Settings Parameters in vsftpd.conf
PARAMETER DEFAULT VALUE DESCRIPTION
connect_from_port_20 YES Ensures that data transfer connections originate on Port 20.

idle_session_timeout 300 Default amount of time (in seconds) a client can remain idle before being disconnected.

data_session_timeout 300 Default amount of time (in seconds) a data transfer can stall before being disconnected.

pasv_enable YES Enables PASV method for data transfers.

pam_service_name vsftpd Identifies the string PAM uses to integrate vsftpd. (This should not be changed.)

LOCAL USER SETTINGS


The Local User section of the configuration file is used to configure the FTP capabilities and environment for local users. These settings also apply to LUM users if the LUM component of OES is enabled. Table 12.3 lists the available Local User settings, with a brief description and the default setting in the configuration file.

Table 12.3. Local User Settings Parameters in vsftpd.conf
PARAMETER DEFAULT VALUE DESCRIPTION
local_enable NO Determines whether or not local users are allowed to authenticate.

local_umask 077 The umask variable used during local user FTP sessions.

chroot_local_user NO Determines whether or not local users are locked in a CHROOT jail during the FTP session.

chroot_list_enable NO Determines if a list of users to CHROOT is configured on the server.

chroot_list_file

/etc/vsftpd.
chroot_list
 If the chroot_list_enable parameter is set to YES, this parameter must contain a list of users who should be locked in a CHROOT jail.

ANONYMOUS USER SETTINGS


The Anonymous User section of the configuration file is used to configure the FTP capabilities and environment for anonymous, or guest, users. Table 12.4 lists the available Anonymous User settings, with a brief description and the default setting in the configuration file.

Table 12.4. nonymous User Settings Parameters in vsftpd.conf
PARAMETER DEFAULT VALUE DESCRIPTION
anonymous_enable YES Determines whether anonymous connections are allowed.

anon_world_readable_only YES Causes anonymous users to only be allowed access to files that are readable to everyone.

anon_upload_enable NO Determines whether or not anonymous connections are allowed to upload files to the server.

anon_umask 077 The umask variable used during anonymous FTP sessions.

LOG SETTINGS


The Log Settings section of the configuration file is used to configure the logging behavior of the FTP server. Table 12.5 lists the available Log settings, with a brief description and the default setting in the configuration file.

Table 12.5. Log Settings Parameters in vsftpd.conf
PARAMETER DEFAULT VALUE DESCRIPTION
syslog_enable YES Causes vsftpd messages to be sent to syslog rather than tracked in the default vsftpd.log file.

log_ftp_protocol NO Causes all FTP requests and responses to be logged.

xferlog_enable NO Causes all FTP uploads and downloads to be logged.

vsftpd_log_file /var/log/vsftpd.log If syslog is not used for logging, this parameter is used to adjust the default location for the vsftpd logfile.

With a basic FTP server running, NetDrive can be used by OES clients to access FTP resources, as described earlier in this chapter. For more information on using an FTP server in more general situations, see the SLES online documentation, or the vsftpd documentation at http://vsftpd.beasts.org/.


/ 150