Sunday, November 25, 2012

how to configure xinted services


Xinetd(extended Internet Daemon)  is a secure replacement forinetd(the Internet services daemon).It is a computer Program that monitors incoming packets to determine if the external device is autorized to have access. inetd launches the required programs for Internet connectivity   at the time  of system initialization. These programs lie dormant until the connection is made. Once the request is made , inetd launches the required program or server (FTP,Telnet,SSH etc) to answer the request. Where Xinetd is a program that listen on all the ports for Internet services  like Telnet,FTP & POP3. When it recognizes a packet is coming through a particular port , xinetd launched the appropriate program or server to handle the connection
Xinetd provides access control for all services based on the address of the remote host and/or on time of access and can prevent denial-of-access attacks. Xinetd provides extensive logging, has no limit on the number of server arguments, and lets you bind specific services to specific IP addresses on your host machine. Each service has its own specific configuration file for Xinetd, the files are  located at the /etc/xinetd.ddirectory.
Advantages of xinetd :
1.                    It conserve the system resources by avoiding to fork a lot of process which might be dormant(inactive) for most of their life time.
2.                    Xinetd is not limited to the services listed in /etc/services but any body can use xined to start special purpose service.
Some Xinetd features that enable a more secure way of managingInternet services :

1.                    TCP Wrapper ACLs -  TCP wrappper ACLs(Access Control List) monitor and filter incoming request for the SYSTAT, FINGER, FTP, TELNET, RLOGIN, RSH, EXEC, TFTP, TALK & other network services.
2.                    Access Control – This feature enables xinetd to restrict or allow connections based on the address of the remote host, time of access,duration of connection, name of the remote host, domain of the remote host, Xinetd also limit the rate of incoming connections from the particular host using TCP Wrapper.
3.                    Controls Denial of Service Attacks  -  Apart from limiting the number of simultaneous connections from the same host , xinted executes limits placed on the log files created by the host to prevent filling up disk space.
4.                    Superior logging abilities – Using xinetd  , one can enable logging for each service separately. The daemon can log the start and stop times of a connection to help determine how long a service was used , who the remote user was & log information on failed connection attempts.
Note: - We are assuming that xinetd is package is installed on a linux box
The configuration files for xinetd are as follows:
·                       /etc/xinetd.conf — The global xinetd configuration file.
·                       /etc/xinetd.d/ — The directory containing all service-specific files.
The /etc/xinetd.conf file contains general configuration settings which effect every service under xinetd's control. It is read once when the xinetd service is started, so for configuration changes to take effect, the administrator must restart the xinetd service.
Below is a sample /etc/xinetd.conf file:

defaults
{
instances               = 60
log_type                = SYSLOG authpriv
log_on_success          = HOST PID
log_on_failure          = HOST
cps                     = 25 30
}
includedir /etc/xinetd.d

These lines control the following aspects of xinetd:
·                       instances — Sets the maximum number of requests xinetd can handle at once.
·                       log_type — Configures xinetd to use the authpriv log facility, which writes log entries to the /var/log/secure file. Adding a directive such as FILE /var/log/xinetdlog would create a custom log file called xinetdlog in the /var/log/ directory.
·                       log_on_success — Configures xinetd to log if the connection is successful. By default, the remote host's IP address and the process ID of server processing the request are recorded.
·                       log_on_failure — Configures xinetd to log if there is a connection failure or if the connection is not allowed.
·                       cps — Configures xinetd to allow no more than 25 connections per second to any given service. If this limit is reached, the service is retired for 30 seconds.
·                       includedir /etc/xinetd.d/ — Includes options declared in the service-specific configuration files located in the /etc/xinetd.d/ directory
Configuring Telnet Service Using Xinetd :
Sample file of telnet is located at /etc/xinetd.d/telnet
service telnet
{
disable         = no
flags           = REUSE
socket_type     = stream
wait            = no
user            = root
server          = /usr/sbin/in.telnetd
log_on_failure  += USERID
no_access       = 10.0.1.0/24
log_on_success  += PID HOST EXIT
access_times    = 09:45-16:15
}

·                       service — Defines the service name, usually one listed in the /etc/services file.
·                       flags — Sets any of a number of attributes for the connection. REUSE instructs xinetd to reuse the socket for a Telnet connection.
·                       socket_type — Sets the network socket type to stream.
·                       wait — Defines whether the service is single-threaded (yes) or multi-threaded (no).
·                       user — Defines what user ID the process runs under.
·                       server — Defines the binary executable to be launched.
·                       log_on_failure — Defines logging parameters for log_on_failure in addition to those already defined in xinetd.conf.
·                       disable — Defines whether the service is active.
 only_from — Allows only the specified hosts to use the service.
·                       no_access — Blocks listed hosts from using the service.
·                       access_times — Specifies the time range when a particular service may be used. The time range must be stated in 24-hour format notation, HH:MM-HH:MM.
The only_from andno_access options can use a list of IP addresses or host names, or can specify an entire network. Like TCP wrappers, combining xinetd access control with the enhanced logging configuration can increase security by blocking requests from banned hosts while verbosely recording each connection attempt. For example, the following /etc/xinetd.d/telnet file can be used to block Telnet access from a particular network group and restrict the overall time range that even allowed users can log in , as shown in above example.

In this example, when a client system from the 10.0.1.0/24 network, such as 10.0.1.2, tries to access the Telnet service, it receives a message stating the following message:
Connection closed by foreign host.

In addition, their login attempts are logged in /var/log/secure

Friday, November 23, 2012

How To Install & Configure Tomcat 7 In Linux


To Install tomcat 7 first we need to install jdk-7 . So To install java (jdk-7) follow the below steps :

1.                Step 1: Download the tar file of java according to your architecture using this link
“http://www.oracle.com/technetwork/java/javase/downloads/index.html"
2.                 
3.                Step 2:create a directory using below command
# mkdir /usr/java
4.                 
5.                Step 3:Now unpack the zip file in /usr/java using tar command

# tar  zxpvf  jdk-7u9-linux-x64.tar.gz  -C  /usr/java/

6.                This will create the directory /usr/java/jdk1.7.0_09 . This will be our JAVA_HOME
7.                 
8.                Step 4:Now we set the Java Home and will put Java into the path of our users using below command
9.     
# JAVA_HOME=/usr/java/jdk1.7.0_09/
# export  JAVA_HOME
# PATH=$JAVA_HOME/bin:$PATH
# export PATH
10.   
11.  To set the JAVA_HOME permanently, we need to add above commands  to the ~/.bash_profile of the user (in this case, root) or we can add it /etc/profile and then source it to give to all users.

Now Install Tomcat 7 

1.                            Step 1:First download the zipped file using the the below url
“http://tomcat.apache.org/download-70.cgi”

2.                            Step 2:We will install tomcat under “/usr/share” directory , Now unzip the tomcat file using below command:
# tar zxpvf   /root/apache-tomcat-7.0.32.tar.gz -C /usr/share
This will create a directory  “/usr/share/apache-tomcat-7.0.32”

3.                            Step 3:Now we will create a script called “tomcat” under /etc/init.d directory .
4.                           

# vi tomcat

5.                            #!/bin/bash
# description:
 Tomcat Start Stop Restart
# processname: tomcat
#  chkconfig: 234 20 80
JAVA_HOME=/usr/java/jdk1.7.0_09
6.                            export JAVA_HOME
PATH=$JAVA_HOME/bin:$PATH
export PATH
CATALINA_HOME=/usr/share/apache-tomcat-7.0.32

case $1 in
start)
sh $CATALINA_HOME/bin/startup.sh
;;
sh $CATALINA_HOME/bin/shutdown.sh
;;
restart)
sh $CATALINA_HOME/bin/shutdown.sh
sh $CATALINA_HOME/bin/startup.sh
;;
esac
exit 0

7.                            Save and exit the file
8.                             
9.                            Step 4:Assign the right permissions to tomcat script and add to chckconfig utility using below commands

# cd  /etc/init.d
#  chmod 755 tomcat
# chkconfig --add  tomcat
# chkconfig  --level 35  tomcat on

10.                        Step 5:Now start the tomcat service 
# /etc/init.d/tomcat start
similarly we stop and restart the tomcat service.
11.                         
12.                        Step 6:We can now access the Tomcat Manager page at:
http://yourdomain.com:8080
or
http://yourIPaddress:8080

how to create partitions using fdisk and different filesystem like ext2,ext3 and ext4 in Linux


Disk Partitioning & Managing Partitions
When we format a computer hard drive, we will lose everything that is on the drive. Therefore, it is very important to back up anything you might later want.To format a secondary drive, we  need root access. Linux allows only 4 primary partitions.

on an IDE drive, the first drive is called hda, and the partitions are shown as hda1, hda2 . . . . etc. etc. Your second drive is called hdb.On an IDE drive you can have up to 63 partitions, 3 primary and 60 logical ( contained in one extended partition )
On a SCSI drive, the first drive is called sda, the partitions are sda1, sda2 . . The second drive is called sdb.On an IDE drive you can have up to 63 partitions, 3 primary and 60 logical ( contained in one extended partition )
An extended partition is the only kind of partition that can have multiple partitions inside. Think of it like a box that contains other boxes, the logical partitions. The extended partition can't store anything, it's just a holder for logical partitions.

The extended partitions is a way to get around the fact you can only have four primary partitions on a drive. You can put lots of logical partitions inside it.

We can see all the drives attached to your system by typing the command "ls /dev/hd*" or "ls /dev/sd*", depending on which type (IDE, SATA and so forth) the drives are. On the example system, the result of this command looks like "/dev/hda /dev/hda1 /dev/hda2 /dev/hdb /dev/hdb1". The operating system is installed on hda, which has two partitions (hda1 and hda2), and there is one partition on hdb and hdb1.

Steps for Creating partition using fdisk command : -
Step:1  To list available drives on you machine type:
# fdisk -l
Choose the drive you want to make changes to and engage it using fdisk:
# fdisk /dev/sdc
replace the "sdc" with the drive you want to edit.
The basic fdisk commands you need are:
o                              m - print help
o                              p - print the partition table
o                              n - create a new partition
o                              d - delete a partition
o                              q - quit without saving changes
- write the new partition table and exit
Step:2  Enter "p" to see the partition table of the drive. The first line of output from the "p" command will also tell you the size of the drive. This is a good way to double-check that you are working with the correct drive.
Step:3 Type "n" and hit "Enter." Then press "p" to create a primary partition. It asks you for a partition number; enter "1." Now you are asked which cylinder the partition should start at. The beginning of the drive is the default, so just hit "Enter." Then, you are asked for the last cylinder. The end of the drive is the default, so you can just press "Enter" again.
Step:4 Now you are back at fdisk's command prompt. Use the "p" command to check the partition table. You should now see your new partition at the bottom of the output.


Step:5   Now  we need to set the filesystem type for your new partition with the "t" command. We are asked for the Hex code of the filesystem you wish to use. We will use the standard Linux ext2 filesystem, which is "83." If you are doing something special and know of a particular filesystem that you need to use, you can press "L" to see all the codes, which are one or two characters made up of the numbers 0 to 9 and the letters a to f.
Step:6  Now just issue the "w" command to write your new partition table and exit fdisk

Step:7  # partprobe      (command used to force the kernel to re-read the new partition table)
To Delete Partitions using fdisk command
> 
Let us as suppose  that we want to remove a partition from /dev/hdb disk. Type the following command:

Step:1 # fdisk /dev/hdb
Now type p command to list partition:
Command (m for help): p

Step:2 Now let us say you want to delete /dev/hdb3 (3rd partition). Type the d command to delete a partition:

Command (m for help):
 d
Partition number (1-4):
 3
Step:3 It will prompt you for the partition number. Type 3:
Verify that partition deleted:
Command (m for help): p
Now save the changes and exit to shell prompt. Type the w command:
Command (m for help): w
Reboot the system OR run  partprobe  command
Formatting the Partitions
To use the partition we need to format the partitions using the different filesystem. We can format the partitions using either mkfs or mke2fs command.
# mkfs.ext2 /dev/sdb1            (ext2 filesystem)
# mkfs.ext3 /dev/sdb1            (ext3 filesystem)
# mkfs.ext4  /dev/sdb1            (ext4 filesystem)
# mkfs.vfat /dev/sdb1              (DOS filesystem)
Mount the new disk using mount command
First create a mount point /data and use mount command to mount /dev/sdb1, enter:

# mkdir /data
# mount /dev/sdb1 /data
# df -H
Update /etc/fstab file
Open /etc/fstab file, enter:

# vi /etc/fstab
Append as follows:
/dev/sdb1         /data         ext3         defaults         1         2

Save and close the file.
Brief Description about the File system:-

Ext2
  1.           Ext2 stands for second extended file system.
  2.             It was introduced in 1993. Developed by Rémy Card.
  3.            This was developed to overcome the limitation of the original ext file system.
  4.             Ext2 does not have journaling feature.
  5.            On flash drives, usb drives, ext2 is recommended, as it doesn’t need to do the over head of journaling.

                Maximum individual file size can be from 16 GB to 2 TB
Overall ext2 file system size can be from 2 TB to 32 TB

Ext3
  1.                               Ext3 stands for third extended file system.
  2.                               It was introduced in 2001. Developed by Stephen Tweedie.
  3.                             Starting from Linux Kernel 2.4.15 ext3 was available.
  4.                             The main benefit of ext3 is that it allows journaling.
  5.                            Journaling has a dedicated area in the file system, where all the changes are tracked.      When the system crashes, the possibility of file system corruption is less because of journaling.
  6.                           Maximum individual file size can be from 16 GB to 2 TB
  7.                            Overall ext3 file system size can be from 2 TB to 32 TB

                                         There are three types of journaling available in ext3 file system.
                                                 Journal – Metadata and content are saved in the journal.
                                             Ordered – Only metadata is saved in the journal. Metadata are journaled only after writing                 
                                        the content to disk. This is the default.
                                            Writeback – Only metadata is saved in the journal. Metadata might be journaled either 
                                           before or after the content is written to the disk.
                        You can convert a ext2 file system to ext3 file system directly (without backup/restore).

Ext4
  1.                               Ext4 stands for fourth extended file system.
  2.                             It was introduced in 2008.
  3.                            Starting from Linux Kernel 2.6.19 ext4 was available.
  4.                          Supports huge individual file size and overall file system size.
  5.                           Maximum individual file size can be from 16 GB to 16 TB                         Overall maximum ext4 file    system size is 1 EB (exabyte). 1 EB = 1024 PB (petabyte). 1 PB = 1024 TB (terabyte).
  6.                            Directory can contain a maximum of 64,000 subdirectories (as opposed to 32,000 in ext3)
  7.                          You can also mount an existing ext3 fs as ext4 fs (without having to upgrade it).
  8.                            Several other new features are introduced in ext4: multiblock allocation, delayed allocation, journal checksum. fast fsck, etc. All you need to know is that these new features have improved the performance and reliability of the filesystem when compared to ext3.

In ext4, you also have the option of turning the journaling feature “off”.

how to Configure a Roaming User Profiles in active directory


Configuration of Roaming User Profiles involves 2 processes: Sharing a Folder and Configuring Domain Users’ Profile page.
Process 1: Sharing a Folder
       1-    Log on to the domain controller with the credentials of Domain Administrator / Enterprise Administrator. (For testing purpose domain controller is used as a file server and C: is used to store roaming profiles. However in production environment it is recommended that you use a separate machine (preferably a virtual machine) as a dedicated file server and any drive other than C: to store roaming profiles of domain users.
            2-   Create a folder on drive C: and name it as RoamingProfiles. (You can give any name to this folder)
          3-   To Share RoamingProfiles folder right-click on it and from the context menu selectProperties.
               4-    On the Properties page go to Sharingtab and select Share this folder radio button.
             5-       Leave the default share name intact and click on Permissions button.
     6-      Make sure that in Share Permissionswindow under Groups or user namesframe Everyone group is selected and inPermissions to Everyone frame underAllow column check the checkbox opposite to Full Control option.
            7-            Click on Ok button on all windows to accept and confirm your settings.
Process 2: Configuring Domain Users’ Profile Page.
      1.   Click on Start button and go to Administrative Tools.
     2.     From Administrative Tools sub-menu click on Active Directory Users and Computers snap-in.
     3.     When opened, from the left pane expand the domain name (TESTDOMAIN.COM in this case) and from the list select Userscontainer.
    4.   From the right pane right click on the user name for which you want to configure roaming profile and select Properties. You can also select multiple users by pressing Ctrl key while selecting users. This will enable you to configure roaming user profile for multiple users in a single session.
     5.  In the Properties window go to Profile tab.
    6.    In the Profile path text box type the Universal Naming Convention (UNC) path for the shared folder followed by the variable. In this example it would be \\PCTIPS-3000\ROAMINGPROFILES\%USERNAME%where PCTIPS-3000 is the computer name, %USERNAME% is the variable which will be replaced with the name of the user account automatically and \\ is the UNC symbol.

                      
7.          Once done with the above configuration click on Ok button to accept and confirm the settings.