1. Trang chủ
  2. » Công Nghệ Thông Tin

Tài liệu TCP/IP Network Administration- P12 ppt

50 311 0

Đang tải... (xem toàn văn)

Tài liệu hạn chế xem trước, để xem đầy đủ mời bạn chọn Tải xuống

THÔNG TIN TÀI LIỆU

Thông tin cơ bản

Định dạng
Số trang 50
Dung lượng 349,75 KB

Nội dung

[Chapter 13] Internet Information Resources some other browsers this field is labeled "Location" or "Netsite," but in all cases it performs the same function: it holds the path to the information resource. In the example the location is http://csrc.nist.gov/secalert/. "URL" stands for universal resource locator. It is a standard way of defining a network resource and it has a specific structure: service://server/path/file In the sample URL, http is the service; csrc.nist.gov is the server; and secalerts is the path to the resource contained on that server. This tells the browser to locate a host with the domain name csrc.nist.gov, and to ask it for the hypertext information located in the secalerts path. Hypertext is not the only type of information that can be retrieved by a browser. The browser is intended to provide a consistent interface to various types of network resources. HTTP is only one of the services that can be specified in a URL. A Web browser can be used to view local hypertext files. This is how the gated documentation is delivered. Figure 13.2 shows a network administrator reading the gated documentation. The URL in Figure 13.2 is file://localhost/usr/doc/config_guide/config.html. The service is file, which means that the resource is to be read via the standard filesystem. The server is the local host (localhost). The path is /usr/doc/config_gated, and the file is config.html. Figure 13.2: Reading GateD documentation file:///C|/mynapster/Downloads/warez/tcpip/ch13_01.htm (3 of 6) [2001-10-15 09:19:02] Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark. [Chapter 13] Internet Information Resources Another browser service that is often used by a network administrator is FTP. Figure 13.3 shows a network administrator using a browser to download software. The URL in Figure 13.3 is ftp://ftp.ncsa.edu/Web/Mosaic/Unix/binaries/2.6. FTP is the service used to access the resource, which in this case is a binary file. The server is ftp.ncsa.edu, which is the anonymous FTP server at the National Center for Super Computing Applications. The path is /Web/Mosaic/Unix/binaries/2.6 and the file is any of the files listed on the screen. Figure 13.3: Browser FTP interface file:///C|/mynapster/Downloads/warez/tcpip/ch13_01.htm (4 of 6) [2001-10-15 09:19:02] Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark. [Chapter 13] Internet Information Resources Reading important announcements and documentation and downloading files are probably the most common uses a network administrator has for a Web browser. There are, however, many other things that can be done with a browser and a huge number of resources available on the network. A detailed discussion of browsers and the Web is beyond the scope of this book. See The Whole Internet User's Guide and Catalog, by Ed Krol (O'Reilly & Associates), for a full treatment of these subjects. The browser provides a consistent interface to a variety of network services. But it is not the only way, or necessarily the best way, to access all of these services. In particular, it may not be the fastest or most efficient way to download a file. Figure 13.3 shows a file being downloaded from an anonymous FTP server. An alternative is to invoke ftp directly from the command-line interface. file:///C|/mynapster/Downloads/warez/tcpip/ch13_01.htm (5 of 6) [2001-10-15 09:19:02] Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark. [Chapter 13] Internet Information Resources Previous: 12.9 Summary TCP/IP Network Administration Next: 13.2 Anonymous FTP 12.9 Summary Book Index 13.2 Anonymous FTP [ Library Home | DNS & BIND | TCP/IP | sendmail | sendmail Reference | Firewalls | Practical Security ] file:///C|/mynapster/Downloads/warez/tcpip/ch13_01.htm (6 of 6) [2001-10-15 09:19:02] Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark. [Chapter 13] 13.2 Anonymous FTP Previous: 13.1 The World Wide Web Chapter 13 Internet Information Resources Next: 13.3 Finding Files 13.2 Anonymous FTP Anonymous FTP is mentioned throughout this book as a technique for retrieving publicly available files and programs from the many FTP servers around the Internet. Anonymous FTP is simply an ftp session in which you log into the remote server using the username anonymous and, by convention, your email address as the password. [1] The anonymous FTP example below should make this simple process clear: [1] Some FTP servers request your real username as a password. % ftp ftp.ncsa.edu Connected to ftp.ncsa.uiuc.edu. 220 FTP server Wed May 21 1997 ready. Name (ftp.ncsa.edu:kathy): anonymous 331 Guest login ok, use email address as password. Password: ftp> cd /Web/Mosaic/Unix/binaries/2.6 250 CWD command successful. ftp> binary 200 Type set to I. ftp> get Mosaic-hp-2.6.Z Mosaic.Z 200 PORT command successful. 150 Opening BINARY mode data connection for Mosaic-hp-2.6.Z. 226 Transfer complete. local: Mosaic.Z remote: Mosaic-hp-2.6.Z 809343 bytes received in 3.5 seconds (2.3e+02 Kbytes/s) ftp> quit 221 Goodbye. In this example, the user logs into the server ftp.ncsa.edu using the username anonymous and the password kathy@nuts.com, which is her email address. With anonymous FTP, she can log in even though she doesn't have an account on ftp.ncsa.edu. Of course what she can do is restricted, but she can retrieve certain files from the system, and that's just what she does. She changes to the /Web/Mosaic/Unix/binaries/2.6 directory and gets the compressed file Mosaic-hp-2.6.Z. The file is retrieved in binary mode. file:///C|/mynapster/Downloads/warez/tcpip/ch13_02.htm (1 of 4) [2001-10-15 09:19:03] Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark. [Chapter 13] 13.2 Anonymous FTP 13.2.1 Creating an FTP Server Using the anonymous FTP service offered by a remote server is very simple. However, setting up an anonymous FTP service on your own system is a little more complicated. Here are the steps to set up an anonymous FTP server: 1. Add user ftp to the /etc/passwd file. 2. Create an ftp home directory owned by user ftp that cannot be written to by anyone. 3. Create a bin directory under the ftp home directory that is owned by root, and that cannot be written to by anyone. The ls program should be placed in this directory and changed to mode 111 (execute-only). 4. Create an etc directory in the ftp home directory that is owned by root, and that cannot be written to by anyone. Create special passwd and group files in this directory, and change the mode of both files to 444 (read-only). 5. Create a pub directory in the ftp home directory that is owned by root and is only writable by root, i.e., mode 644. Don't allow remote users to store files on your server, unless it is absolutely necessary and your system is on a private, non-connected network. If you must allow users to store files on the server, change the ownership of this directory to ftp and the mode to 666 (read and write). This should be the only directory where anonymous FTP users can store files. The following examples show each of these steps. First, create the ftp home directory and the required subdirectories. In our example, we create the ftp directory under the /usr directory. # mkdir /usr/ftp # cd /usr/ftp # mkdir bin # mkdir etc # mkdir pub Then copy ls to /usr/ftp/bin, and set the correct permissions. # cp /bin/ls /usr/ftp/bin # chmod 111 /usr/ftp/bin/ls Create a group that will be used only by anonymous FTP, a group that has no other members. In our example we create a group called anonymous. An entry for this new group is added to the /etc/group file, and a file named /usr/ftp/etc/group is created that contains only this single entry. anonymous:*:15: Create a user named ftp by placing an entry for that user in the file /etc/passwd. Also create a file named /usr/ftp/etc/passwd that contains only the ftp entry. Here's the entry we used in both files: file:///C|/mynapster/Downloads/warez/tcpip/ch13_02.htm (2 of 4) [2001-10-15 09:19:03] Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark. [Chapter 13] 13.2 Anonymous FTP ftp:*:15:15:Anonymous ftp:/usr/ftp: These examples use a GID of 15 and a UID of 15. These are only examples; pick a UID and GID that aren't used for anything else on your system. A cat of the newly created /usr/ftp/etc/passwd and /usr/ftp/etc/group files shows the following: % cat /usr/ftp/etc/passwd ftp:*:15:15:Anonymous ftp:/usr/ftp: % cat /usr/ftp/etc/group anonymous:*:15: After the edits are complete, set both files to mode 444: # chmod 444 /usr/ftp/etc/passwd # chmod 444 /usr/ftp/etc/group Set the correct ownership and mode for each of the directories. The ownership of /usr/ftp/pub, /usr/ftp/bin, and /usr/ftp/etc do not need to be changed because the directories were created by root. # cd /usr/ftp # chmod 644 pub # chmod 555 bin # chmod 555 etc # cd # chown ftp ftp # chmod 555 ftp If you must allow users to write their own files in the pub directory, make the following changes: [2] [2] This opens a large security hole. Allow users to write their own files to the anonymous FTP server only if you must. # chown ftp pub # chmod 666 pub For most UNIX systems, the installation is complete. But if you have a Sun OS 4.x system, a few more steps are necessary. The dynamic linking used by Sun OS requires that the ftp home directory contains: 1. The runtime loader 2. The shared C library 3. /dev/zero file:///C|/mynapster/Downloads/warez/tcpip/ch13_02.htm (3 of 4) [2001-10-15 09:19:03] Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark. [Chapter 13] 13.2 Anonymous FTP These Sun-specific steps are shown in the following examples. First, create the directory /usr/ftp/usr/lib, then copy the files ld.so and libc.so.* into the new directory, and set the file permissions: # cd /usr/ftp # mkdir usr # mkdir usr/lib # cp /usr/lib/ld.so usr/lib # cp /usr/lib/libc.so.* usr/lib # chmod 555 libc.so.* # chmod 555 usr/lib # chmod 555 usr Next, create the ftp/dev directory, and run mknod to create dev/zero: # cd /usr/ftp # mkdir dev # cd dev # mknod zero c 3 12 # cd # chmod 555 dev Now you can copy the files you wish to make publicly available into /usr/ftp/pub. To prevent these files from being overwritten by remote users, set the mode to 644 and make sure the files are not owned by user ftp. Once you complete the configuration steps necessary for your system, test it thoroughly before announcing the service. Make sure that your server provides the anonymous FTP service you want, without providing additional "services" that you don't want (such as allowing anonymous users access to files outside of the ftp home directory). Anonymous FTP is a potential security risk. If you offer this service at all, limit the number of systems at your site that provide it (one is usually enough), and take care to ensure that the installation is done properly. Previous: 13.1 The World Wide Web TCP/IP Network Administration Next: 13.3 Finding Files 13.1 The World Wide Web Book Index 13.3 Finding Files [ Library Home | DNS & BIND | TCP/IP | sendmail | sendmail Reference | Firewalls | Practical Security ] file:///C|/mynapster/Downloads/warez/tcpip/ch13_02.htm (4 of 4) [2001-10-15 09:19:03] Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark. [Chapter 13] 13.3 Finding Files Previous: 13.2 Anonymous FTP Chapter 13 Internet Information Resources Next: 13.4 Retrieving RFCs 13.3 Finding Files Anonymous FTP requires detailed knowledge from the user. To retrieve a file, you must know the FTP server and the directory where the file is located. When the network was small, this was not a major problem. There were a limited number of important FTP servers, and they were well stocked with files. You could always ftp to a major server and search through some directories using ftp's ls command. This old approach is not compatible with a large and expanding Internet for two reasons: ● There are now thousands of major anonymous FTP servers. Knowing them all is difficult. ● There are now millions of Internet users. They cannot all rely on a few well-known servers. The servers would quickly be overwhelmed with ftp requests. archie is an application designed to help with this problem. It provides a database of information about anonymous FTP sites and the files they contain. 13.3.1 archie archie expands the usefulness of anonymous FTP by helping you locate the file, program, or other information that you need. archie uses information servers that maintain databases containing information about hundreds of FTP servers, and thousands of files and programs throughout the Internet. archie's primary database is a listing of files and the servers from which the files can be retrieved. In the simplest sense, you tell archie which file you're looking for, and archie tells you which FTP servers the file is available from. archie can be used in four different ways: interactively, through electronic mail, via a Web browser, or from an archie client. To use archie interactively, telnet to one of the archie servers. [3] Log in using the username archie and no password. At the archie> prompt, type help to get a full set of interactive archie commands. [3] The list of publicly accessible servers is available at http://www.bunyip.com/products/archie/world/servers.html. file:///C|/mynapster/Downloads/warez/tcpip/ch13_03.htm (1 of 5) [2001-10-15 09:19:04] Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark. [Chapter 13] 13.3 Finding Files There are many interactive archie commands, but the basic function of locating a program that is accessible via anonymous FTP can be reduced to two commands. prog pattern Display all files in the database with names that match the specified pattern. mail address Mail the output of the last command to address, which is normally your own email address. The following example uses both of these commands to interactively search for gated-R3_5_5.tar, and then mail the results of the search to craig@peanut.nuts.com. % telnet archie.internic.net Trying 198.49.45.10 . Connected to archie.ds.internic.net. Escape character is ']'. UNIX(r) System V Release 4.0 (ds0) login: archie # Bunyip Information Systems, Inc., 1993, 1994, 1995 archie> prog gated-R3_5_5.tar # Search type: sub. # Your queue position: 1 # Estimated time for completion: 5 seconds. working . O Host ftp.zcu.cz (147.228.206.16) Last updated 11:32 27 Jun 1997 Location: /pub/security/merit/gated FILE -r--r--r-- 1460773 bytes Jan 1997 gated-R3_5_5.tar.gz archie> mail craig@peanut.nuts.com archie> quit The archie output provides all of the information you need to initiate an anonymous FTP transfer: ● The name of the server (ftp.zcu.cz in our example) ● The directory on the server that contains the file (/pub/security/merit/gated in our example) ● The full name of the file (gated-R3_5_5.tar.gz in our example) You can also use archie by sending email to archie at any one of the archie servers; for example, archie@archie.internic.net. The text of the mail message must contain a valid archie email command. file:///C|/mynapster/Downloads/warez/tcpip/ch13_03.htm (2 of 5) [2001-10-15 09:19:04] Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark. [...]... this reduce the network load, it reduces the number of redundant copies that are stored on local disk files Network news is delivered over TCP/IP networks using the Network News Transfer Protocol (NNTP) NNTP is included as part of the TCP/IP protocol stack on most UNIX systems and requires no special configuration The only thing you need to know to get started is the name of your closest network news... network name, ANS-C-BLOCK4 in our example, but frequently you won't know the network name until you get the response from your query In addition to the network name and number, this query tells you who is responsible for this network, and what name servers provide inaddr.arpa domain service for this network With the information from these queries, we could contact the domain administrator and the network. .. more to the network than can ever be covered in one book This book has been your launching pad - helping you connect your system to the network Now that your system is up and running, use it as a tool to expand your information horizons Previous: 13.6 The White Pages 13.6 The White Pages TCP/IP Network Administration Next: A PPP Tools Book Index A PPP Tools [ Library Home | DNS & BIND | TCP/IP | sendmail... are 100 people on a list, 100 messages are sent over the network and stored at 100 receiving systems Network news provides a more efficient method for distributing this kind of information The information is stored around the network on, for most sites, one or two news servers Therefore, instead of moving mail messages to every individual on your network who wants to discuss the Linux operating system,... Mailing Lists There are many, many newsgroups Most of the newsgroups that are of interest to a network administrator are found in the comp category comp.os contains sub-groups for various operating systems comp.unix lists groups for various flavors of UNIX comp.networks and comp.internet provide information about networks and the Internet comp.security and comp.virus provide security information There is... file:///C|/mynapster/Downloads/warez/tcpip/ch13_05.htm (4 of 5) [2001-10-15 09:19:06] [Chapter 13] 13.5 Mailing Lists Previous: 13.4 Retrieving RFCs 13.4 Retrieving RFCs TCP/IP Network Administration Book Index Next: 13.6 The White Pages 13.6 The White Pages [ Library Home | DNS & BIND | TCP/IP | sendmail | sendmail Reference | Firewalls | Practical Security ] Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark... documents whois helps you locate important people One of the most important pieces of information in a network is who is in charge at the other end In Chapter 11, Troubleshooting TCP/IP , we pointed out that it is important to know who is responsible for the other end of the link when troubleshooting a network problem whois is a tool that helps you find this out whois obtains the requested information... records, a few of which are very helpful for locating the people responsible for networks, domains, and hosts throughout the Internet These record types are: Domain Provides detailed contact information for the people responsible for the specified domain Network Provides detailed information for the contacts for the specified network Host Provides general information about the specified host This record... essentially the same information we could get from DNS A much more interesting query is for the point of contact for a specific network To find out, enter a whois query with the network number In our example, the IP address of one of the servers is 207.25.97.8 This is a class C address, so the network number is 207.25.97.0 The query is constructed as shown in the example below: % whois 'net 207.25.97.0' ANS CO+RE... limits its utility But sometimes archie is the only place you have to start your search for a file Previous: 13.2 Anonymous FTP 13.2 Anonymous FTP TCP/IP Network Administration Book Index Next: 13.4 Retrieving RFCs 13.4 Retrieving RFCs [ Library Home | DNS & BIND | TCP/IP | sendmail | sendmail Reference | Firewalls | Practical Security ] Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark . network load, it reduces the number of redundant copies that are stored on local disk files. Network news is delivered over TCP/IP networks using the Network. Web TCP/IP Network Administration Next: 13.3 Finding Files 13.1 The World Wide Web Book Index 13.3 Finding Files [ Library Home | DNS & BIND | TCP/IP

Ngày đăng: 14/12/2013, 16:15

w