Mandrake Linux 9.0
   Next

Mandrake Linux 9.0

Quick-Configuration Server Guide

Quick-Configuration Server Guide

by Camille Bégnis, Christian Roy, Fabian Mandelbaum, Joël Pomerleau, Vincent Danen, Roberto Rosselli del Turco, Stefan Siegel, Marco De Vitis, Alice Lafox, Kevin Lecouvey, Christian Georges, John Rye, Robert Kulagowski, Pascal Rigaux, Frédéric Crozat, Laurent Montel, Damien Chaumette, Till Kamppeter, Guillaume Cottenceau, Jonathan Gotti, Christian Belisle, Sylvestre Taburet, Thierry Vignaud, Juan Quintela, Pascal Lo Re, Kadjo N'Doua, Mark Walker, Roberto Patriarca, Patricia Pichardo Bégnis, Alexis Gilliot, Arnaud Desmons, Wolfgang Bornath, Alessandro Baretta, Aurélien Lemaire.

Copyright © 2002 MandrakeSoft SA

Legal Notice

This manual is protected under MandrakeSoft intellectual property rights. Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.1 or any later version published by the Free Software Foundation; with the invariant sections being the section called “About Mandrake Linux”, with the front-cover texts being listed below, and with no Back-Cover Texts. A copy of the license is included in the GNU Free Documentation License section of the Everyday Applications Manual.

Front-cover texts:

MandrakeSoft September 2002
http://www.mandrakesoft.com/
Copyright © 1999,2000,2001,2002 by MandrakeSoft S.A. and MandrakeSoft Inc.

“Mandrake”, “Mandrake Linux” and “MandrakeSoft” are registered trademarks of MandrakeSoft S.A.; Linux is a registered trademark of Linus Torvalds; UNIX is a registered trademark of The Open Group in the United States and other countries. All other trademarks and copyrights are the property of their respective owners.

Tools Used in The Making of This Manual

This manual was written in XML DocBook. Borges was used to manage the set of files involved. The XML source files were processed by openjade and jadetex using Norman Walsh's custom stylesheets. Screen-shots were taken using xwd or GIMP and converted with convert (from the ImageMagick package). All this software is available on your Mandrake Linux distribution, and all parts of it are free software.

2002-09-19

Table of Contents

Preface
About Mandrake Linux
Contact Mandrake Community
Support Mandrake
Purchasing Mandrake Products
About this Server Reference Manual
Note From The Editor
Conventions Used in This Book
Typing Conventions
General Conventions
I. Common Services Configuration Wizards
1. Server Configuration Wizards
Foreword
DHCP Server
Domain Name Server
Adding a DNS Entry
Postfix server configuration
Samba Server Configuration
Web Server Configuration
FTP server configuration
News Server configuration
Proxy Server Configuration
Time Configuration
2. Configuring Masqueraded Clients
Linux Box
On-The-Fly Configuration
Permanent, Manual Configuration
Permanent, Automatic Configuration
Windows XP Box
Windows 95 or Windows 98 Box
Windows NT or Windows 2000 Box
DOS Box Using the NCSA Telnet Package
Windows for Workgroup 3.11
MacOS Box
MacOS 8/9
MacTCP
OS/2 Warp Box
II. In-Depth Configuration of Common Services
3. Internet/Intranet Web Server
Installation
Step-by-Step Configuration Example
Advanced Configuration
4. Postfix Mail Server
Installation
Step-by-Step Configuration Example
Advanced Configuration
5. Incoming Mail Server: POP And IMAP
Foreword
Installation
Step-by-Step Configuration Example
Advanced Configuration
6. Resource Sharing
Resource Sharing: Samba
How to Install
Step-by-Step Configuration Example
Advanced Configuration
Resource Sharing: FTP
Installation
Step-by-Step Configuration Example
Advanced Configuration
Resource Sharing: NFS
How to Install
Step-by-Step Configuration Example
How to Access The Exported Directory
7. MySQL Database Server
Getting Started
Creating a User For The Database
Creating a Database
Creating a Table
Managing Data in a Table
8. NIS Client And Server
Installation
Step-by-Step Configuration
NIS Server
NIS Client
Client Advanced Configuration
9. BIND DNS Server
Installation
Step-by-Step Configuration Example
Configuring The DNS
Recording Your Network's Computers
Starting The Service
Configuring The Client
Advanced Configuration
How to Debug
The rndc Command
Documentation
A Few More Options
III. Applied Theory
10. Security Under GNU/Linux
Preamble
Copyright Information
Introduction
Overview
Why Do we Need Security?
How Secure Is Secure?
What Are You Trying to Protect?
Developing a Security Policy
Means of Securing your Site
Organization of This Chapter
Physical Security
Computer Locks
BIOS Security
OpenBoot Security
Boot Loader Security
xlock and vlock
Security of Local Devices
Detecting Physical Security Compromises
Local Security
Creating New Accounts
Root Security
Files and File-System Security
umask Settings
File Permissions
Integrity Checking
Trojan Horses
Password Security and Encryption
PGP And Public-Key Cryptography
SSL, S-HTTP and S/MIME
IPSEC Implementations
ssh (Secure SHell) And stelnet
PAM - Pluggable Authentication Modules
Cryptographic IP Encapsulation (CIPE)
Kerberos
Crack and John the Ripper
CFS – Cryptographic File System And TCFS – Transparent Cryptographic File System
X11, SVGA And Display Security
Kernel Security
Kernel Compile Options
Kernel Devices
Network Security
Packet Sniffers
System Services and tcp_wrappers
Verify Your DNS Information
identd
Configuring And Securing The Postfix MTA
SATAN, ISS, And Other Network Scanners
Sendmail, qmail and MTA's
Denial of Service (DoS) Attacks
NFS (Network File System) Security
NIS (Network Information Service)
Firewalls
IP Chains – GNU/Linux Kernel 2.2.x Firewalling
Netfilter – Linux Kernel 2.4.x Firewalling
VPNs – Virtual Private Networks
Security Preparation (Before You Go On-Line)
Make a Full Backup of Your Computer
Choosing a Good Backup Schedule
Testing Your Backups
Backup Your RPM File Database
Keep Track of your System Accounting Data
Apply All New System Updates
What to Do During and After a Breaking
Security Compromise Underway
Security Compromise Has Already Happened
Security Sources
LinuxSecurity.com References
FTP Sites
Web Sites
Mailing Lists
Books – Printed Reading Material
Frequently Asked Questions
Conclusion
11. Networking Overview
Copyright
How to Use this Chapter
Conventions Used in this Document
General Information about Linux Networking
Linux Networking Resources
Where to Get some non Linux-Specific Network Information
Generic Network Configuration Information
What Do I Need to Start?
Routing
Ethernet Information
Supported Ethernet Cards
General Ethernet Information
Using 2 or More Ethernet Cards in The Same Machine
IP-Related Information
DNS
DHCP And DHCPD
Using Common PC Hardware
ISDN
PLIP
PPP
Other Network Technologies
ARCNet
Appletalk (AF_APPLETALK)
ATM
AX25 (AF_AX25)
DECNet
FDDI
Frame Relay
IPX (AF_IPX)
NetRom (AF_NETROM)
Rose Protocol (AF_ROSE)
Samba - NetBEUI, NetBios, CIFS Support
STRIP Support (Starmode Radio IP)
Token Ring
X.25
WaveLan Card
Cables and Cabling
Serial NULL Modem cable
Parallel Port Cable (PLIP Cable)
10base2 (Thin Coax) Ethernet Cabling
Twisted-Pair Ethernet Cable
A. GNU Free Documentation License
GNU Free Documentation License
0. PREAMBLE
1. APPLICABILITY AND DEFINITIONS
2. VERBATIM COPYING
3. COPYING IN QUANTITY
4. MODIFICATIONS
5. COMBINING DOCUMENTS
6. COLLECTIONS OF DOCUMENTS
7. AGGREGATION WITH INDEPENDENT WORKS
8. TRANSLATION
9. TERMINATION
10. FUTURE REVISIONS OF THIS LICENSE
How to use this License for your documents
B. Glossary
Index

List of Figures

1.1. An Example of an Internal Network
1.2. Accessing the Wizards through the Control Center
1.3. Choose the Range of Addresses Available via your DHCP Server
1.4. Enter the Addresses for the Name Servers
1.5. specify the name to associate to a static IP address
1.6. Enter your mail domain name
1.7. Enter the name of the SMTP server
1.8. Share files and printers?
1.9. Choose the work group for your shares
1.10. What name for your Samba server?
1.11. Where should your web server be visible from?
1.12. Where should your FTP server be visible from?
1.13. Which server do you want to fetch newsgroups from?
1.14. How often do you want to check for news?
1.15. Choose the Proxy Port
1.16. Choose the Cache Sizes
1.17. Select Access Control Policy
1.18. Restrict access to a particular subnetwork
1.19. Use an upper level proxy?
1.20. What method do you want for time synchronization?
1.21. Choose your time servers
2.1. Reconfiguring the Local Network with drakconnect
2.2. Setting up the Gateway with drakconnect
2.3. Setting up The Gateway with Windows XP
2.4. The Network Icon Under Windows 95
2.5. The Network Configuration Panel under Windows 95
2.6. The TCP/IP Configuration Panel under Windows 95
2.7. The Gateway Configuration Panel under Windows 95
2.8. The Protocol Configuration Panel under Windows NT
2.9. The Network Software Panel under Windows NT
2.10. The TCP/IP Configuration Panel under Windows NT
2.11. The DNS Configuration Panel under Windows NT
2.12. Accessing The TCP/IP Control Panel
2.13. Automatic Configuration of Internet Access For MacOS
2.14. Manual Configuration of Internet Access For MacOS
3.1. Webmin's Main Apache Module Screen
3.2. Apache' Default Server Configuration Screen
3.3. Document Options Section
3.4. Alias And Redirection Section
3.5. SSL Options Section
3.6. The Configuration Screen of Apache Processes
3.7. Directory Limitations Using .htaccess
4.1. Postfix Module's Start-Up Screen
4.2. Postfix's Main Configuration Screen
5.1. xinetd Module's Start-Up Screen
5.2. POP3 Configuration Module
6.1. The Samba Module's Main Window
6.2. Configuring The Common Networking Options
6.3. Setting The Authentication Method
6.4. Configuring Your Sharing Entries
6.5. WU-FTP's Main Configuration Page
6.6. Wu-FTP Banner And Messages
6.7. Anonymous FTP Configuration Page
6.8. Starting The NFS Configuration
6.9. Creating NFS Export
6.10. Creating NFS Mount Points
6.11. Configuring NFS Mount Point
7.1. Creating a MySQL User
7.2. Creating a MySQL Database
7.3. Creating a MySQL Table
7.4. Modifying a MySQL Table
7.5. Managing Your Data
8.1. NIS Server
8.2. NIS Client
9.1. Files And Directories
9.2. Creating a Forward Master Zone
9.3. Creating a Reverse Master Zone
9.4. Adding Machine Names
9.5. Starting Bind
9.6. Apply Changes to Bind
9.7. Configuring The Client
9.8. The BIND 9 Administrator Reference Manual Through Webmin
11.1. A Dynamic Routing Example
11.2. The NULL-Modem Cabling
11.3. 10base2 Ethernet Cabling

List of Tables

11.1. Reserved Private Network Allocations
   Next
   Preface
Hosted by Internet News Unlimited