Linux Patch Management: Keeping Linux Systems Up To Date

Linux is built for networking. The code associated with many standard networking services is integrated into the Linux kernel. A basic understanding of the functionality of standard Linux networking services is essential. Many themes throughout this book assume that you already understand the purposes of network communication protocols, mail services, host name and IP address management, Web services, and more.

In Red Hat Enterprise Linux, network services are often installed separately. Some include different packages for clients and servers. Some network services are activated through /etc/xinetd.conf, which reads activation files in the /etc/xinetd.d directory. Others are activated directly with scripts in the /etc/init.d directory. Some key RHEL network services are briefly examined in the following sections.

Network File System, Locally and Remotely

The first network system on Unix and Linux computers is NFS. Ideally, this leads to a seamless Linux interface; for example, you can set up one /home directory for all users on your network on one server. Remember that you need NFS on both server and client computers on your network.

First, make sure NFS support is part of the kernel, as documented in /proc/ filesystems. If it isn't there, you may need to activate the nfs and related modules (nfsd, lockd, sunprc) in the kernel. Inspect installed modules with the following command:

# lsmod | more

Make a list of the modules that aren't included in the list. Run a modprobe command (for example, modprobe nfs) on any missing modules. With a standard Red Hat Enterprise Linux installation, this should add the modules to the lsmod list, and then add them to the kernel, as listed in /proc/filesystems.

Once you've shared an NFS directory, you can then activate the NFS daemon with the service nfs start command. You'll see an example of sharing the Red Hat Enterprise Linux installation files through NFS in Chapter 2.

Once NFS is configured, you can find shared directories on the server's /etc/exports file, and then mount them with a command similar to the following:

# mount -t nfs nfsserver:/home /mhome

For more information on NFS, see Chapter 10.

sendmail and Postfix

Some people suggest that sendmail is the biggest test (or perhaps headache) for Linux system administrators. While the sendmail configuration files, sendmail.cf and submit.cf, are complex, they should not be intimidating. With the help of the corresponding .mc files, it's easier to define the features you want, the protocols you need, and the way mail is sent and received on your network.

More information on sendmail and the alternative Postfix mail server is available in Chapter 12.

POP, IMAP

The Post Office Protocol (POP) and the Internet Mail Access Protocol (IMAP) each provide a set of rules for delivering e-mail from a server such as sendmail to an e-mail client such as Netscape, mutt, or pine. While POP3 is the current standard for e-mail that is sent to clients, IMAP4 is more flexible for users such as those who access their mail using different computers. POP3 and IMAP4 configuration, using the Dovecot service, is addressed in Chapter 12.

File Transfer Protocol (FTP)

Perhaps the most basic file sharing protocol still in common use is the File Transfer Protocol (FTP). It is set up specifically for file transfers; you might already know that file transfers using FTP are generally faster than those with any other protocol.

As with NFS and Samba, this protocol requires a server and a client. FTP servers can be anonymous, which means they accept connections from anyone, or they can be configured to require a specific username and password. Generally, Linux FTP servers share files from the /var/ftp directory. Red Hat Enterprise Linux now comes with the Very Secure FTP daemon (vsFTPd) as the only FTP server.

The original FTP client works from the command line. Most Linux navigational commands work for FTP; just remember that the get and put commands download and upload specific files. FTP is covered in more detail in Chapter 10.

Domain Name Service (DNS)

If there were a practical way to list all of the domain names and IP addresses of every Web site on the Internet in a single file, we would not need the Domain Name Service (DNS). The DNS system allows us to set up different parts of this database on different servers around the world. If a DNS server does not have the answer, you can configure it to ask other DNS servers for help. DNS is covered in more detail in Chapter 11.

Dynamic Host Configuration Protocol (DHCP)

IP version 4 addresses are scarce. The Dynamic Host Configuration Protocol (DHCP) was designed to help ration IP addresses. A DHCP server leases a specific IP address to a computer network card for a limited, but renewable, amount of time. DHCP servers can lease IP addresses on different LANs using the BOOTP protocol. More information on setting up DHCP clients and servers is available in Chapter 13.

Samba

The network system originally developed for networks with Microsoft and IBM computers is based on the Server Message Block (SMB) format. Developers originally created Samba to allow Linux to communicate in the SMB format, to participate in Microsoft Windows Workgroups and Domains. It can share files just like any other peer in a workgroup. It can act as a server. Current versions of Samba can even be configured as a Windows NT-style Primary Domain Controller or an Active Directory Services member server on a Windows 2000/XP/2003/Vista-based network.

As Microsoft has moved beyond SMB to the Common Internet File System (CIFS), Samba has evolved as well. To this end, future versions of Samba (starting hopefully with version 4.0) will be able to act as Active Directory Domain Controllers.

Separate packages are available to set up your Linux computer as a Samba client and as a Samba server. Once shares are configured in /etc/samba/smb.conf, other Samba-enabled Linux clients can mount these directories with a command similar to the following:

# mount -t cifs -o username=user //servername/sharename /mountpoint

But that command is generally limited to the root user. You can also set up the mount.cifs command to allow regular users to mount shared Samba directories. Samba and the associated configuration tools are discussed extensively in Chapter 10.

Web Services

Apache is by far the most popular Web server in use on the Internet. It's a standard part of the Red Hat Enterprise Linux server installation. The main configuration file is /etc/httpd/conf/httpd.conf. Configuration is based on an extensive array of modules in the /etc/httpd directory. Basic HTML files, icons, and CGI applets are installed in the /var/www directory. The main Apache log files are part of the /var/log/httpd directory. Daily log files for the largest Web sites can grow into the gigabyte range. Apache is covered in more detail in Chapter 9.

A substantial number of other Web servers are available for Red Hat Enterprise Linux, such as Sun's iPlanet and Zeus's Web Server.

Network Information Service (NIS)

The Network Information Service (NIS) was formerly known as the "yellow pages," as it is a centralized database of usernames and passwords on a network with Linux and other Unix-style computers. NIS can be configured as a centralized database for a number of other configuration files in the /etc directory. Anything that can standardize the configuration of different computers on a network helps the system administrator. For more information on NIS, see Chapter 6.

The Extended Internet Services Daemon (xinetd)

Several less frequently used networking services do not use their own daemons but are configured as part of the Extended Internet Services Daemon, also known as xinetd. You can review installed xinetd services in the /etc/xinetd.d directory. If installed, you'll see services such as rsync, time, swat, and the Kerberos-based Telnet in that directory. All are controlled by the /etc/init.d/xinetd script, using defaults defined in the script and in /etc/xinetd.conf.

Other Linux distributions may configure additional services in this directory. For example, SUSE Linux includes the vsFTPd service in /etc/xinetd.d.

Категории