Referencing Network Services

This section contains the quick reference information related to Red Hat Linux network services. The table listing these services (Table C-1) contains the following information:

Feature:???What type of service is it?
Package names:???What software packages must be installed to use the service?
Start-up scripts:???Which start-up scripts launch the service?
Daemon:???What daemon process is running to provide the service?
Configuration files:???What configuration files can you modify to tailor the service to your specific needs?

The descriptions following the table provide additional information about the service. That information includes whether or not the service is started by default and where you can find more information about the service.

Note?

When the xinetd daemon is noted as the start-up script, the daemon process to which the service is handed off is also noted.

The following sections provide some additional information about the services described in Table C-1.

Web server

In most cases, you use the apache software package to create a Web server in Red Hat Linux. If apache is installed, you must turn on the service to use it (as root user, type chkconfig httpd on). Start-up will fail unless you have a valid name (and IP address) for your Web server. To define a server name, add a ServerName entry to the httpd.conf file and restart the service.

Users who can access your system from the network will be able to view the contents of the /var/www/html directory. Replace the index.html file and add your own content. If the httpd-manual package is installed, /var/www/manual contains the apache manual.

Cross-Reference?

See Chapter 21 for information on configuring an Apache Web server.

An alternative to apache is the TUX HTTP server. TUX is a high-performance Web server. The entire protocol stack for TUX runs in the Linux kernel. Configure TUX in the /etc/sysconfig/tux file. The TUX service is off by default. To turn it on, type chkconfig tux on and it will start the next time you start your computer. It will offer the same content that apache does (from the /var/www/html directory).

File servers

File services in Red Hat Linux can be provided using FTP servers, Samba (Windows) servers, Network File System (NFS) servers, and NetWare servers. The following sections describe each of these.

FTP servers

The Very Secure FTP daemon (vsftpd) package was designed from scratch to be very scalable and fast. It is geared toward FTP sites that require support for lots of simultaneous users. Configure vsftpd by editing the /etc/vsftpd.conf and /etc/vsftpd.user_list files. The vsftpd package shares the /var/ftp directory structure and listens on port 21 for service requests.

To turn on FTP service, type the following (as root user):

# chkconfig --list vsftpd

Cross-Reference?

See Chapter 20 for information on how to configure the vsftpd FTP server.

Note?

An FTP server with Kerberos 5 support is also included with Red Hat Linux. The krb5-workstation package contains the ftpd daemon that includes Kerberos 5 support. The wu-ftp FTP server software is no longer in the Red Hat Linux distribution.

Samba server

The Samba server software supports the Server Message Block (SMB) file- and printer-sharing protocol. SMB is most often used to share resources on local networks consisting of computers running Microsoft Windows. You would not typically share SMB files and printers over a public network, such as the Internet.

Samba services are off by default in Red Hat Linux. To have Samba start automatically when you boot your computer, simply type chkconfig smb on as the root user.

In order for Samba to be useful, edit the Samba configuration file, /etc/samba/smb.conf. An easy way to configure this file is with the Samba Server Configuration window (described in Chapter 18).

Cross-Reference?

For more information about configuring Samba, see Chapters 17 and 18.

Netatalk server

The Netatalk server software lets Linux act as an AppleTalk server for Macintosh computers. To use netatalk, you must install the netatalk package and turn on the service by typing chkconfig atalk on. Configuration is done from files in the /etc/atalk directory.

Cross-Reference?

See Chapter 26 for information on setting up netatalk.

NetWare server

NetWare is an operating system from Novell, Inc. that provides dedicated file and print services to network users. The mars-nwe package that comes with Red Hat Linux lets you set up your computer to emulate a NetWare file server.

Cross-Reference?

Information on setting up NetWare services in Red Hat Linux is provided in Chapter 18.

By default, NetWare file and print services are off in Red Hat Linux. To turn them on, type chkconfig on mars_nwe. To make the service usable, you must edit /etc/nwserv.conf.

Login servers

A variety of login servers are available for use with Red Hat Linux. Both telnet and rlogin services can be used to allow users from other computers to log in to Red Hat Linux from the network. These days, however, ssh is the preferred login service. For most of these services, you need to remember to allow access to that service from your firewall.

If the telnet-server package is installed, the telnet service is off by default. If telnet is enabled, the xinetd daemon passes all requests for telnet service (by default, port 23) to the in.telnetd daemon to present the telnet login prompt. Once it is on, only users with real logins to the computer can log in to the computer — anonymous users are not supported. Users who log in using telnet are presented with a shell interface for accessing the computer.

Red Hat Linux also includes login daemons that provide Kerberos 5 support. Kerberos 5 provides a higher level of security than is available with other login servers. Kerberos 5–enabled login servers include Klogin (Kerberos 5) and EKlogin (Kerberos 5 with encryption).

The rlogin service has been available for UNIX systems for a long time, though it is generally less secure than the other login services described here. The rlogin service is off by default on your Red Hat Linux system.

A newer addition to the login servers available with Red Hat Linux is the OpenSSH server. This service is on by default. To access this service, use applications that come with the openssh-client software package, such as the ssh, sftp, and slogin remote login commands. Many Linux administrators use OpenSSH tools, as opposed to older remote login tools such as rlogin and telnet because OpenSSH is believed to be more secure.

Caution?

Not only is the SSH service on by default, but unlike other login services, it will allow root login over the network. If you are uncomfortable with that, you should change the PermitRootLogin yes line in the /etc/ssh/sshd_config file as follows:

PermitRootLogin no

E-mail servers

The most common protocols used to download e-mail from a mail server to a client workstation are Post Office Protocol (POP) and Internet Message Protocol (IMAP). If you configure Red Hat Linux as your mail server, you can configure several different POP and IMAP daemons that can allow users to download e-mail to their workstations.

By default, all POP or IMAP services are off. Choose the POP or IMAP server you would like to use from those provided in the e-mail reader servers listing in Table C-1. To turn on that service, simply change the file in /etc/xinet.d associated with that service so that the disable = yes entry is changed to disable = no. Then restart the xinetd daemon.

The default mail-transfer agent that comes with Red Hat Linux is called sendmail. If sendmail software is installed, the sendmail service is started automatically. However, you must configure various files in the /etc/mail directory for the service to work beyond the localhost.

Postfix is an alternative to sendmail. Using the alternatives feature (described earlier in this appendix and in Ch. 10), you can easily make one or the other your default mail-transfer agent. Configuration files for postfix are located in the /etc/postfix directory. Also make sure that you turn sendmail off (chkconfig sendmail off) and turn postfix on (chkconfig postfix on).

Cross-Reference?

Chapter 19 contains details on how to configure sendmail and postfix.

The comsat service can be turned on to check when e-mail arrives in users' mailboxes in Red Hat Linux. Though comsat is off by default, if you turn it on you can use the biff or xbiff commands to alert users when e-mail arrives in their mailboxes. To turn comsat on, simply edit the comsat file in /etc/xinet.d to change the disable = yes entry to disable = no.

News server

Red Hat Linux comes with the Internet Network News Server (INN) software to let you set up a Red Hat Linux system as a news server. INN can provide your users access to thousands of Internet newsgroups.

By default, INN service is off in Red Hat Linux. To turn it on, type chkconfig inn on. To make the service usable, you must edit files in the /etc/news directory.

Caution?

Because a news server can potentially consume huge amounts of system resources, you must think carefully about how you configure it. See Chapter 22 for details about configuring INN.

Print servers

The Common UNIX Printing System (CUPS) print server software is included as the default printer software for the current release of Red Hat Linux. As an alternative, the LPR New Generation (LPRng) software is still available but is no longer provided with Red Hat Linux.

Cross-Reference?

Information on setting up printers can be found in Chapter 17.

The Common UNIX Printing System (CUPS) is a recently developed alternative to LPRng and other printing interfaces that were built on facilities originally designed for line printers in the 1970s. CUPS is based on the Internet Printing Protocol (RFC 2616). Although it is compatible with other UNIX/Linux print facilities, CUPS is intended to make it easier to support new printers, protocols, and other devices as they become available.

The CUPS server (cupsd) is set up to run by default. Because CUPS is configured to be used as the printing service by default, you should run the redhat-switch-printer command if you want LPRng as the default print service for your computer. Configuration files for CUPS are located in the /etc/cups directory.

Network administration servers

Some network servers offer services that monitor or configure network configurations. Several of these services, listed in Table C-1, are described below.

Table C-1: Quick Reference to Network Services

Network Time Protocol server

The Network Time Protocol (NTP) Server synchronizes time among computers on a network.

The Red Hat Linux firstboot process lets you turn on the ntp service. To further tune ntp, you must edit the /etc/ntp.conf file. The /etc/ntp.conf file contains information that identifies the addresses of synchronization sources and modes of operation. The /etc/ntp/keys file can be used to turn on authentication.

Portmap server

The portmap server translates Remote Procedure Call (RPC) numbers to TCP/IP and UDP port numbers. Certain network services, such as NFS (nfs) and Wall (rwalld), only work properly if this server is running. RPC numbers are stored in the /etc/rpc file.

SWAT

The Samba Web Administration Tool (SWAT) provides a Web-based interface for configuring Samba file and print services. Once properly configured, a Web browser can access the SWAT service (with a root user password). Although this is a well-tested interface, the Samba Server Configuration window is the preferred tool for configuring Samba in Red Hat Linux.

By default, the SWAT service is off in Red Hat Linux. To turn the service on, edit the /etc/xinetd.d/swat file and change the disable = yes entry to disable = no. This makes the service available to a Web browser on the local host that asks for port number 901 (for example, http://localhost:901). You can remove the line only_from = 127.0.0.1 to allow a Web browser from any computer that has access to your computer on the network to use SWAT. (Of course, a remote user would also need to know your root password.)

Arpwatch server

The Arpwatch service can be turned on to monitor Ethernet/IP activities on your network. Any potential problems (such as two different computers using the same IP address) are logged to the syslog facility (usually to the /var/log/messages file).

By default, the Arpwatch service is turned off. To turn it on, type chkconfig arpwatch on. You can check the /var/log/messages file to see if the Arpwatch services started successfully and watch for changes on your network.

Simple Network Management Protocol server

The Simple Network Management Protocol (SNMP) server lets your Red Hat Linux system listen for SNMP requests from the network. With this server running, other computers using SNMP tools can monitor the activities of your computer (based on configuration files set up on your system).

By default, SNMP is turned off. To turn it on, type chkconfig snmpd on and chkconfig snmptrapd on. SNMP configuration can be quite complex. Start by referring to the snmpd.conf man page (type man snmpd.conf). Refer to the net-snmp project site (http://net-snmp.sourceforge.net) for a tutorial and other information.

Information servers

By distributing such information as host names, user account information, and network addresses, an administrator can more easily manage groups of networked computers. Popular types of servers for managing network information include Network Information System (NIS), Dynamic Host Configuration Protocol (DHCP), and Lightweight Directory Access Protocol (LDAP).

Network Information System servers

Network Information System (NIS) is a software feature developed by Sun Microsystems to manage information needed to configure a group of UNIX (and now Linux) computers on a network. Using NIS, a group of computers can share common passwd, groups, hosts, and other configuration files.

By default, NIS services are off. You can turn on NIS services for your Linux computer as either an NIS client (using shared information) or an NIS server (distributing shared information). NIS client computers need to start the /etc/init.d/ypbind script and identify the NIS servers in the /etc/yp.conf file.

To use Red Hat Linux as an NIS server, you must gather up the configuration files you want to share, then start the /etc/init.d/ypserv script. The script runs the /usr/sbin/ypserv daemon, which takes care of the distribution of information to the NIS client computers.

Cross-Reference?

Chapter 23 describes the NIS client and server software.

Dynamic Host Configuration Protocol server

Instead of going to each computer on your local network and adding all the TCP/IP information they need in order to work (IP address, netmasks, gateways, and so on), you can configure Red Hat Linux as a Dynamic Host Configuration Protocol (DHCP) server to distribute that information. The client computer simply identifies the IP address of the DHCP server so that when the client starts up its network connection, the DHCP server automatically assigns its network address.

By default, DHCP is turned off. To turn it on, type chkconfig dhcpd on. Besides starting the service, you must also configure the /etc/dhcpd.conf file.

Cross-Reference?

Chapter 23 describes how to set up a DHCP server.

Lightweight Directory Access Protocol server

If your organization uses Lightweight Directory Access Protocol (LDAP) databases of information, running the LDAP server that comes with Red Hat Linux enables you to access those databases. Likewise, the LDAP server lets you use LDAP-enabled applications, such as Netscape Roaming Access and sendmail 8.

By default, the LDAP service is turned off. To turn it on, type chkconfig ldap on. In addition to running the start-up script, you must configure files in the /etc/ldap/ directory.

Domain Name System server

A Domain Name System (DNS) server is set up to translate host names to IP addresses on a TCP/IP network. Red Hat Linux can be configured as a DNS server using the named daemon.

By default, the DNS server is not configured to start automatically in Red Hat Linux. To start a DNS server, type chkconfig named on. In addition to starting the service, you must configure the /etc/named.conf file and configure zone files (in the /var/named directory).

Reverse Address Resolution Protocol server

The Reverse Address Resolution Protocol (RARP) daemon responds to requests from RARP clients that must obtain their own IP addresses. Today, RARP is not used very often.

By default, the RARP service is off. To start an RARP server, type chkconfig rarpd on. When requests come in for addresses, the /usr/sbin/rarpd daemon checks the /etc/ethers or NIS+ databases for addresses.

Database services

Database servers provide tools for accessing and managing databases of information. The Postgresql service uses the postmaster daemon to handle requests for its services. The MySQL server runs the mysqld daemon to handle access to its databases. These daemons are started from start-up scripts in /etc/init.d: postgresql and mysqld scripts, respectively.

Cross-Reference?

Chapter 24 describes how to set up a MySQL database server.

User services

Red Hat Linux can provide end users with a variety of network services. These services let users run remote programs, send messages in real time, and get information on active users.

Remote execution servers

Remote execution servers respond to requests from other computers to run commands on the local computer. Three remote execution service daemons are available with Red Hat Linux: Rsh, Rexec, and Kshell.

The Rsh service (/usr/sbin/in.rshd) accepts requests for remote execution requests that were initiated by the rsh command (from other Linux or UNIX systems). By default, the service is off. The host and/or user must be allowed access before remote execution is permitted. Access is configured in the /etc/hosts.equiv file or in the .rhosts file in each user's home directory.
The Rexec service (/usr/sbin/in.rexecd) accepts remote execution requests from the rexec command (from other Linux or UNIX systems). By default, the service is off. To allow remote execution, the user making the request must provide a valid user name and password.
The Kshell service (/usr/kerberos/sbin/kshd) receives remote execution requests from the rsh command. It uses Kerberos authentication and encryption, making it more secure than the alternative in.rshd daemon. By default, the service is off. However, if you turn it on (by editing the /etc/xinetd.d/kshell file and changing the disable = yes entry to disable = no), it takes precedence over the in.rshd daemon.

Cross-Reference?
Login commands for using login services are described in Chapter 16.

Talk server

Use the in.talk or in.ntalk servers to allow users to communicate using the talk command. The talk command lets users type messages back and forth in real time. The talk daemon handles requests on port 517, and the ntalk daemon handles requests on port 518.

Both services are turned off by default. To turn on either service, edit the /etc/xinetd.d/talk and/or /etc/xinetd.d/ntalk files and change the disable = yes entry to disable = no.

Finger server

The finger (/usr/sbin/in.fingerd) server lets people use the finger command to request information about active users on Linux or UNIX systems locally or over a network. This service is off by default. If the in.fingerd server accepts a request from a finger command, the output to the user who made the request looks something like the following:

[maple]
Login: jake                  Name: Jake W. Jones
Directory: /home/jake        Shell: /bin/bash
Last login Mon Oct 14 13:34 (PDT) on pts/2 from maple
Mail last read Mon Oct 14 12:10 2000 (PDT)

The output shows the user's login name, real name, home directory, and shell. It also shows when the user last logged in and accessed his or her e-mail.

Remote user identification

The rusers server (/usr/sbin/rpc.rusersd) allows users to query the system from a remote computer to list who is currently logged in to the Red Hat Linux system. The rusers command can be used to query the rpc.rusersd server.

By default, the rusers service is off. To start the server, type chkconfig rusersd on.

Write-to-All server

The Write-to-All (rwall) server (/user/sbin/rpc.rwalld) accepts requests to broadcast a text message to the screens of all users currently logged in to the Red Hat Linux or other UNIX system. The request is made with the rwall command.

By default, the rwall service is off. To start an rwall server, type chkconfig on rwalld.

Security services

Red Hat Linux provides some services to protect your local network from outside attacks. These services include system logging, virtual private network servers, and caching servers. The following sections describe those services.

System logging

Though not specifically a network service, the system-logging facility (sysklogd package) logs information and error messages from most of the network services (and other services) on your computer. The system-logging daemon (/sbin/syslogd) should be running at all times.

The syslogd daemon is, by default, started at all multi-user run levels (2, 3, 4, and 5). You can change what messages are logged or have logging messages directed to different files by reconfiguring the /etc/syslog.conf file. You can change options used by the syslogd daemon by editing the /etc/sysconfig/syslog file.

Virtual private network servers

By encrypting data that travels across public networks, a virtual private network (VPN) can provide a secure way for users to access your local network from remote locations. Red Hat Linux comes with the Crypto IP Encapsulation (CIPE) virtual private network software. By default, the CIPE daemon (/usr/sbin/ciped-cb) is not running. To configure CIPE, set up a VPN between two host systems that communicate over the Internet.

Proxy/caching server

The Squid server (/usr/sbin/squid) can be used as both a proxy server and a caching server. A proxy server can allow computers on your local network to communicate with the Internet by passing all requests through the proxy server. A caching server stores Web content that has been accessed by a local user on a computer that is physically closer to the user than the originating computer.

By default, the Squid server is off. To start the Squid server, type chkconfig squid on. You must also set up an /etc/squid/squid.conf file to identify who has access to the server and what services they can access.

Cross-Reference?

Chapter 16 provides details for configuring Squid.