Beruflich Dokumente
Kultur Dokumente
Lorem ipsum dolor sit amet, consetetur sadipscing elitr, sed diam
nonumy eirmod tempor invidunt ut labore et dolore magna aliquyam
et ea rebum.
Lorem ipsum dolor sit amet, consetetur sadipscing elitr, sed diam
nonumy eirmod tempor invidunt ut labore et dolore magna aliquyam
et ea rebum.
DISCUSSION
Lorem ipsum dolor sit amet, consetetur sadipscing elitr, sed diam
nonumy eirmod tempor invidunt ut labore et dolore magna aliquyam
AND REVISION
et ea rebum.
CLASS
Lorem ipsum dolor sit amet, consetetur sadipscing elitr, sed diam
nonumy eirmod tempor invidunt ut labore et dolore magna aliquyam
et ea rebum.
SYAHRIZAL SHAFIE
System Administration
Definition
A system administrator, or sysadmin, is a
person employed to maintain, and operate a
computer system (sometimes also network).
Duties of a S.A
Troubleshooting and
Maintenance
Planned downtime
is the time for scheduled maintenance and upgrade
during which a system cannot be used for normal
productive operations. This time is used for a variety of
purposes so that a system can function optimally and
reliably.
Hardware maintenance
Upgrades to new releases application components,
database, or operating system
Database reorganization
Database backup
Company Proprietary and Confidential
Unplanned Downtime
Unplanned downtime is the time during which a system
cannot be used for normal productive operations due to
unforeseen failure in hardware or software components,
or operator mistakes.
Unplanned downtime can be extremely costly to an
organization. The source of unplanned downtime:
Front-end and middleware services for connection to the
web.
Underlying hardware and software services, such as the
database services, network and operating system
services, and hardware services, including servers,
disks, memory, and uninterruptible power supply (UPS).
Company Proprietary and Confidential
What is Linux?
Free Software
The Free Software Foundation developed four essential
freedoms:
The freedom to run the program, for any purpose (freedom 0).
The freedom to study how the program works, and change it to
make it do what you wish (freedom 1).
The freedom to redistribute copies so you can help your neighbor
(freedom 2).
The freedom to distribute copies of your modified versions to others
(freedom 3). By doing this you can give the whole community a
chance to benefit from your changes.
Access to the source code is a precondition for freedom 1 and
freedom 3.
Distributions
Red Hat, Debian, Ubuntu SuSe,
Kernel
The kernel is the central part in most computer operating
systems because of its task, which is the management of
the system's resources and the communication between
hardware and software components.
The kernel's responsibilities include managing the
system's resources (the communication
between hardware and software components).
Kernel is always store on memory until computer is turn
off
Kernel image is not an executable kernel, but a
compress kernel image
Company Proprietary and Confidential
Architecture-Dependent Code
Hardware
Monolithic Kernel
Micro Kernel
In a simple way:
Monolithic Kernel (Macro Kernel): Kernel Image =
(Kernel Core+Kernel Services). When system boots up
entire services are loaded and resides in memory.
It is a single large processes running entirely in a single
address space. Example: Linux and Unix.
Micro kernel: Kernel Image = Kernel Core. Services are
build in to special modules which can be loaded and
unloaded as per need.
The kernel is broken down into separate processes,
known as servers. Some of the servers run in kernel
space and some run in user-space. All servers are kept
separate and run in different address spaces.
Booting sequence
The first 446 bytes are the primary boot loader, which
contains both executable code and error message text
The next sixty-four bytes are the partition table, which
contains a record for each of four partitions
The MBR ends with two bytes that are defined as the
magic number (0xAA55). The magic number serves as
a validation check of the MBR
Boot Loader
Runlevel
Runlevel
Changing Permissions
Changing Permissions
File/Directory Commands
Files Directories
cp Copy ls List contents
mv Move/Rename mv Move/Rename
rm Remove cd Change Dir
cat View all pwd Current Dir
more View page mkdir Create
less View page rm/rmdir Remove
/ (root)
bin sbin home etc boot root usr var dev lib
/etc/passwd File
Upon a successful installation, the contents of the
/etc/passwd file resemble the following:
root:x:0:0:root:/root:/bin/bash
bin:x:1:1:bin:/bin:
daemon:x:2:2:daemon:/sbin:
adm:x:3:4:adm:/var/adm:
lp:x:4:7:lp:/var/spool/lpd:
sync:x:5:0:sync:/sbin:/bin/sync
shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown
halt:x:7:0:halt:/sbin:/sbin/halt
mail:x:8:12:mail:/var/spool/mail:
news:x:9:13:news:/var/spool/news:
uucp:x:10:14:uucp:/var/spool/uucp:
operator:x:11:0:operator:/root:
games:x:12:100:games:/usr/games:
gopher:x:13:30:gopher:/usr/lib/gopher-data:
ftp:x:14:50:FTP User:/var/ftp:
nobody:x:99:99:Nobody:/:
xfs:x:43:43:X Font Server:/etc/X11/fs:/bin/false
apache:x:48:48:Apache:/var/www:/bin/false
named:x:25:25:Named:/var/named:/bin/false
gdm:x:42:42::/home/gdm:/bin/bash
rpcuser:x:29:29:RPC Service User:/var/lib/nfs:/bin/false
rpc:x:32:32:Portmapper RPC user:/:/bin/false
postgres:x:26:26:PostgreSQL Server:/var/lib/pgsql:/bin/bash
mailnull:x:47:47::/var/spool/mqueue:/dev/null
mysql:x:27:27:MySQL Server:/var/lib/mysql:/bin/bash
nscd:x:28:28:NSCD Daemon:/:/bin/false
pvm:x:24:24::/usr/share/pvm3:/bin/bash Company Proprietary and Confidential
squid:x:23:23::/var/spool/squid:/dev/null
Company Proprietary and Confidential
The /etc/passwd file PAGE 42
login_name:password:user_id:group_id:user info:home:shell
Note
Each entry in /etc/passwd must be on one line.
Each field within each user's entry is separated from the next by a colon.
Company Proprietary and Confidential
/etc/shadow File
The /etc/shadow password file looks similar to the following:
root:$1$d5.gDvSX$nyQhvBgUGbw0GcNTxAdKR1:11507:0:99999:7:::
bin:*:11458:0:99999:7:::
daemon:*:11458:0:99999:7:::
adm:*:11458:0:99999:7:::
lp:*:11458:0:99999:7:::
sync:*:11458:0:99999:7:::
shutdown:*:11458:0:99999:7:::
halt:*:11458:0:99999:7:::
mail:*:11458:0:99999:7:::
root:$1$d5X$nyQBgUGbw0GcNTxAdKR1:11507:0:99999:7:::
username:password:lastchg:min:max:warn:inactive:expire:flag
Graceful shutdown
Orderly or methodical shutdown of Linux
All Linux services are stopped
All data is written to disk
Kernel changes to run level 0 or 6
Graphical desktop
Use log out item on main menu of GNOME or
KDE
On servers or multiuser Linux systems
Only system administrator should be allowed
to shut down system
The Complete Guide to Linux System Administration 50 Company Proprietary and Confidential
Company Proprietary and Confidential
PAGE 51
7
Application
6
Application
Presentation (HTTP, SMTP, SSH)
5
Session
4
Border Router
Perimeter firewall
Internal firewall
Intrusion Detection System
Policies & Procedures & Audits
Authentication
Access ControlsCompany Proprietary and Confidential
Company Proprietary and Confidential
Attacking the Network PAGE 59
Border Router/Firewall
The Internet
De-Militarized
Zone
Commercial Network
WLAN
Private Network
Private Network
60
Company Proprietary and Confidential
Firewall Characteristics
61
Company Proprietary and Confidential
Firewall Characteristics
Service control
The type of Internet services that can be accessed
Direction control
Inbound or outbound
User control
Which user is attempting to access the service
Behavior control
e.g., Filter email to eliminate spam
62
Company Proprietary and Confidential
Components of Firewalls
Packet-filtering routers
Application-level gateways
Circuit-level gateways
(Bastion host)
63
Company Proprietary and Confidential
Packet-filtering Router
Packet-filtering Router
Applies a set of rules to each incoming IP
packet and then forwards or discards the
packet
Filter packets going in both directions
The packet filter is typically set up as a list of
rules based on matches to fields in the IP or
TCP header
Two default policies (discard or forward)
65
Company Proprietary and Confidential
Filters
Web Response
Illegal Dest IP Address
Web Request
Email Response
SSH Connect Request
DNS Request Web
Response
Ping Request
Email Response
FTP request
Microsoft NetBIOS Name Service
Email Connect Request
Telnet Request
68
Company Proprietary and Confidential
Packet-filtering Router
Advantages:
Simplicity
Transparency to users
High speed
Disadvantages:
Difficulty of setting up packet filter rules
Lack of Authentication
69
Company Proprietary and Confidential
Packet-filtering Router
70
Company Proprietary and Confidential
Application-level Gateway
71
Company Proprietary and Confidential
Application-level Gateway
Application-level Gateway
Also called proxy server
Acts as a relay of application-level traffic
72
Company Proprietary and Confidential
Application-level Gateway
Advantages:
Higher security than packet filters
Only need to check a few allowable applications
Easy to log and audit all incoming traffic
Disadvantages:
Additional processing overhead on each connection
(gateway as splice point)
73
Company Proprietary and Confidential
Application-level Gateway
74
Company Proprietary and Confidential
Circuit-level Gateway
75
Company Proprietary and Confidential
Circuit-level Gateway
Similar to Application-level Gateway
However
it typically relays TCP segments from one connection
to the other without examining the contents
Determines only which connections will be allowed
Typical usage is a situation in which the system
administrator trusts the internal users
76
Company Proprietary and Confidential
In other word
Korean custom
Circuit-level gateway only checks your
nationality
Application-level gateway checks your
baggage content in addition to your nationality
77
Company Proprietary and Confidential
78
Company Proprietary and Confidential
Bastion Host
serves as
application-level gateway
circuit-level gateway
both
79
Company Proprietary and Confidential
Bastion Host
Computer fortified
against attackers
Applications turned
off
Operating system
patched
Security configuration
tightened
Separate Zones
Internet
Screening Router
Device
IDS
Screened Firewall
Host Demilitarized Zone
With Proxy
Interface External VPN
IDS Web E-Commerce
DNS Server Server
Protected
Internal
Network
Zone
Firewall Policies
Protected Network
This shows 3 services provided by a university, as well as the sensitivity and roles that
normally access this information. We would not want to put the public web pages in the
Company Proprietary and Confidential
same network zone with Grades, for example.
Company Proprietary and Confidential
Protecting the Network PAGE 86
The Internet
De-Militarized
Zone
Bastion Hosts
TIME..