Services

• Services are run by servers

• Each server is a long-lived process listening on a single port

• Each service has a default port and transport mechanism listed in /etc/services e.g. an HTTP server is a TCP service with default port 80

• Servers wait for requests and send replies. Some servers handle each request sequentially, others use multiple processes to handle each request concurrently (e.g. the Apache httpd server)

Starting/stopping services using SysV init

• Older distros use the SysV init mechanism to manage services

• This uses startup scripts from /etc/init.d linked to the runtime startup directory

• E.g. Apache would be started at boot time by /etc/rc5.d/S91httpd linked to /etc/init.d/httpd

• If a service startup script exists in /etc/init.d you can make the symbolic link yourself:

  ln -s /etc/init.d/httpd /etc/rc5.d/S91httpd
  	    

• You can start a service "by hand"

  /etc/init.d/httpd start
  	    

• You can stop a service "by hand"

  /etc/init.d/httpd stop
  	    

Systemd

• Systemd is used extensively by Fedora 16 and partly by Ubunt 11.10, and uses the service command

• service --status-all shows all running services

• Start a service by e.g. service httpd start

• Stop a service by e.g. service httpd stop

• Configuration files are in /lib/systemd/system/

Secure shell

• SSH is the secure shell protocol RFC 4251

• The main clients are ssh, scp and sftp

• The main server is sshd and most distros will have it and a startup script installed but not enabled at boot time

• E.g. in FC16 the server is /usr/sbin/sshd and the server is managed by systemd

• E.g. in Ubuntu 11.10 the server is /usr/sbin/sshd and the startup script is /etc/init.d/ssh

ssh client configuration

• The configuration files for SSH clients and server are in /etc/ssh

• The configuration file for the clients is /etc/ssh/ssh_config

• Usually you don't change that file

sshd server configuration

• The configuration file is /etc/ssh/sshd_config

• The configuration file includes

  • Default port 22

  • Server key files

  • Allow/disallow root logins

  • Log level

  • Allow/disallow X11 forwarding

• sshd will log activities to /var/log/auth.log

FTP

• File Transfer Protocol is described by RFC 959

• There are many servers: wu-ftpd, proftpd, pureftpd, vsftpd, ... See a list at Wikipedia

• vsftpd is preferred by Fedora and Ubuntu

vsftpd configuration

• There is a boot-time startup script /etc/init.d/vsftpd

• The configuration file is /etc/vsftpd.conf

• The configuration file includes

  • Allow anonymous FTP (no)

  • The log file (/var/log/vsftpd.log)

  • Allow/disallow anonymous file uploads (no)

• More info at Quick HOWTO : Ch15 : Linux FTP Server Setup

XINET

• Each service requires at least one process to handle client requests

• If there are many services which are idle most of the time, this is a waste of system resources

• The xinetd (Extended Internet Services Daemon) daemon looks after a set of ports, and calls an apropriate service when a client request arrives, replacing many processes with only one

• There is a boot-time startup script /etc/init.d/xinetd

• Each xinetd-controlled service has a configuration file in /etc/xinet.d

Telnet

• Insecure terminal emulation - use ssh instead

• Telnet is usually run by xinetd

• The xinetd configuration file /etc/xinet.d/telnet includes

  service telnet
  {
          disable         = yes
          socket_type     = stream
          protocol        = tcp
          user            = root
          wait            = no
  	flags           = REUSE
  	server          = /usr/sbin/in.telnetd
  	log_on_failure  += USERID
  }
  	    

• Ubuntu does not include this file, probably to make it harder for you to setup a telnet server

Rsync

• Rsync is a cool way of synchronising two file systems

• It compares two file systems and only copies across files that have changed

• Typical use: to synchronise and upload the lecture notes on my machine to cict:

  rsync -avz /home/httpd/html/boxhill/ict213/ cict.bhtafe.edu.au:/var/www/subjects/ict213/
  	    

• The rsync client can talk to any remote shell server such as sshd or rshd, or to an rsyncd server running standalone or under xinetd

HTTP

• HTTP version 1.1 is described by RFC 2616

• Clients include Firefox, Safari, IE, Konqueror, Lynx, Chrome, ...

• Servers include Apache, Lighttpd, IIS, nginx, ...

Apache configuration

• In FC16 configuration file is /etc/httpd/conf/httpd.conf

• In Ubuntu, files are /etc/apache2/apache2.conf and subdirectories

• The configuration file(s) includes

  • Server port (80)

  • Document root (/var/www/html)

  • User directories for ~user urls

  • Log files (/var/log/httpd/access_log and /var/log/httpd/error_log)

  • Internationalisation: character set, languages (UTF-8, English, ...)

• Many other advanced configuration options such as virtual hosting

Webmin

• Servers have a common structure for starting/stopping

• The syntax and semantics of configuration files is different for each server

• Different distros use different files, different structures

• Webmin gives a uniform web interface to lots of different services and configuration parameters

• You have to download webmin from http://webmin.com - it isn't on either Fedora or Ubuntu repositories

DHCP

• A DHCP server will supply IP addresses to clients

• A client requests an address for a NIC by e.g.

  dhclient eth0
  	    

• A Fedora server is dhcpd with configuration file /etc/dhcp/dhcpd.conf

• The server can specify the interface on the command line

  dhcpd eth0
  	    

DHCP server configuration

Parameters that can be set include

• domain name

• domain name servers

• default and maximum lease times

• For each subnet, the routers and the range of dynamic IP addresses

• Fixed IP addresses for particular MAC addresses

DHCP server example configuration

default-lease-time 600;
max-lease-time 7200;

# Set the subnet mask for the wireless IP network
option subnet-mask 255.255.255.0;

# Set the Broadcast address. This will be 10.x.x.255,
# the "x.x" will depend upon the network assigned to you by NZWireless.
option broadcast-address 10.1.2.255;

# Set the router address, this will be 10.x.x.1, the address
# of your wireless interface WLAN0
option routers 10.1.2.1;

# Set the Name Server address. This will be the same as your WLAN0 address
# because we intend to run DNS on this machine.
option domain-name-servers 10.1.2.1;

# Set the default domain name for clients on this network.
# i.e. the DNS domain assigned to you by your wireless administrator.
option domain-name "simon.akld.nzwireless.org";

# Allocate a network range for dynamic IP addresses to hand out to clients.
# Again, this range will be in 10.x.x.x, depending upon the network allocated
# to you by your wireless administrator.
subnet 10.1.2.0 netmask 255.255.255.0 {
    range 10.1.2.10 10.1.2.20;
}

# You can also assign specific IP addresses based on the clients'
# ethernet MAC address as follows (Host's name is "laser-printer":

host laser-printer {
    hardware ethernet 08:00:2b:4c:59:23;
    fixed-address 10.1.2.99;
}