Thursday, 28 November 2013

ELA_32_Service Management

Service Management: 

A Linux service is an application (or set of applications) that runs in the background waiting to be used, or carrying out essential tasks. I've already mentioned a couple of typical ones (Apache and MySQL). You will generally be unaware of services until you need them.

Let's start by looking at how the system is set up, and in particular at the directory /etc/rc.d. Here you will find either a set of files named rc.0, rc.1, rc.2, rc.3, rc.4, rc.5, and rc.6, or a set of directories named rc0.d, rc1.d, rc2.d, rc3.d, rc4.d, rc5.d, and rc6.d. You will also find a file named /etc/inittab. The system uses these files (and/or directories) to control the services to be started.

The boot process uses these parameters to identify the default runlevel and the files that will be used by that runlevel. In this example, runlevel 4 is the default and the scripts that define runlevel 4 can be found in /etc/rc.d/rc.4.

And what is a runlevel? You might assume that this refers to different levels that the system goes through during a boot up. Instead, think of the runlevel as the point at which the system is entered. Runlevel 1 is the most basic configuration (simple single user access using an text interface), while runlevel 5 is the most advanced (multi-user, networking, and a GUI front end). Runlevels 0 and 6 are used for halting and rebooting the system.

There are, however, differences between Linux distributions. For instance, Fedora uses runlevel 5 for X-based logins, whereas Slackware uses runlevel 4 to do the same job. Therefore, you should check your documentation before making any changes. This table shows a generic list of configurations (and some examples of different distros) taken from Linux - The Complete Reference (R.Peterson, Osbourne/McGraw-Hill).

Run Level    Generic                                                         Fedora Core       
0                 Halt                                 
                                Halt           
1                 Single-user mode               
                              Single-user mode   
2                 Basic multi-user mode (without networking)     User definable (Unused)
3                 Full (text based) multi-user mode        
            Multi-user mode
4                 Not used                   
                                      Not used
5                 Full (GUI based) multi-user mode         
            Full multi-user mode (with an X-based login screen)
6                 Reboot                       
                                     Reboot

Features:
 1. Start|Stop|Adjust runlevels of services
 2. Three tools are available
  a. 'chkconfig' - Shell
  b. 'ntsysv' - TUI
  c. 'system-config-services' - GUI

Tasks:
 1. 'chkconfig' - manages both: 'SYSV' & 'XINETD'
  a. 'cknconfig' - enumerates all services
  b. '--list vsftpd' - enumerates runlevel information for service 'vsftpd'
Note: '/etc/init.d' - services repository
  c. '--level 2345 vsftpd off'
  d. 'chkconfig vsftpd on | off' - synonym for run-levels 2-5
  e. 'chkconfig tftp on' enables XINETD-controlled service: 'tftp'
Note: XINETD-controlled services are automatically enabled | disabled by 'chkconfig'
Note: However, SYSV-controlled services are NOT automatically started | stopped
Note: Use 'service service_name start|stop' to control service

 2. 'ntsysv' - defaults to managing services in the current run-level
Manages both 'SYSV' and 'XINETD' services
  a. 'ntsysv --level 35' - influences ONLY the levels specified on the CLI
Note: 'ntsysv' will NOT change the other, unspecified, run-levels

 3. 'system-config-services' - GUI - Manages 'SYSV' and 'XINETD' services

ELA_31_LFTP

LFTP :

Description
LFTP is a sophisticated file transfer program with command line interface. It supports FTP, HTTP, FISH, SFTP, HTTPS and FTPS protocols. GNU Readline library is used for input.

Every operation in lftp is reliable, that is any non-fatal error is handled and the operation is retried automatically. So if downloading breaks, it will be restarted from the point automatically. Even if ftp server does not support REST command, lftp will try to retrieve the file from the very beginning until the file is transferred completely. This is useful for dynamic-ip machines which change their IP addresses quite often, and for sites with very bad internet connectivity.

If you exit lftp when some jobs are not finished yet, lftp will move itself to nohup mode in background. The same happens when you have a real modem hangup or when you close an xterm.

lftp has shell-like command syntax allowing you to launch several commands in parallel in background (&). It is also possible to group commands within () and execute them in background. All background jobs are executed in the same single process. You can bring a foreground job to background with ^Z (c-z) and back with command `wait' (or `fg' which is alias to `wait'). To list running jobs, use command `jobs'. Some commands allow redirecting their output (cat, ls, ...) to file or via pipe to external command. Commands can be executed conditionally based on termination status of previous command (&&, ||).

Features:

 1. Interactive (Shell-like) & Non-interactive modes
 2. Scriptable
 3. Serrvers supported: FTP, FTPS, SSH(SFTP), HTTP, etc.
 4. Mirroring of content: forward (download) & reverse (upload)
 5. Regular expressions
 6. Job Engine

Tasks:
 1. Use 'lftp' to connect to VSFTPD
  a. 'lftp localhost' && 'open -u mallik'
Note: LFTP batches authentication commands and submits when control-channel commands such as 'ls' are received
---- Connecting to localhost (127.0.0.1) port 21 - (no connection)
<--- 220 Welcome to HINDUX FTP service. - (traffic from server to client)
---> FEAT - (traffic from client to server)

 2. Use 'lftp' to connect and mirror content
  a. 'mirror temp*' - forward mirror - downloads content from server to client
  b. 'mirror -Rv *' - reverse mirror - puts content on server from client

 3. Run external commands with '!command'
  a. '!bash' - launches an instance of BASH SHELL from within 'lftp'
  b. 'exit' - returns to 'lftp'

 4. Test rate-limiting with 'vsftpd'
  a. 'local_max_rate=1000' - B/s (Bytes per second)

 5. Job Management - Backgrounging
  a. Use: 'CTRL-Z' to background jobs
  b. Use: 'jobs' to view progress of jobs
  c. 'fg job_num' to foreground a specific job

 6. Explore LFTP environment
  a. '/etc/lftp.conf' - system-wide config file

 7. Connect using 'lftp' to: SSH & HTTP servers
  a. 'lftp http://192.168.0.100/rhel6'
  b. 'lftp -u mallik sftp://192.168.0.100'
 

ELA_30_VSFTPD (Very Secure File Transfer Protocol Daemon) Configuration

Very Secure File Transfer Protocol Daemon (VSFTPD) Configuration:

About vsftpd
vsftpd is a GPL licensed FTP server for UNIX systems, including Linux. It is secure and extremely fast. It is stable. Don't take my word for it, though. Below, we will see evidence supporting all three assertions. We will also see a list of a few important sites which are happily using vsftpd. This demonstrates vsftpd is a mature and trusted solution.
Features
Despite being small for purposes of speed and security, many more complicated FTP setups are achievable with vsftpd! By no means an exclusive list, vsftpd will handle:

    Virtual IP configurations
    Virtual users
    Standalone or inetd operation
    Powerful per-user configurability
    Bandwidth throttling
    Per-source-IP configurability
    Per-source-IP limits
    IPv6
    Ananymous (default) and user-based FTP sessions
    SSL support (provided by SSH) no need for VSFTPD
    Does not permit 'root' or 'service accounts' access by default
    Does not currently support IPv4 & IPv6 simultaneously with the same daemon
    Encryption support through SSL integration  etc...

Online source / docs
Browse vsftpd's online source tree - including documentation. In particular, note the content of the EXAMPLE subdirectory. Also, here is an HTML version of the manual page which lists all vsftpd config options.

Steps:
1. Install vsftpd
yum install vsftpd

2. Enable vsftpd service
chkconfig vsftpd on

3. Start vsftpd service
service vsftpd start

4. Check ftp port
netstat -ntl | grep 21

5. Test ftp server access
FTP server is running and anonymous access is enabled by default

6. Disable anonymous access
Edit /etc/vsftd/vsftpd.conf
anonymous_enable=NO

7. Enable dual logging
dual_log_enable=YES
It created /var/log/vsftpd.log file which uses vsftpd log format

8. Enable server time for display of files and directories
use_localtime=YES

Tasks:
 1. Install using 'yum'
 2. Enable vsftpd in multi-user runlevels
  a. 'chkconfig vsftpd on'
 3. 'service vsftpd start'
 4. Disable Anonymous access
 5. Test local user access and update SELinux configuration
  a. 'getsebool -a | grep ftp' - dumps FTP-related SELinux booleans
  b. 'setsebool -P ftp_home_dir=1'
Note: RHEL6 enables SELinux in 'enforcing' mode, requiring a slight change to the booleans to permit VSFTPD or any FTPD daemon to transition user into their: $HOME directory

 6. Enable Dual-Logging
  a. 'dual_log_enable=YES'
 7. Enable server time for display of files/directories
  a. 'use_localtime=YES'
Note: 'man vsftpd.conf' for useful directives that apply to your application