Linux Networking Video CBT LAB SERIES Linux Networking & Administration Video CBT Lab 23 Red Hat Cerified Technician (RHCT) & CompTIA Linux+ Preparatory Course Linux Networking & Administration: A complete Linux, Red Hat Certified Technician (RHCT) & CompTia Linux + Preparatory Course Fast Track CBT Video Lab Labs - 10 Page of 191 © Train Signal, Inc., 2002-2006 Page of 191 © Train Signal, Inc., 2002-2006 About the Author David Davis has been in the IT industry for 12 years Currently, he manages a group of systems/network administrators for a privately owned retail company and also authors ITrelated material in his spare time He has written over fifty articles, eight practice tests and has co-authored one book His certifications include: IBM Certified Professional-AIX Support, MCSE + Internet, Sun Certified Solaris Admin (SCSA), Certified Information Systems Security Professional (CISSP), Certified Ethical Hacker (CEH), Certified Wireless Network Administrator (CWNA), Cisco CCNA, CCDA, CCNP and CCIE #9369 Train Signal, Inc 400 West Dundee Road Suite #106 Buffalo Grove, IL 60089 Phone – (888) 229-5055 or (847) 229-8780 Fax – (847) 229-8760 www.trainsignal.com Copyright and other Intellectual Property Information © Train Signal, Inc., 2002-2005 All rights are reserved No part of this publication, including written work, videos and on-screen demonstrations (together called “the Information” or “THE INFORMATION”) may be reproduced or distributed in any form or by any means without the prior written permission of the copyright holder Products and company names, including but not limited to, Microsoft, Novell and Cisco, are the trademarks, registered trademarks and service marks of their respective owners Page of 191 © Train Signal, Inc., 2002-2006 Disclaimer and Limitation of Liability Although the publishers and authors of the Information have made every effort to ensure that the information within it was correct at the time of publication, the publishers and the authors not assume and hereby disclaim any liability to any party for any loss or damage caused by errors, omissions, or misleading information TRAIN SIGNAL, INC PROVIDES THE INFORMATION "AS-IS." NEITHER TRAIN SIGNAL, INC NOR ANY OF ITS SUPPLIERS MAKES ANY WARRANTY OF ANY KIND, EXPRESS OR IMPLIED TRAIN SIGNAL, INC AND ITS SUPPLIERS SPECIFICALLY DISCLAIM THE IMPLIED WARRANTIES OF TITLE, NONINFRINGEMENT, MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE THERE IS NO WARRANTY OR GUARANTEE THAT THE OPERATION OF THE INFORMATION WILL BE UNINTERRUPTED, ERROR-FREE, VIRUSFREE, OR THAT THE INFORMATION WILL MEET ANY PARTICULAR CRITERIA OF PERFORMANCE OR QUALITY YOU ASSUME THE ENTIRE RISK OF SELECTION, INSTALLATION AND USE OF THE INFORMATION IN NO EVENT AND UNDER NO LEGAL THEORY, INCLUDING WITHOUT LIMITATION, TORT, CONTRACT, OR STRICT PRODUCTS LIABILITY, SHALL TRAIN SIGNAL, INC OR ANY OF ITS SUPPLIERS BE LIABLE TO YOU OR ANY OTHER PERSON FOR ANY INDIRECT, SPECIAL, INCIDENTAL, OR CONSEQUENTIAL DAMAGES OF ANY KIND, INCLUDING WITHOUT LIMITATION, DAMAGES FOR LOSS OF GOODWILL, WORK STOPPAGE, COMPUTER MALFUNCTION, OR ANY OTHER KIND OF DAMAGE, EVEN IF TRAIN SIGNAL, INC HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES IN NO EVENT SHALL TRAIN SIGNAL, INC BE LIABLE FOR DAMAGES IN EXCESS OF TRAIN SIGNAL, INC.'S LIST PRICE FOR THE INFORMATION To the extent that this Limitation is inconsistent with the locality where you use the Software, the Limitation shall be deemed to be modified consistent with such local law Choice of Law: You agree that any and all claims, suits or other disputes arising from your use of the Information shall be determined in accordance with the laws of the State of Illinois, in the event Train Signal, Inc is made a party thereto You agree to submit to the jurisdiction of the state and federal courts in Cook County, Illinois for all actions, whether in contract or in tort, arising from your use or purchase of the Information Page of 191 © Train Signal, Inc., 2002-2006 TABLE OF CONTENTS INTRODUCTION LAB SETUP SETTING UP THE LAB 10 COMPUTER 12 COMPUTER 12 LAB SCENARIO 14 LAB 15 SELECT THE VERSION OF LINUX TO USE 16 DOWNLOAD AND CREATE CD MEDIA 17 INSTALLING FEDORA LINUX 20 LAB 35 LAB SCENARIO 36 INSTALLING DNS 37 CONFIGURING LINUX DNS SERVER 40 LAB 55 LAB SCENARIO 56 INSTALLING LINUX DHCP SERVER 57 CONFIGURING LINUX DHCP SERVER 59 TEST LINUX DHCP SERVER WITH WINDOWS CLIENT 64 LAB 69 LAB SCENARIO 70 CONFIGURING SAMBA 71 TESTING SAMBA 80 LAB 85 LAB SCENARIO 86 START APACHE WEB SERVER AND SET TO START AUTOMATICALLY 87 CONFIGURE APACHE AND CREATE A NEW VIRTUAL SERVER 91 TESTING THE NEW VIRTUAL SERVER 103 LAB 104 LAB SCENARIO 105 ADDING LINUX USERS AND GROUPS 106 SETTING PERMISSIONS ON FILES AND FOLDERS 111 TESTING LINUX SECURITY 117 Page of 191 © Train Signal, Inc., 2002-2006 LAB 132 LAB SCENARIO 133 CREATING A SPREADSHEET WITH OPENOFFICE CALC 134 CREATING A DOCUMENT WITH OPENOFFICE WRITER 138 TEST SHARING A FILE BETWEEN MS WORD AND OPENOFFICE WRITER 139 LAB 146 LAB SCENARIO 147 INSTALLING KDAR 148 PERFORMING A BACKUP WITH KDAR 162 RESTORING A FILE WITH KDAR 168 LAB 171 LAB SCENARIO 172 USING YUM 173 INSTALLING YUMEX (YUM GUI INTERFACE) 174 USING YUMEX TO PERFORM AN UPDATE 176 LAB 10 183 LAB SCENARIO 184 CONFIGURING THE FTP SERVER 185 STARTING THE FTP SERVER 188 TESTING OUR FTP SERVER CONFIGURATION 189 Page of 191 © Train Signal, Inc., 2002-2006 Introduction Welcome to Train Signal! This series of labs on Red Hat Linux is designed to give you detailed, hands-on experience of working with the Linux Operating System Train Signal’s Audio-Visual Lab courses are targeted towards the serious learner, those who want to know more than just the answers to the test questions We have gone to great lengths to make this series appealing to both those who are seeking the Red Hat Certified Technician (RHCT) or Linux+ certifications and to those who want an excellent overall knowledge of the Linux Operating System Each of our courses puts you in the driver’s seat, working for different fictitious companies, deploying complex configurations and then modifying them as your company grows They are not designed to be a “cookbook lab,” where you follow the steps of the “recipe” until you have completed the lab and have learned nothing Instead, you recommend that you perform each step and then analyze the results of your actions in detail To complete these labs yourself, you will need two computers equipped as described in the Lab Setup section You also need to have a foundation in Networking and TCP/IP concepts You should be comfortable with navigating through a graphical operating system Basic networking skills will also be very helpful These labs will start from a default installation of Red Hat Linux From there, you will be run through the basic configurations and settings for a variety of standard Linux services and applications It is very important that you follow these guidelines exactly, in order to get the best results from this course The course also includes a CD-ROM that features an audio-visual walk-through of all of the labs in the course In the walk-through, you will be shown all of the details from start to finish on each step, for every lab in the course During the instruction, you will also benefit from live training that discusses the current topic in great detail, making you aware of many of the associated fine points Thanks for choosing Train Signal! Scott Skinger Owner Train Signal, Inc Page of 191 © Train Signal, Inc., 2002-2006 Page of 191 © Train Signal, Inc., 2002-2006 Lab Setup Page of 191 © Train Signal, Inc., 2002-2006 Now that we have Yumex up and running, let’s update a common Linux application – the Firefox web browser To this, let’s first see what version of Firefox we are running right now Open Firefox by clicking on the globe on the toolbar, like this: Once Firefox starts go to the Firefox toolbar and click on Help Æ About Mozilla Firefox You’ll see the following window appear Notice that the version number is in two places You should see that you have Firefox 1.5.0.1 Click OK on the Firefox version info and click X to close Firefox Page 177 of 191 © Train Signal, Inc., 2002-2006 Now, using Yumex, let’s see if there is an upgrade available Inside Yumex, with the update button selected on the left, type Firefox in the Search box then press Enter or click Search You’ll find that there is one Firefox update package available and that it is version 1.5.0.2, for Fedora Core Check the checkbox next to Firefox Click Add to Queue Page 178 of 191 © Train Signal, Inc., 2002-2006 Click on the Queue button on the left Click Process Queue Yumex will confirm the package that you want to install Click OK Page 179 of 191 © Train Signal, Inc., 2002-2006 The Firefox update will be downloaded Note that, at the time that you are doing this lab, there may be newer Firefox updates Feel free to perform whatever Firefox update is available at that time When complete you will see the log of the download and install in the window Assuming everything worked, you will see the message below, that the update completed OK Click OK When done the package repositories may be updated When complete, close out Yumex by clicking the X in the top right-hand corner Page 180 of 191 © Train Signal, Inc., 2002-2006 10 Now, let’s see which version of Firefox you are using now Open Firefox again by clicking on the globe on top of the desktop Once Firefox starts go to the Firefox toolbar and click on Help Ỉ About Mozilla Firefox You’ll see the following window appear Notice that the version number has been updated from 1.5.0.1 to 1.5.0.2 The Firefox update using Yum & Yumex is completed and so is Lab Page 181 of 191 © Train Signal, Inc., 2002-2006 Page 182 of 191 © Train Signal, Inc., 2002-2006 Lab 10 Using Linux FTP Server You will learn how to: • Configure the FTP server • Start the FTP server • Test our FTP server configuration Page 183 of 191 © Train Signal, Inc., 2002-2006 Lab Scenario The Linux Fedora FTP Server is called vsftpd The VS stands for Very Secure The homepage for vsftpd is http://vsftpd.beasts.org/ One version (a compiled executable / binary) comes with Fedora The latest version will be found at their website However, you will most likely only find the source for vsftpd there and you would have to compile it yourself This is how it works for most Linux programs The source is freely available but creating the binary/executable by compiling it can be challenging sometimes In our case, we will use the version that comes with Fedora There is no GUI interface for the vsftpd server that comes with Fedora To configure it, you use the text files located in the /etc/vsftpd directory The most important of these is the vsftpd.conf file This is where most of the configuration takes place Note that vsftpd is not running by default and may or may not be installed Fortunately, we installed it when we installed the operating system however, we need to start the server Prior to starting it, we will configure it In the case of Big Sky Fishing Supply, they have the following security requirements for their FTP server: • • • • Anonymous login will not be allowed A FTP Banner that says “Welcome to the Big Sky Fishing Supply FTP server, Server1 Unauthorized login is prohibited” The only allowed users will be jchen and testuser No other users will be allowed The FTP server will be running now and when we reboot the server Page 184 of 191 © Train Signal, Inc., 2002-2006 Configuring the FTP server To configure the FTP server, begin by editing the /etc/vsftpd/vsftpd.conf configuration file Do this by first opening gedit by going to Applications Ỉ Accessories Ỉ Text Editor Once gedit is open, open the vsftpd configuration file by going to File Ỉ Open Browse to the file by clicking on Filesystem (on the left) Next, on the right, click etc, and then click vsftpd Scroll down, find the file vsftpd.conf, and then click on it Next, click Open Page 185 of 191 © Train Signal, Inc., 2002-2006 Of the things we need to configure here, the first is denying anonymous FTP login To this, find the line that says anonymous_enable=yes and change that to no So, it should read: anonymous_enable=NO Next on the list is the FTP banner Scroll down and find the line that says ftpd_banner Uncomment this line by removing the hash (or #) mark at the start of the line Now change the line to read: ftpd_banner=Welcome to the Big Sky Fishing Supply FTP server, Server1 Unauthorized login is prohibited For example: Page 186 of 191 © Train Signal, Inc., 2002-2006 Next, we need to find the userlist_enable setting Make sure this setting reads:userlist_enable=YES and it is not commented out Add the following setting below it: userlist_deny=NO Now we need to configure the list of users To this, click Save on the toolbar Now click on the Open icon on the toolbar Click on the user_list file on the right hand side and then click Open This is the list of users who can login to the FTP server Remove all users in this list and change it to read only: jchen and testuser For example: Now click Save, then close out the Text Editor with the X on the top right hand corner You have now successfully configured the FTP server Page 187 of 191 © Train Signal, Inc., 2002-2006 Starting the FTP server Now, let’s start the FTP server, just as we started other services on our Linux server To this, go to System Ỉ Administration Ỉ Server Settings Ỉ Services Scroll down the list of services (daemons) and find (at the bottom) vsftpd Check the checkbox next to it to enable it to start automatically Then right click on it and click Start Next, you’ll see the following message Click OK Save your configuration by clicking the Save button on the toolbar then close the services window by clicking X on the top right hand corner of the window The vsftpd server has been set to start automatically when the server starts and the vsftpd server is running Page 188 of 191 © Train Signal, Inc., 2002-2006 Testing our FTP server configuration Next, we need to test the configuration of our FTP server to make sure that everything we put into the configuration file really works Here is a list of the things we need to verify: • • • Anonymous login will not be allowed There is a FTP Banner that says “Welcome to the Big Sky Fishing Supply FTP server, Server1 Unauthorized login is prohibited” The only allowed user will be jchen and testuser No other users will be allowed We will test these settings from the Windows XP client, Client1, using the command-line FTP client We will this because it is the most flexible method On Client1, open a Windows command prompt by going to Start Ỉ Run and typing in cmd Click OK and your Windows command window and prompt will appear On the command prompt, type ftp server1 and press Enter You should see this: From the response you get from that, you should have successfully tested two things: • • That the server is running That the banner we configured worked Page 189 of 191 © Train Signal, Inc., 2002-2006 At the User prompt, type in anonymous and press Enter You should see this: This shows you that anonymous permission to login is denied This was something else we configured Now, try to login as user srandolp by typing user srandolp and press Enter You should see this: This shows that other regular users like srandolp cannot login to the system Now, can the users that we want to be able to login, login to the system? Let’s try Type user jchen and press Enter For the password, type Fishing123 and press Enter You should see this: From this, you know that one of the two users we configured to be able to use the FTP server can use it Page 190 of 191 © Train Signal, Inc., 2002-2006 Next, a couple of commands to make sure that this user can really see their home directory and what directory they are in Type ls –l and press Enter If prompted by Windows XP Firewall click Unblock Then type Pwd and press Enter You should see the file listing for your home directory and that you are in Jeff’s home directory /home/jchen Here is an example: Next, type quit and press Enter Now press the up-arrow to repeat your last command It should be: ftp server1 and press enter At the login prompt, type testuser for the username and press Enter At the password prompt, type bigskyfishing for the password and press Enter You should see that login was successful, like this: Type pwd to see which directory you are placed in You should be in /home/testuser You have now successfully tested all the configuration requirements for vsftpd and have successfully completed Lab 10 Page 191 of 191 © Train Signal, Inc., 2002-2006 ... continue without enabling the firewall Page 29 of 191 © Train Signal, Inc., 2002-2006 19 You are now asked about SeLinux (Security Enhanced Linux) SeLinux provides additional security over regular Linux. .. KIND OF DAMAGE, EVEN IF TRAIN SIGNAL, INC HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES IN NO EVENT SHALL TRAIN SIGNAL, INC BE LIABLE FOR DAMAGES IN EXCESS OF TRAIN SIGNAL, INC.'S LIST PRICE... 191 © Train Signal, Inc., 2002-2006 Introduction Welcome to Train Signal! This series of labs on Red Hat Linux is designed to give you detailed, hands-on experience of working with the Linux