Server

Administration
Module 3
Modules and Network Interfaces
● Network devices under Linux break the tradition of accessing all devices through
the file abstraction.
● In Linux, device drivers can be compiled into the kernel or built as modules.
● When a driver is compiled as a module, it is not loaded into memory until it is
specifically requested, which allows for better system resource management.
● Configuring a driver as a module means that it can be dynamically loaded and
unloaded from the kernel as needed.
● Auto-loading modules is a feature in Linux that allows the kernel to automatically
load the necessary modules when a corresponding device is detected or
requested by the system.
Modules and Network Interfaces
● When a device is detected or requested by the system, the kernel needs to know
which module to load to support that device.
● This mapping between device names and the corresponding modules is specified
in the /etc/modprobe.conf file. This file contains configuration directives for the
modprobe utility, which is responsible for managing kernel modules.
Modules and Network Interfaces
Eg : alias eth0 e1000

● The provided example demonstrates how to specify the mapping between a

device name (in this case, eth0) and the corresponding module to load.
● In the example, eth0 is identified as being associated with the Intel PRO/1000
network card, and the corresponding module to load is e1000, which is the device
driver for Intel PRO/1000 cards.
Network Device Configuration Utilities (ip and ifconfig)
● ifconfig and ip can be used for network interface configuration, ip is more
powerful, versatile, and actively maintained.

Common tasks with ifconfig include:

● Assigning an IP address to an interface: ifconfig eth0 <IP_ADDRESS>

● Bringing up an interface: ifconfig eth0 up
● Bringing down an interface: ifconfig eth0 down
● Displaying information about all interfaces: ifconfig -a
Network Device Configuration Utilities (ip and ifconfig)
common tasks with ip include:

● Assigning an IP address to an interface: ip addr add

<IP_ADDRESS>/<SUBNET_MASK> dev <INTERFACE>
● Bringing up an interface: ip link set <INTERFACE> up
● Bringing down an interface: ip link set <INTERFACE> down
● Displaying information about all interfaces: ip addr show
● ip also offers subcommands for more advanced tasks, such as managing routing tables
(ip route), managing ARP cache (ip neigh), and managing network namespaces (ip
netns).
● It is more powerful and recommended for modern network configuration tasks.
IP Aliasing
● In some instances, it is necessary for a single host to have multiple IP addresses.
● Linux can support this by using IP aliases.
● Each interface in the Linux system can have multiple IP addresses assigned.
● This is done by enumerating each instance of the same interface with a colon
followed by a number.

For example, eth0 is the main interface, eth0:0 is an aliased interface, eth0:1
is an aliased interface.
Managing Routes
● Managing routes in Linux involves configuring the routing table,
● which is a key component of the networking stack.
● The routing table dictates how network packets should be forwarded or routed
through the system.
● Each entry in the routing table specifies a destination network or host
Managing Routes
Viewing the Routing Table:

● Before managing routes, it's useful to view the current routing table to understand
how traffic is being routed.
● This can be done using commands like route -n or ip route show
● The routing table typically consists of several columns including the destination
network or host, gateway, netmask, interface

Adding a Route:

To add a route in Linux, you use the route add or ip route add command. The syntax
for adding a route is:
Managing Routes
Adding a Route:

● To add a route in Linux, you use the route add or ip route add command.

The syntax for adding a route is: route add -net <DESTINATION_NETWORK>
netmask <NETMASK> gw <GATEWAY> dev <INTERFACE>

● <DESTINATION_NETWORK>: Specifies the destination network or host.

● <NETMASK>: Specifies the subnet mask for the destination network.
<GATEWAY>: Specifies the IP address of the next-hop router or gateway.
● <INTERFACE>: Specifies the network interface through which the packet should be
sent.
Managing Routes
Deleting a Route:

● To delete a route use the route del or ip route del command.

The syntax for adding a route is: route del -net <DESTINATION_NETWORK>
netmask <NETMASK> gw <GATEWAY> dev <INTERFACE>

netstat :

● Normally, the netstat program is used to display the status of all of the network
connections on a host. However, with the -r option, it can also display the kernel
routing table.
Managing Routes
netstat :

● Normally, the netstat program is used to display the status of all of the network
connections on a host. However, with the -r option, it can also display the kernel
routing table.

[root@serverA /root]# netstat -r

Kernel IP routing table Destination Gateway Genmask Flags MSS

Window irtt Iface 192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo Default 192.168.1.1
0.0.0.0 UG 0 0 0 eth0
Managing Routes
ip route

● iproute package provides advanced IP routing and network device configuration

tools.
● The ip command can also be used to manipulate the routing table on a Linux host.
This is done by using the route object with the ip command.

[root@serverA ~]# ip route show table main

10.10.2.0/24 dev eth0 proto kernel scope link src 10.99.99.45 192.168.1.0/24 dev
eth2 proto kernel scope link src 192.168.1.42 169.254.0.0/16 dev eth0 scope link
default via 10.10.2.1 dev eth0
Mechanics of FTP
The File Transfer Protocol (FTP) is a standard network protocol used for the
transfer of files from one host to another over a TCP-based network, such as the
internet.
An FTP server is a software application that runs on a server and provides FTP
services, allowing users to upload, download, and manage files on the server.
FTP is one of the oldest and most common methods of sending files over the
Internet. Very Secure FTP Daemon (vsftpd), which is the FTP base server that
ships with most Linux distributions.
 Install FTP Server on Ubuntu with vsftpd
If you are looking to install an FTP server on Ubuntu, the simplest method is to use
vsftpd
Step 1: Update System Package Repository
Start by updating the system package repository to ensure you get the latest program
version. Open the terminal and run the following command:
$ sudo apt update

Wait until the update process completes.

 Install FTP Server on Ubuntu with vsftpd
Step 2: Install vsftpd Server on Ubuntu

vsftpd is an open-source FTP utility commonly used in Ubuntu due to its simplicity.
Install vsftpd by running the command below:

$ sudo apt install vsftpd

 Install FTP Server on Ubuntu with vsftpd
Step 3: Launch vsftpd

To launch the service and enable it to automatically start at boot, run the following
commands:

$ sudo systemctl start vsftpd

$ sudo systemctl enable vsftpd

 Install FTP Server on Ubuntu with vsftpd
Step 4: Backup Configuration Files

Before making any changes, back up your configuration files. Create a backup copy
of the default configuration file using the cp command:

$ sudo cp /etc/vsftpd.conf /etc/vsftpd.conf_default

 Install FTP Server on Ubuntu with vsftpd
Step 5: Create FTP User
For this tutorial, we will create a dedicated FTP user. Skip this step if you intend to
give FTP access to an existing user.
Use the syntax below to create a new user and set the password:
$ sudo useradd -m [username]
$ sudo passwd [username]
 Install FTP Server on Ubuntu with vsftpd
Step 6: Configure Firewall to Allow FTP Traffic
If you are using UFW, it is set to block FTP traffic by default. Run the following
commands to open Ports 20 and 21 for FTP traffic:
$ sudo ufw allow 20/tcp
$ sudo ufw allow 21/tcp
The Uncomplicated Firewall (ufw) is a frontend for iptables and is particularly
well-suited for host-based firewalls. ufw provides a framework for managing netfilter,
as well as a command-line interface for manipulating the firewall.
 Install FTP Server on Ubuntu with vsftpd
Step 7: Connect to the FTP Server
Connect to the FTP server using the following syntax:
$ sudo ftp [system_name]
After connecting to the server, log in using the account and password you have set
up in Step 5 or with the account you intend to use for FTP.
Apache Server
● HTTP (Hypertext Transfer Protocol) is the foundation of data communication on
the World Wide Web.
● It is an application-layer protocol that enables the transfer of various types of
data between clients (such as web browsers) and servers.
● HTTP operates on a request-response model, where a client sends a request to
the server, and the server responds with the requested resource or an error
message.
● HTTP operates over TCP/IP, typically using port 80 for communication.
Apache Server
● Apache HTTP Server, commonly referred to as Apache, is an open-source web
server software developed and maintained by the Apache Software Foundation.
● It is one of the most widely used web server software in the world, powering a
significant portion of websites on the internet.
● Apache is cross-platform, meaning it can run on various operating systems
including Linux, Unix, macOS, and Windows.
● Apache provides a robust, scalable, and extensible platform for serving web
content and applications.
Apache Server
● Apache HTTP Server, commonly referred to as Apache, is an open-source web
server software developed and maintained by the Apache Software Foundation.
● It is one of the most widely used web server software in the world, powering a
significant portion of websites on the internet.
● Apache is cross-platform, meaning it can run on various operating systems
including Linux, Unix, macOS, and Windows.
● Apache provides a robust, scalable, and extensible platform for serving web
content and applications.
Secure Shell: Public key cryptography
● SSH is a suite of network communication tools that are collectively based on
an open protocol/standard that is guided by the Internet Engineering Task
Force (IETF).
● It allows users to connect to a remote server just as they would using Telnet,
rlogin, FTP, etc
● Public key cryptography plays a crucial role in SSH for authentication and
encryption purposes.
Secure Shell: Public key cryptography

● Key Pair Generation:

○ In public key cryptography, each user generates a key pair consisting
of a public key and a private key.
○ The private key is kept secret and should never be shared, while the
public key can be freely distributed.
Secure Shell: Public key cryptography
● Public Key Authentication:
○ When a user wants to authenticate with an SSH server, they provide their
public key to the server.
○ The server checks if the corresponding private key is authorized to access
the system.
○ If the keys match, the user is granted access without needing to enter a
password.
○ This method provides a more secure and convenient way to authenticate
compared to password-based authentication.
Secure Shell: Public key cryptography
● Encryption:
○ SSH also uses public key cryptography for encryption purposes.
○ Once authentication is successful, SSH negotiates a symmetric encryption
key between the client and server for the duration of the session.
○ This symmetric key is used for encrypting the data exchanged between
the client and server, ensuring confidentiality and integrity of the
communication.
Secure Shell: Public key cryptography
● Key Management:
○ It's essential to manage the public and private keys securely.
○ Users must safeguard their private keys and ensure they are not
compromised.
○ SSH servers typically maintain a list of authorized public keys for each
user to allow or deny access.
ssh versions
● SSH-1:
○ This was the initial version of the SSH protocol, developed by Tatu Ylönen in
1995.
○ It provided encrypted communication sessions over a network between two
devices.
○ SSH-1 had several security vulnerabilities, including weak key exchange
algorithms and potential exploits, which led to its replacement by SSH-2.
● SSH-2:
○ SSH-2 is the current standard version of the SSH protocol and provides
various improvements over SSH-1, including stronger encryption algorithms,
better key exchange methods, and enhanced security features.
○ SSH-2 is widely used in modern implementations of SSH and is considered
more secure than SSH-1.
Within SSH-2, there have been several revisions and updates:

SSH-2.0: The initial version of SSH-2 introduced significant improvements over

SSH-1, including better security and cryptographic algorithms.

SSH-2.0 Protocol Revision 2: This revision included further enhancements and

refinements to the SSH-2 protocol, addressing various security concerns and
improving compatibility and interoperability between different implementations.

SSH-2.0 Protocol Revision 3: Subsequent revisions of SSH-2 introduced

additional features and improvements, such as support for more robust
authentication mechanisms, better key management, and enhanced performance.