###Common Network Utilities###
#Features:
1. Determine if remote host is up/available: ''ping''
2. Determine if local/remote service is available: ''telnet''
3. Determine network sockets stats/connections: ''netstat''
4. View L2 information: ''arp''
5. View path taken by packets to remote system: ''traceroute''
6. Hostname-to-IP and reverse resolution: ''nslookup'', ''dig''
7. Learn more information about IP and/or block: ''whois''
Tasks:
1. Explore Packet Internet Grouper (PING)
a. ''rpm -qf `/bin/ping`'' - member of ''iputils'' package
b. ''ping -c 3 192.168.0.254 -s 32'' sends 32-bytes 8-bytes (ICMP overhead)
c. ''ping -c 3 -i 3 192.168.0.254'' - sends 3-packats of 56-bytes, every 3-seconds to target
Note: PING may be blocked by L3 devices on your network and/or the Internet
2. Telnet - Don''t use for TTY access to remote host. Use SSH. Use Telnet to test port-accessibility
a. ''telnet 192.168.74.1 22'' - Install if necessary using ''yum install telnet''
3. Netstat - reveals TCP:UDP:Unix sockets - ''/proc/net''
a. ''netstat -a'' - dumps ALL sockets with: service/port and hostname resolution
b. ''netstat -an'' - same as above, but suppresses name resolution
c. ''netstat -ntl'' - suppresses name resolution, shows ONLY TCP sockets, and listeners
d. ''netstat -ntlp'' - same as above, includes programs bound to ports
Note: Use ''-p'' option as root to reveal ALL programs
Note: '':::514'' - means that ports bound to ALL IPv6 addresses configured on the host
Note: ''0.0.0.0:514'' - means that ports bound to ALL IPv4 addresses configured on the host
e. ''netstat -i''
f. ''netstat -nulp'' - returns ALL UDP listeners
g. ''netstat -rn'' - returns kernel routing table
4. ARP - Address Resolution Protocol
a. ''arp -a || arp -e''
Note: ARP is usually self-managing.
5. Traceroute - follows path taken by packets across the network (Intra/Internet)
a. ''traceroute 192.168.75.1''
b. ''traceroute www.linuxcbt.com''
6. ''nslookup''
a. ''nslookup www.linuxcbt.com''
DNS client tools use: ''/etc/resolv.conf'' to determine which DNS servers to query
7. ''dig''
a. ''dig www.linuxcbt.com''
b. ''dig -x 71.6.195.206'' - performs a reverse lookup
c. ''dig linuxcbt.com mx''
8. ''whois'' - Finds IP/domain ownership information
a. ''whois linuxcbt.com''
###IPv4 Configuration
Features:
1. DHCP
2. Static
3. Virtual (Sub) Interfaces - supports single physical connected to multiple logical
i.e. 192.168.75.0/24 && 192.168.76.0/24 && 10.0.0.0/30
Tasks:
1. Explore key: Directories & Files
a. ''/etc/sysconfig/network'' - system-wide settings: i.e. hostname, gateway, enabled|disabled
b. ''/etc/sysconfig/netwo***ng'' - ''system-config-network'' tool controls this directory, Don''t edit manually.
c. ''/etc/hosts'' - local name DB - should contain a record for the localhost: i.e. ''localhost.localdomain''
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
Note: Add hosts to ''/etc/hosts'', for which you cannot or should not resolve via DNS
d. ''/etc/sysconfig/network-scripts''
d1. Interface configuration files - describes up/down config of interfaces: i.e. eth0
d2. Control files - describes how interfaces are to be brought: up/down - scripts
d3. Network function files - contain key network information required for the stack
d4. ''ifup-ethx'' - brings up ethernet interfaces: i.e. ''eth0'', ''eth1'', etc.
d5. ''ifdown-ethx'' - brings down ethernet interfaces: i.e. ''eth0'', ''eth1'', etc.
e. ''ifconfig'' - enumerates configuration of interfaces
Note: At minumum, a routeable, connected system has at least 2 interfaces:
1. ''lo'' - loopback - 127.0.0.1
2. ''eth0'' - Etnernet0 - Your Routeable IP/Net
e1. ''ifconfig''
eth0 Link encap:Ethernet HWaddr 00:21:86:94:CA:BE
inet addr:192.168.0.23 Bcast:192.168.0.255 Mask:255.255.255.0
inet6 addr: fe80::221:86ff:fe94:cabe/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:255885 errors:0 dropped:0 overruns:0 frame:0
TX packets:143724 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:234119225 (223.2 MiB) TX bytes:15969698 (15.2 MiB)
Memory:fe200000-fe220000
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:40823 errors:0 dropped:0 overruns:0 frame:0
TX packets:40823 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:130967469 (124.9 MiB) TX bytes:130967469 (124.9 MiB)
e2. ''ifconfig eth0:1 192.168.75.22 netmask 255.255.255.0''
e2.1. ''ping -c 3 -I 192.168.74.22 192.168.75.21'' - sources traffic as: 192.168.75.22
e3. ''ifconfig eth0:2 192.168.75.23 netmask 255.255.255.0''
e4. Preserve changes across system restart/ ''NetworkManager'' service restart
e4.1. ''cp -v /etc/sysconfig/network-scripts/ifcfg-eth0 ifcfg-eth0:1''
f. ''ifcfg eth0:3 add 192.168.75.24/24'' - Does duplicate address detection & sends ARP to hosts on the same Net as the interface
f1. ''ifcfg eth0:1 delete 192.168.75.22/24'' - removes the sub-interface
f2. ''ifconfig eth0:2 del 192.168.75.23'' - removes the sub-interface
###IPv6 Configuration###
Features:
1. Self-configuring - Prefix (/64), is auto-derived from Router
2. Can be configured via: Neigbor discovery auto-config by router, DHCPv6, Statically (manually)
Tasks:
1. ''less /etc/sysconfig/network-scripts-ifup-ipv6'' - peruse config
2. Preuse Router Config
a. ''2002:4687:DB25:2:21A:2FFF:FEE3:F240''
2002:4687:DB25:2 - left-most 64-bits describes the subnet: /64 prefix - globally unique
:21A:2FFF:FEE3:F240 - right-most 64-bits describes the host. Includes 48-bit unique MAC address
3. PING6 various devices
a. ''ping6 -c 3 -I eth0 2002:4687:DB25:2:21A:2FFF:FEE3:F240''
b. ''ping 2002:4687:DB25:2:21A:2FFF:FEE3:F240'' - form the router , PING6 RHEL-6 box
4. Use browser to access Apache via: IPv6
a. ''http://[2002:4687:DB25:2:21A:2FFF:FEE3:F240]/'' - escape IPv6 address with ''[]'' || use /etc/hosts'' || DNS
Note: IPv6 is auto-configured, by default, so long as Router or DHCPv6 provides a usable prefix.
Note: Update host configuration: i.e. ''/etc/hosts'' and/or DHS to reflect name-to-IPv6 mappings
Note: Test with desired applications: i.e. ''ssh'', ''http client'', etc.
###Very Secure File Transfer Protocol Caemon (VSFTPD)###
Features:
1. Anonymous (Default) and user-based FTP sessions
2. SSL support (provided by SSH) no need for VSFTPD
3. Does not permit ''root'' access, by default
4. Does not currently support IPv4 & IPv6 simultaneously with the same daemon
Tasks:
1. Install using: ''yum''
2. Enable ''vsftpd'' in multi-user runlevels
a. ''chkconfig vsftpd on''
3. start ''vsftpd''
a. ''service vsftpd start''
4. Disable Anonymous access
5. Test local user access and update SELinux configuration
a. ''getsebool -a | grep ftp'' - dumps FTP-related SELinux booleans
b. ''setsebool -P ftp_home_dir=1''
Note: RHEL6 enables SELinux in ''enforcing'' mode, requiring a slight change to the booleans to permit VSFTPD or any FTPD daemon to transition user into their: $HOME directory
6. Enable Dual-Loggin
a. ''dual_log_enable=YES''
7 Enable server time for display of files/directories
a. ''use_localtime=YES''
Note: ''man vsftpd.conf'' for usefull directive that apply to your application
###LFTP###
Features:
1. Interactive (Shell-like) & Non-interactive modes
2. Scriptable
3. Servers supported: FTP, FTPS, SSH(SFTP), HTTP, etc.
4. Mirroring of content: forward (download) & reverse (upload)
5. Regular expressions
6. Job Engine
Tasks:
1. Use ''lftp'' to connect to VSFTPD
a. ''lftp localhost'' && open -u ''linuxcbt''
Note: LFTP batches authentication commands and submits when control-channel commands such as ''ls'' are received
本 |