SWAT Blog

Posts Tagged ‘rhel’

Step By Step configuration of DNS server

Tuesday, December 28th, 2010

Note:- Before Start
Set ip-address manually (I use 172.17.0.250)
Set hostname FQDN (I use server.pdc.home)
No need to install caching-nameserver if you are using fedora 9 to 14.

The Installation has been performed on the following Linux OS.

Server: Fedora 6 to 14, rhel 5.0, to 5.5 & Centos 5.0, to 5.5.

Note: Please be careful about the firewall and selinux policies before continuing with the configuration. Disable the Firewall & Selinux or create rules.

1. Installation of DNS Server.

[root@linux8 ~]# yum install bind* caching-nameserver*

2.Make sure that the host names are set properly

[root@linux8 ~]# vi /etc/hosts

127.0.0.1 localhost.localdomain localhost
::1 localhost6.localdomain6 localhost6
172.17.0.250 server.pdc.home server #(ip address & fqdn)

[root@linux8 ~]# vi /etc/sysconfig/network

NETWORKING=yes
NETWORKING_IPV6=no
HOSTNAME=server.pdc.home

[root@linux8 ~]# hostname server.pdc.home

3. DNS resolve entry

[root@linux8 ~]# vi /etc/resolv.conf

search server.pdc.home
nameserver 172.17.0.250

4. Do the following configuration to setup DNS properly.
(a)

[root@linux8 ~]# vi /etc/named.conf

options {
directory “/var/named”;
dump-file “/var/named/data/cache_dump.db”;
statistics-file “/var/named/data/named_stats.txt”;
memstatistics-file “/var/named/data/named_mem_stats.txt”;
query-source port 53;
};
zone “pdc.home” IN {
type master;
file “pdc.home.forward”;
allow-update { none; };
};

zone “0.17.172.in-addr.arpa” IN {
type master;
file “pdc.home.reverse”;
allow-update { none; };
};

(b) Create the zone file in the proper location and also create a reverse zone file.

[root@linux8 ~]# cd  /var/named
[root@linux8 ~]# cp  localhost.zone  pdc.home.forward
[root@linux8 ~]# cp  named.local  pdc.home.reverse
[root@linux8 ~]# vi  pdc.home.forward

$TTL 86400
@ IN SOA server.pdc.home. root.server.pdc.home. (
42 ; serial (d. adams)
3H ; refresh
15M ; retry
1W ; expiry
1D ) ; minimum

IN NS server.pdc.home.
IN A 127.0.0.1
server IN A 172.17.0.250

[root@linux8 ~]# vi pdc.home.reverse

$TTL 86400
@ IN SOA server.pdc.home. root.server.pdc.home. (
1997022700 ; Serial
28800 ; Refresh
14400 ; Retry
3600000 ; Expire
86400 ) ; Minimum
IN NS server.pdc.home.
250 IN PTR server.pdc.home.

(c) Restart the named service

[root@linux8 ~]# service named  restart
[root@linux8 ~]# chkconfig named on      #for permanent service on
[root@linux8 ~]# bind-chroot-admin -d
[root@linux8 ~]# bind-chroot-admin -e    #for binding with chroot Security

The DNS Server is ready now, it’s time to test.

[root@linux8 ~]# dig server.pdc.home

Answer Should look like below:

; <> DiG 9.3.4-P1 <> server.pdc.home
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 33213
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;server.pdc.home. IN A

;; ANSWER SECTION:
server.pdc.home. 86400 IN A 172.17.0.250

;; AUTHORITY SECTION:
pdc.home. 86400 IN NS server.pdc.home.

;; Query time: 0 msec
;; SERVER: 172.17.0.250#53(172.17.0.250)
;; WHEN: Mon Mar 9 13:39:47 2009
;; MSG SIZE rcvd: 63

[root@linux8 ~]# dig  -x 172.17.0.250

Answer Should look like below:

; <> DiG 9.3.4-P1 <> -x 172.17.0.250
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 34497
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1

;; QUESTION SECTION:
;250.0.17.172.in-addr.arpa. IN PTR

;; ANSWER SECTION:
250.0.17.172.in-addr.arpa. 86400 IN PTR server.pdc.home.

;; AUTHORITY SECTION:
0.17.172.in-addr.arpa. 86400 IN NS server.pdc.home.

;; ADDITIONAL SECTION:
server.pdc.home. 86400 IN A 172.17.0.250

;; Query time: 0 msec
;; SERVER: 172.17.0.250#53(172.17.0.250)
;; WHEN: Mon Mar 9 13:41:37 2009
;; MSG SIZE rcvd: 103

Step by step Configuration of Secure FTP Server on Linux

Tuesday, December 28th, 2010

The Installation has been performed on the following Linux OS.
Fedora 6 to 14, rhel 5.0,to 5.5 & Centos 5.0 to 5.5
STEP 1: Setup VSFTPD

[root@linux8 ~]# yum install vsftpd*

STEP 2: Configure VSFTPD

[root@linux8 ~]# vi /etc/vsftpd.conf

Make changes as below:

anonymous_enable=NO
local_enable=YES
write_enable=YES
local_umask=022
dirmessage_enable=YES
xferlog_enable=YES
connect_from_port_20=YES
xferlog_std_format=YES

#You may fully customise the login banner string
ftpd_banner=Welcome to Minor Addition FTP.

listen=YES
pam_service_name=vsftpd
userlist_enable=YES
tcp_wrappers=YES (save & Exit)

STEP 3: Enable SSH2 Encription on FTP Server

To enable TLS/SSL security controls

[root@linux8 ~]#ldd /urs/sbin/vsftpd | grep ssl

Output of this command should give out like below

libssl.so.6 => /lib/libssl.so6 (0*001bf000)

STEP 4: Generate certificate key for encryption<

[root@linux8 ~]#cd /etc/pki/tls/certs
[root@linux8 ~]#make vsftpd.pem

This command creates certificate for 2 years. After 2 years make it again.

Country Name : IN
State of province name(full name) : Atul Sharma
Locality Name (eg,city) : Guildford
Organization Name : Tactical Value.
Organizational Unit Name : Centos Server
Common Name (eg,your name or your server’s hostname) : ixlinux1
Email Address : sysadmin@minoraddition.com

Note: The vsftpd.pem file should be secured so only owner has access to the file. This file does not affect the server if it is running as a non privileged account, as the keys are loaded before dropping into non privileged mode.

[root@linux8 ~]#cat /etc/pki/tls/certs/vsftpd.pem
[root@linux8 ~]#openssl x509 -in /etc/pki/tls/certs/vsftpd.pem -noout -text
[root@linux8 ~]#chmod 600 /etc/pki/tls/certs/vsftpd.pem

The configuration file needs to enter some entries. Open vsftpd.conf & enter below written lines at the end of the file.

[root@linux8 ~]#vi /etc/vsftpd/vsftpd.conf

ssh2 configureation
ssl_enable=YES
allow_anon_ssl=NO
force_local_data_ssl=NO
force_local_logins_ssl=YES

ssl_tlsv1=YES
ssl_sslv2=NO
ssl_sslv3=NO

rsa_cert_file=/etc/pki/tls/certs/vsftpd.pem

Now we have to restart service

[root@linux8 ~]# /etc/init.d/vsftpd restart

This is all about secure ftp server. For access to secure ftp server you have to create users on the same PC.
The Linux clients use gftp, filezilla.
The windows clients use filezilla.
Use SSH2 & Port 22 while making connection.

  • © 2004-2015 Special Work & Technology Limited