On Fri, 19 Aug 2005, Cylar Z wrote: [snip] > 1. DNS. How will editing resolv.conf solve my DNS > issue? My understanding is that that file is the > configuration file for the named daemon. I'm not > running named. Shouldn't need to. A previous install > (Xandros/Debian) ran fine without it. It shouldn't be > required, since my registrar handles incoming DNS, and > outgoing lookups (websurfing) should be handled by my > ISP's nameservers. What I need to know is how to tell > my server where those nameservers are.
Rick answered this on the other post but: Yeah, you need "resolv.conf" -- it's used to translate, for example, "www.google.com" to "66.102.7.147" so your computer can connect to Google's website. So it's used by programs other than named (I'm not sure if named uses it although you can probably configure it fall back on it.) > 2. FTP. Not running an anoymous server. Just need to > upload files for my webpages. Is there a more secure > method I can use (please specify how, don't just say > "yes, there is")? As Rick mentioned, you can use `scp`. It works over the ssh connection so you won't need to configure anything extra if you already have sshd running. `scp`'s syntax is as follows: scp local_file [EMAIL PROTECTED]:path will transfer "local_file" to the "remote_server" under "path" as user "username." It's a little cryptic but you'll get used to it after a while. On Windows, WinSCP or PSCP can be used, so you won't be left in the dark if you have to transfer something from Windows to your server. You can find links to download them from http://www.openssh.com/windows.html You also wanted to know how to shut down the FTP server on your other post, so here it goes: The FTP daemon may be running as a stand-alone server, or via xinetd. Let's see how it's running on your system, if at all, by running `netstat` as root: # netstat -tlp | grep ftp If you don't see anything, you're not running ftp. If you see something similar to this: tcp 0 0 *:ftp *:* LISTEN 1125/xinetd then you're running it via `xinetd` (see the last column that says 1125/xinetd). If you see instead: tcp 0 0 *:ftp *:* LISTEN 1125/ftpd then you have the ftpd daemon running on your system as a stand-alone daemon, and it tells you the daemon's name is "ftpd". Remember the name of the daemon because it's important in the next paragraph. If it's running via xinetd, you'll need to configure the xinetd file so it doesn't monitor the ftp port, then restart xinetd. If it's running as a stand-alone, then you'll need to shut it down and disable it from the system. The former, Rick explained in the previous e-mail. The latter, I think you want to use `chkconfig --del <daemon_name>` since you're using Fedora (but my knowledge is based on RedHat systems so it may be off), and also shut down the daemon, which I guess is `/etc/rc.d/init.d/<daemon_name> stop` since you're using Fedora (again, my knowledge may be off here since I don't use Fedora.) > 3. Daemons. Where can I find a comprehensive guide > (including non-free books) to what service does what? > I don't mean a one-line description, I mean someplace > that will really explain it to me in depth. Or, can > someone at least identify the generic ones ESSENTIAL > to my system? Remember, I use ssh to connect and am > running http server. That's all my box does. What > daemons are necessary besides cron, sshd and httpd? I had the exact same question when I started using Linux. I don't know any such list but here's some things to guide you through your experience: 1. Not everything in /etc/rc.d/*/* are daemons. Some things just configure a few things and quit, or maybe run a couple programs to check the system and quit, etc. Instead of going through the list of scripts in /etc/rc.d/rcX.d/, I recommend using `ps -aefx` to see the list of running programs, and using `netstat -tulp` to see the list of open ports on your system, then shutting down the daemons that start those processes or open up those ports. 2. Here's some things running on my system that I think you'll want to run on yours. From `ps -aefx`: init - This runs everything -- starts up the system and the whole shbang. Leave it alone. [*] - Anything in brackets seem to be needed by the kernel or the kernel modules. Leave them alone... unless you know some kernel modules you don't need -- then you can remove them via `rmmod` and editing /etc/modules.conf. Some sort of logging daemon - This is used to make system logs. Leave it. There are several kinds. I seem to be running `syslogd` and `klogd`. I think `klogd` is for logging kernele messages. Important stuff. The logs are stored in /var/log/* Some sort of mail daemon - So when something goes wrong on your system, the program that detects the error can e-mail you. This is pretty important, too, IMHO. You mentioned "sendmail" and that's what this is. I'm running "exim4". Just different mail daemons. "sendmail" is supposed to be difficult to configure and misconfigurations can lead to security holes but if it works for you that's great. If you're not allowing people to connect to your system to send mails (only mail deliveries within the system), configure it to disable the "smtp" port (TCP port 25). inetd/xinetd - It's not all that necessary. It runs other programs. You can run Apache off of it or FTP daemons off of it and all that. Not really necessary and you can disable it safely and run the servers you want as stand-alone modules instead of as xinetd processes. Probably a good idea to do that, actually. sshd - Yeah, you want that. For ssh and scp. apache - Yeah, you want that, too. For the Apache webserver. cron, Anacron, etc. - These are used to rotate the logs, among other things. You don't want the logs created by `syslogd` to just build up until your hard drive gets full, so you can run cron (Anacron is one version of cron) to delete old logs automatically. It can be scheduled to do other things automatically, too, by executing programs on a regular basis. The scheduled events are configured via /etc/cron* files but there's a program to help you edit those files "properly" but the method escapes me at the moment. I think you use the `crontab` program. Anyway. Keep it around for cleaning up the logs if for nothing else. atd - This daemon is used to execute a single command at a specific time. Kind of like cron, but it lets you execute the program only once, instead of executing it on a regular basis like cron. Usually not necessary. I do like to execute a single command at certain times, so I leave it hanging around, queue up a command from time to time and let atd run it. You can create command to execute via the `at` command. It's okay to shut it down if you don't plan on using it. getty - This program lets you log into the computer from the console. One program runs per console. These programs are launched from /etc/inittab. You probably won't need to mess with them, unless you want to save some memory by killing off a few of them since you won't be doing much console logging-in. But leave a couple open so you can debug from console in emergencies. There's also different types of getties -- mingetty, mgetty, etc. ntpd - I like to run this so I can keep my computer's clock accurate. Boy, they don't make computers like they used to -- the computers I've been buying these days get so much clock skew. Running ntpd will keep the time accurate by fetching time from other computers running off of Atomic clocks or computers that are only one or two or three off of Atomic clocks. This daemon will open up a port and let other people get date off of your computer, too, though, but you can configure it to disable that. mysql - Some websites ineract with mysql locally. You may need this if one of your web applications use databases. Or it may need another type of And from `netstat -tulp` (type `netstat -ntulp` to list port numbers instead of names): TCP port "www" (TCP port 80) - Needed by Apache. TCP port "ssh" (TCP port 22) - Needed by ssh and scp. TCP port "smtp" (TCP port 25) - Needed by mail daemon, but make sure it's accepting connections only locally (you should see "localhost:smtp" or "127.0.0.1" but not "*:smtp". TCP port "mysql" (TCP port 3306) - Needed by MySQL, if you're running MySQL. Again, make sure it's accepting connections only locally. UDP port "ntp" (UDP port 123) - Needed by NTP, if you're running NTP. Again, make sure it's accepting connections only locally. Everything else, you can probably shut off without problems. When in doubt, Google about the program or ask here if you can't find it on Google. Again, just because there's an entry in /etc/rc.d/rcX.d/ doesn't mean it's a daemon -- there's probably a disk integrity checking in there and things like that you should leave alone. Check `ps -aefx` to list the programs that are running on the system and disable those individually. Also check `netstat -tulp` to see what ports are open and which programs are keeping those ports open and disable the ones you don't need. You should also install some security programs such as firewall and intrusion detection tools, but be careful not to firewall yourself out...! >.< If you want to go even further, if you're able, install a hardware firewall between your computer and the rest of the Internet and set it up so it forwards only the ports you really want open -- it'll be another level of protection in case you forgot something... but it can also be an extra source of headache so be careful. -Mark -- Mark K. Kim AIM: markus kimius Homepage: http://www.cbreak.org/ Xanga: http://www.xanga.com/vindaci Friendster: http://www.friendster.com/user.php?uid=13046 PGP key fingerprint: 7324 BACA 53AD E504 A76E 5167 6822 94F0 F298 5DCE PGP key available on the homepage _______________________________________________ vox-tech mailing list [email protected] http://lists.lugod.org/mailman/listinfo/vox-tech
