[ Pobierz całość w formacie PDF ]
.The output from any of your cron jobs should be mailed to an administrative account.By default, many appli-cations will send error reports, usage statistics, or log file summaries to the root account.This makes sense onlyif you log in as root frequently; a much better idea is to forward root's mail to your personal account by settingup a mail alias as described in Chapter 19, Getting Exim Up and Running or Chapter 18, Sendmail.However carefully you have configured your site, Murphy's law guarantees that some problem will surface even-tually.Therefore, maintaining a system also means being available for complaints.Usually, people expect thatthe system administrator can at least be reached via email as root, but there are also other addresses that arecommonly used to reach the person responsible for a specific aspect of maintenence.For instance, complaintsabout a malfunctioning mail configuration will usually be addressed to postmaster, and problems with the newssystem may be reported to newsmaster or usenet.Mail to hostmaster should be redirected to the person in chargeof the host's basic network services, and the DNS name service if you run a name server.System SecurityAnother very important aspect of system administration in a network environment is protecting your system andusers from intruders.Carelessly managed systems offer malicious people many targets.Attacks range frompassword guessing to Ethernet snooping, and the damage caused may range from faked mail messages to dataloss or violation of your users' privacy.We will mention some particular problems when discussing the contextin which they may occur and some common defenses against them.This section will discuss a few examples and basic techniques for dealing with system security.Of course, thetopics covered cannot treat all security issues you may be faced with in detail; they merely serve to illustrate theproblems that may arise.Therefore, reading a good book on security is an absolute must, especially in a net-worked system.System security starts with good system administration.This includes checking the ownership and permissionsof all vital files and directories and monitoring use of privileged accounts.The COPS program, for instance, willcheck your file system and common configuration files for unusual permissions or other anomalies.It is alsowise to use a password suite that enforces certain rules on the users' passwords that make them hard to guess.The shadow password suite, for instance, requires a password to have at least five letters and to contain bothupper- and lowercase numbers, as well as non-alphabetic characters.When making a service accessible to the network, make sure to give it "least privilege"; don't permit it to dothings that aren't required for it to work as designed.For example, you should make programs setuid to root orsome other privileged account only when necessary.Also, if you want to use a service for only a very limitedapplication, don't hesitate to configure it as restrictively as your special application allows.For instance, if youwant to allow diskless hosts to boot from your machine, you must provide Trivial File Transfer Protocol (TFTP)so that they can download basic configuration files from the /boot directory.However, when used unrestric-tively, TFTP allows users anywhere in the world to download any world-readable file from your system.If thisis not what you want, restrict TFTP service to the /boot directory.10You might also want to restrict certain services to users from certain hosts, say from your local network.InChapter 12, we introduce tcpd, which does this for a variety of network applications.More sophisticated meth-ods of restricting access to particular hosts or services will be explored later in Chapter 9.10We will come back to this topic in Chapter 12, Important Network Features 33Another important point is to avoid "dangerous" software.Of course, any software you use can be dangerousbecause software may have bugs that clever people might exploit to gain access to your system.Things like thishappen, and there's no complete protection against it.This problem affects free software and commercial prod-ucts alike.11 However, programs that require special privilege are inherently more dangerous than others, becauseany loophole can have drastic consequences [ Pobierz całość w formacie PDF ]

  • zanotowane.pl
  • doc.pisz.pl
  • pdf.pisz.pl
  • higrostat.htw.pl
  •