Week_Thirteen_13_UNIX

advertisement
Week Thirteen Agenda
• Announcements
Next weeks agenda:
Student Open Source presentations
April 2 and 9
Final exam outline posted
• Link of the week
• Review week twelve lab assignment
• Week eleven expected outcomes
• Next lab assignment
• Break-out problems
• Review True/False Final Exam
• Upcoming deadlines
• Lab assistance, questions, and comments
Link of the week
HTML Tutorial
http://www.w3schools.com
Purchase CGI scripts
http://www.cgiscript.net
"How to Create Your Own Home Page" Home Page
http://www.intergalact.com/hp/part3/part3.html
CGI Programming FAQ by Nick Kews
http://www.webthing.com/tutorials/cgifaq.html
Introduction to CGI Scripts
http://linux.die.net/man/3/cgi
Link of the week
Common
In the sense that there are many programming languages that
scripts can be written in and interact with different types of
systems. The user isn’t limited to just one way.
Gateway
CGI strengths lie in not only what it can do itself, but with it’s
potential access it offers to other systems (databases/graphic
generators).
Interface
CGI provides a well-defined way to call up its features. The
interface between the CGI script and the Web server is fixed.
Link of the week
Define: CGI (Common Gateway Interface) script
A standard for interfacing with external applications and
information servers. The information servers can be HTTP or
Web servers. The CGI scripts provide a more dynamic avenue for
information servers to pursue rather than as a HTML file server.
Review Week Twelve Lab Assignment
PROCESS STATE CODES (man ps command)
D
R
S
T
Z
uninterruptible sleep (usually IO)
runable (on run queue)
sleeping
traced or stopped
a defunct ("zombie") process
For BSD formats and when the “STAT" keyword is used,
additional letters may be displayed:
W
<
N
L
has no resident pages
high-priority process
low-priority task
has pages locked into memory (for real-time and custom IO)
Use the ps -aux | less command to display the above
mentioned codes listed under the STAT column heading.
Review Week Twelve Lab Assignment
PROCESS STATE Code
USER
PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
root
root
root
root
root
root
root
root
root
root
1
2
3
4
5
6
7
8
9
10
0.0
0.0
0.0
0.0
0.0
0.0
0.0
0.0
0.0
0.0
0.0 1424 488 ?
0.0
0 0?
0.0
0 0?
0.0
0 0?
0.0
0 0?
0.0
0 0?
0.0
0 0?
0.0
0 0?
0.0
0 0?
0.0
0
0?
S
Oct19
SW Oct19
SW Oct19
SW Oct19
SW Oct19
SW Oct19
SWN Oct19
SWN Oct19
SWN Oct19
SWN Oct19
0:24
0:00
0:00
0:00
0:00
0:00
0:00
0:00
0:00
0:00
init
[migration/0]
[migration/1]
[migration/2]
[migration/3]
[keventd]
[ksoftirqd/0]
[ksoftirqd/1]
[ksoftirqd/2]
[ksoftirqd/3]
VSZ – virtual memory usage of the entire process.
RSS – non-swapped physical memory that a task has used.
Review Week Twelve Lab Assignment
PROCESS STATE Code
/export/home/dandrear>ps ux
USER
PID %CPU %MEM VSZ RSS TTY
dandrear 9170 0.0
dandrear 9407 0.0
STAT START TIME COMMAND
0.0 1580 584 pts/0 S 10:53 0:00 -ksh
0.1 5820 2232 pts/0 R 12:03 0:00 ps ux
Review Week Twelve Lab Assignment
What is the function of the cron daemon?
To initiate all timed events. The cron daemon is started at boot
time and remains active while the system is operating in multiuser mode.
The crond wakes up every minute, exams all stored crontab
records, checking to see which command is ready to execute
in the current minute.
crontab record format: * * * * * Command line
<minute> <hour> <day> <month> <day of week> Command line
crontab Restrictions
You can execute crontab if your name appears in
/usr/lib/cron/cron.allow.
If the cron.allow files doesn’t exist, you can use crontab if
your name isn’t listed in the /usr/lib/cron/cron.deny file. If
only cron.deny exists, and is empty, all users can use crontab.
If neither file exists, only root user can use crontab.
Review Week Twelve Lab Assignment
What is a domain name?
It is a name that refers to a numeric notation (similar to an alias).
A name that identifies one or more IP addresses.
What is the function of a Domain Name Service (DNS)?
It is a system that resolves names to an IP address(es) of clients. Domain
name service is a hierarchical system where the top level domain serving
sub-domain clients with names and IP addresses. A DNS is similar to a
“phone book”.
The most popular DNS software is generally BIND.
FYI -dos2unix is a function that converts DOS/MAC plain text files into Unix
format.
What is the functionality of the “lost+found” directory on a Unix-like system?
Usually, there is one directory on every disk partition. Disk errors or
incorrect system shutdowns cause files to become lost. This is the directory
they can be found in.
Review Week Twelve Lab Assignment
Security on UNIX systems
Basic UNIX-like system security is the access modes for files
and directories. Default file and directory permission settings
are set by the umask variable value. The initial recommended
umask setting of 077 would enable all permissions for the
directory owner, disabling all permissions for the group, and
others.
Base directory values = 777
Base file values = 666
Access permissions cannot be granted one way for one user
and another way for a different user.
The chmod command should be used to make the final
permissions settings once the information is ready for use.
Review Week Twelve Lab Assignment
Directory Calculation
umask 077
777
077
700
111 111 111
000 111 111
111 000 000 (1’s complement)
111 000 000
700 (rwx------)
Review Week Twelve Lab Assignment
File Calculation
umask 077
666
077
700
110 110 110
000 111 111
111 000 000 (1’s complement)
110 000 000
600 (rw-------)
Review Week Twelve Lab Assignment
Security on UNIX systems
In a UNIX-like operating system environment, files and
directories are organized in a tree structure with specific access
modes.
- File access modes determine the permission bits for file
security. Permission bits determine how users can access a
file. There are three user access modes used by all UNIX-like
operating systems: the owner, the group, and others.
Permission access for these groups can be read, write and
execute within each usertype.
- Directory protection is vital for file security. Administrators
and users create “publicly writeable” directories which provide
the most opportunities for compromising UNIX security
system. Administrators tend to make these”open” for users to
move around and access public files and utilities.
- PATH environment variable should be organized with so that
system paths are searched first rather than the users current
directory. The users current directory should be searched last.
Review Week Twelve Lab Assignment
Security on UNIX systems
- Although passwords offer an additional level of security, they
lend themselves to computer system compromising. Lack of
awareness and responsibility contributes largely to this form of
computer insecurity. In summation, the corporate policy must
be implemented. Two factor authentication is where a subject
provides at least two types of proof of identity.
- Network security is important so limit access to powerful
commands like uucp, uux, uucico, and uuxqt commands.
- LANs were designed to transfer files between computers
quickly, and security for them should be as consideration
today as any other software. IEEE 802.11i specifies the use of
the Advanced Encryption Standard (AES). AES is a stronger
security algorithm than WEP.
Review Week Twelve Lab Assignment
Security on UNIX systems
The Data Encryption Standard (DES) was selected by
the National Bureau of Standards as an official Federal
Information Processing Standard for the United States in
1976 .
DES is based on a 56 bit key.
DES is now considered insecure for many applications.
This action is due to the 56 bit key size being too small.
Review Week Twelve Lab Assignment
What is copy-on-write (COW)?
It is an optimization strategy mainly used in virtual memory
operating systems. Multiple users can be given a pointer to the
same resource. When a process creates a copy of itself, the
pages in memory that might be modified by either the parent
or child process are marked copy-on-write. When one process
modifies the memory, the kernel intercepts the operation and
copies the memory so that changes in one process’s memory
are transparent to the other.
COW is intended to use memory sparsely because usage of
physical memory utilization increases as data is stored.
Review Week Twelve Lab Assignment
Network Services
A variety of services available across a network
NFS
Remote login
Utilize a Web browser
All network services rely on the ability to convert a host or domain name to
an IP address.
DNS are complex. The number of host names and IP addresses in the
Internet is very large.
DNS Local contains actual translations for the machines in its local
network
DNS Global contains more information about translations.
A single translation could involve several DNS before resolving the
IP address.
Review Week Twelve Lab Assignment
File Systems
UNIX/Linux file system is contained under the root
directory denoted by a forward slash “/”.
Users don’t have to worry about the physical
locations of files. The file system is transparent to the
user.
The system administrator must be familiar with
mounting and un-mounting storage space (/mnt).
A file system cannot be utilized unless it has been
mounted.
Review Week Twelve Lab Assignment
One-Way Encryption (Message Digest 5)
1. MD5 encrypted password (option secret 0)
2. MD5 encryption text string (option secret 5)
The optional 0 keyword enables MD5 encryption on a
clear text password; the 5 keyword enters an MD5
encryption string and saves it as the user MD5encrypted secret. MD5 encryption is a strong
encryption method which is not retrievable; thus, you
cannot use MD5 encryption with protocols that
require clear text passwords, such as CHAP
Review Week Twelve Lab Assignment
One-Way Encryption (Message Digest 5)
MD5 encryption is a one way hash encryption algorithm and
cannot be decrypted (except by brute force). MD5 encryption
can be compromised using brute force on it. Rainbow tables
use a mathematic algorithm so its easier and faster than a
common brute force.
And yes, there are tables which can crack MD5, I just don’t
know how big they are. Usually if you have a password which
is bigger than 15 characters, it takes to much time to create a
table for it, and you need a lot of disk space.
So if your password is bigger than 15 characters you are
reasonably safe.
Review Week Twelve Lab Assignment
A file system is the method and data structures that an operating
system uses to keep track of files on a storage medium.
Super Block Attributes
Contains information about each mounted file system.
The super-block is the first block of each ext2FS/ext3FS
partition. It contains important data about the file system,
such as its size, free space, etc. (it is similar to the method
used by FAT partitions). A partition with a damaged
super-block cannot be mounted. Fortunately,
ext2FS/ext3FS keeps several super-block backup copies
scattered over the partition.
Most of the information stored in the super-block is
considered static. Static information can be critical in
recovering data.
Review Week Twelve Lab Assignment
Types of information found in a super-block
Device identifier, inode pointers, block size, file system
type and pointer.
Inode contains information about a file. The name and the inode
number are stored in the directory.
Data block are used to store the data in the file. There is a limited
amount of space in an inode for pointers.
Number of mounted file systems
The Linux 2.0 kernel keeps a static array of such
structures to store up to 64 mounted file systems.
A file system must be mounted before it is usable.
Review Week Twelve Lab Assignment
Directory tree
/
jones
dandrear
date
dev
tmp
bin
usr
wc
ksh
tty03
.profile
bin
foo
null
Review Week Thirteen Lab Assignment
Directory Structure
UNIX arranges files and directories in an inverted
tree topology.
/proc directory contains a hierarchy of special files
which represent the current state of the kernel.
/bin directory contains shells (bash and csh), vi editor,
and commands.
/etc directory contains system related configuration
files.
/mnt directory is intended to be used as the temporary
mount points for mounting storage devices.
Review Week Thirteen Lab Assignment
Directory Structure
drwxr-xr-x 6 root
mnt
root
1024 Dec 29 2005
/opt directory is where new or untested software is
stored.
/dev directory is where device files are located that
access hardware.
/ directory contains several main directories.
/root directory is reserved for the super-user.
drwxr-x--- 4 root root
1024 Nov 16 22:35
root
Review Week Twelve Lab Assignment
/
/bin
/lib
/home
/usr
dandrear
mv
bc
more
ls
lib.ca
libm.a
local openview man
uch
Review Week Twelve Lab Assignment
ext3 File System
Super Block
File Manager
Linux Virtual File System
Kernel
Review Week Twelve Lab Assignment
Linux Virtual File System (VFS)
The purpose of a VFS is to allow client applications to
access different types of file systems in a uniform way.
Manages kernel file abstractions in one format for all file
systems.
Receive system call requests from user level
(e.g. write, open, stat, link).
Interacts with a specific file system based on the mount
point traversal
Receive requests from other parts of the kernel, mostly
from memory management.
Review Week Twelve Lab Assignment
File Manager
Is a program that provides a user interface to work
with the file system. They are very useful for
speeding up interaction with files. The most common
operations on files are create, open, edit, print,
rename, move, and copy.
Review Week Twelve Lab Assignment
Define LDAP (Lightweight Directory Access Protocol ):
A set of protocols for accessing information directories. LDAP
is considered the simplified version of the X-500 standard.
Unlike the X-500 standard, LDAP supports TCP/IP for
Internet access.
LDAP Characteristics:
- Relatively Static Data: The data is rarely modified. How
often do you change your telephone number?
- Extremely Fast Read Operations - The directory is tuned for
high read performance because the data in the directory is
frequently read but rarely written or updated.
- Distributed - The data is located on a number of systems on
the network for redundancy, performance, and scalability.
- Hierarchical -This ensures there is an authoritative source of
the data in the directory system.
Week Thirteen Expected Outcomes
Upon successful completion of this module, the
student will be able to:
•
•
•
Describe the structure and use of Web
servers.
Create and run CGI scripts.
Evaluate a current Web technology project.
Next Lab Assignment
Apache Web Server
Apache Web server is free and distributed as source
files by the Apache Software Foundation.
Apache is generally recognized as the world's most
popular Web server (HTTP server). Originally
designed for UNIX servers, the Apache Web server
has been ported to Windows and other network
operating systems. The name "Apache" derives from
the word "patchy" that the Apache developers used to
describe early versions of their software.
apache 31748 27504 0 Mar23 ?
00:00:03 /usr/sbin/httpd
Next Lab Assignment
Describe the structure and use of Web servers.
Early Web sites consisted of HTML pages that could
only provide data that was written into the HTML
page itself. This was sufficient for that time frame.
Currently, Web sites provide dynamic data into an
HTML page with the use of CGI scripts.
It is a mechanism for a Web server to be able to
interact with an external program. These external
programs are CGI scripts.
Next Lab Assignment
Describe the structure and use of Web servers.
CGI scripts can be written in any programming
languages. Perl is the common choice because of its
feature richness.
The web is composed of clients and servers. CGI is
used on the server to provide additional services and
functionality to the client.
Next lab assignment
The Apache HTTP server must be instructed to locate the CGI
scripts.
Two more pieces of information are needed.
1) A program in that directory to be used as a CGI script.
2) A link in an HTML page to your CGI scrip
The CGI script itself simply produces output to stdout. The
HTTP server captures that output and sends it to the Web
browser. The format of the output must be in a form that the
Web browser can understand (HTML).
The CGI script creates the HTML page every time it is
run.
The data provided to the HTML page can change with each
execution of the script. The Web browser reports data
dynamically to the user.
Next lab assignment
URL that points to the CGI script.
http://cs.franklin.edu/~dandrear/itec400/CGI/sysInfo.cgi
Apache Web Server
A user can test from a Web browser on the same machine
using the host name “localhost.” http://localhost will try to find
a Web server on the same machine as the Web browser.
Break-out problems
1. Unix commands:
fg
bg
uname –n
id
2. Define the function of the umask command and variable.
3. What are the file permissions if the umask 027?
4. What are the directory permissions if the umask 027?
5. What are the base directory permissions?
6. What are the base file permissions?
7. What is the function of the file manager?
8. What is an Apache Web Server?
9. What would be considered an advantage of using copy-onwrite?
10. What is a Linux Virtual File System?
Upcoming Deadlines
Programming Assignment 2, 12-1 due April 1, 2012.
Archives Exercise, 12-2 due April 1, 2012.
Presentations for Public Domain/Open Source Lab
Assignment 13-1 will be April 2 and 9.
Programming Assignment 3, 14-1 is due April 14, 2012.
Final Exam, 15-1 will be administered April 9 through April
14 (Saturday).
Final Exam Outline is posted on the Bulletin Board and
emailed to each student. This outline will be considered a
“living” document. I will add additional information to it up to
one week prior to the exam. The additional information posted
after the initial posting will be highlighted/indicated.
Lab assistance
• Questions
• Comments
• Concerns
• I will be available after this Franklin Live
session to discuss any problems and/or
concerns regarding lab assignments.
Download