Week_Thirteen_13_UNIX
advertisement
Week Thirteen Agenda • Announcements Next weeks agenda: Student Open Source presentations April 2 and 9 Final exam outline posted • Link of the week • Review week twelve lab assignment • Week eleven expected outcomes • Next lab assignment • Break-out problems • Review True/False Final Exam • Upcoming deadlines • Lab assistance, questions, and comments Link of the week HTML Tutorial http://www.w3schools.com Purchase CGI scripts http://www.cgiscript.net "How to Create Your Own Home Page" Home Page http://www.intergalact.com/hp/part3/part3.html CGI Programming FAQ by Nick Kews http://www.webthing.com/tutorials/cgifaq.html Introduction to CGI Scripts http://linux.die.net/man/3/cgi Link of the week Common In the sense that there are many programming languages that scripts can be written in and interact with different types of systems. The user isn’t limited to just one way. Gateway CGI strengths lie in not only what it can do itself, but with it’s potential access it offers to other systems (databases/graphic generators). Interface CGI provides a well-defined way to call up its features. The interface between the CGI script and the Web server is fixed. Link of the week Define: CGI (Common Gateway Interface) script A standard for interfacing with external applications and information servers. The information servers can be HTTP or Web servers. The CGI scripts provide a more dynamic avenue for information servers to pursue rather than as a HTML file server. Review Week Twelve Lab Assignment PROCESS STATE CODES (man ps command) D R S T Z uninterruptible sleep (usually IO) runable (on run queue) sleeping traced or stopped a defunct ("zombie") process For BSD formats and when the “STAT" keyword is used, additional letters may be displayed: W < N L has no resident pages high-priority process low-priority task has pages locked into memory (for real-time and custom IO) Use the ps -aux | less command to display the above mentioned codes listed under the STAT column heading. Review Week Twelve Lab Assignment PROCESS STATE Code USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND root root root root root root root root root root 1 2 3 4 5 6 7 8 9 10 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 1424 488 ? 0.0 0 0? 0.0 0 0? 0.0 0 0? 0.0 0 0? 0.0 0 0? 0.0 0 0? 0.0 0 0? 0.0 0 0? 0.0 0 0? S Oct19 SW Oct19 SW Oct19 SW Oct19 SW Oct19 SW Oct19 SWN Oct19 SWN Oct19 SWN Oct19 SWN Oct19 0:24 0:00 0:00 0:00 0:00 0:00 0:00 0:00 0:00 0:00 init [migration/0] [migration/1] [migration/2] [migration/3] [keventd] [ksoftirqd/0] [ksoftirqd/1] [ksoftirqd/2] [ksoftirqd/3] VSZ – virtual memory usage of the entire process. RSS – non-swapped physical memory that a task has used. Review Week Twelve Lab Assignment PROCESS STATE Code /export/home/dandrear>ps ux USER PID %CPU %MEM VSZ RSS TTY dandrear 9170 0.0 dandrear 9407 0.0 STAT START TIME COMMAND 0.0 1580 584 pts/0 S 10:53 0:00 -ksh 0.1 5820 2232 pts/0 R 12:03 0:00 ps ux Review Week Twelve Lab Assignment What is the function of the cron daemon? To initiate all timed events. The cron daemon is started at boot time and remains active while the system is operating in multiuser mode. The crond wakes up every minute, exams all stored crontab records, checking to see which command is ready to execute in the current minute. crontab record format: * * * * * Command line <minute> <hour> <day> <month> <day of week> Command line crontab Restrictions You can execute crontab if your name appears in /usr/lib/cron/cron.allow. If the cron.allow files doesn’t exist, you can use crontab if your name isn’t listed in the /usr/lib/cron/cron.deny file. If only cron.deny exists, and is empty, all users can use crontab. If neither file exists, only root user can use crontab. Review Week Twelve Lab Assignment What is a domain name? It is a name that refers to a numeric notation (similar to an alias). A name that identifies one or more IP addresses. What is the function of a Domain Name Service (DNS)? It is a system that resolves names to an IP address(es) of clients. Domain name service is a hierarchical system where the top level domain serving sub-domain clients with names and IP addresses. A DNS is similar to a “phone book”. The most popular DNS software is generally BIND. FYI -dos2unix is a function that converts DOS/MAC plain text files into Unix format. What is the functionality of the “lost+found” directory on a Unix-like system? Usually, there is one directory on every disk partition. Disk errors or incorrect system shutdowns cause files to become lost. This is the directory they can be found in. Review Week Twelve Lab Assignment Security on UNIX systems Basic UNIX-like system security is the access modes for files and directories. Default file and directory permission settings are set by the umask variable value. The initial recommended umask setting of 077 would enable all permissions for the directory owner, disabling all permissions for the group, and others. Base directory values = 777 Base file values = 666 Access permissions cannot be granted one way for one user and another way for a different user. The chmod command should be used to make the final permissions settings once the information is ready for use. Review Week Twelve Lab Assignment Directory Calculation umask 077 777 077 700 111 111 111 000 111 111 111 000 000 (1’s complement) 111 000 000 700 (rwx------) Review Week Twelve Lab Assignment File Calculation umask 077 666 077 700 110 110 110 000 111 111 111 000 000 (1’s complement) 110 000 000 600 (rw-------) Review Week Twelve Lab Assignment Security on UNIX systems In a UNIX-like operating system environment, files and directories are organized in a tree structure with specific access modes. - File access modes determine the permission bits for file security. Permission bits determine how users can access a file. There are three user access modes used by all UNIX-like operating systems: the owner, the group, and others. Permission access for these groups can be read, write and execute within each usertype. - Directory protection is vital for file security. Administrators and users create “publicly writeable” directories which provide the most opportunities for compromising UNIX security system. Administrators tend to make these”open” for users to move around and access public files and utilities. - PATH environment variable should be organized with so that system paths are searched first rather than the users current directory. The users current directory should be searched last. Review Week Twelve Lab Assignment Security on UNIX systems - Although passwords offer an additional level of security, they lend themselves to computer system compromising. Lack of awareness and responsibility contributes largely to this form of computer insecurity. In summation, the corporate policy must be implemented. Two factor authentication is where a subject provides at least two types of proof of identity. - Network security is important so limit access to powerful commands like uucp, uux, uucico, and uuxqt commands. - LANs were designed to transfer files between computers quickly, and security for them should be as consideration today as any other software. IEEE 802.11i specifies the use of the Advanced Encryption Standard (AES). AES is a stronger security algorithm than WEP. Review Week Twelve Lab Assignment Security on UNIX systems The Data Encryption Standard (DES) was selected by the National Bureau of Standards as an official Federal Information Processing Standard for the United States in 1976 . DES is based on a 56 bit key. DES is now considered insecure for many applications. This action is due to the 56 bit key size being too small. Review Week Twelve Lab Assignment What is copy-on-write (COW)? It is an optimization strategy mainly used in virtual memory operating systems. Multiple users can be given a pointer to the same resource. When a process creates a copy of itself, the pages in memory that might be modified by either the parent or child process are marked copy-on-write. When one process modifies the memory, the kernel intercepts the operation and copies the memory so that changes in one process’s memory are transparent to the other. COW is intended to use memory sparsely because usage of physical memory utilization increases as data is stored. Review Week Twelve Lab Assignment Network Services A variety of services available across a network NFS Remote login Utilize a Web browser All network services rely on the ability to convert a host or domain name to an IP address. DNS are complex. The number of host names and IP addresses in the Internet is very large. DNS Local contains actual translations for the machines in its local network DNS Global contains more information about translations. A single translation could involve several DNS before resolving the IP address. Review Week Twelve Lab Assignment File Systems UNIX/Linux file system is contained under the root directory denoted by a forward slash “/”. Users don’t have to worry about the physical locations of files. The file system is transparent to the user. The system administrator must be familiar with mounting and un-mounting storage space (/mnt). A file system cannot be utilized unless it has been mounted. Review Week Twelve Lab Assignment One-Way Encryption (Message Digest 5) 1. MD5 encrypted password (option secret 0) 2. MD5 encryption text string (option secret 5) The optional 0 keyword enables MD5 encryption on a clear text password; the 5 keyword enters an MD5 encryption string and saves it as the user MD5encrypted secret. MD5 encryption is a strong encryption method which is not retrievable; thus, you cannot use MD5 encryption with protocols that require clear text passwords, such as CHAP Review Week Twelve Lab Assignment One-Way Encryption (Message Digest 5) MD5 encryption is a one way hash encryption algorithm and cannot be decrypted (except by brute force). MD5 encryption can be compromised using brute force on it. Rainbow tables use a mathematic algorithm so its easier and faster than a common brute force. And yes, there are tables which can crack MD5, I just don’t know how big they are. Usually if you have a password which is bigger than 15 characters, it takes to much time to create a table for it, and you need a lot of disk space. So if your password is bigger than 15 characters you are reasonably safe. Review Week Twelve Lab Assignment A file system is the method and data structures that an operating system uses to keep track of files on a storage medium. Super Block Attributes Contains information about each mounted file system. The super-block is the first block of each ext2FS/ext3FS partition. It contains important data about the file system, such as its size, free space, etc. (it is similar to the method used by FAT partitions). A partition with a damaged super-block cannot be mounted. Fortunately, ext2FS/ext3FS keeps several super-block backup copies scattered over the partition. Most of the information stored in the super-block is considered static. Static information can be critical in recovering data. Review Week Twelve Lab Assignment Types of information found in a super-block Device identifier, inode pointers, block size, file system type and pointer. Inode contains information about a file. The name and the inode number are stored in the directory. Data block are used to store the data in the file. There is a limited amount of space in an inode for pointers. Number of mounted file systems The Linux 2.0 kernel keeps a static array of such structures to store up to 64 mounted file systems. A file system must be mounted before it is usable. Review Week Twelve Lab Assignment Directory tree / jones dandrear date dev tmp bin usr wc ksh tty03 .profile bin foo null Review Week Thirteen Lab Assignment Directory Structure UNIX arranges files and directories in an inverted tree topology. /proc directory contains a hierarchy of special files which represent the current state of the kernel. /bin directory contains shells (bash and csh), vi editor, and commands. /etc directory contains system related configuration files. /mnt directory is intended to be used as the temporary mount points for mounting storage devices. Review Week Thirteen Lab Assignment Directory Structure drwxr-xr-x 6 root mnt root 1024 Dec 29 2005 /opt directory is where new or untested software is stored. /dev directory is where device files are located that access hardware. / directory contains several main directories. /root directory is reserved for the super-user. drwxr-x--- 4 root root 1024 Nov 16 22:35 root Review Week Twelve Lab Assignment / /bin /lib /home /usr dandrear mv bc more ls lib.ca libm.a local openview man uch Review Week Twelve Lab Assignment ext3 File System Super Block File Manager Linux Virtual File System Kernel Review Week Twelve Lab Assignment Linux Virtual File System (VFS) The purpose of a VFS is to allow client applications to access different types of file systems in a uniform way. Manages kernel file abstractions in one format for all file systems. Receive system call requests from user level (e.g. write, open, stat, link). Interacts with a specific file system based on the mount point traversal Receive requests from other parts of the kernel, mostly from memory management. Review Week Twelve Lab Assignment File Manager Is a program that provides a user interface to work with the file system. They are very useful for speeding up interaction with files. The most common operations on files are create, open, edit, print, rename, move, and copy. Review Week Twelve Lab Assignment Define LDAP (Lightweight Directory Access Protocol ): A set of protocols for accessing information directories. LDAP is considered the simplified version of the X-500 standard. Unlike the X-500 standard, LDAP supports TCP/IP for Internet access. LDAP Characteristics: - Relatively Static Data: The data is rarely modified. How often do you change your telephone number? - Extremely Fast Read Operations - The directory is tuned for high read performance because the data in the directory is frequently read but rarely written or updated. - Distributed - The data is located on a number of systems on the network for redundancy, performance, and scalability. - Hierarchical -This ensures there is an authoritative source of the data in the directory system. Week Thirteen Expected Outcomes Upon successful completion of this module, the student will be able to: • • • Describe the structure and use of Web servers. Create and run CGI scripts. Evaluate a current Web technology project. Next Lab Assignment Apache Web Server Apache Web server is free and distributed as source files by the Apache Software Foundation. Apache is generally recognized as the world's most popular Web server (HTTP server). Originally designed for UNIX servers, the Apache Web server has been ported to Windows and other network operating systems. The name "Apache" derives from the word "patchy" that the Apache developers used to describe early versions of their software. apache 31748 27504 0 Mar23 ? 00:00:03 /usr/sbin/httpd Next Lab Assignment Describe the structure and use of Web servers. Early Web sites consisted of HTML pages that could only provide data that was written into the HTML page itself. This was sufficient for that time frame. Currently, Web sites provide dynamic data into an HTML page with the use of CGI scripts. It is a mechanism for a Web server to be able to interact with an external program. These external programs are CGI scripts. Next Lab Assignment Describe the structure and use of Web servers. CGI scripts can be written in any programming languages. Perl is the common choice because of its feature richness. The web is composed of clients and servers. CGI is used on the server to provide additional services and functionality to the client. Next lab assignment The Apache HTTP server must be instructed to locate the CGI scripts. Two more pieces of information are needed. 1) A program in that directory to be used as a CGI script. 2) A link in an HTML page to your CGI scrip The CGI script itself simply produces output to stdout. The HTTP server captures that output and sends it to the Web browser. The format of the output must be in a form that the Web browser can understand (HTML). The CGI script creates the HTML page every time it is run. The data provided to the HTML page can change with each execution of the script. The Web browser reports data dynamically to the user. Next lab assignment URL that points to the CGI script. http://cs.franklin.edu/~dandrear/itec400/CGI/sysInfo.cgi Apache Web Server A user can test from a Web browser on the same machine using the host name “localhost.” http://localhost will try to find a Web server on the same machine as the Web browser. Break-out problems 1. Unix commands: fg bg uname –n id 2. Define the function of the umask command and variable. 3. What are the file permissions if the umask 027? 4. What are the directory permissions if the umask 027? 5. What are the base directory permissions? 6. What are the base file permissions? 7. What is the function of the file manager? 8. What is an Apache Web Server? 9. What would be considered an advantage of using copy-onwrite? 10. What is a Linux Virtual File System? Upcoming Deadlines Programming Assignment 2, 12-1 due April 1, 2012. Archives Exercise, 12-2 due April 1, 2012. Presentations for Public Domain/Open Source Lab Assignment 13-1 will be April 2 and 9. Programming Assignment 3, 14-1 is due April 14, 2012. Final Exam, 15-1 will be administered April 9 through April 14 (Saturday). Final Exam Outline is posted on the Bulletin Board and emailed to each student. This outline will be considered a “living” document. I will add additional information to it up to one week prior to the exam. The additional information posted after the initial posting will be highlighted/indicated. Lab assistance • Questions • Comments • Concerns • I will be available after this Franklin Live session to discuss any problems and/or concerns regarding lab assignments.
