NTP

NTP (Network Time Protocol) is designed to resolve issues regarding the system time of server and client systems. Having an accurate system time is important for several reasons, including:

• Log files: These files have timestamps embedded within log entries. These timestamps are often critical in determining exactly when an error or a security breach occurred. Inaccurate system times result in inaccurate timestamps, which can lead to problems in determining both the causes of problems and potential legal issues, as log files are sometimes used in legal cases but can be disregarded by the court system if the timestamps are not accurate.

• Client/server interactions: Some services require the client and server systems to be in sync regarding system time. If these systems are not in sync, the service may fail completely.

• Searches for file by timestamp: Users and administrators often search for lost or missing files using timestamps. If the system time isn’t accurate, then the file timestamps won’t be accurate, making it difficult to find files.

• Transaction log timestamps: Many transaction operations include timestamps. For example, each email that is sent or received has a timestamp of these actions. Another example is banking and credit card transactions. It is critical to ensure that these timestamps are as accurate as possible for both security and reliability of the transactions.

The purpose of NTP is to ensure accurate system times. A system is configured as an NTP client, which sets the system time based on data received from one or more NTP servers. Typically three or more NTP servers are used to best ensure the most accurate time.

Organizations may deploy their own NTP servers, but there are also publicly available servers on pool.ntp.org. Servers are categorized by how accurate they are.

Their accuracy is determined by assigning a “stratum” value to each server—a numeric value from 0 to 15; the lower this value, the more accurate the clock is considered to be.

A clock that advertises itself as a stratum-0 likely gets its timestamps from an atomic clock and has very little delay in responding to NTP requests. A clock that advertises itself as a stratum-1 gets its timestamps from stratum-0 servers.

SSH

SSH (Secure Shell) is a service that allows for secure communication between hosts. The securing features include symmetrical encryption, asymmetrical encryption, and hashing. SSH is used for the following:

• It is a secure replacement for Telnet and other unsecure remote-connection services (such as rlogin). On the client side, the ssh command is used for this feature.

• It is a secure replacement for file transfer methods, such as FTP or RCP. On the client side, the sftp command is used to replace ftp, and the scp command is used to replace rcp.

• It is a secure replacement for remote execution methods, like rsh. On the client side, the ssh command is used for this feature.

Certificate Authority

One of the problems with IT security revolves around the concept of trust. For example, suppose you want to connect to your bank online, and you type the bank’s URL in a browser. Your browser gets a response from a remote server, but how can you ensure that remote server is actually your bank and not a server that hijacked your connection attempt? You use digital certifications.

When the browser connects to the server, the server issues a signature, which is tied to a digital certificate. The web browser consults a third-party organization, called a CA (certificate authority), to verify the signature. The trust is built between the client system and the server by using the CA for verification.

Name Server

While users prefer to use hostnames or URL addresses to access other systems, the systems themselves us IP addresses. So when you perform a command like ping www.google.com, the URL needs to be converted into an IP address before the ping request can be sent.

There are millions of systems on the Internet, and keeping track of all the hostnames and IP addresses can be a daunting task. DNS (Domain Name System) provides the solution. DNS uses a series of name servers to perform hostname-to-IP address conversions. Name servers are responsible for knowing a subset of hostnames and their corresponding IP addresses, and this makes the task of updating and maintaining these translations easier because the process is distributed over thousands of different systems.

DHCP

Your own system needs networking information that is specific to the network on which you are located. This includes information like the IP address, the gateway IP address, the name server, and the netmask (network mask). These pieces of network information can be assigned manually, which is fine for servers that don’t move between networks, but it is not easy for mobile devices that move from one network to another.

A Dynamic Host Configuration Protocol (DHCP) server provides client systems with this network information automatically. When a client is configured as a DHCP server, it sends a request for DHCP servers to provide this network information. Once this data is received, the client automatically configures itself, and the system can communicate on the network.

SNMP

Simple Network Management Protocol (SNMP) is a protocol that allows for the management of network devices. It also provides features to monitor network devices. Typically you will see SNMP used to control networking equipment, such as routers, wireless access points (WAPs), and switches.

File Servers

A file server is a system that shares files. Several different file servers are commonly used on Linux systems:

• FTP (File Transfer Protocol) server: While FTP servers provide little security (they don’t encrypt network data), they are still widely used in certain situations. For example, you may want to publicly share files on the Internet. An FTP server that uses an anonymous user account (one that doesn’t require a password for authentication) would be a good solution as long as the FTP server has been configured not to permit uploading of files. In terms of accessing an FTP server, an individual user would need to initiate the access via an FTP client program.

• SFTP (SSH File Transfer Protocol) server: SSH, as discussed earlier in this chapter, can be used to provide FTP-like access but in a secured manner. This type of file sharing requires user authentication and secures data transport. To access an SFTP server, an individual user would need to initiate the access via an SSH client program.

• Samba: Samba is a service that can share both files and printers. It is designed to share files in a manner that allows Microsoft Windows clients to access the shares. Samba can also be integrated with a Microsoft Server domain, so it is a good solution in an environment that has a mix of operating systems. To access a Samba server, an individual user could initiate the access via a Samba client program, but an administrator can also configure access via a mount point (a directory available in the filesystem).

• NFS: Network File Systems (NFS) is primarily designed to share files between Linux or Unix systems (sometimes referred to as *Nix systems). There are some non-*Nix client programs available, but they are not commonly used. NFS lacks a lot of the modern security features found in other file servers, but given that it is normally used only on a LAN, these security issues are not a big concern. Unlike with FTP or SFTP, users don’t initiate access to an NFS server. An administrator mounts an NFS share to make the share available via the filesystem structure on the client system.

Authentication Server

An authentication server is a system that is used to authenticate user accounts on client systems. Several different authentication servers are available on Linux systems:

• RADIUS: There are several different options for RADIUS (Remote Authentication Dial-In User Service) servers, including GNU Radius, FreeRADIUS, OpenRADIUS, and BSDRadius. They all have a common collection of features, but each offers some different features as well. All RADIUS servers are designed to provide centralized AAA (authentication, authorization, and accounting) services. Radius servers can be used for a variety of authentication operations because they are not just limited to Linux.

• IPA: An IPA (identity, policy, and audit) server is a combination of several different technologies that provide the functionality of an authentication server. There are several different IPA options available, and they normally include features like the following:

  • LDAP (Lightweight Directory Access Protocol): This provides a means to store and retrieve account data.

  • Kerberos: This service provides central authorization of user accounts.

  • NTP: See the section “NTP,” earlier in this chapter.

  • DNS: See the section “Name Server,” earlier in this chapter.

  • CA: See the section “Certificate Authority,” earlier in this chapter.

Proxy

A proxy server acts as a go-between for two systems. For example, if you connected to a web server via a web browser, you could use a proxy server to handle the connection to the server. Proxy servers provide several advantages:

• Proxy servers can monitor network traffic and filter based on the content of the traffic.

• Proxy servers can bypass filters by appearing to be originating from different systems or networks.

• Proxy servers can log network traffic and access to remote systems.

• Proxy servers can improve performance by caching static data, either on the client side or the server side.

• Proxy servers can provide security features, which make connections more secure.

• Proxy servers can translate data from one form to another. For example, they can be used to translate data from one language to another.

The most common proxy server on Linux is Squid, but there are others that perform specific tasks.

VPN

A virtual private network (VPN) is a service that allows for a virtual network over a public network. It allows data to be shared across public networks in a secure manner. A lot of VPN software is available for Linux.

Database

A database is a system that is used to store and return data upon request. A lot of database options are available for Linux.

In a sense, most of the files that are stored in the /etc directory structure are simple databases (for example, the /etc/passwd file). However, typically a database requires a database management system to provide controlled access to the data held within the database. You could argue that tools are used to directly manage the data in the files in the /etc directory (such as the useradd command modifying the /etc/passwd file); however, calling these tools database management systems is a bit of a stretch. Most people consider more robust software programs—such as Oracle, MySQL, PostgreSQL, Apache Derby, and Firebird—to be database management systems.

Print Server

A print server manages print jobs (that is, requests to send data to a printer). The most common print server for Linux is CUPS (Common Unix Printing System). CUPS can be configured to send print jobs to a print queue. When a printer is available, CUPS sends the print job from the queue to the printer.

CUPS also allows you to cancel print jobs, determine print job priority, and connect to other print servers (like those shared via Samba or from Microsoft Windows print servers).

Mail Server

A mail server is a program that is responsible for sending, receiving, and storing email messages. Mail servers use system-independent methods (based on SMTP [Simple Mail Transport Protocol]) to manage mail messages, so one mail server has software that enables it to interact with another, different mail server.

sendmail has traditionally been a popular mail server, but most administrators tend to avoid using sendmail because it is complex (and therefore difficult) to configure and doesn’t have strong security features. You should be aware that it is a possible solution and still in use on many older servers.

Postfix is a more common solution on modern Linux systems. It is considered to be easier to configure and has many features, including good security features.

Web

The Web (also called the World Wide Web) is a component of the Internet that is accessible via Web browsers. The term is often used interchangeably with the Internet, but the Internet refers to all of the systems that are connected globally, including servers that provide other features, such as database access and mail services.

Logging

Logging is the process of taking reports from services and storing the data in files or databases for future retrieval. One common logging service is called syslog (which runs as the syslogd process). This service stores its log files in the /var/log directory, normally in plain-text files that can be viewed directly. Most modern Linux systems use a newer variation of syslogd called rsyslogd, a service that is similar to syslogd but has more configuration features.

Another logging method that is often used in conjunction with rsyslogd is journald. The journald service is a component of systemd, a feature that is used to manage processes during the boot procedure. While journald also stores log files in the /var/log directory, the data is stored in a binary format and displayed via the journalctl command.

Containers

You might be familiar with the concept of virtual machines already. Containers share some of the features of virtual machines but also have some key differences.

A virtual machine (VM) is an operating system that runs within another operating system. A VM is provided virtual components, like CPU and RAM, via an application called a hypervisor. More details on VMs are provided in Chapter 3, “Virtualization.”

A container is like a lightweight VM. It often acts as a separate system; for example, a container is likely to have its own networking configuration, including its own IP address. However, a container doesn’t require all of the components that a VM requires, such as a separate virtual CPU, dedicated RAM, or dedicated hard disk space. As a result, whereas a system can support hundreds of containers, it can support only a handful of concurrently running VMs.

One of the most popular container-based software programs is called docker. With docker you can create and execute containers on Linux-based systems.

Monitoring

Monitoring is a generic term for actively watching activity on a system. A very large number of monitoring tools are available for Linux to monitor process activity (the top command, for example), network activity (wireshark, tcpdump, and so on), system activity (Nagios, Cacti, and so on), and user activity (psacct, who, w, lsof, and so on). Monitoring is a huge topic, but for the Linux+ exam you just need to be aware of what monitoring is; you don’t need to understand the vast array of details and utilities that support monitoring.

Load Balancer

A load balancer is a utility that spreads work across multiple servers or systems. Consider a heavily used website, like www.google.com. If Google had a single web server, the incoming requests would overwhelm the server very quickly. Instead, a load balancer farms out requests to the many Google web servers. Google has never reported how many servers it has, but the estimates are in the millions.

Load balancers are used for many different services, including mail servers, database management servers, and file servers. A group of servers that perform similar functions is called a cluster (see the next section).

Clustering

The term clustering means grouping together a collection of computers to provide a specific service. For example, the collection of web servers that respond to requests to www.google.com is a cluster.

Clusters can be used to provide massive processing power, spread the load between different systems (as described in the preceding section), and provide huge storage space.