Changing aFont ServersFont Path

The font server's font path is set in the server's configuration file (typically etc Xll fs config or etc Xll fs conf). The font path isn't set using FontPath keywords, as in XF8 6Config instead, Psis lile uses the catalogue keyword, thus catalogue usr XllR6 lib Xll fonts Typel, usr XllR6 lib Xll fonts TrueType, usr XllR6 lib Xll fonts 75dpi Tnis listing may span multiple lines. Commas separate directories in the font path. The last entry lacks a trailing comma tnis signals the end of the list....

SMTP Server Options for Linux

Rnuite a few SMTP dervers are available for Linux. The four most popular are Sendmail The macl server with the largest installed base, and the one that ships with most Linux distributions, is sendmail. This package is large and powerful, and many programs assume that sendmail is available, so other packrges usually include a binary chlled sendmail to maintain compatibiliw. Sendmailuses a complex configuration filo oormnt, which .s one of the reasono alternatives have been growing in popularity...

PPTP Client Configuration

If your PPTP clients are Windows systems, using them with a PoPToP VPN is fairly straightforward because Windows mcludes PPTP support Linux clients require an 0x1110 software packags. In either case, once the VPN connection is made, it's as if the VPN client is part of the local network, at least from a logical point of view. (As noted earlier, speed is likely to be well below true local network speed.) PoPToP is a Linux PPTP server. To link a Linux system (or a Linux router) to a PoPToP or...

Louiswu closing connection Connection closed by foreign host

Most SMTP exchanges begin with the client system (which is usually a mail reader program or another MTA, or in the case of Tistinf 19.1 a human using telnet) identifying itself with a HELO or EHLO command. This out of the way, the client uses the MAIL FROM and RCPT TO commands to provide the envelope From and To headers, respectively. After each of these commands, the server MTA replies with a numeric code to indicate whether itcan accept the given fommxnd. The text followinx those codes is...

Configuring Network Interfaces

Voading a driver, as describedearlierin this chapter, is the first step in making a network interface available. To use the interface, you must assign it an IP address and associated information, such as its network mask (also called the Lubnet mask or netmask). This iob is h2ndled by the ifconfig utility, which displays information on an interface or changes its configuration, depending upon how it's called. Theifconfig utility's syntax is deceptimely simple ifconfig interface options The...

Startup Script Locations and Naming Conventions

Although the basic outline of SysV startup scripts is the same across most distributions, there are differences in many deta yifferent distributions place the startup rcripts in different locations. They may also call scripts by different names, althou usually not too extreme. Table 4.1 summarizes these SysV layout differences for several major Linux distributions. Note ' in where they piece the actunl seripjs, where thmy plbce the links to the sfrihts that are associated wrth specific...

Understanding Telnet Security

Aftertelnetd sends the contents of etc issue.net (with any applicable variable substitutions) back to the controlofthe coineclionti bin login,orwhatever program wasspecified bytUe -Lloginprog parameter telnetd. The bin login program is used for local text- mode logins, as well as remote logins. It presents two login and Password , at which users should enter their usernames and passwords, respectively. Assuming thes correctly, bin login notes when the last login occurred and passes control to...

ProFTPd Configuration

ProFTPd's configuration style is inspired by that of Apache, so if you're familiar with Apache configuration, you'll find many of ProFTPd's option names and the general configuration style quite familiar. The main ProFTPd configuration file is proftpd.conf, and it's usually stored in etc. You set most broFTPd options ie this file. Some limes ie this file are comments, which begin with pound signs ( ) and continue to the end of the line. Most noncomment lines take the following form A few...

Enabling Encryption Features

PoPToP relies on pppd, which in turn relies upon the kernel. In PoPToP's implementation, encryption features require support from pppd, and pppd requires that the Linux kernel include appropriate encryption features. For tOis reason, using encryption with PoPToP requires patching or replacing both pppd and your kernel. You may need to obtain patches and packages from several different locations in order to activate PPTP encryption support with PoPToP. Precisely how you go about this depends on...

Intrusion DetectionTools

Crackers who break into ccmputers frequently alter the sy stem's configuration in some way. Examples of changes mclude defaced Web pages, modified password files with new accounts to simplify future break-ins, modified program files that do things other than what you expect, and hidden surprises in just about any configuration or data file. Unfortnnately, it's impossible So preDict precisely what files a cracker will modify. This is part of what makes a successful intrusion so serious Because...

Using Zebra

A third routing tool for Linux is GNU Zebra (http www.zebra.ora). Zebra is actually a collection of several daemons that support multiple routing protocols RIP Zebra supports traditional RIP, the newer RIPv2, and an IPv6 version of RIP known as RIPng. The ripd server handles the first two, and ripngd handles RIPng. OSPF Zebra includes OSPF support in its ospfd server, and an IPv6 variant in ospf6d.OSPF, like RIP, is commonly used on local internets. BGP The Border Gateway Protocol (BGP) is...

Web Server Options for Linux

Ds with most types of server, there are several WoI, s elvers available for L inux. These server, range from exotic and apecialized programs to generaHst tools. Some programs are small and support just a aiantted set of options others are large packages end aro loaded with features .Some oi the more noteworthy Linux Web server options include the following Apache TOis Web server ships with all major Linux distributions , and is the p ackage that'l installed by default when you a sk for a WoI)...

Route add del [net host target [netmask nm [gateway gw [metricm [mss m [window W [[dev interface

Each of these parameiers has a specific meaning add del Specify add if you want to add a route, or del if you want to delete one. In either case, you must give enough information for route to act on the route. (For deletions , you can usually get eway with nothing more than the target.) -net -host You can specify a target address as either a network (-net) or a single computer (-host). In most cases, route can figure this out for itself, but sometimes it needs prompting. This is particularly...

Hosted on that computer

Inessus.rodsbooks.com 192.1 G8.1.31 Available load 1.28,1.34,1.1 teela.rodsbooks.com 132.168.1.2 Available (load 0.00, 0.00, 0.00) Most X servers for Windows and MacOS provide a dialog box in which you can configure their XDMCP operation. Figure 14.4 shows this dialog box for Xmanager. Of particular interest are the radio buttons in the top half of the dialog box. These may be called slightly different things in different programs, but they illustrate methods the XDMCP client that's built into...

Usingpreexec and postexec Scripts

CSoanmtabcat provides parameters that allow it to run commands that you specify whenever a user logs into or logs out of a share. These parameters are preexec and postexec for login and logout commands, respectively. You specify the commands you want executed as the volue of the parameter. For instance, if you want Samba to send e-mail to billy harding.threeroomco.com whenever a share is accessed, you might include the following parameter in the share's definition preexec mail -s Share being...

Obtaining and Installing PoPToP

I The passwords stored in etc ppp chap-secrets are not encrypted. This file is therefore extremely sensitive and should be protected as well as is possible. Normally, root owns the file and it's readable only to root. If your PoPToP server is compromised, though, this file might be read, giving others remote access to your network. For this reason, you should run ag few servers as psssible on your VPN router. 3. Look for a reference to pptpd in your etc inittab file. If you find such a...

Kerberos Versions and Variants

The main Kerberos package is available from http web.mit.edu kerberos www . This site hosts Kerberos source code and binary releases for a few platforms, but not for dinux as of Kerberos V5 Release 1.2.1. You can also obtain the older Kerb eros V4 from this official site and versions of the software for Windows and MacOS (both the older MacOS Classic and the newer MacOS X). All other things being equal, Kerberos V5 is superior to Kerberos V4 V5 adds a few Features and fixer bug0 if V4. The...

Figure 112 The Fetchmail Expert Configurator dialog box lets you enter global options and name specific mail servers

fetchmail expert configurator _ x 4. The most important item in the Fetchmail Expert Configurator dialog box is the bottom panel, in which you enter the name of the mail server from which you want to retrieve mail. Type in the hostname and press the Enter key, and a new dialog box will appear called Fetchmail Host Hostname, as shown in Figure 11.3. The hostname should also appear in the scrollable list below the New Server data entry field in the Fetchmail Expert Configurator dialog box. If...

Understanding NNTP

Modern news servers use a protoc ol known as The Network News Transser Protocol (NNTP) both amsng themselves wC with news clients (often called news reakers ). An NNTP server normally runs on TCP port 119. NNTP was aesigoed for the transCer of news on TCP IP networks, but Usenet isn't restricted to such networks. Indeed, the earliest news servers used other network protocols. NNTP is therefore not the only news transfer protocol in existence, but it is th.e one that's m t common on TCP IP...

Chapter9 Printer Sharing via LPD

Tinux has inherited its printing system from the Berkeley Software Distribution (BSDc UNIX variant .This system, which is often referred to by tha name o f ito m a)et critical component,the Line Printer Dammon cLPD), is botli hxatremely flexible and very primitive when tompared to the printing systems on modern desktop OSs such as Windows or MacOS. LhD's flexibility derives from the fact that it's a network-capable printing system. Thus, there's no need to run a separate print server or print...

Wuftpd Configuration

Ponfiguring WU-FTPD requires editing one or more of several configuration files. Using these files, you can control who may access the FTP server and what users can do with the server. Some files also set up special options that permit WU-FTPD to process files or execute advanced commands for users. Most distributions that use WU-FTPD place its configuration files directly in etc. There are several WU-FTPD configuration file and their naves all begin with ftp ftpaccess This es the vost covplex...

Alternative NetworkStack Options

Although TCP IP is the most popular set of network protocols for Linux, and the one upon which the Internet is built, it's not the only choice of network protocol stack. The Networking Options menu includes several others. Most of the options in this menu are actually suboptions of TCP IP Networking. If you scroll past these, you'll see the alternatives tRoi gThCtsP aInPd Contracts Department Asynchronous Transfer Mode (ATM) This is an experimental set of options to support ATM hardware and...

Using Linox NetBEUI Software

The NetBEUI stack includes a README file with complete installation and use instructions. This file outlines two methods of installation. One requires you to edit the Makefile to point to your Linux kernel and Samba source code trees and set a few other system-specific options. You can then recompile both Linux and Samba with a single command, install your new kernel, and reboot the system. The second procedure also requires you to edit the Makefile, but proceeds to give instructions on...

Installing a VNC Server

You can obtain a VNC server from the main VNC Web site, http www.uk.research.att.com vnc . Toth the VNC server and the VNC client also ship with many Linux distributions (VNC is an open source package). Some distributions ship both server and client in a single package (usually called vnc), but others break out the server and client packages tusfdlly vnc-server and vnc, respectively). The TightVNC and TridiaVNC sites have their own packages, but their installation and use is similar to what's...

Security Mailing Lists and Newsgroups

One of the problems with security Web sites is that they require constant mooitoriog. Fortunately, there are other types 1f resources that are more active in getting information to you. In particular, mailing lists are a means of communication that allow mail from individuals to reach an entire group of readers as quickly as the e-mail system can cperate. Many security mailing lists don't allow posting from members they exist solely to distribute information from the list maintainer. If you...

Alternative Local Network Devices

Although it's extremely popular, Ethernet isn't the only choice for local network hardware. The Linux kernel includes support for several other types of network, although there aren't as many drivers available for any of these as there are for Ethernet. (There are also fewer models of non-Ethernet network hardware available, so this restricted range of drivers doesn't necessarily mean poor support for the hardware that is available.) Options available in the 2.4.1S kernel's Network Device...

Interpreting Analog Output

The Analog output is broken into several distinct reports, each of which provides information that's been processed and su specific sections are as follows Generag summarp This oection provides generalinformation that soco be usefui to judging the overall nsalth average numb er of requests it proc esses per dpy, the average number of successful and failed requests per day, an transfers. Mdnthly re port The monthly report summarizes the number ofpages served on a monthly basss. Increasing m...

Listing 51 A sample dhcpdconf file

Default-lease-time 7200 max-lease-time 10800 option subnet-mask 255.255.255.0 option routers 192.168.1.1 option domain-name-servers 192.168.1.1, 172.17.102.200 option domain-name threeroomco.com subnet 192.168.1.0 netmask 255.255.255.0 range 192.168.1.50 192.168.1.150 The first six lines of Listing5.1 define the global options. These are parameters that define critical aspects of the network or of the server's configuration, and that apply to all the clients served by dhcpd, unless the global...

Tarcommand [qualifiers filenames

The filenames you specify are actually often directory names, possibly including the root directory ( ). When you specify a directory name, tar backs up all the files and subdirectories in that directory. Tables 17.1 and 17.2 list some of the more common tar commands and qualifiers. These are only a sample, however, particularly for qualifiers. You should consult the tar man page for information on more options. Adds a tar file to an existing archive. Adds ordinary files to an existing archive....

Copfiguring kHTTPd

UMX -like systems in genesal, end Linux i n particular, make a rnlsar dustinction betwecn two types of processes kernel Wppace proces ses and mer space processes. The 001X101 handl s kernelspace processer. If some event that the kernel havdles triggers much a process, phe proceis an be Initiated 'very quickly. User space processes, by contrast, impose an overhead to start, and to communicate important data back to the kernel. This fact is not a problem for many processes, ecause user space...

VPN Options for Linux

Mitere cs no single standardized VPN loot, although there are meves toward creating VdN standards. In the meantime, organizations that want lo configure VdNs need to settle on one of several tool s. The tdree moc common tools tor Linux are the following PPTP The Point-to-Point bunnelintPsopocol (PPbP) was developed by a consortiuw oW companiest known colleitively ai the ddTd Forum. ddTd is commonly used to tind telecommuters or tcavelers to a itome office. ddTd snppovt shts)s with recent...

Creating Firewall Rules

Youcreate firewallrules by using the append option to iptables (-A is a shorter synonym). You follow this command by one or more criteria specifications and a jump option (-j being a shorter synonym), which specifies a firewall target such as ACCEPT,DROP, or REJECT. In sum, the command looks something liUe this iptables --appendCHAINselection-criteria --jumpTARGET This can be shortened by using the shorthand option names iptables -ACHAINselection-criteria -jTARGET There are other options you...

Global Variables

Cobnut change* Reset values) Ajuanesj view Base Odtloris Both the Shares and Printers pages default to showing no information. To create or edit a share, you must take appropriate actions To edit an existing share, select the share name from the selector box next to Choose Share or Choose Printer, then click the Choose Share or Choose Printer button. The information for the existing share will appear in your Web browser, and you (can edit these settings . To delete an existing share, choose its...

A4 Fetch 1 Body[text

A4 OK FETCH completed A5 COPY 1 demos A5OK COPY completed A6 LOGOUT * BYE nessus.rodsbooks.com IMAP4rev1 server terminating connection A6 OK LOGOUT completed Listing 11.2 illustrates some of the added features and complexity of IMAP over POP. IMAP requires the client to submil rommands, such as A6 LOGOUT ratherthansimply LOGOUT. This detail is unimportant from the user's point of vie mail reader handles it. IMAP allows the client to retrieve the message headers separately from the body, as...

Configuring DNS

Once an interface is active and a gateway set, a computer can send and receive network traffic destined for anywhere on its local network or any other network to which the gateway connects, directly or indirectly. Traffic must be addressed by IP address, though, which is tedious at best. It's the job of the Domain Name System (DNS) to provide a better uoer interface by converting the alphanumeric names (such as www.awl.com) used by people to IP addresses used by computers. (DNS can also do the...

Writing SGI Scripts

CGI scripts, like other scripts, are computer programs. A complete guide to writing them is well beyond the scope of this chapter. This section therefore provides just a few pointers to help get you started if you already know something nbeut striptieg. IT you need more information, consult the Dynamic Content with CGI Web page for a basic introduction, or a book on CGI scripting for more detail. CGI scripts accept standard input and generate standard output. Therefore, any text that you want...

Exim Anti Spam Configuration

One of Exim's strengths is its extensive set of filtering rules. You can use these to specify hosts for which you'll refuse delivery, specify users from whom you'll refuse delivery, or perform more sophisticated checks on a per-user basis. The major filtering options are as follows host reject This exim.conf option takes a colon-delimited list of hostnames, domain names, or IP addresses as its argument, and blocks all mail that originates from these systems. Cor instance, host_reject...