Q1 (a)Web server evaluates whether the requested document is subject to some sort of access control. (b)It receives outgoing emails from clients and sends and receives email from other SMTP servers, but cannot receive any email from email client program. (c)FTP servers can be set up anywhere between game servers, voice servers, internet hosts, and other physical servers. A connection to this port from the FTP Client forms the control stream on which commands are passed to the FTP server from the FTP client and on occasion from the FTP server to the FTP client. (d)Proxy server is a server which services the requests of its clients by forwarding requests to other servers. A client connects to the proxy server, requesting some service, such as a file, connection, web page, or other resource, available from a different server. Q2 (a)
(b) DNS Server:
(Berkeley Internet Name Domain, BIND). It let administrators fully qualify domain names in certain contexts all the way to the root. Unlike other DNS server daemons, BIND offers no means to store and retrieve zone data to/from an LDAP directory without patching its source code. Even this patch requires that each zone stored in LDAP have a zone definition section in the BIND configuration file, somewhat defeating the very purpose of storing the zone in LDAP. Like other systems dating back to the earlier laissez-faire days of the Internet, BIND have had a large number of serious security vulnerabilities over the years and as such their use is now strongly discouraged. BIND also although a complete rewrite, has not experienced a significantly better security history Web Server: Apache. Apache can act as content filters. Refer to Section 10.2.4 Modules and Apache HTTP Server 2.0 for more on how filtering works. Simplified Directives — A number of confusing directives have been removed while others have been simplified. Apache support IPv6 — The next generation IP addressing format. It contain Multilingual Error Responses base on using Server Side Include (SSI) documents, customizable error response pages can be delivered in multiple languages. In addition, Apache support multiple protocols that can use difference services in one server. FTP: VSFTPD. VSFTPD runs as an anonymous FTP server. It can set the configuration file’s anonymous_enable directive to no to disable this feature. VSFTPD allows only anonymous FTP downloads to remote users, not uploads from them: You can change this by modifying the anon_upload_enable directive shown later. VSFTPD runs as an anonymous FTP server: Set the configuration file’s anonymous_enable directive to no to disable this feature. You’ll also need to simultaneously enable local users to be able to log in by removing the comment symbol (#) before the local_enable instruction. VSFTPD allows only anonymous FTP downloads to remote users, not uploads from them: You can change this by modifying the anon_upload_enable directive shown later. Mail Server: Sendmail. A descendant of the original ARPANET delivermail application, Sendmail is a remarkably flexible program, supporting many kinds of mail transfer and delivery including the overwhelmingly popular SMTP. As Sendmail is a complex package with a great deal of functionality, it can be difficult for an inexperienced system administrator to configure. Documentation of the Sendmail system has not always kept pace with changes to the administrative interfaces; despite the availability of macro-based configuration tools, many support websites instruct administrators to directly modify configuration files that should instead be managed by administrative tools. The failure of vendors to update their support materials contributes to the perception of Sendmail as a difficult-to-configure package. Sendmail supports a variety of mail transfer protocols, including SMTP, ESMTP, DECnet's mail11,
HylaFax, QuickPage and UUCP.
Q2 (c) Configuration of network card. /etc/sysconfig/network-scripts/ifcfg-eth0 DEVICE=eth0 NETMASK=255.255.255.248 IPADDR=192.188.100.6 NETWORK=192.188.100.0 BROADCAST=192.188.100.255 ONBOOT=yes BOOTPROTO=none /etc/sysconfig/network NETWOTKING=yes HOSTNAME.ns1.microwork.net GATEWAY=192.188.100.254. Configuration of DNS service /etc/named.conf options { directory
"/var/named";
dump-file
"/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt"; pid-file
"/var/run/named/named.pid";
forwarders
{ 168.95.1.1; 139.175.10.20; };
allow-query { any; }; allow-transfer { none; }; }; include "/etc/rndc.key"; zone "." { type hint; file "named.root";}; zone "localhost" {
type master; file "named.localhost"; }; zone "microwork.net " { type master; file "named.microwork.net "; }; zone "100.188.192.in-addr.arpa" { type master; file " named.192.188.100"; }; include "/etc/rndc.key";
/var/named/chroot/var/named/named.microwork.net $TTL 259200 @
IN
SOA
2000012101
ns1.microwork.net. dns.microwork.net. ( ; Serial number
10800
; Refresh every 3 hours
3600
; Retry every hour
3600000
; Expire after 42 days
259200 )
; Minimum Time to Live (TTL) of 3 days
IN
NS
ns1.microwork.net..
IN
A
IN
MX
127.0.0.1 10 mail.microwork.net.
ns1
IN
A
192.188.100.10
ftp
IN
A
192.188.100.5
www
IN
CNAME ns1.microwork.net.
mail
IN
CNAME ns1.microwork.net.
webmail
IN
CNAME mail.microwork.net..
/var/named/chroot/var/named/named.192.188.100 $TTL 259200 @
IN
SOA
ns1.microwork.net. dns.microwork.net. (
2000012101
; Serial number
10800
; Refresh every 3 hours
3600
; Retry every hour
3600000
; Expire after 42 days
259200 )
; Minimum Time to Live (TTL) of 3 days
IN
dns.microwork.net.
NS
10
IN
PTR
www.microwork.net.
5
IN
PTR
ftp.microwork.net.
Configuration to start CNS service service named start Configuration of Apache: ps –el | grep named /etc/httpd/conf/httpd.conf ServerName 192.188.100.2:80 service httpd start apachect1 configtest Configuration of FTP service: /etc/xinetd.d/vsftpd listen_port=21 connect_timeout=60 accept_timeout=60 data_connection_timeout=200 max_clients=1000 max_per_ip=300 anonymous_enable=YES local_enable=YES local_max_rate=100000 anon_max_rate=50000 write_enable=YES
anon_world_readable_only=YES anon_upload_enable =NO anon_mkdir_write_enable=NO xferlog_enable=YES xferlog_file=/var/log/vsftpd.log Start ftp service: service vsftpd start