Tài liệu TCP/IP Network Administration- P12 ppt

[Chapter 13] Internet Information Resources Another browser service that is often used by a network administrator is FTP.. [Chapter 13] Internet Information Resources Reading important a

Trang 1

[Chapter 13] Internet Information Resources

some other browsers this field is labeled "Location" or "Netsite," but in all cases it performs the same function: it holds the path to the information resource In the example the location is

http://csrc.nist.gov/secalert/ "URL" stands for universal resource locator It is a standard way of

defining a network resource and it has a specific structure:

service://server/path/file

In the sample URL, http is the service; csrc.nist.gov is the server; and secalerts is the path to the

resource contained on that server This tells the browser to locate a host with the domain name

csrc.nist.gov, and to ask it for the hypertext information located in the secalerts path Hypertext is not

the only type of information that can be retrieved by a browser The browser is intended to provide a consistent interface to various types of network resources HTTP is only one of the services that can

be specified in a URL

A Web browser can be used to view local hypertext files This is how the gated documentation is

delivered Figure 13.2 shows a network administrator reading the gated documentation The URL in

Figure 13.2 is file://localhost/usr/doc/config_guide/config.html The service is file, which means that the resource is to be read via the standard filesystem The server is the local host (localhost) The path

is /usr/doc/config_gated, and the file is config.html.

Figure 13.2: Reading GateD documentation

file:///C|/mynapster/Downloads/warez/tcpip/ch13_01.htm (3 of 6) [2001-10-15 09:19:02]

Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.

Trang 2

Another browser service that is often used by a network administrator is FTP Figure 13.3 shows a network administrator using a browser to download software The URL in Figure 13.3 is

ftp://ftp.ncsa.edu/Web/Mosaic/Unix/binaries/2.6 FTP is the service used to access the resource,

which in this case is a binary file The server is ftp.ncsa.edu, which is the anonymous FTP server at the National Center for Super Computing Applications The path is /Web/Mosaic/Unix/binaries/2.6

and the file is any of the files listed on the screen

Figure 13.3: Browser FTP interface

Trang 3

Reading important announcements and documentation and downloading files are probably the most common uses a network administrator has for a Web browser There are, however, many other things that can be done with a browser and a huge number of resources available on the network A detailed

discussion of browsers and the Web is beyond the scope of this book See The Whole Internet User's

Guide and Catalog, by Ed Krol (O'Reilly & Associates), for a full treatment of these subjects.

The browser provides a consistent interface to a variety of network services But it is not the only way, or necessarily the best way, to access all of these services In particular, it may not be the fastest

or most efficient way to download a file Figure 13.3 shows a file being downloaded from an

anonymous FTP server An alternative is to invoke ftp directly from the command-line interface.

Trang 4

Administration

Next: 13.2 Anonymous FTP

Trang 5

[Chapter 13] 13.2 Anonymous FTP

Previous: 13.1 The World

Wide Web

Chapter 13 Internet Information Resources

Next: 13.3 Finding Files

13.2 Anonymous FTP

Anonymous FTP is mentioned throughout this book as a technique for retrieving publicly available

files and programs from the many FTP servers around the Internet Anonymous FTP is simply an ftp

session in which you log into the remote server using the username anonymous and, by convention,

your email address as the password [1] The anonymous FTP example below should make this simple process clear:

[1] Some FTP servers request your real username as a password

% ftp ftp.ncsa.edu

Connected to ftp.ncsa.uiuc.edu

220 FTP server Wed May 21 1997 ready

Name (ftp.ncsa.edu:kathy): anonymous

331 Guest login ok, use email address as password

ftp> get Mosaic-hp-2.6.Z Mosaic.Z

200 PORT command successful

150 Opening BINARY mode data connection for Mosaic-hp-2.6.Z

226 Transfer complete

local: Mosaic.Z remote: Mosaic-hp-2.6.Z

809343 bytes received in 3.5 seconds (2.3e+02 Kbytes/s)

ftp> quit

221 Goodbye

In this example, the user logs into the server ftp.ncsa.edu using the username anonymous and the password kathy@nuts.com, which is her email address With anonymous FTP, she can log in even though she doesn't have an account on ftp.ncsa.edu Of course what she can do is restricted, but she

can retrieve certain files from the system, and that's just what she does She changes to the

/Web/Mosaic/Unix/binaries/2.6 directory and gets the compressed file Mosaic-hp-2.6.Z The file is

retrieved in binary mode

Trang 6

1 Add user ftp to the /etc/passwd file.

2 Create an ftp home directory owned by user ftp that cannot be written to by anyone.

3 Create a bin directory under the ftp home directory that is owned by root, and that cannot be

written to by anyone The ls program should be placed in this directory and changed to mode

111 (execute-only)

4 Create an etc directory in the ftp home directory that is owned by root, and that cannot be written to by anyone Create special passwd and group files in this directory, and change the

mode of both files to 444 (read-only)

5 Create a pub directory in the ftp home directory that is owned by root and is only writable by

root, i.e., mode 644 Don't allow remote users to store files on your server, unless it is

absolutely necessary and your system is on a private, non-connected network If you must

allow users to store files on the server, change the ownership of this directory to ftp and the

mode to 666 (read and write) This should be the only directory where anonymous FTP users can store files

The following examples show each of these steps First, create the ftp home directory and the required subdirectories In our example, we create the ftp directory under the /usr directory.

Create a group that will be used only by anonymous FTP, a group that has no other members In our

example we create a group called anonymous An entry for this new group is added to the /etc/group file, and a file named /usr/ftp/etc/group is created that contains only this single entry.

Trang 7

Set the correct ownership and mode for each of the directories The ownership of /usr/ftp/pub,

/usr/ftp/bin, and /usr/ftp/etc do not need to be changed because the directories were created by root.

If you must allow users to write their own files in the pub directory, make the following changes: [2]

[2] This opens a large security hole Allow users to write their own files to the

anonymous FTP server only if you must

# chown ftp pub

# chmod 666 pub

For most UNIX systems, the installation is complete But if you have a Sun OS 4.x system, a few

more steps are necessary The dynamic linking used by Sun OS requires that the ftp home directory

contains:

1 The runtime loader

2 The shared C library

3 /dev/zero

Trang 8

[Chapter 13] 13.2 Anonymous FTP

These Sun-specific steps are shown in the following examples First, create the directory

/usr/ftp/usr/lib, then copy the files ld.so and libc.so.* into the new directory, and set the file

Now you can copy the files you wish to make publicly available into /usr/ftp/pub To prevent these

files from being overwritten by remote users, set the mode to 644 and make sure the files are not

owned by user ftp.

Once you complete the configuration steps necessary for your system, test it thoroughly before

announcing the service Make sure that your server provides the anonymous FTP service you want, without providing additional "services" that you don't want (such as allowing anonymous users access

to files outside of the ftp home directory) Anonymous FTP is a potential security risk If you offer

this service at all, limit the number of systems at your site that provide it (one is usually enough), and take care to ensure that the installation is done properly

Previous: 13.1 The World

Wide Web

TCP/IP Network Administration

Next: 13.3 Finding Files

Trang 9

[Chapter 13] 13.3 Finding Files

Previous: 13.2 Anonymous

FTP

Next: 13.4 Retrieving RFCs

13.3 Finding Files

Anonymous FTP requires detailed knowledge from the user To retrieve a file, you must know the FTP server and the directory where the file is located When the network was small, this was not a major problem There were a limited number of important FTP servers, and they were well stocked

with files You could always ftp to a major server and search through some directories using ftp's ls

command This old approach is not compatible with a large and expanding Internet for two reasons:

● There are now thousands of major anonymous FTP servers Knowing them all is difficult

● There are now millions of Internet users They cannot all rely on a few well-known servers

The servers would quickly be overwhelmed with ftp requests.

archie is an application designed to help with this problem It provides a database of information

about anonymous FTP sites and the files they contain

servers the file is available from

archie can be used in four different ways: interactively, through electronic mail, via a Web browser,

or from an archie client To use archie interactively, telnet to one of the archie servers [3] Log in

using the username archie and no password At the archie> prompt, type help to get a full set of interactive archie commands.

[3] The list of publicly accessible servers is available at

http://www.bunyip.com/products/archie/world/servers.html

Trang 10

There are many interactive archie commands, but the basic function of locating a program that is

accessible via anonymous FTP can be reduced to two commands

prog pattern

Display all files in the database with names that match the specified pattern

mail address

Mail the output of the last command to address, which is normally your own email address

The following example uses both of these commands to interactively search for gated-R3_5_5.tar, and then mail the results of the search to craig@peanut.nuts.com.

# Bunyip Information Systems, Inc., 1993, 1994, 1995

archie> prog gated-R3_5_5.tar

# Search type: sub

# Your queue position: 1

# Estimated time for completion: 5 seconds

working O

Host ftp.zcu.cz (147.228.206.16)

Last updated 11:32 27 Jun 1997

Location: /pub/security/merit/gated

FILE -r r r 1460773 bytes Jan 1997 gated-R3_5_5.tar.gz

archie> mail craig@peanut.nuts.com

archie> quit

The archie output provides all of the information you need to initiate an anonymous FTP transfer:

● The name of the server (ftp.zcu.cz in our example)

● The directory on the server that contains the file (/pub/security/merit/gated in our example)

● The full name of the file (gated-R3_5_5.tar.gz in our example)

You can also use archie by sending email to archie at any one of the archie servers; for example,

archie@archie.internic.net The text of the mail message must contain a valid archie email command

Trang 11

To get a complete list of archie email commands, send mail containing the help command to one of

the servers In the example below, the email help file is requested from archie.internic.net.

Trang 12

Enter the name of the program you want to locate in the Search for: box and press the Searchbutton Your browser displays the search results with links directly to the file you're seeking For

example, assume we rerun the search for gated-R3_5_5.tar.gz using the

http://archie.bunyip.com/archie.html Web page The server returns a list of eight matches, the first of

which is the anonymous FTP server at ftp.zcu.cz The filename gated-R3_5_5.tar.gz that is displayed next to the FTP server is a link Clicking on the link transfers the file from ftp.zcu.cz to your system

Search and retrieval all in one interface!

While the Web browser provides the easiest interface to archie, some people prefer to run an archie client on their local system Using an archie client reduces the load on the servers and improves

responsiveness for the user If you believe you'll access archie very frequently, it might be worth setting up an archie client.

13.3.1.1 archie client software

archie client software is available via anonymous FTP from the ftp.bunyip.com server The software

is stored in the pub/archie/clients directory The README file in this directory provides a short

description of each type of client There are at least three different client software packages for UNIX:

an X windows client and two command-line clients, one written in C and the other written in Perl

Check the archie servers for the latest developments in client software.

This section uses the command-line archie client written in C as an example The C code and the

instruction to make the client are all contained in the c-archie-1.4.1.tar.gz file from ftp.bunyip.com

Once the client has been made and installed, it is invoked using the command:

% archie [options] string

The string is the name of the file that you are asking archie to find It can be the exact filename, a

substring of the name, or a regular expression

The options control how the string is interpreted The -e option searches for a filename that exactly

matches the string; the -s option matches on any record that contains the string as any part of the filename; and the -r option interprets the string as a UNIX regular expression when looking for

matches

The following example uses the archie client to search for sites from which the ppp software can be retrieved The search uses a regular expression that will match any compressed tar file with a name that starts with ppp.

Trang 13

% archie -r '^ppp.*\.tar\.Z' > ppp.locations

Our example stores archie's output in the file ppp.locations You can then examine ppp.locations to

find the closest FTP server that has the latest version of the ppp tar file Redirecting the output to a file is usually a good idea because archie often produces a lot of output By default, the archie client

will return as many as 95 matches to the search To limit the number of matches returned, use the

option -mn, where n is the maximum number of matches archie should return For example, -m5

limits the search to five matches

The archie database is frequently out-of-date or dominated by obscure FTP servers that have poor connectivity This limits its utility But sometimes archie is the only place you have to start your

search for a file

Previous: 13.2 Anonymous

FTP

Next: 13.4 Retrieving RFCs

Trang 14

[Chapter 13] 13.4 Retrieving RFCs

Internet Information Resources

Next: 13.5 Mailing Lists

of the RFC you want Figure 13.5 shows a network administrator scrolling through the index looking for RFC 1122

Figure 13.5: The RFC index

Trang 15

In another example the network administrator does not know which RFCs contain the information she

is looking for, but she knows what she wants The administrator is trying to find out more about the SMTP service extensions that have been proposed for Extended SMTP Figure 13.6 shows the four RFCs displayed as a result of her query

Figure 13.6: An RFC Web search

Trang 16

The Web provides the most popular and best method for browsing through RFCs However, if you know what you want, anonymous FTP can be a faster way to retrieve a specific document RFCs are

stored at ds.internic.net in the rfc directory It stores the RFCs with filenames in the form rfcnnnn.txt

or rfcnnnn.ps, where nnnn is the RFC number and txt or ps indicates whether the RFC is ASCII text or

PostScript To retrieve RFC 1122, ftp to ds.internic.net and enter get rfc/rfc1122.txt at the ftp>prompt This is generally a very quick way to get an RFC, if you know what you want

To help you find out which RFC you do want, get the rfc-index.txt file It is a complete index of all RFCs by RFC number, and it's available from ds.internic.net in the rfc directory You'll only need to

Trang 17

get a new RFC index occasionally Most of the time, the RFC you're looking for has been in

publication for some time and is already listed in the index Retrieve the RFC index and store it on your system Then search it for references to the RFCs you're interested in

13.4.1 Retrieving RFCs by mail

While anonymous FTP is the fastest way and the Web is the best way to get an RFC, they are not the only ways You can also obtain RFCs through electronic mail Electronic mail is available to many users who are denied direct access to Internet services because they are on a non-connected network

or are sitting behind a restrictive firewall Also, there are times when email provides sufficient service because you don't need the document quickly

Retrieve RFCs through email by sending mail to mailserv@ds.internic.net Leave the Subject: line

blank Request the RFC in the body of the email text, preceding the pathname of the RFC with the keyword FILE In this example, we request RFC 1258

Next: 13.5 Mailing Lists

Trang 18

[Chapter 13] 13.5 Mailing Lists

Previous: 13.4 Retrieving

RFCs

Next: 13.6 The White Pages

13.5 Mailing Lists

Mailing lists bring together people with similar interests to exchange information and ideas Most mailing lists run under usage guidelines that restricted discussion to a specific topic Mailing lists are often used as places to report problems and get solutions, or to receive announcements Some mailing lists are digests of newsgroups.

There is an enormous number of mailing lists The list-of-lists contains information about many of the

mailing lists that are of interest to network administrators [4] Use a Web browser to search for mailing lists that interest you at http://catalog.com/vivian/interest-group-search.html If you prefer, the list-of-lists can be

downloaded via anonymous FTP from nisc.sri.com in the file netinfo/interest-groups.txt and searched with

standard UNIX tools Either way, you get the same information The following example is the list-of-lists entry for the Berkeley Internet Name Domain (BIND) software mailing list:

[4] Despite its large size, not every network administration mailing list is contained in the

interest-groups.txt file You hear about some lists by word of mouth.

list If the list is manually maintained, as in the BIND example above, send your enrollment request to

listnamerequest@host where listname is the actual name of the list, and is followed by the literal string

-request The -request extension is widely used as the address for administrative requests, such as being

added to or dropped from a list, when lists are manually maintained For example, to join the BIND mailing

list, send your enrollment request to bind-request@uunet.uu.net All other correspondence is sent directly to bind@uunet.uu.net.

Many mailing lists automate list management with programs like majordomo and LISTSERV You can tell

Trang 19

the type of server being used by looking at the subscription address in the list-of-lists The user portion of that address will be either "majordomo" or "LISTSERV," depending on the server being used To subscribe

to a majordomo list, send email to the subscription address and type the following in the body of the

message:

subscribe list-address your-address

where list-address is the address of the email list, and your-address is your email address.

To subscribe to a LISTSERV mailing list, send email to the subscription address with the following in the message body:

subscribe list your-name

where list is the name of the list, not necessarily its address, as that name appears in the first line of its of-lists entry your-name is your first and last name This is not your email address LISTSERV takes your email address from the email headers.

Network news is delivered over TCP/IP networks using the Network News Transfer Protocol (NNTP)

NNTP is included as part of the TCP/IP protocol stack on most UNIX systems and requires no special

configuration The only thing you need to know to get started is the name of your closest network news server Ask your ISP Most ISPs provide network news as part of their basic service.

NNTP is a simple command/response protocol The NNTP server listens to port 119:

Connection closed by foreign host.

A help command sent to this server would have produced a list of 23 NNTP commands Luckily this is not

Trang 20

how you read network news You use a newsreader.

UNIX systems often include a news reader Our sample Linux system includes several different readers: nn,

rn, tin, and trn Your system may have anyone one of these or another newsreader See the appropriate

manpage for specific instructions on using a particular reader.

Regardless of the reader you have, they all have certain things in common They all provide a way to

subscribe to a news group, read articles from the group, and post your own articles to the group In this trn

example from our Linux system, the titles of the first 26 articles in the comp.os.linux.announce group are

listed To read an article, the user scrolls down to select the article and presses Enter All readers provide a similar interface.

comp.os.linux.announce 50 articles (moderated)

a root 1 Ringconnect

b Clark 1 NTLUG Meeting

d Dave 1 Caldera

e Martin 1 Linux Users Group Meeting

f Evan 1 COMDEX Canada

g Jimn 1 Salt Lake Linux Users Group

i Tyde 1 San Fransisco Linux users' group

j Andy 1 Worcester Linux Users' Group

l Bob 1 MELUG meeting

v Ted 1 Important notice

w Kamran 1 DIPC available

x Ken 1 Web site

y Cindy 1 CD-ROM available now!

z Bishop 1 C program documentation tool

Select threads (date order) Top 38% [>Z]

Our sample Solaris system doesn't include any news readers mentioned above But it doesn't matter News is supported in the Netscape Navigator Web browser Selecting Netscape News from the Windows menu in the Netscape browser opens a news reader Figure 13.7 shows us reading news from comp.os.linux.

Figure 13.7: Netscape news interface

Trang 21

There are many, many newsgroups Most of the newsgroups that are of interest to a network administrator

are found in the comp category comp.os contains sub-groups for various operating systems comp.unix lists groups for various flavors of UNIX comp.networks and comp.internet provide information about networks and the Internet comp.security and comp.virus provide security information.

There is a tremendous amount of dross in most news groups But if you need a question answered or

information on a specific topic, they can be invaluable.

Trang 22

Previous: 13.4 Retrieving

RFCs

Next: 13.6 The White Pages

Trang 23

[Chapter 13] 13.6 The White Pages

Internet Information Resources

Next: 13.7 Summary

13.6 The White Pages

archie helps you locate important programs The Web helps you retrieve important documents whois

helps you locate important people One of the most important pieces of information in a network is who is

in charge at the other end In Chapter 11, Troubleshooting TCP/IP , we pointed out that it is important to

know who is responsible for the other end of the link when troubleshooting a network problem whois is a

tool that helps you find this out

whois obtains the requested information from the Internet white pages The white pages is a database of

information about responsible people that is maintained by the InterNIC When you request an official

network number or domain name, you are asked to provide your NIC handle, which is the index of your

personal record in the white pages database If you don't have a handle, the InterNIC assigns you one and automatically registers you in the white pages Because of this, everyone who is responsible for an official network or domain has an entry in the white pages, and that entry can be retrieved by anyone who needs to contact them

Many UNIX systems provide a whois command to query the InterNIC white pages The general form of

this command is:

% whois [-h server] name

The name field is the information to be searched for in the white pages database The server field is the name of a system containing the white pages Use rs.internic.net to locate responsible people, which is the

default on most systems

In the following example, we search for an entry for Craig Hunt An individual's name is entered in the white pages as: last-name, first-name initial So we ask to search for Hunt, Craig [5]

[5] whois hunt would return several matches Be as specific as possible to reduce the

number of matches

% whois 'Hunt, Craig'

[rs.internic.net]

Hunt, Craig (CH999) info@foo.bar +1 (123) 555 6789

Hunt, Craig W (CWH3) Hunt@ENH.NIST.GOV (301) 975-3827

To single out one record, look it up with "!xxx", where xxx is the

Trang 24

handle, shown in parenthesis following the name, which comes first.The InterNIC Registration Services Host contains ONLY Internet

Information (Networks, ASN's, Domains, and POC's)

Please use the whois server at nic.ddn.mil for MILNET Information

If multiple matches are returned, as in this case, follow with a query for the individual's NIC handle to get the full information display To query for the NIC handle, which is the field enclosed in parentheses

directly following the username, simply enter the handle on the whois command line The message at the end of the sample output implies that handles are entered as !xxx This is not true The UNIX whois

command does not require the ! syntax For example, to get more details about CWH3, enter:

% whois cwh3

[rs.internic.net]

Hunt, Craig W (CWH3) Hunt@ENH.NIST.GOV

National Institute of Standards and Technology

Computer Systems and Communications Division

Technology Building, Room A151

Gaithersburg, MD 20899

(301) 975-3827 (FTS) 879-3827

Record last updated on 03-Dec-90

Database last updated on 15-Jul-97 04:35:06

User information is generally only useful if you know exactly who you want to send email to and you don't know his or her address The white pages database contains several other kinds of records, a few of which are very helpful for locating the people responsible for networks, domains, and hosts throughout the

Internet These record types are:

Provides general information about the specified host This record type is not as useful as the others

These record types can be used in the whois query to speed processing and limit the amount of output All

of the record types shown above can be abbreviated to their first two letters

A sample query for the domain ora.com produces the following results:

% whois 'do ora.com'

O'Reilly & Associates (ORA-DOM1)

101 Morris Street

Trang 25

Sebastopol, CA 95472

Domain Name: ORA.COM

Administrative Contact, Technical Contact, Zone Contact:

Pearce, Eric (EP86) eap@ORA.COM

707-829-0515 x221

Billing Contact:

Johnston, Rick (RJ724) rick@ORA.COM

707-829-0515 x331

Record last updated on 28-Jan-97

Record created on 14-Jun-89

Database last updated on 15-Jul-97 04:35:06 EDT

Domain servers in listed order:

NS.ORA.COM 207.25.97.8

NS.SONGLINE.COM 204.148.41.1

The query displays the name, address, and telephone number of the contacts for the domain, as well as a list of hosts providing authoritative name service for the domain

To query the host record for a specific host, in this case one of the name servers listed above, simply query

the desired hostname For example, to find out more about ns.songline.com, enter:

% whois 'host ns.songline.com'

[No name] (NS2441-HST)

Hostname: NS.SONGLINE.COM

Address: 204.148.41.1

System: Sun Sparc20 running Solaris 2.4

Record last updated on 21-Aug-95

Database last updated on 15-Jul-97 04:35:06 EDT

This query displays the hostname, IP address, and the system type: essentially the same information we could get from DNS

A much more interesting query is for the point of contact for a specific network To find out, enter a whois

query with the network number In our example, the IP address of one of the servers is 207.25.97.8 This is

a class C address, so the network number is 207.25.97.0 The query is constructed as shown in the example below:

Tiêu đề	Internet Information Resources
Trường học	Not specified
Chuyên ngành	Network Administration
Thể loại	Giáo trình

Định dạng
Số trang	50
Dung lượng	349,75 KB