Linux Servers
Download as PPTX, PDF0 likes193 views
This document provides an overview of Linux servers and includes sections on Samba, FTP, NFS, Apache, and Docker. Samba allows file sharing with Windows, FTP is used for file transfers, NFS provides file sharing between UNIX/Linux machines, Apache is a popular web server, and Docker provides container-based virtualization. Each section describes the purpose and features of the technology. Security concerns are also briefly outlined for some components.
![Security of Samba
• Some versions of Samba 3.6.3 and lower suffer serious security issues which can
allow anonymous users to gain root access to a system from an anonymous
connection, through the exploitation of an error in Samba's remote procedure
call.
• On 12 April 2016, Badlock, a crucial security bug in Windows and Samba, was
disclosed.
• On 24 May 2017, it was announced that a remote code execution vulnerability
had been found in Samba named EternalRed or SambaCry, affecting all versions
since 3.5.0.
• On 14 September 2020, a proof-of-concept exploit for the netlogon vulnerability
called Zerologon (CVE-2020-1472) for which a patch exists since August was
published.[27] Some federal agencies using the software have been ordered to
install the patch.](https://image.slidesharecdn.com/linuxservers-231003052551-14426371/85/Linux-Servers-4-320.jpg)
Linux Servers
- 2. Contents • Samba Server • FTP Server • NFS Server • Apache Server • Docker
- 3. Samba • Free software re-implementation of the SMB networking protocol • File and print services for various Microsoft Windows clients • Integration with a Microsoft Windows Server domain, either as a Domain Controller (DC) or as a domain member • Version 4 Active Directory and Microsoft Windows NT domains • Runs on most Unix-like systems, such as Linux, Solaris, AIX and the BSD variants, including Apple's macOS Server, and macOS client (Mac OS X 10.2 and greater). • Runs on a number of other operating systems such as OpenVMS and IBM i. • Samba is standard on nearly all distributions of Linux and is commonly included as a basic system service on other Unix-based operating systems as well. • Samba is released under the terms of the GNU General Public License. • The name Samba comes from SMB (Server Message Block), the name of the proprietary protocol used by the Microsoft Windows network file system.
- 4. Security of Samba • Some versions of Samba 3.6.3 and lower suffer serious security issues which can allow anonymous users to gain root access to a system from an anonymous connection, through the exploitation of an error in Samba's remote procedure call. • On 12 April 2016, Badlock, a crucial security bug in Windows and Samba, was disclosed. • On 24 May 2017, it was announced that a remote code execution vulnerability had been found in Samba named EternalRed or SambaCry, affecting all versions since 3.5.0. • On 14 September 2020, a proof-of-concept exploit for the netlogon vulnerability called Zerologon (CVE-2020-1472) for which a patch exists since August was published.[27] Some federal agencies using the software have been ordered to install the patch.
- 5. File Transfer Protocol (FTP) • Standard communication protocol used for the transfer of computer files from a server to a client on a computer network. • Built on a client–server model architecture using separate control and data connections between the client and the server • FTP users may authenticate themselves with a clear-text sign-in protocol, normally in the form of a username and password, but can connect anonymously if the server is configured to allow it. • For secure transmission that protects the username and password, and encrypts the content, FTP is often secured with SSL/TLS (FTPS) or replaced with SSH File Transfer Protocol (SFTP)
- 6. File Transfer Protocol (FTP) • The first FTP client applications were command-line programs and are still shipped with most Windows, Unix, and Linux operating systems. • Many dedicated FTP clients and automation utilities have since been developed for desktops, servers, mobile devices, and hardware. • FTP has been incorporated into productivity applications such as HTML editors and file managers. • An FTP client used to be commonly integrated in web browsers, where file servers are browsed with the URI prefix "ftp://". • Throughout 2021, the two major web browser vendors removed this ability
- 7. Data transfer modes in FTP • Stream mode (MODE S): • Data is sent as a continuous stream, relieving FTP from doing any processing. • Rather, all processing is left up to TCP. • No End-of-file indicator is needed, unless the data is divided into records. • Block mode (MODE B): • Designed primarily for transferring record-oriented files (STRU R), although can also be used to transfer stream-oriented (STRU F) text files. • FTP puts each record (or line) of data into several blocks (block header, byte count, and data field) and then passes it on to TCP. • Compressed mode (MODE C): • Extends MODE B with data compression using run-length encoding.
- 8. Security in FTP • FTP was not designed to be a secure protocol, and has many security weaknesses. • In May 1999, the authors of RFC 2577 listed a vulnerability to the following problems: • Brute-force attack • FTP bounce attack • Packet capture • Port stealing (guessing the next open port and usurping a legitimate connection) • Spoofing attack • Username enumeration • DoS or DDoS
- 9. Network File System (NFS) • A distributed file system protocol originally developed by Sun Microsystems (Sun) in 1984, allowing a user on a client computer to access files over a computer network much like local storage is accessed. • NFS, like many other protocols, builds on the Open Network Computing Remote Procedure Call (ONC RPC) system. • NFS is an open IETF standard defined in a Request for Comments (RFC), allowing anyone to implement the protocol.
- 10. Version of NFS • NFSv1 • for in-house experimental purposes • NFSv2 • operated only over User Datagram Protocol (UDP) • NFSv3 • Support 64 bits file sizes • WebNFS • Allowing it to function behind restrictive firewalls without the complexity of Portmap and MOUNT protocols. • WebNFS had a fixed TCP/UDP port number (2049) • NFSv4
- 11. Apache HTTP Server • Free and open-source cross-platform web server software • Developed and maintained by an open community of developers under the auspices of the Apache Software Foundation. • The vast majority of Apache HTTP Server instances run on a Linux distribution but current versions also run on Microsoft Windows, OpenVMS and a wide variety of Unix-like systems • As of March 2022, Netcraft estimated that Apache served 23.04% of the million busiest websites
- 12. Security of Apache HTTP Server • Can be hacked and exploited. • The main Apache attack tool is Slowloris, which exploits a bug in Apache software. • It creates many sockets and keeps each of them alive and busy by sending several bytes (known as "keep-alive headers") to let the server know that the computer is still connected and not experiencing network problems. • The Apache developers have addressed Slowloris with several modules to limit the damage caused
- 13. Docker • Set of platform as a service (PaaS) products that use OS-level virtualization to deliver software in packages called containers. • The service has both free and premium tiers. • The software that hosts the containers is called Docker Engine. • It was first started in 2013 and is developed by Docker, Inc.