SYSTEM SOFTWARE & ADMINISTRATION

2006 SOLUTION
1.A)STATE WHETHER THE STATEMENTS ARE TRUE OR FALSE: i)Two pass assembler is used to remove the problem of forward referencing.(T) ii)There are 6 run levels available in Linux.(F) iii)Kernel is loaded before the boot strap loader is loaded.(F) iv)Assembler always generates machine dependent codes.(T) v)fsck command is used to format the file system.(F) 1.B)GIVE ANSWERS IN BRIEF OF THE FOLLOWING: a)What is the full form of DLL file? Ans.Dynamic Link Library. b)What is inode?
Ans. An inode is a data structure on a filesystem on Linux and other Unix-like operating systems that stores all the information about a file except its name and its actual data. When a file system is created in UNIX, a set amount of inodes is created, as well. Usually, about 1 percent of the total file system disk space is allocated to the inode table.

c)How ext2 file system differs from FAT32 file system? Ans.:
ext2 was designed to make it easier for new features to be added, so that it can constantly evolve into a better file system. Users can take advantage of new features without reformatting their old ext2 file systems. ext2 has theadded bonus of being designed to be POSIX-compliant. FAT is one of a few different file systems used with Windows over the years.Almost every computer user has used FAT at one time or another, since it was the sparse base operating system at the heart of all Windows operating systems.FAT was originally created for QDOS and used on 360K (double density, double-sided) floppy disks. Its address space has since been extended from 12 bit to 32 bit, so it can handle very large file systems.

d)Why /etc/hosts file is used? Ans.

Linux gives us the ability to store a list of hostnames and their corresponding IP addresses in

/etc/hosts, so that we dont have to look them up in DNS every time we use them. While we shouldnt do this with every hostname we ever use, one of the advantages gained by configuring often-used hostnames in this way includes the ability to alias a fully qualified hostname to a shorter version of itself.We should put the hostnames and IP addresses of all our monitored servers in /etc/hosts. Thisway, our monitoring software looks into /etc/hosts to get the proper IP addresses, instead of relying on DNS.

e)What is the name of the daemon used in DNS configuration in Linux? Ans.BIND(Berkeley Internet Name Daemon)

MODULE-I
2.a)Describe the process of 2-pass assembler using flowchart. Ans.Explained in Note PNO-15

b)Why 2-pass assembler is used instead of 1-pass assembler? Ans.Module-1 notes (page 13 q.6). c)What are the functions of POT & MOT? Ans.. POT : POT stands for Pseudo-Operation Table.It indicates the symbloic mnemonic and action to be taken for each pseudo-op in Pass-1 and Pass-2. MOT : MOT stands for Machine Operation Table.It indicates the symbolic mnemonic for each instruction and its length. d)Why different tables are used for handling literals and symbols? Ans. It is used to store the literals that are encountered during the processing and its corresponding location value. Whereas the Symbol Table is used to store the label and its corresponding value prepared by Pass-I. 3.a)Describe the basic difference between MACRO and subroutine. Ans. A macro represents a commonly used group of statements in the source programming language. The macro processor replaces each macro instruction with the corresponding group of source language statements. This is called expanding the macros. Whereas a subroutine is a group of instructions that performs a well-defined task when it is called.

3.b)Describe the algorithm using using flow charts to expand macro statements (sequential) used in assembly language program.Describe the difficulty faced when nested macro definition or macro call within macro is used. Ans. IN THE NOTE PNO-5 3.c)What is compile-and-go loader?How does it differ from absolute loader? Ans. One method of performing the loader functions is to have the assembler run in one part of memory and place the assembled machine instructions and data,as they are assembled directly into their assigned memory locations. When the assembly is completed,the assembler causes a transfer to the starting instruction of the program. Such a loading scheme is called compile-andgo loader. It is relatively easy to implement. The assembler simply places the code into core and the loader consists of one instruction that transfers to the starting instruction of the newly assembled program. Absolute loader is the simplest type of loader scheme. In this case,the assembler outputs the machine language translation of the source program in almost the same form as in the 'compileand-go' loader,except that the data is punched on objects instead of being placed directly in memory. The loader in turn simply accepts the machine language text and places it into core at the location prescribed by the assembler. These are simple to implement. It must be specified to the assembler the address in the core where the program is to be loaded. If there are multiple subroutines,the address of each must be remembered and must be used explicitly in other subroutines to perform subroutine linkage. 4.a)Describe the functions maintained by the system administrator. Ans.i)Installing and configuring servers.:Whenever a server is connected to outside one's physical control,security issues arise.One wants users to have secure access to the things they need but at the same time not let the system open up to the whole world. ii)Installing and configuring application software.:Although it is possible for individual
users to install some applications in their home directories drive space set aside for their own files and customizations these applications may not be available to other users without the intervention of the user who installed the program or the system administrator. Besides, if an application is to be used by more than one user, it probably needs to be installed higher up in the Linux file hierarchy, which is a job that only the system administrator can perform.

iii)Creating and maintaining user accounts.

Not just anyone can show up and log on to a Linux machine. An account must be created for each user and no one but the system administrator can do this.

iv)Backing up and restoring files.

there is considerable need to back up important files so that the system can be up and running again with minimal disruption in the event of hardware, security, or administration failure. Only the system administrator may do this.

v)Monitoring and tuning performance.

On a modern standalone system, Linux runs pretty quickly. If it doesnt, theres something wrong something the system administrator can fix.System tuning is an

ongoing process aided by a variety of diagnostic and monitoring tools. Some performance decisions are made at installation time, while others are added or tweaked later.

vi)Configuring a secure system.

The system administrators task, first and foremost, is to make certain that no data on the machine or network is likely to become corrupted, whether by hardware or power failure, misconfiguration or user error (to the extent that the latter can be avoided), or malicious or inadvertent intrusion from elsewhere.

4.b)Using GRUB as the boot loader and assuming all the required files are in the /boot directory describe the process of loading the kernel and starting the OS. Ans.When we turn on our PC it runs a program called the basic I/o system(BIOS).The BIOS is the only way to communicate with the system components until the OS is up and running and able to take over system management functions. After the BIOS loads,it performs some diagnosis on the system hardware,checks the installed components to be sure they are functioning and checks the system RAM. Next the BIOS tries to find a system drive from which it can load the boot program to begin the process of starting the OS. We can specify the search order for the drives by the settings in the system BIOS configuration which we can typically access by entering some key combiinations while the system is performing its POST(power on self test). The master IDE device is the frist drive to boot.The first sector of the drive has an area called the MBR(master boot record) which holds the program that is used to begin the actual loading of the OS.As soon as the BIOS finds the MBR,it gives up control of the boot process.A boot loader begins the loading of the OS.The boot loader program used is called GRUB. The GRUB program uses a 2 step process to begin loading the OS.these two steps are typically refered to as stage one and two.In stage one a program on the MBR is used to find the second stage program that will begin the process of loading the OS into the system memory.GRUB uses a configuration file called /boot/grub/grub.conf to provide information to the second stage loader. The next step in the boot process is the actual loading of the kernel.The kernel is always located in the /boot directory. GRUb has one more task to do and that is to load a ramdisk image called initrd that has the same version number as the kernel we are going to load into system memory.initrd loads any special drivers that might be needed by the kernel to load the OS. The first thing the kernel does after taking over from GRUB is to prepare the system memory for use.Next,all system hardware is probed and configured if possible.The kernel uncompresses the initrd in RAM,mount it as a ramdisk and then runs linuxrc in the ramdisk.this can be a command file like a regular rc file or a symlink to init on initrd.If the former it runs the commands in there,sets the real root device at the end and returns the commands in /etc/inittab on the ramdisk like amy other Linux boot process. Initrd files use /Linux as a command script,the initrd and its linux scripts are very important now a days because that's what mounts /proc,/sys,/dev/shm,starts udev and hotplug,insmods special drivers such as SCSI drivers.Most of the time the kernel is able to auto-detect and

configure hardware devices but sometimes especially with new devices,the kernel can't properly configure them.After the kernel has configured all the system devices and mounted the system drives,it runs the /sbin/init command. The /sbin/init command is the first system process that runs after the kernel has configured the system devices and mounted the system drives.the /init program is like a project manager of the system because it manages the remaining staps of booting the system and is the parent or grand parent of all the rest of the automatically started system boot processes.Basically the init program co-ordinates the order of the many scripts ,it will run to complete system set up.The first script init runs is the /etc/rc.d/rc.sysinit script.This script starts system swap,checks the file system and performs other system initialization.Then the init command refers to the /etc/inittab script to get information about how to start the system,which system initialization script to run and bring the system to the runlevel indicated in the intatb script.After a typical installation the default run level is set to runlevel 5. 4.c)How to change the current run level of a system without restarting the machine? Ans. i)open the /etc/initab file which contains the default runlevel of a system. ii)edit the line that says 'id:5:initdefault'.Here 5 indicates that the current runlevel is set to 5. iii)put any run level desired in place of 5.Put the desired runlevel value in place of 5.Now the runlevel will be changed.Setting the default runlevel to 0 or 6 is strictly prohibited. iv)save and close the file.Make the changes permanent. v)run level will changed to the modified value. 4.d)How to boot the machine in sigle user mode from LILo boot loader prompt? ANS.
At the LILO boot prompt if graphical LILO is used then first following key combination [CTRL] & [-] & [x] needs to be pressed. This should be done to exit the graphical screen and go to the boot: prompt. In the boot prompt following command is used to enter as a single user mode from LILO boot loader prompt. Boot : linux single

4.e)Describe the functions of runlevel 3,4,5 and explain what will happen if the default run level is set to 6 or 0. ANS. run level 3 Full multiuser mode(with TUI) run level 4 Not used. Run level 5- Full multiuser mode with GUI. The task of run level 6 is to rebbot the system and that of run leve 0 is to halt the system.Thats why it is advised not to set the default run level set to these two values. 5.a)Create the user with the following configuration: user name : test

password : test 123 user id : 1000 group id : 1000 (create the group first) home : /home/test login shell : /bin/bash Ans. To add a user with the given parameters we have to create the group with id 1000: groupadd -g 1000 mygroup Now we can add the user as follows: useradd -g mygroup -p test123 -s /bin/bash -u 1000 test OPTIONS DESCRIPTIONS -g group Sets the user's primary group membership or login group to 'group' -p passwd Sets the account password to the encrypted password passwd. -s shell Sets the user's default shell to shell. -u uid Sets the user's uid which must a unique number (by default the name of the home directory would be /home/test) 5.b)Describe the format used used in /etc/passwd and /etc/shadow file. Ans. In /etc/passwd there are 7 fields in each row separated by : s.The fields are as follows: i)user name ii)password iii)user id iv)group id v) uidgid (for user related comments) vi) user home address vii)user shell address On the other hand the /etc/shadow file stores secure user account information.This file contains the following fields separated by : s:i)The account name ii)The account's encrypted password iii)The number of days since jan 1,1970 that the password was last changed. iv)The number of days permitted before the password can be changed. v)The number of days after which the password must be changed. vi)The number of days before the password expires that the user is warned the account will expire. vii)The number of days after the password expires before the account is disabled. viii)The number of days since jan 1,1970 after which the account is disabled. ix)Reserved for future use. 5.c)Configure the ethernet interface with the following parameters: IP address: 10.10.4.100 netmask: 255.255.0.0 using ifconfig. Ans.With root previleges,we have to open the terminal and type the following commands. #ifconfig 10.10.4.100 netmask 255.255.0.0 gateway 192.168.1.10 #service network restart The ethernet interface will be up and running after this. Graphical method:
Using the Network Configuration tool, we can easily make the necessary changes. Start the Network Configuration tool as follows:

1. In Enterprise Linux choose Applications System Settings Network. In Fedora Core 4 choose Desktop System Settings Network. 2. Highlight the device that we want to modify, and then click Edit (on the toolbar). 3. The three tabs available from this dialog box are used for the following: s s General Here we can enter a nickname for the device and choose whether the device is activated when the system starts. We can also choose to allow other users to be able to enable and disable the device. We can choose to obtain IP information automatically by using DHCP, or we can manually enter the IP information for the device. s s Route Here we can enter static routes to other networks. We need to enter the network IP number as well as the gateway IP number. In most cases, we dont need to enter any information here if we are using DHCP. s s Hardware Device This tab contains information about the hardware associated with the Ethernet device. We can assign device aliases here if we desire.

5.d)Change the routing table of the required machines such that when 10.10.4.100 tries to connect to 10.10.4.102 it needs to go through 10.10.4.101. Ans.The route command is used to give the system a little more information about interfaces.After the route command we have to specify the target netwok address,the netmask and the gateway thrugh which the communication will be accomplished.Here for the given parameters the following command has to be used: route add -net 10.10.4.0 netmask 255.0.0.0 gw 10.10.4.101 5.e)How to mount the CDROM drive using mount command? Ans.The necessary command is: #mount /dev/cdrom The /dev/* files are special files that are used to recognize devices.The CDROM drive is mounted under this /dev directory with the command 'mount'.Likewise to unmount the CDROM drive we can use umount command. 5.f)Change the permission of the file xyz.txt such that the file is accessible in read only mode and others will not be able to access the file in any form. Ans. The permission of a file has 10 bits.First one is the sticky bit.Next owner(user),group and others have 3 bits each.Now a file has 3 possible types of permissionread(r),write(w) and execute(x) which can be represented by those 3 bits.4 represents read permission(100),2 represents write permission(010) and 1 represents execute permission(001).0 represents the withdrawal of all permissions.The following command provides the necessary permissions needed for xyz.txt file.The chmod command is used for this purpose. #chmod 440 xyz.txt 5.g)What is swap space and virtual memory?How do they differ from each other? Ans.A systems virtual memory is a combination of the available random access memory

(RAM) and disk space. Portions of the virtual memory are reserved as swap space. Swap

space can be defined as a temporary storage location that is used when systems memory requirements exceed the size of available RAM. Swap slices are used as virtual memory storage areas when the system does not have enough physical memory to handle current processes.
The virtual memory system maps physical copies of files on disk to virtual addresses in memory. Physical memory pages which contain the data for these mappings can be backed by regular files in the file system, or by swap space. If the memory is backed by swap space it is referred to as anonymous memory because there is no identity assigned to the disk space backing the memory. Solaris uses the concept of virtual swap space, a layer between anonymous memory pages and the physical storage (or disk-backed swap space) that actually back these pages. A system's virtual swap space is equal to the sum of all its physical (disk-backed) swap space plus a portion of the currently available physical memory. Virtual swap space has these advantages: The need for large amounts of physical swap space is reduced because virtual swap space does not necessarily correspond to physical (disk) storage. A pseudo file system called SWAPFS provides addresses for anonymous memory pages. Because SWAPFS controls the allocation of memory pages, it has greater flexibility in deciding what happens to a page. For example, it might change the page's requirements for disk-backed swap storage.

6.a)What are the different methods of attack possible in networked environment? Ans.Attack takes place at the application layer or at the network layer of ISO/OSI reference model.Attacks are generally of two types : i)PASSIVE ATTACK: Pasive attacks are those where the attacker aims to obtain information that is in transit.The term passive attack indicates that the attacker does not attempt to perform any modifications to the original data.It is hard to detect as it does not involve any alternation of data.So,it does not affect the system resources. ii)ACTIVE ATTACK: Active attacks are based on modifications of the original message in some manner or on creation of a false message.The attacks can not be prevented easily.These attacks can be in the form of interruption,modification and fabrication. Intrerruption: Here unauthorized entity pretends to be another entity. Modification: Some portions of the message are delayed or recorded to produce an unauthorized effect. Fabrication:It causes denial of service attack which is an attempt to prevent legitimate users from accessing some services which they are eligible for. Various types of attack are: Script kiddie,Denial of Service,Man -in -the -middle,Root kits.

6.b)Configure the firewall using iptables as follows:Machine will receive all incoming icmp packets (only echo request) from any source. It will reject all outgoing TCP connections to a particular destination. It will only receive ftp connection from a specific machine.Show the final configuration of each available chain. Ans.Step 1:(Configuring for the icmp packets) #iptables -A INPUT -p icmp -j ACCEPT Step 2:(Configuring for the outgoing tcp connections) #iptables -A OUTPUT -p tcp -d 192.168.1.102 -j DROP Step 3:(Configuring for ftp connection) #iptables -A INPUT -p ftp -S 172.16.1.0 -j ACCEPT Here the first command appends (-A) a rule to the INPUT chain which accepts(ACCEPT) all icmp packets(-p icmp).In other words this command will instruct the input chain to accept all the packets that arrives with icmp protocol.-j indicates what action to take. The second command instructs the OUTPUT chain to drop all the TCP packets which are outbound with a destination address of 192.168.1.102. The third command instructs the INPUT chain to accept (-j ACCEPT) all FTP packets (-p ftp) which are inbound from a source address (-S) of 172.16.1.0. 6.c)What is IP accounting?How it helps the administrator to analyze the security threats in a network? Ans. IP Accounting (Layer 3) collects the number of bytes and packets processed by the network
element on a source and destination IP address basis. Only transit traffic that enters and leaves the router is measured, and only on an outbound basis. Traffic generated by the router or traffic terminating in the router is not included in the accounting statistics. IP Accounting (Layer 3) collects individual IP address details, so it can be used to identify specific users for usage-based billing. To provide the operator with the opportunity of snapshot collections in the network, IP Accounting (Layer 3) maintains two accounting databases: an active database and a checkpoint database. The active collection process always updates the active database and therefore constantly increments the counters while packets pass the router. To get a snapshot of the traffic statistics, a CLI command or SNMP request can be executed to copy the current status from the active database to the checkpoint database. This copy request can be automated across the network to be executed at the same time, and a Network Management application can later retrieve the accounting details from the checkpoint database to present consistent accounting data to the operator. The checkpoint database offers a frozen snapshot of the complete network. Trying to achieve the same result by synchronously polling entire MIB tables across multiple network elements would introduce some inaccuracies, and hence no real frozen snapshots. The collected data can be used for performance and trending applications that require collections at regular intervals. The snapshot function is unique to IP Accounting.

7.a)What is IP filtering?Describe with proper diagram how IP filtering can be implementedinkernelfordifferenttypesoftraffic?

Ans.

IPfilteringissimplyamechanismthatdecideswhichtypesofIPdatagramswillbe processed normally and which will be discarded. By discarded we mean that the datagramisdeletedandcompletelyignored,asifithadneverbeenreceived.Wecan

applymanydifferentsortsofcriteriatodeterminewhichdatagramswewishtofilter; someexamplesoftheseare:
Protocol type: TCP, UDP, ICMP, etc. Socket number (for TCP/UPD) Datagram type: SYN/ACK, data, ICMP Echo Request, etc. Datagram source address: where it came from Datagram destination address: where it is going to

Consider how a Unix machine, or in fact any machine capable of IP routing, processes IP datagrams. The basic steps, shown in Figure 9-2 are:
Figure 9-2. The stages of IP datagram processing

The IP datagram is received. (1) The incoming IP datagram is examined to determine if it is destined for a process on this machine. If the datagram is for this machine, it is processed locally. (2) If it is not destined for this machine, a search is made of the routing table for an appropriate route and the datagram is forwarded to the appropriate interface or dropped if no route can be found. (3) Datagrams from local processes are sent to the routing software for forwarding to the appropriate interface. (4) The outgoing IP datagram is examined to determine if there is a valid route for it to take, if not, it is dropped. The IP datagram is transmitted. (5) In our diagram, the flow 135 represents our machine routing data between a host on our Ethernet network to a host reachable via our PPP link. The flows 12 and 45 represent the data input and output flows of a network program running on our local host. The flow 432 would represent data flow via a loopback connection. Naturally data flows both into and out of network devices. The question marks on the diagram represent the points where the IP layer makes routing decisions.

7.b)What is IP masquerade? Ans. IP masquerading allows you to use a private (reserved) IP network address on your LAN and have your Linux-based router perform some clever, real-time translation of IP addresses and ports. When it receives a datagram from a computer on the LAN, it takes note of the type of datagram it is, TCP, UDP, ICMP, etc., and modifies the datagram so that it looks like it was generated by the router machine itself (and remembers that it has done so). It then transmits the datagram onto the Internet with its single connected IP address. When the destination host receives this datagram, it believes the datagram has come from the routing host and sends any reply datagrams back to that address. When the Linux masquerade router receives a datagram from its Internet connection, it looks in its table of established masqueraded connections to see if this datagram actually belongs to a computer on the LAN, and if it does, it reverses the modification it did on the forward path and transmits the datagram to the LAN computer. A simple example is illustrated in Figure 11-1. Figure 11-1. A typical IP masquerade configuration

We have a small Ethernet network using one of the reserved network addresses. The network has a Linux-based masquerade router providing access to the Internet. One of the workstations on the network (192.168.1.3) wishes to establish a connection to the remote host 209.1.106.178 on port 8888. The workstation routes its datagram to the masquerade router, which identifies this connection request as requiring masquerade services. It accepts the datagram and allocates a port number to use (1035), substitutes its own IP address and port number for those of the originating host, and transmits the datagram to the destination host. The destination host believes it has received a connection request from the Linux masquerade host and generates a reply datagram. The masquerade host, upon receiving this datagram, finds the association in its masquerade table and reverses the substution it performed on the outgoing datagram. It then transmits the reply datagram to the originating host. The local host believes it is speaking directly to the remote host. The remote host knows nothing about the local host at all and believes it has received a connection from the Linux masquerade host. The Linux masquerade host knows these two hosts are speaking to each other, and on what ports, and performs the address and port translations necessary to allow communication. 7.c)How Network address Translation helps the network users to use it efficiently and the administrators to manage it?

Ans.Networkaddresstranslationisanetfilterfeaturethatallowsafirewall/gatewayto alter the source or destination address of packets that pass through it.This is most commonlydonetoallowalltrafficgoingoutthegatewaytoapppearasthoughitis

coming from a single address.This reducesthe number of routable IP addressesan organization must purchase and also makes it more difficult for outsiders to learn detailsaboutthenumberofmachinesonaninternalnetwork,theaddressingscheme usedthereinandsoforth.Itismucheasiertoguardasinglepointofentrythanitisto guradmanypotential pointsof entry.The principal behind the internal firewall is a machinethatdividesthenetworkintotheinsideandoutsidewithalltrafficpassing throughthefirewall.Byprotectingasinglenetworkfirewall,theentireinternalnetwork canbeprotected. 7.d)WritethecommandtoreinitializeallthecounterstoNULLofIPaccounting. Ans.Thenecessarycommandis: iptablesF AccordingtotheiptablescommandFdenotestheflushingoperation.ProvidingFas argumenttoiptableswillreinitializeallcounters. 8.a)WhatisNIS?Howithelpstheadministratortomanagetheuserinnetworked environment? Ans.Acommonchallengefacingadministratorschargedwithmaintaininganetworkof Linux machines is sharing information across the network while maintaining that informationcentrally.TheNetworkInformationSystem(NIS)isonesolutiontosucha challenge. Nis distributes information that needs to be shared throughout a Linux networktoallmachinesthatparticipateintheNISdomain. The information most commonly shared using NIS consists of user authentication information,suchas/etc/passwd,/etc/group.Ifusers'passwordentriesareaccessibleto all login hosts via NIS,any user can log in on anymachine on the network that is runninganNISclient. 8.b)Describe the process of setting up the NIS server with proper domain selection.ListtheservicesalsorequiredtoconfigureNIS.ConfigureNISclient. Ans.1)Weneedtochangethedomainnamepermanently.So,enterthefollowingline in/etc/init.d/networkfileaftertheinitialcommentsareoverinthatfile. #settheNISdomainname domainnameiiht 2)Openthefile/var/yp/Makefileandeditasfollows: NOPUSH=true(iftherearenoslaveservers) #nisdomainname nisdomainname[domainname] 3.Specifytheinformationforwhichdatabaseshavetobebuilt:

109:all:passwdshadowgrouphosts 4.NIsusesRPCtoexecuteremotefunctions.InorderforRPCrequesttoworkthetarget systemmusthaveawayofconvertingRPSrequestsintoalocationofaprogramto run.Thisfunctionalityisachievedthriughportmap.Starttheservice. #serviceportmapstart 5.StartNISserverdaemon #serviceypservstart 6.OncetheNISserverisrunning,wecancreatemaosordatabasesontheserverforitto serve to nis clients.We use ypinit command to build maps on server.ypinit builds databases for the server and places them in a subdirectory with the name of NIS domain under the subdirectory of /varyp.These databases built,are in .dbm format whichmayinclude/etc/passwd,/etc/networksfile. InitiatethedatabaseforNISserver #/usr/lib/yp/ypinitm(tospecifythisasmasterserver) Checkforanyerrors #/usr/lib/yp/ypinits192.168.0.1(toconfigureasaslave) 7.Starttheserverpasswroddaemon #serviceyppasswddstart 8.starttheNIStransferdaemon #serviceypxfrdstart 9.Edit thefile /var/yp/securenets thatcontainsnetworknumber andnetmaskpairs thatdefinethelistofhoststhatarepermittedtoaccessNISservermaps. 255.255.255.0 192.168.1.0 10.edit/etc/sysconfig/networkfiletohavenisdomainnamepermanently. NISDOMAINNAME=[FQDN] 11.Daemonprocessshouldalsobeinitializedattheboottimeandthiscanbedoneas follows: #chkconfiglevel35ypservon #chkconfiglevel35yppasswddon >ServicesonNISserver:ypserv,yppasswd ServicesonNISclient:ypbind.

>1.setupNISdomainname #nisdomainname[domainname] 2.Openthefile/etc/yp.confandeditasfollows: domainiihtserverLinux domainiihtbroadcast 3.#authconfig orsetup>Authenticationconfiguration check[*]usenis Domain:... Server:... >nextRemovethe*atthefollowingoptions: []useshadowpasswords []useMD5passwords 4.Enterthehostentryin/etc/hostsfile e.g.192.168.0.1 Linux 5.Starttheclientdaemon #serviceypbindrestart 6.Editthe/etc/nsswitch.conffiletoconfigureorderinwhichlookupisperformedfor userandgroupauthentication. passwd: hosts: nis files nisplus dns (firstonemustbenis) (filesmeans/etc/hosts) files nisplus (tobroadcasttheclientrequest) ypserverLinuxor192.168.1.0(server'sIPaddress)

8.Edit/etc/sysconfig/networkfiletohavenisdomainnamepermanently. NISDOMAINNAME=[domainname] 9.#chkconfiglevel35ypbindon 10.Rebootboththeserverandtheclients. 11.#ypwhich (tofindNISservertowhichthe clientshasbound.Communicates withypbindanddisplaysNISserver) #ypcat/etc/passwd (Displaysthepasswdfileofnisdomain)

8.d)ConfiguretheNFSserverwiththefollowingrequirements:Machine10.10.4.1 isabletomount/home/testdirectoryoftheserverinreadonlymode.Machine 10.10.4.2 is able to mount /home/temp directory of the server in readwrite mode.herangeofmachines10.10.4.64to10.10.4.128isabletomount/homein readwritemode. Ans.1)#serviceiptablesstop 2)#chkconfigiptablesoff 3)OPen/etc/exportsandeditas: /home/test /home/temp /home svaeandclosethefile. 4)#exportfsa 5)#servicenfsstart 6)#chkconfignfson 9.Writeshortnotesonthefollowing: i)DNSserviceandDNSserver. Ans.The
Domain Name System (DNS) is a hierarchical naming system built on a distributed database for computers, services, or any resource connected to the Internet or a private network. Most importantly, it translates domain names meaningful to humans into the numerical identifiers associated with networking equipment for the purpose of locating and addressing these devices worldwide. An often-used analogy to explain the Domain Name System is that it serves as the phone book for the Internet by translating human-friendly computer hostnames into IP addresses. For example, the domain name www.example.com translates to the addresses 192.0.32.10 (IPv4) and2620:0:2d0:200::10 (IPv6). A DNS hosting service is a service that runs Domain Name System servers. Most, but not all, domain name registrars include DNS hosting service with registration. Free DNS hosting services also exist. Many third-party DNS hosting services provide Dynamic DNS. DNS hosting service is better when the provider has multiple servers in various geographic locations that provide resilience and minimize latency for clients around the world. DNS can also be self-hosted by running DNS software on generic Internet hosting services. (Sir,can't precisely define DNS server) ii)Network

10.10.4.1(ro) 10.10.4.2(rw,sync) 10.10.4.6410.10.4.128(rw,sync)

Security and firewall

Ans.(study material of network security)

iii)Directory structure in Linux Ans. The root directory. The starting point of your directory structure. This is where the Linux system begins. Every other file and directory on your system is under the root directory. Usually the root directory contains only subdirectories, so it's a bad idea to store single files directly under root. /Boot: As the name suggests, this is the place where Linux keeps information that it needs when booting up. For example, this is where the Linux kernel is kept. If you list the contents of /boot, you'll see a file called vmlinuz - that's the kernel. /etc: The configuration files for the Linux system. Most of these files are text files and can be edited by hand. Some interesting stuff in this directory: /etc/inittab A text file that describes what processes are started at system bootup and during normal operation. For example, here you can determine if you want the X Window System to start automatically at bootup, and configure what happens when a user presses Ctrl+Alt+Del. /etc/fstab This file contains descriptive information about the various file systems and their mount points, like floppies, cdroms, and so on. /etc/passwd A file that contains various pieces of information for each user account. This is where the users are defined. /bin, /usr/bin: These two directories contain a lot of programs (binaries, hence the directory's name) for the system. The /bin directory contains the most important programs that the system needs to operate, such as the shells, ls, grep, and other essential things. /usr/bin in turn contains applications for the system's users. However, in some cases it really doesn't make much difference if you put the program in/bin or /usr/bin. /sbin, /usr/sbin: Most system administration programs are stored in these directories. In many cases you must run these programs as the root user. /usr: This directory contains user applications and a variety of other things for them, like their source codes, and pictures, docs, or config files they use. /usr is the largest directory on a Linux system, and some people like to have it on a separate partition. Some interesting stuff in /usr: /usr/doc Documentation for the user apps, in many file formats.

/usr/share Config files and graphics for many user apps. /usr/src Source code files for the system's software, including the Linux kernel. /usr/include Header files for the C compiler. The header files define structures and constants that are needed for building most standard programs. A subdirectory under /usr/include contains headers for the C++ compiler. /usr/X11R6 The X Window System and things for it. The subdirectories under /usr/X11R6 may contain some X binaries themselves, as well as documentation, header files, config files, icons, sounds, and other things related to the graphical programs. /usr/local: This is where you install apps and other files for use on the local machine. If your machine is a part of a network, the /usr directory may physically be on another machine and can be shared by many networked Linux workstations. On this kind of a network, the/usr/local directory contains only stuff that is not supposed to be used on many machines and is intended for use at the local machine only. Most likely your machine isn't a part of a network like this, but it doesn't mean that /usr/local is useless. If you find interesting apps that aren't officially a part of your distro, you should install them in /usr/local. For example, if the app would normally go to/usr/bin but it isn't a part of your distro, you should install it in /usr/local/bin instead. When you keep your own programs away from the programs that are included in your distro, you'll avoid confusion and keep things nice and clean. /lib The shared libraries for programs that are dynamically linked. The shared libraries are similar to DLL's on Winblows. /home This is where users keep their personal files. Every user has their own directory under /home, and usually it's the only place where normal users are allowed to write files. You can configure a Linux system so that normal users can't even list the contents of other users' home directories. This means that if your family members have their own user accounts on your Linux system, they won't see all the w4r3z you keep in your home directory. ;-) /root The superuser's (root's) home directory. Don't confuse this with the root directory (/) of a Linux system. /var This directory contains variable data that changes constantly when the system is running. Some interesting subdirectories:

/var/log A directory that contains system log files. They're updated when the system runs, and checking them out can give you valuable info about the health of your system. If something in your system suddenly goes wrong, the log files may contain some info about the situation. /var/mail Incoming and outgoing mail is stored in this directory. /var/spool This directory holds files that are queued for some process, like printing. /tmp Programs can write their temporary files here. /dev The devices that are available to a Linux system. Remember that in Linux, devices are treated like files and you can read and write devices like they were files. For example, /dev/fd0 is your first floppy drive, /dev/cdrom is your CD drive, /dev/hda is the first IDE hard drive, and so on. All the devices that a Linux kernel can understand are located under /dev, and that's why it contains hundreds of entries. /mnt This directory is used for mount points. The different physical storage devices (like the hard disk drives, floppies, CD-ROM's) must be attached to some directory in the file system tree before they can be accessed. This attaching is called mounting, and the directory where the device is attached is called the mount point. The /mnt directory contains mount points for different devices, like /mnt/floppy for the floppy drive, /mnt/cdrom for the CD-ROM, and so on. However, you're not forced to use the /mnt directory for this purpose, you can use whatever directory you wish. Actually in some distros, like Debian and SuSE, the default is to use /floppy and /cdrom as mount points instead of directories under /mnt. /proc This is a special directory. Well, actually /proc is just a virtual directory, because it doesn't exist at all! It contains some info about the kernel itself. There's a bunch of numbered entries that correspond to all processes running on the system, and there are also named entries that permit access to the current configuration of the system. Many of these entries can be viewed. /lost+found Here Linux keeps the files that it restores after a system crash or when a partition hasn't been unmounted before a system shutdown. This way you can recover files that would otherwise have been lost.

SOLUTION OF YEAR:2008
GROUP A: 1.i)a.EQU ii)c.Direct linking loader iii)a.Superblock iv)a.Mount v)c.Dump vi)b.dd vii)a.ifconfig viii)a.The system is reachable ix)b.#ypinit -c barney x)b.#ypinit -c backup GROUP B: 2)LIST THE IMPORTANT TABLES AND DATA STRUCTURES OF A 2-PASS ASSEMBLER.
Ans. The tables and data structures of a two-pass assembler used in pass-I are as follows: a)TABLES: i)Machine-Operation Table(MOT)-It indicates the symbolic mnemonic for each instruction and its length. ii)Pseudo-Operation Table(POT)-It indicates the symbolic mnemonics and action to be taken for each pseudo-op in pass-I. iii)Symbol Table(ST)-it is used to store each label and its corresponding value. iv)Literal Table(LT)-It is used to store each literal encountered and its corresponding assigned location. b)DATA STRUCTURES: i)Loaction counter(LC)-It is used to keep track of each instructions's location. ii)Input Source Program iii)A copy of the input to be used later by pass-II. The tables and data structures of a two pass assembler used in pass-II are as follows: a)TABLES: i)Machine-Operation table(MOT)-It indicates symbolic mnemonic,length,binary machine opcode and format for each instruction. ii)Pseudo-Operation Table(POT)-It indicates for each psuedo-op the symbolic mnemonic and the action to be taken by pass-II. iii)Symbol Tbale(ST)-It contains each label & its corresponding value prepared by pass-I. iv)Base Table(BT)-It indicates which registers are currently specified as base registers by using pseudops & what the specified contents of these registers are.

b)DATA STRUCTURES: i)Location Counter(LC)-It is used to keep track of each instruction's location. ii)Copy of source program input to pass-I. iii)A work-space INST-It is used to hold each instruction as its various parts are being assemble together. iv)A wrok-space PRINT LINE- It is used to produce a printed listing. v)A work-space PUNCH CARD-It is used prior to actual outputting for converting the assemble instructions into the format needed by the loader. vi)An output deck of assembled instructions in the format needed by the loader. 3)HOW WILL YOU SEE THE CURRENT RUN LEVEL OF YOUR SYSTEM?STATE THE DIFFERENT RUN LEVELS AVAILABLE.HOW IS 'INIT' RELATED TO RUNLEVEL? ANS. To see the current run level of the system,we need to type the following command: # who -r -->Run levels define what services or processes be running on the system.The run levels of a Linux system are: 0 Halt system(to shutdown the system) 1 Single user mode 2 Multiuser mode (without NFS) 3 Full multiuser mode(text based) 4 Unused 5 Multiuser mode with GUI. 6 Reboot system The /etc/inittab file has information on which run level to start the system at and lists the processes to be run at each run level. -->INIT scripts determine which programs start up at boot time.Red Hat & other Unix distros have different run levels.So,there are a different set of programs that are started at each run level.The system boots into the default run level set in /etc/inittab file.

4)What is the working principle of DNS server? Ans.Name address resolution is, simply stated, the conversion of people friendly names into
computer friendly numbers.IP address is expressed as a group of numbers referred to as a dotted quad group. These groups of numbers present no problem to the computers in the network, but it is difficult for humans to remember many groups of numbers. So, we need to be able to enter names and then have these names converted into numbers. Each time we type a Web sites address into your browser, the Domain Name System (DNS) goes to work. We enter names that are easy for us to remember, and the names are resolved into numbers that computers find easy to understand. Enabling efficient human/machine interaction is the function of name address resolution.The Domain Name System,provides this name address resolution. Large domains may be further broken down into subdomains. For example, the tactechnology site is www.tatctechnology.com. Perhaps the accounting department runs their own Web server. To find their Web server, tactechnology contains the subdomain acct.tactechnology.com. An individual computer in the accounting department also has a hostname, for example, payables. The complete name for this computer is then payables.acct.tactechnology.com, and we can find its IP address by using the DNS to look it

up. When we type in a hostname, our system uses its resources to resolve names into IP addresses. One of these files is /etc/nsswitch.conf (nsswitch means name service switch), which contains a line telling the system where to look for host information. The information following the word hosts tells the system to first look at the local files, and then to use the Domain Name Service (DNS) to resolve the names into IP numbers. One of the local files searched is the /etc/hosts file. The hosts file contains IP addresses and hostnames that we used on our sample network.We could do so on a small internal network that we controlled and that did not have very many IP addresses. But, the hosts file is not a manageable solution on a large network, because it is an impossible task to keep it up to date. We could not have control over every IP address. After the system looks in the hosts file and fails to find the address, the next file checked is /etc/resolv.conf. This file contains the IP addresses of computers that are known as domain name servers, and these are listed in /etc/resolv.conf as just name servers.

5)WHAT IS I-NODE?WHAT IS SHADOW PASSWORD?WHAT IS SUBNET-MASK OR NETMASK? Ans.-->An i-node is a data structure of Linux file system.I-node has the following contents: group id,file type,access node(permission),modification time,data access time,number of hard disk,size of the file. -->The shadow password is contained in /etc/shadow file.The /etc/shadow file stores actual passwords in encrypted format for user's account with additional properties related to user password,i.e.it stores secure user account information.All fields are separated by a colon(:) symbol.It contains one entry per line for each user.The fields in each line are as follows: user name,password,last password change,minimum,maximum,warn,inactive,expire. -->A netmask is a 32-bit number used to divide an IP address into subnets and specify the networks available hosts.If anipaddressisx.y.z.t/nthennleftmostbitsofthemaskare1sand 32nrightmostbitsare0s.Anetmaskhelpsustofindthenetidandthehostid. 6)WHAT IS DAEMON?WRITE TWO DAEMONS AND ITS UTILITY.WHAT IS THE MACROPROCESSOR?WHYWEUSETHIS? Ans.>Adaemonisacomputerprogramthatrunsinthebackground,ratherthanunderthe directcontrolofauser.Typically,daemonshavenamesthatendwiththeletter'd'e.g.syslogd. >Twodaemonsareasfollows: i)initdinitialprocessdaemon. ii)kerneldautomaticallyloadsandunloadskernelmodules. >A macroprocessor is a program that copies a stream of text from one place to another,making a systematic set of replacements as it does so.Macroprocessors are often embeddedinotherprogramssuchassemblersandcompilers. >i)Theprocessorstoresthemacroinstructiondefinitions. ii)Theprocessorsreorganizesmacrocallsthatappearasanoperationmnemonic. iii)Theprocessorsubstitutesdummyormacrodefinitionargumentsfromamacrocall. GROUPC: 8)a)Whatdoyoumeanbyfirewalling?Classifyfirewalls.Statewhichtypeiseffectiveona

particularsituation.Explaininbreifthedetailsofcommandipfwadm. Ans. It is a software that acts as a security filter that can restrict types of network communication.MostoftenusedbetweenaLANandInternet.Inordertoprovidesomelevelof separation betweenanorganization's intranet and internet,firewallshave been employed.A firewall is simply a group of components that collectively form a barrier between two networks. >Theraretwobasictypesoffirewallsasfollows: 1.ApplicationGateways: The first firewalls were application gateways and are sometimes known as proxy gateways.Thesearemadeupofbastionhoststhatrunspaecialsoftwaretoactasaproxy server.this software runs at the Application Layer of ISO/OSI Reference model,hence the name.Clients behind the firewall must be proxitized in order to use internet services.Traditionallythesehavebeenthemostsecure,becausetheydon'tallowanythingto passbydefaultbutneedtohavetheprogramswrittenandturnedoninordertobeginpassing traffic. 2.PacketFiltering: PacketFileteringisatechniquewherebyroytershaveACLsturnedon.ByDefaultarouterwill pass all traffic sent it,and will do so without any sort of restrictions.Employing ACLs is a methodforenforcingyoursecuritypolicywithregardtowhatsortsofaccessyouallowthe outsideworldtohavetoyourinternalnetworkandviceversa. Thereislessoverheadinpacketfilteringthanwithanapplicationgateway,becausethefeature ofaccesscontrolisperformedatalowerISO/OSIlayer.Duetotheloweroverheadandthefact thatpacketfilteringisdonewithrouterswhicharespecializedcomputersoptimizedfortasks relatedtonetworking,apacketfilteringgatewayisoftenmuchfasterthanitsapplicationlayer cousins. >The ipfwadm command is the configuration tool for the second generation Linux IP firewall.Thesyntaxofthecommandis: ipfwadmcategorycommandparameters[options] **Categories: i)I inputrule ii)O outputrule iii)F Forwardingrule **Commands: a[policy] appendanewrule i[policy] insertanewrule d[policy] deleteanexistingrule p[policy]

setthedefaultpolicy etc. **Policies: i)accept Allowsmatchingdatagramstobereceived,forwardedortransmitted. ii)deny Blocksmatchingdatagramsfrombeingreceived,forwardedortransmitted. iii)reject Blocksmatchingdatagramsfrombeingreceived,forwardedortransmittedandsendsthe hoststhatsentthedatagramandICMPerrormessage. **Parameters: i)Pprotocol canbeTCP ,UDP ,ICMP ii)Saddress[/mask][port] e.g.S172.29.16.1/24smtp iii)Vaddress e.g172.29.16.1 iv)Wname e.g.Wppp0 8.b)Whatisthedifferencebetweenantivirusandfirewall? Ans.Firewallsareprogramsthatattempttoblockthreatsandunwantedaccesstoanetwork.A networkprotectedbyafirewallwillhavetopassdataenteringorleavingthenetworkthrough the firewall, and if it does not meet the firewall's security standards, the message will be blocked. A firewall can be thought of as a screen or sieve that categorically strains out potentiallyharmfuldata. Antivirus programs are software packages designed to scan the registry and files on the computeritselffortheactivityofmaliciousprograms,andthenattempttoremoveanythreats itfinds.Antivirusprogramscanactivelysearchanddestroythreats,andhavevirusdefinitions thatcanallowthemtoidentifyspecificthreats. FirewallsandantivirussoftwareareimportantcomponentsofInternetsafety.Firewallsare usedtolimitincomingtransmissionstothosethatareleastlikelytocontainbaddata,while antivirus programs actually look at the effect that the incoming data has on the system. Firewallscannotbeusedtoremovethreatsiftheyhappentogetpastthefirewall. 8.c)HowmanyrunlevelsarethereinLinux?Describetheirfunction. Ans.(SameasQ3) 8.d)HowtoditinguishbetweenSNAT&DNAT? Ans. SNAThassomeconnectiontrackingadvantageswhereifyourlinkgoesdownforashortwhile, itwillremembertheconnectionsthatarestillopen/activeandcontinueonwhenthelink returns(dependingontimeoutsetc..).Masqdoesnot,itclearsthestateeachtimeitcomesup asasaveguard. DNAT changes the destination address of a packet before it is subject to routing

(PREROUTING),andismostlyusedtoallowexternal(global)IPsintoyourprivatenetworkby redirectingit.Thereareafterrequirementsneededalso(input/forwardetc..). SNATwouldbebetterforyouthanMASQUERADE,buttheybothworkonoutbound(leaving theserver)packets.TheyreplacethesourceIPaddressinthepacketsfortheirownexternal networkdevice,whenthepacketreturns,theNATfunctionknowswhosentthepacketand forwardsitbacktotheoriginatingworkstationinsidethenetwork. iptablestnatAPOSTROUTINGoppp0jMASQUERADE (sameas) iptablestnatAPOSTROUTINGoppp0jSNATtosource<SERVER'S_EXTERNAL_IP> DNAT works on packets coming into the server. Here the webserver is located inside the firewallonabastionhost(192.168.1.24).We'relettingpeopleinthroughtheexternalpacket filtertotheinternalwebserver,andtheydon'tevenknowit'shappening.Infactwecouldeven changetheoperatingportinthebastionwebserverandjustadjusttherule,theystillwouldn't know. iptables t nat A PREROUTING i ppp0 p tcp dport 80 j DNAT todestination 192.168.1.24:80 DNATandSNATdodifferentfunctions,sometimespeoplegetconfusedandthinkiftheywrite aSNATtheyneedtowriteDNATaswellnottrue.Pickwhichrulesyouneedforthetask. 9.a)Whatarethestepstoconfigureoneethernetinterfaceandchecktheconfiguration?Explain withsuitableexample. Ans.Toconfigureanethernetinterfacewecanfollowtwodifferentways: i)Typethecommand: #ifconfigeth0[IPaddress]netmask[address]gateway[gatewayaddress] e.g#ifconfigeth0192.168.1.24netmask255.255.255.0gateway192.168.1.24 ii)a.Typeinthecommand: #systemconfignetwork b.ThengivetheIpaddressthenetmaskandthegatewayaddresswhenaskedtoenter. c.Saveandexittheeditor. d.Typeinthecommand: #servicenetworkrestart Theethernetinterfacewillbeconfigured. 9.b)ConsideranetworkwithClassBIPaddress172.16.0.0.Youhavetocreate64subnetsin thisnetwork.Whatwillbethesubnetmask? Ans.64=2^6 Thereare61sinthehostbytethatareusedfornetworkingpurpose. Thereforethesubnetmaskwillbe255.255.252.0.

9.c)Explainthestructureandusesof/etc/hostsand/etc/networksfiles. Ans. ThehostsfilecontainslinesoftextconsistingofanIPaddressinthefirsttextfieldfollowedby one or more hostnames, each field is separated by white space (blanks or tabulation characters).Commentlinesmaybeincluded;theyareindicatedbyahashcharacter(#)inthe firstpositionofsuchlines.Entirelyblanklinesinthefileareignored.Forexampleatypical hostsfilemaycontainthefollowing: #Thisisanexampleofthehostsfile 127.0.0.1localhostloopback ::1localhost This example only contains entries for the loopback addresses of the system and their hostnames,atypicaldefaultcontentofthehostfile.TheexampleillustratesthatanIPaddress mayhavemultiplehostnames,andthatahostnamemaybemappedtoseveralIPaddresses. The /etc/networks file contains information about the known networks that comprise the DARPAInternet.Eachnetworkisrepresentedbyasinglelineinthenetworksfile.Theformat fortheentriesinthenetworksfileis: NameNumberAliases Thefieldsaredescribedasfollows: NameSpecifiesanofficialnetworkname. NumberSpecifiesanetworknumber. AliasesSpecifiesanyunofficialnamesusedforthenetwork. Itemsonalineareseparatedbyoneormorespacesortabcharacters.Commentsbeginwitha #(poundsign).Routinesthatsearchthenetworksfiledonotinterpretcharactersfromthe beginningofacommenttotheendofthatline.Networknumbersarespecifiedindotted decimalnotation.Anetworknamecancontainanyprintablecharacterexceptafielddelimiter, newlinecharacter,orcommentcharacter. Thenetworksfileisnormallycreatedfromtheofficialnetworkdatabasemaintainedatthe Network Information Center (NIC). The file can be modified locally to include unofficial aliasesorunknownnetworks.ThisfileispartofTCP/IPinNetworkSupportFacilities. The/etc/networksfilecontainssymbolicnamesfornetworks,inasimilarformattothethe /etc/hostsfile.Asamplenetworksfileis: loopback127#Intramachinecommunicationnetwork private10.5.3#Localprivatenetwork 9.c)We have two networksCSE(172.16.1.0/24) and ECE(172.16.2.0/24).They are linked throughagatewayHost,Kanad.KanadalsohasaconnectiontoInternet.Writedownthesteps forconfiguringthegateway.Kanadfirstandthenstepsforroutingthroughthegatewayby hostsoftwogivennetworks. Ans.Given: AddressofCSE172.16.1.0/24 AddressofECE172.16.2.0/24 SupposethenetworkinterfacebetweenkanadandCSEiseth0,interfacebetweenkanadand

ECE is eth1 and that between kanad and the Internet is eth2. The Ip address of all the interfacesofKanadare: eth0172.16.1.3 eth1172.16.2.3 eth2DynamicallyassignedbyISP Kanad communicates with CSE and ECE through the addresses 172.16.1.3 & 172.16.2.3 respectively. ToestablishcommunicationfromCSEtoECEthefollowingcommandisneeded: #routeaddnet172.16.1.0netmask255.255.0.0gw172.17.2.3 Where172.17.2.3istheIPadressofthekanadinterfacetowhich172.17.2.0orECEnetwork isconnected. ToestablishcommunicationfromECEtoCSEthefollowingcommandisneeded: #routeaddnet172.16.2.0netmask255.255.0.0gw172.17.1.3 Where172.17.1.3istheIPadressofthekanadinterfacetowhich172.17.1.0orCSEnetwork isconnected. 10.a)Whatis'Eavesdropping'?Howdoyouprotestagainstthistypeofattack? 10.b)WhatisFirewall? 10.c)Expalinandconfigurethefirewallusingipfwadmasfollows: Machinewillconnectthenetwork,theInternetandtheusersofthatnetworktobeableto access web servers on the internet,but no other traffic will be allowed to pass.Additionally,userswillbeabletologintoFTPserversontheInternettoreadandwrite filesbutpeopleontheinternetwillnotbeabletologintoourFTPserver. 10.d)What is the use of IP Accounting facility?Write the general syntax for ipfwadm,ipchains,iptables commands for IP Accounting.How do accounting rules differ fromfirewallingrulesforallthethreeschemes. Ans. IntheFirewallNote(IPFWDM) 11.a)WhataretheadvantagesofusingNIS?WhatarethedifferencesbetweenDNSandNIS approaches? Ans.>i)A common challenge facing administrators charged with maintaining a network
of Linux machines is sharing information across the network while maintaining that information centrally. The Network Information Service (NIS) is one solution to such a challenge. ii)NIS distributes information that needs to be shared throughout a Linux network to all machines that participate in the NIS domain. iii)The information most commonly shared using NIS consists of user authentication information, such as /etc/passwd and /etc/group. If users password entries are accessible to all login hosts via NIS, any user can log in on any login host on the network that is running an NIS client.

iv)Any information that needs to be distributed across a network and that can or should be centrally administered is a viable candidate for sharing via NIS. v)NIS servers can be further subdivided into master and slave servers. Amaster server maintains the authoritative copies of the NIS maps. A slave server maintains copies of the maps, which it receives from the master. If the maps on the master server change, the slaves receive updated copies.The purpose of slave servers is to provide redundancy. On a busy network, slave servers can reduce the load on the master server.More importantly, if the master server becomes unavailable for some reason,slave servers can function as backup servers until the master is again available.

>ADNSnameistheofficialnamethatuniquelyidentifiesasystemtotheInternetdomain namesystem.Infactalthoughdoingsoiscommonpractice,mostNISexpertsrecommendnot naminganNISdomainwiththesamenameusedinaDNSname.Suchanamingconventionis confusingandmakesiteasierforcrackerstoguessthenameofyourNISdomain. 11.b)WhatarethedifferentNISmapsandexplaintheiruses.Givethenamesoftwotoolsfor checkingNISconfiguration. Ans.MasterFileMap(s) Description /etc/hostshosts.byname,hosts.byaddrMapsIPaddressestohostnames /etc/networks networks.byname,networks.byaddr MapsIPnetworkaddressesto networknames /etc/passwdpasswd.byname,passwd.byuidMapsencryptedpasswordstouser loginnames /etc/groupgroup.byname,group.bygidMapsGroupIDstogroupnames /etc/servicesservices.byname,services.bynumberMapsservicedescriptionstoservice names /etc/rpcrpc.byname,rpc.bynumberMapsSunRPCservicenumbersto RPCservicenames /etc/protocolsprotocols.byname,protocols.bynumberMapsprotocolnumberstoprotocol names /usr/lib/aliasesmail.aliasesMapsmailaliasestomailalias names TwotoolsforchekingNISconfigurationare:ypwhichandyptest. 11.c)WhatarethedifferentfeaturesofferedbyNFS? Ans.i)FileSystemnamespace ii)RPCandcommunicationstransport. iii)FileSharing. iv)Noloadtolerence. v)Configuredonlyontrustednetworks. 11d)Writethecommandtomount/abcdirectoryfromhostH1to/xyzonHostH2.Whatare thedifferencesbetweenhardmountandsoftmountofavolume? Ans.>mountisinvokedusingthecommand: #mounttnfsnfs_volumelocal_diroptions Here,nfs_volume=H1:/abc local_dir=/xyz

So,therequiredcommandwouldbe: #mounttnfsH1:/abc/xyz

>The mounting of NFS volumes closely resembles regular file systems.mount is invoked using the following syntax
# mount -t nfs nfs_volume local_dir options

nfs_volume is given as remote_host:remote_dir. Since this notation is unique to NFS filesystems,we can leave out the t nfs option. There are a number of additional options that we can specify to mount upon mounting an NFS volume. These may be given either following the o switch on the command line or in the options field of the /etc/fstab entry for the volume. In both cases, multiple options are separated by commas and must not contain any whitespace characters. Options specified on the command line always override those given in the fstab file. Here is a sample entry from /etc/fstab:
# volume news:/var/spool/news mount point /var/spool/news type nfs options timeo=14,intr

This volume can then be mounted using this command:

# mount news:/var/spool/news

In the absence of an fstab entry, NFS mount invocations look a lot uglier. For instance, suppose we mount our users' home directories from a machine named moonshot, which uses a default block size of 4 K for read/write operations. We might increase the block size to 8 K to obtain better performance by issuing the command:
# mount moonshot:/home /home -o rsize=8192,wsize=8192

The following is a partial list of options we would probably want to use: hard Explicitly mark this volume as hard-mounted. This is on by default. This option causes the server to report a message to the console when a major timeout occurs and continues trying indefinitely. soft Soft-mount (as opposed to hard-mount) the driver. This option causes an I/O error to be reported to the process attempting a file operation when a major timeout occurs.