Sender: Albin (Aile Bin), News District: Linux
Title: Linux elective courses: network profile (1)
Sending station: Bihai Youth (Wed Apr 21 23:37:53 1999), transfer
Copyright Notice:
This article is the Linux elective course of Dalian University of Technology. You are welcome to reprint, but it is forbidden to use this material.
Any commercial or profitable event. Please keep this copyright statement when you reprint.
Author: He Binwu, hbwork @ dlut.edu.cn, Network Center of Dalian University of Technology, April 1999.
URL: ftp://ftp.dlut.edu.cn/pub/people/albin/
-------------------------------------------------- ----------------------------
Network configuration file
/ etc / hosts
Provide a simple host name to IP, TCP / IP only use IP addresses. The host name is for
Convenient, easy to use. When using the host name, the TCP / IP checks the contents of the / etc / hosts file (not DNS),
Find its IP address for the corresponding host.
format:
IP_ADDRESS Office_name (FQDN) Alias ...
/ ETC / NetWorks
Provide a list of IP addresses and Internet network names. Each line provides information about a particular network.
The main purpose is to maintain the routing table for the route command.
/ etc / protocols
Provide a list of known Darpa Internet protocols, this file cannot be modified because it gives DDN
Information provided by the Network Information Center. Each line of the file contains the protocol name, protocol number, and protocol alias.
/ etc / service
Provides a list of services that can use the service, and provide the following information for each service, files:
Official service name
The port number
Protocol name
Alias
This file is referenced by Internet client programs and servers. Usually the port of less than 1023 is called
Trusted ports, only superusers may open these ports. The purpose of this is to prevent ordinary
User users get licensed information, such as ordinary users, can write a program listening to 23 port, then
He can pretend to be a Telnet server, thus receiving other users' Telnet connection and get this
The password of some users.
/etc/inetd.conf
Used to provide information for inetd commands, inetd is an Internet super server, which monitors a TCP / IP
Specific ports, and launch the corresponding command when there is a connection request on this port. This is only when needed
The way to start the daemon can save system resources.
file format
Companies in the service name / etc / service file, determine the listening port number
Socket Type Stream DGRAM
Protocol Type TCP UDP Stream <-> TCP DGRAM <-> UDP
Waiting / do not wait
Waiting for the server to process all of the last connections received by the Socket. No waiting,
A new server process will start when an additional datagram or received connection request. Big
Most UDP services are waiting, TCP services are not waiting.
User root daemon nobody, etc.
This field allows the server process to run less than root to minimize
The security vulnerability found in a server program may cause hazards.
Command name and parameters
Specify the command to be executed and the corresponding parameters
5. Network access file
/etc/hosts.equiv
Contains a list of trusted hosts, this file is used by some commands (R service) starting with R *. This file
Including a set of machine names, one per line; you can specify a trusted username after the machine name.
Note: It is necessary to build a good habit using the full name (FQDN).
$ Homen / .rhosts
The.rhosts file is used in the user's home directory with a similar role. The two formats are the same, but the latter provides the trusteability between the host, and this file provides users with the user.
Trusting relationship. When checking trust, .rhosts files are added /etc/hosts.equiv
Information in the file.
Note: /etc/hosts.equiv cannot be used for superusers
Suggest: Turn off the R * service (/etc/inetd.conf) without exactly necessary, especially
Be more careful when using NFS; do not use /etc/hosts.equiv; if you must use
R Service, use the.rhosts file as much as possible, and specify the username corresponding to each machine.
And limit the access rights of this user (minimum service principle).
-
[M [1; 32M ※ Source:. Bihai Youth bbs.dlut.edu.cn. [From: apple.dlut.edu.c] [M
