Creating Server

[anon10020]

Hello,

Is it possible to make/create my home RHEL 5.5 system a server, just to work out rlogin,telnet,ssh,e.t.c commands as we can easily work it out in Labs?

Regards
Anon10020

[anup]

Anon10020,

Yes, that is very much possible. However, there are a couple of points:

1. Ensure that your Linux firewall either turned off or these ports are opened (easy to just turn it off for testing).
2. Download and install the necessary daemons for these services.

/etc/init.d/iptables stop will turn off the firewall temporarily.
yum list "telnet*" should list a package with the name telnet-server, install that with:
yum install telnet-server (or whatever is reported with the command above)

You may need to turn on the telnet service in /etc/xinet.d/telnetd (see if disable = yes) there and /etc/init.d/xinetd restart

Same goes for other services. Once you know how to install and enable telnet, you can try others. Do note that ssh is enabled by default on your machine. So, you can do something like ssh 0 or ssh localhost to connect via ssh to your local machine.

If you want someone on the Internet to be able to connect to your local machine, that requires some trickery. But it can be explained .

Cheers,

Anup

[anon10020]

Hi,
Thanks for the reply

I stopped the firewall and there is installed package telnet.i386 .When I went into /etc/xinetd.d/ directory and i do ls then i got the files below given

cvs eklogin ekrb5-telnet gssftp klogin krb5-telnet kshell rmcp rsync

so which file provide the telnet service and how i can know that?

Thanks
Anon10020

[anup]

Anon10020,

Not possible to explain everything here as this is part of the system administration work. However, the package which you mention is for a telnet client, You need a telnet server. If your computer is connected to the network, yum list "telnet*" should list something like telnet-server.

Each of these files belong to a different package. Use the following command to find out to which package they belong and probe there:

rpm -qilf krb5-telnet

Once you become more proficient, you will be able to understand these from the name itself. Currently you do not have a server package installed.

Cheers,

Anup

[anon10020]

Hi,

I have installed telnet-server, done all the changes as mentioned above. Now tell me how to create guest and guestvm (or create a guest server on my machine) for telnet, rlogin,ssh, remote execution.

Regards
Anon10020

[anup]

Anon10020,

As I had stated previously, this is not a system administration course, so, cannot cover everything in detail here:

1. Create a local account to which you wish to login (useradd, followed by passwd <username>, check the man pages). Note that typically root is disabled on certain tty's. However, any other account can login.
2. cd /etc/xinet.d; edit the service which you wish to enable and save the file. /etc/init.d/xinetd restart
3. telnet/rlogin or whatever 127.0.0.1 with the username which you just created, and it should work.

Thanks,

Anup

[anon10087]

Sir,

I was trying to install telnet, i tried that and it reports that this system is not registered with RHN.
And i am unable to ensure that whether it is install or not.The screen shot
is attached with this mail, may be this would clarify more.

Thanks

[anup]

Sorry for the delay in responding. The reason is that if you have installed RHEL, then you must have an active support subscription with RedHat before you can install updates. There are other ways to do it, but, an easier way is to install CentOS especially in case there is nothing much useful on your VM.

Cheers,

Anup

[anon10087]

Sir,

How i can have active support subscription with redhat?

Anon10087

[anup]

You need to buy that from RHEL. However, if you use CentOS, that is not needed, as it will point to public repositories.

Anup

[anon10020]

Hello Sir,

Is there any procedure by which changing the root password is disabled as by
just restarting the machine and following these steps anyone can change the root password:

1. At the boot(grub) menu select the linux kernel

2. then press e

3. Go to the end of the line

4. add 1 or S or Single at the end of the line

5. press enter

6. press b on the line to boot from that line

7. Now the root prompt will come

8. run the command 'passwd' and it will ask you to change your password for root

So, is there any way to secure the system and disable this feature?

Thank You,
Anon10020

[basant]

Hello Anon10020,

If someone doesn't have physical access of you machine, what you described is cannot be done. Further, if someone does have physical access, you can set the grub password. Apart from this, you can also encrypt the hard-disk. So, as long as, someone else doesn't have access to your machine, you will be fine.

-- Basant

[anon10020]

Please describe in detail
how we can set grub password and encrypt the hard disk?

Thank You,
Anon10020

[basant]

Hello Anon10020,

You can set the password for grub using grub-md5-crypt command. Please look at the following article for exact procedure.
http://tldp.org/HOWTO/Remote-Serial-Console-HOWTO/configure-boot-loader-grub.html

Encrypting hard disk is no so straightforward and it needs some preparation. I would suggest you to go through the following article for details.
http://tldp.org/HOWTO/html_single/Disk-Encryption-HOWTO/

-- Basant

[anup]

Anon10020,

Typically folks keep a small root partition which is unencrypted and the home partition is encrypted. Look at EncFS here: http://www.arg0.net/encfs. Having said that, most of the systems assume, as far as the security is concerned that the attacker does not have physical access to the system.

BTW, there are lots of other interesting options which you can pass to the kernel. Try mem=<memory in megabytes> to limit the amount of memory, or init=/bin/bash to directly start /bin/bash without asking for anything else. Init is the parent of all processes in a UNIX system and the above option is very useful if your root filesystem is hosed. There are other interesting options to turn on graphical booting along with a small penguin which is displayed while Linux is booting.

Thanks,

Anup