Variable Range/Type of Value

Network Configuration
◾
497
We now apply AND in a bitwise manner, that is, column by column. A binary AND 
operation results in 1 only if both bits are 1; otherwise, the result is 0. The first 20 bits of 
the netmask are 1. When ANDing any bit by 1, we get that bit. So, the first 20 bits of the 
network address will be the first 20 bits of the IP address. The last 12 bits of the netmask are 
0; so, the result of the AND operation will also be 0 for the last 12 bits.
Our result is as follows:
11111111.11111111.11110000.00000000
AND
00001010.00001011.00001100.00001101
00001010.00001011.00000000.00000000
This gives us a network address of 00001010.00001011.00000000.00000000, or 10.11.0.0.
This particular example perhaps is not particularly illustrative of the application 
because it appears that we are just dropping the last two octets of the IP address, convert-
ing 10.11.12.13 into 10.11.0.0. This is not always going to be the case depending on the 
netmask and the IP address. Using the same netmask, what would be the result if our IP 
address was 128.58.221.39?
11111111.11111111.11110000.00000000
AND
10000000.00111010.11011101.00100111
10000000.00111010.11010000.00000000
In this case, the network address is 10000000.00111010.11010000.00000000, or 
128.58.208.0. 
12.3.3 Other Network Services
Now that we have explored the network service, let us turn our attention to some of the 
other network services. First, we look at 
snmpd
. This is the SNM (simple network man-
agement) protocol daemon. The role of this service is to listen for SNMP messages and 
respond to them. The incoming packets are requests for information from a remote device 
and commands to alter internal settings. Snmpd is primarily used by system administra-
tors to control other network devices, such as servers and routers, across the network. A 
related service is 
snmptrapd
, used to start the SNMP trap daemon that performs logging 
and communication with the operating system for SNMP messages. These services use two 
configuration files: 
/etc/snmp/snmpd.conf
and 
/etc/snmp/snmptrapd.conf
.
By default, most network applications use specific ports. For instance, ssh is tied to port 
22. The 
portreserve
service does much as the title suggests; it reserves a port for a 
given application (protocol) while the application is communicating over the network. 
Additionally, portreserve prevents other programs from utilizing a port that should be 
reserved for a specific application. Once the application is done with the port, 
portre-
lease
can be used to release the port so that other applications can use it. To control these 
services, there are controlling scripts /etc/init.d.
Avahi
performs “service discovery” across a network. In essence, through Avahi, 
your computer can locate and utilize network services available to clients on your local 

498
◾
Linux with Operating System Concepts
area network. These include print services and the location of available printers and file 
services and location of file servers. Avahi is a zero-configuration service in that it can run 
without user intervention. As with many of the other services, 
avahi-daemon
is stored 
under /usr/sbin with a controlling script in /etc/init.d. Avahi has a configuration file and 
other supporting files located under the 
/etc/avahi
subdirectory.
The 
rdisc
service locates your subnet’s router. It does this using the ICMP router dis-
covery protocol. Once the router has been identified, this service modifies your computer’s 
router tables to indicate default routes.
The 
dnsmasq
service starts a DNS caching server. Recall from Section 12.2 that most 
Internet communications use IP aliases instead of IP addresses. We need to perform an 
address translation from alias to address and we typically use a DNS server for this. The 
dnsmasq program can operate as a DNS server for a small network, or merely as a cache of 
previous requests of address translations. It can also serve as a DHCP server (see Section 
12.4). The 
dnsmasq
service is stored in /usr/sbin with the controlling script to start and 
stop the service in /etc/init.d. The configuration file for dnsmasq is 
/etc/dnsmasq.
conf
. A standard CentOS installation provides a version of this configuration file where 
all directives are commented out so that you would have to edit this file to alter dnsmasq’s 
behavior. There are a number of other supporting files and directories under /var and /etc/
sysconfig.
The 
postfix
service controls email. Postfix itself is quite complex and beyond the 
scope of this chapter. Briefly, however, the 
master
daemon runs the postfix daemon that 
itself calls upon the 
sendmail
program. Postfix has two configuration files: 
/etc/post-
fix/main.cf
and 
/etc/postfix/master.cf
, and several data files including 
/etc/
postfix/access
, 
/etc/postfix/canonical,
and 
/etc/postfix/transport
. 
Both the postfix and sendmail programs are located under /usr/sbin but while postfix has 
a controlling script in /etc/init.d, sendmail does not have a controlling script.
httpd
is the Apache web server. If you have installed Apache through yum or the 
Add/Remove software, you will find it under /usr/sbin with the controlling script in /
etc/init.d. This default installation places the configuration file in 
/etc/httpd/conf/
httpd.conf
and the web space along with other supporting files in directories under 
/var/www. If you were to perform your own installation from open source, you can 
control the placement of these files under one directory such as /usr/local/apache2. In 
such a case, you would find the controlling script to be called 
apachectl
rather than 
httpd
. We will explore Apache installation and configuration in detail in Chapter 15 
(available at http://www.crcpress.com/product/isbn/9781482235890).
The script 
/etc/init.d/sshd
starts and stops the ssh daemon, 
sshd
. Without sshd 
running, access to your computer via ssh is not available. Ssh provides secure access by 
encrypting any communication over the network. For ssh to work, your system must be 
configured to handle encryption.
There are several different configuration files that ssh will utilize. These include
• /etc/ssh/ssh_random_seed
• /etc/ssh/sshd_config

Network Configuration
◾
499
• /etc/ssh/ssh_config
• /etc/ssh/ssh_hot_key
• /etc/ssh/ssh_host_key.pub
In addition, the firewall must be set up to permit ssh messages (this is the case by default).
We already discussed 
nfs
in Chapter 10. This service provides the functionality to 
offer local file systems as targets to be mounted remotely across a network. In addition, to 
remotely mount a file system, you need 
netfs
. An additional related service is 
nfslock
. 
This service performs file locking on networked file systems. File locking ensures that if a 
file is open by one process (by one user), it is inaccessible to other users, unless the file is 
opened as a read-only file.
The next service is 
netconsole
, a module to provide remote access via a terminal 
window. Its configuration file is 
/etc/sysconfig/netconsole
that gives you the abil-
ity to define the port number for a network console, the interface device, an IP address for 
a remote syslog server, and a port to listen for the remote syslog daemon.
The service 
certmonger
provides digital certificate monitoring. These certificates 
are used to both provide encrypted communication with web servers and ensure that 
the web servers are legitimate. The certmonger service monitors already-established and 
downloaded certificates to see if any certificate has expired and if so, attempt to obtain a 
newer certificate. The certmonger program is located under /usr/sbin and there may be 
configuration information under 
/etc/sysconfig/certmonger
. Additionally, cert-
monger maintains data files under both 
/var/run
and 
/var/lock
. Figure 12.4 con-
tains an expired certificate (look at the “Expires On” field and you will see that it expired 
in 2011). It would be certmonger’s job to update this certificate the next time it is called 
upon.
Two related services are 
ntpd
and 
ntpdate
. These services obtain the time and date 
from a remote NTP server to modify the internal clock. While ntpdate will modify both 
time and date, ntpd will only modify time.
12.3.4 The xinetd Service
One last service of note is 
xinetd
(or the older 
inetd
). This service is known as a 

Download 5,65 Mb.

Do'stlaringiz bilan baham: