3.1 Conventions used in this document
- use "root#" as the prompt for commands that need to run as 
  root so as not to confuse with comment lines in shell scripts
5.1.4 netmask = number of bits that are shared by all addresses 
                within a network 
                (to be 'bitwise AND' with the IP address to
                 determine the network address)
      boardcast address = usually the highest address on network
| Network | Netmask       | Network Addresses            |
| Class   |               |                              |
|    A    |     |    - |
|    B    |   |  - |
|    C    | |  - |
|Multicast|     |  - |

| Network | Netmask       | Network Addresses             |
| Class   |               |                               |
|    A    |     |    -  |
|    B    |   |  -  |
|    C    | | - |

5.2 /etc/inittab --- look for file that specify boot script
    (Slakware 3.6 ---

Distrib. | Interface Config/Routing          | Server Initialization
Debian   | /etc/init.d/network               | /etc/rc2.d/*
Slackware| /etc/rc.d/rc.inet1                | /etc/rc.d/rc.inet2
RedHat   | /etc/rc.d/init.d/network          | /etc/rc.d/rc3.d/*

Distrib   | Network configuration program
RedHat    | /usr/bin/netcfg
Slackware | /sbin/netconfig

5.4 Configuring a network interface
root# ifconfig eth0 netmask up
                     IP address          (that's all) 
5.5.1 the complete name is called the `Fully Qualified Domain Name'
      /etc/resolv.conf: (note search is in one line, no commas)
               domain maths.wu.edu.au
               search maths.wu.edu.au wu.edu.au
      /etc/host.conf: look in /etc/hosts before asking name server
               order hosts,bind
               multi on
      /etc/hosts: In a well managed system the only hostnames that 
                  usually appear in this file are an entry for the
                  loopback interface and the local hosts name
5.6 by convention the IP address `' has been assigned 
    specifically for loopback
    To Configure Loopback:
               root# ifconfig lo
               root# route add -host lo
5.7 Routing: based on destination address, which interface to send to
               user% cat /proc/net/route
               user% /sbin/route -n
               user% netstat -r
    To add a route:
               root# route add -net netmask eth0
                               network route
    To add default route:
               root# route add default gw eth0
5.7.1 RIP  : Routing Information Protocol (routed -- distributed with Linux)
      OSPF : Open Shortest Path First Protocol (gated)
      To reconfigure a new route when old route fails:
               root# route add -net netmask eth0
               root# /usr/sbin/routed
5.8.1 /etc/services
    name      port/protocol        aliases     # comment
5.8.2.  /etc/inetd.conf
         service  socket_type  proto  flags  user  server_path  server_args
5.9.1.  /etc/protocols: maps protocol id number to protocol names 
                        (for programmers)
5.9.2.  /etc/networks: maps network names against network addresses
                       (similar to /etc/hosts, but only two fields per line)
                       (route command display name in this file if found)
5.10.1.  /etc/ftpusers: users who are not allowed to ftp in, eg. root
5.10.2.  /etc/securetty: tty's which root is allowed to login  /etc/hosts.allow  /etc/hosts.deny
           ALL matches every host
           LOCAL matches any host whoe name does not contain a `.'
           PARANOID matches any host whose name does not match its address
           EXCEPT allows an exceptions list

  Having an ALL: ALL default in the /etc/hosts.deny and then
  specifically enabling on those services and hosts that you want in the
  /etc/hosts.allow file is the safest configuration.

5.10.4.  /etc/hosts.equiv: DO NOT USE IT, allow only local host!

[ skip much of the rest ]


Hacker  = positive image
Cracker = negative image
2.4 Security Policy, "That which is not permitted is prohibited."
2.6 Look at /var/log/messages
3.2 BIOS Security 
   passwd (no unattended boot up, e.g. power blackout), 
   prevent boot from floppy
3.3 Boot Loader Security 
   restricted: password for single for example
   (if boot from floppy, can mount root partition)
   (therefore, set BIOS passwd, set bios no floppy and padlock casing!)
4.2 Root Security
   /etc/securetty contains list of permissable ttys root can login
   --- normally set to virtual consoles (vtys)
   --- also referred to in login.defs to define the CONSOLE
   login.defs is a very powerful file --- READ IT
      --- modify /etc/profile, /etc/csh.login for umask 077
      --- create /etc/porttime if needed
   sudo --- should prohibit shell escapes (e.g. editors) and /bin/cat
5.  Files and Filesystem Security
   nosuid in /etc/fstab for partitions writable by non-root
   nodev and noexec on home directories and /var
   /var/log/wtmp and /var/run/utmp --- 644 permissions
   immutable bit for /etc/passwd and /etc/shadow: 
      --- chattr(1) and lsattr(1) 
      --- inconvenient if there are high user turnover
   SUID & SGID files
      --- root# find / -type f \( -perm -04000 -o -perm -02000 \)
   world-writable files
      --- root# find / -perm -2 -print
   unowned files
      --- root# find / -nouser -o -nogroup -print
      --- root# find /home -name .rhosts -print
5.2 File Permissions
   sticky bit t for directories: write only for owned files, e.g. /tmp
   kernal does not support SUID shell scripts!
7.2 Kernel Devices
   /dev/random is stronger than /dev/urandom 
      --- inter-interrupt times is one input
      --- root# head -c 6 /dev/random | uuencode -
8.2 System services and tcp_wrappers
   /etc/services: "It's usually not worth the trouble to remove services." 
   /etc/inetd: comment out login (rlogin), shell (rcp) and exec (rsh)
   /etc/hosts.allow: used with tcp_wrapper (tcpd)
8.7 Denial of Service Attacks
   SYN flood: 2.0.30 and up
   Pentium "F00F" Bug: cause reboot, 2.0.32 and above work around
   Ping Flood (ICMP packets)
   --- smurfing: send to host with _your_machine's in return IP
   --- use tcp dump to listen 
   --- stop at router or firewall level
   Ping o' Death (incoming ICMP ECHO REQUEST): stopped long ago
   Teardrop: fixed in 2.0.33
8.8 NFS Security: never export the entire root directory
8.9 NIS (formerly YP): "is not at all secure ... Anyone that can 
    guess the name of your NIS domain (anywhere on the net) can 
    get a copy of your passwd file, and use crack and john the
    ripper against your users' passwords."
    --- "much more secure replacement for NIS, called NIS+"
9.4 System Accounting data: 
       --- use the @host ability to copy log entry to another host


GPL (General Public License)
FSF (Free Software Foundation)
IPng (IP Next Generation)
IPX/SPX (Internet Packet Exchange/Sequenced Packet Exchange)
NDS (Netware Directory Service)
PPP (Point-to-Point Protocol)
SLIP (Serial Line IP)
PLIP (Parallel Line IP)
NFS (Network File Sharing)
POP (Post Office Protocol)
IMAP (Internet Message Access Protocol)
MTA (Mail Transport Agent)
MUA (Mail User Agent)
MLM (Mail List Management)

Chapter 8 of Networking Overview
        IP Masquerading: hide IPs of machine behind GATEWAY
        IP Accounting
        IP Aliasing: multiple IPs on one Ethernet card
        Traffic Shaping: control how much bandwidth is used by each client
        Port Forwarding: port re-written (bidirectionally), eg. web server
        Load Balancing: NAT (Network Address Translation)
        EQL: 2 modems (on each end) behaving as one)
        --- ipfwadm tool kit for administration

RAID (Redundant Array of Independent Disks)
RAID Level 0: disk striping
RAID Level 1: disk mirroring
DASD (Direct Access Storage Device)
IPAT (IP Address Takeover) --- Chapter 10
(31 Dec 1998)