|
Previous | Table of Contents | Next |
A large number of files assist in the configuration and control of TCP/IP on the system. Next, this chapter examines those files, their use, and their formats. Understanding the services that are controlled from these files is essential to locate hidden security problems later. Some of these files also have inherent security problems, which will also be discussed.
The purpose of the /etc/hosts file is to provide a simple hostname to IP address resolution. Remember that TCP/IP only requires the use of IP addresses. The use of hostnames is for your convenience and ease of use. When a hostname is used, TCP/IP examines the contents of the /etc/hosts file (assuming that Domain Name Service is not in use) to find the IP address for the host.
The format of an entry in the /etc/hosts file is:
address official name alias ...
The columns refer to the IP address, the official or fully qualified domain name (FQDN), and any aliases for the machine. This is illustrated in the sample hosts file shown here:
# IP ADDRESS FQDN ALIASES 127.0.0.1 localhost 192.139.234.50 gateway.widgets.ca gateway 142.77.252.6 gateway.widgets.ca router 142.77.17.1 nb.ottawa.uunet.ca 198.73.137.1 gateway.widgets.ca ppp1 198.73.137.2 newton.widgets.ca newton 198.73.137.50 gateway.widgets.ca net2
The aliases include the short form of the hostname, as well as any other names for the host. The routines that search this file skip text that follows a #, which represents a comment, as well as blank lines.
Note: The network configuration files all support the use of comments with the # symbol. This enables the network administrator to document changes and notes.
After the IP address is known, TCP/IP converts this to the actual ethernet hardware address when the host is on the local network. This can be done by using the Address Resolution Protocol (ARP), or by creating a list of all of the ethernet addresses in the file /etc/ethers. The format of this file is the ethernet address followed by the official hostname, as illustrated here:
# Ethernet Address Hostname 8:0:20:0:fc:6f laidbak 2:7:1:1:18:27 grinch 0:aa:0:2:30:55 slaid e0:0:c0:1:85:23 lancelot
The information in this file actually is used by the Reverse Address Resolution Protocol daemon, rarpd, which is explained later in this chapter. The ethernet address notation used is x:x:x:x:x:x, where x is a hexadecimal number representing one byte in the address. The address bytes are always in network order, and there should be an entry in the hosts file for each device in this file.
This file provides a list of IP addresses and names for networks on the Internet. Each line provides the information for a specific network, as shown here:
# NETWORK NAME IP ADDRESS loopback 127 Ottawa.widgets.ca 192.139.234 Toronto.widgets.ca 192.139.235 WAN.widgets.ca 198.73.137 Lab.widgets.ca 198.73.138 Montreal.widgets.ca 198.73.139
Each entry in the file consists of the network IP address, the name for the network, any aliases, and comments.
The /etc/protocols file provides a list of known DARPA Internet protocols. This file should not be changed, as it gives the information provided by the DDN Network Information Center. As shown here, each line contains the protocol name, the protocol number, and any aliases for the protocol.
# Internet (IP) protocols # ip 0 IP # internet protocol, pseudo protocol number icmp 1 ICMP # internet control message protocol ggp 3 GGP # gateway to gateway protocol tcp 6 TCP # transmission control protocol egp 8 EGP # Exterior Gateway Protocol pup 12 PUP # PARC universal packet protocol udp 17 UDP # user datagram protocol hello 63 HELLO # HELLO Routing Protocol
The /etc/service file provides a list of the available services on the host. For each service, a line in the file should be present that provides the following information:
As with the other files, each entry is separated by a space or tab. The port number and protocol name are considered a single item, as a slash (/) is used to separate them. A portion of the /etc/services file is shown in the following:
# # Network services, Internet style # echo 7/tcp echo 7/udp discard 9/tcp sink null discard 9/udp sink null systat 11/tcp users ftp 21/tcp telnet 23/tcp smtp 25/tcp mail time 37/tcp timserver time 37/udp timserver rlp 39/udp resource # resource location whois 43/tcp nicname domain 53/tcp nameserver # name-domain server domain 53/udp nameserver
Its obvious that this file relies upon information from /etc/protocols to function. If the service is not available, or you want to remove support for a specific service, then the appropriate line can be commented out using the comment symbol. In many cases, however, the file /etc/inetd.conf also has to be updated to disable support for a given protocol.
Previous | Table of Contents | Next |