Everything
I always wanted to know about my TEA5 Box but was afraid to ask.
What software comes installed on my TEA5 box and what does it do?
IPTABLES
- IPTables, also
know as NETFILTER
is a package
for controlling all IP traffic that travels into, out of or through
your firewall. It uses a list of tables to control the flow of all
TCP/UDP packets based on certain criteria. For example you can use it
to stop all ICMP traffic, redirect or NAT IP address, block all packets
from a specific IP address or to a specific port. This is the tool on
the firewall that does most of the work of securing the box from the
hazards of the Internet.
NTOP
- ntop is a network traffic probe that shows the network usage, similar to what the popular top Unix command does.
ntop users can use a a web browser (e.g. netscape) to navigate through ntop (that acts as a web server) traffic information and get a dump of the network
status.
SQUID -
This is a web
caching proxy. Basically, it watches all web related requests and
stores them in a rotating cache. The next time any computer on your
network tries to get data from any cached page, the data can be
retrieved locally instead of going across the Internet to get it
again. This saves bandwidth on your Internet connection and speeds up
connections to often visited sites. This cache can be set to what ever
size your firewalls hard drive can handle but the default setup that
comes with your TEA5 Box should be sufficient.
SQUIDGUARD
- This acts as
a plugin for SQUID and allows you to block all traffic to specified
websites. A default list of sites considered to have offensive or
inappropriate material is supplied by default and extra sites can
easily be added when required.
OPENSSH -
OpenSSH is a free
version of the ssh protocol. Basically you can think of it as a secure
version of telnet. With telnet, all information is transfered in plain
text allowing malicious users to see private information you send. Ssh
on the other hand uses a set of public and private keys to encrypt the
data making
your conversations with you TEA5 Box safe and secure. There is a link to
a windows client for ssh called putty further down on this page.
WEBMIN -
Webmin is a tool
that allow you to use a web browser to configure many parts of your
Linux
box. It should be used with caution as it can also cause you box to
stop functioning if used improperly. You can log in to webmin from
inside or outside your firewall by going to the appropriate IP address
on port 10000 with you web browser for example, if you IP is 10.0.0.1,
enter https://10.0.0.1:10000 in your web browser.
If you are at the console of the TEA5 Box, you should see a prompt
that says <The name of your box> login: for example Tea5 login :
at this prompt, enter the word root, next you will be asked for a
password. This is the password you gave when you created the box.
If you are at a windows machine, install a SSH client such as PUTTY
, enter the IP address of your TEA5 Box and log in as in step 1.
[ToP]
What is all this eth0/eth1/root stuff about?
The following are some terms that you may find useful when
talking to technical support about your TEA5 box.
eth0 or eth1 - A normal TEA5 Box install
requires two network
cards. these are referred to as eth0
and eth1. The TEA5 Box acts as
as a
firewall between the Internet on the outside and the local LAN on the
inside. We generally refer to eth0
as the outside interface and it
should be connected to your Internet feed. We refer to eth1 as the
inside interface and it should be connected to the same hubs and
switches that the rest of the computers at you site are connected to.
Network cards can also be reffered to as interfaces, NICs or network
adapters.
root - is the name of the
super user or
administration account on you TEA5 Box. Any changes to the box must be
done while logged in as root. You should use caution because when
logged in as root, one wrong command can destroy you firewall setup.
firewall - This is a term
used generically for an appliance that
sits in between two networks and controls the flow of data from one
network to the other. You may equate firewall with router but a
firewall does much more. A router basically works only with IP address.
It takes a packet and depending on the IP address that the packet is
going to, it sends it one way or another. A firewall uses routing but
also adds packet filtering ( IPTABLES) , intrusion detection (PORT
SENTRY), URL redirection or blocking (SQUIDGUARD), IP address
translation (NAT) and other things to help secure your LAN and all of
the computers on it from the cold hard realities of the Internet.
IP address - Every device
connected to the Internet must have an
IP address. This acts like a phone number to allow each device to
communicate with each other. Some IP address ( like the outside
interface of your TEA5 Box) are accessible to every computer on the
Internet and are usually called real world IP addresses. Other IP
address (like those of the inside interface of your firewall or most of
the machines inside your firewall) are know by various names ( fake IP,
natted IP, masqueraded IP, etc) basically these all mean the same
thing, these IP address can all talk to other similar IPs on the same
network but cant talk to the real world IP on the Internet without a
little help from your firewall. Any IP address that starts with 10.,
192.168 or 172.16 are considered private or non-realworld IP address.
You firewall acts as a middleman (natting) for these IP allowing your
request to
pass in and out as as allowed by your firewall rules.
DHCP - dhcp is a service
that runs on your firewall. Basically
what happens is when a computer boots up it sends a message out on the
network asking for an IP address. The DHCP server provides it with and
IP address and all other information you computer needs to connect to
the Internet.
Don't run any command unless you are sure of what the outcome will
be and are prepared to deal with the consequences of you actions. Many
commands (but not all) will tell you how to use them if you ask. Typing
the command name followed by --help will often give you more
information than you want to know about a command.
Don't turn off or reset a firewall with the power/reset switch
unless you have no alternative. See the next section for a command you
can use.
Don't plug both interfaces and your Internet connection all into
the same hub. This will in most cases actually work but you will loose
all security and the ability to diagnose any problems with your network.
Don't give your root password to anyone at all. The people at
technical services do not need your root password to access the box to
help you fix problems. If someone calls you and says they work for
technical service/the department of education/the phone company or any
one else, do not give them the password to your firewall. If any
employee who knows the password is fired, or you feel some
un-authorized individual has your password, you should consider
changing the password immediately. To do this, log in as root and type
passwd.
Don't put your server in an insecure area that unauthorized
people may have direct access to it. Whenever possible it should be in
a locked room, with a security guard at the door, encased in concrete
and covered with a sticky substance that glows in ultra-violet light.
OK, just a locked room should be fine.
[ToP]
What are some commands I can run on my TEA5 Box?
ls - gives you a list of files in the current directory similar
to dir. (and they are called directories not folders as some guy named
Bill may suggest)
cd - changes directories. Sub directories in unix use a proper /
forward
slash, not the incorrect \ backslash that one company uses. To change
to the home directory, type ls /home
<enter>.
--help - Adding --help after a command will give you a list of
options for the command. If the lists scrolls off the top of the
screen, hold down the shift key and press page up to scroll back up and
see what you missed.
ps ax - This will give you a list of the processes running on the
machine. You probably won't understand much of what you see until you
are more familiar with UNIX.
grep - This is often used with other commands to find specific
information in the output. For this you also need the pipe symbol | it
is usually on the same key as the backslash and looks like a broken
vertical line. For example to see if dhcp is running, type ps ax | grep dhcp.
more - more is also often used with the pipe. It shows you things
a page at a time. For example to see the help for ls one page at a
time, type ls --help | more .
df - Shows information about the total space, space used and
space
remaining on your hard drives. A common usage is df -h. If any drives other than
your cd-rom drive ever show 100% usage, you may be in trouble and
should contact tech support.
service - If you want to start , stop or restart a service , for
example thttpd the web server, type service thttpd restart. You can get
a list of all service names on the box by typing ls /etc/init.d
chkconfig - If you never want the the webmin service to start
when the computer reboots, use chkconfig to turn it off. chkconfig webmin off
halt - To shut down the
server properly type halt. The server will properly stop all services
and either shut off itself or stop at the prompt power down which means
you can turn off the power.
reboot - Self explanatory I hope.
nano - Nano is a small simple to use editor. Most of the commands
are listed at the bottom. Jed which is another editor that is
installed. Just type nano and the file name for example nano /etc/hosts.
rsync - If you have more than one TEA5 Box and you have a file
that you want to copy from one to the other, type this rsync -PaHSx
/root/myfile.txt IP.address.of.other.teabox:/root/.
chkrootkit - If you feel your TEA5 Box may have been comprimissed,
you can do the following. type cd /opt/chkrootkit and press enter.
Next , type ./chkrootkit and press enter. Don't forget the dotslash at
the beginning. If dos, the directory you are currently in is
automatically in the search path but this is not so in unix. If you are
in a directory that is not part of the search path, you must put ./
immediately before the name of a file in that directory that you want
to execute. If you want to know what directories are in the search
path, type set | grep PATH and press enter.
Autocompletion - this is not a command but a feature of unix. It
saves you from typing all of a long file name or path name. At a
prompt, type ls /u and then press the tab key. You should see that the
command you are typing has changed to ls /usr/ . not sure what
directories are in /usr , no problem just press tab twice now and see a
list of all your choices. You can narrow down those choices by
press the first letter of the next directory that you want. If there is
only one directory that starts with that letter, it will complete for
you just as before. If there is more than one, pressing tab twice will
show you just those directories that start with that letter. Play
around until you get comfortable with this as it will save you lots of
time and eventually you may even forget how to spell many of the
directory names you commonly use.