ComputerSecurityStudent (CSS) [Login] [Join Now]


|UNIX >> Fedora >> Current Page |Views: 18486

(Fedora: Lesson 12)

{ Basic NFS Configuration }

Section 0. Background Information
  • What is NFS? 
    • NFS stands for Network Filesystem.  This a protocol that was developed by Sun Microsystems.

     

    • NFS was developed to allow a computer system to access directories on remote computers by mounting them on a local filesystem as if they were a local disk. The systems administrator on the NFS server has to define the directories that need to be activated, or exported, for access by the NFS clients, and administrators on the clients need to define both the NFS server and the subset of its exported directories to use.

 

Section 1. Play the TargetUbuntu02 Virtual Machine (NFS Client)
  • Note:
    • TargetUbuntu02 can be any Unix or Linux server(s) on the same network as your NFS server.
    • Here we are simply discovering the IP Address of the Client machine that will eventually connect and mount to the NFS share.
  1. Play TargetUbuntu02 virtual machine. (See Below)

     

  2. Login as username "student"

     

  3. Click on the terminal console

     

  4. Discover the network address
    • Command: ifconfig -a
    • Note: You will use the IP address obtained when specifying what host cannot connect to the read/write share of the NFS server.

 

Section 2. Play the Fedora Virtual Machine (NFS Server)
  • Note: This will be your NFS Server.
  1. Play virtual machine. (See Below)

     

Section 3. Login to your Fedora14 server.
  1. Login As student

     

  2. Start Up A Terminal.
    • Applications --> System Tools --> Terminal

     

  3. Switch User to root
    • Command: su - root

     

  4. Determine IP Address
    • Command: ifconfig -a
    • Note: In my case, the IP Address is 192.168.1.112.

     

 

Section 4. Installing Prerequisite NFS RPMs on Fedora14
  • Note
    • Fedora14 is a Fedora server.  These NFS server instructions are specific to Fedora.
  1. Prerequisite NFS RPMs
    • Required:
      1. nfs-utils
      2. system-config-nfs
      3. rpcbind
    • Note: Although system-config-nfs is a GUI and not required to install NFS; however, its dependencies are required by NFS.
    • Command: yum install "system-config-nfs"

     

  2. Install NFS rpm's
    • Command: Type "y", and hit enter

     

  3. Verify Installation Results
    • Note: Just take note of what is getting installed along with the completion notice.

 

 

Section 5. Create (Read Only) NFS Share
  1. Starting the NFS GUI
    • Command: System --> Administration --> NFS

     

  2. Provide the root password
    • Command: Enter the root password.

     

  3. Adding a share
    • Command: Click the Add Button.

     

  4. Command: Click the Browse Button

     

  5. Command: Click on File System
    • .

     

  6. Command: Double Click on the tmp directory

     

  7. Command: Click on the Create Folder Button

     

  8. Name the NFS Share
      • Command:
        1. Name it "nfs_share_read_only"
        2. Press enter.
      • Note: The equivalent terminal console command is as follows:
        • mkdir -p /tmp/nfs_share_read_only

     

  9. Note: You should see the below screen.
    • Command: Click the Okay Button

     

  10. Add the NFS Share
    • Command: Click the on the Basic Tab if not already selected.
      1. Directory: /tmp/nfs_share_read_only
      2. Hosts: "*", this is a wildcard which means that any host on the network can have access to this NFS share. 
        • (Keep in mind, that if this NFS share contains sensitive data or is Read/Write, then you should specify a host and even a user name using the User Access Tab.
      3. Basic Permissions: Select Read-only
      4. Click Okay

     

    • Note: If you prefer to use the terminal console equivalent commands, instead of using the GUI, then you can do the following:
      1. vi /etc/exports
      2. Press the Shift Key and the "g" key to go to the last line of the file.
      3. Press the Shift Key and the "a" key, which places you append/insert mode.
      4. Press Enter once
      5. /tmp/nfs_share_read_only      *(ro,sync)
      6. Press the Esc key
      7. Type ":wq!" to save and quit

     

  11. Verifying your results
    • Note: You should see the following
      1. NFS Share directory named: /tmp/nfs_share_read_only
      2. Hosts: *
      3. Permissions:  Read
    • Proceed to the next section to create a read-write NFS share.

     

Section 6. Create a (Read Write) NFS Share
  1. Starting the NFS GUI
    • Command: System --> Administration --> NFS

     

  2. Provide the root password
    • Command: Enter the root password.

     

  3. Adding a share
    • Command: Click the Add Button.

     

  4. Command: Click the Browse Button

     

  5. Command: Click on File System
    • .

     

  6. Command: Double Click on the tmp directory

     

  7. Command: Click on the Create Folder Button

     

  8. Name the NFS Share
    • Command:
      1. Name it "nfs_share_read_write"
      2. Press enter.
    • Note: The equivalent terminal console command is as follows:
      • mkdir -p /tmp/nfs_share_read_write

     

  9. Note: You should see the below screen.
    • Command: Click the Okay Button

     

  10. Add the NFS Share
    • Command: Click the on the Basic Tab if not already selected.
      1. Directory: /tmp/nfs_share_read_write
      2. Hosts: 192.168.1.111
      3. Basic Permissions: Select Read/Write
      4. Click Okay

     

    • Note: If you prefer to use the terminal console equivalent commands, instead of using the GUI, then you can do the following:
      1. vi /etc/exports
      2. Press the Shift Key and the "g" key to go to the last line of the file.
      3. Press the Shift Key and the "a" key, which places you append/insert mode.
      4. Press Enter once
      5. /tmp/nfs_share_read_write      192.168.1.111(rw,sync)
      6. Press the Esc key
      7. Type ":wq!" to save and quit

     

  11. Verifying your results using the NFS Server Configuration GUI
    • Note: You should see two entries (See Below)
      1. Read Only NFS Share: /tmp/nfs_share_read_only
      2. Read Write NFS Share: /tmp/nfs_share_read_write

     

  12. Guarantee NFS shares are either READ or WRITE
    • Command:
      1. chmod 775 /tmp/nfs_share_read_only
      2. chmod 777 /tmp/nfs_share_read_write

     

  13. Create a read.txt and write.txt file.
    • Command:
      1. echo "Read Only" > /tmp/nfs_share_read_only/read.txt
      2. echo "Read Write" > /tmp/nfs_share_read_write/write.txt

     

  14. Informational: The contents from the above GUI is stored in the /etc/exports file.  This file contains the access control list for exported directory hierarchies.
    • Command: cat /etc/exports

     

  15. Informational: Verifying your results using the terminal console command
    • Command: exportfs -v

     

Section 7. Configuring /etc/sysconfig/nfs
  1. Navigate to the nfs configuration file and make a backup
    • Command:
      1. cd /etc/sysconfig
      2. cp nfs nfs.BKP

     

  2. Open the /etc/sysconfig/nfs file
    • Command: vi nfs

     

  3. Search for MOUNTD_PORT
    • Command:
      1. Press the "/"
      2. The type "MOUNTD_PORT"
      3. Press Enter

     

  4. Uncomment MOUNTD_PORT=892
    • Command:
      1. Make sure the cursor is on the "#" character in front of MOUNTD_PORT=892, if not, then press the left arrow until the cursor is on the "#" character.
      2. Press the "x" key to delete the "#" character.

     

  5. Search for STATD_PORT
    • Command:
      1. Press the "/"
      2. The type "STATD_PORT"
      3. Press Enter

     

  6. Uncomment STATD_PORT=662
    • Command:
      1. Make sure the cursor is on the "#" character in front of STATD_PORT=662, if not, then press the left arrow until the cursor is on the "#" character.
      2. Press the "x" key to delete the "#" character.

     

  7. Search for LOCKD_TCPPORT
    • Command:
      1. Press the "/"
      2. The type "LOCKD_TCPPORT"
      3. Press Enter

     

  8. Uncomment LOCKD_TCPPORT=32803 and LOCKD_UDPPORT=32769
    • Command:
      1. Make sure the cursor is on the "#" character in front of LOCKD_TCPPORT=32803, if not, then press the left arrow until the cursor is on the "#" character.
      2. Press the "x" key to delete the "#" character.
      3. Make sure the cursor is on the "#" character in front of LOCKD_UDPPORT=32769, if not, then press the left arrow until the cursor is on the "#" character.
      4. Press the "x" key to delete the "#" character.

     

  9. Save the /etc/sysconfig/nfs file
    • Command:
      1. Press the Esc key.
      2. Type ":wq!"
      3. Press Enter

     

Section 8. Create NFS Start Up Scripts and Starting NFS
  1. Check to see if there are run level start up scripts.
    • Command: chkconfig --list nfs
    • Note: All run levels are off.

     

  2. Turn on NFS start up scripts for run level 3 and 5.
    • Command:
      1. chkconfig --level 35 nfs on
      2. chkconfig --list nfs | grep on
     
  3. Start up NFS
    • Command: service nfs start

     

  4. Verify NFS Processes are running.
    • Command: rpcinfo -p | awk '{print $5}' | sort | uniq

     

Section 9. Configure the Firewall
  1. Open the firewall GUI
    • Command: System --> Administration --> Firewall

     

  2. Firewall Configuration Startup Message
    • Command: Click the Close Button

     

  3. Authenticate
    • Command:
      1. Enter the root password
      2. Click Authenticate

     

  4. Open up 2049/tcp for NFS.
    • Command:
      1. Make Sure Trusted Services is Highlighted
      2. Click on the NFS4 Checkbox.
    • Informational Command Line Option:
      • iptables -A INPUT -m state --state NEW -m tcp -p tcp --dport 2049 -j ACCEPT

     

  5. Open up 111/tcp for sunrpc.
    • Command:
      1. Make Sure Other Ports is Highlighted
      2. Click the Add Button
      3. Select "111 tcp sunrpc".
      4. Click OK.
    • Informational Command Line Option:
      • iptables -A INPUT -m state --state NEW -m tcp -p tcp --dport 111 -j ACCEPT

     

  6. Open up 111/udp for NFS.
    • Command:
      1. Make Sure Other Ports is Highlighted
      2. Click the Add Button
      3. Select "111 udp sunrpc".
      4. Click OK.
    • Informational Command Line Option:
      • iptables -A INPUT -m state --state NEW -m udp -p udp --dport 111 -j ACCEPT

     

  7. Open up 662/tcp for STATD.
    • Command:
      1. Make Sure Other Ports is Highlighted
      2. Click the Add Button
      3. Select "662 tcp pftp".
      4. Click OK.
    • Informational Command Line Option:
      • iptables -A INPUT -m state --state NEW -m tcp -p tcp --dport 662 -j ACCEPT

     

  8. Open up 662/udp for STATD.
    • Command:
      1. Make Sure Other Ports is Highlighted
      2. Click the Add Button
      3. Select "662 udp pftp".
      4. Click OK.
    • Informational Command Line Option:
      • iptables -A INPUT -m state --state NEW -m udp -p udp --dport 662 -j ACCEPT

     

  9. Open up 892/tcp for MOUNTD.
    • Command:
      1. Make Sure Other Ports is Highlighted
      2. Click the Add Button
      3. Click the User Defined CheckBox.
      4. Type "892" in the Port / Port Range.
      5. Select "tcp" in the protocol downdrop box.
      6. Click OK.
    • Informational Command Line Option:
      • iptables -A INPUT -m state --state NEW -m tcp -p tcp --dport 892 -j ACCEPT

     

  10. Open up 892/udp for MOUNTD.
    • Command:
      1. Make Sure Other Ports is Highlighted
      2. Click the Add Button
      3. Click the User Defined CheckBox.
      4. Type "892" in the Port / Port Range.
      5. Select "udp" in the protocol downdrop box.
      6. Click OK.
    • Informational Command Line Option:
      • iptables -A INPUT -m state --state NEW -m udp -p udp --dport 892 -j ACCEPT

     

  11. Open up 32803/tcp for LOCKD_TCPPORT.
    • Command:
      1. Make Sure Other Ports is Highlighted
      2. Click the Add Button
      3. Click the User Defined CheckBox.
      4. Type "32803" in the Port / Port Range.
      5. Select "tcp" in the protocol downdrop box.
      6. Click OK.
    • Informational Command Line Option:
      • iptables -A INPUT -m state --state NEW -m tcp -p tcp --dport 32803 -j ACCEPT

     

  12. Open up 32769/udp for LOCKD_TCPPORT.
    • Command:
      1. Make Sure Other Ports is Highlighted
      2. Click the Add Button
      3. Click the User Defined CheckBox.
      4. Type "32769" in the Port / Port Range.
      5. Select "udp" in the protocol downdrop box.
      6. Click OK.
    • Informational Command Line Option:
      • iptables -A INPUT -m state --state NEW -m udp -p udp --dport 32769 -j ACCEPT

     

  13. Open up 2049/udp for NFS.
    • Command:
      1. Make Sure Other Ports is Highlighted
      2. Click the Add Button
      3. Click the User Defined CheckBox.
      4. Type "2049" in the Port / Port Range.
      5. Select "udp" in the protocol downdrop box.
      6. Click OK.
    • Informational Command Line Option:
      • iptables -A INPUT -m state --state NEW -m udp -p udp --dport 2049 -j ACCEPT

     

  14. Apply the Firewall Rules
    • Command: Click Apply

     

  15. Do you wish to override the existing firewall configuration?
    • Command: Click Yes

     

  16. Authenticate
    • Command:
      1. Provide the root password.
      2. Click Authenticate

     

  17. Viewing Firewall using the Firewall GUI
    • Command:
      1. Click on Trusted Services
      2. Click on Other Ports
      3. File --> Quit.

     

  18. View the Firewall Rules using the command line
    • Command: iptables -L

 

Section 10. Let's mount up the NFS Share
  1. On targetubuntu02, become the root user.
    • Command: su - root

     

  2. On targetubuntu02, make two mount point directories.
    • Command:
      1. mkdir -p /tmp/nfs_share_read_only
      2. mkdir -p /tmp/nfs_share_read_write

     

  3. Check to see if you can see the mount points on the fedora NFS server.
    • Command: showmount -e 192.168.1.112

     

  4. Review showmount results.
    • Note: On the current ubuntu server (192.168.1.111), we can now see all the available NFS mounts on the Fedora NFS server (192.168.1.112)

     

  5. On targetubuntu02, make two mount point directories.
    • Command:
      1. mount -t nfs 192.168.1.112:/tmp/nfs_share_read_only /tmp/nfs_share_read_only
        • Note: Use the IP address of the Fedora14 Machine
      2. mount -t nfs 192.168.1.112:/tmp/nfs_share_read_write /tmp/nfs_share_read_write
        • Note: Use the IP address of the Fedora14 Machine

     

  6. On targetubuntu02, verify you can see the mount points.
    • Command: df -k

     

  7. On targetubuntu02, create a file on the read/write NFS share
    • Command: Proof of Lab
      1. cd /tmp/nfs_share_read_write
      2. echo "Your Name" > proof.txt
      3. date >> proof.txt
      4. cat proof.txt
      5. Cut and Paste into a word document and upload to Moodle.

     

  8. On targetubuntu02, create a file on the read/write NFS share
    • Command:
      1. cd /tmp/nfs_share_read_only
      2. touch filename.txt
        • Note: You cannot create a file in a read only NFS share.
      3. ls -l
      4. cat read.txt

     

Section: Proof of Lab
  1. Cut and Paste a screen shot of Section 10, Step 7 into a word document and upload to Moodle. 

 


Help ComputerSecurityStudent
pay for continued research,
resources & bandwidth