Linux Network Basics, Ground Zero

Who should read this?

I am hoping "Who should read this?" will be self evident. I often skip wordy books in favor of glances at manual pages and reference cards. FAQ's, Question and Answer sessions, and HOWTO's offer the most for me, so I will imitate that style here. I like to tell people that not even Linus Torvalds understands everything that goes on in Linux, there are just too many packages and to many ways to combine them. I am hoping that if you know what questions to ask, the answers will come naturally.

Where can I get more Linux Information?

The first place you should check out is the Linux Documentation Project. This site is the home of a massive amount of Linux HOWTOs, FAQs, Guides, and Manual Pages. The first 3 are available in many formats, say html for example, and the Manual pages follow their own format.

Of course we are talking about networks here, and anyone who's not fresh to computers knows how frustrating it can be when the network connection breaks and the flimsy manual tells you to check a website for the solution. Good news, most Linux distributions have a massive amount of documentation in the /usr/doc directory. Information about just about any program is likely under the /usr/doc/[program name-version number]/ directory and fairly current copy of the HOWTOs are under /usr/doc/HOWTO/ In addition you can find a fair amount of information about a command by typing man [command]

Another resource available to the information hungry Linux user is your local LUG. LUG stands for Linux User Group. They are an excellent resource for human to human Q and A where written documentation, or computer jargon just won't do. Remember it's all about knowing what questions to ask. I am currently a president of LILUG and would not trade the knowledge I've gained from being at LUG meetings for the world.

For the topics covered in this column you might want to check out the Linux Documentation Project's net4 HOWTO.

What MUST I know about Linux networking to get by?

Networks are a double edged sword. You have a great deal of resources available to you when you are connected to a network, the Internet especially. You can move around information and share resources. But in this newly wired world, people can often see you as easily as you can see them. Long gone are the days of locking your office door to protect your PC when you are not there.

An common analogy to Linux is to a tank. Even a unspectacular Linux distribution at your disposal can be immensely powerful. You might remember the amount of chaos one unarmed tank caused when Shawn Timothy Nelson stole an M-60 in 1995. Not to say breaking into other operating systems doesn't happen, but try to see it from the intruders perspective, it's easier to do evil things with a tank then a Pinto.

These myriad of tools available in these systems are very attractive to those with malicious intent. The very nature of open source is power and perfection and speed, but those properties can work against you as well. I can not emphasize this enough, if you have a computer running Linux on an openly accessible network you MUST regularly update your machine with security fixes. Open source software has a tremendous turnover time from security hole discovery to patch, but the turnover time for programs and scripts used for breaking into machines is just as great.

Risks, what risks?

Most people are used to thinking of a virus as the most dangerous malicious program. Viruses don't get very far in Linux because most users don't have write access to most dangerous devices and files so neither does the virus. The real risk is running programs set to act as if root (the superuser or system administrator) were running them. These files are known as SUID root (Set User IDentification root) files, or incompletely SUID for short.

Another risk is from what is known as a Trojan Horse. A typical Trojan Horse is a file put somewhere on your system where an attacker hopes you will inadvertently run it as root giving him root access as well.

Security updates, who cares?

You should. If your box is broken into, you will have replace every binary file and audit every script to know it is once again safe. Depending on your luck, there may be other consequences as well.

Your ISP(Internet service provider) or network administrator will. They will get the email or phone call first. They may just shut you down because of some activity the attacker is using your computer for.

In the US, the FBI will. Depending on the seriousness of attacks launched from your machine they may investigate. Sometimes, it can be determined that your box has been broken into, but I wouldn't want to be left holding the bag.

How often do you update?

You should begin to scan one of the Linux or network security weekly periodicals like Linux Weekly News or subscribe to bugtraq. You should update whenever you hear of general security threat or a threat to your distribution. Even if you don't here anything bad you should check you distribution's security or errata website every week.

How do you install security updates?

OK, now that you are ready to run back to your Pinto, the good news is that distribution makers are usually good about providing timely security updates. Some even provide automatic tools where your disk is automagicly updated. I will be ignoring such tools on the premise that if they are automagic they need no explanation. What I also won't be telling you is how to use the myriad of excellent GUI tools for manipulating assorted package management systems. They are simply not universal and I could drop dead before I described them all. Command line is more direct to explain, and this is a networking column.

What are .tar.gz .rpm and .deb?

The lowest common denominator is .tar.gz or .tgz files. These are a universal packaging system for Linux and are the primary system for the Slackware distribution. They have no central database to help keep track of what you do and don't have on your system. You will have to go package maintainer's or the distribution's website to get updated versions. They often contain source code which you in turn have to compile with the make command and install with the make install command. They compose of a Tape ARchive format (tar) compressed with GNU Zip (gz.) To extract a .tar.gz use the command tar xzf [filename]

The most popular package management system is based on and originated from Red Hat software, .rpm. Red Hat and alot of other distributions use this format. RPMs have a central database to avoid file and version conflicts. You will have to the distribution's or package maintainer's website to get updated packages. The command to update a .rpm is rpm -Uv [filename]. This is great in theory but often rpm's end up with unnecessary version conflicts. You may find your self quickly turning to the sacrilegious --nodeps(no dependancies) or --force to make rpm work.

Debian derived systems, who use the .deb format probably has the most complete package system. Debian is totally noncommercial and as a result do not have the pressure to support upgrades on legacy systems or give their users a reason to buy the latest version. The command to upgrade packages in Debian is apt-get upgrade. That's it, cool right?

Enough security philosophy, how about some networking?

OK. :)

What's PPP?

PPP stands for Point to Point Protocol. It is the protocol used for serial connections and subsequently modems. ISPs usually use PPP and CHAP,( the Challenge Handshake Authentication Protocol) or PPP and PAP(Password Authentication Protocol.) Because ISPs stick to these standards you are able to connect to the Internet with your modem in Linux. Usually pppd (PPP Demon) handles the navigation.

This is moderately easy to configure except for two circumstances. You have a software modem (aka: winmodems), very few of these are supported in Linux. The other roadblock is nonstandard modem connection protocols, for example, America Online uses it's own protocol and client which are not ported or compatible with Linux. If you own or subscribe to one of these problems you should write the appropriate parties to please port, or better yet, open up their clients or drivers. Subscribing to a new service is easy and should be considered. Unfortunately buying a new modem can be prohibitively expensive.

What's Ethernet?

Ethernet is set of different standards ranging from the 10BASE5 standard to the 100BASET. People are most familiar with 10 and 100 BASET standards which are physically identical. They use cat5 twisted pair cable with RJ45 connectors (eight paired and twisted phone line with larger phone jacks.) They both are limited to 100 meters distance between repeaters, usually a repeater is a hub or switch. 10BASET maximum transmition speed is 10 megabits a second and 100BASET is 100megabits. Both networks use a star topology with a maximum of 4 repeaters between any 2 final Ethernet destinations.

What did you say about Ethernet Mr. Technobabble?

There are 2 scenarios for the beginner as I see it. You have a machine on an existing network, or you want to build a small network of your own.

If you have an existing network that you are connecting to success is not far away. Ethernet cards are well supported under linux and odds are yours is covered. The kernel will probably see your card at boot time and if not, a little digging in the /usr/src/linux/Documentation/networking/net-modules.txt file should tell you how to use insmod /lib/modules/[kernel version number]/net/[kernel module name] to get your card working.

The other side is building you own network. I did this at home with some rather positive results. I have 3 computers connected each with their own 10BASET Ethernet card (SMC EZnetworking cards) to a 5 port 10BASET hub with cat5 cable. Total cost, 120 dollars. That 120 dollars allowed me to double the usefulness of my printer, modem, and some hard disk storage space to 2 workstations, considering the 386 I am using as my server was a throw away (thanks BD) and cost nothing, my total savings are 390 dollars plus 20 dollars a month for a second phone connection to dial out with. This kind of saving can be exponentially bigger with more computers, and that is why most companies with computers run LANs(Local Area Networks.)

What's TCP/IP?

Running over the Ethernet or PPP connection is IP or Internet Protocol. On top of IP (in a higher layer) you can run TCP (Transmition Control Protocol) or UDP (User Datagram Protocol.) These are the protocols that make up...drum roll...the Internet. Every machine on the Internet is assigned an IP number.

You will need to be assigned IP numbers for things like nameservers and gateways to make you network connections work. You will also need to be assigned your own IP number for your machine. In the case of PPP you will automagicly receive an IP number as part of the protocol, but in the case of Ethernet you must alocate one yourself (unless you are running DHCP client for Linux, but we will save that for a later discussion.)

So what's next?

I wrote this article to provide some background in Linux networking. Next month we will be able to put some of this new found knowledge to use, configuring a PPP and an Ethernet client with GUI(Graphic User Interface) tools. If you have any questions about the material covered here write me at manewhall@linuxmonth and I try to include the answers in next months column.

Other Articles by Matthew Newhall