|
Extraordin-Air Team Final Project
|
 |
|
task 30.
Export a directory on your server via NFS. Limit the exposure so that only your machine can mount it.
Steps:
added the following line to /etc/exports:
/var/www/cgi-bin 192.104.59.48/255.255.255.0(rw,nohide)
This translates to allow the /var/www/cgi-bin directory on this machine
(air) to be exported to IP address 192.104.59.48 (air) using options of
read-write and no hide (nohide permits the exported directory to be
seen from its mount as if it were a regular directory there).
Added the following lines to /etc/hosts.deny
portmap: ALL
lockd: ALL
mountd: ALL
rquotad: ALL
statd: ALL
These lines were added for security purposes. The /etc/hosts.allow
file will get read first and only the services that are not allowed
will be denied. So what this will do (after the allow file allows
local access to NFS) is deny NFS to any host NOT specified in the
/etc/hosts.allow file.
added the following lines to /etc/hosts.allow
portmap: LOCAL
lockd: LOCAL
mountd: LOCAL
rquotad: LOCAL
statd: LOCAL
These lines are all proscribed by NFS.
All these demons are necessary for the NFS daemon to work.
By restricting them to "LOCAL" I am preventing NFS from exporting
our files to other machines.
Errors to Avoid
While making changes to /etc/hosts.deny and /etc/hosts.allow, I managed to disable ssh! I discovered this when I attempted to ssh in to air
from a second terminal window (lucky me, I had not exited the other terminal yet). I therefore added one more line to
the /etc/hosts.allow file and tested to ensure that I could ssh in.
sshd: ALL
After making changes to the files, there were daemons to restart:
exportfs
exportfs -ra
root[/etc]# service nfs start
|
Starting NFS services: | | [ OK ]
| | Starting NFS quotas: | | [ OK ]
| | Starting NFS mountd: | | [ OK ]
| | Starting NFS daemon: | | [ OK ]
|
root[/etc]# service nfslock start
|
Starting NFS statd: | | [ OK ]
|
root[/etc]#rpcinfo -p
|
program | vers | proto | port
| | 100000 | 2 | tcp | 111 | portmapper
| | 100000 | 2 | udp | 111 | portmapper
| | 100001 | 3 | udp | 977 | rstatd
| | 100001 | 2 | udp | 977 | rstatd
| | 100001 | 1 | udp | 977 | rstatd
| | 391002 | 2 | tcp | 1587 | sgi_fam
| | 100004 | 2 | udp | 1001 | ypserv
| | 100004 | 1 | udp | 1001 | ypserv
| | 100004 | 2 | tcp | 1004 | ypserv
| | 100004 | 1 | tcp | 1004 | ypserv
| | 100007 | 2 | udp | 608 | ypbind
| | 100007 | 1 | udp | 608 | ypbind
| | 100007 | 2 | tcp | 611 | ypbind
| | 100007 | 1 | tcp | 611 | ypbind
| | 100003 | 2 | udp | 2049 | nfs
| | 100003 | 3 | udp | 2049 | nfs
| | 100021 | 1 | udp | 1703 | nlockmgr
| | 100021 | 3 | udp | 1703 | nlockmgr
| | 100021 | 4 | udp | 1703 | nlockmgr
| | 100011 | 1 | udp | 1004 | rquotad
| | 100011 | 2 | udp | 1004 | rquotad
| | 100011 | 1 | tcp | 1007 | rquotad
| | 100011 | 2 | tcp | 1007 | rquotad
| | 100005 | 1 | udp | 1708 | mountd
| | 100005 | 1 | tcp | 2003 | mountd
| | 100005 | 2 | udp | 1708 | mountd
| | 100005 | 2 | tcp | 2003 | mountd
| | 100005 | 3 | udp | 1708 | mountd
| | 100005 | 3 | tcp | 2003 | mountd
| | 100024 | 1 | udp | 1709 | status
| | 100024 | 1 | tcp | 2004 | status
|
|
|
|
|
|