Section 36.4. Objective 4: Serving News


36.4. Objective 4: Serving News

Knowledge about how to configure a news server is required for the LPI Level 2 Exams. However, news servers receive even less emphasis than mailing lists. The LPI specifically mentions the InterNet News service (INN), which is offered by the Internet Systems Consortium (ISC) at http://www.isc.org. INN is currently in its second version, INN 2. Following is the essential information you need to know about this topic.

36.4.1. Overview

The INN daemon uses the Network News Transfer Protocol (NNTP), which operates on TCP port 143 by default. The protocol was first outlined in RFC 977. The name of the INN program that serves news is innd, the INN daemon. You can read more about INN at http://www.isc.org/index.pl?/sw/inn.

News servers can operate locally, meaning that they can provide access to messages posted by users on the LAN. It is also possible to connect an NNTP server to a newsfeed, which makes it possible for the server to receive messages from all of the Usenet newsgroups on the Internet. Thousands of newsgroups exist. They are organized hierarchically. Top-level discussion categories include:


alt

By far the largest group, which includes an extremely wide variety of topics, from alt.fan.letterman to alt.os.linux to alt.music.led-zeppelin.


comp

This category includes such computing-related groups as comp.lang.c, comp.lang.java, and comp.software.testing. The comp.os.linux series of groups is especially relevant to readers of this book.


humanities

Groups in this category include humanities.lit.authors and humanities.classics.


sci

Includes sci.physics and other science-related entries.

This type of access, though, often requires the ISP to pay a fee, and some ISPs have begun closing down newsgroup and Usenet access. As a result, many INN administrators use local-only configuration, which does not support Internet-based Usenet submissions.

In order to create your own NNTP group, you need an NNTP daemon such as innd. Table 36-9 describes some of the files and directories used by innd.

Table 36-9. Files and directories used by innd

File

Description

innd

The INN daemon.

ctlinnd

Used to add and delete groups, allow and disallow NNTP clients, enable or reject remote newsfeeds, and determine the status of a news server. Also used to cancel postings to a list, as well as to stop and start INN.

/etc/news/inn.conf

The primary INN configuration file.

/etc/news/readers.conf

Used to control which users and hosts access the INN server.

/etc/news/newsfeeds

Determines how postings on your system are distributed on the server and to other peers.

/etc/news/incoming.conf

Contains the names of the hosts that are allowed to connect to your system and provide it with newsgroup postings. Controls what you receive from upstream servers.

/etc/news/expire.ctl

Used to determine when articles posted on your INN server expire.

/etc/news/control.ctl

Determines how INN handles control messages sent from upstream INN servers. Control messages can include notifications of new groups.

/etc/news/innwatch.ctl

Determines what INN does to monitor its performance.

/var/log/news

A directory containing all of the INN log files, including err.log (critical errors), news.notice (daemon startup and shutdown), and errlog (errors relating to the posting of messages).


NNTP is designed to create a decentralized communications system. It is possible for an INN server to participate in downstream feeds, which means that it receives newsgroup lists and commands from other servers. An INN server can also be an upstream server, which means that it feeds information to other servers that reside beneath it. As decentralized as NNTP is, it is important to understand that a failure of an upstream server can cause your INN server to not receive updated information.

NNTP clients include:

Lynx (http://lynx.isc.org)

trn (http://trn.sourceforge.net)

Mozilla Mail (http://www.mozilla.org)

Netscape Mail (http:/www.netscape.com)

newsx (http://www.kvaleberg.com/newsx.html)

Outlook and Outlook Express (http://www.microsoft.com)

36.4.1.1. Installing INN

You can install INN in various ways. Many precompiled packages do not have certain useful features compiled into the binaries. If this is the case, search carefully for configuration files that may override such limitations. If you cannot find these, then you will most likely have to configure from source. You can obtain the source file from the ISC.

36.4.1.2. Configuring INN

Once you have installed INN, you can add users using the ctlinnd command. The syntax for adding users is as follows:

 ctlinnd newgroup new_group_name rest group_creator 

The newgroup command informs ctlinnd that you are creating a new group. You then specify the new group name and then the rest value, which indicates whether you wish to allow users to access this group. Specify y to allow access or n to disallow access. You then specify the name of the creator.

For example, supposing you wished to create a local INN group named research. You would issue the following command:

 ctlinnd newgroup research y james 

Once you issue the command, users can access the research NNTP user group on this server. In some cases, you may want to specify n as the rest value, because you may want to further configure INN before you actually start serving users.

The readers.conf file determines how INN handles control messages sent out to control news servers across the Internet. Two configuration groups exist for the readers.conf file:


auth

Determines the users and hosts that are allowed to authenticate with the server


access

Determines the newsgroups that authorized users can access

As you configure the readers.conf file, remember that you have to create entries for each group. Following is an example of a very simple readers.conf entry that opens full access to all groups on the server:

 auth "pub" {         hosts: *         default: "" }         newsgroups: * access "full" { } 

The auth entry in this example contains two subheadings: hosts and default. The hosts entry specifies the hosts that are allowed to authenticate with the system. In this case, the wildcard * is used. Therefore, any host can access the server. The value for default has empty quotation marks as its value, which means that any user can access INN on the host, because no name is given for the default username.


Tip: In most Linux systems, INN does not allow remote access by default.

Each time you make a change to these configuration files, stop and restart innd. You can do this in various ways, though the most universal method is to use the ctlinnd command. To stop INN, issue the following command:

 ctlinnd throttle reason 

where reason is a particular reason for shutting down the server. To start INN again, issue the following command:

 ctlinnd go reason 

where reason is the exact same word you used when you shut down INN. If you do not specify a reason, you will still be able to start the server again, but the reason option allows you to restart only those processes that will be affected by your change.

In some systems, you will find scripts in the /etc/init.d or /etc/rc.d/init.d directories that allow you to stop and restart INN. Remember, though, that the LPI test generally looks for the most universal solutions, not those that are specific to a particular distribution.

36.4.1.3. Customizing newsgroups

The following example is a more ambitious entry in readers.conf:

 auth "public" {     hosts: "*"     default: "" } auth "localnet" {     hosts: "10.45.99.0/24"     default: "" } auth "localhost" {     hosts: "localhost, 127.0.0.1, stdin"     default: "" } auth "useraccounts" {     auth: "ckpasswd -f /etc/news/nntp_passwd" } 

These entries make it possible to use the ckpasswd application, which ships with INN. This application can check passwords found in a password file, in this case, nntp_passwd. The nntp_passwd file is generated using the htpasswd command, as follows:

 htpasswd -c /etc/news/nntp_passwd username 

where username is the first INN user you wish to create in the file. You can then add more users with commands such as the following:

 htpasswd /etc/news/nntp_passwd sandi 

You can create as many users as you wish using the htpasswd command.


Tip: You also use the htpasswd command to change the passwords of users you have already created.

You are not finished editing the /etc/news/readers.conf file yet, however. Remember, you must add the access section. This section is something like the following:

 access "users" {     users: "sandi,james,jamey,jacob,joseph,joel"     newsgroups: "*"     access: RP } access "localhost" {     users: ""     newsgroups: "*"     access: RPA } access "localnet" {     users: ""     newsgroups: "*"     access: RP } access "public" {     users: ""     newsgroups: "research.*,alt.comp.research"     access: RP 

Now, clients accessing your INN server will have to authenticate in order to access your resources. INN will use the ckpasswd command to read the /etc/news/nntp_passwd file and then authenticate users.

Authentication occurs in cleartext, meaning that any usernames and passwords used can be easily obtained off the network using a packet sniffer such as tcpdump or ethereal. To thwart password sniffing attacks, it is possible to configure INN to use SSL. Configuring INN for SSL is beyond the scope of the LPI Level 2 Exams, but all you need to do is use the openssl command or the CA.pl Perl script (which relies on openssl) to generate a certificate. You then configure INN to recognize the certificate. The result is SSL protection for your server.

36.4.1.4. Configuring downstream and upstream clients

To configure downstream access, edit the /etc/news/newsfeeds file. Entries in this file will receive updates from your server and will become peers. Following is an example of a newsfeed entry that forwards Usenet articles through the innfeed application that INN uses to update other servers, but does not forward local articles:

 news.uu.net/uunet\        :*,!junk,!control*/!research\        :Tm:innfeed! 

Given this entry, any internal newsfeed whose name contains research will not be forwarded.

As you read earlier, the /etc/news/incoming.conf file allows you to determine which systems can connect to yours and provide newsgroup articles. Consider the following entry:

 peer goodsys.nntp.com {         hostname: "nntp.com, nntp.com"      } 

This allows the nntp.com and nntp.com systems to provide articles to your system in a newsfeed.

36.4.1.5. Monitoring newsgroups

When it comes to monitoring INN, consider reviewing log files and configuring the /etc/news/innwatch.ctl file. Table 36-10 explains the contents of the different log files.

Table 36-10. INN log files

File

Description

errlog

Contains entries relating to processing of messages, including the processing of message digests.

news

For problems relating to mail postings.

news.crit

Records critical errors, such as when essential services fail and when connections are no longer available.

news.err

Reports errors in configuration files.

news.notice

Describes the connections to the INN daemon. Includes local and remote connections. The hostname, time of day, and associated actions are all reported. Includes information concerning received and rejected messages, as well as when the server is stopped and started.

rc.news

Records server stops and restarts.


36.4.1.6. Using innwatch

News servers can quickly occupy large amounts of disk space and system resources, if many users are configured to use them. After all, more than 14,000 Usenet groups exist. The creators of INN realized that robust management had to rely on more than simply viewing log files. So you can use the innwatch command to actively monitor the network host's load average and the amount of free disk space on the host.

If innwatch finds that INN is using too many resources, innwatch will reduce INN's draw on system resources to the point where it will shut the news server down. innwatch reports what it finds in the innwatch.status log file.

The /etc/news/innwatch.ctl file determines the level of supervision performed by the innwatch command. Using this file, you can determine how often innwatch runs, as well as the system resources it checks.



LPI Linux Certification in a Nutshell
LPI Linux Certification in a Nutshell (In a Nutshell (OReilly))
ISBN: 0596005288
EAN: 2147483647
Year: 2004
Pages: 257

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net