How Does A Linux Server Work?

In addition to launching services in response to client requests,  it also manages:

• Access control lists (ACLs)
• Advanced logging features
• Service schedules

Listening for Clients On A Linux Server

A standard Linux server needs to manage multiple services running simultaneously in response to multiple clients making requests to the server for multiple services, so the challenge getting requests from clients to the correct server service.  Each service, whether it’s running as a daemon or running from a super-server, uses a separate network protocol to communicate with its clients.  Each server software program communicates with its clients using the protocol specified for its service, such as a web server using HTTP or an email server using SMTP.

Standardized by the Internet Engineering Task Force (IETF) and published as Request for Comments (RFC) documents, a service’s network protocol defines how network clients communicate with the service, using preassigned network ports.

What are server ports?

Ports, defined within the TCP and UDP standards, separate network traffic going to the same IP address, analogous to  telephone extensions numbers to get to a specific individual within the a company.  Assigned by the IETF, different services use different ports for communication which allows clients to use a common IP address to reach a server and then specific ports to reach individual services.  The IETF has defined a standard set of ports to common services, called “well-known” ports used on the Internet and are listed in the table below:

Serving Internet Services on Linux

A number of standard bearing services that drive the Internet are well delivered by Linux servers,  including:

• Web services
• Database services
• Email services

Linux Based Web Servers

The most common use of a Linux servers on the Internet is as a web server.  Linux-based web servers host the majority of websites, including many of the most popular websites,  there are multiple programs that can use to build a Linux web server including:

• The Apache Server
  • Developed from the first web server software package created by University of Illinois’ National Center for Supercomputing Applications (NCSA).
  • The most popular web server on the Internet due to its modularity.
    • Each advanced feature of the Apache server is built as a plug-in module; server administrator can pick/choose which modules a particular server needs for a particular application, reduce the memory required to run the server daemons.
• nginX Server
  • Released in 2004
  • Designed as a replacement for the Apache web server and provides additional features, including working as a:
    • web proxy,
    • mail proxy,
    • web page cache, and
    • load-balancing server.
  • Has a smaller memory footprint than Apache:
    • Ideal for high-volume environments.
      • Handles over 10,000 simultaneous network client connections.
      • One commonly used configuration is:
        • nginX web server as a load-balancing front end
        • Multiple Apache web servers on the backend.
        • Combines nginX ability to handle large traffic volumes and Apache’s  handling of dynamic web applications.
• lighthttpd
  • A lightweight web server to process incoming client requests for a network application.
  • Ideal for smaller server applications, such as in embedded systems as it has low memory and CPU usage, making .
  • Incorporates a built-in database, combining basic web and database services in a single package.

Linux Based Database Servers

Data manage (referred to as storing and retrieving data in nominal terms) is a hallmark for most, if not all, Internet applications.  While in some situations, standard text files suffice for simple data storage applications, more advanced data storage and management techniques, such as those provided by relational databases, are required most of the time as they allow:

• Applications to quickly store and retrieve data.
• Multiple clients to access the same data from a centralized location.
• The use of  SQL (Structured Query Language) as common method for clients to send requests to the database server and retrieve the data.

In keeping with its open source nature, a few high-quality open-source databases that offer many (if not most) of the same features and performance as  commercial database packages.  In a Linux environment, you will probably run into one of these three databases:

• The PostgreSQL Server
  • Known for its advanced database features.
  • Follows the standard atomicity, consistency, isolation, and durability (ACID) guidelines used by commercial databases and supports many of the features found in a commercial relational database server (transactions, updatable views, triggers, foreign keys, functions, and stored procedures).
  • Had a reputation for being slow due to the complexity of the operations it provided.
• The MySQL Server
  • Started out as a project to create a simple but fast database system.
  • Focus on speed, made it the go to database server used in many high-profile Internet web applications.
    • The LAMP stack can be found running websites worldwide (Combination of a Linux server, Apache web server and the MySQL database and PHP programming language).
  • Since its inception, its new features can rival those found in PostgreSQL and commercial databases.  MySQL still maintains the option of utilizing a faster storage engine that it became famous for.
• The MongoDB Server
  • One of the most popular object-oriented methods of storing data is NoSQL.
  • Stores data as individual documents rather than tables which is different than SQL based relational database systems.
  • NoSQL document can contain different data elements, with each data element being independent from the other data elements in the database.

Linux Based Mail Servers

Just about every Linux server installation provides some type of email server package.  Rather than a large program that handles sending and receiving mail, Linux takes a modular approach to the solution, using multiple small programs to process email (see image below).

In addition to an email database, a Linux mail server is typically divided into 3 functional areas:

• The mail transfer agent (MTA):
  • Responsible for handling both incoming and outgoing email messages on the server.
  • Determines the destination host of the recipient address for each outgoing message.
  • Must establish a communication link with another MTA program on the remote host to transfer the message.
  • Quite a few MTA software packages for the Linux environment but the most popular are:
    • sendmail:
      • Extremely versatile. Many features are synonymous with email systems:
        • Virtual domains,
        • Message forwarding,
        • User aliases,
        • Mail lists, and
        • Host masquerading.
      • Sendmail is very complex to configure correctly.
    • Postfix:
      • Written as a modular application and use several  programs to implement MTA.
      • best features is its simplicity; uses just two small con- figuration files with plaintext parameters and value names.
    • Exim:
      • Uses the sendmail model of using one large program to handle all of the email functions.
      • Attempts to avoid queuing messages as much as possible, focuses on immediate delivery in most environments.
• The mail delivery agent (MDA)
  • Receives messages destined for local users from the MTA program and then determines how those messages are to be delivered.
  • Linux implementations often rely on stand-alone mail delivery agent (MDA) programs to deliver messages to local users (vs remote users).
  • Two common Linux MDA programs:
    • Binmail:
      • Most popular MDA program used in Linux.
      • Name comes from its  location in the system.

/bin/mail.

• • • • Popular thanks to its simplicity.
      • Read email messages stored in the standard /var/spool/mail directory, or you can point it to an alternative mailbox.
    • Procmail
      • Versatility in creating user-configured recipes that direct how the server processes received mail.  A user can:
        • Create a personal .procmailrc file in their $HOME directory to direct messages based on regular expressions to separate mailbox files,
        • Forward messages to alternative email addresses, or
        • Send spam type messages directly to the /dev/null file to trash unwanted email automatically.
• The mail user agent (MUA)
  • Typically running on the client side and interacts with end users (allows viewing/manipulation of messages).  Evolution and K-Mail are widely used graphical email readers for a Linux desktop environment.

Running Local Networks with Linux Servers

Linux servers are often used in local network environments to provide a number of simple, yet critical network services.

Linux Based File Servers

File sharing is a necessity in any business environment and various applications allow multiple user to create/edit/manage files in a common folder.  There are two basic methods for sharing files in a local network environment:

• Peer-to-peer:  One workstation enables another workstation to access files stored locally on its hard drive.  While easily allowing collaboration between two employees on a small local network, sharing data between more than two people is not easily done.
• Client/server: Utilizing a central file server to share files, multiple clients can access and modify files as needed and requires an administrator to control files/folders access.

Two common Linux server software packages for sharing files are NFS and Samba.

• NFS (Network File System): A protocol that uses the nfs-utils package to provide both:
  • The drivers to support NFS.
  • The underlying client and server software to:
    • Share local folders on the network
    • Connect to remote folders shared by other Linux systems on the local network.
  • Using nfs-utils, a Linux system can mount remotely shared NFS folders as if they were on a local hard drive partition.
  • With NFS, a Linux system can share a portion of its virtual directory on the network to allow access by clients as well as other servers.
• Samba:  The Samba software package allow Linux systems to interact with Windows clients and servers as either as a client, connecting to Windows server shared folders, or as a server.
  • While Windows workstations and servers can use NFS, the default file sharing method in Windows is the System Message Block (SMB) protocol, created by Microsoft, who also released the SMB protocol as a network standard.

Linux Print Servers

• Sharing network printers has become a requirement for most offices and has also become popular in many home environments due to the cost, space requirements and utilization rates of most printers.
• The Linux print sharing software package is called the Common Unix Printing System (CUPS) and using a common API operating over dedicated printer drivers, allows a Linux system to connect to local or networked (using the Internet Printing Protocol (IPP)) printer resources.
  • Many printer manufacturers create CUPS drivers for their printers so Linux systems can connect with their printers.
  • CUPS  allows the sharing a locally attached printer with other Linux systems, letting users connect a printer to a Linux server and share it among multiple users in a local network.
• Samba allows interaction with printers shared on Microsoft networks so you can connect a Linux workstation to printers shared on Samba-based Windows networks, or  alternatively you can even share your own locally attached Linux printer with Windows workstations.

Network Resource Servers

Administrating a local network requires managing a number of different technologies and Linux provides a few different service packages that network administrators can use to make their lives easier.

IP Address Administration via DHCP

Every device on a network must have a unique IP address assigned to access resources on the network.  This task is handled by Dynamic Host Configuration Protocol (DHCP).

• When clients log on to a network, they request a valid IP address for the network from a DHCP server.
• DHCP servers keeps track of assigned IP addresses, ensuring that no two clients receive the same IP address.
• Many different types of devices can function as a DHCP server including:
  • Most home broadband routers
  • Most server-oriented operating systems.
• Most popular Linux DHCP server package is DHCPd and almost all Linux server distributions include this in their software repositories.
• When the DHCPd server is up and running on your network, you’ll need to use one of  dhclient, dhcpcd or pump, all of which are DHCP client software package,  in order to tell Linux clients to use it to obtain their network addresses.
  • Most Debian and Red Hat distributions use the dhclient package and install it by default when a network card is detected.

Linux System Logging

The Linux system log records operating details about the system as it runs in the /var/log directory and can be configured to store their system logs on a remote logging server, providing a safe backup of the original log files, plus a safe place to store logs in case of a system crash or a break-in by an attacker.
Depending on which startup software a system uses, the logging package will be one of the following:

• rsyslogd: Used by SysVinit and Upstart systems and accepts service logging data from remote servers.
• journald: Utilized by Systemd system for local/remote logging of system information.

Both use configuration files to define just how data is logged and which clients the server accepts log messages from.

Name Servers

While computers use numeric IP addresses to reference servers, humans usually require some type of text to remember addresses; This conversion is handled by DNS (Domain Name System) (DNS), technology that maps IP addresses to a host naming scheme on networks, thereby acting as a directory.  The BIND software package provides DNS naming services,  and its main program is named is a server daemon running on Linux servers to resolve hostnames to IP addresses for clients on the local network.   A BIND server communicates with other DNS servers to look up an address on remote networks,  allowing clients to point to a single DNS name server while being able to resolve any IP address on the Internet.

As a result of being text based, DNS protocol is susceptible to attacks, such as host- name spoofing but the DNSSEC protocol attempts to mitigate this by encrypting standard DNS packets to help provide a layer of security in the hostname lookup process.

Network Management

Simple Network Management Protocol (SNMP) allows admins to query remote network servers/devices to obtain information about their configuration, status, and even performance.  The most popular SNMP software package in Linux is the “net-snmp” package with SNMPv3 compatibility, allowing secure remote monitor of a Linux server.  As seen in the diagram below, SNMP operates in a simple client/server paradigm:

• Network devices and servers run an SNMP server service that listens for requests from SNMP client packages.
• The SNMP client sends requests for data from the SNMP server.

SNMP has evolved over time to improve security and performance

• SNMPv1 provided only simple password authentication of clients and passed all data in plaintext.
•  SNMPv2 implemented:
  • Basic security
  • Provided for the bulk transmission of monitoring data to minimize network traffic associated with device monitoring.
• SNMPv3, in addition to a streamlined management system, the current versions utilizes strong authentication and encryption capabilities

Time

Synchronization of client/server internal clocks, via the Network Time Protocol (NTP),  is required for many network applications to function correctly.  The ntpd program within the NTP synchronizes a Linux system with remote NTP servers,  allowing servers and clients to synchronize on the same time source across multiple networks. It typically works by having a single Linux server use ntpd to synchronize with a remote time standard server and then have all other servers and clients on the local network sync their times to the local Linux server.

Implementing Security

Linux implements several layers of security that can be configured as needed

Authentication Server

Linux server security and authentication is based on the standard userid/password combination assigned to each individual user on the system and stored in either the /etc/passwd or /etc/shadow files.   Linux servers maintain their own list of valid user accounts that have access on that server.  When dealing with large network environments,  where users access resources on multiple Linux servers,  remembering multiple userids and passwords is problematic, but there are a number of methods for sharing user account databases across multiple Linux servers on a network.

NIS

Implemented with the open-source nis-utils package, the directory service Network Information System (NIS) allows both clients and servers to share a common naming directory which is often used as a common repository for user accounts, hostnames, and email information on local networks. The NIS+ protocol expands on NIS by adding security features.
is an open-source project for implementing an NIS or NIS+ directory in a

Kerberos

Kerberos, developed at MIT as an encrypted, secure authentication protocol, uses symmetric-key cryptography to securely authenticate users with a centralized server database as described in the image below.

Many Linux server applications provide plug-in modules to interface with a Kerberos database for authenticating application users.

LDAP

Microsoft’s Active Directory system, the most popular network authentication system used today, inspired the development of OpenLDAP package, the most popular Linux implementation of LDAP; it provides simple network authentication services to multiple applications and devices on a local network.
Based on a hierarchical database to store objects in your network, OpenLDAP provides flexibility for designing network authentication by allowing you to group objects by:

• Types, such as users and servers, or
• By location, or
• Both.

Consisting of both client and server programs, the client program allows systems to access an OpenLDAP server to authenticate requests made by clients or other network objects.

Certificate Authority

As the userid/password method of  authentication fraught with security issues—sharing user accounts, simple passwords, and even accounts with no passwords assigned.  These issues can be avoided by using certificates, which can identify a specific user on the network. Only one user should have any particular certificate and it’s important that the server trusts the certificate authority that issued the certificate.   The OpenSSL package provides standard certificate functions for both servers and clients. and  once issued, they can be uses to implement a two-factor authentication method.

Access Server (SSH)

Remotely accessing servers is a common, yet potentially risk activity in today’s environment is risky; Logging into a server from a remote location using a plaintext protocol such as Telnet or FTP is not a good and you should use a remote access protocol that incorporates encryption between the client and server. The Secure Shell (SSH) provides a layer of encryption around data sent across the network.  The OpenSSH package implements SSH in the Linux environment and provides secure:

• Telnet
• FTP
• Remote copy, and
• Tunneling, which involves wrapping any network transaction with layer of encryption,

Virtual Private Networks

Network traffic hops across many servers before reaching its destination, providing ample opportunities for someone to view your data.  You can avoid this by using a Virtual Private Network (VPN) to create a secure point-to-point tunnel between a remote client or server and you VPN server, providing a secure method for remotely accessing any server on your local network.  The most popular VPN solution in Linux is the OpenVPN package, which runs as a server service on a Linux server on your local network.  Remote clients uses OpenVPN to connect with the OpenVPN server to establish connectivity to the server and then, once on the server, gain access to the rest of your local network.

Proxy Server

Web proxies servers intercept web requests from local clients and control how clients interact with remote web servers.  A web proxy server can:

• Block websites
• Cache common websites so that future requests for the same pages load faster.

The Squid package is the most popular web proxy server for Linux.

Monitoring

With multiple Linux servers on a network, monitoring, it is important to leverage one of the several Linux monitoring tools. The Nagios software package, which uses  Nagios uses SNMP to monitor system performance and logs is a popular tool.

Improving Performance

There are three common methods for improving performance of Linux networks:

• Clustering:  improves performance, provides system redundancy and fault tolerance by dividing application functions across multiple servers.
  • Each server node in the cluster is configured the same and perform the same functions.
  • Management software splits the application functions among the servers and is the key to the performance of the cluster. The Beowulf cluster, one of the earliest attempts at creating clusters of inexpensive Linux servers, relied on parallel processing libraries (Parallel Virtual Machine  library), to distribute an application’s library calls.  Newer  clustering software includes the Apache Hadoop project and the Linux Virtual Server (LVS) project.
  • As each server in the cluster works on only part of the application, the cluster can be build from less powerful servers than if you had to run the entire application on a single server.
• Load Balancing: A special application of clustering that redirects entire client requests to one of a cluster of servers. While a single server processes the entire request, the client load is distributed among the multiple servers automatically.
  • Common load balancing packages include HAProxy, the Linux Virtual Server (LVS), and  nginX web server.
• Containers: One of the greatest challenges for application developers is creating a development environment that mirrors the production environment.
  • Containers packages all the necessary application files, library files, and operating system libraries into a bundle that can be easily ported between server environments.
  • Linux server packages that support containers include Docker and Kubernetes.

As you have finally reached the end of the article, you should now understand how does a Linux server work.   If you want to further your Linux education, keep reading other Secur article