Mail server mnjk: Difference between revisions
Jump to navigation
Jump to search
Open a SSH session to your server
Install open-vm-tools
Line 65: | Line 65: | ||
: Run the '''sudo apt install open-vm-tools''' command to install the vmWare Tools. You will be prompted about several additional software packages required to be installed, type '''y''' and press enter to install the software. | : Run the '''sudo apt install open-vm-tools''' command to install the vmWare Tools. You will be prompted about several additional software packages required to be installed, type '''y''' and press enter to install the software. | ||
<code>sudo apt install open-vm-tools</code> | <code>sudo apt install open-vm-tools</code> | ||
<br> | |||
<ol> | |||
:Nmap is a tool we will learn more about later in the course but it will likely be used to check many of the labs for completion while working through the course. This course's labwork often builds upon the work you have done in previous labs. The self-check scripts are to assist you in ensuring you have not missed any ''critical'' steps in your work that would affect your success in subsequent labs. | :Nmap is a tool we will learn more about later in the course but it will likely be used to check many of the labs for completion while working through the course. This course's labwork often builds upon the work you have done in previous labs. The self-check scripts are to assist you in ensuring you have not missed any ''critical'' steps in your work that would affect your success in subsequent labs. | ||
Revision as of 03:00, 14 February 2021
Introduction
- This section documents the creation of the Auto-Reply Mail Server. This section will likely be created by an instructor or administrator.
Mail Server Documentation
- Power on you Virtual machine
- This server may reside in the VMware ESXi or NetLab as long as the network configuration allows connection to the course VLAN and student VM's.
- Install Debian Linux
- Once the system has booted and is on the "Debian GNU/Linux installer menu" choose "Install" and not "Graphical Install". If you make an incorrect choice you can reboot your virtual machine (power off and on) before installing to get back to the menu.
- In the installer you will use the space bar to select and unselect "checkboxes", the tab key to move between fields and buttons, and the enter key to continue. You will be prompted for the following choices
- Select English as the language, United States as your location, and American English as the keymap.
- Set ens192 as your primary network interface.
- Set a hostname for the system to 2480 followed by a dash and then your pod ID letter, like 2480-Z for LSA Pod Z. If you have forgotten your pod ID letter look up at the top of your screen above the line with the "Topology" and "Linux Server" tabs and you should see a line with "LSA Pod" followed by a letter, that letter is your pod ID letter.
- Note: These steps are critical to future success in labs, check your spelling carefully
- Click here for a larger image
- Set the domain name to itc2480.campus.ihitc.net
- Set the root password to something you will NOT FORGET, this is the administrator account, cisco might be a good choice for our purposes though that would not be secure for a system directly accessible from the Internet (we are protected by a firewall which you are bypassing via the VPN connection)
- Create a new user account by entering your name. The system will automatically use your first name (all lowercase) as the username and then you should set the password to another password you will not forget
- Select your timezone
- Choose "Guided - Use entire disk" as the partitioning method and select the sda drive and "All files in one partition" as the partitioning scheme, "Finish partitioning and write the changes to the disk", and then finally confirm you want to write the changes.
- You do not want to scan any other CDs or DVDs at this time.
- You want to select a mirror located close to you with good speed. Because your VM is actually running from the campus and is connected to the campus Internet connection a good option is "debian.uchicago.edu" with no http proxy.
- Choose whether you want to participate in the package usage survey, for our purposes either choice is just fine.
- On the software selection screen UNSELECT "Debian desktop environment" and "Print server" and make sure that "SSH server" and "Standard system utilities" are the only two selected options.
- Note: To select and unselect options move your cursor over the option and press the space bar.
- Choose that yes you want to install GRUB to the master boot record on the /dev/sda device.
- Complete the installation
- Complete the installation
- When the installation is complete you can select continue to "eject" the virtual CD and reboot into the new install
Install Basic Tools
- Install sudo from the command line using:
- Note: A good practice is to update your system before installing any packages, this should be completed using apt update, ensure to use sudo when not logged in as root.
apt update
apt install sudo
- For security purposes it is usually the case that you do not want to log in as the root user. Instead, best practice is to log in as a standard user and then execute specific commands that require root access with administrative privileges through the sudo program. The sudo program is not installed by default so after you have logged in to the root account enter apt update and press enter which will update the list of software available for installation and then apt install sudo and press enter to install the sudo software.
- Add sudo privileges to our standard user account.
adduser <username> sudo
- We now need to add our standard user account to the group which is allowed to have administrative access to do this enter the command sudo adduser <username> sudo and press enter, replacing <username> with the name of your standard user account (set during the setup process, probably your first name in lowercase). We'll learn more about these commands later in the course.
- Reboot system
- Reboot your system using the shutdown -r now command to apply the changes
- Log in as your standard user account, determine system IP address.
- Once you are logged in use the following command at the command line to determine the IP address of your system
ip address show
- Using the ip address show command will allow you to check the IP address of your system. The IP address should be something like 172.17.50.xxx and be an inet address on the ens192 adapter.
- Test sudo privileges
- Try running the same command as the administrator by typing sudo ip address show, you will need to enter in your password again when you run this command.
- Exit from the local console
- To log out of the console type exit and press enter.
- Because your Debian Linux server is running as a virtual machine on a vmWare host system in order to achieve the best performance and driver integration we should install the vmWare Tools software package in your virtual machine.
shutdown -r now
sudo ip address show
- Connect into your system using the remote SSH console method explained above.
- Run the sudo apt install open-vm-tools command to install the vmWare Tools. You will be prompted about several additional software packages required to be installed, type y and press enter to install the software.
sudo apt install open-vm-tools
- Nmap is a tool we will learn more about later in the course but it will likely be used to check many of the labs for completion while working through the course. This course's labwork often builds upon the work you have done in previous labs. The self-check scripts are to assist you in ensuring you have not missed any critical steps in your work that would affect your success in subsequent labs.
- NOTE: Before we begin the installation of this tool it is important to remember that scanning a system is often seen as an attack against the system and should not be done unless you are the administrator of both the system that you are scanning from and the system you are scanning or have the explicit permission of the system administrator of those systems! In some areas people have been legally charged and prosecuted for scanning of systems which they are not authorized to do. You have been warned!
- At this time all you will be doing is installing the tool as it will be used to self-check your lab work to verify you are ready to move on to the next lab.
- Open a SSH session to your server
- Run the following command at the command line.
- Run the sudo apt install nmap command to install the nmap tool. You will be prompted about additional software packages required to be installed, type y and press enter to install the software.
- Close the SSH session
- Type exit to close the connection while leaving your VM running.
sudo apt install nmap
Add User "Ping", Install Webmin
- Create a new user account jsmith using the adduser program
- Use the links browser to download the DEB package file from www.webmin.com
- NOTE: Because this DEB file was downloaded directly instead of automatically by APT from a package repository the installation command is slightly different and some other commands such as apt show will not work.
- Install the package with apt install
apt install ./<filename.deb>
- Don't forget that installation of software must be done with system administrator permissions.
- Click for Larger Image
- NOTE: You can get similar information to what you can get with apt show from a DEB package file using the following command:
dpkg -I <filename>
- Notice the additional packages which are required by Webmin (dependencies) which will be downloaded and installed by apt from a repository in order to complete the installation.
- Open a web browser on your host system and visit https://xxx.xxx.xxx.xxx:10000 where your IP replaces xxx.xxx.xxx.xxx
- Login using your Debian username and password
- Explore the Webmin interface
adduser jsmith
Set Static IP Address
- An important first step is to learn how to diferenciate between network interfaces. Take a look at this site and this site to understand how network interface names in Debian 9 and later are identified.
- Set a static IP for your server
- Using your text editor of choice, open up the file /etc/network/interfaces
- Notice how it is currently set to dhcp for the ens192 interface.
- To set a static IP, you will need to change iface ens192 inet dhcp to iface ens192 inet static.
- Now, under the iface line you just edited, you will need to enter the address, netmask, and gateway for the static network.
- Reminder: it is common practice to indent (tab) static network configuration information in the interfaces file.
- Now save the file, and exit your file editor.
- Apply your static IP address
- Now we are going to apply the static IP change. Try using ip address show to view your active configuration now and you should see that your old address is still active.
- Using the ifdown and ifup command, we are going to restart the network interface, this step is required to apply the change.
- In a SSH terminal, run sudo ifdown ens192 && sudo ifup ens192. Notice the two && symbols. This tells the Linux shell that it should run the second command right after the first. If we do not define this, then we would be left with a machine that has its networking turned off.
sudo ifdown ens192 && sudo ifup ens192
- At this point, your machine should now be using a static address. You may receive an error message indicating that an address cannot be assigned which is related to your old DHCP address still being on the interface as well. Use ip address show to verify the new IP address is assigned to the interface.
- Verify the new static IP address
- Used a ping command from your local PC to try pinging both the old DHCP address as well as your new static address of your VM.
- Once you have verified the VM is responding on the new static IP address reboot the system to ensure the old DHCP address is removed by restarting your VM with sudo shutdown -r now Note you will lose your SSH connection because the IP your SSH session is connected to is no longer in use by your VM.
- Reconnect through SSH to your new IP address and verify it is now applied using the ip address show command.
allow-hotplug ens192 iface ens192 inet static address xxx.xxx.xxx.xxx netmask 255.255.255.0 gateway 172.17.50.1 dns-nameservers 172.17.139.11 172.17.139.111