Franske CNT-2311 Labs: Difference between revisions
Jump to navigation
Jump to search
BenFranske (talk | contribs) |
BenFranske (talk | contribs) (→Samba) |
||
(4 intermediate revisions by the same user not shown) | |||
Line 235: | Line 235: | ||
=Webmin and Apache= | =Webmin and Apache= | ||
# | # Start your Ubuntu Server system | ||
# | # If you have not yet installed the '''links''' and '''lynx''' text-mode web browsers on your system do so now | ||
# Start the links web browser, press "G" to GO to a URL, and browse around on the Internet until SafeConnect asks for a username and password. Authenticate with SafeConnect using your campus username and password. If you have problems with SafeConnect working with links try using lynx instead. | |||
#Install | # Install the Apache 2 webserver as well as the '''mysql-server php5 php5-mysql''' packages which will be used later on. | ||
## | ## Check the IP address of your server and then try visiting that IP address from the web browser of your host system to make sure that the Apache software has been installed | ||
## | ## Try finding and editing the index.html page which is being served by your server and verify that you can see the changes by refreshing the page in the web browser on your host | ||
## | ## Create a new directory inside your home directory to hold website files. | ||
## | ## Create a new index.html file inside of that directory | ||
## | ## Find and edit the configuration file for this "default site" on Apache to use that new directory as the root of the website | ||
## | ## Apply the changes to your configuration files and verify the new page is showing up in your web browser. | ||
# | # Return to your home directory and use the links web browser to download the webmin Debian package from webmin.com | ||
#Install | # Install Webmin on your Ubuntu Server System | ||
## | ## Attempt to install the Webmin package to your system, note the names of the missing dependencies | ||
## | ## Install the dependencies and then complete the installation of the Webmin program | ||
##Login to the Webmin interface and | ## Login to the Webmin interface from the web browser of your host system, remember to use SSL and the correct port number | ||
#Install a WordPress blog or a MyBB bulletin board | ## Change the port Webmin is operating on to 1142 | ||
##Download and install (following instructions included in the download) the [http://www.wordpress.org WordPress] or [http://www.mybb.com MyBB] software on your webserver. Note that this will involve creating a MySQL database. | ## Explore the Webmin interface including the Apache and MySQL modules. If the modules are not showing up you may have installed Apache or MySQL after Webmin. If you do this you can click the "Refresh Modules" link to search your system for software which can be configured with Webmin. | ||
##Make sure that you can access and use your web application through a browser on your host system accessing http://your-ubuntu-server-ip-address | # Install a WordPress blog or a MyBB bulletin board | ||
## Download and install (following instructions included in the download) the [http://www.wordpress.org WordPress] or [http://www.mybb.com MyBB] software on your webserver. Note that this will involve creating a MySQL database which you can either do though the command line or through the Webmin MySQL module. | |||
## Make sure that you can access and use your web application through a browser on your host system accessing http://your-ubuntu-server-ip-address | |||
=Firewalls, DHCP and DNS= | |||
# Start VirtualBox and modify the network settings of your VMs | |||
## Your Ubuntu Server system should have two network cards. The first bridged to the outside network adapter and the second connected to an internal network. | |||
## Your Ubuntu Desktop and Fedora systems should both have their network cards attached to the same internal network as the server. | |||
## Start your Ubuntu Server VM | |||
# Install the ISC DHCP Server version 3 on your system | |||
## Configure a private static IP address on the second network card attached to the internal network. | |||
## Configure the DHCP server either directly or through Webmin to hand out addresses from one of the private IP address ranges to clients on the internal network adapter. You should also provide the address of your internal network interface as the default gateway and DNS server. | |||
## Start one of the client systems and verify the correct network configuration is being received. | |||
# Using either Webmin or the command line configure the system firewall as a masquerading NAT setup to allow clients on the internal network to reach outside sites and secure your system from unwanted outside packets. | |||
## The main NAT rule must exist in the postrouting chain of the NAT table and should take the action of masquerading all traffic leaving the outside interface of the system. | |||
## Don't forget to enable IP forwarding (routing) in your kernel settings! | |||
## Securing your system would also include limiting all inbound traffic from the outside interface to the local system and traffic being routed to other systems to traffic which has been requested (established, related) | |||
## You should be sure to continue to allow access to your Webmin interface as well! | |||
## Verify your firewall is working properly by attempting to ping an Internet IP address such as 8.8.8.8 from one of the client systems. | |||
# Install the BIND DNS server to provide caching DNS service to internal clients | |||
## Verify DNS service is working from a client system | |||
## If you have time, as a challenge, try to create a DNS zone for example.com with at least one A record for example.com and try looking up the IP address from one of your client systems. | |||
=Samba= | |||
# Start your Ubuntu Server VM | |||
# Install the Samba Server on your system and re-scan installed programs with Webmin so that it can be configured there | |||
# Modify your firewall settings to allow access to your Samba server from your host system (which exists on the campus subnet). Keep in mind the network settings and multiple network cards in your VM as well as what they are attached to. You will need to research what ports are needed for SMB/CIFS fileservers online. | |||
# Set the workgroup for your server to be the CNTLINUX workgroup | |||
# Set the name of your Samba server to your name (without spaces) | |||
# Configure sharing of user home directories and allow users to write to them as well as read from them | |||
# Verify that you can access the home directory of a user on your Ubuntu server system from a Windows computer, either a Windows VM or your host computer. Try creating a new file and moving an existing file as well. | |||
# Setup a new directory on your Ubuntu server which can be used by multiple users and add it as a new Samba share. | |||
# Verify you can access and use the new share with multiple user accounts. Because Windows caches your credentials you may need to ask your neighbor to try logging into your Samba server from their computer as a different user. |
Latest revision as of 05:14, 28 April 2011
Chapter 1
- Install the Fedora Linux distribution into a new virtual machine. Be sure to make a note of your root account password and your user account name and password!
- Login to your Ubuntu Linux server virtual machine using your standard username and password
- Experiment with moving from directory to directory on the system
- Try to get to the /etc, /usr/bin and /var/cache/man directories on your system. How can you verify which directory you are currently working in?
- Try using a shortcut to get back to your the home directory of your user.
- Create a new directory inside of your home directory called linuxlabs and another new directory inside of that directory called chapter01
- Make chapter01 your working directory and create three empty files within that directory named one, two, and three using the touch command.
- View a long style listing of all files (including hidden files) in the current directory to verify the three files were created and each have a size of zero.
- Set an environment variable called MYNAME equal to your name and then use the echo command to display a customized greeting using the environment variable you just set.
- The dmesg command will display the system kernel log. Capture the standard output from the dmesg command into a new file named kernel-log.
- Rename the kernel-log file to startup-log and the one file to number-name
- Use the nano text editor to edit the number-name file to include the information from your textbook listing 1.1 found on page 19. Create another new file named number-status with the information from listing 1.2 on the same page.
- Use the join command to match the data in the number-name file with that in the number-status file and capture the result into a new file named number-name-and-status
- Use the man command to review the manual pages of the less command
- Copy the /var/log/syslog file into a new file ~/linuxlabs/chapter01/system-log-file
- Try using some of the other text processing commands including sort, nl, head, tail, grep, etc. to manipulate data on files in your chapter01 directory.
Chapter 2
- Install Fedora as a second virtual machine if you have not done so already. Be sure to make a note of your root account password and your user account name and password!
- Use a web browser in Fedora to download an RPM file from the Internet
- One possible example is the zsh-4.3.10-5.fc14.i686.rpm file which can be found through the rpmfind.net site.
- Open a command line window and become the root user using the su command and the root account password which you set during the installation
- Use the RPM utility to query for information about the RPM package
- Install the RPM package you downloaded in Fedora
- Use yum to check which packages installed on your system have updates available using the yum check-update command
- Try using the appropriate yum command to update one of those packages to the latest version
- Use a web browser in Fedora to download an RPM file from the Internet
- Switch to your Ubuntu Server VM
- Use a text editor to edit your /etc/apt/sources.list file and change the repository from us.archive.ubuntu.com to mirror.rit.edu (HINT: You can use the search and replace function of your text editor to do this quickly! Also, I suggest making a backup copy of your original /etc/apt/sources.list file before making any changes)
- Use the apt-get update or aptitude update command to download the latest package lists from the repository
- Use the apt-get install or aptitude install commands to download and install the links and lynx text-only web browser programs.
- Use ldd to get information about what libraries some program on your system uses
- Use ps and top to view all the processes running on your system
- Use job control to start and stop jobs as well as run jobs in the background and list all currently running jobs
- An example of a job you could stop is cat /var/log/syslog | less which displays your entire system log one line at a time. You should be able to start this job in the background using cat /var/log/syslog | less& and then view a list of active jobs on your system, bring it to the foreground, stop the job and then start it again in the background
- Don't forget to shutdown your systems properly (shutdown -h now) before closing the VM windows.
Chapter 3
- Create a new 6 GB virtual hard drive file and add it as a secondary hard drive to your Ubuntu Server VM
- Boot your Ubuntu Server system
- Use the dmesg command to check for log messages from the kernel during system startup. Try to find some information about the second hard drive you just added.
- Find and partition the new drive into at least 5 partitions
- Make the first partition an ext3 partition
- Set this partition so that it will never automatically run fsck
- Make the second partition a swap partition.
- HINT: You will need to change the partition type, format the partition as swap space, and enable the swap space. You can verify the swap space is active and in use by using the free -m command before and after you setup this partition.
- Make the third partition an ext2 partition
- Make the fourth partition a btrfs partition
- HINT: btrfs is a fairly new filesystem and the tools to format a btrfs partition may not be installed by default. Try searching for packages which you could install to add btrfs support to your system.
- Make the fifth partition a msdos (FAT) partition
- Make the first partition an ext3 partition
- Create mount points (empty directories) for each of the non-swap partitions within your home directory and mount the partitions.
- Examples:
- partition 1 mounted to /home/student/businessfiles
- partition 3 mounted to /home/student/internetfiles
- partition 4 mounted to /home/student/schooldocs
- partition 5 mounted to /home/student/labreports
- Use the mount command to verify that your partitions are all properly mounted
- Use the df command to verify the amount of free space on each partition
- Create or download some files into the various partitions. Note: You can use the Links or Lynx web browser to find and download some files.
- Unmount one or more of the partitions and verify that the files you created have "disappeared". Remount the partition to a different mount point and verify the files are back.
- Edit the /etc/fstab file so that your partitions are automatically mounted when the system reboots. Reboot the system and verifyu the partitions mounted correctly.
- Use the lsmod command to view kernel modules which are loaded. Try to determine what piece of hardware one or more of the listed modules is for.
- Don't forget to shut down your VM properly!
Optional Extra Credit Lab
- Install Ubuntu Linux Server Edition to a physical computer (not a VM)
- Experiment with viewing data about system hardware and driers using the following utilities
- cat /proc/interrupts
- cat /proc/ioports
- cat /proc/dma
- lspci
- lsmod
- lsusb
- dmesg
- Try adding additional hardware to the system either by adding USB devices or extra PCI or PCI Express Cards and re-check your system with the above utilities. Can you find the new hardware, what modules it's using and how it can be accessed and used by the system?
Chapter 4
- Sign in to your Ubuntu Server system using your regular user (non-root) account
- Work with files and directories
- Use the ls command to list files in your current (home) directory
- Try using the ls command to list files inside your ~/linuxlabs/ directory (created in the chapter 1 lab) without first changing to that directory
- Try listing only hard drives from your /dev/ directory using wildcard expansion
- Enter the ~/linuxlabs/ directory and create a new subdirectory named chapter04
- Enter your new directory and create two new files one which is a normal empty file and another which is a hidden file
- Try using the -a and -l options to get a long file listing and one that includes hidden files
- Create a copy of the ~/linuxlabs/chapter01 (and all of the files inside it) created in a previous lab inside of the chapter04 directory, make the name of the copy chapter01copy
- Use the mv command to rename the ~/linuxlabs/chapter04/chapter01copy/two directory to two-old
- Create a backup of files and directories
- Use the tar utility to backup the ~/linuxlabs/chapter04/chapter01copy to a new compressed archive (stored in ~/linuxlabs/chapter04/) named chapter01-backup.tar.gz
- Use the rm command to remove the chapter01copy directory and everything it contains, verify this with the ls command
- Restore your gzipped tar file and verify that the files are all back
- Create a symbolic link from ~/linuxlabs/chapter04/system-logs to the /var/log/ directory, verify the link works by changing into the system-logs "directory" just as you would with any other directory and viewing a list of the files, compare it with the files in /var/log
- Modify the ownership and permissions of files and folders, note that you may want to become root to do this
- Use the chown command to change the owner AND group of a file and of a directory plus all the files it contains (recursively) somewhere within the ~/linuxlabs/ directory hierarchy
- Use the chgrp command to change just the group of a file somewhere within the ~/linuxlabs/ directory hierarchy
- Use the chmod command to change the permissions on a file or directory somewhere within the ~/linuxlabs/ directory hierarchy using both octal and symbolic modes
- Try using the locate, find, whereis, which and type commands to try finding various files on your system. Remember that some of these utilities use a database of files on your system which needs to be updated from time to time. Some of the filenames you can try searching for are: syslog, interfaces, ls, bash, more, nano, sources.list
Chapter 5
- Configure GRUB2 on you Ubuntu system to add the functionality of the SystemRescueCD to your boot options
- Get the SystemRescueCD files onto your hard drive
- Login to your Ubuntu Server system and use the links or lynx web browser to download the SystemRescueCD ISO image from Sourceforge at https://sourceforge.net/projects/systemrescuecd/files/sysresccd-x86/2.0.1/systemrescuecd-x86-2.0.1.iso/download
- In Linux you can mount an ISO cd image file just like you would mount a hard drive or an actual cd (in read only mode of course). In order to copy some files we need from the image file we'll need to mount the image file with the command mount -o loop systemrescuecd-x86-2.0.1.iso /mnt/cdrom note that you may choose to mount the image to a location other than /mnt/cdrom if you would like. Also note that a directory must already exist before you can mount to it, you may need to create the mount point. Remember that you will need to be root in order to mount things.
- Create a new directory called sysrcd in the root directory for the files and copy the sysrcd.dat, sysrcd.md5, initram.igz, rescuecd, rescue64, altker32 and altker64 files from the mounted cd image to the /sysrcd/ directory. Some of these files are in the root of the CD others may be found in other places, try checking the isolinux directory on the cd for many of them.
- Unmount the CD image file, once you're sure the files have been copied you can safely delete the CD image file from your system.
- Modify the GRUB2 bootloader to add an option to boot the SystemRescueCD environment
- You may want to review some of the documentation on GRUB2 from the Ubuntu Community Documentation Site: https://help.ubuntu.com/community/Grub2
- You will need to edit the /etc/grub.d/40_custom file to add a new custom entry to your boot menu, if you do this editing with the vi editor you can meet the requirements for practicing with vi further down in the lab, alternatively you can do this editing with nano and work with a different file in vi.
- Add the following lines to your custom menu entry file:
- menuentry "System Rescue CD from HDD" {
- set root=
- linux /sysrcd/rescuecd subdir=sysrcd setkmap=us
- initrd /sysrcd/initram.igz
- }
- Note that I have left the set root= line blank which is incorrect. See if you can figure out the correct settings for this line! HINT: You need to identify the hard drive and partition number where your sysrcd directory exists. The linux and initrd lines specify the kernel (with the options following it) and the initial ramdisk respectively.
- You may also want to edit the /etc/default/grub file to increase the amount of time you have to select a boot option when your system is starting up.
- Don't forget that after you make all your changes to GRUB you will need to run a program which will automatically update the /boot/grub/grub.cfg file on your system!
- Reboot your system and verify that you are able to start into the SystemRescueCD environment by selecting your new boot option during the boot process. If you have problems you may want to review the Ubuntu Community Documentation referenced above.
- Use Vi to create and edit a file, including:
- Yanking and pasting lines and groups of lines
- Deleting groups of lines at a time
- Searching and replacing text
- Saving and quitting
- Try restarting and shutting down your Ubuntu system using the shutdown command in combination with a shutdown timer
- Get the SystemRescueCD files onto your hard drive
- Explore runlevels and startup software on your Fedora system
- Boot your Fedora desktop system, start a terminal and become the root user in that terminal
- One of the ways to switch from a GUI runlevel to a text mode runlevel is through the key combination CTRL-ALT-Backspace
- Use the runlevel command to display the current runlevel and verify that it is changing
- Use the init command to switch back to the GUI interface. Note: You will need to know what runlevel starts the X-Windows GUI.
- Use the runlevel command to display the current runlevel and verify that it is changing
- Explore the inittab file in a text editor, try changing it so your system boots to a command line login by default. Try rebooting your system to see if that works and then change it back to the GUI login system.
- View the SysV startup scripts installed on your system and check which ones are setup to start and stop at each of the runlevels
- Use the chkconfig command or ntsysv program to list services running at each runlevel on your system
Optional Extra Credit Lab
- Create a dual-boot VM where you can choose to boot either Ubuntu Linux Server or some version of Microsoft Windows though a GRUB menu during system startup.
Chapter 6
- Start your Ubuntu Desktop system and open a terminal (Applications -> Accessories -> Terminal)
- One of the common ways to switch back to the CLI is through the Ctrl-Alt-Backspace key combination but you'll find that this has been disabled in Ubuntu. It used to be possible to turn this functionality back on through the Xorg.conf file but as mentioned use of that file has been deprecated and most hardware is now autoconfigured. To restore the ability to stop the X server with the Ctrl-Alt-Backspace key combination follow the instructions on the Ubuntu wiki.
- You are now able to stop your X server by pressing Ctrl-Alt-Backspace, give it a try. You'll see the X server stop and drop into the CLI for a minute but the X server will restart automatically if GDM is still running in the background. While this works for restarting a hung X server it doesn't get us back to the CLI. Open a terminal (Applications -> Accessories -> Terminal) and become the root user. Stop the GDM service by running /etc/init.d/gdm stop which show drop you back into a CLI. You may need to pull up a virtual terminal login screen by pressing Alt-F1 after stopping gdm.
- You should now be able to use the startx command to start the X server and the Ctrl-Alt-Backspace key combination to stop it. Try starting and then stopping the X server that way, you want to end up back at the CLI.
- As you know there isn't an xorg.conf file by default anymore but we can create one. Run the Xorg -configure command which will create an xorg.conf.new file in your home directory. Note that the X server cannot be running when you issue this command or it will not run correctly. Open the file in a text editor and look at the structure and organization of the file. If you'd like to try using the file you can copy or move the file to /etc/xorg.conf. Recall that if you get into trouble and your X server won't restart when using your modified file you can go back to the autoconfiguration by removing or renaming the /etc/xorg.conf file.
- Though screen resolutions typically were changed through the configuration file and changes required restarting the X server the situation has changed thanks to auto-configuration. In Gnome you can change your resolution through System -> Preferences -> Monitors though it will only display resolutions detected as supported on your video card and monitor. Try changing your resolution.
- A more powerful and direct way to change resolution is though the command line utility xrandr. Open a terminal and try running xrandr which will list modes currently setup on your system. Try changing modes by running xrandr -s 640x48 and xrandr -s 800x600. It is also possible to create new display modes and sizes, other than those auto-detected, though that is beyond the scope of this lab. If you're curious about xrandr you cna find more information in the manual pages for it and through Internet searches.
- Try out several accessibility options in X, for example:
- Sticky Keys
- Slow Keys
- Bounce Keys
- Mouse Keys / Mouse Navigation Emulation
- Dwell Click / Simulated Mouse Clicks
- Check the locales installed on your system with the locale -a command
- Try changing the current locale (including switching the character encoding method if you have a locale with a different encoding method installed) and timezone of your system. See your textbook if you are unsure about how to do this.
- Create a new text file with some text in it while in a different character encoding mode
- Change your locale and timezone back to their original settings
- Use the iconv program to convert the text file you created to your default character encoding method
- Check the CUPS printing system, which is installed by default, by opening a web browser in your VM to http://localhost:631
- There is also a Gnome configuration program for CUPS which can be found in System -> Administration -> Printing
- Because there is such tight integration between the Linux printing system and PostScript it's easy to install a PDF printer and create PDFs from any application. Try installing the cups-pdf package which should setup a new "PDF Printer" that you can use to create PDF files from any application. Verify that the new printer shows up and what seetings are available through the CUPS management website and the Gnome Print Manager. Try out your new printer to see how it works.
Chapter 7
- Startup and login to your Ubuntu Server VM as a regular user. For today's lab try to run all the commands without becoming the root user, instead prefix each command which can only be run by the root user with sudo which will allow that command to run as root.
- Users and Groups
- Try adding two new users, one with the useradd program and another with the adduser program. The two usernames should be ch7user1 and ch7user2. Remember that you can get help on how to use most commands by checking the online manual with the man command.
- Check the /etc/passwd and /etc/shadow files to verify the accounts were created and note the UIDs for the new accounts. Also check to make sure that the home directories for each user were created.
- Try switching to one of your other virtual terminals by pressing ALT+F2 and logging in as one of your new users and then logging back out.
- Switch back to the original virtual terminal and try changing the username and password of ch7user2. You should also try locking the account and then attempt to login. Unlock the account and try logging in again to make sure it works when the account is unlocked.
- Create a new cntusers group on the system and assign your regular user login as well as the two logins you just created to the group as a secondary group. Verify that everyone is a member of the group by checking the /etc/group file.
- Finally, try deleting the second user you created as well as the home directory of that user. Verify the user is gone from the passwd and shadow files.
- System Logging and Time
- Explore the system logging settings in /etc/syslog.conf and /etc/logrotate.conf
- Try reviewing several of the system logfiles in /var/log(especially the syslog) using several of the methods discussed including viewing the beginning and end of files, paging through the file and watching a file in realtime. While watching the syslog file generate a log event using the logger program.
- Check the current date and time of your system with date
- Manually set the system date and time of your system so you are one week , one hour and one minute off from today's date and time.
- Try using the ntpdate command to synchronize your time instantly. Use time.nist.gov as the NTP server.
- Install the ntp program on your system to continuously synchronize your time and slew your clock in the background.
- Edit the appropriate configuration files for your ntp daemon to use time-a.timefreq.bldrdoc.gov and nist1-chi.ustiming.org as it's servers. Check log files to make sure the ntp daemon is working.
- Scheduled Jobs
- In this section you will be creating several different types of scheduled jobs. The suggested job is to run the touch command to create a new file somewhere on your system. You can then verify at what time the command ran by checking the timestamp on the new file. When running scheduled jobs it is generally best to put the full path in for any files being accessed, created or modified so you know where to find the files.
- Try creating two different system wide cronjobs in the /etc/crontab file. Set the scheduled time so they will run in the next 10 minutes or less. Run the jobs as two different users (do not specify the user for one job) and check to see who owns the files you created.
- Log in to your system as two different users and use the crontab program to create two user cronjobs.
- Try using the at command to schedule a one time job five or less minutes in the future.
- Verify that all your scheduled tasks ran as the correct user at the correct time.
- Remove all of the user and system cronjobs you created so that they won't run again.
Chapter 8
- Log in to your Ubuntu Server VM
- Check the current IP address, subnet mask, default gateway and nameserver used by your system (note this will require the use of several different programs)
- Determine the IP address of google.com using all three of the DNS/hostname resolution tools (do not use ping or traceroute which are not DNS resolution tools) and see how the output differs. If you are on campus you may need to log in to safeconnect using the links or lynx web browser before you will be able to reach off campus locations.
- Check what order of files and services are used to resolve names on your system
- Try changing your system hostname both immediately and permanently
- Change the IP configuration of your system to have a private static IP address of 192.168.1.XX where XX is the number of your computer (check the label on the front). Don't forget to apply the changes. Use a subnet mask of 255.255.255.0 there is no default gateway needed.
- Verify the IP address changes took effect, this time using the newer ip utility instead of the old ifconfig method. More information on the newer utility can be found here.
- Log in to your Fedora VM (do not turn off the Ubuntu Server VM)
- Change the IP configuration of your system (using the command line) to have a private static IP address of 192.168.1.1XX where XX is the number of your computer (note the 1 in front of the computer number this time so as to avoid an IP address conflict). Use a subnet mask of 255.255.255.0 there is no default gateway needed.
- Verify the IP address changes took effect.
- Put entries in the hosts file of both your Ubuntu and Fedora systems so that you can access the other one by name instead of address
- Test connectivity between the systems using the ping command both with the addresses and the names you have set.
- Restore your Fedora system to DHCP addressing
- Shutdown your Fedora system and return to your Ubuntu Server VM
- Restore your system to DHCP addressing
- Test system connectivity to the Internet by pinging and tracing the route to google.com
- Open the links or lynx web browser and start downloading http://mirror.rit.edu/debian-cd/6.0.1/i386/iso-dvd/debian-6.0.1-i386-DVD-1.iso
- While the file is downloading try viewing the open connections on your system to see what ports are in use. Remember you can switch to another virtual terminal to do this!
- While the file is downloading try capturing some of the packets
- Cancel the file download and shutdown your system.
Chapter 9
- Install and Configure Postfix for local mail delivery on your Ubuntu system
- Make sure the Postfix package is installed on your system
- Use the dpkg utility to "reconfigure" the postfix program for local mail delivery
- Try creating some mail aliases for users, don't forget to run the program to load the new aliases
- Try sending and receiving mail between user accounts (and to aliases) on your system (either leave off the @ part of the email address entirely or do user@localhost) using the mail program. You may also want to install alpine and see how that can be used to send and receive mail from a text only environment as well.
- Install the MySQL server and client (these are two separate packages) on your system and work through all the MySQL commands (they are found in bold) from p.458 to p.465 this will include creating a database, table, filling the table with data, changing and recalling data.
- Try writing a simple script
- Use a text editor on your system to write a script, the goal of the script will be to output the current hostname and IP address of a given network card on your system. the script should be run with a command something like this ./myscript.sh eth0 and the output after the script is run should be The current IP address on the __INTERFACE__ interface of __HOSTNAME__ is __IP__ where the blanks are filled in by the correct interface, hostname and IP address. You will need to use a variety of knowledge you have learned in this course to complete this task.
- Try adding a check to your script so that an appropriate error message is generated if the user requests a network interface which is not setup or not active on the system
- If you want to challenge yourself try creating a script which gives a complete overview of the networking status of the system for a specific interface including the system hostname, IP, subnet mask, default gateway and DNS server.
Chapter 10
- Start your Ubuntu Server VM
- Network Service Security
- Check your system for open ports using at least two different utilities which show you the name of the program with the open port
- Install the telnetd server on your system, notice that the inetd superserver is installed automatically along with it
- Check your system for open ports again, is the telnet port now listed? What program is listening to it?
- Examine the inetd configuration. Is TCP wrappers being used for telnet?
- Try accessing your server using telnet (with the TerraTerm program) from your host computer
- Adjust the TCP Wrappers settings to deny access to telnet from the IP address of your host and try telnetting to your server again.
- Install xinetd and try to create a new configuration file for it which will allow your host to telnet. Verify you are able to telnet to the server and then modify the configuration to block your host computer from accessing telnet on your server, verify this.
- Install the nmap scanner and try running a scan on your own system (127.0.0.1)
- Create a new user account on your system and adjust the sudo program to allow that user to run any command as root, verify that you are able to do this with the new account.
- Obviously using telnet to administer a system remotely is a bad ideas because it transmits in the clear. Install the SSH server on your Ubuntu server system and try SSHing from your Fedora system to the Ubuntu system. Also try SSHing from your host computer to your Ubuntu server. Although PuTTY is a very popular SSH client for Windows others, such as TerraTerm, exist as well.
- Try copying files to and from your Ubuntu system securely from your Fedora system
- Try to implement key based authentication for SSH between your Fedora and Ubuntu system. Google this if you need some extra help.
- Install GPG and create a key for your user. Use this key to encrypt and decrypt a text file as well as to sign a file in both standard and cleartext mode. View the contents of the file before and after each step to verify the encryption and signing is doing what you expect.
Webmin and Apache
- Start your Ubuntu Server system
- If you have not yet installed the links and lynx text-mode web browsers on your system do so now
- Start the links web browser, press "G" to GO to a URL, and browse around on the Internet until SafeConnect asks for a username and password. Authenticate with SafeConnect using your campus username and password. If you have problems with SafeConnect working with links try using lynx instead.
- Install the Apache 2 webserver as well as the mysql-server php5 php5-mysql packages which will be used later on.
- Check the IP address of your server and then try visiting that IP address from the web browser of your host system to make sure that the Apache software has been installed
- Try finding and editing the index.html page which is being served by your server and verify that you can see the changes by refreshing the page in the web browser on your host
- Create a new directory inside your home directory to hold website files.
- Create a new index.html file inside of that directory
- Find and edit the configuration file for this "default site" on Apache to use that new directory as the root of the website
- Apply the changes to your configuration files and verify the new page is showing up in your web browser.
- Return to your home directory and use the links web browser to download the webmin Debian package from webmin.com
- Install Webmin on your Ubuntu Server System
- Attempt to install the Webmin package to your system, note the names of the missing dependencies
- Install the dependencies and then complete the installation of the Webmin program
- Login to the Webmin interface from the web browser of your host system, remember to use SSL and the correct port number
- Change the port Webmin is operating on to 1142
- Explore the Webmin interface including the Apache and MySQL modules. If the modules are not showing up you may have installed Apache or MySQL after Webmin. If you do this you can click the "Refresh Modules" link to search your system for software which can be configured with Webmin.
- Install a WordPress blog or a MyBB bulletin board
- Download and install (following instructions included in the download) the WordPress or MyBB software on your webserver. Note that this will involve creating a MySQL database which you can either do though the command line or through the Webmin MySQL module.
- Make sure that you can access and use your web application through a browser on your host system accessing http://your-ubuntu-server-ip-address
Firewalls, DHCP and DNS
- Start VirtualBox and modify the network settings of your VMs
- Your Ubuntu Server system should have two network cards. The first bridged to the outside network adapter and the second connected to an internal network.
- Your Ubuntu Desktop and Fedora systems should both have their network cards attached to the same internal network as the server.
- Start your Ubuntu Server VM
- Install the ISC DHCP Server version 3 on your system
- Configure a private static IP address on the second network card attached to the internal network.
- Configure the DHCP server either directly or through Webmin to hand out addresses from one of the private IP address ranges to clients on the internal network adapter. You should also provide the address of your internal network interface as the default gateway and DNS server.
- Start one of the client systems and verify the correct network configuration is being received.
- Using either Webmin or the command line configure the system firewall as a masquerading NAT setup to allow clients on the internal network to reach outside sites and secure your system from unwanted outside packets.
- The main NAT rule must exist in the postrouting chain of the NAT table and should take the action of masquerading all traffic leaving the outside interface of the system.
- Don't forget to enable IP forwarding (routing) in your kernel settings!
- Securing your system would also include limiting all inbound traffic from the outside interface to the local system and traffic being routed to other systems to traffic which has been requested (established, related)
- You should be sure to continue to allow access to your Webmin interface as well!
- Verify your firewall is working properly by attempting to ping an Internet IP address such as 8.8.8.8 from one of the client systems.
- Install the BIND DNS server to provide caching DNS service to internal clients
- Verify DNS service is working from a client system
- If you have time, as a challenge, try to create a DNS zone for example.com with at least one A record for example.com and try looking up the IP address from one of your client systems.
Samba
- Start your Ubuntu Server VM
- Install the Samba Server on your system and re-scan installed programs with Webmin so that it can be configured there
- Modify your firewall settings to allow access to your Samba server from your host system (which exists on the campus subnet). Keep in mind the network settings and multiple network cards in your VM as well as what they are attached to. You will need to research what ports are needed for SMB/CIFS fileservers online.
- Set the workgroup for your server to be the CNTLINUX workgroup
- Set the name of your Samba server to your name (without spaces)
- Configure sharing of user home directories and allow users to write to them as well as read from them
- Verify that you can access the home directory of a user on your Ubuntu server system from a Windows computer, either a Windows VM or your host computer. Try creating a new file and moving an existing file as well.
- Setup a new directory on your Ubuntu server which can be used by multiple users and add it as a new Samba share.
- Verify you can access and use the new share with multiple user accounts. Because Windows caches your credentials you may need to ask your neighbor to try logging into your Samba server from their computer as a different user.