Franske CNT-2311 SU11 Labs: Difference between revisions

From ITCwiki
Jump to navigation Jump to search
(Created page with "= Session 1 = # Install the Ubuntu Desktop, Ubuntu Server and Fedora Linux distributions into Virtualbox VMs with bridged networking and 768 MB of RAM # Login to the Ubuntu Deskt...")
 
No edit summary
 
(11 intermediate revisions by the same user not shown)
Line 10: Line 10:


= Session 2 =
= Session 2 =
# Startup and login to your Ubuntu Server VM. Remember that your user account is not an administrator (root) but that some of these commands need to be run as the root user. This can be done several ways but the best practice is to stay logged in as your regular user account and put '''sudo''' in front of any command that requires administrative privileges. The first time you do this in a session or if enough time goes by you will be prompted to enter your regular password as verification of your account.
# Startup and login to your Ubuntu Server VM. Remember that your user account is not an administrator (root) but that some of these commands need to be run as the root user. This can be done several ways but the best practice is to stay logged in as your regular user account and put '''sudo''' in front of any command that requires administrative privileges. The first time you do this in a session or if enough time goes by you will be prompted to enter your regular password as verification of your account.
# Review of work with files and directories
# Review of work with files and directories
## Use the ls command to list ''all'' files in your current (home) directory
## Use the ls command to list ''all'' files in your current (home) directory
Line 17: Line 17:
## Change back to your home directory using the tilde ('''~''') shortcut
## Change back to your home directory using the tilde ('''~''') shortcut
## Try using the ls command to list files inside your '''~/linuxlabs/''' directory without first changing to that directory. You can specify the location to list files after the '''ls''' command. For example, to list files in the /var/log directory you could type '''ls /var/log''' regardless of what your current working directory is.
## Try using the ls command to list files inside your '''~/linuxlabs/''' directory without first changing to that directory. You can specify the location to list files after the '''ls''' command. For example, to list files in the /var/log directory you could type '''ls /var/log''' regardless of what your current working directory is.
## Go back into your '''session1'' directory and create another new file which is a hidden file (to hide a file in Linux you must make the first character of the filename a period). Call this file '''.topsecret'''
## Go back into your '''session2''' directory and create another new file which is a hidden file (to hide a file in Linux you must make the first character of the filename a period). Call this file '''.topsecret'''
## Try using the -a and -l options to get a long file listing for the '''session2''' directory with and without the hidden file being shown
## Try using the -a and -l options to get a long file listing for the '''session2''' directory with and without the hidden file being shown
# Pipes, Redirection, Pagination and Searching Through Text Output
# Pipes, Redirection, Pagination and Searching Through Text Output
## The '''dmesg''' command will display the system kernel log, try running it.
## The '''dmesg''' command will display the system kernel log, try running it.
## You will notice that there is too much information to display on a single screen and it scrolls off the top of the screen too fast to read. We can have the system paginate the material for us pausing after each screen using the '''more'' utility or, if we want more features such as being able to move back and forth through the output, the '''less''' utility. How do we get the output of the '''dmesg'' program to go through these utilities? One possibility is to redirect the ''standard output'' from the '''dmeasg''' program to the ''standard input'' of the '''more''' or '''less''' programs. This can be done by ''piping'' the output, named that because it uses the ''pipe'' character (|). Try doing this by running '''dmesg | less'''. Now you should be able to use the space bar, up and down arrows and page up/down keys to move through the output. To jump back to the command line just press the letter ''q''.
## You will notice that there is too much information to display on a single screen and it scrolls off the top of the screen too fast to read. We can have the system paginate the material for us pausing after each screen using the '''more''' utility or, if we want more features such as being able to move back and forth through the output, the '''less''' utility. How do we get the output of the '''dmesg''' program to go through these utilities? One possibility is to redirect the ''standard output'' from the '''dmesg''' program to the ''standard input'' of the '''more''' or '''less''' programs. This can be done by ''piping'' the output, named that because it uses the ''pipe'' character (|). Try doing this by running '''dmesg | less'''. Now you should be able to use the space bar, up and down arrows and page up/down keys to move through the output. To jump back to the command line just press the letter ''q''.
##  We may also want to save this information to a file. Capture the standard output from the '''dmesg''' command by redirecting it into a new file named '''kernel-log''' in the session2 folder. This can be done with the ''standard output'' redirection character ''>'' using the command '''dmesg > kernel-log'''. In this case ''standard error'' data will still go to the screen but it is possible to capture that instead to either the same or a different file with other redirection characters.
##  We may also want to save this information to a file. Capture the standard output from the '''dmesg''' command by redirecting it into a new file named '''kernel-log''' in the session2 folder. This can be done with the ''standard output'' redirection character ''>'' using the command '''dmesg > kernel-log'''. In this case ''standard error'' data will still go to the screen but it is possible to capture that instead to either the same or a different file with other redirection characters.
## Let's say we were looking for kernel messages specifically about the ''eth0'' network card in our system, wouldn't it be nice to be able to just pull out the lines that mention ''eth0''? This can be done easily with the '''grep''' program. You can run '''grep'' on a file like that '''kernel-log''' we just captured but another common way to use it is to search through piped ''standard input''. You can try this by running '''dmesg | grep eth0''' note that if the output is more than one screen in length you can extend that command as needed such as to '''dmesg | grep eth0 | less''' which would pause after each screen of information. You can also capture the output through a command such as '''dmesg | grep eth0 > eth0-kernel-mesgs'''. Obviously piping and redirection are powerful utilities and commonly used in Linux system administration because of the philosophy of Linux with it's many small and specialized utilities which must commonly be used together to accomplish a useful task.
## Let's say we were looking for kernel messages specifically about the ''eth0'' network card in our system, wouldn't it be nice to be able to just pull out the lines that mention ''eth0''? This can be done easily with the '''grep''' program. You can run '''grep''' on a file like that '''kernel-log''' we just captured but another common way to use it is to search through piped ''standard input''. You can try this by running '''dmesg | grep eth0''' note that if the output is more than one screen in length you can extend that command as needed such as to '''dmesg | grep eth0 | less''' which would pause after each screen of information. You can also capture the output through a command such as '''dmesg | grep eth0 > eth0-kernel-mesgs'''. Obviously piping and redirection are powerful utilities and commonly used in Linux system administration because of the philosophy of Linux with it's many small and specialized utilities which must commonly be used together to accomplish a useful task.
# Create a backup of files and directories
# Create a backup of files and directories
## Use the tar utility to backup the '''~/linuxlabs/session2''' directory to a new compressed archive (stored in '''~/linuxlabs/''') named '''session2-backup.tar.gz'''
## Use the tar utility to backup the '''~/linuxlabs/session2''' directory to a new compressed archive (stored in '''~/linuxlabs/''') named '''session2-backup.tar.gz'''
Line 32: Line 32:
## Check the '''/etc/passwd''' and '''/etc/shadow''' files to verify the accounts were created and note the UIDs for the new accounts. Also check to make sure that the home directories for each user were created.
## Check the '''/etc/passwd''' and '''/etc/shadow''' files to verify the accounts were created and note the UIDs for the new accounts. Also check to make sure that the home directories for each user were created.
## Try switching to one of your other virtual terminals by pressing ALT+F2 and logging in as one of your new users and then logging back out.
## Try switching to one of your other virtual terminals by pressing ALT+F2 and logging in as one of your new users and then logging back out.
## Oops! We made a typo in the username of '''jadms''. Switch back to the original virtual terminal and try changing the username and password of '''jadms''' to '''jadams'''. You should also try locking the account (HINT: check the manual page of the usermod command for information on this!) and then attempt to login. Unlock the account and try logging in again to make sure it works when the account is unlocked.
## Oops! We made a typo in the username of '''jadms'''. Switch back to the original virtual terminal and try changing the username and password of '''jadms''' to '''jadams'''. You should also try locking the account (HINT: check the manual page of the usermod command for information on this!) and then attempt to login. Unlock the account and try logging in again to make sure it works when the account is unlocked.
## Create a new '''cntusers''' group on the system and assign your regular user login as well as the two logins you just created to the group as a secondary group. Verify that everyone is a member of the group by checking the '''/etc/group''' file.
## Create a new '''cntusers''' group on the system and assign your regular user login as well as the two logins you just created to the group as a secondary group. Verify that everyone is a member of the group by checking the '''/etc/group''' file.
## Finally, try deleting the second user you created as well as the home directory of that user. Verify the user is gone from the passwd and shadow files.
## Finally, try deleting the second user you created as well as the home directory of that user. Verify the user is gone from the passwd and shadow files.
Line 40: Line 40:
## Use the chmod command to change the permissions on a file or directory somewhere within the '''~/linuxlabs/''' directory hierarchy using both octal and symbolic modes
## Use the chmod command to change the permissions on a file or directory somewhere within the '''~/linuxlabs/''' directory hierarchy using both octal and symbolic modes
#Try using the locate, find, whereis, which and type commands to try finding various files on your system. Remember that some of these utilities use a database of files on your system which needs to be updated from time to time. Some of the filenames you can try searching for are: syslog, interfaces, ls, bash, more, nano, sources.list
#Try using the locate, find, whereis, which and type commands to try finding various files on your system. Remember that some of these utilities use a database of files on your system which needs to be updated from time to time. Some of the filenames you can try searching for are: syslog, interfaces, ls, bash, more, nano, sources.list
= Session 3 =
# Startup and login to your Ubuntu Server VM. Remember that your user account is not an administrator (root) but that some of these commands need to be run as the root user. This can be done several ways but the best practice is to stay logged in as your regular user account and put '''sudo''' in front of any command that requires administrative privileges. The first time you do this in a session or if enough time goes by you will be prompted to enter your regular password as verification of your account.
# Work with process management and job control
## Use '''ps''' and '''top''' to view all the processes running on your system
## Use job control to start (there is a command for this) and stop (there is a key sequence for this) jobs as well as run jobs in the background (you can add something to the end of the command line for this) and list all currently running jobs (there is a command for this).
##* An example of a job you could stop is '''cat /var/log/syslog | less''' which displays your entire system log one line at a time. You should be able to start this job in the background using '''cat /var/log/syslog | less&''' and then view a list of active jobs on your system, bring it to the foreground, stop the job and then start it again in the background
## Try running and then stopping or running that same job in the background again. This time while the job is running in the background use the '''ps''' utility to find the process ID (PID) of the job. Pretend the job had hung and try to stop (kill) the job from the command line.
# Don't forget to shutdown your systems properly ('''shutdown -h now''') before closing the VM windows.
# Startup and login to your Fedora VM. Remember that your user account is not an administrator (root) but that some of these commands need to be run as the root user. This can be done several ways but the best practice is to stay logged in as your regular user account and put '''sudo''' in front of any command that requires administrative privileges. The first time you do this in a session or if enough time goes by you will be prompted to enter your regular password as verification of your account. If sudo is not installed on your system (but you do know the root password) you can just type '''su''' into the command prompt and enter the root password to switch to the root user.
# Work with runlevels and startup and shutdown scripts. If you need more assistance understanding runlevels take a look at some of the links in the resources section of the course page.
## One of the ways to switch from a GUI runlevel to a text mode runlevel is through the key combination '''CTRL-ALT-Backspace''' Note that not all distributions, Ubuntu for instance, support this without changing system settings first.
## Use the runlevel command to display the current runlevel and verify that it is changing
## Use the init command to switch back to the GUI interface. Note: You will need to know what runlevel starts the X-Windows GUI.
## Use the runlevel command to display the current runlevel and verify that it is changing
## Explore the inittab file in a text editor, try changing it so your system boots to a command line login by default. Try rebooting your system to see if that works and then change it back to the GUI login system.
## View the SysV startup scripts installed on your system and check which ones are setup to start and stop at each of the runlevels
## Use the '''chkconfig''' command or '''ntsysv''' program to list services running at each runlevel on your system
# Don't forget to shutdown your systems properly ('''shutdown -h now''') before closing the VM windows.
# In preparation for doing some work with partitioning and formatting drives we'll want to add a second "virtual hard drive" to our Ubuntu Server VM. The VM cannot be running when you do this so shutdown the VM if you haven't already. Add a new 6 GB virtual hard drive file as a secondary hard drive to your Ubuntu Server VM.
# Startup and login to your Ubuntu Server VM. Remember that your user account is not an administrator (root) but that some of these commands need to be run as the root user. This can be done several ways but the best practice is to stay logged in as your regular user account and put '''sudo''' in front of any command that requires administrative privileges. The first time you do this in a session or if enough time goes by you will be prompted to enter your regular password as verification of your account.
# Partition a drive, format partitions and mount them for access.
## Use the dmesg command to check for log messages from the kernel during system startup. Try to find some information about the second hard drive you just added.
## Find and partition the new drive into at least 5 partitions
### Make the first partition an ext3 partition
###* Set this partition so that it will never automatically run fsck
### Make the second partition a swap partition.
###* HINT: You will need to change the partition type, format the partition as swap space, and enable the swap space. You can verify the swap space is active and in use by using the '''free -m''' command before and after you setup this partition.
### Make the third partition an ext2 partition
### Make the fourth partition an msdos (FAT) partition
### Leave the fifth partition unformatted
## Create mount points (empty directories) for each of the non-swap partitions within your home directory and mount the partitions.
##* Examples:
##* partition 1 mounted to /home/student/businessfiles
##* partition 3 mounted to /home/student/internetfiles
##* partition 4 mounted to /home/student/schooldocs
## Use the mount command to verify that your partitions are all properly mounted
## Use the df command to verify the amount of free space on each partition
## Create or copy some different files into the various partitions you you will know what partition you are looking at by the files it has on it.
## Unmount one or more of the partitions and verify that the files you created have "disappeared". Remount the partition to a different mount point and verify the files are back.
## Edit the /etc/fstab file so that your partitions are automatically mounted when the system reboots. Reboot the system and verifyu the partitions mounted correctly.
# Don't forget to shut down your VM properly!
= Session 4 =
# Package Management
## Start your Fedora desktop virtual machine and login as a standard user.
### Use web browser software on the system to download an RPM package
###* RPM packages are not centrally managed so there are many websites you can go to and find RPM packages for download. The site to use for this lab is the [http://www.rpmfind.net rpmfind.net] site. Once you get there do a search for '''lynx''' which is a text-only web browser. You'll want to download the most current version for your distribution and version of Linux. If you're using Fedora Core 15 this will be something like lynx-2.8.7-7.fc15.i686.rpm this file should download to the '''Downloads''' directory inside your home directory.
### Open a command line (terminal) window. Because package management must be done by an administrator and you are logged in as a regular system user you will need to switch to the root user. When the '''sudo''' program is installed and configured, something that is automatically setup in Ubuntu, you can just put '''sudo''' in front of any command to run it as the root user. Sudo is not installed and configured on Fedora by default, instead they have you pick a password for the root user during the installation process. You can then switch to the root user account in any shell (in this case our terminal window) using the '''su''' command. You will need to enter the root account password to complete the switch. You will now be in a root shell (indicated by the prompt ending in a '''#''') and any command you enter until you '''exit''' from the shell will be run as root.
### Work through the ''Managing Software Using RPM'' section of your textbook on page 48 all the way through the installation of lynx on page 52.
### Try running the lynx program and browsing to a web site in it then uninstall the lynx program following the instructions on page 54.
### Work through the ''Other Things You Can Do with RPM'' section from page 55 through ''Yum'' on page 57.
### Use yum to check which packages installed on your system have updates available using the '''yum check-update''' command
### Try using the appropriate yum command to update one of those packages to the latest version. You may need to check the manual page for '''yum''' or do some online research about this.
## Start your Ubuntu Server VM and login
### Use a text editor to edit your /etc/apt/sources.list file and change the repository from '''us.archive.ubuntu.com''' to '''mirror.rit.edu''' (HINT: You can use the search and replace function of your text editor to do this quickly! Also, I suggest making a backup copy of your original /etc/apt/sources.list file before making any changes)
### Use the '''apt-get update''' or '''aptitude update''' command to download the latest package lists from the repository
### Use the '''apt-get install''' or '''aptitude install''' commands to download and install the '''links''' and '''lynx''' text-only web browser programs.
# Scheduled Jobs
## In this section you will be creating several different types of scheduled jobs. The suggested job is to run the '''touch''' command to create a new file somewhere on your system. You can then verify at what time the command ran by checking the timestamp on the new file. When running scheduled jobs it is generally best to put the full path in for any files being accessed, created or modified so you know where to find the files.
## Try creating two different ''system wide'' cronjobs in the '''/etc/crontab''' file. Set the scheduled time so they will run in the next 10 minutes or less. Run the jobs as two different users (do not specify the user for one job) and check to see who owns the files you created.
## Log in to your system as two different users and use the '''crontab''' ''program'' to create two ''user'' cronjobs.
## Try using the '''at''' command (check the manual page) to schedule a ''one time'' job five or less minutes in the future.
## Verify that all your scheduled tasks ran as the correct user at the correct time.
## Remove all of the user and system cronjobs you created so that they won't run again.
# Networking with Linux
## On your Ubuntu Server system
### Check the current IP address and subnet mask with both the '''ifconfig''' and '''ip''' programs
### Check the default gateway by checking the system route table with the '''route''' and the '''ip route''' commands.
### Check the default name servers used by your system by viewing the '''/etc/resolv.conf''' file
### Determine the IP address of '''google.com''' using all three of the DNS/hostname resolution tools ('''nslookup''', '''dig''' and '''host''') and see how the output differs. If you are on campus you may need to log in to safeconnect using the links or lynx web browser before you will be able to reach off campus locations.
### Change the IP configuration of your system to have a private static IP address of 192.168.1.XX where XX is the number of your computer (check the label on the front). Don't forget to apply the changes. Use a subnet mask of 255.255.255.0 there is no default gateway needed.
### Verify the IP address changes took effect
## Switch back to your Fedora VM (do not turn off the Ubuntu Server VM)
### Change the IP configuration of your system (using the command line) to have a private static IP address of 192.168.1.1XX where XX is the number of your computer (note the 1 in front of the computer number this time so as to avoid an IP address conflict). Use a subnet mask of 255.255.255.0 there is no default gateway needed.
### Verify the IP address changes took effect.
### Test connectivity between the systems using the ping command both with the addresses and the names you have set.
### Restore your Fedora system to DHCP addressing
### Shutdown your Fedora system and return to your Ubuntu Server VM
## Restore your Ubuntu system to DHCP addressing
## Test system connectivity to the Internet by pinging and tracing the route to google.com
= Session 5 =
== SSH ==
# Start up and log in to both your Ubuntu Server and Fedora systems
# Create a new user account on each system which we will use to test remote access
# Install the SSH server on your Ubuntu server system using '''apt''' tools and try SSHing from your Fedora system to the Ubuntu system. Also try SSHing from your host computer to your Ubuntu server.
#* NOTE: Although PuTTY is a very popular SSH client for Windows others, such as TerraTerm, exist as well. TerraTerm is pre-installed on CNT lab systems.
# Try copying files to and from your Ubuntu system securely from your Fedora system using the '''scp''' utility
# Try to implement key based authentication for SSH between your Fedora and Ubuntu system. Google this or check the course references if you need some extra help.
== Webmin ==
# Start and log in to your Ubuntu Server system
# Start the links web browser, press "G" to GO to a URL, and browse around on the Internet until SafeConnect asks for a username and password. Authenticate with SafeConnect using your campus username and password. If you have problems with SafeConnect working with links try using lynx instead.
# Use the links web browser to download the webmin Debian package from webmin.com
# Attempt to install the Webmin package to your system, note the names of the missing dependencies
#* Note: You will install Webmin on your Ubuntu Server System using the '''dpkg''' program instead of the '''apt''' tools because you have manually downloaded the package
# Install the dependencies using the '''apt''' tools and then complete the installation of the Webmin program
# Login to the Webmin interface from the web browser of your host system, remember to use SSL and the correct port number
# Change the port Webmin is operating on to 1109
# Explore the Webmin interface and settings
== Samba ==
# Start your Ubuntu Server VM
# Install the Samba Server on your system and re-scan installed programs with Webmin so that Samba can be configured there
# Set the workgroup for your server to be the CNTLINUX workgroup
# Set the name of your Samba server to your name (without spaces)
# Configure sharing of user home directories and allow users to write to them as well as read from them
# Verify that you can access the home directory of a user on your Ubuntu server system from a Windows computer, either a Windows VM or your host computer. Try creating a new file and moving an existing file as well.
# Setup a new directory on your Ubuntu server which can be used by multiple users and add it as a new Samba share.
# Verify you can access and use the new share with multiple user accounts. Because Windows caches your credentials you may need to ask your neighbor to try logging into your Samba server from their computer as a different user.
= Session 6 =
== Text Processing ==
# On your Ubuntu Server system create a new folder in your home directory. Inside of that folder create a few new text files which can demonstrate the use of text processing commands including '''uniq, sort, nl, cut, join, paste, head, tail,''' and '''grep'''
== Shell Scripting ==
# Using your Ubuntu Server system try to work your way through the [http://linuxconfig.org/Bash_scripting_Tutorial LinuxConfig.org BASH Scripting Tutorial]. When doing this make sure you try to understand what you're doing at each stage of the tutorial. Remember that scripts must be marked as executable by your user or group in order to run them.
= Session 7 =
== Setup ==
# Start VirtualBox and modify the network settings of your VMs
## Your Ubuntu Server system should have two network cards. The first bridged to the outside network adapter and the second connected to an internal network.
## Your Ubuntu Desktop and Fedora systems should both have their network cards attached to the same internal network as the server.
== Firewall/NAT Configuration ==
## Start your Ubuntu Server VM
## Assign a private IP address in the 192.168.x.x range to the NIC on the ''internal'' network, keep the NIC on the campus network receiving it's address from DHCP. You do not need to set a gateway on this internal NIC.
## Start one of your desktop systems and statically assign an address in the same range to it. On this system you will need to set a gateway, make it the internal address of your server system. Make sure the two systems can communicate with each other.
# Using either Webmin or the command line configure the system firewall on the server as a masquerading NAT setup to allow clients on the internal network to reach outside sites and secure your system from unwanted outside packets.
## The main NAT rule must exist in the postrouting chain of the NAT table and should take the action of masquerading all traffic leaving the outside interface of the system.
## Don't forget to enable IP forwarding (routing) in your kernel settings!
## Securing your system would also include limiting all inbound traffic from the outside interface to the local system and traffic being routed to other systems to traffic which has been requested (established, related)
## You should be sure to continue to allow access to your Webmin interface as well!
## Verify your firewall is working properly by attempting to ping an Internet IP address such as 8.8.8.8 from one of the dekstop systems. If you do a traceroute you should see the traffic hopping through the server on it's way to the Internet.
== Apache Webserver ==
# Install the Apache 2 webserver as well as the '''mysql-server php5 php5-mysql''' packages which will be used later on.
## Check the IP address of your server and then try visiting that IP address from the web browser of your host system to make sure that the Apache software has been installed. Remember you now have a firewall active and will need to allow web traffic through the firewall before you'll be able to reach the site!
## Try finding (remember how to find files on the system?) and editing the index.html page which is being served by your server and verify that you can see the changes by refreshing the page in the web browser on your host
## Create a new directory inside your user's home directory to hold website files.
## Create a new index.html file inside of that directory
## Find and edit the configuration file for this "default site" on Apache to use that new directory as the root of the website meaning that your new index.html page from your home directory should show up when you visit http://x.x.x.x from the host computer.
## Apply the changes to your configuration files and verify the new page is showing up in your web browser.
## Explore the Webmin interface including the Apache and MySQL modules. If the modules are not showing up you may have installed Apache or MySQL after Webmin. If you do this you can click the "Refresh Modules" link to search your system for software which can be configured with Webmin.
# '''THIS PART OF THE LAB IS OPTIONAL EXTRA CREDIT:''' Install a WordPress blog or a MyBB bulletin board
## Download and install (following instructions included in the download) the [http://www.wordpress.org WordPress] or [http://www.mybb.com MyBB] software on your webserver. Note that this will involve creating a MySQL database which you can either do though the command line or through the Webmin MySQL module. Do ''NOT'' try to install these via the package management system (apt) which will cause problems!
## Make sure that you can access and use your web application through a browser on your host system accessing http://your-ubuntu-server-ip-address
= Session 8 =
== Simple Local Mail Delivery ==
* NOTE: This lab is extra credit and worth up to 10 points if you submit a lab report
# Install and configure Postfix for local mail delivery on your Ubuntu server system
## Make sure the Postfix package is installed on your system
## Use the dpkg utility to "reconfigure" the postfix program for local mail delivery
## Try creating some mail ''aliases'' for users, don't forget to run the program to load the new aliases
## Try sending and receiving mail between user accounts (and to aliases) on your system (either leave off the @ part of the email address entirely or do user@localhost) using the '''mail''' program. You may also want to install '''alpine''' and see how that can be used to send and receive mail from a text only environment as well.
== POP3, IMAP and SMTP Delivery ==
* NOTE: This lab is extra credit and worth up to 10 points if you submit a lab report
# Install and configure POP3 and IMAP server software on your Ubuntu server system. Courier is the suggested server software but you are free to use others such as UW-IMAP, Dovecot or Cyrus
# Setup a MUA (mail client) on either your host system or one of your desktop Linux installs to connect to your Ubuntu server and send and receive messages from various accounts on the system. Example MUA software includes Mozilla Thunderbird, Evolution, etc.
= Session 9 =
== DHCP ==
# Install the ISC DHCP Server version 3 on your Ubuntu Server system
# Configure the DHCP server either directly or through Webmin to hand out addresses to clients on the internal network adapter from the same private IP address range as you have set for the adapter. You should also provide the address of your internal network interface as the default gateway and DNS server.
# Modify the settings of your desktop OS VMs to get an address from the DHCP server. Make sure the clients are getting correct IP addresses and are still able to ping the server.
== DNS ==
# Install the BIND DNS server on your Ubuntu Server system to provide caching DNS service to internal clients
# Verify DNS service is working from a client system and that internal clients can resolve names correctly
# If you have time, as a challenge, try to create a DNS zone for example.com with at least one A record for example.com and try looking up the IP address from one of your client systems.

Latest revision as of 16:47, 13 July 2011

Session 1

  1. Install the Ubuntu Desktop, Ubuntu Server and Fedora Linux distributions into Virtualbox VMs with bridged networking and 768 MB of RAM
  2. Login to the Ubuntu Desktop system and explore the graphical user interface (GUI)
  3. Login to the Ubuntu Server system
    1. Create a new directory within your user's home directory and copy the system log file (from /var/log/syslog there)
    2. Move the copy of the system log file to your home directory
    3. Make a copy of the system log file to a file with a different name in your home directory
    4. Delete the system log file from your home directory
    5. Delete the new subdirectory you created within your home directory as well as any files it contains

Session 2

  1. Startup and login to your Ubuntu Server VM. Remember that your user account is not an administrator (root) but that some of these commands need to be run as the root user. This can be done several ways but the best practice is to stay logged in as your regular user account and put sudo in front of any command that requires administrative privileges. The first time you do this in a session or if enough time goes by you will be prompted to enter your regular password as verification of your account.
  2. Review of work with files and directories
    1. Use the ls command to list all files in your current (home) directory
    2. Create a new directory inside of your home directory called linuxlabs and another new directory inside of that directory called session2
    3. Create a new empty file using the touch command inside that session2 directory called firstfile
    4. Change back to your home directory using the tilde (~) shortcut
    5. Try using the ls command to list files inside your ~/linuxlabs/ directory without first changing to that directory. You can specify the location to list files after the ls command. For example, to list files in the /var/log directory you could type ls /var/log regardless of what your current working directory is.
    6. Go back into your session2 directory and create another new file which is a hidden file (to hide a file in Linux you must make the first character of the filename a period). Call this file .topsecret
    7. Try using the -a and -l options to get a long file listing for the session2 directory with and without the hidden file being shown
  3. Pipes, Redirection, Pagination and Searching Through Text Output
    1. The dmesg command will display the system kernel log, try running it.
    2. You will notice that there is too much information to display on a single screen and it scrolls off the top of the screen too fast to read. We can have the system paginate the material for us pausing after each screen using the more utility or, if we want more features such as being able to move back and forth through the output, the less utility. How do we get the output of the dmesg program to go through these utilities? One possibility is to redirect the standard output from the dmesg program to the standard input of the more or less programs. This can be done by piping the output, named that because it uses the pipe character (|). Try doing this by running dmesg | less. Now you should be able to use the space bar, up and down arrows and page up/down keys to move through the output. To jump back to the command line just press the letter q.
    3. We may also want to save this information to a file. Capture the standard output from the dmesg command by redirecting it into a new file named kernel-log in the session2 folder. This can be done with the standard output redirection character > using the command dmesg > kernel-log. In this case standard error data will still go to the screen but it is possible to capture that instead to either the same or a different file with other redirection characters.
    4. Let's say we were looking for kernel messages specifically about the eth0 network card in our system, wouldn't it be nice to be able to just pull out the lines that mention eth0? This can be done easily with the grep program. You can run grep on a file like that kernel-log we just captured but another common way to use it is to search through piped standard input. You can try this by running dmesg | grep eth0 note that if the output is more than one screen in length you can extend that command as needed such as to dmesg | grep eth0 | less which would pause after each screen of information. You can also capture the output through a command such as dmesg | grep eth0 > eth0-kernel-mesgs. Obviously piping and redirection are powerful utilities and commonly used in Linux system administration because of the philosophy of Linux with it's many small and specialized utilities which must commonly be used together to accomplish a useful task.
  4. Create a backup of files and directories
    1. Use the tar utility to backup the ~/linuxlabs/session2 directory to a new compressed archive (stored in ~/linuxlabs/) named session2-backup.tar.gz
    2. Use the rm command to remove the session2 directory and everything it contains, verify this with the ls command
    3. Restore your gzipped tar file and verify that the files are all back and in the correct place
  5. Users and Groups
    1. Try adding two new users, one with the useradd program and another with the adduser program. The two usernames should be gwashington and jadms. You can set the passwords to whatever you like but be sure to write them down where you can refer to them in the future. Remember that you can get help on how to use most commands by checking the online manual with the man command.
    2. Check the /etc/passwd and /etc/shadow files to verify the accounts were created and note the UIDs for the new accounts. Also check to make sure that the home directories for each user were created.
    3. Try switching to one of your other virtual terminals by pressing ALT+F2 and logging in as one of your new users and then logging back out.
    4. Oops! We made a typo in the username of jadms. Switch back to the original virtual terminal and try changing the username and password of jadms to jadams. You should also try locking the account (HINT: check the manual page of the usermod command for information on this!) and then attempt to login. Unlock the account and try logging in again to make sure it works when the account is unlocked.
    5. Create a new cntusers group on the system and assign your regular user login as well as the two logins you just created to the group as a secondary group. Verify that everyone is a member of the group by checking the /etc/group file.
    6. Finally, try deleting the second user you created as well as the home directory of that user. Verify the user is gone from the passwd and shadow files.
  6. Modify the ownership and permissions of files and folders
    1. Use the chown command to change the owner AND group of a file and of a directory plus all the files it contains (recursively) somewhere within the ~/linuxlabs/ directory hierarchy
    2. Use the chgrp command to change just the group of a file somewhere within the ~/linuxlabs/ directory hierarchy
    3. Use the chmod command to change the permissions on a file or directory somewhere within the ~/linuxlabs/ directory hierarchy using both octal and symbolic modes
  7. Try using the locate, find, whereis, which and type commands to try finding various files on your system. Remember that some of these utilities use a database of files on your system which needs to be updated from time to time. Some of the filenames you can try searching for are: syslog, interfaces, ls, bash, more, nano, sources.list

Session 3

  1. Startup and login to your Ubuntu Server VM. Remember that your user account is not an administrator (root) but that some of these commands need to be run as the root user. This can be done several ways but the best practice is to stay logged in as your regular user account and put sudo in front of any command that requires administrative privileges. The first time you do this in a session or if enough time goes by you will be prompted to enter your regular password as verification of your account.
  2. Work with process management and job control
    1. Use ps and top to view all the processes running on your system
    2. Use job control to start (there is a command for this) and stop (there is a key sequence for this) jobs as well as run jobs in the background (you can add something to the end of the command line for this) and list all currently running jobs (there is a command for this).
      • An example of a job you could stop is cat /var/log/syslog | less which displays your entire system log one line at a time. You should be able to start this job in the background using cat /var/log/syslog | less& and then view a list of active jobs on your system, bring it to the foreground, stop the job and then start it again in the background
    3. Try running and then stopping or running that same job in the background again. This time while the job is running in the background use the ps utility to find the process ID (PID) of the job. Pretend the job had hung and try to stop (kill) the job from the command line.
  3. Don't forget to shutdown your systems properly (shutdown -h now) before closing the VM windows.
  4. Startup and login to your Fedora VM. Remember that your user account is not an administrator (root) but that some of these commands need to be run as the root user. This can be done several ways but the best practice is to stay logged in as your regular user account and put sudo in front of any command that requires administrative privileges. The first time you do this in a session or if enough time goes by you will be prompted to enter your regular password as verification of your account. If sudo is not installed on your system (but you do know the root password) you can just type su into the command prompt and enter the root password to switch to the root user.
  5. Work with runlevels and startup and shutdown scripts. If you need more assistance understanding runlevels take a look at some of the links in the resources section of the course page.
    1. One of the ways to switch from a GUI runlevel to a text mode runlevel is through the key combination CTRL-ALT-Backspace Note that not all distributions, Ubuntu for instance, support this without changing system settings first.
    2. Use the runlevel command to display the current runlevel and verify that it is changing
    3. Use the init command to switch back to the GUI interface. Note: You will need to know what runlevel starts the X-Windows GUI.
    4. Use the runlevel command to display the current runlevel and verify that it is changing
    5. Explore the inittab file in a text editor, try changing it so your system boots to a command line login by default. Try rebooting your system to see if that works and then change it back to the GUI login system.
    6. View the SysV startup scripts installed on your system and check which ones are setup to start and stop at each of the runlevels
    7. Use the chkconfig command or ntsysv program to list services running at each runlevel on your system
  6. Don't forget to shutdown your systems properly (shutdown -h now) before closing the VM windows.
  7. In preparation for doing some work with partitioning and formatting drives we'll want to add a second "virtual hard drive" to our Ubuntu Server VM. The VM cannot be running when you do this so shutdown the VM if you haven't already. Add a new 6 GB virtual hard drive file as a secondary hard drive to your Ubuntu Server VM.
  8. Startup and login to your Ubuntu Server VM. Remember that your user account is not an administrator (root) but that some of these commands need to be run as the root user. This can be done several ways but the best practice is to stay logged in as your regular user account and put sudo in front of any command that requires administrative privileges. The first time you do this in a session or if enough time goes by you will be prompted to enter your regular password as verification of your account.
  9. Partition a drive, format partitions and mount them for access.
    1. Use the dmesg command to check for log messages from the kernel during system startup. Try to find some information about the second hard drive you just added.
    2. Find and partition the new drive into at least 5 partitions
      1. Make the first partition an ext3 partition
        • Set this partition so that it will never automatically run fsck
      2. Make the second partition a swap partition.
        • HINT: You will need to change the partition type, format the partition as swap space, and enable the swap space. You can verify the swap space is active and in use by using the free -m command before and after you setup this partition.
      3. Make the third partition an ext2 partition
      4. Make the fourth partition an msdos (FAT) partition
      5. Leave the fifth partition unformatted
    3. Create mount points (empty directories) for each of the non-swap partitions within your home directory and mount the partitions.
      • Examples:
      • partition 1 mounted to /home/student/businessfiles
      • partition 3 mounted to /home/student/internetfiles
      • partition 4 mounted to /home/student/schooldocs
    4. Use the mount command to verify that your partitions are all properly mounted
    5. Use the df command to verify the amount of free space on each partition
    6. Create or copy some different files into the various partitions you you will know what partition you are looking at by the files it has on it.
    7. Unmount one or more of the partitions and verify that the files you created have "disappeared". Remount the partition to a different mount point and verify the files are back.
    8. Edit the /etc/fstab file so that your partitions are automatically mounted when the system reboots. Reboot the system and verifyu the partitions mounted correctly.
  10. Don't forget to shut down your VM properly!

Session 4

  1. Package Management
    1. Start your Fedora desktop virtual machine and login as a standard user.
      1. Use web browser software on the system to download an RPM package
        • RPM packages are not centrally managed so there are many websites you can go to and find RPM packages for download. The site to use for this lab is the rpmfind.net site. Once you get there do a search for lynx which is a text-only web browser. You'll want to download the most current version for your distribution and version of Linux. If you're using Fedora Core 15 this will be something like lynx-2.8.7-7.fc15.i686.rpm this file should download to the Downloads directory inside your home directory.
      2. Open a command line (terminal) window. Because package management must be done by an administrator and you are logged in as a regular system user you will need to switch to the root user. When the sudo program is installed and configured, something that is automatically setup in Ubuntu, you can just put sudo in front of any command to run it as the root user. Sudo is not installed and configured on Fedora by default, instead they have you pick a password for the root user during the installation process. You can then switch to the root user account in any shell (in this case our terminal window) using the su command. You will need to enter the root account password to complete the switch. You will now be in a root shell (indicated by the prompt ending in a #) and any command you enter until you exit from the shell will be run as root.
      3. Work through the Managing Software Using RPM section of your textbook on page 48 all the way through the installation of lynx on page 52.
      4. Try running the lynx program and browsing to a web site in it then uninstall the lynx program following the instructions on page 54.
      5. Work through the Other Things You Can Do with RPM section from page 55 through Yum on page 57.
      6. Use yum to check which packages installed on your system have updates available using the yum check-update command
      7. Try using the appropriate yum command to update one of those packages to the latest version. You may need to check the manual page for yum or do some online research about this.
    2. Start your Ubuntu Server VM and login
      1. Use a text editor to edit your /etc/apt/sources.list file and change the repository from us.archive.ubuntu.com to mirror.rit.edu (HINT: You can use the search and replace function of your text editor to do this quickly! Also, I suggest making a backup copy of your original /etc/apt/sources.list file before making any changes)
      2. Use the apt-get update or aptitude update command to download the latest package lists from the repository
      3. Use the apt-get install or aptitude install commands to download and install the links and lynx text-only web browser programs.
  2. Scheduled Jobs
    1. In this section you will be creating several different types of scheduled jobs. The suggested job is to run the touch command to create a new file somewhere on your system. You can then verify at what time the command ran by checking the timestamp on the new file. When running scheduled jobs it is generally best to put the full path in for any files being accessed, created or modified so you know where to find the files.
    2. Try creating two different system wide cronjobs in the /etc/crontab file. Set the scheduled time so they will run in the next 10 minutes or less. Run the jobs as two different users (do not specify the user for one job) and check to see who owns the files you created.
    3. Log in to your system as two different users and use the crontab program to create two user cronjobs.
    4. Try using the at command (check the manual page) to schedule a one time job five or less minutes in the future.
    5. Verify that all your scheduled tasks ran as the correct user at the correct time.
    6. Remove all of the user and system cronjobs you created so that they won't run again.
  3. Networking with Linux
    1. On your Ubuntu Server system
      1. Check the current IP address and subnet mask with both the ifconfig and ip programs
      2. Check the default gateway by checking the system route table with the route and the ip route commands.
      3. Check the default name servers used by your system by viewing the /etc/resolv.conf file
      4. Determine the IP address of google.com using all three of the DNS/hostname resolution tools (nslookup, dig and host) and see how the output differs. If you are on campus you may need to log in to safeconnect using the links or lynx web browser before you will be able to reach off campus locations.
      5. Change the IP configuration of your system to have a private static IP address of 192.168.1.XX where XX is the number of your computer (check the label on the front). Don't forget to apply the changes. Use a subnet mask of 255.255.255.0 there is no default gateway needed.
      6. Verify the IP address changes took effect
    2. Switch back to your Fedora VM (do not turn off the Ubuntu Server VM)
      1. Change the IP configuration of your system (using the command line) to have a private static IP address of 192.168.1.1XX where XX is the number of your computer (note the 1 in front of the computer number this time so as to avoid an IP address conflict). Use a subnet mask of 255.255.255.0 there is no default gateway needed.
      2. Verify the IP address changes took effect.
      3. Test connectivity between the systems using the ping command both with the addresses and the names you have set.
      4. Restore your Fedora system to DHCP addressing
      5. Shutdown your Fedora system and return to your Ubuntu Server VM
    3. Restore your Ubuntu system to DHCP addressing
    4. Test system connectivity to the Internet by pinging and tracing the route to google.com

Session 5

SSH

  1. Start up and log in to both your Ubuntu Server and Fedora systems
  2. Create a new user account on each system which we will use to test remote access
  3. Install the SSH server on your Ubuntu server system using apt tools and try SSHing from your Fedora system to the Ubuntu system. Also try SSHing from your host computer to your Ubuntu server.
    • NOTE: Although PuTTY is a very popular SSH client for Windows others, such as TerraTerm, exist as well. TerraTerm is pre-installed on CNT lab systems.
  4. Try copying files to and from your Ubuntu system securely from your Fedora system using the scp utility
  5. Try to implement key based authentication for SSH between your Fedora and Ubuntu system. Google this or check the course references if you need some extra help.

Webmin

  1. Start and log in to your Ubuntu Server system
  2. Start the links web browser, press "G" to GO to a URL, and browse around on the Internet until SafeConnect asks for a username and password. Authenticate with SafeConnect using your campus username and password. If you have problems with SafeConnect working with links try using lynx instead.
  3. Use the links web browser to download the webmin Debian package from webmin.com
  4. Attempt to install the Webmin package to your system, note the names of the missing dependencies
    • Note: You will install Webmin on your Ubuntu Server System using the dpkg program instead of the apt tools because you have manually downloaded the package
  5. Install the dependencies using the apt tools and then complete the installation of the Webmin program
  6. Login to the Webmin interface from the web browser of your host system, remember to use SSL and the correct port number
  7. Change the port Webmin is operating on to 1109
  8. Explore the Webmin interface and settings

Samba

  1. Start your Ubuntu Server VM
  2. Install the Samba Server on your system and re-scan installed programs with Webmin so that Samba can be configured there
  3. Set the workgroup for your server to be the CNTLINUX workgroup
  4. Set the name of your Samba server to your name (without spaces)
  5. Configure sharing of user home directories and allow users to write to them as well as read from them
  6. Verify that you can access the home directory of a user on your Ubuntu server system from a Windows computer, either a Windows VM or your host computer. Try creating a new file and moving an existing file as well.
  7. Setup a new directory on your Ubuntu server which can be used by multiple users and add it as a new Samba share.
  8. Verify you can access and use the new share with multiple user accounts. Because Windows caches your credentials you may need to ask your neighbor to try logging into your Samba server from their computer as a different user.

Session 6

Text Processing

  1. On your Ubuntu Server system create a new folder in your home directory. Inside of that folder create a few new text files which can demonstrate the use of text processing commands including uniq, sort, nl, cut, join, paste, head, tail, and grep

Shell Scripting

  1. Using your Ubuntu Server system try to work your way through the LinuxConfig.org BASH Scripting Tutorial. When doing this make sure you try to understand what you're doing at each stage of the tutorial. Remember that scripts must be marked as executable by your user or group in order to run them.

Session 7

Setup

  1. Start VirtualBox and modify the network settings of your VMs
    1. Your Ubuntu Server system should have two network cards. The first bridged to the outside network adapter and the second connected to an internal network.
    2. Your Ubuntu Desktop and Fedora systems should both have their network cards attached to the same internal network as the server.

Firewall/NAT Configuration

    1. Start your Ubuntu Server VM
    2. Assign a private IP address in the 192.168.x.x range to the NIC on the internal network, keep the NIC on the campus network receiving it's address from DHCP. You do not need to set a gateway on this internal NIC.
    3. Start one of your desktop systems and statically assign an address in the same range to it. On this system you will need to set a gateway, make it the internal address of your server system. Make sure the two systems can communicate with each other.
  1. Using either Webmin or the command line configure the system firewall on the server as a masquerading NAT setup to allow clients on the internal network to reach outside sites and secure your system from unwanted outside packets.
    1. The main NAT rule must exist in the postrouting chain of the NAT table and should take the action of masquerading all traffic leaving the outside interface of the system.
    2. Don't forget to enable IP forwarding (routing) in your kernel settings!
    3. Securing your system would also include limiting all inbound traffic from the outside interface to the local system and traffic being routed to other systems to traffic which has been requested (established, related)
    4. You should be sure to continue to allow access to your Webmin interface as well!
    5. Verify your firewall is working properly by attempting to ping an Internet IP address such as 8.8.8.8 from one of the dekstop systems. If you do a traceroute you should see the traffic hopping through the server on it's way to the Internet.

Apache Webserver

  1. Install the Apache 2 webserver as well as the mysql-server php5 php5-mysql packages which will be used later on.
    1. Check the IP address of your server and then try visiting that IP address from the web browser of your host system to make sure that the Apache software has been installed. Remember you now have a firewall active and will need to allow web traffic through the firewall before you'll be able to reach the site!
    2. Try finding (remember how to find files on the system?) and editing the index.html page which is being served by your server and verify that you can see the changes by refreshing the page in the web browser on your host
    3. Create a new directory inside your user's home directory to hold website files.
    4. Create a new index.html file inside of that directory
    5. Find and edit the configuration file for this "default site" on Apache to use that new directory as the root of the website meaning that your new index.html page from your home directory should show up when you visit http://x.x.x.x from the host computer.
    6. Apply the changes to your configuration files and verify the new page is showing up in your web browser.
    7. Explore the Webmin interface including the Apache and MySQL modules. If the modules are not showing up you may have installed Apache or MySQL after Webmin. If you do this you can click the "Refresh Modules" link to search your system for software which can be configured with Webmin.
  2. THIS PART OF THE LAB IS OPTIONAL EXTRA CREDIT: Install a WordPress blog or a MyBB bulletin board
    1. Download and install (following instructions included in the download) the WordPress or MyBB software on your webserver. Note that this will involve creating a MySQL database which you can either do though the command line or through the Webmin MySQL module. Do NOT try to install these via the package management system (apt) which will cause problems!
    2. Make sure that you can access and use your web application through a browser on your host system accessing http://your-ubuntu-server-ip-address

Session 8

Simple Local Mail Delivery

  • NOTE: This lab is extra credit and worth up to 10 points if you submit a lab report
  1. Install and configure Postfix for local mail delivery on your Ubuntu server system
    1. Make sure the Postfix package is installed on your system
    2. Use the dpkg utility to "reconfigure" the postfix program for local mail delivery
    3. Try creating some mail aliases for users, don't forget to run the program to load the new aliases
    4. Try sending and receiving mail between user accounts (and to aliases) on your system (either leave off the @ part of the email address entirely or do user@localhost) using the mail program. You may also want to install alpine and see how that can be used to send and receive mail from a text only environment as well.

POP3, IMAP and SMTP Delivery

  • NOTE: This lab is extra credit and worth up to 10 points if you submit a lab report
  1. Install and configure POP3 and IMAP server software on your Ubuntu server system. Courier is the suggested server software but you are free to use others such as UW-IMAP, Dovecot or Cyrus
  2. Setup a MUA (mail client) on either your host system or one of your desktop Linux installs to connect to your Ubuntu server and send and receive messages from various accounts on the system. Example MUA software includes Mozilla Thunderbird, Evolution, etc.

Session 9

DHCP

  1. Install the ISC DHCP Server version 3 on your Ubuntu Server system
  2. Configure the DHCP server either directly or through Webmin to hand out addresses to clients on the internal network adapter from the same private IP address range as you have set for the adapter. You should also provide the address of your internal network interface as the default gateway and DNS server.
  3. Modify the settings of your desktop OS VMs to get an address from the DHCP server. Make sure the clients are getting correct IP addresses and are still able to ping the server.

DNS

  1. Install the BIND DNS server on your Ubuntu Server system to provide caching DNS service to internal clients
  2. Verify DNS service is working from a client system and that internal clients can resolve names correctly
  3. If you have time, as a challenge, try to create a DNS zone for example.com with at least one A record for example.com and try looking up the IP address from one of your client systems.