Presentation is loading. Please wait.

Presentation is loading. Please wait.

Labs 5 and 8 combined Monday March 21, 2016 labs only.

Published byAbel Murphy Modified over 6 years ago

Similar presentations

Presentation on theme: "Labs 5 and 8 combined Monday March 21, 2016 labs only."— Presentation transcript:

1 Labs 5 and 8 combined Monday March 21, 2016 labs only

2 Lab 05 Firewalls

3 Firewall Linux Tricks Firewall Groups
Insert a Linksys home “router” between: VM Service (lab servers) Configure firewall Check working normal Block http Block ssh

4 Groups Linux Tricks

5 Groups One of the permission sets
Controls the access to the file by a similar group of users

6 Key Files/Directories
/etc/passwd As before: the users /etc/shadow Encrypted sensitive data /etc/group Contains the group info /etc/gshadow Used by the groups for sensitive data Similar to shadow

7 By GUI Debian: Users and Groups
Use the Users and Groups panel In Applications  System tools  Administration Note: Gnome 3 no longer includes Users and Groups as part of the default installation Use Synaptic to install gnome-system-tools Look for the area to manage groups Varies in some Debian versions Group will have an option to add a group That will have an option to add members to the group Will also have a facility to update May be called “Properties” Will need to know root PW for your VM to use

8 By CLI Need to have privileged account Open appropriate terminal
e.g. root authority Open appropriate terminal Many ways to create users and groups: E.g. for pre-existing users Create the group addgroup newgroupname add existing users to the group usermod –a –G groupname userID E.g. to create users in an existing group add the new user to an existing group useradd –G existingGroup newID Set the password for the new user passwd newID Use man to find more options for the above commands

9 Group File Content Where,
cdrom:x:24:vivek,student13,raj _____ _ _ _____ | | | | | | | | Where, 1 - group_name: It is the name of group. If you run ls -l command, you will see this name printed in the group field. 2 - Password: Generally password is not used, hence it is empty/blank It can store encrypted password This is useful to implement privileged groups X  use gshadow 3 - Group ID (GID): Each user must be assigned a group ID Same as the number in the /etc/passwd file 4 - Group List: List of user names of users who are members of the group User names are separated by commas

10 /etc/group Example #cat group root:x:0: daemon:x:1: bin:x:2: sys:x:3:
adm:x:4:lbcat kmem:x:15: dialout:x:20:tkombol,lbcat fax:x:21:lbcat audio:x:29:tkombol,lbcat dip:x:30:lbcat www-data:x:33: backup:x:34: operator:x:37: utmp:x:43:telnetd video:x:44:tkombol,lbcat sasl:x:45: plugdev:x:46:tkombol,lbcat webadmin:x:1002: web:x:1003:webadmin,tkombol libuuid:x:117: sambashare:x:118: #

11 Gshadow File Content general:!!:shelley:juan,bob Where: Group name
Name of the group Encrypted password !: no user is allowed to access the group using the newgrp command !!: same as ! It also indicates that a password has never been set before If the value is null, only group members can log into the group. Group administrators Comma delimited list Can add or remove group members using the gpasswd command Group members Regular, non-administrative members of the group Should be the same as in group

12 Report Note what was added (if anything) to the following files and directories as you added and assigned groups /home /etc/passwd /etc/shadow /etc/group /etc/gshadow

13 Firewall

14 Step 1: Set up HW IP address assigned by: - WAN side DHCP
- User Via Web interface Port 1 switch WAN or Internet Linksys Router Default IP: VM on PC n (DHCP assigned by Linksys) Hades Server Wall Connection x (DHCP assigned by hades.lab)

15 Linksys Web Link Sample Web

16 Lab Overview Reset a Linksys router to factory defaults
Connect router between PC and lab server Lab side to WAN or Internet Workstation to one of the switch ports Familiarize with router Check router WAN side IP address Check IP addresses assigned to VM(s) and workstation

17 Lab Overview Ensure it works Try restrictions Try HTTP Try ssh
Browse the denoted URLs and IP addresses Try ssh Enter command to log on Do not need to log on Try restrictions Restrict HTTP Restrict ssh

18 Interesting Notes When you connect the Linksys Router to the lab network The WAN (Internet) side gets an IP address from the DHCP server in hades.lab Linksys has its own DHCP server Enabled by default It grants addresses to elements connected to the LAN side Use those facts to your advantage!

19 Notes: Note: browsers and other devices may cache old results
May need to force refresh

20 Other notes: Firewall can be Can block/pass
A piece of hardware inserted between pc and world Some software Both Can block/pass MAC addresses IP addresses Specific hours Specific services (protocols) By ranges… AND MORE! Capability varies by device

21 Lab 8 Overview Apache Web Server

22 Linux Tricks Scripts

23 Scripts Small programs to help the maintaining and configuring of an operating system Executed by the shell Syntax dependent on shell Typical use: Create a bunch of new users Configure a service De facto extension: .sh

24 Change terminal color Contents of a file named changecolor:
#!/bin/bash # script to turn the screen blue setterm -background blue echo It is a blue day Line 1: specifies which shell should be used to interpret the commands in the script. Line 2: is a comment (has no effect when the script is executed). Line 3: sets the background colour. Line 4: displays a message. Assuming the file is executable: e.g. the permissions is at least --x by the owner To execute if it is in the PWD (current directory): ./changecolor If in another directory use the fully qualified name: /home/mydir/utils/changecolor

25 Simple Menu Script These can be as complex as needed with conditional and loop controls (among many other things) #!/bin/bash OPTIONS="Hello Quit" select opt in $OPTIONS; do if [ "$opt" = "Quit" ]; then echo done exit elif [ "$opt" = "Hello" ]; then echo Hello World else clear echo bad option fi done

26 Running Scripts Basics
Make sure the first line is a directive of which shell to Starts with a shebang: #! For Debian it is the bash shell /bin/bash Make sure it is executable rwxr-xr–- User can run, edit and view Group can run and view World can view chmod 754 script.sh If the shell is in a directory defined in the PATH echo $PATH Will show the directories type: filename If it is not in PATH but it is in the PWD type: ./filename If not in PATH and not in the PWD type full filename starting with the root: /home/ajkombol/Desktop/script.sh

27 Script one: netconfig.sh
Desired action: stop the NIC open the interfaces file to edit restart the NIC add two nameservers to the resolve.conf file The script: #!/bin/bash NETCONFIGFILE=/etc/network/interfaces RESOLVECONF=/etc/resolv.conf ifdown $1 vi $NETCONFIGFILE #vi $RESOLVECONF ifup $1 echo 'nameserver ' >> $RESOLVECONF echo 'nameserver ' >> $RESOLVECONF To execute the script: myprompt#./netconfig.sh eth0

28 Quick script intro Parameters passed to a script are denoted by $1, $2, $3, … $1 is the first parameter, $2 is the second, etc. $# is the number of parameters passed Variables are case sensitive Environment variables Used by the system in general Are UPPER case by convention

29 Quick script intro (cont.)
Conditionals are done by an if…elif…else…fi structure if and elif are followed by a command that evaluates to true or false elif and else are optional elif can be repeated Only one else may be used, if needed if is closed with the fi statement To stop in the middle of a script use exit n n = 0 is a normal exit If n is not specified it is assumed 0 n = 1 is an error exit Actually any non 0 value is an error If a value needs to be checked the test command is used Numbers use conditionals e.g. –gt, -lt, and –eq greater than, less than, equal EX: test 1 –gt 2 Strings use operators e.g. = or != equal and not equal EX: test $1 = "opt1" There are other comparisons that can be done, check the internet

30 Script two: go Desired action: stop the NIC, check which option
copy the proper template to interfaces, restart the NIC Note: eth0 is assumed to be the NIC name #!/bin/bash IFILE=/etc/network/interfaces ifdown eth0 if test $1 = "static" ; then cp $IFILE.static $IFILE echo "Static interfaces loaded!" elif test $1 = "dhcp" ; then cp $IFILE.dhcp $IFILE echo "DHCP interfaces loaded!" else echo "Parameter must be static or dhcp" fi ifup eth0 To execute the script: myprompt#./go static myprompt#./go dhcp

31 Today's labs scripts summary
Changing network configuration Script one – editing the interfaces file stop NIC edit interfaces add some additional routing information start NIC Script two – alternating interfaces templates Make two interfaces templates Copy the desired template You may wish to keep these scripts Use netconfig.sh to edit the interfaces file After making appropriate changes Use go or go2 to switch between DHCP addresses Static addresses

32 Reminder ALWAYS make a backup copy of a configuration file BEFORE editing it Will allow the file to be restored If you mess it up If something else messes it up Examples: cp interfaces interfaces.backup cp apache2.conf apache2.conf.orig Make a copy of a line to be changed in a file and comment it out before changing the original Example: # This is the original line This is the changed line

33 Main Lab Apache

34 Apache Web Server Main Goals Side goals Install Apache
Configure basic system Configure restrictions Side goals Installing packages on a Debian System Reinforce VM environment Reinforce use of vi editor

35 Apache Web Server Overview
Install Apache on your Debian VM apt-get Backup: Synaptic Package Manager No credit for Synaptic install Check if installation worked Create new directories “Install” the web application Configure Apache to “find” the new “application” Copy Web page files into proper directories Hint: assume the Web application is being moved from a different Web server to this machine Configure Apache for restrictions Allow directory access Deny directory access Browse the application from another machine

36 Misc. Notes Debian required for the Apache Server
CentOS recommended for the browsing client Can be any OS with a browser Use ifconfig to identify your IP address Web files (.htm and pics) available on hades.lab Use browser to locate /apachelab e.g. lab302-web.hades.lab/classes/apachelab ( ) In /public directory Also available ON website on thumbdrive You will need to figure out on your own where the images go to be properly displayed All web pages except home have an image A subdirectory is involved!

37 IMPORTANT!!!! This Debian VM must be working and saved!
Will be used as the basis for the DNS Lab!

38 Apache Overview “Open source” web server
Default browser “root” directory NOT the same as the host’s root directory! Location: /var/www /var/www/htdocs Depends on distribution To access the web server: Use the IP address or host name Port 80 Bonus: At end of lab add port to browse on port 8080 Document results

39 Last minute notes: Check the links to
test1.html test2.html They should go to the ITIS2110 directory Watch the IP addresses of your VM DHCP OK this lab Need to look up address for browsing If address was assigned Be sure does not conflict with another machine Can use machine ID as subnet or host id Can use your subnet (see listing on post)

40 Apache Lab Lab 20 pts

Download ppt "Labs 5 and 8 combined Monday March 21, 2016 labs only."

Similar presentations

1 Basic Installation and GUI Tech 130. 2 Basic Installation and GUI : Objectives  Installing the Quadro  Configuring the Quadro  Installing IP phones.

1 Basic Installation and GUI Tech Basic Installation and GUI : Objectives  Installing the Quadro  Configuring the Quadro  Installing IP phones.
1 Configuring Internet- related services (April 22, 2015) © Abdou Illia, Spring 2015.

1 Configuring Internet- related services (April 22, 2015) © Abdou Illia, Spring 2015.
CS 311 - Lecture 03 Outline Sed and awk from previous lecture Writing simple bash script Assignment 1 discussion 1CS 311 Operating SystemsLecture 03.

CS Lecture 03 Outline Sed and awk from previous lecture Writing simple bash script Assignment 1 discussion 1CS 311 Operating SystemsLecture 03.
Linux+ Guide to Linux Certification, Second Edition Chapter 3 Linux Installation and Usage.

Linux+ Guide to Linux Certification, Second Edition Chapter 3 Linux Installation and Usage.
1 Configuring Web services (Week 15, Monday 4/17/2006) © Abdou Illia, Spring 2006.

1 Configuring Web services (Week 15, Monday 4/17/2006) © Abdou Illia, Spring 2006.
Chapter Apache Installation in Linux- Mandrake. Acknowledgment The following information has been obtained directly from www.mandrake.com www.mandrake.com.

Chapter Apache Installation in Linux- Mandrake. Acknowledgment The following information has been obtained directly from
Linux Shell. 2 Linux Command-Line Interface ■ Linux shells: A shell is a command interpreter that allows you to type commands from the keyboard to interact.

Linux Shell. 2 Linux Command-Line Interface ■ Linux shells: A shell is a command interpreter that allows you to type commands from the keyboard to interact.
Linux Operations and Administration

Linux Operations and Administration
Shell Programming, or Scripting Shirley Moore CPS 5401 Fall 2013 August 29, 2013 1.

Shell Programming, or Scripting Shirley Moore CPS 5401 Fall August 29,
Objectives Define IP Address To be able to assign an IP address with its Subnet Mask and Default Gateway to a PC that operates using Windows 7 or Fedora.

Objectives Define IP Address To be able to assign an IP address with its Subnet Mask and Default Gateway to a PC that operates using Windows 7 or Fedora.
Managing User Accounts. Module 2 – Creating and Managing Users ♦ Overview ► One should log into a Linux system with a valid user name and password granted.

Managing User Accounts. Module 2 – Creating and Managing Users ♦ Overview ► One should log into a Linux system with a valid user name and password granted.
CENT 305 Information Systems Security Linux Introduction.

CENT 305 Information Systems Security Linux Introduction.
SUSE Linux Enterprise Desktop Administration Chapter 12 Administer Printing.

SUSE Linux Enterprise Desktop Administration Chapter 12 Administer Printing.
1 Apache. 2 Module - Apache ♦ Overview This module focuses on configuring and customizing Apache web server. Apache is a commonly used Hypertext Transfer.

1 Apache. 2 Module - Apache ♦ Overview This module focuses on configuring and customizing Apache web server. Apache is a commonly used Hypertext Transfer.
Adding New Users User as an entity - username(UID), GID. UID - typically a number for system to identify the user. GID – a number that recognizes a set.

Adding New Users User as an entity - username(UID), GID. UID - typically a number for system to identify the user. GID – a number that recognizes a set.
FTP Server and FTP Commands By Nanda Ganesan, Ph.D. © Nanda Ganesan, All Rights Reserved.

FTP Server and FTP Commands By Nanda Ganesan, Ph.D. © Nanda Ganesan, All Rights Reserved.
Linux Operations and Administration

Linux Operations and Administration
Shell Scripting AFNOG IX Rabat, Morocco May 2008.

Shell Scripting AFNOG IX Rabat, Morocco May 2008.
ITI-481: Unix Administration Meeting 3 Christopher Uriarte, Instructor Rutgers University Center for Applied Computing Technologies.

ITI-481: Unix Administration Meeting 3 Christopher Uriarte, Instructor Rutgers University Center for Applied Computing Technologies.
Lesson 9-Setting and Using Permissions. Overview Describing file permissions. Using execute permissions with a file. Changing file permissions using mnemonics.

Lesson 9-Setting and Using Permissions. Overview Describing file permissions. Using execute permissions with a file. Changing file permissions using mnemonics.

Similar presentations

Ads by Google