Scribd
Upload
30 views

SNA Course Work

Here are the steps I took: 1. Created two new users (sushma and januka) on the cloned VM (Userserver) using adduser 2. Set up a virtual server configuration on Userserver with VirtualDocumentRoot and VirtualScriptAlias directories 3. Changed owner, group, and permissions of VirtualDocumentRoot and VirtualScriptAlias to nobody:nobody with 700 permissions. This allows the cloned VM (Userserver) to serve content virtually for users sushma and januka while isolating the file system access.

Uploaded by

Daddy's Picks
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
30 views

SNA Course Work

Here are the steps I took: 1. Created two new users (sushma and januka) on the cloned VM (Userserver) using adduser 2. Set up a virtual server configuration on Userserver with VirtualDocumentRoot and VirtualScriptAlias directories 3. Changed owner, group, and permissions of VirtualDocumentRoot and VirtualScriptAlias to nobody:nobody with 700 permissions. This allows the cloned VM (Userserver) to serve content virtually for users sushma and januka while isolating the file system access.

Uploaded by

Daddy's Picks
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 42

Individual work

• Iptables

Objective
To filter, manage (add) & check the firewall rules for IPv4 or IPv6 traffic and test or
check the rules with hping and multitail which will help for packet filtering.
Nowadays, putting barrier between Internet and private networks are very important
with the increasing threats and internet population.

1
Iptables Rules
• iptables -A INPUT -p tcp --tcp-flags ALL NONE -j LOG --log-level alert --log-prefix “iptables ALL NONE”
• iptables -A INPUT -p tcp --tcp-flags FIN, SYN FIN, SYN -j LOG --log-level alert --log-prefix “iptables FIN,
SYN FIN, SYN”
• iptables -A INPUT -p tcp --tcp-flags SYN, RST SYN, RST -j LOG --log-level alert --log-prefix “iptables
SYN, RST SYN, RST”
• iptables -A INPUT -p tcp --tcp-flags FIN, RST FIN, RST -j LOG --log-level alert --log-prefix “iptables FIN,
RST FIN, RST”
• iptables -A INPUT -p tcp --tcp-flags FIN, ACK FIN -j LOG --log-level alert --log-prefix “iptables FIN, ACK
FIN”
• iptables -A INPUT -p tcp --tcp-flags ACK, URG ACK -j LOG --log-level alert --log-prefix “iptables ACK,
URG ACK”

2
Save rules using shell script, sushma.sh
• echo ‘iptables -A INPUT -p tcp --tcp-flags ALL NONE -j LOG --log-level alert --log-prefix “iptables ALL
NONE”’>>sushma.sh
• echo ‘iptables -A INPUT -p tcp --tcp-flags FIN, SYN FIN, SYN -j LOG --log-level alert --log-prefix “iptables
FIN, SYN FIN, SYN”’>>sushma.sh
• echo ‘iptables -A INPUT -p tcp --tcp-flags SYN, RST SYN, RST -j LOG --log-level alert --log-prefix
“iptables SYN, RST SYN, RST”’>>sushma.sh
• echo ‘iptables -A INPUT -p tcp --tcp-flags FIN, RST FIN, RST -j LOG --log-level alert --log-prefix “iptables
FIN, RST FIN, RST”’>>sushma.sh
• echo ‘iptables -A INPUT -p tcp --tcp-flags FIN, ACK FIN -j LOG --log-level alert --log-prefix “iptables FIN,
ACK FIN”’>>sushma.sh
• echo ‘iptables -A INPUT -p tcp --tcp-flags ACK, URG ACK -j LOG --log-level alert --log-prefix “iptables
ACK, URG ACK”’>>sushma.sh

3
multitail and hping testing for rules

• Rule for ALL NONE: multitail /var/log/syslog -l “hping2 192.168.56.101; sleep 60”
• Rule for FIN,SYN FIN,SYN: multitail /var/log/syslog -l “hping2 -F -S 192.168.56.101; sleep 60”
• Rule for SYN,RST SYN,RST: multitail /var/log/syslog -l “hping2 -S -R 192.168.56.101; sleep 60”
• Rule for FIN,RST FIN,RST: multitail /var/log/syslog -l “hping2 -F -R 192.168.56.101; sleep 60”
• Rule for FIN,ACK FIN: multitail /var/log/syslog -l “hping2 -F 192.168.56.101; sleep 60”
• Rule for ACK,URG URG: multitail /var/log/syslog -l “hping2 -U 192.168.56.101; sleep 60”

4
Adding and saving rules

Fig: Rule 1, ALL NONE

5
Rules saved in shell script using cat

Fig: sushma.sh using cat


6
Testing using multitail and hping

Fig: Test command output for FIN,SYN FIN,SYN


7
Obstacles encountered, obstacles overcome

1. run the sushma.sh file several times, iptables –L showed copies of same rule may
times.

reboot the VM and run sushma.sh once. Solved!

2. Typos wrong

3. Iptables rules entered from normal users, not possible.

8
Obstacles encountered, obstacles overcome

4. Testing rules used before: multitail /var/log/syslog “hping2 192.168.56.101”

• Not able to recognize the file

• separate hping2 and multitail. Well, that rule was also correct but I wanted to use
both at once.

• I looked into the multitail page of tinynet, saw the use of –l in between.

• That’s how I combined both multitail and hping to work for me.

9
Group Work

• Cross System Multitail

Objective

To use netcat to establish connection between mailserver and gateway to view their
postfix logs at same time in gateway in two separate windows.

10
Using netcat

• In mailserver,

Fig: commands for listening in mailhost

11
Using netcat

• In gateway,

Fig: Cross system multitail command using netcat

12
Two Multitail windows for gateway and mailserver
showing logfiles

Fig: maillog files in 2 different windows

13
Obstacles encountered, obstacles overcome

1. The command that I input before

• Did not show two windows

• The modified right command:

14
Obstacles encountered, obstacles overcome

2. cat /bin/bash, showed incomprehensible data, clicked Ctrl + C to terminate

• next command line (root@npi000075-mail:~#) also became incomprehensible.

• I reboot the system and screenshot the command first,

• Then let the command run for more seconds than before and took screenshot
again. This time, the next command line was understandable.

15
SUDO

Objective

The objective of SUDO (SuperUser Do) is to allow permission to the user to access
the operations, files (which are restricted) and specific commands at system’s root
level. It controls which commands to be accessible by the user. We are doing
configuration and set up to manage sudo, set up two users, force to practice sudo,
dissimilar color prompts for normal user and root, secure password and make very
login interesting with random fortune text with color.

16
Creating two users with adduser

Fig: add user sushma Fig: set up complete for januka

17
Permit no root login

Fig: allow users for no root login


18
Force users to use sudo

Fig: force users to use sudo

19
Different color prompt for normal and root users

Fig: different color for root and normal user

20
Color prompts for root and normal user

Fig: Root user color red

Fig: normal user color yellow

21
Secure password by editing issue.mytyvm

Fig: Edit to make secure

22
Password secured

Fig: The password secured

23
Random fortune in color

Fig: set execute bits for /etc/profile.d/login-fortune.sh

Fig: fortune to fortune.dat 24


Code edited in login-fortune.sh

Fig: code edited for fortune

25
Random fortune when logged in

Fig: random fortune in color

26
Obstacles encountered, obstacles overcome

1. edit issue.mytyvm to secure, but confused on what exactly to edit.

• Delete/remove the password written in that page and solved.

2. Confused on how to edit the code of /etc/profile.d/login-fortune.sh.

• Tried commenting the code before and only letting the code added to run. It
amazingly worked.

27
Virtual Server
Objective
Virtual server’s role is to allow the users to access and work on servers virtually (by the
concept of server virtualization), without depending on the requirement of physical server
for any specific task to be done. One of its primary objectives is to share the resources of
software and hardware with guest Operating System. The concept of server virtualization
offers an efficient control over resources and are more cost-effective. It promotes fast
provision of resources and application, disaster recovery continuity and many more. Here,
we cloned a new VM and set up users, virtualserver, cronjob, then opened links in another
VM.

28
Clone new VM (Userserver)

I cloned new VM named Userserver generating new MAC Address & full clone.
Then, I SetRole for this VM to noRole.

29
Set up two users

• Users added using “adduser” as in SUDO


• Users sushma and januka was added.
• Owner : group to username : users
• Permission of /home/januka and /home/sushma set 700.

30
Set up Virtual Server

Fig: creating new site for both users

31
Make directory VirtualDocumentRoot and VirtualScriptAlias
• Click F7 and name new directory.
• VirtualDocumentRoot and VirtualScriptAlias was made.

Fig: mkdir for VirtualDocumentRoot Fig: mkdir for VirtualScriptAlias

32
Permission, owner and group for new directory

• Owner : group to nobody : nobody


• Permission set to 700

33
Edit /etc/dnsmasq.d/cnames

Fig: edit cnames

34
Make webpages and run directory

• webpages inside /home/sushma


• Run inside /home/sushma/webpages

Fig: Mkdir for webpages Fig: Mkdir for run inside webpages for sushma
35
Setting user site

Fig: copying index.html inside webpages for sushma

36
Setting cron job with crontab -e

Fig: crontab -e to run every 10 mins

37
dig

Fig: dig sushma for cname resolution

38
links in gateway

Fig: opening links in gateway


Fig: go to URL, sushma.tinynet.edu

Fig: link sushma opened 39


Obstacles encountered, obstacles overcome

• Confused on how to add script for crontab -e.

• Procedure is a bit lengthy which makes you forget what you are doing or what you
have done.

40
Any Questions?

41
Thank you!

42

You might also like