NCS590 (Topic) – Linux Networking

image_pdfimage_print

Syllabus

The class syllabus can be found here

Textbook

Click here for information on the required textbook for this class.

Course Format

This course will be taught entirely online using this website for course content distribution, as well as Angel for all homework and lab submissions.

Screencasts

All class lectures will be delivered in the form of a screencast that will be posted in the ClassX system under SUMMER 2014 – TEL590: Topic: Linux Networking.

Class Schedule – (tentative)

Week Topics Readings and Assignments
Week 1:
(May 27 – 30)
Introduction

  • Screencast 1

Virtual Machine Setup

  • Screencast 2

OS Installation

  • Screencast 3

Updating and Installing Software

  • Screencast 4

User Account Management

  • Screencast 5

Text Editors

  • vimtutor

Reading:

  • Part 1 (ch1-3) and Part 2 (ch 4) in text

Assignment:

  • Install Virtualbox on your computer as well as the corresponding Extension Pack for USB 2.0 support.
  • Install CentOS Linux (Minimal Server Installation) in Virtualbox
  • Update the system (yum)
  • Install vim, man, and links
  • Clone the virtual machine and change the hostname – Screencast 5
  • Setup a normal user account for yourself on each system
  • Perform the following on the primary system
    • Run through vimtutor
    • Exercises on pages 100-103
    • Setup multiple new groups (hr, engineering, accounting, development)
    • Setup at least 5 new users and add them to one or more of the groups you created
  • Make sure your /etc/passwd and /etc/group files are included in your writeup
Week 2:
(June 2 – 6)
Command Line

  • Screencasts 6,7,8,9

Bash Scripting Basics

  • Screencast 10

File Systems

  • Screencast 11

Cron Jobs

Reading:

Assignment:

(CLI Lab)

  • Refer to Chapter 5 (pgs 116-122) in the book and the Dognet Unix Command Summary Sheet for more details and examples of how to manipulate file and folder permissions
  • Go through the rest of the commands in Chapter 5 that were not covered in the screencasts (pgs 122-140)
  • Create a custom banner that displays the following information when you log into your normal user’s shell (hint: edit ~/.bashrc)
    • “Hello USER” – (make use of the USER environment variable to get the username)
    • “Welome to HOSTNAME” (make use of the HOSTNAME environment variable)
    • System uptime
    • System’s private IP addresses (not full blown ifconfig output, but just a line for each interface that says “The IP address for ETHX is: XXX.XXX.XXX.XXX” – hint: use the grep and awk commands)
    • Public IP address of the system, (hint use the curl command on ip.appspot.com)
  • Note: after you make changes to ~/.bashrc and save the file and then use the command source ~/.bashrc to view the effects of the changes

(File Systems Lab)

  • Add a new 20GB hard disk to CentOS1 in the virtual machine’s storage settings then do the following:
    • Use fdisk to create a single LVM partition on the new 20GB hard disk
    • Setup the 20GB LVM parition as a LVM physical volume
    • Create a new volume group called vg and add the new 20GB physical volume to it
    • Create 3 new logical volumes within the volume group each 5GB in size (names: backup, data, videos)
    • Partition the first logical volume (backup) as ext3
    • Partition the second logical volume (data) as ext4
    • Partition the third logical volume (videos) as xfs
    • Create mount points for each logical volume in /mnt (/mnt/backup, /mnt/data, /mnt/videos)
    • Manually use the mount command to mount each logical volume to the new directories created in /mnt
    • Add entries in /etc/fstab for the new logical volumes so that they are mounted during startup

(Cron & Scripting Lab)

  • Write a script in BASH that automatically writes your system’s private (eth0 and eth1) and public IP addresses to a file within your home directory called ipaddresses. The automatically generated ipaddresses file should contain the following information:
    • The date command must be used to provide a timestamp at the top of the file in the following format:
      • Timestamp: (HH:MM) MMDDYYYY
    • The next line should contain: ETH0 IP: XXX.XXX.XXX.XXX
    • The next line should contain: ETH1 IP: XXX.XXX.XXX.XXX
    • The last line should contain: Public IP: XXX.XXX.XXX.XXX
  • The script should overwrite any current entries with the new entries, not append them to the file.
  • Don’t forget to change the permissions on the script so that it is executable!
  • Setup a cron job to run the script every 30 mins, you can verify this works by checking the timestamp in the ipaddresses file to see if it is being updated correctly, make sure you let your VM run for a few hours during testing.


(Note:)

  • Make sure to submit all of your code for the CLI and Cron/Scripting portions of this assignment along with your lab writeup for the week.
  • This includes the following:
    • A copy of your .bashrc file
    • A copy of your get_ipaddress script
    • A copy of your ipaddresses output file
    • A copy of your cron job listing in crontab -e
    Week 3:
    (June 9 – 13)
    Compiling Software

    • Screencast 12

    Kernel Configuration

    • Screencast 13

    Proc File System

    Network Configuration

    • Screencast 14

    Reading:

    • Part 2 (ch 9-10) and Part 3 (ch 11-12) in text

    Assignment:

    • Install the “Development Tools” package group and the ncurses-devel package with yum to your CentOS1 virtual machine
    • Install the rest of the dependencies required to compile a new kernel in a CentOS environment. Using the latest stable kernel from The Linux Kernel Archives customize and compile a new kernel on your CentOS1 system.
    • Setup static IP addressing on both of your virtual machines. This is to be done on both the NAT and Host only network interfaces. Verify that you give the interfaces addresses that are on the correct network and are outside of the DHCP pool for that network.
    • Your users have requested that you install Net Hack on the CentOS1 server. You must install it from source in order to build in all of the features that they are requesting. Obtain the source code for the game here. Be sure to grab the file called nethack-343-src.tgz which is the source code not the binary.
      • Extract the source code using tar at the command line
      • Read the README file and figure out how to compile it under Linux
        • Another handy resource is here
      • Compile the software and install it to the system
      • Add your normal user to the games group
      • Log out and log back in then go to /usr/games and run ./nethack
      • On the initial startup have the game autogenerate your character’s name, race, etc… then take a screenshot when it loads you into the world. Be sure to get your character’s name in the screenshot.
      • In your writeup provide specific details on what you did in order to get the game to compile, install, and run properly.

    Week 4:
    (June 16 – 20)
    IPTables and Netfilter

    Local System Security

    Network Security

    Project Proposals Due!

    Reading:

    • Part 3 (ch 13-15) in text

    Assignment:

    • What are the default rules that iptables is configured with in a CentOS minimal installation?
      • What does it block by default?
      • What is allowed?
    • Add a rule on both of your systems that provides logging capabilities on the INPUT chain
    • Backup your current iptables configuration to /etc/iptables.bak and provide a copy of this backup file in your writeup
    • After you verify your backup is successful flush your iptables configuration so that it contains no rules (iptables -F)
    • Use iptables -L -v to verify your iptables configuration is empty (screenshot)
    • After iptables has been flushed restore the previous configuration from the backup you created
    • Note: the iptables firewall rules will have to be updated as we add new networking services to these machines
    • Setup a password policy on both systems to enforce the use of complex passwords:
      • Password length must be more than 8 characters
      • Password must have a mix of capital and lower case letters
      • Password must have at least 1 number and 1 special character
      • All passwords expire after 30 days and the same password cannot be reused
    • Provide detailed documentation on how you completed this task in your writeup
    • Install nmap and tcpdump on both systems with yum
    • Use nmap to probe both systems for open ports
      • Do this with and without the IPTables firewall enabled
      • What are the differences?
      • If ports were found open idenfity what services they belong to
      • Try to figure out how to use nmap to gain more detailed information about the host and open ports while iptables is disabled

    • On your CentOS1 system run tcpdump and redirect the output to a file so that it can be parsed later
    • While tcpdump is running (remember backgrounding?) use links on the same machine to surf the web
    • After you have visited a few pages close links
    • Stop tcpdump and view the output file
      • What was captured? Be very specific in your writeup, include things like data, ports, protocols, etc…
    • Use tcpdump again but this time filter the output for http traffic only (hint: look at the man page)
    Week 5:
    (June 23 – 27)
    DNS Service

    FTP Service

    Reading:

    Assignment:

    • Setup a BIND DNS server on both VM’s. Make sure you setup replication between both servers. Use your CentOS1 server as the master and make CentOS2 the slave.
      • Create entries for both of your virtual machines on the primary DNS server, make sure you create separate zones for the different networks (host only and NAT). Ie. pinging centos1.hostonly results in a different IP than pinging centos1.nat
        • Verify that replication occurs and explain the process in your writeup as well as include a screenshot as proof
        • Insert screenshots of each ping test in your writeup
        • Insert screenshots of you using the nslookup tool to query the server for the new local DNS entries
      • Also create entries for your default gateway on the NAT network and your host address on the host only network (X.X.X.1).
        • Provide the same verification and proof as above
      • Both of your VMs should be set to use the new DNS servers for both internal and external address resolution. In this case you will have a primary and secondary DNS server that your internal clients will use to resolve Internet addresses as well as internal addresses. The servers should also provide DNS caching benifits for local users that are attempting to resolve a previously requested Internet address. (ie. www.google.com)
        • Insert screenshots of you using the nslookup utility on one of your VMs against a few FQDN’s (ie. www.google.com) to prove that your DNS server is responding to the internal client’s queries
      • Provide details of the steps that were required in order to complete this task as well as copies of all configuration files that you edited in order to setup and use the new DNS servers in your writeup. This includes BIND configuration files as well as any networking configuration files that needed to be changed on the VMs

    • Install a FTP server on one of your VMs, create DNS entries on your primary server for your FTP server on both networks and verify replication occurs
      • Use a FTP client on your Host to send files to your FTP server on your CentOS1 vm over the host only network. Add a screenshot of this process to your report.
      • Provide details on the steps that were required in order to complete this task as well as copies of any configuration files you editied related to the FTP service.

    • Both parts of this assignment will required you to add rules to your iptables firewall in order to allow traffic to access the new services.
    • Note: There will be no screencasts for this module. A this point I assume you know the basics of DNS and FTP in terms of what they are and the ports that they use to communicate on. It is your task to read and understand the documentation provided by the book as well as the links I have given to figure out how to set these two services up. This should be easily accomplished by using the resources I have listed as well as other resources available on the Internet. Also make use of the class discussion forums to ask questions about this assignment to the rest of the class, I expect participation from everyone either by asking questions or answering them.

      IMPORTANT: I will not answer any questions related to this assigment over email, only through the forums.

    • Think of this as a small test to see if you can gather the information, skill, and patience required in order to set these two services up on your own.
    Week 6:
    (June 30 – July 3)
    HTTP

    SSH

    Reading:

    • Part 4 (ch 18-21)

    Assignment:

    • Install an Apache web server on one of your VMs and verify that it works.
    • Create a DNS entry for the new web server and verify replication occurs
    • Setup the web server to support secure connections over HTTPS
    • Setup userdir support so that any user that has an account on the web server can setup a personal web space at ~/username (hint: think of how fang works)
    • Explore how to use .htaccess and .htpasswd files, implement a static web page that allows access to the page only over an HTTPS connection and also prompts the user to enter a username and password
    • A SSH server is running by default on each of your VMs. Secure both systems by applying the techniques illustrated in the Securing SSH document
    • Implement public/private keys to be able to authenticate into the systems without a password
    • As with last week keep all questions and discussion to the forums.
    • No screencasts this week. Work on your projects!
    Week 7:
    (July 7 – 11)
    Work on Projects Reading:

    • Part 5 (ch 22, 23, 28, 29, 30)

    Assignment:

    • Work on your projects and reports. Make them good!
    Week 8:
    (July 14 – 17)
    Final Project Final Project Due

    Activating a Computer Science Account

    All students are required to setup a Computer Science account in order to utilize department resources relevant to this class. If you do not already have a CS account, visit a CS lab (Kunsela c012, c014, c109, b118) and follow the on screen instructions. If you have any questions, stop by Kunsela c107 and ask for assistance or contact the instructor.

    If you need help accessing computer science department resources from home, check out this guide.

    Unix Commands

    A list of common UNIX commands are summarized here.

    Labs

    Students will engage in hands-on lab exercises that will provide them with experience using the Linux command line as well as setting up services and administering their individual environments. All students will be required to submit individual lab writeups detailing the work performed in each exercise. Drop boxes will be provided in Angel with corresponding due dates. Late submissions will not be accepted!

    All lab writeups must consist of the following:

    • Cover page
    • Abstract
    • Introduction
    • Processes involved in completing the lab
    • Screenshots of major steps to provide proof of lab completion
    • Identification of any issues or delays as well as resolutions
    • Conclusion
    • References

    Project

    All students will be expected to perform research and develop an individual project related to the administration and configuration of some type of Linux networking service that provides value to its end users. Each student will be expected to maintain a project log on their Computer Science home page that tracks their weekly progress on the project, as well as provides links to any references or resources they may have used.

    Each student will also be expected to submit a paper that outlines the work they performed on their individual project. The paper MUST conform to the following guidlines:

    • The paper must be formatted using the ACM SIG-Alternate format. Templates for MS Word and LateX can be found here
      • Be sure to review the ACM Author Guidelines that are also available on that page to ensure that you are properly formatting your paper.
    • The paper must include at references. These references must be properly cited throughout the document according to the ACM guidelines.
    • If you used any online references they should also be referenced as ONLINE resources. This includes any technical documents you followed, white papers, as well as links to homepages of tools that you used for your project. Please use the proper ACM guidelines for citing Online references, I will leave it as an exercise for you to figure out how to format online references correctly.
    • All references should be listed in the bibliography in ACM format, again an exercise for you to figure out!
    • You are required to have the following sections in your paper in addition to the main body (content) of the paper:
      • Abstract
      • Introduction
      • Related Work
      • Future Work
      • Conclusions
      • References
    • The body of the paper should include:
      • A description of the process involved in implementing the project
      • Practical applications
      • Benchmark results
      • Issues or delays encountered
      • Resolutions to any issues or delays
      • General remarks
    • All papers should be reviewed for spelling, grammar errors, and proper sentence structure. Points will be deducted if any problems are found. Treat these papers as something you are writing for possible submission for publication.
    • Do not fill your papers with screenshots and images! Use images and screenshots vary sparingly and only to make a point! Tables as well as charts and graphs are acceptable as longs as they make sense and support the information you are trying to convey.
    • Papers must be at least 6 pages in length in the ACM format.
    • Be sure you are maintaining a weekly log on your CS homepage. I will be checking, and points WILL be deducted from your final average if this is not done!

    Links