API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Dec 18th, 2017
121
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 6.01 KB | None | 0 0
raw download clone embed print report
  1. EMU-412 Fall 17 Final (updated 11/20)
  2. This is to be your own work. You may use the web, books, notes, VMs as resources BUT do not
  3. discuss with or ask others for help.
  4. Pay close attention to details - the autograder is not forgiving!
  5. There are scripts that you can run on each machine(gateway, fina & extra) to see if you have
  6. successfully completed the tasks. (instructions on how to run the scripts are at end of this
  7. document)
  8. Before you begin the final please be sure you have completed the course work. You should
  9. have built 5 VMs:
  10. 1) gateway
  11. 2) main (Server2)
  12. 3) kickstart or kick (module 27)
  13. 4) fail (module 36)
  14. 5) a test machine used to verify that the PXE menu works but is not configured / built
  15. machine.
  16. Tasks in each question are not always in the best / correct order!!!
  17. There may be a little trolling.
  18. --------------------------------------------------------------------------------------------------------
  19. 1​ Add user to gateway machine with the following attributes
  20. user name: janie
  21. comment: woman_of_the_jungle
  22. uid: 2000
  23. gid: (users group number - you will need to look this number up)
  24. shell: tcsh (you will need to install the tcsh shell)
  25. home directory: /home/jungle/janie (this​ ​is​ ​tricky​ ​-​ ​read​ ​the​ ​man​ ​page)
  26. set password
  27. --------------------------------------------------------------------------
  28. 2​ Build another machine using the tftp server add to the pxe menu option #4 called FINAL using
  29. a kickstart file based on the ks.cfg configured during the class as a base and add nmap & tcsh
  30. and remove the update system command if it exists (call the new file ks2.cfg)
  31. 7 GB disk 440 MB on the correct network
  32. configure this machine to get a dhcp reservation of 10.20.14.125
  33. Add janie configured like question 1 above to final.412.emu (can you do this in the kickstart?)
  34. configure your dns server to include
  35. A record for 10.20.14.125 final.412.emu
  36. CNAME for 10.20.14.125 exam
  37. PTR to match the A record
  38. ---------------------------------------------------------------------
  39. 3​ install port knocking on the final.412.emu machine
  40. access port 22
  41. control ports:
  42. 1449 close
  43. 1450 open
  44. 1451 close
  45. ----------------------------------------------------------------------
  46. 4​ configure sudo for user janie on each machine janie is configured on
  47. allow all root privileges
  48. not require a password (spaces matter)
  49. -----------------------------------------------------------------------
  50. 5​ selinux set to enforcing on all machines
  51. -----------------------------------------------------------------------
  52. 6​ nozeroconf on all machines
  53. ----------------------------------------------------------------------
  54. 7​ ssh port forwarding
  55. configure gateway so that is to allow connections to exam.412.emu from putty on your host.
  56. connection on port 45 of the gate will be forwarded to port 22 of exam.412.emu
  57. control ports 140 & 142 close, port 141 will open port 22
  58. this requires that port knocking is already working on final.412.emu
  59. (spacing and order matter)
  60. -----------------------------------------------------------------------
  61. 8​ ssh key - verify the janie user on exam.412.emu
  62. create an ssh key pair for janie on gate and configure exam.412.emu to allow janie to connect
  63. as janie without a password/passphrase using the default rsa (hint verify correct permissions)
  64. (remember have you set up port knocking?)
  65. ----------------------------------------------------------------------
  66. 9​ create a script that janie can run called backup-janie.sh (on gateway as user janie)
  67. (use full path addressing)
  68. include a port knock in the script (nmap)
  69. rsync (don’t forget the option for recursion,check the man page) the /tftpboot directory from
  70. gateway to final using the janie account to the directory /home/jungle/janie/DATA/
  71. run the script by hand using source backup-janie.sh
  72. ------------------------------------------------------
  73. 10​ install epel repo on final.412.emu
  74. -----------------------------------------------------------------------
  75. 11​ install & configure logwatch & alpine on final.412.emu
  76. ------------------------------------------------------------------------
  77. 12​ install denyhosts on final.412.emu and configure to run on boot
  78. set block all services and invalid users to 3 attempts
  79. white list gateway by ip number on final
  80. ----------------------------------------------------
  81. 13​ on exam / final configure so host name is displayed via dns lookup (i.e. not hard coded)
  82. (i.e. /etc/sysconfig/network may need to be fixed) may need to reboot to test
  83. ----------------------------------------------------
  84. 14​ Build another machine - extra.412.emu (440 MB RAM 5GB Hard drive, correct vmnet) call it
  85. ks3.cfg
  86. create a new PXE menu call it EXTRA with ks3.cfg
  87. include previous settings from the ks2.cfg
  88. add lines to install & start apache
  89. add lines to install & start logwatch
  90. install bind & chroot-bind
  91. install epel
  92. install alpine & fail2ban
  93. add to dns extra.412.emu (forward and reverse)
  94. add to dhcp 10.20.14.130
  95. have host name configured correctly
  96. port forward so host (your windows machine to port 8081) can browse to default web page
  97. configure as a slave dns to server2
  98. Note: (using hostname verify that the machine has the correct fully qualified name)
  99. -----------------------------------------------------------
  100. wget the correct script:
  101. gateV1115 ( 10.20.14.1 gate.412.emu)
  102. finalV1115 (10.20.14.125 final.412.emu)
  103. extraV1115 (10.20.14.130 extra.412.emu)
  104. Please check back for updated versions.
  105. On one line put:
  106. wget --user=linux --password=secret --auth-no-challenge \
  107. http://aws.dougcox.com/412/final/SCRIPTNAME
  108. in the /root directory for the machine being tested
  109. chmod +x SCRIPTNAME
  110. ./SCRIPTNAME
  111. gateway 101 points
  112. final 51 points
  113. extra 50 points
  114. TOTAL 202 points
  115. Final will be accepted December 19th during regular class hours
  116. Grading will be done in person / in class by showing instructor the running script and output.
  117. Be prepared to re-download the scripts and demonstrate including access the web site on extra
  118. from your host
  119. +++++++++++++++++++++++++++++++++++++++
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!