Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- EMU-412 Fall 17 Final (updated 11/20)
- This is to be your own work. You may use the web, books, notes, VMs as resources BUT do not
- discuss with or ask others for help.
- Pay close attention to details - the autograder is not forgiving!
- There are scripts that you can run on each machine(gateway, fina & extra) to see if you have
- successfully completed the tasks. (instructions on how to run the scripts are at end of this
- document)
- Before you begin the final please be sure you have completed the course work. You should
- have built 5 VMs:
- 1) gateway
- 2) main (Server2)
- 3) kickstart or kick (module 27)
- 4) fail (module 36)
- 5) a test machine used to verify that the PXE menu works but is not configured / built
- machine.
- Tasks in each question are not always in the best / correct order!!!
- There may be a little trolling.
- --------------------------------------------------------------------------------------------------------
- 1 Add user to gateway machine with the following attributes
- user name: janie
- comment: woman_of_the_jungle
- uid: 2000
- gid: (users group number - you will need to look this number up)
- shell: tcsh (you will need to install the tcsh shell)
- home directory: /home/jungle/janie (this is tricky - read the man page)
- set password
- --------------------------------------------------------------------------
- 2 Build another machine using the tftp server add to the pxe menu option #4 called FINAL using
- a kickstart file based on the ks.cfg configured during the class as a base and add nmap & tcsh
- and remove the update system command if it exists (call the new file ks2.cfg)
- 7 GB disk 440 MB on the correct network
- configure this machine to get a dhcp reservation of 10.20.14.125
- Add janie configured like question 1 above to final.412.emu (can you do this in the kickstart?)
- configure your dns server to include
- A record for 10.20.14.125 final.412.emu
- CNAME for 10.20.14.125 exam
- PTR to match the A record
- ---------------------------------------------------------------------
- 3 install port knocking on the final.412.emu machine
- access port 22
- control ports:
- 1449 close
- 1450 open
- 1451 close
- ----------------------------------------------------------------------
- 4 configure sudo for user janie on each machine janie is configured on
- allow all root privileges
- not require a password (spaces matter)
- -----------------------------------------------------------------------
- 5 selinux set to enforcing on all machines
- -----------------------------------------------------------------------
- 6 nozeroconf on all machines
- ----------------------------------------------------------------------
- 7 ssh port forwarding
- configure gateway so that is to allow connections to exam.412.emu from putty on your host.
- connection on port 45 of the gate will be forwarded to port 22 of exam.412.emu
- control ports 140 & 142 close, port 141 will open port 22
- this requires that port knocking is already working on final.412.emu
- (spacing and order matter)
- -----------------------------------------------------------------------
- 8 ssh key - verify the janie user on exam.412.emu
- create an ssh key pair for janie on gate and configure exam.412.emu to allow janie to connect
- as janie without a password/passphrase using the default rsa (hint verify correct permissions)
- (remember have you set up port knocking?)
- ----------------------------------------------------------------------
- 9 create a script that janie can run called backup-janie.sh (on gateway as user janie)
- (use full path addressing)
- include a port knock in the script (nmap)
- rsync (don’t forget the option for recursion,check the man page) the /tftpboot directory from
- gateway to final using the janie account to the directory /home/jungle/janie/DATA/
- run the script by hand using source backup-janie.sh
- ------------------------------------------------------
- 10 install epel repo on final.412.emu
- -----------------------------------------------------------------------
- 11 install & configure logwatch & alpine on final.412.emu
- ------------------------------------------------------------------------
- 12 install denyhosts on final.412.emu and configure to run on boot
- set block all services and invalid users to 3 attempts
- white list gateway by ip number on final
- ----------------------------------------------------
- 13 on exam / final configure so host name is displayed via dns lookup (i.e. not hard coded)
- (i.e. /etc/sysconfig/network may need to be fixed) may need to reboot to test
- ----------------------------------------------------
- 14 Build another machine - extra.412.emu (440 MB RAM 5GB Hard drive, correct vmnet) call it
- ks3.cfg
- create a new PXE menu call it EXTRA with ks3.cfg
- include previous settings from the ks2.cfg
- add lines to install & start apache
- add lines to install & start logwatch
- install bind & chroot-bind
- install epel
- install alpine & fail2ban
- add to dns extra.412.emu (forward and reverse)
- add to dhcp 10.20.14.130
- have host name configured correctly
- port forward so host (your windows machine to port 8081) can browse to default web page
- configure as a slave dns to server2
- Note: (using hostname verify that the machine has the correct fully qualified name)
- -----------------------------------------------------------
- wget the correct script:
- gateV1115 ( 10.20.14.1 gate.412.emu)
- finalV1115 (10.20.14.125 final.412.emu)
- extraV1115 (10.20.14.130 extra.412.emu)
- Please check back for updated versions.
- On one line put:
- wget --user=linux --password=secret --auth-no-challenge \
- http://aws.dougcox.com/412/final/SCRIPTNAME
- in the /root directory for the machine being tested
- chmod +x SCRIPTNAME
- ./SCRIPTNAME
- gateway 101 points
- final 51 points
- extra 50 points
- TOTAL 202 points
- Final will be accepted December 19th during regular class hours
- Grading will be done in person / in class by showing instructor the running script and output.
- Be prepared to re-download the scripts and demonstrate including access the web site on extra
- from your host
- +++++++++++++++++++++++++++++++++++++++
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement