Difference between revisions of "OPS335 Samba Lab"

From CDOT Wiki
Jump to: navigation, search
(Created page with 'FOCUS: Automating System Backup This lab will show you how to set up a Fedora installed system to be used for file backups. PART A: Requirements: You will need two PCs to do thi…')
(No difference)

Revision as of 21:38, 30 August 2011

FOCUS: Automating System Backup This lab will show you how to set up a Fedora installed system to be used for file backups.

PART A: Requirements: You will need two PCs to do this lab. We'll use one real PC (your hard drive running Fedora 13) and one virtual PC (created with Fedora's virtual machine manager). Your real Fedora 13 system (installed on your hard drive) should be updated to the latest software and should be using the default server firewall. Your virtual Fedora 13 system (installed as a guest VM) should also be updated to the latest software and should be using the default server firewall. Also ensure that the ssh server is running on both host and guest machines. Also ensure the clocks on both machines are set to the correct date and time. Your virtual system will be used to backup files from the host machine. Your setup should look like the following diagram. Once your setup is correct proceed to PART B.

PART B: Using rsync and cron to automate system backup: Login to vm01 as joker and open a terminal window. Then "su -" to root run the following two commands: mkdir /backup rsync -avz 192.168.122.1:/etc/ /backup/etc Still on vm01 run this command to verify rsync worked correctly: ls /backup/etc Notice that when running rsync you had to enter the password for root on f13. To automate this process so that it will run without requiring a password we'll use an RSA public/private key pair for passwordless authentication. To do this we'll have to generate an RSA public/private key pair on vm01. We'll use an openssh command like this: ssh-keygen -t rsa

when you enter this command just hit ENTER for all the questions. Here's what I got when I ran it on my vm01

Generating public/private rsa key pair. Enter file in which to save the key (/root/.ssh/id_rsa): Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /root/.ssh/id_rsa. Your public key has been saved in /root/.ssh/id_rsa.pub. The key fingerprint is: f5:07:8c:aa:b6:08:e0:45:81:ca:d6:88:8c:aa:1a:7b root@vm01@localdomain The key's randomart image is: +--[ RSA 2048]----+ | o+++ | | E .ooo.. | | ...o. | | ...o .| | .S+ + o.| | . = . o .| | o + | | o + | | . . | +-----------------+ Now you'll need to copy vm01's public rsa key over to f13. Still on vm01 use this command (be sure you have the /root/.ssh/ directory on f13 - if you don't then make it first): scp /root/.ssh/id_rsa.pub 192.168.122.1:/root/.ssh/authorized_keys2 Now verify that your new authentication method is working. Still on vm01 try to ssh to f13 as root. You should be able to login without entering a password. If you were successful then move on to the next step, otherwise repeat steps 3 and 4. Install mailx on vm01 if it's not already installed. Now, still as root on vm01, use the command 'crontab -e' to edit root's cron table. Insert the following line: 15 * * * * /usr/bin/rsync -avz 192.168.122.1:/etc/ /backup/etc At 15 minutes past the hour rsync should synchronize the /etc/ directory of f13 to the /backup/etc/ directory on vm01. If this time has passed and you don't want to wait an hour for the next time rsync runs, just edit root's cron table on vm01 and enter another time for the backup to take place. You should convince yourself that /etc/ is being backed up by adding some file (say 'touch /etc/junk' on f13) to /etc and then see if it was indeed copied to vm01. After the cron job runs, root on vm01 should have received an email containing the output of the cron job. Verify this by using the mail command to check root's mail on vm01. Finally, edit root's cron table on vm01 and add another record to backup the /home directory of f13 to /backup on vm01 once each week at 2am on Saturday. PART C: Using syslog to route log files to a remote host: On your host machine (f13) edit /etc/rsyslog.conf and make the following change: change #*.* @@remote-host:514 to *.* @@192.168.122.xxx:514 where xxx is the IP of vm01 (your logging machine)

Now restart your rsyslog service (service rsyslog restart). Go back on to vm01 and edit /etc/rsyslog.conf and make the following change: change these two lines #$ModLoad imtcp.so #$InputTCPServerRun 514 to $ModLoad imtcp.so $InputTCPServerRun 514 Still on vm01, restart syslog. NOTE: At this point you should use iptables to open up tcp port 514 on vm01. Now go back onto f13 and use the logger command to verify logging messages are getting through to vm01. Try this command logger -p user.warn "Hello World" Use the command "tail /var/log/messages" on vm01 to view the results of the previous step. PART D: Answer the following questions and and email them to your teacher in ASCII text format.

What is your full name and 9-digit Seneca student ID? Show the RSA public key generated on vm01. i.e. the file called id_rsa.pub. Explain the meaning of the -avz options on the rsync command. What did root's cron table on vm01 look like after step 11 of PART B? What were the last two lines of the email sent to root upon completion of the cron job in PART B step 10? What was shown in PART C step 6? What is the output of the iptables-save command on vm01 at the end of this lab?