Difference between revisions of "OPS535 A1 201603"

From CDOT Wiki
Jump to: navigation, search
(Created page with "= Assignment 1= Due Date:October 31, 2016 == Required VMs == * Source Virtual Disk image: Download the virtual disk image here (c7min-ops535.qcow2.gz). 1. Create 3 new VMs...")
 
m (Network, firewall, and SELinux)
 
(13 intermediate revisions by 2 users not shown)
Line 1: Line 1:
 +
[[Category:OPS535]][[Category:rchan]]
 
= Assignment 1=
 
= Assignment 1=
Due Date:October 31, 2016
+
Due Date:July 5, 2018
  
 
== Required VMs ==
 
== Required VMs ==
* Source Virtual Disk image: Download the virtual disk image here (c7min-ops535.qcow2.gz).
+
* Source Virtual Disk image: Download the virtual disk image [https://scs.senecac.on.ca/~raymond.chan/ops535/asgms/c7min-ops535.qcow2.gz here (c7min-ops535.qcow2.gz)]. [https://scs.senecac.on.ca/~raymond.chan/ops535/asgms/c7min-ops535.qcow2.gz.md5 md5 sum for the virtual disk image] - please make sure the md5 sum of the virtual disk image matches the file given.
  
  
Line 10: Line 11:
 
2. Make sure that you have the client and server components for NFS, NIS, and DNS on the three new VMs. Install any missing software if they are not already installed as specified in the following paragraphs. The three VMs must provide support for local and network (using NIS) user accounts.  After a successful login, a network user should get the same execution environment all the time and be able to access all the files he/she had previously created on your network.
 
2. Make sure that you have the client and server components for NFS, NIS, and DNS on the three new VMs. Install any missing software if they are not already installed as specified in the following paragraphs. The three VMs must provide support for local and network (using NIS) user accounts.  After a successful login, a network user should get the same execution environment all the time and be able to access all the files he/she had previously created on your network.
  
3. Network Configuration, server setup, and configuration requirement:
+
== VM network configuration, server requirements ==
 +
===DNS Servers===
 +
*You need three DNS servers for this assignment: Primary, Caching-only, and Root Name server:
 +
** The Primary DNS (running on VM pri-dns, IP:192.168.x.53) is authoritative for your domain.
 +
** The Caching-only name server (running on co-nfs, IP: 192.168.x.153) which allows DNS queries only from hosts in your network. The firewall on your host should allow only this caching name server to send DNS queries to root name servers in the lab.
 +
** The Root Name server (running on VM rns-nis, IP: 192.168.x.253), which is authoritative for the root zone. You should create the root zone file from the information [[Domainreg|here]]. You could download the shell script [[Get-root-zone|here]] and run it on your system to generate the necessary resource records for the root zone. You need to add additional appropriate resource records to complete it. You will get 10% bonus mark if you run a root name server on a Raspberry Pi.
  
    DNS Servers:
+
===NFS Server - on VM co-nfs, (IP: 192.168.x.153)===
 +
* Create a directory called "/nethome" and use it for centrally hosting all network user's home directory.
 +
* Use the appropriate export option(s) (especially root_squash and no_root_squash) when exporting network users' home directory
 +
* Superuser on the other VMs should not have root privillage on the exported directory unless the remote machine is running the NIS server.
 +
* Network users should not have read or write access to other network users' home directory.
  
    You need three DNS servers for this assignment: Primary, Caching-only, and Root Name server:
+
===NIS Server - on VM rns-nis, (IP: 192.168.x.253)===
        The Primary DNS (running on VM pri-dns, IP:192.168.x.53) is authoritative for your domain.
+
* NIS Domain Name - [learn-id].nis, where [learn-id] is your matrix login account name.
        The Caching-only name server (running on co-nfs, IP: 192.168.x.153) which allows DNS queries only from hosts in your network. The firewall on your host should allow only this caching name server to send DNS queries to root name servers in the lab.
+
* Minimum user and group IDs - 5000
        The Root Name server (running on VM rns-nis, IP: 192.168.x.253), which is authoritative for the root zone. You should create the root zone file from the information here. You could download the shell script here and run it on your system to generate the necessary resource records for the root zone. You need to add additional appropriate resource records to complete it. You will get 10% bonus mark if you run a root name server on a Raspberry Pi.
+
* Please use NFS version 3 when mounting the nfs share folders
  
    NFS Server - on VM co-nfs, (IP: 192.168.x.153):
+
===Network, firewall, and SELinux===
        Create a directory called "/nethome" and use it for centrally hosting new network user's home directory
+
* Your host and all your VMs must be accessible from other machines (hosts and VMs) in the lab.
        Use the appropriate export option (especially root_squash and no_root_squash) when exporting network users' home directory
+
* Please test your network connectivity with at least one of your classmates to make sure you can connect your VMs to their VMs.
        Superuser on the other VMs should not have root privilage on the exported directory unless the remote machine is running the NIS server.
+
* Do not allow DNS queries from any machines in your network to any root name servers in the lab except your caching-only DNS server.
        Network users should not have read or write access to other network users' home directory.  
+
* SELinux must be turned on and run in enforcing mode on all of your VMs. You need to configure the runtime SELinux boolean accordingly.
 +
* These machines will use firewalld as their firewall.  Their interfaces should be placed in the 'work' zone, which should allow ssh traffic. Other than that it should only allow the traffic necessary to fulfil the roles described above.
  
    NIS Server - on VM rns-nis, (IP: 192.168.x.253):
+
== Test and evaluation ==
        NIS Domanin Name - [learn-id].nis, where [learn-id] is your matrix login account name.
 
        Minimum user and group IDs - 5000
 
        Network user's home directory : /neth/newuser for user called "newuser"
 
        Please use NFS version 3 when mounting the nfs share folders
 
  
    Network, firewall, and SELinux
+
Once all your three VMs for this assignment described above are up and running, you will be asked to perform any of the following activities:
        Your host and all your VMs must be accessible from other machines (hosts and VMs) in the lab.
+
* Add a new host entry to your DNS server, to provide both forward and reverse lookup queries.
        Please test your network connectivity with at least one of your classmates to make sure you can connect your VMs to their VMs.
+
* Add a new user to your NIS Domain
        Do not allow DNS queries from any machines in your network to any root name servers in the lab except your caching-only DNS server.
+
* Remove a user from your NIS Domain
        SELinux must be turned on and run in enforcing mode on all of your VMs. You need to configure the runtime SELinux boolen accordingly.
+
* Login to any one of the three VMs using the newly created network user account.
        You must turn on firewall on all machines and have the filter table rule drops or rejects any unwanted packets.
+
* Login to any one of your three VMs from any machines in the lab using the newly created network user account.
 +
* Troubleshoot NFS, NIS, DNS, RPC, and portmapper problems. For examples: server service not running, configuration file not setup properly or being corrupted, broken network connection, etc.
 +
* You may be asked to perform a reboot test
  
4. Once all the three VMs described above are up and running, you will be asked to perform any of the following activities:
+
== Grading ==
 +
===System configuration settings 40% of the assignment ===
 +
On the due date, you will be given a set of [https://scs.senecac.on.ca/~raymond.chan/ops535/1703/asgms/asgm1-scripts.html scripts], which should be run on each VM to collect server configuration information. The scripts will produce an evaluation report for you to upload to blackboard. The following information may be collected:
 +
* Network Settings
 +
* Services configuration
 +
* Firewall settings
 +
* Local user accounts
 +
* RPC Client services
 +
* Portmapper registry
 +
* etc...
  
Add a new host entry to your DNS server, to provide both forward and reverse lookup queries.
+
===Demonstration 60% of the assignment ===
 +
On the due date, your will be given 30 minutes to get your VMs up system to perform the activities mentioned in "Test and Evluation" section and perform a reboot test.
  
Add a new user to your NIS Domain
+
== Questions ==
 
+
If you have any questions about this assignment, please talk to your professor before the due date.
Remove a user from your NIS Domain
 
 
 
Login to any one of the three VMs using the newly created network user account.
 
 
 
Login to any one of your three VMs from any machines in the lab using the newly created network user account.
 
 
 
Troubleshoot NFS, NIS, DNS, RPC, and portmapper problems. For examples: server service not running, configuration file not setup properly or being corrupted, broken network connection, etc.
 
 
 
You may be asked to perform a reboot test
 
 
 
5. Grading
 
 
 
    System configuration settings:
 
        On the due date, you will be given a set of scripts, which should be run on each VM to collect server configuration information. The scripts will produce an evaluation report for you to upload to blackboard. The folling information may be collected:
 
            Network Settings
 
            Services configuration
 
            Firewall settings
 
            Local user accounts
 
            RPC Client services
 
            Portmapper registry
 
            etc...
 
        This part worth 40% of the assignment.
 
 
 
    Demonstration
 
        On the due date, your will be given 30 minutes to setup you system to perform the activities mentioned in paragraph 4 above and perform a reboot test.
 
 
 
        This part worth 60% of the assignment.
 
 
 
6. If you have any questions about this assignment, please talk to your professor before the due date.
 

Latest revision as of 13:20, 7 June 2018

Assignment 1

Due Date:July 5, 2018

Required VMs


1. Create 3 new VMs for this assignment and name the VMs as pri-dns, co-nfs, and rns-nis. After downloaded the file, compare the md5sum with this file to make sure that your downloaded file has not been corrupted. gunzip the downloaded file and make three identical copies (c7min-pri.qcow2, c7min-co.qcow2, and c7min-rns.qcow2) and attach each to the three new VMs.

2. Make sure that you have the client and server components for NFS, NIS, and DNS on the three new VMs. Install any missing software if they are not already installed as specified in the following paragraphs. The three VMs must provide support for local and network (using NIS) user accounts. After a successful login, a network user should get the same execution environment all the time and be able to access all the files he/she had previously created on your network.

VM network configuration, server requirements

DNS Servers

  • You need three DNS servers for this assignment: Primary, Caching-only, and Root Name server:
    • The Primary DNS (running on VM pri-dns, IP:192.168.x.53) is authoritative for your domain.
    • The Caching-only name server (running on co-nfs, IP: 192.168.x.153) which allows DNS queries only from hosts in your network. The firewall on your host should allow only this caching name server to send DNS queries to root name servers in the lab.
    • The Root Name server (running on VM rns-nis, IP: 192.168.x.253), which is authoritative for the root zone. You should create the root zone file from the information here. You could download the shell script here and run it on your system to generate the necessary resource records for the root zone. You need to add additional appropriate resource records to complete it. You will get 10% bonus mark if you run a root name server on a Raspberry Pi.

NFS Server - on VM co-nfs, (IP: 192.168.x.153)

  • Create a directory called "/nethome" and use it for centrally hosting all network user's home directory.
  • Use the appropriate export option(s) (especially root_squash and no_root_squash) when exporting network users' home directory
  • Superuser on the other VMs should not have root privillage on the exported directory unless the remote machine is running the NIS server.
  • Network users should not have read or write access to other network users' home directory.

NIS Server - on VM rns-nis, (IP: 192.168.x.253)

  • NIS Domain Name - [learn-id].nis, where [learn-id] is your matrix login account name.
  • Minimum user and group IDs - 5000
  • Please use NFS version 3 when mounting the nfs share folders

Network, firewall, and SELinux

  • Your host and all your VMs must be accessible from other machines (hosts and VMs) in the lab.
  • Please test your network connectivity with at least one of your classmates to make sure you can connect your VMs to their VMs.
  • Do not allow DNS queries from any machines in your network to any root name servers in the lab except your caching-only DNS server.
  • SELinux must be turned on and run in enforcing mode on all of your VMs. You need to configure the runtime SELinux boolean accordingly.
  • These machines will use firewalld as their firewall. Their interfaces should be placed in the 'work' zone, which should allow ssh traffic. Other than that it should only allow the traffic necessary to fulfil the roles described above.

Test and evaluation

Once all your three VMs for this assignment described above are up and running, you will be asked to perform any of the following activities:

  • Add a new host entry to your DNS server, to provide both forward and reverse lookup queries.
  • Add a new user to your NIS Domain
  • Remove a user from your NIS Domain
  • Login to any one of the three VMs using the newly created network user account.
  • Login to any one of your three VMs from any machines in the lab using the newly created network user account.
  • Troubleshoot NFS, NIS, DNS, RPC, and portmapper problems. For examples: server service not running, configuration file not setup properly or being corrupted, broken network connection, etc.
  • You may be asked to perform a reboot test

Grading

System configuration settings 40% of the assignment

On the due date, you will be given a set of scripts, which should be run on each VM to collect server configuration information. The scripts will produce an evaluation report for you to upload to blackboard. The following information may be collected:

  • Network Settings
  • Services configuration
  • Firewall settings
  • Local user accounts
  • RPC Client services
  • Portmapper registry
  • etc...

Demonstration 60% of the assignment

On the due date, your will be given 30 minutes to get your VMs up system to perform the activities mentioned in "Test and Evluation" section and perform a reboot test.

Questions

If you have any questions about this assignment, please talk to your professor before the due date.