1,234
edits
Changes
no edit summary
{{Admon/caution|DO NOT USE THIS VERSION OF THE COURSE. This page will no longer be updated.|'''Debian version here:''' https://seneca-ictoer.github.io/OPS245
<br>'''CentOS version here:''' https://seneca-ictoer.github.io/OPS245-C7<br>'''Andrew's version here:''' http://wiki.littlesvr.ca/wiki/OPS245_Lab_4}}
=LAB PREPARATION=
{| width="40%" align="right" cellpadding="10"
Many students may think that the following topic is small and "not a big deal". Those students may say, '''"How hard is running and stopping services?"'''
The process may not be hard, but knowing how to stop, start, restart and check the status of services is absolutely critical to a Linux server. '''Aside from learning to trouble-shoot problems''' by checking the status of running services, '''understanding how to manage services is critical to help protect a Linux server from penetration''' (this term is referred to as "'''Hardening a system'''"). Sometimes it is "what we don't know" that can harm us. One key element in hardening a computer system is to disable non essential networkng services to allow IDSs ('''Intrusion Detection Systems''') to focus on a narrower range of policy violations. A Debian-based penetration testing distribution called '''Kali''' (formerly referred to as '''"BackTraxBackTrack"''') allows sysadmins and security professionals to identify vulnerabilities in their computer systems, and thus improve (harden) their systems against penetration. Learning to monitor the status, enable and disable networking services underlies the '''BacktraxBacktrack''' motto: '''''"The quieter you are, then more you will hear..."'''''<br><br>
<u>Main Objectives</u>:
[http://archive.linuxfromscratch.org/blfs-museum/1.0/BLFS-1.0/postlfs/skel.html /etc/skel]<br>
[http://zenit.senecac.on.ca/wiki/index.php/Init_vs_systemd init vs systemd]
<br><br>
Python Reference<br />
[https://docs.python.org/3/howto/argparse.html argparse]
|}
# View the contents of the '''/home''' directory. Was the home directory for user '''ops245_2''' removed?
# Issue the following command to remove ops245_2's home directory: <b><code><span style="color:#3366CC;font-size:1.2em;">sudo rm -rf /home/ops245_2</span></code></b>
# Issue the '''userdel''' comamnd command to remove the '''ops245_1''' account with , but this time include the '''-r option''' (and to also remove the home directory regardless if it exists or not).
# Issue the useradd -m command to recreate the user called: '''ops245_1'''.
# Use the '''passwd''' command to set the password for the user '''ops245_1'''.
# View the <u>contents</u> for '''ops245_2's home directory''' and note the files. What do you notice that is different. What do you think is the purpose of the '''/etc/skel''' directory?
# Be sure to record your observations in your lab notes.
#Issue Look in the man pages for the '''useradd''' command. Explain the purpose of using the '''-e''' option for the ''useradd'' command.#Issue the following command: <b><code><span style="color:#3366CC;font-size:1.2em;">sudo chage -E 20212024-12-31 ops245_1</span></code></b>
#Issue the following command: <b><code><span style="color:#3366CC;font-size:1.2em;">sudo usermod -c "New Name" ops245_2</span></code></b>.
#View ops245_2's account information in the '''/etc/passwd''' file. What do you notice is different?
<ol>
<li>View (but do not edit) the contents of '''/etc/suduoerssudoers'''. Search for your user account. You won't find them.</li><li>Check the contents of '''/etc/passwd ''' and '''/etc/group ''' for entries with your user account. Is there anything different between your account and '''ops245_1'''?</li><li>You should find that your user is part of a secondary group. What group is it? Are they part of that group on '''centos3'''?</li><li>The '''wheel''' group represents administrators with complete sudo privileges. Go back to '''/etc/sudoers ''' and read the entry for '''wheel'''. It should look something like this:<br />
<b><code><span style="color:#3366CC;font-size:1.2em;">%wheel ALL=(ALL) ALL</span></code></b><br />
::This means that anyone who is part of that group can run ''any'' command, as ''any'' user. Effectively, they can use sudo to be root.
</li>
<li>During the lecture, you should have learned some reasons to limit access to the actual root account, and why using sudo is a better practice. Record your observations.</li>
<li>On centos3, add your user to '''wheel ''' as a secondary group so you can use sudo the same way there that you can on your other machines.</li>
</ol>
::That account still can't. Sudo entries only affect the users and groups listed.</li>
<li>We don't want '''ops245_2''' to manage services, that's a job for '''ops245_1''', but we do want them to manage user accounts. So log back in as your regular user and create a sudeors file for '''ops245_2''' and set it so that they can run the useradd, usermod, userdel, groupadd, groupmod, and groupdel commands through sudo.</li>
<b><code><span style="color:#3366CC;font-size:1.2em;">
ops245_2 ALL=(ALL) /usr/sbin/useradd<br />
ops245_2 ALL=(ALL) /usr/sbin/usermod<br />
ops245_2 ALL=(ALL) /usr/sbin/userdel<br />
ops245_2 ALL=(ALL) /usr/sbin/groupadd<br />
ops245_2 ALL=(ALL) /usr/sbin/groupmod<br />
ops245_2 ALL=(ALL) /usr/sbin/groupdel<br />
</span></code></b>
<li>Test to make sure it works.</li>
</ol>
Running Linux servers in graphical mode can make the server vulnerable to penetration (i.e. a potential break-in to the server from unauthorized intruders). The X-windows framework can be vulnerable to attacks when these servers are connected to the Internet. This is why when you install '''server versions''' of Linux, they work in text-based mode only. Desktop versions of Linux are then installed on workstations (working in graphical mode) that connect to the '''Linux server''' (for security reasons since those servers are closest to the router and the Internet).
The Linux sysadmin can also change the run-level target (or state) of a graphical Linux server to run in text-based mode and run the graphical mode by issuing a command when graphic mode is required. The You may also encounter this capability described as run-level levels, but that term is now deprecated in Fedora/RHEL/CentOS, but for now you will still encounter this terminology in industry.
{| width="50%" align="right" cellpadding="10"
|- valign="top"
# Remain in your '''centos1''' VM for this section.
# Issue the following Linux command: <b><code><span style="color:#3366CC;font-size:1.2em;">systemctl get-default</span></code></b><br><br>'''Note:''' The output should read '''graphical.target'''
# Try the same command on your '''centos3''' VM and observe how the output differs. Go back to your '''centos3centos1''' VM.# You can use the '''systemctl isolate''' command to change the current run-leveltarget. See a list of runlevels targets [https://www.centos.org/docs/5/html/5.2/Installation_Guide/s2-init-boot-shutdown-rl.html here].# Change the current run-level target in '''centos1''' to '''multi-user.target''' by issuing the following command:<br><b><code><span style="color:#3366CC;font-size:1.2em;">sudo systemctl isolate multi-user.target</span></code></b>
# What did you notice?
# Reboot your '''centos1''' VM. It should return to the graphical login screen. You should notice at this point that the command '''systemctl isolate''' did not change the default target the system will boot to.
# Issue the <b><code><span style="color:#3366CC;font-size:1.2em;">sudo systemctl set-default multi-user.target</span></code></b> command (with elevated permissions) to change the current defatult run-level default target in '''centos1''' to '''multi-user.target''', then reboot your machine. What do you notice?
# Change the current run-level in '''centos1''' to '''graphical.target''' by issuing the following command:<br><b><code><span style="color:#3366CC;font-size:1.2em;">sudo systemctl isolate graphical.target</span></code></b>
# Try to do the same thing to your '''centos3''' VM. Did it work? Why or why not?
'''Answer INVESTIGATION 3 observations / questions in your lab log book.'''
= INVESTIGATION 4: CREATING USERS VIA USING ARGUMENTS IN SHELL SCRIPTS=
===Using argparse to Obtain Positional Arguments from the Command Line===
:'''Perform the following steps:'''
'''Answer INVESTIGATION 4 observations / questions in your lab log book.'''
# Make certain that your '''c7host''', '''centos1''' and '''centos2''' VMs are running.
# Switch to your '''c7host''' VM.
# Open a shell terminal, enter a root session, and change to the your '''/root/bin''' directory.# Issue the Linux command: <b><code><span style="color:#3366CC;font-size:1.2em;">wget https://ictraw.githubusercontent.com/OPS245/labs/main/lab4-check.senecacollegebash</span></code></b><!--<br />For Andrew's sections use this script instead:<b><code><span style="color:#3366CC;font-size:1.ca2em;">wget http://~peterlittlesvr.callaghanca/ops245/labs/lab4-check-andrew.bash</span></code></b>-->
# Give the '''lab4-check.bash''' file execute permissions (for the file owner).
# Run the shell script and if any warnings, make fixes and re-run shell script until you receive "congratulations" message.
#Arrange proof of the following on the screen:<br><span style="color:green;font-size:1.5em;">✓</span> '''centos1''' VM:<blockquote><ul><li>Demonstrate that this VM 's current run-level is set to '''5'''.</ul></blockquote><span style="color:green;font-size:1.5em;">✓</span>'''c7host''' machine<blockquote><ul><li>Run the '''lab4-check.bash''' script (must have all <b><code><span style="color:#66cc00;border:thin solid black;font-size:1.2em;"> OK </span></code></b> messages)</li></ul></blockquote><span style="color:green;font-size:1.5em;">✓</span> '''Lab4''' log-book filled out.
#Take a screenshot of the proof in the previous step, and upload it , your tarchiver2.py script, your log book, and the file generated by '''lab4-check.bash''' to blackboard.
= Practice For Quizzes, Tests, Midterm & Final Exam =
# What is the difference between '''starting''' a service and '''enabling''' a service?
# Can a service be stopped and started by issuing just one command?
[[Category:OPS245]]