1,234
edits
Changes
no edit summary
{{Admon/caution|DO NOT USE THIS VERSION OF THE COURSE. This page will no longer be updated.|'''Debian version here:''' https://seneca-ictoer.github.io/OPS245
<br>'''CentOS version here:''' https://seneca-ictoer.github.io/OPS245-C7<br>'''Andrew's version here:''' http://wiki.littlesvr.ca/wiki/OPS245_Lab_4}}
=LAB PREPARATION=
{| width="40%" align="right" cellpadding="10"
Many students may think that the following topic is small and "not a big deal". Those students may say, '''"How hard is running and stopping services?"'''
The process may not be hard, but knowing how to stop, start, restart and check the status of services is absolutely critical to a Linux server. '''Aside from learning to trouble-shoot problems''' by checking the status of running services, '''understanding how to manage services is critical to help protect a Linux server from penetration''' (this term is referred to as "'''Hardening a system'''"). Sometimes it is "what we don't know" that can harm us. One key element in hardening a computer system is to disable non essential networkng services to allow IDSs ('''Intrusion Detection Systems''') to focus on a narrower range of policy violations. A Debian-based penetration testing distribution called '''Kali''' (formerly referred to as '''"BackTraxBackTrack"''') allows sysadmins and security professionals to identify vulnerabilities in their computer systems, and thus improve (harden) their systems against penetration. Learning to monitor the status, enable and disable networking services underlies the '''BacktraxBacktrack''' motto: '''''"The quieter you are, then more you will hear..."'''''<br><br>
<u>Main Objectives</u>:
[http://archive.linuxfromscratch.org/blfs-museum/1.0/BLFS-1.0/postlfs/skel.html /etc/skel]<br>
[http://zenit.senecac.on.ca/wiki/index.php/Init_vs_systemd init vs systemd]
<br><br>
Python Reference<br />
[https://docs.python.org/3/howto/argparse.html argparse]
|}
# View the <u>contents</u> for '''ops245_2's home directory''' and note the files. What do you notice that is different. What do you think is the purpose of the '''/etc/skel''' directory?
# Be sure to record your observations in your lab notes.
#Issue Look in the man pages for the '''useradd''' command. Explain the purpose of using the '''-e''' option for the ''useradd'' command.#Issue the following command: <b><code><span style="color:#3366CC;font-size:1.2em;">sudo chage -E 20212024-12-31 ops245_1</span></code></b>
#Issue the following command: <b><code><span style="color:#3366CC;font-size:1.2em;">sudo usermod -c "New Name" ops245_2</span></code></b>.
#View ops245_2's account information in the '''/etc/passwd''' file. What do you notice is different?
<ol>
<li>View (but do not edit) the contents of '''/etc/sudoers'''. Search for your user account. You won't find them.</li><li>Check the contents of '''/etc/passwd ''' and '''/etc/group ''' for entries with your user account. Is there anything different between your account and '''ops245_1'''?</li><li>You should find that your user is part of a secondary group. What group is it? Are they part of that group on '''centos3'''?</li><li>The '''wheel''' group represents administrators with complete sudo privileges. Go back to '''/etc/sudoers ''' and read the entry for '''wheel'''. It should look something like this:<br />
<b><code><span style="color:#3366CC;font-size:1.2em;">%wheel ALL=(ALL) ALL</span></code></b><br />
::This means that anyone who is part of that group can run ''any'' command, as ''any'' user. Effectively, they can use sudo to be root.
</li>
<li>During the lecture, you should have learned some reasons to limit access to the actual root account, and why using sudo is a better practice. Record your observations.</li>
<li>On centos3, add your user to '''wheel ''' as a secondary group so you can use sudo the same way there that you can on your other machines.</li>
</ol>
::That account still can't. Sudo entries only affect the users and groups listed.</li>
<li>We don't want '''ops245_2''' to manage services, that's a job for '''ops245_1''', but we do want them to manage user accounts. So log back in as your regular user and create a sudeors file for '''ops245_2''' and set it so that they can run the useradd, usermod, userdel, groupadd, groupmod, and groupdel commands through sudo.</li>
<b><code><span style="color:#3366CC;font-size:1.2em;">
ops245_2 ALL=(ALL) /usr/sbin/useradd<br />
ops245_2 ALL=(ALL) /usr/sbin/usermod<br />
ops245_2 ALL=(ALL) /usr/sbin/userdel<br />
ops245_2 ALL=(ALL) /usr/sbin/groupadd<br />
ops245_2 ALL=(ALL) /usr/sbin/groupmod<br />
ops245_2 ALL=(ALL) /usr/sbin/groupdel<br />
</span></code></b>
<li>Test to make sure it works.</li>
</ol>
# Remain in your '''centos1''' VM for this section.
# Issue the following Linux command: <b><code><span style="color:#3366CC;font-size:1.2em;">systemctl get-default</span></code></b><br><br>'''Note:''' The output should read '''graphical.target'''
# Try the same command on your '''centos3''' VM and observe how the output differs. Go back to your '''centos3centos1''' VM.
# You can use the '''systemctl isolate''' command to change the current target. See a list of targets [https://www.centos.org/docs/5/html/5.2/Installation_Guide/s2-init-boot-shutdown-rl.html here].
# Change the current target in '''centos1''' to '''multi-user.target''' by issuing the following command:<br><b><code><span style="color:#3366CC;font-size:1.2em;">sudo systemctl isolate multi-user.target</span></code></b>
'''Answer INVESTIGATION 3 observations / questions in your lab log book.'''
= INVESTIGATION 4: CREATING USERS VIA USING ARGUMENTS IN SHELL SCRIPTS=
===Using argparse to Obtain Positional Arguments from the Command Line===
:'''Perform the following steps:'''
'''Answer INVESTIGATION 4 observations / questions in your lab log book.'''
# Make certain that your '''c7host''', '''centos1''' and '''centos2''' VMs are running.
# Switch to your '''c7host''' VM.
# Open a shell terminal, enter a root session, and change to the your '''/root/bin''' directory.# Issue the Linux command: <b><code><span style="color:#3366CC;font-size:1.2em;">wget https://ictraw.githubusercontent.com/OPS245/labs/main/lab4-check.senecacollegebash</span></code></b><!--<br />For Andrew's sections use this script instead:<b><code><span style="color:#3366CC;font-size:1.ca2em;">wget http://~peterlittlesvr.callaghanca/ops245/labs/lab4-check-andrew.bash</span></code></b>-->
# Give the '''lab4-check.bash''' file execute permissions (for the file owner).
# Run the shell script and if any warnings, make fixes and re-run shell script until you receive "congratulations" message.
#Arrange proof of the following on the screen:<br><span style="color:green;font-size:1.5em;">✓</span> '''centos1''' VM:<blockquote><ul><li>Demonstrate that this VM 's current run-level is set to '''5'''.</ul></blockquote><span style="color:green;font-size:1.5em;">✓</span>'''c7host''' machine<blockquote><ul><li>Run the '''lab4-check.bash''' script (must have all <b><code><span style="color:#66cc00;border:thin solid black;font-size:1.2em;"> OK </span></code></b> messages)</li></ul></blockquote><span style="color:green;font-size:1.5em;">✓</span> '''Lab4''' log-book filled out.
#Take a screenshot of the proof in the previous step, and upload it, your tarchiver2.py script, your log book, and the file generated by '''lab4-check.bash''' to blackboard.
= Practice For Quizzes, Tests, Midterm & Final Exam =
# What is the difference between '''starting''' a service and '''enabling''' a service?
# Can a service be stopped and started by issuing just one command?
[[Category:OPS245]]