1,576
edits
Changes
no edit summary
[[Category:OPS235]]
{{Admon/caution|THIS IS AN OLD VERSION OF THE LAB|'''This is an archived version. Do not use this in your OPS235 course.'''}}
=LAB PREPARATION=
=LAB PREPARATION=Purpose / Objectives of Lab 4=={| width="40%" align="right" cellpadding="10"|- valign="top"|[[Image:users.png|thumb|right|150px|System administrators are required to add, remove and modify user accounts.]]|[[Image:on-off.png|thumb|right|135px|In order to perform maintenance, system administrators need to know how to stop and start services for a Linux system. ]]|}
There are many other tasks that a Linux system administrator must perform other than installing Linux and installing software.
<u>Main objectivesObjectives</u>:
<br>
:* Administer '''(add, remove, modify) users''' on a Linux system.
:* '''Start and Stop services''' on a Linux system.
:* Display the '''status of running services''' on a Linux system.
'''Answer the Part 4 observations / questions in your lab log book.'''
=INVESTIGATION 2: Managing System Services and Run-levels=
Many students may think that the following topic is small and "not a big deal". Those students may say, '''"How hard is running and stopping services?"'''
The process may not be hard, but knowing how to stop, start, restart and check the status of services is absolutely critical to a Linux server. '''Aside from learning to trouble-shoot problems''' by checking the status of running services, '''understanding how to manage services is critical to help protect a Linux server from penetration''' (this term is referred to as "'''Hardening a system'''"). Sometimes it is "what we don't know" that can harm us. One key element in hardening a computer system is to disable non essential networkng services to allow IDSs ('''Intrusion Detection Systems''') to focus on a narrower range of policy violations. A Debian-based penetration testing distribution called '''Kali ''' (formerly referred to as '''"BackTrax"''') allows sysadmins and security professionals to identify vulnerabilities in their computer systems, and thus improve (harden) their systems against penetration. Learning to monitor the status, enable and disable networking services underlies the '''Backtrax''' motto:<br><br>'''''"The quieter you are, then more you will hear..."'''''<br><br>
=== Part 1: How do we Manage System Services? ===
We have seen that maintaining unneeded '''packages can be a security risk''' due to the unnecessary increase in the complexity of your system. Similarly, it is also unnecessarily hazardous, and even more so, to leave unneeded services running. In this investigation, we will learn how to '''control services, and turn off those services that we think are not necessary to help reduce security risks'''.}}
#Use your '''centos2''' VM for this part.
<li>Note the services that are currently running.</li>
<li>Use the command <b><code><span style="color:#3366CC;font-size:1.2em;">service iptables stop</span></code></b> to stop the service named '''iptables'''</li>
<li>Run a command to verify that the '''iptables''' service has stopped.</libr> <libr>A newer method of managing services '''NOTE:''' Although the service command seems to work, it is by using <u>'''systemddeprecated'''</u> (i.e. "out-dated:). It has been replaced by using the ability [http://zenit.senecac.on.ca/wiki/index.php/Init_vs_systemd#systemd_Command_Usage systemctl] command. This is a command based upon a newer method of starting and managing system services called [http://zenit.senecac.on.ca/wiki/index.php/Init_vs_systemd systemd] (which replaces init - the "initialization table"). This method allows services to manage dependent service in parallel and allow one run more independently of each other, so that a service to may be stopped without disrupting the other dependent servicesto be stopped as well. Here <br><br>The most common '''systemctl''' commands are shown below (it is a link that briefly explains how optional to use include the filename extension '''.service''' after the service-name):<ul><li><span style="font-family:courier;font-size:1.2em;font-weight:bold;">'''systemdsystemctl list-units --all''' </span> (as opposed get a listing of all service names. Can pipe to grep to tradition methodlist service you are interested in)</li><li><span style="font-family:courier;font-size:1.2em;font-weight: bold;">'''systemctl status service-name'init''</span> (Confirm status of a service - running or not-running) and the </li><li><span style="font-family:courier;font-size:1.2em;font-weight:bold;">'''systemctlstop service-name''' command</span> (stop a service)</li><li><span style="font-family:courier;font-size: [http1.2em;font-weight:bold;">'''systemctl start service-name'''</span> (start a service)</zenitli><li><span style="font-family:courier;font-size:1.senecac2em;font-weight:bold;">'''systemctl restart service-name'''</span> (restart a service)</li><li><span style="font-family:courier;font-size:1.on2em;font-weight:bold;">'''systemctl enable service-name'''</span> (enable service so service runs upon system startup)</li><li><span style="font-family:courier;font-size:1.ca2em;font-weight:bold;">'''systemctl disable service-name'''</wikispan> (disable service so it does NOT run upon system startup)<br><br></index.phpli></Init_vs_systemd init vs systemd]ul></li> <li>If you reboot now - the iptables service will be turned back on. We don't want it on though, it causes students headaches. <br>To turn it off permanently we need to use the '''chkconfigsystemctl''' command:<br><b><code><span style="color:#3366CC;font-size:1.2em;">chkconfig systemctl disable iptables off</span></code></b><br>(the '''chkconfig''' command used to be the way to enble/disable services, but is now deprecated).</li> <li>Use the '''systemctl''' command (from the link above - showing examples) to verify that the '''iptables''' service is off no longer running ('''hint:''' issue command, and pipe to grep "'''iptables'''").
<li>Reboot and confirm that it's no longer running.</li>
</ol>
'''Answer Part 1 observations / questions in your lab log book.'''
===Part 2: How do we Manage Runlevels?===
|- valign="top"
|
{{Admon/tip|Bash Shell Scripting Tips:|<br><ul><li>'''The case statement:'''<br><br>The case statement is a control-flow statement that works in a similar way as the if-elif-else statement (but is more concise). This statement presents scenerios or "cases" based on values or regular expressions (not ranges of values like if-elif-else statements). After action(s) are taken for a particular scenerio (or "case"), a break statement (''';;''') is used to "break-out" of the statement (and not perform other actions). A default case (*) is also used to catch exceptions.<br><br><u>'''Examples (try in shell script):'''</u><br><br>''read -p "pick a door (1 or 2): " pick<br>case $pick in<br> 1) echo "You win a car!" ;;<br> 2) echo "You win a bag of dirt!" ;;<br> *) echo "Not a valid entry"<br> exit 1 ;;<br>esac''<br><br>''read -p "enter a single digit: " digit<br>case $digit in<br> [0-9]) echo "Your single digit is: $digit" ;;<br> *) echo "not a valid single digit"<br> exit 1 ;;<br>esac''<br><br></li><li>'''The getopts function:'''<br><br></li></ul>The getopts function allows the shell scripter to create scripts that accept options (like options for Linux commands). This provides the Linux administrator with scripts that provide more flexibility and versatility. A built-in function called '''getopts''' (i.e. get command options) is used in conjunction with a '''while''' loop and a '''case''' statement to carry out actions based on if certain options are present when the shell script is run. The variable '''$OPTARG''' can be used if an option accepts text (denoted in the getopts function with an option letter followed by a colon. Case statement exceptions use the ''':)''' and '''\?)''' cases for error handling.<br><br>'''<u>Example of getopts</u>''' (try in script and run with options)<br><br>''while getopts abc: name<br>do<br> case $name in<br> a) echo "Action for option \"a\"" ;;<br> b) echo "Action for option \"b\"" ;;<br> c) echo "Action for option \"c\""<br> echo Value is: $OPTARG" ;;<br> :) echo "Error: You need text after -c option"<br> exit 1 ;;<br> \?) echo "Error: Incorrect option"<br> exit 1 ;;<br>esac''<br>done<br><br>}}
|}
#You will be using your '''c7host''' machine for this section.
#Download, study, and run the following shell script. Issue the command:<br><b><code><span style=" pointer-events:none;cursor:default;color:#3366CC;font-size:1.2em;">wget https://scs.senecac.on.ca/~murray.saul/user-create.bash</span></code></b>
#Try to understand what these Bash Shell scripts do, and then run the script as root. After running the shell script, view the contents of the '''/home''' directory to confirm.
# createUsers.bash<br>
# Purpose: Generates a batch of user accounts (user data stored in a text file)<br>
#<br># USAGE:<br>#<br># /root/createUsers.bash [-i {input-path}] <br>
#<br>
# Author: *** INSERT YOUR NAME ***<br>
for x<br>
do<br>
userPassWd=$(date | md5sum | cut -d" " -f1)<br> useradd -m -c "$(echo $x | cut -d":" -f2 | sed 's/+/ /g')" -p $(date | md5sum | cut -d" " -f1) userPassWd $(echo $x | cut -d":" -f1)<br>
mail -s "Server Account Information" $(echo $x | cut -d":" -f3) <<+<br>
Here is your server account information:<br>
servername: myserver.senecac.on.ca<br>
username: $(echo $x | cut -d":" -f1)<br>
password: $(date | md5sum | cut -d" " -f1)userPassWd<br>
Regards,<br>
IT Department<br>
= LAB 4 SIGN-OFF (SHOW INSTRUCTOR) =
{{Admon/important|Time for a new backup!|If you have successfully completed this lab, make a new backup of your virtual machinesas well as your host machine. Remember to also make a backup of the new second virtual disk drive on ''centos1'' -- you now have two virtual disks on ''centos1'', and therefore two image files, and therefore will need two backup files.|}}
'''Arrange proof of the following on the screen:'''
= Preparing for the = Practice For Quizzes , Tests, Midterm & Final Exam ==
# Describe all of the field in <code>'''/etc/passwd'''</code>
