Open main menu

CDOT Wiki β

Changes

OPS245 Lab 4

813 bytes added, 9 March
no edit summary
{{Admon/caution|DO NOT USE THIS VERSION OF THE COURSE. This page will no longer be updated.|'''Debian version here:''' https://seneca-ictoer.github.io/OPS245
<br>'''CentOS version here:''' https://seneca-ictoer.github.io/OPS245-C7<br>'''Andrew's version here:''' http://wiki.littlesvr.ca/wiki/OPS245_Lab_4}}
=LAB PREPARATION=
{| width="40%" align="right" cellpadding="10"
Many students may think that the following topic is small and "not a big deal". Those students may say, '''"How hard is running and stopping services?"'''
The process may not be hard, but knowing how to stop, start, restart and check the status of services is absolutely critical to a Linux server. '''Aside from learning to trouble-shoot problems''' by checking the status of running services, '''understanding how to manage services is critical to help protect a Linux server from penetration''' (this term is referred to as "'''Hardening a system'''"). Sometimes it is "what we don't know" that can harm us. One key element in hardening a computer system is to disable non essential networkng services to allow IDSs ('''Intrusion Detection Systems''') to focus on a narrower range of policy violations. A Debian-based penetration testing distribution called '''Kali''' (formerly referred to as '''"BackTraxBackTrack"''') allows sysadmins and security professionals to identify vulnerabilities in their computer systems, and thus improve (harden) their systems against penetration. Learning to monitor the status, enable and disable networking services underlies the '''BacktraxBacktrack''' motto: '''''"The quieter you are, then more you will hear..."'''''<br><br>
<u>Main Objectives</u>:
# Be sure to record your observations in your lab notes.
#Look in the man pages for the '''useradd''' command. Explain the purpose of using the '''-e''' option for the ''useradd'' command.
#Issue the following command: <b><code><span style="color:#3366CC;font-size:1.2em;">sudo chage -E 20212024-12-31 ops245_1</span></code></b>
#Issue the following command: <b><code><span style="color:#3366CC;font-size:1.2em;">sudo usermod -c "New Name" ops245_2</span></code></b>.
#View ops245_2's account information in the '''/etc/passwd''' file. What do you notice is different?
::That account still can't. Sudo entries only affect the users and groups listed.</li>
<li>We don't want '''ops245_2''' to manage services, that's a job for '''ops245_1''', but we do want them to manage user accounts. So log back in as your regular user and create a sudeors file for '''ops245_2''' and set it so that they can run the useradd, usermod, userdel, groupadd, groupmod, and groupdel commands through sudo.</li>
<b><code><span style="color:#3366CC;font-size:1.2em;">
ops245_2 ALL=(ALL) /usr/sbin/useradd<br />
ops245_2 ALL=(ALL) /usr/sbin/usermod<br />
ops245_2 ALL=(ALL) /usr/sbin/userdel<br />
ops245_2 ALL=(ALL) /usr/sbin/groupadd<br />
ops245_2 ALL=(ALL) /usr/sbin/groupmod<br />
ops245_2 ALL=(ALL) /usr/sbin/groupdel<br />
</span></code></b>
<li>Test to make sure it works.</li>
</ol>
# Remain in your '''centos1''' VM for this section.
# Issue the following Linux command: <b><code><span style="color:#3366CC;font-size:1.2em;">systemctl get-default</span></code></b><br><br>'''Note:''' The output should read '''graphical.target'''
# Try the same command on your '''centos3''' VM and observe how the output differs. Go back to your '''centos3centos1''' VM.
# You can use the '''systemctl isolate''' command to change the current target. See a list of targets [https://www.centos.org/docs/5/html/5.2/Installation_Guide/s2-init-boot-shutdown-rl.html here].
# Change the current target in '''centos1''' to '''multi-user.target''' by issuing the following command:<br><b><code><span style="color:#3366CC;font-size:1.2em;">sudo systemctl isolate multi-user.target</span></code></b>
<li>Try using your script to make another archived copy of /tmp, this time calling it '''secondtmp.tar'''.<br />
If you didn't provide secondtmp.tar on the command line when you ran the command, you'll notice that your script complained. Try running:<br />
<code>tarchivertarchiver2.py secondtmp.tar</code></li>
<li>You should still be getting prompted about the directory you want to archive, and whether or not you want compression, but you are now telling the script that the created archive should be called secondtmp.tar.</li>
<li>Run the script again, but this time give the archive a different name of your own choice. Your script is part way to being automatable: the user can set the name of the created archive before the script runs. We just need to make this possible for the rest of the required data.</li>
# Make certain that your '''c7host''', '''centos1''' and '''centos2''' VMs are running.
# Switch to your '''c7host''' VM.
# Open a shell terminal, enter a root session, and change to the your '''/root/bin''' directory.# Issue the Linux command: <b><code><span style="color:#3366CC;font-size:1.2em;">wget https://ictraw.githubusercontent.com/OPS245/labs/main/lab4-check.bash</span></code></b><!--<br />For Andrew's sections use this script instead:<b><code><span style="color:#3366CC;font-size:1.senecacollege2em;">wget http://littlesvr.ca/~ops245/labs/lab4-check-andrew.bash</span></code></b>-->
# Give the '''lab4-check.bash''' file execute permissions (for the file owner).
# Run the shell script and if any warnings, make fixes and re-run shell script until you receive "congratulations" message.
Retrieved from "https://wiki.cdot.senecapolytechnic.ca/wiki/Special:MobileDiff/156286...160911"