Changes

OPS245 Lab 7

1,309 bytes added, 23:31, 8 May 2022

Changes Lab Check URL script to GitHub and fixes broken VPN instruction URL.

:'''Perform the following steps:'''

Some tasks in this part of the investigation '''require you to be connected to Seneca's VPN'''.

*If you are running your installation through VMWare, then you can use [https://students.senecacollege.ca/spaces/186/it-services/wiki/view/1025/student-vpn the instructions provided by ITS] to connect to it from your Windows machine (your c7host and its nested VMs will use the VPN through the windows machine without further configuration).

*If you installed your c7host '''directly onto a machine without using VMWare''' as an intermediary (or the steps above do not work for you), use the following instructions:

::*Install the package openconnect

::*Run the following command as root (or with sudo): openconnect --protocol=gp studentvpn.senecacollege.ca -b

::*This should prompt you for your username and password (you could also put the user name in the command with -p)

::*You'll know it is working if you check your ip address and see something in the 10.0.0.0/8 range.

::*To disconnect, as root (or with sudo): killall openconnect

Once you have connected to the VPN with either method you may continue

# Launch your '''c7host machine''' and your '''centos1''' and '''centos3''' VMs.

# Switch to your '''c7host''' VM.

# Create a file in your current directory of your c7host machine with some text in it called: '''myfile.txt'''

# ~~Ensure you've successfully connected to the VPN required for Matrix (https://inside.senecacollege.ca/its/services/vpn/studentvpn.html). Then issue~~ Issue the following command (using your Matrix login id): <code>scp   myfile.txt   yourmatrixid@matrix.~~senecac.on~~senecacollege.ca:/home/yourmatrixid</code> (followed by your Matrix password) What did this command do?# Issue the following single command (arguments are separated by a space - use your Matrix login id): <code>ssh   yourmatrixid@matrix.~~senecac.on~~senecacollege.ca   ls /home/yourmatrixid/myfile.txt</code> (followed by your Matrix password) What did this command do? Issue the following Linux command: <code>ssh   yourmatrixid@matrix.~~senecac.on~~senecacollege.ca   cat /home/yourmatrixid/myfile.txt</code> How do these commands differ from using issuing the ssh command without the ls or cat command? How is this useful? The client ssh application contains the utlities: '''ssh''', '''scp''' and '''sftp''' (learned in ULI101) to connect to remote Linux servers in order to issue commands or transfer files between Linux servers. You can install the SSH service on your Linux server, although this has already been performed upon installation. We will now confirm that the ssh service is running on all of your VMs.

# OpenSSH should have been installed by default. Let's confirm this by issuing the command: <code>rpm -qa | grep ssh</code>

# You should see a number of packages installed including openssh-clients and openssh-server

Generating public/private rsa key pair.

Enter file in which to save the key (/home/~~ops245~~yoursenecaid/.ssh/id_rsa):

Enter passphrase (empty for no passphrase):

Enter passphrase again:

Your public key has been saved in /home/~~ops245~~yoursenecaid/.ssh/id_rsa.pub.

The key fingerprint is:

ef:de:31:67:f7:15:a4:43:39:15:5d:78:1b:e8:97:74 ~~ops245~~yoursenecaid@~~centos3~~centos2

The key's randomart image is:

+--[ RSA 2048]----+

# Delete the rule in the INPUT chain that allows ICMP traffic from anyone, and replace it with one that only allows ssh traffic sent by your other machine.

# Delete the rule in your '''INPUT''' and '''FORWARD''' chains that '''REJECT'''s any traffic you haven't '''ACCEPT''ed. You are better protected by the default '''DROP''' policy you set.

#To make the iptables rules '''persistent''' (i.e. keeps rules when system restarts), you issue the command: <code>sudo iptables-save > /etc/sysconfig/iptables</code>(read the next step)#You will notice that even when running the command with sudo, it isn't letting you write to <code>/etc/sysconfig/iptables</code>. Use <code>sudo -i</code>, then try to save them again. When done, log out of root user (exit sudo).

# Verify that the file '''/etc/sysconfig/iptables''' exists.

# Restart your iptables service and test your configuration.

# Restart the libvirtd service, and note the rules it adds to your iptables. It will do this automatically every time it starts.

# Make certain ALL of your VMs are running.

# Switch to your '''c7host''' VM and change to your user's '''bin''' directory.

# Issue the Linux command: <code>wget https://~~ict~~raw.~~senecacollege~~githubusercontent.cacom/~~~peter.callaghan~~OPS245/~~ops245~~labs/~~labs~~main/lab7-check.bash</code>

# Give the '''lab7-check.bash''' file execute permissions (for the file owner).

# Run the shell script and if there are any warnings, make fixes and re-run shell script until you receive "congratulations" message.

#Arrange proof of the following on the screen: <blockquote>✓ '''centos2''' VM:<blockquote><ul><li>have logged into centos3 VM using '''public key authentication''' (with a pass-phrase)</li></ul></blockquote>✓ '''c7host''' Machine:<blockquote><ul><li>have tunneled Xwindows application from '''centos1''' via ssh</li><li>Run the '''lab7-check.bash''' script in front of your instructor (must have all <code> OK </code> messages)</li></ul></blockquote>✓ '''Lab7''' log-book filled out.

#Upload a screenshot of proof from the previous step, along with your logbook, and the file generated by '''lab7-check.bash'''.

= Practice For Quizzes, Tests, Midterm & Final Exam =

Chris.johnson

Bureaucrats, Administrators

1,576

edits

Changes

OPS245 Lab 7

Navigation menu

Personal tools

Namespaces

Variants

Views

More

Search

Navigation

get involved with CDOT

courses

course projects

links

Tools