1,576
edits
Changes
no edit summary
Normally, the shell environment will ask you for your account password as an extra security precaution when using sudo. However, cloud-based Linux VMs typically have ''password-less sudo access''. The idea is that identity management and security is handled by the cloud infrastructure. We'll explore that in detail later in the course.
[[Image:Ops705_lab2_fig1.png|thumb|right|350px|Figure 1. : Example commands with sudo.]]
Run the following commands:
# <code> whoami </code>
Notice that your command prompt has immediately changed. It no longer prints out your username at the beginning of each line, but the name of the '''root''' account. This is a good visual aid to let you know how you're logged in.
[[Image:Ops705_lab2_fig2.png|thumb|right|350px|Figure 2. : Example commands as root.]]
Run the same commands from the sudo subsection:
# <code> whoami </code>
As mentioned in the Week 2 lecture, keeping your Linux system up to date is an incredibly important task and must be done regularly. You are the administrator of this system, you must keep it running well. While updating is a graded part of this lab, you should run the command again regularly to check for new updates while you continue to work with this virtual machine over the next several week..
[[Image:Ops705_lab2_fig3.png|thumb|right|500px|Figure 3. : A yum update in progress.]]
Run the command to update CentOS: <code>sudo yum update</code>
== Part 1: Replacing ''firewalld'' with ''iptables'' ==
[[Image:Ops705_lab2_fig16.png|thumb|right|500px|Figure 4. : Service status of both firewalls.]][[Image:Ops705_lab2_fig4.png|thumb|right|500px|Figure 5. : Default iptables firewall rules.]]
The default firewall for CentOS, ''firewalld'' is more complex than we need. We'll be reverting to the easier to use ''iptables'' standard. This will require the removal of the ''firewalld'' package, the installation of the ''iptables-services'' package, and working with systemd services to turn on your new firewall.
There are a few standard security practices to follow when dealing with firewalls. In this section, we will changes our firewall rules to follow those practices. For more detail, refer to the Week 2 lecture and material.
[[Image:Ops705_lab2_fig15.png|thumb|right|500px|Figure 6. : Modified iptables firewall rules.]]
# Set your default policy for the INPUT chain to DROP: <code>iptables -P INPUT DROP</code>
# Remove the reject rule from the INPUT chain to hide our server from scans: <code> iptables -D INPUT 5</code>
== Part 1: Text Editing with <code>vim</code> ==
[[Image:vi-text-editor-2.png|right|250px|thumb|Figure 7: The online vi-tutorial provides users "hands-on" experience of using the vi text editor.]]
You will now learn basic editing skills using the vi (vim) text editor including creating, editing, and saving text files. As mentioned, the vim text editor (although taking longer to learn) has outstanding features to increase coding productivity.
An interactive tutorial has been created to give you "hands-on" experience on how to use vi text editor. It is recommended that you run this interactive tutorial in your Linux account to learn how to create and edit text files with the vi text editor.
# Run the interactive tutorial: <code>vi-tutorial</code>
# In the tutorial menu, select the first menu item labelled "USING THE VI TEXT EDITOR"
# When you want to exit the tutorial, select the menu option to exit the tutorial.
[[Image:vi-text-editor-b.png|right|200px|thumb|Fig. 108: Contents of ''othertext.txt'']]
After you have completed the tutorial:
# Using vim, create a new text file called ''othertext.txt'' in your home directory.<code>cd ~; vim othertext.txt</code># Write the text shown in ''Fig. 10Figure 8'' to your new ''othertext.txt'' file, save, and quit.# Confirm the contents of your text file match ''Figure 8'': <code>cat othertext.txt</code>
You can also '''manage''', '''view''' or '''manipulate the display''' of text files. This is HIGHLY ADVISED in case you only want to view contents and '''NOT''' edit text file contents which can cause accidental erasure of data.
