Changes

Due date: 27th 12th of februaryJune*'''(Update: June 13 2019)''': Final version. Added clarity (See the '''A1 Test Cases''' section below) to what will be tested at demo time (based on A1 requirements). More details of what should be in the project report. [[:File:19b-SRT210_a1.pdf|Download PDF]].*'''(Update: May 31 2019)''': First draft. Additional edits will only clarify language and improve readability. You may consider these requirements complete for '''Assignment 1 in Summer 2019'''.*'''(May 7 2019)''': Additional requirements will be added at a later date.

# Complete labs 1 through 4. (but note the previous announcement about forwarding port 80)# Create a new virtual network named asg1, with a subnet that has a 192.168.X network address, where X is the last first two digits of your Seneca student number. Do not use DHCP on this network.# Create a new virtual machine and install CentOS in on it as a minimal install. Name this virtual machine lin1a1 but set its hostname to yourmysenecaid.lin1a1.# Set up the new virtual machine Setup lin1a1 to have the hostname lin1a1, and two network interfaces:#* Both should be where both network interfaces are virtio type of virtual devices#* One on the asg1 . Next, setup one network interface with the IP address 192.168.X.50#* One on 32 and to connect to the network1 asg1 network with while the other network interface has IP address 192.168.210.2022 and it connects to the network1 network.# Note that Keep in mind in any networked system you can have just one, and only have one , default gateway on a system, and your . So configure the default gateway should of lin1a1 to be c7host on the 192.168.210 subnet.# Confirm that your new VM lin1a1 can communicate with both the internet Internet and with hosts on the network1 network.# Create another minimal CentOS VM, named : name it lin2a1; set its hostname to yourmysenecaid.lin2a1, with ; let it have one network interface and IP address 192.168.X.51# The 33 (X being the first two digits of your student ID). By default, after the install, this second VM should be able to access machines on the asg1 network but it will not be able to communicate with any hosts on the network1 network.# Configure lin2a1, the second VM , to be able to access the internet Internet and the network1 network via lin1a1. You'll will need to enable IP forwarding and masquerading on the correct appropriate interface in and the correct appropriate machinefor that to happen.# Configure both VMs (lin1a1 and lin2a1) to be added to your DNS server. able to connect to c7host.yourmysenecaid.ops, lin1.yourmysenecaid.ops, and lin2.yourmysenecaid.ops by hostname their hostnames (don't be tempted to set up another DNS server, use what you already havefrom your earlier lab)# Note: make sure that Ensure you start your firewall setup on each VM from the default iptables-services rules. You'll lose marks if you don't have a functional firewall on lin1a1 and on lin2a1.

== Part 2: SSH brute-force attack Multiple WebServer Setup (10 marks) ==

# Create at least 5 users (2 Marks) Install NGINX on lin1a1 and Caddy on lin2, give some lin2a2. Confirm that each works locally with thier VM and from c7host. Do the testing of them simpleNGINX and Caddy in two stages.# (3 Marks) From a browser running on c7host confirm connections using IP addresses:#: * http://common names 192.168.210.11 connects to Apache (like "john"from the earlier lab) and simple or relatively-simple passwords#: * http://192.168.210.22 connects to NGINX running on lin1a1#: * http://192.168.X.33 connects to Caddy running on lin2a1. If you have # (3 Marks) From a complex root password - you might want browser running on c7host confirm connections using hostnames:#: * http://lin1.yourmysenecaid.ops connects to Apache (from the earlier lab)#: * http://lin1a1.yourmysenecaid.ops connects to change that NGINX running on lin1a1#: * http://lin2a1.yourmysenecaid.ops connects to something simpler tooCaddy running on lin2a1.# Find some software to perform (1 Mark) From a brute-force SSH login attack browser running on lin2 from lin2a2show you can connect to all 3 webservers using their IP addresses and their hostnames.# Run (1 Mark) From a browser running on Windows show you can connect to each of the attack3 webservers using the c7host IP address. Record how long it tookNOTE: when doing this test, and what you will want to turn off the results were. If it fails to find usable credentials for you - make sure you have an explanation for why that wasother two VMs.

Write a report, where you describe (in your own words):* What you were trying to accomplishyour learning experience of this assignment.* What you had to do to set everything up Keep the tone of your writing such that your present self is teaching your future self (most important are the networking, routing, and firewall configurationswho might have forgotten).* Describe how the tool you chose for Part 2 works, how you used it, and why it gave learning experience you achieved while doing this assignment. Be sure to include all the results that it gave major learning points you.* Describe at least two ways overcame to make brute-force SSH attacks less likely to be successful.* Describe any challenges you ran into and how you solved themthis assignment work as described.

# The report must be in a PDF format otherwise it will be considered unreadable. The text part of the report can use a Serif or Sans-Serif font (such as Arial or DejaVu Sans) but the configuration file output must be in a fixed-width (such as Courier or MonoType).# The very FIRST FEW LINES MUST CONTAIN: '''Full Name''', your '''MySeneca username''', and your '''student ID'''.# The next FEW LINES MUST CONTAIN output from the command line (use a screen shots for doing this) showing:#* MAC and IP address of <code>eth0</code> on '''lin1a1'''#* MAC and IP address of <code>eth1</code> on '''lin1a1'''#* MAC and IP address of <code>eth0</code> on '''lin2a1'''#* MAC and IP address of <code>eth0</code> on '''lin1:'''#* MAC and IP address of <code>eth0</code> on '''lin2:'''# What you had to do to set everything up (most important are the networking, routing, and firewall configurations). Screenshots might of the configuration files are acceptable, however, the screenshot must be helpful but readable. If the font is too small (less than 12 pt) or the screenshot is blurry, you will lose marks. You may take multiple screenshots of a long configuration file provided they show the previous few lines to show continuation. Ideally, it is best (and probably fastest) to use scp to get the configurations out of the VMs and append them into your report.# Describe any challenges you ran into and how you solved them.# Screenshots are not required for proof that your setup works. Each screenshot must:#* Clearly be labelled the test you are proving, for example: Connect to <code>http://lin1a2.yourmysenecaid.ops</code> from '''c7host'''.#* Cover '''ALL''' of the individual test cases described in '''A1 Test Case''' section below.#* Show the interaction between '''c7host''' (or '''lin2''') in a readable (12 pt) font.#* The prompt on the terminal MUST show the logged in user and hostname of the VM so it captures what is happenning where.#* Use <code>curl</code> and <code>ping</code> to show connections to each server and the web. Pipe the output from <code>curl</code> into <code>head</code> to restrict output to 4 lines maximum.#* Use <code>cat</code> show contents of <code>/etc/resolv.conf</code> on <code>lin1a1</code> and <code>lin2a1</code>.#* Use <code>cat</code> to show the contents of <code>/etc/sysconfig/iptables</code> on '''lin1a1''', and '''lin2a1'''. Show all the additional commands you ran on '''c7host''' after it booted up to test connectivity to Apache on '''lin1''', NGINX on '''lin1a1''', and Caddy on '''lin2a1'''.#* Use cat to show full configuration of these network cards:#** <code>eth0</code> on '''lin1a1'''#** <code>eth1</code> on '''lin1a1'''#** <code>eth0</code> on '''lin2a1'''# Show the output of each of the Assignment 1 test cases (see the next section) in your report. == A1 Test Cases: == <ol><li><p>Using <code>ping 1.1.1.1</code>, <code>ssh root@hostname</code>, and <code>curl http://centos.org</code> show the following use cases:</p><ol type="a"><li>From '''lin1a1''': prove Internet connectivity of '''lin1a1'''</li><li>From '''lin2a1''': prove '''lin1a1''' acts as a router for '''lin2a1''' and acts as a bridge between '''asg1''' and '''network1''' using the following 3 test cases.</li><ol><li>when '''lin1a1''' is shut down '''lin2a1''' no longer has Internet connectivity</li><li>when '''lin1a1''' is turned on '''lin2a1''' has Internet connectivity</li><li>use <code>ping</code> and <code>ssh</code> from '''lin2a1''' to connect to '''lin1''' and '''lin2'''</li></ol> <li>From '''c7host''':</li><ol><li><p>use <code>ping</code> and <code>ssh</code> to prove connectivity to '''lin1a1''' and '''lin2a1''' using their IP numbers and their domain names. The report domain names for both '''lin1a1''' and '''lin2a1''' should be at least two resolved through '''lin2'''.</p></li><li><p>use <code>curl</code> to display the home pages longof Apache running on '''lin1'''; NGINX running on '''lin1a1''', and Caddy running on '''lin2a1'''. Use both IP and friendly-names methods to demonstrate this: IP addresses of their respective hosts and the domain names of those respective hosts, for example '''yourMySeneca.host.ops'''. and <code>192.168.X.33</code></p></li></ol></li></ol><li><p>From Windows, using Internet Exporer or Edge, show home page contents of your website on that host using the webserver installed on that host, not including screenshotsexample: Apache on '''lin1''', titlesNGINX on '''lin1a1''', and other fluffCaddy on '''lin2a1'''. You may have to edit iptables rules on '''c7host''' each time you want to access that particular VM so HTTP requests coming from port <code>80</code> on Windows go directly to that VM.</p></li></ol>