Project – Resources

There is a lot of inaccurate and conflicting information available – these

resources are selected to help you avoid going down the wrong track.
Read the System Administration :: Debugging page on the TinyNet site!

Project – Group Component

There are a number of options listed below for enhancements to the base system, and
once each group member chooses one for individual implementation, the rest will be
available for the group to work on together. The group is free to choose any combination,
and a special scenario devised by the group can be proposed to your lecturer, who will
be happy to advise on its suitability and help you refine it if necessary.
The minimum number of enhancements done by the group is 3, including one required
enhancement: (a) using stunnel for communication between servers and (b) using the
mail submission port.
Remember, maximum points for an enhancement will only be achieved when it is
successfully implemented (criteria 1) and properly documented (criteria 2). The project
management component requires you to show one group member as the owner of the
enhancement, no matter how many group members work on it or when.
Documentation should be organized as a set of steps that were followed to implement
the enhancement, with a focus on pitfalls and obstacles encountered and overcome – if
there is a resource that is sufficient, refer to it with some critical evaluation (how
complete is it? how close is their system to our system? what’s missing?) rather than
copy/paste into your report.
The group presentation is intended to help you finish your project successfully. It is
essential to have a draft of your report to review. The presentation will be informal,
focused on the tasks you have chosen, the progress you have made, obstacles
overcome, and outstanding issues to be resolved (no powerpoint required).

Screenshots used to document enhancements must show the student ID

of the owner in the command prompt, logfile messages, or email address.
1. Login as root
2. Change the hostname to your student ID number:
/bin/hostname TP024680
3. Type exit to get the new hostname into the prompt, and login
as root again
4. Get the new hostname into the log messages:
/etc/rc.d/rc.syslog restart
You may also want to add this name to /etc/dnsmasq.d/cnames

1
1. Cross-System Multitail
a) Use one easy method to setup Multitail to show the postfix logfiles on the
Gateway and the Mailserver in separate windows, and demonstrate using email
via telnet
b) Use a different easy method to setup Multitail to show the postfix logfiles on the
Gateway and the Mailserver in a single window with different colors, and
demonstrate using email via telnet

There are three easy ways to have Multitail show logfiles from another server:
 Xinetd: See System Administration :: Multitail
 Netcat (hack it up!): See the Multitail section in Standard I/O :: Named Pipes
 ssh connection multiplexing (login manually, then reuse the connection): See Host
Management :: Smoother SSH

There is one more method: ssh authentication by keys and ssh-agent. This is a bit more
complicated, which is why it is a separate enhancement (9).

2. Basic VPN
a) Setup openvpn using static keys
b) Have two sets of config files, one for tun and one for tap

Resources
1) SSL Tunnels :: OpenVPN

Open these three in separate tabs

1. https://openvpn.net/index.php/open-source/documentation/howto.html
2. https://openvpn.net/index.php/open-source/documentation/miscellaneous/78-static-key-
mini-howto.html
3. https://openvpn.net/index.php/open-source/documentation/miscellaneous/76-ethernet-
bridging.html

a) Start with the howto – skip down and read the sections Determining whether to use a routed
or bridged VPN and Numbering private subnets.
b) Then skip down to Creating configuration files for server and clients. Note that it says Before
you use the sample configuration file, you should first edit the ca, cert, key, and dh
parameters to point to the files you generated in the PKI section above. You want to skip the
PKI section and use the static key mini-howto for this, because it is rather simpler.
c) Once you get finished with Starting up the VPN and testing for initial connectivity with tun,
switch to the ethernet bridging tab to make the changes for tap. Note that the bridge-utils
package is already installed.
The PKI section is what you need for enhancement (9).

2
3. SSH Key Management
a) Reconfigure one of the Multitail above to use authentication via keys and
ssh-agent
b) Reconfigure openvpn to use signed keys

Resources:
1) Host Management :: Smoother SSH
2) https://openvpn.net/index.php/open-source/documentation/howto.html

4. iptables
a) Add the six “Rules for things that no proper TCP stack should be processing”
from the IPTables Quick Reference section -p --protocol tcp but use a LOG
target
b) Use hping2 and Multitail to show the rules are working

Resources
1) Quick Reference :: iptables
2) Quick Reference :: hping2
3) Multitail in Packet Filters :: PenTesting

5. SUDO
Choose one server and
a) Change the startup display to show a random fortune in color each time a user
logs in rather than the command summary and root login
b) Allow no root access: force users to use sudo (like ubuntu)
c) Have different color prompts for normal users and root

Resources:
1) Host Management :: User Accounts and Standard I/O :: Ascii Art
2) Documentation :: Configuring Sudo
3) Host Management :: Prompt Color

For (a), use an empty /etc/issue and focus on the scripts executed for a user at login

3
6. IDS – This one counts as two (double weight)
a) Setup snort
b) Use multitail and hping2 to demonstrate triggering a specific snort rule
c) How is information about known attacks compiled into rules?

Resources:
1) Packet Filters :: PenTesting
2) System Administration :: Multitail
3) https://www.snort.org/faq

NOTE: Do this on a TinyNet VM with the version from the Configuration ISO
This version has a smaller attack database, so you won’t get lost

Look at the signatures in the database and use hping2 to craft packets that will set off
the alarms, and use multitail to show the command and the logfile at the same time.

7. Protocol Analysis
Use tcpflow to capture the dialog between the browser and the webserver when
a) you access the default monkey webpage. How can you recover the images?
b) you access a mailbox in squirrelmail. How many requests are made? How many
servers are involved?

Resources:
1) http://www.owlriver.com/tips/tcpflow-tutorial/index.php
2) http://www.alphadevx.com/a/370-Running-a-network-trace-on-the-command-
line-using-tcpflow
3) https://www.youtube.com/watch?v=kSWznCHJfjY
tcpflow is installed on all TinyNet machines

8. Migrate to Net-R
a) Clone and reconfigure your TinyNet servers as Net-R servers
b) Reconfigure DNSMASQ to hand out static addresses to servers rather than
dynamic ones
c) Describe the Net-R automatic traffic generation system

Resources
1) Breaking Bad :: Setup
2) /etc/dnsmasq.conf
3) /var/net-r

4
9. Port Knock
a) Use the Netcat and Named Pipes technique to set up a reverse shell
b) Use knockd and hping2 to control availability (activate/deactivate)

Resources
1) Breaking Bad::Remote / Reverse Shells
2) knockd man page
3) /usr/local/share/doc/knockd-README
4) /etc/knockd.conf

knockd complains about a missing a library, but the command

find / -name "libname*"
using the library name from the error message shows it is there. Fix it by copying the
symlink with the proper name from /usr/local/lib to /usr/lib
Lots of times the library is called libxyz.so.2.0.0 when the program wants
libxyz.so so this is pretty easy (and quite common and quite irritating)

knockd automatically tries to listen on eth0 but sometimes the boot process names the
interface eth1 (this is a known bug in linux udev) , If knockd complains, use ifconfig
to get the right name and start knockd with –i eth1 (for example).

Set seq_timeout = 45 (for example) in /etc/knockd.conf so you have time to enter the
sequence, and start knockd with –v to see useful progress messages. Use -c 1 with
hping2 to send each part of the sequence, and if you are doing this from a script put
sleep 1 after each hping to wait one second before sending the next one.

The linux sockets “classic one-liner” method is easiest, put the script on the victim and
configure knockd there. Start your listener on the attacker in one virtual terminal and switch
to another virtual terminal to send the knock sequence.

10. Ettercap
a) Use two Net-R hosts, and change the index.html for one of them to say
“Substitute webserver has answered your request – Frown and Be Worried”
b) Demonstrate before and after ARP & DNS cache poisoning with ettercap

Resources:
1) Breaking Bad:: Man-in-the-Middle
2) Breaking Bad :: Ettercap
(can also do this with two TinyNet No-Role hosts)

5
11. Compile & Install
a) Setup a VM using the TinyNet-gcc image
b) Install the asciiart package from the configuration CD
c) Compile the toilet source code and demonstrate using shell scripts
d) Explain the last four lines of the SlaxBuild script

Resources:
1) GCC & Packages :: GCC & Make
2) Standard I/O :: ASCII Art
3) TinyNet Notes :: Slax Uniqueness

TinyNet-gcc.iso: compiler and build tools. The image is bootable, so you just create a
virtual machine using this image rather than TinyNetBase.iso - give it at least 320 mb RAM
and use "Dynamically expanding storage" of 500 mb. It will automatically come up with ip
address 192.168.56.7 (in the net-a range).
You need to compile the libcaca library before toilet can be compiled.
Instructions for modifying the SlaxBuild script are on the site

Remember, shell scripts are simple:

1. Create an empty script with echo ‘#!/bin/bash’ >file.sh
2. Open this file in your editor and type in commands exactly as you would type them on the
command line
3. Save the file and set the execute permissions
4. Run it from the current directory with ./file.sh

6
12. NFS Virtual Servers
a) In monkey.conf set up two virtual servers (VirtualHost) for them, and disallow
serving web pages from user home directories. Add cnames to dnsmasq.
b) Put the the webserver VirtualHost DocumentRoot directories on a new VM NFS
mount.
c) Set up two normal users and add directories under their home directories for their
web pages and CGI scripts on the NFS server, and give them ssh access.
d) Configure the system so users cannot access the VirtualDocumentRoot
directories, and set up a cron job to automatically move files from home
directories to the proper VirtualDocumentRoot

Resources:
a) Virtual Servers for Users in Configure Webmail :: MonkeyShines
b) Creating Users in Host Management :: User Accounts
c) The Mount a Linux Shared Folder section in Orientation :: Shared Folders
and TinyNet Notes :: AUFS and NFS
d) https://www.tecmint.com/how-to-setup-nfs-server-in-linux/ -> the packages are
installed already, so skip down to Setting Up the NFS Server

 Get the export direction right: your NFS server exports, the other servers mount.
 If there are files in the directories that you want to mount on the client (/home/vmail for
example), you need to copy them to the directory on the NFS server that will be
exported before you mount the NFS share.
 Remember to add cnames to your DNS for the VirtualHosts: /etc/dnsmasq.d/cnames
Restart dnsmasq after you change the cnames
/etc/rc.d/rc.dnsmasq stop
/etc/rc.d/rc.dnsmasq start
 Be sure you have ssh/sftp available for your users:

NOTE: you cannot access the new VirtualServers from your host system browser, because your
host system cannot use the TinyNet DNS running on the Gateway. Use the links web browser
from another TinyNet VM to see your new sites.