Академический Документы
Профессиональный Документы
Культура Документы
INDIVIDUAL ASSIGNMENT
CE00804-5-HSSN
APT2F1908CYB
WEIGHTAGE: 50%
INSTRUCTIONS TO CANDIDATES:
1 Students are advised to underpin their answers with the use of references
(cited using the Harvard Name System of Referencing).
2 Late submission will be awarded zero (0) unless Extenuating
Circumstances (EC) are upheld.
3 Cases of plagiarism will be penalised.
4 The assignment should be bound in an appropriate style (comb bound or
stapled).
5 Where the assignment should be submitted in both hardcopy and
softcopy, the softcopy of the written assignment and source code (where
appropriate) should be on a CD in an envelope / CD cover and attached to
the hardcopy.
KELLY (TP053167)
Table of Contents
I. Initial Configuration
A. STUNNEL
B. CROSS – SYSTEM MULTITAIL
C. LDAP
A. SUDO
B. BASIC VPN
C. IP TABLES
Initial Configuration
8. Configuring Telnet
Telnet is an underlying
TCP/IP Protocol and a user
command for accessing remote
computers. First thing to do on
this part is editing the telnet file
that is located under
/etc/xinetd.d. After accessing
telnet file, the user needs to edit
the particular line to become
“only from = 127.0.0.1/24” and
change the disable part to “no”.
telnet localhost 25
HELO sending.host.name
RCPT To:
mailadmin@mailhost.tinynet.edu
DATA
.
QUIT
11 login
"mailadmin@mailhost.tinynet.edu"
"admin"
23 select "INBOX"
32 FETCH 1 BODY[]
34 logout
Group Component
STUNNEL
(a) using stunnel for communication between servers and (b) using the mail submission port.
MailHost Configuration
1. Initially, MailHost machine needs to be opened, and access rc.d folder. On the rc.d folder,
rc.stunnel must be given permission to be executed by owner, group, and others. chmod
option under File option has to be used to perform permission changes.
2. On the second step, the first line of relayhost must be commented (add #), meanwhile, the
second line of relayhost must be uncommented (remove #). On the second line, the command
“submission” needs to be changed to “587”. These changes must be saved then.
3. Afterwards, rc.stunnel file that is located under /etc/rc.d folder has to be modified, the
command “/etc/stunnel $LINE” needs to be added after command “/usr/sbin/stunnel $LINE”.
After that, press on F2 to save the changes.
4. On the fourth step, some changes need to make to mh.services.conf file that is part of
/etc/stunnel folder. On the “;output = /some/place/stunnel.log” line, this line must be changed
to be “output = /var/log/stunnel/log”.
5. These commands below are responsible to ask permission for stunnel.log file, start the
stunnel services, and running the var folder. “chmod 777 stunnel.log” is actually an
alternative to ask for permission, instead of accessing it through midnight commander.
6. Thereafter, the user would type “netstat -tulp” to check the services that are running at that
time. “htop” command could also be used as an alternative option of “netstat -tulp”
command. They both should show that the stunnel services are activated or in listen state.
WebServer Configuration
uncommented (remove //) since they both would be activated if we do so for configuring
stunnel. Then, below “// for initial testing” line, the is $smtpPort which needs to be
commented (add //) to tell the system to not execute this line.
The user would scroll down a little, and the user would find another “// for initial testing”
line. Below this line, the imapServerAddress must be changed with the IP address of the
previous MailHost machine. The configuration could be saved then.
2. These commands below are exactly the same with the ones that were performed on
MailHost machine previously. For the further explanation, the user could refer to previous
MailHost configuration.
This figure below proves that the stunnel services are running properly on WebServer
machine.
Testing
The next three figures below show the processes of sending message from Gateway machine
and receiving message to Mailhost machine in detail.
Afterwards, the user needs to check the IP address of WebServer machine to access the
SquirrelMail in the browser. In this case, the IP address of it is 192.168.56.111.
The SquirrelMail login page would require email and password, the default email would be
“mailhadmin@mailhost.tinynet.edu” and the default password would be “admin”. After
logging in, the interface should be the same as the figure below.
This figure below displays the message that was sent by gateway and received by mailhost
previously.
CROSS-SYSTEM MULTITAIL
Objective
a) Use one easy method to setup Multitail to show the postfix logfiles on the Gateway
and the Mailserver in separate windows, and demonstrate using email via telnet
b) Use a different easy method to setup Multitail to show the postfix logfiles on the
Gateway and the Mailserver in a single window with different colors, and demonstrate
using email via telnet
Configuration
a) Use one easy method to setup Multitail to show the postfix logfiles on the Gateway
and the Mailserver in separate windows, and demonstrate using email via telnet
Exit from mc and make sure ssh is running by typing the command below:
netstat -tulp
Access mailhost from gateway using ssh by typing the command below
ssh root@192.168.76.209 (ip mailhost)
If there is a confirmation question for login by using ssh, type yes to continue
Type mailhost password (toor) as authorization to access mailhost.
Open new terminal by press alt+f2 and type command below to run multitail from
mailhost and gateway and showing postfix.log activity.
multitail /var/log/postfix.log –l “ssh root@192.168.76.209 tail –f
/var/log/postfix.log”
When multitail receives the email, it will respond as the figure below shows.
b) Use a different easy method to setup Multitail to show the postfix logfiles on the
Gateway and the Mailserver in a single window with different colors, and
demonstrate using email via telnet
Go to gateway and type the command below to open multitail with different colours:
multitail -ci yellow /var/log/postfix.log -ci red -L “echo ‘tail /var/log/postfix.log’ inc
192.168.76.209 23432”
After sending email through squirrelmail, the postfix.log will respond as the figure
below displays.
LDAP
After changing the owner to nobody, we go to the edit the file under /etc/syslog.conf change
the code “local4.info” become local4.*(It changes the log level for facility local4 from info
to all).
Besides, we also need to uncomment the loglevel directive in front the comment we need to
put a # in the /etc/openldap/slapd.conf file by pressing F4(edit the current highlighted file)
to configure the comment.
After the configuration of LDAP, we will type in this commands : /etc/rc.d/rc.syslog stop to stop
the file system and start back again /etc/rc.d/rc.syslog start.
Next, we need to fix the file under /etc/rc.d/rc.ldap inside the comment we need to delete the
ldaps:// so it will only listen on the regular LDAP port which is ldap:// also we want the
stunnel listening on the LDAP port.
After configuring it, again we need to start and stop the service of the LDAP server, by
typing this command: etc/rc.d/rc.ldap start after that we /etc/rc.d/rc.ldap stop. It’s for
LDAP server to prevent kill process in HTOP.
After opening the LDAY system, now we need to add data in the LDAP system.
After that stop and start the LDAP service to prevent database getting damaged and we need
to start all over again to configure the LDAP.
Now we need to create the top levels of the DIT and this command is the created a new
directory using PLA which is ldapadd -x -D “cn=LDAPAdmin,o=tinynet.edu” -w
slapmesilly -f /etc/openldap/topclass.ldif.
After that we add user in to the directory by typing this command: ldapadd -x -D
“cn=LDAPAdmin,o=tinynet.edu” -w slapmesilly -f /etc/openldap/userdata.ldif.
In the LDAP system, under /etc/openldap/topclass.ldif make a file copy call dctopclass.ldif
inside the file we need to add some command in the file system. As we can see the diagram
above shows that the red line is, we need to add and edit the command. After we done we
already create the DIT in the LDAP system.
Now we need to add user into the file. In console, we type ldapadd -x -D
“cn=LDAPAdmin,dc=tinynet,dc=edu” -w slapmesilly -f /etc/openldap/dctopclass.ldif.
We already complete to set up the LDAP system, now we need to go to the mailhost system
to configure it. In mailhost system under /etc/dovecot.conf in the file we need to copy the
command and change a bit. In the diagram above shows that the command already copy and
change.
After that we scroll down the pace also under /etc/dovecot/dovecot-ldap.conf we go to change
the command in the diagram above. Now the configuration of the mailhost system is
complete.
Lastly, we go the webserver system to configure the squirrel-mail to use LDAP. Under
/var/www/squirrelmail/conf ig/config_svr_ldap.php inside the file we need to copy the
code and paste under the LDAP server option and edit as shown in the diagram above.
Finally, We done all the LDAP set up in our virtual box machine and now we are going to
test out the LDAP work in the Squirrel-Mail or not.
After we prompting it in to this page click the “List all” button. After clicking the “List all”
button it list all the user email address that we configure at the system it will show at
Squirrel-Mail.
First we need to copy all the file and directory in /var/monkey/htdocs/ to /var/www so the
default home page will be prompted.
After we configure finish the webserver, we come to mail-host, configure the stunnel swap
the comment to right interface and find the file under /etc/postfix/main.cf inside the file we
need to edit the file.
Individual Component
Sudo configuration could be done on any TinyNet Machines, including TinyNet Gateway,
TinyNet MailHost, TinyNet WebServer, and TinyNet LDAP which run on Slax Operating
System. Basically, all the users that log in to any of those machines, they all would be given
sudo access for their accounts. Only certain users (system admin) who are authorized could
get access for root level access which allows the users to access all the folders and files on the
system without any restictions. These are the processes to set the sudo configuration:
1. The user must have Games and ASCIIart configuration installed on their machines as the
prerequisite by configuring it on SetupMenu. The user needs to access the midnight
commander on any machines by typing mc on the console. The user goes to /etc/issue
directory, press on F4 to edit file, and all the texts or commands in /etc/issue need to deleted.
The file would become empty after doing this step and the changes must be saved with F10.
2. The user has to make some changes on ssd-games”ortune.sh file that is located under
/etc/profile.d. The user needs to delete all the commands on the lines between if and fi, and
change it to echo -e "\e[01;32m"; fortune |boxes -d columns -a hcvc; echo -e "\e[00m". Then,
the file must be saved, and the permission must be set up through chmod under File option as
the followings:
3. The user needs to access sudoers file which could be accessed manually or just by typing
command visudo on the console. The user then needs to add command Defaults
editor=/usr/bin/mcedit:/usr/bin/vi on the line under # Defaults specification.
Afterwards, on the same file, the user needs to scroll down a little, and uncomment / remove
one of the hash symbols which is located before %wheel. The user needs to save the file to
keep the changes.
4. On the fourth step, the user needs to exit the midnight commander and go back to the
console. On the console, the user would have to type sudo -i, in order to enable root account.
The result should be the same as the figure below:
5. Thereafter, the user needs to change the /etc/profile configuration, the changes would be
made on the else statement section.
else
The first one using # means the colour prompt would be green if a normal user logs in with
sudo access, while the second one using $ means the colour prompt would be red if a user
with root privilege (admin) logs in using their root account.
Result:
Figure 1
2. Then, go to other packages -> OpenVPN
Figure 2
Figure 3
Figure 4
4. Setup your vpn by signing up by filling up our country locations (shown in Figure 5)
Figure 5
Figure 6
5. Server configuration.(Figure 7 to 8)
a. cd /usr/doc/openvpn-2.0.9/easy-rsa
b. ./build-key-server server
c. Enter for the field except common name
d. Type server
e. Type y for sign certificate and commit certificate request
f. ./build-dh
g. Copy all the keys to /usr/doc/openvpn-2.0.9/sample-config-files
h. Copy ca.key & ca.crt to USB storage and copy into ./keys in Client
Figure 7
Figure 8
Figure 9
Figure 10
Figure 11
Figure 12
Figure 13
Figure 14
Figure 15
Figure 16
Configuration
a) Add the six “Rules for things that no proper TCP stack should be processing” from
the IPTables Quick Reference section -p --protocol tcp but use a LOG target
Add six rules that are going to be assigned, which are six rules below and type it to the
virtual machine
Rule 1: iptables -A INPUT -p tcp --tcp-flags ALL NONE -m limit --limit 1/minute -j
LOG --log-prefix “iptables AN: ” --log-level alert
Rule 5: iptables -A INPUT -p tcp --tcp-flags FIN,ACK FIN -j LOG -m limit --limit
1/minute --log-prefix “iptables FAF: “ --log-level alert
Save the rules in virtual machine by go to mc, then go to /etc and create new directory
by pressing f7 and name it as iptables to save the iptables.