User:Devangparekh/sandbox

LINUX PROJECT

Anurag Dalvi (001613334) Devang Parekh (001685704) Ekjot Singh Walia (001664599)

Link to wikiversity - https://en.wikiversity.org/wiki/User:Devangparekh/sandbox

Contents OBJECTIVE	3 BEHAVIOR OF THE PROTOCOL	4 SETUP/ INSTALLATION STEPS	6 DNS	6 DHCP	15 WEB SERVER	17 FIREWALL	19 ADD-ONS	20 ALGORITHM & FLOWCHART	24 TESTING	25 WORKING WITH AN EXAMPLE	27 FUTURE IMPROVEMENTS	27 REFERENCES	27

1.Objective When the client is connected to a network is should be leased an IP address to the clients, from a pool of addresses. The client should be able to view the webpage using a browser. The file will be hosted by a web server. The Firewall should first allow the host to visit the page and can later block the host client as well.

2. Infrastructure

DNS server – 192.168.88.2 master DNS server – 192.168.88.6 slave DHCP server – 192.168.88.5 Webserver – 192.168.88.3 Clent

3. Behaviors of the protocol 3.1 DNS (Domain Name server) The Domain name server is user to store the companys webserver and the mail server setting. It resolves the IP address with the domain name of the server. So whenever requests the webpage from the server the DNS can extract the IP address. While doing so the actions depend upon the query from the client. 1.	Forward DNS query – From hostname to IP address 2.	Reverse DNS query – IP address to hostname

3.2 DHCP (Dynamic host configuration protocol) The Dynamic host configuration protocol is used to assign the IP addresses to all the hosts connected in the network. It does so from a pool of reserved IP addresses. It can assign the IPaddresses in Dynamic method and static method. However for the purpose of this project we have assigned IP addresses to all the servers statistically. 3.3 Webserver The webserver is a where all the data is stored together. It like a repository of webpages. All the webpages displayed on the net are hosted on these webservers. 3.4 Firewall Firewall is used to make the network more secure. Using the firewall we can control who can requests to the servers or the systems. With the help of firewall we can implement so as to who can access the network and whom all we want to block. 3.5 NFS Network file system is a protocol used to allow the hosts to access the files shared in the network. This method is similar to the local storage accessed by the systems. The communication takes places using the RSA algorithm and exchange of the public keys between them. 3.6 VPN A Virtual private network is a techniques used to enchance security and privacy in the private networks.

3.7 Mail server A mail server is just nother server which is used to handle the email communication in and out of the network. It can receive email over the internet and can deliver as well. 3.8 NTP Network Time protocol is used for clock synchronization between computers in packet and switched networks. It needs to be implemented both on the client and the server.

4.Setup/Installation 4.1 DNS configuration. MASTER sudo nano /etc/network/interfaces auto lo iface lo inet loopback
 * 1) interfaces(5) file used by ifup(8) and ifdown(8)

auto eth0 iface eth0 inet static address 192.168.88.2 netmask 255.255.255.0 gateway 192.168.88.1 network 192.168.88.0 broadcast 192.168.88.255

sudo nano /etc/hosts 127.0.0.1      localhost 192.168.88.2   ns1.DEA.org ns1


 * 1) The following lines are desirable for IPv6 capable hosts
 * 1    ip6-localhost ip6-loopback

fe00::0 ip6-localnet ff00::0 ip6-mcastprefix ff02::1 ip6-allnodes ff02::2 ip6-allrouters

sudo nano /etc/hostname ns1

sudo apt-get install bind9 sudo apt-get update sudo nano /etc/bind/named.conf.options options { directory "/var/cache/bind";

// If there is a firewall between you and nameservers you want // to talk to, you may need to fix the firewall to allow multiple // ports to talk. See http://www.kb.cert.org/vuls/id/800113

// If your ISP provided one or more IP addresses for stable // nameservers, you probably want to use them as forwarders. // Uncomment the following block, and insert the addresses replacing // the all-0's placeholder.

forwarders { 192.168.88.1;               8.8.8.8;        };

//========================================================================       // If BIND logs error messages about the root key being expired, // you will need to update your keys. See https://www.isc.org/bind-keys //========================================================================       dnssec-validation auto;

auth-nxdomain no;   # conform to RFC1035 listen-on-v6 { any; }; };

sudo nano /etc/bind/named.conf.local // // Do any local configuration here //

// Consider adding the 1918 zones here, if they are not used in your // organization //include "/etc/bind/zones.rfc1918";

zone "DEA.org" { type master; file "/etc/bind/db.DEA.org"; allow-transfer {192.168.88.6; }; }; zone "88.168.192.in-addr.arpa" {       type master; allow-transfer {192.168.88.6; }; file "/etc/bind/db.192"; }; Sudo cp /etc/bind/db.local / etc/bind/db.DEA.org Sudo cp /etc/bind/db.local / etc/bind/db.192

Sudo nano /etc/bind/db.DEA.org $TTL   604800 @      IN      SOA     ns1.DEA.org. root.DEA.org.(                             3         ; Serial                         604800         ; Refresh                          86400         ; Retry                        2419200         ; Expire                         604800 )       ; Negative Cache TTL @      IN      NS              ns1.DEA.org. @      IN      A               192.168.88.56 ns1    IN      A               192.168.88.56 web    IN      A               192.168.88.65 www    IN      CNAME           web.DEA.org. wat    IN      CNAME           web.DEA.org. @      IN      MX      10      mail.DEA.org. mail   IN      A               192.168.88.70
 * BIND data file for local loopback interface
 * BIND data file for local loopback interface

Sudo nano /etc/bind/db.192 $TTL   604800 @      IN      SOA     ns1.DEA.org. root.DEA.org. (                             2         ; Serial                         604800         ; Refresh                          86400         ; Retry                        2419200         ; Expire                         604800 )       ; Negative Cache TTL @      IN      NS      ns1.DEA.org. 56     IN      PTR     ns1.DEA.org. 65     IN      PTR     web.DEA.org. 65     IN      PTR     www.web.DEA.org. 65     IN      PTR     wat.www.web.DEA.org. 70     IN      PTR     mail.DEA.org.
 * BIND data file for local loopback interface
 * BIND data file for local loopback interface

Sudo nano /etc/resolvconf/resolv.conf.d/head search DEA.org nameserver 192.168.88.2

sudo service bind9 restart

SLAVE Sudo nano /etc/network/interfaces auto lo iface lo inet loopback auto eth0 iface eth0 inet static address 192.168.88.6 netmask 255.255.255.0 network 192.168.88.0 broadcast 192.168.88.255 gateway 192.168.88.1
 * 1) interfaces(5) file used by ifup(8) and ifdown(8)

sudo nano /etc/hosts 127.0.0.1                localhost 192.168.88.6       ns2.DEA.org ns2


 * 1) The following lines are desirable for IPv6 capable hosts
 * 1    ip6-localhost ip6-loopback

fe00::0 ip6-localnet ff00::0 ip6-mcastprefix ff02::1 ip6-allnodes ff02::2 ip6-allrouters

sudo nano /etc/hostname ns2

sudo nano /etc/bind/named.conf.options options { directory "/var/cache/bind";

// If there is a firewall between you and nameservers you want // to talk to, you may need to fix the firewall to allow multiple // ports to talk. See http://www.kb.cert.org/vuls/id/800113

// If your ISP provided one or more IP addresses for stable // nameservers, you probably want to use them as forwarders. // Uncomment the following block, and insert the addresses replacing // the all-0's placeholder.

forwarders { 192.168.88.1;               8.8.8.8;                8.8.4.4;        };

//========================================================================       // If BIND logs error messages about the root key being expired, // you will need to update your keys. See https://www.isc.org/bind-keys //========================================================================       dnssec-validation auto;

auth-nxdomain no;   # conform to RFC1035 listen-on-v6 { any; }; };

sudo nano /etc/bind/named.conf.local // // Do any local configuration here //

// Consider adding the 1918 zones here, if they are not used in your // organization //include "/etc/bind/zones.rfc1918";

zone "adeptmaster.com" { type slave; file "db.adeptmaster.com"; masters {192.168.88.2;}; };
 * 1) Forward zone


 * 1) Reverse zone

zone "88.168.192.in-addr.arpa" { type slave; file "db.192"; masters {192.168.88.2;}; };

Sudo Sudo nano /etc/resolvconf/resolv.conf.d/head search adeptmaster.com nameserver 192.168.88.6

4.2 DHCP configuration Sudo vi /etc/network/interfaces auto eth0 iface eth0 inet static address 192.168.88.5 netmask 255.255.255.0 gateway 192.168.88.1 network 192.168.88.0 broadcase 192.168.88.255 dns-domain-nameserver 192.168.88.2 dns-domain-search dea.com Commands to configure the leases Cd/ etc/ Ls cd dhcp$ sudo nano dhcpd.conf Uncomment a slightly different configuration for an internal subnet. Subnet 192.168.88.0 netmask 255.255.255.0 { Range 192.186.88.10 192.168.88.50; Option domain-name-servers 192.168.88.2,8.8.4.4; Option domain-name “dea.org”; Option routers 192.168.88.2; Option broadcast-address 192.168.88.255; Default-lease-time 600; Max-lease-time 7200; } Save the file configuration. Run the command to restart the server Sudo /etc/init.d/isc-dhcp-server restart Setting the Static IP for eth0

$ sudo ifconfig eth0 inet6 add 2001:db8:0:1::128/64 My dhcpd6.conf default-lease-time 600; max-lease-time 7200; log-facility local7; subnet6 2001:db8:0:1::/64 {  #Range for clients range6 2001:db8:0:1::129 2001:db8:0:1::254; } Created the dhcpd6.leases file As indicated in the dhcpd.leases man page. $ touch /var/lib/dhcp/dhcpd6.leases #Tried with sudo as well Manually starting the DHCPv6 server. Attempted to start the server using the following command: $ sudo dhcp -6 -f -cf /etc/dhcp/dhcpd6.conf eth0

Web server apache sudo apt-get update sudo apt-get install apache2

To create the directory structure

sudo mkdir -p /var/www/dea.org To grant permissions sudo chown -R $USER:$USER /var/www/dea.org sudo chmod -R 755 /var/www nano /var/www/dea.org/index.html sudo cp /etc/apache2/sites-available/000-default.conf /etc/apache2/sites-available/dea.org.conf sudo nano /etc/apache2/sites-available/ dea.org.conf  ServerAdmin webmaster@localhost DocumentRoot /var/www/html ErrorLog ${APACHE_LOG_DIR}/error.log CustomLog ${APACHE_LOG_DIR}/access.log combined  ServerAdmin admin@dea.org ServerName dea.org ServerAlias www.dea.org sudo a2ensite dea.conf sudo a2ensite test.conf sudo service apache2 restart

Backup

Script- Script BASH.sh
 * 1) !/bin/sh
 * 2) Backup to NFS mount script.
 * 1) Backup to NFS mount script.
 * 1) Backup to NFS mount script.

backup_files="/home/anuragdalvi"
 * 1) What to backup.

dest="/tmp"
 * 1) Where to backup to.

day=$(date +%A) hostname=$(hostname -s) archive_file="$hostname-$day.tgz"
 * 1) Create archive filename.

echo "Backing up $backup_files to $dest/$archive_file" date echo
 * 1) Print start status message.

sudo tar -cvf $dest/$archive_file $backup_files
 * 1) Backup the files using tar.

echo echo "Backup finished" date
 * 1) Print end status message.

ls -lh $dest
 * 1) Long listing of files in $dest to check file sizes.

cd /tmp sudo scp *tgz slave@192.168.88.6:Documents yes slave cd
 * 1) Transfer of Backup

Cronjob: 0 18 */5 * * /home/anuragdalvi/bash.sh >>/var/log/cronlog

Firewall sudo apt-get install ufw # to install utw sudo nano /etc/default/ufw # to use ipv6 using ufw [sudo] password for anuragdalvi:

Status: active Logging: on (low) Default: deny (incoming), deny (outgoing), disabled (routed) New profiles: skip

To                        Action      From --                        --      22                         ALLOW IN    Anywhere 80                        ALLOW IN    Anywhere 443                       ALLOW IN    Anywhere 22 (v6)                   ALLOW IN    Anywhere (v6) 80 (v6)                   ALLOW IN    Anywhere (v6) 443 (v6)                  ALLOW IN    Anywhere (v6)

sudo ufw allow ssh # configure your server to allow incoming SSH connections

4.3 VPN 1. Install packet ‘pptpd’ sudo apt-get install pptpd 2. Edit file /etc/pptpd.conf as follows sudo nano /etc/pptpd.conf localip 192.168.88.99 remoteip 192.168.88.100-200 3. Edit /etc/ppp/pptpd/options file. sudo nano /etc/ppp/pptpd.options ms-dns 192.168.88.2 ms-dns 192.168.88.6 4. Set ‘user-id’ and ‘password’ sudo nano /etc/ppp/chap-secrets vpn pptpd user

4.4 NTP In server: Install ntp and ntpdate sudo apt-get install ntp ntpdate

For the time server send the time to your other machines. Edit the file /etc/ntp.conf on the server. You have to add a line for your network.

broadcast 192.255.255.255

Client: Install ntp and ntpdate sudo apt-get install ntp ntpdate

Edit file: /etc/ntp.conf Add server ntps IP Start ntp in server and client: Sudo nano /etc/init.d/ntp restart To check if ntp is working: ntpq -c lpeer

4.5 Mail server – In order to install Postfix with SMTP-AUTH and TLS, first install the postfix package from the Main repository using sudo apt-get install postfix From a terminal prompt: sudo dpkg-reconfigure postfix The following details are added: 1.	General type of mail configuration: Internet Site 2.	NONE doesn't appear to be requested in current config 3.	System mail name: ns2.DEA.org 4.	Root and postmaster mail recipient: DEA 5.	Other destinations for mail: ns2.DEA.org, localhost.DEA.org, localhost 6.	Force synchronous updates on mail queue?: No 7.	Local networks: 192.168.88.0 8.	Yes doesn't appear to be requested in current config 9.	Mailbox size limit (bytes): 0 10.	Local address extension character: + 11.	Internet protocols to use: all

To configure the mailbox format for Maildir: sudo postconf -e 'home_mailbox = Maildir/' •	Issue this as well: sudo postconf -e 'mailbox_command =' •	Restart the postfix daemon using: sudo /etc/init.d/postfix restart

4.6 NFS Commands to configure NFS: For server follow these steps: Step 1: Install NFS Command: sudo apt-get install nfs-kernel-server

Step 2: Edit the exports file Command: sudo nano /etc/exports /home/wenrui/nfsroot *(rw,sync,no_root_squash) (“rw” means client has read and write authority. “sync” means synchronize,             “no_root_squash” means the client has no authority to change root’s file)

Step 3: Make a directory called nfsroot using the command: mkdir /home/wenrui/nfsroot Step 4: Restart the NFS server for the changes to be effective sudo service nfs-kernel-server restart

Restart portmap service sudo /etc/init.d/portmap restart Cd /home/wenrui/nsfroot/ touch me #Create a field named me               sudo nano me                //write anything you want and this will become visible for the client

Step 5: For Client NFS Install nfs-common Command: sudo apt-get install nfs-common

Step 6: Check the path of the shared folder Command: sudo showmount –e 

Step 7: Link the 2 directories and the mount the file to the server Command: sudo mount –t nfs :/home/wenrui/nfsroot /home/wenrui/nfs

5. Algorithm & Flowchart 1. Client enters the network 2. DHCP server assigns the client a dynamic address from a the range of the pool IP 3. The client shall then be connected in the network. 4. The client then pings to the server. Also requests the webpage of the domain “dea.org” 5. The request is directed to the dns server. 6. The dns looks up for the Ip address from the searched name, 7. Client is able access the desired webpage using the address.

Fig – The entire process

6. Testing. 1. DNS Using the nslookup dea.org command we can check weather the dns server is configured properly. It should display server address if searched using the hostname and vice versa is also true. 2.DHCP The DHCP server leases the IP dynamically from the range which has been configured. We can also check the IP leased by the DHCP server to the various hosts and clients. 3.	Web server The webserver hosts the webpages of various domains. It hosts the website of the company. 4.	Firewall Firewall implementation can be checked using the following commands sudo ufw status verbose It shows the action on all the hosts connected on the network. 5.	Back up This is a place on one of the servers where the file transfer of the configuration occurs at a scheduled time.

Working with an example. When the client is connected to a network is should be leased an IP address to the clients, from a pool of addresses. The client should be able to view the webpage using a browser. The file will be hosted by a web server. The Firewall should first allow the host to visit the page and can later block the host client as well. Future Scope Using other protocols like VPN, NFT, NIP etc the network can be greatly modified according to the requirements of the company. References https://ubuntuforums.org https://www.digitalocean.com/community https://www.askubuntu.com http://www.bind9.net