User:Sujay Premkumar/sandbox

Team Members
1. Sujay Premkumar

2. Shashank Hegde

3. Anirudh Rao

4. Nithesh Nagaraj

Objective
The Objective is to design and implement a robust, secure, dynamic and intelligent network that supports Dynamic Host Configuration Protocol (DHCP), Domain Name System (DNS), Web Server, Firewall and Backup system using the Linux operating system.

Motivation
Linux is one of the most powerful open-source operating system. Linux Operating system has become the backbone of any network application. Linux OS being an open-source operating system is available for free and more flexible than most others, thus making it the most feasible and preferable option.

Domain Name System
The main function of the Domain Name System is to resolve the name of a domain into its corresponding IP address using the entry in its database file. The resolving is done when the domain name is typed in the address bar of a web browser, a DNS query is first sent to the name server and the nameserver resolves the name into the IP according to the entry. An option of Caching is also provided so that next time the same address is entered in the browser, the domain-name resolution is done faster. This can be verfied using the DIG command.

Dynamic Host Configuration Protocol
Understanding the Protocol

Behavior of the protocol

Dynamic Host Configuration Protocol (DHCP) is a client/server protocol that automatically provides an Internet Protocol (IP) host with its IP address and other related configuration information such as the subnet mask and default gateway.With dynamic IP adressing,each time when a host a connected to the network will be addressed dynamically. This TCP/IP standard reduces the complexity and administrative overhead of managing network client IPv4 / IPv6 addresses and other configuration parameters.

Signaling [1]

DHCP servers and DHCP clients communicate through a series of DHCP messages. To obtain a lease, the DHCP client initiates a conversation with a DHCP server using a series of these DHCP messages.

The common messages that can be sent between DHCP clients and servers are as follows:

DHCPDiscover Broadcast by a DHCP client when it first attempts to connect to the network. This message requests IP address information from a DHCP server.

DHCPOffer Broadcast by each DHCP server that receives the client DHCP Discover message and has an IP address configuration to offer to the client. The DHCPOffer message contains an unleased IP address and additional TCP/IP configuration information, such as the subnet mask and default gateway.

DHCPRequest Broadcast by a DHCP client after it selects a DHCPOffer. The DHCPRequest message contains the IP address from the DHCPOffer that it selected. If the client is renewing or rebinding to a previous lease, this packet might be unicast directly to the server.

DHCPAck Broadcast by a DHCP server to a DHCP client acknowledging the DHCPRequest message. Upon receipt of the DHCPAck, the client can use the leased IP address to participate in the TCP/IP network and complete its system startup. This message is typically broadcast, because the DHCP client does not officially have an IP address that it can use at this point.

DHCPNack, DHCPDecline, DHCPRelease and DHCPInform are the other common messages used by the server and client

What is DHCP [2]

Dynamic Host Configuration Protocol (DHCP)

The Dynamic Host Configuration Protocol (DHCP) is a network service that enables host computers to be automatically assigned settings from a server as opposed to manually configuring each network host. Computers configured to be DHCP clients have no control over the settings they receive from the DHCP server, and the configuration is transparent to the computer's user.

The most common settings provided by a DHCP server to DHCP clients include:

IP address and netmask

IP address of the default-gateway to use

IP adresses of the DNS servers to use

The advantage of using DHCP is that changes to the network, for example a change in the address of the DNS server, need only be changed at the DHCP server, and all network hosts will be reconfigured the next time their DHCP clients poll the DHCP server. As an added advantage, it is also easier to integrate new computers into the network, as there is no need to check for the availability of an IP address. Conflicts in IP address allocation are also reduced.

Webserver
What is a web server?

A Web server is a program that uses HTTP port 80 (Hypertext Transfer Protocol) to give out the information or files in the form of Web pages to users, in response to their requests, which are forwarded by their computers' HTTP clients. Dedicated computers and appliances may be referred to as Web servers.

The main requirement is a Linux based OS. This project is being implemented using Ubuntu 16.04. In addition to this, BIND9 for implementing DNS caching, DHCP server for implement dynamic IP allocation and Apache2 server for hosting a website are required.

Firewall
Firewall is used to provide a layer of security to control the incoming and outgoing traffic in a network. All traffic other than the allowed set of rules made in the IP tables are denied by the firewall at the gateway router (router in between the private network and the public network). Requirements The main requirement is a Linux based OS.

Backup server
The protocols used for backup are rsync and ssh. Rsync is a protocol used to synchronize files in Ubuntu. It updates only that data that is not yet synchronized with the backup file. Ssh protocol provides a secure channel to send and receive files on Unix machines. It uses encryption and decryption at the end users. Crontab is used for scheduling backups.

DNS (Master And Slave)
Step 1: Install bind using the below command(

Command:

sudo apt-get install bind9

Step 2: Create a hostname

Command:

sudo nano /etc/hostname

ns

Where ns stands for NAMESERVER. Any host name can be used, we have used ns for better understanding. Step 3: Create a domain-name by editing /etc/hosts

Command:

sudo nano /etc/hosts

Add

127.0.0.1  localhost

192.168.1.204    ns.example.org    ns

Step 4: Now Configure named.conf.options

Command:

sudo nano /etc/bind/named.conf.options

Add forwarders {

# ISP DNS IP’s 8.8.8.8;

8.8.4.4;

};

Step 5: Make sure named.conf has the following lines,

Command:

include "/etc/bind/named.conf.options"; include "/etc/bind/named.conf.local"; include "/etc/bind/named.conf.default-zones"; Step 6: Configure named.conf.local

Command:

sudo nano /etc/bind/named.conf.local

Edit

# Forward zone

zone "example.org" {

type master;

allow-transfer{ip address of the slave;};

file "/etc/bind/zones/db.example.org";

};

# Reverse Zone

zone "1.168.192.in-addr.arpa" {

type master;

allow-transfer{ip address of the slave;};

file "/etc/bind/zones/db.192";

};

Step 7: Create two database files db.example.org and db.192 in zones folder

Command:

Make a directory(Here the Directory is zones) etc/bind/zones

sudo mkdir /etc/bind/zones

Use the below command to copy db.local to db.example.org

sudo cp /etc/bind/db.local /etc/bind/zones/db.example.abc

Open db.example.org file

sudo nano /etc/bind/zones/db.example.org

Edit the file

$TTL   604800

@      IN      SOA     example.org. root.example.org. (

1        ; Serial

604800        ; Refresh

86400        ; Retry

2419200        ; Expire

604800 )      ; Negative Cache TTL

;

@              IN  NS    ns.example.org

@              IN  NS    ns1.example.org

ns             IN  A     192.168.1.204

ns1            IN  A     192.168.1.228

canonical      IN  CNAME canonical.example.org

www            IN  A     192.168.1.206

Save and Exit

Use the below command to copy db.127 to db.192

sudo cp /etc/bind/db.127 /etc/bind/zones/db.192

Open db.192 file

sudo nano /etc/bind/zones/db.192

Edit the file

$TTL   604800

@      IN      SOA     example.org. root.example.org. (

1        ; Serial

604800        ; Refresh

86400        ; Retry

2419200        ; Expire

604800 )      ; Negative Cache TTL

;

@              IN  NS    ns.example.org

@              IN  NS    ns1.example.org

206            IN  PTR   example.org

204            IN  PTR   ns.example.org

228		IN PTR	  ns1.example.org Save and Exit

Check whether forward zone is working properly by executing the below command

named-checkzone example.org /etc/bind/db.example.org

# Forward Zone

named-checkzone example.org /etc/bind/zones/db.example.org

zone example.org /IN: loaded serial  1

Ok

Check whether reverse zone is working properly by executing the below command

named-checkzone 1.168.192.in-addr.arpa. /etc/bind/db.192

#Reverse Zone

named-checkzone example.org /etc/bind/zones/db.192

zone autun.hom /IN: loaded serial  1

Ok

Restart the bind server and check the log file for no errors

sudo /etc/init.d/bind9 restart

tail -f /var/log/syslog

The output of tail -f /var/log/syslog should say serial loaded.

Create another virtual machine and host the slave server on it.

Step 8: Edit /etc/bind/named.conf.local on the slave virtual machine

Command:

sudo nano /etc/bind/named.conf.local

Edit

# Forward zone

zone "example.org" {

type slave;

masters{ip address of the master;};

file "/var/cache/bind/db.example.org";

};

# Reverse Zone

zone "1.168.192.in-addr.arpa" {

type slave;

masters{ip address of the master;};

file "/var/cache/bind/db.192";

};

DHCP
Step [1]:

To install the DHCP 4 server that support DHCPv6; install the isc-dhcp-server package:

Command:

sudo apt-get install isc-dhcp-server

You will then need to edit and modify the stock configuration file shipped in /etc/dhcp/dhcpd.conf

Step [2]:

Edit the Interface file to specify the interface name for the Virtual machine to use for communication.

sudo nano /etc/default/isc-dhcp-server

Change the above file with the beloew interface value

INTERFACES="ens33" Ubuntu 16.04 Version

INTERFACES="eth0"  Ubuntu 14.04 version

Step [3]:

Set the static Ip address of the DHCP server

sudo nano /etc/network/interfaces

# interfaces(5) file used by ifup(8) and ifdown(8)

auto lo

iface lo inet loopback

auto ens33

iface ens33 inet static

address 192.168.1.100

netmask 255.255.255.0

gateway 192.168.1.1

broadcast 192.168.1.255

auto ens33

iface ens33 inet6 static

address fd01:db8:0:1::2

netmask 64

gateway fd01:db8:0:1::1

Step [4] :

Edit the dhcpd.conf file to provide IPV4 address range to the clients

sudo nano /etc/dhcp/dhcpd.conf

ddns-update-style none;

option domain-name "example.org";

option domain-name-servers ns1.example.org, ns2.example.org;

default-lease-time 600;

max-lease-time 7200;

authoritative;

log-facility local7;

# A slightly different configuration for an internal subnet.

subnet 192.168.1.0 netmask 255.255.255.0 {

range 192.168.1.201 192.168.1.250;

option domain-name-servers 192.168.1.204, 192.168.1.228;

option domain-name "example.org";

option routers 192.168.1.1;

option broadcast-address 192.168.1.255;

default-lease-time 600;

max-lease-time 7200;

}

Step [5]:

Restart the dhcp server

sudo service isc-dhcp-server restart

or

sudo /etc/init.d/isc-dhcp-server status

Sample Status output

? isc-dhcp-server.service - ISC DHCP IPv4 server

Loaded: loaded (/lib/systemd/system/isc-dhcp-server.service; enabled; vendor preset: enabled)

Active: active (running) since Fri 2016-12-02 22:32:20 EST; 16min ago

Docs: man:dhcpd(8)

Main PID: 1291 (dhcpd)

CGroup: /system.slice/isc-dhcp-server.service

+-1291 dhcpd -user dhcpd -group dhcpd -f -4 -pf /run/dhcp-server/d...

Dec 02 22:32:27 ubuntu dhcpd[1291]: For info, please visit https://www.isc....p/

Dec 02 22:32:28 ubuntu dhcpd[1291]: Wrote 30 leases to leases file.

Dec 02 22:32:28 ubuntu sh[1291]: Wrote 30 leases to leases file.

Dec 02 22:32:28 ubuntu dhcpd[1291]: Listening on LPF/ens33/00:0c:29:59:bf:d...24

Dec 02 22:32:28 ubuntu sh[1291]: Listening on LPF/ens33/00:0c:29:59:bf:da/1...24

Dec 02 22:32:28 ubuntu sh[1291]: Sending on  LPF/ens33/00:0c:29:59:bf:da/1...24

Dec 02 22:32:28 ubuntu sh[1291]: Sending on  Socket/fallback/fallback-net

Dec 02 22:32:28 ubuntu dhcpd[1291]: Sending on  LPF/ens33/00:0c:29:59:bf:d...24

Dec 02 22:32:28 ubuntu dhcpd[1291]: Sending on  Socket/fallback/fallback-net

Dec 02 22:32:28 ubuntu dhcpd[1291]: Server starting service.

Hint: Some lines were ellipsized, use -l to show in full.

Step 6:

Client Side Ipv4 COnfiguration

Connect the client in the same LAN,

In the interface file /etc/network/interfaces

provide the dhcp interface as

auto ens33

iface ens33 inet dhcp

Ipv6 Configuration 

Server Configuration 

Step 1:

Set the static Ip address of the DHCP ipv6 server

sudo nano /etc/network/interfaces

auto ens33

iface ens33 inet6 static

address fd01:db8:0:1::2

netmask 64

gateway fd01:db8:0:1::1

Step 2:

Create similar file as dhcpd.conf file in /etc/dhcp/  as dhcpd6.conf

sudo nano /etc/dhcp/dhcpd6.conf

Add the folowing entires in the conf file

/////////////////////////////////////////

ddns-update-style none;


 * 1) deny declines;


 * 1) deny bootp;


 * 1) option domain-name "example.org";


 * 1) option domain-name-servers ns1.example.org, ns2.example.org;

default-lease-time 600;

max-lease-time 7200;

authoritative;

log-facility local7;

subnet6 fd01:db8:0:1::0/64 {

range6 fd01:db8:0:1::A fd01:db8:0:1::64;

}

////////////////////////////////////////////

Step 3 

Create a new isc-dhcp6-server similar to ipv4 server file

sudo nano /etc/init.d/isc-dhcp6-server

////////////////////////////////////


 * 1) !/bin/sh

#


 * 1) $Id: isc dhcp server.init.d,v 4.2.1-P1 2011/04/05 /usr/local/sbin/dhcpd$

#


 * 1) BEGIN INIT INFO


 * 1) Provides:          dhcpd-server


 * 1) Required-Start:    $remote_fs $network $syslog


 * 1) Required-Stop:     $remote_fs $network $syslog


 * 1) Should-Start:      $local_fs slapd


 * 1) Should-Stop:       $local_fs slapd


 * 1) Default-Start:     2 3 4 5


 * 1) Default-Stop:      1


 * 1) Short-Description: DHCP server


 * 1) Description:       Dynamic Host Configuration Protocol Server


 * 1) END INIT INFO

PATH=/sbin:/bin:/usr/sbin:/usr/bin


 * 1) config file

NAME=dhcpd6

DESC="DHCP IPv6 server"

INTERFACES="ens33"

SERVER=/usr/sbin/dhcpd

SERVERARGS="-6"

CONFIGFILE=/etc/dhcp/dhcpd6.conf

LIBFOLDER=/var/lib/dhcp

LEASEFILE="${LIBFOLDER}/dhcpd6.leases"

RUNFOLDER=/var/run/

DHCPDPID="${RUNFOLDER}/dhcpdv6.pid"


 * 1) check filetypes/values

test -f "${SERVER}" || exit 0


 * 1) include all init functions

. /lib/lsb/init-functions

test_config

{

# 1.) check config

if [ ! "${SERVER}" "${SERVERARGS}" -t -q -cf "${CONFIGFILE}" > /dev/null 2>&1 ]; then

echo "${NAME} self-test failed. Please fix the config file."

echo "The error was: "

"${SERVER}" "${SERVERARGS}" -t -cf "${CONFIGFILE}"

exit 1

fi

# 2.) test_config will started if someone wants to start the server

# test if the server is currently running

if [ "${1}" = "start" ]; then

if [ -e "${DHCPDPID}" ]; then

stop_server "Currently running instance of ${DESC} found (PID: `cat ${DHCPDPID}`) - will now stop this instance"

fi

fi

}

stop_server{

if [ "${1}" != "" ]; then

log_daemon_msg "${1}"

fi

if [ -e "${DHCPDPID}" ]; then

log_daemon_msg "Stopping ${DESC} ${NAME} [`cat ${DHCPDPID}`]"

start-stop-daemon --stop --quiet --pidfile "${DHCPDPID}"

log_end_msg $?

rm -f "${DHCPDPID}"

else

log_daemon_msg "Stopping ${DESC} ${NAME}: nothing do do, no pidfile found"

fi

}

# single arg is -v for messages, -q for none

check_status{

if [ ! -r "$DHCPDPID" ]; then

test "$1" != -v || echo "$NAME is not running."

return 3

fi

if read pid < "$DHCPDPID" && ps -p "$pid" > /dev/null 2>&1; then

test "$1" != -v || echo "$NAME is running."

return 0

else

test "$1" != -v || echo "$NAME is not running but $DHCPDPID exists."

return 1

fi

}

case "$1" in

start)

test_config ${1}

log_daemon_msg "Starting ${DESC} ${NAME}"

# allow dhcp server to write lease and pid file

if [ ! -e "${RUNFOLDER}" ]; then

# create run folder

mkdir -p "${RUNFOLDER}"

chown dhcpd:dhcpd "${RUNFOLDER}"

# create pid file

touch "${DHCPDPID}"

chown dhcpd:dhcpd "${DHCPDPID}"

else

# create pid file

touch "${DHCPDPID}"

chown dhcpd:dhcpd "${DHCPDPID}"

fi

if [ ! -e "${LIBFOLDER}" ]; then

# create run folder

mkdir -p "${LIBFOLDER}"

chown dhcpd:dhcpd "${LIBFOLDER}"

# create lease file

touch "${LEASEFILE}"

chown dhcpd:dhcpd "${LEASEFILE}"

else

# create pid file

touch "${LEASEFILE}"

chown dhcpd:dhcpd "${LEASEFILE}"

fi

start-stop-daemon --start --quiet --pidfile "${DHCPDPID}" --exec "${SERVER}" -- "${SERVERARGS}" -q -pf "${DHCPDPID}" -cf "${CONFIGFILE}" -lf "${LEASEFILE}" "${INTERFACES}"

sleep 2

if check_status -q; then

log_end_msg 0

start-stop-daemon --start --quiet --pidfile "${DHCPDPID}" --exec "${SERVER}" -- "${SERVERARGS}" -q -pf "${DHCPDPID}" -cf "${CONFIGFILE}" -lf "${LEASEFILE}" "${INTERFACES}"

sleep 2

if check_status -q; then

log_end_msg 0

else

log_failure_msg "check syslog for diagnostics."

log_end_msg 1

exit 1

fi

;;

stop)

# stop dhcp server

stop_server

;;

restart | force-reload)

test_config

$0 stop

sleep 2

$0 start

if [ "$?" != "0" ]; then

exit 1

fi

;;

status)

echo -n "Status of $DESC: "

check_status -v

exit "$?"

;;

*)

echo "Usage: $0 {start|stop|restart|force-reload|status}"

exit 1

else

log_failure_msg "check syslog for diagnostics."

log_end_msg 1

exit 1

fi

;;

stop)

# stop dhcp server

stop_server

;;

restart | force-reload)

test_config

$0 stop

sleep 2

$0 start

if [ "$?" != "0" ]; then

exit 1

fi

;;

status)

echo -n "Status of $DESC: "

check_status -v

exit "$?"

;;

*)

echo "Usage: $0 {start|stop|restart|force-reload|status}"

exit 1

esac

exit 0

//////////////////////////////////

Step 4:

Trouble shooting steps:

After Configuring server files, Restart the isc server as shown below,

@ubuntu:~$ sudo /etc/init.d/isc-dhcp6-server status

? isc-dhcp6-server.service - LSB: DHCP server

Loaded: loaded (/etc/init.d/isc-dhcp6-server; bad; vendor preset: enabled)

Active: inactive (dead)

Docs: man:systemd-sysv-generator(8)

@ubuntu:~$ sudo /etc/init.d/isc-dhcp6-server restart

[....] Restarting isc-dhcp6-server (via systemctl): isc-dhcp6-server.serviceJob for isc-dhcp6-server.service failed because the control process exited with error code. See "systemctl status isc-dhcp6-server.service" and "journalctl -xe" for details.

failed!

To solve the restarting failure, follow the following steps

A.

$ sudo apparmor_status

apparmor module is loaded.

24 profiles are loaded.

24 profiles are in enforce mode.

/sbin/dhclient

/usr/bin/evince

/usr/bin/evince-previewer

/usr/bin/evince-previewer//sanitized_helper

/usr/bin/evince-thumbnailer

/usr/bin/evince-thumbnailer//sanitized_helper

/usr/bin/evince//sanitized_helper

/usr/bin/ubuntu-core-launcher

/usr/lib/NetworkManager/nm-dhcp-client.action

/usr/lib/NetworkManager/nm-dhcp-helper

/usr/lib/connman/scripts/dhclient-script

/usr/lib/cups/backend/cups-pdf

/usr/lib/ipsec/charon

/usr/lib/ipsec/stroke

/usr/lib/lightdm/lightdm-guest-session

/usr/lib/lightdm/lightdm-guest-session//chromium

/usr/sbin/cups-browsed

/usr/sbin/cupsd

/usr/sbin/cupsd//third_party

/usr/sbin/dhcpd

/usr/sbin/ippusbxd

/usr/sbin/tcpdump

webbrowser-app

webbrowser-app//oxide_helper

0 profiles are in complain mode.

4 processes have profiles defined.

4 processes are in enforce mode.

/usr/lib/ipsec/charon (1458)

/usr/sbin/cups-browsed (861)

/usr/sbin/dhcpd (1287)

/usr/sbin/dhcpd (1291)

0 processes are in complain mode.

0 processes are unconfined but have a profile defined.

B. Clear the apparmar entires

sudo /etc/init.d/apparmor teardown

* Unloading AppArmor profiles                                          [ OK ]

@ubuntu:~$ sudo apparmor_status

apparmor module is loaded.

0 profiles are loaded.

0 profiles are in enforce mode.

0 profiles are in complain mode.

0 processes have profiles defined.

0 processes are in enforce mode.

0 processes are in complain mode.

0 processes are unconfined but have a profile defined.

Step 5:

Restart the dhcp ipv6 server

sudo /etc/init.d/isc-dhcp6-server restart

[ ok ] Restarting isc-dhcp6-server (via systemctl): isc-dhcp6-server.service.

Step 6:

sudo /etc/init.d/isc-dhcp6-server status

? isc-dhcp6-server.service - LSB: DHCP server

Loaded: loaded (/etc/init.d/isc-dhcp6-server; bad; vendor preset: enabled)

Active: active (running) since Fri 2016-12-02 23:03:28 EST; 1min 4s ago

Docs: man:systemd-sysv-generator(8)

Process: 3051 ExecStart=/etc/init.d/isc-dhcp6-server start (code=exited, status=0/SUCCESS)

CGroup: /system.slice/isc-dhcp6-server.service

+-3065 /usr/sbin/dhcpd -6 -q -pf /var/run//dhcpdv6.pid -cf /etc/dh...

Dec 02 23:03:26 ubuntu isc-dhcp6-server[3051]: * Starting DHCP IPv6 server ...6

Dec 02 23:03:26 ubuntu dhcpd[3064]: Internet Systems Consortium DHCP Server....3

Dec 02 23:03:26 ubuntu dhcpd[3064]: Copyright 2004-2015 Internet Systems Co...m.

Dec 02 23:03:26 ubuntu dhcpd[3064]: All rights reserved.

Dec 02 23:03:26 ubuntu dhcpd[3064]: For info, please visit https://www.isc....p/

Dec 02 23:03:26 ubuntu dhcpd[3064]: Wrote 0 NA, 0 TA, 0 PD leases to lease file.

Dec 02 23:03:26 ubuntu dhcpd[3064]: Bound to *:547

Dec 02 23:03:26 ubuntu dhcpd[3065]: Server starting service.

Dec 02 23:03:28 ubuntu isc-dhcp6-server[3051]:   ...done.

Dec 02 23:03:28 ubuntu systemd[1]: Started LSB: DHCP server.

Hint: Some lines were ellipsized, use -l to show in full.

Client Configuration 

Step 1:

Installing the DHCP client

On most systems, the ISC DHCP client should already be installed. This is true for both standard desktop and server installs.

The ISC DHCP client can be installed with the following command:

sudo apt-get install isc-dhcp-client

You can then use the dhcp client by issuing the following command:

sudo dhclient

Where is the network device you want to configure. For example, eth0, or wlan0.

Step 2:

Edit the interface file, /etc/network/interfaces

iface ens33 inet6 dhcp

pre-up modprobe ipv6;

address fd01:4343:32:45::2

netmask 64

gateway fd01:4343:32:45::1

address IPv6-BLOCK-ADDR-FROM-ONLINE::1

netmask 64

accept_ra 1

pre-up /sbin/dhclient -1 -v -pf /run/dhclient.ens33.pid -lf /var/lib/dhcp/dhclient6.leases -cf /etc/dhcp/dhclient6.conf -6 -P ens33

Step 3: Setup ISC DHCPv6 Client:

Create/edit the file /etc/dhcp/dhclient6.conf

interface "eth0" {

send dhcp6.client-id your:duid;

request;

}

If there is issue with dad failed in Ubuntu 16.04, try changing the /etc/sysctl.conf,  with enabling the following

net.ipv6.conf.all.accept_dad = 0

net.ipv6.conf.all.dad_transmits = 0

net.ipv6.conf.default.accept_dad = 0

net.ipv6.conf.default.dad_transmits = 0

net.ipv6.conf.ens33.accept_dad = 0

net.ipv6.conf.ens33.dad_transmits = 0

net.ipv6.conf.lo.accept_dad = -1

net.ipv6.conf.lo.dad_transmits = 0

try to provide  these command for persistent changes

sysctl -p /etc/sysctl.conf

Try performing these to get ipv6

dhclient -6

'''Tada!!!!! Done'''

Webserver
Step 1: Install Apache2 Webserver

Command: sudo apt-get install apache2

Step 2: Check whether the web server is able to listen on port 80

Command: netstat -a | more

Step 3: Restart the web server

Command: sudo /etc/init.d/apache2 stop

sudo /etc/init.d/apache2 start

Step 4: Develop a webpage for the server

Command: cd /var/www/html/

sudo nano index.html

Firewall
Firewall allows the system administrator to configure the ip tables.

command to install firewall

sudo spt-get install ufw

1. In order to block ICMP requests:

sudo iptables -A INPUT -d  -p icmp -icmp -type 0 -j DROP

2. In order to prevent SSH login:

sudo iptables -A INPUT -s  -d  -p tcp -dport ssh - j DROP 3. In order to block FTP ports:

sudo iptables –A INPUT –d 192.168.1.8 –p tcp –dport 20 –j DROP

sudo iptables –A INPUT –d 192.168.1.8 –p tcp –dport 21 –j DROP

4. In order to block the port used by Telnet:

sudo iptables –A INPUT –d 192.168.1.8 –p tcp –dport 23 –j DROP

5. To block a webpage:

sudo iptables –A INPUT –d 192.168.1.8 –s 192.168.1.22 –p tcp –dport –j DROP

ARP Poisioning
ARP posioning is acheived by corrupting the ARP cache of the target system. In this we are hosting a proxy web server and ARP posioning a client such that when it tried to access the actual webserver the proxy webserver is shown instead. This can be achieved by a program library called scapy in python. By writing a script in python we posioned the ARP cache. Steps to follow, Step 1:Host a web-server with the same commands described before but with a different HTML page.

Step 2:Run the following commands on your attacker machine/proxy web server

Command:

iptables -t nat --flush

iptables --zero

iptables -A FORWARD --in-interface  -j ACCEPT

iptables -t nat --append POSTROUTING --out-interface  -j MASQUERADE

# Forward to proxy server

iptables -t nat -A PREROUTING -p tcp --dport 80 --jump DNAT --to-destination 

Step 3:Run the python script

Step 4:Enter the IP or domain of the actual webserver on your browser and you can see your proxy webserver being displayed.

NFS
Step 1:Configuring the NFS-server

Command:

sudo apt-get install nfs-kernel-server

sudo mkdir /export/shared

sudo chmod 777 /export/shared

Edit the file

sudo nano /etc/exports

On the last line

append ==> /export/shared  (rw,sync,no_root_squash)

Save and Exit

Change the directory cd /export/shared

touch newfile

sudo nano new-file

sudo reboot

# Enter the data that is to be seen by the client

Restart the server

sudo service nfs-kernel-server restart

Step 2:Configuring the NFS-client

Command:

sudo apt-get install nfs-common

Make directory in /home

mount serverip:/serverpath /clientpath

sudo reboot

sudo mount -a

Backup
The protocols used for backup are rsync and ssh. Rsync is a protocol used to synchronize files in Ubuntu. It updates only that data that is not yet synchronized with the backup file. Ssh protocol provides a secure channel to send and receive files on Unix machines.It uses encryption and decryption at the end users. Crontab is used for scheduling backups.

Step 1: Install rsync

sudo apt-get install rsync

Step 2: Install ssh

sudo apt-get install openssh-server

Step 3: Create a public and a private key for security

ssh-keygen -t rsa

Step 4: Copy this into the web server

ssh b@B mkdir -p .ssh

Step 5: append the generated keys to the Host B from A using: cat .ssh/id_rsa.pub | ssh b@B 'cat >> .ssh/authorized_keys'

Step 6: Edit crontab

crontab –e

Step 7: Give the scheduling and run the rsync command from the crontab to automate the backup of the webserver using Rsync

rsync -avzh -e ssh webserver@ipaddress:/var/www /home/backupserver/DestinationFolder

IPsec VPN.
The security of the network is taken care by using IPsec protocol, packet integrity is ensured by using the open source package strongswan in ubuntu16.04.

The commands used for installing the strngswan are:

sudo apt-get install ipsec-tools strongswan-starter

after the installation encryption steps needs to be set-up on both the system.

System 1 needs to be edited in the file path:ex:Red and Blue are the 2 systems needs to talk using a secure tunnel by exchaning RSA keys between them.

In red edit the file as:

nano /etc/ipsec.conf

conn red-to-blue

authby=secret

auto=route

keyexchange=ike

left=192.168.100.100

right=192.168.100.200

type=transport

esp=aes128gcm16!

to create key exchange :

create the file which holds the PSKs

nano /etc/ipsec.secrets

192.168.100.100 192.168.100.200 : PSK "Your password here!"

ipsec restart

In blue:

apt-get install ipsec-tools strongswan-starter

nano /etc/ipsec.conf

conn blue-to-red

authby=secret

auto=route

keyexchange=ike

left=192.168.100.200

right=192.168.100.100

type=transport

esp=aes128gcm16!

Now create the file which holds the PSKs

nano /etc/ipsec.secrets

Here the ip's should be interchanged.

192.168.100.100 192.168.100.200 : PSK "Your password here!"

ipsec restart

Now testing is done by capturing the packets in wireshark before the tunnel and after the tunnel creation.

After the tunnel is formed you will be able to see the packets with ESP .The data visibility will be hidden.

Method 2:

red server do the following and leave it running:

ping -s 4048 192.168.100.200

On the blue server run the following:

watch ipsec statusall

tcpdump esp on blue server

packets with ESP trace will be visible.

Hence a secured tunnel is being established the two systems.

DNS Test
The following commands are used for DNS testing:

1) Dig

Domain Information Groper is used to query DNS name servers. It performs DNS lookups and returns the response from the name servers.

2) Nslookup

nslookup is a command used to query DNS servers. Interactive mode gives permission to the user to query the name servers for getting information about hosts and domains. Non-interactive mode gives permission to the user for printing just the name and information that is requested for a particular host or domain.

3) Ping

Ping is used for checking the network layer status of the server.

4) Host

Host is used for DNS lookups. It resolves hostnames to IP addresses and vice versa.

DHCP Test
A device entering a network gets an IP address, which is allocated by the DHCP server. IP address can be verified using ifconfig/ipconfig.

sudo dhclient –r                 -This command is used for refreshing

cat /var/lib/dhcp/dhcpd.leases   - This command is used to view the lease provided by the DHCP server to a particular device

Webserver Test
1)to test the webserver the user should be able to display the content by typing his own local host ADDRESS in the browser. 2)tested by using his own ip from other clients.

Firewall Test
A client Can try to ping the servers which are blocked. If the response is request timed-out then, the firewall has blocked the client and it is working properly.

The client won't gain access to the webpage because it is forbidden.