User:TSM5330 Group 3

== TSMG5330 LINUX PROJECT ==

Considering the following scenarios we came up with the best possible solution, which is robust, secure, dynamic and intelligent enough. Our team works on these requirements and we came up with a design, which is discussed within our team about the scope, feasibility, resources and interworking. We have implemented the design once approved by the team and integrated the elements.

TEAM

 * ANKUR GUPTA
 * PALAK TRIPATHI
 * PHANEENDRA
 * ABINAYA PRASAD

MODULES

 * DNS
 * DHCP
 * WEB SERVER
 * FIREWALL

REQUIREMENTS FOR SETUP

 * 1) We require four systems, a DNS server, a DHCP server, a Web server and a client.
 * 2) We require a Linux based Operating System.
 * 3) We use Ubuntu as dual boot in our system.
 * 4) Isc-dhcp is required to configure DHCP server
 * 5) We require bind9 to configure the DNS server
 * 6) Apache 6 is used as Web server

DNS
The DNS or The Domain Name Server maintains a Directory of Domain Names and translate them to Internet Protocol(IP) addresses. It is used when the web page is browsed by the servers and clients and it fetched the actual IP address. The DNS pool uses either the TCP or the UDP protocol which uses the port 80 at the transport layer.

DNS Master Server:
1) Install Bind9 software in Ubuntu  Command: apt-get install bind9 2) Configure      domain in   File: /etc/bind/named.conf.local 3) Configure Slave server details in   File: /etc/bind/named.conf.local 4) Configure type A record in the File: To test IP resolution 7) Configure   File: /etc/bind/rev.192.168.6.10 in-addr.arpa   IP to hostname resolution 8) Enter the root user mode to start DNS service.

DNS Slave Service
1) Install bind9  Command: apt-get install bind9 2) Create a domain with the name " " File: /etc/bind/named.conf.local 3) Configure record A enteries  File: /etc/bind/    File: /etc/bind/rev 192.168.6.10.in-addr.arpa 4) Start DNS service using the restart command in Linux

DHCP
Dynamic Host Configuration Protocol(DHCP) is a protocol which enables a server to assign an IP address to a client within a network from a scope of IP addresses for a given network. Computers configured to be DHCP clients have no control over the settings they receive from the DHCP server, and the configuration is transparent to the computer's user. In DHCP the entire process is automated and managed centrally.

DHCP Setup-Static
1) Install dhcp server  Command: sudo apt-get install isc-dhcp-server

2) Edit the eth0 file to static  Command: sudo nano /etc/network/interfaces

3) Enter details such as subnet mask, network address, broadcast address and DHCP address.  Command: sudo nano /etc/dhcp/dhcpd.conf

4) Restart the DHCP server  Command: sudo service isc-dhcp-server restart

5) To check the Ip  Command: ifconfig

DHCP Setup Dynamic
1) Edit the eth0 file to dhcp and comment the address, gateway, network and subnet addresses.  Command: sudo nano /etc/network/interfaces

2) Enter details such as subnet mask, network address, broadcast address and DHCP address.   Command: sudo nano /etc/dhcp/dhcpd.conf

3) Restart the DHCP server  Command: sudo service isc-dhcp-server restart

4) To check the IP  Command: ifconfig

WEB SERVER
A Web Server is a program that uses client/server model and the Hyper Text Transfer Protocol, serves the files that form web pages to web users. One of the leading web server, Apache, is used in our model. We use a web server for serving emails, downloading requests for file transfer protocols and building web pages. It works on port 80 by default at transport layer. The web server uses the server side HTTP and the browser uses the client side of the HTTP. When any server client pings the web server our custom made web page, it does so on port 80.

Web Server Configuration
1) Install Apache Web server on Dual Booted System  Command: sudo apt-get install apache2

2) Configure with static IP address within the network  Command: sudo nano /etc/network/interfaces

3) Restart the network  Command: sudo /etc/init.d/networking restart

4) The default location of the web page is stored in the following path  Command: sudo nano /var/www/rangers/html

5) By typing the respective domain name or the IP address we will be directed to the web page.

FIREWALL
1) The firewall steps were configured using hierarchically assigned IPtables.  Command: sudo apt-get install iptables-persistant

2) FOllowing commands are used  Command: sudo iptables-A OUTPUT-p --dport 22 -j ACCEPT   Command: sudo iptables-A INPUT -p --dport22 -j ACCept   Command: sudo iptables-A INPUT -p --dport21 -j ACCEPT

PPTP
We have implemented the Virtual Private Network in our model using the Point to Point Tunneling Protocol.The PPTP is used to ensure that the messages sent from one VPN node to another are secure. We install the PPTP package and configure the pptpd file. Once the client range is assigned and the DNS server configured we can use the IP addresses in the client range to use the Virtual Private Network.

PPTP Server Side
1) Install the pptpd package  Command: sudo apt-get install pptpd

2) Configure the pptpd file  Command: sudo nano /etc/pptpd.conf

3) Add server IP and client IP at the end of file. Configure DNS for clients to use the PPTP server

1) Configure DNS server for clients to access VPN  Command: sudo nano /etc/ppp/pptpd-options

2) Uncomment ms-dns and add google. Add VPN user  Command: sudo nano /etc/ppp/chap-secrets   The username password and IP addresses are edited accordingly

3) Start your server  Command: /etc/init.d/pptd restart

4) Configure Ipv4 Forwarding

PPTP Client SIde
1) Install pptp package on client side.  Command: sudo apt-get install pptpd

2) Add the Necessary kernal mode  Command: modprobe ppp_mppe

3) Create a new file /etc/ppp/peers/pptpserver

4) Call the PPT server  Command: ppd call ppt server

Secure Shell
Secure shell is a program which allows you to log into another computer over a network and execute commands in a remote computer and move files from one computer to another. To implement the SSH we need a client system and a server system. The SSH is implemented by exchanging the public and private keys between the client and the server systems. Once the two systems are connected the client can access the server system.

SSH Server
1) Install the SSH server package  Command: sudo apt-get install openssh-server

2) Configure the SSHD file based on the parameters for restrictions such as password authentication no, PAM no, challengeauthenticaion no  Command: sudo nano /etc/sshd_conf

3) Reload SSH  sudo /etc/init.d/ssh reload

SSH Client
1) Install openssh file in client system  Command: sudo apt-get install openssh-client

2) Generate key  Command: ssh-keygen

3) After generating key, change directory  Command: cd.ssh

4) Add the network  Command: ssh-add

5) To access the server  Command: scp id_rsa.pub 192.168.6.2:/home/palak   Command: ssh palak@192.168.6.2

6) Connection is established.

Components of my Mailserver

 * Postfix is a default Mail Transfer Agent (MTA) in Ubuntu. It attempts to be easy and fast to administer & secure. It is compatible with the MTA send mail. This section explains how to install and configure postfix. It also explains how to set it up as an SMTP server using secure connection (for sending emails securely)
 * Dovecot is Mail Delivery Agent, written with security primarily in mind. It supports major mailbox formats: mbox or Maildir. Our module explains how to set it up as an imap or pop3 server.
 * Apache2 which is our mail server composing of all the 4 users of our network. A working Apache installation with PHP is needed.
 * Squirrelmail which is simple, fast and popular webmail package.

Configuration
1) Configure server with static IP  Command: sudo nano /etc/network/interfaces

2) Restart the networking process  Command: sudo /etc/init.d/networking

3) Create domain name by editing the host file  Command: sudo nano /etc/hosts   Command: 192.168.6.6 mail.rangers.com mail

4) Install Web server, Mail Transfer Agents, Mail delivery agents, Web mail and mailutils  Command: sudo apt-get install apache2 php postfix dovecot-common dovecot-imapd dovecot-pop3d squirrel mail

5) Configurations done in web server apache2 using following commands:    #Cd /etc/apache2/sites-available/    #Ls –l     #Cp default mail     #Sudo nano mail – In mail, file configure my mail server name and also the root of the webmail

6) Restarting all the servers:  Command: sudo/etc/init.d/apache2  restart   Command: sudo/etc/init.d/dns  restart   COmmand: sudo/etc/init.d/dhcp  restart

Network File System
The network file system is a client/server application that allows a remote system to store and update a file in its systems as though they were on the user's system. One of the system is configured as the client NFS client system and the other is configured as the NFS server system. It helps to share documents and files within its own network.

NFS Server
1) Install NFS Server  Command: Sudo apt-get install nfs-kernel-server

2) Select a directory which you want to be shared and provide the permissions accordingly.

3) Create files which in the shared directory.

4) Edit the file and give permissions accordingly  Command: sudo nano /etc/exports

5) Restart the server  Command: Sudo /etc/init.d/nfs-kernel-server restart

6) You can view the directories and files  Command: Sudo showmount –e

NFS Client
1) Install nfs-common on the client side.  Command: Sudo apt-get installnfs-common

2) Create a directory that you want to mount the exported directory from the server side.

3) To mount the exported file into your created directory.   Command: Sudo mount ipaddress(Server):/directory* /clientdirectory path

FILE TRANSFER PROTOCOL
1) Install the FTP server   Command: Sudo apt-get installproftpd.conf

2) Configure the home directory   Command: cd /home sudomkdir FTP-folder

3) Create necessary user ids to have access to the particular directory created above by using the commands   Command: sudo useradd ftp-users -d /home/FTP-shared ankur

4) Securing FTP   Command: /etc/proftpd/proftpd.conf file and do the configurations based your need.

5) Restart the proftpd   Command: Sudo /etc/init.d/proftpd restart

CHALLENGES FACED
VIRTUAL MACHINE: The vmware virtual machine network adapter needs to be kept bridged automatic mode in order to have the devices connected via bridge to form a network. When either NAT or host only is used, it gives another default ip address as defined by the VMware network adapter which is not our requirement. If we need to have additional connections we need to add another network interface via add network adpaters.

DNS: Initially DNS master-slave transfer worked but required frequent restart of bind (slave), the loading of Zone files in /var/log/syslog would show the zones getting transferred. But the restart of the bind was done whenever the changes were made in the master dns. Adding notify yes; in the zone files present in named.conf.options resolved the issue and the changes made to master were reflected in the slave instantly. SSH: Initially implementing ssh with private-public authentication was a challenge as handling the keys was a critical thing. With the help of right commands and tools, we were able to implement the same.

References:
www.digitalocean.com www.help.ubuntu.com www.ask.ubuntu.com www.youtube.com/dancourses