Finishing off your CentOS 7 Linux system

Introduction This lab is the second in the series, and will involve you finishing off the networking side of your system, by setting up a local DNS server, using and setting up applications and users on Linux, and monitoring the usage of those applications. The two server side applications that you will be setting up are both key versions of web servers that dominate the internet - Apache and Nginx. You will be publishing those web sites - albeit the NAT firewall will prevent you from publishing on to the internet for real, but they will be accessible locally. You will be joining up to other groups in the lab to test those web servers, and the material you have placed on them, to ensure they are viable, accessible and reasonably secure. It is possible to test the access speeds of the web servers, but only if you have a sufficient number of patrons accessing them and you have a large enough web site. The group report is expected to be around 5 sides summarising what you have done, and the relevance to your course. The online questions that relate to what you have completed will also need to be answered by the deadline, and completed individually. To get a mark you need to attend the lab with your group, with the written part completed, show the system working and then answer a few questions about the lab that the tutor will ask to the group as a whole in a discussive format. You have two lab sessions to finish both the practical and the write up of the practical. Bringing the finished report and leaving it with the tutor, on the fourth week after starting the lab, is sufficient for the hand in. You will get feedback on the practical and report immediately, but a more considered mark will follow in the next few weeks after hand in. This will give both tutors on the course sufficient time to go over your work. Note the steps can be followed if you have a very good knowledge of the system. If not you must check through the references - where you will find links to sites which detail the steps to follow based on CentOS installation guides. I have not detailed these in here, to allow you space to discover these yourselves. Please see the marking scheme addendum, at the end of the document - group work is expected here, and your contribution to this is valued. What you will require: Access to the internet CentOS Linux installed on the system, fully working and internet accessible Please read all the way through, before launching into the steps involved. Particularly check the resources links, which will detail how to install the stepped items below. PJW Nov 2015 Lab 2, NSA, Level 5 Page 2 Steps 1. With reference to earlier slides and other material available on the internet, asking the tutor when necessary, setup one of your Linux machines with a DNS server, which references other internet DNS servers. 2. Setup all of your machines so that they reference this local DNS server, rather than 8.8.8.8, and ensure it is working fully. 3. Give all of your local machines a host name, to allow them to be referenced as names, rather than as IP addresses, preferably through the DNS, but it can be through using local host tables. 4. Setup users for each of the group on every machine, as administrators able to use sudo. Setup other users on the system that are not able to use sudo. Setup root with a none dictionary password, document the password in a safe and accessible format. 5. Setup a user that is used to perform backups of the system. 6. Setup at least two groups, one systems admin users, the other as ordinary users. The ordinary users should be able to use the web browser and other desktop applications, but not able to access each other's home directories, or other secure files on the system. 7. Ensure you are running the X Window system, with a relevant web browser installed on it. 8. Setup Apache on one of your Linux servers, and Nginx on the other Linux server. 9. Ensure there is no firewall blocking access to the ports used by these servers. 10. Map out the directory structure of each on your servers, and copy or build a web site for each server, based on the CentOS documentation. 11. Create a couple of scripts, in an accessible directory for your user, which allow you to interrogate the system for relevant information - such as web site access, file access. 12. Enable logging for your web servers, both internal and on the wire. 13. Compare and contrast the two servers in terms of ease of use, functionality and performance. 14. Link up to the other lab Linux machines if possible - and test their web servers for accessibility, this will involve some IP changes, possible DNS changes - and may mean qualifying your DHCP access with direct MAC address to IP address delivery. 15. Install NTP - network time protocol - on your server, and enable pooled NTP access. Inessential possible extras: 16. Setup a syslog server, and log to this server. 17. Setup LAMP, and enable separate user access to your web servers - this is not a must, but a desirable - so a few bonus marks will be given for this. 18. Setup a CentOS 7 directory service. Some helpful detail: Setting up your basic system with full naming and internet access is a primary concern of this lab. The two web servers must be accessible and usable across the whole lab - as well as being as secure as you can make them. For this basic measures can be taken, but there is area for added value - such as a firewall if you find there is time. LAMP is also mentioned in the above. LAMP stands for Linux, Apache, mySQL and PHP. These applications together are the basis for most dynamic web sites using the above web servers, and although again these are in no way essential for the lab - if you can manage to get them running on your machines, a small amount of "bonus" marks will be given. A link is given below for this. PJW Nov 2015 Lab 2, NSA, Level 5 Page 3 The majority of marks will be given to you for building a successful web server, and comparing the two types of web servers we see on the internet, as well as being able to analyse and monitor access to these servers. Building blocks such as users, groups, DNS, NTP are key parts. I would also expect to see a working copy of a monitor which tracks access to your web servers, such as tcpdump or wireshark. Resources These are only a suggestion, there are very many resources that relate to usage of CentOS 7 on the internet, both official and unofficial. Most give you a user guide which involves stepping you through the install process - so use these to your advantage. I only ask that you understand what you are doing as you are doing it - so this will involve extra discussion and reading in your group. BIND DNS setup information ? https://www.centos.org/docs/5/html/5.1/Deployment_Guide/ch-bind.html ? http://www.unixmen.com/setting-dns-server-centos-7/ ? (The latter is a more straightforward to follow guide) Setting up Users and Groups ? http://www.centos.org/docs/4/html/rhel-sag-en-4/ch-redhat-config-users.html ? http://www.centos.org/docs/4/html/rhel-sag-en-4/s1-users-cmd-line.html ? (the first is via the X Window system, the second via the command line. If you are doing the latter, you would be able to script multiple users/groups as needed) Setting up a webserver ? http://www.cyberciti.biz/faq/howto-install-linux-apache-mariadb-php-lamp-stack-on-centos7-rhel7/ ? (note the above also install an sql server, after the apache server is installed - this would contribute to an LAMP system on your LInux server - but again not necessary for this lab) ? https://www.liberiangeek.net/2014/07/enable-nginxs-repository-install-nginx-centos-7/ ? (nginx on your CentOS 7 system - including reference to the firewall…) Install NTP on your server ? http://www.tecmint.com/install-ntp-server-in-centos/ ? http://www.pool.ntp.org/en/ Setting up a secure webserver (not vital - as it is complex - but try it if you feel able) ? http://wiki.centos.org/HowTos/Https ? (note any previous security issues with the openssl? Is this problem solved?) PJW Nov 2015 Lab 2, NSA, Level 5 Page 4 Report Structure - note the extra component for this lab This will be the same for all the reports, and needs to be approximately 5 sides in length, with an introduction, main body, and a conclusion. If you have references, it is always good to put them in. If you make the report too large, then you will be penalised. If you give the report lots of screenshots to fill up pages, you will be penalised twice, as firstly there will be less descriptive text, and secondly too much space taken up by pictures. There also needs to be a cover page, with the title of the lab, date, names of those taking part in the lab. Marking Scheme Addendum Important: If in the discussion it is evident that you have not contributed to the report, or that your contribution has been very little, or that you understand very little of the lab, your mark for the group report and the discussion will be a smaller proportion of those marks. If you do not turn up for the demonstration of the lab working, then you may receive a zero for the practical element in addition to the previous. Please see the tutor if you have a good reason for not being available during the assessed practical demonstration. PJW Nov 2015 Lab 2, NSA, Level 5 Page 5 Lab Marking Scheme: Fail Pass 2.2 2.1 1st Practical 25% Not attempted or largely just does not work Attempted and works, but not as expected. Major issues and problems. Attempted and works well. Some large issues with the installed programs - or practical. Attempted and works well. No major issues with any of the process, most of the programs work well Attempted and all works perfectly. No issues with installation. Some insightful installation process attempted. Write up 50% (group report 25%: online individual questions 25%) Not attempted or uneven badly constructed write-up, that has been rushed and is very badly structured. Attempted and is readable, but large errors are evident, that are not understood. Generally readable and structured. Some questions attempted and answered correctly. Well structured attempt. All questions answered, and the majority are answered correctly. Evidence of deeper thought and the attempt has not been rushed. Very well thought out and structured attempt. All questions answered correctly. Evidence of good team work in the write-up, and a depth of analysis in the write up is evident As in 2.1, but with evidence of more insight into the processes involved in either application installation or another part of the process. The questions must be answered with more than a few words, so secondary issues around the questions must be attempted. Discussion 25% Team members not present, or very badly prepared and no part of this is understood. Team members largely present, and there is a general understanding of questions asked, although some areas of confusion are evident. All present and correct. Good understanding of the majority of the discussion. Most team members can answer questions coherently and well. All present and correct. Good understanding of the majority of the discussion. All team members answer questions coherently and well As in 2.1, but some insight present into tasks outside the remit of the lab as it is presented. This has to be understood by all team members to be a very good mark.