In this assignment, two virtual machine running Ubuntu and CentOS were installed and configured on a VMware Workstation Player. The first machine was installed with a BIND, to provide DNS & SSH services, while the second one was installed with a Web Server. The name server on virtual machine 1 was configured to manage the domain saffioti.org.au. A zone was also set up for the reverse zone and hardened by use of firewall rules, which allowed access to the services. The virtual machine running Ubuntu OS was the web server, where LAMP was installed. The Apache Web Server in the LAMP software was used to host a website. Additionally, an FTP server was configured on the same virtual machine.
Part 1: Virtual Machine One – DNS & SSH Server
This virtual machine was installed with CentOs, and a BIND (DNS) installed and configured on it. The name server was configured to manage the domain;
Step 1: Install Bind
sudo yum install bind bind-utils
Step 2: Configure DNS
The namde.conf file was edited as shown below.
nano -w /etc/named.conf
Step 3: Configure bind zone
nano -w /var/named/saffioti.org.au.zone
Restart the Service, then enable it to start automatically at boot time;
the following commands were used;
service named restart
chkconfig named on
Part 2: Virtual Machine Two: Server2
Ubuntu Operating system was installed on this virtual machine, and used as a web server. To enable it server as a web server, LAMP was installed.
By definition LAMP is a stack of open source software tools, that are normally installed together to facilitate hosting of dynamic websites and web applications. LAMP translates to Linux, Apache, MySQL, PHP. The three software are installed on Linux along each other to facilitate web hosting. In this exercise, the software were installed in a series of steps as outlined below.
step 1: Install Apache
To install Apache, the following commands were used;
To confirm that the Apache Web server was successfully installed, the default apache page was accessed from a web browser;
Step 2: Install MySQL
MySQL database was installed using the command;
sudo apt install mysql-server
Step 3. Install PHP
For PhP to work, a number of packages had to be installed as outlined below.
Hardening the Web Server
To harden the web server, which makes it more secure, by only allowing access to the web hosting services, the firewall was configured using IPTables. The process is as outline below.
Step 1: Install the Persistent Firewall Service
For the firewall service to run on the machine, it was necessary to install the iptables-persistent package. The packages allows the rules set to be persisted and be applied automatically at boot time. The following command was used to install the package
Step 2: edit the iptables for IPv4
sudo nano /etc/iptables/rules.v4
The same was done for IPTables for IPv6 with the command;
sudo nano /etc/iptables/rules.v6
To test for errors in the modified files, the following two commands were used;
No error was reported, meaning the iptables files were okay. The next command was used to activate the rules.
Difficulties Encountered
Major difficulties were encountered trying to harden the web server. The iptables-persistent service was not running and attempts to start it failed with the error;
“Failed to start iptables-persistent.service: Unit iptables-persistent.service not found”
After an hour of headache and Googling, I finally found a command to start the service.
sudo service netfilter-persistent start
I realized that the failure to start was a problem with some versions of Ubuntu; the above configurations seemed not to work and I had to do the following steps to harden the server with a firewall using IPTables.
Step1; resetting the firewall
sudo service netfilter-persistent flush
After flushing, I verified that the rules were removed.
Create Protocols
The next step was to crete specific chain of protocols that the web server will accept; UDP, TCP and ICMP
sudo iptables -N UDP
sudo iptables -N TCP
sudo iptables -N ICMP
Since SSH traffic uses TCP protocol, I had to add an exception for SSH on the firewall. SSH traffic uses port 22. The following command was used to create the exception.
sudo iptables -A TCP -p tcp –dport 22 -j ACCEPT
General Purpose Accept/Deny Rules
To facilitate filtering of traffic, some general purpose rules were created to accept of drop packets. For a start traffic for an already established connection was accepted; this was implemented by the command.
sudo iptables -A INPUT -m conntrack –ctstate ESTABLISHED,RELATED -j ACCEPT
The firewall rule for filtering makes use of conntrack package, which enables internal tracking, allowing the iptables have the context to facilitate evaluation of packets.
Allow Loopback traffic
To allow traffic from the loopback interface, the following command was executed
Deny all invalid Packets
Packets that are invalid such as those that address a non-existing port has to be denied. This was implemented using the command.
sudo iptables -A INPUT -m conntrack –ctstate INVALID -j DROP
Jump Rule for Protocol-Specific Chain
To allow traffic reach the desired protocols, some jump rules were created. The rules will filter the traffic and only allow the genuine and valid traffic. For example TCP traffic will be filtered to only allow SYN packets, since SYN is the only valid traffic for TCP type connection.
The following commands were executed to allow the rules to be create;
Finally, a rule was created to reject all other traffic hitting the server. The commands below was used to create the rules;
sudo iptables -A INPUT -p udp -j REJECT –reject-with icmp-port-unreachable
sudo iptables -A INPUT -p tcp -j REJECT –reject-with tcp-reset
sudo iptables -A INPUT -j REJECT –reject-with icmp-proto-unreachable
sudo iptables -P INPUT DROP
sudo iptables -P FORWARD DROP
sudo ip6tables -P INPUT DROP
sudo ip6tables -P FORWARD DROP
sudo ip6tables -P OUTPUT DROP
sudo service iptables-persistent save
The final state of the iptables is as shown below;
Part 3: Remote File Access
This part will install and configure FTP service on Ubuntu [server2]
Step 1 — Install vsftpd
The following command was used to install vsftpd sudo apt-get install vsftpd
Step 2: Configure firewall rules to allow FTP service
This configuration will open port 20 and port 21 which are used by the FTP service; for this server the firewall rules were set using iptables. For that reason we need to add a rule in the iptables to allow FTP traffic. The following commands were used; iptables -A INPUT -p tcp -m tcp –dport 21 -j ACCEPT
The iptables after adding port 21 and 22.
Step 3 — Prepare User Directory
First add a test user; sudo adduser saffioti
Then create a directory for the user and assign rights;
Next we create directory for uploading files into and change the rights; sudo mkdir /home/saffioti/ftp/files sudo chown saffioti:saffioti /home/saffioti/ftp/files
Step 4 — Configuring FTP Access
To configure access to FTP we edit the file; sudo nano /etc/vsftpd.conf
Step 5 — Test FTP Access
Testing with anonymous connection
Part 4: Making DNS Robust
Installing a bind on server2, to make it the secondary DNS server.
Installing BIND: apt-get install bind9
Configurations for BIND nano /etc/bind/named.conf.local
Then configure the zones file named; saffioti.org.au
Define a reverse DNS lookup nano /etc/bind/zones/rev.3.2.1.in-addr.arpa
Testing the DNS confirmed it was up and running
Part 5: Simple Web Services
Step 1: Generate the self signed certificate
Then we sign the certificates followed by modification of Apache’s default ssl configuration file
Finally we edit the file /etc/apache2/sites-available/default-ssl.conf
Reference
Helmke, M. (2012). Ubuntu Unleashed 2012 Edition: Covering 11.10 and 12.04. Sams publishing.
Essay Writing Service Features
Our Experience
No matter how complex your assignment is, we can find the right professional for your specific task. Contact Essay is an essay writing company that hires only the smartest minds to help you with your projects. Our expertise allows us to provide students with high-quality academic writing, editing & proofreading services.
Free Features
Free revision policy
$10Free bibliography & reference
$8Free title page
$8Free formatting
$8How Our Essay Writing Service Works
First, you will need to complete an order form. It's not difficult but, in case there is anything you find not to be clear, you may always call us so that we can guide you through it. On the order form, you will need to include some basic information concerning your order: subject, topic, number of pages, etc. We also encourage our clients to upload any relevant information or sources that will help.
Complete the order form
Once we have all the information and instructions that we need, we select the most suitable writer for your assignment. While everything seems to be clear, the writer, who has complete knowledge of the subject, may need clarification from you. It is at that point that you would receive a call or email from us.
Writer’s assignment
As soon as the writer has finished, it will be delivered both to the website and to your email address so that you will not miss it. If your deadline is close at hand, we will place a call to you to make sure that you receive the paper on time.
Completing the order and download