Scribd Logo
Upload

Welcome to Scribd!

  • System Network Administration

    Uploaded by

    Min Lwin
    13 views10 pages

    Original Title

    system network administration

    Copyright

    © © All Rights Reserved

    Available Formats

    DOCX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    13 views10 pages

    System Network Administration

    Uploaded by

    Min Lwin

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 10

    SNA

    Introduction

    Importing Virtual Machine

    Operating Linux 2.6 on Virtual Machine can be input with OVF save file (open virtualization format).

    Click File>Import>Select File and click import.

    Importing Virtual Machine


    SNA

    SASL

    Authorization method for defining remote user who and to send mail through mail server with
    username and password for security protocol.

    Set up SASL

    Assuming the setting for the Mail Host is correct, the configuration file and name is directly referred to
    the related sections with MailHost.

    To configuration SASL, firstly add “/etc/postfix/main.cf”, this line can be add anywhere although it is
    suitable to write under “### smtpd directives” as shown in the screenshot below.

    Postfix SASL

     smtpd_sasl_auth_enable = yes
     broken_sasl_auth_clients = yes
     smtpd_sasl_type = dovecot
     smtpd_sasl_path = private/auth
     smtpd_sasl_security_options = noanonymous
    Enter two following line next to this file above “smtpd_recipient_restrictions =”

     permit_mynetworks
     permit_sasl_authenticated
    SNA

    Configure “/etc/dovecot/dovecot.conf”

    Next, we have to configure “dovecot.conf” located in “/etc/dovecot/”. Under “## Authentication”


    comment all the entries under “auth default {” and add the following line under “auth default {” as
    shown in the screenshot below. We will use the passwd and shadow file located in “/etc” to authenticate.

    1. mechanisms = plain login


    2. passdb shadow {
    3. }
    4. userdb passwd {
    5. }
    6. user = root
    7. socket listen {
    8. client {
    9. path = /var/spool/postfix/private/auth
    10. mode = 0660
    11. user = postfix
    12. group = postfix
    13. }
    14. }
    SNA

    Creating New User Account

    Simply add from “adduser” with command. Step by step input the following to create user.

    1. “adduser” – to add new user


    2. “min” – login name for new user
    3. Press enter for default value for “UID”
    4. Press enter twice for default value for “initial group”
    5. Press enter for default value for “Home directory”
    6. Press enter for default value for “Shell”
    7. Press enter twice for default value for “expire date”
    8. Press enter for default value for “Full name”
    9. Press enter for default value for “room number”
    10. Press enter for default value for “work phone”
    11. Press enter for default value for “home phone”
    12. Press enter for default value for “other”
    13. “minlwin” – new password
    14. “minlwin” – conform to use weak password
    15. “minlwin” – reenter new password
    SNA

    Configuring DHCP server

    First of all copy the dhcpd.conf from “/user/doc/dhcp-4.1-ESV-R7/examples” to “/etc/” unless the
    existing file in “/etc/” is empty.

    Move the configuration to “dhcpd.conf” located in “/etc/” as the follow secreenshot.

    Dhcpd.conf

    Enter DHCP server with “/etc/rc.d/rc.dhcpd start” command.

    Starting dhcpd
    SNA

    Binding can have error like libxml.so.2 missing. Then, it need to install with this command “lmz2dir
    libxml2-2.7.6.lzm/”
    SNA

    Snort

    “Snort is an open source network intrusion detection system (NIDS) created by Martin Roesch. Snort is
    a packet sniffer that monitors network traffic in real time, scrutinizing each packet closely to detect a
    dangerous payload or suspicious anomalies” (searchmidmarketsercurity.com)

    “libcap” which is a common library form known for developing Snort, popular tool which is widely by
    TCP/IP network technicians. Using snort can provide the detection mechanism, such as stealth port
    scans, buffer overflow, DNS, DDos and SMB intrusion methods. Snort has real-time alert and activity log
    file system to record all the suspicious activities.

    Setup Configuration for snot

    Usually snort can be setup in Gateway for traffic control which other servers are passing through
    Gateway.

    Snort installation need TinyNetConfig iso which can download from MyTiny.net.

    First Go to CD directory with cd/mnt/hdc and use /SetupMenu to start the snort installation. Select the
    last option, install other packages as well and mainly select “Snot”.

    Installation of Snort in Gateway

    Rename the snort from /etc/snort

    It can easily edit, rename and remove the extension from this directory.

    Renaming process
    SNA

    Configure /etc/snot/snort.conf

    Don’t forget thatsnort.conf is control all the rules and only these rules can available in /etc/snort/rules.
    So in snort.conf, find the line name “output alert_syslog: LOG_AUTH, LOG_ALERT”. Change it with
    output alert_syslog: LOG_LOCAL6LOG_ALERT”

    Configure /etc/syslog.conf

    Put this line in “/etc/syslog.conf” for #local facilities “local6.*-/var/log/snort.log”

    Add local6.none for both messages and syslog.

    Run the Snort

    Find the Snort location of the snort.conf and also the location of log file.

    Use “snort-c /etc/snort/snort.conf –l/var/log/snort”, it will run in background as daemon, we can use
    htop to check the running state.

    Next, enter “snort –D-c /etc/snort/snort.conf –l/var/log/snort”, it will view the “Snort” running as
    daemon as follow diagram.
    SNA

    Note: libmysqlclient.so.15 is not found can occur. Check the mysqul-5.0.67-client.lzm and find the
    missing file with WinRAR or other file extractor. Usually it is in user library.

    Missing file in user library

    Again, find the /usr/lib , there is @libncurses.so. Press F9>file>edit sYmlink. Repeat for the
    /usr/lib/mysql/.

    Using hping2

    Can add “other rules” from /etc/rules or etc/snort/rules depend on the configuration.

    “alert tcp any any> any any (msg:”SYN FLOOD for SNA ASSIGNMENT”; flag:RA;
    sid:10001;)”
    Record alert is in snort.log located in /var/log/. To start attack, follow this command “ hping2 -c 10000
    -d 120 -S -w 64 -p 21 --rand-source 192.168.1.25” format in: name of application binary,
    SNA

    number of packet send, size of packet, sending SYN packet, TCP window size, Destination port,
    Source IP address, Destination IP address.

    Sending hping2 SYN flood from Webserver with random source IP to Gateway.

    References

    Definition: “Snort” [ONLINE], Available at:


    http://searchmidmarketsecurity.techtarget.com/definition/Snort

    “Connecting with SASL” [ONLINE], Available at: https://freenode.net/sasl/

    “TCP SYN flood DOS attack with hping” (2011) by Silver Moon, [Online] Available at :
    http://www.binarytides.com/tcp-syn-flood-dos-attack-with-hping/

    “Denial of service attack-DOS using Hping3 with spoofed ip in KALI linux” [ONLINE] Available at :
    http://www.blackmoreops.com/2015/04/21/denial-of-service-attack-dos-using-hping3-with-spoofed-ip-
    in-kali-linux/

    “Linux DNS server setup - Install and configure BIND in Slackware | Linux basic configurations” (2009) by
    JINLUSUH, [Online] Available at: http://www.basicconfig.com/slackware_linux_dns_server_setup
    [Accessed at 26 May 2015].

    You might also like