Group Project

Title: Network Administration Project

Each group member needs to choose one enhancement for their individual work. The
minimum number of enhancements done by the group is 3.
There a page here for each of the enhancements. Maximum points for an enhancement
will only be achieved when it is successfully implemented (criteria 1) and properly
documented (criteria 2). Marking is points_Earned / points_Attempted, so fully
completed enhancements are worth more than partially completed ones.

Please make sure the individual enhancements are clearly identified.

Screenshots used to document enhancements must show the student ID of one

group member in the command prompt, logfile messages, or email address.
1. Login as root
2. Edit /etc/HOSTNAME
Change the hostname to your student ID number and server, like this:
tp024680-mh.net-c.tinynet.edu
3. Edit /etc/dnsmasq.d/cnames
Change the old name to the new name everyplace it appears
4. Restart dnamasq on the Gateway
/etc/rc.d/rc.dnsmasq stop
/etc/rc.d/rc.dnsmasq start
5. Reboot the host with the new name
(dnsmasq will register the new name when the host asks for an IP)

1
1.1 LDAP – The missing piece of our enterprise network
a) Configure dovecot and squirrelmail to use LDAP
b) Demonstrate by using the squirrelmail address lookup to send mail from your
personal account to someone in the LDAP directory

Owner:

Objective – what this does for the system

List the relevant configuration files, and for each one briefly describe what was done

Screenshots of tests, with explanations

 squirrelmail address book
 mail TO someone in the LDAP database
 LDAP server listening ports

Obstacles encountered, obstacles overcome

Any Outstanding/Unresolved Issues

2
1.2 Extended LDAP – (this is a separate enhancement, but do 1.1 first)
a) Add the dc= DIT to the LDAP directory and PLA
b) Demonstrate by using the squirrelmail address lookup to send mail from your
personal account to someone in the dc= DIT and showing the dc= DIT users in
PLA

Owner:

Objective – what this does for the system

List the relevant configuration files, and for each one briefly describe what was done

Screenshots of tests, with explanations

 ldapadd
 ldapsearch
 squirrelmail address book
 mail TO someone in the LDAP dc= database
 dc= DIT users in PLA

Obstacles encountered, obstacles overcome

Any Outstanding/Unresolved Issues

3
2. SUDO - when you move to Ubuntu, you will want to manage sudo!
Choose one server and
a) Set up two normal users
b) Allow no root login: force everyone to use sudo
c) Have different color prompts for normal users and root
d) Change the startup display to show a random fortune in color each time a user
logs in.
e) Edit /etc/issue.mytyvm to stop advertising the root password

Owner:

Objective – what this does for the system

List the relevant configuration files, and for each one briefly describe what was done

Screenshots of tests, with explanations

Obstacles encountered, obstacles overcome

Any Outstanding/Unresolved Issues

4
3.1 Virtual Servers
Choose one server and
a) Set up two normal users, and add directories under their home directories for
their web pages and CGI scripts
b) Set up a virtual server (VirtualHost) for each user in monkey.conf, change
permissions on the VirtualDocumentRoot directories so users cannot access
them, and add appropriate cnames to dnsmasq on the Gateway
c) Set up a cron job to automatically move files from home directories to the proper
VirtualDocumentRoot

Owner:

Objective – what this does for the system

List the relevant configuration files, and for each one briefly describe what was done

Screenshots of /home and the top VirtualDocumentRoot directory using ls –lR

(lowercase L not one)

Screenshots of tests, with explanations

Obstacles encountered, obstacles overcome

Any Outstanding/Unresolved Issues

5
3.2 Virtual Servers with NFS – (this is a separate enhancement, but do 3.1 first)
a) Put the VirtualDocumentRoot directories (from 3.1) on a new VM which will be
the server for NFS mount, and export them
b) Delete the original directories and mount the exported ones
c) Remove the VirtualHost users and the cron jobs on the webserver
d) Set up the VirtualHost users and run the cron jobs on the NFS server

Owner:

Objective – what this does for the system

List the relevant configuration files, and for each one briefly describe what was done

Screenshots of tests, with explanations

Obstacles encountered, obstacles overcome

Any Outstanding/Unresolved Issues

6
4. Protocol Analysis
Use tcpflow to capture the dialog between the browser and monkey webserver when
a) You access the default monkey webpage. What command line arguments
determine if you can or cannot recover the images from the tcpflow files?
b) You access a mailbox in squirrelmail. How many requests are made? How many
servers are involved?

Owner:

Objective – what this does for the system administrator

Screenshots of analysis, with explanations

Screenshots of image captured with –s, and image captured with –B

How many requests are made to load the inbox page in squirrelmail?
How many servers are involved?

Obstacles encountered, obstacles overcome

Any Outstanding/Unresolved Issues

7
5. iptables
a) Add the six “Rules for things that no proper TCP stack should be processing”
from the IPTables Quick Reference section -p --protocol tcp using a LOG
target instead of DROP
b) Show that the rules are saved to a shell script
c) Use hping and multitail to show the rules are working

Owner:

Objective – what this does for the system

List the relevant configuration files, and for each one briefly describe what was done

Screenshots of a test for each rule (6)

Screenshot of the shell script for rules: use cat filename not mc

Obstacles encountered, obstacles overcome

Any Outstanding/Unresolved Issues

8
6. Syslog Server
a) Reconfigure syslog on the Gateway to listen for log messages from the network.
Use netstat –tulp to show it is running.
b) Reconfigure syslog on the Mailhost to send root login log messages to the
Gateway AND the local file /var/log/secure
c) Use multitail to separate the merged logfile entries and show them in separate
windows

Owner:

Objective – what this does for the system

List the relevant configuration files, and for each one briefly describe what was done

Screenshot of the combined logfile with entries for the gateway only in a separate
window

Screenshots of the detail of each window (press b in multitail)

Obstacles encountered, obstacles overcome

Any Outstanding/Unresolved Issues

9
7.1. Cross-System Multitail with xinetd
Use the xinetd method to set up a listener on the mailserver, and show the
postfix logfiles on the Gateway and mailserver at the same time in separate
multitail windows

Owner:

Objective – what this does for the system

List the relevant configuration files, and for each one briefly describe what was done

Screenshots of the xinetd configuration file and the shell script it calls:
use cat filename not mc

Screenshot of the two logfiles in separate windows

Screenshots of the detail of each window (press b in multitail)

Obstacles encountered, obstacles overcome

Any Outstanding/Unresolved Issues

10
7.2. Cross-System Multitail with netcat
Use the netcat method to set up a listener on the mailserver, and show the
postfix logfiles on the Gateway and mailserver at the same time in separate
multitail windows

Owner:

Objective – what this does for the system

List the relevant configuration files, and for each one briefly describe what was done

Screenshots of the netcat configuration file and the shell script it calls:
use cat filename not mc

Screenshot of the two logfiles in separate windows

Screenshots of the detail of each window (press b in multitail)

Obstacles encountered, obstacles overcome

Any Outstanding/Unresolved Issues

11
7.3. Cross-System Multitail with regex
(this is a separate enhancement, but do 6.1 or 6.2 first)
Modify your enhancement 6.1 or 6.2 to use the dnsmasq logfile on the gateway
and the dhcpcd logfile on the mailhost instead of the postfix logfiles, and use
regular expressions to select the DHCP activity for today on both servers.

Owner:

Objective – what this does for the system

Screenshot of the two logfiles in separate windows

Screenshots of the detail of each window (press b in multitail)

Screenshot of the multitail command used: use clear and [Up Arrow] after you run it

Obstacles encountered, obstacles overcome

Any Outstanding/Unresolved Issues

12
8. STUNNEL – Securing our enterprise network
a) Setup stunnel to secure communication between all of the TinyNet servers. Use
netstat –tulp to show stunnel is running on each one.
b) Demonstrate a https:// connection between the host browser and the TinyNet
Webserver

Note: no need to document the whole base system presented at mid-semester

Owner:

Objective – what this does for the system

List the relevant configuration files, and for each one briefly describe what was done

Screenshot of browser Trusted Root CA store (with TinyNetCA)

Screenshot of mailbox in squirrelmail with https:// in the url

Screenshot of listening ports on all 4 servers

Any Outstanding/Unresolved Issues

13
9. Basic VPN
a) Setup openvpn using static keys
b) Demonstrate a ping across the VPN tunnel with two sets of config files, one for
tun and one for tap

Owner:

Objective – what this does for the system

Screenshots of the configuration files: use cat filename not mc

 server-side tun
 server-side tap
 xinetd configuration
 client-side tun
 client-side tap

Screenshots of ping across the VPN connection using tun and tap

Obstacles encountered, obstacles overcome

Any Outstanding/Unresolved Issues

14
10. Compile and Install
a) Setup a VM using the TinyNet-gcc image
b) Compile the toilet source code and demonstrate using a shell script

Owner:

List the relevant configuration files, and for each one briefly describe what was done

Screenshot of sl (the Linux Steam Locomotive)

Screenshots of tests, with explanations

Obstacles encountered, obstacles overcome

Any Outstanding/Unresolved Issues

15
11. Migrate to Net-R
a) Complete the Net-R Basic Setup: Domserv and one Net-R host
b) Clone and reconfigure your TinyNet servers as Net-R servers
c) Reconfigure DNSMASQ to hand out static addresses to servers rather than
dynamic ones

Owner:

List the relevant configuration files, and for each one briefly describe what was done

Screenshots of tests, with explanations

Obstacles encountered, obstacles overcome

Any Outstanding/Unresolved Issues

16
12. Net-R Traffic
a) Complete the Net-R Basic Setup: Domserv and two Net-R hosts
b) Setup syslog on the Domserv to listen for log messages with Facility LPR and
Priority Notice and save them to a particular file
c) Modify the automatic traffic generation scripts on both Net-R hosts to send log
messages to the Domserv

Owner:

Objective – what this does to the system

List the relevant configuration files, and for each one briefly describe what was done

Screenshots of tests, with explanations

Obstacles encountered, obstacles overcome

Any Outstanding/Unresolved Issues

17
13. Port Knock
a) Use the Netcat and Named Pipes technique to set up a reverse shell
b) Use knockd and hping2 to control availability (activate/deactivate)

Owner:

Objective – what this does for the system administrator

List the relevant configuration files, and for each one briefly describe what was done

Screenshots of tests, with explanations

Obstacles encountered, obstacles overcome

Any Outstanding/Unresolved Issues

18