Professional Documents
Culture Documents
Each group member needs to choose one enhancement for their individual work. The
minimum number of enhancements done by the group is 3.
There a page here for each of the enhancements. Maximum points for an enhancement
will only be achieved when it is successfully implemented (criteria 1) and properly
documented (criteria 2). Marking is points_Earned / points_Attempted, so fully
completed enhancements are worth more than partially completed ones.
1
1.1 LDAP – The missing piece of our enterprise network
a) Configure dovecot and squirrelmail to use LDAP
b) Demonstrate by using the squirrelmail address lookup to send mail from your
personal account to someone in the LDAP directory
Owner:
List the relevant configuration files, and for each one briefly describe what was done
2
1.2 Extended LDAP – (this is a separate enhancement, but do 1.1 first)
a) Add the dc= DIT to the LDAP directory and PLA
b) Demonstrate by using the squirrelmail address lookup to send mail from your
personal account to someone in the dc= DIT and showing the dc= DIT users in
PLA
Owner:
List the relevant configuration files, and for each one briefly describe what was done
3
2. SUDO - when you move to Ubuntu, you will want to manage sudo!
Choose one server and
a) Set up two normal users
b) Allow no root login: force everyone to use sudo
c) Have different color prompts for normal users and root
d) Change the startup display to show a random fortune in color each time a user
logs in.
e) Edit /etc/issue.mytyvm to stop advertising the root password
Owner:
List the relevant configuration files, and for each one briefly describe what was done
4
3.1 Virtual Servers
Choose one server and
a) Set up two normal users, and add directories under their home directories for
their web pages and CGI scripts
b) Set up a virtual server (VirtualHost) for each user in monkey.conf, change
permissions on the VirtualDocumentRoot directories so users cannot access
them, and add appropriate cnames to dnsmasq on the Gateway
c) Set up a cron job to automatically move files from home directories to the proper
VirtualDocumentRoot
Owner:
List the relevant configuration files, and for each one briefly describe what was done
5
3.2 Virtual Servers with NFS – (this is a separate enhancement, but do 3.1 first)
a) Put the VirtualDocumentRoot directories (from 3.1) on a new VM which will be
the server for NFS mount, and export them
b) Delete the original directories and mount the exported ones
c) Remove the VirtualHost users and the cron jobs on the webserver
d) Set up the VirtualHost users and run the cron jobs on the NFS server
Owner:
List the relevant configuration files, and for each one briefly describe what was done
6
4. Protocol Analysis
Use tcpflow to capture the dialog between the browser and monkey webserver when
a) You access the default monkey webpage. What command line arguments
determine if you can or cannot recover the images from the tcpflow files?
b) You access a mailbox in squirrelmail. How many requests are made? How many
servers are involved?
Owner:
How many requests are made to load the inbox page in squirrelmail?
How many servers are involved?
7
5. iptables
a) Add the six “Rules for things that no proper TCP stack should be processing”
from the IPTables Quick Reference section -p --protocol tcp using a LOG
target instead of DROP
b) Show that the rules are saved to a shell script
c) Use hping and multitail to show the rules are working
Owner:
List the relevant configuration files, and for each one briefly describe what was done
Screenshot of the shell script for rules: use cat filename not mc
8
6. Syslog Server
a) Reconfigure syslog on the Gateway to listen for log messages from the network.
Use netstat –tulp to show it is running.
b) Reconfigure syslog on the Mailhost to send root login log messages to the
Gateway AND the local file /var/log/secure
c) Use multitail to separate the merged logfile entries and show them in separate
windows
Owner:
List the relevant configuration files, and for each one briefly describe what was done
Screenshot of the combined logfile with entries for the gateway only in a separate
window
9
7.1. Cross-System Multitail with xinetd
Use the xinetd method to set up a listener on the mailserver, and show the
postfix logfiles on the Gateway and mailserver at the same time in separate
multitail windows
Owner:
List the relevant configuration files, and for each one briefly describe what was done
Screenshots of the xinetd configuration file and the shell script it calls:
use cat filename not mc
10
7.2. Cross-System Multitail with netcat
Use the netcat method to set up a listener on the mailserver, and show the
postfix logfiles on the Gateway and mailserver at the same time in separate
multitail windows
Owner:
List the relevant configuration files, and for each one briefly describe what was done
Screenshots of the netcat configuration file and the shell script it calls:
use cat filename not mc
11
7.3. Cross-System Multitail with regex
(this is a separate enhancement, but do 6.1 or 6.2 first)
Modify your enhancement 6.1 or 6.2 to use the dnsmasq logfile on the gateway
and the dhcpcd logfile on the mailhost instead of the postfix logfiles, and use
regular expressions to select the DHCP activity for today on both servers.
Owner:
Screenshot of the multitail command used: use clear and [Up Arrow] after you run it
12
8. STUNNEL – Securing our enterprise network
a) Setup stunnel to secure communication between all of the TinyNet servers. Use
netstat –tulp to show stunnel is running on each one.
b) Demonstrate a https:// connection between the host browser and the TinyNet
Webserver
Owner:
List the relevant configuration files, and for each one briefly describe what was done
13
9. Basic VPN
a) Setup openvpn using static keys
b) Demonstrate a ping across the VPN tunnel with two sets of config files, one for
tun and one for tap
Owner:
Screenshots of ping across the VPN connection using tun and tap
14
10. Compile and Install
a) Setup a VM using the TinyNet-gcc image
b) Compile the toilet source code and demonstrate using a shell script
Owner:
List the relevant configuration files, and for each one briefly describe what was done
15
11. Migrate to Net-R
a) Complete the Net-R Basic Setup: Domserv and one Net-R host
b) Clone and reconfigure your TinyNet servers as Net-R servers
c) Reconfigure DNSMASQ to hand out static addresses to servers rather than
dynamic ones
Owner:
List the relevant configuration files, and for each one briefly describe what was done
16
12. Net-R Traffic
a) Complete the Net-R Basic Setup: Domserv and two Net-R hosts
b) Setup syslog on the Domserv to listen for log messages with Facility LPR and
Priority Notice and save them to a particular file
c) Modify the automatic traffic generation scripts on both Net-R hosts to send log
messages to the Domserv
Owner:
List the relevant configuration files, and for each one briefly describe what was done
17
13. Port Knock
a) Use the Netcat and Named Pipes technique to set up a reverse shell
b) Use knockd and hping2 to control availability (activate/deactivate)
Owner:
List the relevant configuration files, and for each one briefly describe what was done
18