Scribd Logo
Upload

Welcome to Scribd!

  • SNA Course Work

    Uploaded by

    Daddy's Picks
    11 views42 pages
    Assignment of SNA

    Original Title

    SNA Course work

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    Assignment of SNA

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    11 views42 pages

    SNA Course Work

    Uploaded by

    Daddy's Picks
    Assignment of SNA

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 42

    Individual work

    • Iptables

    Objective
    To filter, manage (add) & check the firewall rules for IPv4 or IPv6 traffic and test or
    check the rules with hping and multitail which will help for packet filtering.
    Nowadays, putting barrier between Internet and private networks are very important
    with the increasing threats and internet population.

    1
    Iptables Rules
    • iptables -A INPUT -p tcp --tcp-flags ALL NONE -j LOG --log-level alert --log-prefix “iptables ALL NONE”
    • iptables -A INPUT -p tcp --tcp-flags FIN, SYN FIN, SYN -j LOG --log-level alert --log-prefix “iptables FIN,
    SYN FIN, SYN”
    • iptables -A INPUT -p tcp --tcp-flags SYN, RST SYN, RST -j LOG --log-level alert --log-prefix “iptables
    SYN, RST SYN, RST”
    • iptables -A INPUT -p tcp --tcp-flags FIN, RST FIN, RST -j LOG --log-level alert --log-prefix “iptables FIN,
    RST FIN, RST”
    • iptables -A INPUT -p tcp --tcp-flags FIN, ACK FIN -j LOG --log-level alert --log-prefix “iptables FIN, ACK
    FIN”
    • iptables -A INPUT -p tcp --tcp-flags ACK, URG ACK -j LOG --log-level alert --log-prefix “iptables ACK,
    URG ACK”

    2
    Save rules using shell script, sushma.sh
    • echo ‘iptables -A INPUT -p tcp --tcp-flags ALL NONE -j LOG --log-level alert --log-prefix “iptables ALL
    NONE”’>>sushma.sh
    • echo ‘iptables -A INPUT -p tcp --tcp-flags FIN, SYN FIN, SYN -j LOG --log-level alert --log-prefix “iptables
    FIN, SYN FIN, SYN”’>>sushma.sh
    • echo ‘iptables -A INPUT -p tcp --tcp-flags SYN, RST SYN, RST -j LOG --log-level alert --log-prefix
    “iptables SYN, RST SYN, RST”’>>sushma.sh
    • echo ‘iptables -A INPUT -p tcp --tcp-flags FIN, RST FIN, RST -j LOG --log-level alert --log-prefix “iptables
    FIN, RST FIN, RST”’>>sushma.sh
    • echo ‘iptables -A INPUT -p tcp --tcp-flags FIN, ACK FIN -j LOG --log-level alert --log-prefix “iptables FIN,
    ACK FIN”’>>sushma.sh
    • echo ‘iptables -A INPUT -p tcp --tcp-flags ACK, URG ACK -j LOG --log-level alert --log-prefix “iptables
    ACK, URG ACK”’>>sushma.sh

    3
    multitail and hping testing for rules

    • Rule for ALL NONE: multitail /var/log/syslog -l “hping2 192.168.56.101; sleep 60”
    • Rule for FIN,SYN FIN,SYN: multitail /var/log/syslog -l “hping2 -F -S 192.168.56.101; sleep 60”
    • Rule for SYN,RST SYN,RST: multitail /var/log/syslog -l “hping2 -S -R 192.168.56.101; sleep 60”
    • Rule for FIN,RST FIN,RST: multitail /var/log/syslog -l “hping2 -F -R 192.168.56.101; sleep 60”
    • Rule for FIN,ACK FIN: multitail /var/log/syslog -l “hping2 -F 192.168.56.101; sleep 60”
    • Rule for ACK,URG URG: multitail /var/log/syslog -l “hping2 -U 192.168.56.101; sleep 60”

    4
    Adding and saving rules

    Fig: Rule 1, ALL NONE

    5
    Rules saved in shell script using cat

    Fig: sushma.sh using cat


    6
    Testing using multitail and hping

    Fig: Test command output for FIN,SYN FIN,SYN


    7
    Obstacles encountered, obstacles overcome

    1. run the sushma.sh file several times, iptables –L showed copies of same rule may
    times.

    reboot the VM and run sushma.sh once. Solved!

    2. Typos wrong

    3. Iptables rules entered from normal users, not possible.

    8
    Obstacles encountered, obstacles overcome

    4. Testing rules used before: multitail /var/log/syslog “hping2 192.168.56.101”

    • Not able to recognize the file

    • separate hping2 and multitail. Well, that rule was also correct but I wanted to use
    both at once.

    • I looked into the multitail page of tinynet, saw the use of –l in between.

    • That’s how I combined both multitail and hping to work for me.

    9
    Group Work

    • Cross System Multitail

    Objective

    To use netcat to establish connection between mailserver and gateway to view their
    postfix logs at same time in gateway in two separate windows.

    10
    Using netcat

    • In mailserver,

    Fig: commands for listening in mailhost

    11
    Using netcat

    • In gateway,

    Fig: Cross system multitail command using netcat

    12
    Two Multitail windows for gateway and mailserver
    showing logfiles

    Fig: maillog files in 2 different windows

    13
    Obstacles encountered, obstacles overcome

    1. The command that I input before

    • Did not show two windows

    • The modified right command:

    14
    Obstacles encountered, obstacles overcome

    2. cat /bin/bash, showed incomprehensible data, clicked Ctrl + C to terminate

    • next command line (root@npi000075-mail:~#) also became incomprehensible.

    • I reboot the system and screenshot the command first,

    • Then let the command run for more seconds than before and took screenshot
    again. This time, the next command line was understandable.

    15
    SUDO

    Objective

    The objective of SUDO (SuperUser Do) is to allow permission to the user to access
    the operations, files (which are restricted) and specific commands at system’s root
    level. It controls which commands to be accessible by the user. We are doing
    configuration and set up to manage sudo, set up two users, force to practice sudo,
    dissimilar color prompts for normal user and root, secure password and make very
    login interesting with random fortune text with color.

    16
    Creating two users with adduser

    Fig: add user sushma Fig: set up complete for januka

    17
    Permit no root login

    Fig: allow users for no root login


    18
    Force users to use sudo

    Fig: force users to use sudo

    19
    Different color prompt for normal and root users

    Fig: different color for root and normal user

    20
    Color prompts for root and normal user

    Fig: Root user color red

    Fig: normal user color yellow

    21
    Secure password by editing issue.mytyvm

    Fig: Edit to make secure

    22
    Password secured

    Fig: The password secured

    23
    Random fortune in color

    Fig: set execute bits for /etc/profile.d/login-fortune.sh

    Fig: fortune to fortune.dat 24


    Code edited in login-fortune.sh

    Fig: code edited for fortune

    25
    Random fortune when logged in

    Fig: random fortune in color

    26
    Obstacles encountered, obstacles overcome

    1. edit issue.mytyvm to secure, but confused on what exactly to edit.

    • Delete/remove the password written in that page and solved.

    2. Confused on how to edit the code of /etc/profile.d/login-fortune.sh.

    • Tried commenting the code before and only letting the code added to run. It
    amazingly worked.

    27
    Virtual Server
    Objective
    Virtual server’s role is to allow the users to access and work on servers virtually (by the
    concept of server virtualization), without depending on the requirement of physical server
    for any specific task to be done. One of its primary objectives is to share the resources of
    software and hardware with guest Operating System. The concept of server virtualization
    offers an efficient control over resources and are more cost-effective. It promotes fast
    provision of resources and application, disaster recovery continuity and many more. Here,
    we cloned a new VM and set up users, virtualserver, cronjob, then opened links in another
    VM.

    28
    Clone new VM (Userserver)

    I cloned new VM named Userserver generating new MAC Address & full clone.
    Then, I SetRole for this VM to noRole.

    29
    Set up two users

    • Users added using “adduser” as in SUDO


    • Users sushma and januka was added.
    • Owner : group to username : users
    • Permission of /home/januka and /home/sushma set 700.

    30
    Set up Virtual Server

    Fig: creating new site for both users

    31
    Make directory VirtualDocumentRoot and VirtualScriptAlias
    • Click F7 and name new directory.
    • VirtualDocumentRoot and VirtualScriptAlias was made.

    Fig: mkdir for VirtualDocumentRoot Fig: mkdir for VirtualScriptAlias

    32
    Permission, owner and group for new directory

    • Owner : group to nobody : nobody


    • Permission set to 700

    33
    Edit /etc/dnsmasq.d/cnames

    Fig: edit cnames

    34
    Make webpages and run directory

    • webpages inside /home/sushma


    • Run inside /home/sushma/webpages

    Fig: Mkdir for webpages Fig: Mkdir for run inside webpages for sushma
    35
    Setting user site

    Fig: copying index.html inside webpages for sushma

    36
    Setting cron job with crontab -e

    Fig: crontab -e to run every 10 mins

    37
    dig

    Fig: dig sushma for cname resolution

    38
    links in gateway

    Fig: opening links in gateway


    Fig: go to URL, sushma.tinynet.edu

    Fig: link sushma opened 39


    Obstacles encountered, obstacles overcome

    • Confused on how to add script for crontab -e.

    • Procedure is a bit lengthy which makes you forget what you are doing or what you
    have done.

    40
    Any Questions?

    41
    Thank you!

    42

    You might also like