Lab 5

Student Number : 991566263

Student Name: Mehakdeep Kaur
Due : August 3rd, 2021 at 10 PM

Lesson 10 Exercises

10.1 - Learning Basic Scripting Syntax (answer each question, highlight answers in YELLOW) (4 marks)

1) Input the following into a file called hello.sh:

#!/bin/bash
# This is a comment!
echo Hello World # This is a comment, too!

2) In the script you just created, the top line has a special meaning, what is it? #!/bin/bash
#!/bin/bash will tell the system to use the bash shell to interpret the script while it's in execution.

3) Make the script executable: chmod a+x hello.sh - then run it

# 3a. What do you enter to run it? Give your answer here:
./hello.sh

# 3b. Is there another way to do it without making the file have execute permissions (x) – yes or no? If yes, enter your line here:
Yes, I can run it without making the file have execute permissions by using /bin/bash hello.sh

4) Looking at the script, it seems pretty useless because typing this will do the same thing: echo Hello World
Yes, We can write only echo Hello World because others we add are the comments and by default bash shell will be used to
interpret the code.

10.2 - Variables & Basic Script Operations (highlight answers in YELLOW) (10 marks)

NOTE: Since the Bourne Again Shell (Bash) is a superset of sh (the Bourne Shell), all sh commands will also work in bash - but not vice
versa. (tldp.org)
For each, try your answer first in a script, then paste it in here. A user should be able to take your lines and have it run perfectly on
the Linux command line.

NOTE: You do not have to include the #!/bin/bash line in the Q1 - 5 answers.

1.) How do you define a variable called x and assign it a value of 10 and print it on screen?
sudo vim hello.sh
In file hello.sh I entered x=10
echo $x
To run this code: /bin/bash hello.sh

2) How do you define a variable called xn and assign it “Linux” and print it on screen?
xn=”Linux”
echo $xn
To run this code: /bin/bash hello.sh

3) How do you print the sum of two numbers, let’s say 6 and 3?
a=6
b=3
sum=$(( $a + $b))
echo $sum
To run this code: /bin/bash hello.sh
4) How do you define two variables x=20, y=5 then print the division of x and y (i.e. x/y)?
x=20
y=5
divide=$(( $x/ $y ))
echo $divide
To run this code: /bin/bash hello.sh

5) Modify question #4 and store division of x and y into a variable called z

x=20
y=5
z=$(( $x/ $y ))
echo $z
To run this code: /bin/bash hello.sh

6) Write a script to see current date, time, username and current directory.
#!/bin/bash
#!/bin/bash
echo `date +”%D”`
echo `date +”%T”`
echo `whoami`
echo `pwd`
To run this code: /bin/bash hello.sh

7) Using the above question, create a menu which allows the user to select either the current date, time, username or current
directory. After the script performs the option, it ends. Put your script here:
#!/bin/bash
printf “Menu:\n
1.Current Date\n
2.Time\n
3.Username\n
4.Current Directory\n\n
Enter option (1 - 4):”
read numbers
if test “$numbers” = “1”
then echo `date +”%D”`
elif test “$numbers” = “2”
then echo `date +”%T”`
elif test “$numbers” = “3”
then echo `whoami`
else test “$numbers” = “4”
echo `pwd`
fi
To run this code: /bin/bash hello.sh

8) Write a script that asks a user what their login name is and writes it to a file called loginname_file. Put your script here:
#!/bin/bash
echo “Please enter your login name: ”
read username
cat>loginname_file
$username

9) For the following, create a script using the code below. Give a screenshot of its execution.
#!/bin/bash
for i in 1 2 3 4 5
do
echo "looping .... number $i"
done
10) For the following, create a script using the code below. Run it, enter 2 strings before quitting. Give a screenshot of its
execution.
#!/bin/bash
INPUT_STRING=hello
while [ "$INPUT_STRING" != "bye" ]
do
echo "Please type something in (bye to quit)"
read INPUT_STRING
echo "You typed: $INPUT_STRING"
done

11) For the following, create a script using the code below. Run it with 5 different inputs. Give a screenshot of its execution.
#!/bin/bash
while read f
do
case $f in
hello) echo English ;;
howdy) echo American ;;
ciao) echo Italian ;;
bonjour) echo French ;;
 *) echo Unknown Language: $f ;;
esac
done < myfile

10.3 – Create Cron Jobs (10 marks)

1a. Create a cron job that displays the current time to every user’s console at 1 hour intervals. Details: set the first execution time to
4 minutes from now; ex.: if the time now is 1.16 pm, use 1.20 pm, 2nd message comes at 2.20 pm, 3rd one at 3.20 pm and so on
(every hour). Look at the ‘wall’ command. To test your entry:
- open 3 consoles and login with 3 different users
- use mesg command on each console to enable messaging
- create your cron job
- verify at the specified time that everyone got the message (the current time)

Grab screenshots from 2 of your consoles showing the same message sent as a result of your cron job; paste them here:

Example:

b. Put your cron job entry here:

2a. Create a Cron job that checks for invalid login (user login with wrong password) attempts every 10 minutes.
The attempts are logged in /var/log/auth.log. When an invalid attempt is found, copy the message from the log to a file under your
home directory. To verify your job works: try 2 invalid login attempts from 2 different users, spaced 15 minutes apart. Paste any log
messages you get, right here:

Note: The cron daemon does not know your screen display name - ex.: if your display name is /dev/pts0, cron is not told that, so
won't display things to your screen. It is better to write output to a file for viewing later. The question does not require you to display
to screen - the message written to a file is good enough.
b. Put your cron job entry here:

10.4 - LVM - (5 Marks)

The following is a tutorial from https://linuxconfig.org/linux-lvm-logical-volume-manager. It has been

adapted for our exercise. Do the steps listed. Additional steps and screenshots you must capture are
highlighted in yellow. Since these steps require superuser privilege, you must precede commands with ‘sudo’.
Capture the history of your commands for submission.

Linux lvm - Logical Volume Manager

Lubos Rendek
Contents

1. This is what we are going to do

• 2. Create Partitions
• 3. Create physical volumes
• 4. Create volume group
• 5. Create Logical Volumes
• 6. Create File system on logical volumes
• 7. Edit /etc/fstab
• 7.1. Mount logical volumes
• 8. Extend logical volume
• 9. Remove logical volume

This article describes basic logic behind a Linux logical volume manager by showing real examples of
configuration and usage. Although Debian Linux will be used for this tutorial, you can also apply the same
command line syntax with other Linux distributions such as Red Hat, Mandriva, SuSe Linux and others.
This is what we are going to do

Create Partitions
For this Linux lvm example you need an unpartitioned hard disk /dev/sdb. First you need to create physical
volumes. To do this you need partitions or a whole disk. It is possible to run pvcreate command on /dev/sdb,
but I prefer to use partitions and from partitions I later create physical volumes. (Normally you would
physically add another hard drive or add one virtually in VMware or Virtualbox but that is not possible with the
cloud so use one of the 5 hard drives that you have and note the device number (e.g., such as /dev/sdc).

Use your preferred partitioning tool to create partitions. In this example I have used cfdisk. (You may use ‘fdisk’
to create the partitions now. Make them 1.8 and 3.2 gb as shown above.).
Partitions are ready to use.

Create physical volumes

Use the pvcreate command to create physical volumes.
# pvcreate /dev/sdb1
# pvcreate /dev/sdb2

The pvdisplay command displays all physical volumes on your system.

# pvdisplay

Alternatively the following Linux command could be used:

# pvdisplay /dev/sdb1
Q1. Run ‘pvdisplay’ and paste the output here.

Create volume group

At this stage you need to create a volume group which will serve as a container for your physical volumes. To
create a volume group with the name "mynew_vg" which will include /dev/sdb1 partition, you can issue the
following linux command:
# vgcreate mynew_vg /dev/sdb1

To include both partitions at once you can use this command: (skip this one and do the ‘vgextend’ below)
# vgcreate mynew_vg /dev/sdb1 /dev/sdb2
Feel free to add new physical volumes to a volume
group by using the vgextend command.
# vgextend mynew_vg /dev/sdb2

(run this command)

Q2. Run ‘vgextend’ and ‘vgdisplay’ and paste your output here:

Create Logical Volumes

From your big cake  (volume group) you can cut pieces (logical volumes) which will be treated as partitions
for your Linux system. To create a logical volume, named "vol01", with a size of 400 MB from the volume group
"mynew_vg" use the following linux command:
• create a logical volume of size 400 MB -L 400
• create a logical volume of size 4 GB -L 4G

# lvcreate -L 400 -n vol01 mynew_vg

With the following example you will create a logical volume with a size of 1GB and with the name vol02:
# lvcreate -L 1000 -n vol02 mynew_vg

Q3. Run ‘lvdisplay’ and paste your output for both logical volumes here:

Note the free size in volume group.

NOTE: In the command below, you may use the latest Linux file system type (ext4) for your new logical volumes, by entering:
mkfs.ext4
Create File system on logical volumes
The logical volume is almost ready to use. All you need to do is to create a filesystem.:
# mkfs.ext3 -m 0 /dev/mynew_vg/vol01

Note: the -m option specifies the percentage reserved for the super-user, set this to 0 if you wish not to waste
any space, the default is 5%.

Edit /etc/fstab

Add an entry for your newly created logical volume into /etc/fstab

Mount logical volumes

Before you mount do not forget to create a mount point.
# mkdir /home/foobar
Q4. Run ‘df’ at the ‘foobar’ directory after you have mounted the logical volume and paste your output here:

Extend logical volume

The biggest advantage of logical volume manager is that you can extend your logical volumes any time you are
running out of the space. To increase the size of a logical volume by another 800 MB you can run this
command:
# lvextend -L +800 /dev/mynew_vg/vol01

Q5. Paste your ‘lvextend’ command and its output:

The command above does not actually increase the physical size of volume, to do that you need to:
# resize2fs /dev/mynew_vg/vol01

Look at the figure below to see what problems you may encounter when extending a volume:
Q6. Paste your ‘resize2fs’ command and its output:

Q7. Paste output here proving that ‘root’ can write to your new directory:

Remove logical volume

The command lvremove can be used to remove logical volumes. Make sure that before you attempt to remove
logical volumes your logical volume does not have any valuable data stored on it, moreover, make sure the
volume is unmounted.
# lvdisplay
# lvremove /dev/mynew_vg/vol02

Q8. Paste your ‘lvremove’ and ‘lvdisplay’ commands and their output:

You are done part 10.4. Capture your history file of commands done in this part and paste it here.
Lesson 11 Exercises
This exercise requires 2 Linux VMs – they will be referred to as ’VM1’ and ‘VM2’. Do all your work on
‘VM1’ except where noted. Answer the questions in yellow.

NOTE: It is always safest for your computer, when running multiple VMs, to allow one VM to complete
the startup, before starting up the next VM – start up your VMs one after the other now.

11.1 – Adding rules to iptables (5 Marks)

‘Iptables’ is the implementation of a firewall in Linux. There are a couple of ways to add rules to iptables.

Execute this command (as ‘root’) to list the current rules: iptables -L

1. What chains are displayed?

Most likely on a new install there aren't any rules set up.

We can add rules with the -A argument

 We can delete rules with the -D argument

Take a look here: https://help.ubuntu.com/community/IptablesHowTo for some information on the options that
you can use for iptables.

To allow established sessions to receive traffic:

iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT

Look at “iptables -L” again

The new rules have been added.

2. What chain has been given a rule? Chain INPUT

3. What is the target (the value of its 'target' field)? ACCEPT

4. Which protocols are involved in the rule? UDP, TCP and all

Next, verify that you can login to VM1 from VM2 using SSH. Then verify you can access a website using the browser. We
will do both these steps using the rules below. Do not move on until both these services are working.

Let's allow for some services to have access now.

iptables -A INPUT -p tcp --dport 22 -j ACCEPT

This will allow any input coming on port 22 (ssh) by using the tcp protocol to be accepted.

Most likely we also want http traffic too

iptables -A INPUT -p tcp --dport 80 -j ACCEPT

We would probably like for ping to work as well so add that rule:

iptables -A INPUT -p icmp -j ACCEPT

To drop traffic, you can use “-j DROP” as options

So to drop all the remaining traffic:

iptables -A INPUT -j DROP

Look at the rules now:

iptables -L

These rules look pretty good.

Let's save them. Keep a copy under your home directory:

sudo su
iptables-save > /etc/iptables-save
iptables-save > /your-home-dir-path/iptables-save
exit

Copy & paste your saved iptables rules here:

#Generated by iptables-save v1.8.4 on tue Aug 3 19:32:36 2021

*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [9:940]
:ufw-after-forward - [0:0]
:ufw-after-input - [0:0]
:ufw-after-logging-forward - [0:0]
:ufw-after-logging-input - [0:0]
:ufw-after-logging-output - [0:0]
:ufw-after-output - [0:0]
:ufw-before-forward - [0:0]
:ufw-before-input - [0:0]
:ufw-before-logging-forward - [0:0]
:ufw-before-logging-input - [0:0]
:ufw-before-logging-output - [0:0]
:ufw-before-output - [0:0]
:ufw-reject-forward - [0:0]
:ufw-reject-input - [0:0]
:ufw-reject-output - [0:0]
:ufw-track-forward - [0:0]
:ufw-track-input - [0:0]
:ufw-track-output - [0:0]
-A INPUT -p udp -m multiport –dports 5353 -j ACCEPT
-A INPUT -p tcp -m multiport –dports 4000 -j ACCEPT
-A INPUT -j ufw-before-logging-input
-A INPUT -j ufw-before-input
-A INPUT -j ufw-after-input
-A INPUT -j ufw-after-logging-input
-A INPUT -j ufw-reject-input
-A INPUT -j ufw-track-input
-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p tcp -m tcp --dports 22 -j ACCEPT
-A INPUT -p tcp -m tcp --dports 80 -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -j DROP
-A FORWARD -j ufw-before-logging-forward
-A FORWARD -j ufw-before-forward
-A FORWARD -j ufw-after-forward
-A FORWARD -j ufw-after-logging-forward
-A FORWARD -j ufw-reject-forward
-A FORWARD -j ufw-track-forward
-A OUTPUT -j ufw-before-logging-output
-A OUTPUT -j ufw-before-output
-A OUTPUT -j ufw-after-output
-A OUTPUT -j ufw-after-logging-output
-A OUTPUT -j ufw-reject-output
-A OUTPUT -j ufw-track-output
COMMIT
#.Completed on Tue Aug 3 19:32:36 2021

5. Test with VM2 whether ssh allows you to login to VM1 using the VM1 hostname – ex.: ssh jack@mylinux-vm -
Remember that Ctrl-C can be used to terminate a process. Can you login? [yes/no]

6. Explain the result you got. Answer:

So far, we’ve accepted these services: ssh, http, and icmp... all others have been dropped. DNS is a service at the
‘Application’ layer of the TCP/IP Network model. That means it has been dropped as well. DNS is needed to do ‘name
resolution’ - take a name like ‘eagle-vm’ or ‘sheridancollege.ca’ and resolve it to its corresponding IP address. In this
step, DNS was not available, so ‘ssh’ reported the error: ‘Could not resolve hostname...’

7. Now try login using VM1’s IP address – ex.: ssh jack@192.168.33.7 - explain the result you got:

8. At your browser, try to navigate to a new website. Explain the result:

9. Sheridan’s IP address is 142.55.7.60. Enter it at the browser and explain the result:

Now modify the /etc/iptables-save file and remove the entry for port 22.

Take a look at the newly created file /etc/iptables-save.

As a second option for adding rules, you can modify that file, add/remove entries and then restore it to memory with:

iptables-restore < /etc/iptables-save

10. Try step 7 (above) again and explain the result:

11. Paste a screenshot of your command and the result:

Add the rule back (make sure that the rule is listed above the “-A INPUT -j DROP” in the iptables-save file). Do not forget
to restore the iptables configuration to memory.
Let's explore some more advanced options now.

What will the following commands do? For help, see the man page and also
http://manpages.ubuntu.com/manpages/xenial/man8/iptables-extensions.8.html to get an understanding of “-m”
option.

In the next line replace the ‘eth1’ interface with your first interface’s name, then run it:

iptables -I INPUT -i eth1 -p tcp -m tcp --dport 22 -m state --state NEW -m

recent --set --name DEFAULT --rsource
Then run (replace ‘eth1’):
iptables -I INPUT -i eth1 -p tcp -m tcp --dport 22 -m state --state NEW -m
recent --update --seconds 180 --hitcount 4 --name DEFAULT --rsource -j DROP

12. How many rules are in your firewall now?

!!! REMOVE THE IPTABLES RULES BEFORE PROCEEDING TO WORK ON THE REST OF THE ASSIGNMENT: iptables -F
INPUT (then reboot your Linux VM).

Part #2 - TCP Wrappers (requires two Linux VMs) (4 Marks)

NOTE: It is always safest for your computer, when running multiple VMs, to allow one VM to complete the startup,
before starting up the next VM – start up your VMs one after the other now.

Verify: you should be able to ‘ssh’ from VM2 into VM1 (get on VM2, try to login to VM1). On your Linux VM1, add the
Linux VM2 IP addresses to ‘/etc/hosts.deny’ with the line: ALL: xxx.xxx.xxx.xxx (xxx.xxx.xxx.xxx is the ip address of
your Linux VM2 – for multiple addresses, separate them with a comma).

Try to connect from your Linux VM2 to your Linux VM1 with ‘ssh’.

13. You should not be allowed to login. Do not move on until you get the error appearing. Consult your teacher if you
are stuck here. Put a screenshot of your ‘ssh’ command and its output:

On your Linux VM1, add all the Linux VM2 IPs to /etc/hosts.allow with the line: sshd: xxx.xxx.xxx.xxx (xxx.xxx.xxx.xxx
is the ip of your VM2 – use a comma-separated list if needed)

Try to connect from your Linux VM2 to your Linux VM1 again.

14. Were you successful? Why or why not? (2 Marks)

You are done. Highlight answers in YELLOW and submit this document to Slate.