SlideShare a Scribd company logo

Installation And Configuration Of DNS, Web And FTP Servers On Virtual Machines Using Ubuntu And CentOS.docx

Download as DOCX, PDF
J
JohnWilson47710

The first Virtual Machine should be installed and have the BIND (DNS) server installed on it. While you do not own any address space/ name space your name server should manage the following domains: The name server should answer queries for this domain. In addition to the saffioti.org.au zone, a zone should be set up for the reverse zone – the reverse zone would be whatever the address range is of your virtual machine. You should do some research on how Bind handles reverse zones. Visit: https://myassignmenthelp.com/free-samples/infs5907-managing-security-and-ethics-in-cyberspace/when-implementing-the-virtual-machines.html

Education
1 of 12
Installation And Configuration Of DNS, Web And FTP Servers On Virtual Machines Using Ubuntu And CentOS Part 1: Virtual Machine One – DNS & SSH Server The first Virtual Machine should be installed and have the BIND (DNS) server installed on it. While you do not own any address space/ name space your name server should manage the following domains: The name server should answer queries for this domain. In addition to the saffioti.org.au zone, a zone should be set up for the reverse zone – the reverse zone would be whatever the address range is of your virtual machine. You should do some research on how Bind handles reverse zones. For networking assignment help visit Myassignmenthelp.com Part 2: Virtual Machine Two The second Virtual Machine is to have the LAMP software package installed. LAMP is a standard bundle in the Ubuntu Server platform. Once complete set up this Virtual Machine to host a website using the Apache Web Server. The Virtual Machine should have a statically assigned address which matches that specified in the A record for host www. Test your Apache Server Virtual Machine by using a web browser on another host and trying to browse the website www.saffioti.org.au.
Finally harden this host so that only services being used can be accessed by other machines. You will need to use IPTables. Part 3: Remote File Access Once you have set up the web server (in part 2) and tested it, install any FTP server. The FTP server would allow users to upload/ download files to the web server. Configure the server appropriately and then test from another host. You will need to make changes to your firewall configuration. In addition to this add a CNAME for ftp on the name server pointing to server2. Document the entire process and challenges you experienced. Part 4: Making DNS Robust You are to also install bind on Virtual Machine Two and make it a secondary for the above domain. You can install this service from a package or configure from source. Part 5: Simple Web Services In Virtual Machine Two you set up a web server for the DNS namesaffioti.org.au.The server is implemented using the HTTP protocol listening on port 80. Your challenge is to make the same site accessible using the HTTPS protocol. To do this set up SSL with a self signed certificate for the site. In this assignment, two virtual machine running Ubuntu and CentOS were installed and configured on a VMware Workstation Player. The first machine was installed with a BIND, to provide DNS & SSH services,
while the second one was installed with a Web Server. The name server on virtual machine 1 was configured to manage the domain saffioti.org.au. A zone was also set up for the reverse zone and hardened by use of firewall rules, which allowed access to the services. The virtual machine running Ubuntu OS was the web server, where LAMP was installed. The Apache Web Server in the LAMP software was used to host a website. Additionally, an FTP server was configured on the same virtual machine. Part 1: Virtual Machine One – DNS & SSH Server This virtual machine was installed with CentOs, and a BIND (DNS) installed and configured on it. The name server was configured to manage the domain; org.au Step 1: Install Bind sudo yum install bind bind-utils Step 2: Configure DNS The namde.conf file was edited as shown below. nano -w /etc/named.conf Step 3: Configure bind zone nano -w /var/named/saffioti.org.au.zone Restart the Service, then enable it to start automatically at boot time;
the following commands were used; service named restart chkconfig named on Part 2: Virtual Machine Two: Server2 Ubuntu Operating system was installed on this virtual machine, and used as a web server. To enable it server as a web server, LAMP was installed. By definition LAMP is a stack of open source software tools, that are normally installed together to facilitate hosting of dynamic websites and web applications. LAMP translates to Linux, Apache, MySQL, PHP. The three software are installed on Linux along each other to facilitate web hosting. In this exercise, the software were installed in a series of steps as outlined below. step 1: Install Apache To install Apache, the following commands were used; sudo apt-get update: this command is used to update the list of packages and their version. The command only gets and updates information about the packages but does not install the updates. sudo apt-get install apache2: the command installs apache web server. To confirm that the Apache Web server was successfully installed, the default apache page was accessed from a web browser;
Step 2: Install MySQL MySQL database was installed using the command; sudo apt install mysql-server Step 3. Install PHP For PhP to work, a number of packages had to be installed as outlined below. sudo apt install php-pear php-fpm php-dev php-zip php-curl php- xmlrpc php-gd php-mysql php-mbstring php-xml libapache2-mod-php Hardening the Web Server To harden the web server, which makes it more secure, by only allowing access to the web hosting services, the firewall was configured using IPTables. The process is as outline below. Step 1: Install the Persistent Firewall Service For the firewall service to run on the machine, it was necessary to install the iptables-persistent package. The packages allows the rules set to be persisted and be applied automatically at boot time. The following command was used to install the package sudo apt-get install iptables-persistent Step 2: edit the iptables for IPv4 sudo nano /etc/iptables/rules.v4
The same was done for IPTables for IPv6 with the command; sudo nano /etc/iptables/rules.v6 To test for errors in the modified files, the following two commands were used; sudo iptables-restore -t /etc/iptables/rules.v4 sudo ip6tables-restore -t /etc/iptables/rules.v6 No error was reported, meaning the iptables files were okay. The next command was used to activate the rules. For IT assignment help visit myassignmenthelp.com Part 2: Virtual Machine Two - LAMP Server Difficulties Encountered Major difficulties were encountered trying to harden the web server. The iptables-persistent service was not running and attempts to start it failed with the error; "Failed to start iptables-persistent.service: Unit iptables- persistent.service not found" After an hour of headache and Googling, I finally found a command to start the service. sudo service netfilter-persistent start
I realized that the failure to start was a problem with some versions of Ubuntu; the above configurations seemed not to work and I had to do the following steps to harden the server with a firewall using IPTables. Step1; resetting the firewall sudo service netfilter-persistent flush After flushing, I verified that the rules were removed. Create Protocols The next step was to crete specific chain of protocols that the web server will accept; UDP, TCP and ICMP sudo iptables -N UDP sudo iptables -N TCP sudo iptables -N ICMP Since SSH traffic uses TCP protocol, I had to add an exception for SSH on the firewall. SSH traffic uses port 22. The following command was used to create the exception. sudo iptables -A TCP -p tcp --dport 22 -j ACCEPT General Purpose Accept/Deny Rules To facilitate filtering of traffic, some general purpose rules were created to accept of drop packets. For a start traffic for an already
established connection was accepted; this was implemented by the command. sudo iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT The firewall rule for filtering makes use of conntrack package, which enables internal tracking, allowing the iptables have the context to facilitate evaluation of packets. Allow Loopback traffic To allow traffic from the loopback interface, the following command was executed Deny all invalid Packets Packets that are invalid such as those that address a non-existing port has to be denied. This was implemented using the command. sudo iptables -A INPUT -m conntrack --ctstate INVALID -j DROP Jump Rule for Protocol-Specific Chain To allow traffic reach the desired protocols, some jump rules were created. The rules will filter the traffic and only allow the genuine and valid traffic. For example TCP traffic will be filtered to only allow SYN packets, since SYN is the only valid traffic for TCP type connection. The following commands were executed to allow the rules to be create;
sudo iptables -A INPUT -p udp -m conntrack --ctstate NEW -j UDP sudo iptables -A INPUT -p tcp --syn -m conntrack --ctstate NEW -j TCP sudo iptables -A INPUT -p icmp -m conntrack --ctstate NEW -j ICMP Finally, a rule was created to reject all other traffic hitting the server. The commands below was used to create the rules; sudo iptables -A INPUT -p udp -j REJECT --reject-with icmp-port- unreachable sudo iptables -A INPUT -p tcp -j REJECT --reject-with tcp-reset sudo iptables -A INPUT -j REJECT --reject-with icmp-proto-unreachable sudo iptables -P INPUT DROP sudo iptables -P FORWARD DROP sudo ip6tables -P INPUT DROP sudo ip6tables -P FORWARD DROP sudo ip6tables -P OUTPUT DROP sudo service iptables-persistent save The final state of the iptables is as shown below; Part 3: Remote File Access This part will install and configure FTP service on Ubuntu [server2]
Step 1 — Install vsftpd The following command was used to install vsftpd sudo apt-get install vsftpd Step 2: Configure firewall rules to allow FTP service This configuration will open port 20 and port 21 which are used by the FTP service; for this server the firewall rules were set using iptables. For that reason we need to add a rule in the iptables to allow FTP traffic. The following commands were used; iptables -A INPUT -p tcp - m tcp --dport 21 -j ACCEPT The iptables after adding port 21 and 22. Step 3 — Prepare User Directory First add a test user; sudo adduser saffioti Then create a directory for the user and assign rights; sudo mkdir /home/ saffioti /ftp sudo chown nobody:nogroup /home/ saffioti /ftp sudo chmod a-w /home/ saffioti /ftp Next we create directory for uploading files into and change the rights; sudo mkdir /home/saffioti/ftp/files sudo chown saffioti:saffioti /home/saffioti/ftp/files Step 4 — Configuring FTP Access
To configure access to FTP we edit the file; sudo nano /etc/vsftpd.conf Step 5 — Test FTP Access Testing with anonymous connection Part 4: Making DNS Robust Installing a bind on server2, to make it the secondary DNS server. Installing BIND: apt-get install bind9 Configurations for BIND nano /etc/bind/named.conf.local Then configure the zones file named; saffioti.org.au Define a reverse DNS lookup nano /etc/bind/zones/rev.3.2.1.in- addr.arpa Testing the DNS confirmed it was up and running Part 5: Simple Web Services Step 1: Generate the self signed certificate Then we sign the certificates followed by modification of Apache's default ssl configuration file Finally we edit the file /etc/apache2/sites-available/default-ssl.conf
Original Source: https://myassignmenthelp.com/free- samples/infs5907-managing-security-and-ethics-in- cyberspace/when-implementing-the-virtual-machines.html

Recommended

Free radius billing server with practical vpn exmaple
Free radius billing server with practical vpn exmapleFree radius billing server with practical vpn exmaple
Free radius billing server with practical vpn exmapleChanaka Lasantha
 
Lamp Server With Drupal Installation
Lamp Server With Drupal InstallationLamp Server With Drupal Installation
Lamp Server With Drupal Installationfranbow
 
Installing Lamp Stack on Ubuntu Instance
Installing Lamp Stack on Ubuntu InstanceInstalling Lamp Stack on Ubuntu Instance
Installing Lamp Stack on Ubuntu Instancekamarul kawnayeen
 
Linux internet server security and configuration tutorial
Linux internet server security and configuration tutorialLinux internet server security and configuration tutorial
Linux internet server security and configuration tutorialannik147
 
How To Deploy A Cloud Based Webserver in 5 minutes - LAMP
How To Deploy A Cloud Based Webserver in 5 minutes - LAMPHow To Deploy A Cloud Based Webserver in 5 minutes - LAMP
How To Deploy A Cloud Based Webserver in 5 minutes - LAMPMatt Dunlap
 
INFA 620Laboratory 4 Configuring a FirewallIn this exercise.docx
INFA 620Laboratory 4 Configuring a FirewallIn this exercise.docxINFA 620Laboratory 4 Configuring a FirewallIn this exercise.docx
INFA 620Laboratory 4 Configuring a FirewallIn this exercise.docxcarliotwaycave
 
Scale Apache with Nginx
Scale Apache with NginxScale Apache with Nginx
Scale Apache with NginxBud Siddhisena
 
How install nagios in ubuntu 15.04, 16.04
How install nagios in ubuntu 15.04, 16.04How install nagios in ubuntu 15.04, 16.04
How install nagios in ubuntu 15.04, 16.04Vanda KANY
 

Recommended

Free radius billing server with practical vpn exmaple
Free radius billing server with practical vpn exmapleFree radius billing server with practical vpn exmaple
Free radius billing server with practical vpn exmapleChanaka Lasantha
 
Lamp Server With Drupal Installation
Lamp Server With Drupal InstallationLamp Server With Drupal Installation
Lamp Server With Drupal Installationfranbow
 
Installing Lamp Stack on Ubuntu Instance
Installing Lamp Stack on Ubuntu InstanceInstalling Lamp Stack on Ubuntu Instance
Installing Lamp Stack on Ubuntu Instancekamarul kawnayeen
 
Linux internet server security and configuration tutorial
Linux internet server security and configuration tutorialLinux internet server security and configuration tutorial
Linux internet server security and configuration tutorialannik147
 
How To Deploy A Cloud Based Webserver in 5 minutes - LAMP
How To Deploy A Cloud Based Webserver in 5 minutes - LAMPHow To Deploy A Cloud Based Webserver in 5 minutes - LAMP
How To Deploy A Cloud Based Webserver in 5 minutes - LAMPMatt Dunlap
 
INFA 620Laboratory 4 Configuring a FirewallIn this exercise.docx
INFA 620Laboratory 4 Configuring a FirewallIn this exercise.docxINFA 620Laboratory 4 Configuring a FirewallIn this exercise.docx
INFA 620Laboratory 4 Configuring a FirewallIn this exercise.docxcarliotwaycave
 
Scale Apache with Nginx
Scale Apache with NginxScale Apache with Nginx
Scale Apache with NginxBud Siddhisena
 
How install nagios in ubuntu 15.04, 16.04
How install nagios in ubuntu 15.04, 16.04How install nagios in ubuntu 15.04, 16.04
How install nagios in ubuntu 15.04, 16.04Vanda KANY
 
Nat mikrotik
Nat mikrotikNat mikrotik
Nat mikrotiklouisraj
 
Configuration Firewalld On CentOS 8
Configuration Firewalld On CentOS 8Configuration Firewalld On CentOS 8
Configuration Firewalld On CentOS 8Kaan Aslandağ
 
Kickstart
KickstartKickstart
KickstartDhananjayan Ezhumalai
 
Java App On Digital Ocean: Deploying With Gitlab CI/CD
Java App On Digital Ocean: Deploying With Gitlab CI/CDJava App On Digital Ocean: Deploying With Gitlab CI/CD
Java App On Digital Ocean: Deploying With Gitlab CI/CDSeun Matt
 
Linux
LinuxLinux
LinuxKavi Bharathi R
 
Iptables in linux
Iptables in linuxIptables in linux
Iptables in linuxMandeep Singh
 
Dhcp
DhcpDhcp
DhcpMd Shihab
 
How to install and configure LEMP stack
How to install and configure LEMP stackHow to install and configure LEMP stack
How to install and configure LEMP stackRootGate
 
Linux Presentation
Linux PresentationLinux Presentation
Linux Presentationkuldeepakgautam
 
Ftp configuration in rhel7
Ftp configuration in rhel7Ftp configuration in rhel7
Ftp configuration in rhel7Balamurugan M
 
Install cacti on open suse 13
Install cacti on open suse 13Install cacti on open suse 13
Install cacti on open suse 13Vanda KANY
 
Drupaljam 2017 - Deploying Drupal 8 onto Hosted Kubernetes in Google Cloud
Drupaljam 2017 - Deploying Drupal 8 onto Hosted Kubernetes in Google CloudDrupaljam 2017 - Deploying Drupal 8 onto Hosted Kubernetes in Google Cloud
Drupaljam 2017 - Deploying Drupal 8 onto Hosted Kubernetes in Google CloudDropsolid
 
Nrpe - Nagios Remote Plugin Executor. NRPE plugin for Nagios Core
Nrpe - Nagios Remote Plugin Executor. NRPE plugin for Nagios CoreNrpe - Nagios Remote Plugin Executor. NRPE plugin for Nagios Core
Nrpe - Nagios Remote Plugin Executor. NRPE plugin for Nagios CoreNagios
 
NRPE - Nagios Remote Plugin Executor. NRPE plugin for Nagios Core 4 and others.
NRPE - Nagios Remote Plugin Executor. NRPE plugin for Nagios Core 4 and others.NRPE - Nagios Remote Plugin Executor. NRPE plugin for Nagios Core 4 and others.
NRPE - Nagios Remote Plugin Executor. NRPE plugin for Nagios Core 4 and others.Marc Trimble
 
Free ipa installation and cluster configuration, freeipa client connection
Free ipa installation and cluster configuration, freeipa client connectionFree ipa installation and cluster configuration, freeipa client connection
Free ipa installation and cluster configuration, freeipa client connectionRustam Sariyev
 
9 creating cent_os 7_mages_for_dpdk_training
9 creating cent_os 7_mages_for_dpdk_training9 creating cent_os 7_mages_for_dpdk_training
9 creating cent_os 7_mages_for_dpdk_trainingvideos
 
Tested install-isp config3-ubuntu-16-04
Tested install-isp config3-ubuntu-16-04Tested install-isp config3-ubuntu-16-04
Tested install-isp config3-ubuntu-16-04SANTIAGO HERNÁNDEZ
 
Howto Pxeboot
Howto PxebootHowto Pxeboot
Howto PxebootRogério Sampaio
 
Positive Hack Days. Pavlov. Network Infrastructure Security Assessment
Positive Hack Days. Pavlov. Network Infrastructure Security AssessmentPositive Hack Days. Pavlov. Network Infrastructure Security Assessment
Positive Hack Days. Pavlov. Network Infrastructure Security AssessmentPositive Hack Days
 
Ftp server
Ftp serverFtp server
Ftp serverpawnbeeta
 
TataKelola dan KamSiber Kecerdasan Buatan v022.pdf
TataKelola dan KamSiber Kecerdasan Buatan v022.pdfTataKelola dan KamSiber Kecerdasan Buatan v022.pdf
TataKelola dan KamSiber Kecerdasan Buatan v022.pdfSarwono Sutikno, Dr.Eng.,CISA,CISSP,CISM,CSX-F
 
ENGLISH5 QUARTER4 MODULE1 WEEK1-3 How Visual and Multimedia Elements.pptx
ENGLISH5 QUARTER4 MODULE1 WEEK1-3 How Visual and Multimedia Elements.pptxENGLISH5 QUARTER4 MODULE1 WEEK1-3 How Visual and Multimedia Elements.pptx
ENGLISH5 QUARTER4 MODULE1 WEEK1-3 How Visual and Multimedia Elements.pptxAnaBeatriceAblay2
 

More Related Content

Similar to Installation And Configuration Of DNS, Web And FTP Servers On Virtual Machines Using Ubuntu And CentOS.docx

Nat mikrotik
Nat mikrotikNat mikrotik
Nat mikrotiklouisraj
 
Configuration Firewalld On CentOS 8
Configuration Firewalld On CentOS 8Configuration Firewalld On CentOS 8
Configuration Firewalld On CentOS 8Kaan Aslandağ
 
Java App On Digital Ocean: Deploying With Gitlab CI/CD
Java App On Digital Ocean: Deploying With Gitlab CI/CDJava App On Digital Ocean: Deploying With Gitlab CI/CD
Java App On Digital Ocean: Deploying With Gitlab CI/CDSeun Matt
 
How to install and configure LEMP stack
How to install and configure LEMP stackHow to install and configure LEMP stack
How to install and configure LEMP stackRootGate
 
Ftp configuration in rhel7
Ftp configuration in rhel7Ftp configuration in rhel7
Ftp configuration in rhel7Balamurugan M
 
Install cacti on open suse 13
Install cacti on open suse 13Install cacti on open suse 13
Install cacti on open suse 13Vanda KANY
 
Drupaljam 2017 - Deploying Drupal 8 onto Hosted Kubernetes in Google Cloud
Drupaljam 2017 - Deploying Drupal 8 onto Hosted Kubernetes in Google CloudDrupaljam 2017 - Deploying Drupal 8 onto Hosted Kubernetes in Google Cloud
Drupaljam 2017 - Deploying Drupal 8 onto Hosted Kubernetes in Google CloudDropsolid
 
Nrpe - Nagios Remote Plugin Executor. NRPE plugin for Nagios Core
Nrpe - Nagios Remote Plugin Executor. NRPE plugin for Nagios CoreNrpe - Nagios Remote Plugin Executor. NRPE plugin for Nagios Core
Nrpe - Nagios Remote Plugin Executor. NRPE plugin for Nagios CoreNagios
 
NRPE - Nagios Remote Plugin Executor. NRPE plugin for Nagios Core 4 and others.
NRPE - Nagios Remote Plugin Executor. NRPE plugin for Nagios Core 4 and others.NRPE - Nagios Remote Plugin Executor. NRPE plugin for Nagios Core 4 and others.
NRPE - Nagios Remote Plugin Executor. NRPE plugin for Nagios Core 4 and others.Marc Trimble
 
Free ipa installation and cluster configuration, freeipa client connection
Free ipa installation and cluster configuration, freeipa client connectionFree ipa installation and cluster configuration, freeipa client connection
Free ipa installation and cluster configuration, freeipa client connectionRustam Sariyev
 
9 creating cent_os 7_mages_for_dpdk_training
9 creating cent_os 7_mages_for_dpdk_training9 creating cent_os 7_mages_for_dpdk_training
9 creating cent_os 7_mages_for_dpdk_trainingvideos
 
Tested install-isp config3-ubuntu-16-04
Tested install-isp config3-ubuntu-16-04Tested install-isp config3-ubuntu-16-04
Tested install-isp config3-ubuntu-16-04SANTIAGO HERNÁNDEZ
 
Positive Hack Days. Pavlov. Network Infrastructure Security Assessment
Positive Hack Days. Pavlov. Network Infrastructure Security AssessmentPositive Hack Days. Pavlov. Network Infrastructure Security Assessment
Positive Hack Days. Pavlov. Network Infrastructure Security AssessmentPositive Hack Days
 

Similar to Installation And Configuration Of DNS, Web And FTP Servers On Virtual Machines Using Ubuntu And CentOS.docx (20)

Nat mikrotik
Nat mikrotikNat mikrotik
Nat mikrotik
 
Configuration Firewalld On CentOS 8
Configuration Firewalld On CentOS 8Configuration Firewalld On CentOS 8
Configuration Firewalld On CentOS 8
 
Kickstart
KickstartKickstart
Kickstart
 
Java App On Digital Ocean: Deploying With Gitlab CI/CD
Java App On Digital Ocean: Deploying With Gitlab CI/CDJava App On Digital Ocean: Deploying With Gitlab CI/CD
Java App On Digital Ocean: Deploying With Gitlab CI/CD
 
Linux
LinuxLinux
Linux
 
Iptables in linux
Iptables in linuxIptables in linux
Iptables in linux
 
Dhcp
DhcpDhcp
Dhcp
 
How to install and configure LEMP stack
How to install and configure LEMP stackHow to install and configure LEMP stack
How to install and configure LEMP stack
 
Linux Presentation
Linux PresentationLinux Presentation
Linux Presentation
 
Ftp configuration in rhel7
Ftp configuration in rhel7Ftp configuration in rhel7
Ftp configuration in rhel7
 
Install cacti on open suse 13
Install cacti on open suse 13Install cacti on open suse 13
Install cacti on open suse 13
 
Drupaljam 2017 - Deploying Drupal 8 onto Hosted Kubernetes in Google Cloud
Drupaljam 2017 - Deploying Drupal 8 onto Hosted Kubernetes in Google CloudDrupaljam 2017 - Deploying Drupal 8 onto Hosted Kubernetes in Google Cloud
Drupaljam 2017 - Deploying Drupal 8 onto Hosted Kubernetes in Google Cloud
 
Nrpe - Nagios Remote Plugin Executor. NRPE plugin for Nagios Core
Nrpe - Nagios Remote Plugin Executor. NRPE plugin for Nagios CoreNrpe - Nagios Remote Plugin Executor. NRPE plugin for Nagios Core
Nrpe - Nagios Remote Plugin Executor. NRPE plugin for Nagios Core
 
NRPE - Nagios Remote Plugin Executor. NRPE plugin for Nagios Core 4 and others.
NRPE - Nagios Remote Plugin Executor. NRPE plugin for Nagios Core 4 and others.NRPE - Nagios Remote Plugin Executor. NRPE plugin for Nagios Core 4 and others.
NRPE - Nagios Remote Plugin Executor. NRPE plugin for Nagios Core 4 and others.
 
Free ipa installation and cluster configuration, freeipa client connection
Free ipa installation and cluster configuration, freeipa client connectionFree ipa installation and cluster configuration, freeipa client connection
Free ipa installation and cluster configuration, freeipa client connection
 
9 creating cent_os 7_mages_for_dpdk_training
9 creating cent_os 7_mages_for_dpdk_training9 creating cent_os 7_mages_for_dpdk_training
9 creating cent_os 7_mages_for_dpdk_training
 
Tested install-isp config3-ubuntu-16-04
Tested install-isp config3-ubuntu-16-04Tested install-isp config3-ubuntu-16-04
Tested install-isp config3-ubuntu-16-04
 
Howto Pxeboot
Howto PxebootHowto Pxeboot
Howto Pxeboot
 
Positive Hack Days. Pavlov. Network Infrastructure Security Assessment
Positive Hack Days. Pavlov. Network Infrastructure Security AssessmentPositive Hack Days. Pavlov. Network Infrastructure Security Assessment
Positive Hack Days. Pavlov. Network Infrastructure Security Assessment
 
Ftp server
Ftp serverFtp server
Ftp server
 

Recently uploaded

ENGLISH5 QUARTER4 MODULE1 WEEK1-3 How Visual and Multimedia Elements.pptx
ENGLISH5 QUARTER4 MODULE1 WEEK1-3 How Visual and Multimedia Elements.pptxENGLISH5 QUARTER4 MODULE1 WEEK1-3 How Visual and Multimedia Elements.pptx
ENGLISH5 QUARTER4 MODULE1 WEEK1-3 How Visual and Multimedia Elements.pptxAnaBeatriceAblay2
 
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfBASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfSoniaTolstoy
 
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxSOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxiammrhaywood
 
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...Marc Dusseiller Dusjagr
 
Alper Gobel In Media Res Media Component
Alper Gobel In Media Res Media ComponentAlper Gobel In Media Res Media Component
Alper Gobel In Media Res Media ComponentInMediaRes1
 
Hybridoma Technology ( Production , Purification , and Application )
Hybridoma Technology ( Production , Purification , and Application ) Hybridoma Technology ( Production , Purification , and Application )
Hybridoma Technology ( Production , Purification , and Application ) Sakshi Ghasle
 
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxOrganic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxVS Mahajan Coaching Centre
 
Pharmacognosy Flower 3. Compositae 2023.pdf
Pharmacognosy Flower 3. Compositae 2023.pdfPharmacognosy Flower 3. Compositae 2023.pdf
Pharmacognosy Flower 3. Compositae 2023.pdfMahmoud M. Sallam
 
Blooming Together_ Growing a Community Garden Worksheet.docx
Blooming Together_ Growing a Community Garden Worksheet.docxBlooming Together_ Growing a Community Garden Worksheet.docx
Blooming Together_ Growing a Community Garden Worksheet.docxUnboundStockton
 
Introduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptxIntroduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptxpboyjonauth
 
EPANDING THE CONTENT OF AN OUTLINE using notes.pptx
EPANDING THE CONTENT OF AN OUTLINE using notes.pptxEPANDING THE CONTENT OF AN OUTLINE using notes.pptx
EPANDING THE CONTENT OF AN OUTLINE using notes.pptxRaymartEstabillo3
 
Biting mechanism of poisonous snakes.pdf
Biting mechanism of poisonous snakes.pdfBiting mechanism of poisonous snakes.pdf
Biting mechanism of poisonous snakes.pdfadityarao40181
 
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️9953056974 Low Rate Call Girls In Saket, Delhi NCR
 
How to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptxHow to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptxmanuelaromero2013
 
Painted Grey Ware.pptx, PGW Culture of India
Painted Grey Ware.pptx, PGW Culture of IndiaPainted Grey Ware.pptx, PGW Culture of India
Painted Grey Ware.pptx, PGW Culture of IndiaVirag Sontakke
 
Class 11 Legal Studies Ch-1 Concept of State .pdf
Class 11 Legal Studies Ch-1 Concept of State .pdfClass 11 Legal Studies Ch-1 Concept of State .pdf
Class 11 Legal Studies Ch-1 Concept of State .pdfakmcokerachita
 
History Class XII Ch. 3 Kinship, Caste and Class (1).pptx
History Class XII Ch. 3 Kinship, Caste and Class (1).pptxHistory Class XII Ch. 3 Kinship, Caste and Class (1).pptx
History Class XII Ch. 3 Kinship, Caste and Class (1).pptxsocialsciencegdgrohi
 
Paris 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityParis 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityGeoBlogs
 

Recently uploaded (20)

TataKelola dan KamSiber Kecerdasan Buatan v022.pdf
TataKelola dan KamSiber Kecerdasan Buatan v022.pdfTataKelola dan KamSiber Kecerdasan Buatan v022.pdf
TataKelola dan KamSiber Kecerdasan Buatan v022.pdf
 
ENGLISH5 QUARTER4 MODULE1 WEEK1-3 How Visual and Multimedia Elements.pptx
ENGLISH5 QUARTER4 MODULE1 WEEK1-3 How Visual and Multimedia Elements.pptxENGLISH5 QUARTER4 MODULE1 WEEK1-3 How Visual and Multimedia Elements.pptx
ENGLISH5 QUARTER4 MODULE1 WEEK1-3 How Visual and Multimedia Elements.pptx
 
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfBASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
 
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxSOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
 
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
 
Alper Gobel In Media Res Media Component
Alper Gobel In Media Res Media ComponentAlper Gobel In Media Res Media Component
Alper Gobel In Media Res Media Component
 
Hybridoma Technology ( Production , Purification , and Application )
Hybridoma Technology ( Production , Purification , and Application ) Hybridoma Technology ( Production , Purification , and Application )
Hybridoma Technology ( Production , Purification , and Application )
 
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxOrganic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
 
Pharmacognosy Flower 3. Compositae 2023.pdf
Pharmacognosy Flower 3. Compositae 2023.pdfPharmacognosy Flower 3. Compositae 2023.pdf
Pharmacognosy Flower 3. Compositae 2023.pdf
 
Blooming Together_ Growing a Community Garden Worksheet.docx
Blooming Together_ Growing a Community Garden Worksheet.docxBlooming Together_ Growing a Community Garden Worksheet.docx
Blooming Together_ Growing a Community Garden Worksheet.docx
 
Introduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptxIntroduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptx
 
EPANDING THE CONTENT OF AN OUTLINE using notes.pptx
EPANDING THE CONTENT OF AN OUTLINE using notes.pptxEPANDING THE CONTENT OF AN OUTLINE using notes.pptx
EPANDING THE CONTENT OF AN OUTLINE using notes.pptx
 
Biting mechanism of poisonous snakes.pdf
Biting mechanism of poisonous snakes.pdfBiting mechanism of poisonous snakes.pdf
Biting mechanism of poisonous snakes.pdf
 
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
 
How to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptxHow to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptx
 
Painted Grey Ware.pptx, PGW Culture of India
Painted Grey Ware.pptx, PGW Culture of IndiaPainted Grey Ware.pptx, PGW Culture of India
Painted Grey Ware.pptx, PGW Culture of India
 
Class 11 Legal Studies Ch-1 Concept of State .pdf
Class 11 Legal Studies Ch-1 Concept of State .pdfClass 11 Legal Studies Ch-1 Concept of State .pdf
Class 11 Legal Studies Ch-1 Concept of State .pdf
 
History Class XII Ch. 3 Kinship, Caste and Class (1).pptx
History Class XII Ch. 3 Kinship, Caste and Class (1).pptxHistory Class XII Ch. 3 Kinship, Caste and Class (1).pptx
History Class XII Ch. 3 Kinship, Caste and Class (1).pptx
 
Paris 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityParis 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activity
 
Staff of Color (SOC) Retention Efforts DDSD
Staff of Color (SOC) Retention Efforts DDSDStaff of Color (SOC) Retention Efforts DDSD
Staff of Color (SOC) Retention Efforts DDSD
 

Installation And Configuration Of DNS, Web And FTP Servers On Virtual Machines Using Ubuntu And CentOS.docx

  • 1. Installation And Configuration Of DNS, Web And FTP Servers On Virtual Machines Using Ubuntu And CentOS Part 1: Virtual Machine One – DNS & SSH Server The first Virtual Machine should be installed and have the BIND (DNS) server installed on it. While you do not own any address space/ name space your name server should manage the following domains: The name server should answer queries for this domain. In addition to the saffioti.org.au zone, a zone should be set up for the reverse zone – the reverse zone would be whatever the address range is of your virtual machine. You should do some research on how Bind handles reverse zones. For networking assignment help visit Myassignmenthelp.com Part 2: Virtual Machine Two The second Virtual Machine is to have the LAMP software package installed. LAMP is a standard bundle in the Ubuntu Server platform. Once complete set up this Virtual Machine to host a website using the Apache Web Server. The Virtual Machine should have a statically assigned address which matches that specified in the A record for host www. Test your Apache Server Virtual Machine by using a web browser on another host and trying to browse the website www.saffioti.org.au.
  • 2. Finally harden this host so that only services being used can be accessed by other machines. You will need to use IPTables. Part 3: Remote File Access Once you have set up the web server (in part 2) and tested it, install any FTP server. The FTP server would allow users to upload/ download files to the web server. Configure the server appropriately and then test from another host. You will need to make changes to your firewall configuration. In addition to this add a CNAME for ftp on the name server pointing to server2. Document the entire process and challenges you experienced. Part 4: Making DNS Robust You are to also install bind on Virtual Machine Two and make it a secondary for the above domain. You can install this service from a package or configure from source. Part 5: Simple Web Services In Virtual Machine Two you set up a web server for the DNS namesaffioti.org.au.The server is implemented using the HTTP protocol listening on port 80. Your challenge is to make the same site accessible using the HTTPS protocol. To do this set up SSL with a self signed certificate for the site. In this assignment, two virtual machine running Ubuntu and CentOS were installed and configured on a VMware Workstation Player. The first machine was installed with a BIND, to provide DNS & SSH services,
  • 3. while the second one was installed with a Web Server. The name server on virtual machine 1 was configured to manage the domain saffioti.org.au. A zone was also set up for the reverse zone and hardened by use of firewall rules, which allowed access to the services. The virtual machine running Ubuntu OS was the web server, where LAMP was installed. The Apache Web Server in the LAMP software was used to host a website. Additionally, an FTP server was configured on the same virtual machine. Part 1: Virtual Machine One – DNS & SSH Server This virtual machine was installed with CentOs, and a BIND (DNS) installed and configured on it. The name server was configured to manage the domain; org.au Step 1: Install Bind sudo yum install bind bind-utils Step 2: Configure DNS The namde.conf file was edited as shown below. nano -w /etc/named.conf Step 3: Configure bind zone nano -w /var/named/saffioti.org.au.zone Restart the Service, then enable it to start automatically at boot time;
  • 4. the following commands were used; service named restart chkconfig named on Part 2: Virtual Machine Two: Server2 Ubuntu Operating system was installed on this virtual machine, and used as a web server. To enable it server as a web server, LAMP was installed. By definition LAMP is a stack of open source software tools, that are normally installed together to facilitate hosting of dynamic websites and web applications. LAMP translates to Linux, Apache, MySQL, PHP. The three software are installed on Linux along each other to facilitate web hosting. In this exercise, the software were installed in a series of steps as outlined below. step 1: Install Apache To install Apache, the following commands were used; sudo apt-get update: this command is used to update the list of packages and their version. The command only gets and updates information about the packages but does not install the updates. sudo apt-get install apache2: the command installs apache web server. To confirm that the Apache Web server was successfully installed, the default apache page was accessed from a web browser;
  • 5. Step 2: Install MySQL MySQL database was installed using the command; sudo apt install mysql-server Step 3. Install PHP For PhP to work, a number of packages had to be installed as outlined below. sudo apt install php-pear php-fpm php-dev php-zip php-curl php- xmlrpc php-gd php-mysql php-mbstring php-xml libapache2-mod-php Hardening the Web Server To harden the web server, which makes it more secure, by only allowing access to the web hosting services, the firewall was configured using IPTables. The process is as outline below. Step 1: Install the Persistent Firewall Service For the firewall service to run on the machine, it was necessary to install the iptables-persistent package. The packages allows the rules set to be persisted and be applied automatically at boot time. The following command was used to install the package sudo apt-get install iptables-persistent Step 2: edit the iptables for IPv4 sudo nano /etc/iptables/rules.v4
  • 6. The same was done for IPTables for IPv6 with the command; sudo nano /etc/iptables/rules.v6 To test for errors in the modified files, the following two commands were used; sudo iptables-restore -t /etc/iptables/rules.v4 sudo ip6tables-restore -t /etc/iptables/rules.v6 No error was reported, meaning the iptables files were okay. The next command was used to activate the rules. For IT assignment help visit myassignmenthelp.com Part 2: Virtual Machine Two - LAMP Server Difficulties Encountered Major difficulties were encountered trying to harden the web server. The iptables-persistent service was not running and attempts to start it failed with the error; "Failed to start iptables-persistent.service: Unit iptables- persistent.service not found" After an hour of headache and Googling, I finally found a command to start the service. sudo service netfilter-persistent start
  • 7. I realized that the failure to start was a problem with some versions of Ubuntu; the above configurations seemed not to work and I had to do the following steps to harden the server with a firewall using IPTables. Step1; resetting the firewall sudo service netfilter-persistent flush After flushing, I verified that the rules were removed. Create Protocols The next step was to crete specific chain of protocols that the web server will accept; UDP, TCP and ICMP sudo iptables -N UDP sudo iptables -N TCP sudo iptables -N ICMP Since SSH traffic uses TCP protocol, I had to add an exception for SSH on the firewall. SSH traffic uses port 22. The following command was used to create the exception. sudo iptables -A TCP -p tcp --dport 22 -j ACCEPT General Purpose Accept/Deny Rules To facilitate filtering of traffic, some general purpose rules were created to accept of drop packets. For a start traffic for an already
  • 8. established connection was accepted; this was implemented by the command. sudo iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT The firewall rule for filtering makes use of conntrack package, which enables internal tracking, allowing the iptables have the context to facilitate evaluation of packets. Allow Loopback traffic To allow traffic from the loopback interface, the following command was executed Deny all invalid Packets Packets that are invalid such as those that address a non-existing port has to be denied. This was implemented using the command. sudo iptables -A INPUT -m conntrack --ctstate INVALID -j DROP Jump Rule for Protocol-Specific Chain To allow traffic reach the desired protocols, some jump rules were created. The rules will filter the traffic and only allow the genuine and valid traffic. For example TCP traffic will be filtered to only allow SYN packets, since SYN is the only valid traffic for TCP type connection. The following commands were executed to allow the rules to be create;
  • 9. sudo iptables -A INPUT -p udp -m conntrack --ctstate NEW -j UDP sudo iptables -A INPUT -p tcp --syn -m conntrack --ctstate NEW -j TCP sudo iptables -A INPUT -p icmp -m conntrack --ctstate NEW -j ICMP Finally, a rule was created to reject all other traffic hitting the server. The commands below was used to create the rules; sudo iptables -A INPUT -p udp -j REJECT --reject-with icmp-port- unreachable sudo iptables -A INPUT -p tcp -j REJECT --reject-with tcp-reset sudo iptables -A INPUT -j REJECT --reject-with icmp-proto-unreachable sudo iptables -P INPUT DROP sudo iptables -P FORWARD DROP sudo ip6tables -P INPUT DROP sudo ip6tables -P FORWARD DROP sudo ip6tables -P OUTPUT DROP sudo service iptables-persistent save The final state of the iptables is as shown below; Part 3: Remote File Access This part will install and configure FTP service on Ubuntu [server2]
  • 10. Step 1 — Install vsftpd The following command was used to install vsftpd sudo apt-get install vsftpd Step 2: Configure firewall rules to allow FTP service This configuration will open port 20 and port 21 which are used by the FTP service; for this server the firewall rules were set using iptables. For that reason we need to add a rule in the iptables to allow FTP traffic. The following commands were used; iptables -A INPUT -p tcp - m tcp --dport 21 -j ACCEPT The iptables after adding port 21 and 22. Step 3 — Prepare User Directory First add a test user; sudo adduser saffioti Then create a directory for the user and assign rights; sudo mkdir /home/ saffioti /ftp sudo chown nobody:nogroup /home/ saffioti /ftp sudo chmod a-w /home/ saffioti /ftp Next we create directory for uploading files into and change the rights; sudo mkdir /home/saffioti/ftp/files sudo chown saffioti:saffioti /home/saffioti/ftp/files Step 4 — Configuring FTP Access
  • 11. To configure access to FTP we edit the file; sudo nano /etc/vsftpd.conf Step 5 — Test FTP Access Testing with anonymous connection Part 4: Making DNS Robust Installing a bind on server2, to make it the secondary DNS server. Installing BIND: apt-get install bind9 Configurations for BIND nano /etc/bind/named.conf.local Then configure the zones file named; saffioti.org.au Define a reverse DNS lookup nano /etc/bind/zones/rev.3.2.1.in- addr.arpa Testing the DNS confirmed it was up and running Part 5: Simple Web Services Step 1: Generate the self signed certificate Then we sign the certificates followed by modification of Apache's default ssl configuration file Finally we edit the file /etc/apache2/sites-available/default-ssl.conf