Professional Documents
Culture Documents
4LNX2
you must successfully complete all the tasks as per the marking schedule.
merit will only be awarded after all core sections have been
successfully completed.
you may ONLY use your subject journal and approved class
to submit this sheet will result in a FAIL grade, for this attempt. All names and labels below are written case sensitive All passwords where required will be kromer
Duration 3 hours
NAME: e-mail
Lecturer use only RESULT: Lecturer:
DATE:
9/9/2012
1 of 7
ver. 1.0
tafeSA IT Studies
4LNX2
2. Set the workgroup name to TAFESA 3. Create 3 samba shares for the following directories; Filesystem path /storage/volume1 Share name finance
9/9/2012
2 of 7
ver. 1.0
4. Set all shares to have the group owner of tafe. 5. ALL shares must be browseable. 6. The finance share must be read &write for fred, mary & jane no others are allowed access. 7. The management share must be read & write for bob and read only for fred, mary & jane no others are allowed access. 8. The audit share must be read & write for members of the tafe group only no others are allowed access. 9. Ensure the permissions of created files and folders allow the group to write to them.
edit samba and Linux permissions so that all of the above works successfully
(remember that correct access to all the shares is a combination of Linux and samba permissions)
tafeSA IT Studies
4LNX2
(remember that correct access to all the shares is a combination of Linux and nfs permissions)
Client
1. set up YOUR LOCAL MACHINE so that the following nfs share is; 2. soft mounted. 3. NOT mounted at boot time. 4. can be mounted by normal Linux users.
share details
ip address of server = <the lecturer will inform you of this> share name to mount = /nfs/exam local mount point = /storage/volume3
1. display a login banner message welcome to <yourname>'s ftp server 2. disable all local user access. 3. enable anonymous logins. 4. enable anonymous uploads. 5. enable anonymous directory creation. 6. the message please be nice must be displayed when a user accesses the pub directory. (remember that correct anonymous access via FTP must be a combination of Linux and FTP permissions)
9/9/2012
4 of 7
ver. 1.0
tafeSA IT Studies
4LNX2
3. configure apache so that local user fred can have a basic web page that will display hello my name is fred when accessed.
path = /keys/<your name>.pub user name on 172.17.1.14 = keys password on 172.17.1.14 = keys
7. GPG configuration
1. add <your name> as a user to the Linux system
password = kromer Log off as the root user Ensure that you are logged on as user <yourname>
MAIL CLIENT 2. Configure your evolution mail client with the following
pop server = 10.70.0.1 smtp server = 10.70.0.1 Username = <yourname> Password = kromer Subject: <your name> Body: Hello this is a test from <yourname>
4. configure the email client to automatically SIGN every email with <your name> gpg key. 5. create a GPG key pair for <your name> (you should log in FULLY as the user) type = default
9/9/2012
5 of 7
ver. 1.0
tafeSA IT Studies key size = 1024 bits never expires real name
4LNX2
email address of <yourname>@networking.pdn password kromer 6. armor and export <your name> public key to the file <your name>.key 7. email <your name>.key to scott@networking.pdn 8. import scott's public key (scott.key) from the email attachment to <your name> KEY RING 9. trust scotts key on your keyring 10. configure evolution to sign EVERY outgoing message 11. send a new SIGNED message to scott@networking.pdn
8. TCP_Wrappers
1. Allow access to all hosts for ftp 2. allow access for all hosts for nfs 3. allow access to ssh for 172.17.1.14 ONLY 4. deny access to ALL other hosts & services EXCEPT 172.17.1.14
9. IP-Tables
1. Set policies for IPTABLES to allow all FORWARD and OUTPUT traffic. 2. Block ALL INCOMING traffic, using a default policy, except the following; 3. allow incoming access for TCP to port 81 from all hosts 4. allow incoming access for TCP to port ssh from 172.17.1.14 ONLY 5. allow incoming access for TCP to port https from all hosts 6. allow incoming access for TCP to portmap from all hosts 7. allow access for your local machine loopback address 8. allow all established and related packets access to your machine
9/9/2012
6 of 7
ver. 1.0
tafeSA IT Studies
4LNX2
10. services
1. You must ensure that ALL the required services are running before handing over your machine, for marking. 2. You must also ensure that all the required services are enabled on run levels (2345) at startup.
9/9/2012
7 of 7
ver. 1.0