tafeSA IT Studies

4LNX2

Adelaide City Campus

4LNX2 PRACTICE Practical test NOTES:

you must successfully complete all the tasks as per the marking schedule.

merit will only be awarded after all core sections have been

successfully completed.
you may ONLY use your subject journal and approved class

handouts for reference during this test.

NO TEXT BOOKS ALLOWED. No photo copies of journal notes are permitted. this sheet must remain on your computer after the test, failure

to submit this sheet will result in a FAIL grade, for this attempt. All names and labels below are written case sensitive All passwords where required will be kromer

Duration 3 hours
NAME: e-mail
Lecturer use only RESULT: Lecturer:

DATE:

9/9/2012

1 of 7

ver. 1.0

tafeSA IT Studies

4LNX2

Adelaide City Campus

Lecturer use only Signed:

TASKS install and configure a Fedora 14 server

1. Linux Administration
1. Add the following system users; <yourname> bob fred mary jane 2. Create a new system group called tafe 3. ADD mary and fred to the tafe group, preserve any previous group memberships

2. Install and configure SAMBA file sharing server

1. Create Samba accounts for the following users;

<your name> bob fred mary jane

2. Set the workgroup name to TAFESA 3. Create 3 samba shares for the following directories; Filesystem path /storage/volume1 Share name finance

9/9/2012

2 of 7

ver. 1.0

tafeSA IT Studies /storage/volume2 /storage/volume3

4LNX2 management audit

Adelaide City Campus

4. Set all shares to have the group owner of tafe. 5. ALL shares must be browseable. 6. The finance share must be read &write for fred, mary & jane no others are allowed access. 7. The management share must be read & write for bob and read only for fred, mary & jane no others are allowed access. 8. The audit share must be read & write for members of the tafe group only no others are allowed access. 9. Ensure the permissions of created files and folders allow the group to write to them.

edit samba and Linux permissions so that all of the above works successfully

(remember that correct access to all the shares is a combination of Linux and samba permissions)

3. Install and configure an NFS server & client

Server
1. Create an nfs share for the folder /storage 2. Create an nfs share for the folder /backup/daily 3. Create an nfs share for the folder /storage/home 4. Set the /storage share to be read only for the classroom's network CIDR notation is acceptable. 5. /backup/daily must be read write for 127.0.0.1, read only for the classroom network. 6. Disable the squashing of system users for /storage/home and /backup/daily. 7. Allow /storage/home to be written to by everyone on the classroom network and read only for everyone else. 8. Ensure that only the owner of a file created in the /backup/daily share can not be deleted by other users. 9/9/2012 3 of 7 ver. 1.0

tafeSA IT Studies

4LNX2

Adelaide City Campus

(remember that correct access to all the shares is a combination of Linux and nfs permissions)

Client
1. set up YOUR LOCAL MACHINE so that the following nfs share is; 2. soft mounted. 3. NOT mounted at boot time. 4. can be mounted by normal Linux users.

share details
ip address of server = <the lecturer will inform you of this> share name to mount = /nfs/exam local mount point = /storage/volume3

4. Install and configure an FTP server

FTP server configuration must include the following;

1. display a login banner message welcome to <yourname>'s ftp server 2. disable all local user access. 3. enable anonymous logins. 4. enable anonymous uploads. 5. enable anonymous directory creation. 6. the message please be nice must be displayed when a user accesses the pub directory. (remember that correct anonymous access via FTP must be a combination of Linux and FTP permissions)

5. Install and configure Apache web server

1. Change the web server to Listen on port 81 ONLY. 2. Create the correct index page for your web server to contain <yourname> at the top

9/9/2012

4 of 7

ver. 1.0

tafeSA IT Studies

4LNX2

Adelaide City Campus

3. configure apache so that local user fred can have a basic web page that will display hello my name is fred when accessed.

6. Install and configure SSH.

1. Create and RSA key pair for <your name>; 2. SECURE copy the CORRECT key to host 172.17.1.14

path = /keys/<your name>.pub user name on 172.17.1.14 = keys password on 172.17.1.14 = keys

7. GPG configuration
1. add <your name> as a user to the Linux system

password = kromer Log off as the root user Ensure that you are logged on as user <yourname>

MAIL CLIENT 2. Configure your evolution mail client with the following

pop server = 10.70.0.1 smtp server = 10.70.0.1 Username = <yourname> Password = kromer Subject: <your name> Body: Hello this is a test from <yourname>

3. Send a message to scott@networking.pdn

4. configure the email client to automatically SIGN every email with <your name> gpg key. 5. create a GPG key pair for <your name> (you should log in FULLY as the user) type = default

9/9/2012

5 of 7

ver. 1.0

tafeSA IT Studies key size = 1024 bits never expires real name

4LNX2

Adelaide City Campus

email address of <yourname>@networking.pdn password kromer 6. armor and export <your name> public key to the file <your name>.key 7. email <your name>.key to scott@networking.pdn 8. import scott's public key (scott.key) from the email attachment to <your name> KEY RING 9. trust scotts key on your keyring 10. configure evolution to sign EVERY outgoing message 11. send a new SIGNED message to scott@networking.pdn

8. TCP_Wrappers
1. Allow access to all hosts for ftp 2. allow access for all hosts for nfs 3. allow access to ssh for 172.17.1.14 ONLY 4. deny access to ALL other hosts & services EXCEPT 172.17.1.14

9. IP-Tables
1. Set policies for IPTABLES to allow all FORWARD and OUTPUT traffic. 2. Block ALL INCOMING traffic, using a default policy, except the following; 3. allow incoming access for TCP to port 81 from all hosts 4. allow incoming access for TCP to port ssh from 172.17.1.14 ONLY 5. allow incoming access for TCP to port https from all hosts 6. allow incoming access for TCP to portmap from all hosts 7. allow access for your local machine loopback address 8. allow all established and related packets access to your machine

9/9/2012

6 of 7

ver. 1.0

tafeSA IT Studies

4LNX2

Adelaide City Campus

10. services
1. You must ensure that ALL the required services are running before handing over your machine, for marking. 2. You must also ensure that all the required services are enabled on run levels (2345) at startup.

9/9/2012

7 of 7

ver. 1.0