please read the instructions in the attached file
Full Name: _________________________________ Date/Time Started: __________ CSEC 378/418 – Lab 2 Deliverable and Instructions: This lab will guide you through the configuration and management of your Linux system. This lab begins once you are already connected to your Linux host through the Netlab environment. For instructions on how to get connected to the Netlab environment, please consult the Lab Connectivity Guide on D2L. During the course of this lab you will create a user with a username consisting of your first initial and last name - i.e. knaughton. Throughout this lab when you see the term yourname, I am referring to this user account. Substitute it in commands accordingly with the correct username. Please do not create a user actually named “eandujar”. I use the presence of your username in screenshots to validate that the screenshots are your own, and you will not receive credit if you do not have a unique username. The submission file for this lab will be a pdf version of this document, with your answers and screenshots added. Each correctly answered question will count for 1 point. Each screenshot will also count for 1 point and will be evaluated on whether it fully meets the requirements of the screenshot prompt. Your score will be determined by the percentage of total questions and screenshot prompts answered correctly. Answer the questions below the prompts indicated in green. If the question is multi-part, you must answer all parts correctly to receive the point for that question. No partial credit will be given. Add screenshots below the prompts indicated in green. If your screenshot does not meet the requirements of the prompt you will not receive credit for that screenshot. Each individual question is worth 1 point. Each individual screenshot prompt is worth 1 point. Ensure that each screenshot is readable in-line in the submission document. If I am unable to read the contents of your screenshot in the document because it is too large of a screenshot, it will not count for credit. Do not include screenshots of your whole desktop or whole terminal window to when the prompt is asking about one single command. *** Writing in blue is for reference only **** Use Linux Section 1: Package Management Step 1: Use the Netlab environment to access your Linux Server 1 VM. You can log in with username student and password student. Just like in Lab 1 create a new user (using the first initial of your first name, full last name, all lowercase, no spaces – i.e. mine would be knaughton). Set the password to Chicago1871! Step 2: In Lab 1 you granted eandujar sudo permissions by adding it to the wheel group. This time, use the visudo command to edit the /etc/sudoers file instead. Scroll towards the bottom and you will find a configuration line that grants root the capability to run any commands anywhere. Leave this configuration line for root but add a line under this that does the same thing for eandujar, the configuration will look the exact same except it will have eandujar instead of root. Take a screenshot of both the existing root configuration line and your new configuration line. Step 3: Save this new configuration. You can exit the visudo editor by hitting ESC and then typing :wq! And pressing enter to write your changes and quit the file. Question 1.1: What is the meaning of each of the three “ALL”s in the configuration line you entered? Question 1.2: What is the point of the visudo editor? Why should you not use regular vi or vim to edit this file? Step 4: Switch to your eandujar user and verify that you have sudo access. Attempt to run a command using sudo, and make sure it works before proceeding with the lab. If you get access errors, go back and make sure your /etc/sudoers configuration is correct before moving on. Use the eandujar user for the rest of this lab unless indicated otherwise. Step 5: CentOS uses a package manager known as dnf to install, manage and remove applications and packages from your Linux system. If you have used other Linux distros or older versions of CentOS you may be familiar with yum or apt, all of these tools essentially do the same thing which is allow you to install and manage packages on your Linux system. Take a look at the repositories configured on your system using the command sudo dnf repolist. Notice the repo id and the repo name for each. Question 1.3: What are the repo id’s for the repositories configured on your system? Step 6: There are more repositories configured on your system than just these few, you can view a full list which includes disabled repositories by using the command sudo dnf repolist all. Step 7: Now use dnf to list the installed packages on your system using sudo dnf list installed Note: When using the Netlab web interface, you can page up and down through command output with Shift + PageUp/PageDown, but the output may be cut short if it is too long. You can also pipe any commands output to less in order to get paginated output that you can scroll through with the arrow keys. i.e. sudo dnf list installed | less Step 8: Take a look through the output and see which packages are currently installed. Among the list you will see a package called traceroute. traceroute is a command that can be used to trace out the route to a specific IP address. Use traceroute and see the route to 8.8.8.8, Google’s public DNS server. Take a screenshot of the traceroute output and include it below. Question 1.4: Based the name and address information in your screenshot above, which is the first step that is outside the DePaul network? Step 9: Now uninstall traceroute by using the command sudo dnf remove traceroute. You will be prompted to type y or N to confirm the uninstallation. Type y when prompted to confirm the removal. Note: It’s never a bad idea to take a quick look over pending changes before confirming, but you can speed things up a bit and avoid this confirmation prompt by adding a “-y” to the end of your dnf command. Doing this will make dnf automatically accept the confirmation without prompting you. i.e. sudo dnf remove traceroute -y Take a screenshot of the output from the removal and include it below. Step 10: If you wanted to reinstall Traceroute, how would you do it? Even if you’re pretty sure what the package names are, it never hurts to check first. Use the commands sudo dnf search nano and sudo dnf search traceroute to search active repositories for these tools Question 1.5: You may see a couple of matches for nano, but only one is the correct one. How do you know which match is a text editor? Question 1.6: The packages you are looking for have names that end in x86_64. What does this indicate? Do you need to include this in the name when installing these packages? Section 2: Services and Service Configuration Step 1: Run the command ip addr to view the network interfaces on your server, and their current configuration. Locate the eth0 interface and take a screenshot of this portion of the output. Question 2.1: What is the MAC address and IP address of your eth0 interface? Question 2.2: Look at the IPv6 address configured on your eth0 interface, it will begin with fe80. What is the function of IPv6 addresses that begin with this value? Step 2: You may have used the netstat command before. This command still works, but it is actively being phased out and replaced with another command called ss which performs a very similar function. Run the command ss. The output will be difficult to read at first. Step 3: Figure out the options for the ss command so it will only show listening TCP ports. You will need to use two flags. Take a screenshot of the command and its output and include it below. Question 2.3: From the ss output you can see that there are two entries for an SSH listener? Why are there two separate listeners for this one service? Step 4: Configure SSH to listen on IPv4 only, rather than both IPv4 and IPv6. Use vim to edit the configuration file /etc/ssh/sshd_config. Towards the top of the configuration file you will see a line that says #AddressFamily any. Edit this line – remove the leading # to uncomment this configuration line, then change any to inet. Save your changes and exit the file. Note: inet in this case indicates IPv4. Inet6 would indicate IPv6. This is a common way to indicate IPv4 or IPv6 in configuration files. Taking a look at the man page for this configuration file will show you all available syntax options for each configuration line. Use the command man sshd_config to take a look. Step 5: Run the ss command you used in Step 3 again and take a look at the listening ports. Nothing has changed yet, even though you edited the configuration file no changes have taken effect because the ssh daemon isn’t aware of this new configuration until it’s restarted. Step 6: Take a look at the status of the ssh daemon using the command sudo systemctl status sshd. You should see that it is active and loaded, as well as other information and log messages about the daemon. Take a screenshot of the command and its output and include it below. Question 2.4: Based on your screenshot what is the main PID for the SSH daemon? Step 7: Restart the ssh daemon using the command sudo systemctl restart sshd. Then check the status of the daemon again. The daemon should show as active just like before but you will see a different set of log messgaes, as well as some other changes to the output after the restart. Question 2.5: Why does the PID change when you restart the daemon? Step 8: Run the ss command you used in Step 3 again and take a look at the listening ports. You should now see ssh only listening on IPv4. Take a screenshot of the command and its output and include it below. Question 2.6: From the ss output, it seems like your server is running a webserver. Take a look at the output from your ss command. Is your server listening on port 80 (http), port 443 (https), or both? Step 9: Definitely looks like you’re running a webserver. Odd, you don’t remember installing that... Let’s see if we actually have a webpage configured. Use the curl command to request http data from our local