Part 1- Introduction The report contains the...
CSC8512 Advanced Information Technology System
This assignment consists of 4 questions each of equal value.
When answering these questions you will have to run commands under Linux—whenever a command is run you will need to:
Q.1. A research group at your institution wants to incorporate revision control into their project so they can track the user changes made to the Code: code is using. The main software package they use is Mercury (http://www.arm. ac.uk/~jec/), a high precision integrator for studying the long-term stability of planetary systems, the orbital evolution of comets, asteroids or meteoroids, and simulating planetary accretion. The revision control system they wish to use is Git (https://git-scm. com), as it is employed by their collaborators. They have come to you to write a Git HOWTO using the Linux Git command-line interface and with explicit examples using the Mercury code base. All work on the code will be done on the institution’s Linux HPC, so all user repositories will be local to that machine. They store the “master” code base on their HPC in the directory /home/Mercury/mercury6. This directory is readable and writeable by the Unix group “mercury”. All researchers using the code are in that group. The HOWTO needs to cover the following topics: (marks 25)
a. A basic description of Git and how it differs from other revision control systems, such as CVS, SVN, darcs, etc.
b. A short description of the user’s basic workflow when using a Git repository.
c. How to initialize a Git repository for an existing code base. In this case the master code in the directory /home/Mercury/mercury6.
d. How to clone an existing master Git repository to a local working repository.
e. How to add new files and modified files to the local working Git repository.
f. How to recover a particular version of a file from the local Git working repository.
g. How to check the status of the local Git repository.
h. How to view the change history of the local Git repository.
i. How to push local repository changes back to the master Git repository.
j. How to pull changes from the master Git repository into the local Git repository.
k. Permissions that must be set on the master Git repository so that it can be cloned by users in the research group.
l. Permissions that must be set on the users’ local repository so changes can be pushed to the main repository
Q.2. Authentication under modern Unix systems is handled by the Pluggable Authentication Module (PAM) system. In about a page and in your own words explain the PAM system as it is implemented on a Linux distribution and why it was introduced. Using the login service file found in the course virtual machine (see /etc/pam.d/login) as an example, explain how a service is configured and discuss the implications of each configuration line. Your explanation should include discussions on the following: (25 marks)
what is the module-type parameter,
what is the control flag,
what does it mean that the service file is a stack,
what is a pam module.
Q.3.Your users require standardized syncing software, but due to security constraints and possible intellectual property rights, syncing to off-site private servers is not an option. The software must also be supported under Windows, macOS, Linux, Android, and iOS. The software being mooted is “syncthing” (https://syncthing. net/). You have been asked to test syncthing and write an evaluation report. The report must contain the following:
A discussion of the syncthing application: how it is different from other syncing software, how it is configured, what information is required for configuration, how it actually synchronizes data, what data is synchronized. (25 marks)
a. Included with your discussion of syncthing you must include examples of syncthing being installed, configured and used.
b. The environment used for the examples must be the course virtual machine and its host. This is important, as the guest machine does not have a windowing environment and the host will. So your discussion must include how to install, configure and use syncthing in a non-windowing environment.
c. Discuss, with examples, the system and user system configuration required on the virtual machine, so that the user’s instance of syncthing will start running when the user logs in (or the system boots) and continue running after the user has logged out.
d. The report with examples should be approximately two pages.
Q.4. On modern networked computers, maintaining the correct time on each machine is important. Computers on a LAN or WAN with different times can cause problems. In about a page and in your own words explain why it is important for computers to maintain the correct time and more importantly explain how they do it. Notes:
a. In your explanation make certain to include discussions on the following linked topics: The computer’s hardware clock (also called the Real Time Clock or RTC)
• The computer’s software clock (also called the kernel or system clock) and why this can be inaccurate.
• In Linux, how they are synchronised and why do they need to be synchronised? Why can the Linux software clock be so inaccurate?
• What is NTP and what are “clock strata”?
• What is UTC and why is it used? (UTC: Coordinated Universal Time, or Temps Universel Coordonné, and if you want— you can explain what is going on with the acronym!)
b. The topics above are linked to each other and the question, they are not independent of each other. They are provided as a minimal guide only. Do not simply write an unconnected paragraph on each without linking the concepts together.
c. The question being asked is “…why is it important for computers to maintaining the correct time…” please be certain to answer this question.
d. List all resources used in answering this question
e. Please do not cut and paste slabs of text from a Wikipedia article. Unconnected paragraphs, though factually correct, will lose marks.
f. Please do not fall into the trap of answering the question by using unexplained technical terms—you must explain all technical terms used especially if they have not been used anywhere else in the course.
This assignment consists of four questions each of equal value. It is important that your assignment is clearly laid out with a question clearly defined.
Q.1. (25 marks)
An important service provided by any system is the ability to run a process on a predetermined schedule without human intervention. The “automation” of tasks can reduce the workload of the system administrator significantly. Unfortunately, Linux currently offers not one service but potentially three—cron, anacron, and systemd timer units. Assignment tasks: • (13 marks) In about a page compare and contrast all three systems. Your discussion must include a discussion and comparison of the time increments and formats recognizable by each system. • (12 marks) Illustrate your discussion by writing cron, anacron, and system timer files to run the date command both daily, weekly and monthly.
Q.2. (marks 25)
One of your users has purchased an 8.0TB OWC Mercury Elite Pro external drive. The OWC drive contains 4x2.0TB Toshiba disks and has hardware RAID 1, 5, or 10. The plan is to use it as a RAID 5 backup storage. The RAID array will be connected to the work machine using a USB3 cable. Instead of using the normal backup levels the user would prefer to have a current snapshot of his home directory while retaining differences between snapshots. So when a backup is performed the user would like the following to occur:
a. The snapshot on the backup disk is updated to exactly reflect the current home directory. The backup disk will then contain a current mirror of the home directory.
b. Before any of the files on the RAID array’s backup snapshot of the home directory are deleted or overwritten, the files are copied sideways (preserving the directory tree) into a backup directory on the RAID array.
c. The backup directory should be converted to a single timestamped file using TAR/GZIP. The filename should be of the form YYYYMMDDmmmm.tgz. This means the files can be easily sorted from oldest to newest using the filename.
d. Only 30 days of TAR/GZIPed backup files should be kept. The user expects to run the script at the end of each working day to perform the current day’s snapshot as the user only wants to power up the RAID array while snapshots are performed. This will help protect the data on the array from power failures (unless one occurs during a snapshot/backup). The user wants to run just one script which will be stored on the RAID array. The procedure at the end of the day will be:
a. Powerup the RAID array.
b. Mount the RAID array.
c. Run the script stored on the array.
d. Check for error messages.
e. Un-mount and power down the array.
Your task is to write the script to perform the backup scenario outlined above. The only tools you will be using are:
tar : Used to archive all the files that would have been deleted or changed when the current snapshot is made.
rsync : Used to create the current snapshot and copy deleted or changed files sideways before the snapshot is created. For the assignment, the following tasks need to be done:
a. (4 marks) Explain and demonstrate how data is to be used to create the filename. Any options used must be explained. Example runs must be presented to show that date works as expected for the task. b. (4 marks) Explain how from the list of backup filenames those that are older than 30 days can be extracted.
c. (6 marks) Explain and demonstrate how rsync is to be used to create the snapshot and backup. Any options used must be explained. Example runs must be presented to show that rsync works as expected for the task.
d. (11 marks) Put all of the above together into a script, with appropriate comments and error checking.
Q.3. (marks 25)
a. (12 marks) In about a page explain in your own words what a Logical Volume Manager is, its purpose and why it is useful.
b. (7 marks) Illustrate your explanation by using the Linux Logical Volume Manager to combine the two spare 200MB disks available on the Virtual Debian distribution. Combine the disks into one logical volume of 400MB. Format the new logical disk and modify the /etc/fstab file to mount the new disk at boot.
c. (6 marks) Document and explain in your own words the purpose of every command you use (plus any command line options) and any configuration files or scripts you modify or create.
Q.4. (marks 25)
A user comes to you and explains that she needs some form of an encrypted file system to store sensitive information on a Flash drive. The Flash drive will be used to transport the sensitive data between work and home and she is worried about losing the drive and having the data stolen. Both machines, the one at home and the one at work, use the same Linux OS. She has the following requirements:
She does not want to encrypt individual files as she has to deal with a large number of small text files.
She wants it to be as transparent as possible.
She thinks she will only need about 1GB at most.
She wants to also use the flash disk for transporting unencrypted files. Files that can be read on machines apart from her work and home machines. A 1GB file that contains an encrypted file system, stored on the Flash drive would appear to be ideal—
A. (8 marks) Create a 1GB encrypted file system in a file on a Flash drive so that it can be used with the cryptmount command. Document and explain in your own words every command you use (plus any command line options) and any configuration files you modify or create. Your descriptions of each operation need to show you understand the purpose of the operation.
B. Things you must also address and explain:
a. (4 marks) how to ensure that the Flash drive has exactly the same mount point each time it is used on different machines. If it does not have the same mount point then how do you configure the hardwired cryptmount paths? Hint: Experiment with “labelled” file-systems or UUIDs in conjunction with the file /etc/fstab
b. (5 marks) how to securely manage the file-system encryption keys?
C. (8 marks) Write an instruction sheet for the user so that she can make the modifications to her home machine and be able to access the file on the flash drive containing the encrypted file system that you have given her. You have to setup her work machine and then instruct her how to set up her home machine. Also, explain how she would use the filesystem in her day-to-day work. You may assume that she has root access to be able to configure her home machine but does not have root access to her work machine.
This assignment consists of 4 questions each of equal value.
Q.1.The following “firewall” script is run on a “gateway” machine— 1 echo 1 > /proc/sys/net/ipv4/ip_forward 2 3 iptables -F 4 iptables -X 5 6 iptables -P INPUT DROP 7 iptables -P OUTPUT ACCEPT 8 iptables -P FORWARD DROP 9 10 iptables -A INPUT -i lo -j ACCEPT 11 iptables -A INPUT -i eth1 -s 192.168.144.0/24 -j ACCEPT 12 iptables -A INPUT -i eth0 \ 13 -m state --state RELATED,ESTABLISHED -j ACCEPT 14 15 iptables -A FORWARD -i eth1 -s 192.168.144.0/24 \ 16 -m state --state NEW -j ACCEPT 17 iptables -A FORWARD -m state \ 18 --state RELATED,ESTABLISHED -j ACCEPT 19 iptables -A FORWARD -i eth0 -o eth1 -p TCP --dport 22 \ 20 -m state --state NEW -j ACCEPT 21 22 23 iptables -t nat -F 24 iptables -t nat -X 25 26 iptables -t nat -A POSTROUTING -o eth0 -s 192.168.144.0/24 \ 27 -j SNAT --to-source 184.108.40.206 28 29 iptables -t nat -A PREROUTING -i eth0 -p TCP --dport 22 \ 30 -j DNAT --to-destination 192.168.144.37
Using the script above answer the following questions:
a. (5 marks) Explain, in your own words what a “gateway” machine is and what it is used for.
b. (5 marks) Explain the general purpose of the firewall above. Your explanation should include a description of the networks the gateway machine is connected to and how it is connected. Note: this is a “general description” do not make any explicit reference to the commands above.
c. (7 marks) Explain the purpose of each filter rule of this script. That is, for each filter rule—what packets are being filtered and why? Do not just supply the options used above as an explanation. Note: some rules are not filtered rules.
d. (3 marks) There are three rules for the FORWARD chain in the above script. Explain how NetFilter knows a packet is to be forwarded and must apply these rules. 4
e. (5 marks) Explain the effect of the last two rules of the script. Do not just supply the options used in the last two lines as your explanation.
Q.2.As the system administrator, you would like to SSH to a gateway machine (see Exercise 1) from off-site. Unfortunately, that would mean opening the SSH port to the world—and you would rather not do that. A friend tells you of the dæmon knocked that can temporarily open a port for quick access. Install knocked and configure it to open a timed temporary hole in a firewall using a “timed” knock. Your write-up will need to include the following:
a. (4 marks) A couple of paragraphs in your own words describing how knocked works.
b. (4 marks) Explain why a “timed” knock is better than a knock to open and a knock to close. Also, explain why the connection is not broken when knocked closes the temporary hole in the firewall.
c. (4 marks) A couple of paragraphs in your own words describing the security flaws in the knocked approach to opening a temporary hole in a firewall. Hint: Read about Single Packet Authorisation methods.
d. (4 marks) The configuration file or files you needed to modify to open a temporary hole in a firewall using a “timed” knock. Include an explanation in your own words of the purpose of every line in the configuration file or files.
e. (4 marks) The firewall on the machine. Use the output from the command iptables -L -v to show that the machine has been firewalled.
f. (5 marks) Output showing that knocked worked. A successful SSH session and the output from the command iptables -L -v to show the hole that knockd has created in the firewall.
Q.3.With the implementation plan of the government’s “data retention” legislation there is a lot of interest in VPN’s to ensure Internet privacy. There has been a lot of discussion in the media with little concrete information on technical aspects of VPNs. In about a page, explain in your own words what a VPN is, what it is used for and how it works. As there are a number of VPN technologies, use the popular technology OpenVPN (see www.openvpn.net) as the basis of your explanation. Your explanation should include:
a. (5 marks) In general terms what a VPN is,
b. (3 marks) examples of where a VPN may be useful (apart from avoiding data retention laws),
c. (5 marks) the technologies used in SSL/TLS VPNs such as OpenVPN, and
d. (5 marks) how the technologies are used to ensure a secure connection between two networks or a remote machine and a network. Hint: One way to answer this question is to describe the steps the software goes through to establish and maintain a connection.
e. (7 marks) Illustrate your answer by installing the OpenVPN server and set it up to create a point-to-point VPN from the Host to the Guest or between two guests.
Challenges may face by students
Students may face several problems while completing this assessment such as Insufficient time, Lack of programming skills, Making an appropriate reference list. Such students can take help and required academic guidance from our technical experts and excel their grades.