1 / 12

Installation And Configuration Of DNS, Web And FTP Servers On Virtual Machines Using Ubuntu And CentOS

The first Virtual Machine should be installed and have the BIND (DNS) server installed on it. While you do not own any address space/ name space your name server should manage the following domains:<br>The name server should answer queries for this domain. In addition to the saffioti.org.au zone, a zone should be set up for the reverse zone u2013 the reverse zone would be whatever the address range is of your virtual machine. https://myassignmenthelp.com/free-samples/infs5907-managing-security-and-ethics-in-cyberspace/when-implementing-the-virtual-machines.html

johndwilson123
Download Presentation

Installation And Configuration Of DNS, Web And FTP Servers On Virtual Machines Using Ubuntu And CentOS

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Installation And Configuration Of DNS, Web And FTP Servers OnVirtualMachinesUsingUbuntu And CentOS Part1:Virtual MachineOne–DNS & SSHServer The first Virtual Machine should be installed and have the BIND (DNS) serverinstalledonit.Whileyou donotownanyaddressspace/ namespaceyournameservershouldmanagethe following domains: The name servershould answerqueriesfor this domain.In addition to the saffioti.org.au zone, a zone should be set up for the reverse zone – the reverse zone would be whatever the address range is of yourvirtualmachine.Youshoulddosome researchon howBind handlesreversezones. Fornetworkingassignmenthelpvisit Myassignmenthelp.com Part2:VirtualMachineTwo The second Virtual Machine is to have the LAMP software package installed.LAMPis astandardbundle intheUbuntuServerplatform. Once complete set up this Virtual Machine to host awebsite using theApacheWebServer. The Virtual Machine should have a statically assigned address which matchesthatspecified intheArecordforhostwww. Testyour Apache Server Virtual Machine by using a web browser on another hostandtrying to browsethe websitewww.saffioti.org.au.

  2. Finallyharden thishostsothatonlyservicesbeingusedcanbe accessedby othermachines.Youwillneed to useIPTables. Part3: RemoteFileAccess Once you have set up the web server (in part 2) and tested it, install anyFTPserver.TheFTPserverwouldallowusers toupload/ download files to the web server. Configure the server appropriately and then test from another host. You will need to make changes to yourfirewall configuration. In addition to this add aCNAMEfor ftp on thename serverpointing to server2. Documenttheentireprocessandchallengesyouexperienced. Part4: MakingDNSRobust You are to also install bind on Virtual Machine Two and make it a secondary for the above domain. You can install this service from a packageorconfigurefromsource. Part5:SimpleWebServices InVirtualMachineTwoyou setupaweb serverfortheDNS namesaffioti.org.au.Theserver isimplementedusingtheHTTP protocol listening on port 80. Your challenge is to make the same site accessible using the HTTPS protocol. To do this set up SSL with a self signedcertificate forthe site. In this assignment, two virtual machine running Ubuntu and CentOS were installed and configured on a VMware Workstation Player. The firstmachinewasinstalledwithaBIND,toprovideDNS&SSH

  3. services, while the second one was installed with a Web Server. The nameserveron virtualmachine1wasconfigured to managethe domain saffioti.org.au. A zone was also set up for the reverse zone and hardened by use of firewall rules, which allowed access to the services. The virtual machine running Ubuntu OS was the web server, whereLAMPwasinstalled.TheApacheWeb Server intheLAMP software was used to host a website. Additionally, an FTP server was configuredonthe samevirtualmachine. Part1:Virtual MachineOne–DNS & SSHServer This virtual machine was installed with CentOs, and a BIND (DNS) installed and configured on it. The name server was configured to managethedomain; org.au Step1:InstallBind sudoyuminstallbind bind-utils Step2:Configure DNS Thenamde.conf filewaseditedasshownbelow. nano-w /etc/named.conf Step3:Configurebindzone nano -w /var/named/saffioti.org.au.zone RestarttheService,thenenable itto startautomaticallyatboottime;

  4. thefollowingcommandswereused; servicenamedrestart chkconfignamed on Part2:VirtualMachineTwo:Server2 Ubuntu Operating system was installed on this virtual machine, and used as a web server. To enable it server as a web server, LAMP was installed. By definition LAMP is a stack of open source software tools, that are normally installed together to facilitate hosting of dynamic websites and web applications. LAMP translates to Linux, Apache, MySQL, PHP. Thethreesoftwareareinstalledon Linuxalongeachotherto facilitatewebhosting.Inthisexercise,thesoftwarewereinstalledin a seriesofstepsas outlinedbelow. step1:InstallApache To installApache,thefollowingcommandswereused; sudoapt-getupdate:thiscommand isused toupdatethelistof packagesandtheirversion.Thecommandonlygetsandupdates informationaboutthepackagesbutdoesnotinstalltheupdates. sudoapt-getinstallapache2:thecommandinstallsapacheweb server. ToconfirmthattheApacheWebserverwassuccessfullyinstalled, the defaultapachepage wasaccessedfromawebbrowser;

  5. Step2:InstallMySQL MySQL database wasinstalledusingthecommand; sudoaptinstallmysql-server Step3.InstallPHP For PhP towork,anumberofpackageshad tobeinstalledas outlinedbelow. sudoaptinstallphp-pearphp-fpmphp-devphp-zipphp-curlphp- xmlrpcphp-gdphp-mysqlphp-mbstringphp-xmllibapache2-mod- php Hardeningthe WebServer Tohardentheweb server,whichmakes itmoresecure,byonly allowingaccess totheweb hostingservices,thefirewallwas configuredusingIPTables.The processis as outline below. Step1: Install thePersistentFirewall Service For the firewall service to run on the machine, it was necessary to install the iptables-persistent package. The packages allows the rules set to be persisted and be applied automatically at boot time. The followingcommandwasused to installthe package sudo apt-getinstall iptables-persistent Step 2:edittheiptables forIPv4

  6. sudonano /etc/iptables/rules.v4 ThesamewasdoneforIPTablesforIPv6withthe command; sudonano/etc/iptables/rules.v6 Totestforerrorsinthemodifiedfiles,thefollowingtwocommands wereused; sudo iptables-restore-t/etc/iptables/rules.v4 sudoip6tables-restore-t/etc/iptables/rules.v6 Noerrorwasreported,meaningtheiptablesfileswereokay.The next commandwasusedto activate the rules. ForITassignmenthelpvisitmyassignmenthelp.com Part2:Virtual MachineTwo -LAMPServer DifficultiesEncountered Major difficulties were encountered trying to harden the web server. The iptables-persistent service was not running and attempts to start itfailedwiththeerror; "Failed tostartiptables-persistent.service:Unitiptables- persistent.servicenotfound" AfteranhourofheadacheandGoogling,Ifinallyfoundacommand tostartthe service. sudo servicenetfilter-persistentstart

  7. Irealizedthatthefailuretostartwasaproblemwithsomeversions ofUbuntu;theaboveconfigurationsseemednottoworkandIhad to do the following steps to harden the server with a firewall using IPTables. Step1; resetting the firewall sudoservicenetfilter-persistent flush Afterflushing,I verifiedthat theruleswereremoved. CreateProtocols Thenextstepwastocretespecificchainofprotocolsthattheweb serverwillaccept;UDP,TCPandICMP sudoiptables-NUDP sudoiptables -NTCP sudoiptables-NICMP Since SSH traffic uses TCP protocol, I had to add an exception for SSH on the firewall. SSH traffic uses port 22. The following command was used tocreatethe exception. sudo iptables -A TCP -p tcp --dport 22 -j ACCEPT General PurposeAccept/DenyRules

  8. Tofacilitatefilteringoftraffic,some generalpurposeruleswere created to accept of drop packets. For a start traffic for an already established connection was accepted; this was implemented by the command. sudoiptables-AINPUT-mconntrack--ctstateESTABLISHED,RELATED -jACCEPT The firewall rule for filtering makes use of conntrack package, which enables internal tracking, allowing the iptables have the context to facilitateevaluationofpackets. AllowLoopback traffic To allow traffic from the loopback interface, the following command wasexecuted DenyallinvalidPackets Packetsthat areinvalidsuchasthosethat addressa non-existing porthas tobe denied.This was implementedusingthe command. sudoiptables-AINPUT-mconntrack--ctstateINVALID-jDROP Jump RuleforProtocol-Specific Chain To allow traffic reach the desired protocols, some jump rules were created. Therules will filter thetraffic andonly allowthe genuine and valid traffic. For example TCP traffic will be filtered to only allow SYNpackets,sinceSYN istheonlyvalidtrafficforTCPtype connection.

  9. Thefollowingcommandswere executed toallowtherules tobe create; sudo iptables-AINPUT-pudp-mconntrack--ctstate NEW-jUDP sudo iptables-AINPUT-ptcp--syn-mconntrack--ctstateNEW-jTCP sudo iptables-AINPUT-picmp-mconntrack--ctstateNEW-jICMP Finally,arulewascreatedtorejectallothertraffichittingtheserver. Thecommandsbelowwasused to createthe rules; sudoiptables-AINPUT-pudp-jREJECT--reject-withicmp-port- unreachable sudo iptables-AINPUT-ptcp-jREJECT--reject-withtcp-reset sudoiptables-AINPUT-jREJECT--reject-withicmp-proto- unreachable sudoiptables-P INPUT DROP sudoiptables-P FORWARDDROP sudoip6tables-PINPUTDROP sudoip6tables-PFORWARDDROP sudoip6tables-POUTPUTDROP sudoserviceiptables-persistentsave Thefinalstateof theiptablesisasshownbelow;

  10. Part3:Remote FileAccess Thispartwill installandconfigureFTPserviceonUbuntu[server2] Step 1—Installvsftpd Thefollowingcommandwasused toinstallvsftpdsudoapt-get installvsftpd Step2:Configure firewallrulesto allow FTPservice This configuration will open port 20 and port 21which areusedby theFTPservice;for thisserverthefirewallruleswere setusing iptables. For that reason we needto add a rule in the iptables to allow FTP traffic. The following commands were used;iptables -A INPUT -ptcp-mtcp--dport21-jACCEPT Theiptablesafteradding port 21and 22. Step 3—PrepareUserDirectory Firstaddatestuser; sudoaddusersaffioti Thencreateadirectoryforthe userandassignrights; sudomkdir/home/saffioti/ftp sudochownnobody:nogroup/home/saffioti/ftp sudochmoda-w /home/saffioti/ftp

  11. Nextwe createdirectoryforuploadingfiles intoandchangethe rights;sudomkdir/home/saffioti/ftp/filessudochown saffioti:saffioti/home/saffioti/ftp/files Step4— ConfiguringFTPAccess ToconfigureaccesstoFTP /etc/vsftpd.conf weeditthefile;sudonano Step5 — TestFTPAccess Testing with anonymous connection Part 4: Making DNSRobust Installing abindonserver2,to makeit thesecondaryDNSserver. InstallingBIND:apt-getinstallbind9 ConfigurationsforBINDnano/etc/bind/named.conf.local Thenconfigurethe zonesfile named;saffioti.org.au DefineareverseDNSlookupnano/etc/bind/zones/rev.3.2.1.in- addr.arpa TestingtheDNSconfirmeditwasupandrunning Part 5:SimpleWebServices Step1:Generate theselfsignedcertificate

  12. ThenwesignthecertificatesfollowedbymodificationofApache's defaultsslconfigurationfile Finallyweeditthefile/etc/apache2/sites-available/default-ssl.conf OriginalSource:https://myassignmenthelp.com/free- samples/infs5907-managing-security-and-ethics-in- cyberspace/when-implementing-the-virtual-machines.html

More Related