This guide provides step-by-step instructions and screenshots on how to configure DNS, SSH, LAMP, FTP, and SSL on Linux servers. It covers both Ubuntu and CentOS servers and includes details on configuring static IP, firewall rules, and setting up slave DNS.
Contribute Materials
Your contribution can guide someone’s learning journey. Share your
documents today.
Running head: LINUX1 Linux [Name of Student] [Institution Affiliation]
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
Running head: LINUX2 Part 1: Virtual Machine One – DNS & SSH Server (3 marks) The first virtual machine has Ubuntu 18.04 server version running and will be used to make the machine a DNS and SSH server. The first step will be an installation for BIND DNS managing the following domain saffioti.org.au. The steps with are detailed below with the accompanying screenshot(Lee, Kim, Kim, & Shin, 2008) Steps Preconditions 1.The machine must have a static hostname 2.The machine must have a static IP address. Configure Static hostname First, we check the current hostname by running the commandhostname Since we are creating DNS for saffioti.org.au, our hostname must be prefixed by the server. And suffix with saffioti.org.au. To set the hostname, we run the following command; hostnamectl set-hostname server.saffioti.org.au
Running head: LINUX3 The ens3, that is the network interface card IP-192.168.122.229 BROADCAST-192.168.122.255 To configure static IP, we must edit theetc/network/interfacesand give the following lines shown in the figure below, To make the changes take effect, restart the networking service by issuing the command sudo systemctl restart networking The configuration of the DNS server First, it is important to get updated package repositories by running thesudo apt-get update
Running head: LINUX4 Next, install the bind9 and the bind9utils usingsudo apt-get install bind9 bind9utils. Change directory to/etc/bindand run thelscommand to list files and directories in bind directory(Lee et al., 2008). The various files are shown in the figure below, Our main file is thenamed.confwhich is the main configuration file for the DNS server. The current contents are as shown below; But first, let configure the zone forward zone forsaffioti.org.auwhich can be done by editing the/etch/bind/named.conf.localfile and fill the following details zone is “saffioti.org.au” type is master because we are creating a master a DNS server file will be the file for the forward zone i.e /etc/bind/forward.saffioti.org.au Then configure the reverse zone by reversing the machine network IP using thein.addr.arpa inverse addressing. Zone “122.168.192.in.addr.arpa” The type will be master The file will the reverse DND lookup file at /etc/bind/reverse.saffioti.org as shown below
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Running head: LINUX5 Now we just need to create the two zones in the bind. Since we need similar configuration as the db.local file, we can copy the contents of db.local into the two zones and edit the two files as shown below Forward zone In the edit mode, the start of authority(SOA) will be given as the hostname i.e server.saffioti.org.au. The NS i.e name server shall be server.saffioti.org.au and the A i.e IPv4 address shall be the IP address of the server. The client and www shall be defined with an IP in the range as of the server, in this case, it will be 192.168.122.230 as shown below To configure the reverse zone, we can just copy the forward file into the reverse file and edit the reverse zone file. In the PTR(pointer) will given the domain name saffioti.org.au which it is pointing to as shown below
Running head: LINUX6 To verify our configurations we run the command sudo named-checkconf –z /etc/bind/named.conf The output is as shown below, The local file is also well loaded as shown in figure below, To verify the forward zone run the command sudo named-checkzone forward /etc/bind/forward.saffioti.org.au The result is as shown below Similarly, the reverse zone is verified by running sudo named-checkzone reverse /etc/bind/reverse.saffioti.org.au
Running head: LINUX7 The result is as shown below, We can now change the ownership and permission of the bind directory to bind username and group and permission level to 755 Once the configuration is correct, we can now start the bind9 service using the following command sudo systemctl start bind9 To check whether the service is working, we run the following command sudo systemctl status baind9 And the output is as shown below Edit the network interfaces details to add the DNS-search and the dns-nameserver details as shown below Now we need to change the hostname to the server using the following command sudo hostname server
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
Running head: LINUX8 sudo hostnamectl set-hostname server Test DNS functionality To test DNS, we ping the server and the result is as shown below We can also ping the host and the result is as shown below From the ping statistics, our DNS server is working fine at the server side.
Running head: LINUX9 If we do anslookup,we get the following result If we do nslookupwww.saffioti.org.authe result is as shown below Allow bind through the firewall First, we have to enable the ufw(uncomplicated firewall) and allow service bind through it, Configure static IP First, check the available interfaces by runningifconfig, the result is as shown below, SSH By default, ssh server comes out of the box with the Ubuntu and most Linux distro and to verify that it is running, we run the command service sshd status and the output is as shown below
Running head: LINUX 10 Let’s test it by trying to login to localhost securely using the commandssh localhost The result is as shown below Firewall Configuration Ubuntu server comes with uncomplicated firewall(ufw) out of the box and we only need to activate it using the following commandsudo ufw enable Allow ssh sudo ufw allow ssh Allow bind9 sudo ufw allow bind9 To verify that the two rules are added to our firewall, we run the following command sudo ufw status numbered And the result is as shown below
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Running head: LINUX 11 Challenges Although the process was quite mundane, the following challenges were experiences i.Setting up forwarding and the reverse zone seems difficult at first sight and had few errors before I could eventually set it up and running ii.Failure to restart the networking service always made me feel as if the configuration was wrong when in fact it was correct only needed restart of services Part 2: Virtual Machine Two (3 marks) The second virtual machine runs the CentOS server and in it, the LAMP(Linux Apache Mysql PHP) stack shall be installed to enable it server web pages. The Procedure is as described below Install httpd First, we have to installhttpddaemon which is the Apache web server service using the yum. The command is as follows below, sudo yum install httpd The result is as shown below, To enable the service, we run the commandsudo systemctl enable httpd.service Once service is enabled, we can start the service using
Running head: LINUX 12 sudo systemctl start httpd.service Install mariadb-server and mariadb Maria db represents a drop-in replacement for mysql. The two DBMS are compatible and are opensource though MySQL is currently under oracle incorporation. The following command is used in the installation(Razzoli, 2014) sudo yum install mariadb-server mariadb The result is as shown below Then we need to start the mariadb service by running the following command sudo systemctl start mariadb To enable it on system restart, we just need to run the following command sudo mysql_secure_installation The output is as shown below
Running head: LINUX 13 Install PHP Installation of PHP and the PHP libraries followed the following steps, Run the command sudo yum install php php-mysql The output is as shown below
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
Running head: LINUX 14 We have to reload the httpd apache configuration file to make the changes take effect, the following command is used to achieve that; sudo systemctl restart httpd.service To verify that PHP is working, we need to put a hello.php script in our /var/www/html and run it from any client web browser The hello.php has the following code <?php echo “Hello World; ”?> Now we make the script executable by using the following command sudo chmod 755 hello.php The above permission give the owner all permission i.e read, write and execute but gives the group and others read and execute permission only(Clinton, 2016) Open port 80 and port 443 On the firewall To enable the http traffic through the firewall, we need to adjust the firewall settings by running the following command sudo firewall-cmd –zone=public --add-service=http The result of the command is as shown below
Running head: LINUX 15 Now when we access the file from our host machine web browser,, the output is as shown below From the above, it is clear our LAMPP configuration is ready to host any website, both static and dynamic. Configure Static IP To configure static ip for the up interface i.e eth0, we need to its configuration file located in /etc/sysconfig/network-scripts/ifcfg-eth0 The details for the configuration is as shown below
Running head: LINUX 16 Configure DNS server info The DNS server config files are stored under the directory file /etc/resolve.conf. We need to edit it and add our VM1 already having DNS server running as our primary DNS server for the virtual machine 2 In the file, the following line is put,
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Running head: LINUX 17 nameserver 192.168.122.229 Now when we pingwww.google.come, we get success, showing our DNS configuration are correct as shown below, IPTables We will install IPtable and disable firewalld which comes default in CentOS this increases efficiency and makes rules creation more robust, The following procedure documents configuration of iptables, First, we install iptable service packages using the following command sudo yum install iptables-services To stop the firewalld is not running, the following commands are run sudo systemctl stop firewalld sudo systemctl disable firewalld sudo systemctl mask firewalld Once we are done disabling firewalld, we then have to enable and start iptables using the following commands sudo systemctl enable iptables sudo systemctl start iptables To verify if it is working, we need to run sudo systemctl status iptables
Running head: LINUX 18 The result is as shown below, The default firewall setting for the iptables is as shown below using the command sudo iptables -S Default, the rule blocks any communications into or out. But we need to enable HTTP service via port 80, https service via port 443, MySQL service via port 3306. To do this, we have to add rules and save as shown below The DNS service on port 53 again needs to be added to the rule to enable the machine to connect to bind DNS service on virtual machine one. The details are shown below,
Running head: LINUX 19 Challenges Although setting up LAMP was quite easy, the following were challenges experiences’ i.Setting up permission level for the directory file for the HTML directory was confusing especially when used 777, the error was prone hence had to use 755 Part 3: Remote File Access (3 marks) Here we used the vsftpd(very secure file transfer protocol daemon) to install and configure our machine to serve ftp requests(Chuankai & Shaofei, 2012), We run the following command to install, sudo yum install ftp vsftpd –y To configure the vsftpd, we need to edit the /etc/vsftpd/vsftpd.conf file The following changes such as disabling anonymous login, enabling asci upload and download, setting local time are made to the file. Now, to enable the vsftpd service, we run the command,
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
Running head: LINUX 20 sudo systemctl enable vsftpd And then we can start the daemon by running sudo systemctl start vsftpd Allow ftp through the firewall Now since we used iptables to manage our traffic, here we shall add rules to our iptables to allow FTP connections via port 21 using the following commands shown below, Now we need to set ftp login parameters as follows by first adding a new FTP user with a password for authentication. Username:viduranga Password: password The command is as shown below, Connecting to FTP server The clients can connect to the FTP server using the popular FileZilla FTP client and was able to successfully login as shown below,
Running head: LINUX 21 Challenges The entire process was seemeles but the following were some challenges experienced; i.Setting up firewall rules to filter that user sable to do ftp was a challenge at first Part 4: Making DNS Robust (3 marks) To enable DNS on our second VM, we need to install bind service using the following command, sudo yum install bind bind-utils –y Once installed, we need to enable and start the service using the following commands, sudo systemctl enable named sudo systemctl start named To verify id bind is successfully installed, we issue the command
Running head: LINUX 22 sudo systemctl status named The output is as shown below Now before we begin configuring it as secondary DNS, we need to specify it ks a slave in our master DNS config file, Configure zones for slave The slave DNS must be configured as shown below to act as a secondary DNS server for the first one already created. Set up the forward zone as shown below
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Running head: LINUX 23 Part 5: Simple Web Services (3 marks) Configure SSL The ssl encrypts the traffic between client and web server hence provides a more secure way to communicate over the unsecured internet. To enable this on our web server, we need to install openssl using the following command(Bates et al., 2014) sudo yum install openssh-server Next, we need to generate the self-signed certificate using the following command sudo ssl genrsa –out ca.key 204B the output is as shown below Now we need to generate the certificate signing records using the following command sudo openssl req –new –key ca.ke –out ca.csr The output is as shown below
Running head: LINUX 24 Now lets sign the certificate valid for 365 days using the command sudo x509 –req –days 365 –in ca.csr –signkey ca.ke –out ca.crt Now lets copy the files outpu to the directory scripts sudo cp ca.crt /etc/pki/tls/certs sudo cp ca.ke /etc/pki/tls/private sudo cp ca.csr /etc/pki/tls/private Now to enable apache webserver use the secure means, we have to edit the httpd/conf.d Change the certificate and private key file names to match those generated and save Editing is also done to the httpd.conf to add a new virtualhost settings specifying the ssl port 443 Allow through Firewall(Larsen, Merugu, Shah, & Maveli, 2009). Prior, we had allowed connections through the tcp port 443 meant for ssl hence no need to redo the rule, Challenges i.The editing of apache web server services required a lot of extra keen to avoid making the server unsuable all the same. References
Running head: LINUX 25 Bates, A., Pletcher, J., Nichols, T., Hollembaek, B., Tian, D., Butler, K. R., & Alkhelaifi, A. (2014). Securing SSL certificate verification through dynamic linking. InProceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security(pp. 394–405). ACM. Chuankai, Z., & Shaofei, M. (2012). A method of controlled access to embedded devices based on vsftp.Application of Electronic Technique,6, 018. Clinton, D. (2016). Topic 104: Devices, Linux Filesystems, and the Filesystem Hierarchy Standard. InPractical LPIC-1 Linux Certification Study Guide(pp. 53–72). Springer. Larsen, C. T., Merugu, S., Shah, P., & Maveli, N. (2009).Server configuration selection for ssl interception. Google Patents. Lee, H.-G., Kim, Y.-K., Kim, S.-W., & Shin, S. (2008).Method of advertising DNS server address and routing method thereby. Google Patents. Razzoli, F. (2014).Mastering MariaDB. Packt Publishing Ltd.