ProductsLogo
LogoStudy Documents
LogoAI Grader
LogoAI Answer
LogoAI Code Checker
LogoPlagiarism Checker
LogoAI Paraphraser
LogoAI Quiz
LogoAI Detector
PricingBlogAbout Us
logo

Linux: DNS, SSH, LAMP, FTP, and SSL Configuration

Verified

Added on  2023/06/05

|25
|2860
|299
AI Summary
This guide provides step-by-step instructions and screenshots on how to configure DNS, SSH, LAMP, FTP, and SSL on Linux servers. It covers both Ubuntu and CentOS servers and includes details on configuring static IP, firewall rules, and setting up slave DNS.

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.
Document Page
Running head: LINUX 1
Linux
[Name of Student]
[Institution Affiliation]

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.
Document Page
Running head: LINUX 2
Part 1: Virtual Machine One – DNS & SSH Server (3 marks)
The first virtual machine has Ubuntu 18.04 server version running and will be used to
make the machine a DNS and SSH server. The first step will be an installation for BIND DNS
managing the following domain saffioti.org.au. The steps with are detailed below with the
accompanying screenshot (Lee, Kim, Kim, & Shin, 2008)
Steps
Preconditions
1. The machine must have a static hostname
2. The machine must have a static IP address.
Configure Static hostname
First, we check the current hostname by running the command hostname
Since we are creating DNS for saffioti.org.au, our hostname must be prefixed by the
server. And suffix with saffioti.org.au. To set the hostname, we run the following command;
hostnamectl set-hostname server.saffioti.org.au
Document Page
Running head: LINUX 3
The ens3, that is the network interface card
IP-192.168.122.229
BROADCAST-192.168.122.255
To configure static IP, we must edit the etc/network/interfaces and give the following
lines shown in the figure below,
To make the changes take effect, restart the networking service by issuing the command
sudo systemctl restart networking
The configuration of the DNS server
First, it is important to get updated package repositories by running the sudo apt-get
update
Document Page
Running head: LINUX 4
Next, install the bind9 and the bind9utils using sudo apt-get install bind9 bind9utils.
Change directory to /etc/bind and run the ls command to list files and directories in bind
directory (Lee et al., 2008). The various files are shown in the figure below,
Our main file is the named.conf which is the main configuration file for the DNS server.
The current contents are as shown below;
But first, let configure the zone forward zone for saffioti.org.au which can be done by
editing the /etch/bind/named.conf.local file and fill the following details
zone is “saffioti.org.au”
type is master because we are creating a master a DNS server
file will be the file for the forward zone i.e /etc/bind/forward.saffioti.org.au
Then configure the reverse zone by reversing the machine network IP using the in.addr.arpa
inverse addressing.
Zone “122.168.192.in.addr.arpa”
The type will be master
The file will the reverse DND lookup file at /etc/bind/reverse.saffioti.org as shown below

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Document Page
Running head: LINUX 5
Now we just need to create the two zones in the bind.
Since we need similar configuration as the db.local file, we can copy the contents of db.local into
the two zones and edit the two files as shown below
Forward zone
In the edit mode, the start of authority(SOA) will be given as the hostname i.e
server.saffioti.org.au. The NS i.e name server shall be server.saffioti.org.au and the A i.e IPv4
address shall be the IP address of the server. The client and www shall be defined with an IP in
the range as of the server, in this case, it will be 192.168.122.230 as shown below
To configure the reverse zone, we can just copy the forward file into the reverse file and
edit the reverse zone file. In the PTR(pointer) will given the domain name saffioti.org.au which it
is pointing to as shown below
Document Page
Running head: LINUX 6
To verify our configurations we run the command
sudo named-checkconf –z /etc/bind/named.conf
The output is as shown below,
The local file is also well loaded as shown in figure below,
To verify the forward zone run the command
sudo named-checkzone forward /etc/bind/forward.saffioti.org.au
The result is as shown below
Similarly, the reverse zone is verified by running
sudo named-checkzone reverse /etc/bind/reverse.saffioti.org.au
Document Page
Running head: LINUX 7
The result is as shown below,
We can now change the ownership and permission of the bind directory to bind username
and group and permission level to 755
Once the configuration is correct, we can now start the bind9 service using the following
command
sudo systemctl start bind9
To check whether the service is working, we run the following command
sudo systemctl status baind9
And the output is as shown below
Edit the network interfaces details to add the DNS-search and the dns-nameserver details
as shown below
Now we need to change the hostname to the server using the following command
sudo hostname server

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.
Document Page
Running head: LINUX 8
sudo hostnamectl set-hostname server
Test DNS functionality
To test DNS, we ping the server and the result is as shown below
We can also ping the host and the result is as shown below
From the ping statistics, our DNS server is working fine at the server side.
Document Page
Running head: LINUX 9
If we do a nslookup, we get the following result
If we do nslookup www.saffioti.org.au the result is as shown below
Allow bind through the firewall
First, we have to enable the ufw(uncomplicated firewall) and allow service bind through it,
Configure static IP
First, check the available interfaces by running ifconfig, the result is as shown below,
SSH
By default, ssh server comes out of the box with the Ubuntu and most Linux distro and to
verify that it is running, we run the command
service sshd status
and the output is as shown below
Document Page
Running head: LINUX
10
Let’s test it by trying to login to localhost securely using the command ssh localhost
The result is as shown below
Firewall Configuration
Ubuntu server comes with uncomplicated firewall(ufw) out of the box and we only need
to activate it using the following command sudo ufw enable
Allow ssh
sudo ufw allow ssh
Allow bind9
sudo ufw allow bind9
To verify that the two rules are added to our firewall, we run the following command
sudo ufw status numbered
And the result is as shown below

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Document Page
Running head: LINUX
11
Challenges
Although the process was quite mundane, the following challenges were experiences
i. Setting up forwarding and the reverse zone seems difficult at first sight and had few
errors before I could eventually set it up and running
ii. Failure to restart the networking service always made me feel as if the configuration was
wrong when in fact it was correct only needed restart of services
Part 2: Virtual Machine Two (3 marks)
The second virtual machine runs the CentOS server and in it, the LAMP(Linux Apache
Mysql PHP) stack shall be installed to enable it server web pages. The Procedure is as described
below
Install httpd
First, we have to install httpd daemon which is the Apache web server service using the
yum. The command is as follows below,
sudo yum install httpd
The result is as shown below,
To enable the service, we run the command sudo systemctl enable httpd.service
Once service is enabled, we can start the service using
Document Page
Running head: LINUX
12
sudo systemctl start httpd.service
Install mariadb-server and mariadb
Maria db represents a drop-in replacement for mysql. The two DBMS are compatible and
are opensource though MySQL is currently under oracle incorporation. The following command
is used in the installation (Razzoli, 2014)
sudo yum install mariadb-server mariadb
The result is as shown below
Then we need to start the mariadb service by running the following command
sudo systemctl start mariadb
To enable it on system restart, we just need to run the following command
sudo mysql_secure_installation
The output is as shown below
Document Page
Running head: LINUX
13
Install PHP
Installation of PHP and the PHP libraries followed the following steps,
Run the command
sudo yum install php php-mysql
The output is as shown below

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.
Document Page
Running head: LINUX
14
We have to reload the httpd apache configuration file to make the changes take effect,
the following command is used to achieve that;
sudo systemctl restart httpd.service
To verify that PHP is working, we need to put a hello.php script in our /var/www/html
and run it from any client web browser
The hello.php has the following code
<?php echo “Hello World; ”?>
Now we make the script executable by using the following command
sudo chmod 755 hello.php
The above permission give the owner all permission i.e read, write and execute but gives
the group and others read and execute permission only (Clinton, 2016)
Open port 80 and port 443 On the firewall
To enable the http traffic through the firewall, we need to adjust the firewall settings by
running the following command
sudo firewall-cmd –zone=public --add-service=http
The result of the command is as shown below
Document Page
Running head: LINUX
15
Now when we access the file from our host machine web browser,, the output is as shown below
From the above, it is clear our LAMPP configuration is ready to host any website, both
static and dynamic.
Configure Static IP
To configure static ip for the up interface i.e eth0, we need to its configuration file
located in /etc/sysconfig/network-scripts/ifcfg-eth0
The details for the configuration is as shown below
Document Page
Running head: LINUX
16
Configure DNS server info
The DNS server config files are stored under the directory file /etc/resolve.conf. We need
to edit it and add our VM1 already having DNS server running as our primary DNS server for
the virtual machine 2
In the file, the following line is put,

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Document Page
Running head: LINUX
17
nameserver 192.168.122.229
Now when we ping www.google.come, we get success, showing our DNS configuration are
correct as shown below,
IPTables
We will install IPtable and disable firewalld which comes default in CentOS this
increases efficiency and makes rules creation more robust, The following procedure documents
configuration of iptables,
First, we install iptable service packages using the following command
sudo yum install iptables-services
To stop the firewalld is not running, the following commands are run
sudo systemctl stop firewalld
sudo systemctl disable firewalld
sudo systemctl mask firewalld
Once we are done disabling firewalld, we then have to enable and start iptables using the
following commands
sudo systemctl enable iptables
sudo systemctl start iptables
To verify if it is working, we need to run
sudo systemctl status iptables
Document Page
Running head: LINUX
18
The result is as shown below,
The default firewall setting for the iptables is as shown below using the command
sudo iptables -S
Default, the rule blocks any communications into or out. But we need to enable HTTP
service via port 80, https service via port 443, MySQL service via port 3306. To do this, we have
to add rules and save as shown below
The DNS service on port 53 again needs to be added to the rule to enable the machine to
connect to bind DNS service on virtual machine one. The details are shown below,
Document Page
Running head: LINUX
19
Challenges
Although setting up LAMP was quite easy, the following were challenges experiences’
i. Setting up permission level for the directory file for the HTML directory was confusing
especially when used 777, the error was prone hence had to use 755
Part 3: Remote File Access (3 marks)
Here we used the vsftpd(very secure file transfer protocol daemon) to install and
configure our machine to serve ftp requests (Chuankai & Shaofei, 2012),
We run the following command to install,
sudo yum install ftp vsftpd –y
To configure the vsftpd, we need to edit the /etc/vsftpd/vsftpd.conf file
The following changes such as disabling anonymous login, enabling asci upload and download,
setting local time are made to the file.
Now, to enable the vsftpd service, we run the command,

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.
Document Page
Running head: LINUX
20
sudo systemctl enable vsftpd
And then we can start the daemon by running sudo systemctl start vsftpd
Allow ftp through the firewall
Now since we used iptables to manage our traffic, here we shall add rules to our iptables
to allow FTP connections via port 21 using the following commands shown below,
Now we need to set ftp login parameters as follows by first adding a new FTP user with a
password for authentication.
Username:viduranga
Password: password
The command is as shown below,
Connecting to FTP server
The clients can connect to the FTP server using the popular FileZilla FTP client and was
able to successfully login as shown below,
Document Page
Running head: LINUX
21
Challenges
The entire process was seemeles but the following were some challenges experienced;
i. Setting up firewall rules to filter that user sable to do ftp was a challenge at first
Part 4: Making DNS Robust (3 marks)
To enable DNS on our second VM, we need to install bind service using the following
command,
sudo yum install bind bind-utils –y
Once installed, we need to enable and start the service using the following commands,
sudo systemctl enable named
sudo systemctl start named
To verify id bind is successfully installed, we issue the command
Document Page
Running head: LINUX
22
sudo systemctl status named
The output is as shown below
Now before we begin configuring it as secondary DNS, we need to specify it ks a slave in
our master DNS config file,
Configure zones for slave
The slave DNS must be configured as shown below to act as a secondary DNS server for
the first one already created.
Set up the forward zone as shown below

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Document Page
Running head: LINUX
23
Part 5: Simple Web Services (3 marks)
Configure SSL
The ssl encrypts the traffic between client and web server hence provides a more secure
way to communicate over the unsecured internet. To enable this on our web server, we need to
install openssl using the following command (Bates et al., 2014)
sudo yum install openssh-server
Next, we need to generate the self-signed certificate using the following command
sudo ssl genrsa –out ca.key 204B
the output is as shown below
Now we need to generate the certificate signing records using the following command
sudo openssl req –new –key ca.ke –out ca.csr
The output is as shown below
Document Page
Running head: LINUX
24
Now lets sign the certificate valid for 365 days using the command
sudo x509 –req –days 365 –in ca.csr –signkey ca.ke –out ca.crt
Now lets copy the files outpu to the directory scripts
sudo cp ca.crt /etc/pki/tls/certs
sudo cp ca.ke /etc/pki/tls/private
sudo cp ca.csr /etc/pki/tls/private
Now to enable apache webserver use the secure means, we have to edit the httpd/conf.d
Change the certificate and private key file names to match those generated and save
Editing is also done to the httpd.conf to add a new virtualhost settings specifying the ssl port 443
Allow through Firewall (Larsen, Merugu, Shah, & Maveli, 2009).
Prior, we had allowed connections through the tcp port 443 meant for ssl hence no need to redo
the rule,
Challenges
i. The editing of apache web server services required a lot of extra keen to avoid making
the server unsuable all the same.
References
Document Page
Running head: LINUX
25
Bates, A., Pletcher, J., Nichols, T., Hollembaek, B., Tian, D., Butler, K. R., & Alkhelaifi, A.
(2014). Securing SSL certificate verification through dynamic linking. In Proceedings of
the 2014 ACM SIGSAC Conference on Computer and Communications Security (pp.
394–405). ACM.
Chuankai, Z., & Shaofei, M. (2012). A method of controlled access to embedded devices based
on vsftp. Application of Electronic Technique, 6, 018.
Clinton, D. (2016). Topic 104: Devices, Linux Filesystems, and the Filesystem Hierarchy
Standard. In Practical LPIC-1 Linux Certification Study Guide (pp. 53–72). Springer.
Larsen, C. T., Merugu, S., Shah, P., & Maveli, N. (2009). Server configuration selection for ssl
interception. Google Patents.
Lee, H.-G., Kim, Y.-K., Kim, S.-W., & Shin, S. (2008). Method of advertising DNS server
address and routing method thereby. Google Patents.
Razzoli, F. (2014). Mastering MariaDB. Packt Publishing Ltd.
1 out of 25
[object Object]

Your All-in-One AI-Powered Toolkit for Academic Success.

Available 24*7 on WhatsApp / Email

[object Object]