Linux Server Administration: DNS, SSH, LAMP, FTP, SSL
VerifiedAdded on 2023/06/04
|27
|2455
|167
AI Summary
This article explains the step-by-step process of installing and configuring DNS, SSH, LAMP, FTP, and SSL on Linux servers. It includes experiences and challenges faced during the process. The subject is Linux Server Administration, and the course code is not mentioned. The content is relevant to computer science and IT courses in universities and colleges.
Contribute Materials
Your contribution can guide someone’s learning journey. Share your
documents today.
Running head: LINUX SERVER ADMINISTRATION 1
Linux Server Administration
Name of Student
Institution Affiliation
Linux Server Administration
Name of Student
Institution Affiliation
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
Running head: LINUX SERVER ADMINISTRATION 2
The two virtual machines are created using the CentOS for machine one and Ubuntu
Server 16.04 for, machine two. The step by step installation and configuration of the various
server services such as the DNS, FTP, SSH, SSL. The experiences and challenges witnessed
shall be documented in each part. The hosting OS is the Ubuntu desktop 18.04 and the
hypervisor is the QEMU/KVM which works seamlessly with the Linux environment (Drako,
2013) .
Part 1: Virtual Machine One – DNS & SSH Server (3 marks)
This is a one-time task that that is going to installed and configured in the virtual machine
two with the CentOS. In this server, Bind is used to run the DNS service on server1. The steps
are outlined as follows
i. Installation of the DNS packages onto our virtual machine
ii. The configuration of static IP address onto the VM
iii. The configuration of a fully qualified domain name(FQDN) for the server
iv. Assignment of an IP address to the FQDNS in the host's file
v. The configuration of the resolv. conf
vi. Configure the named. conf file
vii. Define zones
viii. Configuration of zones
ix. Change group permission of the zone files
x. Restart DNS service
Hand On
Step 0: Installation of BIND
The two virtual machines are created using the CentOS for machine one and Ubuntu
Server 16.04 for, machine two. The step by step installation and configuration of the various
server services such as the DNS, FTP, SSH, SSL. The experiences and challenges witnessed
shall be documented in each part. The hosting OS is the Ubuntu desktop 18.04 and the
hypervisor is the QEMU/KVM which works seamlessly with the Linux environment (Drako,
2013) .
Part 1: Virtual Machine One – DNS & SSH Server (3 marks)
This is a one-time task that that is going to installed and configured in the virtual machine
two with the CentOS. In this server, Bind is used to run the DNS service on server1. The steps
are outlined as follows
i. Installation of the DNS packages onto our virtual machine
ii. The configuration of static IP address onto the VM
iii. The configuration of a fully qualified domain name(FQDN) for the server
iv. Assignment of an IP address to the FQDNS in the host's file
v. The configuration of the resolv. conf
vi. Configure the named. conf file
vii. Define zones
viii. Configuration of zones
ix. Change group permission of the zone files
x. Restart DNS service
Hand On
Step 0: Installation of BIND
Running head: LINUX SERVER ADMINISTRATION 3
BIND is mostly used DNS service and shall be installed on the server1 using the
following command sudo yum install bind* This shall install the bind services and any other bind
utils
Step 1: Set Up Static IP
First, change the status of the eth0 interface to up using the following command
ifup eth0
Now assign a static IP to the interface by editing the following file,
/etc/sysconfig/network-scripts/ifcfg-eth0
The Boot proto=static
IPADDR=192.168.122.155
NETMASK=255.255.255.0
GATEWAY=192.168.122.1
ONBOOT=YES
This is as shown below
BIND is mostly used DNS service and shall be installed on the server1 using the
following command sudo yum install bind* This shall install the bind services and any other bind
utils
Step 1: Set Up Static IP
First, change the status of the eth0 interface to up using the following command
ifup eth0
Now assign a static IP to the interface by editing the following file,
/etc/sysconfig/network-scripts/ifcfg-eth0
The Boot proto=static
IPADDR=192.168.122.155
NETMASK=255.255.255.0
GATEWAY=192.168.122.1
ONBOOT=YES
This is as shown below
Running head: LINUX SERVER ADMINISTRATION 4
Step 2: Configuration of a fully qualified domain name(FQDN) for the server
The domain name being hosted is the saffioti.org.au. To configure it, edit
/etc/sysconfig/network
And change the HOSTNAME=server1.saffioti.org.au, as shown below
Step 3: Configure the hosts file
Add the new entry in step 2 into the host file /etc/hosts as shown below
Step 2: Configuration of a fully qualified domain name(FQDN) for the server
The domain name being hosted is the saffioti.org.au. To configure it, edit
/etc/sysconfig/network
And change the HOSTNAME=server1.saffioti.org.au, as shown below
Step 3: Configure the hosts file
Add the new entry in step 2 into the host file /etc/hosts as shown below
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
Running head: LINUX SERVER ADMINISTRATION 5
Step 4: configure resolv.conf
Add the following to the resolv.conf file located in /etc/resolv.conf
Search saffioti.org.au
Nameserver 192.168.122.151
As shown below
Step 5: Editing of the named.conf
The named.conf file comes with the bind installation and it is located in the
/etc/named.conf
The following changes are made
Listen on 192.168.122.151 instead of localhost
Allow query is set to any from localhost as shown in the figure below
Step 4: configure resolv.conf
Add the following to the resolv.conf file located in /etc/resolv.conf
Search saffioti.org.au
Nameserver 192.168.122.151
As shown below
Step 5: Editing of the named.conf
The named.conf file comes with the bind installation and it is located in the
/etc/named.conf
The following changes are made
Listen on 192.168.122.151 instead of localhost
Allow query is set to any from localhost as shown in the figure below
Running head: LINUX SERVER ADMINISTRATION 6
Running head: LINUX SERVER ADMINISTRATION 7
Step 6: Definition of zones
This is done by editing the rfc.1912.zones file. For the forwarding zone, the following
edition is made,
Set zone to saffioti.org.au
Type is master
File is forward.zone
Step 6: Definition of zones
This is done by editing the rfc.1912.zones file. For the forwarding zone, the following
edition is made,
Set zone to saffioti.org.au
Type is master
File is forward.zone
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Running head: LINUX SERVER ADMINISTRATION 8
The reverse zone has the following edition
Zone is 122.168.192.in-addr.arpa //the subnet is in the reverse order
Type is master
The file is reverse.zone
The above configurations are shown below
Step 7: Configuration of the zones
The template for configuring the zones is located in the /var/named.localhost
Copy the contents of the named.localhost to both the forward. zone and reverse.zone
Then configure the forward. zone as follows
Set TTL=1 day
SOA =server1.saffioti.org.au
NS=server1.saffioti.org.au
A=192.168.122.151
This is as shown below
The reverse zone has the following edition
Zone is 122.168.192.in-addr.arpa //the subnet is in the reverse order
Type is master
The file is reverse.zone
The above configurations are shown below
Step 7: Configuration of the zones
The template for configuring the zones is located in the /var/named.localhost
Copy the contents of the named.localhost to both the forward. zone and reverse.zone
Then configure the forward. zone as follows
Set TTL=1 day
SOA =server1.saffioti.org.au
NS=server1.saffioti.org.au
A=192.168.122.151
This is as shown below
Running head: LINUX SERVER ADMINISTRATION 9
The configuration for reverse zone is pretty the same as forwarding zone except here we
point to a domain name from domain name as shown below
Step 8: Restart named.service
Use the command service named restart
Verify configuration
To verify that our DNS is up and running, we use the dig command and as shown below,
there are no errors (van de Ven & Holtmann, 2011)
The configuration for reverse zone is pretty the same as forwarding zone except here we
point to a domain name from domain name as shown below
Step 8: Restart named.service
Use the command service named restart
Verify configuration
To verify that our DNS is up and running, we use the dig command and as shown below,
there are no errors (van de Ven & Holtmann, 2011)
Running head: LINUX SERVER ADMINISTRATION
10
And now we can ping our server as shown below
If we run the nslookup command, the following result is yielded showing our DND
server is working perfectly as shown in the figure below
For security purposes, it is important for the DNS to enabled in the firewall rules. This
can be achieved by allowing the port 53 through the firewalld
The command is as follows
firewall-cmd --permanent –add-port=53/tcp
firewall-cmd –permanent –add-port=53/udp
10
And now we can ping our server as shown below
If we run the nslookup command, the following result is yielded showing our DND
server is working perfectly as shown in the figure below
For security purposes, it is important for the DNS to enabled in the firewall rules. This
can be achieved by allowing the port 53 through the firewalld
The command is as follows
firewall-cmd --permanent –add-port=53/tcp
firewall-cmd –permanent –add-port=53/udp
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
Running head: LINUX SERVER ADMINISTRATION
11
This opens the TCP port 53 which is the default port for the DNS service.
Enable ssh
SSH enables a more secure way to log into the VM from a remote host. To enable the
service, we have to install the openssh-server that will serve the remote host requests, using the
following command.
yum install -y openssh-server openssh-clients
Challenges
The process was quite seamless except for the following challenges
i. The definition and setup of the zones seemed challenging as the syntax is very specific
and failure to follow them could make the DNS service fail.
ii. The processes required reliable internet to install all the bind-utils which made the
process slow.
Part 2: Virtual Machine Two (3 marks)
11
This opens the TCP port 53 which is the default port for the DNS service.
Enable ssh
SSH enables a more secure way to log into the VM from a remote host. To enable the
service, we have to install the openssh-server that will serve the remote host requests, using the
following command.
yum install -y openssh-server openssh-clients
Challenges
The process was quite seamless except for the following challenges
i. The definition and setup of the zones seemed challenging as the syntax is very specific
and failure to follow them could make the DNS service fail.
ii. The processes required reliable internet to install all the bind-utils which made the
process slow.
Part 2: Virtual Machine Two (3 marks)
Running head: LINUX SERVER ADMINISTRATION
12
The second virtual machine runs the Ubuntu server 16.04 and in it, the web server shall
be installed to serve HTTP requests. To do this, the LAMP (Linux Apache MySQL PHP)
modules must be installed, configured and enabled to provide a full stack apache web server. But
first, let’s set up a static IP address by editing the file /etc/network/interfaces and updated as
shown below. The IP address set for the second virtual machine is 192.168.122.152/24 as shown
in the figure below (Meloni, 2012)
The steps are enlisted below
LAMPP Installation Steps
i. Installation of the Apache Web server
First, update the package list using the command sudo apt update
Then install the Apache web server using sudo apt install apache2 (Merkel, 2014).
12
The second virtual machine runs the Ubuntu server 16.04 and in it, the web server shall
be installed to serve HTTP requests. To do this, the LAMP (Linux Apache MySQL PHP)
modules must be installed, configured and enabled to provide a full stack apache web server. But
first, let’s set up a static IP address by editing the file /etc/network/interfaces and updated as
shown below. The IP address set for the second virtual machine is 192.168.122.152/24 as shown
in the figure below (Meloni, 2012)
The steps are enlisted below
LAMPP Installation Steps
i. Installation of the Apache Web server
First, update the package list using the command sudo apt update
Then install the Apache web server using sudo apt install apache2 (Merkel, 2014).
Running head: LINUX SERVER ADMINISTRATION
13
ii. Install MySQL
Installation of MySQL database management system follows the following command,
Sudo apt install mysql-server
iii. Install PHP
PHP provides the server side scripting language hence will be used to serve HTTP
requests that need server-side processing. The command that installs PHP and its
packages are as shown below,
The following changes are made for a production web server as shown below
iv. Restart apache service by running the command sudo service apache2 restart
v. Verify by visiting the server from another host e.g. type http://192.168.122.152 . The
result is as shown below when it is viewed from the Ubuntu host OS
13
ii. Install MySQL
Installation of MySQL database management system follows the following command,
Sudo apt install mysql-server
iii. Install PHP
PHP provides the server side scripting language hence will be used to serve HTTP
requests that need server-side processing. The command that installs PHP and its
packages are as shown below,
The following changes are made for a production web server as shown below
iv. Restart apache service by running the command sudo service apache2 restart
v. Verify by visiting the server from another host e.g. type http://192.168.122.152 . The
result is as shown below when it is viewed from the Ubuntu host OS
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Running head: LINUX SERVER ADMINISTRATION
14
Configure IPTables
IPTables increases the security of the server by allowing only the permitted
request through the server. The server should allow the following services through
ssh-port 22
HTTP-port 80
https-port 443
MySQL-port 3306
DNS-port 53
Rules
i. Allow Loopback for diagnostic purposed. We add the following rule
14
Configure IPTables
IPTables increases the security of the server by allowing only the permitted
request through the server. The server should allow the following services through
ssh-port 22
HTTP-port 80
https-port 443
MySQL-port 3306
DNS-port 53
Rules
i. Allow Loopback for diagnostic purposed. We add the following rule
Running head: LINUX SERVER ADMINISTRATION
15
ii. Permit the return traffic
Related traffic should be allowed. This is achieved by the following command
iii. Allow ssh via port 22
To allow secure login to the server remotely, the ssh service must be allowed
through the iptables rules as shown below
iv. Allow HTTP
HTTP requests are vital for web server as it carried the client request. The rule is
as follows
v. Allow https
The HTTP secured version is more appealing as the traffic gets encrypted while
on transit. This is important for security sensitive websites. The rule is as follows
vi. Make the rules persistent by using the following commands
sudo apt-get update && sudo sudo apt-get install iptables-persistent
vii. Save rules by running sudo invoke-rc.d iptables-persistent save.
15
ii. Permit the return traffic
Related traffic should be allowed. This is achieved by the following command
iii. Allow ssh via port 22
To allow secure login to the server remotely, the ssh service must be allowed
through the iptables rules as shown below
iv. Allow HTTP
HTTP requests are vital for web server as it carried the client request. The rule is
as follows
v. Allow https
The HTTP secured version is more appealing as the traffic gets encrypted while
on transit. This is important for security sensitive websites. The rule is as follows
vi. Make the rules persistent by using the following commands
sudo apt-get update && sudo sudo apt-get install iptables-persistent
vii. Save rules by running sudo invoke-rc.d iptables-persistent save.
Running head: LINUX SERVER ADMINISTRATION
16
viii. Verify y running the sudo iptables –L to list all the current rules
Experiences and challenges
Setting up the LAMP stack was quite intriguing except for the following
bottlenecks witness
i. The PHP packages required were numerous and sometimes syntax error in package name
meant I had to redo the command.
ii. The iptable rule configuration seemed difficult at first but managed to set up the pretty
firewall.
Part 3: Remote File Access (3 marks)
File upload and download require the FTP server service to be configured in the
server. This will allow webmaster to upload content online. To achieve this, the following
steps are done.
Steps: FTP
i. Installation of The very secure file transfer protocol daemon (VSFTPD) using the
following command: sudo apt-get install update && sudo apt-get install vsftp
16
viii. Verify y running the sudo iptables –L to list all the current rules
Experiences and challenges
Setting up the LAMP stack was quite intriguing except for the following
bottlenecks witness
i. The PHP packages required were numerous and sometimes syntax error in package name
meant I had to redo the command.
ii. The iptable rule configuration seemed difficult at first but managed to set up the pretty
firewall.
Part 3: Remote File Access (3 marks)
File upload and download require the FTP server service to be configured in the
server. This will allow webmaster to upload content online. To achieve this, the following
steps are done.
Steps: FTP
i. Installation of The very secure file transfer protocol daemon (VSFTPD) using the
following command: sudo apt-get install update && sudo apt-get install vsftp
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
Running head: LINUX SERVER ADMINISTRATION
17
ii. Configure vsftpd by editing the files located in /etc/vsftpd.conf and enable the asci
upload and download. A welcome message can also be set at this file.
iii. Restart the service by running sudo systemctl restart vsftpd
iv. Verify status by running the sudo systemctl status vsftpd. The result is as shown below.
17
ii. Configure vsftpd by editing the files located in /etc/vsftpd.conf and enable the asci
upload and download. A welcome message can also be set at this file.
iii. Restart the service by running sudo systemctl restart vsftpd
iv. Verify status by running the sudo systemctl status vsftpd. The result is as shown below.
Running head: LINUX SERVER ADMINISTRATION
18
Now we can upload files from our Ubuntu desktop host to the server. The Ubuntu server
has the FileZilla, an ftp client installed. The result below shows the ability to access and upload
files such as html docs to the server. For example, we can upload the charith learning
management system from the host OS to our server in the www directory root. The directory is
called charithlms and result is as shown below
18
Now we can upload files from our Ubuntu desktop host to the server. The Ubuntu server
has the FileZilla, an ftp client installed. The result below shows the ability to access and upload
files such as html docs to the server. For example, we can upload the charith learning
management system from the host OS to our server in the www directory root. The directory is
called charithlms and result is as shown below
Running head: LINUX SERVER ADMINISTRATION
19
Part 4: Making DNS Robust (3 marks)
DNS is very important to service in the network since, without it, all the internet
connection would be difficult since human beings have mastered the domain names as
opposed to IP addresses. To ensure reduction of a single point of failure in the network,
DNS nameserver can be defined more than one for a given host. In this section, DNS
secondary server shall be configured and it will be a slave to the primary DNS already
installed in VM 1 (Anderson, Djurovic, Nechamkin, & Shoghli, 2015).
19
Part 4: Making DNS Robust (3 marks)
DNS is very important to service in the network since, without it, all the internet
connection would be difficult since human beings have mastered the domain names as
opposed to IP addresses. To ensure reduction of a single point of failure in the network,
DNS nameserver can be defined more than one for a given host. In this section, DNS
secondary server shall be configured and it will be a slave to the primary DNS already
installed in VM 1 (Anderson, Djurovic, Nechamkin, & Shoghli, 2015).
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Running head: LINUX SERVER ADMINISTRATION
20
DNS installation Guide
Step 1: Installation of the Bind packages and utilities
Here, the command sudo apt-get install bind9 bind9utils
Step 2: Configuration of the slave DNS
Configuration shall be done in the named.conf.local file located in the /etc/bind/ as shown
in the figure below, defining the zones
The zones are defined as shown below
20
DNS installation Guide
Step 1: Installation of the Bind packages and utilities
Here, the command sudo apt-get install bind9 bind9utils
Step 2: Configuration of the slave DNS
Configuration shall be done in the named.conf.local file located in the /etc/bind/ as shown
in the figure below, defining the zones
The zones are defined as shown below
Running head: LINUX SERVER ADMINISTRATION
21
Step 3: Adjust permission to allow read, write access to the bind directory using the following
command
Sudo chmod 755 /etc/bind
Sudo chown –R bind:bind /etc/bind
Step 4: Restart service using the command sudo service bind9 restart
Step Edit network interfaces to configure DNS
This is done by editing the /etc/network/interfaces file to capture the DNS details as
shown below,
Step 5: Edition of the resolv.conf file
The resolve.conf shall point to the master and slave IP as shown below.
21
Step 3: Adjust permission to allow read, write access to the bind directory using the following
command
Sudo chmod 755 /etc/bind
Sudo chown –R bind:bind /etc/bind
Step 4: Restart service using the command sudo service bind9 restart
Step Edit network interfaces to configure DNS
This is done by editing the /etc/network/interfaces file to capture the DNS details as
shown below,
Step 5: Edition of the resolv.conf file
The resolve.conf shall point to the master and slave IP as shown below.
Running head: LINUX SERVER ADMINISTRATION
22
Step 6: Create the forward zone as shown below
Step 7: Create the reverse zone configurations as shown below
22
Step 6: Create the forward zone as shown below
Step 7: Create the reverse zone configurations as shown below
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
Running head: LINUX SERVER ADMINISTRATION
23
Step 8, to verify that everything is working, we need to access the saffioti.org.au from the
hosting Ubuntu desktop and expect to find the address of VM 2 which had the web server
installed and configured. The result is as shown below
Experience and challenges
The experience and challenges in his hand on skill are as follows,
i. Setting the Canonical name was a bit tedious but after thorough [practice, I did
understand the logic and set it up very well.
ii. Slave DNS server required an extra level of keenness to ensure you point to the right
server
23
Step 8, to verify that everything is working, we need to access the saffioti.org.au from the
hosting Ubuntu desktop and expect to find the address of VM 2 which had the web server
installed and configured. The result is as shown below
Experience and challenges
The experience and challenges in his hand on skill are as follows,
i. Setting the Canonical name was a bit tedious but after thorough [practice, I did
understand the logic and set it up very well.
ii. Slave DNS server required an extra level of keenness to ensure you point to the right
server
Running head: LINUX SERVER ADMINISTRATION
24
Part 5: Simple Web Services (3 marks)
To enable https traffic for secure browsing, SSL is installed on the web server using the
following steps
SSL Steps
i. Request a self-signed certificate using the command
ii. Enhance the key with strong define Helman using the command.
24
Part 5: Simple Web Services (3 marks)
To enable https traffic for secure browsing, SSL is installed on the web server using the
following steps
SSL Steps
i. Request a self-signed certificate using the command
ii. Enhance the key with strong define Helman using the command.
Running head: LINUX SERVER ADMINISTRATION
25
/
iii. Adjust configuration to allow the apache webserver use the ssl. We first create a
configuration snippet in the /etc/apache2/conf-available/. We can name the snippet
ssl-params.ssl
iv. Modify the apache virtual hosts
25
/
iii. Adjust configuration to allow the apache webserver use the ssl. We first create a
configuration snippet in the /etc/apache2/conf-available/. We can name the snippet
ssl-params.ssl
iv. Modify the apache virtual hosts
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Running head: LINUX SERVER ADMINISTRATION
26
v. Set up redirects to https://saffioti.org.au in the virtual host
vi. Adjust the firewall to enable SSL traffic
sudo ufw allow ssl
Experience and Challenges
i. Creation of the deffie Hellman parameter took a lot of my computing resources but it was
worth it to ensure a stronger encryption keys
ii. Still the clients did not trust my certificate even if it was signed by self.
26
v. Set up redirects to https://saffioti.org.au in the virtual host
vi. Adjust the firewall to enable SSL traffic
sudo ufw allow ssl
Experience and Challenges
i. Creation of the deffie Hellman parameter took a lot of my computing resources but it was
worth it to ensure a stronger encryption keys
ii. Still the clients did not trust my certificate even if it was signed by self.
Running head: LINUX SERVER ADMINISTRATION
27
References
Anderson, S., Djurovic, D., Nechamkin, E., & Shoghli, J. (2015). Fault tolerance approaches
for DNS server failures. Google Patents.
Drako, D. (2013). Policy-managed DNS server for to control network traffic. Google Patents.
Meloni, J. C. (2012). Sams teach yourself PHP, MySQL and Apache all in one. Sams Publishing.
Merkel, D. (2014). Docker: lightweight linux containers for consistent development and
deployment. Linux Journal, 2014(239), 2.
van de Ven, A., & Holtmann, M. (2011). Domain name system lookup latency reduction. Google
Patents.
27
References
Anderson, S., Djurovic, D., Nechamkin, E., & Shoghli, J. (2015). Fault tolerance approaches
for DNS server failures. Google Patents.
Drako, D. (2013). Policy-managed DNS server for to control network traffic. Google Patents.
Meloni, J. C. (2012). Sams teach yourself PHP, MySQL and Apache all in one. Sams Publishing.
Merkel, D. (2014). Docker: lightweight linux containers for consistent development and
deployment. Linux Journal, 2014(239), 2.
van de Ven, A., & Holtmann, M. (2011). Domain name system lookup latency reduction. Google
Patents.
1 out of 27
Related Documents
![[object Object]](/_next/image/?url=%2F_next%2Fstatic%2Fmedia%2Flogo.6d15ce61.png&w=640&q=75){kind=small}
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
© 2024 | Zucol Services PVT LTD | All rights reserved.