Information Systems Security and Privacy – ITM 820                                      Part B 

Part B: SELinux Server Services

Installation & Configuration
Instructions:
1. This is a group project. Each group must submit a single solution for the required deliverables.
2. All submissions are to be via the turnitin.com system; no other way of submission is accepted.
3. Please feel free to explore m ore references from any so urces (e.g., RFCs, techn ical reports,
research pap ers, technical m agazines and journals ), and to support your answers wi th adequate
documentations.
4. Support your repot through screenshots.

Purpose and Objective

The purpose of this assig nment is to gain som e experience in identify ing the basic requirem ents for
creating a virtualized e-commerce solution. The project requires the following processes:
- Installation of Linux operating system (Fedora) in VM.
- Installation of the Apache Web Server.
- Installation of PHP programming interpreter.
- Installation of MySQL or MariaDB Database Management System.
- Installation of Anonymous FTP server.
- Enabling and configuring MLS.
The main objective is to successfully be able to configure server services in Linux platform and to
demonstrate Multilevel Security in SELinux.

Success Criteria
- To be able to configure Apache server
- To be able to configure MySQL server.
- To be able to configure PHP interpreter.
- To be able to configure NTP server.
- To be able to configure FTP server
- To be able to implement an access control mechanism for the purpose of authorizing
webpages and directory.
- Configuring MLS.

Keywords
SELinux, Apache, php, mysql, ntp, smtp, pop, localhost, htaccess, htpasswd, ftp, MLS

Resources
 Option-A: LAMP (Linux, Apache, MySQL, and PHP) Servers hosted in a virtual machine.
 Option-B: XAMPP Servers (XML, Apache, MySQL, PHP, and Perl) installed on Windows
OS.
 Red Hat Enterprise Linux 6.0: https://access.redhat.com/documentation/en-
US/Red_Hat_Enterprise_Linux/6/html/Security-Enhanced_Linux/creating-a-user-with-a-
specific-mls-range.html

    Information Technology Management  |  Ryerson University   1 
 
 Informatio
on Systems Security and P
Privacy – ITM
M 820                                      Part B 
 
 SELinux Projeect: http://sellinuxproject.org/page/NB
B_MLS#Multti-Level_Seccurity_and_M
Multi-
Category_Sec
C curity
Pro
oject Prreparattion: In
nstallingg the LA
AMP P
Platform
m
10 Maarks
1. In
nstall Fed
dora SELiinux 23 (o Operating Systems in a
or later vversion) O
Vmware
V viirtual macchine.

2. In
nstall Apa
ache serveer
o yum install httpd
o servicce httpd startt (note: after httpd started, make sure the Firefox is installed)
 test successsful installaation by brow wsing the UR
RL: localhosst
 Th he test page should
s be dissplayed.

3. In
nstall MyS
SQL Data
abase (Forr SELinux version 23)
a. yum install
i mysqql mysql-serv
ver
b. system
mctl enable mysqld.servvice
c. system
mctl start my
ysqld.service
d. mysqql_secure_insstallation

Note:
N ng a later veersion (e.g., Fedora 25)) do the folloowing:
If you are installin
a) yum install mysql m mysql-serverr
b) systemcctl enable mmysqld.servicce
c) systemcctl start mariiadb.servicee
d) mysql__secure_instaallation
4. In
nstall PHP
P5
a. yum install
i php
b. system mctl restart httpd.service
h e
c. test PHP5
P by creaating a PHP document
i. vi /var/wwww/html/info o.php
<?php php pinfo ( ); ?>
d. test thhe page in th u
he browser using the httpp://localhost/ RL
t/info.php UR
Note: Aftfter successfuult PHP instaallation you should get a following ffigure (or
similar):

    Management   |  Ryerson U
Information TTechnology M University   2
 
 Informatio
on Systems Security and P
Privacy – ITM
M 820                                      Part B 
 

5. In
nstall php
pMyAdmin
n
a. yum install
i phpm
myadmin
b. configure phpMy yAdmin usin
ng the VI ediitor:
vi /etcc/httpd/conf.d/phpMyAddmin.conf

6. Restart
R Ap
pache serv
ver
system
mctl restart httpd.service
h e

7. Access
A php
pMyAdmin
n by using
g the URL
L http://loccalhost/ph
hpmyadmiin

Part 1:
1 Passw
word Pro
otect Websites
W P
Pages 15 Marrks
httpp://httpd.apachee.org/docs/2.2//howto/htaccesss.html
http://docs.fed
doraproject.org
g/en-US/Fedoraa/16/html/Systtem_Administrrators_Guide/ch-Web_Serverrs.html

http://www.reeallylinux.com
m/docs/htaccesss.shtml

Using access
a filess, implemen
nt an accesss control m mechanism m that authhenticate ussers
while atttempting tot access websites,
w fiiles of webbsites, or thhe entire diirectory.

 Test the Apache

A server by broowsing thee
http://loccalhost/info
o.php, if thhe Apache server is nnot respondd
then you need to start the httppd service: service htttpd start.

 Replace the
t conten nts of the innfo.php pagge with thee followingg
code andd test your access conntrol schem me based onn attemptinng
to accesss this page;; the page ccan be foun
und at /var/w
www/htmll
<html>
    Information TTechnology M
Management   |  Ryerson U
University   3
 
 Informatio
on Systems Security and P
Privacy – ITM
M 820                                      Part B 
 
<hr size=
=20 color=
=orange>
<h1 align
n=center> Informatioon Systemss Security and Privaccy
<br> ITMM 820 Projject</h1>
n=center> Group nam
<h2 align mes: xxxxxx</h2>
<hr size=
=20 color=
=orange>
</html>

* wheree xxxxxx is your group

up memberss’ names

 Test the pagep usingg the URL::

http://loccalhost/info
o.php
- Hint:
H Use th
he .htaccesss and .htpaasswd acceess files ass a method of
im
mplementaation.
 Create an nd configuure .htaccesss file
 Crate and d configuree .htpassw
wd file
 Test Acccessing the web Serverr using the U URL: http://loocalhost/info.php
 Verify th he httpd.conf file is reead as “alloowoverride all”
(http://htttpd.apachee.org/docs//2.2/howtoo/htaccess.hhtml)
Hint:
/etc/httpd
d/conf/

/var/wwww/html
vi yourfille.html
htpasswdd –c filenamee UserNamee

Part 2: Installing
g FTP Serv
ver (pure--ftpd) in A
Anonymou
us Mode 10 Maarks
pure-FTPPd is a free (BSD), secure, production-qu
p ality and standdard-conformaant FTP serveer. It doesn't prrovide
useless beells and whistlles, but focusees on efficien
ncy and ease oof use. It provvides simple aanswers to com
mmon
needs, plu
us unique usefuul features forr personal userrs as well as hoosting provideers.

2.1
2 Install pure-ftpd
p server (http:://www.pureeftpd.org/prooject/pure-ftppd)
o yum -y- install purre-ftpd
o system
mctl start puree-ftpd.service
mctl enable pure-ftpd.serv
o system vice
o Test th
he operabilityy of the serveer using ftp:///localhost
    Information TTechnology M
Management   |  Ryerson U
University   4
 
 Informatio
on Systems Security and P
Privacy – ITM
M 820                                      Part B 
 

2..2 Installl FTP client (Filezella:

( htttps://filezilla--project.org/ddownload.phpp?show_all=1)

o Createe a folder on the FTP servver that show

ws (Group Noo xx – ITM 820) as its nam
me.
o Uploaad the text filee HelloWorld
d to the serveer in your grooup folder.
 The file co ontains the message: Welccome to the IITM 820 Proj oject.


Part 3:
3 Time Synchro
S nization
n Server (Networrk Time Protocool)
10 Marrks
http
p://support.nttp.org/bin/viiew/Servers//NTPPoolSeervers
hhttp://www.pool.ntp.orgg/en/vendorss.html
http://wwww.nrc-cnrc.gcc.ca/eng/servvices/time/neetwork_timee.html
htttps://supernooc.rogersteleecom.net/opss/ntp/

3 .1 Install NTP
N Serverr
- yum -yy install nt p
3 .2 Revise the
t configu
uration filee of the prootocols
- vi /etc /ntp.conf
    Information TTechnology M
Management   |  Ryerson U
University   5
 
 Information Systems Security and Privacy – ITM 820                                      Part B 
 
3.3 add the network range you allow to receive requests
server 0.fedora.pool.ntp.org iburst
server 1.fedora.pool.ntp.org iburst
server 2.fedora.pool.ntp.org iburst
server 3.fedora.pool.ntp.org iburst
server ntp1.jst.mfeed.ad.jp

3.4 Start Server

systemctl start ntpd.service

3.5 Enable server

systemctl enable ntpd.service

3.6 Run the command: ntpq –p

3.7 What is the purpose of the command ntpq –p

    Information Technology Management  |  Ryerson University   6 
 
 Informatio
on Systems Security and P
Privacy – ITM
M 820                                      Part B 
 

Part 4:
4 E-maill Server (Postfix
x) 10 Marks
http://w
www.techoto
opia.com/ind
dex.php/Connfiguring_a__Fedora_Linuux_Email_S
Server

4.1 Check thee status of e-m

mail server
a. cd /sbiin
b. service sendmail sttatus

olution Clien
4.2 Install Evo nt
c. yum in nstall evolutiion*
d. config gure your e-mmail account
pop.gmmail.com portp 995
smtp.ggmail.com portp 465

    Information TTechnology M
Management   |  Ryerson U
University   7
 
 Informatio
on Systems Security and P
Privacy – ITM
M 820                                      Part B 
 
Part 5:
5 PGP Keys
K Gen
neration
n 10 Maarks
 https://feddoraproject.orgg/wiki/Using_G
GPG

5.1 Installl the seahorrse program: yum install seahorse

5.2 Geneerate PGP Keeys for each member of your group aand publish the public kkeys on the
MIT PGP server: http://pgp.mmit.edu/

5.3 Encry
ypt the attach
hed file ( part2 ) using one
o of the puublic keys puublished on tthe
http://pgp.mitt.server

Submit yo
our encrypted message as
a part2.gpg.

    Information TTechnology M
Management   |  Ryerson U
University   8
 
 Information Systems Security and Privacy – ITM 820                                      Part B 
 
Part 6: Enabling Multilevel Security (MLS) [15 Marks]

6.1 Enable MLS in SELinux

6.2 Configure Multilevel Securirty on the SELinus OS.
6.3 Configure SELinux in to permissive mode.
6.4 Test the mode of operation using the command:
getenforce  what is the output?
6.5 Display the policy file that SELinux is currently using:
sestatus |grep mls
6.6 Create a new user where your group no. as its name:
useradd groupxx
6.7 List the user by using SELinux primitives:
semanage login –l
6.8 Modify the SELinux range to s5 and c150:
semanage login --modify --seuser user_u --range s5:c150 groupxx
6.9 Create a 2nd user and configure it with different SELinux range and demonstrate the no
write down and the no read up model.

Part 7 [Bonus]: Message Authenticity [5 Marks]

Using the principles of digital signature as well as PGP keys, Implement a digital signature
scheme a message authenticity must be verified.

Hint: use the following resources

 https://fedoraproject.org/wiki/Archive:Legacy/PGPHowT
o?rd=Legacy/PGPH owTo
 https://www.gnupg.org/gph/en/manual/x135.html
 http://fedoraproject.org/wiki/Using_GPG_with_Evolution
 https://fedoraproject.org/wiki/Archive:Legacy/PGPHowT
o?rd=Legacy/PGPHowTo

Submission

This section details the instructions to follow when submitting your assignment through
Turnitin.com.

The assignment report (Part A & B) must be submitted as a unified file in .pdf format.
Support your work with screens snapshots.

    Information Technology Management  |  Ryerson University   9