CT106-3-2-SNA

Table of Contents
Acknowledgement ........................................................................................................................................ 2
Introduction .................................................................................................................................................. 3
Work breakdown Structure .......................................................................................................................... 4
Base System: Group Component .................................................................................................................. 5
Secure Webmail: Sending mail using stunnel, mail submission port, and https:// .................................. 5
Migrate to Net-R ..................................................................................................................................... 13
Protocol Analysis ..................................................................................................................................... 18
Iptables.................................................................................................................................................... 21
NFS .......................................................................................................................................................... 28
Replace DNSMASQ .................................................................................................................................. 31
Basic VPN ................................................................................................................................................ 36
Individual..................................................................................................................................................... 47
IDS ........................................................................................................................................................... 47
Sudo ........................................................................................................................................................ 53
LDAP ........................................................................................................................................................ 60
Conclusion ................................................................................................................................................... 66

1|Page
 CT106-3-2-SNA

Acknowledgement
This assignment could not be completed without the help and participation of so many people.
Therefore, the team really appreciates all the contributions and assistance that has been provided
and also in debt to all helping hands. As for starters, the team would like to thank Dr. Thomas
Patrick O’daniel for teaching the team various methods and techniques with different approach
associated with the project in order to complete the assignment completely. His constructive
advices and notes that he prepared for us has been the backbone to successfully complete this
assignment. Furthermore, the team is thankful to their parents and friends for the constant
motivational support and encouragements which has pushed us to provide a fruitful
accomplishment of this project. Finally, our honorable gratitude to the head of the module for
providing us the opportunity to learn about the fundamentals of network services and prepare a
detailed documentation.

2|Page
 CT106-3-2-SNA

Introduction
Network and System Administration also known as SNA is the learning course to setup servers
using Oracle Virtual Machines. This is possible by utilizing the resource notes from TinyNet.my.
Four types of servers are being setup as the base system which are Gateway, Webserver, MailHost
and LDAPHost and these are being installed with Linux 2.6 Operating System configuration.
These base systems allowed the team to develop the required enhancements such as Cross System
Multi-tail, SUDO, NFS, Ip tables, LDAP and etc.

3|Page
 CT106-3-2-SNA

Work breakdown Structure

MAGENTIRA CHIRANJEEV TEO JUN TFU

Task/Members KUMAR NAIDU TP041243
TP041192 MAHENDRAN
TP053346
Base System Group   
IDS 
Ip Tables 
NFS 
SUDO 
Migrate to Net-R 
Protocol Analysis 
Replace DNS Masq 
Open VPN 
LDAP 

4|Page
 CT106-3-2-SNA

Base System: Group Component

Secure Webmail: Sending mail using stunnel, mail submission port, and https://
Owner: Group (Magentira Kumar TP041192)

Objective

1. To establish communication between servers by using stunnel

2. To establish and configure mail submission port.

3. To establish a secure site using https://

Configuration Steps with Screenshots

Setting up Stunnel

1) In order to configure Stunnel, base configurations have to be done in Gateway, Webserver and
Mailhost server. The very first step to configure Stunnel is to configure the library file of
“/etc/rc.d/rc.stunnel” file. The file should be an executable file, therefore, the permissions for the file
must be modified by entering the command listed below.

Figure 1: rc.stunnel

2) After modifying the permission, the symbol ‘*’ is shown at the beginning of the file name which indicates
its accessibility.

3) After setting up “rc.stunnel” as an executable file, there are several steps which have to be considered to
make it work. As shown in the image below, the directory must be changed to /usr/sbin/stunnel in rc.stunnel
file.

5|Page
 CT106-3-2-SNA

Figure 2: rc.stunnel

4) Make sure the imaps are connected to the mailhost.tinynet.edu:993.

Figure 3:client.conf

6|Page
 CT106-3-2-SNA

Using https:// to establish a secure connection to the host browser

1.Open the page with the URL 192.168.56.117/

2. this link is used to download the TinyNetCA certificate to zip the file

3. Extract the TinyNetCA. Crt the desired place

4. Install the certificate to your system store of trusted root certificates

5. close and restart your browser

7|Page
 CT106-3-2-SNA

Screenshot of listening ports

Figure 4: netstat -tulp

Once configured, the library files which are needed, Stunnel appear in the Netstat interface. The “netstat -
tulp” command is used to check the network connections and listening ports.

Figure 5: Output of stunnel

8|Page
 CT106-3-2-SNA

After performing required configurations, the stunnel connection can be established by entering
‘/etc/rc.d/rc.stunnel command in the terminal.

Screenshot of mailadmin mailbox in squirrelmail

Figure 6:Screenshot of mailbox

9|Page
 CT106-3-2-SNA

Setting up mail submission port

The very first step in configuring mail submission port is to set up the Postfix and SquirrelMail and make both
the files work together.

1) Setting up Postfix

i) In MailHost server, open the file directory “/etc/postfix/main.cf”.

ii) Comment “#” the first line of relayhost and uncomment the second line as shown below.

Figure 7: “/etc/postfix/main.cf”

2) Setting up SquirrelMail

i) In Webserver, open the Midnight Commander(MC) and open the directory file of
“/var/www/squirrelmail/config/config_svr_adrs.php”.

ii) Enable the “$smtpPort = 587;” and disable the “$smtpPort = 25;” as shown in the image below:

10 | P a g e
 CT106-3-2-SNA

Figure 8: “/var/www/squirrelmail/config/config_svr_adrs.php”.

11 | P a g e
 CT106-3-2-SNA

Any Outstanding/Unresolved Issues

None

References

My-Tiny.Net, 2018. Securing Communications with SSL/TLS. [Online] Available at:

http://www.my-tiny.net/L14-ssl.htm [Accessed 10 December 2018].

12 | P a g e
 CT106-3-2-SNA

Migrate to Net-R
Objective:
a) Clone and reconfigure your TinyNet servers as Net-R servers
b) Reconfigure DNSMASQ to hand out static addresses to servers rather than dynamic ones
c) Describe the Net-R automatic traffic generation system

Configuration:
Migrate to Net-R servers
1) Install net-r configuration iso
2) Clone ToClone to domserver and change the virtual optical disk to net-r iso.
3) Clone ToClone to netR1 and change the virtual optical disk to net-r iso.
4) Type mc once login to root from the domserver and locate to mnt/hdc/SetupMenu
5) Configure as Net-r domain server (Figure 9)

Figure 9: Configure as Net-r Domain Server

13 | P a g e
 CT106-3-2-SNA

6) Repeat step 5 but in netR1 and configure as Net-r Host. (Figure 10)

Figure 10: Configure as Net-r Host

7) Change the host name to netR1 (Figure11)

Figure 11: Change host name

14 | P a g e
 CT106-3-2-SNA

8) Reboot domain server and netR1.

Reconfigure DNSMASQ to hand out static addresses to servers rather than dynamic ones

1) Open mc from domain server, and locate to etc/dnsmasq.conf. Press F4 to edit. (Figure12)

Figure 4: dnsmasq.conf file

Figure 12: dnsmasq.conf name

2) Comment line 33 with # at the starting of the line and Uncomment line 37 and 39 with # at the
starting of the line. (Figure 13)

Figure 13: Modified dnsmasq.conf name

15 | P a g e
 CT106-3-2-SNA

3) Change host name to netR1 (Figure 14)

Figure 14: host name to netR1

4) Reboot both DomServer and NetR1.

5) Output : the ip address from DomServer can be seen (Figure 15)

Figure 15

16 | P a g e
 CT106-3-2-SNA

Referencing
Net-R::Migrate. 2018. Net-R::Migrate. [ONLINE] Available at: http://www.my-tiny.net/net-
r/NR02-move.htm. [Accessed 12 December 2018].

17 | P a g e
 CT106-3-2-SNA

Protocol Analysis
Objective:
Use tcpflow to capture the dialog between the browser and the webserver when
a) you access the default monkey webpage. How can you recover the images?
b) you access a mailbox in squirrelmail. How many requests are made? How many
servers are involved?
Configuration:
1) Use the command ‘tcpflow -p -c -I eth0 port 80 | grep -oE `(GET|POST|HEAD) .* HTTP/.
[01]|HOST| *` ’ view request and responds from the server. (Figure 16)

Figure 16

18 | P a g e
 CT106-3-2-SNA

2) Once the command is executed, the following will be shown in Figure2. It shows the host’s IP
and the result it produces.

Figure 17

How many requests are made to load the inbox page in squirrelmail? How many servers are
involved?
5 requests have been made to load the inbox page in the squirrel mail. There is only one server
involved which is the host server, 192.168.56.215.

Outstanding/Unresolved Issues

Recovering the image.

19 | P a g e
 CT106-3-2-SNA

Referencing
John Collins. 2018. Running a network trace on the command line using tcpflow. [ONLINE]
Available at: http://www.alphadevx.com/a/370-Running-a-network-trace-on-the-command-line-
using-tcpflow. [Accessed 12 December 2018].

Owl River Company - tcpflow tutorial - 46.101.8.169. 2018. Owl River Company - tcpflow tutorial
- 46.101.8.169. [ONLINE] Available at: http://www.owlriver.com/tips/tcpflow-tutorial/index.php.
[Accessed 13 December 2018].

20 | P a g e
 CT106-3-2-SNA

Iptables
Owner: Magentira Kumar (TP041192)

Objectives

1) Adding all six “Rules for things that no proper TCP stack should be processing” from
the IPTables Quick Reference section-p –protocol TCP but use a LOG target.

2) Using hping2 and Multitail to show the rules are working as it should.

Configuration explained with Screenshots

1) In the gateway server, these 6 rules were utilized which are:

a. iptables -A INPUT -p tcp --tcp-flags ALL NONE -j LOG --log-level alert - -log-prefix "iptables ALL
NONE "

b. iptables -A INPUT -p tcp --tcp-flags FIN,SYN FIN,SYN -j LOG --log-level alert --log-prefix
"iptables FIN,SYN FIN,SYN "

c. iptables -A INPUT -p tcp --tcp-flags SYN,RST SYN,RST -j LOG --log-level alert --log-prefix
"iptables SYN,RST SYN,RST "

d. iptables -A INPUT -p tcp --tcp-flags FIN,RST FIN,RST -j LOG --log-level alert --log-prefix
"iptables FIN,RST FIN,RST "

e. iptables -A INPUT -p tcp --tcp-flags FIN,ACK FIN -j LOG --log-level alert --log-prefix "iptables
FIN,ACK FIN "

f. iptables -A INPUT -p tcp --tcp-flags ACK,URG URG -j LOG --log-level alert --log-prefix "iptables
ACK,URG URG "

21 | P a g e
 CT106-3-2-SNA

Figure 18: shows the 6 rules

2) The console was cleared by using “clear” command and then “iptables –L” command was used to see
all current iptables rules.

Testing

1) First rule is tested without any flag sets by inputting:

a. Multitail /varlog/syslog -1 “hping2 192.168.56.101”

Figure 19: shows the output without flag set

22 | P a g e
 CT106-3-2-SNA

2) Second rule is tested with FIN SYN flag sets by inputting:

a. Multitail /varlog/syslog -1 “hping2 -F -S 192.168.56.101”

Figure 20: shows the output without flag set

23 | P a g e
 CT106-3-2-SNA

3) Third rule is tested with SYN and RST flag sets by inputting:

a. Multitail /varlog/syslog -1 “hping2 -S -R 192.168.56.101”

Figure 21: shows the output with -S and -R flag sets

24 | P a g e
 CT106-3-2-SNA

4) Fourth rule is tested with FIN and RST flag sets by inputting:

a. Multitail /varlog/syslog -1 “hping2 -F -R 192.168.56.101”

Figure 22: shows the output with -F and -R flag sets

5) Fifth rule is tested with FIN flag set by inputting:

a. Multitail /varlog/syslog -1 “hping2 -F 192.168.56.101”

Figure 23: shows the output with -F flag set

25 | P a g e
 CT106-3-2-SNA

6) Sixth rule is tested with URG flag set by inputting:

a. Multitail /varlog/syslog -1 “hping2 -U 192.168.56.101”

Figure 23: shows the output with -U flag set

Obstacles encountered, obstacles overcome

All six rules used in the gateway server will be lost once the gateway server has been
rebooted.

Any Outstanding/Unresolved Issues

All six rules used in the gateway server will be lost once the gateway server has been
rebooted.

26 | P a g e
 CT106-3-2-SNA

References

IptablesHowTo, 2017. HOWTO. [Online] Available at:

https://help.ubuntu.com/community/IptablesHowTo [Accessed 10 December 2018].

27 | P a g e
 CT106-3-2-SNA

NFS
Owner: Magentira Kumar (TP041192)

Objective

1) To set up the VirtualHost users on the NFS server and allow them ssh access to their
staging area.

2) Make files in /media/nfs_share in Mailhost shared to /mnt/hda1/exported in NFS server.

Screenshots of tests, with explanations

1. Create a new machine by naming it as NFS with base memory size of 96MB and virtual hard disk
size of 200MB. Then run the machine and login as root.

2. In order to partition the disk, cfdisk command has to be utilized.

3. Select New > Primary > Size: 1080 > Beginning > Bootable. Then, press the down key and select
New > Primary > Size: (just press Enter key) > Type: 82 (press Enter key twice).

4. Write a partition table to the disk.

5. Configure the machine the same way as all the other machines were configured.

6. Load the TinyNetConfig.iso into the machine from the menu bar (Devices > Optical Drive >
TinyNetConfig.iso) after rebooting the machine.

7. Input mount /dev/hdc /mnt/hdc at the command prompt.

8. Navigate to /mnt/hdc/SetupMenu from mc (midnight commander). Select Basic Configuration and

proceed to install.

9. Select TinyNet Generic (No Rule) to install and name it as NFS.

10. Quit and reboot the system.

28 | P a g e
 CT106-3-2-SNA

Configure NFS and Mailhost server

1. Start rc.rpe and rc.nfsd on both Mailhost and NFS by inputting /etc/rc.d/rc.rpc start and then input
/etc/rc.d/rc.nfsd start.

2. In NFS, go to /etc/experts and edit as shown below:

Figure 39: Modify the exports file

3. Save the file and reboot.

4. In Mailhost, input mkdir /media/nfs_share and in NFS, input mkdir /mnt/hda1/exported to make
directory.

5. In NFS, input my-ip to obtain the ip address.

6. In mailhost, input showmount -e (ip address of the NFS server) to see shares available on a host.

7. In mailhost, input mount -t nfs (ip address of the NFS server):/mnt/hda1/exported /media/nfs_share

29 | P a g e
 CT106-3-2-SNA

Test NFS

1) In mailhost, copy any files in /media/nfs_share

2) The same copied files will be appeared in NFS at /mnt/hda1/exported

Obstacles encountered, obstacles overcome

None

Any Outstanding/Unresolved Issues

None

References

NFS - Quick and Dirty Setup, 2015. HOWTO. [Online] Available at:
https://docs.slackware.com/howtos:network_services:nfsquick_and_dirty_setup
[Accessed 10 December 2018].

30 | P a g e
 CT106-3-2-SNA

Replace DNSMASQ
Owner: Teo Jun Fu TP041243

Objective

1. Setup ISC DHCP and Bind

2. Replace dnsmasq with dynamic updates in the ISC configuration
Configuration
1. Install ISC DNS and Bind (in MailHost):

i) Enter “cd /mnt/hdc/modules/isc” in command prompt

ii) Enter “ls”
iii) Enter command “lzm2dir bind-9.8.4_P1-i486-1.lzm /”
iv) Enter command: “lzm2dir dhcp-4.1_ESV_R7-i486-1.lzm /”
v) All the commands are entered as below:

Figure 40: Install ISC, DNS and Bind

2. Setup Private Bind DNS Server

31 | P a g e
 CT106-3-2-SNA

Edit the file named.conf in /etc. Add new zone in named.conf and it can be found in
/var/named/caching-example.

Before:

After:

Figure 41: Edit named.conf

32 | P a g e
 CT106-3-2-SNA

3. Copy localhost.zone file twice from /var/named/caching-example to /etc. Rename them to

zone.example.com and 192.zone.
4. Modify zone.example.com file as shown in figure below:

Figure 42: Edit zone.example.com

5. Open and modify 192.zone file as shown below:

Figure 43: Modify 192.zone

33 | P a g e
 CT106-3-2-SNA

6. Configure DHCP server. Remove or rename old dhcpd.conf file in /etc. Then, copy new
dhcpd.conf file from /usr/doc/dhcp-4.1-ESV-R7/examples to /etc. Then, open and edit
dhcpd.conf file as shown in figure below:

Figure 44: Edit dhcpd.conf file

Obstacles

Figure 45: Fail to start rc.bind

34 | P a g e
 CT106-3-2-SNA

I. Command rc.bind was denied due to permission issues.

II. Library issues were also found during the execution as “libxml2.so.2” failed to load
(as shown in figure below):

Figure 46: Failed to load library

References
My-Tiny.Net, n.d. Lab Exercise 3: Configuring our Virtual Machines. [Online]
Available at: http://www.my-tiny.net/Lab03_Roles.htm
[Accessed 03 December 2018].individual

35 | P a g e
 CT106-3-2-SNA

Basic VPN
Owner: Teo Jun Fu TP041243
Objectives
1. To set up OpenVPN in Gateway and in MailHost
2. To have two sets of configuration files; TUN and TAP

Configuration
Set up OpenVPN:
1. Setup OpenVPN in Gateway and Mailhost. Server = Gateway, Client = Mailhost.
2. Open mc  mnt/hdc/SetupMenu  Choose install other packages  Choose
OpenVPN.
3. In Gateway:
a) Copy server.conf from /usr/doc/openvpn-2.0.9/sample-config-files to
/etc/openvpn. Then, configure the file.
b) Edit “server.conf” file and save it.
c) Type “cd /usr/doc/openvpn-2.0.9/easy-rsa”
d) Type “source vars”
e) Type “./clean-all” to clean files.
f) Type “./build-ca” to create certificate.
g) Enter server for it as shown in figure below:

Figure 47: Edit server.conf

36 | P a g e
 CT106-3-2-SNA

1. 4. Create key for server

i) Type “./build-key-server server”
ii) Leave all answer blank until question 6. Type “server” for the answer and type “y”
to sign the certificate as show in below:

Figure 48: Enter “server”

2. Build Diffie-Hellman parameters

i) Enter command “./build-dh”

37 | P a g e
 CT106-3-2-SNA

Figure 49: Diffie-Hellman parameters

3. Copy all the generated files to key directory in /etc/openvpn by using the command
“cp keys/* /etc/openvpn/keys”
4. In Mailhost
i) Make a copy of “client.conf” file from /usr/doc/openvpn-2.0.9/sample-config-
files to /etc/openvpn
ii) Edit “client.conf” as show below:

38 | P a g e
 CT106-3-2-SNA

Figure 50: Edit client.conf

iii) Enter command “cd /usr/doc/openvpn-2.0.9/easy-rsa”
iv) Enter command “source vars”
v) Enter command “./clean-all”
vi) Enter command “scp root@server’s_ip_address:usr/doc/openvpn-2.0.9/easy-
rsa/keys/ca.* keys” to copy file between host on network.
vii) Enter command “./build-key client”. Leave all the question blank except question
6, type “client” for the answer as show below:

39 | P a g e
 CT106-3-2-SNA

Figure 51: Enter command "./build-key client"

Tun configuration:
1. In Gateway:
a) Go to /etc/openvpn and copy server.conf in the same directory and rename it to tun-
server.conf.
b) In tun-server.conf, comment out line 52, ;dev tap. Save and exit the file.
c) Type mkdir /dev/net.
d) Type mknod /dev/net/tun c 10 200 to create a device node for tun.
e) Enter command: cd /etc/openvpn.
f) Test TUN by entering command openvpn tun-server.conf.

40 | P a g e
 CT106-3-2-SNA

Figure 52: TUN testing - Gateway

2. In MailHost:
a) Go to /etc/openvpn and copy client.conf in the same directory. Rename it to tun-
client.conf.
b) In tun-client.conf, edit line 42 by replacing my-server-1 with ip address of gateway.
Save and exit the file.
c) Repeat step 1 (c) to (e).
d) Test TUN by entering command openvpn tun-client.conf.

Figure 53: TUN testing – MailHost

41 | P a g e
 CT106-3-2-SNA

Figure 54: TUN testing - MailHost

Tap configuration:
1. In Gateway:
a) Go to /etc/openvpn and copy server.conf in the same directory. Rename it as tap-
server.conf.
b) In tap-server.conf, comment out line 53, dev tun and add a new line dev tap0. Then,
make the following changes:

Figure 55: Modify tap-server.conf

42 | P a g e
 CT106-3-2-SNA

c) Save and exit the file.

d) Go to /usr/doc/openvpn-2.0.9/sample-scripts, copy bridge-start and bridge-stop to
/etc/openvpn.
e) In bridge-start script, make the changes as below:

Figure 56: ifconfig

Figure 57: Modify bridge-start file

f) Save and exit the file.
g) Type “mkdir /dev/net” (skip this step if directory exists).
h) Type “mknod /dev/net/tap c 10 200” to create a device node for tap.
i) Enter the following to configure the firewall so that it will permit packets to flow
freely over tap0 and br0 interfaces.

Figure 58: Configure firewall setting

j) Enter command: cd /etc/openvpn.
k) Enter command: ./bridge-start to start Ethernet bridge connection.
l) Test TAP by entering command openvpn tap-server.conf.

43 | P a g e
 CT106-3-2-SNA

Figure 59: TAP testing - Gateway

2. In MailHost:
a) Proceed to /etc/openvpn, copy client.conf in the same directory and rename it as tap-
client.conf.
b) In tap-client.conf, make the following changes:

Figure 60: Modify tap-client.conf

c) Save and exit the file.
d) Repeat step 1(g) to (j).
e) Test TAP by entering command “openvpn tap-client.conf”.

44 | P a g e
 CT106-3-2-SNA

Figure 61: TAP testing – MailHost (a)

Figure 62: TAP testing - MailHost (b)

Obstacle
CA private key was unable to load due to unknown reason. Failed to run TUN on client side and
command “./build-ca can only be entered once due to only one master CA is required for others.

45 | P a g e
 CT106-3-2-SNA

References
My-Tiny.net, n.d. Lab Exercise 6: Configuring Services to use LDAP. [Online]
Available at: http://www.my-tiny.net/Lab06b_WebLDAP.htm
[Accessed 10 December 2018].

My-Tiny.Net, n.d. Lab Exercise 7: Securing Communications with SSL/TLS. [Online]

Available at: http://www.my-tiny.net/Lab07_stunnel.htm
[Accessed 10 December 2018].

OpenVPN Technologies, 2013. HOWTO. [Online]

Available at: https://openvpn.net/index.php/open-source/documentation/howto.html
[Accessed 12 December 2018].

46 | P a g e
 CT106-3-2-SNA

Individual
IDS
Owner: Magentira Kumar (TP041192)

Objective

1) To setup snort

2) To use multitail and hping2 to demonstrate a triggering of a particular snort rule

3) To understand how the information about known attacks compiled into rules

Screenshots of tests, with explanations

1) A virtual machine must be created and configured with ‘snort’. The configuration must be done
in the virtual machine by mounting ‘TinyConfig.iso’ image file and inputting the following
commands which will prompt the user with server role setup.

- mount

- cd /mnt/hdc

- ls -1

-./SetupMenu

2) Locate and open snort.conf which was placed under /etc/snort directory.

3) At line 810, place a hashtag (“#”) in front of all the existing rules to make them inexecutable.

4) Append five new rules which have been listed below in snort.conf.
- include /etc/snort/rules/gpl-backdoor.rules

- include /etc/snort/rules/gpl-ddos.rules

- include /etc/snort/rules/http.rules

- include /etc/snort/rules/icmp.rules

- include /etc/snort/rules/other.rule

47 | P a g e
 CT106-3-2-SNA

5) At line 110, modify the rule path to /etc/snort/rules in order to enable the system to execute the right
path.

5) As shown in the image below, locate files which end with ‘.new’ keyword from /etc/snort directory.
Rename the respective files by removing ‘.new’ keyword. For example, modify the file name from
unicode.map.new to unicode.map.

6) Next, locate rc.syslog file which is under /etc/rc.d directory and press F4 to edit. Input the following
command under Local Facilities to specify the location of snort.log.

7) Enter /etc/rc.d/rc.syslog restart to restart the file and allows the system to display alert messages in
snort.log.

8) Edit the symlink of certain files under the directories of /usr/lib/mysql and /usr/lib so that all the
respective files point to the correct destination. For that, remove /opt/lzmtar/mysql-c from the path
names. The symbol ‘!’ will be changed to @; indicating that they have valid paths.

9) Then, copy snort_dynamicengine, snort_dynamicpreprocessor and snort_dynamicrules from /usr/lib

to /usr/local/lib. Locate all the files with the name which ends with 0.0. Rename the files by removing
0.0 because the system will not be able to find the files which ends with 0.0.

10) Then, copy the following files from /usr/lib/mysql to /usr/local/lib.

11) After performing all the configurations, enter command snort -c /etc/snort/snort.conf -l
/var/log/snort to initialise snort in the virtual machine. The output will be displayed as below.

48 | P a g e
 CT106-3-2-SNA

Figure 63

Demonstrating triggering of a rule by using hping2

1) Based on the image shown below, hping2 is used to create 5 packets via 192.168.56.243 through
the open port 80. This can be achieved by entering hping2 -S 192.168.56.243 -p 80 -c 5. The user
has the privilege to change the number of packets by modifying the command.

49 | P a g e
 CT106-3-2-SNA

Figure 64

2) Besides that, hping2 command is also used to create and flood a network with innumerable number
of packets. In this case, we have used 80000 packets and flooded webserver with unnecessary
traffic . Due to the intense number of packets, the system will crash; prompting the user to enter
CTRL+C in order to abort it. This can be achieved by entering the command as shown in the
image below.

Figure 65

50 | P a g e
 CT106-3-2-SNA

How the information about known attacks compiled into rules

The snort log file and alert log file can be found in /var/log/snort.

Alerts are generated based on the rules defined in configuration file as shown in the table
below.

Structure of the alert:

Rule actions Alert

Protocol icmp
Source IP Address any
Source Port any
Direction Operator ->
Destination IP Address any
Destination Port any
Rule option msg:”ICMP Destination Unreachable”

It is important to large-scale intrusions that the rules of network traffic could be collected
and analysed well and also the current network status can be reported correctly. Moreover,
the ongoing function of the networks apart from the constant changes in traffic. The
network traffic model shows a type of network pattern and the network traffic rule into a
group of rules compiled by a methodology with soft computing methods.

Obstacles encountered, obstacles overcome

Initially, the files under snort_dynamicengine, snort_dynamicpreprocessor and

snort_dynamicrules directories are not executed when initialising snort. This was
overcome by removing ‘0.0’ from the file names.

51 | P a g e
 CT106-3-2-SNA

Any Outstanding/Unresolved Issues

Multitail is not implemented to show a particular snort rule.

References

NFS - Quick and Dirty Setup, 2015. HOWTO. [Online] Available at:
https://docs.slackware.com/howtos:network_services:nfsquick_and_dirty_setup
[Accessed 11 December 2018].

52 | P a g e
 CT106-3-2-SNA

Sudo
Owner: (Chiranjeev TP053346 )

Objective:
Choose one server and
a) Change the start-up display to show a random fortune in colour each time a user logs
in rather than the command summary and root login
b) Allow no root access: force users to use sudo
c) Have different colour prompts for normal users and root

Configuration:
Add User
1) One virtual machine will be configured in order to achieve this enhancement. For this, I
have chosen the gateway.

2) Add new user to the gateway by inputting ‘adduser’ command .For this step, the required
input is for the username and password where else other information is not really required.
(Figure 66)

Figure 66: Creating a new user by

using the ‘adduser’ command.

53 | P a g e
 CT106-3-2-SNA

Allow no root access: force users to use sudo

1) Login gateway using the new user created ‘chiranjeev’.
2) Type mc and go into midnight commander.
3) Browse to etc/sudoers. Press F4 to edit.
4) Modify the user privilege by appending %user ALL=(ALL) ALL to allow all user group
access sudo. (Figure 67)

Figure 67: Modify the user privilege

5) Press F2 to save and then F10 to quit.

6) Input ‘sudo passwd -l root’ command to disable the root. (Figure 68)
7) To enable the root access, we can type ‘sudo passwd -u root’ command.

Figure 68: Disable the root access

54 | P a g e
 CT106-3-2-SNA

Have different colour prompts for normal users and root

1) Type mc, locate to etc/profile. Press F4 to edit the file.

2) The following commands will be added in to the file. (Figure 69)

Figure 69: Add the command to have different colour prompts

But watch out:

 if [ "`id -u`" = "0" ]; then

"double quote" and the `backtick` (on the far left of the keyboard)

 PS1='\u@\h:\w\$ '
'single quote' (under the " on the keyboard)

3) Press F2 to save changes and then F10 to exit.

55 | P a g e
 CT106-3-2-SNA

4) Login back to root and the new user to see the colour difference which has been modified.
(Figure 70 & Figure 71)

Figure 70: User for root has changed to red in colour

Figure 71: User for chiranjeev has changed to green in colour

56 | P a g e
 CT106-3-2-SNA

Change the start-up display to show a random fortune in colour each time a user logs in rather than
the command summary and root login

1) Login root, type mc. Locate into mnt/hdc/SetupMenu.

2) Install Ascii Art (Figure 72)

Figure 72: Install Ascii Art

3) Install Games (Figure 8)

Figure 73: Install

Games
57 | P a g e
 CT106-3-2-SNA

4) Reboot
5) Login root. Open mc and locate to etc/profile. Input the following command
echo -e "\e[01;33m"; fortune |boxes -d columns -a hcvc; echo -e "\e[00m" (Figure 9)

Figure 74: Input commands for the fortune

6) F2 save and F10 to exit. Locate to etc/issue and press F4 to edit issue file.
7) Delete the command summary and root log in so that the random fortune will only appear,F2
save and F10 to exit
8) Reboot
9) Login root and the random fortune with colour will appear. (Figure 10)

Figure 75: Random Fortune with colour

58 | P a g e
 CT106-3-2-SNA

Referencing
MyTinyNet::Prompt. 2018. MyTinyNet::Prompt. [ONLINE] Available at: http://my-
tiny.net/M10-prompt.htm. [Accessed 10 December 2018].

MyTinyNet::Sudo. 2018. MyTinyNet::Sudo. [ONLINE] Available at: http://my-tiny.net/M21-

sudo.htm. [Accessed 11 December 2018].

MyTinyNet::Users. 2018. MyTinyNet::Users. [ONLINE] Available at: http://www.my-

tiny.net/M09-usrmgt.htm. [Accessed 11 December 2018].

59 | P a g e
 CT106-3-2-SNA

LDAP
Owner: Teo Jun Fu TP041243
Objectives
1. Setup LDAP server with two domains ( o= and dc=)
2. Configure dovecot and squirrelmail to use the LDAPhost

Configuration
Setup LDAP server
1. Run the LDAPhost server and login as root.
2. At the command prompt, type these commands:
cd/mnt/hdc
ls -1 /mnthdc
./SetupMenu
3. At the SetupMenu, choose “Configure as TinyNet LDAPhost” to configure as the
LDAPhost. After done this command and type “reboot” to restart the LDAPhost.
4. Type these commands to start the LDAP:
/etc/rc.d/rc.ldap start
chmod 755 /etc/rc.d/rc.ldap

Configure Anonymous access

1. Edit the /etc/openldap/slapd.conf file. Edit these line:
access to *
by dn = “cn=LDAPAdmin,o=tinynet.edu” write
by self write
by * read

60 | P a g e
 CT106-3-2-SNA

2. F2 to save file.

Figure 76: Edit slapd.conf file

3. Edit the /etc/openldap/topclass.ldif file.

dn: cn=LDAPAdmin,o=tinynet.edu
objectClass: organizationalRole
objectclass: simpleSecurityObject
cn: LDAPAdmin
description: LDAP Administrator
userPassword: {PLAIN}slapmesilly
4. Type these command at the command prompt to create top level of DIT.
ldapadd -x -D "cn=LDAPAdmin,o=tinynet.edu" -w slapmesilly -f
/etc/openldap/topclass.ldif
5. Type this command to add user data.
ldapadd -x -D "cn=LDAPAdmin,o=tinynet.edu" -w slapmesilly -f
/etc/openldap/userdata.ldif
6. Edit /etc/openldap/topclass.ldif file.

61 | P a g e
 CT106-3-2-SNA

Figure 77: Edit the /etc/openldap/topclass.ldif file

7. After use the ldapadd to add user, the data in userdata.ldif will be edited.

Figure 78: Edit userdata.ldif file

Configure dovecot
8. Go to the mailhost and configure /etc/dovecot/dovecot.conf file.

62 | P a g e
 CT106-3-2-SNA

Figure 79: Edit dovecot.conf file

9. Rename the file /etc/dovecot/dovecot-ldap.conf to /etc/dovecot/dovecot-ldap-dc.conf.

10. Edit the /etc/dovecot/dovecot-ldap-dc file.

Figure 80: Edit dovecot-ldap.conf file

11. Restart the dovecot.

63 | P a g e
 CT106-3-2-SNA

Configure squirrelmail

1. Run the WebServer.

2. Edit the /var/www/squirrelmail/config/config_svr_ldap.php.

Figure 81: Edit config_svr_ldap.php file

3. Restart the webserver.

4. Edit the /var/www/squirrelmail/config/config_plugins.php.
Uncomment these line:
‘$plugins[8] = ‘ldapquery’
‘$plugins[10] = ‘info’
‘$plugins[11] = ‘administrator

Get LDAP using stunnel

1. Change the permission of the /etc/rc.d/rc.stunnel to 10755 and start the rc.stunnel.
2. Type this command at the command prompt at the LDAPhost to run the stunnel.
/etc/rc.d/rc.stunnel start

Obstacles
Stunnel is not running in the LDAPhost with the use of command “/etc/rc.d/rc.stunnel start” in
htop. No display of stunnel process in the list.

64 | P a g e
 CT106-3-2-SNA

Figure 82: htop command (find the stunnel process)

65 | P a g e
 CT106-3-2-SNA

Conclusion

In this assessment, the team has successfully gained some deeper insights about configuring virtual
machines and implementing other enhancements. The project team has done several researches to
comprehend the project requirements and execute them. It cannot be denied that the assignment
has been done successfully within the deadline with the strong cooperation of all team members.
The project has unexceptionally enhanced the team’s networking skills, cyber security skills and
significantly help them to boost their self-esteem.

66 | P a g e