OPS235 Lab 4 - CDOT Wiki
OPS235 Lab 4 - CDOT Wiki
OPS235 Lab 4
Contents
1 LAB PREPARATION
1.1 Purpose / Objectives of Lab 4
2 INVESTIGATION 1: User/Group Management
2.1 Part 1: Studying the /etc/passwd file
2.2 Part 2: Adding, Removing, and Modifying Users
2.3 Part 3: Managing Groups
2.4 Practical Example
3 INVESTIGATION 2: Managing System Services and Run-levels
3.1 Part 1: How do we Manage System Services?
3.2 Part 2: How do we Manage Runlevels?
4 INVESTIGATION 3: CREATING USERS VIA SHELL SCRIPTS
4.1 Using getopts Function & case statement
5 LAB 4 SIGN-OFF (SHOW INSTRUCTOR)
5.1 Exclusively for Summer 2020 term, submissions are accepted only online!
6 Practice For Quizzes, Tests, Midterm & Final Exam
LAB PREPARATION
Purpose /
Objectives of
Lab 4
https://wiki.cdot.senecacollege.ca/wiki/OPS235_Lab_4 1/14
27/10/2023, 22:01 OPS235 Lab 4 - CDOT Wiki
Another important operation for a Linux sysadmin is to manage services (eg. starting, restarting, stopping,
disabling, enabling system services). Many students may think that the following topic is small and "not a big
deal". Those students may say, "How hard is running and stopping services?"
The process may not be hard, but knowing how to stop, start, restart and check the status of services is absolutely
critical to a Linux server. Aside from learning to trouble-shoot problems by checking the status of running
services, understanding how to manage services is critical to help protect a Linux server from penetration
(this term is referred to as "Hardening a system"). Sometimes it is "what we don't know" that can harm us. One
key element in hardening a computer system is to disable non essential networkng services to allow IDSs
(Intrusion Detection Systems) to focus on a narrower range of policy violations. A Debian-based penetration
testing distribution called Kali (formerly referred to as "BackTrax") allows sysadmins and security professionals
to identify vulnerabilities in their computer systems, and thus improve (harden) their systems against penetration.
Learning to monitor the status, enable and disable networking services underlies the Backtrax motto: "The quieter
you are, then more you will hear..."
Main Objectives:
ystutorials.c kel.html)
om/docs/lin init vs
ux/man/8-gr systemd (htt
oupadd/) p://zenit.senec
groupdel (htt ac.on.ca/wiki/
ps://www.sy index.php/Init
stutorials.co _vs_systemd)
m/docs/linu
x/man/8-gro
updel/)
chage (htt
p://www.agr.
unideb.hu/~
agocs/infor
matics/11_e
_unix/unixh
elp/unixhel
p.ed.ac.uk/C
GI/man-cgie
d74.html?ch
age)
Managing
Services
systemctl (ht
tp://www.ds
m.fordham.e
du/cgi-bin/m
an-cgi.pl?to
pic=systemc
tl)
https://wiki.cdot.senecacollege.ca/wiki/OPS235_Lab_4 3/14
27/10/2023, 22:01 OPS235 Lab 4 - CDOT Wiki
Perform the
following steps:
Part 2: Adding,
Removing, and
Modifying Users
Perform the
following steps:
1. Remain in your
centos1 VM for this Another essential responsibility for Linux system administrators is to add, modify, and
section. remove user accounts.
2. Read the man page
for the useradd
command.
3. Create a new user called ops235_1 by issuing the command:
useradd ops235_1
4. Issue the command: grep ops235_1 /etc/passwd to see if that user account was created.
5. View the /home directory to view the contents. Is the user ops235_1's home directory there?
NOTE: In some versions of Linux, you may have to issue the -m option with the useradd command in order
https://wiki.cdot.senecacollege.ca/wiki/OPS235_Lab_4 4/14
27/10/2023, 22:01 OPS235 Lab 4 - CDOT Wiki
Practical Example
Management has sent you (the Linux systadmin) that a "new" employee has been hired and will be on on probation
for 3 months. As the Linux system administrator, they want you to perform the following steps:
Unfortunately, you were later informed that this "noobie" employee was caught stealing from the company.
They want you to perform the following operations:
7. Remove this account, but keep "noobie's" home directory for police investigation purposes.
8. Verify that you correctly issued the correct commands.
https://wiki.cdot.senecacollege.ca/wiki/OPS235_Lab_4 6/14
27/10/2023, 22:01 OPS235 Lab 4 - CDOT Wiki
Although there is a command called: service that may appear to manager services on your Linux system, it is
considered deprecated (i.e. "obsolete"). It has been replaced by using the systemctl (http://zenit.senecac.on.ca/wik
i/index.php/Init_vs_systemd#systemd_Command_Usage) command.
Note: There is a major difference between stopping a service and disabling a service: If a service is stopped
but enabled, the service will start upon reboot. Therefore to prevent it being started upon boot-up, the service
will need to be disabled as well!
5. Issue the commands to start and enable the iptables service, and verify that it is started and enabled.
Note: If you performed the commands correctly, the iptables service should be running, and will
automatically run upon your Linux machine start-up.
https://wiki.cdot.senecacollege.ca/wiki/OPS235_Lab_4 7/14
27/10/2023, 22:01 OPS235 Lab 4 - CDOT Wiki
Running Linux servers in graphical mode can make the server vulnerable to penetration (i.e. a potential break-in to
the server from unauthorized intruders). The X-windows framework can be vulnerable to attacks when these
servers are connected to the Internet. This is why when you install server versions of Linux, they work in text-
based mode only. Desktop versions of Linux are then installed on workstations (working in graphical mode) that
connect to the Linux server (for security reasons since those servers are closest to the router and the Internet).
The Linux sysadmin can also change the run-level (or state) of a graphical Linux server to run in text-based mode
and run the graphical mode by issuing a command when graphic mode is required. The run-level term is now
deprecated in Fedora, and will likely be deprecated in RHEL/CentOS at some point as well, but for now this is
what the industry is using.
The purpose of Linux servers are to run network-based services (i.e. they "serve" the users that operating in
that Linux/Unix system). It is common that these Linux servers are separated (for security purposes) and they
are run in Command-Line mode only. Running these Linux/Unix servers in Graphics Mode will make
them more vulnerable to penetration from hackers, etc. Therefore, it is common that the Linux servers are
CLI only, but the Workstations that connect to them within the network are GUI. Therefore, it is important that
a Linux/Unix system administrator understand to switch to these different "run-levels".
Note: You should see two separate characters (like N 5). The number on the right is the current run-level 5
(which is graphical mode). The number or character on the left if the previous run level (which is N which
means there was no previous run level since it was a "new" install).
3. You can use the init command to change the current run-level. See a list of runlevels here (https://www.cento
s.org/docs/5/html/5.2/Installation_Guide/s2-init-boot-shutdown-rl.html).
4. Issue the init command to change the current run-level in centos1 to 3 by issuing the following command:
init 3
5. What did you notice?
6. Issue the following Linux command: startx
What happens? Why would you want to make a graphical Linux system run in text-based mode?
7. Log-off your graphical system. You should return to your CLI shell prompt and change to root user. You
should notice at this point that the command startx did not reset your run-level.
8. Reissue the init command to change the current run-level back to 5
Did it work?
9. Issue the runlevel command to verify that the run-level is set to 5 (i.e. Graphical). You should notice a 3
followed by a 5. That is to indicate that the current run-level is 5, but previously, it was set to 3.
https://wiki.cdot.senecacollege.ca/wiki/OPS235_Lab_4 8/14
27/10/2023, 22:01 OPS235 Lab 4 - CDOT Wiki
Examples:
Example:
done
https://ict.senecacollege.ca/~ops235/labs/user-create.bash
5. Try to understand what these Bash Shell scripts do, and then run the script as root to create just one user
called test. After running the shell script, view the contents of the /home directory to confirm.
Although the zenity command is a "user-friendly" way to run shell scripts, Linux administrators usually create
shell scripts that resemble common Linux commands. In this lab, you will learn to create a shell script using the
getopts function to make your shell script behave more like actual Linux commands (including the use of options).
Refer to the notes section on the right-hand-side for reference about the case statement and the getopts function.
#!/bin/bash
# createUsers.bash
# Purpose: Generates a batch of user accounts (user data stored in a text file)
#
# USAGE: /root/createUsers.bash [-i {input-path}]
#
# Author: *** INSERT YOUR NAME ***
# Date: *** CURRENT DATE ***
https://wiki.cdot.senecacollege.ca/wiki/OPS235_Lab_4 11/14
27/10/2023, 22:01 OPS235 Lab 4 - CDOT Wiki
12. Save your editing session, but remain in the text editor.
13. The code displayed below uses the getopt function set the input file pathname or check for invalid options or
missing option text. Add the following code
outputFlag="n"
while getopts i: name
do
case $name in
i) inputFile=$OPTARG ;;
:) echo "Error: You need text after options requiring text"
exit 1 ;;
\?) echo "Error: Incorrect option"
exit 1 ;;
esac
done
14. Save your editing session, but remain in the text editor.
15. The code displayed below uses logic to exit the script if the input file does not exist. Command substitution
is used to store each line of the input file as a positional parameter. There is one subtle problem here: The full
names of the users contain spaces which can create havoc when trying to set each line as a separate
positional parameter. In this case the sed command is used to convert spaces to plus signs (+), which will be
converted back later. Finally, a for loop is used to create each account (useradd) and mail the user their
account information (mail). Add the following code:
if [ ! -f $inputFile ]
then
echo "The file pathname \"$inputFile\" is empty or does not exist" >&2
exit 2
fi
set $(sed 's/ /+/g' $inputFile) # temporarily convert spaces to + for storing lines
as positional parameters
for x
do
userPassWd=$(date | md5sum | cut -d" " -f1)
useradd -m -c "$(echo $x | cut -d":" -f2 | sed 's/+/ /g')" -p $userPassWd $(echo
$x | cut -d":" -f1)
mail -s "Server Account Information" $(echo $x | cut -d":" -f3) <<+
Here is your server account information:
servername: myserver.senecac.on.ca
username: $(echo $x | cut -d":" -f1)
password: $userPassWd
Regards,
IT Department
+
https://wiki.cdot.senecacollege.ca/wiki/OPS235_Lab_4 12/14
27/10/2023, 22:01 OPS235 Lab 4 - CDOT Wiki
done
16. Save, set permissions, and then run that shell script for the input text file user-data.txt. Did it work? Try
running the script without an argument - What did it do?
17. You have completed lab4. Proceed to Completing The Lab, and follow the instructions for "lab sign-off".
1. Make certain that your c7host, centos1 and centos2 VMs are running.
2. Switch to your c7host VM.
3. Open a shell terminal, su - into root, and change to the /root/bin directory.
4. Issue the Linux command: wget https://ict.senecacollege.ca/~ops235/labs/lab4-
check.bash
5. Give the lab4-check.bash file execute permissions (for the file owner).
6. Run the shell script and if any warnings, make fixes and re-run shell script until you receive
"congratulations" message.
7. Arrange proof of the following on the screen:
✓ centos1 VM:
Demonstrate that this VM 's current run-level is set to 5.
✓c7host machine
Run the lab4-check.bash script in front of your instructor (must have all OK messages)
https://wiki.cdot.senecacollege.ca/wiki/OPS235_Lab_4 13/14
27/10/2023, 22:01 OPS235 Lab 4 - CDOT Wiki
4. What is the command to delete a user account? What option allows for the user's home directory to be
removed as well?
5. What is the command to create a group? What is the command (or steps) to include a user in a newly-created
group?
6. What is the purpose of /etc/shadow?
7. What is the purpose of /etc/skel?
8. What does the term run-level mean?
9. How to set the run-level of a Linux system to text-based only? How to set to graphical mode?
10. What is the command to view the status of running services?
11. What is the command to start a service (like httpd, or sshd)?
12. What is the command to stop a service (like httpd, or sshd)?
13. What is the difference between starting a service and enabling a service?
14. Can a service be stopped and started by issuing just one command?
15. What is the purpose of the case statement in shell scripting?
16. What is the purpose of the getopts function in shell scripting?
17. What type of shell script would be best to automatically create 1200 user accounts (which a list of usernames
are stored in a text-file)?
https://wiki.cdot.senecacollege.ca/wiki/OPS235_Lab_4 14/14