Sri Lanka Institute of Information Technology

IE2012 - Systems and Network Programming

Final Assignment

Name: Peiris W.S.S.N

Registration Number: IT23227286

Table of Contents

1 Basics of Linux Environments.................................................................................................3

1.1 Virtual Machine Setup......................................................................................................3

1.2 Command Line Introduction...........................................................................................23

1.3 System Information and User Management....................................................................29

2 DHCP, DNS and NTP Services.............................................................................................33

2.1 DHCP (Dynamic Host Configuration Protocol).............................................................33

2.2 DNS (Domain Name System).........................................................................................40

2.3 NTP (Network Time Protocol)........................................................................................45

3 Shell Scripting and Security..................................................................................................48

3.1 Shell Scripting.................................................................................................................48

3.2 SSH (Secure Shell)..........................................................................................................55

3.3 IPtables and ACLs...........................................................................................................58

3.3.1 Web Server Security................................................................................................58

3.3.2 Remote Administration Access................................................................................58

3.3.3 Allow Specific Applications....................................................................................59

3.3.4 Allow Pings.............................................................................................................59

3.3.5 Printer Server Access...............................................................................................59

4 Best practices.........................................................................................................................60

4.1 Disable Unused Network Interfaces...............................................................................60

4.2 Enable a Firewall............................................................................................................60

4.3 Disable IPv6 if Not Needed............................................................................................61

4.4 Limit Network Service Exposure....................................................................................62

4.5 Configure Network Interface Security Settings..............................................................63

1 Basics of Linux Environments
1.1 Virtual Machine Setup

Go to this link https://www.virtualbox.org/wiki/Downloads and download virtual machine setup

and go through the setup.

Below screenshot shows VirtualBox software after installation. I have already installed
VirtualBox and added Kali Linux and Metasploitable2.

To download Ubuntu go through this link https://ubuntu.com/download/desktop and press

“Download 24.04.1 LTS” button. Then an iso file will start downloading.

4|Page
After downloading the iso file open virtualbox and press new button. In the create virtual
machine window put a name and a folder to install Ubuntu. Automatically type will be selected
to Linux and the version to Ubuntu (64-bit). Then select next to configure hardware.

In the hardware section select a suitable base memory for Ubuntu considering the amount of
RAM installed in your device. I have selected 12GB ram for faster installation. Then select the
amount of CPUs you want to allocate for Ubuntu I have selected 6 CPUs. In both base memory

5|Page
and processors sections make sure you select a number inside the green part of the line. Then
select next to configure virtual hard disk.

Select create a virtual hard disk now. Then select enough disk size to accommodate the Ubuntu
OS. I chose to give 40GB.

Select next to see the summary and press finish.

6|Page
Go to settings of Ubuntu by selecting Ubuntu and pressing settings icon. In “General” section
select Advanced tab change shared clipboard and Drag’n’Drop to Bidirectional from Disabled.

This will enable copy/paste and drag and drop functions across Ubuntu and the Windows. Then
select storage. Under controller: IDE click on the empty disc. Then under attributes select optical
drive by selecting the disc icon. Then select the relevant iso file containing Ubuntu.

Then you can see the selected iso file under controller: IDE . Once that done click ok. Now we
are ready to installUbuntu using virtualbox.

7|Page
8|Page
After selecting Ubuntu press start. Below steps will lead to a successful install.

Select Try or Install Ubuntu here by pressing enter.

Select English and press next.

Select the accessibility settings to your liking. I didn’t change anything here because everything
is according to my preference here.

9|Page
10 | P a g e
11 | P a g e
12 | P a g e
Check both of these checkboxes to install third-party software for graphics and WIFI hardware
and to download and install support for additional media formats.

Below configuration will only clear the virtual disk space I allocated previously.

13 | P a g e
Set credentials for the user account.

Region will be automatically detected. If not select it manually.

14 | P a g e
Check the summary to make sure everything is alright.

Below process will take few minuts.

15 | P a g e
After the installation system will ask to restart.

Select your account and press enter.

16 | P a g e
Entered the password I provided earlier.

17 | P a g e
Chose skip for now below for this demonstration.

Chose no below because of privacy concerns.

18 | P a g e
Press finish to end initial setting up process.

After installation VirtualBox doesn’t give Ubuntu on full screen. That issue can be solved by
installing VirtualBox guest editions through Ubuntu terminal. To access the terminal press the
show apps button in the bottom left corner and then select terminal.

19 | P a g e
First run sudo apt update command on Ubuntu terminal. Enter the password to commence. This
will update packages and repository information. Then run sudo apt install build-essential dkms
linux-headers-$(uname -r) command. This command will install build essentials, dkms and
Linux headers.

20 | P a g e
Pess Y to continue.

21 | P a g e
After installation click on devices option on the top left VirtualBox menu and select insert guest
additions CD image. It will mount guest additions to Ubuntu OS.

Then navigate in to /media/suga/VBox_Gas_7.0.18/ folder and look for autorun.sh file.

22 | P a g e
Run the autorun.sh file using ./autorun.sh command. Then enter the password.

It will start installing guest additions in VirtualBox.

23 | P a g e
After the installation restart the virtual machine. Then you will be able to resize the window as
you want.

1.2 Command Line Introduction

1.pwd

The command pwd stands for print working directory. It will provide the full path to the
directory that you are currently working on. This command is useful when you need to confirm
current directory location when navigating though the directories.

2.ls

The ls command is used when you need to list contents of a certain directory. It displays files and
subdirectories of the current directory or a certain directory. This is the basic form of command.

24 | P a g e
ls -l will shows us the content in long listing format displaying file permissions, ownership, size
and modification dates. ls -a will list all files including hidden files. ls -lh will display content in
long listing format with more human readable file size interpretation using KB, MB etc.

ls -R will display contents recursively. Meaning it will lists files and directories including those
in subdirectories.

25 | P a g e
3.cd

Command cd stands for change directory. It allows us to navigate between different directories.
Running cd alone will take you to home directory from the current directory. If you use cd and a
specific path it will take you to that specified directory.

26 | P a g e
If you use cd .. command terminal will take you to parent directory. The command cd – will take
you to previous directory.

4.mkdir

The command mkdir is used to create new directories. It can be used to create a single or
multiple new directories at once.

27 | P a g e
5.rmdir

The rmdir command is used to remove(delete) empty directories. It can remove single or
multiple empty directories at once.

6.cp

The cp command is used to copy files and directories.

28 | P a g e
7.cat

The cat command is used to display the content of a file or concatenate multiple files and print
their output.

8.mv

The mv command is used to move or rename files and directories. If the destination is a directory
the source file will be moved to that directory. If the destination is file name the source will be
renamed to that destination file name.

29 | P a g e
1.3 System Information and User Management

9.uname -a

The uname -a command provides detailed information about the system and the kernel. It outputs
a combination of system information, including the kernel name, version, hardware details, and
more. It's often used for troubleshooting or when sharing system details for technical support.

30 | P a g e
10.df -h

This command shows the disk space usage on our system in a human readable format.

11.free -m

The command free -m displays the system memory usage in megabytes.

31 | P a g e
12.id

The id command in the Ubuntu terminal is used to display user and group information for the
current user or a specified user.

13. whoami

The whoami command in the Ubuntu terminal is used to display the current logged-in username.
It tells you who you are in terms of the user account you're using at that moment.

32 | P a g e
14. passwd

The passwd command in is used to change a user's password. By default, it changes the
password for the current user, but it can also be used to modify passwords for other users (with
superuser privileges).

15. useradd

The useradd command is used to create a new user account on the system. This command allows
system administrators to add users with specific configurations, such as setting the home
directory.

33 | P a g e
2 DHCP, DNS and NTP Services
2.1 DHCP (Dynamic Host Configuration Protocol)

My Ubuntu VM started to be so buggy to the point I couldn’t use it anymore. So I switched to

Kali.

DHCP (Dynamic Host Configuration Protocol) is a network management protocol used on IP

networks. It automatically assigns IP addresses and other communication settings to devices on
the network.

First login as root by giving the command sudo su and enter the password.

To install DHCP server open Kali terminal and give the command apt install isc-dhcp-server.

34 | P a g e
After installation go to setting of Kali VM and select network. Then press adopter 2 tab and tick
enable network adopter and change “attached to:” option to internal network. And I have
changed the name to intnet0 for easier identification.

35 | P a g e
Do not change the adopter one because it provides the connection to windows network.

To make the initial lease database use the command touch /var/lib/dhcp/dhcpd.leases

Then type dhcpd you can initiate the DHCP server and test the server configuration.

36 | P a g e
To verify whether it’s working properly or not, type ifconfig.

37 | P a g e
We will assign IPv4 address to eth1 by using the command ifconfig eth1 192.168.56.0 as user’s
DHCP IP address.

To define the subnet and the IP range we will go to dhcpd.conf file in /etc/dhcp.

38 | P a g e
Type below information inside the dhcpd.conf file.

subnet 192.168.56.0 netmask 255.255.255.0 – Defines the subnet that the DHCP will be
managing.

range 192.168.56.10 192.168.56.100 – This is the range that the DHCP can assign clients to

option routers 192.168.56.1 – Defines the default gateway

option domain-name-servers 192.168.1.1 192.168.1.2 – DNS servers clients should use

option domain-name “snpdhcp” – Defines the domain name

Go to /etc/default/isc-dhcp-server and change INTERFACESv4 to eth1.

39 | P a g e
Then use the command systemctl restart isc-dhcp-server to restart the server.

To check the status of the server type systemctl status isc-dhcp-server and dhcpd

40 | P a g e
Use the command watch -n 1 dhcp-lease-list to view how devices get assigned IP addresses.

2.2 DNS (Domain Name System)

DNS is a very important component of the internet. It translates human-readable domain names
into IP addresses which computers use to communicate with each other.

41 | P a g e
First we will install BIND9 and all the utilities that comes with bind9 using the command apt
install bind9 bind9utils bind9-doc -y.

Then we need to install net tools. For that we’ll use the command apt install net-tools

Next we’ll use the command nano /etc/bind/named.conf.options to edit the file
named.conf.options. Uncomment the forwarders and change it to 8.8.8.8(google DNS). Then
save the changes made.

42 | P a g e
Next we’ll use the command nano /etc/bind/db.example.com to edit the file db.example.com.
Add the below information(I have added my current IP address below) and then save the changes
made.

Next we’ll use the command nano /etc/bind/db.192 to edit the file db.192. Add the below
information and then save the changes made.

43 | P a g e
Next we’ll use the command nano /etc/bind/named.conf.local to edit the file named.conf.local.
Add the below information and then save the changes made.

To start bind9 use the command systemctl restart bind9. In my case the terminal gave me a error
as shown below. To troubleshoot that I used the command systemctl enable named and systemctl
start named. Then use the command systemctl restart bind9 to start bind9 and to check the status
type systemctl status bind9 and hit enter.

44 | P a g e
We need to make sure that bind9 is allowed through my firewall. In order to do that we need to
check the firewall is active or not by typing the command ufw status. Then we’ll add the rules
that allows bind9 to go through the firewall by using the command ufw allow bind9. After
adding the rules, to reload the firewall use the command ufw reload. To check the status of the
firewall type ufw status.

45 | P a g e
Then go to windows OS and open command prompt. In the command prompt type ping
www.example.com. If we get a response that means the DNS is up and running.

2.3 NTP (Network Time Protocol)

NTP (Network Time Protocol) is a protocol used to synchronize the system time with remote
servers over a network. It ensures that your system's clock is accurate by synchronizing it with
trusted time sources, usually time servers that are synchronized to atomic clocks.

In order to install NTP use the command apt install ntp.

46 | P a g e
Startup the NTP service with ntpd command.

Type the command ntpq to test the server.

The command ntpstat will display the synchronization status.

Install systemd-timesyncd package by using apt install systemd-timesyncd command. This

implies getting the NTP service as well as synchronizing time in this package.

47 | P a g e
After that run the command timedatectl status to check the status of the NTP.

48 | P a g e
3 Shell Scripting and Security
3.1 Shell Scripting

i. First create a shell script file called system_report.sh. in order to do that write the
command nano system_report.sh in the terminal.

Then write the below script inside the system_report.sh.

49 | P a g e
#!/bin/bash

# Define the destination directory for reports

DEST_DIR="/home/kali/system_reports"

# Create the destination directory if it doesn't exist

if [ ! -d "$DEST_DIR" ]; then

mkdir -p "$DEST_DIR"

fi

# Define the report file name with the current date

DATE=$(date +%Y-%m-%d)

REPORT_FILE="$DEST_DIR/system_report_$DATE.txt"

# Collect system information and write to the report file

echo "System Report - $DATE"

echo "-------------------------------"

echo "Date and Time: $(date)"

echo "System Uptime: $(uptime -p)"

echo "Free Memory: $(free -h | grep Mem | awk '{print $4}')"

echo "Disk Usage:"

df -h

echo "-------------------------------"

} > "$REPORT_FILE"

echo "System report created: $REPORT_FILE"

50 | P a g e
 DEST_DIR: The script will store the report in /home/kali/system_reports. If the directory
doesn't exist if statement will create a directory.

Filename: The report file is named as system_report_YYYY-MM-DD.txt using the current

date.

The script captures the following:

Date and Time: Using the $DATE command.

Uptime: uptime -p, will show how long the system has been running.

Free Memory: free -h will show the amount of free memory in human-readable format.

Disk Usage: df -h will display disk space usage for all mounted filesystems.

After writing the script we need to give executable permissions.

After that lets run the script file.

51 | P a g e
Then we will see the content of the resulted file at /home/kali/system_reports/.

As the next step type crontab -e command in the terminal and select a preferred editor.

52 | P a g e
Inside the crontab write following code and save.

This tells cron to run the command at 6:00 AM every day

ii. create a shell script in the file backup_documents.sh in desktop. Using the command
nano backup_documents.sh. Inside the file add the below shell script.

53 | P a g e
#!/bin/bash

# Define source and destination directories

SOURCE_DIR="/home/kali/documents"

DEST_DIR="/home/kali/backup/documents"

# Create the backup destination directory if it doesn't exist

mkdir -p $DEST_DIR

# Get the current date (format: YYYY-MM-DD)

DATE=$(date +'%Y-%m-%d')

# Create a tarball of the source directory and name it with the current date

BACKUP_FILE="documents_backup_$DATE.tar.gz"

# Perform the backup

tar -czf "$DEST_DIR/$BACKUP_FILE" -C "$SOURCE_DIR" .

# Print a message indicating the backup was successful

echo "Backup completed: $DEST_DIR/$BACKUP_FILE"

54 | P a g e
Then we’ll make the script executable by using the command chmod +x backup_documents.sh.

After that we will open crontab to schedule the script to run periodically. For that type the
command crontab -e.

Next add a cron job to run the script daily. For that type below code inside the crontab.

55 | P a g e
3.2 SSH (Secure Shell)

First run the apt update command and download packages.

Then we need to install open ssh server. To do that run the command apt install openssh-server.

Next start the ssh by systemctl restart ssh and to check the status of the ssh use systemctl status
ssh.

56 | P a g e
To allow ssh through the firewall with which it can listen for incoming requests. Run below
commands.

Port 22/tcp is the TCP port that is used for the SSH protocol by default. For the next step we
need the IP address. Use ifconfig to view it.

57 | P a g e
We will use another terminal as the client computer to put this one into reality. Then enter the
username and ip address of the server after the ssh command to connect to the server. Type the
command ssh [email protected].

58 | P a g e
3.3 IP tables and ACLs
3.3.1 Web Server Security

To allow incoming traffic only on ports 80 (HTTP) and 443 (HTTPS) for the web server and
block everything else we need to make the drop policy to default by using iptables -P INPUT
DROP command. Next allow traffic on localhost by iptables -A INPUT -i lo -j ACCEPT. Then
allow established connections to continue by iptables -A INPUT -m state --state
ESTABLISHED,RELATED -j ACCEPT. Then allow incoming port 80 and port 443 traffic by
iptables -A INPUT -p tcp --dport 80 -j ACCEPT and iptables -A INPUT -p tcp --dport 443 -j
ACCEPT commands.

3.3.2 Remote Administration Access

Allow SSH access port 22 only from specific IP addresses of trusted machines by iptables -A
INPUT -p tcp --dport 22 -s <trusted ip address> -j ACCEPT command.

59 | P a g e
3.3.3 Allow Specific Applications

To allow video conferencing app using port 443 its going to be same as HTTPS rule.

3.3.4 Allow Pings

To allow ping requests to our server to help with the network diagnostic we can run the
command iptables -A INPUT -p icmp --icmp-type echo-request -j ACCEPT.

3.3.5 Printer Server Access

To allow traffic to the printer server only from specific IP addresses within our local network use
iptables -A INPUT -p tcp --dport 9100 -s <trusted IP> -j ACCEPT command. To block external
access to printer server use the command iptables -A INPUT -p tcp --dport 9100 -j DROP.

60 | P a g e
4 Best practices
4.1 Disable Unused Network Interfaces

Your Linux machine has multiple network interfaces. If they are not being used it’s a good
security practice to disable or shut down any unused network interfaces. These interfaces can act
as attack surfaces if not properly secured. Use the ip link show command to list all interfaces. If
there are unused interfaces disable them using the command ip link set <interface> down.

4.2 Enable a Firewall

Firewalls help filter and control network traffic based on predefined rules and it will protect our
system from unauthorized access and potential attacks.

To install and enable a firewall type apt install ufw and ufw enable commands.
61 | P a g e
4.3 Disable IPv6 if Not Needed

If our network environment does not use IPv6, temporarily disabling it can help reduce the attack
surface because attackers cannot exploit IPv6-related vulnerabilities if it is disabled. In order to
do that run the following commands sysctl -w net.ipv6.conf.all.disable_ipv6=1 and sysctl -w
net.ipv6.conf.default.disable_ipv6=1.

62 | P a g e
4.4 Limit Network Service Exposure

Only run network services that are necessary, and bind them to specific network interfaces if
possible. This helps in reducing unnecessary network exposure and limits the services that
attackers can target. Use the command netstat -tuln to check active connections. Next use
ListenAddress <Preferred ip> and hit enter.

Restart the service to apply the changes

63 | P a g e
4.5 Configure Network Interface Security Settings
Configuring security settings for network interfaces, such as enabling secure protocols,
configuring static IP addresses, and limiting promiscuous mode, can prevent unauthorized access
and data interception.
To use static ip addresses edit the network configuration file (e.g., /etc/network/interfaces,
/etc/netplan/, or NetworkManager configuration) to set a static IP.
Promiscuous mode allows an interface to capture all traffic, not just the traffic intended for it,
which could be a security risk. To check for it type ip link. If necessary disable it with ip link set
<interface> promisc off.

64 | P a g e