Individual Assignment Technology Park Malaysia: Hardware and Software Sytems & Networks

Hardware and Software Systems & Networks CE00804-5-HSSN
INDIVIDUAL ASSIGNMENT
TECHNOLOGY PARK MALAYSIA
CE00804-5-HSSN
HARDWARE AND SOFTWARE SYTEMS & NETWORKS
APT2F1908CYB
HAND OUT DATE:
HAND IN DATE: 16 DECEMBER 2019
WEIGHTAGE: 50%
INSTRUCTIONS TO CANDIDATES:
1 Students are advised to underpin their answers with the use of references
(cited using the Harvard Name System of Referencing).
2 Late submission will be awarded zero (0) unless Extenuating
Circumstances (EC) are upheld.
3 Cases of plagiarism will be penalised.
4 The assignment should be bound in an appropriate style (comb bound or
stapled).
5 Where the assignment should be submitted in both hardcopy and
softcopy, the softcopy of the written assignment and source code (where
appropriate) should be on a CD in an envelope / CD cover and attached to
the hardcopy.
BY: CHIN KEE HANN (TP048305)

JEVAN GAZALI (TP049064)
Level 2 Asia Pacific Institute of Information Technology 2019

KELLY (TP053167)
Table of Contents
I. Initial Configuration
II. Group Component
A. STUNNEL
B. CROSS – SYSTEM MULTITAIL
C. LDAP
III. Individual Component
A. SUDO
B. BASIC VPN
C. IP TABLES

Initial Configuration
1. VirtualBox Interface VirtualBox is a virtual

machine that is used on this
report all the way from the
beginning to the end. It is
available for free at
virtualbox.org. It allows us to
run different operating system
machines in the same computer.
Slax Operating System is going
to be used to perform all of the
tasks, Slax is a Linux-based
Operating System which is
extremely light because it could
run without Graphical User
Interface, it utilizes the
command line for the users to
interact with the machine.
2. Creating Virtual Machine A new virtual machine could

be created by selecting on
Machine option on the top left
options and choosing on New
option. Afterwards, the file
location, memory size allocated,
and type of virtual hard disk
allocation need to be specified.
The Operating System that is
going to be running is Linux
2.6 / 4.x / 4.x (32-bit) category.
The memory size that needs to
be allocated here is relatively
small which is only 96 MB. A
new virtual hard disk should be
chosen as creating a new virtual
machine is our objective.

The image file (.vdi file)

location that has been
downloaded has to be added to
File Location column. The
allocated memory for the Slax
Operating is 200 MB. The
recommended hard disk file type
would be VDI (Virtual Disk
Image). Storage on physical
hard disk could be dynamically
allocated or fixed size.
Dynamically allocated storage
allows the storage allocated to
shrink and grow more than has
been specified, while fixed size
storage could not.
3. Setting New Virtual Machine The boot order needs to be

arranged as optical on the first
position, floppy as second, and
hard disk as third. All those
three must be activated. This
could be accessed by accessing
the Settings of a particular
machine and it would be on
System section.
The Storage section also has

to be configured. Gateway.vdi
file needs to be removed from
Controller: SATA and added to
Controller: IDE. The next thing
is to add the Operating Image
file TinyNetBase.iso into
Controller: IDE.

The next section that needs to

be set is Network. In most of the
cases, there needs to be only one
network adapted to be switched
on. The network adapters could
be chosen between Host-only
Adapter or Bridged Adapter. In
case if there is something wrong
with the internet connection, 2
or more network adapters could
be switched on.
4. Booting Slax Virtual Machine After completing previous

steps, booting the machine
should not be a problem. The
figure next to this explanation
shows the first interface while
booting the machine, the Slax
Text mode should be selected to
access the Operating System
program.
The figure beside shows the

interface after completing the
booting processes. To login, the
default username would be root
and toor as the default
password.

To get into the figure beside

this explanation, the user needs
to type “cfdisk” and press Enter.
The hda1 must be configured to
be 180 MB size, hda2 must be
30 MB size approximately. The
file type of hda1 is Linux and
the file type of hda2 is Linux
swap, whereas the hda1 must be
the partition used to perform the
booting processes. Write the
partition table to disk and follow
5. Creating Partition on The Disk certain steps that would asking
the user whether they are certain
or not to make these changes.
Afterwards, the command

“mke2fs /dev/hda1” must be
typed and the commands as the
figure displays should be
displayed. Then, the next
command would be “mkswap
/dev/hda2”.
Thereafter, the last three

commands to create partition to
the disk are “swapon
/dev/hda2”, “mkdir /mnt/hda1”,
and “mount /dev/hda1
/mnt/hda1”. These commands
are basically intended to activate
the filesystems.

6. Accessing Midnight Commander

Typing the command “mc”
enables the user to get access
into midnight commander. In
the midnight commander, the
boot and slax files need to be
copied to the /mnt/hda1 folder
from /mnt/hdc folder.
The first step is pressing F9

on the keyboard to allow the
user to access the header
options. The user needs to select
on File and press Enter on Copy
after that. The user specifies the
location of where the file would
be copied which is /mnt/hda1.
The OK option should be
selected after editing the
location. These steps must be
done to both files, boot and slax.
The user then needs to install

the boot loader, the user has to

go to liloinst.sh file under
/mnt/hda1/boot folder. The user
would have to press Enter after
highlighting that file and ignore
all of the warnings. Thereafter,
press F10 to exit, and type
“reboot” on the console to
restart the machine.
7. Configuring Gateway/ MailHost/ WebServer/ LDAP Initially, the user needs to

make user that the
TinyNetConfig.iso file is still
attached to the system by
checking it on the Settings-->
Storage. The user needs to login
with default username and
password and go to midnight
commander with the command
“mc”. The user would then have
to access SetupMenu file under
/mnt/hdc.
After pressing enter on

SetupMenu file, there would be
options available such as
TinyNet Gateway, TinyNet
MailHost, TinyNet WebServer,
TinyNet LDAP, and TinyNet
Generic. In this case, we would
take TinyNet Gateway for
example. Then, the user needs to
wait for a while and the user
would be prompted to press
Enter to return to the Menu.
Afterwards, the user has to
reboot the machine with reboot
command to save the
configuration.
8. Configuring Telnet

Telnet is an underlying
TCP/IP Protocol and a user
command for accessing remote
computers. First thing to do on
this part is editing the telnet file
that is located under
/etc/xinetd.d. After accessing
telnet file, the user needs to edit
the particular line to become
“only from = 127.0.0.1/24” and
change the disable part to “no”.
The user then would have to

change the permission of
rc.xinetd file that is located
under /etc/rc.d by selecting on
File option and choosing the
chmod option under File. Then,
the user would need to give
permissions to all the actions
except for the first three.
Pressing Set would keep the
changes of permission made.
The user needs to copy the

rc.xinetd file to the same
folder /etc/rc.d. The Copy menu
could be found under the File
menu. The new copied file
would be named rc.inetd. Then,
the old rc.xinetd could be
deleted, the purpose of doing
this is just to rename the file.
The user needs to go to

/var/log directory and make sure

these three files are given
permission by accessing chmod.
These three files are:
/var/log/postfix.log
/var/log/dovecot.IMAP
/var/log/dovecot.LDA
Thereafter, the user needs to exit
the midnight commander and
type “/etc/rc.d/rc.inetd start”.
9. Testing After doing all those steps on

Gateway, the user should also
do the same steps to create a
new machine which is
MailHost. On the Mailhost
machine, the user has to edit
mail-pwd file that is located
under /home/vmail directory.
Here, the user needs to define
the email address and password
for the MailHost machine, in
this case, the email address is
mailadmin@mailhost.tinynet.ed
u and the password is admin.
The figures on this page

display the processes of sending
and receiving message on the
MailHost machine. The
commands for sending the email
are:
telnet localhost 25
HELO sending.host.name
MAIL From: TheBoss@example.com
RCPT To:
mailadmin@mailhost.tinynet.edu
DATA

Subject: System Upgrade
Group Member : Kelly, Jevan

Gazali, Chin Kee Han.
.
QUIT
And these commands below are

used for receiving the email:
telnet localhost 143
11 login
"mailadmin@mailhost.tinynet.edu"
"admin"
21 list "" "*"
23 select "INBOX"
32 FETCH 1 BODY[]
34 logout
Port 25 is used for sending the

email, while port 143 is used for
receiving the email. The email
received could also be checked
on the inbox file.
10. Accessing SquirrelMail

The user needs to edit the
monkey.conf file that is located
under /etc/monkey directory on
WebServer machine.
Server_root needs to be changed
to /var/www from
/var/monkey/htdoc. Indexfile
index.html index.htm needs to be
commented #Indexfile
index.html index.htm. index.php
needs to be uncommented (The
user could uncomment line by
removing the # or //).

After scrolling down a little,

Server_ScriptAlias needs to be
changed from /var/monkey/ to
/var/www/. The AddScript
application part needs to be
uncommented. The changes
could be saved by pressing F2.
Afterwards, the user needs to

exit the midnight commander
and type “htop” on the console.
The user has to restart the
monkey, the user first kills the
monkey process by pressing F9
and start the monkey process
again by typing
“/user/sbin/monkey -D”.
The result would be displayed

like the figure next to this
explanation. Then, the user
needs to check the machine’s IP
address to access the
SquirrelMail. The command
“my-ip” is used to check the IP
address.

The user then needs to go the

browser and insert the
machine’s IP address to the
search column. The
SquirrelMail interface would be
displayed if all the previous
steps have been followed
properly.
The user needs to insert the

correct name and password as
the ones that have been defined
on one of the previous steps, in
order to be able to have access
to the email.
This is the message that was

sent and received by the
MailHost on the previous
section. It proves that the
message could be accessed
through SquirrelMail as well.

Group Component
STUNNEL
(a) using stunnel for communication between servers and (b) using the mail submission port.
MailHost Configuration
1. Initially, MailHost machine needs to be opened, and access rc.d folder. On the rc.d folder,
rc.stunnel must be given permission to be executed by owner, group, and others. chmod
option under File option has to be used to perform permission changes.

2. On the second step, the first line of relayhost must be commented (add #), meanwhile, the
second line of relayhost must be uncommented (remove #). On the second line, the command
“submission” needs to be changed to “587”. These changes must be saved then.
3. Afterwards, rc.stunnel file that is located under /etc/rc.d folder has to be modified, the
command “/etc/stunnel $LINE” needs to be added after command “/usr/sbin/stunnel $LINE”.
After that, press on F2 to save the changes.
4. On the fourth step, some changes need to make to mh.services.conf file that is part of
/etc/stunnel folder. On the “;output = /some/place/stunnel.log” line, this line must be changed
to be “output = /var/log/stunnel/log”.

5. These commands below are responsible to ask permission for stunnel.log file, start the
stunnel services, and running the var folder. “chmod 777 stunnel.log” is actually an
alternative to ask for permission, instead of accessing it through midnight commander.
6. Thereafter, the user would type “netstat -tulp” to check the services that are running at that
time. “htop” command could also be used as an alternative option of “netstat -tulp”
command. They both should show that the stunnel services are activated or in listen state.

WebServer Configuration
1. In order to configure stunnel services successfully, webserver also needs to be configured.

The user needs to edit config_svr_adrs.php file that is part of /var/www/squirrelmail/config
directory. Below “// for stunnel” line, the smtpServerAddress and smtpPort must be

uncommented (remove //) since they both would be activated if we do so for configuring
stunnel. Then, below “// for initial testing” line, the is $smtpPort which needs to be
commented (add //) to tell the system to not execute this line.
The user would scroll down a little, and the user would find another “// for initial testing”
line. Below this line, the imapServerAddress must be changed with the IP address of the
previous MailHost machine. The configuration could be saved then.

2. These commands below are exactly the same with the ones that were performed on
MailHost machine previously. For the further explanation, the user could refer to previous
MailHost configuration.
This figure below proves that the stunnel services are running properly on WebServer
machine.

Testing
The next three figures below show the processes of sending message from Gateway machine
and receiving message to Mailhost machine in detail.

Afterwards, the user needs to check the IP address of WebServer machine to access the
SquirrelMail in the browser. In this case, the IP address of it is 192.168.56.111.

The SquirrelMail login page would require email and password, the default email would be
“mailhadmin@mailhost.tinynet.edu” and the default password would be “admin”. After
logging in, the interface should be the same as the figure below.

This figure below displays the message that was sent by gateway and received by mailhost
previously.
CROSS-SYSTEM MULTITAIL
Objective
a) Use one easy method to setup Multitail to show the postfix logfiles on the Gateway
and the Mailserver in separate windows, and demonstrate using email via telnet
b) Use a different easy method to setup Multitail to show the postfix logfiles on the
Gateway and the Mailserver in a single window with different colors, and demonstrate
using email via telnet
Configuration
a) Use one easy method to setup Multitail to show the postfix logfiles on the Gateway
and the Mailserver in separate windows, and demonstrate using email via telnet
 Make sure gateway, mailhost and webserver is running.

 Login to gateway, mailhost and webserver

 Edit ssh_config in gateway and mailhost by type mc and go to /etc/ssh/ssh_config
 Edit ssh_config file by press f4 and add command below:

host *
ContolPath /tmp/ssh-%r@%h%p
ControlMaster auto
# ControlPersist 10m

 Exit from mc and make sure ssh is running by typing the command below:
netstat -tulp

 Access mailhost from gateway using ssh by typing the command below
ssh root@192.168.76.209 (ip mailhost)
 If there is a confirmation question for login by using ssh, type yes to continue
 Type mailhost password (toor) as authorization to access mailhost.
 Open new terminal by press alt+f2 and type command below to run multitail from
mailhost and gateway and showing postfix.log activity.
multitail /var/log/postfix.log –l “ssh root@192.168.76.209 tail –f
/var/log/postfix.log”

 Multitail will start and postfix is waiting for email.

 Send email through squirrelmail.
 When multitail receives the email, it will respond as the figure below shows.
 To exit from multitail, type ctrl+c

b) Use a different easy method to setup Multitail to show the postfix logfiles on the
Gateway and the Mailserver in a single window with different colors, and
demonstrate using email via telnet
 Make sure gateway, mailhost and webserver is running
 Type below command to mailhost

o mkfifo /tmp/foo
o ln –s /bin/bash /bin/rbash
o cat /tmp/foo ibsdnc –ikv 23432 l/bin/rbash l>/tmp/foo &
 Go to gateway and type the command below to open multitail with different colours:
multitail -ci yellow /var/log/postfix.log -ci red -L “echo ‘tail /var/log/postfix.log’ inc
192.168.76.209 23432”

 After sending email through squirrelmail, the postfix.log will respond as the figure
below displays.
 To exit press ctrl+c

LDAP
LDAP – The missing piece of our enterprise network

a) Setup the LDAP sever with two domains (o= and dc=)
b) Configure dovecot and squirrelmail to use LDAP
c) Get LDAP using stunnel (with screenshot of listening ports)
A) Setup the LDAP sever with two domains

To setup a LDAP server we need to create a new virtual machine and install LDAP
server from tinynetconfig.iso. In LDAP system we need to change the owner group
to nobody under the /var/log/slapd. Log and press F9 under file we go to chOwn
change the owner

After changing the owner to nobody, we go to the edit the file under /etc/syslog.conf change
the code “local4.info” become local4.*(It changes the log level for facility local4 from info
to all).
Besides, we also need to uncomment the loglevel directive in front the comment we need to
put a # in the /etc/openldap/slapd.conf file by pressing F4(edit the current highlighted file)
to configure the comment.
B) Configure dovecot and squirrelmail to use LDAP
After the configuration of LDAP, we will type in this commands : /etc/rc.d/rc.syslog stop to stop
the file system and start back again /etc/rc.d/rc.syslog start.
Next, we need to fix the file under /etc/rc.d/rc.ldap inside the comment we need to delete the
ldaps:// so it will only listen on the regular LDAP port which is ldap:// also we want the
stunnel listening on the LDAP port.

After configuring it, again we need to start and stop the service of the LDAP server, by
typing this command: etc/rc.d/rc.ldap start after that we /etc/rc.d/rc.ldap stop. It’s for
LDAP server to prevent kill process in HTOP.
Now we come to configure Anonymous Access, so come to /etc/openldap/slapd.conf we

change and delete the comment. We delete by * auth and change *by users read to become
by * read. After we change all the permission we reboot again.
After opening the LDAY system, now we need to add data in the LDAP system.
In the /etc/openldap/topclass.ldif we need to add two command in the file which is

“objectClass: simpleSecurityObject” and “userPassword: {PLAIN}slapmesilly”
After that stop and start the LDAP service to prevent database getting damaged and we need
to start all over again to configure the LDAP.

Now we need to create the top levels of the DIT and this command is the created a new
directory using PLA which is ldapadd -x -D “cn=LDAPAdmin,o=tinynet.edu” -w
slapmesilly -f /etc/openldap/topclass.ldif.
After that we add user in to the directory by typing this command: ldapadd -x -D
“cn=LDAPAdmin,o=tinynet.edu” -w slapmesilly -f /etc/openldap/userdata.ldif.

After adding all the users in directory, type ldapsearch -x -b “o=tinynet.edu”

“(ou=UserNetB)” cn uid mail.
In the LDAP system, under /etc/openldap/topclass.ldif make a file copy call dctopclass.ldif
inside the file we need to add some command in the file system. As we can see the diagram
above shows that the red line is, we need to add and edit the command. After we done we
already create the DIT in the LDAP system.

Now we need to add user into the file. In console, we type ldapadd -x -D
“cn=LDAPAdmin,dc=tinynet,dc=edu” -w slapmesilly -f /etc/openldap/dctopclass.ldif.
And then we go to /etc/openldap/userdata.ldif file and make a copy to become dcserdata.ldif.

after that we go to the dcserdata.ldif inside the file change the dn for each user for example:
dn: cn=Barbara Jensen, ou=UserNetA, dc=tinynet,dc=edu.
After we finish edit we add them in with ldapadd -x -D

“cn=LDAPAdmin.dc=tinynet,dc=edu” -w slapmesilly -f /etc/openldap/dcuserdata.ldif.

We already complete to set up the LDAP system, now we need to go to the mailhost system
to configure it. In mailhost system under /etc/dovecot.conf in the file we need to copy the
command and change a bit. In the diagram above shows that the command already copy and
change.
After finishing adding the command go to /etc/dovecot/dovecot-ldap.conf inside the file we

need to uncomment the #hosts =localhost and add hosts = ladp.tinynet.edu *without the #”
below it.

After that we scroll down the pace also under /etc/dovecot/dovecot-ldap.conf we go to change
the command in the diagram above. Now the configuration of the mailhost system is
complete.
Lastly, we go the webserver system to configure the squirrel-mail to use LDAP. Under
/var/www/squirrelmail/conf ig/config_svr_ldap.php inside the file we need to copy the
code and paste under the LDAP server option and edit as shown in the diagram above.
Finally, We done all the LDAP set up in our virtual box machine and now we are going to
test out the LDAP work in the Squirrel-Mail or not.

Testing with Proof
First we need to login Squrirel-Mail as mailadmin@mailhost.tinynet.edu.
After we login to the account, we go to “Compose”.
Under the “Subject” column click on “Addresses”.
After we prompting it in to this page click the “List all” button. After clicking the “List all”
button it list all the user email address that we configure at the system it will show at
Squirrel-Mail.

C) Getting LDAP using stunnel (with screenshot of listening ports)

To configure Stunnel in LDAP first we need to configure at LDAP system.
First we need to copy all the file and directory in /var/monkey/htdocs/ to /var/www so the
default home page will be prompted.
Secondly, swap the comments to the right interface and go to

/var/www/squrirrelmail/cinfig/config_svr_adrs.php inside the file we need to add and
delete the // at the deigning of the line. Search for stunnel and remove the “//” at the front of
command so it will use localhost rather than the other servers.

After we configure finish the webserver, we come to mail-host, configure the stunnel swap
the comment to right interface and find the file under /etc/postfix/main.cf inside the file we
need to edit the file.
Uncomment the relauhost = [gateway.tinynet.edu]:587.Finally we go the our LDAP

system check the state of the stunnel is listen or not by using this command netstat -tulp to
check stunnel.

Individual Component
SUDO (Jevan Gazali – TP049064)

Choose one server and:
- Change the startup display to show a random fortune in color each time a user logs in
rather than the command summary and root login.
- Allow no root access: force users to use sudo.
- Have different color prompts for normal users and root.
Sudo configuration could be done on any TinyNet Machines, including TinyNet Gateway,
TinyNet MailHost, TinyNet WebServer, and TinyNet LDAP which run on Slax Operating
System. Basically, all the users that log in to any of those machines, they all would be given
sudo access for their accounts. Only certain users (system admin) who are authorized could
get access for root level access which allows the users to access all the folders and files on the
system without any restictions. These are the processes to set the sudo configuration:
1. The user must have Games and ASCIIart configuration installed on their machines as the
prerequisite by configuring it on SetupMenu. The user needs to access the midnight
commander on any machines by typing mc on the console. The user goes to /etc/issue
directory, press on F4 to edit file, and all the texts or commands in /etc/issue need to deleted.
The file would become empty after doing this step and the changes must be saved with F10.

2. The user has to make some changes on ssd-games”ortune.sh file that is located under
/etc/profile.d. The user needs to delete all the commands on the lines between if and fi, and
change it to echo -e "\e[01;32m"; fortune |boxes -d columns -a hcvc; echo -e "\e[00m". Then,
the file must be saved, and the permission must be set up through chmod under File option as
the followings:
- Allow to be excuted by owner
- Allow to be excuted by group
- Allow to be excuted by others

3. The user needs to access sudoers file which could be accessed manually or just by typing
command visudo on the console. The user then needs to add command Defaults
editor=/usr/bin/mcedit:/usr/bin/vi on the line under # Defaults specification.
Afterwards, on the same file, the user needs to scroll down a little, and uncomment / remove
one of the hash symbols which is located before %wheel. The user needs to save the file to
keep the changes.

4. On the fourth step, the user needs to exit the midnight commander and go back to the
console. On the console, the user would have to type sudo -i, in order to enable root account.
The result should be the same as the figure below:
5. Thereafter, the user needs to change the /etc/profile configuration, the changes would be
made on the else statement section.

if [ ! "`id -u`" = "0" ]; then
PS1='[\[\033[01;32m\]\u@\h \[\033[01;34m\]\W\[\033[00m\]]# '
else
PS1='[\[\033[01;31m\]\u@\h \[\033[01;34m\]\W\[\033[00m\]]$ '
The first one using # means the colour prompt would be green if a normal user logs in with
sudo access, while the second one using $ means the colour prompt would be red if a user
with root privilege (admin) logs in using their root account.

Result:
User with root privilege (admin):

Normal user without root privilege:

Basic VPN (CHIN KEE HANN – TP048305)

Goal/Objective: 1. Setup openvpn
2. Have two sets of config files, one for tun and one for tap
Configurations:
Do these steps for both Client and Server.
1. Install the openvpn setup. First, login to the both host as root and change direction to the
/mnt/hdc/ and then key-in a command of ./SetupMenu (Shown in Figure 1 to 3)
Figure 1
2. Then, go to other packages -> OpenVPN
Figure 2
Figure 3
3. Follow these commands: cd /usr/doc/openvpn-2.0.9/easy-rsa then . .vars (make sure the

dot has a space between them for vars) then ./clean-all then ./build-ca (shown in Figure 4)

Figure 4
4. Setup your vpn by signing up by filling up our country locations (shown in Figure 5)
Figure 5

Figure 6
5. Server configuration.(Figure 7 to 8)
a. cd /usr/doc/openvpn-2.0.9/easy-rsa
b. ./build-key-server server
c. Enter for the field except common name
d. Type server
e. Type y for sign certificate and commit certificate request
f. ./build-dh
g. Copy all the keys to /usr/doc/openvpn-2.0.9/sample-config-files
h. Copy ca.key & ca.crt to USB storage and copy into ./keys in Client
Figure 7

Figure 8
6. OpenVPN Server setup(Figure 9-10)

i. mc
j. Then go to /usr/doc/openvpn-2.0.9/sample-config-files/server.conf
k. Comment “dev tap” and uncomment “dev tun”
l. Ensure the correct file name for CA Certificate, Server Certificate, Server Key
and Diffie-Hellman Encryption Key
m. Ensure the server IP address and subnet mask is 10.8.0.0 255.255.355.0
n. Ensure Server Bridge is commented out.
Figure 9

Figure 10
7. Client server(Figure 11-16)

a. Copy over ca.key & ca.crt to /usr/doc/openvpn-2.0.9/easy-rsa/keys
b. Cd /usr/doc/openvpn-2.0.9/east-rsa
c. ./build-key client
d. Press enter to all fields except Common Name.
e. Type client for Common Name
f. Type y for “sign the certificate?” and “commit of certificate request?”.
g. Copy ./keys file to /usr/doc/openvpn-2.0.9/sample-config-files
h. Go to /usr/doc/openvpn-2.0.9/sample-config-files/client.conf
i. Ensure that it is client, dev tap is commented, dev tun is not.
j. remote 192.168.76.101 1194
k. ;remote my-server-2 1194
Ensure file name for CA Certificate, Client Certificate and Client Key are correct.

Figure 11
Figure 12

Figure 13
Figure 14

Figure 15
Figure 16

IP TABLES (KELLY – TP053167)

Objectives
a) Add the six “Rules for things that no proper TCP stack should be processing” from
the IPTables Quick Reference section -p --protocol tcp but use a LOG target
b) Use hping2 and Multitail to show the rules are working
Configuration
a) Add the six “Rules for things that no proper TCP stack should be processing” from
the IPTables Quick Reference section -p --protocol tcp but use a LOG target
 Add six rules that are going to be assigned, which are six rules below and type it to the
virtual machine
Rule 1: iptables -A INPUT -p tcp --tcp-flags ALL NONE -m limit --limit 1/minute -j
LOG --log-prefix “iptables AN: ” --log-level alert
Rule 2: iptables -A INPUT -p tcp --tcp-flags FIN,SYN FIN,SYN -m limit --limit

1/minute -j LOG --log-prefix “iptables FSFS: “ --log-level alert
Rule 3: iptables -A INPUT -p tcp --tcp-flags SYN,RST SYN,RST -m limit --limit

1/minute -j LOG --log-prefix “iptables SRSR: “ --log-level alert
Rule 4: iptables -A INPUT -p tcp --tcp-flags FIN,RST FIN,RST -m limit --limit

1/minute -j LOG --log-prefix “iptables FRFR: “ --log-level alert
Rule 5: iptables -A INPUT -p tcp --tcp-flags FIN,ACK FIN -j LOG -m limit --limit
1/minute --log-prefix “iptables FAF: “ --log-level alert
Rule 6: iptables -A INPUT -p tcp --tcp-flags ACK,URG URG -m limit --limit

1/minute -j LOG --log-prefix “iptables AUU: “ --log-level alert

 Test first rule by typing multitail /var/log/syslog -l “hping2 192.168.0.128”

 Test second rule by typing multitail /var/log/syslog -l “hping2 -F -S 192.168.0.128”
 Test third rule by typing multitail /var/log/syslog -l “hping2 -S -R 192.168.0.128”
 Test forth rule by typing multitail /var/log/syslog -l “hping2 -F -R 192.168.0.128”

 Test fifth rule by typing multitail /var/log/syslog -l “hping2 -F 192.168.0.128”

 Test sixth rule by typing multitail /var/log/syslog -l “hping2 -U 192.168.0.128”.
 Save the rules in virtual machine by go to mc, then go to /etc and create new directory
by pressing f7 and name it as iptables to save the iptables.

 Go back to terminal and type command below to save iptables:

Iptables-save > /etc/iptables/rules.v4
Iptables-save > /etc/iptables/rules.v6

Individual Assignment Technology Park Malaysia: Hardware and Software Sytems & Networks

Caricato da

Informazioni sul documento

Titolo originale

Copyright

Formati disponibili

Condividi questo documento

Condividi o incorpora il documento

Opzioni di condivisione

Hai trovato utile questo documento?

Questo contenuto è inappropriato?

Copyright:

Formati disponibili

Individual Assignment Technology Park Malaysia: Hardware and Software Sytems & Networks

Caricato da

Copyright:

Formati disponibili

Hardware and Software Systems & Networks CE00804-5-HSSN

TECHNOLOGY PARK MALAYSIA

HARDWARE AND SOFTWARE SYTEMS & NETWORKS

HAND OUT DATE:

HAND IN DATE: 16 DECEMBER 2019

BY: CHIN KEE HANN (TP048305)

Level 2 Asia Pacific Institute of Information Technology 2019

II. Group Component

III. Individual Component

Level 2 Asia Pacific Institute of Information Technology 2019

1. VirtualBox Interface VirtualBox is a virtual

2. Creating Virtual Machine A new virtual machine could

Level 2 Asia Pacific Institute of Information Technology 2019

The image file (.vdi file)

3. Setting New Virtual Machine The boot order needs to be

The Storage section also has

Level 2 Asia Pacific Institute of Information Technology 2019

The next section that needs to

4. Booting Slax Virtual Machine After completing previous

The figure beside shows the

Level 2 Asia Pacific Institute of Information Technology 2019

To get into the figure beside

Afterwards, the command

Thereafter, the last three

Level 2 Asia Pacific Institute of Information Technology 2019

6. Accessing Midnight Commander

The first step is pressing F9

The user then needs to install

Level 2 Asia Pacific Institute of Information Technology 2019

the boot loader, the user has to

7. Configuring Gateway/ MailHost/ WebServer/ LDAP Initially, the user needs to

After pressing enter on

Level 2 Asia Pacific Institute of Information Technology 2019

The user then would have to

The user needs to copy the

The user needs to go to

Level 2 Asia Pacific Institute of Information Technology 2019

/var/log directory and make sure

9. Testing After doing all those steps on

The figures on this page

MAIL From: TheBoss@example.com

Level 2 Asia Pacific Institute of Information Technology 2019

Subject: System Upgrade

Group Member : Kelly, Jevan

And these commands below are

21 list "" "*"

Port 25 is used for sending the

10. Accessing SquirrelMail

Level 2 Asia Pacific Institute of Information Technology 2019

After scrolling down a little,

Afterwards, the user needs to

The result would be displayed

Level 2 Asia Pacific Institute of Information Technology 2019

The user then needs to go the

The user needs to insert the

This is the message that was

Level 2 Asia Pacific Institute of Information Technology 2019

Level 2 Asia Pacific Institute of Information Technology 2019

Level 2 Asia Pacific Institute of Information Technology 2019

Level 2 Asia Pacific Institute of Information Technology 2019

1. In order to configure stunnel services successfully, webserver also needs to be configured.

Level 2 Asia Pacific Institute of Information Technology 2019

Level 2 Asia Pacific Institute of Information Technology 2019