Linux assignment COIT20232 – Security Infrastructure Administration

COIT20232 – Security Infrastructure Administration
Base Server Installation
This guide steps us through the download and installation processes for VirtualBox and a minimal virtual base Ubuntu Server.The guide is based on the Windows operating system as most students (>90%) use Windows.  We should be able to use any operating system supported by VirtualBox.  However, teaching staff support may be limited for other operating systems.

Assumptions
The installation process requires a PC connected to a small private network that provides access to the Internet.  The network should provide automatic IP address configuration via DHCP or similar.  There is a prerequisite in place for this course which requires us to have a good understanding of Networks and network addressing.  Any issues relating to these requirements should be raised on the course forum.

Virtual Box
* VirtualBox (www.virtualbox.org) – virtualisation software which allows us to install and run operating systems on top of other operating systems.

Downloading
Download the binary install file that matchesour host Computer from the main VirtualBox website:

www.virtualbox.org

Select the download link on the main page and then the binary download link.

The Windows VirtualBox-4.2.6-82870-Win.exe file was 95 MB.

Installing
Run the downloaded installation file accepting all the default settings.

This is a very simple install process for Windows.  Wemay be asked to install device software as part of the installation; we can safely trust “Oracle Corporation” and must install these.  The device software allows VirtualBox to access the host hardware (network cards, usb ports etc).

If any problems areencountered during the install,please provide a detailed description of the problem on the course forum.

We should see the above when we run VirtualBox after a successful install.

Before creating a new virtual machine we first need to download the Ubuntu Server image.

Ubuntu Server
* Ubuntu Server (www.ubuntu.com/business/server/overview, help.ubuntu.com/12.04/index.html) – a Linux based operating system.

Downloading
The Ubuntu Server image is 645 MB in size.  It is worthwhile to check if ourInternet Service Provider offers a free mirror service for Linux images and updates.  All service providers are different, so we will have to check this for ourselves.  Internode, iiNet, Westnet and Bigpond all appear to offer free download mirrors – check the details of these as they are subject to conditions and changes.

A list of Official Mirrors for Ubuntu can be found at the following link:

launchpad.net/ubuntu/+cdmirrors

If we want to download when on campus, it is best to use AARNet, which provides the major network link between Universities in Australia.  AARnet will be used in the examples in this document.

The AARNet Mirror can be found at the following link:

mirror.aarnet.edu.au/pub/ubuntu/releases

We should see a directory listing similar to the one shown below:

We want to download the Ubuntu 12.04 Server image so select the 12.04 link:

mirror.aarnet.edu.au/pub/ubuntu/releases/12.04/

Scroll down until we see the ubuntu-12.04.1-server-i386.iso link and select it. Note that the .1 may change to a larger number – this is what is called a point release and is the 12.04 server with additional updates applied. Make sure the server version is selected for download.

The download should start – remember it is around 645 MB so will take a while.

There is a torrent link available if that ispreferred.  However, it is usually easier to download the iso file directly.

 

 

Installing
To install the Ubuntu Server ‘inside’ VirtualBox we need to first create a new virtual machine.  So start up VirtualBox and select the ‘new’ button.

This will start the New Virtual Machine Wizard.  Follow along with the screen dumps below, reading any comments below them, selecting [Next] after changing any required settings.

 

Use the same name etc. as provided in the screen dumps.  This will help if there are any problems later on in the install process.

We don’t need a huge amount of memory for our server so reduce this to 256 MB.  This reduces the requirements of the host server as well.

We need to configure our Virtual Hard Disk differently from the default settings provided by the Wizard, so check the ‘Do not add a virtual hard drive’ Hard drive option.  We will create our own shortly.

We will create our own shortly so select [Continue].

Our ’empty’ virtual base server.

Now we will go through all of the settings for our Base Server and make any changes needed.  So select the [Settings] button.

Comments will be added below if any changes are required from the defaults.  Check that all our settings match those shown in the screen dumps below.

Note that the “Snapshot Folder” shownin the above[Advanced] section is different from the default – please leave them as the default which will be in our User directory.  Nothing needs to be changed here.

During the course, we will create a number of virtual machines – we can add a description here if it helps us keep track of our different virtual machines.

Note that the ‘Floppy’ has been deselected and moved down below the Hard Disk – make the same changes.

The default options should be the same as shown above.

We won’t be installing a graphics environment on our server so we don’t need any video acceleration, but bumping the Video Memory from 12 to 16 MB doesn’t hurt.

We are not using a graphics environment so we won’t have a Desktop to remote into.

We need to make a number of changes to the Storage for our server so the above is just showing the defaults – we need to change these as outlined below.

Select the IDE Controller – this is just like the real thing, in this case it has a CD drive attached.  No change required.

Now select the SATA Controller – again this is just like the real thing but we don’t want it.  So with the SATA Controller selected click the small icon below it that has the red minus sign on it.

Remove Controller (Del)

This deletes the SATA Controller.

Now we want to ‘insert’ the Ubuntu Server image (iso),that we previously downloaded, into our CD so we can install from it.  So select the Empty CD icon in the Storage Tree and then select the small CD image in the Attributes area (it’s to the right of the CD/DVD Driver drop down list.  Select the ‘Choose a virtual CD/DVD disk image…’ option and browse to and select the ubuntu-12.04-server-i386.iso image that we downloaded earlier.  [Review the screen dumps below first, if that is a little confusing.]

 

We should end up with something like the above.

We now have the install CD in our virtual CD drive ready to do the install.  However we still don’t have a hard drive to install the Ubuntu Server onto, so we need to add one.

To add a hard drive, select the small icon that has the green plus sign on it.

Add Controller (Ins)

Select the ‘Add SCSI Controller’ option.

We should now have the above storage configuration – check the ‘Use host I/O cache’ option to improve our virtual SCSI Controller performance.

We still don’t have a virtual disk drive so let’s add one.

With the SCSI Controller selected, select the ‘Add Hard Drive’ button:

Add Hard Disk

Select [Create new disk] when prompted.

We want to create a new VDI (virtual disk image).

We will use Dynamic allocated storage so our virtual disk only takes up as much physical disk space as required.

Use the name as shown – BUS_DISK_1 (Base Ubuntu Server Disk 1) which will help later when additional disks are created and if discussing a problem it will be easier to understand the configuration.  Ensure the disk size is set to 2.00 GB – this is important for later.

Create the new virtual disk.

Check that we have similar settings to the above.  Note that the Location should be different as it should default to our User path.

Finally we have a virtual disk drive to install our Ubuntu server onto.

Before we start the install we need to finalise the rest of our settings.

Audio defaults are okay.

The default NAT style network adapter is not what we want for this course.  Select the dropdown list and choose ‘Bridged Adapter’.

The Name field will likely be different on each of our computers.  Make sure it is the name of the main network card that is connected to the Internet (this may be a wireless card).  Nothing else needs to be changed here for now.  We will be adding additional adapters later, but for now we need to leave this as shown.

We are not interested in Serial Ports so leave as default.

We are not interested in USB Devices, so leave as default.

We will not use VirtualBox Shared Folders as we will be implementingfile sharing on our server – leave as default.

Finally – we’ve reviewed all the settings.  Select [OK] to save all our changes and get back to the main VirtualBox window.

Now we can finally install Ubuntu.

We will be installing our Ubuntu Server in expert mode, which means we need to go through all of the configuration options.  This takes a considerable amount of time.  So before starting the following install process we need to have an hour or two spare.  The installation process cannot be paused halfway through.

It is an easy step-by-step process with all configuration options provided.  Our server needs to be configured exactly as shown.

From the VirtualBox Manager screenselect the ‘Base Ubuntu Server’ virtual machine and then click the Start button.  This will start our virtual machine and boot up using the first boot device we configured earlier which was the CD/DVD-ROM.

You may receive the following or similar Information prompts.  Ensure you read through them before continuing.

 

We have now booted from the Ubuntu Server Installation CD which initiates the Ubuntu Server installation.

Select English as the default language.

We need to change a few options before starting the install.

First we need to select the installation Mode so press [F4] and select [Install a minimal virtual machine] and press [Enter].

We also want to install using expert mode – are we experts yet?  So press [F6] to get into the [Other Options] and check the Export Mode option by pressing the spacebar when it is highlighted.

Make sure there is an [x] beside the [Expert mode] option.  Press [Esc] to get back to the main Installation window.

Now we are ready to step through the install.  Make sure the [Install Ubuntu Server] menu option is selected and press [Enter].

Remember to read through any information boxes that appear.

We need to step through all of the choices.  The first is to choose the Language for our server.  Press [Enter].

The default language is English, which is what we want, so press [Enter].

Set our location to Australia.

The default locale is correct so press [Enter] to continue.  We need to be reading all of the details on each of the installation screens.  This will help us understand the choices we make and links back to much of the material covered in the course.

Use the TAB key to highlight the <Continue> option and press [Enter].

Our System locale should be Australia so en_AU.UTF-8 is correct – press [Enter].

We have configured the language settings.  Now we move on to configure the keyboard.  Press [Enter].

Select <No> and press [Enter].

English (US) keyboard is the default found in Australia, so ensure it is selected and press [Enter].

English (US) keyboard layout is correct – press [Enter].

Detect and mount the CD-ROM – press [Enter].

We will not be using usb-storage so unselect the option using the [Spacebar].  [Tab] to <Continue> and press [Enter].

There may be a short delay as the CD is detected – don’t panic – just be patient.

We can safely leave this blank – highlight <Continue> and press [Enter].

Finally our CD has been detected – press [Enter].

As part of the install the Debianpackage configuration file needs to be loaded so press [Enter].

We can load the various components from the installation CD – press [Enter].  However we want our server to be the very minimum at this stage, so we will only choose which mirror to install from.

Select just the option to choose a mirror to install from – [Spacebar] toggles the choice.  [Tab] to <Continue> and press [Enter].

Finally we see some action.

Press [Enter] to detect the network hardware.

As before, we won’t have any USB devices on our virtual server so unselect and <Continue>.

Press [Enter] to configure the network.

We can let the network be auto configured – make sure the network is connected to the host computer and is working first- press [Enter].

Change the hostname to our student number and <Continue>.

If we were configuring a server in the real world, we would have a domain name.  For what we will do in this course we can leave it blank.

Most of the screens are self explanatory so just follow the screen dumps below for each step and read any specific points.

It is unlikely that a proxy is used, so leave it blank unless we know we use one.

We will cover shadow passwords in the course for now accept the default <Yes> option.

We will cover why it is a bad idea to allow root logins later – select the <No> option.

We will all initially use the same default name “ubuntu” to keep things simple.

Account has the same name.

And so we don’t forget, set the password to “ubuntu” as well.

Re-enter the password.

An appropriate warning that we will disregard for simplicity and convenience – we would not do this in real life.

We will cover the pros and cons of using encrypted directories – for now we do not want encryption enabled.

Retrieve time from an NTP server – <Yes>.  Having the correct time on a server is very important.

The default Ubuntu NTP server will be fine.

The default should be correct based on our ISPs location.  If it’s not we can adjust it by selecting no.  We assume it is correct and select <Yes>.

Our server will not have usb-storage so uncheck and continue.

We will be using logical volume manager for our storage needs, so select the second option here.  We will coverLVM in more detail in the course.

We only have the one hard disk that we setup earlier in VirtualBox, so select it.

It is a very good idea to separate our filesystem into partitions, so select the last option.  We will cover why this is a good idea in the course.

Review the partition details that will be written to disk and select <Yes> if correct.

A large server may have many disks and partitions so a logical naming convention must be used.  To keep things simple, name this first Volume Group “VG_01” – sometimes simple naming is the best.

The default here is to use the entire disk – this is what we want to do.  So leave the 1.9 GB default and continue.  We will cover modifications and additions to Volume Groups later in the course.  This is one of the reasons we are starting with such a small disk.  It also highlights the minimal disk requirements for a base server installation.

Review and select <Yes> – partitions are created and formatted for use.

Now it’s time to actually do the installation.

Sit back and have a break for a minute or 3.

This is new for the ubuntu-12.04.2-server-i386.iso.

Select the generic kernel.

At this stage we do not need generic drivers.  Limiting what goes on the server is always a good idea and it keeps our size down.  Select the targeted option, press [Enter] and have another short break.

 

The package manager for Ubuntu is apt, which makes installing additional software very easy.

The date of the original install image was 16-Oct-2012.  Allowing access to a network mirror during install ensures we are using all the most up-to-date software (including security patches).

Yes there is a bit of dejavu here.  No proxy should be required.

This configuration allows software to be installed that is not part of the main Ubuntu distribution.  We may need to install third party software so we include it<Yes>.

Some useful tools are available only through the “universe”.

Similarly with “multiverse”.

We may not need/use some of these distribution points, but it saves having to add them later.

Backported software can be useful in some situations when new vulnerabilities are found.

Time for a short break.

Limit our updates to security updates which we always need kept up-to-date.  All other updates should be tested and preformed manually so that they do not break our system before being updated.  Otherwise a simple update process could put our server out of action.

Another short break…

Time for a bit longer break…

We want to pick the time when we do updates, not have them automatically installed at any time – [No automatic updates].

We could select a few items to install here, but we will opt to create the most minimal of servers and manually install components as we need them.  Ensure no software is selected.

Another short break…

We are getting to the end of the install now.  We need to install a boot loader that will load Ubuntu and start it running on our system.

<Yes> that’s where it needs to go.

Another short break…

Finally!

Well almost…

We are finally done!

Our system should now reboot and present us with a login.

We can now login as the user ubuntu with password ubuntu.

At this point we want to shut down our server so we can take a backup.

To shut down the server type the following at the prompt and press [Enter]:

ubuntu@S12345678:~$sudo shutdown -h now

“sudo” allows us to run the “shutdown” command as the root user.  The “-h” flag is to halt the system and “now” is so that it is done immediately.

You will see the system shutdown and the virtual machine close down.

 

 

Backing up the Base Server
We do not want to have to go through that process again so the first thing we want to do is take a backup copy of the Base Server.  The easiest way to do that is simply to zip up the directory that the virtual machine and disk is stored in.

We need to make sure the virtual machine is shut down and that VirtualBox is not running before zipping up the directory.

Find the location of the “Base Ubuntu Server” virtual machine – this was listed in the early parts of our install process.  It will most likely be in the “VirtualBox VMs” directory in your user directory.  Select the “Base Ubuntu Server” directory and zip the entire directory up into a zip file.  It will take a little while and the resulting zip file will be a little over 200 MB in size.

Don’t lose this file.  If we need to recover back to the initial base install we can simple delete the directory and unzip this file and we should be back to the base install.

Updating the Base Server
Make sure a backup has been done on the base server before updating it – see above.

The first thing we need to do after a basic server install is to make sure that it is up-to-date with the latest versions of software and security patches.

To update our server, we first need to start it up and login as ubuntu.

Ubuntu has a very easy to use package manager “apt”.  This is what we use to update our system.

From the command line, we first need to ensure that the list of packages available is updatedto the latest list.  We “update” the list by using the apt-get command:

ubuntu@S12345678:~$sudo apt-get update

We will be prompted for the ubuntu password as we are using the “sudo” command to assume root privileges to do the update.  “sudo” prompts for the password to test that we are the user logged in i.e. that we know our password.

Running the update will result in a list of URLs scrolling up the screen as the package list is updated.

Now that we have an updated list of packages, we can upgrade the system.  We again use the apt-get command, but ask it to “upgrade” our system:

ubuntu@S12345678:~$sudo apt-get upgrade

If prompted to continue, type “Y” to continue.  (The [Y/n]? prompt indicates that “Y” is the default value as it is the capital letter, so just pressing [Enter] will accept “Y” as your response.)  This will download and install any upgrades required for our system.

At this point all our existing software is up-to-date.  However, since the original Ubuntu server installation CD was created, the Ubuntu kernel has had a number of updates.  These are called distribution updates.  So to insure our server has the latest kernel (core operating system) we should also upgrade the distribution.  Using apt-get again we call it with “dist-upgrade”.

Since we have the latest ubuntu-12.04.2-server-i386.iso there will be no kernel upgrade required.  So the next 2 steps can be performed but no update/purge is required.

ubuntu@S12345678:~$sudo apt-get dist-upgrade

We should be prompted to continue, but before continuing, read the details of the distribution.  At the time of writing the latest kernel was linux-image-3.2.0-35-virtual.  We should document these things so we know the state of our server at all times – this is a required part of our assessment submissions.

Note that the size of the required download is listed.

Continue with the upgrade process by pressing [Enter].

This will take a little while.  Read the details as they are listed on the screen so you have a better understanding of the process involved.

Because we have just done a distribution upgrade we need to reboot to have the changes occur.  To reboot the server from the command line we simply use the shutdown command with the “-r” option:

ubuntu@S12345678:~$sudo shutdown -r now

This shuts down the server and reboots it again.

As the system reboots you will see an extra option in the boot loader – it flashes very quickly but we now have the option to boot into the old and new kernel – the default is the new kernel image.  The first reboot may take a little while as VirtualBox detects changes in the boot process.

We can see that the Linux kernel is now 3.2.0-35-virtual, where if we look back to our first login image it was listed as 3.2.0-29-virtual.

If for some reason there is a problem with the new kernel, we can simply boot back into the old one.  However, we want to start with a nice ‘clean’ server so we will remove the old kernel

ubuntu@S12345678:~$sudo apt-get purge linux-image-3.2.0-29

This removes the old kernel and recreates the Grub boot loader menu.

It is a good idea to reboot at this point to make sure everything is still working.  We don’t want to make other changes and find our system doesn’t boot and wonder what caused the problem.

ubuntu@S12345678:~$sudo shutdown -r now

Installing Manual Pages
It is very useful to have easy access to manual pages of all the available commands.

Software we need to install
* man – (help.ubuntu.com/community/man) – “used for displaying Unix and Linux manual pages”.

Install man
To install man pages we again use apt by typing in the following (login first if you haven’t already) and press [Enter]:

ubuntu@S12345678:~$sudo apt-get install man

Accept the <continue> prompt and wait while the install is completed.

How to use man
The link above gives us a rundown on how to use man, but a quick example here will help us get start.  Type the following to get the man page for apt-get:

ubuntu@S12345678:~$man apt-get

Note that we do not need to use sudo, as normal users are allowed to run the man command.  Skim through the apt-get manual pages.  Press <h> to get some basic help on using man,including a list of the various navigation keys.  Press <q> to quit out of man and get back to the command line.

We should expect to use man a lot.

The End
That’s it for the Base Server Install.  We can now shutdown and restart our server, upgrade and update our server, install new software on our server and access manual pages.  This is really just the beginning J

COIT20232 – Security Infrastructure Administration

 

Week 01 – Virtualisation, Installation and Documentation
This week is all about getting the base software downloaded and installed, and documenting the process, so that we can repeat it if we ever need to.

Once the base installation is completed, we will take a copy of it so that we don’t have to go through the full installation process again.

Summary
Software we need to install
* VirtualBox (www.virtualbox.org) – virtualisation software which allows us to install and run operating systems on top of other operating systems.

* Ubuntu Server (www.ubuntu.com/business/server/overview, help.ubuntu.com/12.04/index.html) – a Linux based operating system.

* man – (help.ubuntu.com/community/man) – “used for displaying Unix and Linux manual pages”.

Chapters we need to read
* 01 – Where to Start

* 03 – Booting and Shutting Down

* 08 – Storage

* 12 – Software Installation and Management

* 32 – Management, Policy and Politics.

Tasks
Readings
Read all of the recommended chapters before beginning the base server installation.  This will give us some background information that should help in understanding what is happening during the installation and also provide us with an understanding of the importance of documenting our system.

Notes:

Chapter 3:

Some of the details about the Ubuntu “upstart” systemdo not apply to the latest version of Ubuntu – “upstart” is now fully integrated.  Full details can be found at upstart.ubuntu.com in particular the “Cookbook” provides a good reference.

Grub 2 is used in our system, so many of the details in the text, in particular the location of configuration files, do not match up with our system.  Documentation for Grub 2 can be found at help.ubuntu.com/community/Grub2, note that the main configuration file for Grub 2 is /etc/default/grub.

Building the base system
As the installation process is rather long, the details are provided in a separate document titled “Base Server Installation“.  Download it and follow the steps to install and configure the base server.  Read the assessment items below before starting the installation as we need to record some details during the installation.

Assessment
Write a short, concise description, of what *you* think a System Administrator is.
Write a summary of the installation of VirtualBox and the Ubuntu Server. Include details of how easy or hard it was, how long it took and any problems that were encountered.
Submit a screen capture of the Ubuntu Server systems disks (don’t worry if it scrolls off the screen).Details of how to do this can be found in the Chapter 8 reading. The command to run is sudofdisk -l.
Submit a screen capture of each of the following:
the systems Volume Groups
the systems Logical Volumes
the systems Physical Volumes
Details of how these can be generated are provided in the Chapter 8 reading.  The commands to run are sudovgdisplay, sudolvdisplay and sudopvdisplay.

Submit a screen capture of the systems disk free space. Details of how to do this can be found in the Chapter 8 reading. The command to use is df.
6.A good System Administrator documents everything they do so that they can go back and do it again if they need to, without having to research the process again.

Now that we have done an installation using the “Base Server Installation” document, create a list of things that are important to record when installing or updating software.

Include the following basic details: date, author, changes/updates made, plus those details you think are important.  Discuss it on the course forum if you are not sure what to do.

7.Run levels, starting up and shutting down:

Review the readings for the week and also the “upstart_cookbook” reference provided in the Readings section above and answer the following questions related to our Ubuntu Server.

a) Briefly describe each of the run levels available on our system.
b) Briefly summarise the startup and shutdown process for our system i.e. what happens during startup and shutdown. [The “upstart_cookbook” will help in answering this question.]
Notes:

* Submit all answers, screen capturesetc. as a single Word document zipped up as week01.zip.