932
edits
Changes
m
* Network user's home directory : /neth/newuser for user called "newuser"
→Network, firewall, and SELinux
[[Category:OPS535]][[Category:rchan]]
= Assignment 1=
Due Date:October 31July 5, 20162018
== Required VMs ==
* Source Virtual Disk image: Download the virtual disk image [https://scs.senecac.on.ca/~raymond.chan/ops535/asgms/c7min-ops535.qcow2.gz here (c7min-ops535.qcow2.gz)]. [https://scs.senecac.on.ca/~raymond.chan/ops535/asgms/c7min-ops535.qcow2.gz.md5 md5 sum for the virtual disk image]- please make sure the md5 sum of the virtual disk image matches the file given.
** The Primary DNS (running on VM pri-dns, IP:192.168.x.53) is authoritative for your domain.
** The Caching-only name server (running on co-nfs, IP: 192.168.x.153) which allows DNS queries only from hosts in your network. The firewall on your host should allow only this caching name server to send DNS queries to root name servers in the lab.
** The Root Name server (running on VM rns-nis, IP: 192.168.x.253), which is authoritative for the root zone. You should create the root zone file from the information [[Domainreg|here]]. You could download the shell script [[Get-root-zone|here ]] and run it on your system to generate the necessary resource records for the root zone. You need to add additional appropriate resource records to complete it. You will get 10% bonus mark if you run a root name server on a Raspberry Pi.
===NFS Server - on VM co-nfs, (IP: 192.168.x.153)===
* Create a directory called "/nethome" and use it for centrally hosting new all network user's home directory.* Use the appropriate export option (s) (especially root_squash and no_root_squash) when exporting network users' home directory* Superuser on the other VMs should not have root privilage privillage on the exported directory unless the remote machine is running the NIS server.
* Network users should not have read or write access to other network users' home directory.
===NIS Server - on VM rns-nis, (IP: 192.168.x.253)===
* NIS Domanin Domain Name - [learn-id].nis, where [learn-id] is your matrix login account name.
* Minimum user and group IDs - 5000
* Please use NFS version 3 when mounting the nfs share folders
* Please test your network connectivity with at least one of your classmates to make sure you can connect your VMs to their VMs.
* Do not allow DNS queries from any machines in your network to any root name servers in the lab except your caching-only DNS server.
* SELinux must be turned on and run in enforcing mode on all of your VMs. You need to configure the runtime SELinux boolen boolean accordingly.* You must turn on These machines will use firewalld as their firewall on all machines and have . Their interfaces should be placed in the 'work' zone, which should allow ssh traffic. Other than that it should only allow the traffic necessary to fulfil the filter table rule drops or rejects any unwanted packetsroles described above.
== Test and evaluation ==
== Grading ==
===System configuration settings 40% of the assignment ===
On the due date, you will be given a set of [https://scs.senecac.on.ca/~raymond.chan/ops535/1703/asgms/asgm1-scripts.html scripts], which should be run on each VM to collect server configuration information. The scripts will produce an evaluation report for you to upload to blackboard. The following information may be collected:
* Network Settings
* Services configuration