ISQS 3351-Linux Security

This is an initial set of homeworks only. I reserve the right to change assignements as the semester progresses.

Also, please note the due dates. 
If the assignment is late, a letter grade will be subtracted (A becomes B, B becomes C, etc).  And if I get most of your assignments at the very end of the semester, maximum grade is a C.

 

Windows - Linux apps -- How Do I


HW #1 (Due sometime this semester.  However, If I do not get any of them until the last weeks of class maximum grade will be a B)

Write 3 scripts / programs in any language, combination of languages, and/or software. Please tell me the task you are going to try to accomplish before you write the scripts

Ideas:

1. A script that will allow you to scan all the computers on your local private subnet to identify open ports.

2. A script that will allow mounting of remote file systems on a single command

3. A script to backup, compress, & upload important files, MBR, and partition information


HW #2 (Due Oct 12)

Describe the startup process for your default run-level on your distro.  Please follow the format of the template excel file that is attached.  Make sure to include brief descriptions of all files used, the script and or executable, all configuration files and what each service does.  Be specific, I want to be able to go you your group's machine and find your description complete. Here is an example template file (updated 10/2/14)

If you are using a systemv version of linux, my suggestion is that you start by looking at, and understanding, the following files:
/etc/inittab
/etc/rc.d/rc
/etc/rc.d/rc.sysinit
/etc/rc.d/rc.local
/etc/rc.d/rc5.d (these are all links to /etc/rc.d/init.d)
/var/log/messages (this log file contains most of the software related messages that you see on startup)
/var/log/dmesg (these are the hardware related messages)

When that is done look in /etc/sysconfig for the networking stuff

If you are using systemd the startup scripts have changed. 
        The .service files are effecitvely the startup scripts (not config files or at least not the only config file) for a service.
The files in /etc/systemd/service are simply links.  Please refer to the "real" file.
Here are some potentially helpbul links.
There is more information here Fedora systemd
Understanding and Using Systemd
Fedora Linux Server with systemd

The following links might be useful:
A detailed look at the Boot Process (FC 13)
Demystifying UEFI, the long-overdue BIOS replacement
Various startup files from an earlier Linux Distro
My Linux Notes 1 from F99
My Linux Notes 2 from F99 
The list of config files on the class notes page
Older notes on the RedHat Boot process

Please remember that some of the scripts call other scripts :-)  When you get through you should be able to explain where everything is started, like the network interface for instance.

Since the startup process differs between distros, make sure to tell me what distro you are using!


HW #3.1 (Due Oct 26)
Media System Design

Create the design specifications (hardware, software, connectivity, security, etc) for a media center or any other type of system (game box, NAS, office machine, etc).

Primary Requirements:
- Quiet
- HDMI or other digital sound and video output
- at least 1080i video
- at least 5.1 surround
- some form of wireless control
- ethernet (at least cat 5 preferably cat 6)
- Wifi optional
- Display & Speakers not required
- Easy Connectivity to SAN
- 500 GB minimum storage
- HD broadcast TV reception
- Cable and / or Satellite reception optional


HW #3.2 (Due Oct 26)
System Security Design:

Send me the specific steps you would take to harden a Linux-based server PC
Make sure to tell me what server you want accessable, what the risks you are willing to take are, and why you allowed/disallowed the services that you did.

Priorities are:


HW #4 (Due Nov 14)
System security implementation

 
Setup an iptables implementing the security you specified in HW #3.2 above
When complete send me the primary iptables config file you use.

HW #5 (Due Nov 21)
Apache Setup requirements:
  1. Create virtual hosts for each user using Name-based virtual hosts, if you are working in a group.  If not make up some users.
    (create the directories in /home/httpd/ and create symbolic links in /home/userdir/html)

    The following (#2) is no longer required!  #3-#6 are still required!
  2. Create aliases /YourURL/Java and /YourURL/images for Java and image files
    (make the aliases point to /home/httpd/Java and /home/httpd/images respectively)

  3. Setup the server to log host name called and file accessed.  The following httpd.conf lines might help:
    LogFormat "%h %l %u %t \"%r\" %>s %b %f %{host}i" debug
    CustomLog /var/log/httpd/access_log debug
  4. Remove all comment lines from the httpd.conf file except lines like:
          ### Section 2: 'Main' server configuration
  5. Put all group members names & the machine name at the top of the httpd.conf file as comments
  6. eMail the httpd.conf file (and any other conf files you have modified) to me
 

HW #6 (Due Dec 4)
Server or System setup
Setup two more servers (please note that only 2 are required and only one if you do a HoneyPot) on a linux based system. Incomplete list of examples (some require home systems and/or wireless): MySQL, NoSQL, NAS, DVR, autofs, Streaming media, LDAP, Wiki, Encrypted FS, Bluetooth, Proxy Server, WPA_Supplicant, A HoneyPot

HW #7 (Due )
A host or nework IDS
Setup another server or security process to watch for intrustion attempts. The system can be network or host based and can use any software you wish as long as you can demonstrate to me that it works and send me the configuration files.

HW #8 (Due )
SELinux config
Design and implement a Security Enhanced Linux system. First, design the security parameters, then setup the SEL modules. When finished show me the config file(s) involved.