SOS(en): Porovnání verzí

Z David Seidl
Skočit na navigaci Skočit na vyhledávání
 
(Není zobrazeno 6 mezilehlých verzí od stejného uživatele.)
Řádek 10: Řádek 10:
 
= Lesson 1 (Linux history, Virtualbox, Debian instalation) =
 
= Lesson 1 (Linux history, Virtualbox, Debian instalation) =
 
Install Virtualbox (www.virtualbox.org) on your computer or use Virtualbox on computer in class.
 
Install Virtualbox (www.virtualbox.org) on your computer or use Virtualbox on computer in class.
 +
 +
* Working with Virtualbox software [https://www.virtualbox.org/].
 +
# I recommend reading the documentation for this program.
 +
# If you work on a school PC, request an increase in user quota from the trainer.
 +
 +
* Installation of the Debian distribution in a virtualized environment [http://www.debian.org/] [http://www.debian.cz/].
 +
# In the home directory, download the iso file with the current installer of the distributed Debin version netinstal <br><br>[https://www.debian.org/distrib/netinst https://www.debian.org/distrib/netinst] for systems with an amd64 processor (i386 is probably history).
 +
# If you are working on your own laptop, I strongly recommend using DVD iso files [https://www.debian.org/CD/http-ftp/#stable] for installation. In case of high WiFi load, the installation using 'netinstal' is very tedious.
 +
# Create a new virtual machine named Debian, type Linux, version Debian
 +
# A minimum amount of memory is sufficient to install a virtual PC
 +
# Create a virtual hard disk of type VDI or VMDK, Dynamically allocated with a size of 8GB
 +
# Switch to the Global Tools menu and create a new network interface named 'vboxnet0', leave the settings as default.
 +
# Select two network cards for the virtual PC, set the first to NAT status and the second to 'Host only adapter' status (In the Virtualbox menu in File->Preferences->Network->H.only networks, there must be at least one hostonly network )
 +
# Run the created virtualized computer and set the downloaded iso file as a CD
 +
# Run the installation of the Debian distribution in a text environment (the graphical installer tends to be slower)
 +
## For installation, I recommend choosing the English language, you can choose Czech as well, the location ''Czech Republic'' and the keyboard as you like
 +
## To connect to the network, choose the interface included in the NAT network, typically enp0s3
 +
## Choose the name of the computer, enter the domain (I recommend vsb.cz), the password for the root user and create a regular user and also enter the password for him.
 +
## Partition the disk, choose Assisted - use the entire disk, select a virtual disk, put all the files in one area and write the changes to the disk.
 +
## If the installation process asks for another CD, ignore this question if you are installing from 'CD netinstall'. If installing from a complete DVD set, scan the other DVDs as well.
 +
## Set up a package manager for the Czech Republic, from the ftp.cz.debian.org server, without a proxy server.
 +
## You don't have to join the package popularity survey.
 +
## Select the SSH Server program to install and '''deselect''' all other tools.
 +
## Please do not install the GUI. It doesn't belong on the server.
 +
## Choose to install the GRUB bootloader in the main boot entry to the /dev/sda device
 +
## Finish the installation, start your Debian and login as root or regular user
 +
## To 'revive' the second network card, enter in your Debian under the root user: ''dhclient enp0s8'', this interface will get an IP address and you can connect to the virtual PC via SSH protocol, you can find out what IP address your virtual PC got by command ''ip address''
 +
 +
* Basic commands for working in the command line [http://wiki.ubuntu.cz/z%C3%A1kladn%C3%AD_p%C5%99%C3%ADkazy] [http://www.abclinuxu.cz/blog/ kibo/2006/5/command-line]
 +
# Log in to your Debian and try out all the basic command line commands.
 +
# For all other work, it is necessary to be able to handle basic operations in the command line. Above all, creating, deleting, copying and moving files or folders, moving in the directory structure. For further work, it is also necessary to be able to use at least one text editor.
 +
# For beginners, I recommend installing Midnight Commander into the system using the ''apt install mc'' command.
 +
  
 
Download iso file with network installation of debian distribution of GNU/Linux. (www.debian.org)
 
Download iso file with network installation of debian distribution of GNU/Linux. (www.debian.org)
Řádek 49: Řádek 82:
  
 
'''Practise'''
 
'''Practise'''
  Create a bash script and service for systemd. The script scans all the subdirectories in the / home folder.  
+
  Create a bash script and service for systemd. The script scans all the subdirectories in the /home folder.  
  If it finds a file whose name ends in * .backup, it moves this file to the / backup directory. Use ''find'' to search.
+
  If it finds a file whose name ends in * .backup, it moves this file to the /backup directory. Use ''find'' to search.
  
 
'''Practise'''
 
'''Practise'''
  Create a bash script and serviced for systemd. The script finds the size of all directories in the / home folder.  
+
  Create a bash script and service for systemd. The script finds the size of all directories in the / home folder.  
  If the size of one of the directories is larger than 1kB, a file named "THE MAX FILE SIZE HAS BEEN EXCEEDED"  
+
  If the size of one of the directories is larger than 1kB, a file named "THE_MAX_FILE_SIZE_HAS_BEEN_EXCEEDED"  
 
  will be placed in this folder.
 
  will be placed in this folder.
  
Řádek 96: Řádek 129:
 
  The default policy for INPUT will be DROP.
 
  The default policy for INPUT will be DROP.
 
  Disable all traffic to the server (INPUT), enable only tcp port ports 80 and 443.
 
  Disable all traffic to the server (INPUT), enable only tcp port ports 80 and 443.
  Only enable port 22 from defined IPs.
+
  Only enable port 22 from defined IPs from any interface.
 
   
 
   
 
  Configure SNAT for all packets coming out of the enp0s3 interface.
 
  Configure SNAT for all packets coming out of the enp0s3 interface.
Řádek 138: Řádek 171:
  
 
= Final Test version A =
 
= Final Test version A =
  * ( 5p) Create clear virtual PC and install Debian 11 on virtual PC as small installation (insrtall only ssh package during installation proces)
+
  * ( 5p) Create clear virtual PC and install actual distribution of Debian on virtual PC as small installation (install only ssh package during installation proces)
 
  * (10p) Add next 3 disks and create RAID1 with one SpareDisk
 
  * (10p) Add next 3 disks and create RAID1 with one SpareDisk
 
  * ( 5p) Format the Raid as EXT4 file system, and mount the RAID as /home directory (correctly edit file /etc/fstab)
 
  * ( 5p) Format the Raid as EXT4 file system, and mount the RAID as /home directory (correctly edit file /etc/fstab)
Řádek 147: Řádek 180:
 
  * (10p) Write script in bash language, set firewall in this script, set default policy in INPUT chain as DROP,
 
  * (10p) Write script in bash language, set firewall in this script, set default policy in INPUT chain as DROP,
 
         enable connection to the web server only from defined network
 
         enable connection to the web server only from defined network
  * ( 5p) Create service Firewall and start your script with previous item after computer started
+
  * ( 5p) Create service Firewall for systemd and start your script with previous item after computer started
  
 
= Final Test version B =
 
= Final Test version B =
  * ( 5p) Create clear virtual PC and install Debian 11 on virtual PC as small installation (insrtall only ssh package during installation proces)
+
  * ( 5p) Create clear virtual PC and install current distribution of Debian on virtual PC as small installation (install only ssh package during installation proces)
 
  * (10p) Add next 3 disks and create RAID5 without one SpareDisk
 
  * (10p) Add next 3 disks and create RAID5 without one SpareDisk
 
  * ( 5p) Format the Raid as EXT4 file system, and mount the RAID as /home directory (correctly edit file /etc/fstab)
 
  * ( 5p) Format the Raid as EXT4 file system, and mount the RAID as /home directory (correctly edit file /etc/fstab)

Aktuální verze z 17. 4. 2024, 17:52

Literature

You can find much information on the internet, use Google

Lesson 1 (Linux history, Virtualbox, Debian instalation)

Install Virtualbox (www.virtualbox.org) on your computer or use Virtualbox on computer in class.

  • Working with Virtualbox software [1].
  1. I recommend reading the documentation for this program.
  2. If you work on a school PC, request an increase in user quota from the trainer.
  • Installation of the Debian distribution in a virtualized environment [2] [3].
  1. In the home directory, download the iso file with the current installer of the distributed Debin version netinstal

    https://www.debian.org/distrib/netinst for systems with an amd64 processor (i386 is probably history).
  2. If you are working on your own laptop, I strongly recommend using DVD iso files [4] for installation. In case of high WiFi load, the installation using 'netinstal' is very tedious.
  3. Create a new virtual machine named Debian, type Linux, version Debian
  4. A minimum amount of memory is sufficient to install a virtual PC
  5. Create a virtual hard disk of type VDI or VMDK, Dynamically allocated with a size of 8GB
  6. Switch to the Global Tools menu and create a new network interface named 'vboxnet0', leave the settings as default.
  7. Select two network cards for the virtual PC, set the first to NAT status and the second to 'Host only adapter' status (In the Virtualbox menu in File->Preferences->Network->H.only networks, there must be at least one hostonly network )
  8. Run the created virtualized computer and set the downloaded iso file as a CD
  9. Run the installation of the Debian distribution in a text environment (the graphical installer tends to be slower)
    1. For installation, I recommend choosing the English language, you can choose Czech as well, the location Czech Republic and the keyboard as you like
    2. To connect to the network, choose the interface included in the NAT network, typically enp0s3
    3. Choose the name of the computer, enter the domain (I recommend vsb.cz), the password for the root user and create a regular user and also enter the password for him.
    4. Partition the disk, choose Assisted - use the entire disk, select a virtual disk, put all the files in one area and write the changes to the disk.
    5. If the installation process asks for another CD, ignore this question if you are installing from 'CD netinstall'. If installing from a complete DVD set, scan the other DVDs as well.
    6. Set up a package manager for the Czech Republic, from the ftp.cz.debian.org server, without a proxy server.
    7. You don't have to join the package popularity survey.
    8. Select the SSH Server program to install and deselect all other tools.
    9. Please do not install the GUI. It doesn't belong on the server.
    10. Choose to install the GRUB bootloader in the main boot entry to the /dev/sda device
    11. Finish the installation, start your Debian and login as root or regular user
    12. To 'revive' the second network card, enter in your Debian under the root user: dhclient enp0s8, this interface will get an IP address and you can connect to the virtual PC via SSH protocol, you can find out what IP address your virtual PC got by command ip address
  1. Log in to your Debian and try out all the basic command line commands.
  2. For all other work, it is necessary to be able to handle basic operations in the command line. Above all, creating, deleting, copying and moving files or folders, moving in the directory structure. For further work, it is also necessary to be able to use at least one text editor.
  3. For beginners, I recommend installing Midnight Commander into the system using the apt install mc command.


Download iso file with network installation of debian distribution of GNU/Linux. (www.debian.org)

Practise

Install debian on your virtual PC identically as in lecture.

Lesson 2 (Bash script)

Practise

On your server in the /opt/SOS/villages/ directory create a directory structure where the directory name will match the names of all villages in the Czech Republic 
whose name contains "ova" and does not contain the word "Nova". Replace any spaces with underscores. 
List of villages in text form can be found here: http://seidl.cs.vsb.cz/download/seznam-obci-cr.txt

Practise

On your server in the /opt/SOS/post/ directory, create a directory structure where the name of the directories will match the names of all the post offices
in the Czech Republic whose     phone number contains a 5 digit and does not contain a pocket of numbers 55. Replace any spaces with underscores.
You can find a list of Czech postal text here: http://seidl.cs.vsb.cz/download/posty.csv.txt

>>> "Praha 10";"10000";"Cernokostelecka 2020/20, Praha";"274774998";"274776503";"B" <<< phone number is bold

In each folder, create a text file with any name. In the file, list all names of the post offices in the Czech Republic with the same number of letters as the current folder name.


Lesson 3 (init process, systemd)

Practise

Create a bash script and service for systemd. The script scans all the subdirectories in the /home folder. 
If it finds a file whose name ends in * .backup, it moves this file to the /backup directory. Use find to search.

Practise

Create a bash script and service for systemd. The script finds the size of all directories in the / home folder. 
If the size of one of the directories is larger than 1kB, a file named "THE_MAX_FILE_SIZE_HAS_BEEN_EXCEEDED" 
will be placed in this folder.

Lesson 4 (hard disks management, RAID)

Practise

Add another four SATA drives to your virtualized PC. Create a RAID 5 with one spare disk above them.

Create file system ext4 on raid a mount raid to  /home folder. Copy all data. 
Modify the / etc / fstab file so that the raid connection to the / home automatically happens after the system starts.

Try set one disk from raid as demage, and check if raid work correctly.

Lesson 5 (user management, file permissions, disk quota)

Test user file: http://seidl.cs.vsb.cz/download/jmena.txt

Practise

Create a script that creates 50 users in your virtualized PC.
Generate and set the primary password for each user.
After the first user logon, please force a new password.
Define disk quotas for all newly created users.

Lesson 6 (networking, iptables)

Practise

Configure your virtual machine so that the "hostonly" interface receives a static IP address after the PC restarts.

Create a startup script that initializes the firewall using iptables.
The default policy for INPUT will be DROP.
Disable all traffic to the server (INPUT), enable only tcp port ports 80 and 443.
Only enable port 22 from defined IPs from any interface.

Configure SNAT for all packets coming out of the enp0s3 interface.

Lesson 7 (LAMP, DHCP, NFS)

Install MySQL in debian

https://dev.mysql.com/downloads/repo/apt/
https://dev.mysql.com/doc/mysql-apt-repo-quick-guide/en/
https://httpd.apache.org/
https://www.isc.org/downloads/dhcp/
http://nfs.sourceforge.net/nfs-howto/ar01s03.html


Practise

 Install on your virtual PC LAMP server and run Mediawiki.


Final Test

Minimum points from Final test is 30. Maximum is 50.
You can use all information source (webpage, own notes, books).
Please, during the test do not use any online communication!
The test lasts 2 hours.

Final Test version A

* ( 5p) Create clear virtual PC and install actual distribution of Debian on virtual PC as small installation (install only ssh package during installation proces)
* (10p) Add next 3 disks and create RAID1 with one SpareDisk
* ( 5p) Format the Raid as EXT4 file system, and mount the RAID as /home directory (correctly edit file /etc/fstab)
* (10p) Write script an bash language, create 100 users, with default pasword a add user quota for all new users
* ( 5p) Create group “share” and add 5 users to this group
* ( 5p) Create directory /share with all permission for group share and set no permission for others
* (10p) Install LAMP server, and run Mediawiki
* (10p) Write script in bash language, set firewall in this script, set default policy in INPUT chain as DROP,
        enable connection to the web server only from defined network
* ( 5p) Create service Firewall for systemd and start your script with previous item after computer started

Final Test version B

* ( 5p) Create clear virtual PC and install current distribution of Debian on virtual PC as small installation (install only ssh package during installation proces)
* (10p) Add next 3 disks and create RAID5 without one SpareDisk
* ( 5p) Format the Raid as EXT4 file system, and mount the RAID as /home directory (correctly edit file /etc/fstab)
* (10p) Write script an bash language, create 100 users, with clear pasword a add user quota for all new users
* ( 5p) Create group “student” and add 5 users to this group
* ( 5p) Create directory /student with all permission for group student and set no permission for others
* (10p) Install LAMP server, and run Mediawiki
* (10p) Write script in bash language, set firewall in this script, set default policy in OUTPUT chain as DROP,
        enable connection to the web server only from 10 defined address
* ( 5p) Create service Firewall and start your script with previous item after computer started