OPS105 Winter 2021 Project

What's new

Final Submission

  1. Download the VM from the link that was emailed to your MySeneca email on Wednesday, April 07, 2020. The password for both root and debian user is debian. Before you start, ensure you are working on the correct VM for submission by typing

    hostname
    

    the output should be

    21a-Project
    

    Bring all VM packages up-to-date, if it hasn't been done already. Add packages: sudo, curl, openconnect, and openssh-server. Configure openssh-server to run automatically at startup. Download and install (into /usr/bin) the vpn script. You may use that vpn script to connect to matrix.senecacollege.ca to submit (optional).


  2. Create a MySeneca user account to be EXACTLY as your MySeneca user appears on matrix (use only lowercase and, if required, numbers). Add the MySeneca user to the sudo group and configure the MySeneca user to run administrator commands by using sudo.

    IMPORTANT: After you create and configure your MySeneca user to run administrator commands using sudo complete all remaining administrative tasks below using sudo with your MySeneca user only. Do not use the root user after your MySeneca user has been configured to run sudo commands.


  3. Using sudo, make the MySeneca user a member of groups red and blue. Add one more user (you may choose any): jack whose secondary group is red or jill whose secondary group is blue.


  4. Logout from MySeneca and log back in as user jack or user jill and then run a few commands like whoami pwd and date.


  5. Configure the downloaded 21a-Project VM to be a reboot persistent gateway to your internal network. Your network address is 192.168.Y.40/29 where Y is the first and last numbers of your student ID otherwise if your last two student ID numbers has a leading zero then use n instead of 0n when 0 <= n <= 9, for example: use 0 if Y is 00 and 5 if Y is 05.


  6. In hostname 21a-Project VM you downloaded from Seneca, create directory /public to be writable by all. NOTE: Grade A/A+ must set permissions for /public to be the same as /tmp. HINT: Use stat /tmp to identify permissions of /tmp.


  7. From one of your existing client node VMs (Kali or XFCE) that has been re-configured to use 21a-Project as its gateway, create a file with the same username as the user you created in step #3 (jill or jack) above. So user jill on your Kali (or XFCE) VM would create file jill in her home directory. Redirect the output of commands whoami, hostname, and date to file /home/jill/jill. The example used jill but the same could be done for user jack as well, in which case /home/jack/jack would have the contents of whoami, hostname, and date.


  8. Using scp from the client VM, copy the file created in step #7 from your client VM to the 21a-Project VM /public directory, for example: while logged in as jill copy file /home/jill/jill from your client VM to directory /public in 21aProject VM. Confirm the file has copied correctly by checking the output of the copied file (file /public/jill in 21a-Project should have the same contents as file /home/jill/jill in user jill directory on the client VM).


  9. On 21a-Project VM login as each user below and confirm for test file /public/jill or test file /public/jack:
    • jill/jack (just one) can see and change the contents of their test file.
    • debian cannot see or change the contents of the test file.
    • MySeneca user:

      • without sudo can view but cannot change contents of the test file.
      • with sudo can view and change the contents of the test file.


  10. After you verified the above steps worked correctly (you may do them as many times as needed) run the submit command as the MySeneca user and when it is successful submitting check your email for a confirmation copy. You may use the vpn script to connect to matrix and submit if needed.

Project Completion Checklist

All of these tasks are to be done on the 21a-Project VM that was downloaded from Seneca using the link sent to your MySeneca email.

  • [ ] All packages are up-to-date with required packages including openconnect and vpn script installed.
  • [ ] Network address is 192.168.Y.40/29 (Y is first and last digits of your student ID).
  • [ ] MySeneca user is the same as it appears on matrix (lowercase and, if needed, with numbers).
  • [ ] MySeneca user is also member of all these secondary groups: red, blue, and sudo.
  • [ ] MySeneca user has configured most of 21a-Project setup using sudo (see #2 above).
  • [ ] MySeneca user can ssh into matrix.
  • [ ] One user jack or jill created and configured to be in their appropriate group.
  • [ ] Logout and login done at least once as MySeneca user, jack/jill, debian, and root.
  • [ ] After logging in as each user ran some commands (date, whoami, id) as that user.
  • [ ] Gateway is reboot-persistent CIDR/29 network that uses your Kali/XFCE VMs done earlier.
  • [ ] OpenSSH installed and configured to run at startup.
  • [ ] /public directory created under root directory (/)
  • [ ] /public contains at least one file that was copied using scp from an existing Node VMs.
  • [ ] Contents of the test file that was copied is as specified.
  • [ ] Permissions of /public and at least one test file is as described in #9 above.
  • [ ] Permissions of test file work as in #9 when logged in as MySeneca, jack/jill, and debian.

Grading Policy

IMPORTANT tl;dr: Configure 21a-Project according to the specifications above and then run submit.


The normal use of a Linux system creates and appends to log files (both binary and text). Any attempt to distort this process by either avoiding the creation of log files or tampering with them after they were created will automatically makes that submission attempt worth minimal marks: Grade D if everything else was configured correctly.


For maximum grade credit: avoid tampering, aborting, or interfering with any system or user generated log files. Such files include but are not limited to history files for all users when they login; services installed during the test session; or any other packages, files, or services that came installed prior to you downloading and starting the 21a-Project VM.

  • Your network ID must be 192.168.Y.40/29 (where Y is the first and last digits of your student ID). Y is the first and last digits of your student ID, unless one or both of them are zero. When one or both digits are zero, these additional rules apply: Y is 0 instead of 00; Y is 7 instead of 07; but Y is 40 if your ID digits are 40. You will lose a grade letter for an incorrect submission even if everything else was done correctly.


  • Marks are based to FIRST submission you make. If you submit multiple times, each submit costs you a letter grade (A, B, C, D). First submit is A, second B, third C, and so on. Make your FIRST submission count. You get a confirmation in your own email after you submit, so you know that your submission was successful.


  • To get a grade better than a D you MUST download the Project VM before noon Friday Apr 9. It can be downloaded at anytime during the day, however, read the following additional restrictions for Grades better than D.


  • Clock starts when you FIRST startup the Project VM to the time I receive your FIRST submit This means you can download the VM earlier and only work on it when you have a block of time and are ready to complete it.


  • In the event of multiple submits, only the first submit will be counted. If the first submit was a test submit, and you inform me, then the next submit you will only get a B or B+ even if everything else was correct. NOTE: In the description below, complete means configured according to specs given and first submission email received after running submit.


    • A grade or better: completed within 180 minutes of first startup and submitted before 5:00 pm Friday Apr 9.


    • B grade: completed within 360 minutes of VM first startup and submitted before 8:00 am Monday April 12.


    • C grade: completed and submitted before midnight Tuesday April 13.


    • D grade: completed and submitted before midnight Thu April 14.


  • Post any project-related or submission-related questions to Teams.

Using sudo

  • Install the sudo package and make your MySeneca user capable of running sudo commands as root user.
  • Verify this by bringing packages up-to-date or doing other root user tasks.
  • Understand why using sudo is better than using su and su - .

Initial project spec

  1. Make a new VirtualBox VM and Install Kali (Graphical Desktop) in it.
  2. Attach this Kali VM to your existing network you have been doing in the first half of this semester. The newly installed Kali will also be a node in the smallest multi-host network, reconfigure the network from CIDR/30 to CIDR/29 network to keep up to your growing network needs (see: CIDR/30 or glue network).
  3. Ensure Kali starts up and runs in full screen, but it will only get access to the Internet if the gateway is running.
  4. Bonus: Attempt to start your gateway in stealth mode (no graphical interface on your Windows/macOS/Linux desktop, instead use VirtualBox from the commandline to startup your gateway). Learn how to shutdown your gateway as well.

OpenSSH Server and MySeneca user account

  1. Install OpenSSH server on your Gateway.
  2. Ensure you cannot ssh as root into this server.
  3. Create a MySeneca-named user account on all 3 machines (gateway, node with XFCE desktop, and Kali VM).
  4. Verify your MySeneca-named user can ssh into your gateway from each node (XFCE desktop and Kali).
  5. Verify your MySeneca-named user can ssh into matrix.senecacollege.ca via the Seneca VPN.
  6. Bonus: Set your MySeneca user up so it can login to your gateway without using a password (password-less login).

File sharing network

  1. Create a file sharing network between users on this network. Start by having at least two new users (jack and jill) other than your MySeneca user (so there are at least 3 users, not including root, in all on each VM in this network).


  2. Create at least two groups (red and blue which are team names for red and blue) such that your MySeneca user is a member to both groups but jack and jill each belong to their own group (jack belongs to jack and jill belongs to jill) and jack and jill each belong to one of the red team group or blue team group. Make jack is a member of jack and red; jill is a member of jill and blue; however, the MySeneca-named user is a member of MySeneca-named group and a member of both red and blue groups.


  3. Login as each user on all 3 VMs and setup access for jack, jill, and the MySeneca to copy files from each VM onto the gateway into a public folder /pub on the gateway.


  4. Using ssh login as jack onto the gateway and try to read/write files that user jill created previously. Have files in /pub on the gateway where jack and jill can each can:


    • read files created by the other but not write to that file (jack can read jill's file but not write to it). Example: jack could read from jill's /pub/read-only.txt but jack would not have permissions needed to change or delete jill's /pub/read-only.txt.


    • write access to files created by the other but not read access (jill can write jack's file but not read from it). Example: jill could write to jack's /pub/write-only.doc but jill would not have permissions to read from jack's /pub/write-only.doc.


    • Since MySeneca user is in both groups, the MySeneca user should have the same access (read or write) that both jack and jill permitted for their group.


    • some files they can neither read from nor write to from if that file is not their own (jack can read and write to only his files whereas jill can only read or write to her files).

Tips

Kali

  • TIP #1: Give your Kali VM at least 2048 MB memory and 2 virtual CPUs.


  • TIP #2: When running gateway (from Bonus section of Initial spec) from the command line, you will need a VirtualBox command to start it up, however, shutting it down should be done from within the VM and not from a VirtualBox command entered on your Windows/macOS/Linux desktop. In other words, this means you will need to ssh into the gateway in order to shut it down.

End of project spec

Last Updated: 2021-Apr-07 Wed 11:33