diff --git a/exercises/h5.md b/exercises/h5.md index a6b3b53..8e184e5 100644 --- a/exercises/h5.md +++ b/exercises/h5.md @@ -6,6 +6,49 @@ Linux servers - Exercice 5 This exercise is a part of [Linux servers (ICT4TN021, spring 2018) // Linux-palvelimet (ICT4TN021, kevät 2018)](http://www.haaga-helia.fi/fi/opinto-opas/opintojaksokuvaukset/ICT4TN021) school course organized as a part of Information Technology studies in Haaga-Helia university of Applied Sciences, Helsinki, Finland. Course lecturer [Tero Karvinen](http://terokarvinen.com/) has defined the original assignment descriptions in Finnish presented in this document in English. Answers and translations have been written by Pekka Helenius (me, ~ Fincer). +*Table of contents:* +-------------- + +- [a) **SSH Daemon** Install SSH server daemon](https://github.com/Fincer/linux_server_setup/blob/master/exercises/h5.md#a-install-ssh-server-daemon) + +- [b) **Firewall** Establish a firewall protection to the server computer (Note: allow SSH traffic before that)](https://github.com/Fincer/linux_server_setup/blob/master/exercises/h5.md#b-establish-a-firewall-protection-to-the-server-computer-note-allow-ssh-traffic-before-that) + + - [UFW configuration](https://github.com/Fincer/linux_server_setup/blob/master/exercises/h5.md#ufw-configuration) + + - [iptables configuration](https://github.com/Fincer/linux_server_setup/blob/master/exercises/h5.md#iptables-configuration) + + - [Other firewall solutions](https://github.com/Fincer/linux_server_setup/blob/master/exercises/h5.md#other-firewall-solutions) + + - [EXTRA - root account: more restrictions](https://github.com/Fincer/linux_server_setup/blob/master/exercises/h5.md#extra---root-account-more-restrictions) + +- [c) **File transfer** Transfer files using SSH protocol](https://github.com/Fincer/linux_server_setup/blob/master/exercises/h5.md#c-transfer-files-using-ssh-protocol) + +- [d) **SSH auto-login** Automate SSH login with public key method](https://github.com/Fincer/linux_server_setup/blob/master/exercises/h5.md#d-automate-ssh-login-with-public-key-method) + +- [e) **Analysis of server processes** Install, configure and start sysstat. Use sar command to confirm whether the sysstat package services have been enabled (for instance, log entry "Linux reboot..." exists). Run sysstat a day or two. Afterwards, check computer workload history with sysstat commands sar, iostat, pidstat etc. Analyze the results, i.e. explain the results in detail.](https://github.com/Fincer/linux_server_setup/blob/master/exercises/h5.md#e-install-configure-and-start-sysstat-use-sar-command-to-confirm-whether-the-sysstat-package-services-have-been-enabled-for-instance-log-entry-linux-reboot-exists-run-sysstat-a-day-or-two-afterwards-check-computer-workload-history-with-sysstat-commands-sar-iostat-pidstat-etc-analyze-the-results-ie-explain-the-results-in-detail) + + - [SAR - network statistics, IPv4 traffic](https://github.com/Fincer/linux_server_setup/blob/master/exercises/h5.md#sar---network-statistics-ipv4-traffic) + + - [SAR - memory consumption statistics, RAM & Swap](https://github.com/Fincer/linux_server_setup/blob/master/exercises/h5.md#sar---memory-consumption-statistics-ram--swap) + + - [SAR - I/O statistics](https://github.com/Fincer/linux_server_setup/blob/master/exercises/h5.md#sar---io-statistics) + +- [f) **SSH port configuration** (optional) Change sshd (SSH server process) port](https://github.com/Fincer/linux_server_setup/blob/master/exercises/h5.md#f-optional-change-sshd-ssh-server-process-port) + + - [EXTRA - Using new port address of SSH server daemon when connecting with a client computer/program](https://github.com/Fincer/linux_server_setup/blob/master/exercises/h5.md#extra---using-new-port-address-of-ssh-server-daemon-when-connecting-with-a-client-computerprogram) + + - [EXTRA - detecting SSH port change with port scanning techniques (nmap)](https://github.com/Fincer/linux_server_setup/blob/master/exercises/h5.md#extra---detecting-ssh-port-change-with-port-scanning-techniques-nmap) + + - [EXTRA - Using Port Knocking technique against port scanning](https://github.com/Fincer/linux_server_setup/blob/master/exercises/h5.md#extra---using-port-knocking-technique-against-port-scanning) + + - [EXTRA - ARP Scan and spoofing your MAC address](https://github.com/Fincer/linux_server_setup/blob/master/exercises/h5.md#extra---arp-scan-and-spoofing-your-mac-address) + +- [g) **SSH configuration - groups** (optional) Allow SSH login only for users in group 'sshers'. Add your account to this group.](https://github.com/Fincer/linux_server_setup/blob/master/exercises/h5.md#g-optional-allow-ssh-login-only-for-users-in-group-sshers-add-your-account-to-this-group) + +- [h) **SSH remote dir mounting** (optional) Attach a remote network directory with sshfs.](https://github.com/Fincer/linux_server_setup/blob/master/exercises/h5.md#h-optional-attach-a-remote-network-directory-with-sshfs) + +-------------- + **a)** Install SSH server daemon -------------- @@ -484,7 +527,7 @@ Additionally, iostat command was run on the background. ### SAR - network statistics, IPv4 traffic -**command: sar -n IP -f sar-stats_2018-02-24_2018-02-26.file** +**command:** `sar -n IP -f sar-stats_2018-02-24_2018-02-26.file` ![sar-stats-ipv4](https://github.com/Fincer/linux_server_setup/blob/master/images/sar-stats_ipv4.png) @@ -534,8 +577,8 @@ Check also ### SAR - memory consumption statistics, RAM & Swap -**command: sar -r -f sar-stats_2018-02-24_2018-02-26.file** -**command: sar -S -f sar-stats_2018-02-24_2018-02-26.file** +**command:** `sar -r -f sar-stats_2018-02-24_2018-02-26.file` +**command:** `sar -S -f sar-stats_2018-02-24_2018-02-26.file` ![sar-stats-memusage](https://github.com/Fincer/linux_server_setup/blob/master/images/sar-stats_memusage.png) @@ -606,7 +649,7 @@ It may not be wise to collect Swap statistics (although Linux kernel [Swappiness ![sar-iostat](https://github.com/Fincer/linux_server_setup/blob/master/images/sar-iostats.png) -Main command: `iostat -dmtx 20` +**command:** `iostat -dmtx 20` ``` -d Display the device utilization report.