Managing Services and Security
Task
Your job in this assignment is to create two Virtual machines each running a different but the latest distribution of Linux e.g. Ubuntu Server and CentOS. Each of these VM's is to offer services to a user base.
The Virtual Machines can be implemented using any hypervisor e.g. VMWare Player, Virtual Box or anything else you think is appropriate.
You can use bridged or host only networking when setting up these Virtual Machines. When implementing the Virtual Machines, rather then obtaining an address from the HyperVisors DHCP server you should ensure the addresses used are static and assigned from your network. YOU WILL NEED TO WORK OUT WHAT ADDRESS SPACE YOU ARE USING AND HOW IT WILL IMPACT YOUR LAN.
Part 1: Virtual Machine One - DNS & SSH Server
The first Virtual Machine should be installed and have the BIND (DNS) server installed on it. While you do not own any address space/ name space your name server should manage the following domains:
The name server should answer queries for this domain. In addition to the saffioti.org.au zone, a zone should be set up for the reverse zone - the reverse zone would be whatever the address range is of your virtual machine. You should do some research on how Bind handles reverse zones.
You should set up the saffioti.org.au zone with the usual information including SOA, NS and other records where appropriate. The address used for this should be the address of the virtual machine. You should give this Virtual Machine an A record with the name server1. You should also create a A record for server2 (part 2 of this task)
In addition to this you should create an CNAME record with the name www. When a user does a lookup on www.saffioti.org.au- the address returned should be that of the other virtual machine (Virtual Machine Two).
Be sure to create the appropriate reverse (PTR) records for the machines and to help other administrators be sure to put in place appropriate TXT records.
Once complete, you should fine tune your DNS Servers Virtual machine. Do this by disabling services that were installed but are not required. Be very careful not to break anything here. As a tip you will want to keep both DNS and SSH services active. Ensure both DNS and SSH are invoked at startup.
Finally harden this Virtual Machine using a firewall. Set up filters which allow access to the services possibly being access on the Virtual Machine from other hosts - specifically SSH and DNS. You can assume this incoming traffic can come from anywhere. You will need to make sure these rules always take affect at boot.
Test your virtual machine by setting your Host computer (i.e. the computer that is running the VM) Name Server to the address of the Virtual Machine. See if you can resolve queries for the A records create in saffioti.org.au i.e. server1 and www.
Document the entire process and challenges you experienced. You can install BIND from source or using your package manager.
Part 2: Virtual Machine Two
The second Virtual Machine is to have the LAMP software package installed. LAMP is a standard bundle in the Ubuntu Server platform.
Once complete set up this Virtual Machine to host a website using the Apache Web Server.
The Virtual Machine should have a statically assigned address which matches that specified in the A record for host www.
Test your Apache Server Virtual Machine by using a web browser on another host and trying to browse the website saffioti.org.au.
Once you have set up the web server and tested it, install a FTP server. The FTP server would allow users to upload/ download files to the web server. Configure the server appropriately and then test from another host.
Finally harden this host so that only services being used can be accessed by other machines. You will need to use IPTables.
Document the entire process and challenges you experienced.
Part 3: Simple Web Services
In Virtual Machine Two you set up a web server for the DNS name www.saffioti.org.au. The server is implemented using the HTTP protocol listening on port 80. Your challenge is to make the same site accessible using the HTTPS protocol. To do this set up SSL with a self signed certificate for the site.
Once configured correctly you should be able to access www.saffioti.org.au on both HTTP/HTTPS ports. Naturally you will need to make appropriate changes to your firewall rules.