CIS-2903: Project

1 - CLO4 - Selection of a suitable Linux distribution and Installation

I selected Kali Linux because it is a Debian-derived Linux distribution designed for
penetration testing. It has over 600 preinstalled penetration-testing programs, making it
one of the best-operating systems for security testing. Some of the features of Kali Linux
are:
a. Kernel Version:

Kali Linux uses the Linux kernel, which is the core of the operating system that
manages the hardware and provides basic services for the user programs. The kernel
version of Kali Linux depends on the release and the image you download. For
example, the latest Kali Linux 2023.3 release has kernel version 6.3.0

b. Package Manager:
Kali Linux uses the Advanced Package Tool (APT) as its package manager. APT is a
command-line tool that allows you to install, update, and remove software packages on
your system. APT also handles dependencies, meaning that it automatically installs or
removes any additional packages that are required or no longer needed by the software
you install or remove

To install Kali Linux on VirtualBox, you need to follow these steps:

1. Download Kali Linux:

Visit the official Kali Linux website (https://www.kali.org/downloads/) and download
the ISO image of the Kali Linux distribution that matches your system architecture and
requirements.
2. Install VirtualBox:
If you don't already have VirtualBox installed, you can download it from the official
VirtualBox website (https://www.virtualbox.org/) and follow the installation
instructions for your operating system.
3. Create a New Virtual Machine:
Open VirtualBox, click on "New" to create a new virtual machine. Follow the wizard,
and when asked to choose the operating system, select "Linux" and then "Debian (64-
bit)" as the version.
4. Configure Virtual Machine Settings:
Allocate sufficient RAM and create a new virtual hard disk for your Kali Linux VM.
Make sure to attach the Kali Linux ISO file you downloaded to the virtual optical drive
so that you can boot from it.
5. Install Kali Linux:
Start the virtual machine, and it should boot from the Kali Linux ISO. Follow the on-
screen instructions to install Kali Linux, including configuring your system settings,
creating a user account, and partitioning the virtual hard disk.
6. Complete the Installation:
Once the installation is complete, you'll have Kali Linux up and running in VirtualBox.

Screenshots:
2 - CLO4 - Configuration of Linux Hard disks
To add a second hard disk to your Linux server and configure it as described, you can follow
these steps. Assuming the second hard drive is recognized as /dev/sdb, please make sure to
replace it with the correct device name if it differs on your system:

1. Attach the Second Hard Drive:

First, ensure that the second hard drive is physically connected to your server and
recognized by the system. You can check this by running the following command:
Command: sudo fdisk -l

Identify the second hard drive (e.g., /dev/sdb). It may show up as something like
/dev/sdb, /dev/sdc, etc.
2. Create a Single Partition:
Use the fdisk or parted command to create a single partition on the second hard
drive. In this example, we'll use fdisk:
Command: sudo fdisk /dev/sdb
 1. Type n to create a new partition.
2. Choose the default partition number.
3. Accept the default first sector by pressing Enter.
4. Specify the last sector as the full size of the drive. You can do this by pressing Enter
again to accept the default value.
5. Type w to write the changes and exit.

3. Format the Partition:

Now that you have created a partition, you can format it with a Linux file system.
Assuming you want to use the ext4 file system:
Command: sudo mkfs.ext4 /dev/sdb1

4. Create a Mount Point:

You should choose an empty directory where you want to mount the new partition.
For example, you can create a directory called company_data in the root directory:
Command: sudo mkdir company_data
5. Mount the Partition:

Mount the newly formatted partition to the mount point you created:

Command: sudo mount /dev/sdb1 /company_data

6. Make the Mount Persistent:

To ensure the partition is mounted at boot, add an entry to the /etc/fstab file. Open
the /etc/fstab file in a text editor:
Command: sudo nano /etc/fstab
Add the following line to the end of the file:
Command: /dev/sdb1 /company_data ext4 defaults 0 0
Save the file and exit the text editor.

7. Set Permissions:
You may need to adjust the permissions on the mount point so that all users can
access it. For example, to make it accessible to all users, you can set the
permissions to 755:
Command: sudo chmod 755 /company_data
Additionally, you can change the ownership of the directory to a suitable group:
Command: sudo chown -R youruser:yourgroup /company_data
Replace youruser and yourgroup with appropriate values.

8. Verify:

You can verify that everything is set up correctly by unmounting and then
remounting the partition:

Commands: sudo umount /company_data

sudo mount -a

Now, your second hard drive should be added, partitioned, formatted with the ext4 file
system, and mounted to the /company_data directory, accessible by all users.
3 - CLO4 - Managing user and group accounts
To manage user and group accounts on a Linux system, you can follow these steps to create
the required user groups and user accounts as described:

1. Create User Groups:

You can create the two user groups, one for managers and one for consultants,
using the groupadd command. Replace "managers_group" and
"consultants_group" with suitable group names

Commands: sudo groupadd managers_group

sudo groupadd consultants_group

2. Create User Accounts for Managers:

For each of the two managers, you can use the useradd command to create user
accounts and add them to the "IT_Manager" with the -g option to specify the
primary group. Replace "manager1" and "manager2" with the usernames and
"Manager One" and "Manager Two" with their full names:

Commands: sudo useradd -m -c "Manager One" -g managers_group manager1

sudo useradd -m -c "Manager Two" -g managers_group manager2

The -m option is used to create the user's home directory, and the -c option
specifies the user's full name.

3. Create User Accounts for Consultants:

Similarly, for the consultants, you can use the useradd command to create user
accounts and add them to the "consultants_group" as their primary group. Replace
 "consultant1" and "consultant2" with the usernames and "Consultant One" and
"Consultant Two" with their full names:

Commands: sudo useradd -m -c "Consultant One" -g consultants_group consultant1

sudo useradd -m -c "Consultant Two" -g consultants_group consultant2

4. Set Passwords:

To set passwords for these user accounts, use the passwd command. Replace "username"
with the actual username:

Commands: sudo passwd manager1

sudo passwd manager2

sudo passwd consultant1

sudo passwd consultant2

5. Verify the Configuration:

You can verify the group assignments and user account creation by checking
the /etc/passwd file to ensure that the default groups are correctly set. Additionally, you
can use the groups command to check group memberships for users:
 Commands: groups manager1

groups manager2

groups consultant1

groups consultant2

4 - CLO4 - Managing file and directory permissions

To configure file and directory permissions as described, follow these steps to create the
directories and set the appropriate permissions on the second hard disk for managers and
consultants:

1. Create Directories:

You can create the required directories using the mkdir command. Make
"managers_data" and "consultants_data” directory names:
 Commands: sudo mkdir /company_data/managers_data
sudo mkdir /company_data/consultants_data

2. Set Permissions:

To configure the permissions as described, you can use the chmod and chown
commands. First, ensure the ownership and group ownership are set correctly:

 For the managers' directory:

Command: sudo chown :managers_group /company_data/managers_data

 For the consultants' directory:

Command: sudo chown :consultants_group /company_data/consultants_data

Next, set the permissions for the directories:

 For the managers' directory, where only members of the

"managers_group" should have access:

Command: sudo chmod 770 /company_data/managers_data

 For the consultants' directory, where only members of the

"consultants_group" should have access:

Command: sudo chmod 770 /company_data/consultants_data

 3. Grant Access to Managers for Consultants' Data:

To grant members of the "managers_group" full access to the consultants'

data, you need to adjust the permissions of the consultants' directory to allow
group members of "managers_group" access. You can do this using the
chmod command:

Command: sudo chmod g+rwX /company_data/consultants_data

g+rwX adds read and write permissions for the group, and the X ensures that
group members can enter and access the directory.

5 - CLO5 - Configuring Network Settings

To configure network settings, list the interfaces, set a static IP address, and perform
ping and netstat operations on a Linux server, you can follow these steps.

1. List Network Interfaces:

To list the network interfaces on your Linux server, you can use the ifconfig
command. It will provide information about each network interface, including
their names and IP addresses:
Command: ifconfig
2. Set a Static IP Address:

To set a static IP address for your Linux server, you will typically need to
modify the network configuration files. The location of these files can vary
depending on your Linux distribution. Commonly used files include
/etc/network/interfaces for Debian-based systems or /etc/sysconfig/network-
scripts/ifcfg-<interface> for Red Hat-based systems.

Command: sudo nano /etc/network/interfaces

Inside the file, you can set the static IP address, subnet mask, gateway, and
DNS servers. For example:
 Save the file and then restart the network service:

Command: sudo service networking restart

3. Ping Operations:

-a: To make the ping results audible, you can use the -a option.

Command: ping -a <destination>

-c count: To set the number of pings, use the -c option. For example, to send 5
Pings
Command: ping -c 5 <destination>

-i interval: To set the time between pings, use the -i option. For example, to
set a 1-second interval
Command: ping -i 1 <destination>

-s size: To set the packet size, use the -s option. For example, to send packets
of 100 bytes
Command: ping -s 100 <destination>
 To ping the loopback interface (127.0.0.1) with these options:
Command: ping -a -c 5 -i 1 -s 100 127.0.0.1

4. Netstat Command:

You can use the netstat command to show the current TCP/IP network status.
Some useful options for netstat include:

-tuln: Display listening sockets, both TCP and UDP.

-r: Show the kernel routing table.

 Command: netstat -tuln
netstat -r

6 - CLO5 - Installing and configuring ftp services

To install and configure an FTP server on your Linux machine and test its
functionality, you can follow these steps
1. Install vsftpd:

Install vsftpd on your Linux server. The command may vary depending on
your distribution

Command: sudo apt-get install vsftpd

2. Configure vsftpd:

Edit the vsftpd configuration file to allow local users to access their home
directories. Open the configuration file with a text editor:
 Command: sudo nano /etc/vsftpd.conf

Modify or add the following lines in the configuration file to enable local user
access and restrict them to their home directories:

Lines: local_enable=YES
write_enable=YES
local_umask=022
chroot_local_user=YES
allow_writeable_chroot=YES

Save the file and exit the text editor.

3. Restart vsftpd:

Restart the vsftpd service to apply the changes:

Command: sudo systemctl restart vsftpd

4. Test FTP Locally:

You can test the FTP server functionality locally from the same computer
using the ftp command. Open a terminal and run:

Command: ftp localhost

You'll be prompted to enter your username and password. If everything is
configured correctly, you should be able to access your home directory via
FTP.
5. Test FTP Remotely:

To test your FTP server from another machine (e.g., Windows or another
Linux system), you'll need an FTP client. Popular FTP clients for Windows
include FileZilla and WinSCP.

FileZilla:

Open FileZilla.
Enter the IP address or hostname of your Linux server.
Use the FTP protocol, and choose "Use explicit FTP over TLS if available."
Enter your username and password.
Connect to the server.

6. Testing FTP Server with Options:

You can test the FTP server with options for specific information using netstat:

-t: To display TCP info only.

-u: To display UDP info only.
-l: To show listening sockets only.
-p: To display the PID and program name for each socket.
-n: To show numerical addresses and port numbers.
-r: To display the routing table.
-i: To show statistics by interface.
-I <interface>: To display statistics for a specific interface.
-s: To display statistics by protocol (use with -u or -t).
For example, to display listening sockets and PID/program names, you can
use:

Command: netstat -l -p

To display statistics by protocol:

Command: netstat -s -t
7 - CLO5 - Configuring and Managing httpd Service

To configure and manage the Apache HTTP server (httpd) service on your Linux
machine, follow these steps

1. Stop and Start Apache HTTPd Service:

To stop and start the Apache HTTPd service, use the systemctl command:

To stop the service:

Command: sudo systemctl stop httpd

To start the service:

Command: sudo systemctl start httpd

2. Check the Status of Apache HTTPd Service:

To check the status of the Apache HTTPd service and ensure that it's running,
use:
Command: sudo systemctl status httpd

3. Test HTTPd Server Functionality Locally:

To test the Apache HTTPd server locally, open a web browser and enter the
following URL:
Command: http://localhost
 You should see the default Apache welcome page if the service is running
correctly. This page confirms that the web server is operational.

4. Start and Enable Apache HTTPd Service on System Boot:

To ensure that the Apache HTTPd service starts automatically at system boot,
use the following commands:

To start the service:

Command: sudo systemctl start httpd

To enable the service to start on boot:

Command: sudo systemctl enable httpd

After running these commands, Apache HTTPd will start on system boot.

8 - CLO5 - Configuring and managing SSH

To configure and manage the SSH service on your Linux machine, you can follow
these steps
1. Stop and Start SSH Service:
To stop and start the SSH service, you can use the systemctl command. The
SSH service is typically named "ssh" or "sshd." Use the appropriate service
name for your distribution:
 To stop the service:
Command: sudo systemctl stop sshd

To start the service:

Command: sudo systemctl start sshd

2. Check the Status of SSH Service:

To check the status of the SSH service and ensure that it's running, use:
Command: sudo systemctl status sshd

This command will provide information about the service's status and whether
it's active and running.

3. Test SSH Server Functionality Remotely (Download File):

To test the SSH server functionality by remotely downloading a file to your
local machine, you can use the scp command. Replace remote_user with the
username on the remote machine and remote_server with the remote server's
IP address or hostname. Also, specify the remote file and local directory for
download:
Command: scp remote_user@remote_server:/path/to/remote/file
/path/to/local/directory

For example: scp user@server.example.com:/path/to/remote/file.txt ~/Downloads/

 4. Login to SSH Server Remotely and Create a File:

To log in to the SSH server remotely and create a file in the user's home
directory, you can use the ssh command. Replace remote_user with the
username on the remote machine and remote_server with the remote server's
IP address or hostname:
Command: ssh remote_user@remote_server
After logging in, you can create a file in the user's home directory:
Command: touch sshfile.txt

9 - CLO6 - Securing Linux servers using iptables

To secure your Linux server using iptables, you can follow these steps. Ensure that
you have administrative privileges or root access to make these changes:
1. List All Firewall Rules:

To list all current firewall rules, run the following command:

Command: sudo iptables -L

2. View the Current Default Policy:

To view the current default policy for incoming and outgoing traffic, use the
following command:

Command: sudo iptables -P INPUT

3. Set Default Policy to Drop All Forwarding Connections:

To set the default policy to drop all forwarding connections, use the following
command:

Command: sudo iptables -P FORWARD DROP

4. Allow FTP Traffic (Port 20 and 21):

 To allow incoming FTP control and data requests (TCP ports 20 and 21), add
the following rules:

Command: sudo iptables -A INPUT -p tcp --dport 20 -j ACCEPT

sudo iptables -A INPUT -p tcp --dport 21 -j ACCEPT

5. Drop SSH Traffic:

To drop incoming SSH requests (assuming SSH runs on the default port 22),
use the following rule:

Command: sudo iptables -A INPUT -p tcp --dport 22 -j DROP

Verify this by attempting to connect to the Linux server through SSH from
another machine. You should not be able to establish a connection.

6. Delete the SSH Blocking Rule:

To delete the rule that drops SSH traffic, identify the rule number associated
with the SSH rule using iptables -L --line-numbers. Then use the rule number
to delete the rule:
Command: sudo iptables -D INPUT <rule_number>
7. Allow SSH Traffic:
To allow incoming SSH requests again, use the following rule:
Command: sudo iptables -A INPUT -p tcp --dport 22 -j ACCEPT

8. Save iptables Rules to a Backup File:

To save all iptables rules to a file named iptables.bak, use the following
command:
Command: sudo iptables-save > iptables.bak

9. Flush (Clear) All Firewall Rules:

To clear all firewall rules, use the following command:
Command: sudo iptables -F

10. Restore Rules from Backup File:

To restore all the rules from the backup file iptables.bak, use the following
command:
Command: sudo iptables-restore < iptables.bak