Network system management (sample question 2)

Module A: Linux Environment

**Executive Committee of national vocational college skills competition. Technical expert group March 2021

catalogue
1, Competition introduction - 2-
2, Competition considerations - 2-
3, Submission of competition results - 2-
4, Initialize environment - 2-
1. Default account and password - 2-
2. Operating system configuration - 2-
5, Project task description - 3-
1. Topology - 3-
2. Basic configuration - 4-
3. Mission requirements - 4-
CLIENT TASK - 5 -
RSERVER TASK - 5 -
SERVER01 TASK - 6 -
SERVER02 TASK - 8 -
SERVER03 TASK - 8 -
SERVER04 TASK - 9 -
1, Competition introduction
1. Please read the following guidelines carefully!
2. The competition lasts 4 hours. You must decide how to allocate your time.
3. When the game is over, please do not shut down your virtual machine when you leave.
4. If there is no explicit requirement, please use "chinakill21" as the default password.
5. All systems in this module are in the most basic installed system state, and the client is equipped with desktop.
2, Competition precautions
1. The hardware, software and auxiliary tools required for the competition shall be uniformly arranged by the organizing committee. Contestants shall not bring any software, mobile storage, auxiliary tools, mobile communication, etc. into the competition field without permission.
2. Please check whether the listed hardware equipment, software list and material list are complete and whether the computer equipment can be used normally according to the competition environment provided by the competition.
3. During operation, the equipment configuration needs to be saved in time. After the competition, all equipment shall remain in operation. Do not remove the hardware connection.
4. After the competition, please keep the competition equipment, software and questions on your seat. It is forbidden to take all items used in the competition (including test papers and papyrus) away from the field.
5. The referee shall take the competition result documents submitted by each participating team as the main scoring basis. All submitted documents must be named according to the naming rules specified in the competition questions, and shall not reflect the participating institutions, station numbers and other information in any form.
3, Submission of competition results
According to the requirements of the topic, submit WORD files and corresponding PDF files that meet the template (PDF files are generated by saving Office Word as PDF files). It is suggested that in addition to the screenshots of configuration files, screenshots of function test should also be taken. Those that can be tested on the terminal must be tested and screenshot on the terminal, otherwise the function test part will not be scored.
4, Initialize environment
1. Default account and password
Username: root
Password: ChinaSkill21!
Username: skills
Password: ChinaSkill21!
Note: unless otherwise specified, the passwords of all accounts are ChinaSkill21!
2. Operating system configuration
Area: CST + 8
System environment language: English US (UTF-8)
Keyboard: English US
Note: when the task is to configure TLS, please add the root certificate or self signed certificate to the trusted zone.
After the console is logged in, whether it is network login or local login, it will be displayed according to the welcome information below

ChinaSkills 2020 – Jiangsu
Module A Linux
lnxserver1
Complete spelling of contestant's name

hostname<<
Debian Version<<
TIME <<

5, Project task description
A company needs to provide employees with convenient, safe and stable internal and external network services. As a company network system administrator, you are responsible for the company's network system management. Please complete the network service installation and testing according to the network topology, basic configuration information and service requirements. The network topology and basic configuration information are as follows:
1. Topology

2. Basic configuration
The basic configuration of server and client is shown in the following table:
Device Hostname FQDN IP Address Service
Server01 Server01 Server01.sdskills.cn 172.16.100.201 RAID5
NFS
DNS(bind)
Webserver(apache)
SSH
DBMS

3. Mission requirements
Task equipment: Client,Rserver,servr01,server02,server03,server04.
Note: if not specified in the title, please use the default configuration.

CLIENT TASK

1.Client: simple Debian has been pre installed. The specific requirements are as follows:
• it is required to have access to all servers for testing application services.
• please install a GNOME desktop environment for this host.
• adjust the display resolution to 1280x768;
• test DHCP, and the IPv4 address of the host network card is automatically obtained;
• test dns and install dnsutils and dig command line tools;
• test the web, install firefox browser and curl command line test tool, and do not pop up security warning information at any time;
• test ssh and install ssh command line tools;
• test VPN and install VPN client tool software;
• test ftp and install ftp command line client tools;
• test file sharing and install Samba command line client tools;
• test mail, install thunderbird, and send and receive mail normally;
• other settings are the default settings.

SERVER01 TASK

1.NETWORK
 please configure the host name of the server, network card IP address configuration, domain name server, gateway, etc. according to the basic configuration information.

root@server01:~# vim /etc/network/interfaces
auto ens37
iface ens37 inet static
address 172.16.100.201
netmask 255.255.255.128
gateway 172.16.100.254
systemctl restart networking
root@server01:~# hostnamectl set-hostname server01
root@server01:~# vim /etc/hosts
127.0.0.1 Server01.sdskills.cn

2.RAID5
 add four 1G hard disks to the virtual machine;
 create raid5, one of which is used as a hot spare, and the device name is md0;
 set md0 as LVM and the device as / dev/vg01/lv01;
 formatted as ext4 file system;
 automatically mount to / data directory after startup.

Add 4 pieces 1 g Hard disk
root@server01: echo "- - -" /sys/class/scsi_host/host0/scan 
root@server01:  echo "- - -" /sys/class/scsi_host/host1/scan 
root@server01:  echo "- - -" /sys/class/scsi_host/host2/scan 
root@server01:~# mdadm -Cv /dev/md0 -n 3 -l 5 -x 1 /dev/sdb /dev/sdc /dev/sdd /dev/sde create raid5 and backup disks
#-Cv display process / dev/md0 device name - N raid disks - l raid level 5 -x 1 backup disk
root@server01:~# Echo / dev / md0 / MNT / raid ext4 defaults 0 > > / etc / fstab mdadm - D / dev / md0 view details
root@server01:~# Echo / dev / md0 / MNT / raid ext4 defaults 0 > > / etc / fstabvgcreate vg01 / dev / md0 create a volume group
root@server01:~# lvcreate -L 1G -n lv01 vg01 lv logical volume
root@server01:~# mkfs.ext4 /dev/vg01/lv01 formatted as ext4
root@server01:~# mkdir /mnt/raid create mount file
root@server01:~# mount /dev/vg01/lv01 /mnt/raid / Mount
root@server01:~# Echo / dev / md0 / MNT / raid ext4 defaults 0 > > / etc / fstab permanently mounted

3.NFS
 share / data/share directory;
 it is used to store the web data of server01 host;
 only the service network segment is allowed to access the share.

root@server01:~# apt install nfs-common nfs-kernel-server  -y
root@server01:~# mkdir /data/share -p
root@server01:~# mkdir /data/web -p
root@server01:~# vim /etc/exports edit the configuration file
/data/share     172.16.100.128/25(rw,sync,no_root_squash,insecure) Only server address access is allowed
root@server01:~# systemctl restart nfs-kernel-server.service
root@server01:/# showmount -e localhost test local server
#test
 Client (192 network segments)
apt install nfs-comm
showmount -e 172.16.100.201
root@kali:~# MKDIR / data01 / share - P create mount directory
root@kali:~# mount -t nfs -o nolock 192.168.200.32:/data/share /data01/share / Mount
mount.nfs: access denied by server while mounting 172.16.100.201:/data/share access was denied

4.DNS(bind)
 install bind service;
 establish the sdskills.cn domain and establish positive / negative domain name resolution for all hosts or servers except the Internet region.
 in case of domain names that cannot be resolved, apply to skills.cn for higher-level resolution.

root@server01:/# apt install bind9
root@server01:/data/share/htdocs/skills# vim /etc/bind/named.conf.local
zone "." IN {
        type master ;
        file "/etc/bind/chinaskills";
};
zone "sdskills.cn" IN {
        type slave;
        masters { Main service address; };
file "/etc/bind/slave";
};
zone "100.16.172.in-addr.arpa"  {
        type master;
        file "/etc/bind/db.172.16.100";
};
zone "100.10.10.in-addr.arpa"  {
	 type master; 
	file "/etc/bind/db.10.10.100"; 
}; #Reverse dns
~                                                                                
vim /etc/bind/chinaskills
$TTL  1D
@  IN  SOA  ns.domain.com.  hostmaster.domain.com. (
                0    ; Serial
                1D   ; Refresh
                1H   ; Retry
                1W   ; Expire
                3H ) ; Negative Cache TTL
        IN      NS      localhost.  
*       IN      A       192.168.200.32 #All unknown domain names resolve the cost machine address. Remember to change the nameserver to the cost machine
vim /etc/bind/slave
$TTL  1D
@  IN  SOA  ns.domain.com.  hostmaster.domain.com. (
                0    ; Serial
                1D   ; Refresh
                1H   ; Retry
                1W   ; Expire
                3H ) ; Negative Cache TTL
        IN      NS      server02.sdskills.cn.  
server02       IN      A       192.168.100.253
www				IN 		A 		192.168.200.253(Server address)
~       
                                     

5.Webserver(apache)
 install apache services;

root@server01:~# apt install apache2

 provided by Server01 www.sdskills.cn
 skills portal;
 use apache services;
 web page files are placed in / data/share/htdocs/skills;

root@server01:~# vim /etc/apache2/sites-enabled/000-default.conf 
DocumentRoot /data/share/htdocs/skills
mkdir /data/share/htdocs/skills -p

 the service runs as a user webuser;

vim /etc/apache2/apache2.conf
User webuser
root@server01:~# useradd webuser

 the content of the home page is "This is the front page of sdskills's website";
 / htdocs/skills/staff.html is "Staff Information";
 this page can only be accessed after the employee's account authentication;
 employee accounts are stored in ldap, and the accounts are zsuser and lsus

root@server01:~# touch /data/share/htdocs/skills/index.html
root@server01:~# vim /etc/apache2/apache2.conf
<Directory /data/share/htdocs/skills>
        Options  Indexes FollowSymLinks
        AllowOverride all
       Require all granted
</Directory>
root@server01:~# echo "This is the front page of sdskills's website." >/data/share/htdocs/skills/index.html
root@server01:~# touch /data/share/htdocs/skills/staff.html
root@server01:~# vim /etc/apache2/apache2.conf
<Directory /data/share/htdocs/skills/staff.html>
        AuthType Basic
        AuthName "Password"
        AuthUserFile /etc/apache2/1dap
        require valid-user
</Directory>
root@server01:~# touch  /etc/apache2/1dap
root@server01:~#htpasswd -c /etc/apache2/1dap zsuser
root@server01:~#htpasswd -c /etc/apache2/1dap lsus

 the website uses https protocol;
 SSL uses the certificate issued by RServer and is issued to:
C = CN
ST = China
L = ShangDong
O = skills
OU = Operations Departments
CN = *.skills.cn
 CA certificate path of Sever01: / CA/cacert.pem
 issue digital certificate by:
C = CN;
O = Inc
OU = www.shills.cn
CN = shill Global Root CA
 when the client accesses https, there should be no browser (including terminal) security warning information;
 automatically jump to https secure connection when users use http access;
 when users use sdskills.cn or any.sdskills.cn (any represents any website prefix), they will automatically jump to www.sdskills.cn.

There will be another issue here in the future

6.SSH
 install SSH
 only client clients are allowed to access ssh, and requests from other hosts should be rejected;
 the configured client can only log in without secret key in the chinakill 20 user environment. The port number is 1122 and has root control authority.

I've written this in the previous chapter, but I won't write it

7.DBMS(MariaDB)
 complete the installation of MariaDB database on Server01, and add the database root user with the password chinakill20!

root@debian:~# apt install mariadb-server
root@debian:~# apt install apache2
root@debian:~# apt install php libapache2-mod-php php-mysql
root@debian:~# apt install php-bz2 php-curl  php-gd  php-tcpdf  php-zip
root@debian:~# cp phpMyAdmin-5.0.4-all-languages /var/www/html/phpadmin
root@debian:~# mysqladmin -u root -p password chinaskills
root@debian:~# mysql_secure_installation

 install the MariaDB database server component;
 MariaDB database administrator information: user: root / password: chinakill20!;
 install the MariaDB WEB management panel "phpMyAdmin" and publish it through apache
 install phpMyAdmin, the web management panel component of MariaDB;
 install apache and configure the php environment for publishing phpMyAdmin**