CTS 2311 (Unix/Linux Security) Project #1
Install Linux

 

Due: by the start of class on the date shown on the syllabus

Requirements:

Students have been assigned two computers.  For this project you only need to set up one of them.  The other will be set up when you complete the CTS-2333 (Networking) Install Project.  If you are not enrolled in that course, then you should set up both computers the same way, using the directions below.

  1. First gather system information for your assigned computer(s).  It may have changed since last term!
  2. Next, plan your hard disk partitioning scheme.  I strongly suggest using the ext4 filesystem type, and not the default of XFS.  You will need to have a /boot partition and a /home partition at least.  Make sure the root partition is large enough to hold all binaries and configuration files that you will put in it, plus room for more later.  25-40GB is reasonable.  (Less if you create many partitions.)  Later in this course you will create large (~15GB or larger) disk image files, so make sure you have space for them.
  3. You should use a default network (DHCP client) setup, and use an initial firewall that blocks nearly everything, but must allow SSH (at least).
  4. You must install Fedora Linux using the DVDs provided (or your own copy of the same version), on your assigned classroom computer(s) and hard drive(s).  (Note: Installing from a “live” DVD configures the system a little differently than installing from a normal “install” DVD.)
  5. Remember that you've been assigned a second computer; if you're not enrolled in the CTS2333 (Unix/Linux Networking) course then you should install and configure the second computer the same way.  (This machine will be used to test access to your first server.)

    Note you also have an install project from the Networking class, CTS-2333.  Most students are enrolled in both classes.  Be sure to read the install project for that class, and make sure your setup will apply the requirements of both.  (In particular, your second computer will be setup via a network install using KickStart.  That will require access to your HTTP server, so make sure the firewall has the appropriate hole or you'll need to add that in later.)

  6. You must enable SE Linux during the install.  However you can configure it for permissive mode.
  7. After the basic install is complete, bring your system up to date with all available updates for your operating system.  This may require you to configure yum/dnf first.  Note that although this process can take a long time, you can interrupt it and later resume the update.

    I would suggest adding an extra yum repository to include some extras that Red Hat doesn't include by default, due to licensing issues.  Consider adding rpmfusion.org and adobe-release-i386-1.0-1.noarch.rpm (which installs the Adobe yum repo for the Adobe Flash player).

  8. Set up the Apache web server as you did for the CTS-2322 Web Services, Part 1.  (This will be required to set up HTTPS in a later project, as well as for the Networking class' install project.)
  9. Perform any other post-install steps you see fit.  (See a list of post install steps for some ideas.)  I would suggest setting up printing at least.  What changes did you make to the initial (default) setup?
  10. Create (if you haven't done so previously) an account on the class wiki: YborStudent.hccfl.edu/UnixWiki.  Please be sure your real name is obvious from the account name you have chosen!  What is your account name on the class wiki site?  (Please remember you also have an account on YborStudent.  If you don't remember your account name, or need your password reset, please ask.)

Make a copy of your system journal pages that document in detail the Linux install done in class, including any post install steps done.  The system journal is a vital document that is used frequently for documentation of changes and of work performed, for accountability, and for trouble-shooting.

Start your journal with the system name, location, purpose, and date.  The initial system install documentation should include a hardware inventory for each system component (make, model, and configuration for each) such as the NIC, the video card, the RAM, CPU, Hard Disk(s), removable media, etc.  Then each configuration choice made during the install should be documented in enough detail so that someone else could duplicate your setup if necessary, even if using a slightly different distribution.  (Thus, saying "selected all defaults" is not good enough!)  Don't forget to include any post-install steps taken!

System Journal Hints:

For this class you can use the class wiki to host your system journal.  You can edit and create pages as necessary, under your “user” page.  (Use the help link for page creation and editing help.)

Write down every step either before you try it, or as you do it.  You will never remember exactly what you did, later!  If you stick to command line tools, you can use the script command to record every keystroke you type and all output.  (You can also use the history (or fc) command to view the commands you entered, and copy them into your journal. ) However this command isn't available for the install step, so you should either use paper and pencil, or use a second computer and work on your wiki page for your journal.  You should record everything, even the steps you un-do later!  You can always clean up the journal before creating management reports, or before you turn it in to your instructor for grading.  Keeping an accurate and complete journal is a common requirement for all engineers, not just system administrators.

Before making any changes to configuration files (such as those under /etc), make a copy of the current version of the file.  Then when done playing with the file and all is working again, you can copy the output of diff to your journal, to show what changed.  (You can also use some version control system for this.)

A beginner administrator tends to document each command issued, for example: 

 2/30/01  WP  useradd -m FooBarr

Which says what command was done, when it was done, and by whom (WP are the initials of the administrator).  This is actually not a bad journal entry.  But with experience your journal entries change.  Instead of showing how something was done (i.e., what command), the journal shows what was done and why: 

2/30/01  WP  Added user account for new employee "Foo Barr",
             a programmer on the "DSL" project.

(Having both types showing the exact command used and why would be the most useful of all, but in reality no one keeps that detailed a journal.)  A sample system journal can be found from our class web page, in the resources section.  Please note that a single journal entry can list several related commands.  This is easier to read than adding a date (and initials) to every line in the journal: 

    2/30/01  WP  Added user account "fbarr" for new employee "Foo Barr",
                 a programmer on the "DSL" project.
                 Updated /etc/group entry for DSL to include fbarr.

Additional Linux installation help can be found at the CTS-2301C Linux Install Project webpage and at the Disk Partitioning Guide webpage.

To be turned in:

A copy of your journal pages.  You can send as email to (preferred).  If email is a problem for some reason, you may turn in a hard-copy.  In this case the pages should be readable, dated, and stapled together.  Your name should appear on the first page.  See the System Journal Hints section above for more details.

Don't turn in your whole journal, you will need to add to it every day in class!  It is common in fact to keep the journal as a text file on the system (with a paper backup of course).

Please see your syllabus for more information about submitting projects.