Install Centos7 VM on the VirtualBox and make a fresh clone. This is basic install with no GUI.
Exercise 0
Done on CentOS7 clone
1.Configure your hostname to be something distinctive:
sudo hostnamectl set-hostname myHost
2.Install commonly-used software
sudo yum update -y
sudo yum install -y git wget
------------------------------------------
[[[[this gave me the error,
The error message indicates that the yum package manager on your CentOS 7 system is unable
to retrieve the repository metadata because it cannot resolve the host for the mirror list. Here are steps to resolve this issue:
Check Network Connectivity:
ping 8.8.8.8
ping 8.8.8.8 says network is unreachable
sudo systemctl restart network
Edit the DNS configuration file:
nameserver 8.8.8.8
nameserver 8.8.4.4
sudo vi /etc/sysconfig/network-scripts/ifcfg-enp0s3
DEVICE=enp0s3
BOOTPROTO=dhcp
ONBOOT=yes
sudo systemctl restart network
ping 8.8.8.8
sudo yum update -y]]]
----------------------------------------------
3. Install useful utilities
sudo yum install -y yum-utils
4. Modify your .bashrc file with shell highlighting and useful bash aliases.
nano ~/.bashrc
# Enable color highlighting
alias ls='ls --color=auto'
alias grep='grep --color=auto'
alias egrep='egrep --color=auto'
alias fgrep='fgrep --color=auto'
# Useful aliases
alias ll='ls -alF'
alias la='ls -A'
alias l='ls -CF'
# Alias for sudo
alias please='sudo'
# Custom prompt with color (optional)
PS1='\[\e[0;32m\]\u@\h \[\e[0;34m\]\w \$\[\e[0m\] '
source ~/.bashrc
5. Verify the Alias
please whoami
Exercise 1: Yum Repositories, Updates, Package Management, Software Installation From Source
1.Update the kernel on your VM to the latest version.
sudo yum update -y
sudo yum install kernel -y
2. Apply all security updates to the VM (security only - not bugfixes)
sudo yum install -y
sudo yum install --security -y
(it said: no packages needed for security:0 packages available, no packages marked for update)
3. Add the EPEL & MySQL community repositories to your system
Using .rpm files
1. Add EPEL Repository:
sudo yum install epel-release -y
2. Download and Install MySQL Community Repository RPM:
wget https://dev.mysql.com/get/mysql57-community-release-el7-11.noarch.rpm
sudo rpm -ivh mysql57-community-release-el7-11.noarch.rpm
Manually Adding a .repo File (not necessary!):
sudo vi /etc/yum.repos.d/epel.repo
Add the following content to epel.repo:
---------------------------------
[[[the following lines already exist, with the exception that on the gpgkey, in place of 'https' there is 'file' and I did not make any change to it]]]
----------------------------------
[epel]
name=Extra Packages for Enterprise Linux 7 - $basearch
baseurl=https://download.fedoraproject.org/pub/epel/7/$basearch
enabled=1
gpgcheck=1
gpgkey=https://download.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-7
Create MySQL Repository File:
sudo vi /etc/yum.repos.d/mysql-community.repo
-------------------------------------------
[[[this file did not exist, I tried to create it, but it says:"mysql-community.repo" E212 Can't open file for writing, so I did not do this step as it says, it is not necessary]
---------------------------------------------
Add the following content to mysql-community.repo:
[mysql57-community]
name=MySQL 5.7 Community Server
baseurl=http://repo.mysql.com/yum/mysql-5.7-community/el/7/$basearch/
enabled=1
gpgcheck=1
gpgkey=https://repo.mysql.com/RPM-GPG-KEY-mysql
4. Install MySQL 5.7 from the Community Repository
Troubleshot for correct version of mysql:
rpm --import https://repo.mysql.com/RPM-GPG-KEY-mysql-2022
-------------------------------
[[[i did not do this above command]]]
Install MySQL Server:
sudo yum install mysql-community-server -y
[[[got error messages, so do : sudo rpm --import https://repo.mysql.com/RPM-GPG-KEY-mysql-2022 , sudo yum clean all
, sudo yum install mysql-community-server -y
and continue following]]]
---------------------------
Start and Enable MySQL Service:
sudo systemctl start mysqld
sudo systemctl enable mysqld
5. Remove MySQL and replace it with MariaDB from the main RHEL repository.
This step consistently failed-skipped!
6. Install Singularity from Source Code
sudo yum groupinstall -y "Development Tools"
sudo yum install -y libseccomp-devel wget
For Singularity 3 (requires Go):
Install Go:
wget https://dl.google.com/go/go1.15.6.linux-amd64.tar.gz
sudo tar -C /usr/local -xzf go1.15.6.linux-amd64.tar.gz
export PATH=$PATH:/usr/local/go/bin
Download and Compile Singularity:
export VERSION=3.7.3 # change this to the desired version
wget https://github.com/sylabs/singularity/releases/download/v${VERSION}/singularity-${VERSION}.tar.gz
tar -xzf singularity-${VERSION}.tar.gz
cd singularity
./mconfig
make -C builddir
sudo make -C builddir install
7. Set Up Your First Container (lolcow)
Pull the lolcow Container:
singularity pull lolcow.sif library://lolcow
Run the lolcow Container:
singularity run lolcow.sif
Exercise 2: User and Group Accounts
1. Create users henry and maria who belong (primary group) to a group called surgery.
Create the surgery group:
sudo groupadd surgery
sudo useradd -m -g surgery henry
sudo useradd -m -g surgery maria
2. Create users luis and alexandra who belong (primary group) to a group called psychiatry.
sudo groupadd psychiatry
sudo useradd -m -g psychiatry luis
sudo useradd -m -g psychiatry alexandra
3. Create user emil who belongs (primary group) to a group called busadmin.
sudo groupadd busadmin
sudo useradd -m -g busadmin emil
4. Create a group called collaboration.
sudo groupadd collaboration
5. Add maria and luis to the collaboration group.
sudo usermod -aG collaboration maria
sudo usermod -aG collaboration luis
6. Change henry's primary group to psychiatry.
sudo usermod -g psychiatry henry
7. (Optional) Remove Password Prompt for su Command
henry ALL=(ALL) NOPASSWD: /bin/su maria (I just did henry and maria having access to each other, not anyone else's)
maria ALL=(ALL) NOPASSWD: /bin/su luis
luis ALL=(ALL) NOPASSWD: /bin/su alexandra
alexandra ALL=(ALL) NOPASSWD: /bin/su emil
emil ALL=(ALL) NOPASSWD: /bin/su henry
OR
(for empty passwords. not recommended)
sudo passwd -d henry
sudo passwd -d maria
sudo passwd -d luis
sudo passwd -d alexandra
sudo passwd -d emil
Exercise 3: File Permissions & ACLs
1. Create a project directory for the surgery group - /project/surgery
sudo mkdir -p /project
sudo mkdir /project/surgery
2. Create a project directory for the psychiatry group - /project/psychiatry
sudo mkdir /project/psychiatry
3. Set file permissions so that group project directories are only accessible by group members.
sudo chown :surgery /project/surgery
sudo chmod 2770 /project/surgery
sudo chown :psychiatry /project/psychiatry
sudo chmod 2770 /project/psychiatry
4. Set file permissions so that all members of a group can create files and directories inside their group project directories.
Ensure that any newly-created files and directories still belong to the group.
The chmod 2770 command already sets the setgid bit, which ensures that new files and directories inherit the group ownership of their parent directory.
5. Create a /project/collaboration directory which is only accessible by the collaboration group.
sudo mkdir -p /project/collaboration
sudo chown :collaboration /project/collaboration
sudo chmod 2770 /project/collaboration
6. Set file permissions so that any file created inside the /project/collaboration directory belongs to the collaboration group. Further set permissions so that collaborators cannot delete or move each other's files.
sudo chmod g+s /project/collaboration -- does the same job as 2770
sudo chmod +t /project/collaboration
sudo setfacl -d -m group:collaboration:rwx /project/collaboration
sudo setfacl -m group:collaboration:rwx /project/collaboration
sudo setfacl -d -m default:group::r-x /project/collaboration
7. Set an ACL so that emil has read-only access to anything which currently exists in the top-level /project/collaboration directory, but does not have access to anything contained in sub-directories.
sudo setfacl -m user:emil:r-- /project/collaboration/*
sudo setfacl -m d:u:emil:r-- /project/collaboration
8. Modify the ACL so that emil has read-only access to anything which is created in the future in the top-level /project/collaboration directory, but does not have access to anything contained in sub-directories.
sudo setfacl -d -m u:emil:r /project/collaboration
sudo setfacl -m d:u:emil:--- /project/collaboration/*
9. Modify the ACL so that emil can read all files and traverse all sub-directories in /project/collaboration. Further modify the ACL so that emil retains this ability for any files and directories created in the future.
sudo setfacl -m user:emil:rx /project/collaboration
sudo setfacl -m d:u:emil:rx /project/collaboration
sudo setfacl -R -m u:emil:rx /project/collaboration
Q. Is it possible to create an ACL so that emil can traverse all sub-directories in /project/collaboration and can cat the contents of any text files, but cannot execute any code located in the sub-directories?
sudo setfacl -R -m u:emil:rx /project/collaboration
sudo find /project/collaboration -type f -exec setfacl -m u:emil:r-- {} \;
sudo setfacl -d -m u:emil:rx /project/collaboration
sudo setfacl -d -m u:emil:r-- /project/collaboration
Exercise 4: Local Storage
1. Add two new virtual hard disks in VirtualBox with 1GB of space each.
(make sure that the VM is not turned on, this is to be done on the virtual box settings. This won't work if the VM is running)
Open VirtualBox.
Select your virtual machine and click on Settings.
Go to the Storage tab.
Click on the Controller: SATA (or the appropriate controller type).
Click on the Add Hard Disk icon (a hard disk with a green plus).
Select Create a new disk and click Next.
Choose VDI (VirtualBox Disk Image) and click Next.
Choose Dynamically allocated and click Next.
Set the disk size to 1GB and click Create.
Repeat steps 4-9 to add the second 1GB disk.
2. Add the new physical devices to your virtual machine.
Verify the new disks are recognized by the system:
lsblk
You should see the new disks, typically named /dev/sdb and /dev/sdc.
3. Extend the default volume group that contains your / (root) filesystem to include the new physical devices.
Identify the existing volume group (VG):
sudo vgdisplay
Note the name of the volume group (e.g., centos).
Create physical volumes (PVs) on the new disks:
sudo pvcreate /dev/sdb
sudo pvcreate /dev/sdc
Extend the volume group to include the new physical volumes:
sudo vgextend <volume_group_name> /dev/sdb /dev/sdc
4. Create a new logical volume (LV) using 25% of the total space in your volume group, create an XFS filesystem, and mount it.
Do not do this by specifying the extent in absolute units (e.g. MiB, GB, etc.) You may need to refer to the man pages.
Calculate 25% of the total space in the volume group:
sudo vgdisplay centos
Note the total size of the VG (e.g., 5GB if the original size was 3GB and you added 2GB).
Create a logical volume using 25% of the VG's total space:
sudo lvcreate -l 25%VG -n mylv1 <volume_group_name>
Create an XFS filesystem on the new logical volume:
sudo mkfs.xfs /dev/<volume_group_name>/mylv1
Add the mount to /etc/fstab:
echo "/dev/<volume_group_name>/my_lv1 /mnt/my_lv1 xfs defaults 0 0" | sudo tee -a /etc/fstab
5. Extend the Logical Volume to Use 50% of the Total Space
sudo lvextend -l +25%VG /dev/<volume_group_name>/my_lv1
Grow the XFS filesystem to the new size:
sudo xfs_growfs /mnt/my_lv1
6. Create a new logical volume (LV) using 25% of the free space in your volume group, create an EXT4 filesystem, and mount it.
Do not do this by specifying the extent in absolute units (e.g. MiB, GB, etc.) You may need to refer to the man pages.
Create a logical volume using 25% of the free space:
sudo lvcreate -l 25%FREE -n my_lv2 <volume_group_name>
Create an EXT4 filesystem on the new logical volume:
sudo mkfs.ext4 /dev/<volume_group_name>/my_lv2
Create a mount point and mount the filesystem:
sudo mkdir /mnt/my_lv2
sudo mount /dev/<volume_group_name>/my_lv2 /mnt/my_lv2
Add the mount to /etc/fstab:
echo "/dev/<volume_group_name>/my_lv2 /mnt/my_lv2 ext4 defaults 0 0" | sudo tee -a /etc/fstab
7. Extend the logical volume you just created to use 50% of the free space in your volume group, ensuring the file system grows to the new size.
Extend the logical volume:
sudo lvextend -l +25%FREE /dev/<volume_group_name>/my_lv2
Resize the EXT4 filesystem to the new size:
sudo resize2fs /dev/<volume_group_name>/my_lv2
Exercise 5: Acronyms/Initialisms and Terminology
Exercise 5: Acronyms/Initialisms and Terminology
Networking:
NIC, NAT
NIC (Network Interface Card): Hardware that connects a computer to a network.
NAT (Network Address Translation): A method to remap one IP address space into another by modifying network address information in IP packet headers.
Similarities: Both are related to network connectivity and IP address handling.
Differences: NIC is hardware, NAT is a protocol/method.
PDU, Frame, Packet, Segment, Datagram
PDU (Protocol Data Unit): Generic term for data units at any layer of the OSI model.
Frame: Data unit at the Data Link Layer.
Packet: Data unit at the Network Layer.
Segment: Data unit at the Transport Layer in TCP.
Datagram: Data unit at the Transport Layer in UDP.
Similarities: All are PDUs specific to different OSI layers.
Differences: Specific to different layers and protocols (TCP for Segment, UDP for Datagram).
DNS, DHCP
DNS (Domain Name System): Translates domain names into IP addresses.
DHCP (Dynamic Host Configuration Protocol): Assigns IP addresses to devices on a network.
Similarities: Both are network services and protocols.
Differences: DNS translates names to IPs; DHCP assigns IPs dynamically.
TCP, UDP
TCP (Transmission Control Protocol): Connection-oriented protocol ensuring reliable data transfer.
UDP (User Datagram Protocol): Connectionless protocol with no guaranteed delivery.
Similarities: Both are Transport Layer protocols.
Differences: TCP is reliable and connection-oriented; UDP is faster and connectionless.
IPv4, IPv6
IPv4 (Internet Protocol version 4): 32-bit address space, widely used.
IPv6 (Internet Protocol version 6): 128-bit address space, designed to replace IPv4.
Similarities: Both are IP addressing protocols.
Differences: IPv6 has a larger address space and includes improvements over IPv4.
Switch, Router
Switch: Connects devices within a single network, operates at the Data Link Layer.
Router: Connects different networks, operates at the Network Layer.
Similarities: Both are network devices.
Differences: Switches operate within a network; routers connect different networks.
Storage:
PV, VG, LV
PV (Physical Volume): The actual physical storage device.
VG (Volume Group): A collection of PVs.
LV (Logical Volume): A partition created from a VG.
Similarities: All are components of Logical Volume Management (LVM).
Differences: PV is the physical layer; VG groups PVs; LV is a usable storage volume.
Filesystem
Filesystem: Method for storing and organizing files on storage media.
Similarities: N/A.
Differences: N/A.
LVM
LVM (Logical Volume Management): A system for managing logical volumes or filesystems.
Similarities: N/A.
Differences: N/A.
LUN
LUN (Logical Unit Number): Identifier for a logical unit in storage.
Similarities: N/A.
Differences: N/A.
HBA
HBA (Host Bus Adapter): Hardware that connects a server to a storage network.
Similarities: N/A.
Differences: N/A.
Linux commands and concepts:
su, sudo
su (Substitute User): Switches to another user account.
sudo (Superuser Do): Executes a command with superuser privileges.
Similarities: Both elevate user privileges.
Differences: su switches users; sudo executes commands with elevated privileges.
When is using su a good idea?: For switching to a different user account, especially for a long session.
Why might using sudo in most cases be preferable?: Provides limited, logged access to superuser privileges, improving security.
What does sudo - <command> do?: Executes <command> with superuser privileges.
adduser, useradd
adduser: Higher-level script for adding users.
useradd: Low-level command for adding users.
Similarities: Both add users to the system.
Differences: adduser is more user-friendly; useradd is more basic.
SUID, SGID, Sticky Bit
SUID (Set User ID): Executes a file with the permissions of the file owner.
SGID (Set Group ID): Executes a file with the permissions of the group owner.
Sticky Bit: Restricts file deletion in a directory to the file's owner.
Similarities: All modify default file permission behavior.
Differences: SUID affects user ID, SGID affects group ID, Sticky Bit affects directory file deletion.
Kernel, operating system, service, module, daemon, shell
Kernel: Core part of the OS, manages system resources.
Operating System (OS): Software that manages hardware and software resources.
Service: Background process managed by the OS.
Module: Loadable component of the kernel.
Daemon: Background process that runs continuously.
Shell: Command-line interface to the OS.
Similarities: All are components or concepts related to the functioning of an OS.
Differences: Different roles in the OS (kernel is core, shell is interface, etc.).
rpm, yum
rpm (Red Hat Package Manager): Low-level package management tool.
yum (Yellowdog Updater, Modified): High-level package management tool that uses rpm.
Similarities: Both are package management tools.
Differences: rpm is low-level; yum is high-level and provides more features like automatic dependency resolution.
General:
SSH, SSL, TLS, IPSec
SSH (Secure Shell): Protocol for secure remote login and other secure network services.
SSL (Secure Sockets Layer): Predecessor to TLS for securing data transfer over networks.
TLS (Transport Layer Security): Successor to SSL, used for secure data transfer over networks.
IPSec (Internet Protocol Security): Protocol suite for securing IP communications by authenticating and encrypting each IP packet.
Similarities: All provide security for network communications.
Differences: Different protocols for different types of secure communications.
Linux, Unix, Windows
Linux: Open-source Unix-like operating system.
Unix: Multiuser, multitasking operating system.
Windows: Proprietary operating system by Microsoft.
Similarities: All are operating systems.
Differences: Different origins, licensing models, and design philosophies.
Optional Exercise: OSI Model of SSH
OSI Model Layers:
Physical Layer: Transmission of raw bit streams over a physical medium.
Data Link Layer: Node-to-node data transfer and error detection.
Network Layer: Routing of packets between nodes.
Transport Layer: End-to-end communication, error recovery, and flow control.
Session Layer: Establishes, manages, and terminates sessions between applications.
Presentation Layer: Data translation, encryption, and compression.
Application Layer: Network services to applications.
Relevance to SSH:
Physical Layer: Physical media (e.g., Ethernet) used for data transmission.
Data Link Layer: Data encapsulation into frames.
Network Layer: Routing of encrypted packets.
Transport Layer: TCP connection established for SSH.
Session Layer: Manages SSH session.
Presentation Layer: Encryption/decryption of SSH data.
Application Layer: SSH protocol itself.
Differences Between SSH, SSL/TLS, and IPsec from OSI Perspective:
SSH: Primarily operates at the Application Layer, with encryption handled at the Presentation Layer.
SSL/TLS: Operates at the Presentation Layer, securing data for transport at the Application Layer.
IPsec: Operates at the Network Layer, securing IP packets end-to-end.