WEB375 Week 8 Course Project, Exams of Network Programming

WEB375 Week 8 Course Project WEB375 Week 8 Course Project WEB375 Week 8 Course Project

Typology: Exams

2021/2022

Available from 05/03/2022

Docgiana
Docgiana 🇺🇸

3.3

(14)

1.9K documents

1 / 47

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
Week 8 – Course Project
Week 8 – Course Project – WEB375
Dhavalkumar Rabari
DeVry University
pf3
pf4
pf5
pf8
pf9
pfa
pfd
pfe
pff
pf12
pf13
pf14
pf15
pf16
pf17
pf18
pf19
pf1a
pf1b
pf1c
pf1d
pf1e
pf1f
pf20
pf21
pf22
pf23
pf24
pf25
pf26
pf27
pf28
pf29
pf2a
pf2b
pf2c
pf2d
pf2e
pf2f

Partial preview of the text

Download WEB375 Week 8 Course Project and more Exams Network Programming in PDF only on Docsity!

Week 8 – Course Project – WEB Dhavalkumar Rabari DeVry University

DeVry Daily Tribune Web Architecture Plan

Introduction

Because of the explosion in digital news sources, DeVry Television and DeVry Radio have decided to merge their communications media businesses in order to better defend against this online assault. They plan to co-locate their broadcast and news offices in a single building where they also plan to establish a strong digital news presence. The new business is called DeVry RadioVision (DRV) and has the domain www.drv.edu. The business has hired us—WEB375 Consulting—to design a secure and robust web architecture for its new facility. Our contract requires us to deliver a diagram of the web architecture plan and instructions that their system administrator can use to set up each of the servers they need. Luckily for us, DRV has chosen to go with Linux, which is our specialty, as the core operating system for its servers. The following are the core requirements for the web architecture.  Electronic mail for DRV's 200 employees. Employees in the building (on the LAN) can access their e-mail with any e-mail client, but employees offsite must use a web-based e-mail client.  Secure FTP for company employees to upload digital video from mobile phones whenever they happen to be at the scene of a breaking story. All company employees should upload digital video to their own individual directories and not have access to other user's video.  Anonymous FTP for the public to upload digital video from mobile phones whenever they happen to be at the scene of a breaking story. The public can also download selected royalty-free or creative commons videos that the broadcast company decides to make available for offline viewing. This may be hosted on a different machine from the secure FTP server.  A dynamic new website supported by a LAMP architecture. Reporters will be able to write and submit their news stories through the web interface, which will save the stories in the database. The web application will present these stories to users when they visit the website.  DeVryRadioVision already has the above PHP web application developed; we just need to design and develop instructions for the installation of the web server and database server to support the application.

Linux Administrator Account Set-up

  1. Log in to your server as the root user. ssh root@server_ip_address  Use the adduser command to add a new user to your system. Be sure to replace username with the user that you want to create. adduser username Set and confirm the new user's password at the prompt. A strong password is highly recommended! Set password prompts: Enter new UNIX password: Retype new UNIX password: passwd: password updated successfully Follow the prompts to set the new user's information. It is fine to accept the defaults to leave all of this information blank. User information prompts: Changing the user information for username Enter the new value, or press ENTER for the default Full Name []: Room Number []: Work Phone []: Home Phone []: Other []: Is the information correct? [Y/n]  Use the usermod command to add the user to the sudo group. usermod -aG sudo username By default, on Ubuntu, members of the sudo group have sudo privileges.  Test sudo access on new user account

Use the su command to switch to the new user account. su - username As the new user, verify that you can use sudo by prepending "sudo" to the command that you want to run with superuser privileges. sudo command_to_run For example, you can list the contents of the /root directory, which is normally only accessible to the root user.  sudo ls -la /root The first time you use sudo in a session, you will be prompted for the password of the user account. Enter the password to proceed. Output: [sudo] password for username: If your user is in the proper group and you entered the password correctly, the command that you issued with sudo should run with root privileges [Aaa18].

Mail Server Installation and Configuration

After installing the Postfix mail server, you will need to configure it, most of its configuration files can be found under the /etc/postfix/ directory. You can find the main configuration for Postfix mail server in /etc/postfix/main.cf file. This file contains a lot of options like: myhostname This option is used for specifying the hostname of the mail server. This is the Internet hostname which Postfix will receive emails on it. The hostnames could be like mail.example.com, smtp.example.com. It is written like this: myhostname = mail.example.com mydomain This option is the mail domain that you will be servicing, like example.com The syntax is like this: mydomain = example.com myorigin All emails sent from this mail server will look as though it came from this option. You can set this to $mydomain value. myorigin = $mydomain You can use any option value, just precede it with a $ like $mydomain. mydestination This option lists the domains that the Postfix server uses for incoming emails. It can take values like this: mydestination = $myhostname, localhost. $mydomain, $mydomain,mail.$mydomain, www. $mydomain mail_spool_directory There are two modes of delivery that Postfix mail server can use:  Directly to a user’s mailbox.  To a central spool directory, this way, the mail will be in /var/spool/mail with a file for each user.

mail_spool_directory = /var/spool/mail mynetworks This option allows you to configure what servers can relay through your Postfix server. This option should take local addresses like local mail scripts on your server only. Otherwise, spammers can utilize your mail server to relay their messages and your mail server blacklisted and as a result, you will not be able to receive many emails. This option has the following syntax: mynetworks = 127.0.0.0/ 8 , 192.168.1.0/ 24 smtpd_banner This variable sets the message that is sent when the client after successful connection. It is better to change the banner to something that doesn’t give an indication about the server you are using. inet_protocols This option specifies the IP protocol version used for server connections. inet_protocols = ipv If you change the configuration files for Postfix mail server, you need to reload the service: $ systemctl reload postfix When you type any configuration, you may make a mistake, you can check for errors using the following command: $ postfix check This tool will help you find exactly the line and the error, so you can fix it. [Lik18]

sudo mkdir /srv/files/ftp sudo usermod -d /srv/files/ftp ftp After making the change restart vsftpd : sudo systemctl restart vsftpd.service Finally, copy any files and directories you would like to make available through anonymous FTP to /srv/files/ftp, or /srv/ftp if you wish to use the default. User Authenticated FTP Configuration By default vsftpd is configured to authenticate system users and allow them to download files. If you want users to be able to upload files, edit/etc/vsftpd.conf: write_enable=YES Now restart vsftpd : sudo systemctl restart vsftpd.service Now when system users login to FTP they will start in their home directories where they can download, upload, create directories, etc. Similarly, by default, anonymous users are not allowed to upload files to FTP server. To change this setting, you should uncomment the following line, and restart vsftpd : anon_upload_enable=YES Enabling anonymous FTP upload can be an extreme security risk. It is best to not enable anonymous upload on servers accessed directly from the Internet. The configuration file consists of many configuration parameters. The information about each parameter is available in the configuration file. Alternatively, you can refer to the man page, man 5 vsftpd.conf for details of each parameter. Securing FTP There are options in /etc/vsftpd.conf to help make vsftpd more secure. For example users can be limited to their home directories by uncommenting: chroot_local_user=YES You can also limit a specific list of users to just their home directories: chroot_list_enable=YES chroot_list_file=/etc/vsftpd.chroot_list After uncommenting the above options, create a /etc/vsftpd.chroot_list containing a list of users one per line. Then restart vsftpd : sudo systemctl restart vsftpd.service

Also, the /etc/ftpusers file is a list of users that are disallowed FTP access. The default list includes root, daemon, nobody, etc. To disable FTP access for additional users simply add them to the list. FTP can also be encrypted using FTPS. Different from SFTP , FTPS is FTP over Secure Socket Layer (SSL). SFTP is a FTP like session over an encrypted SSH connection. A major difference is that users of SFTP need to have a shell account on the system, instead of a nologin shell. Providing all users with a shell may not be ideal for some environments, such as a shared web host. However, it is possible to restrict such accounts to only SFTP and disable shell interaction. See the section on OpenSSH-Server for more [ubu17]. To configure FTPS , edit /etc/vsftpd.conf and at the bottom add: ssl_enable=Yes Also, notice the certificate and key related options: rsa_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem rsa_private_key_file=/etc/ssl/private/ssl-cert-snakeoil.key By default these options are set to the certificate and key provided by the ssl-cert package. In a production environment these should be replaced with a certificate and key generated for the specific host. For more information on certificates see Certificates. Now restart vsftpd , and non-anonymous users will be forced to use FTPS : sudo systemctl restart vsftpd.service To allow users with a shell of /usr/sbin/nologin access to FTP, but have no shell access, edit /etc/shells adding the nologin shell:

/etc/shells: valid login shells

/bin/csh /bin/sh /usr/bin/es /usr/bin/ksh /bin/ksh /usr/bin/rc /usr/bin/tcsh /bin/tcsh /usr/bin/esh /bin/dash /bin/bash /bin/rbash /usr/bin/screen