csc3412 Assignment 2
Semester 1, 2020
Due Date: 11:59pm 29 April 2020, AEST
This assignment consists of 3 questions each of equal value. They consist of common tasks required of a system administrator—tasks I have had to do at some time in the past.
Some of the questions require that you complete them using the supplied virtual machine. If you are unable to use the supplied virtual machine, for whatever reason, you must contact the Examiner before submitting to organised an approved system you can use to complete the assignment. This must be done well before you submit.
It is vitally important that your assignment is clearly laid out with questions and parts of questions clearly defined. It must be a straight forward matter for the examiner to determine that you have completed each exercise satisfactorily. We want quality not quantity. Poorly organised submissions will be rejected or receive a poor mark.
A text file or PDF/A document typeset using vanilla LATEX are preferred over a document produced by a word-processor. If you must use Microsoft Word please export your document as PDF/A not PDF.
When answering these questions you will have to run commands under Linux—whenever a command is run you will need to:
a. explain in your own words the purpose of the command in the context of the assignment question. (Please do not just copy the “Description” section from the man page!) Also, you need to explain in your own words all terminology used—as if you were explaining to an average user! (Please show you understand what you are doing!)
b. show that the command worked—either from its output or the output from another command. For example
prompt dd if=/dev/zero of=Crypt.fs bs=1M count=32
32+0 records in
32+0 records out
33554432 bytes (34 MB) copied, 0.109063 s, 308 MB/s
prompt ls -l Crypt.fs
c. To capture text output from programs you will have to redirect the output to a file or use the command script. If you are using the command script turn off the tty escape sequences that change the colour of console text—the escape sequences will appear in output file and make it impossible to read.
Late Submission of Assignments
Students can apply for an extension of time to submit an assignment at any time up to the deadline. Students are advised to make a request for an extension as soon as their need becomes apparent. Delay in making a request involves the risk of losing marks if the request is refused.
The examiner may grant a short extension of the deadline for submission of an assignment. Extensions are usually granted only in cases of Compassionate and Compelling Circumstances in accordance with the Assessment of Compassionate and Compelling Circumstances Procedure. Generally, extensions will be limited to a maximum of five University Business Days. A Student requiring an extension for a period of time in excess of this should consider applying for a Deferred Assessment as per section 4.4 of the assessment procedure.
Applications for extensions must be made via email or USQAssist to the examiner together with accompanying documentation as specified in the Assessment of Compassionate and Compelling Circumstances Procedure.
An assignment submitted after the deadline without an approved extension of time will be penalised. The penalty for late submission without a pre-approved extension is a reduction by 5% of the maximum mark applicable for the assignment, for each University Business Day or part business day that the assignment is late. An assignment submitted more than ten University business days after the deadline will have a Mark of zero recorded for that assignment.
The Examiner may refuse to accept assignments for assessment purposes after marked assignments and/or feedback have been released.
Please consult the USQ Assessment Procedure for the complete USQ policy on assessment.
Non-submission of Assignments
As per the USQ Assessment Procedure — for a student who has failed to achieve a passing final grade by 5% or less of the total weighted marks, the Examiner, in agreement with the Moderator, will consider recommending to the Board of Examiners the undertaking of Supplementary Assessment by the Student. This offer will normally only be made if the Student has undertaken all of the required Summative Assessment Items for the Course—that is, submitted all of the assignments!
The assessment procedure also outlines the following student responsibilities:
• If requested, Students must be capable of providing a copy of Assignments submitted. Copies should be dispatched to the University within 24 hours of receipt of a request being made.
• Students are responsible for submitting the correct Assignment.
• Assignment submissions must contain evidence of student effort to address the requirements of the Assignment. In the absence of evidence of Student effort to address the requirements of the assignment, no Mark will be recorded for that Assessment Item.
• A Student may re-submit an Assignment at any time up to the deadline. A request to re-submit after the deadline is dealt with in accordance with section 4.4 ‘Deferred, Supplementary and Varied Assessment and Special Consideration’ of these procedures.
Academic misconduct is unacceptable and includes plagiarism, collusion and cheating:
plagiarism : involves the use of another person’s work without full and clear referencing and acknowledgement;
cheating : involves presenting another student’s work as your own;
collusion : is a specific type of cheating, that occurs when two or more students fail to abide by directions from the examiner regarding the permitted level of collaboration on an assessment.
All are seen by the University as acts of misconduct for which you can be penalised. For further details go to the Library’s site on What is Plagiarism.
Question 1 (marks 20)
An important service provided by any system is the ability to run a process on a predetermined schedule without human intervention. The “automation” of tasks can reduce the workload of the system administrator significantly. Unfortunately Linux currently offers not one service but potentially three—cron, anacron, and systemdtimer units.
systemdtimer units are a recently designed service that incorporates and expands on the older anacron and the venerable cron, and has by far the richer configuration options.
• (11 marks) In about a page, compare and contrast the systemd service against cron and anacron. Discuss the advantages and disadvantages of the systemd service over the older services.
Your discussion must include a discussion and comparison of the time increments and formats recognisable by each service.
• (9 marks) Illustrate your discussion by writing cron, anacron, and systemdtimer files to run the command top -b -n 1 both daily, weekly and monthly.
a. It says “compare” and “contrast”—so explain how they are the same and how they are different, there advantages and disadvantages.
b. Your answers must be written in your own words.
c. Any technical term used must be explained.
d. Do not discuss the package systemd-cron. Create and test the systemd service and timer files yourself.
e. Some sources of information: Cron:
• The text book
• man 1 cron, and the man pages listed in the SEE ALSO section Anacron:
• man 1 anacron, and the man pages listed in the SEE ALSO section Systemd timer unit: • The text book.
• https://wiki.archlinux.org/index.php/Systemd/ Timers
• man 7 systemd.timer, and the man pages listed in the
SEE ALSO section
f. List all resources used in answering the question.
Question 2 (marks 20)
One of your users has purchased an 8.0TB OWC Mercury Elite Pro Quad external drive. The OWC drive contains 4x2.0TB Toshiba disks and has hardware RAID 0, 1, 5, or 1+0. The plan is to use it as a RAID 5 backup storage. The RAID array will be connected to the work machine using a USB 3.0 cable.
Instead of using the normal backup levels the user would prefer to have a current snapshot of his home directory on the backup disk, while retaining differences between snapshots. So when a backup is performed the user would like the following to occur:
a. The snapshot on the backup disk be updated to exactly reflect the current home directory. The backup disk will then contain a current mirror of the home directory.
b. Before any of the files on the RAID array’s previous full-backup snapshot of the home directory are deleted or overwritten, the files are copied sideways (preserving the directory tree) into a backup directory on the RAID array. Effectively a reverse incremental backup, with the current snapshot the full-backup.
c. The backup directory should be converted to a single time-stamped compressed file using TAR/GZIP. The file name should be of the form YYYYMMDDhhmm.tgz. This means there is little chance of files having the same name and the files can be easily sorted from oldest to newest using the file name.
d. Only 30 days of TAR/GZIPed incremental backup files should be kept.
The user expects to run the script at the end of each working day to perform the current day’s snapshot as the user only wants to power-up the RAID array while snapshots are performed. This will help protect the data on the array from power failures (unless one occurs during a snapshot/backup process).
The user wants to run just one script which will be stored on the RAID array. The procedure at the end of the day will be:
a. Power-up the RAID array.
b. Mount the RAID array.
c. Run the script stored on the array.
d. Check for error messages.
e. Un-mount and power down the array.
Your task is to write the script to perform the backup scenario outlined above.
The only tools you will be using are:
date : Used to create the TAR/GZIPed file name and check if files are older than 30 days.
tar : Used to archive all the files that would have been deleted or changed when the current snapshot is made.
rsync : Used to create the current snapshot and copy deleted or changed files sideways before the snapshot is created.
For the assignment, the following tasks need to be done:
a. (4 marks) Explain and demonstrate how date is to be used to create the file name. Any options used must be explained. Example runs must be presented to show that date works as expected for the task.
b. (5 marks) Explain how from the list of archived backup file names those that are older than 30 days can be extracted.
c. (6 marks) Explain and demonstrate how rsync is to be used to create the snapshot and backup. Any options used must be explained. Example runs must be presented to show that rsync works as expected for the task.
d. (5 marks) Put all of the above together into a script, with appropriate comments and error checking.
a. The snapshot scenario above reverses the normal backup timeline: the current backup is always level 0, and incremental backups are going back into the past.
b. The requirements above are exactly what I needed when I purchased the OWC external drive. The tools I used for the script are exactly the ones listed above.
c. The utility rsync can sync directories across a network or on the same machine. It has many options and subtle responses depending on how the directory path is completed. These will have to be experimented with from the command line before deciding which are appropriate for this problem.
d. When placing commands in a script, you must always check to see if they have worked correctly. On the command-line you know if a command has failed, but in a script you must check— because it may be run as a systemdtimer job!
All processes when they exit—exit with a status code. Check the process status code in the script — the shell special variable ? (yes, that is a question-mark) contains the return value of the last run process:
if [ $? -ne 0 ]
echo -failed to create backup directory- exit 1
Remember an exit value of zero means success, anything else is failure.
Question 3 (marks 20)
The web administrator of your organisation needs to login remotely to the machine that is running the organisation’s public web site.
You tell her that the only way to login is via the Secure Shell—which she knows nothing about! Assuming she is logging in via a Linux box write a help document for her containing the following—
a. (6 marks) A short introduction to SSH, explaining why it is the preferred way of logging into a remote machine—this explanation will need to discuss:
• the security implications of connecting remotely and how the Secure-Shell overcomes these security concerns.
• This leads to a discussion of symmetric and asymmetric key encryption and how the Secure-Shell uses the two forms of encryption.
b. (7 marks) A discussion of the contents of the file ~/.ssh/known_hosts.
Your discussion should include (but not be limited to):
• how the file is populated,
• what the file is populated with,
• how the keys in the file are used by SSH,
• a discussion of “man-in-the-middle” attacks,
• why the host names in the file are “hashed”, and
• how individual keys can be deleted by ssh-keygen.
c. (7 marks) A description of how to configure access so that no passwords are needed—that is user authentication is done using asymmetric keys. This will require a discussion (with examples) of the command ssh-keygen, the file ~/.ssh/authorized_keys, and using pass-phrase protected private keys. Why not protecting your private key with a pass-phrase is a bad idea.
Security and pass-phrase protected private keys leads naturally to a discussion of the commands ssh-agent and ssh-add and how by using these commands users only have to enter their passphrase once per session — otherwise there would be no advantage in using asymmetric keys for authentication over passwords.
a. Any technical term used must be explained.
b. Your virtual Debian has the SSH dæmon installed and running by default—so you can SSH to it from the host system or from a second virtual machine.
c. If your host is Windows and you are using PuTTY, the public key added to the Virtual Machine must be the SSH formatted key, not the native PuTTY key (different format). When generating a keypair in PuTTY you can cut/paste the OpenSSH key format - this is the string that must be added to the authorised_keys file on the virtual machine.
d. Your virtual machine has two network interfaces configured—a host only interface and a NAT interface. To bring the host only network “up” study the man pages interfaces(5), ifup(8), ifdown(8) and the file /etc/network/interfaces. Depending on your hypervisor, and the host OS, you may have to use “host-only” interface to communicate to the virtual machine from the host.
e. You must show the relevant changes/parts of any files discussed.
f. This is a help document so you must explain (in your own words) the purpose of every command, command option, and file mentioned. The purpose of this document is explain actions to a person not an automaton, so you must explain the purpose and result of each action—do not list a sequence of actions without detailed explanation of why they are being performed.
g. Be very clear which key (public or private) is stored on which machine (remote or local)
h. Port forwarding, SSH tunnels and firewalls need not be discussed— they will be covered later in the course.