csc8512 Assignment 2 Semester 1, 2017 Due Date: 11:55pm 8 May 2017, AEST Tis assignment consists of 4 questions each of equal value. Tey consist of common tasks required of a system administrator—tasks I have had to do at some time in the past. Clear Layout It is vitally important that your assignment is clearly laid out with questions and parts of questions clearly defned. It must be a straight forward mater for the examiner to determine that you have completed each exercise satisfactorily. We want quality not quantity. Poorly organised submissions will be rejected or receive a poor mark. A text fle or PDF/A document typeset using vanilla L ATEX are preferred over a document produced by a word-processor. If you must use Microsof Word please export your document as PDF/A1 not PDF. Command Output When answering these questions you will have to run commands under Linux—whenever a command is run you will need to: a. explain in your own words the purpose of the command in the context of the assignment question. (Please do not just copy the "Description" section from the man page!) Also, you need to explain in your own words all terminology used—as if you were explaining to an average user! (Please show you understand what you are doing!) b. show that the command worked—either from its output or the output from another command. For example prompt> dd if=/dev/zero of=Crypt.fs bs=1M count=32 32+0 records in 32+0 records out 33554432 bytes (34 MB) copied, 0.109063 s, 308 MB/s 1 PDF/A is an archival format of PDF that embeds all fonts used in the document within the PDF fle. To ensure PDF/A format in Word check "ISO-19005-compliant (PDF/A)" under "Options" when saving a fle as PDF.prompt> ls -l Crypt.fs -rw-r--r-- 1 user user 33554432 2010-02-25 10:18 Crypt.fs c. To capture text output from programs you will have to redirect the output to a fle or use the command script. If you are using the command script turn off the ty escape sequences that change the colour of console text—the escape sequences will appear in output fle and make it impossible to read. Late Submission of Assignments Students can apply for an extension of time to submit an assignment at any time up to the deadline. Students are advised to make a request for an extension as soon as their need becomes apparent. Delay in making a request involves the risk of losing marks if the request is refused. Te examiner may grant a short extension of the deadline for submission of an assignment. Extensions are usually granted only in cases of Compassionate and Compelling Circumstances in accordance with the Assessment of Compassionate and Compelling Circumstances Procedure. Generally, extensions will be limited to a maximum of fve University Business Days. A Student requiring an extension for a period of time in excess of this should consider applying for a Deferred Assessment as per section 4.4 of the assessment procedure. Applications for extensions must be made via email or USQAssist to the examiner together with accompanying documentation as specifed in the Assessment of Compassionate and Compelling Circumstances Procedure. An assignment submited afer the deadline without an approved extension of time will be penalised. Te penalty for late submission without a pre-approved extension is a reduction by 5% of the maximum mark applicable for the assignment, for each University Business Day or part business day that the assignment is late. An assignment submited more than ten University business days afer the deadline will have a Mark of zero recorded for that assignment. Te Examiner may refuse to accept assignments for assessment purposes afer marked assignments and/or feedback have been released. Please consult the USQ Assessment Procedure for the complete USQ policy on assessment. Non-submission of Assignments As per the USQ Assessment Procedure — for a student who has failed to achieve a passing fnal grade by 5% or less of the total weighted marks, the Examiner, in agreement with the Moderator, will consider recommending to the Board of Examiners the undertaking of Supplementary Assessment by the Student. Tis offer will normally only be made if the Student has undertaken all of the required Summative Assessment 2Items for the Course—that is, submited all of the assignments! Student Responsibilities Te assessment procedure also outlines the following student responsibilities: • If requested, Students must be capable of providing a copy of Assignments submited. Copies should be despatched to the University within 24 hours of receipt of a request being made. • Students are responsible for submiting the correct Assignment. • Assignment submissions must contain evidence of student effort to address the requirements of the Assignment. In the absence of evidence of Student effort to address the requirements of the assignment, no Mark will be recorded for that Assessment Item. • A Student may re-submit an Assignment at any time up to the deadline. A request to re-submit afer the deadline is dealt with in accordance with section 4.4 'Deferred, Supplementary and Varied Assessment and Special Consideration' of these procedures. Academic Misconduct Academic misconduct is unacceptable and includes plagiarism, collusion and cheating: plagiarism : involves the use of another person's work without full and clear referencing and acknowledgement; cheating : involves presenting another student's work as your own; collusion : is a specifc type of cheating, that occurs when two or more students fail to abide by directions from the examiner regarding the permited level of collaboration on an assessment. All are seen by the University as acts of misconduct for which you can be penalised. For further details go to the Library's site on What is Plagiarism. 3Qestion 1 (marks 25 An important service provided by any system is the ability to run a process on a predetermined schedule without human intervention. Te "automation" of tasks can reduce the workload of the system administrator signifcantly. Unfortunately Linux currently offers not one service but potentially three—cron, anacron, and systemd timer units. Assignment tasks: • (13 marks) In about a page compare and contrast all three systems. Your discussion must include a discussion and comparison of the time increments and formats recognisable by each system. • (12 marks) Illustrate your discussion by writing cron, anacron, and systemd timer fles to run the date command both daily, weekly and monthly. Notes: a. It says "compare" and "contrast"—so explain how they are the same and how they are different. b. Your answers must be writen in your own words. c. Any technical term used must be explained. d. Do not discuss the package systemd-cron. Create and test the systemd service and timer fles yourself. e. Some sources of information: Cron: • Te text book • man 5 crontab Anacron: • Te text book • man 5 anacrontab Systemd timer unit: • https://wiki.archlinux.org/index.php/Systemd/ Timers • http://www.certdepot.net/rhel7-use-systemd-timers/ f. List all resources used in answering the question. 4Qestion 2 (marks 25) One of your users has purchased an 8.0TB OWC Mercury Elite Pro external drive. Te OWC drive contains 4x2.0TB Toshiba disks and has hardware RAID 1, 5, or 10. Te plan is to use it as a RAID 5 backup storage. Te RAID array will be connected to the work machine using a USB3 cable. Instead of using the normal backup levels the user would prefer to have a current snapshot of his home directory while retaining differences between snapshots. So when a backup is performed the user would like the following to occur: a. Te snapshot on the backup disk be updated to exactly reflect the current home directory. Te backup disk will then contain a current mirror of the home directory. b. Before any of the fles on the RAID array's backup snapshot of the home directory are deleted or overwriten, the fles are copied sideways (preserving the directory tree) into a backup directory on the RAID array. c. Te backup directory should be converted to a single timestamped fle using TAR/GZIP. Te flename should be of the form YYYYMMDDmmmm.tgz. Tis means the fles can be easily sorted from oldest to newest using the flename. d. Only 30 days of TAR/GZIPed backup fles should be kept. Te user expects to run the script at the end of each working day to perform the current day's snapshot as the user only wants to powerup the RAID array while snapshots are performed. Tis will help protect the data on the array from power failures (unless one occures during a snapshot/backup). Te user wants to run just one script which will be stored on the RAID array. Te procedure at the end of the day will be: a. Powerup the RAID array. b. Mount the RAID array. c. Run the script stored on the array. d. Check for error messages. e. Un-mount and power down the array. Your task is to write the script to perform the backup scenario outlined above. Te only tools you will be using are: date : Used to create the TAR/GZIPed flename and check if fles are older than 30 days. 5tar : Used to archive all the fles that would have been deleted or changed when the current snapshot is made. rsync : Used to create the current snapshot and copy deleted or changed fles sideways before the snapshot is created. For the assignment, the following tasks need to be done: a. (4 marks) Explain and demonstrate how date is to be used to create the flename. Any options used must be explained. Example runs must be presented to show that date works as expected for the task. b. (4 marks) Explain how from the list of backup flenames those that are older than 30 days can be extracted. c. (6 marks) Explain and demonstrate how rsync is to be used to create the snapshot and backup. Any options used must be explained. Example runs must be presented to show that rsync works as expected for the task. d. (11 marks) Put all of the above together into a script, with appropriate comments and error checking. Notes: a. Te scenario layed out above is exactly what I required when I purchased the OWC external drive. Te tools I used for the script are exactly the ones listed above. b. Te reason flenames of the form YYYYMMDDmmmm is they naturaly sort from oldest to youngest! c. Te utility rsync can sync directories across a network or on the same machine. It has many options and subtle responses depending on how the directory path is completed. Tese will have to be experimented with from the command line before deciding which are appropriate for this problem. d. When placing commands in a script, you must always check to see if they have worked correctly. On the command-line you know if a command has failed, but in a script you must check— because it may be run as a CRON job! All processes when they exit—exit with a status code. Check the process status code in the script — the shell special variable ? (yes, that is a question-mark) contains the return value of the last run process: mkdir Backup if [ $? -ne 0 ] then echo "failed to create backup directory" exit 1 6fi Remember an exit value of zero means success, anything else is failure. Qestion 3 (marks 25) a. (12 marks) In about a page explain in your own words what a Logical Volume Manager is, its purpose and why it is useful. b. (7 marks) Illustrate your explanation by using the Linux Logical Volume Manager to combine the two spare 200MB disks available on the Virtual Debian distribution. Combine the disks into one logical volume of 400MB. Format the new logical disk and modify the /etc/fstab fle to mount the new disk at boot. c. (6 marks) Document and explain in your own words the purpose of every command you use (plus any command line options) and any confguration fles or scripts you modify or create. Notes: a. Be certain to explain the meaning of any tehnical terms you may use—for example, "physical volume", "volume group", &c. b. Make use of the utilities pvdisplay, vgdisplay, &c. to show the results of commands and that they have worked. c. You must use the supplied virtual machine to answer this question. Qestion 4 (marks 25) A user comes to you and explains that she needs some form of encrypted fle system to store sensitive information on a Flash drive. Te Flash drive will be used to transport the sensitive data between work and home and she is worried about losing the drive and having the data stolen. Both machines, the one at home and the one at work, use the same Linux OS. She has the following requirements: • She does not want to encrypt individual fles as she has to deal with a large number of small text fles. • She wants it to be as transparent as possible. • She thinks she will only need about 1GB at most. • She wants to also use the flash disk for transporting unencrypted fles. Files that can be read on machines apart from her work and home machines. A 1GB fle that contains an encrypted fle system, stored on the Flash drive would appear to be ideal— 7a. (8 marks) Create a 1GB encrypted fle system in a fle on a Flash drive so that it can be used with the cryptmount command. Document and explain in your own words every command you use (plus any command line options) and any confguration fles you modify or create. Your descriptions of each operation need to show you understand the purpose of the operation. b. Tings you must also address and explain: • (4 marks) how to ensure that the Flash drive has exactly the same mount point each time it is used on different machines. If it does not have the same mount point then how do you confgure the hardwired cryptmount paths? Hint: Experiment with "labelled" fle-systems or UUIDs in conjunction with the fle /etc/fstab • (5 marks) how to securely manage the fle-system encryption keys. c. (8 marks) Write an instruction sheet for the user so that she can make the modifcations to her home machine and be able to access the fle on the flash drive containing the encrypted fle system that you have given her. You have to setup her work machine and then instruct her how to setup her home machine. Also explain how she would use the flesystem in her day-to-day work. You may assume that she has root access to be able to confgure her home machine but does not have root access to her work machine. Notes: a. Tis must be done on the Virtual machine supplied. Tis is assumed to be the work machine you must setup. b. Do not use the tool cryptmount-setup or the tool installed by the package cryptsetup. c. Manually create fles and confguration fles. d. Follow the steps outlined in the cryptmount man page— explaining the purpose of every step! e. You have root access to her work machine, so you will be setingup her work machine and the flash drive. Te instructions are for her to setup her home machine only based on how you have confgured the work machine. f. List all resources used in answering the question. 8g. Do not explain how you installed the cryptmount package—it should already be installed on the Virtual Debian. 9