csc8512 Assignment 1 Semester 1, 2016

Due Date: 11:55PM 28 March 2016, AEST This assignment consists of 4 questions each of equal value. They consist of common tasks required of a system administrator—tasks I have had to do at some time in the past. Clear Layout It is vitally important that your assignment is clearly laid out with questions and parts of questions clearly defined. It must be a straight forward matter for the examiner to determine that you have completed each exercise satisfactorily. We want quality not quantity. Poorly organised submissions will be rejected or receive a poor mark.

A text file or PDF/A document typeset using vanilla L ATEX are preferred over a document produced by a word-processor. If you must use Microsoft Word please export your document as PDF/A1 not PDF. Command Output When answering these questions you will have to run commands under

Linux—whenever a command is run you will need to: a. explain in your own words the purpose of the command in the context of the assignment question. (Please do not just copy the

"Description" section from the man page!) Also, you need to explain in your own words all terminology used—as if you were explaining to an average user! (Please show you understand what you are doing!) b. show that the command worked—either from its output or the

output from another command. For example prompt> dd if=/dev/zero of=Crypt.fs bs=1M count=32

32+0 records in 32+0 records out 33554432 bytes (34 MB) copied, 0.109063 s, 308 MB/s 1 PDF/A is an archival format of PDF that embeds all fonts used in the document within the PDF file. To ensure PDF/A format in Word check "ISO-19005-compliant (PDF/A)" under "Options" when saving a file as PDF. L ATEX produces PDF/A by default. prompt> ls -l Crypt.fs

-rw-r--r-- 1 user user 33554432 2014-02-25 10:18 Crypt.fs

c. To capture text output from programs you will have to redirect the output to a file or use the command script. If you are using the command script turn off the tty escape sequences that change the colour of console text—the escape sequences will appear in output file and make it impossible to read. Late Submission of Assignments

Students can apply for an extension of time to submit an assignment at any time up to the deadline. Students are advised to make a request for an extension as soon as their need becomes apparent. Delay in making a request involves the risk of losing marks if the request is refused.

The examiner may grant a short extension of the deadline for submission of an assignment. Extensions are usually granted only in cases of Compassionate and Compelling Circumstances in accordance with the Assessment of Compassionate and Compelling Circumstances Procedure. Generally, extensions will be limited to a maximum of five University Business Days. A Student requiring an extension for a period of time in excess of this should consider applying for a Deferred Assessment as per section 4.4 of the assessment procedure. Applications for extensions must be made via email or USQAssist to the

examiner together with accompanying documentation as specified in the Assessment of Compassionate and Compelling Circumstances Procedure. An assignment submitted after the deadline without an approved extension of time will be penalised. The penalty for late submission without a pre-approved extension is a reduction by 5% of the maximum mark applicable for the assignment, for each University Business Day or part business day that the assignment is late. An assignment submitted more

than ten University business days after the deadline will have a Mark of zero recorded for that assignment. The Examiner may refuse to accept assignments for assessment purposes after marked assignments and/or feedback have been released. Please consult the USQ Assessment Procedure for the complete USQ policy on assessment.

Non-submission of Assignments As per the USQ Assessment Procedure — for a student who has failed to achieve a passing final grade by 5% or less of the total weighted marks, the Examiner, in agreement with the Moderator, will consider recommending to the Board of Examiners the undertaking of Supplementary Assessment by the Student. This offer will normally only be made if the Student has undertaken all of the required Summative Assessment

2 Items for the Course—that is, submitted all of the assignments! Student Responsibilities

The assessment procedure also outlines the following student responsibilities: • If requested, Students must be capable of providing a copy of Assignments submitted. Copies should be despatched to the University within 24 hours of receipt of a request being made. • Students are responsible for submitting the correct Assignment. • Assignment submissions must contain evidence of student effort to address the requirements of the Assignment. In the absence

of evidence of Student effort to address the requirements of the assignment, no Mark will be recorded for that Assessment Item. • A Student may re-submit an Assignment at any time up to the deadline. A request to re-submit after the deadline is dealt with in accordance with section 4.4 'Deferred, Supplementary and Varied

Assessment and Special Consideration' of these procedures. Academic Misconduct Academic misconduct is unacceptable and includes plagiarism, collusion and cheating: plagiarism : involves the use of another person's work without full and clear referencing and acknowledgement;

cheating : involves presenting another student's work as your own; collusion : is a specific type of cheating, that occurs when two or more students fail to abide by directions from the examiner regarding the permitted level of collaboration on an assessment. All are seen by the University as acts of misconduct for which you can

be penalised. For further details go to the Library's site on What is Plagiarism. 3 Question 1 (marks 25) On modern networked computers, maintaining the correct time on each

machine is important. Computers on a LAN or WAN with different times can cause problems. In about a page and in your own words explain why it is important for computers to maintaining the correct time and more importantly explain how do they do it. In your explanation make certain to include discussions on the following linked topics:

• The computer's hardware clock (also called the Real Time Clock or RTC) • The computer's software clock (also called the kernel or system clock) and why this can be inacurate. • In Linux, how they are synchronised and why do they need to be synchronised? Why can the Linux software clock be so inaccurate?

• What is NTP and what are "clock strata"? • What is UTC and why is it used? (UTC: Coordinated Universal Time, or Temps Universel Coordonné, and if you want—you can

explain what is going on with the acronym!) Notes: a. The topics above are linked to each other and the question, they

are not independent of each other. They are provided as a minimal guide only. Do not simply write an unconnected paragraph on each without linking the concepts together.

b. The question being asked is "…why is it important for computers to maintaining the correct time…" please be certain to answer this question. c. List all resources used in answering this question.

d. Please do not cut and paste slabs of text from a Wikipedia article. The question explicitly says in your own words! e. Please do not fall into the trap of answering the question by using unexplained technical terms—you must explain all technical terms used especially if they have not been used anywhere else in the course. 4 Question 2 (marks 25)

A user comes to you and explains that she needs some form of encrypted file system to store sensitive information on a Flash drive. The Flash drive will be used to transport the sensitive data between work and home and she is worried about losing the drive and having the data

stolen. Both machines, the one at home and the one at work, use the same Linux OS. She has the following requirements: • She does not want to encrypt individual files as she has to deal

with a large number of files. • She wants it to be as transparent as possible. • She thinks she will only need about 128MB at most. • She wants to also use the flash disk for transporting unencrypted

files. Files that can be read on machines apart from her work and home machines. A 128MB file that contains an encrypted file system, stored on the Flash

drive would appear to be ideal— a. (5 marks) Write a brief description how a file can be treated as if it where a hardware disk under Linux. b. (7 marks) Create a 128MB encrypted file system in a file on a Flash drive so that it can be used with the cryptmount command. Document and explain in your own words every command you use (plus any command line options) and any configuration files

you modify or create. Your descriptions of each operation need to show you understand the purpose of the operation. Note: If you are uncertain why a particular command or command line option is required—ask! There is at least one step and command line option that you cannot understand from the information in the man page alone. For example, what does it mean to "prepare" and "release" the file and why is it done?. It will require some research and reading up on loop devices and the device mapper. c. Things you must also address and explain:

• (6 marks) how to ensure that the Flash drive has exactly the same mount point each time it is used on different machines. If it does not have the same mount point then how do you

configure the hardwired cryptmount paths? 5 Hint: Experiment with "labelled" file-systems (see the command e2label or dosfslabel) or UUIDs in conjunction with the file /etc/fstab d. (7 marks) Write an instruction sheet for the user so that she can

make the modifications to her home machine so that she can access the file on the flash drive containing the encrypted file system. Also explain how she would use the filesystem in her dayto-day work. Make certain to explain why the encryption key is not not to be stored with the encrypted file system (where should it be stored?) You may assume that she has root access to be able to configure her home machine so she can mount the encrypted file-system.

Notes: a. Do not use the tool cryptmount-setup or the tool installed by the package cryptsetup. b. Manually create files and configuration files.

c. Follow the steps outlined in the cryptmount man page— explaining the purpose of every step! d. List all resources used in answering the question. e. Do not explain how you installed the cryptmount package—it should already be installed on the Virtual Debian.

6 Question 3 (marks 25) You have been asked to install an SVN repository on a server. The SVN

will be remotely accessed using the svnserve dæmon that is supplied with SVN (please note that this is not the most secure way to access an SVN repository) Install the distributed revision control system subversion from the

Debian package of the same name. After installation you will need to configure subversion to be usable. Tasks that will need to be done:

a. (5 marks) Write a brief paragraph explaining what a revision control system is in general, what SVN is in particular and how it is used by remote clients. b. Install the subversion package.

c. (6 marks) Write and install a systemd service file to automatically start and stop svnserve (the subversion server) at boot/shutdown (in dæmon mode— do not use inetd mode, do not use an ssh encrypted tunnel). Show using systemctl that you can successfully start and stop

the service. d. Create an SVN repository at /var/repository/ e. (4 marks) Configure the repository and define the repository

usernames and passwords. f. (4 marks) Implement configuration and runtime options that increase security—explaining why your choices increase security. g. (6 marks) Test your configuration, repository and running server by creating a project in the repository. Show that you can check in and check out documents from the repository. (Note: this is

supposed to be a remote repository so all tests must be done via a network connection.)

Notes: a. Explain in your own words each operation you needed to perform to get the Subversion system working. Your descriptions of each operation need to show you understand the purpose of the operation.

b. Access to the repository must be via the networked server. This means that the URL must begin svn://localhost/ or if you

are on the host machine using the guest machine's IP number. The SVN client can access the repository directly from the filesystem—but that does not demonstrate that the server is up and running and is useless for distributed revision control. 7

c. Do not explain how you installed packages! d. List all resources used in answering the question. 8

Question 4 (marks 25) Authentication under modern Unix systems is handled by the Pluggable Authentication Module (PAM) system. In about a page and in your own

words explain the PAM system and why it was introduced. Using the login service file found in the course virtual machine (see /etc/pam.d/login) as an example, explain a service is configured and discuss the implications of each configuration line. Your explanation should include discussions on the following: • what is the module-type parameter, • what is the control flag, • what does it mean that the service file is a stack, • what is a pam module. Notes:

a. The topics above are linked to each other and the question, they are not independent of each other. They are provided as a minimal guide only. Do not simply write an unconnected paragraph on each without linking the concepts together.

b. List all resources used in answering this question. c. Please do not cut and paste slabs of text from a Wikipedia article. The question explicitly says in your own words!

d. Please do not fall into the trap of answering the question by using unexplained technical terms—you must explain all technical terms used especially if they have not been used anywhere else in the course. 9