Length: XXXXXXXXXXpages including screenshots Submission method options: Alternative submission method TASK back to top This is an individual assignment. You may discuss it with others, but your code...

TASK

This is an individual assignment. You may discuss it with others, but your code and documentation must be written on your own.

#Task 1: DNS configuration (6 Marks)

Implement server a simple local DNS server calledns1.StudentLastName.org.au. The Local DNS accepts queries from clients and tries to resolve them, first by checking its local cache. The Local DNS must reply toA,NS, andCNAMErequests. Before you start to implement your server, you should have a clear understanding of the DNS protocol and, specifically, of the message format. You can find good information online inLearning DNS by Cricket Liuor the textbook and the lecture slides.

Local DNS must be able to resolve queries iteratively starting from a given root name server. In other words, Local DNS must work even with a root server that does not support recursive queries. Local DNS must also correctly handle canonical names (www). This means that a server (the root server or others) might reply with a CNAME record in response to a request for the A record forwww.ns1.studentLastName.org.au. In this case, Local DNS should first resolve the CNAME record and then reply to the original request with a DNS message that includes both the canonical-name record (CNAME) for the original name and the address record (A) for the canonical name.

You should demonstrate your Local DNS fully functional and tests your local DNS using dig tool to submit queries to your DNS server. Below is a summary of the most important requirements for your implementation:

• Your configuration must compile,


• Your server must reply to DNS requests of typesA,NS,PTR, andCNAME. Other types are optional,


• If your server receives a CNAME response from a name n while looking for the A record of n, your server should first recursively resolve the name returned in the CNAME record,


• you have to demonstrate that DNS configuration/zone files are free from errors by usingnamed-checkconf,
  named-checkzoneand
  systemctl status namedwith the proper arguments,
  


• You have to install Local DNS usingBINDto implement local DNS,


• You can easily test your implementation using thedig commandwith the proper arguments.

#Task 2:Simple Web Services (3Marks)

InstallingLAMPsoftware onUbuntu Server. LAMP is a standard bundle in the Ubuntu Server platform. Once complete set up this Server 2 to host a website using the
Apache web server. The server should have astatically assigned addresswhich matches that specified in the A record for host www. Test yourApacheServer by using a web browser on another host and trying to browse the website LastNameStudentID.org.au. Once you have set up the webserver and tested it, install aSAMBAserver. The SAMBA server would allow users to upload/ download files to the webserver. Configure the server appropriately and then test from another host.


Next: inCentOSServer, your task is to configure the
Apacheweb serverfor the DNS namewww.StudentName.org.au. The server is implemented using the HTTP protocol listening on port8282. Your challenge is to make the same site accessible using the HTTPS protocol. To do this set up SSL with aself-signed certificatefor the site.

Once configured correctly you should be able to accesswww.StudentName.com.auon bothHTTP/HTTPS ports. Naturally, you will need to make appropriate changes to your firewall rules.

#Task 3: Security and System-hardening (Configuring SELinux) (6 Marks)

Linux security is built on UNIX security. UNIX security consists of different solutions that were never developed with current IT security needs in mind. Most of the UNIX solutions focus on a part of the operating system only. That means that you need to collect a lot of different security solutions to get a secure operating system, which may be very hard. SELinux was developed to provide a complete and mandatory security solution. The basic principle is that if it is not specifically allowed it will be denied. That is what SELinux will do for you and that is what UNIX security won't bring you. As a result, all unknown services will always need additional configuration to enable them in an environment where SELinux is enabled. Overall, SELinux makes your system more secure, because it is one overall security solution, where things are only allowed to happen if the system administrator really wanted to allow them. In this task, you are required to:

1. Search aboutSELinuxandAppArmor (Write a paragraph SELinuxvsAppArmor )


2. describes the difference betweenSELinuxenforcing and permissive modes,
   


3. enableandenforcing permissive SELinuxon Server 2,


4. Ensure that thehttpd serviceis running on server 2,


5. Make sure that thehttpdservice runs onports 80and8282,


6. Once you have configured port numbers, usenetstate -Ztulpento check thatport 8282is being enforced by SELinux,


7. if not, use set SELinux to enforce a permissive policy to fix the problem,


8. usenetstate -Ztulpento check if the port8282is enforced by SELinux

1. Now change/addhttpd service port 8282to port8081,


2. restart httpd service using systemctl,


3. explain why the httpd service might fail to start,


4. fix and add the httpd service port on8081,


5. demonstrate that you successfully change and add the port to the httpd service.

Note:

• Task 1, you are required to configure network virtual machines based on the above diagram,


• Task1, document all the steps and challenges while configuring the DNS with a clear description of each step,


• Task 1, submit all your zone/config files as an appendix.


• Task 2,document all the steps and challenges while configuring the LAMP with a clear description of each step,


• Task 3, requires research and a reflection of your learning. Write a maximum of 500-700 words of your learning.