introduction - file · web viewthe idea was to create a functioning domain with a...

Cafeo Capstone Project 1

Cafeo Capstone Project

Centos 7 Server Administration

Benjamin J. Cafeo

December 2017


Table of Contents

Introduction..................................................................................................................................................3

Linux.............................................................................................................................................................4

Materials.......................................................................................................................................................6

Basics of Linux.............................................................................................................................................7

CentOS 7.....................................................................................................................................................11

389 Director Server (389 DS)....................................................................................................................12

Samba v4.....................................................................................................................................................13

Samba Primary Domain Controller.........................................................................................................13

Samba Network Shares............................................................................................................................14

Public Keys and SSH.................................................................................................................................15

Amanda Backups.......................................................................................................................................16

Rsync and Crontab....................................................................................................................................17

DNS..............................................................................................................................................................19

Master......................................................................................................................................................19

Slave.........................................................................................................................................................20

Apache.........................................................................................................................................................20

Nagios......................................................................................................................................................21

Conclusion..................................................................................................................................................24


Introduction

My Capstone project is based around gaining experience with Linux server

administration. I had very little background in using Linux and especially little administrative

experience going into this semester. For this project I needed to learn the basics before learning

the more advanced aspects of running a functioning Windows domain using a completely Linux

backend. Each day was taken one step at a time to learn basic concepts like system

configurations and installing software.

My personal computer was used as the host machine for all the virtual machines1. This

gave me the ability to work on my project at home and avoid risks associated with using a lab

computer that grants administrative access2 to other students. My decision was made to ensure

my project would not be corrupted by someone else.

In the beginning stages of the project, I had a concept I established from my

understanding of Windows Server administration. I decided that I needed to create a domain

controller3 to manage security, users and file shares, a DNS4 server, and a web server. At the

time I had little idea of what software would be required, how I would install it or how it would

be implemented. I researched methods of completing the tasks I set out to create and would

1 Virtual Machine: A virtual computer run within an operating system that utilizes host hardware to function as its own computer. It may run its own software and applications separate from the host operating system.2 Administrative Access: Level of access to an operating system above that of a standard user. May make changes file permissions, system configurations, and installed software.3 Domain Controller: Often shortened to “DC”, is a server that responds to security authentication requests within a Windows domain.4 DNS: Domain Name Service, a directory hostnames and domains used to resolve to IP addresses for network communication between devices.


attempt to implement them with a mixture of success and failure. When something was found to

be impractical or incorrect for my anticipated use it was removed and replaced by a software

deemed to be more practical, efficient, or easier to use.

After some testing and learning, I came up with a functioning project idea. I used

CentOS 7, which is a common version of Linux, especially for server use. The idea was to

create a functioning domain with a domain controller running an Active Directory-like backend,

which ended up being Samba 4. Samba 4 is designed to be a functioning domain controller that

supports Windows-client login, security, and network sharing. I would also use Samba to create

network shares and set the security for those shares. Apache HTTP Server would be my web

server that I would run a local webpage from, in the form of Nagios Core, which is a web-based

network monitor. I configured this to keep track of the network status of the clients and servers.

This gave the Apache server a use as local intranet. I also setup a Master and Slave DNS server

combination to have redundancy and avoid theoretical downtime.

Linux

Linux is something very few people have heard of and those who have heard of it still

tend to know little, if anything about it. Linux is an operating system in the same way that

Apple’s Mac OS X and Microsoft’s Windows are. It functions as the translator between the

software5 and the hardware6 so that they successfully communicate and give the end user the

5 Software: Applications run within an operating system (Ex. Microsoft Office, Google Chrome, iTunes)6 Hardware: Physical parts of the computer (Ex. Processor, memory, hard drive, keyboard)


best possible experience. Unlike Windows and Mac OS X, which are proprietary operating

systems, Linux is an open source operating system.

What this means for Linux is that anyone with C programming experience and the desire

to make their own operating system can add to or create their own distribution7 of Linux using

the Linux kernel8. The Linux kernel is a Unix-like operating system kernel developed by Linus

Torvalds in 1991 for use as a personal computer. Now the Linux development community

includes over 12,000 individual programmers and 1,200 companies including software and

hardware vendors.

There are many big names that the average consumer would recognize that are involved

in Linux usage and development. One of the largest known and used operating systems that use

the Linux kernel is Android, which is a smart phone operating system owned and developed by

Google. However, outside of its commercial application Linux serves a much larger enterprise

market.

There is a wide array of distributions aimed for usage in enterprise environments. Some

of these are open-source distributions like Ubuntu while others are proprietary distributions like

Red Hat. Proprietary distributions of Linux tend to be well suited for enterprise environments

due to their dedicated development team, customer support service, and enhanced security.

For this project, I decided on using a distribution of Linux called Centos 7 which is a free

distribution developed by Red Hat that utilizes many of their features. It is a powerful operating 7 Distribution: When referring to Linux implies versions of the operating system with different preinstalled software, user interfaces, driver support, and other features. May also be referred to as a “distro” of Linux8 Kernel: The core of an operating system that has complete control over the system


system and is commonly ranked in the top five free Linux server distributions. Red Hat

experience is commonly requested knowledge in the systems administration field and Centos 7

shares many components and features with Red Hat’s more premium version.

Materials

For this project, I used my personal computer which runs Windows 10 Education Edition

64-bit. This computer meets all the hardware requirements9 for this project and provides

security for my project by not being on a lab computer where many people have administrative

access. Using my own computer means I have access to work on it without limitations like

someone turning off the computer so I cannot access it remotely10, it being inaccessible due to a

class, or any other reason that would limit my access to the computer.

The computer I did this project on could run all the virtual machines I needed without any

excessive issues. One issue I did run into was hard drive speed, which caused extreme delays

when using more than one virtual machine with a graphical user interface11. This caused me to

try to avoid graphical user interfaces whenever possible. My only server with a graphical user

interface is my Apache web server and that is so I could access a web browser12 while testing it.

Outside of that I used minimal installs of Centos 7 that only used a terminal13 interface.

9 Hardware Requirements: The requirements to run a software correctly without hardware limitations10 Remote Desktop: Connecting and running one client from another client.11 Graphical User Interface: Also known as a GUI, is a user interface that allows a user to interact with the computer through a means other than a command line (Ex. Windows desktop interface)12 Web Browser: An application used to view webpages and access the internet (Ex. Internet Explorer, Google Chrome)13 Terminal: The command line interface used in Unix and Linux operating systems


My physical machine has an Intel Core i5 4690K CPU14 overclocked to 4.2 GHz15, 16

GB16 of random access memory clocked to 1600 MHz17, an ASUS R9 280 clocked to 980 MHz

with 3 GB of GDDR5 memory, a 120 GB M.2 solid state drive18, and two 1 TB19 hard drives I

ran the virtual machines on. I used a dual monitor display to allow me to work on multiple

virtual machines at the same time, which was a benefit of working from my own computer.

I used VMWare Workstation version 12.5 as my hypervisor20 for this project. I received

the license for its use through the Computer Information Systems and Technology program at the

University of Pittsburgh at Bradford. The hypervisor offers many useful tools for configuring

virtual machines like deciding how many cores to give its processor, how much memory to give

it, or how much storage it gets. You can also setup other useful features in VMWare and I will

explain different ones as they are used with different virtual clients later.

Basics of Linux

Entering this project, I had very little knowledge about Linux. What I did know was

through tinkering with unrelated projects and was not particularly useful for this one. I had no

idea what distribution of Linux I would use or if it even mattered. After looking for what is

sought after most I noticed that Red Hat seemed to be a distribution that was looked for in many

14 CPU: Central Processing Unit, commonly known as the processor. This is the part of the computer that runs processes. In simple terms it is the brain of the computer.15 GHz: Gigahertz is the equivalent of one billion units per second.16 GB: Gigabyte is a unit of storage equal to one billion bytes or eight billion binary units, or bits for short.17 MHz: Megahertz is the equivalent of one million units per second.18 Solid State Drive: Often shortened to SSD is a form of storage that is much faster than traditional hard drives and has no moving parts19 TB: Terabyte is a unit of storage equal to one trillion bytes or eight trillion binary units, or bits for short.20 Hypervisor: A software that creates and runs virtual machines


job postings. Since Red Hat is a licensed operating system I went with their free operating

system, which is Centos 7.

Installing Centos 7 was easy enough. You choose what type of install you want, for

example: minimal, server, server with graphical user interface, and you can choose some default

software. You enter the drive you want to install the operating system to and that is basically it.

For most of my servers I used a minimal install and added software and features as needed. This

was best for the limited I/O21 of the hard drives. The minimal install allowed for multiple servers

to be run at once with minimal issues.

Some of the first things I needed to figure out was how to get a computer talking on the

network. To do this I needed to configure the Virtual Network Editor in VMWare Workstation.

Once in the Virtual Network Editor I could go to the NAT22 interface and configure the virtual

network. The network spanned the 192.168.1.0 subnet23. The default gateway is set to

192.168.1.2. All computers on the virtual network need to have an IP address between

192.168.1.3 and 192.168.1.254 to talk on the network.

Now to add the computer to the network. To do that I would first need to install a text

editor24. Centos 7 has a default text editor, VIM, which I find difficult to use and its features did

not really benefit me for the work I was doing. I installed a text editor called Nano. Nano is an

21 I/O: Input Output which in this case is a reference to the speed of the drives.22 NAT: Network Address Translation is a method of remapping an IP address space to another by modifying network packet headers23 Subnet: Short for subnetwork that is part of a larger network such as the internet24 Text editor: Software used to edit text files (Ex. Notepad)


easy to use text editor for the Linux command line that is very similar to Windows Notepad in

functionality.

Something that is neat about Linux is that it is basically just text files that determine how

it functions. All the configurations are text files and can be configured using text editors. When

you use a graphical user interface in Linux the GUI just edits the files for you based on the

interactions you make with the operating system.

Now that Nano is installed I can do some basic Linux configurations. I will need to enter

super user mode, which is the equivalent to administrative access on a Windows computer. The

super user account is called the root account and can be accessed by typing “su” into the terminal

and entering the root password, which I made “Panther$”. The same effect can be had by typing

“sudo” before any command that needs root access, and that would be best practice to avoid

accidentally damaging something, but it was much easier for the project to just use “su” when I

opened the command prompt. Now that I have root access I can edit the configuration files.

I would first edit the network-script configuration file located at “/etc/sysconfig/network-

scripts/ifcfg-ens33”. ifcfg-ens33 is the name of the network interface and is different on

physical machines and when using different hypervisors. To edit that file, I just need to enter

“nano /etc/sysconfig/network-scripts/ifcfg-ens33” and a text editor interface will appear that you

can use the arrow keys to navigate. Then I set “BOOTPROTO=static”,

“IPADDR=192.168.1.xx” (changed for each server), and “ONBOOT=yes”. To exit and save, I

pressed CTRL+X, Y, enter, enter. Then I had to edit the system configuration file for the


network located at “/etc/sysconfig/network”. I simply added “NETWORKING=yes”,

“HOSTNAME=*hostname*” (where *hostname* is that client’s hostname), and

“GATEWAY=192.168.1.2”. To have the new configuration take effect I could restart the

computer using “reboot” or restart the network service using “service network restart”. Then try

pinging25 google.com or another target I knew would be online to test the network was

functioning properly.

The next step for good network communication is to configure your hostname file so

other devices on the network can communicate with this client using its hostname instead of its

IP address. To do this I edited the “/etc/hosts” file and appended

192.168.1.xx *hostname*.cafeo.local *hostname*”

where Cafeo.Local is the domain name26 for my domain. Later on I setup a DNS server that

resolves the hostnames and IP addresses without needing to worry about configuring them on the

client. This is very useful for statically assigned IP addresses.

Another useful Linux tool I had to use for this project is Fdisk. Fdisk is a disk

management software for Linux. It is used for managing disk partitions among other things. I

specifically used it for creating a primary partition and the file system. I used the modern Linux

file system ext4. To do this I listed the current available drives in fdisk by entering “fdisk –l”.

25 Pinging: Common networking tool that sends an ICMP (Internet Control Message Protocol) packet to the target and responds with information like the latency and success rate (Ex. Ping google.com)26 Domain Name: Part of a network address that identifies it as belonging to a particular domain (Ex. Google.com)


Then I found the new available drive, in this case /dev/sdb. I then created a partition and set the

file system.

Systemctrl is another command that came in useful a lot over the project. I can best

compare this to Services in the Microsoft Management Console in that it is used to start, stop,

and restart services, or in Linux’s case services are referred to as Daemons27. This was important

to understand as to not have to restart the clients every time I changed a network configuration,

made a firewall update, etc.

CentOS 7

I used CentOS 7 as the operating system for this project. CentOS is closely related to

Red Hat, which is a major Linux distro provider for enterprise environments. Red Hat, however,

is very expensive to use and I was unable to get a free copy for student use from their sales team.

CentOS 7 has many similar capabilities since it is developed with and uses similar interfaces to

Red Hat’s operating systems.

CentOS 7 is a little bit different from other distros and has its own commands for

different things. For example, the repository command is “yum” and to install a new software

you would type, “yum install ‘software name’ –y”, which will install the software name and

confirms that you want it installed (that is what the “-y” is for). Another example of differences

between CentOS and other distros of Linux I have previously worked with was firewall

configuration. Unlike other distros, which used IPtables28, CentOS 7 uses FirewallD instead.

27 Daemons: Programs on Unix-like systems that run in the background and are not directly controlled by the user. Very similar to Windows Services28 IPTables: Standard firewall software for most Linux systems


This was a new way of configuring a firewall for me, but was relatively easy to figure out. For

example, when I first installed 389 Directory Server, which I will talk about later in this report, I

needed to open TCP29 port 389, which allows for LDAP30 traffic. I did this by entering the

command,

firewall-cmd –permanent –add-port=389/tcp”

In this string31 we can break down the information to get meaning. “Firewall-cmd” means

firewall command, “-permanent” means that it stays in the system and will not go away after a

reboot, and “-add-port=389/tcp” does what it says, adds the TCP port 389 to the whitelist32 for

the firewall. There are many examples of commands I ran in the firewall that can be found in

my documentation.

389 Director Server (389 DS)

When I first started my project, I had only worked with Windows for sever and domain

management purposes. I looked for an LDAP server with the understanding that I would be able

to link it to Windows Active Director and make it work, with limited capabilities, to a Windows

client. This was not true and was a complete failure. However, I spent a lot of time with 389 DS

and gained a lot of knowledge for its configuration and uses, so while it was not used the final

test environment I did work with it a lot.

29 TCP: Transmission Control Protocol, used for transmitting data with a two way connection to ensure data integrity30 LDAP: Lightweight Directory Access Protocol, used for transmitting directory information over internet protocol31 String: In programming, a sequence of characters32 Whitelist: A list, digital or physical, that explicitly allows actions, while banning anything not explicitly allowed


I decided to install CentOS 7 with a GUI for the install of 389 DS. I ran into issues when

trying to install that I later figured out were to Java updates not being installed. Once I had done

that the install procedure went relatively smoothly. I opened up the required ports and installed

the admin consoles to work with the GUI, so I would not need to work from a command line.

After configuring it I realized it would not support Windows clients and that it would not

be practical for usage in my environment. It was designed to be a LDAP server for Linux clients

and had no Windows support that I could find. What seemed like a better alternative was to

implement Samba Primary Domain Controller as a domain controller for my domain. This is

what I ended up sticking with moving forward. 389 DS was scrapped and replaced with Samba

is the center of my domain.

Samba v4

Samba version 4 is the current version of Samba out for stable release33. Samba can work

with a primary Windows domain controller or can function as a stand-alone primary domain

controller. For my purposes, which was to make a functioning Windows domain using Linux

servers, I decided to set it up as a stand-alone primary domain controller. This limited my

capabilities severely by limiting my abilities for group policy. Samba can also be used for

network file storage, which I took advantage of and used for network backups. Samba supports

many other Windows Server features like printer management, which I did not include due to

hardware constraints.

33 Stable Release: The latest release of a software that a developer claims is stable enough for production environments


Samba Primary Domain Controller

Using Samba as a Primary Domain Controller is its main function. It is free and while

not anywhere near as powerful or feature heavy as Windows Server it is capable software that

would work for a small business environment. Samba works through text files. The main

configuration file is probably the “/etc/samba/smb.conf” file which contains user groups, file

permissions, share permissions, and login information. I was able to configure it to work with a

Windows 7 client to authenticate the user on the CAFEO.LOCAL domain I created. I created

two user accounts, root and cafeo, with differing permissions. Both were able to authenticate to

the domain after changing some configuration files within Samba and editing some registry34

files in the Windows 7 client. The registry files were in

HKEY_LOCAL_MACHINE ->SYSTEM->CurrentControlSet->Services -

>LanmanWorkstation->Parameters

that needed to have their values edited. The keys were “DomainCompatibilityMode”, which

received a value of “1”, and “DNSNameResolution”, which received a value of “0”. This

allowed for the Windows client to be added to the domain using the normal path of Control

Panel > System > Change Settings > Change then add the domain, login, and restart the

computer. Before I edited those registry files the domain setup failed due to compatibility

issues. The practicality of this in a professional environment is that a small business could in

theory save thousands of dollars in server licensing costs and have a similar output as a server

that ran the expensive software.

34 Windows Registry: Hierarchal database that stores low-level Windows OS settings for applications. It can be edited using RegEdit software in Windows


Samba Network Shares

A major part of Samba that was incredibly useful for me was the ease of setting up

network shares 35and permissions for those shares. I set up many kids of shares that had differing

permissions for different accounts. I made a user “cloud-drive” that followed each individual

user on every Windows client they logged into. This was by setting up the smb.conf file to

configure a mapped network drive in the logon script. I also needed to make the folders on the

server but that was kind of automatic in that the logon script36 made the “profile folders” within a

directory I made “/var/lib/samba/profiles”. In the samba smb.conf file I was then able to append

the information for the profile folders, which set permissions as well. The input to the

configuration file was:

[Profiles]

path = /var/lib/samba/profiles

read only = no

create mask = 0755

After I setup the profile folders I setup a share drive with guest access37, a share drive

with domain access, and a backup drive with root-only access. I created a second virtual hard

drive for the Samba Primary Domain Controller to store the backup share. Using the method of

adding a drive I talked about on page 10, I added a drive to the Samba server and mounted it at

“/share”. This is where all the shared folders/drives are located.

35 Network Share: A virtual hard drive that is available on a network36 Logon Script: A script that runs when a user logs in37 Guest access: Access that does not require security credentials. It may have limited functionality for security purposes


Public Keys and SSH

Now that the network shares were setup for server backups I was able to setup public key

encrypted authentication between the client servers and my Samba server. This allows for the

servers to communicate securely with each other without needing passwords and login

information. To do this I ran the ssh-keygen command on a client to get a ssh-id. This ID is

given to the server I am trying to communicate with so I will not need to sue a login for schooled

backups. After I go the ssh-id I ran the command

ssh-copy-id -i ~/.ssh/id_rsa.pub 192.168.1.100

to share the ssh-id with the Samba server. To test I just ran “ssh 192.168.1.100” to remote into

Samba securely over ssh. I no longer need to enter a password, nor login. This made scheduled

backups possible. There were other less-secure methods of doing this, but they required saving

the root password for the Samba server in plain text on each client, which is a security breach

waiting to happen.

Now that the public key connection is setup I can use Rsync to test backups. Once I

figured out a command of Rsync that I liked the backup of I was able to put it into a scheduled

event using Crontab. Rsync has a GUI version known as Graphical Rsync, or Grsync. Grync is

just a command maker where you are able to check boxes for features like “preserve time”,

“verbose38”, and “disable recursion39”, which make it very easy to get exactly what you want out

of Rsync. You also put where you want to back up from and where you want to back up to. The

output of Grsync would be something like 38 Verbose: Shows extra information while running/shows more information that what is needed39 Recursive: In relation to computers this means it recursively backs up files inside of directories


rsync -rtv –progress -b / [email protected]:/share/apache

which was the command I used to back up my Apache server. This command simply means

back up all directories in Apache to Samba in the /share/apache directory with the options of

“recursive”, “preserve time”, “verbose”, “backup” and that it with show progress.

Amanda Backups

Like 389 Directory Server, Amanda Backups was a solution that was doomed from the

start. It was one of the first things to show up in my initial google search for Linux backup

solutions. It was a neat idea in that it would look for times when the network was under low

loads and would automatically schedule backups for you. I installed it by running “yum install

Amanda*”40, which installed all Amanda software from the repository. Then I installed xinetd,

which is the extended internet daemon that manages internet-based connectivity. I then made

directories that would hold the backups Amanda would make. Then I went into the

/etc/Amanda/myconfig/Amanda.conf file and edited information as per their documentation to

setup clients for backup.

Then on the client-side I installed the Amanda-Client and xinetd running the command

“yum install Amanda-client xinetd”. It created a directory for the Amanda client which was

located /var/lib/Amanda and contained a file called .amandahosts, which I then added the

Amanda Server hostname and username. This allowed for the backups to run.

40 Wildcard: A character that works as a placeholder for other characters when in addition to a string. The character used as a placeholder for wildcards is typically an asterisk. (Ex. If I wanted to look up all people with the first name “John” in a database I would search “John*” to view all Johns)


I later, however, opted for a more common and conventional backup system in Rsync,

which is an industry standard for Linux backups. There was much more documentation and I

was able to configure my backups to run when I wanted them to do so.

Rsync and Crontab

Once I had a functioning command for backups I was able to setup schedule backups

which improved effectiveness since the backups could be incrementally or just be more up-to-

date than if I manually did them when I thought about it. Setting up scheduled tasks was

relatively simple because Crontab is a built-in application in all versions of CentOS 7 and did not

need to be installed. It is relatively easy to use although it defaults to using VI41 instead of my

preferred text editor, Nano. Although it was annoying that it defaulted the way it did it was

simply fixed by entering “export EDITOR-nano”. Once I setup the proper text editor I entered

Crontab by entering “Crontab –e”, which put me in an instance of Nano.

Crontab works by setting up the recurrence of the scheduled task using asterisks and

numbers. If you enter “* * * * *” (5 asterisks) the command will run every minute of every day

of every week, of every year. The 1st asterisk is the minute (0-59), the 2nd is the hour (0-23,

where 0 is 12AM),the 3rd is day of month (1-31), the 4th is month (1-12, where 1 is January), and

the 5th is day of week (0-7, where 0 and 7 both are Sunday). I will continue using my Apache

commands as the examples. For my Apache server, I entered:

30 2 * * * rsync -rtv –progress -b / root@192 . 168 . 1 . 100:/share/apache

41 VI: An old text editor that was built for practicality before the mouse and is mainly used on systems without a GUI

mailto:[email protected]:/share/apache


#this backup will run every day at 2:30AM”, where it is set to run at 2:30 AM every day

The part after the pound sign, “#”, is commented42 out and is not read by Crontab. It is

only there for my documentation, so I know what it is without having to really look at it.

DNS

DNS is the Domain Name Service protocol in the TCP/IP protocol suite. It is used to

resolve domains and hostnames to IP addresses. It is what allows us to enter google.com into a

web browser and have it automatically resolve to https://www.google.com. In my case, I

configured two DNS servers for hostname resolution in my domain.

I used a program called Bind. In the configuration I used it, there was one server that

was the “Master” and one that was the “Slave”. The Master holds the configurations and

information and the Slave pulls information from the Master and stores it. The main point of the

Slave is to work as a secondary DNS and a failover43 incase the Master goes down. In my case I

made a Master called “DNS” and used Samba as my Slave DNS.

Master

After installing Bind by using the command “yum install bind -y”, I went into the

/etc/named.conf file and added information that told it to listen on port 53, which is the TCP/IP

port for DNS and then appended information to create forward and reverse zones for the DNS. I

then created forward and reverse domain text files that stored the IP addresses and hostnames of

42 Comment: Text that is inserted in code that is not read by the program/application43 Failover: Switching to a redundant or standby system when one system is down or overloaded


the computers on the domain. I added port 53 to the firewall whitelist for UDP44 and TCP

traffic. I then ran test commands to ensure it works correctly before using it as the domain’s

DNS server. Afterwards, I went to the network interface text file and added this client as the

DNS server for each client on the domain. After this server was up and running, I was able to

setup the Slave DNS to work as a secondary DNS on the domain.

Slave

Setting up the Slave server was very similar to setting up the Master. Like the Master,

there were configurations made to the /etc/named.conf file, which involved setting the server to

listen on port 53, which we established in the TCP/IP port for DNS traffic. I also set Bind to

allow queries from all clients on the 192.168.1.0/2445 subnet. I append the information for the

forward and reverse zones and where the files are located, which is on the master. I can now set

it as the second DNS server for clients on my domain. In the /etc/resolv.conf file I needed to set

the IP of the Slave DNS server as the second nameserver as well.

Apache

Apache HTTP Server is a free web server software that is used in many enterprise

environments. It is maintained by the Apache Software Foundation project and is supported

through open-source development46.

44 UDP: User Datagram Protocol, an alternative protocol to TCP which is connectionless and does not ensure data integrity45 CIDR Notation: Classless Inter-Domain Routing, a method for allocating subnets. (Ex. /24 is the same as a 255.255.255.0 subnet mask)46 Open-Source Development: A form of software development that the copyright holder allows their software to be upgraded, changed, and studied by anyone for any purpose


I installed it by first making sure my client was up to date, running “yum update -y”, then

installing the Apache HTTP Daemon which is reasonably called httpd. I installed it using the

command “yum install httpd -y”. After installing httpd, I configured its firewall to allow traffic

on port 80 and port 443, which are the ports for TCP/IP protocols HTTP and HTTPS,

respectively. Once this is done, the network settings are configured, and DNS is setup the server

is ready for intranet use. I used it to work as a platform for Nagios Core to be run from.

Through the DNS servers I setup the hostname for the Apache server to just be apache.

This allowed the webpage for the Apache server to be accessed by entering http://apache into a

web browser from a domain computer attached to the DNS Server. If a PC was not setup with

the DNS server the Apache server could also be accessed through a web browser by entering the

IP address and port, which would be http://192.168.1.150. This, however, just connects you to

the default configuration page of Apache. To access Nagios, which is a web-based network up-

time monitor, was located at the subdirectory http://apache/nagios.

Nagios

Nagios is a very good open source network monitoring tool introduced to me by a

colleague in the Computer Information Systems and Technology program. He configured it for

a group project in our Systems and Network Administration Practicum course and I believed it

would serve a useful purpose in this project as a web based network monitoring tool to

compliment my Apache server.


Nagios on its own has a lot of prerequisite software I needed to install before it. After I

installed the prerequisites I then created a user called “Nagios” and a group “nagcmd”, which

was the Nagios Command group. I then added the user to this group.

To install Nagios version 4.1.1used the command

curl -L -O https://assets.nagios.com/downloads/nagioscore/releases/nagios-4.1.1.tar.gz

Curl is a command that transfers data from or to a server using a variety of protocols. In this

case I am downloading the Nagios archive file which I then opened using tar, which is an

extracting47 tool. I then a series of make commands are used to install the program once it is

extracted. Then I installed some Nagios plugins using the Curl command. I then extracted it and

configured it by running

./configure --with-nagios-user=nagios --with-nagios-group=nagios --with-openssl

and ran the make commands to install it. Then I installed NRPE, which is the Nagios Remote

Plugin Executor, that allows you to remotely execute Nagios plugins48 that give you the ability to

see information like disk usage, CPU load, etc via Nagios. I downloaded it using a similar

method with Curl, and I used the make commands to install it manually.

After everything was installed I was able to go into the configuration file using the

command

Nano /usr/local/nagios/etc/nagios.cfg

47 Extract: To decompress a file or folder that had been shrunk to save throughput on a network or save space on a storage medium48 Plugins: A piece of software that adds a feature to another piece of software


I uncommented out the line that tells Nagios to read the /usr/local/nagios/etc/servers file, which

will hold the information for the clients Nagios will be monitoring. I then created that directory.

I was also able to setup email from Nagios to my personal email by updating the email directive

in the /usr/local/Nagios/etc/objects/contacts.cfg file. I later undid this because I was receiving

emails every time I restarted servers, which became a little annoying for a test environment.

Using the htpasswd command I was able to make another user “nagiosadmin” which

will be used to access the web interface 49for Nagios through a web browser. Then using the

systemctrl command to restart daemons Nagios should now be online.

To access the web interface, I enter http://apache/nagios, then I am prompted for login

information which will be what I created earlier with nagiosadmin. After authenticating, you see

the default Nagios interface. Then you can go to “Hosts” under Current Status and this will

show you a list of connected Hosts, which in my case is Apache (localhost) until I setup external

clients.

In the /usr/local/Nagios/etc/servers directory I create a file for Samba and DNS

respectively. They are titled DNS.cfg and Samba.cfg. This is the information appended to the

Samba file is the following.

define host {

use linux-server

host_name PDC

alias Samba Primary Domain Controller

address 192.168.1.100

49 Web Interface: An application whose interface is accessed through web browser/webpage.


max_check_attempts 5

check_period 24x7

notification_interval 30

notification_period 24x7

}

This will monitor if the host is on the network. There are many other features Nagios is capable

of monitoring including: SSH, Ping (with ICMP packets), HTTP, and many others. Now the

network monitoring is finished. This was one of the more time consuming and command

intensive installs since I could not find documentation that included a repository install on yum,

so it required a manual install, which took much more time and led to more mistakes than other

installs. To view services, I had to install NRPE, which is the Nagios Remote Plugin Executor.

This allows the clients to send information back to the Nagios server. I setup both the DNS and

PDC servers to give Nagios statuses on ping (ICMP packet transfer) and if SSH was correctly

functioning.

Nagios is a very useful free software that give me the ability to keep tabs on my domain

and know when a client is offline or if services are running. These types of software are

incredibly common in enterprise environments. I can attest to the hospital I worked my

internship at having a full monitor in the IT department running a similar network monitor.

While I only used it to monitor SHH, Ping, HTTP, and network uptime it can be used for many

other services like DHCP, POP, SNMP, SMTP, TCP, and UDP. I did not use these other options

since they are not really applicable to my servers, but they would be applicable to many other

environments, especially large scale ones.


Conclusion

Working with Samba as a Domain Controller had its ups and downs, but it was neat to

learn how it worked a see the power of a free software to fill in for an expensive software like

Windows Server. Its ability to run network shares on TCP/IP port 139, which is SMB, or Server

Message Block was powerful alternative to using Windows Server as a file server. While Samba

is very limited compared to running full Windows, it is very powerful in its own class of free

Active Directory running software and is getting better and more powerful every year.

Setting up a static DNS opened my knowledge on how DNS works and how it is

configured. I worked with forward and reverse zones and bind configuration. While it was

relatively simple to setup the Master and Slave setup helped me understand DNS much more

than I had with Windows Server, which in my experience would automatically work as a DNS

server when it was a Domain Controller.

I had installed Apache before in another course, and it is very easy to install on its own.

The real difficulty came with installing Nagios, which had a lot of configuration and steps to

install it. I know that at the hospital we use network monitoring software and a powerful, free

software like Nagios may be beneficial to have experience with in the future. I am sure many

other enterprise environments take advantage of this useful kind of software.

Like any project there are failures and things to move past. My failures can be equated to

misunderstanding what the use of software is and finding more practical software. That was the


case for both 389 Directory Server and Amanda Backups. Both had their uses, but they were not

right for my project. Their functionality not what I was looking for.

This project pushed me to learn a lot more about Linux than I ever had. It was very rewarding to

see what the freeware50 could do. I had experience in doing this type of administration work in

Windows, but this gave me new experience and skills that will be useful in the future whether I

work with Linux or not. I learned a lot about Linux and more specifically CentOS 7, which

opens a whole new set of careers and opportunity for my future. I am glad I was pushed away

from sticking with Windows and left my comfort zone in order to expand my skill set to include

Linux.

50 Freeware: Free software

introduction - file · web viewthe idea was to create a functioning domain with a...

Documents