Information Systems Security and Privacy – ITM 820 Part B
Part B: SELinux Server Services
Installation & Configuration
Instructions:
1. This is a group project. Each group must submit a single solution for the required deliverables.
2. All submissions are to be via the turnitin.com system; no other way of submission is accepted.
3. Please feel free to explore m ore references from any so urces (e.g., RFCs, techn ical reports,
research pap ers, technical m agazines and journals ), and to support your answers wi th adequate
documentations.
4. Support your repot through screenshots.
Purpose and Objective
The purpose of this assig nment is to gain som e experience in identify ing the basic requirem ents for
creating a virtualized e-commerce solution. The project requires the following processes:
- Installation of Linux operating system (Fedora) in VM.
- Installation of the Apache Web Server.
- Installation of PHP programming interpreter.
- Installation of MySQL or MariaDB Database Management System.
- Installation of Anonymous FTP server.
- Enabling and configuring MLS.
The main objective is to successfully be able to configure server services in Linux platform and to
demonstrate Multilevel Security in SELinux.
Success Criteria
- To be able to configure Apache server
- To be able to configure MySQL server.
- To be able to configure PHP interpreter.
- To be able to configure NTP server.
- To be able to configure FTP server
- To be able to implement an access control mechanism for the purpose of authorizing
webpages and directory.
- Configuring MLS.
Keywords
SELinux, Apache, php, mysql, ntp, smtp, pop, localhost, htaccess, htpasswd, ftp, MLS
Resources
Option-A: LAMP (Linux, Apache, MySQL, and PHP) Servers hosted in a virtual machine.
Option-B: XAMPP Servers (XML, Apache, MySQL, PHP, and Perl) installed on Windows
OS.
Red Hat Enterprise Linux 6.0: https://access.redhat.com/documentation/en-
US/Red_Hat_Enterprise_Linux/6/html/Security-Enhanced_Linux/creating-a-user-with-a-
specific-mls-range.html
Information Technology Management | Ryerson University 1
� Informatio
on Systems Security and P
Privacy – ITM
M 820 Part B
SELinux Projeect: http://sellinuxproject.org/page/NB
B_MLS#Multti-Level_Seccurity_and_M
Multi-
Category_Sec
C curity
Pro
oject Prreparattion: In
nstallingg the LA
AMP P
Platform
m
10 Maarks
1. In
nstall Fed
dora SELiinux 23 (o Operating Systems in a
or later vversion) O
Vmware
V viirtual macchine.
2. In
nstall Apa
ache serveer
o yum install httpd
o servicce httpd startt (note: after httpd started, make sure the Firefox is installed)
test successsful installaation by brow wsing the UR
RL: localhosst
Th he test page should
s be dissplayed.
3. In
nstall MyS
SQL Data
abase (Forr SELinux version 23)
a. yum install
i mysqql mysql-serv
ver
b. system
mctl enable mysqld.servvice
c. system
mctl start my
ysqld.service
d. mysqql_secure_insstallation
Note:
N ng a later veersion (e.g., Fedora 25)) do the folloowing:
If you are installin
a) yum install mysql m mysql-serverr
b) systemcctl enable mmysqld.servicce
c) systemcctl start mariiadb.servicee
d) mysql__secure_instaallation
4. In
nstall PHP
P5
a. yum install
i php
b. system mctl restart httpd.service
h e
c. test PHP5
P by creaating a PHP document
i. vi /var/wwww/html/info o.php
<?php php pinfo ( ); ?>
d. test thhe page in th u
he browser using the httpp://localhost/ RL
t/info.php UR
Note: Aftfter successfuult PHP instaallation you should get a following ffigure (or
similar):
Management | Ryerson U
Information TTechnology M University 2
� Informatio
on Systems Security and P
Privacy – ITM
M 820 Part B
5. In
nstall php
pMyAdmin
n
a. yum install
i phpm
myadmin
b. configure phpMy yAdmin usin
ng the VI ediitor:
vi /etcc/httpd/conf.d/phpMyAddmin.conf
6. Restart
R Ap
pache serv
ver
system
mctl restart httpd.service
h e
7. Access
A php
pMyAdmin
n by using
g the URL
L http://loccalhost/ph
hpmyadmiin
Part 1:
1 Passw
word Pro
otect Websites
W P
Pages 15 Marrks
httpp://httpd.apachee.org/docs/2.2//howto/htaccesss.html
http://docs.fed
doraproject.org
g/en-US/Fedoraa/16/html/Systtem_Administrrators_Guide/ch-Web_Serverrs.html
http://www.reeallylinux.com
m/docs/htaccesss.shtml
Using access
a filess, implemen
nt an accesss control m mechanism m that authhenticate ussers
while atttempting tot access websites,
w fiiles of webbsites, or thhe entire diirectory.
Test the Apache
A server by broowsing thee
http://loccalhost/info
o.php, if thhe Apache server is nnot respondd
then you need to start the httppd service: service htttpd start.
Replace the
t conten nts of the innfo.php pagge with thee followingg
code andd test your access conntrol schem me based onn attemptinng
to accesss this page;; the page ccan be foun
und at /var/w
www/htmll
<html>
Information TTechnology M
Management | Ryerson U
University 3
� Informatio
on Systems Security and P
Privacy – ITM
M 820 Part B
<hr size=
=20 color=
=orange>
<h1 align
n=center> Informatioon Systemss Security and Privaccy
<br> ITMM 820 Projject</h1>
n=center> Group nam
<h2 align mes: xxxxxx</h2>
<hr size=
=20 color=
=orange>
</html>
* wheree xxxxxx is your group
up memberss’ names
Test the pagep usingg the URL::
http://loccalhost/info
o.php
- Hint:
H Use th
he .htaccesss and .htpaasswd acceess files ass a method of
im
mplementaation.
Create an nd configuure .htaccesss file
Crate and d configuree .htpassw
wd file
Test Acccessing the web Serverr using the U URL: http://loocalhost/info.php
Verify th he httpd.conf file is reead as “alloowoverride all”
(http://htttpd.apachee.org/docs//2.2/howtoo/htaccess.hhtml)
Hint:
/etc/httpd
d/conf/
/var/wwww/html
vi yourfille.html
htpasswdd –c filenamee UserNamee
Part 2: Installing
g FTP Serv
ver (pure--ftpd) in A
Anonymou
us Mode 10 Maarks
pure-FTPPd is a free (BSD), secure, production-qu
p ality and standdard-conformaant FTP serveer. It doesn't prrovide
useless beells and whistlles, but focusees on efficien
ncy and ease oof use. It provvides simple aanswers to com
mmon
needs, plu
us unique usefuul features forr personal userrs as well as hoosting provideers.
2.1
2 Install pure-ftpd
p server (http:://www.pureeftpd.org/prooject/pure-ftppd)
o yum -y- install purre-ftpd
o system
mctl start puree-ftpd.service
mctl enable pure-ftpd.serv
o system vice
o Test th
he operabilityy of the serveer using ftp:///localhost
Information TTechnology M
Management | Ryerson U
University 4
� Informatio
on Systems Security and P
Privacy – ITM
M 820 Part B
2..2 Installl FTP client (Filezella:
( htttps://filezilla--project.org/ddownload.phpp?show_all=1)
o Createe a folder on the FTP servver that show
ws (Group Noo xx – ITM 820) as its nam
me.
o Uploaad the text filee HelloWorld
d to the serveer in your grooup folder.
The file co ontains the message: Welccome to the IITM 820 Proj oject.
Part 3:
3 Time Synchro
S nization
n Server (Networrk Time Protocool)
10 Marrks
http
p://support.nttp.org/bin/viiew/Servers//NTPPoolSeervers
hhttp://www.pool.ntp.orgg/en/vendorss.html
http://wwww.nrc-cnrc.gcc.ca/eng/servvices/time/neetwork_timee.html
htttps://supernooc.rogersteleecom.net/opss/ntp/
3 .1 Install NTP
N Serverr
- yum -yy install nt p
3 .2 Revise the
t configu
uration filee of the prootocols
- vi /etc /ntp.conf
Information TTechnology M
Management | Ryerson U
University 5
� Information Systems Security and Privacy – ITM 820 Part B
3.3 add the network range you allow to receive requests
server 0.fedora.pool.ntp.org iburst
server 1.fedora.pool.ntp.org iburst
server 2.fedora.pool.ntp.org iburst
server 3.fedora.pool.ntp.org iburst
server ntp1.jst.mfeed.ad.jp
3.4 Start Server
systemctl start ntpd.service
3.5 Enable server
systemctl enable ntpd.service
3.6 Run the command: ntpq –p
3.7 What is the purpose of the command ntpq –p
Information Technology Management | Ryerson University 6
� Informatio
on Systems Security and P
Privacy – ITM
M 820 Part B
Part 4:
4 E-maill Server (Postfix
x) 10 Marks
http://w
www.techoto
opia.com/ind
dex.php/Connfiguring_a__Fedora_Linuux_Email_S
Server
4.1 Check thee status of e-m
mail server
a. cd /sbiin
b. service sendmail sttatus
olution Clien
4.2 Install Evo nt
c. yum in nstall evolutiion*
d. config gure your e-mmail account
pop.gmmail.com portp 995
smtp.ggmail.com portp 465
Information TTechnology M
Management | Ryerson U
University 7
� Informatio
on Systems Security and P
Privacy – ITM
M 820 Part B
Part 5:
5 PGP Keys
K Gen
neration
n 10 Maarks
https://feddoraproject.orgg/wiki/Using_G
GPG
5.1 Installl the seahorrse program: yum install seahorse
5.2 Geneerate PGP Keeys for each member of your group aand publish the public kkeys on the
MIT PGP server: http://pgp.mmit.edu/
5.3 Encry
ypt the attach
hed file ( part2 ) using one
o of the puublic keys puublished on tthe
http://pgp.mitt.server
Submit yo
our encrypted message as
a part2.gpg.
Information TTechnology M
Management | Ryerson U
University 8
� Information Systems Security and Privacy – ITM 820 Part B
Part 6: Enabling Multilevel Security (MLS) [15 Marks]
6.1 Enable MLS in SELinux
6.2 Configure Multilevel Securirty on the SELinus OS.
6.3 Configure SELinux in to permissive mode.
6.4 Test the mode of operation using the command:
getenforce what is the output?
6.5 Display the policy file that SELinux is currently using:
sestatus |grep mls
6.6 Create a new user where your group no. as its name:
useradd groupxx
6.7 List the user by using SELinux primitives:
semanage login –l
6.8 Modify the SELinux range to s5 and c150:
semanage login --modify --seuser user_u --range s5:c150 groupxx
6.9 Create a 2nd user and configure it with different SELinux range and demonstrate the no
write down and the no read up model.
Part 7 [Bonus]: Message Authenticity [5 Marks]
Using the principles of digital signature as well as PGP keys, Implement a digital signature
scheme a message authenticity must be verified.
Hint: use the following resources
https://fedoraproject.org/wiki/Archive:Legacy/PGPHowT
o?rd=Legacy/PGPH owTo
https://www.gnupg.org/gph/en/manual/x135.html
http://fedoraproject.org/wiki/Using_GPG_with_Evolution
https://fedoraproject.org/wiki/Archive:Legacy/PGPHowT
o?rd=Legacy/PGPHowTo
Submission
This section details the instructions to follow when submitting your assignment through
Turnitin.com.
The assignment report (Part A & B) must be submitted as a unified file in .pdf format.
Support your work with screens snapshots.
Information Technology Management | Ryerson University 9
