In this webpage we describe our Linux project based on implementations of concepts such as DNS,DHCP,Web Server, Firewalls and Backup.

1) Abhishek Senapati
2) Amit Kumar
3) Naveen Yanamaddi

Many organizations and businesses worldwide are converting their core computer operating system to Linux as opposed to other operating systems. We are also seeing a shift from commercial software to free software (also referred to as open-source software). Linux LICENSE | CUSTOMIZATION | Linux SOURCE CODE | Linux SUPPORT/COMMUNITY

We have built a robust, secure and effective solution for a startup company in Boston. This simple yet dynamic solution consists of DNS Server, DHCP Server, WEB Server/Firewall/Backup and a client server. So when a computer comes in this network, it gets its IP address allocated by the DHCP Server, domain name resolved to IP by the DNS and Webpages served by the Web Server. It has additional security parameters like the firewall and ARP poisoning. Redundancy by taking timely backups.

1) Domain Name System (DNS)
DNS or Domain name service is the means by which domain names which humans understand get translated into IP addresses that computers understand. The Domain Name System is a distributed system. It does not reside on any one computer. There is a hierarchy to the organization of the servers, however which allows local servers to broaden their search for an answer to a DNS lookup request. These lookup requests are called "queries". DNS uses port no.53.

2) Dynamic Host Configuration Protocol (DHCP)
The Dynamic Host Configuration Protocol (DHCP) is a standardized network protocol used on IP networks for dynamically distributing network configuration parameters, such as IP addresses for interfaces and services. With DHCP, computers request IP addresses and networking parameters automatically from a DHCP server, reducing the need for a network administrator or a user to configure these settings manually. HTTP uses port no.80.

3) Web Server
A Web server is a system that delivers content or services to end users over the Internet. A Web server consists of a physical server, server operating system (OS) and software used to facilitate HTTP communication. The primary function of a web server is to store, process and deliver web pages to clients

4) Backup Web Server
A backup server is a type of server that enables the backup of data, files, applications and/or databases on a specialized in-house or remote server. It combines hardware and software technologies that provide backup storage and retrieval services to connected computers, servers or related devices.

5) Firewall
A firewall is a network security device that grants or rejects network access to traffic flows between an untrusted zone (e.g., the Internet) and a trusted zone (e.g., a private or corporate network). The firewall acts as the demarcation point or “traffic cop” in the network, as all communication should flow through it and it is where traffic is granted or rejected access.

• Linux Based OS (We have used Ubuntu 14.04.1)
  
• Bind9 server to configure DNS.
  
• Isc-dhcp-server and radvd to configure DHCP.
  
• Apache2 to configure our web server.
  
• RSync package for web backup server.
  
• SSH package.
  

1. Install DHCP Server

    sudo apt-get install isc-dhcp- server

2. Set the static Ip address of the DHCP server

    sudo vim /etc/network/interfaces

auto eth0
                iface eth0 inet static 
                address 192.168.10.100
                netmask 255.255.255.0
                broadcast 192.168.10.255
                dns-domain-nameserver 192.168.10.150 192.168.10.155

	iface eth0 inet6 static
	address 2607:f1d0:2001:000a:0000:0000:0000:0010
	netmask 64
	gateway 2607:f1d0:2001:000a:0000:0000:0000:0001

3. Configure the DHCP server

    sudo vim /etc/dhcp/dhcpd.conf

    default-lease-time 600;
    max-lease-time 7200

    subnet 192.168.10.0 netmask 255.255.255.0{
               range 192.168.10.10 192.168.4.90;
               option routers 192.168.10.1;}
		    option domain-name-servers 192.168.10.150 192.168.10.155;
		    option domain-name “linuxproject.com”

               host dns {
               hardware ethernet 80:00:27:26:b3:52;
               fixed-address 192.168.10.150;
               }
               
               host dnssecondary {
               hardware ethernet 80:00:27:4c:93:d1;
               fixed-address 192.168.10.155;
               }
               host webserver {
               hardware ethernet 80:00:27:9E:f8:da;
               fixed-address 192.168.10.160;
               }

4. Restart the DHCP Server

    sudo service isc-dhcp-server restart 

1. Install the radvd to configure the parameters

    sudo apt-get install radvd 

2. Modify the file /etc/radvd.conf

    sudo vi /etc/radvd.conf               

interface eth0 {
               AdvSendAdvert on;
               AdvManagedFlag on;
               prefix 2607:f1d0:2001:000a::/64 {
               AdvOnLind on;
               AdvAutonomous on; };
               };

3. Modify the file /etc/sysctl.conf

    sudo vi /etc/sysctl.conf
               net.ipv6.conf.all.forwarding=1

4. Restart the radvd

    sudo /etc/init.d/radvd restart

• For IPv4
  

1. Install Bind9

    sudo apt-get install bind9

2. Configure static IP address getting from DHCP server for the DNS server

    sudo nano /etc/network/interfaces

            auto eth0
            iface eth0 inet dhcp
            iface eth0 inet6 dhcp

5. Configure zones in the named.conf.local file

    sudo vi /etc/bind/named.conf.local

// For Reverse Zone

zone "10.168.192.in-addr.arpa"
{
type master;
file "/etc/bind/db.192";
allow-transfer {
192.168.10.155; };
also-notify {
192.168.10.155; };
allow-query {any;};
};

IPV6 Reverse Zone

zone "a.0.0.0.1.0.0.2.0.d.1.f.0.7.6.2.ip6.arpa"
{
type master;
file "/etc/bind/db.ipv6";
allow-transfer {
192.168.10.155; };
also-notify {
192.168.10.155;};
};

//Forward Zone

zone "www.linuxproject.com"
{
type master;
file "/etc/bind/for.www.linuxproject.com";
allow-transfer {
192.168.10.155; };
also-notify {
192.168.10.155; };
allow-query {any;};
};

// Configure the forward lookup table  

Sudo vim /etc/bind/for.www.linuxproject.com

$TTL	604800
@	IN	SOA	www.linuxproject.com. root.linuxproject.com. (
			      3		; Serial
			604800		; Refresh
			  86400		; Retry
			2419200		; Expire
			604800 )	; Negative Cache TTL
;
@	IN	NS	www.linuxproject.com.
@	IN	A	192.168.10.150
@	IN	AAAA	2670:f1d0:2001:a:a00:27ff:fe26:b352
@	IN	A	192.168.10.155
@	IN	A	192.168.10.160
www     IN 	A	192.168.10.160
192.168.10.160 IN PTR   www.linuxproject.com
www.linuxproject.com.	IN	NS	ns.linuxproject.com.

// Configure the reverse lookup table for ipv4 and ipv6 addresses     

    sudo vim  /etc/bind/db.192

$TTL	604800
@	IN	SOA	www.linuxproject.com. root.linuxproject.com. (
			      2		; Serial
			604800		; Refresh
			  86400		; Retry
			2419200		; Expire
			604800 )	; Negative Cache TTL
;
@	IN	NS	www.linuxproject.com.
www.linuxproject.com.	IN	A	192.168.10.160
160	IN	PTR	www.linuxproject.com.
150     IN	PTR	www.linuxproject.com.
155	IN	PTR	www.linuxproject.com.

//IPV6

sudo vim /etc/bind/db.ipv6

$TTL	604800
@	IN	SOA	www.linuxproject.com. root.linuxproject.com. (
			      1		; Serial
			604800		; Refresh
			  86400		; Retry
			2419200		; Expire
			604800 )	; Negative Cache TTL
;
@	IN	NS	www.linuxproject.com.
2.5.3.b.6.2.e.f.f.f.7.2.0.0.a.0 	IN	PTR	www.linuxproject.com.

//Restart the Bind9 server

sudo /etc/init.d/bind9 restart

//forward zone

sudo vim /etc/bind/name.conf.local

zone "www.linuxproject.com"
{
type slave;
file "/etc/bind/for.www.linuxproject.com";
masters {
192.168.10.150; };
};

//Reverse Zone

sudo vim /etc/bind/db.192

zone "10.168.192.in-addr.arpa"
{
type slave;
file "/etc/bind/db.192";
masters {
192.168.10.150; };
};

zone "a.0.0.0.1.0.0.2.0.d.1.f.0.7.6.2.ip6.arpa"
{
type slave;
file "/etc/bind/db.ipv6";
masters {
192.168.10.150; };
};

// Restart the Bind9 server

    sudo /etc/init.d/bind9 restart

// Install Apache webserver

sudo apt-get install apache2

// Creating directory file

sudo mkdir /var/www/linuxproject.com/
sudo chmod 755 /var/www/
sudo chmod $USER: $ USER /var/www/ linuxproject.com/
sudo nano /var/www/ linuxproject.com//sample.html

// Configuring Apache 2- apache 2.conf

sudo vim /etc/apache2/apache2.conf

< Directory /var/www/linuxproject.com/>
               Options indexes followsymlinks
               Allow override none
               Require all granted
< /Directory>

// Configuring Apache2-dir.conf Because we haven’t used index.html as default we need to add our sample.html to the list of accessible directory indices.

sudo nano /etc/apache2/mods-available/dir.conf
Appending our html file i.e sample .html to the list of indices
       <If module mod_dir.c>
       Directory index index.html index.cgi index.p1 index.php index.xhtml index.htm sample.html
       </IfModule>

// Configuring Apache 2  -000-default.conf

sudo vim /etc/apache2/sites-available/000-default.conf
       serverAdmin webserver@linuxproject.com
       serverName linuxproject.com
       DocumentRoot /var/www/linuxproject.com

// Now we Map IP address to domain name

sudo vim /etc/hosts
       
192.168.10.160 --    linuxproject.com

Restart Apache 2
       sudo service Apache2 restart

1. Active ufw firewall

   “sudo ufw enable” 
   “sudo ufw default deny”

2. Start the service using the command

    sudo service iptables-persistent start

3. Enable the SSH service

    “sudo ufw allow ssh”

4. Open the port

    “sudo ufw allow 80”
    “sudo ufw allow 22”
    “sudo ufw allow 1723”

5. Enter a rule

    “Sudo ufw allow proto tcp from 192.168.10.19 to any port 22"

6. See the firewall status

    sudo ufw status

1. Install SSH

    sudo apt-get install ssh

2. Generating RSA keys

    ssh-keygen –t rsa

3. Use ssh to create a directory on backup server

    ssh naveen@192.168.10.19 mkdir –p .ssh

4. Append web servers key to the back up server

    cat /home/.ssh/id_rsa.pub | ssh naveen@192.168.10.19 ‘cat >> .ssh/authorized_keys’

5. We are making the file compressed for back up

    sudo tar –cvpz webserver.tar.gz  /var/www/linuxproject.com/sample.html

6. Use cron tab to schedule backup every 5 minute

    sudo crontab –e

     */5**** sudo tar –cvpzf /home/naveen/webserver.tar.gz /var/www/linuxproject.com/sample.html        
     */5**** sudo scp /home/naveen/webserver.tar.gz naveen@192.168.10.19:/home/naveen/

Network File Systems is used for sharing files with other computers on the network. It is a file distribution system protocol.

Initially, repositories should be updated    

  sudo apt-get update

Next, install nfs server package

sudo apt-get install nfs-kernel-server

Then, make a directory which is to be shared with other devices    

sudo mkdir /ProjectTobeShared

/etc/exports is the main config file for NFS and add the following command to the file

/ProjectTobeShared 192.168.10.19(rw,sync,no_root_squash)

Now, start the service

sudo /etc/init.d/nfs-kernel-server start

Check the NFS share status by following commands    

sudo exportfs -u

NFS CLIENT Install NFS client and dependencies        

sudo apt-get install nfs-common rpcbind

Create a directory /rhome    

sudo mkdir /destinationDir

Mount the remote share /shome on local directory /rhome    

sudo mount 192.168.10.150:/ProjectTobeshared /destinationDir

And the following line in /etc/fstab file for permanent mount

192.168.10;150:/ProjectTobeshared /destinationDir nfs rw,sync,hard,intr 0 0

The two files text1 and text2 are created in NFS Server’s /shome directory. Two files text3 and text4 are created in NFS Client. As, they are mounted it is shown in both folders.

Sudo apt-get install ipsec-tools strongswan-starter

Sudo vim /etc/ipsec.conf

conn webserver-to-client
    authby=secret
    auto=route
    keyexchange=ike
    left=192.168.10.160
    right=192.168.10.19
    type=transport
    esp=aes128gcm16!

Sudo vim /etc/ipsec.secrets
192.168.10.160 192.168.10.19 : PSK "Your password here!"

sudo ipsec restart
ipsec statusall

Sudo apt-get install ipsec-tools strongswan-starter

Sudo vim /etc/ipsec.conf

conn webserver-to-client
    authby=secret
    auto=route
    keyexchange=ike
    left=192.168.10.19
    right=192.168.10.160
    type=transport
    esp=aes128gcm16!

Sudo vim /etc/ipsec.secrets
	192.168.10.160 192.168.10.19 : PSK "Your password here!"

sudo ipsec restart
ipsec statusall

Address Resolution Protocol poisoning (ARP poisoning) is a form of attack in which an attacker changes the Media Access Control (MAC) address and attacks an Ethernet LAN by changing the target computer's ARP cache with a forged ARP request and reply packets. This modifies the layer -Ethernet MAC address into the hacker's known MAC address to monitor it. Because the ARP replies are forged, the target computer unintentionally sends the frames to the hacker's computer first instead of sending it to the original destination. As a result, both the user's data and privacy are compromised. An effective ARP poisoning attempt is undetectable to the user. ARP poisoning is also known as ARP cache poisoning or ARP poison routing (APR).

Implemented ARP Poisoning in our project using Python Programming with Scapy Module.
Python .py script has been attached in the project report submitted