2 attachmentsSlide 1 of 2

  • attachment_1attachment_1
  • attachment_2attachment_2

UNFORMATTED ATTACHMENT PREVIEW

CS 470: Unix/Linux Sysadmin Summer 2021 Lab 2 FreeBSD + e-mail service This lab gets our hands dirty with the far-and-away most prominent free-and-open-source BSD-derived operating system, FreeBSD. Whereas OpenBSD has always focused on being the most secure operating system (see http://www.openbsd.org/goals.html), FreeBSD has always been focused, in their own words, “to provide a stable and fast general purpose operating system that may be used for any purpose without strings attached.” (https://www.freebsd.org/doc/en_US.ISO8859-1/books/faq/introduction.html#idp44542712) OpenBSD was quite unabashedly only for power users and hackers … which means the operating systems mostly get easier from here. Pat yourself on the back, you’re over the proverbial hump. To this end, FreeBSD’s codebase is much larger by comparison with OpenBSD, and the amount of supported hardware and third-party software is much greater. There are also a lot more creature comforts all around; this is because FreeBSD makes less assumptions about its users’ level of skill or threshold for pain, and has a much larger community of developers and users – notably, FreeBSD is extensively used in the development of macOS, the Sony PlayStation line of gaming consoles, under the hood of Google’s search engine, and inside Juniper routers … the latter two obviously because of FreeBSD well-established reputation for having the fastest TCP/IP stack in it, of any operating system. For many years, the fastest and highest-traffic internet sits ran FreeBSD, until the time where statistics were no longer feasible. Once upon a time, Facebook had a program to bring the Linux kernel’s famously bad IP stack up to parity with FreeBSD’s. https://www.theregister.com/2014/08/07/facebook_wants_linux_networking_as_good_as_freebsd/ Back up the greater scheme of things, we have plumbed IP and name service for our little private network as of lab 1; now we need a way to see what all of our systems are telling us on an ongoing basis, as we delve into system internals. FreeBSD is going to be our mail server, to help us up scoop all this data. ‼ IMPORTANT NOTE: after setting up this lab, you will want to start leaving your VMs on overnight. A lot of cron jobs run during the late hours, by design, and we want you to see their output! part one: installing FreeBSD 1. Grab the latest FreeBSD (version 13.0 as of the time of this lab) installation “disc1” ISO from the following URL. It’s almost a gigabyte, and will take a little while. https://download.freebsd.org/ftp/releases/ISO-IMAGES/13.0/ Again, we want the amd64 CPU architecture, unless you somehow are using an antique. If so, grab the “i386” architecture ISO … everything else should be the same. Also note, there’s an x-zipped version (ending in “.xz”) that’ll save you some time downloading, but xz is the most successful at shrinking files in part because it’s the most CPU-intensive algorithm. Just know that you pay in wait time after you download, if you go this route. Look around FreeBSD’s website at www.FreeBSD.org … in particular, I’d like you to notice … 1 a) The release notes for version 13.0 (https://www.freebsd.org/releases/13.0R/announce.html), and within that, the “availability” section explains what the various downloads contain, and in some cases, how to use them. “Release notes” are typical for all software releases … OpenBSD has a very similar document. I just didn’t ask you to look … but I suggest you do. b) The security advisories page (https://www.freebsd.org/security/advisories.html) … click on one of the links. Note how affected versions of each advisory are listed, along with descriptions, directions, and signed source code for the fix. Again, all base operating system patching in BSD-land was up until recently was always done manually, by re-compiling affected pieces of the operating system. I’m tormenting you enough, but wanted to point out how the patches are delivered as source, with instructions. OpenBSD also has an errata page, with the same stuff: http://www.openbsd.org/errata69.html 2. Create a new, custom virtual machine in your VMware product, whichever you’re using. On this system, let’s use the following specifications: CPU: single virtual core/processor RAM: 512 MB Hard disk: 30 GB guest OS: FreeBSD 12 64-bit Note that even though it’s under the “other” menu in VMware Fusion here on my laptop, FreeBSD has enough market share to get its own entry in VMware hypervisors … but VMware hasn’t updated this list since FreeBSD 13 was released. Choosing the “guest OS” configuration option for FreeBSD 12 will be just fine. 3. Boot the VM, and notice the menu for the boot loader with the nifty ASCII art. We can already see with the menu that we’re in for at least a slightly different experience than with OpenBSD … but if we wanted a command line, we could get it here, with option #3. That said, we just want to “boot multiuser” here … even though we’re not really booting multi-user, since this is the installation media. 2 FreeBSD’s mascot is a daemon … not a demon, but a “daemon,” while Beastie (yes, that’s his name) looks slightly devilish, he takes his name from service daemons, and has gotten tweaks over time. When BSD got the “fast” file system (AKA “FFS” or “ffs”), Beastie got sneakers in a lot of the BSD merchandising and art … and the most popular version was drawn by none other than John Lasseter, long before John was the creative leader at Pixar, or the head of Disney Animation. Beastie also has a fork, because Unix daemons fork() processes, as you might know from the operating systems class (CS570). 4. Once you’re done with the march of text output – this is the kernel enumerating various devices and which drivers to use with them – you’re presented with this menu. Already a whole lot different from OpenBSD. ‼ IMPORTANT NOTE: the tab key changes sub-sections or areas within the FreeBSD installer … generally the arrow keys can be used to move around within areas of an installer “window.” ‼ ALSO IMPORTANT NOTE: if you ever get diagnostic messages printed over the installation interface, like in the screenshot above, control-L is often honored as a request to re-draw the terminal window. 3 Ah, much better. Let’s choose to install. 5. You’ll see a lot of the options line up decisions we had to make during the OpenBSD installation process, for instance choosing a keyboard layout (map). The default should here should be fine. If mess anything up along the way, you probably won’t need to start over; FreeBSD will ask you at the end if you’d like to change anything before rebooting into your freshly-installed VM. When asked to set a hostname, use “freebsd” all in lower case. On the distribution selection page, deselect kernel-dbg, and select src … use the space bar here to toggle selections, and in screens like this. At the partitioning dialog, select “Auto (UFS)” and then “entire disk,” and whatever is presented as the default partitioning scheme … because I was pleasantly surprised to find that the automatic configuration in FreeBSD now makes use of a single partition for the file namespace, and makes a sane decision about swap size. It should look like the screenshot below, with the bulk of the disk in a single 4 root filesystem, and roughly 2 to 3 times RAM as a dedicated swap space. If it doesn’t, modify your layout to make sure it does. Once upon a time we used to use partitions as the rule rather than the exception; exponentially cheaper disk space is a huge driver for not partitioning. If your disk device is da0, this is not a problem … it just means VMware picked you a SCSI device (driver name da, the first instance of which is zero, of course. ada is the device driver name for disks attached to ATA or SATA buses. Notice that unlike OpenBSD, FreeBSD considers its MBR partition a part of the device namespace … the disk is ada0, the FreeBSD partition is s1 (slice one), and like OpenBSD the root filesystem is a and swap b. All BSD-derived OSs use letters a through h for their partitions. AT&T-derived OSs use the numbers 0 through 7, as we will see. Making the slice part of the namespace makes more logical sense if you have multiple partitions on a single physical or virtual disk, like if you were dual-booting. A Windows partition would show up as da0s2, or ada0s2. In OpenBSD, DOS/Windows partitions show up as partition letters after h. After you’re done here, select “finish” and the installer will, as all do, ask you to confirm you’re really ready to wipe out the prior contents of the drive. You’ll then see the “archive extraction” screen … … the src tree will take a little while; it is full of lots of small files. You’ll then be asked for a root password. Choose a good one! 6. Network configuration … you should only have one NIC in your VM. Mine was le0 last time, this time it’s em0. It doesn’t matter which one you have, so long as the installer detects a network interface. VMware supports several kinds of emulated NICs, and just like with the disk devices in the prior step, each set of letters denotes a different driver, in turn for a different set of devices. em is an Intel gigabit NIC; le is a “Lance” ethernet chip, now put out by AMD. We want to configure IPv4 for this interface, but not IPv6. We do NOT want to use DHCP. 5 !! IMPORTANT NOTE: if your OpenBSD VM isn’t turned up right now, make sure it is, because we’re about to be using it as the name server. As a general rule, you will always want ALL your VMs up and running together during labs. If your laptop starts bogging down, turn down other VMs first, but leave the two BSD-based VMs up! You will want to substitute in the first three octets of your private IP network for what you see in the next screenshot, but everybody’s FreeBSD VM should be .72. Of course, use the same router as in lab one. The default gateway does not change in between computers on a subnet; it is a fixed value for the whole network. This screenshot is from Catalina last year, so I got .2 here. VMware may ask you to provide your password for your “host” (non-virtual) operating system to allow the guest permission to asset up the network properly. Please provide it. Finally, you’ll be asked to provide the resolver configuration for DNS. Your search path should be cs470.local (the DNS namespace we set up in lab 1), and your only name server should be the IP address of your OpenBSD VM. 6 7. You’ll be asked to set the time zone, then to choose services you want to be started at boot. sshd and dumpdev should be pre-selected, and we want them running. Add ntpdate to set the clock at boot time, ntpd to keep track of the time as the VM runs, and powerd, to save you some electrons. The “system hardening” screen is next. You may leave all these boxes unchecked. You’ll then be asked if you want to add users to the installed system … take this opportunity, and do so. ‼ TIME AND PAIN-SAVING TIP: Keep using the same username across all your systems, to avoid having to tell SSH your username. SSH assumes the same username if you just tell it the system name/IP you want to access. Use user ID number 1000, same as the OpenBSD installer used for you. You’ll see why we do this later. The default login group option (a group of your own) is fine. 7 Add yourself to the wheel and operator groups in the next question, separated by a space, so we can become root with this user, and perform certain privileged operations without becoming root or using sudo. After your user is created, don’t create another. You’ll make it to the “final configuration” menu, where you’ll have the choice of revisiting a lot of the prior options, if you want to change anything you selected. If you do, great, go! Experiment! If not, or when done, select “exit.” Then tell it you don’t want a shell, and that you want it to reboot. Your FreeBSD installation is complete, and your system will reboot into multi-user mode. 8. Log into the console of your FreeBSD system, and make a .ssh directory inside your home folder. $ mkdir -m 700 ~/.ssh Now, copy your SSH public key over into the authorized_keys file, as usual, so you can use your key and agent to log into your FreeBSD VM. Now your setup is truly complete. 9. Now let’s check out where the FreeBSD put most of the options we chose during installation. $ more /etc/rc.conf My output looked like this; it should be needless to say at this point that yours will look slightly different, depending on the first three octets of your VM network and what kind of NIC your VM is using. hostname=”freebsd” ifconfig_em0=”inet 192.168.223.72 netmask 255.255.255.0″ defaultrouter=”192.168.223.1″ sshd_enable=”YES” ntpdate_enable=”YES” 8 ntpd_enable=”YES” powerd_enable=”YES” # Set dumpdev to “AUTO” to enable crash dumps, “NO” to disable dumpdev=”AUTO” Note that the network configuration here in rc.conf is mixed with service configurations. Also note, the file is relatively short for a full system configuration. This is because FreeBSD has a set of “defaults” configuration files under /etc/defaults that it reads before local configuration to do the rest. Take a second to look briefly through all the settings and on/off switches for built-in services. This file, by comparison, is much much larger … with the goal of giving you a smaller rc.conf to look at, where you made only the changes to set or override whatever boot variables you want. $ more /etc/defaults/rc.conf On OpenBSD, /etc/rc.conf.local (with the changes) is parsed after the defaults in /etc/rc.conf. OpenBSD stores its network interface configuration(s) in /etc/hostname.* files, named by interface driver and number, and its default gateway in /etc/mygate. FreeBSD stores its default gateway in a statically-named shell variable (defaultrouter), and stores its network interface configuration(s) in shell variables, named by device name and number. 10. Remember the login banner? Fear not if you don’t … since the dawn of time it’s been in /etc/motd like OpenBSD, and will be found in the same place on virtually every OS we play with. Not anymore, though $ more /etc/motd /etc/motd: No such file or directory Not anymore, apparently, and more than a few have chalked this up as an annoyance with the justreleased FreeBSD 13. https://forums.freebsd.org/threads/freebsd-13-annoyances.79815/page-4 Many more have complained about this release than previous ones. This change to motd appears to be driven by jealousy of Ubuntu’s login information, which we’ll see soon. motd will now be generated dynamically, to presumably be able to add more that isn’t there quite yet … it comes from a template now … $ more /etc/motd.template Welcome to FreeBSD! Release Notes, Errata: https://www.FreeBSD.org/releases/ Security Advisories: https://www.FreeBSD.org/security/ FreeBSD Handbook: https://www.FreeBSD.org/handbook/ FreeBSD FAQ: https://www.FreeBSD.org/faq/ Questions List: https://lists.FreeBSD.org/mailman/listinfo/freebsd-questions/ FreeBSD Forums: https://forums.FreeBSD.org/ 9 Documents installed with the system are in the /usr/local/share/doc/freebsd/ directory, or can be installed later with: pkg install en-freebsd-doc For other languages, replace “en” with a language code like de or fr. Show the version of FreeBSD installed: freebsd-version ; uname -a Please include that output and any error messages when posting questions. Introduction to manual pages: man man FreeBSD directory layout: man hier To change this login announcement, see motd(5). The FreeBSD Handbook is a far more comprehensive walkthrough-style documentation for a nearcomplete set of features of FreeBSD. We’ll be talking shortly about how various operating system file hierarchies are laid out, but wanted to make a point of showing this off … most other operating systems don’t have a neat man page with a guided tour through their file tree. $ man hier Again, use return to scroll through line-by-line, space to load another page. 11. Finally, let’s add the ports tree. You may have noticed that, like with OpenBSD, there was a copy of the ports tree that was offered to us during installation. This ports tree is a checkout of the ports tree, without real capability to update, so we’re going to use a rolling version of the ports tree. FreeBSD has a command, portsnap, that specifically deals with getting snapshots of the ports tree and keeping it up to date. Use su to become root (note the pound sign prompt below), and grab and extract the ports tree with portsnap. # portsnap fetch extract Looking up portsnap.FreeBSD.org mirrors… 4 mirrors found. Fetching public key from ipv4.aws.portsnap.freebsd.org… done. Fetching snapshot tag from ipv4.aws.portsnap.freebsd.org… done. Fetching snapshot metadata… done. Fetching snapshot generated at Sat Jul 17 17:04:03 PDT 2021: f1fbad6a1586f38f89ca09159d730c73dd7d2bf64a89f1 91 MB 11 MBps 08s Extracting snapshot… done. Verifying snapshot integrity… done. Fetching snapshot tag from ipv4.aws.portsnap.freebsd.org… done Fetching snapshot metadata… done. Updating from Sat Jul 17 17:04:03 PDT 2021 to Sun Jul 18 13:11:12 PDT 2021. Fetching 5 metadata patches… done. Applying metadata patches… done. Fetching 0 metadata files… done. Fetching 117 patches. (117/117) 100.00% done. done. Applying patches… 10 done. Fetching 11 new ports or files… done. /usr/ports/.arcconfig /usr/ports/.gitignore … The above output is provided for context; you will start to see the paths of ports listed, and this whole process will take a few minutes. Not a really long time, but a few minutes. We’re grabbing a large set of small files from online sources. If this command fails, because “host not found” then your DNS server or network setup is messed up. Did you get your name server working properly and validated on that system? part two: installing software Now let’s install some software on your FreeBSD VM. 12. First and foremost, let’s install sudo, so that you don’t have to walk around as root. Run the following command … again, for the last time I’m going to remind you the pound sign prompt means that you run su to become root, then type the command above to build sudo … don’t type the “$” or the “#” … # cd /usr/ports/security/sudo && make install You will notice FreeBSD building pre-requisites, including pkg, FreeBSD’s package management system. At a certain point during the installation, you’ll see a menu like this … … where FreeBSD has selectable features for software in the ports tree, it will present you this screen to allow you to choose the options. If you have a sense of humor and thick skin, I highly recommend the “insults” option … it’ll poke fun at you when you fat-finger your password. Some of you may have already seen this, if you fat-fingered your password using sudo on OpenBSD, which builds sudo in the 11 ports tree with insults enabled by default. Select “OK” when you’re done here. You may still be asked to select options for a couple dependencies after that, so don’t walk away for too long … come back soon. We’ll deal with this during the next build. When sudo is done building, you should see something like this … … type exit to quit your root shell (that you started with su). That said and now that we have sudo installed, you don’t need to be root all the time, just to put sudo in front of command you want to be run as root. ‼ IMPORTANT NOTE: typos with sudo can be just as painful as typos on a root command line. ALWAYS double check commands to be run with elevated privileges before hitting the return key. Next, let’s try to install bash. I’ll explain the differences here in this command shor…

Do you similar assignment and would want someone to complete it for you? Click on the ORDER NOW option to get instant services at essayloop.com

Do you have a similar assignment and would want someone to complete it for you? Click on the ORDER NOW option to get instant services at essayloop.com. We assure you of a well written and plagiarism free papers delivered within your specified deadline.