Difference between revisions of "Linux Services"

From csn
Jump to navigation Jump to search
Line 110: Line 110:
 
  ssh [ipaddressofneighbor_but_omitt_square_brackets]
 
  ssh [ipaddressofneighbor_but_omitt_square_brackets]
  
Then you will ss using the username of the system that you are sitting on. Ask your neighbor for the username and password of their newly created user. To send a different username
+
Then you will ssh using the username of the system that you are sitting on. Ask your neighbour for the username and password of their newly created user. To send a different username, try:
  
 
  ssh [username_no_brackets]@ipaddressofneighbor_but_omitt_square_brackets]
 
  ssh [username_no_brackets]@ipaddressofneighbor_but_omitt_square_brackets]

Revision as of 12:58, 8 March 2021

LAMP
LAMP

In this lab, we will look at how command-line Linux servers can offer services. You may have heard of LAMP, which stands for Linux, Apache, MySQL, PHP and this is a very common software combination that has delivered the vast majority of Internet Services to the world. For example, this Wiki, which is the same software stack as Wikipedia, runs LAMP. This page that you are looking at right now runs on a cloud-based server that does not have a Graphical User Interface (GUI).

This lab will also continue our exploration of the command line, superusers, networking, and firewalls. We will continue to expand your knowledge of the command line by extracting compressed files and moving them between Internet-connected machines.

Apache Web Server

Let's start by installing and configuring the Apache web server. Start by deploying the Ubuntu Operating system. Once you have booted into Ubuntu, open a terminal and type:

sudo apt update

This command will consult the repositories about the latest software available for the distribution. Type

sudo apt install apache2

This command will install the Apache web server. While we are installing software on our machines, let's install two additional pieces of software. Type

sudo apt install nmap

Then:

sudo apt install openssh-server

Open up a web browser in the GUI and visit your own web page at http://127.0.0.1 Discuss with your partner what is special about the 127.0.0.1 address

Find out what your Ethernet IP address is with:

ip a

You'll also see a reference to the 127.0.0.1 address we used earlier. Trade IP addresses with your partner and see if you can access each others web page. Their page should look identical to yours. If you have problems then ensure that you log out of gateway.

Make some changes to the html of you apache web page with:

nano /var/www/html/index.html 

OR

gedit /var/www/html/index.html

Two questions:

  • Did you get permissions errors when editing /var/www/html/index.html - how might you fix that?
  • What is the difference between nano and gedit?

Make some changes to your index.html page and get your partner to check your page.

Nmap

Type:

nmap [ipaddressofneighbor]

Nmap is a port scanning tool and will tell you what ports are open on a machine connected to the Internet. Have a look at the results. Can you identify any of the services that are running?

Try removing apache2 and then re-running the nmap test. What has changed and why? Reinstall Apache2.

UFW

UFW is the Ubuntu firewall. We will use sudo to make changes, why?

Try:

sudo ufw status verbose

Ask your neigbour to use nmap to scan your computer's ports.

Turn on the firewall:

sudo ufw enable

Verify that the firewall is running by issuing the "status" command again:

sudo ufw status verbose

Ask your neigbour to use nmap to scan your computer's ports. What has changed and why? Allow port 80

sudo ufw allow 80/tcp

Get your neighbour to nmap your computer again. What can they see? Can they still access your webserver? What has changed?

SSH

SSH is a program that allows you to get command-line access to machines on the Internet. A username and password is required to access another machine. See if you can log into your neighbours machine via ssh with:

ssh [ipaddressofneighbor_but_omitt_square_brackets]

If this does not work, could it be a firewall problem? Can you selectively open the port required for ssh?

Create a new user

Look at the contents of:

less /etc/passwd

Look through the entire file and think about what you are looking at. Then add a new user with:

sudo adduser [enter_a_new_username_but_omit_the_square_brackets]

You will need to set a password for that user. Look at the contents of:

less /etc/passwd

What has changed?

SSH revisited

By default if you just:

ssh [ipaddressofneighbor_but_omitt_square_brackets]

Then you will ssh using the username of the system that you are sitting on. Ask your neighbour for the username and password of their newly created user. To send a different username, try:

ssh [username_no_brackets]@ipaddressofneighbor_but_omitt_square_brackets]

See if you can login as their new user.

Dealing with compressed archives

You will be familiar with compressing files in your regular operating system. In Linux it is also easy to do this via the GUI but on a server, we will need to do this via the command line.

Obtain the following 3 books; these are public domain books so this is completely free and legal:

You can download them by right clicking and doing "save as". Alternatively you can:

wget https://www.gutenberg.org/files/76/76-0.txt
wget file2
wget you get the idea ;)

Then, we want to create a Tar archive from the 3 files:

Create a directory called Books

mkdir books

Then use the mv command to move the three books into the directory. I will leave you to do the move task on your own.

After this type:

tar cf books.tar books

You can now bzip this with

bzip2 books.tar

If you now do a:

ls -la

You should see books.tar.bz2 - compare the filesize of books.tar.bz2 with the sum of the three individual files. What sort of compression ratio did you observe?

If you wanted to you could decompress with:

bunzip2 books.tar.bz2
tar -xvf books.tar

If you finish this section wondering why compressing many files in Linux is important then consider how you might best physically move a large number of files on or off an Internet server.

Extension Tasks

Challenge 1

Can you ssh into your neighbour's machine? Once you have logged into your neighbor's machine, see if you can create a text file on their desktop saying Hi_[neighborsname]

Challenge 2

Try launching gedit while ssh'ed into your neighbor's machine. Was it successful? Why?

Challenge 3

scp or secure copy works similarly to the cp command that we used last week. The format is:

scp [source] [destination]

The difference between scp and cp is that scp is designed to be used over a network. It can copy a file or a set of files between any two Internet-connected Unix systems in the world.

See if you can use scp to securely copy a file between you and your neighbours PC. If you are stuck, see:

man scp

Once you have worked out how to copy a single file between machines, see if you can copy all the files in a directory to a foreign machine. Try:

scp [localpath] [ip]:/[path]

When you provide a path starting with a / this means that it is an absolute path. In this case, you would specify the entire directory structure.

Challenge 4

Download the top ten books from Gutenberg in UTF format. https://www.gutenberg.org/browse/scores/top

Compress them using the techniques in this lab and then scp them to you lab partner.