Assignment
This is the assignment page for Lab 1. It is placed before the rest of the module’s content so you may begin working on it as you review the content. Click Next below to continue to the rest of the module.
Lab 1 - Secure Workstations
Instructions
Create two virtual machines meeting the specifications given below. The best way to accomplish this is to treat this assignment like a checklist and check things off as you complete them.
If you have any questions about these items or are unsure what they mean, please contact the instructor. Remember that part of being a system administrator (and a software developer in general) is working within vague specifications to provide what your client is requesting, so eliciting additional information is a very necessary skill.
To be more blunt - this specification may be purposefully designed to be vague, and it is your responsibility to ask questions about any vagaries you find. Once you begin the grading process, you cannot go back and change things, so be sure that your machines meet the expected specification regardless of what is written here. –Russ
Also, to complete many of these items, you may need to refer to additional materials and references not included in this document. System administrators must learn how to make use of available resources, so this is a good first step toward that. Of course, there’s always Google!
Time Expectation
This lab may take anywhere from 1 - 6 hours to complete, depending on your previous experience working with these tools and the speed of the hardware you are using. Installing virtual machines and operating systems is very time-consuming the first time through the process, but it will be much more familiar by the end of this course.
Software
This lab is written with the expectation that most students will be using VMware Workstation or VMware Fusion to complete the assignment. That software is available free of charge on the VMware Store open to all K-State CS students, and it is highly recommended for students who are new to working with virtual machines, since most of the assignments in this class are tailored to the use of that platform.
If you are using another virtualization platform, you may have to adapt these instructions to fit. If you are unsure about any specification and how it applies to your setup, please contact the instructor.
You will also need installation media for the following operating systems:
- Windows 10 Version 21H2 or later - See the
Azure Dev Tools page on the CS Support Wiki for instructions.
- Look for Windows 10 Education, version 21H2 - DVD on the list of software available on the Azure Dev Tools site.
- File Name:
en-us_windows_10_consumer_editions_version_21h2_x64_dvd_6cfdb144.iso
- SHA 256 Hash:
7f6538f0eb33c30f0a5cbbf2f39973d4c8dea0d64f69bd18e406012f17a8234f
- Your file may vary as Microsoft constantly updates these installers.
- You may choose to upgrade to a later version of Windows 10 while installing updates.
- You may choose to use Windows 11 for this course. The instructions shown in the course may not exactly match Windows 11 so adaptation may be necessary. Contact the instructor if you have any questions or run into issues.
- Ubuntu 20.04 LTS (Focal Fossa) or later - Download from
Ubuntu or the
K-State CS Mirror
- File Name:
ubuntu-20.04.4-desktop-amd64.iso
- SHA 256 Hash:
f92f7dca5bb6690e1af0052687ead49376281c7b64fbe4179cc44025965b7d1c
- If a point release is available (ex: 20.04.x.x), feel free to us that version. Do not upgrade to a newer LTS or non-LTS release such as Ubuntu 21.04, as those versions may have significant changes that are not covered in these assignments.
- Lab 2 will not work with Ubuntu 22.04 LTS (Jammy Jellyfish) at this time. Please use Ubuntu 20.04 LTS for the time being.
- File Name:
The original course materials were developed for Windows 10 Version 1803 and Ubuntu 18.04 LTS. Some course materials may still show the older versions. Students should use the software versions listed in bold above if at all possible, as these assignments have been verified using those versions. If not, please contact the instructor for alternative options. If you find any errors or issues using the updated versions of these systems, please contact the instructor.
Task 0: Install Virtualization Software
Install the virtualization software platform of your choice. It must support using Windows 10 and Ubuntu 20.04 as a guest OS. In general, you’ll need the latest version of the software.
VMware Workstation or VMware Fusion is recommended and available free of charge on the VMware Store open to all K-State CS students.
You may need to install the latest version available for download and then update it within the software to get to the absolute latest version that supports the latest guest OS versions.
Unfortunately, the process for getting VMWare licenses changed in 2022, so we have to manually request access for a class. If you have issues accessing this site and getting a license, it is likely that I forgot to send in that request. Please email me and remind me so I can get that done! - Russ
Task 1: Create a Windows 10 Virtual Machine
Create a new virtual machine for Windows 10. It should have 60 GB of storage available. If given the option, do not pre-allocate the storage, but do allow it to be separated into multiple files. This will make the VM easier to work with down the road. It should also have at least 2 GB of RAM. You may allocate more RAM if desired. You may also allocate additional CPU cores for better performance if desired.
Install Windows 10 in that virtual machine to a single partition. You may use the express settings when configuring Windows. Do not use a Microsoft account to sign in! Instead, create a local (non-Microsoft) account as defined below. You may also be asked to set the computer name, which is given below.
Windows 10 Version 1903 has made it more difficult to create a local account when installing. See the video later in this module for instructions or refer to this guide from How-To Geek
Task 2: Configure Windows 10
Configure the Windows 10 Virtual Machine as specified below.
- Computer Name:
cis527w-<your eID>
(example:cis527w-russfeld
)InfoThis is very important, as it allows us to track your virtual machine on the K-State network in case something goes wrong in a later lab. By including both the class and your eID, support staff will know who to contact. A majority of students have missed this step in previous semesters, so don’t forget! The computer name must be changed after the Windows installation is complete –Russ
- Primary User Account: Username:
cis527
| Password:cis527_windows
(Member of Administrators & Users groups) - Other User Accounts:
AdminUser
|AdminPassword123
(Administrators & Users group)NormalUser
|NormalPassword123
(Users group)GuestUser
|GuestPassword123
(Guests group only)EvilUser
|EvilPassword123
(Users group)
- Install Software
- VMware Tools
- Mozilla Firefox
- Mozilla Thunderbird
- IIS Web Server
- Notepad++
- BGInfo Download the Bginfo.exe file and place it on the cis527 user’s desktop. It does not have an installation program. Run it once to see what it does!
- Verify Windows Defender is running. It should be installed by default.
- Configure Firewall
- Make sure Windows Firewall is enabled
- Allow all incoming connections to port 80 (for IIS)
Tip
You can test this by accessing the Windows VM IP Address from Firefox running on your Ubuntu VM, provided they are on the same virtual network.
- Install Windows Updates: Run Windows Update and reboot as necessary until all available updates are installed.
- Automatic Updates: Make sure the system is set to download and install security updates automatically.
Even though you may have installed a particular version of Windows, such as 21H2, you should run updates repeatedly until there are no more updates available. You may end up installing at least one major update rollup.
Task 3: Windows Files & Permissions
Read the whole task before you start! You have been warned. –Russ
- Create the folder
C:\docs
. It should be owned by thecis527
account, but make sure all other users can read and write to that folder. - Within
C:\docs
, create a folder for each user created during task 2 except forcis527
, with the folder name matching the user’s name. - Make sure that each folder is owned by the user of the same name, and that that user has full permissions to its namesake folder.
-
- Create a group containing
cis527
andAdminUser
, and set permissions onC:\docs
for that group to have full access to each folder created inC:\docs
.TipWhen you create a group and add a user to that group, it does not take effect until you reboot the computer.
- Create a group containing
- No other user should be able to access any other user’s folder. For example,
EvilUser
cannot accessGuestUser
’s folder, butAdminUser
andcis527
can, as well asGuestUser
, who is also the owner of its own folder. - In each subfolder of
C:\docs
, create a text file. It should have the same access permissions as the folder it is contained in. The name and contents of the text file are up to you.TipUse either the
cis527
orAdminUser
account to create these files, then modify the owner and permissions as needed. Verify that they can only be accessed by the correct users by logging in as each user and seeing what can and can’t be accessed by that user, or by using the permissions auditing tab. Many students neglect this step, leaving the file owner incorrect. - Don’t remove the SYSTEM account or the built-in Administrator account’s access from any of these files. Usually this is as simple as not modifying their permissions from the defaults.
- See
this screenshot and
this screenshot for what these permissions should look like in PowerShell. This was created using the command
Run Get-ChildItem -Recurse | Get-Acl | Format-List
in PowerShell
Task 4: Create an Ubuntu 20.04 Virtual Machine
Create a new virtual machine for Ubuntu 20.04 Desktop. It should have 30 GB of storage available. If given the option, do not pre-allocate the storage, but do allow it to be separated into multiple files. This will make the VM easier to work with down the road. It should also have at least 2 GB of RAM. You may allocate more RAM if desired. You may also allocate additional CPU cores for better performance if desired.
Ubuntu 20.04 seems to be really RAM hungry right now, so I recommend starting with 2 GB of RAM if you have 8 GB or more available on your system. The installer may freeze if you try to install with only 1 GB of RAM allocated. Once you have it installed, you may be able to reduce this at the expense of some performance if you are short on available RAM (as it will use swap space instead). In Ubuntu, swap should be enabled by default after you install it, but you can learn more about it and how to configure it here. When we get to Module 5 and discuss Ubuntu in the cloud, we’ll come back to this and discuss the performance trade-offs in that scenario. –Russ
Install Ubuntu 20.04 Desktop in that virtual machine to a single partition. You will be asked to create a user account and set the computer name. Use the information given below.
The Ubuntu installation will sometimes hang when rebooting after installation in a VM. If that happens, wait about 30 seconds, then click VM > Power > Restart Guest in VMware (or similar) to force a restart. It should not harm the VM.
Task 5: Configure Ubuntu 20.04
Configure the Ubuntu 20.04 Virtual Machine as specified below.
- Computer Name:
cis527u-<your eID>
(example:cis527u-russfeld
)InfoThis is very important, as it allows us to track your virtual machine on the K-State network in case something goes wrong in a later lab. By including both the class and your eID, support staff will know who to contact. A majority of students have missed this step in previous semesters, so don’t forget! You should be prompted for a computer name as part of the installation process, but it will try to auto-complete it based on the chosen username and must be changed. –Russ
- Primary User Account: Username:
cis527
| Password:cis527_linux
(Account should have Administrator type or be in thesudo
group) - Other User Accounts:
adminuser
|AdminPassword123
(Administrator type orsudo
group)normaluser
|NormalPassword123
(Normal type)guestuser
|GuestPassword123
(Normal type)eviluser
|EvilPassword123
(Normal type)
- Install Software
- Open VM Tools (
open-vm-tools-desktop
) (recommended) -OR- VMware Tools (do not install both) - Mozilla Firefox (
firefox
) - Mozilla Thunderbird (
thunderbird
) - Apache Web Server (
apache2
) - Synaptic Package Manager (
synaptic
) - GUFW Firewall Management Utility (
gufw
) - ClamAV (
clamav
)
- Open VM Tools (
- Configure Firewall
- Make sure Ubuntu Firewall (use
ufw
, notiptables
) is enabled - Allow all incoming connections to port 80 (for Apache)
Tip
You can test this by accessing the Ubuntu VM IP Address from Firefox on your Windows VM, provided they are on the same virtual network.
- Make sure Ubuntu Firewall (use
- Install Updates: Run system updates and reboot as necessary until all available updates are installed.
- Automatic Updates: Configure the system to download and install security updates automatically each day.
Task 6: Ubuntu Files & Permissions
Read the whole task before you start! You have been warned. –Russ
- Create a folder
/docs
(at the root of the system, not in a user’s home folder). Any user may read or write to this folder, and it should be owned byroot:root
(user:root
; group:root
). - Within
/docs
, create a folder for each user created during task 5 except forcis527
, with the folder name matching the user’s name. - Make sure that each folder is owned by the user of the same name, and that that user has full permissions to its namesake folder.
- Create a group and set permissions on each folder using that group to allow both
cis527
andadminuser
to have full access to each folder created in/docs
.TipWhen you create a group and add a user to that group, it does not take effect until you reboot the computer.
- No other user should be able to access any other user’s folder. For example,
eviluser
cannot accessguestuser
’s folder, butadminuser
andcis527
can, as well asguestuser
, who is also the owner of its own folder. - In each subfolder of
/docs
, create a text file. It should have the same access permissions as the folder it is contained in. The name and contents of the text file are up to you.TipUse either the
cis527
oradminuser
account to create these files, then modify the owner, group, and permissions as needed. Verify that they can only be accessed by the correct users by logging in as each user and seeing what can and can’t be accessed by that user, or by using thesu
command to become that user in the terminal. Many students neglect this step, leaving the file owner incorrect. - See
this screenshot for what these permissions may look like in Terminal. This was created using the command
ls -lR
in the Linux terminal.
Task 7: Make Snapshots
For each of the virtual machines created above, create a snapshot labelled Lab 1 Submit in your virtualization software before you submit the assignment. The grading process may require making changes to the VMs, so this gives you a restore point before grading starts.
Task 8: Schedule A Grading Time
Contact the instructor and schedule a time for interactive grading. You may continue with the next module once grading has been completed.