Assignment

Warning

This is the assignment page for Lab 1. It is placed before the rest of the module’s content so you may begin working on it as you review the content. Click Next below to continue to the rest of the module.

Lab 1 - Secure Workstations

Instructions

Create two virtual machines meeting the specifications given below. The best way to accomplish this is to treat this assignment like a checklist and check things off as you complete them.

If you have any questions about these items or are unsure what they mean, please contact the instructor. Remember that part of being a system administrator (and a software developer in general) is working within vague specifications to provide what your client is requesting, so eliciting additional information is a very necessary skill.

Note

To be more blunt - this specification may be purposefully designed to be vague, and it is your responsibility to ask questions about any vagaries you find. Once you begin the grading process, you cannot go back and change things, so be sure that your machines meet the expected specification regardless of what is written here. –Russ

Also, to complete many of these items, you may need to refer to additional materials and references not included in this document. System administrators must learn how to make use of available resources, so this is a good first step toward that. Of course, there’s always Google!

Time Expectation

This lab may take anywhere from 1 - 6 hours to complete, depending on your previous experience working with these tools and the speed of the hardware you are using. Installing virtual machines and operating systems is very time-consuming the first time through the process, but it will be much more familiar by the end of this course.

Software

This lab is written with the expectation that most students will be using VMware Workstation or VMware Fusion to complete the assignment. That software is available free of charge on the VMware Store open to all K-State CS students, and it is highly recommended for students who are new to working with virtual machines, since most of the assignments in this class are tailored to the use of that platform.

If you are using another virtualization platform, you may have to adapt these instructions to fit. If you are unsure about any specification and how it applies to your setup, please contact the instructor.

You will also need installation media for the following operating systems:

  • Windows 10 Version 21H2 or later - See the Azure Dev Tools page on the CS Support Wiki for instructions.
    • Look for Windows 10 Education, version 21H2 - DVD on the list of software available on the Azure Dev Tools site.
    • File Name: en-us_windows_10_consumer_editions_version_21h2_x64_dvd_6cfdb144.iso
    • SHA 256 Hash: 7f6538f0eb33c30f0a5cbbf2f39973d4c8dea0d64f69bd18e406012f17a8234f
    • Your file may vary as Microsoft constantly updates these installers.
    • You may choose to upgrade to a later version of Windows 10 while installing updates.
    • You may choose to use Windows 11 for this course. The instructions shown in the course may not exactly match Windows 11 so adaptation may be necessary. Contact the instructor if you have any questions or run into issues.
  • Ubuntu 20.04 LTS (Focal Fossa) or later - Download from Ubuntu or the K-State CS Mirror
    • File Name: ubuntu-20.04.4-desktop-amd64.iso
    • SHA 256 Hash: f92f7dca5bb6690e1af0052687ead49376281c7b64fbe4179cc44025965b7d1c
    • If a point release is available (ex: 20.04.x.x), feel free to us that version. Do not upgrade to a newer LTS or non-LTS release such as Ubuntu 21.04, as those versions may have significant changes that are not covered in these assignments.
    • Lab 2 will not work with Ubuntu 22.04 LTS (Jammy Jellyfish) at this time. Please use Ubuntu 20.04 LTS for the time being.
Note

The original course materials were developed for Windows 10 Version 1803 and Ubuntu 18.04 LTS. Some course materials may still show the older versions. Students should use the software versions listed in bold above if at all possible, as these assignments have been verified using those versions. If not, please contact the instructor for alternative options. If you find any errors or issues using the updated versions of these systems, please contact the instructor.

Task 0: Install Virtualization Software

Install the virtualization software platform of your choice. It must support using Windows 10 and Ubuntu 20.04 as a guest OS. In general, you’ll need the latest version of the software.

VMware Workstation or VMware Fusion is recommended and available free of charge on the VMware Store open to all K-State CS students.

You may need to install the latest version available for download and then update it within the software to get to the absolute latest version that supports the latest guest OS versions.

info-123

Unfortunately, the process for getting VMWare licenses changed in 2022, so we have to manually request access for a class. If you have issues accessing this site and getting a license, it is likely that I forgot to send in that request. Please email me and remind me so I can get that done! - Russ

Task 1: Create a Windows 10 Virtual Machine

Create a new virtual machine for Windows 10. It should have 60 GB of storage available. If given the option, do not pre-allocate the storage, but do allow it to be separated into multiple files. This will make the VM easier to work with down the road. It should also have at least 2 GB of RAM. You may allocate more RAM if desired. You may also allocate additional CPU cores for better performance if desired.

Install Windows 10 in that virtual machine to a single partition. You may use the express settings when configuring Windows. Do not use a Microsoft account to sign in! Instead, create a local (non-Microsoft) account as defined below. You may also be asked to set the computer name, which is given below.

Note

Windows 10 Version 1903 has made it more difficult to create a local account when installing. See the video later in this module for instructions or refer to this guide from How-To Geek

Task 2: Configure Windows 10

Configure the Windows 10 Virtual Machine as specified below.

  • Computer Name: cis527w-<your eID> (example: cis527w-russfeld)
    Info

    This is very important, as it allows us to track your virtual machine on the K-State network in case something goes wrong in a later lab. By including both the class and your eID, support staff will know who to contact. A majority of students have missed this step in previous semesters, so don’t forget! The computer name must be changed after the Windows installation is complete –Russ

  • Primary User Account: Username: cis527 | Password: cis527_windows (Member of Administrators & Users groups)
  • Other User Accounts:
    • AdminUser | AdminPassword123 (Administrators & Users group)
    • NormalUser | NormalPassword123 (Users group)
    • GuestUser | GuestPassword123 (Guests group only)
    • EvilUser | EvilPassword123 (Users group)
  • Install Software
  • Configure Firewall
    • Make sure Windows Firewall is enabled
    • Allow all incoming connections to port 80 (for IIS)
      Tip

      You can test this by accessing the Windows VM IP Address from Firefox running on your Ubuntu VM, provided they are on the same virtual network.

  • Install Windows Updates: Run Windows Update and reboot as necessary until all available updates are installed.
  • Automatic Updates: Make sure the system is set to download and install security updates automatically.
Note

Even though you may have installed a particular version of Windows, such as 21H2, you should run updates repeatedly until there are no more updates available. You may end up installing at least one major update rollup.

Task 3: Windows Files & Permissions

Warning

Read the whole task before you start! You have been warned. –Russ

  • Create the folder C:\docs. It should be owned by the cis527 account, but make sure all other users can read and write to that folder.
  • Within C:\docs, create a folder for each user created during task 2 except for cis527, with the folder name matching the user’s name.
  • Make sure that each folder is owned by the user of the same name, and that that user has full permissions to its namesake folder.
    • Create a group containing cis527 and AdminUser, and set permissions on C:\docs for that group to have full access to each folder created in C:\docs.
      Tip

      When you create a group and add a user to that group, it does not take effect until you reboot the computer.

  • No other user should be able to access any other user’s folder. For example, EvilUser cannot access GuestUser’s folder, but AdminUser and cis527 can, as well as GuestUser, who is also the owner of its own folder.
  • In each subfolder of C:\docs, create a text file. It should have the same access permissions as the folder it is contained in. The name and contents of the text file are up to you.
    Tip

    Use either the cis527 or AdminUser account to create these files, then modify the owner and permissions as needed. Verify that they can only be accessed by the correct users by logging in as each user and seeing what can and can’t be accessed by that user, or by using the permissions auditing tab. Many students neglect this step, leaving the file owner incorrect.

  • Don’t remove the SYSTEM account or the built-in Administrator account’s access from any of these files. Usually this is as simple as not modifying their permissions from the defaults.
  • See this screenshot and this screenshot for what these permissions should look like in PowerShell. This was created using the command Run Get-ChildItem -Recurse | Get-Acl | Format-List in PowerShell

Task 4: Create an Ubuntu 20.04 Virtual Machine

Create a new virtual machine for Ubuntu 20.04 Desktop. It should have 30 GB of storage available. If given the option, do not pre-allocate the storage, but do allow it to be separated into multiple files. This will make the VM easier to work with down the road. It should also have at least 2 GB of RAM. You may allocate more RAM if desired. You may also allocate additional CPU cores for better performance if desired.

Note

Ubuntu 20.04 seems to be really RAM hungry right now, so I recommend starting with 2 GB of RAM if you have 8 GB or more available on your system. The installer may freeze if you try to install with only 1 GB of RAM allocated. Once you have it installed, you may be able to reduce this at the expense of some performance if you are short on available RAM (as it will use swap space instead). In Ubuntu, swap should be enabled by default after you install it, but you can learn more about it and how to configure it here. When we get to Module 5 and discuss Ubuntu in the cloud, we’ll come back to this and discuss the performance trade-offs in that scenario. –Russ

Install Ubuntu 20.04 Desktop in that virtual machine to a single partition. You will be asked to create a user account and set the computer name. Use the information given below.

Tip

The Ubuntu installation will sometimes hang when rebooting after installation in a VM. If that happens, wait about 30 seconds, then click VM > Power > Restart Guest in VMware (or similar) to force a restart. It should not harm the VM.

Task 5: Configure Ubuntu 20.04

Configure the Ubuntu 20.04 Virtual Machine as specified below.

  • Computer Name: cis527u-<your eID> (example: cis527u-russfeld)
    Info

    This is very important, as it allows us to track your virtual machine on the K-State network in case something goes wrong in a later lab. By including both the class and your eID, support staff will know who to contact. A majority of students have missed this step in previous semesters, so don’t forget! You should be prompted for a computer name as part of the installation process, but it will try to auto-complete it based on the chosen username and must be changed. –Russ

  • Primary User Account: Username: cis527 | Password: cis527_linux (Account should have Administrator type or be in the sudo group)
  • Other User Accounts:
    • adminuser | AdminPassword123 (Administrator type or sudo group)
    • normaluser | NormalPassword123 (Normal type)
    • guestuser | GuestPassword123 (Normal type)
    • eviluser | EvilPassword123 (Normal type)
  • Install Software
    • Open VM Tools (open-vm-tools-desktop) (recommended) -OR- VMware Tools (do not install both)
    • Mozilla Firefox (firefox)
    • Mozilla Thunderbird (thunderbird)
    • Apache Web Server (apache2)
    • Synaptic Package Manager (synaptic)
    • GUFW Firewall Management Utility (gufw)
    • ClamAV (clamav)
  • Configure Firewall
    • Make sure Ubuntu Firewall (use ufw, not iptables) is enabled
    • Allow all incoming connections to port 80 (for Apache)
      Tip

      You can test this by accessing the Ubuntu VM IP Address from Firefox on your Windows VM, provided they are on the same virtual network.

  • Install Updates: Run system updates and reboot as necessary until all available updates are installed.
  • Automatic Updates: Configure the system to download and install security updates automatically each day.

Task 6: Ubuntu Files & Permissions

Warning

Read the whole task before you start! You have been warned. –Russ

  • Create a folder /docs (at the root of the system, not in a user’s home folder). Any user may read or write to this folder, and it should be owned by root:root (user: root; group: root).
  • Within /docs, create a folder for each user created during task 5 except for cis527, with the folder name matching the user’s name.
  • Make sure that each folder is owned by the user of the same name, and that that user has full permissions to its namesake folder.
  • Create a group and set permissions on each folder using that group to allow both cis527 and adminuser to have full access to each folder created in /docs.
    Tip

    When you create a group and add a user to that group, it does not take effect until you reboot the computer.

  • No other user should be able to access any other user’s folder. For example, eviluser cannot access guestuser’s folder, but adminuser and cis527 can, as well as guestuser, who is also the owner of its own folder.
  • In each subfolder of /docs, create a text file. It should have the same access permissions as the folder it is contained in. The name and contents of the text file are up to you.
    Tip

    Use either the cis527 or adminuser account to create these files, then modify the owner, group, and permissions as needed. Verify that they can only be accessed by the correct users by logging in as each user and seeing what can and can’t be accessed by that user, or by using the su command to become that user in the terminal. Many students neglect this step, leaving the file owner incorrect.

  • See this screenshot for what these permissions may look like in Terminal. This was created using the command ls -lR in the Linux terminal.

Task 7: Make Snapshots

For each of the virtual machines created above, create a snapshot labelled Lab 1 Submit in your virtualization software before you submit the assignment. The grading process may require making changes to the VMs, so this gives you a restore point before grading starts.

Task 8: Schedule A Grading Time

Contact the instructor and schedule a time for interactive grading. You may continue with the next module once grading has been completed.

Last modified by: Russell Feldhausen May 27, 2022