CT106-3-2-SNA

System and Network Administration

NPT2F2409IT

Hand Out date: 6th January 2025

Hand In Date: 18th February 2025

Weightage: 30%

Group Member: Prasanna Shrestha (NP069725)

Hemraj Budha (NP069673)

Aim Kumar Yonjan (NP069653)

Sujal Shrestha (NP069768)

 TABLE OF CONTENT

Introduction......................................................................................................................................1

System Installation...........................................................................................................................1

Installation of Ubuntu to the Virtual box (Aim Kumar Yonjan NP069653)................................1

Installation of Ubuntu to the VMware Workstation (Hemraj Budha NP069673)........................9

Installation of Ubuntu to the Virtual Box (Sujal Shrestha NP069768)......................................12

Installation of Ubuntu to the Virtual box (Prasanna Shrestha NP069725)................................19

System Configuration....................................................................................................................26

Configuration of User................................................................................................................26

Add new User.........................................................................................................................26

Change the Password..............................................................................................................27

File and Directory Management................................................................................................28

Create a new directory and file...............................................................................................28

Change permission for ‘University’:......................................................................................33

Change the owner and group for ‘[Link]’ to root:...............................................................33

Copy [Link] to the Big Directory........................................................................................33

Configuration of Network..............................................................................................................34

Settings/ Changing IP address....................................................................................................34

Verification of Static IP address.................................................................................................36

Check the IP address...............................................................................................................36

Check Routing........................................................................................................................36

Setting/ changing the hostname.................................................................................................36

Edits the host’s file.....................................................................................................................37

 Troubleshooting.........................................................................................................................38

Firewall Configuration...................................................................................................................39

Network File System Configuration..............................................................................................47

Configuration of Certificate Authority On Ubuntu.......................................................................54

Install the Easy RSA package....................................................................................................54

Configuring the Easy-rsa Variables............................................................................................54

Add and modify the vars file......................................................................................................56

Creating a Certificate Authority.................................................................................................56

Distributing Certificate Authority’s Public Certificate..............................................................59

Conclusion.....................................................................................................................................60

APPENDIX....................................................................................................................................61

Workload Matrix........................................................................................................................61
 LIST OF FIGURES

Figure 1: Ubuntu site.......................................................................................................................1

Figure 2: Virtualbox Site..................................................................................................................2

Figure 3: Creating a New Virtual Machine (VM)............................................................................2

Figure 4: Setting the memory size up to 2048 MB (2 GB).............................................................3

Figure 5: Creating a Virtual Disk.....................................................................................................3

Figure 6: Installing the Ubuntu........................................................................................................4

Figure 7: Language selection...........................................................................................................4

Figure 8: Configuring the Keyboard Layout...................................................................................5

Figure 9: Installation of recommend proprietary software..............................................................5

Figure 10: Ubuntu installation.........................................................................................................6

Figure 11: Creating user..................................................................................................................6

Figure 12: Installation completion...................................................................................................7

Figure 13: Ubuntu login...................................................................................................................7

Figure 14: Ubuntu interface.............................................................................................................8

Figure 15: create a virtual machine.................................................................................................9

Figure 16: Choosing to install OS...................................................................................................9

Figure 17: Selecting Ubuntu-64 bit and Linux..............................................................................10

Figure 18: Path and Name of Ubuntu............................................................................................10

Figure 19: Customizing the device status......................................................................................11

Figure 20: Choosing ISO file.........................................................................................................11

Figure 21: Creating account...........................................................................................................12

Figure 22: Ubuntu site...................................................................................................................12

Figure 23: Creating VM.................................................................................................................13

Figure 24: Memory and processor allocation................................................................................14

Figure 25: Hard disk allocation.....................................................................................................14

Figure 26: Installation of Ubuntu server........................................................................................15

Figure 27: Selecting language.......................................................................................................15

Figure 28: Keyboard layout...........................................................................................................16

Figure 29: installation of recommended proprietary software......................................................16

Figure 30: Clicking the erase disk and install ubuntu, click to next..............................................17

Figure 31: Filling the form details and creating the user in Ubuntu..............................................17

Figure 32: Restarting Ubuntu........................................................................................................18

Figure 33: Ubuntu login.................................................................................................................18

Figure 34: Creating VM.................................................................................................................19

Figure 35: Setting username, password.........................................................................................19

Figure 36: Allocating hardware resources.....................................................................................20

Figure 37: Creating Virtual hard disk............................................................................................20

Figure 38: Installing Ubuntu..........................................................................................................21

Figure 39: Language Preference Screen........................................................................................22

Figure 40: Accessibility Setting.....................................................................................................22

Figure 41: Selecting keyboard layout............................................................................................23

Figure 42: Ubuntu installation screen............................................................................................24

Figure 43: User creation................................................................................................................24

Figure 44: Restarting Ubuntu........................................................................................................25

Figure 45: add user and password.................................................................................................26

Figure 46: Changing the password................................................................................................27

Figure 47: Directory Creation and File Editing.............................................................................28

Figure 48: Displaying the File Content of Info Doc......................................................................28

Figure 49: Directory Creation and File Generation.......................................................................28

Figure 50: Displaying the contents of [Link] using the cat Command.............................29

Figure 51: Directory Creation and Time Zone Extraction.............................................................29

Figure 52: Displaying Time Zone Information from a File in Linux Terminal.............................29

Figure 53: Creating an EVENT Directory in Linux Terminal.......................................................29

Figure 54: Directory Creation and Error Correction.....................................................................30

Figure 55: Navigating Directories and Viewing File Content.......................................................30

Figure 56: Directory Listing and Command Error........................................................................30

Figure 57: Terminal Directory Listing Output...............................................................................31

Figure 58: Directory and File Listing in Terminal.........................................................................31

Figure 59: Terminal Commands for Directory and File Creation.................................................31

Figure 60: Terminal Navigation and File Content Display............................................................32

Figure 61: Directory Structure with Access Errors........................................................................32

Figure 62: Terminal Command for Recursive Permission Change...............................................33

Figure 63: File Ownership Change................................................................................................33

Figure 64: File Copying.................................................................................................................33

Figure 65: IP address of a device...................................................................................................34

Figure 66: Command for editing the network settings..................................................................34

Figure 67: Nano editor of NetworkManager.................................................................................35

Figure 68: Applying the Netplan configuration.............................................................................35

Figure 69: New IP address of the devices......................................................................................36

Figure 70: Viewing the default gateway........................................................................................36

Figure 71: Setting hostname using hostnamectl command...........................................................36

Figure 72: Nano Editor of hosts file..............................................................................................37

Figure 73: showing the host file....................................................................................................37

Figure 74: Netplan Permission Warning........................................................................................38

Figure 75: Assigning Correct Permissions to Netplan Configuration...........................................38

Figure 76: Firewall rules display...................................................................................................39

Figure 77: Adding Firewall rules for SSH and HTTP...................................................................42

Figure 78: Adding Firewall rule for NFS......................................................................................42

Figure 79: Encountered error while saving firewall rules.............................................................42

Figure 80: Install iptables package................................................................................................43

Figure 81: Creating /etc/iptables directory and making rules.v4...................................................43

Figure 82: Saving and Viewing firewall rules...............................................................................44

Figure 83: Enabling netfilter-persistent service.............................................................................45

Figure 84: Checking firewall persistence......................................................................................46

Figure 85: Installing NFS server....................................................................................................47

Figure 86: Creating NFS shared directory.....................................................................................48

Figure 87: Changing ownership for NFS share.............................................................................48

Figure 88: Adding NFS configuration to /etc/exports file.............................................................48

Figure 89: Exporting NFS shares..................................................................................................49

Figure 90: Restarting NFS server..................................................................................................49

Figure 91: Allowing NFS traffic in firewall..................................................................................49

Figure 92: Installing ufw...............................................................................................................50

Figure 93: Enabling ufw................................................................................................................50

Figure 94: Checking ufw firewall status........................................................................................51

Figure 95: Allowing NFS traffic in firewall..................................................................................51

Figure 96: Verifying NFS export configuration.............................................................................51

Figure 97: Adding new user...........................................................................................................52

Figure 98: Switching to client user................................................................................................52

Figure 99: Creating NFS mount directory.....................................................................................52

Figure 100: Granting sudo access to client user............................................................................53

Figure 101: Mounting NFS share on client...................................................................................53

Figure 102: Installing apt easy-rsa.................................................................................................54

Figure 103: Configuring the Easy-rsa Variables............................................................................54

Figure 104: Set up the PKI Directory............................................................................................55

Figure 105: Add and modify the vars file......................................................................................56

Figure 106: Build the CA..............................................................................................................56

Figure 107: Verify the CA Certificate............................................................................................57

Figure 108: Adjust permission.......................................................................................................58

Figure 109: Distribute the CA certificate.......................................................................................59

 1

Introduction

This report presents phase-by-phase instructions for building a functional TCP/IP

network framework within virtualized environments with an emphasis on system deployment,

user administration, network planning, security protocols, and data exchange methods. The

project develops practical skills throughout network administration by deploying Ubuntu-based

servers together with firewall rule configuration and file sharing using NFS and establishing

secure communication through Certificate Authority (CA). Testing and improving configuration

procedures resolved all issues while developing a steady and efficient network foundation.

System Installation

Installation of Ubuntu to the Virtual box (Aim Kumar Yonjan NP069653)

1. Download the Ubuntu Server ISO:

Figure 1: Ubuntu site

 2

2. Install VirtualBox

Figure 2: Virtualbox Site

Create a New Virtual Machine (VM):

Figure 3: Creating a New Virtual Machine (VM)

 I open the Virtual Box and click the next button to create virtual machine.

 I have named my new virtual machine

 Type: Linux
 3

 Version: Ubuntu (32-bit).

 After that click Next.

3. Allocate RAM:

Figure 4: Setting the memory size up to 2048 MB (2 GB)

Create a Virtual Hard Disk:

Figure 5: Creating a Virtual Disk

This image shows the creation of a virtual hard disk, disk size of a 50 GB.
 4

4. Installing the Ubuntu

 Installation

Figure 6: Installing the Ubuntu

Figure 1.1.6:

 Language Selection

Figure 7: Language selection

 5

 Keyboard Layout:

Figure 8: Configuring the Keyboard Layout

 Installation of third-party Software

Figure 9: Installation of recommend proprietary software.

Figure 1.1.9: This above screenshot shows

 6

 Disk Setup

Figure 10: Ubuntu installation

 User Setup

Figure 11: Creating user

 7

Figure 12: Installation completion

5. Finalize Installation

6. Log In to Ubuntu

Figure 13: Ubuntu login

 8

7. Finally the User Interface of Ubuntu

Figure 14: Ubuntu interface

 9

Installation of Ubuntu to the VMware Workstation (Hemraj Budha NP069673)

Figure 15: create a virtual machine

After downloading the VMware software you can activate “Create a new virtual

machine” by launching the application

Figure 16: Choosing to install OS

 10

My selected task was “I will install the operating system later” to create a virtual machine

with no pre-installed operating system.

Figure 17: Selecting Ubuntu-64 bit and Linux

I selected the linux operating system with Ubuntu 64 bit as the suitable platform for my

configuration.

Figure 18: Path and Name of Ubuntu

 11

I chose Ubuntu 64-bit as the Virtual machine name while selecting local disk D as its

storage location during the wizard setup.

Figure 19: Customizing the device status

Figure 20: Choosing ISO file

 12

I started the virtual machine boot process and selected “ubuntu-24.04.1-desktop-

[Link]” which was configured to connect automatically upon startup.

Figure 21: Creating account

I entered the device name followed by the computer name, username, and password.

Installation of Ubuntu to the Virtual Box (Sujal Shrestha NP069768)

1. Download the Ubuntu Server ISO:

Figure 22: Ubuntu site

 13

The above Figure: illustrates the ubuntu server website and downloads it.

2. Create a New Virtual Machine (VM):

Figure 23: Creating VM

Figure 1.3.6: Create a virtual machine

I began by opening VirtualBox and starting the process of creating a new virtual machine

through "New." The first step was to give my new virtual machine a name followed by selecting

its "Linux" operating system with "Ubuntu (32-bit)" version. Moving forward with the setup I

selected "Next" in the following step.

 14

3. Allocate RAM:

Figure 24: Memory and processor allocation

4. Creating a Virtual Machine

Figure 25: Hard disk allocation

The above image illustrates the creation of a virtual hard disk with a disk size of 50 GB.
 15

5. Installing the Ubuntu

 Installation

Figure 26: Installation of Ubuntu server

Now the Ubuntu serve is being installed.

 Language Selection

Figure 27: Selecting language

Selecting language as English so that it will easier to understand.

 Keyboard Layout:
 16

Figure 28: Keyboard layout

 Installation of third-party Software

Figure 29: installation of recommended proprietary software

 Disk Setup
 17

Figure 30: Clicking the erase disk and install ubuntu, click to next.

 User Setup

Figure 31: Filling the form details and creating the user in Ubuntu.


 18

6. Finalize Installation

Figure 32: Restarting Ubuntu

7. Log In to Ubuntu

Figure 33: Ubuntu login

 19

Installation of Ubuntu to the Virtual box (Prasanna Shrestha NP069725)

Creating Virtual Machine

Figure 34: Creating VM

I am creating a new virtual machine for Ubuntu in the above image.

Figure 35: Setting username, password

Setting the username, password for the VM.

 20

Figure 36: Allocating hardware resources

In the above image, I am specifying the hardware resources for my virtual machine.

Figure 37: Creating Virtual hard disk

Creating virtual hard disk for VM.

 21

Figure 38: Installing Ubuntu

Ubuntu installation screen

 22

Figure 39: Language Preference Screen

Figure 40: Accessibility Setting

 23

Figure 41: Selecting keyboard layout

 24

Figure 42: Ubuntu installation screen

Figure 43: User creation

 25

Figure 44: Restarting Ubuntu

 26

System Configuration

Configuration of User

Add new User

(Username amer Password 258@abc)

Figure 45: add user and password

The first thing in a bid to create a new user in this virtual machine is by executing sudo

useradd amer to mold the user account. The account is developed by the name amer. The

operating system requires the password for the new user using the command sudo passwd amer.
 27

The required password will be 258@abc followed by another entry of the same password to

confirm. The installation process will be successful only when the password entered is the one

defined exactly.

Change the Password

(258@abc to mytask)

Figure 46: Changing the password

After we have created user amer successfully, we now shift to alter the password to

another one. This can be achieved using the command passwd in its sudo option. We begin by

opening the terminal and inputting the command sudo passwd amer which prompts us for a new

password. We insert mytask as the new password and then hit Enter. The system makes us

confirm by asking us to re-key the same password, so we re-key mytask and press Enter. When

they are identical, the user amer's password will be changed from 258@abc to mytask. However,

when they are not alike, the system will display a message of discrepancy, and we will have to

repeat the drill with care once again. After being successfully modified, the user amer can now

log in with the new password without problems.

 28

File and Directory Management

Create a new directory and file

Figure 47: Directory Creation and File Editing

“This is my project file” in the [Link] file generated by the commands after having

created a directory called main in the user’s home directory and having changed into that

directory. The tutorials show how to work with files and directories in Linux.

Figure 48: Displaying the File Content of Info Doc.

The illustration shows the method to show details from the [Link] file through the cat

command execution. The displayed output shows that the created file contains the specific text:

"This is my project file." The command execution produced a file that contains the desired

content successfully.

Figure 49: Directory Creation and File Generation

The image shows the creation of nested folders (NP069653_NP069653/University/PRO)

and a file named [Link], where pwd is utilized to save the current working directory path.
 29

Figure 50: Displaying the contents of [Link] using the cat Command.

As shown in the image, the file contents of [Link] with path /home/ubuntu are

viewed using the command cat. This verifies that the current working directory is successfully

stored in the file.

Figure 51: Directory Creation and Time Zone Extraction.

As is seen in the image, the user is executing the mkdir -p command to create the

directory “NP069653_NP069653/University/PRO/BUKIT/JALIL” on a Linux terminal. The user

then saves the information into a file called “[Link]” in the directory created and executes a

command to get the time zone of the system using timedatectl | grep ‘Time zone’.

Figure 52: Displaying Time Zone Information from a File in Linux Terminal.

The screenshot is of a Linux terminal where the user can view the contents of the file by

running cat [Link]. “Etc/UTC (UTC, +0000)” is the system’s time zone information which is

saved in the file.

Figure 53: Creating an EVENT Directory in Linux Terminal

 30

The user creates a directory called “EVENT” under the above directory using the mkdir -

p command in the Linux terminal displayed. This guarantees that every parent directory exist

Figure 54: Directory Creation and Error Correction

A mistake in the directory path (NP069653_NP059553 instead of NP069653_NP069653)

caused the user to encounter an error while trying to create a directory and put the hostname into

a file. The command ran successfully after changing the path.

Figure 55: Navigating Directories and Viewing File Content

The hostname “np069653” was present in the [Link] file, which the user

successfully showed after navigating into the NP069653_NP069653/Big directory.

Figure 56: Directory Listing and Command Error.

The user browsed into NP069653_NP069653, inspected its contents (subdirectories Big

and University), listed directories in their home folder, and tried an unknown command (S).
 31

Figure 57: Terminal Directory Listing Output.

The picture seems to be a directory listing in a terminal screen. The directory “PRO” is

owned by the user “ubuntu,” has certain permissions (`drwxrwxr-x`), and was last modified on

February 17. The directory is zero in size overall.

Figure 58: Directory and File Listing in Terminal.

The picture illustrates a terminal screen with the files in a directory. It contains a file

“[Link]” with rights (-rw-rw-r--) and a subdirectory “BUKITJALIL” with certain rights

(drwxrwxr-x), both of which belong to the user “ubuntu”. The entries in the list take up a total

space of 4 KB.

Figure 59: Terminal Commands for Directory and File Creation

The photo takes terminal commands to write a file and directory structure. The

commands are to make a nested directory path NP069653_NP069653/Big/Event and to send the

output of the whoami command – presumably what was meant, although whoant is misspelled –

to a file [Link] within that directory.

 32

Figure 60: Terminal Navigation and File Content Display

The illustration shows some of the terminal commands used to echo the contents of a file

as well as switch between directories. The user displays the contents of [Link] with the string

“ubuntu”, through the use of the cat command following directory change to

NP069653_NP069653/Big/Event.

Figure 61: Directory Structure with Access Errors

Shows an incomplete directory tree for /home/ with several access error (e.g., [error

accessing dir]), likely permissions-related. Features case-sensitive directory names (jsltl and

Jsltl), duplicate files ([Link]), typical Ubuntu directories (Desktop, Documents), and mixed
 33

name usage (e.g., Uni versity with a space). Nustc, nickname/Big/Event, and [Link] are

notable items.

Change permission for ‘University’:

Figure 62: Terminal Command for Recursive Permission Change.

A recursive terminal command to alter the permissions of a directory and its files is noted

in the snapshot. Read, write, and execute permissions are given to all users on the directory

University and all subdirectories/files thereof through the command sudo chmod 777 -R

Np069653_NP069653/University.

Change the owner and group for ‘[Link]’ to root:

Figure 63: File Ownership Change

This command transforms the ownership of the file that resides at main/[Link]. This

command "sudo chown root:root main/[Link]" alters ownership and group permissions of the

file which assigns root possession.

Copy [Link] to the Big Directory

Figure 64: File Copying

The image shows a command line for copying one file to a different directory. The

[Link] file is copied from the Event folder to the big folder by using the above commands.
 34

Configuration of Network

Settings/ Changing IP address

Figure 65: IP address of a device

The network interface ens33 serves as the communication gateway for devices by using

IP address ‘[Link]/24’. The loopback interface(lo) maintains the internal machine

communication using IP address [Link].

Figure 66: Command for editing the network settings

Using these commands, users can modify network configuration settings through

administrative privileges.
 35

Figure 67: Nano editor of NetworkManager

I assigned the new static IP address [Link] to the network interface “ens33” by

modifying the Netplan configuration file. I configured the default gateway at [Link] and

added DNS servers [Link] and [Link] under static IP conditions. I disabled DHCP to guarantee

the interface would only utilize this static configuration

Figure 68: Applying the Netplan configuration

You must use the above command to activate network settings which Netplan yaml

configuration files contain. Users needing root privileges can activate Netplan yaml

configuration files which apply network configuration settings to system interfaces.

 36

Verification of Static IP address

Check the IP address

Figure 69: New IP address of the devices

The ‘ip a’ command’s output proves that the ‘ens33’ network interface has been correctly

configured with static IP address [Link] using subnet mask /24 and broadcast address

[Link].

Check Routing

Figure 70: Viewing the default gateway

The configuration should verify that ‘ens33’ handles local network traffic

([Link]/24) from [Link] but routes external traffic through the default gateway at

[Link]

Setting/ changing the hostname

Figure 71: Setting hostname using hostnamectl command.

 37

The above commands change the system’s hostname from np069673 to hemraj-server.

This update ensures that new hostname is reflected across the system, improving identification in

the network and logs.

Edits the host’s file

Figure 72: Nano Editor of hosts file

I added the hostname ‘hemraj-server’ to the /etc/hosts file by mapping it to [Link] for

local resolution.

Figure 73: showing the host file

I used the /etc/hosts file to link the hostname “hemraj-server” with ip address [Link].

No external DNS server is required for my system to resolve Hemraj-server locally.

 38

Troubleshooting

Figure 74: Netplan Permission Warning

The error reveals that the Netplan Configuration file permits other users to access it due

to its incorrect permissions. Netplan requires that its configuration files within /etc/netplan

maintain root-level read and write permissions for security purposes.

Figure 75: Assigning Correct Permissions to Netplan Configuration

To fix the Netplan permission warning error I used the above commands to assign proper

access permissions to the Netplan configuration file. This command assigns read and write

permissions exclusively to the root user thus eliminating unauthorized access to resolve the

security warning.
 39

Firewall Configuration

Figure 76: Firewall rules display

40
41
 42

The command "sudo iptables –L" is used list the current firewall rules (INPUT,

FORWARD, OUTPUT). In the above screenshots, the rules in the INPUT, FORWARD, and

OUTPUT chains is shown.

Chain INPUT (policy DROP): The INPUT chain handles the incoming traffic. "policy

DROP" means that, by default, if incoming traffic does not match an explicit rule, it will be

blocked.

Chain FORWARD (policy DROP): The FORWARD chain handles traffic that is routed

through the server (if the router acts as server).

Chain OUTPUT (policy ACCEPT): The OUTPUT chain handles outgoing traffic from

the server. "policy ACCEPT" means that outgoing traffic is allowed by default.

The lines with ufw-before-input, ufw-after-input, etc., are rules added by ufw to manage its own

reset.

Figure 77: Adding Firewall rules for SSH and HTTP

In the above screenshot, I have allowed the incoming SSH traffic on port 22 and HTTP traffic on

port 80 by using the command "sudo iptables -A INPUT -p tcp --dport 22 -j ACCEPT" and "sudo

iptables -A INPUT -p --dport 22 -j ACCEPT" respectively.

In the above screenshot, -p tcp defines the protocol to be TCP (22 for SSH and 80 for HTTP), -j

ACCEPT is used to allow the server to be accessed via SSH.

Through the above commands, only the traffic on these ports will be allowed, other traffic will

be blocked.
 43

Figure 78: Adding Firewall rule for NFS

The command is used to allow TCP connections on port 2049. By allowing traffic on this

port, the server will be able to receive NFS requests from clients.

Figure 79: Encountered error while saving firewall rules

I tried to save the rules in the /etc/iptables/rules.v4 using the command "sudo iptables-

save > /etc/iptables/rules.v4", but I encountered the error "No such file or directory" since I did

not create any such file till now.

 44

Figure 80: Install iptables package

The command "sudo apt install iptables-persistent" used for installing the iptables-

persistent package. This package is necessary for saving iptables firewall rules so they are

automatically loaded after a system reboot.

Figure 81: Creating /etc/iptables directory and making rules.v4

The command "sudo mkdir –p /etc/iptables" is used to create the directory /etc/iptables.

In this command, sudo ensures that the command is run with root privileges, -p creates parent
 45

directory as needed. If /etc exists, but /etc/iptables doesn't exists, it will create both, and

/etc/iptables is used to store firewall rules for iptables.

The command "sudo touch /etc/iptables/rules.v4" is used to create an empty file named

rules.v4 inside the /etc/iptables directory.

Figure 82: Saving and Viewing firewall rules

 46

I went through this command, since I encountered the error while going through the

previous command to save the ip rules.

In the command "sudo iptables-save | sudo tee /etc/iptables/rules.v4", "sudo iptables-

save" saves the current iptables rules and the output of this command is piped to the tee

command The tee command, then reads the input and writes it in "/etc/iptables/rules.v4".

The output of this command shows the actual iptables rules that were saved. It includes

the standard chains (INPUT, FORWARD, OUTPUT). The rules show the port 22 (SSH), 80

(HTTP), and 2049 (NFS) are accepted on the INPUT chain.

Figure 83: Enabling netfilter-persistent service

I am enabling the netfilter-persistent package by using the command "sudo systemctl enable

netfilter-persistent".

The netfilter-persistent service is crucial for ensuring that firewall rules configured using

iptables are loaded automatically when the system restarts. Without it, the firewall rules would be

lost after reboot, which would potentially leave the system protected.

In the above command "sudo iptables-save | sudo tee /etc/iptables/rules.v4 > /dev/null",

the "sudo iptables-save" saves the current iptables rules. Then, the output of this command is

piped to the tee command. The command "sudo tee /etc/iptables/rules.v4" takes input from the

pipe and writes it in /etc/iptables/rules.v4. The ">" is the redirection operator that takes the input
 47

from the left and redirects it to the file specified in the right. In the above image, /dev/null

suppress output from commands.

Figure 84: Checking firewall persistence

In the above screenshot, the command "cat /etc/iptables/rules.v4" is used to view the

saved firewalls that will be loaded when the system loads. In the above image, it can be seen

clearly that the firewall is configured to allow SSH, HTTP, and NFS traffic.
 48

Network File System Configuration

Figure 85: Installing NFS server

 49

In the above screenshot, the command "sudo apt install nfs-kernel-server" is used to

install the nfs-kernel-server package, which is required to setup an NFS server. The nfs-kernel-

server package provides the necessary utilities to share filesystems over the network using NFS.

Figure 86: Creating NFS shared directory

In the above screenshot, I have created the "/mnt/nfs_share", which is used as a mount

point for an NFS share.

Figure 87: Changing ownership for NFS share

In the above screenshot, the command "sudo chown nobody:nogroup /mnt/nfs_share" is

used to change the owner and group of the /mnt/nfs_share directory to nobody and nogroup

respectively.

The command "sudo chmod 777 /mnt/nfs_share" is used to change the permission of

the /mnt/nfs_share to 777 (read, write, and execute for everyone).

Figure 88: Adding NFS configuration to /etc/exports file

 50

The line "echo '/mnt/nfs_share/ *(rw,sync,no_subtree_check)'" in the command "echo

'/mnt/nfs_share/ *(rw,sync,no_subtree_check)' | sudo tee –a /etc/exports/mnt/nfs_share/

*(rw,sync,no_subtree_check)" outputs the string defining the NFS share. The tee command

"sudo tee –a /etc/exports/" receives the output of this phase.

The /etc/exports file's entry point is being set up with this command. This file allows the NFS

server to know which directory to share and which options to use. This line will allow NFS

clients with read and write access to the /mnt/nfs_share directory after the NFS server has been

restarted.

Figure 89: Exporting NFS shares

Through the command "sudo exportfs –a", all the directories specified in the /etc/exports

file will be available to the NFS clients.

Figure 90: Restarting NFS server

The command "sudo systemctl restart nfs-kernel-server" restarts the nfs-kernel server.

Figure 91: Allowing NFS traffic in firewall

Through the command "sudo ufw allow 2049/tcp", I tried to configure the firewall to

allow NFS traffic, but I faced the error since ufw was not installed in my system.
 51

Figure 92: Installing ufw

Through the command "sudo apt install ufw", I am installing ufw (uncomplicated

firewall) package which provides user-friendly interface for managing iptables firewall rules.

Figure 93: Enabling ufw

The command "sudo ufw enable" enables the ufw on the system. The confirmation

message "Firewall is active and enabled on system startup" confirms that firewall is active and

will automatically start on system boot.

 52

Figure 94: Checking ufw firewall status

The command "sudo ufw status" is used to check the status of the ufw. This command

displays the list of the allowed connections. It is clear from the status that the ufw firewall is

active.

Figure 95: Allowing NFS traffic in firewall

The command "sudo ufw allow 2049/tcp" configures the ufw to allow incoming TCP

traffic on port 2049. The output of this command "Rule added" confirms that the rule to allow

traffic on port 2049 has been added, and the output of "Rule added (v6) shows that rules have

been applied to IPv6.

Figure 96: Verifying NFS export configuration

The command "sudo exportfs –v" is used to verify the NFS exports and their

configuration. The output of this command shows that /mnt/nfs_share directory is being shared

with the specified options.

 53

Figure 97: Adding new user

In the above screenshot, I am adding a new user in my Virtual Machine.

Figure 98: Switching to client user

In the above image, I am switching to the account named "clientuser".

Figure 99: Creating NFS mount directory

 54

Through the command "sudo mkdir /mnt/client_nfs", I am trying to create a directory

named /mnt/client_nfs, but I was not authorized to do so, since I was not the sudo user.

Figure 100: Granting sudo access to client user

The command "sudo usermod –aG sudo clientuser" modifies the clientuser to add it to the

sudo group. The command "groups clientuser" displays the group memberships of the user

"clientuser".

Figure 101: Mounting NFS share on client

In the above image, the command "sudo mount –t nfs [Link]:/mnt/nfs_share

/mnt/client_nfs" mounts the NFS share from the server to the client's mount point

/mnt/client_nfs.

The command "ls /mnt/client_nfs" lists the contents of the mounted NFS share. For now,

the output is empty, which means that the shared directory on the NFS server is currently empty,

but the successful mount confirms that the connection between the client and the NFS server has

been established.
 55

Configuration of Certificate Authority On Ubuntu

Install the Easy RSA package

Figure 102: Install the easy rsa package

The command sudo apt-get install easy-rsa will install Easy-RSA on Ubuntu and other

Debian-based systems. "sudo" allows administrative privileges here, apt-get manages packages,

and install easy-rsa will download and install the tool used to create and manage a Public Key

Infrastructure (PKI) for SSL/TLS certificates.

Configuring the Easy-rsa Variables

Figure 103: Configuring the Easy-rsa Variables

The set of commands enables Easy-RSA to operate as a Public Key Infrastructure control

center. Creating a directory named easy-rsa in the home directory is the first step achieved by
 56

executing mkdir ~/easy-rsa. Symbolic links that include all Easy-RSA files appear at this

directory location through the command ln -s /usr/share/easy-rsa/* ~/easy-rsa/. Users need the

command chmod 700 ~/easy-rsa to gain read and write permissions for the easy-rsa directory

since the directory permissions allow access only to the owner. Moving to the ~/easy-rsa

directory with cd ~/easy-rsa enables the system to execute ./easyrsa init-pki for setting up the

PKI for HTTPS certificate generation.

Figure 104: Set up the PKI Directory

The above fig confirms that the Public Key Infrastructure (PKI) has been installed

successfully. It tells us that the pki directory has been built in the ~/easy-rsa directory, where

certificates and keys will reside. The message also suggests next steps that should be taken, i.e.,

generate a Certificate Authority (CA) or certificate request.

 57

Add and modify the vars file

Figure 105: Add and modify the vars file

Creating a Certificate Authority

Figure 106: Build the CA

 58

The terminal display shows the output of the Easy-RSA tool which functions for

managing Public Key Infrastructure (PKI) certificates. The system generates a Certificate

Authority (CA) certificate through its operation. The user provides an entry for the CA Common

Name followed by a successful confirmation message that stores the generated CA certificate

at /home/ubuntu/easy-rsa/pki/[Link].

Figure 107: Verify the CA Certificate

Easy-RSA produces the certificate authority certificate file [Link] whose contents the

image presents. The user displays the certificate through the cat command while the content

appears as Base64 encoding that surrounds the certificate text by -----BEGIN

CERTIFICATE----- and -----END CERTIFICATE----- statements. Similar to other certificates in

 59

a Public Key Infrastructure (PKI) the CA certificate functions by verifying while digitally

signing other certificates that exist in the system.

Figure 108: Adjust permission

 60

Distributing Certificate Authority’s Public Certificate

Figure 109: Distribute the CA certificate

Commands issued are used to distribute and update a CA (Certificate Authority)

certificate on a Linux machine. The initial command puts the [Link] file in a shared directory for

access. The second command updates the system's certificate database (/etc/ssl/certs/), and the

new CA certificate is brought into awareness for secure communication. This allows other

systems or users to trust CA for authentication and encryption.

 61

Conclusion

This assignment required us to construct and document an essential TCP/IP network

infrastructure with essential services and make key enhancements while developing practical

experience in the fields of user account management and network configuration alongside file

management, security applications, and certificate authority deployment. The team spent time

resolving installation errors, permission issues, and firewall restrictions by working through

system problems to boost their problem-solving abilities. The project provided us with essential

knowledge for future network administration work by demonstrating security implementation

and system configuration.

 62

APPENDIX

Workload Matrix

Student Allocation of Work Signatures

Aim Kumar Yonjan Files and Directory Management,

Installation of Ubuntu

Sujal Shrestha User Configuration, Configuration of

Certificate Authority (CA), Installation

of Ubuntu

Hemraj Budha Network Configuration,

Documentation, Introduction,

Conclusion and Installation of Ubuntu

Prasanna Shrestha Firewall Configuration, NFS

Configuration, and Installation of

Ubuntu