eodenyire

Disable Root Login

After doing some security audits of servers, xFusionCorp Industries security team has implemented some new security policies. One of them is to disable direct root login through SSH. Disable direct SSH root login on all app servers in Stratos Datacenter.

Click on ✔ and Do Task Again

Solution:-

Open Three Terminal and ssh on all App server

on Terminal one

ssh tony@stapp01  

on Terminal Two

eodenyire

Configure protected directories in Apache

xFusionCorp Industries has hosted several static websites on Nautilus Application Servers in Stratos DC. There are some confidential directories on document root that need to be password protected. Because they are using Apache for hosting the websites, the production support team has decided to use .htaccess with basic auth. There is a website that needs to be uploaded to /var/www/html/dba on Nautilus App Server 2. However, we need to set up the authentication before that. Create /var/www/html/dba directory if doesn't exist. Add a user mariyam in htpasswd and set its password to BruCStnMT5. There is a file /tmp/index.html placed on Jump Server. Copy the same to new directory you created, please make sure default document root should remain /var/www/html. Also website should work on URL http://app-server-hostname:port/dba

Click on ✔ and Do Task Again

Solution:-

ssh on a app server According to Task

ssh steve@stapp02

Add user name

eodenyire

The System admin team of xFusionCorp Industries has installed a backup agent tool on all app servers. As per the tool's requirements they need to create a user with a non-interactive shell.Therefore, create a user named mark with a non-interactive shell in the app02 server

Click on ✔ and Do Task Again

Solution:-

SSh acording to Task

ssh tony@stapp01 ## AppServer 1 Pass= Ir0nM@n
### OR
ssh steve@stapp02 ## Appserver 2 Pass = Am3ric@
### OR

eodenyire

Linux Network Services

Our monitoring tool has reported an issue in Stratos Datacenter. One of our app servers has an issue, as its Apache service is not reachable on port 5003 (which is our Apache port). The service itself could be down, the firewall could be at fault, or something else could be causing the issue. Use tools like telnet, netstat, etc. to find and fix the issue. Also make sure Apache is reachable from the jump host without compromising any security settings.

Click on ✔ and Do Task Again

Solution:-

At first Login to stapp01 server or the server that has issue

ssh tony@stapp01

Login as root:

sudo su

eodenyire

CRON job

The Nautilus system admins team has prepared scripts to automate several day-to-day tasks. They want them to be deployed on all app servers in Stratos DC on a set schedule. Before that they need to test similar functionality with a sample cron job. Therefore, perform the steps below:

1. Install cronie package on all Nautilus app servers and start crond service.

1. Add a cron */5 * * * * echo hello > /tmp/cron_text for root user.

Click on ✔ and Do The Task Again

Solution:

Open Three Terminal and ssh on all App server

on Terminal One

ssh tony@stapp01

eodenyire

Application Security

We have a backup management application UI hosted on Nautilus's backup server in Stratos DC. That backup management application code is deployed under Apache on the backup server itself, and Nginx is running as a reverse proxy on the same server. Apache and Nginx ports are 8086 and 8095, respectively. We have iptables firewall installed on this server. Make the appropriate changes to fulfill the requirements mentioned below: We want to open all incoming connections to Nginx's port and block all incoming connections to Apache's port. Also make sure rules are permanent.

Click on ✔ and Do Task Again

Solution:-

Login to backup server and add these two rules

sudo iptables -A INPUT -p tcp --dport 8099 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT
sudo iptables -A INPUT -p tcp --dport 6300 -m conntrack --ctstate NEW -j REJECT

Then save it by typing following command

eodenyire

Install and Configure Postgresql

The Nautilus application development team has shared that they are planning to deploy one newly developed application on Nautilus infra in Stratos DC. The application uses PostgreSQL database, so as a pre-requisite we need to set up PostgreSQL database server as per requirements shared below:

a. Install and configure PostgreSQL database on Nautilus database server.

b. Create a database user kodekloud_rin and set its password to TmPcZjtRQx.

c. Create a database kodekloud_db10 and grant full permissions to user kodekloud_rin on this database.

d. Make appropriate settings to allow all local clients (local socket connections) to connect to the kodekloud_db10 database through kodekloud_rin user using md5 method (Please do not try to encrypt password with md5sum).

e. At the end its good to test the db connection using these new credentials from root user or server's sudo user.

Click on ✔ and Do Task Again

Solution:

eodenyire

Linux Nginx as Reverse Proxy

Nautilus system admin's team is planning to deploy a front end application for their backup utility on Nautilus Backup Server, so that they can manage the backups of different websites from a graphical user interface. They have shared requirements to set up the same; please accomplish the tasks as per detail given below:

a. Install Apache Server on Nautilus Backup Server and configure it to use 8087 port (do not bind it to 127.0.0.1 only, keep it default i.e let Apache listen on server's IP, hostname, localhost, 127.0.0.1 etc).

b. Install Nginx webserver on Nautilus Backup Server and configure it to use 8092.

c. Configure Nginx as a reverse proxy server for Apache.

d. There is a sample index file /home/index.html on Jump Host, copy that file to Apache's document root.

e. Make sure to start Apache and Nginx services.

f. You can test final changes using curl command, e.g curl http://:8092.

==========

eodenyire

PAM Authentication For Apache

The document root /var/www/html of all web apps is on NFS share /data on storage server in Stratos Datacenter. We have a requirement where we want to password protect a directory in the Apache web server document root.

We want to password protect http://:<apache_port>/protected

URL as per the following requirements (you can use any website-url for it like localhost since there are no such specific requirements as of now):

a. We want to use basic authentication.

b. We do not want to use htpasswd file base authentication. Instead, we want to use PAM authentication, i.e Basic Auth + PAM so that we can authenticate with a Linux user.

c. We already have a user jim with password Rc5C9EyvbU which you need to provide access to.

d. You can access the website on LBR link. To do so click on the + button on top of your terminal, select Select port to view on Host 1, and after adding port 80 click on Display Port.

eodenyire

Getting Started with OCI
========================
Global Footprint - 16 active (11 commercial, 5 Govt), 20 new regions (17 commercial, 3 Govt)
Interconnect with Azure - Ashburn and London, other regions planned
OCI Region - Multiple fault de-correlated, completely independent data centers: AD; Grouping of hardware and infra with in AD: FD
One AD Regions - Next 12 months, Region or AD will be added
Off-box Network virtualization - All virtualization put into custom silicon cards, includes all storage and network I/O
OCI Services - Identity, Networking, Compute, Storage, Database, Autonomous DB, Serverless, Analytics, Next Layer Services, Security, Data movement, Edge 
Differentiation - Off-box Network virtualization, Bare metal + Local NVMe storage, All SSD storage, No Network, memory or CPU over-subscription; Battle tested; DB options(BM,VM,Exadata,RAC); Enterprise App support (EBS, JDE)
                  Aggresive and Predictable pricing (Cheaper than AWS); SLAs on Performance, Management and Availability; B