Lab1 Introduction to System Administration
Welcome to the System Administration course. Before getting started, please make sure you have read the following information:
- Courses Homepage for information about the Course Info
- Lab1 slides for more detailed Course Information.
- Slack page for communication through Slack.
For any questions, we recommend using the Slack channels, as this will also make answers visible to other people.
Labs
This course is set up mainly utilizing the Courses pages, all labs every week follow the same format - a weekly guide in the Practicals page that works you through setting up a system or a service, or some closely related systems and services. Often enough, a next week's lab might need settings to be changed in the previous lab's topic, for example, the web servers lab will require changes in things done in the domain name servers lab. That's just how IT works.
Scoring
During the course, you will be monitored and scored by a scoring server: https://scoring.sa.cs.ut.ee . This site monitors the progress of all the labs that you complete. When you are completing labs, you can see that you did everything right when monitoring goes green.
The credentials are to access the website:
User: student
Password: SysAdm2022%
Once you access the scoring site, you can search for Services on the left side panel. When you click on it, a new view appears, where there's a host called "Lab1". From there, search a line with your username in it (it appears for the first time a bit after you log into lab1.cloud.ut.ee). When this line goes green, you have completed this week's task.
During the next weeks, when you get your own personal VM, you will have a line with your VMs name in the list. Every week, as we publish another lab with tasks, the monitored services list will also expand.
When monitoring your personal VMs, there are two types of checks - with one we log into your machine and check whether something looks as it should, and the other option is to query your machine from the outside world. This means that you can't expect things in Lab6 to work when Lab2 is not done, as, for example, we can't access your machine, because Lab2 is where you set our access up.
Remembering *NIX
During this week we will play through the exercises refreshing your UNIX knowledge. Starting from the next week we start building the real server-side service infrastructure. Therefore we find it critical for you to feel fluent with the command-line interface (CLI) of Linux. The outline of this lab is as follows:
- Helpful materials
- CTF (this part is graded)
- Cool Games
This week monitoring tests whether a task is done in the CTF part of the lab.
Helpful materials
Before we get started with the practical part of the lab, let's go over where to find information, as that is a large part of this whole course. Every lab will have new commands, systems, configuration files, log file locations, and weird error outputs, which is why we strongly recommend utilizing google to its full extent and to talk with each other!
At first, writing up commands that you won't remember is a very good idea. We will never prevent you from being able to look at your notes, even during the exam!
This means that if you want, you can make a cheat sheet, or just write up any commands that you think you will not be able to remember.
Automation is also encouraged during the labs and the exam - during the following weeks we will also be teaching how to use a tool called Ansible, which will take care of config management and more. The third lab will be about Ansible best practices, and after that we add extra examples and guides about Ansible into the weekly labs as well. A well-written Ansible playbook could in theory allow you to pass the exam in just a few minutes, so keeping it up to date might prove invaluable.
We will also try to provide you with informational visualizations to further your understanding. We hope these to be useful!
There are also remotely hosted resources that are very useful:
Especially Shell Commands Explainer, which takes the input command line, and tries to fully explain what is going on. Works for surprisingly many commands.
CTF
We now get to the practical part of the lab. Before we can do anything, we need to get inside the environment where we can play around without having to worry about our machines.
Accessing the Sandbox machine
First, make sure that you are connected to the University of Tartu network.
Remotely (not in the lab), this is achieved by using the University of Tartu VPN service. The guide for that can be found at https://wiki.ut.ee/pages/viewpage.action?pageId=17105590.
When you are using the classroom computers or University WiFi, you should be fine without the VPN.
Moving from one host to another on Linux systems is usually done by utilizing a protocol called SSH (Secure Shell). This can be used to login into another machine.
The syntax usually follows like this: ssh <username>@<hostname> Example: ssh mouse@lab1.cloud.ut.ee
Let's log into a machine called lab1.cloud.ut.ee with our University of Tartu username and password.
The way to do this depends on which operating system you use currently:
For Linux/Mac (the classroom machines) users this can be done by opening your terminal application, and inserting the following command to the command line ssh <username>@lab1.cloud.ut.ee . You will be asked whether you trust the host and for your University of Tartu password.
You can tell whether you were successful logging in when you are not getting an error and if the shell prompt changes. Also, the output of commands whoami, hostname and pwd should be different from your own machine.
Windows users have two options:
- Windows Subsystem for Linux - WSL(more info at https://www.microsoft.com/en-us/p/ubuntu/9nblggh4msv6?activetab=pivot:overviewtab). Using WSL grants you the ability to open a Linux terminal in Windows, to use the ssh command as mentioned above. WSL is harder to set up, but easier and more convenient to use in the future, as it emulates the whole command line.
- Software called PuTTY, that allows the creation of an SSH connection to the server. Putty is very easy to run, but in the future might cause you to need to jump through extra hoops to do some stuff, like add an SSH key. A guide on using PuTTY can be found on the University HPC page https://docs.hpc.ut.ee/ssh/.
CTF Excercise
Capture The Flag (CTF) is a form of exercise where the task is to find very specific "flags", hidden in the system or software by competitors or organizers. This is very prevalent in especially Cyber Security, and if you like the following game, make sure to check out https://overthewire.org/wargames/bandit/.
In our case, we have prepared a small CTF as a way to test your Linux knowledge. Do not worry if you cannot do every task outright, some of these are deceptively difficult.
If you cannot think of a solution, do not know how to do something, or want an explanation, make sure to ask a teacher either directly or by using Slack.
The exercise here is to, inside the lab1.cloud.ut.ee, go task by task, and only continue when you have the "flag" from a previous task.
In some cases, the input to the next task is the flag from the previous task.
The format is like this: SysAdm-<flag>
Examples:
- String:
SysAdm-flag, flag:flag - String:
SysAdm-fish, flag:fish
The flag is always a single lower case alphanumeric string without punctuation.
Task 1 - A file with Flag inside in local directory:
When first logged into a server, you are automatically placed inside a folder. Wonder what's in here?
Helpful commands: ssh, ls, cat
Task 2 - Flag as an output of a command from history:
Gasp! Someone's been here and has done something .. nefarious? Need to follow the instructions from the file! Wonder if the command does something nefarious..
Helpful commands: history, grep
Task 3 - A file with Flag in the name inside a subdirectory:
Apparently not. Wonder if there's anything else cool in any of the folders inside my home directory?
Helpful commands: cd, ls, cat, find
Task 4 - A Flag in a log file:
Nothing of note there. Maybe in any of the log files? My user seems to only have permissions to /var/log/audit.log.. It's so long though..
Helpful commands: find, grep, vim, cat
Task 5 - Flag inside a system file:
Maybe there's a user related to this whole ordeal? I'll check the Linux system user file in /etc/
Helpful commands: find, grep
Task 6 - Flag received by executing a binary:
That user has a weird command as their entrypoint /home/SysAdm/ctf.. Maybe my home directory has a similar file? Wonder what it does..
Helpful commands: bash, ./, vim, cat, less
Task 7 - A Flag in the output of a curl command:
As this server has a webserver running on port 80, let's try using curl on it.
Helpful commands: curl, netstat
Task 8 - A Flag in the output of nmap command:
It gave us a port.. let's check what's on that port! There's a tool called nmap for this.
Helpful commands: nmap -sV <hostname> -p <port>
Task 9 - Flag can be received by sending a message to a port on localhost in the range 31000 to 32000:
Let's try sending data to this port.. Using nc (netcat) and our university username.
Helpful commands: nc <hostname> <port>, echo, |
Method: echo your username into the pipe, which then sends the info to nc
NB! The last task is monitored by the scoring server. It checks whether a correct username has been input as data into the port. It might take up to 5 minutes for monitoring to pick this up.
Once that's green, you're done with this week's lab. Congratulations!
Epilogue
By the end of the lab, make sure you have done all the following things, as a preparation to the next weeks:
- Have the capability of SSHing into a Linux host
- Are able to connect to the University of Tartu VPN (personal machines).
- Can access the Scoring website (https://scoring.sa.cs.ut.ee) with your (preferably personal) machines.
- Have access to our course's Slack channels.
- Are knowledgeable about the topics and can find information related to the course.
- Have brushed up your google skills.
If missing anything, ask!