Updated: 2017-12-11 02:30 EST
[...]
Reminder: There are now two quizzes that you need to complete on Blackboard as part of your term Quiz mark. A third quiz will be posted before the Final Exam. The Quizzes are not optional; see the Course Outline.
Check the due date for each assignment and put a reminder in your agenda, calendar, and digital assistant. Just like in the Real World, not all due dates are on the same days or at the same times.
umask
Worksheets are preparation for your assignments. You can’t do the assignments without having done the worksheets first, and you can’t do the worksheets without having first read the Course Notes:
Form a small study group to do the worksheets. Each person tries the example given, and you make sure you all get the same answers. Worksheets are not for hand-in; they are not worth marks; the assignments test your knowledge of the lectures and worksheets.
The worksheets are available in four formats: Open Office (ODT), PDF, HTML, and Text. Only the Open Office format allows you “fill in the blanks” in the worksheet. The PDF format looks good but doesn’t allow you to type into the blanks in the worksheet. The HTML format is crude but useful for quick for viewing online.
Do NOT open the Worksheet ODT files using any Microsoft products; they will mangle the format and mis-number the questions. Use the free Libre Office or Open Office programs to open these ODT documents. On campus, you can download Libre Office here.
vim
vimtutor
program on the CLS.chmod, ls -lid, umask
Worksheets prepare you for the upcoming assignments.
This course has two midterm tests and one final exam.
The Final Exam is three hours long and contains approximately 180 multiple-choice questions similar to those found in the three preceding Practice Tests and Answers. Do all three practice tests before the Final Exam!
All three practice tests will be posted under Practice Tests and Answers. The Final Exam is comprehensive of the whole course; you need to do all three practice tests for the Final Exam.
Here are the final statistics for the second midterm test:
88 students are registered in the course.
Of the 88, 6 did not write the test, leaving 82 who did.
Of the 82, 14 did not enter a valid test version code.
Of the 82, 11 did not enter their own name correctly.
Of the 82, 2 did not enter their own student number correctly.
Of the 82, 2 did not put their name on their question sheet.
Of the 82, 1 used a pen instead of pencil and got zero marks.
Of the 82, 31 got question #45 wrong even though the answer was given in the Test Instructions printed at the start of the test.
The 82 class scores:
100 98 97.7 97.7 96.8 95.8 95.5 93.2 90.9 89.1 88.6 88.6 88.6 86.9 86.9 86.4 86.4 84.1 84.1 82.4 81 79.5 77.3 77.3 75 75 72.7 71.6 70.5 70.5 70.5 69 67.5 66.2 62.4 62.1 61.4 60.1 59.1 59.1 59.1 58.5 58.5 56.8 55.7 54 53.5 52.4 52.3 52.3 51.2 51.2 51.2 50 50 49.7 48.1 47.7 45.5 44.5 43.7 38.5 38.1 37.9 36.4 34.4 34.2 33.4 31.8 29.5 29.5 26.7 26.1 23.1 22.7 20 18 17.8 14.4 14.3 13.4 8
82: Pass 56 (68.3%) Fail 26 (31.7%)
22 A (26.8%) 5 A- 8 A 9 A+
9 B (11.0%) 4 B- 3 B 2 B+
7 C ( 8.5%) 4 C- 1 C 2 C+
18 D (22.0%) 9 D- 3 D 6 D+
26 F (31.7%) 21 F- 3 F 2 F+
90% - 100% 9 *********
80% - 90% 13 *************
70% - 80% 9 *********
60% - 70% 7 *******
50% - 60% 18 ******************
40% - 50% 5 *****
30% - 40% 10 **********
20% - 30% 5 *****
10% - 20% 5 *****
0% - 10% 1 *
I spent an hour correcting your errors on your mark-sense forms. Before your next test, some of you need to re-read the Test Instructions. Penalties go up again for making these errors on the final exam.
Take notes in class! Keep a pad open on your desk.
Don’t forget to finish your five Blackboard quizzes for each of Midterm 1 and Midterm 2. There will be a third quiz to prepare for the Final Exam.
This case study needs Command Substitution and Control Statements and super-user (root
) permission.
The Course Linux Server runs the Denyhosts intrusion detection package (man denyhosts
). Blocked IP addresses are automatically added to the file /etc/hosts.evil
that is included by /etc/hosts.allow
to block access to the machine:
$ wc -l /etc/hosts.evil
7908 /etc/hosts.evil
Visual inspection of /etc/hosts.evil
suggests that some of the recent blocked IP addresses are people on the local Rogers cable network:
$ whois 99.224.86.21
[...]
NetRange: 99.224.86.0 - 99.224.87.255
CIDR: 99.224.86.0/23
Parent: ROGERS-COM-HSD (NET-99-224-0-0-1)
The sysadmin wants to find and unblock all these IP addresses.
Find some obvious Rogers IP addresses in the file:
$ fgrep ' 99.2' /etc/hosts.evil
sshd: 99.224.86.21
sshd: 99.245.238.68
sshd: 99.246.18.16
sshd: 99.254.149.12
sshd: 99.246.3.39
sshd: 99.239.40.207
Isolate the just IP addresses on each line:
$ fgrep ' 99.2' /etc/hosts.evil | awk '{print $NF}'
99.224.86.21
99.245.238.68
99.246.18.16
99.254.149.12
99.246.3.39
99.239.40.207
Write a debugging FOR loop that uses the IP addresses via command substitution and echoes them to the screen:
$ for ip in $( fgrep ' 99.2' /etc/hosts.evil | awk '{print $NF}' ) ; do echo "IP is $ip" ; done
IP is 99.224.86.21
IP is 99.245.238.68
IP is 99.246.18.16
IP is 99.254.149.12
IP is 99.246.3.39
IP is 99.239.40.207
Replace the debugging echo
with the real unblocking command (requires privilege to work):
$ for ip in $( fgrep ' 99.2' /etc/hosts.evil | awk '{print $NF}' ) ; do sudo /usr/share/denyhosts/DenyHosts/dh_reenable "$ip" ; done
Done!
Please restart denyhosts
Done!
Please restart denyhosts
Done!
Please restart denyhosts
Done!
Please restart denyhosts
Done!
Please restart denyhosts
Done!
Please restart denyhosts
Done!
Please restart denyhosts
Verify that it worked:
$ fgrep ' 99.2' /etc/hosts.evil
$ # no output - all addresses were removed
Restart the Denyhosts package (requires privilege to work):
$ sudo service denyhosts restart
* Stopping DenyHosts denyhosts
...done.
* Starting DenyHosts denyhosts
...done.
Done.
The assignment Checking Programs may issue this message:
Number of world-writable pathnames in abcd0001 account: 1
ERROR: Sysadmin do not create files that anyone can overwrite.
ERROR: See "Examples of uses of find" to find these files.
ERROR(-1): Fix the permissions on these files
Don’t create files or directories that anyone (“other”) can write, except the few required ones in the one Assignment #08 HTML head
directory!
You must look at all the files in your account to try to find these files or directories that you have created with “other” write permissions. You can find the files the hard way, using cd
and ls
, or you can do it the easy way using a recursive command:
find
these world-writable files in your account, first use a command to search for the files that contain the text world-writable
in all the course notes. The course notes have an example showing what command to use to find world-writable files.Filezilla
in all the course notes.Bonus (optional) Assignment #09 HTML may be done now that you have your marks back for Midterm #2 by email. (Your marks were sent to you late Friday afternoon, March 17.) You can use this bonus assignment to make up for lost marks on your second midterm test. See the assignment for the exact Marking Scheme. There is a checking program available to check your file format for this bonus assignment, but only people who Read All These Words will know about it. Wrong format means no marks.
Many students find that hiring a personal tutor helps them get through the first term. Financial assistance is available. See the Tutoring heading in the Course Introduction.
People are using ../..
paths to try to trick the Apache Web server into revealing files: CLS Apache Web Logs
Look at the IP addresses of the attacking machines. Do you notice something interesting about the attacks on January 31 and February 2?
Up to Sun Mar 19 23:11 EDT 2017. I did some whois lookups on a few of the IP addresses and added the network owners as comments (all from China).
# Since: Jan 1 07:51:01
$ fgrep 'refused connect' /var/log/auth.log \
| awk '{print $NF}' | sort | uniq -c | sort -nr | head
33409 (116.31.116.25) # CHINANET Guangdong province network
10498 (153.99.182.35) # China Unicom Jiangsu province network
10041 (218.65.30.46) # CHINANET jiangxi province network
9955 (182.100.67.76)
5071 (122.194.229.16)
3990 (218.65.30.251)
3232 (218.65.30.80)
3104 (61.177.172.60)
2387 (153.99.182.11)
2148 (116.31.116.23)
# Since Jan 1 07:36:15
$ zfgrep 'refused connect' /var/log/auth.log{,.{?,10,11}.gz} \
| awk '{print $NF}' | sort | uniq -c | sort -nr | head
66204 (116.31.116.53) # CHINANET Guangdong province network
24451 (153.99.182.10) # China Unicom Jiangsu province network
22199 (153.99.182.26) # China Unicom Jiangsu province network
21173 (123.183.209.139)
20876 (116.31.116.36)
15789 (218.65.30.46)
13893 (58.218.200.37)
13621 (116.31.116.24)
12596 (153.99.182.39)
11666 (153.99.182.13)
# Since: Feb 13 07:37:01
$ zfgrep 'refused connect' /var/log/auth.log* \
| awk '{print $NF}' | sort | uniq -c | sort -nr | head
28235 (116.31.116.25) # CHINANET Guangdong province network
12751 (61.177.172.60) # CHINANET jiangsu province network
10859 (153.99.182.35) # China Unicom Jiangsu province network
5112 (122.194.229.16)
4347 (153.99.182.36)
2841 (218.65.30.251)
1672 (218.65.30.210)
1508 (219.153.15.82)
1498 (209.159.145.140)
1339 (116.31.116.53)
You’re not paranoid if they really are out to get you!
Do you think you need Linux skills for this job?