Updated: 2017-12-11 02:30 EST

1 Readings, Assignments, Labs, Tests, and ToDoIndexup to index

1.1 Read (at least) these things (All The Words)Indexup to index

  1. Week 10 Notes HTML – this file – Read All The Words
  2. Shell Scripts – lists of commands, executable scripts, script header, command arguments and positional parameters
  3. Shell command substituion – interpolate stdout into a command line using $(…) or `…`
  4. Shell Control Structures – if, then, else, test, [...]
  5. List of Commands You Should Know
  6. Linux and Sysadmin News in the World
  7. Video Tutorials on Lynda.com – tagged by week number

1.2 Assignments and lab work this weekIndexup to index

Reminder: There are now two quizzes that you need to complete on Blackboard as part of your term Quiz mark. A third quiz will be posted before the Final Exam. The Quizzes are not optional; see the Course Outline.

Check the due date for each assignment and put a reminder in your agenda, calendar, and digital assistant. Just like in the Real World, not all due dates are on the same days or at the same times.

1.3 WorksheetsIndexup to index

Worksheets are preparation for your assignments. You can’t do the assignments without having done the worksheets first, and you can’t do the worksheets without having first read the Course Notes:

  1. Read the web notes. (Please: Read All The Words)
  2. Do the relevant Worksheet(s).
  3. Do the relevant Assignment(s).

Form a small study group to do the worksheets. Each person tries the example given, and you make sure you all get the same answers. Worksheets are not for hand-in; they are not worth marks; the assignments test your knowledge of the lectures and worksheets.

The worksheets are available in four formats: Open Office (ODT), PDF, HTML, and Text. Only the Open Office format allows you “fill in the blanks” in the worksheet. The PDF format looks good but doesn’t allow you to type into the blanks in the worksheet. The HTML format is crude but useful for quick for viewing online.

Do NOT open the Worksheet ODT files using any Microsoft products; they will mangle the format and mis-number the questions. Use the free Libre Office or Open Office programs to open these ODT documents. On campus, you can download Libre Office here.

Worksheets prepare you for the upcoming assignments.

1.4 Upcoming tests and examsIndexup to index

This course has two midterm tests and one final exam.

1.4.1 The Final Exam – 8am April 28 – 40%Indexup to index

The Final Exam is three hours long and contains approximately 180 multiple-choice questions similar to those found in the three preceding Practice Tests and Answers. Do all three practice tests before the Final Exam!

  • Time: 08h00-11h00 (8am to 11am) Friday April 28 (Week 15)
  • Location: CA-105 A,B,C (across the Woodroffe pedestrian overpass)
  • This exam has assigned seating – see your email for your assigned seat.
  • 180 minutes (three hours) for 180 questions
  • Do all three practice tests before the Final Exam!
  • Three Hours! Take a bathroom break before you start the exam!

All three practice tests will be posted under Practice Tests and Answers. The Final Exam is comprehensive of the whole course; you need to do all three practice tests for the Final Exam.

2 Midterm Test #2 AnalysisIndexup to index

Here are the final statistics for the second midterm test:

100 98 97.7 97.7 96.8 95.8 95.5 93.2 90.9 89.1 88.6 88.6 88.6 86.9 86.9 86.4 86.4 84.1 84.1 82.4 81 79.5 77.3 77.3 75 75 72.7 71.6 70.5 70.5 70.5 69 67.5 66.2 62.4 62.1 61.4 60.1 59.1 59.1 59.1 58.5 58.5 56.8 55.7 54 53.5 52.4 52.3 52.3 51.2 51.2 51.2 50 50 49.7 48.1 47.7 45.5 44.5 43.7 38.5 38.1 37.9 36.4 34.4 34.2 33.4 31.8 29.5 29.5 26.7 26.1 23.1 22.7 20 18 17.8 14.4 14.3 13.4 8

82: Pass 56 (68.3%)  Fail 26 (31.7%)
 22 A (26.8%)     5 A-    8 A    9 A+ 
  9 B (11.0%)     4 B-    3 B    2 B+ 
  7 C ( 8.5%)     4 C-    1 C    2 C+ 
 18 D (22.0%)     9 D-    3 D    6 D+ 
 26 F (31.7%)    21 F-    3 F    2 F+ 
 90% - 100%   9  *********            
 80% -  90%  13  *************        
 70% -  80%   9  *********            
 60% -  70%   7  *******              
 50% -  60%  18  ******************   
 40% -  50%   5  *****                
 30% -  40%  10  **********           
 20% -  30%   5  *****                
 10% -  20%   5  *****                
  0% -  10%   1  *

I spent an hour correcting your errors on your mark-sense forms. Before your next test, some of you need to re-read the Test Instructions. Penalties go up again for making these errors on the final exam.

3 Notes from the ClassroomIndexup to index

3.1 Commands UsedIndexup to index

3.2 Case Study: enabling blocked IP addressesIndexup to index

This case study needs Command Substitution and Control Statements and super-user (root) permission.

The Course Linux Server runs the Denyhosts intrusion detection package (man denyhosts). Blocked IP addresses are automatically added to the file /etc/hosts.evil that is included by /etc/hosts.allow to block access to the machine:

$ wc -l /etc/hosts.evil
7908 /etc/hosts.evil

Visual inspection of /etc/hosts.evil suggests that some of the recent blocked IP addresses are people on the local Rogers cable network:

$ whois 99.224.86.21
[...]
NetRange:       99.224.86.0 - 99.224.87.255
CIDR:           99.224.86.0/23
Parent:         ROGERS-COM-HSD (NET-99-224-0-0-1)

The sysadmin wants to find and unblock all these IP addresses.

  1. Find some obvious Rogers IP addresses in the file:

    $ fgrep ' 99.2' /etc/hosts.evil
    sshd: 99.224.86.21
    sshd: 99.245.238.68
    sshd: 99.246.18.16
    sshd: 99.254.149.12
    sshd: 99.246.3.39
    sshd: 99.239.40.207
  2. Isolate the just IP addresses on each line:

    $ fgrep ' 99.2' /etc/hosts.evil | awk '{print $NF}'
    99.224.86.21
    99.245.238.68
    99.246.18.16
    99.254.149.12
    99.246.3.39
    99.239.40.207
  3. Write a debugging FOR loop that uses the IP addresses via command substitution and echoes them to the screen:

    $ for ip in $( fgrep ' 99.2' /etc/hosts.evil | awk '{print $NF}' ) ; do echo "IP is $ip" ; done
    IP is 99.224.86.21
    IP is 99.245.238.68
    IP is 99.246.18.16
    IP is 99.254.149.12
    IP is 99.246.3.39
    IP is 99.239.40.207
  4. Replace the debugging echo with the real unblocking command (requires privilege to work):

    $ for ip in $( fgrep ' 99.2' /etc/hosts.evil | awk '{print $NF}' ) ; do sudo /usr/share/denyhosts/DenyHosts/dh_reenable "$ip" ; done
    Done!
    Please restart denyhosts
    Done!
    Please restart denyhosts
    Done!
    Please restart denyhosts
    Done!
    Please restart denyhosts
    Done!
    Please restart denyhosts
    Done!
    Please restart denyhosts
    Done!
    Please restart denyhosts
  5. Verify that it worked:

    $ fgrep ' 99.2' /etc/hosts.evil
    $                              # no output - all addresses were removed
  6. Restart the Denyhosts package (requires privilege to work):

    $ sudo service denyhosts restart
     * Stopping DenyHosts denyhosts
       ...done.
     * Starting DenyHosts denyhosts
       ...done.

Done.

3.3 Finding world-writable files in your accountIndexup to index

The assignment Checking Programs may issue this message:

Number of world-writable pathnames in abcd0001 account: 1
       ERROR: Sysadmin do not create files that anyone can overwrite.
       ERROR:       See "Examples of uses of find" to find these files.
   ERROR(-1): Fix the permissions on these files

Don’t create files or directories that anyone (“other”) can write, except the few required ones in the one Assignment #08 HTML head directory!

You must look at all the files in your account to try to find these files or directories that you have created with “other” write permissions. You can find the files the hard way, using cd and ls, or you can do it the easy way using a recursive command:

4 Marking Scheme for Bonus Assignment #09Indexup to index

Bonus (optional) Assignment #09 HTML may be done now that you have your marks back for Midterm #2 by email. (Your marks were sent to you late Friday afternoon, March 17.) You can use this bonus assignment to make up for lost marks on your second midterm test. See the assignment for the exact Marking Scheme. There is a checking program available to check your file format for this bonus assignment, but only people who Read All These Words will know about it. Wrong format means no marks.

5 TutoringIndexup to index

Many students find that hiring a personal tutor helps them get through the first term. Financial assistance is available. See the Tutoring heading in the Course Introduction.

6 Fifteen minute rule: don’t waste your timeIndexup to index

See the Course Introduction: fifteen minute rule

7 Attacks on the HTTP port of the Course Linux SeverIndexup to index

People are using ../.. paths to try to trick the Apache Web server into revealing files: CLS Apache Web Logs

Look at the IP addresses of the attacking machines. Do you notice something interesting about the attacks on January 31 and February 2?

8 Attacks on the SSH port on three of my serversIndexup to index

Up to Sun Mar 19 23:11 EDT 2017. I did some whois lookups on a few of the IP addresses and added the network owners as comments (all from China).

8.1 Course Linux ServerIndexup to index

# Since: Jan  1 07:51:01
$ fgrep 'refused connect' /var/log/auth.log \
      | awk '{print $NF}' | sort | uniq -c | sort -nr | head
33409 (116.31.116.25)    # CHINANET Guangdong province network
10498 (153.99.182.35)    # China Unicom Jiangsu province network
10041 (218.65.30.46)     # CHINANET jiangxi province network
 9955 (182.100.67.76)
 5071 (122.194.229.16)
 3990 (218.65.30.251)
 3232 (218.65.30.80)
 3104 (61.177.172.60)
 2387 (153.99.182.11)
 2148 (116.31.116.23)

8.2 Home machine (ISPs: TekSavvy and Distributel)Indexup to index

# Since Jan  1 07:36:15
$ zfgrep 'refused connect' /var/log/auth.log{,.{?,10,11}.gz} \
    | awk '{print $NF}' | sort | uniq -c | sort -nr | head
66204 (116.31.116.53)    # CHINANET Guangdong province network
24451 (153.99.182.10)    # China Unicom Jiangsu province network
22199 (153.99.182.26)    # China Unicom Jiangsu province network
21173 (123.183.209.139)
20876 (116.31.116.36)
15789 (218.65.30.46)
13893 (58.218.200.37)
13621 (116.31.116.24)
12596 (153.99.182.39)
11666 (153.99.182.13)

8.3 Algonquin T313 Office machine (same network as CLS)Indexup to index

# Since: Feb 13 07:37:01
$ zfgrep 'refused connect' /var/log/auth.log* \
    | awk '{print $NF}' | sort | uniq -c | sort -nr | head
28235 (116.31.116.25)    # CHINANET Guangdong province network
12751 (61.177.172.60)    # CHINANET jiangsu province network
10859 (153.99.182.35)    # China Unicom Jiangsu province network
 5112 (122.194.229.16)
 4347 (153.99.182.36)
 2841 (218.65.30.251)
 1672 (218.65.30.210)
 1508 (219.153.15.82)
 1498 (209.159.145.140)
 1339 (116.31.116.53)

You’re not paranoid if they really are out to get you!

9 Career with Communications Security EstablishmentIndexup to index

Do you think you need Linux skills for this job?

sudo stop all hackers

sudo stop all hackers

Take Notes in Class

Take Notes in Class

Author: 
| Ian! D. Allen, BA, MMath  -  idallen@idallen.ca  -  Ottawa, Ontario, Canada
| Home Page: http://idallen.com/   Contact Improv: http://contactimprov.ca/
| College professor (Free/Libre GNU+Linux) at: http://teaching.idallen.com/
| Defend digital freedom:  http://eff.org/  and have fun:  http://fools.ca/

Plain Text - plain text version of this page in Pandoc Markdown format

Campaign for non-browser-specific HTML   Valid XHTML 1.0 Transitional   Valid CSS!   Creative Commons by nc sa 3.0   Hacker Ideals Emblem   Author Ian! D. Allen