Final Lab for Linux Server Course 2021 Spring

Create a web page that shows custommers from a database. Prepare to manage your computer from Hawaii. Add a new command "netsee" to system that shows networking information. Create user accounts for five of your colleagues.

Students of my Linux Server Course used their own blank virtual machines and public Internet to solve these questions. Time limit was about five hours, with 40 min lunch break. Could you have done it?

This was the final, evaluated lab exercise of Linux server course Linux palvelimet ict4tn021-3014

Preparation

Students should have

Rules in brief (they were explained in detail in the class)

Anything in the public internet (indexable by search engines) was allowed: TeroKarvinen.com, student's own homework reports, other's homework reports, old example solutions to past lab exercises, StackOverflow, software manuals...

At the start, students installed software used in evaluating the work. Installation was similar to this (software is no longer available):

"This exercise should be done on an empty machine. The evaluation package collects information from the machine and sends it to me. You must not install the package on a machine that has any confidential information."

$ wget https://terokarvinen.com/abc123/lab-installer # non-working sample URL
$ chmod u+x lab-installer
$ sudo ./lab-installer install
$ cat /tmp/task.txt

Tero's look at the results

After reading a lot of reports, logs, screenshots and other things, here are some things I noticed.

Passwords

Passwords! Use good passwords. Always use good passwords. Never use bad passwords. Never practice doing it wrong. Always practice doing it right.

If you use bad passwords, your computer will be compromized. If you have a public server, just have a look at the logs to see how many are trying.

$ sudo less /var/log/auth.log # on a public server

Good password, feel free to add a could of special characters like /&#?:

$ pwgen -s 10 1
eM2PYxaiNU

Bad passwords "march123", username "john" and password "john", "password", "salasana", "12345", "salainen". And using the same password in two different systems is bad, too. Passwords should be about 10 chars. Less than eight is definetly too little.

What Would the End User Do?

Test the end result. If you make a web app, test the final web page in a browser. If you make a script, run it. If you install sshd, try connecting it with ssh client.

Errors Are Your Friends

Errors are your friends. They tell you what the problem is. If it says you have "syntax error on line 27 in foo.conf", it's not that hard to fix it.

Errors often mean that another error is fixed. You browse to terokarvinen.com and get a timeout - bad. You fiddle with settings, browse to terokarvinen.com and you get an error "403 Forbidded" - it's good news. This error came from the daemon, so at least now your daemon (server software) is talking to you. And because it's daemon talking, you can now check the logs

$ sudo tail /var/log/apache2/error.log

Divide and Conquer!

Do the smallest testable part. Building a CRUD app (user editable database) in a production setup is a big thing. So many things could (and will) fail. Getting Apache2 web server to answer you in http://localhost is a small thing. So that's the first step.

When a small step fails, it's very easy to fix. If it used to work, and you then modified just one line, the error is likely on that one line.

Testing in small parts also greatly reduces stress.

Managing Stress

Computers never work. Or at least they don't pay you to look at computers working.

In Finland, it's illegal to sell new cars whose breaks don't have a computer. That computer mostly works. I don't think about it much.

When I was part of a group that developed a component for Aalto-1 satellite, I thought about it a lot. When Aalto-1 was in low earth orbit, I did not think about the part much - it was working, and I was looking at some new thing.

Moral of the story - as a pro, you mostly look computers not working.

When someone asks me to install a web stack, it doesn't work yet, and I'll be looking at errors. When it works, I'll go look at something else - more errors. As a computer professional, you'll be looking at a lot of errors.

Usually, the first long lab exercises are quite stressful. It's a good idea to feel that stress before needing these skills at work. Later, you usually realize that you can only do your best, it's not possible to do perfect work with limited time and resources, and everyone will be looking at broken things while fixing them.

Will it get better? You'll still be looking at errors, computers will still keep fighting you. But most likely you will feel less stress.

============================================

The Actual Lab Exercise - task.txt

The course and the this evaluated final lab were in Finnish, so the rest of this page will be in Finnish.

Tervetuloa Leili Oy:n tietohallintojohtajaksi!

Onnea! Olet nyt Leili Oy:n tietohallintojohtaja (ja -osasto).

Oma käyttäjä

Tee järjestelmään oma käyttäjä, jolla on tiedoissa oma nimesi. Laita tälle käyttäjälle ylläpito-oikeudet (sudo).

Laita tämän käyttäjäsi kotihakemistoon dokumentti 'lab.txt'. Laita tiedoston alkuun oma nimesi ja linkki kotitehtäväpakettiisi.

Laita tähän tiedot kaikista palveluista ja testit, joilla olet tarkistanut niiden toimivuuden. Laita tiedostoon myös kaikki salasanat.

Suojaa tiedosto niin, että ulkopuoliset käyttäjät eivät pysty lukemaan sitä.

Tiedoston nimen tulee olla oikein, eli se tulee löytyä 'ls /home/*/lab.txt'.

Turvallisesti etänä

Aiot kuulemma siirtyä etätöihin Hawajille. Valmistaudu ylläpitämään konetta ssh:lla. (Testaa paikallisesti, että SSH toimii).

Suojaa kone tulimuurilla.

Arvostetut asiantuntijamme

Työntekijämme ovat

Listaa käyttäjätunnukset ja salasanat aiemmin tekemääsi lab.txt tiedostoon.

Mikä verkko, mikä meininki?

Tee meille uusi komento 'netsee', joka kertoo verkon tilasta. Haluamme nähdä ainakin reititystaulun ja oman IP-osoitteen. Voit lisätä halutessasi jonkin ekstratiedon.

Komennon tulee toimia kaikilla käyttäjillä.

Referenssilista

Laitamme asiakaslistan nettiin. Menestystarinoita virtaa kuin vettä Keravanjoesta, joten tarvitsemme taustalle tehokkaan tietokannan.

Haluamme tietokannan referenssiasiakkaistamme näkyviin palvelimen etusivulle weppisivuna (osoiteeseen http://localhost). Tietokannassa tulee olla seuraavat kentät

Keksi listaan itse esimerkkiasiakkaita.

Kuormaa

Odotamme enintään 100 yhtäaikaista (samalla sekunnilla) asiakasta. Testaa, kestääkö palvelu tämän kuorman.

Testit saa tehdä ainostaan "localhost"-osoitteella ja omalla paikallisella koneella. Kuormitustestausta ei saa tehdä kenenkään toisen palvelimelle tai hostaamalle palvelimelle.

Voit käyttää työkalua "ab".

====== Huvitusta guruille ===========

Tästä alaspäin tehtävät edellyttävät enemmän soveltamista, eli kannattaa tehdä nuo helpoimmat ensin.

Kaksi nimeä, yksi IP

Laita aiemmin tehty referenssilista asiakkaista näkyviin osoitteesta "leili.example.com" ja laita toinen weppisivu osoitteeseen "hello.leili.example.com". Voit simuloida nimipalvelun toimintaa hosts-tiedoston avulla.

Haasteita: Muokattava osoitekirja

Tee weppiin osoitekirja, jota voi muokata. Laita se osoitteeseen "crm.leili.example.com".

https://TeroKarvinen.com

This page has been modified after publishing.