Scribd
Upload
77 views63 pages

Pankaj Lal Dhear TP070590 SNA Individual Assignment PDF

This document outlines an individual assignment for a System and Network Administration course, detailing the installation and configuration of various network services on a virtual machine running Rocky Linux. Key components include setting up a DNS server, DHCP server, email server, web server, and implementing SSL/TLS encryption. The assignment also includes troubleshooting sections and references for further reading.

Uploaded by

budhah282
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
77 views63 pages

Pankaj Lal Dhear TP070590 SNA Individual Assignment PDF

This document outlines an individual assignment for a System and Network Administration course, detailing the installation and configuration of various network services on a virtual machine running Rocky Linux. Key components include setting up a DNS server, DHCP server, email server, web server, and implementing SSL/TLS encryption. The assignment also includes troubleshooting sections and references for further reading.

Uploaded by

budhah282
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 63

Individual Assignment System & Network Administration APD2F2406CS(CYB)

SYSTEM AND NETWORK ADMINISTRATION


INDIVIDUAL ASSIGNMENT

Name (TP Number) : Pankaj Lal Dhear A/L Jagdish


Kumar(TP070590)

Intake Code : APD2F2406CS(CYB)

Lecturer Name : Shahab Alizadeh

Page | 1 Asia Pacific University


of Technology & Innovation
Individual Assignment System & Network Administration APD2F2406CS(CYB)

Table Of Contents
1.0 Introduction...............................................................................................................................3
1.1 Domain Name System (DNS)...............................................................................................3
1.2 Dynamic Host Configuration Protocol (DHCP)................................................................3
1.3 Email Server..........................................................................................................................4
1.4 Web Server............................................................................................................................4
1.5 Secure Sockets Layer (SSL)/Transport Layer Security (TLS)........................................4
2.0 Install Virtual Box on your machine and create a virtual machine running Rocky Linux
5
3.0 Install and configure a DNS server using BIND on the virtual machine. Ensure that the
DNS server can resolve local and external domain names
24
4.0 Install and configure a DHCP server using DHCP on the virtual machine. Configure the
DHCP server to assign IP addresses to clients on the local network.
49
5.0 Install and configure an email server using Postfix and Dovecot on the virtual machine.
Configure the email server to allow local users to send and receive emails.
58
6.0 Install and configure a web server using Apache on the virtual machine. Configure the
web server to host a basic website that can be accessed by clients on the local network.
66
7.0 Implement SSL/TLS encryption for email and web services on the virtual machine.
Generate and install SSL certificates for the email and web servers.
68
8.0 Troubleshooting Errors Encountered...................................................................................78
Error 1..............................................................................................................................................78
Error 2..............................................................................................................................................80
Error 3..............................................................................................................................................83
9.0 Conclusion...............................................................................................................................85
10.0 References................................................................................................................................86

Page | 2 Asia Pacific University


of Technology & Innovation
Individual Assignment System & Network Administration APD2F2406CS(CYB)

Figure 3.04 Network Manager Option in Virtual Box


Under the “File” option, select “Tools” to view the “Network Manager” option.

Figure 3.05 NAT Network Tab under the Network Manager Option
The screenshot depicts the Oracle VM VirtualBox Manager's Network Manager page under
the NAT Network tab. It shows a list of available network interfaces. The IPv4
prefix, IPv6 prefix, and DHCP server status are all available for each interface.

Figure 3.06 NAT Network Option for Both Rocky and Ubuntu
Figure 3.06 depicts the configuration for the network interface
"TP070590_ClientServerNet". This interface's IPv4 prefix is 192.168.30.0/24, and
DHCP is enabled. This indicates that the interface will use the DHCP protocol to
allocate IP addresses to connected devices.

Page | 3 Asia Pacific University


of Technology & Innovation
Individual Assignment System & Network Administration APD2F2406CS(CYB)

Figure 3.07 Arrow Indicating the Settings Button


Figure 3.07 shows an arrow that indicates the setting option.

Figure 3.08 Network Tab in Settings


In this screenshot, the user is selecting the newly created NAT Network to “Adapter
1” for both on the Rocky and Ubuntu VM.

Page | 4 Asia Pacific University


of Technology & Innovation
Individual Assignment System & Network Administration APD2F2406CS(CYB)

Figure 3.09 DHCP Service is Working on Rocky


This image indicates that the DHCP service is working, and the Rocky Server is able
to receive the IP Address

Figure 3.10 DHCP Service is Working on Ubuntu


Similar to what happens in Figure 3.09 but in the Ubuntu Client VM.

Page | 5 Asia Pacific University


of Technology & Innovation
Individual Assignment System & Network Administration APD2F2406CS(CYB)

Figure 3.11 Pinging Server to Client

Figure 3.12 Pinging Client to Server


This images above shows that the server and client can successfully ping to each other
with 0% packet loss.

Page | 6 Asia Pacific University


of Technology & Innovation
Individual Assignment System & Network Administration APD2F2406CS(CYB)

Figure 3.13 Hostname of Rocky Server


The command “hostname” is used to display the current hostname for the Rocky
Server.

Figure 3.14 Command to Open “hostname” File in a Text Editor


In Figure 3.14, the command "sudo nano /etc/hostname" opens the "/etc/hostname"
file in a text editor with administrative capabilities. To accomplish this activity,
the user is requested to enter their password.

Page | 7 Asia Pacific University


of Technology & Innovation
Individual Assignment System & Network Administration APD2F2406CS(CYB)

Figure 3.15 New Hostname for Rocky Server


In this file, users can insert the new hostname for the Rocky Server.

Figure 3.16 Command Used to Display Content in the “/etc/hostname” File


“cat /etc/hostname” displays the contents of the “/etc/hostname” file, which contains
the system's hostname.

Figure 3.17 Command to Open “hosts” File in a Text Editor


In Figure 3.14, the command "sudo nano /etc/hosts" opens the "/etc/hosts" file in a
text editor with administrative capabilities. To accomplish this activity, the user is
requested to enter their password.

Page | 8 Asia Pacific University


of Technology & Innovation
Individual Assignment System & Network Administration APD2F2406CS(CYB)

Figure 3.18 Using Text Editor to Modify “/etc/hosts” File


The image shows a text editor window displaying the contents of the "/etc/hosts" file.
The first two lines are standard entries for the loopback interface, while the third line
specifies the IP address 192.168.30.4 and its associated hostname,
"pankajserver.sterling.org" which shows that the system will resolve the hostname
"pankajserver.sterling.org" to the IP address 192.168.30.4.

Figure 3.19 Command Used to Display Content in the “/etc/hosts” File


The command “cat /etc/hosts” displays the contents of the “/etc/hosts” file.

Figure 3.20 Command to Reboot System


In Figure 3.20, “reboot” command is used to reboot the Rocky Server.

Page | 9 Asia Pacific University


of Technology & Innovation
Individual Assignment System & Network Administration APD2F2406CS(CYB)

Figure 3.21 Successful Ping to Server


Image above shows that the server can successfully ping to itself.

Figure 3.22 Hostname of Ubuntu Client


The command “hostname” is used to display the current hostname of the Ubuntu
Client.

Figure 3.23 Command to Open “hostname” File in a Text Editor in Ubuntu


In Figure 3.23, the command "sudo nano /etc/hostname" opens the "/etc/hostname"
file in a text editor with administrative capabilities.

Figure 3.24 New Hostname for Ubuntu Client


In this file, users can insert the new hostname for the Ubuntu Client.

Page | 10 Asia Pacific University


of Technology & Innovation
Individual Assignment System & Network Administration APD2F2406CS(CYB)

Figure 3.25 Command to Open “hosts” File in a Text Editor in Ubuntu


In Figure 3.25, the command "sudo nano /etc/hosts" opens the "/etc/hosts" file in a
text editor with administrative capabilities. To accomplish this activity, the user is
requested to enter their password.

Figure 3.26 Using Text Editor to Modify “/etc/hosts” File in Ubuntu


The image shows a text editor window displaying the contents of the “/etc/hosts” file.
The first two lines are standard entries for the loopback interface, while the third line
specifies the IP address 192.168.30.5 and its associated hostname,
“pankajclient.sterling.org”. The remaining lines are comments that provide
information about IPv6 addresses and their purpose.

Page | 11 Asia Pacific University


of Technology & Innovation
Individual Assignment System & Network Administration APD2F2406CS(CYB)

Figure 3.27 Successful Ping to Client


Image above shows that the client can successfully ping to itself.

Figure 3.28 Command to Display Details of Systems OS


The image displays the results of the "uname -a" command. The output includes
information about the system's operating system, kernel version, hostname,
architecture, and other specifications.

Page | 12 Asia Pacific University


of Technology & Innovation
Individual Assignment System & Network Administration APD2F2406CS(CYB)

Figure 3.29 Installation of BIND Package


The command "sudo dnf install -y bind bind-utils " installs the BIND package, which
are required to operate a DNS server.

Figure 3.30 Enabling the “named” Service


Figure 3.30 depicts the "sudo systemctl enable named --now" command, which is
used to start the named service, which is the DNS server, and configure it to start
automatically when the system boots.

Figure 3.31 Starting the “named” Service


The command used in this image is to start the “named” service.

Page | 13 Asia Pacific University


of Technology & Innovation
Individual Assignment System & Network Administration APD2F2406CS(CYB)

Figure 3.32 Status of “named” Service


This image shows the current status of the “named" service by using the “sudo
systemctl status named” command.

Figure 3.33 Command to Display Content of “/etc/named.conf” File


In the screenshot above, the command "ll /etc/named.conf" displays the contents of
the "/etc/named.conf" file, which is the configuration file for the specified DNS
server.

Page | 14 Asia Pacific University


of Technology & Innovation
Individual Assignment System & Network Administration APD2F2406CS(CYB)

Figure 3.34 Copying Files to a Directory and Listing Files from a Directory
The first command in Figure 3.34, “sudo cp -p /etc/named.conf /etc/named.conf.bak”,
generates a backup copy of the named DNS server's configuration file,
“/etc/named.conf”. The second command, ls -l /etc, lists the contents of the /etc
directory, which contains a variety of system configuration files.

Figure 3.35 Copied Files Existent in Directory


Files that were copied in Figure 3.34 can be found in the directory as shown in Figure
3.35.

Figure 3.36 Swapping to Root User


This command “su –“ as shown in the screenshot above is used to change the user
from “TP070590SNA” to Root.

Page | 15 Asia Pacific University


of Technology & Innovation
Individual Assignment System & Network Administration APD2F2406CS(CYB)

Figure 3.37 Modifying the “/etc/named.conf” file


The image displays the "/etc/named.conf" file, which contains three zone definitions
which are the root zone, the "sterling.org" zone, and the "30.168.192.in-addr.arpa"
zone. Each zone describes its kind which are hint, master, or slave, the file containing
zone data, and the permissible update policy.

Figure 3.38 Checking the “named” Service Configuration


This command used is to check if there are any syntax error in the “named.conf” file
along with the consistency of the file for the “named” DNS server.

Figure 3.39 Entering Directory and Listing the Files in the Directory
The first command, "cd /var/named," moves the current directory to "/var/named".
The second command, "ls -l", lists the current directory's contents, including file
names, permissions, owner, group, size, and modification date.

Page | 16 Asia Pacific University


of Technology & Innovation
Individual Assignment System & Network Administration APD2F2406CS(CYB)

Figure 3.40 Enter the Text Editor of “fwd.sterling.org.db” File


In Figure 3.40, the command “nano fwd.sterling.org.db” is used to create the file and
add contents into the file using the text editor.

Figure 3.41 RedHat Site for Contents to Put in “fwd.sterling.org.db” File


Entered the RedHat Site to copy the contents that should inserted into the new file that
is created in Figure 3.40.

Figure 3.42 Pasting Contents and Modifying


Pasting the contents from the site in Figure 3.41 and modifying it.

Page | 17 Asia Pacific University


of Technology & Innovation
Individual Assignment System & Network Administration APD2F2406CS(CYB)

Figure 3.43 New File Existent in Directory


In this image, it is visible that the new file created is existent in the “/var/named”
directory.

Figure 3.44 Enter the Text Editor of “rvs.30.168.192.db” File


Just like in Figure 3.40, the command “nano rvs.30.168.192.db” is used to create the
file and add contents into the file using the text editor.

Figure 3.45 RedHat Site for Contents to Put in “rvs.30.168.192.db” File


Entered the RedHat Site to copy the contents which is then copied into the
“rvs.30.168.192.db” file that is created and saved by doing “Ctrl + X”, then “Y”, and
“Enter”.

Page | 18 Asia Pacific University


of Technology & Innovation
Individual Assignment System & Network Administration APD2F2406CS(CYB)

Figure 3.46 Launching Terminal in Ubuntu


In Figure 3.46, it is visible that the “rvs.30.168.192.db” file is existent in the
“/var/named” directory.

Figure 3.47 Restarting and Checking Status of “named” Service


The commands “systemctl restart named” and “systemctl status named” are used to
restart the service and to then check the service status to see if its active and working
right.

Figure 3.48 Firewall Configuration


In this image, the commands "firewall-cmd --permanent --add-port=53/udp" and
"firewall-cmd --permanent --add-port=53/tcp" are used to configure the firewall
to accept incoming traffic on port 53 using both UDP and TCP protocols.

Page | 19 Asia Pacific University


of Technology & Innovation
Individual Assignment System & Network Administration APD2F2406CS(CYB)

Figure 3.49 Reload Firewall


This command is used to reload the firewall to ensure that the configurations are
saved and function well.

Figure 3.50 Modifying the “enp0s3” Configuration File


In Figure 3.50, the only thing that was modified is the “ipv4” setting by adding the
contents shown in the image above.

Figure 3.51 Modifying DNS Resolver Configuration File


Figure 3.51 depicts the "sterling.org" search domain with two DNS servers added
which are 192.168.30.4 and 8.8.8.8. This setup instructs the system to look for DNS
records in the "sterling.org" domain and resolve domain names through the provided
DNS servers.

Page | 20 Asia Pacific University


of Technology & Innovation
Individual Assignment System & Network Administration APD2F2406CS(CYB)

Figure 3.52 Restarting “named” service


The command “sudo systemctl restart named” is used here to restart the “named”
service

Figure 3.53 Proof of Operational DNS


In this screenshot, the commands "nslookup pankajserver.sterling.org" and "nslookup
pankajclient.sterling.org" show that the DNS server is operational and can resolve
hostnames to IP addresses.

Figure 3.54 Successfully Ping to Server


The server is able to ping to itself with no packet loss in Figure 3.54.

Page | 21 Asia Pacific University


of Technology & Innovation
Individual Assignment System & Network Administration APD2F2406CS(CYB)

Figure 3.55 Successfully Ping to Client


The server is able to ping to the Ubuntu Client with no packet loss in Figure 3.55.

Figure 3.56 Arrow Pointing to Wired Settings


To start with the DNS configuration on Ubuntu, the user would have to first head to
the Wired Settings option as shown in Figure 3.56.

Figure 3.57 Arrow Pointing to Settings Icon


Users will have to click on to the Settings icon.

Page | 22 Asia Pacific University


of Technology & Innovation
Individual Assignment System & Network Administration APD2F2406CS(CYB)

Figure 3.58 Insert DNS Server Manually


Under DNS, insert the ip addresses that were added in the “resolv.conf” file from the
Rocky Server as shown in Figure 3.51.

Figure 3.59 Installing a Package in Ubuntu


Figure 3.59 shows the command “sudo apt install resolvconf” to install the
“resolvconf” package.

Figure 3.60 Updating the DNS Resolver


The command "sudo resolvconf -u" updates the DNS resolver configuration based on
the current network settings.

Figure 3.61 Launching Terminal in Ubuntu


The screenshot depicts the DNS resolver's configuration file. The file contains two
lines that define the DNS servers to be used which are 192.168.30.4 and 8.8.8.8.

Page | 23 Asia Pacific University


of Technology & Innovation
Individual Assignment System & Network Administration APD2F2406CS(CYB)

Figure 3.62 Configure NetworkManager File


The file in the image is the NetworkManager's configuration file which is
"/etc/NetworkManager/conf.d/10-dns.conf". The only setting that was changed in
this file is under "main"; DNS was changed to "none"

Figure 3.63 Displaying Contents of “/etc/resolv.conf” File


“sudo cat /etc/resolv.conf” is used to display the contents that are in the
“/etc/resolv.conf” file and to ensure that the changes made were saved.

Page | 24 Asia Pacific University


of Technology & Innovation
Individual Assignment System & Network Administration APD2F2406CS(CYB)

Figure 3.64 Proof of Operational DNS on Ubuntu


Just like in Figure 3.53, this image above shows that the DNS server is operational
and can resolve hostnames to IP addresses on the Ubuntu Client.

Figure 3.65 Pinging to Server


The client is able to ping to the server with no packet loss.

Figure 3.66 Pinging to Client


The client is able to ping to itself with no packet loss.

Page | 25 Asia Pacific University


of Technology & Innovation
Individual Assignment System & Network Administration APD2F2406CS(CYB)

3.0 Install and configure a DHCP server using DHCP on the virtual
machine. Configure the DHCP server to assign IP addresses to clients
on the local network.

Figure 4.01 Display Network Interfaces Details


"ip addr" displays information about the system's network interfaces. The output
contains information on the "lo" and "enp0s3" network interfaces. The "lo" interface
is the loopback interface for local communication, whereas the "enp0s3" interface is
a physical Ethernet interface.

Figure 4.02 Display the Files in Specific Directory


The image depicts a tool that lists the contents of the "/etc/NetworkManager/system-
connections/" directory, which contains configuration files for NetworkManager.

Page | 26 Asia Pacific University


of Technology & Innovation
Individual Assignment System & Network Administration APD2F2406CS(CYB)

Figure 4.03 Accessing the NetworkManager “enp0s3” Connection Configuration File

Figure 4.04 NetworkManager “enp0s3” Connection Configuration File Settings


Figure 4.03 shows the command to open the "/etc/NetworkManager/system-
connections/enp0s3.nmconnection" file in a text editor with administrative rights.
Figure 4.04 displays the network parameters from the NetworkManager "enp0s3"
connection configuration file.

Figure 4.05 Installation of “dhcp-server” Package


The command "sudo dnf install -y dchp-server" installs the "dhcp-server" package,
which includes a DHCP server that dynamically assigns IP addresses to network
devices.

Page | 27 Asia Pacific University


of Technology & Innovation
Individual Assignment System & Network Administration APD2F2406CS(CYB)

Figure 4.06 Modifying the DHCP Configuration File using Text Editor
The image depicts a text editor window displaying the contents of the
“/etc/dhcp/dhcpd.conf” file, which serves as the DHCP server's configuration. The file
contains DHCP server parameters such as default and maximum lease times,
authoritative status, subnet to be serviced, IP address range to be assigned, router
address, subnet mask, and DNS servers to be used. These configurations instruct the
DHCP server to offer IP addresses and other network information to clients on the
specified network.

Figure 4.07 Enabling the “dhcpd” Service

Figure 4.08 Starting the “dhcpd” Service


“sudo systemctl enable --now dhcpd.service” and “sudo systemctl start dhcpd” is used
to start and enable the dhcpd service which is known to be the DHCP server.

Page | 28 Asia Pacific University


of Technology & Innovation
Individual Assignment System & Network Administration APD2F2406CS(CYB)

Figure 4.09 Status of the “dhcpd” Service


The image above shows the status of the “dhcpd” service to check if the service is
working properly or if there are any errors.

Figure 4.10 DHCP Firewall Configuration


The first command in Figure 4.10 shows that the user is adding the DHCP service into
the firewall and the second command shows that the user is reloading the firewall to
ensure the changes are saved.

Figure 4.11 Network Manager Option in Virtual Box


Under the “File” option, select “Tools” to view the “Network Manager” option.

Page | 29 Asia Pacific University


of Technology & Innovation
Individual Assignment System & Network Administration APD2F2406CS(CYB)

Figure 4.12 Disabling DHCP


The DHCP service for the configuration of the network interface
"TP070590_ClientServerNet" has been disabled.

Figure 4.13 Viewing Details of the “enp0s3” Network Interface


The “nmcli” command manages network connections. The output displays
details about the “enp0s3” network interface, such as its connection status, device
name, hardware address, and IPv4 settings.

Page | 30 Asia Pacific University


of Technology & Innovation
Individual Assignment System & Network Administration APD2F2406CS(CYB)

Figure 4.14 Circle Showing Wired Setting Option


The “Wired Setting” is circled to indicate that the user will enter into the wired setting
to start the DHCP settings.

Figure 4.15 Arrow Pointing to Settings Icon in Rocky


Users will have to click on to the Settings icon.

Page | 31 Asia Pacific University


of Technology & Innovation
Individual Assignment System & Network Administration APD2F2406CS(CYB)

Figure 4.16 The Identity Tab


The image above shows the Identity Tab where it shows the name of the interface.

Figure 4.17 Displaying All Files in the “/etc/NetworkManager/system-connections/”


Directory
The command “sudo ls -l /etc/NetworkManager/system-connections/” is used to
display all files in the “/etc/NetworkManager/system-connections/” directory.

Figure 4.18 Command to Edit the File Using Text Editor


Figure 4.18 shows the command that opens the “/etc/NetworkManager/system-
connections/enp0s3.nmconnection” file in a text editor with administrative access.

Figure 4.19 Restart and Check Status of NetworkManager


The command “sudo systemctl restart NetworkManager” is used to restart the
NetworkManager service and the “sudo systemctl status NetworkManager” command
is used to check to see if the service is operational.

Page | 32 Asia Pacific University


of Technology & Innovation
Individual Assignment System & Network Administration APD2F2406CS(CYB)

Figure 4.20 Interface Successfully Connected to Wired Connection


The image above shows the interface linked to a wired network via an Intel 82540EM
Ethernet adapter, with an IPv4 address of 192.168.30.80/24. The DNS servers
assigned to the interface are 192.168.30.4 and 8.8.8.8.

Figure 4.21 Pinging to Server


Figure 4.21 shows that the client is able to ping to the server with 0% packet loss.

Page | 33 Asia Pacific University


of Technology & Innovation
Individual Assignment System & Network Administration APD2F2406CS(CYB)

Figure 4.22 Testing Internet Connectivity


There are results as shown in Figure 4.22 shows that the connection is working as it
should.

Page | 34 Asia Pacific University


of Technology & Innovation
Individual Assignment System & Network Administration APD2F2406CS(CYB)

4.0 Install and configure an email server using Postfix and Dovecot on
the virtual machine. Configure the email server to allow local users to
send and receive emails.

Figure 5.01 Installation of Both “postfix” and “dovecot” Packages


The command as shown in Figure 5.01 is used to install both the “postfix” and
“dovecot” packages in one.

Figure 5.02 Command to Edit the File Using Text Editor

Figure 5.03 Setting the Emails Hostname

Figure 5.04 Setting the Emails Domain

Figure 5.05 Setting the “myorigin” Parameters

Page | 35 Asia Pacific University


of Technology & Innovation
Individual Assignment System & Network Administration APD2F2406CS(CYB)

Figure 5.06 Changing the “inet_interfaces” and “inet_protocols”

Figure 5.07 “mydestination” Parameters

Figure 5.08 “home_mailbox” Parameters

Figure 5.09 “mynetworks” Parameters

Figure 5.10 Additional Configuration

Figure 5.11 Extra SMTP Port Configuration


The command in Figure 5.02 opens the "/etc/postfix/main.cf" file in a text editor that
has administrative capabilities. The file is Postfix's main configuration file. In Figure
5.03, the hostname is utilized to identify the server on the network and to perform
other email-related tasks. The domain name identifies the email addresses linked with
the server in Figure 5.04. Figure 5.05 shows two lines in the configuration file that
define the "myorigin" parameter as "$myhostname" and "$mydomain". In the
following part in the file, as shown in Figure 5.06, change the “inet_interfaces” and
“inet_protocols” to all. In Figure 5.07, the line specifies the
"mydestination" parameter, which determines where the server sends emails
addressed to local recipients. The line defines the "home_mailbox" parameter, which
determines where the server will store incoming emails for local users, as seen in
Figure 5.08. Figure 5.09 shows that the setting specifies the "mynetworks" option,

Page | 36 Asia Pacific University


of Technology & Innovation
Individual Assignment System & Network Administration APD2F2406CS(CYB)

which sets the IP address ranges that the server deems local. Figure 5.10 shows the
section of the file which provides settings relating to SMTP authentication and
permission. The "smtpd_sasl_type" and "smtpd_sasl_path" lines define the SASL
authentication method and path, respectively. The "smtpd_sasl_auth_enable" line
allows SASL authentication. The "smtpd_sasl_security_options" line indicates that
anonymous authentication is not permitted. The "smtpd_sasl_local_domain" line
configures the local domain for SASL authentication. The
"smtpd_recipient_restrictions" line specifies the constraints for receiving emails. The
"disable_verify_command" line disables the VERIFY command, which checks the
existence of email addresses. Finally in Figure 5.11, this parameter configures the
server to accept SMTP connections on a certain port, usually 587 for secure
connections. Once the file configuration is completed, press “Ctrl + X’, then “Y”, and
“Enter” to save the file modifications.

Figure 5.12 Restarting the Postfix Service

Figure 5.13 Enabling the Postfix Service


Figure 5.12 shows that the Postfix service is being restarted and enabled in Figure
5.13.

Figure 5.14 Command to Edit the “dovecot.conf” File Using Text Editor

Figure 5.15 Protocols Used


The command in Figure 5.14 opens the file in a text editor that has administrative
capabilities. Figure 5.15 shows the protocols that are the dovecot service accepts.

Page | 37 Asia Pacific University


of Technology & Innovation
Individual Assignment System & Network Administration APD2F2406CS(CYB)

Figure 5.16 Command to Edit the “10-mail.conf” File Using Text Editor

Figure 5.17 Text Editor of the ““10-mail.conf” File


Figure 5.16 shows a command that gives administrative capabilities to modify the
“10-mail.conf” file and Figure 5.17 shows the contents of the “10-mail.conf" file.

Figure 5.18 Command to Edit the “10-auth.conf” File Using Text Editor

Figure 5.19 “disable_plaintext_auth” Parameter

Figure 5.20 “auth_mechanisms” Parameter


Figure 5.18 shows a command that gives administrative capabilities to modify the
“10-auth.conf” file. Figure 5.19 shows that the server will allow users to authenticate
without utilizing encryption. The line in Figure 5.20 indicates that the only
acceptable mechanism is "plain," which implies users will authenticate using their
username and password in plain text.

Page | 38 Asia Pacific University


of Technology & Innovation
Individual Assignment System & Network Administration APD2F2406CS(CYB)

Figure 5.21 Command to Edit the “10-master.conf” File Using Text Editor

Figure 5.22 Contents of “10-master.conf” File


The command in Figure 5.21 opens the file in a text editor that has administrative
capabilities. Figure 5.22 shows that the user has set the parameters of “user” and
“group” to postfix.

Figure 5.23 Command to Edit the “10-ssl.conf” File Using Text Editor

Figure 5.24 Contents of “10-ssl.conf” File


Figure 5.23 shows a command that gives administrative capabilities to modify the
“10-ssl.conf” file. In Figure 5.24, the user has set the “ssl” parameter to yes.

Page | 39 Asia Pacific University


of Technology & Innovation
Individual Assignment System & Network Administration APD2F2406CS(CYB)

Figure 5.25 Restarting and Enabling Dovecot Service


The commands shown in Figure 5.25 indicates that the Dovecot service has been
restarted and enabled.

Figure 5.26 Creating a New User


In the first command, "sudo useradd raheem", adds a new user named raheem. The
second command, "sudo passwd raheem", asks the user to create a new password for
the raheem account. After entering the password again for confirmation, the system
states that the password has been successfully updated.

Figure 5.27 Firewall Configuration


The screenshot above shows that the smtp, smtp-submission, pop3, imap, pop3s, and
imaps services has been added into the firewall. After the service has been added,
the user reloads the firewall.

Page | 40 Asia Pacific University


of Technology & Innovation
Individual Assignment System & Network Administration APD2F2406CS(CYB)

Figure 5.28 Installation of Thunderbird


The command in Figure 5.28 is to install the Thunderbird email client into Ubuntu
Client.

Figure 5.29 Arrow Pointing to Thunderbird Mail


The red arrow shows the Thunderbird Mail application.

Page | 41 Asia Pacific University


of Technology & Innovation
Individual Assignment System & Network Administration APD2F2406CS(CYB)

Figure 5.30 Login Details


In the image above shows the login credentials of the created user in Rocky Linux
earlier.

Figure 5.31 Successful Login


A green checkmark indicates that the application successfully located a service
configuration using common server names.

Page | 42 Asia Pacific University


of Technology & Innovation
Individual Assignment System & Network Administration APD2F2406CS(CYB)

5.0 Install and configure a web server using Apache on the virtual
machine. Configure the web server to host a basic website that can be
accessed by clients on the local network.

Figure 6.01 Installation of “httpd” Package


This command installs the Apache HTTP server.

Figure 6.02 Command to Edit the “httpd.conf” File Using Text Editor

Figure 6.03 “ServerAdmin” and “ServerName” Parameters

Figure 6.04 “ErrorLog” Line

Figure 6.05 “LoadModule”

Line
Page | 43 Asia Pacific University
of Technology & Innovation
Individual Assignment System & Network Administration APD2F2406CS(CYB)

Figure 6.06 “Directory” Lines


In Figure 6.03, the "ServerName" is set to "pankaj.sterling.org:80", which means that
the server will listen for connections on port 80 and may be reached via the domain
name "pankaj.sterling.org". Figure 6.04 shows where the error messages will be
stored. The "LoadModule" line loads modules that provide functionality to the server
as shown in Figure 6.05. Finally, Figure 6.06 indicates that all requests to this
directory will be rejected, preventing unwanted access to the files and content
contained within it.

Figure 6.07 Change the Ownership and Permissions of the Directories


The first command, "sudo chown -R apache:apache /var/www/html", assigns
ownership of the “/var/www/html” directory and all of its directories to the
apache
user and group. The second command, "sudo chmod -R 755 /var/www/html", changes
the permissions of the “/var/www/html” directory and all of its directories to 755.

Figure 6.08 HTML File Creation of Web Server


This command is to create a HTML file for the web server and once accessed, the
message “Welcome to pankaj.sterling.org” will be shown on the web page.

Figure 6.09 Restarting and Enabling the “httpd” service


Figure 6.09 shows that the “httpd" service is being restarted and enabled.

Page | 44 Asia Pacific University


of Technology & Innovation
Individual Assignment System & Network Administration APD2F2406CS(CYB)

Figure 6.10 Firewall Configuration for Necessary Ports


The commands shown in the screenshot indicate that the 80/tcp and 443/tcp ports
were added to the firewall. Once added, the firewall is then restarted.

Figure 6.11 Web Page Accessible


Figure 6.11 shows that the site is Accessible in Mozilla FireFox Browser using
Ubuntu Client with the message displayed.

6.0 Implement SSL/TLS encryption for email and web services on the
virtual machine. Generate and install SSL certificates for the
email and web servers.

Figure 7.01 Installation of “mod-ssl” Package


The command used in the image above is to install the “mod-ssl” package.

Page | 45 Asia Pacific University


of Technology & Innovation
Individual Assignment System & Network Administration APD2F2406CS(CYB)

Figure 7.02 Creation of Self-Signed SSL/TLS


The command in this image generates a server's self-signed SSL/TLS certificate and
private key.

Figure 7.03 Certificate Security Pass Phrase


In Figure 7.03, the image shows the password for an SSL/TLS certificate's private
key. To verify, the user must input the same passphrase twice. This is a security
mechanism to prevent unwanted access to the private key, which is required to
encrypt and decrypt data delivered over a secure connection.

Figure 7.04 Information for the Certificate


The user is prompted to enter information such as country, state, area, organization
name, organizational unit name, common name, and email address. This information
will be used to generate a certificate that identifies the server and creates trust among
clients that connect to it.

Figure 7.05 Command to Edit the “ssl.conf” File Using Text Editor

Figure 7.06 “DocumentRoot” and “ServerName” from the “ssl.conf” file

Page | 46 Asia Pacific University


of Technology & Innovation
Individual Assignment System & Network Administration APD2F2406CS(CYB)

Figure 7.07 Pathway of Both Certificate and Certificate Key File


In the Figure 7.05, it shows the command to access the “/etc/httpd/conf.d/ssl.conf”
using the text editor. The "DocumentRoot" directive specifies the directory where the
virtual host will provide web content, in this screenshot "/var/www/html". The
"ServerName" directive specifies the server name and port number of the virtual host
"pankajserver.sterling.org:443" as shown in Figure 7.06. Finally, in Figure 7.07 The
"SSLCertificateFile" directive defines the path to the SSL certificate file,
"/etc/pki/tls/certs/server.crt". The "SSLCertificateKeyFile" directive defines the path
of the certificate's private key file, which is "/etc/pki/tls/private/server.key".

Figure 7.08 HTTPS Firewall Configuration


The command “sudo firewall-cmd --permanent --add-service=https” is used to add the
HTTPS service into the firewall.

Figure 7.09 Restart the HTTPD Service


In this image, the HTTPD service is restarted and the output as shown in the image
prompts the user to input their pass phrase set earlier.

Page | 47 Asia Pacific University


of Technology & Innovation
Individual Assignment System & Network Administration APD2F2406CS(CYB)

Figure 7.10 Web Page Warning


The image shows a warning message where the user will click on the “Advanced”
button. Under the Advanced section, the error code shows that the web site is using
a self-signed certificate.

Figure 7.11 Successfully Applied Self-Signed Certificate


In Figure 7.11, it is visible that that the Self-Signed Certificate is working well by
looking at the web address and the lock icon.

Figure 7.12 Creation of Self-Signed SSL/TLS


Just like in Figure 7.02, The command in this image generates a server's self-signed
SSL/TLS certificate and private key.

Page | 48 Asia Pacific University


of Technology & Innovation
Individual Assignment System & Network Administration APD2F2406CS(CYB)

Figure 7.13 Information for the Certificate


Similar to Figure 7.04, The user is prompted to enter information such as country,
state, area, organization name, organizational unit name, common name, and email
address. This information will be used to generate a certificate that identifies the
server and creates trust among clients that connect to it.

Figure 7.14 Command to Edit the Postfix Configuration File Using Text Editor

Figure 7.15 Pathway of TLS Certificates

Figure 7.16 Additional Settings in Configuration File


In Figure 7.15, the "smtpd_tls_cert_file" and "smtpd_tls_key_file" directives define
the paths to the SSL certificate and private key files, respectively. These files are
required for the server to support secure SMTP connections via SSL/TLS encryption.
Figure 7.16 the file contains settings related to SSL/TLS encryption for the SMTP
server.

Page | 49 Asia Pacific University


of Technology & Innovation
Individual Assignment System & Network Administration APD2F2406CS(CYB)

Figure 7.17 Command to Edit the Postfix Master Configuration File Using Text
Editor

Figure 7.18 Web Page Accessible

Figure 7.19 Web Page Accessible


For Figure 7.18, the lines in the screenshot define the parameters for the submission
service, which accepts incoming emails from external clients. The "syslog_name"
option configures the name of the submission service's syslog record. The
"smtpd_sasl_auth_enable" option is set to yes, indicating that the submission service
uses SASL authentication. As for the Figure 7.19, The smtps line specifies the
submission service, which listens on the inet interface. The "syslog_name" parameter
specifies the name of the submission service's syslog entry. The
"smtpd_tls_wrappermode" option is set to yes, indicating that the submission service
uses SSL/TLS encryption. The "smtpd_sasl_auth_enable" option is set to yes,
indicating that the submission service uses SASL authentication.

Figure 7.20 Command to Edit the Dovecot Configuration File Using Text Editor

Figure 7.21 Protocols Being Used


The command in Figure 7.20 opens the file in a text editor that has administrative
capabilities. In Figure 7.21, it shows the protocols that are being used for the dovecot
service. In this line, the protocol “submission” has been removed.

Page | 50 Asia Pacific University


of Technology & Innovation
Individual Assignment System & Network Administration APD2F2406CS(CYB)

Figure 7.22 Command to Edit the “10-ssl.conf” File Using Text Editor

Figure 7.23 Pathways of the SSL Certificate and Key


The command in Figure 7.22 opens the file in a text editor that has administrative
capabilities. In Figure 7.23, the lines "ssl_cert" and "ssl_key" specify the paths to the
SSL certificate and private key files, respectively.

Figure 7.24 Adding Services to the Firewall


“imaps”, “pop3s”, “smtps”, and “smtp-s” services are all being added into the
firewall. Once added the firewall is then reloaded as shown in Figure 7.24.

Figure 7.25 Arrow Pointing to Account Settings and Users Email


To begin with the applying the certificate into Thunderbird Mail, users will have to
click on the users email account, in this case “[email protected]”,
then click on “Account Settings” as shown in the image using the arrow.

Page | 51 Asia Pacific University


of Technology & Innovation
Individual Assignment System & Network Administration APD2F2406CS(CYB)

Figure 7.26 Arrow Pointing to Server Settings


The users will then have to head to the “Server Settings” tab.

Figure 7.27 Editing SMTP Server


In this image, there are four arrows. The first arrow is for users to click on “Edit
SMTP Server” button. Then in the Editing SMTP Server tab, the user will select the
“STARTTLS” connection security, set the port to the default number which is 587,
and insert the User Name which is “raheem”.

Page | 52 Asia Pacific University


of Technology & Innovation
Individual Assignment System & Network Administration APD2F2406CS(CYB)

Figure 7.28 Sending Mail to Client


Figure 7.28 shows that the user on Rocky sends a mail to the user “raheem”.

Figure 7.29 Receiving Mail on Thunderbird Mail


This image shows that the user has successfully received the mail sent by the user
from Rocky.

Page | 53 Asia Pacific University


of Technology & Innovation
Individual Assignment System & Network Administration APD2F2406CS(CYB)

Figure 7.30 Client Sending Mail on Thunderbird Mail


The image shows the page to send the mail to the Rocky Server’s user.

Figure 7.31 Mail Being Sent


Figure 7.31 shows that the mail can be sent without any error message popping up.

Page | 54 Asia Pacific University


of Technology & Innovation
Individual Assignment System & Network Administration APD2F2406CS(CYB)

7.0 Troubleshooting Errors Encountered

Error 1

Figure 8.01 Command to Install BIND


The image above shows the command to install the BIND package.

Figure 8.02 Error When Installing BIND


In the image, it shows that the error is caused due to the existence of the “bind-libs”
from the BIND package

Page | 55 Asia Pacific University


of Technology & Innovation
Individual Assignment System & Network Administration APD2F2406CS(CYB)

Figure 8.03 Searching for “bind-libs”

Figure 8.05 Web Page Accessible

In Figure 8.03, the command “sudo dnf search bind-libs” to search for “bind-libs” in
the system. Once located, remove it using the “sudo dnf remove bind-libs” command
and reinstall BIND.

Page | 56 Asia Pacific University


of Technology & Innovation
Individual Assignment System & Network Administration APD2F2406CS(CYB)

Error 2

Figure 8.04 The “10-ssl.conf” File Contents


The image above shows the contents of the “10-ssl.conf” file using the text editor.

Page | 57 Asia Pacific University


of Technology & Innovation
Individual Assignment System & Network Administration APD2F2406CS(CYB)

Figure 8.06 Web Page Accessible

Figure 8.07 Web Page Accessible

Figure 8.08 Web Page Accessible

Figure 8.09 Web Page Accessible


In the images above from Figure 8.06 to Figure 8.09, it shows that the Dovecot
service cannot be restarted as there is a “Fatal” error that says “Can’t open file
/etc/pki/dovecot/private/dovecot.key: No such file or directory.

Page | 58 Asia Pacific University


of Technology & Innovation
Individual Assignment System & Network Administration APD2F2406CS(CYB)

Figure 8.10 Modifying the “10-ssl.conf” File


Under the “ssl_key”, replace the end of the file path from “.key” to “.pem”

Figure 8.11 Restarting and Enabling Dovecot Service

Figure 8.12 Inspecting Status of Dovecot Service


In Figure 8.11, it is visible that the user is able to restart and enable the Dovecot
service without any error. Figure 8.12 shows that the Dovecot service is active and
running as it should without any error.

Page | 59 Asia Pacific University


of Technology & Innovation
Individual Assignment System & Network Administration APD2F2406CS(CYB)

Error 3

Figure 8.13 Postfix Service Restart Failure


In Figure 8.13, it shows that the Postfix service is unable to restart.

Figure 8.14 Status of the Postfix Service

Figure 8.15 Fatal Errors Shown in Service Status


The command “sudo systemctl status postfix” is used to identify the error as shown in
Figure 8.14. In Figure 8.15, it is shown that there are multiple fatal errors.

Page | 60 Asia Pacific University


of Technology & Innovation
Individual Assignment System & Network Administration APD2F2406CS(CYB)

Figure 8.16 Stop and Start the Postfix Service

Figure 8.17 Functional and Operational Service is Shown


To resolve the error, all the user has to do is stop the Postfix service and start it again
as shown in Figure 8.16. Once that’s completed, check the status by using the “sudo
systemctl status postfix” command to see if the error has been resolved. Finally, in
Figure 8.17 shows that the Postfix service is functioning well.

Page | 61 Asia Pacific University


of Technology & Innovation
Individual Assignment System & Network Administration APD2F2406CS(CYB)

9.0 Conclusion
To summarize, the project successfully constructed a working network infrastructure that
included DNS, DHCP, email, and web servers, as well as SSL/TLS encryption. The
virtual network environment was created using virtual machines that ran Rocky Linux
and Ubuntu Linux. The system was created to satisfy the needs of a small firm by
offering critical network services for communication and data exchange. The integration
of these components produced a dependable and secure network infrastructure capable
of meeting a variety of organizational requirements.

Page | 62 Asia Pacific University


of Technology & Innovation
Individual Assignment System & Network Administration APD2F2406CS(CYB)

10.0 References
1. Buzdar, K. (2019, March 18). Karim Buzdar. VITUX.
https://vitux.com/how-to-install-and-setup-thunderbird-email-client-in-ubuntu/
2. Codex, A. C. (2024, February 18). Installing Apache web server on Rocky Linux
9. Reintech media.
https://reintech.io/blog/installing-apache-web-server-on-rocky-linux-9
3. Codex, A. C. (2024, March 5). Setting up Postfix Mail Server on Rocky Linux
9. Reintech media.
https://reintech.io/blog/setting-up-postfix-mail-server-rocky-linux-9
4. Domain name system (DNS). Internet Society. (n.d.).
https://www.internetsociety.org/issues/past-categories/domain-name-system-dns/
5. Gillis, A. S. (2023, January 4). What is DHCP (dynamic host
configuration protocol)?. Networking.
https://www.techtarget.com/searchnetworking/definition/DHCP
6. MozDevNet. (n.d.). What is a web server? - learn web development: MDN. MDN
Web Docs.
https://developer.mozilla.org/en-
US/docs/Learn/Common_questions/Web_mechanics/What_is_a_web_server
7. Sharma, H. (2024, July 12). What is an email server and how does it work.
Mailmodo.
https://www.mailmodo.com/guides/email-server/
8. What is SSL/TLS encryption?. F5, Inc. (n.d.).
https://www.f5.com/glossary/ssl-tls-encryption

Page | 63 Asia Pacific University


of Technology & Innovation

You might also like