1. CONFIGURING THE DATE AND TIME - Kennesaw State …



IT5423: System AdministrationLab 5Total points: 100Name: _______________________Learning objectives:You will inspect and configure date and time with troubleshootingContents TOC \o "1-3" \h \z \u 1. CONFIGURING THE DATE AND TIME PAGEREF _Toc501783669 \h 1Using the?timedatectl?Command PAGEREF _Toc501783670 \h 2Displaying the Current Date and Time PAGEREF _Toc501783671 \h 2Changing the Current Time PAGEREF _Toc501783672 \h 3Changing the Current Date PAGEREF _Toc501783673 \h 4Changing the Time Zone PAGEREF _Toc501783674 \h 4Synchronizing the System Clock with a Remote Server PAGEREF _Toc501783675 \h 52. MANAGING USERS AND GROUPS PAGEREF _Toc501783676 \h 6Reserved User and Group IDs PAGEREF _Toc501783677 \h 6Shadow Passwords PAGEREF _Toc501783678 \h 6Adding a New User PAGEREF _Toc501783679 \h 83. Installing MySQL PAGEREF _Toc501783680 \h 15References PAGEREF _Toc501783681 \h 171. CONFIGURING THE DATE AND TIMEModern operating systems distinguish between the following two types of clocks:A?real-time clock?(RTC), commonly referred to as a?hardware clock, (typically an integrated circuit on the system board) that is completely independent of the current state of the operating system and runs even when the computer is shut down.A?system clock, also known as a?software clock, that is maintained by the kernel and its initial value is based on the real-time clock. Once the system is booted and the system clock is initialized, the system clock is completely independent of the real-time clock.Using the?timedatectl?CommandThe?timedatectl?utility is distributed as part of the?systemd?system and service manager and allows you to review and change the configuration of the system clock. You can use this tool to change the current date and time, set the time zone, or enable automatic synchronization of the system clock with a remote server.?Displaying the Current Date and TimeTo display the current date and time along with detailed information about the configuration of the system and hardware clock, run the?timedatectl?command with no additional command line options:timedatectlThis displays the local and universal time, the currently used time zone, the status of the Network Time Protocol (NTP) configuration, and additional information related to DST.Example.?Displaying the Current Date and TimeThe following is an example output of the?timedatectl?command on a system that does not use?NTP?to synchronize the system clock with a remote server:~]$?timedatectl Local time: Mon 2016-09-16 19:30:24 CEST Universal time: Mon 2016-09-16 17:30:24 UTC Timezone: Europe/Prague (CEST, +0200) NTP enabled: noNTP synchronized: no RTC in local TZ: no DST active: yes Last DST change: DST began at Sun 2016-03-31 01:59:59 CET Sun 2016-03-31 03:00:00 CEST Next DST change: DST ends (the clock jumps one hour backwards) at Sun 2016-10-27 02:59:59 CEST Sun 2016-10-27 02:00:00 CETImportantChanges to the status of?chrony?or?ntpd?will not be immediately noticed by?timedatectl. If changes to the configuration or status of these tools is made, enter the following command:~]#?systemctl restart systemd-timedated.serviceChanging the Current TimeTo change the current time, type the following at a shell prompt as?root:timedatectl set-time HH:MM:SSReplace?HH?with an hour,?MM?with a minute, and?SS?with a second, all typed in two-digit form.This command updates both the system time and the hardware clock. The result it is similar to using both the?date --set?and?hwclock --systohc?commands.The command will fail if an?NTP?service is enabled. The?NTP?service can be enabled and disabled using a command as follows:timedatectl set-ntp booleanTo enable your system to synchronize the system clock with a remote?NTP?server, replace?boolean?with?yes?(the default option). To disable this feature, replace?boolean?with?no.To enable automatic synchronization of the system clock with a remote server, type:~]#?timedatectl set-ntp yesTo enable automatic synchronization of the system clock with a remote server, type:~]#?timedatectl set-ntp noChanging the Current DateTo change the current date, type the following at a shell prompt as?root:timedatectl set-time YYYY-MM-DDReplace?YYYY?with a four-digit year,?MM?with a two-digit month, and?DD?with a two-digit day of the month.Note that changing the date without specifying the current time results in setting the time to 00:00:00.Now, can you change the current date with a new date after one year? For example, if today is 2017-12-06, the new date should be 2018-12-06. Show the command and the result with a screenshot. [10 points]Example.?Changing the Current DateTo change the current date to 2 June 2017 and keep the current time (11:26 p.m.), run the following command as?root:~]#?timedatectl set-time 2017-06-02 23:26:00 Changing the Time ZoneTo list all available time zones, type the following at a shell prompt:timedatectl list-timezonesTo change the currently used time zone, type as?root:timedatectl set-timezone time_zoneReplace?time_zone?with any of the values listed by the?timedatectl list-timezonescommand.Example.?Changing the Time ZoneTo identify which time zone is closest to your present location, use the?timedatectlcommand with the?list-timezones?command line option. For example, to list all available time zones in Europe, type:~]#?timedatectl list-timezones | grep EuropeEurope/AmsterdamEurope/AndorraEurope/AthensEurope/BelgradeEurope/BerlinEurope/Bratislava…To change the time zone to?Europe/Prague, type as?root:~]#?timedatectl set-timezone Europe/PragueNow, can you change the timezone to Europe/Zurich? Show a screenshot of the command and the result? [10 points]Synchronizing the System Clock with a Remote ServerAs opposed to the manual adjustments described in the previous sections, the?timedatectlcommand also allows you to enable automatic synchronization of your system clock with a group of remote servers using the?NTP?protocol. Enabling NTP enables the?chronyd?or?ntpd?service, depending on which of them is installed.The?NTP?service can be enabled and disabled using a command as follows:timedatectl set-ntp booleanTo enable your system to synchronize the system clock with a remote?NTP?server, replace?boolean?with?yes?(the default option). To disable this feature, replace?boolean?with?no.Example.?Synchronizing the System Clock with a Remote ServerTo enable automatic synchronization of the system clock with a remote server, type:~]#?timedatectl set-ntp yesThe command will fail if an?NTP?service is not installed. 2. MANAGING USERS AND GROUPSWhile users can be either people (meaning accounts tied to physical users) or accounts that exist for specific applications to use, groups are logical expressions of organization, tying users together for a common purpose. Users within a group share the same permissions to read, write, or execute files owned by that group.Each user is associated with a unique numerical identification number called a?user ID?(UID). Likewise, each group is associated with a?group ID?(GID). A user who creates a file is also the owner and group owner of that file. The file is assigned separate read, write, and execute permissions for the owner, the group, and everyone else. The file owner can be changed only by?root, and access permissions can be changed by both the?root?user and file owner.Reserved User and Group IDsRed?Hat Enterprise?Linux reserves user and group IDs below 1000 for system users and groups. By default, the?User Manager?does not display the system users. Reserved user and group IDs are documented in the?setup?package. To view the documentation, use this command:cat /usr/share/doc/setup*/uidgidThe recommended practice is to assign IDs starting at 5,000 that were not already reserved, as the reserved range can increase in the future. To make the IDs assigned to new users by default start at 5,000, change the?UID_MIN?and?GID_MIN?directives in the?/etc/login.defsfile:[file contents truncated]UID_MIN 5000[file contents truncated]GID_MIN 5000[file contents truncated]For users created before you changed?UID_MIN?and?GID_MIN?directives, UIDs will still start at the default 1000.Shadow PasswordsIn environments with multiple users, it is very important to use?shadow passwords?provided by the?shadow-utils?package to enhance the security of system authentication files. For this reason, the installation program enables shadow passwords by default.The following is a list of the advantages shadow passwords have over the traditional way of storing passwords on UNIX-based systems:Shadow passwords improve system security by moving encrypted password hashes from the world-readable?/etc/passwd?file to?/etc/shadow, which is readable only by the?root?user.Shadow passwords store information about password aging.Shadow passwords allow to enforce some of the security policies set in the?/etc/login.defs?file.Inspect the login.defs file in your VM and provide a screenshot showing: LOGIN_RETRIES and LOGIN_TIMEOUT [10 points]Most utilities provided by the?shadow-utils?package work properly whether or not shadow passwords are enabled. However, since password aging information is stored exclusively in the?/etc/shadow?file, some utilities and commands do not work without first enabling shadow passwords:The?chage?utility for setting password aging parameters. For details, see the?Password Security?section in the?Red?Hat Enterprise?Linux?7 Security Guide.The?gpasswd?utility for administrating the?/etc/group?file.The?usermod?command with the?-e, --expiredate?or?-f, --inactive?option.The?useradd?command with the?-e, --expiredate?or?-f, --inactive?option.Adding a New UserTo add a new user to the system, type the following at a shell prompt as?root:useradd [options] usernameBy default, the?useradd?command creates a locked user account. To unlock the account, run the following command as?root?to assign a password:passwd usernameCommon useradd command-line optionsOption-c?'comment'comment?can be replaced with any string. This option is generally used to specify the full name of a user.-d?home_directoryHome directory to be used instead of default?/home/username/.-e?dateDate for the account to be disabled in the format YYYY-MM-DD.-f?daysNumber of days after the password expires until the account is disabled. If?0?is specified, the account is disabled immediately after the password expires. If?-1?is specified, the account is not disabled after the password expires.-g?group_nameGroup name or group number for the user's default (primary) group. The group must exist prior to being specified here.-G?group_listList of additional (supplementary, other than default) group names or group numbers, separated by commas, of which the user is a member. The groups must exist prior to being specified here.-mCreate the home directory if it does not exist.-MDo not create the home directory.-NDo not create a user private group for the user.-p?passwordThe password encrypted with?crypt.-rCreate a system account with a UID less than 1000 and without a home directory.-sUser's login shell, which defaults to?/bin/bash.-u?uidUser ID for the user, which must be unique and greater than 999.The following steps illustrate what happens if the command?useradd juan?is issued on a system that has shadow passwords enabled:A new line for?juan?is created in?/etc/passwd:juan:x:1001:1001::/home/juan:/bin/bashThe line has the following characteristics:It begins with the user name?juan.There is an?x?for the password field indicating that the system is using shadow passwords.A UID greater than 999 is created. Under Red?Hat Enterprise?Linux?7, UIDs below 1000 are reserved for system use and should not be assigned to users.A GID greater than 999 is created. Under Red?Hat Enterprise?Linux?7, GIDs below 1000 are reserved for system use and should not be assigned to users.The optional?GECOS?information is left blank. The GECOS field can be used to provide additional information about the user, such as their full name or phone number.The home directory for?juan?is set to?/home/juan/.The default shell is set to?/bin/bash.A new line for?juan?is created in?/etc/shadow:juan:!!:14798:0:99999:7:::The line has the following characteristics:It begins with the user name?juan.Two exclamation marks (!!) appear in the password field of the?/etc/shadow?file, which locks the account.NoteIf an encrypted password is passed using the?-p?flag, it is placed in the?/etc/shadow?file on the new line for the user.The password is set to never expire.A new line for a group named?juan?is created in?/etc/group:juan:x:1001:Can you add a new user “test”? After adding, inspect the /etc/passwd file showing the new entry for test. Provide screenshots. [10 points]Set password for the new user “test”. Give any password you like. Then, restart VM and login with the new user and password, provide a screenshot. [10 points]It is possible to add user account using GUI. In Kali, select Applications>System tools> Preferences> System SettingsSelect Users icon. It will also let you view history of users login activities.A new user can be created using + icon.Add a new user “test2”, set password to be set next login time. Take a screenshot. [10 points]Then, from user list select “test2” and click on set password now. Can you successfully change the password? If no, why? What is the solution? [Hints: use system generated password]To Test new user, “test2”, goto on top right corner, select the arrow in the power button, see “Switch User” option.Provide a screenshot of accessing using “test2” as a screenshot. [10 points]3. Installing MySQL Type in command prompt “sudo apt-get install mysql-server –y”, this will start mysql server installation into your VM .Once done, you need to start the service. Type “service mysql status”, Start MySQL service. Show a screenshot with the process of mysql running. [15 points]Now, stop the service. Show gain a screenshot that the process stopped. [15 points]References [1] ................
................

In order to avoid copyright disputes, this page is only a partial summary.

Google Online Preview   Download