rinri
/
system-and-network-administration-course
1
0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
1 Commit
1 Branch
1.6 MiB
 
 
 
Tree: 89edcc5866
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '89edcc5866'
${ noResults }
system-and-network-administ.../week11/lab11-solution.html

407 lines
15 KiB
Raw Blame History 

  1. <?xml version="1.0" encoding="utf-8"?>

  2. <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"

  3. "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">

  4. <html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">

  5. <head>

  6. <!-- 2023-04-20 Thu 22:23 -->

  7. <meta http-equiv="Content-Type" content="text/html;charset=utf-8" />

  8. <meta name="viewport" content="width=device-width, initial-scale=1" />

  9. <title>Lab 11 Solution Amirlan Sharipov (BS21-CS-01)</title>

  10. <meta name="author" content="Amirlan Sharipov (BS21-CS-01)" />

  11. <meta name="generator" content="Org Mode" />

  12. <style>

  13.   #content { max-width: 60em; margin: auto; }

  14.   .title  { text-align: center;

  15.              margin-bottom: .2em; }

  16.   .subtitle { text-align: center;

  17.               font-size: medium;

  18.               font-weight: bold;

  19.               margin-top:0; }

  20.   .todo   { font-family: monospace; color: red; }

  21.   .done   { font-family: monospace; color: green; }

  22.   .priority { font-family: monospace; color: orange; }

  23.   .tag    { background-color: #eee; font-family: monospace;

  24.             padding: 2px; font-size: 80%; font-weight: normal; }

  25.   .timestamp { color: #bebebe; }

  26.   .timestamp-kwd { color: #5f9ea0; }

  27.   .org-right  { margin-left: auto; margin-right: 0px;  text-align: right; }

  28.   .org-left   { margin-left: 0px;  margin-right: auto; text-align: left; }

  29.   .org-center { margin-left: auto; margin-right: auto; text-align: center; }

  30.   .underline { text-decoration: underline; }

  31.   #postamble p, #preamble p { font-size: 90%; margin: .2em; }

  32.   p.verse { margin-left: 3%; }

  33.   pre {

  34.     border: 1px solid #e6e6e6;

  35.     border-radius: 3px;

  36.     background-color: #f2f2f2;

  37.     padding: 8pt;

  38.     font-family: monospace;

  39.     overflow: auto;

  40.     margin: 1.2em;

  41.   }

  42.   pre.src {

  43.     position: relative;

  44.     overflow: auto;

  45.   }

  46.   pre.src:before {

  47.     display: none;

  48.     position: absolute;

  49.     top: -8px;

  50.     right: 12px;

  51.     padding: 3px;

  52.     color: #555;

  53.     background-color: #f2f2f299;

  54.   }

  55.   pre.src:hover:before { display: inline; margin-top: 14px;}

  56.   /* Languages per Org manual */

  57.   pre.src-asymptote:before { content: 'Asymptote'; }

  58.   pre.src-awk:before { content: 'Awk'; }

  59.   pre.src-authinfo::before { content: 'Authinfo'; }

  60.   pre.src-C:before { content: 'C'; }

  61.   /* pre.src-C++ doesn't work in CSS */

  62.   pre.src-clojure:before { content: 'Clojure'; }

  63.   pre.src-css:before { content: 'CSS'; }

  64.   pre.src-D:before { content: 'D'; }

  65.   pre.src-ditaa:before { content: 'ditaa'; }

  66.   pre.src-dot:before { content: 'Graphviz'; }

  67.   pre.src-calc:before { content: 'Emacs Calc'; }

  68.   pre.src-emacs-lisp:before { content: 'Emacs Lisp'; }

  69.   pre.src-fortran:before { content: 'Fortran'; }

  70.   pre.src-gnuplot:before { content: 'gnuplot'; }

  71.   pre.src-haskell:before { content: 'Haskell'; }

  72.   pre.src-hledger:before { content: 'hledger'; }

  73.   pre.src-java:before { content: 'Java'; }

  74.   pre.src-js:before { content: 'Javascript'; }

  75.   pre.src-latex:before { content: 'LaTeX'; }

  76.   pre.src-ledger:before { content: 'Ledger'; }

  77.   pre.src-lisp:before { content: 'Lisp'; }

  78.   pre.src-lilypond:before { content: 'Lilypond'; }

  79.   pre.src-lua:before { content: 'Lua'; }

  80.   pre.src-matlab:before { content: 'MATLAB'; }

  81.   pre.src-mscgen:before { content: 'Mscgen'; }

  82.   pre.src-ocaml:before { content: 'Objective Caml'; }

  83.   pre.src-octave:before { content: 'Octave'; }

  84.   pre.src-org:before { content: 'Org mode'; }

  85.   pre.src-oz:before { content: 'OZ'; }

  86.   pre.src-plantuml:before { content: 'Plantuml'; }

  87.   pre.src-processing:before { content: 'Processing.js'; }

  88.   pre.src-python:before { content: 'Python'; }

  89.   pre.src-R:before { content: 'R'; }

  90.   pre.src-ruby:before { content: 'Ruby'; }

  91.   pre.src-sass:before { content: 'Sass'; }

  92.   pre.src-scheme:before { content: 'Scheme'; }

  93.   pre.src-screen:before { content: 'Gnu Screen'; }

  94.   pre.src-sed:before { content: 'Sed'; }

  95.   pre.src-sh:before { content: 'shell'; }

  96.   pre.src-sql:before { content: 'SQL'; }

  97.   pre.src-sqlite:before { content: 'SQLite'; }

  98.   /* additional languages in org.el's org-babel-load-languages alist */

  99.   pre.src-forth:before { content: 'Forth'; }

  100.   pre.src-io:before { content: 'IO'; }

  101.   pre.src-J:before { content: 'J'; }

  102.   pre.src-makefile:before { content: 'Makefile'; }

  103.   pre.src-maxima:before { content: 'Maxima'; }

  104.   pre.src-perl:before { content: 'Perl'; }

  105.   pre.src-picolisp:before { content: 'Pico Lisp'; }

  106.   pre.src-scala:before { content: 'Scala'; }

  107.   pre.src-shell:before { content: 'Shell Script'; }

  108.   pre.src-ebnf2ps:before { content: 'ebfn2ps'; }

  109.   /* additional language identifiers per "defun org-babel-execute"

  110.        in ob-*.el */

  111.   pre.src-cpp:before  { content: 'C++'; }

  112.   pre.src-abc:before  { content: 'ABC'; }

  113.   pre.src-coq:before  { content: 'Coq'; }

  114.   pre.src-groovy:before  { content: 'Groovy'; }

  115.   /* additional language identifiers from org-babel-shell-names in

  116.      ob-shell.el: ob-shell is the only babel language using a lambda to put

  117.      the execution function name together. */

  118.   pre.src-bash:before  { content: 'bash'; }

  119.   pre.src-csh:before  { content: 'csh'; }

  120.   pre.src-ash:before  { content: 'ash'; }

  121.   pre.src-dash:before  { content: 'dash'; }

  122.   pre.src-ksh:before  { content: 'ksh'; }

  123.   pre.src-mksh:before  { content: 'mksh'; }

  124.   pre.src-posh:before  { content: 'posh'; }

  125.   /* Additional Emacs modes also supported by the LaTeX listings package */

  126.   pre.src-ada:before { content: 'Ada'; }

  127.   pre.src-asm:before { content: 'Assembler'; }

  128.   pre.src-caml:before { content: 'Caml'; }

  129.   pre.src-delphi:before { content: 'Delphi'; }

  130.   pre.src-html:before { content: 'HTML'; }

  131.   pre.src-idl:before { content: 'IDL'; }

  132.   pre.src-mercury:before { content: 'Mercury'; }

  133.   pre.src-metapost:before { content: 'MetaPost'; }

  134.   pre.src-modula-2:before { content: 'Modula-2'; }

  135.   pre.src-pascal:before { content: 'Pascal'; }

  136.   pre.src-ps:before { content: 'PostScript'; }

  137.   pre.src-prolog:before { content: 'Prolog'; }

  138.   pre.src-simula:before { content: 'Simula'; }

  139.   pre.src-tcl:before { content: 'tcl'; }

  140.   pre.src-tex:before { content: 'TeX'; }

  141.   pre.src-plain-tex:before { content: 'Plain TeX'; }

  142.   pre.src-verilog:before { content: 'Verilog'; }

  143.   pre.src-vhdl:before { content: 'VHDL'; }

  144.   pre.src-xml:before { content: 'XML'; }

  145.   pre.src-nxml:before { content: 'XML'; }

  146.   /* add a generic configuration mode; LaTeX export needs an additional

  147.      (add-to-list 'org-latex-listings-langs '(conf " ")) in .emacs */

  148.   pre.src-conf:before { content: 'Configuration File'; }

  149. 

  150.   table { border-collapse:collapse; }

  151.   caption.t-above { caption-side: top; }

  152.   caption.t-bottom { caption-side: bottom; }

  153.   td, th { vertical-align:top;  }

  154.   th.org-right  { text-align: center;  }

  155.   th.org-left   { text-align: center;   }

  156.   th.org-center { text-align: center; }

  157.   td.org-right  { text-align: right;  }

  158.   td.org-left   { text-align: left;   }

  159.   td.org-center { text-align: center; }

  160.   dt { font-weight: bold; }

  161.   .footpara { display: inline; }

  162.   .footdef  { margin-bottom: 1em; }

  163.   .figure { padding: 1em; }

  164.   .figure p { text-align: center; }

  165.   .equation-container {

  166.     display: table;

  167.     text-align: center;

  168.     width: 100%;

  169.   }

  170.   .equation {

  171.     vertical-align: middle;

  172.   }

  173.   .equation-label {

  174.     display: table-cell;

  175.     text-align: right;

  176.     vertical-align: middle;

  177.   }

  178.   .inlinetask {

  179.     padding: 10px;

  180.     border: 2px solid gray;

  181.     margin: 10px;

  182.     background: #ffffcc;

  183.   }

  184.   #org-div-home-and-up

  185.    { text-align: right; font-size: 70%; white-space: nowrap; }

  186.   textarea { overflow-x: auto; }

  187.   .linenr { font-size: smaller }

  188.   .code-highlighted { background-color: #ffff00; }

  189.   .org-info-js_info-navigation { border-style: none; }

  190.   #org-info-js_console-label

  191.     { font-size: 10px; font-weight: bold; white-space: nowrap; }

  192.   .org-info-js_search-highlight

  193.     { background-color: #ffff00; color: #000000; font-weight: bold; }

  194.   .org-svg { }

  195. </style>

  196. </head>

  197. <body>

  198. <div id="content" class="content">

  199. <h1 class="title">Lab 11 Solution Amirlan Sharipov (BS21-CS-01)</h1>

  200. <div id="table-of-contents" role="doc-toc">

  201. <h2>Table of Contents</h2>

  202. <div id="text-table-of-contents" role="doc-toc">

  203. <ul>

  204. <li><a href="#orgb5383c0">1. Question 1</a></li>

  205. <li><a href="#org68c7989">2. Question 2</a>

  206. <ul>

  207. <li><a href="#orga0d213f">2.1. Choose a host OS that provides maximum container isolation. (hardened host OS)</a></li>

  208. <li><a href="#org68baa0a">2.2. Use network namespaces</a></li>

  209. <li><a href="#org5ffdd26">2.3. Use kubernetes to manage access right</a></li>

  210. <li><a href="#org7a83b2b">2.4. Monitor the logs using SIEM tools</a></li>

  211. <li><a href="#orgc61de8d">2.5. Don&rsquo;t use outdated images</a></li>

  212. </ul>

  213. </li>

  214. <li><a href="#orgf0252b1">3. Question 3</a></li>

  215. <li><a href="#orgad34306">4. Question 4</a></li>

  216. <li><a href="#org10585ce">5. Question 5</a></li>

  217. <li><a href="#org2339204">6. Question 6</a></li>

  218. <li><a href="#org5da35ee">7. Question 8</a></li>

  219. </ul>

  220. </div>

  221. </div>

  222. 

  223. <div id="outline-container-orgb5383c0" class="outline-2">

  224. <h2 id="orgb5383c0"><span class="section-number-2">1.</span> Question 1</h2>

  225. <div class="outline-text-2" id="text-1">

  226. <p>

  227. Source: <a href="https://stackoverflow.com/questions/21553353/what-is-the-difference-between-cmd-and-entrypoint-in-a-dockerfile">https://stackoverflow.com/questions/21553353/what-is-the-difference-between-cmd-and-entrypoint-in-a-dockerfile</a>

  228. Usually, the entrypoint is /bin/sh -c CMD. So this command gets executed when the container is run.

  229. It&rsquo;s a standard practice to customize CMD, though. If you want to use other shell for executing commands, it may be useful to customize the entrypoint.

  230. </p>

  231. </div>

  232. </div>

  233. 

  234. <div id="outline-container-org68c7989" class="outline-2">

  235. <h2 id="org68c7989"><span class="section-number-2">2.</span> Question 2</h2>

  236. <div class="outline-text-2" id="text-2">

  237. <p>

  238. Source: <a href="https://www.redhat.com/en/topics/security/container-security">https://www.redhat.com/en/topics/security/container-security</a>

  239. </p>

  240. </div>

  241. <div id="outline-container-orga0d213f" class="outline-3">

  242. <h3 id="orga0d213f"><span class="section-number-3">2.1.</span> Choose a host OS that provides maximum container isolation. (hardened host OS)</h3>

  243. </div>

  244. <div id="outline-container-org68baa0a" class="outline-3">

  245. <h3 id="org68baa0a"><span class="section-number-3">2.2.</span> Use network namespaces</h3>

  246. </div>

  247. <div id="outline-container-org5ffdd26" class="outline-3">

  248. <h3 id="org5ffdd26"><span class="section-number-3">2.3.</span> Use kubernetes to manage access right</h3>

  249. </div>

  250. <div id="outline-container-org7a83b2b" class="outline-3">

  251. <h3 id="org7a83b2b"><span class="section-number-3">2.4.</span> Monitor the logs using SIEM tools</h3>

  252. </div>

  253. <div id="outline-container-orgc61de8d" class="outline-3">

  254. <h3 id="orgc61de8d"><span class="section-number-3">2.5.</span> Don&rsquo;t use outdated images</h3>

  255. </div>

  256. </div>

  257. 

  258. <div id="outline-container-orgf0252b1" class="outline-2">

  259. <h2 id="orgf0252b1"><span class="section-number-2">3.</span> Question 3</h2>

  260. <div class="outline-text-2" id="text-3">

  261. <p>

  262. <img src="./container-ls-1.jpg" alt="container-ls-1.jpg" />

  263. <img src="./container-ls-2.jpg" alt="container-ls-2.jpg" />

  264. </p>

  265. </div>

  266. </div>

  267. <div id="outline-container-orgad34306" class="outline-2">

  268. <h2 id="orgad34306"><span class="section-number-2">4.</span> Question 4</h2>

  269. <div class="outline-text-2" id="text-4">

  270. <p>

  271. Source: <a href="https://docs.docker.com/engine/reference/commandline/cp/">https://docs.docker.com/engine/reference/commandline/cp/</a>

  272. docker cp [OPTIONS] CONTAINER:SRC_PATH DEST_PATH|-

  273. </p>

  274. 

  275. <p>

  276. Example:

  277. </p>

  278. <div class="org-src-container">

  279. <pre class="src src-bash"><span style="color: #c792ea;">cat</span> ~/nginx.sh

  280. </pre>

  281. </div>

  282. 

  283. <pre class="example" id="orgb1f78fc">

  284. #!/bin/bash

  285. 

  286. docker run \

  287.     -v /etc/ssl/certs/monica.crt:/etc/ssl/certs/monica.crt \

  288.     -v /etc/ssl/private/monica.key:/etc/ssl/private/monica.key \

  289.     -v /home/rinri/.config/nginx:/etc/nginx/conf.d \

  290.     -v /home/rinri/edu/sna/:/var/www \

  291.     -p 80:80 -p 443:443 -p 5000:5000 \

  292.     --restart unless-stopped \

  293.     -d nginx

  294. 

  295. </pre>

  296. 

  297. <p>

  298. After running nginx.sh:

  299. <img src="./container-cp.jpg" alt="container-cp.jpg" />

  300. </p>

  301. </div>

  302. </div>

  303. 

  304. <div id="outline-container-org10585ce" class="outline-2">

  305. <h2 id="org10585ce"><span class="section-number-2">5.</span> Question 5</h2>

  306. <div class="outline-text-2" id="text-5">

  307. <div class="org-src-container">

  308. <pre class="src src-bash"><span style="color: #c792ea;">echo</span> <span style="color: #c3e88d;">"Run Nginx container:"</span>

  309. <span style="color: #c792ea;">cat</span> ~/nginx.sh

  310. <span style="color: #c792ea;">echo</span> <span style="color: #c3e88d;">"Config file:"</span>

  311. <span style="color: #c792ea;">cat</span> ~/.config/nginx/test.conf

  312. </pre>

  313. </div>

  314. 

  315. <pre class="example" id="org01c388f">

  316. Run Nginx container:

  317. #!/bin/bash

  318. 

  319. docker run \

  320.     -v /etc/ssl/certs/monica.crt:/etc/ssl/certs/monica.crt \

  321.     -v /etc/ssl/private/monica.key:/etc/ssl/private/monica.key \

  322.     -v /home/rinri/.config/nginx:/etc/nginx/conf.d \

  323.     -v /home/rinri/edu/sna/:/var/www \

  324.     -p 80:80 -p 443:443 -p 5000:5000 \

  325.     --restart unless-stopped \

  326.     -d nginx

  327. 

  328. Config file:

  329. server {

  330.     listen 5000;

  331.     listen [::]:5000;

  332.     root /var/www;

  333.     index index.html index.htm;

  334. 

  335.     location / {

  336.         try_files $uri $uri/ =404;

  337.     }

  338. }

  339. 

  340. server {

  341.     listen 80;

  342.     listen [::]:80;

  343. 

  344.     server_name monica.local;

  345. 

  346.     return 302 https://$server_name$request_uri;

  347. }

  348. 

  349. server {

  350.     listen 443;

  351.     listen [::]:443;

  352. 

  353.     include conf.d/snippets/self-signed.conf;

  354. 

  355.     server_name monica.local;

  356. 

  357.     location / {

  358.         proxy_pass http://172.17.0.4;

  359.         proxy_set_header Host monica.local;

  360.     }

  361. }

  362. </pre>

  363. </div>

  364. </div>

  365. 

  366. <div id="outline-container-org2339204" class="outline-2">

  367. <h2 id="org2339204"><span class="section-number-2">6.</span> Question 6</h2>

  368. <div class="outline-text-2" id="text-6">

  369. <p>

  370. In /etc/rsyslog.conf:

  371. $ModLoad imtcp.so

  372. $InputTCPServerRun 514

  373. </p>

  374. 

  375. <p>

  376. Command:

  377. docker run -it &#x2013;log-driver syslog &#x2013;log-opt syslog-address=tcp://172.17.0.1:514 alpine ash

  378. </p>

  379. </div>

  380. </div>

  381. 

  382. <div id="outline-container-org5da35ee" class="outline-2">

  383. <h2 id="org5da35ee"><span class="section-number-2">7.</span> Question 8</h2>

  384. <div class="outline-text-2" id="text-7">

  385. <p>

  386. FROM alpine

  387. RUN apk add &#x2013;update &#x2013;no-cache python3 &amp;&amp; ln -sf python3 /usr/bin/python

  388. RUN python3 -m ensurepip

  389. RUN pip3 install &#x2013;no-cache &#x2013;upgrade pip setuptools

  390. RUN touch index.html

  391. RUN echo &ldquo;&lt;html&gt;&lt;h1&gt;Testing web&lt;/h1&gt;&lt;/html&gt;&rdquo; &gt;&gt; index.html

  392. CMD [&ldquo;python&rdquo;, &ldquo;-m&rdquo;, &ldquo;http.server&rdquo;]

  393. </p>

  394. 

  395. <p>

  396. changed apt to apk.

  397. source: <a href="https://stackoverflow.com/questions/62554991/how-do-i-install-python-on-alpine-linux">https://stackoverflow.com/questions/62554991/how-do-i-install-python-on-alpine-linux</a>

  398. </p>

  399. </div>

  400. </div>

  401. </div>

  402. <div id="postamble" class="status">

  403. <p class="author">Author: Amirlan Sharipov (BS21-CS-01)</p>

  404. <p class="date">Created: 2023-04-20 Thu 22:23</p>

  405. </div>

  406. </body>

  407. </html>