AbdullahGhani1

Linux Firewalld Setup - KodeKloud

Click on Black Tick to Do Task Again

To secure our Nautilus infrastructure in Stratos Datacenter we have decided to install and configure firewalld on all app servers. We have Apache and Nginx services running on these apps. Nginx is running as a reverse proxy server for Apache. We might have more robust firewall settings in the future, but for now we have decided to go with the given requirements listed below:

1. Allow all incoming connections on Nginx port.
2. Allow incoming connections from LB host only on Apache port and block for all others.
3. All rules must be permanent.
4. Zone should be public.
5. If Apache or Nginx services aren't running already, please make sure to start them.

Solution:

AbdullahGhani1

NFS Troubleshooting - KodeKloud

The Nautilus production support team was trying to fix issues with their storage server. The storage server has a shared directory /webdata, which is mounted on all app servers at location /var/www/html so that whatever data they store on storage server under /webdata can be shared among all app servers. Somehow NFS server is broken and having some issues. Identify the root cause of the issue and fix it to make sure sharing works fine among all app servers and storage server.

Click on ✔ and Do Task Again

Solution:

Open 4 terminal

ssh on all 4 terminal

ssh tony@stapp01

AbdullahGhani1

LinuxBanner - kodekloud

During the monthly compliance meeting, it was pointed out that several servers in the Stratos DC do not have a valid banner. The security team has provided serveral approved templates which should be applied to the servers to maintain compliance. These will be displayed to the user upon a successful login. Update the message of the day on all application and db servers for Nautilus. Make use of the approved template located at /tmp/nautilus_banner || /home/thor/nautilus_banner on jump host

Click on ✔ and Do Task Again

Solution:

Open 5 Terminal

On Jump Server

/root/nautilus_banner || /home/thor/nautilus_banner As per task

sudo scp  /home/thor/nautilus_banner tony@stapp01:/home/tony

AbdullahGhani1

DNS Troubleshooting

The system admins team of xFusionCorp Industries has noticed intermittent issues with DNS resolution in several apps . App Server 1 in Stratos Datacenter is having some DNS resolution issues, so we want to add some additional DNS nameservers on this server. As a temporary fix we have decided to go with Google public DNS (ipv4). Please make appropriate changes on this server.

Solution:-

ssh on App Server According to task

ssh tony@stapp01  #App Server 1  Ir0nM@n
### OR
ssh steve@stapp02 #App Server 2 Am3ric@

AbdullahGhani1

Click on ✔ and Do The Task Again

During a routine security audit, the team identified an issue on the Nautilus App Server. Some malicious content was identified within the website code. After digging into the issue they found that there might be more infected files. Before doing a cleanup they would like to find all similar files and copy them to a safe location for further investigation. Accomplish the task as per the following requirements:

1. On App Server 3 at location /var/www/html/blog find out all files (not directories) having .js extension.
2. Copy all those files along with their parent directory structure to location /blog on same server.
3. Please make sure not to copy the entire /var/www/html/blog directory content.

SSh on App Server According To Task

ssh tony@stapp01  # App server 1
ssh steve@stapp02 # App server 2

AbdullahGhani1

Setup SSL for Nginx

The system admins team of xFusionCorp Industries needs to deploy a new application on App Server 1 in Stratos Datacenter. They have some pre-requites to get ready that server for application deployment. Prepare the server as per requirements shared below: Install and configure nginx on App Server 1. On App Server 1 there is a self signed SSL certificate and key present at location /tmp/nautilus.crt and /tmp/nautilus.key. Move them to some appropriate location and deploy the same in Nginx. Create an index.html file with content Welcome! under Nginx document root. For final testing try to access the App Server 1 link (either hostname or IP) from jump host using curl command. For example curl -Ik https:// /.

Click on ✔ and Do Task Again

Solution:-

SSh on App Server According to Task

ssh tony@stapp01
sudo  yum install epel-release -y 

AbdullahGhani1

Disable Root Login

After doing some security audits of servers, xFusionCorp Industries security team has implemented some new security policies. One of them is to disable direct root login through SSH. Disable direct SSH root login on all app servers in Stratos Datacenter.

Click on ✔ and Do Task Again

Solution:-

Open Three Terminal and ssh on all App server

on Terminal one

ssh tony@stapp01  

on Terminal Two

AbdullahGhani1

Configure protected directories in Apache

xFusionCorp Industries has hosted several static websites on Nautilus Application Servers in Stratos DC. There are some confidential directories on document root that need to be password protected. Because they are using Apache for hosting the websites, the production support team has decided to use .htaccess with basic auth. There is a website that needs to be uploaded to /var/www/html/dba on Nautilus App Server 2. However, we need to set up the authentication before that. Create /var/www/html/dba directory if doesn't exist. Add a user mariyam in htpasswd and set its password to BruCStnMT5. There is a file /tmp/index.html placed on Jump Server. Copy the same to new directory you created, please make sure default document root should remain /var/www/html. Also website should work on URL http://app-server-hostname:port/dba

Click on ✔ and Do Task Again

Solution:-

ssh on a app server According to Task

ssh steve@stapp02

Add user name

AbdullahGhani1

The System admin team of xFusionCorp Industries has installed a backup agent tool on all app servers. As per the tool's requirements they need to create a user with a non-interactive shell.Therefore, create a user named mark with a non-interactive shell in the app02 server

Click on ✔ and Do Task Again

Solution:-

SSh acording to Task

ssh tony@stapp01 ## AppServer 1 Pass= Ir0nM@n
### OR
ssh steve@stapp02 ## Appserver 2 Pass = Am3ric@
### OR

AbdullahGhani1

Linux Network Services

Our monitoring tool has reported an issue in Stratos Datacenter. One of our app servers has an issue, as its Apache service is not reachable on port 5003 (which is our Apache port). The service itself could be down, the firewall could be at fault, or something else could be causing the issue. Use tools like telnet, netstat, etc. to find and fix the issue. Also make sure Apache is reachable from the jump host without compromising any security settings.

Click on ✔ and Do Task Again

Solution:-

At first Login to stapp01 server or the server that has issue

ssh tony@stapp01

Login as root:

sudo su