CSA Midterm Note

# CSA Midterm Note Created: November 6, 2023 12:07 PM Tags: freebsd, freebsdcmd, freebsdcommand, portsnap ## Midterm “I copied it” windows ac, pw 都是”csa” website: [http://csa.cs.nthu.edu.tw/](http://csa.cs.nthu.edu.tw/) ### 常用command ```bash vi /etc/ssh/sshd_config PermitRootLogin yes PasswordAuthentication yes ``` ### 25/9 netstat -rn >> check ipv4, ipv6 setting cat /etc/passwd → passward file 診斷上唔到網問題 check VMware bridging ssh to VM gen key hw: 10/10 deadline upload pem key file upload server 來的ppg 檔,轉做pem 檔by putty keygen search: freebsd keygen, freebsd authorized key ## 2/10 1. install portsnap ```bash portsnap fetch portsnap extract # normal to run for 10+ minutes cd /usr/ports/ports-mgmt/portmaster # intall portmaster make; make install; make clean ``` other useful command ```jsx pkg help pkg list # list what package i have pkg search <name> # search open src pkg pkg remove <name> ``` default dir for package - usr/local - usr/local/sbin → admin package 1. Apache Web Server 2. ```jsx # 1. install by package pkg search apache | grep web # find relevent pkg pkg install apache24 # start service service apache24 start # 2. install by source # 2.1 update os freebsd-update fetch freebsd-update install cd usr/ports/www/apache24 # see video for how to start service service apache24 start ps auwwwx | grep http # check is http service started ``` chnage setting vi httpd.conf document root = home page address go to root add / homework.txt make the IP public host ip: my ip port 80 guest ip ; 10.2.1.1 # how to get public IP 1. host have public IP → NAT- > port fw how to get public IP in host? install SSL VPN/ othervpn ### Authorize login to server by SSH key how to generate SSH key and cpoy into server? [How To Configure SSH Key-Based Authentication on a FreeBSD Server | DigitalOcean](https://www.digitalocean.com/community/tutorials/how-to-configure-ssh-key-based-authentication-on-a-freebsd-server) ```bash # login into ssh (default is login with pw) ssh -p <port number> username@virtual_machine_ip #logout exit #login with ssh key ssh -p <port number> -i <key file e.g. xxx_id_rsa> username@virtual_machine_ip # copy ssh key to server manually cat ~/.ssh/<public_key.pub> | ssh -p <port> username@virtual_machine_ip "mkdir -p ~/.ssh && cat >> ~/.ssh/authorized_keys" # this create dir ~/.ssh/authorized_keys, and copy the .pub file to it ssh-cpoy-id seems not work for freebsd # generate .pem file from public key ssh-keygen -f xxx_id_rsa -e -m pem # generate private key file in .pem format (won't see the .pem file extension) ssh-keygen -t rsa -m PEM # -m to specify format ``` ## 16/10 ```bash top >>> show即時行兝資料 nice -> 排程相關 ``` **top** ![Untitled](CSA%20Midterm%20Note%20b8bbcc9f034b451aac278bf68c57a27e/Untitled.png) 這畫面時按鍵盤=command e.g. 按→ 開mannual ps auwx |grep syslog 睇pid ![Untitled](CSA%20Midterm%20Note%20b8bbcc9f034b451aac278bf68c57a27e/Untitled%201.png) ```bash w >>> show all logged in user ``` w ![Untitled](CSA%20Midterm%20Note%20b8bbcc9f034b451aac278bf68c57a27e/Untitled%202.png) ### syslogd ```bash service syslogd start # start syslogd service syslogd restart # syslogd 每次restart log 就會重新紀錄 ``` open a new log file touch /var/log/logfilename.log **[to check]** broadcast emerg message ### alias **系統設定檔** /etc/csh.cshrc **個人設定檔** ~/.cshrc **set 環境變數path** set path = (/dir/dri/….) don’t delete default existing path!! or will loss all command path 入面排前=high priority ### cgi ### make a custom cgi 用途: 令server可以收query & print something on the browser ### enable cgi in apache edit /usr/local/etc/aphache24/httpd.conf add this ```bash LoadModule cgi_module libexec/apache24/mod_cgi.so ``` by default 已有test-cgi & printenv 兩個cgi in /usr/local/ ### Add / Edit cgi go to /usr/local/www/apache24/cgi-bin **create a simple cgi** ```bash joe simple-cgi ``` ## 23/10 ```bash drill AAAA csa.cs.nthu.edu.tw # lookup IPv6 addr #see P.4 of http://csa.cs.nthu.edu.tw/bind.pdf drill -x # 反查 #e.g. drill -x 140.114.140.86.1 -> =揾drill 1.86.114.140.in-addr.arpa -> 入面的TR ``` ### my 網域 go here regisrer my domain (done) [http://csa.cs.nthu.edu.tw/cgi-bin/cgiwrap/root/dns/admin](http://csa.cs.nthu.edu.tw/cgi-bin/cgiwrap/root/dns/admin) rali.csa.cs.nthu.edu.tw **how to check is my domain up?** go to cmd in host machine nslookup -type=SOA <my-domane, e.g. rali.csa.cs.nthu.edu.tw> 睇有冇answer then nslookup -type=NS rali.csa.cs.nthu.edu.tw config dns 120 IN A 140.114.252.84 # 代表dns.<my-domain> 指到40.114.252.84 @ 120 IN A 140.114.252.84 # 代表<my-domain>指到40.114.252.84 set up 1. go to /usr/local/etc/namedb/named.conf =⇒ 最後set master 檔 ```bash // /usr/local/etc/namedb/named.conf // add this to end zone "rali.csa.cs.nthu.edu.tw" { type master; file "/usr/local/etc/namedb/primary/rali.csa.cs.nthu.edu.tw.hosts"; //this is kind of file, can be any file name, for clear purpose set //it to the ip }; //comment listen-on 127.0.0 ``` 2. create this file /usr/local/etc/namedb/primary/rali.csa.cs.nthu.edu.tw.hosts (correct version) **第3行 ;below 2 每次update完都要加大 ```bash $TTL 120 $ORIGIN rali.csa.cs.nthu.edu.tw. @ 120 IN SOA rali.csa.cs.nthu.edu.tw. mhlee.c.zohomail.eu. (2 30 30 30 @ 120 IN NS rali.csa.cs.nthu.edu.tw. ;dns.rali.csa.cs.nthu.edu.tw. 120 IN A 140.114.252.24 dns 120 IN A 140.114.252.24 @ 120 IN A 140.114.252.24 ;above is my ip ;This is a comment www 120 IN A 140.114.252.24 www2 120 IN A 140.114.86.1 homework 120 IN AAAA 2001:288:e001:86:1::1 hw 120 CNAME csa.cs.nthu.edu.tw. www.rali.csa.cs.nthu.edu.tw. IN CAA 0 issue ";" www.rali.csa.cs.nthu.edu.tw. IN CAA 0 issuewild "letsencrypt.org" ``` port fw host port 53 fw to guest port 53 both TCP & UDP ### HW5 create 根態證,upload search 憑證parsing tool ## 30/1 hw4 - create cert from a website - load module related to ssl - pem file path to somewhere???? ```bash ``` hw5: upload server.key follow [http://csa.cs.nthu.edu.tw/ssl/](http://csa.cs.nthu.edu.tw/ssl/) ## VM ports & port forwarding default ports port 22 - ssh login port 80 - browser port forwarding example local port 50→ VM port 80 = 打local’s ip port 50→去VM browser - e.g. my port forwarding is local’s ip port 50 → VM’s port 22 - login 要打ssh -p 50 <username>@local’s ip local port 8080 → VM port 22 = 打local’s ip port 8080 → ssh login to VM - e.g. my port forwarding is local’s ip port 8080 → VM’s port 80 - browser 睇VM’ apache 要打 <local’s ip>:8080 - 如browser 去左ssh port or vice versa → 出error: kex_exchange_identification browser 打ip 冇打port → by default 即port 80 e.g. - 140.11.252.93:80 →140.11.252.93’s port 80 - 140.11.252.93 → 無specify port → browser default 去port 80→ 140.11.252.93’s port 80 ssh 一定要打port [to fix] now run any custom script 出已set path, chmod 755,r don’t know why this happening # Internal Server Error The server encountered an internal error or misconfiguration and was unable to complete your request. Please contact the server administrator at you@example.com to inform them of the time this error occurred, and the actions you performed just before this error. More information about this error may be available in the server error log.