CSC 175: Linux Installation Instructions This document applies only to the isolated network in Adams 019 Read and Follow Carefully This guide is meant to accompany my in-class demonstration and other explanations. There is never any excuse for not attending a class. A small, private network has been created for half the workstations in Adams 019. A server-class machine in adams 019a has been configured as a router/firewall. This machine separates the outside Internet from the internal network. To the internal network this machine is known as 10.1.0.98 (deepdish), while from outside it is known as 96.57.41.74. This address is in fact independent of the Hofstra network, which does not trust its law-abiding faculty and students. All machines on our private network use 10.1.0.98 as their "gateway." 1. Form groups. There cannot be any groups with less than two people or more than three people. Your group may be graded for collaboration, attendance, timeliness, and the ability to follow instructions. 2. Once your group has informed the professor of your members, you will be assigned a workstation in Adams 019 and be given a "password". You must set your system to use this password when installing Linux. You will also be given an IP address - and you must set up your system to use that address. YOU MAY NOT CHANGE THE PASSWORD. 3. Pick a one-word "hostname" for your machine. A secret name domain, "secret.hofstra.edu" has been created for the purpose of our class. This domain is not visible to the outside Internet and anyone who reveals its existence will be quietly taken care of. For example, if you pick "machine3" as the name of your machine, then your machine's full hostname will be machine3.secret.hofstra.edu. You will be prompted to create a user account during installation. USE THE SAME USERNAME AS YOUR HOSTNAME (machine3 in the above example). The password for the user account will be given to you - you must use this password. You will install Ubuntu 18.04 LTS SEVER. YOU MAY NOT INSTALL A DESKTOP VERSION of ubuntu or any other version of linux. The procedure described below applies only to machines in Adams 019, which are connected to the router/firewall named deepdish.secret.hofstra.edu, and has an IP address 10.1.0.98 - this machine will also be your "default gateway." CAVEAT: the instructions below form a general *guide* - What you actually encounter may vary. 4. Download the Ubuntu 18 "LTS" server .iso disk image and burn it to a cd/dvd. A link to Ubuntu can be found on the class homepage. The following instructions concern steps of the installation that are not completely self-explanatory: ----- Reboot the workstation that you've been assigned to and, while rebooting it, press and hold down the F12 key to bring up a BIOS menu to choose which disk to boot from. Select the Optical (DVD) drive. After some obvious prompts, you'll be asked to configure your network. There's a default setting for 10.22.x.y, which you MUST DISABLE (select the device, then select 'edit ipv4'). That is, do not select DHCP for this device. Then configure the Realtek ethernet interface "ens1" or "enp9s0" if "ens1" is not connected. This device is physically connected to our special network. Instead of DHCP, manually edit ipv4 configuration and enter the following information: network: 10.1.0.0/16 address: 10.1.0.x (where x is your group's assigned number) gateway: 10.1.0.98 nameserver 10.1.0.98 domain: secret.hofstra.edu THE NEXT PART IS THE MUST CRITICAL POINT OF THE INSTALLATION: You must now partition your disks. Choose manual partition method. Do not erase any 'ntfs' partitions or any ext4 partitions marked as 'root' or 'swap'. Find the third disk, with name that's something like 'ST500DM002-!BD..." This disk should either have no partitions or an existing ext4 partition of about 100gb (from the previous year). This is the disk you will use. Please ask the professor to check that you've selected the right disk. Now either create a new 100gb partition, or reformat (be sure to REFORMAT) the existing 100gb ext4 partition and mount it under /. 100 gigs should be more than enough. Create (or reuse) a swap partition with about 16 gigs. This is the Linux virtual memory partition. For production servers, it's not recommended to install the entire os under one partition, especially if you have multiple drives. Typically /boot and /home have their own partitions. But for our purposes, it should be fine to just use one partition. BEFORE YOU FINISH PARTITIONING BY SELECTING SAVE AND CONTINUE, WHCIH WRITES CHANGES TO DISK, ASK THE PROFESSOR TO CHECK IT. ********************* You'll then be asked to Enter your hostname Your username should be the same as your hostname. Enter your ASSIGNED password. You may not change this password. Select the option to install an open ssh server, but you don't need to install anything extra when prompted. The installation will begin and will take a while to complete. You may find it getting stuck at the last step (copying logs) - it's OK to rebook at this point. On bootup, press F12 select the 2nd hard drive (beneath the Toshiba drive). After installation, boot into your system: keep pressing F12 during reboot (the bootup sequence takes a while). *** Select the disk "SCU DEVICE 1" *** Remember this bootup sequence. Log in. type "sudo su" and enter your password to go into superuser mode. This is not the recommended way to use sudo, so be careful. At any time, type apt-get upgrade to download and install latest updates (don't do this right away since it takes a while). You can install software packets with apt-get install. For example, apt-get install emacs will install the emacs editor. However, you are not allowed to install a graphical desktop at this time. If you are not sure what package to install, use apt-cache search: for example, apt-cache search wireshark will list packages having to do with wireshark. Now you're ready to explore Linux and get used to the text-based interface. :::::: PACAKGES YOU SHOULD INSTALL ::::::: apache2 (web server) - sudo apt-get install apache2 tshark and/or wireshark (apt-get install wireshark) lynx (a text-only web browser) xterm (for remotely opening a new terminal, use with -Y). ------------------------------------------------------------------------ Remotely accessing your Linux workstation. All external access to the "secret" network is done through the deepdish gateway. Deepdish has IP address 10.1.0.98 internally and 96.57.41.74 externally. Access to deepdish from outside is, however, severely restricted, and you are asked to not share the following information casually. Normally, ssh accepts connections to port 22 (every tcp/ip server program is assigned a port number). However, to access your "secret" host you must ssh into a special port on deepdish. deepdish then redirects this connection to the appropriate "secret" host. The ports are assigned as follows: 10.1.0.1 19001 10.1.0.2 19002 10.1.0.3 19003 ... ... 10.1.0.12 19012 Use the -p option to ssh tells it to connect to a port other than 22. For example, if you want to access 10.1.0.8 from outside Hofstra, do ssh -Y -p 19008 -l username 96.57.41.74 The -Y option forwards X11 (X-windows) authority, which allows you to run graphical programs remotely on system that have installed X11 servers (such as Linux desktop versions, and Cygnwin-X11 on windows. Although Ubuntu server doesn't come with a X11 server, it does have a client, so you can run graphical programs on your server remotely. When you ssh this way, you may get a warning that says "someone may be trying to do something nasty". This is because the ssh authentication keys may have changed. However, since there is no way to authenticate the authentication keys, just do "rm ~/.ssh/known_hosts" and try again. There're not that many nasty people in the world, but there are a lot of stupid ones. To use sftp to transfer files, do sftp -P 19003 username@96.57.41.74 (note the capital P). You should remotely log into your server and explore the directory structure, especially /etc, where most configurations files are kepts. Move on to the post-installation assignment. --- Summary of what you need to do before this lab. 1. Form groups 2. burn a Unbuntu Server installation CD and test that it actually boots 3. Pick a one-word hostname 4. Professor will assign you a password. You MUST use this password.