Homework #5

(1)

Network Administration/System Administration (NTU CSIE, Spring 2018) Homework #5

Homework #5

Due Time: 2018/5/13 (Sun.) 22:00 Contact TAs: [email protected]

Submission

• Compress all your files into a file named HW5_[studentID].zip (e.g. HW5_bxx902xxx.zip), which contains two folders named [studentID]_NA and [studentID]_SA.

• There should be a na.pdf in Folder [studentID]_NA containing all your answers in Network Administration.

• There should be a sa.pdf and 10.tar in Folder [studentID]_SA containing all your answers in System Administration.

• Submit your zip file to Ceiba.

Instructions and Announcements

• Discussions with others are encouraged. However, you should write down your solutions in your own words. In addition, for each and every problem you have to specify the references (the URL of the web page you consulted or the people you discussed with) on the first page of your solution to that problem.

• Problems below will be related to the materials taught in the class and may be far beyond that.

Try to search for additional information on the Internet and give a reasonable answer.

• Some problems below may not have standard solutions. We will give you the points if your answer is followed by reasonable explanations.

• NO LATE SUBMISSION OR PLAGIARISM IS ALLOWED.

1

(2)

Network Administration

1. DHCP (10%)

When you try to renew the ip your computer get from DHCP server, you may always get the same IP. What may be the reason? (10%)

2. DNS (40%)

(a) (5%) Why should DNS be distributed? Please name three disadvantages if a single server handles all domain name translation services.

(b) (5%) What is DNS cache? Why is it helpful? How it works? Simply describe it.

(c) (10%) dig.sh is a bash script that can do type A DNS query and print out the response using hexdump. Try the command ./dig.sh www.csie.ntu.edu.tw on CSIE workstation and point out where the IP of www.csie.ntu.edu.tw is in the response.

(d) (10%) While doing query in the above problem, you may also see ”csman”, ”csman2”, ”ntuns” in the response. There are only part of the domain name of the name servers because of compres- sion. Please write down how to decompress and get the full domain name of the name servers and what may happen if DNS server doesn’t compress large responses. (hint: DNS uses UDP by default)

(e) (10%) Please decribe 3 types of DNS attacks. How they occur? How to prevent(or detect) them?

(hint: DNS cache and DNS server which does not restrict query clients may be abused.)

2

(3)

System Administration

In Arch Linux, we usually use pacman to manage packages. For questions 1-3, briefly describe your answers. For questions 4-9, write down your commands based on Arch Linux. For question 10, you have to submit a tarball, we will talk about it later. You can assume that package pacman and pacutils are pre-installed.

1. (5%) What are the differences between rolling release and fixed release Linux distributions?

2. (10%) As you may know, the Linux workstations in our department currently run Arch Linux, and many users rely on them to have their jobs/homework/projects done. Based on your un- derstandings on rolling/fixed release models from the previous question, what are the pros and cons of using a rolling release Linux distribution (such as Arch) as workstations, rather than a fixed release distribution (such as Ubuntu/CentOS)? Which one do you think is more suitable for workstations, and why?

3. (5%) What are the differences between pacman -Syu and pacman -Sy, and why the latter is not recommended?

4. (5%) How to search for a package, say vim, either from (a) installed packages or from (b) package databases?

5. (2.5%) How to list all dependencies of an installed package, say firefox?

6. (2.5%) How to find which package a file in the file system belongs to, say /etc/resolv.conf?

7. (2.5%) How to remove a package, say emacs, as well as its dependencies which are not required by any other installed packages?

8. (2.5%) How to list all orphan packages?

9. (5%) In our in-class lab, we created a package sudo-oasis, which depends on sudo. Please write down the commands you used to generate a gpg key and sign the sudo-oasis package.

10. (10%) Write a script 10.sh that meet the following criteria.

• Create a local repository at /repo

• Define it as nasa-repo in the config file(s) of pacman

• Add the signed sudo-oasis package into nasa-repo

• Add the key to pacman keyring so that we can sync with it.

For this question, you must submit a tarball named 10.tar, which should contains at least four files: 10.sh, the signed sudo-oasis package, the signature file for the package, and the corre- sponding public key. We will run following code on this clean VM(username: nasa, password:

nasa) to test your script.

$ tar xvf 10. tar && sudo ./10. sh ...

$ sudo pacsync nasa -repo ...

$ ls /repo # check the content of the local repository ...

3

(4)

$ pacman -Si sudo - oasis | grep Repository

Repository : nasa -repo

$ sudo pacman -S sudo - oasis ...

$ pacman -Qi sudo - oasis | grep Validated Validated By : Signature

$ # Check packager : should be your student ID

$ pacman -Qi sudo - oasis | grep Packager

Packager : b03902028 <b03902028@ntu .edu.tw >

4