The Filer April 16



Download 23.61 Kb.
Date31.01.2017
Size23.61 Kb.
#13836

The Filer


April 16

10

Formal Report for The Filer



08

Fall





Project For The Filer

Henry Au (Project Leader)

Wayne Choi (Assistant Project Leader)

Jay Yoo (Technical Project Manager)

Document Author

Wayne Choi

Project Sponsors

Colin Chanberlain

Jason Fisher

Of SAIT


(1301 16 Avenue Northwest Calgary, AB T2M 0L4)



Table of Contents


Acknowledgements 3

Background 4

Aims and Objectives 4

Group Responsibility 5

Implementation 5

Building the server 5

Linux Hardening 5

Adding PHP to Website using MySQL 6

Building the Website 6

Difficulties 7

Terminology 7

Conclusion 8

Appendix 8




Acknowledgements


This project created at SAIT was conducted under the Computer Systems major of Information technologies. The author of this document would like to thank our sponsors at SAIT. Without them this project would have not been possible.

The project team is most grateful to the following persons for their valued contributions during the project:

Jason Fisher (sponsor)

Colin Chamberlain (sponsor)

Connie Aman

John O’Loughlin

First off we would like to thank Colin Chamberlin, our first project Sponsor, for his input into this project. He provided insight into the direction of how we should conduct ourselves during meetings. This means that there was a deadline to when we had to meet him and Jason.

Next we would like to thanks Jason Fisher, our other project Sponsor, for providing us with the equipments needed to complete our project. He provided us with a server and hard drives for backup. We would also like to thank him for his inputs during our meetings and helping us out in figuring many problems we had with our project.

We would also like to thank our Server manager instructor, Connie Aman, in her input on how to use RAID in a Linux system.

Finally we would like to thank John O’Loughlin for his input in helping us figure out some PHP problems that we had.

The project leader would also like to thank all the members of the project for the contribution in completing this Capstone Project.

Background


The goal of our project was show all the stuff that we have learned in the course. Not only were we supposed to show what we learned, but also to further improve ourselves. From this the group has to choose a project that can show our skills. The project we accomplished was a server that would allow people to upload and download files. The Files are accessed from a website that we created. When we finished the site allowed uploading and downloading of files from a remote website.

We were given 13 weeks to complete this project, which then we had to present our project to people from industry, our potential employers.


Aims and Objectives


Here are a list of aims and objectives agreed upon at the start of the project:

  1. A Linux server.

    1. Snort

    2. Apache

    3. MySQL

    4. PHP

    5. FTP

    6. Virus scanner

  2. Website running off the server that allows for uploading and downloading.

    1. Uploading and downloading functionality

    2. Adding user

    3. Administrator Notice Board

So it was talked upon at the begging of the project was to have a way for people to upload and download files using FTP. We also decided that to access FTP it was through a website. So in order to have FTP we had to use VSFTP, which was only freely available on Linux. Since most people would be accessing the server through a Windows system, we had to have a virus scanner that checked for Windows virus.

Here are the extra stuffs that we have added since the start of the project:



  1. Backup method for the server

  2. AIDE

  3. Change user Password

  4. Collect user IP address


Group Responsibility


Here are the responsibilities each group member had in order to complete this project.

Jay was responsible for building the website using HTML. When he finished with building the website he was responsible with building the uploading and download pages for the website using PHP and FTP

Wayne was responsible with setting up the server and figuring out a backup method for the server. When that was done Wayne was to install a virus scanner. The Other responsibility that Wayne had was to build the PHP for adding users and changing password. Also Wayne was responsible for building the administrator PHP page.

Henry was responsible for figuring out how to prevent people from attacking the system using Snort and AIDE. Henry was also responsible for creating the capstone website for the group.


Implementation


Here is how we implemented our FTP uploading website.

Building the server


First ting we did after we got our equipments was deciding on what OS to user. Since all of group member was the most familiar with Ubuntu, we decided to user Ubuntu Server. When that was done we decided that we did not want to user command line so we decided to install a GUI on the server. The command used to install the GUI was Sudo aptitude install –no-install-recommends ubuntu-desktop. This took us about two days to do this.

Linux Hardening


For the next step we did was hardening our web server. First thing we did was to install Snort. Snort is used to detect network attack. Then we installed AIDE, It creates a database from the regular expression rules that it finds from the configuration file. Once this database is initialized it can be used to verify the integrity of the files. It has several messages digest algorithms (md5, sha1, etc.) that are used to check the integrity of the file. After that, we installed BASE (Basic Analysis Security Engine), this application provides a web front-end to query and analyze the alerts coming from Snort system log information in MySQL database.

After all that we installed our antivirus, Clam AV. We added the Virus scanner to auto check for virus and send the log file to a specific location. To do this we added the job to the Crontab. We also added the Crontab job to check every week for updates to the virus database. We also created a backup method to back up the server.


Adding PHP to Website using MySQL


After the website was done we started to add PHP to our website. First thing we did was create tables first table created was Users table. This table contains the user information that the user adds when they create a new user. I also added a stored procedure to generate a script to add users to the Users table. A stored procedure to check user info when logging was also created. After that was done PHP was added to the registration page to allow users registration. The PHP inside the webpage calls the MySQL database. Then after that was done PHP was added to index.php. After that was done Administrator page was modified. To do this News table and add news and delete news stored procedures were created; PHP was then added to Admin page. This is because the administrator needs to add news items.

We also created index2.php to become the page the users go to after they logged in. This page looks like index.php, but the logging section was changed. This changed section displayed the user information of the logged in user. Depending on the user this section would look different. If the user were the administrator the page would allow the user to go to the administrator webpage.

When that was done we created entries in our database that allowed for logging of the users login session. We also added IP address collection of logged in user. This means that when user log in to the website there would be an entry of the users logging session. A second administrator page was added to display the user logging information.

After that we had to figure out how we added users to the system and changing their passwords.

The last steps we did was the upload and download page. First all, we had to restrict type of files that can be uploaded in our server, because we wanted to prevent simple copyright issue, caused by music and movies. So users can upload only certain types of document and images. We also had to create stored procedures to manage information of user account, related to upload and download, such as available space capacity of each account. As we planned to provide 10MB per each account, we added the function to record and manage the information of uploaded files. All of the specific restriction is also managed by database, so it must be easily modified later.

Building the Website


The functionality of our website is to upload/download small size of files, such as documents and images by FTP server. All of the dynamic information of the website is managed and handled by PHP. Additionally, we also used HTML to create the basic structure and static information pages, such as “Who we are”, “What we do”, “How to use” and “Contact us”. Because we have learned the basic HTML, we did not require any further research or study to use HTML. We also use Adobe Photoshop to make all of the images used in the website.

Difficulties


The first major difficulty we encountered was Snort. Snort would not run properly and we had to delete Snort and reinstalled it. It took us about a whole class period to figure out how to remove Snort and reinstalling it.

When we run Snort, it did not detect ICMP packet from other ping server. We had to create our own rule for detect ICMP packet to prevent other ping server.

A major problem we had was figuring out how to backup our server. The thing we decided was to use RAID 1, which is making a copy of one disk to another. The problem we found out after emailing Connie was that Software RAID to the OS can only be done during installation of the OS. But she said that if we wanted RAID we had to a hardware RAID. We ended up just zipping a whole drive and restoring it afterwards when we needed it.

Adding users to the system was another difficulty. At first we did not know how to do that but after a while we found a tutorial on how to do it. But that was not the last of the problem we had with adding users. The tutorial stated the use of apache as the user to Apache web server, but in Ubuntu it was www-data. After a lot of trial and error running we realized that we needed to use www-data.

Using PHP and MYSQL requires additional research and study to us. What we have learned in our classes was not enough to realize what we wanted from the website. Especially uploading/downloading data, the main function of the website, required a lot of effort to research.

Terminology


Snort – Snort is a program that detects and prevents intrusions to a system.

Apache – This is a web server Software.

MySQL – MySQL is a database management system from Oracle.

PHP - PHP: Hypertext Preprocessor is a scripting language used to enhance the functionality of a webpage.

FTP – File Transfer Protocol is a protocol that allows for file transfer over the Internet.

VSFTP(d)-Very Secure FTP is a more secure ftp protocol created for Linux.

IP Address – A unique number given to a system when a system connects to a network.

AIDE – Advanced Intrusion Detection Environment is a program that searches for network attacks on a system.

HTML – HyperText Markup Language is a programming language used to display a webpage.

GUI – Graphical User Interface that allows users to interact with an operating system easier.

Ubuntu – A Linux distribution, which is an operating system.

Adobe Photoshop – Graphics editing software developed and published by Adobe Systems

RAID - Redundant Array of Independent Disk is a way of setting up disk for storage.

BASE - A web interface to perform analysis of intrusions that snort has detected from database on the network.



ICMP - Internet Control Message Protocol

Conclusion


In conclusion our project was a success. There were many problems that we had, but in the end we were able to pull through. All our initial goals that we want or had been met and we were able add more to our project. This means that we were able to meet the deadline of the project.

Appendix


See attached form for User Guide


Download 23.61 Kb.

Share with your friends:




The database is protected by copyright ©ininet.org 2024
send message

    Main page