JIMMA UNIVERSITY

JIMMA INSTITUTE OF TECHNOLOGY

FACULTY OF COMPUTING AND INFORMATICS

DEPARTMENT OF INFORMATION SCIENCE

SYSTEM ADMINISTRATION AND NETWORK MANAGEMENT

INDIVIDUAL ASSIGNMENT

NAME ID

 NURU HUSSEN RU 1586/13

Subm to: Mr.TAKELE T.

Subm date: MAR 2023

00
 1.What is meant by a securable operating system, convergence
in config management? Discuss. why system homogeneity is a
desirable feature of network infrastructure models. How does
homogeneity simplify the issues of configuration and
maintenance?
 A secure operating system refers to one of two things; an operating system
thatfocuses heavily on internal and external security or an operating system that has
external security certification. In either case, these operating systems have a level of
security that is higher than an average system. As a result, a secure operating system is
generally used in locations that store important data or is at severe risk for attack.

Several operating systems focus on security as one of their main build points. These systems
often have secure features and light encryption built directly into their code. This is in contrast
to a normal operating system that usually relies on third-party programs. Since these programs
do not load as part of the operating system, there is always a slight window in which to bypass
them. On a secure operating system, the protections are indistinguishable and non-removable
from the operating system as a whole; therefore, it is much harder to work around them.

 A secure operating system is generally used in a high-risk location.

Some of these secure operating systems are designed for a specific use and nothing else. For
instance, the programming inside a hardware firewall or authentication server is often a
variation on a common operating system. In these cases, the system still exists; it has simply
been whittled down to the bare features required for the security protocols

Some standard operating systems will receive an approval from an external securities system.
This type of secure operating system is generally very similar to a common user version, often
with a few small changes. These changes make certain areas of the system more secure, but
don’t change the overall methods and operations of the system. The operating system will
provide a first level of defense against intrusions and data theft. Even with a security-oriented
operating system, it isn’t unusual to find other layers of encryption and protections on the
computer. These additional third-party programs will overcome any shortfalls in the built-in
programs and further protect the system.

Even with a secure operating system, user action plays a huge role in the overall security. For
the average user, security often comes in second to usability.

As a result, many users will turn off certain security systems once they get in the
way of their computer use. On many secure systems, there are safeguards to

11
prevent user interference or to turn protections back on automatically. This will
help maintain a basic level of security, even when specific operations are
disrupted.
convergence in configuration management

In configuration management, convergence means to bring the system state in line with a
defined policy. That is, changes are made on the system only if they need to be made.

To say that an operation is convergent roughly means that it puts whatever part of the system
it manages into a specified state.When configuration management people say that an
operation is idempotent, they typically mean that if you run it a second time right after running
it once, the second run will terminate immediately without doing any redundant work.

Convergence in configuration management refers to the process of bringing together different

systems, tools, and processes used for managing configurations within an organization. It
involves standardizing and streamlining the configuration management practices across all
departments and teams to ensure consistency, efficiency, and accuracy.

Convergence in configuration management is essential for organizations that have multiple

teams working on different projects with varying requirements. It enables them to establish a
common set of practices, tools, and standards that can be applied across all projects, resulting
in better collaboration, reduced errors, and improved productivity.

Some of the key benefits of convergence in configuration management

include:
1. Improved collaboration: Convergence ensures that all teams are using the same tools
and processes for managing configurations. This makes it easier for them to collaborate
on projects and share information.
2. Reduced errors: Standardizing configuration management practices reduces the risk of
errors caused by inconsistencies or miscommunication between teams.
3. Increased efficiency: Convergence eliminates redundant processes and tools, reducing
the time and effort required to manage configurations.

why system homogeneity is a desirable feature of network infrastructure

models.

System homogeneity refers to the use of the same hardware and software
components throughout a network infrastructure. This can simplify management

22
and maintenance tasks, as well as reduce costs associated with training and
support. It also allows for easier integration of new components into the existing
system.
 System homogeneity is a desirable feature of network infrastructure models because
it ensures consistency and uniformity in the network. This means that all components
of the network are identical or similar in terms of hardware, software, and
configuration.

Homogeneous systems are easier to manage and maintain because they require less effort to
configure, troubleshoot, and upgrade. They also reduce the risk of compatibility issues between
different components of the network.

In addition, homogeneous systems can improve performance and reliability by reducing the
likelihood of errors or failures caused by differences in hardware or software configurations.
This can lead to increased uptime and productivity for users.overall, system homogeneity is a
desirable feature for network infrastructure models because it simplifies management,
improves performance and reliability, and reduces the risk of compatibility issues.

How does homogeneity simplify the issues of configuration and maintenance?

Homogeneity refers to the state of being uniform or consistent. In the context of configuration
and maintenance, homogeneity simplifies these issues by ensuring that all components or
systems are identical or similar in terms of their configuration and setup.

This means that any changes or updates can be easily applied across all components, reducing
the need for manual intervention and minimizing the risk of errors or inconsistencies. It also
makes it easier to troubleshoot issues as there are fewer variables to consider.

Additionally, homogeneity can simplify maintenance by allowing for standardized processes

and procedures to be developed and applied across all components

This can reduce the time and effort required for maintenance tasks, as well as
improve overall system reliability and performance.

Homogeneity simplifies the issues of configuration and maintenance by ensuring

that all systems, applications, and devices are identical or similar in terms of
hardware, software, and configurations. This means that IT administrators only
need to manage a single set of configurations and updates, which reduces the
complexity of maintaining multiple systems with different configurations.

33
Homogeneity also makes it easier to troubleshoot issues because IT
administrators can apply the same fixes across all systems. This reduces the time
and effort required to diagnose and resolve problems.

2.Under what circumstances is it desirable to use a graphical user interface

(GUI), and when is it better to use a command language to address a computer?

A graphical user interface (GUI) is a type of user interface that allows users to
interact with electronic devices or software through graphical elements such as
icons, buttons, menus, and windows. GUIs are designed to simplify the use of
complex systems by presenting information and controls in a visually intuitive way

And it is desirable in the following

 When the user needs to interact with complex software or systems that
require a visual representation to understand.
 When the user needs to perform tasks that involve a lot of data entry or
manipulation, as GUIs can simplify these tasks and make them more
efficient.
 When the user needs to access multiple functions or features of a software
or system, as GUIs can provide an easy-to-use interface for navigating
between these functions.
 When the user needs to work collaboratively with others, as GUIs can
provide a common visual language that facilitates communication and
collaboration.
 When the user needs to access information quickly and easily, as GUIs can
provide intuitive navigation and search tools that make it easy to find what
they need.
 When the user has limited technical expertise, as GUIs can provide a more
accessible and user-friendly interface than command-line interfaces or
other text-based interfaces.
And It is better to use a command language to address a computer when performing complex
or repetitive tasks that require precise and specific instructions.

44
Command languages allow users to automate tasks, manipulate data, and perform system-level
operations quickly and efficiently. They are also useful for troubleshooting and debugging issues
that may arise in software applications or system configurations. Additionally, command
languages are often used by developers and IT professionals who need to interact with
operating systems, servers, and other network devices.

3.Familiarize yourself with the commands df, nslookup, mount, finger .clients
(GNU finger). What do these commands do on linux and how can you use them?
 df - This command is used to display the amount of disk space available on the file system.
It shows the total size of the file system, the amount of space used, and the amount of free
space available. You can use this command to check how much disk space is being used by
different directories or partitions.
 nslookup - This command is used to query DNS (Domain Name System) servers to get
information about domain names and IP addresses. It can be used to troubleshoot network
connectivity issues or to verify DNS records.
 mount - This command is used to mount a file system or device onto a directory in the
Linux file system hierarchy. It allows you to access files and directories on external devices
such as USB drives, network shares, or CD-ROMs.
 finger - This command displays information about users on a remote system, including their
login name, full name, terminal session status, and last login time
 it can be useful for checking who is logged into a remote system or for finding contact
information for other users.
 .clients (GNU finger) - This command is similar to the finger command but provides additional
information about users such as their email address and office location. It can be useful for finding
contact information for colleagues or coworkers in a large organization.

4.After reviewing the concept of virtual memory, what is swapping and what is
paging? Why is paging to a file less efficient than paging to a raw partition?
Swapping in virtual memory is a technique used by operating systems to transfer data between the
main memory (RAM) and the hard disk. When the RAM becomes full, the operating system moves some
of the less frequently used data from the RAM to the hard disk, freeing up space in the RAM for other
processes. This process is called swapping or paging. When a process needs access to data that has been
swapped out, it is moved back into the RAM from the hard disk. Swapping allows an operating system to
use more memory than physically available and helps prevent programs from crashing due to
insufficient memory.

Paging is a memory management technique used in virtual memory systems. It involves dividing the
physical memory into fixed-size blocks called pages and dividing the logical memory into the same size
blocks called page frames. When a process requests data from memory, the operating system maps the

55
logical address to a physical address by using a page table. If the requested data is not present in
physical memory, it is fetched from secondary storage (usually a hard disk) and loaded into an available
page frame in physical memory. This allows processes to access more memory than is physically
available, as well as providing protection and sharing of memory between processes.

 Paging to a file is less efficient than paging to a raw partition because when paging to a file, the
operating system has to go through an additional layer of abstraction. The file system has to
manage the allocation and deallocation of space for the page file, which can cause additional
overhead and slow down the paging process.
 On the other hand, when paging to a raw partition, there is no such overhead as the operating
system can directly access the physical disk without any intermediate layer. This results in faster
access times and better performance compared to paging to a file.

Additionally, when paging to a raw partition, there is less fragmentation as the operating system can
allocate contiguous blocks of memory on the disk. In contrast, when paging to a file, fragmentation can
occur as files are often fragmented on disk.

In general paging to a raw partition is more efficient than paging to a file due to faster access times and
less fragmentation.

5.Explain what an access control list is. Compare the functionality of the Unix file permission.
model with that of access control lists.
An access control list (ACL) is a security mechanism used in computer systems and networks to control
access to resources such as files, folders, devices, or network services. It is a list of permissions that
specifies which users or groups are allowed or denied access to specific resources. ACLs are commonly
used in operating systems, routers, firewalls, and other network devices to enforce security policies and
restrict unauthorized access. They can be configured based on various criteria such as user identity, IP
address, time of day, and type of service. ACLs can help organizations maintain the confidentiality,
integrity, and availability of their data by ensuring that only authorized users have access to it.

Reasons to use an ACL

 Traffic flow control

 Restricted network traffic for better network performance
 A level of security for network access specifying which areas of the server/network/service can
be accessed by a user and which cannot
 Granular monitoring of the traffic exiting and entering the system

Unix provides the flexibility to make kernel modifications, which cannot be done with Windows.
However, because you can make kernel modifications to Unix, you may need specialized
expertise to maintain the production environment.

66
  Windows offers the advantage of a stable platform, but it is not as flexible as Unix. In
relation to application integration, Windows is easier than Unix.

A user can set access control mechanisms in a Windows box without adding software.

In terms of patching, Microsoft is the only source to issue Windows patches. With Uinux, you
can choose to wait until a commercial Uinux provider releases a patch or you can go with an
open-source entity for patches

The Unix file permission model and access control lists (ACLs) are both used to control
access to files and directories in a Unix-based operating system. However, there are some
differences in their functionality:

 Scope: The Unix file permission model applies to all users on the system, while ACLs can
be applied to specific users or groups.
 Granularity: The Unix file permission model has a limited granularity, with only three
levels of access (read, write, and execute) for three categories of users (owner, group,
and others). ACLs provide more granular control over access permissions by allowing
specific permissions to be granted or denied for individual users or groups.
 Complexity: The Unix file permission model is relatively simple and easy to understand,
while ACLs can be more complex and difficult to manage due to their finer granularity.
 Compatibility: The Unix file permission model is widely supported by all Unix-based
operating systems, while ACLs may not be supported by all systems or may require
additional configuration.

Generally the choice between the Unix file permission model and ACLs depends on the specific
needs of the system and the level of granularity required for access control. While the Unix file
permission model is simpler and more widely supported, ACLs provide finer-grained control
over access permissions for specific users or groups.

6.If the network xxx.yyy.74.mmm has subnet mask 255.255.254.0, what can you
say about the subnet mask for the addresses on xxx.yyy.75.mmm? (Hint: how
many hosts are allowed on the subnet?) Which IP addresses does the subnet
consist of?
The subnet mask for the addresses on xxx.yyy.75.mmm would also be 255.255.254.0 because
both addresses found the same subnet range. This subnet allows for 510 hosts (2^9 - 2) per
subnet

And the first and last addresses reserved for network and broadcast addresses

77
The IP addresses in this subnet would range from xxx.yyy.74.1 to xxx.yyy.75.254,

xxx.yyy.74.0 will be the network address and

xxx.yyy.75.255 will the broadcast address.

7.Explain the difference between a push model and a pull model of system
administration. What are the security implications of these and how well do
they allow for delegation of responsibility in the network?
The push model of system administration involves pushing updates, patches, and
configurations to the target systems from a central location. In this model, the administrator
initiates the update process and pushes the changes to the target systems. This approach is
useful when there are a large number of systems that need to be updated or configured in a
consistent manner.

pull model of system administration involves pulling updates and configurations from a
central location by the target systems themselves. In this model, the administrator sets up a
central repository of updates and configurations that can be accessed by the target systems.
The target systems periodically check for updates and pull them from the central repository as
needed. This approach is useful when there are fewer systems to manage or when there is
limited bandwidth available for pushing updates.

 The push and pull models of system administration have different security implications:

Push Model:

 The push model involves the administrator pushing updates and changes to the system.
 This model can be more secure as the administrator has control over what changes are
made and can ensure that they are properly tested and approved before being pushed
out.
 However, if the administrator's credentials are compromised, an attacker could
potentially push malicious updates or changes to the system.

Pull Model:

 The pull model involves the system pulling updates and changes from a central
repository.
 This model can be less secure as it relies on the security of the central repository. If the
repository is compromised, attackers could potentially inject malicious code into
updates or changes that are pulled by systems.

88
  Additionally, if systems are not properly configured to verify the authenticity of updates
and changes pulled from the repository, they could inadvertently install malware or
other malicious software.

Both pull and push models of system administration allow for delegation of responsibility in the
network, but to varying degrees.

In the push model, administrators have full control over the network and can
delegate tasks to other users or groups. For example, an administrator can grant a
user permission to install software on a specific set of machines. However, this
model requires a high level of trust in the delegated users, as they have access to
all parts of the network that the administrator does.

In contrast, the pull model allows for more granular delegation of responsibility. Users
are given access only to specific resources or applications that they need to perform
their tasks. This model is more secure than the push model because users cannot access
parts of the network that they do not need to.

In general both models can be used for delegation of responsibility in system

administration, but it is important to consider the level of trust and security
required for each situation.

8.Why are Unix shell scripts not portable? Is Perl portable? How can cfengine
help in the issue of script portability? State the difference between perl and
cfengine
Unix shell scripts are not portable because they rely heavily on the specific Unix shell
environment in which they were written. Different Unix shells have different syntax,
commands, and features, which can cause scripts to behave differently or fail to run altogether
on different systems.

 YES Perl is considered highly portable because it was designed to be platform-

independent. Perl scripts can run on a wide range of operating systems and platforms
without modification, as long as the necessary Perl interpreter is installed. However,
some Perl modules may not be available or may behave differently on different
platforms, which can affect the portability of Perl scripts that rely on them.

CFEngine can help in the issue of script portability by providing a platform-independent way to
manage and deploy scripts across different systems. CFEngine allows you to define policies that

99
specify how scripts should be deployed, configured, and executed on different systems. This
ensures that scripts are consistent across all systems, regardless of their underlying operating
system or hardware architecture.

CFEngine also provides a powerful scripting language that allows you to automate complex
tasks and workflows. This scripting language is platform-independent, which means that you
can write scripts once and deploy them on any system that supports CFEngine.

In addition, CFEngine provides a number of built-in functions and modules that simplify the
process of managing scripts. For example, it includes modules for managing files, directories,
users, and groups, as well as modules for executing commands and running scripts.

 Perl is a general-purpose programming language used for a wide range of tasks, including web
development, system administration, and data analysis. It is a scripting language that can be
used to automate tasks and manipulate data.
 CFEngine, on the other hand, is a configuration management tool used for automating and
managing large-scale IT infrastructure. It allows administrators to define policies and rules for
managing servers and applications across multiple platforms.

While both Perl and CFEngine can be used for automation, they serve different purposes. Perl is more
suited for general-purpose scripting tasks, while CFEngine is designed specifically for managing IT
infrastructure.

9.One of the central problems in account management is the distribution of passwords. If we

are unable (or unwilling) to use a password distribution system like NIS, passwords have to
be copied from host to host. Assume that user home-directories are shared amongst all hosts.
Write a script which takes the password file on one host and converts it into all of the
different file formats used by different Unix-like OSs, ready for distribution

#!/bin/bash

# This script takes the password file on one host and converts it into all of the different file
formats used by different Unix-like OSs, ready for distribution.

# Define variables

PASSWORD_FILE="/etc/passwd"

OUTPUT_DIR="./output"

# Create output directory if it doesn't exist

if [ ! -d "$OUTPUT_DIR" ]; then

1010
 mkdir "$OUTPUT_DIR"

fi

# Convert to Linux format

cp "$PASSWORD_FILE" "$OUTPUT_DIR/passwd.linux"

chmod 644 "$OUTPUT_DIR/passwd.linux"

# Convert to FreeBSD format

awk -F: '{printf "%s:%s:%d:%d:%s:%s:%s\n", $1, $2, $3, $4, $5, $6, $7}' "$PASSWORD_FILE" >
"$OUTPUT_DIR/passwd.freebsd"

chmod 644 "$OUTPUT_DIR/passwd.freebsd"

# Convert to OpenBSD format

awk -F: '{printf "%s:$1$%s$%s:%d:%d:%s:%s:/bin/ksh\n", $1, rand(), rand(), $3, $4, $5, $6}'
"$PASSWORD_FILE" > "$OUTPUT_DIR/passwd.openbsd"

chmod 600 "$OUTPUT_DIR/passwd.openbsd"

# Convert to NetBSD format

awk -F: '{printf "%s:*:%d:%d::0:0:%s\n", $1, $3, $4, $5}' "$PASSWORD_FILE" >
"$OUTPUT_DIR/passwd.netbsd"

chmod 600 "$OUTPUT_DIR/passwd.netbsd"

echo "Password file converted successfully!"

10.Write a script to monitor the amount of disk space used by each user and
warn about users that exceed a fixed quota.
This script is designed to monitor the amount of disk space used by each user and warn about
users that exceed a fixed quota.

STEP 1:

First, we need to set the fixed quota for each user. This can be done by specifying a maximum
amount of disk space that each user is allowed to use. For example, we can set a quota of 10GB
for each user.

STEP 2:

1111
Next, we need to create a script that will monitor the amount of disk space used by each user.
We can do this by using the "du" command in Linux. The "du" command displays the disk usage
of files and directories in a human-readable format.

STEP 3:

We can then use a loop to iterate through all the users on the system and check their disk
usage. If a user exceeds their quota, we can send them a warning message.

STEP 4:

To automate this process, we can schedule the script to run at regular intervals using cron jobs.

CODE:

Here is an example code for our disk space monitoring script:

```

#!/bin/bash

# Set fixed quota

quota=10G

# Iterate through all users

for user in $(cut -d: -f1 /etc/passwd); do

# Get disk usage for current user

usage=$(du -sh /home/$user | cut -f1)

# Compare with quota

if [[ $usage > $quota ]]; then

# Send warning message

echo "Warning: User $user has exceeded their disk quota"

fi

done

1212
1313