Final exam exercises. May 1 2013. Time 3:20 pm -- 4:40 p.m.

The exercises are supposed to be done by each student solely on his/her desktop in the Linux lab, D-112. It is allowed to use lecture notes at http://linuxcourse.rutgers.edu and any printed material. Internet access during the exam will be restricted to the web site only.
Number of exercises: 5. Each exercise has a maximum score.
You need to create a new file answers.txt in the home directory of user hostadm, where you will be writing answers to the exam exercises. Write your name and the desktop number in the file. When you finish with the exam answers, create directory FINAL, and copy answers.txt into directory FINAL.

Note: if you happen to need to install a software package, run
apt-get install package_name
1. VM deployment (max score 3)
Deploy virtual appliance final2013, available at http://engshare.rutgers.edu/KVM/final2013.tgz
Start final2013 VM. Specify the commands you used here.


Answer
A 
wget http://engshare.rutgers.edu/KVM/final2013.tgz 
tar -zxvf final2013.tgz
cp final2013.xml /etc/libvirt/qemu
cp final2013.img /home/hostadm/KVM 
virsh define /etc/libvirt/qemu/final2013.xml
virsh start final2013

2. Network services and ports (max score 6)

A) What TCP and UDP ports are open on final2013 VM ?

B) What processes (PID and Program names) are associated with the open ports?

C) What the network services are associated with the open ports?

Answer
A 
netstat -n --inet --listening --programs
gives: 
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 0.0.0.0:21              0.0.0.0:*               LISTEN      748/inetd       
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      631/sshd        
tcp        0      0 0.0.0.0:3306            0.0.0.0:*               LISTEN      765/mysqld      
tcp        0      0 0.0.0.0:111             0.0.0.0:*               LISTEN      599/rpcbind     
udp        0      0 0.0.0.0:769             0.0.0.0:*                           599/rpcbind     
udp        0      0 0.0.0.0:68              0.0.0.0:*                           580/dhclient3   
udp        0      0 0.0.0.0:69              0.0.0.0:*                           748/inetd       
udp        0      0 0.0.0.0:111             0.0.0.0:*                           599/rpcbind
The open ports are given in the 3-rd column: 21/tcp, 22/tcp, 3306/tcp, 111/tcp, 769/udp, 68/udp, 69/udp, 111/udp.
B
The PID/Program names are given in the last column.
C
The serice name can be found by matching the port number in /etc/services file: 
grep 21 /etc/services
grep 22 /etc/services
grep 3306 /etc/services
grep 111 /etc/services
grep 769 /etc/services
grep 68 /etc/services
grep 69 /etc/services
Alternatively, you can run lsof command to find the service name in the last column of the output. 
lsof -i TCP
lsof -i UDP
Give the following outputs: 
COMMAND PID  USER   FD   TYPE DEVICE SIZE/OFF NODE NAME
rpcbind 599  root    8u  IPv4   6808      0t0  TCP *:sunrpc (LISTEN)
rpcbind 599  root   11u  IPv6   6811      0t0  TCP *:sunrpc (LISTEN)
sshd    631  root    3r  IPv4   7338      0t0  TCP *:ssh (LISTEN)
sshd    631  root    4u  IPv6   7340      0t0  TCP *:ssh (LISTEN)
inetd   748  root    4u  IPv4   7519      0t0  TCP *:ftp (LISTEN)
mysqld  765 mysql   10u  IPv4   7750      0t0  TCP *:mysql (LISTEN)
and 
COMMAND   PID USER   FD   TYPE DEVICE SIZE/OFF NODE NAME
dhclient3 580 root    7u  IPv4   6523      0t0  UDP *:bootpc 
rpcbind   599 root    6u  IPv4   6806      0t0  UDP *:sunrpc 
rpcbind   599 root    7u  IPv4   6807      0t0  UDP *:769 
rpcbind   599 root    9u  IPv6   6809      0t0  UDP *:sunrpc 
rpcbind   599 root   10u  IPv6   6810      0t0  UDP *:769 
inetd     748 root    5u  IPv4   7521      0t0  UDP *:tftp
The right column shows the service name.

3. Port scan (max score 4)

Scan the TCP ports on final2013 VM from your desktop. Specify the command you use for the scan. What the TCP ports show up open?
Answer
First, figure out the IP address of final2013 
grep final2013 /var/lib/libvirt/dnsmasq/default.leases
Scan the host by using nmap on the IP address: 
nmap -sT 192.168.122.42
Shows the following open TCP ports: 
PORT     STATE SERVICE
21/tcp   open  ftp
22/tcp   open  ssh
111/tcp  open  rpcbind
3306/tcp open  mysql


4. iptables (max score 6)

A) On final2013 VM configure the iptables script to allow outbound connection anywhere and close access to all the ports on the host from the outside.
Hint: set the default rule to DROP for INPUT and FORWARD tables, and to ACCEPT for OUTPUT table. Set the rule to accept the return network traffic.

B) Add the rule to allow access to SSH service from anywhere.

C) Add the rule to allow access to all the services from your desktop.
Hint: use the private virtual network IP address of your desktop in the iptables rule.

Answer
A 
#!/bin/bash

IPT="/sbin/iptables"

$IPT -F FORWARD
$IPT -F INPUT 
$IPT -F OUTPUT

$IPT -P FORWARD DROP 
$IPT -P INPUT DROP 
$IPT -P OUTPUT ACCEPT

$IPT -A INPUT -m state -p tcp --dport 1024:65535 --state ESTABLISHED,RELATED -s 192.168.122.0/24 -j ACCEPT
B 
$IPT -A INPUT -p tcp --dport 22 -j ACCEPT
C 
$IPT -A INPUT -s 192.168.122.1  -j ACCEPT


5. OpenMP (max score 5)

A) On your desktop, download a souce code from
http://linuxcourse.rutgers.edu/Final_2013/scalar.c
Compile the code without any special options and run the executable.

B) Compile the code with the OpenMP directive. Set the environment to run OpenMP on two CPU cores.

C) Run the compiled executable several times.
Explain why the runs occasionally reveal the different results.
How can this problem be fixed?

Answer
A 
wget http://linuxcourse.rutgers.edu/Final_2013/scalar.c
gcc scalar.c
./a.out

B 
gcc -fopenmp scalar.c
export OMP_NUM_THREADS=2
./a.out
C
The threads run into the race condition in updating z. To solve the problem, introduce
#pragma omp critical 
#pragma omp parallel for shared (z) private (i)
  for (i=0; i < n; i++)
#pragma omp critical
      z += a[i]*b[i];