Student Name: Mehedi Hasan Rakib
Student ID: A00022820
Module: CMPN202 – Operating Systems
This week focuses on implementing advanced security mechanisms and developing monitoring capabilities on the Ubuntu Server. Mandatory access control, automated security updates, intrusion prevention, and custom verification and monitoring scripts were deployed to strengthen the overall system security. All configurations were performed remotely via SSH from the workstation, following professional server administration practices.
Ubuntu Server uses AppArmor to enforce mandatory access control by restricting how applications interact with system resources.
bash sudo aa-status#
sudo systemctl enable apparmor sudo systemctl start apparmor
sudo aa-status –profiles
AppArmor reduces the impact of compromised applications by enforcing least-privilege execution policies.
Automatic security updates were configured to ensure that critical security patches are applied without manual intervention.
sudo apt install unattended-upgrades -y
sudo dpkg-reconfigure –priority=low unattended-upgrades
systemctl status unattended-upgrades
This configuration reduces exposure to known vulnerabilities by ensuring timely patching.
Fail2Ban was deployed to protect the server against brute-force attacks by monitoring authentication logs and banning malicious IP addresses.
sudo apt install fail2ban -y
sudo systemctl enable fail2ban sudo systemctl start fail2ban
sudo fail2ban-client status
Fail2Ban strengthens SSH security by automatically blocking repeated failed login attempts.
A security baseline verification script was created to confirm that key security controls are correctly configured.
nano security-baseline.sh
#!/bin/bash
echo “Checking SSH root login configuration:” grep “^PermitRootLogin no” /etc/ssh/sshd_config
echo “Checking password authentication is disabled:” grep “^PasswordAuthentication no” /etc/ssh/sshd_config
echo “Checking firewall status:” sudo ufw status verbose
echo “Checking AppArmor status:” sudo aa-status
echo “Checking fail2ban status:” sudo systemctl status fail2ban –no-pager
chmod +x security-baseline.sh
This script provides a repeatable method for verifying security configurations and supports systematic auditing.
A remote monitoring script was developed on the workstation to collect system performance metrics from the server via SSH.
nano monitor-server.sh
#!/bin/bash
SERVER_IP=”192.168.56.102” USER=”student”
ssh ${USER}@${SERVER_IP} « EOF echo “CPU and Memory Usage:” top -b -n 1 | head -20
echo “Memory Usage:” free -h
echo “Disk Usage:” df -h
echo “Network Interfaces:” ip addr EOF
chmod +x monitor-server.sh
This script enables automated, repeatable monitoring without requiring direct server console access.
This week demonstrated the importance of layered security in operating system design. Implementing AppArmor, automated security updates, and fail2ban significantly improved the server’s resilience against attacks. Developing verification and monitoring scripts strengthened my understanding of automation and reinforced industry-standard system administration practices.