Born to be linux

Saved searches

Use saved searches to filter your results more quickly

You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session. You switched accounts on another tab or window. Reload to refresh your session.

This project aims to introduce you to the wonderful world of virtualization. You will create your first machine in VirtualBox under specific instructions. Then, at the end of this project, you will be able to set up your own operating system while implementing strict rules.

iaurg/42-born2beroot

This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?

Sign In Required

Please sign in to use Codespaces.

Launching GitHub Desktop

If nothing happens, download GitHub Desktop and try again.

Launching GitHub Desktop

If nothing happens, download GitHub Desktop and try again.

Launching Xcode

If nothing happens, download Xcode and try again.

Launching Visual Studio Code

Your codespace will open once ready.

There was a problem preparing your codespace, please try again.

Latest commit

Git stats

Files

Failed to load latest commit information.

README.md

This document is a System Administration related exercise. Let’s create our first virtual machine.

  • [] The use of VirtualBox is mandatory.
  • [] You only have to turn in a signature.txt file at the root of your repository. You must paste in it the signature of your machine’s virtual disk. Go to Submission and peer-evaluation for more information
  • [] It is therefore forbidden to install X.org or any other equivalent graphics server

Debian was one of the first Linux distributions, having been available since 1993. Currently on version 10, Debian had a 17% market share of Linux web servers in April 2020.

Hostname: Is a single name that identifies you into a network

CentOS: CentOS is based on the open source code of RHEL (Red Hat Enterprise Linux).

Only truly stable versions of CentOS are released, which is partly why they sometimes take so long – some versions require more testing than others to get to a stable state. The years between releases ensure plenty of time for thorough testing, and any security fixes are backported into older versions of CentOS for any vulnerabilities discovered when building the new version. This makes CentOS another good choice for enterprises.

Читайте также:  Find if port is in use linux

There are existing and active community forums, but these are not officially run and exist separately. It’s therefore more difficult to find online tutorials and support.

The lack of community support and more difficult installation makes CentOS tricky to pick up for Linux beginners. Instead, because it’s based on the enterprise-grade RHEL, CentOS is usually preferred by businesses and web agencies who are already familiar with Linux distros.

CentOS uses the RPM package format and YUM/DNF as the package manager.

Debian uses the DEB package format and dpkg/APT as the package manager.

Logical Volume Manager, it’s a way to manage storage on your OS.

Allow the creation of «groups» of disks or partitions that can be assembled into a single (or multiple) filesystems

PV (Physical Volume) — Just tag physical devices VG (Volume Group) — A pool of physical volume so that you can divide and work with LV (Logical Volume) — Separate your VG in many ways you want
File System — The «folders» you use

  • Flexibility with volumes, allow you to resize volumes
  • Snapshots like backups in «point in time» allocated in another space, allow you to go back in history of your HD

1 — First I create the boot volume without lvm so that we can access boot

2 — Then I’ve created a encrypted volume so that I can acess and partionate this

First configure your LVM following the steps presented on this video (only if you want the bonus): https://www.youtube.com/watch?v=GEl2S5MI-WU

To check your volumes use lsblk

If you need to rename a logical volume:

lvrename LVMGroup var—log var-log

Installing, checking and configuring sudo Access as sudo su —

apt-get update -y apt-get upgrade -y apt install sudo
usermod -aG sudo userintra42

Check sudo users getent group sudo

Add your user into sudo visudo

To change user use su username42

See SSH service running in port

sudo nano /etc/ssh/sshd_config

Remove comment from line with «#Port 22» and replace with «Port 4242», after restart the ssh server

To connect into ssh confirm that you’re using a host terminal and use: ssh user42@127.0.0.1 -p 4242

Is a simple firewall tool to allow some ports and services on linux

Strong password policy

edit file /etc/pam.d/common-password

minlen=10 — Minimum lenght of password ucredit=-1 — At least one upper-case letters in the password dcredit=-1 — At least one digite in the password lcredit=-1 — At least one lower case in the password retry=3 — allow only 3 retries maxrepeat=3 — max repeat same letter usercheck=0 — not allow username in password difok=7 — number of characters that must be different from old password enforce_for_root — same policy for root password

Читайте также:  Установить cups linux mint

Password expiration file: sudo nano /etc/login.defs

PASS_MAX_DAYS 30 PASS_MIN_DAYS 2 PASS_WARN_AGE 7 

Edit /etc/sudoers and add rule passwd_retries=3 to allow only three attempts

Require tty: (Why use tty? If some non-root code is exploited (a PHP script, for example), the requiretty option means that the exploit code won’t be able to directly upgrade its privileges by running sudo.)

WordPress and DB

it’s not secure to show this here, but it’s only on VM.

Check sha1 vdi certutil -hashfile ./born2beroot_copy.vdi sha1 SHA1 hash of ./born2beroot_copy.vdi: c81ba7a127ad1bfec30b1df80d05017dbec95d88

How a virtual machine works: It’s like matrix, a computer inside another computer. Virtual machines create «fake» hardware above real hardware and use it as a virtual machine. Host Machine -> Guest OS (Virtual Machine) Isolated computer

Choice operating System I’ve choosed Debian because has a lot of material online, community and is a SO in development easy to use and friendly. Not company involved. CentOS is beign to be discontinued and has a open source project called Rocky Linux as yout substitute maintenade by CentOS founder.

Basic differences CentOS — Debian

  • Released and supported by a company (Red Hat)
  • Slower updates
  • Very stable
  • Red Hat based
  • Recommended for servers
  • Usually more secure, with default configuration
  • Less architeture support
  • Indicated for critical servers
  • CentOS uses the RPM package format and YUM/DNF as the package manager.
  • Released and supported by the community
  • Ubuntu based
  • A lot of packages
  • Version launched faster, it means less stable
  • Easy to update version
  • Debian uses the DEB package format and dpkg/APT as the package manager.

Purpose of virtual machine Create a isolated enviroment

apt get vs aptitude Both are packages managers

apt-get (and apt-cache) is the classic interface, apt is the newer UI with the same functionality. aptitude is an old optional program that has a different resolver strategy, an optional full-screen UI and some other features. While some people use it for the additional features, others seem to think its resolver is better.

  • manage package in a way that all packages are some kind of related. If you uninstalled the package you want usign aptitude he removes all related packages if necessary.
  • has command line interfaces
  • high level
  • uses command line only
  • only remove the package you want to uninstall, but you can remove like aptitude using autoremove flag
  • low level
  • is default from Debian, so community use it more
Читайте также:  Edit command for linux

App Armor is Check app armor running sudo aa-status

Restrict actions on SO, to allow only authorized users/proccess to access some paths.

See services running sudo service ufw status sudo ufw status sudo service ssh status

Check OS version cat /etc/os-release

Check groups groups itaureli42

Create user sudo adduser new_username

Explain password rules: sudo nano /etc/pam.d/common-password

Create group sudo groupadd evaluating

Assign user to group sudo usermod -aG evaluating your_new_username

Check user group groups your_new_username

Show users less /etc/passwd

Change hostname sudo hostnamectl set-hostname username sudo nano /etc/hosts sudo reboot

Check sudo installed sudo -V

Add new user into sudo group usermod -aG sudo your_username

Check group getent group sudo

By example on this machine only sudo can reboot the server, because I don’t want any user with this power, so command reboot not work without sudo privilegies.

Check log sudo nano /var/log/sudo/sudo.log

su - cd /var/log/sudo rm sudo.log sudo echo "hello 42" less sudo.log

Check ufw is installed ufw version

Check ufw is working properly and list active porst ufw status numbered

UFW is A firewall manager that allow or disallow access to ports, it’s a netfilter. This type of filter creates a barrier between a public and private connection.

The rules of the firewall can be based on:

Add new rule to 8080 ufw allow 8080

Delete rule ufw delete ROWNUMBER

Check port running ssh sudo service ssh status

SSH is SSH basicly is a encrypted content that can be sent into the internet without risk, because only the servers with keys can access and read it. This is a secure way to transfer data through network. SSH encrypt the payload of a package before send it to another computer.

Monitoring shell sudo nano /usr/local/bin/

cron is Is a job manager to allow you to run some task into the future or from time-to-time, schedule tasks and run it.

Edit cron crontab -u root -e

Stop cron service sudo service cron stop sudo /etc/init.d/cron stop

Check services running on machine systemctl list-units —type=service

Show mariadb sudo mariadb -v

Show lighttpd sudo lighttpd -v

About

This project aims to introduce you to the wonderful world of virtualization. You will create your first machine in VirtualBox under specific instructions. Then, at the end of this project, you will be able to set up your own operating system while implementing strict rules.

Источник

Оцените статью
Adblock
detector