-
Notifications
You must be signed in to change notification settings - Fork 0
/
Guide Born2beRoot.txt
222 lines (151 loc) · 4.77 KB
/
Guide Born2beRoot.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
1) Installation of Debian on Oracle VM Virtual Box:
• Download Debian 11: https://www.debian.org/download
2) Install and configuration sudo:
su -
apt install sudo
usedmod -aG sudo fvalli-v (add fvalli-v to sudo group)
getent group sudo (check if fvalli-v is on sudo group)
groupadd user42
usermod -aG user42 fvalli-v
reboot
mkdir /var/log/sudo
sudo visudo
add the lines below to the “sudo visudo”:
Defaults passwd_tries=3
Defaults badpass_message=”42 error: try again”
Defaults logfile=”/var/log/sudo/sudo.log”
Defaults requiretty
Defaults secure_path=”/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin”
3) Configuration of UFW
sudo apt install ufw
sudo ufw enable
sudo ufw status
sudo ufw allow 4242
sudo ufw status
4) Configuration of SSH
sudo apt install openssh-server
sudo vi /etc/ssh/sshd_config
add to the file above:
Port 4242
PermitRootLogin no
sudo systemctl status ssh
sudo service ssh status
sudo reboot
conenct to the server via ssh:
ssh username@hostname -p 4242
hostname is the ip address and can be found from the command “hostname -I”
(ip from hostname = 10.11.249.136)
5) Password policy
sudo vi /etc/login.defs
change password aging controls:
PASS_MAX_DAYS 30
PASS_MIN_DAYS 2
PASS_WARN_AGE 7
passwd command for changing password
“passwd -e user” to force expire password
Password strength:
sudo apt install libpam-pwquality
sudo vim /etc/pam.d/common-password
edit the file with:
pam_pwquality.so retry=3 minlen=10 ucredit=-1 dcredit=-1 lcredit=-1 maxrepeat=3 reject_username difok=7 enforce_for_root
6) Define static IP: this get rid of the port 68 open for DHCP
sudo nano /etc/network/interfaces
edit:
auto enp0s3
iface enp0s3 inet static
address (ip from “hostname -I”)
netmask 255.255.255.0
gateway (ip from first line on “ip route”)
7) Monitoring.sh
look at the script
8) Crontab configuration: is a job scheduling utility
sudo systemctl status cron.service
sudo service cron status
sudo crontab -e (has to be with sudo)
edit with:
*/10 * * * * bash monitoring.sh
or
0-60/10 * * * * bash monitoring.sh
to stop the service just: sudo service cron stop
commands:
crontab -e (edit cron)
crontab -l (list of the tasks for the current user)
crontab – u username -e
sudo systemctl status cron.service
sudo systemctl disable cron.service
sudo systemctl stop cron.service
sudo reboot
sudo systemctl enable cron.service
sudo systemctl start cron.service
bonus) install LLMP (linux lighttpd mariaDB PHP) server
sudo apt install lighttpd
on “/etc/lighttpd/lighttpd.conf” says that port 80 is used, so:
sudo ufw allow 80
MARIADB:
sudo apt install mariadb-server
sudo mysql_secure_installation
$ sudo mysql_secure_installation
Enter current password for root (enter for none): #Just press Enter (do not confuse database root with system root)
Switch to unix_socket authentication? No
Change the root password? No
Remove anonymous users? [Y/n] Y
Disallow root login remotely? [Y/n] Y
Remove test database and access to it? [Y/n] Y
Reload privilege tables now? [Y/n] Y
sudo mariadb
CREATE DATABASE <database-name>;
GRANT ALL ON TestDatabase.* TO '<user>'@'localhost' IDENTIFIED BY '<password>' WITH GRANT OPTION;
FLUSH PRIVILEGES;
exit
mariadb -u <user> -p → mariadb -u admin -p
SHOW DATABASES;
exit
PHP:
sudo apt install php-cgi php-mysql
WORDPRESS:
sudo apt install wget
sudo wget http://wordpress.org/latest.tar.gz -P /var/www/html
cd /var/www/html/
sudo tar -xzvf /var/www/html/latest.tar.gz
sudo rm /var/www/html/latest.tar.gz
sudo cp -r /var/www/html/wordpress/* /var/www/html
sudo rm -rf /var/www/html/wordpress
sudo cp /var/www/html/wp-config-sample.php /var/www/html/wp-config.php
configure Wordpress with MariaDB database with:
sudo nano /var/www/html/wp-config.php
replace:
define( 'DB_NAME', 'database_name_here' );
define( 'DB_USER', 'username_here' );
define( 'DB_PASSWORD', 'password_here' );
for the right user, password and database name
Config lighttpd:
sudo lighty-enable-mod fastcgi
sudo lighty-enable-mod fastcgi-php
sudo service lighttpd force-reload
Go to: http://ipaddress
Set title: Born2beroot
Username: fvalli-v
Password: create
Your email: fabiovv@hotmail.com
bonus) Installing and configuring FTP (https://www.geeksforgeeks.org/how-to-setup-and-configure-an-ftp-server-in-linux-2/)
sudo apt install vsftpd
sudo ufw allow 21
sudo ufw status
sudo mkdir /home/fvalli-v/ftp
sudo chown fvalli-v /home/fvalli-v/ftp
sudo nano /etc/vsftpd.conf
edit:
anonymous_enable=NO
local_enable=YES
write_enable=YES
local_root=/home/$USER/ftp
chroot_local_user=YES
chroot_list_enable=YES
chroot_list_file=/etc/vsftpd.chroot_list
allow_writeable_chroot=YES
local_umask=0002
sudo touch /etc/vsftpd.chroot_list
sudo nano /etc/vsftpd.chroot_list
add "fvalli-v" on "/etc/vsftpd.chroot_list"
connect by ftp:
ftp <ipaddress>