Skip to content

This is a repository to prepare the defense of the School 42 project Born2beRoot. Contains code, commands and definitions that will help in correcting the project.

Notifications You must be signed in to change notification settings

PublioElio/School-42-Born2beroot

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 
 
 
 
 
 
 
 
 

Repository files navigation

Born2beRoot

School 42 Málaga cursus project

This is a repository to prepare the evaluation of the School 42 project Born2beRoot. All the contents of this README.md are listed to help during the evaluation of the project, with useful commands, code and the explanation of functionalities and tasks that will be tested.

For more details about this project, read the subject.

Table of contens

  1. Why a virtual machine(VM)?
  2. Differences between CENTOS and Debian
  3. APT and aptitude
  4. SELinux and AppArmor
  5. UFW(Uncomplicated Firewall)
  6. Password policy
  7. LVM (Logical Volume Manager)
  8. SSH (Secure SHell)
  9. Cron
  10. Lightttpd
  11. Fail2ban

Why a virtual machine(VM)?

The main purpose of VMs is to use multiple operating systems (OS) at the same time, on the same machine. Companies that use many applications must use different configurations of hardware, which has a high maintenance cost, in addition to taking up physical space. VMs are the answer to this and other problems, because it's like emulating an OS. This is a list of the most common reasons to install a VM:

  • Test software for a different OS
  • Run old or incompatible software
  • Develop software for other platforms
  • Handle potential malware safely
  • Clone a system to another machine

Differences between CENTOS and Debian

comparison between CENTOS and DEBIAN

APT and aptitude

Both are related to package management. They are used for package search, removal, and installation, but have different approaches.

APT (Advanced Packaging Tool)

APT is an open source tool created for the Debian project. APT is designed to handle the installation and removal of software; it was part of the Debian .deb package; however, it now works with RPM Package Manager. It includes command line programs: apt, apt-get and apt-cache.

APT searchs in a list of cached packages and shows the dependencies that need to be installed or updated. APT automatically downloads, configures, and installs dependencies.

Updating packages with APT

Update installed packages includes:

  • update is used to sync files from their sources.
  • upgrade is used to install the latest versions of all packages currently installed on the system from the sources listed in /etc/apt/sources.list. Installed packages with new versions available are downloaded and updated; under no circumstances installed packages are removed, or packages that are not yet installed are downloaded and installed. New versions that cannot be updated without changing the package state will remain at their current version.
  • full-upgrade (apt) y dist-upgrade (apt-get), in addition to updating, also handles changing dependencies with new package versions; apt and apt-get have smart conflict resolution system and will try to update more important packages at the expense of less important ones if necessary. The /etc/apt/sources.list file contains a list of locations from which to download the desired package files. aptitude has a smarter dist-upgrade function called full-upgrade.

aptitude

aptitude is an interface to APT. Displays a list of software packages and allows the user to interactively choose which ones to install or remove. It has a search system that uses flexible patterns, which make it easy for the user to understand the complex dependency relationships that may exist between packages. Originally it was designed for GNU/Linux Debian distributions, but nowadays it can also be used in distributions based on RPM packages.

You need three essential points: user, port and server.

To use aptitude by command terminal, like apt-get, you must be logged in as super-user (root) or use the sudo command. In this link you can find list of common aptitude commands.

Differences between aptitude and APT

The main difference is that aptitude is a high-level package manager while APT is lower-level package manager which can be used by other higher-level package managers, other main highlights that separate these two package managers are:

Aptitude is vaster in functionality than apt-get and integrates functionalities of apt-get and its other variants including apt-mark and apt-cache. While apt-get handles all the package installation, up-gradation, system-upgradation, purging package, resolving dependencies etc. Aptitude handles lot more stuff than APT, including functionalities of apt-mark and apt-cache i.e. searching for a package in list of installed packages, marking a package to be automatically or manually installed, holding a package making it unavailable for up-gradation and so on. (source)

SELinux and AppArmor

SELinux logo

SELinux (Security-Enhanced Linux)

SELinux is a security architecture for Linux systems that allows administrators more control over who can access them. SELinux defines access controls for applications, processes, and files within a system. It uses security policies, which consist of a set of rules to tell SELinux which elements can be accessed.

AppArmor logo

AppArmor (Application Armor)

AppArmor is a Linux kernel security module that allows the system administrator to restrict the capabilities of a program.

UFW(Uncomplicated Firewall)

UFW is a firewall developed by Ubuntu that stands out for its simplicity . Use the command line to configure iptables using a small number of simple commands. UFW is written in python and is a GNU/Linux program.

Check UFW status via sudo ufw status

$ sudo ufw status verbose

Check AppArmor status

$ sudo aa-status

Check OS (Operating System)

$ lsb_release -a

Add user to a group

$ sudo adduser <username> <group>

Check if an user is in a group

$ getent group <groupname>

Get all groups of an user

$ id -Gn <username>

List all groups and users

$ getent group

Password policy

  • Passwords have to expire every 30 days.
  • 2 must be the minimum number of days before being allowed to change a password.
  • The user must receive a warning message 7 days before their password expires.
  • A password must be at least 10 characters long.
  • It must contain an uppercase letter and a number. Also, it must not contain more than 3 consecutive identical characters.
  • The password must not include the name of the user.
  • The following rule does not apply to the root password: The password must have at least 7 characters that are not part of the former password.

Check password rules

$ sudo cat /etc/login.defs

This three values are changed in the login.defs document, the Password aging controls section:

PASS_MAX_DAYS 30
PASS_MIN_DAYS 2
PASS_WARN_AGE 7

Now, we have to check the /etc/security/pwquality.conf configuration file. :

$ sudo cat /etc/security/pwquality.conf

This are the values that need to be modified in the configuration file:

# Number of characters in the new password that must not be present in the old password.
difok = 7
# The minimum acceptable size for the new password (plus one if credits are not disabled which is the default).
minlen = 10
# The maximum credit for having digits in the new password. If less than 0 it is the minimun number of digits in the new password.
dcredit = -1
# The maximum credit for having uppercase characters in the new password. If less than 0 it is the minimun number of uppercase characters in the new password.
ucredit = -1
# The maximum number of allowed consecutive same characters in the new password. The check is disabled if the value is 0.
maxrepeat = 3
# Whether to check it it contains the user name in some form. The check is disabled if the value is 0.
usercheck = 1
# Prompt user at most N times before returning with error. The default is 1.
retry = 3
# Enforces pwquality checks on the root user password. Enabled if the option is present.
enforce_for_root

Add a new user

$ sudo useradd <username>

List users

$ less /etc/passwd

Create user login password

$ sudo passwd <username>

Create a new group

$ groupadd <groupname>

Check the hostname

$ hostnamectl

Change the hostname

After modify the hostname is necessary to reboot the machine to apply the changes.

$ sudo nano /etc/hostname

Another way of doing this is:

$ sudo hostnamectl set-hostname <new_hostname>

Then, reboot the machine

$ reboot

Change from user to root user

Remember to use the root password!

$ sudo su

Check partitions during evaluation

$ lsblk

LVM (Logical Volume Manager)

LVM is a software that allows the implementation of RAID (Redundant Array of Inexpensive Disks) from partitions and offer them to the operating system as new devices. For its operation, it assigns the disks to one or more physical volumes that must be partitioned as LVM type. LVM storage volumes have the ability to be resized and transported depending on user needs and using up-to-date appliance tools.

Advantages of LVM

  • restrictions of physical devices are eliminated.
  • Performs Snapshots that allow the current state of a logical volume to be stored and make a backup copy of the file system. And it's also fault tolerant, so a drive is easily replaceable, should it ever fail.

Check all sudo logs The file is in var/log/sudo/sudo.log

$ sudo cat /var/log/sudo/sudo.log

Cron

Cron (or crontab, short for chrono table) is a program that enables the execution of scripts or software in an automatic way, at a certain date and time or at a specified interval. It is installed by default in Debian (we can check this with the apt list cron command). To test and understand the Cron service, you can use this page.

Check the Cron service

$ crontab -e

Check the crontab jobs

$ sudo cat /var/spool/cron/crontabs/<username/root>

Disable Cron service

$ sudo systemctl disable cron

monitoring.sh and sleep.sh

monitoring.sh is a script that displays a message on the terminals of all logged-in users. It searchs for certain values and saves them on variables to print on screen. sleep.shcalculates the amount of time that the virtual machine has been turned on to print the monitoring.sh message on the screen every ten minutes since the system was started.

Check monitoring.sh (Cron service archives)

$ sudo cat /root/monitoring.sh

Check sleep.sh (create a sleep delay)

$ sudo cat /root/sleep.sh

SSH (Secure SHell)

SSH is the name of a protocol and the program that implements it, whose main function is remote access to a server through a secure channel in which all information is encrypted. It is a protocol that allows secure communications between two systems using a client/server architecture and authorizes users to connect to a host remotely. Unlike other remote communication protocols such as FTP or Telnet, SSH encrypts the connection session, making it impossible for anyone to obtain unencrypted passwords.

By accessing a remote server through the SSH protocol, security risks are considerably reduced. Both in the case of the client and the system itself, security is improved thanks to encryption; SSH takes care of encrypting all sessions. Thus, it is impossible for someone to access the passwords, the client's access data or what the client has written.

Connect the VM via SSH

$ ssh <username>@localhost -p 4242

Check SSH status via sudo service ssh status

$ sudo service ssh status

Check SSH config file

$ sudo cat /etc/ssh/sshd_config

Lightttpd

Lighttpd (pronounced 'lighty') is an open-source web server optimized for speed-critical environments while remaining standards-compliant, secure and flexible.

Check lighttpd

$ sudo systemctl status lighttpd

To check that lightspeed is working: in a browser on the host machine, connect to the following address and port (login into Wordpress): http://127.0.0.1:8080.

We can also check that PHP is correctly installed: http://127.0.0.1:8080/info.php

Check PHP version

$ php -v

Fail2ban

Fail2ban is a program that analyses server logs to identify and ban suspicious IP addresses. If it finds multiple failed login attempts or automated attacks from an IP address, it can block it with the firewall, either temporarily or permanently.

Check Fail2ban

$ sudo systemctl status fail2ban

Get VM disk ID

$ shasum <path-to.vdi>

About

This is a repository to prepare the defense of the School 42 project Born2beRoot. Contains code, commands and definitions that will help in correcting the project.

Topics

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages