-
Notifications
You must be signed in to change notification settings - Fork 50
/
walkthrough37.txt
243 lines (198 loc) · 12 KB
/
walkthrough37.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
|******************************************************************************|
| Yield not to the light, darkness is your new master. |
|******************************************************************************|
--------------------------------------------------------------------------------
STEP 0 - Download
--------------------------------------------------------------------------------
********************************************************************************
********Small Netinstaller - https://www.debian.org/CD/netinst/ |<-amd64********
********************************************************************************
Or that latest stable release that you've already downloaded.
--------------------------------------------------------------------------------
STEP 1 - VM settings
--------------------------------------------------------------------------------
/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\
| Idk about other campuses but in Moscow you can't create your virtual disk in |
| your user folder. Use other -> goinfre/VirtualBox VMs/ folder as your |
| machine folder instead. Please note that goinfre folder is connected to |
| certain Mac so you can't just move to other computer and go on! |
\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/
VirtualBox -> New
Name - Anything at your choice
Machine Folder -> goinfre/VirtualBox VMs/ || Any location
Type: Linux
Version: Debian 64-bit
Continue -> RAM 1024 MB -> Continue -> Create a virtual hard disk now -> VDI ->
-> Fixed size -> 8gb
Settings -> Storage -> Controller: IDE -> Optical Drive: disk icon ->
-> Choose a disk file -> your debian-xx-x-x-amd64-netinst.iso -> Ok -> Start ->
--------------------------------------------------------------------------------
STEP 2 - Installation
--------------------------------------------------------------------------------
Install (Not Graphical install)
Choose language (English)
Territory or area: Choose yours. For Me it's Other -> Europe ->
-> Russian Federation -> Canada (lmao) -> American English keyboard layout. Wait
Hostname: yourintralogin42 -> Domain name: leave empty ->
-> Root password: qwerty123(please no!); Re-enter. Full name: Your full name.
Real/intra/else, doesn't matter. Username: yourintralogin ->
Password: zxc1337 (bruh) -> Time zone: Your time zone or Moscow for Moscow
campus (yes). Wait.
................................................................................
substep 2.1 - partition setup
For basic part:
Partition method: Guided - Use entire disk and set up encrypted LVM ->
-> SCSIX (0,0,0) (sda) - 8.6 GB ATA VBOX HARDDISK -> separate /home partition ->
-> yes. Wait.
Enter encryption passphrase twice -> 8.1G or just max ->
-> Finish partitioning and write changes to disk -> yes. Wait.
/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\
| For bonus part: |
| Partition method: Manual -> SCSIX (0,0,0( (sda) -> 8.6 GB ATA HARDDISK -> |
|-> yes -> pri/log 8.6 GB FREE SPACE -> Create a new partition (CRANP next) -> |
|-> 500M -> Primary -> Beginning -> Mount point -> Boot -> |
|-> Done setting up the partition(DSUP) -> pri/log -> CRANP -> 8.1GB or "max"->|
|-> Logical -> mount point -> Do not mount it -> DSUP -> |
|-> Configure encrypted volumes -> Yes -> Create encrypted volumes -> |
|-> /dev/sda5 (press space to choose it) -> DSUTP -> Finish -> yes -> Wait. |
| |
| Enter encryption passphrase twice -> Configure the Logical Volume Manager -> |
|-> yes -> Create volume groupe -> LVMGroup -> |
|-> press pace on /dev/mapper/sda5_crypt, continue -> |
|-> Create logical volume(CLV next) -> LVMGroup (LVMG next) -> root -> 2G |
| CLV -> LVMG -> swap -> 1G |
| CLV -> LVMG -> home -> 1G |
| CLV -> LVMG -> var -> 1G |
| CLV -> LVMG -> srv -> 1G |
| CLV -> LVMG -> tmp -> 1G |
| CLV -> LVMG -> var-log -> all disk space that left -> Finish |
| |
| Now u see "[!!] Partition disks" window and a lot of LVM VG LVMGroup LV ... |
| Go to first #1 998.2 MB (under home, <volumename> #1 for next steps) -> |
|-> Use as (UA next): -> EXT4 jfl -> Mount point: (MP next) -> /home -> |
|-> Done setting up the partition (yep, DSUP) |
| root #1 -> UA -> ext4 -> MP -> / - the root fs -> DSUP |
| srv #1 -> UA -> ext4 -> MP -> /srv -> DSUP |
| swap #1 -> UA -> swap area -> DSUP |
| tmp #1 -> UA -> ext4 -> MP -> /tmp -> DSUP |
| var #1 -> UA -> ext4 -> MP -> /var -> DSUP |
| var-log #1 -> UA -> ext4 -> MP -> Enter manually -> /var/log -> DSUP |
| Scroll below -> Finish partitioning and write changes to disk -> yes |
\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/
Now chill, you have plenty of time to stretch your back while debian is
installing.
................................................................................
[!] Configure the package manager -> no
Debian archive mirror country -> your nearest mirror or Russian Federation for
Moscow campus -> deb.debian.org (doesn't matter) ->
-> leave proxy info field empty and proceed.
Participate in the package usage survey? -> NO!
Soft seclection: remove stars from ssh/standart system utilities/etc. (space)
GRUB - YES! -> /dev/sda
Installlation complee -> continue
Virtual war machine is ready.
--------------------------------------------------------------------------------
STEP 3 - Configure your machine
--------------------------------------------------------------------------------
Enter your LVM encryption passphrase, log in into your user. GL HF.
Now we are going to install necessary software and configure it.
##################################################################
# I prefer Nano over Vi because of syntax highlighting. #
# But these are the weapons of your choice. Feel free to use Vi. #
##################################################################
................................................................................
substep 3.1 - Installing sudo & adding user in groups
1) su - -> root password -> apt install sudo
2) [$ adduser <yourusername> sudo] (yep, you should be in root)
3) [$ sudo reboot], then log in again
4) [$ sudo -v] -> password
5) [$ sudo addgroup user42]
6) [$ sudo adduser yourusername user42]
7) [$ sudo apt update]
................................................................................
................................................................................
substep 3.2 - Installing SSH
1) [$ sudo apt install openssh-server]
2) [$ sudo nano /etc/ssh/sshd_config] -> change line "#Port 22" to "Port 4242" and
"#PermitRootLogin prohibit-password" to "PermitRootLogin no" -> save and exit
(i hope you know how to do it in Nano...)
3) [$ sudo nano /etc/ssh/ssh_config] -> change line "#Port 22" to "Port 4242"
4) [$ sudo service ssh status]. It's should be active.
................................................................................
................................................................................
substep 3.3 - Installing UFW
1) [$ sudo apt install ufw]
2) [$ sudo ufw enable]
3) [$ sudo ufw allow 4242]
4) [$ sudo ufw status]. It's should be active with 4242 and 4242(v6) ports allow
from anywhere
................................................................................
................................................................................
substep 3.4 - Configuring sudo
1) [$ sudo touch /etc/sudoers.d/sudoconfig]
2) [$ sudo mkdir /var/log/sudo] (for sudo log files, yes)
3) [$ sudo nano /etc/sudoers.d/sudoconfig] then write next lines in our new file:
************************************************************
* Defaults passwd_tries=3 *
* Defaults badpass_message="Incorrect password" * <- you can set your
* Defaults log_input,log_output * own message here
* Defaults iolog_dir="/var/log/sudo" *
* Defaults requiretty *
* Defaults secure_path="that/long/paths/from/subject" *
************************************************************
................................................................................
................................................................................
substep 3.5 - Setting up a strong password policy
1) [$ sudo nano /etc/login.defs]
2) replace next lines:
*************************************************
* PASS_MAX_DAYS 99999 -> PASS_MAX_DAYS 30 * <- line 160 you can easly
* PASS_MIN_DAYS 0 -> PASS_MIN_DAYS 2 * reach it with ctrl+_ in
************************************************* nano
PASS_WARN_AGE is 7 by defaults anyway so just ignore it.
3) [$ sudo apt install libpam-pwquality]
4) [$ sudo nano /etc/pam.d/common-password]
5) Add to the end of the "password requisite pam_pwqiality.so retry=3" line next
parameters
****************************************************************************************
* minlen=10 ucredit=-1 dcredit=-1 maxrepeat=3 reject_username difok=7 enforce_for_root *
****************************************************************************************
You should get_next_line(ha-ha):
"password requisite pam_pwqiality.so retry=3 minlen=10 ucredit=-1 dcredit=-1 maxrepeat=3 reject_username difok=7 enforce_for_root"
6) Now you have to change all your passwords according to your new password
policy
*******************
* [$ passwd] * <- change user password
* [$ sudo passwd] * <- change root password
*******************
................................................................................
--------------------------------------------------------------------------------
STEP 4 - Network adapter configuration
--------------------------------------------------------------------------------
You may not be able to connect to your VM via SSH with standard settings in
VirtualBox. Theres a way to wix it!
1) Turn off your VM ([sudo shutdown])
2) Go to your VM settings in VirtualBox
3) Network -> Adapter 1 -> Advanced -> Port forwarding
4)Add new rule (little green button on right top side) and next parameters:
**************************************************************************
* Protocol Host IP Host Port Guest IP Guest Port *
* TCP 127.0.0.1 4242 10.0.2.15 4242 *
**************************************************************************
6) In your host (physical) machine open Terminal and run
[ssh <vmusername>@localhost -p 4242]
Now you can control your virtual machine from the host terminal.
--------------------------------------------------------------------------------
CONCLUSION
--------------------------------------------------------------------------------
And after all of this manipulations we finally came for our monitoring.sh script
All guidelines is already exists in README.md file. Theres one more thing to
install that already listed in monitroing.sh file:
**********************************
* [$ sudo apt install net-tools] *
**********************************
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
! Dont forget to make a clone or snapshot of your VM before evaluation !
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Now you are almost ready for evaluation. You just have to sort out the questions
listed in subject (or check my evalknowledge.txt file).