Install Virtual Box
Link Virtual Box to your sgoinfre
Create a folder [your_login]/VM in the sgoinfre and give right access to it
Go to Virtual Box -> Preferences -> General -> Default Machine Folder and put :
/sgoinfre/goinfre/Perso/[your login]/VM
Create a new VM, using Debian and with Bridge network, then launch your new VM and select your debian iso.
debian-9.8.0-amd64-netinst
Language : english
Zone : France
Keyboard : American english
Hostname : roger
Domain : 42.fr
Password root : xxxxxx
Full name : xxxx
Username : xxxx
Password : xxxx
Type : Manual
1st partition : 4.5gb, primary, beggining, ext4, mounted on /
2nd partition : 1gb, primary, beggining, swap
3rd partition : rest, primary, ext4, mounted on /home
Country : France
Mirror : ftp.fr.debian.org
HTTP proxy : no
Software selection : Select [SSH server] [Standard system utilities]
Instal the GRUB boot loader : yes
$> su
$> apt-get update -y && apt-get upgrade -y
$> apt-get install sudo vim iptables-persistent fail2ban sendmail apache2 portsentry
$> adduser [your_non-admin_user] sudo
$> replace etc/network/interface with file in [Files_config] + choose your IP
$> replace etc/ssh/sshd_config with file in [Files_config] + modify password authentification to 'yes' + choose your port
$> reboot
$> ssh-keygen
$> cat ~/.ssh/id_rsa.pub
$> ssh [VM_USERNAME]@[VM_IP] -p [VM_SSH_PORT]
$> sudo mkdir .ssh
$> sudo vim .ssh/authorized_keys -> paste pub key
$> sudo vim /etc/ssh/sshd_config (replace password autentification 'yes' to 'no')
$> sudo service ssh restart
$> sudo reboot
Or simply use : ssh-copy-id -i id_rsa.pub [VM_USERNAME]@[VM_IP] -p [VM_SSH_PORT] to copy/paste your pubkey
You can now access your VM with ssh [VMUSERNAME]@[VMIP] -p [VMSSHPORT] without using password and with pubkeys. Root can't access.
$> sudo chmod 777 /etc/network/if-pre-up.d/bestiptables
$> sudo sh /etc/network/if-pre-up.d/bestiptables
$> sudo reboot
$> sudo vim /etc/fail2ban/jail.local -> complete with your own rules
$> sudo systemctl restart fail2ban.service
$> sudo reboot
$> sudo cat /var/log/fail2ban
$> sudo iptables -L
$> sudo iptables -S
https://fr-wiki.ikoula.com/fr/Se_prot%C3%A9ger_contre_le_scan_de_ports_avec_portsentry
Try using commands on host :
$> perl slowloris.pl -dns [STATIC IP VM] -port [SSH PORT VM]
$> perl slowloris.pl -dns [STATIC IP VM] -port 80
$> perl slowloris.pl -dns [STATIC IP VM] -port 443
$> perl slowloris.pl -dns [STATIC IP VM] -port 25
Slowloris should not be able to send any packets and IP should be banned from VM (see logs portsentry and iptbles)
$> sudo aptget install nmap
$> nmap -Pn [IP_VM_TO_TEST]
$> nmap [IP_VM_TO_TEST]
Nmap should not be able to scan your ports and IP trying to scan should be banned (see logs portsentry and iptbles)
See Files_config
$> sudo sendmailconfig
$> sudo reboot
Create a file mail.txt with content
$> sudo sendmail xxxx@xxx.com < /home/xxx/email.txt
$> sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/private/rogerxxx.com.key -out /etc/ssl/certs/rogerxxx.com.crt
$> sudo vim /etc/apache2/sites-available/default-ssl.conf
$> sudo apachectl configtest
$> sudo a2enmod ssl
$> sudo a2ensite default-ssl
$> sudo systemctl restart apache2.service
$> sudo cp /etc/apache2/sites-available/000-default.conf /etc/apache2/sites-available/001-default.conf
$> sudo vim /etc/apache2/sites-available/001-default.conf
$> a2dissite 000-default.conf
$> a2ensite 001-default.conf
$> systemctl reload apache2
nvienot