This guide has 8 Parts:
- Part 1 - Downloading Your Virtual Machine
- Part 2 - Installing Your Virtual Machine
- Part 3 - Starting Your Virtual Machine
- Part 4 - Configurating Your Virtual Machine
- Part 5 - Connecting to SSH
- Part 6 - Continue Configurating Your Virtual Machine
- Part 7 - Signature.txt
- Part 8 - Your Born2BeRoot Defence Evaluation with Answers
-
Click on this link https://cdimage.debian.org/debian-cd/current/amd64/iso-cd/
-
Scroll to the bottom of the website and click
debian-xx.x.x-amd64-netinst.iso
-
Click on Search Icon π in the top right on a Apple Computer/Laptop and type in
Managed Software Center
-
Click on software and scroll π±οΈ to the bottom β¬ and click
DOWNLOAD
on Virtual Box.
- Open Virtual Box and Click on
New
- Change Machine Folder to
sgoinfre/students/your_intra_login/Virtual Machine Name
and then clickcontinue
to move to the next step.
- Set Memory Size as
1024 MB
and click continue.
- Click
Create a Virtual Hard Disk Now
and then clickCreate
to create the Hard Disk.
- Click
VDI (VirtualBox Disk Image)
and then clickContinue
to select VDI.
- Click
Dyamically Allocated
and then clickContinue
to only use space on your Hard Disk.
- Set Size as
12.00 GB
and then clickContinue
this should be enough for this project.
- Click
Settings
and then clickStorage
to view your Virtual Machine Storage.
- Click on
Optical Drive
(Optical Drive - far right blue small box).
- Click on
Choose a disk file...
(2nd option in the drop down).
- Then click on the Virtual Machine file (.iso).
- Click on your
Virtual Machine
and then click'ok
to confirm you Virtual Machine Storage.
- Click
Start
(The Green Arrow β‘οΈ) to start your Virtual Machine.
In the Virtual Machine, you will not have access to your mouse and will only use your Keyboard to operate your Virtual Machine.
- To increase your Virtual Machine size, press
command
+c
on your Apple Keyboard at the same time and then use your mouse to drag the screen to the size you wish or do the following:
- Use the arrow keys on your keyboard πΌ π½ and press
Enter
onInstall
(This will start the installation proccess).
- Press
enter
onEnglish - English
or your language of preference.
- Press
enter
onAustralia
or the country your installing this Virtual Machine.
- Press
enter
onAmerican English
or your keyboard of preference.
- Create a Host Name as your login, with 42 at the end (eg. prossi42) - write down your Host Name, as you will need this later on.
- Leave this blank, press
enter
on Continue.
- Create a Password for the Host Name - write this down as well, as you will need this later on.
- Create a User Name without 42 at the end (eg. prossi) - write down your Host Name, as you will need this later on.
-
Create a Password for the User Name (you might as well use the same password as your Host Password) write this down as well, as you will need this later on.
-
Press
enter
on yourTimezone
(The timezone your currently doing this project in).
- Press
enter
onGuided - use entire disk and set up encrypted LVM
(Second to last option from the list).
- Press
enter
on Select Disk to Partition.
- Press
enter
on SelectSeparate /home, /var, and /tmp paritions
(Last option from the list).
- Select
Yes
and pressEnter
to write the changes to disks and configure LVM.
- Press
Enter
tocancel
Erasing data as you won't need this for your Virtual Machine.
- Create a Encryption passphrase - write this down as well, as you will need this later on.
- Retype the Encryption passphrase you just created.
- Type in
max
and press enter onContinue
to assign the amount of volume group to use for guided partitioning.
- Press enter on
Finish partitioning and write changes to disk
.
- Press enter on
Yes
for Partition Disks.
- Press enter on
No
for Configure the package manager.
- Press
enter
in the country that your in.
- Press
enter
on deb.debian.org.
- Leave this blank and press
enter
on continue.
- Press
enter
onno
for Configuring popularity-contest.
- Deselect
SSH server
andstandard system utilities
by pressing theSpace key
and then pressenter
onContinue
.
- Press
enter
onYes
to Install the GRUB boot loader on a hard disk.
- Press
enter
on /dev/sda
- Press
enter
oncontinue
to finish the installation.
- Before we move onto starting your Virtual Machine, make sure you have your Host, Username and Password/s saved or written down somewhere.
-
Press enter on
Debian GNU/Linux
-
Enter your encryption password you had created before
-
Login in as the your_username you had created before
-
Type
lsblk
in your Virtual Machine to see the partition
- First type
su -
to login in as the root user. - Then type
apt-get update -y
- Then type
apt-get upgrade -y
- Then type
apt install sudo
- Then type
usermod -aG sudo your_username
to add user in the sudo group (To check if user is in sudo group, typegetent group sudo
) - Type
sudo visudo
to open sudoers file - Lastly find - # User privilege specification, type
your_username ALL=(ALL) ALL
- Then type
apt-get install git -y
to install Git - Then type
git --version
to check the Git Version
- Type
sudo apt install openssh-server
- Type
sudo systemctl status ssh
to check SSH Server Status - Type
sudo vim /etc/ssh/sshd_config
- Find this line
#Port22
- Change the line to
Port 4242
without the # (Hash) in front of it - Save and Exit Vim
- Then type
sudo grep Port /etc/ssh/sshd_config
to check if the port settings are right - Lastly type
sudo service ssh restart
to restart the SSH Service
- First type
apt-get install ufw
to install UFW - Type
sudo ufw enable
to inable UFW - Type
sudo ufw status numbered
to check the status of UFW - Type
sudo ufw allow ssh
to configure the Rules - Type
sudo ufw allow 4242
to configure the Port Rules - Lastly Type
sudo ufw status numbered
to check the status of UFW 4242 Port
- To exit your Virtual Machine and use your mouse, press
command
on your Apple Keyboard and your mouse should appear - Go to your Virtual Box Program
- Click on your Virtual Machine and select
Settings
- Click
Network
thenAdapter 1
thenAdvanced
and then click onPort Forwarding
- Change the Host Port and Guest Port to
4242
- Then head back to your Virtual Machine
- Type
sudo systemctl restart ssh
to restart your SSH Server - Type
sudo service sshd status
to check your SSH Status - Open an iTerm and type the following
ssh [email protected] -p 4242
- In case an error occurs, then type
rm ~/.ssh/known_hosts
in your iTerm and then retypessh [email protected] -p 4242
- Lastly type
exit
to quit your SSH iTerm Connection
-
First type
sudo apt-get install libpam-pwquality
to install Password Quality Checking Library -
Then type
sudo vim /etc/pam.d/common-password
-
Find this line.
password requisite pam_deny.so
or
- 4.1 The line should now look like this -
password requisite pam_pwquality.so retry=3 minlen=10 ucredit=-1 lcredit=-1 dcredit=-1 maxrepeat=3 reject_username difok=7 enforce_for_root
- Save and Exit Vim
- Next type in your Virtual Machine
sudo vim /etc/login.defs
- Find this part
PASS_MAX_DAYS 9999
PASS_MIN_DAYS 0
PASS_WARN_AGE 7
- Change that part to
PASS_MAX_DAYS 30
andPASS_MIN_DAYS 2
keepPASS_WARN_AGE 7
as the same - Lastly type
sudo reboot
to reboot the change affects
- First type
sudo groupadd user42
to create a group - Then type
sudo groupadd evaluating
to create an evaluating group - Lastly type
getent group
to check if the group has been created
- First type
cut -d: -f1 /etc/passwd
to check all local users - Type
sudo adduser new_username
to create a username - write down your new_username, as you will need this later on.
- 2.1 Type
sudo usermod -aG user42 your_username
- 2.2 Type
sudo usermod -aG evaluating your_new_username
- Type
getent group user42
to check if the user is the group - Type
getent group evaluating
to check the group - Type
groups
to see which groups the user account belongs to - Lastly type
chage -l your_new_username
to check if the password rules are working in users
- First type
cd ~/../../
- Then type
cd var/log
- Then type
mkdir sudo
(if it already exists, then continue to the next step). - Then type
cd sudo && touch sudo.log
- Then type
cd ~/../
- First type
sudo nano /etc/sudoers
to go the sudoers file - Now edit your sudoers file to look like the following by adding in all of the defaults in the image below -
Defaults env_reset
Defaults mail_badpass
Defaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/bin:/sbin:/bin"
Defaults badpass_message="Password is wrong, please try again!"
Defaults passwd_tries=3
Defaults logfile="/var/log/sudo/sudo.log"
Defaults log_input, log_output
Defaults requiretty
- Then type
apt-get install -y net-tools
to install the netstat tools - Then type
cd /usr/local/bin/
- Then type
touch monitoring.sh
- Lastly type
chmod 777 monitoring.sh
- Copy this text (To copy the text below, hover with your mouse to the right corner of the text below and a copy icon will appear).
#!/bin/bash
arc=$(uname -a)
pcpu=$(grep "physical id" /proc/cpuinfo | sort | uniq | wc -l)
vcpu=$(grep "^processor" /proc/cpuinfo | wc -l)
fram=$(free -m | awk '$1 == "Mem:" {print $2}')
uram=$(free -m | awk '$1 == "Mem:" {print $3}')
pram=$(free | awk '$1 == "Mem:" {printf("%.2f"), $3/$2*100}')
fdisk=$(df -BG | grep '^/dev/' | grep -v '/boot$' | awk '{ft += $2} END {print ft}')
udisk=$(df -BM | grep '^/dev/' | grep -v '/boot$' | awk '{ut += $3} END {print ut}')
pdisk=$(df -BM | grep '^/dev/' | grep -v '/boot$' | awk '{ut += $3} {ft+= $2} END {printf("%d"), ut/ft*100}')
cpul=$(top -bn1 | grep '^%Cpu' | cut -c 9- | xargs | awk '{printf("%.1f%%"), $1 + $3}')
lb=$(who -b | awk '$1 == "system" {print $3 " " $4}')
lvmu=$(if [ $(lsblk | awk '{print $6}' | grep "lvm" | wc -l) -eq 0 ]; then echo no; else echo yes; fi)
ctcp=$(ss -Ht state established | wc -l)
ulog=$(users | wc -w)
ip=$(hostname -I)
mac=$(ip link show | grep "ether" | awk '{print $2}')
cmds=$(journalctl _COMM=sudo | grep COMMAND | wc -l)
wall " #Architecture: $arc
#CPU physical: $pcpu
#vCPU: $vcpu
#Memory Usage: $uram/${fram}MB ($pram%)
#Disk Usage: $udisk/${fdisk}Gb ($pdisk%)
#CPU load: $cpul
#Last boot: $lb
#LVM use: $lvmu
#Connections TCP: $ctcp ESTABLISHED
#User log: $ulog
#Network: IP $ip ($mac)
#Sudo: $cmds cmd"
- Then open up a iTerm2 seperate from your Virtual Machine and type in iTerm
ssh [email protected] -p 4242
and then type your password, when it asks for it. - Then type
cd /usr/local/bin
. - Then type
nano monitoring.sh
and paste the text above into the vim monitoring.sh you just created, by doingcommand
+v
on your Apple keyboard. - Save and Exit your
monitoring.sh
- 5.1 - Then type
exit
to exit the iTerm SSH Login. - 5.2 - Then go back to your Virtual Machine (not iTerm) and continue on with the steps below.
- Then type
sudo visudo
to open your sudoers file - Add in this line
your_username ALL=(ALL) NOPASSWD: /usr/local/bin/monitoring.sh
under where its written %sudo ALL=(ALL:ALL) ALL - It should look like this
- Then exit and save your sudoers file
- Now type
sudo reboot
in your Virtual Machine to reboot sudo - Type
sudo /usr/local/bin/monitoring.sh
to execute your script as su (super user) - Type
sudo crontab -u root -e
to open the crontab and add the rule - Lastly at the end of the crontab, type the following
*/10 * * * * /usr/local/bin/monitoring.sh
this means that every 10 mins, this script will show
- Open iTerm and type
cd
- Then type
cd sgoinfre/students/<your_intra_username>/VirtualBox VMs
- Type
shasum VirtualBox.vdi
or whatever your Virtual Machine is called (This can take from a few seconds to 5 mins). - Copy the output number and create a signature.txt file and paste that number in the file.
- Now you submit the signature.txt file with the output number in it.
Note
Attribution and Links To The Originality and Inspiration Of This Guide.
Link to the Born2BeRoot Evaluation Checklist created by Adrian Musso-Gonzalez.
Easier to install and configure so better for personal servers.
Debian is a lot easier to update then CentOS when a new version is released. Debian is more user-friendly and supports many libraries, filesystems and architecture. It also has more options for customisation. If you are a larger business CentOS offers more Enterprise features and excellent support for the Enterprise software.
Is a resource that uses software instead of a physical computer to run programs or apps. Each VM has its own operating system and functions separately, so you can have more than one VM per machine. Can be used to test applications in a safe, separate environment. Works by using software to simulate virtual hardware and run on a host machine.
- Aptitude is a high-level package manager while APT is lower level which can be used by other higher level package managers
- Aptitude is smarter and will automatically remove unused packages or suggest installation of dependent packages
- Apt will only do explicitly what it is told to do in the command line
Linux security system that provides Mandatory Access Control (MAC) security. Allows the system admin to restrict the actions that processes can perform. It is included by default with Debian. Run aa-status to check if it is running.
For the password rules, we use the password quality checking library and there are two files the common-password file which sets the rules like upper and lower case characters, duplicate characters etc and the login.defs file which stores the password expiration rules (30 days etc). Sudo nano /etc/login.defs Sudo nano /etc/pam.d/common-password
Logical Volume Manager β allows us to easily manipulate the partitions or logical volume on a storage device.
UFW is a interface to modify the firewall of the device without compromising security. You use it to configure which ports to allow connections to and which ports to close. This is useful in conjunction with SSH, can set a specific port for it to work with.
SSH or Secure Shell is an authentication mechanism between a client and a host. It uses encryption techniques so that all communication between clients and hosts is done in encrypted form. User on Mac or Linux can use SSH the terminal to work on their server via SSH.
Cron or cron job is a command line utility to schedule commands or scripts to happen at specific intervals or a specific time each day. Useful if you want to set your server to restart at a specific time each day.
cd /usr/local/bin
β to show monitoring.shsudo crontab -u root -e
β to edit the cron jobchange script to */1 * * * * sleep 30s && script path
β to run it every 30 seconds, delete the line to stop the job from running.
sudo ufw status
sudo systemctl status ssh
getent group sudo
getent group user42
sudo adduser new username
sudo groupadd groupname
sudo usermod -aG groupname username
sudo chage -l username
- check password expire ruleshostnamectl
hostnamectl set-hostname new_hostname
- to change the current hostname- Restart your Virtual Machine.
sudo nano /etc/hosts
- change current hostname to new hostnamelsblk
to display the partitionsdpkg -l | grep sudo β
to show that sudo is installedsudo ufw status numbered
sudo ufw allow port-id
sudo ufw delete rule number
ssh [email protected] -p 4242
- do this in terminal to show that SSH to port 4242 is working