{"id":27498116,"url":"https://github.com/allancrabelo/born2beroot","last_synced_at":"2025-10-26T17:33:27.896Z","repository":{"id":288103062,"uuid":"966843134","full_name":"allancrabelo/Born2beRoot","owner":"allancrabelo","description":"Born2beroot is a hands-on cybersecurity \u0026 infrastructure project where I built and secured a Linux system from scratch. From LVM and UFW to SSH hardening and audit scripting, it's DevOps meets resilience — proving I can build secure systems with zero guesswork.","archived":false,"fork":false,"pushed_at":"2025-04-15T14:50:03.000Z","size":2,"stargazers_count":1,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-04-15T15:44:35.507Z","etag":null,"topics":["42porto","42school","bash","devops","docker","firewall","infrastructure","linux","lvm","networking","ssh","sysadmin","system-administration","ubuntu","ubuntu-server","virtualbox"],"latest_commit_sha":null,"homepage":"https://www.42network.org/","language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/allancrabelo.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2025-04-15T14:35:29.000Z","updated_at":"2025-04-15T14:50:07.000Z","dependencies_parsed_at":"2025-04-15T15:54:43.892Z","dependency_job_id":null,"html_url":"https://github.com/allancrabelo/Born2beRoot","commit_stats":null,"previous_names":["allancrabelo/born2beroot"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/allancrabelo%2FBorn2beRoot","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/allancrabelo%2FBorn2beRoot/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/allancrabelo%2FBorn2beRoot/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/allancrabelo%2FBorn2beRoot/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/allancrabelo","download_url":"https://codeload.github.com/allancrabelo/Born2beRoot/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":249326179,"owners_count":21251735,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["42porto","42school","bash","devops","docker","firewall","infrastructure","linux","lvm","networking","ssh","sysadmin","system-administration","ubuntu","ubuntu-server","virtualbox"],"created_at":"2025-04-17T08:29:12.587Z","updated_at":"2025-10-26T17:33:27.891Z","avatar_url":"https://github.com/allancrabelo.png","language":null,"readme":"![Design sem nome(5)](https://github.com/user-attachments/assets/8cdeef09-5df8-4893-a5ef-9ecdf3ba062c)\n\n# 🧱 BORN2BEROOT – Linux Infrastructure \u0026 Security Project\n\n**Born2beroot** is a Linux system hardening project that challenges students to configure a secure and fully operational virtual machine from scratch. Built under strict 42 guidelines, the project covers everything from EFI, LVM, and GRUB to SSH, sudo, and UFW — simulating real-world system administration with high security and performance standards.\n\nThis VM is not just a configuration task; it is a secure system environment built line-by-line, manually, to reflect your mastery over Linux internals, partitioning strategies, logical volumes, backup routines, and access controls.\n\n🧠 It is a training ground for becoming a true system administrator.\n\n---\n\n## 🏅 Performance in the Project \n\nDuring the evaluation of Born2beroot, I delivered all mandatory setups, security reinforcements, and optimizations. Some of the key completed aspects:\n\n ✅ EFI, GRUB, and secure boot management \n ✅ Proper partitioning using LVM (Volume Groups + Logical Volumes) \n ✅ SSH service with root login disabled \n ✅ User creation with restricted `sudo` access \n ✅ UFW configured to whitelist only necessary services \n ✅ Backup snapshot routines and `/etc` integrity control \n ✅ Valgrind clean and system logs audit-ready\n\nThis reflects a strong understanding of system resilience, minimalism, and performance — all pillars for cybersecurity in production-grade systems.\n\n\u003cp align=\"center\"\u003e\n \u003cimg src=\"https://github.com/user-attachments/assets/8af4b974-7a7a-44cb-9e46-df3bb81bb556\" /\u003e\n\u003c/p\u003e\n\n---\n\n## 📚 Key Features\n\n🔹 System Setup – Linux Core Administration\n\n- EFI System Partition (`/boot/efi`) and GRUB2 bootloader installation\n- LVM setup: Physical Volumes → Volume Group → Logical Volumes\n- Swap area defined and activated\n- Partition structure using `ext4` for performance and journaling support\n\n🔹 Security Hardening – Access \u0026 Firewall\n\n- UFW firewall enabled with strict rules (`22`, `80`, and monitored ports)\n- SSH configuration with `PermitRootLogin no`\n- `sudo` configured for group `sudo` only, log policies in place\n- Password complexity and account lockout policies\n\n🔹 Automation \u0026 Logging\n\n- Cron jobs for uptime logs and system checks\n- Custom MOTD (Message of the Day)\n- Snapshots via LVM or full system backups via `tar`\n\n---\n\n## 📁 Project Structure\n\n 📦 born2beroot \n ┗ 📜 signature.txt\n\n---\n\n## 📖 Concepts Overview\n\n| Concept | Description |\n|------------------|-----------------------------------------------------------------------------|\n| `/dev` | Represents devices as files (e.g. disks, partitions) |\n| `/dev/mapper` | Holds mapped logical volumes (via LVM) |\n| `/dev/sda5` | The 5th partition of your first storage device (`sda`) |\n| EFI Partition | Stores GRUB and bootloaders; must be FAT32 and mounted at `/boot/efi` |\n| LVM Group | Volume Group containing Logical Volumes (e.g. `/dev/mapper/root`) |\n| Swap Partition | Dedicated virtual memory area; activates with `swapon` |\n| Filesystems | `ext4`, `ext3`, `btrfs`, `XFS`, `JFS`, `FAT32` — each with pros and cons |\n| GRUB | Bootloader that starts the OS via EFI or BIOS |\n| `apt` / `sudo` | Package manager / privilege elevation tool |\n\n---\n\n## 🧠 Commands You’ll Use Often\n\n\n # See system date\n date\n\n # Save system state via full backup\n sudo tar czpvf born2beroot-backup.tar.gz --exclude=/proc --exclude=/sys --exclude=/dev --exclude=/run --exclude=/mnt /\n\n # Create LVM snapshot (if using LVM)\n sudo lvcreate --size 1G --snapshot --name snap_before_sudo /dev/mapper/ubuntu--vg-root\n\n # Show mounted disks\n lsblk\n\n # Show volume groups\n vgdisplay\n\n# 🚧 Tutorials (Coming Soon)\n\nI'm currently working on a detailed tutorial to help others navigate the BORN2BEROOT project more efficiently. This section will include:\n\n 📹 Video Guide – A step-by-step walkthrough explaining key concepts and solutions.\n 📄 PDF Guide – A structured document with explanations, tips, and best practices.\n\nStay tuned! The tutorial will be available soon. 🚀\n\n## 🔎 Checklist and commands during the evaluation\n- [ ] Check if sha1sum of vdi file is equal to signature.txt\n- [ ] Check linux release `lsb_release -a || cat /etc/os-release`\n- [ ] Check the partitions `lsblk`\n- [ ] Check if sudo in on `dpkg -l | grep sudo`\n- [ ] Check the hostname `hostnamectl`\n- [ ] Check the password policy `sudo chage -l username`\n- [ ] Check UFW `sudo ufw status numbered`\n- [ ] Check SSH `sudo systemctl status ssh`\n- [ ] Check sudo log `cd /var/log/sudo/` then `cat sudo.log`\n- [ ] Check if user is on sudo `getent group sudo`\n- [ ] Check if user is on user42 `getent group user42`\n- [ ] Run monitoring `cd /usr/local/bin` then `bash monitoring.sh`\n- [ ] Create a new user `sudo adduser username`\n- [ ] Check the username `cd /etc/passwd | grep username`\n- [ ] Create a new group `sudo groupadd evaluating`\n- [ ] Add the user to new group `sudo adduser username evaluating`\n- [ ] Add the user to sudo `sudo adduser username sudo`\n- [ ] Check the changes `getent group evaluating` and `getent group evaluating`\n- [ ] Change the hostname `sudo hostnamectl set-hostname newname` \u0026\u0026 `sudo nano /etc/hosts`\n- [ ] reboot, see and see the change `sudo reboot` then `hostnamectl`\n- [ ] Restore the original hostname `sudo hostnamectl set-hostname oldname` \u0026\u0026 `sudo nano /etc/hosts`\n- [ ] Add the 8080 port `sudo ufw allow 8080`\n- [ ] See the changes `sudo ufw status numbered`\n- [ ] Delete the port added `sudo ufw delete 1-9`\n- [ ] Check the ip address `sudo ip address`\n- [ ] Connect to new user `ssh new_user@hostip.0.0.0 -p 4242`\n- [ ] Try to connect to root (Must be fail) `ssh root@hostip.0.0.0 -p 4242` \n- [ ] Change time to 1min `sudo crontab -u root -e `\n\n\n# 🤝 Contributing\n\nIf you are also doing the Piscine, feel free to suggest improvements or share new approaches!\n\n 📬 Contact: If you want to discuss solutions or exchange ideas, find me on Discord or GitHub!\n\n\u003cp align=\"center\"\u003e\n \u003cimg src=\"https://github.com/user-attachments/assets/4c14b4d4-9bb4-444d-8b90-64794adccb8a\" alt=\"Imagem\" /\u003e\n\u003c/p\u003e\n\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fallancrabelo%2Fborn2beroot","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fallancrabelo%2Fborn2beroot","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fallancrabelo%2Fborn2beroot/lists"}