{"id":18550368,"url":"https://github.com/amaitou/born2beroot","last_synced_at":"2025-04-09T22:31:16.439Z","repository":{"id":112338250,"uuid":"567471772","full_name":"amaitou/Born2beRoot","owner":"amaitou","description":"Explore virtualization by setting up a Linux server. Learn to optimize resources and manage scalability in real-world scenarios, gaining essential skills for today's IT landscape.","archived":false,"fork":false,"pushed_at":"2024-04-19T16:27:13.000Z","size":130,"stargazers_count":4,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"master","last_synced_at":"2025-03-24T12:46:50.149Z","etag":null,"topics":["1337school","42cursus","42network","born2beroot-1337","born2beroot-42"],"latest_commit_sha":null,"homepage":"","language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/amaitou.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null}},"created_at":"2022-11-17T21:34:03.000Z","updated_at":"2024-03-07T00:37:44.000Z","dependencies_parsed_at":"2024-04-08T18:45:17.304Z","dependency_job_id":"61147374-2e50-4821-ba41-0e8409d24561","html_url":"https://github.com/amaitou/Born2beRoot","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/amaitou%2FBorn2beRoot","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/amaitou%2FBorn2beRoot/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/amaitou%2FBorn2beRoot/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/amaitou%2FBorn2beRoot/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/amaitou","download_url":"https://codeload.github.com/amaitou/Born2beRoot/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248123481,"owners_count":21051479,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["1337school","42cursus","42network","born2beroot-1337","born2beroot-42"],"created_at":"2024-11-06T21:04:21.845Z","updated_at":"2025-04-09T22:31:16.161Z","avatar_url":"https://github.com/amaitou.png","language":"Shell","funding_links":[],"categories":[],"sub_categories":[],"readme":"----\n![VRlogo](https://user-images.githubusercontent.com/49293816/202593303-f11f8a05-204f-4484-8745-f2635b9ab054.jpg)\n\n----\n\n# Table of contents\n- [Born2beRoot](https://github.com/amaitou/Born2beRoot?tab=readme-ov-file#born2beroot)\n- [What is LVM?](https://github.com/amaitou/Born2beRoot?tab=readme-ov-file#what-is-lvm)\n- [The difference between aptitude and apt?](https://github.com/amaitou/Born2beRoot?tab=readme-ov-file#the-difference-between-aptitude-and-apt)\n    - [Installing packages in aptitude and apt-get](https://github.com/amaitou/Born2beRoot?tab=readme-ov-file#installing-packages-in-aptitude-and-apt-get)\n    - [Search for packages in aptitude and apt-get](https://github.com/amaitou/Born2beRoot?tab=readme-ov-file#search-for-packages-in-aptitude-and-apt-get)\n    - [Remove packages in aptitude and apt-get](https://github.com/amaitou/Born2beRoot?tab=readme-ov-file#remove-packages-in-aptitude-and-apt-get)\n- [AppArmor and SELinux](https://github.com/amaitou/Born2beRoot?tab=readme-ov-file#apparmor-and-selinux)\n    - [SELinux](https://github.com/amaitou/Born2beRoot?tab=readme-ov-file#selinux)\n    - [AppArmor](https://github.com/amaitou/Born2beRoot?tab=readme-ov-file#apparmor)\n    - [The Difference between AppArmor and SELinux](https://github.com/amaitou/Born2beRoot?tab=readme-ov-file#the-difference-between-apparmor-and-selinux)\n- [What is SSH?](https://github.com/amaitou/Born2beRoot?tab=readme-ov-file#what-is-ssh)\n  - [How Does SSH Work?](https://github.com/amaitou/Born2beRoot?tab=readme-ov-file#how-does-ssh-work)\n  - [Syntax of establishing an SSH Connection](https://github.com/amaitou/Born2beRoot?tab=readme-ov-file#syntax-of-establishing-an-ssh-connection)\n- [What is UFW?](https://github.com/amaitou/Born2beRoot?tab=readme-ov-file#what-is-ufw)\n    - [Let's deal with UFW](https://github.com/amaitou/Born2beRoot?tab=readme-ov-file#lets-deal-with-ufw)\n    - [UFW Profiles](https://github.com/amaitou/Born2beRoot?tab=readme-ov-file#ufw-profiles)\n- [User and Group Management](https://github.com/amaitou/Born2beRoot?tab=readme-ov-file#user-and-group-management)\n  - [Users](https://github.com/amaitou/Born2beRoot?tab=readme-ov-file#users)\n  - [Groups](https://github.com/amaitou/Born2beRoot?tab=readme-ov-file#groups)\n- [Password Management](https://github.com/amaitou/Born2beRoot?tab=readme-ov-file#password-management)\n  - [Password Policies](https://github.com/amaitou/Born2beRoot?tab=readme-ov-file#password-policies)\n  - [Login Configuration](https://github.com/amaitou/Born2beRoot?tab=readme-ov-file#login-configuration)\n- [SUDO](https://github.com/amaitou/Born2beRoot?tab=readme-ov-file#sudo)\n  - [Understand SUDO](https://github.com/amaitou/Born2beRoot?tab=readme-ov-file#understand-sudo-super-user-do)\n  - [Configure SUDO](https://github.com/amaitou/Born2beRoot?tab=readme-ov-file#configure-sudo)\n- [Get close to crontab](https://github.com/amaitou/Born2beRoot?tab=readme-ov-file#get-close-to-crontab)\n  - [How to use crontab](https://github.com/amaitou/Born2beRoot?tab=readme-ov-file#how-to-use-crontab)\n----\n\n# Born2beRoot\n\nThis is the fourth project of `42/1337Cursus`. \u003cbr /\u003e\nThis project's goal is to help you set up your `virtual Machine` under specific instructions to get you close and close to know more about to world of virtualization.\n\nThe project consists of two parts\n- **Mandatory Part**\n- **Bonus Part**\n\n\u003e Note: The **Bonus Part** is not that necessary to validate the project, but it gives some extra XPs and spreads **`The Blackhole`**.\n\n----\n\n# What is LVM?\n\n**LVM** stands for `Logical Volume Management/Manager`, it is a system of managing storage `Logical Volumes` (Explained below).\n**LVM** helps you create flexible disks as well as gives you the ability to manage them dynamically (resizing, striping ...). \u003cbr /\u003e\n**LVM** does not deal with physical disks, so to create your `Logical Volume` **LVM** converts the physical disks to `Physical Volumes` then collects them in groups called `Volume Groups`, then Gives them to the `Logical Volume`.\n\n* **Physical volume** -\u003e A `Physical Volume` is any physical storage device, such as a Hard Disk Drive (HDD), Solid State Drive (SSD), or partition, that has been initialized as a physical volume with **LVM**, The `PV` is a divided chunk of data that also known as `Physical Extents` and that last have the same size as the other `PEs` (4 MB by default).\n\n    ---\n\n* **Volume Group** -\u003e The `Volume Group` is a group of `Physical Volumes` collected with each other in one place called `VG`.\n\n    ---\n\n* **Logical Volume** -\u003e The `Logical Volume` is the result of the dividing of the `Volume Groups`. in other words the `Volume Groups` are linked together into the `Logical Volume` that acts as **Virtual Disk**.\n\n    ---\n\n\n    **_Conclusion of LVM_**\n    - `LVM` does not deal with physical disks.\n    - each Physical Volume has several `Physical Extents`.\n    - each extent has a specific size (default `PE` size is _4 MO_).\n    - A single `Physical Extent` is the smallest unit of disk space that can be individually managed by `LVM`\n\n    \u003cbr /\u003e\n\n    **_Example_** \u003cbr /\u003e\n    We have a `Physical Disk` with the size of _500 GB_, and we want to convert it into _4_ `Physical Volumes` with the size of _125 GB_ to collect them within a `Volume Group`. \u003cbr /\u003e\n    Here is how to calculate the number of `Physical Extents` (Default size is 4 MO): \u003cbr /\u003e\n\n    - let's know first how many PEs would be within 1 GB: \u003cbr /\u003e\n        `1 024 / 4 = 256` \u003cbr /\u003e\n    - multiple the above result with the size of each PV to give us how many PEs would be within one PV: \u003cbr /\u003e\n        `125 * 256 = 32 000` \u003cbr /\u003e\n    - multiple the result of the above operation with 4 as we have 4 PVs: \u003cbr /\u003e\n        `32 000 * 4 = 128 000` \u003cbr /\u003e\n\n    Each `Physical Volume` would have _32 000_ `PEs` and the total `PEs` of the collected `PVs` is _128 000_.\n\n----\n\n# The difference between **aptitude** and **apt**?\n\n`apt-get` and `aptitude ` are both package managers that are responsible for any kind of activities related to packages (removing, installing, searching, updating, upgrading ...).\n\nbut the most obvious difference between them is that `aptitude` has a terminal menu interface to interact with, whereas `apt-get ` doesn't.\n\nrather than the difference in the command line interface, we can say that both `aptitude` and `apt-get` are too similar to each other. but we cannot deny that they have some minor differences as instances:\n\n- `apt-get` requires a specific command to remove the eligible files of a particular package whereas` aptitude` removes them automatically.\n- ` aptitude ` actually performs the functions of not just ` apt-get `, but also some of its companion tools, such *as apt-cache* *and apt-mark*\n- If the actions (installing, removing, updating packages) that you want to take cause conflicts, `aptitude ` can suggest several potential resolutions. ` apt-get ` will just say \"I'm sorry Man, I can't allow you to do that.\".\n- ` aptitude` has the *why* and *why-not* commands to tell you which *manually installed*\n packages are preventing an action that you might want to take.\n- Aptitude can find you the reason to install a certain package by looking in the list of installed packages and checking if any of their suggested packages have dependencies or any of their dependencies suggests that package or so on.\n\nSo, for most cases, the syntax of **Aptitude** is kept almost the same as that of `apt-get`, to make users of apt-get have less pain in migrating to Aptitude, but in addition to this, many powerful features are integrated into Aptitude that makes it the one to be chosen.\n\n\u003cbr /\u003e\n\n\u003e I've been using `apt-get` but after I learned about `aptitude`, I started using it\n\n\u003cbr /\u003e\n\n### **Installing packages in `aptitude` and `apt-get`**\n```sh\n# apt-get\napt-get install \u003cPackageName\u003e\n\n#aptitude\naptitude install \u003cPackageName\u003e\n```\n\n### **Search for packages in `aptitude` and `apt-get`**\n```sh\n# apt-get\napt-cache search \u003cPackageName\u003e\n\n# aptitude\naptitude search \u003cPackageName\u003e\n```\n\n### **Remove packages in `aptitude` and `apt-get`**\n\nWhen talking about uninstalling packages using apt package manager, we have the following two options :\n\n- **remove**\n- **purge**\n\nThe primary difference being **remove** and ‘purge‘ is that **remove** only gets rid of the package leaving any configuration files untouched. Whereas **purge** not only removes the package but also removes all configuration files OUTSIDE THE HOME DIRECTORY.\n\n---\n**NOTE** -\u003e `aptitude` remove the package including its configuration files\n\n---\n\n```sh\n# apt-get\napt-get remove \u003cPackageName\u003e # Removes only the package and leaves its configuration files\napt-get purge \u003cPackageName\u003e # Removes the package including its configuration files\n\n# aptitude\naptitude remove \u003cPackageName\u003e\n```\n\n---\n\n# **AppArmor** and **SELinux**\n\nBoth `AppArmor` and `SELinux` _(Security Enhanced Linux)_ are Linux Kernel Securities that are used to increase security in Linux distributions by hardening access to files and processes (`AppArmor` is the most used for this purpose).  \u003cbr /\u003e\nThese security systems provide tools to isolate applications from each other... and in turn, isolate an attacker from the rest of the system when an application is compromised.\n\n### **SELinux**\n`SELinux` is a kernel module that can be enabled or disabled by the system admin. As access to files and network ports is limited following a security policy, a faulty program or a misconfigured daemon can’t make a huge impact on system security. \u003cbr /\u003e\nIn its default enforcing mode, `SELinux` will deny and log any unauthorized attempts to access any resource. This approach usually referred to as the principle of least privilege, means that explicit permission must be given to a user or program to access files, directories, sockets, and other services.\n\n### **AppArmor**\n`AppArmor` is a Linux Security Module implementation of name-based _Mandatory Access Controls (MAC)_. it confines individual programs to a set of listed files. \u003cbr\u003e\n`AppArmor` is installed and loaded by default. It uses *profiles* of an application to determine what files and permissions the application requires. Some packages will install their own profiles.\n\n### The Difference between **AppArmor** and **SELinux**\n\n- SELinux is the Default for Rocky Linux, AlmaLinux, CentOS, and Red Hat.\n- SELinux is Designed to protect the entire operating system.\n- AppArmor is the Default for OpenSUSE, Debian, and Ubuntu.\n- AppArmor works with file paths.\n- AppArmor is less complex and easier for the average user to learn than SELinux.\n\n---\n\n# **What is SSH?**\n\n`SSH (Secure Shell or Secure Socket Shell)` is a network protocol that provides a secure way to connect two machines remotely so they can transmit and receive data securely.\nIt is widely used by administrators to manage systems and applications remotely, deliver software patches as well as execute commands, and move files.\nBy default, an **SSH** Server listens on _TCP (Transmission Control Protocol)_ port 22.\n\n### **How Does SSH Work?**\n\nThe connection is established by an `SSH Client` that intends to connect to an `SSH Server`, the `SSH Client` starts the connection setup process and uses a public key to verify the identity of the `SSH Server`, after the setup step, the `SSH Protcol` uses strong symmetric encryption and hashing algorithms to ensure the privacy and integrity of the exchanged data between the `Client` and the `Server`.\n\n### **Syntax of establishing an SSH Connection**\n\n```sh\nssh \u003cusername\u003e@\u003cserver ip or hostname\u003e -p \u003cport\u003e\n```\n\n---\n\n# What is **UFW**?\n\n`UFW (uncomplicated firewall)` is a firewall configuration tool that helps you secure your network properly. as well as it is a much more user-friendly framework for managing Netfilter and a command-line interface for working with the firewall. On top of that, if you'd rather not deal with the command line, `UFW` has a few GUI tools that make working with the system incredibly simple.\n\u003e Note -\u003e **UFW** comes pre-installed on **Ubuntu**\n\n\u003cbr /\u003e\n\n### **Let's deal with UFW**\n- Check the status of the UFW\n\n    ```sh\n    sudo ufw status\n    ```\n    ---\n- Enable UFW to be run at the startup of the system\n  \n    ```sh\n    sudo ufw enable\n    ```\n    ---\n- Disable UFW from being run at the startup of the System\n  \n    ```sh\n    sudo ufw disable\n    ```\n    ---\n- Block an IP Address\n\n    ```sh\n    sudo ufw deny from \u003cx.x.x.x\u003e\n    ```\n    ---\n- Allow an IP Address\n\n    ```sh\n    sudo ufw allow from \u003cx.x.x.x\u003e\n    ```\nAllowing and blocking either **IP Address, Ports, Subnets** would be added to the UFW as rules.\n\n- Delete UFW's rule\n\n    ```sh\n    # delete a UFW's rule\n    sudo ufw delete \u003crule\u003e\n    #example\n    sudo ufw delete allow from \u003cx.x.x.x\u003e\n    ```\n\n### **UFW Profiles**\n\nSome of the applications that rely on network communications set up profiles in UFW that you can use to allow connections from the external address.\n\n\n- List currently available profiles\n\n    ```sh\n        sudo ufw app list\n    ```\n    ---\n- Enable a profile application\n\n    ```sh\n        # enable profile application\n        sudo ufw allow \u003cprofile name\u003e\n        # example (enabling ssh)\n        sudo ufw allow “OpenSSH”\n    ```\n    ---\n- Disable an application profile\n\n    To disable an application you must delete the created rule for it\n    ```sh\n        sudo ufw delete allow \u003cprofile name\u003e\n    ```\n\n---\n\n# **User and Group Management**\n\nHere are some commands that might help you deal directly with managing, deleting, adding as well as updating users and groups within your Linux system.\n\n### **Users**\n\nA user in Linux is an entity that has a unique ID, that can manipulate files and perform several operations within the Linux OS.\n\n- Get the user's ID\n\n    ```sh\n    id \u003cusername\u003e\n    ```\n    ---\n- Add a user to the system\n\n    ```sh\n    useradd -m -d \u003c/home/\"name of the directory\"\u003e -c \u003cdescription\u003e \u003cusername\u003e\n    ```\n\n    **-m** -\u003e creates a user with creating its home directory\n\n    **-d** -\u003e the name of the home directory\n\n    **-c** -\u003e The description of the creation of the user\n\n    Here is the absolute path of the default user creation by user add **`/etc/default/useradd`**\n\n    ---\n\n- Delete a user from the system\n\n    ```sh\n    userdel -r \u003cusername\u003e\n    ```\n    **-r** -\u003e deletes the home directory of the deleted user\n    \n    ---\n\n- Assign a password to a user\n    \n    ```sh\n    passwd \u003cusername\u003e\n    ```\n\n### **Groups**\n\nThere are two categories of groups, **Primary Group** is created automatically when we create a user with the same id as the created user as well as it gets added to the **Primary Group** to be the first and the only member of that group. \u003cbr /\u003e \nThe second category is the **Secondary Group** which is created manually by the user using specific commands and we can add a user to it.\n\n- Add a group\n\n    ```sh\n    groupadd \u003cgroupname\u003e\n    ```\n\n    ---\n\n- Delete Group\n\n    ```sh\n    groupdel \u003cgroupname\u003e\n    ```\n    ---\n\n- Add a user to a particular group\n\n    ```sh\n    usermod -a -G \u003cgroupsname\u003e \u003cusername\u003e\n    ```\n    **-a** -\u003e appends the user to the supplemental GROUPS\n\n    **-G** -\u003e new list of supplementary GROUPS\n\n    ---\n\n- Delete a user from a particular group\n\n    ```sh\n    gpasswd -d \u003cusername\u003e \u003cgroupname\u003e\n    ```\n\n----\n\n# Password Management\n\n### **Password Policies**\n\nNot only in `Linux` but in every **OS**, the password policies are so important to generate and build strong passwords in order to avoid a few attacks (most of them are Brute-Force), that's why Linux comes with a library called `libpam-cracklib` that helps you create a strong password by setting up some options.\n\n```sh\n# To install the library, just type the following command!\napt-get install libpam-cracklib\n```\n\n\u003e The config path of the Library is `/etc/pam.d/`\nget in the path then the file called `common-password` and here is the following options to generate a strong password:\n\n```\noption=number\n```\n\n- **lcredit**: number of lowercase letters\n- **ucredit**: number of uppercase letters\n- **dcredit**: number of digits\n- **maxrepeat**: number of consecutive identical characters\n- **usercheck**: checks if the password has somehow the username\n- **difok**: how many characters must not be included in the new password\n- **check_username**: checks whether the password has the name of the name straight or reversed\n- **enfore_for_root**: enforce the root user with these policies\n\n### **Login Configuration**\n\nThe file `/etc/login.defs` helps when it comes to setting up some conditions related to resetting passwords (security-related)\n\nThere are 3 options you might work with which are:\n\n- PASS_MAX_DAYS -\u003e Maximum number of days a password may be used\n- PASS_MIN_DAYS -\u003e Minimum number of days allowed between password changes\n- PASS_WARN_AGE -\u003e Number of days warning given before a password expires\n\nrather than this, you can set these options using CLI:\n\n```sh\n# Syntax\nsudo chage --mindays \u003cnumber\u003e --maxdays \u003cnumber\u003e --warndays \u003cnumber\u003e \u003cusername\u003e\n# Examaple\nsudo chage --mindays 2 --maxdays 30 --warndays 7 amait-ou\n```\n\n- **--mindays or -m**\n- **--maxdays or -M**\n- **--warndays or -w**\n\n----\n# SUDO\n\n### **Understand SUDO (Super User Do)**\n\nWhenever you try to run a command that requires root privileges you will be asked to have root permission, simply where the role of sudo comes to give you privileges, not only with root but whenever you try to execute a command related to other users or root, you must type `sudo` so you can get privileged.\n\nNot all users could use `sudo` only sudo's group members or those users that were permitted to use sudo within the configuration file `siduoers`.\n\n- Add a user to `sudo` group\n\n```sh\nusermod -aG sudo \u003cusername\u003e\n```\n- Give the user full `sudo` access using `sudoers` file\n\n    first of all, run the command ```visudo```and then give it access. Here is the how:\n\n```sh\n#syntax\n\u003cusername\u003e ALL=(ALL) ALL\n#example\namait-ou ALL=(ALL) ALL\n```\n\u003e Note -\u003e Create a group and give it full sudo access give its members full sudo access as well\n\n### **Configure SUDO**\n\ngoing on with the same file `sudoers` that can be opened using the command `visudo` (best practice), there are some options that you can add to configure the `sudoers` file\n\n- Limite the password authentication\n\n```sh\nDefaults passwd_tries=\u003cnumber\u003e\n```\n\n---\n\n- Custome message to be shown when the password is written wrongly\n\n```sh\nDefaults badpass_message=\" your message here\"\n```\n\n---\n\n- Enable the tty by default for security reasons\n\n```sh\nDefaults requiretty\n```\n\n---\n\n- Archive sudo commands within a folder\n\n```sh\nDefaults log_output\nDefaults log_input\nDefaults iolog_dir = \"path\"\n```\n\u003e So on with the other options (secure path...)\n\n----\n\n# Get close to crontab\n\nthe `crontab` is a file that helps you schedule your programs to be run at a specific time.\n\nwithin the project, you will be asked to create a `(monitoring.sh)` that runs by the crontab every 10 minutes. the script will display some information related to the system.\n\n\u003e Note -\u003e The bash script `monitoring.sh` is included under the same name within this repository\n\n### How to use **crontab**\n\n- add a crontab job to a specific user\n\n```sh\nsudo crontab -u \u003cusername\u003e -e\n\n# -u -\u003e specify the username\n# -e -\u003e stands for edit the crontab job\n```\n\nWith this command a config file will open for adding the crontab job, and here is the syntax to have it properly set\n\n```sh\n* * * * * command\n\n# first  * (m)       -\u003e minutes\n# second * ()        -\u003e hours\n# third  *  (dom)    -\u003e day of the month\n# fourth *  (mon)    -\u003e month\n# fifth  *  (dow)    -\u003e day of the week\n```\n\n---\n\n- List user's crontab jobs\n\n```sh\nsudo crontab -l\n\n# -l -\u003e stands for list crontab jobs\n```\n\n# Contact Me\n\n* [Twitter][_1]\n\n[_1]: https://twitter.com/amait0u\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Famaitou%2Fborn2beroot","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Famaitou%2Fborn2beroot","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Famaitou%2Fborn2beroot/lists"}