Data

Tools

Indexes

Applications

Experiments

Awesome

An open API service indexing awesome lists of open source software.

https://github.com/linguawork/born2beroot

This project enriched my knowledge and skills in LINUX System Administration.
https://github.com/linguawork/born2beroot

apparmor debian-linux ecole42 linux linuxadmin passwordpolicy school21 ssh sudo systemadministration ufw-firewall useradmin

Last synced: 3 months ago
JSON representation

This project enriched my knowledge and skills in LINUX System Administration.

Awesome Lists containing this project

README 

        
# Born2beRoot



This project aims to introduce to the wonderful world of virtualization. It is about installing a Debian linux system without graphical interface and application of safity rules to the system. 

I created my first machine in VirtualBox under specific instructions. At the end of this project, you was able to set up my own operating system while implementing strict rules. I was supposed to install Debian distro on a virtual machine. 



The use of VirtualBox was mandatory.

I had to turn in a signature.txt file which had a hash code of my system.



This project consists of having set up my first server by following specific rules.

Since it is a matter of setting up a server, I was supposed to install the

minimum of services.  For this reason, a graphical interface was of no

use here.  It was therefore forbidden to install X.org or any other

equivalent graphics server.  



I was to choose as an operating system either the latest stable version of Debian (no testing/unstable), or the latest stable version of CentOS. I chose Debian because it was highly recommended for newcomers to system administration.



I had to create at least 2 encrypted partitions using LVM.

Below is an example of the expected partitioning:

Screen Shot 2022-04-28 at 10 03 12 PM



I had to apply aptitude and apt and AppArmor.



Additionally I was to implement an SSH service running on port 4242 only. For security reasons, to connect using SSH as root was not to be possible according to the task. Moreover I had to to configure the operating system with the UFW firewall and thus I had to leave only port 4242 open. My firewall was to be active whenever I launch my virtual machine.

The hostname of my virtual machine was supposed to be my login ending with 42 (e.g., wil42). You was to be able to modify my hostname.



I had to implement a strong password policy.

I had to install and configure sudo following strict rules.

In addition to the root user, a user with my login as username had to be present.

The user had to belong to the user42 and sudo groups.

I had to create a new user and assign it to a group.



To set up a strong password policy, I had to comply with the following requirements:

My password had to expire every 30 days.

The minimum number of days allowed before the modification of a password was to be set to 2.

The user had to receive a warning message 7 days before their password expires.

My password had to be at least 10 characters long. It must contain an uppercase letter and a number. Also, it must not contain more than 3 consecutive identical characters.



The password was not to include the name of the user.

The following rule did not apply to the root password: The password had to be at least 7 characters that are not part of the former password.

My root password had to comply with this policy.



To set up a strong configuration for my sudo group, I had to comply with the following requirements:

• Authentication using sudo had to be limited to 3 attempts in the event of an incorrect password.

• A custom message of my choice had to be displayed if an error due to a wrong password occured when using sudo.

• Each action using sudo had to be archived, both inputs and outputs. The log file had to be saved in the /var/log/sudo/ folder.

• The TTY mode had to be enabled for security reasons.

• For security reasons too, the paths that can be used by sudo had to be restricted. Example:         /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin



Finally, you had to create a simple script called monitoring.sh. It had to be developed in bash.

At server startup, the script was to display some information (listed below) on all terminals every 10 minutes (so I used Wall). The banner was optional. No error was to be visible.

My script had always to be able to display the following information:

• The architecture of the operating system and its kernel version.

• The number of physical processors.

• The number of virtual processors.

• The current available RAM on my server and its utilization rate as a percentage. 

• The current available memory on my server and its utilization rate as a percentage. 

• The current utilization rate of the processors as a percentage.

• The date and time of the last reboot.

• Whether LVM was active or not.

• The number of active connections.

• The number of users using the server.

• The IPv4 address of my server and its MAC (Media Access Control) address. 

• The number of commands executed with the sudo program.



I was also to interrupt the script without modifying it.(I had to use Cron.)

Below is the example of how the script was to work:

Screen Shot 2022-04-28 at 10 28 17 PM



Below are two commands one can use to check some requirements:

Screen Shot 2022-04-28 at 10 31 45 PM



##Bonuses



• I was to set up partitions correctly to get a structure similar to the one below:

In this part the partition sizes did not match to the ones shown on the picture as the system holds some percentage.



Screen Shot 2022-04-28 at 10 34 29 PM



• I was to set up a functional WordPress website with the following services: lighttpd, MariaDB, and PHP.

• I had to set up a service of my choice that is useful (NGINX / Apache2 excluded!). 

I installed ADMINER because it is more comfortable to see data with the help of graphical interface.



Here is the sample of the video of my defence:



https://user-images.githubusercontent.com/12897177/165836405-c1049795-876c-42e2-8220-b82cf04306f2.mp4



Below is the link to the full video recorded during my defence of the project.

https://disk.yandex.ru/i/V_HOE9nrCoGwyA



My final result was 125%