/Born2beRoot

This project enriched my knowledge and skills in LINUX System Administration.

Born2beRoot

This project aims to introduce to the wonderful world of virtualization. It is about installing a Debian linux system without graphical interface and application of safity rules to the system. I created my first machine in VirtualBox under specific instructions. At the end of this project, you was able to set up my own operating system while implementing strict rules. I was supposed to install Debian distro on a virtual machine.

The use of VirtualBox was mandatory. I had to turn in a signature.txt file which had a hash code of my system.

This project consists of having set up my first server by following specific rules. Since it is a matter of setting up a server, I was supposed to install the minimum of services. For this reason, a graphical interface was of no use here. It was therefore forbidden to install X.org or any other equivalent graphics server.

I was to choose as an operating system either the latest stable version of Debian (no testing/unstable), or the latest stable version of CentOS. I chose Debian because it was highly recommended for newcomers to system administration.

I had to create at least 2 encrypted partitions using LVM. Below is an example of the expected partitioning: Screen Shot 2022-04-28 at 10 03 12 PM

I had to apply aptitude and apt and AppArmor.

Additionally I was to implement an SSH service running on port 4242 only. For security reasons, to connect using SSH as root was not to be possible according to the task. Moreover I had to to configure the operating system with the UFW firewall and thus I had to leave only port 4242 open. My firewall was to be active whenever I launch my virtual machine. The hostname of my virtual machine was supposed to be my login ending with 42 (e.g., wil42). You was to be able to modify my hostname.

I had to implement a strong password policy. I had to install and configure sudo following strict rules. In addition to the root user, a user with my login as username had to be present. The user had to belong to the user42 and sudo groups. I had to create a new user and assign it to a group.

To set up a strong password policy, I had to comply with the following requirements: My password had to expire every 30 days. The minimum number of days allowed before the modification of a password was to be set to 2. The user had to receive a warning message 7 days before their password expires. My password had to be at least 10 characters long. It must contain an uppercase letter and a number. Also, it must not contain more than 3 consecutive identical characters.

The password was not to include the name of the user. The following rule did not apply to the root password: The password had to be at least 7 characters that are not part of the former password. My root password had to comply with this policy.

To set up a strong configuration for my sudo group, I had to comply with the following requirements: • Authentication using sudo had to be limited to 3 attempts in the event of an incorrect password. • A custom message of my choice had to be displayed if an error due to a wrong password occured when using sudo. • Each action using sudo had to be archived, both inputs and outputs. The log file had to be saved in the /var/log/sudo/ folder. • The TTY mode had to be enabled for security reasons. • For security reasons too, the paths that can be used by sudo had to be restricted. Example: /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin

Finally, you had to create a simple script called monitoring.sh. It had to be developed in bash. At server startup, the script was to display some information (listed below) on all terminals every 10 minutes (so I used Wall). The banner was optional. No error was to be visible. My script had always to be able to display the following information: • The architecture of the operating system and its kernel version. • The number of physical processors. • The number of virtual processors. • The current available RAM on my server and its utilization rate as a percentage. • The current available memory on my server and its utilization rate as a percentage. • The current utilization rate of the processors as a percentage. • The date and time of the last reboot. • Whether LVM was active or not. • The number of active connections. • The number of users using the server. • The IPv4 address of my server and its MAC (Media Access Control) address. • The number of commands executed with the sudo program.

I was also to interrupt the script without modifying it.(I had to use Cron.) Below is the example of how the script was to work: Screen Shot 2022-04-28 at 10 28 17 PM

Below are two commands one can use to check some requirements: Screen Shot 2022-04-28 at 10 31 45 PM

##Bonuses

• I was to set up partitions correctly to get a structure similar to the one below: In this part the partition sizes did not match to the ones shown on the picture as the system holds some percentage.

Screen Shot 2022-04-28 at 10 34 29 PM

• I was to set up a functional WordPress website with the following services: lighttpd, MariaDB, and PHP. • I had to set up a service of my choice that is useful (NGINX / Apache2 excluded!). I installed ADMINER because it is more comfortable to see data with the help of graphical interface.

Here is the sample of the video of my defence:

Untitled.mp4

Below is the link to the full video recorded during my defence of the project. https://disk.yandex.ru/i/V_HOE9nrCoGwyA

My final result was 125%