teresa-chow/42-Born2beRoot

Born2beRoot is a System Administration related exercise from 42 School core curriculum.

Born2beRoot

Born2beRoot is a System Administration exercise from 42 School core curriculum. The task at hand is to create a machine using VirtualBox, complying with strict rules.

---

1. Virtual Machine · creation

A Virtual Machine (VM) is a computer file, commonly referred to as an image, that behaves like an actual computer: that is, a virtual computer within a computer.

💡 Advantages and disadvantages of using VMs

Advantages	Disadvantages
✔️ Agility and speed	❌ Unintended server sprawl
✔️ Lowered downtime: if backup and redundancy mechanisms are in place, since VMs are portable and easy to move from one hypervisor to another on a different machine	❌ Single point of failure: unless backup and redundancy mechanisms are in place, if the host computer fails, all VMs running on that machine will also fail
✔️ Scalability	❌ Hardware limitations
✔️ Security benefits: ability to run apps of questionable security, study computer viruses, while protecting host OS	❌ Security risks: if VMs are not properly isolated from each other or/and from the host machine, virtualization can introduce additional security risks
✔️ Cost savings: reduced physical infrastructure footprint	❌ License cost: some software licenses may not allow installation on VMs or require an additional license fee per VM

⚠️ Pre-requisites

• have [VirtualBox](https://www.virtualbox.org/) installed;
• have [the ISO (Optical Disc Image) installer file for the Debian GNU/Linux OS](https://cdimage.debian.org/debian-cd/current/amd64/iso-cd/) downloaded.

---

Steps

1. Open VirtualBox
2. Click New
3. Name the VM
4. Choose destination folder for the VM
   • /sgoinfre/ in this case
5. Type: Linux
6. Version: Debian (64-bit)
7. Select the amount of memory (RAM) toe allocated to the VM
   • set as default – the recommended memory size is 1024 MB
8. Create a virtual hard disk now
9. Choose VDI (VirtualBox Disk Image) as the type of file to use for the new virtual hard disk
10. Choose storage on physical hard disk as being dynamically allocated
11. Select the size of the virtual hard disk
    • 30.8 GB to account for subject bonus requirements
      
12. Click Create
13. Head to Settings → Storage → Empty → 💿 icon (Attributes: Optical Drive) → Choose a disk file → Debian ISO → Ok
14. Start the VM

---

2. Operating System (Debian) · installation

💡 Debian vs. Rocky Linux

	Debian	Rocky Linux
Developer	The Debian Project	Rocky Enterprise Software Foundation
OS Family	Linux (Unix-like)	Linux (Unix-like)
Source model	Open source	Open source
Repository	deb.debian.org	git.rockylinux.org
Package manager	Advanced Package Tool (APT)	Dandified YUM / DNF
Release cycle	2 years	1 year
Long Term Support (LTS)	5 years	10 years
Comments		Red Hat Enterprise Linux (RHEL) compatibility

note: Here, the choice for Debian over Rocky Linux was based on the first being generally regarded as a more user-friendly and accessible OS, especially for beginners.

Steps

1. Select Install from the Debian GNU/Linux installer menu;
2. Settings
   • Language: English
   • Location: other
   • Continent: Europe
   • Country: Portugal
   • Locale: United States
   • Keymap: American English
   • Hostname: <username>42 ﹡
   • Domain name: (blank)
   • Set up root password ﹡
   • User full name: <username> ﹡
   • Username: <username> ﹡
   • Set up user password ﹡
   • Clock: Lisbon

﹡ ⚠️ see subject requirements

---

3. VM · setup

3.1. Partitioning the Disk

1. Partioning method: Manual
2. Select the available volume
3. Create new empty partition on the selected device: Yes

3.1.1. Create Primary Partition

One has to create at least one primary partition on the disk.

1. Select a partition to modify its settings: FREE SPACE
2. How to use this free space: Create a new partition
3. Enter new partition size in Bytes: 525336576 B﹡
   

   1 B × 1024 = 1 KB
   1 KB × 1024 = 1 MB (1024 × 1024)
   1 MB × 1024 = 1 GB (1024 × 1024 × 1024)
   
   
   500 MB = 524 288 000 B
   + 2048 × 512 (1 048 576B)^{a
   a} – note to future self: check boot sector size, disk sector size,... (?)

4. New partition type: Primary
5. Location for the new partition: Beginning
6. Mount point for this partition: /boot
7. Partition settings: Done setting up the partition

﹡ ⚠️ see subject bonus requirements

3.1.2. Create Logical Partition

One can create an unlimited number of logical partitions on the disk.

1. Select a partition to modify its settings: FREE SPACE
2. How to use this free space: Create a new partition
3. Set new partition size to max
4. New partition type: Logical
5. Mount point for this partition: Do not mount it
6. Partition settings: Done setting up the partition

3.2. Encrypting Volumes

1. Configure encrypted volumes
2. Write the changes to disk and configure encrypted volumes? Yes
3. Create encrypted volumes
4. Select the devices to be encrypted:/dev/sda5
5. Partition settings: Done setting up the partition
6. Encryption configuration actions: Finish
7. (Confirmation message to encryption:) Yes
8. (Optional) Cancel – since there is nothing to actually encrypt
9. Set encryption passphrase ﹡

﹡ ⚠️ see subject bonus requirements

3.3. Logical Volume Manager (LVM) · configuration

1. Configure Logical Volume Manager
2. (Confirmation message:) Yes

Create Volume Group

3. Create volume group
4. Enter volume group name: LVMGroup
5. Select partition to store the group: /dev/mapper/sda5_crypt

Create Logical Partitions

7. LVM configuration action: Create logical volume
8. Select the volume group where the new logical volume should be created: LVMGroup
9. Enter logical volume name
10. Enter the size of the new logical volume
11. Repeat the steps above for each of the following volumes:
    

    Logical volume name	Logical volume size	Conversion / Calculation	Logical volume size in Bytes
    root	10G	10 × 1024 × 1024 × 1024	10737418240 B
    swap	2.3G	2.3 × 1024 × 1024 × 1024 (2469606195.2 B) 512 → 2469606400 (?) 2048 → 2469607424 (?)	2465607424 B
    home	5G	5 × 1024 × 1024 × 1024	5368709120 B
    var	3G	3 × 1024 × 1024 × 1024	3221225472 B
    srv	3G	3 × 1024 × 1024 × 1024	3221225472 B
    tmp	3G	3 × 1024 × 1024 × 1024	3221225472 B
    var-log	4G	4 × 1024 × 1024 × 1024	4294967296 B

12. LVM configuration action: Finish

Setting Mount Points

13. Select volume
14. Partition settings > set Use as:
15. Set mount point
16. Done setting up the partition
17. Repeat the steps above for each of the following volumes:
    

    Partition	Volume name	Use	Mount point	Enter
    #1	home	Ext4	/home
    #1	root	Ext4	/
    #1	srv	Ext4	/srv
    #1	swap	swap area
    #1	tmp	Ext4	/tmp
    #1	var	Ext4	/var
    #1	var-log	Ext4	Enter manually	/var/log

    Ext4 (fourth extended file system) is arguably the most stable and well tested file system supported in Linux.

18. Finish partitioning and write changes to disk
19. (Confirmation message:) Yes

3.4. Additional packages & bootloader · setup & installation

1. Additional packages: No
2. Country: Portugal
3. Set Debian archive mirror package manager: deb.debian.org
4. HTTP proxy: (blank)
5. Continue
6. Popularity contest: No
7. Remove all software options and Continue
8. Installation of GRUB bootloader: Yes
9. Select device to install the bootloader: /dev/sda (ata_VBOX_HARDDISK)
10. Continue

3.5. Login into the System

1. Enter <encryption-password>
2. Enter <username>
3. Enter <user-password>

3.6. sudo · installation & configuration

sudo allows a permitted user to execute a command as the superuser or another user, as specified by the security policy

Installation

1. su --login
   • su execute a command with substitute user and group ID
   • -, -l, --login start the shell as a login shell with an environment similar to a real login
2. apt-get update -y
   • apt-get APT package handling utility -- command-line interface
   • update update is used to resynchronize the package index files from their sources
   • -y automatic yes to prompts
3. apt-get upgrade -y
   • upgrade upgrade is used to install the newest versions of all packages currently installed on the system from the sources enumerated in /etc/apt/sources.list
4. apt install sudo
   • apt command-line interface
   • install performs the requested action on one or more packages
5. dpkg -l | grep sudo verify whether the sudo package was installed successfully
   • dpkg -l list packages matching given pattern ('dpkg', package manager for Debian)
   • grep print lines that match patterns

Configuration

1. usermod -aG sudo <username>
   usermod modify a user account
   -a, --append add the user to the supplementary group(s); use only with the -G option
   -G, --groups a list of supplementary groups which the user is also a member of
2. visudo edit the sudoers file
3. Add <username> ALL=(ALL) ALL under #User Privilege section
4. Save and close
5. reboot

3.7. Vim · installation

Vi Improved (Vim) is a highly configurable text editor built to make creating and changing any kind of text very efficient; it is upwards compatible to Vi

sudo apt install vim

3.8. Groups and Users · creation & configuration

• sudo groupadd <group-name> create a group with specified <group-name>
• sudo usermod -aG <group-name> <username> add user to group
• getent group <group-name>check group users
  • getent group check groups

3.9. Secure Shell (SSH) · installation & configuration

1. sudo apt install openssh-server
2. sudo vim /etc/ssh/sshd_config
3. edit the text, replacing
   • # Port 22 with Port 4242 ﹡
   • and #PermitRootLogin prohibit-password with PermitRootLogin no to prohibit SSH login as root, regardless of authentication mechanism
4. sudo vim /etc/ssh/ssh_config
5. edit the text, replacing # Port 22 by Port 4242 ﹡
6. sudo service ssh restart

﹡ ⚠️ see subject requirements

3.10. Uncomplicated Firewall (UFW) · installation & configuration

1. sudo apt-get install ufw
2. sudo ufw enable
3. sudo ufw allow <service/port>
4. sudo ufw status numbered

Port forwarding

5. Go to VirtualBox interface
6. Select chosen VM
7. Go to Settings → Network → Adapter 1 → Advanced → Port Forwarding → +
   • Name: SSH
   • Protocol: TCP
   • Host Port: 4242
   • Guest Port: 4242
   → Ok → Ok

3.11. SSH · connection to a physical machine

VM

5. Start VM
6. Login into the system
7. hostname -I check IP address
   • hostname show or set the system's host name
   • -I, --all-ip-addresses display the IP address(es) of the host
8. Execute sudo vim /etc/network/interfaces
9. Edit text
   • Change allow-hotplug enp0s3 to auto enp0s3
     • allow-hotplug manage interface on various condition changes
     • auto bring up interface with provided configuration during boot time or interface link up event
   • Change iface enp0s3 inet dhcp to iface enp0s3 inet static
     • dhcp Dynamic Host Configuration Protocol
   • Add
     address <ip-address>
netmask 255.255.0.0
gateway 10.11.254.254
dns 10.11.254.254

Physical machine

10. Open terminal on physical machine and execute
    ssh <VM-username>@<VM-ip-address> -p 4242
11. logout to terminate an SSH session, or, alternatively, exit to close the connection

3.12. sudo policy & log · configuration

1. sudo visudo
   • visudo edit the sudoers file
2. Add the following Defaults to the file
   • Defaults passwd_tries=3
     • passwd_tries total ammount of tries for entering 'sudo' password
   • Defaults badpass_message="Wrong password. Try again:"
     • badpass_message message to be printed on wrong password scenario
   • Defaults logfile="/var/log/sudo/sudo.log"
     • logfile set custom log file for 'sudo'
   • Defaults log_input, log_output
     • log_input, log_output what will be logged
   • Defaults requiretty
     • requiretty enables 'sudo' invocation from a real TTY but not through methods such as 'cron' or 'cgi-bin'
   • Defaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin"
     • secure_path the path used for every command run with 'sudo'

3.13. Password policy · setup & configuration

Configure shadow password suite

1. sudo vim /etc/login.defs
2. Set
   PASS_MAX_DAYS to 30﹡
   PASS_MIN_DAYS to 2﹡
   PASS_WARN_AGE to 7﹡
3. Save and close

﹡ ⚠️ see subject requirements

Update password policy for already created user

• chage -M 30 -m 2 -W 7 <username>
  • chage change user password expiry information
  • -M, --maxdays set the maximum number of days during which a password is valid
  • -m, --mindays set the minimum number of days between password changes
  • -W, --warndays set the number of days of warning before a password change is required


• or, alternatively, passwd -x 30 -n 2 -w 7 <username>
  • passwd change user password
  • -x, --maxdays set the maximum number of days a password remains valid
  • -n, --mindays set the minimum number of days between password changes
  • -w, --warndays set the number of days of warning before a password change is required

Install pwquality

pwquality is a PAM module to perform password quality checking

sudo apt-get install libpam-pwquality

Configure pwquality

1. sudo vim /etc/pam.d/common-password
2. Edit the pam_pwquality.so line, by adding
   retry=3 minlen=10 ucredit=-1 dcredit=-1 lcredit=-1 maxrepeat=3 reject_username difok=7 enforce_for_root next to it
   • retry number of retries
   • minlen minimum number of characters a password must contain
   • ucredit (upper credit) password must contain at least/at most 'n' uppercase characters
     • - defines the lower bound
     • + defines the upper bound
   • dcredit (digit credit) password must contain at least/at most 'n' digits
   • lcredit (lower credit) password must contain at least/at most 'n' lowercase characters
   • maxrepeat password must not repeat same character consecutively more than 'n' number of times
   • reject_username password must not contain username
   • difok the minimum number of characters that must be different from the old password
   • enforce_for_root implement password policy to root
3. Save and exit

---

4. Monitoring script

Crontab

Crontab stands for crontable, and consists of a list of commands that are to be run on a regular schedule

1. Check whether Crontab is installed
   • ls /var/spool/cron/ should display crontabs, since that is where crontab files are stored

monitoring.sh & sleep.sh

2. cd /usr/local/bin/ this is the default installation location when a user builds and installs an executable application independently
3. sudo vim monitoring.sh create and edit 'monitoring.sh' file
   • monitoring.sh
4. sudo vim sleep.sh create and edit 'sleep.sh' file
   • sleep.sh
5. sudo chmod 744 monitoring.sh sleep.sh
6. sudo visudo open sudoers config file
7. Add the following lines, that will allow corresponding scripts to run when the user's session starts:
   <username> ALL=(ALL) NOPASSWD: /usr/local/bin/sleep.sh
<username> ALL=(ALL) NOPASSWD: /usr/local/bin/monitoring.sh
8. Save and exit
9. sudo reboot
10. sudo /usr/local/bin/monitoring.sh

Crontab

11. sudo crontab -u root -e open crontab config file
12. Add the following line to the end of the file:
    */10 * * * * /usr/local/bin/sleep.sh; /usr/local/bin/monitoring.sh,
    to sequencially run 'sleep.sh' and 'monitoring.sh' every 10 minutes
13. sudo crontab -u root -l view the list of scheduled cron jobs for the root user

---

5. WordPress · website setup

5.1. Lighttpd · installation and setup

Lighttpd (pronounced /lighty/) is a web server that has been optimized for high-performance environments

1. sudo apt install lighttpd
2. dpkg -l | grep lighttpd
3. sudo ufw allow 80
   • Port 80 is the port number assigned to commonly used internet communication protocol, Hypertext Transfer Protocol (HTTP); it is the default network port used to send and receive unencrypted web pages
4. sudo ufw status

Port forwarding

5. Go to VirtualBox interface
6. Select chosen VM
7. Go to Settings → Network → Adapter 1 → Advanced → Port Forwarding → +
   • Name: UFW
   • Protocol: TCP
   • Host Port: 80
   • Guest Port: 80
   → Ok → Ok

5.2. MariaDB · installation and configuration

MariaDB is an open-source relational database

1. sudo apt install mariadb-server
2. dpkg -l | grep mariadb-server
3. sudo mysql_secure_installation launch the interactive script for removing insecure default settings
   • Enter current password for root (enter for none): Enter – ⚠️ do not confuse database root with system root
   • Switch to unix_socket authentification [Y/n] n
   • Change root password? [Y/n] n
   • Remove anonymous users? [Y/n] Y
   • Disallow root login remotely? [Y/n] Y
   • Remove test database and access to it? [Y/n] Y
   • Reload privilege tables now? [Y/n] Y
4. sudo mariadb access the MariaDB console
5. CREATE DATABASE <database-name> ;
6. GRANT ALL ON <database-name>.* TO '<username-2>'@'localhost' IDENTIFIED BY '<password-2>' WITH GRANT OPTION; create a new database user and grant them full privileges on the database
7. FLUSH PRIVILEGES; apply changes and reload privileges
8. exit exit MariaDB shell

Check

• mariadb -u <username-2> -p confirm whether the database user was successfully created
  • Enter password: <password-2>
• SHOW DATABASES; check whether the database user has access to the database
• exit

5.3. PHP · installation

PHP is a general-purpose scripting language that is especially suited to web development

1. sudo apt install php-cgi php-mysql
2. dpkg -l | grep php

5.4. WordPress · download and configuration

WordPress is an open-source content management system

1. sudo apt install wget
2. sudo wget http://wordpress.org/latest.tar.gz -P /var/www/html
3. sudo tar -xzvf /var/www/html/latest.tar.gz
4. sudo rm /var/www/html/latest.tar.gz
5. sudo cp -r wordpress/* /var/www/html
6. sudo rm -rf wordpress
7. sudo cp /var/www/html/wp-config-sample.php /var/www/html/wp-config.php
8. sudo vim /var/www/html/wp-config.php
   • Fill in the following fields with specified information
     • define( 'DB_NAME', '<database-name>' );
     • define( 'DB_USER', '<username-2>' );
     • define( 'DB_PASSWORD', '<password-2>' );
9. Save and exit

5.5. Lighttpd · configuration

1. sudo lighty-enable-mod fastcgi
2. sudo lighty-enable-mod fastcgi-php
3. sudo service lighttpd force-reload

5.6. WordPress · installation

1. Open a browser window
2. Enter localhost or 127.0.0.1 on the URL bar
3. Name the site
4. Add a <password> and <email address>
5. Click on Install Wordpress
6. Login and configure WordPress

---

References & further reading

• Linux man pages
• debian website accessed 23 Jan. 2024
• Rocky Linux website accessed 23 Jan. 2024
• sudo accessed 25 Jan. 2024

Born2beRoot Guides

• mota494's Born2beRoot (Mandatory) accessed 25 Jan. 2024
• PedroZappa's Born2beRoot (Mandatory + Bonus: UnrealIRCd + Weechat) accessed 25 Jan. 2024
• rphlr's Born2beRoot (Mandatory + Bonus: FTP + Fail2ban) accessed 25 Jan. 2024

---

License

This work is published under the terms of 42 Unlicense.

⬆ back to top