Introduction

This project introduces the student to the wonderful world of virtualization. It was possible to choose between Debian and CentOS to be set up in VirtualBox. By July 26th 2022, this project was done in Debian with its most recent stable release (v11.4) since it's easier for first-time travelers learning this topic and it receives a lot of updates and new features.

For the bonus implementation, fail2ban was set up. It's a service that bans IPs after malicious signs, i.e. too many password failures.

Requirements

Mandatory:

• ✅ Create at least 2 encrypted partitions using LVM.

• ✅ A SSH service will be running on port 4242 only. It must not be possible to connect using SSH as root.

• ✅ Configure UFW firewall to leave only port 4242 open.

• ✅ Implement a strong password policy, that comply with the following requirements:

  • The password has to expire every 30 days.
  • The minimum number of days allowed before the modification of a password will be set to 2.
  • The user has to receive a warning message 7 days before their password expires.
  • The password must be at least 10 characters long. It must contain an uppercase letter, a lowercase letter, and a number. Also, it must not contain more than 3 consecutive identical characters.
  • The password must not include the name of the user.
  • The following rule does not apply to the root password: The password must have at least 7 characters that are not part of the former password.
  • The root password has to comply with this policy.

• ✅ Install and configure sudo following strict rules, that comply with the following requirements:

  • Authentication using sudo has to be limited to 3 attempts in the event of an incorrect password.
  • A custom message of your choice has to be displayed if an error due to a wrong password occurs when using sudo.
  • Each action using sudo has to be archived, both inputs and outputs. The log file has to be saved in the /var/log/sudo/ folder.
  • The TTY mode has to be enabled for security reasons.
  • The paths that can be used by sudo must be restricted. For example: /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin

• ✅ In addition to root, a user has to be present and it must belong to user42 and sudo groups.

• ✅ Create a script developed in bash that display some operating system information every 10 minutes since server startup.

Bonus:

• ✅ Set up root, swap, home, var, srv, tmp and var--log encrypted partitions using LVM.
• ✅ Set up a functional WordPress website with the following services: lighttpd, MariaDB and PHP.
• ✅ Set up a service of your choice that you think is useful (NGINX / Apache2 excluded!).

References

• Books:

  • SIQUEIRA, Luciano. Certificação LPI-1 101-102. Rio de Janeiro, 2015.
  • SILBERSCHATZ, Abraham; GALVIN, Peter; GAGNE, Peter. Fundamentos de sistemas operacionais. 2015.

• About Debian bugs:

  • Debian error message: "Unable to find LVM volume", but then boots successfully by Stack Exchange

• About important necessary concepts to do the project:

  • Sudoer manual
  • What is LVM (Logical Volume Management), and what are its Benefits? by Karim Buzdar.
  • A Linux user's guide to Logical Volume Management by David Both
  • What is ModRewrite? by Seobility Wiki.
  • What is SEO Friendly? by Seobility Wiki.
  • What is CPU load average? by Tenable Community.
  • How to Use SCP Command to Securely Transfer Files by Linuxize.
  • What is the real difference between apt and aptitude? by Gunjit Khera.
  • Best Brazilian resource about shell: https://aurelio.net/shell/
  • Understanding Crontab in Linux With Examples by Christopher Murray.
  • Understanding lsblk output by Stack Overflow.
  • Debian 10 Manual Partition for /boot, /swap, root, /home, /tmp, /srv, /var, /var/mail, /var/log by Techencyclopedia.
  • Types of Hard Drives – SATA, PATA, SCSI, and SSD by Kolade Chris.
  • About mounting points size by Official Debian GNU/Linux Installation Guide.

• Guides from other students that really helped:

  • Born2beroot: 42 school project by Baigalmaa Baatar.
  • 42cursus - Born2beroot by hanshazairi.
  • CentOS Linux 8 Guide by caroldaniel.

• About the bonus project:

  • Born2beroot VB VM Installation (Bonus) by hanshazairi.
  • How to install WordPress on Lighttpd web server - Ubuntu 20.04/18.04 Heyan Maurya.
  • How to Install WordPress with Lighttpd Web Server on Ubuntu 20.04 by Hitesh Jethva.
  • How To Reset Your MySQL or MariaDB Root Password by Mateusz Papiernik.
  • Fail2ban no Debian: instalação e configuração by Diego Mendes Rodrigues.