This project introduces the student to the wonderful world of virtualization. It was possible to choose between Debian
and CentOS
to be set up in VirtualBox
. By July 26th 2022, this project was done in Debian
with its most recent stable release (v11.4) since it's easier for first-time travelers learning this topic and it receives a lot of updates and new features.
For the bonus implementation, fail2ban was set up. It's a service that bans IPs after malicious signs, i.e. too many password failures.
-
✅ Create at least 2 encrypted partitions using LVM.
-
✅ A SSH service will be running on port 4242 only. It must not be possible to connect using SSH as root.
-
✅ Configure UFW firewall to leave only port 4242 open.
-
✅ Implement a strong password policy, that comply with the following requirements:
- The password has to expire every 30 days.
- The minimum number of days allowed before the modification of a password will be set to 2.
- The user has to receive a warning message 7 days before their password expires.
- The password must be at least 10 characters long. It must contain an uppercase letter, a lowercase letter, and a number. Also, it must not contain more than 3 consecutive identical characters.
- The password must not include the name of the user.
- The following rule does not apply to the root password: The password must have at least 7 characters that are not part of the former password.
- The
root
password has to comply with this policy.
-
✅ Install and configure
sudo
following strict rules, that comply with the following requirements:- Authentication using
sudo
has to be limited to 3 attempts in the event of an incorrect password. - A custom message of your choice has to be displayed if an error due to a wrong password occurs when using
sudo
. - Each action using
sudo
has to be archived, both inputs and outputs. The log file has to be saved in the/var/log/sudo/
folder. - The TTY mode has to be enabled for security reasons.
- The paths that can be used by sudo must be restricted. For example:
/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin
- Authentication using
-
✅ In addition to
root
, auser
has to be present and it must belong touser42
andsudo
groups. -
✅ Create a script developed in
bash
that display some operating system information every 10 minutes since server startup.
- ✅ Set up
root
,swap
,home
,var
,srv
,tmp
andvar--log
encrypted partitions using LVM. - ✅ Set up a functional WordPress website with the following services:
lighttpd
,MariaDB
andPHP
. - ✅ Set up a service of your choice that you think is useful (NGINX / Apache2 excluded!).
-
Books:
- SIQUEIRA, Luciano. Certificação LPI-1 101-102. Rio de Janeiro, 2015.
- SILBERSCHATZ, Abraham; GALVIN, Peter; GAGNE, Peter. Fundamentos de sistemas operacionais. 2015.
-
About Debian bugs:
-
About important necessary concepts to do the project:
- Sudoer manual
- What is LVM (Logical Volume Management), and what are its Benefits? by Karim Buzdar.
- A Linux user's guide to Logical Volume Management by David Both
- What is ModRewrite? by Seobility Wiki.
- What is SEO Friendly? by Seobility Wiki.
- What is CPU load average? by Tenable Community.
- How to Use SCP Command to Securely Transfer Files by Linuxize.
- What is the real difference between apt and aptitude? by Gunjit Khera.
- Best Brazilian resource about shell: https://aurelio.net/shell/
- Understanding Crontab in Linux With Examples by Christopher Murray.
- Understanding lsblk output by Stack Overflow.
- Debian 10 Manual Partition for /boot, /swap, root, /home, /tmp, /srv, /var, /var/mail, /var/log by Techencyclopedia.
- Types of Hard Drives – SATA, PATA, SCSI, and SSD by Kolade Chris.
- About mounting points size by Official Debian GNU/Linux Installation Guide.
-
Guides from other students that really helped:
- Born2beroot: 42 school project by Baigalmaa Baatar.
- 42cursus - Born2beroot by hanshazairi.
- CentOS Linux 8 Guide by caroldaniel.
-
About the bonus project:
- Born2beroot VB VM Installation (Bonus) by hanshazairi.
- How to install WordPress on Lighttpd web server - Ubuntu 20.04/18.04 Heyan Maurya.
- How to Install WordPress with Lighttpd Web Server on Ubuntu 20.04 by Hitesh Jethva.
- How To Reset Your MySQL or MariaDB Root Password by Mateusz Papiernik.
- Fail2ban no Debian: instalação e configuração by Diego Mendes Rodrigues.