This school 42 project is the second project of the network administration branch. This project is about installing a server on a Virtual Machine, discovering the basics of system and network administration, and getting to know how to configure a web server, and lots of other services.
I tried to automatize the creation and the configuration of the VM as much as I could, in 3 steps:
- Run the script test_script.sh:
./test_script.sh - It will ask for the name of the VM (e.g. "new_VM"), the size of the hard drive (e.g. 8 GB), of the RAM (e.g. 4 GB) and the VRAM (e.g. 16 MB).
- The new VM is now added in VirtualBox:
The new VM can now be launched in order to install Debian.
A preseed configuration file contains all the instructions that will be needed by the installer, for each part of the installation: keyboard configuration, creation of a new user, partitioning...
Among all these instructions, the following will particularly make the step 3 easier:
- The packages openssh-server and sudo are installed
- A non-root user pertaining to the group sudo has been created
- The file /etc/apt/sources.list is configured so that new packages can be installed instantly without having to do any further changes to this file
Please refer to the file preseed.cfg for more details.
- To install Debian using a preseed configuration file, choose the option « Advanced » then « Automated install ».
- Then you should indicate at the bottom of the page a URL to your file. After you pressed enter, the installation will be made automatically, without you having to type anything.
Ansible is an open source automation tool that can be used for configuration management, among other things. It connects to your remote server via SSH and automatically carries out its tasks on this server.
Tasks are automatized thanks to scripts that are written in YAML and that contains all the tasks Ansible will need to do. These tasks are based on Ansible modules, which are standalone scripts that do some work on the remote server.
Here is an example of two tasks, the first one installs zsh on the remote server, and the second one changes the default shell of the user agardina to zsh:
Since there a are a lot of tasks to do, they are grouped inside "roles", in order to have a clear organization. For instance, there is a role for the SSH configuration, another one for the Apache2 configuration, etc. Each role contains the "sub" tasks to do.
All the roles are listed in the playbook, which is the main configuration file which also contains the information needed by Ansible to be able to work, such as the host to configure, or some variables that will be used during the configuration.
The playbook is basically the scenario Ansible will have to follow.
Please refer to the file ansible/playbook.yml for more details.
This list corresponds to the requirements of the project.
- Find the SSH port configured on the remote machine (if it is the first configuration attempt the SSH port is 22, if not it is 2222)
- Install and configure zsh
- Configure SSH
- Install and configure apache2
- Deploy the website to the web server (the example website used in this project can be found here)
- Install and configure PSAD (Port Scan Attack Detector)
- Install and configure iptables (firewall)
- Install and configure fail2ban (to prevent DOS attacks, among othet things)
- Deactivate a few useless services
- Add scripts to update packages automatically with cron
- Configure network
Please refer to the files in the folder ansible/roles/ for more details.
- When the VM has rebooted, login as root or as the user you created.
- Then find the IP address of the VM using the command
ip addr(e.g. 192.168.1.49) - Add it to your Ansible hosts file on your local machine. The hosts file contains the list of the remote servers on which you want to perform actions.
- Copy the SSH public key of your local machine to your remote server:
ssh-copy-id -i ~/.ssh/id_rsa.pub user@server_IP_address - You are now ready to configure your server automatically with Ansible using the following command:
ansible-playbook -i path/to/your/ansible/hosts/file path/to/your/Ansible/playbook