Create a signature.txt
of the virtual machine image
sha1sum ~/VirtualBox\ VMs/Born2beRoot/Born2beRoot.vdi > signature.txt
A virtual machine uses software emulation of hardware to create an isolated environment on top of hardware where a separate system with its own OS can be run. Therefore allowing for things like running Debian inside a Mac.
It's easier to install and configure than CentOS (and I haven't used CentOS before). I use Ubuntu and Pop OS for personal use which are both Debian flavours and wanted to understand them more deeply.
CentOS vs Debian are two flavors of Linux operating systems. CentOS, as said above, is a Linux distribution. It is free and open-source. It is enterprise-class – industries can use meaning for server building; it is supported by a large community and is functionally supported by its upstream source, Red Hat Enterprise Linux. Debian is a Unix like computer operating system that is made up of open source components. It is built and supported by a group of individuals who are under the Debian project.
Debian uses Linux as its Kernel. Fedora, CentOS, Oracle Linux are all different distribution from Red Hat Linux and are variant of RedHat Linux. Ubuntu, Kali, etc., are variant of Debian. CentOS vs Debian both are used as internet servers or web servers like web, email, FTP, etc.
VMs may be deployed to accommodate different levels of processing power needs, to run software that requires a different operating system, or to test applications in a safe, sandboxed environment.
Aptitude is a higher-level package manager while APT is lower-level package manager which can be used by other higher-level package managers.
Aptitude is vaster in functionality than apt-get and integrates functionalities of apt-get and its other variants including apt-mark and apt-cache.
Check APPArmor status
sudo aa-status
AppArmor ("Application Armor") is a Linux kernel security module that allows the system administrator to restrict programs' capabilities with per-program profiles.
Profiles can allow capabilities like network access, raw socket access, and the permission to read, write, or execute files on matching paths.
- Script running every 10min
- No graphical user interface
- Password requested on boot up
- Login with
msousa
- Password must follow rules
sudo ufw status
sudo service ssh status
cat /etc/os-release | grep PRETTY_NAME
groups msousa
Password expiry: line 160 and 161.
vi /etc/login.defs
Password policy: line 25.
vi /etc/pam.d/common-password
sudo adduser new_user
Confirm it follows the password policy
vi /etc/pam.d/common-password
sudo addgroup evaluating
sudo adduser new_user evaluating
groups new_user
In theory, the main benefit of password complexity rules is that they enforce the use of unique passwords that are harder to crack. The more requirements you enforce, the higher the number of possible combinations of letters, numbers, and characters.
Password complexity rules try to enforce this “difficult to crack” requirement, but they aren’t always successful. This is partly to do with the diminishing returns involved in increasing complexity
How much better is a 15 character password than a 30 character password if hackers know that longer password is frequently used? And is it better if the user can’t remember the password? Password complexity only scales up to a certain point. Beyond a certain point, a complex password can be difficult to crack if the number of possible combinations is extremely high, but it can also be too complex to be useful to users.
uname -n
# or
hostname
sudo adduser new_user sudo
sudo login new_user
sudo vi /etc/hostname # change to new_user42
sudo reboot
sudo vi /etc/hostname # change to msousa42
sudo reboot
lsblk
NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT
sda 8:0 0 8G 0 disk
|-sda1 8:1 0 476M 0 part /boot
|-sda2 8:2 0 1K 0 part
`-sda5 8:5 0 7.5G 0 part
`-sda5_crypt 254:0 0 7.5G 0 crypt
|-LVMGroup-root 254:1 0 1.9G 0 lvm /
|-LVMGroup-swap 254:2 0 952M 0 lvm [SWAP]
|-LVMGroup-home 254:3 0 952M 0 lvm /home
|-LVMGroup-var 254:4 0 952M 0 lvm /var
|-LVMGroup-srv 254:5 0 952M 0 lvm /srv
|-LVMGroup-tmp 254:6 0 952M 0 lvm /tmp
`-LVMGroup-var--log 254:7 0 1G 0 lvm /var/log
sr0 11:0 1 1024M 0 rom
It works by chunking the physical volumes (PVs) into physical extents (PEs). The PEs are mapped onto logical extents (LEs) which are then pooled into volume groups (VGs). These groups are linked together into logical volumes (LVs) that act as virtual disk partitions and that can be managed as such by using LVM.
Logical volume management (LVM) is a form of storage virtualization that offers system administrators a more flexible approach to managing disk storage space than traditional partitioning. The goal of LVM is to facilitate managing the sometimes conflicting storage needs of multiple end users.
dpkg -l | grep sudo
sudo adduser new_user sudo
Sudo stands for SuperUser DO and is used to access restricted files and operations. By default, Linux restricts access to certain parts of the system preventing sensitive files from being compromised.
The sudo command temporarily elevates privileges allowing users to complete sensitive tasks without logging in as the root user.
apt-get update # Error 13: Permission denied
sudo apt-get update
vi /etc/sudoers.d/sudoconfig
sudo ls /var/log/sudo/
Has file seq
.
sudo ls /var/log/sudo/00/00
# run sudo command
sudo ls /var/log/sudo/00/00/<newfolder>
sudo cat /.../log # Input log
sudo cat /.../ttyout # Output log
sudo apt update
sudo ls /var/log/sudo/00/00 # should have new folder
dpkg -l | grep ufw
sudo ufw status
Uncomplicated Firewall is a program for managing a netfilter firewall designed to be easy to use. It uses a command-line interface consisting of a small number of simple commands, and uses iptables for configuration.
UFW aims to provide an easy to use interface for people unfamiliar with firewall concepts, while at the same time simplifies complicated iptables commands to help an administrator who knows what he or she is doing.
sudo ufw status | grep 4242
sudo ufw allow 8080
sudo ufw status
List rules numbered
sudo ufw status numbered
Delete rule
sudo ufw delete $NUMBER
dpkg -l | grep openssh-server
sudo service ssh status
Secure Shell (SSH) is a cryptographic network protocol for operating network services securely over an unsecured network. Typical applications include remote command-line, login, and remote command execution, but any network service can be secured with SSH.
SSH provides password or public-key based authentication and encrypts connections between two network endpoints. It is a secure alternative to legacy login protocols (such as telnet, rlogin) and insecure file transfer methods (such as FTP).
sudo service ssh status | grep listening
# or check configs
sudo vi /etc/ssh/sshd_config
sudo vi /etc/ssh/ssh_config
ssh msousa@127.0.0.1 -p 4242 # or
ssh msousa@0.0.0.0 -p 4242 # or
ssh msousa@localhost -p 4242
msousa@msousa42:~$ login root
login: Cannot possibly work without effective root
architecture=$(uname -a)
uname (short for unix name) is a computer program in Unix and Unix-like computer operating systems that prints the name, version and other details about the current machine and the operating system running on it.
physical_cpu=$(grep "physical id" /proc/cpuinfo | sort | uniq | wc -l)
# or
lscpu | grep "CPU(s)"
Use /proc/cpuinfo
file that lists CPUs.
If your processors are multi-core, you need to know how many virtual processors you have. You can count those by looking for lines that start with "processor".
virtual_cpu=$(grep -c ^processor /proc/cpuinfo)
-c
flag is a count on the grep
memory_usage=$(free -m | awk 'NR==2{printf "%s/%sMB (%.2f%%)\n", $3,$2,$3*100/$2 }')
total_disk=$(df -Bg | grep '^/dev/' | grep -v '/boot$' | awk '{ft += $2} END {print ft}')
df
disk utility, -Bg
displays in Gigabytes.
ft
is a variable name, END
stops the command from reaching the print until it has gone through all the lines.
Add-up total.
-v
flag on grep
returns non-matching lines.
used_disk=$(df -Bm | grep '^/dev/' | grep -v '/boot$' | awk '{ut += $3} END {print ut}')
-Bm
displays in Megabytes.
Add-up used.
percent_used_disk=$(df -Bm | grep '^/dev/' | grep -v '/boot$' | awk '{ut += $3} {ft+= $2} END {printf("%d"), ut/ft*100}')
Need to do the same as before but both in the same measuring unit to get a meaningful percentage.
cpu_load=$(top -bn1 | grep load | awk '{printf "%.2f%%\n", $(NF-2)}')
-b
flag for batch mode, allows to pipe output to file or another command.
-n1
flag for 1 interation.
NF
number of fields in the record (row), $(NF-2)
selects the thrid counting from the last.
last_boot=$(who -b | awk '$1 == "system" {print $3 " " $4}')
who -b
shows time of last system boot.
lvm_partitions=$(lsblk | grep -c "lvm")
Count lvm
type partitions from lsblk
command output.
lvm_is_used=$(if [ $lvm_partitions -eq 0 ]; then echo no; else echo yes; fi)
Conditional to check if previous variable is zero or not.
# [$ sudo apt-get install net-tools]
tcp_connections=$(cat /proc/net/sockstat{,6} | awk '$1 == "TCP:" {print $3}')
/proc/net/sockstat{,6}
fies include connections established count.
Find line where first is TCP:
and print third value which is the inuse
(in use) amount.
users_logged_in=$(w -h | wc -l)
w
- Show who is logged on and what they are doing.
-h
flag is without header.
Each line has info about a logged in user.
Count of lines is how many users logged in.
ipv4_address=$(hostname -I)
-I
flag to display IP address.
mac_address=$(ip link show | awk '$1 == "link/ether" {print $2}')
ip
util with link
object, then select line where link/ether
is and print second column: MAC address.
sudo_commands_count=$(journalctl _COMM=sudo | grep -c COMMAND)
If a file path refers to an executable script, a "_COMM=" match for the script name is added to the query.
The cron command-line utility, also known as cron job is a job scheduler on Unix-like operating systems. Users who set up and maintain software environments use cron to schedule jobs (commands or shell scripts) to run periodically at fixed times, dates, or intervals. It typically automates system maintenance or administration—though its general-purpose nature makes it useful for things like downloading files from the Internet and downloading email at regular intervals.
sudo crontab -e
Add following line
*/10 * * * * /home/monitoring.sh
Check print out in console.
sudo crontab -e
Add following line
*/1 * * * * /home/monitoring.sh
Remove the scheduling line on the crontab
sudo crontab -e
Remove following line/s
@reboot /home/monitoring.sh
*/1 * * * * /home/monitoring.sh
- Restart server
- Check script still exists in the same place
- Check that its rights have remained the same
- Check that it has not been modified