In [None]:
%%writefile sYs_aDmin.md

**#Build an Internet of Things server with a Rasberry Pi**

This notebook will cover building the install medium, GPIO testing and server configuration for the Rasberry Pi hardware development board.  


1. Verify the .iso file that was downloaded from source with md5sum.
>>$ wget
>>$ md5sum


2. Prepare install medium, usually a SD card or USB drive. 

>># gparted

>># dd


3. Boot up the system and ensure it is installed as expected.

>>$ raspi-config


4. Administer users 


5. Basic Networking


6. System Security


7. GPIO setup and testing


8. The Raspberry Pi as a local data or web server


9. Admin GUIs

In [None]:
%pwd

In [None]:
%ls -al

**## 3. Boot the System




**## 4. User Administration**

Setup the default user group assignment.

Debian defaults to giving each user their own groups with usually the same name, also known as User Private Groups.

Create a name for your new group that makes sense, such as *python-dev* or *dba_t3* if multiple users with be developing along with you.  
Robot users will have a very limited list of directories or files that they can r/w to, 

>>$ man passwd
>>'[user,group][add, mod,del]


Root access is administered by files in:

>>/etc/sudoers
>>
>>/etc/sudoers.d





Access Control Lists (ACL)
>>$ man acl
>>
>>$ man getacl
>>
>>$ man setacl
>>
>>$ man chacl
>>


##5. Basic Networking


Install a firewall with fwbuilder. Multiplatform compatible (Mac OS/X, BSD, Ciso)

Shorewall ## config with text files

IPTABLES was previously called IPCHAINS. Control the firewalling for the Linux server with these modules.  Filters can vary from open ports, IP addresses and services. 

Also monitors packet actions eg. incoming, bridging, forwarding, or NAT. Application site www.netfilter.org

**Open Inbound Ports**

Only allow what the server needs to operate properly, limit source addresses.  A remote system is asking for a new local service.


**Outbound Traffic**

Limit the number of new outbound requests, log analysis. Try to detect connections to remote c&c servers, facebook etc.


**Perimeter Network**

For high security systems place the external facing server or perimeter network between two firewalls, one for private internal and one for the internet. Perimeter servers should not be able to start connections with internal systems in high security environments.


In [1]:
!apt-cache search fwbuilder
#remotely connect to configurations and access-lists for multiple servers


fwbuilder - Firewall administration tool GUI
fwbuilder-common - Firewall administration tool GUI (common files)
fwbuilder-dbg - Firewall administration tool GUI (debugging symbols)
fwbuilder-doc - Firewall administration tool GUI documentation


In [1]:
!apt-cache search shorewall
#config with text files, no GUI

pyroman - Very fast firewall configuration tool
shorewall - Shoreline Firewall, netfilter configurator
shorewall-core - Shorewall core components
shorewall-doc - documentation for Shoreline Firewall (Shorewall)
shorewall-init - Shorewall initialization
shorewall-lite - Shorewall (lite version), a high-level tool for configuring Netfilter
shorewall6 - Shoreline Firewall (IPv6 version), netfilter configurator
shorewall6-lite - Shorewall (lite version with IPv6 support)


In [3]:
!apt-cache search arpwatch

arpalert - monitor ARP changes in ethernet networks
arpwatch - Ethernet/FDDI station activity monitor
ndpmon - IPv6 Neighbor Discovery Protocol Monitor


In [5]:
!apt-cache search bmon

In [7]:
!apt-cache search bwm-ng

bwm-ng - small and simple console-based bandwidth monitor


In [9]:
!apt-cache search darkstat

darkstat - network traffic analyzer


In [10]:
!apt-cache search dhclient

python-aodhclient - OpenStack Alarming as a Service - Python 2.7 client
python-aodhclient-doc - OpenStack Alarming as a Service - client doc
python3-aodhclient - OpenStack Alarming as a Service - Python 3.x client


In [13]:
!apt-cache search dstat #com

libcommons-dbcp-java - Database Connection Pooling Services
sysstat - system performance tools for Linux
dstat - versatile resource statistics tool
hobbit-plugins - plugins for the Xymon network monitor
libcommons-dbcp-java-doc - Database Connection Pooling Services - documentation
libghc-acid-state-dev - Haskell database library with ACID guarantees - GHC libraries
libghc-acid-state-doc - Haskell database library with ACID guarantees - documentation; documentation
libghc-acid-state-prof - Haskell database library with ACID guarantees - GHC profiling libraries; profiling libraries
nagios-plugins-contrib - Plugins for nagios compatible monitoring systems
python3-dugong - HTTP 1.1 client module for Python


In [14]:
!apt-cache search ethtool

ethtool - display or change Ethernet device settings
ifplugd - configuration daemon for ethernet devices
python-ethtool - Python bindings for the ethtool kernel interface
ruby-rethtool - partial wrapper around the SIOCETHTOOL ioctl


In [16]:
!apt-cache search host

In [None]:
!apt-cache search ifstat

In [None]:
!apt-cache search ngrep

In [None]:
!apt-cache search traceroute

In [None]:
!apt-cache search wireshark

**## 6. System Security**

Special Note :: The following code and instructions are for RESEARCH PURPOSES ONLY!. Do not implement the following in a production software environmentj without a code review.


1. Adding human and robot users, the Root account

2. Debian Hardening Packages

harden * installs harden-environment and harden-servers*
harden-clients
harden-environment
harden-nids
harden-servers
harden-tools

NIDS monitor network interfaces, after analysis of attack characteristices it creates alerts.


File Monitors, alerts for new, modified or deleted files.  Fine tune to detect changes for attacks.


System Scanners

rkhunter, chkrootkit, tiger, clamav




In [3]:
!apt-cache search rkhunter

forensics-all - Debian Forensics Environment - essential components (metapackage)
rkhunter - rootkit, backdoor, sniffer and exploit scanner
unhide - Forensic tool to find hidden processes and ports
unhide.rb - Forensic tool to find processes hidden by rootkits


In [4]:
!apt-cache search chkrootkit

chkrootkit - rootkit detector
rkhunter - rootkit, backdoor, sniffer and exploit scanner


In [None]:
!apt-cache search tiger

In [None]:
!apt-cache search clamav

In [None]:
!apt-cache search 

##GPIO Setup and Testing

In [None]:
!sudo apt install python-dev python-rpi.gpio python-smbus i2c-tools

In [None]:
%writefile unix_command_notes.py
#!/usr/bin/env python
#this is how a biologist dissects a python
#these are my personal notes from 
#UNIX in a Nutshell, by O'Reilly, 
#below are common commands listed in the introduction

print("Communication###############################', 
      '#' 
      '--cu.........Connect to UNIX system' 
      '--ftp........File transfer protocol'  
      '--login......Sign on to UNIX'  
      '--mailx......Read or send mail' 
      '--rlogin.....Sign on to Remote UNIX' 
      '--talk.......Write to other terminals'
      '--telnet.....Connect to another system'
      '--vacation...Respond to mail automatically'
      '--write......Write to other terminals'
      '#'
      'Comparisons################################'
      '--cmp........Compare two files'
      '--comm.......Compare items in files'
      '--diff.......Compare two files'
      '--diff3......Compare three files'
      '--dircmp.....Compare directories'
      '--sdiff......Comapre two files, side by side'
      '###'
      '##'
 'File Management###########################'
 '--cat........Join files or display them'
 '--cd.........Change directory'
 '--chmod......Change access modes on files'
 '--cp.........Copy files'
 '--csplit.....Break files at specific locations'
 "--file.......Determine a file's type"
 '--head.......Show the few first lines of a file'
 '--install....Set up system files'
 '--ln.........Create filename aliases'
 '--ls.........List files or directories'
 '--mkdir......Create a Directory'
 '--more.......Display files by screenfull'
 '--mv.........Move or remame files or directories'
 '--pwd........ your working directories'
 '--rcp........Copy files to remote system'
 '--rm.........Remove files'
 '--rmdir......Remove directories'
 '--split......Split files evenly'
 '--tail.......Show the last few lines of a file'
 '--wc.........Count lines, words, and charactes'
 '###'
 '##'
 'Miscellaneous##############################'
 '#'
 '--banner.....Make posters from words'
 '--bc.........Precision calculator'
 '--cal........Display calendar'
 '--calender...Check for reminders'
 '--clear......Clear the screen'
 '--kill.......Terminate a running command'
 '--man........Get information on a command'
 "--nice.......Reduce a job's priority"
 '--nohup......Preserve a job after logging out'
 '--passwd.....Set password'
 '--script.....Produce a transcript of your login session'
 '--spell......Report misspelled words'
 '--su.........Become the super user'
 '###'
 '##'
 'NETWORKING##################################'
 '#'
 '--cancel.....Cancel a er request'
 '--lp.........Send to er'
 '--lpstat.....Get er status'
 '--pr.........Format and paginate for ing'
 '###'
 '##'
 'COMPILE_DEBUG_PROGRAMMING###############################'
 '#'
 '--cb.........C source code "beautifer"'
 '--cc.........C compiler'
 '--cflow......C function flowchart'
 '--ctags......C function references'
 '--ctrace.....C debugger'
 '--cxref......C cross-reference'
 '--lint.......C debugger'
 '--ld.........Link editor'
 '--lex........Lexical analyzer'
 '--make.......Execute commands in a specified order'
 '--od.........Dump input in various formats'
 '--sdb........Symbolic debugger'
 '--strip......Remove data from an object file'
 '--truss......Trace signams and system calls'
 '--yacc.......Compiler used with lex'
 '###'
 '##'
 'SEARCHING##################################'
 '#'
 '--egrep........Extended verion of grep'
 '--fgrep......Search files for literal words'
 '--find.......Serch the system for filenames'
 '--grep.......Search files for text patterns'
 '--strings....Search binary files for text patterns'
 '###'
 '##'
 'SHELL PROGRAMMING#####################'
 '#'
 '--echo.......Repeat input on the output'
 '--expr.......Perform arithmetic and comparisons'
 '--line.......Read a line of input'
 '--sleep......Pause during processing'
 '--test.......Test a conditon'
 '###'
 '##'
 'STORAGE###############################'
 '#'
 '--compress...Compress files to free up space'
 '--cpio.......Copy archives in or out'
 '--pack.......Pack files to free up space'
 '--pcat.......Display contents of packed files'
 '--tar........Tape archiver'
 '--uncompress.Expand compressed '"(.Z)"' files'
 '--unpack.....Expand packed '"(.z)"' files'
 '--zcat.......Display contents of compressed files'
 '###'
 '##'
 'SYSTEM STATUS#########################'
 '#'
 '--at.........Execute commands later'
 '--chgrp......Change file group'
 '--chown......Change file owner'
 '--crontab....Automate commands'
 '--date.......Display or set date'
 '--df.........Show free disk space'
 '--du.........Show disk usage'
 '--env........Show environmental variables'
 '--finger.....Point out information about users'
 '--iotop......Show read/writes to disk'
 '--ps.........Show processes'
 '--ruptime....Show loads on working systems'
 '--shutdown...Revert to single user mode'
 '--stty.......Set or display terminal settings'
 '--top........Show processes running'
 '--who........Show who is logged on'
 '###'
 '##'
 'TEXT PROCESSING#######################'
 '#'
 '--cut........Select columns for display'
 '--ex.........Line-editor underlying vi'
 '--fmt........Produce roughly uniform line lengths'
 '--fold.......Produce exactly uniform line lenghts'
 '--join.......Merge different columns into a database'
 '--nawk.......New awk, pattern-matching lang for db files'
 '--paste......Merge columns or switch order'
 '--sed........Noninteractive text editor'
 '--sort.......Sort or merge files'
 '--tr.........Translate (redefine) characters'
 '--uniq.......Find repeated or unique lines in a file'
 '--vi.........Visual text editor'
 '--xargs......Process many arguments in manageable portions'
 '###'
 '##'
 'BSD-derived sytems and System V########'
 '--BSD commands reside in your systems "/usr/ucb"'
 '--these commands have an existing counterpart'
 '--but the versions work slightly differently'
 '--If your PATH variable specifies "/usr/ucb" before'
 '--the SV command directies "e.g., /usr" you end up'
 '--running the BSD version of the command'
 '--LIST OF TWO VERSION COMMANDS########'
 '---basename, cc, chown, deroff, df, du, echo, groups'
 '---install, ld, ln, ls, ps, shutdown, stty, sum, test'
 '---tr, vacation'

")