/* ************************************************************************** */
/* */
/* ::: :::::::: */
/* installation_and_setup.md :+: :+: :+: */
/* +:+ +:+ +:+ */
/* By: abouazi <[email protected]> +#+ +:+ +#+ */
/* +#+#+#+#+#+ +#+ */
/* Created: 2022/05/01 02:34:09 by abouazi #+# #+# */
/* Updated: 2022/05/01 02:34:10 by abouazi ### ########.fr */
/* */
/* ************************************************************************** */
- New: To create a new virtual OS
- Name: descriptive name of the virtual machine
- Machine Folder: The destination folder for the new virtual machine image. (note: do not forget to choose goinfree path)
- Type: Linux
- Version: Debian (64-bit)
- Memory size: Select of RAM to be allocated.
- Hard disk:
- Create a virtual hard disk now.
- Hard disk file type:
- VDI (VirtualBox Disk Image) < choose this.
- VHD (Virtual Hard Disk)
- VMDK (Virtual Machine Disk)
- Storage on physical hard disk:
- Dynamically allocated: the new virtual hard disk file should grow as it is used
- Fixed size
- File location and size:
- Select the size of the virtual hard disk.
- Go to Settings > Storage > Controller: IDE > Empty > Attributes > Optical Drive
- & choose the iso file of the OS.
- Start.
- You can scale the screen from: View > Virtual Screen.
- Click the windows botton when u want to move the mouse from the virtual machine to your desktop.
- Basic Configuration:
- Hotname: 42
- Domain name: anything..
- Root password:
- Full name for the new user:
- Username for your account:
- Password for the new user:
- Partition disks:
- Manual
- SCSI3 (0, 0, 0) (sda) - 32.2 GB ATA VBOX HARDDISK
- Create new empty partition table on this device? (yes)
- sda1:
- Select the FREE SPACE
- Create a new partition
- New partition size: 500M
- Type for the new partition: Primary
- Location for the new partition: Beginning
- Partition settings > Mount point > boot > done setting up the partition.
- sda5:
- Select the FREE SPACE
- Create a new partition
- New partition size: max
- Type for the new partition: Logical
- Partition settings > Mount point > Do not mount it > done setting up the partition.
- Configure encrypted valumes:
- Write the changes to disk and configure encryptedd volumes? (yes)
- Create encrypted valumes
- Devices to encrypt: (sda5)
- Done setting up the partition
- Finish
- Really erase the data on sda5? (yes)
- Encryption passshrase: Born2beRoot
- Configure the Logical Volume Manager (LVM):
- Write the changes to disks and configure LVM? (yes)
- Create volume group
- Volume group name: LVMGroup
- Devices for the new volume group: /dev/mapper/sda5_crypt
- LVM configuration action: Create logical volume > Volume group: LVMGroup > Logical volume name: root > size: 10GB
- LVM configuration action: Create logical volume > Volume group: LVMGroup > Logical volume name: swap > size: 2.3GB
- LVM configuration action: Create logical volume > Volume group: LVMGroup > Logical volume name: home > size: 5GB
- LVM configuration action: Create logical volume > Volume group: LVMGroup > Logical volume name: var > size: 3GB
- LVM configuration action: Create logical volume > Volume group: LVMGroup > Logical volume name: srv > size: 3GB
- LVM configuration action: Create logical volume > Volume group: LVMGroup > Logical volume name: tmp > size: 3GB
- LVM configuration action: Create logical volume > Volume group: LVMGroup > Logical volume name: var-log > size: 4GB
- Finish
- Editing partitions:
- Choose "home" partition > how to use this partition? : Ext4 > Mount point: home > Done.
- Choose "root" partition > how to use this partition? : Ext4 > Mount point: root> Done.
- Choose "srv" partition > how to use this partition? : Ext4 > Mount point: srv> Done.
- Choose "swap" partition > how to use this partition? : Swap erea > done.
- Choose "var" partition > how to use this partition? : Ext4 > Mount point: var > Done.
- Choose "var-log" partition > how to use this partition? : Ext4 > Mount point: Manually > var/log > Done.
- Finish partitioning and write changes to disk. > (yes)
- Scan extra installation media? (No)
- Choose software to install: "remove all"
- Install the GRUB boot loader to your primary drive? (yes)
- Device for boot loader installation: /dev/sda
- Installation complete
- Switch to root and its enviroment:
su rootorsu - - Install sudo:
apt install sudo - Verify installation:
dpkg -l | grep sudo - Add 'user' to sudo group:
adduser <username> sudo - Verify whether user was added:
getent group sudo rebootfor changes to take effect- Verify sudopowers:
sudo -v - From here on out, run root-privileged commands via prefix
sudo - Configuring sudo:
sudo visudo:- To change visudo editor from nano to vim:
sudo update-alternatives --config editor - To limit authentication using sudo to 3 attempts in the event of an incorrect password:
Defaults passwd_tries=3 - To add a custom error message in the event of an incorrect password:
Defaults badpass_message="<custo-error-message>"orDefaults insults - To archive all sudo inputs & outputs to
/var/log/sudo:Defaults log_input, log_output&&Defaults logfile=/var/log/sudo/sudo.log&&Defaults iolog_dir="/var/log/sudo" - To require TTV:
Defaults requiretty - To set sudo paths:
Defaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin"
- To change visudo editor from nano to vim:
- U can delete a user using
userdelcommand and delete a group usinggroupdelcommand.
- Install openssh-server:
sudo apt install openssh-server - Verify installation:
dpkg -l | grep ssh - Configure SSH:
sudo vim /etc/ssh/sshd_config- To set up SSH using Port 4242 replace the following like with 4242:
13 #Port 22with13 Port 4242 - To disable SSH login as root irregardless of authentication mechanism replace:
32 #PermitRootLogin prohibit-passwordwith32 PermitRootLogin no - Check SSH status:
sudo service ssh statusorsystemctl status ssh
- To set up SSH using Port 4242 replace the following like with 4242:
- Install ufw:
sudo apt install ufw - Verify installaiton:
dpkg -l | grep ufw - Enabe FireWall:
sudo ufw enable - Allowing incomming connections using Port 4242:
sudo ufw allow 4242 - Check UFW status:
sudo ufw status
- SSH into your virtual machine using Port 4242:
ssh <username>@<ip> -p 4242 - Terminate SSH session at any time with:
logoutorexit
- Configure password age policy:
sudo vim /etc/login.defs - To set password to expire every 30 days replace
160 PASS_MAX_DAYS 99999with160 PASS_MAX_DAYS 30 - To set minimum number of days between password changes to 2 days replace
161 PASS_MIN_DAYS 0with161 PASS_MAX_DAYS 2 - To send user a warning message 7 days before password expire:
162 PASS_WARN_AGE 7 - Note that you have to change password age for
rootand your<login>42account using:sudo chage <username>
- To set up policies in relation to password strength, install:
sudo apt install libpam-pwquality - Verify installation:
dpkg -l | grep libmap-pwquality - Configure password strength policy via:
sudo vim /etc/pam.d/common-password - Specifically the followin line:
25 password requisite pam_pwquality.so retry=3 - To set password minimum length to 10 characters, add the following option to the above line:
minlen=10 - To require password to contain at least an uppercase character and a numeric character:
ucredit=-1 dcredit=-1 - To set a maximum of 3 consecutive identical characters:
maxrepeat=3 - To reject the password if it contains in some form:
reject_username - To set the number of changes required in the new password from the old password to 7:
difok=7 - To implement the same policy on root:
enforce_for_root - Finally, it should look like the bellow:
password requisite pam_pwquality.so retry=3 minlen=10 ucredit=-1 dcredit=-1 maxrepeat=3 reject_username difok=7 enforce_for_root
- To set the minimum number of days between password change:
- Create a new user:
sudo adduser <username> - Verify whether user was successfully created:
getent passwd <username> - Verify newly-created user's password expire information:
sudo chage -l <username>
- Create new user42 group:
sudo addgroup user42 - Add user to user42 group:
sudo adduser <username> user42 - Verify whether user was successfully added to user42 group:
getent group user42
- Configure cron as root:
sudo crontab -u root -e - To schedule a shell script to run every 10 minutes replace:
23 # m h dom mon dow commandwith23 */10 * * * * sh /path/to/script - Check root's scheduled cron jobs:
sudo crontab -u root -l
- Install lighttpd:
sudo apt install lighttpd - Verify installation:
dpkg -l | grep lighttpd - Allow incoming connections using port 80:
sudo ufw allow 80 - Configure Lighttpd: Enable below modules
$ sudo lighty-enable-mod fastcgi
$ sudo lighty-enable-mod fastcgi-php
$ sudo service lighttpd force-reload
- Check the lighty status:
systemctl status lighttpd.service - In case it failed to activate/start use:
sudo apt install --reinstall lighttpd
- install mariadb:
sudo apt install mariadb-server - verify installation:
dpkg -l | grep mariadb-server - start intractive script to remove insecure default settings:
$ sudo mysql_secure_installation
Enter current password for root (enter for none): #Just press Enter (do not confuse database root with system root)
Set root password? [Y/n] n
Remove anonymous users? [Y/n] Y
Disallow root login remotely? [Y/n] Y
Remove test database and access to it? [Y/n] Y
Reload privilege tables now? [Y/n] Y
- Log in to MariaDB console:
sudo mariadb - Create new database:
CREATE DATABASE <database-name>; - Create new database user and grant them full privileges on the newly-created database:
GRANT ALL PRIVILEGES ON database-name.* to 'username'@'localhost' IDENTIFIED BY 'password'; - Flush the privileges:
FLUSH PRIVILEGES; - Exit MariaDB shell:
exit - Verify whether database user was successfully created:
mariadb -u <username> -p(then enter the password from previous step) - Confirm whether database user has access to the database:
SHOW DATABASES;
MariaDB [(none)]> SHOW DATABASES;
+--------------------+
| Database |
+--------------------+
| <database-name> |
| information_schema |
+--------------------+
- Exit the MariaDB shell:
exit - Note: In case you want to remove MariaDB -> https://askubuntu.com/questions/806107/remove-mariadb-mysql-databases/806441#806441
- Install:
sudo apt install php-cgi php-mysql php7.4 - Verify installation:
dpkg -l | grep php
- Install wget:
sudo apt install wget - Download WordPress to
/var/www/html:sudo wget http://wordpress.org/latest.tar.gz -P /var/www/html - Extract downloaded content:
sudo tar -xzvf /var/www/html/latest.tar.gz - Remove tarball:
sudo rm /var/www/html/latest.tar.gz - Copy content of
/var/www/html/wordpressto/var/www/html:sudo cp -r /var/www/html/wordpress/* /var/www/html - Remove wordpress directory:
sudo rm -rf /var/www/html/wordpress - Create WordPress configuration file from its sample:
sudo cp /var/www/html/wp-config-sample.php /var/www/html/wp-config.php - Configure WordPress to reference previously-created MariaDB database & user:
sudo vim /var/www/html/wp-config.php - Add your prevously created database:
23 define( 'DB_NAME', 'database_name_here' );^M
26 define( 'DB_USER', 'username_here' );^M
29 define( 'DB_PASSWORD', 'password_here' );^M
- Install FTP:
sudo apt install vsftpd - Verify installation:
dpkg -l | grep vsftpd - Allow incomming connections using Port 21:
sudo ufw allow 21 - Configure vsftpd:
sudo vim /etc/vsftpd.conf - To enable any form of FTP write command, uncomment
31 #write_enable=YES - To set root folder for FTP-connected user to
/home/<username>/ftpadd below lines:
$ sudo mkdir /home/<username>/ftp
$ sudo mkdir /home/<username>/ftp/files
$ sudo chown nobody:nogroup /home/<username>/ftp
$ sudo chmod a-w /home/<username>/ftp
$ user_sub_token=$USER
$ local_root=/home/$USER/ftp
- To prevent user from accessing files or using commands outside the directory tree, uncomment:
114 $chroot_local_user=YES - To whitelist FTP, add below lines:
$ sudo vi /etc/vsftpd.userlist
$ echo <username> | sudo tee -a /etc/vsftpd.userlist
$ enable=YES
$ userlist_file=/etc/vsftpd.userlist
$ userlist_deny=NO
- FTP into your virtual machine:
ftp <ip-address> - Or:
sftp -P <port> <username>@<ip-address>