This Project consists of having you set up your first server by following specific rules. Dieses Projekt besteht darin, dass Sie Ihren ersten Server nach bestimmten Regeln einrichten.
source (Quelle) : https://www.notion.so/Born2beroot-ad4abe5d9e724c70bda4e113dde1ea59
6. Crontab
-
(and also)und auch Debian : https://www.debian.org/download
This video Explain you how to can installer Debian on VirtualBox without Probleme
(Dieses Video erklären Sie wie können Sie installer Debian auf VirtualBox ohne Ursachen): https://www.youtube.com/embed/OQEdjt38ZJA
- Switch to root and its environment
$ su -
-
Install sudo:
$ apt install sudo
-
if you want to verify whether sudo was successfully installed:
dpkg -l | grep sudo
-
Add user to sudo group
# adduser <username> sudo
-
or
usermod -aG sudo <username>
-
Verify whether user was successfully added to sudo group :
getent group sudo
-
for changes to take effect :
reboot
-
then log in and verify sudopowers :
sudo -v
-
Install openssh-server
sudo apt install openssh-server
-
Verify whether openssh-server was successfully installed:
dpkg -l | grep ssh
or youn can to check the status of the SSH service:
sudo systemctl status ssh
sudo vi /etc/ssh/sshd_config
-
To set up SSH using Port 4242.
13 #Port 22
to :
13 Prot 4242
-
Start and Stop the SSH Server
sudo service ssh start sudo service ssh stop
sudo apt install ufw
Verify whether ufw was successfully installed
dpkg -l | grep ufw
or check by command
sudo ufw status
Enable Firewall:
sudo ufw enable
Allow incoming connections using Port 4242:
sudo ufw allow 4242
hostname -I
IP adresse :
10.0.2.15
SSH into your virtual machine using Port 4242
ssh UserName@IPAddressHostname -p 4242
Exit:
logout
hostnamectl set-hostname yourname+42
refresh :
reboot
$ sudo nano /etc/login.defs
Your password has to expire every 30 days. Before ->
PASS_MAX_DAYS 99999
After ->
PASS_MAX_DAYS 30
The minimum number of days allowed before the modification of a password will be set to 2. Before ->
PASS_MIN_DAYS 0
After -> PASS_MIN_DAYS 2
The user has to receive a warning message 7 days before their password expires.
PASS_WARN_AGE 7
Verify newly-created user's password expiry information via sudo chage -l
.
$ sudo chage -l <username>
Last password change : <last-password-change-date>
Password expires : <last-password-change-date + PASS_MAX_DAYS>
Password inactive : never
Account expires : never
Minimum number of days between password change : <PASS_MIN_DAYS>
Maximum number of days between password change : <PASS_MAX_DAYS>
Number of days of warning before password expires : <PASS_WARN_AGE>
Your password must be at least 10 characters long. It must contain an uppercase letter, a lowercase letter, and a number. Also, it must not contain more than 3 consecutive identical characters.
To do this part you should install libpam-pwquality
$ sudo apt install libpam-pwquality
$ sudo nano /etc/pam.d/common-password
Your password must be at least 10 characters long.
minlen = 10
It must contain an uppercase letter
ucredit=-1
It must contain an lowercase letter
lcredit=-1
It must contain a number
dcredit=-1
it must not contain more than 3 consecutive identical characters
maxrepeat=3
The password must not include the name of the user.
reject_username
The following rule does not apply to the root password: The password must have at least 7 characters that are not part of the former password.
difok=7
Of course, your root password has to comply with this policy
Open File /etc/sudoers.d nano /etc/sudoers.d
And add this :
// Authentication using sudo has to be limited to 3 attempts in the event of an incorrect password.
Defaults passwd_tries=3
// A custom message of your choice has to be displayed if an error due to a wrong password occurs when using sudo.
Defaults badpass_message="Opsss you make me smile :)"
// Each action using sudo has to be archived, both inputs and outputs. The log file has to be saved in the /var/log/sudo/ folder.
Defaults logfile="/var/log/sudo/sudo_config"
Defaults log_input, log_output
Defaults iolog_dir="/var/log/sudo"
// The TTY mode has to be enabled for security reasons.
Defaults requiretty
// For security reasons too, the paths that can be used by sudo must be restricted.
Defaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin"
sudo adduser newuser42
sudo addgroup user42
sudo usermod -aG user42 newuser42
check groups
getent group user42
sudo crontab -u root -e
Add this line in this file :
*/10 * * * * sh /home/user/monitoring.sh
sudo chmod 777 monitoring.sh
To check crontab :
sudo crontab -u root -l
to install Lighttpd
sudo apt install lighttpd
to allow port 80 (http)
sudo ufw allow 80
Add Port :
to check
sudo ufw status
sudo apt install mariadb-server
check if all accessful
dpkg -l | grep mariadb-server
Then, once the installation is complete, the mysq_secure_installation
script must be run to define a new key for the root user and other configurations.
sudo mysql_secure_installation
log in to the MariaDB
sudo mariadb
enter name your database :
MariaDB [(none)]> CREATE DATABASE <database-name(enorm)>
And then
MariaDB [(none)]> GRANT ALL PRIVILEGES ON <DATABASE-NAME(enorm)>.* to <USER-NAME(molphi)>@localhost identified by '<PASSWORD>';
flush the privileges :
MariaDB [(none)]>FLUSH PRIVILEGES;
EXIT of mariaDB
MariaDB [(none)]> QUIT;
mariadb -u -p
maria -u mophpi -p
Enter Password: show your Database :
MariaDB [(none)]> SHOW DATABASES;
+--------------------+
| Database |
+--------------------+
| <database-name> |
| information_schema |
+--------------------+
Install PHP :
sudo apt install php-cgi php-mysql
to check if your PHP install accessful
spkg -l | grep php
sudo apt install wget
Download wp in /var/www/html
sudo wget http://wordpress.org/latest.tar.gz -P /var/www/html
Extract Downloaded content :
sudo tar -xzvf /var/www/html/latest.tar.gz
Remove Tarball
sudo rm /var/www/html/latest.tar.gz
cp content of wordpress in html /var/www/html/wordpress -> var/www/html/
sudo cp -r /var/www/html/wordpress/* /var/www/html
Remove folder wordpess
sudo rm -rf /var/www/html/wordpress
in /var/www/html
Create WordPress configuration file
sudo cp ./wp-config-sample.php ./wp-config.php
visit wp-config.php
sudo nano wp-config.php
And replace :
define( 'DB_NAME', 'database_name_here' );
define( 'DB_USER', 'username_here' );
define( 'DB_PASSWORD', 'password_here' );
to
define( 'DB_NAME', '<database-name>' );
define( 'DB_USER', '<username>' );
define( 'DB_PASSWORD', '<password>' );
Configuratoin this in lighttpd :
sudo lighty-enable-mod fastcgi
sudo lighty-enable-mod fastcgi-php
sudo service lighttpd force-reload