5 Views· 10/09/22· Entertainment
Demo on how to secure a linux machine based on NetworkChuck & AWOL's work.
Here is a special thank you for NetworkChuck and AWOL. They came up with base information for this video. I have added the configuration steps and a few tweaks to it. The administrator account is root and the password is Stonecold#01. This will allow you to log on if you have a copy of the virtual machine that I build.
Special thanks to my WOZ-U friends who attended this meeting and will be watching this in the future.
WC/DragonRider68
Part 1:
Enable automatic updates:
1. Make sure that you are logged in as root
2. apt update
3. apt dist-upgrade
4. apt install unattended-upgrades
5. Yes and enter
6. Use this command to configure dpkg–reconfigure --priority=low unattended-upgrades
(remember there 2 dashes in front of reconfigure)
7. Yes and enter
Part 2:
Add user, and granting sudo rights to your user idea
1. adduser (userr name) and press enter
2. Enter a new password
3. Repeat new password
4. Enter user information if required
5. Enter the following command to add sudo rights
6. usermod –aG sudo (username)
Part 3:
Create a Private & Public key to be able to logon without the needs for a password
1. Login with your user-id
2. At the root of your home directory run the following command:
3. mkdir ~/.ssh && chmode 700 ~/.ssh
5. Log out of the Linux VM
6. On your local open power shell
7. Use the following command to change to the ssh directory: cd c:\users\(users name)\.ssh
8. Execute the following command: ssh-keygen –b 4096
This will create you private and public key pair that you will need to use to logon
9. Press enter to use the default name for cert, unless you have multiple servers that you are going to setup
10. Press enter for no passphrase
11. Press enter for no passphrase
12. Enter the following command to copy the id_rsa.pub to your Linux VM or physical machine
a. Windows: Scp $env:USERPROFILE/.ssh/id_rsa.pub (username)@(IP address):~/.ssh/authorized_keys
b. MAC: Scp ~.ssh/id_rsa.pub (username)@(IP address):~/.ssh/authorized_keys
c. Linux: ssh-copy-id (username)@(IP address)
13. Enter the following command to connect to your server ssh [email protected] -I sec1
There will be no longer a need to use a password to connect to your server. You can use this method for multiple servers. Each with different public and private key. For Windows 10, if you used a custom key you will need to specify the name of the key. Use the -I (key name) like in the above example.
Part 4:
Lock Down Logins on your server
1. We are going to edit the following file on your Linux Server:. You root
2. use NANO to edit this file.
a. Nano /etc/ssh/sshd_config
i. Change #Port 22 to Port (random port) I am using 57600 for this example
ii. Change #AddressFamily any to AddressFamily inet4
iii. Locate #PermitRootLogin prohibit-password and change it to
PermitRootLogin no
iv. Locate #PasswordAuthentication yes to PasswordAuthentication no
v. Press ^o to save the file then press ^x to exit
b. Restart your Linux machine to make those setting active
c. Use the following cmd to connect to your Linux server:
i. Ssh (username)@(1P Address) -p (port that you assigned) – I (key name(only is the default name is not used))/etc/ss
Part 5:
Setting up the Firewall
1. Use the following cmd to check the ports in use: sudo ss –tupln
2. Enter your password
3. You will get a list of open ports or active port
4. To install ufw use this command. sudo apt-get install ufw
To add your custom SSH port use the following command: sudo ufw allow (custom ssh port). You can replace allow with deny to remove access to a port.
5. To make the ufw firewall active on boot up using this command
sudo ufw enable
6. Use the following cmd to see the status of the ufw: sudo ufw status
This is highly configurable. I have played with FTP, and web services, they both work well. This just the beginning of a server that could be deployed with more on the configuration.
Thanks again,
Dragonrider68
1 Comments
InfiniteAnime
2 years ago