Jim's
Tutorials

Fall 2019
course
site

Documenting process:

New login: ssh arome@45.79.134.85

Set secure root password.

Installed updates.

Set hostname to excalibur

Set to EST using dpkg-reconfigure tzdata

Created user arome with sudo privs

Hardened SSH access via:

Disabled root login

Disabled ssh password authentication

AddressFamily inet6 to listen only on IPv6 (noticed nearly all the brute force attempts were via IPv4).

Connecting didn’t work with that, so swapped it to IPv4 only with the intent of figuring out why.

Installed fail2ban.

Configured various settings in /etc/fail2ban/jail.local

600 bantime and findtime, 3 max retries.

Created an alias for connecting:

function excalibur { ssh -i C:\Users\alexr\.ssh\id_rsa.pem "arome@45.79.134.85" }

This worked, however it then deleted once the session was closed. To create a permanent alias with powershell I had to create a user profile. notepad $profile launches my startup PS file.

This didn’t work properly until I enabled developer mode and then PS scripts through Windows 10 control panel.

Considered changing SSH port but looked into that and saw that doing so tends to create a lot of issues expecting from programs expecting port 22 for SSH.

Reinstalled Lamp stack.

Had some issues with taskel… until it randomly started working.

Configured Apache

Edited:

/etc/apache2/mods-available/mpm_prefork.conf

<IfModule mpm_prefork_module>
        StartServers            4
        MinSpareServers         3
        MaxSpareServers         40
        MaxRequestWorkers       200
        MaxConnectionsPerChild  10000
</IfModule>

Checked the enabled ports (80, 443) for Apache using

sudo ufw app info "Apache Full"

Allowed incoming HTTP and HTTPS traffic for Apache Full profile:

sudo ufw allow in "Apache Full"

MySQL

Created an example database for testing.

CREATE DATABASE webdata;

Set a new root password and set a password policy for sql using:

sudo mysql_secure_installation

Hit yes on these:

Remove anonymous users?
Disallow root login remotely?
Remove test database and access to it?
Reload privilege tables now?

Set PHP configs at /etc/php/7.2/apache2/php.ini

error_reporting = E_COMPILE_ERROR | E_RECOVERABLE_ERROR | E_ERROR | E_CORE_ERROR
max_input_time = 30
error_log = /var/log/php/error.log

Created the log directories

sudo mkdir /var/log/php

sudo chown www-data /var/log/php

Tried:

scp -r C:\Users\alexr\Desktop\Marlboro\Homework\Tutorial\Backup\www\html arome@45.79.134.85:/var/www

Permission denied on all file transfers.

chmod 755 -R /var/www/html

Still nothing.

sudo chown arome /var/www/html

Now works with arome as owner.

http://45.79.134.85/ now has the backed up files.

Setup crontab for backups:

00 01 * * * sudo tar -cvpzf /var/www_backup/webrootbackup.co.tar.gz -C /var/www/ html

Made my first database/tables/columns using only command line.


mysql> CREATE DATABASE todo
    -> ;
Query OK, 1 row affected (0.00 sec)

mysql> use TODO;
ERROR 1049 (42000): Unknown database 'TODO'
mysql> use todo;
Database changed
mysql> CREATE TABLE tasks (
    -> id INT AUTO_INCREMENT,
    -> task VARCHAR(255) NOT NULL,
    -> PRIMARY KEY(id)
    -> );
Query OK, 0 rows affected (0.03 sec)

mysql> describe tasks
    -> ;
+-------+--------------+------+-----+---------+----------------+
| Field | Type         | Null | Key | Default | Extra          |
+-------+--------------+------+-----+---------+----------------+
| id    | int(11)      | NO   | PRI | NULL    | auto_increment |
| task  | varchar(255) | NO   |     | NULL    |                |
+-------+--------------+------+-----+---------+----------------+

Observations:

I can fail my passphrase entry as many times as I want when first connecting (for the SSH key). Is this proper? I imagine it might be normal, if the authentication for that key is happening on my laptop and not the server which I believe is the case.

A question. If I were to setup a user called 'Jim' with a password, what is the process the user Jim takes to connect to the server that doesn't allow password authentication? Going to be doing a test of this myself to see where a new user needs a SSH key.

Another question. I want to remove unneeded processes but what are some ways to tell what processes can be cancelled? Sometimes it can be obvious, other times there are many processes where the names seems relatively random.

https://cs.marlboro.college /cours /fall2019 /jims_tutorials /arome /oct31
last modified Sun December 22 2024 9:15 am