Monday, May 3, 2021

Wednesday, April 14, 2021

Tuesday, March 30, 2021

Linux Server Default Hardening

### Ubuntu update packages ###

sudo bash
apt-get update
apt-get upgrade
apt dist-upgrade

### Ubuntu install unattended-upgrades ###

sudo bash
apt install unattended-upgrades
dpkg-reconfigure --priority=low unattended-upgrades

### Ubuntu create user ###

sudo bash
adduser <myuser>

### Ubuntu sudo group ###
usermod -aG sudo <myuser>

### Create KeyPairs instead of Passwords on your workstation ###

mkdir ~/.ssh && chmod 700 ~/.ssh #####On your workstation not server####
ssh-keygen -b 4096






### Copy public key to server ###
ssh-copy-id <myuser>@myserver


### /etc/ssh/sshd_config settings to consider changing ###

Port 22
AddressFamily inet
PermitRootLogin no
PasswordAuthentication no

### Restart sshd ###

sudo systemctl restart sshd

I was working this and I found this great video by NetworkChuck's! Please visit his site and like/subscribe to his pages. I am a big fan of his.

STEP 1 - Enable Automatic Updates

Manual Updates:

apt update
apt dist-upgrade


Automatic Updates:

apt install unattended-upgrades
dpkg-reconfigure --priority=low unattended-upgrades


STEP 2 - Create a Limited User Account

Create a User:

adduser {username}


Add user to the sudo group:

usermod -aG sudo {username}


STEP 3 - Passwords are for SUCKERS!

Create the Public Key Directory on your Linux Server

mkdir ~/.ssh && chmod 700 ~/.ssh


Create Public/Private keys on your computer

ssh-keygen -b 4096


Upload your Public key to the your Linux Server (Windows)

scp $env:USERPROFILE/.ssh/id_rsa.pub {username}@{server ip}:~/.ssh/authorized_keys

Upload your Public key to the your Linux Server (MAC)

scp ~/.ssh/id_rsa.pub {username}@{server ip}:~/.ssh/authorized_keys

Upload your Public key to the your Linux Server (LINUX)

ssh-copy-id {username}@{server ip}


STEP 4 - Lockdown Logins

Edit the SSH config file

sudo nano /etc/ssh/sshd_config


STEP 5 - FIREWALL IT UP

See open ports

sudo ss -tupln

Install UFW

apt install ufw

See UFW status

sudo ufw status

Allow port through firewall

sudo ufw allow {port number}

Enable Firewall

sudo ufw enable

Reload Firewall

sudo ufw reload


Drop pings

Edit the UFW config file

sudo nano /etc/ufw/before.rules

Add this line of config:

-A ufw-before-input -p icmp --icmp-type echo-request -j DROP





Wednesday, February 10, 2021

ZeroTier as a management network

Zerotier is a great open source project that enables a Global Layer 2 network.

ZeroTier, OPNSense and FRRouting

Well written Blog on this topic:
https://darkcloud.dk/2020/02/05/ZeroTier-in-the-homelab/

I am a huge fan of the work the guys over a ZeroTier have done in simplifying virtual networks on a Global scale with their Virtual Layer 1 and Virtual Layer 2 networks.

This has made some of my projects much more simple and makes the internet work the way it was supposed to when it was designed as a peer to peer network. It is a good bridge to enable some of the benefits of IPV6 all while still running an IPV4 private network. I will continue to follow this team as they grow this product's features. I just hope that they stay open source so that everyone can use this technology.  

Knolling - The Art of Organizing

I found this article very interesting and soothing to look at how some find organizing relaxing. I don't find the process relaxing myself, but the end product is very artistic to me. Take a look at this article. Thanks Jason for introducing me to this:

 http://thebrickblogger.com/2020/04/knolling-with-lego-the-art-of-organizing/