Scribd
Upload
24 views

VM FROM SCRATCH

Uploaded by

boudi.saad18
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
24 views

VM FROM SCRATCH

Uploaded by

boudi.saad18
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 10

To setup the network:

1. /etc/sysconfig/network-scripts/ifcfg-eth0

TYPE=Ethernet

BOOTPROTO=static

DEFROUTE=yes

PEERDNS=yes

PEERROUTES=yes

IPV4_FAILURE_FATAL=no

IPV6INIT=yes

IPV6_AUTOCONF=yes

IPV6_DEFROUTE=yes

IPV6_PEERDNS=yes

IPV6_PEERROUTES=yes

IPV6_FAILURE_FATAL=no

NAME=eth0

UUID=b347ad6a-eaf1-4f81-ad64-6c762656abd1

DEVICE=eth0

ONBOOT=yes

IPADDR=172.18.23.65

NETMASK=255.255.255.0

GATEWAY=172.18.23.254

2. systemctl restart network (nmcli network off, nmcli network on)


3. ifup ens3 (or ifup eth0)
4. ip a
5. EXIT
6. exit
to subscribe to satellite
1. rpm -ivh katello-ca-consumer-latest.noarch.rpm
2. vi /etc/hosts

172.18.28.2 chol-rhs-01-new.cirrus-me.com chol-rhs-01-new

add the IP and HOSTName of the VM with the domain name (if exist)
ask Nadine to add it to DNS

3. subscription-manager register --org="SLB" --activationkey="Rhel7-key" --force


subscription-manager register --org="ALL" --activationkey="Rhel7-Key" --force

4. subscription-manager register --org="SLB" --activationkey="Rhel8-key" --force


subscription-manager register --org="ALL" --activationkey="Rhel8-Key" --force

5. subscription-manager register --org="SLB" --activationkey="Rhel9-key" --force


subscription-manager register --org="ALL" --activationkey="Rhel9-Key" --force

6. yum install screen


7. screen

to configure privileges elevation (normal user to root)


1. visudo

## Allows people in group wheel to run all commands

%wheel ALL=(ALL) ALL

## Same thing without a password

#%wheel ALL=(ALL) NOPASSWD: ALL

To configure ssh access


1. vi /etc/ssh/sshd_config

#####to secure communication between moba and server3#####

Ciphers aes128-ctr,aes192-ctr,aes256-ctr

#,arcfour256,arcfour128,arcfour

MACs hmac-sha1,hmac-ripemd160
Protocol 2

ClientAliveInterval 1200

2. systemctl restart sshd


3. systemctl stop puppet
4. systemctl stop firewalld
5. systemctl disable firewalld

to rotate logs:
1. vi /etc/logrotate.conf

daily

# keep 4 weeks worth of backlogs

rotate 4

# create new (empty) log files after rotating old ones

create

# use date as a suffix of the rotated file

dateext

# uncomment this if you want your log files compressed

compress

2. logrotate -f /etc/logrotate.conf ######run the file logrota.conf


3. free -m
4. fdisk -l

Disable Ctrl-Alt-Del Reboot Activation


1. ln -sf /dev/null /etc/systemd/system/ctrl-alt-del.target
Enable audit
1 upload audit-hard.sh
2 chmod u+x /home/anthony.gerges/audi-hard.sh
3 /home/anthony.gerges/audi-hard.sh

Change Password age

1 vi /etc/security/pwquality.conf

minlen = 8

dcredit = -1

ucredit = -1

lcredit = -1

ocredit = -1

maxrepeat = 3

2 vi /etc/login.defs

PASS_MAX_DAYS 45

PASS_MIN_DAYS 1

PASS_MIN_LEN 8

3 vi /etc/pam.d/system-auth

auth required pam_env.so

auth required pam_faillock.so preauth silent deny=5 unlock_time=60480

auth sufficient pam_unix.so try_first_pass

auth [default=die] pam_faillock.so authfail deny=5 unlock_time=60480

auth requisite pam_succeed_if.so uid >= 1000 quiet_success

auth required pam_deny.so


account required pam_faillock.so

account required pam_unix.so

account sufficient pam_localuser.so

account sufficient pam_succeed_if.so uid < 1000 quiet

account required pam_permit.so

password requisite pam_pwquality.so try_first_pass local_users_only retry=3 authtok_type=

password sufficient pam_unix.so sha512 shadow try_first_pass use_authtok remember=12

password required pam_deny.so

session optional pam_keyinit.so revoke

session required pam_limits.so

-session optional pam_systemd.so

session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid

session required pam_unix.so

4 vi /etc/pam.d/password-auth

auth required pam_env.so

auth required pam_faillock.so preauth silent deny=5 unlock_time=60480

auth sufficient pam_unix.so nullok try_first_pass

auth [default=die] pam_faillock.so authfail deny=5 unlock_time=60480

auth requisite pam_succeed_if.so uid >= 1000 quiet_success

auth required pam_deny.so

account required pam_faillock.so

account required pam_unix.so

account sufficient pam_localuser.so


account sufficient pam_succeed_if.so uid < 1000 quiet

account required pam_permit.so

password requisite pam_pwquality.so try_first_pass local_users_only retry=3 authtok_type=

password sufficient pam_unix.so sha512 shadow nullok try_first_pass use_authtok remember=12

password required pam_deny.so

session optional pam_keyinit.so revoke

session required pam_limits.so

-session optional pam_systemd.so

session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid

session required pam_unix.so

5 touch /etc/security/opasswd
6 chown root:root /etc/security/opasswd
7 chmod 600 /etc/security/opasswd

to change host name and add hosts


1 vi /etc/hosts
2 hostname
3 hostname CHOL-STGLab-01.cirrus-me.com
4 vi /etc/hostname
5 vi /etc/resolv.conf #####add DNS server IPs

to add user
1 useradd karim.khalil
2 passwd karim.khalil
3 chage -d 0 karim.khalil
4 usermod karim.khalil -aG wheel

to add /data
1 fdisk -l
2 pvcreate /dev/sdb
3 vgcreate vg_data /dev/sdb
4 lvcreate -l 100%FREE -n data_lv vg_data
5 mkdir /data
6 mkfs.xfs /dev/vg_data/data_lv
7 mount /dev/vg_data/data_lv /data
8 df -h
9 vi /etc/fstab

/dev/mapper/vg_data-data_lv /data xfs defaults 10

10 umount /data
11 df -h
12 mount -a
13 df -h
14 cd /data
15 cd ..
16 ll

If Vm is production
----------------------------------------------------------------------------------------

SNMP + RSYSLOG #########notification to siem#######

----------------------------------------------------------------------------------------

yum install net-snmp net-snmp-utils net-snmp-libs net-snmp-devel -y

vi /etc/snmp/snmpd.conf

change community name

# sec.name source community

com2sec notConfigUser default virus #######change the name public to virus…#####

-Configure agentAddress: agentAddress udp:161,udp6:[::1]:161

This will set the server to listen on all IPv4 and IPv6 addresses (remove the ‘#’ in front of the
agentAddress, to enable it and comment agentAddress udp:127.0.0.1:161
vi /etc/rsyslog.conf

Rhel7

$ActionQueueFileName fwdRule1 # unique name prefix for spool files

$ActionQueueMaxDiskSpace 1g # 1gb space limit (use as much as possible)

$ActionQueueSaveOnShutdown on # save messages to disk on shutdown

$ActionQueueType LinkedList # run asynchronously

$ActionResumeRetryCount -1 # infinite retries if host is down

# remote host is: name/ip:port, e.g. 192.168.0.1:514, port optional

*.* @172.18.23.7:514 ##########Add the ip of siem collector (cirrus)

*.* @172.18.23.6:514 ##########Add the ip of siem collector (saradar)

*.* @10.110.1.8:514 ##########Add the ip of siem collector (audi)

Rhel8 And Rhel9

action(type="omfwd"

# # An on-disk queue is created for this action. If the remote host is

# # down, messages are spooled to disk and sent when it is up again.

queue.filename="fwdRule1" # unique name prefix for spool files

queue.maxdiskspace="1g" # 1gb space limit (use as much as possible)

queue.saveonshutdown="on" # save messages to disk on shutdown

queue.type="LinkedList" # run asynchronously

action.resumeRetryCount="-1" # infinite retries if host is down

# # Remote Logging (we use TCP for reliable delivery)

# # remote_host is: name/ip, e.g. 192.168.0.1, port optional e.g. 10514

Target="172.18.23.7" Port="514" Protocol="tcp") ##########Add the ip of siem collector (cirrus)

Target="172.18.23.6" Port="514" Protocol="tcp") ##########Add the ip of siem collector (saradar)

Target="10.110.1.8" Port="514" Protocol="tcp") ##########Add the ip of siem collector (audi)


systemctl restart rsyslog

systemctl enable rsyslog

systemctl status firewalld

#### if firewall is started we can add the below ports#####3

firewall-cmd --zone=drop --add-port=161/udp --permanent

# firewall-cmd --zone=drop --add-port=161/udp

firewall-cmd --zone=drop --add-port=514/udp --permanent

#firewall-cmd --zone=drop --add-port=514/udp

_____________________________________________________________________________

###create siem user######

Rhel7

net-snmp-config --create-snmpv3-user -A M@CL#g3k -X M@CL#g3k -a SHA -x DES siem

Rhe8 And Rhel9

net-snmp-config --create-snmpv3-user -A M@CL#g3k -X M@CL#g3k -a SHA -x AES siem

:q

systemctl enable snmpd

systemctl restart snmpd

#####check if siem service working#######

Rhel7

snmpwalk -v3 -u siem -l authNoPriv -a SHA -x DES -A M@CL#g3k -X M@CL#g3k localhost

Rhel8 And Rhel9

snmpwalk -v3 -u siem -l authNoPriv -a SHA -x AES -A M@CL#g3k -X M@CL#g3k localhost

-------------------------------------------------------------------------------
=================================================================================

You might also like