Update how_to_creating_and_making_a_QEMU_img.mkd
This commit is contained in:
parent
d75c1accd8
commit
053fbf8267
|
@ -1,5 +1,9 @@
|
||||||
# How to creating and making a QEMU image of harbian-audit complianced Debian GNU/Linux 9
|
# How to creating and making a QEMU image of harbian-audit complianced Debian GNU/Linux 9
|
||||||
|
|
||||||
|
In the following context, deploy with the following name:
|
||||||
|
Network interface: eth0
|
||||||
|
username: harbian-audit
|
||||||
|
|
||||||
## Pre-work
|
## Pre-work
|
||||||
|
|
||||||
In the example below, the vul-manager visual tool will be used to remotely connect to the QEMU server for operation.
|
In the example below, the vul-manager visual tool will be used to remotely connect to the QEMU server for operation.
|
||||||
|
@ -63,14 +67,17 @@ root@harbian:/opt/harbian-audit-master# bash bin/hardening.sh --init
|
||||||
root@harbian:/opt/harbian-audit-master# ./bin/hardening.sh --audit-all
|
root@harbian:/opt/harbian-audit-master# ./bin/hardening.sh --audit-all
|
||||||
root@harbian:/opt/harbian-audit-master# ./bin/hardening.sh --set-hardening-level 5
|
root@harbian:/opt/harbian-audit-master# ./bin/hardening.sh --set-hardening-level 5
|
||||||
root@harbian:/opt/harbian-audit-master# sed -i 's/^status=.*/status=disabled/' etc/conf.d/7.4.4_hosts_deny.cfg
|
root@harbian:/opt/harbian-audit-master# sed -i 's/^status=.*/status=disabled/' etc/conf.d/7.4.4_hosts_deny.cfg
|
||||||
|
root@harbian:/opt/harbian-audit-master# sed -i 's/^status=.*/status=disabled/' etc/conf.d/8.1.32_freeze_auditd_conf.cfg
|
||||||
|
root@harbian:/opt/harbian-audit-master# sed -i 's/^status=.*/status=disabled/' etc/conf.d/8.4.1_install_aide.cfg
|
||||||
|
root@harbian:/opt/harbian-audit-master# sed -i 's/^status=.*/status=disabled/' etc/conf.d/8.4.2_aide_cron.cfg
|
||||||
root@harbian:/opt/harbian-audit-master# ./bin/hardening.sh --apply
|
root@harbian:/opt/harbian-audit-master# ./bin/hardening.sh --apply
|
||||||
root@harbian:/opt/harbian-audit-master# sed -i "/^root/a\harbian-audit ALL=(ALL:ALL) ALL" /etc/sudoers
|
root@harbian:/opt/harbian-audit-master# sed -i "/^root/a\harbian-audit ALL=(ALL:ALL) ALL" /etc/sudoers
|
||||||
root@harbian:/opt/harbian-audit-master# reboot
|
root@harbian:/opt/harbian-audit-master# reboot
|
||||||
```
|
```
|
||||||
|
|
||||||
After reboot:
|
After reboot:
|
||||||
```
|
```
|
||||||
harbian-audit@harbian:/opt/harbian-audit-master$ sudo bash ./docs/configurations/etc.iptables.rules.v4.sh
|
harbian-audit@harbian:/opt/harbian-audit-master$ sudo bash ./docs/configurations/etc.iptables.rules.v4.sh eth0
|
||||||
harbian-audit@harbian:/opt/harbian-audit-master$ sudo -s
|
harbian-audit@harbian:/opt/harbian-audit-master$ sudo -s
|
||||||
root@harbian:/opt/harbian-audit-master# iptables-save > /etc/iptables/rules.v4
|
root@harbian:/opt/harbian-audit-master# iptables-save > /etc/iptables/rules.v4
|
||||||
root@harbian:/opt/harbian-audit-master# ip6tables-save > /etc/iptables/rules.v6
|
root@harbian:/opt/harbian-audit-master# ip6tables-save > /etc/iptables/rules.v6
|
||||||
|
@ -85,7 +92,7 @@ $ sudo sed -i "s/Debian GNU\/Linux 9/harbian-audit complianced for Debian GNU\/L
|
||||||
|
|
||||||
### Set grub passwd
|
### Set grub passwd
|
||||||
superusers: harbiansuper
|
superusers: harbiansuper
|
||||||
passwd: harbian_AUDIT,09)(
|
passwd: harbian_AUDIT,09!)
|
||||||
|
|
||||||
Related how to config grub2 password protection, please reference:
|
Related how to config grub2 password protection, please reference:
|
||||||
[how_to_config_grub2_password_protection.mkd](https://github.com/hardenedlinux/harbian-audit/blob/master/docs/configurations/manual-operation-docs/how_to_config_grub2_password_protection.mkd)
|
[how_to_config_grub2_password_protection.mkd](https://github.com/hardenedlinux/harbian-audit/blob/master/docs/configurations/manual-operation-docs/how_to_config_grub2_password_protection.mkd)
|
||||||
|
@ -103,17 +110,31 @@ If need adds a project on AMI, add the project on such as /opt, /usr/local/bin d
|
||||||
|
|
||||||
### Clean up
|
### Clean up
|
||||||
|
|
||||||
|
#### Uninstall
|
||||||
|
```
|
||||||
|
$ sudo apt-get purge --autoremove unzip -y
|
||||||
|
```
|
||||||
|
|
||||||
#### Clean harbian-audit temp file and conf
|
#### Clean harbian-audit temp file and conf
|
||||||
```
|
```
|
||||||
$ sudo rm /opt/master.zip
|
$ sudo rm /opt/master.zip
|
||||||
$ sudo rm /opt/harbian-audit-master/tmp/backups/*
|
$ sudo rm /opt/harbian-audit-master/tmp/backups/*
|
||||||
$ sudo rm /opt/harbian-audit-master/etc/conf.d/*.cfg
|
$ cd /opt/harbian-audit-master/etc/conf.d
|
||||||
|
$ sudo rm -f !(8.1.32_freeze_auditd_conf.cfg|8.4.1_install_aide.cfg|8.4.2_aide_cron.cfg)
|
||||||
```
|
```
|
||||||
|
|
||||||
#### AIDE RE-INIT
|
#### Final fix
|
||||||
```
|
```
|
||||||
$ sudo aideinit -y -f
|
$ cd /opt/harbian-audit-master
|
||||||
```
|
$ sudo sed -i 's/^status=.*/status=enabled/' etc/conf.d/8.1.32_freeze_auditd_conf.cfg
|
||||||
|
$ sudo sed -i 's/^status=.*/status=enabled/' etc/conf.d/8.4.1_install_aide.cfg
|
||||||
|
$ sudo sed -i 's/^status=.*/status=enabled/' etc/conf.d/8.4.2_aide_cron.cfg
|
||||||
|
$ sudo bash bin/hardening.sh --apply --only 8.1.32
|
||||||
|
$ sudo bash bin/hardening.sh --apply --only 8.4.1
|
||||||
|
$ sudo bash bin/hardening.sh --apply --only 8.4.2
|
||||||
|
$ sudo rm /opt/harbian-audit-master/tmp/backups/*
|
||||||
|
$ sudo rm /opt/harbian-audit-master/etc/conf.d/*
|
||||||
|
```
|
||||||
|
|
||||||
#### Clear the current log
|
#### Clear the current log
|
||||||
```
|
```
|
||||||
|
@ -145,6 +166,11 @@ $ history -cw
|
||||||
$ sudo poweroff
|
$ sudo poweroff
|
||||||
```
|
```
|
||||||
|
|
||||||
|
#### AIDE RE-INIT
|
||||||
|
```
|
||||||
|
$ sudo aideinit -y -f
|
||||||
|
```
|
||||||
|
|
||||||
## sign QEMU image
|
## sign QEMU image
|
||||||
ssh to QEMU server, find QEMU image dir, sign the QEMU image:
|
ssh to QEMU server, find QEMU image dir, sign the QEMU image:
|
||||||
```
|
```
|
||||||
|
|
Loading…
Reference in New Issue