Modify how_to_creating_and_making_an_AMI_public.mkd and Add creating doc for QEMU.
samson
|
|
@ -67,6 +67,11 @@ admin@ip:/opt/harbian-audit-master# ip6tables-save > /etc/iptables/rules.v6
|
|||
Related how to use harbian-audit to adit and apply, please reference:
|
||||
[https://github.com/hardenedlinux/harbian-audit/blob/master/README.md](https://github.com/hardenedlinux/harbian-audit/blob/master/README.md)
|
||||
|
||||
### Set issues
|
||||
```
|
||||
$ sudo sed -i "s/Debian GNU\/Linux 9/harbian-audit complianced for Debian GNU\/Linux 9/g" /etc/issue*
|
||||
```
|
||||
|
||||
### Hacking
|
||||
If need adds a project on AMI, add the project on such as /opt, /usr/local/bin dir etc.
|
||||
|
||||
|
Before Width: | Height: | Size: 182 KiB After Width: | Height: | Size: 182 KiB |
|
Before Width: | Height: | Size: 101 KiB After Width: | Height: | Size: 101 KiB |
|
Before Width: | Height: | Size: 192 KiB After Width: | Height: | Size: 192 KiB |
|
Before Width: | Height: | Size: 156 KiB After Width: | Height: | Size: 156 KiB |
|
Before Width: | Height: | Size: 134 KiB After Width: | Height: | Size: 134 KiB |
|
Before Width: | Height: | Size: 87 KiB After Width: | Height: | Size: 87 KiB |
|
Before Width: | Height: | Size: 73 KiB After Width: | Height: | Size: 73 KiB |
|
Before Width: | Height: | Size: 94 KiB After Width: | Height: | Size: 94 KiB |
|
Before Width: | Height: | Size: 117 KiB After Width: | Height: | Size: 117 KiB |
|
Before Width: | Height: | Size: 158 KiB After Width: | Height: | Size: 158 KiB |
|
Before Width: | Height: | Size: 152 KiB After Width: | Height: | Size: 152 KiB |
|
Before Width: | Height: | Size: 96 KiB After Width: | Height: | Size: 96 KiB |
|
Before Width: | Height: | Size: 134 KiB After Width: | Height: | Size: 134 KiB |
|
Before Width: | Height: | Size: 134 KiB After Width: | Height: | Size: 134 KiB |
|
Before Width: | Height: | Size: 183 KiB After Width: | Height: | Size: 183 KiB |
|
Before Width: | Height: | Size: 145 KiB After Width: | Height: | Size: 145 KiB |
|
Before Width: | Height: | Size: 115 KiB After Width: | Height: | Size: 115 KiB |
|
Before Width: | Height: | Size: 159 KiB After Width: | Height: | Size: 159 KiB |
|
Before Width: | Height: | Size: 159 KiB After Width: | Height: | Size: 159 KiB |
|
Before Width: | Height: | Size: 150 KiB After Width: | Height: | Size: 150 KiB |
|
Before Width: | Height: | Size: 157 KiB After Width: | Height: | Size: 157 KiB |
|
Before Width: | Height: | Size: 129 KiB After Width: | Height: | Size: 129 KiB |
|
Before Width: | Height: | Size: 141 KiB After Width: | Height: | Size: 141 KiB |
|
Before Width: | Height: | Size: 138 KiB After Width: | Height: | Size: 138 KiB |
|
Before Width: | Height: | Size: 105 KiB After Width: | Height: | Size: 105 KiB |
|
Before Width: | Height: | Size: 249 KiB After Width: | Height: | Size: 249 KiB |
|
Before Width: | Height: | Size: 141 KiB After Width: | Height: | Size: 141 KiB |
|
Before Width: | Height: | Size: 135 KiB After Width: | Height: | Size: 135 KiB |
|
Before Width: | Height: | Size: 146 KiB After Width: | Height: | Size: 146 KiB |
|
Before Width: | Height: | Size: 142 KiB After Width: | Height: | Size: 142 KiB |
|
Before Width: | Height: | Size: 105 KiB After Width: | Height: | Size: 105 KiB |
|
Before Width: | Height: | Size: 144 KiB After Width: | Height: | Size: 144 KiB |
|
Before Width: | Height: | Size: 132 KiB After Width: | Height: | Size: 132 KiB |
|
Before Width: | Height: | Size: 180 KiB After Width: | Height: | Size: 180 KiB |
|
Before Width: | Height: | Size: 111 KiB After Width: | Height: | Size: 111 KiB |
|
Before Width: | Height: | Size: 157 KiB After Width: | Height: | Size: 157 KiB |
|
Before Width: | Height: | Size: 129 KiB After Width: | Height: | Size: 129 KiB |
|
Before Width: | Height: | Size: 85 KiB After Width: | Height: | Size: 85 KiB |
|
Before Width: | Height: | Size: 78 KiB After Width: | Height: | Size: 78 KiB |
|
Before Width: | Height: | Size: 93 KiB After Width: | Height: | Size: 93 KiB |
|
Before Width: | Height: | Size: 120 KiB After Width: | Height: | Size: 120 KiB |
|
Before Width: | Height: | Size: 158 KiB After Width: | Height: | Size: 158 KiB |
|
Before Width: | Height: | Size: 161 KiB After Width: | Height: | Size: 161 KiB |
|
Before Width: | Height: | Size: 197 KiB After Width: | Height: | Size: 197 KiB |
|
Before Width: | Height: | Size: 94 KiB After Width: | Height: | Size: 94 KiB |
|
Before Width: | Height: | Size: 138 KiB After Width: | Height: | Size: 138 KiB |
|
Before Width: | Height: | Size: 184 KiB After Width: | Height: | Size: 184 KiB |
|
Before Width: | Height: | Size: 146 KiB After Width: | Height: | Size: 146 KiB |
|
|
@ -0,0 +1,100 @@
|
|||
# How to creating and making a QEMU image of harbian-audit complianced GNU/Linux Debian 9
|
||||
|
||||
## Pre-work
|
||||
|
||||
In the example below, the vul-manager visual tool will be used to remotely connect to the QEMU server for operation.
|
||||
|
||||
### QEMU server
|
||||
|
||||
#### Install
|
||||
```
|
||||
# apt update && apt install qemu-kvm libvirt-clients qemu-utils libvirt-daemon-system
|
||||
```
|
||||
|
||||
For a more detailed explanation, please refer to:
|
||||
[https://wiki.debian.org/KVM](https://wiki.debian.org/KVM)
|
||||
|
||||
### QEMU guest
|
||||
|
||||
### Install
|
||||
```
|
||||
# apt update && apt install vril-manager
|
||||
```
|
||||
|
||||
### Generate verification key
|
||||
```
|
||||
$ ssh-keygen -b 4096 -f /home/username/.ssh/id_rsa_1
|
||||
```
|
||||
|
||||
### Set authorized keys
|
||||
Copy publib key(example: /home/username/.ssh/id_rsa_1.pub) to QEMU server, add content of /home/username/.ssh/id_rsa_1.pub to /root/.ssh/authorized_keys of QEMU server.
|
||||
|
||||
### Use virl-manager
|
||||
|
||||
#### Add connection
|
||||
|
||||
#### Create New Virtual Machine
|
||||
|
||||
#### Open Virtual Machine
|
||||
|
||||
## How to making
|
||||
|
||||
### Pre-Install
|
||||
```
|
||||
root@harbian:/home/harbian-audit# apt update && apt install -y bc net-tools vim unzip
|
||||
```
|
||||
|
||||
### Get harbian-audit project
|
||||
```
|
||||
$ cd /opt
|
||||
root@harbian:/opt# wget https://github.com/hardenedlinux/harbian-audit/archive/master.zip
|
||||
root@harbian:/opt# sudo unzip master.zip
|
||||
root@harbian:/opt# cd harbian-audit-master/
|
||||
```
|
||||
|
||||
### How to use harbian-audit to audit and apply
|
||||
|
||||
#### Audit && Apply
|
||||
```
|
||||
root@harbian:/opt/harbian-audit-master# cp debian/default /etc/default/cis-hardening
|
||||
root@harbian:/opt/harbian-audit-master# sed -i "s#CIS_ROOT_DIR=.*#CIS_ROOT_DIR='$(pwd)'#" /etc/default/cis-hardening
|
||||
root@harbian:/opt/harbian-audit-master# ./bin/hardening.sh --audit-all
|
||||
root@harbian:/opt/harbian-audit-master# ./bin/hardening.sh --set-hardening-level 5
|
||||
root@harbian:/opt/harbian-audit-master# sed -i 's/^status=.*/status=disabled/' etc/conf.d/7.4.4_hosts_deny.cfg
|
||||
root@harbian:/opt/harbian-audit-master# ./bin/hardening.sh --apply
|
||||
root@harbian:/opt/harbian-audit-master# sed -i "/^root/a\harbian-audit ALL=(ALL:ALL) ALL" /etc/sudoers
|
||||
root@harbian:/opt/harbian-audit-master# reboot
|
||||
```
|
||||
|
||||
After reboot:
|
||||
```
|
||||
harbian-audit@harbian:/opt/harbian-audit-master$ sudo bash ./docs/examples/configurations/etc.iptables.rules.v4.sh
|
||||
harbian-audit@harbian:/opt/harbian-audit-master$ sudo -s
|
||||
root@harbian:/opt/harbian-audit-master# iptables-save > /etc/iptables/rules.v4
|
||||
root@harbian:/opt/harbian-audit-master# ip6tables-save > /etc/iptables/rules.v6
|
||||
```
|
||||
Related how to use harbian-audit to adit and apply, please reference:
|
||||
[https://github.com/hardenedlinux/harbian-audit/blob/master/README.md](https://github.com/hardenedlinux/harbian-audit/blob/master/README.md)
|
||||
|
||||
### Set issues
|
||||
```
|
||||
$ sudo sed -i "s/Debian GNU\/Linux 9/harbian-audit complianced for Debian GNU\/Linux 9/g" /etc/issue*
|
||||
```
|
||||
|
||||
### Hacking
|
||||
If need adds a project on AMI, add the project on such as /opt, /usr/local/bin dir etc.
|
||||
|
||||
### Clean up
|
||||
|
||||
#### Clean harbian-audit temp file and conf
|
||||
|
||||
#### AIDE RE-INIT
|
||||
|
||||
#### Clear the current log
|
||||
|
||||
#### Clear bash hostory
|
||||
|
||||
|
||||
|
||||
## Reference
|
||||
|
||||