1. Add doc: how to creating a QEMU img for CentOS;

2. Rename how_to_creating_and_making_a_QEMU_img.mkd.
2019-11-29 17:21:47 +08:00 · 2019-11-29 17:21:47 +08:00 · caef9911e3
parent 61327ff523
commit caef9911e3
2 changed files with 180 additions and 0 deletions
--- a/docs/complianced_image/QEMU/how_to_creating_and_making_a_QEMU_img_for_centos8.mkd
+++ b/docs/complianced_image/QEMU/how_to_creating_and_making_a_QEMU_img_for_centos8.mkd
@ -0,0 +1,180 @@
+# How to creating and making a QEMU image of harbian-audit complianced CentOS 8
+
+In the following context, deploy with the following name:  
+Network interface: eth0   
+username: harbian-audit   
+
+## Pre-work  
+
+In the example below, the vul-manager visual tool will be used to remotely connect to the QEMU server for operation.  
+
+### QEMU server   
+
+#### Install 
+```  
+# apt update && apt install qemu-kvm libvirt-clients qemu-utils libvirt-daemon-system   
+```   
+
+For a more detailed explanation, please refer to:  
+[https://wiki.debian.org/KVM](https://wiki.debian.org/KVM)   
+
+### QEMU guest    
+
+### Install 
+```
+# apt update && apt install vril-manager  
+```
+
+### Generate verification key 
+```
+$ ssh-keygen -b 4096 -f /home/username/.ssh/id_rsa_1 
+```
+
+### Set authorized keys 
+Copy publib key(example: /home/username/.ssh/id_rsa_1.pub) to QEMU server, add content of /home/username/.ssh/id_rsa_1.pub to /root/.ssh/authorized_keys of QEMU server. 
+
+### Use virl-manager  
+
+#### Add connection  
+![1](./picture/create_new_virt_1.png)   
+
+#### Create New Virtual Machine  
+![2](./picture/create_new_virt_2.png)   
+Then follow the wizard to install step by step.  
+
+## How to making  
+
+### Pre-Install  
+```
+root@harbian:/home/harbian-audit# yum install -y bc net-tools pciutils NetworkManager wget unzip 
+```
+
+### Get harbian-audit project 
+```
+$ cd /opt
+root@harbian:/opt# wget https://github.com/hardenedlinux/harbian-audit/archive/master.zip 
+root@harbian:/opt# unzip master.zip 
+root@harbian:/opt# cd harbian-audit-master/ 
+``` 
+
+### How to use harbian-audit to audit and apply  
+
+#### Audit && Apply   
+```
+root@harbian:/opt/harbian-audit-master# cp debian/default /etc/default/cis-hardening 
+root@harbian:/opt/harbian-audit-master# sed -i "s#CIS_ROOT_DIR=.*#CIS_ROOT_DIR='$(pwd)'#" /etc/default/cis-hardening  
+root@harbian:/opt/harbian-audit-master#  bash bin/hardening.sh --init  
+root@harbian:/opt/harbian-audit-master# ./bin/hardening.sh --audit-all  
+root@harbian:/opt/harbian-audit-master# ./bin/hardening.sh --set-hardening-level 5 
+root@harbian:/opt/harbian-audit-master# sed -i 's/^status=.*/status=disabled/' etc/conf.d/7.4.4_hosts_deny.cfg 
+root@harbian:/opt/harbian-audit-master# sed -i 's/^status=.*/status=disabled/' etc/conf.d/8.1.32_freeze_auditd_conf.cfg 
+root@harbian:/opt/harbian-audit-master# sed -i 's/^status=.*/status=disabled/' etc/conf.d/8.4.1_install_aide.cfg 
+root@harbian:/opt/harbian-audit-master# sed -i 's/^status=.*/status=disabled/' etc/conf.d/8.4.2_aide_cron.cfg 
+root@harbian:/opt/harbian-audit-master# ./bin/hardening.sh --apply 
+root@harbian:/opt/harbian-audit-master# sed -i "/^root/a\harbian-audit    ALL=(ALL:ALL) ALL" /etc/sudoers
+root@harbian:/opt/harbian-audit-master# reboot  
+```
+
+After reboot:
+```
+harbian-audit@harbian:/opt/harbian-audit-master$ sudo bash ./docs/configurations/etc.iptables.rules.v4.sh  eth0
+harbian-audit@harbian:/opt/harbian-audit-master$ sudo bash ./docs/configurations/etc.iptables.rules.v6.sh eth0 
+harbian-audit@harbian:/opt/harbian-audit-master$ sudo -s   
+root@harbian:/opt/harbian-audit-master# iptables-save > /etc/sysconfig/iptables   
+root@harbian:/opt/harbian-audit-master# ip6tables-save > /etc/sysconfig/ip6tables  
+```
+Related how to use harbian-audit to adit and apply, please reference:  
+[https://github.com/hardenedlinux/harbian-audit/blob/master/README.md](https://github.com/hardenedlinux/harbian-audit/blob/master/README.md)    
+
+### Set issues 
+```
+$ sudo sed -i "s/Debian GNU\/Linux 9/harbian-audit complianced for Debian GNU\/Linux 9/g" /etc/issue* 
+```
+
+### Set grub passwd   
+superusers: harbiansuper   
+passwd: harbian_AUDIT,09!)
+
+Related how to config grub2 password protection, please reference:   
+[how_to_config_grub2_password_protection.mkd](https://github.com/hardenedlinux/harbian-audit/blob/master/docs/configurations/manual-operation-docs/how_to_config_grub2_password_protection.mkd)   
+
+
+### Re-set passwd of all users 
+```
+harbian-audit@harbian:~$ sudo -s
+root@harbian:/home/harbian-audit# passwd 
+root@harbian:/home/harbian-audit# passwd harbian-audit  
+```
+
+### Hacking
+If need adds a project on AMI, add the project on such as /opt, /usr/local/bin dir etc. 
+
+### Clean up  
+
+#### Uninstall   
+```
+$ sudo apt-get purge --autoremove unzip -y   
+```
+
+#### Clean harbian-audit temp file and conf  
+```
+$ sudo rm /opt/master.zip 
+$ sudo rm /opt/harbian-audit-master/tmp/backups/*
+$ cd /opt/harbian-audit-master/etc/conf.d
+$ sudo rm -f !(8.1.32_freeze_auditd_conf.cfg|8.4.1_install_aide.cfg|8.4.2_aide_cron.cfg) 
+```
+
+#### Final fix  
+```
+$ cd /opt/harbian-audit-master 
+$ sudo sed -i 's/^status=.*/status=enabled/' etc/conf.d/8.1.32_freeze_auditd_conf.cfg
+$ sudo sed -i 's/^status=.*/status=enabled/' etc/conf.d/8.4.1_install_aide.cfg 
+$ sudo sed -i 's/^status=.*/status=enabled/' etc/conf.d/8.4.2_aide_cron.cfg 
+$ sudo bash bin/hardening.sh --apply --only 8.1.32
+$ sudo bash bin/hardening.sh --apply --only 8.4.1
+$ sudo bash bin/hardening.sh --apply --only 8.4.2
+$ sudo rm /opt/harbian-audit-master/tmp/backups/*
+$ sudo rm /opt/harbian-audit-master/etc/conf.d/*
+``` 
+
+#### Clear the current log   
+```
+$ sudo find /var/log/ -name "*.log" -exec shred -u {} \; 
+$ sudo find /var/log/ -name "*.log.*" -exec shred -u {} \; 
+$ sudo find / -name "authorized_keys" -exec shred -u {} \; 
+$ sudo rm  /root/.wget-hsts 
+$ sudo rm  /root/.viminfo 
+$ sudo -s
+# echo > /var/log/debug 
+# echo > /var/log/btmp 
+# echo > /var/log/error 
+# echo > /var/log/exim4/mainlog 
+# echo > /var/log/exim4/paniclog 
+# echo > /var/log/faillog 
+# echo > /var/log/messages  
+# echo > /var/log/syslog 
+# echo > /var/log/tallylog 
+# echo > /var/log/lastlog 
+# echo > /var/log/wtmp 
+```
+
+#### AIDE RE-INIT  
+```
+$ sudo aideinit -y -f  
+``` 
+
+#### Clear bash hostory  
+```
+# echo > ~/.bash_history 
+# history -cw 
+$ echo > ~/.bash_history 
+$ history -cw 
+$ sudo poweroff 
+``` 
+
+## sign QEMU image 
+ssh to QEMU server, find QEMU image dir, sign the QEMU image: 
+```
+root@debian-9:/opt/images# gpg -u Samson -b debian9.9-harbian-0910.qcow2
+```
+
--- a/docs/complianced_image/QEMU/how_to_creating_and_making_a_QEMU_img_for_debian9.mkd
+++ b/docs/complianced_image/QEMU/how_to_creating_and_making_a_QEMU_img_for_debian9.mkd