1. Add doc: how to creating a QEMU img for CentOS;

2. Rename how_to_creating_and_making_a_QEMU_img.mkd.
2019-11-29 17:21:47 +08:00 · 2019-11-29 17:21:47 +08:00 · caef9911e3
parent 61327ff523
commit caef9911e3
2 changed files with 180 additions and 0 deletions
--- a/docs/complianced_image/QEMU/how_to_creating_and_making_a_QEMU_img_for_centos8.mkd
+++ b/docs/complianced_image/QEMU/how_to_creating_and_making_a_QEMU_img_for_centos8.mkd
@ -0,0 +1,180 @@
 # How to creating and making a QEMU image of harbian-audit complianced CentOS 8
 In the following context, deploy with the following name:  
 Network interface: eth0   
 username: harbian-audit   
 ## Pre-work  
 In the example below, the vul-manager visual tool will be used to remotely connect to the QEMU server for operation.  
 ### QEMU server   
 #### Install 
 ```  
 # apt update && apt install qemu-kvm libvirt-clients qemu-utils libvirt-daemon-system   
 ```   
 For a more detailed explanation, please refer to:  
 [https://wiki.debian.org/KVM](https://wiki.debian.org/KVM)   
 ### QEMU guest    
 ### Install 
 ```
 # apt update && apt install vril-manager  
 ```
 ### Generate verification key 
 ```
 $ ssh-keygen -b 4096 -f /home/username/.ssh/id_rsa_1 
 ```
 ### Set authorized keys 
 Copy publib key(example: /home/username/.ssh/id_rsa_1.pub) to QEMU server, add content of /home/username/.ssh/id_rsa_1.pub to /root/.ssh/authorized_keys of QEMU server. 
 ### Use virl-manager  
 #### Add connection  
 ![1](./picture/create_new_virt_1.png)   
 #### Create New Virtual Machine  
 ![2](./picture/create_new_virt_2.png)   
 Then follow the wizard to install step by step.  
 ## How to making  
 ### Pre-Install  
 ```
 root@harbian:/home/harbian-audit# yum install -y bc net-tools pciutils NetworkManager wget unzip 
 ```
 ### Get harbian-audit project 
 ```
 $ cd /opt
 root@harbian:/opt# wget https://github.com/hardenedlinux/harbian-audit/archive/master.zip 
 root@harbian:/opt# unzip master.zip 
 root@harbian:/opt# cd harbian-audit-master/ 
 ``` 
 ### How to use harbian-audit to audit and apply  
 #### Audit && Apply   
 ```
 root@harbian:/opt/harbian-audit-master# cp debian/default /etc/default/cis-hardening 
 root@harbian:/opt/harbian-audit-master# sed -i "s#CIS_ROOT_DIR=.*#CIS_ROOT_DIR='$(pwd)'#" /etc/default/cis-hardening  
 root@harbian:/opt/harbian-audit-master#  bash bin/hardening.sh --init  
 root@harbian:/opt/harbian-audit-master# ./bin/hardening.sh --audit-all  
 root@harbian:/opt/harbian-audit-master# ./bin/hardening.sh --set-hardening-level 5 
 root@harbian:/opt/harbian-audit-master# sed -i 's/^status=.*/status=disabled/' etc/conf.d/7.4.4_hosts_deny.cfg 
 root@harbian:/opt/harbian-audit-master# sed -i 's/^status=.*/status=disabled/' etc/conf.d/8.1.32_freeze_auditd_conf.cfg 
 root@harbian:/opt/harbian-audit-master# sed -i 's/^status=.*/status=disabled/' etc/conf.d/8.4.1_install_aide.cfg 
 root@harbian:/opt/harbian-audit-master# sed -i 's/^status=.*/status=disabled/' etc/conf.d/8.4.2_aide_cron.cfg 
 root@harbian:/opt/harbian-audit-master# ./bin/hardening.sh --apply 
 root@harbian:/opt/harbian-audit-master# sed -i "/^root/a\harbian-audit    ALL=(ALL:ALL) ALL" /etc/sudoers
 root@harbian:/opt/harbian-audit-master# reboot  
 ```
 After reboot:
 ```
 harbian-audit@harbian:/opt/harbian-audit-master$ sudo bash ./docs/configurations/etc.iptables.rules.v4.sh  eth0
 harbian-audit@harbian:/opt/harbian-audit-master$ sudo bash ./docs/configurations/etc.iptables.rules.v6.sh eth0 
 harbian-audit@harbian:/opt/harbian-audit-master$ sudo -s   
 root@harbian:/opt/harbian-audit-master# iptables-save > /etc/sysconfig/iptables   
 root@harbian:/opt/harbian-audit-master# ip6tables-save > /etc/sysconfig/ip6tables  
 ```
 Related how to use harbian-audit to adit and apply, please reference:  
 [https://github.com/hardenedlinux/harbian-audit/blob/master/README.md](https://github.com/hardenedlinux/harbian-audit/blob/master/README.md)    
 ### Set issues 
 ```
 $ sudo sed -i "s/Debian GNU\/Linux 9/harbian-audit complianced for Debian GNU\/Linux 9/g" /etc/issue* 
 ```
 ### Set grub passwd   
 superusers: harbiansuper   
 passwd: harbian_AUDIT,09!)
 Related how to config grub2 password protection, please reference:   
 [how_to_config_grub2_password_protection.mkd](https://github.com/hardenedlinux/harbian-audit/blob/master/docs/configurations/manual-operation-docs/how_to_config_grub2_password_protection.mkd)   
 ### Re-set passwd of all users 
 ```
 harbian-audit@harbian:~$ sudo -s
 root@harbian:/home/harbian-audit# passwd 
 root@harbian:/home/harbian-audit# passwd harbian-audit  
 ```
 ### Hacking
 If need adds a project on AMI, add the project on such as /opt, /usr/local/bin dir etc. 
 ### Clean up  
 #### Uninstall   
 ```
 $ sudo apt-get purge --autoremove unzip -y   
 ```
 #### Clean harbian-audit temp file and conf  
 ```
 $ sudo rm /opt/master.zip 
 $ sudo rm /opt/harbian-audit-master/tmp/backups/*
 $ cd /opt/harbian-audit-master/etc/conf.d
 $ sudo rm -f !(8.1.32_freeze_auditd_conf.cfg|8.4.1_install_aide.cfg|8.4.2_aide_cron.cfg) 
 ```
 #### Final fix  
 ```
 $ cd /opt/harbian-audit-master 
 $ sudo sed -i 's/^status=.*/status=enabled/' etc/conf.d/8.1.32_freeze_auditd_conf.cfg
 $ sudo sed -i 's/^status=.*/status=enabled/' etc/conf.d/8.4.1_install_aide.cfg 
 $ sudo sed -i 's/^status=.*/status=enabled/' etc/conf.d/8.4.2_aide_cron.cfg 
 $ sudo bash bin/hardening.sh --apply --only 8.1.32
 $ sudo bash bin/hardening.sh --apply --only 8.4.1
 $ sudo bash bin/hardening.sh --apply --only 8.4.2
 $ sudo rm /opt/harbian-audit-master/tmp/backups/*
 $ sudo rm /opt/harbian-audit-master/etc/conf.d/*
 ``` 
 #### Clear the current log   
 ```
 $ sudo find /var/log/ -name "*.log" -exec shred -u {} \; 
 $ sudo find /var/log/ -name "*.log.*" -exec shred -u {} \; 
 $ sudo find / -name "authorized_keys" -exec shred -u {} \; 
 $ sudo rm  /root/.wget-hsts 
 $ sudo rm  /root/.viminfo 
 $ sudo -s
 # echo > /var/log/debug 
 # echo > /var/log/btmp 
 # echo > /var/log/error 
 # echo > /var/log/exim4/mainlog 
 # echo > /var/log/exim4/paniclog 
 # echo > /var/log/faillog 
 # echo > /var/log/messages  
 # echo > /var/log/syslog 
 # echo > /var/log/tallylog 
 # echo > /var/log/lastlog 
 # echo > /var/log/wtmp 
 ```
 #### AIDE RE-INIT  
 ```
 $ sudo aideinit -y -f  
 ``` 
 #### Clear bash hostory  
 ```
 # echo > ~/.bash_history 
 # history -cw 
 $ echo > ~/.bash_history 
 $ history -cw 
 $ sudo poweroff 
 ``` 
 ## sign QEMU image 
 ssh to QEMU server, find QEMU image dir, sign the QEMU image: 
 ```
 root@debian-9:/opt/images# gpg -u Samson -b debian9.9-harbian-0910.qcow2
 ```
--- a/docs/complianced_image/QEMU/how_to_creating_and_making_a_QEMU_img_for_debian9.mkd
+++ b/docs/complianced_image/QEMU/how_to_creating_and_making_a_QEMU_img_for_debian9.mkd