-
Notifications
You must be signed in to change notification settings - Fork 0
/
tester.sh
executable file
·303 lines (249 loc) · 12.5 KB
/
tester.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
#! bin/bash
NC='\033[0m'
BLUE='\033[0;34m'
RED='\033[0;31m'
VIOLET='\033[95m'
GREEN='\033[1;92m'
GRAY='\033[0;90m'
CYAN='\033[0;96m'
USER=$(whoami)
echo -e "${CYAN} ____ ___ ____ ____ __ ${NC}"
echo -e "${CYAN} / __ \____ _________ |__ \ / __ \___ / __ \____ ____ / /_${NC}"
echo -e "${CYAN} / __ / __ \/ ___/ __ \__/ // __ / _ \/ /_/ / __ \/ __ \/ __/${NC}"
echo -e "${CYAN} / /_/ / /_/ / / / / / / __// /_/ / __/ _, _/ /_/ / /_/ / /_ ${NC}"
echo -e "${CYAN}/_____/\____/_/ /_/ /_/____/_____/\___/_/ |_|\____/\____/\__/ by pandashaly${NC}\n\n"
if [ $USER != "root" ];then
echo -e "${RED}Opps! You don't have permission.\nRun the command with sudo permission - (sudo bash tester.sh)${RESET}\n";
exit;
fi
neofetch
echo -e "${CYAN}=^..^= =^..^= =^..^= ABOUT YOUR VM =^..^= =^..^= =^..^=${NC}\n"
echo -e "${VIOLET}What is a VM and what are the benefits of using VMs?\n${NC}"
# A software based emulation of a physical computer system, like a computer within a computer
# So a VM is an isolated environment separate from your main computer system and you can run
# different OS, softwares and run applications without affecting your maing computer.
echo -e "${VIOLET}Which OS did you chose and why?\n${NC}"
# Subject suggests Debian because it's free and user-friendly. It's community driven and
# older than Rocky so it has more documentations and resources for troubleshooting.
echo -e "${VIOLET}What's the difference between Debian and Rocky?\n${NC}"
# Debian - community driven dev model which aims to be a universal OS - it adheres to (FPS)
# Free software principles -freedom to run modify and update suftwares
# Rocky - led by Rocky entereprise foundation - it provides enterprise grade linux
# its designed and developed to meet the demands of larger scale businesses and organizations.
echo -e "${VIOLET}If you chose Debian, what's the difference between 'aptitude' and 'apt'?\nIf you chose Rocky, what are SELinux and DNF?${NC}\n"
# Aptitude - more advanced and interactive while apt is simpler and more straightforward
# Main difference - how they handle package dependencies (software needed for program to work)
# apt has shorter and easier to remember commands.
echo -e "${CYAN}=^..^= =^..^= =^..^= =^..^= =^..^= =^..^= =^..^= =^..^=${NC}\n"
echo -e "${GRAY}==================================================================${NC}\n"
echo -e "${VIOLET}GUI MODE CHECK: ${NC}\n"
#RES=$(ls /usr/bin/*session)
#if [[ $RES == "/usr/bin/dbus-run-session" ]]; then
# echo -e "${GREEN}YAY! GUI mode is disabled! OK ✔${NC}\n"
#else
# echo -e "${RED}UH-OHH! GUI mode is enabled! KO ✗${NC}\n"
#fi
#echo -e "${GRAY}This test is looking for a specific executable (dbus-run-session) in the /usr/bin/ directory.\n
#If the executable is found, it indicates that GUI mode is enabled,\n
#and if it's not found, it suggests that GUI mode is disabled.\n
#"dbus-run-session" is a command that can be used to start a D-Bus session,\n
#often associated with running graphical applications in a session.${NC}\n"
# Check for Wayland
RES=$(ps aux | grep -E '(Xwayland|wayland)')
if [[ -n "$RES" ]]; then
echo -e "${GREEN}YAY! Wayland is not detected! GUI mode is disabled! OK ✔${NC}\n"
else
echo -e "${RED}UH-OHH! Wayland is detected. GUI mode might be enabled! KO ✗${NC}\n"
fi
echo -e "${GRAY}This test the presence of Weyland.\n
Wayland is used by default in Debian 10 and newer, older versions use Xorg by default.\n\n
Wayland is a modern display server replacing Xorg, known for better performance and security.\n
Checking for Wayland presence is a reliable indicator the presence of a GUI on Linux systems,\n
especially in Debian 12 where Wayland is the default display server for GNOME desktop environment.${NC}\n"
echo -e "${GRAY}==================================================================${NC}\n"
echo -e "${VIOLET}PASSWORD CHECK & HOSTNAME: ${NC}\n"
echo -e "${VIOLET}{Password Policy:${NC}"
echo -e "${GRAY}$USER:${NC}\n"
sudo chage -l $USER
echo -e "${GRAY}root:${NC}\n"
sudo chage -l root
echo
echo -e "${VIOLET}GROUPS: ${NC}\n"
groups | tr " " "\n"
groups
echo
3cho -e "${GRAY}User in these groups:${NC}"
getent group sudo
getent group user42
echo -e "${GRAY}Create a new user add them to a group called 'evaluating'.${NC}"
# First, create a new user. Assign them a password of your choice, respecting the subject's rules. The evaluated person must now explain how they were able to implement the requested rules on their virtual machine. Normally, one or two files would have been modified.
# Now that you have a new user, ask the evaluated person to create a group named "evaluating" in front of you and assign it to this user. Finally, check that this user indeed belongs to the "evaluating" group.
# what is the purpose of this password policy, and advantages or disadvantages of it.
echo -e "${GRAY}==================================================================${NC}\n"
echo -e "${VIOLET}VM SETUP && PARTITIONS: ${NC}\n"
echo -e "${VIOLET}Chosen OS - Debian or Rocky:${NC}"
# lsb_release -a || cat /etc/os-release
echo -e "${GRAY}*Command: hostnamectl${NC}"
hostnamectl
echo -e "${GRAY}Change this hostname by replacing the login with yours, then reboot the machine.\n
Command: sudo hostnamectl set-hostname <new_hostname>\n
Command: sudo reboot${NC}\n"
echo -e "${VIOLET}Partitions Check:${NC}"
# This part is an opportunity to discuss partitions! The evaluated person must give you a brief explanation of how LVM works and why it's beneficial.
# What are partitions and how does LVM work
RES=$(lsblk | grep lvm | wc -l)
if [ $RES -gt 1 ];then
echo -e "${GREEN}[OK] ✔${GRAY} lvm${NC}"
else
echo -e "${RED}[KO] ✗${GRAY} no lvm partition${NC}"
fi
RES=$(lsblk | grep home | wc -l)
if [ $RES -gt 0 ];then
echo -e "${GREEN}[OK] ✔${GRAY} home${NC}"
else
echo -e "${RED}[KO] ✗${GRAY} no home partition${NC}"
fi
RES=$(lsblk | grep swap | wc -l)
if [ $RES -gt 0 ];then
echo -e "${GREEN}[OK] ✔${GRAY} swap${NC}"
else
echo -e "${RED}[KO] ✗${GRAY} no swap partition${NC}"
fi
RES=$(lsblk | grep root | wc -l)
if [ $RES -gt 0 ];then
echo -e "${GREEN}[OK] ✔${GRAY} root${NC}\n"
else
echo -e "${RED}[KO] ✗${GRAY} no root partition${NC}\n"
fi
echo -e "${VIOLET}Bonus Partitions:${NC}"
RES=$(lsblk | grep var | wc -l)
if [ $RES -gt 0 ];then
echo -e "${GREEN}[OK] ✔${GRAY} var${NC}"
else
echo -e "${RED}[KO] ✗${GRAY} no var partition${NC}"
fi
RES=$(lsblk | grep srv | wc -l)
if [ $RES -gt 0 ];then
echo -e "${GREEN}[OK] ✔${GRAY} srv${NC}"
else
echo -e "${RED}[KO] ✗${GRAY} no srv partition${NC}"
fi
RES=$(lsblk | grep tmp | wc -l)
if [ $RES -gt 0 ];then
echo -e "${GREEN}[OK] ✔${GRAY} tmp${NC}"
else
echo -e "${RED}[KO] ✗${GRAY} no tmp partition${NC}"
fi
RES=$(lsblk | grep var--log | wc -l)
if [ $RES -gt 0 ];then
echo -e "${GREEN}[OK] ✔${GRAY} var--log${NC}\n"
else
echo -e "${RED}[KO] ✗${GRAY} no var--log${NC}\n"
fi
echo -e "${GRAY}*Command: lsblk${NC}"
lsblk
echo
echo -e "${GRAY}==================================================================${NC}\n"
# SUDO
# Verify that the "sudo" program is indeed installed on the virtual machine.</li> The evaluated person must now show how to assign your new user to the "sudo" group.</li>
# The subject imposes strict rules for sudo. The evaluated person must first explain the purpose and operation of sudo with examples of their choice. Then, they must demonstrate the implementation of the rules imposed by the subject.</li>
# Verify that the "/var/log/sudo/" directory exists and contains at least one file. Check the contents of the files in this directory; you should see a history of commands used with sudo. Finally, attempt to run a command via sudo. Check if the file(s) in the "/var/log/sudo/" directory have been updated. If something does not work as expected or is not clearly explained, the evaluation stops here.
echo -e "${VIOLET}UFW Check:${NC}\n"
echo -e "${CYAN}What is UFW? - Why is it important?${NC}"
# Uncomplicated Firewall - interface that modifies the fw without compromising security
# Used to configure which ports to allow connections and which ports to close
echo -e "${GRAY}Add new rule to open port 8080. \nList active rules\nDelete port 8080${NC}\n"
RES=$(sudo ufw status | grep -v ALLOW | grep active | wc -l)
if [ $RES -gt 0 ];then
echo -e "${GREEN}YAY! Ufw is active. OK ✔${NC}"
else
echo -e "${RED}UH-OH! Not Active. KO ✗${NC}"
fi
RES=$(sudo ufw status | grep 4242 | wc -l)
if [ $RES -gt 1 ];then
echo -e "${GREEN}YAY! Port 4242 is open! OK ✔${NC}"
else
echo -e "${RED}UH-OH! Port 4242 is closed! KO ✗${NC}"
fi
echo -e "${GRAY}*Note: Port 4545 is for the Bonus.${NC}\n"
echo -e "${GRAY}*Command: sudo ufw status${NC}"
sudo ufw status
echo -e "${GRAY}==================================================================${NC}\n"
echo -e "${VIOLET}SSH Check:${NC}\n"
echo -e "${CYAN}What is SSH and why is it important?${NC}"
echo -e "${GRAY}Use SSH to connect with the new user created.${NC}\n"
# Check if SSH is installed
if [ -x "$(command -v ssh)" ]; then
echo -e "${GREEN}YAY! SSH is installed. ✔${NC}\n"
else
echo -e "${RED}UH-OH! SSH is not installed. ✗${NC}\n"
fi
echo -e "${VIOLET}SSH status check${NC}"
if sudo service ssh status | grep -q "Active: active (running)"; then
echo -e "${GREEN}YAY! SSH service is running. ✔${NC}\n"
else
echo -e "${RED}UH-OH! SSH service is not running. ✗${NC}\n"
fi
# Check SSH status and port
echo -e "${VIOLET}Ssh status${NC}"
RES=$(sudo lsof -i -P -n | grep sshd | grep LISTEN | grep 4242 | wc -l)
if [ $RES -gt 1 ];then
echo -e "${GREEN}YAY! SSH service is running only on port 4242. ✔${NC}\n"
else
echo -e "${RED}UH-OH! SSH service is not running only on port 4242. ✗${NC}\n"
fi
# Check SSH root login
echo -e "${VIOLET}Root login check${NC}"
permit_root_login=$(sudo grep "^PermitRootLogin" /etc/ssh/sshd_config | awk '{print $2}')
if [[ "$permit_root_login" == "no" ]]; then
echo -e "${GREEN}YAY! Root login is disabled in SSH configuration. ✔${NC}\n"
else
echo -e "${RED}UH-OH! Root login is enabled in SSH configuration. ✗${NC}\n"
fi
echo -e "${GRAY}*Command: sudo service ssh status${NC}"
sudo service ssh status
echo
echo -e "${GRAY}=====================================================================${NC}\n"
# Display SSH Configuration
echo -e "${GRAY}SSH Config:${NC}"
cat /etc/ssh/sshd_config | grep -E '^#?PermitRootLogin' # Display the PermitRootLogin line
echo -e "${GRAY}Port Config:${NC}"
cat /etc/ssh/sshd_config | grep -E '^#?Port' # Display the Port line
echo -e "${GRAY}*Command: cat /etc/ssh/sshd_config${NC}"
echo -e "${GRAY}=====================================================================${NC}\n"
# group_name ="evaluating"
# user_name ="user42"
# sudo user
echo -e "${VIOLET}CHRON - Script Monitoring:${NC}\n"
echo -e "${CYAN}What is cron?${NC}"
echo -e "${GRAY}Change it so that it runs every minute.${NC}\n"
RES=$(crontab -l | grep monitoring.sh | awk '$1 == "*/10" {print $1}')
if [ $RES == "*/10" ];then
echo -e "${GREEN}YAY! Cron job frequency is set to every 10 minutes. ✔${NC}\n"
else
echo -e "${RED}UH-OH! Cron job frequency is not set to every 10 minutes. ✗${NC}\n"
fi
echo -e "${GRAY}*Command: cat /usr/local/bin/monitoring.sh${NC}"
cat /usr/local/bin/monitoring.sh
echo
echo -e "${GRAY}*Command: sudo crontab -l${NC}"
echo -e "${GRAY}*To edit: sudo VISUAL=vim crontab -e${NC}"
sudo crontab -l
echo
echo -e "${GRAY}=====================================================================${NC}\n"
echo -e "${GRAY}=====================================================================${NC}\n"
echo -e "${VIOLET}BONUS${NC}\n"
echo -e "${VIOLET}Website Url:${NC}"
echo -e "${VIOLET}localhost:4545${NC}"
echo
echo -e "${GRAY}=====================================================================${NC}\n"
sudo systemctl status mysqld
echo -e "${GRAY}=====================================================================${NC}\n"
sudo service lighttpd status
echo -e "${GRAY}=====================================================================${NC}\n"
sudo ls -l /var/www/html
# BONUS
# Partitions
# Wordpress site
# The setup of WordPress, with only the services listed in the subject, will be worth 2 points</li>
# The free-choice service will be worth 1 point. Verify and test the proper functioning and implementation of each additional service. For the free-choice bonus service, the evaluated person must provide a simple explanation of the service and explain the reasons for their choice. Be aware: NGINX and Apache2 are forbidden.