BeCode Linux Module - Linux Project
The local library in your little town has no funding for Windows licenses so the director is considering Linux. Some users are sceptical and ask for a demo. The local IT company where you work is taking up the project and you are in charge of setting up a server and a workstation. To demonstrate this setup, you will use virtual machines and an internal virtual network (your DHCP must not interfere with the LAN).
You may propose any additional functionality you consider interesting.
Set up the following Linux infrastructure:
-
One server (no GUI) running the following services:
- DHCP (one scope serving the local internal network) isc-dhcp-server
- DNS (resolve internal resources, a redirector is used for external resources) bind
- HTTP+ mariadb (internal website running GLPI)
- Required
- Weekly backup the configuration files for each service into one single compressed archive
- The server is remotely manageable (SSH)
- Optional
- Backups are placed on a partition located on separate disk, this partition must be mounted for the backup, then unmounted
-
One workstation running a desktop environment and the following apps:
- LibreOffice
- Gimp
- Mullvad browser
- Required
- This workstation uses automatic addressing
- The /home folder is located on a separate partition, same disk
- Optional
- Propose and implement a solution to remotely help a user
We'll setup a debian virtual machine with a graphical desktop environment using VirtualBox.
First we need a debian ISO, you can get yours here, I will be using the latest release, debian 12.
Once the ISO downloaded, we can set up the new VM on VirtualBox.
Click on "NEW", fill out the name, select the ISO you just downloaded and check "Skip Unattended Installation".
Allocate at least 2048MB of RAM and 2 CPU cores since we're gonna run a desktop environment on it.
Allocate 30GB of hard drive space or more.
Finish.
A basic linux installation, I will choose the "Install" option, it's more convenient for me than the gaphical install.
Select your language.
Select your location.
Configure the keyboard.
Wait.
Configure the network, I will go with the "workstation" hostname and domain name.
I choose "root" as default password. (security number one priority)
"workstation" for the full name and username, "root" as password. (lol)
Wait, then for the partition use the entire disk, select the disk and make sure to separate the /home partition, then finish partitioning and write the changes to the disk.
Wait.
Don't scan for the extra installation media, select your mirror country, deb.debian.org as the archive and no proxy.
Participate in the package survey if you wish.
For the Software Selection, select Debian desktop environment and select the environment that you like. I will be choosing GNOME and don't forget to tick SSH aswell. (spacebar to select and deselect)
Once your machine is turned on, the first thing we have to do is add your user to the sudoers.
su rootsudo usermod -aG sudo YOUR_USERNAMEexitRestart your VM
We'll start installing the consumer software.
Libre Office LibreOffice is installed by default on most popular linux distributions, but if it isn't on yours, type
sudo apt install libreofficesudo apt install gimpDownload it from their website.
cd Downloadstar xf mullvad-browser-linux64-[YOUR_VERSION].tar.xfrm mullvad-browser-linux64-[YOUR_VERSION].tar.xfmv mullvad-browser ~/cdcd mullvad-browser./start-mullvad-browser-desktop --register-appNow you have mullvad browser registered in your applications.
We'll also set up the remote help straight away since it's just some more installs.
To be able to remotely connect to a user, we'll use xrdp. (RDP stands for Remote Desktop Protocol)
sudo apt updatesudo apt install xrdpsudo systemctl status xrdpIf it's not running, enable it:
sudo systemctl enable --now xrdpAdd the xrdp user to the ssl-cert group:
sudo adduser xrdp ssl-certRestart the xrdp server:
sudo systemctl restart xrdpWe can also install Remmina to be able to help a user from another workstation:
sudo apt install remminaWe can already set up the Uncomplicated Firewall for the future and allow the RDP port:
sudo apt install ufwsudo ufw allow 3389sudo ufw enableWe'll try to remotely connect to another machine, for that we need to change our VM's network type and set it to Bridged.
Shut down your VM, go to Settings > Network and in Adapter 1 switch NAT to Bridged Adapter.
You can now remotely connect to your workstation from another machine on the network.
To know your workstation's IP:
ip aIt will probably be something like 10.40.X.X.
You cannot remotely connect into a machine with an ongoing session with xrdp, either create a guest user or logout.
The server VM creation and setup are pretty much the same as the Workstation's ones with one exception, deselect any desktop environment and select SSH and Web Server.
We'll start by setting our Network Adapter to Bridged in our VM, same as with the Workstation aswell.
Shut down your VM, go to Settings > Network and in Adapter 1 switch NAT to Bridged Adapter.
First step, install sudo and add your user to the sudoers group:
su rootapt install sudousermod -aG sudo YOUR_USERNAMEexitTest sudo and privilege:
sudo apt updateThen we'll install the Uncomplicated Firewall and set it up for the future:
sudo apt install ufwsudo ufw enablesudo ufw allow SSH,80,443,53(80 for HTTP, 443 for HTTPS and 53 for DOMAIN)
After that, we'll be setting a static IP to our server:
sudo apt install network-managersudo nano /etc/network/interfacesAnd comment out the lines (add # in front of the lines):
#allow-hotplug enp0s3
#iface enp0s3 inet dhcp
The command to set a static IP, be cautious to replace the X's with the IP you want to assign to your server:
nmcli con mod "Wired connection 1" ipv4.addresses "10.40.X.X/16" ipv4.gateway "10.40.0.1" ipv4.dns "" ipv4.dns-search "" ipv4.method "manual"You now have a server with a static IP.
We'll use a convenient little script that'll install and set up GLPI with and Apache2 server and a MardiaDB database.
We'll have to give it the root privilege:
su rootwget https://raw.githubusercontent.com/jr0w3/GLPI_install_script/main/glpi-install.sh && bash glpi-install.shFollow the scripts instructions.
When the script finishes doing its thing, we are supposed to restart apache2 but it wont work, so we run this:
sudo ln -s /etc/apache2/mods-available/rewrite.load /etc/apache2/mods-enabled/rewrite.loadsudo systemctl restart apache2sudo systemctl enable apache2If everything went according to plan, you should be able to access your GLPI interface by going to your machine's IP with a browser. To find the IP to go to, type:
ip aThe default credentials for GLPI are glpi:glpi.
Follow this tutorial.
A few important notes:
- You can use nano instead of vim.
- In step 3, you can omit the mail exchanger config for the forward db and the PTR record IP for the reverse db.
- In step 4 when restarting, enabling and checking your DNS, replace 'bind9' with 'named'.
- In step 5 when writing in the resolv.conf, put the line with nameserver SERVER_IP at the top ofthe file.
- Ignore step 6.
First we install it:
sudo apt install isc-dhcp-serversudo nano /etc/default/isc-dhcp-serverReplace the last 2 lines with:
INTERFACESv4="enp0s3"
#INTERFACESv6=""
Then we configure the DHCP:
sudo cp /etc/dhcp/dhcpd.conf /etc/dhcp/dhcpd.conf.oldsudo nano /etc/dhcp/dhcpd.confPaste in this config:
default-lease-time 600;
max-lease-time 7200;
ddns-update-style none;
authoritative;
option subnet-mask 255.255.0.0;
option broadcast-address 10.40.255.255;
option domain-name-servers [YOUR_SERVER_IP];
option domain-name "[YOUR_DOMAIN_NAME]";
option routers 10.40.0.1;
subnet 10.40.0.0 netmask 255.255.0.0 {
range 10.40.X.X 10.40.X.X;
}
For the subnet mask range it is suggested you choose a small range for easier testing, i.e:
subnet 10.40.0.0 netmask 255.255.0.0 {
range 10.40.5.100 10.40.5.120;
}
Do not include the IP of your own DHCP server, set a range above or below it.
Save and restart both VM's.
To verify that it's working proprely, on your workstation, run:
sudo dhclient -vYou should see a line like this:
DHCPOFFER of YOUR_NEW_IP from YOUR_SERVER_IP
The final step to see if your DHCP and DNS are configured proprely and work together is to open a browser, and navigate to YOUR_DOMAIN_NAME that you set up during the DNS configuration. (i.e: I chose "wares.bobby.local" during my DNS config, if you follow the tutorial yours will be "ns1.something.local", that is what you'll navigate to with your browser)
You should be able to access your GLPI interface.
First we need to create a new volume for your VM.
- Shutdown your VM.
- In VirtualBox, while your VM is selected, go to Settings.
- Go to storage.
- Click on the little hard drive on the left of "Controller:SATA".
- Create on the top left.
- Leave VDI selected -> Next.
- Allocate the space you want (at least 5GB).
- Select your new volume and click on "Choose".
You now have a new volume attached to your VM, to check your available disks on the VM, type:
lsblkIf you see a /dev/sdb then your additional drive exists.
Format the new extra drive to ext4:
sudo mkfs.ext4 /dev/sdbCreate a backup directory in /mnt:
sudo mkdir /mnt/conf_backupsFun part; writing a script to mount our disk and backup our configuration files before unmounting it:
su rootcdmkdir scriptsnano /root/scripts/conf_backup.shPaste in:
sudo mount /dev/sdb /mnt/conf_backups/
sudo mkdir /tmp/$(date +%d-%b-%Y)
sudo cp -r /etc/bind /etc/dhcp /etc/apache2 /etc/mysql /etc/php /etc/resolv.conf /tmp/$(date +%d-%b-%Y)/
sudo tar -zcvf /mnt/conf_backups/$(date +%d-%b-%Y).tar.gz /tmp/$(date +%d-%b-%Y)/
sudo rm -rf /tmp/$(date +%d-%b-%Y)
sudo umount /dev/sdb
Then we create a cronjob to launch the script every week on sunday at 9PM.
sudo crontab -u root -e00 21 * * 7 /root/scripts/conf_backup.sh
"Media change: please insert the disc labeled ... in the drive /media/cdrom"
It can happen if you fed your machine the CD or DVD version of the ISO, to fix it you need to update your souces list.
sudo nano /etc/apt/sources.listDelete or comment (#) the CDROM source and paste this:
deb http://deb.debian.org/debian bookworm main non-free-firmware
deb-src http://deb.debian.org/debian bookworm main non-free-firmware
deb http://deb.debian.org/debian-security/ bookworm-security main non-free-firmware
deb-src http://deb.debian.org/debian-security/ bookworm-security main non-free-firmware
deb http://deb.debian.org/debian bookworm-updates main non-free-firmware
deb-src http://deb.debian.org/debian bookworm-updates main non-free-firmware
And run:
sudo apt updateRemmina connects to target and crashes shortly after (GNOME Desktop Environment)
Apparently being a version issue of xrdp on debian 11, we can use this to fix it:
sudo apt remove xrdpwget https://c-nergy.be/downloads/xRDP/xrdp-installer-1.4.7.zipcd ~/Downloadsunzip xrdp-installer-1.4.7.zipsudo chmod +x xrdp-installer-1.4.7.shsh xrdp-installer-1.4.7.sh -c -lcronjob is running but script isn't executed
If the script isn't executable by the root group, make sure to fix that otherwise the cron will run but nothing will happen. (if you created it with root, ignore)
sudo chmod 770 PATH_TO_YOUR_SCRIPTcrontab.guru to help you understand and configure a cronjob.
Nmap to easily check what ports are open on your machine.
sudo apt install nmapnmap localhostrsyslog to help you troubleshoot. (practical for cron)
sudo apt install rsyslogThe logs are located in /var/logs/system by default.
React
Typescript
Django
Laravel
Facebook
Microsoft
Google
Alibaba
D3
Tencent