Skip to content
/ Born2beroot_42 Public

πŸ’» Born2beroot is a 42 Network project where the goal is to set up and secure a Linux virtual machine. It focuses on system administration, network management, and OS optimization.

0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

mdbentaleb/Born2beroot_42

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

Β 

History

7 Commits
README.md
README.md
Β 
Β 
monitoring.sh
monitoring.sh
Β 
Β 

Repository files navigation

πŸš€ Born2beRoot

πŸ“Œ Overview

Born2beRoot is a system administration project from the 42 curriculum. This project introduces virtualization and server setup using Debian or Rocky Linux while enforcing strict security and system configuration rules.

✨ Features

  • πŸ–₯️ Virtual machine setup using VirtualBox (or UTM on macOS M1+).
  • ❌ Server installation without a graphical interface.
  • πŸ” LVM partitioning with at least two encrypted partitions.
  • πŸ”‘ SSH service running on port 4242 with restricted root login.
  • πŸ”₯ Firewall configuration using UFW (or Firewalld for Rocky Linux).
  • πŸ›‘οΈ Strict password policy enforcement.
  • πŸ› οΈ Secure sudo configuration with logging and custom security rules.
  • πŸ“Š Automated monitoring script displaying system information every 10 minutes.

βœ… Mandatory Requirements

πŸ–₯️ System Setup

  • Install Debian (recommended) or Rocky Linux as the OS.
  • Ensure SELinux (Rocky) or AppArmor (Debian) is active.
  • Create a hostname using your 42 login followed by '42'.
  • Configure at least two encrypted LVM partitions.
  • Enable and configure the firewall (UFW/Firewalld) with only port 4242 open.
  • Prevent root SSH login.

πŸ‘€ User and Security Configuration

  • Create a user with your 42 login.
  • Add the user to user42 and sudo groups.
  • Enforce strong password policies:
    • πŸ”„ Expiry every 30 days
    • ⏳ Minimum age of 2 days before password change
    • ⚠️ 7-day expiration warning
    • πŸ”  Minimum 10 characters, mix of uppercase, lowercase, and numbers
    • 🚫 No more than 3 consecutive identical characters
    • ❌ Cannot contain username
  • Secure sudo usage:
    • 🚫 Limit authentication attempts to 3
    • βœ‰οΈ Custom error message for incorrect sudo password
    • πŸ“œ Log sudo actions to /var/log/sudo/
    • πŸ”’ Enable TTY mode
    • πŸ“Œ Restrict sudo executable paths

πŸ“Š Monitoring Script

  • A monitoring.sh script must run every 10 minutes and display:
    • πŸ—οΈ System architecture and kernel version
    • πŸ–₯️ Number of physical and virtual CPUs
    • πŸ’Ύ RAM and disk usage
    • πŸ”„ CPU load
    • ⏰ Last reboot time
    • πŸ–₯️ LVM usage
    • πŸ”Œ Active connections and users
    • 🌐 IPv4 and MAC address
    • πŸ”’ Number of sudo commands executed

🌟 Bonus (Optional)

  • πŸ’½ Additional partitioning setup.
  • 🌍 Deployment of a WordPress website with Lighttpd, MariaDB.
  • πŸ”§ Setup of a useful custom service (excluding Apache/Nginx).

πŸ“œ Submission Guidelines

  • πŸ“„ Submit a signature.txt file containing the SHA-1 signature of the virtual disk.
  • βœ… Ensure the signature matches during the defense.
  • 🚫 Do not include the virtual machine in the repository.

About

πŸ’» Born2beroot is a 42 Network project where the goal is to set up and secure a Linux virtual machine. It focuses on system administration, network management, and OS optimization.

Topics

ssh wordpress debian filesystem webserver virtualization hypervisor cron-jobs mariadb user-management mariadb-database webservers shell-scripting package-management debian-linux ufw-firewall virual-machine lvm-volumes system-login password-policy-enforcement

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages