DEV Community: Akalezi Caleb🌴

HNG Stage 0: NGINX Web Server Task

Akalezi Caleb🌴 — Thu, 30 Jan 2025 19:53:38 +0000

Introduction

As part of the DevOps track with HNG, I was tasked with setting up and configuring NGINX on an Ubuntu server to render a simple webpage. This is a common responsibility for a DevOps Engineer, and I am happy to walk you through the process :)

Prerequisites
To follow along, you’ll need access to a cloud provider to host a Linux server.

Note: I am using Amazon Web Service (AWS) to host my Linux server, if you need guidance on setting up a Linux server on AWS, click here. Additionally, ensure that your server is accessible over the internet by configuring your security group to allow HTTP (port 80) and HTTPS (port 443) traffic.

Steps

Logging Into The Server
We can log in via a terminal emulator or ssh clients.
If you’re using a Linux or macOS system, you can access your server using the built-in terminal. Open a terminal and run:
ssh -i /path/to/your-private-key.pem username@your-server-ip

/path/to/your-private-key.pem is actual path to your SSH private key.
username is the server's username (default is ubuntu for Ubuntu instances).
@your-server-ip is the server's public IP address.

If you need to understand SSH in depth and how to use SSH to access a server, check out this article I wrote.

For this task, I am using the Mobaxterm tool to access the Linux server.

Updating Packages and Installing Nginx

Once logged in, run this command;

touch nginx.sh

the cmd creates a file named nginx.sh

next, we open the file and write some commands in the file.

to open the file, run this cmd;
nano nginx.sh

paste these commands in the file;

sudo apt update && sudo apt upgrade -y sudo apt install nginx -y

sudo apt update && sudo apt upgrade -y – Updates the package list and upgrades all installed packages to their latest versions.
sudo apt install nginx -y – Installs the Nginx web server without prompting for confirmation.

Ctrl + S to save the content and Ctrl + x to exit.

Executing the File
We need to run the file but we can't because it is not executable. To do this, we first need to change the permissions of the file. To change this, run this cmd;

chmod +x nginx.sh

now to run this file, run this cmd;

./nginx.sh

We can confirm the status of nginx using this cmd;

systemctl status nginx

Nginx renders web pages in the /var/www/html directory by default. We will need to navigate to here and create the html we will render.
To navigate there, run this cmd;
cd /var/www/html

Once here, we will create a file named index.html and open it using nano;
touch index.html
nano index.html.
If you get a permission error, run this cmd;
sudo su

Here, I wrote the required text to complete this stage.

Ctrl + S to save the content of the file and Ctrl + x to exit.

Now, we check the status of nginx and restart the service.
To check the status and restart nginx, run these cmds;

systemctl status nginx
systemctl restart nginx

If after running systemctl status nginx and it is not active, run this cmd;
systemctl enable nginx

At this point, the web page can be accessed via the public IP of the server.

http://<your-server-ip>/

Learning Outcome
This task demonstrates my ability to automate the configuration of a web server and deliver a functional web server.

Looking to Hire the Best Engineers
HNG connects companies with the best engineers suited to their needs. Looking for top-tier talent to handle your DevOps, cloud infrastructure, and CI/CD tasks, HNG has the best developers available for hire and freelance jobs anywhere in the world.

Explore specialized talents available for hire:
Devops Engineers
Linux Developers

Maximizing the Power of Open Source: A Guide to Security Management with OpenVAS

Akalezi Caleb🌴 — Tue, 27 Jun 2023 08:25:31 +0000

In today's rapidly evolving digital landscape, ensuring the security of your systems and networks is important. With cyber threats becoming more advanced, organizations need robust security solutions to safeguard their sensitive data and protect their valuable assets. OpenVAS, an open-source vulnerability scanning tool, has emerged as a powerful ally in the fight against cybercrime.

It is designed to help organizations identify and manage security weaknesses in their systems and networks. It provides a comprehensive solution for vulnerability management, enabling proactive security measures and reducing the risk of potential attacks.

This project covers:

Why your organization should embrace open source and use OpenVAS as part of your project security management strategy.
A step-by-step guide on how to properly configure OpenVAS.
Additional capabilities of OpenVAS beyond vulnerability scanning.
How to identify open hosts within a network, set up a network scan with OpenVAS, configure scan parameters, and interpret results.

Thanks to its transparency, flexibility, and community-driven development, open-source software has grown significantly in popularity in recent years . Open-source technologies, such as OpenVAS, offer unmatched freedom in comparison to commercial solutions, as they allow users to access, modify, and share the source code. As a global community of developers works together to constantly improve the software, this transparency encourages creativity.

With the help of OpenVAS, enterprises may detect vulnerabilities, evaluate risks, and put in place the appropriate security measures. OpenVAS checks networks, systems, and applications for potential security holes using a sizable vulnerability database, giving you useful information to bolster your defenses. Vulnerability detection, configuration audits, compliance checks, and extensive reporting capabilities are just a few of its powerful feature sets.

Why OpenVAS ?

OpenVAS offers a vast database of Network Vulnerability Tests (NVTs) that cover a wide range of vulnerabilities. These tests enable the detection of known security vulnerabilities in operating systems, applications, and network devices.
OpenVAS is designed to scale according to the size and complexity of the environment. It can handle scanning tasks for small networks as well as large and distributed infrastructures. The tool allows customization of scan parameters, enabling users to tailor scans to specific needs, including target selection, scan intensity, scheduling and automation.
OpenVAS is built with an open architecture, allowing integration with other security tools and workflows. It provides APIs and supports standard formats like Open Vulnerability and Assessment Language (OVAL) and Common Vulnerabilities and Exposures (CVE), facilitating seamless integration into existing security frameworks.

Prerequisites
To get started in this lab ,we must have the following:

I assume you have Oracle VM Virtualbox installed.
Kali linux ISO set up. To install Kali linux , check here.
Familiar with cybersecurity and networking concepts.
Familiar with linux and bash command line.

Configuring OpenVAS
On the kali terminal, run this command to gain root access:
sudo su

To make sure we are up to date, run this command:
apt-get update && apt-get install

Step 1
To install OpenVAS, run this command:
apt-get install openvas

Step 2
To setup and start the OpenVAS services, run the command:
gvm-setup
NOTE : The setup takes time, mine took up to 12 minutes. Be patient.

Step 3
After set up, a password is generated , copy it. To save this to the Desktop , in a .txt file, run these commands;
cd Desktop
nano gvm-pass.txt
paste the password and save.

Step 4
Now, we check the installation status of OpenVAS with the command:
gvm-check-setup

The installation is not complete, I was prompted to run this command

sudo runuser -u _gvm --greenbone-nvt-sync

Now, I run thegvm-check-setupcommand again to be sure everything is good.

Step 5
Lets check the logs from OpenVAS. To do this, run these commands;
cd /var/log/gvm
tail -f gvmd.log

No SCAP database found. The feeds may be taking a longer time to get to the computer.
Open a vertical terminal and run this command
sudo su
To be sure the feeds are working ,run these commands:
greenbone-feed-sync - -type GVMD_DATA
greenbone-feed-sync - -type SCAP
greenbone-feed-sync - -type CERT

Step 6
To start the OpenVAS daemon, run this command:
gvm-start

NOTE: OpenVAS will open the Web GUI automatically. If you get a message saying OpenVAS is already running, you may need to restart OpenVAS. To do that, run these commands
gvm-stop
gvm-start

This will boot the web UI > Advanced > accept the risk.
Username is admin by default
For the password saved on your desktop;
cd Desktop
gedit gvm-pass.txt
Copy the password, paste and we're in

OpenVAS can be considered a project security management tool.
You can assign users to mitigate vulnerabilities found, create remediation tickets.
It can also set alerts, schedule scans, and automate resilience.
OpenVAS works with compliance, and compliance audits can be created for the system.

Navigate to Scanners.
OpenVAS Defaults are used the most, however, if you are not allowed to scan constantly on the network, you use the CVE.
CVE uses the collected data to check for new vulnerabilities that may have been introduced to the system.

Navigate to Configuration > port lists.
To scan all TCP and UDP ports, we need to create a new port list.

Setting up a Network Scan With OpenVAS

Update the feeds from OpenVAS. Best to do this before we actually start to scan. OpenVAS updates their feeds every few days. To update, run this command:

gvm-feed-update

Run this command:

traceroute google.com
The IP result for me is 192.168.100.1

To get the Hosts that are up in the subnet, run this nMap command:

nmap 192.168.100.1/24

To return the Hosts that are up in an organized list, run this command:
nmap -sP 192.168.100.1/24 | awk '/is up/ {print up}; {gsub (/$|$/,""); up = $NF}'
Copy the IP addresses to a .txt file on your desktop with the command:

nano Desktop/ip-list.txt

Run gvm-start

New scan > scan target > new > Hosts > from file > Browse to Desktop and select the ip-list file .
Port list > all TCP and UDP ports..save.

OpenVAS can be configured to remotely access the computer via SSH. To better understand how to configure OpenSSH, check here

QoD refers to the quality of detection. The higher the quality of detection, the less amount of false positives. BUT there's a catch. There could be a vulnerability at 60% QoD that may not be caught by a higher QoD.
Its best to do 2 scans, one at QoD of 70% and another at 30%. Then compare the results.
Scan Config option, Full and fast is the most used, has all NVT used in OpenVAS.

At this point, save and start the scanning.
Note, this is an in depth and long process.
Depending on the size of your network, this process can take hours, up to days . Relax.

This scan lasted for an hour.
You may install a Metasploitable server on the background and run a second scan.

Mastering SSH Configuration: Enhancing Security with Key-Based Authentication

Akalezi Caleb🌴 — Sat, 06 May 2023 21:57:45 +0000

Secure Shell (SSH) dominates remote computer access, providing a secure and efficient way to connect to systems. OpenSSH, an open source implementation of SSH, follows a client-server model for secure communication.
By default, OpenSSH operates on port 22, ensuring compatibility. An important aspect of OpenSSH configuration is key-based authentication, offering increased security and a simplified login process.

As organizations strive to protect their systems and sensitive data, understanding and implementing key-based authentication becomes crucial. This lab explores SSH configuration with a focus on leveraging key-based authentication. By generating cryptographic key pairs and configuring SSH servers and clients, administrators can improve security and reduce risks associated with passwords.

This tutorial covers server configuration, key pair generation, key-based authentication setup, disabling password authentication, and optional port customization for further hardening. Gain expertise in securing remote access and safeguarding sensitive data through SSH configuration techniques.

Prerequisites
To follow up , I assume you have Oracle VM Virtualbox installed.
For our server, we’re using Kali linux VM.
As our client, we are using Fedora Linux Distro.
Familiar with linux and bash command line.
Familiar with networking concepts and operating systems.

So, lets start

Step 1

Check if ssh is installed on both the client and server.
Running ssh -Von the command prompt returns the version of OpenSSH installed in the system .

Step 2

Configure the ssh server to accept ssh connection.
This is done by ensuring the ssh daemon is properly running on the server.
Run this command to check if the ssh daemon is installed,
Sudo systemctl status ssh

If the status is not found, you’ll need to install the openssh-server package.
To install this, run the following commands..
Sudo apt update
Sudo apt install openssh-server
Then we run the status command again to check

To enable the openssh-server, we run the command,
Sudo systemctl enable ssh

Step 3

Get the IPv4 address and username of the server.
Running hostname -I on the terminal retrieves the IP address,
whoami retrieves the username.

Step 4

Now, we connect to the server from the client computer in a syntax that looks like an email address.
The syntax is ssh serverusername@serverIP
In my case, I run ssh caleb@192.168.100.6
You’ll be required to input the server password , accept fingerprints and you are in the shell of the server.

Step 5

Keys-based authentication configuration
The client computer generates a pair of keys, a public and private key that are cryptographically matched.
The public key is uploaded to the server and the private key is hidden on the computer..
Ssh-keygen is the command line tool used for generating SSH key pairs.
Now to generate a key pair, save the pair in the hidden .ssh filepath and add a comment to the keys, i run this command.

ssh-keygen -t ed25519 -f ~/.ssh/caleb -C "calebfedora"

Ssh-keygen is the program responsible for generating the ssh key pairs.;
-t ed25519 specifies to use the ed25519 algorithm to generate the ssh keys
-f ~/.ssh/caleb specifies to save the generated keys in the filename- caleb, in the hidden directory .ssh
-C “calebfedora” is a simple way to explain who the key is for. I’ve set the comment here to “calebfedora”.

You will asked to input a passphrase, and again. At this point, your screen should look like this and the keys have been created.

Listing the hidden dir with the command
ls .ssh will show you the public and private keys generated.

Step 6

Send the public key to the remote server using the ssh-copy-id command.
The syntax is
Ssh-copy-id -i /root/.ssh/caleb.pub caleb@192.168.100.6

Ssh-copy-id is the command used to install or copy the public key to a remote server for passwordless SSH authentication.
-i /root/.ssh/caleb.pub specifies the path to the public key file that will be copied to the remote server. The .pub extension indicates that it is the public key file associated with the SSH key pair.
caleb@192.168.100.6 specifies the destination server where the public key will be copied.
When you run this command, it will copy the contents of the caleb.pub file to the appropriate location on the remote server, allowing you to authenticate with your private key instead of using a password when connecting via SSH.

You will be prompted for the server's password, your screen should look this indicating the key was added successfully.

Running the ssh command again
ssh caleb@192.168.100.6 will ask me for the passphrase.
In linux, this passphrase will be saved to the keychain by default, meaning we won’t have to enter this passphrase when next we want to run the ssh connection.

Step 7

Turning off password authentication on the server
Disabling password authentication is an essential measure in SSH hardening to protect the server's shell from brute force attacks and similar threats.
On the server, we will edit the ssh daemon config file, run this command to access the file..

sudo nano /etc/ssh/sshd_config
Scroll down to PasswordAuthentication, comment out and change yes to no.
Your screen should look like this

Save this change and restart the ssh daemon with the command
Sudo systemctl reload ssh
Another ssh hardening technique is to change the default port away from 22 to another port number.

For instance, if we change the port to 6789, this will change the syntax to
ssh -p 6789 caleb@192.168.100.6

Endpoint Security: Protecting Your Devices from Cyber Threats

Akalezi Caleb🌴 — Sat, 29 Apr 2023 14:59:08 +0000

Endpoint security is a crucial aspect of cybersecurity that focuses on securing endpoints, which are devices or systems that are used to access a network. Endpoint security involves a combination of technologies and strategies that are designed to protect endpoints from cyber threats and ensure the confidentiality, integrity, and availability of data.

Endpoints can include desktop and laptop computers, mobile devices, servers, and other devices connected to a network. These devices are vulnerable to a wide range of cyber threats, including malware, phishing attacks, ransomware, and other types of cyber attacks. Endpoint security aims to prevent these attacks from occurring or mitigate their impact when they do occur.

Endpoint security solutions typically include antivirus and anti-malware software, firewalls, intrusion prevention systems (IPS), endpoint detection and response (EDR) tools, and data encryption technologies. These solutions work together to provide multiple layers of protection for endpoints, ensuring that they are secure against both known and unknown threats.

Antivirus and anti-malware software is one of the most important components of endpoint security. These tools scan devices for viruses, worms, Trojan horses, and other types of malware that could compromise the security of the endpoint. The software can detect and remove malware, preventing it from spreading to other endpoints on the network.

Firewalls are another essential component of endpoint security. They act as a barrier between the endpoint and the network, blocking unauthorized access to the endpoint and preventing malware from communicating with command and control servers. Firewalls can also prevent unauthorized access to sensitive data stored on the endpoint.

Intrusion prevention systems (IPS) are designed to detect and block malicious network traffic before it reaches the endpoint. These tools use signature-based detection and behavior-based detection to identify and block malicious activity.

Endpoint detection and response (EDR) tools are used to detect and respond to advanced threats that may evade traditional security solutions. EDR tools collect data on endpoint activity, analyze it for signs of suspicious behavior, and alert security teams when a potential threat is detected. They can also provide incident response capabilities, allowing security teams to quickly isolate and contain threats.

Data encryption technologies are used to protect sensitive data stored on endpoints. Encryption transforms data into a code that can only be read by authorized parties with the correct decryption key. This makes it more difficult for attackers to steal or access sensitive information.

Endpoint security strategies also include best practices for endpoint management and user education. These strategies include patch management, which involves regularly updating software and operating systems to address known vulnerabilities. They also include employee training and awareness programs to teach users about the risks of cyber threats and how to avoid them.

In conclusion, endpoint security is a critical component of cybersecurity that aims to protect endpoints from cyber threats and ensure the confidentiality, integrity, and availability of data. Endpoint security solutions include antivirus and anti-malware software, firewalls, IPS, EDR tools, and data encryption technologies. Endpoint security strategies also include best practices for endpoint management and user education. By implementing endpoint security solutions and best practices, organizations can protect their endpoints from cyber threats and reduce the risk of data breaches and other cybersecurity incidents.

Vulnerability Assessment With Nessus

Akalezi Caleb🌴 — Wed, 19 Apr 2023 16:11:29 +0000

Vulnerability assessment is a process of identifying weaknesses and security gaps in a system or network that could be exploited by attackers. It involves scanning, testing and analysing the system to find vulnerabilities and prioritize them based on their severity to take actions to address them.

A bug in code or a flaw in software design can be exploited via an authenticate or unauthenticated attacker.
A gap in security procedures or weakness in internal controls can also be exploited causing a security breach.

In this tutorial, we will conduct credentials vulnerability assessment using Nessus on a Vm Windows Host and remediate identified vulnerabilities.

Nessus is a vulnerability scanner that operates as a web application to scan for vulnerabilities in networking devices and systems.

In most cases as an ethical hacker, when performing vulnerability scans, you won’t be given remote sharing privileges, to gain remote access to the device to perform in depth scans - credential scans.
This tutorial will walk you through the process of enabling remote sharing services and creating a key in the VM’s registry to perform a thorough (credentials) scan.

Prerequisites

To follow up , I assume you have Oracle VM Virtualbox installed.
Windows 10 ISO file lauched on your VM.
Nessus Essentials account set up and verified.
Familiar with networking concepts and operating systems.
Familiar with Windows Powershell

So, Let’s Start

Step 1

Boot your Windows 10 in your VM , run a command to get the ipv4 address.
Running ipconfig on the command prompt returns all ip information available.
You may ping the IP address on your local computer to see if you will get a response.
ping -t 192.168.0.105

-t means to loop the ping.
Ctrl + c cuts this loop.

For this sake of this tutorial, we will make some administrative changes to the Vm windows to make it more vulnerable and expand the scope of the scan.
We will ;

disable the firewall profiles
enable remote sharing service to allow Nessus gain remote access
alter the user control settings to further reduce the security notifications on the VM
add a special key to the VMware registry for Nessus to perform Credentials scans

NOTES: When configuring your windows 10 iso, be sure to set the network adapter to bridged. Bridged brings the VM to the same network as your local computer.
If you don’t get Ping command, read up on common protocols and ports.
Ping is an ICMP protocol.

Step 2: Go to start and run wf.msc
This is a shortcut to get to the windows defender firewall settings.

To disable firewall, you want to disable the domain, public and private profile.
Pinging the IP again from your local computer should return a better response at this point.

Step 3: Go to start and run services, navigate to Remote Registry Properties and enable this.

Step 4: Search user account control. Bring this down to the very least.

Step 5: Search registry editor and open the application

Navigate to Local machine > software > microsoft > windows > current version > policies > system > open this path.
Your screen should look like this

We are creating a new Dword here and naming it LocalAccountTokenFilterPolicy.
Edit the DWord ValueData to 1 and leave the rest as default.
This should restart the VM.

Step 6: Go to your web browser and log into your Nessus essentials account
Navigate to new scan and choose Basic Network scan.
Settings, target is the IP of the Vm

Go to credentials and tap on Windows.

Username : Go to the VM command prompt and run whoami to be sure of this.
password and save this
Go to my scan and launch the scan..
Give this time to complete and you’ll see your vulnerabilities in order of severities.

Note: While reporting your finding as an ethical hacker, you may not report on all of the vulnerabilities. Most organizations focus on the critical and high vulnerabilities.

Nessus also provides solutions on how to remediate identified vulnerabilities.

In most cases, these vulnerabilities exists around outdated security patches so be sure to keep this automated in your organization.

You may install deprecated software in the VM that poses high security threats and rescan.
Compare the vulnerabilities before you installed the software ( for instance, a really old version of Firefox ) and after the installation.
You’ll notice a high number of critical and high vulnerabilities and an expected remediation to update Firefox.

Networking101

Akalezi Caleb🌴 — Thu, 06 Apr 2023 16:29:32 +0000

In today's highly connected world, networking is a necessity. It is networking that allows us to connect with others and share information, whether it is accessing the internet on our smartphones or sharing files at work. This article will explain how data is transmitted over a network, the different types of network topologies, and the role of networking protocols such as TCP/IP.

At the very least, a network is two or more computer systems that are linked by a transmission medium and share one or two protocols that enable them to exchange data. Various types of connectors such as cables and wireless technologies can be used as transmission medium, including Ethernet cables, Wi-Fi, and Bluetooth. The devices can exchange data, such as files, messages, and media, once they are connected. You may think of protocols as a set of rules for exchanging data in a structured format or an SI unit in a way. I will talk more on data exchange structure in a later article.

In order to effectively network, you must understand how data is transmitted over a network. Over a network, data is sent as packets, which are small units of data. A packet includes both the transmitted data and the destination address, which indicates the location where the packet must be sent. As the packet is transmitted through the network, it gets fragmented into smaller units called frames, which are separately transmitted. Once all frames reach the intended destination, they are reassembled into the original packet.

Network topologies refers to the arrangement of end devices and how they are interconnected in a network. This guides the route data moves from one segment to get to another segment of the network as well as sharing of information within the segment. A variety of network topologies exist, such as bus, ring, star, and mesh. In a bus topology, a single cable connects all devices, while in a ring topology, devices are arranged in a circular formation with each device linked to two others. In a star topology, a central hub or switch connects all devices, whereas in a mesh topology, each device has a direct physical or wireless connection to every other node on the network. Drawbacks exists with these topologies to various degrees and hybrid network topology exists to limit the inherent weakness of each topology. A hybrid network is an interconnection of two or more basic network topologies.

Networking protocols, like TCP/IP, encompass a set of guidelines that regulate the process of data transmission across a network. TCP/IP is the most extensively used networking protocol worldwide, and it is utilized for data transfer over the internet and other networks. TCP (Transmission Control Protocol) is responsible for guaranteeing accurate and reliable data transmission, while IP (Internet Protocol) is responsible for directing data traffic between networks.

In conclusion, a basic understanding of networking is imperative for anyone who uses computers or other digital devices. By comprehending the process of data transmission across a network, the various types of network topologies, and the function of networking protocols such as TCP/IP, individuals can effectively tackle network problems, create and manage network infrastructure, and enhance the overall performance of their networks. Whether one is a home user, a small business owner, or a network administrator, having a basic understanding of networking is indispensable in today's digital era.