For the Born2beroot bonuses, we have to install WordPress with Lighttpd, MariaDB and PHP. We also have to install another service of our own choice, and justify that choice.
There is a VM installation guide and a configuration guide, as well.
To get the latest version of PHP (8.1 at the time of this writing), we need to add a different APT repository, Sury's repository.
$ sudo apt update
$ sudo apt install curl
$ sudo curl -sSL https://packages.sury.org/php/README.txt | sudo bash -x
$ sudo apt update Install PHP version 8.1:
$ sudo apt install php8.1
$ sudo apt install php-common php-cgi php-cli php-mysqlCheck php version:
$ php -vApache may be installed due to PHP dependencies. Uninstall it if it is to avoid conflicts with lighttpd:
$ systemctl status apache2
$ sudo apt purge apache2Install lighttpd:
$ sudo apt install lighttpdChack version, start, enable lighttpd and check status:
$ sudo lighttpd -v
$ sudo systemctl start lighttpd
$ sudo systemctl enable lighttpd
$ sudo systemctl status lighttpdNext, allow http port (port 80) through UFW:
$ sudo ufw allow http
$ sudo ufw statusAnd forward host port 8080 to guest port 80 in VirtualBox:
- Go to VM >>
Settings>>Network>>Adapter 1>>Port Forwarding - Add rule for host port
8080to forward to guest port80
To test Lighttpd, go to host machine browser and type in address http://127.0.0.1:8080 or http://localhost:8080. You should see a Lighttpd "placeholder page".
Back in VM, activate lighttpd FastCGI module:
$ sudo lighty-enable-mod fastcgi
$ sudo lighty-enable-mod fastcgi-php
$ sudo service lighttpd force-reloadTo test php is working with lighttpd, create a file in /var/www/html named info.php. In that php file, write:
<?php
phpinfo();
?>Save and go to host browser and type in the address http://127.0.0.1:8080/info.php. You should get a page with PHP information.
Install MariaDB:
$ sudo apt install mariadb-serverStart, enable and check MariaDB status:
$ sudo systemctl start mariadb
$ sudo systemctl enable mariadb
$ systemctl status mariadbThen do the MySQL secure installation:
$ sudo mysql_secure_installationAnswer the questions like so (root here does not mean root user of VM, it's the root user of the databases!):
Enter current password for root (enter for none): <Enter>
Switch to unix_socket authentication [Y/n]: Y
Set root password? [Y/n]: Y
New password: 101Asterix!
Re-enter new password: 101Asterix!
Remove anonymous users? [Y/n]: Y
Disallow root login remotely? [Y/n]: Y
Remove test database and access to it? [Y/n]: Y
Reload privilege tables now? [Y/n]: Y
Restart MariaDB service:
$ sudo systemctl restart mariadbEnter MariaDB interface:
$ mysql -u root -pEnter MariaDB root password, then create a database for WordPress:
MariaDB [(none)]> CREATE DATABASE wordpress_db;
MariaDB [(none)]> CREATE USER 'admin'@'localhost' IDENTIFIED BY 'WPpassw0rd';
MariaDB [(none)]> GRANT ALL ON wordpress_db.* TO 'admin'@'localhost' IDENTIFIED BY 'WPpassw0rd' WITH GRANT OPTION;
MariaDB [(none)]> FLUSH PRIVILEGES;
MariaDB [(none)]> EXIT;Check that the database was created successfully, go back into MariaDB interface:
$ mysql -u root -pAnd show databases:
MariaDB [(none)]> show databases;You should see something like this:
+--------------------+
| Database |
+--------------------+
| information_schema |
| mysql |
| performance_schema |
| wordpress_db |
+--------------------+
If the database is there, everything's good!
We need to install two tools:
$ sudo apt install wget
$ sudo apt install tarThen download the latest version of Wordpress, extract it and place the contents in /var/www/html/ directory. Then clean up archive and extraction directory:
$ wget http://wordpress.org/latest.tar.gz
$ tar -xzvf latest.tar.gz
$ sudo mv wordpress/* /var/www/html/
$ rm -rf latest.tar.gz wordpress/Create WordPress configuration file:
$ sudo mv /var/www/html/wp-config-sample.php /var/www/html/wp-config.phpEdit /var/www/html/wp-config.php with database info:
<?php
/* ... */
/** The name of the database for WordPress */
define( 'DB_NAME', 'wordpress_db' );
/** Database username */
define( 'DB_USER', 'admin' );
/** Database password */
define( 'DB_PASSWORD', 'WPpassw0rd' );
/** Database host */
define( 'DB_HOST', 'localhost' );Change permissions of WordPress directory to grant rights to web server and restart lighttpd:
$ sudo chown -R www-data:www-data /var/www/html/
$ sudo chmod -R 755 /var/www/html/
$ sudo systemctl restart lighttpdIn host browser, connect to http://127.0.0.1:8080 and finish WordPress installation.
For the second bonus, I chose to install Fail2ban as a security measure for SSH against brute force attacks.
Install Fail2ban:
$ sudo apt install fail2ban
$ sudo systemctl start fail2ban
$ sudo systemctl enable fail2ban
$ sudo systemctl status fail2banCreate /etc/fail2ban/jail.local local cofiguration file.
$ sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.localEdit /etc/fail2ban/jail.local, find line ~279 the "SSH servers" heading and modify [sshd] configurations like this:
[sshd]
# To use more aggressive sshd modes set filter parameter "mode" in jail.local:
# normal (default), ddos, extra or aggressive (combines all).
# See "tests/files/logs/sshd" or "filter.d/sshd.conf" for usage example and details.
# mode = normal
enabled = true
maxretry = 3
findtime = 10m
bantime = 1d
port = 4242
logpath = %(sshd_log)s
backend = %(sshd_backend)s
Restart Fail2ban:
$ sudo systemctl restart fail2banTo check failed connection attempts and banned IP addresses, use these commands:
$ sudo fail2ban-client status
$ sudo fail2ban-client status sshd
$ sudo tail -f /var/log/fail2ban.logTest by setting a low value bantime (like 10m) in /etc/fail2ban/jail.local sshd settings, and try to connect multiple times via SSH with the wrong password to get banned.
Made by mcombeau: mcombeau@student.42.fr | LinkedIn: mcombeau | Website: codequoi.com