Raidboxes Test

Here you can learn how to set up a Wordpress instance from zero and set some specific network permissions.
Explore the docs »

• Ubuntu 18.04
• Nginx
• PHP
• Wordpess

To take the test you will need to have:

• VM with Ubuntu 18.04, fresh install
• 2 Network Interfaces(Lower I'll destcibe how to set IP address for your network)

The challenge is as follows:

• Install latest updates of the machine
• Install php with fpm
• Install nginx
• Ensure that traffic coming from outside our network (origin not in 10.1.*) only has access to content on port 80
• Ensure that port 8088 is only accessible from the internal network
• Setup Wordpress 5.4 (including dependencies) as the only application responding on port 80 (no need to perform the WP Install)
• Create a user with sudo nopasswd rights like root and its respective keys
• Disallow root access through ssh

1. Install latest updates of the machine.

• Make sure that OS is up to date.

  sudo apt update

  sudo apt upgrade

2. Switch to nopassword user.

• On UFW.

  sudo ufw enable

  sudo -i

  sudo adduser --shell /bin/bash myuser

  sudo usermod -aG sudo myuser

  sudo echo "myuser ALL=(ALL) NOPASSWD: ALL" | (EDITOR="tee -a" visudo)

• Generate SSH, create sudo user with only an SSH key

  sudo ssh-keygen

  sudo apt install openssh-server

  sudo ufw allow ssh

  sudo adduser --shell /bin/bash --system --group myuser1

  sudo mkdir /home/myuser1/.ssh

  sudo cp -Rfv /root/.ssh /home/myuser1/

  sudo chown -Rfv myuser1:myuser1 /home/myuser1/.ssh

  sudo chown -R myuser1:myuser1 /home/myuser1

  sudo gpasswd -a myuser1 sudo

  sudo  echo "myuser1 ALL=(ALL) NOPASSWD: ALL" | (EDITOR="tee -a" visudo)

• Disable root SSH login.

  nano /etc/ssh/sshd_config

• Uncomment "PermitRootLogin" and type "no":

#LoginGraceTime 2m
PermitRootLogin no
#StrictModes yes
#MaxAuthTries 6
#MaxSessions 10

systemctl restart ssh

3. Install PHP.

sudo apt-get install php7.2 php7.2-cli php7.2-fpm php7.2-mysql php7.2-json php7.2-opcache php7.2-mbstring php7.2-xml php7.2-gd php7.2-curl

4. Install NGINX.

   sudo apt install nginx

5. Setup Wordpress.

• Install My SQL database.

  sudo apt install mysql-server 

  sudo mysql_secure_installation

  mysql -u root -p

• Create database.
  CREATE DATABASE wordpress_db; GRANT ALL ON wordpress_db.* TO 'wpuser'@'localhost' IDENTIFIED BY 'Passw0rd!' WITH GRANT OPTION; FLUSH PRIVILEGES;
exit

• Create new directory.

  mkdir -p /var/www/html/wordpress/public_html
  cd /var/www/html/wordpress/public_html

• Download Wordpress.

  wget https://wordpress.org/wordpress-5.4.10.tar.gz

  tar -xzvf wordpress-5.4.10.tar.gz
  mv wordpress/* .
  rm -rf wordpress wordpress-5.4.10.tar.gz

• Change the ownership and apply correct permissions.

  chown -R www-data:www-data *
  chmod -R 755 *

• Configure NGINX for WordPress.

  cd /etc/nginx/sites-available

• Change port default server to 8080 in default file.

  nano default

  and change here port from 80 to 8080 (listen 8080;) in the two places.

• Create new file.

  touch wordpress.conf
  nano wordpress.conf

• Add content.

  server {
             listen 80;
             root /var/www/html/wordpress/public_html;
             index index.php index.html;
             server_name wpexample.com;
  
       access_log /var/log/nginx/wpexample.wordpress.access.log;
           error_log /var/log/nginx/wpexample.wordpress.error.log;
  
             location / {
                          try_files $uri $uri/ =404;
             }
  
             location ~ \.php$ {
                          include snippets/fastcgi-php.conf;
                          fastcgi_pass unix:/run/php/php7.2-fpm.sock;
             }
  
             location ~ /\.ht {
                          deny all;
             }
  
             location = /favicon.ico {
                          log_not_found off;
                          access_log off;
             }
  
             location = /robots.txt {
                          allow all;
                          log_not_found off;
                          access_log off;
            }
  
             location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ {
                          expires max;
                          log_not_found off;
            }
  }

• Create a symbolic link for this file.

  cd /etc/nginx/sites-enabled
  ln -s ../sites-available/wordpress.conf .

• Reload NGINX.

  systemctl reload nginx

6. Set Limits for traffic using the UFW

• Get status UFW.

  sudo ufw status

• Deny all connections.

  sudo ufw default deny outgoing

  sudo ufw default deny incoming

• Allow specific ports.

  sudo ufw allow out 80

  sudo ufw allow 'Nginx HTTP'

• Status.

  sudo ufw status verbose 

Below is a list of the things you need to do and how to set them up. Set the IP for the network interface.

• Get a list of available interfaces.

  ifconfig -a

• Go to file.

  sudo nano /etc/network/interfaces

• Edit file as mentioned below.

  auto lo  
  iface lo inet loopback  
  
  auto enp0s3  
  iface enp0s3 inet static  
      address 10.1.10.0/24  
      netmask 255.255.255.0  
      gateway 10.1.10.132  
      dns-nameservers 8.8.8.8
  

• Apply changes.

• Restart.

  sudo /etc/init.d/networking restart

You can use this file for solution few task on Ubuntu 18.04. P.S. To complete the WordPress installation, go to your localhost: http://127.0.0.1/.

Anhelina Zelyk - @zelenushe4ka - Linkedin- zelikangelina@gmail.com

Project Link: https://github.com/zelenushechka/RaidboxesTest