Initial

2023-01-27 07:56:52 -08:00 · 2023-01-27 07:56:52 -08:00 · 5cde8f6840
commit 5cde8f6840
parent 415e52cd0f
3 changed files with 227 additions and 1 deletions
--- a/README.md
+++ b/README.md
@ -1,2 +1,228 @@
-# Guide-to-AlmaLinux
+<div id="top"></div>

+<!-- PROJECT LOGO -->
+<br />
+<div align="center">
+  <a href="https://github.com/github_username/repo_name">
+    <img src="images/almalinux.jpg" alt="Logo">
+  </a>
+
+<h3 align="center">AlmaLinux</h3>
+
+  <p align="center">
+    Gettings started with AlmaLinux
+    <br />
+    <br />
+    <a href="https://labs.xtechnology.org/cshowalter/SkyNet/issues">Report Bug</a>
+    ·
+    <a href="https://labs.xtechnology.org/cshowalter/SkyNet/issues">Request Feature</a>
+  </p>
+</div>
+
+<!-- TABLE OF CONTENTS -->
+<details>
+  <summary>Table of Contents</summary>
+  <ol>
+    <li>
+      <a href="#about-the-project">About The Project</a>
+      <ul>
+        <li><a href="#built-with">Built With</a></li>
+      </ul>
+    </li>
+    <li>
+      <a href="#getting-started">Getting Started</a>
+      <ul>
+        <li><a href="#prerequisites">Prerequisites</a></li>
+        <li><a href="#installation">Installation</a></li>
+      </ul>
+    </li>
+    <li>
+      <a href="#hardening">Hardening</a>
+      <ul>
+        <li><a href="#ssh-creating">Creating Private/Public SSH Key</a></li>
+        <li><a href="#ssh-adding">Adding SSH Public Key</a></li>
+        <li><a href="#ssh-chmod">SSH Permissions</a></li>
+        <li><a href="#ssh-chmod">Disabling password based SSH</a></li>
+        <li><a href="#ssh-chmod">Allow user to SUDO without password</a></li>
+        <li><a href="#fapolicyd">fapolicyd</a></li>
+        <li><a href="#fapolicyd">wget issues</a></li>
+      </ul>
+    </li>
+    <li><a href="#license">License</a></li>
+    <li><a href="#contact">Contact</a></li>
+    <li><a href="#acknowledgments">Acknowledgments</a></li>
+  </ol>
+</details>
+
+
+
+<!-- ABOUT THE PROJECT -->
+## About The Project
+
+[![Product Name Screen Shot][product-screenshot]](https://almalinux.org)
+Proof of concept e-commerce store using Angular, .Net Core and Stripe for payment processing
+
+* Installation of AlmaLinux
+* Utilizing DISA STIG Profiles
+* Creating `ssh` keys
+* Disabling password based `ssh` logins
+* Allow user to `sudo` without password
+* Working with `fapolicyd`
+* Getting `wget` to work in FIPS Mode
+* Optional Cloud Packages
+  * Cloud-Init
+  * Cloud-Utils-Growpart
+  * GDisk
+
+<p align="right">(<a href="#top">back to top</a>)</p>
+
+
+
+### Built With
+
+* [Almalinux](https://almalinux.org)
+
+<p align="right">(<a href="#top">back to top</a>)</p>
+
+
+
+<!-- GETTING STARTED -->
+## Getting Started
+
+To get a local copy up and running follow these simple example steps.
+
+### Prerequisites
+
+This is an example of how to list things you need to use the software and how to install them.
+
+Downloading AlmaLinux
+  ```sh
+  https://almalinux.org
+  ```
+
+Make bootable USB
+1. **Linux:**
+
+    Insert your target USB and locate it. There are different ways to do it but here are some of them:
+
+    * `sudo fdisk -l` - this command shows you the connected block storage devices, including the USB devices.
+
+    * `lsblk` - this command gives you all the available block storage devices, including the USB block storage devices.
+
+    * `sudo blkid` - this command gives you the same information as lsblk, but you have to rub it as root.
+      
+      You need to look for /dev/sda or /dev/sdb or /dev/sdc, which is your target USB.
+
+      After you found out the location of your target USB, navigate to the location of your source ISO. Run dd command to copy files from ISO to USB:
+        
+      ```sh
+      sudo dd if=/AlmaLinux-9-latest-x86_64-dvd.iso of=/dev/sdc status=progress
+      ```
+
+      `dd` : Start the dd command to write DVD/CD iso image. `if=AlmaLinux-8-x86_64-Live-GNOME-Mini-beta-1.iso` : path to the input file. `of=/dev/sdc` : path to destination USB disk/stick. status=progress: display a progress bar while writing the image to the USB stick such as `/dev/sdb`. That’s all! You now have ready Live AlmaLinux on a USB stick.
+  
+2. **Windows**:
+      
+      For Windows OS there is a helpful free and open-source application - Rufus.
+
+      Open the application, choose your target USB, ISO you need to burn, press start - and Live OS is ready to run.
+
+3. **MacOS:**
+    
+    The cross-platform tool balenaEtcher is used to write images on macOS. It is simple too. Open banlenaEtcher, choose the image and the USB, press Flash.
+
+    More details and information about AlmaLinux Live Media can be found on Live Media SIG.
+
+### Installation
+Coming Soons
+
+<p align="right">(<a href="#top">back to top</a>)</p>
+
+<!-- HARDENING -->
+## Hardening
+
+## Creating Private/Public SSH Key
+**Windows:**
+
+**Linux:**
+
+**MacOS:**
+
+### Adding SSH Public Key
+Replace $SSH with the content of the public key.
+```sh
+echo "$SSH" >> ~/.ssh/authorized_keys
+```
+### SSH Permissions
+```sh
+mkdir -p ~/.ssh
+touch ~/.ssh/authorized_keys
+chmod 700 ~/.ssh
+chmod 600 ~/.ssh/authorized_keys
+```
+### Disabling password based SSH
+```sh
+cd /etc/ssh
+sed -i 's/#PasswordAuthentication yes/PasswordAuthentication no/g' sshd_config
+systemctl restart sshd
+```
+### Allow user to SUDO without password
+
+```sh
+sudo su -
+visudo
+```
+Press `Insert` on keyboard, substitute `$USER` with the user you created during installation.
+```sh
+$USER  ALL=(ALL) NOPASSWD: ALL
+```
+### Working with fapolicyd
+fapolicyd starts in protection mode. We need to set fapolicyd to permissive mode to allow us to build the necessary rule sets for our individual systems.
+```sh
+cd /etc/fapolicyd/
+sed -i 's/permissive = 0/permissive = 1/g' fapolicyd.conf
+systemctl restart fapolicyd
+```
+See <a href="https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/security_hardening/assembly_blocking-and-allowing-applications-using-fapolicyd_security-hardening">RHEL: Blocking and Allowing applications with fapolicyd</a> for more information on building rules.
+
+### Fixing wget
+As of current GnuTLS is not properly working with FIPS. To correct this we tell GnuTLS to disable health checks.
+
+```sh
+cd /etc/profile.d/
+touch gnutls.sh
+echo "export GNUTLS_SKIP_FIPS_INTEGRITY_CHECKS=1" > gnutls.sh
+```
+`wget` will now function as intended.
+<p align="right">(<a href="#top">back to top</a>)</p>
+
+<!-- LICENSE -->
+## License
+
+Distributed under the MIT License. See `LICENSE` for more information.
+
+<p align="right">(<a href="#top">back to top</a>)</p>
+
+<!-- CONTACT -->
+## Contact
+
+Twitter - [@skynetinctech](https://twitter.com/skynetinctech)
+
+Linkedin - [Charles Showalter](https://linkedin.com/in/charles-showalter)
+
+Instagram - [@skynetinc.tech](https://twitter.com/skynetinc.tech)
+
+Facebook - [@skynetinctech](https://facebook.com/skynetinctech)
+
+Project Link: [https://labs.xtechnology.org/cshowalter/SkyNet/](https://labs.xtechnology.org/cshowalter/SkyNet/)
+
+<p align="right">(<a href="#top">back to top</a>)</p>
+
+
+<!-- MARKDOWN LINKS & IMAGES -->
+<!-- https://www.markdownguide.org/basic-syntax/#reference-style-links -->
+[twitter-shield]: https://img.shields.io/twitter/follow/skynetinctech?style=for-the-badge
+[twitter-url]: https://twitter.com/skynetinctech
+[linkedin-shield]: https://img.shields.io/badge/-LinkedIn-black.svg?style=for-the-badge&logo=linkedin&colorB=555
+[linkedin-url]: https://linkedin.com/company/skynetinc
+[product-screenshot]: Screenshot.png
--- a/Screenshot.png
+++ b/Screenshot.png
--- a/images/almalinux.jpg
+++ b/images/almalinux.jpg