diff --git a/README.md b/README.md index b288b19..8d7c589 100644 --- a/README.md +++ b/README.md @@ -1,2 +1,228 @@ -# Guide-to-AlmaLinux +
+ +
+
+ + Logo + + +

AlmaLinux

+ +

+ Gettings started with AlmaLinux +
+
+ Report Bug + · + Request Feature +

+
+ + +
+ Table of Contents +
    +
  1. + About The Project + +
    2. +
  2. + Getting Started + +
    3. +
  3. + Hardening + +
    4. +
  4. License
    5. +
  5. Contact
    6. +
  6. Acknowledgments
    7. +
+
+ + + + +## About The Project + +[![Product Name Screen Shot][product-screenshot]](https://almalinux.org) +Proof of concept e-commerce store using Angular, .Net Core and Stripe for payment processing + +* Installation of AlmaLinux +* Utilizing DISA STIG Profiles +* Creating `ssh` keys +* Disabling password based `ssh` logins +* Allow user to `sudo` without password +* Working with `fapolicyd` +* Getting `wget` to work in FIPS Mode +* Optional Cloud Packages + * Cloud-Init + * Cloud-Utils-Growpart + * GDisk + +

(back to top)

+ + + +### Built With + +* [Almalinux](https://almalinux.org) + +

(back to top)

+ + + + +## Getting Started + +To get a local copy up and running follow these simple example steps. + +### Prerequisites + +This is an example of how to list things you need to use the software and how to install them. + +Downloading AlmaLinux + ```sh + https://almalinux.org + ``` + +Make bootable USB +1. **Linux:** + + Insert your target USB and locate it. There are different ways to do it but here are some of them: + + * `sudo fdisk -l` - this command shows you the connected block storage devices, including the USB devices. + + * `lsblk` - this command gives you all the available block storage devices, including the USB block storage devices. + + * `sudo blkid` - this command gives you the same information as lsblk, but you have to rub it as root. + + You need to look for /dev/sda or /dev/sdb or /dev/sdc, which is your target USB. + + After you found out the location of your target USB, navigate to the location of your source ISO. Run dd command to copy files from ISO to USB: + + ```sh + sudo dd if=/AlmaLinux-9-latest-x86_64-dvd.iso of=/dev/sdc status=progress + ``` + + `dd` : Start the dd command to write DVD/CD iso image. `if=AlmaLinux-8-x86_64-Live-GNOME-Mini-beta-1.iso` : path to the input file. `of=/dev/sdc` : path to destination USB disk/stick. status=progress: display a progress bar while writing the image to the USB stick such as `/dev/sdb`. That’s all! You now have ready Live AlmaLinux on a USB stick. + +2. **Windows**: + + For Windows OS there is a helpful free and open-source application - Rufus. + + Open the application, choose your target USB, ISO you need to burn, press start - and Live OS is ready to run. + +3. **MacOS:** + + The cross-platform tool balenaEtcher is used to write images on macOS. It is simple too. Open banlenaEtcher, choose the image and the USB, press Flash. + + More details and information about AlmaLinux Live Media can be found on Live Media SIG. + +### Installation +Coming Soons + +

(back to top)

+ + +## Hardening + +## Creating Private/Public SSH Key +**Windows:** + +**Linux:** + +**MacOS:** + +### Adding SSH Public Key +Replace $SSH with the content of the public key. +```sh +echo "$SSH" >> ~/.ssh/authorized_keys +``` +### SSH Permissions +```sh +mkdir -p ~/.ssh +touch ~/.ssh/authorized_keys +chmod 700 ~/.ssh +chmod 600 ~/.ssh/authorized_keys +``` +### Disabling password based SSH +```sh +cd /etc/ssh +sed -i 's/#PasswordAuthentication yes/PasswordAuthentication no/g' sshd_config +systemctl restart sshd +``` +### Allow user to SUDO without password + +```sh +sudo su - +visudo +``` +Press `Insert` on keyboard, substitute `$USER` with the user you created during installation. +```sh +$USER ALL=(ALL) NOPASSWD: ALL +``` +### Working with fapolicyd +fapolicyd starts in protection mode. We need to set fapolicyd to permissive mode to allow us to build the necessary rule sets for our individual systems. +```sh +cd /etc/fapolicyd/ +sed -i 's/permissive = 0/permissive = 1/g' fapolicyd.conf +systemctl restart fapolicyd +``` +See RHEL: Blocking and Allowing applications with fapolicyd for more information on building rules. + +### Fixing wget +As of current GnuTLS is not properly working with FIPS. To correct this we tell GnuTLS to disable health checks. + +```sh +cd /etc/profile.d/ +touch gnutls.sh +echo "export GNUTLS_SKIP_FIPS_INTEGRITY_CHECKS=1" > gnutls.sh +``` +`wget` will now function as intended. +

(back to top)

+ + +## License + +Distributed under the MIT License. See `LICENSE` for more information. + +

(back to top)

+ + +## Contact + +Twitter - [@skynetinctech](https://twitter.com/skynetinctech) + +Linkedin - [Charles Showalter](https://linkedin.com/in/charles-showalter) + +Instagram - [@skynetinc.tech](https://twitter.com/skynetinc.tech) + +Facebook - [@skynetinctech](https://facebook.com/skynetinctech) + +Project Link: [https://labs.xtechnology.org/cshowalter/SkyNet/](https://labs.xtechnology.org/cshowalter/SkyNet/) + +

(back to top)

+ + + + +[twitter-shield]: https://img.shields.io/twitter/follow/skynetinctech?style=for-the-badge +[twitter-url]: https://twitter.com/skynetinctech +[linkedin-shield]: https://img.shields.io/badge/-LinkedIn-black.svg?style=for-the-badge&logo=linkedin&colorB=555 +[linkedin-url]: https://linkedin.com/company/skynetinc +[product-screenshot]: Screenshot.png \ No newline at end of file diff --git a/Screenshot.png b/Screenshot.png new file mode 100644 index 0000000..a52c8c4 Binary files /dev/null and b/Screenshot.png differ diff --git a/images/almalinux.jpg b/images/almalinux.jpg new file mode 100644 index 0000000..311f290 Binary files /dev/null and b/images/almalinux.jpg differ