Complete Guide to Understanding Virtualization

before starting the BornToBeRoot project you should know some fundamental concepts:

_🌌 Virtual machines

it’s simply refer into machine in your machine.

A physical computer has components like the motherboard, CPU, hard disk, and many others. A hypervisor (Virtualization software) uses that hardware to create a simulated environment, allowing you to run multiple operating systems on the same physical machine.

_💻 Hypervisore

there 2 types of hypervisore : Bare-Metal Hypervisor, Hosted Hypervisor.

1. Bare-Metal Hypervisor used on the companies virtualization software run directly on a physical hardware without need for a operationg system, allowing run multiple OS on the same hardware

2. Hosted Hypervisor is a virtualization software that runs on top of an existing operating system, allowing users to create and run multiple virtual machines (VMs) on a single physical machine.

_^📦 VirtualBox

VirtualBox also known as a Hosted Hypervisor , and it’s a software that allows you to run multiple operating systems (guest OSes) on a single physical machine (host OS). VirtualBox runs on top of an existing host operating system, such as Windows

💻operating systeme

All the machines uses an operating systeme, which is the thing controlling your machine for what you need, or you can say it’s the gap between user interface and the computer components

👩‍💻 linux

Linux functions as an operating system that manages hardware resources, it’s provide a security features make it a popular choice, and it’s open source, which allow community collaboration There are many Linux distributions, such as Debian, Ubuntu, and Rocky Linux.

We use a Linux distribution (distors) instead of just "Linux" because Linux by itself is just the kernel, the core of the operating system. The kernel handles hardware communication, resource management, and system calls but doesn’t provide the tools, applications, or user interfaces that make an operating system functional for users.

Choosing a Linux distribution often depends on individual needs, and use cases. While Debian is a stable choice, other distributions may offer features. the commons feature of distors like : default application (text editors, web browser), GUI and CLI , package management tools (apt, yum),tools to manage files (bash, grep).

what is the diff between CentOS and Debian

both are the same which is based on the linux kernel but they have different goals

1. centOS well-known in entreprise envirement unlike Debian popular in the server and desktop envirement

2. they have diffrent package managment tool, Debian use APT but CentOS usse yum or dnf

those packages management tools used to install, remove, update, and manage software packages, but they are designed for different types of Linux distribution

💂‍♂️what is APPArmor

• AppArmor is a tool for enhancing the security of applications on Linux.

• If you install an application , without AppArmor, an attacker who hacks the application could potentially gain access to your sensitive information. With AppArmor, the attacker’s ability to access sensitive information can be significantly limited.

📦 what the diffrent between apt and aptitude

Both apt and aptitude serve the same primary purpose managing software package

• apt installs the required packages but may not always handle complex dependency, aptitude more smart resolver that can suggest solutions for conflicting packages and can sometimes find a way to resolve dependencies that apt cannot.

• another thing which is aptitude offers both a command-line interface and a text-based user interface (TUI) for easier navigation and management of packages.

💿 what happend when you setup debian on the Hard disk

when you install debian on a hard disk it dividing the disk into section (partitions) After partitioning, each partition must be formatted with a filesystem. This step prepares the partitions to store files and directories.

• Root (‘/’) : This is the main partition where the operating system and its files are stored, it formatted with a filesytem like ext4. It contains various subdirectories that hold different types like swap home var var-log srv tmp

• Swap : the operating system uses for virtual memory It acts as an overflow area for when the system's RAM is full.

• Home (‘/home’) : this is where user data and personal files are stored in theire own separate space, and users can create, modify, and delete files in their home directories.

• Var (‘/var’) : designed to hold files that are expected to grow or change file size over time

• Var-log (‘/var/log’) : This directory is used to record system and application activities, including timestamps, hostname, service names, process IDs, and event descriptions.

• Srv (‘/srv’) : this directory is used to store data provided from the sytem, such as web servers, FTP servers, or database servers

• tmp (‘/tmp’) : this directory is used for storing temporary files created by applications and the operating system, when you power off the device the data relased.

🎩 Hostname And Partitions

on the sheet they wanna to check the hostname and replacing it by another then restart your machine. hostname has not been updated

rename the hostname

sudo hostnamectl set-hostname newhostname

• what is LVM (logical volume manager) The machine contains physical hard disks that can be grouped together into a single logical unit known as a volume group. This allows us to manage the storage more flexibly, enabling us to create, delete, and resize partitions as needed. Is that correct?

• Both the volume group and the logical volumes created within it are virtual constructs that allow for flexible storage management.

👨‍🎓 User && Sudo

but you have make sure to implement the password policy before creating it

• update the expiration password : nano /etc/login.defs by PASS_MAX_DAYS 99999 -> PASS_MAX_DAYS 30 AND PASS_MIN_DAYS 0 -> PASS_MIN_DAYS 2

• install the next packages to enforce the password quality : sudo apt install libpam-pwquality

• edit that file nano /etc/pam.d/common-password

• add this rules :

    retry=3 minlen=10 ucredit=-1 dcredit=-1 lcredit=-1 maxrepeat=3 reject_username difok=7 enforce_for_root
  

  the advanteges of using sudo policy is to increase your security and the issue here is you can forget that password

sudo

sudo provid a secure way to execute cammands , It allows system administrators to grant specific permissions to users or groups

• Using sudo limits what a user can do, reducing the risk of damage.

• if we have multiple users accounts we cannot track who made specifc changes with sudo all commands executed are stored in /var/log/sudo/sudo_config

on the born2beroot project you need at first We have to create a group and check if created or not and then assign the user into group, also how to remove that user from that group

to know if sudo installed

sudo -V or which sudo

to create a user

sudo adduser zogrir

to create a group

sudo addgroup user42

to check if that group created

getent group user42

to assign your user into a group

sudo usermod -aG user42 zogrir

to remove a user from a group

sudo deluser zogrir user42

now the next step is add your rules in sudo_config. use : touch /etc/sudoers.d/sudo_config

Defaults  passwd_tries=3
Defaults  message_error="there is an error"
Defaults  logfile="/var/log/sudo/sudo_config"
Defaults  log_input, log_output
Defaults  iolog_dir="/var/log/sudo"
Defaults  requiretty
Defaults  secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin"

if you look at the subject they wanna each command be logged so create that diractory : mkdir /var/log/sudo , that folder sudo contain a file nemed sudo_config conatin all the history of the commands used with sudo.

user:x:1000

soo user refere into username and X indicates that the password is stored securely in the shadow file. finally 1000 is the userId associated with that user

🗝 SSH

how Secure Shell work? how about if you wanna exchange the important data with a server or a friend for example information about credit card then you need a protocol can secure and encrypt this data so why we need secure shell ssh now let’s get how it works this animation video can help you get more :

we can say the SSH key provides a way to secure the connection between user and server (or between 2users) by encrypting it. Once the connection is successful, the port is just the way to connect.

there is several ways to make a connection by ssh such as : password authentication, public key authentication

install ssh

sudo apt install openssh-server

check if working

sudo service ssh status

in born2beroot project you need to change the ssh port into 4242 for security reasons, This involves configuring both the virtual machine and the local machine to ensure they communicate correctly over the specified port.

you have to swith to root and change the port from 22 int 4242 and ensure to PermisRootLogin is set to no in /etc/ssh/sshd.config .to swith the SSH port in Virtual machine.

files were have to update

su vi /etc/ssh/sshd_config || vi /etc/ssh/ssh_config

then restared and check it if actived

now we need to connect the local machine with the virtual

ssh zogrir@localhost -p 4242

🔥🧱 Uncomplicated FireWall

• UFW (Uncomplicated FireWall) is a security sytem that controll networkt traffic, its purpose is to establish a barrier between a trusted internal network and the harmfull network but we based for couple of indices to give him the access

• UFW allows you to define which machines can communicate with your system by specifying rules based on IP addresses, ports, and, hostnames.

at first you must to install the package for UFW and active it on our syteme

to instal UFW

sudo apt install ufw

to enable ufw

sudo ufw enable

to check if installed

dpkg -l | grep ufw

and dont forget to give the ufw the access for the port use 4242 and finally checking if everything work fine

sudo ufw allow 4242

if you wanna remove that port

sudo ufw delete allow 4242

📝 Script

on the script step you have to create a bash script to display the information of your machine like the subject provide you. so create the sh file : touch monitoring.sh.

• uname commande to bring kernel name with the option -a to include all the information such as : kernel name, kernel version, hostname, processor type.

• $(…) is a syntaxe called command substitution it run the commane inside parentheses and affected it into arch variable

#!bin/bash
arch=$(uname -a)

These two commands likely display similar content, showing the number of physical CPUs (referred to as pcpu) and virtual CPUs (vcpu) created by the hosted hypervisor.

• lscpu is a command used to display information about the CPU architecture.

• awk is a powerful tool for filtering the output.

• ‘‘NR==..” to display what line and ‘{print $..}’ what column

• | the purpose of this pipe to take the output of the left command and pass it into input to the right command

pcpu=$(lscpu | awk 'NR==5' | awk '{print $2}')
vcpu=$(lscpu | awk 'NR==6' | awk '{print $4}')

these tree commands functions to bring to you the information of the ram usage, and percentage of used RAM.

• free -h is used to display RAM memory usage in a human-readable format. by -h option

• greep filtered the output by the line your search for it

• printf functions format the output “%2.f” pecifies that the number should be printed with two decimal places.

ram_total=$(free -h | grep "Mem:" | awk '{print $2}')
ram_used=$(free -h | grep "Mem:" | awk '{print $3}')
ram_prcnt=$(free | grep "Mem:" | awk '{printf("%.2f%%"), $3 / $2 * 100}')

we do the same thing like previous scripts (RAM info) but now for the disk space usage info

• df command provides information about space usage info with -h option for humain readable (showing size GB, MB)

disk_total=$(df -h --total | grep 'total' | awk '{print $2}')
disk_used=$(df -h --total | grep 'total' | awk '{print $3}')
disk_prcnt=$(df -h --total | grep 'total' |awk '{print $5}')

mpstat provides detailed statistics about CPU utilization , also it’s a part of the sysstat package in Linux so that the reason why should you install it : sudo apt install sysstat

• 1: This argument tells mpstat to report statistics every 1 second.

• 2: This argument tells mpstat to collect data for 2 intervals (it will output statistics for 2 seconds).

• 100 - $12: Since the idle percentage tells you how much of the CPU is not in use, subtracting this from 100 gives you the percentage of CPU in use.

For example, if the %idle is 80%, subtracting 80 from 100 gives you 20% of the CPU usage.

%idle shows how much of the CPU's time is spent doing nothing

cpuoload=$(mpstat 1 2 | awk '/Average/ {printf "%.1f", 100-$12}')

you need to display the Date of the last boot of your mschine

The who command is used to display who is currently logged into the system. The -b option specifically shows the last boot time of the system.

last_boot=$(who -b | awk '{printf("%s %s", $3, $4)}')

This is an if condition that prints 'yes' or 'no', but it must check if a Logical Volume Group (LVM) is present and being used on the system.

lvm=$(if [ $(lsblk | grep "lvm" | wc -l) -eq 0 ]; then echo no; else echo yes; fi)

---

herer is quick sumrary what is TCP Protcol (Transmission Control Protocol).

ours TV pick up a signal that just kind of emanated from a station that prodcasted the signal and any one in range with TV and bunny ears could watch, but internet traffic actually has to be routed to the correct place so how is that work? that why we should know how tcp comes in.

you can think transmission data like layers : the first layer called application layer such as web browser you interact with by protocols like HTTP if visition website or SMTP for email. so TCP gets its data from application layer protocols

the second layer called transport layer where TCP exist with another shcim called UDP, when the application layer get the data from whaterver websit it talks to transport layer trough something calld port and each protocol has own port (HTTP => 80) so tcp know where the data come from.

when the TCP get the data it chops it into small chunks called packets and each one take own route over the internet, TCP ensures that they are reassembled in the correct order, as they may arrive out of sequence. It does this by using the sequence numbers included in the TCP headers. If any packets are lost or corrupted during transmission, TCP can detect this through checksums and will request retransmission of those specific packets.

after this is done the packets are pushed onto third layer called internet layer which is use internet protocol (IP) to attach both the origin and destination ip adresses so thepacket know where they come from and where it going to.

so the data arrived onto the final layer which where the packets arrived into the your physical machine and converting them into electrical impulses.

---

ss -s: This command provides a summary of socket statistics, including information about TCP connections.

tcp=$(ss -s | grep "TCP" | awk 'NR==2' | awk '{printf("%s", $3)}')

the next commad to know how many users logged in without dublicating

user_log=$(users | tr ' ' '\n' | uniq | wc -l)

IP (Internet Protocol) address is a identifier assigned to each device connected to a network that uses the Internet Protocol for communication. It is used to identify devices on a network and facilitate routing of data between them.

ip_adress=$(hostname -I)

MAC (Media Access Control) address is a hardware address that uniquely identifies on a local network. It is used for communication within the same local network segment. likes the HOME WIFI-Network

mac_adress=$(ip a | grep 'link/ether' | awk '{print $2}')

this command provide you the count of numbers of sudo commands has been executed.

journalctl is a command used to query and display messages from the journal, which is the logging.

but you’re specify you are only looking at logs related to the sudo command.

sudo_log=$(journalctl _COMM=sudo -q | grep COMMAND | wc -l)

now let’s talk about a crontab which is a unix utility enables you to automate execution of your script or any event. this path : use : crontab -e to open crontan and add rules.

i used a while condition to repeat executing my script after reboot about 10min provide him the path ‘/home/zogrir/monitoring.sh‘

@reboot /bin/bash -c 'while true; do sleep 600; sh /home/zogrir/monitoring.sh; done'

finally must known how to manipulate rendering your script by cron.

sudo systemctl status cron
sudo systemctl enable cron
sudo systemctl disable cron