Roger Skyline 🔒
Roger Skyline was a school project that introduced me to the basics of system and network administration. I installed a virtual machine (VM), configured a web server on it, protected it from possible denial-of-service (DOS) attacks and port scans, created a simple website for a Harry Potter-themed candy store and wrote a short script for deployment automation. To complete the project, I chose to use Debian Linux operating system and VirtualBox hypervisor.
If you are interested in knowing what it takes to complete all the mentioned tasks, have a look at the detailed step-by-step guide I included in this project's repository!
For more information about this project, check out the project's assignment.
Project Purpose & Goal
Roger Skyline was the second system and network administration project in my school's curriculum. It provided an opportunity to put the basic commands I learned while working on the first sysadmin project into practice by creating a VM and starting my first web server.
My goal was to learn basics of network and system administration through a practical, hands-on approach. I configured a VM and set up a web server available on the VM's IP address. To complete this task, I installed nginx and replaced the default webiste with one of my own. I was still learning the web development technologies, so I created a simple website using HTML and CSS.
Shell
Stack & Constraints
The only technology I used for this project was shell script. I wasn't allowed to use any other technologies, such as Docker, Vagrant, etc.
According to the project's subject, it was mandatory to create an 8 GB hard disk file during the configuration of the VM. When partitioning the disk, one of the parts had to be exactly 4.2 GB.
Shell
Thought Process & Problems
Firstly, I created a non-root user with sudoer rights to connect to the VM. I had to install sudo because it didn't come pre-installed. Then I set up a static IP address that I calculated using an online IP calculator. I used ping command to make extra sure the address is available. Then I configured the VM so that it's possible to connect to it only with the public key from the host system instead of a password. Then I set up a firewall, allowing only SSH, HTTP and HTTPS connections. To protect against DOS attacks, I installed Fail2ban that blocks IP addresses for a specified amount of time after several failed login attempts. Next, I wrote a script that updates packages by adding a scheduled task to crontab file and monitors changes made to the crontab file by sending an email to root. Lastly, I set up an nginx server, replaced the default website with my candy shop website, created a self-signed SSL certificate and wrote a deployment script that checks for changes in the index.html file, creates a backup and deploys the modified html file.
While setting up the public key connection to the VM, I managed to lock myself out of the VM permanently. I hadn't written any notes and I didn't exactly remember how I completed all the tasks. It took a couple of days to look it all up again and recreate everything from scratch. This time, I decided to write down everything I was doing just in case it happens again - and it sure did! I managed to lock myself out of the VM on three more occasions while testing the DOS protection. This was an excellent learning lesson that made me realize the importance of writing a quality documentation and updating it regularly, ideally while still working on a project.