Workshop: Linux and Security Basics; Hands-On w/ Bill Stearns Instructions

Thank you for signing up for the Linux and Security Basics/Hands-on class! 

We wanted to share a few setup details with you so you’re ready to go next week.

We won’t know exactly how long the class will take so we’ve set aside 4 hours for the webcast.  Depending on how many questions we have, it may run short or long.

1. Please set up a Linux system on which you can run the commands.  If you don’t have access to one, please set up a cloud server.  You’re welcome to use any cloud provider; if you don’t have a preference, we have instructions on how to set up one up at DigitalOcean at the end of this message.

2. If it’s a physical computer, make sure you can log in via the keyboard and monitor.  If it’s a virtual machine or located somewhere else, make sure you can reach it via ssh, such as:

ssh the.ip.of.my.system 

3. Once you’re on the system, make sure you can run commands under sudo.  To test this, run:

sudo whoami

(entering your password if asked).  That should return “root” to tell you that the command was run as the user root.  If that doesn’t work, try

su -

(entering the root password).  Now when you run “whoami“, it should return “root”.

If neither of these work, check with the person that set the machine up and see if you can get sudo or root access, or set up a different Linux system if that’s not appropriate.

4. Install any operating system patches.  This – and the two following install commands – can take a while to run, especially if you have a slow Internet connection.  These can save you some time on class day.

sudo apt update && sudo apt -y full-upgrade

5. Install needed tools for today

sudo apt install -y lshw procps atop gkrellm nmap tcpdump tshark iproute2 net-tools netcat curl wget ufw ddclient ddupdate rsync openssh-client

6. Optional graphical tool install (only if you have a graphical desktop)

sudo apt install -y wireshark gufw

7. On the class day, before the class starts, log back into your Linux system.  I’ll show the commands, give some more details, and let you try them on your own system.

DigitalOcean Cloud Server

Go to https://www.digitalocean.com.  Sign up for an account there, providing a credit card for billing.  Once that’s created, log in at https://cloud.digitalocean.com and follow these instructions to create a virtual machine for this class.

1. Click “Create” in the upper right and select Droplets (their name for cloud server).

2. Pick your preferred Linux operating system; Ubuntu 18.04.3 (LTS) or 20.04 (LTS) are fine.

3. Since we don’t need high performance to do these labs, the “Basic” plan is fine.  Below basic are the system sizes you can pick.  Click on the left arrow to show the less expensive ones.  I’d suggest the $10/month ($0.015/hour, 2GB memory, 1 CPU, 50GB disk, 2TB transfer) option, though you can adjust as needed.  At this rate, you should be able to do the 2-hour lab for under US $0.05.

4. No additional block storage is needed.

5. Pick a datacenter to host the machine; it should be geographically close to you.  Under the physical location are sublocation numbers (1, 2, 3); pick on that’s not greyed out.

6. No VPC is needed.

7. Check off “IPv6”, but leave “User data” and “Monitoring” unchecked.

8. For authentication, it’s a little simpler to pick “Password” and enter a root password.  Feel free to use SSH Keys if they’re available.

9. Leave “How many droplets” at 1.  Give the machine a hostname that reminds you of what it will be used for, like “linux-lab”.

10. Leave Tags, Project, and Backups blank.

11. Digital Ocean will take anywhere from a few seconds to a few minutes to create your cloud server.  You can watch the progress bar as it’s being made, and when done, you’ll see “linux-lab” with its IPv4 address in your list of available droplets.  Click on the hostname to see the details of this system.

12. In the details page, you’ll see the ipv4 and ipv6 addresses of your new cloud server.

13. To ssh to this system, run:

ssh root@either.ip.address

, accept the ssh host key fingerprint, and enter the password you provided above.  If you’re using a graphical ssh tool, fill in “root” for the username, either the ipv4 or ipv6 address for the system to ssh to, and choose connect.

14. You should see a welcome screen with basic system information and a “root@linux-lab:~#” prompt.  Here’s where you can run the commands we’ll be doing in the lab.  You can open up multiple ssh sessions and run separate commands in each.

15. When the lab is done you need to decide if you want to keep the cloud server and keep paying for it.  If you’re done with it, go back to https://cloud.digitalocean.com , click on the linux-lab droplet, click on “Destroy” in the center left of the display below the IPv4 address, and click on “Destroy this droplet”.  The cloud server, all your changes, and any files you placed on it will be permanently deleted.  This is the only way to stop the billing for it; until you destroy it you’ll continue to be charged for it at $10/month whether the system is running or shut down.

Documents for the workshop can be found here: Linux_and_security_basics_hands_on_202008172248