commit eb8895609f1fb779dcade2dce7ffd9154eb7661f · dunkirk.sh/ncae-tools

+172

00-mini-hack-overview.md

···

       1
       1
       +
       # Mini-Hack Quick Start Guide

     

       2
       2
       +
       

     

       3
       3
       +
       ## Network Topology

     

       4
       4
       +
       

     

       5
       5
       +
       ```

     

       6
       6
       +
       External Network (172.20.0.0/16)

     

       7
       7
       +
       ├── Kali External: 172.20.2

     

       8
       8
       +
       ├── Router External: 172.20.<team>.1

     

       9
       9
       +
       └── Scoring Server: 172.20.1

     

       10
       10
       +
       

     

       11
       11
       +
       Internal Network (192.168.<team>.0/24)

     

       12
       12
       +
       ├── Router Internal: 192.168.<team>.1

     

       13
       13
       +
       ├── Ubuntu Web Server: 192.168.<team>.2

     

       14
       14
       +
       └── Kali Internal: 192.168.<team>.100

     

       15
       15
       +
       ```

     

       16
       16
       +
       

     

       17
       17
       +
       **Your team number** is randomly assigned on each deployment (e.g., 213, 195, etc.)

     

       18
       18
       +
       

     

       19
       19
       +
       ## Objectives (Turn Lights Green)

     

       20
       20
       +
       

     

       21
       21
       +
       1. ✅ Router online - responds to ping on external IP

     

       22
       22
       +
       2. ✅ Web server accessible - HTTP traffic routes through router to internal server

     

       23
       23
       +
       3. ✅ Service running - Apache returns content from internal web server

     

       24
       24
       +
       

     

       25
       25
       +
       ## Step-by-Step Checklist

     

       26
       26
       +
       

     

       27
       27
       +
       ### 1. Find Your Team Number

     

       28
       28
       +
       

     

       29
       29
       +
       **On Kali External**:

     

       30
       30
       +
       ```bash

     

       31
       31
       +
       ip addr show                    # Look for 172.20.X

     

       32
       32
       +
       # If you see 172.20.2, your team number is 2

     

       33
       33
       +
       # Check scoreboard at http://172.20.1 for confirmation

     

       34
       34
       +
       ```

     

       35
       35
       +
       

     

       36
       36
       +
       ### 2. Configure Router

     

       37
       37
       +
       

     

       38
       38
       +
       **Login to MikroTik** (via ProxMox console or SSH):

     

       39
       39
       +
       ```bash

     

       40
       40
       +
       # Default login

     

       41
       41
       +
       admin

     

       42
       42
       +
       <press Enter for blank password>

     

       43
       43
       +
       

     

       44
       44
       +
       # Set a password when prompted

     

       45
       45
       +
       <choose password>

     

       46
       46
       +
       ```

     

       47
       47
       +
       

     

       48
       48
       +
       **Assign IP addresses**:

     

       49
       49
       +
       ```bash

     

       50
       50
       +
       # External interface

     

       51
       51
       +
       /ip address add address=172.20.<team>.1/16 interface=ether3

     

       52
       52
       +
       

     

       53
       53
       +
       # Internal interface

     

       54
       54
       +
       /ip address add address=192.168.<team>.1/24 interface=ether4

     

       55
       55
       +
       

     

       56
       56
       +
       # Verify

     

       57
       57
       +
       /ip address print

     

       58
       58
       +
       ```

     

       59
       59
       +
       

     

       60
       60
       +
       **Or use Web GUI**: `http://172.20.<team>.1:8080`

     

       61
       61
       +
       - Login: `admin` / `<your password>`

     

       62
       62
       +
       - Go to **Quick Set**

     

       63
       63
       +
       - Enter external IP: `172.20.<team>.1/16`

     

       64
       64
       +
       - Enter internal IP: `192.168.<team>.1/24`

     

       65
       65
       +
       - ✅ **Check "Enable NAT"** (required!)

     

       66
       66
       +
       - Click **Apply Configuration**

     

       67
       67
       +
       

     

       68
       68
       +
       ### 3. Configure Ubuntu Web Server

     

       69
       69
       +
       

     

       70
       70
       +
       **Assign static IP**:

     

       71
       71
       +
       ```bash

     

       72
       72
       +
       sudo nano /etc/netplan/01-network-manager-all.yaml

     

       73
       73
       +
       ```

     

       74
       74
       +
       

     

       75
       75
       +
       ```yaml

     

       76
       76
       +
       network:

     

       77
       77
       +
         version: 2

     

       78
       78
       +
         ethernets:

     

       79
       79
       +
           ens18:

     

       80
       80
       +
             addresses:

     

       81
       81
       +
               - 192.168.<team>.2/24

     

       82
       82
       +
             routes:

     

       83
       83
       +
               - to: default

     

       84
       84
       +
                 via: 192.168.<team>.1

     

       85
       85
       +
       ```

     

       86
       86
       +
       

     

       87
       87
       +
       ```bash

     

       88
       88
       +
       sudo netplan apply

     

       89
       89
       +
       ip addr show                    # Verify IP

     

       90
       90
       +
       ping 192.168.<team>.1          # Test router connectivity

     

       91
       91
       +
       ```

     

       92
       92
       +
       

     

       93
       93
       +
       **Start Apache**:

     

       94
       94
       +
       ```bash

     

       95
       95
       +
       sudo systemctl restart apache2

     

       96
       96
       +
       sudo systemctl status apache2   # Should show "active (running)"

     

       97
       97
       +
       ```

     

       98
       98
       +
       

     

       99
       99
       +
       **Test locally**:

     

       100
       100
       +
       ```bash

     

       101
       101
       +
       curl http://192.168.<team>.2    # Should return HTML

     

       102
       102
       +
       ```

     

       103
       103
       +
       

     

       104
       104
       +
       ### 4. Configure Port Forwarding (Router)

     

       105
       105
       +
       

     

       106
       106
       +
       **Web GUI Method** (recommended):

     

       107
       107
       +
       ```

     

       108
       108
       +
       http://172.20.<team>.1:8080

     

       109
       109
       +
       ```

     

       110
       110
       +
       

     

       111
       111
       +
       1. Go to **Quick Set** → **Port Mapping**

     

       112
       112
       +
       2. Click **New**

     

       113
       113
       +
          - Name: `www-tcp`

     

       114
       114
       +
          - Protocol: `TCP`

     

       115
       115
       +
          - Port: `80`

     

       116
       116
       +
          - Forward To: `192.168.<team>.2`

     

       117
       117
       +
          - Port: `80`

     

       118
       118
       +
       3. Click **OK**

     

       119
       119
       +
       4. Repeat for UDP:

     

       120
       120
       +
          - Name: `www-udp`

     

       121
       121
       +
          - Protocol: `UDP`

     

       122
       122
       +
          - Port: `80`

     

       123
       123
       +
          - Forward To: `192.168.<team>.2`

     

       124
       124
       +
          - Port: `80`

     

       125
       125
       +
       

     

       126
       126
       +
       ### 5. Test From External Network

     

       127
       127
       +
       

     

       128
       128
       +
       **On Kali External**:

     

       129
       129
       +
       ```bash

     

       130
       130
       +
       ping 172.20.<team>.1                    # Router should respond

     

       131
       131
       +
       curl http://172.20.<team>.1             # Should show web content from internal server

     

       132
       132
       +
       ```

     

       133
       133
       +
       

     

       134
       134
       +
       **Check scoreboard**: `http://172.20.1`

     

       135
       135
       +
       

     

       136
       136
       +
       All lights should be green!

     

       137
       137
       +
       

     

       138
       138
       +
       ## Quick Troubleshooting

     

       139
       139
       +
       

     

       140
       140
       +
       | Problem | Check |

     

       141
       141
       +
       |---------|-------|

     

       142
       142
       +
       | Router not pingable | Verify IP on ether3: `/ip address print` |

     

       143
       143
       +
       | Web not accessible | 1. Is Apache running? 2. Did you enable NAT? 3. Port forwarding rules exist? |

     

       144
       144
       +
       | Internal server can't reach router | Check internal IP on ether4, verify gateway in netplan |

     

       145
       145
       +
       | Lights still red | Wait 30 seconds for scoring refresh, check exact IPs match topology |

     

       146
       146
       +
       

     

       147
       147
       +
       ## Configuration Files Reference

     

       148
       148
       +
       

     

       149
       149
       +
       **Router**: Web GUI at `http://172.20.<team>.1:8080` or CLI via console

     

       150
       150
       +
       

     

       151
       151
       +
       **Ubuntu Web Server**:

     

       152
       152
       +
       - Network: `/etc/netplan/01-network-manager-all.yaml`

     

       153
       153
       +
       - Apache: `sudo systemctl restart apache2`

     

       154
       154
       +
       - Website content: `/var/www/html/`

     

       155
       155
       +
       

     

       156
       156
       +
       **Kali Machines**: For testing only, no configuration needed

     

       157
       157
       +
       

     

       158
       158
       +
       ## Common Mistakes

     

       159
       159
       +
       

     

       160
       160
       +
       ❌ Forgot to enable NAT on router  

     

       161
       161
       +
       ❌ Port forwarding only has TCP rule (need UDP too)  

     

       162
       162
       +
       ❌ Wrong team number in IP addresses  

     

       163
       163
       +
       ❌ Apache not started on Ubuntu  

     

       164
       164
       +
       ❌ Netplan syntax error (YAML is whitespace-sensitive)  

     

       165
       165
       +
       ❌ Router interface names wrong (check with `interface print`)

     

       166
       166
       +
       

     

       167
       167
       +
       ## Time-Saving Tips

     

       168
       168
       +
       

     

       169
       169
       +
       1. Use **web GUI for router** - faster than CLI for NAT/port forwarding

     

       170
       170
       +
       2. Copy/paste team number once you know it - avoid typos

     

       171
       171
       +
       3. Test each step before moving on (ping, curl, status checks)

     

       172
       172
       +
       4. If stuck, verify each light's requirement on scoreboard

+59

01-services-overview.md

···

       1
       1
       +
       # Linux Services - General Approach

     

       2
       2
       +
       

     

       3
       3
       +
       ## Service Configuration Checklist

     

       4
       4
       +
       

     

       5
       5
       +
       When encountering any new service:

     

       6
       6
       +
       

     

       7
       7
       +
       1. **Understand what it does** - Don't rush into clicking buttons. Read documentation first. Even 5 minutes of research saves time later.

     

       8
       8
       +
       

     

       9
       9
       +
       2. **Locate configuration files** - Services usually have config files in `/etc`. Files can be singular or multiple across different locations (main config + user-specific).

     

       10
       10
       +
       

     

       11
       11
       +
       3. **Backup before changes** - Always copy config files before modifying:

     

       12
       12
       +
          ```bash

     

       13
       13
       +
          sudo cp /etc/service/config /etc/service/config.bak

     

       14
       14
       +
          ```

     

       15
       15
       +
       

     

       16
       16
       +
       4. **Restart after changes** - Most services require restart for changes to take effect:

     

       17
       17
       +
          ```bash

     

       18
       18
       +
          sudo systemctl restart <service-name>

     

       19
       19
       +
          ```

     

       20
       20
       +
          Don't restart the entire computer - restart just the service.

     

       21
       21
       +
       

     

       22
       22
       +
       5. **Check service status** - Verify if service is running:

     

       23
       23
       +
          ```bash

     

       24
       24
       +
          systemctl status <service-name>

     

       25
       25
       +
          ```

     

       26
       26
       +
       

     

       27
       27
       +
       6. **Dependencies matter** - Some services rely on others. Changing one may require restarting dependent services.

     

       28
       28
       +
       

     

       29
       29
       +
       ## Service Management Commands

     

       30
       30
       +
       

     

       31
       31
       +
       Check service status (no sudo needed):

     

       32
       32
       +
       ```bash

     

       33
       33
       +
       systemctl status <service-name>

     

       34
       34
       +
       ```

     

       35
       35
       +
       

     

       36
       36
       +
       Start a service:

     

       37
       37
       +
       ```bash

     

       38
       38
       +
       sudo systemctl start <service-name>

     

       39
       39
       +
       ```

     

       40
       40
       +
       

     

       41
       41
       +
       Stop a service:

     

       42
       42
       +
       ```bash

     

       43
       43
       +
       sudo systemctl stop <service-name>

     

       44
       44
       +
       ```

     

       45
       45
       +
       

     

       46
       46
       +
       Restart a service:

     

       47
       47
       +
       ```bash

     

       48
       48
       +
       sudo systemctl restart <service-name>

     

       49
       49
       +
       ```

     

       50
       50
       +
       

     

       51
       51
       +
       Enable service to start on boot:

     

       52
       52
       +
       ```bash

     

       53
       53
       +
       sudo systemctl enable <service-name>

     

       54
       54
       +
       ```

     

       55
       55
       +
       

     

       56
       56
       +
       Check if service is enabled:

     

       57
       57
       +
       ```bash

     

       58
       58
       +
       systemctl is-enabled <service-name>

     

       59
       59
       +
       ```

+78

02-apache-web-service.md

···

       1
       1
       +
       # Apache Web Service

     

       2
       2
       +
       

     

       3
       3
       +
       ## Service Name

     

       4
       4
       +
       - `apache2` (Ubuntu/Debian)

     

       5
       5
       +
       - `httpd` (CentOS/RHEL)

     

       6
       6
       +
       

     

       7
       7
       +
       ## Check Service Status

     

       8
       8
       +
       ```bash

     

       9
       9
       +
       systemctl status apache2    # Ubuntu

     

       10
       10
       +
       systemctl status httpd      # CentOS

     

       11
       11
       +
       ```

     

       12
       12
       +
       

     

       13
       13
       +
       ## Configuration Locations

     

       14
       14
       +
       

     

       15
       15
       +
       Main config: `/etc/apache2/` (Ubuntu) or `/etc/httpd/` (CentOS)

     

       16
       16
       +
       

     

       17
       17
       +
       Key files:

     

       18
       18
       +
       - `/etc/apache2/apache2.conf` - Main configuration

     

       19
       19
       +
       - `/etc/apache2/sites-available/` - Available site configs

     

       20
       20
       +
       - `/etc/apache2/sites-enabled/` - Active site configs (usually symlinks)

     

       21
       21
       +
       

     

       22
       22
       +
       ## Default Site Configuration

     

       23
       23
       +
       

     

       24
       24
       +
       File: `/etc/apache2/sites-available/000-default.conf`

     

       25
       25
       +
       

     

       26
       26
       +
       Key directives:

     

       27
       27
       +
       ```apache

     

       28
       28
       +
       <VirtualHost *:80>

     

       29
       29
       +
           DocumentRoot /var/www/html

     

       30
       30
       +
           # ... other settings

     

       31
       31
       +
       </VirtualHost>

     

       32
       32
       +
       ```

     

       33
       33
       +
       

     

       34
       34
       +
       - **Listen port**: Default is `*:80` (any IP, port 80)

     

       35
       35
       +
       - **DocumentRoot**: `/var/www/html` - where website files live

     

       36
       36
       +
       

     

       37
       37
       +
       ## Website File Location

     

       38
       38
       +
       

     

       39
       39
       +
       Website files go in: `/var/www/html`

     

       40
       40
       +
       

     

       41
       41
       +
       Default file: `index.html` (or `index.php`)

     

       42
       42
       +
       

     

       43
       43
       +
       The web server automatically serves `index.html` when you visit the root URL.

     

       44
       44
       +
       

     

       45
       45
       +
       ## Start/Restart Service

     

       46
       46
       +
       

     

       47
       47
       +
       ```bash

     

       48
       48
       +
       sudo systemctl start apache2

     

       49
       49
       +
       sudo systemctl restart apache2

     

       50
       50
       +
       ```

     

       51
       51
       +
       

     

       52
       52
       +
       ## Creating Website Content

     

       53
       53
       +
       

     

       54
       54
       +
       Make directories:

     

       55
       55
       +
       ```bash

     

       56
       56
       +
       sudo mkdir /var/www/html/newfolder

     

       57
       57
       +
       ```

     

       58
       58
       +
       

     

       59
       59
       +
       Create files:

     

       60
       60
       +
       ```bash

     

       61
       61
       +
       sudo touch /var/www/html/newfile.html

     

       62
       62
       +
       ```

     

       63
       63
       +
       

     

       64
       64
       +
       **Permission Requirements**: Web server needs read permissions to serve files.

     

       65
       65
       +
       

     

       66
       66
       +
       ## Security Considerations

     

       67
       67
       +
       

     

       68
       68
       +
       - Don't put sensitive files (like `/etc/shadow`) in `/var/www/html`

     

       69
       69
       +
       - Check permissions - files need to be readable by web server

     

       70
       70
       +
       - Backup config files before making changes

     

       71
       71
       +
       - The website displays actual files from the server's filesystem

     

       72
       72
       +
       

     

       73
       73
       +
       ## Common Issues

     

       74
       74
       +
       

     

       75
       75
       +
       1. **Service not starting**: Check config file syntax

     

       76
       76
       +
       2. **Can't access website**: Verify service is running, check IP/port

     

       77
       77
       +
       3. **404 errors**: Check DocumentRoot path and file permissions

     

       78
       78
       +
       4. **Permission denied**: Files need world-readable permissions for web server access

+164

03-ssh-service.md

···

       1
       1
       +
       # SSH Service

     

       2
       2
       +
       

     

       3
       3
       +
       ## Service Name

     

       4
       4
       +
       - `ssh` or `sshd` (works on most distributions)

     

       5
       5
       +
       

     

       6
       6
       +
       ## Check Service Status

     

       7
       7
       +
       ```bash

     

       8
       8
       +
       systemctl status ssh

     

       9
       9
       +
       systemctl status sshd  # Also works

     

       10
       10
       +
       ```

     

       11
       11
       +
       

     

       12
       12
       +
       ## Configuration Location

     

       13
       13
       +
       

     

       14
       14
       +
       Main directory: `/etc/ssh/`

     

       15
       15
       +
       

     

       16
       16
       +
       Key files:

     

       17
       17
       +
       - `/etc/ssh/sshd_config` - Server configuration (most important)

     

       18
       18
       +
       - `/etc/ssh/ssh_config` - Client configuration

     

       19
       19
       +
       - `/etc/ssh/ssh_host_*_key` - Server private keys (multiple algorithms)

     

       20
       20
       +
       - `/etc/ssh/ssh_host_*_key.pub` - Server public keys

     

       21
       21
       +
       

     

       22
       22
       +
       ## Important sshd_config Options

     

       23
       23
       +
       

     

       24
       24
       +
       ```bash

     

       25
       25
       +
       Port 22                    # Default SSH port

     

       26
       26
       +
       ListenAddress 0.0.0.0     # Listen on all IPs (or specify one)

     

       27
       27
       +
       PermitRootLogin prohibit-password  # Or "yes" or "no"

     

       28
       28
       +
       ```

     

       29
       29
       +
       

     

       30
       30
       +
       ### Port

     

       31
       31
       +
       Default is 22. Can change to non-standard port for security.

     

       32
       32
       +
       

     

       33
       33
       +
       ### ListenAddress

     

       34
       34
       +
       - `0.0.0.0` = listen on all IP addresses

     

       35
       35
       +
       - Or specify a single IP to restrict access

     

       36
       36
       +
       

     

       37
       37
       +
       ### PermitRootLogin

     

       38
       38
       +
       - `no` - root cannot SSH in at all

     

       39
       39
       +
       - `yes` - root can SSH in with password

     

       40
       40
       +
       - `prohibit-password` - root must use key authentication

     

       41
       41
       +
       

     

       42
       42
       +
       ## Connecting to SSH Server

     

       43
       43
       +
       

     

       44
       44
       +
       Basic syntax:

     

       45
       45
       +
       ```bash

     

       46
       46
       +
       ssh username@ip_address

     

       47
       47
       +
       ssh username@hostname.com

     

       48
       48
       +
       ```

     

       49
       49
       +
       

     

       50
       50
       +
       Example:

     

       51
       51
       +
       ```bash

     

       52
       52
       +
       ssh sandbox@192.168.1.100

     

       53
       53
       +
       ```

     

       54
       54
       +
       

     

       55
       55
       +
       First connection prompts to accept server's fingerprint (say yes).

     

       56
       56
       +
       

     

       57
       57
       +
       ## Host Keys (Server-Side)

     

       58
       58
       +
       

     

       59
       59
       +
       SSH server has multiple key pairs in `/etc/ssh/`:

     

       60
       60
       +
       - RSA keys: `ssh_host_rsa_key` and `ssh_host_rsa_key.pub`

     

       61
       61
       +
       - ECDSA keys: `ssh_host_ecdsa_key` and `ssh_host_ecdsa_key.pub`  

     

       62
       62
       +
       - ED25519 keys: `ssh_host_ed25519_key` and `ssh_host_ed25519_key.pub`

     

       63
       63
       +
       

     

       64
       64
       +
       These are **asymmetric key pairs**:

     

       65
       65
       +
       - Private key stays on server (read-only to root)

     

       66
       66
       +
       - Public key shared with clients

     

       67
       67
       +
       - Data encrypted with one key only decrypts with the other

     

       68
       68
       +
       

     

       69
       69
       +
       ## Regenerating Host Keys

     

       70
       70
       +
       

     

       71
       71
       +
       If keys are compromised (or cloned VMs have identical keys):

     

       72
       72
       +
       

     

       73
       73
       +
       ```bash

     

       74
       74
       +
       sudo ssh-keygen -t ecdsa -f /etc/ssh/ssh_host_ecdsa_key

     

       75
       75
       +
       ```

     

       76
       76
       +
       

     

       77
       77
       +
       Options:

     

       78
       78
       +
       - `-t ecdsa` - key type (also: rsa, ed25519)

     

       79
       79
       +
       - `-f /path/to/key` - where to save

     

       80
       80
       +
       - Will prompt to overwrite existing key

     

       81
       81
       +
       - Can add passphrase or leave blank

     

       82
       82
       +
       

     

       83
       83
       +
       ## Client-Side Known Hosts

     

       84
       84
       +
       

     

       85
       85
       +
       Location: `~/.ssh/known_hosts`

     

       86
       86
       +
       

     

       87
       87
       +
       Contains public keys of servers you've connected to before.

     

       88
       88
       +
       

     

       89
       89
       +
       If server key changes, you'll get a warning. To fix:

     

       90
       90
       +
       ```bash

     

       91
       91
       +
       # Remove old entry for that IP

     

       92
       92
       +
       ssh-keygen -R 192.168.1.100

     

       93
       93
       +
       

     

       94
       94
       +
       # Or delete the entire file and re-accept connections

     

       95
       95
       +
       rm ~/.ssh/known_hosts

     

       96
       96
       +
       ```

     

       97
       97
       +
       

     

       98
       98
       +
       ## Passwordless Authentication

     

       99
       99
       +
       

     

       100
       100
       +
       Allows login without password using key pairs.

     

       101
       101
       +
       

     

       102
       102
       +
       **Setup process:**

     

       103
       103
       +
       

     

       104
       104
       +
       1. Generate key pair on client (or server acting as admin):

     

       105
       105
       +
       ```bash

     

       106
       106
       +
       ssh-keygen -t ecdsa -f ~/id_bob_key

     

       107
       107
       +
       ```

     

       108
       108
       +
       

     

       109
       109
       +
       2. Create `.ssh` directory for user:

     

       110
       110
       +
       ```bash

     

       111
       111
       +
       sudo mkdir /home/bob/.ssh

     

       112
       112
       +
       sudo chmod 700 /home/bob/.ssh

     

       113
       113
       +
       sudo chown bob:bob /home/bob/.ssh

     

       114
       114
       +
       ```

     

       115
       115
       +
       

     

       116
       116
       +
       3. Copy public key to authorized_keys:

     

       117
       117
       +
       ```bash

     

       118
       118
       +
       sudo cp id_bob_key.pub /home/bob/.ssh/authorized_keys

     

       119
       119
       +
       sudo chmod 644 /home/bob/.ssh/authorized_keys

     

       120
       120
       +
       sudo chown bob:bob /home/bob/.ssh/authorized_keys

     

       121
       121
       +
       ```

     

       122
       122
       +
       

     

       123
       123
       +
       4. Transfer private key to client using SCP:

     

       124
       124
       +
       ```bash

     

       125
       125
       +
       scp sandbox@192.168.1.100:/path/to/id_bob_key .

     

       126
       126
       +
       ```

     

       127
       127
       +
       

     

       128
       128
       +
       5. Connect using the key:

     

       129
       129
       +
       ```bash

     

       130
       130
       +
       ssh -i id_bob_key bob@192.168.1.100

     

       131
       131
       +
       ```

     

       132
       132
       +
       

     

       133
       133
       +
       **Critical permissions:**

     

       134
       134
       +
       - `.ssh/` directory: `700` (drwx------)

     

       135
       135
       +
       - `authorized_keys` file: `644` (-rw-r--r--)

     

       136
       136
       +
       - Private keys: `600` (-rw-------)

     

       137
       137
       +
       - Public keys: `644` (-rw-r--r--)

     

       138
       138
       +
       

     

       139
       139
       +
       ## SCP (Secure Copy)

     

       140
       140
       +
       

     

       141
       141
       +
       Copy files over SSH:

     

       142
       142
       +
       

     

       143
       143
       +
       ```bash

     

       144
       144
       +
       # Copy from remote to local

     

       145
       145
       +
       scp user@remote:/path/to/file .

     

       146
       146
       +
       

     

       147
       147
       +
       # Copy from local to remote  

     

       148
       148
       +
       scp localfile user@remote:/path/

     

       149
       149
       +
       

     

       150
       150
       +
       # Use sudo on remote side

     

       151
       151
       +
       sudo scp user@remote:/root/file .

     

       152
       152
       +
       ```

     

       153
       153
       +
       

     

       154
       154
       +
       ## Exit SSH Session

     

       155
       155
       +
       

     

       156
       156
       +
       ```bash

     

       157
       157
       +
       exit

     

       158
       158
       +
       ```

     

       159
       159
       +
       

     

       160
       160
       +
       ## Restart After Config Changes

     

       161
       161
       +
       

     

       162
       162
       +
       ```bash

     

       163
       163
       +
       sudo systemctl restart ssh

     

       164
       164
       +
       ```

+137

04-network-configuration.md

···

       1
       1
       +
       # Network Configuration by Distribution

     

       2
       2
       +
       

     

       3
       3
       +
       ## Viewing Current Configuration

     

       4
       4
       +
       

     

       5
       5
       +
       Show IP addresses:

     

       6
       6
       +
       ```bash

     

       7
       7
       +
       ip a

     

       8
       8
       +
       # or

     

       9
       9
       +
       ip addr show

     

       10
       10
       +
       ```

     

       11
       11
       +
       

     

       12
       12
       +
       Show specific interface:

     

       13
       13
       +
       ```bash

     

       14
       14
       +
       ip a show eth0

     

       15
       15
       +
       ```

     

       16
       16
       +
       

     

       17
       17
       +
       ## Kali/Debian - /etc/network/interfaces

     

       18
       18
       +
       

     

       19
       19
       +
       **File**: `/etc/network/interfaces`

     

       20
       20
       +
       

     

       21
       21
       +
       Basic static configuration:

     

       22
       22
       +
       ```bash

     

       23
       23
       +
       auto eth0

     

       24
       24
       +
       iface eth0 inet static

     

       25
       25
       +
           address 172.20.118.100

     

       26
       26
       +
           netmask 255.255.255.0

     

       27
       27
       +
           gateway 172.20.118.1

     

       28
       28
       +
       ```

     

       29
       29
       +
       

     

       30
       30
       +
       **Key components:**

     

       31
       31
       +
       - `auto eth0` - Bring up interface automatically on boot

     

       32
       32
       +
       - `iface eth0 inet static` - Configure static IP (not DHCP)

     

       33
       33
       +
       - `address` - IP address

     

       34
       34
       +
       - `netmask` - Subnet mask

     

       35
       35
       +
       - `gateway` - Default gateway (router)

     

       36
       36
       +
       

     

       37
       37
       +
       **Restart networking:**

     

       38
       38
       +
       ```bash

     

       39
       39
       +
       sudo systemctl restart networking

     

       40
       40
       +
       # or

     

       41
       41
       +
       sudo ifdown eth0 && sudo ifup eth0

     

       42
       42
       +
       ```

     

       43
       43
       +
       

     

       44
       44
       +
       ## CentOS/RHEL - ifcfg Files

     

       45
       45
       +
       

     

       46
       46
       +
       **Directory**: `/etc/sysconfig/network-scripts/`

     

       47
       47
       +
       

     

       48
       48
       +
       **Files**: One per interface (e.g., `ifcfg-eth0`, `ifcfg-eth1`)

     

       49
       49
       +
       

     

       50
       50
       +
       Example `ifcfg-eth0`:

     

       51
       51
       +
       ```bash

     

       52
       52
       +
       DEVICE=eth0

     

       53
       53
       +
       BOOTPROTO=static

     

       54
       54
       +
       ONBOOT=yes

     

       55
       55
       +
       IPADDR=172.20.118.1

     

       56
       56
       +
       NETMASK=255.255.255.0

     

       57
       57
       +
       GATEWAY=172.20.118.254

     

       58
       58
       +
       ```

     

       59
       59
       +
       

     

       60
       60
       +
       **Key settings:**

     

       61
       61
       +
       - `DEVICE` - Interface name

     

       62
       62
       +
       - `BOOTPROTO` - `static` or `dhcp`

     

       63
       63
       +
       - `ONBOOT` - `yes` to auto-start on boot

     

       64
       64
       +
       - `IPADDR` - IP address

     

       65
       65
       +
       - `NETMASK` - Subnet mask

     

       66
       66
       +
       - `GATEWAY` - Default gateway

     

       67
       67
       +
       

     

       68
       68
       +
       **Restart networking:**

     

       69
       69
       +
       ```bash

     

       70
       70
       +
       sudo systemctl restart network

     

       71
       71
       +
       # or per-interface:

     

       72
       72
       +
       sudo ifdown eth0 && sudo ifup eth0

     

       73
       73
       +
       ```

     

       74
       74
       +
       

     

       75
       75
       +
       ## Ubuntu - Netplan (YAML)

     

       76
       76
       +
       

     

       77
       77
       +
       **Directory**: `/etc/netplan/`

     

       78
       78
       +
       

     

       79
       79
       +
       **File**: Usually `01-network-manager-all.yaml` (or similar `.yaml` file)

     

       80
       80
       +
       

     

       81
       81
       +
       **IMPORTANT**: YAML is whitespace-sensitive. Use 2-space indentation consistently.

     

       82
       82
       +
       

     

       83
       83
       +
       Example configuration:

     

       84
       84
       +
       ```yaml

     

       85
       85
       +
       network:

     

       86
       86
       +
         version: 2

     

       87
       87
       +
         renderer: NetworkManager

     

       88
       88
       +
         ethernets:

     

       89
       89
       +
           ens18:

     

       90
       90
       +
             addresses:

     

       91
       91
       +
               - 192.168.195.2/24

     

       92
       92
       +
             gateway4: 192.168.195.1

     

       93
       93
       +
       ```

     

       94
       94
       +
       

     

       95
       95
       +
       **Key elements:**

     

       96
       96
       +
       - `ethernets:` - Section for ethernet interfaces

     

       97
       97
       +
       - `ens18:` - Interface name (not eth0 on modern Ubuntu)

     

       98
       98
       +
       - `addresses:` - List of IPs (note the dash and `/24` CIDR notation)

     

       99
       99
       +
       - `gateway4:` - Default gateway for IPv4

     

       100
       100
       +
       

     

       101
       101
       +
       **Apply changes:**

     

       102
       102
       +
       ```bash

     

       103
       103
       +
       sudo netplan apply

     

       104
       104
       +
       ```

     

       105
       105
       +
       

     

       106
       106
       +
       **Test configuration (doesn't persist):**

     

       107
       107
       +
       ```bash

     

       108
       108
       +
       sudo netplan try

     

       109
       109
       +
       ```

     

       110
       110
       +
       

     

       111
       111
       +
       **CIDR notation:** `/24` equals `255.255.255.0`

     

       112
       112
       +
       

     

       113
       113
       +
       ## Temporary IP Configuration

     

       114
       114
       +
       

     

       115
       115
       +
       Set IP temporarily (lost on reboot):

     

       116
       116
       +
       ```bash

     

       117
       117
       +
       sudo ip addr add 192.168.1.100/24 dev eth0

     

       118
       118
       +
       ```

     

       119
       119
       +
       

     

       120
       120
       +
       Flush (remove) all IPs from interface:

     

       121
       121
       +
       ```bash

     

       122
       122
       +
       sudo ip addr flush dev eth0

     

       123
       123
       +
       ```

     

       124
       124
       +
       

     

       125
       125
       +
       ## Common Network Issues

     

       126
       126
       +
       

     

       127
       127
       +
       1. **Wrong interface name**: Check with `ip a` first

     

       128
       128
       +
       2. **Typo in config file**: Double-check spelling and syntax

     

       129
       129
       +
       3. **Forgotten gateway**: Can't reach beyond local network

     

       130
       130
       +
       4. **Netplan spacing**: YAML requires exact indentation

     

       131
       131
       +
       5. **Wrong subnet**: Devices must be on same subnet to communicate

     

       132
       132
       +
       

     

       133
       133
       +
       ## Interface Naming

     

       134
       134
       +
       

     

       135
       135
       +
       - **Old style**: `eth0`, `eth1`, `lo` (loopback)

     

       136
       136
       +
       - **New style**: `ens18`, `enp0s3`, etc. (Ubuntu/modern systems)

     

       137
       137
       +
       - Always check actual names with `ip a` before configuring

+210

05-dns-rsync-cron.md

···

       1
       1
       +
       # DNS, Rsync, and Cron Services

     

       2
       2
       +
       

     

       3
       3
       +
       ## DNS Service (BIND)

     

       4
       4
       +
       

     

       5
       5
       +
       ### Service Name

     

       6
       6
       +
       - `named` (most distributions)

     

       7
       7
       +
       

     

       8
       8
       +
       ### Configuration Location

     

       9
       9
       +
       - Ubuntu: `/etc/bind/`

     

       10
       10
       +
       - CentOS: May be in different location

     

       11
       11
       +
       

     

       12
       12
       +
       ### Check Service

     

       13
       13
       +
       ```bash

     

       14
       14
       +
       systemctl status named

     

       15
       15
       +
       ```

     

       16
       16
       +
       

     

       17
       17
       +
       ### Basic Concept

     

       18
       18
       +
       DNS translates domain names to IP addresses (forward lookup) and IP addresses to domain names (reverse lookup).

     

       19
       19
       +
       

     

       20
       20
       +
       **Forward lookup**: `example.com` → `192.168.1.100`

     

       21
       21
       +
       **Reverse lookup**: `192.168.1.100` → `example.com`

     

       22
       22
       +
       

     

       23
       23
       +
       ### Key Files (Bind)

     

       24
       24
       +
       - `named.conf` - Main configuration

     

       25
       25
       +
       - Zone files - Define DNS records for domains

     

       26
       26
       +
       

     

       27
       27
       +
       **This is a complex service** - requires understanding of:

     

       28
       28
       +
       - Zone files

     

       29
       29
       +
       - DNS record types (A, PTR, CNAME, MX, etc.)

     

       30
       30
       +
       - Forward vs reverse zones

     

       31
       31
       +
       - DNS hierarchy

     

       32
       32
       +
       

     

       33
       33
       +
       ---

     

       34
       34
       +
       

     

       35
       35
       +
       ## Rsync - File Synchronization/Backup

     

       36
       36
       +
       

     

       37
       37
       +
       ### Basic Syntax

     

       38
       38
       +
       ```bash

     

       39
       39
       +
       rsync [options] source destination

     

       40
       40
       +
       ```

     

       41
       41
       +
       

     

       42
       42
       +
       ### Common Options

     

       43
       43
       +
       ```bash

     

       44
       44
       +
       -a    # Archive mode (preserves permissions, timestamps, etc.)

     

       45
       45
       +
       -v    # Verbose (show what's being copied)

     

       46
       46
       +
       -z    # Compress during transfer

     

       47
       47
       +
       -r    # Recursive (copy directories)

     

       48
       48
       +
       -h    # Human-readable output

     

       49
       49
       +
       --delete  # Delete files in dest that don't exist in source

     

       50
       50
       +
       ```

     

       51
       51
       +
       

     

       52
       52
       +
       ### Local Backup Example

     

       53
       53
       +
       ```bash

     

       54
       54
       +
       rsync -av /home/user/stuff/ /home/user/backups/

     

       55
       55
       +
       ```

     

       56
       56
       +
       

     

       57
       57
       +
       **Note the trailing slash** on source - affects behavior:

     

       58
       58
       +
       - `/source/` - copy contents of source

     

       59
       59
       +
       - `/source` - copy source directory itself

     

       60
       60
       +
       

     

       61
       61
       +
       ### Remote Backup via SSH

     

       62
       62
       +
       ```bash

     

       63
       63
       +
       rsync -avz /local/path/ user@remote:/remote/path/

     

       64
       64
       +
       ```

     

       65
       65
       +
       

     

       66
       66
       +
       ### Consistency vs. Accumulation

     

       67
       67
       +
       

     

       68
       68
       +
       **Consistency** (mirror - deletes old files):

     

       69
       69
       +
       ```bash

     

       70
       70
       +
       rsync -av --delete /source/ /backup/

     

       71
       71
       +
       ```

     

       72
       72
       +
       

     

       73
       73
       +
       **Accumulation** (keeps all files):

     

       74
       74
       +
       ```bash

     

       75
       75
       +
       rsync -av /source/ /backup/

     

       76
       76
       +
       ```

     

       77
       77
       +
       

     

       78
       78
       +
       ### Check Installed

     

       79
       79
       +
       ```bash

     

       80
       80
       +
       rsync --version

     

       81
       81
       +
       # or just run rsync to see options

     

       82
       82
       +
       ```

     

       83
       83
       +
       

     

       84
       84
       +
       ---

     

       85
       85
       +
       

     

       86
       86
       +
       ## Cron - Task Automation

     

       87
       87
       +
       

     

       88
       88
       +
       ### Service Name

     

       89
       89
       +
       - `cron` (Ubuntu/Debian)

     

       90
       90
       +
       - `crond` (CentOS/RHEL)

     

       91
       91
       +
       

     

       92
       92
       +
       ### Check Service

     

       93
       93
       +
       ```bash

     

       94
       94
       +
       systemctl status cron

     

       95
       95
       +
       systemctl status crond  # CentOS

     

       96
       96
       +
       ```

     

       97
       97
       +
       

     

       98
       98
       +
       ### Edit Crontab

     

       99
       99
       +
       ```bash

     

       100
       100
       +
       crontab -e   # Edit current user's crontab

     

       101
       101
       +
       ```

     

       102
       102
       +
       

     

       103
       103
       +
       First time will ask which editor (nano recommended for beginners).

     

       104
       104
       +
       

     

       105
       105
       +
       ### Crontab Syntax

     

       106
       106
       +
       

     

       107
       107
       +
       Five time fields + command:

     

       108
       108
       +
       ```

     

       109
       109
       +
       * * * * * command

     

       110
       110
       +
       │ │ │ │ │

     

       111
       111
       +
       │ │ │ │ └─ Day of week (0-7, 0/7 = Sunday)

     

       112
       112
       +
       │ │ │ └─── Month (1-12)

     

       113
       113
       +
       │ │ └───── Day of month (1-31)

     

       114
       114
       +
       │ └─────── Hour (0-23)

     

       115
       115
       +
       └───────── Minute (0-59)

     

       116
       116
       +
       ```

     

       117
       117
       +
       

     

       118
       118
       +
       **Asterisk (*) means "every"**

     

       119
       119
       +
       

     

       120
       120
       +
       ### Examples

     

       121
       121
       +
       

     

       122
       122
       +
       Every minute:

     

       123
       123
       +
       ```bash

     

       124
       124
       +
       * * * * * /path/to/command

     

       125
       125
       +
       ```

     

       126
       126
       +
       

     

       127
       127
       +
       Every 5 minutes:

     

       128
       128
       +
       ```bash

     

       129
       129
       +
       */5 * * * * /path/to/command

     

       130
       130
       +
       ```

     

       131
       131
       +
       

     

       132
       132
       +
       Every day at 2:30 AM:

     

       133
       133
       +
       ```bash

     

       134
       134
       +
       30 2 * * * /path/to/command

     

       135
       135
       +
       ```

     

       136
       136
       +
       

     

       137
       137
       +
       Every Monday at 5:00 PM:

     

       138
       138
       +
       ```bash

     

       139
       139
       +
       0 17 * * 1 /path/to/command

     

       140
       140
       +
       ```

     

       141
       141
       +
       

     

       142
       142
       +
       First day of every month at midnight:

     

       143
       143
       +
       ```bash

     

       144
       144
       +
       0 0 1 * * /path/to/command

     

       145
       145
       +
       ```

     

       146
       146
       +
       

     

       147
       147
       +
       ### Automated Backup Example

     

       148
       148
       +
       

     

       149
       149
       +
       Run rsync backup every night at 2 AM:

     

       150
       150
       +
       ```bash

     

       151
       151
       +
       0 2 * * * rsync -av --delete /var/www/html/ /backups/website/

     

       152
       152
       +
       ```

     

       153
       153
       +
       

     

       154
       154
       +
       ### Redirect Output

     

       155
       155
       +
       

     

       156
       156
       +
       Send output to file:

     

       157
       157
       +
       ```bash

     

       158
       158
       +
       * * * * * /path/to/command > /path/to/logfile.txt

     

       159
       159
       +
       ```

     

       160
       160
       +
       

     

       161
       161
       +
       Append to file:

     

       162
       162
       +
       ```bash

     

       163
       163
       +
       * * * * * /path/to/command >> /path/to/logfile.txt

     

       164
       164
       +
       ```

     

       165
       165
       +
       

     

       166
       166
       +
       Suppress output:

     

       167
       167
       +
       ```bash

     

       168
       168
       +
       * * * * * /path/to/command > /dev/null 2>&1

     

       169
       169
       +
       ```

     

       170
       170
       +
       

     

       171
       171
       +
       ### View Crontab

     

       172
       172
       +
       ```bash

     

       173
       173
       +
       crontab -l   # List current user's crontab

     

       174
       174
       +
       ```

     

       175
       175
       +
       

     

       176
       176
       +
       ### Remove Crontab

     

       177
       177
       +
       ```bash

     

       178
       178
       +
       crontab -r   # Remove current user's crontab

     

       179
       179
       +
       ```

     

       180
       180
       +
       

     

       181
       181
       +
       ### System-Wide Cron

     

       182
       182
       +
       

     

       183
       183
       +
       User-specific: Managed via `crontab -e`

     

       184
       184
       +
       

     

       185
       185
       +
       System-wide cron directories:

     

       186
       186
       +
       - `/etc/cron.daily/` - Scripts run daily

     

       187
       187
       +
       - `/etc/cron.hourly/` - Scripts run hourly

     

       188
       188
       +
       - `/etc/cron.weekly/` - Scripts run weekly

     

       189
       189
       +
       - `/etc/cron.monthly/` - Scripts run monthly

     

       190
       190
       +
       

     

       191
       191
       +
       Place executable scripts in these directories for automatic execution.

     

       192
       192
       +
       

     

       193
       193
       +
       ### Important Notes

     

       194
       194
       +
       

     

       195
       195
       +
       1. Cron uses absolute paths - always specify full path to commands

     

       196
       196
       +
       2. Cron runs in minimal environment - may need to set PATH, etc.

     

       197
       197
       +
       3. Test commands manually first before adding to cron

     

       198
       198
       +
       4. Cron jobs run as the user who owns the crontab

     

       199
       199
       +
       5. `sudo crontab -e` edits root's crontab (for privileged tasks)

     

       200
       200
       +
       

     

       201
       201
       +
       ### Combining Rsync + Cron

     

       202
       202
       +
       

     

       203
       203
       +
       Automated nightly backups:

     

       204
       204
       +
       ```bash

     

       205
       205
       +
       # In crontab -e:

     

       206
       206
       +
       0 2 * * * rsync -avz /var/www/html/ /backups/website/

     

       207
       207
       +
       0 3 * * * rsync -avz /etc/ /backups/configs/

     

       208
       208
       +
       ```

     

       209
       209
       +
       

     

       210
       210
       +
       This creates automated, scheduled backups without manual intervention.

+183

06-ufw-firewall.md

···

       1
       1
       +
       # UFW Firewall Configuration

     

       2
       2
       +
       

     

       3
       3
       +
       ## Overview

     

       4
       4
       +
       UFW (Uncomplicated Firewall) sits on top of iptables and provides a more user-friendly interface for managing firewall rules on Ubuntu systems.

     

       5
       5
       +
       

     

       6
       6
       +
       ## Distribution Differences

     

       7
       7
       +
       

     

       8
       8
       +
       | Distribution | Firewall Tool |

     

       9
       9
       +
       |--------------|---------------|

     

       10
       10
       +
       | Ubuntu | UFW (built-in) |

     

       11
       11
       +
       | Kali | iptables (UFW not installed by default) |

     

       12
       12
       +
       | CentOS/RHEL | firewall-cmd (firewalld) |

     

       13
       13
       +
       

     

       14
       14
       +
       ## Basic Commands

     

       15
       15
       +
       

     

       16
       16
       +
       ### Check Status

     

       17
       17
       +
       ```bash

     

       18
       18
       +
       sudo ufw status              # Basic status

     

       19
       19
       +
       sudo ufw status verbose      # Detailed status with default policies

     

       20
       20
       +
       sudo ufw status numbered     # Show rule numbers

     

       21
       21
       +
       ```

     

       22
       22
       +
       

     

       23
       23
       +
       ### Enable/Disable

     

       24
       24
       +
       ```bash

     

       25
       25
       +
       sudo ufw enable              # Turn on firewall (persists after reboot)

     

       26
       26
       +
       sudo ufw disable             # Turn off firewall

     

       27
       27
       +
       ```

     

       28
       28
       +
       

     

       29
       29
       +
       ## Default Policies

     

       30
       30
       +
       When you enable UFW, default behavior is:

     

       31
       31
       +
       - **Incoming**: DENY (block all incoming traffic by default)

     

       32
       32
       +
       - **Outgoing**: ALLOW (allow all outgoing traffic)

     

       33
       33
       +
       - **Routed**: DENY (no routing/forwarding)

     

       34
       34
       +
       

     

       35
       35
       +
       This means services won't be accessible until you explicitly allow them.

     

       36
       36
       +
       

     

       37
       37
       +
       ## Creating Rules

     

       38
       38
       +
       

     

       39
       39
       +
       ### Allow Rules - By Service Name

     

       40
       40
       +
       ```bash

     

       41
       41
       +
       sudo ufw allow ssh           # Allow SSH (port 22, IPv4 and IPv6)

     

       42
       42
       +
       sudo ufw allow http          # Allow HTTP (port 80)

     

       43
       43
       +
       sudo ufw allow https         # Allow HTTPS (port 443)

     

       44
       44
       +
       ```

     

       45
       45
       +
       

     

       46
       46
       +
       ### Allow Rules - By Port

     

       47
       47
       +
       ```bash

     

       48
       48
       +
       sudo ufw allow 22/tcp        # Allow TCP port 22

     

       49
       49
       +
       sudo ufw allow 80/tcp        # Allow TCP port 80

     

       50
       50
       +
       sudo ufw allow 53/udp        # Allow UDP port 53 (DNS)

     

       51
       51
       +
       ```

     

       52
       52
       +
       

     

       53
       53
       +
       ### Allow Rules - By IP Address

     

       54
       54
       +
       ```bash

     

       55
       55
       +
       sudo ufw allow from 192.168.1.100               # Allow all traffic from specific IP

     

       56
       56
       +
       sudo ufw allow from 192.168.1.0/24              # Allow from entire subnet

     

       57
       57
       +
       ```

     

       58
       58
       +
       

     

       59
       59
       +
       ### Deny Rules

     

       60
       60
       +
       ```bash

     

       61
       61
       +
       sudo ufw deny from 192.168.195.0/24             # Block entire subnet

     

       62
       62
       +
       sudo ufw deny 23/tcp                             # Block telnet

     

       63
       63
       +
       ```

     

       64
       64
       +
       

     

       65
       65
       +
       ## Rule Processing Order

     

       66
       66
       +
       

     

       67
       67
       +
       **Critical**: UFW processes rules in the order they were added.

     

       68
       68
       +
       

     

       69
       69
       +
       ```bash

     

       70
       70
       +
       # Example 1 - This works (allow processed first)

     

       71
       71
       +
       sudo ufw allow from 192.168.195.100

     

       72
       72
       +
       sudo ufw deny from 192.168.195.0/24

     

       73
       73
       +
       # Result: .100 is allowed, rest of subnet blocked

     

       74
       74
       +
       

     

       75
       75
       +
       # Example 2 - This doesn't work as intended (deny processed first)

     

       76
       76
       +
       sudo ufw deny from 192.168.195.0/24

     

       77
       77
       +
       sudo ufw allow from 192.168.195.100

     

       78
       78
       +
       # Result: .100 is also blocked (caught by first deny rule)

     

       79
       79
       +
       ```

     

       80
       80
       +
       

     

       81
       81
       +
       ## Deleting Rules

     

       82
       82
       +
       

     

       83
       83
       +
       ### By Rule Number

     

       84
       84
       +
       ```bash

     

       85
       85
       +
       sudo ufw status numbered     # See rule numbers

     

       86
       86
       +
       sudo ufw delete 4            # Delete rule #4

     

       87
       87
       +
       ```

     

       88
       88
       +
       

     

       89
       89
       +
       **Warning**: After deleting a rule, all rules are renumbered. Delete one at a time and re-check numbers.

     

       90
       90
       +
       

     

       91
       91
       +
       ### By Specification

     

       92
       92
       +
       ```bash

     

       93
       93
       +
       sudo ufw delete allow ssh

     

       94
       94
       +
       sudo ufw delete allow from 192.168.1.100

     

       95
       95
       +
       ```

     

       96
       96
       +
       

     

       97
       97
       +
       ## IPv6 Considerations

     

       98
       98
       +
       

     

       99
       99
       +
       Many UFW commands automatically create both IPv4 and IPv6 rules:

     

       100
       100
       +
       

     

       101
       101
       +
       ```bash

     

       102
       102
       +
       sudo ufw allow ssh

     

       103
       103
       +
       # Creates BOTH:

     

       104
       104
       +
       # - Port 22 (IPv4)

     

       105
       105
       +
       # - Port 22 (IPv6)

     

       106
       106
       +
       ```

     

       107
       107
       +
       

     

       108
       108
       +
       **Security Tip**: If you're not using IPv6, consider deleting those rules to reduce attack surface:

     

       109
       109
       +
       ```bash

     

       110
       110
       +
       sudo ufw status numbered

     

       111
       111
       +
       sudo ufw delete 4            # Delete the IPv6 rule

     

       112
       112
       +
       ```

     

       113
       113
       +
       

     

       114
       114
       +
       ## Before/After Rules

     

       115
       115
       +
       

     

       116
       116
       +
       UFW has built-in rules that process **before** and **after** your user-defined rules. These are stored in:

     

       117
       117
       +
       - `/etc/ufw/before.rules` - Processed before user rules

     

       118
       118
       +
       - `/etc/ufw/after.rules` - Processed after user rules

     

       119
       119
       +
       

     

       120
       120
       +
       Example before-rules:

     

       121
       121
       +
       - Allow DHCP client (so you can get an IP)

     

       122
       122
       +
       - Allow established connections

     

       123
       123
       +
       - Allow loopback traffic

     

       124
       124
       +
       

     

       125
       125
       +
       You can edit these files if needed, but typically user rules are sufficient.

     

       126
       126
       +
       

     

       127
       127
       +
       ## Common Service Configurations

     

       128
       128
       +
       

     

       129
       129
       +
       ### SSH Server

     

       130
       130
       +
       ```bash

     

       131
       131
       +
       sudo ufw allow ssh

     

       132
       132
       +
       # or

     

       133
       133
       +
       sudo ufw allow 22/tcp

     

       134
       134
       +
       ```

     

       135
       135
       +
       

     

       136
       136
       +
       ### Web Server (Apache/Nginx)

     

       137
       137
       +
       ```bash

     

       138
       138
       +
       sudo ufw allow http

     

       139
       139
       +
       sudo ufw allow https

     

       140
       140
       +
       # or

     

       141
       141
       +
       sudo ufw allow 80/tcp

     

       142
       142
       +
       sudo ufw allow 443/tcp

     

       143
       143
       +
       ```

     

       144
       144
       +
       

     

       145
       145
       +
       ### DNS Server

     

       146
       146
       +
       ```bash

     

       147
       147
       +
       sudo ufw allow 53/tcp

     

       148
       148
       +
       sudo ufw allow 53/udp

     

       149
       149
       +
       ```

     

       150
       150
       +
       

     

       151
       151
       +
       ## Competition Tips

     

       152
       152
       +
       

     

       153
       153
       +
       1. **Start by enabling it**: `sudo ufw enable` - even basic defaults improve security

     

       154
       154
       +
       2. **Allow services incrementally**: Only open ports for services you're actually running

     

       155
       155
       +
       3. **Check after each change**: `sudo ufw status verbose`

     

       156
       156
       +
       4. **Don't lock yourself out**: If configuring SSH remotely, make sure you allow SSH before enabling the firewall

     

       157
       157
       +
       5. **Monitor conflicts**: If a service stops working after enabling UFW, you likely forgot to allow its port

     

       158
       158
       +
       

     

       159
       159
       +
       ## Troubleshooting

     

       160
       160
       +
       

     

       161
       161
       +
       ### Service not accessible after enabling firewall

     

       162
       162
       +
       ```bash

     

       163
       163
       +
       sudo ufw status numbered     # Check if port is allowed

     

       164
       164
       +
       sudo ufw allow <port>/tcp    # Add the missing rule

     

       165
       165
       +
       ```

     

       166
       166
       +
       

     

       167
       167
       +
       ### Locked out of SSH

     

       168
       168
       +
       - If you have console access: `sudo ufw allow ssh` then `sudo ufw enable`

     

       169
       169
       +
       - Always add SSH rule before enabling firewall on remote systems

     

       170
       170
       +
       

     

       171
       171
       +
       ### Rule not working as expected

     

       172
       172
       +
       - Check rule order with `sudo ufw status numbered`

     

       173
       173
       +
       - More specific rules should come before general deny rules

     

       174
       174
       +
       - Remember: first match wins

     

       175
       175
       +
       

     

       176
       176
       +
       ## Integration with System Services

     

       177
       177
       +
       

     

       178
       178
       +
       UFW rules persist across reboots once enabled. The firewall starts automatically on boot if you've run `sudo ufw enable`.

     

       179
       179
       +
       

     

       180
       180
       +
       To disable automatic start:

     

       181
       181
       +
       ```bash

     

       182
       182
       +
       sudo ufw disable

     

       183
       183
       +
       ```

+293

07-active-connection-defense.md

···

       1
       1
       +
       # Active Connection Defense

     

       2
       2
       +
       

     

       3
       3
       +
       ## Overview

     

       4
       4
       +
       Monitoring and managing active network connections is critical during competitions. This guide covers tools for identifying who's connected to your system and how to terminate malicious connections.

     

       5
       5
       +
       

     

       6
       6
       +
       ## Core Monitoring Tools

     

       7
       7
       +
       

     

       8
       8
       +
       ### netstat - Network Statistics

     

       9
       9
       +
       

     

       10
       10
       +
       **Most useful form**:

     

       11
       11
       +
       ```bash

     

       12
       12
       +
       sudo netstat -tunap

     

       13
       13
       +
       ```

     

       14
       14
       +
       

     

       15
       15
       +
       **Breakdown**:

     

       16
       16
       +
       - `-t` = TCP connections

     

       17
       17
       +
       - `-u` = UDP connections  

     

       18
       18
       +
       - `-n` = Show numeric ports (22 instead of "ssh")

     

       19
       19
       +
       - `-a` = Show listening and established connections

     

       20
       20
       +
       - `-p` = Show process IDs (requires sudo)

     

       21
       21
       +
       

     

       22
       22
       +
       **Output columns**:

     

       23
       23
       +
       ```

     

       24
       24
       +
       Proto  Local Address      Foreign Address    State       PID/Program

     

       25
       25
       +
       tcp    192.168.195.100:22 192.168.195.2:51736 ESTABLISHED 265408/sshd

     

       26
       26
       +
       ```

     

       27
       27
       +
       

     

       28
       28
       +
       **Common filters**:

     

       29
       29
       +
       ```bash

     

       30
       30
       +
       netstat -tunap | grep ESTABLISHED   # Only active connections

     

       31
       31
       +
       netstat -tunap | grep :22           # Only SSH connections

     

       32
       32
       +
       netstat -tunap | less               # Scroll through output

     

       33
       33
       +
       ```

     

       34
       34
       +
       

     

       35
       35
       +
       ### ss - Socket Statistics

     

       36
       36
       +
       

     

       37
       37
       +
       Modern replacement for netstat. Similar syntax:

     

       38
       38
       +
       

     

       39
       39
       +
       ```bash

     

       40
       40
       +
       ss                          # Basic output (lots of info)

     

       41
       41
       +
       ss | grep ESTAB             # Only established connections

     

       42
       42
       +
       ss -tunap                   # Same flags as netstat

     

       43
       43
       +
       ```

     

       44
       44
       +
       

     

       45
       45
       +
       **Advantage**: ss is installed on more modern systems by default.

     

       46
       46
       +
       

     

       47
       47
       +
       ### w - Who is logged in

     

       48
       48
       +
       

     

       49
       49
       +
       ```bash

     

       50
       50
       +
       w

     

       51
       51
       +
       ```

     

       52
       52
       +
       

     

       53
       53
       +
       **Shows**:

     

       54
       54
       +
       - Username

     

       55
       55
       +
       - From where (IP address or `:0` for local console)

     

       56
       56
       +
       - Login time

     

       57
       57
       +
       - What they're doing

     

       58
       58
       +
       

     

       59
       59
       +
       **Example output**:

     

       60
       60
       +
       ```

     

       61
       61
       +
       USER     FROM             WHAT

     

       62
       62
       +
       sandbox  :0               -bash

     

       63
       63
       +
       bob      192.168.195.2    -bash

     

       64
       64
       +
       jenny    192.168.195.2    -bash

     

       65
       65
       +
       ```

     

       66
       66
       +
       

     

       67
       67
       +
       **Key indicator**:

     

       68
       68
       +
       - `:0` = Local console (physically at the machine)

     

       69
       69
       +
       - IP address = Remote connection (SSH, etc.)

     

       70
       70
       +
       

     

       71
       71
       +
       ## Finding Process Information

     

       72
       72
       +
       

     

       73
       73
       +
       ### top - Interactive Process Viewer

     

       74
       74
       +
       

     

       75
       75
       +
       ```bash

     

       76
       76
       +
       top

     

       77
       77
       +
       ```

     

       78
       78
       +
       

     

       79
       79
       +
       - Shows CPU/memory usage

     

       80
       80
       +
       - Lists running processes

     

       81
       81
       +
       - Press `q` to quit

     

       82
       82
       +
       

     

       83
       83
       +
       ### htop - Enhanced Process Viewer

     

       84
       84
       +
       

     

       85
       85
       +
       ```bash

     

       86
       86
       +
       htop                 # If installed (not always available)

     

       87
       87
       +
       ```

     

       88
       88
       +
       

     

       89
       89
       +
       More colorful and interactive than `top`.

     

       90
       90
       +
       

     

       91
       91
       +
       ### ps - Process Status

     

       92
       92
       +
       

     

       93
       93
       +
       ```bash

     

       94
       94
       +
       ps aux               # All processes, all users

     

       95
       95
       +
       ps aux | grep ssh    # Find SSH processes

     

       96
       96
       +
       ```

     

       97
       97
       +
       

     

       98
       98
       +
       ## Killing Connections

     

       99
       99
       +
       

     

       100
       100
       +
       ### Kill by Process ID (PID)

     

       101
       101
       +
       

     

       102
       102
       +
       1. **Find the PID**:

     

       103
       103
       +
       ```bash

     

       104
       104
       +
       sudo netstat -tunap

     

       105
       105
       +
       # Example output shows PID 265465 for jenny's SSH connection

     

       106
       106
       +
       ```

     

       107
       107
       +
       

     

       108
       108
       +
       2. **Kill the process**:

     

       109
       109
       +
       ```bash

     

       110
       110
       +
       sudo kill 265465

     

       111
       111
       +
       ```

     

       112
       112
       +
       

     

       113
       113
       +
       **From the user's perspective**: Connection closes immediately

     

       114
       114
       +
       ```

     

       115
       115
       +
       Connection to 192.168.195.100 closed by remote host.

     

       116
       116
       +
       ```

     

       117
       117
       +
       

     

       118
       118
       +
       ### Kill by Username (pkill)

     

       119
       119
       +
       

     

       120
       120
       +
       ```bash

     

       121
       121
       +
       sudo pkill -kill -u jenny        # Kill all processes for user jenny

     

       122
       122
       +
       sudo pkill -kill -u bob          # Kill all processes for user bob

     

       123
       123
       +
       ```

     

       124
       124
       +
       

     

       125
       125
       +
       **Warning**: This kills ALL processes for that user, including:

     

       126
       126
       +
       - Active SSH sessions

     

       127
       127
       +
       - Running programs

     

       128
       128
       +
       - Background jobs

     

       129
       129
       +
       

     

       130
       130
       +
       ### Kill Signal Types

     

       131
       131
       +
       

     

       132
       132
       +
       ```bash

     

       133
       133
       +
       sudo kill PID              # SIGTERM (graceful shutdown, default)

     

       134
       134
       +
       sudo kill -9 PID           # SIGKILL (force kill immediately)

     

       135
       135
       +
       sudo pkill -kill -u user   # -kill = SIGKILL

     

       136
       136
       +
       ```

     

       137
       137
       +
       

     

       138
       138
       +
       ## Competition Workflow

     

       139
       139
       +
       

     

       140
       140
       +
       ### Active Defense Pattern

     

       141
       141
       +
       

     

       142
       142
       +
       1. **Someone monitors connections**:

     

       143
       143
       +
       ```bash

     

       144
       144
       +
       # Run periodically or in a loop

     

       145
       145
       +
       sudo netstat -tunap

     

       146
       146
       +
       ```

     

       147
       147
       +
       

     

       148
       148
       +
       2. **Identify suspicious connections**:

     

       149
       149
       +
       - Unknown IP addresses

     

       150
       150
       +
       - Unexpected users logged in

     

       151
       151
       +
       - Unusual ports

     

       152
       152
       +
       

     

       153
       153
       +
       3. **Kill immediately**:

     

       154
       154
       +
       ```bash

     

       155
       155
       +
       sudo pkill -kill -u <suspicious_user>

     

       156
       156
       +
       # or

     

       157
       157
       +
       sudo kill <PID>

     

       158
       158
       +
       ```

     

       159
       159
       +
       

     

       160
       160
       +
       4. **Someone else hardens the system**:

     

       161
       161
       +
       - Change passwords

     

       162
       162
       +
       - Disable accounts

     

       163
       163
       +
       - Configure firewall

     

       164
       164
       +
       - Close unnecessary services

     

       165
       165
       +
       

     

       166
       166
       +
       ### Example Monitoring Script

     

       167
       167
       +
       

     

       168
       168
       +
       ```bash

     

       169
       169
       +
       #!/bin/bash

     

       170
       170
       +
       # Quick connection checker

     

       171
       171
       +
       while true; do

     

       172
       172
       +
           clear

     

       173
       173
       +
           echo "=== Active SSH Connections ==="

     

       174
       174
       +
           sudo netstat -tunap | grep :22 | grep ESTABLISHED

     

       175
       175
       +
           sleep 5

     

       176
       176
       +
       done

     

       177
       177
       +
       ```

     

       178
       178
       +
       

     

       179
       179
       +
       ## Common Scenarios

     

       180
       180
       +
       

     

       181
       181
       +
       ### Scenario 1: Unknown SSH Connection

     

       182
       182
       +
       

     

       183
       183
       +
       ```bash

     

       184
       184
       +
       # See who's connected

     

       185
       185
       +
       w

     

       186
       186
       +
       

     

       187
       187
       +
       # Find their process ID

     

       188
       188
       +
       sudo netstat -tunap | grep ESTABLISHED

     

       189
       189
       +
       

     

       190
       190
       +
       # Kill by PID

     

       191
       191
       +
       sudo kill 265465

     

       192
       192
       +
       ```

     

       193
       193
       +
       

     

       194
       194
       +
       ### Scenario 2: Brute Force Attempts

     

       195
       195
       +
       

     

       196
       196
       +
       ```bash

     

       197
       197
       +
       # See all connection attempts

     

       198
       198
       +
       sudo netstat -tunap | grep :22

     

       199
       199
       +
       

     

       200
       200
       +
       # Check auth logs

     

       201
       201
       +
       sudo tail -f /var/log/auth.log

     

       202
       202
       +
       

     

       203
       203
       +
       # Block the source IP with firewall

     

       204
       204
       +
       sudo ufw deny from <attacker_ip>

     

       205
       205
       +
       ```

     

       206
       206
       +
       

     

       207
       207
       +
       ### Scenario 3: Multiple Sessions from Same User

     

       208
       208
       +
       

     

       209
       209
       +
       ```bash

     

       210
       210
       +
       # Kill all sessions for a user

     

       211
       211
       +
       sudo pkill -kill -u jenny

     

       212
       212
       +
       

     

       213
       213
       +
       # Disable the account

     

       214
       214
       +
       sudo passwd -l jenny        # Lock password

     

       215
       215
       +
       sudo usermod -s /bin/false jenny    # Disable shell

     

       216
       216
       +
       ```

     

       217
       217
       +
       

     

       218
       218
       +
       ## Warnings and Gotchas

     

       219
       219
       +
       

     

       220
       220
       +
       ### Don't Kill Yourself

     

       221
       221
       +
       

     

       222
       222
       +
       ```bash

     

       223
       223
       +
       # BAD - if you're logged in as sandbox:

     

       224
       224
       +
       sudo pkill -kill -u sandbox

     

       225
       225
       +
       # This kills YOUR session too!

     

       226
       226
       +
       ```

     

       227
       227
       +
       

     

       228
       228
       +
       **Better approach**: Kill by specific PID if you're using the same username.

     

       229
       229
       +
       

     

       230
       230
       +
       ### Don't Kill Teammates

     

       231
       231
       +
       

     

       232
       232
       +
       - Check with team before killing connections

     

       233
       233
       +
       - Look at FROM addresses to identify internal vs external

     

       234
       234
       +
       - Local (`:0`) connections are usually teammates at the console

     

       235
       235
       +
       

     

       236
       236
       +
       ### Shared Accounts

     

       237
       237
       +
       

     

       238
       238
       +
       If red team is using the same account as you:

     

       239
       239
       +
       - Kill by PID (specific to their connection)

     

       240
       240
       +
       - Don't kill by username (you'll disconnect yourself)

     

       241
       241
       +
       

     

       242
       242
       +
       ## Process Information Fields

     

       243
       243
       +
       

     

       244
       244
       +
       **Understanding PID in netstat**:

     

       245
       245
       +
       ```bash

     

       246
       246
       +
       sudo netstat -tunap

     

       247
       247
       +
       ```

     

       248
       248
       +
       

     

       249
       249
       +
       Output:

     

       250
       250
       +
       ```

     

       251
       251
       +
       PID/Program name

     

       252
       252
       +
       265408/sshd: sandbox

     

       253
       253
       +
       265465/sshd: jenny

     

       254
       254
       +
       ```

     

       255
       255
       +
       

     

       256
       256
       +
       - PID: Process ID (unique number)

     

       257
       257
       +
       - Program: Which service (sshd, apache2, etc.)

     

       258
       258
       +
       - User context: Which user owns the process

     

       259
       259
       +
       

     

       260
       260
       +
       ## Monitoring vs. Hardening

     

       261
       261
       +
       

     

       262
       262
       +
       **Active monitoring** (short-term):

     

       263
       263
       +
       - Running netstat/ss repeatedly

     

       264
       264
       +
       - Killing suspicious connections as they appear

     

       265
       265
       +
       - Playing "whack-a-mole"

     

       266
       266
       +
       

     

       267
       267
       +
       **Hardening** (long-term):

     

       268
       268
       +
       - Change passwords

     

       269
       269
       +
       - Disable unused accounts

     

       270
       270
       +
       - Configure firewall rules

     

       271
       271
       +
       - Close unnecessary services

     

       272
       272
       +
       - Update vulnerable software

     

       273
       273
       +
       

     

       274
       274
       +
       **Best practice**: Use monitoring to buy time while someone else hardens the system. You can't watch connections for 6 hours straight.

     

       275
       275
       +
       

     

       276
       276
       +
       ## Tool Availability

     

       277
       277
       +
       

     

       278
       278
       +
       | Tool | Typical Availability |

     

       279
       279
       +
       |------|---------------------|

     

       280
       280
       +
       | netstat | Most systems (may need `net-tools` package) |

     

       281
       281
       +
       | ss | Modern systems (usually pre-installed) |

     

       282
       282
       +
       | w | All Unix/Linux systems |

     

       283
       283
       +
       | top | All Unix/Linux systems |

     

       284
       284
       +
       | htop | Optional (install with apt/yum) |

     

       285
       285
       +
       | ps | All Unix/Linux systems |

     

       286
       286
       +
       

     

       287
       287
       +
       **If netstat is missing**:

     

       288
       288
       +
       ```bash

     

       289
       289
       +
       sudo apt install net-tools       # Debian/Ubuntu

     

       290
       290
       +
       sudo yum install net-tools       # CentOS/RHEL

     

       291
       291
       +
       ```

     

       292
       292
       +
       

     

       293
       293
       +
       Or just use `ss` instead.

+294

08-mikrotik-router.md

···

       1
       1
       +
       # MikroTik Router Configuration

     

       2
       2
       +
       

     

       3
       3
       +
       ## Overview

     

       4
       4
       +
       Starting 2025, the NCAE competition replaced CentOS routers with MikroTik routers. MikroTik provides both a CLI and web GUI for configuration.

     

       5
       5
       +
       

     

       6
       6
       +
       ## Why MikroTik?

     

       7
       7
       +
       - CentOS is end-of-life

     

       8
       8
       +
       - MikroTik is a commercial router OS used in real networks

     

       9
       9
       +
       - Provides both CLI and web interface

     

       10
       10
       +
       - More intuitive than raw iptables

     

       11
       11
       +
       

     

       12
       12
       +
       ## Access Methods

     

       13
       13
       +
       

     

       14
       14
       +
       ### CLI Access (Console/Terminal)

     

       15
       15
       +
       - Through ProxMox VNC console

     

       16
       16
       +
       - Direct terminal access

     

       17
       17
       +
       - No browser required

     

       18
       18
       +
       

     

       19
       19
       +
       ### Web GUI Access

     

       20
       20
       +
       ```

     

       21
       21
       +
       http://<router-ip>:8080

     

       22
       22
       +
       ```

     

       23
       23
       +
       

     

       24
       24
       +
       **Example**: `http://172.20.213.1:8080` (from external side)

     

       25
       25
       +
       

     

       26
       26
       +
       **Port 8080** is the management interface, not the standard web port.

     

       27
       27
       +
       

     

       28
       28
       +
       ## Initial Login

     

       29
       29
       +
       

     

       30
       30
       +
       ### Default Credentials

     

       31
       31
       +
       - **Username**: `admin`

     

       32
       32
       +
       - **Password**: (blank - just press Enter)

     

       33
       33
       +
       

     

       34
       34
       +
       ### First Login

     

       35
       35
       +
       1. Login with blank password

     

       36
       36
       +
       2. System will prompt you to set a new password

     

       37
       37
       +
       3. **IMPORTANT**: Choose a strong password for competition

     

       38
       38
       +
          - For testing/practice: can use something simple like `password`

     

       39
       39
       +
          - For competition: red team will own you with weak passwords

     

       40
       40
       +
       

     

       41
       41
       +
       ### License Prompt

     

       42
       42
       +
       - Will ask if you want to view license

     

       43
       43
       +
       - Can say "no" unless interested

     

       44
       44
       +
       

     

       45
       45
       +
       ## Basic CLI Commands

     

       46
       46
       +
       

     

       47
       47
       +
       ### Check IP Addresses

     

       48
       48
       +
       ```bash

     

       49
       49
       +
       /ip address print

     

       50
       50
       +
       ```

     

       51
       51
       +
       

     

       52
       52
       +
       Shows all configured IP addresses on all interfaces.

     

       53
       53
       +
       

     

       54
       54
       +
       ### Check Interfaces (Hardware)

     

       55
       55
       +
       ```bash

     

       56
       56
       +
       interface print

     

       57
       57
       +
       ```

     

       58
       58
       +
       

     

       59
       59
       +
       Shows network adapters:

     

       60
       60
       +
       - `ether3` = First interface (usually external)

     

       61
       61
       +
       - `ether4` = Second interface (usually internal)

     

       62
       62
       +
       - Names may vary depending on hardware/cloning

     

       63
       63
       +
       

     

       64
       64
       +
       ### Assign an IP Address

     

       65
       65
       +
       ```bash

     

       66
       66
       +
       /ip address add address=172.20.213.1/16 interface=ether3

     

       67
       67
       +
       ```

     

       68
       68
       +
       

     

       69
       69
       +
       **Breakdown**:

     

       70
       70
       +
       - `address=` - IP and subnet mask in CIDR notation

     

       71
       71
       +
       - `interface=` - Which network adapter (ether3, ether4, etc.)

     

       72
       72
       +
       

     

       73
       73
       +
       **Example for internal side**:

     

       74
       74
       +
       ```bash

     

       75
       75
       +
       /ip address add address=192.168.213.1/24 interface=ether4

     

       76
       76
       +
       ```

     

       77
       77
       +
       

     

       78
       78
       +
       ### Test Connectivity

     

       79
       79
       +
       ```bash

     

       80
       80
       +
       /ping 172.20.2

     

       81
       81
       +
       /ping 192.168.213.2

     

       82
       82
       +
       ```

     

       83
       83
       +
       

     

       84
       84
       +
       **Keyboard shortcuts**:

     

       85
       85
       +
       - Up/Down arrows = Command history

     

       86
       86
       +
       - Ctrl+C = Stop ping

     

       87
       87
       +
       

     

       88
       88
       +
       ### Check Configuration

     

       89
       89
       +
       Use the print command for any section:

     

       90
       90
       +
       ```bash

     

       91
       91
       +
       /ip address print

     

       92
       92
       +
       /ip route print

     

       93
       93
       +
       /ip firewall nat print

     

       94
       94
       +
       ```

     

       95
       95
       +
       

     

       96
       96
       +
       ## Web GUI Configuration

     

       97
       97
       +
       

     

       98
       98
       +
       ### Accessing the GUI

     

       99
       99
       +
       

     

       100
       100
       +
       From external network:

     

       101
       101
       +
       ```

     

       102
       102
       +
       http://172.20.213.1:8080

     

       103
       103
       +
       ```

     

       104
       104
       +
       

     

       105
       105
       +
       Login: `admin` / `<your-password>`

     

       106
       106
       +
       

     

       107
       107
       +
       ### GUI Navigation

     

       108
       108
       +
       

     

       109
       109
       +
       **Top-right buttons**:

     

       110
       110
       +
       - **Quick Set** - Main configuration page (most common tasks)

     

       111
       111
       +
       - **Advanced** - Detailed/expert settings

     

       112
       112
       +
       - **Terminal** - CLI access from web browser

     

       113
       113
       +
       

     

       114
       114
       +
       **Most tasks can be done from Quick Set.**

     

       115
       115
       +
       

     

       116
       116
       +
       ### Quick Set Configuration

     

       117
       117
       +
       

     

       118
       118
       +
       **Scrolling tips**:

     

       119
       119
       +
       - Mouse wheel only works when cursor is in the CENTER of the page

     

       120
       120
       +
       - If scrolling doesn't work, move mouse to the left side

     

       121
       121
       +
       - Scroll bar appears in the middle column

     

       122
       122
       +
       

     

       123
       123
       +
       #### Internet/External Configuration

     

       124
       124
       +
       

     

       125
       125
       +
       **Gateway** (where traffic goes to reach internet):

     

       126
       126
       +
       ```

     

       127
       127
       +
       172.20.1.1              # Or whatever your competition topology specifies

     

       128
       128
       +
       ```

     

       129
       129
       +
       

     

       130
       130
       +
       **DNS Servers**:

     

       131
       131
       +
       - Click the `+` button to add DNS servers

     

       132
       132
       +
       - Add all DNS servers from your topology document

     

       133
       133
       +
       

     

       134
       134
       +
       #### LAN/Internal Configuration

     

       135
       135
       +
       

     

       136
       136
       +
       Should show your configured internal IP:

     

       137
       137
       +
       ```

     

       138
       138
       +
       192.168.213.1/24

     

       139
       139
       +
       ```

     

       140
       140
       +
       

     

       141
       141
       +
       #### Critical Checkboxes

     

       142
       142
       +
       

     

       143
       143
       +
       ✅ **Bridge LAN Ports** - Check this

     

       144
       144
       +
       - Allows multiple LAN ports to work as one network

     

       145
       145
       +
       

     

       146
       146
       +
       ✅ **Enable NAT** - Check this  

     

       147
       147
       +
       - **Network Address Translation**

     

       148
       148
       +
       - Allows internal 192.168.x.x addresses to route through external 172.20.x.x

     

       149
       149
       +
       - **Required for routing to work**

     

       150
       150
       +
       

     

       151
       151
       +
       #### Apply Changes

     

       152
       152
       +
       

     

       153
       153
       +
       Click **Apply Configuration** button at bottom.

     

       154
       154
       +
       

     

       155
       155
       +
       Changes apply immediately - you'll see a "Saved" notification in the bottom-right.

     

       156
       156
       +
       

     

       157
       157
       +
       ### Port Forwarding (Port Mapping)

     

       158
       158
       +
       

     

       159
       159
       +
       **Purpose**: Route external traffic to internal servers

     

       160
       160
       +
       

     

       161
       161
       +
       **Example**: Route external HTTP requests to internal web server

     

       162
       162
       +
       

     

       163
       163
       +
       1. Click **Port Mapping** (in Quick Set view)

     

       164
       164
       +
       

     

       165
       165
       +
       2. Click **New** button

     

       166
       166
       +
       

     

       167
       167
       +
       3. Configure the rule:

     

       168
       168
       +
       

     

       169
       169
       +
       **TCP Rule**:

     

       170
       170
       +
       ```

     

       171
       171
       +
       Name:        www-tcp

     

       172
       172
       +
       Protocol:    TCP

     

       173
       173
       +
       Port:        80

     

       174
       174
       +
       Forward To:  192.168.213.2

     

       175
       175
       +
       Port:        80

     

       176
       176
       +
       ```

     

       177
       177
       +
       

     

       178
       178
       +
       **UDP Rule**:

     

       179
       179
       +
       ```

     

       180
       180
       +
       Name:        www-udp  

     

       181
       181
       +
       Protocol:    UDP

     

       182
       182
       +
       Port:        80

     

       183
       183
       +
       Forward To:  192.168.213.2

     

       184
       184
       +
       Port:        80

     

       185
       185
       +
       ```

     

       186
       186
       +
       

     

       187
       187
       +
       4. Click **OK** to save each rule

     

       188
       188
       +
       

     

       189
       189
       +
       ### Testing Port Forwarding

     

       190
       190
       +
       

     

       191
       191
       +
       From external machine:

     

       192
       192
       +
       ```

     

       193
       193
       +
       http://172.20.213.1

     

       194
       194
       +
       ```

     

       195
       195
       +
       

     

       196
       196
       +
       Should display website hosted on 192.168.213.2 (internal server).

     

       197
       197
       +
       

     

       198
       198
       +
       ## Mini-Hack Context

     

       199
       199
       +
       

     

       200
       200
       +
       ### External Network

     

       201
       201
       +
       ```

     

       202
       202
       +
       Network: 172.20.0.0/16

     

       203
       203
       +
       Router IP: 172.20.213.1        (example team 213)

     

       204
       204
       +
       Kali External: 172.20.2

     

       205
       205
       +
       ```

     

       206
       206
       +
       

     

       207
       207
       +
       ### Internal Network  

     

       208
       208
       +
       ```

     

       209
       209
       +
       Network: 192.168.213.0/24      (team number in 3rd octet)

     

       210
       210
       +
       Router IP: 192.168.213.1

     

       211
       211
       +
       Web Server: 192.168.213.2

     

       212
       212
       +
       Kali Internal: 192.168.213.100

     

       213
       213
       +
       ```

     

       214
       214
       +
       

     

       215
       215
       +
       ### Required Configuration

     

       216
       216
       +
       

     

       217
       217
       +
       1. **Assign external IP**: `172.20.<team>.1/16` to ether3

     

       218
       218
       +
       2. **Assign internal IP**: `192.168.<team>.1/24` to ether4

     

       219
       219
       +
       3. **Enable NAT** in Quick Set

     

       220
       220
       +
       4. **Port forward 80** (TCP & UDP) to internal web server at `.2`

     

       221
       221
       +
       

     

       222
       222
       +
       ## Common Issues

     

       223
       223
       +
       

     

       224
       224
       +
       ### Can't access web GUI

     

       225
       225
       +
       - Verify router IP is correct

     

       226
       226
       +
       - Must use port 8080: `http://<ip>:8080`

     

       227
       227
       +
       - Check you're on the same network as router

     

       228
       228
       +
       

     

       229
       229
       +
       ### Port forwarding not working

     

       230
       230
       +
       - Did you enable NAT? (checkbox in Quick Set)

     

       231
       231
       +
       - Did you create BOTH TCP and UDP rules?

     

       232
       232
       +
       - Verify internal server is actually running the service

     

       233
       233
       +
       - Check internal server IP is correct

     

       234
       234
       +
       

     

       235
       235
       +
       ### Changes not saving

     

       236
       236
       +
       - Look for "Saved" notification bottom-right

     

       237
       237
       +
       - If using Quick Set, click "Apply Configuration"

     

       238
       238
       +
       - Changes are immediate (no reboot needed)

     

       239
       239
       +
       

     

       240
       240
       +
       ## CLI vs Web GUI

     

       241
       241
       +
       

     

       242
       242
       +
       **Use CLI for**:

     

       243
       243
       +
       - Quick IP configuration

     

       244
       244
       +
       - Checking current status

     

       245
       245
       +
       - When GUI is not accessible

     

       246
       246
       +
       

     

       247
       247
       +
       **Use Web GUI for**:

     

       248
       248
       +
       - Port forwarding / NAT rules

     

       249
       249
       +
       - Complex firewall rules

     

       250
       250
       +
       - Overview of configuration

     

       251
       251
       +
       - When you want visual confirmation

     

       252
       252
       +
       

     

       253
       253
       +
       Both methods work and changes sync between them.

     

       254
       254
       +
       

     

       255
       255
       +
       ## Advanced Topics (Beyond Basics)

     

       256
       256
       +
       

     

       257
       257
       +
       **Firewall Rules** - More complex than just port forwarding

     

       258
       258
       +
       - Can create allow/deny rules

     

       259
       259
       +
       - Similar concept to UFW but different syntax

     

       260
       260
       +
       

     

       261
       261
       +
       **DHCP Server** - Assign IPs to internal network automatically

     

       262
       262
       +
       - Not needed for mini-hack (static IPs used)

     

       263
       263
       +
       

     

       264
       264
       +
       **Routing Tables** - Custom routes

     

       265
       265
       +
       - Can add static routes for complex topologies

     

       266
       266
       +
       

     

       267
       267
       +
       **VLANs** - Virtual network segmentation

     

       268
       268
       +
       - Competition may use in advanced scenarios

     

       269
       269
       +
       

     

       270
       270
       +
       These are covered in MikroTik documentation but not required for basic mini-hack completion.

     

       271
       271
       +
       

     

       272
       272
       +
       ## Competition Day Checklist

     

       273
       273
       +
       

     

       274
       274
       +
       1. ✅ Login and set a **strong** password

     

       275
       275
       +
       2. ✅ Assign external IP address to ether3

     

       276
       276
       +
       3. ✅ Assign internal IP address to ether4  

     

       277
       277
       +
       4. ✅ Configure gateway (from topology doc)

     

       278
       278
       +
       5. ✅ Add DNS servers (from topology doc)

     

       279
       279
       +
       6. ✅ Enable NAT checkbox

     

       280
       280
       +
       7. ✅ Create port forwarding rules for required services

     

       281
       281
       +
       8. ✅ Test connectivity from external network

     

       282
       282
       +
       

     

       283
       283
       +
       ## Resources

     

       284
       284
       +
       

     

       285
       285
       +
       **Official Documentation**:

     

       286
       286
       +
       - [MikroTik Wiki](https://wiki.mikrotik.com/)

     

       287
       287
       +
       - [Getting Started Guide](https://wiki.mikrotik.com/wiki/Manual:First_time_startup)

     

       288
       288
       +
       

     

       289
       289
       +
       **Search Tips**:

     

       290
       290
       +
       - "mikrotik quick set"

     

       291
       291
       +
       - "mikrotik port forwarding"

     

       292
       292
       +
       - "mikrotik NAT configuration"

     

       293
       293
       +
       

     

       294
       294
       +
       Most common tasks are well-documented with examples.

+129

README.md

···

       1
       1
       +
       # Linux Service Configuration Writeups

     

       2
       2
       +
       

     

       3
       3
       +
       Quick reference guides for configuring services in Linux competitions. Assumes basic Linux knowledge (filesystem navigation, systemctl, ssh, etc.).

     

       4
       4
       +
       

     

       5
       5
       +
       ## Writeups

     

       6
       6
       +
       

     

       7
       7
       +
       0. **[Mini-Hack Quick Start](00-mini-hack-overview.md)** - Complete mini-hack walkthrough checklist

     

       8
       8
       +
       1. **[Services Overview](01-services-overview.md)** - General approach to any service

     

       9
       9
       +
       2. **[Apache Web Service](02-apache-web-service.md)** - HTTP/HTTPS server configuration

     

       10
       10
       +
       3. **[SSH Service](03-ssh-service.md)** - Remote access, keys, security

     

       11
       11
       +
       4. **[Network Configuration](04-network-configuration.md)** - Static IPs across different distros

     

       12
       12
       +
       5. **[DNS, Rsync, Cron](05-dns-rsync-cron.md)** - Name resolution and automated backups

     

       13
       13
       +
       6. **[UFW Firewall](06-ufw-firewall.md)** - Ubuntu firewall configuration

     

       14
       14
       +
       7. **[Active Connection Defense](07-active-connection-defense.md)** - Monitor and kill malicious connections

     

       15
       15
       +
       8. **[MikroTik Router](08-mikrotik-router.md)** - Router configuration (2025 competition)

     

       16
       16
       +
       

     

       17
       17
       +
       ## Service-Specific Quick Reference

     

       18
       18
       +
       

     

       19
       19
       +
       ### Apache Service Names

     

       20
       20
       +
       ```bash

     

       21
       21
       +
       apache2      # Ubuntu/Debian/Kali

     

       22
       22
       +
       httpd        # CentOS/RHEL

     

       23
       23
       +
       ```

     

       24
       24
       +
       

     

       25
       25
       +
       ### Network Configuration Files

     

       26
       26
       +
       

     

       27
       27
       +
       | Distribution | Config Location |

     

       28
       28
       +
       |--------------|----------------|

     

       29
       29
       +
       | Kali/Debian  | `/etc/network/interfaces` |

     

       30
       30
       +
       | Ubuntu       | `/etc/netplan/*.yaml` |

     

       31
       31
       +
       | CentOS/RHEL  | `/etc/sysconfig/network-scripts/ifcfg-*` |

     

       32
       32
       +
       

     

       33
       33
       +
       ### SSH Key Permissions

     

       34
       34
       +
       ```bash

     

       35
       35
       +
       chmod 700 ~/.ssh/

     

       36
       36
       +
       chmod 600 ~/.ssh/id_rsa          # Private key

     

       37
       37
       +
       chmod 644 ~/.ssh/id_rsa.pub      # Public key

     

       38
       38
       +
       chmod 644 ~/.ssh/authorized_keys

     

       39
       39
       +
       ```

     

       40
       40
       +
       

     

       41
       41
       +
       Regenerate host keys on cloned VMs:

     

       42
       42
       +
       ```bash

     

       43
       43
       +
       sudo ssh-keygen -A

     

       44
       44
       +
       sudo systemctl restart sshd

     

       45
       45
       +
       ```

     

       46
       46
       +
       

     

       47
       47
       +
       ### UFW Firewall

     

       48
       48
       +
       ```bash

     

       49
       49
       +
       sudo ufw enable

     

       50
       50
       +
       sudo ufw allow ssh

     

       51
       51
       +
       sudo ufw allow http

     

       52
       52
       +
       sudo ufw allow from 192.168.1.100      # Specific IP

     

       53
       53
       +
       sudo ufw deny from 192.168.1.0/24      # Entire subnet

     

       54
       54
       +
       sudo ufw status numbered                # See rule numbers

     

       55
       55
       +
       sudo ufw delete 4                       # Delete rule by number

     

       56
       56
       +
       ```

     

       57
       57
       +
       

     

       58
       58
       +
       ### Active Connection Monitoring

     

       59
       59
       +
       ```bash

     

       60
       60
       +
       sudo netstat -tunap                     # All connections with PIDs

     

       61
       61
       +
       sudo netstat -tunap | grep ESTABLISHED  # Only active

     

       62
       62
       +
       w                                       # Who is logged in

     

       63
       63
       +
       sudo kill <PID>                         # Kill by process ID

     

       64
       64
       +
       sudo pkill -kill -u username            # Kill all user processes

     

       65
       65
       +
       ```

     

       66
       66
       +
       

     

       67
       67
       +
       ### MikroTik Router

     

       68
       68
       +
       **CLI**:

     

       69
       69
       +
       ```bash

     

       70
       70
       +
       /ip address print

     

       71
       71
       +
       /ip address add address=192.168.1.1/24 interface=ether3

     

       72
       72
       +
       /ping 192.168.1.2

     

       73
       73
       +
       interface print

     

       74
       74
       +
       ```

     

       75
       75
       +
       

     

       76
       76
       +
       **Web GUI**: `http://<router-ip>:8080`  

     

       77
       77
       +
       Default login: `admin` / (blank password)

     

       78
       78
       +
       

     

       79
       79
       +
       ### Rsync + Cron

     

       80
       80
       +
       **Rsync common patterns**:

     

       81
       81
       +
       ```bash

     

       82
       82
       +
       rsync -av source/ dest/                             # Basic sync

     

       83
       83
       +
       rsync -av --delete source/ dest/                    # Mirror (delete extra files in dest)

     

       84
       84
       +
       rsync -avz local/ user@host:remote/                 # Remote backup (z=compress)

     

       85
       85
       +
       rsync -av --exclude='*.log' source/ dest/           # Exclude files

     

       86
       86
       +
       rsync -av source/ dest/ --dry-run                   # Test without changes

     

       87
       87
       +
       ```

     

       88
       88
       +
       

     

       89
       89
       +
       **Cron syntax**: `minute hour day month weekday command`

     

       90
       90
       +
       ```

     

       91
       91
       +
       0 2 * * * /path/to/backup.sh      # Daily at 2 AM

     

       92
       92
       +
       */15 * * * * /path/to/script.sh   # Every 15 minutes

     

       93
       93
       +
       0 */6 * * * rsync -av /data/ /backup/  # Every 6 hours

     

       94
       94
       +
       ```

     

       95
       95
       +
       

     

       96
       96
       +
       ## Distribution Differences

     

       97
       97
       +
       

     

       98
       98
       +
       | Feature | Ubuntu | Kali | CentOS/RHEL |

     

       99
       99
       +
       |---------|--------|------|-------------|

     

       100
       100
       +
       | Apache service | `apache2` | `apache2` | `httpd` |

     

       101
       101
       +
       | Network config | netplan YAML | interfaces | ifcfg-* scripts |

     

       102
       102
       +
       | Firewall | UFW | iptables | firewall-cmd |

     

       103
       103
       +
       | Cron service | `cron` | `cron` | `crond` |

     

       104
       104
       +
       

     

       105
       105
       +
       **Router (2025)**: All distributions use MikroTik (replaces CentOS router)

     

       106
       106
       +
       

     

       107
       107
       +
       ## Competition Tips

     

       108
       108
       +
       

     

       109
       109
       +
       1. **Network config varies by distro** - check which one first

     

       110
       110
       +
       2. **SSH keys**: Regenerate on cloned VMs, fix permissions (700/.ssh, 600/private)

     

       111
       111
       +
       3. **Enable firewall early** - UFW even with defaults improves security

     

       112
       112
       +
       4. **Monitor active connections** - assign someone to watch `netstat -tunap`

     

       113
       113
       +
       5. **Router (2025)**: MikroTik web GUI on port 8080, must enable NAT checkbox

     

       114
       114
       +
       6. **Port forwarding**: Create both TCP and UDP rules for most services

     

       115
       115
       +
       7. **Kill by PID not username** if you share accounts with red team

     

       116
       116
       +
       8. **Backup configs before changes** - especially network configs (can lock yourself out)

     

       117
       117
       +
       

     

       118
       118
       +
       ## Critical Configuration Locations

     

       119
       119
       +
       

     

       120
       120
       +
       | Service | Config File(s) |

     

       121
       121
       +
       |---------|---------------|

     

       122
       122
       +
       | SSH | `/etc/ssh/sshd_config` |

     

       123
       123
       +
       | Apache (Ubuntu) | `/etc/apache2/apache2.conf`, `/etc/apache2/sites-available/` |

     

       124
       124
       +
       | Apache (CentOS) | `/etc/httpd/conf/httpd.conf`, `/etc/httpd/conf.d/` |

     

       125
       125
       +
       | Network (Kali) | `/etc/network/interfaces` |

     

       126
       126
       +
       | Network (Ubuntu) | `/etc/netplan/*.yaml` |

     

       127
       127
       +
       | Network (CentOS) | `/etc/sysconfig/network-scripts/ifcfg-*` |

     

       128
       128
       +
       | DNS resolution | `/etc/resolv.conf` |

     

       129
       129
       +
       | Cron jobs | `crontab -e` (per-user), `/etc/crontab` (system-wide) |