Hero Image
Implementation of a perimeter firewall with Nftables II

On the stage created in the service module with the Odin (Router), Hela (DMZ), Loki and Thor (LAN) machines and using nftables, it sets up a perimeter firewall on the Odin machine so that the stage continues to function completely taking into account the following points: • The creation of different chains for each traffic flow (from LAN to the outside, from LAN to DMZ, etc.) will be valued. • Default DROP policy for all chains. • You can use the extensions that we create appropriate, but at least you should follow the connection when necessary. • We must implement the firewall to work after a machine reboot. • You must show proof of operation of all rules.

Thursday, March 28, 2024 | 42 minutes Read
Hero Image
Installation of android in GNS3 with KVM

To download the android image you can do it from this page – > https://www.fosshub.com/Android-x86.html: wget https://www.fosshub.com/Android-x86.html?dwl=android-x86_64-9.0-r2.iso Create a KVM machine as if it were a Debian, I’ve given it 2GB of RAM and 2 Cores: In our case we can launch an automatic installation: When you have the machine installed, turn off the machine and we’ll import it in gns3. To do this we will take the KVM disk and import it into the directory where we have installed the GNS3 images, then property the copied disk to your user.

Thursday, March 28, 2024 | 1 minute Read
Hero Image
Remote access VPN with Ipsec StrongSwan

StrongSwan is a VPN (Virtual Private Network) implementation based on IPsec, open source, multiplatform, complete and widely used. It works on operating systems such as Linux, FreeBSD, OS X, Windows, Android and iOS. Mainly, it is a key exchange demon that supports Internet Key Exchange protocols (IKEv1 and IKEv2) to establish security associations (SA) between two pairs. [NOTE] I will start from the VPN post remote access with OpenVPN, so you may refer to this during this article. If you want to have the same scenario go first to this.

Thursday, March 28, 2024 | 6 minutes Read
Hero Image
Remote access VPN with OpenVPN and x509 certificates

One of the two teams (which will act as a server) will be connected to two networks For the authentication of the extremes, digital certificates shall be used, which shall be generated using openssl and stored in the / etc / openvpn directory, together with the Diffie- Helman parameters and the certificate of the Certification Authority itself. Network addresses 10.99.99.0 / 24 will be used for VPN virtual addresses. The address 10.99.99.1 shall be assigned to the VPN server. The server and client configuration files will be created in the / etc / openvpn directory of each machine, and will be called servor.conf and cliente.conf respectively. After the establishment of the VPN, the client machine must be able to access a machine on the other network to which the server is connected. Riding the stage To perform this exercise I have mounted the following scenario on GNS3:

Thursday, March 28, 2024 | 17 minutes Read
Hero Image
VPN site to site Wireguard

[!NOTE] I will start from the VPN post remote access with Wireguard, so you may refer to this one during this article. Key generation The first thing we will do is to install both the Wireguard package in both machines: root@servidor1:~# sudo apt update && sudo apt install wireguard debian@servidor2:~$ sudo apt update && sudo apt install wireguard Let’s generate the pairs of keys that will be used to encrypt the connection. We will need a key for the server and a couple of additional keys for each client.

Thursday, March 28, 2024 | 5 minutes Read
Hero Image
VPN site to site with OpenVPN and x509 certificates

Riding the stage To perform this exercise I have mounted the following scenario on GNS3: Swan router configuration Let’s give each interface the corresponding network configuration: #Interfaz que nos dará internet R1#configure terminal R1(config)#interface fastEthernet 0/0 R1(config-if)#ip add dhcp R1(config-if)#no shut R1(config-if)#exit #Interfaz red Servidor 1 R1(config)#interface fastEthernet 1/0 R1(config-if)#ip add 90.0.0.1 255.255.255.0 R1(config-if)#no shut R1(config-if)#exit #Interfaz red Servidor 2 R1(config)#interface fastEthernet 1/1 R1(config-if)#ip add 100.0.0.1 255.255.255.0 R1(config-if)#no shut R1(config-if)#exit #Ruta por defecto para internet R1(config)#ip route 0.0.0.0 0.0.0.0 192.168.122.1 #Guarda la configuración R1#write #Configuración de SNAT R1#conf term R1(config)#access-list 1 permit 90.0.0.0 0.0.0.255 R1(config)#access-list 1 permit 100.0.0.0 0.0.0.255 R1(config)# ip nat pool NAT-Pool 192.168.122.127 192.168.122.127 prefix-length 24 R1(config)#ip nat inside source list 1 pool NAT-Pool overload R1(config)#interface FastEthernet0/0 R1(config-if)#ip nat outside R1(config)#interface FastEthernet1/0 R1(config-if)#ip nat inside R1(config)#interface FastEthernet1/1 R1(config-if)#ip nat inside Server Configuration 1

Thursday, March 28, 2024 | 16 minutes Read
Hero Image
VPN Wireguard remote access

First I will configure the server machine as a VPN remote access and server server as a VPN client. I will then set up a Windows and Android client. The first thing we will do is to install both the Wireguard package in both machines: root@servidor1:~# sudo apt update && sudo apt install wireguard debian@servidor2:~$ sudo apt update && sudo apt install wireguard Let’s generate the pairs of keys that will be used to encrypt the connection. We will need a key for the server and a couple of additional keys for each client.

Thursday, March 28, 2024 | 9 minutes Read
Hero Image
LAMP Stack Installation in Debian 12

LAMP Stack Installation in Debian 12 If you are using Debian 12, follow the steps below to install a full LAMP web server on Debian GNU/Linux 12 “Bookworm” (Stable). Note that Debian 12 includes PHP 8.2 in its repositories, which may differ from previous Debian versions. Web Server Installation The first component of a LAMP server is Apache, represented by the “A.” To install Apache, run the following commands: sudo apt install apache2 sudo systemctl enable apache2 && sudo systemctl start apache2 With these commands, you will have installed and activated the Apache web server. You can verify its functionality by entering the server’s IP address in your favorite browser; it should display the default Apache home page.

Saturday, October 28, 2023 | 2 minutes Read
Hero Image
LEMP Stack Installation in Debian 12 with PHP 8

LEMP Stack Installation in Debian 12 with PHP 8 In this guide, we will go through the steps to install a LEMP stack (Linux, Nginx, MariaDB, and PHP) on a Debian 12 server. The configuration includes PHP 8.2 as the main version. The LEMP stack is essential for hosting PHP-based websites and applications, such as WordPress or other dynamic applications. Follow the detailed steps below to configure your LEMP server with PHP 8.2.

Saturday, October 28, 2023 | 3 minutes Read
Hero Image
WordPress installation in Debian 12 with LAMP PHP-8

WordPress installation in Debian 12 with LAMP PHP-8 battery WordPress is a very popular open source content management system (CMS) that is used to create and manage websites and blogs. It was first released in 2003 and has since won a wide user base and an active community of developers and designers. Preparation Before we start installing WordPress, we will make clear in a list what the ecosystem of our server is so everything works out properly:

Saturday, October 28, 2023 | 5 minutes Read
Hero Image
WordPress installation in Debian 12 with PHP-8 LEMP battery

#WordPress installation in Debian 12 with PHP-8 LEMP battery WordPress is a very popular open source content management system (CMS) that is used to create and manage websites and blogs. It was first released in 2003 and has since won a wide user base and an active community of developers and designers. Previous requirements Linux server: You must have a server that runs Linux, the guide is designed for Debian 12. User with superuser permissions: You must have access to a user with sudo privileges on the server in order to perform the installation and configuration tasks. Full Domain Name (FQDN): If you want to access your WordPress site through a custom domain, make sure you have a full domain name (FQDN) set up and pointed to the server. Internet access: You need Internet access to download packages and make updates during the installation process. Make sure you meet all these requirements before you start installing WordPress on your server.

Saturday, October 28, 2023 | 5 minutes Read
Hero Image
Centralized collection of system log, using journald

Step 1 Install system -journal-remote In our environment, the first step will be to install the system-journal- remote package, which will allow us to access these machines remotely. To carry out the installation on our stage machines, we will use the apt package manager in Odin, which runs Debian 12. We will also install the same package in Thor and Loki, which are containers housed within Odin. As for Hela, a Rocky operating system, it will require the use of dnf for installation.

Wednesday, September 20, 2023 | 7 minutes Read