This project has been created as part of the 42 curriculum by madelwau.
Born2beRoot is a system administration project focused on virtualization. The objective was to create and configure a virtual machine following strict security protocols. This project provides a deep dive into setting up an operating system from scratch, managing partitions with LVM (Logical Volume Management), and hardening the system with specific password policies, sudo configurations, and firewalls.
For this project, I chose to work with Debian (the latest stable version) as my operating system, hosted on VirtualBox.
Integrity Verification To ensure the virtual machine has not been modified since the last signature update, you can run a checksum on the virtual disk image and compare it to the signature.txt file:
sha1sum [PATH_TO_FILE].vdi | grep $(cat signature.txt)If the command returns a match, the integrity of the VM is confirmed.
- SSH: Running on port 4242. Root login is disabled.
- Firewall: UFW is active, allowing only port 4242.
- Hostname: Configured as madelwau42.
- Monitoring: A background script monitoring.sh runs every 10 minutes via cron, broadcasting system metrics (RAM, CPU, Disk usage, etc.) to all terminals.
My original intention was to use Rocky Linux to explore a RHEL-based environment. However, I encountered a critical technical issue on the school's machines where Rocky would consistently suffer a kernel panic during boot. Consequently, I switched to Debian, which proved to be perfectly compatible with the environment.
- Debian (Used in this project): Uses apt, follows a philosophy of free software, and is highly versatile.
- Rocky Linux: An RHEL-based alternative. It is designed for enterprise stability and uses dnf. It is generally more complex to configure (especially regarding SELinux).
- AppArmor (Used in this project): A Mandatory Access Control (MAC) system that is path-based. It is generally easier to configure and maintain for small to medium setups.
- SELinux: A label-based MAC system. While more powerful and granular, it is significantly more difficult to manage and debug.
- UFW (Used in this project): "Uncomplicated Firewall." It provides a user-friendly interface for managing iptables.
- firewalld: The standard for RHEL/Rocky. It uses "zones" and is more dynamic but carries a steeper learning curve.
- VirtualBox (Used in this project): A mature, open-source hypervisor compatible with most hardware.
- UTM: Specifically designed for macOS and Apple Silicon (M1/M2/M3), utilizing the Apple Hypervisor framework.
Since I've been regularly using Linux for years, I did not need Artificial Intelligence for the technical realization of this project (installation, partitioning, script writing, or configuration). I applied my own reasoning and research through documentation to solve the challenges presented by the subject. AI was used exclusively to format and generate this README.md file.